* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2018-07-13 9:38 Tony Vroon
0 siblings, 0 replies; 9+ messages in thread
From: Tony Vroon @ 2018-07-13 9:38 UTC (permalink / raw
To: gentoo-commits
commit: 2f3a4660ad47c1ba18cf18ad7e6b5c40b10622d7
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Fri Jul 13 08:52:30 2018 +0000
Commit: Tony Vroon <chainsaw <AT> gentoo <DOT> org>
CommitDate: Fri Jul 13 09:38:11 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f3a4660
app-crypt/gnupg: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/9210
.../gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch | 27 -------
...g-Properly-account-for-ring-trust-packets.patch | 86 ----------------------
...r-Handle-failures-related-to-missing-IPv6.patch | 31 --------
3 files changed, 144 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
deleted file mode 100644
index 292fc264ac8..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Fix-typo.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 692208fd6c1547cc7dd2062a1d1c9499bc0a8be4 Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Mon, 8 May 2017 13:52:39 +0200
-Subject: [PATCH] gpg: Fix typo.
-
---
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- g10/packet.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/g10/packet.h b/g10/packet.h
-index a10495c..d42510d 100644
---- a/g10/packet.h
-+++ b/g10/packet.h
-@@ -623,7 +623,7 @@ struct parse_packet_ctx_s
- iobuf_t inp; /* The input stream with the packets. */
- struct packet_struct last_pkt; /* The last parsed packet. */
- int free_last_pkt; /* Indicates that LAST_PKT must be freed. */
-- int skip_meta; /* Skip right trust packets. */
-+ int skip_meta; /* Skip ring trust packets. */
- };
- typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
-
---
-2.10.2
-
diff --git a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch b/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
deleted file mode 100644
index 58568db47d2..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.20-gpg-Properly-account-for-ring-trust-packets.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 22739433e98be80e46fe7d01d52a9627c1aebaae Mon Sep 17 00:00:00 2001
-From: Justus Winter <justus@g10code.com>
-Date: Mon, 8 May 2017 14:24:00 +0200
-Subject: [PATCH] gpg: Properly account for ring trust packets.
-
-* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
-instead of counting ourself.
-* g10/packet.h (struct parse_packet_ctx_s): New field
-'n_parsed_packets'.
-(init_parse_packet): Initialize new field.
-* g10/parse-packet.c (parse): Count packets.
---
-
-The 'keyring' keystore depends on the number of packets for delete and
-update operations. With the rework of the ring trust packets, the
-trust packets were no longer properly accounted for leading to keyring
-corruptions.
-
-The 'keybox' store was not affected.
-
-GnuPG-bug-id: 3123
-GnuPG-bug-id: 3135
-GnuPG-bug-id: 3144
-Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- g10/keyring.c | 4 ++--
- g10/packet.h | 2 ++
- g10/parse-packet.c | 3 +++
- 3 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/g10/keyring.c b/g10/keyring.c
-index e223f0f..50f1b82 100644
---- a/g10/keyring.c
-+++ b/g10/keyring.c
-@@ -409,11 +409,11 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
- pkt = xmalloc (sizeof *pkt);
- init_packet (pkt);
- init_parse_packet (&parsectx, a);
-- hd->found.n_packets = 0;;
-+ hd->found.n_packets = 0;
- lastnode = NULL;
- save_mode = set_packet_list_mode(0);
- while ((rc=parse_packet (&parsectx, pkt)) != -1) {
-- hd->found.n_packets++;
-+ hd->found.n_packets = parsectx.n_parsed_packets;
- if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET) {
- free_packet (pkt, &parsectx);
- init_packet (pkt);
-diff --git a/g10/packet.h b/g10/packet.h
-index d42510d..cf2121c 100644
---- a/g10/packet.h
-+++ b/g10/packet.h
-@@ -624,6 +624,7 @@ struct parse_packet_ctx_s
- struct packet_struct last_pkt; /* The last parsed packet. */
- int free_last_pkt; /* Indicates that LAST_PKT must be freed. */
- int skip_meta; /* Skip ring trust packets. */
-+ unsigned int n_parsed_packets; /* Number of parsed packets. */
- };
- typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
-
-@@ -633,6 +634,7 @@ typedef struct parse_packet_ctx_s *parse_packet_ctx_t;
- (a)->last_pkt.pkt.generic= NULL;\
- (a)->free_last_pkt = 0; \
- (a)->skip_meta = 0; \
-+ (a)->n_parsed_packets = 0; \
- } while (0)
-
- #define deinit_parse_packet(a) do { \
-diff --git a/g10/parse-packet.c b/g10/parse-packet.c
-index fa44f83..dbb7af8 100644
---- a/g10/parse-packet.c
-+++ b/g10/parse-packet.c
-@@ -764,6 +764,9 @@ parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts, off_t * retpos,
- partial? (new_ctb ? " partial" : " indeterminate") :"",
- new_ctb? " new-ctb":"");
-
-+ /* Count it. */
-+ ctx->n_parsed_packets++;
-+
- pkt->pkttype = pkttype;
- rc = GPG_ERR_UNKNOWN_PACKET; /* default error */
- switch (pkttype)
---
-2.10.2
-
diff --git a/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch b/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch
deleted file mode 100644
index 53843900b9f..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.4-dirmngr-Handle-failures-related-to-missing-IPv6.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b7f48a0095a5b010b94f8192f4adc1adf8697567 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
-Date: Wed, 31 Jan 2018 16:57:19 +0100
-Subject: [PATCH] dirmngr: Handle failures related to missing IPv6 gracefully
-
-Handle the two possible connect failures related to missing IPv6 support
-gracefully by marking the host dead and retrying with another one.
-If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
-If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
-This makes it possible to use dual-stack hkp servers on hosts not having
-IPv6 without random connection failures.
----
- dirmngr/ks-engine-hkp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
-index 4a0b08f4f..a9bb93666 100644
---- a/dirmngr/ks-engine-hkp.c
-+++ b/dirmngr/ks-engine-hkp.c
-@@ -1353,6 +1353,8 @@ handle_send_request_error (ctrl_t ctrl, gpg_error_t err, const char *request,
- case GPG_ERR_UNKNOWN_HOST:
- case GPG_ERR_NETWORK:
- case GPG_ERR_EIO: /* Sometimes used by estream cookie functions. */
-+ case GPG_ERR_EADDRNOTAVAIL: /* e.g. when IPv6 is disabled */
-+ case GPG_ERR_EAFNOSUPPORT: /* e.g. when IPv6 is not compiled in */
- if (mark_host_dead (request) && *tries_left)
- retry = 1;
- break;
---
-2.16.1
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2024-06-23 1:49 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2024-06-23 1:49 UTC (permalink / raw
To: gentoo-commits
commit: e42051ef202d2ec5f7a43045634cf14d5bfb026f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 23 01:39:33 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jun 23 01:49:03 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e42051ef
app-crypt/gnupg: drop old patch
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch | 202 ---------------------
1 file changed, 202 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
deleted file mode 100644
index 686a3aadc8dd..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-https://bugs.gentoo.org/924606
-https://dev.gnupg.org/T6997
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=04cbc3074aa98660b513a80f623a7e9f0702c7c9
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=848546b05ab0ff6abd47724ecfab73bf32dd4c01
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2810b934647edd483996bee1f5f9256a162b2705
-
-From 6236978d78886cbb476ed9fbc49ff99c7582b2d7 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Thu, 15 Feb 2024 15:38:34 +0900
-Subject: [PATCH 1/3] dirmngr: Fix proxy with TLS.
-
-* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
-available regardless of USE_TLS.
-(run_proxy_connect): Use log_debug_string.
-(send_request): Remove USE_TLS.
-
---
-
-Since the commit of
-
- 1009e4e5f71347a1fe194e59a9d88c8034a67016
-
-Building with TLS library is mandatory.
-
-GnuPG-bug-id: 6997
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/http.c | 8 +-------
- 1 file changed, 1 insertion(+), 7 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 4899a5d55..10eecfdb0 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
- * NULL, decode the string and use this as input from teh server. On
- * success the final output token is stored at PROXY->OUTTOKEN and
- * OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
--#ifdef USE_TLS
- static gpg_error_t
- proxy_get_token (proxy_info_t proxy, const char *inputstring)
- {
-@@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
-
- #endif /*!HAVE_W32_SYSTEM*/
- }
--#endif /*USE_TLS*/
-
-
- /* Use the CONNECT method to proxy our TLS stream. */
--#ifdef USE_TLS
- static gpg_error_t
- run_proxy_connect (http_t hd, proxy_info_t proxy,
- const char *httphost, const char *server,
-@@ -2586,7 +2583,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- hd->keep_alive = !auth_basic; /* We may need to send more requests. */
-
- if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-- log_debug_with_string (request, "http.c:proxy:request:");
-+ log_debug_string (request, "http.c:proxy:request:");
-
- if (!hd->fp_write)
- {
-@@ -2743,7 +2740,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- xfree (tmpstr);
- return err;
- }
--#endif /*USE_TLS*/
-
-
- /* Make a request string using a standard proxy. On success the
-@@ -2903,7 +2899,6 @@ send_request (ctrl_t ctrl,
- goto leave;
- }
-
--#if USE_TLS
- if (use_http_proxy && hd->uri->use_tls)
- {
- err = run_proxy_connect (hd, proxy, httphost, server, port);
-@@ -2915,7 +2910,6 @@ send_request (ctrl_t ctrl,
- * clear the flag to indicate this. */
- use_http_proxy = 0;
- }
--#endif /* USE_TLS */
-
- #if HTTP_USE_NTBTLS
- err = run_ntbtls_handshake (hd);
---
-2.43.2
-
-From 68650eb6999e674fd2f1c78f47b68d3cd1d37ff0 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 16 Feb 2024 11:31:37 +0900
-Subject: [PATCH 2/3] dirmngr: Fix the regression of use of proxy for TLS
- connection.
-
-* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
-causes resource leak of FP_WRITE.
-Don't try to read response body to fix the hang.
-
---
-
-GnuPG-bug-id: 6997
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/http.c | 14 ++------------
- 1 file changed, 2 insertions(+), 12 deletions(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 10eecfdb0..7ce01bacd 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2553,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
- */
- auth_basic = !!proxy->uri->auth;
-+ hd->keep_alive = 0;
-
- /* For basic authentication we need to send just one request. */
- if (auth_basic
-@@ -2574,13 +2575,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- httphost ? httphost : server,
- port,
- authhdr ? authhdr : "",
-- auth_basic? "" : "Connection: keep-alive\r\n");
-+ hd->keep_alive? "Connection: keep-alive\r\n" : "");
- if (!request)
- {
- err = gpg_error_from_syserror ();
- goto leave;
- }
-- hd->keep_alive = !auth_basic; /* We may need to send more requests. */
-
- if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
- log_debug_string (request, "http.c:proxy:request:");
-@@ -2607,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- if (err)
- goto leave;
-
-- {
-- unsigned long count = 0;
--
-- while (es_getc (hd->fp_read) != EOF)
-- count++;
-- if (opt_debug)
-- log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
-- count);
-- }
--
- /* Reset state. */
- es_clearerr (hd->fp_read);
- ((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
---
-2.43.2
-
-From 7c7cbd94549d08780fc3767d6de8336b3f44e7d7 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 16 Feb 2024 16:24:26 +0900
-Subject: [PATCH 3/3] dirmngr: Fix keep-alive flag handling.
