security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00
Code Activity
gnupg/g10
History
Werner Koch 13f135c7a2
gpg: Sanitize diagnostic with the original file name. 
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
2018-06-08 10:45:21 +02:00
..
all-tests.scm
tests: Make it possible to run all tests using our infrastructure.
2017-05-11 18:12:37 +02:00
armor.c
g10, sm, dirmngr, common: Add comment for fall through.
2017-05-10 11:13:12 +09:00
build-packet.c
gpg: Implement AEAD for SKESK packets.
2018-01-23 12:07:57 +01:00
call-agent.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-03-27 08:48:00 +02:00
call-agent.h
g10: Change ask_curve so that it can be used outside.
2018-03-28 18:44:45 +09:00
call-dirmngr.c
gpg: Add option '--disable-dirmngr'.
2017-08-08 11:43:22 +02:00
call-dirmngr.h
gpg: Store key origin info for new DANE and WKD retrieved keys.
2017-07-24 20:09:52 +02:00
card-util.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-05-13 13:29:40 +02:00
ChangeLog-2011
Spelling: correct spelling of "passphrase".
2016-11-02 12:53:58 +01:00
cipher-aead.c
gpg: Avoid writing a zero length last chunk in AEAD mode.
2018-02-28 09:39:57 +01:00
cipher-cfb.c
gpg: Remove MDC options
2018-05-29 12:42:52 +02:00
compress-bz2.c
g10,tools: Fix bzlib.h include order.
2017-04-11 13:52:19 +09:00
compress.c
gpg: Fix minor memory leak in the compress filter.
2018-05-02 20:15:10 +02:00
cpr.c
gpg: Emit FAILURE stati now in almost all cases.
2018-04-06 17:32:25 +02:00
dearmor.c
Revert "g10: Always save standard revocation certificate in file."
2017-08-01 19:08:16 +02:00
decrypt-data.c
gpg: Avoid writing a zero length last chunk in AEAD mode.
2018-02-28 09:39:57 +01:00
decrypt.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
dek.h
gpg: First take on PKT_ENCRYPTED_AEAD.
2018-01-21 16:30:53 +01:00
delkey.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
distsigkey.gpg
build: Update distsigkey.gpg
2017-11-22 20:54:47 +01:00
ecdh.c
Use the gpgrt log functions if possible.
2017-11-27 15:00:25 +01:00
encrypt.c
gpg: Remove PGP6 compliance mode.
2018-05-29 13:01:12 +02:00
exec.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
exec.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
export.c
gpg: Return an error from hexfingerprint on malloc error.
2017-12-13 10:52:34 +01:00
filter.h
Merge branch 'STABLE-BRANCH-2-2' into master
2018-05-13 13:29:40 +02:00
free-packet.c
gpg: Fix possible double free of the card serialno.
2017-07-21 17:49:10 +02:00
getkey.c
gpg: Remove PGP6 compliance mode.
2018-05-29 13:01:12 +02:00
gpg-w32info.rc
w32: Add manifest to gpg.
2015-02-04 09:15:34 +01:00
gpg.c
gpg: New command --show-keys.
2018-06-06 11:57:34 +02:00
gpg.h
Merge branch 'STABLE-BRANCH-2-2' into master
2018-03-27 08:48:00 +02:00
gpg.w32-manifest.in
w32: Add manifest to gpg.
2015-02-04 09:15:34 +01:00
gpgcompose.c
gpg: Implement AEAD for SKESK packets.
2018-01-23 12:07:57 +01:00
gpgsql.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
gpgsql.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
gpgv.c
gpgv: Initialize compliance checker.
2017-09-13 09:18:15 +02:00
helptext.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
import.c
gpg: Improve verbose output during import.
2018-06-07 10:30:07 +02:00
kbnode.c
gpg: Add option and preference framework for AEAD.
2018-01-10 11:51:03 +01:00
key-check.c
gpg: Improve import's repair-key duplicate signature detection.
2018-06-07 18:41:17 +02:00
key-check.h
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
keydb.c
gpg: Don't let gpg return failure on an invalid packet in a keyblock.
2018-02-22 14:23:01 +01:00
keydb.h
gpg: Remove MDC options
2018-05-29 12:42:52 +02:00
keyedit.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-05-13 13:29:40 +02:00
keyedit.h
gpg: Avoid output to the tty during import.
