Date: Friday, November 28, 2014 @ 04:28:30 Author: bisson Revision: 227162
fix FS#42933 Added: gnupg/trunk/hash-ecdsa.patch Modified: gnupg/trunk/PKGBUILD ------------------+ PKGBUILD | 9 ++++++--- hash-ecdsa.patch | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-11-28 01:53:36 UTC (rev 227161) +++ PKGBUILD 2014-11-28 03:28:30 UTC (rev 227162) @@ -6,7 +6,7 @@ pkgname=gnupg pkgver=2.1.0 -pkgrel=4 +pkgrel=5 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' license=('GPL') @@ -17,9 +17,11 @@ depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' 'pinentry' 'bzip2' 'readline') source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} - 'refresh-keys.patch') + 'refresh-keys.patch' + 'hash-ecdsa.patch') sha1sums=('2fcd0ca6889ef6cb59e3275e8411f8b7778c2f33' 'SKIP' - '246bea8776882f4c0293685482558f6ead1cf902') + '246bea8776882f4c0293685482558f6ead1cf902' + 'b9bd644276aa1c1a3fcaed82e65eecccfd1f36ed') install=install @@ -30,6 +32,7 @@ prepare() { cd "${srcdir}/${pkgname}-${pkgver}" patch -p1 -i ../refresh-keys.patch + patch -p1 -i ../hash-ecdsa.patch } build() { Added: hash-ecdsa.patch =================================================================== --- hash-ecdsa.patch (rev 0) +++ hash-ecdsa.patch 2014-11-28 03:28:30 UTC (rev 227162) @@ -0,0 +1,48 @@ +From: Werner Koch <[email protected]> +Date: Wed, 19 Nov 2014 09:34:32 +0000 (+0100) +Subject: gpg: Fix hash detection for ECDSA. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd;hp=cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0 + +gpg: Fix hash detection for ECDSA. + +* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA. +-- + +This error was introduced with +commit b7f8dec6325f1c80640f878ed3080bbc194fbc78 +while separating EdDSA from ECDSA. + +Found due to a related bug report from Brian Minton. + +Signed-off-by: Werner Koch <[email protected]> +--- + +diff --git a/g10/sign.c b/g10/sign.c +index e7d4a68..2e62f04 100644 +--- a/g10/sign.c ++++ b/g10/sign.c +@@ -899,13 +899,12 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) + { + if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_DSA +- || (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA +- && !openpgp_oid_is_ed25519 (sk_rover->pk->pkey[1]))) ++ || sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) + { + int temp_hashlen = (gcry_mpi_get_nbits + (sk_rover->pk->pkey[1])); + +- if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_EDDSA) ++ if (sk_rover->pk->pubkey_algo == PUBKEY_ALGO_ECDSA) + temp_hashlen = ecdsa_qbits_from_Q (temp_hashlen); + temp_hashlen = (temp_hashlen+7)/8; + +@@ -915,7 +914,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, + if (hint.digest_length<temp_hashlen) + hint.digest_length=temp_hashlen; + } +- /* FIXME: need toall gpg-agent */ ++ /* FIXME: need to check gpg-agent for this. */ + /* else if (sk_rover->pk->is_protected */ + /* && sk_rover->pk->protect.s2k.mode == 1002) */ + /* smartcard = 1; */
