From: Daniel Kahn Gillmor Date: Tue, 3 Jan 2017 20:39:52 +0000 (+0000) Subject: gnupg2 (2.1.17-3) unstable; urgency=medium X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;ds=sidebyside;h=ec7411146b283f9271f7d087bb7a58e2dba45fea;hp=-c;p=gnupg2.git gnupg2 (2.1.17-3) unstable; urgency=medium * more bugfixes from upstream (improving but not yet closing: #849845) [dgit import unpatched gnupg2 2.1.17-3] --- ec7411146b283f9271f7d087bb7a58e2dba45fea diff --combined debian/NEWS index 0000000,0000000..0a6a744 new file mode 100644 --- /dev/null +++ b/debian/NEWS @@@ -1,0 -1,0 +1,8 @@@ ++gnupg2 (2.1.11-7+exp1) experimental; urgency=medium ++ ++ The gnupg package now provides the "modern" version of GnuPG. ++ ++ Please read /usr/share/doc/gnupg/README.Debian for details about the ++ transition from "classic" to "modern" ++ ++ -- Daniel Kahn Gillmor Wed, 30 Mar 2016 09:59:35 -0400 diff --combined debian/Xsession.d/90gpg-agent index 0000000,b97c363..b97c363 mode 000000,100644..100644 --- a/debian/Xsession.d/90gpg-agent +++ b/debian/Xsession.d/90gpg-agent @@@ -1,0 -1,21 +1,21 @@@ + # On systems with systemd running, we expect the agent to be launched + # via systemd's user mode (see /usr/lib/systemd/user/gpg-agent.service + # and systemd.unit(5)). This allows systemd to clean up the agent + # automatically at logout. + + # If systemd is absent from your system, or you do not permit it to + # run in user mode, then you may need to manually launch gpg-agent + # from your session initialization with something like "gpgconf + # --launch gpg-agent" + + # Nonetheless, ssh and older versions of gpg require environment + # variables to be set in order to find the agent, so we will set those + # here. + + agent_sock=$(gpgconf --list-dirs | grep ^agent-socket: | cut -d: -f2) + export GPG_AGENT_INFO=${agent_sock}:0:1 + if [ -n "$(gpgconf --list-options gpg-agent | \ + awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then + export SSH_AUTH_SOCK=${agent_sock}.ssh + fi + diff --combined debian/changelog index 0000000,e83fbe1..e83fbe1 mode 000000,100644..100644 --- a/debian/changelog +++ b/debian/changelog @@@ -1,0 -1,1890 +1,1890 @@@ + gnupg2 (2.1.17-3) unstable; urgency=medium + + * more bugfixes from upstream (improving but not yet closing: #849845) + + -- Daniel Kahn Gillmor Tue, 03 Jan 2017 15:39:52 -0500 + + gnupg2 (2.1.17-2) unstable; urgency=medium + + * include patches from upstream to avoid build failures on 32-bit + arches. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 18:11:51 -0500 + + gnupg2 (2.1.17-1) unstable; urgency=medium + + * new upstream release. + + -- Daniel Kahn Gillmor Sat, 24 Dec 2016 15:39:04 -0500 + + gnupg2 (2.1.16-3) unstable; urgency=medium + + * remove -pie from hppa, kfreebsd-amd64, and x32 builds of + gpgv-static (Closes: #846889) + * import several upstream bugfix patches (Closes: #846834, #846168) + * link gnupg-agent and scdaemon with Enhances/Suggests (Closes: #833518) + + -- Daniel Kahn Gillmor Mon, 05 Dec 2016 15:34:49 -0500 + + gnupg2 (2.1.16-2) unstable; urgency=medium + + * avoid using adns, due to lack of security support (Closes: #845078) + + -- Daniel Kahn Gillmor Mon, 21 Nov 2016 09:57:26 -0500 + + gnupg2 (2.1.16-1) unstable; urgency=medium + + * New upstream version + * dropped many patches already incorporated upstream + + -- Daniel Kahn Gillmor Sun, 20 Nov 2016 23:22:49 -0500 + + gnupg2 (2.1.15-9) unstable; urgency=medium + + * Introduce gpgv-static package (Closes: #806940) + * more patches from upstream + * use adns for better DNS resolution in dirmngr + * add some import-options to + migrate-pubring-from-classic-gpg for better migration + * reorganize patches to distinguish debian variations from upstream + * set simple and easy defaults for keyservers + * help dirmngr and gpg-agent idle better in the default case + + -- Daniel Kahn Gillmor Thu, 10 Nov 2016 07:28:16 -0800 + + gnupg2 (2.1.15-8) unstable; urgency=medium + + * rename gpg-agent-restricted.socket to gpg-agent-extra.socket + (for symmetry with option names and actual sockets created) + + -- Daniel Kahn Gillmor Thu, 27 Oct 2016 13:54:53 -0400 + + gnupg2 (2.1.15-7) unstable; urgency=medium + + * more upstream patches + * dirmngr systemd user service is now socket-activated. + + -- Daniel Kahn Gillmor Thu, 27 Oct 2016 12:48:15 -0400 + + gnupg2 (2.1.15-6) unstable; urgency=medium + + * more upstream patches (Closes: #841437, #840680) + + -- Daniel Kahn Gillmor Wed, 26 Oct 2016 17:44:20 -0400 + + gnupg2 (2.1.15-5) unstable; urgency=medium + + * added udev rules for Fujitsu Siemens cardreader (Closes: #840312) + * mark transitional packages Multi-Arch: Foreign (closes: #840258) + * make gnupg2 binNMU-safe + * more patches from upstream + * track upstream decision-making about gpg-agent socket names + + -- Daniel Kahn Gillmor Tue, 25 Oct 2016 21:30:06 -0400 + + gnupg2 (2.1.15-4) unstable; urgency=medium + + * update debian/tests/gpgv-win32 + * more patches from upstream (Closes: #838153) + * tighten dependencies between gnupg and dirmngr (Closes: #834602) + * updated systemd user gpg-agent units for socket activation + + -- Daniel Kahn Gillmor Tue, 04 Oct 2016 17:22:30 -0400 + + gnupg2 (2.1.15-3) unstable; urgency=medium + + * Use upstream fix to avoid touching homedir during test suite + * backward compatibility for preset-passphrase and protect-tool + * add Breaks: for python3-apt too (thanks, Harald Jenny!) + * Avoid network access during tests (Closes: #836259) + * more patches from upstream + - gpgv --output now works + - fingerprint display doesn't vary with --keyid-format + - minor cleanup to scdaemon dealing with removed cards + + -- Daniel Kahn Gillmor Wed, 14 Sep 2016 17:08:58 -0400 + + gnupg2 (2.1.15-2) unstable; urgency=medium + + * restore keyid output in gpgv (Closes: #836144) + * avoid test suite failures when HOME does not exist + + -- Daniel Kahn Gillmor Wed, 31 Aug 2016 12:37:48 -0400 + + gnupg2 (2.1.15-1) unstable; urgency=medium + + * new upstream release + - blocks signals during keyring updates (Closes: #293556) + * avoid libusb on hurd. Thanks, Pino Toscano! (Closes: #834533) + * permissions on test suite are already fixed + * drop patches applied upstream and refresh remaining patches + * make gnupg2 reproducible by not regenerating documentation date + * make autopkgtest work with modern wine (Closes: #835976) + * wrap-and-sort -ast for cleaner diffs + * add versioned Breaks: for affected packages (Closes: #835349) + - gpgv Breaks: python-debian << 0.1.29 (addresses: #782904) + - gnupg Breaks: php-crypt-gpg <= 1.4.1-1 (addresses #835592) + - gnupg Breaks: python-apt <= 1.1.0~beta4 (addresses: #835465) + - gnupg Breaks: python-gnupg << 0.3.8-3 (addresses: #834514, #834600) + - gnupg Breaks: libgnupg-interface-perl << 0.52-3 (addresses: #834281) + - gnupg Breaks: libmail-gnupg-perl <= 0.22-1 (addresses: #835075) + - gnupg Breaks: libgnupg-perl << 0.19-1 (addresses: #834522) + + -- Daniel Kahn Gillmor Tue, 30 Aug 2016 13:19:23 -0400 + + gnupg2 (2.1.14-5) unstable; urgency=medium + + * actually ship /usr/share/doc/gnupg/README.Debian + * Release to unstable. + + -- Daniel Kahn Gillmor Fri, 12 Aug 2016 16:27:22 -0400 + + gnupg2 (2.1.14-4) experimental; urgency=medium + + * add ZeitControl card (Closes: #814584) + * three more fixes from upstream + + -- Daniel Kahn Gillmor Mon, 08 Aug 2016 12:54:21 -0400 + + gnupg2 (2.1.14-3) experimental; urgency=medium + + * cleanup debian/copyright + * update debian/watch + + -- Daniel Kahn Gillmor Wed, 03 Aug 2016 11:09:05 -0400 + + gnupg2 (2.1.14-2) experimental; urgency=medium + + * mark the gpgv binary as Priority: important, since apt depends on it + * import a bunch of fixes from upstream + * include permissioning on patched-in tests + * Breaks: some packages that expect old gpg behavior (Closes: #831500) + * remove scdaemon.service; it will be managed by gpg-agent.service + * avoid bulleted items in debian/NEWS (thanks, Lintian!) + * debian/copyright: cleanup, fix URLs + * debian/control: use standard URL for Vcs-Browser + * fix spelling and grammar noticed by lintian + * avoid lintian notes about a misspelled "written" + * clean up gpgv2 Description + * break out arch-indep localization files into new gnupg-l10n package + + -- Daniel Kahn Gillmor Mon, 01 Aug 2016 17:54:59 -0400 + + gnupg2 (2.1.14-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Fri, 15 Jul 2016 01:39:25 +0200 + + gnupg2 (2.1.13-5) experimental; urgency=medium + + * dependency cleanup! + - make Recommends: strictly versioned between gnupg and {gpg-agent,dirmngr} + - make gnupg Provide: gpg and mention it in the package description + - drop mention of newpg, which has not been in debian for many releases + - gnupg2 2.0.18 predates debian wheezy, which is oldstable; drop mention + in debian/control + - drop Suggests: gnupg-doc, which does not appear to be maintained + - drop all references to gpg-idea, which has not been in debian for + several releases + - removed dependency on "dpkg (>= 1.15.4) | install-info", since that + dpkg version predates oldstable (wheezy) + + -- Daniel Kahn Gillmor Mon, 04 Jul 2016 10:13:42 -0400 + + gnupg2 (2.1.13-4) experimental; urgency=medium + + * add binutils-multiarch [!amd64 !i386] to Build-Depends-Indep: so that + we can generate win32 packages on non-x86 platforms. + + -- Daniel Kahn Gillmor Fri, 01 Jul 2016 11:30:28 -0400 + + gnupg2 (2.1.13-3) experimental; urgency=medium + + * pull bugfixes from upstream (Closes: #828109, #814584) + * should also allow for reproducible builds, with fix to + timestamps in tofu.test + * provide supervised dirmngr, gpg-agent, and scdaemon services from + systemd's user sessioniif the user wants to enable them. These + services should terminate at logout (Closes: #825911) + * avoid launching gpg-agent from Xsession.d since we have more robust + session management available (added NEWS entry about this change) + * gnupg-agent now Provides: gpg-agent to mitigate common confusion. + * updated dirmngr package description. + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 13:46:36 -0400 + + gnupg2 (2.1.13-2) experimental; urgency=medium + + * brown paper bag time: fix build-dep from libusb-1.0.0-dev to + libusb-1.0-0-dev + + -- Daniel Kahn Gillmor Fri, 17 Jun 2016 23:07:43 -0400 + + gnupg2 (2.1.13-1) experimental; urgency=medium + + * New upstream release + - new keyid-format "none", used by default (Closes: #826273) + * Build-depend on libusb-1.0.0-dev to ensure smartcards work (Thanks, + gniibe!) + + -- Daniel Kahn Gillmor Thu, 16 Jun 2016 18:30:36 -0400 + + gnupg2 (2.1.12-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 10 May 2016 20:58:06 -0400 + + gnupg2 (2.1.11-7+exp1) experimental; urgency=medium + + * switching over binary package names in experimental -- gnupg2 source + package now provides gnupg and gpgv + + -- Daniel Kahn Gillmor Mon, 18 Apr 2016 19:17:19 -0400 + + gnupg2 (2.1.11-7) unstable; urgency=medium + + * move to unstable + * re-enable test suites on mips and mipsel since #730846 is resolved + + -- Daniel Kahn Gillmor Mon, 18 Apr 2016 07:45:16 -0400 + + gnupg2 (2.1.11-6+exp4) experimental; urgency=medium + + * stop using help2man to fix cross-building + * ensure gpgv-win32 is properly stripped + * enable autopkgtest to run without root on systems that already have + wine32 installed + + -- Daniel Kahn Gillmor Fri, 01 Apr 2016 13:08:07 -0300 + + gnupg2 (2.1.11-6+exp3) experimental; urgency=medium + + * more cleanup on arch-dependent packages. + + -- Daniel Kahn Gillmor Wed, 30 Mar 2016 03:36:18 -0400 + + gnupg2 (2.1.11-6+exp2) experimental; urgency=medium + + * avoid build failures when building only arch-dependent or only + arch-independent packages. + + -- Daniel Kahn Gillmor Wed, 30 Mar 2016 02:59:18 -0400 + + gnupg2 (2.1.11-6+exp1) experimental; urgency=medium + + * take over gpgv-win32 from gnupg 1.4 packaging + + -- Daniel Kahn Gillmor Mon, 28 Mar 2016 23:27:43 -0400 + + gnupg2 (2.1.11-6) unstable; urgency=medium + + * avoid FTBFS with patch from upstream (Closes: #814842) + * bumped standards-version to 3.9.7 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 01 Mar 2016 09:36:41 +0100 + + gnupg2 (2.1.11-5) unstable; urgency=medium + + * taking over gpgv-udeb from gnupg 1.4 packaging + * debian/control: use secure transport for Vcs-* and Homepage + + -- Daniel Kahn Gillmor Thu, 04 Feb 2016 17:17:47 -0500 + + gnupg2 (2.1.11-4) unstable; urgency=medium + + * disable gpgtar, since it is causing unpredictable testsuite failures + and we don't ship it anyway. + + -- Daniel Kahn Gillmor Wed, 03 Feb 2016 11:57:57 -0500 + + gnupg2 (2.1.11-3) unstable; urgency=medium + + * trying again to get a proper dump of the gpgtar.test.log. sigh. + + -- Daniel Kahn Gillmor Thu, 28 Jan 2016 08:34:22 -0500 + + gnupg2 (2.1.11-2) unstable; urgency=medium + + * added temporary hook to view failing gpgtar test output on build + daemons since i can't replicate the failures on my own build systems. + + -- Daniel Kahn Gillmor Thu, 28 Jan 2016 00:53:29 -0500 + + gnupg2 (2.1.11-1) unstable; urgency=medium + + * new upstream release + - drops buggy attempt to detect duplicate keys (Closes: #807819) + * removed -dbg package, since we have automatic -dbgsym packages now + * removed undocumented gpgkey2ssh; use gpg --export-ssh-key instead + + -- Daniel Kahn Gillmor Mon, 25 Jan 2016 15:29:25 -0500 + + gnupg2 (2.1.10-3) unstable; urgency=medium + + * avoid infinite loop when doing --gen-revoke by fingerprint + + -- Daniel Kahn Gillmor Sat, 12 Dec 2015 16:53:40 -0500 + + gnupg2 (2.1.10-2) unstable; urgency=medium + + * actually use sks-keyservers CA by default if the user asks for + hkps://hkps.pool.sks-keyservers.net + * move ownership of some files in /usr/share/gnupg2/ to more appropriate + owners like gpgsm and dirmngr. + + -- Daniel Kahn Gillmor Fri, 11 Dec 2015 17:06:10 -0500 + + gnupg2 (2.1.10-1) unstable; urgency=medium + + * new upstream release + * ship sks-keyservers.netCA.pem in dirmngr to make it easier to use hkps. + * avoid shipping Changelog-2011, use upstream ChangeLog (Closes: + #803225) + + -- Daniel Kahn Gillmor Wed, 09 Dec 2015 12:05:42 -0500 + + gnupg2 (2.1.9-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Tue, 13 Oct 2015 10:04:33 -0400 + + gnupg2 (2.1.8-2) UNRELEASED; urgency=medium + + [ NIIBE Yutaka ] + * update scdaemon dependencies + + [ Daniel Kahn Gillmor ] + * correct ssh fingerprint for ECDSA nistp384 (Closes: #795636) + + -- Daniel Kahn Gillmor Thu, 17 Sep 2015 00:00:28 -0400 + + gnupg2 (2.1.8-1) unstable; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 10 Sep 2015 17:00:06 -0400 + + gnupg2 (2.1.7-2) unstable; urgency=medium + + * upload to unstable + + -- Daniel Kahn Gillmor Tue, 11 Aug 2015 21:24:18 -0400 + + gnupg2 (2.1.7-1) experimental; urgency=medium + + * new upstream release + * block ptrace connections to gpg-agent + + -- Daniel Kahn Gillmor Tue, 11 Aug 2015 20:05:38 -0400 + + gnupg2 (2.1.6-1) experimental; urgency=medium + + * new upstream release + * drop deprecated gpgsm-gencert.sh + + -- Daniel Kahn Gillmor Tue, 07 Jul 2015 14:27:23 -0400 + + gnupg2 (2.1.5-2) experimental; urgency=medium + + [ Daniel Kahn Gillmor ] + * pass DBUS_SESSION_BUS_ADDRESS through to the agent so that + pinentry-gnome3 can work across sessions. + * ensure that l10n files are rebuilt. + + [ Eric Dorland ] + * debian/patches/0003-Include-defs.inc-in-BUILT_SOURCES.patch: Fix for + build failure when rebuilding info docs. + + -- Daniel Kahn Gillmor Tue, 30 Jun 2015 18:13:58 -0400 + + gnupg2 (2.1.5-1) experimental; urgency=medium + + * New upstream release + + -- Daniel Kahn Gillmor Thu, 11 Jun 2015 13:18:56 -0400 + + gnupg2 (2.1.4-2) experimental; urgency=medium + + * avoid excess dependencies on headless servers (Closes: #753163) + + -- Daniel Kahn Gillmor Wed, 03 Jun 2015 14:12:49 -0400 + + gnupg2 (2.1.4-1) experimental; urgency=medium + + * New upstream release. + + -- Daniel Kahn Gillmor Thu, 28 May 2015 00:25:55 -0400 + + gnupg2 (2.1.3-1) experimental; urgency=medium + + * New upstream version. + * Add gnupg2-dbg (Closes: #781631) + + -- Daniel Kahn Gillmor Wed, 01 Apr 2015 12:10:38 -0400 + + gnupg2 (2.1.2-2) experimental; urgency=medium + + * Fix segv due to NULL value stored as opaque MPI. + + -- Daniel Kahn Gillmor Sat, 21 Feb 2015 10:26:50 -0500 + + gnupg2 (2.1.2-1) experimental; urgency=medium + + * New upstream version + * move from automake1.11 to plain automake (upstream uses 1.14 now) + + -- Daniel Kahn Gillmor Thu, 12 Feb 2015 20:10:43 -0500 + + gnupg2 (2.1.1-1) experimental; urgency=medium + + * New upstream version (closes: #772654) + * gnupg2 now Breaks: older versions of dirmngr (closes: #769460) + + -- Daniel Kahn Gillmor Tue, 16 Dec 2014 14:58:06 -0500 + + gnupg2 (2.1.0-1) experimental; urgency=medium + + * import upstream 2.1.0 release. + * drop debian/patches/speed-up-test-suite.patch -- included upstream. + * avoid self-reporting as a beta now that this is a release + + -- Daniel Kahn Gillmor Thu, 06 Nov 2014 12:31:06 -0500 + + gnupg2 (2.1.0~beta895-3) experimental; urgency=medium + + * update gnupg-agent.xsession to export ssh-agent where + configured. (Closes: #767341) + * use cheap/fast entropy for the test suite so that builds on + low-entropy machines go faster. + + -- Daniel Kahn Gillmor Thu, 30 Oct 2014 13:37:08 -0400 + + gnupg2 (2.1.0~beta895-2) experimental; urgency=medium + + * added pkg-config to Build-Depends. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2014 18:36:27 -0400 + + gnupg2 (2.1.0~beta895-1) experimental; urgency=medium + + * new upstream version in experimental (Closes: #762844, #751266, #762844) + * ship /usr/bin/gpgparsemail (Closes: #760575) + * document that doc/OpenPGP is not actually an RFC, but just refers to + one (closes: #745410) + * Bump Standards-Version to 3.9.6 (no changes needed) + * --enable-large-secmem to ensure that gpg2 works with pre-generated + oversized RSA keys + * updated /etc/X11/Xsession.d/90gpg-agent to export $GPG_AGENT_INFO + about the standard socket. + + -- Daniel Kahn Gillmor Wed, 29 Oct 2014 17:53:06 -0400 + + gnupg2 (2.0.28-3) unstable; urgency=medium + + * pass DBUS_SESION_BUS_ADDRESS to the agent for gnome3. + + -- Daniel Kahn Gillmor Sat, 04 Jul 2015 14:21:41 -0400 + + gnupg2 (2.0.28-2) unstable; urgency=medium + + * d/clean: drop stamp-po to rebuild l10n (Closes: #788989) + + -- Daniel Kahn Gillmor Tue, 30 Jun 2015 17:17:11 -0400 + + gnupg2 (2.0.28-1) unstable; urgency=medium + + * new upstream release + * really address excess dependencies on headless server (thanks Raphaël + Halimi for noticing) (Closes: #753163) + + -- Daniel Kahn Gillmor Tue, 02 Jun 2015 12:16:57 -0400 + + gnupg2 (2.0.27-2) unstable; urgency=medium + + * import upstream fix to avoid replicating unknown subkey + packets. (Closes: #787045) (Thanks, NIIBE Yutaka) + + -- Daniel Kahn Gillmor Thu, 28 May 2015 00:55:51 -0400 + + gnupg2 (2.0.27-1) unstable; urgency=medium + + * New upstream release. + * Provide a simple way for users to avoid gpg-agent hijacking, + working around: #760102 (Closes: #753163) + + -- Daniel Kahn Gillmor Fri, 08 May 2015 18:15:15 -0400 + + gnupg2 (2.0.26-6) unstable; urgency=medium + + * Avoid NULL dereference with opaque MPI. + + -- Daniel Kahn Gillmor Sat, 21 Feb 2015 18:01:40 -0500 + + gnupg2 (2.0.26-5) unstable; urgency=medium + + * import bug-fixes from upstream + (Closes: #773415, #773469, #773471, #773472, #773423) + * Fixes CVE-2015-1606 "Use after free, resulting from failure to skip + invalid packets", CVE-2015-1607 "memcpy with overlapping ranges, + resulting from incorrect bitwise left shifts" (Closes: #778577) + + -- Daniel Kahn Gillmor Mon, 16 Feb 2015 17:45:06 -0500 + + gnupg2 (2.0.26-4) unstable; urgency=medium + + [ David Prévot ] + * Update POT and PO files, and ensure the translations get rebuild + * Update French translation (Closes: #769574) + * Update Ukrainian translation, thanks to Yuri Chornoivan + * Update German translation, thanks to Werner Koch + * Update Danish translation, thanks to Joe Hansen + * Update Japanese translation, thanks to NIIBE Yutaka + * Update Chinese (traditional) translation, thanks to Jedi Lin + * Update Russian translation, thanks to Ineiev + * Update Polish translation, thanks to Jakub Bogusz + * Update Spanish translation, thanks to Manuel "Venturi" Porras Peralta + (Closes: #770727) + * New Dutch translation, thanks to Frans Spiesschaert (Closes: #770981) + + [ Daniel Kahn Gillmor ] + * bugfix and cryptographic safety changes imported from upstream: + - Avoid regression when adding subkeys with strong s2k algorithms + (Closes: #772780) Thanks, NIIBE Yutaka + - Allow french translation to work when prompting for passphrase. + - add build and runtime support for larger RSA keys (Closes: #739424) + - fix runtime errors on bad input (Closes: #771987) + - deprecate insecure one-argument variant for gpg --verify of detached + signatures (Closes: #771992) + - initialize trustdb before trying to clear it (Closes: #735363) + - default to issuing SHA256 signatures for RSA + - avoid relying on MD5 signatures + - show v3 key fingerprints as all zero (OpenPGPv3 is deprecated) + + -- Daniel Kahn Gillmor Sun, 04 Jan 2015 17:17:00 -0500 + + gnupg2 (2.0.26-3) unstable; urgency=medium + + * fix typo in gpg.info (closes: #760273) + * drop versioned Build-Conflicts on automake by setting environment + variables in debian/rules + * ship /usr/bin/gpgparsemail (closes: #760575) + * warn but don't fail when scdaemon options are in ~/.gnupg/gpg.conf + (closes: #762844) + * do not break on --trust-model=always (closes: #751266) + * document that doc/OpenPGP is not actually an RFC, but just refers to + one (closes: #745410) + * Bump Standards-Version to 3.9.6 (no changes needed) + + -- Daniel Kahn Gillmor Tue, 30 Sep 2014 23:39:15 -0400 + + gnupg2 (2.0.26-2) unstable; urgency=medium + + * ignore emacs turds in debian/ + * update Vcs fields + * move package to group maintenance + * wrap-and-sort cleanup of debian/* + + -- Daniel Kahn Gillmor Thu, 28 Aug 2014 11:42:18 -0700 + + gnupg2 (2.0.26-1) unstable; urgency=medium + + * New upstream release. + * debian/control: Suggest parcimonie. Thanks ilf. (Closes: #752261) + + -- Eric Dorland Tue, 19 Aug 2014 18:09:08 -0400 + + gnupg2 (2.0.25-2) unstable; urgency=medium + + * debian/control: Switch to libgcrypt20-dev (aka 1.6 release). + + -- Eric Dorland Fri, 08 Aug 2014 14:12:05 -0400 + + gnupg2 (2.0.25-1) unstable; urgency=medium + + * New upstream release. + + -- Eric Dorland Mon, 30 Jun 2014 13:10:04 -0400 + + gnupg2 (2.0.24-1) unstable; urgency=high + + * New upstream release. Fixes CVE-2014-4617 "infinite loop when + decompressing data packets". (Closes: #752498) + * debian/patches/02-gpgv2-dont-link-libassuan.diff: Drop, now + upstreamed. + + -- Eric Dorland Wed, 25 Jun 2014 00:11:19 -0400 + + gnupg2 (2.0.23-1) unstable; urgency=medium + + * New upstream release. + * debian/upstream/signing-key.asc: Rename upstream-signing-key.pgp to + the new, supported name. + * debian/control: Restore versioned conflict against gpg-idea. (Closes: + #733984) + * debian/control: Add Recommends on dirmngr for gpgsm. (Closes: #683579) + + -- Eric Dorland Sun, 08 Jun 2014 19:20:17 -0400 + + gnupg2 (2.0.22-3) unstable; urgency=low + + * debian/watch, debian/upstream-signing-key.pgp: Add upstream signing + key for uscan verification. + * debian/kbxutil.1, debian/rules: Add better description and regenerate + the manpage. + * debian/control: Remove version on gpg-idea conflict, add missing + Breaks for gpgsm and convert Conflicts to Breaks for gpgv2. + * debian/control: Move gnupg-agent to Depends for gpgsm instead of + Replaces (which in turn should have been Recommends). + * debian/control: Standards-Version to 3.9.5. + * debian/copyright: Switch to a shiny DEP-5 copyright file. + + -- Eric Dorland Wed, 01 Jan 2014 22:56:56 -0500 + + gnupg2 (2.0.22-2) unstable; urgency=low + + * debian/control: Fix Build-Conflicts on newer automakes. Thanks Chris + Boot. (Closes: #726015) + * debian/control: IDEA is no longer patented, drop its metion from the + description. Thanks brian m. carlson. (Closes: #726139) + * debian/rules: Disable the test suite on mips and mipsel to work around + Bug:#730846. + + -- Eric Dorland Sat, 30 Nov 2013 23:47:56 -0500 + + gnupg2 (2.0.22-1) unstable; urgency=low + + * New upstream version. Fixes CVE-2013-4402 and CVE-2013-4351. (Closes: + #725433, #722724) + * debian/gnupg2.install: Install gnupg-card-architecture.png for the + info file. + + -- Eric Dorland Sat, 05 Oct 2013 17:45:28 -0400 + + gnupg2 (2.0.21-2) unstable; urgency=low + + * debian/rules, debian/gnupg2.install: Switch libexecdir to + /usr/lib/gnupg2 to install helper binaries to a non-multiarch specific + location. (Closes: #717303) + * debian/control, debian/gpgv2.install: Split out gpgv2 into its own + package. + * debian/control, debian/gnupg2.install, debian/kbxutil.1: Add rule and + manpage for kbxutil using help2man. (Closes: #323494) + * debian/patches/02-gpgv2-dont-link-libassuan.diff: Don't link gpgv2 + against libassuan as it's not used. + * debian/rules: Install changelog for gpgv2. + + -- Eric Dorland Sun, 01 Sep 2013 00:42:16 -0400 + + gnupg2 (2.0.21-1) unstable; urgency=low + + * New upstream release. (Closes: #613465, #720369) + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + * debian/control: Fix Vcs-Git path. + * debian/control: Now depends on libgpg-error >= 1.11. + * debian/control: Build-Depends on automake1.11 since the test suite + fails on newer versions. (Closes: #713287) + * debian/control: Also need a Build-Conflicts on automake (<= 1.12). + + -- Eric Dorland Sat, 24 Aug 2013 20:33:19 -0400 + + gnupg2 (2.0.20-1) unstable; urgency=low + + * New upstream