* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
This fixes sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.
(back ported from commit 2183683bd6)
Signed-off-by: Werner Koch <wk@gnupg.org>
[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/trustdb.c (clear_ownertrusts): Init trustdb.
--
This is actually a hack to fix a bug introduced with commit 2528178.
Debian uses it and thus we should do too.
GnuPG-bug-id: 1622
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark): Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(get_ownertrust): Ditto.
(get_min_ownertrust): Ditto.
(update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(clear_ownertrusts): Ditto.
(cache_disabled_value): Ditto.
(check_trustdb_stale): Ditto.
(get_validity): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--
This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used. It just does
not make sense to create a trustdb if there is no need for it.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1)
Resolved conflicts:
g10/gpg.c
g10/tdbio.h
g10/trustdb.c
(indentation fixes)
* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
pending_check_trustdb is true (set when we detect a trustdb
parameter has changed).
* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
listing for min_cert_level not matching.
* g10/tdbio.c (tdbio_update_version_record, create_version_record,
tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
tdbio_write_record): Add a byte for min_cert_level in the tdbio
version record.
calculations so that we lower the trust depth of signatures to fit
within the current chain, rather than discarding any signature that
does not fit within the trust depth.
(malloc bombs) by force-commenting any characters aside from the ones
we explicitly want. (check_regexp): Use it here before passing the
regexp to regcomp().
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
"clean", and add "minimize".
* import.c (parse_import_options): Make help text match the export
versions of the options.
* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.
* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
cleaning from one convenient place.
* options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Reduce clean options to two: clean and minimize.
* parse-packet.c (setup_user_id): Remove. (parse_user_id,
parse_attribute): Just use xmalloc_clear instead.
non-selfsigs from key during cleaning. Change all callers.
* export.c (do_export_stream): Use it here so we don't need additional
minimize code in the export path.
so keyserver mangled keys with doubled user IDs can be properly
cleaned - possibly sigs on the different user IDs cancel each other
out.
* import.c (parse_import_options), export.c (parse_export_options):
List "xxx-clean" before the longer options so we don't end up with a
partial match on the longer options.
* trustdb.c (clean_uids_from_key): Return proper number of cleaned
user IDs. Don't count user IDs as cleaned unless we actually delete
something.
when compacting a uid. There is no reason to make an attacker's job
easier - this way they only have a revocation which is useless in
bringing the uid back.
* keydb.h, kbnode.c (undelete_kbnode): Removed. No longer needed.
* import.c (chk_self_sigs): Allow a uid revocation to be enough to
allow importing a particular uid (no self sig needed). This allows
importing compacted uids.
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing. Like import-clean-sigs, this may nodify the local keyring.
* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function. It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
the subkeys on a key, and mark any that aren't usable for deletion.
Note that a signing subkey is never marked for deletion since these
keys are still useful after expiration or revocation.
* keyedit.c (menu_clean_subkeys_from_key): New function to call
clean_subkeys_from_key() on a key. Note that the strings here are not
marked for translation yet. The UI is still in flux, and there is no
point in annoying the translators twice. (keyedit_menu): Call it here
as part of the "clean" command.
user IDs on a key, and mark any that aren't valid for deletion.
* keyedit.c (menu_clean_uids_from_key): New function to call
clean_uids_from_key() on a key. (keyedit_menu): Call it from here as
part of the "clean" command.
no-pubkey and chosen revocation cases. (clean_uid): New function to
clean a user ID of unusable (as defined by mark_usable_uid_certs)
certs.
* keyedit.c (keyedit_menu, menu_clean_uids): Call it here for new
"clean" command that removes unusable sigs from a key.
is dirty and --interactive is set, do an --update-trustdb. If not
interactive, do a --check_trustdb unless --no-auto-check-trustdb is
set.
* import.c (import_keys_internal): Moved from here.
* keyserver.c (keyserver_refresh): Call it here after all refreshing
has happened so that we don't rebuild after each preferred keyserver
set of imports, but do one big rebuild at the end. This is Debian bug
#293816, noted by Kurt Roeckx.
(status_one_subpacket, print_one_subpacket): Fix some compiler warnings.
* g10.c (main): Fix --compression-algo to take a string argument like
--compress-algo.
* trustdb.c (uid_trust_string_fixed): For safety, check for a pk.
revoked.
* keyedit.c (show_key_with_all_names): Don't show validity for secret key
UIDs.
* keyedit.c (parse_sign_type): New. Figure out the flags (local,
nonrevoke, trust) for a signature. (keyedit_menu): Call it here so we can
mix and match flags, and don't need "nrltsign", "ltsign", "tnrsign", etc,
etc, etc.
translatable string similar to trust_value_to_string. This allows for
easier lining up of displays.
* keyedit.c (show_key_with_all_names), keylist.c (list_keyblock_print):
Use it here to print validity strings.
* gpgv.c: Stub.
trust since the meaning is different.
* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.
* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.
* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
showing the user ID as mainproc.c:print_pkenc_list.
* mainproc.c (print_pkenc_list): Allow translating the quotes around the
user ID.
* card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" -> `%s'
quoting for things that aren't user IDs.
* keyserver.c (keyserver_spawn): If there is no keyserver host, print the
whole URI since it is self-contained.
functions in log_debug.
* import.c (import_one): Try and collapse user IDs when importing a key
for the first time.
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
* g10.c (main): Maintain ordering of multiple Comment lines. Requested by
Peter Hyman.
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.
* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb. Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
any ultimately trusted keys. This ensures that if we lose all our
ultimately trusted keys, we don't leave behind the old validity
calculations. Noted by Peter Palfrader.
* revoke.c (gen_desig_revoke): Specify in the comment when a designated
revocation is generated.
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
get_seckey_byname2): Remove Elgamal check since we are removing type 20
keys altogether.
