[Gpg4win-commits] [git] Gpg4win - branch, master, updated. gpg4win-2.2.5-6-gf3dc07a
by Andre Heinecke
cvs at cvs.gnupg.org
Wed Aug 19 10:21:38 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG for Windows".
The branch, master has been updated
via f3dc07a92f7fdd82519a712ef02439dad30e4c92 (commit)
via 0c5b94d495d5fd0174b779b519ceefdf3fcdb915 (commit)
from f941252cb4753f682d658876e88a2b41875adb6c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f3dc07a92f7fdd82519a712ef02439dad30e4c92
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Aug 19 10:20:37 2015 +0200
Update NEWS
* NEWS: Note changes.
diff --git a/NEWS b/NEWS
index bdd9899..d07d81a 100644
--- a/NEWS
+++ b/NEWS
@@ -5,13 +5,29 @@
Noteworthy changes in version 2.2.6 (unreleased)
------------------------------------------------
+(en) Claws Mail has been removed from the package. Users of
+ Claws Mail should switch to the version maintained by
+ the Claws Mail initiative available on:
+ http://www.claws-mail.org/win32/
+
+(de) Claws Mail wurde aus dem Installationspaket entfernt.
+ Nutzer von Claws Mail sollten auf die von der Claws Mail
+ Initiative gepflegte Version wechseln. Diese ist unter:
+ http://www.claws-mail.org/win32/
+ verfügbar.
+
+(en) X509 Certificate requests can now again generated with
+ default options.
+
+(de) X509 Zertifikatsrequests können nun wieder mit den
+ Standartoptionen generiert werden.
+
~~~~~~~~~~~~~~~
GnuPG: 2.0.28
Kleopatra: 2.2.0-gita3c9200
GPA: 0.9.7
GpgOL: 1.2.1
GpgEX: 1.0.2
-Claws-Mail: 3.9.1
Kompendium DE: 3.0.0
Kompendium EN: 3.0.0
~~~~~~~~~~~~~~~
commit 0c5b94d495d5fd0174b779b519ceefdf3fcdb915
Author: Andre Heinecke <aheinecke at intevation.de>
Date: Wed Aug 19 10:07:32 2015 +0200
Add 6a356b402 to gnupg patches.
This fixes gpgsm gen-cert.
* Makefile.am (EXTRA_DIST): Add patch.
* patches/gnupg2-2.0.28/
0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch: New.
diff --git a/Makefile.am b/Makefile.am
index a0653a2..b6ccd0b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -34,6 +34,7 @@ EXTRA_DIST = autogen.sh README.GIT ONEWS \
patches/gnupg2-2.0.28/0002-Let-wchar_to_native-convert-to-console-codepage.patch \
patches/gnupg2-2.0.28/0005-Fix-gpgtar-8-bit-encoding-handling-on-Win32.patch \
patches/gnupg2-2.0.28/0006-gpgsm-Add-command-option-offline.patch \
+ patches/gnupg2-2.0.28/0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch \
patches/gnupg2/01-version.patch \
patches/gnupg2/01-version.patch.in \
patches/gnutls-2.12.23/01-openssl-wincrypt.patch \
diff --git a/patches/gnupg2-2.0.28/0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch b/patches/gnupg2-2.0.28/0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch
new file mode 100755
index 0000000..b42a7c6
--- /dev/null
+++ b/patches/gnupg2-2.0.28/0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch
@@ -0,0 +1,85 @@
+#! /bin/sh
+patch -p1 -l -f $* < $0
+exit $?
+
+From 35d3ced4fda90a5410a579850ca92ea6a356b402 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Mon, 27 Jul 2015 11:28:31 +0200
+Subject: [PATCH] sm: Revert to use SHA-1 for CSR generation.
+
+* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
+set it only at one place.
+--
+
+Regression-due-to: bdf439035d123e4751e133ad42982673b0c86b75
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+ sm/certreqgen.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/sm/certreqgen.c b/sm/certreqgen.c
+index ab8fbc8..a1e9bf8 100644
+--- a/sm/certreqgen.c
++++ b/sm/certreqgen.c
+@@ -587,7 +587,13 @@ proc_parameters (ctrl_t ctrl,
+
+
+ /* Parameters are checked, the key pair has been created. Now
+- generate the request and write it out */
++ generate the request and write it out.
++
++ Note: We use SHA-1 here because Libksba hash a shortcut to use
++ assume that if SIG_VAL uses as algo the string "rsa". To fix that
++ we would need to replace that string by an appropriate OID. We
++ leave this change for 2.1.
++ */
+ static int
+ create_request (ctrl_t ctrl,
+ struct para_data_s *para,
+@@ -597,6 +603,7 @@ create_request (ctrl_t ctrl,
+ {
+ ksba_certreq_t cr;
+ gpg_error_t err;
++ int hashalgo = GCRY_MD_SHA1;
+ gcry_md_hd_t md;
+ ksba_stop_reason_t stopreason;
+ int rc = 0;
+@@ -611,7 +618,7 @@ create_request (ctrl_t ctrl,
+ if (err)
+ return err;
+
+- rc = gcry_md_open (&md, GCRY_MD_SHA256, 0);
++ rc = gcry_md_open (&md, hashalgo, 0);
+ if (rc)
+ {
+ log_error ("md_open failed: %s\n", gpg_strerror (rc));
+@@ -792,10 +799,10 @@ create_request (ctrl_t ctrl,
+
+ if (carddirect)
+ rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
+- gcry_md_read(md, GCRY_MD_SHA1),
+- gcry_md_get_algo_dlen (GCRY_MD_SHA1),
+- GCRY_MD_SHA1,
+- &sigval, &siglen);
++ gcry_md_read (md, hashalgo),
++ gcry_md_get_algo_dlen (hashalgo),
++ hashalgo,
++ &sigval, &siglen);
+ else
+ {
+ char *orig_codeset;
+@@ -808,9 +815,9 @@ create_request (ctrl_t ctrl,
+ " more.\n"));
+ i18n_switchback (orig_codeset);
+ rc = gpgsm_agent_pksign (ctrl, hexgrip, desc,
+- gcry_md_read(md, GCRY_MD_SHA1),
+- gcry_md_get_algo_dlen (GCRY_MD_SHA1),
+- GCRY_MD_SHA1,
++ gcry_md_read(md, hashalgo),
++ gcry_md_get_algo_dlen (hashalgo),
++ hashalgo,
+ &sigval, &siglen);
+ xfree (desc);
+ }
+--
+1.9.1
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 1 +
NEWS | 18 ++++-
...sm-Revert-to-use-SHA-1-for-CSR-generation.patch | 85 ++++++++++++++++++++++
3 files changed, 103 insertions(+), 1 deletion(-)
create mode 100755 patches/gnupg2-2.0.28/0007-sm-Revert-to-use-SHA-1-for-CSR-generation.patch
hooks/post-receive
--
GnuPG for Windows
http://git.gnupg.org
More information about the Gpg4win-commits
mailing list