Introduce Debian patches for #1787708
Patches taken from:
* f292beac11/debian/patches/import-merge-without-userid
This commit is contained in:
parent
d7747268e4
commit
65fca63451
@ -0,0 +1,32 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||
Date: Thu, 13 Jun 2019 21:27:43 +0200
|
||||
Subject: gpg: accept subkeys with a good revocation but no self-sig during
|
||||
import
|
||||
|
||||
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
|
||||
encounter a valid revocation signature. This allows import of subkey
|
||||
revocation signatures, even in the absence of a corresponding subkey
|
||||
binding signature.
|
||||
|
||||
--
|
||||
|
||||
This fixes the remaining test in import-incomplete.scm.
|
||||
|
||||
GnuPG-Bug-id: 4393
|
||||
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||
---
|
||||
g10/import.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/g10/import.c b/g10/import.c
|
||||
index f9acf95..9217911 100644
|
||||
--- a/g10/import.c
|
||||
+++ b/g10/import.c
|
||||
@@ -3602,6 +3602,7 @@ chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid, int *non_self)
|
||||
/* It's valid, so is it newer? */
|
||||
if (sig->timestamp >= rsdate)
|
||||
{
|
||||
+ knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
|
||||
if (rsnode)
|
||||
{
|
||||
/* Delete the last revocation sig since
|
@ -0,0 +1,106 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||
Date: Thu, 13 Jun 2019 21:27:42 +0200
|
||||
Subject: gpg: allow import of previously known keys, even without UIDs
|
||||
|
||||
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
|
||||
has no user id, as long as we already have a local variant of the cert
|
||||
that matches the primary key.
|
||||
|
||||
--
|
||||
|
||||
This fixes two of the three broken tests in import-incomplete.scm.
|
||||
|
||||
GnuPG-Bug-id: 4393
|
||||
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||
---
|
||||
g10/import.c | 44 +++++++++++---------------------------------
|
||||
1 file changed, 11 insertions(+), 33 deletions(-)
|
||||
|
||||
diff --git a/g10/import.c b/g10/import.c
|
||||
index 5d3162c..f9acf95 100644
|
||||
--- a/g10/import.c
|
||||
+++ b/g10/import.c
|
||||
@@ -1788,7 +1788,6 @@ import_one_real (ctrl_t ctrl,
|
||||
size_t an;
|
||||
char pkstrbuf[PUBKEY_STRING_SIZE];
|
||||
int merge_keys_done = 0;
|
||||
- int any_filter = 0;
|
||||
KEYDB_HANDLE hd = NULL;
|
||||
|
||||
if (r_valid)
|
||||
@@ -1825,14 +1824,6 @@ import_one_real (ctrl_t ctrl,
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
-
|
||||
- if (!uidnode )
|
||||
- {
|
||||
- if (!silent)
|
||||
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
|
||||
- return 0;
|
||||
- }
|
||||
-
|
||||
if (screener && screener (keyblock, screener_arg))
|
||||
{
|
||||
log_error (_("key %s: %s\n"), keystr_from_pk (pk),
|
||||
@@ -1907,17 +1898,10 @@ import_one_real (ctrl_t ctrl,
|
||||
}
|
||||
}
|
||||
|
||||
- if (!delete_inv_parts (ctrl, keyblock, keyid, options ) )
|
||||
- {
|
||||
- if (!silent)
|
||||
- {
|
||||
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
|
||||
- if (!opt.quiet )
|
||||
- log_info(_("this may be caused by a missing self-signature\n"));
|
||||
- }
|
||||
- stats->no_user_id++;
|
||||
- return 0;
|
||||
- }
|
||||
+ /* Delete invalid parts, and note if we have any valid ones left.
|
||||
+ * We will later abort import if this key is new but contains
|
||||
+ * no valid uids. */
|
||||
+ delete_inv_parts (ctrl, keyblock, keyid, options);
|
||||
|
||||
/* Get rid of deleted nodes. */
|
||||
commit_kbnode (&keyblock);
|
||||
@@ -1927,24 +1911,11 @@ import_one_real (ctrl_t ctrl,
|
||||
{
|
||||
apply_keep_uid_filter (ctrl, keyblock, import_filter.keep_uid);
|
||||
commit_kbnode (&keyblock);
|
||||
- any_filter = 1;
|
||||
}
|
||||
if (import_filter.drop_sig)
|
||||
{
|
||||
apply_drop_sig_filter (ctrl, keyblock, import_filter.drop_sig);
|
||||
commit_kbnode (&keyblock);
|
||||
- any_filter = 1;
|
||||
- }
|
||||
-
|
||||
- /* If we ran any filter we need to check that at least one user id
|
||||
- * is left in the keyring. Note that we do not use log_error in
|
||||
- * this case. */
|
||||
- if (any_filter && !any_uid_left (keyblock))
|
||||
- {
|
||||
- if (!opt.quiet )
|
||||
- log_info ( _("key %s: no valid user IDs\n"), keystr_from_pk (pk));
|
||||
- stats->no_user_id++;
|
||||
- return 0;
|
||||
}
|
||||
|
||||
/* The keyblock is valid and ready for real import. */
|
||||
@@ -2002,6 +1973,13 @@ import_one_real (ctrl_t ctrl,
|
||||
err = 0;
|
||||
stats->skipped_new_keys++;
|
||||
}
|
||||
+ else if (err && !any_uid_left (keyblock))
|
||||
+ {
|
||||
+ if (!silent)
|
||||
+ log_info( _("key %s: new key but contains no user ID - skipped\n"), keystr(keyid));
|
||||
+ err = 0;
|
||||
+ stats->no_user_id++;
|
||||
+ }
|
||||
else if (err) /* Insert this key. */
|
||||
{
|
||||
/* Note: ERR can only be NO_PUBKEY or UNUSABLE_PUBKEY. */
|
201
gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Normal file
201
gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
Normal file
@ -0,0 +1,201 @@
|
||||
From: Vincent Breitmoser <look@my.amazin.horse>
|
||||
Date: Thu, 13 Jun 2019 21:27:41 +0200
|
||||
Subject: tests: add test cases for import without uid
|
||||
|
||||
This commit adds a test case that does the following, in order:
|
||||
- Import of a primary key plus user id
|
||||
- Check that import of a subkey works, without a user id present in the
|
||||
imported key
|
||||
- Check that import of a subkey revocation works, without a user id or
|
||||
subkey binding signature present in the imported key
|
||||
- Check that import of a primary key revocation works, without a user id
|
||||
present in the imported key
|
||||
|
||||
--
|
||||
|
||||
Note that this test currently fails. The following changesets will
|
||||
fix gpg so that the tests pass.
|
||||
|
||||
GnuPG-Bug-id: 4393
|
||||
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
|
||||
---
|
||||
tests/openpgp/Makefile.am | 1 +
|
||||
tests/openpgp/import-incomplete.scm | 68 ++++++++++++++++++++++
|
||||
.../import-incomplete/primary+revocation.asc | 9 +++
|
||||
.../primary+subkey+sub-revocation.asc | 10 ++++
|
||||
.../import-incomplete/primary+subkey+sub-sig.asc | 10 ++++
|
||||
.../openpgp/import-incomplete/primary+uid-sig.asc | 10 ++++
|
||||
tests/openpgp/import-incomplete/primary+uid.asc | 10 ++++
|
||||
7 files changed, 118 insertions(+)
|
||||
create mode 100755 tests/openpgp/import-incomplete.scm
|
||||
create mode 100644 tests/openpgp/import-incomplete/primary+revocation.asc
|
||||
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||
create mode 100644 tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||
create mode 100644 tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||
create mode 100644 tests/openpgp/import-incomplete/primary+uid.asc
|
||||
|
||||
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
|
||||
index f6014c9..6423da1 100644
|
||||
--- a/tests/openpgp/Makefile.am
|
||||
+++ b/tests/openpgp/Makefile.am
|
||||
@@ -78,6 +78,7 @@ XTESTS = \
|
||||
gpgv-forged-keyring.scm \
|
||||
armor.scm \
|
||||
import.scm \
|
||||
+ import-incomplete.scm \
|
||||
import-revocation-certificate.scm \
|
||||
ecc.scm \
|
||||
4gb-packet.scm \
|
||||
diff --git a/tests/openpgp/import-incomplete.scm b/tests/openpgp/import-incomplete.scm
|
||||
new file mode 100755
|
||||
index 0000000..727a027
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete.scm
|
||||
@@ -0,0 +1,68 @@
|
||||
+#!/usr/bin/env gpgscm
|
||||
+
|
||||
+;; Copyright (C) 2016 g10 Code GmbH
|
||||
+;;
|
||||
+;; This file is part of GnuPG.
|
||||
+;;
|
||||
+;; GnuPG is free software; you can redistribute it and/or modify
|
||||
+;; it under the terms of the GNU General Public License as published by
|
||||
+;; the Free Software Foundation; either version 3 of the License, or
|
||||
+;; (at your option) any later version.
|
||||
+;;
|
||||
+;; GnuPG is distributed in the hope that it will be useful,
|
||||
+;; but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+;; GNU General Public License for more details.
|
||||
+;;
|
||||
+;; You should have received a copy of the GNU General Public License
|
||||
+;; along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
+
|
||||
+(load (in-srcdir "tests" "openpgp" "defs.scm"))
|
||||
+(setup-environment)
|
||||
+
|
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+uid.asc")))
|
||||
+
|
||||
+(info "Test import of new subkey, from a certificate without uid")
|
||||
+(define keyid "573EA710367356BB")
|
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-sig.asc")))
|
||||
+(tr:do
|
||||
+ (tr:pipe-do
|
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||
+ (tr:call-with-content
|
||||
+ (lambda (c)
|
||||
+ ;; XXX we do not have a regexp library
|
||||
+ (unless (any (lambda (line)
|
||||
+ (and (string-prefix? line "sub:")
|
||||
+ (string-contains? line "573EA710367356BB")))
|
||||
+ (string-split-newlines c))
|
||||
+ (exit 1)))))
|
||||
+
|
||||
+(info "Test import of a subkey revocation, from a certificate without uid")
|
||||
+(define keyid "573EA710367356BB")
|
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+subkey+sub-revocation.asc")))
|
||||
+(tr:do
|
||||
+ (tr:pipe-do
|
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||
+ (tr:call-with-content
|
||||
+ (lambda (c)
|
||||
+ ;; XXX we do not have a regexp library
|
||||
+ (unless (any (lambda (line)
|
||||
+ (and (string-prefix? line "sub:r:")
|
||||
+ (string-contains? line "573EA710367356BB")))
|
||||
+ (string-split-newlines c))
|
||||
+ (exit 1)))))
|
||||
+
|
||||
+(info "Test import of revocation, from a certificate without uid")
|
||||
+(call-check `(,(tool 'gpg) --import ,(in-srcdir "tests" "openpgp" "import-incomplete" "primary+revocation.asc")))
|
||||
+(tr:do
|
||||
+ (tr:pipe-do
|
||||
+ (pipe:gpg `(--list-keys --with-colons ,keyid)))
|
||||
+ (tr:call-with-content
|
||||
+ (lambda (c)
|
||||
+ ;; XXX we do not have a regexp library
|
||||
+ (unless (any (lambda (line)
|
||||
+ (and (string-prefix? line "pub:r:")
|
||||
+ (string-contains? line "0843DA969AA8DAFB")))
|
||||
+ (string-split-newlines c))
|
||||
+ (exit 1)))))
|
||||
+
|
||||
diff --git a/tests/openpgp/import-incomplete/primary+revocation.asc b/tests/openpgp/import-incomplete/primary+revocation.asc
|
||||
new file mode 100644
|
||||
index 0000000..6b7b608
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete/primary+revocation.asc
|
||||
@@ -0,0 +1,9 @@
|
||||
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
+Comment: [E] primary key, revocation signature over primary (no user ID)
|
||||
+
|
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||
+631VAN2IeAQgFggAIBYhBLRpj5W82H/gSMzKKQhD2paaqNr7BQJc2ZQZAh0AAAoJ
|
||||
+EAhD2paaqNr7qAwA/2jBUpnN0BxwRO/4CrxvrLIsL+C9aSXJUOTv8XkP4lvtAQD3
|
||||
+XsDFfFNgEueiTfF7HtOGt5LPmRqVvUpQSMVgJJW6CQ==
|
||||
+=tM90
|
||||
+-----END PGP PUBLIC KEY BLOCK-----
|
||||
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||
new file mode 100644
|
||||
index 0000000..83a51a5
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-revocation.asc
|
||||
@@ -0,0 +1,10 @@
|
||||
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
+Comment: [D] primary key, subkey, subkey revocation (no user ID)
|
||||
+
|
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
|
||||
+j++lwwWDAOlkVicDAQgHiHgEKBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||
+XNmnkAIdAgAKCRAIQ9qWmqja+ylaAQDmIKf86BJEq4OpDqU+V9D+wn2cyuxbyWVQ
|
||||
+3r9LiL9qNwD/QAjyrhSN8L3Mfq+wdTHo5i0yB9ZCCpHLXSbhCqfWZwQ=
|
||||
+=dwx2
|
||||
+-----END PGP PUBLIC KEY BLOCK-----
|
||||
diff --git a/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||
new file mode 100644
|
||||
index 0000000..dc47a02
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete/primary+subkey+sub-sig.asc
|
||||
@@ -0,0 +1,10 @@
|
||||
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
+Comment: [B] primary key, subkey, subkey binding sig (no user ID)
|
