Security fix

# Please enter the commit message for your changes. Lines starting

gnupg-2.4.5.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f68f7d75d06cb1635c336d34d844af97436c3f64ea14bcb7c869782f96f44277
-size 7889060

gnupg-CVE-2025-68973.patch

@@ -0,0 +1,102 @@
+From 115d138ba599328005c5321c0ef9f00355838ca9 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Thu, 23 Oct 2025 11:36:04 +0200
+Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser.
+
+* g10/armor.c (armor_filter): Fix faulty double increment.
+
+* common/iobuf.c (underflow_target): Assert that the filter
+implementations behave well.
+--
+
+This fixes a bug in a code path which can only be reached with special
+crafted input data and would then error out at an upper layer due to
+corrupt input (every second byte in the buffer is unitialized
+garbage).  No fuzzing has yet hit this case and we don't have a test
+case for this code path.  However memory corruption can never be
+tolerated as it always has the protential for remode code execution.
+
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073
+which fixed
+Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f
+
+The bug was introduced on 1999-01-07 by me:
+* armor.c: Rewrote large parts.
+which I fixed on 1999-03-02 but missed to fix the other case:
+* armor.c (armor_filter): Fixed armor bypassing.
+
+Below is base64+gzipped test data which can be used with valgrind to
+show access to uninitalized memory in write(2) in the unpatched code.
+
+--8<---------------cut here---------------start------------->8---
+H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze
+a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA
+gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA==
+--8<---------------cut here---------------end--------------->8---
+---
+ common/iobuf.c | 6 ++++++
+ g10/armor.c    | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+Index: gnupg-2.5.5/common/iobuf.c
+===================================================================
+--- gnupg-2.5.5.orig/common/iobuf.c
++++ gnupg-2.5.5/common/iobuf.c
+@@ -2041,6 +2041,8 @@ underflow_target (iobuf_t a, int clear_p
+ 	rc = 0;
+       else
+       {
++	size_t tmplen;
++
+ 	/* If no buffered data and drain buffer has been setup, and drain
+ 	 * buffer is largish, read data directly to drain buffer. */
+ 	if (a->d.len == 0
+@@ -2053,8 +2055,10 @@ underflow_target (iobuf_t a, int clear_p
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
++	    tmplen = len;  /* Used to check for bugs in the filter.  */
+ 	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    a->e_d.buf, &len);
++	    log_assert (len <= tmplen);
+ 	    a->e_d.used = len;
+ 	    len = 0;
+ 	  }
+@@ -2064,8 +2068,10 @@ underflow_target (iobuf_t a, int clear_p
+ 	      log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n",
+ 			 a->no, a->subno, (ulong)len);
+ 
++	    tmplen = len;
+ 	    rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain,
+ 			    &a->d.buf[a->d.len], &len);
++	    log_assert (len <= tmplen);
+ 	  }
+       }
+       a->d.len += len;
+Index: gnupg-2.5.5/g10/armor.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/armor.c
++++ gnupg-2.5.5/g10/armor.c
+@@ -1314,8 +1314,8 @@ armor_filter( void *opaque, int control,
+ 	n = 0;
+ 	if( afx->buffer_len ) {
+             /* Copy the data from AFX->BUFFER to BUF.  */
+-	    for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
+-		buf[n++] = afx->buffer[afx->buffer_pos++];
++            for(; n < size && afx->buffer_pos < afx->buffer_len;)
++                buf[n++] = afx->buffer[afx->buffer_pos++];
+ 	    if( afx->buffer_pos >= afx->buffer_len )
+ 		afx->buffer_len = 0;
+ 	}

gnupg-CVE-2026-24882.patch

@@ -0,0 +1,59 @@
+From 93fa34d9a346020355cd51d54102d30d4f177323 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 26 Jan 2026 11:13:44 +0100
+Subject: [PATCH 1996/2000] tpm: Fix possible buffer overflow in PKDECRYPT
+
+* tpm2d/tpm2.c (tpm2_ecc_decrypt): Bail out on too long CIPHERTEXT.
+(tpm2_rsa_decrypt): Ditto.
+--
+
+GnuPG-bug-id: 8045
+Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
+Reported-by: OpenAI Security Research
+
+diff --git a/tpm2d/tpm2.c b/tpm2d/tpm2.c
+index a4677fb98..282de5e5d 100644
+--- a/tpm2d/tpm2.c
++++ b/tpm2d/tpm2.c
+@@ -951,10 +951,20 @@ tpm2_ecc_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+   size_t len;
+   int ret;
+ 
++#if defined(TPM2_MAX_ECC_KEY_BYTES) /* Intel stack */
++  if (ciphertext_len > 2*TPM2_MAX_ECC_KEY_BYTES + 1)
++    return GPG_ERR_TOO_LARGE;
++#elif defined(MAX_ECC_KEY_BYTES)    /* IBM stack */
++  if (ciphertext_len > 2*MAX_ECC_KEY_BYTES + 1)
++    return GPG_ERR_TOO_LARGE;
++#else
++# error TMP2 header are not correctly installed
++#endif
++
+   /* This isn't really a decryption per se.  The ciphertext actually
+    * contains an EC Point which we must multiply by the private key number.
+    *
+-   * The reason is to generate a diffe helman agreement on a shared
++   * The reason is to generate a diffie-hellman agreement on a shared
+    * point.  This shared point is then used to generate the per
+    * session encryption key.
+    */
+@@ -1010,6 +1020,16 @@ tpm2_rsa_decrypt (ctrl_t ctrl, TSS_CONTEXT *tssc, TPM_HANDLE key,
+   TPM_HANDLE ah;
+   char *auth;
+ 
++#if defined(TPM2_MAX_RSA_KEY_BYTES)  /* Intel stack */
++  if (ciphertext_len > TPM2_MAX_RSA_KEY_BYTES)
++    return GPG_ERR_TOO_LARGE;
++#elif defined(MAX_RSA_KEY_BYTES)     /* IBM stack */
++  if (ciphertext_len > MAX_RSA_KEY_BYTES)
++    return GPG_ERR_TOO_LARGE;
++#else
++# error TMP2 header are not correctly installed
++#endif
++
+   inScheme.scheme = TPM_ALG_RSAES;
+   /*
+    * apparent gcrypt error: occasionally rsa ciphertext will
+-- 
+2.52.0
+

gnupg-CVE-2026-24883.patch

@@ -0,0 +1,56 @@
+From 11b7e4139e82fcd0cee72f38964444a17c812547 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 26 Jan 2026 11:56:47 +0100
+Subject: [PATCH] gpg: Fix possible NULL-deref with overlong
+ signature packets.
+
+* g10/parse-packet.c (parse_signature): Retrun an error for overlong
+subpacket area
+--
+
+GnuPG-bug-id: 8049
+Updates-commit: 36dbca3e6944d13e75e96eace634e58a7d7e201d
+Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
+Resported-by: OpenAI Security Research
+
+A way to generate too long signature packets is:
+
+  $ echo hallo | gpg -z0 -s -o x30001.sig \
+    -N foo@gnupg.org="$(awk 'BEGIN{for(i=0;i<29917;i++){printf"a"}}')"
+
+This is just one byte too long.
+
+diff --git a/g10/parse-packet.c b/g10/parse-packet.c
+index 22db04291..d7311e434 100644
+--- a/g10/parse-packet.c
++++ b/g10/parse-packet.c
+@@ -2212,6 +2212,10 @@ parse_revkeys (PKT_signature * sig)
+ }
+ 
+ 
++/* Note that the function returns -1 to indicate an EOF (which also
++ * indicates a broken packet in this case.  In most other cases
++ * GPG_ERR_INV_PACKET is returned and callers of parse_packet will
++ * usually skipt this packet then.  */
+ int
+ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+ 		 PKT_signature * sig)
+@@ -2287,6 +2291,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+           if (list_mode)
+             es_fprintf (listfp,
+                         ":signature packet: [hashed data too long (%u)]\n", n);
++          rc = GPG_ERR_INV_PACKET;
+ 	  goto leave;
+ 	}
+       if (n)
+@@ -2318,6 +2323,7 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
+             es_fprintf (listfp,
+                         ":signature packet: [unhashed data too long (%u)]\n",
+                         n);
++          rc = GPG_ERR_INV_PACKET;
+ 	  goto leave;
+ 	}
+       if (n)
+-- 
+2.52.0
+

gnupg-accepts-path-separators-literal-data.patch

@@ -0,0 +1,67 @@
+commit ad0c6c33c3d6fe7ff7cc8c2e73d02ead5788e5b3
+Author: Werner Koch <wk@gnupg.org>
+Date:   Mon Oct 27 12:43:27 2025 +0100
+
+    gpg: Do not use a default when asking for another output filename.
+    
+    * g10/options.h (COMPAT_SUGGEST_EMBEDDED_NAME): New.
+    * g10/gpg.c (compatibility_flags): New flags "suggest-embedded-name".
+    * g10/openfile.c (ask_outfile_name): Do not show a default unless the
+    compatibiliy flag is used.
+
+Index: gnupg-2.5.5/g10/gpg.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/gpg.c
++++ gnupg-2.5.5/g10/gpg.c
+@@ -1057,6 +1057,7 @@ static struct compatibility_flags_s comp
+     { COMPAT_PARALLELIZED, "parallelized" },
+     { COMPAT_T7014_OLD,    "t7014-old" },
+     { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
++    { COMPAT_SUGGEST_EMBEDDED_NAME, "suggest-embedded-name" },
+     { 0, NULL }
+   };
+ 
+Index: gnupg-2.5.5/g10/openfile.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/openfile.c
++++ gnupg-2.5.5/g10/openfile.c
+@@ -125,7 +125,7 @@ make_outfile_name (const char *iname)
+    NAMELEN is its actual length.
+  */
+ char *
+-ask_outfile_name( const char *name, size_t namelen )
++ask_outfile_name (const char *name, size_t namelen)
+ {
+   size_t n;
+   const char *s;
+@@ -136,8 +136,14 @@ ask_outfile_name( const char *name, size
+   if ( opt.batch )
+     return NULL;
+ 
+-  defname = name && namelen? make_printable_string (name, namelen, 0) : NULL;
+-
++  /* To avoid tricking the user into using the embedded filename we do
++   * not anymore include that name in the prompt as default.  For
++   * modern v5 signature this might make sense as they are now covered
++   * by the signature but we better leave such a decision to a GUI.  */
++  if (name && namelen && (opt.compat_flags & COMPAT_SUGGEST_EMBEDDED_NAME))
++    defname = make_printable_string (name, namelen, 0);
++  else
++    defname = NULL;
+   s = _("Enter new filename");
+   n = strlen(s) + (defname?strlen (defname):0) + 10;
+   prompt = xmalloc (n);
+Index: gnupg-2.5.5/g10/options.h
+===================================================================
+--- gnupg-2.5.5.orig/g10/options.h
++++ gnupg-2.5.5/g10/options.h
+@@ -398,6 +398,9 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
+ #define COMPAT_PARALLELIZED   1  /* Use threaded hashing for signatures.  */
+ #define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
+ #define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
++#define COMPAT_SUGGEST_EMBEDDED_NAME 16 /* Show the non-signed
++                                         * embedded filename as
++                                         * suggestion.  */
+ 
+ /* Compliance test macros.  */
+ #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)

gnupg-add_legacy_FIPS_mode_option.patch

@@ -3,11 +3,11 @@
  g10/gpg.c    |    9 +++++++++
  2 files changed, 27 insertions(+)
 
-Index: gnupg-2.4.2/doc/gpg.texi
+Index: gnupg-2.5.4/doc/gpg.texi
 ===================================================================
---- gnupg-2.4.2.orig/doc/gpg.texi
-+++ gnupg-2.4.2/doc/gpg.texi
-@@ -2285,6 +2285,24 @@ implies, this option is for experts only
+--- gnupg-2.5.4.orig/doc/gpg.texi
++++ gnupg-2.5.4/doc/gpg.texi
+@@ -2340,6 +2340,24 @@ implies, this option is for experts only
  understand the implications of what it allows you to do, leave this
  off. @option{--no-expert} disables this option.
  
@@ -32,11 +32,11 @@ Index: gnupg-2.4.2/doc/gpg.texi
  @end table
  
  
-Index: gnupg-2.4.2/g10/gpg.c
+Index: gnupg-2.5.4/g10/gpg.c
 ===================================================================
---- gnupg-2.4.2.orig/g10/gpg.c
-+++ gnupg-2.4.2/g10/gpg.c
-@@ -446,6 +446,7 @@ enum cmd_and_opt_values
+--- gnupg-2.5.4.orig/g10/gpg.c
++++ gnupg-2.5.4/g10/gpg.c
+@@ -455,6 +455,7 @@ enum cmd_and_opt_values
      oForceSignKey,
      oForbidGenKey,
      oRequireCompliance,
@@ -44,15 +44,15 @@ Index: gnupg-2.4.2/g10/gpg.c
      oCompatibilityFlags,
      oAddDesigRevoker,
      oAssertSigner,
-@@ -886,6 +887,7 @@ static gpgrt_opt_t opts[] = {
+@@ -907,6 +908,7 @@ static gpgrt_opt_t opts[] = {
    ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"),
    ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"),
    ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"),
 +  ARGPARSE_s_n (oSetLegacyFips, "set-legacy-fips", "@"),
+   ARGPARSE_s_n (oRequirePQCEncryption, "require-pqc-encryption", "@"),
+   ARGPARSE_s_n (oDisablePQCEncryption, "disable-pqc-encryption", "@"),
  
- 
-   ARGPARSE_header (NULL, N_("Options for unattended use")),
-@@ -3756,6 +3758,14 @@ main (int argc, char **argv)
+@@ -3865,6 +3867,14 @@ main (int argc, char **argv)
              keybox_set_buffersize (pargs.r.ret_ulong, 0);
              break;
  

gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch

@@ -17,19 +17,19 @@ Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  g10/import.c | 49 +++++++++++--------------------------------------
  1 file changed, 11 insertions(+), 38 deletions(-)
 
-Index: gnupg-2.4.0/g10/import.c
+Index: gnupg-2.5.4/g10/import.c
 ===================================================================
---- gnupg-2.4.0.orig/g10/import.c
-+++ gnupg-2.4.0/g10/import.c
-@@ -1954,7 +1954,6 @@ import_one_real (ctrl_t ctrl,
-   size_t an;
+--- gnupg-2.5.4.orig/g10/import.c
++++ gnupg-2.5.4/g10/import.c
+@@ -1996,7 +1996,6 @@ import_one_real (ctrl_t ctrl,
+   int non_self_or_utk = 0;
    char pkstrbuf[PUBKEY_STRING_SIZE];
    int merge_keys_done = 0;
 -  int any_filter = 0;
    KEYDB_HANDLE hd = NULL;
  
    if (r_valid)
-@@ -1991,14 +1990,6 @@ import_one_real (ctrl_t ctrl,
+@@ -2033,14 +2032,6 @@ import_one_real (ctrl_t ctrl,
        log_printf ("\n");
      }
  