2017-07-27 11:38:57 +02:00
keygen.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-04-10 10:14:30 +02:00
keyid.c
Merge branch 'STABLE-BRANCH-2-2' into master
2017-12-18 16:42:59 +01:00
keylist.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-05-13 13:29:40 +02:00
keyring.c
gpg: Don't let gpg return failure on an invalid packet in a keyblock.
2018-02-22 14:23:01 +01:00
keyring.h
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
keyserver-internal.h
gpg: Pass key origin values to import functions.
2017-07-13 18:29:01 +02:00
keyserver.c
gpg: Extend --key-origin to take an optional URL arg.
2017-07-24 21:10:58 +02:00
main.h
Merge branch 'STABLE-BRANCH-2-2' into master
2018-04-10 10:14:30 +02:00
mainproc.c
gpg: Sanitize diagnostic with the original file name.
2018-06-08 10:45:21 +02:00
Makefile.am
gpg: Rename cipher.c to cipher-cfb.c
2018-02-27 13:57:57 +01:00
mdfilter.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
migrate.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
misc.c
gpg: Remove PGP6 compliance mode.
2018-05-29 13:01:12 +02:00
openfile.c
gpg: Rename a misnomed arg in open_outfile.
2018-01-28 18:59:18 +01:00
options.h
gpg: Ignore the multiple message override options.
2018-05-30 22:05:57 +02:00
packet.h
gpg: Fix import's repair-key duplicate signature detection.
2018-06-07 17:22:58 +02:00
parse-packet.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-03-27 08:48:00 +02:00
passphrase.c
gpg: Extend the "sig" record in --list-mode.
2018-04-12 17:53:17 +02:00
photoid.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
photoid.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
pkclist.c
gpg: Remove PGP6 compliance mode.
2018-05-29 13:01:12 +02:00
pkglue.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
pkglue.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
plaintext.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
progress.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
pubkey-enc.c
Use the gpgrt log functions if possible.
2017-11-27 15:00:25 +01:00
pubring.asc
Update copyright notices for 2017.
2017-01-23 19:16:55 +01:00
revoke.c
gpg: Remove PGP6 compliance mode.
2018-05-29 13:01:12 +02:00
rmd160.c
Clean up word replication.
2017-02-21 13:11:46 -05:00
rmd160.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
seckey-cert.c
More change for common.
2017-03-07 20:32:09 +09:00
server.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
seskey.c
Spelling fixes in docs and comments.
2017-04-28 10:06:33 +09:00
sig-check.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-04-10 10:14:30 +02:00
sign.c
gpg: Implement AEAD for SKESK packets.
2018-01-23 12:07:57 +01:00
skclist.c
g10: Fix default-key selection for signing, possibly by card.
2017-05-22 09:27:36 +09:00
t-keydb-get-keyblock.c
gpg: Fix actual leak and possible leaks in the packet parser.
2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg
gpg: Correctly handle keyblocks followed by legacy keys.
2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx
g10: Add test for keydb as well as new testing infrastructure.
2015-09-02 15:08:57 +02:00
t-keydb.c
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
t-rmd160.c
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00
t-stutter-data.asc
gpg: Add a new test.
2016-03-08 14:08:49 +01:00
t-stutter.c
g10: Stop compiler warning for t-stutter.
2017-05-10 11:13:03 +09:00
tdbdump.c
Merge branch 'STABLE-BRANCH-2-2' into master
2018-03-27 08:48:00 +02:00
tdbio.c
gpg: Auto-fix a broken trustdb with just the version record.
2018-03-26 18:20:16 +02:00
tdbio.h
gpg: Pass CTRL arg to get_trusthashrec.
2018-03-26 18:06:43 +02:00
test-stubs.c
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
test.c
tests: Locate resources and scripts relative to top source dir.
2017-04-24 14:14:05 +02:00
textfilter.c
Remove -I option to common.
2017-03-07 20:25:54 +09:00
tofu.c
Merge branch 'STABLE-BRANCH-2-2' into master
2017-12-18 16:42:59 +01:00
tofu.h
g10: Remove dead code.
2016-12-06 12:16:56 +01:00
trust.c
gpg: Workaround for junk after --trusted-key.
2017-09-28 14:10:12 +02:00
trustdb.c
gpg: Pass CTRL arg to get_trusthashrec.
2018-03-26 18:06:43 +02:00
trustdb.h
gpg: Pass CTRL to many more functions.
2017-03-31 20:07:20 +02:00
verify.c
Spelling fixes in docs and comments.
2017-04-28 10:06:33 +09:00
zlib-riscos.h
Change all http://www.gnu.org in license notices to https://
2016-11-05 12:02:19 +01:00