* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version
--
The version of GnuPG in use is not particularly helpful. It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.
Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.
It's probably better to take the more parsimonious approach to
metadata production by default.
(backport of master commit c9387e41db)
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/sig-check.c (signature_check2): Not only subkey, but also primary
key should have flags.valid=1.
--
(backport of master
commit 6f284e6ed6)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status. Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.
--
(backport of master
commit e32c575e0f)
It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings. In such a use case, it is possible that
the key validation itself is skipped.
For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.
--
We can't use the driver for 08E6:3438, while it works well under PC/SC
service. I found that the library of ccid always uses the node
address = ZERO for all transactions. So, we extend the same handling
for not only GEMPC_CT30, but also for all its devices.
Debian-bug-id: 814584
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(backport form master
commit 971064f8b7)
* g10/tdbio.c (create_version_record): Call create_hashtable to always
make hashtable, together with the version record.
(get_trusthashrec): Remove call to create_hashtable.
--
GnuPG-bug-id: 1675
Thanks to Scott Moser to reproducible script and patience.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(backport from master
commit 35a3ce2acf)
* agent/gpg-agent.c (create_server_socket): Also inhibit the removal
of the ssh socket if another agent process is already running.
GnuPG modern is not affected.
GnuPG-bug-id: 2258
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
the directory and create it if none before calling take_write_lock.
--
Thanks to Marc Deslauriers for the bug report and his patch.
GnuPG-bug-id: 2246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(backport from master
commit 2f3e42047d17313eeb38d354048f343158402a8d)
* common/exechelp.c: Limit returned value for too hight values.
--
GnuPG-bug-id: 1778
(backport from master commit 987532b038)
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
--
Signed-off-by: Daniel Hoffend <dh@dotlan.net>
GnuPG-bug-id: 2167
In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in. After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader. This comment is by gniibe.
(backport of commit d1a97585c5)
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.
--
We don't need LAST_APP field but just keep the application context by
APP field. Since we have a reference counter, it is possible if we
can deallocate or not.
(backport of commit 9639af5f16)
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.
--
Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another. Remove a token.
Insert a token again. Type RET on both terminals. One of terminal
answers "Conflicting usage".
Perhaps, having NO_REUSE field was to avoid race conditions. Now,
APP can be safely deallocated by application_notify_card_reset.
Thanks to the2nd.
(backport of commit f42c50dbf0)
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2. Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2. Wipe PI2.
--
For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2. This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account. One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.
Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.
GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
Resolved conflicts:
agent/command-ssh.c
agent/genkey.c
(backport master commit ddf9dd135a)
* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".
--
This now prints "sub" if the first used card key is actually a subkey.
Signed-off-by: Werner Koch <wk@gnupg.org>
GnuPG-bug-id: 2079
(backported from master 874ef16e70)
* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--
That was an obvious c+p bug which should have been caught by a test
case.
GnuPG-bug-id: 2075
Debian-bug-id: 795636
(backported from master 2167951b27)
* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.
--
It is reported that key generation causes timeout with OpenPGPcard
v2.1. Ideally, timeout value could be determined at run-time by
examining card's ATR. Compile-time fixed value is OK for internal
CCID driver.
(cherry-picked from 2.1 6510df3a7c)
* tools/gpgconf-comp.c (scdaemon_runtime_change): Add "scd bye".
--
In GnuPG 2.0.x, it doesn't require newer libassuan which has
ASSUAN_FORCE_CLOSE feature. We need to send "scd bye" to let
the control finish from command loop.
* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
--
This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm. We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code. This change helps GPGME to return better error
codes.
(backported from master 9cdff09743)
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
mode.
--
I guess that is a left-over from an early attempt to output
information on the trustdb for use by other tools. Maybe related to
the former --list-trust-path command. Sending it to stdout is
probably useful so we do this now only in debug mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported to STABLE-BRANCH-2-0 from
b03a264729 by dkg
* g10/gpg.c (opts): Make --no-sig-create-check a NOP.
* g10/options.h (struct opt): Remove field "no_sig_create_check".
* g10/sign.c (do_sign): Do not run the create check for Libgcrypt 1.7.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/certreqgen.c (create_request): Revert to use SHA-1 but change to
set it only at one place.
--
Regression-due-to: bdf439035d
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (free_akl): If AKL is NULL, just return.
--
Backported from f2ee673c99. Note:
unlike in 2.1, in 2.0 this bug is not (currently) triggered since
parse_auto_key_locate doesn't recognize "clear".
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Reported-by: Sami Farin.
GnuPG-bug-id: 2045
* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.
--
(backport from 2.1 commit 5e1d2fe655)
GnuPG-bug-id: 2003, 2004
This is needed for PC/SC on Debian Jessie. Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.
* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.
--
(backport from 2.1 commit 444e9232aa)
GnuPG-bug-id: 2003, 2004
