pool/gpg2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fb0ed03b15
gpg2/gnupg-revert-rfc4880bis.patch
Pedro Monreal Gonzalez fb0ed03b15 Accepting request 1112814 from home:pmonrealgonzalez:branches:Base:System 
- Install the systemd user units in the _userunitdir [bsc#1201564]
  * Note that, there is no activation by default.

- Temporarily revert back to the pre-2.4 default for key generation.
  The new rfc4880bis has been set as the default in 2.4 version and
  might create incompatible keys. Note that, rfc4880bis can still
  be used with the option flag --rfc4880bis as in previous versions.
  * More info in the gnupg-devel ML:
    https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html
  * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9
  * Add gnupg-revert-rfc4880bis.patch

- Allow 8192 bit RSA keys in keygen UI when large_rsa is set
  * Add gnupg-allow-large-rsa.patch

- Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313
  * The original patch has been modified to expand the changes
    also to the tests/gpgme/Makefile.in file.
  * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch

- Updated to require libgpg-error-devel >= 1.46
- Rebased patches:
  * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
  * gnupg-add_legacy_FIPS_mode_option.patch
- GnuPG 2.4.0:
  * common: Fix translations in --help for gpgrt < 1.47.
  * gpg: Do not continue the export after a cancel for the primary key.
  * gpg: Replace use of PRIu64 in log_debug.
  * Update NEWS for 2.4.0.
  * tests: Fix make check with GPGME.

OBS-URL: https://build.opensuse.org/request/show/1112814
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=289
2023-09-25 10:24:20 +00:00

203 lines
6.7 KiB
Diff
Raw Blame History

From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 31 Oct 2022 16:14:18 +0100
Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
* g10/gpg.c (oRFC4880bis): Remove.
(opts): Make --rfc4880bis a Noop.
(compliance_options): Make rfc4880bis to gnupg.
(set_compliance_option): Remove rfc4880bis stuff.
(main): Ditto. Note that this now activates the --mimemode option.
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
(keygen_upd_std_prefs): Always announce support for v5 keys.
(read_parameter_file): Activate the v4 and v5 keywords.
--
Index: gnupg-2.4.0/g10/gpg.c
===================================================================
--- gnupg-2.4.0.orig/g10/gpg.c
+++ gnupg-2.4.0/g10/gpg.c
@@ -246,6 +246,7 @@ enum cmd_and_opt_values
oGnuPG,
oRFC2440,
oRFC4880,
+ oRFC4880bis,
oOpenPGP,
oPGP7,
oPGP8,
@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = {
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
ARGPARSE_group (302, N_(
@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co
{
{ "gnupg", oGnuPG },
{ "openpgp", oOpenPGP },
- { "rfc4880bis", oGnuPG },
+ { "rfc4880bis", oRFC4880bis },
{ "rfc4880", oRFC4880 },
{ "rfc2440", oRFC2440 },
{ "pgp6", oPGP7 },
@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co
static void
set_compliance_option (enum cmd_and_opt_values option)
{
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
+
switch (option)
{
+ case oRFC4880bis:
+ opt.flags.rfc4880bis = 1;
+ opt.compliance = CO_RFC4880;
+ opt.flags.dsa2 = 1;
+ opt.flags.require_cross_cert = 1;
+ opt.rfc2440_text = 0;
+ opt.allow_non_selfsigned_uid = 1;
+ opt.allow_freeform_uid = 1;
+ opt.escape_from = 1;
+ opt.not_dash_escaped = 0;
+ opt.def_cipher_algo = 0;
+ opt.def_digest_algo = 0;
+ opt.cert_digest_algo = 0;
+ opt.compress_algo = -1;
+ opt.s2k_mode = 3; /* iterated+salted */
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
+ break;
case oOpenPGP:
case oRFC4880:
/* This is effectively the same as RFC2440, but with
@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_
case oPGP8: opt.compliance = CO_PGP8; break;
case oGnuPG:
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
break;
case oDE_VS:
@@ -2470,6 +2492,7 @@ main (int argc, char **argv)
opt.emit_version = 0;
opt.weak_digests = NULL;
opt.compliance = CO_GNUPG;
+ opt.flags.rfc4880bis = 1;
/* Check special options given on the command line. */
orig_argc = argc;
@@ -3008,6 +3031,7 @@ main (int argc, char **argv)
case oOpenPGP:
case oRFC2440:
case oRFC4880:
+ case oRFC4880bis:
case oPGP7:
case oPGP8:
case oGnuPG:
@@ -3832,6 +3856,11 @@ main (int argc, char **argv)
if( may_coredump && !opt.quiet )
log_info(_("WARNING: program may create a core file!\n"));
+ if (!opt.flags.rfc4880bis)
+ {
+ opt.mimemode = 0; /* This will use text mode instead. */
+ }
+
if (eyes_only) {
if (opt.set_filename)
log_info(_("WARNING: %s overrides %s\n"),
@@ -4057,7 +4086,7 @@ main (int argc, char **argv)
/* Check our chosen algorithms against the list of legal
algorithms. */
- if(!GNUPG)
+ if(!GNUPG && !opt.flags.rfc4880bis)
{
const char *badalg=NULL;
preftype_t badtype=PREFTYPE_NONE;
Index: gnupg-2.4.0/g10/keygen.c
===================================================================
--- gnupg-2.4.0.orig/g10/keygen.c
+++ gnupg-2.4.0/g10/keygen.c
@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string
strcat(dummy_string,"S7 ");
strcat(dummy_string,"S2 "); /* 3DES */
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
strcat(dummy_string,"A2 ");
if (personal)
@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig
/* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available);
add_feature_aead (sig, aead_available);
- add_feature_v5 (sig, 1);
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
add_keyserver_modify (sig,ks_modify);
keygen_add_keyserver_url(sig,NULL);
@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl,
}
}
else if (!ascii_strcasecmp (s, "v5"))
- keyversion = 5;
+ {
+ if (opt.flags.rfc4880bis)
+ keyversion = 5;
+ }
else if (!ascii_strcasecmp (s, "v4"))
keyversion = 4;
else
@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl,
* ecdsa := Use algorithm ECDSA.
* eddsa := Use algorithm EdDSA.
* ecdh := Use algorithm ECDH.
- * v5 := Create version 5 key
+ * v5 := Create version 5 key (requires option --rfc4880bis)
*
* There are several defaults and fallbacks depending on the
* algorithm. PART can be used to select which part of STRING is
@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const
}
}
- if ((keywords[i].key == pVERSION
- || keywords[i].key == pSUBVERSION))
- ; /* Ignore version. */
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
+ || keywords[i].key == pSUBVERSION))
+ ; /* Ignore version unless --rfc4880bis is active. */
else
{
r = xmalloc_clear( sizeof *r + strlen( value ) );
@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p
para = r;
}
- r = xmalloc_clear (sizeof *r + 20);
- r->key = for_subkey? pSUBVERSION : pVERSION;
- snprintf (r->u.value, 20, "%d", version);
- r->next = para;
- para = r;
+ if (opt.flags.rfc4880bis)
+ {
+ r = xmalloc_clear (sizeof *r + 20);
+ r->key = for_subkey? pSUBVERSION : pVERSION;
+ snprintf (r->u.value, 20, "%d", version);
+ r->next = para;
+ para = r;
+ }
if (keytime)
{
Reference in New Issue View Git Blame Copy Permalink