diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/README.Debian | 21 | ||||
-rw-r--r-- | debian/Upgrading_From_PGP.txt | 76 | ||||
-rw-r--r-- | debian/changelog | 992 | ||||
-rw-r--r-- | debian/control | 64 | ||||
-rw-r--r-- | debian/copyright | 40 | ||||
-rw-r--r-- | debian/gpg-convert-from-106.1 | 21 | ||||
-rw-r--r-- | debian/gpgsplit.1 | 41 | ||||
-rw-r--r-- | debian/lspgpot.1 | 22 | ||||
-rw-r--r-- | debian/patches/00list | 5 | ||||
-rw-r--r-- | debian/patches/15_free_caps.dpatch | 124 | ||||
-rw-r--r-- | debian/patches/16_min_privileges.dpatch | 98 | ||||
-rw-r--r-- | debian/patches/24_gpgv_manpage_cleanup.dpatch | 85 | ||||
-rw-r--r-- | debian/patches/25_de.po_fixes.dpatch | 195 | ||||
-rw-r--r-- | debian/patches/28_multiple_message.dpatch | 192 | ||||
-rw-r--r-- | debian/preinst | 47 | ||||
-rwxr-xr-x | debian/rules | 184 |
16 files changed, 2207 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..cb9d785 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,21 @@ +Upgrading from very old (<= 0.3.3) versions of GnuPG +---------------------------------------------------- + +Due to a bug in the way secret keys were encrypted in versions prior +to 0.3.3, later version of GnuPG are not backwards compatible and you +will have to convert your secret keys before using old secret keys +with recent versions of GnuPG. + +The upgrade strategy is described in /usr/doc/gnupg/NEWS.gz, please +refer to it for more details, but it requires an old copy of the gpg +and gpgm binaries. They may be on your system as gpg.old and +gpgm.old, but if they're not you can find gnupg 0.3.2 source and +binaries for i386, m68k, alpha, powerpc and hurd-i386 at: + + <URL:http://people.debian.org/~troup/gnupg/> + +-- +James Troup <james@nocrew.org>, Horsforth, UK +Tue, 30 Apr 2002 20:04:49 +0100 + + diff --git a/debian/Upgrading_From_PGP.txt b/debian/Upgrading_From_PGP.txt new file mode 100644 index 0000000..bce0559 --- /dev/null +++ b/debian/Upgrading_From_PGP.txt @@ -0,0 +1,76 @@ +For a long time I have wanted to switch from using PGP 2.x to using GPG +(because it's Free). But I didn't want to give up my trusty PGP key, +which has a long history and has gathered a lot of signatures that +I would have trouble getting again. + +Now that the RSA patent has expired, GPG comes with RSA support +by default. This means that it's actually possible to convert +your PGP key to a GPG key, and use it normally with GPG. You +will not need gpg-idea or any other non-free component. + +The steps are quite easy. I wrote them down here, because I expect +that a number of Debian maintainers are in the same situation +and can benefit from this advice. + +Note that the GPG FAQ contains a section about the same thing, +but it's aimed at maintaining compatibility with PGP 2.x. +The procedure I describe here is designed solely to switch +to GPG without giving up your PGP key. It will not let you +exchange encrypted mail with someone who still uses (only) PGP 2.x. +But if you ever need to do that, you can pull out your old copy +of PGP for that -- it's the same key! + +Here are the steps: + + 0. Make sure your version of GPG supports RSA. You should be + okay if you have GPG 1.0.3 or newer. I used GPG 1.0.4 myself. + + 1. Back up your .pgp directory, and your .gnupg directory (if any). + Note: I started with an empty .gnupg directory for this. + If you already have a GPG ring with a set of keys, you'll + end up having two keys with probably the same userids. + That won't break anything, but it can be confusing and it + is easy to accidentally use the wrong key. + + 2. Remove the passphrase from your PGP secret key. This is necessary + because the secret key is protected using the IDEA algorithm, and + IDEA is still patented so GPG does not support it. + Command: + pgp -ke userid + where userid is what you use to access your key, usually your name + or email address. Just hit Enter when PGP asks for the new + passphrase. + + 3. Import your secret and public keys into GPG. + Command: + gpg --import $HOME/.pgp/secring.pgp $HOME/.pgp/pubring.pgp + There doesn't seem to be a way to tell GPG to import only selected + keys from those files, so you may want to first use PGP to export + your keys to a small keyring. (Do not use ASCII armor for that.) + I simply imported all the keys, because I wanted to convert to using + GPG for everything. + + 4. Re-protect your secret key with a passphrase. + You removed the passphrase in step 2, you can now put it back. + Command: + gpg --edit-key userid + GPG will tell you what key you accessed and prompt you to do + something with it. Tell it "passwd" to change the passphrase. + + 5. Check if everything worked. Sign and encrypt a small file, + mail it to a friend, see if you can decrypt something mailed + to you, upload a Debian package, that sort of thing. + + 6. Clean up the backups. Remember, you un-protected your PGP key. + It's still not protected, and it's the same key you are now using + with GPG. Make sure no one can get at it. You can restore + the backup, or run pgp -ke again, or -- if you don't plan to ever + use PGP again -- delete the key. There is a program in fileutils + called "shred" which may help with this. + +Well, I hope this helps someone. I wrote this down after exactly one +experience with converting keys -- I'd love to have feedback from +someone else who tried it. + +Richard Braakman +with tips from Adam Rogoyski, Marco d'Itri, and Andrew Pimlott. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1db2856 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,992 @@ +gnupg (1.4.6-3slp2+s5) lucid; urgency=low + + * Fix libusb again + + -- Mike McCormack <mj.mccormack@samsung.com> Mon, 02 May 2011 15:32:30 +0900 + +gnupg (1.4.6-3slp2+s4) unstable; urgency=low + + * Make sure not to use libusb when building + + -- Mike McCormack <mj.mccormack@samsung.com> Thu, 28 Apr 2011 15:33:03 +0900 + +gnupg (1.4.6-3slp2+s3) unstable; urgency=low + + * Make sure not to use libcurl when building + + -- Mike McCormack <mj.mccormack@samsung.com> Fri, 08 Apr 2011 10:04:47 +0900 + +gnupg (1.4.6-3slp2+s2) unstable; urgency=low + + * Rebuild against readline5. + + -- Rafal Krypa <r.krypa@samsung.com> Wed, 12 Jan 2011 14:24:42 +0100 + +gnupg (1.4.6-3slp2+s1) unstable; urgency=low + + * Set myself as maintainer. + * Drop dependency on: libldap2-dev, libcap-dev, libusb-dev. + * Change dependency on libreadline5-dev to libreadline-dev. + * Don't create udebs. + * Git: 165.213.180.234:/git/slp/pkgs/gnupg + * Tag: gnupg_1.4.6-3slp2+s1 + + -- Rafal Krypa <r.krypa@samsung.com> Thu, 11 Nov 2010 17:48:12 +0900 + +gnupg (1.4.6-3) unstable; urgency=low + + * Adopt package. Thanks to James Troup for his work in the far past. + Thanks to NMU'ers Bastian and Thijs. (Closes: #476418) + * Co-maintainers wanted. + * Don't build-dep on pcap on non-linux-archs. (Closes: #357267) + + -- Sune Vuorela <debian@pusling.com> Sat, 17 May 2008 15:42:55 +0200 + +gnupg (1.4.6-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Do not install gpg setuid root, this is not necessary anymore since + Linux kernel 2.6.9. (Closes: #356550, #346597, #453122) + * Update priority to match override. + + -- Thijs Kinkhorst <thijs@debian.org> Sat, 03 May 2008 16:20:56 +0200 + +gnupg (1.4.6-2.1) unstable; urgency=low + + * Non-maintainer upload. + * Remove makedev dependency. (closes: #343988) + + -- Bastian Blank <waldi@debian.org> Sat, 23 Feb 2008 19:59:18 +0100 + +gnupg (1.4.6-2) unstable; urgency=medium + + * 28_multiple_message.dpatch: new patch from upstream to fix problems + handling verification of messages with multiple + components. [CVE-2007-1263] + + -- James Troup <james@nocrew.org> Wed, 7 Mar 2007 21:47:35 +0000 + +gnupg (1.4.6-1) unstable; urgency=high + + * New upstream release. + * Fixes remotely controllable function pointer [CVE-2006-6235] + + * 27_filename_overflow.dpatch: merged upstream, dropped. + * 24_gpgv_manpage_cleanup.dpatch: updated and a couple of additional + trivial fixes. + + * debian/rules (binary-arch): info copy of manuals moved to + /usr/share/info - remove them there instead. Manuals are now built + from texi source, so install them from build tree, not top level. + + * debian/copyright: update to add OpenSSL exemption for keyserver helper + tools. + + -- James Troup <james@nocrew.org> Thu, 7 Dec 2006 02:54:51 +0000 + +gnupg (1.4.5-3) unstable; urgency=high + + * 27_filename_overflow.dpatch: new patch from upstream to fix buffer + overflow in ask_outfile_name(). [CVE-2006-6169] + + -- James Troup <james@nocrew.org> Mon, 27 Nov 2006 21:23:37 +0000 + +gnupg (1.4.5-2) unstable; urgency=low + + * debian/control: add gpgv package. Make gnupg package depend on it. + * debian/rules (binary-arch): add support for building gpgv package. + Adapt gnupg package creation accordingly. + * debian/rules (clean): clean gpgv package temporary directory. + + -- James Troup <james@nocrew.org> Thu, 26 Oct 2006 02:14:46 +0100 + +gnupg (1.4.5-1) unstable; urgency=low + + * New upstream release. + * 23_getkey_utf8_userid.dpatch: superseded by different fix upstream, + dropped. + * 26_user_id_overflow.dpatch: merged upstream, dropped. + * 25_de.po_fixes.dpatch: updated. + + * debian/copyright: update FSF address. + * debian/changelog: convert to UTF-8. + * debian/control (Standards-Version): bump to 3.7.2.1. + + -- James Troup <james@nocrew.org> Tue, 1 Aug 2006 22:50:09 +0100 + +gnupg (1.4.3-2) unstable; urgency=low + + * 26_user_id_overflow.dpatch: new patch pulled from upstream SVN to fix + a crash when processing overly large User ID packets [CVE-2006-3082]. + Thanks to Alec Berryman <alec@thened.net>. Closes: #375052 + + -- James