3 files changed, 47 insertions, 19 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 50dca45ca..cf9a8c919 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+2009-04-01  Werner Koch  <[email protected]>
+
+	* gpg.c (main): Properly handle UTF8 usernames with --sign-key and
+	--lsign-key.  From 1.4, David 2008-12-21.
+
+2009-03-20  David Shaw  <[email protected]>  (wk)
+
+	* keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on
+	secret keyring files to be extra safe on filesystems that may not
+	sync data and metadata together (ext4).  Also check return code
+	from the cache invalidation to make sure we're safe over NFS and
+	similar.
+
 2009-03-31  Werner Koch  <[email protected]>
 
 	* passphrase.c (ask_passphrase): Use percent_plus_unescape.
diff --git a/g10/gpg.c b/g10/gpg.c
index a88b1ffc3..352729ba2 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3562,7 +3562,7 @@ main (int argc, char **argv)
 
 	append_to_strlist( &sl, "save" );
 	username = make_username( fname );
-	keyedit_menu(fname, locusr, sl, 0, 0 );
+	keyedit_menu (username, locusr, sl, 0, 0 );
 	xfree(username);
 	free_strlist(sl);
 	break;
diff --git a/g10/keyring.c b/g10/keyring.c
index ca2513198..00a5bb986 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1,5 +1,5 @@
 /* keyring.c - keyring file handling
- * Copyright (C) 2001, 2004 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1219,10 +1219,23 @@ static int
 rename_tmp_file (const char *bakfname, const char *tmpfname,
                  const char *fname, int secret )
 {
-  int rc=0;
+  int rc = 0;
 
-  /* invalidate close caches*/
-  iobuf_ioctl (NULL, 2, 0, (char*)tmpfname );
+  /* It's a secret keyring, so let's force a fsync just to be safe on
+     filesystems that may not sync data and metadata together
+     (e.g. ext4). */
+  if (secret && iobuf_ioctl (NULL, 4, 0, (char*)tmpfname))
+    {
+      rc = gpg_error_from_syserror ();
+      goto fail;
+    }
+
+  /* Invalidate close caches.  */
+  if (iobuf_ioctl (NULL, 2, 0, (char*)tmpfname ))
+    {
+      rc = gpg_error_from_syserror ();
+      goto fail;
+    }
   iobuf_ioctl (NULL, 2, 0, (char*)bakfname );
   iobuf_ioctl (NULL, 2, 0, (char*)fname );
 
@@ -1253,15 +1266,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
       log_error (_("renaming `%s' to `%s' failed: %s\n"),
                  tmpfname, fname, strerror(errno) );
       register_secured_file (fname);
-      if (secret)
-        {
-          log_info(_("WARNING: 2 files with confidential"
-                     " information exists.\n"));
-          log_info(_("%s is the unchanged one\n"), fname );
-          log_info(_("%s is the new one\n"), tmpfname );
-          log_info(_("Please fix this possible security flaw\n"));
-	}
-      return rc;
+      goto fail;
     }
 
   /* Now make sure the file has the same permissions as the original */
@@ -1272,17 +1277,27 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
 
     statbuf.st_mode=S_IRUSR | S_IWUSR;
 
-    if(((secret && !opt.preserve_permissions) ||
-	(stat(bakfname,&statbuf)==0)) &&
-       (chmod(fname,statbuf.st_mode)==0))
+    if (((secret && !opt.preserve_permissions)
+         || !stat (bakfname,&statbuf)) 
+        && !chmod (fname,statbuf.st_mode))
       ;
     else
-      log_error("WARNING: unable to restore permissions to `%s': %s",
-		fname,strerror(errno));
+      log_error ("WARNING: unable to restore permissions to `%s': %s",
+                 fname, strerror(errno));
   }
 #endif
 
   return 0;
+
+ fail:
+  if (secret)
+    {
+      log_info(_("WARNING: 2 files with confidential information exists.\n"));
+      log_info(_("%s is the unchanged one\n"), fname );
+      log_info(_("%s is the new one\n"), tmpfname );
+      log_info(_("Please fix this possible security flaw\n"));
+    }
+  return rc;
 }