summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.1.22gnupg-2.1.22Werner Koch2017-07-281-3/+42
|
* po: Auto-updateWerner Koch2017-07-2826-2411/+3221
| | | | --
* po: Update German translationWerner Koch2017-07-281-125/+138
|
* agent: Make --ssh-fingerprint-digest re-readable.Werner Koch2017-07-282-6/+19
| | | | | | | | | | | * agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ... (parse_rereadable_options): here. (opts): Change its description. (main) <aGPGConfList>: Include this option. * tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert level. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: String changes for compliance diagnostics.Werner Koch2017-07-2812-52/+48
| | | | Signed-off-by: Werner Koch <wk@gnupg.org>
* agent: For OCB key files return Bad Passprase instead of Checksum Error.Werner Koch2017-07-282-3/+12
| | | | | | | | | | | | * agent/protect.c (do_decryption): Map error checksum to bad passpharse protection * agent/call-pinentry.c (unlock_pinentry): Don't munge the error source for corrupted protection. -- GnuPG-bug-id: 3266 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Minor rework for better readibility of get_best_pubkey_byname.Werner Koch2017-07-282-17/+17
| | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Change return type to gpg_error_t. Use var name err instead of rc. Move a gpg_error_from_syserror closer to the call. -- Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Fix segv in get_best_pubkey_byname.Werner Koch2017-07-281-1/+1
| | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Init NEW. -- We call free_user_id on NEW.uid and thus it needs to be initialized. This fixes the ref-count or invisible segv bug from GnuPG-bug-id: 3266 Signed-off-by: Werner Koch <wk@gnupg.org>
* agent: Minor cleanup (mostly for documentation).Werner Koch2017-07-285-161/+173
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'. * agent/findkey.c (read_key_file): Ditto. Change return type to gpg_error_t. On es_fessk failure return a correct error code. (agent_key_from_file): Change var name 'rc' to 'err'. * agent/pksign.c (agent_pksign_do): Ditto. Change return type to gpg_error_t. Return a valid erro code on malloc failure. (agent_pksign): Ditto. Change return type to gpg_error_t. replace xmalloc by xtrymalloc. * agent/protect.c (calculate_mic): Change return type to gpg_error_t. (do_decryption): Ditto. Do not init RC. (merge_lists): Change return type to gpg_error_t. (agent_unprotect): Ditto. (agent_get_shadow_info): Ditto. -- While code starring for bug 3266 I found two glitches and also changed var name for easier reading. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Tweak compliance checking for verificationWerner Koch2017-07-273-48/+54
| | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow verification. * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. * g10/sig-check.c (check_signature2): Use log_error instead of log_info. -- We should be able to verify all signatures. So we only print a warning. That is the same beheavour as for untrusted keys etc. GnuPG-bug-id: 3311 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: Allow encryption (with warning) to any key in de-vs mode.Werner Koch2017-07-272-18/+15
| | | | | | | | | * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- GnuPG-bug-id: 3306 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,sm: Fix compliance checking for decryption.Werner Koch2017-07-273-48/+62
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal signing check. We don't support Elgamal signing at all. (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. Check the curvenames for ECDH. * g10/pubkey-enc.c (get_session_key): Print only a warning if the key is not compliant. * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg so that we have only one translation. -- We always allow decryption and print only a note if the key was not complaint at the encryption site. GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <wk@gnupg.org>
* indent: Wrap an overlong line.Werner Koch2017-07-271-1/+3
| | | | | | -- Folks, please set your editors to 80 columns to notice such flaws.
