Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2016-01-28 17:20:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2015-12-25 13:05:57.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2016-01-28 17:20:07.000000000 +0100 @@ -1,0 +2,13 @@ +Tue Jan 26 20:23:18 UTC 2016 - [email protected] + +- add g13, an experimental tool for accessing encrypted storage + with with GnuPG (cards) + +------------------------------------------------------------------- +Tue Jan 19 13:56:58 UTC 2016 - [email protected] + +- fix fingerprint ambiguity (bsc#958891) + * https://bugs.gnupg.org/gnupg/issue2198 + * add 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch + +------------------------------------------------------------------- New: ---- 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.s5oMeC/_old 2016-01-28 17:20:08.000000000 +0100 +++ /var/tmp/diff_new_pack.s5oMeC/_new 2016-01-28 17:20:08.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -34,6 +34,7 @@ Patch8: gnupg-set_umask_before_open_outfile.patch Patch9: gnupg-detect_FIPS_mode.patch Patch11: gnupg-add_legacy_FIPS_mode_option.patch +Patch12: 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch BuildRequires: expect BuildRequires: fdupes BuildRequires: libadns-devel @@ -84,6 +85,7 @@ %patch8 -p1 %patch9 -p1 %patch11 -p1 +%patch12 -p1 %build # build PIEs (position independent executables) for address space randomisation: @@ -107,7 +109,7 @@ --enable-gpgsm=yes \ --enable-gpg \ --enable-gpgtar \ - --enable-large-rsa \ + --enable-g13 \ --enable-large-secmem \ --with-gnu-ld \ --enable-build-timestamp=$date ++++++ 0001-gpg-Improve-the-keyblock-cache-s-transparency.patch ++++++ >From 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" <[email protected]> Date: Tue, 15 Dec 2015 12:21:30 +0100 Subject: [PATCH] gpg: Improve the keyblock cache's transparency. * kbx/keybox-search.c (keybox_offset): New function. * g10/keydb.c (struct keyblock_cache): Add fields resource and offset. (keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and HD->KEYBLOCK_CACHE.OFFSET. (keydb_search): Don't use the cached result if it comes before the current file position. When caching an entry, also record the position at which it was found. -- Signed-off-by: Neal H. Walfield <[email protected]> GnuPG-bug-id: 2187 --- g10/keydb.c | 19 ++++++++++++++++++- kbx/keybox-search.c | 8 ++++++++ kbx/keybox.h | 2 ++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/g10/keydb.c b/g10/keydb.c index d7c35de..860187f 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -81,6 +81,9 @@ struct keyblock_cache { u32 *sigstatus; int pk_no; int uid_no; + /* Offset of the record in the keybox. */ + int resource; + off_t offset; }; @@ -245,6 +248,8 @@ keyblock_cache_clear (struct keydb_handle *hd) hd->keyblock_cache.sigstatus = NULL; iobuf_close (hd->keyblock_cache.iobuf); hd->keyblock_cache.iobuf = NULL; + hd->keyblock_cache.resource = -1; + hd->keyblock_cache.offset = -1; } @@ -1701,7 +1706,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20 || desc[0].mode == KEYDB_SEARCH_MODE_FPR) && hd->keyblock_cache.state == KEYBLOCK_CACHE_FILLED - && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20)) + && !memcmp (hd->keyblock_cache.fpr, desc[0].u.fpr, 20) + /* Make sure the current file position occurs before the cached + result to avoid an infinite loop. */ + && (hd->current < hd->keyblock_cache.resource + || (hd->current == hd->keyblock_cache.resource + && (keybox_offset (hd->active[hd->current].u.kb) + <= hd->keyblock_cache.offset)))) { /* (DESCINDEX is already set). */ if (DBG_CLOCK) @@ -1772,6 +1783,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, && hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX) { hd->keyblock_cache.state = KEYBLOCK_CACHE_PREPARED; + hd->keyblock_cache.resource = hd->current; + /* The current offset is at the start of the next record. Since + a record is at least 1 byte, we just use offset - 1, which is + within the record. */ + hd->keyblock_cache.offset + = keybox_offset (hd->active[hd->current].u.kb) - 1; memcpy (hd->keyblock_cache.fpr, desc[0].u.fpr, 20); } diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 78e0c23..df959b6 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -1188,3 +1188,11 @@ keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value) ec = get_flag_from_image (buffer, length, what, value); return ec? gpg_error (ec):0; } + +off_t +keybox_offset (KEYBOX_HANDLE hd) +{ + if (!hd->fp) + return 0; + return ftello (hd->fp); +} diff --git a/kbx/keybox.h b/kbx/keybox.h index 8c31141..c91a282 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -77,6 +77,8 @@ int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); int keybox_lock (KEYBOX_HANDLE hd, int yes); +off_t keybox_offset (KEYBOX_HANDLE hd); + /*-- keybox-file.c --*/ /* Fixme: This function does not belong here: Provide a better interface to create a new keybox file. */ -- 2.6.2