-
-* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
-Authentication. Fix resource leak of FP_WRITE.
-
---
-
-GnuPG-bug-id: 6997
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/http.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/dirmngr/http.c b/dirmngr/http.c
-index 7ce01bacd..da0c89ae5 100644
---- a/dirmngr/http.c
-+++ b/dirmngr/http.c
-@@ -2553,7 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
- */
- auth_basic = !!proxy->uri->auth;
-- hd->keep_alive = 0;
-+ hd->keep_alive = !auth_basic; /* We may need to send more requests. */
-
- /* For basic authentication we need to send just one request. */
- if (auth_basic
-@@ -2717,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
- }
-
- leave:
-+ if (hd->keep_alive)
-+ {
-+ es_fclose (hd->fp_write);
-+ hd->fp_write = NULL;
-+ /* The close has released the cookie and thus we better set it
-+ * to NULL. */
-+ hd->write_cookie = NULL;
-+ }
- /* Restore flags, destroy stream, reset state. */
- hd->flags = saved_flags;
- es_fclose (hd->fp_read);
---
-2.43.2
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2024-02-18 10:13 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2024-02-18 10:13 UTC (permalink / raw
To: gentoo-commits
commit: 08da6f87e95c43a1441569981eee1afe4da24997
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 18 10:11:22 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Feb 18 10:12:32 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08da6f87
app-crypt/gnupg: use final version of dirmngr proxy fixes
Export the patches from STABLE-BRANCH-2-4 so it's easier to compare with
any future fixes as things kept changing here. Hopefully it's all OK now.
(Contents are the same though, really.)
Bug: https://bugs.gentoo.org/924606
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch | 179 +++++++++++++++++----
1 file changed, 145 insertions(+), 34 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
index ebfaddb78e03..686a3aadc8dd 100644
--- a/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
+++ b/app-crypt/gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch
@@ -1,7 +1,38 @@
-diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
---- gnupg-2.4.4.orig/dirmngr/http.c 2024-01-25 03:06:42.000000000 -0700
-+++ gnupg-2.4.4/dirmngr/http.c 2024-02-15 21:10:28.849074727 -0700
-@@ -2362,7 +2362,6 @@
+https://bugs.gentoo.org/924606
+https://dev.gnupg.org/T6997
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=04cbc3074aa98660b513a80f623a7e9f0702c7c9
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=848546b05ab0ff6abd47724ecfab73bf32dd4c01
+https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2810b934647edd483996bee1f5f9256a162b2705
+
+From 6236978d78886cbb476ed9fbc49ff99c7582b2d7 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Thu, 15 Feb 2024 15:38:34 +0900
+Subject: [PATCH 1/3] dirmngr: Fix proxy with TLS.
+
+* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
+available regardless of USE_TLS.
+(run_proxy_connect): Use log_debug_string.
+(send_request): Remove USE_TLS.
+
+--
+
+Since the commit of
+
+ 1009e4e5f71347a1fe194e59a9d88c8034a67016
+
+Building with TLS library is mandatory.
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 4899a5d55..10eecfdb0 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2362,7 +2362,6 @@ run_gnutls_handshake (http_t hd, const char *server)
* NULL, decode the string and use this as input from teh server. On
* success the final output token is stored at PROXY->OUTTOKEN and
* OUTTOKLEN. IF the authentication succeeded OUTTOKLEN is zero. */
@@ -9,7 +40,7 @@ diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
static gpg_error_t
proxy_get_token (proxy_info_t proxy, const char *inputstring)
{
-@@ -2530,11 +2529,9 @@
+@@ -2530,11 +2529,9 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
#endif /*!HAVE_W32_SYSTEM*/
}
@@ -21,7 +52,65 @@ diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
static gpg_error_t
run_proxy_connect (http_t hd, proxy_info_t proxy,
const char *httphost, const char *server,
-@@ -2556,6 +2553,7 @@
+@@ -2586,7 +2583,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+ hd->keep_alive = !auth_basic; /* We may need to send more requests. */
+
+ if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
+- log_debug_with_string (request, "http.c:proxy:request:");
++ log_debug_string (request, "http.c:proxy:request:");
+
+ if (!hd->fp_write)
+ {
+@@ -2743,7 +2740,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+ xfree (tmpstr);
+ return err;
+ }
+-#endif /*USE_TLS*/
+
+
+ /* Make a request string using a standard proxy. On success the
+@@ -2903,7 +2899,6 @@ send_request (ctrl_t ctrl,
+ goto leave;
+ }
+
+-#if USE_TLS
+ if (use_http_proxy && hd->uri->use_tls)
+ {
+ err = run_proxy_connect (hd, proxy, httphost, server, port);
+@@ -2915,7 +2910,6 @@ send_request (ctrl_t ctrl,
+ * clear the flag to indicate this. */
+ use_http_proxy = 0;
+ }
+-#endif /* USE_TLS */
+
+ #if HTTP_USE_NTBTLS
+ err = run_ntbtls_handshake (hd);
+--
+2.43.2
+
+From 68650eb6999e674fd2f1c78f47b68d3cd1d37ff0 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 11:31:37 +0900
+Subject: [PATCH 2/3] dirmngr: Fix the regression of use of proxy for TLS
+ connection.
+
+* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
+causes resource leak of FP_WRITE.
+Don't try to read response body to fix the hang.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 14 ++------------
+ 1 file changed, 2 insertions(+), 12 deletions(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 10eecfdb0..7ce01bacd 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2553,6 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/
auth_basic = !!proxy->uri->auth;
@@ -29,7 +118,7 @@ diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
/* For basic authentication we need to send just one request. */
if (auth_basic
-@@ -2577,16 +2575,15 @@
+@@ -2574,13 +2575,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
httphost ? httphost : server,
port,
authhdr ? authhdr : "",
@@ -43,12 +132,8 @@ diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
- hd->keep_alive = !auth_basic; /* We may need to send more requests. */
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
-- log_debug_with_string (request, "http.c:proxy:request:");
-+ log_debug_string (request, "http.c:proxy:request:");
-
- if (!hd->fp_write)
- {
-@@ -2610,16 +2607,6 @@
+ log_debug_string (request, "http.c:proxy:request:");
+@@ -2607,16 +2607,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
if (err)
goto leave;
@@ -65,27 +150,53 @@ diff -urP gnupg-2.4.4.orig/dirmngr/http.c gnupg-2.4.4/dirmngr/http.c
/* Reset state. */
es_clearerr (hd->fp_read);
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;
-@@ -2743,7 +2730,6 @@
- xfree (tmpstr);
- return err;
- }
--#endif /*USE_TLS*/
-
-
- /* Make a request string using a standard proxy. On success the
-@@ -2903,7 +2889,6 @@
- goto leave;
- }
+--
+2.43.2
+
+From 7c7cbd94549d08780fc3767d6de8336b3f44e7d7 Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 16 Feb 2024 16:24:26 +0900
+Subject: [PATCH 3/3] dirmngr: Fix keep-alive flag handling.
+
+* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
+Authentication. Fix resource leak of FP_WRITE.
+
+--
+
+GnuPG-bug-id: 6997
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ dirmngr/http.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/dirmngr/http.c b/dirmngr/http.c
+index 7ce01bacd..da0c89ae5 100644
+--- a/dirmngr/http.c
++++ b/dirmngr/http.c
+@@ -2553,7 +2553,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
+ * RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
+ */
+ auth_basic = !!proxy->uri->auth;
+- hd->keep_alive = 0;
++ hd->keep_alive = !auth_basic; /* We may need to send more requests. */
--#if USE_TLS
- if (use_http_proxy && hd->uri->use_tls)
- {
- err = run_proxy_connect (hd, proxy, httphost, server, port);
-@@ -2915,7 +2900,6 @@
- * clear the flag to indicate this. */
- use_http_proxy = 0;
+ /* For basic authentication we need to send just one request. */
+ if (auth_basic
+@@ -2717,6 +2717,14 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
}
--#endif /* USE_TLS */
- #if HTTP_USE_NTBTLS
- err = run_ntbtls_handshake (hd);
+ leave:
++ if (hd->keep_alive)
++ {
++ es_fclose (hd->fp_write);
++ hd->fp_write = NULL;
++ /* The close has released the cookie and thus we better set it
++ * to NULL. */
++ hd->write_cookie = NULL;
++ }
+ /* Restore flags, destroy stream, reset state. */
+ hd->flags = saved_flags;
+ es_fclose (hd->fp_read);
+--
+2.43.2
+
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2023-06-23 21:29 Conrad Kostecki
0 siblings, 0 replies; 9+ messages in thread
From: Conrad Kostecki @ 2023-06-23 21:29 UTC (permalink / raw
To: gentoo-commits
commit: 553caf28eeb51fbd454e2329b507dd6670be0340
Author: Michael Mair-Keimberger <mmk <AT> levelnine <DOT> at>
AuthorDate: Thu Jun 1 15:43:31 2023 +0000
Commit: Conrad Kostecki <conikost <AT> gentoo <DOT> org>
CommitDate: Fri Jun 23 21:28:28 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=553caf28
app-crypt/gnupg: remove unused patch
Signed-off-by: Michael Mair-Keimberger <mmk <AT> levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/31266
Signed-off-by: Conrad Kostecki <conikost <AT> gentoo.org>
.../files/gnupg-2.2.40-fix-no-ldap-build.patch | 36 ----------------------
1 file changed, 36 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch b/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
deleted file mode 100644
index 3ab9c0cba902..000000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.40-fix-no-ldap-build.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=7011286ce6e1fb56c2989fdafbd11b931c489faa
-
-From 7011286ce6e1fb56c2989fdafbd11b931c489faa Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 14 Oct 2022 09:58:41 +0900
-Subject: [PATCH] dirmngr: Fix build with no LDAP support.
-
-* dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize.
-
---
-
-GnuPG-bug-id: 6239
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/server.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/server.c b/dirmngr/server.c
-index 04ebfd317..98f354300 100644
---- a/dirmngr/server.c
-+++ b/dirmngr/server.c
-@@ -3137,8 +3137,10 @@ start_command_handler (assuan_fd_t fd, unsigned int session_id)
- ctrl->refcount);
- else
- {
-+#if USE_LDAP
- ks_ldap_free_state (ctrl->ks_get_state);
- ctrl->ks_get_state = NULL;
-+#endif
- release_ctrl_ocsp_certs (ctrl);
- xfree (ctrl->server_local);
- dirmngr_deinit_default_ctrl (ctrl);
---
-2.11.0
-
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2021-09-07 15:20 David Seifert
0 siblings, 0 replies; 9+ messages in thread
From: David Seifert @ 2021-09-07 15:20 UTC (permalink / raw
To: gentoo-commits
commit: e11a57a6a4df5d177aac4c9d7d0b3581460514b0
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 7 15:20:03 2021 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Tue Sep 7 15:20:03 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e11a57a6
app-crypt/gnupg: remove unused patch
Signed-off-by: David Seifert <soap <AT> gentoo.org>
.../gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch | 36 ----------------------
1 file changed, 36 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch b/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
deleted file mode 100644
index 86e83de8ec3..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.28-dirmngr_ldap.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c8b2162c0e7eb42b74811b7ed225fa0f56be4083 Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 11 Jun 2021 10:30:02 +0900
-Subject: [PATCH] dirmngir: Fix build with --disable-ldap.
