Commit Graph

3220 Commits

Author SHA1 Message Date
Andre Heinecke
4a117859e7
json: Limit recursion depth
* src/cJSON.c (MAX_DEPTH): New. Maximum recursion depth.
(parse_value, parse_array, parse_object): Carry and check
depth argument.
(cJSON_ParseWithOpts): Initialize depth.

--
This fixes a stack overflow if we get weird recursive
json data.

GnuPG-Bug-Id: T4331
2019-02-27 14:27:47 +01:00
Andre Heinecke
73b2f40ae5
cpp: Add ostream operators for import result
* lang/cpp/src/importresult.cpp: Add ostream operators.
* lang/cpp/src/importresult.h: Update accordingly.
2019-02-21 13:05:55 +01:00
Andre Heinecke
6175025c82
cpp: Make GpgME::Data::toKeys really const
* lang/cpp/src/data.cpp (GpgME::Data::toKeys): Rewind afterards.

--
This fixes unexpected behavior that the seek pointer is changed
after calling the const toKeys.
2019-02-21 13:04:54 +01:00
Werner Koch
4c49417cc0
core,w32: Fix missing sentinel in dir name builder.
* src/w32-util.c (_gpgme_get_gpgconf_path): Add NULL top strconcat.
--

Fortunately this is called early and the stack like cleared out so
that we have not seen wrong behaviour until now.  We should really fix
all these annoying HANDLE/int cast warnings and alike so that real
bugs are not drowned by them.

GnuPG-bug-id: 4369
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-19 12:11:22 +01:00
Andre Heinecke
f8312d7c33
tests: Fix memleak in run-threaded
* tests/run-threaded.c (verify): Free msg.
2019-02-11 15:33:34 +01:00
Ben McGinnes
302d5ef52e python: examples
* A rather obvious variant of the existing key import examples, except
  directed at Mailvelope's keyserver.
* Yeah, Werner, I know ... but it exists because I used it and there's
  no harm in sharing.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-02-11 06:34:40 +11:00
Ben McGinnes
e005052f4d python: docs
* Version bump in preparation for whenever GPGME 1.13.0 happens.
* Ran the post_installer.py for docs preparation again.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-01-31 05:52:59 +11:00
Ben McGinnes
2de1e59977 python: post installer script
* Removed auto-generated .texi files from doc/src/ so only the
  corrected versions are left.
* Which means now it is complete, but with the initial work to expand
  it with info file generation later.
2019-01-27 16:02:24 +11:00
Ben McGinnes
1e26572365 python: post installer docs fix script
* Moved post_installer.py into the examples/howto/ directory.
* Added instructions for its use to the Python Bindings HOWTO.
* Ran it as intended from the lang/python/ directory in order to both
  prove it works and quickly and easily get the updated howto
  replicated.  Also to fix all those .texi files.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-01-27 14:57:53 +11:00
Werner Koch
ed81892917
json: Better use gpgme_free
* src/gpgme-json.c (subkey_to_json): here
--

Avoid Windows ugliness of allowing different CRTs in the same
process.

Fixes-commit: 7f24233719
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-25 15:20:26 +01:00
Werner Koch
7f24233719
json: Fix minor memory leaks.
* src/gpgme-json.c (interactive_repl): Fix memleak.
(subkey_to_json): Ditto
(op_config): Delay init of j_comps to avoid a leak on error.
--

GnuPG-bug-id: 4341, 4342, 4343
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-25 13:45:47 +01:00
NIIBE Yutaka
66bcb8acb2 build: With LD_LIBRARY_PATH defined, use --disable-new-dtags.
* configure.ac (LDADD_FOR_TESTS_KLUDGE): New for --disable-new-dtags.
* tests/Makefile.am (LDADD): Use LDADD_FOR_TESTS_KLUDGE.
* lang/cpp/tests/Makefile.am, lang/qt/tests/Makefile.am: Likewise.
* tests/gpg/Makefile.am, tests/gpgsm/Makefile.am: Likewise.
* tests/json/Makefile.am, tests/opassuan/Makefile.am: Likewise.

--

GnuPG-bug-id: 4298
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-16 10:59:25 +09:00
Andre Heinecke
ce327f994a
tests: Add diagnostic example to run-import.c
* tests/run-import.c (main): Show diagnostics in verbose mode.
2019-01-15 08:36:26 +01:00
Andre Heinecke
66376f3e20
qt: Use tofu conflict test keys without expiry
* lang/qt/tests/t-tofuinfo.cpp: Use new test keys without
expiry.

--
The old keys expired on 2019-01-06.

GnuPG-Bug-Id: T3815
2019-01-09 08:26:25 +01:00
Ben McGinnes
a0dbdfebbb python docs: post installer
* Merging post installer script.
* Included ammended Sphinx config file to try to reduce the
  auto-generated EPUB validation failures it produces.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-01-02 11:19:36 +11:00
Ben McGinnes
a2e7c863c8 python: post installer doc fix script
* Got rid of the bash bit in the comments.
* Made the final printed instructions far more obvious.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-01-02 11:08:43 +11:00
Ben McGinnes
207d4289d8 python: examples
* Fixed inter-edit.py so it will actually work now.
* made 3 others executable.
* Fixed the semantics of assuan.py's instructions.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2019-01-02 11:08:43 +11:00
Ben McGinnes
d406471d4b python: examples
* Fixed inter-edit.py so it will actually work now.
* made 3 others executable.
* Fixed the semantics of assuan.py's instructions.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-26 11:01:33 +11:00
Ben McGinnes
ef9355c2fe python: docs processing
* Added some EPUB specific config options to the Sphinx config file
  which might help reduce some of Sphinx's more stupid default errors
  with EPUB validation.
* Added lang/python/post_installer.py script for automating the
  generation of .texi and .rst "source" files from the real source
  files written in Org mode.  Includes recreating the Sphinx Makefile
  which is excluded due to the m4 toolchain in parent directories, it
  also handles the rewriting of the reST index file properly and
  rewrites the .texi files so they don't impale themselves on Unicode.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-25 00:18:10 +11:00
Ben McGinnes
06bca0eaa8 python: docs
* Found a bug in org-mode's export to texinfo function which will
  require either manual modification of each file or a customs sed run
  over the generated files for all updates.
* Manually updated the current files for now, but will need to add
  some post-install processing scripts for future use (I already have
  some of these for my specific setup, they just need to be made a
  little more generic and platform independent for here).

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-22 09:39:13 +11:00
Ben McGinnes
dc5f416351 python: groups example
* Tightened code a little more.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-21 21:01:04 +11:00
Ben McGinnes
daded49254 python docs: house keeping
* Dropped the ASCII copyright line, since even MS have conceded their
  battle against Unicode enough to load UTF-8.
* Fixed the drafts section since there will be less need of multiple
  output format testing from next year.
2018-12-18 04:07:29 +11:00
Werner Koch
8b41fb08f0
core: Silence newer compiler warnings.
* configure.ac: Add -Wno-format-truncation and
  -Wno-sizeof-pointer-div.
* src/b64dec.c (_gpgme_b64dec_proc): Add fallthrough annotation.
* src/cJSON.c (parse_string): Ditto.
* src/gpgme-json.c (main): Ditto.
--

gcc 8 enables a couple of new warnings.  Some of them are useless for
us.  In particular:

  util.h:42:26: warning: division 'sizeof (char *) / sizeof (char)'
  does not compute the number of array elements [-Wsizeof-pointer-div]
  #define DIM(v) (sizeof(v)/sizeof((v)[0])) ^

  trustlist.c:101:22: note:
  in expansion of macro 'DIM' if (strlen (p) == DIM(item->keyid) - 1)

Which is a real standard way to use DIM, here the right hand side is
equivalent to sizeof but nevertheless it is correct.  Yes sir, we know
C.

The format string warnings I have seen were assuming that the time
structure returns valued out of scope - but if the system is that
broken, the s_n_printf catches this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-17 16:47:27 +01:00
Ben McGinnes
fbc298dc1b python: howto and examples
* Tightening up both the documentation and some of the example code.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-16 17:12:21 +11:00
Ben McGinnes
4308d17281 python: examples bugfix
* Fixed a bug in the ProtonMail importers (pmkey-*.py) where multiple
  keys found for a username would always result in the last email
  address checked being returned in the printed output for all located
  keys.
2018-12-14 05:17:10 +11:00
Ben McGinnes
3849b60e22 python: new example script
* Though Keybase really should not be encouraged due to
  disengenuosness and FUD emanating from that souce, this new script
  will obtain a key hosted on that site and import it when supplied
  with the keybase username.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-13 04:54:51 +11:00
Ben McGinnes
3ca7cf07f5 python: what's new summary
* Added a little more detail to the what's new section.
2018-12-12 23:18:22 +11:00
Ben McGinnes
64758a0dac python: advanced howto example
* Added Cython requirement to this advanced use case.
2018-12-12 23:05:50 +11:00
Ben McGinnes
4c324ac1be python: howto examples equirements
* Added small requirements.txt file for additional modules not in the
  standard python library and not including the bindings themselves
  and not including Cython, which is for more advanced examples.
2018-12-12 23:01:16 +11:00
Ben McGinnes
772b5aae24 python: hkp key importer
* Tweaked it slightly to avoid repetition of key searches when there
  is only one search pattern to check (i.e. usually a single key ID or
  fingerprint).
2018-12-11 09:55:15 +11:00
Ben McGinnes
2e7a14c9b3 python: HKP search and import updates
* Tweaked the code again so that it can also handle the cases where
  someone has included a hexadecimal string in their user ID.
* Updated the HOWTO to match.
* Exported to .rst and .texi.
2018-12-11 07:14:28 +11:00
Ben McGinnes
fe7e01d164 python: key import via HKP example
* Fixed the logic used to search for any given pattern.
* Added a sensible method of checking whether a pattern is a key ID or
  fingerprint.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-11 04:41:03 +11:00
Ben McGinnes
7c63bfe4ab python: docs updates
* Multiple updates, expanding on the Windows installation issues.
* Also adding to the new maintenance mode reference document.
* Includes content relating to the resolution of T4271 and T4191.

Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-10 16:05:14 +11:00
Andre Heinecke
78f6291a3b
core: Fix ERR_INV_ARG check in genkey_start
* src/genkey.c (gpgme_op_genkey_start): Fix check for
parms.

--
This fixes a regression introduced by:
174af15725

So that the error was triggered by usual args.

GnuPG-Bug-Id: T4265
2018-12-07 10:43:58 +01:00
Ben McGinnes
ad030234b4 Merge branch 'master' of ssh+git://playfair.gnupg.org/git/gpgme 2018-12-06 01:53:08 +11:00
Ben McGinnes
dc5600d306 python: examples
* cut some of then poor len usage.
2018-12-06 01:50:52 +11:00
Daniel Kahn Gillmor
65c28da4e4
python: overhaul logic of Context.decrypt()
* lang/python/src/core.py (Context.decrypt): simplify and clarify the
logic behind handling verify=False.
* lang/python/tests/t-decrypt.py: ensure that we test verify=False

--

The function-internal variables were pretty unclear to the reader, and
the logic caused pretty nasty breakage when verify=False.

GnuPG-Bug-Id: 4271
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:10 +01:00
Daniel Kahn Gillmor
878a0ad012
python: ctx.decrypt() has problematic error handling
* lang/python/src/core.py (Context.decrypt): document odd
error-handling behavior as a potential problem to be addressed.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:09 +01:00
Daniel Kahn Gillmor
5d8b4f7489
python: Clarify the meaning of ctx.decrypt(verify=[])
* lang/python/src/core.py (Context.decrypt): docstring clarification
of what it means to pass an empty list to the verify argument.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:09 +01:00
Daniel Kahn Gillmor
b8fa76a30c
python: gpg.Context.decrypt verify_sigs and sink_result are bools
Both of these function-internal variables are never used for anything
other than a binary state.  Implement them as the booleans they are.
Otherwise, casual readers of the code might think that they're
supposed to represent something other than a flag (e.g. "verify_sigs"
could mean "the signatures to verify", and "sink_result" could mean
"the place where we sink the result").

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:09 +01:00
Daniel Kahn Gillmor
49af6d76e5
python: clarify documentation for verify argument for Context.decrypt()
It's easy to miss that verify can take a list of keys.  Make it more
obvious to the average python dev who reads docstrings.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:09 +01:00
Daniel Kahn Gillmor
2491e6f92f
python: simplify Context.decrypt()
In the course of trying to address https://dev.gnupg.org/T4271, i
discovered that gpg.Context.decrypt() has a bit of superfluous code.
This changeset is intended to simplify the code without making any
functional changes.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-12-05 11:46:09 +01:00
Ben McGinnes
1dffdcc6e9 python: windows c and cython
* added warning that he Windows C runtime issues will also affect use
  with Cython and that relying on binary installers would remove that
  possible use case.
2018-12-05 10:51:59 +11:00
Ben McGinnes
c8a04af676 python: sphinx modification
* The make.bat file incorrectly triggers the trailing whitespace check
  in the git repo (it doesn't actually have any trailing whitespace,
  but triggers the error on every line).
* Will need to add a script to handle future org-mode conversions of
  the index page anyway, so will get that script to deal with this
  problem too by generating the make.bat file if the platform is
  detected as Windows.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-05 09:31:10 +11:00
Ben McGinnes
6d8823b811 python: Sphinx support
* Added framework from sphinx-quickstart to lang/python/doc/rst/ so
  that Python developers already using Sphinx can use the generated
  reST files with existing documentation systems.
* Note that when generating source files from Org-mode, the index page
  will require manual intervention to match the Sphinx requirements.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-05 09:17:31 +11:00
Ben McGinnes
8d2621fcad Merge branch 'master' of ssh+git://playfair.gnupg.org/git/gpgme 2018-12-05 08:49:41 +11:00
Ben McGinnes
8613727f1e python: docs update
* Expanded the section on issues with Windows installations, with
  greater detail of which versions of Visual Studio are needed
  depending on which version of CPython is to be used.
* Included a recommendation which is a bit harsh without being totally
  prickish.
* Updated all files to not link to author's key or related data in
  order to make them all consistent with the changes in commit
  649b196881.

Signed-off-by: Ben McGinnes <ben@adversary.org>
2018-12-05 08:42:08 +11:00
NIIBE Yutaka
5dbac555f2 build: Remove --with-*-prefix, which is no need any more.
* autogen.rc (configure_opts): Remove --with-*-prefix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-04 12:35:41 +09:00
Andre Heinecke
1d31420650
qt,cpp: Consistently use nullptr and override
* lang/cpp/src/Makefile.am, lang/qt/src/Makefile.am (AM_CPPFLAGS):
Add suggest-override and zero-as-null-pointer-constant warnings.

* lang/cpp/src/*, lang/qt/src/*: Consistenly use nullptr and override.

--
This was especially important for the headers so that downstream
users of GpgME++ or QGpgME do not get flooded by warnings if
they have these warnings enabled.

It also improves compiler errors/warnings in case of accidental
mistakes.
2018-12-03 12:25:00 +01:00
Werner Koch
649b196881
doc: Minor comment cleanups.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-03 10:41:00 +01:00