* gpg: Avoid output to the tty during import.Werner Koch2017-07-277-74/+96
| | | | | | | | | | | | | | | | * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all output calls to use it. * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all output calls to use it. (keyedit_menu): Adjust for changes. * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp. * g10/import.c (import_one): Call key_check_all_keysigs with output to the log stream. -- Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035 GnuPG-bug-id: 3288 Signed-off-by: Werner Koch <wk@gnupg.org>
* g10: Make sure exactly one fingerprint is output with --quick-gen-key.Marcus Brinkmann2017-07-261-1/+2
| | | | | | | | | * g10/keygen.c (do_generate_keypair): Only set fpr in list_keyblock_direct invocation if neither --fingerprint nor --with-fingerprints are given. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2741
* doc: Add man pages form gpg-wks-server and gpg-wks-client.Werner Koch2017-07-263-4/+346
| | | | | | | | | * doc/wks.texi: New. * doc/gnupg.texi: Include wks.texi. * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi. (myman_pages): Add new man pages. Signed-off-by: Werner Koch <wk@gnupg.org>
* wks: Fix program names in the usage diagnostics.Werner Koch2017-07-262-4/+4
| | | | | | | * tools/gpg-wks-client.c (my_strusage): Add case 12. * tools/gpg-wks-server.c (my_strusage): Add case 12: Signed-off-by: Werner Koch <wk@gnupg.org>
* wks: Add stubs for new gpg-wks-server commands.Werner Koch2017-07-261-0/+60
| | | | | | -- Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Update vsnfd profile exampleAndre Heinecke2017-07-261-1/+1
| | | | | | | * doc/examples/vsnfd.prf: Use rsa3072 -- This brings it in line with the requested default for vsnfd.
* dirmngr: Do not use a blocking connect in Tor mode.Werner Koch2017-07-262-0/+25
| | | | | | | * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Auto-enable Tor on startup or reload.Werner Koch2017-07-263-6/+22
| | | | | | | | * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility. -- GnuPG-bug-id: 2935 Signed-off-by: Werner Koch <wk@gnupg.org>
* agent,dirmngr: Check for homedir removal also using stat(2).Werner Koch2017-07-262-7/+48
| | | | | | | | | | | | | | | | | * agent/gpg-agent.c (have_homedir_inotify): New var. (reliable_homedir_inotify): New var. (main): Set reliable_homedir_inotify. (handle_tick): Call stat on the homedir. (handle_connections): Mark availibility of the inotify watch. * dirmngr/dirmngr.c (handle_tick): Call stat on the homedir. (TIMERTICK_INTERVAL_SHUTDOWN): New. (handle_connections): Depend tick interval on the shutdown state. -- The stat call is used on systems which do not support inotify and also when we assume that the inotify does not work reliable. Signed-off-by: Werner Koch <wk@gnupg.org>
* agent: Lengthen timertick interval on Unix to 4 seconds.Werner Koch2017-07-261-9/+7
| | | | | | | * agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and Unix. Signed-off-by: Werner Koch <wk@gnupg.org>
* common: Strip trailing slashes from the homedir.Werner Koch2017-07-252-7/+59
| | | | | | | | | | | | | | | | | | * common/homedir.c (default_homedir): Strip trailing slashes. (gnupg_set_homedir): Ditto. -- is_gnupg_default_homedir() does not ignore trailing slashes when comparing directory names. This can lead to multiple agents started on the same directory if the homedir was specified with --homedir or GNUPGHOME without or with a number of slashes. We now make sure that the home directory name never ends in a slash (except for the roo of course). GnuPG-bug-id: 3295 Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Also change the directory on daemon startup.Werner Koch2017-07-253-11/+14
| | | | | | | | | | | | | | | * agent/gpg-agent.c (main): Always to the chdir. * dirmngr/dirmngr.c (main): Ditto. * scd/scdaemon.c (main): Ditto. -- Note that only dirmngr did not call the chdir with --no-detach. thus we kept it this way. Tested gpg-agent by checking the properties shown by procexp. Gnupg-bug-id: 2670 Signed-off-by: Werner Koch <wk@gnupg.org>
* common: New functions gnupg_daemon_rootdir and gnupg_chdir.Werner Koch2017-07-257-7/+50
| | | | | | | | | | | * common/sysutils.c (gnupg_chdir): New. * common/homedir.c (gnupg_daemon_rootdir): New. * agent/gpg-agent.c (main): Use these functions instead chdir("/"). * dirmngr/dirmngr.c (main): Ditto. * scd/scdaemon.c (main): Ditto. -- Signed-off-by: Werner Koch <wk@gnupg.org>
