[svn] GnuPG - r4280 - in branches/STABLE-BRANCH-1-4: . cipher g10 m4
svn author wk
cvs at cvs.gnupg.org
Mon Oct 2 15:22:30 CEST 2006
Author: wk
Date: 2006-10-02 15:22:27 +0200 (Mon, 02 Oct 2006)
New Revision: 4280
Added:
branches/STABLE-BRANCH-1-4/m4/autobuild.m4
Modified:
branches/STABLE-BRANCH-1-4/ChangeLog
branches/STABLE-BRANCH-1-4/NEWS
branches/STABLE-BRANCH-1-4/README
branches/STABLE-BRANCH-1-4/cipher/sha256.c
branches/STABLE-BRANCH-1-4/configure.ac
branches/STABLE-BRANCH-1-4/g10/ChangeLog
branches/STABLE-BRANCH-1-4/g10/encr-data.c
branches/STABLE-BRANCH-1-4/m4/ChangeLog
branches/STABLE-BRANCH-1-4/m4/Makefile.am
Log:
fix for bug 537 and documentation fixes.
Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/ChangeLog 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,3 +1,9 @@
+2006-10-02 Werner Koch <wk at g10code.com>
+
+ * README: Add information about the forthcoming GnuPG 2.0.
+
+ * configure.ac (AB_INIT): New.
+
2006-09-28 David Shaw <dshaw at jabberwocky.com>
* configure.ac: Move strsep to AC_REPLACE_FUNCS so it will end up
Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/NEWS 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,7 +1,10 @@
Noteworthy changes in version 1.4.6
------------------------------------------------
+ * Fixed a bug while decrypting certain compressed and encrypted
+ messages. See http://bugs.gnupg.org/537 .
+
Noteworthy changes in version 1.4.5 (2006-08-01)
------------------------------------------------
Modified: branches/STABLE-BRANCH-1-4/README
===================================================================
--- branches/STABLE-BRANCH-1-4/README 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/README 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,7 +1,7 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.5
+ Version 1.4.6
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006 Free Software Foundation, Inc.
@@ -748,17 +748,18 @@
and BZ2) are universal.
- GnuPG 1.4 and GnuPG 1.9
+ GnuPG 1.4 and GnuPG 2.0
-----------------------
- GnuPG 1.4 is the stable version of GnuPG; GnuPG 1.9 is the
- development branch. However, large parts of GnuPG 1.9 are also
- considered to be stable and useful. In particular the tools
- "gpg-agent" (private key operations and passphrase caching) and
- "gpgsm" (S/MIME cousin of "gpg") are considered stable. Both
- packages (1.4.x and 1.9.x) may be installed at the same time and
- it is actually suggested to do this if you need S/MIME support or
- want to make use of gpg-agent.
+ GnuPG 2.0 is a newer version of GnuPG with additional support for
+ S/MIME. It has a different design philosophy that splits
+ functionality up into several modules. Both versions may be
+ installed simultaneously without any conflict (gpg is called gpg2
+ in GnuPG 2). In fact, the gpg version from GnuPG 1.4 is able to
+ make use of the gpg-agent as included in GnuPG 2 and allows for
+ seamless passphrase caching. The advantage of GnupG 1.4 is its
+ smaller size and no dependency on other modules at run and build
+ time.
How to Get More Information
Modified: branches/STABLE-BRANCH-1-4/configure.ac
===================================================================
--- branches/STABLE-BRANCH-1-4/configure.ac 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/configure.ac 2006-10-02 13:22:27 UTC (rev 4280)
@@ -43,6 +43,7 @@
AC_CONFIG_SRCDIR(g10/gpg.c)
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([std-options])
+AB_INIT
AM_CONFIG_HEADER(config.h)
AC_GNU_SOURCE
Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,3 +1,8 @@
+2006-10-02 Werner Koch <wk at g10code.com>
+
+ * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC
+ right here and don't let parse-packet handle the MDC.
+
2006-08-21 Werner Koch <wk at g10code.com>
* skclist.c (is_insecure): Also test for uppercase version of the
Modified: branches/STABLE-BRANCH-1-4/g10/encr-data.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/encr-data.c 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/g10/encr-data.c 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,5 +1,6 @@
/* encr-data.c - process an encrypted data packet
- * Copyright (C) 1998, 1999, 2000, 2001, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2005,
+ * 2006 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -41,7 +42,7 @@
typedef struct {
CIPHER_HANDLE cipher_hd;
MD_HANDLE mdc_hash;
- char defer[20];
+ char defer[22];
int defer_filled;
int eof_seen;
} decode_filter_ctx_t;
@@ -146,12 +147,30 @@
if( ed->mdc_method && dfx.eof_seen == 2 )
rc = G10ERR_INVALID_PACKET;
else if( ed->mdc_method ) { /* check the mdc */
+ /* We used to let parse-packet.c handle the MDC packet but
+ this turned out to be a problem with compressed packets:
+ With old style packets there is no length information
+ available and the decompressor uses an implicit end.
+ However we can't know this implicit end beforehand (:-) and
+ thus may feed the decompressor with more bytes than
+ actually needed. It would be possible to unread the extra
+ bytes but due to our weird iobuf system any unread is non
+ reliable due to filters already popped off. The easy and
+ sane solution is to care about the MDC packet only here and
+ never pass it to the packet parser. Fortunatley the
+ OpenPGP spec requires a strict format for the MDC packet so
+ that we know that 22 bytes are appended. */
int datalen = md_digest_length( ed->mdc_method );
- cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20);
+ cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 22);
+ md_write (dfx.mdc_hash, dfx.defer, 2);
md_final( dfx.mdc_hash );
- if( datalen != 20
- || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
+ if (dfx.defer[0] != '\xd3' || dfx.defer[1] != '\x14' ) {
+ log_error("mdc_packet with invalid encoding\n");
+ rc = G10ERR_INVALID_PACKET;
+ }
+ else if ( datalen != 20
+ || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer+2, datalen) )
rc = G10ERR_BAD_SIGN;
/*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/
/*log_hexdump("MDC message :", dfx.defer, 20);*/
@@ -182,23 +201,23 @@
}
else if( control == IOBUFCTRL_UNDERFLOW ) {
assert(a);
- assert( size > 40 );
+ assert( size > 44 );
/* get at least 20 bytes and put it somewhere ahead in the buffer */
- for(n=20; n < 40 ; n++ ) {
+ for(n=22; n < 44 ; n++ ) {
if( (c = iobuf_get(a)) == -1 )
break;
buf[n] = c;
}
- if( n == 40 ) {
+ if( n == 44 ) {
/* we have enough stuff - flush the deferred stuff */
/* (we have asserted that the buffer is large enough) */
if( !dfx->defer_filled ) { /* the first time */
- memcpy(buf, buf+20, 20 );
- n = 20;
+ memcpy(buf, buf+22, 22 );
+ n = 22;
}
else {
- memcpy(buf, dfx->defer, 20 );
+ memcpy(buf, dfx->defer, 22 );
}
/* now fill up */
for(; n < size; n++ ) {
@@ -206,22 +225,22 @@
break;
buf[n] = c;
}
- /* move the last 20 bytes back to the defer buffer */
- /* (okay, we are wasting 20 bytes of supplied buffer) */
- n -= 20;
- memcpy( dfx->defer, buf+n, 20 );
+ /* Move the last 22 bytes back to the defer buffer. */
+ /* (okay, we are wasting 22 bytes of supplied buffer) */
+ n -= 22;
+ memcpy( dfx->defer, buf+n, 22 );
dfx->defer_filled = 1;
}
else if( !dfx->defer_filled ) { /* eof seen buf empty defer */
/* this is bad because there is an incomplete hash */
- n -= 20;
- memcpy(buf, buf+20, n );
+ n -= 22;
+ memcpy(buf, buf+22, n );
dfx->eof_seen = 2; /* eof with incomplete hash */
}
else { /* eof seen */
- memcpy(buf, dfx->defer, 20 );
- n -= 20;
- memcpy( dfx->defer, buf+n, 20 );
+ memcpy (buf, dfx->defer, 22 );
+ n -= 22;
+ memcpy( dfx->defer, buf+n, 22 );
dfx->eof_seen = 1; /* normal eof */
}
Modified: branches/STABLE-BRANCH-1-4/m4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/m4/ChangeLog 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/m4/ChangeLog 2006-10-02 13:22:27 UTC (rev 4280)
@@ -1,3 +1,7 @@
+2006-10-02 Werner Koch <wk at g10code.com>
+
+ * autobuild.m4: New.
+
2006-07-12 David Shaw <dshaw at jabberwocky.com>
* tar-ustar.m4: Use dd instead of strings as it's more likely to
Modified: branches/STABLE-BRANCH-1-4/m4/Makefile.am
===================================================================
--- branches/STABLE-BRANCH-1-4/m4/Makefile.am 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/m4/Makefile.am 2006-10-02 13:22:27 UTC (rev 4280)
@@ -6,5 +6,6 @@
po.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 \
readline.m4 libcurl.m4 libusb.m4 tar-ustar.m4 \
ldap.m4 \
- noexecstack.m4
+ noexecstack.m4 autobuild.m4
+
Added: branches/STABLE-BRANCH-1-4/m4/autobuild.m4
===================================================================
--- branches/STABLE-BRANCH-1-4/m4/autobuild.m4 2006-10-02 11:54:35 UTC (rev 4279)
+++ branches/STABLE-BRANCH-1-4/m4/autobuild.m4 2006-10-02 13:22:27 UTC (rev 4280)
@@ -0,0 +1,34 @@
+# autobuild.m4 serial 2 (autobuild-3.3)
+# Copyright (C) 2004 Simon Josefsson
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# This file can can be used in projects which are not available under
+# the GNU General Public License or the GNU Library General Public
+# License but which still want to provide support for Autobuild.
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+ AC_REQUIRE([AC_CANONICAL_BUILD])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
+ AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
+ hostname=`hostname`
+ if test "$hostname"; then
+ AC_MSG_NOTICE([autobuild hostname... $hostname])
+ fi
+ ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ AC_MSG_NOTICE([autobuild timestamp... $date])
+ fi
+])
More information about the Gnupg-commits
mailing list