summaryrefslogtreecommitdiffstats
path: root/debian/patches/from-master
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:08 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 16:14:08 +0000
commitafd7a175b53248d68095cecf5616705d093ffbc9 (patch)
tree5678015e96cc82aac7cf90a0b967aaea7a1c0841 /debian/patches/from-master
parentAdding upstream version 2.2.40. (diff)
downloadgnupg2-debian.tar.xz
gnupg2-debian.zip
Adding debian version 2.2.40-1.1.debian/2.2.40-1.1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/patches/from-master/common-Fix-the-previous-commit.patch54
-rw-r--r--debian/patches/from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch52
-rw-r--r--debian/patches/from-master/gpg-default-to-3072-bit-keys.patch91
-rw-r--r--debian/patches/from-master/gpg-default-to-AES-256.patch35
4 files changed, 232 insertions, 0 deletions
diff --git a/debian/patches/from-master/common-Fix-the-previous-commit.patch b/debian/patches/from-master/common-Fix-the-previous-commit.patch
new file mode 100644
index 0000000..c62f521
--- /dev/null
+++ b/debian/patches/from-master/common-Fix-the-previous-commit.patch
@@ -0,0 +1,54 @@
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 24 Jul 2019 15:32:13 +0900
+Subject: common: Fix the previous commit.
+
+* common/asshelp.c [HAVE_W32_SYSTEM] (start_new_gpg_agent): Use
+gnupg_spawn_process_detached.
+(start_new_dirmngr): Likewise.
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+(cherry picked from commit 044379772fc5b0f39c6a36809722e702808b6ec3)
+---
+ common/asshelp.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/common/asshelp.c b/common/asshelp.c
+index 73f159d..9f269ab 100644
+--- a/common/asshelp.c
++++ b/common/asshelp.c
+@@ -477,6 +477,10 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
+ if (!(err = lock_spawning (&lock, gnupg_homedir (), "agent", verbose))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
++#ifdef HAVE_W32_SYSTEM
++ err = gnupg_spawn_process_detached (program? program : agent_program,
++ argv, NULL);
++#else
+ pid_t pid;
+
+ err = gnupg_spawn_process_fd (program? program : agent_program,
+@@ -484,6 +488,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
+ if (!err)
+ err = gnupg_wait_process (program? program : agent_program,
+ pid, 1, NULL);
++#endif
+ if (err)
+ log_error ("failed to start agent '%s': %s\n",
+ agent_program, gpg_strerror (err));
+@@ -617,12 +622,16 @@ start_new_dirmngr (assuan_context_t *r_ctx,
+ if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
++#ifdef HAVE_W32_SYSTEM
++ err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL);
++#else
+ pid_t pid;
+
+ err = gnupg_spawn_process_fd (dirmngr_program, argv,
+ -1, -1, -1, &pid);
+ if (!err)
+ err = gnupg_wait_process (dirmngr_program, pid, 1, NULL);
++#endif
+ if (err)
+ log_error ("failed to start the dirmngr '%s': %s\n",
+ dirmngr_program, gpg_strerror (err));
diff --git a/debian/patches/from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch b/debian/patches/from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch
new file mode 100644
index 0000000..003dbf4
--- /dev/null
+++ b/debian/patches/from-master/common-Use-gnupg_spawn_process_fd-to-invoke-gpg-agent-dir.patch
@@ -0,0 +1,52 @@
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 24 Jul 2019 15:15:32 +0900
+Subject: common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.
+
+* common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
+and gnupg_wait_process.
+(start_new_dirmngr): Likewise.
+
+--
+
+With --daemon option, gpg-agent/dirmngr detaches by itself.
+
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+(cherry picked from commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623)
+---
+ common/asshelp.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/common/asshelp.c b/common/asshelp.c
+index d87017e..73f159d 100644
+--- a/common/asshelp.c
++++ b/common/asshelp.c
+@@ -477,8 +477,13 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
+ if (!(err = lock_spawning (&lock, gnupg_homedir (), "agent", verbose))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
+- err = gnupg_spawn_process_detached (program? program : agent_program,
+- argv, NULL);
++ pid_t pid;
++
++ err = gnupg_spawn_process_fd (program? program : agent_program,
++ argv, -1, -1, -1, &pid);
++ if (!err)
++ err = gnupg_wait_process (program? program : agent_program,
++ pid, 1, NULL);
+ if (err)
+ log_error ("failed to start agent '%s': %s\n",
+ agent_program, gpg_strerror (err));
+@@ -612,7 +617,12 @@ start_new_dirmngr (assuan_context_t *r_ctx,
+ if (!(err = lock_spawning (&lock, gnupg_homedir (), "dirmngr", verbose))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
+- err = gnupg_spawn_process_detached (dirmngr_program, argv, NULL);
++ pid_t pid;
++
++ err = gnupg_spawn_process_fd (dirmngr_program, argv,
++ -1, -1, -1, &pid);
++ if (!err)
++ err = gnupg_wait_process (dirmngr_program, pid, 1, NULL);
+ if (err)
+ log_error ("failed to start the dirmngr '%s': %s\n",
+ dirmngr_program, gpg_strerror (err));
diff --git a/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch b/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch
new file mode 100644
index 0000000..59b0b13
--- /dev/null
+++ b/debian/patches/from-master/gpg-default-to-3072-bit-keys.patch
@@ -0,0 +1,91 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Sep 2017 18:41:10 -0400
+Subject: gpg: default to 3072-bit keys.