-
-* dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
-Conditionalize.
-
---
-
-Reported-by: Phil Pennock
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- dirmngr/dirmngr.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
-index 04fe9e238..6a818cabc 100644
---- a/dirmngr/dirmngr.c
-+++ b/dirmngr/dirmngr.c
-@@ -736,6 +736,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- case oRecursiveResolver: enable_recursive_resolver (1); break;
-
- case oLDAPServer:
-+#if USE_LDAP
- {
- ldap_server_t server;
- char *p;
-@@ -757,6 +758,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
- opt.ldapservers = server;
- }
- }
-+#endif
- break;
-
- case oKeyServer:
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2018-05-12 20:27 Robin H. Johnson
0 siblings, 0 replies; 9+ messages in thread
From: Robin H. Johnson @ 2018-05-12 20:27 UTC (permalink / raw
To: gentoo-commits
commit: 1313da3c48070710e5e1ab011b6b9a38fd0b3e9e
Author: Michael Mair-Keimberger <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Sat May 12 15:42:58 2018 +0000
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat May 12 20:26:52 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1313da3c
app-crypt/gnupg: remove unused patch
(cherry picked from commit af5486edf6e599ea1dcc8f718eda0b49fc4c4691)
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/8376
.../gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch | 85 ----------------------
1 file changed, 85 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch b/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
deleted file mode 100644
index 6a2c18e9b63..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.2.1-fix-gnupg-wait.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From eeb3da6eb717ed6a1a1069a7611eb37503e8672d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Tue, 19 Sep 2017 12:28:43 +0900
-Subject: [PATCH 2/3] common: Fix gnupg_wait_processes.
-
-* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
-even if we already see an error.
-
---
-
-The value stored by waitpid for exit code is encoded; It requires
-decoded by WEXITSTATUS macro, regardless of an error.
-
-For example, when one of processes is already exited and another is
-still running, it resulted wrong value of in r_exitcodes[n].
-
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- common/exechelp-posix.c | 50 +++++++++++++++++++++++++------------------------
- 1 file changed, 26 insertions(+), 24 deletions(-)
-
-diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c
-index 7237993a2..3acf74ad6 100644
---- a/common/exechelp-posix.c
-+++ b/common/exechelp-posix.c
-@@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count,
- }
- }
-
-- if (ec == 0)
-- for (i = 0; i < count; i++)
-- {
-- if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
-- {
-- log_error (_("error running '%s': probably not installed\n"),
-- pgmnames[i]);
-- ec = GPG_ERR_CONFIGURATION;
-- }
-- else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
-- {
-- if (dummy)
-- log_error (_("error running '%s': exit status %d\n"),
-- pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
-- else
-- r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
-- ec = GPG_ERR_GENERAL;
-- }
-- else if (!WIFEXITED (r_exitcodes[i]))
-- {
-- log_error (_("error running '%s': terminated\n"), pgmnames[i]);
-- ec = GPG_ERR_GENERAL;
-- }
-- }
-+ for (i = 0; i < count; i++)
-+ {
-+ if (r_exitcodes[i] == -1)
-+ continue;
-+
-+ if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127)
-+ {
-+ log_error (_("error running '%s': probably not installed\n"),
-+ pgmnames[i]);
-+ ec = GPG_ERR_CONFIGURATION;
-+ }
-+ else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]))
-+ {
-+ if (dummy)
-+ log_error (_("error running '%s': exit status %d\n"),
-+ pgmnames[i], WEXITSTATUS (r_exitcodes[i]));
-+ else
-+ r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]);
-+ ec = GPG_ERR_GENERAL;
-+ }
-+ else if (!WIFEXITED (r_exitcodes[i]))
-+ {
-+ log_error (_("error running '%s': terminated\n"), pgmnames[i]);
-+ ec = GPG_ERR_GENERAL;
-+ }
-+ }
-
- xfree (dummy);
- return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec);
---
-2.13.5
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2017-08-18 17:34 Alon Bar-Lev
0 siblings, 0 replies; 9+ messages in thread
From: Alon Bar-Lev @ 2017-08-18 17:34 UTC (permalink / raw
To: gentoo-commits
commit: 8b5e22fc4f417c9e25abefc2a65819059970920f
Author: Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com>
AuthorDate: Thu Aug 10 08:23:23 2017 +0000
Commit: Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
CommitDate: Fri Aug 18 10:29:39 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b5e22fc
app-crypt/gnupg: remove unused patches
...shorter-socket-path-lengts-to-improve-tes.patch | 33 ---------
.../gnupg/files/gnupg-2.1.19-have_strlwr.patch | 56 --------------
.../gnupg/files/gnupg-2.1.19-solaris-ucred.patch | 19 -----
.../gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch | 85 ----------------------
4 files changed, 193 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch b/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
deleted file mode 100644
index 7c790462491..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.16-gpgscm-Use-shorter-socket-path-lengts-to-improve-tes.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From cf3778631f87ad03274ac94dcae7c7fbbd036913 Mon Sep 17 00:00:00 2001
-From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
-Date: Tue, 22 Nov 2016 10:07:33 +0100
-Subject: [PATCH] gpgscm: Use shorter socket path lengts to improve test
- reliability
-
---
-As socket lengths are normally restricted to 108 characters
-(UNIX_PATH_MAX variable in /usr/include/linux/un.h), using 42 characters
-by default easily results in errors.
----
- tests/gpgscm/tests.scm | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/gpgscm/tests.scm b/tests/gpgscm/tests.scm
-index 72afa99..039ea86 100644
---- a/tests/gpgscm/tests.scm
-+++ b/tests/gpgscm/tests.scm
-@@ -268,9 +268,9 @@
- (define (mkdtemp . components)
- (_mkdtemp (if (null? components)
- (path-join (getenv "TMP")
-- (string-append "gpgscm-" (get-isotime) "-"
-+ (string-append "gscm"
- (basename-suffix *scriptname* ".scm")
-- "-XXXXXX"))
-+ "XXXXXX"))
- (apply path-join components))))
-
- (macro (with-temporary-working-directory form)
---
-2.7.3
-
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch b/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch
deleted file mode 100644
index eae8d9ea3f9..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.19-have_strlwr.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-https://lists.gnupg.org/pipermail/gnupg-devel/2017-March/032668.html
-
-From c22a2a89d3bd3d08b3abb8e4e33df32b480338ec Mon Sep 17 00:00:00 2001
-From: Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
-Date: Tue, 7 Mar 2017 13:54:49 +0100
-Subject: [PATCH] gpgscm: Use system strlwr if available.
-
-* tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
-not defined in config.h.
-* tests/gpgscm/scheme-config.h: Remove hack.
-
-Signed-off-by: Justus Winter <justus@g10code.com>
----
- tests/gpgscm/scheme-config.h | 4 ----
- tests/gpgscm/scheme.c | 6 +++++-
- 2 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tests/gpgscm/scheme-config.h b/tests/gpgscm/scheme-config.h
-index 2003498..15ca969 100644
---- a/tests/gpgscm/scheme-config.h
-+++ b/tests/gpgscm/scheme-config.h
-@@ -30,7 +30,3 @@
- #define USE_PLIST 0
- #define USE_INTERFACE 1
- #define SHOW_ERROR_LINE 1
--
--#if __MINGW32__
--# define USE_STRLWR 0
--#endif /* __MINGW32__ */
-diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
-index b2ff721..af97c27 100644
---- a/tests/gpgscm/scheme.c
-+++ b/tests/gpgscm/scheme.c
-@@ -12,6 +12,10 @@
- *
- */
-
-+#ifdef HAVE_CONFIG_H
-+# include <config.h>
-+#endif
-+
- #define _SCHEME_SOURCE
- #include "scheme-private.h"
- #ifndef WIN32
-@@ -88,7 +92,7 @@ static int stricmp(const char *s1, const char *s2)
- }
- #endif /* __APPLE__ */
-
--#if USE_STRLWR
-+#if USE_STRLWR && !defined(HAVE_STRLWR)
- static const char *strlwr(char *s) {
- const char *p=s;
- while(*s) {
---
-2.10.2
-
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch b/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
deleted file mode 100644
index aefce5e8256..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.19-solaris-ucred.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-command-ssh: include ucred.h
-
-In order to use ucred() when HAVE_SO_PEERCRED is defined, ucred.h needs
-to be included on Solaris.
-
-https://bugs.gnupg.org/gnupg/issue2981
-
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -40,6 +40,9 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <assert.h>
-+#ifdef HAVE_UCRED_H
-+#include <ucred.h>
-+#endif
-
- #include "agent.h"
-
diff --git a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch b/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
deleted file mode 100644
index 14d5444f3a0..00000000000
--- a/app-crypt/gnupg/files/gnupg-2.1.19-ssh-no-scdaemon.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 4ce4f2f683a17be3ddb93729f3f25014a97934ad Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Mon, 6 Mar 2017 10:26:11 +0900
-Subject: [PATCH 1/1] agent: For SSH, robustly handling scdaemon's errors.
-
-* agent/command-ssh.c (card_key_list): Return 0 when
-agent_card_serialno returns an error.
-(ssh_handler_request_identities): Handle errors for card listing
-and proceed to other cases.
---
-
-GnuPG-bug-id: 2980
-
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- agent/command-ssh.c | 19 +++++++++----------
- 1 file changed, 9 insertions(+), 10 deletions(-)
-
-diff --git a/agent/command-ssh.c b/agent/command-ssh.c
-index 79b8f85..3ab41cf 100644
---- a/agent/command-ssh.c
-+++ b/agent/command-ssh.c
-@@ -2393,13 +2393,12 @@ card_key_list (ctrl_t ctrl, char **r_serialno, strlist_t *result)
- err = agent_card_serialno (ctrl, r_serialno, NULL);
- if (err)
- {
-- if (gpg_err_code (err) == GPG_ERR_ENODEV)
-- return 0; /* Nothing available. */
--
-- if (opt.verbose)
-+ if (gpg_err_code (err) != GPG_ERR_ENODEV && opt.verbose)
- log_info (_("error getting serial number of card: %s\n"),
- gpg_strerror (err));
-- return err;
-+
-+ /* Nothing available. */
-+ return 0;
- }
-
- err = agent_card_cardlist (ctrl, result);
-@@ -2568,7 +2567,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
- gpg_error_t err;
- int ret;
- ssh_control_file_t cf = NULL;
-- char *cardsn;
- gpg_error_t ret_err;
-
- (void)request;
-@@ -2601,21 +2599,21 @@ ssh_handler_request_identities (ctrl_t ctrl,
- if (opt.verbose)
- log_info (_("error getting list of cards: %s\n"),
- gpg_strerror (err));
-- goto out;
-+ goto scd_out;
- }
-
- for (sl = card_list; sl; sl = sl->next)
- {
- char *serialno0;
-+ char *cardsn;
-+
- err = agent_card_serialno (ctrl, &serialno0, sl->d);
- if (err)
- {
- if (opt.verbose)
- log_info (_("error getting serial number of card: %s\n"),
- gpg_strerror (err));
-- xfree (serialno);
-- free_strlist (card_list);
-- goto out;
-+ continue;
- }
-
- xfree (serialno0);
-@@ -2640,6 +2638,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
- free_strlist (card_list);
- }
-
-+ scd_out:
- /* Then look at all the registered and non-disabled keys. */
- err = open_control_file (&cf, 0);
- if (err)
---
-2.8.0.rc3
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2017-01-24 17:44 Kristian Fiskerstrand
0 siblings, 0 replies; 9+ messages in thread
From: Kristian Fiskerstrand @ 2017-01-24 17:44 UTC (permalink / raw
To: gentoo-commits
commit: 1b8602a8659f24d7f2fd463d9fd08a7f4c606fc1
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 24 17:42:54 2017 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Tue Jan 24 17:42:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b8602a8
app-crypt/gnupg: Restore missing patch for gnupg 2.0 branch
Package-Manager: Portage-2.3.3, Repoman-2.3.1
.../gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch | 34 ++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch b/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
new file mode 100644
index 00000000..9506f81
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.0.17-gpgsm-gencert.patch
@@ -0,0 +1,34 @@
+From c34486a64c223bcbfbb57d9abcf107d684b815b6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Diego=20Elio=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Sun, 17 Apr 2011 01:34:39 +0200
+Subject: [PATCH] gpgsm-gencert.sh: make sure not to abort after creating temp
+ file.
