debsig-verify (0.30) unstable; urgency=medium * Add OpenPGP subkey support. Based on a patch by Steve McIntyre . Closes: #1059150 * Switch from pkg-config to pkgconf. * Documentation: - doc: Bump required C compiler to support C99. * Packaging: - Update copyright years. * Test suite: - Add new macro to set the OpenPGP key to use. - Switch to use sq --signer-file. -- Guillem Jover Mon, 08 Apr 2024 04:53:04 +0200 debsig-verify (0.29) unstable; urgency=medium * Code internals: - openpgp-gpg: Free fpr if there is no match in gpg_getKeyID(). - openpgp-gpg: Do not duplicate the returned value in gpg_getSigKeyID(). - Rename find_command() to command_in_path() to match libdpkg. - Rename misc.c to debug.c. * Build system: - Use command_in_path() from libdpkg. -- Guillem Jover Sat, 09 Sep 2023 21:21:04 +0200 debsig-verify (0.28) unstable; urgency=medium * Add support for zstd compressed .deb archives. * Packaging: - Update copyright years. - Switch to Standards-Version 4.6.2 (no changes needed). - Do not trim debian/changelog. -- Guillem Jover Tue, 10 Jan 2023 23:38:18 +0100 debsig-verify (0.27) unstable; urgency=medium * Build system: - Request pkg-config static linking flags for libdpkg. * Packaging: - Switch to Standards-Version 4.6.1 (no changes needed). - Update lintian overrides for new syntax. -- Guillem Jover Sat, 15 Oct 2022 11:16:46 +0200 debsig-verify (0.26) unstable; urgency=medium * Print the unknown option on error. * Fix mismatched number of arguments error. * openpgp-gpg: Always pass the gpg command in argv[0]. * openpgp-gpg: Skip field separator character when parsing --with-colons output. * openpgp: Do not consider a match if one of the fingerprints has zero length. * openpgp-gpg: When matching on getKeyID match on fingerprint. * openpgp-gpg: Do not fallback to the match ID on fingerprint/keyID not found. * openpgp-gpg: Fix last field parsing. * openpgp-gpg: Switch from internal gpg --list-packets to --verify --status-fd. See #1001331. * openpgp-gpg: Unset GPG_TTY. * Check whether the origin ID is in the keyring if no match ID is specified. * openpgp: Print the pathname for the keyring used in debug mode. * Documentation: - Update TODO. - Refer to the main git repository as primary. - Use https:// for release download URLs. - Switch release URL from ftp.debian.org to deb.debian.org. * Code internals: - Avoid using an intermediate buffer in ds_printf(). - Switch from fgets() to getline(). - openpgp-gpg: Refactor get_field() out from get_colon_field(). - Refactor keyring generation. - Pass a string instead of a struct match to getKeyID(). - Rename getSigKeyID() argument from type to name. - Turn struct match «type» member from an int to an enum. - openpgp-gpg: Fix cleanup_gpg_tmpdir() subprocess description. * Test suite: - Add new test keys with non-weak algorithms. -- Guillem Jover Tue, 04 Oct 2022 04:01:26 +0200 debsig-verify (0.25) unstable; urgency=medium * Update copyright years. * Test suite: - Fix function name in trap. -- Guillem Jover Wed, 17 Nov 2021 02:35:53 +0100 debsig-verify (0.24) unstable; urgency=medium * Switch keyring parser from gpg --list-packets to --show-keys --with-colons. * Use fingerprint and fallback to use long keyIDs for database filenames. * Reject weak RIPEMD160 and SHA1 algorithms. * Documentation: - Update .gpg keyring references to .pgp in man page. - Mention OpenPGP instead of gpg in generic code comments. - Clarify the requirement for OpenPGP keyrings. Prompted by Steve McIntyre . See #988646. - Update and modernize the policy-syntax specification. * Code internals: - Move GnuPG specific macros to the GnuPG backend module. - Rename gpgVerify() to sigVerify(). - Add a new find_command() function. - Abstract the OpenPGP operations behind a frontend driver. - Move checkSigExist() from misc to openpgp module. - Rename XML parser file to policy-xml. - Refactor key ID comparison function. - Support comparing keyIDs and fingerprints. - Refactor database filename generation into a new function. - Refactor prefix matching into a new function. - Regroup header includes. * Build system: - Add GitLab CI support. - Update .gitignore file. * Packaging: - Fix typo for Standards-Version