diffstat for gnupg2-2.2.15 gnupg2-2.2.15

 changelog                                                          |   40 ++++
 control                                                            |   13 -
 patches/progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch   |   97 ++++++++++
 patches/progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch |   82 ++++++++
 patches/series                                                     |    2 
 5 files changed, 230 insertions(+), 4 deletions(-)

diff -Nru gnupg2-2.2.15/debian/changelog gnupg2-2.2.15/debian/changelog
--- gnupg2-2.2.15/debian/changelog	2019-04-01 13:56:09.000000000 +0000
+++ gnupg2-2.2.15/debian/changelog	2019-04-01 18:36:19.000000000 +0000
@@ -1,3 +1,17 @@
+gnupg2 (2.2.15-1~progress5+u1) engywuck-backports; urgency=medium
+
+  * Uploading to engywuck-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Setting default RSA key lenght to 4096 in gpgsm.
+    - Setting default RSA key lenght to 4096 in gpg.
+  * Merging upstream version 2.2.15.
+  * Merging debian version 2.2.15-1.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 01 Apr 2019 20:36:19 +0200
+
 gnupg2 (2.2.15-1) experimental; urgency=medium
 
   * new upstream release (still in experimental, due to freeze)
@@ -5,6 +19,20 @@
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Mon, 01 Apr 2019 09:56:09 -0400
 
+gnupg2 (2.2.14-1~progress5+u1) engywuck-backports; urgency=medium
+
+  * Uploading to engywuck-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Setting default RSA key lenght to 4096 in gpgsm.
+    - Setting default RSA key lenght to 4096 in gpg.
+  * Merging upstream version 2.2.14.
+  * Merging debian version 2.2.14-1.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Thu, 21 Mar 2019 02:56:09 +0100
+
 gnupg2 (2.2.14-1) experimental; urgency=medium
 
   * new upstream release (to experimental, due to freeze)
@@ -14,6 +42,18 @@
 
  -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Wed, 20 Mar 2019 07:19:50 -0400
 
+gnupg2 (2.2.13-1~progress5+u1) engywuck-backports; urgency=medium
+
+  * Initial upload to engywuck-backports.
+  * Updating maintainer field.
+  * Updating uploaders field.
+  * Updating bugs field.
+  * Updating vcs fields.
+  * Setting default RSA key lenght to 4096 in gpgsm.
+  * Setting default RSA key lenght to 4096 in gpg.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Thu, 21 Mar 2019 02:52:00 +0100
+
 gnupg2 (2.2.13-1) unstable; urgency=medium
 
   * New upstream release (Closes: #919856)
diff -Nru gnupg2-2.2.15/debian/control gnupg2-2.2.15/debian/control
--- gnupg2-2.2.15/debian/control	2019-04-01 13:53:39.000000000 +0000
+++ gnupg2-2.2.15/debian/control	2019-04-01 18:36:19.000000000 +0000
@@ -1,10 +1,13 @@
 Source: gnupg2
 Section: utils
 Priority: optional
-Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
-Uploaders:
+Maintainer: Progress Linux Maintainers <maintainers@lists.progress-linux.org>
+XSBC-Uploaders: Daniel Baumann <daniel.baumann@progress-linux.org>
+XSBC-Original-Maintainer: Debian GnuPG Maintainers <pkg-gnupg-maint@lists.alioth.debian.org>
+XSBC-Original-Uploaders:
  Eric Dorland <eric@debian.org>,
  Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+Bugs: mailto:maintainers@lists.progress-linux.org
 Standards-Version: 4.3.0
 Build-Depends:
  automake,
@@ -41,8 +44,10 @@
  libnpth-mingw-w64-dev (>= 1.2),
  libz-mingw-w64-dev,
  mingw-w64,
-Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/experimental
-Vcs-Browser: https://salsa.debian.org/debian/gnupg2
+Vcs-Browser: https://git.progress-linux.org/distributions/engywuck-backports/packages/gnupg2
+Vcs-Git: https://git.progress-linux.org/distributions/engywuck-backports/packages/gnupg2
+XSBC-Original-Vcs-Browser: https://salsa.debian.org/debian/gnupg2
+XSBC-Original-Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/experimental
 Homepage: https://www.gnupg.org/
 Rules-Requires-Root: no
 
diff -Nru gnupg2-2.2.15/debian/patches/progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch gnupg2-2.2.15/debian/patches/progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch
--- gnupg2-2.2.15/debian/patches/progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.2.15/debian/patches/progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch	2019-04-01 18:36:19.000000000 +0000
@@ -0,0 +1,97 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Subject: gpgsm: default to 4096-bit keys.
+
+diff -Naurp gnupg2.orig/doc/gpgsm.texi gnupg2/doc/gpgsm.texi
+--- gnupg2.orig/doc/gpgsm.texi
++++ gnupg2/doc/gpgsm.texi
+@@ -1082,7 +1082,7 @@ key. The algorithm must be capable of si
+ parameter.  The only supported value for @var{algo} is @samp{rsa}.
+ 
+ @item Key-Length: @var{nbits}
+-The requested length of a generated key in bits.  Defaults to 3072.
++The requested length of a generated key in bits.  Defaults to 4096.
+ 
+ @item Key-Grip: @var{hexstring}
+ This is optional and used to generate a CSR or certificate for an
+diff -Naurp gnupg2.orig/doc/howto-create-a-server-cert.texi gnupg2/doc/howto-create-a-server-cert.texi
+--- gnupg2.orig/doc/howto-create-a-server-cert.texi
++++ gnupg2/doc/howto-create-a-server-cert.texi
+@@ -31,12 +31,12 @@ Let's continue:
+ 
+ @cartouche
+ @example
+-  What keysize do you want? (3072)
+-  Requested keysize is 3072 bits
++  What keysize do you want? (4096)
++  Requested keysize is 4096 bits
+ @end example
+ @end cartouche
+ 
+-Hitting enter chooses the default RSA key size of 3072 bits.  Keys
++Hitting enter chooses the default RSA key size of 4096 bits.  Keys
+ smaller than 2048 bits are too weak on the modern Internet.  If you
+ choose a larger (stronger) key, your server will need to do more work.
+ 
+@@ -124,7 +124,7 @@ request:
+ @example
+   These parameters are used:
+       Key-Type: RSA
+-      Key-Length: 3072
++      Key-Length: 4096
+       Key-Usage: sign, encrypt
+       Name-DN: CN=example.com
+       Name-DNS: example.com
+@@ -224,7 +224,7 @@ To see the content of your certificate,
+             aka: (dns-name example.com)
+             aka: (dns-name www.example.com)
+        validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51
+-       key type: 3072 bit RSA
++       key type: 4096 bit RSA
+       key usage: digitalSignature keyEncipherment
+   ext key usage: clientAuth (suggested), serverAuth (suggested), [...]
+     fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57
+diff -Naurp gnupg2.orig/sm/certreqgen.c gnupg2/sm/certreqgen.c
+--- gnupg2.orig/sm/certreqgen.c
++++ gnupg2/sm/certreqgen.c
+@@ -26,7 +26,7 @@
+      $ cat >foo <<EOF
+      %echo Generating a standard key
+      Key-Type: RSA
+-     Key-Length: 3072
++     Key-Length: 4096
+      Name-DN: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Ddorf,C=DE
+      Name-Email: joe@foo.bar
+      # Do a commit here, so that we can later print a "done"
+@@ -468,7 +468,7 @@ proc_parameters (ctrl_t ctrl, struct par
+   /* Check the keylength.  NOTE: If you change this make sure that it
+      macthes the gpgconflist item in gpgsm.c  */
+   if (!get_parameter (para, pKEYLENGTH, 0))
+-    nbits = 3072;
++    nbits = 4096;
+   else
+     nbits = get_parameter_uint (para, pKEYLENGTH);
+   if ((nbits < 1024 || nbits > 4096) && !cardkeyid)
+diff -Naurp gnupg2.orig/sm/certreqgen-ui.c gnupg2/sm/certreqgen-ui.c
+--- gnupg2.orig/sm/certreqgen-ui.c
++++ gnupg2/sm/certreqgen-ui.c
+@@ -138,7 +138,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estre
+   unsigned int nbits;
+   int minbits = 1024;
+   int maxbits = 4096;
+-  int defbits = 3072;
++  int defbits = 4096;
+   const char *keyusage;
+   char *subject_name;
+   membuf_t mb_email, mb_dns, mb_uri, mb_result;
+diff -Naurp gnupg2.orig/sm/gpgsm.c gnupg2/sm/gpgsm.c
+--- gnupg2.orig/sm/gpgsm.c
++++ gnupg2/sm/gpgsm.c
+@@ -1800,7 +1800,7 @@ main ( int argc, char **argv)
+         /* The next one is an info only item and should match what
+            proc_parameters actually implements.  */