Troup <james@nocrew.org> Fri, 23 Jun 2006 11:22:31 +0100 + +gnupg (1.4.3-1) unstable; urgency=low + + * New upstream release. + * 22_zero_length_mpi_fix.dpatch: merged upstream, dropped. + * debian/rules (test): s/g10.c/gpg.c/. + * 16_min_privileges.dpatch: likewise. + + * debian/control, debian/rules: apply patch from Max Vozeler + <xam@debian.org> to build gnupg-udeb. Closes: #321948 + + * Based on discussion with and testing by Martin Pitt + <martin.pitt@ubuntu.com>: + * debian/rules (build-deb-stamp): don't pass --with-included-gettext to + configure. + * debian/rules (build-udeb-stamp): likewise. + * debian/rules (binary-arch): don't need to remove + usr/share/locale/locale.alias anymore as a result. + + * debian/rules (build-deb-stamp): pass --enable-mailto to configure. + Closes #301308 + * debian/rules (build-udeb-stamp): likewise. + + * debian/control (Build-Depends): drop mail-transport-agent and... + * debian/rules (build-deb-stamp): pass + --with-mailprog=/usr/sbin/sendmail to configure instead. + * debian/rules (build-udeb-stamp): likewise. Closes: #333218 + + * debian/rules: put common configure options into CONFARGS variable and + rename the cross-compile-only variable to HOSTARG. + + * debian/rules (clean): also remove debian/gnupg-deb build directory. + + * debian/gpg-convert-from-106.1, debian/gpgsplit.1, debian/lspgpot.1: + new manpages from François Wendling <frwendling@free.fr>. Closes: + #344314 + * debian/rules (binary-arch): install them. + + * The following is a patch from Frans Pop <aragorn@tiscali.nl>. Closes: + #360257 + * debian/control (Build-Depends): add dpkg-dev (>= 1.13.12). + * debian/rules (binary-arch): pass -tudeb when invoking dpkg-shlibdeps + for the .udeb builds. + + * 23_getkey_utf8_userid.dpatch: new patch from Fumitoshi UKAI + <ukai@debian.or.jp> to fix '[User id not found]' message in non-UTF-8 + locales. Closes: #205028 + + * 24_gpgv_manpage_cleanup.dpatch: new patch from "Jim W. Jaszewski" + <grok@sprint.ca> to fix small errors in the gpgv manpage. Closes: + #177951 + + * 25_de.po_fixes.dpatch: new patch from Jens Seidel + <jensseidel@users.sf.net> with small fixes to the German translations. + Closes: #314069 + + -- James Troup <james@nocrew.org> Wed, 5 Apr 2006 02:45:56 +0100 + +gnupg (1.4.2.2-1) unstable; urgency=low + + * New upstream release. + * Fixes handling of files containing several signed messages. + [CVE-2006-0049] + + -- James Troup <james@nocrew.org> Fri, 10 Mar 2006 04:27:12 +0000 + +gnupg (1.4.2-2) unstable; urgency=low + + * 22_zero_length_mpi_fix.dpatch: new patch; pull in upstream patch to + fix bug in reading a zero-length MPI. Closes: #330686 + + -- James Troup <james@nocrew.org> Sun, 2 Oct 2005 02:39:51 +0100 + +gnupg (1.4.2-1) unstable; urgency=low + + * New upstream release. + * Fixes extra ) on expired keys. Closes: #329402 + + * debian/control (Standards-Version): updated to 3.6.2.1. + + * debian/rules (binary-arch): drop 'gnupg/' from libexecdir passed to + make install. + + -- James Troup <james@nocrew.org> Sat, 24 Sep 2005 03:31:37 +0100 + +gnupg (1.4.1-1) unstable; urgency=low + + * New upstream release. Closes: #307203 + * Fixes mis-selection of encryption key. Closes: #299814 + * Countermeasures against the Mister/Zuccherato CFB attack. + Closes: #300859 + * 18_ca_po_update.dpatch, 21_strgutil_update.dpatch: dropped - merged + upstream. + * debian/rules (build-deb-stamp): don't forcefully regenerate po/ca.gmo. + (clean): likewise, don't remove po/ca.gmo. + + -- James Troup <james@nocrew.org> Mon, 9 May 2005 23:41:50 +0100 + +gnupg (1.4.0-3) unstable; urgency=low + + * debian/rules (binary-arch): move Russian manpage to correct (FHS) + location. Thanks to Uwe Zeisberger + <zeisberg@informatik.uni-freiburg.de> for the report. Closes: #294196 + + -- James Troup <james@nocrew.org> Sun, 20 Feb 2005 22:55:11 +0000 + +gnupg (1.4.0-2) unstable; urgency=low + + * 18_ca_po_update.dpatch: re-added, updated for new upstream release. + Thanks to Jordi Mallach <jordi@debian.org>. + * debian/rules (build-deb): force regeneration of ca.gmo. + + * 21_strgutil_update.dpatch: new patch; pull in strgutil.c fixes from + 1.4.1rc1 to fix warnings about 'Invalid or incomplete multibyte or + wide character' with (at least) Latin-1 encoded UIDs. + + * debian/copyright: update year and version number. + + * debian/rules: apply patch to enable cross-build from NIIBE Yutaka + <gniibe@fsij.org>. Closes: #285293 + + * debian/rules: s/DEB_HOST_ARCH/DEB_BUILD_ARCH/ as the gpgv-udeb should + use the build architecture not host. + * debian/rules (build-udeb): pass $(CONFARGS) to configure here too. + + -- James Troup <james@nocrew.org> Sat, 5 Feb 2005 03:03:06 +0000 + +gnupg (1.4.0-1) unstable; urgency=low + + * New upstream release. Closes: #286058 + + * debian/control (Build-Depends): add libusb-dev and libreadline5-dev. + * debian/rules (binary): install doc/highlights-1.4.txt to + /usr/share/doc/gnupg/ too. + + * 17_ipv6_support.dpatch: removed; a different patch has been applied + upstream. + * 19_throw_keyid_compat.dpatch, 20_update_pgp8.dpatch: dropped; merged + upstream. + + * 16_min_privileges.dpatch: adjusted for new upstream release with + wiggle(1). + + * 18_ca_po_update.dpatch: dropped temporarily as it no longer applies. + + * Apply patch from Colin Watson to add gpgv-udeb package. Closes: #287106 + * debian/rules (build-udeb): also pass --without-readline to configure. + + -- James Troup <james@nocrew.org> Thu, 3 Feb 2005 23:52:49 +0000 + +gnupg (1.2.5-3.1) UNOFFICIAL; urgency=low + + * debian/control, debian/rules: Build gpgv-udeb, containing just + /usr/bin/gpgv built without bzip2 support and with -Os, for use in + debian-installer. + + -- Colin Watson <cjwatson@debian.org> Fri, 24 Dec 2004 13:42:23 +0000 + +gnupg (1.2.5-3) unstable; urgency=low + + * debian/rules (build): drop --with-capabilites for now. + * debian/rules (clean): don't remove fi.gmo now that we're no longer + patching it. + * Merge patch from Peter Palfrader <weasel@debian.org> to fix building + without capabilities and idempotency of build process after + 18_ca_po_update.dpatch. Closes: #262723 + + -- James Troup <james@nocrew.org> Mon, 2 Aug 2004 00:51:21 +0100 + +gnupg (1.2.5-2.1) unstable; urgency=low + + * Fix patches/15_free_caps to also build without capabilities. + * Remove po/ca.gmo in clean target. + + -- Peter Palfrader <weasel@debian.org> Sun, 1 Aug 2004 20:13:31 +0200 + +gnupg (1.2.5-2) unstable; urgency=low + + * 18_ca_po_update.dpatch: new patch from Jordi Mallach + <jordi@debian.org> to fix ca.po encoding. Closes: #237070 + + * 19_throw_keyid_compat.dpatch: new patch from Werner Koch + <wk@gnupg.org> to add a --throw-keyid option for backwards + compatability. + + * 20_update_pgp8.dpatch: new patch from David Shaw + <dshaw@jabberwocky.com> to update --pgp8 to match reality. + + -- James Troup <james@nocrew.org> Sat, 31 Jul 2004 10:55:30 +0100 + +gnupg (1.2.5-1) unstable; urgency=low + + * New upstream release. Closes: #262094 + * UID merging should now work on initial import. Closes: #236966 + + * 10_hppa_unaligned_constant.dpatch, 11_fi_po_update.dpatch, + 12_zero_length_header.dpatch, 13_revoked_keys.dpatch, + 14_getkey_not_found_fix.dpatch: merged upstream - removed. + + * debian/rules (binary-arch): add + 'mkinstalldirs=`pwd`/scripts/mkinstalldirs' to make install invocation + to work around broken Makefile. + + * debian/control (Standards-Version): bump to 3.6.1.1. + + * Apply patch from Martin Pitt <mpitt@debian.org> to drop privileges as + early as possible. Closes: #260803 + + * debian/control (Build-Depends): add mail-transport-agent to ensure + gpgkeys_mailto is built. Thanks to Daniel Schepler + <schepler@math.berkeley.edu> for noticing. Closes: #253681 + + * debian/rules, debian/preinst: Patch from David Weinehall + <tao@debian.org> to use && in favour of -a as the latter is an XSI + extension. Closes: #257575 + + * 17_ipv6_support.dpatch: IPv6 patch from Jun-ichiro itojun Hagino. + Thanks to Fabio Massimo Di Nitto <fabbione@fabbione.net>. + Closes: #209242 + + -- James Troup <james@nocrew.org> Thu, 29 Jul 2004 23:57:08 +0100 + +gnupg (1.2.4-4.1) unstable; urgency=low + + * 15_free_caps.dpatch: free allocated capability contexts when using + USE_CAPABILITIES. + * 16_min_privileges.dpatch: immediately drop root user to normal user and + keep only CAP_IPC_LOCK, which is dropped as well right after it is not + needed any more. This ensures minimal privileges. + * debian/rules: configure with --with-capabilities to tighten security. + * debian/control: this requires build-dependency libcap-dev. + + -- Martin Pitt <mpitt@debian.org> Thu, 22 Jul 2004 02:08:56 +0200 + +gnupg (1.2.4-4) unstable; urgency=low + + * 12_zero_length_header.dpatch: update patch from David Shaw + <dshaw@jabberwocky.com> to fix the fix of crashing on certain + keys. Closes: #234289 + + -- James Troup <james@nocrew.org> Mon, 23 Feb 2004 18:02:20 +0000 + +gnupg (1.2.4-3) unstable; urgency=low + + * Move to dpatch; existing non-debian/ change split into + 10_hppa_unaligned_constant.dpatch. + + * debian/rules: include /usr/share/dpatch/dpatch.make. + * debian/rules (build): depend on patch-stamp. + * debian/rules (clean): depend on unpatch. Remove debian/patched. + * debian/control (Build-Depends): add dpatch. + + * debian/rules: update version number and use install_foo convenience + variables. + * debian/rules (clean): remove emacs backup files from any directory. + + * 11_fi_po_update.dpatch: new patch from Tommi Vainikainen + <thv+debian@iki.fi> to update Finnish translation as the current one + renders gnupg unusable. Closes: #232030, #222951, #192582 + * debian/rules (clean): remove po/fi.gmo to avoid dpkg-source errors + over unrepresentable changes to source. + + * 12_zero_length_header.dpatch: new patch from David Shaw + <dshaw@jabberwocky.com> to fix cases where importing certain keys + makes the keyring unuseable. Closes: #232714 + + * 13_revoked_keys.dpatch: new patch from David Shaw + <dshaw@jabberwocky.com> to list revoked keys as revoked. Closes: #231814 + + * 14_getkey_not_found_fix.dpatch: new patch from David Shaw + <dshaw@jabberwocky.com> to fix --list-sigs incorrectly claiming "User + id not found". Closes: #229549 + + -- James Troup <james@nocrew.org> Fri, 20 Feb 2004 16:38:12 +0000 + +gnupg (1.2.4-2) unstable; urgency=low + + * mpi/hppa1.1/udiv-qrnnd.S: patch from LaMont Jones <lamont@debian.org> + to fix unaligned constant. Closes: #228456 + * debian/copyright: update year and version number. + + -- James Troup <james@nocrew.org> Tue, 20 Jan 2004 17:19:58 +0000 + +gnupg (1.2.4-1) unstable; urgency=medium + + * New upstream release. + * Most support for ElGamal Sign+Encrypt keys has been removed. Closes: #222293 + * No longer miss-identifies GNU/KFreeBSD as GNU/Hurd. Closes: #216957 + * Fixes build error on GNU/KFreeBSD (and Glibc-based GNU/KNetBSD). Closes: #221079 + * Fixes segmentation fault in prime generator. Closes: #213989 + * Fixes trustdb not updating without ultimately trusted keys. Closes: #222368 + + * debian/control (Build-Depends): add libbz2-dev. + + -- James Troup <james@nocrew.org> Wed, 31 Dec 2003 17:57:52 +0000 + +gnupg (1.2.3-1) unstable; urgency=low + + * New upstream release (Closes: #207340). + * gpg no longer kills keyrings by importing broken keys. Closes: #196505 + * options.skel uses subkeys.pgp.net instead of pgp.mit.edu. Closes: #206092 + * --import now closes files when it's done. Closes: #196643 + * A key listing speed regression has been fixed. Closes: #192083 + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + * debian/control (Standards-Version): bump to 3.6.0. + + * debian/Upgrading_From_PGP.txt: new file from to Richard Braakman + <dark@xs4all.nl>. Closes: #173233 + * debian/rules (binary-arch): install it. + + * debian/rules (build): correct libexecdir passed to configure; patch + from Matthias Cramer <cramer@freestone.net>. Fixes invocation of + gpgkeys_ldap. Closes: #168486 + + -- James Troup <james@nocrew.org> Thu, 28 Aug 2003 14:08:50 +0100 + +gnupg (1.2.2-1) unstable; urgency=low + + * New upstream release. + * debian/control (Standards-Version): bump to 3.5.9.0. + * debian/rules (binary-arch): install convert-from-106 as + gpg-convert-from-106 and fix the path to gpg. + * debian/control: remove trailing full stop from short description. + * debian/control: remove out-dated and contradictory information about + RSA. + + -- James Troup <james@nocrew.org> Mon, 5 May 2003 03:08:58 +0100 + +gnupg (1.2.1-2) unstable; urgency=low + + * Update config.guess (to 2002-10-21) and config.sub (to 2002-09-05). + Thanks to Ryan Murray. Closes: #166696 + + -- James Troup <james@nocrew.org> Mon, 28 Oct 2002 01:47:26 +0000 + +gnupg (1.2.1-1) unstable; urgency=low + + * New upstream version. + * An inifinte loop in --update-trustdb has been fixed. Closes: #162039 + * The polish translation is now correctly specified as UTF-8. Closes: #162885 + * --refresh-keys is now documented in the manpage. Closes: #165566 + * debian/control (Conflicts): add gpg-idea <= 2.2 since gnupg >= 1.2 is + incompatible with that version of gpg-idea. Closes: #162314 + + -- James Troup <james@nocrew.org> Fri, 25 Oct 2002 18:18:43 +0100 + +gnupg (1.2.0-1) unstable; urgency=low + + * New upstream version. Closes: #161817. + * --options no longer mis-handles a directory as an argument. Closes: #151973 + * gpg now prompts before sending all keys to the keyserver. Closes: #64607 + * There is now a gnupg(7) manpage. Closes: #157750 + * The permission checking has been sanitized and handles non-home-dir + keyrings better. Closes: #147760 + * notation data longer than 5 characters is now handled. Closes: #156871 + * an abort when setting trust levels in a czech locale has been fixed. + Closes: #149212 + * debian/rules (binary-arch): there are no more modules, adjust + accordingly. + * debian/postinst, debian/prerm: remove; no longer do /usr/doc symlinks. + * debian/rules (binary-arch): don't install obsolete postinst or prerm. + * debian/rules (binary-arch): gzip gnupg.7 too. + * debian/rules (build): pass --libexecdir=/usr/lib/gnupg to configure. + * debian/rules (binary-arch): likewise, pass suitable libexcedir + argument to make install. + * debian/control (Standards-Version): update to 3.5.7.0. + * debian/copyright: update URL and date. + * debian/rules: update dates and version. + + -- James Troup <james@nocrew.org> Sun, 22 Sep 2002 22:26:25 +0100 + +gnupg (1.0.7-2) unstable; urgency=low + + * debian/control (Suggests): add xloadimage since that's what gpg uses + by default to view photo IDs. Thanks to Julien Danjou + <acid@debian.org> for the suggestion. Closes: #156245 + * debian/control (Depends): add "hurd" to the alternatives to + makedev. Thanks to Michal Suchanek <hramrach_l@centrum.cz> for + noticing. Closes: #158492 + * po/it.po: patch to fix typos from Marco Bodrato + <bodrato@gulp.linux.it. Closes: #149462 + * g10/g10.c (main): remove the bogus undef of USE_SHM_COPROCESSING to + match upstream and fix gabber and libgnupg-perl. Closes: #147679, #151969 + + -- James Troup <james@nocrew.org> Thu, 29 Aug 2002 01:42:58 +0100 + +gnupg (1.0.7-1) unstable; urgency=low + + * New upstream version. Closes: #145477. + * GDBM support has been removed. Closes: #33009. + * Now adds the default keyring when a keyring is specified. + Closes: #50616, #65260. + * Now does the Right Thing when receiving a key from the keyserver and + the key in question is in both a read-only and writable keyring. + Closes: #63297. + * Automatic key retrieval is now configurable. Closes: #64940. + * --no-options supresses ~/.gnupg creation again. Closes: #95486. + * duplicate trust entries are no longer treated as an error. Closes: #96480. + * There's now no comment line in ascii armours. Closes: #100088. + * Handle secret keyring given as keyring better. Closes: #100581, #106670. + * It's now documented that --with-colons unconditionally uses UTF8. + Closes: #101446, 101454. + * s/now/knows/ typo in manpage fixed. Closes: #107471. + * There's now support for a primary UID. Closes: #106567, #108155. + * Handles errors in uncompression layer beter. Closes: #112392. + * Key selection has been entirely revamped. Closes: #136170. + * Handles empty encrypt-to. Closes: #138378 + + * debian/rules (binary-arch): remove empty /usr/info directory, thanks + to Joey Hess <joeyh@debian.org>. Closes: #121864. + * debian/control: remove duplicated word from long description, thanks + to Nicolas Boulenguez <nicolas.boulenguez@free.fr>. Closes: #144786. + * README: correct URL to GPH and other docs, thanks to Mark Brown + <broonie@sirena.org.uk>. Closes: #100277. + * debian/control (Standards-Version): updated to 3.5.6.1. + * debian/rules (binary-arch): only strip ELF binaries. es_ES -> es hack + no longer needed as fixed upstream. + * debian/control (Build-Depends): remove libgdbmg1-dev; no longer used. + * debian/README.Debian: remove note about gdbm support which was finally + removed. Update note on old versions of gnupg to reflect the + pre-historic nature of those versions. + * debian/control (Build-Depends): add libldap2-dev. + * debian/rules (binary-arch): call dpkg-shlibdeps for all ELF binaries. + * debian/control (Build-Depends): add file. + * debian/control (Priority): increase to standard to match overrides. + + -- James Troup <james@nocrew.org> Sat, 11 May 2002 15:08:02 +0100 + +gnupg (1.0.6-3) unstable; urgency=low + + * moved into main. + + -- James Troup <james@nocrew.org> Tue, 19 Mar 2002 16:17:09 +0000 + +gnupg (1.0.6-2) unstable; urgency=high + + * debian/rules (binary-arch): remove the erroneous + /usr/share/locale/locale.alias that 'make install' adds; closes: + #99293. + + -- James Troup <james@nocrew.org> Wed, 30 May 2001 20:40:59 +0100 + +gnupg (1.0.6-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Tue, 29 May 2001 20:59:49 +0100 + +gnupg (1.0.5-4) unstable; urgency=low + + * Patch from Werner. + + -- James Troup <james@nocrew.org> Sun, 27 May 2001 09:34:50 +0100 + +gnupg (1.0.5-3) unstable; urgency=low + + * Apply patch from Matthew Wilcox <matthew@wil.cx> to fix assembly on + hppa. + + -- James Troup <james@nocrew.org> Sun, 13 May 2001 02:36:45 +0100 + +gnupg (1.0.5-2) unstable; urgency=medium + + * util/http.c: patch from Werner that fixes --send-key, closes: #96277. + * debian/control (Depends): accept devfsd in place of makedev, closes: + #96307. + + -- James Troup <james@nocrew.org> Mon, 7 May 2001 00:13:51 +0100 + +gnupg (1.0.5-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: fix spelling and update URL. + * debian/rules (binary): remove the new info files. + * scripts/config.