Pedro Monreal Gonzalez
fb0ed03b15
- Install the systemd user units in the _userunitdir [bsc#1201564] * Note that, there is no activation by default. - Temporarily revert back to the pre-2.4 default for key generation. The new rfc4880bis has been set as the default in 2.4 version and might create incompatible keys. Note that, rfc4880bis can still be used with the option flag --rfc4880bis as in previous versions. * More info in the gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2022-December/035183.html * Reverted commit https://dev.gnupg.org/rGcaf4b3fc16e9 * Add gnupg-revert-rfc4880bis.patch - Allow 8192 bit RSA keys in keygen UI when large_rsa is set * Add gnupg-allow-large-rsa.patch - Fix broken GPGME QT tests: Upstram dev task dev.gnupg.org/T6313 * The original patch has been modified to expand the changes also to the tests/gpgme/Makefile.in file. * Add gnupg-tests-Fix-tests-gpgme-for-in-source-tree-builds.patch - Updated to require libgpg-error-devel >= 1.46 - Rebased patches: * gnupg-allow-import-of-previously-known-keys-even-without-UIDs.patch * gnupg-add_legacy_FIPS_mode_option.patch - GnuPG 2.4.0: * common: Fix translations in --help for gpgrt < 1.47. * gpg: Do not continue the export after a cancel for the primary key. * gpg: Replace use of PRIu64 in log_debug. * Update NEWS for 2.4.0. * tests: Fix make check with GPGME. OBS-URL: https://build.opensuse.org/request/show/1112814 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=289
203 lines
6.7 KiB
Diff
203 lines
6.7 KiB
Diff
From 4583f4fe2e11b3dd070066628c3f16776cc74f72 Mon Sep 17 00:00:00 2001
|
|
From: Werner Koch <wk@gnupg.org>
|
|
Date: Mon, 31 Oct 2022 16:14:18 +0100
|
|
Subject: [PATCH GnuPG] gpg: Merge --rfc4880bis features into --gnupg
|
|
|
|
* g10/gpg.c (oRFC4880bis): Remove.
|
|
(opts): Make --rfc4880bis a Noop.
|
|
(compliance_options): Make rfc4880bis to gnupg.
|
|
(set_compliance_option): Remove rfc4880bis stuff.
|
|
(main): Ditto. Note that this now activates the --mimemode option.
|
|
* g10/keygen.c (keygen_set_std_prefs): Remove rfc4880bis protection.
|
|
(keygen_upd_std_prefs): Always announce support for v5 keys.
|
|
(read_parameter_file): Activate the v4 and v5 keywords.
|
|
--
|
|
|
|
Index: gnupg-2.4.0/g10/gpg.c
|
|
===================================================================
|
|
--- gnupg-2.4.0.orig/g10/gpg.c
|
|
+++ gnupg-2.4.0/g10/gpg.c
|
|
@@ -246,6 +246,7 @@ enum cmd_and_opt_values
|
|
oGnuPG,
|
|
oRFC2440,
|
|
oRFC4880,
|
|
+ oRFC4880bis,
|
|
oOpenPGP,
|
|
oPGP7,
|
|
oPGP8,
|
|
@@ -631,6 +632,7 @@ static gpgrt_opt_t opts[] = {
|
|
ARGPARSE_s_n (oGnuPG, "no-pgp8", "@"),
|
|
ARGPARSE_s_n (oRFC2440, "rfc2440", "@"),
|
|
ARGPARSE_s_n (oRFC4880, "rfc4880", "@"),
|
|
+ ARGPARSE_s_n (oRFC4880bis, "rfc4880bis", "@"),
