diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | PKGBUILD | 8 | ||||
-rw-r--r-- | PKGBUILD.sig | bin | 543 -> 543 bytes | |||
-rw-r--r-- | filter.patch | 153 | ||||
-rw-r--r-- | filter.patch.sig | bin | 0 -> 543 bytes |
5 files changed, 169 insertions, 8 deletions
@@ -1,6 +1,6 @@ pkgbase = gnupg-largekeys pkgdesc = Complete and free implementation of the OpenPGP standard - pkgver = 2.0.22 + pkgver = 2.0.24 pkgrel = 2 url = http://www.gnupg.org/ install = install @@ -21,25 +21,29 @@ pkgbase = gnupg-largekeys optdepends = curl: gpg2keys_curl optdepends = libldap: gpg2keys_ldap optdepends = libusb-compat: scdaemon - provides = gnupg2=2.0.22 - provides = gnupg=2.0.22 + provides = gnupg2=2.0.24 + provides = gnupg=2.0.24 conflicts = gnupg2 conflicts = gnupg replaces = gnupg2 replaces = gnupg - source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.22.tar.bz2 - source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.22.tar.bz2.sig + source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.24.tar.bz2 + source = ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.0.24.tar.bz2.sig source = protect-tool-env.patch source = protect-tool-env.patch.sig + source = filter.patch + source = filter.patch.sig source = gnupg2-large-keys.patch source = gnupg2-large-keys.patch.sig source = install source = install.sig source = PKGBUILD.sig - sha1sums = 9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8 + sha1sums = 010e027d5f622778cadc4c124013fe515ed705cf sha1sums = SKIP sha1sums = 2ec97ba55ae47ff0d63bc813b8c64cb79cef11db sha1sums = SKIP + sha1sums = e99aa2b725342aee188d706b42d392efb2389cf4 + sha1sums = SKIP sha1sums = a77b9616d238fbdd5488e7024e5e1f36ce8ed586 sha1sums = SKIP sha1sums = ff80fc79329cfa631c19ae1ea6fc4a390ab851f7 @@ -11,7 +11,7 @@ # pkgname=gnupg-largekeys -pkgver=2.0.22 +pkgver=2.0.24 pkgrel=2 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' @@ -24,11 +24,13 @@ makedepends=('curl' 'libldap' 'libusb-compat') depends=('bzip2' 'libksba' 'libgcrypt' 'pth' 'libassuan' 'readline' 'pinentry' 'dirmngr') source=("ftp://ftp.gnupg.org/gcrypt/${pkgname%%-largekeys}/${pkgname%%-largekeys}-${pkgver}.tar.bz2"{,.sig} 'protect-tool-env.patch'{,.sig} + 'filter.patch'{,.sig} 'gnupg2-large-keys.patch'{,.sig} 'install'{,.sig} 'PKGBUILD.sig') -sha1sums=('9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8' 'SKIP' +sha1sums=('010e027d5f622778cadc4c124013fe515ed705cf' 'SKIP' '2ec97ba55ae47ff0d63bc813b8c64cb79cef11db' 'SKIP' + 'e99aa2b725342aee188d706b42d392efb2389cf4' 'SKIP' 'a77b9616d238fbdd5488e7024e5e1f36ce8ed586' 'SKIP' 'ff80fc79329cfa631c19ae1ea6fc4a390ab851f7' 'SKIP' 'SKIP') @@ -42,6 +44,7 @@ replaces=('gnupg2' 'gnupg') prepare() { cd "${srcdir}/${pkgname%%-largekeys}-${pkgver}" patch -p1 -i ../protect-tool-env.patch # FS#31900 + patch -p1 -i ../filter.patch patch -p1 -i ../gnupg2-large-keys.patch } @@ -53,6 +56,7 @@ build() { --sbindir=/usr/bin \ --libexecdir=/usr/lib/gnupg \ --enable-maintainer-mode \ + --enable-standard-socket \ --enable-symcryptrun \ --enable-gpgtar \ diff --git a/PKGBUILD.sig b/PKGBUILD.sig Binary files differindex a7d34aefb5ba..6175247578c5 100644 --- a/PKGBUILD.sig +++ b/PKGBUILD.sig diff --git a/filter.patch b/filter.patch new file mode 100644 index 000000000000..1dcd5f2d7a78 --- /dev/null +++ b/filter.patch @@ -0,0 +1,153 @@ +Hi, + +please give the batch below a try. It works for me but before I do +another release, I would like a second test. + + +Shalom-Salam, + + Werner + +From 044847a0e2013a2833605c1a9f80cfa6ef353309 Mon Sep 17 00:00:00 2001 +From: Werner Koch <wk@gnupg.org> +Date: Wed, 25 Jun 2014 14:33:34 +0200 +Subject: [PATCH] gpg: Make screening of keyserver result work with multi-key + commands. + +* g10/keyserver.c (ks_retrieval_filter_arg_s): new. +(keyserver_retrieval_filter): Use new struct and check all +descriptions. +(keyserver_spawn): Pass filter arg suing the new struct. +-- + +This is a fix for commit 5e933008. + +The old code did only work for a single key. It failed as soon as +several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A +B C"). +--- + g10/keyserver.c | 68 ++++++++++++++++++++++++++++++++++++++------------------- + 1 file changed, 45 insertions(+), 23 deletions(-) + +diff --git a/g10/keyserver.c b/g10/keyserver.c +index 83a4b95..aa41536 100644 +--- a/g10/keyserver.c ++++ b/g10/keyserver.c +@@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct) + #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" + + ++/* Structure to convey the arg to keyserver_retrieval_filter. */ ++struct ks_retrieval_filter_arg_s ++{ ++ KEYDB_SEARCH_DESC *desc; ++ int ndesc; ++}; ++ ++ + /* Check whether a key matches the search description. The filter + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ + static int +-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) ++keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, ++ void *opaque) + { +- KEYDB_SEARCH_DESC *desc = arg; ++ struct ks_retrieval_filter_arg_s *arg = opaque; ++ KEYDB_SEARCH_DESC *desc = arg->desc; ++ int ndesc = arg->ndesc; ++ int n; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; +@@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg) + if (sk) + return G10ERR_GENERAL; + ++ if (!ndesc) ++ return 0; /* Okay if no description given. */ ++ + fingerprint_from_pk (pk, fpr, &fpr_len); + keyid_from_pk (pk, keyid); + + /* Compare requested and returned fingerprints if available. */ +- if (desc->mode == KEYDB_SEARCH_MODE_FPR20) +- { +- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20)) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16) +- { +- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16)) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID) +- { +- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1]) +- return G10ERR_GENERAL; +- } +- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ for (n = 0; n < ndesc; n++) + { +- if (keyid[1] != desc->u.kid[1]) +- return G10ERR_GENERAL; ++ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) ++ { ++ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) ++ { ++ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) ++ { ++ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ { ++ if (keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else ++ return 0; + } + +- return 0; ++ return G10ERR_GENERAL; + } + + +@@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, + case KS_GETNAME: + { + void *stats_handle; ++ struct ks_retrieval_filter_arg_s filterarg; + + stats_handle=import_new_stats_handle(); + +@@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc, + that we don't allow the import of secret keys from a + keyserver. Keyservers should never accept or send them + but we better protect against rogue keyservers. */ +- ++ filterarg.desc = desc; ++ filterarg.ndesc = count; + import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len, + (opt.keyserver_options.import_options + | IMPORT_NO_SECKEY), +- keyserver_retrieval_filter, desc); ++ keyserver_retrieval_filter, &filterarg); + + import_print_stats(stats_handle); + import_release_stats_handle(stats_handle); +-- +1.8.4.3 + + + +-- +Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. diff --git a/filter.patch.sig b/filter.patch.sig Binary files differnew file mode 100644 index 000000000000..a03b0435b801 --- /dev/null +++ b/filter.patch.sig |