[arch-commits] Commit in gnupg/trunk (PKGBUILD filter.patch)
Gaetan Bisson
bisson at nymeria.archlinux.org
Wed Jun 25 13:31:31 UTC 2014
Date: Wednesday, June 25, 2014 @ 15:31:31
Author: bisson
Revision: 215437
fix FS#40968
Added:
gnupg/trunk/filter.patch
Modified:
gnupg/trunk/PKGBUILD
--------------+
PKGBUILD | 9 ++-
filter.patch | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 159 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-06-25 12:58:23 UTC (rev 215436)
+++ PKGBUILD 2014-06-25 13:31:31 UTC (rev 215437)
@@ -6,7 +6,7 @@
pkgname=gnupg
pkgver=2.0.24
-pkgrel=1
+pkgrel=2
pkgdesc='Complete and free implementation of the OpenPGP standard'
url='http://www.gnupg.org/'
license=('GPL')
@@ -17,9 +17,11 @@
makedepends=('curl' 'libldap' 'libusb-compat')
depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr')
source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
- 'protect-tool-env.patch')
+ 'protect-tool-env.patch'
+ 'filter.patch')
sha1sums=('010e027d5f622778cadc4c124013fe515ed705cf' 'SKIP'
- '2ec97ba55ae47ff0d63bc813b8c64cb79cef11db')
+ '2ec97ba55ae47ff0d63bc813b8c64cb79cef11db'
+ 'e99aa2b725342aee188d706b42d392efb2389cf4')
install=install
@@ -30,6 +32,7 @@
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -p1 -i ../protect-tool-env.patch # FS#31900
+ patch -p1 -i ../filter.patch
}
build() {
Added: filter.patch
===================================================================
--- filter.patch (rev 0)
+++ filter.patch 2014-06-25 13:31:31 UTC (rev 215437)
@@ -0,0 +1,153 @@
+Hi,
+
+please give the batch below a try. It works for me but before I do
+another release, I would like a second test.
+
+
+Shalom-Salam,
+
+ Werner
+
+From 044847a0e2013a2833605c1a9f80cfa6ef353309 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk at gnupg.org>
+Date: Wed, 25 Jun 2014 14:33:34 +0200
+Subject: [PATCH] gpg: Make screening of keyserver result work with multi-key
+ commands.
+
+* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
+(keyserver_retrieval_filter): Use new struct and check all
+descriptions.
+(keyserver_spawn): Pass filter arg suing the new struct.
+--
+
+This is a fix for commit 5e933008.
+
+The old code did only work for a single key. It failed as soon as
+several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
+B C").
+---
+ g10/keyserver.c | 68 ++++++++++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 45 insertions(+), 23 deletions(-)
+
+diff --git a/g10/keyserver.c b/g10/keyserver.c
+index 83a4b95..aa41536 100644
+--- a/g10/keyserver.c
++++ b/g10/keyserver.c
+@@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
+ #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+
+
++/* Structure to convey the arg to keyserver_retrieval_filter. */
++struct ks_retrieval_filter_arg_s
++{
++ KEYDB_SEARCH_DESC *desc;
++ int ndesc;
++};
++
++
+ /* Check whether a key matches the search description. The filter
+ returns 0 if the key shall be imported. Note that this kind of
+ filter is not related to the iobuf filters. */
+ static int
+-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
++keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk,
++ void *opaque)
+ {
+- KEYDB_SEARCH_DESC *desc = arg;
++ struct ks_retrieval_filter_arg_s *arg = opaque;
++ KEYDB_SEARCH_DESC *desc = arg->desc;
++ int ndesc = arg->ndesc;
++ int n;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+@@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+ if (sk)
+ return G10ERR_GENERAL;
+
++ if (!ndesc)
++ return 0; /* Okay if no description given. */
++
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+- if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
+- {
+- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
+- return G10ERR_GENERAL;
+- }
+- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+- {
+- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
+- return G10ERR_GENERAL;
+- }
+- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
+- {
+- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
+- return G10ERR_GENERAL;
+- }
+- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
++ for (n = 0; n < ndesc; n++)
+ {
+- if (keyid[1] != desc->u.kid[1])
+- return G10ERR_GENERAL;
++ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
++ {
++ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
++ return 0;
++ }
++ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
++ {
++ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
++ return 0;
++ }
++ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
++ {
++ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
++ return 0;
++ }
++ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
++ {
++ if (keyid[1] == desc[n].u.kid[1])
++ return 0;
++ }
++ else
++ return 0;
+ }
+
+- return 0;
++ return G10ERR_GENERAL;
+ }
+
+
+@@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ case KS_GETNAME:
+ {
+ void *stats_handle;
++ struct ks_retrieval_filter_arg_s filterarg;
+
+ stats_handle=import_new_stats_handle();
+
+@@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ that we don't allow the import of secret keys from a
+ keyserver. Keyservers should never accept or send them
+ but we better protect against rogue keyservers. */
+-
++ filterarg.desc = desc;
++ filterarg.ndesc = count;
+ import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+- keyserver_retrieval_filter, desc);
++ keyserver_retrieval_filter, &filterarg);
+
+ import_print_stats(stats_handle);
+ import_release_stats_handle(stats_handle);
+--
+1.8.4.3
+
+
+
+--
+Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the arch-commits
mailing list