chiark / gitweb /
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Daniel Kahn Gillmor [Mon, 29 Aug 2016 16:34:42 +0000 (12:34 -0400)]
avoid regenerating defsincdate (use shipped file)
upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am
tries to rewrite doc/defsincdate if it notices that any of the files
have been modified more recently, and it does so assuming that we're
running from a git repo.
However, we'd rather ship the documents cleanly without regenerating
defsincdate -- we don't have a git repo available (debian builds from
upstream tarballs) and any changes to the texinfo files (e.g. from
debian/patches/) might result in different dates on the files than we
expect after they're applied by dpkg or quilt or whatever, which makes
the datestamp unreproducible.
Gbp-Pq: Topic debian-packaging
Gbp-Pq: Name 0003-avoid-regenerating-defsincdate-use-shipped-file.patch
Daniel Kahn Gillmor [Wed, 12 Aug 2015 00:28:26 +0000 (20:28 -0400)]
Avoid simple memory dumps via ptrace
This avoids needing to setgid gpg-agent. It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one. If there are other protections we should do them too.
This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.
The remaining options for debugging are:
* launch the agent from gdb directly
* connect gdb to a running agent as the superuser
Upstream bug: https://bugs.gnupg.org/gnupg/issue1211
Gbp-Pq: Topic block-ptrace-on-agent
Gbp-Pq: Name 0002-Avoid-simple-memory-dumps-via-ptrace.patch
Debian GnuPG Maintainers [Tue, 14 Apr 2015 14:02:31 +0000 (10:02 -0400)]
avoid-beta-warning
avoid self-describing as a beta
Using autoreconf against the source as distributed in tarball form
invariably results in a package that thinks it's a "beta" package,
which produces the "THIS IS A DEVELOPMENT VERSION" warning string.
since we use dh_autoreconf, i need this patch to avoid producing
builds that announce themselves as DEVELOPMENT VERSIONs.
See discussion at:
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html
Gbp-Pq: Topic debian-packaging
Gbp-Pq: Name 0001-avoid-beta-warning.patch
Daniel Kahn Gillmor [Tue, 14 Feb 2017 00:29:34 +0000 (00:29 +0000)]
gnupg2 (2.1.18-6) unstable; urgency=medium
[ NIIBE Yutaka ]
* scdaemon: Fix duplicated entries (Closes: #855056).
[dgit import unpatched gnupg2 2.1.18-6]
Daniel Kahn Gillmor [Tue, 14 Feb 2017 00:29:34 +0000 (00:29 +0000)]
Import gnupg2_2.1.18-6.debian.tar.bz2
[dgit import tarball gnupg2 2.1.18-6 gnupg2_2.1.18-6.debian.tar.bz2]
Daniel Kahn Gillmor [Tue, 24 Jan 2017 04:12:35 +0000 (04:12 +0000)]
Import gnupg2_2.1.18.orig.tar.bz2
[dgit import orig gnupg2_2.1.18.orig.tar.bz2]