diff options
| author | Arti Zirk | 2019-11-29 13:05:54 +0200 |
|---|---|---|
| committer | Arti Zirk | 2019-11-29 13:05:54 +0200 |
| commit | 1f3a44930eded4148e6bfe373266029646b47e37 (patch) | |
| tree | 58cad7ed4b3a928b6637f253c9f1e0ea2d0ab136 | |
| parent | 7a2e77ba2833932797aefd621fbc5261412a2cbb (diff) | |
| download | aur-1f3a44930eded4148e6bfe373266029646b47e37.tar.gz | |
bump version
| -rw-r--r-- | .SRCINFO | 14 | ||||
| -rw-r--r-- | PKGBUILD | 7 | ||||
| -rw-r--r-- | self-sigs-only.patch | 56 |
3 files changed, 69 insertions, 8 deletions
@@ -1,6 +1,6 @@ pkgbase = gnupg-scdaemon-shared-access pkgdesc = This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access - pkgver = 2.2.17 + pkgver = 2.2.18 pkgrel = 1 url = https://www.gnupg.org/ install = install @@ -25,20 +25,22 @@ pkgbase = gnupg-scdaemon-shared-access optdepends = pcsclite: scdaemon provides = gnupg provides = dirmngr - provides = gnupg=2.2.17 - provides = gnupg2=2.2.17 + provides = gnupg=2.2.18 + provides = gnupg2=2.2.18 conflicts = gnupg conflicts = dirmngr conflicts = gnupg2 - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2 - source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.17.tar.bz2.sig + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.18.tar.bz2 + source = https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.18.tar.bz2.sig + source = self-sigs-only.patch source = scdaemon_shared-access.patch validpgpkeys = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 validpgpkeys = 46CC730865BB5C78EBABADCF04376F3EE0856959 validpgpkeys = 031EC2536E580D8EA286A9F22071B08A33BD3F06 validpgpkeys = D238EA65D64C67ED4C3073F28A861B1C7EFD60D9 - sha256sums = afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514 + sha256sums = 30d37ce2ca55b2b9b61480b2a175a3b22066ab41cd3f84688448919b566dec0a sha256sums = SKIP + sha256sums = 0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218 sha256sums = aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc pkgname = gnupg-scdaemon-shared-access @@ -6,7 +6,7 @@ _pkgname=gnupg pkgname=gnupg-scdaemon-shared-access -pkgver=2.2.17 +pkgver=2.2.18 pkgrel=1 pkgdesc='This package adds shared-access option that uses PCSC_SHARE_SHARED for pcsc_connect in scdaemon when using pcsc backend for smartcard access' url='https://www.gnupg.org/' @@ -24,9 +24,11 @@ validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' '031EC2536E580D8EA286A9F22071B08A33BD3F06' 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9') source=("https://gnupg.org/ftp/gcrypt/${_pkgname}/${_pkgname}-${pkgver}.tar.bz2"{,.sig} + "self-sigs-only.patch" "scdaemon_shared-access.patch") -sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514' +sha256sums=('30d37ce2ca55b2b9b61480b2a175a3b22066ab41cd3f84688448919b566dec0a' 'SKIP' + '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218' 'aa46b372830dd8ed355a86a1677c50c6be8178f847c09b7291f47a1dc3ea02dc') install=install @@ -37,6 +39,7 @@ provides=('gnupg' 'dirmngr' "gnupg=${pkgver}" "gnupg2=${pkgver}") prepare() { cd "${srcdir}/${_pkgname}-${pkgver}" sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in + patch -R -p1 -i ../self-sigs-only.patch patch -p1 -t -N < "${srcdir}/scdaemon_shared-access.patch" } diff --git a/self-sigs-only.patch b/self-sigs-only.patch new file mode 100644 index 000000000000..3d7406301474 --- /dev/null +++ b/self-sigs-only.patch @@ -0,0 +1,56 @@ +From: Werner Koch <wk@gnupg.org> +Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200) +Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93 + +gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. + +* g10/gpg.c (main): Change default. +-- + +Due to the DoS attack on the keyeservers we do not anymore default to +import key signatures. That makes the keyserver unsuable for getting +keys for the WoT but it still allows to retriev keys - even if that +takes long to download the large keyblocks. + +To revert to the old behavior add + + keyserver-optiions no-self-sigs-only,no-import-clean + +to gpg.conf. + +GnuPG-bug-id: 4607 +Signed-off-by: Werner Koch <wk@gnupg.org> +--- + +diff --git a/doc/gpg.texi b/doc/gpg.texi +index 8feab8218..9513a4e0f 100644 +--- a/doc/gpg.texi ++++ b/doc/gpg.texi +@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are: + + @end table + ++The default list of options is: "self-sigs-only, import-clean, ++repair-keys, repair-pks-subkey-bug, export-attributes, ++honor-pka-record". ++ ++ + @item --completes-needed @var{n} + @opindex compliant-needed + Number of completely trusted users to introduce a new +diff --git a/g10/gpg.c b/g10/gpg.c +index 66e47dde5..0bbe72394 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2424,7 +2424,9 @@ main (int argc, char **argv) + opt.import_options = IMPORT_REPAIR_KEYS; + opt.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS +- | IMPORT_REPAIR_PKS_SUBKEY_BUG); ++ | IMPORT_REPAIR_PKS_SUBKEY_BUG ++ | IMPORT_SELF_SIGS_ONLY ++ | IMPORT_CLEAN); + opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; + opt.verify_options = (LIST_SHOW_UID_VALIDITY |