--- gnupg-1.4.11.orig/debian/TODO +++ gnupg-1.4.11/debian/TODO @@ -0,0 +1,45 @@ +TODO + +* fixed in older releases and probably even not relevant in 1.4.x anymore (in + braces the upstream tracker item number): + + #113897: "Oops: lock already hold by us" when using --fast-import (not 100% sure) + + the following I'm not 100% sure: + #166794, + #172823: --search leads to segfault + + +* Ubuntu patches: + + debian/patches/61_use_agent_default.dpatch: we should decide if used as default + +* discuss + + - if gpg should be put into /bin (#477671) + + - if keyserver-options verbose should be default (#474569) + + - why does gnupg depend on gpgv and can this perhaps be made less strong? + +general: + + +============================================================================== + + +* Close candidate (upstream rejected change): + + #38857: gnupg: no way to copy a key + #61914: gnupg: confusing question in gpg key generation process (I cannot agree) + #93656: gnupg; No way to specify multiple keyservers? (#139) +#162742: gnupg: Please handle "deprecated option honor-http-proxy" +#173586: gnupg: Suggestion for a better error message +#185782: `--batch --output existingfile' outputs nothing and exits 0 +#196681: gnupg: gpg says /dev/null@alea isn't a valid email address +#290980: gnupg: 'gpg -q --verify' should be quiet on success (#919) +#310805: gnupg: fully exportable armored homedir is completely impossible now! +#318587: gnupg: should encrypt to all subkeys + +#300743: gnupg: Should not depend on libusb + --- gnupg-1.4.11.orig/debian/control +++ gnupg-1.4.11/debian/control @@ -0,0 +1,101 @@ +Source: gnupg +Section: utils +Priority: important +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GnuPG-Maintainers +Uploaders: Sune Vuorela , + Daniel Leidert (dale) , + Thijs Kinkhorst +Standards-Version: 3.9.1 +Build-Depends: debhelper (>> 7), libz-dev, libldap2-dev, libbz2-dev, + libusb-dev [!hurd-i386], + libreadline-dev, file, gettext, dpatch, + libcurl4-gnutls-dev +Homepage: http://www.gnupg.org +Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gnupg/ +Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gnupg/trunk/ + +Package: gnupg +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends}, gpgv +Suggests: ${shlibs:Suggests}, gnupg-curl, gnupg-doc, xloadimage | imagemagick | eog, libpcsclite1 +Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + GnuPG 1.4 is the standalone, non-modularized series. In contrast to + the version 2 series, shipped with the gnupg2 package, it comes + with no support for S/MIME and some other tools useful for desktop + environments, but also with less dependencies. + . + The gnupg package is built without libcurl. So it does not support + HKPS keyservers. Install the gnupg-curl package if you want to use + the keyserver helper tools built with libcurl and supporting HKPS. + . + GnuPG does not use any patented algorithms. This means it cannot be + compatible with PGP2, because that uses IDEA (which is patented in + a number of countries). + +Package: gnupg-curl +Priority: optional +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${shlibs:Suggests}, ${misc:Depends}, gnupg +Description: GNU privacy guard - a free PGP replacement (cURL) + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This package contains the keyserver helper tools built with libcurl, + which replace the ones in the gnupg package built with the "curl shim" + variant of gnupg. This package provides support for HKPS keyservers. + . + GnuPG does not use any patented algorithms. This means it cannot be + compatible with PGP2, because that uses IDEA (which is patented in + a number of countries). + +Package: gpgv +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: gnupg +Description: GNU privacy guard - signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is a stripped-down version of gnupg which is only able to check + signatures. It is smaller than the full-blown gnupg and uses a + different (and simpler) way to check that the public keys used to + make the signature are trustworthy. + +Package: gnupg-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: extra +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG packaged in minimal form for use in debian-installer. + +Package: gpgv-udeb +XC-Package-Type: udeb +Section: debian-installer +Priority: extra +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: minimal signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC 4880. + . + This is GnuPG's signature verification tool, gpgv, packaged in minimal + form for use in debian-installer. --- gnupg-1.4.11.orig/debian/README.BUGS.Debian +++ gnupg-1.4.11/debian/README.BUGS.Debian @@ -0,0 +1,112 @@ +Frequently Reported Issues for gnupg in Debian +---------------------------------------------- + +This file is intended to collect information about issues and limitations in +gnupg, which have been reported to the Debian bug-tracking system (BTS) for +gnupg. + + + +Make sure you checked the information here before reporting an issue to the +Debian BTS. Please note, that most of the reports have been forwarded +upstream, and that this file just expresses what upstream told us. For many +of these reports, items in the upstream bug tracker have been opened. So in +rare cases, a limitation might get fixed in future releases of GnuPG. + + +gnupg: When creating a signature, it does not necessarily preserve the + permissions of the signed file. + + [..] I don't see the problem with this. In same cases we could create a + file with the same permissions as the source file but not in all. + Often gpg does not work on the file but just reads the content. This + common Unix behaviour (cf. cat(1)). If there are concerns, make sure + the umask has ben set properly. + . + Sor signing confidential files, a detached signature is anyway a + better choice. + . + Another reason not to change it is that it changes the interface and + thus would break myriads of scripts. [..] (Werner Koch) + + Debian #44910 + + +gnupg: I wish I could sign multiple files in one pass. + + [..] IIRC, the sematics of sign are too complicated for --multifile. If + the problem is just to avoid entering a passphrase several times, + gpg-agent is very helpful and solves the problem nicely. [..] + (Werner Koch) + + Debian #89094 + GnuPG #1041 + + +gnupg: I want to extract a signature from a signed and encrypted file. + + [..] This is the occasionally-requested "--unwrap" command which would + stop processing after a single layer of the file. I.e. convert + Enc(Sign(data)) to Sign(data). [..] (David Shaw) + + Debian #282061 + GnuPG #1060 + + GnuPG #1047 + + +gnupg: I get a passphrase entry window (from pinentry*) although I used + the --passphrase switch. + + [..] That is as it should be. [..] (Werner Koch) + + gpg won't send the value of --passphrase given on the command line to the + configured agent. + + Debian #427857 + + +gnupg: Sets key expiry date in the past. + + When setting the expiry time to values bigger than 97 years (years + >2106), gpg creates a key with expiry date set in the past. This is + due to using a 32 bit integer to represent the date. It's currently + an unfixable limitation. + + Debian #472642 + + + +gnupg: Dies with "Ohhhh jeeeee: ... this is a bug". + + Since gnupg 1.4.6-2.2 we don't install the gpg(1) binary setuid root + anymore. If you observe the error message because of this change, then + you can use dpkg-statoverride(1) to change the permissions of the binary + permanently (for example to set them setuid root): + + dpkg-statoverride --update --add root root 4755 /usr/bin/gpg + + Debian #485458 + + + -- Daniel Leidert , 2009 --- gnupg-1.4.11.orig/debian/README.source +++ gnupg-1.4.11/debian/README.source @@ -0,0 +1,3 @@ +GnuPG's source is managed with dpatch. To get the source ready to be compiled, +run `debian/rules patch`. For other usage information please refer to the +dpatch documentation in /usr/share/doc/dpatch. --- gnupg-1.4.11.orig/debian/gpgv.files +++ gnupg-1.4.11/debian/gpgv.files @@ -0,0 +1,2 @@ +usr/bin/gpgv +usr/share/man/man1/gpgv.1 --- gnupg-1.4.11.orig/debian/gnupg.dirs +++ gnupg-1.4.11/debian/gnupg.dirs @@ -0,0 +1,2 @@ +usr/share/doc/gnupg +usr/share/man/ru/man1 --- gnupg-1.4.11.orig/debian/changelog +++ gnupg-1.4.11/debian/changelog @@ -0,0 +1,1733 @@ +gnupg (1.4.11-3ubuntu2.9) precise-security; urgency=medium + + * Screen responses from keyservers (LP: #1409117) + - d/p/0001-Screen-keyserver-responses.dpatch + - d/p/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch + - d/p/0003-Add-kbnode_t-for-easier-backporting.dpatch + - d/p/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch + * Fix large key size regression from CVE-2014-5270 changes (LP: #1371766) + - d/p/Add-build-and-runtime-support-for-larger-RSA-key.dpatch + - debian/rules: build with --enable-large-secmem + * SECURITY UPDATE: sidechannel attack on Elgamal + - debian/patches/CVE-2014-3591.dpatch: use ciphertext blinding in + cipher/elgamal.c. + - CVE-2014-3591 + * SECURITY UPDATE: sidechannel attack via timing variations in mpi_powm + - debian/patches/CVE-2015-0837.dpatch: avoid timing variations in + include/mpi.h, mpi/mpi-pow.c, mpi/mpiutil.c. + - CVE-2015-0837 + * SECURITY UPDATE: invalid memory read via invalid keyring + - debian/patches/CVE-2015-1606.dpatch: skip all packets not allowed in + a keyring in g10/keyring.c. + - CVE-2015-1606 + * SECURITY UPDATE: memcpy with overlapping ranges + - debian/patches/CVE-2015-1607.dpatch: use inline functions to convert + buffer data to scalars in g10/apdu.c, g10/app-openpgp.c, + g10/build-packet.c, g10/ccid-driver.c, g10/getkey.c, g10/keygen.c, + g10/keyid.c, g10/misc.c, g10/parse-packet.c, g10/tdbio.c, + g10/trustdb.c, include/host2net.h. + - CVE-2015-1607 + + -- Marc Deslauriers Fri, 27 Mar 2015 08:24:00 -0400 + +gnupg (1.4.11-3ubuntu2.7) precise-security; urgency=medium + + * SECURITY UPDATE: side-channel attack on Elgamal encryption subkeys + - debian/patches/CVE-2014-5270.dpatch: use sliding window method for + exponentiation algorithm in mpi/mpi-pow.c. + - CVE-2014-5270 + + -- Marc Deslauriers Tue, 19 Aug 2014 09:41:45 -0400 + +gnupg (1.4.11-3ubuntu2.6) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via uncompressing garbled packets + - debian/patches/CVE-2014-4617.dpatch: limit number of extra bytes in + g10/compress.c. + - CVE-2014-4617 + + -- Marc Deslauriers Thu, 26 Jun 2014 08:30:14 -0400 + +gnupg (1.4.11-3ubuntu2.5) precise-security; urgency=low + + * SECURITY UPDATE: RSA Key Extraction via Low-Bandwidth Acoustic + Cryptanalysis attack + - debian/patches/CVE-2013-4576.dpatch: Use blinding for the RSA secret + operation in cipher/random.*, cipher/rsa.c, g10/gpgv.c. Normalize the + MPIs used as input to secret key functions in cipher/dsa.c, + cipher/elgamal.c, cipher/rsa.c. + - CVE-2013-4576 + + -- Marc Deslauriers Wed, 18 Dec 2013 11:17:02 -0500 + +gnupg (1.4.11-3ubuntu2.4) precise-security; urgency=low + + * SECURITY UPDATE: incorrect no-usage-permitted flag handling + - debian/patches/CVE-2013-4351.dpatch: correctly handle empty key flags + in g10/getkey.c, g10/keygen.c, include/cipher.h. + - CVE-2013-4351 + * SECURITY UPDATE: denial of service via infinite recursion + - debian/patches/CVE-2013-4402.dpatch: set limits on number of filters + and nested packets in util/iobuf.c, g10/mainproc.c. + - CVE-2013-4402 + + -- Marc Deslauriers Tue, 08 Oct 2013 07:49:58 -0400 + +gnupg (1.4.11-3ubuntu2.3) precise-security; urgency=low + + * SECURITY UPDATE: The path of execution in an exponentiation function may + depend upon secret key data, allowing a local attacker to determine the + contents of the secret key through a side-channel attack. + - debian/patches/CVE-2013-4242.dpatch: always perform the mpi_mul for + exponents in secure memory. Based on upstream patch. + - CVE-2013-4242 + + -- Seth Arnold Tue, 30 Jul 2013 15:51:17 -0700 + +gnupg (1.4.11-3ubuntu2.2) precise-security; urgency=low + + * SECURITY UPDATE: keyring corruption via malformed key import + - debian/patches/CVE-2012-6085.dpatch: validate PKTTYPE in g10/import.c. + - CVE-2012-6085 + + -- Marc Deslauriers Tue, 08 Jan 2013 10:52:55 -0500 + +gnupg (1.4.11-3ubuntu2.1) precise-security; urgency=low + + * debian/patches/long-keyids.dpatch: Use the longest key ID available + when requesting a key from a key server. + + -- Marc Deslauriers Tue, 14 Aug 2012 08:34:24 -0400 + +gnupg (1.4.11-3ubuntu2) precise; urgency=low + + * Mark gnupg, gnupg-curl, and gpgv Multi-Arch: foreign. + + -- Colin Watson Mon, 21 Nov 2011 13:42:07 +0000 + +gnupg (1.4.11-3ubuntu1) natty; urgency=low + + * Resynchronise with Debian (LP: #720905). Remaining changes: + - Disable mlock() test since it fails with ulimit 0 (on buildds). + - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default. + - Fix udeb build failure on powerpc, building with -O2 instead of -Os. + - Only suggest gnupg-curl and libldap; recommendations are pulled into + minimal, and we don't need the keyserver utilities in a minimal Ubuntu + system. + * debian/{control,rules}: Remove the Win32 build (and mingw32 + build-dependency), since mingw32 is in universe, and will remain so for + the forseeable future. + + -- Rico Tzschichholz Tue, 22 Feb 2011 11:00:25 +0100 + +gnupg (1.4.11-3) unstable; urgency=low + + * Install gpg setuid root again on kFreeBSD. We dropped this + bit earlier because it's not necessary anymore on Linux, but + the kFreeBSD kernel still requires it for secure memory. + Thanks Robert Millan for the patch. (Closes: 598471) + * Add a gpgv-win32 package, to be used by win32-loader. Patch + from Didier Raboud (Closes: #612462). + + -- Thijs Kinkhorst Tue, 15 Feb 2011 19:49:51 +0100 + +gnupg (1.4.11-2) experimental; urgency=low + + * Update standards-version to 3.9.1, no changes needed. + * Apply patch based on Werner Koch's work that (again) + resolves a build failure on mips(el); issue addressed + in 1.4.10-4 was only partly solved upstream. + * Add README.Debian with smart card reader info, thanks + Jonathan Nieder (Closes: #575763). + + -- Thijs Kinkhorst Sat, 13 Nov 2010 12:37:32 +0100 + +gnupg (1.4.11-1) experimental; urgency=low + + * New upstream release (Closes: #600587). + + Obsoletes all previously existing Debian patches: + 567580_menu_prompt_reflects_program.dpatch + 560692_fix_fatal_after_homedir_creation.dpatch + 489225_catch_expired_primary_key_with_valid_subkey.dpatch + fix_infinite_loop_r5264.dpatch + 567593_improve_info_and_faq.dpatch + 551709_fix_info_link_entry.dpatch + 560995_fix_ftbfs_on_sparc64.dpatch + mips_gcc4.4.dpatch + 553175_document_primary_uid_sign.dpatch + + No longer ships outdated faq.html. + + * Update references to RFC 2440 into RFC 4880. Thanks + Christoph Anton Mitterer (Closes: #592294). + + -- Thijs Kinkhorst Tue, 26 Oct 2010 20:14:12 +0200 + +gnupg (1.4.10-4ubuntu2) natty; urgency=low + + * No-change rebuild to drop upstream changelog. + + -- Martin Pitt Fri, 03 Dec 2010 08:31:25 +0100 + +gnupg (1.4.10-4ubuntu1) natty; urgency=low + + * Resynchronise with Debian. Remaining changes: + - Disable mlock() test since it fails with ulimit 0 (on buildds). + - Set gpg (or gpg2) and gpgsm to use a passphrase agent by default. + - Fix udeb build failure on powerpc, building with -O2 instead of -Os. + - Only suggest gnupg-curl and libldap; recommendations are pulled into + minimal, and we don't need the keyserver utilities in a minimal Ubuntu + system. + + -- Colin Watson Wed, 13 Oct 2010 11:48:06 +0100 + +gnupg (1.4.10-4) unstable; urgency=high + + * debian/patches/mips_gcc4.4: added to fix build failure on + mips(el) due to the removal of the 'h' constraint for MIPS + in gcc-4.4.x versions. Urgency high for fixing ftbfs. + Thanks Florian Fainelli for the patch. + + -- Thijs Kinkhorst Tue, 25 May 2010 20:54:22 +0200 + +gnupg (1.4.10-3) unstable; urgency=low + + [ Daniel Leidert (dale) ] + * debian/control (Description): Added note about gnupg2 (closes: #566081). + * debian/patches/489225_catch_expired_primary_key_with_valid_subkey.dpatch: + Added. + - g10/sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag to + fix missing status line signature verification done with a subkey while + on the main key has expired (closes: #489225). + * debian/patches/551709_fix_info_link_entry.dpatch: Added. + - doc/gnupg1.texi, gnupg1.info: Fix direntry (closes: #551709). + * debian/patches/553175_document_primary_uid_sign.dpatch: Added. + - doc/gpg.texi: Document the primary user id sign in --edit-key mode + (closes: #553175). + * debian/patches/560692_fix_fatal_after_homedir_creation.dpatch: Added. + - g10/tdbio.c (tdbio_set_dbname): Fix a mistaken fatal error after homedir + creation (closes: #560692). + * debian/patches/560995_fix_ftbfs_on_sparc64.dpatch: Added. + - mpi/config.links: Fix FTBFS on sparc64, where it tries to use SPARC32 + assembly code (closes: #560995). + * debian/patches/567580_menu_prompt_reflects_program.dpatch: Added. + - Use a less ambiguous command prompt (closes: #567580). + * debian/patches/567593_improve_info_and_faq.dpatch: Added. + - Improve the info/manual pages, fix grammar and add/fix the bug-reporting + address (closes: #567593). + * debian/patches/fix_infinite_loop_r5264.dpatch: Added. + - Avoid infinite loop in case of invalid data. + * debian/patches/00list: Adjusted. + + [ Thijs Kinkhorst ] + * Checked for policy 3.8.4, no changes. + + -- Thijs Kinkhorst Mon, 22 Mar 2010 20:12:42 +0100 + +gnupg (1.4.10-2ubuntu2) maverick; urgency=low + + * Only suggest gnupg-curl and libldap; recommendations are pulled into + minimal, and we don't need the keyserver utilities in a minimal Ubuntu + system. + + -- Colin Watson Mon, 14 Jun 2010 14:40:00 +0100 + +gnupg (1.4.10-2ubuntu1) lucid; urgency=low + + * Merge from Debian testing (lp: #503064, #477818). Remaining changes: + - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test + since it fails with ulimit 0 (on buildds). + - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg + (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) + - Fix udeb build failure on powerpc, building with -O2 instead of -Os. + + -- Michael Bienia Mon, 04 Jan 2010 20:06:01 +0100 + +gnupg (1.4.10-2) unstable; urgency=low + + [ Thijs Kinkhorst ] + * Correct build issue when backporting to lenny, thanks Andreas Metzler + (closes: #545268). + + [ Daniel Leidert ] + * debian/control: Added gnupg-curl package which ships the keyserver helper + tools built with libcurl. gnupg recommends this package. + (Build-Depends): Changed to generic libreadline-dev (see pkg-gnupg-maint + list 09/2009). + (Description): Adjusted for gnupg vs. gnupg-curl. + * debian/gnupg.doc-base.faq: Added to register the GnuPG FAQ with doc-base. + * debian/gnupg-curl.preinst, + debian/gnupg-curl.postrm: Added to add/remove the diversions for + gpgkeys_curl and gpgkeys_hkp. + * debian/rules: Added targets to build the gnupg binary and helper tools + explicitly with libcurl. Move the gpgkeys_curl and gpgkeys_hkp keyserver + tools built with libcurl into the gnupg-curl package. + (build-deb/config.status): Build the gnupg binary with the "curl shim" + variant and without libcurl, so we don't depend on packages with priority + lower important (closes: #545275). + (install): Delete /usr/share/info/dir.gz (closes: #546552). + (binary-arch): Add missing relevant ChangeLog files. + + -- Thijs Kinkhorst Fri, 25 Sep 2009 10:34:50 +0200 + +gnupg (1.4.10-1) unstable; urgency=low + + [ Daniel Leidert (dale) ] + * New upstream release GnuPG 1.4.10. + - Better cope with unicode characters in any output (closes: #540340). + - Output a warning when trying to revoke a signature from a key, + that is not signed by any of your keys (closes: #543530). + + For more information please read /usr/share/doc/gnupg/changelog.gz. + + * debian/control (Standards-Version): Bumped to 3.8.3. + * debian/gnupg.bug-presubj: Added note about debian/README.BUGS.Debian. + * debian/gnupg.docs: Added debian/README.BUGS.Debian. + * debian/gnupg.udev: Added udev rules to support several SCM smartcard + readers. Thanks to Michael Bienia (closes: #543216). + * debian/rules (binary-arch): Install udev rules and bug control files. + * debian/README.BUGS.Debian: Added. Collect information about limitations + which have been reported to the BTS and might be in the future too. This + will replace the open bug reports, so the bug count decreases and + readability increases (closes: #44910, #89094, #282061, #359758, #427857, + #472642, #485458). + * debian/patches/24_gpgv_manpage_cleanup.dpatch: Dropped (applied upstream). + * debian/patches/25_fr.po_fixes.dpatch: Ditto. + * debian/patches/25_it.po_fixes.dpatch: Ditto. + + [ Thijs Kinkhorst ] + * Add misc:depends substvar to facilitate install-info transition. + + -- Thijs Kinkhorst Sat, 05 Sep 2009 15:43:18 +0200 + +gnupg (1.4.10~rc1-1) experimental; urgency=low + + * First release candidate of GnuPG 1.4.10. + - Improved lockfile handling (closes: #58260). + - Fixes error using the --local-user switch together with the same options + string (closes: #130363). + - Fixes memory leak importing (large) keyrings (closes: #172115, #345911). + - Send HTTP requests with "Pragma: no-cache" (closes: #177716). + - Reference to unimplemented --fix-trustdb switch has been replaced by + short howto for recovery (closes: #196860). + - Resets terminal after SIGINT (LP: #294115; closes: #321871). + - Fixes error using the --fingerprint switch together with the + with-fingerprint options string (closes: #382794). + - Removing some strange old special case code in gpg fixes an error thrown + for a special signature (closes: #402600). This needs well testing ... + see https://bugs.g10code.com/gnupg/issue931. + - Fixes misleading error messages (closes: #205596, #494040). + - Fixes building with libcurl (closes: #502558). + - Fixes a parsing loop specific to amd64 systems (closes: #503853). + - Fixes the non-zero exit status after smartcard insert prompt (closes: + #513464). + - Fixes/improves documentation (LP: #389694; closes: #496921, #527351). + - Fixes several issues in the German (closes: #536827), the Dutch + (LP: #397395) and the French (closes: #525404) translation. + - Added IDN (Internationalized Domain Names) support (closes: #537122). + + For more information please read /usr/share/doc/gnupg/changelog.gz. + + [ Thijs Kinkhorst ] + * Re-enable build-time tests, accidentally disabled due to false + logic in debian/rules. Thanks Neil Williams, closes: #521884. + * Checked for policy 3.8.2 and updated to debhelper 7. + * Install NEWS as upstream changelog. + + [ Daniel Leidert ] + * debian/control (Build-Depends): Added libcurl4-gnutls-dev (LP: #62864). + * debian/rules (CONFARGS): Add --enable-noexecstack to build gnupg without + executable stack on i386 (LP: #49323; closes: #527630). + (binary-arch): Register .info documentation (closes: #527570). + * debian/patches/24_gpgv_manpage_cleanup.dpatch: Party dropped (applied + upstream). + * debian/patches/25_de.po_fixes.dpatch: Dropped (applied upstream). + * debian/patches/99_yat2m_fix_samp_handling.dpatch: Ditto. + * debian/patches/00list: Adjusted. + + -- Thijs Kinkhorst Sat, 15 Aug 2009 18:43:03 +0200 + +gnupg (1.4.9-4ubuntu7) karmic; urgency=low + + * Fix udeb build failure on powerpc, building with -O2 instead of -Os. + + -- Matthias Klose Sun, 27 Sep 2009 13:49:46 +0200 + +gnupg (1.4.9-4ubuntu6) karmic; urgency=low + + * Build-depend on libreadline-dev instead of