security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity
gnupg/g10
History
Werner Koch 2326851c60
gpg: Sanitize diagnostic with the original file name. 
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
(cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b)
2018-06-08 10:50:38 +02:00
..
apdu.c
Use inline functions to convert buffer data to scalars.
2015-02-23 10:47:26 +01:00
apdu.h
First set of changes to backport the new card code from 2.0.
2009-07-21 14:30:13 +00:00
app-common.h
First set of changes to backport the new card code from 2.0.
2009-07-21 14:30:13 +00:00
app-openpgp.c
Use inline functions to convert buffer data to scalars.
2015-02-23 10:47:26 +01:00
armor.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
build-packet.c
gpg: Fix exporting of zero length user ID packets.
2017-03-30 10:54:10 +02:00
card-util.c
Preparing a release candidate
2010-09-23 08:15:45 +00:00
cardglue.c
support more hash algorithms to support the v2 card
2010-07-24 09:18:42 +00:00
cardglue.h
support more hash algorithms to support the v2 card
2010-07-24 09:18:42 +00:00
ccid-driver.c
Fix spelling: "occured" should be "occurred"
2016-08-04 12:37:34 +02:00
ccid-driver.h
First set of changes to backport the new card code from 2.0.
2009-07-21 14:30:13 +00:00
ChangeLog-2011
Rename all ChangeLog files to ChangeLog-2011.
2011-12-02 19:42:56 +01:00
cipher.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
compress-bz2.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
compress.c
g10: Push compress filter only if compressed.
2018-04-13 10:17:55 +09:00
dearmor.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
decrypt.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
delkey.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
encode.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
encr-data.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
exec.c
Revert that last stupid setuid detection fix.
2008-07-17 19:47:19 +00:00
exec.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
export.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
filter.h
gpg: Print better diagnostics for keyserver operations.
2015-02-23 10:52:37 +01:00
free-packet.c
g10: fix cmp_public_key and cmp_secret_keys.
2015-04-30 17:20:08 +09:00
getkey.c
g10: Improve handling of no corresponding public key.
2015-05-19 10:14:09 +09:00
global.h
Add kbnode_t for easier backporting.
2014-08-06 18:33:21 +02:00
gpg.c
gpg: Add dummy option --with-subkey-fingerprint.
2016-08-17 14:50:35 +02:00
gpgv.c
gpgv: Tweak default options for extra security.
2016-07-09 10:41:08 +09:00
helptext.c
Fix typos spotted during translations
2012-08-24 16:37:44 +02:00
import.c
gpg: Remove an unused variable.
2015-02-23 10:53:05 +01:00
iso7816.c
minor changes for VMS
2009-12-15 11:07:43 +00:00
iso7816.h
Last minute fixes
2009-09-02 17:30:53 +00:00
kbnode.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
keydb.c
gpg: signal handling fix
2013-07-12 17:26:55 +09:00
keydb.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
keyedit.c
gpg: Print a warning if the subkey expiration may not be what you want.
2015-02-23 10:36:18 +01:00
keygen.c
g10: Fix secmem leak.
2017-05-10 14:09:54 +09:00
keyid.c
gpg: Fix segv due to NULL value stored as opaque MPI
2015-02-23 10:56:21 +01:00
keylist.c
indent: Fix indentation of an if block.
2017-07-19 10:12:00 +02:00
keyring.c
gpg: Prevent an invalid memory read using a garbled keyring.
2015-02-23 10:46:07 +01:00
keyring.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
keyserver-internal.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
keyserver.c
Switch to a hash and CERT record based PKA system.
2015-02-26 18:30:08 +01:00
main.h
gpg: Add option --weak-digest to gpg and gpgv.
2015-12-19 15:14:27 +01:00
mainproc.c
gpg: Sanitize diagnostic with the original file name.
2018-06-08 10:50:38 +02:00
Makefile.am
build: Avoid check gpg --version during make distcheck.
2017-07-19 10:55:44 +02:00
mdfilter.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
misc.c
gpg: Add option --weak-digest to gpg and gpgv.
2015-12-19 15:14:27 +01:00
openfile.c
gpg: Make the use of "--verify FILE" for detached sigs harder.
2014-11-14 19:41:24 +01:00
OPTIONS
See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch
2000-07-31 08:04:16 +00:00
options.h
g10: Fix --list-packets.
2016-06-28 16:10:14 +09:00
options.skel
* options.skel: Make the example for force-v3-sigs match reality (it
2010-09-28 16:13:24 +00:00
packet.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
parse-packet.c
g10: Fix --list-packets.
2016-06-28 16:10:14 +09:00
passphrase.c
Pass DBUS_SESSION_BUS_ADDRESS for gnome3
2015-12-17 15:14:56 +01:00
photoid.c
* photoid.c (generate_photo_id): Check for the JPEG magic numbers
2011-04-05 23:47:58 -04:00
photoid.h
* main.h, mainproc.c (check_sig_and_print), keylist.c
2008-10-03 19:54:30 +00:00
pipemode.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
pkclist.c
Fix spelling: "occured" should be "occurred"
2016-08-04 12:37:34 +02:00
plaintext.c
gpg: Make the use of "--verify FILE" for detached sigs harder.
2014-11-14 19:41:24 +01:00
progress.c
g10: Fix iobuf API of filter function for alignment.
2016-01-26 15:38:27 +09:00
pubkey-enc.c
Support the not anymore patented IDEA cipher algorithm.
2012-11-08 13:25:02 +01:00
pubring.asc
See ChangeLog: Mon Jul 31 10:04:47 CEST 2000 Werner Koch
2000-07-31 08:04:16 +00:00
revoke.c
Fix a couple of minor bugs.
2009-06-24 14:01:20 +00:00
seckey-cert.c
Protect against NULL return of mpi_get_opaque.
2015-02-23 11:04:35 +01:00
seskey.c
* sig-check.c (do_check): Code to try both the incorrect and correct
2007-11-28 23:08:35 +00:00
sig-check.c
g10: Fix checking key for signature validation.
2016-08-04 17:14:26 +09:00
sign.c
Obsolete option --no-sig-create-check.
2015-09-01 07:47:14 +02:00
signal.c
gpg: signal handling fix
2013-07-12 17:26:55 +09:00
skclist.c
Fix bug 1045.
2009-05-11 09:37:25 +00:00
status.c
Support the not anymore patented IDEA cipher algorithm.
2012-11-08 13:25:02 +01:00
status.h
Support the not anymore patented IDEA cipher algorithm.
2012-11-08 13:25:02 +01:00
tdbdump.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
tdbio.c
g10: Fix another race condition for trustdb access.
2016-06-15 09:01:00 +09:00
tdbio.h
gpg: Do not require a trustdb with --always-trust.
2013-10-11 09:35:01 +02:00
textfilter.c
gpg: Fix memory leak.
2017-07-07 21:53:12 +09:00
tlv.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
tlv.h
Switched to GPLv3.
2007-10-23 10:48:09 +00:00
trustdb.c
g10: Fix regexp sanitization.
2017-12-04 19:33:45 +09:00
trustdb.h
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
2012-01-19 22:33:51 -05:00
verify.c
Switched to GPLv3.
2007-10-23 10:48:09 +00:00