[git] GnuPG - branch, master, updated. gnupg-2.1.15-88-gee06b3f
by Neal H. Walfield
cvs at cvs.gnupg.org
Wed Sep 7 10:53:31 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ee06b3f7889bd99c28ac68f4781bda77d67eed00 (commit)
via 7b3e8572e3bb8a65d20577a48009251fdc7b1910 (commit)
from 56c18408d4955713d9c4e634367c7912d6564651 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ee06b3f7889bd99c28ac68f4781bda77d67eed00
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 7 10:53:28 2016 +0200
g10: Check for a new binding a bit later.
* g10/tofu.c (build_conflict_set): Check for the current key after
looking for conflicts and removing any '!'.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Fixes-commit: 1f1f56e6
diff --git a/g10/tofu.c b/g10/tofu.c
index 2976c6b..5b20269 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -1769,15 +1769,6 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
return NULL;
}
- /* If the current binding has not yet been recorded, add it to the
- * list. (The order by above ensures that if it is present, it will
- * be first.) */
- if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0))
- {
- add_to_strlist (&conflict_set, fingerprint);
- conflict_set->flags |= BINDING_NEW;
- }
-
/* Set BINDING_CONFLICT if the binding has a known conflict. This
* allows us to distinguish between bindings where the user
* explicitly set the policy to ask and bindings where we set the
@@ -1801,6 +1792,15 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
}
}
+ /* If the current binding has not yet been recorded, add it to the
+ * list. (The order by above ensures that if it is present, it will
+ * be first.) */
+ if (! (conflict_set && strcmp (conflict_set->d, fingerprint) == 0))
+ {
+ add_to_strlist (&conflict_set, fingerprint);
+ conflict_set->flags |= BINDING_NEW;
+ }
+
conflict_set_count = strlist_length (conflict_set);
/* Eliminate false conflicts. */
commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Sep 7 10:28:39 2016 +0200
g10: Change TOFU code to respect --faked-system-time.
* g10/tofu.c (record_binding): New parameter now. Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now. Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/tofu.c b/g10/tofu.c
index afecd0c..2976c6b 100644
--- a/g10/tofu.c
+++ b/g10/tofu.c
@@ -797,7 +797,8 @@ get_single_long_cb2 (void *cookie, int argc, char **argv, char **azColName,
If SHOW_OLD is set, the binding's old policy is displayed. */
static gpg_error_t
record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
- const char *user_id, enum tofu_policy policy, int show_old)
+ const char *user_id, enum tofu_policy policy, int show_old,
+ time_t now)
{
char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0);
gpg_error_t rc;
@@ -873,10 +874,12 @@ record_binding (tofu_dbs_t dbs, const char *fingerprint, const char *email,
reallocate a new one. We just need to search for the OID
based on the fingerprint and email since they are unique. */
" (select oid from bindings where fingerprint = ? and email = ?),\n"
- " ?, ?, ?, strftime('%s','now'), ?);",
+ " ?, ?, ?, ?, ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
- GPGSQL_ARG_STRING, user_id, GPGSQL_ARG_INT, (int) policy,
+ GPGSQL_ARG_STRING, user_id,
+ GPGSQL_ARG_LONG_LONG, (long long) now,
+ GPGSQL_ARG_INT, (int) policy,
GPGSQL_ARG_END);
if (rc)
{
@@ -1318,7 +1321,8 @@ ask_about_binding (ctrl_t ctrl,
strlist_t conflict_set,
const char *fingerprint,
const char *email,
- const char *user_id)
+ const char *user_id,
