security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Merge branch 'STABLE-BRANCH-2-2' into master

This commit is contained in:
Werner Koch 2017-11-20 14:54:44 +01:00
parent 0cfdd3b57d e0140c0a6a
commit 668f6c3de6
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 38 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README
View File

@ -34,11 +34,11 @@
GnuPG 2.2 depends on the following GnuPG related packages: GnuPG 2.2 depends on the following GnuPG related packages:
npth (ftp://ftp.gnupg.org/gcrypt/npth/) npth (https://gnupg.org/ftp/gcrypt/npth/)
libgpg-error (ftp://ftp.gnupg.org/gcrypt/libgpg-error/) libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/)
libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) libksba (https://gnupg.org/ftp/gcrypt/libksba/)
libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) libassuan (https://gnupg.org/ftp/gcrypt/libassuan/)
You should get the latest versions of course, the GnuPG configure You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient. script complains if a version is not sufficient.
@ -49,7 +49,7 @@
You also need the Pinentry package for most functions of GnuPG; You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at however it is not a build requirement. Pinentry is available at
ftp://ftp.gnupg.org/gcrypt/pinentry/ . https://gnupg.org/ftp/gcrypt/pinentry/ .
After building and installing the above packages in the order as After building and installing the above packages in the order as
given above, you may continue with GnuPG installation (you may also given above, you may continue with GnuPG installation (you may also
@ -229,7 +229,7 @@
You subscribe to one of the list by sending mail with a subject of You subscribe to one of the list by sending mail with a subject of
"subscribe" to x-request@gnupg.org, where x is the name of the "subscribe" to x-request@gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). See mailing list (gnupg-announce, gnupg-users, etc.). See
https://www.gnupg.org/documentation/mailing-lists.html for archives https://gnupg.org/documentation/mailing-lists.html for archives
of the mailing lists. of the mailing lists.
Please direct bug reports to [[https://bugs.gnupg.org]] or post them Please direct bug reports to [[https://bugs.gnupg.org]] or post them
@ -242,7 +242,7 @@
authors and we try to answer questions when time allows us. authors and we try to answer questions when time allows us.
Commercial grade support for GnuPG is available; for a listing of Commercial grade support for GnuPG is available; for a listing of
offers see https://www.gnupg.org/service.html . Maintaining and offers see https://gnupg.org/service.html . Maintaining and
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH, improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
a German company owned and headed by GnuPG's principal author Werner a German company owned and headed by GnuPG's principal author Werner
Koch, is bearing the majority of these costs. To keep GnuPG in a Koch, is bearing the majority of these costs. To keep GnuPG in a

19
configure.ac
View File

@ -611,8 +611,9 @@ AC_PROG_RANLIB
AC_CHECK_TOOL(AR, ar, :) AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl") AC_PATH_PROG(PERL,"perl")
AC_CHECK_TOOL(WINDRES, windres, :) AC_CHECK_TOOL(WINDRES, windres, :)
AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" ) AC_PATH_PROG(YAT2M, "yat2m")
AC_ARG_VAR(YAT2M, [tool to convert texi to man pages]) AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
AC_ISC_POSIX AC_ISC_POSIX
AC_SYS_LARGEFILE AC_SYS_LARGEFILE
GNUPG_CHECK_USTAR GNUPG_CHECK_USTAR
@ -1620,12 +1621,20 @@ if test "$GCC" = yes; then
mycflags="$mycflags -Wdeclaration-after-statement" mycflags="$mycflags -Wdeclaration-after-statement"
fi fi
AC_MSG_CHECKING([if gcc supports -Wlogical-op and -Wvla]) AC_MSG_CHECKING([if gcc supports -Wlogical-op])
CFLAGS="-Wlogical-op -Wvla" CFLAGS="-Wlogical-op -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt) AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -Wlogical-op -Wvla" mycflags="$mycflags -Wlogical-op"
fi
AC_MSG_CHECKING([if gcc supports -Wvla])
CFLAGS="-Wvla"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
AC_MSG_RESULT($_gcc_wopt)
if test x"$_gcc_wopt" = xyes ; then
mycflags="$mycflags -Wvla"
fi fi
else else
@ -1836,7 +1845,7 @@ AC_DEFINE_UNQUOTED(DIRMNGR_DEFAULT_KEYSERVER,
AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix]) AC_DEFINE_UNQUOTED(GPGEXT_GPG, "gpg", [The standard binary file suffix])
if test "$have_w32_system" = yes; then if test "$have_w32_system" = yes; then
AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "\\\\Software\\\\GNU\\\\GnuPG", AC_DEFINE_UNQUOTED(GNUPG_REGISTRY_DIR, "Software\\\\GNU\\\\GnuPG",
[The directory part of the W32 registry keys]) [The directory part of the W32 registry keys])
fi fi