{guess,sub}: sync with subversions, closes: #95729. + + -- James Troup <james@nocrew.org> Mon, 30 Apr 2001 02:12:38 +0100 + +gnupg (1.0.4-4) unstable; urgency=low + + * po/ru.po: patch by Ilya Martynov <m_ilya@agava.com> to replace German + entries and add missing translations, closes: #93987. + * g10/revoke.c (ask_revocation_reason): typo fix (s/non longer/no + longer/g); noticed by Colin Watson <cjw44@flatline.org.uk>, closes: + #93664. + + * Deprecated depreciated; noticed by Vincent Broman + <broman@spawar.navy.mil>. + + * Following two patches are from Vincent Broman. + * g10/mainproc.c (proc_tree): use iobuf_get_real_fname() in preference + to iobuf_get_fname(). + * g10/openfile.c (open_sigfile): handle .sign prefixed files correctly. + + -- James Troup <james@nocrew.org> Fri, 20 Apr 2001 23:32:44 +0100 + +gnupg (1.0.4-3) unstable; urgency=medium + + * debian/rules (binary): make gpg binary suid, closes: #86433. + * debian/postinst: don't use suidregister. + * debian/postrm: removed (only called suidunregister). + * debian/control: conflict with suidmanager << 0.50. + * mpi/longlong.h: apply fix for ARM long long artimetic from Philip + Blundell <philb@gnu.org>, closes: #87487. + * debian/preinst: the old GnuPG debs have moved to people.debian.org. + * cipher/random.c: #include <time.h> as well as <sys/time.h> + * g10/misc.c: likewise. + * debian/rules: define a strip alias which removes the .comment and + .note sections. + * debian/rules (binary-arch): use it. + * debian/lintian.override: new file; override the SUID warning from + lintian. + * debian/rules (binary-arch): install it. + + -- James Troup <james@nocrew.org> Sun, 25 Feb 2001 05:24:58 +0000 + +gnupg (1.0.4-2) stable unstable; urgency=high + + * Apply security fix patch from Werner. + * Apply another patch from Werner to fix bogus warning on Rijndael + usage. + * Change section to 'non-US'. + + -- James Troup <james@nocrew.org> Mon, 12 Feb 2001 07:47:02 +0000 + +gnupg (1.0.4-1) stable unstable; urgency=high + + * New upstream version. + * Fixes a serious bug which could lead to false signature verification + results when more than one signature is fed to gpg. + + -- James Troup <james@nocrew.org> Tue, 17 Oct 2000 17:26:17 +0100 + +gnupg (1.0.3b-1) unstable; urgency=low + + * New upstream snapshot version. + + -- James Troup <james@nocrew.org> Fri, 13 Oct 2000 18:08:14 +0100 + +gnupg (1.0.3-2) unstable; urgency=low + + * debian/control: Conflict, Replace and Provide gpg-rsa & gpg-rsaref. + Fix long description to reflect the fact that RSA is no longer + patented and now included. [#72177] + * debian/rules: move faq.html to /usr/share/doc/gnupg/ and remove FAQ + from /usr/share/gnupg/. Thanks to Robert Luberda + <robert@pingu.ii.uj.edu.pl> for noticing. [#72151] + * debian/control: Suggest new package gnupg-doc. [#64323, #65560] + * utils/secmem.c (lock_pool): don't bomb out if mlock() returns ENOMEM, + as Linux will do this if resource limits (or other reasons) prevent + memory from being locked, instead treat it like permission was denied + and warn but continue. Thanks to Topi Miettinen + <Topi.Miettinen@nic.fi>. [#70446] + * g10/hkp.c (not_implemented): s/ist/is/ in error message. + * debian/README.Debian: add a note about GDBM support and why it is + disabled. Upstream already fixed the manpage. [#65913] + * debian/rules (binary-arch): fix the Spanish translation to be 'es' not + 'es_ES' at Nicolás Lichtmaier <nick@debian.org>'s request. [#57314] + + -- James Troup <james@nocrew.org> Sun, 1 Oct 2000 14:55:03 +0100 + +gnupg (1.0.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Mon, 18 Sep 2000 15:56:54 +0100 + +gnupg (1.0.2-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Thu, 13 Jul 2000 20:26:50 +0100 + +gnupg (1.0.1-2) unstable; urgency=low + + * debian/control (Build-Depends): added. + * debian/copyright: corrected location of copyright file. Removed + references to Linux. Removed warnings about beta nature of GnuPG. + * debian/rules (binary-arch): install documentation into + /usr/share/doc/gnupg/ and pass mandir to make install to ensure the + manpages go to /usr/share/man/. + * debian/postinst: create /usr/doc/gnupg symlink. + * debian/prerm: new file; remove /usr/doc/gnupg symlink. + * debian/rules (binary-arch): install prerm. + * debian/control (Standards-Version): updated to 3.1.1.1. + + -- James Troup <james@nocrew.org> Thu, 30 Dec 1999 16:16:49 +0000 + +gnupg (1.0.1-1) unstable; urgency=low + + * New upstream version. + * doc/gpg.1: updated to something usable from + ftp://ftp.gnupg.org/pub/gcrypt/gnupg/gpg.1.gz. + + -- James Troup <james@nocrew.org> Sun, 19 Dec 1999 23:47:10 +0000 + +gnupg (1.0.0-3) unstable; urgency=low + + * debian/rules (build): remove the stunningly ill-advised --host option + to configure. [#44698, #48212, #48281] + + -- James Troup <james@nocrew.org> Tue, 26 Oct 1999 01:12:59 +0100 + +gnupg (1.0.0-2) unstable; urgency=low + + * debian/rules (binary-arch): fix the permissions on the + modules. [#47280] + * debian/postinst, debian/postrm: fix the package name passed to + suidregister. [#45013] + * debian/control: update long description. [#44636] + * debian/rules (build): pass the host explicitly to configure to avoid + problems on sparc64. [(Should fix) #44698]. + + -- James Troup <james@nocrew.org> Wed, 20 Oct 1999 23:39:05 +0100 + +gnupg (1.0.0-1) unstable; urgency=low + + * New upstream release. [#44545] + + -- James Troup <james@nocrew.org> Wed, 8 Sep 1999 00:53:02 +0100 + +gnupg (0.9.10-2) unstable; urgency=low + + * debian/rules (binary-arch): install lspgpot. Requested by Kai + Henningsen <kai@khms.westfalen.de>. [#42288] + * debian/rules (binary-arch): correct the path where modules are looked + for. Reported by Karl M. Hegbloom <karlheg@odin.cc.pdx.edu>. [#40881] + * debian/postinst, debian/postrm: under protest, register gpg the + package with suidmanager and make it suid by default. + [#29780,#32590,#40391] + + -- James Troup <james@nocrew.org> Tue, 10 Aug 1999 00:12:40 +0100 + +gnupg (0.9.10-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Fri, 6 Aug 1999 01:16:21 +0100 + +gnupg (0.9.9-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Sun, 25 Jul 1999 01:06:31 +0100 + +gnupg (0.9.8-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): don't create a gpgm manpage as the binary + no longer exists. Noticed by Wichert Akkerman + <wichert@cs.leidenuniv.nl>. [#38864] + + -- James Troup <james@nocrew.org> Sun, 27 Jun 1999 01:07:58 +0100 + +gnupg (0.9.7-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Tue, 25 May 1999 13:23:24 +0100 + +gnupg (0.9.6-1) unstable; urgency=low + + * New upstream version. + * debian/copyright: update version number, noticed by Lazarus Long + <lazarus@frontiernet.net>. + * debian/control (Depends): depend on makedev (>= 2.3.1-13) to ensure + that /dev/urandom exists; reported by Steffen Markert + <smort@rz.tu-ilmenau.de>. [#32076] + + -- James Troup <james@nocrew.org> Tue, 11 May 1999 21:06:27 +0100 + +gnupg (0.9.5-1) unstable; urgency=low + + * New upstream version. + * debian/control (Description): no tabs. [Lintian] + + -- James Troup <james@nocrew.org> Wed, 24 Mar 1999 22:37:40 +0000 + +gnupg (0.9.4-1) unstable; urgency=low + + * New version. + * debian/control: s/GNUPG/GnuPG/ + + -- Werner Koch <wk@isil.d.suttle.de> Mon, 8 Mar 1999 19:58:28 +0100 + +gnupg (0.9.3-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Mon, 22 Feb 1999 22:55:04 +0000 + +gnupg (0.9.2-1) unstable; urgency=low + + * New version. + * debian/rules (build): Removed CFLAGS as the default is now sufficient. + * debian/rules (clean): remove special handling cleanup in intl. + + -- Werner Koch <wk@isil.d.suttle.de> Wed, 20 Jan 1999 21:23:11 +0100 + +gnupg (0.9.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Sat, 9 Jan 1999 22:29:11 +0000 + +gnupg (0.9.0-1) unstable; urgency=low + + * New upstream version. + * g10/armor.c (armor_filter): add missing new line in comment string; as + noticed by Stainless Steel Rat <ratinox@peorth.gweep.net>. + + -- James Troup <james@nocrew.org> Tue, 29 Dec 1998 20:22:43 +0000 + +gnupg (0.4.5-1) unstable; urgency=low + + * New upstream version. + * debian/rules (clean): force removal of intl/libintl.h which the + Makefiles fail to remove properly. + + -- James Troup <james@nocrew.org> Tue, 8 Dec 1998 22:40:23 +0000 + +gnupg (0.4.4-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Sat, 21 Nov 1998 01:34:29 +0000 + +gnupg (0.4.3-1) unstable; urgency=low + + * New upstream version. + * debian/README.Debian: new file; contains same information as is in the + preinst. Suggested by Wichert Akkerman <wichert@cs.leidenuniv.nl>. + * debian/rules (binary-arch): install `README.Debian' + * debian/control (Standards-Version): updated to 2.5.0.0. + + -- James Troup <james@nocrew.org> Sun, 8 Nov 1998 19:08:12 +0000 + +gnupg (0.4.2-1) unstable; urgency=low + + * New upstream version. + * debian/preinst: improve message about the NEWS file which isn't + actually installed when it's referred to, thanks to Martin Mitchell + <martin@debian.org>. + * debian/rules (binary-arch): don't install the now non-existent `rfcs', + but do install `OpenPGP'. + + -- James Troup <james@nocrew.org> Sun, 18 Oct 1998 22:48:34 +0100 + +gnupg (0.4.1-1) unstable; urgency=low + + * New upstream version. + * debian/rules (binary-arch): fix the gpgm manpage symlink now installed + by `make install'. + + -- James Troup <james@nocrew.org> Sun, 11 Oct 1998 17:01:21 +0100 + +gnupg (0.4.0-1) unstable; urgency=high + + * New upstream version. [#26717] + * debian/copyright: tone down warning about alpha nature of gnupg. + * debian/copyright: new maintainer address. + * debian/control: update extended description. + * debian/rules (binary-arch): install FAQ and all ChangeLogs. + * debian/preinst: new; check for upgrade from (<= 0.3.2-1) and warn about + incompatibilities in keyring format and offer to move old copy out of + gpg out of the way for transition strategy and inform the user about + the old copies of gnupg available on my web page. + * debian/rules (binary-arch) install preinst. + * debian/rules (binary-arch): don't depend on the test target as it is + now partially interactive (tries to generate a key, which requires + someone else to be using the computer). + + -- James Troup <james@nocrew.org> Thu, 8 Oct 1998 00:47:07 +0100 + +gnupg (0.3.2-1) unstable; urgency=low + + * New upstream version. + * debian/control (Maintainer): new address. + * debian/copyright: updated list of changes. + + -- James Troup <james@nocrew.org> Thu, 9 Jul 1998 21:06:07 +0200 + +gnupg (0.3.1-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <james@nocrew.org> Tue, 7 Jul 1998 00:26:21 +0200 + +gnupg (0.3.0-2) unstable; urgency=low + + * Applied bug-fix patch from Werner. + + -- James Troup <jjtroup@comp.brad.ac.uk> Fri, 26 Jun 1998 12:18:29 +0200 + +gnupg (0.3.0-1) unstable; urgency=low + + * New upstream version. + * debian/control: rewrote short and long description. + * cipher/Makefile.am: link tiger with -lc. + * debian/rules (binary-arch): strip loadable modules. + * util/secmem.c (lock_pool): get rid of errant test code; fix from + Werner Koch <wk@isil.d.shuttle.de>. + * debian/rules (test): new target which runs gnupg's test suite. + binary-arch depends on it, to ensure it's run whenever the package is + built. + + -- James Troup <jjtroup@comp.brad.ac.uk> Thu, 25 Jun 1998 16:04:57 +0200 + +gnupg (0.2.19-1) unstable; urgency=low + + * New upstream version. + * debian/control: Updated long description. + + -- James Troup <jjtroup@comp.brad.ac.uk> Sat, 30 May 1998 12:12:35 +0200 + +gnupg (0.2.18-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <J.J.Troup@comp.brad.ac.uk> Sat, 16 May 1998 11:52:47 +0200 + +gnupg (0.2.17-1) unstable; urgency=high + + * New upstream version. + * debian/control (Standards-Version): updated to 2.4.1.0. + * debian/control: tone down warning about alpha nature of gnupg, as per + README. + * debian/copyright: ditto. + + -- James Troup <jjtroup@comp.brad.ac.uk> Mon, 4 May 1998 22:36:51 +0200 + +gnupg (0.2.15-1) unstable; urgency=high + + * New upstream version. + + -- James Troup <jjtroup@comp.brad.ac.uk> Fri, 10 Apr 1998 01:12:20 +0100 + +gnupg (0.2.13-1) unstable; urgency=high + + * New upstream version. + + -- James Troup <jjtroup@comp.brad.ac.uk> Wed, 11 Mar 1998 01:52:51 +0000 + +gnupg (0.2.12-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <jjtroup@comp.brad.ac.uk> Sat, 7 Mar 1998 13:52:40 +0000 + +gnupg (0.2.11-1) unstable; urgency=low + + * New upstream version. + + -- James Troup <jjtroup@comp.brad.ac.uk> Wed, 4 Mar 1998 01:32:12 +0000 + +gnupg (0.2.10-1) unstable; urgency=low + + * New upstream version. + * Name changed upstream. + + -- James Troup <jjtroup@comp.brad.ac.uk> Mon, 2 Mar 1998 07:32:05 +0000 + +g10 (0.2.7-1) unstable; urgency=low + + * Initial release. + + -- James Troup <jjtroup@comp.brad.ac.uk> Fri, 20 Feb 1998 02:05:34 +0000 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..684d3e3 --- /dev/null +++ b/debian/control @@ -0,0 +1,64 @@ +Source: gnupg +Section: utils +Priority: important +Maintainer: Rafal Krypa <r.krypa@samsung.com> +X-Original-Maintainer: Sune Vuorela <debian@pusling.com> +Standards-Version: 3.7.2.1 +Build-Depends: libz-dev, libbz2-dev, libreadline-dev, file, gettext, dpatch, dpkg-dev (>= 1.13.12) + +Package: gnupg +Architecture: any +Depends: ${shlibs:Depends}, gpgv +Suggests: gnupg-doc, xloadimage +Conflicts: gpg-rsa, gpg-rsaref, suidmanager (<< 0.50), gpg-idea (<= 2.2) +Replaces: gpg-rsa, gpg-rsaref +Provides: gpg-rsa, gpg-rsaref +Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC2440. + . + GnuPG does not use any patented algorithms so it cannot be compatible + with PGP2 because it uses IDEA (which is patented worldwide). + +Package: gpgv +Architecture: any +Priority: important +Depends: ${shlibs:Depends} +Suggests: gnupg +Replaces: gnupg (<< 1.4.5-2) +Description: GNU privacy guard - signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + . + gpgv is a stripped-down version of gnupg which is only able to check + signatures. It is smaller than the full-blown gnupg and uses a + different (and simpler) way to check that the public keys used to + make the signature are trustworthy. + +Package: gnupg-udeb +Section: debian-installer +Priority: extra +Architecture: any +Depends: ${shlibs:Depends} +Description: GNU privacy guard - a free PGP replacement + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC2440. + . + This is GnuPG packaged in minimal form for use in debian-installer. + +Package: gpgv-udeb +Section: debian-installer +Priority: extra +Architecture: any +Depends: ${shlibs:Depends} +Description: minimal signature verification tool + GnuPG is GNU's tool for secure communication and data storage. + It can be used to encrypt data and to create digital signatures. + It includes an advanced key management facility and is compliant + with the proposed OpenPGP Internet standard as described in RFC2440. + . + This is GnuPG's signature verification tool, gpgv, packaged in minimal + form for use in debian-installer. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..ddbbdc4 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,40 @@ +This is Debian GNU's prepackaged version of GnuPG, a free PGP +replacement. + +This package was put together by me, James Troup <james@nocrew.org>, +from the sources, which I obtained from +ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.6.tar.gz. The changes were +minimal, namely: + +- adding support for the Debian package maintenance scheme, by adding + various debian/* files. + +Program Copyright (C) 1998-2006 Free Software Foundation, Inc. +Modifications for Debian Copyright (C) 1998-2006 James Troup. + +GnuPG is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 2, or (at your option) any later +version. + +GnuPG is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +You should have received a copy of the GNU General Public License with +your Debian GNU system, in /usr/share/common-licenses/GPL, or with the +Debian GNU gnupg source package as the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +Boston, MA 02110-1301, USA. + +In addition, as a special exception, the Free Software Foundation +gives permission to link the code of the keyserver helper tools: +gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL project's +"OpenSSL" library (or with modified versions of it that use the same +license as the "OpenSSL" library), and distribute the linked +executables. You must obey the GNU General Public License in all +respects for all of the code used other than "OpenSSL". If you modify +this file, you may extend this exception to your version of the file, +but you are not obligated to do so. If you do not wish to do so, +delete this exception statement from your version. diff --git a/debian/gpg-convert-from-106.1 b/debian/gpg-convert-from-106.1 new file mode 100644 index 0000000..8d355e8 --- /dev/null +++ b/debian/gpg-convert-from-106.1 @@ -0,0 +1,21 @@ +.TH "gpg-convert-from-106" 1 "December 2005" + +.SH NAME +gpg-convert-from-106 \- converts your public keyring and trustdb from GnuPG +1.0.6 to later formats. + +.SH SYNOPSIS +.B gpg-convert-from-106 + + +.SH DESCRIPTION +.B gpg-convert-from-106 +converts your public keyring and trustdb from GnuPG 1.0.6 or earlier to the +1.0.7 and later format. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +<bug-gnupg@gnu.org>. + +This manpage was written by Francois Wendling <frwendling@free.fr>. + diff --git a/debian/gpgsplit.1 b/debian/gpgsplit.1 new file mode 100644 index 0000000..116ce89 --- /dev/null +++ b/debian/gpgsplit.1 @@ -0,0 +1,41 @@ +.TH "gpgsplit" 1 "December 2005" + +.SH NAME +gpgsplit \- Split an OpenPGP message into packets + +.SH SYNOPSIS +.B gpgsplit +.RI [ OPTIONS ] +.RI [ FILES ] + +.SH DESCRIPTION +This manual page documents briefly the +.B gpgsplit +command. +.PP +.B gpgsplit +splits an OpenPGP message into packets. + +.SH OPTIONS +.TP +.BR \-v , \-\-verbose +Verbose. +.TP +.BR \-p , "\-\-prefix " \fISTRING\fR +Prepend filenames with \fISTRING\fR. +.TP +.B \-\-uncompress +Uncompress a packet. +.TP +.B \-\-secret\-to\-public +Convert secret keys to public keys. +.TP +.B \-\-no\-split +Write to stdout and don't actually split. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +<bug-gnupg@gnu.org>. + +This manpage was written by Francois Wendling <frwendling@free.fr>. + diff --git a/debian/lspgpot.1 b/debian/lspgpot.1 new file mode 100644 index 0000000..ba27eca --- /dev/null +++ b/debian/lspgpot.1 @@ -0,0 +1,22 @@ +.TH "lspgpot" 1 "December 2005" + +.SH NAME +lspgpot - extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + + +.SH SYNOPSIS +.B lspgpot + + +.SH DESCRIPTION +.B lspgpot +extracts the ownertrust values from PGP keyrings and list them in +GnuPG ownertrust format. + +.SH AUTHOR +Copyright (C) 2002 Free Software Foundation, Inc. Please report bugs to +<bug-gnupg@gnu.org>. + +This manpage was written by Francois Wendling <frwendling@free.fr>. + diff --git a/debian/patches/00list b/debian/patches/00list new file mode 100644 index 0000000..9ab4bda --- /dev/null +++ b/debian/patches/00list @@ -0,0 +1,5 @@ +15_free_caps +16_min_privileges +24_gpgv_manpage_cleanup +25_de.po_fixes +28_multiple_message diff --git a/debian/patches/15_free_caps.dpatch b/debian/patches/15_free_caps.dpatch new file mode 100644 index 0000000..d48b2e1 --- /dev/null +++ b/debian/patches/15_free_caps.dpatch @@ -0,0 +1,124 @@ +#! /bin/sh -e +## 15_free_caps.dpatch by <mpitt@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: cap_from_text() allocates a new capability context, which is not freed +## DP: in the original sources. This patch fixes this. +## DP: Please note that this approach alone is not safe: when using +## DP: USE_CAPABILITIES the root user is not setuid() back any more to a normal +## DP: user. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c gnupg-1.2.5/g10/status.c +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/g10/status.c 2004-07-21 09:59:45.000000000 +0200 ++++ gnupg-1.2.5/g10/status.c 2004-08-01 20:07:42.071690680 +0200 +@@ -346,6 +346,9 @@ + { + char buf[100]; + struct shmid_ds shmds; ++#ifdef USE_CAPABILITIES ++ cap_t caps; ++#endif + + #ifndef IPC_RMID_DEFERRED_RELEASE + atexit( remove_shmid ); +@@ -371,7 +374,9 @@ + (unsigned)shm_size/1024, shm_area, shm_id ); + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + /* (need the cast for Solaris with Sun's workshop compilers) */ + if ( mlock ( (char*)shm_area, shm_size) ) +@@ -380,7 +385,9 @@ + else + shm_is_locked = 1; + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +@@ -407,7 +414,9 @@ + + if( lock_mem ) { + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + #ifdef IPC_HAVE_SHM_LOCK + if ( shmctl (shm_id, SHM_LOCK, 0) ) +@@ -419,7 +428,9 @@ + log_info("Locking shared memory %d failed: No way to do it\n", shm_id ); + #endif + #ifdef USE_CAPABILITIES +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + #endif + } + +diff -urNad /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c gnupg-1.2.5/util/secmem.c +--- /home/weasel/tmp/debian-gpg/gnupg-1.2.5/util/secmem.c 2004-02-24 17:06:58.000000000 +0100 ++++ gnupg-1.2.5/util/secmem.c 2004-08-01 20:08:10.873412378 +0200 +@@ -97,12 +97,18 @@ + { + #if defined(USE_CAPABILITIES) && defined(HAVE_MLOCK) + int err; ++ cap_t caps; ++ ++ caps = cap_from_text("cap_ipc_lock=ep"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + +- cap_set_proc( cap_from_text("cap_ipc_lock+ep") ); + err = mlock( p, n ); + if( err && errno ) + err = errno; +- cap_set_proc( cap_from_text("cap_ipc_lock+p") ); ++ caps = cap_from_text("cap_ipc_lock=p"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + if( err ) { + if( errno != EPERM +@@ -301,8 +307,12 @@ + if( !n ) { + #ifndef __riscos__ + #ifdef USE_CAPABILITIES ++ cap_t caps; ++ + /* drop all capabilities */ +- cap_set_proc( cap_from_text("all-eip") ); ++ caps = cap_from_text("all-eip"); ++ cap_set_proc( caps ); ++ cap_free( caps ); + + #elif !defined(HAVE_DOSISH_SYSTEM) + uid_t uid; diff --git a/debian/patches/16_min_privileges.dpatch b/debian/patches/16_min_privileges.dpatch new file mode 100644 index 0000000..464133e --- /dev/null +++ b/debian/patches/16_min_privileges.dpatch @@ -0,0 +1,98 @@ +#! /bin/sh -e +## 16_min_privileges.dpatch by <mpitt@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: when using USE_CAPABILITIES, the uid was not setuid() back to a normal +## DP: user; this would allow to regain _all_ capabilities just by doing +## DP: exec(). This patch ensures minimal privileges by immediately revoking +## DP: root user and all capabilities except CAP_IPC_LOCK. After the shared +## DP: memory is set up, this last capability is dropped as well. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad gnupg-1.4.0/g10/gpg.c /tmp/dpep.O5S02c/gnupg-1.4.0/g10/gpg.c +--- gnupg-1.4.0/g10/gpg.c 2004-12-16 09:47:36.000000000 +0000 ++++ /tmp/dpep.O5S02c/gnupg-1.4.0/g10/gpg.c 2005-02-03 23:31:40.645873299 +0000 +@@ -69,6 +69,11 @@ + #endif + + ++#ifdef USE_CAPABILITIES ++#include <sys/capability.h> ++#include <sys/prctl.h> ++#endif ++ + enum cmd_and_opt_values + { + aNull = 0, +@@ -1618,6 +1623,10 @@ + #ifdef USE_SHM_COPROCESSING + ulong requested_shm_size=0; + #endif ++#ifdef USE_CAPABILITIES ++ uid_t curr_uid; ++ cap_t caps; ++#endif + + #ifdef __riscos__ + opt.lock_once = 1; +@@ -1629,6 +1638,33 @@ + * when adding any stuff between here and the call to + * secmem_init() somewhere after the option parsing + */ ++ ++ /* if we use capabilities and run as root, we can immediately setuid back ++ * to the normal user and only keep CAP_IPC_LOCK until the shared memory is ++ * set up. ++ */ ++#ifdef USE_CAPABILITIES ++ curr_uid = getuid(); ++ if( curr_uid && !geteuid() ) { /* we are setuid root */ ++ if( prctl( PR_SET_KEEPCAPS, 1, 0, 0, 0 ) ) { ++ perror( "main(): could not keep capabilities" ); ++ return -100; ++ } ++ ++ if( setuid( curr_uid ) ) { ++ perror( "main(): could not set user id" ); ++ return -100; ++ } ++ ++ caps = cap_from_text( "cap_ipc_lock=p" ); ++ if( cap_set_proc( caps ) ) { ++ perror( "main(): could not install capabilities" ); ++ return -100; ++ } ++ cap_free( caps ); ++ } ++#endif ++ + log_set_name("gpg"); + secure_random_alloc(); /* put random number into secure memory */ + may_coredump = disable_core_dumps(); +@@ -1747,7 +1783,7 @@ + } + #endif + /* initialize the secure memory. */ +- got_secmem=secmem_init( 32768 ); ++ got_secmem=secmem_init( 32768 ); /* this will drop all remaining privileges */ + maybe_setuid = 0; + /* Okay, we are now working under our real uid */ + diff --git a/debian/patches/24_gpgv_manpage_cleanup.dpatch b/debian/patches/24_gpgv_manpage_cleanup.dpatch new file mode 100644 index 0000000..0284334 --- /dev/null +++ b/debian/patches/24_gpgv_manpage_cleanup.dpatch @@ -0,0 +1,85 @@ +#! /bin/sh -e +## 24_gpgv_manpage_cleanup.dpatch +## +## DP: Description: Small fixes for gpgv manpage (#177951) +## DP: Author: "Jim W. Jaszewski" <grok@sprint.ca> +## DP: Upstream status: Not yet submitted +## DP: Date: 2003-01-22 + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad gnupg-1.4.6~/doc/gpgv.texi gnupg-1.4.6/doc/gpgv.texi +--- gnupg-1.4.6~/doc/gpgv.texi 2006-12-04 14:01:31.000000000 +0000 ++++ gnupg-1.4.6/doc/gpgv.texi 2006-12-07 02:33:20.000000000 +0000 +@@ -55,8 +55,8 @@ + @mansect description + @code{@gpgvname} is an OpenPGP signature verification tool. + +-This program is actually a stripped down version of @code{gpg} which is +-only able to check signatures. It is somewhat smaller than the fully blown ++This program is actually a stripped-down version of @code{gpg} which is ++only able to check signatures. It is somewhat smaller than the fully-blown + @code{gpg} and uses a different (and simpler) way to check that + the public keys used to make the signature are valid. There are + no configuration files and only a few options are implemented. +@@ -114,7 +114,7 @@ + + @mansect return value + +-The program returns 0 if everything was fine, 1 if at least ++The program returns 0 if everything is fine, 1 if at least + one signature was bad, and other error codes for fatal errors. + + @mansect examples +@@ -126,7 +126,7 @@ + @itemx @gpgvname @code{sigfile} + Verify the signature of the file. The second form + is used for detached signatures, where @code{sigfile} is the detached +-signature (either ASCII armored or binary) and are the signed ++signature (either ASCII-armored or binary) and are the signed + data; if this is not given the name of the file holding the signed data is + constructed by cutting off the extension (".asc", ".sig" or ".sign") from + @code{sigfile}. +@@ -152,7 +152,7 @@ + @table @asis + + @item ~/.gnupg/trustedkeys.gpg +-The default keyring with the allowed keys ++The default keyring with the allowed keys. + + @end table + +diff -urNad gnupg-1.4.6~/doc/opt-homedir.texi gnupg-1.4.6/doc/opt-homedir.texi +--- gnupg-1.4.6~/doc/opt-homedir.texi 2006-12-04 13:31:56.000000000 +0000 ++++ gnupg-1.4.6/doc/opt-homedir.texi 2006-12-07 02:32:48.000000000 +0000 +@@ -1,11 +1,11 @@ + @c This option is included at several places. + @item --homedir @var{dir} + @opindex homedir +-Set the name of the home directory to @var{dir}. If his option is not ++Set the name of the home directory to @var{dir}. If this option is not + used, the home directory defaults to @file{~/.gnupg}. It is only + recognized when given on the command line. It also overrides any home + directory stated through the environment variable @env{GNUPGHOME} or +-(on W32 systems) by means on the Registry entry ++(on W32 systems) by means of the Registry entry + @ifset isman + @var{HKCU\\Software\\GNU\\GnuPG:HomeDir}. + @end ifset diff --git a/debian/patches/25_de.po_fixes.dpatch b/debian/patches/25_de.po_fixes.dpatch new file mode 100644 index 0000000..d83d59d --- /dev/null +++ b/debian/patches/25_de.po_fixes.dpatch @@ -0,0 +1,195 @@ +#! /bin/sh -e +## 25_de.po_fixes.dpatch +## +## DP: Description: Small fixes for the German translation (#314069) +## DP: Author: Jens Seidel <jensseidel@users.sf.net> +## DP: Upstream status: Not yet submitted +## DP: Date: 2005-06-14 + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad gnupg-1.4.5~/po/de.po gnupg-1.4.5/po/de.po +--- gnupg-1.4.5~/po/de.po 2006-08-01 12:08:06.000000000 +0100 ++++ gnupg-1.4.5/po/de.po 2006-08-01 21:50:19.000000000 +0100 +@@ -1241,7 +1241,7 @@ + + #: g10/gpg.c:791 + msgid "Pubkey: " +-msgstr "Öff.Schlüssel: " ++msgstr "Öff. Schlüssel: " + + #: g10/gpg.c:797 g10/keyedit.c:2310 + msgid "Cipher: " +@@ -2330,7 +2330,7 @@ + #: g10/import.c:319 + #, c-format + msgid " secret keys unchanged: %lu\n" +-msgstr " unveränderte geh.Schl.: %lu\n" ++msgstr " unveränderte geh. Schl.: %lu\n" + + #: g10/import.c:321 + #, c-format +@@ -3388,11 +3388,11 @@ + + #: g10/keyedit.c:2035 + msgid "Do you really want to revoke the selected subkeys? (y/N) " +-msgstr "Möchten Sie die ausgewählten Unterschlüssel wirklich widerrufen? " ++msgstr "Möchten Sie die ausgewählten Unterschlüssel wirklich widerrufen? (j/N) " + + #: g10/keyedit.c:2037 + msgid "Do you really want to revoke this subkey? (y/N) " +-msgstr "Möchten Sie diesen Schlüssel wirklich widerrufen? " ++msgstr "Möchten Sie diesen Unterschlüssel wirklich widerrufen? (j/N) " + + #: g10/keyedit.c:2087 + msgid "" +@@ -3568,7 +3568,7 @@ + + #: g10/keyedit.c:3022 + msgid "You may not add a photo ID to a PGP2-style key.\n" +-msgstr "Sie können einem PGP2-artigen SchlüÂüsel keine Foto-ID hinzufügen.\n" ++msgstr "Sie können einem PGP2-artigen Schlüssel keine Foto-ID hinzufügen.\n" + + #: g10/keyedit.c:3162 + msgid "Delete this good signature? (y/N/q)" +@@ -3622,7 +3622,7 @@ + #: g10/keyedit.c:3352 + msgid "You may not add a designated revoker to a PGP 2.x-style key.