Date: Thursday, March 19, 2015 @ 22:15:02 Author: bisson Revision: 234175
fix FS#43364 Added: gnupg/trunk/hkps-hostname.patch Modified: gnupg/trunk/PKGBUILD ---------------------+ PKGBUILD | 17 +++++--- hkps-hostname.patch | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 110 insertions(+), 7 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-03-19 21:01:21 UTC (rev 234174) +++ PKGBUILD 2015-03-19 21:15:02 UTC (rev 234175) @@ -6,7 +6,7 @@ pkgname=gnupg pkgver=2.1.2 -pkgrel=1 +pkgrel=2 pkgdesc='Complete and free implementation of the OpenPGP standard' url='http://www.gnupg.org/' license=('GPL') @@ -16,12 +16,10 @@ makedepends=('libldap' 'libusb-compat') depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' 'pinentry' 'bzip2' 'readline' 'gnutls') -validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' - '46CC730865BB5C78EBABADCF04376F3EE0856959' - '031EC2536E580D8EA286A9F22071B08A33BD3F06' - 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9') -source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig}) -sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' 'SKIP') +source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"; + 'hkps-hostname.patch') +sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' + '11d96926f92c3303bf8443d55863fdf12c76f43a') install=install @@ -29,6 +27,11 @@ provides=('dirmngr' "gnupg2=${pkgver}") replaces=('dirmngr' 'gnupg2') +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../hkps-hostname.patch # FS#43364 +} + build() { cd "${srcdir}/${pkgname}-${pkgver}" ./configure \ Added: hkps-hostname.patch =================================================================== --- hkps-hostname.patch (rev 0) +++ hkps-hostname.patch 2015-03-19 21:15:02 UTC (rev 234175) @@ -0,0 +1,100 @@ +From: Werner Koch <[email protected]> +Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100) +Subject: hkps: Fix host name verification when using pools. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3 + +hkps: Fix host name verification when using pools. + +* common/http.c (send_request): Set the requested for SNI. +* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not +the selecting a host. +-- + +GnuPG-bug-id: 1792 + +Thanks to davidw for figuring out the problem. + +Signed-off-by: Werner Koch <[email protected]> +--- + +diff --git a/common/http.c b/common/http.c +index 50c0692..12e3fcb 100644 +--- a/common/http.c ++++ b/common/http.c +@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + } + + # if HTTP_USE_NTBTLS +- err = ntbtls_set_hostname (hd->session->tls_session, server); ++ err = ntbtls_set_hostname (hd->session->tls_session, ++ hd->session->servername); + if (err) + { + log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); +@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + # elif HTTP_USE_GNUTLS + rc = gnutls_server_name_set (hd->session->tls_session, + GNUTLS_NAME_DNS, +- server, strlen (server)); ++ hd->session->servername, ++ strlen (hd->session->servername)); + if (rc < 0) + log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); + # endif /*HTTP_USE_GNUTLS*/ +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index ea607cb..0568094 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + hi = hosttable[idx]; + if (hi->pool) + { ++ /* Deal with the pool name before selecting a host. */ ++ if (r_poolname && hi->cname) ++ { ++ *r_poolname = xtrystrdup (hi->cname); ++ if (!*r_poolname) ++ return gpg_error_from_syserror (); ++ } ++ + /* If the currently selected host is now marked dead, force a + re-selection . */ + if (force_reselect) +@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->poolidx == -1) + { + log_error ("no alive host found in pool '%s'\n", name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + } +@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->dead) + { + log_error ("host '%s' marked as dead\n", hi->name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + +@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; + } + +- if (r_poolname && hi->pool && hi->cname) +- { +- *r_poolname = xtrystrdup (hi->cname); +- if (!*r_poolname) +- return gpg_error_from_syserror (); +- } +- + *r_host = xtrystrdup (hi->name); + if (!*r_host) + {
