This project is mirrored from The repository failed to update .
Repository mirroring has been paused due to too many failed attempts, and can be resumed by a project maintainer.
Last successful update .
  1. 22 Feb, 2018 4 commits
  2. 21 Feb, 2018 2 commits
  3. 20 Feb, 2018 4 commits
  4. 19 Feb, 2018 1 commit
    • Werner Koch's avatar
      speedo: Add new option STATIC=1 · 7b928c25
      Werner Koch authored
      This can be used to build GnuPG with static versions of the core
      gnupg libraries.  For example:
       make -f build-aux/ STATIC=1 SELFCHECK=0 \
           INSTALL_PREFIX=/somewhere/gnupg22  native
      The SELFCHECK=0 is only needed to build from a non-released version.
      You don't need it with a released tarball.
      Signed-off-by: Werner Koch's avatarWerner Koch <>
  5. 15 Feb, 2018 2 commits
    • Werner Koch's avatar
      kbx: Fix detection of corrupted keyblocks on 32 bit systems. · 5e3679ae
      Werner Koch authored
      * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
      (blob_cmp_fpr_part): Ditto.
      (blob_cmp_name): Ditto.
      (blob_cmp_mail): Ditto.
      (blob_x509_has_grip): Ditto.
      (keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
      (keybox_get_cert): Ditto.
      On most 32 bit systems size_t is 32 bit and thus the check
        size_t cert_off = get32 (buffer+8);
        size_t cert_len = get32 (buffer+12);
        if (cert_off+cert_len > length)
          return gpg_error (GPG_ERR_TOO_SHORT);
      does not work as intended for all supplied values.  The simplest
      solution here is to cast them to 64 bit.
      In general it will be better to avoid size_t at all and work with
      uint64_t.  We did not do this in the past because uint64_t was not
      universally available.
      GnuPG-bug-id: 3770
      Signed-off-by: Werner Koch's avatarWerner Koch <>
    • NIIBE Yutaka's avatar
      gpg: Fix reversed messages for --only-sign-text-ids. · ca138d5b
      NIIBE Yutaka authored
      * g10/keyedit.c (keyedit_menu): Fix messages.
      GnuPG-bug-id: 3787
      Fixes-commit: a74aeb5dSigned-off-by: 's avatarNIIBE Yutaka <>
  6. 14 Feb, 2018 4 commits
    • Katsuhiro Ueno's avatar
      agent: Avoid appending a '\0' byte to the response of READKEY · df97fe24
      Katsuhiro Ueno authored
      * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
      without an extra '\0' byte.
    • Werner Koch's avatar
      sm: Fix minor memory leak in --export-p12. · 80719612
      Werner Koch authored
      * sm/export.c (gpgsm_p12_export): Free KEYGRIP.
      Signed-off-by: Werner Koch's avatarWerner Koch <>
    • Katsuhiro Ueno's avatar
      sm: Fix a wrong key parameter in an exported private key file · 29aac779
      Katsuhiro Ueno authored
      * sm/export.c (sexp_to_kparms): Fix the computation of array[6],
      which must be 'd mod (q-1)' but was 'p mod (q-1)'.
      This bug is not serious but makes some consistency checks fail.
      For example, 'openssl rsa -check' reports the following error:
      $ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
      $ openssl rsa -check -noout -inform DER -in my.key
      RSA key error: dmq1 not congruent to d
      Let me(wk) add this:
      This bug was introduced with
      Fixes-commit: 91056b19
      right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
      used gpg-protect-tool which got it right.  We probably never noticed
      this because gpgsm, and maybe other tools too, fix things up during
      Signed-off-by: Werner Koch's avatarWerner Koch <>
    • Werner Koch's avatar
      common: Use new function to print status strings. · f19ff78f
      Werner Koch authored
      * common/asshelp2.c (vprint_assuan_status_strings): New.
      (print_assuan_status_strings): New.
      * agent/command.c (agent_write_status): Replace by call to new
      * dirmngr/server.c (dirmngr_status): Ditto.
      * g13/server.c (g13_status): Ditto.
      * g13/sh-cmd.c (g13_status): Ditto.
      * sm/server.c (gpgsm_status2): Ditto.
      * scd/command.c (send_status_info): Bump up N.
      This fixes a potential overflow if LFs are passed to the status
      string functions.  This is actually not the case and would be wrong
      because neither the truncating in libassuan or our escaping is not the
      Right Thing.  In any case the functions need to be more robust and
      comply to the promised interface.  Thus the code has been factored out
      to a helper function and N has been bumped up correctly and checked in
      all cases.
      For some uses this changes the behaviour in the error case (i.e. CR or
      LF passed): It will now always be C-escaped and not passed to
      libassuan which would truncate the line at the first LF.
      Reported-by: private_pers
  7. 13 Feb, 2018 1 commit
  8. 12 Feb, 2018 1 commit
    • NIIBE Yutaka's avatar
      scd: Fix handling for Data Object with no data. · 0a3bec2c
      NIIBE Yutaka authored
      * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
      with no data.
