summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* gpg: Do not require --status-fd along with --require-compliance.Werner Koch2023-01-201-1/+1
| | | | | * g10/mainproc.c (check_sig_and_print): Do not check whether status is enabled when checking compliance.
* doc: Update copyright notices.Werner Koch2023-01-205-22/+9
| | | | | | -- Note that we now print Copyright g10 Code instead of FSF.
* wkd: Support option --output for command --check.Werner Koch2023-01-204-11/+39
| | | | | | * tools/wks-util.c (write_to_file): Rename to ... (wks_write_to_file): this, make global, and support NULL for fname. * tools/gpg-wks-client.c (command_check): Write to key.
* doc: Revert last change the gpg --unwrap descriptionWerner Koch2023-01-191-3/+2
| | | | | | | -- Note that --unwrap is an option and not a command. Thus it modifies the behaviour of the default operation or of -d.
* common: Detect PNG and JPEG file formats.Werner Koch2023-01-191-6/+24
| | | | | | | * common/miscellaneous.c (is_file_compressed): Add detect code. -- GnuPG-bug-id: 6332
* wkd: Let gpg-wks-client --supported print some diagnostics.Werner Koch2023-01-191-1/+45
| | | | | | | | | * tools/call-dirmngr.c (wkd_get_status_cb): Deetect and output warning and note stati from dirmngr. -- This is in particular helpful to check for non-proper TLS certificates.
* gpg: Detect already compressed data also when using a pipe.Werner Koch2023-01-199-64/+201
| | | | | | | | | | | | | | | | | | | | | * common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature. (file_filter): Implement peeking. (iobuf_ioctl): Add new IOBUF_IOCTL_PEEK. * common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New. * common/miscellaneous.c (is_file_compressed): Rewrite. Detect PDF. * g10/encrypt.c (encrypt_simple): Peek before detecting compression. (encrypt_crypt): Ditto. * g10/sign.c (sign_file): Also detect already compressed data. * g10/options.h (opt): Add explicit_compress_option. * g10/gpg.c (main): Set opt.explicit_compress_option for -z. -- Note that this patch also introduces a compression check for signing which was never done in the past. GnuPG-bug-id: 6332
* common: Replace all assert by log_assert.Werner Koch2023-01-181-31/+31
| | | | --
* gpgtar: Make --status-fd option for fds > 2 workWerner Koch2023-01-183-3/+12
| | | | | | | | | | | | | * tools/gpgtar-create.c (gpgtar_create): Do not close the status_fd in spawn. * tools/gpgtar-extract.c (gpgtar_extract): Ditto. * tools/gpgtar-list.c (gpgtar_list): Ditto. -- Note that this fix does not handle file descripotors passed via the --gpg-args options. GnuPG-bug-id: 6348
* sm: Fix compliance checking for ECC signature verification.Werner Koch2023-01-124-7/+31
| | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Also consider the gcrypt vids for ECDSA et al. (gnupg_pk_is_allowed): Ditto. * sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance notice for a non-compliant key. * sm/certchain.c (gpgsm_validate_chain): Silence the "switching to chain model".
* dirmngr: Cleanup of the no-Tor check with --gpgconf-* commandsWerner Koch2023-01-111-8/+15
| | | | | | | | * dirmngr/dirmngr.c (post_option_parsing): Add arg CMD. (main): Pass the current command. -- Updates-commit: 9f37e93dd741a5436ff412955628806ae84725ca
* w32: Make sure DEP is enabled.Werner Koch2023-01-111-1/+18
| | | | | | | | * common/init.c (_init_common_subsystems): Test and set the DEP Policy. -- Note that this change will now definitely require Windows XP SP3.
* doc: Minor fix of the --keyserver option.Werner Koch2023-01-111-9/+9
| | | | | | -- Unfortunately the a reflow took place.
* tests: Fix tests/gpgme for in-source-tree builds.NIIBE Yutaka2022-12-212-5/+4
| | | | | | | | | | | * tests/gpgme/Makefile.am: Don't use setup.scm/ dir. * tests/gpgme/all-tests.scm: Fix the name of the environment. -- GnuPG-bug-id: 6313 Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Post release updatesWerner Koch2022-12-162-1/+5
| | | | --
* Release 2.4.0gnupg-2.4.0Werner Koch2022-12-161-1/+1
|
* po: update-poWerner Koch2022-12-1624-711/+1162
| | | | --
* po: Fixed two new fuzzies in the Czech translation.Werner Koch2022-12-161-97/+40
| | | | | | -- They were obvious.
* po: Update Czech translationPetr Pisar2022-12-161-33/+88
| | | | --
* common: Fix translations in --help for gpgrt < 1.47Werner Koch2022-12-161-0/+8
| | | | | * common/mapstrings.c (map_static_macro_string): Add hack. --
* po: Update German translationWerner Koch2022-12-161-29/+36
| | | | --
* gpg: Fix a typo in a rarely shown diagnosticWerner Koch2022-12-161-2/+1
| | | | --
* gpg: Do not continue the export after a cancel for the primary key.Werner Koch2022-12-161-1/+10
| | | | | | | | * g10/export.c (do_export_one_keyblock): Handle a cancel for the primary key special. -- GnuPG-bug-id: 6093
* gpg: Replace use of PRIu64 in log_debugWerner Koch2022-12-162-8/+10
| | | | | | | | | | | | | * g10/cipher-aead.c (do_flush): Use %llu and a cast. * g10/decrypt-data.c (aead_underflow): Ditto. -- Fixes-commit: b2cedc108d5cabb07f496c31c11c9cba6f328f76 We don't use the system's printf but the one implemented by us (gpgrt's estream-printf) thus the PRIu64 may or may not be correct. We can't do much about the -Wformat errors due to our different implementation.
* tests: Fix missing test message.Werner Koch2022-12-161-2/+2
| | | | --
* speedo: Add updates from 2.2Werner Koch2022-12-162-11/+41
| | | | --
* Update NEWS for 2.4.0Werner Koch2022-12-164-12/+109
|
* doc: Typo fixesWerner Koch2022-12-166-11/+11
| | | | | | | -- Reported-by: Andreas Metzler GnuPG-bug-id: 6309
* tests: Fix make check with GPGME.NIIBE Yutaka2022-12-161-0/+5
| | | | | | | | * tests/gpgme/Makefile.am: Create directories for logs. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Allow arguments to "scd serialno" in restricted mode.Werner Koch2022-12-121-1/+1
| | | | | | | * agent/command.c (cmd_scd): Allow it. -- This is important because Scute uses "SCD SERIALNO --all".
* scd:p15: Skip deleted records.Werner Koch2022-12-091-8/+37
| | | | | | | | | | | | * scd/app-p15.c (select_and_read_record): Special case deleted records. Support 3 byte TLVs. (read_ef_prkdf): Skip deleted records. (read_ef_pukdf): Ditto. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. -- This fixes a problem with some CardOS 5 applications.
* build: Remove Windows CE support.NIIBE Yutaka2022-12-099-87/+16
| | | | | | | | | | | | | | | | * agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove. * autogen.sh: Remove W32ce_ variables. * configure.ac: Likewise. * dirmngr/Makefile.am (extra_bin_ldflags): Remove. * g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * kbx/Makefile.am: Likewise. * sm/Makefile.am (extra_bin_ldflags): Remove. * tools/Makefile.am (extra_bin_ldflags): Remove. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* wkd: Do not send/install/mirror expired user ids.Werner Koch2022-12-064-8/+72
| | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and revoked. * tools/wks-util.c (append_to_uidinfo_list): Add args expired and revoked. (set_expired_revoked): New. (wks_list_key): Set expired and revoked. (wks_cmd_install_key): Skip expired uids. * tools/gpg-wks-client.c (command_check): Print flags. (command_send): Ignore expired keys. (mirror_one_key): Ditto. * g10/export.c (do_export_stream): Silence warning. -- GnuPG-bug-id: 6292
* gpgsm: Print the revocation time also with --verify.Werner Koch2022-12-051-1/+16
| | | | * sm/certchain.c (is_cert_still_valid): Print revocation reason.
* gpgsm: Fix "problem re-searching certificate" case.Werner Koch2022-12-051-1/+1
| | | | * sm/keydb.c (keydb_set_cert_flags): Fix error test.
* gpgsm: Print revocation date and reason in cert listings.Werner Koch2022-12-058-28/+158
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and r_revocation_reason. * dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status. (cmd_checkocsp): Ditto. * sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields. (isvalid_status_cb): Parse REVOCATIONINFO. (gpgsm_dirmngr_isvalid): Add args r_revoked_at and r_revocation_reason. * sm/gpgsm.h (struct server_control_s): Add fields revoked_art and revocation_reason. * sm/keylist.c (list_cert_raw): Print revocation date. (list_cert_std): Ditto. -- Note that for now we do this only for OCSP because it is an important piece of information when using the chain model. For a sample key see commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
* gpgsm: Silence the "non-critical certificate policy not allowed".Werner Koch2022-12-051-2/+3
| | | | | * sm/certchain.c (check_cert_policy): Print non-critical policy warning only in verbose mode.
* gpgsm: Always use the chain model if the root-CA requests this.Werner Koch2022-12-054-16/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Do not use option --force-default-responder. * sm/certchain.c (is_cert_still_valid): Rename arg for clarity. (gpgsm_validate_chain): Always switch to chain model. -- The trustlist.txt may indicate that a root CA issues certificates which shall be validated using the chain model. This is for example the case for qualified signatures. Before this change we did this only if the default shell model indicated that a certificate has expired. This optimization is technically okay but has one problem: The chain model requires the use of OCSP but we switch to this only when running the chain model validation. To catch revoked certificates using OCSP we need to always switch to the chain model unless OCSP has been enabled anyway. Note that the old --force-default-responder option is not anymore used. Test cases are certificates issued by # CN=TeleSec qualified Root CA 1 # O=Deutsche Telekom AG # C=DE # 2.5.4.97=USt-IdNr. DE 123475223 90:C6:13:6C:7D:EF:EF:E9:7C:C7:64:F9:D2:67:8E:AD:03:E5:52:96 \ S cm qual relax A sample revoked certificate is -----BEGIN CERTIFICATE----- MIIDTzCCAvSgAwIBAgIQIXfquQjq32B03CdaflIbiDAMBggqhkjOPQQDAgUAMHEx CzAJBgNVBAYTAkRFMRwwGgYDVQQKDBNEZXV0c2NoZSBUZWxla29tIEFHMSMwIQYD VQQDDBpUZWxlU2VjIFBLUyBlSURBUyBRRVMgQ0EgMTEfMB0GA1UEYQwWVVN0LUlk TnIuIERFIDEyMzQ3NTIyMzAeFw0yMDA2MjIxMDQ1NDJaFw0yMzA2MjUyMzU5MDBa MDAxCzAJBgNVBAYTAkRFMRUwEwYDVQQDDAxLb2NoLCBXZXJuZXIxCjAIBgNVBAUT ATMwWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEbkEXUuXTriWOwqQhjlh11oCc 6Z8lQdQDz3zY/OEh8fMJS7AKBNo8zkpPKDJ2olPph18b1goEbLiqHQsPRPahDaOC AaowggGmMB8GA1UdIwQYMBaAFP/0iep1rMXT0iQ0+WUqBvLM6bqBMB0GA1UdDgQW BBQEI3xsIUDnoOx+gLYbG63v5/f9kjAOBgNVHQ8BAf8EBAMCBkAwDAYDVR0TAQH/ BAIwADAgBgNVHREEGTAXgRV3ZXJuZXIua29jaEBnbnVwZy5jb20wPQYDVR0gBDYw NDAyBgcEAIvsQAECMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wa3MudGVsZXNlYy5k ZS9jcHMwgYQGCCsGAQUFBwEBBHgwdjBLBggrBgEFBQcwAoY/aHR0cDovL3RxcmNh MS5wa2kudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19QS1NfZUlEQVNfUUVTX0NBXzEu Y3J0MCcGCCsGAQUFBzABhhtodHRwOi8vcGtzLnRlbGVzZWMuZGUvb2NzcHIwXgYI KwYBBQUHAQMEUjBQMAgGBgQAjkYBATAIBgYEAI5GAQQwOgYGBACORgEFMDAwLhYo aHR0cHM6Ly93d3cudGVsZXNlYy5kZS9zaWduYXR1cmthcnRlL2FnYhMCZW4wDAYI KoZIzj0EAwIFAANHADBEAiAqgB8gyZyj05CRdHD5KJcpG68DzQECYnYP6ZPasUYK AQIgI1GtRMJWvFTIKsZpgY+ty0pRb5/K09fbmvaSAKFpv/I= -----END CERTIFICATE-----
* gpg: New export option "mode1003".Werner Koch2022-12-0211-35/+320
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.
* gpg: Remove a mostly duplicated function.Werner Koch2022-12-023-81/+36
| | | | | | | | * g10/export.c (receive_seckey_from_agent): Add arg r_key. (do_export_one_keyblock): Pass NULL for new arg. (receive_raw_seckey_from_agent): Remove. (export_secret_ssh_key): Use receive_seckey_from_agent. * g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
* tests: Simplify fake-pinentry to use the option only.NIIBE Yutaka2022-12-021-31/+41
| | | | | | | | | | | * tests/openpgp/fake-pinentry.c (parse_pinentry_user_data): New. (main): Don't use PINENTRY_USER_DATA env var. -- Since environment variable is unreliable, use the option only. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Fix fake-pinentry for Windows.NIIBE Yutaka2022-12-021-8/+1
| | | | | | | | | | | | | | * tests/openpgp/fake-pinentry.c (main): Override PINENTRY_USER_DATA, by the option. -- In the Assuan implementation for Windows, spawn function doesn't call the atfork callback. Thus, the environment variable is not updated by gpg-agent when it spawns pinentry. Reliable way is the interaction to override the option. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Fix make check-all.NIIBE Yutaka2022-12-021-0/+1
| | | | | | | | | * Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_IN_TEST_SUITE. -- Fixes-commit: 50d12860ef21e8480474fd94a0b4465d0339086d Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent: Fix import of protected v5 keys.Werner Koch2022-12-011-3/+4
| | | | | | | | * agent/cvt-openpgp.c (convert_from_openpgp_main): Take care of version 5 keys. -- GnuPG-bug-id: 6294
* gpgsm: Change default algo to AES-256.Werner Koch2022-12-011-1/+1
| | | | * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change.
* tests: Put a workaround for semihosted environment.NIIBE Yutaka2022-12-011-0/+3
| | | | | | | | | | | | * tests/openpgp/defs.scm [*win32*]: Use --build-prefix option. -- On the semihosted environment, output of simple gpgconf --list-components includes drive name (like Z:), which results failure of command invocation. This is a workaround. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: More fix for semihosted environment.NIIBE Yutaka2022-12-013-22/+27
| | | | | | | | | | * common/all-tests.scm: Conditionalize by *win32*. * tests/cms/Makefile.am (GPGSM): Add missing GPGSM. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Add EXEEXT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Support semihosted environment.NIIBE Yutaka2022-12-015-13/+17
| | | | | | | | | | | | * Makefile.am (check-all): Add EXEEXT. * agent/all-tests.scm: Append EXEEXT. * common/all-tests.scm: Likewise. * g10/all-tests.scm: Likewise. * g13/all-tests.scm: Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests: Fix tests under cms.NIIBE Yutaka2022-12-011-2/+0
| | | | | | | | | * tests/cms/all-tests.scm: Remove merge mistake. -- Fixes-commit: 1246e16432b4240ad81c0bd757d7458b609dfd96 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tests,w32: Fix for semihosted environment.NIIBE Yutaka2022-12-011-1/+1
| | | | | | | | * tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Add EXEEXT. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 16:28:03 +0100