signing-party (2.10-1) unstable; urgency=high
* gpg-key2ps: Security fix for CVE-2018-15599: unsafe shell call enabling
shell injection via a User ID. Use Perl's (core) module Encode.pm instead
of shelling out to `iconv`. (Closes: #928256.)
signing-party (2.8-1) unstable; urgency=low
[ Guilhem Moulin ]
* caff:
+ Add the "only-sign-text-ids" to the list of gpg(1) options imported from
~/.gnupg/gpg.conf.
+ Ensure the terminal is "sane enough" when asking questions ('echo',
'echok', 'icanon', 'icrnl' settings are all set), and restore original
settings when exit()'ing the program. (Closes: #872529)
* caff, gpglist, gpgsigs: in `gpg --with-colons` output, allow signature
class to be followed with an optional revocation reason. gpg(1) does that
since 2.2.9. (Closes: #905097.)
* caff, gpg-key2latex, gpg-key2ps, gpglist, gpgsigs, keylookup: Remove
references to https://pgp-tools.alioth.debian.org/ .
* caff, gpg-key2latex, gpg-key2ps, gpg-mailkeys, gpglist, gpgparticipants,
gpgsigs, keylookup: Remove SVN keywords ($Id$, $Rev$, etc.)
-- Guilhem Moulin <guilhem@debian.org> Mon, 28 Jan 2019 03:05:33 +0100
signing-party (2.4-1) unstable; urgency=medium
* caff, gpg-key2latex, gpgsigs: Ignore "KEY_CONSIDERED" status output
emitted by gpg 2.1.13 and later.
* caff, gpgsigs: Allow input produced by gpgparticipants(1) using gpg
2.1.13. With this version, key IDs are not displayed by default and the
"Key fingerprint = " prefix is omitted.
* caff:
+ Fix GnuPG version number comparison.
+ With GnuPG 2.1.13 or later, use gpgconf(1) to determine the socket
paths. (It is not used on earlier gpg since earlier gpgconf do not
support --homedir.) This fixes compatibility with GnuPG 2.1.13.
(Closes: #834984)
+ When ~/.caff/gnupghome/gpg.conf does not exist, instead of creating a
temporary file (as it's done since signing-party 2.3), parse
~/.gnup/gpg.conf and pass the GnuPG options that are known to be safe
(and useful) for caff to gpg(1) using command line options. This soves
the problem of lingering configuration files in case caff is killed.
+ Use full fingerprints internally to avoid collisions. (However
$CONFIG{'keyid'} and $CONFIG{'local-users'} are kept to 64-bits key IDs
as per RFC 4880 full fingerprints are not available in key signatures,
and thus not exposed by `gpg --with-colons --list-sigs`.)
+ Automatically import the $CONFIG{'also-encrypt-to'} from the normal
GnuPGHOME when possible.
* d/source.lintian-overrides: Add 'debian-watch-file-is-missing' as we're
upstream.
* d/control: Remove Franck Joncourt from the Uploaders list per request of
the MIA team. (Closes: #831321)
-- Guilhem Moulin <guilhem@guilhem.org> Mon, 22 Aug 2016 00:19:48 +0200
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
signing-party (1.1.4-1) unstable; urgency=low
.
[ Thijs Kinkhorst ]
* caff:
+ Correct path of ~/.caffrc in informational messages (Closes: #582603).
+ Be more verbose on unexpected key ID (Closes: #645792).
* gpg-key2ps:
+ Apply patch from Uwe Kleine-König to deal with latin1 characters
(Closes: #596377).
.
[ Franck Joncourt ]
* gpg-mailkeys:
+ Correct path of ~/.gpg-mailkeysrc and ~/.signature in manpage.
+ Add new environment variable SENDMAIL_ARGS to allow user to pass
arguments to sendmail (closes: #599409).
* caff:
+ Refactor import of own key and import for keys to sign from keyrings.
+ Also automatically import keys to sign from the user's normal gpg
keyrings.
+ Use --no-auto-check-trustdb when importing keys from files or
the user's normal gpg keyrings (closes: #539643).
.
[ Peter Palfrader ]
* caff:
+ manpage: Refer to all of /usr/share/doc/signing-party/caff/ and not
just to /usr/share/doc/signing-party/caff/caffrc.sample
(closes: #568052).
+ Fix horrible &function calls used because of broken prototypes.
+ Even if all keys to sign were found in the user's normal gpg
keyrings we still need to import them (again) from any keyrings
passed with --key-files - the keys there might be newer, containing
new subkeys (for encryption), uids (for signing) or revocations.
+ Make importing of keys to be signed from the normal gpg optional
(--keys-from-gnupg).
+ refactor copying of command line options into global config variable.
+ Create the mail files in ~/.caff/keys even if mail is not sent
(closes: #590666).
* keylookup:
+ Fixed typo noticed by lintian in manpage keylookup.1.
* caff:
+ Set the Sender header with the email address which is used for the From
header. This overrides the default value which was set by the
MIME::Entity Perl module based on the local hostname. (Closes: #556782)
* gpgsigs:
+ Added patch from Roland Rosenfeld to support RIPEMD160 checksum.
(Closes: #533747).
+ Updated man page to mention support for SHA256 and RIPEMD160 checksum.
+ Made removal of nonexistent photos quiet by the use of the force option.
+ Updated generated tex file in latex mode so that it uses the grffile
package. This allows pdflatex to process our tex file assuming the photos
are previously converted to PDF. (Closes: #542478)
* caff: Updated check for the local-user keyids.
+ Moved the current check to a new function get_local_user_keys().
+ Warned the user if a local-user keyid is not listed as a keyid in
./caffrc. (Closes: #540165).
* gpgdir: New upstream release.
* gpg-mailkeys:
+ The charset for the text of the message is deduced from the charset used
by ~/.gpg-mailkeysrc and ~/.signature.
The text message is encoded in quoted printable and thus it requires a
new dependency on qprint in debian/control. (Closes: #545186)
+ Mentionned both the .gpg-mailkeysrc and .signature files in the manpage.
Ignore temporary build files
make make install install stuff.
Bump NEWS.Debian.
Proposed solution for #462897: unconditionally sync keys between
normal gnupg home and caff gnupg home on startup, to cope with
changed keys.