Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2015-03-27 09:38:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2015-03-23 12:16:23.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2015-03-27 09:38:02.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Mar 23 11:48:24 UTC 2015 - [email protected] + +- Add hkps-fix-host-name-verification-when-using-pools.patch to + fix hkps support w/ pools. Upstream commit dc10d46. + +------------------------------------------------------------------- New: ---- hkps-fix-host-name-verification-when-using-pools.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.rBpEon/_old 2015-03-27 09:38:03.000000000 +0100 +++ /var/tmp/diff_new_pack.rBpEon/_new 2015-03-27 09:38:03.000000000 +0100 @@ -34,6 +34,7 @@ Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch +Patch16: hkps-fix-host-name-verification-when-using-pools.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: gnutls-devel >= 3.0 @@ -82,6 +83,7 @@ %patch9 -p1 %patch11 -p1 %patch15 -p1 +%patch16 -p1 %build # build PIEs (position independent executables) for address space randomisation: ++++++ hkps-fix-host-name-verification-when-using-pools.patch ++++++ >From dc10d466bff53821f23d2cb4814c259d40c5d9c5 Mon Sep 17 00:00:00 2001 From: Werner Koch <[email protected]> Date: Thu, 19 Mar 2015 15:37:05 +0100 Subject: [PATCH] hkps: Fix host name verification when using pools. * common/http.c (send_request): Set the requested for SNI. * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not the selecting a host. -- GnuPG-bug-id: 1792 Thanks to davidw for figuring out the problem. Signed-off-by: Werner Koch <[email protected]> --- common/http.c | 6 ++++-- dirmngr/ks-engine-hkp.c | 25 ++++++++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/common/http.c b/common/http.c index 50c0692..12e3fcb 100644 --- a/common/http.c +++ b/common/http.c @@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, } # if HTTP_USE_NTBTLS - err = ntbtls_set_hostname (hd->session->tls_session, server); + err = ntbtls_set_hostname (hd->session->tls_session, + hd->session->servername); if (err) { log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); @@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, # elif HTTP_USE_GNUTLS rc = gnutls_server_name_set (hd->session->tls_session, GNUTLS_NAME_DNS, - server, strlen (server)); + hd->session->servername, + strlen (hd->session->servername)); if (rc < 0) log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); # endif /*HTTP_USE_GNUTLS*/ diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index ea607cb..0568094 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, hi = hosttable[idx]; if (hi->pool) { + /* Deal with the pool name before selecting a host. */ + if (r_poolname && hi->cname) + { + *r_poolname = xtrystrdup (hi->cname); + if (!*r_poolname) + return gpg_error_from_syserror (); + } + /* If the currently selected host is now marked dead, force a re-selection . */ if (force_reselect) @@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, if (hi->poolidx == -1) { log_error ("no alive host found in pool '%s'\n", name); + if (r_poolname) + { + xfree (*r_poolname); + *r_poolname = NULL; + } return gpg_error (GPG_ERR_NO_KEYSERVER); } } @@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, if (hi->dead) { log_error ("host '%s' marked as dead\n", hi->name); + if (r_poolname) + { + xfree (*r_poolname); + *r_poolname = NULL; + } return gpg_error (GPG_ERR_NO_KEYSERVER); } @@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; } - if (r_poolname && hi->pool && hi->cname) - { - *r_poolname = xtrystrdup (hi->cname); - if (!*r_poolname) - return gpg_error_from_syserror (); - } - *r_host = xtrystrdup (hi->name); if (!*r_host) { -- 2.1.4 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
