summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch17
-rw-r--r--debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch6
-rw-r--r--debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch33
-rw-r--r--debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch29
-rw-r--r--debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch58
-rw-r--r--debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch27
-rw-r--r--debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch21
-rw-r--r--debian/patches/series6
-rw-r--r--debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff26
-rw-r--r--debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff44
10 files changed, 96 insertions, 171 deletions
diff --git a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
index cc9ee90..ab4eccf 100644
--- a/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
+++ b/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
@@ -36,14 +36,14 @@ bug.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
configure.ac | 2 +-
- doc/dirmngr.texi | 6 +++++-
- 2 files changed, 6 insertions(+), 2 deletions(-)
+ doc/dirmngr.texi | 9 +++++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 0a4ae1e..c48cb8c 100644
+index 1ea8b7a..a3ff5c4 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1837,7 +1837,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
+@@ -1828,7 +1828,7 @@ AC_DEFINE_UNQUOTED(SCDAEMON_SOCK_NAME, "S.scdaemon",
AC_DEFINE_UNQUOTED(DIRMNGR_SOCK_NAME, "S.dirmngr",
[The name of the dirmngr socket])
AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
@@ -53,19 +53,22 @@ index 0a4ae1e..c48cb8c 100644
AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi
-index ab831de..f7c7672 100644
+index 39c0c45..4ac6174 100644
--- a/doc/dirmngr.texi
+++ b/doc/dirmngr.texi
-@@ -331,7 +331,11 @@ whether Tor is locally running or not. The check for a running Tor is
+@@ -339,8 +339,13 @@ whether Tor is locally running or not. The check for a running Tor is
done for each new connection.
If no keyserver is explicitly configured, dirmngr will use the
--built-in default of @code{https://keyserver.ubuntu.com}.
+-built-in default of @code{https://keyserver.ubuntu.com}. To avoid the
+-use of a default keyserver the value @code{none} can be used.
+built-in default of @code{https://keys.openpgp.org}.
+
+Note that the above default is a Debian-specific choice. Upstream
+GnuPG prefers @code{hkps://keyserver.ubuntu.com}. See
+/usr/share/doc/gpgconf/NEWS.Debian.gz for more details.
++
++To avoid the use of a default keyserver the value @code{none} can be used.
Windows users with a keyserver running on their Active Directory
may use the short form @code{ldap:///} for @var{name} to access this directory.
diff --git a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
index 81a1877..11ab394 100644
--- a/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
+++ b/debian/patches/from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
@@ -23,12 +23,12 @@ index 954f88a..f65eed5 100644
+#define LDAP_DEPRECATED 1
#include <ldap.h>
#endif
- ],[ldap_open("foobar",1234);],
+ ]],[[ldap_open("foobar",1234);]])],
@@ -53,6 +54,7 @@ if test x$_ldap_with != xno ; then
if test $gnupg_cv_func_ldap_init = no; then
AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
- AC_TRY_LINK([#include <lber.h>
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <lber.h>
+#define LDAP_DEPRECATED 1
- #include <ldap.h>],[ldap_open("foobar",1234);],
+ #include <ldap.h>]],[[ldap_open("foobar",1234);]])],
[gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
diff --git a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch b/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
deleted file mode 100644
index c21409f..0000000
--- a/debian/patches/from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:16:11 +0900
-Subject: dirmngr: Fix build with no LDAP support.
-
-* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
-
---
-
-Cherry-pick master commit of:
- 7011286ce6e1fb56c2989fdafbd11b931c489faa
-
-GnuPG-bug-id: 6239
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit a5c3821664886ffffbe6a83aac088a6e0088a607)
----
- dirmngr/server.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 651f67c..87a0d77 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -3135,8 +3135,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
- ctrl->refcount);
- else
- {
-+#if USE_LDAP
- ks_ldap_free_state (ctrl->ks_get_state);
- ctrl->ks_get_state = NULL;
-+#endif
- release_ctrl_ocsp_certs (ctrl);
- xfree (ctrl->server_local);
- dirmngr_deinit_default_ctrl (ctrl);
diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
deleted file mode 100644
index 99117df..0000000
--- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:24:54 +0900
-Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS (another).
-
-* g10/Makefile.am (t_keydb_LDADD): Add NETLIBS after GPG_ERROR_LIBS.
-
---
-
-Fixes-commit: b26bb03ed96f380ad603f7ad902862625233c931
-GnuPG-bug-id: 6244
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit 256b3c05789d8026b62f594bd592199a90b1b446)
----
- g10/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/Makefile.am b/g10/Makefile.am
-index d38e292..cd5307e 100644
---- a/g10/Makefile.am
-+++ b/g10/Makefile.am
-@@ -200,7 +200,7 @@ module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t-stutter
- t_rmd160_SOURCES = t-rmd160.c rmd160.c
- t_rmd160_LDADD = $(t_common_ldadd)
- t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source)
--t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(t_common_ldadd)
- t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
- $(common_source)
diff --git a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch b/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
deleted file mode 100644
index c4ad203..0000000
--- a/debian/patches/from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 18 Oct 2022 10:08:20 +0900
-Subject: gpg: Move NETLIBS after GPG_ERROR_LIBS.
