diffstat of debian/ for gnupg2_2.2.12-1 gnupg2_2.2.12-1ubuntu3 changelog | 223 ++++++++++++++++++++++++++++++ control | 3 patches/dirmngr-honor-http-proxy.patch | 18 ++ patches/series | 1 systemd-environment-generator/90gpg-agent | 2 tests/control | 6 tests/gpgv-win32 | 4 tests/simple-tests | 34 ++++ 8 files changed, 287 insertions(+), 4 deletions(-) diff -Nru gnupg2-2.2.12/debian/changelog gnupg2-2.2.12/debian/changelog --- gnupg2-2.2.12/debian/changelog 2018-12-15 01:17:16.000000000 +0000 +++ gnupg2-2.2.12/debian/changelog 2019-01-30 10:39:21.000000000 +0000 @@ -1,3 +1,27 @@ +gnupg2 (2.2.12-1ubuntu3) disco; urgency=medium + + * Drop the gpgv-win32 test, and add some simple tests for gpg{,v} instead + + -- Julian Andres Klode Wed, 30 Jan 2019 11:39:21 +0100 + +gnupg2 (2.2.12-1ubuntu2) disco; urgency=medium + + * No-change rebuild for readline soname change. + + -- Matthias Klose Mon, 14 Jan 2019 20:09:13 +0000 + +gnupg2 (2.2.12-1ubuntu1) disco; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Honor http_proxy= environment variables by default in the systemd + user session dirmngr service. LP: #1625848 + (debian/patches/dirmngr-honor-http-proxy.patch) + - Export GPG_AGENT_INFO in the systemd-environment-generator too. + * debian/tests/gpgv-win32: Create /run/user/$(id -u) if it does not + exist - wine hardcodes that location. + + -- Julian Andres Klode Tue, 08 Jan 2019 10:19:49 +0100 + gnupg2 (2.2.12-1) unstable; urgency=medium * New upstream release @@ -69,6 +93,16 @@ -- Daniel Kahn Gillmor Thu, 19 Jul 2018 14:02:31 -0400 +gnupg2 (2.2.8-3ubuntu1) cosmic; urgency=medium + + * Sync with Debian. Remaining changes: + - Honor http_proxy= environment variables by default in the systemd + user session dirmngr service. LP: #1625848 + (debian/patches/dirmngr-honor-http-proxy.patch) + - Export GPG_AGENT_INFO in the systemd-environment-generator too. + + -- Jeremy Bicha Mon, 03 Sep 2018 20:43:20 -0400 + gnupg2 (2.2.8-3) unstable; urgency=medium * Ensure arch: all gnupg package supports binMNUs @@ -90,6 +124,23 @@ -- Daniel Kahn Gillmor Wed, 20 Jun 2018 06:56:09 -0400 +gnupg2 (2.2.8-1ubuntu1) cosmic; urgency=low + + * Merge from Debian unstable to fix CVE-2018-12020. Remaining changes: + - Honor http_proxy= environment variables by default in the systemd + user session dirmngr service. LP: #1625848 + (debian/patches/dirmngr-honor-http-proxy.patch) + - Export GPG_AGENT_INFO in the systemd-environment-generator too. + * dropped due to applied in debian: + - debian/gnupg2.udev: + - udev rules to set ACLs on SCM smartcard readers. + - Add udev rules to give gpg access to some smartcard readers; + Debian #543217. (applied in scdaemon in 2.1.11-7+exp1) + * dropped (no longer needed): + - Add breaks for software-properties-common at 0.96.24.3 or lower. + + -- Steve Beattie Wed, 13 Jun 2018 11:44:59 -0700 + gnupg2 (2.2.8-1) unstable; urgency=medium * New upstream release @@ -134,6 +185,25 @@ -- Daniel Kahn Gillmor Mon, 05 Feb 2018 23:07:21 -0500 +gnupg2 (2.2.4-1ubuntu1) bionic; urgency=medium + + * Merge from Debian unstable, remaining changes: + - debian/gnupg2.udev: + - Add udev rules to give gpg access to some smartcard readers; + Debian #543217. + - udev rules to set ACLs on SCM smartcard readers. + - Add breaks for software-properties-common at 0.96.24.3 or lower. + - Honor http_proxy= environment variables by default in the systemd + user session dirmngr service. LP: #1625848 + - Export GPG_AGENT_INFO in the systemd-environment-generator too. + + * Dropped changes: + - Removed user session upstart support. + - Removed gpg-agent.service changes, use Debian's environment generator instead. + - Patch to set GNUPGHOME for tests, fixed in debian/upstream. + + -- Dimitri John Ledkov Thu, 11 Jan 2018 13:33:17 +0000 + gnupg2 (2.2.4-1) unstable; urgency=medium * New upstream release @@ -533,6 +603,85 @@ -- Daniel Kahn Gillmor Wed, 31 Aug 2016 12:37:48 -0400 +gnupg2 (2.1.15-1ubuntu8) artful; urgency=medium + + * debian/patches/0005-set-gnupghome-for-tests.patch: + - set GNUPGHOME to a directory under the build directory as the + default value relies on $HOME which shouldn't be used during + the package build. LP: #1722939. + + -- Tiago Stürmer Daitx Wed, 11 Oct 2017 20:20:46 +0000 + +gnupg2 (2.1.15-1ubuntu7) zesty; urgency=medium + + * gpg-agent.conf: use XDG_RUNTIME_DIR for ssh-agent socket, in the + upstart user session job too. LP: #1675925. + + -- Dimitri John Ledkov Wed, 29 Mar 2017 16:15:15 +0100 + +gnupg2 (2.1.15-1ubuntu6) yakkety; urgency=medium + + * gpg-agent.service: use XDG_RUNTIME_DIR for ssh-agent socket, instead + of GNUPGHOME. LP: #1631320. + + -- Dimitri John Ledkov Fri, 07 Oct 2016 11:20:28 +0100 + +gnupg2 (2.1.15-1ubuntu5) yakkety; urgency=medium + + * gpg-agent.service: Properly escape "\$10" to avoid warning. (LP: #1615726) + + -- Martin Pitt Thu, 06 Oct 2016 23:10:50 +0200 + +gnupg2 (2.1.15-1ubuntu4) yakkety; urgency=medium + + * Honor http_proxy= environment variables by default, in the newly + generated dirmngr.conf files. Existing users behing proxies should set + honor-http-proxy in $GNUPGHOME/dirmngr.conf, see + /usr/share/gnupg/dirmngr-conf.skel. LP: #1625848 + + -- Dimitri John Ledkov Wed, 21 Sep 2016 02:23:54 +0100 + +gnupg2 (2.1.15-1ubuntu3) yakkety; urgency=medium + + * No-change rebuild for readline soname change. + + -- Matthias Klose Sat, 17 Sep 2016 12:02:46 +0000 + +gnupg2 (2.1.15-1ubuntu2) yakkety; urgency=medium + + * Add breaks for software-properties-common at 0.96.24.3 or lower. + + -- Dimitri John Ledkov Thu, 01 Sep 2016 11:34:12 +0100 + +gnupg2 (2.1.15-1ubuntu1) yakkety; urgency=medium + + * gnupg is now 2.1. LP: #1615039 + * Merge from Debian unstable, remaining changes: + - debian/systemd-user/gpg-agent.service: + - Set the environment variables in ExecStartPre - Post has a race + condition as other SSH agent providers can start up after ExecStart + finishes. The ExecStopPost commands are run in the case of failure, to + unset them. + - Be Before= gnome-keyring-ssh and ssh-agent - if someone has explicitly + asked for gpg-agent to be their SSH agent then we want to win. + - Set $SSH_AGENT_LAUNCHER so that we can avoid executing gpgconf in the + ExecStopPost. + - Ignore initctl failures - eventually this will go away. + - debian/upstart-user/: + - Add upstart user session jobs + - Add upstart override for the upstart user session jobs, when user + systemd is present + - debian/Xsession.d/90gpg-agent: + - Don't run if we have a systemd user instance. We want to phase out + the Xsession.d scripts, and use the systemd/upstart scripts so that + things also work under Mir. + - debian/gnupg2.udev: + - Add udev rules to give gpg access to some smartcard readers; + Debian #543217. + - udev rules to set ACLs on SCM smartcard readers. + + -- Dimitri John Ledkov Wed, 31 Aug 2016 13:35:55 +0100 + gnupg2 (2.1.15-1) unstable; urgency=medium * new upstream release @@ -700,6 +849,58 @@ -- Daniel Kahn Gillmor Mon, 28 Mar 2016 23:27:43 -0400 +gnupg2 (2.1.11-6ubuntu4) yakkety; urgency=medium + + * debian/user/gpg-agent.service: + - Set the environment variables in ExecStartPre - Post has a race + condition as other SSH agent providers can start up after ExecStart + finishes. The ExecStopPost commands are run in the case of failure, to + unset them. + - Be Before= gnome-keyring-ssh and ssh-agent - if someone has explicitly + asked for gpg-agent to be their SSH agent then we want to win. + - Set $SSH_AGENT_LAUNCHER so that we can avoid executing gpgconf in the + ExecStopPost. + - Ignore