* src/engine-gpgsm.c (status_handler):
* src/engine-uiserver.c (status_handler):
--
After a realloc (realloc is also used for initial alloc) the allocated
size if the buffer is not correctly recorded. Thus an overflow can be
introduced by receiving data with different line lengths in a specific
order. This is not easy exploitable because libassuan constructs the
line. However a crash has been reported and thus it might be possible
to constructs an exploit.
CVE-id: CVE-2014-3564
Reported-by: Tomáš Trnka
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret". Print card info and and secret flag for subkeys.
--
Note: This mode may only be used with GnuPG >= 2.1.
* src/gpgme.h.in (struct _gpgme_subkey): Add field CURVE.
* src/key.c (gpgme_key_unref): Free CURVE.
* src/keylist.c (keylist_colon_handler): Set CURVE.
* src/gpgme.c (gpgme_release): For failsafe reasons reset engine and
engine info after freeing.
--
The engine hack is useful in case the other release functions
accidently call engine release.
* configure.ac (NEED_GPG_VERSION, NEED_GPGSM_VERSION)
(NEED_G13_VERSION, NEED_GPGCONF_VERSION): Remove vars and all related
checks. Do not check for any engine version.
(HAVE_ASSUAN): Remove AM conditional.
* src/Makefile.am: Remove separate component vars and always build all
engines but uiserver.
* src/dirinfo.c (WANT_GPGCONF_NAME): New.
(struct dirinfo): Add field gpgconf_name.
(_gpgme_get_default_gpgconf_name): Use WANT_GPGCONF_NAME.
(get_gpgconf_item): Set gpgconf name and adjust for _gpgme_get_*_path
now returning a malloced string.
* src/engine.c (engine_ops): Always init all engines except for
uiserver.
* src/posix-util.c (_gpgme_get_gpgsm_path, _gpgme_get_g13_path):
Remove unused functions.
(walk_path): New.
(_gpgme_get_gpg_path, _gpgme_get_gpgconf_path ): Re-implement using
walk_path.
* src/w32-util.c (_gpgme_get_gpgsm_path, _gpgme_get_g13_path): Remove
unused functions.
(_gpgme_get_gpg_path, _gpgme_get_gpgconf_path): Return a malloced
string.
* src/engine-g13.c (g13_get_req_version): Use a hardwired string with
the required version. This info belongs into this file.
* src/engine-gpg.c (gpg_get_req_version): Ditto.
* src/engine-gpgconf.c (gpgconf_get_req_version): Ditto.
* src/engine-gpgsm.c (gpgsm_get_req_version): Ditto.
* tests/t-engine-info.c: Replace now useless test by an info output.
* tests/gpg/Makefile.am (GPG, GPG_AGENT): Hardwire gpg and gpg-agent.
* tests/gpgsm/Makefile.am (GPGSM): Hardwire gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/gpgme.h.in (gpgme_data_type_t): New.
(gpgme_data_identify): New prototype.
* src/data-identify.c: New.
* src/parsetlv.c, src/parsetlv.h: New. Take from gpa.
* src/libgpgme.vers, src/gpgme.def: Add gpgme_data_identify.
* src/gpgme-tool.c (status): Add STATUS_IDENTIFY_RESULT.
(gt_identify): New.
(cmd_identify): New.
(hlp_passwd): Move close to cmd_passwd.
--
It is often useful to have a way to identify the data which needs
processing. This is such a common task that it makes sense to
implement this in gpgme to avoid diverging implementations.
* src/util.h: Move some prototypes to ...
* src/sys-util.h: New.
* src/Makefile.am (main_sources): Add sys-util.h.
* configure.ac (AH_VERBATIM): Add DIRSEP_C and DIRSEP_S.
* src/dirinfo.c: Include sys-util.h.
(WANT_GPG_NAME, WANT_GPGSM_NAME, WANT_G13_NAME)
(WANT_UISRV_SOCKET): New.
(dirinfo): Add corresponding fields.
(parse_output): Add arg COMPONENTS and set new fields.
(read_gpgconf_dirs): Add arg components and act upon it.
(get_gpgconf_item): Call read_gpgconf_dirs two times. Add debug
output.
