Date: Monday, March 30, 2015 @ 19:53:42 Author: bisson Revision: 235286
db-move: moved gnupg from [testing] to [core] (i686, x86_64) Added: gnupg/repos/core-i686/PKGBUILD (from rev 235285, gnupg/repos/testing-i686/PKGBUILD) gnupg/repos/core-i686/hkps-hostname.patch (from rev 235285, gnupg/repos/testing-i686/hkps-hostname.patch) gnupg/repos/core-i686/install (from rev 235285, gnupg/repos/testing-i686/install) gnupg/repos/core-x86_64/PKGBUILD (from rev 235285, gnupg/repos/testing-x86_64/PKGBUILD) gnupg/repos/core-x86_64/hkps-hostname.patch (from rev 235285, gnupg/repos/testing-x86_64/hkps-hostname.patch) gnupg/repos/core-x86_64/install (from rev 235285, gnupg/repos/testing-x86_64/install) Deleted: gnupg/repos/core-i686/PKGBUILD gnupg/repos/core-i686/hkps-hostname.patch gnupg/repos/core-i686/install gnupg/repos/core-x86_64/PKGBUILD gnupg/repos/core-x86_64/hkps-hostname.patch gnupg/repos/core-x86_64/install gnupg/repos/testing-i686/ gnupg/repos/testing-x86_64/ ---------------------------------+ /PKGBUILD | 132 +++++++++++++++++++++++++ /hkps-hostname.patch | 200 ++++++++++++++++++++++++++++++++++++++ /install | 50 +++++++++ core-i686/PKGBUILD | 61 ----------- core-i686/hkps-hostname.patch | 100 ------------------- core-i686/install | 25 ---- core-x86_64/PKGBUILD | 61 ----------- core-x86_64/hkps-hostname.patch | 100 ------------------- core-x86_64/install | 25 ---- 9 files changed, 382 insertions(+), 372 deletions(-) Deleted: core-i686/PKGBUILD =================================================================== --- core-i686/PKGBUILD 2015-03-30 17:53:09 UTC (rev 235285) +++ core-i686/PKGBUILD 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,61 +0,0 @@ -# $Id$ -# Maintainer: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Tobias Powalowski <tp...@archlinux.org> -# Contributor: Andreas Radke <andy...@archlinux.org> -# Contributor: Judd Vinet <jvi...@zeroflux.org> - -pkgname=gnupg -pkgver=2.1.2 -pkgrel=2 -pkgdesc='Complete and free implementation of the OpenPGP standard' -url='http://www.gnupg.org/' -license=('GPL') -arch=('i686' 'x86_64') -optdepends=('libldap: gpg2keys_ldap' - 'libusb-compat: scdaemon') -makedepends=('libldap' 'libusb-compat') -depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' - 'pinentry' 'bzip2' 'readline' 'gnutls') -source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2" - 'hkps-hostname.patch') -sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' - '11d96926f92c3303bf8443d55863fdf12c76f43a') - -install=install - -conflicts=('dirmngr' 'gnupg2') -provides=('dirmngr' "gnupg2=${pkgver}") -replaces=('dirmngr' 'gnupg2') - -prepare() { - cd "${srcdir}/${pkgname}-${pkgver}" - patch -p1 -i ../hkps-hostname.patch # FS#43364 -} - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --sbindir=/usr/bin \ - --libexecdir=/usr/lib/gnupg \ - --enable-maintainer-mode \ - --enable-symcryptrun \ - --enable-gpgtar \ - - make -} - -check() { - cd "${srcdir}/${pkgname}-${pkgver}" - make check -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - ln -s gpg2 "${pkgdir}"/usr/bin/gpg - ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv - ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz - rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059 -} Copied: gnupg/repos/core-i686/PKGBUILD (from rev 235285, gnupg/repos/testing-i686/PKGBUILD) =================================================================== --- core-i686/PKGBUILD (rev 0) +++ core-i686/PKGBUILD 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,66 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Tobias Powalowski <tp...@archlinux.org> +# Contributor: Andreas Radke <andy...@archlinux.org> +# Contributor: Judd Vinet <jvi...@zeroflux.org> + +pkgname=gnupg +pkgver=2.1.2 +pkgrel=3 +pkgdesc='Complete and free implementation of the OpenPGP standard' +url='http://www.gnupg.org/' +license=('GPL') +arch=('i686' 'x86_64') +optdepends=('libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon') +makedepends=('libldap' 'libusb-compat') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' + 'pinentry' 'bzip2' 'readline' 'gnutls') +validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' + '46CC730865BB5C78EBABADCF04376F3EE0856959' + '031EC2536E580D8EA286A9F22071B08A33BD3F06' + 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9') +source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} + 'hkps-hostname.patch') +sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' 'SKIP' + '11d96926f92c3303bf8443d55863fdf12c76f43a') + +install=install + +conflicts=('dirmngr' 'gnupg2') +provides=('dirmngr' "gnupg2=${pkgver}") +replaces=('dirmngr' 'gnupg2') + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../hkps-hostname.patch # FS#43364 + sed '/noinst_SCRIPTS = gpg-zip/c bin_SCRIPTS += gpg-zip' -i tools/Makefile.in +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/gnupg \ + --enable-maintainer-mode \ + --enable-symcryptrun \ + --enable-gpgtar \ + + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make check +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + ln -s gpg2 "${pkgdir}"/usr/bin/gpg + ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv + ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz + rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059 +} Deleted: core-i686/hkps-hostname.patch =================================================================== --- core-i686/hkps-hostname.patch 2015-03-30 17:53:09 UTC (rev 235285) +++ core-i686/hkps-hostname.patch 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,100 +0,0 @@ -From: Werner Koch <w...@gnupg.org> -Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100) -Subject: hkps: Fix host name verification when using pools. -X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3 - -hkps: Fix host name verification when using pools. - -* common/http.c (send_request): Set the requested for SNI. -* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not -the selecting a host. --- - -GnuPG-bug-id: 1792 - -Thanks to davidw for figuring out the problem. - -Signed-off-by: Werner Koch <w...@gnupg.org> ---- - -diff --git a/common/http.c b/common/http.c -index 50c0692..12e3fcb 100644 ---- a/common/http.c -+++ b/common/http.c -@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - } - - # if HTTP_USE_NTBTLS -- err = ntbtls_set_hostname (hd->session->tls_session, server); -+ err = ntbtls_set_hostname (hd->session->tls_session, -+ hd->session->servername); - if (err) - { - log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); -@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - # elif HTTP_USE_GNUTLS - rc = gnutls_server_name_set (hd->session->tls_session, - GNUTLS_NAME_DNS, -- server, strlen (server)); -+ hd->session->servername, -+ strlen (hd->session->servername)); - if (rc < 0) - log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); - # endif /*HTTP_USE_GNUTLS*/ -diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c -index ea607cb..0568094 100644 ---- a/dirmngr/ks-engine-hkp.c -+++ b/dirmngr/ks-engine-hkp.c -@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - hi = hosttable[idx]; - if (hi->pool) - { -+ /* Deal with the pool name before selecting a host. */ -+ if (r_poolname && hi->cname) -+ { -+ *r_poolname = xtrystrdup (hi->cname); -+ if (!*r_poolname) -+ return gpg_error_from_syserror (); -+ } -+ - /* If the currently selected host is now marked dead, force a - re-selection . */ - if (force_reselect) -@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->poolidx == -1) - { - log_error ("no alive host found in pool '%s'\n", name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - } -@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->dead) - { - log_error ("host '%s' marked as dead\n", hi->name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - -@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; - } - -- if (r_poolname && hi->pool && hi->cname) -- { -- *r_poolname = xtrystrdup (hi->cname); -- if (!*r_poolname) -- return gpg_error_from_syserror (); -- } -- - *r_host = xtrystrdup (hi->name); - if (!*r_host) - { Copied: gnupg/repos/core-i686/hkps-hostname.patch (from rev 235285, gnupg/repos/testing-i686/hkps-hostname.patch) =================================================================== --- core-i686/hkps-hostname.patch (rev 0) +++ core-i686/hkps-hostname.patch 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,100 @@ +From: Werner Koch <w...@gnupg.org> +Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100) +Subject: hkps: Fix host name verification when using pools. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3 + +hkps: Fix host name verification when using pools. + +* common/http.c (send_request): Set the requested for SNI. +* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not +the selecting a host. +-- + +GnuPG-bug-id: 1792 + +Thanks to davidw for figuring out the problem. + +Signed-off-by: Werner Koch <w...@gnupg.org> +--- + +diff --git a/common/http.c b/common/http.c +index 50c0692..12e3fcb 100644 +--- a/common/http.c ++++ b/common/http.c +@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + } + + # if HTTP_USE_NTBTLS +- err = ntbtls_set_hostname (hd->session->tls_session, server); ++ err = ntbtls_set_hostname (hd->session->tls_session, ++ hd->session->servername); + if (err) + { + log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); +@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + # elif HTTP_USE_GNUTLS + rc = gnutls_server_name_set (hd->session->tls_session, + GNUTLS_NAME_DNS, +- server, strlen (server)); ++ hd->session->servername, ++ strlen (hd->session->servername)); + if (rc < 0) + log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); + # endif /*HTTP_USE_GNUTLS*/ +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index ea607cb..0568094 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + hi = hosttable[idx]; + if (hi->pool) + { ++ /* Deal with the pool name before selecting a host. */ ++ if (r_poolname && hi->cname) ++ { ++ *r_poolname = xtrystrdup (hi->cname); ++ if (!*r_poolname) ++ return gpg_error_from_syserror (); ++ } ++ + /* If the currently selected host is now marked dead, force a + re-selection . */ + if (force_reselect) +@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->poolidx == -1) + { + log_error ("no alive host found in pool '%s'\n", name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + } +@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->dead) + { + log_error ("host '%s' marked as dead\n", hi->name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + +@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; + } + +- if (r_poolname && hi->pool && hi->cname) +- { +- *r_poolname = xtrystrdup (hi->cname); +- if (!*r_poolname) +- return gpg_error_from_syserror (); +- } +- + *r_host = xtrystrdup (hi->name); + if (!*r_host) + { Deleted: core-i686/install =================================================================== --- core-i686/install 2015-03-30 17:53:09 UTC (rev 235285) +++ core-i686/install 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,25 +0,0 @@ -info_dir=/usr/share/info -info_files=(gnupg.info gnupg.info-1 gnupg.info-2) - -post_install() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done -} - -pre_remove() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done -} - -post_upgrade() { - post_install - - # Fix upgrade to 2.1; see FS#42798 - [ $(vercmp $2 2.1.0-4) = -1 ] && - dirmngr </dev/null &>/dev/null || - return 0 -} Copied: gnupg/repos/core-i686/install (from rev 235285, gnupg/repos/testing-i686/install) =================================================================== --- core-i686/install (rev 0) +++ core-i686/install 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,25 @@ +info_dir=/usr/share/info +info_files=(gnupg.info gnupg.info-1 gnupg.info-2) + +post_install() { + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done +} + +pre_remove() { + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done +} + +post_upgrade() { + post_install + + # Fix upgrade to 2.1; see FS#42798 + [ $(vercmp $2 2.1.0-4) = -1 ] && + dirmngr </dev/null &>/dev/null || + return 0 +} Deleted: core-x86_64/PKGBUILD =================================================================== --- core-x86_64/PKGBUILD 2015-03-30 17:53:09 UTC (rev 235285) +++ core-x86_64/PKGBUILD 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,61 +0,0 @@ -# $Id$ -# Maintainer: Gaetan Bisson <bis...@archlinux.org> -# Contributor: Tobias Powalowski <tp...@archlinux.org> -# Contributor: Andreas Radke <andy...@archlinux.org> -# Contributor: Judd Vinet <jvi...@zeroflux.org> - -pkgname=gnupg -pkgver=2.1.2 -pkgrel=2 -pkgdesc='Complete and free implementation of the OpenPGP standard' -url='http://www.gnupg.org/' -license=('GPL') -arch=('i686' 'x86_64') -optdepends=('libldap: gpg2keys_ldap' - 'libusb-compat: scdaemon') -makedepends=('libldap' 'libusb-compat') -depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' - 'pinentry' 'bzip2' 'readline' 'gnutls') -source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2" - 'hkps-hostname.patch') -sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' - '11d96926f92c3303bf8443d55863fdf12c76f43a') - -install=install - -conflicts=('dirmngr' 'gnupg2') -provides=('dirmngr' "gnupg2=${pkgver}") -replaces=('dirmngr' 'gnupg2') - -prepare() { - cd "${srcdir}/${pkgname}-${pkgver}" - patch -p1 -i ../hkps-hostname.patch # FS#43364 -} - -build() { - cd "${srcdir}/${pkgname}-${pkgver}" - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc \ - --sbindir=/usr/bin \ - --libexecdir=/usr/lib/gnupg \ - --enable-maintainer-mode \ - --enable-symcryptrun \ - --enable-gpgtar \ - - make -} - -check() { - cd "${srcdir}/${pkgname}-${pkgver}" - make check -} - -package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - ln -s gpg2 "${pkgdir}"/usr/bin/gpg - ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv - ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz - rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059 -} Copied: gnupg/repos/core-x86_64/PKGBUILD (from rev 235285, gnupg/repos/testing-x86_64/PKGBUILD) =================================================================== --- core-x86_64/PKGBUILD (rev 0) +++ core-x86_64/PKGBUILD 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,66 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bis...@archlinux.org> +# Contributor: Tobias Powalowski <tp...@archlinux.org> +# Contributor: Andreas Radke <andy...@archlinux.org> +# Contributor: Judd Vinet <jvi...@zeroflux.org> + +pkgname=gnupg +pkgver=2.1.2 +pkgrel=3 +pkgdesc='Complete and free implementation of the OpenPGP standard' +url='http://www.gnupg.org/' +license=('GPL') +arch=('i686' 'x86_64') +optdepends=('libldap: gpg2keys_ldap' + 'libusb-compat: scdaemon') +makedepends=('libldap' 'libusb-compat') +depends=('npth' 'libgpg-error' 'libgcrypt' 'libksba' 'libassuan' + 'pinentry' 'bzip2' 'readline' 'gnutls') +validpgpkeys=('D8692123C4065DEA5E0F3AB5249B39D24F25E3B6' + '46CC730865BB5C78EBABADCF04376F3EE0856959' + '031EC2536E580D8EA286A9F22071B08A33BD3F06' + 'D238EA65D64C67ED4C3073F28A861B1C7EFD60D9') +source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2"{,.sig} + 'hkps-hostname.patch') +sha1sums=('7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6' 'SKIP' + '11d96926f92c3303bf8443d55863fdf12c76f43a') + +install=install + +conflicts=('dirmngr' 'gnupg2') +provides=('dirmngr' "gnupg2=${pkgver}") +replaces=('dirmngr' 'gnupg2') + +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -p1 -i ../hkps-hostname.patch # FS#43364 + sed '/noinst_SCRIPTS = gpg-zip/c bin_SCRIPTS += gpg-zip' -i tools/Makefile.in +} + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/gnupg \ + --enable-maintainer-mode \ + --enable-symcryptrun \ + --enable-gpgtar \ + + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" + make check +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + ln -s gpg2 "${pkgdir}"/usr/bin/gpg + ln -s gpgv2 "${pkgdir}"/usr/bin/gpgv + ln -s gpg2.1.gz "${pkgdir}"/usr/share/man/man1/gpg.1.gz + rm "${pkgdir}/usr/share/gnupg/com-certs.pem" # FS#33059 +} Deleted: core-x86_64/hkps-hostname.patch =================================================================== --- core-x86_64/hkps-hostname.patch 2015-03-30 17:53:09 UTC (rev 235285) +++ core-x86_64/hkps-hostname.patch 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,100 +0,0 @@ -From: Werner Koch <w...@gnupg.org> -Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100) -Subject: hkps: Fix host name verification when using pools. -X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3 - -hkps: Fix host name verification when using pools. - -* common/http.c (send_request): Set the requested for SNI. -* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not -the selecting a host. --- - -GnuPG-bug-id: 1792 - -Thanks to davidw for figuring out the problem. - -Signed-off-by: Werner Koch <w...@gnupg.org> ---- - -diff --git a/common/http.c b/common/http.c -index 50c0692..12e3fcb 100644 ---- a/common/http.c -+++ b/common/http.c -@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - } - - # if HTTP_USE_NTBTLS -- err = ntbtls_set_hostname (hd->session->tls_session, server); -+ err = ntbtls_set_hostname (hd->session->tls_session, -+ hd->session->servername); - if (err) - { - log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); -@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, - # elif HTTP_USE_GNUTLS - rc = gnutls_server_name_set (hd->session->tls_session, - GNUTLS_NAME_DNS, -- server, strlen (server)); -+ hd->session->servername, -+ strlen (hd->session->servername)); - if (rc < 0) - log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); - # endif /*HTTP_USE_GNUTLS*/ -diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c -index ea607cb..0568094 100644 ---- a/dirmngr/ks-engine-hkp.c -+++ b/dirmngr/ks-engine-hkp.c -@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - hi = hosttable[idx]; - if (hi->pool) - { -+ /* Deal with the pool name before selecting a host. */ -+ if (r_poolname && hi->cname) -+ { -+ *r_poolname = xtrystrdup (hi->cname); -+ if (!*r_poolname) -+ return gpg_error_from_syserror (); -+ } -+ - /* If the currently selected host is now marked dead, force a - re-selection . */ - if (force_reselect) -@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->poolidx == -1) - { - log_error ("no alive host found in pool '%s'\n", name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - } -@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - if (hi->dead) - { - log_error ("host '%s' marked as dead\n", hi->name); -+ if (r_poolname) -+ { -+ xfree (*r_poolname); -+ *r_poolname = NULL; -+ } - return gpg_error (GPG_ERR_NO_KEYSERVER); - } - -@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, - *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; - } - -- if (r_poolname && hi->pool && hi->cname) -- { -- *r_poolname = xtrystrdup (hi->cname); -- if (!*r_poolname) -- return gpg_error_from_syserror (); -- } -- - *r_host = xtrystrdup (hi->name); - if (!*r_host) - { Copied: gnupg/repos/core-x86_64/hkps-hostname.patch (from rev 235285, gnupg/repos/testing-x86_64/hkps-hostname.patch) =================================================================== --- core-x86_64/hkps-hostname.patch (rev 0) +++ core-x86_64/hkps-hostname.patch 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,100 @@ +From: Werner Koch <w...@gnupg.org> +Date: Thu, 19 Mar 2015 14:37:05 +0000 (+0100) +Subject: hkps: Fix host name verification when using pools. +X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff_plain;h=dc10d466bff53821f23d2cb4814c259d40c5d9c5;hp=28bb3ab686c1c994f67a92b6846b3726c58a0bc3 + +hkps: Fix host name verification when using pools. + +* common/http.c (send_request): Set the requested for SNI. +* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not +the selecting a host. +-- + +GnuPG-bug-id: 1792 + +Thanks to davidw for figuring out the problem. + +Signed-off-by: Werner Koch <w...@gnupg.org> +--- + +diff --git a/common/http.c b/common/http.c +index 50c0692..12e3fcb 100644 +--- a/common/http.c ++++ b/common/http.c +@@ -1443,7 +1443,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + } + + # if HTTP_USE_NTBTLS +- err = ntbtls_set_hostname (hd->session->tls_session, server); ++ err = ntbtls_set_hostname (hd->session->tls_session, ++ hd->session->servername); + if (err) + { + log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err)); +@@ -1452,7 +1453,8 @@ send_request (http_t hd, const char *httphost, const char *auth, + # elif HTTP_USE_GNUTLS + rc = gnutls_server_name_set (hd->session->tls_session, + GNUTLS_NAME_DNS, +- server, strlen (server)); ++ hd->session->servername, ++ strlen (hd->session->servername)); + if (rc < 0) + log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc)); + # endif /*HTTP_USE_GNUTLS*/ +diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c +index ea607cb..0568094 100644 +--- a/dirmngr/ks-engine-hkp.c ++++ b/dirmngr/ks-engine-hkp.c +@@ -521,6 +521,14 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + hi = hosttable[idx]; + if (hi->pool) + { ++ /* Deal with the pool name before selecting a host. */ ++ if (r_poolname && hi->cname) ++ { ++ *r_poolname = xtrystrdup (hi->cname); ++ if (!*r_poolname) ++ return gpg_error_from_syserror (); ++ } ++ + /* If the currently selected host is now marked dead, force a + re-selection . */ + if (force_reselect) +@@ -536,6 +544,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->poolidx == -1) + { + log_error ("no alive host found in pool '%s'\n", name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + } +@@ -548,6 +561,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + if (hi->dead) + { + log_error ("host '%s' marked as dead\n", hi->name); ++ if (r_poolname) ++ { ++ xfree (*r_poolname); ++ *r_poolname = NULL; ++ } + return gpg_error (GPG_ERR_NO_KEYSERVER); + } + +@@ -564,13 +582,6 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, + *r_httpflags |= HTTP_FLAG_IGNORE_IPv6; + } + +- if (r_poolname && hi->pool && hi->cname) +- { +- *r_poolname = xtrystrdup (hi->cname); +- if (!*r_poolname) +- return gpg_error_from_syserror (); +- } +- + *r_host = xtrystrdup (hi->name); + if (!*r_host) + { Deleted: core-x86_64/install =================================================================== --- core-x86_64/install 2015-03-30 17:53:09 UTC (rev 235285) +++ core-x86_64/install 2015-03-30 17:53:42 UTC (rev 235286) @@ -1,25 +0,0 @@ -info_dir=/usr/share/info -info_files=(gnupg.info gnupg.info-1 gnupg.info-2) - -post_install() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done -} - -pre_remove() { - [ -x usr/bin/install-info ] || return 0 - for f in ${info_files[@]}; do - usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null - done -} - -post_upgrade() { - post_install - - # Fix upgrade to 2.1; see FS#42798 - [ $(vercmp $2 2.1.0-4) = -1 ] && - dirmngr </dev/null &>/dev/null || - return 0 -} Copied: gnupg/repos/core-x86_64/install (from rev 235285, gnupg/repos/testing-x86_64/install) =================================================================== --- core-x86_64/install (rev 0) +++ core-x86_64/install 2015-03-30 17:53:42 UTC (rev 235286) @@ -0,0 +1,25 @@ +info_dir=/usr/share/info +info_files=(gnupg.info gnupg.info-1 gnupg.info-2) + +post_install() { + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done +} + +pre_remove() { + [ -x usr/bin/install-info ] || return 0 + for f in ${info_files[@]}; do + usr/bin/install-info --delete ${info_dir}/$f ${info_dir}/dir 2> /dev/null + done +} + +post_upgrade() { + post_install + + # Fix upgrade to 2.1; see FS#42798 + [ $(vercmp $2 2.1.0-4) = -1 ] && + dirmngr </dev/null &>/dev/null || + return 0 +}