+         es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT,
+-                   "RSA-3072");
++                   "RSA-4096");
+         es_printf ("compliance:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, "gnupg");
+ 
+       }
diff -Nru gnupg2-2.2.15/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch gnupg2-2.2.15/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch
--- gnupg2-2.2.15/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch	1970-01-01 00:00:00.000000000 +0000
+++ gnupg2-2.2.15/debian/patches/progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch	2019-04-01 18:36:19.000000000 +0000
@@ -0,0 +1,82 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Subject: gpg: default to 4096-bit RSA keys.
+
+diff -Naurp gnupg2.orig/agent/command.c gnupg2/agent/command.c
+--- gnupg2.orig/agent/command.c
++++ gnupg2/agent/command.c
+@@ -843,7 +843,7 @@ static const char hlp_genkey[] =
+   "\n"
+   "  C: GENKEY\n"
+   "  S: INQUIRE KEYPARAM\n"
+-  "  C: D (genkey (rsa (nbits 3072)))\n"
++  "  C: D (genkey (rsa (nbits 4096)))\n"
+   "  C: END\n"
+   "  S: D (public-key\n"
+   "  S: D   (rsa (n 326487324683264) (e 10001)))\n"
+diff -Naurp gnupg2.orig/doc/wks.texi gnupg2/doc/wks.texi
+--- gnupg2.orig/doc/wks.texi
++++ gnupg2/doc/wks.texi
+@@ -404,10 +404,10 @@ the submission address:
+ The output of the last command looks similar to this:
+ 
+ @example
+-  sec   rsa3072 2016-08-30 [SC]
++  sec   rsa4096 2016-08-30 [SC]
+         C0FCF8642D830C53246211400346653590B3795B
+   uid           [ultimate] key-submission@@example.net
+-  ssb   rsa3072 2016-08-30 [E]
++  ssb   rsa4096 2016-08-30 [E]
+ @end example
+ 
+ Take the fingerprint from that output and manually publish the key:
+diff -Naurp gnupg2.orig/g10/keygen.c gnupg2/g10/keygen.c
+--- gnupg2.orig/g10/keygen.c
++++ gnupg2/g10/keygen.c
+@@ -49,7 +49,7 @@
+ /* The default algorithms.  If you change them, you should ensure the value
+    is inside the bounds enforced by ask_keysize and gen_xxx.  See also
+    get_keysize_range which encodes the allowed ranges.  */
+-#define DEFAULT_STD_KEY_PARAM  "rsa3072/cert,sign+rsa3072/encr"
++#define DEFAULT_STD_KEY_PARAM  "rsa4096/cert,sign+rsa4096/encr"
+ #define FUTURE_STD_KEY_PARAM   "ed25519/cert,sign+cv25519/encr"
+ 
+ /* When generating keys using the streamlined key generation dialog,
+@@ -1647,7 +1647,7 @@ gen_rsa (int algo, unsigned int nbits, K
+ 
+   if (nbits < 1024)
+     {
+-      nbits = 3072;
++      nbits = 4096;
+       log_info (_("keysize invalid; using %u bits\n"), nbits );
+     }
+   else if (nbits > maxsize)
+@@ -2116,7 +2116,7 @@ get_keysize_range (int algo, unsigned in
+     default:
+       *min = opt.compliance == CO_DE_VS ? 2048: 1024;
+       *max = 4096;
+-      def = 3072;
++      def = 4096;
+       break;
+     }
+ 
+diff -Naurp gnupg2.orig/g10/keyid.c gnupg2/g10/keyid.c
+--- gnupg2.orig/g10/keyid.c
++++ gnupg2/g10/keyid.c
+@@ -73,7 +73,7 @@ pubkey_letter( int algo )
+    is copied to the supplied buffer up a length of BUFSIZE-1.
+    Examples for the output are:
+ 
+-   "rsa3072"  - RSA with 3072 bit
++   "rsa4096"  - RSA with 4096 bit
+    "elg1024"  - Elgamal with 1024 bit
+    "ed25519"  - ECC using the curve Ed25519.
+    "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
+@@ -83,7 +83,7 @@ pubkey_letter( int algo )
+    If the option --legacy-list-mode is active, the output use the
+    legacy format:
+ 
+-   "3072R" - RSA with 3072 bit
++   "4096R" - RSA with 4096 bit
+    "1024g" - Elgamal with 1024 bit
+    "256E"  - ECDSA using a curve with 256 bit
+ 
diff -Nru gnupg2-2.2.15/debian/patches/series gnupg2-2.2.15/debian/patches/series
--- gnupg2-2.2.15/debian/patches/series	2019-04-01 13:55:43.000000000 +0000
+++ gnupg2-2.2.15/debian/patches/series	2019-04-01 18:36:19.000000000 +0000
@@ -15,3 +15,5 @@
 show-revocation-cert/gpg-Print-revocation-certificate-details-when-showing-wit.patch
 Make-gpg-zip-use-tar-from-PATH.patch
 fix-spelling.patch
+progress-linux/0001-gpgsm-default-to-4096-bit-keys.patch
+progress-linux/0002-gpg-default-to-4096-bit-RSA-keys.patch