libreadline5-dev. + + -- Matthias Klose Sat, 19 Sep 2009 22:52:53 +0200 + +gnupg (1.4.9-4ubuntu5) karmic; urgency=low + + * debian/gnupg.udev: + Add udev rules to set ACLs on SCM smartcard readers. They replace the hal + rules for the same purpose. (LP: #57755) + * debian/rules: + Call dh_installudev. + + -- Michael Bienia Fri, 03 Jul 2009 15:38:40 +0200 + +gnupg (1.4.9-4ubuntu4) karmic; urgency=low + + * Undo the last change. A GnuPG bug with handling multiple keyservers + makes this break + + -- Mackenzie Morgan Sat, 20 Jun 2009 18:04:47 -0400 + +gnupg (1.4.9-4ubuntu3) karmic; urgency=low + + * deian/patches/100_ubuntu_default_keyserver.dpatch: (LP: #380093) + - Add keyserver.ubuntu.com as a default keyserver in g10/options.skel + + -- Mackenzie Morgan Mon, 25 May 2009 13:10:51 -0400 + +gnupg (1.4.9-4ubuntu2) karmic; urgency=low + + * debian/rules: add --enable-noexecstack to configure to avoid needless + executable stacks on i386 (LP: #49323, debian bug 527630). + * debian/rules: fix "nocheck" logic to run tests (debian bug 521884). + + -- Kees Cook Fri, 08 May 2009 09:12:18 -0700 + +gnupg (1.4.9-4ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test + since it fails with ulimit 0 (on buildds). + - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg + (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) + - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a + timeout updating the keyring (lp: 62864) + - Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent + curl and gcc 4.3 + + -- Nicolas Valcárcel Scerpella Tue, 05 May 2009 16:02:14 -0500 + +gnupg (1.4.9-4) unstable; urgency=low + + [ Daniel Leidert (dale) ] + * debian/compat: Added to define debhelper compat level 5. + * debian/control: (Build-Depends): Added debhelper v5. + * debian/gnupg.dirs: Added for new debhelper-based debian/rules. + * debian/gnupg.docs: Ditto. + * debian/gnupg.links: Ditto. + * debian/gnupg.manpages: Ditto. + * debian/gnupg-udeb.install: Ditto. + * debian/gpgv.files: Ditto. + * debian/gpgv-udeb.install: Ditto. + * debian/rules: Complete rewrite using debhelper (closes: #437050, #430459). + + [ Thijs Kinkhorst ] + * We don't install setuid root anymore, and have not even built + with capability support anyway in recent times. Drop libcap-dev + build-dependency and associated patches. (Closes: #492622). + * No longer install gpg-convert-from-106 in the path, but ship + this script to convert from GnuPG 1.0.6 and earlier as an + example. + * Add --disable-asm build flag on ppc64 architecture (Closes: #343434). + * Rephrase description on the subject of IDEA (Closes: #509853). + + -- Thijs Kinkhorst Mon, 16 Feb 2009 18:35:15 +0100 + +gnupg (1.4.9-3ubuntu1) intrepid; urgency=low + + * Merge from debian unstable (lp: #225005), remaining changes: + - Add 'debian/patches/50_disable_mlock_test.dpatch': Disable mlock() test + since it fails with ulimit 0 (on buildds). + - Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg + (or gpg2) and gpgsm to use a passphrase agent by default (lp: 15485) + - Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a + timeout updating the keyring (lp: 62864) + * Dropped Ubuntu patches, applied upstream: + - 50_show_primary_only.dpatch + - 60_install_options_skel.dpatch + * Add 'debian/patches/55_curl_typefix.dpatch': Fix a build error with recent + curl and gcc 4.3 (lp: #247679). Patch taken from upstream: + http://lists.gnupg.org/pipermail/gnupg-devel/2008-April/024344.html + + -- Michael Bienia Mon, 21 Jul 2008 02:02:14 +0200 + +gnupg (1.4.9-3) unstable; urgency=low + + * Add Package-Type: udeb to μdebs. + * Properly strip binaries shippped in μdebs. + * Disable libusb-dev build-dep on the Hurd (closes: #491864). + * Updated debian/copyright to GPLv3. + * Checked for policy 3.8.0, added README.source. + * Add self to uploaders. + + -- Thijs Kinkhorst Thu, 24 Jul 2008 22:25:09 +0200 + +gnupg (1.4.9-2) unstable; urgency=low + + [ Sune Vuorela ] + * Switch maintainer to maillist. This package is now officially team + maintained. + * Really enable patches added earlier. (Really Closes: #394037, #298699) + * Add a seahorse conflicts as the seahorse maintainer likes. + * Remove stamp files in clean. + + [ Thijs Kinkhorst ] + * Add watch file (Closes: #450670). + * Remove ancient (2002 and earlier) Conflicts, Replaces, Provides. + + [ Daniel Leidert ] + * debian/control: Added Vcs fields. + (Uploaders): Added myself. + * debian/gpg-zip.1: Fixed header. + + -- Sune Vuorela Sun, 08 Jun 2008 12:27:36 +0200 + +gnupg (1.4.9-1) unstable; urgency=low + + * New upstream release 1.4.9 (Closes: #452118). Based on Daniel Leiderts work + - Removed shutdown code in util/http.c (Closes: #201589). + - Limit bytes read for an unknown alogorithm (Closes: #402592). + - Build changes to fully evaluate paths (Closes: #402958, #412508, #420613). + - Decrypt multiple files and not just the first (Closes: #431828). + - Fixes yat2m and gpg.texi to fix formatting in the man-page + (Closes: #445328). + - Localizaton update for German locale (closes: #296128). + * Remove patch 28_multiple_message.dpatch, implemented upstream + * Remove ancient preinst script to support upgrades back in 1998 + * README.Debian is related to the ancient preinst script, so remove it as + well. + * debian/patches/99_yat2m_fix_samp_handling.dpatch: Added. + - doc/yat2m.c: Backport two fixes from the upstream SVN regarding the + correct handling of backslahes and fixing the samples output format + avoiding man-db warnings. + * Redo patches with dpatch-run instead of big patch blurb in the patches. + * Updated and added some tranlations (patch 25*) + (French: Closes: #394037) (Italian: Closes: #298699) + * Have gpg suggest libpcsclite1 (Closes: #297253) and a couple of image + viewers (Closes: #381419). + * No need to clean up in builddir before removing builddir + * if rm -rf fails, we should also fail + * Handle DEB_BUILD_OPTIONS=nostrip in debian/rules (Closes: #437050) + * add md5sums to package (Closes: 430459) + * Don't depend, but recommend libldap, this is only needed in some + cases. (Closes: 399167) + * Add manpage to gpg-zip. Thanks to Colin Tuckley and Daniel Leidert + * Bump standards. + * Add Homepage field to debian/control + * Run test suites. + + -- Sune Vuorela Sun, 01 Jun 2008 21:21:10 +0200 + +gnupg (1.4.6-3) unstable; urgency=low + + * Adopt package. Thanks to James Troup for his work in the far past. + Thanks to NMU'ers Bastian and Thijs. (Closes: #476418) + * Co-maintainers wanted. + * Don't build-dep on pcap on non-linux-archs. (Closes: #357267) + + -- Sune Vuorela Sat, 17 May 2008 15:42:55 +0200 + +gnupg (1.4.6-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Do not install gpg setuid root, this is not necessary anymore since + Linux kernel 2.6.9. (Closes: #356550, #346597, #453122) + * Update priority to match override (Closes: #340846). + + -- Thijs Kinkhorst Sat, 03 May 2008 16:20:56 +0200 + +gnupg (1.4.6-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove makedev dependency. (closes: #343988) + + -- Bastian Blank Sat, 23 Feb 2008 19:59:18 +0100 + +gnupg (1.4.6-2ubuntu5) hardy; urgency=low + + * No-change rebuild against libldap-2.4-2. + + -- Steve Langasek Wed, 23 Jan 2008 10:49:38 +0000 + +gnupg (1.4.6-2ubuntu4) gutsy; urgency=low + + * debian/patches/70_trust_error.dpatch: Removed as it broke setting the + trust level to 1 (LP: #147343). + + -- Michael Bienia Mon, 01 Oct 2007 21:52:52 +0200 + +gnupg (1.4.6-2ubuntu3) gutsy; urgency=low + + [ Scott Kitterman ] + * Add 'debian/patches/60_install_options_skel.dpatch': Patch to + install options file from upstream (LP: #76983) + * Add 'debian/patches/61_use_agent_default.dpatch': Patch to set gpg + (or gpg2) and gpgsm to use a passphrase agent by default (LP: #15485) + * Add 'debian/patches/70_trust_error.dpatch': Patch to disallow illegal + zero response for trust level changes (LP: #39459) + + [ Michael Bienia ] + * Add libcurl4-gnutls-dev to Build-Depends to fix gpg running into a timeout + updating the keyring (LP: #62864) + + -- Michael Bienia Fri, 06 Jul 2007 20:56:05 +0200 + +gnupg (1.4.6-2ubuntu2) gutsy; urgency=low + + * Add 'debian/patches/50_show_primary_only.dpatch': add + 'show-primary-uid-only' to verify options, to suppress 'aka' output + in key verifications, backported from 1.4.7 upstream. + + -- Kees Cook Tue, 15 May 2007 12:09:41 -0700 + +gnupg (1.4.6-2ubuntu1) gutsy; urgency=low + + * Merge from debian unstable, remaining changes: + - config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + - debian/rules: + + Do not install gpg as suid root, since that is not necessary with + kernels 2.6.8+. + + Make the build fail if the test suite fails. + - debian/control: Maintainer field update. + + -- Kees Cook Tue, 08 May 2007 02:21:26 -0700 + +gnupg (1.4.6-2) unstable; urgency=medium + + * 28_multiple_message.dpatch: new patch from upstream to fix problems + handling verification of messages with multiple + components. [CVE-2007-1263] + + -- James Troup Wed, 7 Mar 2007 21:47:35 +0000 + +gnupg (1.4.6-1ubuntu2) feisty; urgency=low + + * SECURITY UPDATE: without --status-fd, forged inline sigs can appear valid. + * debian/patches/50_stop_multiple_messages.dpatch: upstream patch. + * References + ftp://ftp.gnupg.org/gcrypt/gnupg/patches/gnupg-1.4.6-multiple-message.patch + CVE-2007-1263 + + -- Kees Cook Wed, 7 Mar 2007 11:53:20 -0800 + +gnupg (1.4.6-1ubuntu1) feisty; urgency=low + + * Merge from debian unstable, remaining changes: + - config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + - debian/rules: + + Do not install gpg as suid root, since that is not necessary with + kernels 2.6.8+. + + Make the build fail if the test suite fails. + + -- Kees Cook Tue, 12 Dec 2006 15:56:56 -0800 + +gnupg (1.4.6-1) unstable; urgency=high + + * New upstream release. + * Fixes remotely controllable function pointer [CVE-2006-6235] + + * 27_filename_overflow.dpatch: merged upstream, dropped. + * 24_gpgv_manpage_cleanup.dpatch: updated and a couple of additional + trivial fixes. + + * debian/rules (binary-arch): info copy of manuals moved to + /usr/share/info - remove them there instead. Manuals are now built + from texi source, so install them from build tree, not top level. + + * debian/copyright: update to add OpenSSL exemption for keyserver helper + tools. + + -- James Troup Thu, 7 Dec 2006 02:54:51 +0000 + +gnupg (1.4.5-3ubuntu2) feisty; urgency=low + + * SECURITY UPDATE: unwound stack data use, leading to arbitrary code + execution. + * Add debian/patches/29_dxf_context_stack.dpatch: upstream patch, use heap + for allocation instead. + * References + CVE-2006-6235 + + -- Kees Cook Wed, 6 Dec 2006 11:46:44 -0800 + +gnupg (1.4.5-3ubuntu1) feisty; urgency=low + + * Merge to Debian unstable. Remaining Ubuntu changes: + - config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + - debian/rules: + + Do not install gpg as suid root, since that is not necessary with + kernels 2.6.8+. + + Make the build fail if the test suite fails. + + -- Martin Pitt Tue, 28 Nov 2006 19:06:47 +0100 + +gnupg (1.4.5-3) unstable; urgency=high + + * 27_filename_overflow.dpatch: new patch from upstream to fix buffer + overflow in ask_outfile_name(). [CVE-2006-6169] + + -- James Troup Mon, 27 Nov 2006 21:23:37 +0000 + +gnupg (1.4.5-2ubuntu1) feisty; urgency=low + + * Merge to Debian unstable. Remaining Ubuntu changes: + - config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + - debian/rules: + + Do not install gpg as suid root, since that is not necessary with + kernels 2.6.8+. + + Make the build fail if the test suite fails. + + -- Martin Pitt Fri, 3 Nov 2006 09:18:26 +0100 + +gnupg (1.4.5-2) unstable; urgency=low + + * debian/control: add gpgv package. Make gnupg package depend on it. + * debian/rules (binary-arch): add support for building gpgv package. + Adapt gnupg package creation accordingly. + * debian/rules (clean): clean gpgv package temporary directory. + + -- James Troup Thu, 26 Oct 2006 02:14:46 +0100 + +gnupg (1.4.5-1) unstable; urgency=low + + * New upstream release. + * 23_getkey_utf8_userid.dpatch: superseded by different fix upstream, + dropped. + * 26_user_id_overflow.dpatch: merged upstream, dropped. + * 25_de.po_fixes.dpatch: updated. + + * debian/copyright: update FSF address. + * debian/changelog: convert to UTF-8. + * debian/control (Standards-Version): bump to 3.7.2.1. + + -- James Troup Tue, 1 Aug 2006 22:50:09 +0100 + +gnupg (1.4.3-2ubuntu3) edgy; urgency=low + + * SECURITY UPDATE: Local arbitrary code execution. + * Add debian/patches/27_comment_control_overflow.dpatch: + - Fix buffer overflows in parse_comment() and parse_gpg_control(). + - Patch extracted from stable 1.4.5 release. + - Reproducer: + perl -e 'print "\xfd\xff\xff\xff\xff\xfe"'| gpg --no-armor + - Credit: Evgeny Legerov + - CVE-2006-3746 + + -- Martin Pitt Thu, 3 Aug 2006 08:11:46 +0200 + +gnupg (1.4.3-2ubuntu2) edgy; urgency=low + + * Rebuild with current zlib1g-dev to fix udeb shlibdeps. Thanks to Evan + Dandrea for noticing. + + -- Colin Watson Mon, 31 Jul 2006 11:21:55 +0100 + +gnupg (1.4.3-2ubuntu1) edgy; urgency=low + + * Sync with Debian: + Remaining Ubuntu changes: + + config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + + debian/patches/20_no_tty_fix.dpatch: + - dropped, upstream now + + debian/rules: + - don't use the included gettext + - Don't install gpg as suid root, since that is not necessary with + kernels 2.6.8+ + - Make the build fail if the test suite fails + + -- Sebastian Dröge Wed, 28 Jun 2006 21:11:14 +0200 + +gnupg (1.4.3-2) unstable; urgency=low + + * 26_user_id_overflow.dpatch: new patch pulled from upstream SVN to fix + a crash when processing overly large User ID packets [CVE-2006-3082]. + Thanks to Alec Berryman . Closes: #375052 + + -- James Troup Fri, 23 Jun 2006 11:22:31 +0100 + +gnupg (1.4.3-1) unstable; urgency=low + + * New upstream release. + * 22_zero_length_mpi_fix.dpatch: merged upstream, dropped. + * debian/rules (test): s/g10.c/gpg.c/. + * 16_min_privileges.dpatch: likewise. + + * debian/control, debian/rules: apply patch from Max Vozeler + to build gnupg-udeb. Closes: #321948 + + * Based on discussion with and testing by Martin Pitt + : + * debian/rules (build-deb-stamp): don't pass --with-included-gettext to + configure. + * debian/rules (build-udeb-stamp): likewise. + * debian/rules (binary-arch): don't need to remove + usr/share/locale/locale.alias anymore as a result. + + * debian/rules (build-deb-stamp): pass --enable-mailto to configure. + Closes: #301308 + * debian/rules (build-udeb-stamp): likewise. + + * debian/control (Build-Depends): drop mail-transport-agent and... + * debian/rules (build-deb-stamp): pass + --with-mailprog=/usr/sbin/sendmail to configure instead. + * debian/rules (build-udeb-stamp): likewise. Closes: #333218 + + * debian/rules: put common configure options into CONFARGS variable and + rename the cross-compile-only variable to HOSTARG. + + * debian/rules (clean): also remove debian/gnupg-deb build directory. + + * debian/gpg-convert-from-106.1, debian/gpgsplit.1, debian/lspgpot.1: + new manpages from François Wendling . Closes: + #344314 + * debian/rules (binary-arch): install them. + + * The following is a patch from Frans Pop . Closes: + #360257 + * debian/control (Build-Depends): add dpkg-dev (>= 1.13.12). + * debian/rules (binary-arch): pass -tudeb when invoking dpkg-shlibdeps + for the .udeb builds. + + * 23_getkey_utf8_userid.dpatch: new patch from Fumitoshi UKAI + to fix '[User id not found]' message in non-UTF-8 + locales. Closes: #205028 + + * 24_gpgv_manpage_cleanup.dpatch: new patch from "Jim W. Jaszewski" + to fix small errors in the gpgv manpage. Closes: + #177951 + + * 25_de.po_fixes.dpatch: new patch from Jens Seidel + with small fixes to the German translations. + Closes: #314069 + + -- James Troup Wed, 5 Apr 2006 02:45:56 +0100 + +gnupg (1.4.2.2-1ubuntu2) dapper; urgency=low + + * debian/rules: + - Remove --with-included-gettext configure option; use libc's gettext to + get language pack support. Closes: LP#25609 + - rm'ing locale.alias is not necessary with this change, so change it to + rm -f to not break the build. + + -- Martin Pitt Mon, 3 Apr 2006 18:21:19 +0200 + +gnupg (1.4.2.2-1ubuntu1) dapper; urgency=low + + * Resynchronize with Debian, UVF exception approved by Matt. 1.4.2.2 only + contains a security fix, updated test cases, and updated translations. + * For reference and to ease future merges, these are the remaining Ubuntu + changes: + - debian/rules: Make the build fail if the test suite fails. + - debian/changelog: Add missing CVE number. + - Don't install gpg as suid root, since that is not necessary with kernels + 2.6.8+. + - config.h.in: Disable mlock() test since it fails with ulimit 0 (on + buildds). + - debian/patches/20_no_tty_fix.dpatch: Malone #5570 + + -- Martin Pitt Mon, 13 Mar 2006 12:42:00 +0100 + +gnupg (1.4.2.2-1) unstable; urgency=low + + * New upstream release. + * Fixes handling of files containing several signed messages. + [CVE-2006-0049] + + -- James Troup Fri, 10 Mar 2006 04:27:12 +0000 + +gnupg (1.4.2.1-0ubuntu1) dapper; urgency=low + + * New upstream security bugfix release, only contains the following changes: + - Security fix for a verification weakness in gpgv. Some input + could lead to gpgv exiting with 0 even if the detached signature + file did not carry any signature. This is not as fatal as it + might seem because the suggestion as always been not to rely on + th exit code but to parse the --status-fd messages. However it + is likely that gpgv is used in that simplified way and thus we + do this release. Same problem with "gpg --verify" but nobody + should have used this for signature verification without + checking the status codes anyway. [CVE-2006-0455] + - Added a test case for above vulnerability. + * debian/rules: Call the test suite during build. (Will fail the build + if the test suite fails.) + + -- Martin Pitt Fri, 17 Feb 2006 11:18:27 +0100 + +gnupg (1.4.2-2ubuntu2) dapper; urgency=low + + * Add 20_no_tty_fix.dpatch: + - Do not open /dev/tty if --no-tty is specified, since this breaks + programs like seahorse. + - Patch also accepted upstream. + - Thanks to Ryan Lortie for the patch. + - Malone #5570 + + -- Martin Pitt Fri, 16 Dec 2005 16:57:39 +0100 + +gnupg (1.4.2-2ubuntu1) dapper; urgency=low + + * Resynchronise with Debian. + + -- Martin Pitt Thu, 10 Nov 2005 16:13:10 -0500 + +gnupg (1.4.2-2) unstable; urgency=low + + * 22_zero_length_mpi_fix.dpatch: new patch; pull in upstream patch to + fix bug in reading a zero-length MPI. Closes: #330686 + + -- James Troup Sun, 2 Oct 2005 02:39:51 +0100 + +gnupg (1.4.2-1) unstable; urgency=low + + * New upstream release. + * Fixes extra ) on expired keys. Closes: #329402 + + * debian/control (Standards-Version): updated to 3.6.2.1. + + * debian/rules (binary-arch): drop 'gnupg/' from libexecdir passed to + make install. + + -- James Troup Sat, 24 Sep 2005 03:31:37 +0100 + +gnupg (1.4.1-1ubuntu2) dapper; urgency=low + + * debian/rules: Stop calling pkgstriptranslations, we now get it + for free with the new and improved dpkg-deb diversion hack. + + -- Adam Conrad Wed, 26 Oct 2005 10:42:17 +1000 + +gnupg (1.4.1-1ubuntu1) breezy; urgency=low + + * Resynchronise with Debian, fixing changelog ordering. + * Added CAN number to previous changelog entry. + + -- Martin Pitt Fri, 10 Jun 2005 10:36:38 +0200 + +gnupg (1.4.1-1) unstable; urgency=low + + * New upstream release. Closes: #307203 + * Fixes mis-selection of encryption key. Closes: #299814 + * Countermeasures against the Mister/Zuccherato CFB attack. + Closes: #300859 + * 18_ca_po_update.dpatch, 21_strgutil_update.dpatch: dropped - merged + upstream. + * debian/rules (build-deb-stamp): don't forcefully regenerate po/ca.gmo. + (clean): likewise, don't remove po/ca.gmo. + + -- James Troup Mon, 9 May 2005 23:41:50 +0100 + +gnupg (1.4.0-3ubuntu1) breezy; urgency=low + + * Merge Debian changes (#9358). + + -- Martin Pitt Fri, 15 Apr 2005 09:35:41 +0200 + +gnupg (1.4.0-3) unstable; urgency=low + + * debian/rules (binary-arch): move Russian manpage to correct (FHS) + location. Thanks to Uwe Zeisberger + for the report. Closes: #294196 + + -- James Troup Sun, 20 Feb 2005 22:55:11 +0000 + +gnupg (1.4.0-2) unstable; urgency=low + + * 18_ca_po_update.dpatch: re-added, updated for new upstream release. + Thanks to Jordi Mallach . + * debian/rules (build-deb): force regeneration of ca.gmo. + + * 21_strgutil_update.dpatch: new patch; pull in strgutil.c fixes from + 1.4.1rc1 to fix warnings about 'Invalid or incomplete multibyte or + wide character' with (at least) Latin-1 encoded UIDs. + + * debian/copyright: update year and version number. + + * debian/rules: apply patch to enable cross-build from NIIBE Yutaka + . Closes: #285293 + + * debian/rules: s/DEB_HOST_ARCH/DEB_BUILD_ARCH/ as the gpgv-udeb should + use the build architecture not host. + * debian/rules (build-udeb): pass $(CONFARGS) to configure here too. + + -- James Troup Sat, 5 Feb 2005 03:03:06 +0000 + +gnupg (1.4.0-1) unstable; urgency=low + + * New upstream release. Closes: #286058 + + * debian/control (Build-Depends): add libusb-dev and libreadline5-dev. + * debian/rules (binary): install doc/highlights-1.4.txt to + /usr/share/doc/gnupg/ too. + + * 17_ipv6_support.dpatch: removed; a different patch has been applied + upstream. + * 19_throw_keyid_compat.dpatch, 20_update_pgp8.dpatch: dropped; merged + upstream. + + * 16_min_privileges.dpatch: adjusted for new upstream release with + wiggle(1). + + * 18_ca_po_update.dpatch: dropped temporarily as it no longer applies. + + * Apply patch from Colin Watson to add gpgv-udeb package. Closes: #287106 + * debian/rules (build-udeb): also pass --without-readline to configure. + + -- James Troup Thu, 3 Feb 2005 23:52:49 +0000 + +gnupg (1.2.5-3.1) UNOFFICIAL; urgency=low + + * debian/control, debian/rules: Build gpgv-udeb, containing just + /usr/bin/gpgv built without bzip2 support and with -Os, for use in + debian-installer. + + -- Colin Watson Fri, 24 Dec 2004 13:42:23 +0000 + +gnupg (1.2.5-3ubuntu5) hoary; urgency=low + + * debian/rules: Call pkgstriptranslations if present (the package does not + use debhelper, thus it does not happen automatically). + + -- Martin Pitt Fri, 18 Mar 2005 13:04:50 +0000 + +gnupg (1.2.5-3ubuntu4) hoary; urgency=low + + * debian/control, debian/rules: Build gpgv-udeb, containing just + /usr/bin/gpgv built without bzip2 support and with -Os, for use in the + installer. + + -- Colin Watson Wed, 12 Jan 2005 14:52:51 +0000 + +gnupg (1.2.5-3ubuntu3) hoary; urgency=low + + * Disable HAVE_BROKEN_MLOCK, since the test fails if ulimit -l 0. + + -- LaMont Jones Tue, 30 Nov 2004 22:35:20 -0700 + +gnupg (1.2.5-3ubuntu2) hoary; urgency=low + + * No-change upload to get mlock test correct. + + -- LaMont Jones Tue, 30 Nov 2004 21:25:26 -0700 + +gnupg (1.2.5-3ubuntu1) hoary; urgency=low + + * Resynced to Debian; automatic sync result was a mess, redid from scratch. + * Do not install gnupg as suid root since the Ubuntu kernel now supports + calling mlock() as user. + + -- Martin Pitt Thu, 11 Nov 2004 11:08:42 +0100 + +gnupg (1.2.5-3) unstable; urgency=low + + * debian/rules (build): drop --with-capabilites for now. + * debian/rules (clean): don't remove fi.gmo now that we're no longer + patching it. + * Merge patch from Peter Palfrader to fix building + without capabilities and idempotency of build process after + 18_ca_po_update.dpatch. Closes: #262723 + + -- James Troup Mon, 2 Aug 2004 00:51:21 +0100 + +gnupg (1.2.5-2.1) unstable; urgency=low + + * Fix patches/15_free_caps to also build without capabilities. + * Remove po/ca.gmo in clean target. + + -- Peter Palfrader Sun, 1 Aug 2004 20:13:31 +0200 + +gnupg (1.2.5-2) unstable; urgency=low + + * 18_ca_po_update.dpatch: new patch from Jordi Mallach + to fix ca.po encoding. Closes: #237070 + + * 19_throw_keyid_compat.dpatch: new patch from Werner Koch + to add a --throw-keyid option for backwards + compatability. + + * 20_update_pgp8.dpatch: new patch from David Shaw + to update --pgp8 to match reality. + + -- James Troup Sat, 31 Jul 2004 10:55:30 +0100 + +gnupg (1.2.5-1) unstable; urgency=low + + * New upstream release. Closes: #262094 + * UID merging should now work on initial import. Closes: #236966 + + * 10_hppa_unaligned_constant.dpatch, 11_fi_po_update.dpatch, + 12_zero_length_header.dpatch, 13_revoked_keys.dpatch, + 14_getkey_not_found_fix.dpatch: merged upstream - removed. + + * debian/rules (binary-arch): add + 'mkinstalldirs=`pwd`/scripts/mkinstalldirs' to make install invocation + to work around broken Makefile. + + * debian/control (Standards-Version): bump to 3.6.1.1. + + * Apply patch from Martin Pitt to drop privileges as + early as possible. Closes: #260803 + + * debian/control (Build-Depends): add mail-transport-agent to ensure + gpgkeys_mailto is built. Thanks to Daniel Schepler + for noticing. Closes: #253681 + + * debian/rules, debian/preinst: Patch from David Weinehall + to use && in favour of -a as the latter is an XSI + extension. Closes: #257575 + + * 17_ipv6_support.dpatch: IPv6 patch from Jun-ichiro itojun Hagino. + Thanks to Fabio Massimo Di Nitto . + Closes: #209242 + + -- James Troup Thu, 29 Jul 2004 23:57:08 +0100 + +gnupg (1.2.4-4.1) unstable; urgency=low + + * 15_free_caps.dpatch: free allocated capability contexts when using + USE_CAPABILITIES. + * 16_min_privileges.dpatch: immediately drop root user to normal user and + keep only CAP_IPC_LOCK, which is dropped as well right after it is not + needed any more. This ensures minimal privileges. + * debian/rules: configure with --with-capabilities to tighten security. + * debian/control: this requires build-dependency libcap-dev. + + -- Martin Pitt Thu, 22 Jul 2004 02:08:56 +0200 + +gnupg (1.2.4-4) unstable; urgency=low + + * 12_zero_length_header.dpatch: update patch from David Shaw + to fix the fix of crashing on certain + keys. Closes: #234289 + + -- James Troup Mon, 23 Feb 2004 18:02:20 +0000 + +gnupg (1.2.4-3) unstable; urgency=low + + * Move to dpatch; existing non-debian/ change split into + 10_hppa_unaligned_constant.dpatch. + + * debian/rules: include /usr/share/dpatch/dpatch.make. + * debian/rules (build): depend on patch-stamp. + * debian/rules (clean): depend on unpatch. Remove debian/patched. + * debian/control (Build-Depends): add dpatch. + + * debian/rules: update version number and use install_foo convenience + variables. + * debian/rules (clean): remove emacs backup files from any directory. + + * 11_fi_po_update.dpatch: new patch from Tommi Vainikainen + to update Finnish translation as the current one + renders gnupg unusable. Closes: #232030, #222951, #192582 + * debian/rules (clean): remove po/fi.gmo to avoid dpkg-source errors + over unrepresentable changes to source. + + * 12_zero_length_header.dpatch: new patch from David Shaw + to fix cases where importing certain keys + makes the keyring unuseable. Closes: #232714 + + * 13_revoked_keys.dpatch: new patch from David Shaw + to list revoked keys as revoked. Closes: #231814 + + * 14_getkey_not_found_fix.dpatch: new patch from David Shaw + to fix --list-sigs incorrectly claiming "User + id not found". Closes: #229549 + + -- James Troup Fri, 20 Feb 2004 16:38:12 +0000 + +gnupg (1.2.4-2) unstable; urgency=low + + * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones + to fix unaligned constant. Closes: #228456 + * debian/copyright: update year and version number. + + -- James Troup Tue, 20 Jan 2004 17:19:58 +0000 + +gnupg (1.2.4-1) unstable; urgency=medium + + * New upstream release. + * Most support for ElGamal Sign+Encrypt keys has been removed. Closes: #222293 + * No longer miss-identifies GNU/KFreeBSD as GNU/Hurd. Closes: #216957 + * Fixes build error on GNU/KFreeBSD (and Glibc-based GNU/KNetBSD). Closes: #221079 + * Fixes segmentation fault in prime generator. Closes: #213989 + * Fixes trustdb not updating without ultimately trusted keys. Closes: #222368 + + * debian/control (Build-Depends): add libbz2-dev. + + -- James Troup Wed, 31 Dec 2003 17:57:52 +0000 + +gnupg (1.2.3-1) unstable; urgency=low + + * New upstream release (Closes: #207340). + * gpg no longer kills keyrings by importing broken keys. Closes: #196505 + * options.skel uses subkeys.pgp.net instead of pgp.mit.edu. Closes: #206092 + * --import now closes files when it's done. Closes: #196643 + * A key listing speed regression has been fixed. Closes: #192083 + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + * debian/control (Standards-Version): bump to 3.6.0. + + * debian/Upgrading_From_PGP.txt: new file from to Richard Braakman + . Closes: #173233 + * debian/rules (binary-arch): install it. + + * debian/rules (build): correct libexecdir passed to configure; patch + from Matthias Cramer . Fixes invocation of + gpgkeys_ldap. Closes: #168486 + + -- James Troup Thu, 28 Aug 2003 14:08:50 +0100 + +gnupg (1.2.2-1) unstable; urgency=low + + * New upstream release. + * debian/control (Standards-Version): bump to 3.5.9.0. + * debian/rules (binary-arch): install convert-from-106 as + gpg-convert-from-106 and fix the path to gpg. + * debian/control: remove trailing full stop from short description. + * debian/control: remove out-dated and contradictory information about + RSA. + + -- James Troup Mon, 5 May 2003 03:08:58 +0100 + +gnupg (1.2.1-2) unstable; urgency=low + + * Update config.guess (to 2002-10-21) and config.sub (to 2002-09-05). + Thanks to Ryan Murray. Closes: #166696 + + -- James Troup Mon, 28 Oct 2002 01:47:26 +0000 + +gnupg (1.2.1-1) unstable; urgency=low + + * New upstream version. + * An inifinte loop in --update-trustdb has been fixed. Closes: #162039 + * The polish translation is now correctly specified as UTF-8. Closes: #162885 + * --refresh-keys is now documented in the manpage. Closes: #165566 + * debian/control (Conflicts): add gpg-idea <= 2.2 since gnupg >= 1.2 is + incompatible with that version of gpg-idea. Closes: #162314 + + -- James Troup Fri, 25 Oct 2002 18:18:43 +0100 + +gnupg (1.2.0-1) unstable; urgency=low + + * New upstream version. Closes: #161817. + * --options no longer mis-handles a directory as an argument. Closes: #151973 + * gpg now prompts before sending all keys to the keyserver. Closes: #64607 + * There is now a gnupg(7) manpage. Closes: #157750 + * The permission checking has been sanitized and handles non-home-dir + keyrings better. Closes: #147760 + * notation data longer than 5 characters is now handled. Closes: #156871 + * an abort when setting trust levels in a czech locale has been fixed. + Closes: #149212 + * debian/rules (binary-arch): there are no more modules, adjust + accordingly. + * debian/postinst, debian/prerm: remove; no longer do /usr/doc symlinks. + * debian/rules (binary-arch): don't install obsolete postinst or prerm. + * debian/rules (binary-arch): gzip gnupg.7 too. + * debian/rules (build): pass --libexecdir=/usr/lib/gnupg to configure. + * debian/rules (binary-arch): likewise, pass suitable libexcedir + argument to make install. + * debian/control (Standards-Version): update to 3.5.7.0. + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + -- James Troup Sun, 22 Sep 2002 22:26:25 +0100 + +gnupg (1.0.7-2) unstable; urgency=low + + * debian/control (Suggests): add xloadimage since that's what gpg uses + by default to view photo IDs. Thanks to Julien Danjou + for the suggestion. Closes: #156245 + * debian/control (Depends): add "hurd" to the alternatives to + makedev. Thanks to Michal Suchanek for + noticing. Closes: #158492 + * po/it.po: patch to fix typos from Marco Bodrato + Thu, 29 Aug 2002 01:42:58 +0100 + +gnupg (1.0.7-1) unstable; urgency=low + + * New upstream version. Closes: #145477. + * GDBM support has been removed. Closes: #33009. + * Now adds the default keyring when a keyring is specified. + Closes: #50616, #65260. + * Now does the Right Thing when receiving a key from the keyserver and + the key in question is in both a read-only and writable keyring. + Closes: #63297. + * Automatic key retrieval is now configurable. Closes: #64940. + * --no-options supresses ~/.gnupg creation again. Closes: #95486. + * duplicate trust entries are no longer treated as an error. Closes: #96480. + * There's now no comment line in ascii armours. Closes: #100088. + * Handle secret keyring given as keyring better. Closes: #100581, #106670. + * It's now documented that --with-colons unconditionally uses UTF8. + Closes: #101446, 101454. + * s/now/knows/ typo in manpage fixed. Closes: #107471. + * There's now support for a primary UID. Closes: #106567, #108155. + * Handles errors in uncompression layer beter. Closes: #112392. + * Key selection has been entirely revamped. Closes: #136170. + * Handles empty encrypt-to. Closes: #138378 + + * debian/rules (binary-arch): remove empty /usr/info directory, thanks + to Joey Hess . Closes: #121864. + * debian/control: remove duplicated word from long description, thanks + to Nicolas Boulenguez . Closes: #144786. + * README: correct URL to GPH and other docs, thanks to Mark Brown + . Closes: #100277. + * debian/control (Standards-Version): updated to 3.5.6.1. + * debian/rules (binary-arch): only strip ELF binaries. es_ES -> es hack + no longer needed as fixed upstream. + * debian/control (Build-Depends): remove libgdbmg1-dev; no longer used. + * debian/README.Debian: remove note about gdbm support which was finally + removed. Update note on old versions of gnupg to reflect the + pre-historic nature of those versions. + * debian/control (Build-Depends): add libldap2-dev. + * debian/rules (binary-arch): call dpkg-shlibdeps for all ELF binaries. + * debian/control (Build-Depends): add file. + * debian/control (Priority): increase to standard to match overrides. + + -- James Troup Sat, 11 May 2002 15:08:02 +0100 + +gnupg (1.0.6-3) unstable; urgency=low + + * moved into main. + + -- James Troup Tue, 19 Mar 2002 16:17:09 +0000 + +gnupg (1.0.6-2) unstable; urgency=high + + * debian/rules (binary-arch): remove the erroneous + /usr/share/locale/locale.alias that 'make install' adds; closes: + #99293. + + -- James Troup Wed, 30 May 2001 20:40:59 +0100 + +gnupg (1.0.6-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 29 May 2001 20:59:49 +0100 + +gnupg (1.0.5-4) unstable; urgency=low + + * Patch from Werner. + + -- James Troup Sun, 27 May 2001 09:34:50 +0100 + +gnupg (1.0.5-3) unstable; urgency=low + + * Apply patch from Matthew Wilcox to fix assembly on + hppa. + + -- James Troup Sun, 13 May 2001 02:36:45 +0100 + +gnupg (1.0.5-2) unstable; urgency=medium + + * util/http.c: patch from Werner that fixes --send-key, closes: #96277. + * debian/control (Depends): accept devfsd in place of makedev, closes: + #96307. + + -- James Troup Mon, 7 May 2001 00:13:51 +0100 + +gnupg (1.0.5-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: fix spelling and update URL. + * debian/rules (binary): remove the new info files. + * scripts/config.{guess,sub}: sync with subversions, closes: #95729. + + -- James Troup Mon, 30 Apr 2001 02:12:38 +0100 + +gnupg (1.0.4-4) unstable; urgency=low + + * po/ru.po: patch by Ilya Martynov to replace German + entries and add missing translations, closes: #93987. + * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no + longer/g); noticed by Colin Watson , closes: + #93664. + + * Deprecated depreciated; noticed by Vincent Broman + . + + * Following two patches are from Vincent Broman. + * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference + to iobuf_get_fname(). + * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly. + + -- James Troup Fri, 20 Apr 2001 23:32:44 +0100 + +gnupg (1.0.4-3) unstable; urgency=medium + + * debian/rules (binary): make gpg binary suid, closes: #86433. + * debian/postinst: don't use suidregister. + * debian/postrm: removed (only called suidunregister). + * debian/control: conflict with suidmanager << 0.50. + * mpi/longlong.h: apply fix for ARM long long artimetic from Philip + Blundell , closes: #87487. + * debian/preinst: the old GnuPG debs have moved to people.debian.org. + * cipher/random.c: #include as well as + * g10/misc.c: likewise. + * debian/rules: define a strip alias which removes the .comment and + .note sections. + * debian/rules (binary-arch): use it. + * debian/lintian.override: new file; override the SUID warning from + lintian. + * debian/rules (binary-arch): install it. + + -- James Troup Sun, 25 Feb 2001 05:24:58 +0000 + +gnupg (1.0.4-2) stable unstable; urgency=high + + * Apply security fix patch from Werner. + * Apply another patch from Werner to fix bogus warning on Rijndael + usage. + * Change section to 'non-US'. + + -- James Troup Mon, 12 Feb 2001 07:47:02 +0000 + +gnupg (1.0.4-1) stable unstable; urgency=high + + * New upstream version. + * Fixes a serious bug which could lead to false signature verification + results when more than one signature is fed to gpg. + + -- James Troup Tue, 17 Oct 2000 17:26:17 +0100 + +gnupg (1.0.3b-1) unstable; urgency=low + + * New upstream snapshot version. + + -- James Troup Fri, 13 Oct 2000 18:08:14 +0100 + +gnupg (1.0.3-2) unstable; urgency=low + + * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref. + Fix long description to reflect the fact that RSA is no longer + patented and now included. [#72177] + * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ + from /usr/share/gnupg/. Thanks to Robert Luberda + for noticing. [#72151] + * debian/control: Suggest new package gnupg-doc. [#64323, #65560] + * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM, + as Linux will do this if resource limits (or other reasons) prevent + memory from being locked, instead treat it like permission was denied + and warn but continue. Thanks to Topi Miettinen + . [#70446] + * g10/hkp.c (not_implemented): s/ist/is/ in error message. + * debian/README.Debian: add a note about GDBM support and why it is + disabled. Upstream already fixed the manpage. [#65913] + * debian/rules (binary-arch): fix the Spanish translation to be 'es' not + 'es_ES' at Nicolás Lichtmaier 's request. [#57314] + + -- James Troup Sun, 1 Oct 2000 14:55:03 +0100 + +gnupg (1.0.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 18 Sep 2000 15:56:54 +0100 + +gnupg (1.0.2-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Thu, 13 Jul 2000 20:26:50 +0100 + +gnupg (1.0.1-2) unstable; urgency=low + + * debian/control (Build-Depends): added. + * debian/copyright: corrected location of copyright file. Removed + references to Linux. Removed warnings about beta nature of GnuPG. + * debian/rules (binary-arch): install documentation into + /usr/share/doc/gnupg/ and pass mandir to make install to ensure the + manpages go to /usr/share/man/. + * debian/postinst: create /usr/doc/gnupg symlink. + * debian/prerm: new file; remove /usr/doc/gnupg symlink. + * debian/rules (binary-arch): install prerm. + * debian/control (Standards-Version): updated to 3.1.1.1. + + -- James Troup Thu, 30 Dec 1999 16:16:49 +0000 + +gnupg (1.0.1-1) unstable; urgency=low + + * New upstream version. + * doc/gpg.1: updated to something usable from + ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz. + + -- James Troup Sun, 19 Dec 1999 23:47:10 +0000 + +gnupg (1.0.0-3) unstable; urgency=low + + * debian/rules (build): remove the stunningly ill-advised --host option + to configure. [#44698, #48212, #48281] + + -- James Troup Tue, 26 Oct 1999 01:12:59 +0100 + +gnupg (1.0.0-2) unstable; urgency=low + + * debian/rules (binary-arch): fix the permissions on the + modules. [#47280] + * debian/postinst, debian/postrm: fix the package name passed to + suidregister. [#45013] + * debian/control: update long description. [#44636] + * debian/rules (build): pass the host explicitly to configure to avoid + problems on sparc64. [(Should fix) #44698]. + + -- James Troup Wed, 20 Oct 1999 23:39:05 +0100 + +gnupg (1.0.0-1) unstable; urgency=low + + * New upstream release. [#44545] + + -- James Troup Wed, 8 Sep 1999 00:53:02 +0100 + +gnupg (0.9.10-2) unstable; urgency=low + + * debian/rules (binary-arch): install lspgpot. Requested by Kai + Henningsen . [#42288] + * debian/rules (binary-arch): correct the path where modules are looked + for. Reported by Karl M. Hegbloom . [#40881] + * debian/postinst, debian/postrm: under protest, register gpg the + package with suidmanager and make it suid by default. + [#29780,#32590,#40391] + + -- James Troup Tue, 10 Aug 1999 00:12:40 +0100 + +gnupg (0.9.10-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Fri, 6 Aug 1999 01:16:21 +0100 + +gnupg (0.9.9-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sun, 25 Jul 1999 01:06:31 +0100 + +gnupg (0.9.8-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): don't create a gpgm manpage as the binary + no longer exists. Noticed by Wichert Akkerman + . [#38864] + + -- James Troup Sun, 27 Jun 1999 01:07:58 +0100 + +gnupg (0.9.7-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 25 May 1999 13:23:24 +0100 + +gnupg (0.9.6-1) unstable; urgency=low + + * New upstream version. + * debian/copyright: update version number, noticed by Lazarus Long + . + * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure + that /dev/urandom exists; reported by Steffen Markert + . [#32076] + + -- James Troup Tue, 11 May 1999 21:06:27 +0100 + +gnupg (0.9.5-1) unstable; urgency=low + + * New upstream version. + * debian/control (Description): no tabs. [Lintian] + + -- James Troup Wed, 24 Mar 1999 22:37:40 +0000 + +gnupg (0.9.4-1) unstable; urgency=low + + * New version. + * debian/control: s/GNUPG/GnuPG/ + + -- Werner Koch Mon, 8 Mar 1999 19:58:28 +0100 + +gnupg (0.9.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Mon, 22 Feb 1999 22:55:04 +0000 + +gnupg (0.9.2-1) unstable; urgency=low + + * New version. + * debian/rules (build): Removed CFLAGS as the default is now sufficient. + * debian/rules (clean): remove special handling cleanup in intl. + + -- Werner Koch Wed, 20 Jan 1999 21:23:11 +0100 + +gnupg (0.9.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 9 Jan 1999 22:29:11 +0000 + +gnupg (0.9.0-1) unstable; urgency=low + + * New upstream version. + * g10/armor.c (armor_filter): add missing new line in comment string; as + noticed by Stainless Steel Rat . + + -- James Troup Tue, 29 Dec 1998 20:22:43 +0000 + +gnupg (0.4.5-1) unstable; urgency=low + + * New upstream version. + * debian/rules (clean): force removal of intl/libintl.h which the + Makefiles fail to remove properly. + + -- James Troup Tue, 8 Dec 1998 22:40:23 +0000 + +gnupg (0.4.4-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 21 Nov 1998 01:34:29 +0000 + +gnupg (0.4.3-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: new file; contains same information as is in the + preinst. Suggested by Wichert Akkerman . + * debian/rules (binary-arch): install `README.Debian' + * debian/control (Standards-Version): updated to 2.5.0.0. + + -- James Troup Sun, 8 Nov 1998 19:08:12 +0000 + +gnupg (0.4.2-1) unstable; urgency=low + + * New upstream version. + * debian/preinst: improve message about the NEWS file which isn't + actually installed when it's referred to, thanks to Martin Mitchell + . + * debian/rules (binary-arch): don't install the now non-existent `rfcs', + but do install `OpenPGP'. + + -- James Troup Sun, 18 Oct 1998 22:48:34 +0100 + +gnupg (0.4.1-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): fix the gpgm manpage symlink now installed + by `make install'. + + -- James Troup Sun, 11 Oct 1998 17:01:21 +0100 + +gnupg (0.4.0-1) unstable; urgency=high + + * New upstream version. [#26717] + * debian/copyright: tone down warning about alpha nature of gnupg. + * debian/copyright: new maintainer address. + * debian/control: update extended description. + * debian/rules (binary-arch): install FAQ and all ChangeLogs. + * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about + incompatibilities in keyring format and offer to move old copy out of + gpg out of the way for transition strategy and inform the user about + the old copies of gnupg available on my web page. + * debian/rules (binary-arch) install preinst. + * debian/rules (binary-arch): don't depend on the test target as it is + now partially interactive (tries to generate a key, which requires + someone else to be using the computer). + + -- James Troup Thu, 8 Oct 1998 00:47:07 +0100 + +gnupg (0.3.2-1) unstable; urgency=low + + * New upstream version. + * debian/control (Maintainer): new address. + * debian/copyright: updated list of changes. + + -- James Troup Thu, 9 Jul 1998 21:06:07 +0200 + +gnupg (0.3.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Tue, 7 Jul 1998 00:26:21 +0200 + +gnupg (0.3.0-2) unstable; urgency=low + + * Applied bug-fix patch from Werner. + + -- James Troup Fri, 26 Jun 1998 12:18:29 +0200 + +gnupg (0.3.0-1) unstable; urgency=low + + * New upstream version. + * debian/control: rewrote short and long description. + * cipher/Makefile.am: link tiger with -lc. + * debian/rules (binary-arch): strip loadable modules. + * util/secmem.c (lock_pool): get rid of errant test code; fix from + Werner Koch . + * debian/rules (test): new target which runs gnupg's test suite. + binary-arch depends on it, to ensure it's run whenever the package is + built. + + -- James Troup Thu, 25 Jun 1998 16:04:57 +0200 + +gnupg (0.2.19-1) unstable; urgency=low + + * New upstream version. + * debian/control: Updated long description. + + -- James Troup Sat, 30 May 1998 12:12:35 +0200 + +gnupg (0.2.18-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 16 May 1998 11:52:47 +0200 + +gnupg (0.2.17-1) unstable; urgency=high + + * New upstream version. + * debian/control (Standards-Version): updated to 2.4.1.0. + * debian/control: tone down warning about alpha nature of gnupg, as per + README. + * debian/copyright: ditto. + + -- James Troup Mon, 4 May 1998 22:36:51 +0200 + +gnupg (0.2.15-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Fri, 10 Apr 1998 01:12:20 +0100 + +gnupg (0.2.13-1) unstable; urgency=high + + * New upstream version. + + -- James Troup Wed, 11 Mar 1998 01:52:51 +0000 + +gnupg (0.2.12-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Sat, 7 Mar 1998 13:52:40 +0000 + +gnupg (0.2.11-1) unstable; urgency=low + + * New upstream version. + + -- James Troup Wed, 4 Mar 1998 01:32:12 +0000 + +gnupg (0.2.10-1) unstable; urgency=low + + * New upstream version. + * Name changed upstream. + + -- James Troup Mon, 2 Mar 1998 07:32:05 +0000 + +g10 (0.2.7-1) unstable; urgency=low + + * Initial release. + + -- James Troup Fri, 20 Feb 1998 02:05:34 +0000 --- gnupg-1.4.11.orig/debian/gnupg.bug-presubj +++ gnupg-1.4.11/debian/gnupg.bug-presubj @@ -0,0 +1,2 @@ +Please consider reading /usr/share/doc/gnupg/README.BUGS.Debian before +sending a bug report. Maybe you'll find your problem there. --- gnupg-1.4.11.orig/debian/gnupg.install +++ gnupg-1.4.11/debian/gnupg.install @@ -0,0 +1 @@ +tools/lspgpot usr/bin --- gnupg-1.4.11.orig/debian/gnupg-udeb.install +++ gnupg-1.4.11/debian/gnupg-udeb.install @@ -0,0 +1 @@ +build-udeb/g10/gpg usr/bin/ --- gnupg-1.4.11.orig/debian/gnupg.udev +++ gnupg-1.4.11/debian/gnupg.udev @@ -0,0 +1,12 @@ +# do not edit this file, it will be overwritten on update + +SUBSYSTEM!