\n" + msgstr "" +-"Sie können einem PGP2-artigen SchlüÂüsel keine vorgesehenen Widerrufer " ++"Sie können einem PGP2-artigen Schlüssel keine vorgesehenen Widerrufer " + "hinzufügen.\n" + + #: g10/keyedit.c:3372 +@@ -5034,7 +5034,7 @@ + "Wählen Sie ein Bild für Ihre Photo ID aus. Das Bild muß eine JPEG Datei\n" + "sein. Bitte beachten Sie, daß das Bild in Ihrem öffentlichen\n" + "Schlüssel gespeichert wird. Wenn Sie ein sehr großes Bild benutzen,\n" +-"wir Ihr Schlüssel leider auch sehr groß werden. Ein Bild der GröÂße\n" ++"wir Ihr Schlüssel leider auch sehr groß werden. Ein Bild der Größe\n" + "240x288 Pixel ist eine gute Wahl.\n" + + #: g10/photoid.c:95 +@@ -5406,7 +5406,7 @@ + #: g10/pubkey-enc.c:244 + #, c-format + msgid "cipher algorithm %d%s is unknown or disabled\n" +-msgstr "Verschüsselungsverfahren %d%s ist unbekannt oder abgeschaltet\n" ++msgstr "Verschlüsselungsverfahren %d%s ist unbekannt oder abgeschaltet\n" + + #: g10/pubkey-enc.c:282 + #, fuzzy, c-format +@@ -5504,7 +5504,7 @@ + msgstr "" + "Widerrufszertifikat wurde erzeugt.\n" + "\n" +-"Bitte speichern Sie es auf einem Medium welches sie wegschliessen\n" ++"Bitte speichern Sie es auf einem Medium welches sie wegschließen\n" + "können; falls Mallory (ein Angreifer) Zugang zu diesem Zertifikat\n" + "erhält, kann erIhren Schlüssel unbrauchbar machen. Es wäre klug,\n" + "dieses Widerrufszertifikat auch auszudrucken und sicher aufzubewahren,\n" +@@ -5588,7 +5588,7 @@ + msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n" + msgstr "" + "Trotz %d-fachen Versuch konnte die Erzeugung eines unsicheren Schlüssels für " +-"sym.Verschlüsselung nicht vermieden werden!\n" ++"sym. Verschlüsselung nicht vermieden werden!\n" + + #: g10/seskey.c:222 + msgid "DSA requires the hash length to be a multiple of 8 bits\n" +@@ -6133,7 +6133,7 @@ + #, fuzzy, c-format + msgid "public key of ultimately trusted key %s not found\n" + msgstr "" +-"öff.Schlüssel des uneingeschränkt vertrautem Schlüssel %08lX nicht gefunden\n" ++"öff. Schlüssel des uneingeschränkt vertrautem Schlüssel %08lX nicht gefunden\n" + + #: g10/trustdb.c:2197 + #, c-format +@@ -6190,7 +6190,7 @@ + + #: util/errors.c:60 + msgid "bad public key" +-msgstr "Falscher öffentlicher Schüssel" ++msgstr "Falscher öffentlicher Schlüssel" + + #: util/errors.c:61 + msgid "bad secret key" +@@ -6366,7 +6366,7 @@ + + #: util/errors.c:106 + msgid "unusable public key" +-msgstr "unbrauchbarer öffentlicher Schüssel" ++msgstr "unbrauchbarer öffentlicher Schlüssel" + + #: util/errors.c:107 + msgid "unusable secret key" +@@ -6775,7 +6775,7 @@ + #~ "Es wird ein neues %s Schlüsselpaar erzeugt.\n" + #~ " kleinste Schlüssellänge ist 768 Bit\n" + #~ " standard Schlüssellänge ist 1024 Bit\n" +-#~ " gröÂßte sinnvolle Schlüssellänge ist 2048 Bit\n" ++#~ " größte sinnvolle Schlüssellänge ist 2048 Bit\n" + + #~ msgid "DSA only allows keysizes from 512 to 1024\n" + #~ msgstr "DSA erlaubt nur Schlüssellängen von 512 bis 1024\n" +@@ -6787,13 +6787,13 @@ + #~ msgstr "zu kurz; 768 ist die kleinste mögliche Schlüssellänge.\n" + + #~ msgid "keysize too large; %d is largest value allowed.\n" +-#~ msgstr "SchüsselgröÂße zu hoch; %d ist der Maximalwert.\n" ++#~ msgstr "Schlüsselgröße zu hoch; %d ist der Maximalwert.\n" + + #~ msgid "" + #~ "Keysizes larger than 2048 are not suggested because\n" + #~ "computations take REALLY long!\n" + #~ msgstr "" +-#~ "Schlüssellängen gröÂßer als 2048 werden nicht empfohlen, da die\n" ++#~ "Schlüssellängen größer als 2048 werden nicht empfohlen, da die\n" + #~ "Berechnungen dann WIRKLICH lange brauchen!\n" + + #, fuzzy +@@ -7136,7 +7136,7 @@ + #~ msgstr "zu viele `%c' Voreinstellungen\n" + + #~ msgid "key %08lX: not a rfc2440 key - skipped\n" +-#~ msgstr "Schlüssel %08lX: dies ist kein RFC2440-Schüssel - übersprungen\n" ++#~ msgstr "Schlüssel %08lX: dies ist kein RFC2440-Schlüssel - übersprungen\n" + + #~ msgid "" + #~ "NOTE: Elgamal primary key detected - this may take some time to import\n" +@@ -7292,7 +7292,7 @@ + #~ msgstr "" + #~ "Dieses Verfahren wird nur von GnuPG unterstützt. Sie können diesen " + #~ "Schlüssel\n" +-#~ "nicht zur Verständigung mit PGP-Anwendern benutzen. Ausserdem ist " ++#~ "nicht zur Verständigung mit PGP-Anwendern benutzen. Außerdem ist " + #~ "dieses\n" + #~ "Verfahren sehr langsam, und es könnte nicht so sicher wie die anderen " + #~ "sein.\n" +@@ -7603,7 +7603,7 @@ + + #~ msgid "Do you really want to create a sign and encrypt key? " + #~ msgstr "" +-#~ "Möchten Sie wirklich einen Unterschriften-/Verschlüsselungschlüssel " ++#~ "Möchten Sie wirklich einen Unterschriften-/Verschlüsselungsschlüssel " + #~ "erzeugen? " + + #~ msgid "%s: user not found: %s\n" diff --git a/debian/patches/28_multiple_message.dpatch b/debian/patches/28_multiple_message.dpatch new file mode 100644 index 0000000..e882d48 --- /dev/null +++ b/debian/patches/28_multiple_message.dpatch @@ -0,0 +1,192 @@ +#! /bin/sh -e +## 28_multiple_message.dpatch +## +## DP: Description: Fix problems handling multiple messages [CVE-2007-1263] +## DP: Author: Werner Koch <wk@gnupg.org> +## DP: Upstream status: part of 1.4.7 +## DP: Date: 2007-03-07 + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad gnupg-1.4.6~/checks/verify.test gnupg-1.4.6/checks/verify.test +--- gnupg-1.4.6~/checks/verify.test 2006-03-07 10:28:24.000000000 +0000 ++++ gnupg-1.4.6/checks/verify.test 2007-03-07 21:39:20.000000000 +0000 +@@ -231,15 +231,15 @@ + eval "(IFS=; echo \"\$$i\")" >x + case "$i" in + msg_*_asc) +- $GPG --verify x || error "verify of $i failed" ++ $GPG --allow-multiple-messages --verify x || error "verify of $i failed" + ;; + msg_*_asc_multisig) +- $GPG --verify --allow-multisig-verification x \ ++ $GPG --allow-multiple-messages --verify --allow-multisig-verification x \ + || error "verify of $i failed" +- $GPG --verify x && error "verify of $i succeeded but should not" ++ $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not" + ;; + bad_*_asc) +- $GPG --verify x && error "verify of $i succeeded but should not" ++ $GPG --allow-multiple-messages --verify x && error "verify of $i succeeded but should not" + ;; + *) + error "No handler for test case $i" +diff -urNad gnupg-1.4.6~/g10/gpg.c gnupg-1.4.6/g10/gpg.c +--- gnupg-1.4.6~/g10/gpg.c 2007-03-07 21:38:57.000000000 +0000 ++++ gnupg-1.4.6/g10/gpg.c 2007-03-07 21:39:20.000000000 +0000 +@@ -368,6 +368,8 @@ + oAllowMultisigVerification, + oEnableDSA2, + oDisableDSA2, ++ oAllowMultipleMessages, ++ oNoAllowMultipleMessages, + + oNoop + }; +@@ -711,6 +713,8 @@ + { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, + { oEnableDSA2, "enable-dsa2", 0, "@"}, + { oDisableDSA2, "disable-dsa2", 0, "@"}, ++ { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, ++ { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"}, + + /* These two are aliases to help users of the PGP command line + product use gpg with minimal pain. Many commands are common +@@ -2782,6 +2786,14 @@ + case oEnableDSA2: opt.flags.dsa2=1; break; + case oDisableDSA2: opt.flags.dsa2=0; break; + ++ case oAllowMultipleMessages: ++ opt.flags.allow_multiple_messages=1; ++ break; ++ ++ case oNoAllowMultipleMessages: ++ opt.flags.allow_multiple_messages=0; ++ break; ++ + case oNoop: break; + + default : pargs.err = configfp? 1:2; break; +diff -urNad gnupg-1.4.6~/g10/mainproc.c gnupg-1.4.6/g10/mainproc.c +--- gnupg-1.4.6~/g10/mainproc.c 2006-04-08 01:51:28.000000000 +0100 ++++ gnupg-1.4.6/g10/mainproc.c 2007-03-07 21:39:20.000000000 +0000 +@@ -84,10 +84,9 @@ + + + static int do_proc_packets( CTX c, IOBUF a ); +- + static void list_node( CTX c, KBNODE node ); + static void proc_tree( CTX c, KBNODE node ); +- ++static int literals_seen; + + static void + release_list( CTX c ) +@@ -619,6 +618,8 @@ + int any, clearsig, only_md5, rc; + KBNODE n; + ++ literals_seen++; ++ + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) + log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); + else if( opt.verbose ) +@@ -702,16 +703,37 @@ + if ( c->mfx.md2 ) + md_start_debug( c->mfx.md2, "verify2" ); + } +- if ( c->pipemode.op == 'B' ) +- rc = handle_plaintext( pt, &c->mfx, 1, 0 ); +- else { +- rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); +- if( rc == G10ERR_CREATE_FILE && !c->sigs_only) { +- /* can't write output but we hash it anyway to +- * check the signature */ +- rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); +- } +- } ++ ++ rc=0; ++ ++ if(literals_seen>1) ++ { ++ log_info(_("WARNING: multiple plaintexts seen\n")); ++ ++ if(!opt.flags.allow_multiple_messages) ++ { ++ write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); ++ log_inc_errorcount(); ++ rc=G10ERR_UNEXPECTED; ++ } ++ } ++ ++ if(!rc) ++ { ++ if ( c->pipemode.op == 'B' ) ++ rc = handle_plaintext( pt, &c->mfx, 1, 0 ); ++ else ++ { ++ rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); ++ if( rc == G10ERR_CREATE_FILE && !c->sigs_only) ++ { ++ /* can't write output but we hash it anyway to ++ * check the signature */ ++ rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); ++ } ++ } ++ } ++ + if( rc ) + log_error( "handle plaintext failed: %s\n", g10_errstr(rc)); + free_packet(pkt); +diff -urNad gnupg-1.4.6~/g10/options.h gnupg-1.4.6/g10/options.h +--- gnupg-1.4.6~/g10/options.h 2006-12-03 15:37:45.000000000 +0000 ++++ gnupg-1.4.6/g10/options.h 2007-03-07 21:39:20.000000000 +0000 +@@ -226,6 +226,7 @@ + unsigned int use_embedded_filename:1; + unsigned int utf8_filename:1; + unsigned int dsa2:1; ++ unsigned int allow_multiple_messages:1; + } flags; + + /* Linked list of ways to find a key if the key isn't on the local +diff -urNad gnupg-1.4.6~/g10/status.c gnupg-1.4.6/g10/status.c +--- gnupg-1.4.6~/g10/status.c 2007-03-07 21:38:57.000000000 +0000 ++++ gnupg-1.4.6/g10/status.c 2007-03-07 21:39:20.000000000 +0000 +@@ -166,6 +166,7 @@ + case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break; + case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break; + case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break; ++ case STATUS_ERROR : s = "ERROR"; break; + default: s = "?"; break; + } + return s; +diff -urNad gnupg-1.4.6~/g10/status.h gnupg-1.4.6/g10/status.h +--- gnupg-1.4.6~/g10/status.h 2006-04-03 09:05:24.000000000 +0100 ++++ gnupg-1.4.6/g10/status.h 2007-03-07 21:39:20.000000000 +0000 +@@ -120,6 +120,8 @@ + + #define STATUS_BEGIN_SIGNING 84 + ++#define STATUS_ERROR 85 ++ + + /*-- status.c --*/ + void set_status_fd ( int fd ); diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 0000000..71dab99 --- /dev/null +++ b/debian/preinst @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +case "$1" in + upgrade|install) + # Try to gracefully handle upgrades from a pre-0.3.3 version + + if [ ! -z $2 ]; then + set +e + dpkg --compare-versions $2 \<= 0.3.2-1 + result=$? + set -e + if [ $result = 0 ]; then + cat <<EOF +Due to a bug in the way secret keys were encrypted in versions prior +to 0.3.3, this version of gnupg is not backwards compatible with $2 +which you have (had) installed on your system. + +There is an upgrade strategy (see /usr/doc/gnupg/NEWS.gz after this +version is installed), but it requires an old copy of the gpg and gpgm +EOF + echo -n "binaries; shall I make copies of them for you (Y/n)? " + read answer + if [ ! "$answer" = "n" ] && [ ! "$answer" = "N" ]; then + cp /usr/bin/gpg /usr/bin/gpg.old + cp /usr/bin/gpgm /usr/bin/gpgm.old + echo "Okay, done. The old versions are /usr/bin/gpg*.old" + else + echo "Okay, I haven't made backups." + fi; + cat <<EOF + +If at any stage you need a pre-0.3.3 gnupg, you can find source and +binaries for i386, m68k, alpha, powerpc and hurd-i386 at + + http://people.debian.org/~troup/gnupg/ + +Press return to continue +EOF + read foo + fi; + fi; + ;; + abort-upgrade) + ;; +esac diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..d3dcacb --- /dev/null +++ b/debian/rules @@ -0,0 +1,184 @@ +#!/usr/bin/make -f +# debian/rules file - for GNUPG (1.4.6) +# Based on sample debian/rules file - for GNU Hello (1.3). +# Copyright 1994,1995 by Ian Jackson. +# Copyright 1998-2006 by James Troup. +# I hereby give you perpetual unlimited permission to copy, +# modify and relicense this file, provided that you do not remove +# my name from the file itself. (I assert my moral right of +# paternity under the Copyright, Designs and Patents Act 1988.) +# This file may have to be extensively modified + +DISTRIBUTION := SLP +STRIP=strip --remove-section=.comment --remove-section=.note + +DEB_BUILD_GNU_TYPE = $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) +DEB_HOST_GNU_TYPE = $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) +HOSTARG = --host=$(DEB_HOST_GNU_TYPE) +endif + +CONFARGS = --prefix=/usr --libexecdir=/usr/lib/ --enable-mailto --with-mailprog=/usr/sbin/sendmail + +install_dir=install -d -m 755 +install_file=install -m 644 +install_script=install -m 755 +install_binary=install -m 755 -s + +VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2) +DEB_BUILD_ARCH := $(shell dpkg-architecture -qDEB_BUILD_ARCH) + +include /usr/share/dpatch/dpatch.make + +build-deb-stamp: patch-stamp + $(checkdir) + mkdir -p build-deb + cd build-deb && ../configure $(CONFARGS) $(HOSTARG) --with-libcurl=no --with-libusb=no + $(MAKE) -C build-deb + touch $@ + +build-udeb-stamp: patch-stamp + $(checkdir) + mkdir -p build-udeb + cd build-udeb && CFLAGS='-g -Os' ../configure $(CONFARGS) $(HOSTARG) --without-bzip2 --without-readline --with-libcurl=no --with-libusb=no + $(MAKE) -C build-udeb + touch $@ + +build: build-deb-stamp build-udeb-stamp + +test: build + $(checkdir) + make -C build-deb/checks check || exit 127 + touch test + +clean: unpatch + $(checkdir) + -rm -f build + -$(MAKE) -C build-deb -i distclean || $(MAKE) -C build-deb -f Makefile.in distclean + -$(MAKE) -C build-udeb -i distclean || $(MAKE) -C build-udeb -f Makefile.in distclean + -rm -rf build-deb build-udeb debian/gpgv-udeb debian/gnupg-udeb debian/gpgv + -rm -rf debian/tmp debian/patched debian/files* debian/*substvars + find . -name \*~ | xargs rm -vf + +binary-indep: + +binary-arch: checkroot build # test + $(checkdir) + + : # gnupg + -rm -rf debian/tmp + $(install_dir) debian/tmp/DEBIAN/ + $(install_script) debian/preinst debian/tmp/DEBIAN/ + $(MAKE) -C build-deb prefix=`pwd`/debian/tmp/usr mandir=`pwd`/debian/tmp/usr/share/man libexecdir=`pwd`/debian/tmp/usr/lib/ mkinstalldirs=`pwd`/scripts/mkinstalldirs install + : # copies of the manpage which can't be grokked by install-info + rm debian/tmp/usr/share/info/* + find debian/tmp/ -type f | xargs file | grep ELF | cut -d: -f 1 | xargs $(STRIP) + chmod 755 debian/tmp/usr/bin/gpg + sed -e "s#../g10/gpg#gpg#" < tools/lspgpot > debian/tmp/usr/bin/lspgpot + sed -e "s#../g10/gpg#gpg#" < tools/convert-from-106 > debian/tmp/usr/bin/gpg-convert-from-106 + chmod 755 debian/tmp/usr/bin/lspgpot debian/tmp/usr/bin/gpg-convert-from-106 + sed -e "s#/usr/local/#/usr/#" < debian/tmp/usr/share/man/man1/gpg.1 \ + > debian/tmp/usr/share/man/man1/gpg.1.new + mv debian/tmp/usr/share/man/man1/gpg.1.new debian/tmp/usr/share/man/man1/gpg.1 + $(install_file) debian/gpg-convert-from-106.1 debian/gpgsplit.1 \ + debian/lspgpot.1 debian/tmp/usr/share/man/man1/ + gzip -9v debian/tmp/usr/share/man/man*/* + : # Move localized manpages to FHS compliant locations + $(install_dir) debian/tmp/usr/share/man/ru/man1/ + mv debian/tmp/usr/share/man/man1/gpg.ru.1.gz debian/tmp/usr/share/man/ru/man1/gpg.1.gz + : # Remove from /usr/share/gnupg what we install into /usr/share/doc/gnupg/ + rm debian/tmp/usr/share/gnupg/FAQ debian/tmp/usr/share/gnupg/faq.html + $(install_dir) debian/tmp/usr/share/doc/gnupg/ + $(install_file) debian/changelog debian/tmp/usr/share/doc/gnupg/changelog.Debian + $(install_file) debian/README.Debian README NEWS THANKS TODO doc/DETAILS \ + doc/FAQ doc/faq.html doc/OpenPGP debian/Upgrading_From_PGP.txt \ + doc/highlights-1.4.txt debian/tmp/usr/share/doc/gnupg/ + for i in po util mpi cipher tools g10 checks include; do \ + $(install_file) $$i/ChangeLog debian/tmp/usr/share/doc/gnupg/changelog.$$i; done + $(install_file) ChangeLog debian/tmp/usr/share/doc/gnupg/changelog.toplevel + gzip -9v debian/tmp/usr/share/doc/gnupg/* + ln -s changelog.g10.gz debian/tmp/usr/share/doc/gnupg/changelog.gz + $(install_file) debian/copyright debian/tmp/usr/share/doc/gnupg/ + + : # in the gpgv package instead + rm debian/tmp/usr/bin/gpgv + rm debian/tmp/usr/share/man/man1/gpgv.1.gz + + find debian/tmp/ -type d -empty | xargs rmdir + + find debian/tmp/ -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps + dpkg-gencontrol -pgnupg -isp + chown -R root.root debian/tmp + chmod -R go=rX debian/tmp + dpkg --build debian/tmp .. + + : # gpgv + -rm -rf debian/gpgv + $(install_dir) debian/gpgv/DEBIAN/ + + $(install_dir) debian/gpgv/usr/bin/ + $(install_binary) build-udeb/g10/gpgv debian/gpgv/usr/bin/ + $(STRIP) debian/gpgv/usr/bin/gpgv + + $(install_dir) debian/gpgv/usr/share/man/man1/ + $(install_file) build-deb/doc/gpgv.1 debian/gpgv/usr/share/man/man1/ + gzip -9v debian/gpgv/usr/share/man/man*/* + + $(install_dir) debian/gpgv/usr/share/doc/gpgv + $(install_file) debian/changelog debian/gpgv/usr/share/doc/gpgv/changelog.Debian + gzip -9v debian/gpgv/usr/share/doc/gpgv/* + $(install_file) debian/copyright debian/gpgv/usr/share/doc/gpgv/ + + find debian/gpgv/ -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps + dpkg-gencontrol -pgpgv -Pdebian/gpgv -isp + chown -R root.root debian/gpgv + chmod -R go=rX debian/gpgv + dpkg --build debian/gpgv .. + +ifneq ($(DISTRIBUTION),SLP) + : ### Udebs + + : # gpgv-udeb + rm -rf debian/gpgv-udeb + $(install_dir) debian/gpgv-udeb/DEBIAN/ debian/gpgv-udeb/usr/bin/ + $(install_binary) build-udeb/g10/gpgv debian/gpgv-udeb/usr/bin/ + find debian/gpgv-udeb/ -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps -Tdebian/gpgv-udeb.substvars -tudeb + + : # Don't let dpkg-gencontrol write incorrect guesses to debian/files. + : # Instead, register the udeb manually. + dpkg-gencontrol -pgpgv-udeb -Tdebian/gpgv-udeb.substvars -Pdebian/gpgv-udeb -isp -fdebian/files~ + dpkg-distaddfile gpgv-udeb_$(VERSION)_$(DEB_BUILD_ARCH).udeb debian-installer extra + + chown -R root.root debian/gpgv-udeb + chmod -R go=rX debian/gpgv-udeb + dpkg --build debian/gpgv-udeb ../gpgv-udeb_$(VERSION)_$(DEB_BUILD_ARCH).udeb + + : # gnupg-udeb + rm -rf debian/gnupg-udeb + $(install_dir) debian/gnupg-udeb/DEBIAN/ debian/gnupg-udeb/usr/bin/ + $(install_binary) build-udeb/g10/gpg debian/gnupg-udeb/usr/bin/ + find debian/gnupg-udeb/ -type f | xargs file | grep ELF | cut -d: -f 1 | xargs dpkg-shlibdeps -Tdebian/gnupg-udeb.substvars -tudeb + + : # Don't let dpkg-gencontrol write incorrect guesses to debian/files. + : # Instead, register the udeb manually. + dpkg-gencontrol -pgnupg-udeb -Tdebian/gnupg-udeb.substvars -Pdebian/gnupg-udeb -isp -fdebian/files~ + dpkg-distaddfile gnupg-udeb_$(VERSION)_$(DEB_BUILD_ARCH).udeb debian-installer extra + + chown -R root.root debian/gnupg-udeb + chmod -R go=rX debian/gnupg-udeb + dpkg --build debian/gnupg-udeb ../gnupg-udeb_$(VERSION)_$(DEB_BUILD_ARCH).udeb +endif + +define checkdir + test -f g10/gpg.c && test -f debian/rules +endef + +# Below here is fairly generic really + +binary: binary-indep binary-arch + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: build binary binary-arch binary-indep clean checkroot |