initctl failures - eventually this will go away. + + -- Iain Lane Thu, 04 Aug 2016 11:16:01 +0100 + +gnupg2 (2.1.11-6ubuntu3) yakkety; urgency=medium + + * debian/user/: Add systemd user unit and upstart override for gpg-agent. + * debian/gnupg-agent.xsession: Don't run if we have a systemd user instance. + We want to phase out the Xsession.d scripts, and use the systemd/upstart + scripts so that things also work under Mir. + + -- Martin Pitt Tue, 19 Jul 2016 17:35:01 +0200 + +gnupg2 (2.1.11-6ubuntu2) xenial; urgency=medium + + * Fix upstart user-session integration with new pinentry: + - restart gpg-agent, once dbus is started, such that agent has DBUS + session environemnt set and can connect to the pinentry-gnome3 Closes: + #790316 Closes: #795368 LP: #1566928 + - use gpgconf to launch/kill gpg-agent and to check settings + + -- Dimitri John Ledkov Fri, 08 Apr 2016 08:55:10 +0100 + +gnupg2 (2.1.11-6ubuntu1) xenial; urgency=medium + + * Adds support for --pinentry= argument for gpgme1.0 (LP: #1564234) + * Merge with debian, remaining changes: + - Add udev rules to give gpg access to some smartcard readers; + Debian #543217. + - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers. + - Add upstart user job for gpg-agent. + * Dropped no longer applicable changes in merge: + - Drop sh prefix from openpgp test environment as it leads to exec + invocations of sh /bin/bash leading to syntax errors from sh. Fixes + FTBFS detected in Ubuntu saucy archive rebuild. + - debian/control: drop dirmngr to Suggests as it is in universe. + - gcc5-fix.patch: add upstream fix for an optimization issue when + compiling with gcc 5. + + -- Mario Limonciello Wed, 30 Mar 2016 23:20:09 -0500 + gnupg2 (2.1.11-6) unstable; urgency=medium * avoid FTBFS with patch from upstream (Closes: #814842) @@ -904,6 +1105,27 @@ -- Daniel Kahn Gillmor Wed, 29 Oct 2014 17:53:06 -0400 +gnupg2 (2.0.28-3ubuntu2) xenial; urgency=medium + + * debian/gcc5-fix.patch: add upstream fix for an optimization issue when + compiling with gcc 5. (LP: #1501634) + + -- Marc Deslauriers Tue, 09 Feb 2016 16:11:42 -0500 + +gnupg2 (2.0.28-3ubuntu1) wily; urgency=low + + * Merge from Debian, remaining changes: + - Drop sh prefix from openpgp test environment as it leads to exec + invocations of sh /bin/bash leading to syntax errors from sh. Fixes + FTBFS detected in Ubuntu saucy archive rebuild. + - Add udev rules to give gpg access to some smartcard readers; + Debian #543217. + - debian/gnupg2.udev: udev rules to set ACLs on SCM smartcard readers. + - Add upstart user job for gpg-agent. + - debian/control: drop dirmngr to Suggests as it is in universe. + + -- Iain Lane Mon, 13 Jul 2015 13:18:38 +0100 + gnupg2 (2.0.28-3) unstable; urgency=medium * pass DBUS_SESION_BUS_ADDRESS to the agent for gnome3. @@ -2310,3 +2532,4 @@ * Initial release. -- James Troup Fri, 20 Feb 1998 02:05:34 +0000 + diff -Nru gnupg2-2.2.12/debian/control gnupg2-2.2.12/debian/control --- gnupg2-2.2.12/debian/control 2018-11-18 22:38:25.000000000 +0000 +++ gnupg2-2.2.12/debian/control 2018-12-15 05:18:13.000000000 +0000 @@ -1,7 +1,8 @@ Source: gnupg2 Section: utils Priority: optional -Maintainer: Debian GnuPG Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian GnuPG Maintainers Uploaders: Eric Dorland , Daniel Kahn Gillmor , diff -Nru gnupg2-2.2.12/debian/patches/dirmngr-honor-http-proxy.patch gnupg2-2.2.12/debian/patches/dirmngr-honor-http-proxy.patch --- gnupg2-2.2.12/debian/patches/dirmngr-honor-http-proxy.patch 1970-01-01 00:00:00.000000000 +0000 +++ gnupg2-2.2.12/debian/patches/dirmngr-honor-http-proxy.patch 2018-09-04 00:43:20.000000000 +0000 @@ -0,0 +1,18 @@ +Description: Honor http_proxy= environment variables by default + In the newly generated dirmngr.conf files only. Existing users behing + proxies should set honor-http-proxy in $GNUPGHOME/dirmngr.conf, + see /usr/share/gnupg/dirmngr-conf.skel. +Author: Dimitri John Ledkov +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1625848 + +Index: gnupg2-2.2.4/doc/examples/systemd-user/dirmngr.service +=================================================================== +--- gnupg2-2.2.4.orig/doc/examples/systemd-user/dirmngr.service ++++ gnupg2-2.2.4/doc/examples/systemd-user/dirmngr.service +@@ -4,5 +4,5 @@ Documentation=man:dirmngr(8) + Requires=dirmngr.socket + + [Service] +-ExecStart=/usr/bin/dirmngr --supervised ++ExecStart=/usr/bin/dirmngr --supervised --honor-http-proxy + ExecReload=/usr/bin/gpgconf --reload dirmngr diff -Nru gnupg2-2.2.12/debian/patches/series gnupg2-2.2.12/debian/patches/series --- gnupg2-2.2.12/debian/patches/series 2018-12-15 01:17:02.000000000 +0000 +++ gnupg2-2.2.12/debian/patches/series 2019-01-08 09:17:48.000000000 +0000 @@ -20,3 +20,4 @@ show-revocation-cert/gpg-Print-revocation-certificate-details-when-showing-wit.patch Make-gpg-zip-use-tar-from-PATH.patch fix-spelling.patch +dirmngr-honor-http-proxy.patch diff -Nru gnupg2-2.2.12/debian/systemd-environment-generator/90gpg-agent gnupg2-2.2.12/debian/systemd-environment-generator/90gpg-agent --- gnupg2-2.2.12/debian/systemd-environment-generator/90gpg-agent 2018-11-18 22:37:53.000000000 +0000 +++ gnupg2-2.2.12/debian/systemd-environment-generator/90gpg-agent 2018-12-15 05:18:14.000000000 +0000 @@ -3,6 +3,8 @@ # Author: rufo # See https://bugs.debian.org/855868 +agent_sock=$(gpgconf --list-dirs agent-socket) +export GPG_AGENT_INFO=${agent_sock}:0:1 if [ -n "$(gpgconf --list-options gpg-agent | \ awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) diff -Nru gnupg2-2.2.12/debian/tests/control gnupg2-2.2.12/debian/tests/control --- gnupg2-2.2.12/debian/tests/control 2018-11-18 22:37:53.000000000 +0000 +++ gnupg2-2.2.12/debian/tests/control 2019-01-30 10:38:58.000000000 +0000 @@ -1,3 +1,3 @@ -Tests: gpgv-win32 -Depends: gpgv-win32, gnupg2, gpgv2 -Restrictions: needs-root, allow-stderr +Tests: simple-tests +Depends: gnupg2, gpgv2 +Restrictions: allow-stderr diff -Nru gnupg2-2.2.12/debian/tests/gpgv-win32 gnupg2-2.2.12/debian/tests/gpgv-win32 --- gnupg2-2.2.12/debian/tests/gpgv-win32 2018-11-18 22:37:53.000000000 +0000 +++ gnupg2-2.2.12/debian/tests/gpgv-win32 2019-01-08 09:19:45.000000000 +0000 @@ -30,6 +30,10 @@ ;; esac +# The user runtime directory is hardcoded by wine, so we have to create +# it if we don't have one already. +[ -e /run/user/$(id -u) ] || mkdir -p /run/user/$(id -u) + if ! dpkg-query --status wine32 | grep -Fqx 'Status: install ok installed'; then DEBIAN_FRONTEND=noninteractive apt install -qy wine32 # FIXME ditto fi diff -Nru gnupg2-2.2.12/debian/tests/simple-tests gnupg2-2.2.12/debian/tests/simple-tests --- gnupg2-2.2.12/debian/tests/simple-tests 1970-01-01 00:00:00.000000000 +0000 +++ gnupg2-2.2.12/debian/tests/simple-tests 2019-01-30 10:39:21.000000000 +0000 @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e +set -x + +DIR=$(mktemp -d) +GPG_HOME=$DIR/gnupg +gpg="gpg --homedir $GPG_HOME" + +mkdir $GPG_HOME +chmod 700 $GPG_HOME + +#trap "cd $HOME && rm -rf $DIR" EXIT + +cd $DIR + +cat > key-batch << EOF +Key-Type: default +Subkey-Type: default +Name-Real: test case +Name-Email: example@example.com +Expire-Date: 0 +%no-protection +%commit +EOF + +$gpg --batch --generate-key key-batch +$gpg -abs < $GPG_HOME/pubring.kbx > pubring.kbx.asc +$gpg --verify pubring.kbx.asc $GPG_HOME/pubring.kbx +gpgv --keyring $GPG_HOME/pubring.kbx pubring.kbx.asc $GPG_HOME/pubring.kbx + +# Encrypt +$gpg -e -r example@example.com < $GPG_HOME/pubring.kbx > pubring.kbx.gpg +$gpg -d -r example@example.com < pubring.kbx.gpg > pubring.kbx.gpg.dec