Package: gnupg / 1.4.18-6

Metadata

Package Version Patches format
gnupg 1.4.18-6 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_760273.patch | (download)

doc/gnupg1.info | 2 1 + 1 - 0 !
doc/gpg.texi | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---
fix_import_filter_regression.patch | (download)

g10/global.h | 1 1 + 0 - 0 !
g10/import.c | 20 10 + 10 - 0 !
g10/keyserver.c | 76 46 + 30 - 0 !
g10/main.h | 4 2 + 2 - 0 !
4 files changed, 59 insertions(+), 42 deletions(-)

---
Add build and runtime support for larger RSA key.patch | (download)

config.h.in | 3 3 + 0 - 0 !
configure | 26 26 + 0 - 0 !
configure.ac | 16 16 + 0 - 0 !
doc/gpg.texi | 9 9 + 0 - 0 !
g10/gpg.c | 22 21 + 1 - 0 !
g10/keygen.c | 5 3 + 2 - 0 !
g10/options.h | 1 1 + 0 - 0 !
7 files changed, 79 insertions(+), 3 deletions(-)

 [patch] gpg: add build and runtime support for larger rsa keys

* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732

0003 Update POT file.patch | (download)

po/gnupg.pot | 58 29 + 29 - 0 !
1 file changed, 29 insertions(+), 29 deletions(-)

 update pot file

Some strings positions (lines in files) changed, thus the comment
changes, but there is no actual (functional) change. The purpose is
only to ensure the .gmo files get rebuild.

0004 Update PO files.patch | (download)

po/be.po | 58 29 + 29 - 0 !
po/ca.po | 58 29 + 29 - 0 !
po/cs.po | 58 29 + 29 - 0 !
po/da.po | 58 29 + 29 - 0 !
po/de.po | 58 29 + 29 - 0 !
po/el.po | 58 29 + 29 - 0 !
po/en@boldquot.po | 70 35 + 35 - 0 !
po/en@quot.po | 58 29 + 29 - 0 !
po/eo.po | 58 29 + 29 - 0 !
po/es.po | 58 29 + 29 - 0 !
po/et.po | 58 29 + 29 - 0 !
po/fi.po | 58 29 + 29 - 0 !
po/fr.po | 58 29 + 29 - 0 !
po/gl.po | 58 29 + 29 - 0 !
po/hu.po | 58 29 + 29 - 0 !
po/id.po | 58 29 + 29 - 0 !
po/it.po | 58 29 + 29 - 0 !
po/ja.po | 58 29 + 29 - 0 !
po/nb.po | 58 29 + 29 - 0 !
po/nl.po | 58 29 + 29 - 0 !
po/pl.po | 58 29 + 29 - 0 !
po/pt.po | 58 29 + 29 - 0 !
po/pt_BR.po | 58 29 + 29 - 0 !
po/ro.po | 58 29 + 29 - 0 !
po/ru.po | 58 29 + 29 - 0 !
po/sk.po | 58 29 + 29 - 0 !
po/sv.po | 58 29 + 29 - 0 !
po/tr.po | 58 29 + 29 - 0 !
po/uk.po | 58 29 + 29 - 0 !
po/zh_CN.po | 58 29 + 29 - 0 !
po/zh_TW.po | 58 29 + 29 - 0 !
31 files changed, 905 insertions(+), 905 deletions(-)

 update po files

Follow up of the POT change: only comment noise.

0005 Update French translation.patch | (download)

po/fr.po | 142 70 + 72 - 0 !
1 file changed, 70 insertions(+), 72 deletions(-)

 update french translation

0006 Update Danish translation.patch | (download)

po/da.po | 28 17 + 11 - 0 !
1 file changed, 17 insertions(+), 11 deletions(-)

 update danish translation

0007 Update Ukrainian translation.patch | (download)

po/uk.po | 24 14 + 10 - 0 !
1 file changed, 14 insertions(+), 10 deletions(-)

 update ukrainian translation

0008 Update Russian translation.patch | (download)

po/ru.po | 1684 837 + 847 - 0 !
1 file changed, 837 insertions(+), 847 deletions(-)

 update russian translation

0009 Update Chinese traditional translation.patch | (download)

po/zh_TW.po | 48 17 + 31 - 0 !
1 file changed, 17 insertions(+), 31 deletions(-)

 update chinese (traditional) translation

0010 Update Italian translation.patch | (download)

po/it.po | 4212 1637 + 2575 - 0 !
1 file changed, 1637 insertions(+), 2575 deletions(-)

 update italian translation

0011 Update Polish translation.patch | (download)

po/pl.po | 2298 1137 + 1161 - 0 !
1 file changed, 1137 insertions(+), 1161 deletions(-)

 update polish translation

0012 Update Spanish translation.patch | (download)

po/es.po | 2474 1248 + 1226 - 0 !
1 file changed, 1248 insertions(+), 1226 deletions(-)

 update spanish translation

0013 Update Dutch translation.patch | (download)

po/nl.po | 2876 1488 + 1388 - 0 !
1 file changed, 1488 insertions(+), 1388 deletions(-)

 update dutch translation

0014 Update Czech translation.patch | (download)

po/cs.po | 2951 1463 + 1488 - 0 !
1 file changed, 1463 insertions(+), 1488 deletions(-)

 update czech translation

0007 mpi Improve mpi_invm to detect bad input.patch | (download)

mpi/mpi-inv.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch 07/20] mpi: improve mpi_invm to detect bad input.

* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.
--

Without this patch the function may enter an endless loop.  This is a
backport from libgcrypt.

GnuPG-bug-id: 1713

0016 gpg Fix a NULL deref for invalid input data.patch | (download)

g10/mainproc.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 [patch 16/20] gpg: fix a null-deref for invalid input data.

* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)

0017 gpg Fix off by one read in the attribute subpacket p.patch | (download)

g10/parse-packet.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 [patch 17/20] gpg: fix off-by-one read in the attribute subpacket
 parser.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 0988764397f99db4efef1eabcdb8072d6159af76)

0018 gpg Fix use of uninit.value in listing sig subpkts.patch | (download)

g10/parse-packet.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 [patch 18/20] gpg: fix use of uninit.value in listing sig subpkts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)

0015 gpg Make the use of verify FILE for detached sigs ha.patch | (download)

doc/gpg.texi | 27 17 + 10 - 0 !
g10/main.h | 1 1 + 0 - 0 !
g10/mainproc.c | 38 38 + 0 - 0 !
g10/openfile.c | 89 59 + 30 - 0 !
g10/plaintext.c | 21 14 + 7 - 0 !
5 files changed, 129 insertions(+), 47 deletions(-)

 [patch 15/20] gpg: make the use of "--verify file" for detached sigs
 harder.

* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)

Updated doc/gpg.texi.

sync docs with upstream.patch | (download)

doc/Makefile.am | 16 3 + 13 - 0 !
doc/gpg.texi | 384 80 + 304 - 0 !
doc/yat2m.c | 102 99 + 3 - 0 !
3 files changed, 182 insertions(+), 320 deletions(-)

---