+
+https://bugs.g10code.com/gnupg/issue1466
+
+---
+ tools/gpgsm-gencert.sh | 8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh
+index b209c8e..e7c812f 100755
+--- a/tools/gpgsm-gencert.sh
++++ b/tools/gpgsm-gencert.sh
+@@ -178,10 +178,10 @@ Key-Length: $KEY_LENGTH
+ Key-Usage: $KEY_USAGE
+ Name-DN: $NAME
+ EOF
+-[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP"
+-[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES"
+-[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES"
+-[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES"
++[ -n "$KEY_GRIP" ] && echo "Key-Grip: $KEY_GRIP" || true
++[ -n "$EMAIL_ADDRESSES" ] && echo "$EMAIL_ADDRESSES" || true
++[ -n "$DNS_ADDRESSES" ] && echo "$DNS_ADDRESSES" || true
++[ -n "$URI_ADDRESSES" ] && echo "$URI_ADDRESSES" || true
+ ) > "$file_parameter"
+
+
+--
+1.7.5.rc1
+
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/
@ 2016-11-23 20:32 Kristian Fiskerstrand
0 siblings, 0 replies; 9+ messages in thread
From: Kristian Fiskerstrand @ 2016-11-23 20:32 UTC (permalink / raw
To: gentoo-commits
commit: e87a33e05c8b9e57e95a9c766d767f0942fdafb5
Author: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 23 20:32:11 2016 +0000
Commit: Kristian Fiskerstrand <k_f <AT> gentoo <DOT> org>
CommitDate: Wed Nov 23 20:32:23 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e87a33e0
app-crypt/gnupg: Clean up unused files
Package-Manager: portage-2.3.2
....0.26-Need-to-init-the-trustdb-for-import.patch | 35 ------
app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch | 118 ---------------------
.../files/gnupg-2.1-fix-gentoo-dash-issue.patch | 12 ---
.../gnupg-2.1.12-fix-signature-checking.patch | 50 ---------
4 files changed, 215 deletions(-)
diff --git a/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch b/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
deleted file mode 100644
index 4c9eff2..00000000
--- a/app-crypt/gnupg/files/gnupg-2.0.26-Need-to-init-the-trustdb-for-import.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From a2dcc5cc49c3e79d64bd1a2ad7a5bc4df5b073ee Mon Sep 17 00:00:00 2001
-From: Kristian Fiskerstrand <kf@sumptuouscapital.com>
-Date: Wed, 13 Aug 2014 11:13:34 +0200
-Subject: [PATCH] gpg: Need to init the trustdb for import.
-
-* g10/trustdb.c (clear_ownertrusts): Init trustdb.
-
---
-
-This was fixed in 1.4 branch in commit
-23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
-2.0 branch that exhibits the same problem. This is actually a hack
-to fix a bug introduced with commit 2528178.
-
-GnuPG-bug-id: 1622
----
- g10/trustdb.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/g10/trustdb.c b/g10/trustdb.c
-index f96701a..7bfef25 100644
---- a/g10/trustdb.c
-+++ b/g10/trustdb.c
-@@ -923,6 +923,8 @@ clear_ownertrusts (PKT_public_key *pk)
- TRUSTREC rec;
- int rc;
-
-+ init_trustdb();
-+
- if (trustdb_args.no_trustdb && opt.trust_model == TM_ALWAYS)
- return 0;
-
---
-1.8.5.5
-
diff --git a/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch b/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
deleted file mode 100644
index 734a04a..00000000
--- a/app-crypt/gnupg/files/gnupg-2.0.26-misc-cve.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From ed8383c618e124cfa708c9ee87563fcdf2f4649c Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 19 Dec 2014 18:53:34 -0500
-Subject: [PATCH] sm: Avoid double-free on iconv failure
-
-* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
-double-free of pwbuf.
-
---
-
-Observed by Joshua Rogers <honey@internot.info>, who proposed a
-slightly different fix.
-
-Debian-Bug-Id: 773472
-
-Added fix at a second place - wk.
