diff --git a/gnupg-make_--try-all-secrets_work.patch b/gnupg-make_--try-all-secrets_work.patch new file mode 100644 index 0000000..e1989d6 --- /dev/null +++ b/gnupg-make_--try-all-secrets_work.patch @@ -0,0 +1,129 @@ +From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Tue, 18 Aug 2015 16:57:44 +0900 +Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients +Upstream: committed + +* g10/getkey.c (enum_secret_keys): Really enumerate all secret +keys if --try-all-secrets is specified. +-- + +GnuPG-bug-id: 1985 +Signed-off-by: Daiki Ueno + +- Add new arg CTRL to getkey_byname call. + +Signed-off-by: Werner Koch +--- + g10/getkey.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 50 insertions(+), 10 deletions(-) + +On openSUSE, this fixes the unit tests of the duplicity package. + +diff --git a/g10/getkey.c b/g10/getkey.c +index 90fd175..3fe8274 100644 +--- a/g10/getkey.c ++++ b/g10/getkey.c +@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + { + gpg_error_t err = 0; + const char *name; ++ kbnode_t keyblock; + struct + { + int eof; +@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + strlist_t sl; + kbnode_t keyblock; + kbnode_t node; ++ getkey_ctx_t ctx; + } *c = *context; + + if (!c) +@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + { + /* Free the context. */ + release_kbnode (c->keyblock); ++ getkey_end (c->ctx); + xfree (c); + *context = NULL; + return 0; +@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + do + { + name = NULL; ++ keyblock = NULL; + switch (c->state) + { + case 0: /* First try to use the --default-key. */ +@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) + c->state++; + break; + ++ case 3: /* Init search context to try all keys. */ ++ if (opt.try_all_secrets) ++ { ++ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock); ++ if (err) ++ { ++ release_kbnode (keyblock); ++ keyblock = NULL; ++ getkey_end (c->ctx); ++ c->ctx = NULL; ++ } ++ } ++ c->state++; ++ break; ++ ++ case 4: /* Get next item from the context. */ ++ if (c->ctx) ++ { ++ err = getkey_next (c->ctx, NULL, &keyblock); ++ if (err) ++ { ++ release_kbnode (keyblock); ++ keyblock = NULL; ++ getkey_end (c->ctx); ++ c->ctx = NULL; ++ } ++ } ++ else ++ c->state++; ++ break; ++ + default: /* No more names to check - stop. */ + c->eof = 1; + return gpg_error (GPG_ERR_EOF); + } + } +- while (!name || !*name); ++ while ((!name || !*name) && !keyblock); + +- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); +- if (err) ++ if (keyblock) ++ c->node = c->keyblock = keyblock; ++ else + { +- /* getkey_byname might return a keyblock even in the +- error case - I have not checked. Thus better release +- it. */ +- release_kbnode (c->keyblock); +- c->keyblock = NULL; ++ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); ++ if (err) ++ { ++ /* getkey_byname might return a keyblock even in the ++ error case - I have not checked. Thus better release ++ it. */ ++ release_kbnode (c->keyblock); ++ c->keyblock = NULL; ++ } ++ else ++ c->node = c->keyblock; + } +- else +- c->node = c->keyblock; + } + + /* Get the next key from the current keyblock. */ diff --git a/gpg2.changes b/gpg2.changes index 80ceebd..74f1f90 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Aug 4 12:17:14 UTC 2016 - tchvatal@suse.com + +- Fix date call as the curlified parameter for sure are not parsed + correctly by escaping it with % + +------------------------------------------------------------------- +Wed Aug 3 11:56:58 UTC 2016 - astieger@suse.com + +- Fix upstream bug 1985: --try-all-secrets doesn't work when + decrypting messages encrypted with --hidden-recipient, fixes unit + tests of the duplicity package. + Adding gnupg-make_--try-all-secrets_work.patch +- record the fact that gpg-error 1.21 is required + ------------------------------------------------------------------- Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com diff --git a/gpg2.spec b/gpg2.spec index 7c2283a..29b9d7f 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: gnupg-make_--try-all-secrets_work.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -41,7 +42,7 @@ BuildRequires: libassuan-devel >= 2.4.1 # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # raising gcrypt requirement from 1.4.0 BuildRequires: libgcrypt-devel >= 1.6.1 -BuildRequires: libgpg-error-devel >= 1.16 +BuildRequires: libgpg-error-devel >= 1.21 BuildRequires: libksba-devel >= 1.2.0 BuildRequires: makeinfo BuildRequires: npth-devel >= 0.91 @@ -84,9 +85,10 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build -date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) +date=$(date -u +%%Y-%%m-%%dT%%H:%%M+0000 -r %{SOURCE99}) %configure \ --libexecdir=%{_libdir} \ --docdir=%{_docdir}/%{name} \