gnupg.git
4 years agogpg: Remove unused args from a function.
Werner Koch [Mon, 5 Jan 2015 14:07:23 +0000 (15:07 +0100)]
gpg: Remove unused args from a function.

* g10/keyserver.c (parse_keyserver_uri): Remove args configname and
configlineno.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Clear a possible rest of the KDF secret buffer.
Werner Koch [Mon, 5 Jan 2015 14:03:12 +0000 (15:03 +0100)]
gpg: Clear a possible rest of the KDF secret buffer.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
--

That bug has been here since the beginning.  The entire function needs
a review or be be moved to Libgcrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agobuild: Require automake 1.14.
Werner Koch [Mon, 5 Jan 2015 13:55:36 +0000 (14:55 +0100)]
build: Require automake 1.14.

* configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.

4 years agoagent: Make --allow-loopback-pinentry gpgconf changeable.
Werner Koch [Sun, 4 Jan 2015 16:19:06 +0000 (17:19 +0100)]
agent: Make --allow-loopback-pinentry gpgconf changeable.

4 years agotools: Free variable before return
Joshua Rogers [Mon, 22 Dec 2014 13:47:50 +0000 (00:47 +1100)]
tools: Free variable before return

* tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
upon error.
--

Signed-off-by: Joshua Rogers <git@internot.info>
4 years agoRegister DCO for Joshua Rogers.
Werner Koch [Mon, 22 Dec 2014 13:27:33 +0000 (14:27 +0100)]
Register DCO for Joshua Rogers.

--

4 years agosm: Avoid double-free on iconv failure
Daniel Kahn Gillmor [Fri, 19 Dec 2014 23:53:34 +0000 (18:53 -0500)]
sm: Avoid double-free on iconv failure

* sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
double-free of pwbuf.

--

Observed by Joshua Rogers <honey@internot.info>, who proposed a
slightly different fix.

Debian-Bug-Id: 773472

Added fix at a second place - wk.

4 years agoscd: Avoid double-free on error condition in scd
Daniel Kahn Gillmor [Fri, 19 Dec 2014 23:07:55 +0000 (18:07 -0500)]
scd: Avoid double-free on error condition in scd

* scd/command.c (cmd_readkey): avoid double-free of cert

--

When ksba_cert_new() fails, cert will be double-freed.

Debian-Bug-Id: 773471

Original patch changed by wk to do the free only at leave.

4 years agoavoid future chance of using uninitialized memory
Daniel Kahn Gillmor [Fri, 19 Dec 2014 22:53:36 +0000 (17:53 -0500)]
avoid future chance of using uninitialized memory

* common/iobuf.c: (iobuf_open): initialize len

--

In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.

With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.

However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.

Debian-Bug-Id: 773469

4 years agoavoid double-close in unusual dotlock situations
Daniel Kahn Gillmor [Fri, 19 Dec 2014 22:12:37 +0000 (17:12 -0500)]
avoid double-close in unusual dotlock situations

* common/dotlock.c: (dotlock_create_unix) avoid double-close()
 in unusual situations.

--

close(2) says:

 close() should not be retried after an EINTR since this  may
       cause a reused descriptor from another thread to be closed.

Before this patch was applied, if close(fd) failed with EINTR, it
would be closed again in the write_failed: block.

It could also have been closed a second time in the case that
(use_hardlinks_p (h->tname)) evaluated to something other than 0 or 1.

This patch avoids both of those scenarios.

Note that close() could still be called twice on the same file
descriptor if the first close(fd) fails but errno is not EINTR.  I'm
not sure the right thing to do in that scenario.  An alternate
resolution could be to unequivocally set fd to -1 after the first
failed close(fd), avoiding the errno == EINTR test.

Debian-Bug-Id: 773423

4 years agogpgkey2ssh: clean up varargs
Daniel Kahn Gillmor [Fri, 19 Dec 2014 22:12:05 +0000 (17:12 -0500)]
gpgkey2ssh: clean up varargs

* tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.

--

stdarg(3) says:
       Each invocation of va_start() must be matched by a
       corresponding invocation of va_end() in the same function.

Observed by Joshua Rogers <honey@internot.info>

Debian-Bug-Id: 773415

4 years agodoc: Fix memory leak in yat2m.
Werner Koch [Mon, 22 Dec 2014 11:44:13 +0000 (12:44 +0100)]
doc: Fix memory leak in yat2m.

* doc/yat2m.c (write_th): Free NAME.
--

Reported-by: Joshua Rogers <git@internot.info>
4 years agodirmngr: Fix memory leak.
Werner Koch [Mon, 22 Dec 2014 11:34:57 +0000 (12:34 +0100)]
dirmngr: Fix memory leak.

* dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.

* dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
--

Reported-by: Joshua Rogers <git@internot.info>
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Remove un-needed check.
Werner Koch [Mon, 22 Dec 2014 11:29:32 +0000 (12:29 +0100)]
dirmngr: Remove un-needed check.

* dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
--

Reported-by: Joshua Rogers <git@internot.info>
  "Remove un-needed check. If 'url' were not to be true,
   http_parse_uri(parse_uri(do_parse_uri))) would fail, leaving 'err'
   false."

In addition I added an explicit check for the URL arg not beeing NULL.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr,gpgsm: Return NULL on fail
Werner Koch [Mon, 22 Dec 2014 11:16:46 +0000 (12:16 +0100)]
dirmngr,gpgsm: Return NULL on fail

* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--

Reported-by: Joshua Rogers <git@internot.info>
  "If something inside the ldapserver_parse_one function failed,
   'server' would be freed, then returned, leading to a
   use-after-free.  This code is likely copied from sm/gpgsm.c, which
   was also susceptible to this bug."

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: ECDH Support.
NIIBE Yutaka [Mon, 22 Dec 2014 00:27:00 +0000 (09:27 +0900)]
scd: ECDH Support.

* agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
* scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
(send_key_attr): Support ECDH.  Fix EdDSA algorithm value.
(retrieve_key_material): Initialize fields.
(get_public_key, ecc_writekey, do_writekey): Support ECDH.
(ecdh_writekey): Remove.
(do_decipher): Support ECDH.
(parse_algorithm_attribute): Support ECDH.  Fix EdDSA.

--

Following the gpg-agent protocol, SCDaemon's counter part is now
implemented.

4 years agoagent: Make sure --max-cache-ttl is >= --default-cache-ttl.
Werner Koch [Fri, 19 Dec 2014 12:28:14 +0000 (13:28 +0100)]
agent: Make sure --max-cache-ttl is >= --default-cache-ttl.

* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--

This change should help to avoid surprising behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Keep the session environment for restricted connections.
Werner Koch [Fri, 19 Dec 2014 12:07:09 +0000 (13:07 +0100)]
agent: Keep the session environment for restricted connections.

* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function.  Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--

A remote connection is and should not be able to setup the local
session environment.  However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used.  The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Fix string prepended to remotely initiated prompts.
Werner Koch [Fri, 19 Dec 2014 11:03:38 +0000 (12:03 +0100)]
agent: Fix string prepended to remotely initiated prompts.

* agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
translatable.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agobuild: Remove option to build without agent.
Werner Koch [Thu, 18 Dec 2014 08:38:41 +0000 (09:38 +0100)]
build: Remove option to build without agent.

* configure.ac (build-agent): Set to yes.

4 years agogpgconf: Exit with failure if --launch fails.
Werner Koch [Wed, 17 Dec 2014 09:36:24 +0000 (10:36 +0100)]
gpgconf: Exit with failure if --launch fails.

* tools/gpgconf-comp.c (gc_component_launch): Return an error code.
* tools/gpgconf.c (main): Exit if launch failed.
--
GnuPG-bug-id: 1791

4 years agopo: Update Japanese Translation.
NIIBE Yutaka [Wed, 17 Dec 2014 00:54:19 +0000 (09:54 +0900)]
po: Update Japanese Translation.

--

Investigated who is P.KATOH, and fixed the header, accordingly.

4 years agoPost release updates
Werner Koch [Tue, 16 Dec 2014 16:00:45 +0000 (17:00 +0100)]
Post release updates

--

4 years agoRelease 2.1.1 gnupg-2.1.1
Werner Koch [Tue, 16 Dec 2014 14:53:28 +0000 (15:53 +0100)]
Release 2.1.1

4 years agopo: auto update
Werner Koch [Tue, 16 Dec 2014 14:52:44 +0000 (15:52 +0100)]
po: auto update

--

4 years agopo: Update the German translation
Werner Koch [Tue, 16 Dec 2014 14:51:48 +0000 (15:51 +0100)]
po: Update the German translation

4 years agopo: Update Czech translation
Petr Pisar [Tue, 16 Dec 2014 14:34:03 +0000 (15:34 +0100)]
po: Update Czech translation

4 years agogpg: Show private DO information in the card status.
Werner Koch [Tue, 16 Dec 2014 12:10:09 +0000 (13:10 +0100)]
gpg: Show private DO information in the card status.

* g10/call-agent.c (agent_release_card_info): Free private_do.
(learn_status_cb): Parse PRIVATE-DO-n stati.
--

Reported-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Provided patch extended to release the memory.

4 years agopo: Update Russian translation
Ineiev [Tue, 16 Dec 2014 10:40:11 +0000 (11:40 +0100)]
po: Update Russian translation

4 years agopo: Update zh_TW translation
Jedi [Tue, 16 Dec 2014 10:34:39 +0000 (11:34 +0100)]
po: Update zh_TW translation

4 years agogpg: Add sub-command "factory-reset" to --card-edit.
Werner Koch [Mon, 15 Dec 2014 16:38:40 +0000 (17:38 +0100)]
gpg: Add sub-command "factory-reset" to --card-edit.

* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression in notation data regression.
Werner Koch [Mon, 15 Dec 2014 08:50:19 +0000 (09:50 +0100)]
gpg: Fix regression in notation data regression.

* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--

Also re-added the check for signature version > 3.

Reported-by: MFPA
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Avoid extra LF in notaion data listing.
Werner Koch [Mon, 15 Dec 2014 08:47:21 +0000 (09:47 +0100)]
gpg: Avoid extra LF in notaion data listing.

* g10/keylist.c (show_notation): Use log_printf.

4 years agodoc: Typo fixes.
Werner Koch [Sun, 14 Dec 2014 11:15:21 +0000 (12:15 +0100)]
doc: Typo fixes.

--

4 years agoscd: Fix possibly inhibited checkpin of the admin pin.
Werner Koch [Fri, 12 Dec 2014 19:08:45 +0000 (20:08 +0100)]
scd: Fix possibly inhibited checkpin of the admin pin.

* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Let --card--status create a shadow key (card key stub).
Werner Koch [Fri, 12 Dec 2014 11:35:45 +0000 (12:35 +0100)]
gpg: Let --card--status create a shadow key (card key stub).

* agent/command.c (cmd_learn): Add option --sendinfo.
* agent/learncard.c (agent_handle_learn): Add arg "send" andsend
certifciate only if that is set.
* g10/call-agent.c (agent_scd_learn): Use --sendinfo.  Make INFO
optional.
(agent_learn): Remove.
* g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
--

The requirement of using --card-status on the first use of card on a
new box is a bit annoying but the alternative of always checking
whether a card is available before a decryption starts does not sound
promising either.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix possible read of unallocated memory
Werner Koch [Fri, 12 Dec 2014 09:41:25 +0000 (10:41 +0100)]
gpg: Fix possible read of unallocated memory

* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agobuild: Replace deprecated autconf macro.
Werner Koch [Thu, 11 Dec 2014 14:14:44 +0000 (15:14 +0100)]
build: Replace deprecated autconf macro.

* m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
* m4/po.m4: Ditto.
--

In preparation of moving to automake 1.14.

GnuPG-bug-id: 1776

4 years agodirmngr: Improve dead host detection.
Werner Koch [Mon, 8 Dec 2014 16:13:11 +0000 (17:13 +0100)]
dirmngr: Improve dead host detection.

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
also for 2 other error messages.

4 years agohttp: Improve diagnostic messages.
Werner Koch [Mon, 8 Dec 2014 16:12:23 +0000 (17:12 +0100)]
http: Improve diagnostic messages.

* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--

1. Prints the TLS alert description.

2. Detect case where the DNS returns an IP address but the server is
   not reachable at this address.  This may happen for a server which
   is reachable only at IPv6 but but the local machine has no full
   IPv6 configuration.

4 years agogpg: Obsolete some keyserver helper options.
Werner Koch [Mon, 8 Dec 2014 14:14:35 +0000 (15:14 +0100)]
gpg: Obsolete some keyserver helper options.

* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--

Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers.  For one we print a hint on
how to replace it:

  gpg: keyserver option 'ca-cert-file' is obsolete; \
  please use 'hkp-cacert' in dirmngr.conf

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add OpenPGP card vendor 0x1337.
Werner Koch [Mon, 8 Dec 2014 10:46:48 +0000 (11:46 +0100)]
gpg: Add OpenPGP card vendor 0x1337.

--

4 years agodirmngr: Return a proper error for all dead hosts.
Werner Koch [Mon, 8 Dec 2014 10:13:17 +0000 (11:13 +0100)]
dirmngr: Return a proper error for all dead hosts.

* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t.  Change all
callers.
--

The functions used to return an error code via ERRNO.  However, this
does not allow to return extra error codes in a portable way.  Thus we
change the function to directly return a gpg_error_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Write a status line for a failed --send-keys.
Werner Koch [Mon, 8 Dec 2014 10:10:11 +0000 (11:10 +0100)]
gpg: Write a status line for a failed --send-keys.

* g10/keyserver.c (keyserver_put): Write an status error.

4 years agoscd: Fix for EdDSA.
NIIBE Yutaka [Mon, 8 Dec 2014 01:21:55 +0000 (10:21 +0900)]
scd: Fix for EdDSA.

* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.

4 years agoDocument no-allow-mark-trusted option
Andre Heinecke [Fri, 5 Dec 2014 10:16:14 +0000 (11:16 +0100)]
Document no-allow-mark-trusted option

    doc: Document no-allow-mark-trusted for gpg-agent

    * doc/gpg-agent.texi: Change allow-mark-trusted doc to
    no-allow-mark-trusted.

    --
    Since rev. 78a56b14 allow-mark-trusted is the default option
    and was replaced by no-allow-mark-trusted to disable the
    interactive prompt.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
4 years agoscd: Fix for NIST P-256.
NIIBE Yutaka [Fri, 5 Dec 2014 05:20:50 +0000 (14:20 +0900)]
scd: Fix for NIST P-256.

* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.

4 years agogpg: Allow import of large keys.
Werner Koch [Thu, 4 Dec 2014 09:53:10 +0000 (10:53 +0100)]
gpg: Allow import of large keys.

* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoindentation: Update g10/import.c
Werner Koch [Thu, 4 Dec 2014 09:45:53 +0000 (10:45 +0100)]
indentation: Update g10/import.c

--

4 years agogpg: Remove option aliases --[no-]throw-keyid and --notation-data.
Werner Koch [Wed, 3 Dec 2014 10:28:10 +0000 (11:28 +0100)]
gpg: Remove option aliases --[no-]throw-keyid and --notation-data.

* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--

See mails starting
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html

4 years agoagent: Replace some sprintf.
Werner Koch [Tue, 2 Dec 2014 13:13:53 +0000 (14:13 +0100)]
agent: Replace some sprintf.

* agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
* agent/command-ssh.c (ssh_identity_register): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
put_membuf_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agotools: Improve watchgnupg portability.
Werner Koch [Mon, 1 Dec 2014 14:55:28 +0000 (15:55 +0100)]
tools: Improve watchgnupg portability.

* configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
* tools/watchgnupg.c: Include it.
--

It seems http://www.musl-libc.org/ is quite limited and requires
the use sys/select.h instead of unistd.h et al.

4 years agogpg: Fix export bug using exact search with only one key in the keybox.
Werner Koch [Mon, 1 Dec 2014 10:54:51 +0000 (11:54 +0100)]
gpg: Fix export bug using exact search with only one key in the keybox.

* g10/export.c (do_export_stream): Disable caching.
* g10/keyserver.c (keyidlist): Ditto.
--

GnuPG-bug-id: 1774

4 years agoscd: Implement socket redirection.
Werner Koch [Mon, 1 Dec 2014 09:45:06 +0000 (10:45 +0100)]
scd: Implement socket redirection.

* scd/scdaemon.c (ENAMETOOLONG): New.
(redir_socket_name): New.
(cleanup): Take care of a redirected socket.
(main): Pass redir_socket_name to create_server_socket.
(create_socket_name): Remove superfluous length check.
(create_server_socket): Add arg r_redir_name and implement
redirection.  Replace assert for older Assuan by an error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Implement socket redirection.
Werner Koch [Mon, 1 Dec 2014 08:50:55 +0000 (09:50 +0100)]
dirmngr: Implement socket redirection.

* dirmngr/dirmngr.c (ENAMETOOLONG): new.
(redir_socket_name): New.
(main): Add Assuan socket redirection.
(cleanup): Adjust cleanup for redirection.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Fix compile problem for old Libassuan.
Werner Koch [Mon, 1 Dec 2014 08:49:16 +0000 (09:49 +0100)]
agent: Fix compile problem for old Libassuan.

--

4 years agoagent: Implement socket redirection.
Werner Koch [Fri, 28 Nov 2014 20:34:35 +0000 (21:34 +0100)]
agent: Implement socket redirection.

* agent/gpg-agent.c (ENAMETOOLONG): New.
(redir_socket_name, redir_socket_name_extra)
(redir_socket_name_ssh): New.
(remove_socket): Take care of the redir names.
(main): Pass the redir names to create_server_socket.
(create_socket_name): Remove length check - that is anyway done later.
(create_server_socket): Add arg r_redir_name and implement redirection
if Libassuan is at least 2.14.

4 years agogpg: Change another BUG() call to a regular error message.
Werner Koch [Fri, 28 Nov 2014 11:20:42 +0000 (12:20 +0100)]
gpg: Change another BUG() call to a regular error message.

* g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoAdd option --no-autostart.
Werner Koch [Fri, 28 Nov 2014 08:44:19 +0000 (09:44 +0100)]
Add option --no-autostart.

* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg-agent: Add restricted connection feature.
Мирослав Николић [Thu, 27 Nov 2014 19:41:37 +0000 (20:41 +0100)]
gpg-agent: Add restricted connection feature.

* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.

* common/util.h (GPG_ERR_FORBIDDEN): New.

4 years agoagent: Make auditing of the option list easier.
Мирослав Николић [Thu, 27 Nov 2014 16:28:00 +0000 (17:28 +0100)]
agent: Make auditing of the option list easier.

* agent/gpg-agent.c (opts): Use ARGPARSE_ macros.

4 years agodirmngr: Only report hkps scheme when available
Kristian Fiskerstrand [Tue, 25 Nov 2014 18:24:18 +0000 (19:24 +0100)]
dirmngr: Only report hkps scheme when available

* dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.

--
Only report support for the hkps scheme when GnuPG / dirmngr
has been built with a TLS library.

This helps debuging and enable the user to detect whether support
for hkps is included by doing a
`gpg-connect-agent --dirmngr 'keyserver --help' /bye`.
Currently hkps will be listed as a supported scheme but trying to
add a keyserver using it will silently fail.

As a digression, https is never listed as a valid scheme.

4 years agogpg: Change a bug() call to a regular error message.
Werner Koch [Wed, 26 Nov 2014 09:21:01 +0000 (10:21 +0100)]
gpg: Change a bug() call to a regular error message.

* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--

This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.

4 years agoFix buffer overflow in openpgp_oid_to_str.
Werner Koch [Tue, 25 Nov 2014 10:58:56 +0000 (11:58 +0100)]
Fix buffer overflow in openpgp_oid_to_str.

* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.

* common/t-openpgp-oid.c (BADOID): New.
(test_openpgp_oid_to_str): Add test cases.
--

The code has an obvious error by not considering invalid encoding for
arc-2.  A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules.  Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.

The fix is obvious.  Also added a few simple test cases.  Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough.  Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7

4 years agobuild: Require libgpg-error 1.16.
Werner Koch [Mon, 24 Nov 2014 19:12:38 +0000 (20:12 +0100)]
build: Require libgpg-error 1.16.

--

1.15 has a bug which will lead to a segv when sending keys.  Better
updated the requirements to avoid bug reports.

4 years agogpg: Fix use of uninit.value in listing sig subpkts.
Werner Koch [Mon, 24 Nov 2014 17:05:45 +0000 (18:05 +0100)]
gpg: Fix use of uninit.value in listing sig subpkts.

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix off-by-one read in the attribute subpacket parser.
Werner Koch [Mon, 24 Nov 2014 16:28:25 +0000 (17:28 +0100)]
gpg: Fix off-by-one read in the attribute subpacket parser.

* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix batch generation of ECC keys.
Werner Koch [Mon, 24 Nov 2014 10:56:49 +0000 (11:56 +0100)]
gpg: Fix batch generation of ECC keys.

* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--

Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.

Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Update dirmngr.texi
Werner Koch [Mon, 24 Nov 2014 10:23:22 +0000 (11:23 +0100)]
doc: Update dirmngr.texi

--

4 years agoDistinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}
Daniel Kahn Gillmor [Fri, 21 Nov 2014 22:04:42 +0000 (17:04 -0500)]
Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}

* common/argparse.c (initialize): Use correct value.
--
This avoids a dead path in the argparse code.

It's not clear that this is needed, however, since
ARGPARSE_AMBIGUOUS_COMMAND is never actually used in the code.
Another approach would be to trim out ARGPARSE_AMBIGUOUS_COMMAND
entirely.

4 years agogpg: Refer to --throw-keyids instead of --throw-keyid
Daniel Kahn Gillmor [Fri, 21 Nov 2014 22:33:01 +0000 (17:33 -0500)]
gpg: Refer to --throw-keyids instead of --throw-keyid

* g10/encrypt.c: adjust error message

--
The full option name is --throw-keyids, so we should refer to it
consistently.

4 years agospeedo: Distribute installer graphics.
Werner Koch [Mon, 24 Nov 2014 08:44:18 +0000 (09:44 +0100)]
speedo: Distribute installer graphics.

--

4 years agoUpdate NEWS
Werner Koch [Fri, 21 Nov 2014 20:38:00 +0000 (21:38 +0100)]
Update NEWS

--

4 years agogpg: Track number of skipped v3 keys on import.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
gpg: Track number of skipped v3 keys on import.

* g10/import.c (stats_s): Add field v3keys.
(import): Update this field.
(import_print_stats): Print v3 key count.
(read_block): Skip v3 keys and return a count for them.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression in parse_key.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
gpg: Fix regression in parse_key.

* g10/parse-packet.c (parse): Better return just the gpg_err_code.
(parse_key): Return the error code.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agospeedo: Add simple logos to the installer.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
speedo: Add simple logos to the installer.

* build-aux/speedo/w32/README.txt: Include GnuPG Readme.
* build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
* build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
* build-aux/speedo/w32/inst.nsi: Add logos.
* build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
--

The welcome page logo is basically a placeholder until someone has
created a pretty one.

4 years agospeedo: Add libadns to the Windows installer.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
speedo: Add libadns to the Windows installer.

--

4 years agogpg: Fix hash detection for ECDSA.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
gpg: Fix hash detection for ECDSA.

* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
--

This error was introduced with
commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
while separating EdDSA from ECDSA.

Found due to a related bug report from Brian Minton.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoFix linker problem on OS X.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
Fix linker problem on OS X.

* common/init.c (default_errsource): Move to the .data segmemt.
--

See mails starting at
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029089.html

4 years agogpg-connect-agent: Add convenience option --uiserver.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
gpg-connect-agent: Add convenience option --uiserver.

4 years agopo: Update German translation.
Werner Koch [Wed, 19 Nov 2014 09:34:32 +0000 (10:34 +0100)]
po: Update German translation.

--

4 years agoComment typo fixes.
Werner Koch [Wed, 19 Nov 2014 09:31:49 +0000 (10:31 +0100)]
Comment typo fixes.

--

4 years agoAdd "gpgconf --kill dirmngr" and avoid useless launch before a kill.
Werner Koch [Wed, 19 Nov 2014 09:31:34 +0000 (10:31 +0100)]
Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.

* common/asshelp.c (start_new_gpg_agent): Add arg autostart.  Change
all callers to use 1 for it.
(start_new_dirmngr): Ditto.
* tools/gpg-connect-agent.c: Add option --no-autostart.
(main): Default autostart to 1.
(start_agent): Implement no-autostart.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Change a string to a simlar one to ease translation.
Werner Koch [Wed, 19 Nov 2014 09:24:56 +0000 (10:24 +0100)]
common: Change a string to a simlar one to ease translation.

--

4 years agopo: Update Ukrainian translation.
Werner Koch [Mon, 17 Nov 2014 14:00:06 +0000 (15:00 +0100)]
po: Update Ukrainian translation.

--

4 years agopo: Copied missing translations from the 2.0 branch.
Werner Koch [Mon, 17 Nov 2014 13:38:59 +0000 (14:38 +0100)]
po: Copied missing translations from the 2.0 branch.

* po/LINGUAS: Add new translations.
--

Note that be.ru and pt_BR.po have not been copied because they have
way too less translated strings (74, 290 out of 2054).  The current
stats are:

  ca.po: 464 translated, 1024 fuzzy translations, 566 untranslated.
  cs.po: 1719 translated, 317 fuzzy translations, 18 untranslated.
  da.po: 1468 translated, 444 fuzzy translations, 142 untranslated.
  de.po: 2052 translated, 1 fuzzy translation, 1 untranslated message.
  el.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  eo.po: 331 translated, 1109 fuzzy translations, 614 untranslated.
  es.po: 1455 translated, 461 fuzzy translations, 138 untranslated.
  et.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  fi.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  fr.po: 2052 translated, 1 fuzzy translation, 1 untranslated message.
  gl.po: 458 translated, 1044 fuzzy translations, 552 untranslated.
  hu.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  id.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  it.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  ja.po: 2022 translated, 23 fuzzy translations, 9 untranslated.
  nb.po: 684 translated, 635 fuzzy translations, 735 untranslated.
  pl.po: 1469 translated, 443 fuzzy translations, 142 untranslated.
  pt.po: 400 translated, 1057 fuzzy translations, 597 untranslated.
  ro.po: 874 translated, 726 fuzzy translations, 454 untranslated.
  ru.po: 1257 translated, 478 fuzzy translations, 319 untranslated.
  sk.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
  sv.po: 1452 translated, 458 fuzzy translations, 144 untranslated.
  tr.po: 1386 translated, 494 fuzzy translations, 174 untranslated.
  uk.po: 2016 translated, 27 fuzzy translations, 11 untranslated.
  zh_CN.po: 927 translated, 690 fuzzy translations, 437 untranslated.
  zh_TW.po: 1471 translated, 447 fuzzy translations, 136 untranslated.

4 years agopo: Update Japanese Translation.
NIIBE Yutaka [Tue, 18 Nov 2014 04:03:23 +0000 (13:03 +0900)]
po: Update Japanese Translation.

--

Fixing previous commit.

4 years agopo: Update Japanese Translation.
NIIBE Yutaka [Tue, 18 Nov 2014 03:01:22 +0000 (12:01 +0900)]
po: Update Japanese Translation.

--

4 years agogpg: Fix a NULL-deref for invalid input data.
Werner Koch [Mon, 17 Nov 2014 12:08:23 +0000 (13:08 +0100)]
gpg: Fix a NULL-deref for invalid input data.

* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agospeedo: Install -dev files for the libraries.
Werner Koch [Thu, 13 Nov 2014 18:23:17 +0000 (19:23 +0100)]
speedo: Install -dev files for the libraries.

--

4 years agopo: Auto-update.
Werner Koch [Thu, 13 Nov 2014 16:51:09 +0000 (17:51 +0100)]
po: Auto-update.

--

4 years agogpg: Make the use of "--verify FILE" for detached sigs harder.
Werner Koch [Thu, 13 Nov 2014 16:39:31 +0000 (17:39 +0100)]
gpg: Make the use of "--verify FILE" for detached sigs harder.

* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix a missing LF in debug output.
Werner Koch [Thu, 13 Nov 2014 16:01:17 +0000 (17:01 +0100)]
gpg: Fix a missing LF in debug output.

* g10/kbnode.c (dump_kbnode): Print a LF.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Re-indent two files.
Werner Koch [Thu, 13 Nov 2014 12:00:46 +0000 (13:00 +0100)]
gpg: Re-indent two files.

--

4 years agogpg: Remove PGP-2 related cruft.
Werner Koch [Thu, 13 Nov 2014 11:01:42 +0000 (12:01 +0100)]
gpg: Remove PGP-2 related cruft.

* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
  algo.  Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--

The removed code was either not anymore used or its use would have
caused an error message later anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Improve perceived speed of secret key listings.
Werner Koch [Wed, 12 Nov 2014 11:41:20 +0000 (12:41 +0100)]
gpg: Improve perceived speed of secret key listings.

* g10/keylist.c (list_keyblock): Flush stdout for secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression in --refresh-keys
Werner Koch [Wed, 12 Nov 2014 11:14:32 +0000 (12:14 +0100)]
gpg: Fix regression in --refresh-keys

* g10/keyserver.c (keyserver_get): Factor all code out to ...
(keyserver_get_chunk): new.  Extimate line length.
(keyserver_get): Split up requests into chunks.
--

Note that refreshing all keys still requires way to much memory
because we build an in-memory list of all keys first.  It is required
to first get a list of all keys to avoid conflicts while updating the
key store in the process of receiving keys.  A better strategy would
be a background process and tracking the last update in the key store.

GnuPG-bug-id: 1755
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add import options "keep-ownertrust".
Werner Koch [Wed, 12 Nov 2014 08:56:40 +0000 (09:56 +0100)]
gpg: Add import options "keep-ownertrust".

* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import

4 years agoRemove use of gnulib (part 2)
Werner Koch [Tue, 11 Nov 2014 14:14:31 +0000 (15:14 +0100)]
Remove use of gnulib (part 2)

* configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
(gl_EARLY): Remove.
* common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
* common/sysutils.c (gnupg_mkdtemp): New.  Based on code from
glibc-2.6.
(gnupg_setenv): Rewrite.
(gnupg_unsetenv): Rewrite.
* g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
* g13/be-encfs.c: Ditto.
* g13/mount.c: Ditto.
* tools/symcryptrun.c (confucius_mktmpdir): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoRemove use of gnulib (part 1)
Werner Koch [Tue, 11 Nov 2014 09:13:10 +0000 (10:13 +0100)]
Remove use of gnulib (part 1)

* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.

* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"

* common/t-timestuff.c: Use putenv if setenv is not available.
--

gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X.  This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.

In part two we will address the functions

 mkdtemp
 setenv
 unsetenv
 strpbrk

which may bot be implemented on all platforms.  They are not required
on a libc based system.

Signed-off-by: Werner Koch <wk@gnupg.org>