Accepting request 354788 from home:vitezslav_cizek:branches:Base:System

- fix fingerprint ambiguity (bsc#958891) * https://bugs.gnupg.org/gnupg/issue2198 * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch OBS-URL: https://build.opensuse.org/request/show/354788 OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=130
2016-01-20 10:38:30 +00:00 · 2016-01-20 10:38:30 +00:00 · 1d82ff8160
commit 1d82ff8160
parent aa46062d11
3 changed files with 115 additions and 1 deletions
--- a/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
+++ b/0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
@ -0,0 +1,105 @@
+From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001
+From: "Neal H. Walfield" <neal@g10code.com>
+Date: Tue, 15 Dec 2015 12:21:30 +0100
+Subject: [PATCH] gpg: Improve the keyblock cache's transparency.
+
+* kbx/keybox-search.c (keybox_offset): New function.
+* g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
+(keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
+HD->KEYBLOCK_CACHE.OFFSET.
+(keydb_search): Don't use the cached result if it comes before the
+current file position.  When caching an entry, also record the
+position at which it was found.
+
+--
+Signed-off-by: Neal H. Walfield <neal@g10code.com>
+GnuPG-bug-id: 2187
+---
+ g10/keydb.c         | 19 ++++++++++++++++++-
+ kbx/keybox-search.c |  8 ++++++++
+ kbx/keybox.h        |  2 ++
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/g10/keydb.c b/g10/keydb.c
+index d7c35de..860187f 100644
+--- a/g10/keydb.c
+++ b/g10/keydb.c
+@@ -81,6 +81,9 @@ struct keyblock_cache {
+   u32 *sigstatus;
+   int pk_no;
+   int uid_no;
+  /* Offset of the record in the keybox.  */
+  int resource;
+  off_t offset;
+ };
+ 
+ 
+@@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd)
+   hd->keyblock_cache.sigstatus = NULL;
+   iobuf_close (hd->keyblock_cache.iobuf);
+   hd->keyblock_cache.iobuf = NULL;
+  hd->keyblock_cache.resource = -1;
+  hd->keyblock_cache.offset = -1;
+ }
+ 
+ 
+@@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+       && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
+           || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
+       && hd->keyblock_cache.state  == KEYBLOCK_CACHE_FILLED
+-      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20))
+      && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)
+      /* Make sure the current file position occurs before the cached
+         result to avoid an infinite loop.  */
+      && (hd->current < hd->keyblock_cache.resource
+          || (hd->current == hd->keyblock_cache.resource
+              && (keybox_offset (hd->active[hd->current].u.kb)
+                  <= hd->keyblock_cache.offset))))
+     {
+       /* (DESCINDEX is already set).  */
+       if (DBG_CLOCK)
+@@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+       && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX)
+     {
+       hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
+      hd->keyblock_cache.resource = hd->current;
+      /* The current offset is at the start of the next record.  Since
+         a record is at least 1 byte, we just use offset - 1, which is
+         within the record.  */
+      hd->keyblock_cache.offset
+        = keybox_offset (hd->active[hd->current].u.kb) - 1;
+       memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20);
+     }
+ 
+diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
+index 78e0c23..df959b6 100644
+--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
+@@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
+   ec = get_flag_from_image (buffer, length, what, value);
+   return ec? gpg_error (ec):0;
+ }
+
+off_t
+keybox_offset (KEYBOX_HANDLE hd)
+{
+  if (!hd->fp)
+    return 0;
+  return ftello (hd->fp);
+}
+diff --git a/kbx/keybox.h b/kbx/keybox.h
+index 8c31141..c91a282 100644
+--- a/kbx/keybox.h
+++ b/kbx/keybox.h
+@@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
+ 
+ int keybox_lock (KEYBOX_HANDLE hd, int yes);
+ 
+off_t keybox_offset (KEYBOX_HANDLE hd);
+
+ /*-- keybox-file.c --*/
+ /* Fixme: This function does not belong here: Provide a better
+    interface to create a new keybox file.  */
+-- 
+2.6.2
+
--- a/gpg2.changes
+++ b/gpg2.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jan 19 13:56:58 UTC 2016 - vcizek@suse.com
+
+- fix fingerprint ambiguity (bsc#958891)
+  * https://bugs.gnupg.org/gnupg/issue2198
+  * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
+
 -------------------------------------------------------------------
 Sun Dec  6 14:14:45 UTC 2015 - p.drouand@gmail.com

--- a/gpg2.spec
+++ b/gpg2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -34,6 +34,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        0001-gpg-Improve-the-keyblock-cache-s-transparency.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@ -84,6 +85,7 @@ gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1

 %build
 # build PIEs (position independent executables) for address space randomisation: