1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

8586 Commits

Author SHA1 Message Date
Werner Koch
b0d6e26bf3
gpg: Fix extra check for sign usage of a data signature.
* g10/sig-check.c (check_signature_end_simple):
--

Obviously we should not ignore a back signature here.

Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b6275f3bda8edff34274c5b921508567f491ab9c)
2018-10-22 19:27:24 +02:00
NIIBE Yutaka
7e2b0488d1 scd: Fix signing authentication status.
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

Cherry-picked from master commit of:
	78f542e1f4495195db2e668f9cd41657fb1afc77

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-15 11:20:47 +09:00
NIIBE Yutaka
8f844ae1cd common: Fix gnupg_reopen_std.
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

Cherry-pick from master commit of:
	50b02dba2060a8969da47b18d9c0ecdccbd30db4

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-02 14:31:56 +09:00
NIIBE Yutaka
f5be5c9654 po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-18 10:03:35 +09:00
NIIBE Yutaka
0383e7fed7 common: Use iobuf_get_noeof to avoid undefined behaviors.
* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

Cherry-pick from master commit of:
	f80346f42df4bdc7d0a9741c3922129aceae4f81

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 13:59:14 +09:00
NIIBE Yutaka
213379debe agent: Fix error code check from npth_mutex_init.
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.

--

Cherry-pick from master commit of:
	adce73b86fd49d5bbb8884231a26cc7533d400e2

Actually, initialize_module_call_pinentry is only called once from
main.  So, this bug had no harm and having the static variable
INITIALIZED is not needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 09:22:38 +09:00
NIIBE Yutaka
91f8a9b33a g10: Fix memory leak.
* g10/import.c (read_block): Call free_packet to skip the packet.

--

Cherry-pick of master commit of:
	7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e

Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-07 13:05:17 +09:00
NIIBE Yutaka
f0fdee2e24 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

--

Cherry-pick of master commit of:
	625ced6e672daa892d334323cce6b3d42a6f929f

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:46:20 +09:00
Werner Koch
4b5cddeb58
Post release updates.
--
2018-08-30 15:34:38 +02:00
Werner Koch
24697074f4
Release 2.2.10 gnupg-2.2.10 2018-08-30 14:25:14 +02:00
Ineiev
2f5ba3a6c1
po: Update Russian translation. 2018-08-30 10:40:58 +02:00
Werner Koch
39c34a4a85
po: Update German translation
--
2018-08-30 09:44:49 +02:00
Werner Koch
a9931b3c05
gpg: Explain error message in key generation with --batch
* g10/keygen.c (generate_keypair): Show more info.
--

GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1bfe766bcf3959135333900934f1a15c9b96c3cf)
2018-08-29 15:14:50 +02:00
Werner Koch
2d700f2c6c
doc: Minor additions to the gpg man page
--

Includes a fix for
GnuPG-bug-id: 3906

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 420dc2b49ad816bdd27b40db45d900551c71476f)
2018-08-29 15:05:26 +02:00
Werner Koch
719fc941b6
gpg: Remove unused function get_pubkeys.
* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ed8fe21e6612401846fc4af8631f0136dc633c67)
2018-08-29 11:57:44 +02:00
Werner Koch
3169b5ae3f
doc: Show how to list envvars send to gpg-agent.
--

GnuPG-bug: 3353
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 53bbac0865719076f7ad7bb57e13f656bd6edf39)
2018-08-29 09:53:38 +02:00
Werner Koch
a59a9962f4
gpg: New option --known-notation.
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--

GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
2018-08-29 09:36:44 +02:00
Ineiev
b02ad56a90
po: Update Russian translation. 2018-08-28 17:44:40 +02:00
Werner Koch
38eb7c360b
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798)
Fixes-commit: 1189df2cd7d4b6896ba22aa204c159ff2a425ead
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 16:47:38 +02:00
Daniel Kahn Gillmor
1189df2cd7
assuan: Use exponential decay for first 1s of spinlock.
* common/asshelp.c (wait_for_sock): instead of checking the socket
every second, we check 10 times in the first second (with exponential
decay).
--

This cuts the wall clock time for the standard test suite roughly by
half.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 149041b0b917f4298239fe18b5ebd5ead71584a6)
2018-08-28 16:41:47 +02:00
Daniel Kahn Gillmor
a22a55b994
assuan: Reorganize waiting for socket.
* common/asshelp.c (wait_for_sock): New function, collecting
codepaths from...
(start_new_gpg_agent) here and...
(start_new_dirmngr) here.
--

This has no functional change, but makes it easier to make this
function more efficient.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907)
2018-08-28 16:41:35 +02:00
Werner Koch
0709f358cd
gpg: Refresh expired keys originating from the WKD.
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--

A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr).  To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check.  We defer this until we have a
better key database which allows for fast updates of meta data.

Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times.  Eventually we we need a
network emulation layer to provide sample data for the regression
tests.

GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7f172404bfcf719b9b1af4a182d4803525ebff7c)
2018-08-28 15:26:36 +02:00
Werner Koch
11a9fe1c58
gpg: Remove unused arg from a function.
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit db67ccb759426c1173761574b14bdfe6a76394c2)
2018-08-28 15:26:29 +02:00
NIIBE Yutaka
0786ac7842 po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-22 17:45:29 +09:00
NIIBE Yutaka
822c633845 g10: Fix undefined behavior when EOF in parsing packet for S2K.
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.

--

Cherry picked from master commit:
    1b309d9f6199a91caa0ca0b97b92d599e00b736e

When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
undefined.  This patch fixes undefined behavior.

Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-10 15:38:57 +09:00
Werner Koch
f1c0d9bb65
gpg: Set a limit for a WKD import of 256 KiB.
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--

WKD should return only a single key with just one UID.  For key
rollover 2 keys may be send.  A total of 256 KiB seems to be a
generous limit here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41)
2018-07-29 18:40:01 +02:00
Werner Koch
8a98aa25bb
dirmngr: Validate SRV records in WKD queries.
* dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
to mitigate rogue DNS servers.
--

I am not sure wether this really is very useful because the security
relies on a trustworthy DNS system anyway.  However, that check is
easy enough to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee)
2018-07-29 18:39:49 +02:00
Werner Koch
4f59187a17
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
2018-07-29 18:39:32 +02:00
Jiří Keresteš
d43248af92
scd: Add support for Trustica Cryptoucan.
(cherry picked from commit 967d3649d24aba623133808e8d01675dff389fbb)
2018-07-29 18:39:18 +02:00
Werner Koch
a6ce89b6ef
Post release updates
--
2018-07-12 16:31:34 +02:00
Werner Koch
2b82db61cc
Release 2.2.9 gnupg-2.2.9 2018-07-12 14:49:18 +02:00
Werner Koch
c9bafd4823
po: Fix one fuzzy in German translation.
--
2018-07-12 14:49:17 +02:00
Werner Koch
7290b1678f
po: auto update
--
2018-07-12 14:10:11 +02:00
Werner Koch
61562fe000
gpg: Remove multiple subkey bindings during export-clean.
* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
--

GnuPG-bug-id: 3804
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc)
2018-07-09 12:07:24 +02:00
Werner Koch
8055f186a3
gpg: Let export-clean remove expired subkeys.
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--

GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93)
2018-07-09 10:25:06 +02:00
Werner Koch
046276db3a
gpg: Split key cleaning function for clarity.
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new.  Call that always after the former clean_key
invocations.
--

Note that the clean_all_subkeys function will later be extended.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6c3567196f7e72552f326ce07dccbcce31926e5d)
2018-07-09 10:24:53 +02:00
Werner Koch
40bf383f72
gpg: Move key cleaning functions to a separate file.
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f)
2018-07-09 10:24:37 +02:00
Werner Koch
b4599a0449
gpg: Allow decryption using several passphrases in may cases.
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algorithm.
(proc_symkey_enc): Clear passpharse on error from above function.
--

This does not work reliable as stated in bug 3795 but we can try to
fix ~95% of all cases.  The real fix is to use AEAD which will come
with 2.3

GnuPG-bug-id: 3795, 4050
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 08:24:57 +02:00
Werner Koch
833738a316
po: Add flag options for xgettext.
* po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
--

GnuPG-bug-id: 4053, 4054
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 21:43:25 +02:00
Werner Koch
221af19351
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)
2018-07-05 21:41:02 +02:00
Andre Heinecke
063cf45c14
po: Fix bug in german translation
* po/de.po (decryption forced to fail!): Fix translation.

--
The unmatched %s actually produced a crash on Windows.

GnuPG-Bug-Id: T4053
GnuPG-Bug-Id: T4054
2018-07-04 17:54:42 +02:00
Werner Koch
cb6b925f94
gpg: Ignore too large user ids during import.
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--

See
GnuPG-bug-id: 4022
for an example of a bogus user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 01cd66f9faf1623833e6afac84164de5a136ecff)
2018-07-04 10:08:36 +02:00
Werner Koch
5b47b46132
indent: Fix indentation of read_block in g10/import.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 60e7e102a153a246d7e887a64e30dbb4c4f7b6dd)
2018-07-04 10:08:25 +02:00
Werner Koch
ef50fdf82a
gpg: Extra check for sign usage when verifying a data signature.
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--

Without this patch the signature verification fails only due to the
missing back signature.  This check better explains what went wrong.

GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 214b0077264e35c079e854a8b6374704aea45cd5)
2018-07-04 09:01:52 +02:00
Werner Koch
04fb76684d
gpg: Print revocation reason for "rev" records.
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46)
2018-07-03 11:56:18 +02:00
Werner Koch
a8e24addcc
gpg: Print revocation reason for "rvs" records.
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--

Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason.  GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.

A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment.  Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.

This is partial solution to
GnuPG-bug-id: 1173

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b7cd2c2093ae1b47645be50fa1d431a028187cad)
2018-07-03 11:56:04 +02:00
Werner Koch
5c67ee160d
gpg: Let --show-keys print revocation certificates.
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--

GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011)
2018-07-03 11:55:41 +02:00
NIIBE Yutaka
2809be1f97 g10: Fix memory leak for PKT_signature.
* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.

--

Cherry picked from master commit:
    996febbab21eb9283b0634e51303a36b318734a6

Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-03 09:21:12 +09:00
NIIBE Yutaka
cca92ca534 libdns: For SOCKS connection, just fails.
* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.

--

Cherry picked from master commit:
    1aacd12471935a354cfd85ee1805edc7eb16e6c5

In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.

Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-02 10:47:38 +09:00
NIIBE Yutaka
72a35ffee0 libdns: Let kernel to decide the local port.
* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.

--

Cherry picked from master commit:
    861f1da0731bf29dcb9221c4f22c76b40ec15a78

There is no good reason to bind local port aggressively.  It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.

At least, it causes a problem on Windows.  Binding a specified port in
user space can trigger the Firewall dialog on Windows.  Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.

GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-20 09:14:02 +09:00