gnupg

mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

History

gpg: Do not allow creation of user ids larger than our parser allows.

* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us.  Test case is

  gpg --batch --passphrase 'abc' -v  \
      --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')

GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>

2019-05-21 16:28:11 +02:00

all-tests.scm

tests: Make it possible to run all tests using our infrastructure.

2017-05-11 18:12:37 +02:00

armor.c

g10: Fix possible null dereference.

2019-05-14 11:24:35 +09:00

build-packet.c

gpg: Do not allow creation of user ids larger than our parser allows.

2019-05-21 16:28:11 +02:00

call-agent.c

card: Display if KDF is enabled or not.

2018-12-06 17:05:03 +09:00

call-agent.h

card: Display if KDF is enabled or not.

2018-12-06 17:05:03 +09:00

call-dirmngr.c

dirmngr: Emit SOURCE status also on NO_DATA.

2018-11-05 09:13:39 +01:00

call-dirmngr.h

gpg: Store key origin info for new DANE and WKD retrieved keys.

2017-07-24 20:09:52 +02:00

card-util.c

scd: Make "learn" report about KDF data object.

2018-12-06 17:11:55 +09:00

ChangeLog-2011

Spelling: correct spelling of "passphrase".

2016-11-02 12:53:58 +01:00

cipher.c

gpg: Remove MDC options

2018-05-31 12:08:22 +02:00

compress-bz2.c

g10,tools: Fix bzlib.h include order.

2017-04-11 13:52:19 +09:00

compress.c

gpg: Fix minor memory leak in the compress filter.

2018-05-02 20:15:10 +02:00

cpr.c

gpg: Simplify an interactive import status line.

2019-03-18 13:12:13 +01:00

dearmor.c

Revert "g10: Always save standard revocation certificate in file."

2017-08-01 19:08:16 +02:00

decrypt-data.c

gpg,sm: String changes for compliance diagnostics.

2017-07-28 17:46:43 +02:00

decrypt.c

gpg: Fix using --decrypt along with --use-embedded-filename.

2019-05-17 13:42:42 +02:00

dek.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

delkey.c

gpg: Do not delete any keys if --dry-run is passed.

2019-05-20 12:52:22 +02:00

distsigkey.gpg

build: Update distsigkey.gpg

2017-11-22 20:54:47 +01:00

ecdh.c

g10: Fix symmetric cipher algo constant for ECDH.

2019-03-27 12:29:45 +01:00

encrypt.c

gpg: Remove MDC options

2018-05-31 12:08:22 +02:00

exec.c

gpg: Improve the photo image viewer selection.

2019-05-17 12:46:16 +02:00

exec.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

export.c

gpg: enable OpenPGP export of cleartext keys with comments

2019-05-15 09:03:13 +02:00

filter.h

gpg: Fix minor memory leak in the compress filter.

2018-05-02 20:15:10 +02:00

free-packet.c

gpg: Fix possible double free of the card serialno.

2017-07-21 17:49:10 +02:00

getkey.c

g10: Fix double free when locating by mbox

2019-04-18 14:26:42 +02:00

gpg-w32info.rc

w32: Add manifest to gpg.

2015-02-04 09:15:34 +01:00

gpg.c

Release 2.2.13

2019-02-12 16:30:31 +01:00

gpg.h

gpg: Fix build on Windows.

2018-03-08 14:08:51 +09:00

gpg.w32-manifest.in

w32: Add manifest to gpg.

2015-02-04 09:15:34 +01:00

gpgcompose.c

gpg: During secret key import print "sec" instead of "pub".

2019-03-18 13:13:14 +01:00

gpgsql.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

gpgsql.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

gpgv.c

gpg: Print revocation reason for "rev" records.

2018-07-03 11:56:18 +02:00

helptext.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

import.c

gpg: Set a limit of 5 to the number of keys imported from the WKD.

2019-04-11 10:05:05 +02:00

kbnode.c

gpg: Avoid importing secret keys if the keyblock is not valid.

2019-03-18 13:16:35 +01:00

key-check.c

gpg: Improve import's repair-key duplicate signature detection.

2018-06-07 18:43:17 +02:00

key-check.h

gpg: Avoid output to the tty during import.

2017-07-27 11:38:57 +02:00

key-clean.c

gpg: Remove multiple subkey bindings during export-clean.

2018-07-09 12:07:24 +02:00

key-clean.h

gpg: Let export-clean remove expired subkeys.

2018-07-09 10:25:06 +02:00

keydb.c

gpg: Do not bail out on v5 keys in the local keyring.

2019-03-18 14:10:16 +01:00

keydb.h

gpg: Avoid importing secret keys if the keyblock is not valid.

2019-03-18 13:16:35 +01:00

keyedit.c

gpg: Allow import of PGP desktop exported secret keys.

2019-03-18 13:16:51 +01:00

keyedit.h

gpg: During secret key import print "sec" instead of "pub".

2019-03-18 13:13:14 +01:00

keygen.c

gpg: Do not allow creation of user ids larger than our parser allows.

2019-05-21 16:28:11 +02:00

keyid.c

gpg: Improve error message about failed keygrip computation.

2018-12-05 08:13:16 +01:00

keylist.c

gpg: Do not bail out on v5 keys in the local keyring.

2019-03-18 14:10:16 +01:00

keyring.c

gpg: Do not bail out on v5 keys in the local keyring.

2019-03-18 14:10:16 +01:00

keyring.h

gpg: Pass CTRL to many more functions.

2017-03-31 20:07:20 +02:00

keyserver-internal.h

gpg: Pass key origin values to import functions.

2017-07-13 18:29:01 +02:00

keyserver.c

gpg: Do not print a hint to use the deprecated --keyserver option.

2019-05-14 07:57:07 +02:00

main.h

gpg: Allow import of PGP desktop exported secret keys.

2019-03-18 13:16:51 +01:00

mainproc.c

g10/mainproc: disable hash contexts when --skip-verify is used

2018-12-05 08:26:09 +01:00

Makefile.am

gpg: Move key cleaning functions to a separate file.

2018-07-09 10:24:37 +02:00

mdfilter.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

migrate.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

misc.c

gpg: Allow generating Ed25519 key from an existing key.

2019-01-30 11:29:06 +01:00

openfile.c

Revert "g10: Always save standard revocation certificate in file."

2017-08-01 19:08:16 +02:00

options.h

gpg: Fix using --decrypt along with --use-embedded-filename.

2019-05-17 13:42:42 +02:00

packet.h

gpg: Do not allow creation of user ids larger than our parser allows.

2019-05-21 16:28:11 +02:00

parse-packet.c

gpg: Do not allow creation of user ids larger than our parser allows.

2019-05-21 16:28:11 +02:00

passphrase.c

gpg: Extend the "sig" record in --list-mode.

2018-04-12 17:53:17 +02:00

photoid.c

gpg: Improve the photo image viewer selection.

2019-05-17 12:46:16 +02:00

photoid.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

pkclist.c

gpg: Remove unused arg from a function.

2018-08-28 15:26:29 +02:00

pkglue.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

pkglue.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

plaintext.c

gpg: Fix using --decrypt along with --use-embedded-filename.

2019-05-17 13:42:42 +02:00

progress.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

pubkey-enc.c

gpg,sm: Error out on compliance mismatch while decrypting.

2017-08-01 08:41:47 +02:00

pubring.asc

2017-01-23 19:16:55 +01:00

revoke.c

gpg: Extend the "sig" record in --list-mode.

2018-04-12 17:53:17 +02:00

rmd160.c

Clean up word replication.

2017-02-21 13:11:46 -05:00

rmd160.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

seckey-cert.c

More change for common.

2017-03-07 20:32:09 +09:00

server.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

seskey.c

Spelling fixes in docs and comments.

2017-04-28 10:06:33 +09:00

sig-check.c

gpg: Fix extra check for sign usage of a data signature.

2018-10-22 19:27:24 +02:00

sign.c

gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.

2019-05-13 19:29:34 +02:00

skclist.c

g10: Fix default-key selection for signing, possibly by card.

2017-05-22 09:27:36 +09:00

t-keydb-get-keyblock.c

gpg: Fix actual leak and possible leaks in the packet parser.

2017-03-30 16:01:52 +02:00

t-keydb-get-keyblock.gpg

gpg: Correctly handle keyblocks followed by legacy keys.

2015-11-17 14:53:03 +01:00

t-keydb-keyring.kbx

g10: Add test for keydb as well as new testing infrastructure.

2015-09-02 15:08:57 +02:00

t-keydb.c

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

t-rmd160.c

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

t-stutter-data.asc

gpg: Add a new test.

2016-03-08 14:08:49 +01:00

t-stutter.c

g10: Stop compiler warning for t-stutter.

2017-05-10 11:13:03 +09:00

tdbdump.c

gpg: Pass CTRL arg to get_trusthashrec.

2018-03-26 18:06:43 +02:00

tdbio.c

gpg: Don't take the a TOFU trust model from the trustdb,

2018-11-05 09:17:03 +01:00

tdbio.h

gpg: Pass CTRL arg to get_trusthashrec.

2018-03-26 18:06:43 +02:00

test-stubs.c

gpg: Print revocation reason for "rev" records.

2018-07-03 11:56:18 +02:00

test.c

tests: Locate resources and scripts relative to top source dir.

2017-04-24 14:14:05 +02:00

textfilter.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

tofu.c

gpg: Return an error from hexfingerprint on malloc error.

2017-12-13 10:52:34 +01:00

tofu.h

g10: Remove dead code.

2016-12-06 12:16:56 +01:00

trust.c

gpg: Move key cleaning functions to a separate file.

2018-07-09 10:24:37 +02:00

trustdb.c

gpg: Move key cleaning functions to a separate file.

2018-07-09 10:24:37 +02:00

trustdb.h

gpg: Move key cleaning functions to a separate file.

2018-07-09 10:24:37 +02:00

verify.c

Spelling fixes in docs and comments.

2017-04-28 10:06:33 +09:00

zlib-riscos.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00