* Revert "w32: Change directory on daemon startup."Werner Koch2017-07-253-26/+6
| | | | | | -- This reverts commit 78ebc62604d77600b9865950610717d28c6027a2. Gnupg-bug-id: 2670
* gpg: Update key origin info during import merge.Werner Koch2017-07-251-4/+97
| | | | | | | | | | | | * g10/import.c (update_key_origin): New. (merge_blocks): Add arg curtime. (import_one): Pass curtime to merge_blocks. Call update_key_origin. -- We probably need to refine the rules on how this is done. But it is a start. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Store key origin for new userids during import merge.Werner Koch2017-07-251-107/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/import.c (apply_meta_data): Rename to ... (insert_key_origin): this. Factor code out to ... (insert_key_origin_pk, insert_key_origin_uid): new funcs. (import_one): Move insert_key_origin behind clean_key. (merge_blocks): Add args options, origin, and url. (append_uid): Rename to ... (append_new_uid): this. Add args options, curtime, origin, and url. Call insert_key_origin_uid for new UIDs. -- This is a straightforward change to handle new user ids. How to test: With an empty keyring run gpg --with-key-origin --locate-key \ --auto-key-locate clear,nodefault,wkd wk@gnupg.org and then append a new keyid using gpg --with-key-origin --locate-key \ --auto-key-locate clear,nodefault,wkd wk@g10code.com Works with my current key 80615870F5BAD690333686D0F2AD85AC1E42B367. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Add annotation for fallthrough.NIIBE Yutaka2017-07-251-41/+41
| | | | | | * dirmngr/dns.c: Add /* FALL THROUGH */ to clarify. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Use @var for meta variables in gpg.texiWerner Koch2017-07-241-177/+179
| | | | | | | | -- This results in more standrard man pages. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Extend --key-origin to take an optional URL arg.Werner Koch2017-07-246-5/+49
| | | | | | | | | | | | | | | | * g10/getkey.c (parse_key_origin): Parse appended URL. * g10/options.h (struct opt): Add field 'key_origin_url'. * g10/gpg.c (main) <aImport>: Pass that option to import_keys. * g10/import.c (apply_meta_data): Extend for file and url. * g10/keyserver.c (keyserver_fetch): Pass the url to import_keys_es_stream. -- Example: gpg --key-origin url,myscheme://bla --import FILE Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Store key origin info for new keys from a keyserverWerner Koch2017-07-242-29/+66
| | | | | | | | * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was done by fingerprint. * g10/import.c (apply_meta_data): Implement that. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Store key origin info for new DANE and WKD retrieved keys.Werner Koch2017-07-247-38/+101
| | | | | | | | | | | | | | | | | | | | * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'. Implement WKD and DANE key origin. (import_keys_internal): Add arg 'url' and change all callers. (import_keys_es_stream): Ditto. (import): Ditto. (import_one): Ditto. * g10/keylist.c (list_keyblock_print): Fix update URL printing. * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return the SOURCE. Pass ks_status_cb to assuan_transact. * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to the import function. -- Note that this only for new keys. Merging this info will be added soon. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Filter keys received via DANEWerner Koch2017-07-241-5/+27
| | | | | | | | | | | | * g10/keyserver.c (keyserver_import_cert): Use an import filter in DANE mode. -- We only want to see the user ids requested via DANE and not any additional ids. This filter enables this in the same way we do this in WKD. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Print a SOURCE status for WKD requests.Werner Koch2017-07-241-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_wkd_get): Print a SOURCE status. -- This status allows to see whether the the WKD requests has been resolved from the standard address or from a SRV record derived one. We return only host and port and not the .well-known suffix because that is obvious. HTTP redirects are not taken in account because they may chnage at any time due to load balancing etc and not relevant for gpg which may use the URL to detect changes in the WKD results. For example my current setup returns S SOURCE https://wkd.gnupg.org for wk@gnupg.org. Without a SRV record S SOURCE https://gnupg.org would have been returned. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: New function dirmngr_status_printf.Werner Koch2017-07-242-0/+21
