Author: fernando Date: Tue Aug 12 17:03:38 2014 New Revision: 2982 Log: Fix import filter and add kbnode_t.
Added: trunk/gnupg/gnupg-2.0.25-import_filter_and_add_kbnode_t-1.patch Added: trunk/gnupg/gnupg-2.0.25-import_filter_and_add_kbnode_t-1.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/gnupg/gnupg-2.0.25-import_filter_and_add_kbnode_t-1.patch Tue Aug 12 17:03:38 2014 (r2982) @@ -0,0 +1,157 @@ +Submitted By: Fernando de Oliveira <famobr at yahoo dot com dot br> +Date: 2014-08.12 +Initial Package Version: 2.0.25 +Upstream Status: Fixed +Origin: Upstream and MacGPG2 +URL: https://raw.githubusercontent.com/GPGTools/MacGPG2/517a05d757ea3396a2e94beb6b4b12b1c5bfd510/Formula/Patches/gnupg2/import-filter.patch +URL: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=088f82c0b5e39687f70e44d3ab719854e808eeb6;hp=25d5480e98068f6dd15c70c9e58236c77037535d +URL: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=25d5480e98068f6dd15c70c9e58236c77037535d;hp=4500d3cb6dd3525a835c251e6104f500050cf075 + +Description: Fixes wrong "rejected by import filter". Add kbnode_t for easier backporting. + + +# Drop this patch with gnupg 2.0.26 + +--- a/g10/gpg.h ++++ b/g10/gpg.h +@@ -50,6 +50,7 @@ + + /* Object used to describe a keyblok node. */ + typedef struct kbnode_struct *KBNODE; ++typedef struct kbnode_struct *kbnode_t; + /* Object used for looking ob keys. */ + typedef struct keydb_search_desc KEYDB_SEARCH_DESC; + +--- a/g10/import.c ++++ b/g10/import.c +@@ -799,7 +799,7 @@ + return 0; + } + +- if (filter && filter (pk, NULL, filter_arg)) ++ if (filter && filter (keyblock, filter_arg)) + { + log_error (_("key %s: %s\n"), keystr_from_pk(pk), + _("rejected by import filter")); +@@ -1201,7 +1201,7 @@ + keyid_from_sk( sk, keyid ); + uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + +- if (filter && filter (NULL, sk, filter_arg)) { ++ if (filter && filter (keyblock, filter_arg)) { + log_error (_("secret key %s: %s\n"), keystr_from_sk(sk), + _("rejected by import filter")); + return 0; +--- a/g10/keyserver.c ++++ b/g10/keyserver.c +@@ -994,52 +994,68 @@ + returns 0 if the key shall be imported. Note that this kind of + filter is not related to the iobuf filters. */ + static int +-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, +- void *opaque) ++keyserver_retrieval_filter (kbnode_t keyblock, void *opaque) + { + struct ks_retrieval_filter_arg_s *arg = opaque; + KEYDB_SEARCH_DESC *desc = arg->desc; + int ndesc = arg->ndesc; ++ kbnode_t node; ++ PKT_public_key *pk; + int n; + u32 keyid[2]; + byte fpr[MAX_FINGERPRINT_LEN]; + size_t fpr_len = 0; + +- /* Secret keys are not expected from a keyserver. Do not import. */ +- if (sk) +- return G10ERR_GENERAL; ++ /* Secret keys are not expected from a keyserver. We do not ++ care about secret subkeys because the import code takes care ++ of skipping them. Not allowing an import of a public key ++ with a secret subkey would make it too easy to inhibit the ++ downloading of a public key. Recall that keyservers do only ++ limited checks. */ ++ node = find_kbnode (keyblock, PKT_SECRET_KEY); ++ if (node) ++ return G10ERR_GENERAL; /* Do not import. */ + + if (!ndesc) + return 0; /* Okay if no description given. */ + +- fingerprint_from_pk (pk, fpr, &fpr_len); +- keyid_from_pk (pk, keyid); +- +- /* Compare requested and returned fingerprints if available. */ +- for (n = 0; n < ndesc; n++) ++ /* Loop over all key packets. */ ++ for (node = keyblock; node; node = node->next) + { +- if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) +- { +- if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) +- { +- if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) +- { +- if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) +- return 0; +- } +- else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ if (node->pkt->pkttype != PKT_PUBLIC_KEY ++ && node->pkt->pkttype != PKT_PUBLIC_SUBKEY) ++ continue; ++ ++ pk = node->pkt->pkt.public_key; ++ fingerprint_from_pk (pk, fpr, &fpr_len); ++ keyid_from_pk (pk, keyid); ++ ++ /* Compare requested and returned fingerprints if available. */ ++ for (n = 0; n < ndesc; n++) + { +- if (keyid[1] == desc[n].u.kid[1]) +- return 0; ++ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20) ++ { ++ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16) ++ { ++ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16)) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) ++ { ++ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) ++ { ++ if (keyid[1] == desc[n].u.kid[1]) ++ return 0; ++ } ++ else /* No keyid or fingerprint - can't check. */ ++ return 0; /* allow import. */ + } +- else +- return 0; + } + + return G10ERR_GENERAL; +--- a/g10/main.h ++++ b/g10/main.h +@@ -261,8 +261,7 @@ + + /*-- import.c --*/ + +-typedef int (*import_filter_t)(PKT_public_key *pk, PKT_secret_key *sk, +- void *arg); ++typedef int (*import_filter_t)(kbnode_t keyblock, void *arg); + + int parse_import_options(char *str,unsigned int *options,int noisy); + void import_keys( char **fnames, int nnames, -- http://lists.linuxfromscratch.org/listinfo/patches FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