field. - Switch to Standards-Version 4.6.0 (no changes needed). - Do not include the keyid in the example policies pathname. * Test suite: - Rename .gpg keyrings to .pgp. - Abstract OpenPGP details into debsig_openpgp_* functions. - Check OpenPGP backend availability. - Add sqop and sq OpenPGP backend support. - Remove obsolete and non-compliant test data. Reported by Charles Duffy . - Shorten test case titles. - Move bad sig case after no sig case. -- Guillem Jover Tue, 16 Nov 2021 06:02:07 +0100 debsig-verify (0.23) unstable; urgency=medium * Remove unused ‘c’ variable assignment in fgets() call. * Packaging: - Switch to Standards-Version 4.5.1 (no changes needed). - Switch to debhelper compatibility level 13. - Update copyright years. -- Guillem Jover Thu, 24 Dec 2020 22:29:03 +0100 debsig-verify (0.22) unstable; urgency=medium * Fix use after free on debug output. Reported by Moritz Meintker . -- Guillem Jover Wed, 11 Dec 2019 05:12:02 +0100 debsig-verify (0.21) unstable; urgency=medium * Packaging: - Do not use dh_auto_configure to configure the source in the autopkgtest, as it passes unknown options that emit warnings that make the test fail. See: #942813. -- Guillem Jover Sat, 26 Oct 2019 20:38:50 +0200 debsig-verify (0.20) unstable; urgency=medium * Update copyright years. * Expand GPLv2 brief notice in debsig-verify man page into the standard GPL-2+ notice. * Print the temporary directory template in case mkdtemp() fails, instead of printing NULL. * Build system: - Add missing files to the distribution. - Generate the .dist-version when creating a dist tarball. * Packaging: - Bump Standards-Version to 4.4.1 (no changes needed). - Switch from debian/compat to debhelper-compat in Build-Depends. - Switch to debhelper compatibility level 12. - Switch to dh. -- Guillem Jover Sat, 19 Oct 2019 04:23:44 +0200 debsig-verify (0.19) unstable; urgency=medium * Update Vcs information to point to new hosting. * Allocate pathname buffers dynamically to avoid possible silent truncation. * Build system: - Detect compiler flags availability at build-time. * Packaging: - Namespace debhelper files with package names. - Bump Standards-Version to 4.1.5 (no changes needed). - Move debhelper command arguments into fragment files. - Install all test policies into keyid example directories. -- Guillem Jover Thu, 05 Jul 2018 12:50:11 +0200 debsig-verify (0.18) unstable; urgency=medium * Pass --no-auto-check-trustdb to the gpg invocations. * Add gpg as a alternative dependencies to gnupg, and gpg-agent or gnupg-agent as new Build-Depends, now that the package has been split in a more fine-grained way. * Use UTC0 instead of UTC when setting TZ. * Bump Standards-Version to 4.1.1 (no changes needed). * Add autopkgtest using the upstream test suite. * Set Rules-Requires-Root to no. * Set distribution tarball format to ustar. -- Guillem Jover Sun, 05 Nov 2017 23:46:13 +0100 debsig-verify (0.17) unstable; urgency=medium * Spelling fixes. Thanks to Josh Soref . * Switch from libxmltok (expat 1.x) to libexpat (expat 2.x). The latter package is slightly bigger, but that is offset by being used by many more package, and more importantly being maintained upstream. * Bump Standards-Version to 4.0.1 (no changes needed). * Switch to debhelper compatibility level 10. -- Guillem Jover Sun, 13 Aug 2017 00:25:11 +0200 debsig-verify (0.16) unstable; urgency=medium * Wrap dependency fields in debian/control. * Add debsigs to Suggests. * Mark gnupg Build-Depends as . * Adapt for libdpkg 1.18.11 ar API changes. * Enable more compilation warnings from configure. * Switch to a single git repository URL in README for browsing and cloning to fix previously broken cloning URL. -- Guillem Jover Tue, 24 Jan 2017 02:10:20 +0100 debsig-verify (0.15) unstable; urgency=medium * Fix typo in error message, reported by lintian. * Fix typo in man page, reported by lintian. * Bump Standards-Version to 3.9.8 (no changes needed). * Use https for debsig policy DTD. * Fix coding style. * Switch to the dpkg makefile fragments in debian/rules. * Enable all hardening flags. * Switch to use the new libdpkg 1.18.8 ar API. * Fix parsing of GnuPG 2.x --list-packets output. * Move debian/copyright