      When GET_DATA returns no data with success (90 00), this routine
      firstly returned buffer with length zero, and secondly (with cache)
      returned NULL, which is inconsistent.  Now, it returns NULL for both
      Signed-off-by: 's avatarNIIBE Yutaka <>
  9. 09 Feb, 2018 1 commit
  10. 07 Feb, 2018 1 commit
    • NIIBE Yutaka's avatar
      scd: Use pipe to kick the loop on NetBSD. · 015fe1c4
      NIIBE Yutaka authored
      * scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
      (handle_connections): Use pipe.
      On NetBSD, signal to the same process cannot unblock pselect,
      with unknown reason.  Use pipe instead, for such systems.
      GnuPG-bug-id: 3778
      Signed-off-by: 's avatarNIIBE Yutaka <>
  11. 01 Feb, 2018 1 commit
  12. 29 Jan, 2018 1 commit
  13. 27 Jan, 2018 1 commit
  14. 26 Jan, 2018 2 commits
  15. 25 Jan, 2018 1 commit
  16. 22 Jan, 2018 1 commit
  17. 18 Jan, 2018 1 commit
    • Werner Koch's avatar
      gpg: Fix the use of future-default with --quick-add-key. · e1e35db5
      Werner Koch authored
      * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
      (parse_key_parameter_string): Add arg suggested_use and implement
      fallback.  Change callers to pass 0 for new arg.
      (parse_algo_usage_expire): Pass the parsed USAGESTR to
      parse_key_parameter_string so that it can use it in case a subkey is
      to be created.
      The problem here was that future-default gives the primary and subkey
      algorithm.  However, when using future-default for adding a key, the
      second part was always used which is for encryption.  If the caller
      now wanted to create a signing subkey using the future-default
      parameters this did not worked.
        gpg --batch --passphrase "" --quick-add-key FPR future-default encr
      aready worked as did
        gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign
        gpg --batch --passphrase "" --quick-add-key FPR future-default sign
      does only work with this fix.
      GnuPG-bug-id: 3747
      Signed-off-by: Werner Koch's avatarWerner Koch <>
  18. 09 Jan, 2018 1 commit
  19. 08 Jan, 2018 1 commit
    • Werner Koch's avatar
      gpg: Print all keys with --decrypt --list-only. · 339b3301
      Werner Koch authored
      * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
      list-only and put the key into PKENC_LIST.
      (print_pkenc_list): Take care of the new error code.
      If the secret keys exist in --list-only mode it was not printed in
      --list-only mode.
      GnuPG-bug-id: 3718
      Signed-off-by: Werner Koch's avatarWerner Koch <>
  20. 01 Jan, 2018 1 commit
    • Werner Koch's avatar
      gpg: Allow "futuredefault" as alias for "future-default". · 4d3c500f
      Werner Koch authored
      * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
      use case-insensitive matching
      (quick_generate_keypair): Ditto.
      (parse_algo_usage_expire): Ditto.
      The man page is sometimes rendered in a way that the hyphen may be
      not be considered as part of the string.  And while at it we also
      allow case-insensitivity.
      GnuPG-bug-id: 3655
      Signed-off-by: Werner Koch's avatarWerner Koch <>
  21. 29 Dec, 2017 1 commit
  22. 27 Dec, 2017 1 commit
  23. 22 Dec, 2017 2 commits
    • Kristian Fiskerstrand's avatar
      build: Increase libassuan min version to 2.5.0 · a6849888
      Kristian Fiskerstrand authored
      assuan_sock_set_system_hooks is used unconditionally in gnupg since
      commit 9f641430, and as such it requires
      libassuan 2.5.0 (function introduced in
      commit 90dc81682b13a7cf716a8a26b891051cbd4b0caf)
      For a detailed description see:
    • Werner Koch's avatar
      kbx: Simplify by removing custom memory functions. · f3ba6678
      Werner Koch authored
      * kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
      (_keybox_malloc, _keybox_calloc, keybox_realloc)
      (_keybox_free): Remove.
      (keybox_file_rename): Remove.  Was not used.
      * sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
      * kbx/kbxutil.c (main): Ditto.
      * kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
      remove convenience macros.
      * common/logging.h (return_if_fail): New.  Originally from
      keybox-defs.h but now using log_debug.
      (return_null_if_fail): Ditto.
      (return_val_if_fail): Ditto.
      (never_reached): Ditto.
      Originally the KBX code was written to allow standalone use.  However
      this required lot of ugliness like separate memory allocators and
      such.  It also precludes the use of some standard functions from
      common due to their use of the common gnupg malloc functions.
      Dropping all that makes things easier.  Minor disadvantages: the kbx
      call done for gpg will now use gcry malloc fucntions and not the
      standard malloc functions.  This might be a bit slower but removing
      them even fixes a possible bug in keybox_tmp_names which is used in
      gpg and uses gpg's xfree which is actually gcry_free.
      Signed-off-by: Werner Koch's avatarWerner Koch <>
  24. 20 Dec, 2017 4 commits