[git] GnuPG - branch, master, updated. gnupg-2.1.13-126-ge32c575

by NIIBE Yutaka cvs at cvs.gnupg.org
Sat Jul 9 03:36:49 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  e32c575e0f3704e7563048eea6d26844bdfc494b (commit)
      from  cbe467e794f3be81b8da2bcb1732b5514b13b71d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e32c575e0f3704e7563048eea6d26844bdfc494b
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Sat Jul 9 10:20:02 2016 +0900

    gpgv: Tweak default options for extra security.
    
    * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
    cached status.  Similarly, set opt.flags.require_cross_cert for backsig
    validation for subkey signature.
    
    --
    
    It is common that an organization distributes binary keyrings with
    signature cache (Tag 12, Trust Packet) and people use gpgv to validate
    signature with such keyrings.  In such a use case, it is possible that
    the key validation itself is skipped.
    
    For the purpose of gpgv validation of signatures, we should not depend
    on signature cache in keyrings (if any), but we should validate the key
    by its self signature for primary key, and back signature for subkey.
    
    Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>

diff --git a/g10/gpgv.c b/g10/gpgv.c
index d238ee0..d08dc5a 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -167,6 +167,8 @@ main( int argc, char **argv )
   opt.command_fd = -1; /* no command fd */
   opt.keyserver_options.options |= KEYSERVER_AUTO_KEY_RETRIEVE;
   opt.trust_model = TM_ALWAYS;
+  opt.no_sig_cache = 1;
+  opt.flags.require_cross_cert = 1;
   opt.batch = 1;
 
   opt.weak_digests = NULL;

-----------------------------------------------------------------------

Summary of changes:
 g10/gpgv.c | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list