||||
+
|
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||
+631VAN24OARc2ZQhEgorBgEEAZdVAQUBAQdABsd5ha0AWXdXcSmfeiWIfrNcGqQK
|
||||
+j++lwwWDAOlkVicDAQgHiHgEGBYIACAWIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||
+XNmUIQIbDAAKCRAIQ9qWmqja++vFAP98G1L+1/rWTGbsnxOAV2RocBYIroAvsbkR
|
||||
+Ly6FdP8YNwEA7jOgT05CoKIe37MstpOz23mM80AK369Ca3JMmKKCQgg=
|
||||
+=xuDu
|
||||
+-----END PGP PUBLIC KEY BLOCK-----
|
||||
diff --git a/tests/openpgp/import-incomplete/primary+uid-sig.asc b/tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||
new file mode 100644
|
||||
index 0000000..134607d
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete/primary+uid-sig.asc
|
||||
@@ -0,0 +1,10 @@
|
||||
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
+Comment: [C] primary key and self-sig expiring in 2024 (no user ID)
|
||||
+
|
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||
+631VAN2IlgQTFggAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBLRpj5W8
|
||||
+2H/gSMzKKQhD2paaqNr7BQJc2ZR1BQkJZgHcAAoJEAhD2paaqNr79soA/0lWkUsu
|
||||
+3NLwgbni6EzJxnTzgeNMpljqNpipHAwfix9hAP93AVtFdC8g7hdUZxawobl9lnSN
|
||||
+9ohXOEBWvdJgVv2YAg==
|
||||
+=KWIK
|
||||
+-----END PGP PUBLIC KEY BLOCK-----
|
||||
diff --git a/tests/openpgp/import-incomplete/primary+uid.asc b/tests/openpgp/import-incomplete/primary+uid.asc
|
||||
new file mode 100644
|
||||
index 0000000..055f300
|
||||
--- /dev/null
|
||||
+++ b/tests/openpgp/import-incomplete/primary+uid.asc
|
||||
@@ -0,0 +1,10 @@
|
||||
+-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
+Comment: [A] primary key, user ID, and self-sig expiring in 2021
|
||||
+
|
||||
+mDMEXNmUGRYJKwYBBAHaRw8BAQdA75R8VlchvmEd2Iz/8l07RoKUaUPDB71Ao1zZ
|
||||
+631VAN20CHRlc3Qga2V5iJYEExYIAD4WIQS0aY+VvNh/4EjMyikIQ9qWmqja+wUC
|
||||
+XNmUGQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAIQ9qWmqja
|
||||
++0G1AQDdQiwhXxjXLMqoth+D4SigVHTJK8ORwifzsy3UE7mPGwD/aZ67XbAF/lgI
|
||||
+kv2O1Jo0u9BL9RNNF+L0DM7rAFbfMAs=
|
||||
+=1eII
|
||||
+-----END PGP PUBLIC KEY BLOCK-----
|
15
gnupg2.spec
15
gnupg2.spec
@ -7,7 +7,7 @@
|
||||
Summary: Utility for secure communication and data storage
|
||||
Name: gnupg2
|
||||
Version: 2.2.18
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
|
||||
License: GPLv3+
|
||||
Source0: ftp://ftp.gnupg.org/gcrypt/%{?pre:alpha/}gnupg/gnupg-%{version}%{?pre}.tar.bz2
|
||||
@ -24,6 +24,12 @@ Patch6: gnupg-2.1.1-fips-algo.patch
|
||||
Patch9: gnupg-2.1.21-large-rsa.patch
|
||||
# upstream patch
|
||||
Patch10: gnupg-2.2.18-doublefree.patch
|
||||
# fix missing uid on refresh from keys.openpgp.org
|
||||
# https://salsa.debian.org/debian/gnupg2/commit/f292beac1171c6c77faf41d1f88c2e0942ed4437
|
||||
Patch20: gnupg-2.2.18-tests-add-test-cases-for-import-without-uid.patch
|
||||
Patch21: gnupg-2.2.18-gpg-allow-import-of-previously-known-keys-even-without-UI.patch
|
||||
Patch22: gnupg-2.2.18-gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
|
||||
|
||||
|
||||
URL: http://www.gnupg.org/
|
||||
|
||||
@ -102,6 +108,10 @@ to the base GnuPG package
|
||||
%patch9 -p1 -b .large-rsa
|
||||
%patch10 -p1 -b .doublefree
|
||||
|
||||
%patch20 -p1 -b .test_missing_uid
|
||||
%patch21 -p1 -b .prev_known_key
|
||||
%patch22 -p1 -b .good_revoc
|
||||
|
||||
# pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
|
||||
# Note: this is just the name of the default shared lib to load in scdaemon,
|
||||
# it can use other implementations too (including non-pcsc ones).
|
||||
@ -207,6 +217,9 @@ make -k check
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Jan 4 2020 Marcel Härry <mh+fedora@scrit.ch> - 2.2.18-3
|
||||
- Add patches to be able to deal with keys without uids (#1787708)
|
||||
|
||||
* Fri Dec 6 2019 Tomáš Mráz <tmraz@redhat.com> - 2.2.18-2
|
||||
- fix abort when decrypting data with anonymous recipient (#1780057)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user