release. (Closes: #691237, #583893) + * debian/patches/02-cve-2012-6085.diff: Remove, merged upstream. + * debian/control: Upgrade Standards-Version to 3.9.4. + * debian/compat, debian/control: Upgrade to debhelper v9. + * debian/control, debian/rules: Drop hardening-wrapper, now that we use + debhelper v9. + * debian/scdaemon.install: scdaemon has moved under $libexecdir. + * debian/control: Tighten dependency on scdaemon. + * debian/rules: Turn on all hardening options. + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + * debian/gnupg-agent.install, debian/gnupg2.install, + debian/scdaemon.install: Fix /usr/lib paths for multi-arch. + * debian/rules: Pass ${pkglibdir} to --libexecdir since dh v9 passes + ${libdir} by default. + + -- Eric Dorland Sat, 11 May 2013 18:28:57 -0400 + + gnupg2 (2.0.19-2) unstable; urgency=high + + * debian/patches/02-cve-2012-6085.diff: Patch from upstream to fix + CVE-2012-6085, "gnupg key import memory corruption". (Closes: #697251) + * debian/control: Use canonical addresses for VCS. + * debian/control: Fix scdaemon short description. + + -- Eric Dorland Fri, 04 Jan 2013 00:56:52 -0500 + + gnupg2 (2.0.19-1) unstable; urgency=low + + * New upstream release. (Closes: #666092) + * debian/control: Add Multi-Arch: foreign to all packages. + * debian/rules: Update ChangeLog locations. + + -- Eric Dorland Sat, 31 Mar 2012 01:06:02 -0400 + + gnupg2 (2.0.18-2) unstable; urgency=low + + * debian/control, debian/gpgsm.install, debian/scdaemon.install: Add a + separate package for the scdaemon. (Closes: #416129) + * debian/control, debian/gpgsm.install, debian/gnupg2.install, + gnupg-agent.install: Move gpg-preset-passphrase and gpg-protect-tool + into the gnupg-agent. + * debian/control: Upgrade Standards-Version to 3.9.2. + * debian/rules: Install ChangeLog for new scdaemon package. + + -- Eric Dorland Sat, 15 Oct 2011 20:21:35 -0400 + + gnupg2 (2.0.18-1) unstable; urgency=low + + * New upstream release. (Closes: #635206) + * debian/copyright: Update ftp location. (Closes: #624404) + * debian/patches/01-gnupg2-rename.diff: Refresh patch. + + -- Eric Dorland Tue, 30 Aug 2011 03:43:20 -0400 + + gnupg2 (2.0.17-3) unstable; urgency=low + + * debian/rules: Convert the rules file to use the lovely dh format. + * debian/gnupg2.dirs, debian/gnupg-agent.dirs, debian/gpgsm.dirs: Remove + unless dirs files. + * debian/gnupg-agent.lintian-overrides, debian/gnupg2.lintian-overrides, + debian/gpgsm.lintian-overrides: Remove unneeded lintian-overrides files. + + -- Eric Dorland Mon, 14 Feb 2011 03:17:39 -0500 + + gnupg2 (2.0.17-2) unstable; urgency=low + + * debian/control: Add dependency on dpkg (>= 1.15.4) | install-info for + info install trigger. + * debian/control, debian/rules: Use debian build hardening. + + -- Eric Dorland Sun, 13 Feb 2011 16:33:17 -0500 + + gnupg2 (2.0.17-1) unstable; urgency=low + + * New upstream release. (Closes: #584316, #603985, #603983, #603984) + * debian/patches/02-encode-s2k.diff, + debian/patches/03-gpgsm-realloc.diff, debian/patches/series: Drop now + unneeded security patches. + * debian/rules, debian/patches/01-gnupg2-rename.diff, + debian/gnupg2.info, debian/gnupg2.install: No need to rename the info + file anymore. + * debian/patches/01-gnupg2-rename.diff: Rename the autoconf package for + better renaming of pkg directories. (Closes: #579006) + * debian/control, debian/compat: Upgrade to debhelper level 8. + * debian/control: + - Upgrade Standards-Version to 3.9.1. + - Update Build-Depends versions for the latest release. + * debian/gnupg2.install: Add the applygnupgdefaults command. (Closes: + #567537) + * debian/gnupg2.docs: doc/faq.html no longer exists. + + -- Eric Dorland Sun, 13 Feb 2011 16:06:41 -0500 + + gnupg2 (2.0.14-2) unstable; urgency=low + + * debian/*.lintian, debian/*.lintian-overrides, debian/rules: Rename + lintian files and use dh_lintian instead of shell snippets. + * debian/source/patch-header, debian/source/options: Delete patch header + and remove single-debian-patch option. + * debian/patches/01-gnupg2-rename.diff: Move patch to do the necessary + renaming of gnupg -> gnupg2 in a quilt patch. + * debian/patches/02-encode-s2k.diff: Added patch to fix passphrase + problem in gpgsm. Thanks Martijn van Brummelen for the NMU to fix this + problem in 2.0.14-1.1. + * debian/patches/03-gpgsm-realloc.diff: Fix for "Realloc Bug with X.509 + certificates" for gpgsm. (Closes: #590122) + * debian/rules, debian/control: Use dh-autoreconf and autopoint to + regenerate autotools files at build time. + + -- Eric Dorland Sun, 25 Jul 2010 02:16:42 -0400 + + gnupg2 (2.0.14-1) unstable; urgency=low + + * New upstream release. + * debian/control: Build depend on libreadline-dev instead of + libreadline5-dev, since libreadline6-dev is out. (Closes: #548922) + * debian/source/format, debian/source/options, + debian/source/patch-header: Convert to v3 quilt format, with + single-debian-patch. + * debian/control: Tighten dependency on gnupg-agent. (Closes: #551792) + + -- Eric Dorland Sat, 09 Jan 2010 21:15:18 -0500 + + gnupg2 (2.0.13-1) unstable; urgency=low + + * New upstream release. + * debian/control: Depend instead of Recommend gnupg-agent. (Closes: + #538947) + + -- Eric Dorland Mon, 07 Sep 2009 20:38:23 -0400 + + gnupg2 (2.0.12-1) unstable; urgency=low + + * New upstream release. (Closes: #499569, #463270, #446494, #314068, + #519375, #514587) + * debian/control: Change build dependency on gs to ghoscript, since + ghoscript has been replaced. + * debian/compat: Use debhelper v7. + * debian/control: Update Standards-Version to 3.8.2. + * debian/control: Use ${misc:Depends}. + * configure.ac: Override pkgdatadir so that it points to + /usr/share/gnupg2. (Closes: #528734) + * debian/rules: No longer need to specify pkgdatadir at make install + time. + + -- Eric Dorland Sun, 23 Aug 2009 20:48:11 -0400 + + gnupg2 (2.0.11-1) unstable; urgency=low + + * New upstream release. (Closes: #496663) + * debian/control: Make the description a little more distinctive than + gnupg v1's. Thanks Jari Aalto. (Closes: #496323) + + -- Eric Dorland Sun, 08 Mar 2009 22:46:47 -0400 + + gnupg2 (2.0.9-3) unstable; urgency=medium + + * Urgency medium to try to beat the release. + * tools/gpgkey2ssh.c: Patch from Daniel Kahn Gillmor to fix broken ssh + key generation. (Closes: #473841) + + -- Eric Dorland Mon, 21 Jul 2008 03:48:11 -0400 + + gnupg2 (2.0.9-2) unstable; urgency=low + + * The "I've neglected you too long" release. + + * debian/control: + - Add recommends on gnupg-agent for gpgsm and gnupg2, since they need + it under most circumstances. (Closes: #459462, #477691) + - Depend on pinentry instead of recommend, and move pinentry-gtk2 to the + front of the alternatives list. (Closes: #462951) + * keyserver/gpgkeys_curl.c, keyserver/gpgkeys_hkp.c: Fix FTBFS with gcc + 4.3 strictness on bitfields combined with curl. (Closes: #476999) + + -- Eric Dorland Mon, 28 Apr 2008 03:22:20 -0400 + + gnupg2 (2.0.9-1) unstable; urgency=low + + * New upstream release. Fixes CVE-2008-1530, Key import memory corruption. + (Closes: #472928) + * debian/rules: Don't ignore status of make distclean, just check for + the existance of the Makefile. + + -- Eric Dorland Sat, 29 Mar 2008 03:21:21 -0400 + + gnupg2 (2.0.8-1) unstable; urgency=low + + * New upstream release. (Closes: #428635) + * debian/watch: Use passive ftp, ftp.gnupg.org doesn't seem happy + otherwise. (Closes: #456467) + * debian/control: + - Requires libassuan >= 1.0.4 now. + - Remove the XS- prefix from the Vcs-* headers. + - Add Homepage header. + - Upgrade Standards-Version to 3.7.3.0. + - Make gnupg2 optional rather than extra. + - Remove unnecessary conflict on suidmanager. + + -- Eric Dorland Sat, 22 Dec 2007 02:06:42 -0500 + + gnupg2 (2.0.7-1) unstable; urgency=low + + * New upstream release. + * debian/rules: + - Remove unnecessary deletion of the .gmo files. (Closes: #442583) + - Clean out some old comments + * gnupg-agent.xsession: Remove the quotes around --write-env-file + argument. Not ideal, but fine for now. Thanks Luis Rodrigo Gallardo + Cruz. (Closes: #443580) + + -- Eric Dorland Sun, 30 Sep 2007 02:50:40 -0400 + + gnupg2 (2.0.6-1) unstable; urgency=low + + * New upstream release. (Closes: #437289) + * debian/gnupg-agent.xsession: Run the Xsession under the gpg-agent, so + it exits properly when the session dies. (Closes: #401843) + * debian/control: Add XS-Vcs headers for its new git home. + + -- Eric Dorland Mon, 03 Sep 2007 23:29:11 -0400 + + gnupg2 (2.0.5-2) unstable; urgency=low + + * The "Ubuntu, I would have done it had you only asked" release. + + * debian/copyright: Fix download location. Thanks Ubuntu. + * debian/README.Debian: Remove, doesn't contain any relevant info. + * debian/rules: + - Build with --sysconfdir=/etc, thanks Bernhard Herzog. (Closes: #434790) + - Run dh_installexamples. + - Don't list the docs to install in here. + * debian/gnupg2.examples: New file, install gpgconf.conf as an example + into /usr/share/doc. Hope this is a good compromise Bernhard. (Closes: + #434878) + * debian/control: + - Remove opensc and pcsc-lite build dependencies, they're not used anymore. + - Add libcurl4-gnutls-dev build dep, to use the real curl. + * g10/call-agent.c: set DBG_ASSUAN to 0 to suppress a debug + message. Thanks Ubuntu. + * debian/gnupg2.docs, debian/gpgsm.docs: Move installed docs in here, + add some new docs. Thanks Ubuntu. + * debian/rules, debian/gnupg-agent.install: Build symcryptrun and install it + in the gnupg-agent package. Thanks Bernhard Herzog. (Closes: #434787) + * debian/rules, debian/control: Only recommend libldap, don't depend on + it.Thanks Riku. (Closes: #435138) + + -- Eric Dorland Thu, 16 Aug 2007 22:24:16 -0400 + + gnupg2 (2.0.5-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Add watch file. + * debian/control: + - Require libassuan 1.0.2 or greater. + - Require libksba 1.0.2 or greater. + - Don't recommend plain gpg anymore. + * debian/copyright: Update copyright text for GPL v3 relicensing. + * docs/scdaemon.texi: Remove old --print-atr documentation. Thanks + Ludovic Rousseau. (Closes: #404128) + + -- Eric Dorland Sun, 22 Jul 2007 16:03:32 -0400 + + gnupg2 (2.0.4-1) unstable; urgency=low + + * New upstream release. + + -- Eric Dorland Fri, 11 May 2007 00:41:01 -0400 + + gnupg2 (2.0.3-1) unstable; urgency=high + + * New upstream release. + - Fixes multoiple messages problem aka CVE-2007-1263. + + -- Eric Dorland Fri, 9 Mar 2007 03:28:53 -0500 + + gnupg2 (2.0.2-1) unstable; urgency=high + + * New upstream release. (Closes: #409559) + * Thanks Andreas Barth for NMUs. (Closes: #400777, #401895, #401913) + * debian/gpgsm.install: pcsc-wrapper renamed to gnupg-pcsc-wrapper. + + -- Eric Dorland Mon, 19 Feb 2007 20:34:52 -0500 + + gnupg2 (2.0.0-5) unstable; urgency=high + + * debian/control: Remove unnecessary dependencies on makedev and + udev. Thanks Marco d'Itri. + * doc/gnupg.texi, debian/gnupg2.info, debian/rules: Set the output file + to gnupg2.info, and use that for the index. (Closes: #398493) + + -- Eric Dorland Fri, 24 Nov 2006 02:23:35 -0500 + + gnupg2 (2.0.0-4) unstable; urgency=medium + + * debian/control: Update forgotten replaces for pcsc-wrapper move. + + -- Eric Dorland Mon, 20 Nov 2006 23:02:25 -0500 + + gnupg2 (2.0.0-3) unstable; urgency=medium + + * debian/control: Remove warning about development, thanks Gonzalo + HIGUERA DIAZ. (Closes: #399551) + + -- Eric Dorland Mon, 20 Nov 2006 14:32:33 -0500 + + gnupg2 (2.0.0-2) unstable; urgency=medium + + * All packaging fixes, so urgency medium to beat the freeze. + * debian/distfiles, debian/lintian.override, debian/point-to-info.1: + Remove unused files. + * debian/gnupg2.info, debian/rules, gnupg2.files: Install all the info + files properly. (Closes: #398493) + * debian/rules: + - Remove some unnecessary autotools build rules. + - Move some of make install targets more correctly to the + configure line. + * debian/*.files, debian/rules: Rename *.files to .install and use + dh_install nstead of dh_movefiles. + * debian/gnupg-agent.xsession: Account for spaces in the configuration + file, thanks Artem Zolochevskiy. (Closes: #352326) + * debian/control: + - Adjust build-dependency versions slightly to match what the + configure scipt requires. + - Update Standards-Version to 3.7.2.2. + * debian/gpgsm.install, debian/gnupg2.install: Install the pcsc-wrapper + in gpgsm. (Closes: #353232) + * debian/gpgsm.install, debian/rules: Install gpg-protect-tool into + /usr/libb/gnupg2. + + -- Eric Dorland Sun, 19 Nov 2006 18:03:39 -0500 + + gnupg2 (2.0.0-1) unstable; urgency=medium + + * New upstream release. (Closes: #398215) + * common/estream.c: #define PTH_SYSCALL_SOFT 0 as suggested by Daniel Hess. + + -- Eric Dorland Sun, 12 Nov 2006 23:52:59 -0500 + + gnupg2 (1.9.94-1) unstable; urgency=low + + * New upstream release. + + -- Eric Dorland Thu, 2 Nov 2006 16:06:30 -0500 + + gnupg2 (1.9.93-1) unstable; urgency=medium + + * New upstream release. Urgency medium to try to beat the freeze. Thanks + to Andreas Metzler for getting this package into shape. + + -- Eric Dorland Wed, 25 Oct 2006 00:41:15 -0400 + + gnupg2 (1.9.91-0.1) unstable; urgency=low + + * New upstream version, built against clean upstream tarball. + (Closes: #378489,#388257) + * bump Build-Depends: + - libgpg-error-dev 0.6 -> 1.4 + - libassuan-dev 0.6.10 -> 0.9.1 + - libksba-dev 0.9.13 -> 1.0.0 (closes: #368552) + * Add libreadline5-dev to Build-Depends. + * Pass proper --build and --host args to ./configure. + * configure with --mandir='$${prefix}/share/man'. + * Add $(LIBINTL) to gpgsplit_LDADD in tools/Makefile.am. + * New upstream includes a lot more manpages, ship them. + (Closes: #300129,#300677) + gpg-agent(1) documents ~/gpg-agent.conf. (Closes: #300676) + * Update debian/copyright. + * Drop gnupg2.postinst gnupg2.postrm postinst postrm. They all only consited + of calls to suidregister for /usr/bin/gpg" or "chmod 4755 /usr/bin/gpg". + suidregister has been obsolete for a long time and /usr/bin/gpg is not + part of these packages. - If /usr/bin/gpg(v)2 was supposed to be installed + suid it should be shipped with these permissions in the deb instead + using chmod in postinst anyway. + * Drop preinst (ending up as gnupg-agent's preinst), which only showed + a warning on upgrades from <<0.3.2-1. - There never was a gnupg-agent + 0.3.2-1. + * Add (noop) binary-indep target as required by policy 4.9. + + -- Andreas Metzler Sun, 8 Oct 2006 07:51:44 +0000 + + gnupg2 (1.9.20-2) unstable; urgency=high + + * debian/control: Make myself the maintainer with Matthias' permission. + * Acknowledge NMU. (Closes: #375053, #376755) + * g10/parse-packet.c: Patch from Martin Schulze to backport security fix + for CVE-2006-3746, crash when receiving overly long comments. + + -- Eric Dorland Fri, 4 Aug 2006 18:11:43 -0400 + + gnupg2 (1.9.20-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Adapt patch from upstream CVS, fixing buffer overflow leading to remote + DoS/crash (CVE-2006-3082). (Closes: #375053) + + -- Steinar H. Gunderson Tue, 4 Jul 2006 20:37:43 +0200 + + gnupg2 (1.9.20-1) unstable; urgency=low + + * New Upstream version. Closes:#306890,#344530 + * Closes:#320490: gpg-protect-tool fails to decrypt PKCS-12 files + * Depend on libopensc2-dev, not -1-. Closes:#348106 + + -- Matthias Urlichs Tue, 24 Jan 2006 04:31:42 +0100 + + gnupg2 (1.9.19-2) unstable; urgency=low + + * Convert debian/changelog to UTF-8. + * Put gnupg-agent and gpgsm lintian overrides in the respectively + right package. Closes: #335066 + * Added debhelper tokens to maintainer scripts. + * xsession fixes: + o Added host name to gpg-agent PID file name. Closes: #312717 + o Fixed xsession script to be able to run under zsh. Closes: #308516 + o Don't run gpg-agent if one is already running. Closes: #336480 + * debian/control: + o Fixed package description of gpgsm package. Closes: #299842 + o Added mention of gpg-agent to description of gnupg-agent package. + Closes: #304355 + * Thanks to Peter Eisentraut for all of the above. + + -- Matthias Urlichs Thu, 8 Dec 2005 22:13:21 +0100 + + gnupg2 (1.9.19-1) unstable; urgency=low + + * Merged with 1.9.19. + * Re-enable gpgv2 package. + + -- Matthias Urlichs Sat, 22 Oct 2005 14:33:33 +0200 + + gnupg2 (1.9.17-1) unstable; urgency=low + + * Merged with Upstream 1.9.17. + + -- Matthias Urlichs Mon, 4 Jul 2005 01:56:43 +0200 + + gnupg2 (1.9.15-6) unstable; urgency=high + + * Move gpg-protect-tool to the gpgsm package. + Closes: #303492. + High urgency because this renders gpgsm unuseable for some people. + * gpg-agent: Override max-cache-ttl if a higher default is set. + Closes: #302692. + + -- Matthias Urlichs Thu, 7 Apr 2005 10:13:19 +0200 + + gnupg2 (1.9.15-5) unstable; urgency=low + + * Add /etc/X11/Xsession.d/90gpg-agent script. Closes: #300128. + * Emphasize that gnupg2 is NOT useful at the moment. + * Conflict+replace gpg-agent with newpg. + + -- Matthias Urlichs Thu, 10 Mar 2005 22:46:10 +0100 + + gnupg2 (1.9.15-4) unstable; urgency=low + + * Incorporated Ubuntu changes from Andreas Mueller. + + -- Matthias Urlichs Thu, 10 Mar 2005 21:41:59 +0100 + + gnupg2 (1.9.15-3ubuntu3) hoary; urgency=low + + * removed info file + + -- Andreas Mueller Tue, 8 Mar 2005 01:58:39 +0100 + + gnupg2 (1.9.15-3ubuntu2) hoary; urgency=low + + * changed rules file, part cp gnupg.info to mv + and added dh_installinfo. + * changed Standards Version to 3.6.1 + + -- Andreas Mueller Tue, 8 Mar 2005 00:53:31 +0100 + + gnupg2 (1.9.15-3ubuntu1) hoary; urgency=low + + * added missing build depends texinfo + + -- Andreas Mueller Mon, 7 Mar 2005 22:47:56 +0100 + + gnupg2 (1.9.15-2) hoary; urgency=low + + * Initial checkin + + -- Andreas Mueller Mon, 7 Mar 2005 21:13:32 +0100 + + gnupg2 (1.9.15-1) experimental; urgency=low + + * New Upstream release. + * Removed -doc package: + - The package itself is too smal to merit being packaged separately. + - Interim solution: Documentation is included in the gnupg2 package. + - Goal: ask Upstream to split the .info file. + * Removed suidness. + * Update debian/copyright. + * Require libassuan >= 0.6.9. + + -- Matthias Urlichs Tue, 25 Jan 2005 08:19:15 +0100 + + gnupg2 (1.9.11+cvs20040924-5) experimental; urgency=low + + * Rebuild to depend on opensc1. + * Split -doc into its own package. + + -- Matthias Urlichs Thu, 16 Dec 2004 10:30:44 +0100 + + gnupg2 (1.9.11+cvs20040924-4) experimental; urgency=low + + * Turn on setuid-ness. + - Added Lintian overrides. + * Install all "standard" message files. + - Makefile.in: The package name for gettext is in the macro PACKAGE_GT, + not PACKAGE. + * Fix shebang line of addgnupghome script. + * Install info file in the correct place. + * Build cleanups. + + -- Matthias Urlichs Tue, 5 Oct 2004 10:59:56 +0200 + + gnupg2 (1.9.11+cvs20040924-3) experimental; urgency=low + + * rename gnupg-agent's changelog file + * Fix gnupg-agent's dependencies + + -- Matthias Urlichs Sun, 3 Oct 2004 20:14:30 +0200 + + gnupg2 (1.9.11+cvs20040924-2) experimental; urgency=low + + * Shipped a /usr/share/locale.alias file. Ouch. + * Split off gpgsm. + + -- Matthias Urlichs Wed, 29 Sep 2004 10:25:51 +0200 + + gnupg2 (1.9.11+cvs20040924-1) experimental; urgency=low + + * New Upstream. + + -- Matthias Urlichs Sat, 25 Sep 2004 11:05:44 +0200 + + gnupg2 (1.9.10+cvs-1) experimental; urgency=low + + * Packaged latest Upstream version. + * Split gpg-agent into its own .deb. + * Bit the bullet and started using debhelper. + + -- Matthias Urlichs Thu, 19 Aug 2004 11:43:34 +0200 + + gnupg2 (1.9.9-1) experimental; urgency=low + + * Packaged latest Upstream version. + + -- Matthias Urlichs Mon, 14 Jun 2004 17:18:18 +0200 + + gnupg2 (1.9.5-1) experimental; urgency=low + + * Packaged Upstream development version. + Closes:#187548 + + -- Matthias Urlichs Mon, 8 Mar 2004 05:30:35 +0100 + + gnupg (1.2.4-4) unstable; urgency=low + + * 12_zero_length_header.dpatch: update patch from David Shaw + to fix the fix of crashing on certain + keys. Closes: #234289 + + -- James Troup Mon, 23 Feb 2004 18:02:20 +0000 + + gnupg (1.2.4-3) unstable; urgency=low + + * Move to dpatch; existing non-debian/ change split into + 10_hppa_unaligned_constant.dpatch. + + * debian/rules: include /usr/share/dpatch/dpatch.make. + * debian/rules (build): depend on patch-stamp. + * debian/rules (clean): depend on unpatch. Remove debian/patched. + * debian/control (Build-Depends): add dpatch. + + * debian/rules: update version number and use install_foo convenience + variables. + * debian/rules (clean): remove emacs backup files from any directory. + + * 11_fi_po_update.dpatch: new patch from Tommi Vainikainen + to update Finnish translation as the current one + renders gnupg unusable. Closes: #232030, #222951, #192582 + * debian/rules (clean): remove po/fi.gmo to avoid dpkg-source errors + over unrepresentable changes to source. + + * 12_zero_length_header.dpatch: new patch from David Shaw + to fix cases where importing certain keys + makes the keyring unuseable. Closes: #232714 + + * 13_revoked_keys.dpatch: new patch from David Shaw + to list revoked keys as revoked. Closes: #231814 + + * 14_getkey_not_found_fix.dpatch: new patch from David Shaw + to fix --list-sigs incorrectly claiming "User + id not found". Closes: #229549 + + -- James Troup Fri, 20 Feb 2004 16:38:12 +0000 + + gnupg (1.2.4-2) unstable; urgency=low + + * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones + to fix unaligned constant. Closes: #228456 + * debian/copyright: update year and version number. + + -- James Troup Tue, 20 Jan 2004 17:19:58 +0000 + + gnupg (1.2.4-1) unstable; urgency=medium + + * New upstream release. + * Most support for ElGamal Sign+Encrypt keys has been removed. Closes: #222293 + * No longer miss-identifies GNU/KFreeBSD as GNU/Hurd. Closes: #216957 + * Fixes build error on GNU/KFreeBSD (and Glibc-based GNU/KNetBSD). Closes: #221079 + * Fixes segmentation fault in prime generator. Closes: #213989 + * Fixes trustdb not updating without ultimately trusted keys. Closes: #222368 + + * debian/control (Build-Depends): add libbz2-dev. + + -- James Troup Wed, 31 Dec 2003 17:57:52 +0000 + + gnupg (1.2.3-1) unstable; urgency=low + + * New upstream release (Closes: #207340). + * gpg no longer kills keyrings by importing broken keys. Closes: #196505 + * options.skel uses subkeys.pgp.net instead of pgp.mit.edu. Closes: #206092 + * --import now closes files when it's done. Closes: #196643 + * A key listing speed regression has been fixed. Closes: #192083 + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + * debian/control (Standards-Version): bump to 3.6.0. + + * debian/Upgrading_From_PGP.txt: new file from to Richard Braakman + . Closes: #173233 + * debian/rules (binary-arch): install it. + + * debian/rules (build): correct libexecdir passed to configure; patch + from Matthias Cramer . Fixes invocation of + gpgkeys_ldap. Closes: #168486 + + -- James Troup Thu, 28 Aug 2003 14:08:50 +0100 + + gnupg (1.2.2-1) unstable; urgency=low + + * New upstream release. + * debian/control (Standards-Version): bump to 3.5.9.0. + * debian/rules (binary-arch): install convert-from-106 as + gpg-convert-from-106 and fix the path to gpg. + * debian/control: remove trailing full stop from short description. + * debian/control: remove out-dated and contradictory information about + RSA. + + -- James Troup Mon, 5 May 2003 03:08:58 +0100 + + gnupg (1.2.1-2) unstable; urgency=low + + * Update config.guess (to 2002-10-21) and config.sub (to 2002-09-05). + Thanks to Ryan Murray. Closes: #166696 + + -- James Troup Mon, 28 Oct 2002 01:47:26 +0000 + + gnupg (1.2.1-1) unstable; urgency=low + + * New upstream version. + * An inifinte loop in --update-trustdb has been fixed. Closes: #162039 + * The polish translation is now correctly specified as UTF-8. Closes: #162885 + * --refresh-keys is now documented in the manpage. Closes: #165566 + * debian/control (Conflicts): add gpg-idea <= 2.2 since gnupg >= 1.2 is + incompatible with that version of gpg-idea. Closes: #162314 + + -- James Troup Fri, 25 Oct 2002 18:18:43 +0100 + + gnupg (1.2.0-1) unstable; urgency=low + + * New upstream version. Closes: #161817. + * --options no longer mis-handles a directory as an argument. Closes: #151973 + * gpg now prompts before sending all keys to the keyserver. Closes: #64607 + * There is now a gnupg(7) manpage. Closes: #157750 + * The permission checking has been sanitized and handles non-home-dir + keyrings better. Closes: #147760 + * notation data longer than 5 characters is now handled. Closes: #156871 + * an abort when setting trust levels in a czech locale has been fixed. + Closes: #149212 + * debian/rules (binary-arch): there are no more modules, adjust + accordingly. + * debian/postinst, debian/prerm: remove; no longer do /usr/doc symlinks. + * debian/rules (binary-arch): don't install obsolete postinst or prerm. + * debian/rules (binary-arch): gzip gnupg.7 too. + * debian/rules (build): pass --libexecdir=/usr/lib/gnupg to configure. + * debian/rules (binary-arch): likewise, pass suitable libexcedir + argument to make install. + * debian/control (Standards-Version): update to 3.5.7.0. + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + -- James Troup Sun, 22 Sep 2002 22:26:25 +0100 + + gnupg (1.0.7-2) unstable; urgency=low + + * debian/control (Suggests): add xloadimage since that's what gpg uses + by default to view photo IDs. Thanks to Julien Danjou + for the suggestion. Closes: #156245 + * debian/control (Depends): add "hurd" to the alternatives to + makedev. Thanks to Michal Suchanek for + noticing. Closes: #158492 + * po/it.po: patch to fix typos from Marco Bodrato + Thu, 29 Aug 2002 01:42:58 +0100 + + gnupg (1.0.7-1) unstable; urgency=low + + * New upstream version. Closes: #145477. + * GDBM support has been removed. Closes: #33009. + * Now adds the default keyring when a keyring is specified. + Closes: #50616, #65260. + * Now does the Right Thing when receiving a key from the keyserver and + the key in question is in both a read-only and writable keyring. + Closes: #63297. + * Automatic key retrieval is now configurable. Closes: #64940. + * --no-options supresses ~/.gnupg creation again. Closes: #95486. + * duplicate trust entries are no longer treated as an error. Closes: #96480. + * There's now no comment line in ascii armours. Closes: #100088. + * Handle secret keyring given as keyring better. Closes: #100581, #106670. + * It's now documented that --with-colons unconditionally uses UTF8. + Closes: #101446, 101454. + * s/now/knows/ typo in manpage fixed. Closes: #107471. + * There's now support for a primary UID. Closes: #106567, #108155. + * Handles errors in uncompression layer beter. Closes: #112392. + * Key selection has been entirely revamped. Closes: #136170. + * Handles empty encrypt-to. Closes: #138378 + + * debian/rules (binary-arch): remove empty /usr/info directory, thanks + to Joey Hess . Closes: #121864. + * debian/control: remove duplicated word from long description, thanks + to Nicolas Boulenguez . Closes: #144786. + * README: correct URL to GPH and other docs, thanks to Mark Brown + . Closes: #100277. + * debian/control (Standards-Version): updated to 3.5.6.1. + * debian/rules (binary-arch): only strip ELF binaries. es_ES -> es hack + no longer needed as fixed upstream. + * debian/control (Build-Depends): remove libgdbmg1-dev; no longer used. + * debian/README.Debian: remove note about gdbm support which was finally + removed. Update note on old versions of gnupg to reflect the + pre-historic nature of those versions. + * debian/control (Build-Depends): add libldap2-dev. + * debian/rules (binary-arch): call dpkg-shlibdeps for all ELF binaries. + * debian/control (Build-Depends): add file. + * debian/control (Priority): increase to standard to match overrides. + + -- James Troup Sat, 11 May 2002 15:08:02 +0100 + + gnupg (1.0.6-3) unstable; urgency=low + + * moved into main. + + -- James Troup Tue, 19 Mar 2002 16:17:09 +0000 + + gnupg (1.0.6-2) unstable; urgency=high + + * debian/rules (binary-arch): remove the erroneous + /usr/share/locale/locale.alias that 'make install' adds; closes: + #99293. + + -- James Troup Wed, 30 May 2001 20:40:59 +0100 + + gnupg (1.0.6-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 29 May 2001 20:59:49 +0100 + + gnupg (1.0.5-4) unstable; urgency=low + + * Patch from Werner. + + -- James Troup Sun, 27 May 2001 09:34:50 +0100 + + gnupg (1.0.5-3) unstable; urgency=low + + * Apply patch from Matthew Wilcox to fix assembly on + hppa. + + -- James Troup Sun, 13 May 2001 02:36:45 +0100 + + gnupg (1.0.5-2) unstable; urgency=medium + + * util/http.c: patch from Werner that fixes --send-key, closes: #96277. + * debian/control (Depends): accept devfsd in place of makedev, closes: + #96307. + + -- James Troup Mon, 7 May 2001 00:13:51 +0100 + + gnupg (1.0.5-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: fix spelling and update URL. + * debian/rules (binary): remove the new info files. + * scripts/config.{guess,sub}: sync with subversions, closes: #95729. + + -- James Troup Mon, 30 Apr 2001 02:12:38 +0100 + + gnupg (1.0.4-4) unstable; urgency=low + + * po/ru.po: patch by Ilya Martynov to replace German + entries and add missing translations, closes: #93987. + * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no + longer/g); noticed by Colin Watson , closes: + #93664. + + * Deprecated depreciated; noticed by Vincent Broman + . + + * Following two patches are from Vincent Broman. + * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference + to iobuf_get_fname(). + * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly. + + -- James Troup Fri, 20 Apr 2001 23:32:44 +0100 + + gnupg (1.0.4-3) unstable; urgency=medium + + * debian/rules (binary): make gpg binary suid, closes: #86433. + * debian/postinst: don't use suidregister. + * debian/postrm: removed (only called suidunregister). + * debian/control: conflict with suidmanager << 0.50. + * mpi/longlong.h: apply fix for ARM long long artimetic from Philip + Blundell , closes: #87487. + * debian/preinst: the old GnuPG debs have moved to people.debian.org. + * cipher/random.c: #include as well as + * g10/misc.c: likewise. + * debian/rules: define a strip alias which removes the .comment and + .note sections. + * debian/rules (binary-arch): use it. + * debian/lintian.override: new file; override the SUID warning from + lintian. + * debian/rules (binary-arch): install it. + + -- James Troup Sun, 25 Feb 2001 05:24:58 +0000 + + gnupg (1.0.4-2) stable unstable; urgency=high + + * Apply security fix patch from Werner. + * Apply another patch from Werner to fix bogus warning on Rijndael + usage. + * Change section to 'non-US'. + + -- James Troup Mon, 12 Feb 2001 07:47:02 +0000 + + gnupg (1.0.4-1) stable unstable; urgency=high + + * New upstream version. + * Fixes a serious bug which could lead to false signature verification + results when more than one signature is fed to gpg. + + -- James Troup Tue, 17 Oct 2000 17:26:17 +0100 + + gnupg (1.0.3b-1) unstable; urgency=low + + * New upstream snapshot version. + + -- James Troup Fri, 13 Oct 2000 18:08:14 +0100 + + gnupg (1.0.3-2) unstable; urgency=low + + * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref. + Fix long description to reflect the fact that RSA is no longer + patented and now included. [#72177] + * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ + from /usr/share/gnupg/. Thanks to Robert Luberda + for noticing. [#72151] + * debian/control: Suggest new package gnupg-doc. [#64323, #65560] + * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM, + as Linux will do this if resource limits (or other reasons) prevent + memory from being locked, instead treat it like permission was denied + and warn but continue. Thanks to Topi Miettinen + . [#70446] + * g10/hkp.c (not_implemented): s/ist/is/ in error message. + * debian/README.Debian: add a note about GDBM support and why it is + disabled. Upstream already fixed the manpage. [#65913] + * debian/rules (binary-arch): fix the Spanish translation to be 'es' not + 'es_ES' at Nicolás Lichtmaier 's request. [#57314] + + -- James Troup Sun, 1 Oct 2000 14:55:03 +0100 + + gnupg (1.0.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 18 Sep 2000 15:56:54 +0100 + + gnupg (1.0.2-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Thu, 13 Jul 2000 20:26:50 +0100 + + gnupg (1.0.1-2) unstable; urgency=low + + * debian/control (Build-Depends): added. + * debian/copyright: corrected location of copyright file. Removed + references to Linux. Removed warnings about beta nature of GnuPG. + * debian/rules (binary-arch): install documentation into + /usr/share/doc/gnupg/ and pass mandir to make install to ensure the + manpages go to /usr/share/man/. + * debian/postinst: create /usr/doc/gnupg symlink. + * debian/prerm: new file; remove /usr/doc/gnupg symlink. + * debian/rules (binary-arch): install prerm. + * debian/control (Standards-Version): updated to 3.1.1.1. + + -- James Troup Thu, 30 Dec 1999 16:16:49 +0000 + + gnupg (1.0.1-1) unstable; urgency=low + + * New upstream version. + * doc/gpg.1: updated to something usable from + ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz. + + -- James Troup Sun, 19 Dec 1999 23:47:10 +0000 + + gnupg (1.0.0-3) unstable; urgency=low + + * debian/rules (build): remove the stunningly ill-advised --host option + to configure. [#44698, #48212, #48281] + + -- James Troup Tue, 26 Oct 1999 01:12:59 +0100 + + gnupg (1.0.0-2) unstable; urgency=low + + * debian/rules (binary-arch): fix the permissions on the + modules. [#47280] + * debian/postinst, debian/postrm: fix the package name passed to + suidregister. [#45013] + * debian/control: update long description. [#44636] + * debian/rules (build): pass the host explicitly to configure to avoid + problems on sparc64. [(Should fix) #44698]. + + -- James Troup Wed, 20 Oct 1999 23:39:05 +0100 + + gnupg (1.0.0-1) unstable; urgency=low + + * New upstream release. [#44545] + + -- James Troup Wed, 8 Sep 1999 00:53:02 +0100 + + gnupg (0.9.10-2) unstable; urgency=low + + * debian/rules (binary-arch): install lspgpot. Requested by Kai + Henningsen . [#42288] + * debian/rules (binary-arch): correct the path where modules are looked + for. Reported by Karl M. Hegbloom . [#40881] + * debian/postinst, debian/postrm: under protest, register gpg the + package with suidmanager and make it suid by default. + [#29780,#32590,#40391] + + -- James Troup Tue, 10 Aug 1999 00:12:40 +0100 + + gnupg (0.9.10-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Fri, 6 Aug 1999 01:16:21 +0100 + + gnupg (0.9.9-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sun, 25 Jul 1999 01:06:31 +0100 + + gnupg (0.9.8-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): don't create a gpgm manpage as the binary + no longer exists. Noticed by Wichert Akkerman + . [#38864] + + -- James Troup Sun, 27 Jun 1999 01:07:58 +0100 + + gnupg (0.9.7-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 25 May 1999 13:23:24 +0100 + + gnupg (0.9.6-1) unstable; urgency=low + + * New upstream version. + * debian/copyright: update version number, noticed by Lazarus Long + . + * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure + that /dev/urandom exists; reported by Steffen Markert + . [#32076] + + -- James Troup Tue, 11 May 1999 21:06:27 +0100 + + gnupg (0.9.5-1) unstable; urgency=low + + * New upstream version. + * debian/control (Description): no tabs. [Lintian] + + -- James Troup Wed, 24 Mar 1999 22:37:40 +0000 + + gnupg (0.9.4-1) unstable; urgency=low + + * New version. + * debian/control: s/GNUPG/GnuPG/ + + -- Werner Koch Mon, 8 Mar 1999 19:58:28 +0100 + + gnupg (0.9.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 22 Feb 1999 22:55:04 +0000 + + gnupg (0.9.2-1) unstable; urgency=low + + * New version. + * debian/rules (build): Removed CFLAGS as the default is now sufficient. + * debian/rules (clean): remove special handling cleanup in intl. + + -- Werner Koch Wed, 20 Jan 1999 21:23:11 +0100 + + gnupg (0.9.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 9 Jan 1999 22:29:11 +0000 + + gnupg (0.9.0-1) unstable; urgency=low + + * New upstream version. + * g10/armor.c (armor_filter): add missing new line in comment string; as + noticed by Stainless Steel Rat . + + -- James Troup Tue, 29 Dec 1998 20:22:43 +0000 + + gnupg (0.4.5-1) unstable; urgency=low + + * New upstream version. + * debian/rules (clean): force removal of intl/libintl.h which the + Makefiles fail to remove properly. + + -- James Troup Tue, 8 Dec 1998 22:40:23 +0000 + + gnupg (0.4.4-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 21 Nov 1998 01:34:29 +0000 + + gnupg (0.4.3-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: new file; contains same information as is in the + preinst. Suggested by Wichert Akkerman . + * debian/rules (binary-arch): install `README.Debian' + * debian/control (Standards-Version): updated to 2.5.0.0. + + -- James Troup Sun, 8 Nov 1998 19:08:12 +0000 + + gnupg (0.4.2-1) unstable; urgency=low + + * New upstream version. + * debian/preinst: improve message about the NEWS file which isn't + actually installed when it's referred to, thanks to Martin Mitchell + . + * debian/rules (binary-arch): don't install the now non-existent `rfcs', + but do install `OpenPGP'. + + -- James Troup Sun, 18 Oct 1998 22:48:34 +0100 + + gnupg (0.4.1-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): fix the gpgm manpage symlink now installed + by `make install'. + + -- James Troup Sun, 11 Oct 1998 17:01:21 +0100 + + gnupg (0.4.0-1) unstable; urgency=high + + * New upstream version. [#26717] + * debian/copyright: tone down warning about alpha nature of gnupg. + * debian/copyright: new maintainer address. + * debian/control: update extended description. + * debian/rules (binary-arch): install FAQ and all ChangeLogs. + * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about + incompatibilities in keyring format and offer to move old copy out of + gpg out of the way for transition strategy and inform the user about + the old copies of gnupg available on my web page. + * debian/rules (binary-arch) install preinst. + * debian/rules (binary-arch): don't depend on the test target as it is + now partially interactive (tries to generate a key, which requires + someone else to be using the computer). + + -- James Troup Thu, 8 Oct 1998 00:47:07 +0100 + + gnupg (0.3.2-1) unstable; urgency=low + + * New upstream version. + * debian/control (Maintainer): new address. + * debian/copyright: updated list of changes. + + -- James Troup Thu, 9 Jul 1998 21:06:07 +0200 + + gnupg (0.3.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 7 Jul 1998 00:26:21 +0200 + + gnupg (0.3.0-2) unstable; urgency=low + + * Applied bug-fix patch from Werner. + + -- James Troup Fri, 26 Jun 1998 12:18:29 +0200 + + gnupg (0.3.0-1) unstable; urgency=low + + * New upstream version. + * debian/control: rewrote short and long description. + * cipher/Makefile.am: link tiger with -lc. + * debian/rules (binary-arch): strip loadable modules. + * util/secmem.c (lock_pool): get rid of errant test code; fix from + Werner Koch . + * debian/rules (test): new target which runs gnupg's test suite. + binary-arch depends on it, to ensure it's run whenever the package is + built. + + -- James Troup Thu, 25 Jun 1998 16:04:57 +0200 + + gnupg (0.2.19-1) unstable; urgency=low + + * New upstream version. + * debian/control: Updated long description. + + -- James Troup Sat, 30 May 1998 12:12:35 +0200 + + gnupg (0.2.18-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 16 May 1998 11:52:47 +0200 + + gnupg (0.2.17-1) unstable; urgency=high + + * New upstream version. + * debian/control (Standards-Version): updated to 2.4.1.0. + * debian/control: tone down warning about alpha nature of gnupg, as per + README. + * debian/copyright: ditto. + + -- James Troup Mon, 4 May 1998 22:36:51 +0200 + + gnupg (0.2.15-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Fri, 10 Apr 1998 01:12:20 +0100 + + gnupg (0.2.13-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Wed, 11 Mar 1998 01:52:51 +0000 + + gnupg (0.2.12-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 7 Mar 1998 13:52:40 +0000 + + gnupg (0.2.11-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Wed, 4 Mar 1998 01:32:12 +0000 + + gnupg (0.2.10-1) unstable; urgency=low + + * New upstream version. + * Name changed upstream. + + -- James Troup Mon, 2 Mar 1998 07:32:05 +0000 + + g10 (0.2.7-1) unstable; urgency=low + + * Initial release. + + -- James Troup Fri, 20 Feb 1998 02:05:34 +0000 diff --combined debian/clean index 0000000,922f2c9..922f2c9 mode 000000,100644..100644 --- a/debian/clean +++ b/debian/clean @@@ -1,0 -1,8 +1,8 @@@ + po/*.gmo + po/stamp-po + build-gpgv-static/ + build-gpgv-udeb/ + build-gpgv-win32/ + doc/gnupg.info + doc/gnupg.info-1 + doc/gnupg.info-2 diff --combined debian/compat index 0000000,ec63514..ec63514 mode 000000,100644..100644 --- a/debian/compat +++ b/debian/compat @@@ -1,0 -1,1 +1,1 @@@ + 9 diff --combined debian/control index 0000000,c976558..c976558 mode 000000,100644..100644 --- a/debian/control +++ b/debian/control @@@ -1,0 -1,323 +1,323 @@@ + Source: gnupg2 + Section: utils + Priority: optional + Maintainer: Debian GnuPG Maintainers + Uploaders: + Eric Dorland , + Daniel Kahn Gillmor , + Standards-Version: 3.9.8 + Build-Depends: + automake, + autopoint, + debhelper (>= 9), + dh-autoreconf, + file, + gettext, + ghostscript, + imagemagick, + libassuan-dev (>= 2.4.3), + libbz2-dev, + libcurl4-gnutls-dev, + libgcrypt20-dev (>= 1.7.0), + libgnutls28-dev (>= 3.0), + libgpg-error-dev (>= 1.24), + libksba-dev (>= 1.3.4), + libldap2-dev, + libnpth0-dev (>= 1.2), + libreadline-dev, + librsvg2-bin, + libsqlite3-dev, + libusb-1.0-0-dev [!hurd-any], + pkg-config, + texinfo, + transfig, + zlib1g-dev | libz-dev, + Build-Depends-Indep: + binutils-multiarch [!amd64 !i386], + libassuan-mingw-w64-dev, + libgcrypt-mingw-w64-dev, + libgpg-error-mingw-w64-dev, + libksba-mingw-w64-dev, + libnpth-mingw-w64-dev, + libz-mingw-w64-dev, + mingw-w64, + Vcs-Git: https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git + Vcs-Browser: https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git + Homepage: https://www.gnupg.org/ + + Package: gnupg-agent + Architecture: any + Multi-Arch: foreign + Depends: + pinentry-curses | pinentry, + ${misc:Depends}, + ${shlibs:Depends}, + Recommends: + gnupg (= ${binary:Version}) | gpgsm, + Suggests: + scdaemon, + Provides: + gpg-agent, + Description: GNU privacy guard - cryptographic agent + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the agent program gpg-agent which handles all + secret key material for OpenPGP and S/MIME use. The agent also + provides a passphrase cache, which is used by pre-2.1 versions of + GnuPG for OpenPGP operations. + + Package: scdaemon + Architecture: any + Multi-Arch: foreign + Depends: + gnupg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, + Enhances: + gnupg-agent, + Description: GNU privacy guard - smart card support + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the smart card program scdaemon, which is used + by gnupg-agent to access OpenPGP smart cards. + + Package: gpgsm + Architecture: any + Multi-Arch: foreign + Depends: + gnupg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, + Recommends: + dirmngr (= ${binary:Version}), + Breaks: + gnupg2 (<< 2.1.10-2), + Replaces: + gnupg2 (<< 2.1.10-2), + Description: GNU privacy guard - S/MIME version + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains the gpgsm program. gpgsm is a tool to provide + digital encryption and signing services on X.509 certificates and the + CMS protocol. gpgsm includes complete certificate management. + + Package: gnupg + Architecture: any + Multi-Arch: foreign + Depends: + gnupg-agent (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends}, + Recommends: + dirmngr (= ${binary:Version}), + gnupg-l10n (= ${source:Version}), + ${shlibs:Recommends}, + Suggests: + parcimonie, + xloadimage, + Breaks: + debsig-verify (<< 0.15), + dirmngr (<< ${binary:Version}), + gnupg2 (<< 2.1.11-7+exp1), + libgnupg-interface-perl (<< 0.52-3), + libgnupg-perl (<= 0.19-1), + libmail-gnupg-perl (<= 0.22-1), + monkeysphere (<< 0.38~), + php-crypt-gpg (<= 1.4.1-1), + python-apt (<= 1.1.0~beta4), + python-gnupg (<< 0.3.8-3), + python3-apt (<= 1.1.0~beta4), + Replaces: + gnupg2 (<< 2.1.11-7+exp1), + Provides: + gpg, + Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This package contains /usr/bin/gpg and some helper utilities like + gpgconf and kbxutil. + + Package: gnupg2 + Architecture: all + Section: oldlibs + Priority: extra + Multi-Arch: foreign + Depends: + gnupg (>= ${source:Version}), + ${misc:Depends}, + Description: GNU privacy guard - a free PGP replacement (dummy transitional package) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC4880. + . + This is a dummy transitional package that provides symlinks from gpg2 + to gpg. + + Package: gpgv + Architecture: any + Priority: important + Multi-Arch: foreign + Depends: + ${misc:Depends}, + ${shlibs:Depends}, + Breaks: + gnupg2 (<< 2.0.21-2), + gpgv2 (<< 2.1.11-7+exp1), + python-debian (<< 0.1.29), + Replaces: + gnupg2 (<< 2.0.21-2), + gpgv2 (<< 2.1.11-7+exp1), + Suggests: + gnupg, + Description: GNU privacy guard - signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is actually a stripped-down version of gpg which is only able + to check signatures. It is somewhat smaller than the fully-blown gpg + and uses a different (and simpler) way to check that the public keys + used to make the signature are valid. There are no configuration + files and only a few options are implemented. + + Package: gpgv2 + Section: oldlibs + Priority: extra + Architecture: all + Multi-Arch: foreign + Depends: + gpgv (>= ${source:Version}), + ${misc:Depends}, + Description: GNU privacy guard - signature verification tool (dummy transitional package) + GnuPG is GNU's tool for secure communication and data storage. gpgv + is a stripped-down version of gpg which is only able to check + signatures. + . + This is a dummy transitional package that provides symlinks from gpgv2 + to gpgv. + + Package: dirmngr + Architecture: any + Depends: + adduser, + lsb-base (>= 3.2-13), + ${misc:Depends}, + ${shlibs:Depends}, + Recommends: + gnupg (= ${binary:Version}), + ${shlibs:Recommends}, + Enhances: + gnupg, + gpgsm, + squid, + Breaks: + gnupg2 (<< 2.1.10-2), + Replaces: + gnupg2 (<< 2.1.10-2), + Suggests: + tor, + Description: GNU privacy guard - network certificate management service + dirmngr is a server for managing and downloading OpenPGP and X.509 + certificates, as well as updates and status signals related to those + certificates. For OpenPGP, this means pulling from the public + HKP/HKPS keyservers, or from LDAP servers. For X.509 this includes + Certificate Revocation Lists (CRLs) and Online Certificate Status + Protocol updates (OCSP). It is capable of using tor for network + access. + . + dirmngr is used for network access by gpg, gpgsm, and dirmngr-client, + among other tools. + + Package: gpgv-udeb + Package-Type: udeb + Section: debian-installer + Priority: extra + Architecture: any + Depends: + ${misc:Depends}, + ${shlibs:Depends}, + Description: minimal signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG's signature verification tool, gpgv, packaged in minimal + form for use in debian-installer. + + Package: gpgv-static + Priority: extra + Architecture: any + Depends: + ${misc:Depends}, + ${shlibs:Depends}, + Recommends: + debian-archive-keyring, + debootstrap, + Description: minimal signature verification tool (static build) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG's signature verification tool, gpgv, built statically + so that it can be directly used on any platform that is running on + the Linux kernel. Android and ChromeOS are two well known examples, + but there are many other platforms that this will work for, like + embedded Linux OSes. This gpgv in combination with debootstrap and + the Debian archive keyring allows the secure creation of chroot + installs on these platforms by using the full Debian signature + verification that is present in all official Debian mirrors. + + Package: gpgv-win32 + Architecture: all + Priority: extra + Multi-Arch: foreign + Depends: + ${misc:Depends}, + Suggests: + wine, + Description: GNU privacy guard - signature verification tool (win32 build) + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is a stripped-down version of gnupg which is only able to check + signatures. It is smaller than the full-blown gnupg and uses a + different (and simpler) way to check that the public keys used to + make the signature are trustworthy. + . + This is a win32 version of gpgv. It's meant to be used by the win32-loader + component of Debian-Installer. + + Package: gnupg-l10n + Architecture: all + Priority: extra + Multi-Arch: foreign + Depends: + ${misc:Depends}, + Enhances: + gnupg, + Breaks: + gnupg (<< 2.1.14-2~), + gnupg2 (<< 2.1.14-2~), + Replaces: + gnupg (<< 2.1.14-2~), + gnupg2 (<< 2.1.14-2~), + Description: GNU privacy guard - localization files + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This package contains the translation files for the use of GnuPG in + non-English locales. diff --combined debian/copyright index 0000000,5676d81..5676d81 mode 000000,100644..100644 --- a/debian/copyright +++ b/debian/copyright @@@ -1,0 -1,233 +1,233 @@@ + Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + Upstream-Name: GnuPG - The GNU Privacy Guard (modern version) + Upstream-Contact: GnuPG development mailing list + Source: https://gnupg.org/download/ + + Files: * + Copyright: 1992, 1995-2016, Free Software Foundation, Inc + License: GPL-3+ + + Files: agent/command.c + agent/command-ssh.c + agent/gpg-agent.c + common/homedir.c + common/sysutils.c + g10/mainproc.c + Copyright: 1998-2007, 2009, 2012, Free Software Foundation, Inc + 2013, Werner Koch + License: GPL-3+ + + Files: autogen.sh + Copyright: 2003, g10 Code GmbH + License: permissive + + Files: common/gc-opt-flags.h + common/i18n.h + tools/clean-sat.c + tools/no-libgcrypt.c + Copyright: 1998-2001, 2003, 2004, 2006, 2007 Free Software Foundation, Inc + License: permissive + + Files: common/localename.c + Copyright: 1985, 1989-1993, 1995-2003, 2007, 2008 Free Software Foundation, Inc. + License: LGPL-2.1+ + + Files: dirmngr/dns.c + dirmngr/dns.h + Copyright: 2008-2010, 2012-2016 William Ahern + License: Expat + + Files: doc/yat2m.c + scd/app-geldkarte.c + Copyright: 2004, 2005, g10 Code GmbH + 2006, 2008, 2009, 2011, Free Software Foundation, Inc + License: GPL-3+ + + Files: scd/ccid-driver.h + scd/ccid-driver.c + Copyright: 2003-2007, Free Software Foundation, Inc + License: GPL-3+ or BSD-3-clause + + Files: tools/rfc822parse.c + tools/rfc822parse.h + Copyright: 1999-2000, Werner Koch, Duesseldorf + 2003-2004, g10 Code GmbH + License: LGPL-3+ + + Files: tools/sockprox.c + Copyright: 2007, g10 Code GmbH + License: GPL-3+ + + Files: doc/OpenPGP + Copyright: 1998-2013 Free Software Foundation, Inc. + 1997, 1998, 2013 Werner Koch + 1998 The Internet Society + License: RFC-Reference + + Files: tests/gpgscm/* + Copyright: 2000, Dimitrios Souflis + 2016, Justus Winter, Werner Koch + License: TinySCHEME + + License: TinySCHEME + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + Neither the name of Dimitrios Souflis nor the names of the + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR + CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + License: permissive + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. + + License: RFC-Reference + doc/OpenPGP merely cites and references IETF Draft + draft-ietf-openpgp-formats-07.txt. This is believed to be fair use; + but if not, it's covered by the source document's license under + the 'comment on' clause. The license statement follows. + . + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph + are included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + . + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + + License: GPL-3+ + GnuPG is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + GnuPG is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + On Debian systems, the full text of the GNU General Public + License version 3 can be found in the file + `/usr/share/common-licenses/GPL-3'. + + License: LGPL-3+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 3 of + the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + . + On Debian systems, the full text of the GNU Lesser General Public + License version 3 can be found in the file + `/usr/share/common-licenses/LGPL-3'. + + License: LGPL-2.1+ + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . + . + On Debian systems, the full text of the GNU Lesser General Public + License version 2.1 can be found in the file + `/usr/share/common-licenses/LGPL-2.1'. + + License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, and the entire permission notice in its entirety, + including the disclaimer of warranties. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote + products derived from this software without specific prior + written permission. + . + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + + License: Expat + Permission is hereby granted, free of charge, to any person obtaining a + copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to permit + persons to whom the Software is furnished to do so, subject to the + following conditions: + . + The above copyright notice and this permission notice shall be included + in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, + DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR + OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE + USE OR OTHER DEALINGS IN THE SOFTWARE. diff --combined debian/dirmngr.NEWS index 0000000,bd0ccb7..bd0ccb7 mode 000000,100644..100644 --- a/debian/dirmngr.NEWS +++ b/debian/dirmngr.NEWS @@@ -1,0 -1,39 +1,39 @@@ + dirmngr (2.1.13-3) experimental; urgency=medium + + gpg and most related processes will auto-launch dirmngr if needed. + + Any user who wants to launch dirmngr manually should do so with: + + gpgconf --launch dirmngr + + and may want to terminate dirmngr when their session ends with: + + gpgconf --kill dirmngr + + Users on machines with systemd can ensure that dirmngr is always + running for their session (and that it gets terminated at logout) + with: + + gpgconf --kill dirmngr + systemctl --user enable dirmngr + systemctl --user start dirmngr + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:55:15 -0400 + + dirmngr (2.1.0~beta895-1) experimental; urgency=medium + + No more dirmngr system service! + =============================== + + As of the 2.1.0 beta series, dirmngr is a local daemon that works + closely with gnupg2. It is launched on its own, per-user, and + listens on a standard socket (usually ~/.gnupg/S.dirmngr). There is + no more system-wide dirmngr process. + + If there is a special case where a dirmngr system process is + actually needed, please report a bug in dirmngr, and we can sort out + a way to set one up for that case so that everyone with dirmngr + installed doesn't need to have it running. + + -- Daniel Kahn Gillmor Tue, 07 Oct 2014 10:33:52 -0400 + diff --combined debian/dirmngr.README.Debian index 0000000,4fd9156..4fd9156 mode 000000,100644..100644 --- a/debian/dirmngr.README.Debian +++ b/debian/dirmngr.README.Debian @@@ -1,0 -1,48 +1,48 @@@ + dirmngr system integration + ========================== + + Since 2.1.x, gpg and most related processes will auto-launch dirmngr + if needed. These auto-launched processes will inherit whatever + environment they started from, and they will not terminate + automatically. + + systemd + ======= + + Users on machines with systemd can ensure that dirmngr is always + running for their session, and that it gets terminated safely at + logout by doing: + + systemctl --user enable dirmngr.socket + + If you do this from the middle of a running session, you probably also + want to clean up any other running dirmngr, and ensure that the + service is started for the current session as well: + + gpgconf --kill dirmngr + systemctl --user start dirmngr.socket + + Manual dirmngr startup + ====================== + + Any user who wants to launch dirmngr manually (e.g., to talk to it + with a tool from outside the GnuPG suite) should do so with: + + gpgconf --launch dirmngr + + You may wish to add this to your session login scripts if you're not + using systemd. + + dirmngr teardown + ================ + + If dirmngr is launched manually or automatically (but not supervised + by systemd), you probably want to ensure that it terminates when your + session ends with: + + gpgconf --kill dirmngr + + You may wish to add this to your session logout scripts if you're not + using systemd. + + -- Daniel Kahn Gillmor , Thu, 27 Oct 2016 12:46:23 -0400 diff --combined debian/dirmngr.docs index 0000000,817be40..817be40 mode 000000,100644..100644 --- a/debian/dirmngr.docs +++ b/debian/dirmngr.docs @@@ -1,0 -1,4 +1,4 @@@ + AUTHORS + NEWS + THANKS + TODO diff --combined debian/dirmngr.install index 0000000,1e77641..1e77641 mode 000000,100644..100644 --- a/debian/dirmngr.install +++ b/debian/dirmngr.install @@@ -1,0 -1,7 +1,7 @@@ + debian/tmp/usr/bin/dirmngr + debian/tmp/usr/bin/dirmngr-client + debian/tmp/usr/lib/gnupg/dirmngr_ldap + debian/tmp/usr/share/gnupg/dirmngr-conf.skel + debian/tmp/usr/share/gnupg/sks-keyservers.netCA.pem + doc/examples/systemd-user/dirmngr.service usr/lib/systemd/user + doc/examples/systemd-user/dirmngr.socket usr/lib/systemd/user diff --combined debian/dirmngr.maintscript index 0000000,aa11aa5..aa11aa5 mode 000000,100644..100644 --- a/debian/dirmngr.maintscript +++ b/debian/dirmngr.maintscript @@@ -1,0 -1,5 +1,5 @@@ + rm_conffile /etc/default/dirmngr + rm_conffile /etc/dirmngr/dirmngr.conf + rm_conffile /etc/dirmngr/ldapservers.conf + rm_conffile /etc/init.d/dirmngr + rm_conffile /etc/logrotate.d/dirmngr diff --combined debian/dirmngr.manpages index 0000000,93702d9..93702d9 mode 000000,100644..100644 --- a/debian/dirmngr.manpages +++ b/debian/dirmngr.manpages @@@ -1,0 -1,2 +1,2 @@@ + debian/tmp/usr/share/man/man1/dirmngr-client.1 + debian/tmp/usr/share/man/man8/dirmngr.8 diff --combined debian/gbp.conf index 0000000,1789fc2..1789fc2 mode 000000,100644..100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@@ -1,0 -1,33 +1,33 @@@ + [DEFAULT] + pristine-tar = True + upstream-vcs-tag = gnupg-%(version)s + + [import-orig] + filter = [ + 'aclocal.m4', + 'build-aux/compile', + 'build-aux/config.rpath', + 'build-aux/depcomp', + 'build-aux/install-sh', + 'build-aux/missing', + 'build-aux/mkinstalldirs', + 'build-aux/texinfo.tex', + 'config.h.in', + 'configure', + 'doc/gnupg.info*', + 'INSTALL', + 'm4/intdiv0.m4', + 'm4/intl.m4', + 'm4/lock.m4', + 'm4/printf-posix.m4', + 'm4/size_max.m4', + 'm4/uintmax_t.m4', + 'm4/wint_t.m4', + '*/*/Makefile.in', + '*/Makefile.in', + 'Makefile.in', + 'po/*.gmo', + 'po/Makefile.in.in', + 'po/stamp-po', + ] + filter-pristine-tar = False diff --combined debian/gnupg-agent.NEWS index 0000000,72cdeb4..72cdeb4 mode 000000,100644..100644 --- a/debian/gnupg-agent.NEWS +++ b/debian/gnupg-agent.NEWS @@@ -1,0 -1,9 +1,9 @@@ + gnupg-agent (2.1.13-3) experimental; urgency=medium + + gpg-agent is no longer auto-launched by + /etc/X11/Xsession.d/90gpg-agent. Please read + /usr/share/doc/gnupg-agent/README.Debian for details about system + integration. + + -- Daniel Kahn Gillmor Tue, 28 Jun 2016 17:29:46 -0400 + diff --combined debian/gnupg-agent.README.Debian index 0000000,dd4e51a..dd4e51a mode 000000,100644..100644 --- a/debian/gnupg-agent.README.Debian +++ b/debian/gnupg-agent.README.Debian @@@ -1,0 -1,55 +1,55 @@@ + gpg-agent system integration + ============================ + + Since 2.1.x, gpg and most related processes will auto-launch gpg-agent + if needed. These auto-launched processes will inherit whatever + environment they started from, and they will not terminate + automatically. + + systemd + ======= + + Users on machines with systemd can ensure that gpg-agent is always + available for their session, and that it gets terminated safely at + logout by doing: + + systemctl --user enable gpg-agent.socket + + If you also want the ssh or extra (restricted) sockets to be + available, you might also add: + + systemctl --user enable gpg-agent-ssh.socket + systemctl --user enable gpg-agent-extra.socket + + If you do this from the middle of a running session, you probably also + want to clean up any other running gpg-agent, and ensure that the + socket is open and listening is started for the current session as + well: + + gpgconf --kill gpg-agent + systemctl --user start gpg-agent.socket + + Manual gpg-agent startup + ======================== + + Any user who wants to launch gpg-agent manually (e.g., to talk to it + with a tool from outside the GnuPG suite) should do so with: + + gpgconf --launch gpg-agent + + You may wish to add this to your session login scripts if you're not + using systemd. + + gpg-agent teardown + ================== + + If gpg-agent is launched manually or automatically (but not supervised + by systemd), you probably want to ensure that it terminates when your + session ends with: + + gpgconf --kill gpg-agent + + You may wish to add this to your session logout scripts if you're not + using systemd. + + -- Daniel Kahn Gillmor , Mon, 17 Oct 2016 17:06:22 -0400 diff --combined debian/gnupg-agent.examples index 0000000,34213be..34213be mode 000000,100644..100644 --- a/debian/gnupg-agent.examples +++ b/debian/gnupg-agent.examples @@@ -1,0 -1,2 +1,2 @@@ + doc/examples/pwpattern.list + doc/examples/trustlist.txt diff --combined debian/gnupg-agent.install index 0000000,2a4dcbe..2a4dcbe mode 000000,100644..100644 --- a/debian/gnupg-agent.install +++ b/debian/gnupg-agent.install @@@ -1,0 -1,12 +1,12 @@@ + debian/Xsession.d/90gpg-agent etc/X11/Xsession.d + debian/systemd-user/gpg-agent-browser.socket usr/lib/systemd/user + debian/tmp/usr/bin/gpg-agent + debian/tmp/usr/bin/gpg-connect-agent + debian/tmp/usr/bin/symcryptrun + debian/tmp/usr/lib/gnupg/gpg-check-pattern + debian/tmp/usr/lib/gnupg/gpg-preset-passphrase + debian/tmp/usr/lib/gnupg/gpg-protect-tool + doc/examples/systemd-user/gpg-agent-extra.socket usr/lib/systemd/user + doc/examples/systemd-user/gpg-agent-ssh.socket usr/lib/systemd/user + doc/examples/systemd-user/gpg-agent.service usr/lib/systemd/user + doc/examples/systemd-user/gpg-agent.socket usr/lib/systemd/user diff --combined debian/gnupg-agent.links index 0000000,2927701..2927701 mode 000000,100644..100644 --- a/debian/gnupg-agent.links +++ b/debian/gnupg-agent.links @@@ -1,0 -1,2 +1,2 @@@ + usr/lib/gnupg/gpg-preset-passphrase usr/lib/gnupg2/gpg-preset-passphrase + usr/lib/gnupg/gpg-protect-tool usr/lib/gnupg2/gpg-protect-tool diff --combined debian/gnupg-agent.manpages index 0000000,4819831..4819831 mode 000000,100644..100644 --- a/debian/gnupg-agent.manpages +++ b/debian/gnupg-agent.manpages @@@ -1,0 -1,5 +1,5 @@@ + debian/gpg-check-pattern.1 + debian/tmp/usr/share/man/man1/gpg-agent.1 + debian/tmp/usr/share/man/man1/gpg-connect-agent.1 + debian/tmp/usr/share/man/man1/gpg-preset-passphrase.1 + debian/tmp/usr/share/man/man1/symcryptrun.1 diff --combined debian/gnupg-l10n.install index 0000000,9aaad82..9aaad82 mode 000000,100644..100644 --- a/debian/gnupg-l10n.install +++ b/debian/gnupg-l10n.install @@@ -1,0 -1,2 +1,2 @@@ + debian/tmp/usr/share/gnupg/help.*.txt + debian/tmp/usr/share/locale diff --combined debian/gnupg.README.Debian index 0000000,24944d3..24944d3 mode 000000,100644..100644 --- a/debian/gnupg.README.Debian +++ b/debian/gnupg.README.Debian @@@ -1,0 -1,44 +1,44 @@@ + Using "Modern" GnuPG + ==================== + + As of version 2.1.11-7+exp1, the gnupg package is provided by the "modern" + version of GnuPG. + + This means: + + * supporting daemons are auto-launched as needed + + * all access to secret key material is handled by gpg-agent + + * all smartcard access is handled by scdaemon + + * all network access is handled by dirmngr + + * PGPv3 keys are no longer supported + + * secret keys are no longer stored in $GNUPGHOME/secring.gpg, but + instead in $GNUPGHOME/private-keys-v1.d/ + + * public keyrings are stored in keybox format (~/.gnupg/pubring.kbx) by + default for new users. Upgrading users will continue to use + pubring.gpg until they decide to explicitly convert. + + Converting an existing installation + ----------------------------------- + + If you have an existing GnuPG homedir from "classic" GnuPG, secret + keys should be migrated automatically upon the first run of the + "modern" version. + + If you have any secret keys that are stored only in a smartcard, after + your first use of "modern" gpg you should insert the card and run: + + gpg --card-status + + (see https://bugs.debian.org/795881) + + Public keys will not be automatically migrated from pubring.gpg to + pubring.kbx, however. If you want to migrate your public keyring, you + can use a script like /usr/bin/migrate-pubring-from-classic-gpg + + -- Daniel Kahn Gillmor , Mon, 18 Apr 2016 19:08:36 -0400 diff --combined debian/gnupg.docs index 0000000,b182260..b182260 mode 000000,100644..100644 --- a/debian/gnupg.docs +++ b/debian/gnupg.docs @@@ -1,0 -1,9 +1,9 @@@ + NEWS + README + THANKS + TODO + doc/DETAILS + doc/FAQ + doc/HACKING + doc/KEYSERVER + doc/OpenPGP diff --combined debian/gnupg.examples index 0000000,3e74b94..3e74b94 mode 000000,100644..100644 --- a/debian/gnupg.examples +++ b/debian/gnupg.examples @@@ -1,0 -1,1 +1,1 @@@ + doc/examples/gpgconf.conf diff --combined debian/gnupg.info index 0000000,e4baa0f..e4baa0f mode 000000,100644..100644 --- a/debian/gnupg.info +++ b/debian/gnupg.info @@@ -1,0 -1,3 +1,3 @@@ + debian/tmp/usr/share/info/gnupg.info* + doc/gnupg-card-architecture.png + doc/gnupg-module-overview.png diff --combined debian/gnupg.install index 0000000,12fb913..12fb913 mode 000000,100644..100644 --- a/debian/gnupg.install +++ b/debian/gnupg.install @@@ -1,0 -1,13 +1,13 @@@ + build/tools/gpg-zip usr/bin + build/tools/gpgsplit usr/bin + debian/migrate-pubring-from-classic-gpg usr/bin + debian/tmp/usr/bin/gpg + debian/tmp/usr/bin/gpgconf + debian/tmp/usr/bin/gpgparsemail + debian/tmp/usr/bin/kbxutil + debian/tmp/usr/bin/watchgnupg + debian/tmp/usr/sbin/addgnupghome + debian/tmp/usr/sbin/applygnupgdefaults + debian/tmp/usr/share/gnupg/distsigkey.gpg + debian/tmp/usr/share/gnupg/gpg-conf.skel + tools/lspgpot usr/bin diff --combined debian/gnupg.manpages index 0000000,4fc76c3..4fc76c3 mode 000000,100644..100644 --- a/debian/gnupg.manpages +++ b/debian/gnupg.manpages @@@ -1,0 -1,11 +1,11 @@@ + debian/gpg-zip.1 + debian/gpgsplit.1 + debian/kbxutil.1 + debian/lspgpot.1 + debian/migrate-pubring-from-classic-gpg.1 + debian/tmp/usr/share/man/man1/gpg.1 + debian/tmp/usr/share/man/man1/gpgconf.1 + debian/tmp/usr/share/man/man1/gpgparsemail.1 + debian/tmp/usr/share/man/man1/watchgnupg.1 + debian/tmp/usr/share/man/man8/addgnupghome.8 + debian/tmp/usr/share/man/man8/applygnupgdefaults.8 diff --combined debian/gnupg2.links index 0000000,96fde98..96fde98 mode 000000,100644..100644 --- a/debian/gnupg2.links +++ b/debian/gnupg2.links @@@ -1,0 -1,2 +1,2 @@@ + usr/bin/gpg usr/bin/gpg2 + usr/share/man/man1/gpg.1.gz usr/share/man/man1/gpg2.1.gz diff --combined debian/gpg-check-pattern.1 index 0000000,05dbc1e..05dbc1e mode 000000,100644..100644 --- a/debian/gpg-check-pattern.1 +++ b/debian/gpg-check-pattern.1 @@@ -1,0 -1,35 +1,35 @@@ + .TH GPG-CHECK-PATTERN "1" "March 2016" "gpg-check-pattern (GnuPG) 2.1.11" "User Commands" + + .SH NAME + gpg-check-pattern \- Check a passphrase on stdin against the patternfile + + .SH SYNOPSIS + .B gpg\-check\-pattern + .RB [ options ] + .I patternfile + + .SH DESCRIPTION + .B gpg\-check\-pattern checks a passphrase given on stdin against a specified patternfile. + + .SH OPTIONS + .TP + .BR \-v ", " \-\-verbose + Produce verbose output + .TP + .BR \-\-check + run only a syntax check on the patternfile + .TP + .BR \-0 ", " \-\-null + input is expected to be null delimited + .PP + Please report bugs to . + + .SH COPYRIGHT + Copyright \(co 2016 Free Software Foundation, Inc. + License GPLv3+: GNU GPL version 3 or later + + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian + distribution (but may be used by others). diff --combined debian/gpg-zip.1 index 0000000,cba5db4..cba5db4 mode 000000,100644..100644 --- a/debian/gpg-zip.1 +++ b/debian/gpg-zip.1 @@@ -1,0 -1,102 +1,102 @@@ + .TH "GPG\-ZIP" 1 "November 2006" + + .SH NAME + gpg\-zip \- encrypt or sign files into an archive + + .SH SYNOPSIS + .B gpg\-zip + .RB [ OPTIONS ] + .IR filename1 " [" "filename2, ..." ] + .IR directory1 " [" "directory2, ..." ] + + .SH DESCRIPTION + This manual page documents briefly the + .B gpg\-zip + command. + .PP + .B gpg\-zip + encrypts or signs files into an archive. It is an gpg-ized tar using the + same format as PGP's PGP Zip. + + .SH OPTIONS + .TP + .BR \-e ", " \-\-encrypt + Encrypt data. This option may be combined with + .B \-\-symmetric + (for output that may be decrypted via a secret key or a passphrase). + .TP + .BR \-d ", " \-\-decrypt + Decrypt data. + .TP + .BR \-c ", " \-\-symmetric + Encrypt with a symmetric cipher using a passphrase. The default + symmetric cipher used is CAST5, but may be chosen with the + .B \-\-cipher\-algo + option to + .BR gpg (1). + .TP + .BR \-s ", " \-\-sign + Make a signature. See + .BR gpg (1). + .TP + .BR \-r ", " \-\-recipient " \fIUSER\fR" + Encrypt for user id \fIUSER\fR. See + .BR gpg (1). + .TP + .BR \-u ", " \-\-local\-user " \fIUSER\fR" + Use \fIUSER\fR as the key to sign with. See + .BR gpg (1). + .TP + .B \-\-list\-archive + List the contents of the specified archive. + .TP + .BR \-o ", " \-\-output " " \fIFILE\fR" + Write output to specified file + .IR FILE . + .TP + .BI \-\-gpg " GPG" + Use the specified command instead of + .BR gpg . + .TP + .BI \-\-gpg\-args " ARGS" + Pass the specified options to + .BR gpg (1). + .TP + .BI \-\-tar " TAR" + Use the specified command instead of + .BR tar . + .TP + .BI \-\-tar\-args " ARGS" + Pass the specified options to + .BR tar (1). + .TP + .BR \-h ", " \-\-help + Output a short usage information. + .TP + .B \-\-version + Output the program version. + + .SH DIAGNOSTICS + The program returns \fB0\fR if everything was fine, \fB1\fR otherwise. + + .SH EXAMPLES + Encrypt the contents of directory \fImydocs\fR for user Bob to file \fItest1\fR: + .IP + .B gpg\-zip \-\-encrypt \-\-output test1 \-\-gpg-args ""\-r Bob"" mydocs + .PP + List the contents of archive \fItest1\fR: + .IP + .B gpg\-zip \-\-list\-archive test1 + + .SH SEE ALSO + .BR gpg (1), + .BR tar (1) + + .SH AUTHOR + Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to + <\&bug-gnupg@gnu.org\&>. + + This manpage was written by \fBColin Tuckley\fR <\&colin@tuckley.org\&> + and \fBDaniel Leidert\fR <\&daniel.leidert@wgdd.de\&> for the Debian + distribution (but may be used by others). + diff --combined debian/gpgsm.install index 0000000,8822607..8822607 mode 000000,100644..100644 --- a/debian/gpgsm.install +++ b/debian/gpgsm.install @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/bin/gpgsm diff --combined debian/gpgsm.manpages index 0000000,ad6a686..ad6a686 mode 000000,100644..100644 --- a/debian/gpgsm.manpages +++ b/debian/gpgsm.manpages @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/share/man/man1/gpgsm.1 diff --combined debian/gpgsplit.1 index 0000000,116ce89..116ce89 mode 000000,100644..100644 --- a/debian/gpgsplit.1 +++ b/debian/gpgsplit.1 @@@ -1,0 -1,41 +1,41 @@@ + .TH "gpgsplit" 1 "December 2005" + + .SH NAME + gpgsplit \- Split an OpenPGP message into packets + + .SH SYNOPSIS + .B gpgsplit + .RI [ OPTIONS ] + .RI [ FILES ] + + .SH DESCRIPTION + This manual page documents briefly the + .B gpgsplit + command. + .PP + .B gpgsplit + splits an OpenPGP message into packets. + + .SH OPTIONS + .TP + .BR \-v , \-\-verbose + Verbose. + .TP + .BR \-p , "\-\-prefix " \fISTRING\fR + Prepend filenames with \fISTRING\fR. + .TP + .B \-\-uncompress + Uncompress a packet. + .TP + .B \-\-secret\-to\-public + Convert secret keys to public keys. + .TP + .B \-\-no\-split + Write to stdout and don't actually split. + + .SH AUTHOR + Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to + . + + This manpage was written by Francois Wendling . + diff --combined debian/gpgv-static.1 index 0000000,c8dcc1a..c8dcc1a mode 000000,100644..100644 --- a/debian/gpgv-static.1 +++ b/debian/gpgv-static.1 @@@ -1,0 -1,32 +1,32 @@@ + .TH GPGV-STATIC "1" "November 2016" "GnuPG" "Gnu Privacy Guard 2.1" + + .SH NAME + gpgv-static - Verify OpenPGP signatures (static build) + + .SH SYNOPSIS + .B gpgv-static [\fIoptions\fP] \fIsigned_files\fP + + .SH DESCRIPTION + \fBgpgv\fR is an OpenPGP signature verification tool. + + \fBgpgv-static\fR is \fBgpgv\fR built statically so that it can be + directly used on any platform that is running on the Linux kernel, + such as Android, ChromeOS, or many embedded Linux systems. + + This version of \fBgpgv\fR in combination with \fBdebootstrap\fR and + the Debian archive keyring allows the secure creation of chroot + installs on these platforms by using the full Debian signature + verification that is present in all official Debian mirrors. + + You may wish to re-name the binary to plain \fBgpgv\fR when + transferring it into such a platform to create a chroot. + + Please read the documentation for \fBgpgv\fR for more details. + + .SH SEE ALSO + \fBgpg\fR(1) + + .SH AUTHOR + This manual page was written by Daniel Kahn Gillmor + for the Debian project, but may be used by + others under the same license as GnuPG itself. diff --combined debian/gpgv-static.install index 0000000,adb6deb..adb6deb mode 000000,100644..100644 --- a/debian/gpgv-static.install +++ b/debian/gpgv-static.install @@@ -1,0 -1,1 +1,1 @@@ + build-gpgv-static/g10/gpgv-static usr/bin/ diff --combined debian/gpgv-static.lintian-overrides index 0000000,fa0b8df..fa0b8df mode 000000,100644..100644 --- a/debian/gpgv-static.lintian-overrides +++ b/debian/gpgv-static.lintian-overrides @@@ -1,0 -1,3 +1,3 @@@ + # gpgv-static is deliberately built statically. We cannot avoid + # embedding zlib. + gpgv-static: embedded-library usr/bin/gpgv-static: zlib diff --combined debian/gpgv-static.manpages index 0000000,e3f73aa..e3f73aa mode 000000,100644..100644 --- a/debian/gpgv-static.manpages +++ b/debian/gpgv-static.manpages @@@ -1,0 -1,1 +1,1 @@@ + debian/gpgv-static.1 diff --combined debian/gpgv-udeb.install index 0000000,fe27533..fe27533 mode 000000,100644..100644 --- a/debian/gpgv-udeb.install +++ b/debian/gpgv-udeb.install @@@ -1,0 -1,1 +1,1 @@@ + build-gpgv-udeb/g10/gpgv usr/bin/ diff --combined debian/gpgv-win32.install index 0000000,cf3cd8c..cf3cd8c mode 000000,100644..100644 --- a/debian/gpgv-win32.install +++ b/debian/gpgv-win32.install @@@ -1,0 -1,1 +1,1 @@@ + build-gpgv-win32/g10/gpgv.exe usr/share/win32 diff --combined debian/gpgv.install index 0000000,0a9f9a2..0a9f9a2 mode 000000,100644..100644 --- a/debian/gpgv.install +++ b/debian/gpgv.install @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/bin/gpgv diff --combined debian/gpgv.manpages index 0000000,86a9e29..86a9e29 mode 000000,100644..100644 --- a/debian/gpgv.manpages +++ b/debian/gpgv.manpages @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/share/man/man1/gpgv.1 diff --combined debian/gpgv2.links index 0000000,5107429..5107429 mode 000000,100644..100644 --- a/debian/gpgv2.links +++ b/debian/gpgv2.links @@@ -1,0 -1,2 +1,2 @@@ + usr/bin/gpgv usr/bin/gpgv2 + usr/share/man/man1/gpgv.1.gz usr/share/man/man1/gpgv2.1.gz diff --combined debian/kbxutil.1 index 0000000,52b338a..52b338a mode 000000,100644..100644 --- a/debian/kbxutil.1 +++ b/debian/kbxutil.1 @@@ -1,0 -1,62 +1,62 @@@ + .TH KBXUTIL "1" "March 2016" "kbxutil (GnuPG) 2.1.11" "User Commands" + + .SH NAME + kbxutil \- List, export, import Keybox data + + .SH SYNOPSIS + .B kbxutil + .RB [ OPTIONS ] + .RB [ FILES ] + + .SH DESCRIPTION + List, export, import Keybox data + + .SH COMMANDS + .TP + .B \-\-stats + show key statistics + .TP + .B \-\-import\-openpgp + import OpenPGP keyblocks + .TP + .B \-\-find\-dups + find duplicates + .TP + .B \-\-cut + export records + + .SH OPTIONS + .TP + .BI \-\-from " N" + first record to export + .TP + .BI \-\-to " N" + last record to export + .TP + .BR \-v ", " \-\-verbose + verbose + .TP + .BR \-q ", " \-\-quiet + be somewhat more quiet + .TP + .BR \-n ", " \-\-dry\-run + do not make any changes + .TP + .B \-\-debug + set debugging flags + .TP + .B \-\-debug\-all + enable full debugging + + .SH BUGS + Please report bugs to . + + .SH COPYRIGHT + Copyright \(co 2016 Free Software Foundation, Inc. + License GPLv3+: GNU GPL version 3 or later + + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian + distribution (but may be used by others). diff --combined debian/lspgpot.1 index 0000000,ba27eca..ba27eca mode 000000,100644..100644 --- a/debian/lspgpot.1 +++ b/debian/lspgpot.1 @@@ -1,0 -1,22 +1,22 @@@ + .TH "lspgpot" 1 "December 2005" + + .SH NAME + lspgpot - extracts the ownertrust values from PGP keyrings and list them in + GnuPG ownertrust format. + + + .SH SYNOPSIS + .B lspgpot + + + .SH DESCRIPTION + .B lspgpot + extracts the ownertrust values from PGP keyrings and list them in + GnuPG ownertrust format. + + .SH AUTHOR + Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to + . + + This manpage was written by Francois Wendling . + diff --combined debian/migrate-pubring-from-classic-gpg index 0000000,13ee1f8..13ee1f8 mode 000000,100755..100755 --- a/debian/migrate-pubring-from-classic-gpg +++ b/debian/migrate-pubring-from-classic-gpg @@@ -1,0 -1,76 +1,76 @@@ + #!