gnupg.git
17 months agoscd: Support KDF DO setup.
NIIBE Yutaka [Thu, 22 Mar 2018 06:50:31 +0000 (15:50 +0900)]
scd: Support KDF DO setup.

* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agodoc: Typo fix in comment.
Werner Koch [Wed, 21 Mar 2018 18:45:31 +0000 (19:45 +0100)]
doc: Typo fix in comment.

--

17 months agogpg: Fix out-of-bound read in subpacket enumeration
Werner Koch [Thu, 15 Mar 2018 07:44:52 +0000 (08:44 +0100)]
gpg: Fix out-of-bound read in subpacket enumeration

* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet.  Print diagnostic.
--

If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this.  Fix is obvious.  Note that the further
parsing of the subpacket is still okay because it always checks the
length.  Note further that --list-packets uses a different code path
and already reported an error.

Reported-by: Philippe Antoine
He provided a test file copied below.  Running "gpg -v --verify" on it
triggered the bug.

-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking

kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoscd: signal mask should be set just after npth_init.
NIIBE Yutaka [Mon, 19 Mar 2018 07:36:30 +0000 (16:36 +0900)]
scd: signal mask should be set just after npth_init.

* scd/scdaemon.c (setup_signal_mask): New.
(main): Call setup_signal_mask.
(handle_connections): Remove signal mask setup.

--

For new thread, signal mask is inherited by thread creation.
Thus, it is best to setup signal mask just after npth_init.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Better user interaction for factory-reset.
NIIBE Yutaka [Fri, 16 Mar 2018 02:27:33 +0000 (11:27 +0900)]
scd: Better user interaction for factory-reset.

* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.

--

Before the change, a user has to quit the session to continue.  Now,
it is possible to type RET in the session and see if it's really done.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Fix suspend/resume handling for CCID driver.
NIIBE Yutaka [Thu, 15 Mar 2018 14:59:22 +0000 (23:59 +0900)]
scd: Fix suspend/resume handling for CCID driver.

* scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
to see if it's suspend/resume.

--

Upon suspend/resume, LIBUSB_TRANSFER_NO_DEVICE is returned, since all
URBs are cancelled.  We need to see if it's real NODEV error or its by
suspend/resume.  We can distinguish by sending URB again.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: After fatal error, shutdown a reader.
NIIBE Yutaka [Tue, 13 Mar 2018 03:53:49 +0000 (12:53 +0900)]
scd: After fatal error, shutdown a reader.

* scd/apdu.c (pcsc_send_apdu): Notify main loop after
fatal errors.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Fix for GNU/Linux suspend/resume.
NIIBE Yutaka [Tue, 13 Mar 2018 03:05:57 +0000 (12:05 +0900)]
scd: Fix for GNU/Linux suspend/resume.

* configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
* scd/scdaemon.c (scd_kick_the_loop): Minor clean up.

--

Normally SIGCONT or SIGUSR2 works for unblocking pselect.  But on my
machine with GNU/Linux, when a machine is suspend/resume-ed, pselect
keeps blocked, while signal itself is delivered.

It's better to use pipe.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Fix typo in previous commit.
NIIBE Yutaka [Mon, 12 Mar 2018 01:17:05 +0000 (10:17 +0900)]
scd: Fix typo in previous commit.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: More fix with PC/SC for Windows.
NIIBE Yutaka [Thu, 8 Mar 2018 23:56:50 +0000 (08:56 +0900)]
scd: More fix with PC/SC for Windows.

* scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
Add debug log.

--

GnuPG-bug-id: 3825
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Fix status check when using PC/SC.
NIIBE Yutaka [Thu, 8 Mar 2018 07:51:51 +0000 (16:51 +0900)]
scd: Fix status check when using PC/SC.

* scd/apdu.c (struct reader_table_s): Add field of current_state.
(new_reader_slot): Initialize current_state.
(pcsc_get_status): Keep the status in READER_TABLE array.
Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
* scd/scdaemon.c (handle_connections): Silence a warning.

--

To detect some change of card status, including suspend/resume
possibly, SCardGetStatusChange should be used keeping the
dwCurrentState field.

This change could improve situation for suspend/resume with Yubikey on
Windows.  Even not, this is doing the Right Thing.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agogpg: Fix build on Windows.
NIIBE Yutaka [Thu, 8 Mar 2018 05:08:51 +0000 (14:08 +0900)]
gpg: Fix build on Windows.

--

WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2,
and grp3 in dlgs.h, which is included by windows.h.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agodoc: man page grammar
Ben McGinnes [Tue, 6 Mar 2018 23:28:48 +0000 (10:28 +1100)]
doc: man page grammar

--
Fixed two grammatical errors: their vs. there and oneself vs. one
(one's self would still be too stilted).

17 months agoagent: Also evict cached items via a timer.
Werner Koch [Tue, 6 Mar 2018 15:22:42 +0000 (16:22 +0100)]
agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Fix regression in last --card-status patch
Werner Koch [Thu, 1 Mar 2018 18:10:10 +0000 (19:10 +0100)]
gpg: Fix regression in last --card-status patch

--

Sorry, I accidentally pushed the last commit without having amended it
with this fix.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Print the keygrip with --card-status
Werner Koch [Thu, 1 Mar 2018 18:03:23 +0000 (19:03 +0100)]
gpg: Print the keygrip with --card-status

* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--

Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpgconf, w32: Allow UNC paths
Andre Heinecke [Wed, 28 Feb 2018 15:29:56 +0000 (16:29 +0100)]
gpgconf, w32: Allow UNC paths

* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.

--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.

GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
17 months agodirmngr: Handle failures related to missing IPv6 gracefully
Michał Górny [Wed, 31 Jan 2018 15:57:19 +0000 (16:57 +0100)]
dirmngr: Handle failures related to missing IPv6 gracefully

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.

--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.

GnuPG-bug-id: 3331

--

The above description seems to be for Linux, so it is possible that
other systems might behave different.  However, it is worth to try
this patch.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodoc: Fix recently introduced typo in gpgsm.texi.
Werner Koch [Thu, 22 Feb 2018 15:39:52 +0000 (16:39 +0100)]
doc: Fix recently introduced typo in gpgsm.texi.

--

17 months agoPost release updates.
Werner Koch [Thu, 22 Feb 2018 15:10:20 +0000 (16:10 +0100)]
Post release updates.

--

17 months agoRelease 2.2.5 gnupg-2.2.5
Werner Koch [Thu, 22 Feb 2018 14:32:36 +0000 (15:32 +0100)]
Release 2.2.5

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Don't let gpg return failure on an invalid packet in a keyblock.
Werner Koch [Thu, 22 Feb 2018 13:23:01 +0000 (14:23 +0100)]
gpg: Don't let gpg return failure on an invalid packet in a keyblock.

* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--

log_info should be sufficient and makes this more robust.  Some
tools (e.g. Enigmail) are too picky on return codes from gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agog10: Select a secret key by checking availability under gpg-agent.
NIIBE Yutaka [Tue, 26 Sep 2017 02:02:05 +0000 (11:02 +0900)]
g10: Select a secret key by checking availability under gpg-agent.

* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

--

GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)

17 months agodoc: Clarify -export-secret-key-p12
Werner Koch [Thu, 22 Feb 2018 09:24:24 +0000 (10:24 +0100)]
doc: Clarify -export-secret-key-p12

--

GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agobuild: Update autogen.sh
Werner Koch [Wed, 21 Feb 2018 16:56:40 +0000 (17:56 +0100)]
build: Update autogen.sh

--

Now installs a git patch prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agodoc: Add extra hint on unattended use of gpg.
Werner Koch [Wed, 21 Feb 2018 09:17:20 +0000 (10:17 +0100)]
doc: Add extra hint on unattended use of gpg.

--

18 months agowks: Add special mode to --install-key.
Werner Koch [Tue, 20 Feb 2018 14:23:19 +0000 (15:23 +0100)]
wks: Add special mode to --install-key.

* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agowks: Implement server command --install-key.
Werner Koch [Tue, 20 Feb 2018 10:45:58 +0000 (11:45 +0100)]
wks: Implement server command --install-key.

* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agowks: Support alternative submission address.
Werner Koch [Tue, 20 Feb 2018 08:00:00 +0000 (09:00 +0100)]
wks: Support alternative submission address.

* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
* tools/wks-util.c (wks_parse_policy): Parse that field.
(wks_free_policy): New.
* tools/gpg-wks-client.c (command_send): Also try to take the
submission-address from the policy file.  Free POLICY.
* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
(command_list_domains): Free POLICY.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agospeedo: Use --enable-wks-tools for non-W32 builds.
Werner Koch [Tue, 20 Feb 2018 07:57:28 +0000 (08:57 +0100)]
speedo: Use --enable-wks-tools for non-W32 builds.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agospeedo: Add new option STATIC=1
Werner Koch [Mon, 19 Feb 2018 09:51:27 +0000 (10:51 +0100)]
speedo: Add new option STATIC=1

--

This can be used to build GnuPG with static versions of the core
gnupg libraries.  For example:

 make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
     INSTALL_PREFIX=/somewhere/gnupg22  native

The SELFCHECK=0 is only needed to build from a non-released version.
You don't need it with a released tarball.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agokbx: Fix detection of corrupted keyblocks on 32 bit systems.
Werner Koch [Thu, 15 Feb 2018 10:17:28 +0000 (11:17 +0100)]
kbx: Fix detection of corrupted keyblocks on 32 bit systems.

* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--

On most 32 bit systems size_t is 32 bit and thus the check

  size_t cert_off = get32 (buffer+8);
  size_t cert_len = get32 (buffer+12);
  if (cert_off+cert_len > length)
    return gpg_error (GPG_ERR_TOO_SHORT);

does not work as intended for all supplied values.  The simplest
solution here is to cast them to 64 bit.

In general it will be better to avoid size_t at all and work with
uint64_t.  We did not do this in the past because uint64_t was not
universally available.

GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpg: Fix reversed messages for --only-sign-text-ids.
NIIBE Yutaka [Thu, 15 Feb 2018 05:22:06 +0000 (14:22 +0900)]
gpg: Fix reversed messages for --only-sign-text-ids.

* g10/keyedit.c (keyedit_menu): Fix messages.

--

GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoagent: Avoid appending a '\0' byte to the response of READKEY
Katsuhiro Ueno [Wed, 7 Feb 2018 09:52:37 +0000 (18:52 +0900)]
agent: Avoid appending a '\0' byte to the response of READKEY

* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.

18 months agosm: Fix minor memory leak in --export-p12.
Werner Koch [Wed, 14 Feb 2018 13:54:51 +0000 (14:54 +0100)]
sm: Fix minor memory leak in --export-p12.

* sm/export.c (gpgsm_p12_export): Free KEYGRIP.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agosm: Fix a wrong key parameter in an exported private key file
Katsuhiro Ueno [Wed, 7 Feb 2018 09:46:54 +0000 (18:46 +0900)]
sm: Fix a wrong key parameter in an exported private key file

* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--

This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:

$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d

--
Let me(wk) add this:

This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
used gpg-protect-tool which got it right.  We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agocommon: Use new function to print status strings.
Werner Koch [Wed, 14 Feb 2018 11:21:23 +0000 (12:21 +0100)]
common: Use new function to print status strings.

* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
18 months agoscd: Improve KDF-DO support
Arnaud Fontaine [Thu, 8 Feb 2018 18:03:08 +0000 (19:03 +0100)]
scd: Improve KDF-DO support

* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
18 months agoscd: Fix handling for Data Object with no data.
NIIBE Yutaka [Mon, 12 Feb 2018 09:56:58 +0000 (18:56 +0900)]
scd: Fix handling for Data Object with no data.

* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agodoc: Add compliance de-vs to gpgsm in vsnfd.prf
Andre Heinecke [Fri, 9 Feb 2018 08:45:28 +0000 (09:45 +0100)]
doc: Add compliance de-vs to gpgsm in vsnfd.prf

* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.

18 months agoscd: Use pipe to kick the loop on NetBSD.
NIIBE Yutaka [Wed, 7 Feb 2018 03:43:07 +0000 (12:43 +0900)]
scd: Use pipe to kick the loop on NetBSD.

* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.

--

On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason.  Use pipe instead, for such systems.

GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agogpg: Update list of card vendors from master
Werner Koch [Thu, 1 Feb 2018 11:05:19 +0000 (12:05 +0100)]
gpg: Update list of card vendors from master

--

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agotests: Fix for NetBSD with __func__.
NIIBE Yutaka [Mon, 29 Jan 2018 00:34:37 +0000 (09:34 +0900)]
tests: Fix for NetBSD with __func__.

* tests/asschk.c: Don't define __func__ if available.

--

NetBSD 7.0 has __func__ defined.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agodirmngr: Improve assuan error comment for cmd keyserver.
Werner Koch [Sat, 27 Jan 2018 18:46:19 +0000 (19:46 +0100)]
dirmngr: Improve assuan error comment for cmd keyserver.

* dirmngr/server.c: Add error comment in case --resolve fails in
ensure_keyserver.
--

GnuPG-bug-id: 3756
Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agoagent: Fix last commit.
NIIBE Yutaka [Fri, 26 Jan 2018 01:42:31 +0000 (10:42 +0900)]
agent: Fix last commit.

* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.

--

It was T2981, adding ucred.h for Solaris.  We also need sys/ucred.h
for FreeBSD and macOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoagent: More fix for get_client_pid for portability.
NIIBE Yutaka [Fri, 26 Jan 2018 01:08:29 +0000 (10:08 +0900)]
agent: More fix for get_client_pid for portability.

    * configure.ac: Check sys/ucred.h instead of ucred.h.
    * agent/command-ssh.c: Include sys/ucred.h.

--

It's *BSD and macOS thing.

Fixes-commit: f7f806afa5083617f4aba02fc3b285b06a7d73d4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agodoc: Note --quick-gen-key as an alias for --quick-generate-key
Werner Koch [Thu, 25 Jan 2018 14:14:37 +0000 (15:14 +0100)]
doc: Note --quick-gen-key as an alias for --quick-generate-key

--

18 months agoscd: Support KDF Data Object of OpenPGPcard V3.3.
NIIBE Yutaka [Mon, 22 Jan 2018 10:46:14 +0000 (19:46 +0900)]
scd: Support KDF Data Object of OpenPGPcard V3.3.

* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

--

GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
19 months agogpg: Fix the use of future-default with --quick-add-key.
Werner Koch [Thu, 18 Jan 2018 12:38:23 +0000 (13:38 +0100)]
gpg: Fix the use of future-default with --quick-add-key.

* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback.  Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--

The problem here was that future-default gives the primary and subkey
algorithm.  However, when using future-default for adding a key, the
second part was always used which is for encryption.  If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.

  gpg --batch --passphrase "" --quick-add-key FPR future-default encr

aready worked as did

  gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign

but

  gpg --batch --passphrase "" --quick-add-key FPR future-default sign

does only work with this fix.

GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agodoc: Note pinentry-mode for passphrase opts
Andre Heinecke [Mon, 8 Jan 2018 18:09:28 +0000 (19:09 +0100)]
doc: Note pinentry-mode for passphrase opts

* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
19 months agogpg: Print all keys with --decrypt --list-only.
Werner Koch [Mon, 8 Jan 2018 08:30:31 +0000 (09:30 +0100)]
gpg: Print all keys with --decrypt --list-only.

* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Allow "futuredefault" as alias for "future-default".
Werner Koch [Mon, 1 Jan 2018 13:59:30 +0000 (14:59 +0100)]
gpg: Allow "futuredefault" as alias for "future-default".

* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string.  And while at it we also
allow case-insensitivity.

GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agogpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
Werner Koch [Fri, 29 Dec 2017 19:18:20 +0000 (20:18 +0100)]
gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.

* g10/keygen.c (gen_ecc): Map curve names.
--

See
https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html

Signed-off-by: Werner Koch <wk@gnupg.org>
19 months agoscd: Fix for inactive card at start by internal CCID driver.
NIIBE Yutaka [Wed, 27 Dec 2017 08:20:03 +0000 (17:20 +0900)]
scd: Fix for inactive card at start by internal CCID driver.

* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.

--

Many card readers automatically turn on inserted card, but some
defaults to turning off at start.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agobuild: Increase libassuan min version to 2.5.0
Kristian Fiskerstrand [Wed, 20 Dec 2017 20:12:01 +0000 (21:12 +0100)]
build: Increase libassuan min version to 2.5.0

--
assuan_sock_set_system_hooks is used unconditionally in gnupg since
commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d, and as such it requires
libassuan 2.5.0 (function introduced in
commit 90dc81682b13a7cf716a8a26b891051cbd4b0caf)

For a detailed description see:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-December/033323.html

20 months agokbx: Simplify by removing custom memory functions.
Werner Koch [Fri, 22 Dec 2017 11:55:32 +0000 (12:55 +0100)]
kbx: Simplify by removing custom memory functions.

* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agocommon: Use larger buffer for homedir in case of 64 bit UIDs.
Werner Koch [Wed, 20 Dec 2017 14:37:29 +0000 (15:37 +0100)]
common: Use larger buffer for homedir in case of 64 bit UIDs.

* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2acdc3b7f00711272aa51e5be2476921
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoPost release updates
Werner Koch [Wed, 20 Dec 2017 09:13:54 +0000 (10:13 +0100)]
Post release updates

--

20 months agoRelease 2.2.4 gnupg-2.2.4
Werner Koch [Wed, 20 Dec 2017 07:31:22 +0000 (08:31 +0100)]
Release 2.2.4

20 months agopo: Auto-update
Werner Koch [Wed, 20 Dec 2017 07:30:40 +0000 (08:30 +0100)]
po: Auto-update

--

20 months agopo: Update Czech translation
Petr Pisar [Tue, 19 Dec 2017 18:50:30 +0000 (19:50 +0100)]
po: Update Czech translation

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agopo: Update Russian translation
Ineiev [Wed, 13 Dec 2017 13:40:02 +0000 (13:40 +0000)]
po: Update Russian translation

20 months agowks: New server options --check, --with-dir, with-file.
Werner Koch [Tue, 19 Dec 2017 16:42:10 +0000 (17:42 +0100)]
wks: New server options --check, --with-dir, with-file.

* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
(opts): New options --check, --with-dir, and --with-file.
(main): Call command_check_key.
(command_list_domains): Implement option --with-dir.
(fname_from_userid): New.
(command_check_key): New.
(command_remove_key): Implement existsing command.
(command_revoke_key): Call command_remove_key as a simple
implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agopo: Auto-update
Werner Koch [Tue, 19 Dec 2017 11:39:25 +0000 (12:39 +0100)]
po: Auto-update

--

Mainly due to removed translations in debug messages.

20 months agopo: Fix a string in de and nl. Mark a string in ro and sk fuzzy.
Werner Koch [Tue, 19 Dec 2017 11:36:49 +0000 (12:36 +0100)]
po: Fix a string in de and nl.  Mark a string in ro and sk fuzzy.

--

These wrong translations are propably due to accidently removing a
fuzzy mark.

A German translation (gpgsm audit feature) was actually reversed.

A Dutch translation has an unused ": %s" at the end.

I am not 100% of the Romanian and Slovak strings, thus I marked them
as fuzzy.

GnuPG-bug-id: 3619
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoconf: New option --status-fd.
Werner Koch [Mon, 18 Dec 2017 16:46:05 +0000 (17:46 +0100)]
conf: New option --status-fd.

* tools/gpgconf.c (oStatusFD): New const.
(opts): New option --status-fd.
(statusfp): New var.
(set_status_fd): New.
(gpgconf_write_status): New.
(gpgconf_failure): New.
(main): Set status fd and replace exit by gpgconf_failure.
* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
(gc_process_gpgconf_conf): Print a few warning status messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agogpgconf: Show --compliance in expert mode.
Werner Koch [Mon, 18 Dec 2017 15:31:54 +0000 (16:31 +0100)]
gpgconf: Show --compliance in expert mode.

* tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
(gc_options_gpgsm): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agosm: Allow explicit setting of the default --compliance=gnupg
Werner Koch [Mon, 18 Dec 2017 11:05:02 +0000 (12:05 +0100)]
sm: Allow explicit setting of the default --compliance=gnupg

* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--

This is required so that we can use this option in in gpgconf.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agopo: Update Japanese translation.
NIIBE Yutaka [Mon, 18 Dec 2017 05:09:53 +0000 (14:09 +0900)]
po: Update Japanese translation.

* po/ja.po: Fix message with no "%s".

--

Backport of master commit from: 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agogpg: Print a warning for too much data encrypted with 3DES et al.
Werner Koch [Wed, 13 Dec 2017 12:02:34 +0000 (13:02 +0100)]
gpg: Print a warning for too much data encrypted with 3DES et al.

* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agogpg: Simplify cipher:write_header.
Werner Koch [Wed, 13 Dec 2017 10:58:51 +0000 (11:58 +0100)]
gpg: Simplify cipher:write_header.

* g10/cipher.c (write_header): Use write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoindent: Re-indent g10/cipher.c
Werner Koch [Wed, 13 Dec 2017 10:56:28 +0000 (11:56 +0100)]
indent: Re-indent g10/cipher.c

--

20 months agogpg: Simplify default_recipient().
Werner Koch [Wed, 13 Dec 2017 10:00:24 +0000 (11:00 +0100)]
gpg: Simplify default_recipient().

* g10/pkclist.c (default_recipient): Use hexfingerprint.
--

Note that on malloc failure this function now returns NULL instead of
terminating the process.  However, under memory pressure any function
called latter will very likely fail as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agogpg: Return an error from hexfingerprint on malloc error.
Werner Koch [Wed, 13 Dec 2017 09:52:34 +0000 (10:52 +0100)]
gpg: Return an error from hexfingerprint on malloc error.

* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agogpg: Remove some xmallocs.
Werner Koch [Wed, 13 Dec 2017 09:06:37 +0000 (10:06 +0100)]
gpg: Remove some xmallocs.

* g10/getkey.c (get_pubkeys): Do not use xmalloc.
--

We eventually need to get rid of all xmallocs so that gpg won't fail
easily when we make more use of the s server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoindent: Re-indent get_pubkeys.
Werner Koch [Wed, 13 Dec 2017 08:54:39 +0000 (09:54 +0100)]
indent: Re-indent get_pubkeys.

--

20 months agogpg: default-preference-list: prefer SHA512.
Daniel Kahn Gillmor [Thu, 28 Sep 2017 12:32:26 +0000 (08:32 -0400)]
gpg: default-preference-list: prefer SHA512.

* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
20 months agoChange backlog from 5 to 64 and provide option --listen-backlog.
Werner Koch [Tue, 12 Dec 2017 13:14:40 +0000 (14:14 +0100)]
Change backlog from 5 to 64 and provide option --listen-backlog.

* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agobuild: New configure option --enable-run-gnupg-user-socket.
Werner Koch [Tue, 12 Dec 2017 08:42:43 +0000 (09:42 +0100)]
build: New configure option --enable-run-gnupg-user-socket.

* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agodirmngr: Check for WKD support at session end
Werner Koch [Tue, 14 Nov 2017 15:24:12 +0000 (16:24 +0100)]
dirmngr: Check for WKD support at session end

* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d4e2302d8f4a1ff52d56da4f8e3a5d1c6303822d)

20 months agodirmngr: Add a background task framework.
Werner Koch [Tue, 14 Nov 2017 12:42:18 +0000 (13:42 +0100)]
dirmngr: Add a background task framework.

* dirmngr/workqueue.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
* dirmngr/server.c (server_local_s): New field session_id.
(cmd_wkd_get): Add a task.
(task_check_wkd_support): New stub function.
(cmd_getinfo): New sub-commands "session_id" and "workqueue".
(start_command_handler): Add arg session_id and store it in
SERVER_LOCAL.
(dirmngr_status_helpf): New.
* dirmngr/dirmngr.h (wqtask_t): New type.
* dirmngr/dirmngr.c (main): Pass 0 as session_id to
start_command_handler.
(start_connection_thread): Introduce a session_id and pass it to
start_command_handler.  Run post session tasks.
(housekeeping_thread): Run global workqueue tasks.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96a4fbecd1acf946dcde20bef4752c539dae196b)

20 months agodirmngr: Limit the number of cached domains for WKD.
Werner Koch [Tue, 14 Nov 2017 07:37:27 +0000 (08:37 +0100)]
dirmngr: Limit the number of cached domains for WKD.

* dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
(insert_or_update): Limit the length of a bucket chain.
(domaininfo_print_stats): Print just one summary line.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d)

20 months agodirmngr: Keep track of domains used for WKD queries
Werner Koch [Mon, 13 Nov 2017 15:09:32 +0000 (16:09 +0100)]
dirmngr: Keep track of domains used for WKD queries

* dirmngr/domaininfo.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
known and tell domaininfo about the results.
--

This adds a registry for domain information to eventually avoid
useless queries for domains which do not support WKD.  The missing
part is a background task to check whether a queried domain supports
WKD at all and to expire old entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 65038e6852185c20413d8f6602218ee636413b77)

20 months agodoc: Typo fix
Werner Koch [Mon, 11 Dec 2017 09:17:59 +0000 (10:17 +0100)]
doc: Typo fix

--

20 months agoRevert: build: Do not define logging.h constants for ...
Werner Koch [Fri, 8 Dec 2017 12:27:06 +0000 (13:27 +0100)]
Revert: build: Do not define logging.h constants for ...

---

This reverts commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10.

We better solve this on the libgpg-error side.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agodoc: Fix Dijkstra
Werner Koch [Fri, 8 Dec 2017 06:38:18 +0000 (07:38 +0100)]
doc: Fix Dijkstra

--

Edsger Wybe Dijkstra (1930 --2002)
  - Dutch computer scientist

20 months agoagent: Fix description of shadow format.
NIIBE Yutaka [Fri, 8 Dec 2017 00:19:50 +0000 (09:19 +0900)]
agent: Fix description of shadow format.

* agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.

--

https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029680.html

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agospeedo,w32: Disable FLTK pinentry.
Werner Koch [Thu, 7 Dec 2017 15:29:29 +0000 (16:29 +0100)]
speedo,w32: Disable FLTK pinentry.

--

20 months agobuild: Do not define logging.h constants for libgpg-error dev versions.
Werner Koch [Thu, 7 Dec 2017 13:53:49 +0000 (14:53 +0100)]
build: Do not define logging.h constants for libgpg-error dev versions.

* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
constants.
--

logging.h uses constants we plan to use for future versions of
libgpg-error.  My dev version already has the logging functions and
thus I run into a conflict.  This patch protects against this and make
the GnuPG work with later libgpg-error versions.

It was not the best idea to use constants from a planned libgpg-error
in the first place.  The actual problem are the enums, the macros
won't harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoagent: Change intialization of assuan socket system hooks.
NIIBE Yutaka [Thu, 7 Dec 2017 13:33:58 +0000 (14:33 +0100)]
agent: Change intialization of assuan socket system hooks.

* agent/gpg-agent.c (initialize_modules): Add hook again.
(main): Remove setting of the system houk but add scoket system hook
setting after assuan initialization.
--

Thread initialization is better to be deferred after fork (in case of
UNIX).  assuan_sock_init should be earlier.  Thus, we need to change
system hooks for assuan_sock_* interface.  Or else, on Windows, it may
cause hang on server.

Updates-commit: 1524ba9656f0205d8c6ef504f773b832a7a12ab9
GnuPG-bug-id: 3378
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoagent: Set assuan system hooks before call of assuan_sock_init.
NIIBE Yutaka [Wed, 6 Dec 2017 02:20:51 +0000 (11:20 +0900)]
agent: Set assuan system hooks before call of assuan_sock_init.

* agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
(main): ... here, just before assuan_sock_init.

--

In Assuan, global variable SOCK_CTX is used internally, which is
initialized by assuan_sock_init.  When initialized, system hooks
are copied into SOCK_CTX structure.  Thus, system hooks should
be set, before the call of assuan_sock_init.

GnuPG-bug-id: 3378
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agog10: Fix regexp sanitization.
NIIBE Yutaka [Thu, 9 Nov 2017 05:03:22 +0000 (14:03 +0900)]
g10: Fix regexp sanitization.

* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

Backport from master commit:
ccf3ba92087e79abdeaa0208795829b431c6f201

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
20 months agodoc: clarify that --encrypt refers to public key encryption
Daniel Kahn Gillmor [Fri, 17 Nov 2017 02:17:08 +0000 (10:17 +0800)]
doc: clarify that --encrypt refers to public key encryption

--

A simple read of gpg(1) is ambiguous about whether --encrypt could be
for either symmetric or pubkey encryption.  Closer inference suggests
that --encrypt is about pubkey encryption only.  Make that clearer on
a first read.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
20 months agogpg: Do not read from uninitialized memory with --list-packets.
Werner Koch [Sun, 26 Nov 2017 17:33:49 +0000 (18:33 +0100)]
gpg: Do not read from uninitialized memory with --list-packets.

* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
--

This actually does not harm because we merely display a buffer
allocated by ourselves.  However, we better tell Valgrind about it so
that we don't need to track this thing down ever again.

Test using a corrupted literal data packet:

  echo cb 0a 75 ff 59 ae 90 d5  74 65 73 74 | \
    undump |\
    valgrind gpg --list-packets >/dev/null

Reported-by: Sebastian Schinzel
Signed-off-by: Werner Koch <wk@gnupg.org>
20 months agoagent: New option --auto-expand-secmem.
Werner Koch [Fri, 24 Nov 2017 09:30:25 +0000 (10:30 +0100)]
agent: New option --auto-expand-secmem.

* agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
(opts): New option --auto-expand-secmem.
(main): Implement that option.
--

Note that this option has an effect only if Libgcrypt >= 1.8.2 is
used.

GnuPG-bug-id: 3530

20 months agobuild: Update distsigkey.gpg
Werner Koch [Wed, 22 Nov 2017 19:54:39 +0000 (20:54 +0100)]
build: Update distsigkey.gpg

--

20 months agogpg: Fix memory leaking for long inputs via --command-fd.
Werner Koch [Wed, 22 Nov 2017 19:54:07 +0000 (20:54 +0100)]
gpg: Fix memory leaking for long inputs via --command-fd.

* g10/cpr.c (do_get_from_fd): Free the old buffer.
--

If the received input is longer than 200 characters we used to leak
the previous allocated buffer.

GnuPG-bug-id: 3528
Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agoscd: Enable card removal check after select_application.
NIIBE Yutaka [Tue, 21 Nov 2017 02:52:54 +0000 (11:52 +0900)]
scd: Enable card removal check after select_application.

* scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
* scd/app.c (select_application): Always kick the loop if new APP.
* scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
(ccid_slot_status): Setup interrupt transfer when !ON_WIRE.

--

We can use the interrupt transfer to be notified about card status
change.  In this case, we don't need to issue PC_to_RDR_GetSlotStatus
command.  This change improve the setup the notification; it should be
done after registration of APP.

When the setup is done just after opening the USB connection (before
issuing PC_to_RDR_IccPowerOn), a reader might notifies about no card
availability (because of not yet powered on), even though the card is
ready to be powered on.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
21 months agoPost release updates
Werner Koch [Mon, 20 Nov 2017 12:35:36 +0000 (13:35 +0100)]
Post release updates

--

21 months agoRelease 2.2.3 gnupg-2.2.3
Werner Koch [Mon, 20 Nov 2017 11:39:16 +0000 (12:39 +0100)]
Release 2.2.3