Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: dkg@fifthhorseman.net X-Debbugs-Cc: pkg-gnupg-maint@lists.alioth.debian.org Control: affects -1 src:gnupg2 Please consider an update to GnuPG in debian bullseye, from version 2.2.27-2 to 2.2.27-2+deb11u1. The fixes, by Christoph Biedel and Raphaël Hertzog, are narrowly targeted and fix real, significant issues that a subset of users have. They have been in debian unstable and testing for a while now without issue: ------ [ Raphaël Hertzog ] * Avoid network interaction in generator. Closes: #993578 [ Christoph Biedl ] * Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes: #982546 ------ The debdiff from the version in bullseye (2.2.27-2) is attached. This proposed release is also available on the "debian/bullseye" branch at the git repo for GnuPG packaging: https://salsa.debian.org/debian/gnupg2 Please followup on this ticket to confirm whether I should upload this revision to bullseye's proposed updates. Regards, --dkg
diff -Nru gnupg2-2.2.27/debian/changelog gnupg2-2.2.27/debian/changelog --- gnupg2-2.2.27/debian/changelog 2021-04-22 14:40:36.000000000 -0400 +++ gnupg2-2.2.27/debian/changelog 2022-01-27 14:46:11.000000000 -0500 @@ -1,3 +1,16 @@ +gnupg2 (2.2.27-2+deb11+1) bullseye; urgency=medium + + [ Raphaël Hertzog ] + * Avoid network interaction in generator. Closes: #993578 + + [ Christoph Biedl ] + * Backport "Scd: Fix CCID driver for SCM SPR332/SPR532". Closes: #982546 + + [ Daniel Kahn Gillmor ] + * update git to point to debian/bullseye branch + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 27 Jan 2022 14:46:11 -0500 + gnupg2 (2.2.27-2) unstable; urgency=medium * Add a NEWS entry about the end of support for ~/.gnupg/options. diff -Nru gnupg2-2.2.27/debian/control gnupg2-2.2.27/debian/control --- gnupg2-2.2.27/debian/control 2021-04-22 14:40:36.000000000 -0400 +++ gnupg2-2.2.27/debian/control 2022-01-27 14:45:43.000000000 -0500 @@ -43,7 +43,7 @@ libnpth-mingw-w64-dev (>= 1.2), libz-mingw-w64-dev, mingw-w64, -Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/main +Vcs-Git: https://salsa.debian.org/debian/gnupg2.git -b debian/bullseye Vcs-Browser: https://salsa.debian.org/debian/gnupg2 Homepage: https://www.gnupg.org/ Rules-Requires-Root: no diff -Nru gnupg2-2.2.27/debian/gbp.conf gnupg2-2.2.27/debian/gbp.conf --- gnupg2-2.2.27/debian/gbp.conf 2021-02-08 14:38:26.000000000 -0500 +++ gnupg2-2.2.27/debian/gbp.conf 2022-01-27 14:45:33.000000000 -0500 @@ -1,5 +1,5 @@ [DEFAULT] -debian-branch = debian/main +debian-branch = debian/bullseye pristine-tar = True upstream-vcs-tag = gnupg-%(version)s diff -Nru gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch --- gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch 1969-12-31 19:00:00.000000000 -0500 +++ gnupg2-2.2.27/debian/patches/cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch 2022-01-27 14:44:28.000000000 -0500 @@ -0,0 +1,48 @@ +Subject: Scd: Fix CCID driver for SCM SPR332/SPR532 +Origin: gnupg-2.3.0-4-gab66c4357 +Upstream-Author: NIIBE Yutaka <gniibe@fsij.org> +Date: Thu Apr 8 13:41:28 2021 +0900 +Bug-Debian: https://bugs.debian.org/982546 + + * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New. + (ccid_vendor_specific_setup): Only send CLEAR_HALT. + (ccid_transceive_secure): Each time, use send_escape_cmd. + + -- + + GnuPG-bug-id: 5297 + Signed-off-by: NIIBE Yutaka <gniibe@fsij.org> + +--- a/scd/ccid-driver.c ++++ b/scd/ccid-driver.c +@@ -1304,10 +1304,20 @@ + { + if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532) + { ++ libusb_clear_halt (handle->idev, handle->ep_intr); ++ } ++ return 0; ++} ++ ++ ++static int ++ccid_vendor_specific_pinpad_setup (ccid_driver_t handle) ++{ ++ if (handle->id_vendor == VENDOR_SCM && handle->id_product == SCM_SPR532) ++ { + DEBUGOUT ("sending escape sequence to switch to a case 1 APDU\n"); + send_escape_cmd (handle, (const unsigned char*)"\x80\x02\x00", 3, + NULL, 0, NULL); +- libusb_clear_halt (handle->idev, handle->ep_intr); + } + return 0; + } +@@ -3583,6 +3593,8 @@ + if (pininfo->fixedlen < 0 || pininfo->fixedlen >= 16) + return CCID_DRIVER_ERR_NOT_SUPPORTED; + ++ ccid_vendor_specific_pinpad_setup (handle); ++ + msg = send_buffer; + msg[0] = cherry_mode? 0x89 : PC_to_RDR_Secure; + msg[5] = 0; /* slot */ diff -Nru gnupg2-2.2.27/debian/patches/series gnupg2-2.2.27/debian/patches/series --- gnupg2-2.2.27/debian/patches/series 2021-02-08 17:56:55.000000000 -0500 +++ gnupg2-2.2.27/debian/patches/series 2022-01-27 14:44:28.000000000 -0500 @@ -20,3 +20,4 @@ Make-gpg-zip-use-tar-from-PATH.patch gpg-drop-import-clean-from-default-keyserver-import-optio.patch from-master/gpg-change-agent-spawn-2019-07-24-v2.patch +cherry-picked/1617856888.gnupg-2.3.0-4-gab66c4357.scd-fix-ccid-driver-for-scm-spr332-spr532.patch diff -Nru gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent --- gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent 2021-02-08 14:38:26.000000000 -0500 +++ gnupg2-2.2.27/debian/systemd-environment-generator/90gpg-agent 2022-01-27 14:44:28.000000000 -0500 @@ -13,7 +13,7 @@ # see also https://dev.gnupg.org/T4866 and https://dev.gnupg.org/T4867 get_okay='BEGIN{ret=1} /^gpg-agent:/{if ($5 == "1") { ret=0; exit 0 } } END {exit ret}' -if gpgconf --check-programs | awk -F: "$get_okay" && \ +if gpgconf --check-options gpg-agent | awk -F: "$get_okay" && \ [ -n "$(gpgconf --list-options gpg-agent | \ awk -F: '/^enable-ssh-support:/{ print $10 }')" ]; then echo SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
Attachment:
signature.asc
Description: PGP signature