File gnupg-CVE-2019-13050_3_of_5.patch of Package gpg2.30813

commit 23c978640812d123eaffd4108744bdfcf48f7c93
Author: Werner Koch <wk@gnupg.org>
Date:   Thu Jul 4 15:45:39 2019 +0200

    gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
    
    * g10/gpg.c (main): Change default.
    --
    
    Due to the DoS attack on the keyeservers we do not anymore default to
    import key signatures.  That makes the keyserver unsuable for getting
    keys for the WoT but it still allows to retriev keys - even if that
    takes long to download the large keyblocks.
    
    To revert to the old behavior add
    
      keyserver-optiions  no-self-sigs-only,no-import-clean
    
    to gpg.conf.
    
    GnuPG-bug-id: 4607
    Signed-off-by: Werner Koch <wk@gnupg.org>

Index: gnupg-2.0.24/doc/gpg.texi
===================================================================
--- gnupg-2.0.24.orig/doc/gpg.texi
+++ gnupg-2.0.24/doc/gpg.texi
@@ -1671,6 +1671,10 @@ are available for all keyserver types, s
 
 @end table
 
+The default list of options is: "self-sigs-only, import-clean,
+repair-keys, repair-pks-subkey-bug, export-attributes,
+honor-pka-record".
+
 @item --completes-needed @code{n}
 @opindex compliant-needed
 Number of completely trusted users to introduce a new
Index: gnupg-2.0.24/g10/gpg.c
===================================================================
--- gnupg-2.0.24.orig/g10/gpg.c
+++ gnupg-2.0.24/g10/gpg.c
@@ -1991,7 +1991,9 @@ main (int argc, char **argv)
     opt.flags.require_cross_cert = 1;
     opt.import_options=IMPORT_SK2PK;
     opt.export_options=EXPORT_ATTRIBUTES;
-    opt.keyserver_options.import_options=IMPORT_REPAIR_PKS_SUBKEY_BUG;
+    opt.keyserver_options.import_options= (IMPORT_REPAIR_PKS_SUBKEY_BUG
+					   | IMPORT_SELF_SIGS_ONLY
+					   | IMPORT_CLEAN);
     opt.keyserver_options.export_options=EXPORT_ATTRIBUTES;
     opt.keyserver_options.options=
       KEYSERVER_HONOR_KEYSERVER_URL|KEYSERVER_HONOR_PKA_RECORD;