From dc89c4d16b754408f5e24067073ead1e9e231c48 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Tue, 12 May 2009 00:42:37 -0400
Subject: pem2openpgp now makes signatures over SHA256 instead of SHA1, due to
 concerns about the growing weakness of SHA1.

---
 packaging/debian/changelog | 1 +
 1 file changed, 1 insertion(+)

(limited to 'packaging/debian/changelog')

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index b6592ad..fa94721 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -8,6 +8,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - fix monkeysphere update-known_hosts for sshd running on non-standard
       ports
     - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
+    - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1
     - some portability improvements
   * update Standard-Version to 3.8.1
 
-- 
cgit v1.2.3


From e2e86b09f48ae9e3c115a7215256ac1345f86a5c Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 21 May 2009 13:06:18 -0400
Subject: properly match fingerprints with leading 0 bytes
 (https://labs.riseup.net/code/issues/show/831)

---
 packaging/debian/changelog | 4 +++-
 src/share/keytrans         | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'packaging/debian/changelog')

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index fa94721..e8e535a 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -10,9 +10,11 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
     - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1
     - some portability improvements
+    - properly handle translation of keys with fingerprints with leading
+      all-zero bytes.
   * update Standard-Version to 3.8.1
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Thu, 30 Apr 2009 15:34:28 -0700
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Thu, 21 May 2009 13:04:10 -0400
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/share/keytrans b/src/share/keytrans
index 516f2da..c47ccdc 100755
--- a/src/share/keytrans
+++ b/src/share/keytrans
@@ -690,6 +690,8 @@ sub openpgp2ssh {
 	  my $foundfpr = fingerprint($pubkey, $timestamp);
 
 	  my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex();
+	  # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint:
+	  $foundfprstr = sprintf("%040s", $foundfprstr);
 
 	  # is this a match?
 	  if ((!defined($fpr)) ||
-- 
cgit v1.2.3