1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

3954 Commits

Author SHA1 Message Date
Werner Koch
92a7949ae6 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)
2014-11-24 19:27:20 +01:00
NIIBE Yutaka
a1c861ed38 po: Update Japanese translation.
--
2014-11-18 11:19:51 +09:00
Werner Koch
a5ca45e616 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)
2014-11-14 09:36:19 +01:00
Werner Koch
da95d0d378 gpg: Add import option "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import

(cherry-picked from commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39)
2014-11-12 10:23:53 +01:00
Werner Koch
eb756e2510 gpg: Show v3 key fingerprints as all zero.
* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.
--

MD5 is considered broken for a long time now.  To make it easier for
users to notice that a listing shows a v3 key, the fingerprint is now
displayed as 16 zero bytes unless --allow-weak-digest-algos is active.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-11 19:44:13 +02:00
Werner Koch
9112fed78b gpg: Avoid using cached MD5 signature status.
* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
signature status.
* g10/keyring.c (keyring_get_keyblock): Ditto.
(write_keyblock): Ditto.

* g10/sig-check.c (do_check): Move reject warning to ...
* g10/misc.c (print_md5_rejected_note): new.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-11 19:41:51 +02:00
Daniel Kahn Gillmor
f952fe8c6d gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against STABLE-BRANCH-2-0

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732
2014-10-03 20:24:03 +02:00
Werner Koch
39c5d991a8 build: Update m4 scripts
* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable.  Add extra error
message for library configuration mismatches.
2014-10-02 16:23:42 +02:00
Daniel Kahn Gillmor
dcb5fa8747 gpg: --compress-sigs and --compress-keys are not no-ops in 2.0
* g10/gpg.c: Cleanup argument parsing.

--

c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab mistakenly marked
compress-sigs and compress-keys as no-ops on the 2.0.x branch.

These options still have an effect on the 2.0.x branch, and the
duplicate declaration also causes the gpg argument parser to fail when
shortened versions of the option are present, like:

  gpg: option "--compress-k" is ambiguous
2014-10-02 16:09:01 +02:00
Daniel Kahn Gillmor
3e14da863a gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
* g10/gpg.c: Cleanup argument parsing.

--

With c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab, the GnuPG 2.0.x branch
accidentally introduced a second (identical) argument parser for both
--sk-comments, and for --no-sk-comments.

This caused short versions (e.g. omitting the trailing "s", as gpgme
does) of either command to fail with:

   gpg: option "--sk-comment" is ambiguous
2014-10-02 16:08:06 +02:00
Werner Koch
36179da032 gpg: Default to SHA-256 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
strict RFC or PGP modes.
* g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
RSA key signatures.
--

(Backported from commit d33246700578cddd1cb8ed8164cfbba50aba4ef3)
2014-09-27 15:36:02 +02:00
Werner Koch
ba2b8c20ee doc: Update the file OpenPGP
--

It should actually be completey reworked but for now I added just a
few notes.
2014-09-27 15:31:25 +02:00
Werner Koch
b9b6ac9d26 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:44:44 +02:00
Daniel Kahn Gillmor
c76117f8b0 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

Program names factored out from obsolete_scdaemon_option to make
reuse without new translations easier. -wk

This is a backport of commit 371c2b14b0347209efd23b4e54e1981a12d7aeab
with parts of 20c6da50d4f6264d26d113d7de606971f719a0ca but without those
which would change existing translated strings. -wk
2014-09-25 22:28:36 +02:00
Kristian Fiskerstrand
07006c9916 gpg: Need to init the trustdb for import.
* g10/trustdb.c (clear_ownertrusts): Init trustdb.

--

This was fixed in 1.4 branch in commit
23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
2.0 branch that exhibits the same problem. This is actually a hack
to fix a bug introduced with commit 2528178.

GnuPG-bug-id: 1622
2014-09-03 09:46:30 +02:00
Werner Koch
d91db67e51 build: Print an error message if zlib is not installed.
* configure.ac (missing_zlib): New.
2014-08-26 16:13:21 +02:00
Werner Koch
c45b9819e8 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:44 +02:00
Werner Koch
ee30bb945f Post release updates.
--
2014-08-12 20:41:28 +02:00
Werner Koch
5b2dcdd513 Release 2.0.26 gnupg-2.0.26 2014-08-12 20:28:25 +02:00
Werner Koch
9f3619cb5d po: Auto-update due to removed string.
--
2014-08-12 16:09:21 +02:00
Werner Koch
b972ec3966 sm: Create homedir and lock empty keybox creation.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c: Include fcntl.h.
(try_make_homedir): New.  Similar to the one from g10/openfile.c
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
2014-08-12 16:08:09 +02:00
Werner Koch
90397c9343 Remove trailing white space from two files.
--
2014-08-12 16:03:02 +02:00
Werner Koch
5860cc7938 jnlib: Fix typo in header inclusion protection macro.
--
GnuPG-bug-id: 1669
2014-08-11 17:25:36 +02:00
NIIBE Yutaka
f7eb5be511 po: Update Japanese translation. 2014-08-08 10:08:01 +09:00
Werner Koch
088f82c0b5 gpg: Fix regression due to the keyserver import filter.
* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
to take subpakets in account.
* g10/import.c (import_one, import_secret_one): Pass keyblock to
filter.
--

