Hello community,
here is the log from the commit of package signing-party for openSUSE:Factory
checked in at 2015-08-23 15:44:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/signing-party (Old)
and /work/SRC/openSUSE:Factory/.signing-party.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "signing-party"
Changes:
--------
--- /work/SRC/openSUSE:Factory/signing-party/signing-party.changes
2015-06-23 12:00:46.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.signing-party.new/signing-party.changes
2015-08-23 17:52:38.000000000 +0200
@@ -1,0 +2,11 @@
+Sat Aug 22 21:26:21 UTC 2015 - astie...@suse.com
+
+- update to 2.1:
+ * caff:
+ + Only consider non-expired/invalid/revoked keys and UIDs when
+ generating the caffrc.
+ + Proper RFC 5322 validation of email addresses.
+ + Prefix the signature by "-- \n" in the email template.
+ + Automatically mkdir ~/.caff if it doesn't exit.
+
+-------------------------------------------------------------------
Old:
----
signing-party_2.0.orig.tar.gz
New:
----
signing-party_2.1.orig.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ signing-party.spec ++++++
--- /var/tmp/diff_new_pack.tmkENF/_old 2015-08-23 17:52:39.000000000 +0200
+++ /var/tmp/diff_new_pack.tmkENF/_new 2015-08-23 17:52:39.000000000 +0200
@@ -17,7 +17,7 @@
Name: signing-party
-Version: 2.0
+Version: 2.1
Release: 0
Summary: GPG Tools
License: GPL-2.0+
++++++ signing-party_2.0.orig.tar.gz -> signing-party_2.1.orig.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caff/README new/caff/README
--- old/caff/README 2015-04-14 20:03:25.000000000 +0200
+++ new/caff/README 2015-08-08 16:39:43.000000000 +0200
@@ -44,4 +44,4 @@
--
Peter
-$Id$
+$Id: README 511 2014-02-26 06:55:07Z guilhem-guest $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caff/caff new/caff/caff
--- old/caff/caff 2015-04-14 20:03:25.000000000 +0200
+++ new/caff/caff 2015-08-08 16:39:43.000000000 +0200
@@ -1,7 +1,7 @@
#!/usr/bin/perl
# caff -- CA - Fire and Forget
-# $Id$
+# $Id: caff 809 2015-05-26 22:11:14Z guilhem-guest $
#
# Copyright (c) 2004, 2005, 2006 Peter Palfrader <pe...@palfrader.org>
# Copyright (c) 2005, 2006 Christoph Berg <c...@df7cb.de>
@@ -416,7 +416,7 @@
use MIME::Entity;
use Encode ();
use I18N::Langinfo qw{langinfo};
-use Net::IDN::Encode ();
+use Net::IDN::Encode qw{email_to_ascii domain_to_ascii};
use Fcntl;
use IO::Select;
use Getopt::Long;
@@ -425,7 +425,7 @@
use Term::ANSIColor qw{colored};
my %CONFIG;
-my $REVISION = '$Rev$';
+my $REVISION = '$Rev: 809 $';
my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
$REVISION_NUMER //= 'unknown';
my $VERSION = "0.0.0.$REVISION_NUMER";
@@ -493,6 +493,58 @@
}
+sub get_GnuPG_version() {
+ my $version = `$CONFIG{gpg} --with-colons --list-config version` or exit 1;
+ chomp $version;
+ $version =~ s/^cfg:version:(\d+\.\d+).*/$1/;
+ debug "gpg (GnuPG) $version";
+ return $version;
+}
+
+# See RFC 5322 section 3.4.1; only the pattern for the local part, which
+# doesn't go beyond the ASCII range, is validated. The domain part is
+# NOT checked against RFC 5322, as it must be encoded to ASCII first;
+# for now any string in the full-range unicode that does not contain
+# U+0040 (commercial at), U+FE6B (small commercial at) and U+FF20
+# (fullwidth commercial at) is accepted.
+my $RE_word =
qr/[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x41-\x5A\x5E-\x7E]+ # atom: any
ASCII CHAR except specials, SPACE and CTLs
+ |\x22(?:[\x00-\x21\x23-\x5B\x5D-\x7E]|\x5C\p{ASCII})*\x22
# quoted string
+ /x;
+my $RE_address_spec =
qr/(?<l>$RE_word(?:\.$RE_word)*)[\@\N{U+FE6B}\N{U+FF20}](?<d>[^\@\N{U+FE6B}\N{U+FF20}]+)/o;
+
+# A domain label is a non-empty ASCII string of length at most 63
+# characters (RFC 1035 2.3.4). Valid characters are alphanumeric and
+# hyphen '-', but an hyphen may not appear at the start or end of a
+# label (RFC 952, RFC 1123 2.1).
+my $RE_label = qr/[0-9a-z](?:[0-9a-z\x2D]{0,61}[0-9a-z])?/aai;
+
+# Take a 'mailbox' (RFC 5322 section 3.4) and return its ASCII-encoded
+# 'addr-spec'; or undef if it violates one of RFC 5322/5892/1035/5321.
+# We're not using Email::Valid because it's not unicode-friendly.
+# NOTE: This subroutine should only be used to extract e-mail addresses
+# from UIDs. The phrase is NOT checked against RFC 5322 (any string
+# containing only characters in the full-unicode printable range are
+# accepted), but we don't care as long as it's not used in email
+# headers.
+sub email_valid($) {
+ local $_ = shift // return;
+ return unless /\A$RE_address_spec\z/ao or #
addr-spec
+ /\A(?:\p{Print}*\p{Space})?<$RE_address_spec>\z/ao; #
[phrase] "<" addr-spec ">"
+ my ($l,$d) = @+{qw/l d/};
+ if ($d =~ /\P{ASCII}/) {
+ # encode the IDN to ASCII using Punycode for RFC 5321 validation
+ eval { $d = domain_to_ascii($d) };
+ return if $@; # violates RFC 5892
+ }
+ my $address = "$l\@$d";
+ return unless
+ length $d > 0 and length $d <= 255 # violates RFC 1035 2.3.4 "size
limits"
+ and length $l <= 64 # violates RFC 5321 4.5.3.1.1
+ and length $address <= 254 # violates RFC 5321 4.5.3.1.3
+ and $d =~ /\A$RE_label(?:\.$RE_label)+\z/o; # ignore non-FQDN
+ return $address;
+}
+
open NULL, '+<', '/dev/null';
my $NULL = fileno NULL;
sub generate_config() {
@@ -510,32 +562,39 @@
$gecos =~ s/,.*//;
$CONFIG{'gpg'} = $ENV{GNUPGBIN} // 'gpg';
+ $GNUPG_VERSION = get_GnuPG_version();
my $gpg = mkGnuPG( extra_args => ['--with-colons'] );
my $handles = mkGnuPG_fds ( stdout => undef );
my $pid = $gpg->list_public_keys(handles => $handles, command_args =>
[ $gecos ]);
my %output = readwrite_gpg($handles);
- done_gpg($pid, $handles);
+ waitpid $pid, 0;
+ $handles->{stdout}->close;
if ($output{stdout} eq '') {
- mywarn "No data from gpg for list-key"; # There should be at least
'tru:' everywhere.
+ mywarn "No data from $CONFIG{gpg} for list-key"; # There should be
at least 'tru:' everywhere.
};
- @keys = ($output{stdout} =~
/^pub:[^r:]*:(?:[^:]*:){2}([0-9A-F]{16}):/mg);
+ @keys = ($output{stdout} =~
/^pub:[^eir:]*:(?:[^:]*:){2}([0-9A-F]{16}):/mg);
unless (scalar @keys) {
- notice("Error: No keys were found using \"gpg --list-public-keys
'$gecos'\"", 0);
- @keys = qw{0123456789abcdef 89abcdef76543210};
+ notice("Error: No keys were found using \"$CONFIG{gpg}
--list-public-keys '$gecos'\"", 0);
+ @keys = qw{0123456789ABCDEF 89ABCDEF76543210};
$Ckeys = '#';
}
- ($email) = ($output{stdout} =~ /^uid:(?:[^:]*:){8}[^:]+
<([^:]+\@[^:]+)>(?::.*)?$/m);
+ my @emails = ($output{stdout} =~
/^uid:[^eir:]*:(?:[^:]*:){7}([^:]+)(?::.*)?$/mg);
+ if (@emails) {
+ s/\\x(\p{AHex}{2})/ chr(hex($1)) /ge foreach @emails;
+ @emails = grep defined, map {email_valid(Encode::decode_utf8($_))}
@emails;
+ $email = shift @emails; # take the first valid address
+ }
unless (defined $email) {
- notice("Error: No email address was found using \"gpg
--list-public-keys '$gecos'\"", 0);
+ notice("Error: No email address was found using \"$CONFIG{gpg}
--list-public-keys '$gecos'\"", 0);
$email = $ENV{'LOGNAME'}.'@'.$hostname;
$Cemail = '#';
}
} else {
$gecos = 'Unknown Caff User';
$email = $ENV{'LOGNAME'}.'@'.$hostname;
- @keys = qw{0123456789abcdef 89abcdef76543210};
+ @keys = qw{0123456789ABCDEF 89ABCDEF76543210};
($Cgecos,$Cemail,$Ckeys) = ('#','#','#');
};
@@ -548,7 +607,7 @@
#\$CONFIG{'reply-to'} = 'foo\@bla.org';
# You can get your long keyid from
-# gpg --keyid-format long --list-key <yourkeyid|name|emailaddress..>
+# $CONFIG{gpg} --keyid-format long --list-key <yourkeyid|name|emailaddress..>
#
# If you have a v4 key, it will simply be the last 16 digits of
# your fingerprint.
@@ -597,7 +656,7 @@
$CONFIG{'caffhome'} //= $ENV{'HOME'}.'/.caff';
$KEYSBASE = $CONFIG{'caffhome'}.'/keys';
$GNUPGHOME = $CONFIG{'caffhome'}.'/gnupghome';
- foreach ($KEYSBASE, $GNUPGHOME) {
+ foreach ($CONFIG{'caffhome'}, $KEYSBASE, $GNUPGHOME) {
next if -d $_;
debug("Creating $_");
mkdir $_, 0700 or myerror(1, "Cannot mkdir $_: $!");
@@ -961,7 +1020,7 @@
$message_entity->head->add("From", $from);
$message_entity->head->add("Date", strfCtime("%a, %e %b %Y %H:%M:%S %z",
localtime));
$message_entity->head->add("Subject", Encode::encode('MIME-Q',
$CONFIG{'mail-subject'} =~ s/%k/$key_id/gr));
- $message_entity->head->add("To", email_to_ascii($address));
+ $message_entity->head->add("To", $address);
$message_entity->head->add("Sender", $from);
$message_entity->head->add("Reply-To", $CONFIG{'reply-to'}) if defined
$CONFIG{'reply-to'};
$message_entity->head->add("Bcc", $CONFIG{'bcc'}) if defined
$CONFIG{'bcc'};
@@ -983,21 +1042,6 @@
$message_entity->send(@{$CONFIG{'mailer-send'}});
};
-# Net::IDN::Encode::email_to_ascii crashes upon punycode conversion failure:
-# we don't want caff to crash, so upon errors return the input as is and
-# let the MUA handle that
-sub email_to_ascii($) {
- my $email = shift;
- my $res;
-
- eval { $res = Net::IDN::Encode::email_to_ascii($email) };
- return $res unless $@;
-
- chomp $@;
- mywarn($@);
- return $email;
-}
-
######
# clean up a UID so that it can be used on the FS.
######
@@ -1342,11 +1386,7 @@
};
-$GNUPG_VERSION = `$CONFIG{'gpg'} --with-colons --list-config version` or exit
1;
-chomp $GNUPG_VERSION;
-$GNUPG_VERSION =~ s/^cfg:version:(\d+\.\d+).*/$1/;
-debug "gpg (GnuPG) $GNUPG_VERSION";
-
+$GNUPG_VERSION = get_GnuPG_version();
if ($GNUPG_VERSION >= 2.1) {
my @sockets;
unless ($CONFIG{'no-sign'}) {
@@ -1515,10 +1555,7 @@
$uid->{text} =~ s/\\x(\p{AHex}{2})/ chr(hex($1)) /ge;
# --with-colons always outputs UTF-8
$uid->{text} = Encode::decode_utf8($uid->{text});
- $uid->{address} = $1 if $uid->{type} eq 'uid' and $uid->{text} =~
/.*<([^>]+[\@\N{U+FE6B}\N{U+FF20}][^>]+)>$/;
- # XXX This does not cover the full RFC 2822 specification:
- # The local part may contain '>' in a quoted string.
- # However as of 1.4.18/2.0.26, gpg doesn't allow that either.
+ $uid->{address} = email_valid $uid->{text} if $uid->{type} eq
'uid';
push @{$KEYS{$keyid}->{uids}}, $uid;
}
elsif (!/^(?:rvk|tru):/) {
@@ -1829,7 +1866,7 @@
delete $_->{key} foreach grep {!$_->{export}} @UIDS; # delete
non-exported keys
if (!grep {defined $_->{address}} @UIDS) {
- mywarn "No signed RFC 2822 UID on $longkeyid; won't send other signed
UID and attributes!"
+ mywarn "No signed RFC 5322 UID on $longkeyid; won't send other signed
UID and attributes!"
if @attached;
}
elsif (grep {$_->{export}} @UIDS) {
@@ -1888,4 +1925,5 @@
If you have any questions, don't hesitate to ask.
Regards,
+--
{$owner}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caff/caffrc.sample new/caff/caffrc.sample
--- old/caff/caffrc.sample 2015-04-14 20:03:25.000000000 +0200
+++ new/caff/caffrc.sample 2015-08-08 16:39:43.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id$
+# $Id: caffrc.sample 505 2013-10-18 08:16:20Z weasel $
# vim:ft=perl:
$CONFIG{'owner'} = 'John Doe';
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caff/pgp-clean new/caff/pgp-clean
--- old/caff/pgp-clean 2015-04-14 20:03:25.000000000 +0200
+++ new/caff/pgp-clean 2015-08-08 16:39:43.000000000 +0200
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
# pgp-clean -- remove all non-self signatures from key
-# $Id$
+# $Id: pgp-clean 764 2015-01-22 22:48:30Z guilhem-guest $
#
# Copyright (c) 2004, 2005 Peter Palfrader <pe...@palfrader.org>
# Copyright (c) 2006 Christoph Berg <c...@df7cb.de>
@@ -113,7 +113,7 @@
use Getopt::Long;
use GnuPG::Interface;
-my $REVISION = '$Rev$';
+my $REVISION = '$Rev: 764 $';
my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
my $VERSION = "0.0.0.$REVISION_NUMER";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/caff/pgp-fixkey new/caff/pgp-fixkey
--- old/caff/pgp-fixkey 2015-04-14 20:03:25.000000000 +0200
+++ new/caff/pgp-fixkey 2015-08-08 16:39:43.000000000 +0200
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
# pgp-fixkey -- remove broken packets from keys
-# $Id$
+# $Id: pgp-fixkey 764 2015-01-22 22:48:30Z guilhem-guest $
#
# Copyright (c) 2004, 2005 Peter Palfrader <pe...@palfrader.org>
#
@@ -103,7 +103,7 @@
use IO::Select;
use GnuPG::Interface;
-my $REVISION = '$Rev$';
+my $REVISION = '$Rev: 764 $';
my ($REVISION_NUMER) = $REVISION =~ /(\d+)/;
my $VERSION = "0.0.0.$REVISION_NUMER";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpg-key2latex/gpg-key2latex
new/gpg-key2latex/gpg-key2latex
--- old/gpg-key2latex/gpg-key2latex 2015-04-14 20:03:25.000000000 +0200
+++ new/gpg-key2latex/gpg-key2latex 2015-08-08 16:39:43.000000000 +0200
@@ -1,7 +1,7 @@
#!/usr/bin/perl
# gpg-key2latex -- Generate a LaTeX file for fingerprint slips.
-# $Id$
+# $Id: gpg-key2latex 764 2015-01-22 22:48:30Z guilhem-guest $
#
# Copyright (c) 2014 Guilhem Moulin <guil...@guilhem.org>
#
@@ -21,7 +21,7 @@
use warnings;
use strict;
-my $REVISION = '$Rev$';
+my $REVISION = '$Rev: 764 $';
my ($REVISION_NUMBER) = $REVISION =~ /(\d+)/;
our $VERSION = '0.0.0.'.($REVISION_NUMBER // 'unknown');
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpg-key2ps/gpg-key2ps new/gpg-key2ps/gpg-key2ps
--- old/gpg-key2ps/gpg-key2ps 2015-04-14 20:03:25.000000000 +0200
+++ new/gpg-key2ps/gpg-key2ps 2015-08-08 16:39:43.000000000 +0200
@@ -7,12 +7,12 @@
# Licenced under the GNU General Public License,
# version 2 or later.
#
-# $Id$
+# $Id: gpg-key2ps 764 2015-01-22 22:48:30Z guilhem-guest $
use strict;
use Getopt::Long;
-my $version = '$Rev$';
+my $version = '$Rev: 764 $';
$version =~ s/\$Rev:\s*(\d+)\s*\$/$1/;
my $showsubkeys = 0;
my $revokestyle = "hide";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpg-mailkeys/gpg-mailkeys
new/gpg-mailkeys/gpg-mailkeys
--- old/gpg-mailkeys/gpg-mailkeys 2015-04-14 20:03:25.000000000 +0200
+++ new/gpg-mailkeys/gpg-mailkeys 2015-08-08 16:39:43.000000000 +0200
@@ -2,11 +2,11 @@
#
# gpg-mailkeys: mail out just signed keys to their owners
#
-# $Id$
+# $Id: gpg-mailkeys 764 2015-01-22 22:48:30Z guilhem-guest $
set -e
-VERSION='$Rev$'
+VERSION='$Rev: 764 $'
# Define the charset used in the text message of the mail
LOCAL_CHARSET=""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpglist/gpglist new/gpglist/gpglist
--- old/gpglist/gpglist 2015-04-14 20:03:25.000000000 +0200
+++ new/gpglist/gpglist 2015-08-08 16:39:43.000000000 +0200
@@ -1,6 +1,6 @@
#!/usr/bin/perl
-# $Id$
+# $Id: gpglist 764 2015-01-22 22:48:30Z guilhem-guest $
# small script to show in an intuitive way who signed which of your user ids
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpgparticipants/gpgparticipants
new/gpgparticipants/gpgparticipants
--- old/gpgparticipants/gpgparticipants 2015-04-14 20:03:25.000000000 +0200
+++ new/gpgparticipants/gpgparticipants 2015-08-08 16:39:43.000000000 +0200
@@ -2,7 +2,7 @@
# Prepare a printable list of keysigning participants.
# Useful for the party organiser.
#
-# $Id$
+# $Id: gpgparticipants 764 2015-01-22 22:48:30Z guilhem-guest $
#
# License: GPLv2 or later
# Copyright Philippe Teuwen <phil a teuwen o org> 2008
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gpgsigs/gpgsigs new/gpgsigs/gpgsigs
--- old/gpgsigs/gpgsigs 2015-04-14 20:03:25.000000000 +0200
+++ new/gpgsigs/gpgsigs 2015-08-08 16:39:44.000000000 +0200
@@ -1,6 +1,6 @@
#!/usr/bin/perl
-# $Id$
+# $Id: gpgsigs 767 2015-01-27 18:34:21Z guilhem-guest $
# See the pod documentation at the end of this file for author,
# copyright, and licence information.
@@ -14,7 +14,7 @@
# * pod documentation
# see the Debian changelog for further changes.
-my $VERSION = qq$Rev$;
+my $VERSION = qq$Rev: 767 $;
use strict;
use warnings;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keylookup/NEWS new/keylookup/NEWS
--- old/keylookup/NEWS 2015-04-14 20:03:25.000000000 +0200
+++ new/keylookup/NEWS 2015-08-08 16:39:44.000000000 +0200
@@ -1,4 +1,4 @@
-$Id$
+$Id: NEWS 185 2005-08-16 14:45:08Z weasel $
Release notes for keylookup 3.0 (2005-08-16)
* Make keylookup use gpg --search instead of querying the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keylookup/keylookup new/keylookup/keylookup
--- old/keylookup/keylookup 2015-04-14 20:03:25.000000000 +0200
+++ new/keylookup/keylookup 2015-08-08 16:39:44.000000000 +0200
@@ -3,7 +3,7 @@
# Copyright (c) 2000, 2002 Christian Kurz <sho...@debian.org>,
# Copyright (c) 2000, 2002, 2005 Peter Palfrader <pe...@palfrader.org>
#
-# $Id$
+# $Id: keylookup 764 2015-01-22 22:48:30Z guilhem-guest $
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -33,11 +33,11 @@
use IPC::Open3;
use Getopt::Long;
-my $version = '3.0 ($Id$)';
+my $version = '3.0 ($Id: keylookup 764 2015-01-22 22:48:30Z guilhem-guest $)';
# Strings to use in the dialog|whiptail frontend
my $TITLE = 'Import Keys';
-my $BACKTITLE = 'KeyLookup $Revision$';
+my $BACKTITLE = 'KeyLookup $Revision: 764 $';
my $INSTRUCTION = 'Select keys to import:';
#
my @TPUTCOL=('tput', 'cols');
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/keylookup/keylookup.1 new/keylookup/keylookup.1
--- old/keylookup/keylookup.1 2015-04-14 20:03:25.000000000 +0200
+++ new/keylookup/keylookup.1 2015-08-08 16:39:44.000000000 +0200
@@ -1,6 +1,6 @@
.TH keylookup 1 "" Jun-2002 ""
.\" manual page (c) 2000, 2001, 2002 Christian Kurz, Peter Palfrader
-.\" $Id$
+.\" $Id: keylookup.1 764 2015-01-22 22:48:30Z guilhem-guest $
.SH NAME
.LP