(_gpgme_get_default_gpg_name): New.
(_gpgme_get_default_gpgsm_name): New.
(_gpgme_get_default_g13_name): New.
(_gpgme_get_default_gpgconf_name): New.
(_gpgme_get_default_uisrv_socket): New.
* src/engine-gpg.c, src/engine-g13.c, src/engine-gpgconf.c
* src/engine-gpgsm.c, src/engine-uiserver.c: Change to use
_gpgme_get_default_ instead of those from sys-util.h.
* src/posix-util.c (_gpgme_get_gpg_path): Include sys-util.h.
(_gpgme_get_uiserver_socket_path): Remove.
* src/w32-util.c (_gpgme_get_gpg_path): Include sys-util.h.
(_gpgme_get_uiserver_socket_path): Remove.
--
The default engines names are now taken from the output of gpgconf.
If gpgconf is not installed gpg 1 is assumed and locate the same was
as gpgconf.
* configure.ac (NEED__FILE_OFFSET_BITS): Change to define gpgme_off_t
and gpgme_ssize_t.
(API__OFF_T, API__SSIZE_T): New ac_subst.
* src/gpgme.h.in: Replace all ssize_t and off_t by ac_subst macros.
* src/assuan-support.c, src/ath-pthread.c, src/ath.c, src/ath.h
* src/data-compat.c, src/data-fd.c, src/data-mem.c, src/data-stream.c
* src/data-user.c, src/data.c, src/data.h, src/engine-gpgsm.c
* src/engine-uiserver.c, src/gpgme-tool.c, src/gpgme.c: Replace off_t
by gpgme_off_t and sszie_t by gpgme_ssize_t.
* src/ath-pthread.c, src/ath.h: Include gpgme.h.
--
For a detailed description, see the gpgme.texi diff.
* src/gpgme.c (gpgme_set_pinentry_mode): New.
* src/gpgme.h.in (gpgme_pinentry_t): New.
(gpgme_set_pinentry_mode): New.
* src/context.h (struct gpgme_context): Add field pinentry_mode.
* src/engine-backend.h (struct engine_ops): Add field
set_pinentry_mode.
* src/engine-gpg.c (struct engine_gpg): Add field pinentry_mode.
(build_argv): Implement pinentry_mode.
(gpg_set_pinentry_mode): New.
(_gpgme_engine_ops_gpg): Register gpg_set_pinentry_mode.
--
Note that this new fucntion may only be used with gpg 2.1.
* src/gpgme.c (gpgme_set_global_flag): New.
* src/gpgme.h.in (gpgme_set_global_flag): New.
* src/gpgme.def, src/libgpgme.vers: Add new public function.
* src/debug.c (envvar_override): New.:
(_gpgme_debug_set_debug_envvar): New.
(debug_init): Take ENVVAR_OVERRIDE in account.
--
On Android envvars can't be used, thus we need another way to enable
GPGME debugging. The new function allows this and may be used in the
future to implement similar things.
* src/verify.c (gpgme_op_verify_result): Update summary field.
--
This is actually a hack to solve the problem that GPGME currently does
not emit ERRSIG for a missing public key.
* gpgme.def: Add gpgme_err_code_from_syserror and gpgme_err_set_errno.
* libgpgme.vers: Likewise.
* gpgme.h.in (gpgme_error_from_errno): Fix return type to
gpgme_error_t.
(gpgme_err_code_from_syserror, gpgme_err_set_errno): New prototype.
(gpgme_error_from_syserror): New inline function (why are
gpgme_err_make_from_errno and gpgme_error_from_errno not inline
functions?).
* error.c (gpgme_error_from_errno): Fix return type to gpgme_error_t.
(gpgme_err_set_errno, gpgme_err_code_from_syserror): New functions.
2009-06-16 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Result Management): New section.
src/
2009-06-16 Marcus Brinkmann <marcus@g10code.de>
* gpgme.c (result_ref_lock): New global variable.
(gpgme_result_ref, gpgme_result_unref): use it.
2009-05-28 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Library Version Check): Document selftest error.
(Creating Contexts): Likewise.
src/
2009-05-28 Marcus Brinkmann <marcus@g10code.de>
* gpgme.h.in (gpgme_check_version_internal): New prototype.
