[git] GnuPG - branch, master, updated. gnupg-2.2.6-122-g1793f2c
by Werner Koch
cvs at cvs.gnupg.org
Tue Apr 10 10:38:21 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 1793f2c46a1ae8befb4d2046c9f3da6e2c685e43 (commit)
via 36373798c0955241288fb4aec103830106dd7e1f (commit)
via 9f69dbeb902ac447adbc92937cd451c4e909f234 (commit)
via 381c46818ffa4605d0ca39818fe317de445eb6de (commit)
via 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8 (commit)
via 30081d2851e06944a892a66b8f2d983a495a5686 (commit)
via 6fbe2ddbaf5123ae444c95fdf8da67840f794c76 (commit)
via f1f072c501cd6124f9193e00f0debc4685ff0851 (commit)
via b46b14392540aec7726c8882c424e6d466c51c97 (commit)
via 7fa6f1481454ab8b4d166ac2d055abdba5f8baab (commit)
via 6da7aa1e7c80d214bd9dccb21744919ae191f2c8 (commit)
via 519e4560e821e4c41432626b241bca7d37143e01 (commit)
via a4e26f2ee852003707857ab0635b783acb89a2f8 (commit)
via 1a5d95e7319e7e6f0dd11064a26cbbc371b05214 (commit)
via 0336e5d1a7b9d46e06c838e6a98aecfcc9542882 (commit)
via cfd07798087f671c134eef056229bb30e08cc77c (commit)
via 5ba74a134db431530884f03eea5410a68dbfe0f5 (commit)
via 80b775bdbb852aa4a80292c9357e5b1876110c00 (commit)
via d27417d3a571739329a86d9f25212f2da0c8ff72 (commit)
via 870527df0dd704c994928348c8c2910030776680 (commit)
via 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73 (commit)
via cb1731c23cddfa524d3f51cfd82029bff853a073 (commit)
via a17d2d1f690ebe5d005b4589a5fe378b6487c657 (commit)
via 6705ee42a4bd89eea3f959f75d3c14a69c1249a3 (commit)
via 130ad98240c066383fa0a99bcf5e0ec72bc0dff9 (commit)
via 0c097575a9cd923f648fb5bb695893d46400c3ad (commit)
via 820380335a20391e0998fb1ba32ebfb9accedc5b (commit)
via 29692718768c28c524be6306081ab1852e75fe07 (commit)
via a1515b3bbc10a210040dda3b482bcdb933fa8d7c (commit)
via 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f (commit)
via e610d51f0de11154050915b951bcc5c53c940f5e (commit)
via 96918346beeca7a46de9f03f19502373994c21bc (commit)
from d4dc4245bf0221d2db4118718fc2528ecf43b97b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1793f2c46a1ae8befb4d2046c9f3da6e2c685e43
Author: Werner Koch <wk at gnupg.org>
Date: Tue Apr 10 08:37:27 2018 +0200
doc: Include release info from 2.2.6
--
diff --git a/NEWS b/NEWS
index 6f5137d..d10d52b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,51 @@
Noteworthy changes in version 2.3.0 (unreleased)
------------------------------------------------
+ Changes also found in 2.2.6:
+
+ * gpg,gpgsm: New option --request-origin to pretend requests coming
+ from a browser or a remote site.
+
+ * gpg: Fix race condition on trustdb.gpg updates due to too early
+ released lock. [#3839]
+
+ * gpg: Emit FAILURE status lines in almost all cases. [#3872]
+
+ * gpg: Implement --dry-run for --passwd to make checking a key's
+ passphrase straightforward.
+
+ * gpg: Make sure to only accept a certification capable key for key
+ signatures. [#3844]
+
+ * gpg: Better user interaction in --card-edit for the factory-reset
+ sub-command.
+
+ * gpg: Improve changing key attributes in --card-edit by adding an
+ explicit "key-attr" sub-command. [#3781]
+
+ * gpg: Print the keygrips in the --card-status.
+
+ * scd: Support KDF DO setup. [#3823]
+
+ * scd: Fix some issues with PC/SC on Windows. [#3825]
+
+ * scd: Fix suspend/resume handling in the CCID driver.
+
+ * agent: Evict cached passphrases also via a timer. [#3829]
+
+ * agent: Use separate passphrase caches depending on the request
+ origin. [#3858]
+
+ * ssh: Support signature flags. [#3880]
+
+ * dirmngr: Handle failures related to missing IPv6 support
+ gracefully. [#3331]
+
+ * Fix corner cases related to specified home directory with
+ drive letter on Windows. [#3720]
+
+ * Allow the use of UNC directory names as homedir. [#3818]
+
Changes also found in 2.2.5:
* gpg: Allow the use of the "cv25519" and "ed25519" short names in
@@ -162,6 +207,8 @@ Noteworthy changes in version 2.3.0 (unreleased)
Version 2.2.2 (2017-11-07)
Version 2.2.3 (2017-11-20)
Version 2.2.4 (2017-12-20)
+ Version 2.2.5 (2018-02-22)
+ Version 2.2.6 (2018-04-09)
Noteworthy changes in version 2.2.0 (2017-08-28)
commit 36373798c0955241288fb4aec103830106dd7e1f
Merge: d4dc424 9f69dbe
Author: Werner Koch <wk at gnupg.org>
Date: Tue Apr 10 10:14:30 2018 +0200
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
NEWS - keep master
configure.ac - merge
g10/card-util.c - mostly 2.2
g10/sig-check.c - 2.2
diff --cc configure.ac
index 3096aee,7b373a4..540dffc
--- a/configure.ac
+++ b/configure.ac
@@@ -614,8 -602,9 +614,9 @@@ AC_PROG_RANLI
AC_CHECK_TOOL(AR, ar, :)
AC_PATH_PROG(PERL,"perl")
AC_CHECK_TOOL(WINDRES, windres, :)
-AC_PATH_PROG(YAT2M, "yat2m")
+AC_PATH_PROG(YAT2M, "yat2m", "./yat2m" )
AC_ARG_VAR(YAT2M, [tool to convert texi to man pages])
+ AM_CONDITIONAL(HAVE_YAT2M, test -n "$ac_cv_path_YAT2M")
AC_ISC_POSIX
AC_SYS_LARGEFILE
GNUPG_CHECK_USTAR
diff --cc g10/sig-check.c
index f8e366b,e5de025..fc69839
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@@ -115,174 -115,177 +115,176 @@@ check_signature2 (ctrl_t ctrl
PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate,
int *r_expired, int *r_revoked, PKT_public_key **r_pk)
{
- int rc=0;
- PKT_public_key *pk;
-
- if (r_expiredate)
- *r_expiredate = 0;
- if (r_expired)
- *r_expired = 0;
- if (r_revoked)
- *r_revoked = 0;
- if (r_pk)
- *r_pk = NULL;
-
- pk = xtrycalloc (1, sizeof *pk);
- if (!pk)
- return gpg_error_from_syserror ();
-
- if ( (rc=openpgp_md_test_algo(sig->digest_algo)) )
- ; /* We don't have this digest. */
- else if (! gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
- {
- /* Compliance failure. */
- log_info (_("digest algorithm '%s' may not be used in %s mode\n"),
- gcry_md_algo_name (sig->digest_algo),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_DIGEST_ALGO);
- }
- else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
- ; /* We don't have this pubkey algo. */
- else if (!gcry_md_is_enabled (digest,sig->digest_algo))
- {
- /* Sanity check that the md has a context for the hash that the
- sig is expecting. This can happen if a onepass sig header does
- not match the actual sig, and also if the clearsign "Hash:"
- header is missing or does not match the actual sig. */
+ int rc=0;
+ PKT_public_key *pk;
- log_info(_("WARNING: signature digest conflict in message\n"));
- rc = gpg_error (GPG_ERR_GENERAL);
- }
- else if( get_pubkey (ctrl, pk, sig->keyid ) )
- rc = gpg_error (GPG_ERR_NO_PUBKEY);
- else if (! gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
- pk->pubkey_algo, pk->pkey,
- nbits_from_pk (pk),
- NULL))
- {
- /* Compliance failure. */
- log_error (_("key %s may not be used for signing in %s mode\n"),
- keystr_from_pk (pk),
- gnupg_compliance_option_string (opt.compliance));
- rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
- }
- else if(!pk->flags.valid)
- {
- /* You cannot have a good sig from an invalid key. */
- rc = gpg_error (GPG_ERR_BAD_PUBKEY);
- }
- else
- {
- if(r_expiredate)
- *r_expiredate = pk->expiredate;
-
- rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
-
- /* Check the backsig. This is a 0x19 signature from the
- subkey on the primary key. The idea here is that it should
- not be possible for someone to "steal" subkeys and claim
- them as their own. The attacker couldn't actually use the
- subkey, but they could try and claim ownership of any
- signatures issued by it. */
- if (!rc && !pk->flags.primary && pk->flags.backsig < 2)
- {
- if (!pk->flags.backsig)
- {
- log_info(_("WARNING: signing subkey %s is not"
- " cross-certified\n"),keystr_from_pk(pk));
- log_info(_("please see %s for more information\n"),
- "https://gnupg.org/faq/subkey-cross-certify.html");
- /* --require-cross-certification makes this warning an
- error. TODO: change the default to require this
- after more keys have backsigs. */
- if(opt.flags.require_cross_cert)
- rc = gpg_error (GPG_ERR_GENERAL);
- }
- else if(pk->flags.backsig == 1)
- {
- log_info(_("WARNING: signing subkey %s has an invalid"
- " cross-certification\n"),keystr_from_pk(pk));
- rc = gpg_error (GPG_ERR_GENERAL);
- }
- }
+ if (r_expiredate)
+ *r_expiredate = 0;
+ if (r_expired)
+ *r_expired = 0;
+ if (r_revoked)
+ *r_revoked = 0;
+ if (r_pk)
+ *r_pk = NULL;
- }
+ pk = xtrycalloc (1, sizeof *pk);
+ if (!pk)
+ return gpg_error_from_syserror ();
+
+ if ((rc=openpgp_md_test_algo(sig->digest_algo)))
+ {
+ /* We don't have this digest. */
+ }
+ else if (!gnupg_digest_is_allowed (opt.compliance, 0, sig->digest_algo))
+ {
+ /* Compliance failure. */
+ log_info (_("digest algorithm '%s' may not be used in %s mode\n"),
+ gcry_md_algo_name (sig->digest_algo),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_DIGEST_ALGO);
+ }
+ else if ((rc=openpgp_pk_test_algo(sig->pubkey_algo)))
+ {
+ /* We don't have this pubkey algo. */
+ }
+ else if (!gcry_md_is_enabled (digest,sig->digest_algo))
+ {
+ /* Sanity check that the md has a context for the hash that the
+ * sig is expecting. This can happen if a onepass sig header
+ * does not match the actual sig, and also if the clearsign
+ * "Hash:" header is missing or does not match the actual sig. */
+ log_info(_("WARNING: signature digest conflict in message\n"));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ else if (get_pubkey (ctrl, pk, sig->keyid))
+ rc = gpg_error (GPG_ERR_NO_PUBKEY);
+ else if (!gnupg_pk_is_allowed (opt.compliance, PK_USE_VERIFICATION,
+ pk->pubkey_algo, pk->pkey,
+ nbits_from_pk (pk),
+ NULL))
+ {
+ /* Compliance failure. */
+ log_error (_("key %s may not be used for signing in %s mode\n"),
+ keystr_from_pk (pk),
+ gnupg_compliance_option_string (opt.compliance));
+ rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ }
+ else if (!pk->flags.valid)
+ {
+ /* You cannot have a good sig from an invalid key. */
+ rc = gpg_error (GPG_ERR_BAD_PUBKEY);
+ }
+ else
+ {
+ if (r_expiredate)
+ *r_expiredate = pk->expiredate;
+
+ rc = check_signature_end (pk, sig, digest, r_expired, r_revoked, NULL);
+
+ /* Check the backsig. This is a back signature (0x19) from
+ * the subkey on the primary key. The idea here is that it
+ * should not be possible for someone to "steal" subkeys and
+ * claim them as their own. The attacker couldn't actually
+ * use the subkey, but they could try and claim ownership of
+ * any signatures issued by it. */
+ if (!rc && !pk->flags.primary && pk->flags.backsig < 2)
+ {
+ if (!pk->flags.backsig)
+ {
+ log_info (_("WARNING: signing subkey %s is not"
+ " cross-certified\n"),keystr_from_pk(pk));
+ log_info (_("please see %s for more information\n"),
+ "https://gnupg.org/faq/subkey-cross-certify.html");
+ /* The default option --require-cross-certification
+ * makes this warning an error. */
+ if (opt.flags.require_cross_cert)
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ else if(pk->flags.backsig == 1)
+ {
+ log_info (_("WARNING: signing subkey %s has an invalid"
+ " cross-certification\n"), keystr_from_pk(pk));
+ rc = gpg_error (GPG_ERR_GENERAL);
+ }
+ }
+
+ }
- if (!rc && sig->sig_class < 2 && is_status_enabled ())
- {
- /* This signature id works best with DLP algorithms because
- * they use a random parameter for every signature. Instead of
- * this sig-id we could have also used the hash of the document
- * and the timestamp, but the drawback of this is, that it is
- * not possible to sign more than one identical document within
- * one second. Some remote batch processing applications might
- * like this feature here.
- *
- * Note that before 2.0.10, we used RIPE-MD160 for the hash
- * and accidentally didn't include the timestamp and algorithm
- * information in the hash. Given that this feature is not
- * commonly used and that a replay attacks detection should
- * not solely be based on this feature (because it does not
- * work with RSA), we take the freedom and switch to SHA-1
- * with 2.0.10 to take advantage of hardware supported SHA-1
- * implementations. We also include the missing information
- * in the hash. Note also the SIG_ID as computed by gpg 1.x
- * and gpg 2.x didn't matched either because 2.x used to print
- * MPIs not in PGP format. */
- u32 a = sig->timestamp;
- int nsig = pubkey_get_nsig (sig->pubkey_algo);
- unsigned char *p, *buffer;
- size_t n, nbytes;
- int i;
- char hashbuf[20];
+ if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
+ /* This signature id works best with DLP algorithms because
+ * they use a random parameter for every signature. Instead of
+ * this sig-id we could have also used the hash of the document
+ * and the timestamp, but the drawback of this is, that it is
+ * not possible to sign more than one identical document within
+ * one second. Some remote batch processing applications might
+ * like this feature here.
+ *
+ * Note that before 2.0.10, we used RIPE-MD160 for the hash
+ * and accidentally didn't include the timestamp and algorithm
+ * information in the hash. Given that this feature is not
+ * commonly used and that a replay attacks detection should
+ * not solely be based on this feature (because it does not
+ * work with RSA), we take the freedom and switch to SHA-1
+ * with 2.0.10 to take advantage of hardware supported SHA-1
+ * implementations. We also include the missing information
+ * in the hash. Note also the SIG_ID as computed by gpg 1.x
+ * and gpg 2.x didn't matched either because 2.x used to print
+ * MPIs not in PGP format. */
+ u32 a = sig->timestamp;
+ int nsig = pubkey_get_nsig( sig->pubkey_algo );
+ unsigned char *p, *buffer;
+ size_t n, nbytes;
+ int i;
+ char hashbuf[20]; /* We use SHA-1 here. */
- nbytes = 6;
- for (i=0; i < nsig; i++ )
- {
- if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i]))
- BUG();
- nbytes += n;
- }
+ nbytes = 6;
+ for (i=0; i < nsig; i++ )
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i]))
+ BUG();
+ nbytes += n;
+ }
- /* Make buffer large enough to be later used as output buffer. */
- if (nbytes < 100)
- nbytes = 100;
- nbytes += 10; /* Safety margin. */
-
- /* Fill and hash buffer. */
- buffer = p = xmalloc (nbytes);
- *p++ = sig->pubkey_algo;
- *p++ = sig->digest_algo;
- *p++ = (a >> 24) & 0xff;
- *p++ = (a >> 16) & 0xff;
- *p++ = (a >> 8) & 0xff;
- *p++ = a & 0xff;
- nbytes -= 6;
- for (i=0; i < nsig; i++ )
- {
- if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i]))
- BUG();
- p += n;
- nbytes -= n;
- }
- gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, buffer, p-buffer);
-
- p = make_radix64_string (hashbuf, 20);
- sprintf (buffer, "%s %s %lu",
- p, strtimestamp (sig->timestamp), (ulong)sig->timestamp);
- xfree (p);
- write_status_text (STATUS_SIG_ID, buffer);
- xfree (buffer);
+ /* Make buffer large enough to be later used as output buffer. */
+ if (nbytes < 100)
+ nbytes = 100;
+ nbytes += 10; /* Safety margin. */
+
+ /* Fill and hash buffer. */
+ buffer = p = xmalloc (nbytes);
+ *p++ = sig->pubkey_algo;
+ *p++ = sig->digest_algo;
+ *p++ = (a >> 24) & 0xff;
+ *p++ = (a >> 16) & 0xff;
+ *p++ = (a >> 8) & 0xff;
+ *p++ = a & 0xff;
+ nbytes -= 6;
+ for (i=0; i < nsig; i++ )
+ {
+ if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i]))
+ BUG();
+ p += n;
