[git] GnuPG - branch, master, updated. gnupg-2.1.7-63-g9ba4ccd
by Werner Koch
cvs at cvs.gnupg.org
Tue Sep 1 07:43:45 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9ba4ccdaf5e128fbea51ff142c63d4b359c7264d (commit)
via f9c83d84e7d33df76898975f5ac852efa9c4882a (commit)
via 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952 (commit)
via bc23e69b70191f887dcb937007833d0187af181f (commit)
via 836a3e4315478236bcac126a79b9cdf3c3f1d3b6 (commit)
from 04a6b903d0354be2c69c7f2c98987de17d68416e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9ba4ccdaf5e128fbea51ff142c63d4b359c7264d
Author: Werner Koch <wk at gnupg.org>
Date: Tue Sep 1 07:39:28 2015 +0200
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 689241f..8868620 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1964,7 +1964,7 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret,
err = gpg_error (GPG_ERR_INV_SEXP);
goto out;
}
- if (*p_elems == 'q')
+ if (*p_elems == 'q' && datalen)
{ /* Remove the prefix 0x40. */
data++;
datalen--;
commit f9c83d84e7d33df76898975f5ac852efa9c4882a
Author: Werner Koch <wk at gnupg.org>
Date: Tue Sep 1 00:07:24 2015 +0200
gpg: Remove option --no-sig-create-check.
* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a5cbafd..9d62afb 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1629,15 +1629,6 @@ modifications, you can use this option to disable the caching. It
probably does not make sense to disable it because all kind of damage
can be done if someone else has write access to your public keyring.
- at item --no-sig-create-check
- at opindex no-sig-create-check
-GnuPG normally verifies each signature right after creation to protect
-against bugs and hardware malfunctions which could leak out bits from
-the secret key. This extra verification needs some time (about 115%
-for DSA keys), and so this option can be used to disable it.
-However, due to the fact that the signature creation needs manual
-interaction, this performance penalty does not matter in most settings.
-
@item --auto-check-trustdb
@itemx --no-auto-check-trustdb
@opindex auto-check-trustdb
diff --git a/g10/gpg.c b/g10/gpg.c
index e6fb42e..9454b53 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -337,7 +337,6 @@ enum cmd_and_opt_values
oFixedListMode,
oLegacyListMode,
oNoSigCache,
- oNoSigCreateCheck,
oAutoCheckTrustDB,
oNoAutoCheckTrustDB,
oPreservePermissions,
@@ -727,7 +726,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAutoKeyRetrieve, "auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoAutoKeyRetrieve, "no-auto-key-retrieve", "@"),
ARGPARSE_s_n (oNoSigCache, "no-sig-cache", "@"),
- ARGPARSE_s_n (oNoSigCreateCheck, "no-sig-create-check", "@"),
ARGPARSE_s_n (oMergeOnly, "merge-only", "@" ),
ARGPARSE_s_n (oAllowSecretKeyImport, "allow-secret-key-import", "@"),
ARGPARSE_s_n (oTryAllSecrets, "try-all-secrets", "@"),
@@ -2990,7 +2988,6 @@ main (int argc, char **argv)
}
break;
case oNoSigCache: opt.no_sig_cache = 1; break;
- case oNoSigCreateCheck: opt.no_sig_create_check = 1; break;
case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
diff --git a/g10/options.h b/g10/options.h
index 465c5b2..fd2f4a2 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -191,7 +191,6 @@ struct
int try_all_secrets;
int no_expensive_trust_checks;
int no_sig_cache;
- int no_sig_create_check;
int no_auto_check_trustdb;
int preserve_permissions;
int no_homedir_creation;
diff --git a/g10/sign.c b/g10/sign.c
index afc117e..7a8d697 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -294,8 +294,13 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig,
/* Check that the signature verification worked and nothing is
* fooling us e.g. by a bug in the signature create code or by
- * deliberately introduced faults. */
- if (!err && !opt.no_sig_create_check)
+ * deliberately introduced faults. Because Libgcrypt 1.7 does this
+ * for RSA internally there is no need to do it here again. */
+ if (!err
+#if GCRYPT_VERSION_NUMBER >= 0x010700 /* Libgcrypt >= 1.7 */
+ && !is_RSA (pksk->pubkey_algo)
+#endif /* Libgcrypt >= 1.7 */
+ )
{
PKT_public_key *pk = xmalloc_clear (sizeof *pk);
commit 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
Author: Werner Koch <wk at gnupg.org>
Date: Mon Aug 31 20:29:28 2015 +0200
common: Assume an utf-8 locale on iconv errors.
* common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/common/utf8conv.c b/common/utf8conv.c
index 99cfc2d..a912b82 100644
--- a/common/utf8conv.c
+++ b/common/utf8conv.c
@@ -127,12 +127,10 @@ handle_iconv_error (const char *to, const char *from, int use_fallback)
if (use_fallback)
{
- /* To avoid further error messages we fallback to Latin-1 for the
- native encoding. This is justified as one can expect that on a
- utf-8 enabled system nl_langinfo() will work and thus we won't
- never get to here. Thus Latin-1 seems to be a reasonable
- default. */
- active_charset_name = "iso-8859-1";
+ /* To avoid further error messages we fallback to UTF-8 for the
+ native encoding. Nowadays this seems to be the best bet in
+ case of errors from iconv or nl_langinfo. */
+ active_charset_name = "utf-8";
no_translation = 0;
use_iconv = 0;
}
commit bc23e69b70191f887dcb937007833d0187af181f
Author: Werner Koch <wk at gnupg.org>
Date: Mon Aug 31 20:21:43 2015 +0200
common: Fix regression in building argpase.c standalone.
* common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.
diff --git a/common/argparse.c b/common/argparse.c
index e9d98f0..53c20fc 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -123,6 +123,13 @@ my_log_bug (const char *fmt, ...)
abort ();
}
+/* Return true if the native charset is utf-8. */
+static int
+is_native_utf8 (void)
+{
+ return 1;
+}
+
static char *
my_trim_spaces (char *str)
{
commit 836a3e4315478236bcac126a79b9cdf3c3f1d3b6
Author: Werner Koch <wk at gnupg.org>
Date: Fri Aug 28 05:05:37 2015 +0200
Typo fixes
--
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 86726b3..a5cbafd 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -567,7 +567,7 @@ may be used.
@item --gen-key
@opindex gen-key
-Generate a new key pair using teh current default parameters. This is
+Generate a new key pair using the current default parameters. This is
the standard command to create a new key.
@item --full-gen-key
diff --git a/scd/command.c b/scd/command.c
index 1cc580a..41a150b 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -59,7 +59,7 @@
#define set_error(e,t) assuan_set_error (ctx, gpg_error (e), (t))
-/* Macro to flag a removed card. ENODEV is also tested to catch teh
+/* Macro to flag a removed card. ENODEV is also tested to catch the
case of a removed reader. */
#define TEST_CARD_REMOVAL(c,r) \
do { \
-----------------------------------------------------------------------
Summary of changes:
agent/command-ssh.c | 2 +-
common/argparse.c | 7 +++++++
common/utf8conv.c | 10 ++++------
doc/gpg.texi | 11 +----------
g10/gpg.c | 3 ---
g10/options.h | 1 -
g10/sign.c | 9 +++++++--
scd/command.c | 2 +-
8 files changed, 21 insertions(+), 24 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list