rpm/gpg2
SHA256
1
0
Fork 0
forked from pool/gpg2
Code Pull Requests Activity

Accepting request 416713 from security:privacy

Browse Source 
- Fix upstream bug 1985: --try-all-secrets doesn't work when
  decrypting messages encrypted with --hidden-recipient, fixes unit
  tests of the duplicity package.
  Adding gnupg-make_--try-all-secrets_work.patch
- record the fact that gpg-error 1.21 is required

OBS-URL: https://build.opensuse.org/request/show/416713
OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=142
This commit is contained in:
P. Janouch 2016-08-04 10:12:03 +00:00 committed by Git OBS Bridge
parent b446cc7747
commit 95a7c69a10
3 changed files with 141 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
gnupg-make_--try-all-secrets_work.patch Normal file
View File

@ -0,0 +1,129 @@
From 82b90eee100cf1c9680517059b2d35e295dd992a Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Tue, 18 Aug 2015 16:57:44 +0900
Subject: [PATCH] gpg: Make --try-all-secrets work for hidden recipients
Upstream: committed
* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--
GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno <ueno@gnu.org>
- Add new arg CTRL to getkey_byname call.
Signed-off-by: Werner Koch <wk@gnupg.org>
---
g10/getkey.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++----------
1 file changed, 50 insertions(+), 10 deletions(-)
On openSUSE, this fixes the unit tests of the duplicity package.
diff --git a/g10/getkey.c b/g10/getkey.c
index 90fd175..3fe8274 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3555,6 +3555,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
{
gpg_error_t err = 0;
const char *name;
+ kbnode_t keyblock;
struct
{
int eof;
@@ -3562,6 +3563,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
strlist_t sl;
kbnode_t keyblock;
kbnode_t node;
+ getkey_ctx_t ctx;
} *c = *context;
if (!c)
@@ -3577,6 +3579,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
{
/* Free the context. */
release_kbnode (c->keyblock);
+ getkey_end (c->ctx);
xfree (c);
*context = NULL;
return 0;
@@ -3594,6 +3597,7 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
do
{
name = NULL;
+ keyblock = NULL;
switch (c->state)
{
case 0: /* First try to use the --default-key. */
@@ -3616,24 +3620,60 @@ enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk)
c->state++;
break;
+ case 3: /* Init search context to try all keys. */
+ if (opt.try_all_secrets)
+ {
+ err = getkey_bynames (&c->ctx, NULL, NULL, 1, &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (c->ctx);
+ c->ctx = NULL;
+ }
+ }
+ c->state++;
+ break;
+
+ case 4: /* Get next item from the context. */
+ if (c->ctx)
+ {
+ err = getkey_next (c->ctx, NULL, &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (c->ctx);
+ c->ctx = NULL;
+ }
+ }
+ else
+ c->state++;
+ break;
+
default: /* No more names to check - stop. */
c->eof = 1;
return gpg_error (GPG_ERR_EOF);
}
}
- while (!name || !*name);
+ while ((!name || !*name) && !keyblock);
- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
- if (err)
+ if (keyblock)
+ c->node = c->keyblock = keyblock;
+ else
{
- /* getkey_byname might return a keyblock even in the
- error case - I have not checked. Thus better release
- it. */
- release_kbnode (c->keyblock);
- c->keyblock = NULL;
+ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
+ if (err)
+ {
+ /* getkey_byname might return a keyblock even in the
+ error case - I have not checked. Thus better release
+ it. */
+ release_kbnode (c->keyblock);
+ c->keyblock = NULL;
+ }
+ else
+ c->node = c->keyblock;
}
- else
- c->node = c->keyblock;
}
/* Get the next key from the current keyblock. */

9
gpg2.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Wed Aug 3 11:56:58 UTC 2016 - astieger@suse.com
- Fix upstream bug 1985: --try-all-secrets doesn't work when
decrypting messages encrypted with --hidden-recipient, fixes unit
tests of the duplicity package.
Adding gnupg-make_--try-all-secrets_work.patch
- record the fact that gpg-error 1.21 is required
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com Thu Jun 16 20:21:39 UTC 2016 - astieger@suse.com

4
gpg2.spec
View File

@ -34,6 +34,7 @@ Patch6: gnupg-dont-fail-with-seahorse-agent.patch
Patch8: gnupg-set_umask_before_open_outfile.patch Patch8: gnupg-set_umask_before_open_outfile.patch
Patch9: gnupg-detect_FIPS_mode.patch Patch9: gnupg-detect_FIPS_mode.patch
Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch
Patch12: gnupg-make_--try-all-secrets_work.patch
BuildRequires: expect BuildRequires: expect
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: libadns-devel BuildRequires: libadns-devel
@ -41,7 +42,7 @@ BuildRequires: libassuan-devel >= 2.4.1
# patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG # patch11 (gnupg-add_legacy_FIPS_mode_option.patch) mentions GCRYCTL_INACTIVATE_FIPS_FLAG
# raising gcrypt requirement from 1.4.0 # raising gcrypt requirement from 1.4.0
BuildRequires: libgcrypt-devel >= 1.6.1 BuildRequires: libgcrypt-devel >= 1.6.1
BuildRequires: libgpg-error-devel >= 1.16 BuildRequires: libgpg-error-devel >= 1.21
BuildRequires: libksba-devel >= 1.2.0 BuildRequires: libksba-devel >= 1.2.0
BuildRequires: makeinfo BuildRequires: makeinfo
BuildRequires: npth-devel >= 0.91 BuildRequires: npth-devel >= 0.91
@ -84,6 +85,7 @@ gpg-agent, and a keybox library.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
%build %build
date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99}) date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})