[git] GnuPG - branch, master, updated. gnupg-2.2.7-177-g76989d5

by Werner Koch cvs at cvs.gnupg.org
Mon Jul 9 12:15:10 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  76989d5bd89ed11f5b3656dc4748fcfc939a46dc (commit)
      from  c2fd65ec8498a08ee36ca52d99b6b014f6db8d93 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jul 9 12:01:02 2018 +0200

    gpg: Remove multiple subkey bindings during export-clean.
    
    * g10/key-clean.c (clean_one_subkey_dupsigs): New.
    (clean_all_subkeys): Call it.
    --
    
    GnuPG-bug-id: 3804
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/key-clean.c b/g10/key-clean.c
index 097ca17..f66a0db 100644
--- a/g10/key-clean.c
+++ b/g10/key-clean.c
@@ -479,6 +479,67 @@ clean_one_subkey (ctrl_t ctrl, kbnode_t subkeynode, int noisy, int clean_level)
 }
 
 
+/* Helper for clean_all_subkeys.  Here duplicate signatures from a
+ * subkey are removed.  This should in general not happen because
+ * import takes care of that.  However, sometimes other tools are used
+ * to manage a keyring or key has been imported a long time ago.  */
+static int
+clean_one_subkey_dupsigs (ctrl_t ctrl, kbnode_t subkeynode)
+{
+  kbnode_t node;
+  PKT_public_key *pk = subkeynode->pkt->pkt.public_key;
+  int any_choosen = 0;
+  int count = 0;
+
+  (void)ctrl;
+
+  log_assert (subkeynode->pkt->pkttype == PKT_PUBLIC_SUBKEY
+              || subkeynode->pkt->pkttype == PKT_SECRET_SUBKEY);
+
+  if (DBG_LOOKUP)
+    log_debug ("\tchecking subkey %08lX for dupsigs\n",
+               (ulong) keyid_from_pk (pk, NULL));
+
+  /* First check that the choosen flag has been set.  Note that we
+   * only look at plain signatures so to keep all revocation
+   * signatures which may carry important information.  */
+  for (node = subkeynode->next;
+       node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
+       node = node->next)
+    {
+      if (!is_deleted_kbnode (node)
+          && node->pkt->pkttype == PKT_SIGNATURE
+          && IS_SUBKEY_SIG (node->pkt->pkt.signature)
+          && node->pkt->pkt.signature->flags.chosen_selfsig)
+        {
+          any_choosen = 1;
+          break;
+        }
+    }
+
+  if (!any_choosen)
+    return 0; /* Ooops no choosen flag set - we can't decide.  */
+
+  for (node = subkeynode->next;
+       node && !(node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+                 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
+       node = node->next)
+    {
+      if (!is_deleted_kbnode (node)
+          && node->pkt->pkttype == PKT_SIGNATURE
+          && IS_SUBKEY_SIG (node->pkt->pkt.signature)
+          && !node->pkt->pkt.signature->flags.chosen_selfsig)
+        {
+          delete_kbnode (node);
+          count++;
+        }
+    }
+
+  return count;
+}
+
+
 /* This function only marks the deleted nodes and the caller is
  * responsible to skip or remove them.  Needs to be called after a
  * merge_keys_and_selfsig.  CLEAN_LEVEL is one of the KEY_CLEAN_*
@@ -488,6 +549,7 @@ clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock, int noisy, int clean_level,
                    int *subkeys_cleaned, int *sigs_cleaned)
 {
   kbnode_t first_subkey, node;
+  int n;
 
   if (DBG_LOOKUP)
     log_debug ("clean_all_subkeys: checking key %08lX\n",
@@ -519,17 +581,34 @@ clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock, int noisy, int clean_level,
   /* Do the selected cleaning.  */
   if (clean_level > KEY_CLEAN_NONE)
     {
+      /* Clean enitre subkeys.  */
       for (node = first_subkey; node; node = node->next)
         {
           if (is_deleted_kbnode (node))
             continue;
           if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
               || node->pkt->pkttype == PKT_SECRET_SUBKEY)
-            if (clean_one_subkey (ctrl, node, noisy, clean_level))
-              {
-                if (subkeys_cleaned)
-                  ++*subkeys_cleaned;
-              }
+            {
+              if (clean_one_subkey (ctrl, node, noisy, clean_level))
+                {
+                  if (subkeys_cleaned)
+                    ++*subkeys_cleaned;
+                }
+            }
+        }
+
+      /* Clean duplicate signatures from a subkey.  */
+      for (node = first_subkey; node; node = node->next)
+        {
+          if (is_deleted_kbnode (node))
+            continue;
+          if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+              || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+            {
+              n = clean_one_subkey_dupsigs (ctrl, node);
+              if (sigs_cleaned)
+                *sigs_cleaned += n;
+            }
         }
     }
 }

-----------------------------------------------------------------------

Summary of changes:
 g10/key-clean.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 84 insertions(+), 5 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list