summaryrefslogtreecommitdiffstats
path: root/Makefile.am (unfollow)
Commit message (Collapse)AuthorFilesLines
2021-08-24dirmngr: Change the default keyserver.Werner Koch7-57/+60
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
2021-08-24po: In German always use "Passwort" instead of "Passphrase".Werner Koch1-109/+109
-- This is a several decade old debate how to name this. Meanwhile in Germany it seems to be more clean to use the term "Passwort" instead of "Passphrase" (or that "Mantra" thing). It is easier to explain to users that a password may include spaces etc than to to explain the difference between passphrase and password. So let's keep the things in the code as is but change the translations. Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit c9859967c0d85e36c56ff481d402b97d2fd386bb) and adjusted for 2.3.
2021-08-24po: Auto update translationsWerner Koch25-4428/+3725
--
2021-08-24po: Update German translationWerner Koch1-171/+160
--
2021-08-24gpg: Report the status of NO_SECKEY for decryption.NIIBE Yutaka1-2/+2
* g10/mainproc.c (proc_encrypted): Fix the condition to report NO_SECKEY even when the key was not considered by get_session_key. -- GnuPG-bug-id: 5562 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-20wkd: Properly unescape the user-id from a key listing.Werner Koch1-6/+16
* tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
2021-08-20wkd: Fix client issue with leading or trailing spaces in user-ids.Werner Koch6-20/+200
* common/recsel.c (recsel_parse_expr): Add flag -t. * common/stringhelp.c: Remove assert.h. (strtokenize): Factor code out to do_strtokenize. (strtokenize_nt): New. (do_strtokenize): Add arg trim to support the strtokenize_nt. * common/t-stringhelp.c (test_strtokenize_nt): New test cases. * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel flag -t. -- This fixes a bug with user ids with leading spaces because: wks-client lists all mail addresses from the key and matches them to the requested mail address. If there are several user-ids all with the same mail address wks-client picks one of them and then extracts exactly that user id. However, here it does not match by the mail address but by the full user-id so that we can be sure that there will be only one user-id in the final key. The filter built expression unfortunately strips leading blanks but requires a verbatim match. Thus it won't find the user id again and errors out. The new -t flag and a non-trimming strtokenize solves the problem. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-08-20scd: Don't release the context until list_finish for PC/SC.NIIBE Yutaka1-1/+8
* scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here. (apdu_dev_list_finish): Decrement PCSC.COUNT. -- GnuPG-bug-id: 5416 Fixes-commit: 32baa9acfb153004bdb2509f9516482b78f256a4 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-19gpg: Return SUCCESS/FAILURE status also for --card-edit/name.Werner Koch1-3/+8
* g10/card-util.c (change_name): Call write_sc_op_status. -- Reported-by: Joey Berkovitz
2021-08-18agent: Use the sysconfdir for a pattern file.Werner Koch2-5/+34
* agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
2021-08-18agent: Ignore passphrase constraints for a generated passphrase.Werner Koch4-35/+74
* agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New. (MAX_GENPIN_TRIES): Remove. * agent/call-pinentry.c (struct entry_parm_s): (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid. (is_generated_pin): New. (inq_cb): Suppress constraints checking for a generated passphrase. No more need for several tries to generate the passphrase. (do_getpin): Store a generated passphrase/pin in the status field. (agent_askpin): Suppress constraints checking for a generated passphrase. (agent_get_passphrase): Ditto. * agent/command.c (cmd_get_passphrase): Ditto. -- A generated passphrase has enough entropy so that all kind of extra checks would only reduce the actual available entropy. We thus detect if a passphrase has been generated (and not changed) and skip all passphrase constraints checking.
2021-08-18agent: Improve the GENPIN callback.Werner Koch1-9/+14
* agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ... (DEFAULT_GENPIN_BITS): this and increase to 150. (generate_pin): Make sure that we use at least 128 bits.
2021-08-18agent: Fix for zero length help string in pinentry hints.Werner Koch1-13/+31
* agent/call-pinentry.c: Remove unused assert.h. (inq_cb): Fix use use of assuan_end_confidential in case of nested use. (do_getpin): Ditto. (setup_formatted_passphrase): Escape the help string. (setup_enforced_constraints): Ignore empty help strings. -- (Ported from 2.2)
2021-08-18common,w32: Replace log_debug by log_info for InProcessJobsWerner Koch1-3/+3
* common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
2021-08-18doc: Add sample texts for Pinentry hintsWerner Koch1-1/+27
--
2021-08-13agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pientWerner Koch1-1/+8
* agent/call-pinentry.c (atfork_core): Pass DISPLAY.
2021-08-13agent: New option --check-sym-passphrase-pattern.Werner Koch7-29/+89
* agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <wk@gnupg.org>