paragraph referencing GPL-2 file to a Comment field. * Make configure.ac a dependency of the configure target in debian/rules. * Fix test suite with GnuPG 2.x. -- Guillem Jover Thu, 14 Jul 2016 00:45:33 +0200 debsig-verify (0.14) unstable; urgency=low * Assume at least C89 and POSIX.1-2001. * Fix man page formatting. * Add references to debsigs(1) and gpg(1) to the man page. * Add missing man page .TH fields. * Use https instead of git or http in URLs. * Add new test case covering key to name id mapping. * Switch to use more of libdpkg instead of ad-hoc code: - Use path_make_temp_template(). - Switch from popen() to subproc_fork() and execlp(), to avoid shell invocation and unsafe argument passing. - Use the command module to invoke GnuPG instead of execlp(). * Do not use an absolute pathname to the GnuPG program. * Make the GnuPG program configurable through the DEBSIG_GNUPG_PROGRAM environment variable. * Fix handling of a possibly non-terminated origin ID string. * Fix a file TOCTOU issue in the XML parser. * Set umask() for mkstemp() calls. * Do not free() nor unlink() an uninitialized string. * Fix printing debug message on unmatched key IDs in getKeyID(). * Update copyright years. -- Guillem Jover Sat, 13 Feb 2016 11:32:58 +0100 debsig-verify (0.13) unstable; urgency=medium * Disable all current GnuPG warnings, as these do not concern us, because we only use gpg for verification purposes, so we should not be handling sensitive material anyway. This fixes failures in the testsuite on GNU/Hurd due to unexpected output in stderr. -- Guillem Jover Tue, 28 Oct 2014 18:03:29 +0100 debsig-verify (0.12) unstable; urgency=medium * Merge the testsuite execution into the debian/rules build-arch target, and use a build stamp file so that we do not invoke it from a binary target. The latter is going to be run as root possibly via fakeroot, and as GnuPG is set-uid-root on non-Linux systems, it fails there. * Mark targets as .PHONY in debian/rules. * Explicitly Build-Depend on gnupg for the testsuite. -- Guillem Jover Tue, 28 Oct 2014 06:24:28 +0100 debsig-verify (0.11) unstable; urgency=medium * Update Vcs-Browser git URL to the new cgit scheme. * Add a README file. * Autoconfiscate build system. * Add more warning flags to the default compiler flags. * Do not use continuation lines in string literals. * Reformat and reflow --help output. * Add a --root option to use an alternative root directory. Thanks to Michael Vogt . Closes: #758525 * Add new --policies-dir and --keyrings-dir options. * Add new --help option. * Do not print --version and --help on stderr and make them exit 0. And replace usage error output with a new function that gives a hint to the user to use --help instead. * Add long options for quiet, verbose and debug. * Use DS_LEV_ERR instead of DS_FAIL_INTERNAL as ds_printf() level argument. * Use more of libdpkg instead of ad-hoc code, to reduce code duplication, switch to more tested code, and so that the error return codes are checked and acted upon. Closes: #758615 - Switch to use subproc module instead of fork() and waitpid(). - Switch from xmalloc to m_malloc(). - Use ohshit()/ohshite() instead of ds_fail_printf(DS_FAIL_INTERNAL, ...). - Use m_dup2() instead of raw dup2(). - Use fdio API instead of ad-hoc file copying. - Use str_match_end() instead of ad-hoc code, which also fixes a warning due to a signed vs unsigned comparison. * Remove useless return statements. * Use a temporary GNUPGHOME instead of using the users's default. Based on a patch by Michael Vogt . Closes: #758826 * Error out if the GnuPG pipe failed on close. * Explicitly check strcmp() return value instead of handling it as a bool. * Switch originID from global to function scoped variable. Thanks to Michael Vogt . * Switch deb and deb_fd from global to a function scoped struct. * Change len type to size_t to fix a signed vs unsigned comparison warning. * Make private functions static. * Make private constant string variables static const. * Add new autotest functional testsuite. * Add test cases for signature checks. Based on a patch by Michael Vogt . * Update copyright holders and years. * Bump Standards-Version to 3.9.6 (no changed needed). -- Guillem Jover Tue, 28 Oct 2014 04:01:53 +0100 debsig-verify (0.10) unstable; urgency=low * Add exit status codes to the man page. Thanks to Ben Collins . * Enable LFS by passing the correct build flags to the build. * Extend the package long description. * Add a lintian override for package-contains-empty-directory on /usr/share/debsig/keyrings/. -- Guillem Jover Tue, 29 Jul 2014 12:21:49 +0200 debsig-verify (0.9) unstable; urgency=low * New maintainer. Closes: #540897 * Use '' style quoting instead of unpaired `'. * Use italics for pathnames and user replacable strings. * Add missing space before Build-Depends version. * Bump Standards-Version to 3.9.5 (no changed needed). * Stop making build-indep depend on build-stamp in debian/rules. * Stop using a build-stamp in debian/rules. * Add dh_installman and dh_link commands. * Mark debsig-verify as Enhances dpkg. * Sync Priority with archive override (from standard to optional). * Use $(CURDIR) instead of $(shell pwd) in debian/rules. * Honour user CPPFLAGS, CFLAGS and LDFLAGS. * Set build flags via dpkg-buildflags. * Switch debian/copyright to machine-readable format 1.0. * Add support for control.tar, control.tar.xz, data.tar, data.tar.xz, data.tar.bz2 and data.tar.lzma deb members. Closes: #745563 Based on a patch by Vivek Das Mohapatra . * Do not unnecessarily link against libxmltok, only libxmlparse. * Start using libdpkg instead of duplicating code: - Add pkg-config and libdpkg-dev to Build-Depends. - Add a Built-Using field for libdpkg-dev static linking. - Use libdpkg error handling code. - Use libdpkg ar handling. This enables ar large file support (LFS). * Check return values from functions marked with warn_unused_result. * Fix typos (aswell → as well). Closes: #748539 Thanks to Tomas Pospisek . * Add Vcs-Browser and Vcs-Git fields. * Switch to source format “3.0 (native)”. * Create the debian-keyring.gpg testing symlink in a new check target, instead of shipping it in the git repository or the release tarballs. * Decapitalize package short description. -- Guillem Jover Fri, 06 Jun 2014 13:41:13 +0200 debsig-verify (0.8) unstable; urgency=low * QA upload. * Maintainer field set to QA Group. * Standards-Version bumped to 3.9.3. * Add dependency on ${misc:Depends}. * Debhelper compatibility level set to 9. Build dependency on debhelper updated accordingly. * build-{arch,indep} targets added to debian/rules. * Deprecated dh_clean -k replaced with dh_prep. -- Emanuele Rocca Sun, 20 May 2012 09:25:43 +0000 debsig-verify (0.7) unstable; urgency=low * Upload to main proper -- Ben Collins Tue, 15 Apr 2003 13:37:34 -0400 debsig-verify (0.6) unstable; urgency=low * Redesigned ds_fail_printf * Initialize gpg before using it -- Ben Collins Fri, 27 Apr 2001 13:55:52 -0400 debsig-verify (0.5) unstable; urgency=low * Some formatting changes * add "debian-binary" to members that are part of the signed data * For the selection phase, do not actually check the signatures with gpg. Just make sure they exist, and match if the ID is specified * If -d is specified, allow gpg output to stdout/stderr -- Ben Collins Sat, 14 Apr 2001 00:41:03 -0400 debsig-verify (0.4) unstable; urgency=low * Fix execl in gpgVerify() * Make sure files end in .pol * Add some more debug output -- Ben Collins Thu, 8 Mar 2001 10:50:01 -0500 debsig-verify (0.3) unstable; urgency=low * debian/control: Suggests debian-keyring, Section non-US/main -- Ben Collins Sun, 21 Jan 2001 13:48:08 -0500 debsig-verify (0.2) unstable; urgency=low * Added --list-policies, to get a list of applicable policies for a .deb (do not verify the contents). Also added a --use-policy so the user can specify one of the shortnames in the list from the list option. * Added manpage for debsig-verify * Added some code to free up alloc'd memory used by parsePolicy() * Lots of code cleanups * Added a -d option for debug output * Change to use "gpg --verify " instead of stdin. The newest gpg changed this behavior to fix a security issue. * Use obstack to alloc policy data in xml-parts.c -- Ben Collins Tue, 12 Dec 2000 17:41:53 -0500 debsig-verify (0.1) unstable; urgency=low * Original setup -- Ben Collins Mon, 4 Dec 2000 20:21:32 -0500