Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: dkg@fifthhorseman.net
X-Debbugs-Cc: pkg-gnupg-maint@lists.alioth.debian.org
Control: affects -1 src:gnupg2
Please consider an update to GnuPG in debian bullseye, from version
2.2.27-2 to 2.2.27-2+deb11u1.
The fixes, by Christoph Biedel and Raphaël Hertzog, are narrowly
targeted and fix real, significant issues that a subset of users have.
They have been in debian unstable and testing for a while now without
issue:
------
[ Raphaël Hertzog ]
* Avoid network interaction in generator. Closes: #993578
[ Christoph Biedl ]
* Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes: #982546
------
The debdiff from the version in bullseye (2.2.27-2) is attached.
This proposed release is also available on the "debian/bullseye" branch at
the git repo for GnuPG packaging:
https://salsa.debian.org/debian/gnupg2
Please followup on this ticket to confirm whether I should upload this
revision to bullseye's proposed updates.
Regards,
--dkg
diff -Nru gnupg2-2.2.27/debian/changelog gnupg2-2.2.27/debian/changelog
--- gnupg2-2.2.27/debian/changelog 2021-04-22 14:40:36.000000000 -0400
+++ gnupg2-2.2.27/debian/changelog 2022-01-27 14:46:11.000000000 -0500
@@ -1,3 +1,16 @@
+gnupg2 (2.2.27-2+deb11+1) bullseye; urgency=medium
+
+ [ Raphaël Hertzog ]
+ * Avoid network interaction in generator. Closes: #993578
+
+ [ Christoph Biedl ]
+ * Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes: #982546
+
+ [ Daniel Kahn Gillmor ]
+ * update git to point to debian/bullseye branch
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 27 Jan 2022 14:46:11 -0500
+
gnupg2 (2.2.27-2) unstable; urgency=medium
* Add a NEWS entry about the end of support for ~/.gnupg/options.
diff -Nru gnupg2-2.2.27/debian/control gnupg2-2.2.27/debian/control
--- gnupg2-2.2.27/debian/control 2021-04-22 14:40:36.000000000 -0400
+++ gnupg2-2.2.27/debian/control 2022-01-27 14:45:43.000000000 -0500
@@ -43,7 +43,7 @@
libnpth-mingw-w64-dev (>= 1.2),
libz-mingw-w64-dev,
mingw-w64,
-Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/main
+Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/bullseye
Vcs-Browser: https://salsa.debian.org/debian/gnupg2
Homepage: https://www.gnupg.org/
Rules-Requires-Root: no
diff -Nru gnupg2-2.2.27/debian/gbp.conf gnupg2-2.2.27/debian/gbp.conf
--- gnupg2-2.2.27/debian/gbp.conf 2021-02-08 14:38:26.000000000 -0500
+++ gnupg2-2.2.27/debian/gbp.conf 2022-01-27 14:45:33.000000000 -0500
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = debian/main
+debian-branch = debian/bullseye
pristine-tar = True
upstream-vcs-tag = gnupg-%(version)s
diff -Nru gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch
--- gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch 1969-12-31 19:00:00.000000000 -0500
+++ gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch 2022-01-27 14:44:28.000000000 -0500
@@ -0,0 +1,48 @@
+Subject: Scd: Fix CCID driver for SCM SPR332/SPR532
+Origin: gnupg-2.3.0-4-gab66c4357
+Upstream-Author: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu Apr 8 13:41:28 2021 +0900
+Bug-Debian: https://bugs.debian.org/982546
+
+ * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
+ (ccid_vendor_specific_setup): Only send CLEAR_HALT.
+ (ccid_transceive_secure): Each time, use send_escape_cmd.
+
+ --
+
+ GnuPG-bug-id: 5297
+ Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+
+--- a/scd/ccid-driver.c
++++ b/scd/ccid-driver.c
+@@ -1304,10 +1304,20 @@
+ {
+ if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
+ {
++ libusb_clear_halt (handle->idev, handle->ep_intr);
++ }
++ return 0;
++}
++
++
++static int
++ccid_vendor_specific_pinpad_setup (ccid_driver_t handle)
++{
++ if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532)
++ {
+ DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n");
+ send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3,
+ NULL, 0, NULL);
+- libusb_clear_halt (handle->idev, handle->ep_intr);
+ }
+ return 0;
+ }
+@@ -3583,6 +3593,8 @@
+ if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16)
+ return CCID_DRIVER_ERR_NOT_SUPPORTED;
+
++ ccid_vendor_specific_pinpad_setup (handle);
++
+ msg = send_buffer;
+ msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure;
+ msg[5] = 0; /* slot */
diff -Nru gnupg2-2.2.27/debian/patches/series gnupg2-2.2.27/debian/patches/series
--- gnupg2-2.2.27/debian/patches/series 2021-02-08 17:56:55.000000000 -0500
+++ gnupg2-2.2.27/debian/patches/series 2022-01-27 14:44:28.000000000 -0500
@@ -20,3 +20,4 @@
Make-gpg-zip-use-tar-from-PATH.patch
gpg-drop-import-clean-from-default-keyserver-import-optio.patch
from-master/gpg-change-agent-spawn-2019-07-24-v2.patch
+cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch
diff -Nru gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent
--- gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent 2021-02-08 14:38:26.000000000 -0500
+++ gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent 2022-01-27 14:44:28.000000000 -0500
@@ -13,7 +13,7 @@
# see also https://dev.gnupg.org/T4866 and https://dev.gnupg.org/T4867
get_okay='BEGIN{ret=1} /^gpg-agent:/{if ($5 == "1") { ret=0; exit 0 } } END {exit ret}'
-if gpgconf --check-programs | awk -F: "$get_okay" && \
+if gpgconf --check-options gpg-agent | awk -F: "$get_okay" && \
[ -n "$(gpgconf --list-options gpg-agent | \
awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then
echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
Attachment:
signature.asc
Description: PGP signature