head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.52 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.50 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.48 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.46 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.44 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.42 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.40 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.38 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.36 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.34 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.32 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.30 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.28 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.26 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.24 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.22 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.20 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.18 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.16 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.14 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.12 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.10 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.8 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.6 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.4 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.2 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2003.12.25.14.05.02; author wiz; state dead; branches; next 1.1; 1.1 date 2003.11.27.23.46.36; author heinz; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.11.27.23.46.36; author agc; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.12.08.11.36.12; author agc; state Exp; branches; next ; desc @@ 1.2 log @Update to 1.2.4: * Added read-only support for BZIP2 compression. This should be considered experimental, and is only available if the libbzip2 library is installed. * Added the ability to handle messages that can be decrypted with either a passphrase or a secret key. * Most support for Elgamal sign+encrypt keys has been removed. Old signatures may still be verified, and existing encrypted messages may still be decrypted, but no new signatures may be issued by, and no new messages will be encrypted to, these keys. Elgamal sign+encrypt keys are not part of the web of trust. The only new message that can be generated by an Elgamal sign+encrypt key is a key revocation. Note that in a future version of GnuPG (currently planned for 1.4), all support for Elgamal sign+encrypt keys will be removed, so take this opportunity to revoke old keys now. * A Russian translation is included again as well as a new Belarusian translation. @ text @$NetBSD: patch-aj,v 1.1 2003/11/27 23:46:36 heinz Exp $ --- g10/getkey.c.orig Mon Jul 28 20:34:41 2003 +++ g10/getkey.c @@@@ -1049,7 +1049,11 @@@@ get_seckey_byname2( GETKEY_CTX *retctx, ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST; rc = lookup( &ctx, &kb, 1 ); if (!rc && sk ) - sk_from_block ( &ctx, sk, kb ); + { + sk_from_block ( &ctx, sk, kb ); + if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + rc=G10ERR_UNU_SECKEY; + } release_kbnode ( kb ); get_seckey_end( &ctx ); } @@@@ -1655,6 +1659,11 @@@@ merge_selfsigs_main( KBNODE keyblock, in if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } + + /* Type 20 Elgamal keys are not usable. */ + if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + key_usage=0; + pk->pubkey_usage = key_usage; if ( !key_expire_seen ) { @@@@ -1869,6 +1878,13 @@@@ merge_selfsigs_subkey( KBNODE keyblock, if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } + + /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are + not usable. */ + if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL + || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + key_usage=0; + subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); @ 1.1 log @Add improved patch for compromised ElGamal signing keys from gnupg-devel at gnupg org. The old patch didn't completely disable usage of the compromised keys. Move the old and new fix to the patches/ directory. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-aj was added on branch pkgsrc-2003Q4 on 2003-11-27 23:46:36 +0000 @ text @d1 43 @ 1.1.2.2 log @Pull up security fixes to the pkgsrc-2003Q4 branch, requested by Alistair Crooks. --------------------- PatchSet 73 Date: 2003/11/27 09:50:12 Author: tron Log: Apply security patch which disables ElGamal signature keys because they are vulnerable. Bump package revision to reflect this change. Members: Makefile:1.53->1.54 distinfo:1.21->1.22 --------------------- PatchSet 74 Date: 2003/11/27 23:46:36 Author: heinz Log: Add improved patch for compromised ElGamal signing keys from gnupg-devel at gnupg org. The old patch didn't completely disable usage of the compromised keys. Move the old and new fix to the patches/ directory. Members: Makefile:1.54->1.55 distinfo:1.22->1.23 patches/patch-ai:INITIAL->1.1 patches/patch-aj:INITIAL->1.1 @ text @a0 43 $NetBSD: patch-aj,v 1.1.2.1 2003/12/08 11:36:12 agc Exp $ --- g10/getkey.c.orig Mon Jul 28 20:34:41 2003 +++ g10/getkey.c @@@@ -1049,7 +1049,11 @@@@ get_seckey_byname2( GETKEY_CTX *retctx, ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST; rc = lookup( &ctx, &kb, 1 ); if (!rc && sk ) - sk_from_block ( &ctx, sk, kb ); + { + sk_from_block ( &ctx, sk, kb ); + if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + rc=G10ERR_UNU_SECKEY; + } release_kbnode ( kb ); get_seckey_end( &ctx ); } @@@@ -1655,6 +1659,11 @@@@ merge_selfsigs_main( KBNODE keyblock, in if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } + + /* Type 20 Elgamal keys are not usable. */ + if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + key_usage=0; + pk->pubkey_usage = key_usage; if ( !key_expire_seen ) { @@@@ -1869,6 +1878,13 @@@@ merge_selfsigs_subkey( KBNODE keyblock, if ( x ) /* mask it down to the actual allowed usage */ key_usage &= x; } + + /* Type 20 Elgamal subkeys or any subkey on a type 20 primary are + not usable. */ + if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL + || subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL) + key_usage=0; + subpk->pubkey_usage = key_usage; p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); @