@@ -44,7 +44,7 @@ Index: gnupg-2.4.0/g10/import.c
    if (screener && screener (keyblock, screener_arg))
      {
        log_error (_("key %s: %s\n"), keystr_from_pk (pk),
-@@ -2078,18 +2069,10 @@ import_one_real (ctrl_t ctrl,
+@@ -2134,18 +2125,10 @@ import_one_real (ctrl_t ctrl,
  	  }
      }
  
@@ -67,7 +67,7 @@ Index: gnupg-2.4.0/g10/import.c
  
    /* Get rid of deleted nodes.  */
    commit_kbnode (&keyblock);
-@@ -2099,24 +2082,11 @@ import_one_real (ctrl_t ctrl,
+@@ -2155,24 +2138,11 @@ import_one_real (ctrl_t ctrl,
      {
        apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
        commit_kbnode (&keyblock);
@@ -92,7 +92,7 @@ Index: gnupg-2.4.0/g10/import.c
      }
  
    /* The keyblock is valid and ready for real import.  */
-@@ -2174,6 +2144,13 @@ import_one_real (ctrl_t ctrl,
+@@ -2234,6 +2204,13 @@ import_one_real (ctrl_t ctrl,
        err = 0;
        stats->skipped_new_keys++;
      }

gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch

@@ -0,0 +1,39 @@
+From 018a2289ba8e4c23f4e800ed997abecd7c6a144d Mon Sep 17 00:00:00 2001
+From: Lucas Mulling via Gnupg-devel <gnupg-devel@gnupg.org>
+Date: Mon, 26 May 2025 10:05:21 +0200
+Subject: [PATCH GnuPG] dirmngr: Don't install expired sks certificate
+
+* dirmngr/Makefile.am (dist_pkgdata_DATA): Remove
+  sks-keyservers.netCA.pem.
+
+Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
+---
+ dirmngr/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: gnupg-2.5.5/dirmngr/Makefile.am
+===================================================================
+--- gnupg-2.5.5.orig/dirmngr/Makefile.am
++++ gnupg-2.5.5/dirmngr/Makefile.am
+@@ -29,7 +29,7 @@ EXTRA_DIST = OAUTHORS ONEWS ChangeLog-20
+ 
+ 
+ 
+-dist_pkgdata_DATA = sks-keyservers.netCA.pem
++dist_pkgdata_DATA =
+ 
+ bin_PROGRAMS = dirmngr dirmngr-client
+ 
+Index: gnupg-2.5.5/dirmngr/Makefile.in
+===================================================================
+--- gnupg-2.5.5.orig/dirmngr/Makefile.in
++++ gnupg-2.5.5/dirmngr/Makefile.in
+@@ -682,7 +682,7 @@ EXTRA_DIST = OAUTHORS ONEWS ChangeLog-20
+              dirmngr_ldap-w32info.rc dirmngr_ldap.w32-manifest.in \
+              dirmngr-client-w32info.rc dirmngr-client.w32-manifest.in
+ 
+-dist_pkgdata_DATA = sks-keyservers.netCA.pem
++dist_pkgdata_DATA =
+ 
+ # NB: AM_CFLAGS may also be used by tools running on the build
+ # platform to create source files.

gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch

@@ -0,0 +1,43 @@
+From db9705ef594d5a2baf0e95e13cf6170b621dfc51 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 22 Oct 2025 11:19:55 +0200
+Subject: [PATCH] gpg: Avoid potential downgrade to SHA1 in 3rd party key
+ signatures.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Always initialize
+IS_SELFSIG because it is later used to detect SHA1 non-selfsignatures.
+--
+
+The value of is_selfsig was also used to decide whether to reject a a
+SHA_signature if it is not a self-signature.  However, a code path
+exists where is_selfsig was set to stub_is_selfsig and not initilaized
+in this case.
+
+Fixes-commit: c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+---
+ g10/sig-check.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index e09be3d75..ff45f2e12 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -890,7 +890,7 @@ check_key_signature (ctrl_t ctrl, kbnode_t root, kbnode_t node,
+  * be found.  Returns GPG_ERR_BAD_SIGNATURE if the signature is bad.
+  * Other errors codes may be returned if something else goes wrong.
+  *
+- * IF IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
++ * If IS_SELFSIG is not NULL, sets *IS_SELFSIG to 1 if this is a
+  * self-signature (by the key's primary key) or 0 if not.
+  *
+  * If RET_PK is not NULL, returns a copy of the public key that
+@@ -910,6 +910,8 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
+   if (!is_selfsig)
+     is_selfsig = &stub_is_selfsig;
+ 
++  *is_selfsig = 0; /* Init early to comply with function description. */
++
+   rc = openpgp_pk_test_algo (sig->pubkey_algo);
+   if (rc)
+     return rc;

gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch

@@ -0,0 +1,140 @@
+From 8abc320f2a75d6c7339323a3cff8a8489199f49f Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Wed, 22 Oct 2025 12:39:15 +0200
+Subject: [PATCH] gpg: Error out on unverified output for non-detached
+ signatures.
+
+* g10/mainproc.c (do_proc_packets): Never reset the any.data flag.
+--
+
+Fixes-commit: 3b1b6f9d98b38480ba2074158fa640b881cdb97e
+Updates-commit: 69384568f66a48eff3968bb1714aa13925580e9f
+Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a
+
+When using
+
+  gpg --verify -o - msg.sig msg
+
+even with the --batch option the outout written to stdout or the file
+five to -o may not be what has been verified.  For example given a
+file "msg" with this content:
+
+--8<---------------cut here---------------start------------->8---
+It is a wise father that knows his own child.
+                -- William Shakespeare, "The Merchant of Venice"
+--8<---------------cut here---------------end--------------->8---
+
+and a manipulated "msg.sig" (named "msg-mod.sig") the output could be
+
+  $ gpg --verify -o -  --batch msg-mod.sig msg
+  The last thing one knows in constructing a work is what to put first.
+                  -- Blaise Pascal
+  gpg: Signature made Wed 22 Oct 2025 11:51:52 AM CEST
+  gpg:                using EDDSA key A7F91C6EB9395B25B4A9BAD25B9[...]
+  gpg: Good signature from "alice@example.org" [ultimate]
+
+The plaintext shown is ot what has been verified (i.e. the first
+quote) and may lead the user top wrong conclusions.
+
+But note: Using the output of the verify command for detached
+signatures is useless because with a non-manipulated signature nothing
+would haven been written.
+
+How to replicate the whole thing:
+
+1. Import this public key:
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEaPio6RYJKwYBBAHaRw8BAQdAt0yaE+e5CG9iLdEJnZqTv3QUj2/eoMuQR55/
+y4tbGr20EWFsaWNlQGV4YW1wbGUub3JniLUEExYKAF0WIQSn+RxuuTlbJbSputJb
+mJ0rJeN/3AUCaPio6RsUgAAAAAAEAA5tYW51MiwyLjUrMS4xMSwyLDICGwMFCQWj
+moAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQW5idKyXjf9x2WwD7BQrA
+0p7XnalGu83R+Kx7UvMvPnwwBb/P2CMlHlU5+TMBAICnsrHa/pFClAE3pA2io0rF
++9M55DF3gkYTkpIWf1YBuDgEaPio6RIKKwYBBAGXVQEFAQEHQHEcigLeQJiXMMui
+LDCFO9EVFQqt5wDu5fhyt8haLpVbAwEIB4iUBBgWCgA8FiEEp/kcbrk5WyW0qbrS
+W5idKyXjf9wFAmj4qOkbFIAAAAAABAAObWFudTIsMi41KzEuMTEsMiwyAhsMAAoJ
+EFuYnSsl43/czvIBANaamGqOQgF02ykNkP62wj/1iYuXn5bXHXRtmV7htjQiAQCO
+HZYHTrVSBoyYfT40zVFSFtydnlLAlFisZNuydwPPDw==
+=GjvX
+-----END PGP PUBLIC KEY BLOCK-----
+
+2. Unpack the first quote below and put it into the file "msg"
+-----BEGIN PGP ARMORED FILE-----
+Comment: Use "gpg --dearmor" for unpacking
+
+SXQgaXMgYSB3aXNlIGZhdGhlciB0aGF0IGtub3dzIGhpcyBvd24gY2hpbGQuCgkJ
+LS0gV2lsbGlhbSBTaGFrZXNwZWFyZSwgIlRoZSBNZXJjaGFudCBvZiBWZW5pY2Ui
+Cg==
+=0fUy
+-----END PGP ARMORED FILE-----
+
+3. Unpack the original signature into the file "msg.sig"
+-----BEGIN PGP ARMORED FILE-----
+
+iJEEABYKADkWIQSn+RxuuTlbJbSputJbmJ0rJeN/3AUCaPipOBsUgAAAAAAEAA5t
+YW51MiwyLjUrMS4xMSwyLDIACgkQW5idKyXjf9w6UwD/fS6X9bs36WXVN5BSANIA
+bhtHb8X4jZu4NFKk/ZSwUtIBANMdYO6F1kUMyFNZVZa4Yk12UmcClF9mXLBVlfeH
+RFkL
+=wCLE
+-----END PGP ARMORED FILE-----
+
+4. Unpack the modified signature into the file "msg-mod.sig"
+-----BEGIN PGP ARMORED FILE-----
+
+kA0DAAoWW5idKyXjf9wBy19iAGj4qrhUaGUgbGFzdCB0aGluZyBvbmUga25vd3Mg
+aW4gY29uc3RydWN0aW5nIGEgd29yayBpcyB3aGF0IHRvIHB1dCBmaXJzdC4KCQkt
+LSBCbGFpc2UgUGFzY2FsCoiRBAAWCgA5FiEEp/kcbrk5WyW0qbrSW5idKyXjf9wF
+Amj4qTgbFIAAAAAABAAObWFudTIsMi41KzEuMTEsMiwyAAoJEFuYnSsl43/cOlMA
+/30ul/W7N+ll1TeQUgDSAG4bR2/F+I2buDRSpP2UsFLSAQDTHWDuhdZFDMhTWVWW
+uGJNdlJnApRfZlywVZX3h0RZC8r/AAAAA1BHUA==
+=DafU
+-----END PGP ARMORED FILE-----
+
+Now run
+  gpg --verify -o -  msg.sig msg
+  gpg --verify -o -  msg-mod.sig msg
+
+after this pacth is applied the second command will output an error
+message "gpg: not a detached signature"
+
+The modification was to prepend a one-pass signature packet for alices
+signature and a a literal data packet with the second quote to the
+original signature and also append a marker packet or something other.
+gpgsplit is the tool of choice here.  Thus the packet composition of
+msg-mod.sig is:
+
+  :onepass_sig packet: keyid 5B989D2B25E37FDC
+          version 3, sigclass 0x00, digest 10, pubkey 22, last=1
+  :literal data packet:
+          mode b (62), created 1761127096, name="",
+          raw data: 89 bytes
+  :signature packet: algo 22, keyid 5B989D2B25E37FDC
+          version 4, created 1761126712, md5len 0, sigclass 0x00
+          [...]
+  :marker packet: PGP
+
+Kudos to the reporter for the detailed report.
+---
+ g10/mainproc.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/g10/mainproc.c b/g10/mainproc.c
+index e2703516c..8108a07b7 100644
+--- a/g10/mainproc.c
++++ b/g10/mainproc.c
+@@ -1838,10 +1838,14 @@ do_proc_packets (CTX c, iobuf_t a, int keep_dek_and_list)
+        * packet and not to reuse the current one ...  It works right
+        * when there is a compression packet between which adds just
+        * an extra layer.
++       *
++       * Note that we should not reset the any.data due to another
++       * packets.  Just set it once on seeing a plaintext.
++       *
+        * Hmmm: Rewrite this whole module here??
+        */
+       if (pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC)
+-        c->any.data = (pkt->pkttype == PKT_PLAINTEXT);
++        c->any.data |= (pkt->pkttype == PKT_PLAINTEXT);
+ 
+       if (newpkt == -1)
+         ;

gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch

@@ -0,0 +1,45 @@
+From 483f2ba02e70968e6c9f57afa0fc88f7566a76c4 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Fri, 2 May 2025 11:11:05 +0200
+Subject: [PATCH 0938/1000] gpg: Fix another regression due to the T7547 fix.
+
+* g10/getkey.c (get_pubkey_for_sig): Keep a requested
+PUBKEY_USAGE_CERT.
+(finish_lookup): For correctness in future use cases allow
+PUBKEY_USAGE_CERT to also trigger verify mode.
+--
+
+The case here was that a cert-only primary key was removed with
+export-clean.
+
+GnuPG-bug-id: 7583
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index e93c0a904..0fe17d054 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -341,8 +341,10 @@ get_pubkey_for_sig (ctrl_t ctrl, PKT_public_key *pk, PKT_signature *sig,
+   /* Make sure to request only keys cabable of signing.  This makes
+    * sure that a subkey w/o a valid backsig or with bad usage flags
+    * will be skipped.  We also request the verification mode so that
+-   * expired and reoked keys are returned.  */
+-  pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY);
++   * expired and revoked keys are returned.  We keep only a requested
++   * CERT usage in PK for the sake of key signatures.  */
++  pk->req_usage = (PUBKEY_USAGE_SIG | PUBKEY_USAGE_VERIFY
++                   | (pk->req_usage & PUBKEY_USAGE_CERT));
+ 
+   /* First try the ISSUER_FPR info.  */
+   fpr = issuer_fpr_raw (sig, &fprlen);
+@@ -3735,7 +3737,7 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
+   /* The verify mode is used to change the behaviour so that we can
+    * return an expired or revoked key for signature verification.  */
+   verify_mode = ((req_usage & PUBKEY_USAGE_VERIFY)
+-                 && (req_usage & PUBKEY_USAGE_SIG));
++                 && (req_usage & (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)));
+ 
+ #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
+   req_usage &= USAGE_MASK;
+-- 
+2.50.0
+

gnupg-nobetasuffix.patch

@@ -1,17 +1,17 @@
-Index: gnupg-2.4.3/autogen.sh
+Index: gnupg-2.5.1/autogen.sh
 ===================================================================
---- gnupg-2.4.3.orig/autogen.sh
-+++ gnupg-2.4.3/autogen.sh
-@@ -221,7 +221,7 @@ if [ "$myhost" = "find-version" ]; then
-     esac
+--- gnupg-2.5.1.orig/autogen.sh
++++ gnupg-2.5.1/autogen.sh
+@@ -244,7 +244,7 @@ if [ "$myhost" = "find-version" ]; then
+     fi
  
      beta=no
 -    if [ -e .git ]; then
 +    if false; then
        ingit=yes
        tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null)
-       tmp=$(echo "$tmp" | sed s/^"$package"//)
-@@ -237,8 +237,8 @@ if [ "$myhost" = "find-version" ]; then
+       if [ -n "$tmp" ]; then
+@@ -270,8 +270,8 @@ if [ "$myhost" = "find-version" ]; then
        rvd=$((0x$(echo ${rev} | dd bs=1 count=4 2>/dev/null)))
      else
        ingit=no
@@ -19,6 +19,6 @@ Index: gnupg-2.4.3/autogen.sh
 -      tmp="-unknown"
 +      beta=no
 +      tmp=""
+       cid="0000000"
        rev="0000000"
        rvd="0"
-     fi

gnupg-notdash-escape.patch

@@ -0,0 +1,135 @@
+commit 947ea3c411f0c14ba002612bb4ab500fba105570
+Author: Werner Koch <wk@gnupg.org>
+Date:   Mon Dec 29 18:37:08 2025 +0100
+
+    gpg: Deprecate the option --not-dash-escaped.
+    
+    * g10/options.h (COMPAT_ALLOW_NOT_DASH_ESCAPED): new.
+    * g10/gpg.c (compatibility_flags): Add "allow-not-dash-escaped".
+    (main): Print a deprecation warning.
+    * g10/armor.c (parse_header_line): Ignore the NotDashEscaped header.
+    
+    * tests/openpgp/clearsig.scm (vectors): Remove test case.
+    --
+    
+    GnuPG-bug-id: 7901
+
+Index: gnupg-2.5.5/doc/gpg.texi
+===================================================================
+--- gnupg-2.5.5.orig/doc/gpg.texi
++++ gnupg-2.5.5/doc/gpg.texi
+@@ -3551,16 +3551,6 @@ be tried.  @option{--no-throw-keyids} di
+ is essentially the same as using @option{--hidden-recipient} for all
+ recipients.
+ 
+-@item --not-dash-escaped
+-@opindex not-dash-escaped
+-This option changes the behavior of cleartext signatures
+-so that they can be used for patch files. You should not
+-send such an armored file via email because all spaces
+-and line endings are hashed too. You can not use this
+-option for data which has 5 dashes at the beginning of a
+-line, patch files don't have this. A special armor header
+-line tells GnuPG about this cleartext signature option.
+-
+ @item --escape-from-lines
+ @itemx --no-escape-from-lines
+ @opindex escape-from-lines
+@@ -4051,6 +4041,18 @@ This option is deprecated and has no mor
+ @item --aead-algo @var{name}
+ This option is deprecated and has no more effect since version 2.3.9.
+ 
++@item --not-dash-escaped
++@opindex not-dash-escaped
++This option is deprecated since version 2.5.15 and has actually been
++obsolete for many more years.  The verification code in gpg also
++ignores this special mode unless a compatibility flag has been used.
++This option was used to change the behavior of cleartext signatures so
++that they can be used for patch files. You should not send such an
++armored file via email because all spaces and line endings are hashed
++too. You can not use this option for data which has 5 dashes at the
++beginning of a line, patch files don't have this. A special armor
++header line tells GnuPG about this cleartext signature option.
++
+ 
+ @end table
+ 
+Index: gnupg-2.5.5/g10/armor.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/armor.c
++++ gnupg-2.5.5/g10/armor.c
+@@ -510,7 +510,9 @@ parse_header_line( armor_filter_context_
+       {
+ 	if( (hashes=parse_hash_header( line )) )
+ 	  afx->hashes |= hashes;
+-	else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
++	else if ((opt.compat_flags & COMPAT_ALLOW_NOT_DASH_ESCAPED)
++                 && strlen (line) > 15
++                 && !memcmp( line, "NotDashEscaped:", 15 ) )
+ 	  afx->not_dash_escaped = 1;
+ 	else
+ 	  {
+Index: gnupg-2.5.5/g10/gpg.c
+===================================================================
+--- gnupg-2.5.5.orig/g10/gpg.c
++++ gnupg-2.5.5/g10/gpg.c
+@@ -1056,6 +1056,7 @@ static struct compatibility_flags_s comp
+   {
+     { COMPAT_PARALLELIZED, "parallelized" },
+     { COMPAT_T7014_OLD,    "t7014-old" },
++    { COMPAT_ALLOW_NOT_DASH_ESCAPED, "allow-not-dash-escaped" },
+     { 0, NULL }
+   };
+ 
+@@ -3956,6 +3957,11 @@ main (int argc, char **argv)
+       log_info ("Note: Specified keyrings are ignored due to option \"%s\"\n",
+                 "use-keyboxd");
+ 
++    if (opt.not_dash_escaped)
++      log_info (_("WARNING: \"%s\" is a deprecated option\n"),
++                "--not-dash-escaped");
++
++
+     if (comopt.no_autostart)
+       opt.autostart = 0;
+ 
+Index: gnupg-2.5.5/g10/options.h
+===================================================================
+--- gnupg-2.5.5.orig/g10/options.h
++++ gnupg-2.5.5/g10/options.h
+@@ -397,7 +397,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_sta
+ /* Compatibility flags */
+ #define COMPAT_PARALLELIZED   1  /* Use threaded hashing for signatures.  */
+ #define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
+-
++#define COMPAT_ALLOW_NOT_DASH_ESCAPED 32 /* Handle NotDashEscaped header.  */
+ 
+ /* Compliance test macros.  */
+ #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
+Index: gnupg-2.5.5/tests/openpgp/clearsig.scm
+===================================================================
+--- gnupg-2.5.5.orig/tests/openpgp/clearsig.scm
++++ gnupg-2.5.5/tests/openpgp/clearsig.scm
+@@ -78,21 +78,7 @@ there is a blank line after this
+     ;; I think this file will be constructed wrong (gpg 0.9.3) but it
+     ;; should verify okay anyway.
+     ("this is a sig test
+- " #f ())
+-
+-    ;; check our special diff mode
+-    ("--- mainproc.c	Tue Jun 27 09:28:11 2000
+-+++ mainproc.c~ Thu Jun  8 22:50:25 2000
+-@@ -1190,16 +1190,13 @@
+-		md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
+-	    }
+-	    /* ask for file and hash it */
+--	    if( c->sigs_only ) {
+-+	    if( c->sigs_only )
+-		rc = hash_datafiles( c->mfx.md, NULL,
+-				     c->signed_data, c->sigfilename,
+-			n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 );
+-" #t (--not-dash-escaped))))
++ " #f ())))
+ 
+ (let ((counter (make-counter)))
+   (for-each-p'

gnupg-revert-rfc4880bis.patch

@@ -13,11 +13,11 @@ Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
 (read_parameter_file): Activate the v4 and v5 keywords.
 --
 
-Index: gnupg-2.4.1/g10/gpg.c
+Index: gnupg-2.5.4/g10/gpg.c
 ===================================================================
---- gnupg-2.4.1.orig/g10/gpg.c
-+++ gnupg-2.4.1/g10/gpg.c
-@@ -247,6 +247,7 @@ enum cmd_and_opt_values
+--- gnupg-2.5.4.orig/g10/gpg.c
++++ gnupg-2.5.4/g10/gpg.c
+@@ -254,6 +254,7 @@ enum cmd_and_opt_values
      oGnuPG,
      oRFC2440,
      oRFC4880,
@@ -25,7 +25,7 @@ Index: gnupg-2.4.1/g10/gpg.c
      oOpenPGP,
      oPGP7,
      oPGP8,
-@@ -636,6 +637,7 @@ static gpgrt_opt_t opts[] = {
+@@ -654,6 +655,7 @@ static gpgrt_opt_t opts[] = {
    ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
    ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
    ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
@@ -33,7 +33,7 @@ Index: gnupg-2.4.1/g10/gpg.c
    ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
    ARGPARSE_s_n (oPGP7, "pgp6", "@"),
    ARGPARSE_s_n (oPGP7, "pgp7", "@"),
-@@ -978,7 +980,6 @@ static gpgrt_opt_t opts[] = {
+@@ -1008,7 +1010,6 @@ static gpgrt_opt_t opts[] = {
    ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
    ARGPARSE_s_s (oNoop, "aead-algo", "@"),
    ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
@@ -41,7 +41,7 @@ Index: gnupg-2.4.1/g10/gpg.c
    ARGPARSE_s_n (oNoop, "override-compliance-check", "@"),
  
  
-@@ -2227,7 +2228,7 @@ static struct gnupg_compliance_option co
+@@ -2263,7 +2264,7 @@ static struct gnupg_compliance_option co
    {
      { "gnupg",      oGnuPG },
      { "openpgp",    oOpenPGP },
@@ -50,7 +50,7 @@ Index: gnupg-2.4.1/g10/gpg.c
      { "rfc4880",    oRFC4880 },
      { "rfc2440",    oRFC2440 },
      { "pgp6",       oPGP7 },
-@@ -2243,8 +2244,28 @@ static struct gnupg_compliance_option co
+@@ -2279,8 +2280,29 @@ static struct gnupg_compliance_option co
  static void
  set_compliance_option (enum cmd_and_opt_values option)
  {
@@ -76,26 +76,19 @@ Index: gnupg-2.4.1/g10/gpg.c
 +      opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
 +      opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
 +      break;
-     case oOpenPGP:
-     case oRFC4880:
-       /* This is effectively the same as RFC2440, but with
-@@ -2288,6 +2309,7 @@ set_compliance_option (enum cmd_and_opt_
-     case oPGP8:  opt.compliance = CO_PGP8;  break;
++
      case oGnuPG:
+       /* set up default options affected by policy compliance: */
        opt.compliance = CO_GNUPG;
+@@ -2299,6 +2321,7 @@ set_compliance_option (enum cmd_and_opt_
+       opt.s2k_digest_algo = 0;
+       opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO;
+       opt.flags.allow_old_cipher_algos = 0;
 +      opt.flags.rfc4880bis = 1;
        break;
  
-     case oDE_VS:
-@@ -2490,6 +2512,7 @@ main (int argc, char **argv)
-     opt.emit_version = 0;
-     opt.weak_digests = NULL;
-     opt.compliance = CO_GNUPG;
-+    opt.flags.rfc4880bis = 1;
- 
-     /* Check special options given on the command line.  */
-     orig_argc = argc;
-@@ -3032,6 +3055,7 @@ main (int argc, char **argv)
+     case oOpenPGP:
+@@ -3090,6 +3113,7 @@ main (int argc, char **argv)
            case oOpenPGP:
            case oRFC2440:
            case oRFC4880:
@@ -103,7 +96,7 @@ Index: gnupg-2.4.1/g10/gpg.c
            case oPGP7:
            case oPGP8:
            case oGnuPG:
-@@ -3868,6 +3892,11 @@ main (int argc, char **argv)
+@@ -4000,6 +4024,11 @@ main (int argc, char **argv)
      if( may_coredump && !opt.quiet )
  	log_info(_("WARNING: program may create a core file!\n"));
  
@@ -115,7 +108,7 @@ Index: gnupg-2.4.1/g10/gpg.c
      if (eyes_only) {
        if (opt.set_filename)
  	  log_info(_("WARNING: %s overrides %s\n"),
-@@ -4084,7 +4113,7 @@ main (int argc, char **argv)
+@@ -4222,7 +4251,7 @@ main (int argc, char **argv)
      /* Check our chosen algorithms against the list of legal
         algorithms. */
  
@@ -124,20 +117,20 @@ Index: gnupg-2.4.1/g10/gpg.c
        {
  	const char *badalg=NULL;
  	preftype_t badtype=PREFTYPE_NONE;
-Index: gnupg-2.4.1/g10/keygen.c
+Index: gnupg-2.5.4/g10/keygen.c
 ===================================================================
---- gnupg-2.4.1.orig/g10/keygen.c
-+++ gnupg-2.4.1/g10/keygen.c
-@@ -404,7 +404,7 @@ keygen_set_std_prefs (const char *string
+--- gnupg-2.5.4.orig/g10/keygen.c
++++ gnupg-2.5.4/g10/keygen.c
+@@ -489,7 +489,7 @@ keygen_set_std_prefs (const char *string
  	      strcat(dummy_string,"S7 ");
  	    strcat(dummy_string,"S2 "); /* 3DES */
  
 -            if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
-+            if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
++        if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
  	      strcat(dummy_string,"A2 ");
  
              if (personal)
-@@ -889,7 +889,7 @@ keygen_upd_std_prefs (PKT_signature *sig
+@@ -974,7 +974,7 @@ keygen_upd_std_prefs (PKT_signature *sig
    /* Make sure that the MDC feature flag is set if needed.  */
    add_feature_mdc (sig,mdc_available);
    add_feature_aead (sig, aead_available);
@@ -146,7 +139,7 @@ Index: gnupg-2.4.1/g10/keygen.c
    add_keyserver_modify (sig,ks_modify);
    keygen_add_keyserver_url(sig,NULL);
  
-@@ -3382,7 +3382,10 @@ parse_key_parameter_part (ctrl_t ctrl,
+@@ -4118,7 +4118,10 @@ parse_key_parameter_part (ctrl_t ctrl,
                  }
              }
            else if (!ascii_strcasecmp (s, "v5"))
@@ -158,7 +151,7 @@ Index: gnupg-2.4.1/g10/keygen.c
            else if (!ascii_strcasecmp (s, "v4"))
              keyversion = 4;
            else
-@@ -3641,7 +3644,7 @@ parse_key_parameter_part (ctrl_t ctrl,
+@@ -4379,7 +4382,7 @@ parse_key_parameter_part (ctrl_t ctrl,
   *   ecdsa := Use algorithm ECDSA.
   *   eddsa := Use algorithm EdDSA.
   *   ecdh  := Use algorithm ECDH.
@@ -167,7 +160,7 @@ Index: gnupg-2.4.1/g10/keygen.c
   *
   * There are several defaults and fallbacks depending on the
   * algorithm.  PART can be used to select which part of STRING is
-@@ -4513,9 +4516,9 @@ read_parameter_file (ctrl_t ctrl, const
+@@ -5353,9 +5356,9 @@ read_parameter_file (ctrl_t ctrl, const
  	    }
  	}
  