12
dirmngr/crlcache.c
View File

@ -1562,7 +1562,7 @@ start_sig_check (ksba_crl_t crl, gcry_md_hd_t *md, int *algo)
should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the should return 0 on a good signature, GPG_ERR_BAD_SIGNATURE if the
signature does not verify or any other error code. CRL is the CRL signature does not verify or any other error code. CRL is the CRL
object we are working on, MD the hash context and ISSUER_CERT the object we are working on, MD the hash context and ISSUER_CERT the
certificate of the CRL issuer. This function closes MD. */ certificate of the CRL issuer. This function takes ownership of MD. */
static gpg_error_t static gpg_error_t
finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo, finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
ksba_cert_t issuer_cert) ksba_cert_t issuer_cert)
@ -1646,12 +1646,13 @@ finish_sig_check (ksba_crl_t crl, gcry_md_hd_t md, int algo,
/* Call this to match a start_sig_check that can not be completed /* Call this to match a start_sig_check that can not be completed
normally. */ normally. Takes ownership of MD if MD is not NULL. */
static void static void
abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md) abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
{ {
(void)crl; (void)crl;
gcry_md_close (md); if (md)
gcry_md_close (md);
} }
@ -1842,13 +1843,13 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
} }
err = finish_sig_check (crl, md, algo, crlissuer_cert); err = finish_sig_check (crl, md, algo, crlissuer_cert);
md = NULL; /* Closed. */
if (err) if (err)
{ {
log_error (_("CRL signature verification failed: %s\n"), log_error (_("CRL signature verification failed: %s\n"),
gpg_strerror (err)); gpg_strerror (err));
goto failure; goto failure;
} }
md = NULL;
err = validate_cert_chain (ctrl, crlissuer_cert, NULL, err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
(VALIDATE_FLAG_TRUST_CONFIG (VALIDATE_FLAG_TRUST_CONFIG
@ -1877,8 +1878,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
failure: failure:
if (md) abort_sig_check (crl, md);
abort_sig_check (crl, md);
ksba_cert_release (crlissuer_cert); ksba_cert_release (crlissuer_cert);
return err; return err;
} }

12
doc/Makefile.am
View File

@ -112,8 +112,16 @@ DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
gnupg-module-overview.eps \ gnupg-module-overview.eps \
$(myman_pages) gnupg.7 $(myman_pages) gnupg.7
if HAVE_YAT2M
YAT2M_CMD = $(YAT2M)
YAT2M_DEP = $(YAT2M)
else
YAT2M_CMD = ./yat2m
YAT2M_DEP = yat2m
yat2m: yat2m.c yat2m: yat2m.c
$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
endif
mkdefsinc: mkdefsinc.c Makefile ../config.h mkdefsinc: mkdefsinc.c Makefile ../config.h
$(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \ $(CC_FOR_BUILD) -I. -I.. -I$(srcdir) $(AM_CPPFLAGS) \
@ -146,12 +154,12 @@ yat2m-stamp: $(myman_sources) defs.inc
@touch yat2m-stamp.tmp @touch yat2m-stamp.tmp
incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \
for file in $(myman_sources) ; do \ for file in $(myman_sources) ; do \
$(YAT2M) $(YAT2M_OPTIONS) --store \ $(YAT2M_CMD) $(YAT2M_OPTIONS) --store \
--date "`cat $$incd 2>/dev/null`" \ --date "`cat $$incd 2>/dev/null`" \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
@mv -f yat2m-stamp.tmp $@ @mv -f yat2m-stamp.tmp $@
yat2m-stamp: $(YAT2M) yat2m-stamp: $(YAT2M_DEP)
$(myman_pages) gnupg.7 : yat2m-stamp defs.inc $(myman_pages) gnupg.7 : yat2m-stamp defs.inc
@if test -f $@; then :; else \ @if test -f $@; then :; else \