[git] GnuPG - branch, master, updated. gnupg-2.1.15-114-g3f7f744

by Neal H. Walfield cvs at cvs.gnupg.org
Thu Sep 15 12:23:55 CEST 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  3f7f7447316f57d002d683af4ad30ac5730b9ebe (commit)
       via  dcc64663051f8af82abc11e2699649c3b35936db (commit)
      from  3248182d1b5a03098ee797c980fa0f0ec06e716f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Sep 15 12:21:15 2016 +0200

    g10: Only consider bindings matching the signer's user id.
    
    * g10/trustdb.c (tdb_get_validity_core): If the signer's user id
    subpacket is present, only consider matching user ids.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 5457ea1..029c8c3 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1025,27 +1025,50 @@ tdb_get_validity_core (ctrl_t ctrl,
       kbnode_t kb = NULL;
       kbnode_t n = NULL;
       strlist_t user_id_list = NULL;
+      int done = 0;
 
       /* If the caller didn't supply a user id then use all uids.  */
       if (! uid)
 	kb = n = get_pubkeyblock (main_pk->keyid);
 
-      while (uid || (n = find_next_kbnode (n, PKT_USER_ID)))
+      if (DBG_TRUST && sig && sig->signers_uid)
+        log_debug ("TOFU: only considering user id: '%s'\n",
+                   sig->signers_uid);
+
+      while (!done && (uid || (n = find_next_kbnode (n, PKT_USER_ID))))
 	{
 	  PKT_user_id *user_id;
           int expired = 0;
 
 	  if (uid)
-	    user_id = uid;
+            {
+              user_id = uid;
+              /* If the caller specified a user id, then we only
+                 process the specified user id and are done after the
+                 first iteration.  */
+              done = 1;
+            }
 	  else
 	    user_id = n->pkt->pkt.user_id;
 
           if (user_id->attrib_data)
+            /* Skip user attributes.  */
+            continue;
+
+          if (sig && sig->signers_uid)
+            /* Make sure the UID matches.  */
             {
-              /* Skip user attributes.  */
-              if (uid)
-                break;
-              continue;
+              char *email = mailbox_from_userid (user_id->name);
+              if (!email || !*email || strcmp (sig->signers_uid, email) != 0)
+                {
+                  if (DBG_TRUST)
+                    log_debug ("TOFU: skipping user id '%s', which does"
+                               " not match the signer's email ('%s')\n",
+                               email, sig->signers_uid);
+                  xfree (email);
+                  continue;
+                }
+              xfree (email);
             }
 
           /* If the user id is revoked or expired, then skip it.  */
@@ -1073,11 +1096,6 @@ tdb_get_validity_core (ctrl_t ctrl,
 
           add_to_strlist (&user_id_list, user_id->name);
           user_id_list->flags = expired;
-
-          if (uid)
-            /* If the caller specified a user id, then we stop
-               now.  */
-            break;
         }
 
       /* Process the user ids in the order they appear in the key

commit dcc64663051f8af82abc11e2699649c3b35936db
Author: Neal H. Walfield <neal at g10code.com>
Date:   Thu Sep 15 12:19:29 2016 +0200

    g10: Don't include the signature when printing a binding's validity.
    
    * g10/mainproc.c (check_sig_and_print): When printing information
    about a binding don't include the current signature.
    
    --
    Signed-off-by: Neal H. Walfield <neal at g10code.com>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index 929e18a..e663af8 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1976,7 +1976,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 	     before calling that function.  */
           if ((opt.verify_options & VERIFY_SHOW_UID_VALIDITY))
             valid = get_validity (c->ctrl, mainpk, un->pkt->pkt.user_id,
-                                  sig, 0);
+                                  NULL, 0);
           else
             valid = 0; /* Not used.  */
 
@@ -2078,7 +2078,7 @@ check_sig_and_print (CTX c, kbnode_t node)
 		       information.  */
                     valid = (trust_value_to_string
                              (get_validity (c->ctrl, mainpk,
-                                            un->pkt->pkt.user_id, sig, 0)));
+                                            un->pkt->pkt.user_id, NULL, 0)));
                   log_printf (" [%s]\n",valid);
                 }
               else

-----------------------------------------------------------------------

Summary of changes:
 g10/mainproc.c |  4 ++--
 g10/trustdb.c  | 40 +++++++++++++++++++++++++++++-----------
 2 files changed, 31 insertions(+), 13 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list