Package: gnupg2 / 2.2.13-1

Metadata

Package Version Patches format
gnupg2 2.2.13-1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian packaging/avoid beta warning.patch | (download)

autogen.sh | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 avoid-beta-warning

avoid self-describing as a beta

Using autoreconf against the source as distributed in tarball form
invariably results in a package that thinks it's a "beta" package,
which produces the "THIS IS A DEVELOPMENT VERSION" warning string.

since we use dh_autoreconf, i need this patch to avoid producing
builds that announce themselves as DEVELOPMENT VERSIONs.

See discussion at:

 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html

debian packaging/avoid regenerating defsincdate use shipped file.patch | (download)

doc/Makefile.am | 7 0 + 7 - 0 !
1 file changed, 7 deletions(-)

 avoid regenerating defsincdate (use shipped file)

upstream ships doc/defsincdate in its tarballs.  but doc/Makefile.am
tries to rewrite doc/defsincdate if it notices that any of the files
have been modified more recently, and it does so assuming that we're
running from a git repo.

However, we'd rather ship the documents cleanly without regenerating
defsincdate -- we don't have a git repo available (debian builds from
upstream tarballs) and any changes to the texinfo files (e.g. from
block ptrace on secret daemons/Avoid simple memory dumps via ptrace.patch | (download)

agent/gpg-agent.c | 8 8 + 0 - 0 !
configure.ac | 2 1 + 1 - 0 !
scd/scdaemon.c | 9 9 + 0 - 0 !
3 files changed, 18 insertions(+), 1 deletion(-)

 avoid simple memory dumps via ptrace

This avoids needing to setgid gpg-agent.  It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one.  If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

 * launch the agent from gdb directly
 * connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

dirmngr idling/dirmngr hkp Avoid potential race condition when some.patch | (download)

dirmngr/ks-engine-hkp.c | 23 10 + 13 - 0 !
1 file changed, 10 insertions(+), 13 deletions(-)

 dirmngr: hkp: avoid potential race condition when some hosts die.

* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.

--

Multiple threads may write to hosttable[x]->dead while
select_random_host() is running.  For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.

If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.

This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.

As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.

However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block.  Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

dirmngr idling/dirmngr Avoid need for hkp housekeeping.patch | (download)

dirmngr/dirmngr.c | 3 0 + 3 - 0 !
dirmngr/dirmngr.h | 1 0 + 1 - 0 !
dirmngr/ks-engine-hkp.c | 72 35 + 37 - 0 !
3 files changed, 35 insertions(+), 41 deletions(-)

 dirmngr: avoid need for hkp housekeeping.

* dirmngr/ks-engine-hkp.c (host_is_alive): New function.  Test whether
host is alive and resurrects it if it has been dead long enough.
(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive
instead of testing hostinfo_t->dead directly.
(ks_hkp_housekeeping): Remove function, no longer needed.
* dirmngr/dirmngr.c (housekeeping_thread): Remove call to
ks_hkp_housekeeping.

--

Rather than resurrecting hosts upon scheduled resurrection times, test
whether hosts should be resurrected as they're inspected for being
dead.  This removes the need for explicit housekeeping, and makes host
resurrections happen "just in time", rather than being clustered on
HOUSEKEEPING_INTERVAL seconds.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

dirmngr idling/dirmngr Avoid automatically checking upstream swdb.patch | (download)

dirmngr/dirmngr.c | 2 0 + 2 - 0 !
doc/dirmngr.texi | 7 4 + 3 - 0 !
2 files changed, 4 insertions(+), 5 deletions(-)

 dirmngr: avoid automatically checking upstream swdb.

* dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically
checking upstream's software database.  In Debian, software updates
should be handled by the distro mechanism, and additional upstream
checks only confuse the user.
* doc/dirmngr.texi: document that --allow-version-check does nothing.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

gpg agent idling/agent Create framework of scheduled timers.patch | (download)

agent/gpg-agent.c | 84 57 + 27 - 0 !
1 file changed, 57 insertions(+), 27 deletions(-)

 agent: create framework of scheduled timers.

agent/gpg-agent.c (handle_tick): Remove intermittent call to
check_own_socket.
(tv_is_set): Add inline helper function for readability.
(handle_connections) Create general table of pending scheduled
timeouts.

--

handle_tick() does fine-grained, rapid activity.  check_own_socket()
gpg agent idling/agent Allow threads to interrupt main select loop wi.patch | (download)

agent/agent.h | 1 1 + 0 - 0 !
agent/gpg-agent.c | 18 17 + 1 - 0 !
2 files changed, 18 insertions(+), 1 deletion(-)

 agent: allow threads to interrupt main select loop with sigcont.

* agent/gpg-agent.c (interrupt_main_thread_loop): New function on
non-windows platforms, allows other threads to interrupt the main loop
if there's something that the main loop might be interested in.