/bin/bash + + # script to migrate fully from pubring.gpg to pubring.kbx + + # Author: Daniel Kahn Gillmor + # Date: 2016-04-01 + # License: GPLv3+ + + # This was written for the Debian project + + set -e + + GPG="${GPG:-gpg}" + + # select the default GnuPG home directory to work from: + GHD=${GNUPGHOME:-${HOME:-$(getent passwd "$(id -u)" | cut -f6 -d:)}/.gnupg} + + # Check that this is gnupg 2.1 or 2.2: + VERSION=$("$GPG" --version | head -n1 | cut -f3 -d\ | cut -f1,2 -d.) + if [ "$VERSION" != 2.1 ] && [ "$VERSION" != 2.2 ] ; then + printf '%s is version %s not version 2.1 or 2.2, this script might be wrong\n' "$GPG" "$VERSION" >&2 + exit 1 + fi + + usage() { + printf 'Usage: %s [GPGHOMEDIR|--default] + \tMigrate public keyring in GPGHOMEDIR from "classic" to "modern" GnuPG + \tusing %s version %s. + + \t--default migrates the GnuPG home directory at "%s" + ' "$0" "$GPG" "$VERSION" "$GHD" + } + + if [ -z "$1" ]; then + usage >&2 + exit 1 + else + case "$1" in + --help|--usage|-h) + usage + exit + ;; + --default) + ;; + *) + GHD="$1" + ;; + esac + fi + + # ensure that there is a pubring.gpg to migrate: + if ! [ -f "$GHD/pubring.gpg" ]; then + printf 'There is no %s/pubring.gpg, no need to migrate\n' "$GHD" >&2 + exit + fi + if ! [ -s "$GHD/pubring.gpg" ]; then + mv -- "$GHD/pubring.gpg" "$GHD/pubring.gpg.empty" + printf '%s/pubring.gpg was empty (and has been moved out of the way), no need to migrate\n' "$GHD" >&2 + exit + fi + + BACKUP="$(mktemp -d "$GHD/migrate-from-classic-backup.$(date +%F).XXXXXX")" + printf 'Migrating from:\n%s\n[Backing up to %s]\n' "$(ls -l "$GHD/pubring.gpg")" "$BACKUP" >&2 + + "$GPG" --export-ownertrust > "$BACKUP/ownertrust.txt" + mv "$GHD/pubring.gpg" "$BACKUP/" + "$GPG" --import-options import-local-sigs,keep-ownertrust,repair-pks-subkey-bug --import < "$BACKUP/pubring.gpg" + "$GPG" --import-ownertrust < "$BACKUP/ownertrust.txt" + "$GPG" --check-trustdb + + if ! [ -f "$GHD/pubring.kbx" ]; then + printf 'No keybox was created at %s/pubring.kbx. Something went wrong!\n' "$GHD" >&2 + exit 1 + fi + + printf 'Migration completed successfully:\n%s\n' "$(ls -l "$GHD/pubring.kbx")" >&2 diff --combined debian/migrate-pubring-from-classic-gpg.1 index 0000000,4d26b89..4d26b89 mode 000000,100644..100644 --- a/debian/migrate-pubring-from-classic-gpg.1 +++ b/debian/migrate-pubring-from-classic-gpg.1 @@@ -1,0 -1,50 +1,50 @@@ + .TH "MIGRATE-PUBRING-FROM-CLASSIC-GPG" 1 "April 2016" + + .SH NAME + migrate\-pubring\-from\-classic\-gpg \- Migrate a public keyring from "classic" to "modern" GnuPG + + .SH SYNOPSIS + .B migrate\-pubring\-from\-classic\-gpg + .RB "[ " GPGHOMEDIR " | " + .IR \-\-default " ]" + + .SH DESCRIPTION + + .B migrate\-pubring\-from\-classic\-gpg + migrates the public keyring in GnuPG home directory GPGHOMEDIR from + the "classic" keyring format to the "modern" keybox format using GnuPG + versions 2.1 or 2.2. + + Specifying + .B \-\-default + selects the standard GnuPG home directory (looking at $GNUPGHOME + first, and falling back to ~/.gnupg if unset. + + .SH OPTIONS + .BR \-h ", " \-\-help ", " \-\-usage + Output a short usage information. + + .SH DIAGNOSTICS + The program sends quite a bit of text (perhaps too much) to stderr. + + During a migration, the tool backs up several pieces of data in a + timestamped subdirectory of the GPGHOMEDIR. + + .SH ENVIRONMENT VARIABLES + + .B GNUPGHOME + Selects the GnuPG home directory when set and --default is given. + + .B GPG + The name of the + .B gpg + executable (defaults to + .B gpg + ). + + .SH SEE ALSO + .BR gpg (1) + + .SH AUTHOR + Copyright (C) 2016 Daniel Kahn Gillmor for the Debian project. Please + report bugs via the Debian BTS. diff --combined debian/patches/0012-gpgscm-Guard-use-of-union-member.patch index 0000000,f44bfe6..f44bfe6 mode 000000,100644..100644 --- a/debian/patches/0012-gpgscm-Guard-use-of-union-member.patch +++ b/debian/patches/0012-gpgscm-Guard-use-of-union-member.patch @@@ -1,0 -1,27 +1,27 @@@ + From: Justus Winter + Date: Wed, 21 Dec 2016 16:14:45 +0100 + Subject: gpgscm: Guard use of union member. + + * tests/gpgscm/scheme.c (opexe_5): Check that we have a file port + before accessing filename. Fixes a crash on 32-bit architectures. + + Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4 + Signed-off-by: Justus Winter + (cherry picked from commit 6e96cdd41a0e55b672309431062f37c4a4a9f485) + --- + tests/gpgscm/scheme.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + + diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c + index a5b7691fb..284454557 100644 + --- a/tests/gpgscm/scheme.c + +++ b/tests/gpgscm/scheme.c + @@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) { + } else { + sc->nesting_stack[sc->file_i]++; + #if USE_TAGS && SHOW_ERROR_LINE + - { + + if (sc->load_stack[sc->file_i].kind & port_file) { + const char *filename = + sc->load_stack[sc->file_i].rep.stdio.filename; + int lineno = diff --combined debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch index 0000000,b429d8e..b429d8e mode 000000,100644..100644 --- a/debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch +++ b/debian/patches/0013-dirmngr-Fix-for-disable-libdns-usage.patch @@@ -1,0 -1,74 +1,74 @@@ + From: NIIBE Yutaka + Date: Fri, 23 Dec 2016 16:05:01 +0900 + Subject: dirmngr: Fix for --disable-libdns usage. + + * dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver) + (reload_dns_stuff): Conditionalize with USE_LIBDNS. + (get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME. + + -- + + get_dns_srv assumes error code of GPG_ERR_NO_NAME when no SRV record + available. + + Signed-off-by: NIIBE Yutaka + GnuPG-bug-id: 2889 + (cherry picked from commit d26c51825e2255fe58305cbc1cd74fa43f80d93e) + --- + dirmngr/dns-stuff.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + + diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c + index 491fccefd..a31b0731c 100644 + --- a/dirmngr/dns-stuff.c + +++ b/dirmngr/dns-stuff.c + @@ -181,7 +181,9 @@ void + enable_recursive_resolver (int yes) + { + recursive_resolver = yes; + +#ifdef USE_LIBDNS + libdns_reinit_pending = 1; + +#endif + } + + + @@ -251,8 +253,10 @@ set_dns_nameserver (const char *ipaddr) + strncpy (tor_nameserver, ipaddr? ipaddr : DEFAULT_NAMESERVER, + sizeof tor_nameserver -1); + tor_nameserver[sizeof tor_nameserver -1] = 0; + +#ifdef USE_LIBDNS + libdns_reinit_pending = 1; + libdns_tor_port = 0; /* Start again with the default port. */ + +#endif + } + + + @@ -278,7 +282,7 @@ get_h_errno_as_gpg_error (void) + + switch (h_errno) + { + - case HOST_NOT_FOUND: ec = GPG_ERR_UNKNOWN_HOST; break; + + case HOST_NOT_FOUND: ec = GPG_ERR_NO_NAME; break; + case TRY_AGAIN: ec = GPG_ERR_TRY_LATER; break; + case NO_RECOVERY: ec = GPG_ERR_SERVER_FAILED; break; + case NO_DATA: ec = GPG_ERR_NO_DATA; break; + @@ -534,15 +538,17 @@ libdns_deinit (void) + void + reload_dns_stuff (int force) + { + +#ifdef USE_LIBDNS + if (force) + { + -#ifdef USE_LIBDNS + libdns_deinit (); + -#endif + libdns_reinit_pending = 0; + } + else + libdns_reinit_pending = 1; + +#else + + (void)force; + +#endif + } + + diff --combined debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch index 0000000,bc4cc3a..bc4cc3a mode 000000,100644..100644 --- a/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch +++ b/debian/patches/0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch @@@ -1,0 -1,43 +1,43 @@@ + From: Werner Koch + Date: Mon, 2 Jan 2017 10:00:33 +0100 + Subject: dirmngr: Strip root zone suffix from libdns cname results. + + * dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot. + (get_dns_cname_libdns): Ditto. + -- + + Signed-off-by: Werner Koch + (cherry picked from commit b200e636ab20d2aa93d9f71f3789db5a04af0a56) + --- + dirmngr/dns-stuff.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + + diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c + index a31b0731c..f2e1df925 100644 + --- a/dirmngr/dns-stuff.c + +++ b/dirmngr/dns-stuff.c + @@ -732,6 +732,10 @@ resolve_name_libdns (const char *name, unsigned short port, + err = gpg_error_from_syserror (); + goto leave; + } + + /* Libdns appends the root zone part which is problematic + + * for most other functions - strip it. */ + + if (**r_canonname && (*r_canonname)[strlen (*r_canonname)-1] == '.') + + (*r_canonname)[strlen (*r_canonname)-1] = 0; + } + + dai = xtrymalloc (sizeof *dai + ent->ai_addrlen -1); + @@ -1899,6 +1903,13 @@ get_dns_cname_libdns (const char *name, char **r_cname) + *r_cname = xtrystrdup (cname.host); + if (!*r_cname) + err = gpg_error_from_syserror (); + + else + + { + + /* Libdns appends the root zone part which is problematic + + * for most other functions - strip it. */ + + if (**r_cname && (*r_cname)[strlen (*r_cname)-1] == '.') + + (*r_cname)[strlen (*r_cname)-1] = 0; + + } + + leave: + dns_free (ans); diff --combined debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch index 0000000,89adfaf..89adfaf mode 000000,100644..100644 --- a/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch +++ b/debian/patches/0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch @@@ -1,0 -1,29 +1,29 @@@ + From: Werner Koch + Date: Mon, 2 Jan 2017 10:39:59 +0100 + Subject: doc: Remove warning that DNS is not routed via Tor + + -- + + Signed-off-by: Werner Koch + (cherry picked from commit 5a4a109354d53cf3673d0636731c67021d3f367a) + --- + doc/dirmngr.texi | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + + diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi + index 5b4e68bc8..e136dff53 100644 + --- a/doc/dirmngr.texi + +++ b/doc/dirmngr.texi + @@ -239,10 +239,8 @@ useful for debugging. + @item --use-tor + @opindex use-tor + This option switches Dirmngr and thus GnuPG into ``Tor mode'' to route + -all network access via Tor (an anonymity network). WARNING: As of now + -this still leaks the DNS queries; e.g. to lookup the hosts in a + -keyserver pool. Certain other features are disabled if this mode is + -active. + +all network access via Tor (an anonymity network). Certain other + +features are disabled if this mode is active. + + @item --standard-resolver + @opindex standard-resolver diff --combined debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch index 0000000,3ea836f..3ea836f mode 000000,100644..100644 --- a/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch +++ b/debian/patches/0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch @@@ -1,0 -1,32 +1,32 @@@ + From: Werner Koch + Date: Mon, 2 Jan 2017 12:59:10 +0100 + Subject: build: Enable gcc warnings to detect non-portable code. + + -- + + Signed-off-by: Werner Koch + (cherry picked from commit c52930d11fcc52515fcc09a1085bf118411566a8) + --- + configure.ac | 9 +++++++++ + 1 file changed, 9 insertions(+) + + diff --git a/configure.ac b/configure.ac + index 932c741ef..237189cf9 100644 + --- a/configure.ac + +++ b/configure.ac + @@ -1575,6 +1575,15 @@ if test "$GCC" = yes; then + if test x"$_gcc_wopt" = xyes ; then + mycflags="$mycflags -Wdeclaration-after-statement" + fi + + + + AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla]) + + CFLAGS="-Wlogical-op -Wvla" + + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + + AC_MSG_RESULT($_gcc_wopt) + + if test x"$_gcc_wopt" = xyes ; then + + mycflags="$mycflags -Wlogical-op -Wvla" + + fi + + + else + mycflags="$mycflags -Wall" + fi diff --combined debian/patches/0017-Replace-use-of-variable-length-arrays.patch index 0000000,3e3a2a7..3e3a2a7 mode 000000,100644..100644 --- a/debian/patches/0017-Replace-use-of-variable-length-arrays.patch +++ b/debian/patches/0017-Replace-use-of-variable-length-arrays.patch @@@ -1,0 -1,179 +1,179 @@@ + From: Werner Koch + Date: Mon, 2 Jan 2017 13:29:18 +0100 + Subject: Replace use of variable-length-arrays. + + * common/t-iobuf.c (main): Replace variable-length-array. + * g10/gpgcompose.c (mksubpkt_callback): Ditto. + (encrypted): Ditto. + * g10/t-stutter.c (log_hexdump): Ditto. + (oracle_test): Ditto. + * g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t. + * scd/app-openpgp.c (ecc_writekey): Replace variable-length-array. + Check for zero length OID_LEN. + + Signed-off-by: Werner Koch + (cherry picked from commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1) + --- + common/t-iobuf.c | 6 ++++-- + g10/gpgcompose.c | 17 ++++++++++++----- + g10/t-stutter.c | 17 ++++++++++------- + g10/tofu.c | 6 +++--- + scd/app-openpgp.c | 14 +++++++++++++- + 5 files changed, 42 insertions(+), 18 deletions(-) + + diff --git a/common/t-iobuf.c b/common/t-iobuf.c + index 0e6f508a5..bdeab99a4 100644 + --- a/common/t-iobuf.c + +++ b/common/t-iobuf.c + @@ -362,10 +362,12 @@ main (int argc, char *argv[]) + { + iobuf_t iobuf; + int rc; + - char *content = "0123456789"; + + char content[] = "0123456789"; + int n; + int c; + - char buffer[strlen (content)]; + + char buffer[10]; + + + + assert (sizeof buffer == sizeof content - 1); + + iobuf = iobuf_temp_with_content (content, strlen (content)); + assert (iobuf); + diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c + index 512cb450a..fafbfd274 100644 + --- a/g10/gpgcompose.c + +++ b/g10/gpgcompose.c + @@ -1654,13 +1654,17 @@ mksubpkt_callback (PKT_signature *sig, void *cookie) + + if (si->reason_for_revocation) + { + - int l = 1 + strlen (si->reason_for_revocation); + - char buf[l]; + + int len = 1 + strlen (si->reason_for_revocation); + + char *buf; + + + + buf = xmalloc (len); + + buf[0] = si->reason_for_revocation_code; + - memcpy (&buf[1], si->reason_for_revocation, l - 1); + + memcpy (&buf[1], si->reason_for_revocation, len - 1); + + + + build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len); + + - build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, l); + + xfree (buf); + } + + if (si->features) + @@ -2540,10 +2544,13 @@ encrypted (const char *option, int argc, char *argv[], void *cookie) + + if (do_debug) + { + - char buf[2 * session_key.keylen + 1]; + + char *buf; + + + + buf = xmalloc (2 * session_key.keylen + 1); + debug ("session key: algo: %d; keylen: %d; key: %s\n", + session_key.algo, session_key.keylen, + bin2hex (session_key.key, session_key.keylen, buf)); + + xfree (buf); + } + + if (strcmp (option, "--encrypted-mdc") == 0) + diff --git a/g10/t-stutter.c b/g10/t-stutter.c + index a2e9666bf..359cdf622 100644 + --- a/g10/t-stutter.c + +++ b/g10/t-stutter.c + @@ -68,8 +68,8 @@ log_hexdump (byte *buffer, int length) + { + int have = length > 16 ? 16 : length; + int i; + - char formatted[2 * have + 1]; + - char text[have + 1]; + + char formatted[2 * 16 + 1]; + + char text[16 + 1]; + + fprintf (stderr, "%-8d ", written); + bin2hex (buffer, have, formatted); + @@ -87,10 +87,12 @@ log_hexdump (byte *buffer, int length) + } + + for (i = 0; i < have; i ++) + - if (isprint (buffer[i])) + - text[i] = buffer[i]; + - else + - text[i] = '.'; + + { + + if (isprint (buffer[i])) + + text[i] = buffer[i]; + + else + + text[i] = '.'; + + } + text[i] = 0; + + fprintf (stderr, " "); + @@ -347,8 +349,9 @@ oracle (int debug, byte *ciphertext, int len, byte **plaintextp, byte **cfbp) + static int + oracle_test (unsigned int d, int b, int debug) + { + - byte probe[blocksize + 2]; + + byte probe[32 + 2]; + + + log_assert (blocksize + 2 <= sizeof probe); + log_assert (d < 256 * 256); + + if (b == 1) + diff --git a/g10/tofu.c b/g10/tofu.c + index 2bded9e8d..8d535fa6c 100644 + --- a/g10/tofu.c + +++ b/g10/tofu.c + @@ -2457,16 +2457,16 @@ get_policy (tofu_dbs_t dbs, PKT_public_key *pk, + /* See if the key is signed by an ultimately trusted key. */ + { + int fingerprint_raw_len = strlen (fingerprint) / 2; + - char fingerprint_raw[fingerprint_raw_len]; + + char fingerprint_raw[20]; + int len = 0; + + - if (fingerprint_raw_len != 20 + + if (fingerprint_raw_len != sizeof fingerprint_raw + || ((len = hex2bin (fingerprint, + fingerprint_raw, fingerprint_raw_len)) + != strlen (fingerprint))) + { + if (DBG_TRUST) + - log_debug ("TOFU: Bad fingerprint: %s (len: %zd, parsed: %d)\n", + + log_debug ("TOFU: Bad fingerprint: %s (len: %zu, parsed: %d)\n", + fingerprint, strlen (fingerprint), len); + } + else + diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c + index 5fa4fd294..4d8b1bc9e 100644 + --- a/scd/app-openpgp.c + +++ b/scd/app-openpgp.c + @@ -3580,11 +3580,23 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), + { + if (app->app_local->extcap.algo_attr_change) + { + - unsigned char keyattr[oid_len]; + + unsigned char *keyattr; + + + if (!oid_len) + + { + + err = gpg_error (GPG_ERR_INTERNAL); + + goto leave; + + } + + keyattr = xtrymalloc (oid_len); + + if (!keyattr) + + { + + err = gpg_error_from_syserror (); + + goto leave; + + } + keyattr[0] = algo; + memcpy (keyattr+1, oidbuf+1, oid_len-1); + err = change_keyattr (app, keyno, keyattr, oid_len, pincb, pincb_arg); + + xfree (keyattr); + if (err) + goto leave; + } diff --combined debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch index 0000000,927f7e3..927f7e3 mode 000000,100644..100644 --- a/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch +++ b/debian/patches/0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch @@@ -1,0 -1,39 +1,39 @@@ + From: Werner Koch + Date: Mon, 2 Jan 2017 15:47:24 +0100 + Subject: dirmngr: New debug message on correctly initialized libdns. + + * dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on + success. + -- + + This output may help to avoid questions when evaluating an Assuan log. + + Signed-off-by: Werner Koch + (cherry picked from commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d) + --- + dirmngr/dns-stuff.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + + diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c + index f2e1df925..cf8cefb2e 100644 + --- a/dirmngr/dns-stuff.c + +++ b/dirmngr/dns-stuff.c + @@ -507,6 +507,9 @@ libdns_init (void) + /* All fine. Make the data global. */ + libdns = ld; + + + if (opt_debug) + + log_debug ("dns: libdns initialized%s\n", tor_mode?" (tor mode)":""); + + + leave: + xfree (cfgstr); + return err; + @@ -595,7 +598,7 @@ libdns_res_open (struct dns_resolver **r_res) + + + #ifdef USE_LIBDNS + -/* Helper to test whether we need totry again after having swicthed + +/* Helper to test whether we need to try again after having switched + * the Tor port. */ + static int + libdns_switch_port_p (gpg_error_t err) diff --combined debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch index 0000000,2c02c2e..2c02c2e mode 000000,100644..100644 --- a/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch +++ b/debian/patches/0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch @@@ -1,0 -1,170 +1,170 @@@ + From: Werner Koch + Date: Tue, 3 Jan 2017 12:03:28 +0100 + Subject: dirmngr: Make sure Tor mode is also set for DNS on SIGHUP. + + * dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed. + (reload_dns_stuff): Reset tor port. + * dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS. + (main): Remove warning that Tor mode may not fully work. + * dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS + initialization. + * dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error + checking for enable_dns_tormode. + -- + + This patch also resets the port on SIGHUP so that after starting Tor + SIGHUP is sufficient to use Tor. Without the SIGHUP and when not + using the Tor browser Dirmngr would keep on trying the Tor browser + port. + + Signed-off-by: Werner Koch + (cherry picked from commit 969512401603639e4467ede7d892f1b02582c2c9) + --- + dirmngr/dirmngr.c | 10 +++------- + dirmngr/dns-stuff.c | 12 +++++++----- + dirmngr/dns-stuff.h | 6 +++--- + dirmngr/server.c | 7 ------- + dirmngr/t-dns-stuff.c | 16 +--------------- + 5 files changed, 14 insertions(+), 37 deletions(-) + + diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c + index 0b8bb02e6..5abfe78c6 100644 + --- a/dirmngr/dirmngr.c + +++ b/dirmngr/dirmngr.c + @@ -474,6 +474,9 @@ set_tor_mode (void) + { + if (opt.use_tor) + { + + /* Enable Tor mode and when called again force a new curcuit + + * (e.g. on SIGHUP). */ + + enable_dns_tormode (1); + if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1)) + { + log_error ("error enabling Tor mode: %s\n", strerror (errno)); + @@ -912,13 +915,6 @@ main (int argc, char **argv) + log_info ("NOTE: this is a development version!\n"); + #endif + + - if (opt.use_tor) + - { + - log_info ("WARNING: ***************************************\n"); + - log_info ("WARNING: Tor mode (--use-tor) MAY NOT FULLY WORK!\n"); + - log_info ("WARNING: ***************************************\n"); + - } + - + /* Print a warning if an argument looks like an option. */ + if (!opt.quiet && !(pargs.flags & ARGPARSE_FLAG_STOP_SEEN)) + { + diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c + index cf8cefb2e..e32e1e3e1 100644 + --- a/dirmngr/dns-stuff.c + +++ b/dirmngr/dns-stuff.c + @@ -199,9 +199,9 @@ recursive_resolver_p (void) + } + + + -/* Sets the module in Tor mode. Returns 0 is this is possible or an + - error code. */ + -gpg_error_t + +/* Puts this module eternally into Tor mode. When called agained with + + * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */ + +void + enable_dns_tormode (int new_circuit) + { + if (!*tor_socks_user || new_circuit) + @@ -215,7 +215,6 @@ enable_dns_tormode (int new_circuit) + counter++; + } + tor_mode = 1; + - return 0; + } + + + @@ -548,7 +547,10 @@ reload_dns_stuff (int force) + libdns_reinit_pending = 0; + } + else + - libdns_reinit_pending = 1; + + { + + libdns_reinit_pending = 1; + + libdns_tor_port = 0; /* Start again with the default port. */ + + } + #else + (void)force; + #endif + diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h + index 0a4a4de2f..eb7fe7246 100644 + --- a/dirmngr/dns-stuff.h + +++ b/dirmngr/dns-stuff.h + @@ -113,9 +113,9 @@ void enable_recursive_resolver (int yes); + /* Return true iff the recursive resolver is used. */ + int recursive_resolver_p (void); + + -/* Calling this function switches the DNS code into Tor mode if + - possibe. Return 0 on success. */ + -gpg_error_t enable_dns_tormode (int new_circuit); + +/* Put this module eternally into Tor mode. When called agained with + + * NEW_CIRCUIT request a new TOR circuit for the next DNS query. */ + +void enable_dns_tormode (int new_circuit); + + /* Change the default IP address of the nameserver to IPADDR. The + address needs to be a numerical IP address and will be used for the + diff --git a/dirmngr/server.c b/dirmngr/server.c + index a785238dc..28c2cd428 100644 + --- a/dirmngr/server.c + +++ b/dirmngr/server.c + @@ -709,13 +709,6 @@ cmd_dns_cert (assuan_context_t ctx, char *line) + } + } + + - if (opt.use_tor && (err = enable_dns_tormode (0))) + - { + - /* Tor mode is requested but the DNS code can't enable it. */ + - assuan_set_error (ctx, err, "error enabling Tor mode"); + - goto leave; + - } + - + if (pka_mode || dane_mode) + { + char *domain; /* Points to mbox. */ + diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c + index b087b5ead..bc4ca9a51 100644 + --- a/dirmngr/t-dns-stuff.c + +++ b/dirmngr/t-dns-stuff.c + @@ -51,7 +51,6 @@ main (int argc, char **argv) + gpg_error_t err; + int any_options = 0; + int opt_tor = 0; + - int opt_new_circuit = 0; + int opt_cert = 0; + int opt_srv = 0; + int opt_bracket = 0; + @@ -103,11 +102,6 @@ main (int argc, char **argv) + opt_tor = 1; + argc--; argv++; + } + - else if (!strcmp (*argv, "--new-circuit")) + - { + - opt_new_circuit = 1; + - argc--; argv++; + - } + else if (!strcmp (*argv, "--standard-resolver")) + { + enable_standard_resolver (1); + @@ -171,15 +165,7 @@ main (int argc, char **argv) + init_sockets (); + + if (opt_tor) + - { + - err = enable_dns_tormode (opt_new_circuit); + - if (err) + - { + - fprintf (stderr, "error switching into Tor mode: %s\n", + - gpg_strerror (err)); + - exit (1); + - } + - } + + enable_dns_tormode (0); + + if (opt_cert) + { diff --combined debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch index 0000000,1ca5f4f..1ca5f4f mode 000000,100644..100644 --- a/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch +++ b/debian/patches/0020-doc-Extend-dirmngr-s-allow-version-check-description.patch @@@ -1,0 -1,30 +1,30 @@@ + From: Werner Koch + Date: Tue, 3 Jan 2017 13:12:25 +0100 + Subject: doc: Extend dirmngr's --allow-version-check description + + -- + + (cherry picked from commit 293a55bacdacec4501af3a396b14fd32e404e39e) + --- + doc/dirmngr.texi | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + + diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi + index e136dff53..fc617d81d 100644 + --- a/doc/dirmngr.texi + +++ b/doc/dirmngr.texi + @@ -264,7 +264,13 @@ the list of current software versions. If this option is enabled, or + if @option{use-tor} is active, the list is retrieved when the local + copy does not exist or is older than 5 to 7 days. See the option + @option{--query-swdb} of the command @command{gpgconf} for more + -details. + +details. Note, that regardless of this option a version check can + +always be triggered using this command: + + + +@example + + gpg-connect-agent --dirmngr 'loadswdb --force' /bye + +@end example + + + + @item --keyserver @var{name} + @opindex keyserver diff --combined debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch index 0000000,e3fdecd..e3fdecd mode 000000,100644..100644 --- a/debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch +++ b/debian/patches/0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch @@@ -1,0 -1,460 +1,460 @@@ + From: Werner Koch + Date: Wed, 4 Jan 2017 18:37:36 +0100 + Subject: doc: Add release announcement pointers to NEWS entries. + + -- + + These are used by the website buider to link to the announcement + mails. + + Signed-off-by: Werner Koch + (cherry picked from commit 588121c158384b05099388097053d8d1e8bdf143) + --- + NEWS | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 97 insertions(+), 2 deletions(-) + + diff --git a/NEWS b/NEWS + index 5633c55b0..1e91af31f 100644 + --- a/NEWS + +++ b/NEWS + @@ -33,6 +33,8 @@ Noteworthy changes in version 2.1.17 (2016-12-20) + * Major improvements to the test suite. For example it is possible + to run the external test suite of GPGME. + + + See-also: gnupg-announce/2016q4/000400.html + + + + Noteworthy changes in version 2.1.16 (2016-11-18) + ------------------------------------------------- + @@ -105,6 +107,8 @@ Noteworthy changes in version 2.1.16 (2016-11-18) + + * Many changes and improvements for the test suite. + + + See-also: gnupg-announce/2016q4/000398.html + + + + Noteworthy changes in version 2.1.15 (2016-08-18) + ------------------------------------------------- + @@ -156,6 +160,8 @@ Noteworthy changes in version 2.1.15 (2016-08-18) + + * Spelling and grammar fixes. + + + See-also: gnupg-announce/2016q3/000396.html + + + + Noteworthy changes in version 2.1.14 (2016-07-14) + ------------------------------------------------- + @@ -214,6 +220,8 @@ Noteworthy changes in version 2.1.14 (2016-07-14) + + * The rendering of the man pages has been improved. + + + See-also: gnupg-announce/2016q3/000393.html + + + + Noteworthy changes in version 2.1.13 (2016-06-16) + ------------------------------------------------- + @@ -264,6 +272,8 @@ Noteworthy changes in version 2.1.13 (2016-06-16) + + * Speedup fd closing after a fork. + + + See-also: gnupg-announce/2016q2/000390.html + + + + Noteworthy changes in version 2.1.12 (2016-05-04) + ------------------------------------------------- + @@ -317,6 +327,8 @@ Noteworthy changes in version 2.1.12 (2016-05-04) + + * Lots of internal cleanups and bug fixes. + + + See-also: gnupg-announce/2016q2/000387.html + + + + Noteworthy changes in version 2.1.11 (2016-01-26) + ------------------------------------------------- + @@ -368,6 +380,8 @@ Noteworthy changes in version 2.1.11 (2016-01-26) + * Print a warning if a GnuPG component is using an older version of + gpg-agent, dirmngr, or scdaemon. + + + See-also: gnupg-announce/2016q1/000383.html + + + + Noteworthy changes in version 2.1.10 (2015-12-04) + ------------------------------------------------- + @@ -426,6 +440,8 @@ Noteworthy changes in version 2.1.10 (2015-12-04) + + * Many other cleanups and bug fixes. + + + See-also: gnupg-announce/2015q4/000381.html + + + + Noteworthy changes in version 2.1.9 (2015-10-09) + ------------------------------------------------ + @@ -456,6 +472,8 @@ Noteworthy changes in version 2.1.9 (2015-10-09) + * dirmngr: Add option --keyserver. Deprecate that option for gpg. + Install a dirmngr.conf file from a skeleton for new installations. + + + See-also: gnupg-announce/2015q4/000380.html + + + + Noteworthy changes in version 2.1.8 (2015-09-10) + ------------------------------------------------ + @@ -483,6 +501,8 @@ Noteworthy changes in version 2.1.8 (2015-09-10) + + * Various minor bug fixes. + + + See-also: gnupg-announce/2015q3/000379.html + + + + Noteworthy changes in version 2.1.7 (2015-08-11) + ------------------------------------------------ + @@ -508,6 +528,8 @@ Noteworthy changes in version 2.1.7 (2015-08-11) + + * Various other bug fixes. + + + See-also: gnupg-announce/2015q3/000371.html + + + + Noteworthy changes in version 2.1.6 (2015-07-01) + ------------------------------------------------ + @@ -538,6 +560,8 @@ Noteworthy changes in version 2.1.6 (2015-07-01) + + * Various other bug fixes. + + + See-also: gnupg-announce/2015q3/000370.html + + + + Noteworthy changes in version 2.1.5 (2015-06-11) + ------------------------------------------------ + @@ -552,6 +576,8 @@ Noteworthy changes in version 2.1.5 (2015-06-11) + + * Code cleanups and minor bug fixes. + + + See-also: gnupg-announce/2015q2/000369.html + + + + Noteworthy changes in version 2.1.4 (2015-05-12) + ------------------------------------------------ + @@ -577,6 +603,8 @@ Noteworthy changes in version 2.1.4 (2015-05-12) + + * Fixed lots of smaller bugs. + + + See-also: gnupg-announce/2015q2/000366.html + + + + Noteworthy changes in version 2.1.3 (2015-04-11) + ------------------------------------------------ + @@ -614,6 +642,8 @@ Noteworthy changes in version 2.1.3 (2015-04-11) + * Fixed possible problems due to compiler optimization, two minor + regressions, and other bugs. + + + See-also: gnupg-announce/2015q2/000365.html + + + + Noteworthy changes in version 2.1.2 (2015-02-11) + ------------------------------------------------ + @@ -648,6 +678,8 @@ Noteworthy changes in version 2.1.2 (2015-02-11) + * Fixed several bugs related to bogus keyrings and improved some + other code. + + + See-also: gnupg-announce/2015q1/000361.html + + + + Noteworthy changes in version 2.1.1 (2014-12-16) + ------------------------------------------------ + @@ -700,6 +732,8 @@ Noteworthy changes in version 2.1.1 (2014-12-16) + + * Improved portability and the usual bunch of bug fixes. + + + See-also: gnupg-announce/2014q4/000360.html + + + + Noteworthy changes in version 2.1.0 (2014-11-06) + ------------------------------------------------ + @@ -1017,6 +1051,8 @@ Noteworthy changes in version 2.1.0 (2014-11-06) + * Numerical values may now be used as an alternative to the + debug-level keywords. + + + See-also: gnupg-announce/2014q4/000358.html + + + + Version 2.0.28 (2015-06-02) + Version 2.0.27 (2015-02-18) + @@ -1060,6 +1096,8 @@ Noteworthy changes in version 2.0.13 (2009-09-04) + + * Minor bug fixes. + + + See-also: gnupg-announce/2009q3/000294.html + + + + Noteworthy changes in version 2.0.12 (2009-06-17) + ------------------------------------------------- + @@ -1087,6 +1125,8 @@ Noteworthy changes in version 2.0.12 (2009-06-17) + + * Changed code to avoid a possible Mac OS X system freeze. + + + See-also: gnupg-announce/2009q2/000288.html + + + + Noteworthy changes in version 2.0.11 (2009-03-03) + ------------------------------------------------- + @@ -1103,6 +1143,8 @@ Noteworthy changes in version 2.0.11 (2009-03-03) + due to interoperability problems with Outlook 2003 which still + can't cope with AES. + + + See-also: gnupg-announce/2009q1/000287.html + + + + Noteworthy changes in version 2.0.10 (2009-01-12) + ------------------------------------------------- + @@ -1158,6 +1200,8 @@ Noteworthy changes in version 2.0.10 (2009-01-12) + + * Libgcrypt 1.4 is now required. + + + See-also: gnupg-announce/2009q1/000284.html + + + + Noteworthy changes in version 2.0.9 (2008-03-26) + ------------------------------------------------ + @@ -1181,6 +1225,7 @@ Noteworthy changes in version 2.0.9 (2008-03-26) + * Minor bug fixes. + + + + + Noteworthy changes in version 2.0.8 (2007-12-20) + ------------------------------------------------ + + @@ -1214,6 +1259,8 @@ Noteworthy changes in version 2.0.8 (2007-12-20) + taken into account. This required a change of our socket emulation + code and changed the IPC protocol under Windows. + + + See-also: gnupg-announce/2007q4/000267.html + + + + Noteworthy changes in version 2.0.7 (2007-09-10) + ------------------------------------------------ + @@ -1232,6 +1279,8 @@ Noteworthy changes in version 2.0.7 (2007-09-10) + installed versions of the programs and does not anymore search via + PATH for them. + + + See-also: gnupg-announce/2007q3/000259.html + + + + Noteworthy changes in version 2.0.6 (2007-08-16) + ------------------------------------------------ + @@ -1247,6 +1296,8 @@ Noteworthy changes in version 2.0.6 (2007-08-16) + + * Improved Windows support. + + + See-also: gnupg-announce/2007q3/000258.html + + + + Noteworthy changes in version 2.0.5 (2007-07-05) + ------------------------------------------------ + @@ -1264,6 +1315,8 @@ Noteworthy changes in version 2.0.5 (2007-07-05) + * Changed key generation to reveal less information about the + machine. Bug fixes for gpg2's card key generation. + + + See-also: gnupg-announce/2007q3/000255.html + + + + Noteworthy changes in version 2.0.4 (2007-05-09) + ------------------------------------------------ + @@ -1276,6 +1329,8 @@ Noteworthy changes in version 2.0.4 (2007-05-09) + + * Improved the libgcrypt logging support in all modules. + + + See-also: gnupg-announce/2007q2/000254.html + + + + Noteworthy changes in version 2.0.3 (2007-03-08) + ------------------------------------------------ + @@ -1296,6 +1351,8 @@ Noteworthy changes in version 2.0.3 (2007-03-08) + * The PIN pad of the Cherry XX44 keyboard is now supported. The + DINSIG and the NKS applications are now also aware of PIN pads. + + + See-also: gnupg-announce/2007q1/000252.html + + + + Noteworthy changes in version 2.0.2 (2007-01-31) + ------------------------------------------------ + @@ -1314,6 +1371,8 @@ Noteworthy changes in version 2.0.2 (2007-01-31) + + * The status code BEGIN_SIGNING now shows the used hash algorithms. + + + See-also: gnupg-announce/2007q1/000249.html + + + + Noteworthy changes in version 2.0.1 (2006-11-28) + ------------------------------------------------ + @@ -1327,12 +1386,16 @@ Noteworthy changes in version 2.0.1 (2006-11-28) + + * Fixed a buffer overflow in gpg2. [bug#728,CVE-2006-6169] + + + See-also: gnupg-announce/2006q4/000242.html + + + + Noteworthy changes in version 2.0.0 (2006-11-11) + ------------------------------------------------ + + * First stable version of a GnuPG integrating OpenPGP and S/MIME. + + + See-also: gnupg-announce/2006q4/000239.html + + + + Noteworthy changes in version 1.9.95 (2006-11-06) + ------------------------------------------------- + @@ -1373,6 +1436,8 @@ Noteworthy changes in version 1.9.92 (2006-10-11) + + * Bug fixes. + + + See-also: gnupg-announce/2006q4/000236.html + + + + Noteworthy changes in version 1.9.91 (2006-10-04) + ------------------------------------------------- + @@ -1874,6 +1939,8 @@ Noteworthy changes in version 1.3.2 (2003-05-27) + of GnuPG and other OpenPGP programs, please do not use this + algorithm. + + + See-also: gnupg-announce/2003q2/000153.html + + + + Noteworthy changes in version 1.3.1 (2002-11-12) + ------------------------------------------------ + @@ -2200,6 +2267,8 @@ Noteworthy changes in version 1.0.7 (2002-04-29) + + * Read only keyrings are now handled as expected. + + + See-also: gnupg-announce/2002q2/000135.html + + + + Noteworthy changes in version 1.0.6 (2001-05-29) + ------------------------------------------------ + @@ -2218,6 +2287,8 @@ Noteworthy changes in version 1.0.6 (2001-05-29) + + * non-writable keyrings are now correctly handled. + + + See-also: gnupg-announce/2001q2/000123.html + + + + Noteworthy changes in version 1.0.5 (2001-04-29) + ------------------------------------------------ + @@ -2276,6 +2347,8 @@ Noteworthy changes in version 1.0.5 (2001-04-29) + + * New translations: Estonian, Turkish. + + + See-also: gnupg-announce/2001q2/000122.html + + + + Noteworthy changes in version 1.0.4 (2000-10-17) + ------------------------------------------------ + @@ -2291,6 +2364,9 @@ Noteworthy changes in version 1.0.4 (2000-10-17) + + * --with-colons now works with --print-md[s]. + + + See-also: gnupg-announce/2000q4/000082.html + + + + + Noteworthy changes in version 1.0.3 (2000-09-18) + ------------------------------------------------ + + @@ -2322,6 +2398,8 @@ Noteworthy changes in version 1.0.3 (2000-09-18) + this. Older versions of GnuPG don't support it, so they should be + upgraded to at least 1.0.2 + + + See-also: gnupg-announce/2000q3/000075.html + + + + Noteworthy changes in version 1.0.2 (2000-07-12) + ---------------------------------------------- + @@ -2380,6 +2458,9 @@ Noteworthy changes in version 1.0.2 (2000-07-12) + + * Danish translation + + + See-also: gnupg-announce/2000q3/000069.html + + + + + Noteworthy changes in version 1.0.1 (1999-12-16) + ----------------------------------- + + @@ -2411,6 +2492,8 @@ Noteworthy changes in version 1.0.1 (1999-12-16) + * Removed the GNU Privacy Handbook from the distribution as it will go + into a separate one. + + + See-also: gnupg-announce/1999q4/000050.html + + + + Noteworthy changes in version 1.0.0 (1999-09-07) + ----------------------------------- + @@ -2420,6 +2503,8 @@ Noteworthy changes in version 1.0.0 (1999-09-07) + + * Changed the version number to GnuPG 2001 ;-) + + + See-also: gnupg-announce/1999q3/000037.html + + + + Noteworthy changes in version 0.9.11 (1999-09-03) + ------------------------------------ + @@ -2431,6 +2516,8 @@ Noteworthy changes in version 0.9.11 (1999-09-03) + + * Fixed a problem when importing new subkeys (duplicated signatures). + + + See-also: gnupg-announce/1999q3/000036.html + + + + Noteworthy changes in version 0.9.10 (1999-07-23) + ------------------------------------ + @@ -2439,6 +2526,8 @@ Noteworthy changes in version 0.9.10 (1999-07-23) + + * Cleaned up the dox a bit. + + + See-also: gnupg-announce/1999q3/000034.html + + + + Noteworthy changes in version 0.9.9 + ----------------------------------- + @@ -2466,6 +2555,8 @@ Noteworthy changes in version 0.9.9 + * New option --allow-non-selfsigned-uid to work around a problem with + the German IN way of separating signing and encryption keys. + + + See-also: gnupg-announce/1999q3/000028.html + + + + Noteworthy changes in version 0.9.8 (1999-06-26) + ----------------------------------- + @@ -2487,6 +2578,8 @@ Noteworthy changes in version 0.9.8 (1999-06-26) + + * Better support for HPUX. + + + See-also: gnupg-announce/1999q2/000016.html + + + + Noteworthy changes in version 0.9.7 (1999-05-23) + ----------------------------------- + @@ -2496,6 +2589,8 @@ Noteworthy changes in version 0.9.7 (1999-05-23) + + * Enhanced some status outputs. + + + See-also: gnupg-announce/1999q2/000000.html + + + + Noteworthy changes in version 0.9.6 (1999-05-06) + ----------------------------------- + @@ -2812,7 +2907,7 @@ Noteworthy changes in version 0.3.3 (1998-08-08) + a copy of the old program. + 2. Disable the network, make sure that you are the only + user, be sure that there are no Trojan horses etc .... + - 3. Use your old gpg (version 0.3.[12]) and set the + + 3. Use your old gpg (version 0.3.1 or 0.3.2) and set the + passphrases of ALL your secret keys to empty! + (gpg --change-passphrase your-user-id). + 4. Save your ownertrusts (see the next point) + @@ -2825,7 +2920,7 @@ Noteworthy changes in version 0.3.3 (1998-08-08) + + * The format of the trust database has changed; you must delete + the old one, so gnupg can create a new one. + - IMPORTANT: Use version 0.3.[12] to save your assigned ownertrusts + + IMPORTANT: Use version 0.3.1 or .2 to save your assigned ownertrusts + ("gpgm --list-ownertrust >saved-trust"); then build this new version + and restore the ownertrust with this new version + ("gpgm --import-ownertrust saved-trust"). Please note that diff --combined debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch index 0000000,4443007..4443007 mode 000000,100644..100644 --- a/debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch +++ b/debian/patches/0022-g10-avoid-warning-when-disable-tofu.patch @@@ -1,0 -1,27 +1,27 @@@ + From: Daniel Kahn Gillmor + Date: Wed, 4 Jan 2017 08:31:06 -0500 + Subject: g10: avoid warning when --disable-tofu + + If configured with --disable-tofu, we see compiler warnings about an + unused variable. This should remove those warnings. + + (cherry picked from commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd) + --- + g10/trustdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + + diff --git a/g10/trustdb.c b/g10/trustdb.c + index d402cb2ba..c113b7e9d 100644 + --- a/g10/trustdb.c + +++ b/g10/trustdb.c + @@ -1002,9 +1002,9 @@ tdb_get_validity_core (ctrl_t ctrl, + ulong recno; + #ifdef USE_TOFU + unsigned int tofu_validity = TRUST_UNKNOWN; + + int free_kb = 0; + #endif + unsigned int validity = TRUST_UNKNOWN; + - int free_kb = 0; + + if (kb && pk) + log_assert (keyid_cmp (pk_main_keyid (pk), diff --combined debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch index 0000000,a05c742..a05c742 mode 000000,100644..100644 --- a/debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch +++ b/debian/patches/0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch @@@ -1,0 -1,30 +1,30 @@@ + From: Werner Koch + Date: Thu, 5 Jan 2017 20:25:16 +0100 + Subject: doc: Mention gpgv in the description of gpg --verify. + + -- + + Signed-off-by: Werner Koch + (cherry picked from commit 353f6ff37646ad4c24d309a495e6c6f41e5235e3) + --- + doc/gpg.texi | 7 +++++++ + 1 file changed, 7 insertions(+) + + diff --git a/doc/gpg.texi b/doc/gpg.texi + index 469e5484a..4ea2cd21e 100644 + --- a/doc/gpg.texi + +++ b/doc/gpg.texi + @@ -255,6 +255,13 @@ out the actual signed data, but there are other pitfalls with this + format as well. It is suggested to avoid cleartext signatures in + favor of detached signatures. + + +Note: Sometimes the use of the @command{gpgv} tool is easier than + +using the full-fledged @command{gpg} with this option. @command{gpgv} + +is designed to compare signed data against a list of trusted keys and + +returns with success only for a good signature. It has its own manual + +page. + + + + + @item --multifile + @opindex multifile + This modifies certain other commands to accept multiple files for diff --combined debian/patches/0024-Silence-two-Wlogical-op-warnings.patch index 0000000,78fd134..78fd134 mode 000000,100644..100644 --- a/debian/patches/0024-Silence-two-Wlogical-op-warnings.patch +++ b/debian/patches/0024-Silence-two-Wlogical-op-warnings.patch @@@ -1,0 -1,48 +1,48 @@@ + From: Werner Koch + Date: Thu, 5 Jan 2017 20:42:55 +0100 + Subject: Silence two -Wlogical-op warnings. + + * common/tlv.c (parse_ber_header): Avoid compiler warning about a + duplicate condition. + * tools/gpgtar-create.c (pattern_valid_p): Likewise. + + Signed-off-by: Werner Koch + (cherry picked from commit 6170eb809033c9d144abf3b1f31f8b936878cdd4) + --- + common/tlv.c | 4 ++-- + tools/gpgtar-create.c | 6 +++++- + 2 files changed, 7 insertions(+), 3 deletions(-) + + diff --git a/common/tlv.c b/common/tlv.c + index 6813c585a..0058b67ca 100644 + --- a/common/tlv.c + +++ b/common/tlv.c + @@ -214,9 +214,9 @@ parse_ber_header (unsigned char const **buffer, size_t *size, + else + { + unsigned long len = 0; + - int count = c & 0x7f; + + int count = (c & 0x7f); + + - if (count > sizeof (len) || count > sizeof (size_t)) + + if (count > (sizeof(len)= 'a' && *pattern <= 'z') diff --combined debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch index 0000000,1ee390f..1ee390f mode 000000,100644..100644 --- a/debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch +++ b/debian/patches/0025-doc-Document-summary-values-of-TOFU_STATS.patch @@@ -1,0 -1,36 +1,36 @@@ + From: Andre Heinecke + Date: Fri, 6 Jan 2017 12:26:01 +0100 + Subject: doc: Document summary values of TOFU_STATS + + -- + + Signed-off-by: Andre Heinecke + (cherry picked from commit e1f68337b979fe4b7c3bd095a83ea832e14efb74) + --- + doc/DETAILS | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + + diff --git a/doc/DETAILS b/doc/DETAILS + index 568500e51..ac599fc62 100644 + --- a/doc/DETAILS + +++ b/doc/DETAILS + @@ -761,6 +761,19 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: + takes on value 0. Instead, if there is a conflict, VALIDITY still + reflects the key's validity (values: 1-4). + + + SUMMARY values use the euclidean distance (m = sqrt(a² + b²)) rather + + then the sum of the magnitudes (m = a + b) to ensure a balance between + + verified signatures and encrypted messages. + + + + Values are calculated based on the number of days where a key was used + + for verifying a signature or to encrypt to it. + + The ranges for the values are: + + + + - 1 :: signature_days + encryption_days == 0 + + - 2 :: 1 <= sqrt(signature_days² + encryption_days²) < 8 + + - 3 :: 8 <= sqrt(signature_days² + encryption_days²) < 42 + + - 4 :: sqrt(signature_days² + encryption_days²) >= 42 + + + SIGN-COUNT and ENCRYPTION-COUNT are the number of messages that we + have seen that have been signed by this key / encryption to this + key. diff --combined debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch index 0000000,50d46f3..50d46f3 mode 000000,100644..100644 --- a/debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch +++ b/debian/patches/block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch @@@ -1,0 -1,60 +1,60 @@@ + From: Daniel Kahn Gillmor + Date: Tue, 11 Aug 2015 20:28:26 -0400 + Subject: Avoid simple memory dumps via ptrace + + This avoids needing to setgid gpg-agent. It probably doesn't defend + against all possible attacks, but it defends against one specific (and + easy) one. If there are other protections we should do them too. + + This will make it slightly harder to debug the agent because the + normal user won't be able to attach gdb to it directly while it runs. + + The remaining options for debugging are: + + * launch the agent from gdb directly + * connect gdb to a running agent as the superuser + + Upstream bug: https://bugs.gnupg.org/gnupg/issue1211 + --- + agent/gpg-agent.c | 8 ++++++++ + configure.ac | 1 + + 2 files changed, 9 insertions(+) + + diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c + index f4ed6c5c4..f5ecea544 100644 + --- a/agent/gpg-agent.c + +++ b/agent/gpg-agent.c + @@ -48,6 +48,9 @@ + # include + #endif + #include + +#ifdef HAVE_PRCTL + +# include + +#endif + + #define GNUPG_COMMON_NEED_AFLOCAL + #include "agent.h" + @@ -947,6 +950,11 @@ main (int argc, char **argv ) + + early_system_init (); + + +#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) + + /* Disable ptrace on Linux without sgid bit */ + + prctl(PR_SET_DUMPABLE, 0); + +#endif + + + /* Before we do anything else we save the list of currently open + file descriptors and the signal mask. This info is required to + do the exec call properly. */ + diff --git a/configure.ac b/configure.ac + index 663061031..932c741ef 100644 + --- a/configure.ac + +++ b/configure.ac + @@ -1335,6 +1335,7 @@ AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap canonicalize_file_name]) + AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r strtoull]) + AC_CHECK_FUNCS([setenv unsetenv fcntl ftruncate inet_ntop]) + AC_CHECK_FUNCS([canonicalize_file_name]) + +AC_CHECK_FUNCS([prctl]) + AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime]) + AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale]) + AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe getaddrinfo]) diff --combined debian/patches/debian-packaging/0001-avoid-beta-warning.patch index 0000000,f541c1a..f541c1a mode 000000,100644..100644 --- a/debian/patches/debian-packaging/0001-avoid-beta-warning.patch +++ b/debian/patches/debian-packaging/0001-avoid-beta-warning.patch @@@ -1,0 -1,44 +1,44 @@@ + From: Debian GnuPG Maintainers + Date: Tue, 14 Apr 2015 10:02:31 -0400 + Subject: avoid-beta-warning + + avoid self-describing as a beta + + Using autoreconf against the source as distributed in tarball form + invariably results in a package that thinks it's a "beta" package, + which produces the "THIS IS A DEVELOPMENT VERSION" warning string. + + since we use dh_autoreconf, i need this patch to avoid producing + builds that announce themselves as DEVELOPMENT VERSIONs. + + See discussion at: + + http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html + --- + autogen.