Browse Source

n/gnupg2: Patched for domain-restricted tsigns.

slackware-14.2
Damien Goutte-Gattat 5 years ago
parent
commit
47e5051ba0
  1. 36
      n/gnupg2/gnupg-2.1.17-fix-check-regexp-msg.diff
  2. 34
      n/gnupg2/gnupg-2.1.17-fix-regexp-sanitization.diff
  3. 72
      n/gnupg2/gnupg-2.1.17-frozen-faked-time.diff
  4. 7
      n/gnupg2/gnupg2.SlackBuild

36
n/gnupg2/gnupg-2.1.17-fix-check-regexp-msg.diff

@ -0,0 +1,36 @@
commit bdcec4d67450ee58d1e5dbdf262356c5f7ee0dbd
Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Tue Jan 17 20:37:49 2017 +0100
gpg: Fix misleading log message when checking regexp.
* src/trustdb.c (check_regexp): Correctly print whether the
regexp matched or not.
--
This patch fixes the log message displayed when gpg attempts to
match the regexp associated with a trust signature with an user ID.
The current message interprets the 'ret' variable backwards, and
displays 'YES' when the regexp actually fails to match.
diff --git a/g10/trustdb.c b/g10/trustdb.c
index c113b7e..75714ab 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1550,14 +1550,14 @@ check_regexp(const char *expr,const char *string)
{
ret=regexec(&pat,string,0,NULL,0);
regfree(&pat);
- ret=(ret==0);
}
+ ret=(ret==0);
}
#endif
if(DBG_TRUST)
log_debug("regexp '%s' ('%s') on '%s': %s\n",
- regexp,expr,string,ret==0?"YES":"NO");
+ regexp,expr,string,ret?"YES":"NO");
xfree(regexp);

34
n/gnupg2/gnupg-2.1.17-fix-regexp-sanitization.diff

@ -0,0 +1,34 @@
commit 7b9ce0365c32396ec0af68092804b43d88792a42
Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Tue Jan 17 22:53:14 2017 +0100
gpg: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Do not escape normal characters.
--
The current sanitization code escapes ALL characters in the
regular expression, including characters that do not have any
special meaning and only match themselves. Only the dot (.)
is not escaped.
This leads to, e.g., 'example.com' being sanitized into
'\e\x\a\m\p\l\e.\c\o\m', which will then fail to match against
'alice@example.com'.
This patch updates the function to escape only the meaningful
characters (minus the dot).
diff --git a/g10/trustdb.c b/g10/trustdb.c
index c113b7e..e5f32da 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1498,7 +1498,7 @@ sanitize_regexp(const char *old)
{
if(!escaped && old[start]=='\\')
escaped=1;
- else if(!escaped && old[start]!='.')
+ else if(!escaped && strchr("[]$^()|*+?{}", old[start]))
new[idx++]='\\';
else
escaped=0;

72
n/gnupg2/gnupg-2.1.17-frozen-faked-time.diff

@ -0,0 +1,72 @@
commit 8b4cc3421a7c0be5fe23c6857967d995a58dcdf3
Author: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Date: Wed Jan 18 18:37:19 2017 +0100
gpg: Allow to freeze faked system time.
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--
This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.
diff --git a/common/gettime.c b/common/gettime.c
index e5da4fb..3e1ee55 100644
--- a/common/gettime.c
+++ b/common/gettime.c
@@ -133,7 +133,7 @@ gnupg_set_time (time_t newtime, int freeze)
else if (freeze)
{
timemode = FROZEN;
- timewarp = current;
+ timewarp = newtime == (time_t)-1 ? current : newtime;
}
else if (newtime > current)
{
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 4ea2cd2..044ba37 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2748,6 +2748,9 @@ forth to @var{epoch} which is the number of seconds elapsed since the year
1970. Alternatively @var{epoch} may be given as a full ISO time string
(e.g. "20070924T154812").
+If you suffix @var{epoch} with an exclamation mark (!), the system time
+will appear to be frozen at the specified time.
+
@item --enable-progress-filter
@opindex enable-progress-filter
Enable certain PROGRESS status outputs. This option allows frontends
diff --git a/g10/gpg.c b/g10/gpg.c
index 8c5b505..f9039ae 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3493,10 +3493,20 @@ main (int argc, char **argv)
case oFakedSystemTime:
{
- time_t faked_time = isotime2epoch (pargs.r.ret_str);
+ size_t len = strlen (pargs.r.ret_str);
+ int freeze = 0;
+ time_t faked_time;
+
+ if (len > 0 && pargs.r.ret_str[len-1] == '!')
+ {
+ freeze = 1;
+ pargs.r.ret_str[len-1] = '\0';
+ }
+
+ faked_time = isotime2epoch (pargs.r.ret_str);
if (faked_time == (time_t)(-1))
faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
- gnupg_set_time (faked_time, 0);
+ gnupg_set_time (faked_time, freeze);
}
break;

7
n/gnupg2/gnupg2.SlackBuild

@ -1,6 +1,6 @@
#!/bin/bash
# Build script for Slackware
# Copyright (C) 2014,2015,2016 Damien Goutte-Gattat
# Copyright (C) 2014,2015,2016,2017 Damien Goutte-Gattat
#
# Redistribution and use of this script, with or without modifications,
# is permitted provided that the following conditions are met:
@ -35,7 +35,7 @@ WGET=${WGET:-https://www.gnupg.org/ftp/gcrypt/gnupg/$ARCHIVE}
# Build infos
NAMEPKG=${NAMEPKG:-gnupg2}
BUILD=${BUILD:-2GGD}
BUILD=${BUILD:-3GGD}
ARCH=${ARCH:-$(uname -m | sed 's/^i.86$/i486/;s/^arm.*/arm/')}
JOBS=${JOBS:-1}
EXT=${EXT:-txz}
@ -87,6 +87,9 @@ echo "Building $ARCHIVE..."
tar xf $CWD/$ARCHIVE
cd $NAME
patch -p 1 < $CWD/gnupg-2.1.17-fix-disable-libdns.diff
patch -p 1 < $CWD/gnupg-2.1.17-frozen-faked-time.diff
patch -p 1 < $CWD/gnupg-2.1.17-fix-check-regexp-msg.diff
patch -p 1 < $CWD/gnupg-2.1.17-fix-regexp-sanitization.diff
CFLAGS=$CPUOPT \
CXXFLAGS=$CPUOPT \
./configure \

Loading…
Cancel
Save