From 02fa899b93c8cf43da861f695e0b0769f2bd816e Mon Sep 17 00:00:00 2001 From: psykose Date: Sun, 15 Jan 2023 12:00:42 +0000 Subject: main/gnupg: upgrade to 2.4.0 --- .../0001-Include-sys-select.h-for-FD_SETSIZE.patch | 31 --- ...0110-avoid-simple-memory-dumps-via-ptrace.patch | 18 +- ...tential-race-condition-when-some-host-die.patch | 207 +++++++++++++++++- ...0-dirmngr-avoid-need-for-hkp-housekeeping.patch | 232 --------------------- main/gnupg/0320-gpg-default-to-aes256.patch | 37 ---- .../0410-make-gpg-zip-use-tar-from-path.patch | 29 --- ...ean-from-default-keyserver-import-options.patch | 24 +-- main/gnupg/APKBUILD | 37 ++-- 8 files changed, 244 insertions(+), 371 deletions(-) delete mode 100644 main/gnupg/0001-Include-sys-select.h-for-FD_SETSIZE.patch delete mode 100644 main/gnupg/0220-dirmngr-avoid-need-for-hkp-housekeeping.patch delete mode 100644 main/gnupg/0320-gpg-default-to-aes256.patch delete mode 100644 main/gnupg/0410-make-gpg-zip-use-tar-from-path.patch diff --git a/main/gnupg/0001-Include-sys-select.h-for-FD_SETSIZE.patch b/main/gnupg/0001-Include-sys-select.h-for-FD_SETSIZE.patch deleted file mode 100644 index a835f39278f..00000000000 --- a/main/gnupg/0001-Include-sys-select.h-for-FD_SETSIZE.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d2f3053e156a8dfc3e2e7f8fa814f671d851b26f Mon Sep 17 00:00:00 2001 -From: Natanael Copa -Date: Fri, 4 Jul 2014 08:15:21 +0000 -Subject: [PATCH] Include sys/select.h for FD_SETSIZE - -This fixes the following compile error with musl libc: -watchgnupg.c:225:18: error: 'FD_SETSIZE' undeclared (first use in this -function) - else if (fd >= FD_SETSIZE) - ^ - -Signed-off-by: Natanael Copa ---- - tools/watchgnupg.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c -index 4f4d54d..7aede22 100644 ---- a/tools/watchgnupg.c -+++ b/tools/watchgnupg.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - #include - #include - #include --- -2.0.1 - diff --git a/main/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch b/main/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch index 644b8a52837..35ab352c072 100644 --- a/main/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch +++ b/main/gnupg/0110-avoid-simple-memory-dumps-via-ptrace.patch @@ -24,10 +24,10 @@ Upstream bug: https://dev.gnupg.org/T1211 Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c -index b167c34..5afcf11 100644 +index 412eb43..1de989b 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c -@@ -50,6 +50,9 @@ +@@ -48,6 +48,9 @@ # include #endif #include @@ -37,7 +37,7 @@ index b167c34..5afcf11 100644 #define INCLUDED_BY_MAIN_MODULE 1 #define GNUPG_COMMON_NEED_AFLOCAL -@@ -1030,6 +1033,11 @@ main (int argc, char **argv ) +@@ -1095,6 +1098,11 @@ main (int argc, char **argv) early_system_init (); @@ -50,10 +50,10 @@ index b167c34..5afcf11 100644 file descriptors and the signal mask. This info is required to do the exec call properly. We don't need it on Windows. */ diff --git a/configure.ac b/configure.ac -index 7a2d410..2d8b050 100644 +index 099c6a8..4c9fcee 100644 --- a/configure.ac +++ b/configure.ac -@@ -1426,7 +1426,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \ +@@ -1419,7 +1419,7 @@ AC_CHECK_FUNCS([atexit canonicalize_file_name clock_gettime ctermid \ ftruncate funlockfile getaddrinfo getenv getpagesize \ getpwnam getpwuid getrlimit getrusage gettimeofday \ gmtime_r inet_ntop inet_pton isascii lstat memicmp \ @@ -63,7 +63,7 @@ index 7a2d410..2d8b050 100644 stat stpcpy strcasecmp strerror strftime stricmp \ strlwr strncasecmp strpbrk strsep strtol strtoul \ diff --git a/scd/scdaemon.c b/scd/scdaemon.c -index 5c519f8..cab66a0 100644 +index e43769f..2066543 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -37,6 +37,9 @@ @@ -76,8 +76,8 @@ index 5c519f8..cab66a0 100644 #define INCLUDED_BY_MAIN_MODULE 1 #define GNUPG_COMMON_NEED_AFLOCAL -@@ -446,6 +449,12 @@ main (int argc, char **argv ) - npth_t pipecon_handler; +@@ -462,6 +465,12 @@ main (int argc, char **argv ) + const char *application_priority = NULL; early_system_init (); + @@ -86,6 +86,6 @@ index 5c519f8..cab66a0 100644 + prctl(PR_SET_DUMPABLE, 0); +#endif + - set_strusage (my_strusage); + gpgrt_set_strusage (my_strusage); gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); /* Please note that we may running SUID(ROOT), so be very CAREFUL diff --git a/main/gnupg/0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch b/main/gnupg/0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch index 1aa79c6c387..32942e6f91f 100644 --- a/main/gnupg/0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch +++ b/main/gnupg/0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch @@ -1,3 +1,5 @@ +note: combination of previous 0210+0220 +-- From: Daniel Kahn Gillmor Date: Sat, 29 Oct 2016 01:25:05 -0400 Subject: dirmngr: hkp: Avoid potential race condition when some hosts die. @@ -37,11 +39,81 @@ Signed-off-by: Daniel Kahn Gillmor Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch +From: Daniel Kahn Gillmor +Date: Sat, 29 Oct 2016 02:00:50 -0400 +Subject: dirmngr: Avoid need for hkp housekeeping. + +* dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether +host is alive and resurrects it if it has been dead long enough. +(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive +instead of testing hostinfo_t->dead directly. +(ks_hkp_housekeeping): Remove function, no longer needed. +* dirmngr/dirmngr.c (housekeeping_thread): Remove call to +ks_hkp_housekeeping. + +-- + +Rather than resurrecting hosts upon scheduled resurrection times, test +whether hosts should be resurrected as they're inspected for being +dead. This removes the need for explicit housekeeping, and makes host +resurrections happen "just in time", rather than being clustered on +HOUSEKEEPING_INTERVAL seconds. + +According to 392e068e9f143d41f6350345619543cbcd47380f, +dns_stuff_housekeeping only works on Windows, so it also isn't +necessary in debian, but it remains in place for now. + +Signed-off-by: Daniel Kahn Gillmor +--- + dirmngr/dirmngr.c | 3 --- + dirmngr/dirmngr.h | 1 - + dirmngr/ks-engine-hkp.c | 72 ++++++++++++++++++++++++------------------------- + 3 files changed, 35 insertions(+), 41 deletions(-) + +Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch + +diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c +index 977e7dd..5017c3f 100644 +--- a/dirmngr/dirmngr.c ++++ b/dirmngr/dirmngr.c +@@ -2085,7 +2085,6 @@ housekeeping_thread (void *arg) + dirmngr_init_default_ctrl (&ctrlbuf); + + dns_stuff_housekeeping (); +- ks_hkp_housekeeping (curtime); + if (network_activity_seen) + { + network_activity_seen = 0; diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c -index 14859c7..d425363 100644 +index 5292da8..690b37d 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c -@@ -225,29 +225,26 @@ host_in_pool_p (hostinfo_t hi, int tblidx) +@@ -221,6 +221,24 @@ host_in_pool_p (hostinfo_t hi, int tblidx) + return 0; + } + ++static int ++host_is_alive (hostinfo_t hi, time_t curtime) ++{ ++ if (!hi) ++ return 0; ++ if (!hi->dead) ++ return 1; ++ if (!hi->died_at) ++ return 0; /* manually marked dead */ ++ if (hi->died_at + RESURRECT_INTERVAL <= curtime ++ || hi->died_at > curtime) ++ { ++ hi->dead = 0; ++ log_info ("resurrected host '%s'", hi->name); ++ return 1; ++ } ++ return 0; ++} + + /* Select a random host. Consult HI->pool which indices into the global + hosttable. Returns index into HI->pool or -1 if no host could be +@@ -228,32 +246,32 @@ host_in_pool_p (hostinfo_t hi, int tblidx) static int select_random_host (hostinfo_t hi) { @@ -50,6 +122,12 @@ index 14859c7..d425363 100644 + int *tbl = NULL; + size_t tblsize = 0; int pidx, idx; ++ time_t curtime; ++ ++ curtime = gnupg_get_time (); + + /* CHECKTHIS(); See */ + /* https://sources.debian.org/patches/gnupg2/2.2.20-1/dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch/ */ /* We create a new table so that we randomly select only from currently alive hosts. */ @@ -57,8 +135,9 @@ index 14859c7..d425363 100644 + for (idx = 0; idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; idx++) - if (hosttable[pidx] && !hosttable[pidx]->dead) +- if (hosttable[pidx] && !hosttable[pidx]->dead) - tblsize++; ++ if (hosttable[pidx] && host_is_alive (hosttable[pidx], curtime)) + { + tblsize++; + tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); @@ -81,3 +160,125 @@ index 14859c7..d425363 100644 if (tblsize == 1) /* Save a get_uint_nonce. */ pidx = tbl[0]; else +@@ -471,6 +489,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + int is_pool; + int new_hosts = 0; + char *cname; ++ time_t curtime; + + *r_host = NULL; + if (r_httpflags) +@@ -510,6 +529,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + } + else + hi = hosttable[idx]; ++ curtime = gnupg_get_time (); + + is_pool = hi->pool != NULL; + +@@ -616,7 +636,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + if (force_reselect) + hi->poolidx = -1; + else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size +- && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) ++ && hosttable[hi->poolidx] && !host_is_alive (hosttable[hi->poolidx], curtime)) + hi->poolidx = -1; + + /* Select a host if needed. */ +@@ -675,7 +695,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, + return gpg_error_from_syserror (); + } + +- if (hi->dead) ++ if (!host_is_alive (hi, curtime)) + { + log_error ("host '%s' marked as dead\n", hi->name); + if (r_httphost) +@@ -781,7 +801,8 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + { + gpg_error_t err = 0; + hostinfo_t hi, hi2; +- int idx, idx2, idx3, n; ++ int idx, idx2, idx3, n, is_alive; ++ time_t curtime; + + if (!name || !*name || !strcmp (name, "localhost")) + return 0; +@@ -796,13 +817,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + goto leave; + } + ++ curtime = gnupg_get_time (); + hi = hosttable[idx]; +- if (alive && hi->dead) ++ is_alive = host_is_alive (hi, curtime); ++ if (alive && !is_alive) + { + hi->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", name); + } +- else if (!alive && !hi->dead) ++ else if (!alive && is_alive) + { + hi->dead = 1; + hi->died_at = 0; /* Manually set dead. */ +@@ -836,14 +859,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) + + hi2 = hosttable[n]; + if (!hi2) +- ; +- else if (alive && hi2->dead) ++ continue; ++ is_alive = host_is_alive (hi2, curtime); ++ if (alive && !is_alive) + { + hi2->dead = 0; + err = ks_printf_help (ctrl, "marking '%s' as alive", + hi2->name); + } +- else if (!alive && !hi2->dead) ++ else if (!alive && is_alive) + { + hi2->dead = 1; + hi2->died_at = 0; /* Manually set dead. */ +@@ -1149,40 +1173,6 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri) + } + + +-/* Housekeeping function called from the housekeeping thread. It is +- used to mark dead hosts alive so that they may be tried again after +- some time. */ +-void +-ks_hkp_housekeeping (time_t curtime) +-{ +- int idx; +- hostinfo_t hi; +- +- if (npth_mutex_lock (&hosttable_lock)) +- log_fatal ("failed to acquire mutex\n"); +- +- for (idx=0; idx < hosttable_size; idx++) +- { +- hi = hosttable[idx]; +- if (!hi) +- continue; +- if (!hi->dead) +- continue; +- if (!hi->died_at) +- continue; /* Do not resurrect manually shot hosts. */ +- if (hi->died_at + RESURRECT_INTERVAL <= curtime +- || hi->died_at > curtime) +- { +- hi->dead = 0; +- log_info ("resurrected host '%s'", hi->name); +- } +- } +- +- if (npth_mutex_unlock (&hosttable_lock)) +- log_fatal ("failed to release mutex\n"); +-} +- +- + /* Reload (SIGHUP) action for this module. We mark all host alive + * even those which have been manually shot. */ + void diff --git a/main/gnupg/0220-dirmngr-avoid-need-for-hkp-housekeeping.patch b/main/gnupg/0220-dirmngr-avoid-need-for-hkp-housekeeping.patch deleted file mode 100644 index 0e125fd9b9f..00000000000 --- a/main/gnupg/0220-dirmngr-avoid-need-for-hkp-housekeeping.patch +++ /dev/null @@ -1,232 +0,0 @@ -From: Daniel Kahn Gillmor -Date: Sat, 29 Oct 2016 02:00:50 -0400 -Subject: dirmngr: Avoid need for hkp housekeeping. - -* dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether -host is alive and resurrects it if it has been dead long enough. -(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive -instead of testing hostinfo_t->dead directly. -(ks_hkp_housekeeping): Remove function, no longer needed. -* dirmngr/dirmngr.c (housekeeping_thread): Remove call to -ks_hkp_housekeeping. - --- - -Rather than resurrecting hosts upon scheduled resurrection times, test -whether hosts should be resurrected as they're inspected for being -dead. This removes the need for explicit housekeeping, and makes host -resurrections happen "just in time", rather than being clustered on -HOUSEKEEPING_INTERVAL seconds. - -According to 392e068e9f143d41f6350345619543cbcd47380f, -dns_stuff_housekeeping only works on Windows, so it also isn't -necessary in debian, but it remains in place for now. - -Signed-off-by: Daniel Kahn Gillmor ---- - dirmngr/dirmngr.c | 3 --- - dirmngr/dirmngr.h | 1 - - dirmngr/ks-engine-hkp.c | 72 ++++++++++++++++++++++++------------------------- - 3 files changed, 35 insertions(+), 41 deletions(-) - -Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch - -diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c -index ae967dd..89eea4e 100644 ---- a/dirmngr/dirmngr.c -+++ b/dirmngr/dirmngr.c -@@ -1935,12 +1935,10 @@ static void * - housekeeping_thread (void *arg) - { - static int sentinel; -- time_t curtime; - struct server_control_s ctrlbuf; - - (void)arg; - -- curtime = gnupg_get_time (); - if (sentinel) - { - log_info ("housekeeping is already going on\n"); -@@ -1954,7 +1952,6 @@ housekeeping_thread (void *arg) - dirmngr_init_default_ctrl (&ctrlbuf); - - dns_stuff_housekeeping (); -- ks_hkp_housekeeping (curtime); - if (network_activity_seen) - { - network_activity_seen = 0; -diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h -index 1b52a1d..4afc19b 100644 ---- a/dirmngr/dirmngr.h -+++ b/dirmngr/dirmngr.h -@@ -217,7 +217,6 @@ const char* dirmngr_get_current_socket_name (void); - int dirmngr_use_tor (void); - - /*-- Various housekeeping functions. --*/ --void ks_hkp_housekeeping (time_t curtime); - void ks_hkp_reload (void); - - -diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c -index d425363..c50681d 100644 ---- a/dirmngr/ks-engine-hkp.c -+++ b/dirmngr/ks-engine-hkp.c -@@ -218,6 +218,24 @@ host_in_pool_p (hostinfo_t hi, int tblidx) - return 0; - } - -+static int -+host_is_alive (hostinfo_t hi, time_t curtime) -+{ -+ if (!hi) -+ return 0; -+ if (!hi->dead) -+ return 1; -+ if (!hi->died_at) -+ return 0; /* manually marked dead */ -+ if (hi->died_at + RESURRECT_INTERVAL <= curtime -+ || hi->died_at > curtime) -+ { -+ hi->dead = 0; -+ log_info ("resurrected host '%s'", hi->name); -+ return 1; -+ } -+ return 0; -+} - - /* Select a random host. Consult HI->pool which indices into the global - hosttable. Returns index into HI->pool or -1 if no host could be -@@ -228,13 +246,15 @@ select_random_host (hostinfo_t hi) - int *tbl = NULL; - size_t tblsize = 0; - int pidx, idx; -+ time_t curtime; - -+ curtime = gnupg_get_time (); - /* We create a new table so that we randomly select only from - currently alive hosts. */ - for (idx = 0; - idx < hi->pool_len && (pidx = hi->pool[idx]) != -1; - idx++) -- if (hosttable[pidx] && !hosttable[pidx]->dead) -+ if (hosttable[pidx] && host_is_alive (hosttable[pidx], curtime)) - { - tblsize++; - tbl = xtryrealloc(tbl, tblsize * sizeof *tbl); -@@ -462,6 +482,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, - int is_pool; - int new_hosts = 0; - char *cname; -+ time_t curtime; - - *r_host = NULL; - if (r_httpflags) -@@ -501,6 +522,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, - } - else - hi = hosttable[idx]; -+ curtime = gnupg_get_time (); - - is_pool = hi->pool != NULL; - -@@ -607,7 +629,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, - if (force_reselect) - hi->poolidx = -1; - else if (hi->poolidx >= 0 && hi->poolidx < hosttable_size -- && hosttable[hi->poolidx] && hosttable[hi->poolidx]->dead) -+ && hosttable[hi->poolidx] && !host_is_alive (hosttable[hi->poolidx], curtime)) - hi->poolidx = -1; - - /* Select a host if needed. */ -@@ -665,7 +687,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect, - return gpg_error_from_syserror (); - } - -- if (hi->dead) -+ if (!host_is_alive (hi, curtime)) - { - log_error ("host '%s' marked as dead\n", hi->name); - if (r_httphost) -@@ -770,7 +792,8 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) - { - gpg_error_t err = 0; - hostinfo_t hi, hi2; -- int idx, idx2, idx3, n; -+ int idx, idx2, idx3, n, is_alive; -+ time_t curtime; - - if (!name || !*name || !strcmp (name, "localhost")) - return 0; -@@ -779,13 +802,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) - if (idx == -1) - return gpg_error (GPG_ERR_NOT_FOUND); - -+ curtime = gnupg_get_time (); - hi = hosttable[idx]; -- if (alive && hi->dead) -+ is_alive = host_is_alive (hi, curtime); -+ if (alive && !is_alive) - { - hi->dead = 0; - err = ks_printf_help (ctrl, "marking '%s' as alive", name); - } -- else if (!alive && !hi->dead) -+ else if (!alive && is_alive) - { - hi->dead = 1; - hi->died_at = 0; /* Manually set dead. */ -@@ -819,14 +844,15 @@ ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive) - - hi2 = hosttable[n]; - if (!hi2) -- ; -- else if (alive && hi2->dead) -+ continue; -+ is_alive = host_is_alive (hi2, curtime); -+ if (alive && !is_alive) - { - hi2->dead = 0; - err = ks_printf_help (ctrl, "marking '%s' as alive", - hi2->name); - } -- else if (!alive && !hi2->dead) -+ else if (!alive && is_alive) - { - hi2->dead = 1; - hi2->died_at = 0; /* Manually set dead. */ -@@ -1112,34 +1138,6 @@ ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri) - } - - --/* Housekeeping function called from the housekeeping thread. It is -- used to mark dead hosts alive so that they may be tried again after -- some time. */ --void --ks_hkp_housekeeping (time_t curtime) --{ -- int idx; -- hostinfo_t hi; -- -- for (idx=0; idx < hosttable_size; idx++) -- { -- hi = hosttable[idx]; -- if (!hi) -- continue; -- if (!hi->dead) -- continue; -- if (!hi->died_at) -- continue; /* Do not resurrect manually shot hosts. */ -- if (hi->died_at + RESURRECT_INTERVAL <= curtime -- || hi->died_at > curtime) -- { -- hi->dead = 0; -- log_info ("resurrected host '%s'", hi->name); -- } -- } --} -- -- - /* Reload (SIGHUP) action for this module. We mark all host alive - * even those which have been manually shot. */ - void diff --git a/main/gnupg/0320-gpg-default-to-aes256.patch b/main/gnupg/0320-gpg-default-to-aes256.patch deleted file mode 100644 index 2d9a90fe375..00000000000 --- a/main/gnupg/0320-gpg-default-to-aes256.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Daniel Kahn Gillmor -Date: Thu, 7 Sep 2017 19:04:00 -0400 -Subject: gpg: default to AES-256. - -* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default. - --- - -It's 2017, and pretty much everyone has AES-256 available. Symmetric -crypto is also rarely the bottleneck (asymmetric crypto is much more -expensive). AES-256 provides some level of protection against -large-scale decryption efforts, and longer key lengths provide a hedge -against unforseen cryptanalysis. - -Signed-off-by: Daniel Kahn Gillmor -(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa) ---- - g10/main.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/from-master/gpg-default-to-AES-256.patch - -diff --git a/g10/main.h b/g10/main.h -index 68360e2..1983e42 100644 ---- a/g10/main.h -+++ b/g10/main.h -@@ -31,7 +31,9 @@ - (i.e. uncompressed) rather than 1 (zip). However, the real world - issues of speed and size come into play here. */ - --#if GPG_USE_AES128 -+#if GPG_USE_AES256 -+# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256 -+#elif GPG_USE_AES128 - # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES - #elif GPG_USE_CAST5 - # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 diff --git a/main/gnupg/0410-make-gpg-zip-use-tar-from-path.patch b/main/gnupg/0410-make-gpg-zip-use-tar-from-path.patch deleted file mode 100644 index b0d619e9cdd..00000000000 --- a/main/gnupg/0410-make-gpg-zip-use-tar-from-path.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Daniel Kahn Gillmor -Date: Sun, 18 Nov 2018 17:29:52 -0500 -Subject: Make gpg-zip use tar from $PATH - -Apparently there is no clean way to configure this from ./configure, -and upstream is deprecating gpg-zip anyway. So just force-set tar to -be manually "tar" (meaning, that we should look in the $PATH at -runtime). - -See also https://dev.gnupg.org/T4251 and https://bugs.debian.org/913582 ---- - tools/gpg-zip.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/Make-gpg-zip-use-tar-from-PATH.patch - -diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in -index 9047e36..3821f3a 100644 ---- a/tools/gpg-zip.in -+++ b/tools/gpg-zip.in -@@ -23,7 +23,7 @@ - # the GNU or POSIX variant of USTAR. - - VERSION=@VERSION@ --TAR=@TAR@ -+TAR=tar - GPG=gpg - - usage="\ diff --git a/main/gnupg/0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch b/main/gnupg/0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch index 46f23160ef6..26098e791fd 100644 --- a/main/gnupg/0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch +++ b/main/gnupg/0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch @@ -23,29 +23,29 @@ Signed-off-by: Daniel Kahn Gillmor Patch-Source: https://sources.debian.org/data/main/g/gnupg2/2.2.27-2/debian/patches/gpg-drop-import-clean-from-default-keyserver-import-optio.patch diff --git a/doc/gpg.texi b/doc/gpg.texi -index 7b603d7..104318a 100644 +index 804ecf9..b238278 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi -@@ -1982,7 +1982,7 @@ are available for all keyserver types, some common options are: +@@ -2047,7 +2047,7 @@ are available for all keyserver types, some common options are: @end table -The default list of options is: "self-sigs-only, import-clean, +The default list of options is: "self-sigs-only, - repair-keys, repair-pks-subkey-bug, export-attributes, - honor-pka-record". - + repair-keys, repair-pks-subkey-bug, export-attributes". However, if + the actual used source is an LDAP server "no-self-sigs-only" is + assumed unless "self-sigs-only" has been explicitly configured. diff --git a/g10/gpg.c b/g10/gpg.c -index 6b44cfb..caa0487 100644 +index 68c0454..205de60 100644 --- a/g10/gpg.c +++ b/g10/gpg.c -@@ -2348,8 +2348,7 @@ main (int argc, char **argv) - opt.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +@@ -2441,8 +2441,7 @@ main (int argc, char **argv) | IMPORT_REPAIR_PKS_SUBKEY_BUG -- | IMPORT_SELF_SIGS_ONLY + | IMPORT_SELF_SIGS_ONLY + | IMPORT_COLLAPSE_UIDS +- | IMPORT_COLLAPSE_SUBKEYS - | IMPORT_CLEAN); -+ | IMPORT_SELF_SIGS_ONLY); ++ | IMPORT_COLLAPSE_SUBKEYS); opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.keyserver_options.options = 0; opt.verify_options = (LIST_SHOW_UID_VALIDITY diff --git a/main/gnupg/APKBUILD b/main/gnupg/APKBUILD index 9e537cb59a6..8896128d669 100644 --- a/main/gnupg/APKBUILD +++ b/main/gnupg/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa pkgname=gnupg # Upgrade to LTS versions only. -pkgver=2.2.41 +pkgver=2.4.0 _ver=${pkgver/_beta/-beta} pkgrel=0 pkgdesc="GNU Privacy Guard 2 - meta package for full GnuPG suite" @@ -45,6 +45,7 @@ subpackages=" $pkgname-dirmngr $pkgname-gpgconf $pkgname-scdaemon + $pkgname-keyboxd $pkgname-wks-client:_wks_client gpg gpg-agent:_agent @@ -54,18 +55,13 @@ subpackages=" $pkgname-utils " source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2 - 0001-Include-sys-select.h-for-FD_SETSIZE.patch 0010-avoid-beta-warning.patch 0020-avoid-regenerating-defsincdate-use-shipped-file.patch 0110-avoid-simple-memory-dumps-via-ptrace.patch 0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch - 0220-dirmngr-avoid-need-for-hkp-housekeeping.patch 0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch - 0310-gpg-default-to-3072-bit-keys.patch - 0320-gpg-default-to-aes256.patch 0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch 0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch - 0410-make-gpg-zip-use-tar-from-path.patch 0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch fix-i18n.patch 60-scdaemon.rules @@ -84,6 +80,9 @@ source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2 prepare() { default_prepare + # tries to mkdir -p setup.scm/tests but this is a file? + rm tests/gpgme/setup.scm + autoreconf -vif } @@ -111,7 +110,6 @@ check() { package() { make DESTDIR="$pkgdir" install - install -m755 tools/gpg-zip "$pkgdir"/usr/bin/gpg-zip install -Dm644 -t "$pkgdir"/lib/udev/rules.d/ "$srcdir"/60-scdaemon.rules cd "$pkgdir" @@ -199,7 +197,7 @@ lang() { } scdaemon() { - pkgdesc="GNU Privacy Guard 2 - smart card support" + pkgdesc="GNU Privacy Guard 2 - smart card support daemon" depends="gpg-agent=$pkgver-r$pkgrel" replaces="$pkgname" # for backward compatibility @@ -212,6 +210,7 @@ _wks_client() { depends="gpg=$pkgver-r$pkgrel gpg-agent=$pkgver-r$pkgrel $pkgname-dirmngr=$pkgver-r$pkgrel" replaces="$pkgname" # for backward compatibility + amove usr/bin/gpg-wks-client amove usr/libexec/gpg-wks-client } @@ -223,31 +222,33 @@ _wks_server() { amove usr/bin/gpg-wks-server } +keyboxd() { + pkgdesc="GNU Privacy Guard 2 - keyboxd manager" + depends="" + + amove usr/libexec/keyboxd +} + # Must be the last! utils() { pkgdesc="GNU Privacy Guard 2 - utility programs" depends="" replaces="$pkgname" # for backward compatibility - provider_priority=100 # highest (other provider of cmd:gpg-zip cmd:gpgsplit is gnupg1) + provider_priority=100 # highest (other provider of cmd:gpgsplit is gnupg1) amove usr/* } sha512sums=" -f472e5058ea9881355f0c754a47acd0b5360c36e8976b8563dbc763a7cef792bf88227cc15fe5172d3e9bb9fc34d8448dd5c183949031e91a1997cc7f0f83b55 gnupg-2.2.41.tar.bz2 -c6cc4595081c5b025913fa3ebecf0dff87a84f3c669e3fef106e4fa040f1d4314ee52dd4c0e0002b213034fb0810221cfdd0033eae5349b6e3978f05d08bcac7 0001-Include-sys-select.h-for-FD_SETSIZE.patch +094d631130d4dfe4421cc5e715eaec1888d0b4b764f1be9287be86cbc34430313211739d5481b34e9b59021d05cdbae8a87a1007031cc4dc6213045984a8559a gnupg-2.4.0.tar.bz2 0e2aef4ae5c43c43efe2c914534d73f8f7068b49b5826b1f999296c30395497c4af121e4e99152ff7b43dcf56d1792cd46aea5158ca48597d6e0fca6d7358711 0010-avoid-beta-warning.patch 18004e52925b1f03e67a29a3d43b39e8119cf3426cdad4136824b932ad906ac499b4ceb3d7573177a9f16410d3b80c8f0e4bcdc54dd284f3f803a2cef609ad01 0020-avoid-regenerating-defsincdate-use-shipped-file.patch -7c9f38ce480c5f6d06330c9b1fcfe9b32cac2b0b28695beec4e94e48508cf45a4f56ce406abfee795de11ed973598e8544440c3dfc0670cdeb37e27ca1e6caf0 0110-avoid-simple-memory-dumps-via-ptrace.patch -6bc5ac393a72432ef09a31f524db973677fd730166457b881b88e6fad7536ac4fe8cceeed324b578125b9fd4d871645ae9c43c01b3563e00a146e8f835336ac3 0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch -f4778aa2ec8a971ee700114b43b0446425b86459e4b21fd9b534f51de46a7ac9cfd21d79470b422a385e2a0244c54a5fb482ab76b4861f101745f77646f6f483 0220-dirmngr-avoid-need-for-hkp-housekeeping.patch +d77a230e099ac26cf70acf4bf5c4a8446460f677857818027c16fd029292c249a24f31f7073e0388757cf567656e416b7f91af3bba62a85a2ffbdcf985c5050c 0110-avoid-simple-memory-dumps-via-ptrace.patch +54d6b805ad89b384df140e1dc7c4ecd6703bf317fb97834026458fab92f3f0f4f426f0da86c0fbfe102bb1304a489d15ea2e728d5f97d4f0c9bf14cc30cb8c23 0210-dirmngr-hkp-avoid-potential-race-condition-when-some-host-die.patch 1c38b039950fa9733e9584ac61d52e12aad56489d7f3aec396b2528d0bf41729971d3fe9b4d04d50595a2a954181892ed1ec93f1b7ade24e4da26744d78598fc 0230-dirmngr-avoid-automatically-checking-upstream-swdb.patch -c4488de65913167a77fbc1c8d3a8867d15171c6021490e443ca0faddcb2109fff23f7f49c9a8922d1acd1e435530fc8a4bafb71f441d3cdf38618d3a113cf7e8 0310-gpg-default-to-3072-bit-keys.patch -00dac445ba9f1c4c7e6078a8068e62e13e05c5b22e1d84b915f6f353eba55c4b172c6ea735f3bb551af0d6073652d3b6f0cafdfb1d6afb309626a7642775416f 0320-gpg-default-to-aes256.patch 9e6c109f6617b4abb7a9d8abd4c8d128247dd21915bf7a75bb6a9f5b6da2a9d4dcee27147db3f88de79e4cb2621222ae62d95c0ce115658ef39bcd01587b5f82 0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch 462af7b1e530e00d3870062666ef427d6df57ee8358b043c06fb8b7b54e50891fc8a49beeaabe45d1822d222ffc47da624798ceb8889a02e38ce85612453bb8b 0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch -0e4d5d29de5279bda4e8b69334c664068404e697ad9e62868389ef1d97bc1a18d80e834d2d2e8147e0f537a81e6f3b360f18e1a958304a2cc2659c29e68c517a 0410-make-gpg-zip-use-tar-from-path.patch -ac2199f2b49af1c0211ff6f7e441f0f7779d6101c2136f2d7cab0001d260598e4f2f07111aa478dd210a05385daa1f6aec77d9b0de3e379371433b0c82035855 0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch +0c1c44932e47ded65d412c48f859f1615a896ae1dd0a9e0e46fd491f3a25adc80e29fe12e329c3f541a60729cdf82330e81ab7bb7cacf1ddc6a9701a38bbbfaf 0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch 28cba87121c66b1bbc90bb0f3ca8c69ff19376243854577a4d24afa4a3d4a4b8a952a3a7bbecc200058b6f722cfcd4fc72d5630c822f78ef3fc819f972798e34 fix-i18n.patch 4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules " -- cgit v1.2.3