From 1e59d0bb1e3588f945ae3b6c3e4591b7e649defdc8ab37cea28e970e7e3a97f8 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sun, 1 Mar 2015 13:52:09 +0000 Subject: [PATCH] Accepting request 287682 from Base:System 1 OBS-URL: https://build.opensuse.org/request/show/287682 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gpg2?expand=0&rev=86 --- ...legacy-keys-while-searching-keyrings.patch | 76 +++++++++++++++++++ gpg2.changes | 6 ++ gpg2.spec | 4 +- 3 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch diff --git a/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch b/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch new file mode 100644 index 0000000..64b768e --- /dev/null +++ b/0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch @@ -0,0 +1,76 @@ +From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Mon, 23 Feb 2015 16:37:57 +0100 +Subject: [PATCH] gpg: Skip legacy keys while searching keyrings. + +* g10/getkey.c (search_modes_are_fingerprint): New. +(lookup): Skip over legacy keys. +-- + +GnuPG-bug-id: 1847 +Signed-off-by: Werner Koch +--- + g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++-- + 1 file changed, 37 insertions(+), 2 deletions(-) + +diff --git a/g10/getkey.c b/g10/getkey.c +index 76ee493..116753c 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -2525,6 +2525,29 @@ found: + } + + ++/* Return true if all the search modes are fingerprints. */ ++static int ++search_modes_are_fingerprint (getkey_ctx_t ctx) ++{ ++ size_t n, found; ++ ++ for (n=found=0; n < ctx->nitems; n++) ++ { ++ switch (ctx->items[n].mode) ++ { ++ case KEYDB_SEARCH_MODE_FPR16: ++ case KEYDB_SEARCH_MODE_FPR20: ++ case KEYDB_SEARCH_MODE_FPR: ++ found++; ++ break; ++ default: ++ break; ++ } ++ } ++ return found && found == ctx->nitems; ++} ++ ++ + /* The main function to lookup a key. On success the found keyblock + is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true + a corresponding secret key is required. */ +@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) + int rc; + int no_suitable_key = 0; + +- rc = 0; +- while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL))) ++ for (;;) + { ++ rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); ++ /* Skip over all legacy keys but only if they are not requested ++ by fingerprints. ++ Fixme: The lower level keydb code should actually do that but ++ then it would be harder to report the number of skipped ++ legacy keys during import. */ ++ if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY ++ && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST) ++ && !search_modes_are_fingerprint (ctx)) ++ continue; ++ if (rc) ++ break; ++ + /* If we are searching for the first key we have to make sure + that the next iteration does not do an implicit reset. + This can be triggered by an empty key ring. */ +-- +2.1.4 + diff --git a/gpg2.changes b/gpg2.changes index eaa4307..0958884 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com + +- Fix invalid packet read error when reading keyrings [boo#914625] + add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch + ------------------------------------------------------------------- Wed Feb 11 21:48:13 UTC 2015 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 2f8c900..2736cb5 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch14: gnupg-large_keys.patch +Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ gpg-agent, and a keybox library. %patch11 -p1 %patch12 -p1 %patch14 -p1 +%patch15 -p1 %build autoreconf -fi