* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--
Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload. This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte. The fix is
obvious.
In addition we cap the size of attribute packets similar to what we do
with user id packets. OpenPGP keys are not the proper way to store
movies.
* common/t-timestuff.c (test_timegm): Use timegm if available.
(main): Set TX to UTC if timegm is not available.
--
On OpenBSD 5.3 i386 that test failed due to the use of mktime.
Reported-by: Claus Assmann
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
* configure.ac: Remove option --build-agent-only.
(FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
(GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
SENDMAIL check.
(GPGKEYS_KDNS): Remove ac_subst.
* autogen.rc (final_info): Remove suggestion to use the removed option
--enable-mailto.
* scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
--
This is revised version which adapts changes of ccid-driver and was
later ported from branch-2.0 to master (2.1)
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this. Support ECC.
(transfer_format_to_openpgp): Expect curve name.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
* build-aux/speedo.mk: Change name of build directory to PLAY.
Improve the dist-source target.
* build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
line (plus comment).
* build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
Install more tools.
--
gdk-pixbuf-loaders.cache needs to end with an extra LF or the
gdk-pixbuf is not able to read the last entry. The final comment is
to make our git sanity checks happy.
Running
make -f build-aux/speedo.mk \
TARGETOS=w32 TARBALLS=~/tarballs installer
does now create a working installer. After removing dirmngr from the
installation GPA kind of works. There are remaining problems with
dirmngr and scdaemon which will be fixed soon.
Running
make -f build-aux/speedo.mk \
TARGETOS=w32 TARBALLS=~/tarballs dist-source
creates an xz compressed tarball with all the sources used to build
the installer. Distributing this tarball along with the installer is
sufficient to comply with the GPL. Well, some more instructions
should be given in the readme files.
* build-aux/speedo/: New.
* build-aux/speedo/w32/: New.
--
The new installer uses some code from Gpg4win but is much smaller and
easier to maintain. To build an installer, unpack GnuPG and then run
make -f build-aux/speedo.mk TARBALLS=~/mytarballs installer
~/mytarballs is a directory with tarballs of external libraries. See
speedo.mk for a list of them.
WARNING: The installed W32 version does not correctly work right now.