Package: gnupg / 1.4.18-7

Metadata

Package Version Patches format
gnupg 1.4.18-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_760273.patch | (download)

doc/gnupg1.info | 2 1 + 1 - 0 !
doc/gpg.texi | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---
fix_import_filter_regression.patch | (download)

g10/global.h | 1 1 + 0 - 0 !
g10/import.c | 20 10 + 10 - 0 !
g10/keyserver.c | 76 46 + 30 - 0 !
g10/main.h | 4 2 + 2 - 0 !
4 files changed, 59 insertions(+), 42 deletions(-)

---
Add build and runtime support for larger RSA key.patch | (download)

config.h.in | 3 3 + 0 - 0 !
configure | 26 26 + 0 - 0 !
configure.ac | 16 16 + 0 - 0 !
doc/gpg.texi | 9 9 + 0 - 0 !
g10/gpg.c | 22 21 + 1 - 0 !
g10/keygen.c | 5 3 + 2 - 0 !
g10/options.h | 1 1 + 0 - 0 !
7 files changed, 79 insertions(+), 3 deletions(-)

 [patch] gpg: add build and runtime support for larger rsa keys

* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.

--

Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.

Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.

Debian-bug-id: 739424

Minor edits by wk.

GnuPG-bug-id: 1732

0003 Update POT file.patch | (download)

po/gnupg.pot | 58 29 + 29 - 0 !
1 file changed, 29 insertions(+), 29 deletions(-)

 update pot file

Some strings positions (lines in files) changed, thus the comment
changes, but there is no actual (functional) change. The purpose is
only to ensure the .gmo files get rebuild.

0004 Update PO files.patch | (download)

po/be.po | 58 29 + 29 - 0 !
po/ca.po | 58 29 + 29 - 0 !
po/cs.po | 58 29 + 29 - 0 !
po/da.po | 58 29 + 29 - 0 !
po/de.po | 58 29 + 29 - 0 !
po/el.po | 58 29 + 29 - 0 !
po/en@boldquot.po | 70 35 + 35 - 0 !
po/en@quot.po | 58 29 + 29 - 0 !
po/eo.po | 58 29 + 29 - 0 !
po/es.po | 58 29 + 29 - 0 !
po/et.po | 58 29 + 29 - 0 !
po/fi.po | 58 29 + 29 - 0 !
po/fr.po | 58 29 + 29 - 0 !
po/gl.po | 58 29 + 29 - 0 !
po/hu.po | 58 29 + 29 - 0 !
po/id.po | 58 29 + 29 - 0 !
po/it.po | 58 29 + 29 - 0 !
po/ja.po | 58 29 + 29 - 0 !
po/nb.po | 58 29 + 29 - 0 !
po/nl.po | 58 29 + 29 - 0 !
po/pl.po | 58 29 + 29 - 0 !
po/pt.po | 58 29 + 29 - 0 !
po/pt_BR.po | 58 29 + 29 - 0 !
po/ro.po | 58 29 + 29 - 0 !
po/ru.po | 58 29 + 29 - 0 !
po/sk.po | 58 29 + 29 - 0 !
po/sv.po | 58 29 + 29 - 0 !
po/tr.po | 58 29 + 29 - 0 !
po/uk.po | 58 29 + 29 - 0 !
po/zh_CN.po | 58 29 + 29 - 0 !
po/zh_TW.po | 58 29 + 29 - 0 !
31 files changed, 905 insertions(+), 905 deletions(-)

 update po files

Follow up of the POT change: only comment noise.

0005 Update French translation.patch | (download)

po/fr.po | 142 70 + 72 - 0 !
1 file changed, 70 insertions(+), 72 deletions(-)

 update french translation

0006 Update Danish translation.patch | (download)

po/da.po | 28 17 + 11 - 0 !
1 file changed, 17 insertions(+), 11 deletions(-)

 update danish translation

0007 Update Ukrainian translation.patch | (download)

po/uk.po | 24 14 + 10 - 0 !
1 file changed, 14 insertions(+), 10 deletions(-)

 update ukrainian translation

0008 Update Russian translation.patch | (download)

po/ru.po | 1684 837 + 847 - 0 !
1 file changed, 837 insertions(+), 847 deletions(-)

 update russian translation

0009 Update Chinese traditional translation.patch | (download)

po/zh_TW.po | 48 17 + 31 - 0 !
1 file changed, 17 insertions(+), 31 deletions(-)

 update chinese (traditional) translation

0010 Update Italian translation.patch | (download)

po/it.po | 4212 1637 + 2575 - 0 !
1 file changed, 1637 insertions(+), 2575 deletions(-)

