diff options
Diffstat (limited to 'debian/patches')
10 files changed, 96 insertions, 171 deletions
diff --git a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch index cc9ee90..ab4eccf 100644 --- a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch +++ b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch @@ -36,14 +36,14 @@ bug. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- configure.ac | 2 +- - doc/dirmngr.texi | 6 +++++- - 2 files changed, 6 insertions(+), 2 deletions(-) + doc/dirmngr.texi | 9 +++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac -index 0a4ae1e..c48cb8c 100644 +index 1ea8b7a..a3ff5c4 100644 --- a/configure.ac +++ b/configure.ac -@@ -1837,7 +1837,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", +@@ -1828,7 +1828,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon", AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr", [The name of the dirmngr socket]) AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, @@ -53,19 +53,22 @@ index 0a4ae1e..c48cb8c 100644 AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi -index ab831de..f7c7672 100644 +index 39c0c45..4ac6174 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi -@@ -331,7 +331,11 @@ whether Tor is locally running or not. The check for a running Tor is +@@ -339,8 +339,13 @@ whether Tor is locally running or not. The check for a running Tor is done for each new connection. If no keyserver is explicitly configured, dirmngr will use the --built-in default of @code{https://keyserver.ubuntu.com}. +-built-in default of @code{https://keyserver.ubuntu.com}. To avoid the +-use of a default keyserver the value @code{none} can be used. +built-in default of @code{https://keys.openpgp.org}. + +Note that the above default is a Debian-specific choice. Upstream +GnuPG prefers @code{hkps://keyserver.ubuntu.com}. See +/usr/share/doc/gpgconf/NEWS.Debian.gz for more details. ++ ++To avoid the use of a default keyserver the value @code{none} can be used. Windows users with a keyserver running on their Active Directory may use the short form @code{ldap:///} for @var{name} to access this directory. diff --git a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch index 81a1877..11ab394 100644 --- a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch +++ b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch @@ -23,12 +23,12 @@ index 954f88a..f65eed5 100644 +#define LDAP_DEPRECATED 1 #include <ldap.h> #endif - ],[ldap_open("foobar",1234);], + ]],[[ldap_open("foobar",1234);]])], @@ -53,6 +54,7 @@ if test x$_ldap_with != xno ; then if test $gnupg_cv_func_ldap_init = no; then AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h]) - AC_TRY_LINK([#include <lber.h> + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <lber.h> +#define LDAP_DEPRECATED 1 - #include <ldap.h>],[ldap_open("foobar",1234);], + #include <ldap.h>]],[[ldap_open("foobar",1234);]])], [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no]) AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init]) diff --git a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch b/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch deleted file mode 100644 index c21409f..0000000 --- a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:16:11 +0900 -Subject: dirmngr: Fix build with no LDAP support. - -* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. - --- - -Cherry-pick master commit of: - 7011286ce6e1fb56c2989fdafbd11b931c489faa - -GnuPG-bug-id: 6239 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit a5c3821664886ffffbe6a83aac088a6e0088a607) ---- - dirmngr/server.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/dirmngr/server.c b/dirmngr/server.c -index 651f67c..87a0d77 100644 ---- a/dirmngr/server.c -+++ b/dirmngr/server.c -@@ -3135,8 +3135,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id) - ctrl->refcount); - else - { -+#if USE_LDAP - ks_ldap_free_state (ctrl->ks_get_state); - ctrl->ks_get_state = NULL; -+#endif - release_ctrl_ocsp_certs (ctrl); - xfree (ctrl->server_local); - dirmngr_deinit_default_ctrl (ctrl); diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch deleted file mode 100644 index 99117df..0000000 --- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:24:54 +0900 -Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS (another). - -* g10/Makefile.am (t_keydb_LDADD): Add NETLIBS after GPG_ERROR_LIBS. - --- - -Fixes-commit: b26bb03ed96f380ad603f7ad902862625233c931 -GnuPG-bug-id: 6244 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit 256b3c05789d8026b62f594bd592199a90b1b446) ---- - g10/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/g10/Makefile.am b/g10/Makefile.am -index d38e292..cd5307e 100644 ---- a/g10/Makefile.am -+++ b/g10/Makefile.am -@@ -200,7 +200,7 @@ module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter - t_rmd160_SOURCES = t-rmd160.c rmd160.c - t_rmd160_LDADD = $(t_common_ldadd) - t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) --t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(t_common_ldadd) - t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ - $(common_source) diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch deleted file mode 100644 index c4ad203..0000000 --- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch +++ /dev/null @@ -1,58 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Tue, 18 Oct 2022 10:08:20 +0900 -Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS. - -* g10/Makefile.am (LDADD): Remove NETLIBS. -(gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS. -(gpgcompose_LDADD, t_keydb_get_keyblock_LDADD): Likewise. -(t_stutter_LDADD): Likewise. - --- - -GnuPG-bug-id: 6244 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit b26bb03ed96f380ad603f7ad902862625233c931) ---- - g10/Makefile.am | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/g10/Makefile.am b/g10/Makefile.am -index f885673..d38e292 100644 ---- a/g10/Makefile.am -+++ b/g10/Makefile.am -@@ -180,18 +180,18 @@ gpgv_SOURCES = gpgv.c \ - # $(common_source) - - LDADD = $(needed_libs) ../common/libgpgrl.a \ -- $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) -+ $(ZLIBS) $(LIBINTL) $(CAPLIBS) - gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \ -- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ -+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(gpg_robjs) $(extra_sys_libs) - gpg_LDFLAGS = $(extra_bin_ldflags) - gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ -- $(GPG_ERROR_LIBS) \ -+ $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs) - gpgv_LDFLAGS = $(extra_bin_ldflags) - - gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ -- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ -+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(extra_sys_libs) - gpgcompose_LDFLAGS = $(extra_bin_ldflags) - -@@ -205,10 +205,10 @@ t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ - t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ - $(common_source) - t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -- $(LIBICONV) $(t_common_ldadd) -+ $(NETLIBS) $(LIBICONV) $(t_common_ldadd) - t_stutter_SOURCES = t-stutter.c test-stubs.c \ - $(common_source) --t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ -+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \ - $(LIBICONV) $(t_common_ldadd) - - diff --git a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch b/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch deleted file mode 100644 index bf542d0..0000000 --- a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: NIIBE Yutaka <gniibe@fsij.org> -Date: Thu, 26 Nov 2020 09:50:40 +0900 -Subject: gpg: Report an error for receiving key from agent. - -* g10/export.c (do_export_one_keyblock): Report an error. - --- - -GnuPG-bug-id: 5151 -Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> -(cherry picked from commit 6f0066db2c87e6362473d17c0621011ed1e1eae6) ---- - g10/export.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/g10/export.c b/g10/export.c -index e98af59..8e17df3 100644 ---- a/g10/export.c -+++ b/g10/export.c -@@ -1814,6 +1814,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, - { - if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - goto leave; -+ write_status_error ("export_keys.secret", err); - skip_until_subkey = 1; - err = 0; - } diff --git a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch index fa6dd9f..da2b781 100644 --- a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch +++ b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -13,14 +13,14 @@ This fixes two of the three broken tests in import-incomplete.scm. GnuPG-Bug-id: 4393 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> --- - g10/import.c | 44 +++++++++++--------------------------------- - 1 file changed, 11 insertions(+), 33 deletions(-) + g10/import.c | 45 +++++++++++---------------------------------- + 1 file changed, 11 insertions(+), 34 deletions(-) diff --git a/g10/import.c b/g10/import.c -index b2d5c1d..078a78c 100644 +index f11dedc..59c83f7 100644 --- a/g10/import.c +++ b/g10/import.c -@@ -1855,7 +1855,6 @@ import_one_real (ctrl_t ctrl, +@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl, size_t an; char