GnuPG-bug-id: 1680
2014-08-06 17:11:21 +02:00
Werner Koch
25d5480e98 gpg: Add kbnode_t for easier backporting.
* g10/gpg.h (kbnode_t): New.
2014-08-06 17:09:15 +02:00
Simon Josefsson
4500d3cb6d Add OpenPGP card manufacturer Yubico (6). 2014-07-21 16:05:54 +02:00
Andreas Schwier
5798673156 scd: Allow for certificates > 1024 with PC/SC.
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.
2014-07-21 14:49:43 +02:00
Werner Koch
9a1e195348 gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.

Resolved conflicts:
	g10/parse-packet.c - indentation.  Use plain fprintf.
2014-07-21 14:46:41 +02:00
Werner Koch
40215d8ecd Post release updates.
--
2014-06-30 18:02:24 +02:00
Werner Koch
621aa6bb48 Release 2.0.25 gnupg-2.0.25 2014-06-30 17:41:18 +02:00
Werner Koch
998f085297 estream: Fix minor glitch in "%.*s" format.
* common/estream-printf.c (pr_string): Take care of non-nul terminated
strings.
--
Resolved conflicts:
	common/estream-printf.c - white spaces
2014-06-30 17:31:46 +02:00
Werner Koch
505f0a642f scd: Support reader Gemalto IDBridge CT30
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--

GnuPG-bug-id: 1638

Resolved conflicts:
	scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
2014-06-27 09:56:33 +02:00
Werner Koch
48d92bcc88 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-27 09:50:54 +02:00
Werner Koch
045c979a76 agent: Let gpg-protect-tool pass envvars to pinentry.
* agent/protect-tool.c (opt_session_env): New.
(main): Pass session environment object to
gnupg_prepare_get_passphrase.
--
GnuPG-bug-id: 1402

The full story can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=548528

Sorry for the delay.
2014-06-25 17:19:08 +02:00
Werner Koch
044847a0e2 gpg: Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--

This is a fix for commit 5e933008.

The old code did only work for a single key.  It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
2014-06-25 14:33:34 +02:00
Werner Koch
616126530f Add CVE number
--
2014-06-24 20:12:26 +02:00
Werner Koch
6aa0464db9 Post release updates
--
2014-06-24 15:43:46 +02:00
Werner Koch
41dcd32218 Release 2.0.24 gnupg-2.0.24 2014-06-24 15:22:31 +02:00
Werner Koch
3b90ddde25 po: Auto-update
--
2014-06-24 15:10:54 +02:00
Kristian Fiskerstrand
1242a72923 gpg: Fix a couple of spelling errors 2014-06-24 14:37:26 +02:00
Werner Koch
017c6f8fba doc: Update from master.
--
2014-06-24 13:54:30 +02:00
Werner Koch
8e39fe810d gpg: Do not link gpgv against libassuan.
* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
--

This is not required.

GnuPG-bug-id: 1533
2014-06-24 13:52:02 +02:00
Werner Koch
fb274a3cf3 po: Update de.po 2014-06-24 11:14:20 +02:00
Werner Koch
a37f63d7b8 common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6
* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
defined.
2014-06-24 11:06:32 +02:00
Werner Koch
aacb43a730 Remove thread callbacks for libgcrypt >= 1.6.
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--

This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
2014-06-24 10:56:19 +02:00
Werner Koch
2daa112a74 Improve configure option --with-libgpg-error-prefix
--
GnuPG-bug-id: 1561

Note that this is not a complete solution.  The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed.  The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
2014-06-24 10:36:15 +02:00
Werner Koch
76b0b076d0 gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--

GnuPG-bug-id: 1650

Note that this patch is a bit more limited than the one in 2.1.
2014-06-24 10:08:39 +02:00
Werner Koch
9607bc0b9f gpg: Make show-uid-validity the default. 2014-06-24 09:53:46 +02:00
Stefan Tomanek
5e933008be gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

Re-indention and minor changes by wk.

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
	g10/main.h
2014-06-24 09:53:04 +02:00