From 44d4d916a989e8f8f4f0b454a10e2d7e6e09a3b02631c3e5cfc878780a50e0bf Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Mon, 14 Dec 2015 09:24:02 +0000 Subject: [PATCH] fix diff OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=127 --- ...out-if-a-key-occurs-multiple-times-i.patch | 187 ++++++++++++++++++ gpg2.changes | 7 + gpg2.spec | 4 +- 3 files changed, 197 insertions(+), 1 deletion(-) create mode 100644 0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch diff --git a/0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch b/0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch new file mode 100644 index 0000000..5b7f9aa --- /dev/null +++ b/0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch @@ -0,0 +1,187 @@ +From 6dc37c5fb60acbfd5ba2ab979852383eac8944e0 Mon Sep 17 00:00:00 2001 +From: "Neal H. Walfield" +Date: Fri, 11 Dec 2015 11:12:46 +0100 +Subject: [PATCH] gpg: Don't error out if a key occurs multiple times in the + keyring. + +* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple +times in the keyring. Instead, print a warning. When printing out +fingerprint prints, use format_hexfingerprint to format them. + +-- +Signed-off-by: Neal H. Walfield +--- + g10/gpg.c | 114 ++++++++++++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 82 insertions(+), 32 deletions(-) + +diff --git a/g10/gpg.c b/g10/gpg.c +index 2b48421..5c2a6c8 100644 +--- a/g10/gpg.c ++++ b/g10/gpg.c +@@ -2116,6 +2116,8 @@ check_user_ids (strlist_t *sp, + + KEYDB_HANDLE hd = NULL; + ++ char fingerprint_formatted[MAX_FORMATTED_FINGERPRINT_LEN + 1]; ++ + /* A quick check to avoid allocating a new strlist if we can skip + all keys. Handles also the case of !SP. See below for details. */ + for (t = s; t && (!(t->flags & PK_LIST_CONFIG) +@@ -2135,6 +2137,9 @@ check_user_ids (strlist_t *sp, + size_t fingerprint_bin_len = sizeof (fingerprint_bin); + /* We also potentially need a ! at the end. */ + char fingerprint[2 * MAX_FINGERPRINT_LEN + 1 + 1]; ++ int added = 0; ++ int dups = 0; ++ int ambiguous = 0; + + /* If the key has been given on the command line and it has not + been given by one of the encrypt-to options, we skip the +@@ -2271,41 +2276,58 @@ check_user_ids (strlist_t *sp, + i = strlen (fingerprint); + fingerprint[i] = '!'; + fingerprint[i + 1] = '\0'; ++ ++ add_to_strlist (&s2, fingerprint); ++ added = 1; + } +- else +- { +- fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); +- assert (fingerprint_bin_len == sizeof (fingerprint_bin)); +- bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); +- } + +- add_to_strlist (&s2, fingerprint); ++ /* We need the primary key's fingerprint to detect dups so ++ always format it. */ ++ fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); ++ assert (fingerprint_bin_len == sizeof (fingerprint_bin)); ++ bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); ++ ++ if (! added) ++ add_to_strlist (&s2, fingerprint); + s2->flags = s->flags; + + release_kbnode (kb); + + /* Continue the search. */ + if (DBG_LOOKUP) +- log_debug ("%s: Check for duplicates for %s='%s'\n", ++ log_debug ("%s: Checking if %s='%s' is ambiguous or there are dups\n", + __func__, option, t->d); +- err = keydb_search (hd, &desc, 1, NULL); +- if (! err) +- /* Another result! */ ++ while (1) + { + char fingerprint_bin2[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin2_len = sizeof (fingerprint_bin2); + char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1]; + +- log_error (_("key specification '%s' is ambiguous\n"), t->d); +- if (!opt.quiet) +- log_info (_("(check argument of option '%s')\n"), option); ++ err = keydb_search (hd, &desc, 1, NULL); ++ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND ++ || gpg_err_code (err) == GPG_ERR_EOF) ++ /* Not found => not ambiguous. */ ++ break; ++ else if (err) ++ /* An error (other than "not found"). */ ++ { ++ log_error (_("error searching the keyring: %s\n"), ++ gpg_strerror (err)); ++ if (! rc) ++ rc = err; + +- if (! rc) +- rc = GPG_ERR_AMBIGUOUS_NAME; ++ break; ++ } ++ ++ /* Another result! */ + + err = keydb_get_keyblock (hd, &kb); + if (err) +- log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); ++ { ++ log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); ++ if (! rc) ++ rc = err; ++ } + else + { + pk = kb->pkt->pkt.public_key; +@@ -2313,25 +2335,53 @@ check_user_ids (strlist_t *sp, + assert (fingerprint_bin2_len == sizeof (fingerprint_bin2)); + bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2); + +- /* TRANSLATORS: The %s prints a key specification which +- for example has been given at the command line. Two +- lines with fingerprints are printed after this message. */ +- log_info (_("'%s' matches at least:\n"), t->d); +- log_info (" %s\n", fingerprint); +- log_info (" %s\n", fingerprint2); ++ if (strcmp (fingerprint, fingerprint2) == 0) ++ dups ++; ++ else ++ { ++ ambiguous ++; ++ ++ if (! rc) ++ rc = GPG_ERR_AMBIGUOUS_NAME; ++ ++ if (ambiguous == 1) ++ { ++ /* TRANSLATORS: The %s prints a key ++ specification which for example has been ++ given at the command line. Lines with ++ fingerprints are printed after this ++ message. */ ++ log_error (_("key specification '%s' is ambiguous\n"), ++ t->d); ++ if (!opt.quiet) ++ log_info (_("(check argument of option '%s')\n"), ++ option); ++ ++ log_info (_("'%s' matches at least:\n"), t->d); ++ log_info (" %s\n", ++ format_hexfingerprint ++ (fingerprint, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted)); ++ } ++ ++ log_info (" %s\n", ++ format_hexfingerprint ++ (fingerprint2, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted)); ++ } + + release_kbnode (kb); + } + } +- else if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND +- || gpg_err_code (err) == GPG_ERR_EOF)) +- /* An error (other than "not found"). */ +- { +- log_error (_("error searching the keyring: %s\n"), +- gpg_strerror (err)); +- if (! rc) +- rc = err; +- } ++ ++ if (dups) ++ log_info (_("Warning: %s appears in the keyring %d times.\n"), ++ format_hexfingerprint (fingerprint, ++ fingerprint_formatted, ++ sizeof fingerprint_formatted), ++ 1 + dups); + } + + strlist_rev (&s2); +-- +2.6.2 + diff --git a/gpg2.changes b/gpg2.changes index 8209510..d76ccc2 100644 --- a/gpg2.changes +++ b/gpg2.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Dec 14 09:09:30 UTC 2015 - vcizek@suse.com + +- fix "key specification is ambiguous" regression in 2.1.10, adds + 0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch + (boo#958891) + ------------------------------------------------------------------- Sun Dec 6 14:14:45 UTC 2015 - p.drouand@gmail.com diff --git a/gpg2.spec b/gpg2.spec index 4c299ff..352a33a 100644 --- a/gpg2.spec +++ b/gpg2.spec @@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: 0001-gpg-Don-t-error-out-if-a-key-occurs-multiple-times-i.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -47,13 +48,13 @@ BuildRequires: makeinfo BuildRequires: npth-devel >= 0.91 BuildRequires: openldap2-devel BuildRequires: pkg-config +BuildRequires: readline-devel BuildRequires: pkgconfig(bzip2) BuildRequires: pkgconfig(gnutls) >= 3.0 BuildRequires: pkgconfig(libcurl) >= 7.10 BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(sqlite3) >= 3.7 BuildRequires: pkgconfig(zlib) -BuildRequires: readline-devel # Add an explicit runtime dependency to match boo#955982 Requires: libassuan0 >= 2.4.1 Requires: pinentry @@ -84,6 +85,7 @@ gpg-agent, and a keybox library. %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build # build PIEs (position independent executables) for address space randomisation: