1. 13 Apr, 2018 2 commits
  2. 22 Feb, 2018 11 commits
  3. 21 Feb, 2018 2 commits
  4. 20 Feb, 2018 4 commits
  5. 19 Feb, 2018 1 commit
    • Werner Koch's avatar
      speedo: Add new option STATIC=1 · 7b928c25
      Werner Koch authored
      This can be used to build GnuPG with static versions of the core
      gnupg libraries.  For example:
       make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
           INSTALL_PREFIX=/somewhere/gnupg22  native
      The SELFCHECK=0 is only needed to build from a non-released version.
      You don't need it with a released tarball.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
  6. 15 Feb, 2018 2 commits
    • Werner Koch's avatar
      kbx: Fix detection of corrupted keyblocks on 32 bit systems. · 5e3679ae
      Werner Koch authored
      * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
      (blob_cmp_fpr_part): Ditto.
      (blob_cmp_name): Ditto.
      (blob_cmp_mail): Ditto.
      (blob_x509_has_grip): Ditto.
      (keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
      (keybox_get_cert): Ditto.
      On most 32 bit systems size_t is 32 bit and thus the check
        size_t cert_off = get32 (buffer+8);
        size_t cert_len = get32 (buffer+12);
        if (cert_off+cert_len > length)
          return gpg_error (GPG_ERR_TOO_SHORT);
      does not work as intended for all supplied values.  The simplest
      solution here is to cast them to 64 bit.
      In general it will be better to avoid size_t at all and work with
      uint64_t.  We did not do this in the past because uint64_t was not
      universally available.
      GnuPG-bug-id: 3770
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
    • NIIBE Yutaka's avatar
      gpg: Fix reversed messages for --only-sign-text-ids. · ca138d5b
      NIIBE Yutaka authored
      * g10/keyedit.c (keyedit_menu): Fix messages.
      GnuPG-bug-id: 3787
      Fixes-commit: a74aeb5dSigned-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
  7. 14 Feb, 2018 4 commits
    • Katsuhiro Ueno's avatar
      agent: Avoid appending a '\0' byte to the response of READKEY · df97fe24
      Katsuhiro Ueno authored
      * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
      without an extra '\0' byte.
    • Werner Koch's avatar
      sm: Fix minor memory leak in --export-p12. · 80719612
      Werner Koch authored
      * sm/export.c (gpgsm_p12_export): Free KEYGRIP.
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
    • Katsuhiro Ueno's avatar
      sm: Fix a wrong key parameter in an exported private key file · 29aac779
      Katsuhiro Ueno authored
      * sm/export.c (sexp_to_kparms): Fix the computation of array[6],
      which must be 'd mod (q-1)' but was 'p mod (q-1)'.
      This bug is not serious but makes some consistency checks fail.
      For example, 'openssl rsa -check' reports the following error:
      $ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
      $ openssl rsa -check -noout -inform DER -in my.key
      RSA key error: dmq1 not congruent to d
      Let me(wk) add this:
      This bug was introduced with
      Fixes-commit: 91056b19
      right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
      used gpg-protect-tool which got it right.  We probably never noticed
      this because gpgsm, and maybe other tools too, fix things up during
      Signed-off-by: 's avatarWerner Koch <wk@gnupg.org>
    • Werner Koch's avatar
      common: Use new function to print status strings. · f19ff78f
      Werner Koch authored
      * common/asshelp2.c (vprint_assuan_status_strings): New.
      (print_assuan_status_strings): New.
      * agent/command.c (agent_write_status): Replace by call to new
      * dirmngr/server.c (dirmngr_status): Ditto.
      * g13/server.c (g13_status): Ditto.
      * g13/sh-cmd.c (g13_status): Ditto.
      * sm/server.c (gpgsm_status2): Ditto.
      * scd/command.c (send_status_info): Bump up N.
      This fixes a potential overflow if LFs are passed to the status
      string functions.  This is actually not the case and would be wrong
      because neither the truncating in libassuan or our escaping is not the
      Right Thing.  In any case the functions need to be more robust and
      comply to the promised interface.  Thus the code has been factored out
      to a helper function and N has been bumped up correctly and checked in
      all cases.
      For some uses this changes the behaviour in the error case (i.e. CR or
      LF passed): It will now always be C-escaped and not passed to
      libassuan which would truncate the line at the first LF.
      Reported-by: private_pers
  8. 13 Feb, 2018 1 commit
  9. 12 Feb, 2018 1 commit
    • NIIBE Yutaka's avatar
      scd: Fix handling for Data Object with no data. · 0a3bec2c
      NIIBE Yutaka authored
      * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
      with no data.
      When GET_DATA returns no data with success (90 00), this routine
      firstly returned buffer with length zero, and secondly (with cache)
      returned NULL, which is inconsistent.  Now, it returns NULL for both
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
  10. 09 Feb, 2018 3 commits
  11. 08 Feb, 2018 1 commit
  12. 07 Feb, 2018 1 commit
    • NIIBE Yutaka's avatar
      scd: Use pipe to kick the loop on NetBSD. · 015fe1c4
      NIIBE Yutaka authored
      * configure.ac (HAVE_PSELECT_NO_EINTR): New.
      * scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
      (handle_connections): Use pipe.
      On NetBSD, signal to the same process cannot unblock pselect,
      with unknown reason.  Use pipe instead, for such systems.
      GnuPG-bug-id: 3778
      Signed-off-by: NIIBE Yutaka's avatarNIIBE Yutaka <gniibe@fsij.org>
  13. 06 Feb, 2018 5 commits
  14. 01 Feb, 2018 1 commit
  15. 29 Jan, 2018 1 commit