[arch-commits] Commit in gnupg/trunk (PKGBUILD self-sigs-only.patch)

Thu Jul 11 16:55:23 UTC 2019

Date: Thursday, July 11, 2019 @ 16:55:22
  Author: bisson
Revision: 357760

revert import-self-sigs-only, breaks WOT, see FS#63147

Added:
  gnupg/trunk/self-sigs-only.patch
Modified:
  gnupg/trunk/PKGBUILD

----------------------+
 PKGBUILD             |    9 +++++--
 self-sigs-only.patch |   56 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2019-07-11 16:18:45 UTC (rev 357759)
+++ PKGBUILD	2019-07-11 16:55:22 UTC (rev 357760)
@@ -5,7 +5,7 @@
 
 pkgname=gnupg
 pkgver=2.2.17
-pkgrel=1
+pkgrel=2
 pkgdesc='Complete and free implementation of the OpenPGP standard'
 url='https://www.gnupg.org/'
 license=('GPL')
@@ -21,9 +21,11 @@
               '46CC730865BB5C78EBABADCF04376F3EE0856959'
               '031EC2536E580D8EA286A9F22071B08A33BD3F06'
               '5B80C5754298F0CB55D8ED6ABCEF7E294B092E28')
-source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig})
+source=("https://gnupg.org/ftp/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}
+        'self-sigs-only.patch')
 sha256sums=('afa262868e39b651a2db4c071fba90415154243e83a830ca00516f9a807fd514'
-            'SKIP')
+            'SKIP'
+            '0130c43321c16f53ab2290833007212f8a26b1b73bd4edc2b2b1c9db2b2d0218')
 
 install=install
 
@@ -30,6 +32,7 @@
 prepare() {
 	cd "${srcdir}/${pkgname}-${pkgver}"
 	sed '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' -i tools/Makefile.in
+	patch -R -p1 -i ../self-sigs-only.patch
 }
 
 build() {

Added: self-sigs-only.patch
===================================================================
--- self-sigs-only.patch	                        (rev 0)
+++ self-sigs-only.patch	2019-07-11 16:55:22 UTC (rev 357760)
@@ -0,0 +1,56 @@
+From: Werner Koch <wk at gnupg.org>
+Date: Thu, 4 Jul 2019 13:45:39 +0000 (+0200)
+Subject: gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=23c978640812d123eaffd4108744bdfcf48f7c93
+
+gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
+
+* g10/gpg.c (main): Change default.
+--
+
+Due to the DoS attack on the keyeservers we do not anymore default to
+import key signatures.  That makes the keyserver unsuable for getting
+keys for the WoT but it still allows to retriev keys - even if that
+takes long to download the large keyblocks.
+
+To revert to the old behavior add
+
+  keyserver-optiions  no-self-sigs-only,no-import-clean
+
+to gpg.conf.
+
+GnuPG-bug-id: 4607
+Signed-off-by: Werner Koch <wk at gnupg.org>
+---
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index 8feab8218..9513a4e0f 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:
+ 
+ @end table
+ 
++The default list of options is: "self-sigs-only, import-clean,
++repair-keys, repair-pks-subkey-bug, export-attributes,
++honor-pka-record".
++
++
+ @item --completes-needed @var{n}
+ @opindex compliant-needed
+ Number of completely trusted users to introduce a new
+diff --git a/g10/gpg.c b/g10/gpg.c
+index 66e47dde5..0bbe72394 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2424,7 +2424,9 @@ main (int argc, char **argv)
+     opt.import_options = IMPORT_REPAIR_KEYS;
+     opt.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+-					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
++					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
++                                            | IMPORT_SELF_SIGS_ONLY
++                                            | IMPORT_CLEAN);
+     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+     opt.verify_options = (LIST_SHOW_UID_VALIDITY

