From 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Wed, 15 Nov 2017 11:41:54 +0100 Subject: [PATCH 1/9] w32: Fix default registry path * configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash. -- Windows does not like the leading backslash and won't read the key. Problem reported in the Gpg4win Message boards. This bug was introduced by rev. 75ba215e Signed-off-by: Andre Heinecke --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 227b57f78..13f1ab604 100644 --- a/configure.ac +++ b/configure.ac @@ -1814,7 +1814,7 @@ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER, AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) if test "$have_w32_system" = yes; then - AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG", + AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG", [The directory part of the W32 registry keys]) fi From 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 17 Nov 2017 10:34:40 +0100 Subject: [PATCH 2/9] dirmngr: Fix double free of a hash context in the error case. * dirmngr/crlcache.c: Clearly document that this fucntions takes ownership of MD. (abort_sig_check): Allow NULL for MD. (crl_parse_insert): Immediately set MD to NULL. Remove check for md before a calling abort_sig_check. -- GnuPG-bug-id: 3510 Signed-off-by: Werner Koch --- dirmngr/crlcache.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 248ad9ad4..6eeeb8dd3 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo) should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the signature does not verify or any other error code. CRL is the CRL object we are working on, MD the hash context and ISSUER_CERT the - certificate of the CRL issuer. This function closes MD. */ + certificate of the CRL issuer. This function takes ownership of MD. */ static gpg_error_t finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, ksba_cert_t issuer_cert) @@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, /* Call this to match a start_sig_check that can not be completed - normally. */ + normally. Takes ownership of MD if MD is not NULL. */ static void abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md) { (void)crl; - gcry_md_close (md); + if (md) + gcry_md_close (md); } @@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, } err = finish_sig_check (crl, md, algo, crlissuer_cert); + md = NULL; /* Closed. */ if (err) { log_error (_("CRL signature verification failed: %s\n"), gpg_strerror (err)); goto failure; } - md = NULL; err = validate_cert_chain (ctrl, crlissuer_cert, NULL, (VALIDATE_FLAG_TRUST_CONFIG @@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl, failure: - if (md) - abort_sig_check (crl, md); + abort_sig_check (crl, md); ksba_cert_release (crlissuer_cert); return err; } From e1984969cac06a88c7e6f5e49e5c3104d10a847d Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Mon, 20 Nov 2017 11:33:26 +0900 Subject: [PATCH 3/9] build: BSD make support for yat2m. * configure.ac (YAT2M): Only define when found. * doc/Makefile.am: Portability fix. -- This is not intended to apply to master, but 2.2 branch only. When new libgpg-error is required, installation of yat2m can be assumed. Signed-off-by: NIIBE Yutaka --- configure.ac | 3 ++- doc/Makefile.am | 12 ++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 13f1ab604..42c069863 100644 --- a/configure.ac +++ b/configure.ac @@ -602,8 +602,9 @@ AC_PROG_RANLIB AC_CHECK_TOOL(AR, ar, :) AC_PATH_PROG(PERL,"perl") AC_CHECK_TOOL(WINDRES, windres, :) -AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" ) +AC_PATH_PROG(YAT2M, "yat2m") AC_ARG_VAR(YAT2M, [tool to convert texi to man pages]) +AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M") AC_ISC_POSIX AC_SYS_LARGEFILE GNUPG_CHECK_USTAR diff --git a/doc/Makefile.am b/doc/Makefile.am index 097a56061..aba84ba3c 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -112,8 +112,16 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ gnupg-module-overview.eps \ $(myman_pages) gnupg.7 +if HAVE_YAT2M +YAT2M_CMD = $(YAT2M) +YAT2M_DEP = $(YAT2M) +else +YAT2M_CMD = ./yat2m +YAT2M_DEP = yat2m + yat2m: yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c +endif mkdefsinc: mkdefsinc.c Makefile ../config.h $(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \ @@ -146,12 +154,12 @@ yat2m-stamp: $(myman_sources) defs.inc @touch yat2m-stamp.tmp incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ for file in $(myman_sources) ; do \ - $(YAT2M) $(YAT2M_OPTIONS) --store \ + $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \ --date "`cat $$incd 2>/dev/null`" \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ -yat2m-stamp: $(YAT2M) +yat2m-stamp: $(YAT2M_DEP) $(myman_pages) gnupg.7 : yat2m-stamp defs.inc @if test -f $@; then :; else \ From 3ecd1a41be7c880976987d13e88342c98f37e064 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Mon, 20 Nov 2017 12:01:31 +0900 Subject: [PATCH 4/9] build: Check -Wlogical-op flag availability with -Werror. * configure.ac: Use -Werror. -- Using clang, -Wlogical-op doesn't fail but generates warning. Signed-off-by: NIIBE Yutaka --- configure.ac | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 42c069863..3d3a136b4 100644 --- a/configure.ac +++ b/configure.ac @@ -1612,12 +1612,20 @@ if test "$GCC" = yes; then mycflags="$mycflags -Wdeclaration-after-statement" fi - AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla]) - CFLAGS="-Wlogical-op -Wvla" + AC_MSG_CHECKING([if gcc supports -Wlogical-op]) + CFLAGS="-Wlogical-op -Werror" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_MSG_RESULT($_gcc_wopt) if test x"$_gcc_wopt" = xyes ; then - mycflags="$mycflags -Wlogical-op -Wvla" + mycflags="$mycflags -Wlogical-op -Werror" + fi + + AC_MSG_CHECKING([if gcc supports -Wvla]) + CFLAGS="-Wvla" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) + AC_MSG_RESULT($_gcc_wopt) + if test x"$_gcc_wopt" = xyes ; then + mycflags="$mycflags -Wvla" fi else From 760aa8aadafb747f33a1461ab0c2570b5ae43716 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Tue, 7 Nov 2017 10:49:36 +0900 Subject: [PATCH 5/9] agent: Use clock or clock_gettime for calibration. * agent/protect.c (calibrate_get_time): Use clock or clock_gettime. -- For calibration, clock(3) is better than times(3) among UNIXen. Tested on NetBSD 7.1 and FreeBSD 11.1, using QEMU. Thanks to Damien Goutte-Gattat for the information of use of CLOCKS_PER_SEC; The old code with times(3) is not 100% correct, in terms of POSIX. It should have used sysconf (_SC_CLK_TCK) instead of CLOCKS_PER_SEC. CLOCKS_PER_SEC is specifically for clock(3). GnuPG-bug-id: 3056, 3276, 3472 Signed-off-by: NIIBE Yutaka (cherry picked from commit 380bce13d94ff03c96e39ac1d834f382c5c730a1) --- agent/protect.c | 14 +++++++++----- agent/t-protect.c | 2 +- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/agent/protect.c b/agent/protect.c index 3073fc4de..9bb2da6b3 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -104,11 +105,14 @@ calibrate_get_time (struct calibrate_time_s *data) &data->creation_time, &data->exit_time, &data->kernel_time, &data->user_time); # endif -#else - struct tms tmp; +#elif defined (CLOCK_THREAD_CPUTIME_ID) + struct timespec tmp; - times (&tmp); - data->ticks = tmp.tms_utime; + clock_gettime (CLOCK_THREAD_CPUTIME_ID, &tmp); + data->ticks = (clock_t)(((unsigned long long)tmp.tv_sec * 1000000000 + + tmp.tv_nsec) * CLOCKS_PER_SEC / 1000000000); +#else + data->ticks = clock (); #endif } @@ -135,7 +139,7 @@ calibrate_elapsed_time (struct calibrate_time_s *starttime) } #else return (unsigned long)((((double) (stoptime.ticks - starttime->ticks)) - /CLOCKS_PER_SEC)*10000000); + /CLOCKS_PER_SEC)*1000); #endif } diff --git a/agent/t-protect.c b/agent/t-protect.c index 1d3c8ec17..92d312c9b 100644 --- a/agent/t-protect.c +++ b/agent/t-protect.c @@ -322,9 +322,9 @@ test_agent_protect_shared_secret (void) int main (int argc, char **argv) { - (void)argc; (void)argv; + opt.verbose = argc - 1; /* We can do "./t-protect -v -v" */ gcry_control (GCRYCTL_DISABLE_SECMEM); test_agent_protect (); From 7ffedfab8909a45a4b0347a5f7b52222e8439f1d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 13 Nov 2017 10:52:36 +0100 Subject: [PATCH 6/9] gpg-agent: Avoid getting stuck in shutdown pending state. * agent/gpg-agent.c (handle_connections): Always check inotify fds. -- I noticed a gpg-agent processed, probably in shutdown_pending state, which was selecting on only these two inotify fds. The select returned immediately but because we did not handle the fds in shutdown_pending state they were not read and the next select call returned one of them immediately again. Actually that should not hanppen because the if (active_connections == 0) break; /* ready */ should have terminated the loop. For unknown reasons (maybe be just a connection thread terminated in a gdb session) that did not happen. By moving the check outside of the shutdown_pending condition and closing the fd after they have been triggered the code should be more robust. Signed-off-by: Werner Koch (cherry picked from commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25) --- agent/gpg-agent.c | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 2e19d19c1..0b2b98212 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -3000,27 +3000,34 @@ handle_connections (gnupg_fd_t listen_fd, next timeout. */ continue; + /* The inotify fds are set even when a shutdown is pending (see + * above). So we must handle them in any case. To avoid that + * they trigger a second time we close them immediately. */ + if (sock_inotify_fd != -1 + && FD_ISSET (sock_inotify_fd, &read_fdset) + && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME)) + { + shutdown_pending = 1; + close (sock_inotify_fd); + sock_inotify_fd = -1; + log_info ("socket file has been removed - shutting down\n"); + } + + if (home_inotify_fd != -1 + && FD_ISSET (home_inotify_fd, &read_fdset)) + { + shutdown_pending = 1; + close (home_inotify_fd); + home_inotify_fd = -1; + log_info ("homedir has been removed - shutting down\n"); + } + if (!shutdown_pending) { int idx; ctrl_t ctrl; npth_t thread; - if (sock_inotify_fd != -1 - && FD_ISSET (sock_inotify_fd, &read_fdset) - && gnupg_inotify_has_name (sock_inotify_fd, GPG_AGENT_SOCK_NAME)) - { - shutdown_pending = 1; - log_info ("socket file has been removed - shutting down\n"); - } - - if (home_inotify_fd != -1 - && FD_ISSET (home_inotify_fd, &read_fdset)) - { - shutdown_pending = 1; - log_info ("homedir has been removed - shutting down\n"); - } - for (idx=0; idx < DIM(listentbl); idx++) { if (listentbl[idx].l_fd == GNUPG_INVALID_FD) From 04d9833e71cc9d0c087faec091c29b0b6cf69488 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 20 Nov 2017 12:32:31 +0100 Subject: [PATCH 7/9] build: Use -Werror only for the check. * configure.ac: Do not add -Werror to mycflags. -- On Windows and possible also on other platforms we expect to a get a few errors or warnins. Thus we can't use -Werror by default. This is why we have a separate configure options --enable-werror ;-). Fixes-commit: 3ecd1a41be7c880976987d13e88342c98f37e064 Signed-off-by: Werner Koch --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 3d3a136b4..fb6f0da52 100644 --- a/configure.ac +++ b/configure.ac @@ -1617,7 +1617,7 @@ if test "$GCC" = yes; then AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_MSG_RESULT($_gcc_wopt) if test x"$_gcc_wopt" = xyes ; then - mycflags="$mycflags -Wlogical-op -Werror" + mycflags="$mycflags -Wlogical-op" fi AC_MSG_CHECKING([if gcc supports -Wvla]) From 97f4feaaca8da4dcf1ca09a2016693155016f06b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 20 Nov 2017 12:39:16 +0100 Subject: [PATCH 8/9] Release 2.2.3 --- NEWS | 19 ++++++++++++++++++- README | 16 ++++++++-------- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index ce6c5d787..38a8da13c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,21 @@ -Noteworthy changes in version 2.2.3 (unreleased) +Noteworthy changes in version 2.2.3 (2017-11-20) ------------------------------------------------ + * gpgsm: Fix initial keybox creation on Windows. [#3507] + + * dirmngr: Fix crash in case of a CRL loading error. [#3510] + + * Fix the name of the Windows registry key. [Git#4f5afaf1fd] + + * gpgtar: Fix wrong behaviour of --set-filename. [#3500] + + * gpg: Silence AKL retrieval messages. [#3504] + + * agent: Use clock or clock_gettime for calibration. [#3056] + + * agent: Improve robustness of the shutdown pending + state. [Git#7ffedfab89] + Noteworthy changes in version 2.2.2 (2017-11-07) ------------------------------------------------ @@ -44,6 +59,8 @@ Noteworthy changes in version 2.2.2 (2017-11-07) * Add configure option --enable-werror. [#2423] + See-also: gnupg-announce/2017q4/000416.html + Noteworthy changes in version 2.2.1 (2017-09-19) ------------------------------------------------ diff --git a/README b/README index dd66dabad..23f705a60 100644 --- a/README +++ b/README @@ -33,11 +33,11 @@ GnuPG 2.2 depends on the following GnuPG related packages: - npth (ftp://ftp.gnupg.org/gcrypt/npth/) - libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) - libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) - libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) - libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) + npth (https://gnupg.org/ftp/gcrypt/npth/) + libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) + libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/) + libksba (https://gnupg.org/ftp/gcrypt/libksba/) + libassuan (https://gnupg.org/ftp/gcrypt/libassuan/) You should get the latest versions of course, the GnuPG configure script complains if a version is not sufficient. @@ -48,7 +48,7 @@ You also need the Pinentry package for most functions of GnuPG; however it is not a build requirement. Pinentry is available at - ftp://ftp.gnupg.org/gcrypt/pinentry/ . + https://gnupg.org/ftp/gcrypt/pinentry/ . After building and installing the above packages in the order as given above, you may continue with GnuPG installation (you may also @@ -228,7 +228,7 @@ You subscribe to one of the list by sending mail with a subject of "subscribe" to x-request@gnupg.org, where x is the name of the mailing list (gnupg-announce, gnupg-users, etc.). See - https://www.gnupg.org/documentation/mailing-lists.html for archives + https://gnupg.org/documentation/mailing-lists.html for archives of the mailing lists. Please direct bug reports to [[https://bugs.gnupg.org]] or post them @@ -241,7 +241,7 @@ authors and we try to answer questions when time allows us. Commercial grade support for GnuPG is available; for a listing of - offers see https://www.gnupg.org/service.html . Maintaining and + offers see https://gnupg.org/service.html . Maintaining and improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, a German company owned and headed by GnuPG's principal author Werner Koch, is bearing the majority of these costs. To keep GnuPG in a From e0140c0a6abcb07207234857e0a8ba6b2e60ed51 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 20 Nov 2017 13:35:36 +0100 Subject: [PATCH 9/9] Post release updates -- --- NEWS | 4 ++++ configure.ac | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 38a8da13c..f59b9cd70 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.2.4 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.2.3 (2017-11-20) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index fb6f0da52..a9b7a0585 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [3]) +m4_define([mym4_micro], [4]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release