Accepting request 287676 from home:AndreasStieger:branches:Base:System

Fix invalid packet read error when reading keyrings [boo#914625]

OBS-URL: https://build.opensuse.org/request/show/287676
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=94

0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch

@@ -0,0 +1,76 @@
+From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001
+From: Werner Koch <wk@gnupg.org>
+Date: Mon, 23 Feb 2015 16:37:57 +0100
+Subject: [PATCH] gpg: Skip legacy keys while searching keyrings.
+
+* g10/getkey.c (search_modes_are_fingerprint): New.
+(lookup): Skip over legacy keys.
+--
+
+GnuPG-bug-id: 1847
+Signed-off-by: Werner Koch <wk@gnupg.org>
+---
+ g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/g10/getkey.c b/g10/getkey.c
+index 76ee493..116753c 100644
+--- a/g10/getkey.c
++++ b/g10/getkey.c
+@@ -2525,6 +2525,29 @@ found:
+ }
+ 
+ 
++/* Return true if all the search modes are fingerprints.  */
++static int
++search_modes_are_fingerprint (getkey_ctx_t ctx)
++{
++  size_t n, found;
++
++  for (n=found=0; n < ctx->nitems; n++)
++    {
++      switch (ctx->items[n].mode)
++        {
++        case KEYDB_SEARCH_MODE_FPR16:
++        case KEYDB_SEARCH_MODE_FPR20:
++        case KEYDB_SEARCH_MODE_FPR:
++          found++;
++          break;
++        default:
++          break;
++        }
++    }
++  return found && found == ctx->nitems;
++}
++
++
+ /* The main function to lookup a key.  On success the found keyblock
+    is stored at RET_KEYBLOCK and also in CTX.  If WANT_SECRET is true
+    a corresponding secret key is required.  */
+@@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret)
+   int rc;
+   int no_suitable_key = 0;
+ 
+-  rc = 0;
+-  while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL)))
++  for (;;)
+     {
++      rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL);
++      /* Skip over all legacy keys but only if they are not requested
++         by fingerprints.
++         Fixme: The lower level keydb code should actually do that but
++         then it would be harder to report the number of skipped
++         legacy keys during import. */
++      if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
++          && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
++          && !search_modes_are_fingerprint (ctx))
++        continue;
++      if (rc)
++        break;
++
+       /* If we are searching for the first key we have to make sure
+          that the next iteration does not do an implicit reset.
+          This can be triggered by an empty key ring. */
+-- 
+2.1.4
+

gpg2.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 24 08:10:22 UTC 2015 - astieger@suse.com
+
+- Fix invalid packet read error when reading keyrings [boo#914625]
+  add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
+
 -------------------------------------------------------------------
 Wed Feb 11 21:48:13 UTC 2015 - astieger@suse.com
 

gpg2.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package gpg2
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -36,6 +36,7 @@ Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
 Patch12:        gnupg-remove_development_version_warning.patch
 Patch14:        gnupg-large_keys.patch
+Patch15:        0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch
 BuildRequires:  automake >= 1.14
 BuildRequires:  expect
 BuildRequires:  fdupes
@@ -87,6 +88,7 @@ gpg-agent, and a keybox library.
 %patch11 -p1
 %patch12 -p1
 %patch14 -p1
+%patch15 -p1
 
 %build
 autoreconf -fi