aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Set -fcommon compile optioncb/T5215Christoph Biedl2021-01-221-0/+14
| | | | | | | | | | | | -- In gcc 10, the default was changed to -fno-common, triggering linker errors since the code indeed uses extern declarations in such a way. Turns out fixing these isn't easy, so rather just restore the previous behaviour. GnuPG-bug-id: 5215 Signed-off-by: Christoph Biedl <[email protected]>
* Protect error counter against overflow.Werner Koch2020-03-031-6/+5
| | | | | | | | | | | * util/logger.c (log_inc_errorcount): Protect against overflow. (g10_log_warning): Bumb error counter using the above function. (g10_log_error): Ditto. -- This is a similar patch we use in 2.2 and libgpg-error. Signed-off-by: Werner Koch <[email protected]>
* Post release updatesWerner Koch2018-06-112-1/+5
| | | | --
* Release 1.4.23gnupg-1.4.23Werner Koch2018-06-112-4/+40
|
* po: Auto updateWerner Koch2018-06-113-4741/+4525
| | | | --
* gpg: Sanitize diagnostic with the original file name.Werner Koch2018-06-081-1/+5
| | | | | | | | | | | | | | | * g10/mainproc.c (proc_plaintext): Sanitize verbose output. -- This fixes a forgotten sanitation of user supplied data in a verbose mode diagnostic. The mention CVE is about using this to inject status-fd lines into the stderr output. Other harm good as well be done. Note that GPGME based applications are not affected because GPGME does not fold status output into stderr. CVE-id: CVE-2018-12020 GnuPG-bug-id: 4012 (cherry picked from commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b)
* g10: Push compress filter only if compressed.NIIBE Yutaka2018-04-131-5/+8
| | | | | | | | | | | | | | | * g10/compress.c (handle_compressed): Fix memory leak. -- (backport from STABLE-BRANCH-2-2 commit: c31abf84659dbda5503dd9f3aa3449520bcd1b84) All other calls of push_compress_filter checks ALGO, so, do it here, too. GnuPG-bug-id: 3898 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix a fr string. Mark a string fuzzy in ro and sk.Werner Koch2017-12-193-2/+4
| | | | | | | | | | | | -- The French string has an extra %s which would result in garbage output or segv. I am not sure about the sk andro and thus better mark them as fuzzy. GnuPG-bug-id: 3619 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese translation.NIIBE Yutaka2017-12-181-4/+4
| | | | | | | | | | | | | | * po/ja.po: Fix message with no "%s". -- Backport of master commit from: 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8 The wrong message caused segmentation fault for key generation when no expiration is specified. GnuPG-bug-id: 3619 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix regexp sanitization.NIIBE Yutaka2017-12-041-1/+7
| | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (sanitize_regexp): Only escape operators. -- Backport from master commit: ccf3ba92087e79abdeaa0208795829b431c6f201 To sanitize a regular expression, quoting by backslash should be only done for defined characters. POSIX defines 12 characters including dot and backslash. Quoting other characters is wrong, in two ways; It may build an operator like: \b, \s, \w when using GNU library. Case ignored match doesn't work, because quoting lower letter means literally and no much to upper letter. GnuPG-bug-id: 2923 Co-authored-by: Damien Goutte-Gattat <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* po/da: Fix Danish confusion between "compressed" and "compromised"Daniel Kahn Gillmor2017-11-111-2/+2
| | | | | | | | | | | | | -- In https://bugs.debian.org/881393 , Jonas Smedegaard reports: > In option number 1, the word "komprimeret" means "compressed". > > I am pretty sure it should say "kompromitteret" instead, which means > "compromised". Debian-Bug-Id: 881393 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Do not use C99 feature.Dario Niedermann2017-11-101-3/+4
| | | | | | | | | * cipher/rsa.c (secret): Move var decl to the beginning. -- Trivial patch; ChangeLog written by wk. Signed-off-by: Werner Koch <[email protected]>
* build: Don't use /dev/srandom on OpenBSDJeremie Courreges-Anglas2017-11-021-6/+0
| | | | | | | | | -- All /dev/*random devices have been equivalent since OpenBSD 4.9, on purpose (/dev/random doesn't block). /dev/srandom has been removed in the OpenBSD 6.3 development cycle, /dev/arandom will likely follow. Signed-off-by: Jeremie Courreges-Anglas <[email protected]>
* po: update Dutch translation.Frans Spiesschaert2017-09-061-7/+10
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Remove documentation for future option --faked-system-time.Marcus Brinkmann2017-08-041-7/+0
| | | | | | | doc/gpg.texi: Remove documentation for --faked-system-time. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3329
* debian: Remove packaging from upstream repository.Daniel Kahn Gillmor2017-08-028-622/+0
| | | | | | | | | | | | | Debian packaging for GnuPG is handled in debian git repositories, and doesn't belong here in the upstream repository. The packaging was significantly out of date anyway. If you're looking for debian packaging for the 1.4 branch of GnuPG, please use the following git remote: https://anonscm.debian.org/git/pkg-gnupg/gnupg1.git Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: Update Danish translationJoe Hansen2017-08-021-6/+6
| | | | | | | Originally reported at: http://lists.gnupg.org/pipermail/gnupg-i18n/2014-November/000308.html Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: Update Dutch translationFrans Spiesschaert2017-08-021-13/+11
| | | | | Debian-Bug-Id: 845695 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: Update Spanish translationManuel Venturi Porras Peralta2017-08-011-13/+9
| | | | | Debian-Bug-Id: 814541 Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Post release updatesWerner Koch2017-07-192-1/+4
| | | | --
* Release 1.4.22gnupg-1.4.22Werner Koch2017-07-193-5/+11
|
* po: Update Norwegian translationÅka Sikrom2017-07-191-2555/+5968
| | | | Signed-off-by: Werner Koch <[email protected]>
* build: Avoid check gpg --version during make distcheck.Werner Koch2017-07-191-0/+9
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* indent: Fix indentation of an if block.Werner Koch2017-07-191-18/+18
| | | | --
* gpg: Fix memory leak.NIIBE Yutaka2017-07-071-0/+1
| | | | | | | | | | | * g10/textfilter.c (copy_clearsig_text): Free the buffer. -- Signed-off-by: NIIBE Yutaka <[email protected]> (backport from master commit: 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819)
* rsa: Reduce secmem pressure.NIIBE Yutaka2017-07-071-1/+8
| | | | | | * cipher/rsa.c (secret): Don't keep secmem. Signed-off-by: NIIBE Yutaka <[email protected]>
* rsa: Allow different build directory.NIIBE Yutaka2017-07-072-2/+2
| | | | | | | * cipher/Makefile.am (AM_CPPFLAGS): Add mpi dirs. * cipher/rsa.c: Change include file. Signed-off-by: NIIBE Yutaka <[email protected]>
* rsa: Add exponent blinding.Marcus Brinkmann2017-07-071-4/+29
| | | | | | | | | | | * cipher/rsa.c (secret_core_crt): Blind secret D with randomized nonce R for mpi_powm computation. -- Backport of libgcrypt 8725c99ffa41778f382ca97233183bcd687bb0ce. Signed-off-by: Marcus Brinkmann <[email protected]>
* mpi: Minor fix for mpi_pow.NIIBE Yutaka2017-07-071-2/+2
| | | | | | * mpi/mpi-pow.c (mpi_powm): Fix allocation size. Signed-off-by: NIIBE Yutaka <[email protected]>
* mpi: Same computation for square and multiply for mpi_pow.NIIBE Yutaka2017-07-071-34/+38
| | | | | | | | | | | | | * mpi/mpi-pow.c (_gcry_mpi_powm): Compare msize for max_u_size. Move the assignment to base_u into the loop. Copy content refered by RP to BASE_U except the last of the loop. -- Signed-off-by: NIIBE Yutaka <[email protected]> (backport commit of libgcrypt master: 78130828e9a140a9de4dafadbc844dbb64cb709a)
* mpi: Simplify mpi_powm.NIIBE Yutaka2017-07-071-73/+30
| | | | | | | | | | | * mpi/mpi-pow.c (_gcry_mpi_powm): Simplify the loop. -- (backport of libgcrypt master commit: 719468e53133d3bdf12156c5bfdea2bf15f9f6f1) Signed-off-by: NIIBE Yutaka <[email protected]>
* mpi: Fix ARM assembler in longlong.h.Marcus Brinkmann2017-07-041-3/+3
| | | | | | | | | | | * mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC. [__arm__][__ARM_ARCH <= 3] (umul_ppmm): Add __AND_CLOBBER_CC. -- This is a backport of libgcrypt 8aa4f2161 and 3b1cc9e6c. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3182
* doc: Fix typo.Marcus Brinkmann2017-07-031-1/+1
| | | | | Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3243
* g10: Fix secmem leak.Ineiev2017-05-101-12/+12
| | | | | | | | | | | | | | * g10/keygen.c (proc_parameter_file): Fix secmem leak. -- proc_parameter_file adds certain parameters to the list in the PARA argument; however, these new entries are leaked because they are added to head, while the PARA list is released by the caller of proc_parameter_file. GnuPG-bug-id: 1371 Signed-off-by: Ineiev <[email protected]>
* gpg: Fix exporting of zero length user ID packets.Werner Koch2017-03-301-1/+6
| | | | | | | | | | | | | | * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Note that in 1.4 and 2.0 this is only an issue for attribute packets. In 2.1 user IDs were also affected.a Signed-off-by: Werner Koch <[email protected]>
* spelling: Correct achived to achieved.Daniel Kahn Gillmor2016-11-022-2/+2
| | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* tools: Fix option parsing for gpg-zip.Neal H. Walfield2016-11-021-4/+6
| | | | | | | | | | | | | | * tools/gpg-zip.in: Correctly set GPG when --gpg is specified. Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar. (cherry-picked by dkg from master branch's 84ebf15b06e435453b2f58775f97a3a1c61a7e55) -- Signed-off-by: Neal H. Walfield <[email protected]> Co-authored-by: Michael Mönch <[email protected]> GnuPG-bug-id 1351 GnuPG-bug-id 1442
* po: Update Norwegian translationÅka Sikrom2016-08-181-1151/+1981
| | | | | | -- Minor change: Re-insert the old copyright year 2004. - wk
* Post release updatesWerner Koch2016-08-172-1/+5
| | | | --
* Release 1.4.21gnupg-1.4.21Werner Koch2016-08-172-14/+29
|
* gpg: Add dummy option --with-subkey-fingerprint.Werner Koch2016-08-171-0/+5
| | | | | | * g10/gpg.c (opts): Add dummy option. Signed-off-by: Werner Koch <[email protected]>
* po: Auto updateWerner Koch2016-08-1729-117/+118
| | | | --
* build: Create a swdb file during "make distcheck".Werner Koch2016-08-171-0/+13
| | | | | | * Makefile.am (distcheck-hook): New. Signed-off-by: Werner Koch <[email protected]>
* build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.Werner Koch2016-08-172-83/+143
| | | | --
* po: Update Russian translationIneiev2016-08-171-82/+80
|
* random: Hash continuous areas in the csprng pool.Werner Koch2016-08-171-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * cipher/random.c (mix_pool): Store the first hash at the end of the pool. -- This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG. An attacker who obtains 580 bytes of the random number from the standard RNG can trivially predict the next 20 bytes of output. This bug does not affect the default generation of keys because running gpg for key creation creates at most 2 keys from the pool: For a single 4096 bit RSA key 512 byte of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable. For the former default of DSA+Elgamal key it is complicate to give an answer: For 2048 bit keys a pool of 30 non-secret candidate primes of about 300 bits each are first created. This reads at least 1140 bytes from the pool and thus parts could be predicted. At some point a 256 bit secret is read from the pool; which in the worst case might be partly predictable. The bug was found and reported by Felix Dörre and Vladimir Klebanov, Karlsruhe Institute of Technology. A paper describing the problem in detail will shortly be published. CVE-id: CVE-2016-6313 Signed-off-by: Werner Koch <[email protected]>
* cipher: Improve readability by using a macro.Werner Koch2016-08-171-2/+2
| | | | | | * cipher/random.c (mix_pool): Use DIGESTLEN instead of 20. Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid publishing the GnuPG version by defaultDaniel Kahn Gillmor2016-08-092-3/+3
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. (backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c) Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Clean up "allow to"Daniel Kahn Gillmor2016-08-044-7/+7
| | | | | | | | | | | | | | | * README, cipher/cipher.c, cipher/pubkey.c, doc/gpg.texi: replace "allow to" with clearer text In standard English, the normal construction is "${XXX} allows ${YYY} to" -- that is, the subject (${XXX}) of the sentence is allowing the object (${YYY}) to do something. When the object is missing, the phrasing sounds awkward, even if the object is implied by context. There's almost always a better construction that isn't as awkward. These changes should make the language a bit clearer. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Fix spelling: "occured" should be "occurred"Daniel Kahn Gillmor2016-08-046-8/+8
| | | | | | | | * checks/armor.test, cipher/des.c, g10/ccid-driver.c, g10/pkclist.c, util/regcomp.c, util/regex_internal.c: correct the spelling of "occured" to "occurred" Signed-off-by: Daniel Kahn Gillmor <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 07:59:20 +0000