Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
gpg2.11996
gnupg-CVE-2019-13050_3_of_5.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnupg-CVE-2019-13050_3_of_5.patch of Package gpg2.11996
commit 23c978640812d123eaffd4108744bdfcf48f7c93 Author: Werner Koch <wk@gnupg.org> Date: Thu Jul 4 15:45:39 2019 +0200 gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. * g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <wk@gnupg.org> Index: gnupg-2.0.24/doc/gpg.texi =================================================================== --- gnupg-2.0.24.orig/doc/gpg.texi +++ gnupg-2.0.24/doc/gpg.texi @@ -1671,6 +1671,10 @@ are available for all keyserver types, s @end table +The default list of options is: "self-sigs-only, import-clean, +repair-keys, repair-pks-subkey-bug, export-attributes, +honor-pka-record". + @item --completes-needed @code{n} @opindex compliant-needed Number of completely trusted users to introduce a new Index: gnupg-2.0.24/g10/gpg.c =================================================================== --- gnupg-2.0.24.orig/g10/gpg.c +++ gnupg-2.0.24/g10/gpg.c @@ -1991,7 +1991,9 @@ main (int argc, char **argv) opt.flags.require_cross_cert = 1; opt.import_options=IMPORT_SK2PK; opt.export_options=EXPORT_ATTRIBUTES; - opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG; + opt.keyserver_options.import_options= (IMPORT_REPAIR_PKS_SUBKEY_BUG + | IMPORT_SELF_SIGS_ONLY + | IMPORT_CLEAN); opt.keyserver_options.export_options=EXPORT_ATTRIBUTES; opt.keyserver_options.options= KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_HONOR_PKA_RECORD;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor