[git] GCRYPT - branch, LIBGCRYPT-1.8-BRANCH, updated. libgcrypt-1.8.3-10-g99a5bab
by Werner Koch
cvs at cvs.gnupg.org
Wed Oct 24 12:32:25 CEST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, LIBGCRYPT-1.8-BRANCH has been updated
via 99a5babfd1e759310db8ab8b11d182f2e139dfb1 (commit)
via 4e044b80b296f94a4cd011ddd7e2b3a5abb1a254 (commit)
via abd267bf239345ceae5c0de239d1530b427a53a1 (commit)
via 60224352f4de1189e0076c6172886dc787a1e6e6 (commit)
via 347987d4cf29b6a611b7fafa14fddeb50c0651d2 (commit)
via 7f4de8bab99181b244b40f721fc8297b4374ecbe (commit)
via be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd (commit)
via 8cc7cac82ec2087c3e1ece56dbd12855a383f090 (commit)
from 20c034865f2dd15ce2871385b6e29c15d1570539 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 99a5babfd1e759310db8ab8b11d182f2e139dfb1
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 24 12:24:44 2018 +0200
build: Add release make target
* Makefile.am (release, sign-release): New targets.
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 03bb25ee7ed6f1076bf788ab981ca68672880daa)
diff --git a/Makefile.am b/Makefile.am
index f97af7f..452cb96 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,8 +14,17 @@
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
-# License along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Location of the released tarball archives. Note that this is an
+# internal archive and before uploading this to the public server,
+# manual tests should be run and the git release tagged and pushed.
+# Adjust as needed.
+RELEASE_ARCHIVE_DIR = wk at vigenere:tarballs/libgpg-error/
+# The key used to sign the released sources. Adjust as needed.
+RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
+
ACLOCAL_AMFLAGS = -I m4
DISTCHECK_CONFIGURE_FLAGS = --disable-random-daemon --enable-doc \
@@ -92,3 +101,50 @@ gen-ChangeLog:
stowinstall:
$(MAKE) $(AM_MAKEFLAGS) install prefix=/usr/local/stow/libgcrypt
+
+# Macro to help the release target.
+RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
+
+release:
+ +(set -e;\
+ if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \
+ echo "error: build directory must not be the source directory" >&2;\
+ exit 2;\
+ fi ;\
+ echo "/* Build started at $$(date -uIseconds) */" ;\
+ cd $(top_srcdir); \
+ ./autogen.sh --force; \
+ cd $(abs_top_builddir); \
+ rm -rf dist; mkdir dist ; cd dist ; \
+ $(abs_top_srcdir)/configure --enable-maintainer-mode; \
+ $(MAKE) distcheck; \
+ echo "/* Build finished at $$(date -uIseconds) */" ;\
+ echo "/*" ;\
+ echo " * Please run the final step interactivly:" ;\
+ echo " * make sign-release" ;\
+ echo " */" ;\
+ ) 2>&1 | tee "$(RELEASE_NAME).buildlog"
+
+sign-release:
+ +(set -e; \
+ cd dist; \
+ files1="$(RELEASE_NAME).tar.bz2 \
+ $(RELEASE_NAME).tar.gz" ; \
+ files2="$(RELEASE_NAME).tar.bz2.sig \
+ $(RELEASE_NAME).tar.gz.sig \
+ $(RELEASE_NAME).swdb \
+ $(RELEASE_NAME).buildlog" ;\
+ echo "/* Signing the source tarball ..." ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\
+ gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.gz ;\
+ cat $(RELEASE_NAME).swdb >swdb.snippet;\
+ echo >>swdb.snippet ;\
+ sha1sum $${files1} >>swdb.snippet ;\
+ cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
+ | gzip >$(RELEASE_NAME).buildlog ;\
+ echo "Copying to local archive ..." ;\
+ scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\
+ echo '/*' ;\
+ echo ' * All done; for checksums see dist/swdb.snippet' ;\
+ echo ' */' ;\
+ )
commit 4e044b80b296f94a4cd011ddd7e2b3a5abb1a254
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 24 12:06:07 2018 +0200
doc: Update yat2m.c from upstream (libgpg-error)
--
GnuPG-bug-id: 4102
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 0cfd41c662792cd5707a7bd738c341c29abdb4e7)
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 7599081..3c7b363 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005, 2013, 2015, 2016 g10 Code GmbH
+ * Copyright (C) 2005, 2013, 2015, 2016, 2017 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -128,7 +128,11 @@
#define PGM "yat2m"
-#define VERSION "1.0"
+#ifdef PACKAGE_VERSION
+# define VERSION PACKAGE_VERSION
+#else
+# define VERSION "1.0"
+#endif
/* The maximum length of a line including the linefeed and one extra
character. */
@@ -353,7 +357,7 @@ ascii_strupr (char *string)
const char *
isodatestring (void)
{
- static char buffer[11+5];
+ static char buffer[36];
struct tm *tp;
time_t atime;
@@ -482,6 +486,9 @@ evaluate_conditions (const char *fname, int lnr)
{
int i;
+ (void)fname;
+ (void)lnr;
+
/* for (i=0; i < condition_stack_idx; i++) */
/* inf ("%s:%d: stack[%d] %s %s %c", */
/* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
@@ -729,7 +736,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{ "asis", 7 },
{ "anchor", 7 },
{ "cartouche", 1 },
- { "xref", 0, "see: [", "]" },
+ { "ref", 0, "[", "]" },
+ { "xref", 0, "See: [", "]" },
{ "pxref", 0, "see: [", "]" },
{ "uref", 0, "(\\fB", "\\fR)" },
{ "footnote",0, " ([", "])" },
@@ -746,7 +754,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{ "subsection", 6, "\n.SS " },
{ "chapheading", 0},
{ "item", 2, ".TP\n.B " },
- { "itemx", 2, ".TP\n.B " },
+ { "itemx", 2, ".TQ\n.B " },
{ "table", 3 },
{ "itemize", 3 },
{ "bullet", 0, "* " },
@@ -793,6 +801,8 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
{
if ((*table_level)-- > 1)
fputs (".RE\n", fp);
+ else
+ fputs (".P\n", fp);
}
else if (n >= 7 && !memcmp (s, "example", 7)
&& (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n'))
@@ -850,18 +860,20 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
}
else
{
- size_t len = s - (rest + 1);
+ size_t rlen = s - (rest + 1);
macro_t m;
for (m = variablelist; m; m = m->next)
- if (strlen (m->name) == len
- &&!strncmp (m->name, rest+1, len))
- break;
+ {
+ if (strlen (m->name) == rlen
+ && !strncmp (m->name, rest+1, rlen))
+ break;
+ }
if (m)
fputs (m->value, fp);
else
inf ("texinfo variable '%.*s' is not set",
- (int)len, rest+1);
+ (int)rlen, rest+1);
}
}
break;
@@ -1475,6 +1487,7 @@ int
main (int argc, char **argv)
{
int last_argc = -1;
+ const char *s;
opt_source = "GNU";
opt_release = "";
@@ -1513,13 +1526,13 @@ main (int argc, char **argv)
" -I DIR also search in include DIR\n"
" -D gpgone the only usable define\n\n"
"With no FILE, or when FILE is -, read standard input.\n\n"
- "Report bugs to <bugs at g10code.com>.");
+ "Report bugs to <https://bugs.gnupg.org>.");
exit (0);
}
else if (!strcmp (*argv, "--version"))
{
puts (PGM " " VERSION "\n"
- "Copyright (C) 2005 g10 Code GmbH\n"
+ "Copyright (C) 2005, 2017 g10 Code GmbH\n"
"This program comes with ABSOLUTELY NO WARRANTY.\n"
"This is free software, and you are welcome to redistribute it\n"
"under certain conditions. See the file COPYING for details.");
@@ -1608,6 +1621,11 @@ main (int argc, char **argv)
if (argc > 1)
die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+ /* Take care of supplied timestamp for reproducible builds. See
+ * https://reproducible-builds.org/specs/source-date-epoch/ */
+ if (!opt_date && (s = getenv ("SOURCE_DATE_EPOCH")) && *s)
+ opt_date = s;
+
/* Start processing. */
if (argc && strcmp (*argv, "-"))
{
commit abd267bf239345ceae5c0de239d1530b427a53a1
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 24 11:55:34 2018 +0200
Fix memory leak in secmem in out of core conditions.
* src/secmem.c (_gcry_secmem_malloc_internal): Release pool descriptor
if the pool could not be allocated.
--
GnuPG-bug-id: 4211
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit f74687fd43f5772a372f54031d5a9527597f4ce4)
diff --git a/src/secmem.c b/src/secmem.c
index 79c135f..3e091d8 100644
--- a/src/secmem.c
+++ b/src/secmem.c
@@ -658,7 +658,10 @@ _gcry_secmem_malloc_internal (size_t size, int xhint)
pool->size = auto_expand? auto_expand : STANDARD_POOL_SIZE;
pool->mem = malloc (pool->size);
if (!pool->mem)
- return NULL; /* Not enough memory available for a new pool. */
+ {
+ free (pool);
+ return NULL; /* Not enough memory available for a new pool. */
+ }
/* Initialize first memory block. */
mb = (memblock_t *) pool->mem;
mb->size = pool->size - BLOCK_HEAD_SIZE;
commit 60224352f4de1189e0076c6172886dc787a1e6e6
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 24 11:50:46 2018 +0200
ecc: Fix memory leak in the error case of ecc_encrypt_raw
* cipher/ecc.c (ecc_encrypt_raw): Add proper error cleanup in the main
block.
--
GnuPG-bug-id: 4210
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit e57e75ea517f32109b508113f18298fc69fd1192)
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 4e3e5b1..3f221a2 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1392,6 +1392,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
unsigned char *rawmpi;
unsigned int rawmpilen;
+ rc = 0;
x = mpi_new (0);
if (ec->model == MPI_EC_MONTGOMERY)
y = NULL;
@@ -1418,7 +1419,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
if (!(flags & PUBKEY_FLAG_DJB_TWEAK))
{ /* It's not for X25519, then, the input data was simply wrong. */
rc = GPG_ERR_INV_DATA;
- goto leave;
+ goto leave_main;
}
}
if (y)
@@ -1443,7 +1444,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
if (_gcry_mpi_ec_get_affine (x, y, &R, ec))
{
rc = GPG_ERR_INV_DATA;
- goto leave;
+ goto leave_main;
}
if (y)
mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p);
@@ -1461,11 +1462,12 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
}
}
-
+ leave_main:
mpi_free (x);
mpi_free (y);
-
point_free (&R);
+ if (rc)
+ goto leave;
}
if (!rc)
commit 347987d4cf29b6a611b7fafa14fddeb50c0651d2
Author: Werner Koch <wk at gnupg.org>
Date: Wed Oct 24 09:50:17 2018 +0200
ecc: Fix possible memory leakage in parameter check of eddsa.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_verify): Fix mem leak.
--
GnuPG-bug-id: 4209
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 149ceb3cae03d0385341d32430aa5ae57de90007)
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index 813e030..89b708a 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -760,7 +760,10 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
pkey->E.p, pkey->E.a, pkey->E.b);
b = ctx->nbits/8;
if (b != 256/8)
- return GPG_ERR_INTERNAL; /* We only support 256 bit. */
+ {
+ rc = GPG_ERR_INTERNAL; /* We only support 256 bit. */
+ goto leave;
+ }
/* Decode and check the public key. */
rc = _gcry_ecc_eddsa_decodepoint (pk, ctx, &Q, &encpk, &encpklen);
commit 7f4de8bab99181b244b40f721fc8297b4374ecbe
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jun 14 10:39:53 2018 +0200
doc: Fix example for gcry_sexp_extract_param
--
(cherry picked from commit 282f238f7788267768e823c0976aff15aeaff103)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index c18b498..c32748f 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -4454,14 +4454,15 @@ an @code{gcry_mpi_t} variable is expected that must be set to
is expected. For example
@example
- _gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
- &mpi_n, &mpi_x, &mpi_e, &mpi_foo, NULL)
+ gcry_sexp_extract_param (key, NULL, "n/x+e d-'foo'",
+ &mpi_n, &mpi_x, &mpi_e, &mpi_d, &mpi_foo, NULL)
@end example
stores the parameter 'n' from @var{key} as an unsigned MPI into
@var{mpi_n}, the parameter 'x' as an opaque MPI into @var{mpi_x}, the
-parameter 'e' again as an unsigned MPI into @var{mpi_e}, and the
-parameter 'foo' as a signed MPI.
+parameters 'e' and 'd' again as an unsigned MPI into @var{mpi_e} and
+ at var{mpi_d} and finally the parameter 'foo' as a signed MPI into
+ at var{mpi_foo}.
@var{path} is an optional string used to locate a token. The
exclamation mark separated tokens are used via
commit be68b3ee4fd1f85edc95eaad11c8fd52ccd27ccd
Author: Werner Koch <wk at gnupg.org>
Date: Tue Oct 23 22:58:09 2018 +0200
ecc: Fix potential unintended freeing of an internal param.
* cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error
--
GnuPG-bug-id: 4208
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit e2da4e8dee4b371804f3b2659b53431fb6380d93)
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 3488ed3..39bad1a 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -1193,7 +1193,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
if (!strcmp (name, "q.x") && ec->Q && ec->Q->x)
return mpi_is_const (ec->Q->x) && !copy? ec->Q->x : mpi_copy (ec->Q->x);
if (!strcmp (name, "q.y") && ec->Q && ec->Q->y)
- return mpi_is_const (ec->G->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
+ return mpi_is_const (ec->Q->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
/* If the base point has been requested, return it in standard
encoding. */
commit 8cc7cac82ec2087c3e1ece56dbd12855a383f090
Author: Werner Koch <wk at gnupg.org>
Date: Tue Oct 23 22:51:40 2018 +0200
sexp: Fix uninitialized use of a var in the error case.
* src/sexp.c (_gcry_sexp_vextract_param): Initialize L1.
--
GnuPG-bug-id: 4212
Signed-off-by: Werner Koch <wk at gnupg.org>
(cherry picked from commit 9f2c7ec4d8b07e82663ad084c90c016d3c3b80c2)
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 89b1303..75c49a0 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1311,7 +1311,7 @@ gpg_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
size_t length);
/* Convenience function to calculate the hash from the data in BUFFER
- of size LENGTH using the algorithm ALGO avoiding the creating of a
+ of size LENGTH using the algorithm ALGO avoiding the creation of a
hash object. The hash is returned in the caller provided buffer
DIGEST which must be large enough to hold the digest of the given
algorithm. */
diff --git a/src/sexp.c b/src/sexp.c
index 9d89268..f2a164c 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -2232,7 +2232,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path,
gcry_mpi_t *array[20];
char arrayisdesc[20];
int idx;
- gcry_sexp_t l1;
+ gcry_sexp_t l1 = NULL;
int mode = '+'; /* Default to GCRYMPI_FMT_USG. */
gcry_sexp_t freethis = NULL;
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++--
cipher/ecc-curves.c | 2 +-
cipher/ecc-eddsa.c | 5 ++++-
cipher/ecc.c | 10 +++++----
doc/gcrypt.texi | 9 ++++----
doc/yat2m.c | 42 ++++++++++++++++++++++++++-----------
src/gcrypt.h.in | 2 +-
src/secmem.c | 5 ++++-
src/sexp.c | 2 +-
9 files changed, 110 insertions(+), 27 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list