Commit Graph

2355 Commits

Author SHA1 Message Date
Werner Koch
a5b040cc57
Fix test suite for GnuPG 2.1 which uses pubring.kbx.
* tests/gpgsm/final.test: New.
* tests/gpgsm/initial.test: New.
* tests/gpg/start-stop-agent: Move to ../.
* tests/gpgsm/Makefile.am (TESTS_ENVIRONMENT): Export top_srcdir.
(TESTS): Add intial.test and final.test.
(AM_LDFLAGS): Add -no-install.
(clean-local): Use start-stop-agent
(initial.test): Add dependency.
* tests/gpg/Makefile.am (top_srcdir): Export top_srcdir.
(AM_LDFLAGS): Add -no-install.
(check-local): Depend on pubring-stamp instead of pubring.gpg.
(initial.test): Depend on check-local.
(./pubring-gpg): Replace by rule for ./pubring-stamp.
--

There are also a couple of other changes which should make the tests a
bit more robust and the gpg and gpgsm tests more similar.

The -no-install avoids creating wrappers for test programs, which make
debugging easier.

The dependency on check-local guarantees that its rules are run before
the first test.  This is important because conf files are setup by
this rule.  Earlier automake versions seem to have run check-local
always before the tests but today the order of execution is not
defined.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-08 10:43:29 +02:00
Matthew Barnes
87d713ff41
Set GPGME_SIGSUM_KEY_REVOKED also for gpg.
* src/verify.c (calc_sig_summary): Handle GPG_ERR_CERT_REVOKED.

--

parse_new_sig() handles a revoked key by setting sig->status to
GPG_ERR_CERT_REVOKED, but then later calc_sig_summary() expects that
code in sig->validity_reason.

Additional comments added by wk.
2015-06-05 14:58:06 +02:00
Werner Koch
0d28a69616
Fix segv for userids with a backslash.
* src/engine-gpg.c (gpg_keylist_preprocess): Increment SRC for a
backslash.
--

This bug is not exploitable because this bug fills up .data with
backslashes and thus causes the segv.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-05 14:25:59 +02:00
Ben McGinnes
90405ac84b
Python 3 port of PyME
* Port of PyME 0.9.0 for Python 2 to Python 3 along with most of the
  example scripts.
* Intended to be developed in parallel with the original Python 2
  version until such time as a rewrite of GPGME leads to developing an
  IO API in Python 3 from scratch.
* Python 3 PyME and API maintainer has entered, stage left with current
  GPG key ID 0x321E4E2373590E5D, primary fingerprint is "DB47 24E6 FA42
  86C9 2B4E  55C4 321E 4E23 7359 0E5D" and signing subkey fingerprint is
  "B7F0 FE75 9387 430D D0C5  8BDB 7FF2 D371 35C7 553C" for future
  reference with git commit signatures.
2015-05-17 05:31:35 +10:00
Ben McGinnes
29887c9b28 Explaining why not all scripts work
* Some of them cannot be properly tested on OS X, especially with GTK in
  the mix (it works on OS X, but is unlikely to be as easily accessible
  as Cocoa or Qt).
* Most major functions are showcased and do work, albeit sometimes with
  false positives of error messages, at least on OS X.
2015-05-17 05:14:47 +10:00
Ben McGinnes
c39cea7a07 Byte encoding
* More string updates.
* verifydetails.py still fails, but as Bernhard is still contactable, it
  might be worth him checking on it instead.
2015-05-17 05:07:12 +10:00
Ben McGinnes
0e6e6689ef No change, note added to explain why. 2015-05-17 04:57:26 +10:00
Ben McGinnes
40290507bc Strings vs. Bytes
* CLI input must be byte encoded.
2015-05-17 04:43:53 +10:00
Ben McGinnes
325b0ca341 More byte changes and passphrase changes
* exportimport works, but will still segfault for an as yet unknown
  reason.
* genkey produces a traceback error, but does create the key as
  intended.
* matched passphrase in signverify.
2015-05-17 04:22:53 +10:00
Ben McGinnes
ba3c9f2617 More bytes good
* Another string to byte change.
2015-05-17 04:09:38 +10:00
Ben McGinnes
1c87ecb86a Updated encrypt-to-all
* Changed plaintext string to byte literal.
* Nested key selection in a try/except statement in case of
  UnicodeEncodeError instances.
* Tested successfully on over 9,000 keys.
2015-05-17 04:03:49 +10:00
Ben McGinnes
24c738f5bb Passphrase update
* Changed example passphrase to something that meets the current minimum
  requirements.
2015-05-17 02:38:32 +10:00
Ben McGinnes
8345bf6f43 example email
* changed joe@foo.bar to joe@example.org as it is only a matter of time
  before ICANN actually creates bar as a gTLD, if they haven't already.
2015-05-17 02:35:24 +10:00
Ben McGinnes
4fc1239815 Updated string and key data
* Text changed to byte literals.
* Changed key type to RSA/RSA.
* Changed expiry to the future (2020).
2015-05-17 02:30:13 +10:00
Ben McGinnes
90079786c5 String type
* the plain text string must be bytes and not unicode.
* Expect most of the example code to have similar issues at present.
2015-05-09 04:53:46 +10:00
Ben McGinnes
ebd8734ad7 Python 3 port of PyME
* The entirety of the Python 3 port of PyME up to commit
  2145348ec54c6027f2ea20f695de0277e2871405
* The old commit log has been saved as
  lang/py3-pyme/docs/old-commits.log
* Can be viewed as a normal (separate) git repository at
  https://github.com/adversary-org/pyme3
* Utilising the submodule feature of git was deliberately skipped on
  humanitarian grounds (in order to prevent pain and suffering on the
  part of anyone having to manage this repository).
2015-05-06 03:09:44 +10:00
Werner Koch
7dcb654281
Post release updates.
--
2015-04-13 15:50:59 +02:00
Werner Koch
d2712d9f6f
Release 1.5.4. 2015-04-13 15:43:13 +02:00
Werner Koch
524dacfbb6
w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll.
* src/Makefile.am (extra_ltoptions): New.
(libgpgme_la_LDFLAGS): Use it.
(libgpgme_pthread_la_LDFLAGS): Ditto.
(libgpgme_glib_la_LDFLAGS): Ditto.
--

Since gcc 4.8 there is a regression in Mingw64 in that plain C
programs may link to libgcc_s.a which has a dependency on
libgcc_s_sjlj.dll.  This is for example triggered by using long long
arithmetic on a 32 bit Windows (e.g symbol __udivdi3).

Note that we don't use this patch for the Qt version which, as C++
programs, actually requires that DLL,

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-04-13 15:35:06 +02:00
Werner Koch
8cfcdfe556
Fix potential crash in trace macro.
* src/signers.c (gpgme_signers_add): Avoid deref of a NULL KEY in the
trace macro.
* src/engine-spawn.c (engspawn_release): Remove always true condition.
* src/engine-gpg.c (gpg_release): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-03-16 13:40:34 +01:00
Werner Koch
119f27032b
Fix one byte too short malloc.
* src/engine-spawn.c (add_data): Fix malloc
--

Bummer.  Why did I subtracted one from the size?  Did I assume a
dynamically allocated structure with a string field which was not
going to be used?  Very strange.

Not a real problem though because malloc will anyway round up the
allocation to at least the next word size.

Detected by Stack 0.3.
2015-03-16 13:38:10 +01:00
Werner Koch
428ea76965 Switch to automake 1.14 and update build-aux files.
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-30 10:45:20 +01:00
Daniel Kahn Gillmor
c32fab44f8 doc: Update gpl.texi to match version from gnupg
--

Somehow the doc/gpl.texi from gpgme and gnupg drifted out of sync.
This patch to gpgme's file brings it in line with gnupg's master
branch, and avoids the following errors during make:

./gpl.texi:667: @section seen before @end enumerate
./gpl.texi:724: unmatched `@end enumerate'
./gpl.texi:1: warning: node next `Copying' in menu `Concept Index'
   and in sectioning `Function and Data Index' differ
2014-12-15 11:55:05 +01:00
Werner Koch
a813c09cc7 Post release updates.
--
2014-12-11 12:56:51 +01:00
Werner Koch
37d927a970 Release 1.5.3.
* configure.ac: Set LT version to C24/A13/R2.
2014-12-11 12:07:49 +01:00
Werner Koch
05258d4275 Return an error for some export key operations.
* src/context.h (OPDATA_EXPORT): New.
* src/export.c (op_data_t): New.
(release_op_data): New.
(parse_error): New.
(export_status_handler): New.
(export_start, export_ext_start): Prepare op_data.
(gpgme_op_export_ext, gpgme_op_export_keys): Return an error from the
status handler.
--

To support an error return also for the async functions we need to
extend the API.  Until we have done that this new features helps at
least in some cases; in particular for --send-keys.
2014-12-08 11:19:16 +01:00
Werner Koch
162c87f069 Post release updates
--
2014-11-21 21:29:11 +01:00
Werner Koch
c62ce32b9c Release 1.5.2.
* configure.ac: Set LT version to C24/A13/R1.
2014-11-21 21:19:26 +01:00
Werner Koch
81ce87111f Update the previous commit
* src/sign.c (gpgme_op_sign_result): Reformat and take care of failed
malloc.
--

Although _gpgme_debug_trace() is current always true, the code should
be run always and not just in trace mode.  Also added error checking
to malloc and strdup.  And while at replace some while by for loop for
easier readability.
2014-11-21 21:12:06 +01:00
Ben Kibbey
5942b0c7e0 Fix returning new signatures when there are none.
* src/sign.c (gpgme_op_sign_result): Test that invalid and valid
signatures add up to gpgme_signers_count().
--

When invalid and valid signatures do not equal gpgme_signers_count() it
means that there was a bad passphrase during signing after the first
signer. This leaves the result.signatures from previous signers intact
which isn't correct since gpg will report:

gpg: number of one-pass packets does not match number of signature
packets
gpg: can't handle this ambiguous signature data

during verify. So when this happens append the valid signatures to the
.invalid_signers list with .reason set to GPG_ERR_GENERAL.
2014-11-21 20:25:43 +01:00
Werner Koch
a9ae0d1428 doc: Clarify the FILE command.
--
2014-11-19 11:53:12 +01:00
Werner Koch
8031341283 Improve the debug output a bit.
* src/debug.h (TRACE_ERR): Include the line number in the output.
2014-11-06 15:59:06 +01:00
Werner Koch
4027a0a897 build: Implement SYSROOT feature.
* configure.ac: Document SYSROOT.
* m4/gpg-error.m4: Update from libgpg-error master.
* src/gpgme.m4: Implement SYSROOT stuff.
2014-10-02 15:57:50 +02:00
Daniel Kahn Gillmor
b3309f997c Use --no-sk-comments, not --no-sk-comment.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
2014-10-02 15:20:35 +02:00
Werner Koch
7273ab387a Register DCO for Daniel Kahn Gillmor.
--
2014-09-24 15:24:05 +02:00
Werner Koch
cde19f94d6 Add ftp and git URLs to AUTHORS.
--
2014-09-24 14:48:58 +02:00
Werner Koch
2e8ecc24cf tests: Delay some test file extraction until "make check".
* tests/gpg/Makefile.am (all-local): Change to check-local.
* tests/gpgsm/Makefile.am (all-local): Ditto.
2014-09-24 14:46:47 +02:00
Daniel Kahn Gillmor
36997e0f74 Clean up gpgme's tests/gpg when gpg2.1 is available
* tests/gpg/Makefile.am: Clean up .gpg-v21-migrated
--

We also need to gitignore this file.
2014-09-24 14:44:51 +02:00
Werner Koch
4160ef90a1 gpgme-tool: Print fingerprint and keyid with keyservers.
* src/gpgme-tool.c (cmd_keylist): Print keyid.  Print FPR only if
available.
2014-08-12 18:50:14 +02:00
Werner Koch
3450bff52b Handle modern keyserver output which may emit the fingerprint.
* src/engine-gpg.c (read_colon_line): Split preprocessed lines.
(gpg_keylist_preprocess): Limit keyid field and print fingerprint.
2014-08-12 18:47:39 +02:00
Werner Koch
488e44cdb5 gpgme-tool: Install gpgme-tool.
* src/Makefile.am (bin_PROGRAMS): New.  Add gpgme-tools.
(noinst_PROGRAMS): Remove.
2014-08-12 17:51:38 +02:00
Werner Koch
e5ab116072 gpgme-tool: Fix segv for external key listing.
* src/gpgme-tool.c (result_xml_escape): Allow for DATA being NULL.
2014-08-12 17:42:08 +02:00
Werner Koch
bfe18a0651 Post release updates.
--
2014-07-30 12:03:47 +02:00
Werner Koch
16835c3b5d Release 1.5.1
* configure.ac: Change LT version to C24/A13/R0.
2014-07-30 11:47:31 +02:00
Werner Koch
2cbd76f791 Fix possible realloc overflow for gpgsm and uiserver engines.
* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--

After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded.  Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order.  This is not easy exploitable because libassuan constructs the
line.  However a crash has been reported and thus it might be possible
to constructs an exploit.

CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
2014-07-30 11:04:55 +02:00
Werner Koch
68116fa5f6 w32: Get IOSPAWN flag back in sync with spawn helper.
* src/gpgme-w32spawn.c: Include priv-io.h.
2014-06-26 10:42:56 +02:00
Werner Koch
efaf42205c w32: Add comment about a compiler warning
--
2014-06-26 10:41:46 +02:00
Werner Koch
86260b47c9 Add new reason codes to the INV_RECP status code.
* src/op-support.c (_gpgme_parse_inv_recp): Add codes 13 and 14.
2014-06-10 14:52:06 +02:00
Werner Koch
4dc9af2415 Add new keylist mode GPGME_KEYLIST_MODE_WITH_SECRET.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.

* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret".  Print card info and and secret flag for subkeys.
--

Note: This mode may only be used with GnuPG >= 2.1.
2014-06-04 09:57:54 +02:00
Werner Koch
ee0f17736e Post release updates
--
2014-05-21 09:43:53 +02:00