|
|
ARGPARSE_s_n (oOpenPGP, "openpgp", N_("use strict OpenPGP behavior")),
|
|
ARGPARSE_s_n (oPGP7, "pgp6", "@"),
|
|
ARGPARSE_s_n (oPGP7, "pgp7", "@"),
|
|
@@ -973,7 +975,6 @@ static gpgrt_opt_t opts[] = {
|
|
ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
|
|
ARGPARSE_s_s (oNoop, "aead-algo", "@"),
|
|
ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"),
|
|
- ARGPARSE_s_n (oNoop, "rfc4880bis", "@"),
|
|
|
|
|
|
ARGPARSE_group (302, N_(
|
|
@@ -2207,7 +2208,7 @@ static struct gnupg_compliance_option co
|
|
{
|
|
{ "gnupg", oGnuPG },
|
|
{ "openpgp", oOpenPGP },
|
|
- { "rfc4880bis", oGnuPG },
|
|
+ { "rfc4880bis", oRFC4880bis },
|
|
{ "rfc4880", oRFC4880 },
|
|
{ "rfc2440", oRFC2440 },
|
|
{ "pgp6", oPGP7 },
|
|
@@ -2223,8 +2224,28 @@ static struct gnupg_compliance_option co
|
|
static void
|
|
set_compliance_option (enum cmd_and_opt_values option)
|
|
{
|
|
+ opt.flags.rfc4880bis = 0; /* Clear because it is initially set. */
|
|
+
|
|
switch (option)
|
|
{
|
|
+ case oRFC4880bis:
|
|
+ opt.flags.rfc4880bis = 1;
|
|
+ opt.compliance = CO_RFC4880;
|
|
+ opt.flags.dsa2 = 1;
|
|
+ opt.flags.require_cross_cert = 1;
|
|
+ opt.rfc2440_text = 0;
|
|
+ opt.allow_non_selfsigned_uid = 1;
|
|
+ opt.allow_freeform_uid = 1;
|
|
+ opt.escape_from = 1;
|
|
+ opt.not_dash_escaped = 0;
|
|
+ opt.def_cipher_algo = 0;
|
|
+ opt.def_digest_algo = 0;
|
|
+ opt.cert_digest_algo = 0;
|
|
+ opt.compress_algo = -1;
|
|
+ opt.s2k_mode = 3; /* iterated+salted */
|
|
+ opt.s2k_digest_algo = DIGEST_ALGO_SHA256;
|
|
+ opt.s2k_cipher_algo = CIPHER_ALGO_AES256;
|
|
+ break;
|
|
case oOpenPGP:
|
|
case oRFC4880:
|
|
/* This is effectively the same as RFC2440, but with
|
|
@@ -2268,6 +2289,7 @@ set_compliance_option (enum cmd_and_opt_
|
|
case oPGP8: opt.compliance = CO_PGP8; break;
|
|
case oGnuPG:
|
|
opt.compliance = CO_GNUPG;
|
|
+ opt.flags.rfc4880bis = 1;
|
|
break;
|
|
|
|
case oDE_VS:
|
|
@@ -2470,6 +2492,7 @@ main (int argc, char **argv)
|
|
opt.emit_version = 0;
|
|
opt.weak_digests = NULL;
|
|
opt.compliance = CO_GNUPG;
|
|
+ opt.flags.rfc4880bis = 1;
|
|
|
|
/* Check special options given on the command line. */
|
|
orig_argc = argc;
|
|
@@ -3008,6 +3031,7 @@ main (int argc, char **argv)
|
|
case oOpenPGP:
|
|
case oRFC2440:
|
|
case oRFC4880:
|
|
+ case oRFC4880bis:
|
|
case oPGP7:
|
|
case oPGP8:
|
|
case oGnuPG:
|
|
@@ -3832,6 +3856,11 @@ main (int argc, char **argv)
|
|
if( may_coredump && !opt.quiet )
|
|
log_info(_("WARNING: program may create a core file!\n"));
|
|
|
|
+ if (!opt.flags.rfc4880bis)
|
|
+ {
|
|
+ opt.mimemode = 0; /* This will use text mode instead. */
|
|
+ }
|
|
+
|
|
if (eyes_only) {
|
|
if (opt.set_filename)
|
|
log_info(_("WARNING: %s overrides %s\n"),
|
|
@@ -4057,7 +4086,7 @@ main (int argc, char **argv)
|
|
/* Check our chosen algorithms against the list of legal
|
|
algorithms. */
|
|
|
|
- if(!GNUPG)
|
|
+ if(!GNUPG && !opt.flags.rfc4880bis)
|
|
{
|
|
const char *badalg=NULL;
|
|
preftype_t badtype=PREFTYPE_NONE;
|
|
Index: gnupg-2.4.0/g10/keygen.c
|
|
===================================================================
|
|
--- gnupg-2.4.0.orig/g10/keygen.c
|
|
+++ gnupg-2.4.0/g10/keygen.c
|
|
@@ -407,7 +407,7 @@ keygen_set_std_prefs (const char *string
|
|
strcat(dummy_string,"S7 ");
|
|
strcat(dummy_string,"S2 "); /* 3DES */
|
|
|
|
- if (!openpgp_aead_test_algo (AEAD_ALGO_OCB))
|
|
+ if (opt.flags.rfc4880bis && !openpgp_aead_test_algo (AEAD_ALGO_OCB))
|
|
strcat(dummy_string,"A2 ");
|
|
|
|
if (personal)
|
|
@@ -892,7 +892,7 @@ keygen_upd_std_prefs (PKT_signature *sig
|
|
/* Make sure that the MDC feature flag is set if needed. */
|
|
add_feature_mdc (sig,mdc_available);
|
|
add_feature_aead (sig, aead_available);
|
|
- add_feature_v5 (sig, 1);
|
|
+ add_feature_v5 (sig, opt.flags.rfc4880bis);
|
|
add_keyserver_modify (sig,ks_modify);
|
|
keygen_add_keyserver_url(sig,NULL);
|
|
|
|
@@ -3387,7 +3387,10 @@ parse_key_parameter_part (ctrl_t ctrl,
|
|
}
|
|
}
|
|
else if (!ascii_strcasecmp (s, "v5"))
|
|
- keyversion = 5;
|
|
+ {
|
|
+ if (opt.flags.rfc4880bis)
|
|
+ keyversion = 5;
|
|
+ }
|
|
else if (!ascii_strcasecmp (s, "v4"))
|
|
keyversion = 4;
|
|
else
|
|
@@ -3646,7 +3649,7 @@ parse_key_parameter_part (ctrl_t ctrl,
|
|
* ecdsa := Use algorithm ECDSA.
|
|
* eddsa := Use algorithm EdDSA.
|
|
* ecdh := Use algorithm ECDH.
|
|
- * v5 := Create version 5 key
|
|
+ * v5 := Create version 5 key (requires option --rfc4880bis)
|
|
*
|
|
* There are several defaults and fallbacks depending on the
|
|
* algorithm. PART can be used to select which part of STRING is
|
|
@@ -4428,9 +4431,9 @@ read_parameter_file (ctrl_t ctrl, const
|
|
}
|
|
}
|
|
|
|
- if ((keywords[i].key == pVERSION
|
|
- || keywords[i].key == pSUBVERSION))
|
|
- ; /* Ignore version. */
|
|
+ if (!opt.flags.rfc4880bis && (keywords[i].key == pVERSION
|
|
+ || keywords[i].key == pSUBVERSION))
|
|
+ ; /* Ignore version unless --rfc4880bis is active. */
|
|
else
|
|
{
|
|
r = xmalloc_clear( sizeof *r + strlen( value ) );
|
|
@@ -4525,11 +4528,14 @@ quickgen_set_para (struct para_data_s *p
|
|
para = r;
|
|
}
|
|
|
|
- r = xmalloc_clear (sizeof *r + 20);
|
|
- r->key = for_subkey? pSUBVERSION : pVERSION;
|
|
- snprintf (r->u.value, 20, "%d", version);
|
|
- r->next = para;
|
|
- para = r;
|
|
+ if (opt.flags.rfc4880bis)
|
|
+ {
|
|
+ r = xmalloc_clear (sizeof *r + 20);
|
|
+ r->key = for_subkey? pSUBVERSION : pVERSION;
|
|
+ snprintf (r->u.value, 20, "%d", version);
|
|
+ r->next = para;
|
|
+ para = r;
|
|
+ }
|
|
|
|
if (keytime)
|
|
{
|