| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| debian-packaging/avoid-beta-warning.patch | avoid-beta-warning avoid self-describing as a beta Using autoreconf against the source as distributed in tarball form invariably results in a package that thinks it's a "beta" package, which produces the "THIS IS A DEVELOPMENT VERSION" warning string. since we use dh_autoreconf, i need this patch to avoid producing builds that announce themselves as DEVELOPMENT VERSIONs. See discussion at: http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029065.html |
Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org> | no | 2015-04-14 | ||
| debian-packaging/avoid-regenerating-defsincdate-use-shipped-file.patch | avoid regenerating defsincdate (use shipped file) upstream ships doc/defsincdate in its tarballs. but doc/Makefile.am tries to rewrite doc/defsincdate if it notices that any of the files have been modified more recently, and it does so assuming that we're running from a git repo. However, we'd rather ship the documents cleanly without regenerating defsincdate -- we don't have a git repo available (debian builds from upstream tarballs) and any changes to the texinfo files (e.g. from debian/patches/) might result in different dates on the files than we expect after they're applied by dpkg or quilt or whatever, which makes the datestamp unreproducible. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2016-08-29 | ||
| debian-packaging/keep-systemd-support.patch | avoid-systemd-deprecation-warning diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 1db422737..b49c31f83 100644 |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-08-21 | ||
| debian-packaging/keyboxd-systemd-support.patch | Add systemd support for keyboxd diff --git a/kbx/keyboxd.c b/kbx/keyboxd.c index 88a350a08..ee39b2287 100644 |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-08-23 | ||
| block-ptrace-on-secret-daemons/Avoid-simple-memory-dumps-via-ptrace.patch | Avoid simple memory dumps via ptrace This avoids needing to setgid gpg-agent. It probably doesn't defend against all possible attacks, but it defends against one specific (and easy) one. If there are other protections we should do them too. This will make it slightly harder to debug the agent because the normal user won't be able to attach gdb to it directly while it runs. The remaining options for debugging are: * launch the agent from gdb directly * connect gdb to a running agent as the superuser Upstream bug: https://dev.gnupg.org/T1211 |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2015-08-11 | ||
| dirmngr-idling/dirmngr-hkp-Avoid-potential-race-condition-when-some.patch | dirmngr: hkp: Avoid potential race condition when some hosts die. * dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass through the host table instead of risking out-of-bounds write. -- Multiple threads may write to hosttable[x]->dead while select_random_host() is running. For example, a housekeeping thread might clear the ->dead bit on some entries, or another connection to dirmngr might manually mark a host as alive. If one or more hosts are resurrected between the two loops over a given table in select_random_host(), then the allocation of tbl might not be large enough, resulting in a write past the end of tbl on the second loop. This change collapses the two loops into a single loop to avoid this As Werner points out, this isn't currently strictly necessary, since npth will not switch threads unless a blocking system call is made, and no blocking system call is made in these two loops. However, in a subsequent change in this series, we will call a function in this loop, and that function may sometimes write(2), or call other functions, which may themselves block. Keeping this as a single-pass loop avoids the need to keep track of what might block and what might not. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2016-10-29 | ||
| dirmngr-idling/dirmngr-Avoid-need-for-hkp-housekeeping.patch | dirmngr: Avoid need for hkp housekeeping. * dirmngr/ks-engine-hkp.c (host_is_alive): New function. Test whether host is alive and resurrects it if it has been dead long enough. (select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive instead of testing hostinfo_t->dead directly. (ks_hkp_housekeeping): Remove function, no longer needed. * dirmngr/dirmngr.c (housekeeping_thread): Remove call to ks_hkp_housekeeping. -- Rather than resurrecting hosts upon scheduled resurrection times, test whether hosts should be resurrected as they're inspected for being dead. This removes the need for explicit housekeeping, and makes host resurrections happen "just in time", rather than being clustered on HOUSEKEEPING_INTERVAL seconds. According to 392e068e9f143d41f6350345619543cbcd47380f, dns_stuff_housekeeping only works on Windows, so it also isn't necessary in debian, but it remains in place for now. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2016-10-29 | ||
| dirmngr-idling/dirmngr-Avoid-automatically-checking-upstream-swdb.patch | dirmngr: Avoid automatically checking upstream swdb. * dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically checking upstream's software database. In Debian, software updates should be handled by the distro mechanism, and additional upstream checks only confuse the user. * doc/dirmngr.texi: document that --allow-version-check does nothing. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2016-11-20 | ||
| from-master/gpg-default-to-3072-bit-keys.patch | gpg: default to 3072-bit keys. * agent/command.c (hlp_genkey): update help text to suggest the use of 3072 bits. * doc/wks.texi: Make example match default generation. * g10/keygen.c (gen_elg): update default from 2048 to 3072. * g10/keyid.c (pubkey_string): update comment so that first example is the default 3072-bit RSA. -- 3072-bit RSA is widely considered to be 128-bit-equivalent security. This is a sensible default in 2017. (cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c) |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2017-09-07 | ||
| from-master/gpg-agent-idling/0001-agent-Add-agent_kick_the_loop-function.patch | [PATCH 01/12] agent: Add agent_kick_the_loop function. * agent/agent.h (agent_kick_the_loop): New. * agent/gpg-agent.c [HAVE_W32_SYSTEM] (the_event2): New. [HAVE_PSELECT_NO_EINTR] (event_pipe_fd): New. [!HAVE_PSELECT_NO_EINTR] (main_thread_pid): New. (create_an_event): New, factored out. (get_agent_daemon_notify_event): Use create_an_event. (handle_signal): Add a case for SIGCONT. (agent_kick_the_loop): New. (handle_connections): Call pselect possibly with the pipe. Call eselect with THE_EVENT2. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-08-24 | ||
| from-master/gpg-agent-idling/0001-agent-Use-a-thread-to-monitor-socket-takeover.patch | [PATCH 1/9] agent: Use a thread to monitor socket takeover. * agent/gpg-agent.c (check_own_socket_running): Remove. (socket_takeover_detected): New. (check_own_socket): Remove. (handle_tick): Don't call check_own_socket any more. (handle_connections): Start off the check_own_socket_thread. Check socket_takeover_detected to handle the event. (do_check_own_socket): New, factoring out the task. (check_own_socket_thread): Loop with the interval. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| from-master/gpg-agent-idling/0002-agent-Fix-the-handling-of-socket-takeover.patch | [PATCH 2/9] agent: Fix the handling of socket takeover. * agent/gpg-agent.c (handle_connections): Check the takeover when interrupted. (check_own_socket_thread): Kick the loop when detected. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-08-30 | ||
| from-master/gpg-agent-idling/0003-agent-Recover-support-CHECK_OWN_SOCKET_INTERVAL-0.patch | [PATCH 3/9] agent: Recover support CHECK_OWN_SOCKET_INTERVAL == 0. * agent/gpg-agent.c (handle_connections): Only spawn the thread when CHECK_OWN_SOCKET_INTERVAL > 0. [CHECK_OWN_SOCKET_INTERVAL == 0] (check_own_socket_pid_cb) (do_check_own_socket, check_own_socket_thread): Ifdef out. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| from-master/gpg-agent-idling/0004-agent-Have-a-thread-monitoring-parent-PID-and-homedi.patch | [PATCH 4/9] agent: Have a thread monitoring parent PID and homedir. * agent/gpg-agent.c (CHECK_PROBLEMS_INTERVAL): New. (socket_takeover_detected): Remove. (problem_detected): New. (handle_tick): Don't check parent PID and homedir in this function. (handle_connections): Spawn check_others_thread when needed. Handle AGENT_PROBLEM_PARENT_HAS_GONE and AGENT_PROBLEM_HOMEDIR_REMOVED. (check_own_socket_thread): Check SHUTDOWN_PENDING variable in the loop. Use PROBLEM_DETECTED variable. (check_others_thread): New. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| from-master/gpg-agent-idling/0005-agent-Better-interaction-between-main-loop-and-cache.patch | [PATCH 5/9] agent: Better interaction between main loop and cache expiration. * agent/agent.h (agent_cache_housekeeping): Remove. (agent_cache_expiration): New. * agent/cache.c (agent_cache_housekeeping): Remove. (agent_cache_expiration): New. * agent/gpg-agent.c (TIMERTICK_INTERVAL): Remove. (handle_tick): Remove. (handle_connections): Call agent_cache_expiration and use the timeout value determined by the call. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| from-master/gpg-agent-idling/0006-agent-Introduce-management-of-timer-to-expire-cache-.patch | [PATCH 6/9] agent: Introduce management of timer to expire cache entries. * agent/cache.c (struct timer_s): New. (struct cache_item_s): Add a member filed T for timer. (the_timer_list, the_timer_list_new): New. (insert_to_timer_list_new, insert_to_timer_list): New. (remove_from_timer_list, remove_from_timer_list_new): New. (housekeeping): Remove. (compute_expiration, update_expiration): New. (do_expire): New. (TIMERTICK_INTERVAL): Remove. (agent_cache_expiration): Use timer list to manage the expiration of cache entries. (agent_flush_cache): Call update_expiration when needed. (agent_put_cache): Don't call housekeeping any more, but update_expiration for an entry in question. (agent_get_cache): Likewise. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-08-31 | ||
| from-master/gpg-agent-idling/0007-agent-Fix-the-previous-commit.patch | [PATCH 7/9] agent: Fix the previous commit. * agent/cache.c (remove_from_timer_list_new): Fix cut&paste error. TV_SEC field should not be touched. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-01 | ||
| from-master/gpg-agent-idling/0008-agent-Fix-timer-list-management.patch | [PATCH 8/9] agent: Fix timer list management. * agent/cache.c (insert_to_timer_list): Update TV_SEC of the top entry when inserted. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-01 | ||
| from-master/gpg-agent-idling/0009-agent-Fix-sock_inotify_fd-handling.patch | [PATCH 9/9] agent: Fix sock_inotify_fd handling. * agent/gpg-agent.c (handle_connections): Also check SOCK_INOTIFY_FD when spawning check_onw_socket_thread. When removal of the socket is detected, do same as AGENT_PROBLEM_SOCKET_TAKEOVER. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| from-master/gpg-agent-idling/0010-agent-Fix-timer-round-up-check-when-inserting-an-ent.patch | [PATCH 10/10] agent: Fix timer round-up check when inserting an entry into cache. * agent/cache.c (insert_to_timer_list): Round up when >= a half second. -- |