pkstrbuf[PUBKEY_STRING_SIZE]; int merge_keys_done = 0; @@ -28,7 +28,7 @@ index b2d5c1d..078a78c 100644 KEYDB_HANDLE hd = NULL; if (r_valid) -@@ -1892,14 +1891,6 @@ import_one_real (ctrl_t ctrl, +@@ -1895,14 +1894,6 @@ import_one_real (ctrl_t ctrl, log_printf ("\n"); } @@ -43,11 +43,12 @@ index b2d5c1d..078a78c 100644 if (screener && screener (keyblock, screener_arg)) { log_error (_("key %s: %s\n"), keystr_from_pk (pk), -@@ -1974,17 +1965,10 @@ import_one_real (ctrl_t ctrl, +@@ -1977,18 +1968,10 @@ import_one_real (ctrl_t ctrl, } } -- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- /* Delete invalid parts and bail out if there are no user ids left. */ +- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs)) - { - if (!silent) - { @@ -61,11 +62,11 @@ index b2d5c1d..078a78c 100644 + /* Delete invalid parts, and note if we have any valid ones left. + * We will later abort import if this key is new but contains + * no valid uids. */ -+ delete_inv_parts (ctrl, keyblock, keyid, options); ++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs); /* Get rid of deleted nodes. */ commit_kbnode (&keyblock); -@@ -1994,24 +1978,11 @@ import_one_real (ctrl_t ctrl, +@@ -1998,24 +1981,11 @@ import_one_real (ctrl_t ctrl, { apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); commit_kbnode (&keyblock); @@ -90,7 +91,7 @@ index b2d5c1d..078a78c 100644 } /* The keyblock is valid and ready for real import. */ -@@ -2069,6 +2040,13 @@ import_one_real (ctrl_t ctrl, +@@ -2073,6 +2043,13 @@ import_one_real (ctrl_t ctrl, err = 0; stats->skipped_new_keys++; } diff --git a/debian/patches/series b/debian/patches/series index e62c9b8..9ea1b66 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,6 +12,8 @@ from-master/gpg-default-to-3072-bit-keys.patch from-master/gpg-default-to-AES-256.patch update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch +update-defaults/gpg-Do-not-set-OCB-key-preference.diff +update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -21,7 +23,3 @@ gpg-drop-import-clean-from-default-keyserver-import-optio.patch from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch from-master/common-Fix-the-previous-commit.patch from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch -from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch -from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch -from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch -from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch diff --git a/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff new file mode 100644 index 0000000..13f020f --- /dev/null +++ b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff @@ -0,0 +1,26 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not set AEAD: OCB key preference on new keys. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 +--- + g10/keygen.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/g10/keygen.c b/g10/keygen.c +index 6612352..dfaa591 100644 +--- a/g10/keygen.c ++++ b/g10/keygen.c +@@ -527,6 +527,10 @@ keygen_set_std_prefs (const char *string,int personal) + if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB)) + ocb = 0; + ++ /* Do not set AEAD: OCB on newly generated key, it is a LibrePGP ++ * feature. */ ++ ocb = 0; ++ + if(!rc) + { + if(personal) diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff new file mode 100644 index 0000000..821038f --- /dev/null +++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff @@ -0,0 +1,44 @@ +From: Andreas Metzler <ametzler@debian.org> +Date: Thu, 9 May 2024 13:57:27 +0200 +Subject: Do not use OCB mode even if AEAD: OCB key preference is set. + +Origin: vendor +Forwarded: not-needed +Last-Update: 2024-05-09 + +(overrideable with --force-ocb) +--- + g10/encrypt.c | 6 ++++++ + tests/openpgp/encrypt.scm | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/g10/encrypt.c b/g10/encrypt.c +index a4863fa..d2ad3fe 100644 +--- a/g10/encrypt.c ++++ b/g10/encrypt.c +@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo) + } + return AEAD_ALGO_OCB; + } ++ else ++ { ++ /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is ++ * a LibrePGP feature. */ ++ return 0; ++ } + + /* AEAD does only work with 128 bit cipher blocklength. */ + if (!can_use) +diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm +index ef2f7b0..a44f5ca 100755 +--- a/tests/openpgp/encrypt.scm ++++ b/tests/openpgp/encrypt.scm +@@ -88,7 +88,7 @@ + (lambda (source) + (tr:do + (tr:open source) +- (tr:gpgstatus "" `(--yes -e ++ (tr:gpgstatus "" `(--yes -e --force-ocb + -r ,"patrice.lumumba" + -r ,"mahsa.amini")) + (tr:call-with-content |