security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Fix bug 894. 

Change default keyserver.
Allow key protection with Camellia.
This commit is contained in:
Werner Koch 2008-03-25 08:33:31 +00:00
parent c2a8254be7
commit d7f0b3bd89
5 changed files with 41 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@ -12,6 +12,8 @@ Noteworthy changes in version 2.0.9 (unreleased)
* Fixed a bug in the ambigious name detection. * Fixed a bug in the ambigious name detection.
* Fixed possible memory corruption while importing OpenPGP keys.
* Minor bug fixes. * Minor bug fixes.

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
2008-03-25 David Shaw <dshaw@jabberwocky.com> (wk)
* import.c (collapse_uids): Fix bug 894: possible memory
corruption around deduplication of user IDs.
2008-03-25 Werner Koch <wk@g10code.com>
* parse-packet.c (parse_key): Parse a secret key encrypted with
Camellia.
* options.skel: Make the default keyserver keys.gnupg.net.
2008-03-18 Werner Koch <wk@g10code.com> 2008-03-18 Werner Koch <wk@g10code.com>
* seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys. * seckey-cert.c (do_check): Use GCRYMPI_FMT_PGP for v3 keys.

21
g10/import.c
View File

@ -1661,11 +1661,17 @@ collapse_uids( KBNODE *keyblock )
{ {
KBNODE uid2; KBNODE uid2;
if(is_deleted_kbnode(uid1))
continue;
if(uid1->pkt->pkttype!=PKT_USER_ID) if(uid1->pkt->pkttype!=PKT_USER_ID)
continue; continue;
for(uid2=uid1->next;uid2;uid2=uid2->next) for(uid2=uid1->next;uid2;uid2=uid2->next)
{ {
if(is_deleted_kbnode(uid2))
continue;
if(uid2->pkt->pkttype!=PKT_USER_ID) if(uid2->pkt->pkttype!=PKT_USER_ID)
continue; continue;
@ -1681,6 +1687,9 @@ collapse_uids( KBNODE *keyblock )
uid1 */ uid1 */
for(last=uid2;last->next;last=last->next) for(last=uid2;last->next;last=last->next)
{ {
if(is_deleted_kbnode(last))
continue;
if(last->next->pkt->pkttype==PKT_USER_ID if(last->next->pkt->pkttype==PKT_USER_ID
|| last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| last->next->pkt->pkttype==PKT_SECRET_SUBKEY) || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
@ -1693,13 +1702,16 @@ collapse_uids( KBNODE *keyblock )
/* Now put uid2 in place as part of uid1 */ /* Now put uid2 in place as part of uid1 */
last->next=uid1->next; last->next=uid1->next;
uid1->next=uid2; uid1->next=uid2;
remove_kbnode(keyblock,uid2); delete_kbnode(uid2);
/* Now dedupe uid1 */ /* Now dedupe uid1 */
for(sig1=uid1->next;sig1;sig1=sig1->next) for(sig1=uid1->next;sig1;sig1=sig1->next)
{ {
KBNODE sig2; KBNODE sig2;
if(is_deleted_kbnode(sig1))
continue;
if(sig1->pkt->pkttype==PKT_USER_ID if(sig1->pkt->pkttype==PKT_USER_ID
|| sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| sig1->pkt->pkttype==PKT_SECRET_SUBKEY) || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
@ -1710,6 +1722,9 @@ collapse_uids( KBNODE *keyblock )
for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next) for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
{ {
if(is_deleted_kbnode(sig2))
continue;
if(sig2->pkt->pkttype==PKT_USER_ID if(sig2->pkt->pkttype==PKT_USER_ID
|| sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
|| sig2->pkt->pkttype==PKT_SECRET_SUBKEY) || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
@ -1723,7 +1738,7 @@ collapse_uids( KBNODE *keyblock )
{ {
/* We have a match, so delete the second /* We have a match, so delete the second
signature */ signature */
remove_kbnode(&uid1,sig2); delete_kbnode(sig2);
sig2=last; sig2=last;
} }
} }
@ -1732,6 +1747,8 @@ collapse_uids( KBNODE *keyblock )
} }
} }
commit_kbnode(keyblock);
if(any && !opt.quiet) if(any && !opt.quiet)
{ {
const char *key="???"; const char *key="???";

10
g10/options.skel
View File

@ -98,7 +98,8 @@ require-cross-certification
# servers can be HKP, email, or LDAP (if GnuPG is built with LDAP # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP
# support). # support).
# #
# Example HKP keyserver: # Example HKP keyservers:
# hkp://keys.gnupg.net
# hkp://subkeys.pgp.net # hkp://subkeys.pgp.net
# #
# Example email keyserver: # Example email keyserver:
@ -121,11 +122,12 @@ require-cross-certification
# Note that most servers (with the notable exception of # Note that most servers (with the notable exception of
# ldap://keyserver.pgp.com) synchronize changes with each other. Note # ldap://keyserver.pgp.com) synchronize changes with each other. Note
# also that a single server name may actually point to multiple # also that a single server name may actually point to multiple
# servers via DNS round-robin. hkp://subkeys.pgp.net is an example of # servers via DNS round-robin. hkp://keys.gnupg.net is an example of
# such a "server", which spreads the load over a number of physical # such a "server", which spreads the load over a number of physical
# servers. # servers. To see the IP address of the server actually used, you may use
# the "--keyserver-options debug".
keyserver hkp://subkeys.pgp.net keyserver hkp://keys.gnupg.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://pgp.surfnet.nl:11370 #keyserver ldap://pgp.surfnet.nl:11370
#keyserver ldap://keyserver.pgp.com #keyserver ldap://keyserver.pgp.com

3
g10/parse-packet.c
View File

@ -1906,8 +1906,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
* enlarge temp. * enlarge temp.
*/ */
switch( sk->protect.algo ) { switch( sk->protect.algo ) {
case 7: case 8: case 9: /* reserved for AES */ case 7: case 8: case 9: /* AES */
case 10: /* Twofish */ case 10: /* Twofish */
case 11: case 12: /* Camellia */
sk->protect.ivlen = 16; sk->protect.ivlen = 16;
break; break;
default: default: