[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.9-14-ga59a996

by Werner Koch cvs at cvs.gnupg.org
Wed Aug 29 09:46:51 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  a59a9962f48f828ea7d22362dfa6d82841551110 (commit)
      from  b02ad56a9041273df58ded4cc70cf5ffa9e58c16 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a59a9962f48f828ea7d22362dfa6d82841551110
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Aug 29 09:36:09 2018 +0200

    gpg: New option --known-notation.
    
    * g10/gpg.c (oKnownNotation): New const.
    (opts): Add option --known-notation.
    (main): Set option.
    * g10/parse-packet.c (known_notations_list): New local var.
    (register_known_notation): New.
    (can_handle_critical_notation): Rewrite to handle the new feature.
    Also print the name of unknown notations in verbose mode.
    --
    
    GnuPG-bug-id: 4060
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index d0aa010..a72505f 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2933,6 +2933,13 @@ smartcard, and "%%" results in a single "%". %k, %K, and %f are only
 meaningful when making a key signature (certification), and %c is only
 meaningful when using the OpenPGP smartcard.
 
+ at item --known-notation @var{name}
+ at opindex known-notation
+Adds @var{name} to a list of known critical signature notations.  The
+effect of this is that gpg will not mark a signature with a critical
+signature notation of that name as bad.  Note that gpg already knows
+by default about a few critical signatures notation names.
+
 @item --sig-policy-url @var{string}
 @itemx --cert-policy-url @var{string}
 @itemx --set-policy-url @var{string}
diff --git a/g10/gpg.c b/g10/gpg.c
index c117de3..e18eefe 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -109,6 +109,7 @@ enum cmd_and_opt_values
     oCertNotation,
     oShowNotation,
     oNoShowNotation,
+    oKnownNotation,
     aEncrFiles,
     aEncrSym,
     aDecryptFiles,
@@ -673,6 +674,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oSetNotation,  "set-notation", "@"),
   ARGPARSE_s_s (oSigNotation,  "sig-notation", "@"),
   ARGPARSE_s_s (oCertNotation, "cert-notation", "@"),
+  ARGPARSE_s_s (oKnownNotation, "known-notation", "@"),
 
   ARGPARSE_group (302, N_(
   "@\n(See the man page for a complete listing of all commands and options)\n"
@@ -3301,6 +3303,7 @@ main (int argc, char **argv)
 	    break;
 	  case oSigNotation: add_notation_data( pargs.r.ret_str, 0 ); break;
 	  case oCertNotation: add_notation_data( pargs.r.ret_str, 1 ); break;
+          case oKnownNotation: register_known_notation (pargs.r.ret_str); break;
 	  case oShowNotation:
 	    deprecated_warning(configname,configlineno,"--show-notation",
 			       "--list-options ","show-notations");
diff --git a/g10/packet.h b/g10/packet.h
index e76e6af..6d01b10 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -610,6 +610,9 @@ char *issuer_fpr_string (PKT_signature *sig);
 
 /*-- parse-packet.c --*/
 
+
+void register_known_notation (const char *string);
+
 /* Sets the packet list mode to MODE (i.e., whether we are dumping a
    packet or not).  Returns the current mode.  This allows for
    temporarily suspending dumping by doing the following:
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 8d0be19..ff348ec 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -43,11 +43,15 @@
 #define MAX_COMMENT_PACKET_LENGTH ( 64 * 1024)
 #define MAX_ATTR_PACKET_LENGTH    ( 16 * 1024*1024)
 
-
 static int mpi_print_mode;
 static int list_mode;
 static estream_t listfp;
 
+/* A linked list of known notation names.  Note that the FLAG is used
+ * to store the length of the name to speed up the check.  */
+static strlist_t known_notations_list;
+
+
 static int parse (parse_packet_ctx_t ctx, PACKET *pkt, int onlykeypkts,
 		  off_t * retpos, int *skip, IOBUF out, int do_skip
 #if DEBUG_PARSE_PACKET
@@ -186,6 +190,36 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
 }
 
 
+/* Register STRING as a known critical notation name.  */
+void
+register_known_notation (const char *string)
+{
+  strlist_t sl;
+
+  if (!known_notations_list)
+    {
+      sl = add_to_strlist (&known_notations_list,
+                           "preferred-email-encoding at pgp.com");
+      sl->flags = 32;
+      sl = add_to_strlist (&known_notations_list, "pka-address at gnupg.org");
+      sl->flags = 21;
+    }
+  if (!string)
+    return; /* Only initialized the default known notations.  */
+
+  /* In --set-notation we use an exclamation mark to indicate a
+   * critical notation.  As a convenience skip this here.  */
+  if (*string == '!')
+    string++;
+
+  if (!*string || strlist_find (known_notations_list, string))
+    return; /* Empty string or already registered.  */
+
+  sl = add_to_strlist (&known_notations_list, string);
+  sl->flags = strlen (string);
+}
+
+
 int
 set_packet_list_mode (int mode)
 {
@@ -1602,14 +1636,24 @@ parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
 
 /* Return true if we understand the critical notation.  */
 static int
-can_handle_critical_notation (const byte * name, size_t len)
+can_handle_critical_notation (const byte *name, size_t len)
 {
-  if (len == 32 && memcmp (name, "preferred-email-encoding at pgp.com", 32) == 0)
-    return 1;
-  if (len == 21 && memcmp (name, "pka-address at gnupg.org", 21) == 0)
-    return 1;
+  strlist_t sl;
 
-  return 0;
+  register_known_notation (NULL); /* Make sure it is initialized.  */
+
+  for (sl = known_notations_list; sl; sl = sl->next)
+    if (sl->flags == len && !memcmp (sl->d, name, len))
+      return 1; /* Known */
+
+  if (opt.verbose)
+    {
+      log_info(_("Unknown critical signature notation: ") );
+      print_utf8_buffer (log_get_stream(), name, len);
+      log_printf ("\n");
+    }
+
+  return 0; /* Unknown.  */
 }
 
 

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi       |  7 +++++++
 g10/gpg.c          |  3 +++
 g10/packet.h       |  3 +++
 g10/parse-packet.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++-------
 4 files changed, 64 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list