[arch-commits] Commit in gnupg/trunk (PKGBUILD hkps-hostname.patch)
Gaetan Bisson
bisson at archlinux.org
Thu Mar 19 21:15:02 UTC 2015
Date: Thursday, March 19, 2015 @ 22:15:02
Author: bisson
Revision: 234175
fix FS#43364
Added:
gnupg/trunk/hkps-hostname.patch
Modified:
gnupg/trunk/PKGBUILD
---------------------+
PKGBUILD | 17 +++++---
hkps-hostname.patch | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 110 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-03-19 21:01:21 UTC (rev 234174)
+++ PKGBUILD 2015-03-19 21:15:02 UTC (rev 234175)
@@ -6,7 +6,7 @@
pkgname=gnupg
pkgver=2.1.2
-pkgrel=1
+pkgrel=2
pkgdesc='Complete and free implementation of the OpenPGP standard'
url='http://www.gnupg.org/'
license=('GPL')
@@ -16,12 +16,10 @@
makedepends=('libldap' 'libusb-compat')
depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan'
'pinentry' 'bzip2' 'readline' 'gnutls')
-validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6'
- '46CC730865BB5C78EBABADCF04376F3EE0856959'
- '031EC2536E580D8EA286A9F22071B08A33BD3F06'
- 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9')
-source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
-sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' 'SKIP')
+source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"
+ 'hkps-hostname.patch')
+sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6'
+ '11d96926f92c3303bf8443d55863fdf12c76f43a')
install=install
@@ -29,6 +27,11 @@
provides=('dirmngr' "gnupg2=${pkgver}")
replaces=('dirmngr' 'gnupg2')
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../hkps-hostname.patch # FS#43364
+}
+
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
./configure \
Added: hkps-hostname.patch
===================================================================
--- hkps-hostname.patch (rev 0)
+++ hkps-hostname.patch 2015-03-19 21:15:02 UTC (rev 234175)
@@ -0,0 +1,100 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100)
+Subject: hkps: Fix host name verification when using pools.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3
+
+hkps: Fix host name verification when using pools.
+
+* common/http.c (send_request): Set the requested for SNI.
+* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
+the selecting a host.
+--
+
+GnuPG-bug-id: 1792
+
+Thanks to davidw for figuring out the problem.
+
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/common/http.c b/common/http.c
+index 50c0692..12e3fcb 100644
+--- a/common/http.c
++++ b/common/http.c
+@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
+ }
+
+ # if HTTP_USE_NTBTLS
+- err = ntbtls_set_hostname (hd->session->tls_session, server);
++ err = ntbtls_set_hostname (hd->session->tls_session,
++ hd->session->servername);
+ if (err)
+ {
+ log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
+@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth,
+ # elif HTTP_USE_GNUTLS
+ rc = gnutls_server_name_set (hd->session->tls_session,
+ GNUTLS_NAME_DNS,
+- server, strlen (server));
++ hd->session->servername,
++ strlen (hd->session->servername));
+ if (rc < 0)
+ log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
+ # endif /*HTTP_USE_GNUTLS*/
+diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
+index ea607cb..0568094 100644
+--- a/dirmngr/ks-engine-hkp.c
++++ b/dirmngr/ks-engine-hkp.c
+@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+ hi = hosttable[idx];
+ if (hi->pool)
+ {
++ /* Deal with the pool name before selecting a host. */
++ if (r_poolname && hi->cname)
++ {
++ *r_poolname = xtrystrdup (hi->cname);
++ if (!*r_poolname)
++ return gpg_error_from_syserror ();
++ }
++
+ /* If the currently selected host is now marked dead, force a
+ re-selection . */
+ if (force_reselect)
+@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+ if (hi->poolidx == -1)
+ {
+ log_error ("no alive host found in pool '%s'\n", name);
++ if (r_poolname)
++ {
++ xfree (*r_poolname);
++ *r_poolname = NULL;
++ }
+ return gpg_error (GPG_ERR_NO_KEYSERVER);
+ }
+ }
+@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+ if (hi->dead)
+ {
+ log_error ("host '%s' marked as dead\n", hi->name);
++ if (r_poolname)
++ {
++ xfree (*r_poolname);
++ *r_poolname = NULL;
++ }
+ return gpg_error (GPG_ERR_NO_KEYSERVER);
+ }
+
+@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect,
+ *r_httpflags |= HTTP_FLAG_IGNORE_IPv6;
+ }
+
+- if (r_poolname && hi->pool && hi->cname)
+- {
+- *r_poolname = xtrystrdup (hi->cname);
+- if (!*r_poolname)
+- return gpg_error_from_syserror ();
+- }
+-
+ *r_host = xtrystrdup (hi->name);
+ if (!*r_host)
+ {
More information about the arch-commits
mailing list