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + + diff --git a/autogen.sh b/autogen.sh + index 92c6df807..6b631a241 100755 + --- a/autogen.sh + +++ b/autogen.sh + @@ -214,7 +214,7 @@ if [ "$myhost" = "find-version" ]; then + esac + + beta=no + - if [ -e .git ]; then + + if false; then + ingit=yes + tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null) + if [ -n "$tmp" ]; then + @@ -228,8 +228,8 @@ if [ "$myhost" = "find-version" ]; then + rvd=$((0x$(echo ${rev} | head -c 4))) + else + ingit=no + - beta=yes + - tmp="-unknown" + + beta=no + + tmp="" + rev="0000000" + rvd="0" + fi diff --combined debian/patches/debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch index 0000000,c141e4f..c141e4f mode 000000,100644..100644 --- a/debian/patches/debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch +++ b/debian/patches/debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch @@@ -1,0 -1,37 +1,37 @@@ + From: Daniel Kahn Gillmor + Date: Mon, 29 Aug 2016 12:34:42 -0400 + Subject: avoid regenerating defsincdate (use shipped file) + + upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am + tries to rewrite doc/defsincdate if it notices that any of the files + have been modified more recently, and it does so assuming that we're + running from a git repo. + + However, we'd rather ship the documents cleanly without regenerating + defsincdate -- we don't have a git repo available (debian builds from + upstream tarballs) and any changes to the texinfo files (e.g. from + debian/patches/) might result in different dates on the files than we + expect after they're applied by dpkg or quilt or whatever, which makes + the datestamp unreproducible. + --- + doc/Makefile.am | 7 ------- + 1 file changed, 7 deletions(-) + + diff --git a/doc/Makefile.am b/doc/Makefile.am + index 0c2f2c9dc..65b941ca7 100644 + --- a/doc/Makefile.am + +++ b/doc/Makefile.am + @@ -167,13 +167,6 @@ $(myman_pages) gnupg.7 : yat2m-stamp defs.inc + + dist-hook: defsincdate + + -defsincdate: $(gnupg_TEXINFOS) + - : >defsincdate ; \ + - if test -e $(top_srcdir)/.git; then \ + - (cd $(srcdir) && git log -1 --format='%ct' \ + - -- $(gnupg_TEXINFOS) 2>/dev/null) >>defsincdate; \ + - fi + - + defs.inc : defsincdate Makefile mkdefsinc + incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ + ./mkdefsinc -C $(srcdir) --date "`cat $$incd 2>/dev/null`" \ diff --combined debian/patches/dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch index 0000000,2020da7..2020da7 mode 000000,100644..100644 --- a/debian/patches/dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch +++ b/debian/patches/dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch @@@ -1,0 -1,77 +1,77 @@@ + From: Daniel Kahn Gillmor + Date: Sat, 29 Oct 2016 01:25:05 -0400 + Subject: dirmngr: hkp: Avoid potential race condition when some hosts die. + + * dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass + through the host table instead of risking out-of-bounds write. + + -- + + Multiple threads may write to hosttable[x]->dead while + select_random_host() is running. For example, a housekeeping thread + might clear the ->dead bit on some entries, or another connection to + dirmngr might manually mark a host as alive. + + If one or more hosts are resurrected between the two loops over a + given table in select_random_host(), then the allocation of tbl might + not be large enough, resulting in a write past the end of tbl on the + second loop. + + This change collapses the two loops into a single loop to avoid this + discrepancy: each host's "dead" bit is now only checked once. + + As Werner points out, this isn't currently strictly necessary, since + npth will not switch threads unless a blocking system call is made, + and no blocking system call is made in these two loops. + + However, in a subsequent change in this series, we will call a + function in this loop, and that function may sometimes write(2), or + call other functions, which may themselves block. Keeping this as a + single-pass loop avoids the need to keep track of what might block and + what might not. + + Signed-off-by: Daniel Kahn Gillmor + --- + dirmngr/ks-engine-hkp.c | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + + diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c + index a6c22f8cd..2d1240bb3 100644 + --- a/dirmngr/ks-engine-hkp.c + +++ b/dirmngr/ks-engine-hkp.c + @@ -209,25 +209,24 @@ host_in_pool_p (int *pool, int tblidx) + static int + select_random_host (int *table) + { + - int *tbl; + - size_t tblsize; + + int *tbl = NULL; + + size_t tblsize = 0; + int pidx, idx; + + /* We create a new table so that we randomly select only from + currently alive hosts. */ + - for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++) + + for (idx=0; (pidx = table[idx]) != -1; idx++) + if (hosttable[pidx] && !hosttable[pidx]->dead) + - tblsize++; + + { + + tblsize++; + + tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); + + if (!tbl) + + return -1; /* memory allocation failed! */ + + tbl[tblsize-1] = pidx; + + } + if (!tblsize) + return -1; /* No hosts. */ + + - tbl = xtrymalloc (tblsize * sizeof *tbl); + - if (!tbl) + - return -1; + - for (idx=0, tblsize=0; (pidx = table[idx]) != -1; idx++) + - if (hosttable[pidx] && !hosttable[pidx]->dead) + - tbl[tblsize++] = pidx; + - + if (tblsize == 1) /* Save a get_uint_nonce. */ + pidx = tbl[0]; + else diff --combined debian/patches/dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch index 0000000,75f4b90..75f4b90 mode 000000,100644..100644 --- a/debian/patches/dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch +++ b/debian/patches/dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch @@@ -1,0 -1,228 +1,228 @@@ + From: Daniel Kahn Gillmor + Date: Sat, 29 Oct 2016 02:00:50 -0400 + Subject: dimrngr: Avoid need for hkp housekeeping. + + * dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether + host is alive and resurrects it if it has been dead long enough. + (select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive + instead of testing hostinfo_t->dead directly. + (ks_hkp_housekeeping): Remove function, no longer needed. + * dirmngr/dirmngr.c (housekeeping_thread): Remove call to + ks_hkp_housekeeping. + + -- + + Rather than resurrecting hosts upon scheduled resurrection times, test + whether hosts should be resurrected as they're inspected for being + dead. This removes the need for explicit housekeeping, and makes host + resurrections happen "just in time", rather than being clustered on + HOUSEKEEPING_INTERVAL seconds. + + Signed-off-by: Daniel Kahn Gillmor + --- + dirmngr/dirmngr.c | 3 -- + dirmngr/dirmngr.h | 4 --- + dirmngr/ks-engine-hkp.c | 73 ++++++++++++++++++++++++------------------------- + 3 files changed, 36 insertions(+), 44 deletions(-) + + diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c + index 5ee589e93..130f74bc7 100644 + --- a/dirmngr/dirmngr.c + +++ b/dirmngr/dirmngr.c + @@ -1773,12 +1773,10 @@ static void * + housekeeping_thread (void *arg) + { + static int sentinel; + - time_t curtime; + struct server_control_s ctrlbuf; + + (void)arg; + + - curtime = gnupg_get_time (); + if (sentinel) + { + log_info ("housekeeping is already going on\n"); + @@ -1791,7 +1789,6 @@ housekeeping_thread (void *arg) + memset (&ctrlbuf, 0, sizeof ctrlbuf); + dirmngr_init_default_ctrl (&ctrlbuf); + + - ks_hkp_housekeeping (curtime); + if (network_activity_seen) + { + network_activity_seen = 0; + diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h + index 9a8787842..0469d55bc 100644 + --- a/dirmngr/dirmngr.h + +++ b/dirmngr/dirmngr.h + @@ -192,10 +192,6 @@ void dirmngr_sighup_action (void); + const char* dirmngr_get_current_socket_name (void); + + + -/*-- Various housekeeping functions. --*/ + -void ks_hkp_housekeeping (time_t curtime); + - + - + /*-- server.c --*/ + ldap_server_t get_ldapservers_from_ctrl (ctrl_t ctrl); + ksba_cert_t get_cert_local (ctrl_t ctrl, const char *issuer); + diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c + index 2d1240bb3..6f1c2e8e0 100644 + --- a/dirmngr/ks-engine-hkp.c + +++ b/dirmngr/ks-engine-hkp.c + @@ -203,6 +203,25 @@ host_in_pool_p (int *pool, int tblidx) + } + + + +static int + +host_is_alive (hostinfo_t hi, time_t curtime) + +{ + + if (!hi) + + return 0; + + if (!hi->dead) + + return 1; + + if (!hi->died_at) + + return 0; /* manually marked dead */ + + if (hi->died_at + RESURRECT_INTERVAL <= curtime + + || hi->died_at > curtime) + + { + + hi->dead = 0; + + log_info ("resurrected host '%s'", hi->name); + + return 1; + + } + + return 0; + +} + + + /* Select a random host. Consult TABLE which indices into the global + hosttable. Returns index into TABLE or -1 if no host could be + selected. */ + @@ -212,11 +231,13 @@ select_random_host (int *table) + int *tbl = NULL; + size_t tblsize = 0; + int pidx, idx; + + time_t curtime; + + + curtime = gnupg_get_time (); + /* We create a new table so that we randomly select only from + currently alive hosts. */ + for (idx=0; (pidx = table[idx]) != -1; idx++) + - if (hosttable[pidx] && !hosttable[pidx]->dead) + + if (hosttable[pidx] && host_is_alive (hosttable[pidx], curtime)) + { + tblsize++; + tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); + @@ -392,6 +413,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + gpg_error_t err = 0; + hostinfo_t hi; + int idx; + + time_t curtime; + + *r_host = NULL; + if (r_httpflags) + @@ -538,6 +560,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + xfree (reftbl); + } + + + curtime = gnupg_get_time (); + hi = hosttable[idx]; + if (hi->pool) + { + @@ -554,7 +577,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (force_reselect) + hi->poolidx = -1; + else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size + - && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) + + && hosttable[hi->poolidx] && !host_is_alive (hosttable[hi->poolidx], curtime)) + hi->poolidx = -1; + + /* Select a host if needed. */ + @@ -578,7 +601,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + assert (hi); + } + + - if (hi->dead) + + if (!host_is_alive (hi, curtime)) + { + log_error ("host '%s' marked as dead\n", hi->name); + if (r_poolname) + @@ -683,7 +706,8 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + { + gpg_error_t err = 0; + hostinfo_t hi, hi2; + - int idx, idx2, idx3, n; + + int idx, idx2, idx3, n, is_alive; + + time_t curtime; + + if (!name || !*name || !strcmp (name, "localhost")) + return 0; + @@ -692,13 +716,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + if (idx == -1) + return gpg_error (GPG_ERR_NOT_FOUND); + + + curtime = gnupg_get_time (); + hi = hosttable[idx]; + - if (alive && hi->dead) + + is_alive = host_is_alive (hi, curtime); + + if (alive && !is_alive) + { + hi->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", name); + } + - else if (!alive && !hi->dead) + + else if (!alive && is_alive) + { + hi->dead = 1; + hi->died_at = 0; /* Manually set dead. */ + @@ -730,14 +756,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + + hi2 = hosttable[n]; + if (!hi2) + - ; + - else if (alive && hi2->dead) + + continue; + + is_alive = host_is_alive (hi2, curtime); + + if (alive && !is_alive) + { + hi2->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", + hi2->name); + } + - else if (!alive && !hi2->dead) + + else if (!alive && is_alive) + { + hi2->dead = 1; + hi2->died_at = 0; /* Manually set dead. */ + @@ -939,34 +966,6 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri) + } + + + -/* Housekeeping function called from the housekeeping thread. It is + - used to mark dead hosts alive so that they may be tried again after + - some time. */ + -void + -ks_hkp_housekeeping (time_t curtime) + -{ + - int idx; + - hostinfo_t hi; + - + - for (idx=0; idx < hosttable_size; idx++) + - { + - hi = hosttable[idx]; + - if (!hi) + - continue; + - if (!hi->dead) + - continue; + - if (!hi->died_at) + - continue; /* Do not resurrect manually shot hosts. */ + - if (hi->died_at + RESURRECT_INTERVAL <= curtime + - || hi->died_at > curtime) + - { + - hi->dead = 0; + - log_info ("resurrected host '%s'", hi->name); + - } + - } + -} + - + - + /* Send an HTTP request. On success returns an estream object at + R_FP. HOSTPORTSTR is only used for diagnostics. If HTTPHOST is + not NULL it will be used as HTTP "Host" header. If POST_CB is not diff --combined debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch index 0000000,0851a62..0851a62 mode 000000,100644..100644 --- a/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch +++ b/debian/patches/dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch @@@ -1,0 -1,45 +1,45 @@@ + From: Daniel Kahn Gillmor + Date: Sun, 20 Nov 2016 23:09:24 -0500 + Subject: dirmngr: Avoid automatically checking upstream swdb. + + * dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically + checking upstream's software database. In Debian, software updates + should be handled by the distro mechanism, and additional upstream + checks only confuse the user. + + Signed-off-by: Daniel Kahn Gillmor + --- + dirmngr/dirmngr.c | 13 ------------- + 1 file changed, 13 deletions(-) + + diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c + index 130f74bc7..58a424e8c 100644 + --- a/dirmngr/dirmngr.c + +++ b/dirmngr/dirmngr.c + @@ -1773,7 +1773,6 @@ static void * + housekeeping_thread (void *arg) + { + static int sentinel; + - struct server_control_s ctrlbuf; + + (void)arg; + + @@ -1786,18 +1785,6 @@ housekeeping_thread (void *arg) + if (opt.verbose > 1) + log_info ("starting housekeeping\n"); + + - memset (&ctrlbuf, 0, sizeof ctrlbuf); + - dirmngr_init_default_ctrl (&ctrlbuf); + - + - if (network_activity_seen) + - { + - network_activity_seen = 0; + - if (opt.use_tor || opt.allow_version_check) + - dirmngr_load_swdb (&ctrlbuf, 0); + - } + - + - dirmngr_deinit_default_ctrl (&ctrlbuf); + - + if (opt.verbose > 1) + log_info ("ready with housekeeping\n"); + sentinel--; diff --combined debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch index 0000000,affb982..affb982 mode 000000,100644..100644 --- a/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch +++ b/debian/patches/dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch @@@ -1,0 -1,199 +1,199 @@@ + From: Daniel Kahn Gillmor + Date: Sat, 29 Oct 2016 02:15:08 -0400 + Subject: dirmngr: Drop useless housekeeping. + + * dirmngr/dirmngr.c (handle_tick, time_for_housekeeping_p, + housekeeping_thread): Remove, no longer needed. + (handle_connections): Drop any attempt at a timeout, since no + housekeeping is necessary. + + -- + + The housekeeping thread no longer does anything, and the main loop was + waking up every 60 seconds for no good reason. The code is simpler + and the runtime is more efficient if we drop this. + + Signed-off-by: Daniel Kahn Gillmor + --- + dirmngr/dirmngr.c | 113 +++--------------------------------------------------- + 1 file changed, 5 insertions(+), 108 deletions(-) + + diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c + index 58a424e8c..0b8bb02e6 100644 + --- a/dirmngr/dirmngr.c + +++ b/dirmngr/dirmngr.c + @@ -304,13 +304,6 @@ static int active_connections; + * thread to run background network tasks. */ + static int network_activity_seen; + + -/* The timer tick used for housekeeping stuff. */ + -#define TIMERTICK_INTERVAL (60) + - + -/* How oft to run the housekeeping. */ + -#define HOUSEKEEPING_INTERVAL (600) + - + - + /* This union is used to avoid compiler warnings in case a pointer is + 64 bit and an int 32 bit. We store an integer in a pointer and get + it back later (npth_getspecific et al.). */ + @@ -1768,83 +1761,6 @@ handle_signal (int signo) + #endif /*!HAVE_W32_SYSTEM*/ + + + -/* Thread to do the housekeeping. */ + -static void * + -housekeeping_thread (void *arg) + -{ + - static int sentinel; + - + - (void)arg; + - + - if (sentinel) + - { + - log_info ("housekeeping is already going on\n"); + - return NULL; + - } + - sentinel++; + - if (opt.verbose > 1) + - log_info ("starting housekeeping\n"); + - + - if (opt.verbose > 1) + - log_info ("ready with housekeeping\n"); + - sentinel--; + - return NULL; + - + -} + - + - + -#if GPGRT_GCC_HAVE_PUSH_PRAGMA + -# pragma GCC push_options + -# pragma GCC optimize ("no-strict-overflow") + -#endif + -static int + -time_for_housekeeping_p (time_t curtime) + -{ + - static time_t last_housekeeping; + - + - if (!last_housekeeping) + - last_housekeeping = curtime; + - + - if (last_housekeeping + HOUSEKEEPING_INTERVAL <= curtime + - || last_housekeeping > curtime /*(be prepared for y2038)*/) + - { + - last_housekeeping = curtime; + - return 1; + - } + - return 0; + -} + -#if GPGRT_GCC_HAVE_PUSH_PRAGMA + -# pragma GCC pop_options + -#endif + - + - + -/* This is the worker for the ticker. It is called every few seconds + - and may only do fast operations. */ + -static void + -handle_tick (void) + -{ + - if (time_for_housekeeping_p (gnupg_get_time ())) + - { + - npth_t thread; + - npth_attr_t tattr; + - int err; + - + - err = npth_attr_init (&tattr); + - if (err) + - log_error ("error preparing housekeeping thread: %s\n", strerror (err)); + - else + - { + - npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED); + - err = npth_create (&thread, &tattr, housekeeping_thread, NULL); + - if (err) + - log_error ("error spawning housekeeping thread: %s\n", + - strerror (err)); + - npth_attr_destroy (&tattr); + - } + - } + -} + - + - + /* Check the nonce on a new connection. This is a NOP unless we are + using our Unix domain socket emulation under Windows. */ + static int + @@ -1945,9 +1861,6 @@ handle_connections (assuan_fd_t listen_fd) + gnupg_fd_t fd; + int nfd, ret; + fd_set fdset, read_fdset; + - struct timespec abstime; + - struct timespec curtime; + - struct timespec timeout; + int saved_errno; + int my_inotify_fd = -1; + + @@ -1987,9 +1900,7 @@ handle_connections (assuan_fd_t listen_fd) + #endif /*HAVE_INOTIFY_INIT*/ + + + - /* Setup the fdset. It has only one member. This is because we use + - pth_select instead of pth_accept to properly sync timeouts with + - to full second. */ + + /* Setup the fdset. */ + FD_ZERO (&fdset); + FD_SET (FD2INT (listen_fd), &fdset); + nfd = FD2INT (listen_fd); + @@ -2000,9 +1911,6 @@ handle_connections (assuan_fd_t listen_fd) + nfd = my_inotify_fd; + } + + - npth_clock_gettime (&abstime); + - abstime.tv_sec += TIMERTICK_INTERVAL; + - + /* Main loop. */ + for (;;) + { + @@ -2013,7 +1921,7 @@ handle_connections (assuan_fd_t listen_fd) + break; /* ready */ + + /* Do not accept new connections but keep on running the + - * loop to cope with the timer events. + + * select loop to wait for signals (e.g. SIGCHLD). + * + * Note that we do not close the listening socket because a + * client trying to connect to that socket would instead + @@ -2033,24 +1941,14 @@ handle_connections (assuan_fd_t listen_fd) + /* Take a copy of the fdset. */ + read_fdset = fdset; + + - npth_clock_gettime (&curtime); + - if (!(npth_timercmp (&curtime, &abstime, <))) + - { + - /* Timeout. */ + - handle_tick (); + - npth_clock_gettime (&abstime); + - abstime.tv_sec += TIMERTICK_INTERVAL; + - } + - npth_timersub (&abstime, &curtime, &timeout); + - + #ifndef HAVE_W32_SYSTEM + - ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask()); + + ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, NULL, npth_sigev_sigmask()); + saved_errno = errno; + + while (npth_sigev_get_pending(&signo)) + handle_signal (signo); + #else + - ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, NULL, NULL); + + ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, NULL, NULL, NULL); + saved_errno = errno; + #endif + + @@ -2064,8 +1962,7 @@ handle_connections (assuan_fd_t listen_fd) + + if (ret <= 0) + { + - /* Interrupt or timeout. Will be handled when calculating the + - next timeout. */ + + /* Interrupt. Will be handled at the top of the next loop. */ + continue; + } + diff --combined debian/patches/gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch index 0000000,b758117..b758117 mode 000000,100644..100644 --- a/debian/patches/gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch +++ b/debian/patches/gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch @@@ -1,0 -1,192 +1,192 @@@ + From: Daniel Kahn Gillmor + Date: Mon, 31 Oct 2016 21:27:36 -0400 + Subject: agent: Create framework of scheduled timers. + + agent/gpg-agent.c (handle_tick): Remove intermittent call to + check_own_socket. + (tv_is_set): Add inline helper function for readability. + (handle_connections) Create general table of pending scheduled + timeouts. + + -- + + handle_tick() does fine-grained, rapid activity. check_own_socket() + is supposed to happen at a different interval. + + Mixing the two of them makes it a requirement that one interval be a + multiple of the other, which isn't ideal if there are different delay + strategies that we might want in the future. + + Creating an extensible regular timer framework in handle_connections + should make it possible to have any number of cadenced timers fire + regularly, without requiring that they happen in cadences related to + each other. + + It should also make it possible to dynamically change the cadence of + any regularly-scheduled timeout. + + Signed-off-by: Daniel Kahn Gillmor + --- + agent/gpg-agent.c | 87 ++++++++++++++++++++++++++++++++++++------------------- + 1 file changed, 58 insertions(+), 29 deletions(-) + + diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c + index f5ecea544..82c8ae062 100644 + --- a/agent/gpg-agent.c + +++ b/agent/gpg-agent.c + @@ -2270,11 +2270,6 @@ create_directories (void) + static void + handle_tick (void) + { + - static time_t last_minute; + - + - if (!last_minute) + - last_minute = time (NULL); + - + /* Check whether the scdaemon has died and cleanup in this case. */ + agent_scd_check_aliveness (); + + @@ -2293,16 +2288,6 @@ handle_tick (void) + } + } + #endif /*HAVE_W32_SYSTEM*/ + - + - /* Code to be run from time to time. */ + -#if CHECK_OWN_SOCKET_INTERVAL > 0 + - if (last_minute + CHECK_OWN_SOCKET_INTERVAL <= time (NULL)) + - { + - check_own_socket (); + - last_minute = time (NULL); + - } + -#endif + - + } + + + @@ -2699,6 +2684,15 @@ start_connection_thread_ssh (void *arg) + } + + + +/* helper function for readability: test whether a given struct + + timespec is set to all-zeros */ + +static inline int + +tv_is_set (struct timespec tv) + +{ + + return tv.tv_sec || tv.tv_nsec; + +} + + + + + /* Connection handler loop. Wait for connection requests and spawn a + thread after accepting a connection. */ + static void + @@ -2716,9 +2710,11 @@ handle_connections (gnupg_fd_t listen_fd, + gnupg_fd_t fd; + int nfd; + int saved_errno; + + int idx; + struct timespec abstime; + struct timespec curtime; + struct timespec timeout; + + struct timespec *select_timeout; + #ifdef HAVE_W32_SYSTEM + HANDLE events[2]; + unsigned int events_set; + @@ -2734,6 +2730,14 @@ handle_connections (gnupg_fd_t listen_fd, + { "browser", start_connection_thread_browser }, + { "ssh", start_connection_thread_ssh } + }; + + struct { + + struct timespec interval; + + void (*func) (void); + + struct timespec next; + + } timertbl[] = { + + { { TIMERTICK_INTERVAL, 0 }, handle_tick }, + + { { CHECK_OWN_SOCKET_INTERVAL, 0 }, check_own_socket } + + }; + + + ret = npth_attr_init(&tattr); + @@ -2823,9 +2827,6 @@ handle_connections (gnupg_fd_t listen_fd, + listentbl[2].l_fd = listen_fd_browser; + listentbl[3].l_fd = listen_fd_ssh; + + - npth_clock_gettime (&abstime); + - abstime.tv_sec += TIMERTICK_INTERVAL; + - + for (;;) + { + /* Shutdown test. */ + @@ -2854,18 +2855,47 @@ handle_connections (gnupg_fd_t listen_fd, + thus a simple assignment is fine to copy the entire set. */ + read_fdset = fdset; + + + /* loop through all timers, fire any registered functions, and + + plan next timer to trigger */ + npth_clock_gettime (&curtime); + - if (!(npth_timercmp (&curtime, &abstime, <))) + - { + - /* Timeout. */ + - handle_tick (); + - npth_clock_gettime (&abstime); + - abstime.tv_sec += TIMERTICK_INTERVAL; + - } + - npth_timersub (&abstime, &curtime, &timeout); + + abstime.tv_sec = abstime.tv_nsec = 0; + + for (idx=0; idx < DIM(timertbl); idx++) + + { + + /* schedule any unscheduled timers */ + + if ((!tv_is_set (timertbl[idx].next)) && tv_is_set (timertbl[idx].interval)) + + npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); + + /* if a timer is due, fire it ... */ + + if (tv_is_set (timertbl[idx].next)) + + { + + if (!(npth_timercmp (&curtime, &timertbl[idx].next, <))) + + { + + timertbl[idx].func (); + + npth_clock_gettime (&curtime); + + /* ...and reschedule it, if desired: */ + + if (tv_is_set (timertbl[idx].interval)) + + npth_timeradd (&timertbl[idx].interval, &curtime, &timertbl[idx].next); + + else + + timertbl[idx].next.tv_sec = timertbl[idx].next.tv_nsec = 0; + + } + + } + + /* accumulate next timer to come due in abstime: */ + + if (tv_is_set (timertbl[idx].next) && + + ((!tv_is_set (abstime)) || + + (npth_timercmp (&abstime, &timertbl[idx].next, >)))) + + abstime = timertbl[idx].next; + + } + + /* choose a timeout for the select loop: */ + + if (tv_is_set (abstime)) + + { + + npth_timersub (&abstime, &curtime, &timeout); + + select_timeout = &timeout; + + } + + else + + select_timeout = NULL; + + + + #ifndef HAVE_W32_SYSTEM + - ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, + + ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, + npth_sigev_sigmask ()); + saved_errno = errno; + + @@ -2875,7 +2905,7 @@ handle_connections (gnupg_fd_t listen_fd, + handle_signal (signo); + } + #else + - ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout, + + ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, select_timeout, + events, &events_set); + saved_errno = errno; + + @@ -2898,7 +2928,6 @@ handle_connections (gnupg_fd_t listen_fd, + + if (!shutdown_pending) + { + - int idx; + ctrl_t ctrl; + npth_t thread; + diff --combined debian/patches/gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch index 0000000,6d294d3..6d294d3 mode 000000,100644..100644 --- a/debian/patches/gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch +++ b/debian/patches/gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch @@@ -1,0 -1,101 +1,101 @@@ + From: Daniel Kahn Gillmor + Date: Tue, 1 Nov 2016 00:45:23 -0400 + Subject: agent: Allow threads to interrupt main select loop with SIGCONT. + + * agent/gpg-agent.c (interrupt_main_thread_loop): New function on + non-windows platforms, allows other threads to interrupt the main loop + if there's something that the main loop might be interested in. + + -- + + For example, the main loop might be interested in changes in program + state that affect the timers it expects to see. + + I don't know how to do this on Windows platforms, but i welcome any + proposed improvements. + + Signed-off-by: Daniel Kahn Gillmor + --- + agent/agent.h | 1 + + agent/gpg-agent.c | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + + diff --git a/agent/agent.h b/agent/agent.h + index 89dc46d05..147d242ec 100644 + --- a/agent/agent.h + +++ b/agent/agent.h + @@ -345,6 +345,7 @@ void *get_agent_scd_notify_event (void); + #endif + void agent_sighup_action (void); + int map_pk_openpgp_to_gcry (int openpgp_algo); + +void interrupt_main_thread_loop (void); + + /*-- command.c --*/ + gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid, + diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c + index 82c8ae062..04a775c9b 100644 + --- a/agent/gpg-agent.c + +++ b/agent/gpg-agent.c + @@ -382,6 +382,9 @@ static char *current_logfile; + watched. */ + static pid_t parent_pid = (pid_t)(-1); + + +/* Record the pid of the main thread, for easier signalling */ + +static pid_t main_thread_pid = (pid_t)(-1); + + + /* Number of active connections. */ + static int active_connections; + + @@ -2020,7 +2023,7 @@ get_agent_scd_notify_event (void) + GetCurrentProcess(), &h2, + EVENT_MODIFY_STATE|SYNCHRONIZE, TRUE, 0)) + { + - log_error ("setting syncronize for scd notify event failed: %s\n", + + log_error ("setting synchronize for scd notify event failed: %s\n", + w32_strerror (-1) ); + CloseHandle (h); + } + @@ -2346,6 +2349,10 @@ handle_signal (int signo) + agent_sigusr2_action (); + break; + + + /* nothing to do here, just take an extra cycle on the select loop */ + + case SIGCONT: + + break; + + + case SIGTERM: + if (!shutdown_pending) + log_info ("SIGTERM received - shutting down ...