Hello community, here is the log from the commit of package signing-party for openSUSE:Factory checked in at 2015-08-23 15:44:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/signing-party (Old) and /work/SRC/openSUSE:Factory/.signing-party.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "signing-party" Changes: -------- --- /work/SRC/openSUSE:Factory/signing-party/signing-party.changes 2015-06-23 12:00:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.signing-party.new/signing-party.changes 2015-08-23 17:52:38.000000000 +0200 @@ -1,0 +2,11 @@ +Sat Aug 22 21:26:21 UTC 2015 - astie...@suse.com + +- update to 2.1: + * caff: + + Only consider non-expired/invalid/revoked keys and UIDs when + generating the caffrc. + + Proper RFC 5322 validation of email addresses. + + Prefix the signature by "-- \n" in the email template. + + Automatically mkdir ~/.caff if it doesn't exit. + +------------------------------------------------------------------- Old: ---- signing-party_2.0.orig.tar.gz New: ---- signing-party_2.1.orig.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ signing-party.spec ++++++ --- /var/tmp/diff_new_pack.tmkENF/_old 2015-08-23 17:52:39.000000000 +0200 +++ /var/tmp/diff_new_pack.tmkENF/_new 2015-08-23 17:52:39.000000000 +0200 @@ -17,7 +17,7 @@ Name: signing-party -Version: 2.0 +Version: 2.1 Release: 0 Summary: GPG Tools License: GPL-2.0+ ++++++ signing-party_2.0.orig.tar.gz -> signing-party_2.1.orig.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/caff/README new/caff/README --- old/caff/README 2015-04-14 20:03:25.000000000 +0200 +++ new/caff/README 2015-08-08 16:39:43.000000000 +0200 @@ -44,4 +44,4 @@ -- Peter -$Id$ +$Id: README 511 2014-02-26 06:55:07Z guilhem-guest $ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/caff/caff new/caff/caff --- old/caff/caff 2015-04-14 20:03:25.000000000 +0200 +++ new/caff/caff 2015-08-08 16:39:43.000000000 +0200 @@ -1,7 +1,7 @@ #!/usr/bin/perl # caff -- CA - Fire and Forget -# $Id$ +# $Id: caff 809 2015-05-26 22:11:14Z guilhem-guest $ # # Copyright (c) 2004, 2005, 2006 Peter Palfrader <pe...@palfrader.org> # Copyright (c) 2005, 2006 Christoph Berg <c...@df7cb.de> @@ -416,7 +416,7 @@ use MIME::Entity; use Encode (); use I18N::Langinfo qw{langinfo}; -use Net::IDN::Encode (); +use Net::IDN::Encode qw{email_to_ascii domain_to_ascii}; use Fcntl; use IO::Select; use Getopt::Long; @@ -425,7 +425,7 @@ use Term::ANSIColor qw{colored}; my %CONFIG; -my $REVISION = '$Rev$'; +my $REVISION = '$Rev: 809 $'; my ($REVISION_NUMER) = $REVISION =~ /(\d+)/; $REVISION_NUMER //= 'unknown'; my $VERSION = "0.0.0.$REVISION_NUMER"; @@ -493,6 +493,58 @@ } +sub get_GnuPG_version() { + my $version = `$CONFIG{gpg} --with-colons --list-config version` or exit 1; + chomp $version; + $version =~ s/^cfg:version:(\d+\.\d+).*/$1/; + debug "gpg (GnuPG) $version"; + return $version; +} + +# See RFC 5322 section 3.4.1; only the pattern for the local part, which +# doesn't go beyond the ASCII range, is validated. The domain part is +# NOT checked against RFC 5322, as it must be encoded to ASCII first; +# for now any string in the full-range unicode that does not contain +# U+0040 (commercial at), U+FE6B (small commercial at) and U+FF20 +# (fullwidth commercial at) is accepted. +my $RE_word = qr/[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x41-\x5A\x5E-\x7E]+ # atom: any ASCII CHAR except specials, SPACE and CTLs + |\x22(?:[\x00-\x21\x23-\x5B\x5D-\x7E]|\x5C\p{ASCII})*\x22 # quoted string + /x; +my $RE_address_spec = qr/(?<l>$RE_word(?:\.$RE_word)*)[\@\N{U+FE6B}\N{U+FF20}](?<d>[^\@\N{U+FE6B}\N{U+FF20}]+)/o; + +# A domain label is a non-empty ASCII string of length at most 63 +# characters (RFC 1035 2.3.4). Valid characters are alphanumeric and +# hyphen '-', but an hyphen may not appear at the start or end of a +# label (RFC 952, RFC 1123 2.1). +my $RE_label = qr/[0-9a-z](?:[0-9a-z\x2D]{0,61}[0-9a-z])?/aai; + +# Take a 'mailbox' (RFC 5322 section 3.4) and return its ASCII-encoded +# 'addr-spec'; or undef if it violates one of RFC 5322/5892/1035/5321. +# We're not using Email::Valid because it's not unicode-friendly. +# NOTE: This subroutine should only be used to extract e-mail addresses +# from UIDs. The phrase is NOT checked against RFC 5322 (any string +# containing only characters in the full-unicode printable range are +# accepted), but we don't care as long as it's not used in email +# headers. +sub email_valid($) { + local $_ = shift // return; + return unless /\A$RE_address_spec\z/ao or # addr-spec + /\A(?:\p{Print}*\p{Space})?<$RE_address_spec>\z/ao; # [phrase] "<" addr-spec ">" + my ($l,$d) = @+{qw/l d/}; + if ($d =~ /\P{ASCII}/) { + # encode the IDN to ASCII using Punycode for RFC 5321 validation + eval { $d = domain_to_ascii($d) }; + return if $@; # violates RFC 5892 + } + my $address = "$l\@$d"; + return unless + length $d > 0 and length $d <= 255 # violates RFC 1035 2.3.4 "size limits" + and length $l <= 64 # violates RFC 5321 4.5.3.1.1 + and length $address <= 254 # violates RFC 5321 4.5.3.1.3 + and $d =~ /\A$RE_label(?:\.$RE_label)+\z/o; # ignore non-FQDN + return $address; +} + open NULL, '+<', '/dev/null'; my $NULL = fileno NULL; sub generate_config() { @@ -510,32 +562,39 @@ $gecos =~ s/,.*//; $CONFIG{'gpg'} = $ENV{GNUPGBIN} // 'gpg'; + $GNUPG_VERSION = get_GnuPG_version(); my $gpg = mkGnuPG( extra_args => ['--with-colons'] ); my $handles = mkGnuPG_fds ( stdout => undef ); my $pid = $gpg->list_public_keys(handles => $handles, command_args => [ $gecos ]); my %output = readwrite_gpg($handles); - done_gpg($pid, $handles); + waitpid $pid, 0; + $handles->{stdout}->close; if ($output{stdout} eq '') { - mywarn "No data from gpg for list-key"; # There should be at least 'tru:' everywhere. + mywarn "No data from $CONFIG{gpg} for list-key"; # There should be at least 'tru:' everywhere. }; - @keys = ($output{stdout} =~ /^pub:[^r:]*:(?:[^:]*:){2}([0-9A-F]{16}):/mg); + @keys = ($output{stdout} =~ /^pub:[^eir:]*:(?:[^:]*:){2}([0-9A-F]{16}):/mg); unless (scalar @keys) { - notice("Error: No keys were found using \"gpg --list-public-keys '$gecos'\"", 0); - @keys = qw{0123456789abcdef 89abcdef76543210}; + notice("Error: No keys were found using \"$CONFIG{gpg} --list-public-keys '$gecos'\"", 0); + @keys = qw{0123456789ABCDEF 89ABCDEF76543210}; $Ckeys = '#'; } - ($email) = ($output{stdout} =~ /^uid:(?:[^:]*:){8}[^:]+ <([^:]+\@[^:]+)>(?::.*)?$/m); + my @emails = ($output{stdout} =~ /^uid:[^eir:]*:(?:[^:]*:){7}([^:]+)(?::.*)?$/mg); + if (@emails) { + s/\\x(\p{AHex}{2})/ chr(hex($1)) /ge foreach @emails; + @emails = grep defined, map {email_valid(Encode::decode_utf8($_))} @emails; + $email = shift @emails; # take the first valid address + } unless (defined $email) { - notice("Error: No email address was found using \"gpg --list-public-keys '$gecos'\"", 0); + notice("Error: No email address was found using \"$CONFIG{gpg} --list-public-keys '$gecos'\"", 0); $email = $ENV{'LOGNAME'}.'@'.$hostname; $Cemail = '#'; } } else { $gecos = 'Unknown Caff User'; $email = $ENV{'LOGNAME'}.'@'.$hostname; - @keys = qw{0123456789abcdef 89abcdef76543210}; + @keys = qw{0123456789ABCDEF 89ABCDEF76543210}; ($Cgecos,$Cemail,$Ckeys) = ('#','#','#'); }; @@ -548,7 +607,7 @@ #\$CONFIG{'reply-to'} = 'foo\@bla.org'; # You can get your long keyid from -# gpg --keyid-format long --list-key <yourkeyid|name|emailaddress..> +# $CONFIG{gpg} --keyid-format long --list-key <yourkeyid|name|emailaddress..> # # If you have a v4 key, it will simply be the last 16 digits of # your fingerprint. @@ -597,7 +656,7 @@ $CONFIG{'caffhome'} //= $ENV{'HOME'}.'/.caff'; $KEYSBASE = $CONFIG{'caffhome'}.'/keys'; $GNUPGHOME = $CONFIG{'caffhome'}.'/gnupghome'; - foreach ($KEYSBASE, $GNUPGHOME) { + foreach ($CONFIG{'caffhome'}, $KEYSBASE, $GNUPGHOME) { next if -d $_; debug("Creating $_"); mkdir $_, 0700 or myerror(1, "Cannot mkdir $_: $!"); @@ -961,7 +1020,7 @@ $message_entity->head->add("From", $from); $message_entity->head->add("Date", strfCtime("%a, %e %b %Y %H:%M:%S %z", localtime)); $message_entity->head->add("Subject", Encode::encode('MIME-Q', $CONFIG{'mail-subject'} =~ s/%k/$key_id/gr)); - $message_entity->head->add("To", email_to_ascii($address)); + $message_entity->head->add("To", $address); $message_entity->head->add("Sender", $from); $message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined $CONFIG{'reply-to'}; $message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined $CONFIG{'bcc'}; @@ -983,21 +1042,6 @@ $message_entity->send(@{$CONFIG{'mailer-send'}}); }; -# Net::IDN::Encode::email_to_ascii crashes upon punycode conversion failure: -# we don't want caff to crash, so upon errors return the input as is and -# let the MUA handle that -sub email_to_ascii($) { - my $email = shift; - my $res; - - eval { $res = Net::IDN::Encode::email_to_ascii($email) }; - return $res unless $@; - - chomp $@; - mywarn($@); - return $email; -} - ###### # clean up a UID so that it can be used on the FS. ###### @@ -1342,11 +1386,7 @@ }; -$GNUPG_VERSION = `$CONFIG{'gpg'} --with-colons --list-config version` or exit 1; -chomp $GNUPG_VERSION; -$GNUPG_VERSION =~ s/^cfg:version:(\d+\.\d+).*/$1/; -debug "gpg (GnuPG) $GNUPG_VERSION"; - +$GNUPG_VERSION = get_GnuPG_version(); if ($GNUPG_VERSION >= 2.1) { my @sockets; unless ($CONFIG{'no-sign'}) { @@ -1515,10 +1555,7 @@ $uid->{text} =~ s/\\x(\p{AHex}{2})/ chr(hex($1)) /ge; # --with-colons always outputs UTF-8 $uid->{text} = Encode::decode_utf8($uid->{text}); - $uid->{address} = $1 if $uid->{type} eq 'uid' and $uid->{text} =~ /.*<([^>]+[\@\N{U+FE6B}\N{U+FF20}][^>]+)>$/; - # XXX This does not cover the full RFC 2822 specification: - # The local part may contain '>' in a quoted string. - # However as of 1.4.18/2.0.26, gpg doesn't allow that either. + $uid->{address} = email_valid $uid->{text} if $uid->{type} eq 'uid'; push @{$KEYS{$keyid}->{uids}}, $uid; } elsif (!/^(?:rvk|tru):/) { @@ -1829,7 +1866,7 @@ delete $_->{key} foreach grep {!