="usb", GOTO="gnupg_rules_end" +ACTION!="add", GOTO="gnupg_rules_end" + +# USB SmartCard Readers +## SCM readers (SCR335, SPR532, & Co) +ATTR{idVendor}=="04e6", ATTR{idProduct}=="e001", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +ATTR{idVendor}=="04e6", ATTR{idProduct}=="e003", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" +ATTR{idVendor}=="04e6", ATTR{idProduct}=="5115", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg" + +LABEL="gnupg_rules_end" --- gnupg-1.4.11.orig/debian/gpgv-udeb.install +++ gnupg-1.4.11/debian/gpgv-udeb.install @@ -0,0 +1 @@ +build-udeb/g10/gpgv usr/bin/ --- gnupg-1.4.11.orig/debian/compat +++ gnupg-1.4.11/debian/compat @@ -0,0 +1 @@ +7 --- gnupg-1.4.11.orig/debian/gnupg.examples +++ gnupg-1.4.11/debian/gnupg.examples @@ -0,0 +1 @@ +tools/convert-from-106 --- gnupg-1.4.11.orig/debian/copyright +++ gnupg-1.4.11/debian/copyright @@ -0,0 +1,41 @@ +This is Debian GNU's prepackaged version of GnuPG, a free PGP +replacement. + +This package was put together by me, James Troup , +from the sources, which I obtained from +ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.6.tar.gz. The changes were +minimal, namely: + +- adding support for the Debian package maintenance scheme, by adding + various debian/* files. + +Program Copyright (C) 1998-2009 Free Software Foundation, Inc. +Modifications for Debian Copyright (C) 1998-2006 James Troup, +2008-2009 Daniel Leidert, Sune Vuorela, Thijs Kinkhorst. + +GnuPG is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3 of the License, or (at your +option) any later version. + +GnuPG is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +You should have received a copy of the GNU General Public License with +your Debian GNU system, in /usr/share/common-licenses/GPL, or with the +Debian GNU gnupg source package as the file COPYING. If not, see + or write to the Free Software Foundation, +Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +In addition, as a special exception, the Free Software Foundation +gives permission to link the code of the keyserver helper tools: +gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL project's +"OpenSSL" library (or with modified versions of it that use the same +license as the "OpenSSL" library), and distribute the linked +executables. You must obey the GNU General Public License in all +respects for all of the code used other than "OpenSSL". If you modify +this file, you may extend this exception to your version of the file, +but you are not obligated to do so. If you do not wish to do so, +delete this exception statement from your version. --- gnupg-1.4.11.orig/debian/gnupg.docs +++ gnupg-1.4.11/debian/gnupg.docs @@ -0,0 +1,9 @@ +README +THANKS +TODO +doc/DETAILS +doc/FAQ +doc/highlights-1.4.txt +doc/OpenPGP +debian/Upgrading_From_PGP.txt +debian/README.BUGS.Debian --- gnupg-1.4.11.orig/debian/gnupg-curl.preinst +++ gnupg-1.4.11/debian/gnupg-curl.preinst @@ -0,0 +1,19 @@ +#!/bin/sh +# preinst script for gnupg-curl +# +# see: dh_installdeb(1) + +set -e + +if [ "$1" = install ] || [ "$1" = upgrade ] ; then + dpkg-divert --package gnupg-curl \ + --divert /usr/lib/gnupg/gpgkeys_curl.non_curl \ + --rename /usr/lib/gnupg/gpgkeys_curl + dpkg-divert --package gnupg-curl \ + --divert /usr/lib/gnupg/gpgkeys_hkp.non_curl \ + --rename /usr/lib/gnupg/gpgkeys_hkp +fi + +#DEBHELPER# + +exit 0 --- gnupg-1.4.11.orig/debian/gnupg-curl.postrm +++ gnupg-1.4.11/debian/gnupg-curl.postrm @@ -0,0 +1,17 @@ +#!/bin/sh +# postrm script for gnupg-curl +# +# see: dh_installdeb(1) + +set -e + +if [ "$1" = remove ] ; then + dpkg-divert --package gnupg-curl --rename \ + --remove /usr/lib/gnupg/gpgkeys_curl + dpkg-divert --package gnupg-curl --rename \ + --remove /usr/lib/gnupg/gpgkeys_hkp +fi + +#DEBHELPER# + +exit 0 --- gnupg-1.4.11.orig/debian/watch +++ gnupg-1.4.11/debian/watch @@ -0,0 +1,2 @@ +version=3 +opts=pasv ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-(1\.[\d\.]+)\.tar\.gz --- gnupg-1.4.11.orig/debian/README.Debian +++ gnupg-1.4.11/debian/README.Debian @@ -0,0 +1,18 @@ +GnuPG for Debian +================ + +A comprehensive manual (the GNU Privacy Handbook) is included in the +gnupg-doc package. It can also be found online at +. + +Smart card readers +------------------ +If udev, consolekit, and gnupg are installed, then locally logged-in +users will be automatically granted permission to access any detected +USB SmartCard reader devices. + +/lib/udev/rules.d/60-gnupg.rules lists the supported devices. If yours +is not listed there, you can try creating a copy of that file in +/etc/udev/rules.d/ with your device’s information. Wishlist bugs +against the gnupg package about unsupported devices would be welcome. + --- gnupg-1.4.11.orig/debian/gnupg.manpages +++ gnupg-1.4.11/debian/gnupg.manpages @@ -0,0 +1,3 @@ +debian/gpgsplit.1 +debian/lspgpot.1 +debian/gpg-zip.1 --- gnupg-1.4.11.orig/debian/lspgpot.1 +++ gnupg-1.4.11/debian/lspgpot.1 @@ -0,0 +1,22 @@ +.TH "lspgpot" 1 "December 2005" + +.SH NAME +lspgpot - extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + + +.SH SYNOPSIS +.B lspgpot + + +.SH DESCRIPTION +.B lspgpot +extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +. + +This manpage was written by Francois Wendling . + --- gnupg-1.4.11.orig/debian/gpgsplit.1 +++ gnupg-1.4.11/debian/gpgsplit.1 @@ -0,0 +1,41 @@ +.TH "gpgsplit" 1 "December 2005" + +.SH NAME +gpgsplit \- Split an OpenPGP message into packets + +.SH SYNOPSIS +.B gpgsplit +.RI [ OPTIONS ] +.RI [ FILES ] + +.SH DESCRIPTION +This manual page documents briefly the +.B gpgsplit +command. +.PP +.B gpgsplit +splits an OpenPGP message into packets. + +.SH OPTIONS +.TP +.BR \-v , \-\-verbose +Verbose. +.TP +.BR \-p , "\-\-prefix " \fISTRING\fR +Prepend filenames with \fISTRING\fR. +.TP +.B \-\-uncompress +Uncompress a packet. +.TP +.B \-\-secret\-to\-public +Convert secret keys to public keys. +.TP +.B \-\-no\-split +Write to stdout and don't actually split. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +. + +This manpage was written by Francois Wendling . + --- gnupg-1.4.11.orig/debian/Upgrading_From_PGP.txt +++ gnupg-1.4.11/debian/Upgrading_From_PGP.txt @@ -0,0 +1,76 @@ +For a long time I have wanted to switch from using PGP 2.x to using GPG +(because it's Free). But I didn't want to give up my trusty PGP key, +which has a long history and has gathered a lot of signatures that +I would have trouble getting again. + +Now that the RSA patent has expired, GPG comes with RSA support +by default. This means that it's actually possible to convert +your PGP key to a GPG key, and use it normally with GPG. You +will not need gpg-idea or any other non-free component. + +The steps are quite easy. I wrote them down here, because I expect +that a number of Debian maintainers are in the same situation +and can benefit from this advice. + +Note that the GPG FAQ contains a section about the same thing, +but it's aimed at maintaining compatibility with PGP 2.x. +The procedure I describe here is designed solely to switch +to GPG without giving up your PGP key. It will not let you +exchange encrypted mail with someone who still uses (only) PGP 2.x. +But if you ever need to do that, you can pull out your old copy +of PGP for that -- it's the same key! + +Here are the steps: + + 0. Make sure your version of GPG supports RSA. You should be + okay if you have GPG 1.0.3 or newer. I used GPG 1.0.4 myself. + + 1. Back up your .pgp directory, and your .gnupg directory (if any). + Note: I started with an empty .gnupg directory for this. + If you already have a GPG ring with a set of keys, you'll + end up having two keys with probably the same userids. + That won't break anything, but it can be confusing and it + is easy to accidentally use the wrong key. + + 2. Remove the passphrase from your PGP secret key. This is necessary + because the secret key is protected using the IDEA algorithm, and + IDEA is still patented so GPG does not support it. + Command: + pgp -ke userid + where userid is what you use to access your key, usually your name + or email address. Just hit Enter when PGP asks for the new + passphrase. + + 3. Import your secret and public keys into GPG. + Command: + gpg --import $HOME/.pgp/secring.pgp $HOME/.pgp/pubring.pgp + There doesn't seem to be a way to tell GPG to import only selected + keys from those files, so you may want to first use PGP to export + your keys to a small keyring. (Do not use ASCII armor for that.) + I simply imported all the keys, because I wanted to convert to using + GPG for everything. + + 4. Re-protect your secret key with a passphrase. + You removed the passphrase in step 2, you can now put it back. + Command: + gpg --edit-key userid + GPG will tell you what key you accessed and prompt you to do + something with it. Tell it "passwd" to change the passphrase. + + 5. Check if everything worked. Sign and encrypt a small file, + mail it to a friend, see if you can decrypt something mailed + to you, upload a Debian package, that sort of thing. + + 6. Clean up the backups. Remember, you un-protected your PGP key. + It's still not protected, and it's the same key you are now using + with GPG. Make sure no one can get at it. You can restore + the backup, or run pgp -ke again, or -- if you don't plan to ever + use PGP again -- delete the key. There is a program in fileutils + called "shred" which may help with this. + +Well, I hope this helps someone. I wrote this down after exactly one +experience with converting keys -- I'd love to have feedback from +someone else who tried it. + +Richard Braakman +with tips from Adam Rogoyski, Marco d'Itri, and Andrew Pimlott. --- gnupg-1.4.11.orig/debian/gpg-zip.1 +++ gnupg-1.4.11/debian/gpg-zip.1 @@ -0,0 +1,102 @@ +.TH "GPG\-ZIP" 1 "November 2006" + +.SH NAME +gpg\-zip \- encrypt or sign files into an archive + +.SH SYNOPSIS +.B gpg\-zip +.RB [ OPTIONS ] +.IR filename1 " [" "filename2, ..." ] +.IR directory1 " [" "directory2, ..." ] + +.SH DESCRIPTION +This manual page documents briefly the +.B gpg\-zip +command. +.PP +.B gpg\-zip +encrypts or signs files into an archive. It is an gpg-ized tar using the +same format as PGP's PGP Zip. + +.SH OPTIONS +.TP +.BR \-e ", " \-\-encrypt +Encrypt data. This option may be combined with +.B \-\-symmetric +(for output that may be decrypted via a secret key or a passphrase). +.TP +.BR \-d ", " \-\-decrypt +Decrypt data. +.TP +.BR \-c ", " \-\-symmetric +Encrypt with a symmetric cipher using a passphrase. The default +symmetric cipher used is CAST5, but may be chosen with the +.B \-\-cipher\-algo +option to +.BR gpg (1). +.TP +.BR \-s ", " \-\-sign +Make a signature. See +.BR gpg (1). +.TP +.BR \-r ", " \-\-recipient " \fIUSER\fR" +Encrypt for user id \fIUSER\fR. See +.BR gpg (1). +.TP +.BR \-u ", " \-\-local\-user " \fIUSER\fR" +Use \fIUSER\fR as the key to sign with. See +.BR gpg (1). +.TP +.B \-\-list\-archive +List the contents of the specified archive. +.TP +.BR \-o ", " \-\-output " " \fIFILE\fR" +Write output to specified file +.IR FILE . +.TP +.BI \-\-gpg " GPG" +Use the specified command instead of +.BR gpg . +.TP +.BI \-\-gpg\-args " ARGS" +Pass the specified options to +.BR gpg (1). +.TP +.BI \-\-tar " TAR" +Use the specified command instead of +.BR tar . +.TP +.BI \-\-tar\-args " ARGS" +Pass the specified options to +.BR tar (1). +.TP +.BR \-h ", " \-\-help +Output a short usage information. +.TP +.B \-\-version +Output the program version. + +.SH DIAGNOSTICS +The program returns \fB0\fR if everything was fine, \fB1\fR otherwise. + +.SH EXAMPLES +Encrypt the contents of directory \fImydocs\fR for user Bob to file \fItest1\fR: +.IP +.B gpg\-zip \-\-encrypt \-\-output test1 \-\-gpg-args ""\-r Bob"" mydocs +.PP +List the contents of archive \fItest1\fR: +.IP +.B gpg\-zip \-\-list\-archive test1 + +.SH SEE ALSO +.BR gpg (1), +.BR tar (1) + +.SH AUTHOR +Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to +<\&bug-gnupg@gnu.org\&>. + +This manpage was written by \fBColin Tuckley\fR <\&colin@tuckley.org\&> +and \fBDaniel Leidert\fR <\&daniel.leidert@wgdd.de\&> for the Debian +distribution (but may be used by others). + --- gnupg-1.4.11.orig/debian/rules +++ gnupg-1.4.11/debian/rules @@ -0,0 +1,147 @@ +#!/usr/bin/make -f +# debian/rules file - for GNUPG (1.4.6) +# Based on sample debian/rules file - for GNU Hello (1.3). +# Copyright 1994,1995 by Ian Jackson. +# Copyright 1998-2006 by James Troup. +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified + +include /usr/share/dpatch/dpatch.make + +################################## variables ################################# + +#VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2) + +DEB_BUILD_GNU_TYPE = $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_GNU_TYPE = $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_ARCH := $(shell dpkg-architecture -qDEB_BUILD_ARCH) +DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +CONFARGS = --prefix=/usr --libexecdir=/usr/lib/ \ + --enable-mailto --with-mailprog=/usr/sbin/sendmail \ + --enable-noexecstack --enable-large-secmem + +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +HOSTARG += --host=$(DEB_HOST_GNU_TYPE) +endif + +ifeq ($(DEB_BUILD_ARCH),ppc64) +CONFARGS += --disable-asm +endif + +LDFLAGS += -Wl,--as-needed + +################################### configure ################################ + +build-deb/config.status: + dh_testdir + (mkdir -p $(@D); cd $(@D); \ + ../configure $(CONFARGS) $(HOSTARG) --without-libcurl) + +build-deb-curl/config.status: + dh_testdir + (mkdir -p $(@D); cd $(@D); \ + ../configure $(CONFARGS) $(HOSTARG)) + +build-udeb/config.status: + dh_testdir + (mkdir -p $(@D); cd $(@D); CFLAGS="-g $(if $(filter powerpc,$(DEB_BUILD_ARCH)),-O2,-Os)" \ + ../configure $(CONFARGS) $(HOSTARG) \ + --without-bzip2 --without-readline --without-libcurl) + +##################################### build ################################## + +build-deb-stamp: patch-stamp build-deb/config.status + dh_testdir + $(MAKE) -C build-deb/ +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + make -C build-deb/checks check || exit 1 +endif + touch $@ + +build-deb-curl-stamp: patch-stamp build-deb-curl/config.status + dh_testdir + $(MAKE) -C build-deb-curl/ +ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) + make -C build-deb-curl/checks check || exit 1 +endif + touch $@ + +build-udeb-stamp: patch-stamp build-udeb/config.status + dh_testdir + $(MAKE) -C build-udeb/ + touch $@ + +build: build-deb-stamp build-deb-curl-stamp build-udeb-stamp + +##################################### clean ################################## + +clean: unpatch + dh_testdir + dh_testroot + rm -rf build-udeb/ build-deb-curl/ build-deb/ + # find . -name \*~ | xargs rm -vf + dh_clean build-deb-stamp build-deb-curl-stamp build-udeb-stamp patch-stamp + +#################################### install ################################# + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) -C build-deb install DESTDIR=$(CURDIR)/debian/gnupg + : # Move localized manpages to FHS compliant locations + mv debian/gnupg/usr/share/man/man1/gpg.ru.1 debian/gnupg/usr/share/man/ru/man1/gpg.1 + : # Remove from /usr/share/gnupg what we install into /usr/share/doc/gnupg/ + $(RM) debian/gnupg/usr/share/gnupg/FAQ + $(RM) debian/gnupg/usr/share/info/dir* + find debian/gnupg/ -type d -empty | xargs rmdir + $(MAKE) -C build-deb-curl/keyserver install DESTDIR=$(CURDIR)/debian/gnupg-curl + $(RM) debian/gnupg-curl/usr/lib/gnupg/gpgkeys_finger \ + debian/gnupg-curl/usr/lib/gnupg/gpgkeys_ldap \ + debian/gnupg-curl/usr/lib/gnupg/gpgkeys_mailto + +#################################### binary ################################## + +binary-indep: build install + +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installchangelogs -a NEWS + # Do we want to ship these 100 of kB's changelogs? + for i in checks cipher doc g10 include keyserver mpi po tools util; do \ + install -m 644 $$i/ChangeLog debian/gnupg/usr/share/doc/gnupg/changelog.$$i; \ + done + install -m 644 ChangeLog debian/gnupg/usr/share/doc/gnupg/changelog.toplevel + install -m 644 keyserver/ChangeLog debian/gnupg-curl/usr/share/doc/gnupg-curl/changelog.keyserver + dh_installdocs -a + dh_installexamples -a + dh_movefiles -a -pgpgv --sourcedir=debian/gnupg + dh_install -a + dh_installinfo -a doc/gnupg1.info + dh_installman -a + dh_installudev -a + if which dh_bugfiles ; then dh_bugfiles -a ; fi + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a +ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) + # see http://www.gnupg.org/faq.html#q6.1 + chown root:root debian/gnupg/usr/bin/gpg + chmod 4755 debian/gnupg/usr/bin/gpg +endif + dh_installdeb -a + dh_shlibdeps -a -X debian/gnupg/usr/lib/gnupg/gpgkeys_ldap -- -dRecommends $(CURDIR)/debian/gnupg/usr/lib/gnupg/gpgkeys_ldap -dDepends + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-arch + +.PHONY: build binary binary-arch clean --- gnupg-1.4.11.orig/debian/patches/CVE-2015-1607.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2015-1607.dpatch @@ -0,0 +1,694 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 57af33d9e7c9b20b413b96882e670e75a67a5e65 Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Sat, 21 Feb 2015 23:10:32 -0500 +# Subject: [PATCH] Use inline functions to convert buffer data to scalars. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/apdu.c gnupg-1.4.11/g10/apdu.c +--- gnupg-1.4.11~/g10/apdu.c 2009-07-21 09:21:44.000000000 -0400 ++++ gnupg-1.4.11/g10/apdu.c 2015-03-25 13:59:41.963070843 -0400 +@@ -60,6 +60,7 @@ + #include "scdaemon.h" + #include "exechelp.h" + #endif /* GNUPG_MAJOR_VERSION != 1 */ ++#include "../include/host2net.h" + + #include "apdu.h" + #include "ccid-driver.h" +@@ -903,15 +904,14 @@ + i? strerror (errno) : "premature EOF"); + goto command_failed; + } +- len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; ++ len = buf32_to_size_t (msgbuf+1); + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ +- err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) +- | (msgbuf[7] << 8 ) | msgbuf[8]); ++ err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); + if (err) + { + log_error ("pcsc_status failed: %s (0x%lx)\n", +@@ -1071,15 +1071,14 @@ + i? strerror (errno) : "premature EOF"); + goto command_failed; + } +- len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; ++ len = buf32_to_size_t (msgbuf+1); + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ +- err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) +- | (msgbuf[7] << 8 ) | msgbuf[8]); ++ err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); + if (err) + { + log_error ("pcsc_transmit failed: %s (0x%lx)\n", +@@ -1204,15 +1203,14 @@ + i? strerror (errno) : "premature EOF"); + goto command_failed; + } +- len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; ++ len = buf32_to_size_t (msgbuf+1); + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); + goto command_failed; + } + len -= 4; /* Already read the error code. */ +- err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) +- | (msgbuf[7] << 8 ) | msgbuf[8]); ++ err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); + if (err) + log_error ("pcsc_close failed: %s (0x%lx)\n", + pcsc_error_string (err), err); +@@ -1391,7 +1389,7 @@ + i? strerror (errno) : "premature EOF"); + goto command_failed; + } +- len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; ++ len = buf32_to_size_t (msgbuf+1); + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); +@@ -1405,8 +1403,7 @@ + sw = SW_HOST_GENERAL_ERROR; + goto command_failed; + } +- err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) +- | (msgbuf[7] << 8 ) | msgbuf[8]); ++ err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); + if (err) + { + log_error ("PC/SC RESET failed: %s (0x%lx)\n", +@@ -1706,7 +1703,7 @@ + i? strerror (errno) : "premature EOF"); + goto command_failed; + } +- len = (msgbuf[1] << 24) | (msgbuf[2] << 16) | (msgbuf[3] << 8 ) | msgbuf[4]; ++ len = buf32_to_size_t (msgbuf+1); + if (msgbuf[0] != 0x81 || len < 4) + { + log_error ("invalid response header from PC/SC received\n"); +@@ -1719,8 +1716,8 @@ + (unsigned long)len); + goto command_failed; + } +- err = PCSC_ERR_MASK ((msgbuf[5] << 24) | (msgbuf[6] << 16) +- | (msgbuf[7] << 8 ) | msgbuf[8]); ++ err = PCSC_ERR_MASK (buf32_to_ulong (msgbuf+5)); ++ + if (err) + { + log_error ("PC/SC OPEN failed: %s\n", pcsc_error_string (err)); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/app-openpgp.c gnupg-1.4.11/g10/app-openpgp.c +--- gnupg-1.4.11~/g10/app-openpgp.c 2010-10-18 05:15:23.000000000 -0400 ++++ gnupg-1.4.11/g10/app-openpgp.c 2015-03-25 13:59:41.963070843 -0400 +@@ -68,6 +68,7 @@ + #include "iso7816.h" + #include "app-common.h" + #include "tlv.h" ++#include "../include/host2net.h" + + + /* A table describing the DOs of the card. */ +@@ -744,7 +745,7 @@ + char numbuf1[50], numbuf2[50]; + unsigned long value; + +- value = (stamp[0] << 24) | (stamp[1]<<16) | (stamp[2]<<8) | stamp[3]; ++ value = buf32_to_ulong (stamp); + if (!value) + return; + sprintf (numbuf1, "%d", number); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/build-packet.c gnupg-1.4.11/g10/build-packet.c +--- gnupg-1.4.11~/g10/build-packet.c 2010-09-28 04:51:26.000000000 -0400 ++++ gnupg-1.4.11/g10/build-packet.c 2015-03-25 13:59:41.963070843 -0400 +@@ -34,6 +34,7 @@ + #include "memory.h" + #include "i18n.h" + #include "options.h" ++#include "../include/host2net.h" + + static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); + static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk ); +@@ -585,8 +586,7 @@ + if( n == 255 ) { + if( buflen < 4 ) + break; +- n = (buffer[0] << 24) | (buffer[1] << 16) +- | (buffer[2] << 8) | buffer[3]; ++ n = buf32_to_size_t (buffer); + buffer += 4; + buflen -= 4; + } +@@ -709,7 +709,7 @@ + /* This should never happen since we don't currently allow + creating such a subpacket, but just in case... */ + case SIGSUBPKT_SIG_EXPIRE: +- if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp()) ++ if (buf32_to_u32 (buffer) + sig->timestamp <= make_timestamp()) + sig->flags.expired=1; + else + sig->flags.expired=0; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/ccid-driver.c gnupg-1.4.11/g10/ccid-driver.c +--- gnupg-1.4.11~/g10/ccid-driver.c 2009-12-21 09:35:05.000000000 -0500 ++++ gnupg-1.4.11/g10/ccid-driver.c 2015-03-25 13:59:41.967070877 -0400 +@@ -92,6 +92,7 @@ + #include + + #include "ccid-driver.h" ++#include "../include/host2net.h" + + #define DRVNAME "ccid-driver: " + +@@ -292,7 +293,7 @@ + static unsigned int + convert_le_u32 (const unsigned char *buf) + { +- return buf[0] | (buf[1] << 8) | (buf[2] << 16) | (buf[3] << 24); ++ return buf[0] | (buf[1] << 8) | (buf[2] << 16) | ((unsigned int)buf[3] << 24); + } + + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/getkey.c gnupg-1.4.11/g10/getkey.c +--- gnupg-1.4.11~/g10/getkey.c 2015-03-25 13:59:38.000000000 -0400 ++++ gnupg-1.4.11/g10/getkey.c 2015-03-25 13:59:41.967070877 -0400 +@@ -34,6 +34,7 @@ + #include "trustdb.h" + #include "i18n.h" + #include "keyserver-internal.h" ++#include "../include/host2net.h" + + #define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE + #define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE +@@ -1385,14 +1386,14 @@ + + p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL ); + if( pk ) { +- ed = p? pk->timestamp + buffer_to_u32(p):0; ++ ed = p? pk->timestamp + buf32_to_u32(p):0; + if( sig->timestamp > sigdate ) { + pk->expiredate = ed; + sigdate = sig->timestamp; + } + } + else { +- ed = p? sk->timestamp + buffer_to_u32(p):0; ++ ed = p? sk->timestamp + buf32_to_u32(p):0; + if( sig->timestamp > sigdate ) { + sk->expiredate = ed; + sigdate = sig->timestamp; +@@ -1517,8 +1518,8 @@ + + /* ditto for the key expiration */ + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); +- if( p && buffer_to_u32(p) ) +- uid->help_key_expire = keycreated + buffer_to_u32(p); ++ if( p && buf32_to_u32 (p) ) ++ uid->help_key_expire = keycreated + buf32_to_u32(p); + else + uid->help_key_expire = 0; + +@@ -1732,9 +1733,9 @@ + key_usage=parse_key_usage(sig); + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); +- if( p && buffer_to_u32(p) ) ++ if( p && buf32_to_u32 (p) ) + { +- key_expire = keytimestamp + buffer_to_u32(p); ++ key_expire = keytimestamp + buf32_to_u32 (p); + key_expire_seen = 1; + } + +@@ -2156,8 +2157,8 @@ + subpk->pubkey_usage = key_usage; + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); +- if ( p && buffer_to_u32(p) ) +- key_expire = keytimestamp + buffer_to_u32(p); ++ if ( p && buf32_to_u32 (p) ) ++ key_expire = keytimestamp + buf32_to_u32 (p); + else + key_expire = 0; + subpk->has_expired = key_expire >= curtime? 