-
-* g10/Makefile.am (LDADD): Remove NETLIBS.
-(gpg_LDADD, gpgv_LDADD): Add NETLIBS after GPG_ERROR_LIBS.
-(gpgcompose_LDADD, t_keydb_get_keyblock_LDADD): Likewise.
-(t_stutter_LDADD): Likewise.
-
---
-
-GnuPG-bug-id: 6244
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit b26bb03ed96f380ad603f7ad902862625233c931)
----
- g10/Makefile.am | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/g10/Makefile.am b/g10/Makefile.am
-index f885673..d38e292 100644
---- a/g10/Makefile.am
-+++ b/g10/Makefile.am
-@@ -180,18 +180,18 @@ gpgv_SOURCES = gpgv.c \
- # $(common_source)
-
- LDADD = $(needed_libs) ../common/libgpgrl.a \
-- $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS)
-+ $(ZLIBS) $(LIBINTL) $(CAPLIBS)
- gpg_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBREADLINE) \
-- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(gpg_robjs) $(extra_sys_libs)
- gpg_LDFLAGS = $(extra_bin_ldflags)
- gpgv_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
-- $(GPG_ERROR_LIBS) \
-+ $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(gpgv_robjs) $(extra_sys_libs)
- gpgv_LDFLAGS = $(extra_bin_ldflags)
-
- gpgcompose_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
-- $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
-+ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(extra_sys_libs)
- gpgcompose_LDFLAGS = $(extra_bin_ldflags)
-
-@@ -205,10 +205,10 @@ t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
- t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \
- $(common_source)
- t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-- $(LIBICONV) $(t_common_ldadd)
-+ $(NETLIBS) $(LIBICONV) $(t_common_ldadd)
- t_stutter_SOURCES = t-stutter.c test-stubs.c \
- $(common_source)
--t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
-+t_stutter_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(NETLIBS) \
- $(LIBICONV) $(t_common_ldadd)
-
-
diff --git a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch b/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
deleted file mode 100644
index bf542d0..0000000
--- a/debian/patches/from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Thu, 26 Nov 2020 09:50:40 +0900
-Subject: gpg: Report an error for receiving key from agent.
-
-* g10/export.c (do_export_one_keyblock): Report an error.
-
---
-
-GnuPG-bug-id: 5151
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-(cherry picked from commit 6f0066db2c87e6362473d17c0621011ed1e1eae6)
----
- g10/export.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/g10/export.c b/g10/export.c
-index e98af59..8e17df3 100644
---- a/g10/export.c
-+++ b/g10/export.c
-@@ -1814,6 +1814,7 @@ do_export_one_keyblock (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
- {
- if (gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
- goto leave;
-+ write_status_error ("export_keys.secret", err);
- skip_until_subkey = 1;
- err = 0;
- }
diff --git a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
index fa6dd9f..da2b781 100644
--- a/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
+++ b/debian/patches/import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
@@ -13,14 +13,14 @@ This fixes two of the three broken tests in import-incomplete.scm.
GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
- g10/import.c | 44 +++++++++++---------------------------------
- 1 file changed, 11 insertions(+), 33 deletions(-)
+ g10/import.c | 45 +++++++++++----------------------------------
+ 1 file changed, 11 insertions(+), 34 deletions(-)
diff --git a/g10/import.c b/g10/import.c
-index b2d5c1d..078a78c 100644
+index f11dedc..59c83f7 100644
--- a/g10/import.c
+++ b/g10/import.c
-@@ -1855,7 +1855,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1858,7 +1858,6 @@ import_one_real (ctrl_t ctrl,
size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
int merge_keys_done = 0;
@@ -28,7 +28,7 @@ index b2d5c1d..078a78c 100644
KEYDB_HANDLE hd = NULL;
if (r_valid)
-@@ -1892,14 +1891,6 @@ import_one_real (ctrl_t ctrl,
+@@ -1895,14 +1894,6 @@ import_one_real (ctrl_t ctrl,
log_printf ("\n");
}
@@ -43,11 +43,12 @@ index b2d5c1d..078a78c 100644
if (screener && screener (keyblock, screener_arg))
{
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -1974,17 +1965,10 @@ import_one_real (ctrl_t ctrl,
+@@ -1977,18 +1968,10 @@ import_one_real (ctrl_t ctrl,
}
}
-- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
+- /* Delete invalid parts and bail out if there are no user ids left. */
+- if (!delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs))
- {
- if (!silent)
- {
@@ -61,11 +62,11 @@ index b2d5c1d..078a78c 100644
+ /* Delete invalid parts, and note if we have any valid ones left.
