Hello community, here is the log from the commit of package gpg2 for openSUSE:Factory checked in at 2015-03-01 14:52:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gpg2 (Old) and /work/SRC/openSUSE:Factory/.gpg2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gpg2" Changes: -------- --- /work/SRC/openSUSE:Factory/gpg2/gpg2.changes 2015-02-14 13:54:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.gpg2.new/gpg2.changes 2015-03-01 14:52:10.000000000 +0100 @@ -1,0 +2,6 @@ +Tue Feb 24 08:10:22 UTC 2015 - astie...@suse.com + +- Fix invalid packet read error when reading keyrings [boo#914625] + add 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch + +------------------------------------------------------------------- New: ---- 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gpg2.spec ++++++ --- /var/tmp/diff_new_pack.mREGL8/_old 2015-03-01 14:52:11.000000000 +0100 +++ /var/tmp/diff_new_pack.mREGL8/_new 2015-03-01 14:52:11.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package gpg2 # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,6 +36,7 @@ Patch11: gnupg-add_legacy_FIPS_mode_option.patch Patch12: gnupg-remove_development_version_warning.patch Patch14: gnupg-large_keys.patch +Patch15: 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch BuildRequires: automake >= 1.14 BuildRequires: expect BuildRequires: fdupes @@ -87,6 +88,7 @@ %patch11 -p1 %patch12 -p1 %patch14 -p1 +%patch15 -p1 %build autoreconf -fi ++++++ 0001-gpg-Skip-legacy-keys-while-searching-keyrings.patch ++++++ >From a8116aacd91b7e775762a62c268fab6cc3c77438 Mon Sep 17 00:00:00 2001 From: Werner Koch <w...@gnupg.org> Date: Mon, 23 Feb 2015 16:37:57 +0100 Subject: [PATCH] gpg: Skip legacy keys while searching keyrings. * g10/getkey.c (search_modes_are_fingerprint): New. (lookup): Skip over legacy keys. -- GnuPG-bug-id: 1847 Signed-off-by: Werner Koch <w...@gnupg.org> --- g10/getkey.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/g10/getkey.c b/g10/getkey.c index 76ee493..116753c 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2525,6 +2525,29 @@ found: } +/* Return true if all the search modes are fingerprints. */ +static int +search_modes_are_fingerprint (getkey_ctx_t ctx) +{ + size_t n, found; + + for (n=found=0; n < ctx->nitems; n++) + { + switch (ctx->items[n].mode) + { + case KEYDB_SEARCH_MODE_FPR16: + case KEYDB_SEARCH_MODE_FPR20: + case KEYDB_SEARCH_MODE_FPR: + found++; + break; + default: + break; + } + } + return found && found == ctx->nitems; +} + + /* The main function to lookup a key. On success the found keyblock is stored at RET_KEYBLOCK and also in CTX. If WANT_SECRET is true a corresponding secret key is required. */ @@ -2534,9 +2557,21 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) int rc; int no_suitable_key = 0; - rc = 0; - while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL))) + for (;;) { + rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); + /* Skip over all legacy keys but only if they are not requested + by fingerprints. + Fixme: The lower level keydb code should actually do that but + then it would be harder to report the number of skipped + legacy keys during import. */ + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY + && !(ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST) + && !search_modes_are_fingerprint (ctx)) + continue; + if (rc) + break; + /* If we are searching for the first key we have to make sure that the next iteration does not do an implicit reset. This can be triggered by an empty key ring. */ -- 2.1.4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org