0 : key_expire; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keygen.c gnupg-1.4.11/g10/keygen.c +--- gnupg-1.4.11~/g10/keygen.c 2015-03-25 13:59:38.000000000 -0400 ++++ gnupg-1.4.11/g10/keygen.c 2015-03-25 14:00:44.251594381 -0400 +@@ -40,6 +40,7 @@ + #include "i18n.h" + #include "cardglue.h" + #include "keyserver-internal.h" ++#include "host2net.h" + + #define MAX_PREFS 30 + +@@ -837,10 +838,7 @@ + } + else if(buf[1]==255) + { +- pktlen =buf[2] << 24; +- pktlen|=buf[3] << 16; +- pktlen|=buf[4] << 8; +- pktlen|=buf[5]; ++ pktlen = buf32_to_size_t (buf+2); + buf+=6; + } + else +@@ -857,14 +855,14 @@ + break; + + case 2: +- pktlen =buf[mark++] << 24; +- pktlen|=buf[mark++] << 16; ++ pktlen = (size_t)buf[mark++] << 24; ++ pktlen |= buf[mark++] << 16; + + case 1: +- pktlen|=buf[mark++] << 8; ++ pktlen |= buf[mark++] << 8; + + case 0: +- pktlen|=buf[mark++]; ++ pktlen |= buf[mark++]; + } + + buf+=mark; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keyid.c gnupg-1.4.11/g10/keyid.c +--- gnupg-1.4.11~/g10/keyid.c 2008-12-11 11:40:05.000000000 -0500 ++++ gnupg-1.4.11/g10/keyid.c 2015-03-25 13:59:41.971070912 -0400 +@@ -32,6 +32,7 @@ + #include "mpi.h" + #include "keydb.h" + #include "i18n.h" ++#include "host2net.h" + + int + pubkey_letter( int algo ) +@@ -230,15 +231,8 @@ + { + u32 keyid[2]; + +- keyid[0] = (unsigned char)desc->u.fpr[12] << 24 +- | (unsigned char)desc->u.fpr[13] << 16 +- | (unsigned char)desc->u.fpr[14] << 8 +- | (unsigned char)desc->u.fpr[15] ; +- keyid[1] = (unsigned char)desc->u.fpr[16] << 24 +- | (unsigned char)desc->u.fpr[17] << 16 +- | (unsigned char)desc->u.fpr[18] << 8 +- | (unsigned char)desc->u.fpr[19] ; +- ++ keyid[0] = buf32_to_u32 (desc->u.fpr+12); ++ keyid[1] = buf32_to_u32 (desc->u.fpr+16); + return keystr(keyid); + } + +@@ -289,8 +283,8 @@ + if(md) + { + dp = md_read( md, 0 ); +- keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; +- keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; ++ keyid[0] = buf32_to_u32 (dp+12); ++ keyid[1] = buf32_to_u32 (dp+16); + lowbits = keyid[1]; + md_close(md); + sk->keyid[0] = keyid[0]; +@@ -343,8 +337,8 @@ + if(md) + { + dp = md_read( md, 0 ); +- keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; +- keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; ++ keyid[0] = buf32_to_u32 (dp+12); ++ keyid[1] = buf32_to_u32 (dp+16); + lowbits = keyid[1]; + md_close(md); + pk->keyid[0] = keyid[0]; +@@ -387,8 +381,8 @@ + } + else { + const byte *dp = fprint; +- keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; +- keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; ++ keyid[0] = buf32_to_u32 (dp+12); ++ keyid[1] = buf32_to_u32 (dp+16); + } + + return keyid[1]; +@@ -676,8 +670,8 @@ + if( !array ) + array = xmalloc( len ); + memcpy(array, dp, len ); +- pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; +- pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; ++ pk->keyid[0] = buf32_to_u32 (dp+12); ++ pk->keyid[1] = buf32_to_u32 (dp+16); + md_close(md); + } + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/misc.c gnupg-1.4.11/g10/misc.c +--- gnupg-1.4.11~/g10/misc.c 2010-09-28 05:00:25.000000000 -0400 ++++ gnupg-1.4.11/g10/misc.c 2015-03-25 13:59:41.971070912 -0400 +@@ -295,17 +295,6 @@ + return csum; + } + +-u32 +-buffer_to_u32( const byte *buffer ) +-{ +- unsigned long a; +- a = *buffer << 24; +- a |= buffer[1] << 16; +- a |= buffer[2] << 8; +- a |= buffer[3]; +- return a; +-} +- + void + print_pubkey_algo_note( int algo ) + { +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/parse-packet.c gnupg-1.4.11/g10/parse-packet.c +--- gnupg-1.4.11~/g10/parse-packet.c 2010-06-18 04:06:08.000000000 -0400 ++++ gnupg-1.4.11/g10/parse-packet.c 2015-03-25 13:59:41.975070944 -0400 +@@ -35,6 +35,7 @@ + #include "options.h" + #include "main.h" + #include "i18n.h" ++#include "host2net.h" + + #ifndef MAX_EXTERN_MPI_BITS + #define MAX_EXTERN_MPI_BITS 16384 +@@ -88,7 +89,7 @@ + read_16(IOBUF inp) + { + unsigned short a; +- a = iobuf_get_noeof(inp) << 8; ++ a = (unsigned short)iobuf_get_noeof(inp) << 8; + a |= iobuf_get_noeof(inp); + return a; + } +@@ -97,7 +98,7 @@ + read_32(IOBUF inp) + { + unsigned long a; +- a = iobuf_get_noeof(inp) << 24; ++ a = (unsigned long)iobuf_get_noeof(inp) << 24; + a |= iobuf_get_noeof(inp) << 16; + a |= iobuf_get_noeof(inp) << 8; + a |= iobuf_get_noeof(inp); +@@ -377,7 +378,8 @@ + } + else if( c == 255 ) + { +- pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24; ++ pktlen = ++ (unsigned long)(hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24; + pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16; + pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8; + if( (c = iobuf_get(inp)) == -1 ) +@@ -872,14 +874,15 @@ + switch( type ) { + case SIGSUBPKT_SIG_CREATED: + if( length >= 4 ) +- fprintf (listfp, "sig created %s", strtimestamp( buffer_to_u32(buffer) ) ); ++ fprintf (listfp, "sig created %s", ++ strtimestamp (buf32_to_u32(buffer)) ); + break; + case SIGSUBPKT_SIG_EXPIRE: + if( length >= 4 ) + { +- if(buffer_to_u32(buffer)) ++ if(buf32_to_u32(buffer)) + fprintf (listfp, "sig expires after %s", +- strtimevalue( buffer_to_u32(buffer) ) ); ++ strtimevalue( buf32_to_u32(buffer) ) ); + else + fprintf (listfp, "sig does not expire"); + } +@@ -907,9 +910,9 @@ + case SIGSUBPKT_KEY_EXPIRE: + if( length >= 4 ) + { +- if(buffer_to_u32(buffer)) ++ if(buf32_to_u32(buffer)) + fprintf (listfp, "key expires after %s", +- strtimevalue( buffer_to_u32(buffer) ) ); ++ strtimevalue( buf32_to_u32(buffer) ) ); + else + fprintf (listfp, "key does not expire"); + } +@@ -932,8 +935,8 @@ + case SIGSUBPKT_ISSUER: + if( length >= 8 ) + fprintf (listfp, "issuer key ID %08lX%08lX", +- (ulong)buffer_to_u32(buffer), +- (ulong)buffer_to_u32(buffer+4) ); ++ buf32_to_ulong (buffer), ++ buf32_to_ulong (buffer+4)); + break; + case SIGSUBPKT_NOTATION: + { +@@ -1178,8 +1181,7 @@ + if( n == 255 ) { /* 4 byte length header */ + if( buflen < 4 ) + goto too_short; +- n = (buffer[0] << 24) | (buffer[1] << 16) +- | (buffer[2] << 8) | buffer[3]; ++ n = buf32_to_size_t (buffer); + buffer += 4; + buflen -= 4; + } +@@ -1401,7 +1403,7 @@ + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL ); + if(p) +- sig->timestamp = buffer_to_u32(p); ++ sig->timestamp = buf32_to_u32 (p); + else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110) + && opt.verbose) + log_info ("signature packet without timestamp\n"); +@@ -1409,16 +1411,16 @@ + p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL ); + if(p) + { +- sig->keyid[0] = buffer_to_u32(p); +- sig->keyid[1] = buffer_to_u32(p+4); ++ sig->keyid[0] = buf32_to_u32 (p); ++ sig->keyid[1] = buf32_to_u32 (p+4); + } + else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110) + && opt.verbose) + log_info ("signature packet without keyid\n"); + + p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL); +- if(p && buffer_to_u32(p)) +- sig->expiredate=sig->timestamp+buffer_to_u32(p); ++ if(p && buf32_to_u32 (p)) ++ sig->expiredate = sig->timestamp + buf32_to_u32 (p); + if(sig->expiredate && sig->expiredate<=make_timestamp()) + sig->flags.expired=1; + +@@ -1999,9 +2001,8 @@ + if( n == 255 ) { /* 4 byte length header */ + if( buflen < 4 ) + goto too_short; +- n = (buffer[0] << 24) | (buffer[1] << 16) +- | (buffer[2] << 8) | buffer[3]; +- buffer += 4; ++ n = buf32_to_size_t (buffer); ++ buffer += 4; + buflen -= 4; + } + else if( n >= 192 ) { /* 2 byte special encoded length header */ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/tdbio.c gnupg-1.4.11/g10/tdbio.c +--- gnupg-1.4.11~/g10/tdbio.c 2009-12-15 03:56:26.000000000 -0500 ++++ gnupg-1.4.11/g10/tdbio.c 2015-03-25 14:01:46.032113708 -0400 +@@ -1210,13 +1210,13 @@ + rec->r.ver.cert_depth = *p++; + rec->r.ver.trust_model = *p++; + p += 3; +- rec->r.ver.created = buftoulong(p); p += 4; +- rec->r.ver.nextcheck = buftoulong(p); p += 4; ++ rec->r.ver.created = buf32_to_ulong (p); p += 4; ++ rec->r.ver.nextcheck = buf32_to_ulong (p); p += 4; + p += 4; + p += 4; +- rec->r.ver.firstfree =buftoulong(p); p += 4; ++ rec->r.ver.firstfree =buf32_to_ulong (p); p += 4; + p += 4; +- rec->r.ver.trusthashtbl =buftoulong(p); p += 4; ++ rec->r.ver.trusthashtbl =buf32_to_ulong (p); p += 4; + if( recnum ) { + log_error( _("%s: version record with recnum %lu\n"), db_name, + (ulong)recnum ); +@@ -1229,17 +1229,17 @@ + } + break; + case RECTYPE_FREE: +- rec->r.free.next = buftoulong(p); p += 4; ++ rec->r.free.next = buf32_to_ulong (p); p += 4; + break; + case RECTYPE_HTBL: + for(i=0; i < ITEMS_PER_HTBL_RECORD; i++ ) { +- rec->r.htbl.item[i] = buftoulong(p); p += 4; ++ rec->r.htbl.item[i] = buf32_to_ulong (p); p += 4; + } + break; + case RECTYPE_HLST: +- rec->r.hlst.next = buftoulong(p); p += 4; ++ rec->r.hlst.next = buf32_to_ulong (p); p += 4; + for(i=0; i < ITEMS_PER_HLST_RECORD; i++ ) { +- rec->r.hlst.rnum[i] = buftoulong(p); p += 4; ++ rec->r.hlst.rnum[i] = buf32_to_ulong (p); p += 4; + } + break; + case RECTYPE_TRUST: +@@ -1248,12 +1248,12 @@ + rec->r.trust.depth = *p++; + rec->r.trust.min_ownertrust = *p++; + p++; +- rec->r.trust.validlist = buftoulong(p); p += 4; ++ rec->r.trust.validlist = buf32_to_ulong (p); p += 4; + break; + case RECTYPE_VALID: + memcpy( rec->r.valid.namehash, p, 20); p+=20; + rec->r.valid.validity = *p++; +- rec->r.valid.next = buftoulong(p); p += 4; ++ rec->r.valid.next = buf32_to_ulong (p); p += 4; + rec->r.valid.full_count = *p++; + rec->r.valid.marginal_count = *p++; + break; +@@ -1560,7 +1560,7 @@ + ottable_size += 1000; + ottable = xrealloc (ottable, ottable_size * sizeof *ottable); + } +- ottable[ottable_used].keyrecno = buftoulong (oldbuf+6); ++ ottable[ottable_used].keyrecno = buf32_to_ulong (oldbuf+6); + ottable[ottable_used].ot = oldbuf[18]; + ottable[ottable_used].okay = 0; + memset (ottable[ottable_used].fpr,0, 20); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/trustdb.c gnupg-1.4.11/g10/trustdb.c +--- gnupg-1.4.11~/g10/trustdb.c 2009-12-21 09:34:19.000000000 -0500 ++++ gnupg-1.4.11/g10/trustdb.c 2015-03-25 13:59:41.975070944 -0400 +@@ -1585,7 +1585,7 @@ + u32 expire; + + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL ); +- expire = p? sig->timestamp + buffer_to_u32(p) : 0; ++ expire = p? sig->timestamp + buf32_to_u32 (p) : 0; + + if (expire==0 || expire > curtime ) + { +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/include/host2net.h gnupg-1.4.11/include/host2net.h +--- gnupg-1.4.11~/include/host2net.h 2008-12-11 11:39:58.000000000 -0500 ++++ gnupg-1.4.11/include/host2net.h 2015-03-25 13:59:41.975070944 -0400 +@@ -1,5 +1,5 @@ +-/* host2net.h - Some macros +- * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. ++/* host2net.h - Endian conversion macros ++ * Copyright (C) 1998, 2014, 2015 Werner Koch + * + * This file is part of GNUPG. + * +@@ -17,14 +17,11 @@ + * along with this program; if not, see . + */ + +-#ifndef G10_HOST2NET_H +-#define G10_HOST2NET_H ++#ifndef GNUPG_COMMON_HOST2NET_H ++#define GNUPG_COMMON_HOST2NET_H + + #include "types.h" + +-#define buftoulong( p ) ((*(byte*)(p) << 24) | (*((byte*)(p)+1)<< 16) | \ +- (*((byte*)(p)+2) << 8) | (*((byte*)(p)+3))) +-#define buftoushort( p ) ((*((byte*)(p)) << 8) | (*((byte*)(p)+1))) + #define ulongtobuf( p, a ) do { \ + ((byte*)p)[0] = a >> 24; \ + ((byte*)p)[1] = a >> 16; \ +@@ -35,8 +32,71 @@ + ((byte*)p)[0] = a >> 8; \ + ((byte*)p)[1] = a ; \ + } while(0) +-#define buftou32( p) buftoulong( (p) ) +-#define u32tobuf( p, a) ulongtobuf( (p), (a) ) + + +-#endif /*G10_HOST2NET_H*/ ++static inline unsigned long ++buf16_to_ulong (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((unsigned long)p[0] << 8) | p[1]); ++} ++ ++static inline unsigned int ++buf16_to_uint (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((unsigned int)p[0] << 8) | p[1]); ++} ++ ++static inline unsigned short ++buf16_to_ushort (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((unsigned short)p[0] << 8) | p[1]); ++} ++ ++static inline u16 ++buf16_to_u16 (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((u16)p[0] << 8) | p[1]); ++} ++ ++static inline size_t ++buf32_to_size_t (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((size_t)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); ++} ++ ++static inline unsigned long ++buf32_to_ulong (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((unsigned long)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); ++} ++ ++static inline unsigned int ++buf32_to_uint (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((unsigned int)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); ++} ++ ++static inline u32 ++buf32_to_u32 (const void *buffer) ++{ ++ const unsigned char *p = buffer; ++ ++ return (((u32)p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); ++} ++ ++ ++#endif /*GNUPG_COMMON_HOST2NET_H*/ --- gnupg-1.4.11.orig/debian/patches/CVE-2015-0837.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2015-0837.dpatch @@ -0,0 +1,217 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 6cbc75e71295f23431c4ab95edc7573f2fc28476 Mon Sep 17 00:00:00 2001 +# From: NIIBE Yutaka +# Date: Thu, 26 Feb 2015 21:00:05 +0900 +# Subject: [PATCH] mpi: Avoid data-dependent timing variations in mpi_powm. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/include/mpi.h gnupg-1.4.11/include/mpi.h +--- gnupg-1.4.11~/include/mpi.h 2008-12-11 11:39:58.000000000 -0500 ++++ gnupg-1.4.11/include/mpi.h 2015-03-25 13:59:21.846901778 -0400 +@@ -81,6 +81,7 @@ + void mpi_set_secure( MPI a ); + void mpi_clear( MPI a ); + void mpi_set( MPI w, MPI u); ++void mpi_set_cond( MPI w, MPI u, unsigned long set); + void mpi_set_ui( MPI w, ulong u); + MPI mpi_alloc_set_ui( unsigned long u); + void mpi_m_check( MPI a ); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/mpi/mpi-pow.c gnupg-1.4.11/mpi/mpi-pow.c +--- gnupg-1.4.11~/mpi/mpi-pow.c 2015-03-25 13:59:17.000000000 -0400 ++++ gnupg-1.4.11/mpi/mpi-pow.c 2015-03-25 13:59:21.846901778 -0400 +@@ -345,7 +345,7 @@ + *xsize_p = rsize + ssize; + } + +-#define SIZE_B_2I3 ((1 << (5 - 1)) - 1) ++#define SIZE_PRECOMP ((1 << (5 - 1))) + + /**************** + * RES = BASE ^ EXPO mod MOD +@@ -376,11 +376,12 @@ + mpi_ptr_t bp_marker = NULL; + mpi_ptr_t ep_marker = NULL; + mpi_ptr_t xp_marker = NULL; +- mpi_ptr_t b_2i3[SIZE_B_2I3]; /* Pre-computed array: BASE^3, ^5, ^7, ... */ +- mpi_size_t b_2i3size[SIZE_B_2I3]; ++ mpi_ptr_t precomp[SIZE_PRECOMP]; /* Pre-computed array: BASE^1, ^3, ^5, ... */ ++ mpi_size_t precomp_size[SIZE_PRECOMP]; + mpi_size_t W; + mpi_ptr_t base_u; + mpi_size_t base_u_size; ++ mpi_size_t max_u_size; + + esize = expo->nlimbs; + msize = mod->nlimbs; +@@ -494,7 +495,7 @@ + + /* Main processing. */ + { +- mpi_size_t i, j; ++ mpi_size_t i, j, k; + mpi_ptr_t xp; + mpi_size_t xsize; + int c; +@@ -508,33 +509,29 @@ + memset( &karactx, 0, sizeof karactx ); + negative_result = (ep[0] & 1) && bsign; + +- /* Precompute B_2I3[], BASE^(2 * i + 3), BASE^3, ^5, ^7, ... */ ++ /* Precompute PRECOMP[], BASE^(2 * i + 1), BASE^1, ^3, ^5, ... */ + if (W > 1) /* X := BASE^2 */ + mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); +- for (i = 0; i < (1 << (W - 1)) - 1; i++) +- { /* B_2I3[i] = BASE^(2 * i + 3) */ +- if (i == 0) +- { +- base_u = bp; +- base_u_size = bsize; +- } +- else +- { +- base_u = b_2i3[i-1]; +- base_u_size = b_2i3size[i-1]; +- } +- ++ base_u = precomp[0] = mpi_alloc_limb_space (bsize, esec); ++ base_u_size = max_u_size = precomp_size[0] = bsize; ++ MPN_COPY (precomp[0], bp, bsize); ++ for (i = 1; i < (1 << (W - 1)); i++) ++ { /* PRECOMP[i] = BASE^(2 * i + 1) */ + if (xsize >= base_u_size) + mul_mod (rp, &rsize, xp, xsize, base_u, base_u_size, + mp, msize, &karactx); + else + mul_mod (rp, &rsize, base_u, base_u_size, xp, xsize, + mp, msize, &karactx); +- b_2i3[i] = mpi_alloc_limb_space (rsize, esec); +- b_2i3size[i] = rsize; +- MPN_COPY (b_2i3[i], rp, rsize); ++ base_u = precomp[i] = mpi_alloc_limb_space (rsize, esec); ++ base_u_size = precomp_size[i] = rsize; ++ if (max_u_size < base_u_size) ++ max_u_size = base_u_size; ++ MPN_COPY (precomp[i], rp, rsize); + } + ++ base_u = mpi_alloc_limb_space (max_u_size, esec); ++ + i = esize - 1; + + /* Main loop. +@@ -620,17 +617,26 @@ + rsize = xsize; + } + +- if (e0 == 0) +- { +- base_u = bp; +- base_u_size = bsize; +- } +- else ++ /* ++ * base_u <= precomp[e0] ++ * base_u_size <= precomp_size[e0]; ++ */ ++ base_u_size = 0; ++ for (k = 0; k < (1<< (W - 1)); k++) + { +- base_u = b_2i3[e0 - 1]; +- base_u_size = b_2i3size[e0 -1]; +- } ++ struct gcry_mpi w, u; ++ w.alloced = w.nlimbs = precomp_size[k]; ++ u.alloced = u.nlimbs = precomp_size[k]; ++ w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; ++ u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; ++ w.sign = u.sign = 0; ++ w.flags = u.flags = 0; ++ w.d = base_u; ++ u.d = precomp[k]; + ++ mpi_set_cond (&w, &u, k == e0); ++ base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == e0)) ); ++ } + mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, + mp, msize, &karactx); + tp = rp; rp = xp; xp = tp; +@@ -656,15 +662,21 @@ + + if (e != 0) + { +- if ((e>>1) == 0) +- { +- base_u = bp; +- base_u_size = bsize; +- } +- else ++ base_u_size = 0; ++ for (k = 0; k < (1<< (W - 1)); k++) + { +- base_u = b_2i3[(e>>1) - 1]; +- base_u_size = b_2i3size[(e>>1) -1]; ++ struct gcry_mpi w, u; ++ w.alloced = w.nlimbs = precomp_size[k]; ++ u.alloced = u.nlimbs = precomp_size[k]; ++ w.nbits = w.nlimbs * BITS_PER_MPI_LIMB; ++ u.nbits = u.nlimbs * BITS_PER_MPI_LIMB; ++ w.sign = u.sign = 0; ++ w.flags = u.flags = 0; ++ w.d = base_u; ++ u.d = precomp[k]; ++ ++ mpi_set_cond (&w, &u, k == (e>>1)); ++ base_u_size |= (precomp_size[k] & ((mpi_size_t)0 - (k == (e>>1))) ); + } + + mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, +@@ -714,8 +726,9 @@ + MPN_NORMALIZE (rp, rsize); + + mpihelp_release_karatsuba_ctx (&karactx ); +- for (i = 0; i < (1 << (W - 1)) - 1; i++) +- mpi_free_limb_space (b_2i3[i]); ++ for (i = 0; i < (1 << (W - 1)); i++) ++ mpi_free_limb_space (precomp[i]); ++ mpi_free_limb_space (base_u); + } + + /* Fixup for negative results. */ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/mpi/mpiutil.c gnupg-1.4.11/mpi/mpiutil.c +--- gnupg-1.4.11~/mpi/mpiutil.c 2008-12-11 11:39:43.000000000 -0500 ++++ gnupg-1.4.11/mpi/mpiutil.c 2015-03-25 13:59:21.846901778 -0400 +@@ -433,6 +433,34 @@ + + + void ++mpi_set_cond( MPI w, MPI u, unsigned long set) ++{ ++ mpi_size_t i; ++ mpi_size_t nlimbs = u->alloced; ++ mpi_limb_t mask = ((mpi_limb_t)0) - !!set; ++ mpi_limb_t x; ++ ++ if (w->alloced != u->alloced) ++ log_bug ("mpi_set_cond: different sizes\n"); ++ ++ for (i = 0; i < nlimbs; i++) ++ { ++ x = mask & (w->d[i] ^ u->d[i]); ++ w->d[i] = w->d[i] ^ x; ++ } ++ ++ x = mask & (w->nlimbs ^ u->nlimbs); ++ w->nlimbs = w->nlimbs ^ x; ++ ++ x = mask & (w->nbits ^ u->nbits); ++ w->nbits = w->nbits ^ x; ++ ++ x = mask & (w->sign ^ u->sign); ++ w->sign = w->sign ^ x; ++} ++ ++ ++void + mpi_set_ui( MPI w, unsigned long u) + { + RESIZE_IF_NEEDED(w, 1); --- gnupg-1.4.11.orig/debian/patches/use_agent_default.dpatch +++ gnupg-1.4.11/debian/patches/use_agent_default.dpatch @@ -0,0 +1,25 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 61_use_agent_default.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Use agent by default. (LP: #15485) + +@DPATCH@ +diff -urNad gnupg-1.4.9~/g10/options.skel gnupg-1.4.9/g10/options.skel +--- gnupg-1.4.9~/g10/options.skel 2008-07-21 01:03:49.000000000 +0200 ++++ gnupg-1.4.9/g10/options.skel 2008-07-21 01:19:59.000000000 +0200 +@@ -198,8 +198,12 @@ + # at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, + # you have to run an agent as daemon and use the option + # +-# use-agent +-# ++# For Ubuntu we now use-agent by default to support more automatic ++# use of GPG and S/MIME encryption by GUI programs. Depending on the ++# program, users may still have to manually decide to install gnupg-agent. ++ ++use-agent ++ + # which tries to use the agent but will fallback to the regular mode + # if there is a problem connecting to the agent. The normal way to + # locate the agent is by looking at the environment variable --- gnupg-1.4.11.orig/debian/patches/disable_mlock_test.dpatch +++ gnupg-1.4.11/debian/patches/disable_mlock_test.dpatch @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50_disable_mlock_test.dpatch by Michael Bienia +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disable mlock() test since it fails with ulimit 0 (on Ubuntu buildds). + + +@DPATCH@ +diff -urNad gnupg-1.4.9~/config.h.in gnupg-1.4.9/config.h.in +--- gnupg-1.4.9~/config.h.in 2008-03-26 18:33:29.000000000 +0100 ++++ gnupg-1.4.9/config.h.in 2008-07-21 00:57:44.000000000 +0200 +@@ -82,8 +82,11 @@ + /* Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL. */ + #undef HAVE_BROKEN_GETHRTIME + ++/* Test doesn't work, since ulimit is sometimes 0... */ ++#if 0 + /* Defined if the mlock() call does not work */ + #undef HAVE_BROKEN_MLOCK ++#endif + + /* Define to 1 if the compiler understands __builtin_expect. */ + #undef HAVE_BUILTIN_EXPECT --- gnupg-1.4.11.orig/debian/patches/CVE-2013-4402.