diff options
| author | Alexis Hildebrandt <afh@surryhill.net> | 2023-03-22 12:08:24 +0100 |
|---|---|---|
| committer | Alexis Hildebrandt <afh@surryhill.net> | 2023-04-13 20:29:26 +0200 |
| commit | f92d7c3a205d2674f65d0afade55513f9aeabd7a (patch) | |
| tree | 5c9bc6fb0712e83c035649ca4f1ab780fc890e11 | |
| parent | 6f635e39af3e6ac03db4032258b28666e103051e (diff) | |
gnupg: Remove patch for code that is disabled upstream
| -rw-r--r-- | pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch | 34 | ||||
| -rw-r--r-- | pkgs/tools/security/gnupg/22.nix | 5 | ||||
| -rw-r--r-- | pkgs/tools/security/gnupg/24.nix | 6 |
3 files changed, 0 insertions, 45 deletions
diff --git a/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch b/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch deleted file mode 100644 index 061fb0e8de9c1..0000000000000 --- a/pkgs/tools/security/gnupg/0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 1c9cc97e9d47d73763810dcb4a36b6cdf31a2254 Mon Sep 17 00:00:00 2001 -From: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -Date: Sun, 30 Jun 2019 11:54:35 -0400 -Subject: [PATCH] dirmngr: Only use SKS pool CA for SKS pool - -* dirmngr/http.c (http_session_new): when checking whether the -keyserver is the HKPS pool, check specifically against the pool name, -as ./configure might have been used to select a different default -keyserver. It makes no sense to apply Kristian's certificate -authority to anything other than the literal host -hkps.pool.sks-keyservers.net. - -Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -GnuPG-Bug-Id: 4593 ---- - dirmngr/http.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/dirmngr/http.c b/dirmngr/http.c -index 384f2569d..8e5d53939 100644 ---- a/dirmngr/http.c -+++ b/dirmngr/http.c -@@ -767,7 +767,7 @@ http_session_new (http_session_t *r_session, - - is_hkps_pool = (intended_hostname - && !ascii_strcasecmp (intended_hostname, -- get_default_keyserver (1))); -+ "hkps.pool.sks-keyservers.net")); - - /* If the user has not specified a CA list, and they are looking - * for the hkps pool from sks-keyservers.net, then default to --- -2.22.0 - diff --git a/pkgs/tools/security/gnupg/22.nix b/pkgs/tools/security/gnupg/22.nix index 7c93e1c70f2c8..37887989c8fc1 100644 --- a/pkgs/tools/security/gnupg/22.nix +++ b/pkgs/tools/security/gnupg/22.nix @@ -34,11 +34,6 @@ stdenv.mkDerivation rec { ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch - - # The following patch has no effect as the code is - # "[d]isabled for 2.2.19 to due problems with the standard hkps pool." - #./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch - ./22-allow-import-of-previously-known-keys-even-without-UI.patch ]; diff --git a/pkgs/tools/security/gnupg/24.nix b/pkgs/tools/security/gnupg/24.nix index a6815e1d06792..827a19c3340d0 100644 --- a/pkgs/tools/security/gnupg/24.nix +++ b/pkgs/tools/security/gnupg/24.nix @@ -35,13 +35,7 @@ stdenv.mkDerivation rec { ./fix-libusb-include-path.patch ./tests-add-test-cases-for-import-without-uid.patch ./accept-subkeys-with-a-good-revocation-but-no-self-sig.patch - - # The following patch has no effect as the code is - # "[d]isabled for 2.3.2 to due problems with the standard hkps pool." - #./0001-dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch - ./24-allow-import-of-previously-known-keys-even-without-UI.patch - # Patch for DoS vuln from https://seclists.org/oss-sec/2022/q3/27 ./v3-0001-Disallow-compressed-signatures-and-certificates.patch ]; |