+
+* agent/command.c (hlp_genkey): update help text to suggest the use of
+3072 bits.
+* doc/wks.texi: Make example match default generation.
+* g10/keygen.c (gen_elg): update default from 2048 to 3072.
+* g10/keyid.c (pubkey_string): update comment so that first example
+is the default 3072-bit RSA.
+
+--
+
+3072-bit RSA is widely considered to be 128-bit-equivalent security.
+This is a sensible default in 2017.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c)
+---
+ agent/command.c | 2 +-
+ doc/wks.texi | 4 ++--
+ g10/keygen.c | 2 +-
+ g10/keyid.c | 4 ++--
+ 4 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/agent/command.c b/agent/command.c
+index b682c55..ea65290 100644
+--- a/agent/command.c
++++ b/agent/command.c
+@@ -843,7 +843,7 @@ static const char hlp_genkey[] =
+ "\n"
+ " C: GENKEY\n"
+ " S: INQUIRE KEYPARAM\n"
+- " C: D (genkey (rsa (nbits 2048)))\n"
++ " C: D (genkey (rsa (nbits 3072)))\n"
+ " C: END\n"
+ " S: D (public-key\n"
+ " S: D (rsa (n 326487324683264) (e 10001)))\n"
+diff --git a/doc/wks.texi b/doc/wks.texi
+index e398ccb..68ed117 100644
+--- a/doc/wks.texi
++++ b/doc/wks.texi
+@@ -447,10 +447,10 @@ the submission address:
+ The output of the last command looks similar to this:
+
+ @example
+- sec rsa2048 2016-08-30 [SC]
++ sec rsa3072 2016-08-30 [SC]
+ C0FCF8642D830C53246211400346653590B3795B
+ uid [ultimate] key-submission@@example.net
+- ssb rsa2048 2016-08-30 [E]
++ ssb rsa3072 2016-08-30 [E]
+ @end example
+
+ Take the fingerprint from that output and manually publish the key:
+diff --git a/g10/keygen.c b/g10/keygen.c
+index 80d65c4..5b4a785 100644
+--- a/g10/keygen.c
++++ b/g10/keygen.c
+@@ -1436,7 +1436,7 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
+
+ if (nbits < 1024)
+ {
+- nbits = 2048;
++ nbits = 3072;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
+ else if (nbits > 4096)
+diff --git a/g10/keyid.c b/g10/keyid.c
+index 69d85da..2987287 100644
+--- a/g10/keyid.c
++++ b/g10/keyid.c
+@@ -73,7 +73,7 @@ pubkey_letter( int algo )
+ is copied to the supplied buffer up a length of BUFSIZE-1.
+ Examples for the output are:
+
+- "rsa2048" - RSA with 2048 bit
++ "rsa3072" - RSA with 3072 bit
+ "elg1024" - Elgamal with 1024 bit
+ "ed25519" - ECC using the curve Ed25519.
+ "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
+@@ -83,7 +83,7 @@ pubkey_letter( int algo )
+ If the option --legacy-list-mode is active, the output use the
+ legacy format:
+
+- "2048R" - RSA with 2048 bit
++ "3072R" - RSA with 3072 bit
+ "1024g" - Elgamal with 1024 bit
+ "256E" - ECDSA using a curve with 256 bit
+
diff --git a/debian/patches/from-master/gpg-default-to-AES-256.patch b/debian/patches/from-master/gpg-default-to-AES-256.patch
new file mode 100644
index 0000000..c82fea3
--- /dev/null
+++ b/debian/patches/from-master/gpg-default-to-AES-256.patch
@@ -0,0 +1,35 @@
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Thu, 7 Sep 2017 19:04:00 -0400
+Subject: gpg: default to AES-256.
+
+* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
+
+--
+
+It's 2017, and pretty much everyone has AES-256 available. Symmetric
+crypto is also rarely the bottleneck (asymmetric crypto is much more
+expensive). AES-256 provides some level of protection against
+large-scale decryption efforts, and longer key lengths provide a hedge
+against unforseen cryptanalysis.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)
+---
+ g10/main.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/g10/main.h b/g10/main.h
+index 273ddaa..d1a54db 100644
+--- a/g10/main.h
++++ b/g10/main.h
+@@ -31,7 +31,9 @@
+ (i.e. uncompressed) rather than 1 (zip). However, the real world
+ issues of speed and size come into play here. */
+
+-#if GPG_USE_AES128
++#if GPG_USE_AES256
++# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256
++#elif GPG_USE_AES128
+ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES
+ #elif GPG_USE_CAST5
+ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5