diff options
| author | arjan5 | 2019-07-19 09:08:42 +0200 |
|---|---|---|
| committer | arjan5 | 2019-07-19 09:08:42 +0200 |
| commit | 893732bc340fb6f80b954984858d46ba4c99a2d2 (patch) | |
| tree | d4c7650add3d82b674ca2c83b9786008b1c06e31 | |
| parent | 3b2068912488c01ee91d1863473fd4cab9bb6eed (diff) | |
| download | aur-893732bc340fb6f80b954984858d46ba4c99a2d2.tar.gz | |
Update gnupg to 2.2.17-2
| -rw-r--r-- | .SRCINFO | 16 | ||||
| -rw-r--r-- | PKGBUILD | 13 | ||||
| -rw-r--r-- | self-sigs-only.patch | 56 |
3 files changed, 73 insertions, 12 deletions
@@ -1,7 +1,7 @@ pkgbase = gnupg-large-secmem pkgdesc = Complete and free implementation of the OpenPGP standard - with extra large secure memory for many parallel decryption actions - pkgver = 2.2.16 - pkgrel = 1 + pkgver = 2.2.17 + pkgrel = 2 url = https://www.gnupg.org/ install = install arch = x86_64 @@ -24,24 +24,26 @@ pkgbase = gnupg-large-secmem optdepends = libusb-compat: scdaemon optdepends = pcsclite: scdaemon provides = dirmngr - provides = gnupg2=2.2.16 - provides = gnupg=2.2.16 + provides = gnupg2=2.2.17 + provides = gnupg=2.2.17 conflicts = dirmngr conflicts = gnupg2 conflicts = gnupg replaces = dirmngr replaces = gnupg2 replaces = gnupg - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.16.tar.bz2 - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.16.tar.bz2.sig + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig source = gnupg_large_secmem.patch + source = self-sigs-only.patch validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959 validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 validpgpkeys = 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 - sha256sums = 6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb + sha256sums = afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514 sha256sums = SKIP sha256sums = 63108d8fcbcfddf7ba6eee699ade0f79f98558c8ba1f07d86c7a55dce603355d + sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218 pkgname = gnupg-large-secmem @@ -6,8 +6,8 @@ pkgname=gnupg-large-secmem _pkgname=gnupg -pkgver=2.2.16 -pkgrel=1 +pkgver=2.2.17 +pkgrel=2 pkgdesc='Complete and free implementation of the OpenPGP standard - with extra large secure memory for many parallel decryption actions' url='https://www.gnupg.org/' license=('GPL') @@ -24,10 +24,12 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' '031EC2536E580D8EA286A9F22071B08A33BD3F06' '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28') source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} - "gnupg_large_secmem.patch") -sha256sums=('6cbe8d454bf5dc204621eed3016d721b66298fa95363395bb8eeceb1d2fd14cb' + "gnupg_large_secmem.patch" + 'self-sigs-only.patch') +sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514' 'SKIP' - '63108d8fcbcfddf7ba6eee699ade0f79f98558c8ba1f07d86c7a55dce603355d') + '63108d8fcbcfddf7ba6eee699ade0f79f98558c8ba1f07d86c7a55dce603355d' + '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218') install=install @@ -38,6 +40,7 @@ replaces=('dirmngr' 'gnupg2' 'gnupg') prepare() { cd "${srcdir}/${_pkgname}-${pkgver}" sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in + patch -R -p1 -i ../self-sigs-only.patch # See: https://lists.gnupg.org/pipermail/gnupg-devel/2017-June/032905.html patch -p1 -i ../gnupg_large_secmem.patch diff --git a/self-sigs-only.patch b/self-sigs-only.patch new file mode 100644 index 000000000000..3d7406301474 --- /dev/null +++ b/self-sigs-only.patch @@ -0,0 +1,56 @@ +From: Werner Koch <wk@gnupg.org> +Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) +Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 + +gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + +* g10/gpg.c (main): Change default. +-- + +Due to the DoS attack on the keyeservers we do not anymore default to +import key signatures. That makes the keyserver unsuable for getting +keys for the WoT but it still allows to retriev keys - even if that +takes long to download the large keyblocks. + +To revert to the old behavior add + + keyserver-optiions no-self-sigs-only,no-import-clean + +to gpg.conf. + +GnuPG-bug-id: 4607 +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 8feab8218..9513a4e0f 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: + + @end table + ++The default list of options is: "self-sigs-only, import-clean, ++repair-keys, repair-pks-subkey-bug, export-attributes, ++honor-pka-record". ++ ++ + @item --completes-needed @var{n} + @opindex compliant-needed + Number of completely trusted users to introduce a new +diff --git a/g10/gpg.c b/g10/gpg.c +index 66e47dde5..0bbe72394 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2424,7 +2424,9 @@ main (int argc, char **argv) + opt.import_options = IMPORT_REPAIR_KEYS; + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +- | IMPORT_REPAIR_PKS_SUBKEY_BUG); ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++ | IMPORT_SELF_SIGS_ONLY ++ | IMPORT_CLEAN); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY |