| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--
This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us. Test case is
gpg --batch --passphrase 'abc' -v \
--quick-gen-key $(yes 'a'| head -4000|tr -d '\n')
GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_key_to_protected_buffer): Update
the length by the second call of gcry_sexp_sprint.
--
GnuPG-bug-id: 4502
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
Do not clear the ownertrust. Do not let the agent delete the key.
--
Co-authored-by: Matheus Afonso Martins Moreira
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt): Add flags.dummy_outfile.
* g10/decrypt.c (decrypt_message): Set this global flag instead of the
fucntion local flag.
* g10/plaintext.c (get_output_file): Ignore opt.output if that was
used as a dummy option aslong with --use-embedded-filename.
--
The problem here was that an explicit specified --decrypt, as
meanwhile suggested, did not work with that dangerous
--use-embedded-filename. In contrast it worked when gpg decrypted as
a side-effect of parsing the data.
GnuPG-bug-id: 4500
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/exec.c (w32_system): Add "!ShellExecute" special.
* g10/photoid.c (get_default_photo_command): Use the new ShellExecute
under Windows and fallbac to 'display' and 'xdg-open' in the Unix
case.
(show_photos): Flush stdout so that the output is shown before the
image pops up.
--
For Unix this basically syncs the code with what we have in gpg 1.4.
Note that xdg-open may not be used when running as root which we
support here.
For Windows we now use ShellExecute as this seems to be preferred over
"cmd /c start"; however this does not solve the actual problem we had
in the bug report. To solve that problem we resort to a wait
parameter which defaults to 400ms. This works on my Windows-10
virtualized test box. If we can figure out which simple viewers are
commonly installed on Windows we should enhance this patch to test for
them.
GnuPG-bug-id: 4334
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search.c (keybox_search): We need to seek to the last
position in all cases not just when doing a NEXT.
--
This is because search from the beginning needs a keybox_search_reset.
We can only make an exception for KEYDB_SEARCH_MODE_FIRST..
Fixes-commit: 6f72aa821407e47ad3963e72e139f2ca2c69d9dd
GnuPG-bug-id: 4505
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
instead of fclose so that a close is done if the file is opened by
another handle.
* kbx/keybox-search.c (keybox_search): Remember the last offset and
use that in NEXT search mode if we had to re-open the file.
--
GnuPG-bug-id: 4505
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
* tools/gpgconf.c (gpgconf_failure): Call log_flush.
--
GnuPG-bug-id: 4497
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
| |
--
GnuPG-bug-id: 4466
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
sublists in private-key S-expression.
--
When gpg-agent learns about a private key from its ssh-agent
interface, it stores its S-expression with the comment attached. The
export mechanism for OpenPGP keys already in cleartext was too brittle
because it would choke on these comments. This change lets it ignore
any additional trailing sublists.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
Gnupg-Bug-Id: 4490
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
gnupg_homedir already returns abd absolute name.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
(gc_component_launch): Support --homedir.
--
GnuPG-bug-id: 4496
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/findkey.c (agent_public_key_from_file): pass size_t as int to
gcry_sexp_build_array's %b.
--
This is only a problem on big-endian systems where size_t is not the
same size as an int. It was causing failures on debian's s390x,
powerpc64, and sparc64 platforms.
There may well be other failures with %b on those platforms in the
codebase, and it probably needs an audit.
Once you have a key in private-keys-v1.d/$KEYGRIP.key with a comment
or a uri of reasonable length associated with it, this fix can be
tested with:
gpg-agent --server <<<"READKEY $KEYGRIP"
On the failing platforms, the printed comment will be of length 0.
Gnupg-bug-id: 4501
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
| |
--
GnuPG-bug-id: 4507
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_search): Remove a specialized error
message.
--
Dirmngr comes with a default keyserver and the suggestion to use
gpg --keyserver
is not good because that option is deprecated. An error message
"No keyserver available" is sufficient.
GnuPG-bug-id: 4512
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/armor.c (armor_filter): Access ->d in the internal loop.
--
Cherry-picked master commit of:
802a2aa300bad3d4385d17a2deeb0966da4e737d
GnuPG-bug-id: 4494
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* m4/iconv.m4: Update from gettext 0.20.1.
--
Cherry-picked from master commit:
1cd2aca03b8807c6f8e4929ace462bb606dcd53f
This includes fixes of file descriptor leaks.
GnuPG-bug-id: 4504
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/sign.c (update_keysig_packet): Convert digest algo when needed.
--
Several gpg commands try to keep most properties of a key signature
when updating (i.e. creating a new version of a key signature). This
included the use of the current hash-algorithm. This patch changes
this so that SHA-1 or RMD160 are replaced by SHA-256 if
possible (i.e. for RSA signatures). Affected commands are for example
--quick-set-expire and --quick-set-primary-uid.
GnuPG-bug-id: 4508
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/certdump.c (format_name_writer): Take care of a flush request.
--
We won't see a flush here so that fix does not solve a real bug but we
want to be correct. Note that this function seems to predate the
es_fopenmem function and thus in master (2.3) we should replace it
entirely.
GnuPG-bug-id: 4495
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
(cherry picked from commit 9662538be6afc8beee0f2654f9a8f234c5dac016)
|
| |
|
|
|
|
| |
--
Also comment typo fix.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
(AUTHENTICODE_TOOL): New.
(AUTHENTICODE_FILES): New.
(installer): Sign listed files.
(AUTHENTICODE_SIGNHOST): New macro.
(sign-installer): Use that macro instead of direct use of osslsigncode.
--
This also adds code to support signing via a Token. Because there is
no specification of that token, I was not able to write a free driver
for it. Thus we resort to use a running Windows-10 instance with an
enabled ssh server to do the code signing.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Reported-by: dkg
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_signature): Take only the addrspec from a
Signer's UID subpacket.
--
This is to address a problem in the currentr OpenKeychain which put
the entire UID into the subpacket. For example our Tofu code can only
use the addrspec and not the entire UID.
Reported-by: Wiktor Kwapisiewicz <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_best_pubkey_byname): Set new.uid always
to NULL after use.
--
pubkey_cmp is not guranteed to set new.uid.
So if the diff < 0 case is reached best is set to new.
If then diff > 0 is reached without modifying new.uid
e.g. if the key has no matching mboxes. new.uid is
free'd even though the uid is still referenced in
best.
GnuPG-Bug-Id: T4462
(cherry picked from commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
--
Cherry-picked from master commit:
b6f0b0efa19e0434024bc16e246032b613fd448a
GnuPG-bug-Bug: 4459
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
--
We may even adjust the specs to allow that. It should not be a
problem for any OpenPGP implementation because armored keys are very
common and de-armoring code is de-facto a mandatory feature.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import): Limit the number of considered keys to 5.
(import_one): Return the first fingerprint in case of WKD.
--
The Web Key Directory should carry only one key. However, some
providers like to put old or expired keys also into the WKD. I don't
thunk that this is a good idea but I heard claims that this is needed
for them to migrate existing key data bases.
This patch puts a limit on 5 on it (we had none right now) and also
fixes the issue that gpg could not work immediately with the requested
key because the code uses the fingerprint of the key to use the
imported key. Now the first key is used. On a second try (w/o
accessing the WKD) the regular key selection mechanism would be in
effect. I think this is the most conservative approach. Let's see
whether it helps.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
(insert_or_update): Implement new update algorithm.
--
The old algorithm limited the length of a bucket chain by purging the
last 50% or the entries. Thus the first domains entered into the
cache were never purged. The new algorithm is a bit better: It also
limits the chain length on overflow to 50% but tries to keep the
entries indicating that a WKD is available in the cache. If there is
still space to keep more, those which clearly do not support WKD are
also kept.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (send_request): New case for 413.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.
--
Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit af3efd149f555d36a455cb2ea311ff81caf5124c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
--
(cherry picked from commit 4324560b2c0bb76a1769535c383424a042e505ae)
This change matters when it is called from ask_card_keyattr.
Some-comments-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (main): Add special handling for bad keys in decrypt
mode.
--
The problem can easily be tested by adding --encrypt-to EXPIRED_KEY to
a decryption command. With that patch the errors are printed but
decryption continues and the process returns success unless other
errors occur.
GnuPG-bug-id: 4431
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to
the standard algo.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (aPrintWKDURL): New.
(opts): Add option.
(main): Implement.
* tools/wks-util.c (wks_cmd_print_wkd_url): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 4424
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c: Use the identifiers of "*_instance" instead of
reserved "_[A-Z]".
--
GnuPG-bug-id: 4420
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (aPrintWKDHash): New.
(opts) : Add "--print-wkd-hash".
(main): Implement that command.
(proc_userid_from_stdin): New.
* tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
(wks_cmd_print_wkd_hash): New.
--
GnuPG-bug-id: 4418
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
convert the FDs.
--
This is required to actually pass gpgsm an fd on windows
and not a windows handle.
For the passphrase-fd this was already done.
(cherry picked from commit e4e0804ed123516fa00f8a876a862b2c6d34ba5c)
|
| |
|
|
| |
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_key): Return GPG_ERR_UNKNOWN_VERSION
instead of invalid packet.
* g10/keydb.c (parse_keyblock_image): Do not map the unknown version
error to invalid keyring.
(keydb_search): Skip unknown version errors simlar to legacy keys.
* g10/keyring.c (keyring_rebuild_cache): Skip keys with unknown
versions.
* g10/import.c (read_block): Handle unknown version.
--
When using gpg 2.3 the local keyring may contain v5 keys. This patch
allows the use of such a keyring also with a 2.2 version which does
not support v5 keys. We will probably need some more tweaking here
but this covers the most common cases of listing keys and also
importing v5 keys.
Signed-off-by: Werner Koch <[email protected]>
|