@@ -180,9 +173,9 @@ Index: gnupg-2.4.1/g10/keygen.c
          else
            {
              r = xmalloc_clear( sizeof *r + strlen( value ) );
-@@ -4610,11 +4613,14 @@ quickgen_set_para (struct para_data_s *p
-       para = r;
-     }
+@@ -5450,11 +5453,14 @@ quickgen_set_para (struct para_data_s *p
+   r->next = para;
+   para = r;
  
 -  r = xmalloc_clear (sizeof *r + 20);
 -  r->key = for_subkey? pSUBVERSION : pVERSION;

gpg2.changes

@@ -1,3 +1,204 @@
+-------------------------------------------------------------------
+Wed Jan 28 15:09:39 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix 
+  * [bsc#1257396, CVE-2026-24882]
+    - gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys 
+    - Added gnupg-CVE-2026-24882.patch
+  * [bsc#1257395, CVE-2026-24883]
+    - gpg2: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value
+    - Added gnupg-CVE-2026-24883.patch
+
+-------------------------------------------------------------------
+Wed Jan 28 13:52:19 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix [bsc#1256389] (gpg.fail/filename)
+  * Added gnupg-accepts-path-separators-literal-data.patch
+  * GnuPG Accepts Path Separators and Path Traversals in Literal Data
+
+-------------------------------------------------------------------
+Thu Jan  8 10:55:35 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
+  * gpg: Fix possible memory corruption in the armor parser [T7906]
+  * Add gnupg-CVE-2025-68973.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 10:42:12 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1256246] (gpg.fail/sha1)
+  * gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
+  * Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 10:37:15 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1256244] (gpg.fail/detached)
+  * gpg: Error out on unverified output for non-detached signatures [T7903]
+  * Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
+
+-------------------------------------------------------------------
+Thu Jan  8 07:38:45 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix: [bsc#1256390] (gpg.fail/notdash)
+  * gpg2: Cleartext Signature Forgery in the NotDashEscaped header
+    implementation in GnuPG
+  * Add patch gnupg-notdash-escape.patch
+
+-------------------------------------------------------------------
+Thu Jun 26 11:26:15 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1236931, bsc#1239119, CVE-2025-30258]
+  * gpg: Fix another regression due to the T7547 fix.
+  * The fix for CVE-2025-30258 was introduced in 2.5.5
+  * Add gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch
+
+-------------------------------------------------------------------
+Tue Jun 17 13:11:07 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Don't install expired sks certificate [bsc#1243069]
+  * Add patch gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
+
+-------------------------------------------------------------------
+Fri Mar  7 17:13:14 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 2.5.5: [bsc#1236931, bsc#1239119]
+  * gpg: Fix a verification DoS due to a malicious subkey in the
+    keyring.  [T7527]
+  * dirmngr: Fix possible hangs due to blocking connection requests.
+    [T6606, T7434]
+  Release-info: https://dev.gnupg.org/T7530
+
+-------------------------------------------------------------------
+Wed Feb 26 14:13:02 UTC 2025 - Adrian Schröter <adrian@suse.de>
+
+- Fixing gpg-agent integration by changing --supervised to
+  --deprecated-supervised in service files.
+
+-------------------------------------------------------------------
+Wed Feb 19 10:41:27 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.5.4:
+  * gpg: New option --disable-pqc-encryption. [rG00c31f8b04]
+  * gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506]
+  * gpg: Fix handling with no CRC armor. [T7071]
+  * gpg: New private Kyber keys are now cross-referenced using a new
+    Link attribute. [T6638]
+  * gpg: Fix an import problem with keys having another primary key as
+    a subkey. [T7527]
+  * gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043]
+  * gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4]
+  * agent: New option --change-std-env-name. [T7522]
+  * agent: Fix ssh-agent's request_identities for skipped Brainpool
+    keys. [rG2469dc5aae]
+  * Do not package zlib and bzip2 object files in a speedo release build. [T7442]
+  * Rebase patches:
+    - gnupg-add_legacy_FIPS_mode_option.patch
+    - gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch
+    - gnupg-revert-rfc4880bis.patch
+
+-------------------------------------------------------------------
+Tue Jan 14 14:09:10 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 2.5.3
+  * gpg: Allow for signature subpackets of up to 30000 octets.
+    [rG36dbca3e69]
+  * gpg: Silence expired trusted-key diagnostics in quiet mode.  [T7351]
+  * gpg: Allow smaller session keys with Kyber and enforce the use of
+    AES-256 if useful.  [T7472]
+  * gpg: Fix regression in key generation from existing card key.
+    [T7309,T7457]
+  * gpg: Print a warning if the card backup key could not be written.
+    [T2169]
+  * The --supervised options of gpg-agent and dirmngr have been
+    renamed to --deprecated-supervised as preparation for their removal.
+    [rGa019a0fcd8]
+  * There is no more default for a keyserver.
+
+-------------------------------------------------------------------
+Mon Jan  6 21:41:40 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- note updated 2.5.x build dependencies 
+
+-------------------------------------------------------------------
+Wed Dec 11 12:12:50 UTC 2024 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Update to 2.5.2:
+  * gpg: Add option 16 to --full-gen-key to create ECC+Kyber.  [T6638]
+  * gpg: For composite algos add the algo string to the colons
+    listings.  [T6638]
+  * gpg: Validate the trustdb after the import of a trusted key.
+    [T7200]
+  * gpg: Exclude expired trusted keys from the key validation process.
+    [T7200]
+  * gpg: Fix a wrong decryption failed status for signed and OCB
+    encrypted messages without a signature verification key.  [T7042]
+  * gpg: Retain binary representation for import->export with Ed25519
+    key signatures.  [T7426]
+  * gpg: Fix comparing ed448 to ed25519 with --assert-pubkey-algo.
+    [T7425]
+  * gpg: Avoid a failure exit code for expired ultimately trusted
+    keys.  [T7351]
+  * gpg: Emit status error for an invalid ADSK.  [T7322]
+  * gpg: Allow the use of an ADSK subkey as ADSK subkey.  [T6882]
+  * gpg: Fix --quick-set-expire for V5 subkey fingerprints.  [T7298]
+  * gpg: Robust error handling for SCD READKEY.  [T7309]
+  * gpg: Fix cv25519 v5 export regression.  [T7316]
+  * gpgsm: Nearly fourfold speedup of validated certificate listings.
+    [T7308]
+  * gpgsm: Improvement for some rare P12 files.  [rGf50dde6269]
+  * gpgsm: Terminate key listing on output write error.  [T6185]
+  * agent: Add option --status to the LISTRUSTED command.
+    [rG4275d5fa7a]
+  * agent: Fix detection of the yet unused trustflag de-vs.  [T5079]
+  * agent: Allow ssh to sign data larger than the Assuan line length.
+    [T7436]
+  * keyboxd: Fix a race condition on the database handle.  [T7294]
+  * dirmngr: A list of used URLs for loaded CRLs is printed first in
+    the output of the LISTCRL command.  [T7337]
+  * scd: More mitigations against lock ups with multiple cards or
+    apps.  [T7323, T7402]
+  * gpgtar: Use log-file from common.conf only in --batch mode.
+    [rGb389e04ef5]
+  * gpgtar: Fix directory creation during extraction.  [T7380]
+  * gpg-mail-tube: Minor fixes.
+  * gpgconf: Add list flag to trusted-key et al.  [T7313]
+  * Implement GNUPG_ASSUME_COMPLIANCE envvar and registry key for
+    testing de-vs compliance mode.  [rGb287fb5775,rG7b0be541a9]
+  * Fix a race condition in creating the socket directory.  [T7332]
+
+-------------------------------------------------------------------
+Thu Dec  5 18:47:10 UTC 2024 - Adrian Schröter <adrian@suse.de>
+
+- Disable ibmswtpm2 on LoongArch64
+
+-------------------------------------------------------------------
+Mon Oct 21 18:52:37 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 2.5.1:
+  * gpg: The support for composite Kyber+ECC public key algorithms
+    does now use the final FIPS-203 and LibrePGP specifications. The
+    experimental keys from 2.5.0 are no longer supported. [T6815]
+  * gpg: New commands --add-recipients and --change-recipients. [T1825]
+  * gpg: New option --proc-all-sigs. [T7261]
+  * gpg: Fix a regression in 2.5.0 in gpgme's tests. [T7195]
+  * gpg: Make --no-literal work again for -c and --store. [T5852]
+  * gpg: Improve detection of input data read errors. [T6528]
+  * gpg: Fix getting key by IPGP record (rfc-4398). [T7288]
+  * gpgsm: New option --assert-signer. [T7286]
+  * gpgsm: More improvements to PKCS#12 parsing to cope with latest
+    IVBB changes. [T7213]
+  * agent: Fix KEYTOCARD command when used with a loopback pinentry. [T7283]
+  * gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode.  New option
+    --as-attach. [rG4511997e9e1b]
+  * Now uses the process spawn API from libgpg-error. [T7192,T7194]
+  * Removed the --enable-gpg-is-gpg2 configure time option.
+    [rG2125f228d36c]
+  * Rebase patches:
+    - gnupg-add_legacy_FIPS_mode_option.patch
+    - gnupg-revert-rfc4880bis.patch
+    - gnupg-nobetasuffix.patch
+
 -------------------------------------------------------------------
 Mon Aug 12 04:30:42 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
 

