[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.21-23-g210546f

by Werner Koch cvs at cvs.gnupg.org
Fri Oct 4 21:06:51 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  210546ff68c2f0d35ac4c18b9ebc6bc1fdfe73de (commit)
       via  a4b7e2e44816e93633c08f379862165ae9a034ed (commit)
       via  0bf54e60d31389812d05c3fd29bece876204561d (commit)
       via  1f842011f611625c8a5fd852d5a2b4bd13e4b563 (commit)
      from  7cae002b0c94c80ac8fefb55295819716f312094 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 210546ff68c2f0d35ac4c18b9ebc6bc1fdfe73de
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 4 19:39:33 2013 +0200

    Release 2.0.22.

diff --git a/NEWS b/NEWS
index 163cc46..f38fed4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,14 @@
-Noteworthy changes in version 2.0.22 (unreleased)
+Noteworthy changes in version 2.0.22 (2013-10-04)
 -------------------------------------------------
 
- * Fixed bug with deeply nested compressed packets.
+ * Fixed possible infinite recursion in the compressed packet
+   parser. [CVE-2013-4402]
+
+ * Improved support for some card readers.
+
+ * Prepared building with the forthcoming Libgcrypt 1.6.
+
+ * Protect against rogue keyservers sending secret keys.
 
 
 Noteworthy changes in version 2.0.21 (2013-08-19)

commit a4b7e2e44816e93633c08f379862165ae9a034ed
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 4 19:09:36 2013 +0200

    doc: Update from master

diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index f832b8e..bfb1d93 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -897,10 +897,15 @@ Here is an example session:
    C: D    (b 3F444677CA)))
    C: END
    S: # session key follows
+   S: S PADDING 0
    S: D (value 1234567890ABCDEF0)
    S: OK descryption successful
 @end example
 
+The “PADDING” status line is only send if gpg-agent can tell what kind
+of padding is used.  As of now only the value 0 is used to indicate
+that the padding has been removed.
+
 
 @node Agent PKSIGN
 @subsection Signing a Hash
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a88ddca..c588d7a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -252,6 +252,14 @@ signed stuff from STDIN, use @samp{-} as the second filename.  For
 security reasons a detached signature cannot read the signed material
 from STDIN without denoting it in the above way.
 
+Note: When verifying a cleartext signature, @command{gpg} verifies
+only what makes up the cleartext signed data and not any extra data
+outside of the cleartext signature or header lines following directly
+the dash marker line.  The option @code{--output} may be used to write
+out the actual signed data; but there are other pitfalls with this
+format as well.  It is suggested to avoid cleartext signatures in
+favor of detached signatures.
+
 @item --multifile
 @opindex multifile
 This modifies certain other commands to accept multiple files for
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index f454f14..1a4b6d7 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -600,6 +600,10 @@ using the command
 
 where @var{keyid} is the hexified ID of the key to be used.
 
+If the card is ware of the apdding format a status line with padding
+information is send before the plaintext data.  The key for this
+status line is @code{PADDING} with the only defined value being 0 and
+meaning padding has been removed.
 
 @node Scdaemon GETATTR
 @subsection Read an attribute's value.

commit 0bf54e60d31389812d05c3fd29bece876204561d
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 4 18:34:56 2013 +0200

    gpg: Print a "not found" message for an unknown key in --key-edit.
    
    * g10/keyedit.c (keyedit_menu): Print message.
    --
    
    GnuPG-bug-id: 1420
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/keyedit.c b/g10/keyedit.c
index 76830f0..3470257 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1568,7 +1568,11 @@ keyedit_menu( const char *username, strlist_t locusr,
     /* Get the public key */
     rc = get_pubkey_byname (NULL, NULL, username, &keyblock, &kdbhd, 1, 1);
     if( rc )
+      {
+        log_error (_("key \"%s\" not found: %s\n"), username, g10_errstr (rc));
 	goto leave;
+      }
+
     if( fix_keyblock( keyblock ) )
 	modified++;
     if( collapse_uids( &keyblock ) )

commit 1f842011f611625c8a5fd852d5a2b4bd13e4b563
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 4 18:01:40 2013 +0200

    gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
    
    * g10/misc.c (print_pubkey_algo_note): Map the algo.
    (openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
    (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
    (pubkey_get_nenc): Return 0 for ECC algorithms.
    --
    
    Libgcrypt 1.6 features algorithm 18 (generic ECC).  Because of the
    missing mapping and no real support for the OpenPGP ECC format, this
    led to parsing errors of ECC packets.  We better better explicitly
    tell gpg that we ECC is not supported.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/misc.c b/g10/misc.c
index 6e9b31e..9d3ee1e 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
 	{
 	  warn=1;
 	  log_info (_("WARNING: using experimental public key algorithm %s\n"),
-		    gcry_pk_algo_name (algo));
+		    gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)));
 	}
     }
   else if (algo == 20)
@@ -442,7 +442,7 @@ openpgp_pk_test_algo( int algo )
 
   if (algo < 0 || algo > 110)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
-  return gcry_pk_test_algo (algo);
+  return gcry_pk_test_algo (map_pk_openpgp_to_gcry (algo));
 }
 
 int
@@ -460,7 +460,8 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
   if (algo < 0 || algo > 110)
     return gpg_error (GPG_ERR_PUBKEY_ALGO);
 
-  return gcry_pk_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, &use_buf);
+  return gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                            GCRYCTL_TEST_ALGO, NULL, &use_buf);
 }
 
 int
@@ -1324,9 +1325,16 @@ pubkey_get_npkey( int algo )
 {
   size_t n;
 
+  /* ECC is special in that domain parameters are given by an OID.  */
+  if (algo == PUBKEY_ALGO_ECDSA)
+    return 0; /* We don't support the key format.  */
+  else if (algo == PUBKEY_ALGO_ECDH)
+    return 0; /* We don't support the key format.  */
+
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
-  if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
+  if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                         GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
     n = 0;
   return n;
 }
@@ -1337,9 +1345,16 @@ pubkey_get_nskey( int algo )
 {
   size_t n;
 
+  /* ECC is special in that domain parameters are given by an OID.  */
+  if (algo == PUBKEY_ALGO_ECDSA)
+    return 0; /* We don't support the key format.  */
+  else if (algo == PUBKEY_ALGO_ECDH)
+    return 0; /* We don't support the key format.  */
+
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
-  if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
+  if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                         GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
     n = 0;
   return n;
 }
@@ -1350,9 +1365,16 @@ pubkey_get_nsig( int algo )
 {
   size_t n;
 
+  /* ECC is special.  */
+  if (algo == PUBKEY_ALGO_ECDSA)
+    return 0;  /* We don't support the key format.  */
+  else if (algo == PUBKEY_ALGO_ECDH)
+    return 0;
+
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
-  if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
+  if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                         GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
     n = 0;
   return n;
 }
@@ -1363,9 +1385,16 @@ pubkey_get_nenc( int algo )
 {
   size_t n;
 
+  /* ECC is special.  */
+  if (algo == PUBKEY_ALGO_ECDSA)
+    return 0;
+  else if (algo == PUBKEY_ALGO_ECDH)
+    return 0;  /* We don't support the key format.  */
+
   if (algo == GCRY_PK_ELG_E)
     algo = GCRY_PK_ELG;
-  if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
+  if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
+                         GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
     n = 0;
   return n;
 }

-----------------------------------------------------------------------

Summary of changes:
 NEWS               |   11 +++++++++--
 doc/gpg-agent.texi |    5 +++++
 doc/gpg.texi       |    8 ++++++++
 doc/scdaemon.texi  |    4 ++++
 g10/keyedit.c      |    4 ++++
 g10/misc.c         |   43 ++++++++++++++++++++++++++++++++++++-------
 6 files changed, 66 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list