[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.13-10-g0eb8095

by Werner Koch cvs at cvs.gnupg.org
Mon Feb 25 08:55:44 CET 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  0eb8095626be71160dfa66284a7b0a6a57cb03e3 (commit)
       via  54c56230e305a38d6fd0c3bf1262172fd5fbcb87 (commit)
       via  0a95b153811f36739d1b20f23920bad0bb07c68b (commit)
      from  8161afb9dddaba839be92fbe9d85c05235eda825 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0eb8095626be71160dfa66284a7b0a6a57cb03e3
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Feb 21 08:40:59 2019 +0100

    scd: Don't let the "undefined" app cause a conflict error.
    
    * scd/app.c (check_conflict): Ignore "undefined".
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a)

diff --git a/scd/app.c b/scd/app.c
index ac9a658..bb33a56 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -121,6 +121,9 @@ check_conflict (app_t app, const char *name)
   if (!app || !name || (app->apptype && !ascii_strcasecmp (app->apptype, name)))
     return 0;
 
+  if (app->apptype && !strcmp (app->apptype, "UNDEFINED"))
+    return 0;
+
   log_info ("application '%s' in use - can't switch\n",
             app->apptype? app->apptype : "<null>");
 

commit 54c56230e305a38d6fd0c3bf1262172fd5fbcb87
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Feb 21 17:32:39 2019 +0100

    sm: Fix certificate creation with key on card.
    
    * sm/certreqgen.c (create_request): Fix for certmode.
    --
    
    When using an existing key from a card for certificate signing (in
    contrast to the default of generating a CSR), the code tried to use
    the same key for signing instead of the Signing-Key parameter.  It is
    perfectly okay to use the regular signing path via gpg-agent for
    certificate creation - only self-signed certificates with a key on the
    card require the direct use of the card key (via "SCD PKSIGN").
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit c1000c673814e552923cf1361346d7dfeee55608)

diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index 4431870..ee7ae01 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -1312,7 +1312,7 @@ create_request (ctrl_t ctrl,
           log_info ("about to sign the %s for key: &%s\n",
                     certmode? "certificate":"CSR", hexgrip);
 
-          if (carddirect)
+          if (carddirect && !certmode)
             rc = gpgsm_scd_pksign (ctrl, carddirect, NULL,
                                    gcry_md_read (md, mdalgo),
                                    gcry_md_get_algo_dlen (mdalgo),

commit 0a95b153811f36739d1b20f23920bad0bb07c68b
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Feb 22 14:09:02 2019 +0100

    agent: Fix for suggested Libgcrypt use.
    
    * agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
    --
    
    The libgcrypt docs say that a "flags" parameter should always be used
    in the input of pkdecrypt.  Thus we should allow that parameter also
    when parsing an s-expression to figure out the algorithm for use with
    scdaemon.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit a12c3a566e2e4b10bc02976a2819070877ee895c)

diff --git a/agent/divert-scd.c b/agent/divert-scd.c
index d933779..191ed7f 100644
--- a/agent/divert-scd.c
+++ b/agent/divert-scd.c
@@ -498,6 +498,7 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   char *kid;
   const unsigned char *s;
   size_t n;
+  int depth;
   const unsigned char *ciphertext;
   size_t ciphertextlen;
   char *plaintext;
@@ -506,7 +507,6 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   (void)desc_text;
 
   *r_padding = -1;
-
   s = cipher;
   if (*s != '(')
     return gpg_error (GPG_ERR_INV_SEXP);
@@ -522,6 +522,21 @@ divert_pkdecrypt (ctrl_t ctrl, const char *desc_text,
   n = snext (&s);
   if (!n)
     return gpg_error (GPG_ERR_INV_SEXP);
+
+  /* First check whether we have a flags parameter and skip it.  */
+  if (smatch (&s, n, "flags"))
+    {
+      depth = 1;
+      if (sskip (&s, &depth) || depth)
+        return gpg_error (GPG_ERR_INV_SEXP);
+      if (*s != '(')
+        return gpg_error (GPG_ERR_INV_SEXP);
+      s++;
+      n = snext (&s);
+      if (!n)
+        return gpg_error (GPG_ERR_INV_SEXP);
+    }
+
   if (smatch (&s, n, "rsa"))
     {
       if (*s != '(')

-----------------------------------------------------------------------

Summary of changes:
 agent/divert-scd.c | 17 ++++++++++++++++-
 scd/app.c          |  3 +++
 sm/certreqgen.c    |  2 +-
 3 files changed, 20 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list