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2013-4402.dpatch @@ -0,0 +1,154 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix denial of service via infinite recursion +# Origin: backported from GnuPG 1.4.15 +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725439 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/mainproc.c gnupg-1.4.11/g10/mainproc.c +--- gnupg-1.4.11~/g10/mainproc.c 2010-08-31 04:04:59.000000000 -0400 ++++ gnupg-1.4.11/g10/mainproc.c 2013-10-08 07:49:53.896606333 -0400 +@@ -41,6 +41,11 @@ + #include "photoid.h" + + ++/* Put an upper limit on nested packets. The 32 is an arbitrary ++ value, a much lower should actually be sufficient. */ ++#define MAX_NESTING_DEPTH 32 ++ ++ + struct kidlist_item { + struct kidlist_item *next; + u32 kid[2]; +@@ -782,7 +787,7 @@ + return proc_encryption_packets( info, a ); + } + +-static void ++static int + proc_compressed( CTX c, PACKET *pkt ) + { + PKT_compressed *zd = pkt->pkt.compressed; +@@ -801,6 +806,7 @@ + log_error("uncompressing failed: %s\n", g10_errstr(rc)); + free_packet(pkt); + c->last_was_session_key = 0; ++ return rc; + } + + /**************** +@@ -1231,14 +1237,37 @@ + } + + +-int ++static int ++check_nesting (CTX c) ++{ ++ int level; ++ ++ for (level = 0; c; c = c->anchor) ++ level++; ++ ++ if (level > MAX_NESTING_DEPTH) ++ { ++ log_error ("input data with too deeply nested packets\n"); ++ write_status_text (STATUS_UNEXPECTED, "1"); ++ return G10ERR_UNEXPECTED; ++ } ++ return 0; ++} ++ ++ ++static int + do_proc_packets( CTX c, IOBUF a ) + { +- PACKET *pkt = xmalloc( sizeof *pkt ); +- int rc=0; +- int any_data=0; ++ PACKET *pkt; ++ int rc = 0; ++ int any_data = 0; + int newpkt; + ++ rc = check_nesting (c); ++ if (rc) ++ return rc; ++ ++ pkt = xmalloc( sizeof *pkt ); + c->iobuf = a; + init_packet(pkt); + while( (rc=parse_packet(a, pkt)) != -1 ) { +@@ -1258,7 +1287,7 @@ + case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; +- case PKT_COMPRESSED: proc_compressed( c, pkt ); break; ++ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; + default: newpkt = 0; break; + } + } +@@ -1276,7 +1305,7 @@ + goto leave; + case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; + case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; +- case PKT_COMPRESSED: proc_compressed( c, pkt ); break; ++ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; + default: newpkt = 0; break; +@@ -1296,7 +1325,7 @@ + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; + case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; +- case PKT_COMPRESSED: proc_compressed( c, pkt ); break; ++ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; + default: newpkt = 0; break; +@@ -1321,13 +1350,17 @@ + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; + case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; +- case PKT_COMPRESSED: proc_compressed( c, pkt ); break; ++ case PKT_COMPRESSED: rc = proc_compressed( c, pkt ); break; + case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; + case PKT_GPG_CONTROL: newpkt = add_gpg_control(c, pkt); break; + case PKT_RING_TRUST: newpkt = add_ring_trust( c, pkt ); break; + default: newpkt = 0; break; + } + } ++ ++ if (rc) ++ goto leave; ++ + /* This is a very ugly construct and frankly, I don't remember why + * I used it. Adding the MDC check here is a hack. + * The right solution is to initiate another context for encrypted +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/util/iobuf.c gnupg-1.4.11/util/iobuf.c +--- gnupg-1.4.11~/util/iobuf.c 2010-09-28 05:23:08.000000000 -0400 ++++ gnupg-1.4.11/util/iobuf.c 2013-10-08 07:49:53.896606333 -0400 +@@ -55,6 +55,11 @@ + + #undef FILE_FILTER_USES_STDIO + ++/* To avoid a potential DoS with compression packets we better limit ++ the number of filters in a chain. */ ++#define MAX_NESTING_FILTER 64 ++ ++ + #ifdef HAVE_DOSISH_SYSTEM + #define USE_SETMODE 1 + #endif +@@ -1403,6 +1408,12 @@ + + if( a->use == 2 && (rc=iobuf_flush(a)) ) + return rc; ++ ++ if (a->subno >= MAX_NESTING_FILTER) { ++ log_error ("i/o filter too deeply nested - corrupted data?\n"); ++ return G10ERR_UNEXPECTED; ++ } ++ + /* make a copy of the current stream, so that + * A is the new stream and B the original one. + * The contents of the buffers are transferred to the --- gnupg-1.4.11.orig/debian/patches/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch +++ gnupg-1.4.11/debian/patches/0002-Make-screening-of-keyserver-result-work-with-multi-k.dpatch @@ -0,0 +1,120 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 955524f4359ba9e9de213f4067c38df9ae4808a8 Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Wed, 25 Jun 2014 14:33:34 +0200 +# Subject: [PATCH] Make screening of keyserver result work with multi-key +# commands. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keyserver.c gnupg-1.4.11/g10/keyserver.c +--- gnupg-1.4.11~/g10/keyserver.c 2015-03-25 13:55:23.000000000 -0400 ++++ gnupg-1.4.11/g10/keyserver.c 2015-03-25 13:56:00.733211909 -0400 +@@ -954,13 +954,25 @@ + #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" + + ++/* Structure to convey the arg to keyserver_retrieval_filter. */ ++struct ks_retrieval_filter_arg_s ++{ ++ KEYDB_SEARCH_DESC *desc; ++ int ndesc; ++}; ++ ++ + /* Check whether a key matches the search description. The filter + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ + static int +-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) ++keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, ++ void *opaque) + { +- KEYDB_SEARCH_DESC *desc = arg; ++ struct ks_retrieval_filter_arg_s *arg = opaque; ++ KEYDB_SEARCH_DESC *desc = arg->desc; ++ int ndesc = arg->ndesc; ++ int n; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; +@@ -969,32 +981,40 @@ + if (sk) + return G10ERR_GENERAL; + ++ if (!ndesc) ++ return 0; /* Okay if no description given. */ ++ + fingerprint_from_pk (pk, fpr, &fpr_len); + keyid_from_pk (pk, keyid); + + /* Compare requested and returned fingerprints if available. */ +- if (desc->mode == KEYDB_SEARCH_MODE_FPR20) +- { +- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) +- { +- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) +- { +- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ for (n = 0; n < ndesc; n++) + { +- if (keyid[1] != desc->u.kid[1]) +- return G10ERR_GENERAL; ++ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) ++ { ++ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) ++ { ++ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) ++ { ++ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ { ++ if (keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else ++ return 0; + } + +- return 0; ++ return G10ERR_GENERAL; + } + + +@@ -1534,6 +1554,7 @@ + case KS_GETNAME: + { + void *stats_handle; ++ struct ks_retrieval_filter_arg_s filterarg; + + stats_handle=import_new_stats_handle(); + +@@ -1544,9 +1565,11 @@ + way to do this could be to continue parsing this + line-by-line and make a temp iobuf for each key. */ + ++ filterarg.desc = desc; ++ filterarg.ndesc = count; + import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len, + opt.keyserver_options.import_options, +- keyserver_retrieval_filter, desc); ++ keyserver_retrieval_filter, &filterarg); + + import_print_stats(stats_handle); + import_release_stats_handle(stats_handle); --- gnupg-1.4.11.orig/debian/patches/CVE-2014-4617.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2014-4617.dpatch @@ -0,0 +1,59 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix denial of service via uncompressing garbled packets +# Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8 +# Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752497 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/compress.c gnupg-1.4.11/g10/compress.c +--- gnupg-1.4.11~/g10/compress.c 2009-09-02 09:04:53.000000000 -0400 ++++ gnupg-1.4.11/g10/compress.c 2014-06-26 08:29:51.366146335 -0400 +@@ -131,7 +131,7 @@ + * PGP uses a windowsize of 13 bits. Using a negative value for + * it forces zlib not to expect a zlib header. This is a + * undocumented feature Peter Gutmann told me about. +- * ++ * + * We must use 15 bits for the inflator because CryptoEx uses 15 + * bits thus the output would get scrambled w/o error indication + * if we would use 13 bits. For the uncompressing this does not +@@ -155,7 +155,8 @@ + IOBUF a, size_t *ret_len ) + { + int zrc; +- int rc=0; ++ int rc = 0; ++ int leave = 0; + size_t n; + int nread, count; + int refill = !zs->avail_in; +@@ -178,13 +179,14 @@ + if( nread == -1 ) + nread = 0; + n += nread; +- /* If we use the undocumented feature to suppress +- * the zlib header, we have to give inflate an +- * extra dummy byte to read */ +- if( nread < count && zfx->algo == 1 ) { +- *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */ +- zfx->algo1hack = 1; ++ /* Algo 1 has no zlib header which requires us to to give ++ * inflate an extra dummy byte to read. To be on the safe ++ * side we allow for up to 4 ff bytes. */ ++ if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) { ++ *(zfx->inbuf + n) = 0xFF; ++ zfx->algo1hack++; + n++; ++ leave = 1; + } + zs->avail_in = n; + } +@@ -208,7 +210,8 @@ + else + log_fatal("zlib inflate problem: rc=%d\n", zrc ); + } +- } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR ); ++ } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR ++ && !leave); + *ret_len = zfx->outbufsize - zs->avail_out; + if( DBG_FILTER ) + log_debug("do_uncompress: returning %u bytes\n", (unsigned)*ret_len ); --- gnupg-1.4.11.orig/debian/patches/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch +++ gnupg-1.4.11/debian/patches/0004-gpg-Fix-regression-due-to-the-keyserver-import-filte.dpatch @@ -0,0 +1,215 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From d58552760b26d840824658814d59c8b1a25a4219 Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Wed, 6 Aug 2014 17:11:21 +0200 +# Subject: [PATCH 2/2] gpg: Fix regression due to the keyserver import filter. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/import.c gnupg-1.4.11/g10/import.c +--- gnupg-1.4.11~/g10/import.c 2015-03-25 13:56:41.000000000 -0400 ++++ gnupg-1.4.11/g10/import.c 2015-03-25 13:56:46.693598034 -0400 +@@ -60,16 +60,16 @@ + + static int import( IOBUF inp, const char* fname,struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len,unsigned int options, +- import_filter filter, void *filter_arg ); ++ import_filter_t filter, void *filter_arg ); + static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); + static void revocation_present(KBNODE keyblock); + static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len, + unsigned int options,int from_sk, +- import_filter filter, void *filter_arg); ++ import_filter_t filter, void *filter_arg); + static int import_secret_one( const char *fname, KBNODE keyblock, + struct stats_s *stats, unsigned int options, +- import_filter filter, void *filter_arg); ++ import_filter_t filter, void *filter_arg); + static int import_revoke_cert( const char *fname, KBNODE node, + struct stats_s *stats); + static int chk_self_sigs( const char *fname, KBNODE keyblock, +@@ -167,7 +167,7 @@ + import_keys_internal( IOBUF inp, char **fnames, int nnames, + void *stats_handle, unsigned char **fpr, size_t *fpr_len, + unsigned int options, +- import_filter filter, void *filter_arg) ++ import_filter_t filter, void *filter_arg) + { + int i, rc = 0; + struct stats_s *stats = stats_handle; +@@ -239,7 +239,7 @@ + int + import_keys_stream( IOBUF inp, void *stats_handle, + unsigned char **fpr, size_t *fpr_len,unsigned int options, +- import_filter filter, void *filter_arg ) ++ import_filter_t filter, void *filter_arg ) + { + return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, + options, filter, filter_arg); +@@ -248,7 +248,7 @@ + static int + import( IOBUF inp, const char* fname,struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len,unsigned int options, +- import_filter filter, void *filter_arg) ++ import_filter_t filter, void *filter_arg) + { + PACKET *pending_pkt = NULL; + KBNODE keyblock = NULL; +@@ -753,7 +753,7 @@ + static int + import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len,unsigned int options, +- int from_sk, import_filter filter, void *filter_arg) ++ int from_sk, import_filter_t filter, void *filter_arg) + { + PKT_public_key *pk; + PKT_public_key *pk_orig; +@@ -793,7 +793,7 @@ + return 0; + } + +- if (filter && filter (pk, NULL, filter_arg)) ++ if (filter && filter (keyblock, filter_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk(pk), + _("rejected by import filter")); +@@ -1169,7 +1169,7 @@ + static int + import_secret_one( const char *fname, KBNODE keyblock, + struct stats_s *stats, unsigned int options, +- import_filter filter, void *filter_arg) ++ import_filter_t filter, void *filter_arg) + { + PKT_secret_key *sk; + KBNODE node, uidnode; +@@ -1185,7 +1185,7 @@ + keyid_from_sk( sk, keyid ); + uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + +- if (filter && filter (NULL, sk, filter_arg)) { ++ if (filter && filter (keyblock, filter_arg)) { + log_error (_("secret key %s: %s\n"), keystr_from_sk(sk), + _("rejected by import filter")); + return 0; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keyserver.c gnupg-1.4.11/g10/keyserver.c +--- gnupg-1.4.11~/g10/keyserver.c 2015-03-25 13:56:41.000000000 -0400 ++++ gnupg-1.4.11/g10/keyserver.c 2015-03-25 13:56:46.697598067 -0400 +@@ -966,52 +966,68 @@ + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ + static int +-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, +- void *opaque) ++keyserver_retrieval_filter (kbnode_t keyblock, void *opaque) + { + struct ks_retrieval_filter_arg_s *arg = opaque; + KEYDB_SEARCH_DESC *desc = arg->desc; + int ndesc = arg->ndesc; ++ kbnode_t node; ++ PKT_public_key *pk; + int n; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; + +- /* Secret keys are not expected from a keyserver. Do not import. */ +- if (sk) +- return G10ERR_GENERAL; ++ /* Secret keys are not expected from a keyserver. We do not ++ care about secret subkeys because the import code takes care ++ of skipping them. Not allowing an import of a public key ++ with a secret subkey would make it too easy to inhibit the ++ downloading of a public key. Recall that keyservers do only ++ limited checks. */ ++ node = find_kbnode (keyblock, PKT_SECRET_KEY); ++ if (node) ++ return G10ERR_GENERAL; /* Do not import. */ + + if (!ndesc) + return 0; /* Okay if no description given. */ + +- fingerprint_from_pk (pk, fpr, &fpr_len); +- keyid_from_pk (pk, keyid); +- +- /* Compare requested and returned fingerprints if available. */ +- for (n = 0; n < ndesc; n++) ++ /* Loop over all key packets. */ ++ for (node = keyblock; node; node = node->next) + { +- if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) +- { +- if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) +- { +- if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) +- { +- if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ if (node->pkt->pkttype != PKT_PUBLIC_KEY ++ && node->pkt->pkttype != PKT_PUBLIC_SUBKEY) ++ continue; ++ ++ pk = node->pkt->pkt.public_key; ++ fingerprint_from_pk (pk, fpr, &fpr_len); ++ keyid_from_pk (pk, keyid); ++ ++ /* Compare requested and returned fingerprints if available. */ ++ for (n = 0; n < ndesc; n++) + { +- if (keyid[1] == desc[n].u.kid[1]) +- return 0; ++ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) ++ { ++ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) ++ { ++ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) ++ { ++ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ { ++ if (keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else /* No keyid or fingerprint - can't check. */ ++ return 0; /* allow import. */ + } +- else +- return 0; + } + + return G10ERR_GENERAL; +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/main.h gnupg-1.4.11/g10/main.h +--- gnupg-1.4.11~/g10/main.h 2015-03-25 13:56:41.000000000 -0400 ++++ gnupg-1.4.11/g10/main.h 2015-03-25 13:56:46.697598067 -0400 +@@ -214,14 +214,14 @@ + + /*-- import.c --*/ + +-typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg); ++typedef int (*import_filter_t)(kbnode_t keyblock, void *arg); + + int parse_import_options(char *str,unsigned int *options,int noisy); + void import_keys( char **fnames, int nnames, + void *stats_hd, unsigned int options ); + int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr, + size_t *fpr_len,unsigned int options, +- import_filter filter, void *filter_arg); ++ import_filter_t filter, void *filter_arg); + void *import_new_stats_handle (void); + void import_release_stats_handle (void *p); + void import_print_stats (void *hd); --- gnupg-1.4.11.orig/debian/patches/0003-Add-kbnode_t-for-easier-backporting.dpatch +++ gnupg-1.4.11/debian/patches/0003-Add-kbnode_t-for-easier-backporting.dpatch @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From dcf58b3471b1c9ba87a826aa132033e506664808 Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Wed, 6 Aug 2014 17:09:15 +0200 +# Subject: [PATCH 1/2] Add kbnode_t for easier backporting. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/global.h gnupg-1.4.11/g10/global.h +--- gnupg-1.4.11~/g10/global.h 2008-12-11 11:40:05.000000000 -0500 ++++ gnupg-1.4.11/g10/global.h 2015-03-25 13:56:28.385444218 -0400 +@@ -23,6 +23,7 @@ + #define MAX_FINGERPRINT_LEN 20 + + typedef struct kbnode_struct *KBNODE; ++typedef struct kbnode_struct *kbnode_t; + typedef struct keydb_search_desc KEYDB_SEARCH_DESC; + + #endif /*GPG_GLOBAL_H*/ --- gnupg-1.4.11.orig/debian/patches/long-keyids.dpatch +++ gnupg-1.4.11/debian/patches/long-keyids.dpatch @@ -0,0 +1,48 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: Use the longest key ID available when requesting a key from +# a key server +# Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6fe25e5602fabe92c68e5ba30e4777221e8612df +# Bug: https://bugs.g10code.com/gnupg/issue1340 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/keyserver/gpgkeys_hkp.c gnupg-1.4.11/keyserver/gpgkeys_hkp.c +--- gnupg-1.4.11~/keyserver/gpgkeys_hkp.c 2009-08-25 14:41:27.000000000 -0400 ++++ gnupg-1.4.11/keyserver/gpgkeys_hkp.c 2012-08-14 08:34:08.701024646 -0400 +@@ -234,9 +234,10 @@ + get_key(char *getkey) + { + CURLcode res; +- char request[MAX_URL+60]; ++ char request[MAX_URL+92]; + char *offset; + struct curl_writer_ctx ctx; ++ size_t keylen; + + memset(&ctx,0,sizeof(ctx)); + +@@ -262,14 +263,19 @@ + strcat(request,port); + strcat(request,opt->path); + /* request is MAX_URL+55 bytes long - MAX_URL covers the whole URL, +- including any supplied path. The 60 overcovers this /pks/... etc +- string plus the 8 bytes of key id */ ++ including any supplied path. The 92 overcovers this /pks/... etc ++ string plus the 8, 16, or 40 bytes of key id/fingerprint */ + append_path(request,"/pks/lookup?op=get&options=mr&search=0x"); + +- /* fingerprint or long key id. Take the last 8 characters and treat +- it like a short key id */ +- if(strlen(getkey)>8) +- offset=&getkey[strlen(getkey)-8]; ++ /* send only fingerprint, long key id, or short keyid. see: ++ https://tools.ietf.org/html/draft-shaw-openpgp-hkp-00#section-3.1.1.1 */ ++ keylen = strlen(getkey); ++ if(keylen >= 40) ++ offset=&getkey[keylen-40]; ++ else if(keylen >= 16) ++ offset=&getkey[keylen-16]; ++ else if(keylen >= 8) ++ offset=&getkey[keylen-8]; + else + offset=getkey; + --- gnupg-1.4.11.orig/debian/patches/CVE-2014-5270.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2014-5270.dpatch @@ -0,0 +1,464 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix side-channel attack on Elgamal encryption subkeys +# Origin: backport, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/mpi/mpi-pow.c gnupg-1.4.11/mpi/mpi-pow.c +--- gnupg-1.4.11~/mpi/mpi-pow.c 2014-08-19 09:41:29.000000000 -0400 ++++ gnupg-1.4.11/mpi/mpi-pow.c 2014-08-19 09:41:38.663415854 -0400 +@@ -34,7 +34,14 @@ + #include "longlong.h" + #include + ++/* ++ * When you need old implementation, please add compilation option ++ * -DUSE_ALGORITHM_SIMPLE_EXPONENTIATION ++ * or expose this line: ++#define USE_ALGORITHM_SIMPLE_EXPONENTIATION 1 ++ */ + ++#if defined(USE_ALGORITHM_SIMPLE_EXPONENTIATION) + /**************** + * RES = BASE ^ EXP mod MOD + */ +@@ -300,4 +307,440 @@ + if( xp_marker ) mpi_free_limb_space( xp_marker ); + if( tspace ) mpi_free_limb_space( tspace ); + } ++#else /*!USE_ALGORITHM_SIMPLE_EXPONENTIATION */ ++ ++/** ++ * Internal function to compute ++ * ++ * X = R * S mod M ++ * ++ * and set the size of X at the pointer XSIZE_P. ++ * Use karatsuba structure at KARACTX_P. ++ * ++ * Condition: ++ * RSIZE >= SSIZE ++ * Enough space for X is allocated beforehand. ++ * ++ * For generic cases, we can/should use mpi_mulm. ++ * This function is use for specific internal case. ++ */ ++static void ++mul_mod (mpi_ptr_t xp, mpi_size_t *xsize_p, ++ mpi_ptr_t rp, mpi_size_t rsize, ++ mpi_ptr_t sp, mpi_size_t ssize, ++ mpi_ptr_t mp, mpi_size_t msize, ++ struct karatsuba_ctx *karactx_p) ++{ ++ if( ssize < KARATSUBA_THRESHOLD ) ++ mpihelp_mul ( xp, rp, rsize, sp, ssize ); ++ else ++ mpihelp_mul_karatsuba_case (xp, rp, rsize, sp, ssize, karactx_p); ++ ++ if (rsize + ssize > msize) ++ { ++ mpihelp_divrem (xp + msize, 0, xp, rsize + ssize, mp, msize); ++ *xsize_p = msize; ++ } ++ else ++ *xsize_p = rsize + ssize; ++} ++ ++#define SIZE_B_2I3 ((1 << (5 - 1)) - 1) ++ ++/**************** ++ * RES = BASE ^ EXPO mod MOD ++ * ++ * To mitigate the Yarom/Falkner flush+reload cache side-channel ++ * attack on the RSA secret exponent, we don't use the square ++ * routine but multiplication. ++ * ++ * Reference: ++ * Handbook of Applied Cryptography ++ * Algorithm 14.83: Modified left-to-right k-ary exponentiation ++ */ ++void ++mpi_powm (MPI res, MPI base, MPI expo, MPI mod) ++{ ++ /* Pointer to the limbs of the arguments, their size and signs. */ ++ mpi_ptr_t rp, ep, mp, bp; ++ mpi_size_t esize, msize, bsize, rsize; ++ int msign, bsign, rsign; ++ /* Flags telling the secure allocation status of the arguments. */ ++ int esec, msec, bsec; ++ /* Size of the result including space for temporary values. */ ++ mpi_size_t size; ++ /* Helper. */ ++ int mod_shift_cnt; ++ int negative_result; ++ mpi_ptr_t mp_marker = NULL; ++ mpi_ptr_t bp_marker = NULL; ++ mpi_ptr_t ep_marker = NULL; ++ mpi_ptr_t xp_marker = NULL; ++ mpi_ptr_t b_2i3[SIZE_B_2I3]; /* Pre-computed array: BASE^3, ^5, ^7, ... */ ++ mpi_size_t b_2i3size[SIZE_B_2I3]; ++ mpi_size_t W; ++ mpi_ptr_t base_u; ++ mpi_size_t base_u_size; ++ ++ esize = expo->nlimbs; ++ msize = mod->nlimbs; ++ size = 2 * msize; ++ msign = mod->sign; ++ ++ if (esize * BITS_PER_MPI_LIMB > 512) ++ W = 5; ++ else if (esize * BITS_PER_MPI_LIMB > 256) ++ W = 4; ++ else if (esize * BITS_PER_MPI_LIMB > 128) ++ W = 3; ++ else if (esize * BITS_PER_MPI_LIMB > 64) ++ W = 2; ++ else ++ W = 1; ++ ++ esec = mpi_is_secure(expo); ++ msec = mpi_is_secure(mod); ++ bsec = mpi_is_secure(base); ++ ++ rp = res->d; ++ ep = expo->d; ++ ++ if (!msize) ++ msize = 1 / msize; /* provoke a signal */ ++ ++ if (!esize) ++ { ++ /* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 depending ++ on if MOD equals 1. */ ++ res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1; ++ if (res->nlimbs) ++ { ++ RESIZE_IF_NEEDED (res, 1); ++ rp = res->d; ++ rp[0] = 1; ++ } ++ res->sign = 0; ++ goto leave; ++ } ++ ++ /* Normalize MOD (i.e. make its most significant bit set) as ++ required by mpn_divrem. This will make the intermediate values ++ in the calculation slightly larger, but the correct result is ++ obtained after a final reduction using the original MOD value. */ ++ mp = mp_marker = mpi_alloc_limb_space(msize, msec); ++ count_leading_zeros (mod_shift_cnt, mod->d[msize-1]); ++ if (mod_shift_cnt) ++ mpihelp_lshift (mp, mod->d, msize, mod_shift_cnt); ++ else ++ MPN_COPY( mp, mod->d, msize ); ++ ++ bsize = base->nlimbs; ++ bsign = base->sign; ++ if (bsize > msize) ++ { ++ /* The base is larger than the module. Reduce it. ++ ++ Allocate (BSIZE + 1) with space for remainder and quotient. ++ (The quotient is (bsize - msize + 1) limbs.) */ ++ bp = bp_marker = mpi_alloc_limb_space( bsize + 1, bsec ); ++ MPN_COPY ( bp, base->d, bsize ); ++ /* We don't care about the quotient, store it above the ++ * remainder, at BP + MSIZE. */ ++ mpihelp_divrem( bp + msize, 0, bp, bsize, mp, msize ); ++ bsize = msize; ++ /* Canonicalize the base, since we are going to multiply with it ++ quite a few times. */ ++ MPN_NORMALIZE( bp, bsize ); ++ } ++ else ++ bp = base->d; ++ ++ if (!bsize) ++ { ++ res->nlimbs = 0; ++ res->sign = 0; ++ goto leave; ++ } ++ ++ ++ /* Make BASE, EXPO and MOD not overlap with RES. */ ++ if ( rp == bp ) ++ { ++ /* RES and BASE are identical. Allocate temp. space for BASE. */ ++ assert (!bp_marker); ++ bp = bp_marker = mpi_alloc_limb_space( bsize, bsec ); ++ MPN_COPY(bp, rp, bsize); ++ } ++ if ( rp == ep ) ++ { ++ /* RES and EXPO are identical. Allocate temp. space for EXPO. */ ++ ep = ep_marker = mpi_alloc_limb_space( esize, esec ); ++ MPN_COPY(ep, rp, esize); ++ } ++ if ( rp == mp ) ++ { ++ /* RES and MOD are identical. Allocate temporary space for MOD.