1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

2688 Commits

Author SHA1 Message Date
Werner Koch
6f634b0e08 Post release updates.
--
2013-07-25 11:00:04 +02:00
Werner Koch
fb5c9deaa5 Release 1.4.14. gnupg-1.4.14 2013-07-25 10:44:26 +02:00
Werner Koch
a0ee4fc730 Autoupdate a translation.
--
2013-07-25 10:44:22 +02:00
Jedi Lin
beb6a51df7 Update Chinese translation. 2013-07-25 10:37:41 +02:00
Werner Koch
439999da11 Update to modern beta release numbering scheme.
* configure.ac: s/my_/mym4_/.  Add new release building code.
2013-07-25 10:37:41 +02:00
Werner Koch
801803ab6e Prepare for a forthcoming new algorithm id.
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--

ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH.  The only support in 1.4 will pretty printing the
algorithm id.
2013-07-25 10:37:41 +02:00
Werner Koch
35646689f4 Mitigate a flush+reload cache attack on RSA secret exponents.
* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
hold in secure memory.
--

The attack is described in a paper to be pusblished at eprint.iacr.org:

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.

  Flush+Reload is a cache side-channel attack that monitors access to
  data in shared pages. In this paper we demonstrate how to use the
  attack to extract private encryption keys from GnuPG.  The high
  resolution and low noise of the Flush+Reload attack enables a spy
  program to recover over 98% of the bits of the private key in a
  single decryption or signing round. Unlike previous attacks, the
  attack targets the last level L3 cache. Consequently, the spy
  program and the victim do not need to share the execution core of
  the CPU. The attack is not limited to a traditional OS and can be
  used in a virtualised environment, where it can attack programs
  executing in a different VM.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-25 10:37:40 +02:00
Werner Koch
fd86f30311 Fix git revision parsing.
* configure.ac: Use git rev-parse to retrieve the revision.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-25 10:37:40 +02:00
NIIBE Yutaka
f61d8fa5a7 gpg: fix previous change
* g10/gpgv.c: Fix void dotlock_remove_lockfiles.
2013-07-16 09:21:54 +09:00
NIIBE Yutaka
212a325d42 gpg: signal handling fix
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
  (dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
  memory or not.
* util/dotlock.c (dotlock_create): Use
  dotlock_remove_lockfiles_reclaim for atexit.
  (dotlock_destroy_unix, dotlock_destroy)
  (dotlock_remove_lockfiles): Add a reclaim flag.
  (dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
  avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.

--

signal handler got_fatal_signal should not call non-async-signal-safe
functions.  When malloc is interrupted by a signal, it screws up.

This issue is reported:
https://bugs.g10code.com/gnupg/issue1515
http://bugs.debian.org/399904
2013-07-12 17:26:55 +09:00
David Shaw
6f0ec6ab48 Differentiate between success (full or partial), not-found, and failure.
* keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
  HTTP status code so we can tell the difference between a successful
  retrieval, a partial retrieval, a not-found, or a server failed.
2013-03-02 20:39:48 -05:00
David Shaw
ca0b94d4d4 Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim.
* keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
  New. Return the HTTP status code for the last transfer.
2013-03-02 20:39:22 -05:00
David Shaw
1edc1b3751 Fix DNS check for recent OS X releases
* configure.ac: OS X now needs BIND_8_COMPAT and -lresolv
2013-01-29 20:31:01 -05:00
Werner Koch
b4d4acf491 Automake 1.13 compatibility fix.
* configure.ac: s/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/.
--
GnuPG-bug-id: 1459
2013-01-11 15:42:32 +01:00
Werner Koch
37f1a42744 Fix idea.c for big endian CPUs.
* cipher/idea.c: Replace use of WORDS_BIGENDIAN by BIG_ENDIAN_HOST.
--
GnuPG-bug-id: 1461
2013-01-11 15:10:38 +01:00
Christian Aistleitner
ff5cfadc2c Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data.
2013-01-11 13:33:44 +01:00
Werner Koch
faf2174979 Post release updates
--
2012-12-20 21:25:07 +01:00
Werner Koch
0bd168bf8e Release 1.4.13. gnupg-1.4.13 2012-12-20 20:30:15 +01:00
Werner Koch
2812ab7d6a Last fix for the SRV record patches.
* keyserver/gpgkeys_hkp.c (srv_replace): Make sure SRVCOUNT is
always initialized.
--

See commit 5c557a51.
2012-12-20 20:29:53 +01:00
Werner Koch
65d6da865c Update manuals from master
* doc/Makefile.am (update-source): Copy from Git master.
(update-source-from-gnupg-2): Remove.
* doc/gpg.texi: Fix minor typos and grammar bugs.
* doc/yat2m.c: Change diagnostics to updated coding standards.
2012-12-20 20:12:50 +01:00
Werner Koch
cb5f640420 Update config.{guess,sub} to version 2012-07-31.
* scripts/config.guess, scripts/config.sub: Update.
2012-12-20 19:53:58 +01:00
Joe Hansen
f464a3d3a8 po: Update Danish translation.
* po/da.po: Update.
2012-12-20 19:07:08 +01:00
Werner Koch
3cccf09d65 po: Update zh_TW.po.
--

Applied changes from Jedi Lin as received in May and fixed fuzzies due
to English typo corrections.
2012-12-20 18:36:27 +01:00
Werner Koch
3a4b96e665 gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--

(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
2012-12-20 09:44:09 +01:00
Werner Koch
f795a0d59e Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455
2012-12-20 09:43:41 +01:00
David Shaw
5c557a51cd Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
* configure.ac: Check for inet_ntop.

* m4/libcurl.m4: Provide a #define for the version of the curl
  library.

* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
  each target.  Once we find one that resolves to an address (whether
  IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
  SRV name as the "host".  Force the HTTP Host header to be the same.

Backported from 6b1f71055ebab36989e2089cfde319d2ba40ada7

* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
  have SRV support in the first place.

Backported from 732f3d1d4786239db5f31f82cc04ec79326cc13c
2012-12-19 13:54:27 -05:00
David Shaw
6c3a76cca0 Part of issue 1447: Pass proper Host header when SRV is used.
* common/http.c (send_request, connect_server): Set proper Host header
  (no :port, host is that of the SRV) when SRV is used in the
  curl-shim.

Backported from cbe98b2cb1e40ba253300e604996681ae191e363
2012-12-19 11:43:28 -05:00
Werner Koch
3d56d486e1 Remove trailing white space from some files
--
2012-12-19 14:05:56 +01:00
Werner Koch
550983f8fb Adjust to GNU coding standards
--

A variable definition with initialization shall have only one variable
per type.
2012-12-19 14:03:25 +01:00
Werner Koch
58004340cc Fix last commit
* util/http.c (connect_server): Bump SRVINDEX and not SRV.
2012-12-19 13:57:29 +01:00
David Shaw
f2f12f41ef Fix issue 1446: honor ports given in SRV responses.
* common/http.c (send_request, connect_server, http_open): Use a
  struct srv instead of a single srvtag so we can pass the chosen host
  and port back to the caller.
  (connect_server): Use the proper port in the HAVE_GETADDRINFO case.

* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
  chosen host and port.

* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.

Backported from ba9e974f1fd85b3dbbfb5e26d7a14f71d07c7cf2
2012-12-18 21:58:53 -05:00
Werner Koch
3a51d501b9 .gitignore: Add cruft from other branches.
--
2012-12-18 20:03:21 +01:00
Werner Koch
80cd8f18dd State that disclaimers are not anymore needed for translations.
--
2012-12-18 20:01:11 +01:00
Werner Koch
8044a5acea Add meta option ignore-invalid-option.
* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--

This option is currently of no use.  However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG.  For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option".  To avoid that the following line can be put
above that option in gpg.conf

  ignore-invalid-option foobar

This meta option may be given several times or several option names
may be given as arguments (space delimited).  Note that this option is
not available on the command line.

(backported from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
2012-12-18 18:26:56 +01:00
Werner Koch
e33e74e3a4 Fix potential heap corruption in "gpg -v --version"
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
2012-12-15 11:28:00 +01:00
Werner Koch
eb541e35b8 Update README and po files for a release
--
2012-12-14 18:24:02 +01:00
Werner Koch
e9385a6651 Workaround for a gettext problem during "make distcheck".
* configure.ac: Add comment string "GNU gnupg".
--

We already use this kludge in 2.x.
2012-12-14 18:22:34 +01:00
Werner Koch
4032aa8be8 gettext: Upgrade to version 0.18
* configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.18.
* po/Makefile.in.in: Upgrade to gettext-0.18.  Keep option --previous
of msgmerge.
* intl/: Upgrade to gettext-0.18.
* m4/gettext.m4: Upgrade to gettext-0.18.1.
* m4/iconv.m4: Upgrade to gettext-0.18.1.
* m4/lib-ld.m4: Upgrade to gettext-0.18.1.
* m4/lib-link.m4: Upgrade to gettext-0.18.1.
* m4/lib-prefix.m4: Upgrade to gettext-0.18.1.
* m4/nls.m4: Upgrade to gettext-0.18.1.
* m4/po.m4: Upgrade to gettext-0.18.1.
* m4/progtest.m4: Upgrade to gettext-0.18.1.
* m4/codeset.m4: Upgrade to gettext-0.18.1.
* m4/fcntl-o.m4: New file, from gettext-0.18.1.
* m4/glibc2.m4: Upgrade to gettext-0.18.1.
* m4/glibc21.m4: Upgrade to gettext-0.18.1.
* m4/intdiv0.m4: Upgrade to gettext-0.18.1.
* m4/intl.m4: Upgrade to gettext-0.18.1.
* m4/intldir.m4: Upgrade to gettext-0.18.1.
* m4/intlmacosx.m4: Upgrade to gettext-0.18.1.
* m4/intmax.m4: Upgrade to gettext-0.18.1.
* m4/inttypes_h.m4: Upgrade to gettext-0.18.1.
* m4/inttypes-pri.m4: Upgrade to gettext-0.18.1.
* m4/lcmessage.m4: Upgrade to gettext-0.18.1.
* m4/lock.m4: Upgrade to gettext-0.18.1.
* m4/longlong.m4: Upgrade to gettext-0.18.1.
* m4/printf-posix.m4: Upgrade to gettext-0.18.1.
* m4/size_max.m4: Upgrade to gettext-0.18.1.
* m4/stdint_h.m4: Upgrade to gettext-0.18.1.
* m4/threadlib.m4: New file, from gettext-0.18.1.
* m4/uintmax_t.m4: Upgrade to gettext-0.18.1.
* m4/visibility.m4: Upgrade to gettext-0.18.1.
* m4/wchar_t.m4: Upgrade to gettext-0.18.1.
* m4/wint_t.m4: Upgrade to gettext-0.18.1.
* m4/xsize.m4: Upgrade to gettext-0.18.1.
* m4/Makefile.am (EXTRA_DIST): Add the new files.
2012-12-14 16:08:23 +01:00
Werner Koch
0fee571260 Support NetBSD m68K ELF targets
* mpi/config.links (m68k*-*-netbsdelf): New.

--

The original patch from NetBSD had this additional code:

	if ! test x$M68060 = xYES; then
	    path="m68k/mc68020 m68k"
	fi

However, this bypasses the config system.  It would be better to add
proper support for this CPU to config.sub.
2012-12-13 18:15:38 +01:00
NIIBE Yutaka
09dd073096 Card: Fix the process of writing key or generating key.
* g10/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
--

(cherry picked from commit e7dca3e83ebd6df0a7ea55e97c3cd6e91be90af5)
2012-12-13 17:25:57 +01:00
David Shaw
e71dbf244a Fix mksamplekeys awk to not leave out the whitespace altogether 2012-11-30 12:39:05 -05:00
David Shaw
3ab272086c Refresh sample keys
* mksamplekeys: Tweak awk script to not add trailing whitespace to
  blank lines (makes git pre-commit hook unhappy).

* samplekeys.asc: Refresh.
2012-11-30 12:21:45 -05:00
David Shaw
d42dcbfa92 The keyserver search menu should honor --keyid-format
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).
2012-11-29 12:00:46 -05:00
Werner Koch
95347cf950 tests: Skip secret key import check in SELinux mode
* configure.ac (ENABLE_SELINUX_HACKS): New am_conditional.
* checks/Makefile.am (prepared.stamp): Replace by defs-config.inc.
(defs-config.inc): Create and set enable_selinux_hacks variable.
* checks/defs.inc: Include defs-config.inc.

* checks/armor.test: Do not run the last test in selinux mode.

GnuPG-bug-id: 1390
2012-11-08 17:16:40 +01:00
Werner Koch
e3e5406049 de.po: Grammar fix
* po/de.po: Grammar fix by Daniel Leidert
--

GnuPG-bug-id: 1276
2012-11-08 16:31:22 +01:00
Werner Koch
64e7c237db Create off-line card encryption key with the right size.
* g10/keygen.c (gen_card_key_with_backup): Get the size of the key
from the card.
--

Formerly the off-line encryption key was created with a fixed length
of 1024 bit.  With this change the key is created as expected.

GnuPG-bug-id: 1230
2012-11-08 15:59:47 +01:00
Werner Koch
b1eac93431 Support the not anymore patented IDEA cipher algorithm.
* cipher/idea.c: New.  Take from Libgcrypt master and adjust for
direct use in GnuPG.
* cipher/idea-stub.c: Remove.
* cipher/Makefile.am: Add idea.c and remove idea-stub.c rules.
* configure.ac: Remove idea-stub code.
* g10/gpg.c (check_permissions): Remove code path for ITEM==2.
(main): Make --load-extension a dummy option.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* g10/seckey-cert.c (do_check): Remove emitting of STATUS_RSA_OR_IDEA.
* g10/status.c (get_status_string): Remove STATUS_RSA_OR_IDEA.
* g10/status.h (STATUS_RSA_OR_IDEA): Remove.

--

To keep the number of actually used algorithms low, we support IDEA
only in a basically read-only way (unless --pgp2 is used during key
generation).  It does not make sense to suggest the use of this old 64
bit blocksize algorithm.  However, there is old data available where
it might be helpful to have IDEA available.
2012-11-08 13:25:02 +01:00
Werner Koch
c3a5448379 Fix usage of dlerror to conform to POSIX.
* cipher/idea-stub.c: Clear last error before dlsym.
--

This is required for NetBSD.

Reported-by: Thomas Klausner
2012-11-07 21:38:27 +01:00
Werner Koch
b1abc01d4a Improve handling of random_seed read errors.
* cipher/random.c (read_seed_file): Distinguish between errors and
short reads.
--

This should help to avoid program aborts due to races.  Nevertheless a
better and cross-platform locking would be a more solid solution.

GnuPG-bug-id: 1439
2012-11-07 18:06:27 +01:00
Werner Koch
a74f05c32d Remove trailing white space from one file
--
2012-11-07 18:00:45 +01:00