diff --git a/fix-CVE-2019-14855-0-Ignore-all-SHA-1-3rd-party-key-sig.patch b/fix-CVE-2019-14855-0-Ignore-all-SHA-1-3rd-party-key-sig.patch deleted file mode 100644 index cd463c44f5ba8919a49662003df97d89f3092211..0000000000000000000000000000000000000000 --- a/fix-CVE-2019-14855-0-Ignore-all-SHA-1-3rd-party-key-sig.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 7d9aad63c4f1aefe97da61baf5acd96c12c0278e Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Thu, 3 Oct 2019 18:20:59 +0200 -Subject: [PATCH] gpg: Ignore all SHA-1 signatures in 3rd party key signatures. - -* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date -and remove debug output. --- - -With 2.2 we do not not support SHA-1 key signatures anymore even if -that means that the WoT shrinks. - -Signed-off-by: Werner Koch ---- - g10/sig-check.c | 40 +++++++++++++++++++++++++--------------- - 1 file changed, 25 insertions(+), 15 deletions(-) - -diff --git a/g10/sig-check.c b/g10/sig-check.c -index a93b496..c1498ef 100644 ---- a/g10/sig-check.c -+++ b/g10/sig-check.c -@@ -824,6 +824,10 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - PKT_public_key *pripk = kb->pkt->pkt.public_key; - gcry_md_hd_t md; - int signer_alloced = 0; -+ int stub_is_selfsig; -+ -+ if (!is_selfsig) -+ is_selfsig = &stub_is_selfsig; - - rc = openpgp_pk_test_algo (sig->pubkey_algo); - if (rc) -@@ -857,14 +861,11 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - - if (signer) - { -- if (is_selfsig) -- { -- if (signer->keyid[0] == pripk->keyid[0] -- && signer->keyid[1] == pripk->keyid[1]) -- *is_selfsig = 1; -- else -- *is_selfsig = 0; -- } -+ if (signer->keyid[0] == pripk->keyid[0] -+ && signer->keyid[1] == pripk->keyid[1]) -+ *is_selfsig = 1; -+ else -+ *is_selfsig = 0; - } - else - { -@@ -874,8 +875,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - { - /* Issued by the primary key. */ - signer = pripk; -- if (is_selfsig) -- *is_selfsig = 1; -+ *is_selfsig = 1; - } - else - { -@@ -904,8 +904,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - if (! signer) - { - /* Signer by some other key. */ -- if (is_selfsig) -- *is_selfsig = 0; -+ *is_selfsig = 0; - if (ret_pk) - { - signer = ret_pk; -@@ -966,9 +965,20 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) - { - log_assert (packet->pkttype == PKT_USER_ID); -- hash_public_key (md, pripk); -- hash_uid_packet (packet->pkt.user_id, md, sig); -- rc = check_signature_end_simple (signer, sig, md); -+ if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig) -+ { -+ /* If the signature was created using SHA-1 we consider this -+ * signature invalid because it makes it possible to mount a -+ * chosen-prefix collision. We don't do this for -+ * self-signatures, though. */ -+ rc = gpg_error (GPG_ERR_DIGEST_ALGO); -+ } -+ else -+ { -+ hash_public_key (md, pripk); -+ hash_uid_packet (packet->pkt.user_id, md, sig); -+ rc = check_signature_end_simple (signer, sig, md); -+ } - } - else - { --- -2.19.1 - diff --git a/fix-CVE-2019-14855-1-Add-option-allow-weak-key-signatures.patch b/fix-CVE-2019-14855-1-Add-option-allow-weak-key-signatures.patch deleted file mode 100644 index cda2deed15f0bd52e7470d2151d4f6749d5b1a10..0000000000000000000000000000000000000000 --- a/fix-CVE-2019-14855-1-Add-option-allow-weak-key-signatures.patch +++ /dev/null @@ -1,178 +0,0 @@ -From e624c41dbafd33af82c1153188d14de72fcc7cd8 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Thu, 7 Nov 2019 10:36:17 +0100 -Subject: [PATCH] gpg: Add option --allow-weak-key-signatures. - -* g10/gpg.c (oAllowWeakKeySignatures): New. -(opts): Add --allow-weak-key-signatures. -(main): Set it. -* g10/options.h (struct opt): Add flags.allow_weak_key_signatures. -* g10/misc.c (print_sha1_keysig_rejected_note): New. -* g10/sig-check.c (check_signature_over_key_or_uid): Print note and -act on new option. - -Signed-off-by: Werner Koch ---- - doc/gpg.texi | 19 ++++++++++++++----- - g10/gpg.c | 8 ++++++++ - g10/main.h | 1 + - g10/misc.c | 18 ++++++++++++++++++ - g10/options.h | 1 + - g10/sig-check.c | 4 +++- - 6 files changed, 45 insertions(+), 6 deletions(-) - -diff --git a/doc/gpg.texi b/doc/gpg.texi -index 8a88b11..093c309 100644 ---- a/doc/gpg.texi -+++ b/doc/gpg.texi -@@ -113,9 +113,12 @@ only one command is allowed. Generally speaking, irrelevant options - are silently ignored, and may not be checked for correctness. - - @command{@gpgname} may be run with no commands. In this case it will --perform a reasonable action depending on the type of file it is given --as input (an encrypted message is decrypted, a signature is verified, --a file containing keys is listed, etc.). -+print a warning perform a reasonable action depending on the type of -+file it is given as input (an encrypted message is decrypted, a -+signature is verified, a file containing keys is listed, etc.). -+ -+If you run into any problems, please add the option @option{--verbose} -+to the invocation to see more diagnostics. - - - @menu -@@ -2355,10 +2358,10 @@ opposite meaning. The options are: - - @item self-sigs-only - Accept only self-signatures while importing a key. All other -- key-signatures are skipped at an early import stage. This option -+ key signatures are skipped at an early import stage. This option - can be used with @code{keyserver-options} to mitigate attempts to - flood a key with bogus signatures from a keyserver. The drawback is -- that all other valid key-signatures, as required by the Web of Trust -+ that all other valid key signatures, as required by the Web of Trust - are also not imported. - - @item repair-keys -@@ -3262,6 +3265,12 @@ weak. See also @option{--allow-weak-digest-algos} to disable - rejection of weak digests. MD5 is always considered weak, and does - not need to be listed explicitly. - -+@item --allow-weak-key-signatures -+@opindex allow-weak-key-signatures -+To avoid a minor risk of collision attacks on third-party key -+signatures made using SHA-1, those key signatures are considered -+invalid. This options allows to override this restriction. -+ - @item --no-default-keyring - @opindex no-default-keyring - Do not add the default keyrings to the list of keyrings. Note that -diff --git a/g10/gpg.c b/g10/gpg.c -index 2c784d4..03540a1 100644 ---- a/g10/gpg.c -+++ b/g10/gpg.c -@@ -407,6 +407,7 @@ enum cmd_and_opt_values - oAllowMultipleMessages, - oNoAllowMultipleMessages, - oAllowWeakDigestAlgos, -+ oAllowWeakKeySignatures, - oFakedSystemTime, - oNoAutostart, - oPrintPKARecords, -@@ -867,6 +868,9 @@ static ARGPARSE_OPTS opts[] = { - ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"), - ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"), - -+ /* Options to override new security defaults. */ -+ ARGPARSE_s_n (oAllowWeakKeySignatures, "allow-weak-key-signatures", "@"), -+ - ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"), - - /* These two are aliases to help users of the PGP command line -@@ -3550,6 +3554,10 @@ main (int argc, char **argv) - opt.flags.allow_weak_digest_algos = 1; - break; - -+ case oAllowWeakKeySignatures: -+ opt.flags.allow_weak_key_signatures = 1; -+ break; -+ - case oFakedSystemTime: - { - size_t len = strlen (pargs.r.ret_str); -diff --git a/g10/main.h b/g10/main.h -index 9136e4c..90e164f 100644 ---- a/g10/main.h -+++ b/g10/main.h -@@ -91,6 +91,7 @@ void print_pubkey_algo_note (pubkey_algo_t algo); - void print_cipher_algo_note (cipher_algo_t algo); - void print_digest_algo_note (digest_algo_t algo); - void print_digest_rejected_note (enum gcry_md_algos algo); -+void print_sha1_keysig_rejected_note (void); - void print_reported_error (gpg_error_t err, gpg_err_code_t skip_if_ec); - void print_further_info (const char *format, ...) GPGRT_ATTR_PRINTF(1,2); - void additional_weak_digest (const char* digestname); -diff --git a/g10/misc.c b/g10/misc.c -index 6d525a8..291d36f 100644 ---- a/g10/misc.c -+++ b/g10/misc.c -@@ -357,6 +357,24 @@ print_digest_rejected_note (enum gcry_md_algos algo) - } - - -+void -+print_sha1_keysig_rejected_note (void) -+{ -+ static int shown; -+ -+ if (shown) -+ return; -+ -+ shown = 1; -+ es_fflush (es_stdout); -+ log_info (_("Note: third-party key signatures using" -+ " the %s algorithm are rejected\n"), -+ gcry_md_algo_name (GCRY_MD_SHA1)); -+ print_further_info ("use option \"%s\" to override", -+ "--allow-weak-key-signatures"); -+} -+ -+ - /* Print a message - * "(reported error: %s)\n - * in verbose mode to further explain an error. If the error code has -diff --git a/g10/options.h b/g10/options.h -index 0f007c1..ffeecaa 100644 ---- a/g10/options.h -+++ b/g10/options.h -@@ -237,6 +237,7 @@ struct - unsigned int dsa2:1; - unsigned int allow_multiple_messages:1; - unsigned int allow_weak_digest_algos:1; -+ unsigned int allow_weak_key_signatures:1; - unsigned int large_rsa:1; - unsigned int disable_signer_uid:1; - /* Flag to enable experimental features from RFC4880bis. */ -diff --git a/g10/sig-check.c b/g10/sig-check.c -index a4e0df1..f48f0cd 100644 ---- a/g10/sig-check.c -+++ b/g10/sig-check.c -@@ -965,12 +965,14 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer, - else if (IS_UID_SIG (sig) || IS_UID_REV (sig)) - { - log_assert (packet->pkttype == PKT_USER_ID); -- if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig) -+ if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig -+ && !opt.flags.allow_weak_key_signatures) - { - /* If the signature was created using SHA-1 we consider this - * signature invalid because it makes it possible to mount a - * chosen-prefix collision. We don't do this for - * self-signatures, though. */ -+ print_sha1_keysig_rejected_note (); - rc = gpg_error (GPG_ERR_DIGEST_ALGO); - } - else --- -1.8.3.1 - diff --git a/fix-CVE-2019-14855-2-Forbid-creation-of-SHA-1-3rd-party-key-sig.patch b/fix-CVE-2019-14855-2-Forbid-creation-of-SHA-1-3rd-party-key-sig.patch deleted file mode 100644 index bd2530ecdb156521668f7d92a44282e2fcc709a1..0000000000000000000000000000000000000000 --- a/fix-CVE-2019-14855-2-Forbid-creation-of-SHA-1-3rd-party-key-sig.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 754a03f5a279964af62025d11d92391e650fddb7 Mon Sep 17 00:00:00 2001 -From: Werner Koch -Date: Mon, 11 Nov 2019 11:41:00 +0100 -Subject: [PATCH] gpg: Forbid the creation of SHA-1 third-party key -signatures. - -* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. -(do_sign): Add arg signhints and inhibit SHA-1 signatures. Change -callers to pass 0. -(complete_sig): Add arg signhints and pass on. -(make_keysig_packet, update_keysig_packet): Set signhints. --- - -Signed-off-by: Werner Koch ---- - g10/sign.c | 52 +++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 45 insertions(+), 7 deletions(-) - -diff --git a/g10/sign.c b/g10/sign.c -index 92ff361..543e1a7 100644 ---- a/g10/sign.c -+++ b/g10/sign.c -@@ -49,8 +49,15 @@ - #define LF "\n" - #endif - -+/* Bitflags to convey hints on what kind of signayire is created. */ -+#define SIGNHINT_KEYSIG 1 -+#define SIGNHINT_SELFSIG 2 -+ -+ -+/* Hack */ - static int recipient_digest_algo=0; - -+ - /**************** - * Create notations and other stuff. It is assumed that the stings in - * STRLIST are already checked to contain only printable data and have -@@ -252,10 +259,12 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) - - - /* Perform the sign operation. If CACHE_NONCE is given the agent is -- advised to use that cached passphrase for the key. */ -+ * advised to use that cached passphrase for the key. SIGNHINTS has -+ * hints so that we can do some additional checks. */ - static int - do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, -- gcry_md_hd_t md, int mdalgo, const char *cache_nonce) -+ gcry_md_hd_t md, int mdalgo, -+ const char *cache_nonce, unsigned int signhints) - { - gpg_error_t err; - byte *dp; -@@ -278,6 +287,19 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, - if (!mdalgo) - mdalgo = gcry_md_get_algo (md); - -+ if ((signhints & SIGNHINT_KEYSIG) && !(signhints & SIGNHINT_SELFSIG) -+ && mdalgo == GCRY_MD_SHA1 -+ && !opt.flags.allow_weak_key_signatures) -+ { -+ /* We do not allow the creation of third-party key signatures -+ * using SHA-1 because we also reject them when verifying. Note -+ * that this will render dsa1024 keys unsuitable for such -+ * keysigs and in turn the WoT. */ -+ print_sha1_keysig_rejected_note (); -+ err = gpg_error (GPG_ERR_DIGEST_ALGO); -+ goto leave; -+ } -+ - /* Check compliance. */ - if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo)) - { -@@ -374,12 +396,12 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, - static int - complete_sig (ctrl_t ctrl, - PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, -- const char *cache_nonce) -+ const char *cache_nonce, unsigned int signhints) - { - int rc; - - /* if (!(rc = check_secret_key (pksk, 0))) */ -- rc = do_sign (ctrl, pksk, sig, md, 0, cache_nonce); -+ rc = do_sign (ctrl, pksk, sig, md, 0, cache_nonce, signhints); - return rc; - } - -@@ -753,7 +775,7 @@ write_signature_packets (ctrl_t ctrl, - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); - -- rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); -+ rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); - gcry_md_close (md); - if (!rc) - { -@@ -1468,6 +1490,8 @@ make_keysig_packet (ctrl_t ctrl, - int rc=0; - int sigversion; - gcry_md_hd_t md; -+ u32 pk_keyid[2], pksk_keyid[2]; -+ unsigned int signhints; - - log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F - || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19 -@@ -1504,6 +1528,12 @@ make_keysig_packet (ctrl_t ctrl, - digest_algo = DEFAULT_DIGEST_ALGO; - } - -+ signhints = SIGNHINT_KEYSIG; -+ keyid_from_pk (pk, pk_keyid); -+ keyid_from_pk (pksk, pksk_keyid); -+ if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1]) -+ signhints |= SIGNHINT_SELFSIG; -+ - if ( gcry_md_open (&md, digest_algo, 0 ) ) - BUG (); - -@@ -1549,7 +1579,7 @@ make_keysig_packet (ctrl_t ctrl, - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); - -- rc = complete_sig (ctrl, sig, pksk, md, cache_nonce); -+ rc = complete_sig (ctrl, sig, pksk, md, cache_nonce, signhints); - } - - gcry_md_close (md); -@@ -1585,6 +1615,8 @@ update_keysig_packet (ctrl_t ctrl, - gpg_error_t rc = 0; - int digest_algo; - gcry_md_hd_t md; -+ u32 pk_keyid[2], pksk_keyid[2]; -+ unsigned int signhints; - - if ((!orig_sig || !pk || !pksk) - || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid) -@@ -1603,6 +1635,12 @@ update_keysig_packet (ctrl_t ctrl, - else - digest_algo = orig_sig->digest_algo; - -+ signhints = SIGNHINT_KEYSIG; -+ keyid_from_pk (pk, pk_keyid); -+ keyid_from_pk (pksk, pksk_keyid); -+ if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1]) -+ signhints |= SIGNHINT_SELFSIG; -+ - if ( gcry_md_open (&md, digest_algo, 0 ) ) - BUG (); - -@@ -1656,7 +1694,7 @@ update_keysig_packet (ctrl_t ctrl, - hash_sigversion_to_magic (md, sig); - gcry_md_final (md); - -- rc = complete_sig (ctrl, sig, pksk, md, NULL); -+ rc = complete_sig (ctrl, sig, pksk, md, NULL, signhints); - } - - leave: --- -1.8.3.1 - diff --git a/gnupg-2.1.1-fips-algo.patch b/gnupg-2.1.1-fips-algo.patch new file mode 100644 index 0000000000000000000000000000000000000000..fbb6d27d34d7723d8d34a16b7cb7fc7e5d519dc0 --- /dev/null +++ b/gnupg-2.1.1-fips-algo.patch @@ -0,0 +1,13 @@ +diff -up gnupg-2.1.1/g10/mainproc.c.fips gnupg-2.1.1/g10/mainproc.c +--- gnupg-2.1.1/g10/mainproc.c.fips 2015-01-29 17:19:49.266031504 +0100 ++++ gnupg-2.1.1/g10/mainproc.c 2015-01-29 17:27:13.938088122 +0100 +@@ -719,7 +719,8 @@ proc_plaintext( CTX c, PACKET *pkt ) + according to 2440, so hopefully it won't come up that often. + There is no good way to specify what algorithms to use in + that case, so these there are the historical answer. */ +- gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); ++ if (!gcry_fips_mode_active()) ++ gcry_md_enable (c->mfx.md, DIGEST_ALGO_RMD160); + gcry_md_enable (c->mfx.md, DIGEST_ALGO_SHA1); + } + if (DBG_HASHING) diff --git a/gnupg-2.1.10-secmem.patch b/gnupg-2.1.10-secmem.patch new file mode 100644 index 0000000000000000000000000000000000000000..e2635097bd982f122cb93a5cb4b350a2212be810 --- /dev/null +++ b/gnupg-2.1.10-secmem.patch @@ -0,0 +1,33 @@ +diff -up gnupg-2.1.10/g10/gpg.c.secmem gnupg-2.1.10/g10/gpg.c +--- gnupg-2.1.10/g10/gpg.c.secmem 2015-12-04 10:53:27.000000000 +0100 ++++ gnupg-2.1.10/g10/gpg.c 2015-12-07 15:32:38.922812652 +0100 +@@ -889,7 +889,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); +@@ -1041,7 +1041,7 @@ build_list (const char *text, char lette + char *string; + + if (maybe_setuid) +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + + indent = utf8_charcount (text, -1); + len = 0; +diff -up gnupg-2.1.10/sm/gpgsm.c.secmem gnupg-2.1.10/sm/gpgsm.c +--- gnupg-2.1.10/sm/gpgsm.c.secmem 2015-11-30 17:39:52.000000000 +0100 ++++ gnupg-2.1.10/sm/gpgsm.c 2015-12-07 15:31:17.226884207 +0100 +@@ -530,7 +530,7 @@ make_libversion (const char *libname, co + + if (maybe_setuid) + { +- gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ ++ gcry_control (GCRYCTL_INIT_SECMEM, 4096, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); diff --git a/gnupg-2.1.21-insttools.patch b/gnupg-2.1.21-insttools.patch new file mode 100644 index 0000000000000000000000000000000000000000..e076dae20255f750e9737afc0a9abcafeeb57d41 --- /dev/null +++ b/gnupg-2.1.21-insttools.patch @@ -0,0 +1,62 @@ +diff -up gnupg-2.1.21/tools/Makefile.am.insttools gnupg-2.1.21/tools/Makefile.am +--- gnupg-2.1.21/tools/Makefile.am.insttools 2017-04-03 17:13:56.000000000 +0200 ++++ gnupg-2.1.21/tools/Makefile.am 2017-07-18 12:10:59.431729640 +0200 +@@ -35,8 +35,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ER + sbin_SCRIPTS = addgnupghome applygnupgdefaults + + if HAVE_USTAR +-# bin_SCRIPTS += gpg-zip +-noinst_SCRIPTS = gpg-zip ++bin_PROGRAMS += gpg-zip ++#noinst_SCRIPTS = gpg-zip + endif + + if BUILD_SYMCRYPTRUN +@@ -53,7 +53,7 @@ endif + + libexec_PROGRAMS = gpg-wks-client + +-bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} ++bin_PROGRAMS = gpgconf gpg-connect-agent ${symcryptrun} gpgsplit + if !HAVE_W32_SYSTEM + bin_PROGRAMS += watchgnupg gpgparsemail ${gpg_wks_server} + endif +@@ -63,7 +63,7 @@ libexec_PROGRAMS += gpg-check-pattern + endif + + if !HAVE_W32CE_SYSTEM +-noinst_PROGRAMS = clean-sat make-dns-cert gpgsplit ++noinst_PROGRAMS = clean-sat make-dns-cert + endif + + if !HAVE_W32CE_SYSTEM +diff -up gnupg-2.1.21/tools/Makefile.in.insttools gnupg-2.1.21/tools/Makefile.in +--- gnupg-2.1.21/tools/Makefile.in.insttools 2017-05-15 16:15:04.000000000 +0200 ++++ gnupg-2.1.21/tools/Makefile.in 2017-07-18 12:12:17.907734745 +0200 +@@ -137,13 +137,13 @@ DIST_COMMON = $(top_srcdir)/am/cmacros.a + @GNUPG_DIRMNGR_LDAP_PGM_TRUE@am__append_7 = -DGNUPG_DEFAULT_DIRMNGR_LDAP="\"@GNUPG_DIRMNGR_LDAP_PGM@\"" + @HAVE_W32_SYSTEM_TRUE@am__append_8 = gpg-connect-agent-w32info.o + libexec_PROGRAMS = gpg-wks-client$(EXEEXT) $(am__EXEEXT_5) +-bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) \ ++bin_PROGRAMS = gpgconf$(EXEEXT) gpg-connect-agent$(EXEEXT) gpgsplit$(EXEEXT) \ + $(am__EXEEXT_1) $(am__EXEEXT_3) $(am__EXEEXT_4) + @HAVE_W32_SYSTEM_FALSE@am__append_9 = watchgnupg gpgparsemail ${gpg_wks_server} + @DISABLE_REGEX_FALSE@am__append_10 = gpg-check-pattern + @HAVE_W32CE_SYSTEM_FALSE@noinst_PROGRAMS = clean-sat$(EXEEXT) \ + @HAVE_W32CE_SYSTEM_FALSE@ make-dns-cert$(EXEEXT) \ +-@HAVE_W32CE_SYSTEM_FALSE@ gpgsplit$(EXEEXT) $(am__EXEEXT_6) ++@HAVE_W32CE_SYSTEM_FALSE@ $(am__EXEEXT_6) + @BUILD_GPGTAR_TRUE@@HAVE_W32CE_SYSTEM_FALSE@am__append_11 = gpgtar + @BUILD_GPGTAR_FALSE@@HAVE_W32CE_SYSTEM_FALSE@am__append_12 = gpgtar + subdir = tools +@@ -582,8 +582,8 @@ libcommontlsnpth = ../common/libcommontl + AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) + sbin_SCRIPTS = addgnupghome applygnupgdefaults + +-# bin_SCRIPTS += gpg-zip +-@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip ++@HAVE_USTAR_TRUE@bin_PROGRAMS += gpg-zip ++#@HAVE_USTAR_TRUE@noinst_SCRIPTS = gpg-zip + @BUILD_SYMCRYPTRUN_FALSE@symcryptrun = + @BUILD_SYMCRYPTRUN_TRUE@symcryptrun = symcryptrun + @BUILD_WKS_TOOLS_FALSE@gpg_wks_server = diff --git a/gnupg-2.1.21-large-rsa.patch b/gnupg-2.1.21-large-rsa.patch new file mode 100644 index 0000000000000000000000000000000000000000..96aad02b46d3e7140310184266df747c8f97b2dd --- /dev/null +++ b/gnupg-2.1.21-large-rsa.patch @@ -0,0 +1,12 @@ +diff -up gnupg-2.1.21/g10/keygen.c.large-rsa gnupg-2.1.21/g10/keygen.c +--- gnupg-2.1.21/g10/keygen.c.large-rsa 2017-05-15 14:13:22.000000000 +0200 ++++ gnupg-2.1.21/g10/keygen.c 2017-07-18 16:12:37.738895016 +0200 +@@ -2091,7 +2091,7 @@ get_keysize_range (int algo, unsigned in + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; +- *max = 4096; ++ *max = opt.flags.large_rsa == 1 ? 8192 : 4096; + def = 2048; + break; + } diff --git a/gnupg-2.2.16-ocsp-keyusage.patch b/gnupg-2.2.16-ocsp-keyusage.patch new file mode 100644 index 0000000000000000000000000000000000000000..eeed05354d6202ec2046754e068555d05451ff35 --- /dev/null +++ b/gnupg-2.2.16-ocsp-keyusage.patch @@ -0,0 +1,17 @@ +diff -up gnupg-2.2.16/sm/certlist.c.keyusage gnupg-2.2.16/sm/certlist.c +--- gnupg-2.2.16/sm/certlist.c.keyusage 2019-07-01 17:17:06.925254065 +0200 ++++ gnupg-2.2.16/sm/certlist.c 2019-07-01 17:24:15.665759322 +0200 +@@ -147,10 +147,9 @@ cert_usage_p (ksba_cert_t cert, int mode + + if (mode == 5) + { +- if (use != ~0 +- && (have_ocsp_signing +- || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN +- |KSBA_KEYUSAGE_CRL_SIGN)))) ++ if (have_ocsp_signing ++ || (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN ++ |KSBA_KEYUSAGE_CRL_SIGN))) + return 0; + if (!silent) + log_info (_("certificate should not have " diff --git a/gnupg-2.2.17.tar.bz2.sig b/gnupg-2.2.17.tar.bz2.sig deleted file mode 100644 index 8b983bd944427656660e844703270e111872a95a..0000000000000000000000000000000000000000 Binary files a/gnupg-2.2.17.tar.bz2.sig and /dev/null differ diff --git a/gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch b/gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch new file mode 100644 index 0000000000000000000000000000000000000000..a6173968f53072c645cd7a73872049641fdd869f --- /dev/null +++ b/gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch @@ -0,0 +1,32 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:43 +0200 +Subject: gpg: accept subkeys with a good revocation but no self-sig during + import + +* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we +encounter a valid revocation signature. This allows import of subkey +revocation signatures, even in the absence of a corresponding subkey +binding signature. + +-- + +This fixes the remaining test in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/g10/import.c b/g10/import.c +index f9acf95..9217911 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self) + /* It's valid, so is it newer? */ + if (sig->timestamp >= rsdate) + { ++ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */ + if (rsnode) + { + /* Delete the last revocation sig since diff --git a/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch b/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch new file mode 100644 index 0000000000000000000000000000000000000000..4b5690f95549e2e845550474714712152d75a99c --- /dev/null +++ b/gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch @@ -0,0 +1,106 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:42 +0200 +Subject: gpg: allow import of previously known keys, even without UIDs + +* g10/import.c (import_one): Accept an incoming OpenPGP certificate that +has no user id, as long as we already have a local variant of the cert +that matches the primary key. + +-- + +This fixes two of the three broken tests in import-incomplete.scm. + +GnuPG-Bug-id: 4393 +Signed-off-by: Daniel Kahn Gillmor +--- + g10/import.c | 44 +++++++++++--------------------------------- + 1 file changed, 11 insertions(+), 33 deletions(-) + +diff --git a/g10/import.c b/g10/import.c +index 5d3162c..f9acf95 100644 +--- a/g10/import.c ++++ b/g10/import.c +@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl, + size_t an; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int merge_keys_done = 0; +- int any_filter = 0; + KEYDB_HANDLE hd = NULL; + + if (r_valid) +@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl, + log_printf ("\n"); + } + +- +- if (!uidnode ) +- { +- if (!silent) +- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk)); +- return 0; +- } +- + if (screener && screener (keyblock, screener_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk (pk), +@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl, + } + } + +- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) ) +- { +- if (!silent) +- { +- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk)); +- if (!opt.quiet ) +- log_info(_("this may be caused by a missing self-signature\n")); +- } +- stats->no_user_id++; +- return 0; +- } ++ /* Delete invalid parts, and note if we have any valid ones left. ++ * We will later abort import if this key is new but contains ++ * no valid uids. */ ++ delete_inv_parts (ctrl, keyblock, keyid, options); + + /* Get rid of deleted nodes. */ + commit_kbnode (&keyblock); +@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl, + { + apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid); + commit_kbnode (&keyblock); +- any_filter = 1; + } + if (import_filter.drop_sig) + { + apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig); + commit_kbnode (&keyblock); +- any_filter = 1; +- } +- +- /* If we ran any filter we need to check that at least one user id +- * is left in the keyring. Note that we do not use log_error in +- * this case. */ +- if (any_filter && !any_uid_left (keyblock)) +- { +- if (!opt.quiet ) +- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk)); +- stats->no_user_id++; +- return 0; + } + + /* The keyblock is valid and ready for real import. */ +@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl, + err = 0; + stats->skipped_new_keys++; + } ++ else if (err && !any_uid_left (keyblock)) ++ { ++ if (!silent) ++ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid)); ++ err = 0; ++ stats->no_user_id++; ++ } + else if (err) /* Insert this key. */ + { + /* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */ diff --git a/gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch b/gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch new file mode 100644 index 0000000000000000000000000000000000000000..37ddeea2249585ae79232b0f7f11340020dc45bf --- /dev/null +++ b/gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch @@ -0,0 +1,201 @@ +From: Vincent Breitmoser +Date: Thu, 13 Jun 2019 21:27:41 +0200 +Subject: tests: add test cases for import without uid + +This commit adds a test case that does the following, in order: +- Import of a primary key plus user id +- Check that import of a subkey works, without a user id present in the +imported key +- Check that import of a subkey revocation works, without a user id or +subkey binding signature present in the imported key +- Check that import of a primary key revocation works, without a user id +present in the imported key + +-- + +Note that this test currently fails. The following changesets will +fix gpg so that the tests pass. + +GnuPG-Bug-id: 4393 +Signed-Off-By: Daniel Kahn Gillmor +--- + tests/openpgp/Makefile.am | 1 + + tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++ + .../import-incomplete/primary+revocation.asc | 9 +++ + .../primary+subkey+sub-revocation.asc | 10 ++++ + .../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++ + .../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++ + tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++ + 7 files changed, 118 insertions(+) + create mode 100755 tests/openpgp/import-incomplete.scm + create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc + create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc + create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc + +diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am +index f6014c9..6423da1 100644 +--- a/tests/openpgp/Makefile.am ++++ b/tests/openpgp/Makefile.am +@@ -78,6 +78,7 @@ XTESTS = \ + gpgv-forged-keyring.scm \ + armor.scm \ + import.scm \ ++ import-incomplete.scm \ + import-revocation-certificate.scm \ + ecc.scm \ + 4gb-packet.scm \ +diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm +new file mode 100755 +index 0000000..727a027 +--- /dev/null ++++ b/tests/openpgp/import-incomplete.scm +@@ -0,0 +1,68 @@ ++#!/usr/bin/env gpgscm ++ ++;; Copyright (C) 2016 g10 Code GmbH ++;; ++;; This file is part of GnuPG. ++;; ++;; GnuPG is free software; you can redistribute it and/or modify ++;; it under the terms of the GNU General Public License as published by ++;; the Free Software Foundation; either version 3 of the License, or ++;; (at your option) any later version. ++;; ++;; GnuPG is distributed in the hope that it will be useful, ++;; but WITHOUT ANY WARRANTY; without even the implied warranty of ++;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++;; GNU General Public License for more details. ++;; ++;; You should have received a copy of the GNU General Public License ++;; along with this program; if not, see . ++ ++(load (in-srcdir "tests" "openpgp" "defs.scm")) ++(setup-environment) ++ ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc"))) ++ ++(info "Test import of new subkey, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of a subkey revocation, from a certificate without uid") ++(define keyid "573EA710367356BB") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "sub:r:") ++ (string-contains? line "573EA710367356BB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ ++(info "Test import of revocation, from a certificate without uid") ++(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc"))) ++(tr:do ++ (tr:pipe-do ++ (pipe:gpg `(--list-keys --with-colons ,keyid))) ++ (tr:call-with-content ++ (lambda (c) ++ ;; XXX we do not have a regexp library ++ (unless (any (lambda (line) ++ (and (string-prefix? line "pub:r:") ++ (string-contains? line "0843DA969AA8DAFB"))) ++ (string-split-newlines c)) ++ (exit 1))))) ++ +diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc +new file mode 100644 +index 0000000..6b7b608 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+revocation.asc +@@ -0,0 +1,9 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [E] primary key, revocation signature over primary (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ ++EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3 ++XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ== ++=tM90 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +new file mode 100644 +index 0000000..83a51a5 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [D] primary key, subkey, subkey revocation (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ ++3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ= ++=dwx2 ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +new file mode 100644 +index 0000000..dc47a02 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [B] primary key, subkey, subkey binding sig (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK ++j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR ++Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg= ++=xuDu ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc +new file mode 100644 +index 0000000..134607d +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [C] primary key and self-sig expiring in 2024 (no user ID) ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8 ++2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu ++3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN ++9ohXOEBWvdJgVv2YAg== ++=KWIK ++-----END PGP PUBLIC KEY BLOCK----- +diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc +new file mode 100644 +index 0000000..055f300 +--- /dev/null ++++ b/tests/openpgp/import-incomplete/primary+uid.asc +@@ -0,0 +1,10 @@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++Comment: [A] primary key, user ID, and self-sig expiring in 2021 ++ ++mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ ++631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC ++XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja +++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI ++kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs= ++=1eII ++-----END PGP PUBLIC KEY BLOCK----- diff --git a/gnupg-2.2.20-file-is-digest.patch b/gnupg-2.2.20-file-is-digest.patch new file mode 100644 index 0000000000000000000000000000000000000000..2c7a891a6eed582d3fa5369e7be35abdcc198d2e --- /dev/null +++ b/gnupg-2.2.20-file-is-digest.patch @@ -0,0 +1,191 @@ +diff -up gnupg-2.2.20/g10/gpg.c.file-is-digest gnupg-2.2.20/g10/gpg.c +--- gnupg-2.2.20/g10/gpg.c.file-is-digest 2020-04-14 16:33:42.630269318 +0200 ++++ gnupg-2.2.20/g10/gpg.c 2020-04-14 16:34:46.455100086 +0200 +@@ -380,6 +380,7 @@ enum cmd_and_opt_values + oTTYtype, + oLCctype, + oLCmessages, ++ oFileIsDigest, + oXauthority, + oGroup, + oUnGroup, +@@ -831,6 +832,7 @@ static ARGPARSE_OPTS opts[] = { + ARGPARSE_s_s (oPersonalCompressPreferences, + "personal-compress-preferences", "@"), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ++ ARGPARSE_s_n (oFileIsDigest, "file-is-digest", "@"), + ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), +@@ -2419,6 +2421,7 @@ main (int argc, char **argv) + opt.keyid_format = KF_NONE; + opt.def_sig_expire = "0"; + opt.def_cert_expire = "0"; ++ opt.file_is_digest = 0; + gnupg_set_homedir (NULL); + opt.passphrase_repeat = 1; + opt.emit_version = 0; +@@ -2997,6 +3000,7 @@ main (int argc, char **argv) + opt.verify_options&=~VERIFY_SHOW_PHOTOS; + break; + case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; ++ case oFileIsDigest: opt.file_is_digest = 1; break; + + case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; + case oIncludeKeyBlock: opt.flags.include_key_block = 1; break; +diff -up gnupg-2.2.20/g10/options.h.file-is-digest gnupg-2.2.20/g10/options.h +--- gnupg-2.2.20/g10/options.h.file-is-digest 2020-03-14 19:54:05.000000000 +0100 ++++ gnupg-2.2.20/g10/options.h 2020-04-14 16:33:42.634269245 +0200 +@@ -202,6 +202,7 @@ struct + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; ++ int file_is_digest; + struct groupitem *grouplist; + int mangle_dos_filenames; + int enable_progress_filter; +diff -up gnupg-2.2.20/g10/sign.c.file-is-digest gnupg-2.2.20/g10/sign.c +--- gnupg-2.2.20/g10/sign.c.file-is-digest 2020-03-14 19:35:46.000000000 +0100 ++++ gnupg-2.2.20/g10/sign.c 2020-04-14 16:36:54.661751422 +0200 +@@ -40,6 +40,7 @@ + #include "pkglue.h" + #include "../common/sysutils.h" + #include "call-agent.h" ++#include "../common/host2net.h" + #include "../common/mbox-util.h" + #include "../common/compliance.h" + +@@ -834,6 +835,8 @@ write_signature_packets (ctrl_t ctrl, + if (duration || opt.sig_policy_url + || opt.sig_notations || opt.sig_keyserver_url) + sig->version = 4; ++ else if (opt.file_is_digest) ++ sig->version = 3; + else + sig->version = pk->version; + +@@ -860,8 +863,11 @@ write_signature_packets (ctrl_t ctrl, + else + err = 0; + } +- hash_sigversion_to_magic (md, sig); +- gcry_md_final (md); ++ ++ if (!opt.file_is_digest) { ++ hash_sigversion_to_magic (md, sig); ++ gcry_md_final (md); ++ } + + if (!err) + err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); +@@ -924,6 +930,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + SK_LIST sk_rover = NULL; + int multifile = 0; + u32 duration=0; ++ int sigclass = 0x00; ++ u32 timestamp = 0; + + pfx = new_progress_context (); + afx = new_armor_context (); +@@ -941,7 +949,16 @@ sign_file (ctrl_t ctrl, strlist_t filena + fname = NULL; + + if( fname && filenames->next && (!detached || encryptflag) ) +- log_bug("multiple files can only be detached signed"); ++ log_bug("multiple files can only be detached signed\n"); ++ ++ if (opt.file_is_digest && (multifile || !fname)) ++ log_bug("file-is-digest only works with one file\n"); ++ if (opt.file_is_digest && !detached) ++ log_bug("file-is-digest can only write detached signatures\n"); ++ if (opt.file_is_digest && !opt.def_digest_algo) ++ log_bug("file-is-digest needs --digest-algo\n"); ++ if (opt.file_is_digest && opt.textmode) ++ log_bug("file-is-digest doesn't work with --textmode\n"); + + if(encryptflag==2 + && (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek))) +@@ -962,7 +979,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + goto leave; + + /* prepare iobufs */ +- if( multifile ) /* have list of filenames */ ++ if( multifile || opt.file_is_digest) /* have list of filenames */ + inp = NULL; /* we do it later */ + else { + inp = iobuf_open(fname); +@@ -1100,7 +1117,7 @@ sign_file (ctrl_t ctrl, strlist_t filena + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) + gcry_md_enable (mfx.md, hash_for (sk_rover->pk)); + +- if( !multifile ) ++ if( !multifile && !opt.file_is_digest ) + iobuf_push_filter( inp, md_filter, &mfx ); + + if( detached && !encryptflag) +@@ -1155,6 +1172,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + write_status_begin_signing (mfx.md); + ++ sigclass = opt.textmode && !outfile? 0x01 : 0x00; ++ + /* Setup the inner packet. */ + if( detached ) { + if( multifile ) { +@@ -1195,6 +1214,45 @@ sign_file (ctrl_t ctrl, strlist_t filena + if( opt.verbose ) + log_printf ("\n"); + } ++ else if (opt.file_is_digest) { ++ byte *mdb, ts[5]; ++ size_t mdlen; ++ const char *fp; ++ int c, d; ++ ++ gcry_md_final(mfx.md); ++ /* this assumes gcry_md_read returns the same buffer */ ++ mdb = gcry_md_read(mfx.md, opt.def_digest_algo); ++ mdlen = gcry_md_get_algo_dlen(opt.def_digest_algo); ++ if (strlen(fname) != mdlen * 2 + 11) ++ log_bug("digests must be %zu + @ + 5 bytes\n", mdlen); ++ d = -1; ++ for (fp = fname ; *fp; ) { ++ c = *fp++; ++ if (c >= '0' && c <= '9') ++ c -= '0'; ++ else if (c >= 'a' && c <= 'f') ++ c -= 'a' - 10; ++ else if (c >= 'A' && c <= 'F') ++ c -= 'A' - 10; ++ else ++ log_bug("filename is not hex\n"); ++ if (d >= 0) { ++ *mdb++ = d << 4 | c; ++ c = -1; ++ if (--mdlen == 0) { ++ mdb = ts; ++ if (*fp++ != '@') ++ log_bug("missing time separator\n"); ++ } ++ } ++ d = c; ++ } ++ sigclass = ts[0]; ++ if (sigclass != 0x00 && sigclass != 0x01) ++ log_bug("bad cipher class\n"); ++ timestamp = buf32_to_u32(ts + 1); ++ } + else { + /* read, so that the filter can calculate the digest */ + while( iobuf_get(inp) != -1 ) +@@ -1213,8 +1271,8 @@ sign_file (ctrl_t ctrl, strlist_t filena + + /* write the signatures */ + rc = write_signature_packets (ctrl, sk_list, out, mfx.md, +- opt.textmode && !outfile? 0x01 : 0x00, +- 0, duration, detached ? 'D':'S', NULL); ++ sigclass, ++ timestamp, duration, detached ? 'D':'S', NULL); + if( rc ) + goto leave; + diff --git a/gnupg-2.2.21-coverity.patch b/gnupg-2.2.21-coverity.patch new file mode 100644 index 0000000000000000000000000000000000000000..4d781a530801e54afcd344343af74553d7f89b44 --- /dev/null +++ b/gnupg-2.2.21-coverity.patch @@ -0,0 +1,248 @@ +diff -up gnupg-2.2.21/common/server-help.c.coverity gnupg-2.2.21/common/server-help.c +--- gnupg-2.2.21/common/server-help.c.coverity 2019-02-11 10:59:34.000000000 +0100 ++++ gnupg-2.2.21/common/server-help.c 2020-07-20 17:09:57.416148768 +0200 +@@ -156,7 +156,7 @@ get_option_value (char *line, const char + *pend = 0; + *r_value = xtrystrdup (p); + *pend = c; +- if (!p) ++ if (!*r_value) + return my_error_from_syserror (); + return 0; + } +diff -up gnupg-2.2.21/dirmngr/domaininfo.c.coverity gnupg-2.2.21/dirmngr/domaininfo.c +--- gnupg-2.2.21/dirmngr/domaininfo.c.coverity 2019-07-09 11:08:45.000000000 +0200 ++++ gnupg-2.2.21/dirmngr/domaininfo.c 2020-07-20 17:09:57.418148784 +0200 +@@ -193,6 +193,7 @@ insert_or_update (const char *domain, + log_error ("domaininfo: error allocating helper array: %s\n", + gpg_strerror (gpg_err_code_from_syserror ())); + drop_extra = bucket; ++ xfree (di_new); + goto leave; + } + narray = 0; +@@ -258,6 +259,8 @@ insert_or_update (const char *domain, + * sensible strategy. */ + drop_extra = domainbuckets[hash]; + domainbuckets[hash] = keep; ++ ++ xfree (array); + } + + /* Insert */ +diff -up gnupg-2.2.21/dirmngr/http.c.coverity gnupg-2.2.21/dirmngr/http.c +--- gnupg-2.2.21/dirmngr/http.c.coverity 2019-11-18 18:44:33.000000000 +0100 ++++ gnupg-2.2.21/dirmngr/http.c 2020-07-20 17:09:57.419148793 +0200 +@@ -3656,7 +3656,6 @@ http_prepare_redirect (http_redir_info_t + if (!newurl) + { + err = gpg_error_from_syserror (); +- http_release_parsed_uri (locuri); + return err; + } + } +@@ -3675,7 +3674,6 @@ http_prepare_redirect (http_redir_info_t + if (!newurl) + { + err = gpg_error_from_syserror (); +- http_release_parsed_uri (locuri); + return err; + } + } +diff -up gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity gnupg-2.2.21/dirmngr/ks-engine-hkp.c +--- gnupg-2.2.21/dirmngr/ks-engine-hkp.c.coverity 2019-11-18 18:44:33.000000000 +0100 ++++ gnupg-2.2.21/dirmngr/ks-engine-hkp.c 2020-07-20 17:09:57.419148793 +0200 +@@ -1426,7 +1426,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t + int reselect; + unsigned int httpflags; + char *httphost = NULL; +- unsigned int http_status; ++ unsigned int http_status = 0; + unsigned int tries = SEND_REQUEST_RETRIES; + unsigned int extra_tries = SEND_REQUEST_EXTRA_RETRIES; + +diff -up gnupg-2.2.21/g10/card-util.c.coverity gnupg-2.2.21/g10/card-util.c +--- gnupg-2.2.21/g10/card-util.c.coverity 2020-04-15 15:17:48.000000000 +0200 ++++ gnupg-2.2.21/g10/card-util.c 2020-07-20 17:09:57.419148793 +0200 +@@ -667,7 +667,7 @@ card_status (ctrl_t ctrl, estream_t fp, + { + int err; + strlist_t card_list, sl; +- char *serialno0, *serialno1; ++ char *serialno0, *serialno1 = NULL; + int all_cards = 0; + int any_card = 0; + +@@ -712,6 +712,7 @@ card_status (ctrl_t ctrl, estream_t fp, + + current_card_status (ctrl, fp, NULL, 0); + xfree (serialno1); ++ serialno1 = NULL; + + if (!all_cards) + goto leave; +diff -up gnupg-2.2.21/g10/import.c.coverity gnupg-2.2.21/g10/import.c +--- gnupg-2.2.21/g10/import.c.coverity 2020-07-20 17:09:57.416148768 +0200 ++++ gnupg-2.2.21/g10/import.c 2020-07-20 17:09:57.419148793 +0200 +@@ -1888,7 +1888,7 @@ import_one_real (ctrl_t ctrl, + + if (opt.interactive && !silent) + { +- if (is_status_enabled()) ++ if (uidnode && is_status_enabled()) + print_import_check (pk, uidnode->pkt->pkt.user_id); + merge_keys_and_selfsig (ctrl, keyblock); + tty_printf ("\n"); +diff -up gnupg-2.2.21/g10/keygen.c.coverity gnupg-2.2.21/g10/keygen.c +--- gnupg-2.2.21/g10/keygen.c.coverity 2020-07-20 17:09:57.401148640 +0200 ++++ gnupg-2.2.21/g10/keygen.c 2020-07-20 17:09:57.420148801 +0200 +@@ -3075,7 +3075,7 @@ parse_key_parameter_part (ctrl_t ctrl, + char *endp; + const char *curve = NULL; + int ecdh_or_ecdsa = 0; +- unsigned int size; ++ unsigned int size = 0; + int keyuse; + int i; + const char *s; +@@ -5719,12 +5719,20 @@ gen_card_key (int keyno, int algo, int i + the self-signatures. */ + err = agent_readkey (NULL, 1, keyid, &public); + if (err) +- return err; ++ { ++ xfree (pkt); ++ xfree (pk); ++ return err; ++ } + err = gcry_sexp_sscan (&s_key, NULL, public, + gcry_sexp_canon_len (public, 0, NULL, NULL)); + xfree (public); + if (err) +- return err; ++ { ++ xfree (pkt); ++ xfree (pk); ++ return err; ++ } + + if (algo == PUBKEY_ALGO_RSA) + err = key_from_sexp (pk->pkey, s_key, "public-key", "ne"); +@@ -5739,6 +5747,7 @@ gen_card_key (int keyno, int algo, int i + if (err) + { + log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) ); ++ xfree (pkt); + free_public_key (pk); + return err; + } +diff -up gnupg-2.2.21/g10/sig-check.c.coverity gnupg-2.2.21/g10/sig-check.c +--- gnupg-2.2.21/g10/sig-check.c.coverity 2020-07-03 16:17:05.000000000 +0200 ++++ gnupg-2.2.21/g10/sig-check.c 2020-07-20 17:09:57.420148801 +0200 +@@ -902,6 +902,7 @@ check_signature_over_key_or_uid (ctrl_t + { + /* Issued by a subkey. */ + signer = subk; ++ *is_selfsig = 1; + break; + } + } +diff -up gnupg-2.2.21/g10/sign.c.coverity gnupg-2.2.21/g10/sign.c +--- gnupg-2.2.21/g10/sign.c.coverity 2020-07-20 17:09:57.399148624 +0200 ++++ gnupg-2.2.21/g10/sign.c 2020-07-20 17:09:57.420148801 +0200 +@@ -824,7 +824,7 @@ write_signature_packets (ctrl_t ctrl, + PKT_public_key *pk; + PKT_signature *sig; + gcry_md_hd_t md; +- gpg_error_t err; ++ gpg_error_t err = 0; + + pk = sk_rover->pk; + +diff -up gnupg-2.2.21/kbx/keybox-dump.c.coverity gnupg-2.2.21/kbx/keybox-dump.c +--- gnupg-2.2.21/kbx/keybox-dump.c.coverity 2019-08-23 15:59:06.000000000 +0200 ++++ gnupg-2.2.21/kbx/keybox-dump.c 2020-07-20 17:09:57.420148801 +0200 +@@ -786,11 +786,15 @@ _keybox_dump_cut_records (const char *fi + while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) ) + { + if (recno > to) +- break; /* Ready. */ ++ { ++ _keybox_release_blob (blob); ++ break; /* Ready. */ ++ } + if (recno >= from) + { + if ((rc = _keybox_write_blob (blob, outfp))) + { ++ _keybox_release_blob (blob); + fprintf (stderr, "error writing output: %s\n", + gpg_strerror (rc)); + goto leave; +diff -up gnupg-2.2.21/tools/gpg-wks-server.c.coverity gnupg-2.2.21/tools/gpg-wks-server.c +--- gnupg-2.2.21/tools/gpg-wks-server.c.coverity 2020-02-10 16:12:13.000000000 +0100 ++++ gnupg-2.2.21/tools/gpg-wks-server.c 2020-07-20 17:09:57.420148801 +0200 +@@ -890,15 +890,18 @@ store_key_as_pending (const char *dir, e + } + + leave: +- if (err) ++ if (fname) + { +- es_fclose (outfp); +- gnupg_remove (fname); +- } +- else if (es_fclose (outfp)) +- { +- err = gpg_error_from_syserror (); +- log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); ++ if (err) ++ { ++ es_fclose (outfp); ++ gnupg_remove (fname); ++ } ++ else if (es_fclose (outfp)) ++ { ++ err = gpg_error_from_syserror (); ++ log_error ("error closing '%s': %s\n", fname, gpg_strerror (err)); ++ } + } + + if (!err) +diff -up gnupg-2.2.21/tools/wks-util.c.coverity gnupg-2.2.21/tools/wks-util.c +--- gnupg-2.2.21/tools/wks-util.c.coverity 2019-11-23 13:50:21.000000000 +0100 ++++ gnupg-2.2.21/tools/wks-util.c 2020-07-20 17:09:57.421148810 +0200 +@@ -948,7 +948,7 @@ ensure_policy_file (const char *addrspec + static gpg_error_t + install_key_from_spec_file (const char *fname) + { +- gpg_error_t err; ++ gpg_error_t err = 0; + estream_t fp; + char *line = NULL; + size_t linelen = 0; +@@ -1195,10 +1195,8 @@ wks_cmd_print_wkd_hash (const char *user + char *addrspec, *fname; + + err = wks_fname_from_userid (userid, 1, &fname, &addrspec); +- if (err) +- return err; +- +- es_printf ("%s %s\n", fname, addrspec); ++ if (!err) ++ es_printf ("%s %s\n", fname, addrspec); + + xfree (fname); + xfree (addrspec); +@@ -1216,7 +1214,10 @@ wks_cmd_print_wkd_url (const char *useri + + err = wks_fname_from_userid (userid, 1, &fname, &addrspec); + if (err) +- return err; ++ { ++ xfree (addrspec); ++ return err; ++ } + + domain = strchr (addrspec, '@'); + if (domain) diff --git a/gnupg-2.2.17.tar.bz2 b/gnupg-2.2.21.tar.bz2 similarity index 46% rename from gnupg-2.2.17.tar.bz2 rename to gnupg-2.2.21.tar.bz2 index 20dba88beae1b32ba9204c93a411681ad372d552..cd6f01d21639b2d70941b3d96ebad041da05db4b 100644 Binary files a/gnupg-2.2.17.tar.bz2 and b/gnupg-2.2.21.tar.bz2 differ diff --git a/gnupg-2.2.21.tar.bz2.sig b/gnupg-2.2.21.tar.bz2.sig new file mode 100644 index 0000000000000000000000000000000000000000..96c74806c3affe6fee904715a5e94d9cd064c793 Binary files /dev/null and b/gnupg-2.2.21.tar.bz2.sig differ diff --git a/gnupg2.spec b/gnupg2.spec index 4d7cd8ce6b04f82fe4457763254610756983b688..992c22e11cc379d7a208eb0c8ad677551b9ed0e6 100644 --- a/gnupg2.spec +++ b/gnupg2.spec @@ -1,16 +1,24 @@ Name: gnupg2 -Version: 2.2.17 -Release: 7 +Version: 2.2.21 +Release: 1 Summary: Utility for secure communication and data storage License: GPLv3+ URL: https://gnupg.org/ Source0: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2 Source1: https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-%{version}.tar.bz2.sig -Patch0: fix-CVE-2019-14855-0-Ignore-all-SHA-1-3rd-party-key-sig.patch -Patch1: fix-CVE-2019-14855-1-Add-option-allow-weak-key-signatures.patch -Patch2: fix-CVE-2019-14855-2-Forbid-creation-of-SHA-1-3rd-party-key-sig.patch -Patch3: fix-a-memory-leak-in-g10.patch + +Patch0: fix-a-memory-leak-in-g10.patch +Patch1: gnupg-2.1.10-secmem.patch +Patch2: gnupg-2.1.1-fips-algo.patch +Patch3: gnupg-2.1.21-insttools.patch +Patch4: gnupg-2.1.21-large-rsa.patch +Patch5: gnupg-2.2.16-ocsp-keyusage.patch +Patch6: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch +Patch7: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch +patch8: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch +Patch9: gnupg-2.2.20-file-is-digest.patch +Patch10: gnupg-2.2.21-coverity.patch BuildRequires: zlib-devel, npth-devel, gdb, texinfo BuildRequires: libgpg-error-devel >= 1.31 @@ -105,6 +113,9 @@ make check %changelog +* Sat Jul 25 2020 yang_zhuang_zhuang - 2.2.21-1 +- update version to 2.2.21 + * Wed Jun 3 2020 Anakin Zhang - 2.2.17-7 - fix a memory leak in g10