[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-20-g80b6d61

by NIIBE Yutaka cvs at cvs.gnupg.org
Tue May 19 03:47:11 CEST 2015 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  80b6d614b7b53058da11ae239e8f1c69f167a200 (commit)
       via  76e2aa739c0c75a9de7059daebdf2823582d8b24 (commit)
      from  be136273454532d94a955fbbcfa1544b47cad954 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 80b6d614b7b53058da11ae239e8f1c69f167a200
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue May 19 10:32:07 2015 +0900

    g10: detects public key encryption packet error properly.
    
    g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
    encryption.
    
    --
    
    (backport from 2.1 commit c771963140cad7c1c25349bcde27e427effc0058)

diff --git a/g10/mainproc.c b/g10/mainproc.c
index be4c73d..17d40de 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -387,9 +387,9 @@ proc_pubkey_enc( CTX c, PACKET *pkt )
 	    xfree(c->dek); c->dek = NULL;
 	}
     }
-    else if( is_ELGAMAL(enc->pubkey_algo)
-             || enc->pubkey_algo == PUBKEY_ALGO_DSA
-             || is_RSA(enc->pubkey_algo)
+    else if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E
+             || enc->pubkey_algo == PUBKEY_ALGO_RSA
+             || enc->pubkey_algo == PUBKEY_ALGO_RSA_E
              || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) {
       /* Note that we also allow type 20 Elgamal keys for decryption.
          There are still a couple of those keys in active use as a

commit 76e2aa739c0c75a9de7059daebdf2823582d8b24
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue May 19 10:14:09 2015 +0900

    g10: Improve handling of no corresponding public key.
    
    * g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not
    exact match.
    
    --
    
    (ported from 1.4 commit b3fd30451a5464b124b0296afbc341cb98b3977c)
    
    In the situation of corrupted .gnupg/ where only private subkey is
    available but no corresponding public key of the subkey, the code
    returned public primary key which caused mysterious error (for a
    user).  This fix detects an error earlier.
    
    GnuPG-bug-id: 1422
    Debian-Bug-Id: #638619

diff --git a/g10/getkey.c b/g10/getkey.c
index 8b3cf2d..a27c8e2 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -500,7 +500,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid )
     ctx.req_usage = sk->req_usage;
     rc = lookup( &ctx, &kb, 1 );
     if ( !rc ) {
+        u32 skid[2];
+
         sk_from_block ( &ctx, sk, kb );
+        keyid_from_sk ( sk, skid );
+        /*
+         * Make sure it's exact match of keyid.
+         * If not, it's secret subkey with no public key.
+         */
+        if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) {
+          log_error (_("key %s: secret key without public key"
+                       " - skipped\n"), keystr(keyid));
+          rc = G10ERR_NO_PUBKEY;
+        }
     }
     get_seckey_end( &ctx );
     release_kbnode ( kb );

-----------------------------------------------------------------------

Summary of changes:
 g10/getkey.c   | 12 ++++++++++++
 g10/mainproc.c |  6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list