 update italian translation

0011 Update Polish translation.patch | (download)

po/pl.po | 2298 1137 + 1161 - 0 !
1 file changed, 1137 insertions(+), 1161 deletions(-)

 update polish translation

0012 Update Spanish translation.patch | (download)

po/es.po | 2474 1248 + 1226 - 0 !
1 file changed, 1248 insertions(+), 1226 deletions(-)

 update spanish translation

0013 Update Dutch translation.patch | (download)

po/nl.po | 2876 1488 + 1388 - 0 !
1 file changed, 1488 insertions(+), 1388 deletions(-)

 update dutch translation

0014 Update Czech translation.patch | (download)

po/cs.po | 2951 1463 + 1488 - 0 !
1 file changed, 1463 insertions(+), 1488 deletions(-)

 update czech translation

0007 mpi Improve mpi_invm to detect bad input.patch | (download)

mpi/mpi-inv.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch 07/20] mpi: improve mpi_invm to detect bad input.

* mpi/mpi-inv.c (mpi_invm): Return 0 for bad input.
--

Without this patch the function may enter an endless loop.  This is a
backport from libgcrypt.

GnuPG-bug-id: 1713

0016 gpg Fix a NULL deref for invalid input data.patch | (download)

g10/mainproc.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 [patch 16/20] gpg: fix a null-deref for invalid input data.

* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 32e85668b82f6fbcb824eea9548970804fb41d9e)

0017 gpg Fix off by one read in the attribute subpacket p.patch | (download)

g10/parse-packet.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 [patch 17/20] gpg: fix off-by-one read in the attribute subpacket
 parser.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 0988764397f99db4efef1eabcdb8072d6159af76)

0018 gpg Fix use of uninit.value in listing sig subpkts.patch | (download)

g10/parse-packet.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 [patch 18/20] gpg: fix use of uninit.value in listing sig subpkts.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--

We may not use "%s" to print an arbitrary buffer.  At least "%.*s"
should have been used.  However, it is in general preferable to escape
control characters while printf user data.

Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8)

0015 gpg Make the use of verify FILE for detached sigs ha.patch | (download)

doc/gpg.texi | 27 17 + 10 - 0 !
g10/main.h | 1 1 + 0 - 0 !
g10/mainproc.c | 38 38 + 0 - 0 !
g10/openfile.c | 89 59 + 30 - 0 !
g10/plaintext.c | 21 14 + 7 - 0 !
5 files changed, 129 insertions(+), 47 deletions(-)

 [patch 15/20] gpg: make the use of "--verify file" for detached sigs
 harder.

* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>

(backported from commit 69384568f66a48eff3968bb1714aa13925580e9f)

Updated doc/gpg.texi.

sync docs with upstream.patch | (download)

doc/Makefile.am | 16 3 + 13 - 0 !
doc/gpg.texi | 384 80 + 304 - 0 !
doc/yat2m.c | 102 99 + 3 - 0 !
3 files changed, 182 insertions(+), 320 deletions(-)

---
0019 gpg release DEK soon after its use.patch | (download)

g10/keygen.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 19/45] gpg: release dek soon after its use.

* g10/keygen.c (generate_subkeypair): Release DEK soon.

--

This fixes the out_of_core error in the test case of adding
RSA-4096 subkey to RSA-4096 primary key with configuration:

    s2k-cipher-algo S10

Debian-bug-id: 772780

0020 scd fix get_public_key for OpenPGPcard v1.0.patch | (download)

g10/app-openpgp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 20/45] scd: fix get_public_key for openpgpcard v1.0.

* scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.

--

Inside the get_public_key function, 'fp' was opened using popen, but
incorrectly closed using fclose.

Debian-Bug-Id: 773474

0021 scd Fix possibly inhibited checkpin of the admin pin.patch | (download)

g10/app-openpgp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 21/45] scd: fix possibly inhibited checkpin of the admin pin.

* scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>

0022 gpg Fix possible read of unallocated memory.patch | (download)

g10/parse-packet.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 [patch 22/45] gpg: fix possible read of unallocated memory

* g10/parse-packet.c (can_handle_critical): Check content length
before calling can_handle_critical_notation.
--

The problem was found by Jan Bee and gniibe proposed the used fix.
Thanks.

This bug can't be exploited: Only if the announced length of the
notation is 21 or 32 a memcmp against fixed strings using that length
would be done.  The compared data is followed by the actual signature
and thus it is highly likely that not even read of unallocated memory
will happen.  Nevertheless such a bug needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>

0023 doc Fix memory leak in yat2m.patch | (download)

doc/yat2m.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch 23/45] doc: fix memory leak in yat2m.

* doc/yat2m.c (write_th): Free NAME.
--

Reported-by: Joshua Rogers <git@internot.info>

0024 avoid future chance of using uninitialized memory.patch | (download)

util/iobuf.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 24/45] avoid future chance of using uninitialized memory

* util/iobuf.c: (iobuf_open): initialize len

--

Cherry-pick 367b073ab5f439ccf0750461d10c69f36998bd62.

In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.

With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.

However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.

Debian-Bug-Id: 773469

0029 Use ciphertext blinding for Elgamal decryption.patch | (download)

cipher/elgamal.c | 63 49 + 14 - 0 !
1 file changed, 49 insertions(+), 14 deletions(-)

 [patch 29/45] use ciphertext blinding for elgamal decryption.

* cipher/elgamal.c (USE_BLINDING): New.
(decrypt): Rewrite to use ciphertext blinding.
--

CVE-id: CVE-2014-3591

As a countermeasure to a new side-channel attacks on sliding windows
exponentiation we blind the ciphertext for Elgamal decryption.  This
is similar to what we are doing with RSA.

Unfortunately, the performance impact of Elgamal blinding is quite
noticeable: For a 3072 bit Elgamal key the decryption used to take
13ms; with the blinding it takes 24ms.  This has been measured using
time(1), calling gpg with a 100 byte message, and having gpg modified
to run the pubkey_decrypt function 100 times and finally scale the
result (using an i5-2410M CPU @ 2.30GHz TP 220).

0032 gpg Limit the size of key packets to a sensible valu.patch | (download)

g10/parse-packet.c | 30 28 + 2 - 0 !
1 file changed, 28 insertions(+), 2 deletions(-)

 [patch 32/45] gpg: limit the size of key packets to a sensible value.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
(MAX_UID_PACKET_LENGTH): New.
(MAX_COMMENT_PACKET_LENGTH): New.
(MAX_ATTR_PACKET_LENGTH): New.
(parse_key): Limit the size of a key packet to 256k.
(parse_user_id): Use macro for the packet size limit.
(parse_attribute): Ditto.
(parse_comment): Ditto.
--

Without that it is possible to force gpg to allocate large amounts of
memory by using a bad encoded MPI.  This would be an too easy DoS.
Another way to mitigate would be to change the MPI read function to
allocate memory dynamically while reading the MPI.  However, that
complicates and possibly slows down the code.  A too large key packet
is in any case a sign for broken data and thus gpg should not use it.

Reported-by: Hanno Böck
GnuPG-bug-id: 1823
Signed-off-by: Werner Koch <wk@gnupg.org>

(back ported from commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0033 gpg Fix a NULL deref due to empty ring trust packets.patch | (download)

g10/parse-packet.c | 10 7 + 3 - 0 !
1 file changed, 7 insertions(+), 3 deletions(-)

 [patch 33/45] gpg: fix a null-deref due to empty ring trust packets.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/parse-packet.c (parse_trust): Always allocate a packet.
--

Reported-by: Hanno Böck <hanno@hboeck.de>
Signed-off-by: Werner Koch <wk@gnupg.org>

(back ported from commit 39978487863066e59bb657f5fe4e8baab510da7e)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0034 gpg Fix a NULL deref in export due to invalid packet.patch | (download)

g10/build-packet.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 34/45] gpg: fix a null-deref in export due to invalid packet
 lengths.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/build-packet.c (write_fake_data): Take care of a NULL stored as
opaque MPI.
--

Reported-by: Hanno Böck <hanno@hboeck.de>

(back ported from commit 0835d2f44ef62eab51fce6a927908f544e01cf8f)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0035 gpg Prevent an invalid memory read using a garbled k.patch | (download)

g10/keyring.c | 24 21 + 3 - 0 !
1 file changed, 21 insertions(+), 3 deletions(-)

 [patch 35/45] gpg: prevent an invalid memory read using a garbled
 keyring.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
types.
--

The keyring DB code did not reject packets which don't belong into a
keyring.  If for example the keyblock contains a literal data packet
it is expected that the processing code stops at the data packet and
reads from the input stream which is referenced from the data packets.
Obviously the keyring processing code does not and cannot do that.
However, when exporting this messes up the IOBUF and leads to an
invalid read of sizeof (int).

We now skip all packets which are not allowed in a keyring.

Reported-by: Hanno Böck <hanno@hboeck.de>

(back ported from commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648)

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0036 doc Change remaining http links to gnupg.org to http.patch | (download)

doc/gpg.texi | 2 1 + 1 - 0 !
g10/misc.c | 4 2 + 2 - 0 !
g10/sig-check.c | 2 1 + 1 - 0 !
3 files changed, 4 insertions(+), 4 deletions(-)

 [patch 36/45] doc: change remaining http links to gnupg.org to https

--
GnuPG-bug-id: 1830

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0037 Use inline functions to convert buffer data to scala.patch | (download)

g10/apdu.c | 27 12 + 15 - 0 !
g10/app-openpgp.c | 3 2 + 1 - 0 !
g10/build-packet.c | 6 3 + 3 - 0 !
g10/ccid-driver.c | 3 2 + 1 - 0 !
g10/getkey.c | 17 9 + 8 - 0 !
g10/keygen.c | 14 6 + 8 - 0 !
g10/keyid.c | 28 11 + 17 - 0 !
g10/misc.c | 11 0 + 11 - 0 !
g10/parse-packet.c | 41 21 + 20 - 0 !
g10/tdbio.c | 22 11 + 11 - 0 !
g10/trustdb.c | 2 1 + 1 - 0 !
include/host2net.h | 80 70 + 10 - 0 !
12 files changed, 148 insertions(+), 106 deletions(-)

 [patch 37/45] use inline functions to convert buffer data to scalars.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* include/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--

This fixes sign extension on shift problems.  Hanno Böck found a case
with an invalid read due to this problem.  To fix that almost all uses
of "<< 24" and "<< 8" are changed by this patch to use an inline
function from host2net.h.

(back ported from commit 2183683bd633818dd031b090b5530951de76f392)

Signed-off-by: Werner Koch <wk@gnupg.org>

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0039 curl shim clean up varargs.patch | (download)

keyserver/curl-shim.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch 39/45] curl-shim: clean up varargs

* keyserver/curl-shim.c (curl_easy_setopt) : ensure that va_end is
  called.

--

stdarg(3) says:
      Each invocation of va_start() must be matched by a
      corresponding invocation of va_end() in the same function.

Observed by Joshua Rogers <honey@internot.info>

Debian-Bug-Id: #773475

[dkg: rebased to STABLE-BRANCH-1-4]
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

0041 gpg Fix segv due to NULL value stored as opaque MPI.patch | (download)

g10/build-packet.c | 6 4 + 2 - 0 !
g10/keyid.c | 8 6 + 2 - 0 !
2 files changed, 10 insertions(+), 4 deletions(-)

 [patch 41/45] gpg: fix segv due to null value stored as opaque mpi

* g10/build-packet.c (do_secret_key): Check for NULL return from
gcry_mpi_get_opaque.
* g10/keyid.c (hash_public_key): Ditto.
--

This is a backport of 76c8122adfed0f0f443cce7bda702ba2b39661b3 from
master to the STABLE-BRANCH-1-4

On the STABLE-BRANCH-1-4, we may also want to patch g10/seckey-cert.c,
but that has not been done in this patch.

This fix extends commmit 0835d2f44ef62eab51fce6a927908f544e01cf8f.

  gpg2 --export --no-default-keyring --keyring TESTDATA

With TESTDATA being below after unpacking.


0042 Protect against NULL return of mpi_get_opaque.patch | (download)

g10/seckey-cert.c | 17 12 + 5 - 0 !
1 file changed, 12 insertions(+), 5 deletions(-)

 [patch 42/45] protect against null return of mpi_get_opaque.

* g10/seckey-cert.c (do_check): Call BUG for NULL return of
get_opaque.
--

This is the suggested addition from commit 6f03218.  We better run
into an fatal error than into a segv.

Signed-off-by: Werner Koch <wk@gnupg.org>

0043 doc Add warning note about not acting as an oracle t.patch | (download)

doc/gpg.texi | 23 17 + 6 - 0 !
1 file changed, 17 insertions(+), 6 deletions(-)

 [patch 43/45] doc: add warning note about not acting as an oracle to
 --batch.

--

0044 mpi Avoid data dependent timing variations in mpi_po.patch | (download)

include/mpi.h | 1 1 + 0 - 0 !
mpi/mpi-pow.c | 93 53 + 40 - 0 !
mpi/mpiutil.c | 28 28 + 0 - 0 !
3 files changed, 82 insertions(+), 40 deletions(-)

 [patch 44/45] mpi: avoid data-dependent timing variations in
 mpi_powm.

* include/mpi.h, mpi/mpiutils.c (mpi_set_cond): New.
* mpi/mpi-pow.c (SIZE_PRECOMP): Rename from SIZE_B_2I3.
(mpi_powm): Access all data in the table and use mpi_set_cond.

--

Access to the precomputed table was indexed by a portion of EXPO,
which could be mounted by a side channel attack.  This change fixes
this particular data-dependent access pattern.