* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c: Include fcntl.h.
(try_make_homedir): New. Similar to the one from g10/openfile.c
(maybe_create_keybox): New. Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--
Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload. This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte. The fix is
obvious.
In addition we cap the size of attribute packets similar to what we do
with user id packets. OpenPGP keys are not the proper way to store
movies.
Resolved conflicts:
g10/parse-packet.c - indentation. Use plain fprintf.
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--
GnuPG-bug-id: 1638
Resolved conflicts:
scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
* agent/protect-tool.c (opt_session_env): New.
(main): Pass session environment object to
gnupg_prepare_get_passphrase.
--
GnuPG-bug-id: 1402
The full story can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=548528
Sorry for the delay.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--
This is a fix for commit 5e933008.
The old code did only work for a single key. It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--
This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
--
GnuPG-bug-id: 1561
Note that this is not a complete solution. The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed. The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--
GnuPG-bug-id: 1650
Note that this patch is a bit more limited than the one in 2.1.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>
Re-indention and minor changes by wk.
Resolved conflicts:
g10/import.c
g10/keyserver.c
g10/main.h
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)
Resolved conflicts:
g10/photoid.c - whitespaces
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--
This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a
broken MPI.
GnuPG-bug-id: 1593
* g10/mainproc.c (list_node): Rework.
--
The old code still merged the first user id into the key packet line
which resulted in all kind of complexity. --fixed-list-mode is
meanwhile the default and thus we also change this part of the code.
GnuPG-bug-id: 1640
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--
The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.
As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.
GnuPG-bug-id: 1644
Resolved conflicts:
sm/certchain.c - whitespace fixes.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
(cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af)
Resolved conflicts:
g10/getkey.c - ignore whitespace changes.