+ time_t now)
{
tofu_dbs_t dbs;
strlist_t iter;
@@ -1423,7 +1427,7 @@ ask_about_binding (ctrl_t ctrl,
" from bindings\n" \
" left join\n" \
" (select *,\n" \
- " cast(strftime('%s','now') - " time " as real) delta\n" \
+ " cast(? - " time " as real) delta\n" \
" from " table ") ss\n" \
" on ss.binding = bindings.oid)\n" \
" where email = ? and fingerprint = ?\n" \
@@ -1435,6 +1439,7 @@ ask_about_binding (ctrl_t ctrl,
(dbs->db, &dbs->s.get_trust_gather_signature_stats,
signature_stats_collect_cb, &stats, &sqerr,
STATS_SQL ("signatures", "sig_time", ""),
+ GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END);
@@ -1449,6 +1454,7 @@ ask_about_binding (ctrl_t ctrl,
(dbs->db, &dbs->s.get_trust_gather_encryption_stats,
signature_stats_collect_cb, &stats, &sqerr,
STATS_SQL ("encryptions", "time", "-"),
+ GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, iter->d,
GPGSQL_ARG_END);
@@ -1700,7 +1706,7 @@ ask_about_binding (ctrl_t ctrl,
}
if (record_binding (dbs, fingerprint, email, user_id,
- *policy, 0))
+ *policy, 0, now))
{
/* If there's an error registering the
* binding, don't save the signature. */
@@ -1990,7 +1996,7 @@ build_conflict_set (tofu_dbs_t dbs, const char *fingerprint, const char *email)
static enum tofu_policy
get_trust (ctrl_t ctrl, PKT_public_key *pk,
const char *fingerprint, const char *email,
- const char *user_id, int may_ask)
+ const char *user_id, int may_ask, time_t now)
{
tofu_dbs_t dbs = ctrl->tofu.dbs;
int in_transaction = 0;
@@ -2038,7 +2044,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
if (policy == TOFU_POLICY_NONE)
{
if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_AUTO, 0) != 0)
+ TOFU_POLICY_AUTO, 0, now) != 0)
{
log_error (_("error setting TOFU binding's trust level"
" to %s\n"), "auto");
@@ -2142,7 +2148,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_AUTO, 0) != 0)
+ TOFU_POLICY_AUTO, 0, now) != 0)
{
log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto");
@@ -2171,7 +2177,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
fingerprint, email);
if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_AUTO, 0) != 0)
+ TOFU_POLICY_AUTO, 0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"),
"auto");
@@ -2193,7 +2199,7 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
log_assert (policy == TOFU_POLICY_NONE);
if (record_binding (dbs, fingerprint, email, user_id,
- TOFU_POLICY_ASK, 0) != 0)
+ TOFU_POLICY_ASK, 0, now) != 0)
log_error (_("error setting TOFU binding's trust level to %s\n"),
"ask");
@@ -2212,7 +2218,8 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk,
conflict_set,
fingerprint,
email,
- user_id);
+ user_id,
+ now);
out:
@@ -2457,9 +2464,8 @@ write_stats_status (estream_t fp,
static int
show_statistics (tofu_dbs_t dbs, const char *fingerprint,
const char *email, const char *user_id,
- estream_t outfp)
+ estream_t outfp, time_t now)
{
- unsigned long now = gnupg_get_time ();
enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL);
char *fingerprint_pp;
@@ -2748,6 +2754,7 @@ tofu_register_signature (ctrl_t ctrl,
const byte *sig_digest_bin, int sig_digest_bin_len,
time_t sig_time, const char *origin)
{
+ time_t now = gnupg_get_time ();
gpg_error_t rc;
tofu_dbs_t dbs;
char *fingerprint = NULL;
@@ -2792,7 +2799,7 @@ tofu_register_signature (ctrl_t ctrl,
/* Make sure the binding exists and record any TOFU
conflicts. */
- if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0)
+ if (get_trust (ctrl, pk, fingerprint, email, user_id->d, 0, now)
== _tofu_GET_TRUST_ERROR)
{
rc = gpg_error (GPG_ERR_GENERAL);
@@ -2861,10 +2868,11 @@ tofu_register_signature (ctrl_t ctrl,
" values\n"
" ((select oid from bindings\n"
" where fingerprint = ? and email = ?),\n"
- " ?, ?, ?, strftime('%s', 'now'));",
+ " ?, ?, ?, ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
GPGSQL_ARG_STRING, sig_digest, GPGSQL_ARG_STRING, origin,
GPGSQL_ARG_LONG_LONG, (long long) sig_time,
+ GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_END);
if (rc)
{
@@ -2896,6 +2904,7 @@ tofu_register_encryption (ctrl_t ctrl,
PKT_public_key *pk, strlist_t user_id_list,
int may_ask)
{
+ time_t now = gnupg_get_time ();
gpg_error_t rc = 0;
tofu_dbs_t dbs;
kbnode_t kb = NULL;
@@ -2956,7 +2965,7 @@ tofu_register_encryption (ctrl_t ctrl,
/* Make sure the binding exists and that we recognize any
conflicts. */
int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
- may_ask);
+ may_ask, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
@@ -2971,8 +2980,9 @@ tofu_register_encryption (ctrl_t ctrl,
" values\n"
" ((select oid from bindings\n"
" where fingerprint = ? and email = ?),\n"
- " strftime('%s', 'now'));",
+ " ?);",
GPGSQL_ARG_STRING, fingerprint, GPGSQL_ARG_STRING, email,
+ GPGSQL_ARG_LONG_LONG, (long long) now,
GPGSQL_ARG_END);
if (rc)
{
@@ -3067,6 +3077,7 @@ gpg_error_t
tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
PKT_public_key *pk, const char *user_id)
{
+ time_t now = gnupg_get_time ();
gpg_error_t err;
tofu_dbs_t dbs;
char *fingerprint;
@@ -3086,7 +3097,7 @@ tofu_write_tfs_record (ctrl_t ctrl, estream_t fp,
fingerprint = hexfingerprint (pk, NULL, 0);
email = email_from_user_id (user_id);
- show_statistics (dbs, fingerprint, email, user_id, fp);
+ show_statistics (dbs, fingerprint, email, user_id, fp, now);
xfree (email);
xfree (fingerprint);
@@ -3109,6 +3120,7 @@ int
tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
int may_ask)
{
+ time_t now = gnupg_get_time ();
tofu_dbs_t dbs;
char *fingerprint = NULL;
strlist_t user_id;
@@ -3136,7 +3148,8 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
/* Always call get_trust to make sure the binding is
registered. */
- int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d, may_ask);
+ int tl = get_trust (ctrl, pk, fingerprint, email, user_id->d,
+ may_ask, now);
if (tl == _tofu_GET_TRUST_ERROR)
{
/* An error. */
@@ -3159,7 +3172,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
if (may_ask && tl != TRUST_ULTIMATE && tl != TRUST_EXPIRED)
need_warning |=
- show_statistics (dbs, fingerprint, email, user_id->d, NULL);
+ show_statistics (dbs, fingerprint, email, user_id->d, NULL, now);
if (tl == TRUST_NEVER)
trust_level = TRUST_NEVER;
@@ -3215,6 +3228,7 @@ tofu_get_validity (ctrl_t ctrl, PKT_public_key *pk, strlist_t user_id_list,
gpg_error_t
tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
{
+ time_t now = gnupg_get_time ();
tofu_dbs_t dbs;
PKT_public_key *pk;
char *fingerprint = NULL;
@@ -3257,7 +3271,7 @@ tofu_set_policy (ctrl_t ctrl, kbnode_t kb, enum tofu_policy policy)
email = email_from_user_id (user_id->name);
- record_binding (dbs, fingerprint, email, user_id->name, policy, 1);
+ record_binding (dbs, fingerprint, email, user_id->name, policy, 1, now);
xfree (email);
}
-----------------------------------------------------------------------
Summary of changes:
g10/tofu.c | 76 +++++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 45 insertions(+), 31 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list