gpg2.spec

@@ -1,8 +1,8 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
+# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 Andreas Stieger <Andreas.Stieger@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 
 Name:           gpg2
-Version:        2.4.5
+Version:        2.5.5
 Release:        0
 Summary:        File encryption, decryption, signature creation and verification utility
 License:        GPL-3.0-or-later
@@ -47,13 +47,30 @@ Patch11:        gnupg-allow-large-rsa.patch
 Patch12:        gnupg-revert-rfc4880bis.patch
 #PATCH-FIX-OPENSUSE Do not pull revision info from GIT when autoconf is run
 Patch13:        gnupg-nobetasuffix.patch
+#PATCH-FIX-UPSTREAM Don't install exipred sks certificate
+Patch14:        gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch
+#PATCH-FIX-UPSTREAM gpg: Fix another regression due to the T7547 fix.
+Patch15:        gnupg-gpg-Fix-another-regression-due-to-the-T7547-fix.patch
+#PATCH-FIX-UPSTREAM: bsc#1256390 Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash)
+Patch16:        gnupg-notdash-escape.patch
+#PATCH-FIX-UPSTREAM: bsc#1256244 gpg: Error out on unverified output for non-detached signatures (gpg.fail/detached)
+Patch17:        gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
+#PATCH-FIX-UPSTREAM: bsc#1256246 gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1)
+Patch18:        gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
+#PATCH-FIX-UPSTREAM: bsc#1255715 CVE-2025-68973: Memory Corruption in ASCII-Armor Parsing (gpg.fail/memcpy)
+Patch19:        gnupg-CVE-2025-68973.patch
+#PATCH-FIX-UPSTREAM: bsc#1256389 GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field 
+Patch20: 	    gnupg-accepts-path-separators-literal-data.patch
+#PATCH-FIX-UPSTREAM: bsc#1257395 CVE-2026-24883:  denial  of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value
+Patch21: 	    gnupg-CVE-2026-24883.patch
+#PATCH-FIX-UPSTREAM: bsc#1257396 CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys 
+Patch22:        gnupg-CVE-2026-24882.patch
+
 BuildRequires:  expect
 BuildRequires:  fdupes
-BuildRequires:  ibmswtpm2
-BuildRequires:  ibmtss-devel
-BuildRequires:  libassuan-devel >= 2.5.0
-BuildRequires:  libgcrypt-devel >= 1.9.1
-BuildRequires:  libgpg-error-devel >= 1.46
+BuildRequires:  libassuan-devel >= 3.0.0
+BuildRequires:  libgcrypt-devel >= 1.11.0
+BuildRequires:  libgpg-error-devel >= 1.51
 BuildRequires:  libksba-devel >= 1.6.3
 BuildRequires:  makeinfo
 BuildRequires:  npth-devel >= 1.2
@@ -71,6 +88,10 @@ Provides:       gnupg = %{version}
 Provides:       gpg = 1.4.9
 Provides:       newpg
 Obsoletes:      gpg < 1.4.9
+%ifnarch loongarch64
+BuildRequires:  ibmswtpm2
+BuildRequires:  ibmtss-devel
+%endif
 
 %description
 GnuPG is a hybrid-encryption software program; it uses a combination
@@ -118,8 +139,7 @@ date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99})
     --enable-large-secmem \
     --with-gnu-ld \
     --with-default-trust-store-file=%{_sysconfdir}/ssl/ca-bundle.pem \
-    --enable-build-timestamp=$date \
-    --enable-gpg-is-gpg2
+    --enable-build-timestamp=$date
 
 %make_build
 
@@ -136,10 +156,11 @@ rm -rf %{buildroot}%{_docdir}/gpg2/examples/gpgconf.conf
 rm %{buildroot}%{_infodir}/dir
 
 # compat symlinks
-ln -sf gpg2 %{buildroot}%{_bindir}/gpg
-ln -sf gpgv2 %{buildroot}%{_bindir}/gpgv
-ln -sf gpg2.1 %{buildroot}%{_mandir}/man1/gpg.1
-ln -sf gpgv2.1 %{buildroot}%{_mandir}/man1/gpgv.1
+ln -sf gpg %{buildroot}%{_bindir}/gpg2
+ln -sf gpgv %{buildroot}%{_bindir}/gpgv2
+ln -sf gpg.1 %{buildroot}%{_mandir}/man1/gpg2.1
+ln -sf gpgv.1 %{buildroot}%{_mandir}/man1/gpgv2.1
+ln -sf gnupg.7 %{buildroot}%{_mandir}/man7/gnupg2.7
 
 # install udev rules for scdaemon
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_udevrulesdir}/60-scdaemon.rules
@@ -165,7 +186,7 @@ cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/
 %license COPYING*
 %doc AUTHORS NEWS THANKS TODO ChangeLog
 %{_infodir}/gnupg*
-%{_mandir}/*/[agsw]*%{ext_man}
+%{_mandir}/*/[aghsw]*%{ext_man}
 %doc %{_docdir}/%{name}
 %{_bindir}/[gkw]*
 %{_libexecdir}/[gks]*
@@ -188,8 +209,10 @@ cp systemd-user/README.systemd %{buildroot}%{_docdir}/gpg2/
 %{_libexecdir}/dirmngr_ldap
 %{_userunitdir}/dirmngr.*
 
+%ifnarch loongarch64
 %files tpm
 %license COPYING*
 %{_libexecdir}/tpm2daemon*
+%endif
 
 %changelog