[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.8-6-ge8f439e

by Werner Koch cvs at cvs.gnupg.org
Tue Jun 12 09:05:21 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  e8f439e0547463c24f3c10008fee73e6c4259f52 (commit)
       via  86b64876bef0d8c4be8e309fcf3e2ce21e65a947 (commit)
      from  dc96fd883571a975cfea0882fd38d7b0dd78775b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e8f439e0547463c24f3c10008fee73e6c4259f52
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Jun 12 08:44:55 2018 +0200

    gpg: Do not import revocations with --show-keys.
    
    * g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
    IMPORT_DRY_RUN.
    --
    
    GnuPG-bug-id: 4017
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 6c9e37b2e541e96e7c65e1679982a614b4863fdb)

diff --git a/g10/import.c b/g10/import.c
index b609660..ed3ada5 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -113,8 +113,8 @@ static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
                               struct import_stats_s *stats, int batch,
                               unsigned int options, int for_migration,
                               import_screener_t screener, void *screener_arg);
-static int import_revoke_cert (ctrl_t ctrl,
-                               kbnode_t node, struct import_stats_s *stats);
+static int import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
+                               struct import_stats_s *stats);
 static int chk_self_sigs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
                           int *non_self);
 static int delete_inv_parts (ctrl_t ctrl, kbnode_t keyblock,
@@ -590,7 +590,7 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
                                 screener, screener_arg);
       else if (keyblock->pkt->pkttype == PKT_SIGNATURE
                && IS_KEY_REV (keyblock->pkt->pkt.signature) )
-        rc = import_revoke_cert (ctrl, keyblock, stats);
+        rc = import_revoke_cert (ctrl, keyblock, options, stats);
       else
         {
           log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
@@ -2617,7 +2617,8 @@ import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
  * Import a revocation certificate; this is a single signature packet.
  */
 static int
-import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
+import_revoke_cert (ctrl_t ctrl, kbnode_t node, unsigned int options,
+                    struct import_stats_s *stats)
 {
   PKT_public_key *pk = NULL;
   kbnode_t onode;
@@ -2707,31 +2708,34 @@ import_revoke_cert (ctrl_t ctrl, kbnode_t node, struct import_stats_s *stats)
   /* insert it */
   insert_kbnode( keyblock, clone_kbnode(node), 0 );
 
-  /* and write the keyblock back */
-  rc = keydb_update_keyblock (ctrl, hd, keyblock );
-  if (rc)
-    log_error (_("error writing keyring '%s': %s\n"),
-               keydb_get_resource_name (hd), gpg_strerror (rc) );
-  keydb_release (hd);
-  hd = NULL;
-
-  /* we are ready */
-  if (!opt.quiet )
+  /* and write the keyblock back unless in dry run mode.  */
+  if (!(opt.dry_run || (options & IMPORT_DRY_RUN)))
     {
-      char *p=get_user_id_native (ctrl, keyid);
-      log_info( _("key %s: \"%s\" revocation certificate imported\n"),
-                keystr(keyid),p);
-      xfree(p);
-    }
-  stats->n_revoc++;
+      rc = keydb_update_keyblock (ctrl, hd, keyblock );
+      if (rc)
+        log_error (_("error writing keyring '%s': %s\n"),
+                   keydb_get_resource_name (hd), gpg_strerror (rc) );
+      keydb_release (hd);
+      hd = NULL;
 
-  /* If the key we just revoked was ultimately trusted, remove its
-     ultimate trust.  This doesn't stop the user from putting the
-     ultimate trust back, but is a reasonable solution for now. */
-  if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
-    clear_ownertrusts (ctrl, pk);
+      /* we are ready */
+      if (!opt.quiet )
+        {
+          char *p=get_user_id_native (ctrl, keyid);
+          log_info( _("key %s: \"%s\" revocation certificate imported\n"),
+                    keystr(keyid),p);
+          xfree(p);
+        }
 
-  revalidation_mark (ctrl);
+      /* If the key we just revoked was ultimately trusted, remove its
+       * ultimate trust.  This doesn't stop the user from putting the
+       * ultimate trust back, but is a reasonable solution for now. */
+      if (get_ownertrust (ctrl, pk) == TRUST_ULTIMATE)
+        clear_ownertrusts (ctrl, pk);
+
+      revalidation_mark (ctrl);
+    }
+  stats->n_revoc++;
 
  leave:
   keydb_release (hd);

commit 86b64876bef0d8c4be8e309fcf3e2ce21e65a947
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Tue Jun 12 00:41:59 2018 -0400

    gpg: Add new usage option for drop-subkey filters.
    
    * g10/import.c (impex_filter_getval): Add new "usage" property for
    drop-subkey filter.
    --
    
    For example, this permits extraction of only encryption-capable
    subkeys like so:
    
        gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR
    
    GnuPG-Bug-id: 4019
    Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
    (cherry picked from commit 2ddfb5bef920919443309ece9fa2930282bbce85)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 2915d25..d0aa010 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2418,6 +2418,11 @@ The available properties are:
   Boolean indicating whether a key or subkey is a secret one.
   (drop-subkey)
 
+  @item usage
+  A string indicating the usage flags for the subkey, from the
+  sequence ``ecsa?''.  For example, a subkey capable of just signing
+  and authentication would be an exact match for ``sa''. (drop-subkey)
+
   @item sig_created
   @itemx sig_created_d
   The first is the timestamp a signature packet was created.  The
diff --git a/g10/import.c b/g10/import.c
index 6d2beaf..b609660 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1296,6 +1296,16 @@ impex_filter_getval (void *cookie, const char *propname)
         {
           result = pk_is_disabled (pk)? "1":"0";
         }
+      else if (!strcmp (propname, "usage"))
+        {
+          snprintf (numbuf, sizeof numbuf, "%s%s%s%s%s",
+                    (pk->pubkey_usage & PUBKEY_USAGE_ENC)?"e":"",
+                    (pk->pubkey_usage & PUBKEY_USAGE_SIG)?"s":"",
+                    (pk->pubkey_usage & PUBKEY_USAGE_CERT)?"c":"",
+                    (pk->pubkey_usage & PUBKEY_USAGE_AUTH)?"a":"",
+                    (pk->pubkey_usage & PUBKEY_USAGE_UNKNOWN)?"?":"");
+          result = numbuf;
+        }
       else
         result = NULL;
     }

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi |  5 +++++
 g10/import.c | 66 ++++++++++++++++++++++++++++++++++++------------------------
 2 files changed, 45 insertions(+), 26 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list