NIIBE Yutaka <gniibe@fsij.org> | no | 2023-09-04 | ||
| update-defaults/gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch | gpg: Default to SHA-512 for all signature types on RSA keys. * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in --gnupg mode (leave strict RFC and PGP modes alone). * configure.ac: Do not allow disabling sha512. * g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512. -- SHA512 is more performant on most 64-bit platforms than SHA256, and offers a better security margin. It is also widely implemented. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2022-12-25 | ||
| update-defaults/gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch | gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences. * g10/keygen.c (keygen_set_std_prefs): prefer SHA-512 and SHA-384 by default. -- In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the defaults for --default-preference-list to advertise a preference for SHA-512, without touching --personal-digest-preferences. This makes the same change for --personal-digest-preferences, since every modern OpenPGP library supports them all. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2018-01-03 | ||
| import-merge-without-userid/tests-add-test-cases-for-import-without-uid.patch | tests: add test cases for import without uid This commit adds a test case that does the following, in order: - Import of a primary key plus user id - Check that import of a subkey works, without a user id present in the imported key - Check that import of a subkey revocation works, without a user id or subkey binding signature present in the imported key - Check that import of a primary key revocation works, without a user id present in the imported key -- Note that this test currently fails. The following changesets will fix gpg so that the tests pass. |
Vincent Breitmoser <look@my.amazin.horse> | no | 2019-06-13 | ||
| import-merge-without-userid/gpg-allow-import-of-previously-known-keys-even-without-UI.patch | gpg: allow import of previously known keys, even without UIDs * g10/import.c (import_one): Accept an incoming OpenPGP certificate that has no user id, as long as we already have a local variant of the cert that matches the primary key. -- This fixes two of the three broken tests in import-incomplete.scm. |
Vincent Breitmoser <look@my.amazin.horse> | no | 2022-12-25 | ||
| import-merge-without-userid/gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch | gpg: accept subkeys with a good revocation but no self-sig during import * g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we encounter a valid revocation signature. This allows import of subkey revocation signatures, even in the absence of a corresponding subkey binding signature. -- This fixes the remaining test in import-incomplete.scm. |
Vincent Breitmoser <look@my.amazin.horse> | no | 2019-06-13 | ||
| dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch | dirmngr: Only use SKS pool CA for SKS pool * dirmngr/http.c (http_session_new): when checking whether the keyserver is the HKPS pool, check specifically against the pool name, as ./configure might have been used to select a different default keyserver. It makes no sense to apply Kristian's certificate authority to anything other than the literal host hkps.pool.sks-keyservers.net. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2022-12-25 | ||
| Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch | Use hkps://keys.openpgp.org as the default keyserver As of 2.2.17, GnuPG will refuse to accept any third-party certifications from OpenPGP certificates pulled from the keyserver network. The SKS keyserver network currently has at least a dozen popular certificates which are flooded with enough unusable third-party certifications that they cannot be retrieved in any reasonable amount of time. The hkps://keys.openpgp.org keyserver installation offers HKPS, performs cryptographic validation, and by policy does not distribute third-party certifications anyway. It is not distributed or federated yet, unfortunately, but it is functional, which is more than can be said for the dying SKS pool. And given that GnuPG is going to reject all the third-party certifications anyway, there is no clear "web of trust" rationale for relying on the SKS pool. One sticking point is that keys.openpgp.org does not distribute user IDs unless the user has proven control of the associated e-mail address. This means that on standard upstream GnuPG, retrieving revocations or subkey updates of those certificates will fail, because upstream GnuPG ignores any incoming certificate without a user ID, even if it knows a user ID in the local copy of the certificate (see https://dev.gnupg.org/T4393). However, we have three patches in debian/patches/import-merge-without-userid/ that together fix that bug. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2022-12-25 | ||
| gpg-drop-import-clean-from-default-keyserver-import-optio.patch | gpg: drop import-clean from default keyserver import options * g10/gpg.c (main): drop IMPORT_CLEAN from the default opt.keyserver_options.import_options * doc/gpg.texi: reflect this change in the documentation Given that SELF_SIGS_ONLY is already set, it's not clear what additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN means that receiving an OpenPGP certificate from a keyserver will potentially delete data that is otherwise held in the local keyring, which is surprising to users who expect retrieval from the keyservers to be purely additive. |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> | no | 2019-07-15 |