Package: gnupg Version: 1.4.10-4+squeeze1 Severity: normal Tags: upstream patch
In the latest upstream 1.4 and 2.0 branches of GNU Privacy Guard, the eMail validation routine rejects many valid (but uncommon) eMail addressess prohibiting these addresess from being used to create new keys. The routines are basically identical between 1.4 and 2.0 branches, and a patch for 1.4 is at the end, or at the following URL: http://matt.wronka.org/stuff/projects/icpp/gnupg/gnupg-1.4.13-emailvalidator.diff -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnupg depends on: ii dpkg 1.15.8.12 Debian package management system ii gpgv 1.4.10-4 GNU privacy guard - signature veri ii install-info 4.13a.dfsg.1-6 Manage installed documentation in ii libbz2-1.0 1.0.5-6+squeeze1 high-quality block-sorting file co ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libreadline6 6.1-3 GNU readline and history libraries ii libusb-0.1-4 2:0.1.12-16 userspace USB programming library ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages gnupg recommends: pn gnupg-curl <none> (no description available) ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries Versions of packages gnupg suggests: pn gnupg-doc <none> (no description available) pn libpcsclite1 <none> (no description available) pn xloadimage | imagemagick | eo <none> (no description available) -- no debconf information --- gnupg-1.4.13/g10/misc.c 2012-12-20 12:22:27.000000000 -0500 +++ gnupg-1.4.13-modified/g10/misc.c 2013-03-05 03:12:07.166027420 -0500 @@ -1166,21 +1166,51 @@ has_invalid_email_chars (const char *s) { int at_seen=0; + int in_quoted=0; const char *valid_chars= "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + const char *valid_local_chars= + "0123456789_-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#$%&'*+/=?^`|~{}"; - for ( ; *s; s++ ) + /* Verify we have txt, and the first character is valid */ + if( s == NULL || *s == '.' || *s == '@' ) + return 1; + if( *s == '"') { - if ( *s & 0x80 ) + in_quoted = 1; + s++; + } + + for ( ; *s; s++ ) + { + if ( (*s & 0x80) ) continue; /* We only care about ASCII. */ - if ( *s == '@' ) - at_seen=1; - else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) ) - return 1; else if ( at_seen && !strchr( valid_chars, *s ) ) return 1; + else if ( !! strchr( valid_local_chars, *s ) ) + continue; + else if ( in_quoted ) + { + if ( *s == '"' ) + { + if ( *(++s) == '@' ) + at_seen=1; + else + return 1; + } + else if ( *s == '\\' ) + { + ++s; + if ( *s < 33 && *s > 126 ) + return 1; + } + else if ( ! ( *s >= 33 && *s <= 126 && *s != 34 && *s != 92 ) ) + return 1; + } + else if ( *s == '@' ) + at_seen=1; } - return 0; + return !at_seen; } @@ -1192,11 +1222,10 @@ return !( !name || !*name || has_invalid_email_chars (name) - || string_count_chr (name,'@') != 1 || *name == '@' || name[strlen(name)-1] == '@' || name[strlen(name)-1] == '.' - || strstr (name, "..") ); + ); } -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org