*/ ++ assert (!mp_marker); ++ mp = mp_marker = mpi_alloc_limb_space( msize, msec ); ++ MPN_COPY(mp, rp, msize); ++ } ++ ++ /* Copy base to the result. */ ++ if (res->alloced < size) ++ { ++ mpi_resize (res, size); ++ rp = res->d; ++ } ++ ++ /* Main processing. */ ++ { ++ mpi_size_t i, j; ++ mpi_ptr_t xp; ++ mpi_size_t xsize; ++ int c; ++ mpi_limb_t e; ++ mpi_limb_t carry_limb; ++ struct karatsuba_ctx karactx; ++ mpi_ptr_t tp; ++ ++ xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); ++ ++ memset( &karactx, 0, sizeof karactx ); ++ negative_result = (ep[0] & 1) && bsign; ++ ++ /* Precompute B_2I3[], BASE^(2 * i + 3), BASE^3, ^5, ^7, ... */ ++ if (W > 1) /* X := BASE^2 */ ++ mul_mod (xp, &xsize, bp, bsize, bp, bsize, mp, msize, &karactx); ++ for (i = 0; i < (1 << (W - 1)) - 1; i++) ++ { /* B_2I3[i] = BASE^(2 * i + 3) */ ++ if (i == 0) ++ { ++ base_u = bp; ++ base_u_size = bsize; ++ } ++ else ++ { ++ base_u = b_2i3[i-1]; ++ base_u_size = b_2i3size[i-1]; ++ } ++ ++ if (xsize >= base_u_size) ++ mul_mod (rp, &rsize, xp, xsize, base_u, base_u_size, ++ mp, msize, &karactx); ++ else ++ mul_mod (rp, &rsize, base_u, base_u_size, xp, xsize, ++ mp, msize, &karactx); ++ b_2i3[i] = mpi_alloc_limb_space (rsize, esec); ++ b_2i3size[i] = rsize; ++ MPN_COPY (b_2i3[i], rp, rsize); ++ } ++ ++ i = esize - 1; ++ ++ /* Main loop. ++ ++ Make the result be pointed to alternately by XP and RP. This ++ helps us avoid block copying, which would otherwise be ++ necessary with the overlap restrictions of mpihelp_divmod. With ++ 50% probability the result after this loop will be in the area ++ originally pointed by RP (==RES->d), and with 50% probability ++ in the area originally pointed to by XP. */ ++ rsign = 0; ++ if (W == 1) ++ { ++ rsize = bsize; ++ } ++ else ++ { ++ rsize = msize; ++ MPN_ZERO (rp, rsize); ++ } ++ MPN_COPY ( rp, bp, bsize ); ++ ++ e = ep[i]; ++ count_leading_zeros (c, e); ++ e = (e << c) << 1; ++ c = BITS_PER_MPI_LIMB - 1 - c; ++ ++ j = 0; ++ ++ for (;;) ++ if (e == 0) ++ { ++ j += c; ++ i--; ++ if ( i < 0 ) ++ { ++ c = 0; ++ break; ++ } ++ ++ e = ep[i]; ++ c = BITS_PER_MPI_LIMB; ++ } ++ else ++ { ++ int c0; ++ mpi_limb_t e0; ++ ++ count_leading_zeros (c0, e); ++ e = (e << c0); ++ c -= c0; ++ j += c0; ++ ++ if (c >= W) ++ { ++ e0 = (e >> (BITS_PER_MPI_LIMB - W)); ++ e = (e << W); ++ c -= W; ++ } ++ else ++ { ++ i--; ++ if ( i < 0 ) ++ { ++ e = (e >> (BITS_PER_MPI_LIMB - c)); ++ break; ++ } ++ ++ c0 = c; ++ e0 = (e >> (BITS_PER_MPI_LIMB - W)) ++ | (ep[i] >> (BITS_PER_MPI_LIMB - W + c0)); ++ e = (ep[i] << (W - c0)); ++ c = BITS_PER_MPI_LIMB - W + c0; ++ } ++ ++ count_trailing_zeros (c0, e0); ++ e0 = (e0 >> c0) >> 1; ++ ++ for (j += W - c0; j; j--) ++ { ++ mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); ++ tp = rp; rp = xp; xp = tp; ++ rsize = xsize; ++ } ++ ++ if (e0 == 0) ++ { ++ base_u = bp; ++ base_u_size = bsize; ++ } ++ else ++ { ++ base_u = b_2i3[e0 - 1]; ++ base_u_size = b_2i3size[e0 -1]; ++ } ++ ++ mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, ++ mp, msize, &karactx); ++ tp = rp; rp = xp; xp = tp; ++ rsize = xsize; ++ ++ j = c0; ++ } ++ ++ if (c != 0) ++ { ++ j += c; ++ count_trailing_zeros (c, e); ++ e = (e >> c); ++ j -= c; ++ } ++ ++ while (j--) ++ { ++ mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); ++ tp = rp; rp = xp; xp = tp; ++ rsize = xsize; ++ } ++ ++ if (e != 0) ++ { ++ if ((e>>1) == 0) ++ { ++ base_u = bp; ++ base_u_size = bsize; ++ } ++ else ++ { ++ base_u = b_2i3[(e>>1) - 1]; ++ base_u_size = b_2i3size[(e>>1) -1]; ++ } ++ ++ mul_mod (xp, &xsize, rp, rsize, base_u, base_u_size, ++ mp, msize, &karactx); ++ tp = rp; rp = xp; xp = tp; ++ rsize = xsize; ++ ++ for (; c; c--) ++ { ++ mul_mod (xp, &xsize, rp, rsize, rp, rsize, mp, msize, &karactx); ++ tp = rp; rp = xp; xp = tp; ++ rsize = xsize; ++ } ++ } ++ ++ /* We shifted MOD, the modulo reduction argument, left ++ MOD_SHIFT_CNT steps. Adjust the result by reducing it with the ++ original MOD. ++ ++ Also make sure the result is put in RES->d (where it already ++ might be, see above). */ ++ if ( mod_shift_cnt ) ++ { ++ carry_limb = mpihelp_lshift( res->d, rp, rsize, mod_shift_cnt); ++ rp = res->d; ++ if ( carry_limb ) ++ { ++ rp[rsize] = carry_limb; ++ rsize++; ++ } ++ } ++ else if (res->d != rp) ++ { ++ MPN_COPY (res->d, rp, rsize); ++ rp = res->d; ++ } ++ ++ if ( rsize >= msize ) ++ { ++ mpihelp_divrem(rp + msize, 0, rp, rsize, mp, msize); ++ rsize = msize; ++ } ++ ++ /* Remove any leading zero words from the result. */ ++ if ( mod_shift_cnt ) ++ mpihelp_rshift (rp, rp, rsize, mod_shift_cnt); ++ MPN_NORMALIZE (rp, rsize); ++ ++ mpihelp_release_karatsuba_ctx (&karactx ); ++ for (i = 0; i < (1 << (W - 1)) - 1; i++) ++ mpi_free_limb_space (b_2i3[i]); ++ } ++ ++ /* Fixup for negative results. */ ++ if ( negative_result && rsize ) ++ { ++ if ( mod_shift_cnt ) ++ mpihelp_rshift (mp, mp, msize, mod_shift_cnt); ++ mpihelp_sub (rp, mp, msize, rp, rsize); ++ rsize = msize; ++ rsign = msign; ++ MPN_NORMALIZE(rp, rsize); ++ } ++ assert (res->d == rp); ++ res->nlimbs = rsize; ++ res->sign = rsign; ++ ++ leave: ++ if (mp_marker) ++ mpi_free_limb_space (mp_marker); ++ if (bp_marker) ++ mpi_free_limb_space (bp_marker); ++ if (ep_marker) ++ mpi_free_limb_space (ep_marker); ++ if (xp_marker) ++ mpi_free_limb_space (xp_marker); ++} ++#endif /*!USE_ALGORITHM_SIMPLE_EXPONENTIATION */ + --- gnupg-1.4.11.orig/debian/patches/CVE-2014-3591.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2014-3591.dpatch @@ -0,0 +1,92 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Mon, 11 Aug 2014 16:15:40 +0200 +# Subject: [PATCH] Use ciphertext blinding for Elgamal decryption. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/elgamal.c gnupg-1.4.11/cipher/elgamal.c +--- gnupg-1.4.11~/cipher/elgamal.c 2015-03-25 13:59:01.000000000 -0400 ++++ gnupg-1.4.11/cipher/elgamal.c 2015-03-25 13:59:09.318796491 -0400 +@@ -31,6 +31,11 @@ + #include "cipher.h" + #include "elgamal.h" + ++/* Blinding is used to mitigate side-channel attacks. You may undef ++ this to speed up the operation in case the system is secured ++ against physical and network mounted side-channel attacks. */ ++#define USE_BLINDING 1 ++ + typedef struct { + MPI p; /* prime */ + MPI g; /* group generator */ +@@ -372,25 +377,55 @@ + static void + decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) + { +- MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); ++ MPI t1, t2, r; ++ unsigned int nbits = mpi_get_nbits (skey->p); + +- mpi_normalize (a); +- mpi_normalize (b); ++ mpi_normalize (a); ++ mpi_normalize (b); ++ ++ t1 = mpi_alloc_secure (mpi_nlimb_hint_from_nbits (nbits)); ++#ifdef USE_BLINDING ++ ++ t2 = mpi_alloc_secure (mpi_nlimb_hint_from_nbits (nbits)); ++ r = mpi_alloc (mpi_nlimb_hint_from_nbits (nbits)); ++ ++ /* We need a random number of about the prime size. The random ++ number merely needs to be unpredictable; thus we use level 0. */ ++ randomize_mpi (r, nbits, 0); ++ ++ /* t1 = r^x mod p */ ++ mpi_powm (t1, r, skey->x, skey->p); ++ /* t2 = (a * r)^-x mod p */ ++ mpi_mulm (t2, a, r, skey->p); ++ mpi_powm (t2, t2, skey->x, skey->p); ++ mpi_invm (t2, t2, skey->p); ++ /* t1 = (t1 * t2) mod p*/ ++ mpi_mulm (t1, t1, t2, skey->p); ++ ++ mpi_free (r); ++ mpi_free (t2); ++ ++#else /*!USE_BLINDING*/ ++ ++ /* output = b/(a^x) mod p */ ++ mpi_powm (t1, a, skey->x, skey->p); ++ mpi_invm (t1, t1, skey->p); ++ ++#endif /*!USE_BLINDING*/ ++ ++ mpi_mulm (output, b, t1, skey->p); + +- /* output = b/(a^x) mod p */ +- mpi_powm( t1, a, skey->x, skey->p ); +- mpi_invm( t1, t1, skey->p ); +- mpi_mulm( output, b, t1, skey->p ); + #if 0 +- if( DBG_CIPHER ) { +- log_mpidump("elg decrypted x= ", skey->x); +- log_mpidump("elg decrypted p= ", skey->p); +- log_mpidump("elg decrypted a= ", a); +- log_mpidump("elg decrypted b= ", b); +- log_mpidump("elg decrypted M= ", output); ++ if (DBG_CIPHER) ++ { ++ log_mpidump("elg decrypted x= ", skey->x); ++ log_mpidump("elg decrypted p= ", skey->p); ++ log_mpidump("elg decrypted a= ", a); ++ log_mpidump("elg decrypted b= ", b); ++ log_mpidump("elg decrypted M= ", output); + } + #endif +- mpi_free(t1); ++ mpi_free (t1); + } + + --- gnupg-1.4.11.orig/debian/patches/0001-Screen-keyserver-responses.dpatch +++ gnupg-1.4.11/debian/patches/0001-Screen-keyserver-responses.dpatch @@ -0,0 +1,398 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 5230304349490f31aa64ee2b69a8a2bc06bf7816 Mon Sep 17 00:00:00 2001 +# From: Stefan Tomanek +# Date: Thu, 30 Jan 2014 00:57:43 +0100 +# Subject: [PATCH] Screen keyserver responses. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/import.c gnupg-1.4.11/g10/import.c +--- gnupg-1.4.11~/g10/import.c 2015-03-25 13:51:43.000000000 -0400 ++++ gnupg-1.4.11/g10/import.c 2015-03-25 13:53:51.628127467 -0400 +@@ -59,14 +59,17 @@ + + + static int import( IOBUF inp, const char* fname,struct stats_s *stats, +- unsigned char **fpr,size_t *fpr_len,unsigned int options ); ++ unsigned char **fpr,size_t *fpr_len,unsigned int options, ++ import_filter filter, void *filter_arg ); + static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); + static void revocation_present(KBNODE keyblock); + static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len, +- unsigned int options,int from_sk); ++ unsigned int options,int from_sk, ++ import_filter filter, void *filter_arg); + static int import_secret_one( const char *fname, KBNODE keyblock, +- struct stats_s *stats, unsigned int options); ++ struct stats_s *stats, unsigned int options, ++ import_filter filter, void *filter_arg); + static int import_revoke_cert( const char *fname, KBNODE node, + struct stats_s *stats); + static int chk_self_sigs( const char *fname, KBNODE keyblock, +@@ -163,7 +166,8 @@ + static int + import_keys_internal( IOBUF inp, char **fnames, int nnames, + void *stats_handle, unsigned char **fpr, size_t *fpr_len, +- unsigned int options ) ++ unsigned int options, ++ import_filter filter, void *filter_arg) + { + int i, rc = 0; + struct stats_s *stats = stats_handle; +@@ -172,7 +176,8 @@ + stats = import_new_stats_handle (); + + if (inp) { +- rc = import( inp, "[stream]", stats, fpr, fpr_len, options); ++ rc = import (inp, "[stream]", stats, fpr, fpr_len, options, ++ filter, filter_arg); + } + else { + if( !fnames && !nnames ) +@@ -193,7 +198,8 @@ + log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); + else + { +- rc = import( inp2, fname, stats, fpr, fpr_len, options ); ++ rc = import (inp2, fname, stats, fpr, fpr_len, options, ++ NULL, NULL); + iobuf_close(inp2); + /* Must invalidate that ugly cache to actually close it. */ + iobuf_ioctl (NULL, 2, 0, (char*)fname); +@@ -226,19 +232,23 @@ + import_keys( char **fnames, int nnames, + void *stats_handle, unsigned int options ) + { +- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options); ++ import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL, ++ options, NULL, NULL); + } + + int + import_keys_stream( IOBUF inp, void *stats_handle, +- unsigned char **fpr, size_t *fpr_len,unsigned int options ) ++ unsigned char **fpr, size_t *fpr_len,unsigned int options, ++ import_filter filter, void *filter_arg ) + { +- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options); ++ return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len, ++ options, filter, filter_arg); + } + + static int + import( IOBUF inp, const char* fname,struct stats_s *stats, +- unsigned char **fpr,size_t *fpr_len,unsigned int options ) ++ unsigned char **fpr,size_t *fpr_len,unsigned int options, ++ import_filter filter, void *filter_arg) + { + PACKET *pending_pkt = NULL; + KBNODE keyblock = NULL; +@@ -255,9 +265,11 @@ + + while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) { + if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) +- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0); +- else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) +- rc = import_secret_one( fname, keyblock, stats, options ); ++ rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0, ++ filter, filter_arg); ++ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) ++ rc = import_secret_one (fname, keyblock, stats, options, ++ filter, filter_arg); + else if( keyblock->pkt->pkttype == PKT_SIGNATURE + && keyblock->pkt->pkt.signature->sig_class == 0x20 ) + rc = import_revoke_cert( fname, keyblock, stats ); +@@ -741,7 +753,7 @@ + static int + import_one( const char *fname, KBNODE keyblock, struct stats_s *stats, + unsigned char **fpr,size_t *fpr_len,unsigned int options, +- int from_sk ) ++ int from_sk, import_filter filter, void *filter_arg) + { + PKT_public_key *pk; + PKT_public_key *pk_orig; +@@ -780,6 +792,13 @@ + log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); + return 0; + } ++ ++ if (filter && filter (pk, NULL, filter_arg)) ++ { ++ log_error (_("key %s: %s\n"), keystr_from_pk(pk), ++ _("rejected by import filter")); ++ return 0; ++ } + + if (opt.interactive) { + if(is_status_enabled()) +@@ -1149,7 +1168,8 @@ + */ + static int + import_secret_one( const char *fname, KBNODE keyblock, +- struct stats_s *stats, unsigned int options) ++ struct stats_s *stats, unsigned int options, ++ import_filter filter, void *filter_arg) + { + PKT_secret_key *sk; + KBNODE node, uidnode; +@@ -1165,6 +1185,12 @@ + keyid_from_sk( sk, keyid ); + uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + ++ if (filter && filter (NULL, sk, filter_arg)) { ++ log_error (_("secret key %s: %s\n"), keystr_from_sk(sk), ++ _("rejected by import filter")); ++ return 0; ++ } ++ + if( opt.verbose ) + { + log_info( "sec %4u%c/%s %s ", +@@ -1237,8 +1263,9 @@ + KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock); + if(pub_keyblock) + { +- import_one(fname,pub_keyblock,stats, +- NULL,NULL,opt.import_options,1); ++ import_one (fname, pub_keyblock, stats, ++ NULL, NULL, opt.import_options, 1, ++ NULL, NULL); + release_kbnode(pub_keyblock); + } + } +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keyserver.c gnupg-1.4.11/g10/keyserver.c +--- gnupg-1.4.11~/g10/keyserver.c 2010-09-28 04:55:23.000000000 -0400 ++++ gnupg-1.4.11/g10/keyserver.c 2015-03-25 13:54:37.392511839 -0400 +@@ -650,7 +650,7 @@ + case 'R': + work->flags|=1; + break; +- ++ + case 'd': + case 'D': + work->flags|=2; +@@ -904,7 +904,7 @@ + /* Leave this commented out or now, and perhaps for a very long + time. All HKPish servers return HTML error messages for + no-key-found. */ +- /* ++ /* + if(!started) + log_info(_("keyserver does not support searching\n")); + else +@@ -953,7 +953,52 @@ + #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\"" + #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" + +-static int ++ ++/* Check whether a key matches the search description. The filter ++ returns 0 if the key shall be imported. Note that this kind of ++ filter is not related to the iobuf filters. */ ++static int ++keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) ++{ ++ KEYDB_SEARCH_DESC *desc = arg; ++ u32 keyid[2]; ++ byte fpr[MAX_FINGERPRINT_LEN]; ++ size_t fpr_len = 0; ++ ++ /* Secret keys are not expected from a keyserver. Do not import. */ ++ if (sk) ++ return G10ERR_GENERAL; ++ ++ fingerprint_from_pk (pk, fpr, &fpr_len); ++ keyid_from_pk (pk, keyid); ++ ++ /* Compare requested and returned fingerprints if available. */ ++ if (desc->mode == KEYDB_SEARCH_MODE_FPR20) ++ { ++ if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) ++ return G10ERR_GENERAL; ++ } ++ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) ++ { ++ if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) ++ return G10ERR_GENERAL; ++ } ++ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) ++ { ++ if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) ++ return G10ERR_GENERAL; ++ } ++ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ { ++ if (keyid[1] != desc->u.kid[1]) ++ return G10ERR_GENERAL; ++ } ++ ++ return 0; ++} ++ ++ ++static int + keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, + int count,int *prog,unsigned char **fpr,size_t *fpr_len, + struct keyserver_spec *keyserver) +@@ -993,7 +1038,7 @@ + the program of this process lives. Fortunately Windows provides + a way to retrieve this and our get_libexecdir function has been + modified to return just this. Setting the exec-path is not +- anymore required. ++ anymore required. + set_exec_path(libexecdir); + */ + #else +@@ -1025,7 +1070,7 @@ + fetcher that can speak that protocol (this is a problem for + LDAP). */ + +- strcat(command,GPGKEYS_PREFIX); ++ strcat(command,GPGKEYS_PREFIX); + strcat(command,scheme); + + /* This "_uri" thing is in case we need to call a direct handler +@@ -1055,7 +1100,7 @@ + { + command=xrealloc(command,strlen(command)+ + strlen(KEYSERVER_ARGS_NOKEEP)+1); +- strcat(command,KEYSERVER_ARGS_NOKEEP); ++ strcat(command,KEYSERVER_ARGS_NOKEEP); + } + + ret=exec_write(&spawn,NULL,command,NULL,0,0); +@@ -1500,7 +1545,8 @@ + line-by-line and make a temp iobuf for each key. */ + + import_keys_stream(spawn->fromchild,stats_handle,fpr,fpr_len, +- opt.keyserver_options.import_options); ++ opt.keyserver_options.import_options, ++ keyserver_retrieval_filter, desc); + + import_print_stats(stats_handle); + import_release_stats_handle(stats_handle); +@@ -1531,7 +1577,7 @@ + return ret; + } + +-static int ++static int + keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc, + int count,unsigned char **fpr,size_t *fpr_len, + struct keyserver_spec *keyserver) +@@ -1601,7 +1647,7 @@ + #endif /* ! DISABLE_KEYSERVER_HELPERS*/ + } + +-int ++int + keyserver_export(STRLIST users) + { + STRLIST sl=NULL; +@@ -1633,7 +1679,7 @@ + return rc; + } + +-int ++int + keyserver_import(STRLIST users) + { + KEYDB_SEARCH_DESC *desc; +@@ -1693,7 +1739,7 @@ + return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver); + } + +-int ++int + keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver) + { + KEYDB_SEARCH_DESC desc; +@@ -1708,7 +1754,7 @@ + } + + /* code mostly stolen from do_export_stream */ +-static int ++static int + keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) + { + int rc=0,ndesc,num=100; +@@ -1731,10 +1777,10 @@ + } + else + { +- for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) ++ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) + ; + desc = xmalloc ( ndesc * sizeof *desc); +- ++ + for (ndesc=0, sl=users; sl; sl = sl->next) + { + if(classify_user_id (sl->d, desc+ndesc)) +@@ -1747,7 +1793,7 @@ + + while (!(rc = keydb_search (kdbhd, desc, ndesc))) + { +- if (!users) ++ if (!users) + desc[0].mode = KEYDB_SEARCH_MODE_NEXT; + + /* read the keyblock */ +@@ -1850,7 +1896,7 @@ + + if(rc==-1) + rc=0; +- ++ + leave: + if(rc) + xfree(*klist); +@@ -2032,7 +2078,7 @@ + opt.no_armor=1; + + rc=import_keys_stream(key,NULL,fpr,fpr_len, +- opt.keyserver_options.import_options); ++ opt.keyserver_options.import_options, NULL, NULL); + + opt.no_armor=armor_status; + +@@ -2171,7 +2217,7 @@ + snprintf(port,7,":%u",srvlist[i].port); + strcat(keyserver->host,port); + } +- ++ + strcat(keyserver->host," "); + } + +@@ -2187,7 +2233,7 @@ + strcat(keyserver->host,domain); + + append_to_strlist(&list,name); +- ++ + rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver); + + free_strlist(list); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/main.h gnupg-1.4.11/g10/main.h +--- gnupg-1.4.11~/g10/main.h 2009-08-03 12:19:20.000000000 -0400 ++++ gnupg-1.4.11/g10/main.h 2015-03-25 13:51:57.223166764 -0400 +@@ -213,11 +213,15 @@ + MD_HANDLE md, int hash_algo ); + + /*-- import.c --*/ ++ ++typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg); ++ + int parse_import_options(char *str,unsigned int *options,int noisy); + void import_keys( char **fnames, int nnames, + void *stats_hd, unsigned int options ); +-int import_keys_stream( IOBUF inp,void *stats_hd,unsigned char **fpr, +- size_t *fpr_len,unsigned int options ); ++int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr, ++ size_t *fpr_len,unsigned int options, ++ import_filter filter, void *filter_arg); + void *import_new_stats_handle (void); + void import_release_stats_handle (void *p); + void import_print_stats (void *hd); --- gnupg-1.4.11.orig/debian/patches/CVE-2015-1606.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2015-1606.dpatch @@ -0,0 +1,48 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 81d3e541326e94d26a953aa70afc3cb149d11ebe Mon Sep 17 00:00:00 2001 +# From: Werner Koch +# Date: Sat, 21 Feb 2015 23:10:30 -0500 +# Subject: [PATCH] gpg: Prevent an invalid memory read using a garbled keyring. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keyring.c gnupg-1.4.11/g10/keyring.c +--- gnupg-1.4.11~/g10/keyring.c 2010-10-10 05:16:23.000000000 -0400 ++++ gnupg-1.4.11/g10/keyring.c 2015-03-25 13:59:33.478999538 -0400 +@@ -400,8 +400,26 @@ + rc = G10ERR_INV_KEYRING; + break; + } +- if (pkt->pkttype == PKT_COMPRESSED) { +- log_error ("skipped compressed packet in keyring\n"); ++ ++ /* Filter allowed packets. */ ++ switch (pkt->pkttype){ ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_SIGNATURE: ++ break; /* Allowed per RFC. */ ++ case PKT_RING_TRUST: ++ case PKT_OLD_COMMENT: ++ case PKT_COMMENT: ++ case PKT_GPG_CONTROL: ++ break; /* Allowed by us. */ ++ ++ default: ++ log_error ("skipped packet of type %d in keyring\n", ++ (int)pkt->pkttype); + free_packet(pkt); + init_packet(pkt); + continue; +@@ -467,7 +485,7 @@ + if (rc || !ret_kb) + release_kbnode (keyblock); + else { +- /*(duplicated form the loop body)*/ ++ /*(duplicated from the loop body)*/ + if ( pkt && pkt->pkttype == PKT_RING_TRUST + && lastnode + && lastnode->pkt->pkttype == PKT_SIGNATURE --- gnupg-1.4.11.orig/debian/patches/CVE-2012-6085.