\n"); + @@ -2684,6 +2691,13 @@ start_connection_thread_ssh (void *arg) + } + + + +void interrupt_main_thread_loop (void) + +{ + +#ifndef HAVE_W32_SYSTEM + + kill (main_thread_pid, SIGCONT); + +#endif + +} + + + /* helper function for readability: test whether a given struct + timespec is set to all-zeros */ + static inline int + @@ -2752,8 +2766,10 @@ handle_connections (gnupg_fd_t listen_fd, + npth_sigev_add (SIGUSR1); + npth_sigev_add (SIGUSR2); + npth_sigev_add (SIGINT); + + npth_sigev_add (SIGCONT); + npth_sigev_add (SIGTERM); + npth_sigev_fini (); + + main_thread_pid = getpid (); + #else + # ifdef HAVE_W32CE_SYSTEM + /* Use a dummy event. */ + @@ -2765,6 +2781,7 @@ handle_connections (gnupg_fd_t listen_fd, + # endif + #endif + + + + if (disable_check_own_socket) + my_inotify_fd = -1; + else if ((err = gnupg_inotify_watch_socket (&my_inotify_fd, socket_name))) diff --combined debian/patches/gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch index 0000000,c1d8ee0..c1d8ee0 mode 000000,100644..100644 --- a/debian/patches/gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch +++ b/debian/patches/gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch @@@ -1,0 -1,87 +1,87 @@@ + From: Daniel Kahn Gillmor + Date: Tue, 1 Nov 2016 00:14:10 -0400 + Subject: agent: Avoid tight timer tick when possible. + + * agent/gpg-agent.c (need_tick): Evaluate whether the short-phase + handle_tick() is needed. + (handle_connections): On each cycle of the select loop, adjust whether + we should call handle_tick() or not. + * agent/call-scd.c (start_scd): Call interrupt_main_thread_loop() once + the scdaemon thread context has started up. + + -- + + With this change, an idle gpg-agent that has no scdaemon running only + wakes up once a minute (to check_own_socket). + + Signed-off-by: Daniel Kahn Gillmor + --- + agent/call-scd.c | 4 +++- + agent/gpg-agent.c | 25 ++++++++++++++++++++++++- + 2 files changed, 27 insertions(+), 2 deletions(-) + + diff --git a/agent/call-scd.c b/agent/call-scd.c + index ba59c1825..1ac0f6ba5 100644 + --- a/agent/call-scd.c + +++ b/agent/call-scd.c + @@ -407,7 +407,9 @@ start_scd (ctrl_t ctrl) + + primary_scd_ctx = ctx; + primary_scd_ctx_reusable = 0; + - + + /* notify the main loop that something has changed */ + + interrupt_main_thread_loop (); + + + leave: + xfree (abs_homedir); + if (err) + diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c + index 04a775c9b..1bfe0f3ae 100644 + --- a/agent/gpg-agent.c + +++ b/agent/gpg-agent.c + @@ -2267,6 +2267,26 @@ create_directories (void) + } + + + +static int + +need_tick (void) + +{ + +#ifdef HAVE_W32_SYSTEM + + /* We do not know how to interrupt the select loop on Windows, so we + + always need a short tick there. */ + + return 1; + +#else + + /* if we were invoked like "gpg-agent cmd arg1 arg2" then we need to + + watch our parent. */ + + if (parent_pid != (pid_t)(-1)) + + return 1; + + /* if scdaemon is running, we need to check that it's alive */ + + if (agent_scd_check_running ()) + + return 1; + + /* otherwise, nothing fine-grained to do. */ + + return 0; + +#endif /*HAVE_W32_SYSTEM*/ + +} + + + + /* This is the worker for the ticker. It is called every few seconds + and may only do fast operations. */ + @@ -2325,7 +2345,7 @@ agent_sigusr2_action (void) + + #ifndef HAVE_W32_SYSTEM + /* The signal handler for this program. It is expected to be run in + - its own trhead and not in the context of a signal handler. */ + + its own thread and not in the context of a signal handler. */ + static void + handle_signal (int signo) + { + @@ -2872,6 +2892,9 @@ handle_connections (gnupg_fd_t listen_fd, + thus a simple assignment is fine to copy the entire set. */ + read_fdset = fdset; + + + /* avoid a fine-grained timer if we don't need one: */ + + timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; + + + /* loop through all timers, fire any registered functions, and + plan next timer to trigger */ + npth_clock_gettime (&curtime); diff --combined debian/patches/gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch index 0000000,6a565ea..6a565ea mode 000000,100644..100644 --- a/debian/patches/gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch +++ b/debian/patches/gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch @@@ -1,0 -1,26 +1,26 @@@ + From: Daniel Kahn Gillmor + Date: Tue, 1 Nov 2016 00:57:44 -0400 + Subject: agent: Avoid scheduled checks on socket when inotify is working. + + * agent/gpg-agent.c (handle_connections): When inotify is working, we + do not need to schedule a timer to evaluate whether we control our own + socket or not. + + Signed-off-by: Daniel Kahn Gillmor + --- + agent/gpg-agent.c | 2 ++ + 1 file changed, 2 insertions(+) + + diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c + index 1bfe0f3ae..0e5354947 100644 + --- a/agent/gpg-agent.c + +++ b/agent/gpg-agent.c + @@ -2894,6 +2894,8 @@ handle_connections (gnupg_fd_t listen_fd, + + /* avoid a fine-grained timer if we don't need one: */ + timertbl[0].interval.tv_sec = need_tick () ? TIMERTICK_INTERVAL : 0; + + /* avoid waking up to check sockets if we can count on inotify */ + + timertbl[1].interval.tv_sec = (my_inotify_fd == -1) ? CHECK_OWN_SOCKET_INTERVAL : 0; + + /* loop through all timers, fire any registered functions, and + plan next timer to trigger */ diff --combined debian/patches/series index 0000000,1ea9189..1ea9189 mode 000000,100644..100644 --- a/debian/patches/series +++ b/debian/patches/series @@@ -1,0 -1,25 +1,25 @@@ + debian-packaging/0001-avoid-beta-warning.patch + block-ptrace-on-agent/0002-Avoid-simple-memory-dumps-via-ptrace.patch + debian-packaging/0003-avoid-regenerating-defsincdate-use-shipped-file.patch + dirmngr-idling/0001-dirmngr-hkp-Avoid-potential-race-condition-when-some.patch + dirmngr-idling/0002-dimrngr-Avoid-need-for-hkp-housekeeping.patch + dirmngr-idling/0004-dirmngr-Avoid-automatically-checking-upstream-swdb.patch + dirmngr-idling/0005-dirmngr-Drop-useless-housekeeping.patch + gpg-agent-idling/0001-agent-Create-framework-of-scheduled-timers.patch + gpg-agent-idling/0002-agent-Allow-threads-to-interrupt-main-select-loop-wi.patch + gpg-agent-idling/0003-agent-Avoid-tight-timer-tick-when-possible.patch + gpg-agent-idling/0004-agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch + 0012-gpgscm-Guard-use-of-union-member.patch + 0013-dirmngr-Fix-for-disable-libdns-usage.patch + 0014-dirmngr-Strip-root-zone-suffix-from-libdns-cname-res.patch + 0015-doc-Remove-warning-that-DNS-is-not-routed-via-Tor.patch + 0016-build-Enable-gcc-warnings-to-detect-non-portable-cod.patch + 0017-Replace-use-of-variable-length-arrays.patch + 0018-dirmngr-New-debug-message-on-correctly-initialized-l.patch + 0019-dirmngr-Make-sure-Tor-mode-is-also-set-for-DNS-on-SI.patch + 0020-doc-Extend-dirmngr-s-allow-version-check-description.patch + 0021-doc-Add-release-announcement-pointers-to-NEWS-entrie.patch + 0022-g10-avoid-warning-when-disable-tofu.patch + 0023-doc-Mention-gpgv-in-the-description-of-gpg-verify.patch + 0024-Silence-two-Wlogical-op-warnings.patch + 0025-doc-Document-summary-values-of-TOFU_STATS.patch diff --combined debian/rules index 0000000,241cead..241cead mode 000000,100755..100755 --- a/debian/rules +++ b/debian/rules @@@ -1,0 -1,67 +1,67 @@@ + #!/usr/bin/make -f + # debian/rules file - for GnuPG + # Copyright 1994,1995 by Ian Jackson. + # Copyright 1998-2003 by James Troup. + # Copyright 2003-2004 by Matthias Urlichs. + # + # I hereby give you perpetual unlimited permission to copy, + # modify and relicense this file, provided that you do not remove + # my name from the file itself. (I assert my moral right of + # paternity under the Copyright, Designs and Patents Act 1988.) + # This file may have to be extensively modified + + include /usr/share/dpkg/architecture.mk + + export DEB_BUILD_MAINT_OPTIONS = hardening=+all + + # avoid -pie for gpgv-static on hppa, kfreebsd-amd64, and x32 + # platforms, which cannot support it by default: + ifeq (,$(filter $(DEB_HOST_ARCH), hppa kfreebsd-amd64 x32)) + GPGV_STATIC_HARDENING = "-pie" + else + GPGV_STATIC_HARDENING = "" + endif + + %: + dh $@ --with=autoreconf --builddirectory=build + + GPGV_UDEB_UNNEEDED = gpgtar bzip2 gpgsm scdaemon dirmngr doc tofu exec ldap gnutls sqlite libdns + + WIN32_FLAGS=LDFLAGS="-Xlinker --no-insert-timestamp -static" CFLAGS="-g -Os" CPPFLAGS= + + override_dh_auto_configure: + dh_auto_configure --builddirectory=build-gpgv-udeb -- \ + --enable-gpg2-is-gpg \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) + dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \ + --enable-gpg2-is-gpg \ + --enable-symcryptrun --enable-large-secmem + + override_dh_auto_build-arch: + dh_auto_build --builddirectory=build-gpgv-udeb + dh_auto_build --builddirectory=build + cp -a build-gpgv-udeb build-gpgv-static + rm -f build-gpgv-static/g10/gpgv + cd build-gpgv-static/g10 && $(MAKE) LDFLAGS="$$LDFLAGS $(GPGV_STATIC_HARDENING) -static" gpgv + mv build-gpgv-static/g10/gpgv build-gpgv-static/g10/gpgv-static + + override_dh_auto_build-indep: + mkdir -p build-gpgv-win32 + cd build-gpgv-win32 && $(WIN32_FLAGS) ../configure \ + $(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x)) \ + $(foreach x, libgpg-error libgcrypt libassuan ksba npth, --with-$x-prefix=/usr/i686-w64-mingw32) \ + --enable-gpg2-is-gpg \ + --with-zlib=/usr/i686-w64-mingw \ + --prefix=/usr/i686-w64-mingw32 \ + --host i686-w64-mingw32 + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libcommon.a + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libgpgrl.a + cd build-gpgv-win32/common && $(WIN32_FLAGS) $(MAKE) libsimple-pwquery.a + cd build-gpgv-win32/kbx && $(WIN32_FLAGS) $(MAKE) libkeybox.a + cd build-gpgv-win32/g10 && $(WIN32_FLAGS) $(MAKE) gpgv.exe + strip build-gpgv-win32/g10/gpgv.exe + + override_dh_shlibdeps: + # Make ldap a recommends rather than a hard dependency. + dpkg-shlibdeps -Tdebian/dirmngr.substvars -dRecommends debian/dirmngr/usr/lib/gnupg/dirmngr_ldap -dDepends debian/dirmngr/usr/bin/dirmngr* + dh_shlibdeps -Ndirmngr diff --combined debian/scdaemon.examples index 0000000,29f41a8..29f41a8 mode 000000,100644..100644 --- a/debian/scdaemon.examples +++ b/debian/scdaemon.examples @@@ -1,0 -1,1 +1,1 @@@ + doc/examples/scd-event diff --combined debian/scdaemon.install index 0000000,a2a79aa..a2a79aa mode 000000,100644..100644 --- a/debian/scdaemon.install +++ b/debian/scdaemon.install @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/lib/gnupg/scdaemon diff --combined debian/scdaemon.lintian-overrides index 0000000,b575cb1..b575cb1 mode 000000,100644..100644 --- a/debian/scdaemon.lintian-overrides +++ b/debian/scdaemon.lintian-overrides @@@ -1,0 -1,4 +1,4 @@@ + # there is actually a function for interacting with the smartcard + # called "writen" that writes n octets; it is in the binary because it + # can be emitted in debug output: + scdaemon: spelling-error-in-binary usr/lib/gnupg/scdaemon writen written diff --combined debian/scdaemon.manpages index 0000000,9efee23..9efee23 mode 000000,100644..100644 --- a/debian/scdaemon.manpages +++ b/debian/scdaemon.manpages @@@ -1,0 -1,1 +1,1 @@@ + debian/tmp/usr/share/man/man1/scdaemon.1 diff --combined debian/scdaemon.udev index 0000000,d2efb55..d2efb55 mode 000000,100644..100644 --- a/debian/scdaemon.udev +++ b/debian/scdaemon.udev @@@ -1,0 -1,46 +1,46 @@@ + # do not edit this file, it will be overwritten on update + + SUBSYSTEM!="usb", GOTO="gnupg_rules_end" + ACTION!="add", GOTO="gnupg_rules_end" + + # USB SmartCard Readers + ## Cherry GmbH (XX33, ST2000) + ATTR{idVendor}=="046a", ATTR{idProduct}=="0005", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="046a", ATTR{idProduct}=="0010", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="046a", ATTR{idProduct}=="003e", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## SCM Microsystems, Inc (SCR331-DI, SCR335, SCR3320, SCR331, SCR3310 and SPR532) + ATTR{idVendor}=="04e6", ATTR{idProduct}=="5111", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="04e6", ATTR{idProduct}=="5116", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="04e6", ATTR{idProduct}=="5117", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Omnikey AG (CardMan 3821, CardMan 6121) + ATTR{idVendor}=="076b", ATTR{idProduct}=="3821", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="076b", ATTR{idProduct}=="6622", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Gemalto + ATTR{idVendor}=="08e6", ATTR{idProduct}=="3437", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="08e6", ATTR{idProduct}=="3438", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="08e6", ATTR{idProduct}=="3478", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="08e6", ATTR{idProduct}=="34c2", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="08e6", ATTR{idProduct}=="34ec", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Reiner (SCT cyberJack) + ATTR{idVendor}=="0c4b", ATTR{idProduct}=="0500", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Kobil (KAAN) + ATTR{idVendor}=="0d46", ATTR{idProduct}=="2012", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## VASCO (DIGIPASS 920) + ATTR{idVendor}=="1a44", ATTR{idProduct}=="0920", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Crypto Stick + ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Nitrokey + ATTR{idVendor}=="20a0", ATTR{idProduct}=="4108", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="20a0", ATTR{idProduct}=="4109", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ATTR{idVendor}=="20a0", ATTR{idProduct}=="4211", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Gnuk Token + ATTR{idVendor}=="234b", ATTR{idProduct}=="0000", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Alcor Micro Corp cardreader (in ThinkPad X250) + ATTR{idVendor}=="058f", ATTR{idProduct}=="9540", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + ## Fujitsu Siemens + ATTR{idVendor}=="0bf8", ATTR{idProduct}=="1006", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + + LABEL="gnupg_rules_end" diff --combined debian/source/format index 0000000,163aaf8..163aaf8 mode 000000,100644..100644 --- a/debian/source/format +++ b/debian/source/format @@@ -1,0 -1,1 +1,1 @@@ + 3.0 (quilt) diff --combined debian/source/lintian-overrides index 0000000,b5221c7..b5221c7 mode 000000,100644..100644 --- a/debian/source/lintian-overrides +++ b/debian/source/lintian-overrides @@@ -1,0 -1,4 +1,4 @@@ + # doc merely references / cites IETF RFC: + gnupg2 source: license-problem-non-free-RFC doc/OpenPGP + gnupg2 source: license-problem-non-free-RFC debian/copyright + diff --combined debian/source/options index 0000000,f0f8ede..f0f8ede mode 000000,100644..100644 --- a/debian/source/options +++ b/debian/source/options @@@ -1,0 -1,3 +1,3 @@@ + # let dpkg-source create a debian.tar.bz2 with maximal compression + compression = "bzip2" + compression-level = 9 diff --combined debian/systemd-user/gpg-agent-browser.socket index 0000000,67690ce..67690ce mode 000000,100644..100644 --- a/debian/systemd-user/gpg-agent-browser.socket +++ b/debian/systemd-user/gpg-agent-browser.socket @@@ -1,0 -1,13 +1,13 @@@ + [Unit] + Description=GnuPG cryptographic agent (access for web browsers) + Documentation=man:gpg-agent(1) + + [Socket] + ListenStream=%t/gnupg/S.gpg-agent.browser + FileDescriptorName=browser + Service=gpg-agent.service + SocketMode=0600 + DirectoryMode=0700 + + [Install] + WantedBy=sockets.target diff --combined debian/tests/control index 0000000,9178821..9178821 mode 000000,100644..100644 --- a/debian/tests/control +++ b/debian/tests/control @@@ -1,0 -1,3 +1,3 @@@ + Tests: gpgv-win32 + Depends: gpgv-win32, gnupg2, gpgv2 + Restrictions: needs-root, allow-stderr diff --combined debian/tests/gpgv-win32 index 0000000,3142a65..3142a65 mode 000000,100755..100755 --- a/debian/tests/gpgv-win32 +++ b/debian/tests/gpgv-win32 @@@ -1,0 -1,54 +1,54 @@@ + #!/bin/sh + + set -e + + export GNUPGHOME=$(mktemp -d) + + arch=$(dpkg --print-architecture) + + case "$arch" in + amd64) + if ! dpkg --print-foreign-architectures | grep -Fqx i386; then + echo "I: setting up multiarch" + dpkg --add-architecture i386 + apt update # FIXME you might want to try this up to some N times to avoid failures on temporary network issues + fi + ;; + arm64) + if ! dpkg --print-foreign-architectures | grep -Fqx armhf; then + echo "I: setting up multiarch" + dpkg --add-architecture armhf + apt update # FIXME you might want to try this up to some N times to avoid failures on temporary network issues + fi + ;; + i386|armel|armhf|powerpc) + : nothing, tests should just work + ;; + *) + echo "I: skipping tests on $arch; only works on amd64, i386, arm64, armhf, armel, and powerpc" + exit + ;; + esac + + if ! dpkg-query --status wine32 | grep -Fqx 'Status: install ok installed'; then + DEBIAN_FRONTEND=noninteractive apt install -qy wine32 # FIXME ditto + fi + + echo 'no-allow-loopback-pinentry:16' | gpgconf --change-options gpg-agent + + # Generate a minimal signing key: + gpg2 --batch --debug-quick-random --pinentry-mode loopback --passphrase '' --quick-gen-key 'Test key for gpgv-win32 ' + + gpg2 -o "$GNUPGHOME/key.gpg" --export test-key@example.com + + # Sign this very script + rm -f "${0}.gpg" + gpg2 --output "${0}.gpg" --detach-sign "${0}" + + # Verify using gpgv + gpgv2 --keyring "$GNUPGHOME/key.gpg" "${0}.gpg" "${0}" + + # Verify using gpgv.exe + wine /usr/share/win32/gpgv.exe --keyring "Z:\\\\${GNUPGHOME}/key.gpg" "Z:\\\\$(pwd)/${0}.gpg" "Z:\\\\$(pwd)/${0}" + + rm -rf "$GNUPGHOME" diff --combined debian/upstream/signing-key.asc index 0000000,1e57599..1e57599 mode 000000,100644..100644 --- a/debian/upstream/signing-key.asc +++ b/debian/upstream/signing-key.asc @@@ -1,0 -1,109 +1,109 @@@ + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v2 + + mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I + Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg + jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 + KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u + qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB + 1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk + aXN0IHNpZymJAT4EEwECACgFAk0ti4ECGwMFCRDdnwIGCwkIBwMCBhUIAgkKCwQW + AgMBAh4BAheAAAoJECSbOdJPJeO2PlMIAJxPtFXf5yozPpFjRbSkSdjsk9eru05s + hKZOAKw3RUePTU80SRLPdg4AH+vkm1JMWFFpwvHlgfxqnE9rp13o7L/4UwNUwqH8 + 5zCwu7SHz9cX3d4UUwzcP6qQP4BQEH9/xlpQS9eTK9b2RMyggqwd/J8mxjvoWzL8 + Klf/wl6jXHn/yP92xG9/YA86lNOL1N3/PhlZzLuJ6bdD9WzsEp/+kh3UDfjkIrOc + WkqwupB+d01R4bHPu9tvXy8Xut8Sok2zku2xVkEOsV2TXHbwuHO2AGC5pWDX6wgC + E4F5XeCB/0ovao2/bk22w1TxzP6PMxo6sLkmaF6D0frhM2bl4C/uSsq5AQ0ETS2L + gQEIAKHwucgbaRj0V7Ht0FnM6RmbqwZ7IFV2lR+YN1gkZaWRRCaJoPEZFKhhPEBX + 1bDVwr/iTPaPPEtpi7oQoHk65yeLrhtOmXXpNVkV/5WQjAJIrWn+JQ3z/ZejxHUL + hzKsGg5FC6pRYcEyzRXHtv4BO9kBIKNVirZjEkQG4BnIrQgl6e2YFa47GNMqcQH7 + nJdwG1cGQOZOIDQQM41gBzwoSrStMA6DjHkukFegKfcSbSLArBtYNAwTwmW7RqOM + EJwlo0+NYx2Yn75x66bYwdlsP0FLOgez/O/IxoPRxXr0l4e+uj6dFHqvBi04dx6J + sPmXEyeAyLiCWSh7Rwq8uIhBUBUAEQEAAYkBJQQYAQIADwUCTS2LgQIbIAUJEN2f + AgAKCRAkmznSTyXjtrsSCACRNgfGkD0OqOiwYo1/+KyWnrQLusVvSYOw8hN66geU + 3BO8iQ0Koy+m0QKY1kWjaHwewpg8ZebY4E2sHbNIC9Spyiyz29sAJ2invf4/4Mep + TgpxNiw4+XmykCkN1AfVhvMTQXMzRbO5ZwRtPpjsMr1j5vX1s6U3/RxSAItpAkCu + 1GGTTOH0r12Ochc/um+QGAyO6WUj/IiZ1MX7toXW0SCo8DSl8z5Q7KmJWF6TQLK1 + Lku4bIVG1Huwo1/0WHc2vCad5BxHjgoy8TsKLTmvYQZWtnjWvQGV2UOABYWcacut + ZXQQ2PPCIY7LlpuS/45CXWbT5Y+mxY3y7dbz4aF+8uyCiJwEEAECAAYFAk0tjQQA + CgkQU7Yg0BzgxjBGTwQAi5qzI6cJslbyOl+TeDZVnLV0FmPuDg8dojvQrVDPxfem + IjxZZoMLCVM8ly8AC2JPrIYfN040C343saIc0tTtOwwmVMuy7G/Uex22CdWH/0HB + MpG4gFuOuQmW9QQDjEdh1DgwU2gAWonX54ZlMybWss+2NCikRwMflVUupH57BauZ + AQ0EVFA7IwEIAOYQcDfRdzqin/vZlwl1AyuJW+cDI3bYvesRtOIAJ+8FqOzp+nOZ + 7a4mULkXUeRh3HcO91wughXoR3qP3klWIlqgTQQHxPVM25BEvnGPuMA86lWnKoSs + Xe9F5h0IMiu6aURvzMJC9VMgKwhhgCjejFf9n8zuiBkMN457Ubnt/9jxhpxmorDQ + Cpb7bR1mfdbsuCmOXwTNfbkAoGXceL/P6z9PskKrFk8CVCr8pseRiHzWgib4Bfr/ + mj68LKcQTH/Y6R16g154eC6PAvxrEDA+hgpVX0I7L781Byh9nqC+KDX5LvlGuQbg + B2IvrgLs6lfU3aRfTwqUDMj37rmXJTDy3TMAEQEAAbQyTklJQkUgWXV0YWthIChH + bnVQRyBSZWxlYXNlIEtleSkgPGduaWliZUBmc2lqLm9yZz6JATwEEwEIACYFAlRQ + OyMCGwMFCQPCZwAFCwcICQMEFQgJCgUWAgMBAAIeAQIXgAAKCRAgcbCKM70/BnX/ + CADQspqXXAVlrwU9SidzYbPAT1iGRmIkHwoD9rtPr/9xbg3jr8azCKpknE3VF0qz + UH6unsQwxTduGhey0sFwhi96WOqHiU8FYKxNPb786nACaCfOOB1MdymcIxMQ51mS + 0PlIqtOPa1VpZcCVYr9SwQRqcDdy/Oh/Ljifuub4Shrs/VgYIcv74iGyLroSVt6G + KVNP/HFyQddSOLVcO+hqAQQ0QeTmPhnaaFa2OcZyW+6IGRLhd7N7M0xb988DKllf + huRRE1sZ3yO2RvcSq35u/5lChID5SS/wA9oDOPyVFLD4JiMPGmgzSO2aI+uT678O + jjoI5UD8hfbZpg1PZjYqhYlXuQENBFRQOyMBCAC94CWuMHLmP1B7oFxU0FjKv3D6 + RTpLSLqC/nqRWeKVdlSddR4LnO/r9ahRsGgekAEVyeD04SKAD7g3OWMhWvEsK6aY + gmzc0cLJCJRTsLW+X7kRWo33KUAKIpKYO8VF8iErWejajvo5UgN3y1V/anqlBU45 + DalLk/mu6JXOr6t7u83+IscTrFQTkW17wOxoc6i9zDOU1FoWZFyNU+hxpPCGndfn + S25qzaEpb1qzxYoHpyttCkGX4R3siX6gAkRLIPhsYK4sZihBZhTBgHdAVYSYkCrK + hRNWoSb3XpUhdT5l88uPozwxXruXmzk6WCv6ZdCJ+0rGShwJjU1j6g+Fksk9ABEB + AAGJASUEGAEIAA8FAlRQOyMCGwwFCQPCZwAACgkQIHGwijO9Pwbgqwf7BfdPgAkx + Mrt0BJeLJu1ItnCQ4cZ8rbuS5gwAxrY80QXDoJquwRWs1AXaBu0VW+9KvWdp0uhQ + b0Wy7fv40rRtC+T8nuE/1jaf2byMIfQwPVp3ODH+O3WZew1KvrQZquDKimgHxRso + WH5vq2VjohI8oQuQNN8AYeyxYo74eB8+3WfUrdw4MYiJcKd20MjoZZS16Klb99qm + LVZfE/dt/+wwZYFB7cpb5vvvE1voqS+ycD2Rt0irRg6ulw7OXoUrJ25sfkrv9otD + omDl9V//pyJZSp+IiwK4r0xnk8sjXHgXkzUdIyS0AB17Aw1+G2sbUKyX/SdOgzN7 + D8qEd3C7n53TwpkBDQRUUF8HAQgAh1mo8r+kVWVTNsNlyurm2tdZKiQbdeVgpBgc + DnqI3fAV58C3nC8DVuK5qVGZPB/jbu42jc8BXGP1l6UP+515LQL5GpTtV0pRWUO0 + 2WOuTLZBVQcq53vzbg1xVo31rWV96mqGAPs8lGUCm09fpuiVKQojO6/Ihkg7/bnz + eSbcX5Xk9eKLhyB7tnakuYJeRYm4bjs+YDApK8IFQyevYF8pjTcbLTSNJPW9WLCs + ozsy11r4xdfRcTWjARVz5VzTnQ+Px8YtsnjQ3qwNJBpsqMLCdDN7YGhh/mlwPjgd + q/UFf5+bY6f3ew0vshBqInBQycBSmYyoX0Ye3sAS/OR4nu5ZaQARAQABtD5EYXZp + ZCBTaGF3IChHbnVQRyBSZWxlYXNlIFNpZ25pbmcgS2V5KSA8ZHNoYXdAamFiYmVy + d29ja3kuY29tPokBPgQTAQIAKAUCVFBfBwIbAwUJCbp27gYLCQgHAwIGFQgCCQoL + BBYCAwECHgECF4AACgkQBDdvPuCFaVmIoQf+POxCWkCTicRVlq0kust/iwYO1egK + 9FWG130e2Irnv2lAZZN/0S5ibjHCYFp9gfMgmtVTF5oWXjSDAy/kIykQBBcUVx4S + CJbdMtKSdsSIQMz6P4DxXumxQm79msOsbi5TsdtUwjqdrbu2sHloE7ck/hTXUCkX + 3zuqtxY7W23BCQxVVT5qUaFuAHkkQaaBgAb8gdgixmkIBfu9u8k3k9zUKm/PNfMj + xClvORkP8gev+XyzNgcXM49h5YYlmDT+Ahv99nUM1wg8yJTjefBAY0fL982Scx30 + nDQO3w7ihALUoj5+TXQjhs3sWPJ8u3pstr9XcfzEZC77/CZmRYNr8g5hBrkBDQRU + UF8HAQgAodT0id+C6PMV7C8JxE8POGvX2wA6QLw29ESO0Ws8+Jq9EPQ3114mH+sC + +kDsweCDMyaY34i8gvh6hWxG9JfZmSkRUv0QX2zvlcwr8SOZ9dXzrV7ip+QgpzO2 + 2eYRnH/RB+KWfFzqSop51sd1Uls41qKphDEm/ZAnnTwxYWX6jElOCpIuemTAiSxp + qtjPXVftchSEy06/bDRFuC4FevfU5aWTg3FSZEZpk0KF5RZBdzvOfX9PwHf2Fxhg + QtLkAsdvvWzDToYD0qOecM/MGt1doryBo8IkAiHJ+TRNyVi6/fAq/rig3brF5ETG + N7W5IRRGoLetY++4YO+1gY7Ea+1tZwARAQABiQElBBgBAgAPBQJUUF8HAhsgBQkJ + unbuAAoJEAQ3bz7ghWlZ6PAH/iTMC5+H/Ynj7G1KOjhyoufPoM+j+g4Ec8RmEA6v + YOWIi8F4AU86iS6Sq2HkZXSKxLgAYbWuseFHS6QA/qZPDPdIv8TceE3jMW3ZEmmm + nCsS6cmkQhpjRCKuWGfaOyZIEV2BT6Ere+MU5jU+wRqkbJGk1BS8myQHkZRN/5dg + fo5syFYKY4T64Z7DvlbQF70cCARlsIwk4lN6QJ/iqaHR9c2sWtzHfxAvdctApdg5 + w8GRcEpdDMieejha/lBMRTYVWY1vrEg++mkkhvCOkBilDFFCVojOnSdTJy7dNZji + BlEFwlmcjLq984C5FRwj5+eN0Bev5hZsWobLeRqt8QOGMlG5AQ0EVFBfBwEIAK4b + kUPSxSlmE8GHAI4FNQDA+QZzIvLPpf1p5JqFULpJeelwfVtbj6qOfPKwXVvam0yH + OiyrMnffdlZ/6+QXjP665RdbsPzEDPxCH972eGmdw8yV95wmPCVaoyBTH9XBDTX2 + 52h0vPjgcbbOLUvUuYBV8C74ir6ESoA20g/rjYEGjJ/UAtgBGIfMo0Vk2Qc6/7wx + M3jNPxUc/6h5oiggUkgdbFcgzC2sOAUj3nJ0CS01dNPJuAlGPRjig9o61/PiumSO + Vy98efAetsjLLS00ysAmjxj7eFuxnf73TJOyAItKZPv3i7K4LIgMZXwL71Ox00zU + dzm6H+/JomSorqtLlOUAEQEAAYkBJQQYAQIADwUCVFBfBwIbDAUJCbp27gAKCRAE + N28+4IVpWbkxB/0azsvpA9eJPr6oNu3Iw4aCvLQi9I2jodGXpsNg3GN+ATp3PKMi + 21KsneqkYXzwxY+27HAwNSQEmMeyOh37nkPXJMlBgJ0+aV7J2nAj3as310gnV3kY + Id8NXvLi+YLngqfTyQpxedDhBeSyTYLAP96mDtUuGFQ9/TWBF0wjZkBqFllnsmmU + Cs9lMmdaFUk1cT1/R1vwiGz1mAaUzyP2NNUnXsoE25TkeXg+Kf95QkxS0C3C9S+c + A4jCCHXEuGFxMe4+6IbubsVepIUFrlzbUaYpYB8lwFQutoSJ1qLc2jFcW00Qy2Z2 + SOVYJ5oyMhZNei0ZFsgQ9tp2PhtICjm5JfvPmQENBFRDqVIBCAC0k8eZKDmNqdma + wOlJ/m62L2g8uXT/+/vAEGb1yaib09xI6tfGXzbqlDwrLIZcJsSIT/nt/ajJnIVb + c3137va4XbwMzsDpAMH4mmiToqk+izEChGm2knzrLwhoflR8aGsKL35QoZT/erdj + fgPeCRLvf25fHsN2Jb0WIMzC56VkMeFoza+9HZ5hrkemmm+gPvIvhEUopxCyOS8m + K5WjB4zzIdyDJfkqVpHvafNP0N4LIsedKdyHcj/K3kY4Kejl99GW1z1snBgPamoN + 2/e52Pf6KTw2FjsSGZ72oalcrkBR4wacUizGxKcRD2Y6Xa0g9mwToWdNBQCIII+u + TzOzq1EDABEBAAG0IVdlcm5lciBLb2NoIChSZWxlYXNlIFNpZ25pbmcgS2V5KYkB + PQQTAQgAJwUCVEOpUgIbAwUJC6oF9QULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAK + CRCKhhscfv1g2aH7B/wIW6mVmTmzW2xc1q1MUdssExQBhEeONrbWJ/HiGZP/Maab + gQ/+wZuThTAwfGM5zFQBOvrBOGURhINU6lYQlcOrVo+V8Z1mNQKFWaKxJaY5Ku1b + B1OuX9FHLEiMibogHu5fjJIXBE8XrnvueejyFQ5g/uX2xcGgCWlMe49sR3K+lEl3 + n93xTmSNhP52r0gTjMjbqKWKUaIGJ5OcWSrvawdfqLXkxR8phq2AlHHEfxpcZsOp + 9mZirWYQ5jcgGgFP0LYXUw/RnxFpOcrj45qufmyEL9QJKjBV5RaHJbqukefwUInP + QtVUmINqQxztSh5QxQP2tsUPIeEi5RAoCwLJam8z + =PXPh + -----END PGP PUBLIC KEY BLOCK----- diff --combined debian/watch index 0000000,e6d36a1..e6d36a1 mode 000000,100644..100644 --- a/debian/watch +++ b/debian/watch @@@ -1,0 -1,5 +1,5 @@@ + version=4 + + opts=pgpsigurlmangle=s/$/.sig/ \ + https://gnupg.org/ftp/gcrypt/gnupg/gnupg@ANY_VERSION@@ARCHIVE_EXT@ \ + debian uupdate