$_->{export}} @UIDS; # delete non-exported keys if (!grep {defined $_->{address}} @UIDS) { - mywarn "No signed RFC 2822 UID on $longkeyid; won't send other signed UID and attributes!" + mywarn "No signed RFC 5322 UID on $longkeyid; won't send other signed UID and attributes!" if @attached; } elsif (grep {$_->{export}} @UIDS) { @@ -1888,4 +1925,5 @@ If you have any questions, don't hesitate to ask. Regards, +-- {$owner} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/caff/caffrc.sample new/caff/caffrc.sample --- old/caff/caffrc.sample 2015-04-14 20:03:25.000000000 +0200 +++ new/caff/caffrc.sample 2015-08-08 16:39:43.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id$ +# $Id: caffrc.sample 505 2013-10-18 08:16:20Z weasel $ # vim:ft=perl: $CONFIG{'owner'} = 'John Doe'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/caff/pgp-clean new/caff/pgp-clean --- old/caff/pgp-clean 2015-04-14 20:03:25.000000000 +0200 +++ new/caff/pgp-clean 2015-08-08 16:39:43.000000000 +0200 @@ -1,7 +1,7 @@ #!/usr/bin/perl -w # pgp-clean -- remove all non-self signatures from key -# $Id$ +# $Id: pgp-clean 764 2015-01-22 22:48:30Z guilhem-guest $ # # Copyright (c) 2004, 2005 Peter Palfrader <pe...@palfrader.org> # Copyright (c) 2006 Christoph Berg <c...@df7cb.de> @@ -113,7 +113,7 @@ use Getopt::Long; use GnuPG::Interface; -my $REVISION = '$Rev$'; +my $REVISION = '$Rev: 764 $'; my ($REVISION_NUMER) = $REVISION =~ /(\d+)/; my $VERSION = "0.0.0.$REVISION_NUMER"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/caff/pgp-fixkey new/caff/pgp-fixkey --- old/caff/pgp-fixkey 2015-04-14 20:03:25.000000000 +0200 +++ new/caff/pgp-fixkey 2015-08-08 16:39:43.000000000 +0200 @@ -1,7 +1,7 @@ #!/usr/bin/perl -w # pgp-fixkey -- remove broken packets from keys -# $Id$ +# $Id: pgp-fixkey 764 2015-01-22 22:48:30Z guilhem-guest $ # # Copyright (c) 2004, 2005 Peter Palfrader <pe...@palfrader.org> # @@ -103,7 +103,7 @@ use IO::Select; use GnuPG::Interface; -my $REVISION = '$Rev$'; +my $REVISION = '$Rev: 764 $'; my ($REVISION_NUMER) = $REVISION =~ /(\d+)/; my $VERSION = "0.0.0.$REVISION_NUMER"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpg-key2latex/gpg-key2latex new/gpg-key2latex/gpg-key2latex --- old/gpg-key2latex/gpg-key2latex 2015-04-14 20:03:25.000000000 +0200 +++ new/gpg-key2latex/gpg-key2latex 2015-08-08 16:39:43.000000000 +0200 @@ -1,7 +1,7 @@ #!/usr/bin/perl # gpg-key2latex -- Generate a LaTeX file for fingerprint slips. -# $Id$ +# $Id: gpg-key2latex 764 2015-01-22 22:48:30Z guilhem-guest $ # # Copyright (c) 2014 Guilhem Moulin <guil...@guilhem.org> # @@ -21,7 +21,7 @@ use warnings; use strict; -my $REVISION = '$Rev$'; +my $REVISION = '$Rev: 764 $'; my ($REVISION_NUMBER) = $REVISION =~ /(\d+)/; our $VERSION = '0.0.0.'.($REVISION_NUMBER // 'unknown'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpg-key2ps/gpg-key2ps new/gpg-key2ps/gpg-key2ps --- old/gpg-key2ps/gpg-key2ps 2015-04-14 20:03:25.000000000 +0200 +++ new/gpg-key2ps/gpg-key2ps 2015-08-08 16:39:43.000000000 +0200 @@ -7,12 +7,12 @@ # Licenced under the GNU General Public License, # version 2 or later. # -# $Id$ +# $Id: gpg-key2ps 764 2015-01-22 22:48:30Z guilhem-guest $ use strict; use Getopt::Long; -my $version = '$Rev$'; +my $version = '$Rev: 764 $'; $version =~ s/\$Rev:\s*(\d+)\s*\$/$1/; my $showsubkeys = 0; my $revokestyle = "hide"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpg-mailkeys/gpg-mailkeys new/gpg-mailkeys/gpg-mailkeys --- old/gpg-mailkeys/gpg-mailkeys 2015-04-14 20:03:25.000000000 +0200 +++ new/gpg-mailkeys/gpg-mailkeys 2015-08-08 16:39:43.000000000 +0200 @@ -2,11 +2,11 @@ # # gpg-mailkeys: mail out just signed keys to their owners # -# $Id$ +# $Id: gpg-mailkeys 764 2015-01-22 22:48:30Z guilhem-guest $ set -e -VERSION='$Rev$' +VERSION='$Rev: 764 $' # Define the charset used in the text message of the mail LOCAL_CHARSET="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpglist/gpglist new/gpglist/gpglist --- old/gpglist/gpglist 2015-04-14 20:03:25.000000000 +0200 +++ new/gpglist/gpglist 2015-08-08 16:39:43.000000000 +0200 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# $Id$ +# $Id: gpglist 764 2015-01-22 22:48:30Z guilhem-guest $ # small script to show in an intuitive way who signed which of your user ids # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpgparticipants/gpgparticipants new/gpgparticipants/gpgparticipants --- old/gpgparticipants/gpgparticipants 2015-04-14 20:03:25.000000000 +0200 +++ new/gpgparticipants/gpgparticipants 2015-08-08 16:39:43.000000000 +0200 @@ -2,7 +2,7 @@ # Prepare a printable list of keysigning participants. # Useful for the party organiser. # -# $Id$ +# $Id: gpgparticipants 764 2015-01-22 22:48:30Z guilhem-guest $ # # License: GPLv2 or later # Copyright Philippe Teuwen <phil a teuwen o org> 2008 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gpgsigs/gpgsigs new/gpgsigs/gpgsigs --- old/gpgsigs/gpgsigs 2015-04-14 20:03:25.000000000 +0200 +++ new/gpgsigs/gpgsigs 2015-08-08 16:39:44.000000000 +0200 @@ -1,6 +1,6 @@ #!/usr/bin/perl -# $Id$ +# $Id: gpgsigs 767 2015-01-27 18:34:21Z guilhem-guest $ # See the pod documentation at the end of this file for author, # copyright, and licence information. @@ -14,7 +14,7 @@ # * pod documentation # see the Debian changelog for further changes. -my $VERSION = qq$Rev$; +my $VERSION = qq$Rev: 767 $; use strict; use warnings; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keylookup/NEWS new/keylookup/NEWS --- old/keylookup/NEWS 2015-04-14 20:03:25.000000000 +0200 +++ new/keylookup/NEWS 2015-08-08 16:39:44.000000000 +0200 @@ -1,4 +1,4 @@ -$Id$ +$Id: NEWS 185 2005-08-16 14:45:08Z weasel $ Release notes for keylookup 3.0 (2005-08-16) * Make keylookup use gpg --search instead of querying the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keylookup/keylookup new/keylookup/keylookup --- old/keylookup/keylookup 2015-04-14 20:03:25.000000000 +0200 +++ new/keylookup/keylookup 2015-08-08 16:39:44.000000000 +0200 @@ -3,7 +3,7 @@ # Copyright (c) 2000, 2002 Christian Kurz <sho...@debian.org>, # Copyright (c) 2000, 2002, 2005 Peter Palfrader <pe...@palfrader.org> # -# $Id$ +# $Id: keylookup 764 2015-01-22 22:48:30Z guilhem-guest $ # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -33,11 +33,11 @@ use IPC::Open3; use Getopt::Long; -my $version = '3.0 ($Id$)'; +my $version = '3.0 ($Id: keylookup 764 2015-01-22 22:48:30Z guilhem-guest $)'; # Strings to use in the dialog|whiptail frontend my $TITLE = 'Import Keys'; -my $BACKTITLE = 'KeyLookup $Revision$'; +my $BACKTITLE = 'KeyLookup $Revision: 764 $'; my $INSTRUCTION = 'Select keys to import:'; # my @TPUTCOL=('tput', 'cols'); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/keylookup/keylookup.1 new/keylookup/keylookup.1 --- old/keylookup/keylookup.1 2015-04-14 20:03:25.000000000 +0200 +++ new/keylookup/keylookup.1 2015-08-08 16:39:44.000000000 +0200 @@ -1,6 +1,6 @@ .TH keylookup 1 "" Jun-2002 "" .\" manual page (c) 2000, 2001, 2002 Christian Kurz, Peter Palfrader -.\" $Id$ +.\" $Id: keylookup.1 764 2015-01-22 22:48:30Z guilhem-guest $ .SH NAME .LP