(gpgme_check_version): New macro, overriding function of the same
name.
* libgpgme.vers, gpgme.def: Add gpgme_check_version_internal.o
* context.h (_gpgme_selftest): New variable declaration.
* version.c: Include "context.h".
(gpgme_check_version): Set _gpgme_selftest on success.
(gpgme_check_version_internal): New function.
* gpgme.c (_gpgme_selftest): Define it.
(gpgme_new): Check the selftest result.
2009-05-18 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Encrypting a Plaintext): Document
GPGME_ENCRYPT_NO_ENCRYPT_TO.
src/
2009-05-18 Marcus Brinkmann <marcus@g10code.de>
* gpgme.h.in (gpgme_encrypt_flags_t): Add
GPGME_ENCRYPT_NO_ENCRYPT_TO.
* engine-gpg.c (gpg_encrypt): Pass --no-encrypt-to to gpg if
GPGME_ENCRYPT_NO_ENCRYPT_TO flag is set.
2006-09-25 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Destroying Data Buffers): Clarify that
gpgme_data_release_and_get_mem destroys DH unconditionally.
gpgme/
2006-09-25 Marcus Brinkmann <marcus@g10code.de>
* data-mem.c (gpgme_data_release_and_get_mem): Release the data
object properly.
2005-10-02 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Key Management): Add the new member notations of
gpgme_sig_key_t.
(Key Listing Mode): Document GPGME_KEYLIST_MODE_SIG_NOTATIONS.
gpgme/
2005-10-02 Marcus Brinkmann <marcus@g10code.de>
* util.h (_gpgme_decode_percent_string): Add new argument BINARY
to prototype.
* verify.c (parse_notation): Likewise for invocation.
* conversion.c (_gpgme_decode_percent_string): Likewise to
declaration. If set, do not replace '\0' characters with a
printable string.
* gpgme.h (struct _gpgme_key_sig): New field notations.
* ops.h (_gpgme_parse_notation): New prototype.
* sig-notation.c (_gpgme_parse_notation): New function.
* key.c (gpgme_key_unref): Free all signature notations.
* keylist.c (op_data_t): New member tmp_keysig.
(finish_key): Clear OPD->tmp_keysig.
* gpgme.c (gpgme_set_keylist_mode): Remove check.
* rungpg.c (gpg_keylist): Support listing signature notations.
(gpg_keylist_ext): Likewise.
2005-10-01 Marcus Brinkmann <marcus@g10code.de>
* gpgme.texi (Signature Notation Data): New section.
(Verify): Added more about the notation data structure.
gpgme/
2005-10-01 Marcus Brinkmann <marcus@g10code.de>
* gpgme.def: Add gpgme_data_set_file_name,
gpgme_data_get_file_name, gpgme_sig_notation_clear,
gpgme_sig_notation_add and gpgme_sig_notation_get.
* libgpgme.vers: Add gpgme_sig_notation_clear,
gpgme_sig_notation_add and gpgme_sig_notation_get.
* Makefile.am (libgpgme_real_la_SOURCES): Add sig-notation.c.
* context.h (struct gpgme_context): New field sig_notations.
* gpgme.h (struct _gpgme_sig_notation): New member value_len and
critical.
(GPGME_SIG_NOTATION_CRITICAL): New symbol.
(gpgme_sig_notation_flags_t): New type.
(gpgme_sig_notation_add, gpgme_sig_notation_clear,
gpgme_sig_notation_get): New prototypes.
* ops.h (_gpgme_sig_notation_create, _gpgme_sig_notation_free):
New prototypes.
* sig-notation.c (_gpgme_sig_notation_free): New file.
* verify.c (parse_notation): Use support functions.
(release_op_data): Likewise.
* rungpg.c (append_args_from_sig_notations): New function.
(gpg_encrypt_sign, gpg_sign): Call it.
tests/
2005-10-01 Marcus Brinkmann <marcus@g10code.de>
* gpg/Makefile.am (TESTS): Add t-sig-notation.
* gpg/t-sig-notation.c (check_result): New file.
* gpg/t-verify.c (check_result): Also check the length of the
notation data.
* gpg/gpg.conf: New file.