+ * We will later abort import if this key is new but contains
+ * no valid uids. */
-+ delete_inv_parts (ctrl, keyblock, keyid, options);
++ delete_inv_parts (ctrl, keyblock, keyid, options, otherrevsigs);
/* Get rid of deleted nodes. */
commit_kbnode (&keyblock);
-@@ -1994,24 +1978,11 @@ import_one_real (ctrl_t ctrl,
+@@ -1998,24 +1981,11 @@ import_one_real (ctrl_t ctrl,
{
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
commit_kbnode (&keyblock);
@@ -90,7 +91,7 @@ index b2d5c1d..078a78c 100644
}
/* The keyblock is valid and ready for real import. */
-@@ -2069,6 +2040,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2073,6 +2043,13 @@ import_one_real (ctrl_t ctrl,
err = 0;
stats->skipped_new_keys++;
}
diff --git a/debian/patches/series b/debian/patches/series
index e62c9b8..9ea1b66 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,6 +12,8 @@ from-master/gpg-default-to-3072-bit-keys.patch
from-master/gpg-default-to-AES-256.patch
update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
+update-defaults/gpg-Do-not-set-OCB-key-preference.diff
+update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch
import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch
import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
@@ -21,7 +23,3 @@ gpg-drop-import-clean-from-default-keyserver-import-optio.patch
from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch
from-master/common-Fix-the-previous-commit.patch
from-master/build-Use-LDAP_DEPRECATED-to-detect-ldap-library.patch
-from-upstream/gpg-Report-an-error-for-receiving-key-from-agent.patch
-from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS.patch
-from-upstream/dirmngr-Fix-build-with-no-LDAP-support.patch
-from-upstream/gpg-Move-NETLIBS-after-GPG_ERROR_LIBS-another.patch
diff --git a/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff
new file mode 100644
index 0000000..13f020f
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-Do-not-set-OCB-key-preference.diff
@@ -0,0 +1,26 @@
+From: Andreas Metzler <ametzler@debian.org>
+Date: Thu, 9 May 2024 13:57:27 +0200
+Subject: Do not set AEAD: OCB key preference on new keys.
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2024-05-09
+---
+ g10/keygen.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/g10/keygen.c b/g10/keygen.c
+index 6612352..dfaa591 100644
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -527,6 +527,10 @@ keygen_set_std_prefs (const char *string,int personal)
+ if (!(opt.compat_flags & COMPAT_VSD_ALLOW_OCB))
+ ocb = 0;
+
++ /* Do not set AEAD: OCB on newly generated key, it is a LibrePGP
++ * feature. */
++ ocb = 0;
++
+ if(!rc)
+ {
+ if(personal)
diff --git a/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
new file mode 100644
index 0000000..821038f
--- /dev/null
+++ b/debian/patches/update-defaults/gpg-encrypt-disrespect-OCB-key-preference.diff
@@ -0,0 +1,44 @@
+From: Andreas Metzler <ametzler@debian.org>
+Date: Thu, 9 May 2024 13:57:27 +0200
+Subject: Do not use OCB mode even if AEAD: OCB key preference is set.
+
+Origin: vendor
+Forwarded: not-needed
+Last-Update: 2024-05-09
+
+(overrideable with --force-ocb)
+---
+ g10/encrypt.c | 6 ++++++
+ tests/openpgp/encrypt.scm | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/g10/encrypt.c b/g10/encrypt.c
+index a4863fa..d2ad3fe 100644
+--- a/g10/encrypt.c
++++ b/g10/encrypt.c
+@@ -279,6 +279,12 @@ use_aead (pk_list_t pk_list, int algo)
+ }
+ return AEAD_ALGO_OCB;
+ }
++ else
++ {
++ /* Ignore AEAD: OCB key preference unless --force-ocb is set. It is
++ * a LibrePGP feature. */
++ return 0;
++ }
+
+ /* AEAD does only work with 128 bit cipher blocklength. */
+ if (!can_use)
+diff --git a/tests/openpgp/encrypt.scm b/tests/openpgp/encrypt.scm
+index ef2f7b0..a44f5ca 100755
+--- a/tests/openpgp/encrypt.scm
++++ b/tests/openpgp/encrypt.scm
+@@ -88,7 +88,7 @@
+ (lambda (source)
+ (tr:do
+ (tr:open source)
+- (tr:gpgstatus "" `(--yes -e
++ (tr:gpgstatus "" `(--yes -e --force-ocb
+ -r ,"patrice.lumumba"
+ -r ,"mahsa.amini"))
+ (tr:call-with-content