[git] GnuPG - branch, master, updated. gnupg-2.2.7-134-gd3d4114

by Werner Koch cvs at cvs.gnupg.org
Wed May 30 22:14:23 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d3d41146b33040eb65eaaaffcfc7b4211e60bd95 (commit)
       via  97183b5c0fae05fcda942caa7df14ee6a133d846 (commit)
      from  b2c05d691247a79fb46f75b653cbc4bf518c1c2a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d3d41146b33040eb65eaaaffcfc7b4211e60bd95
Author: Werner Koch <wk at gnupg.org>
Date:   Wed May 30 22:05:57 2018 +0200

    gpg: Ignore the multiple message override options.
    
    * g10/gpg.c (oAllowMultisigVerification)
    (oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
    (opts): Turn --allow-multisig-verification, --allow-multiple-messages
    and --no-allow-multiple-messages into NOPs
    * g10/options.h (struct opt): Remove flags.allow_multiple_messages.
    * g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
    false.
    --
    
    These options are very old compatibility hacks and should not be used
    anymore.  We keep them as dummy options in case someone has them in
    the conf file.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9754c17..a12b5af 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3382,16 +3382,7 @@ This is an obsolete option and is not used anywhere.
 
 @item --allow-multiple-messages
 @item --no-allow-multiple-messages
- at opindex allow-multiple-messages
-Allow processing of multiple OpenPGP messages contained in a single file
-or stream.  Some programs that call GPG are not prepared to deal with
-multiple messages being processed together, so this option defaults to
-no.  Note that versions of GPG prior to 1.4.7 always allowed multiple
-messages.
-
-Warning: Do not use this option unless you need it as a temporary
-workaround!
-
+These are obsolete options; they have no more effect since GnuPG 2.2.8.
 
 @item --enable-special-filenames
 @opindex enable-special-filenames
diff --git a/g10/gpg.c b/g10/gpg.c
index af56f12..70bdddf 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -401,13 +401,10 @@ enum cmd_and_opt_values
     oNoRequireCrossCert,
     oAutoKeyLocate,
     oNoAutoKeyLocate,
-    oAllowMultisigVerification,
     oEnableLargeRSA,
     oDisableLargeRSA,
     oEnableDSA2,
     oDisableDSA2,
-    oAllowMultipleMessages,
-    oNoAllowMultipleMessages,
     oAllowWeakDigestAlgos,
     oFakedSystemTime,
     oNoAutostart,
@@ -863,14 +860,10 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oExitOnStatusWriteError, "exit-on-status-write-error", "@"),
   ARGPARSE_s_i (oLimitCardInsertTries, "limit-card-insert-tries", "@"),
 
-  ARGPARSE_s_n (oAllowMultisigVerification,
-                "allow-multisig-verification", "@"),
   ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
   ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
   ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
   ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
-  ARGPARSE_s_n (oAllowMultipleMessages,      "allow-multiple-messages", "@"),
-  ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
   ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
 
   ARGPARSE_s_s (oDefaultNewKeyAlgo, "default-new-key-algo", "@"),
@@ -918,7 +911,9 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
   ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
   ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
-
+  ARGPARSE_s_n (oNoop, "allow-multisig-verification", "@"),
+  ARGPARSE_s_n (oNoop, "allow-multiple-messages", "@"),
+  ARGPARSE_s_n (oNoop, "no-allow-multiple-messages", "@"),
 
   ARGPARSE_end ()
 };
@@ -3578,15 +3573,6 @@ main (int argc, char **argv)
 	  case oEnableDSA2: opt.flags.dsa2=1; break;
 	  case oDisableDSA2: opt.flags.dsa2=0; break;
 
-          case oAllowMultisigVerification:
-	  case oAllowMultipleMessages:
-	    opt.flags.allow_multiple_messages=1;
-	    break;
-
-	  case oNoAllowMultipleMessages:
-	    opt.flags.allow_multiple_messages=0;
-	    break;
-
           case oAllowWeakDigestAlgos:
             opt.flags.allow_weak_digest_algos = 1;
             break;
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 0341589..0303a52 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -899,12 +899,9 @@ proc_plaintext( CTX c, PACKET *pkt )
     {
       log_info (_("WARNING: multiple plaintexts seen\n"));
 
-      if (!opt.flags.allow_multiple_messages)
-        {
-          write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
-          log_inc_errorcount ();
-          rc = gpg_error (GPG_ERR_UNEXPECTED);
-        }
+      write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA");
+      log_inc_errorcount ();
+      rc = gpg_error (GPG_ERR_UNEXPECTED);
     }
 
   if (!rc)
@@ -1871,14 +1868,12 @@ check_sig_and_print (CTX c, kbnode_t node)
           goto ambiguous;
 
 	/* If we wanted to disallow multiple sig verification, we'd do
-	   something like this:
-
-	   if (n && !opt.allow_multisig_verification)
-             goto ambiguous;
-
-	   However, now that we have --allow-multiple-messages, this
-	   can stay allowable as we can't get here unless multiple
-	   messages (i.e. multiple literals) are allowed. */
+	 * something like this:
+         *
+	 * if (n)
+         *   goto ambiguous;
+         *
+         * However, this can stay allowable as we can't get here.  */
 
         if (n_onepass != n_sig)
           {
diff --git a/g10/options.h b/g10/options.h
index 3754687..7defbda 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -244,7 +244,6 @@ struct
     unsigned int use_embedded_filename:1;
     unsigned int utf8_filename:1;
     unsigned int dsa2:1;
-    unsigned int allow_multiple_messages:1;
     unsigned int allow_weak_digest_algos:1;
     unsigned int large_rsa:1;
     unsigned int disable_signer_uid:1;
diff --git a/tests/openpgp/verify.scm b/tests/openpgp/verify.scm
index b4dd49b..afa6b6a 100755
--- a/tests/openpgp/verify.scm
+++ b/tests/openpgp/verify.scm
@@ -51,16 +51,12 @@
  '(msg_ols_asc msg_cols_asc msg_sl_asc msg_oolss_asc msg_cls_asc msg_clss_asc))
 
 (for-each-p
- "Checking that a valid signature over multiple messages is verified as such"
+ "Checking that a valid signature over multiple messages is rejected"
  (lambda (armored-file)
-   (pipe:do
-    (pipe:echo (eval armored-file (current-environment)))
-    (pipe:spawn `(, at GPG --verify --allow-multiple-messages)))
    (catch '()
-	  (pipe:do
-	   (pipe:defer (lambda (sink)
-			 (display armored-file (fdopen sink "w"))))
-	   (pipe:spawn `(, at GPG --verify)))
+          (pipe:do
+           (pipe:echo (eval armored-file (current-environment)))
+           (pipe:spawn `(, at GPG --verify)))
 	  (fail "verification succeeded but should not")))
  '(msg_olsols_asc_multiple msg_clsclss_asc_multiple))
 

commit 97183b5c0fae05fcda942caa7df14ee6a133d846
Author: Werner Koch <wk at gnupg.org>
Date:   Wed May 30 21:45:37 2018 +0200

    gpg: Detect multiple literal plaintext packets more reliable.
    
    * g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
    --
    
    GnuPG-bug-id: 4000
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/mainproc.c b/g10/mainproc.c
index a991203..0341589 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -105,16 +105,22 @@ struct mainproc_context
 };
 
 
+/* Counter with the number of literal data packets seen.  Note that
+ * this is also bumped at the end of an encryption.  This counter is
+ * used for a basic consistency check of a received PGP message.  */
+static int literals_seen;
+
+
 /*** Local prototypes.  ***/
 static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a);
 static void list_node (CTX c, kbnode_t node);
 static void proc_tree (CTX c, kbnode_t node);
-static int literals_seen;
 
 
 /*** Functions.  ***/
 
-
+/* Reset the literal data counter.  This is required to setup a new
+ * decryption or verification context.  */
 void
 reset_literals_seen(void)
 {
@@ -799,6 +805,12 @@ proc_encrypted (CTX c, PACKET *pkt)
   free_packet (pkt, NULL);
   c->last_was_session_key = 0;
   write_status (STATUS_END_DECRYPTION);
+
+  /* Bump the counter even if we have not seen a literal data packet
+   * inside an encryption container.  This acts as a sentinel in case
+   * a misplace extra literal data packets follows after this
+   * encrypted packet.  */
+  literals_seen++;
 }
 
 
@@ -809,6 +821,7 @@ proc_plaintext( CTX c, PACKET *pkt )
   int any, clearsig, rc;
   kbnode_t n;
 
+  /* This is a literal data packet.  Bumb a counter for later checks.  */
   literals_seen++;
 
   if (pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8))

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi             | 11 +----------
 g10/gpg.c                | 20 +++-----------------
 g10/mainproc.c           | 40 ++++++++++++++++++++++++----------------
 g10/options.h            |  1 -
 tests/openpgp/verify.scm | 12 ++++--------
 5 files changed, 32 insertions(+), 52 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list