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2012-6085.dpatch @@ -0,0 +1,47 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix keyring corruption via malformed key import +# Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=f795a0d59e197455f8723c300eebf59e09853efa +# Bug: https://bugs.g10code.com/gnupg/issue1455 +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697108 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/import.c gnupg-1.4.11/g10/import.c +--- gnupg-1.4.11~/g10/import.c 2010-05-07 06:34:39.000000000 -0400 ++++ gnupg-1.4.11/g10/import.c 2013-01-08 10:52:51.153224564 -0500 +@@ -346,6 +346,27 @@ + } + + ++/* Return true if PKTTYPE is valid in a keyblock. */ ++static int ++valid_keyblock_packet (int pkttype) ++{ ++ switch (pkttype) ++ { ++ case PKT_PUBLIC_KEY: ++ case PKT_PUBLIC_SUBKEY: ++ case PKT_SECRET_KEY: ++ case PKT_SECRET_SUBKEY: ++ case PKT_SIGNATURE: ++ case PKT_USER_ID: ++ case PKT_ATTRIBUTE: ++ case PKT_RING_TRUST: ++ return 1; ++ default: ++ return 0; ++ } ++} ++ ++ + /**************** + * Read the next keyblock from stream A. + * PENDING_PKT should be initialzed to NULL +@@ -423,7 +444,7 @@ + } + in_cert = 1; + default: +- if( in_cert ) { ++ if (in_cert && valid_keyblock_packet (pkt->pkttype)) { + if( !root ) + root = new_kbnode( pkt ); + else --- gnupg-1.4.11.orig/debian/patches/00list +++ gnupg-1.4.11/debian/patches/00list @@ -0,0 +1,20 @@ +mips_gcc4.4 +disable_mlock_test +use_agent_default +long-keyids +CVE-2012-6085 +CVE-2013-4242 +CVE-2013-4351 +CVE-2013-4402 +CVE-2013-4576 +CVE-2014-4617 +CVE-2014-5270 +0001-Screen-keyserver-responses +0002-Make-screening-of-keyserver-result-work-with-multi-k +0003-Add-kbnode_t-for-easier-backporting +0004-gpg-Fix-regression-due-to-the-keyserver-import-filte +Add-build-and-runtime-support-for-larger-RSA-key +CVE-2014-3591 +CVE-2015-0837 +CVE-2015-1606 +CVE-2015-1607 --- gnupg-1.4.11.orig/debian/patches/Add-build-and-runtime-support-for-larger-RSA-key.dpatch +++ gnupg-1.4.11/debian/patches/Add-build-and-runtime-support-for-larger-RSA-key.dpatch @@ -0,0 +1,193 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# From 534e2876acc05f9f8d9b54c18511fe768d77dfb5 Mon Sep 17 00:00:00 2001 +# From: Daniel Kahn Gillmor +# Date: Fri, 3 Oct 2014 12:01:11 -0400 +# Subject: [PATCH] gpg: Add build and runtime support for larger RSA keys + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/config.h.in gnupg-1.4.11/config.h.in +--- gnupg-1.4.11~/config.h.in 2015-03-25 13:57:03.000000000 -0400 ++++ gnupg-1.4.11/config.h.in 2015-03-25 13:57:09.117786438 -0400 +@@ -664,6 +664,9 @@ + /* Define as the return type of signal handlers (`int' or `void'). */ + #undef RETSIGTYPE + ++/* Size of secure memory buffer */ ++#undef SECMEM_BUFFER_SIZE ++ + /* The size of `time_t', as computed by sizeof. */ + #undef SIZEOF_TIME_T + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/configure gnupg-1.4.11/configure +--- gnupg-1.4.11~/configure 2010-10-18 04:50:11.000000000 -0400 ++++ gnupg-1.4.11/configure 2015-03-25 13:57:09.121786471 -0400 +@@ -814,6 +814,7 @@ + enable_selinux_support + enable_gnupg_iconv + enable_minimal ++enable_large_secmem + enable_card_support + enable_agent_support + enable_rsa +@@ -1507,6 +1508,7 @@ + enable SELinux support + --disable-gnupg-iconv disable the new iconv code + --enable-minimal build the smallest gpg binary possible ++ --enable-large-secmem allocate extra secure memory + --disable-card-support disable OpenPGP card support + --disable-agent-support disable gpg-agent support + --disable-rsa disable the RSA public key algorithm +@@ -4740,6 +4742,7 @@ + card_support=yes + agent_support=yes + disable_keyserver_path=no ++large_secmem=no + + # Check whether --enable-minimal was given. + if test "${enable_minimal+set}" = set; then : +@@ -4761,6 +4764,29 @@ + + + ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to allocate extra secure memory" >&5 ++$as_echo_n "checking whether to allocate extra secure memory... " >&6; } ++# Check whether --enable-large-secmem was given. ++if test "${enable_large_secmem+set}" = set; then : ++ enableval=$enable_large_secmem; large_secmem=$enableval ++else ++ large_secmem=no ++fi ++ ++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $large_secmem" >&5 ++$as_echo "$large_secmem" >&6; } ++if test "$large_secmem" = yes ; then ++ SECMEM_BUFFER_SIZE=65536 ++else ++ SECMEM_BUFFER_SIZE=32768 ++fi ++ ++cat >>confdefs.h <<_ACEOF ++#define SECMEM_BUFFER_SIZE $SECMEM_BUFFER_SIZE ++_ACEOF ++ ++ ++ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenPGP card support is requested" >&5 + $as_echo_n "checking whether OpenPGP card support is requested... " >&6; } + # Check whether --enable-card-support was given. +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/configure.ac gnupg-1.4.11/configure.ac +--- gnupg-1.4.11~/configure.ac 2010-10-18 04:45:45.000000000 -0400 ++++ gnupg-1.4.11/configure.ac 2015-03-25 13:57:09.105786337 -0400 +@@ -147,6 +147,7 @@ + card_support=yes + agent_support=yes + disable_keyserver_path=no ++large_secmem=no + + AC_ARG_ENABLE(minimal, + AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]), +@@ -166,6 +167,21 @@ + agent_support=no) + + ++AC_MSG_CHECKING([whether to allocate extra secure memory]) ++AC_ARG_ENABLE(large-secmem, ++ AC_HELP_STRING([--enable-large-secmem], ++ [allocate extra secure memory]), ++ large_secmem=$enableval, large_secmem=no) ++AC_MSG_RESULT($large_secmem) ++if test "$large_secmem" = yes ; then ++ SECMEM_BUFFER_SIZE=65536 ++else ++ SECMEM_BUFFER_SIZE=32768 ++fi ++AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE, ++ [Size of secure memory buffer]) ++ ++ + AC_MSG_CHECKING([whether OpenPGP card support is requested]) + AC_ARG_ENABLE(card-support, + AC_HELP_STRING([--disable-card-support], +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/doc/gpg.texi gnupg-1.4.11/doc/gpg.texi +--- gnupg-1.4.11~/doc/gpg.texi 2010-10-18 05:10:48.000000000 -0400 ++++ gnupg-1.4.11/doc/gpg.texi 2015-03-25 13:57:09.109786371 -0400 +@@ -1127,6 +1127,15 @@ + validation. This option is only meaningful if pka-lookups is set. + @end table + ++@item --enable-large-rsa ++@itemx --disable-large-rsa ++@opindex enable-large-rsa ++@opindex disable-large-rsa ++With --gen-key and --batch, enable the creation of larger RSA secret ++keys than is generally recommended (up to 8192 bits). These large ++keys are more expensive to use, and their signatures and ++certifications are also larger. ++ + @item --enable-dsa2 + @itemx --disable-dsa2 + Enable hash truncation for all DSA keys even for old DSA Keys up to +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/gpg.c gnupg-1.4.11/g10/gpg.c +--- gnupg-1.4.11~/g10/gpg.c 2010-07-05 05:17:37.000000000 -0400 ++++ gnupg-1.4.11/g10/gpg.c 2015-03-25 13:57:09.109786371 -0400 +@@ -368,6 +368,8 @@ + oAutoKeyLocate, + oNoAutoKeyLocate, + oAllowMultisigVerification, ++ oEnableLargeRSA, ++ oDisableLargeRSA, + oEnableDSA2, + oDisableDSA2, + oAllowMultipleMessages, +@@ -715,6 +717,8 @@ + { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"}, + #endif + { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, ++ { oEnableLargeRSA, "enable-large-rsa", 0, "@"}, ++ { oDisableLargeRSA, "disable-large-rsa", 0, "@"}, + { oEnableDSA2, "enable-dsa2", 0, "@"}, + { oDisableDSA2, "disable-dsa2", 0, "@"}, + { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, +@@ -2008,7 +2012,7 @@ + } + #endif + /* initialize the secure memory. */ +- got_secmem=secmem_init( 32768 ); ++ got_secmem=secmem_init( SECMEM_BUFFER_SIZE ); + maybe_setuid = 0; + /* Okay, we are now working under our real uid */ + +@@ -2876,6 +2880,22 @@ + release_akl(); + break; + ++ case oEnableLargeRSA: ++#if SECMEM_BUFFER_SIZE >= 65536 ++ opt.flags.large_rsa=1; ++#else ++ if (configname) ++ log_info("%s:%d: WARNING: gpg not built with large secure " ++ "memory buffer. Ignoring enable-large-rsa\n", ++ configname,configlineno); ++ else ++ log_info("WARNING: gpg not built with large secure " ++ "memory buffer. Ignoring --enable-large-rsa\n"); ++#endif /* SECMEM_BUFFER_SIZE >= 65536 */ ++ break; ++ case oDisableLargeRSA: opt.flags.large_rsa=0; ++ break; ++ + case oEnableDSA2: opt.flags.dsa2=1; break; + case oDisableDSA2: opt.flags.dsa2=0; break; + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/options.h gnupg-1.4.11/g10/options.h +--- gnupg-1.4.11~/g10/options.h 2009-07-20 04:01:58.000000000 -0400 ++++ gnupg-1.4.11/g10/options.h 2015-03-25 13:57:09.113786404 -0400 +@@ -227,6 +227,7 @@ + unsigned int utf8_filename:1; + unsigned int dsa2:1; + unsigned int allow_multiple_messages:1; ++ unsigned int large_rsa:1; + } flags; + + /* Linked list of ways to find a key if the key isn't on the local --- gnupg-1.4.11.orig/debian/patches/CVE-2013-4576.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2013-4576.dpatch @@ -0,0 +1,253 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix RSA Key Extraction via Low-Bandwidth Acoustic +# Cryptanalysis attack +# Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=93a96e3c0c33370248f6570d8285c4e811d305d4 +# Origin: upstream, http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=d0d72d98f34579213230b3febfebd2fd8dff272b + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/dsa.c gnupg-1.4.11/cipher/dsa.c +--- gnupg-1.4.11~/cipher/dsa.c 2008-12-11 11:40:06.000000000 -0500 ++++ gnupg-1.4.11/cipher/dsa.c 2013-12-18 11:16:56.571767078 -0500 +@@ -274,7 +274,7 @@ + /**************** + * Make a DSA signature from HASH and put it into r and s. + * +- * Without generating the k this function runs in ++ * Without generating the k this function runs in + * about 26ms on a 300 Mhz Mobile Pentium + */ + +@@ -285,6 +285,8 @@ + MPI kinv; + MPI tmp; + ++ mpi_normalize (hash); ++ + /* select a random k with 0 < k < q */ + k = gen_k( skey->q ); + +@@ -311,7 +313,7 @@ + /**************** + * Returns true if the signature composed from R and S is valid. + * +- * Without the checks this function runs in ++ * Without the checks this function runs in + * about 31ms on a 300 Mhz Mobile Pentium + */ + static int +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/elgamal.c gnupg-1.4.11/cipher/elgamal.c +--- gnupg-1.4.11~/cipher/elgamal.c 2008-12-11 11:40:06.000000000 -0500 ++++ gnupg-1.4.11/cipher/elgamal.c 2013-12-18 11:16:56.571767078 -0500 +@@ -374,6 +374,9 @@ + { + MPI t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); + ++ mpi_normalize (a); ++ mpi_normalize (b); ++ + /* output = b/(a^x) mod p */ + mpi_powm( t1, a, skey->x, skey->p ); + mpi_invm( t1, t1, skey->p ); +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/random.c gnupg-1.4.11/cipher/random.c +--- gnupg-1.4.11~/cipher/random.c 2010-09-28 05:54:04.000000000 -0400 ++++ gnupg-1.4.11/cipher/random.c 2013-12-18 11:16:56.571767078 -0500 +@@ -284,6 +284,18 @@ + } + + ++/* Randomize the MPI by setting it to NBITS of random of quality LEVEL. */ ++void ++randomize_mpi (MPI mpi, size_t nbits, int level) ++{ ++ unsigned char *buffer; ++ ++ buffer = get_random_bits (nbits, level, mpi_is_secure (mpi)); ++ mpi_set_buffer (mpi, buffer, (nbits+7)/8, 0); ++ xfree (buffer); ++} ++ ++ + int + random_is_faked() + { +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/random.h gnupg-1.4.11/cipher/random.h +--- gnupg-1.4.11~/cipher/random.h 2008-12-11 11:40:06.000000000 -0500 ++++ gnupg-1.4.11/cipher/random.h 2013-12-18 11:16:56.571767078 -0500 +@@ -30,6 +30,7 @@ + int random_is_faked(void); + void random_disable_locking (void); + void randomize_buffer( byte *buffer, size_t length, int level ); ++void randomize_mpi (MPI mpi, size_t nbits, int level); + byte *get_random_bits( size_t nbits, int level, int secure ); + void fast_random_poll( void ); + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/cipher/rsa.c gnupg-1.4.11/cipher/rsa.c +--- gnupg-1.4.11~/cipher/rsa.c 2008-12-11 11:40:06.000000000 -0500 ++++ gnupg-1.4.11/cipher/rsa.c 2013-12-18 11:16:56.571767078 -0500 +@@ -1,5 +1,5 @@ + /* rsa.c - RSA function +- * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn) ++ * Copyright (C) 1997, 1998, 1999, 2013 by Werner Koch (dd9jn) + * Copyright (C) 2000, 2001 Free Software Foundation, Inc. + * + * This file is part of GnuPG. +@@ -22,7 +22,7 @@ + which expires on September 20, 2000. The patent holder placed that + patent into the public domain on Sep 6th, 2000. + */ +- ++ + #include + #include + #include +@@ -32,6 +32,10 @@ + #include "cipher.h" + #include "rsa.h" + ++/* Blinding is used to mitigate side-channel attacks. You may undef ++ this to speed up the operation in case the system is secured ++ against physical and network mounted side-channel attacks. */ ++#define USE_BLINDING 1 + + typedef struct { + MPI n; /* modulus */ +@@ -103,7 +107,7 @@ + + /* make sure that nbits is even so that we generate p, q of equal size */ + if ( (nbits&1) ) +- nbits++; ++ nbits++; + + n = mpi_alloc ( mpi_nlimb_hint_from_nbits (nbits) ); + +@@ -146,7 +150,7 @@ + 65537 as the new best practice. See FIPS-186-3. + */ + e = mpi_alloc ( mpi_nlimb_hint_from_nbits (32) ); +- mpi_set_ui( e, 65537); ++ mpi_set_ui( e, 65537); + while( !mpi_gcd(t1, e, phi) ) /* (while gcd is not 1) */ + mpi_add_ui( e, e, 2); + +@@ -268,7 +272,7 @@ + mpi_invm(t, skey->p, skey->q ); + if ( mpi_cmp(t, skey->u ) ) + log_info ( "RSA Oops: u is wrong\n"); +- ++ + log_info ( "RSA secret key check finished\n"); + + mpi_free (t); +@@ -286,9 +290,9 @@ + * + * Or faster: + * +- * m1 = c ^ (d mod (p-1)) mod p +- * m2 = c ^ (d mod (q-1)) mod q +- * h = u * (m2 - m1) mod q ++ * m1 = c ^ (d mod (p-1)) mod p ++ * m2 = c ^ (d mod (q-1)) mod q ++ * h = u * (m2 - m1) mod q + * m = m1 + h * p + * + * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY. +@@ -299,13 +303,31 @@ + #if 0 + mpi_powm( output, input, skey->d, skey->n ); + #else +- MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); +- MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); +- MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); ++ int nlimbs = mpi_get_nlimbs (skey->n)+1; ++ MPI m1 = mpi_alloc_secure (nlimbs); ++ MPI m2 = mpi_alloc_secure (nlimbs); ++ MPI h = mpi_alloc_secure (nlimbs); ++# ifdef USE_BLINDING ++ MPI bdata= mpi_alloc_secure (nlimbs); ++ MPI r = mpi_alloc_secure (nlimbs); ++# endif /* USE_BLINDING */ ++ ++ /* Remove superfluous leading zeroes from INPUT. */ ++ mpi_normalize (input); ++ ++# ifdef USE_BLINDING ++ /* Blind: bdata = (data * r^e) mod n */ ++ randomize_mpi (r, mpi_get_nbits (skey->n), 0); ++ mpi_fdiv_r (r, r, skey->n); ++ mpi_powm (bdata, r, skey->e, skey->n); ++ mpi_mulm (bdata, bdata, input, skey->n); ++ input = bdata; ++# endif /* USE_BLINDING */ + ++ /* RSA secret operation: */ + /* m1 = c ^ (d mod (p-1)) mod p */ + mpi_sub_ui( h, skey->p, 1 ); +- mpi_fdiv_r( h, skey->d, h ); ++ mpi_fdiv_r( h, skey->d, h ); + mpi_powm( m1, input, h, skey->p ); + /* m2 = c ^ (d mod (q-1)) mod q */ + mpi_sub_ui( h, skey->q, 1 ); +@@ -313,14 +335,21 @@ + mpi_powm( m2, input, h, skey->q ); + /* h = u * ( m2 - m1 ) mod q */ + mpi_sub( h, m2, m1 ); +- if ( mpi_is_neg( h ) ) ++ if ( mpi_is_neg( h ) ) + mpi_add ( h, h, skey->q ); +- mpi_mulm( h, skey->u, h, skey->q ); ++ mpi_mulm( h, skey->u, h, skey->q ); + /* m = m2 + h * p */ + mpi_mul ( h, h, skey->p ); + mpi_add ( output, m1, h ); +- /* ready */ +- ++ ++# ifdef USE_BLINDING ++ mpi_free (bdata); ++ /* Unblind: output = (output * r^(-1)) mod n */ ++ mpi_invm (r, r, skey->n); ++ mpi_mulm (output, output, r, skey->n); ++ mpi_free (r); ++# endif /* USE_BLINDING */ ++ + mpi_free ( h ); + mpi_free ( m1 ); + mpi_free ( m2 ); +@@ -395,6 +424,7 @@ + rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) + { + RSA_secret_key sk; ++ MPI input; + + if( algo != 1 && algo != 2 ) + return G10ERR_PUBKEY_ALGO; +@@ -405,8 +435,16 @@ + sk.p = skey[3]; + sk.q = skey[4]; + sk.u = skey[5]; +- *result = mpi_alloc_secure( mpi_get_nlimbs( sk.n ) ); +- secret( *result, data[0], &sk ); ++ ++ /* Better make sure that there are no superfluous leading zeroes ++ in the input and it has not been padded using multiples of N. ++ This mitigates side-channel attacks (CVE-2013-4576). */ ++ input = mpi_alloc (0); ++ mpi_normalize (data[0]); ++ mpi_fdiv_r (input, data[0], sk.n); ++ *result = mpi_alloc_secure (mpi_get_nlimbs (sk.n)); ++ secret (*result, input, &sk); ++ mpi_free (input); + return 0; + } + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/gpgv.c gnupg-1.4.11/g10/gpgv.c +--- gnupg-1.4.11~/g10/gpgv.c 2010-09-28 05:14:58.000000000 -0400 ++++ gnupg-1.4.11/g10/gpgv.c 2013-12-18 11:16:56.571767078 -0500 +@@ -388,6 +388,7 @@ + void random_dump_stats(void) {} + int quick_random_gen( int onoff ) { return -1;} + void randomize_buffer( byte *buffer, size_t length, int level ) {} ++void randomize_mpi (MPI mpi, size_t nbits, int level) {} + int random_is_faked() { return -1;} + byte *get_random_bits( size_t nbits, int level, int secure ) { return NULL;} + void set_random_seed_file( const char *name ) {} --- gnupg-1.4.11.orig/debian/patches/mips_gcc4.4.dpatch +++ gnupg-1.4.11/debian/patches/mips_gcc4.4.dpatch @@ -0,0 +1,50 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## mips_gcc4.4 by Werner Koch +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Build fails on mips(el) due to changes the removal +## DP: of the 'h' constraint for MIPS in gcc-4.4.x versions. +## DP: + +@DPATCH@ + +diff -Nur gnupg-1.4.11.orig/mpi/longlong.h gnupg-1.4.11/mpi/longlong.h +--- gnupg-1.4.11.orig/mpi/longlong.h 2010-06-01 13:01:46.000000000 +0200 ++++ gnupg-1.4.11/mpi/longlong.h 2010-10-28 22:01:19.000000000 +0200 +@@ -710,12 +710,13 @@ + ************** MIPS ***************** + ***************************************/ + #if defined (__mips__) && W_TYPE_SIZE == 32 +-#if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR >= 4 ) +-#define umul_ppmm(w1, w0, u, v) \ ++#if (__GNUC__ >= 5) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4) ++#define umul_ppmm(w1, w0, u, v) \ + do { \ +- UDItype __ll = (UDItype)(u) * (v); \ +- w1 = __ll >> 32; \ +- w0 = __ll; \ ++ UDItype _r; \ ++ _r = (UDItype) u * v; \ ++ (w1) = _r >> 32; \ ++ (w0) = (USItype) _r; \ + } while (0) + #elif __GNUC__ > 2 || __GNUC_MINOR__ >= 7 + #define umul_ppmm(w1, w0, u, v) \ +@@ -742,7 +743,16 @@ + ************** MIPS/64 ************** + ***************************************/ + #if (defined (__mips) && __mips >= 3) && W_TYPE_SIZE == 64 +-#if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 ++# if (__GNUC__ >= 5) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4) ++ typedef unsigned int UTItype __attribute__ ((mode (TI))); ++ # define umul_ppmm(w1, w0, u, v) \ ++ do { \ ++ UTItype _r; \ ++ _r = (UTItype) u * v; \ ++ (w1) = _r >> 64; \ ++ (w0) = (UDItype) _r; \ ++ } while (0) ++# elif if __GNUC__ > 2 || __GNUC_MINOR__ >= 7 + #define umul_ppmm(w1, w0, u, v) \ + __asm__ ("dmultu %2,%3" \ + : "=l" ((UDItype)(w0)), \ --- gnupg-1.4.11.orig/debian/patches/CVE-2013-4242.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2013-4242.dpatch @@ -0,0 +1,95 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2013-4242.dpatch by Seth Arnold +## +## All lines beginning with `## DP:' are a description of the patch. +# From: Werner Koch +# Date: Fri, 19 Jul 2013 11:49:23 +0000 (+0200) +# Subject: Mitigate a flush+reload cache attack on RSA secret exponents. +# X-Git-Tag: gnupg-1.4.14~5 +# X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=35646689f4b80955ff7dbe1687bf2c479c53421e;hp=fd86f3031161f11c3cbef643a213a04c821364dd +# +# Mitigate a flush+reload cache attack on RSA secret exponents. +# +# * mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents +# hold in secure memory. +# -- +# +# The attack is described in a paper to be pusblished at eprint.iacr.org: +# +# Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel +# Attack by Yuval Yarom and Katrina Falkner. 18 July 2013. +# +# Flush+Reload is a cache side-channel attack that monitors access to +# data in shared pages. In this paper we demonstrate how to use the +# attack to extract private encryption keys from GnuPG. The high +# resolution and low noise of the Flush+Reload attack enables a spy +# program to recover over 98% of the bits of the private key in a +# single decryption or signing round. Unlike previous attacks, the +# attack targets the last level L3 cache. Consequently, the spy +# program and the victim do not need to share the execution core of +# the CPU. The attack is not limited to a traditional OS and can be +# used in a virtualised environment, where it can attack programs +# executing in a different VM. +# +# Signed-off-by: Werner Koch + + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/NEWS gnupg-1.4.11/NEWS +--- gnupg-1.4.11~/NEWS 2010-10-18 01:49:28.000000000 -0700 ++++ gnupg-1.4.11/NEWS 2013-07-30 15:52:47.000000000 -0700 +@@ -5,6 +5,15 @@ + + * Minor changes for better interoperability with GnuPG-2. + ++ * Mitigate the Yarom/Falkner flush+reload side-channel attack on ++ RSA secret keys. ++ ++ * Fixed IDEA for big-endian CPUs ++ ++ * Improved the diagnostics for failed keyserver lockups. ++ ++ * Minor bug and portability fixes. ++ + + Noteworthy changes in version 1.4.10 (2009-09-02) + ------------------------------------------------- +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/NEWS.orig gnupg-1.4.11/NEWS.orig +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/mpi/mpi-pow.c gnupg-1.4.11/mpi/mpi-pow.c +--- gnupg-1.4.11~/mpi/mpi-pow.c 2008-12-11 08:39:43.000000000 -0800 ++++ gnupg-1.4.11/mpi/mpi-pow.c 2013-07-30 15:52:47.000000000 -0700 +@@ -1,5 +1,6 @@ + /* mpi-pow.c - MPI functions +- * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc. ++ * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc. ++ * Copyright (C) 2013 Werner Koch + * + * This file is part of GnuPG. + * +@@ -210,7 +211,14 @@ + tp = rp; rp = xp; xp = tp; + rsize = xsize; + +- if( (mpi_limb_signed_t)e < 0 ) { ++ /* To mitigate the Yarom/Falkner flush+reload cache ++ * side-channel attack on the RSA secret exponent, we ++ * do the multiplication regardless of the value of ++ * the high-bit of E. But to avoid this performance ++ * penalty we do it only if the exponent has been ++ * stored in secure memory and we can thus assume it ++ * is a secret exponent. */ ++ if (esec || (mpi_limb_signed_t)e < 0) { + /*mpihelp_mul( xp, rp, rsize, bp, bsize );*/ + if( bsize < KARATSUBA_THRESHOLD ) { + mpihelp_mul( xp, rp, rsize, bp, bsize ); +@@ -225,7 +233,8 @@ + mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize); + xsize = msize; + } +- ++ } ++ if ((mpi_limb_signed_t)e < 0) { + tp = rp; rp = xp; xp = tp; + rsize = xsize; + } +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/mpi/mpi-pow.c.orig gnupg-1.4.11/mpi/mpi-pow.c.orig --- gnupg-1.4.11.orig/debian/patches/CVE-2013-4351.dpatch +++ gnupg-1.4.11/debian/patches/CVE-2013-4351.dpatch @@ -0,0 +1,54 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +# Description: fix incorrect no-usage-permitted flag handling +# Origin: backported from GnuPG 1.4.15 +# Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722722 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/getkey.c gnupg-1.4.11/g10/getkey.c +--- gnupg-1.4.11~/g10/getkey.c 2009-05-06 04:01:47.000000000 -0400 ++++ gnupg-1.4.11/g10/getkey.c 2013-10-08 07:49:41.520606451 -0400 +@@ -1452,13 +1452,19 @@ + + if(flags) + key_usage |= PUBKEY_USAGE_UNKNOWN; ++ ++ if (!key_usage) ++ key_usage |= PUBKEY_USAGE_NONE; + } ++ else if (p) /* Key flags of length zero. */ ++ key_usage |= PUBKEY_USAGE_NONE; + + /* We set PUBKEY_USAGE_UNKNOWN to indicate that this key has a + capability that we do not handle. This serves to distinguish + between a zero key usage which we handle as the default + capabilities for that algorithm, and a usage that we do not +- handle. */ ++ handle. Likewise we use PUBKEY_USAGE_NONE to indicate that ++ key_flags have been given but they do not specify any usage. */ + + return key_usage; + } +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/g10/keygen.c gnupg-1.4.11/g10/keygen.c +--- gnupg-1.4.11~/g10/keygen.c 2010-02-17 03:58:43.000000000 -0500 ++++ gnupg-1.4.11/g10/keygen.c 2013-10-08 07:49:41.520606451 -0400 +@@ -210,9 +210,6 @@ + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + +- if (!buf[0]) +- return; +- + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); + } + +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' gnupg-1.4.11~/include/cipher.h gnupg-1.4.11/include/cipher.h +--- gnupg-1.4.11~/include/cipher.h 2008-12-11 11:39:58.000000000 -0500 ++++ gnupg-1.4.11/include/cipher.h 2013-10-08 07:49:41.520606451 -0400 +@@ -54,6 +54,7 @@ + #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ + #define PUBKEY_USAGE_AUTH 8 /* key is good for authentication */ + #define PUBKEY_USAGE_UNKNOWN 128 /* key has an unknown usage bit */ ++#define PUBKEY_USAGE_NONE 256 /* No usage given. */ + + #define DIGEST_ALGO_MD5 1 + #define DIGEST_ALGO_SHA1 2