diff options
| -rw-r--r-- | NEWS | 7 | ||||
| -rw-r--r-- | agent/agent.h | 2 | ||||
| -rw-r--r-- | agent/command.c | 2 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 3 | ||||
| -rw-r--r-- | common/asshelp.c | 72 | ||||
| -rw-r--r-- | common/asshelp.h | 5 | ||||
| -rw-r--r-- | common/ksba-io-support.c | 1 | ||||
| -rw-r--r-- | configure.ac | 2 | ||||
| -rw-r--r-- | dirmngr/dirmngr.c | 1 | ||||
| -rw-r--r-- | dirmngr/dns.c | 2 | ||||
| -rw-r--r-- | g10/misc.c | 35 | ||||
| -rw-r--r-- | kbx/keyboxd.c | 1 | ||||
| -rw-r--r-- | tests/gpgscm/scheme.c | 2 |
13 files changed, 116 insertions, 19 deletions
@@ -1,3 +1,10 @@ +Noteworthy changes in version 2.5.15 (unreleased) +------------------------------------------------- + + + Release-info: https://dev.gnupg.org/T7940 + + Noteworthy changes in version 2.5.14 (2025-11-19) ------------------------------------------------- diff --git a/agent/agent.h b/agent/agent.h index efdfe5b40..ce096fa95 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -694,7 +694,7 @@ agent_tpm2d_ecc_kem (ctrl_t ctrl, const unsigned char *shadow_info, const unsigned char *ecc_ct, size_t ecc_point_len, unsigned char *ecc_ecdh) { - (void)ctrl; (void)ecc_ct; + (void)ctrl; (void)shadow_info; (void)ecc_ct; (void)ecc_point_len; (void)ecc_ecdh; return gpg_error (GPG_ERR_NOT_SUPPORTED); } diff --git a/agent/command.c b/agent/command.c index a50cbce5a..21c95203c 100644 --- a/agent/command.c +++ b/agent/command.c @@ -3418,7 +3418,7 @@ cmd_keytocard (assuan_context_t ctx, char *line) timestamp = isotime2epoch (argv[3]); if (argc > 4) { - size_t n; + size_t n = 0; err = parse_hexstring (ctx, argv[4], &n); if (err) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 9227eec10..cbb624a02 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1855,6 +1855,9 @@ main (int argc, char **argv) } log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13) ); +#ifdef HAVE_W32_SYSTEM + w32_ack_to_frontend (); +#endif handle_connections (fd, fd_extra, fd_browser, fd_ssh, reliable_homedir_inotify); assuan_sock_close (fd); diff --git a/common/asshelp.c b/common/asshelp.c index 18b88f7b9..82a7b11d0 100644 --- a/common/asshelp.c +++ b/common/asshelp.c @@ -536,6 +536,8 @@ start_new_service (assuan_context_t *r_ctx, && assuan_socket_connect (ctx, sockname, 0, connect_flags)) { #ifdef HAVE_W32_SYSTEM + gpgrt_process_t proc; + /* On Windows we remove the socketname before creating it. * This is so that we can wait for a client which is * currently trying to connect. The 10000 will make the @@ -543,7 +545,40 @@ start_new_service (assuan_context_t *r_ctx, * violation to go away. */ gnupg_remove_ext (sockname, 10000); err = gpgrt_process_spawn (program? program : program_name, argv, - GPGRT_PROCESS_DETACHED, NULL, NULL); + (GPGRT_PROCESS_DETACHED + |GPGRT_PROCESS_STDIO_NUL + |GPGRT_PROCESS_STDOUT_PIPE + |GPGRT_PROCESS_STDERR_KEEP), + NULL, &proc); + if (!err) + { + int pipe_in; + err = gpgrt_process_get_fds (proc, 0, NULL, &pipe_in, NULL); + if (!err) + { + char buf[256]; + int r; + + /* We wait until the child process says it's ready + to serve, by reading from the pipe. */ + r = read (pipe_in, buf, sizeof buf); + close (pipe_in); + if (r < 0) + { + if (verbose) + log_info ("read from child process failed: %s\n", + strerror (errno)); + /* + * Go ahead, ignoring the read error, so that + * we can still support older Windows (< Vista). + * + * In future, we should return error with + * GPG_ERR_SERVER_FAILED here. + */ + } + } + gpgrt_process_release (proc); + } #else /*!W32*/ err = gpgrt_process_spawn (program? program : program_name, argv, 0, NULL, NULL); @@ -763,3 +798,38 @@ warn_server_version_mismatch (assuan_context_t ctx, xfree (serverversion); return err; } + + +#ifdef HAVE_W32_SYSTEM +#include <fcntl.h> + +/* + * At the start of service (gpg-agent/dirmngr/keyboxd), after the + * preparation of socket, send "OK" (or "ERR 1") to the frontend + * (gpg/gpgsm). + */ +void +w32_ack_to_frontend (void) +{ + int null_fd = open ("NUL", O_RDWR); + + /* For the case of older Windows (< Vista), stdin/stdout/stder is + * invalid handle and write to stdout may fail. We ignore this + * error. */ + if (null_fd < 0) + { + perror ("open failed"); + /* Reply "General Error". */ + write (1, "ERR 1\n", 6); + } + else + { + /* Reply, it's OK (because it's ready to serve). */ + write (1, "OK\n", 3); + if (dup2 (null_fd, 1) < 0) + perror ("dup2 failed"); + dup2 (null_fd, 2); + close (null_fd); + } +} +#endif diff --git a/common/asshelp.h b/common/asshelp.h index cde6e226f..936a3964e 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -106,6 +106,11 @@ gpg_error_t warn_server_version_mismatch (assuan_context_t ctx, void *status_func_ctrl, int print_hints); +#ifdef HAVE_W32_SYSTEM +/* Say hello to the frontend. */ +void w32_ack_to_frontend (void); +#endif + /*-- asshelp2.c --*/ diff --git a/common/ksba-io-support.c b/common/ksba-io-support.c index ff5e49531..b692fcf4e 100644 --- a/common/ksba-io-support.c +++ b/common/ksba-io-support.c @@ -134,6 +134,7 @@ struct gnupg_ksba_io_s { /* The base-64 character list */ +GPGRT_ATTR_NONSTRING static char bintoasc[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" diff --git a/configure.ac b/configure.ac index 56df3f51f..98f73a0c9 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.16.3" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [5]) -m4_define([mym4_micro], [14]) +m4_define([mym4_micro], [15]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 14472e9ef..32a4df3a9 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1527,6 +1527,7 @@ main (int argc, char **argv) pid = getpid (); es_printf ("set %s=%s;%lu;1\n", DIRMNGR_INFO_NAME, socket_name, (ulong) pid); + w32_ack_to_frontend (); #else pid = fork(); if (pid == (pid_t)-1) diff --git a/dirmngr/dns.c b/dirmngr/dns.c index 5c7bb08d8..e578fe8d9 100644 --- a/dirmngr/dns.c +++ b/dirmngr/dns.c @@ -3441,6 +3441,7 @@ static int dns_aaaa_cmp0(const void *a, const void *b) { } size_t dns_aaaa_arpa(void *_dst, size_t lim, const struct dns_aaaa *aaaa) { + GPGRT_ATTR_NONSTRING static const unsigned char hex[16] = "0123456789abcdef"; struct dns_buf dst = DNS_B_INTO(_dst, lim); unsigned nyble; @@ -4222,6 +4223,7 @@ static int dns_sshfp_cmp0(const void *a, const void *b) { size_t dns_sshfp_print(void *_dst, size_t lim, struct dns_sshfp *fp) { + GPGRT_ATTR_NONSTRING static const unsigned char hex[16] = "0123456789abcdef"; struct dns_buf dst = DNS_B_INTO(_dst, lim); size_t i; diff --git a/g10/misc.c b/g10/misc.c index 58932ed7b..4f8e810f2 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1245,11 +1245,13 @@ string_to_cipher_algo (const char *string) if (!val && string && (string[0]=='S' || string[0]=='s')) { char *endptr; + long longval; string++; - val = strtol (string, &endptr, 10); - if (!*string || *endptr || openpgp_cipher_test_algo (val)) - val = 0; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 0 && longval < 256 + && openpgp_cipher_test_algo ((int)longval)) + val = longval; } return val; @@ -1272,17 +1274,20 @@ string_to_aead_algo (const char *string) result = 1; else if (!ascii_strcasecmp (string, "OCB")) result = 2; - else if ((string[0]=='A' || string[0]=='a')) + else { - char *endptr; + result = 0; + if ((string[0]=='A' || string[0]=='a')) + { + char *endptr; + long longval; - string++; - result = strtol (string, &endptr, 10); - if (!*string || *endptr || result < 1 || result > 2) - result = 0; + string++; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 1 && longval <= 2) + result = longval; + } } - else - result = 0; return result; } @@ -1303,11 +1308,13 @@ string_to_digest_algo (const char *string) if (!val && string && (string[0]=='H' || string[0]=='h')) { char *endptr; + long longval; string++; - val = strtol (string, &endptr, 10); - if (!*string || *endptr || openpgp_md_test_algo (val)) - val = 0; + longval = strtol (string, &endptr, 10); + if (*string && !*endptr && longval >= 0 && longval < 256 + && openpgp_md_test_algo ((int)longval)) + val = longval; } return val; diff --git a/kbx/keyboxd.c b/kbx/keyboxd.c index 197f01c74..4eff1cc45 100644 --- a/kbx/keyboxd.c +++ b/kbx/keyboxd.c @@ -734,6 +734,7 @@ main (int argc, char **argv ) (void)nodetach; initialize_modules (); + w32_ack_to_frontend (); #else /*!HAVE_W32_SYSTEM*/ diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c index eda4f79c8..43cfa837b 100644 --- a/tests/gpgscm/scheme.c +++ b/tests/gpgscm/scheme.c @@ -5844,7 +5844,7 @@ void scheme_load_memory(scheme *sc, const char *buf, size_t len, const char *fil void scheme_define(scheme *sc, pointer envir, pointer symbol, pointer value) { pointer x; - pointer *sslot; + pointer *sslot = NULL; x = find_slot_spec_in_env(sc, envir, symbol, 0, &sslot); if (x != sc->NIL) { set_slot_in_env(sc, x, value); |