+ nbytes -= n;
+ }
+ gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, buffer, p-buffer);
+
+ p = make_radix64_string (hashbuf, 20);
+ sprintf (buffer, "%s %s %lu",
+ p, strtimestamp (sig->timestamp), (ulong)sig->timestamp);
+ xfree (p);
+ write_status_text (STATUS_SIG_ID, buffer);
+ xfree (buffer);
}
- if (r_pk)
- *r_pk = pk;
- else
- {
- release_public_key_parts (pk);
- xfree (pk);
- }
+ if (r_pk)
+ *r_pk = pk;
+ else
+ {
+ release_public_key_parts (pk);
+ xfree (pk);
+ }
- return rc;
+ return rc;
}
@@@ -493,38 -521,34 +520,38 @@@ check_signature_end_simple (PKT_public_
gcry_md_putc (digest, 0);
n = 6;
}
- /* Add some magic per Section 5.2.4 of RFC 4880. */
- buf[0] = sig->version;
- buf[1] = 0xff;
- buf[2] = n >> 24;
- buf[3] = n >> 16;
- buf[4] = n >> 8;
- buf[5] = n;
- gcry_md_write( digest, buf, 6 );
+ /* add some magic per Section 5.2.4 of RFC 4880. */
+ buf[0] = sig->version;
+ buf[1] = 0xff;
+ buf[2] = n >> 24;
+ buf[3] = n >> 16;
+ buf[4] = n >> 8;
+ buf[5] = n;
+ gcry_md_write( digest, buf, 6 );
}
- gcry_md_final( digest );
-
- /* Convert the digest to an MPI. */
- result = encode_md_value (pk, digest, sig->digest_algo );
- if (!result)
- return GPG_ERR_GENERAL;
-
- /* Verify the signature. */
- rc = pk_verify (pk->pubkey_algo, result, sig->data, pk->pkey);
- gcry_mpi_release (result);
+ gcry_md_final( digest );
+
+ /* Convert the digest to an MPI. */
+ result = encode_md_value (pk, digest, sig->digest_algo );
+ if (!result)
+ return GPG_ERR_GENERAL;
+
+ /* Verify the signature. */
+ if (DBG_CLOCK && sig->sig_class <= 0x01)
+ log_clock ("enter pk_verify");
+ rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey );
+ if (DBG_CLOCK && sig->sig_class <= 0x01)
+ log_clock ("leave pk_verify");
+ gcry_mpi_release (result);
- if( !rc && sig->flags.unknown_critical )
- {
- log_info(_("assuming bad signature from key %s"
- " due to an unknown critical bit\n"),keystr_from_pk(pk));
- rc = GPG_ERR_BAD_SIGNATURE;
- }
+ if (!rc && sig->flags.unknown_critical)
+ {
+ log_info(_("assuming bad signature from key %s"
+ " due to an unknown critical bit\n"),keystr_from_pk(pk));
+ rc = GPG_ERR_BAD_SIGNATURE;
+ }
- return rc;
+ return rc;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 47 +++
agent/call-scd.c | 4 +-
agent/command-ssh.c | 46 ++-
common/homedir.c | 95 +++--
configure.ac | 1 +
doc/examples/vsnfd.prf | 6 +-
doc/gpg.texi | 22 +-
g10/call-agent.h | 15 +-
g10/card-util.c | 370 +++++++++++------
g10/cpr.c | 6 +-
g10/getkey.c | 2 +
g10/gpg.c | 56 ++-
g10/keydb.h | 5 +-
g10/keyedit.c | 8 +-
g10/keygen.c | 53 ++-
g10/main.h | 1 +
g10/sig-check.c | 690 ++++++++++++++++----------------
po/ca.po | 124 ++++--
po/cs.po | 135 +++++--
po/da.po | 137 +++++--
po/de.po | 123 ++++--
po/el.po | 124 ++++--
po/eo.po | 124 ++++--
po/es.po | 139 +++++--
po/et.po | 124 ++++--
po/fi.po | 124 ++++--
po/fr.po | 145 +++++--
po/gl.po | 124 ++++--
po/hu.po | 124 ++++--
po/id.po | 124 ++++--
po/it.po | 124 ++++--
po/ja.po | 125 ++++--
po/nb.po | 135 +++++--
po/pl.po | 137 +++++--
po/pt.po | 124 ++++--
po/ro.po | 134 +++++--
po/ru.po | 131 ++++--
po/sk.po | 124 ++++--
po/sv.po | 143 +++++--
po/tr.po | 134 +++++--
po/uk.po | 135 +++++--
po/zh_CN.po | 132 ++++--
po/zh_TW.po | 139 +++++--
scd/app-openpgp.c | 61 ++-
scd/command.c | 16 +-
sm/gpgsm.c | 14 +-
tests/gpgscm/gnupg.scm | 13 +-
tests/gpgsm/export.scm | 2 +-
tests/gpgsm/gpgsm-defs.scm | 6 +
tests/migrations/common.scm | 2 +-
tests/openpgp/decrypt-session-key.scm | 2 +-
tests/openpgp/decrypt-unwrap-verify.scm | 2 +-
tests/openpgp/defs.scm | 14 +-
53 files changed, 3382 insertions(+), 1565 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list