--

For example, the main loop might be interested in changes in program
state that affect the timers it expects to see.

I don't know how to do this on Windows platforms, but i welcome any
proposed improvements.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

gpg agent idling/agent Avoid tight timer tick when possible.patch | (download)

agent/call-scd.c | 2 2 + 0 - 0 !
agent/gpg-agent.c | 29 27 + 2 - 0 !
2 files changed, 29 insertions(+), 2 deletions(-)

 agent: avoid tight timer tick when possible.

* agent/gpg-agent.c (need_tick): Evaluate whether the short-phase
handle_tick() is needed.
(handle_connections): On each cycle of the select loop, adjust whether
we should call handle_tick() or not.
(start_connection_thread_ssh, do_start_connection_thread): Signal the
main loop when the child terminates.
* agent/call-scd.c (start_scd): Call interrupt_main_thread_loop() once
the scdaemon thread context has started up.

--

With this change, an idle gpg-agent that has no scdaemon running only
wakes up once a minute (to check_own_socket).

Thanks to Ian Jackson and NIIBE Yutaka who helped me improve some of
the blocking and corner cases.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

gpg agent idling/agent Avoid scheduled checks on socket when inotify .patch | (download)

agent/gpg-agent.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 agent: avoid scheduled checks on socket when inotify is working.

* agent/gpg-agent.c (handle_connections): When inotify is working, we
do not need to schedule a timer to evaluate whether we control our own
socket or not.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

from master/gpgsm default to 3072 bit keys.patch | (download)

doc/gpgsm.texi | 2 1 + 1 - 0 !
doc/howto-create-a-server-cert.texi | 14 7 + 7 - 0 !
sm/certreqgen-ui.c | 2 1 + 1 - 0 !
sm/certreqgen.c | 4 2 + 2 - 0 !
sm/gpgsm.c | 2 1 + 1 - 0 !
5 files changed, 12 insertions(+), 12 deletions(-)

 gpgsm: default to 3072-bit keys.

* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

(cherry picked from commit 7955262151a5c755814dd23414e6804f79125355)

from master/gpg default to 3072 bit RSA keys.patch | (download)

agent/command.c | 2 1 + 1 - 0 !
doc/wks.texi | 4 2 + 2 - 0 !
g10/keygen.c | 9 4 + 5 - 0 !
g10/keyid.c | 4 2 + 2 - 0 !
4 files changed, 9 insertions(+), 10 deletions(-)

 gpg: default to 3072-bit rsa keys.

* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c)

from master/gpg default to AES 256.patch | (download)

g10/main.h | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 gpg: default to aes-256.

* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)

from master/common Fix gnupg_wait_processes.patch | (download)

common/exechelp-posix.c | 50 26 + 24 - 0 !
1 file changed, 26 insertions(+), 24 deletions(-)

 common: fix gnupg_wait_processes.

* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.

--

The value stored by waitpid for exit code is encoded;  It requires
decoded by WEXITSTATUS macro, regardless of an error.

For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d)

from master/scd Distinguish cancel by user and protocol error.patch | (download)

scd/apdu.c | 3 2 + 1 - 0 !
scd/apdu.h | 3 2 + 1 - 0 !
scd/iso7816.c | 3 2 + 1 - 0 !
3 files changed, 6 insertions(+), 3 deletions(-)

 scd: distinguish cancel by user and protocol error.

* scd/apdu.h (SW_HOST_CANCELLED): New.
* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 2396055c096884d521c26b76f26263a146207c24)

from master/agent Fix cancellation handling for scdaemon.patch | (download)

agent/call-scd.c | 41 0 + 41 - 0 !
1 file changed, 41 deletions(-)

 agent: fix cancellation handling for scdaemon.

* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.

--

Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact.  So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3)

update defaults/gpg Default to SHA 512 for all signature types on RS.patch | (download)

configure.ac | 2 1 + 1 - 0 !
g10/main.h | 2 1 + 1 - 0 !
g10/misc.c | 5 1 + 4 - 0 !
3 files changed, 3 insertions(+), 6 deletions(-)

 gpg: default to sha-512 for all signature types on rsa keys.

* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in
--gnupg mode (leave strict RFC and PGP modes alone).
* configure.ac: Do not allow disabling sha512.
* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512.

--

SHA512 is more performant on most 64-bit platforms than SHA256, and
offers a better security margin.  It is also widely implemented.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

update defaults/gpg Prefer SHA 512 and SHA 384 in personal digest.patch | (download)

g10/keygen.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 gpg: prefer sha-512 and sha-384 in personal-digest-preferences.

* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512
and SHA-384 by default.

--

In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the
defaults for --default-preference-list to advertise a preference for
SHA-512, without touching --personal-digest-preferences.  This makes
the same change for --personal-digest-preferences, since every modern
OpenPGP library supports them all.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

from master/gpg Fix comparison.patch | (download)

g10/gpgcompose.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 gpg: fix comparison.

* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
not one or fewer.

Signed-off-by: Neal H. Walfield <neal@walfield.org>
(cherry picked from commit 1ed21eee79749b976b4a935f2279b162634e9c5e)

show revocation cert/gpg Print revocation certificate details when showing wit.patch | (download)

g10/import.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 gpg: print revocation certificate details when showing with-colons.

* g10/import.c (import_revoke_cert): add options argument, and print
colon-delimited output for revocation certificate as requested.
--

I looked into trying to make this work with one of the functions in
g10/keylist.c, but i saw nothing that will accept a revocation
certificate on its own, so i'm replicating the functionality directly
in g10/import.c.  This is a bit unfortunate because the code for
describing a revocation cert now exists in two separate places, but
refactoring both list_keyblock_print() and list_keyblock_colon() in
g10/keylist.c seems like a much heavier lift.

GnuPG-Bug-id: 4018
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Make gpg zip use tar from PATH.patch | (download)

tools/gpg-zip.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make gpg-zip use tar from $path

Apparently there is no clean way to configure this from ./configure,
and upstream is deprecating gpg-zip anyway.  So just force-set tar to
be manually "tar" (meaning, that we should look in the $PATH at
runtime).

See also https://dev.gnupg.org/T4251 and https://bugs.debian.org/913582

fix spelling.patch | (download)

doc/tools.texi | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix spelling


po Correct a simple typo in the Norwegian translation.patch | (download)

po/nb.po | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 po: correct a simple typo in the norwegian translation

Signed-off-by: Ingvar Hagelund <ingvar@redpill-linpro.com>
(cherry picked from commit a09bba976d2f5694011a9291189a70a0f3c4caae)

gpgscm Build well even if NDEBUG defined.patch | (download)

tests/gpgscm/scheme.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 gpgscm: build well even if ndebug defined.

* gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
[!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.

--

Cherry icked from master commit of:
	e140c6d4f581be1a60a34b67b16430452f3987e8

In some build environment, NDEBUG is defined (although it's
bad practice).  This change supports such a situation.

GnuPG-bug-id: 3959
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 8161afb9dddaba839be92fbe9d85c05235eda825)

agent Fix for suggested Libgcrypt use.patch | (download)

agent/divert-scd.c | 17 16 + 1 - 0 !
1 file changed, 16 insertions(+), 1 deletion(-)

 agent: fix for suggested libgcrypt use.

* agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
--

The libgcrypt docs say that a "flags" parameter should always be used
in the input of pkdecrypt.  Thus we should allow that parameter also
when parsing an s-expression to figure out the algorithm for use with
scdaemon.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a12c3a566e2e4b10bc02976a2819070877ee895c)
(cherry picked from commit 0a95b153811f36739d1b20f23920bad0bb07c68b)

sm Fix certificate creation with key on card.patch | (download)

sm/certreqgen.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 sm: fix certificate creation with key on card.

* sm/certreqgen.c (create_request): Fix for certmode.
--

When using an existing key from a card for certificate signing (in
contrast to the default of generating a CSR), the code tried to use
the same key for signing instead of the Signing-Key parameter.  It is
perfectly okay to use the regular signing path via gpg-agent for
certificate creation - only self-signed certificates with a key on the
card require the direct use of the card key (via "SCD PKSIGN").

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c1000c673814e552923cf1361346d7dfeee55608)
(cherry picked from commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87)

scd Don t let the undefined app cause a conflict error.patch | (download)

scd/app.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 scd: don't let the "undefined" app cause a conflict error.

* scd/app.c (check_conflict): Ignore "undefined".

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)
(cherry picked from commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3)

sm Don t mark a cert as de vs compliant if it leads to SH.patch | (download)

sm/keylist.c | 15 12 + 3 - 0 !
1 file changed, 12 insertions(+), 3 deletions(-)

 sm: don't mark a cert as de-vs compliant if it leads to sha-1 sigs.

* sm/keylist.c (print_compliance_flags): Also check the digest_algo.
Add new arg 'cert'.
--

A certificate with algorithm sha1WithRSAEncryption can be de-vs
compliant (e.g. if the next in the chain used sha256WithRSAEncryption
to sign it and RSA is long enough) but flagging it as such is useless
because that certificate can't be used because it will create
signatures using the non-compliant SHA-1 algorithm.

Well, it could be used for encryption.  But also evaluating the
key-usage flags here would make it harder for the user to understand
why certain certificates are listed as de-vs compliant and others are
not.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 2c75af9f65d15653ed1bc191f1098ae316607041)

Reworked to also pass the CERT.  Note that 2.2 won't get the PK
Screening feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit be69bf0cbd11cb8c0d452e07066669aacc6caafa)