| | | | | | * dirmngr/server.c (dirmngr_status_printf): New. Signed-off-by: Werner Koch <wk@gnupg.org>
* g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.Marcus Brinkmann2017-07-243-3/+9
| | | | | | | | | * call-agent.h (agent_import_key): Add keyid parameters. * call-agent.c (agent_import_key): Set keyid parameters. * import.c (transfer_secret_keys): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
* w32: Change directory on daemon startup.Marcus Brinkmann2017-07-243-6/+26
| | | | | | | | | | | | * agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>. (main) [HAVE_W32_SYSTEM]: Change working directory to \. * dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>. (main) [HAVE_W32_SYSTEM]: Change working directory to \. * scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>. (main) [HAVE_W32_SYSTEM]: Change working directory to \. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2670
* g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.Marcus Brinkmann2017-07-243-3/+9
| | | | | | | | | * call-agent.h (agent_export_key): Add keyid parameters. * call-agent.c (agent_export_key): Set keyid parameters. * export.c (receive_seckey_from_agent): Pass keyid parameters. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2667
* doc: Revert the bug reporting address to bugs.gnupg.orgWerner Koch2017-07-246-6/+6
| | | | | | | | | | | | | | -- dev.gnupg org is the development platform but the canonical bug address is and has always been bugs.gnupg.org. We should keep on using this address for the case that we switch the tracker again or split it off the development system. That is also the reason why we should keep on communicating a plain bug number without the 'T' prefix. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd: Use unsigned int for fields.NIIBE Yutaka2017-07-241-5/+5
| | | | | | * scd/app-openpgp.c (data_objects): Use unsigned ints. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: More minor fix.NIIBE Yutaka2017-07-241-0/+4
| | | | | | * dirmngr/http.c (send_request): Care the case of !USE_TLS. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: More minor fixes.NIIBE Yutaka2017-07-242-1/+2
| | | | | | | * dirmngr/http.c (http_verify_server_credentials): Duplicated const. * dirmngr/ldap.c (parse_one_pattern): Add comment. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Minor fix for Windows.NIIBE Yutaka2017-07-241-1/+1
| | | | | | * dirmngr/http.c (connect_with_timeout): Use FD2INT. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Minor fix for Windows.NIIBE Yutaka2017-07-241-1/+1
| | | | | | | * agent/command-ssh.c (serve_mmapped_ssh_request): Add const qualifier. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10: Avoid caching passphrase for failed symmetric encryption.Marcus Brinkmann2017-07-211-1/+2
| | | | | | | | * g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO, assume the symmetric passphrase was wrong and invalidate the cache. Signed-off-by: Marcus Brinkmann <mb@g10code.com> GnuPG-bug-id: 2270
* gpg: Extend --quick-set-expire to allow subkey expiration setting.Werner Koch2017-07-214-29/+117
| | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs. (menu_expire): Rename arg force_mainkey to unattended and allow unattended changing of subkey expiration. * g10/gpg.c (main): Extend --quick-set-expire. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Fix possible double free of the card serialno.Werner Koch2017-07-211-0/+6
| | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Copy fields serialno and updateurl. -- The PK->serialno is used to get the version of the card to decide whether it does support other algorithms than SHA-1. This value is cached but no deep copy was done when calling copy_public_key. Bug detected by importing some public keys and then importing a secret key which led to a double free. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Use macros to check the signature class.Werner Koch2017-07-211-24/+24
| | | | | | * g10/import.c: Use the extistin macros for better readability. Signed-off-by: Werner Koch <wk@gnupg.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 22:32:52 +0100