----
- sm/minip12.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/agent/minip12.c b/agent/minip12.c
-index 01b91b7..ca4d248 100644
---- a/agent/minip12.c
-+++ b/agent/minip12.c
-@@ -2422,6 +2422,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
- " requested charset '%s': %s\n",
- charset, strerror (errno));
- gcry_free (pwbuf);
-+ pwbuf = NULL;
- goto failure;
- }
-
-@@ -2436,6 +2437,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
- " requested charset '%s': %s\n",
- charset, strerror (errno));
- gcry_free (pwbuf);
-+ pwbuf = NULL;
- jnlib_iconv_close (cd);
- goto failure;
- }
---
-1.7.10.4
-
-From b0b3803e8c2959dd67ca96debc54b5c6464f0d41 Mon Sep 17 00:00:00 2001
-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-Date: Fri, 19 Dec 2014 18:07:55 -0500
-Subject: [PATCH] scd: Avoid double-free on error condition in scd
-
-* scd/command.c (cmd_readkey): avoid double-free of cert
-
---
-
-When ksba_cert_new() fails, cert will be double-freed.
-
-Debian-Bug-Id: 773471
-
-Original patch changed by wk to do the free only at leave.
----
- scd/command.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/scd/command.c b/scd/command.c
-index dd4191f..1cc580a 100644
---- a/scd/command.c
-+++ b/scd/command.c
-@@ -804,10 +804,8 @@ cmd_readkey (assuan_context_t ctx, char *line)
-
- rc = ksba_cert_new (&kc);
- if (rc)
-- {
-- xfree (cert);
-- goto leave;
-- }
-+ goto leave;
-+
- rc = ksba_cert_init_from_mem (kc, cert, ncert);
- if (rc)
- {
---
-1.7.10.4
-
-From abd5f6752d693b7f313c19604f0723ecec4d39a6 Mon Sep 17 00:00:00 2001
-From: Werner Koch <wk@gnupg.org>
-Date: Mon, 22 Dec 2014 12:16:46 +0100
-Subject: [PATCH] dirmngr,gpgsm: Return NULL on fail
-
-* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
-* sm/gpgsm.c (parse_keyserver_line): Ditto.
---
-
-Reported-by: Joshua Rogers <git@internot.info>
-
- "If something inside the ldapserver_parse_one function failed,
- 'server' would be freed, then returned, leading to a
- use-after-free. This code is likely copied from sm/gpgsm.c, which
- was also susceptible to this bug."
-
-Signed-off-by: Werner Koch <wk@gnupg.org>
----
- dirmngr/ldapserver.c | 1 +
- sm/gpgsm.c | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/sm/gpgsm.c b/sm/gpgsm.c
-index 3398d17..72bceb4 100644
---- a/sm/gpgsm.c
-+++ b/sm/gpgsm.c
-@@ -862,6 +862,7 @@ parse_keyserver_line (char *line,
- {
- log_info (_("%s:%u: skipping this line\n"), filename, lineno);
- keyserver_list_free (server);
-+ server = NULL;
- }
-
- return server;
---
-1.7.10.4
-
diff --git a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch b/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
deleted file mode 100644
index 6878ef1..00000000
--- a/app-crypt/gnupg/files/gnupg-2.1-fix-gentoo-dash-issue.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur tests.old/openpgp/mds.test tests/openpgp/mds.test
---- tests.old/openpgp/mds.test 2016-05-03 13:13:11.373313389 +0200
-+++ tests/openpgp/mds.test 2016-05-03 13:13:31.886755059 +0200
-@@ -63,7 +63,7 @@
-
- [ "$failed" != "" ] && error "$failed failed for empty string"
-
--echo_n "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
-+printf "abcdefghijklmnopqrstuvwxyz" | $GPG --with-colons --print-mds >y
- if have_hash_algo "MD5"; then
- test_one ":1:" "C3FCD3D76192E4007DFB496CCA67E13B"
- fi
diff --git a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch b/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
deleted file mode 100644
index debf0bb..00000000
--- a/app-crypt/gnupg/files/gnupg-2.1.12-fix-signature-checking.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 11 May 2016 19:27:03 +0900
-Subject: [PATCH 1/1] g10: Fix signature checking.
-
-* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
-walk_kbnode.
-
---
-
-Thanks to Vincent Brillault (Feandil).
-
-GnuPG-bug-id: 2351
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- g10/sig-check.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/g10/sig-check.c b/g10/sig-check.c
-index 290f19a..7000b48 100644
---- a/g10/sig-check.c
-+++ b/g10/sig-check.c
-@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
- *is_selfsig = 1;
- }
- else
-- /* See if one of the subkeys was the signer (although this is
-- extremely unlikely). */
- {
- kbnode_t ctx = NULL;
- kbnode_t n;
-
-- while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
-+ /* See if one of the subkeys was the signer (although this
-+ is extremely unlikely). */
-+ while ((n = walk_kbnode (kb, &ctx, 0)))
- {
-- PKT_public_key *subk = n->pkt->pkt.public_key;
-+ PKT_public_key *subk;
-+
-+ if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
-+ continue;
-+
-+ subk = n->pkt->pkt.public_key;
- if (sig->keyid[0] == subk->keyid[0]
- && sig->keyid[1] == subk->keyid[1])
- /* Issued by a subkey. */
---
-2.8.0.rc3
-
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-06-23 1:49 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-13 9:38 [gentoo-commits] repo/gentoo:master commit in: app-crypt/gnupg/files/ Tony Vroon
-- strict thread matches above, loose matches on Subject: below --
2024-06-23 1:49 Sam James
2024-02-18 10:13 Sam James
2023-06-23 21:29 Conrad Kostecki
2021-09-07 15:20 David Seifert
2018-05-12 20:27 Robin H. Johnson
2017-08-18 17:34 Alon Bar-Lev
2017-01-24 17:44 Kristian Fiskerstrand
2016-11-23 20:32 Kristian Fiskerstrand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox