summaryrefslogtreecommitdiffstats
path: root/doc/help.it.txt (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-10-25speedo: Sign the windows installer with a timestamp.Werner Koch1-3/+7
--
2018-10-25dirmngr: Fix out of scope use of a var in the keyserver LDAP code.Werner Koch1-23/+10
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale out of scope and cleanup the entire pgpKeySize block. -- GnuPG-bug-id: 4229 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-25g10,scd: Improve UIF support.NIIBE Yutaka4-3/+30
* g10/call-agent.c (learn_status_cb): Parse "bt" flag. * g10/call-agent.h: New member field "bt". * g10/card-util.c (uif): Limit its access only when it is supported. * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only when there is a button. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-24all: fix spelling and typosDaniel Kahn Gillmor77-120/+120
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24doc: fix spelling mistakesDaniel Kahn Gillmor6-18/+18
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24agent: Fix possible uninitalized use of CTX in simple_pwquery.Werner Koch1-0/+1
* common/simple-pwquery.c (agent_open): Clear CTX even on early error. -- GnuPG-bug-id: 4223 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24agent: Fix possible release of unitialize var in a genkey error case.Werner Koch1-1/+1
* agent/command.c (cmd_genkey): Initialize 'value'. -- GnuPG-bug-id: 4222 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24ssh: Fix possible infinite loop in case of an read error.Werner Koch1-3/+4
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors than EOF. -- GnuPG-bug-id: 4221 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24tools: Fix FILE memory leak in gpg-connect-agent.Werner Koch1-2/+4
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the stream. GnuPG-bug-id: 4220 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24sm: Use the correct string in an error message.Werner Koch1-1/+1
* sm/gpgsm.c (main): Fix error message. -- GnuPG-bug-id: 4219
2018-10-24gpg: Unfinished support for v5 signatures.Werner Koch4-40/+54
* g10/parse-packet.c (parse_signature): Allow for v5 signatures. * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5 byte count. * g10/sign.c (hash_sigversion_to_magic): Ditto. (write_signature_packets): Request v5 sig for v5 keys. Remove useless condition. (make_keysig_packet): Request v5 sig for v5 keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24indent: Modernize g10/sign.cWerner Koch1-791/+829
--
2018-10-22dirmngr: Prepare for updated WKD specs with ?l= paramWerner Koch1-12/+21
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the request. -- We append the raw non-canonicalized local address part to the hash. Servers who serve the requests from static files will ignore the parameters and a test with posteo shows that also services using a database ignore the parameter. The general idea is that service providers may use their own canonicalization rules. The problem is that we currently filter the returned key for the full mail address and thus we will never see a key if the service did a different canonicalization than we. So consider this to be an experiment. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22agent: Fix build regression for Windows.Werner Koch2-8/+15
* agent/command-ssh.c (get_client_info): Turn client_uid into an int. Fix setting of it in case of a failed getsocketopt. * agent/command.c (start_command_handler): Fix setting of the pid and uid for Windows. -- Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046 which obviously was only added to master. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-22dirmngr: In verbose mode print the OCSP responder id.Werner Koch1-0/+27
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-15tools: Replace duplicated code in mime-maker.Werner Koch3-62/+90
* tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from mime-maker.c. (rfc822_valid_header_name_p): New. Based on code from mime-maker.c. (rfc822_capitalize_header_name): New. Copied from mime-maker.c. (capitalize_header_name): Remove. Replace calls by new func. (my_toupper, my_strcasecmp): New. * tools/mime-maker.c: Include rfc822parse.h. (HEADER_NAME_CHARS, capitalize_header_name): Remove. (add_header): Replace check and capitalization by new functions. -- This is a straightforward change with two minor chnages: - In rfc822parse.c the capitalization handles MIME-Version special. - The check in mime-maker bow detects a zero-length name as invalid. my_toupper and my_strcasecmp are introduced to allow standalone use of that file. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-15scd: Fix signing authentication status.NIIBE Yutaka1-1/+4
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing. -- We have a corner case: In "not forced" situation and authenticated, and it is changed to "forced", card implementaiton can actually accept signing, but GnuPG requires authentication, because it is "forced". GnuPG-bug-id: 4177 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-12agent: Fix message for ACK button.NIIBE Yutaka1-13/+35
* agent/divert-scd.c (getpin_cb): Display correct message. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-11scd: Support "acknowledge button" feature.NIIBE Yutaka7-1/+97
* scd/apdu.c (set_prompt_cb): New member function. (set_prompt_cb_ccid_reader): New function. (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader. (apdu_set_prompt_cb): New. * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb. * ccid-driver.c (ccid_set_prompt_cb): New. (bulk_in): Call ->prompt_cb when timer extension. * scd/command.c (popup_prompt): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-11agent: Support --ack option for POPUPPINPADPROMPT.NIIBE Yutaka1-1/+1
* agent/divert-scd.c (getpin_cb): Support --ack option. -- We are now introducing "acknowledge button" feature to scdaemon, so that we can support OpenPGPcard User Interaction Flag. We will (re)use the mechanism of POPUPPINPADPROMPT for this. Perhaps, we will change the name of POPUPPINPADPROMPT, since it will be no longer for PINPAD only. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-10gpg: Don't take the a TOFU trust model from the trustdb,Werner Koch2-5/+27
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model. (create_version_record): Don't init as TOFU. (tdbio_db_matches_options): Don't indicate a change in case TOFU is stored in an old trustdb file. -- This change allows to switch between a tofu and pgp or tofu+pgp trust model without an auto rebuild of the trustdb. This also requires that the tofu trust model is requested on the command line. If TOFU will ever be the default we need to tweak the model detection via TM_AUTO by also looking into the TOFU data base, GnuPG-bug-id: 4134
2018-10-08gpg: Fix extra check for sign usage of a data signature.Werner Koch1-1/+2
* g10/sig-check.c (check_signature_end_simple): -- Obviously we should not ignore a back signature here. Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5 GnuPG-bug-id: 4014 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-08gpg: Make --skip-hidden-recipients work again.Werner Koch1-0/+13
* g10/pubkey-enc.c (get_session_key): Take care of opt.skip_hidden_recipients. -- This was lost due to Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290 GnuPG-bug-id: 4169 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-04gpg: Add new card vendorWerner Koch1-0/+1
--
2018-10-02gpg: New options import-drop-uids and export-drop-uids.Werner Koch5-9/+94
* g10/options.h (IMPORT_DROP_UIDS): New. (EXPORT_DROP_UIDS): New. * g10/import.c (parse_import_options): Add option "import-drop-uids". (import_one): Don't bail out with that options and no uids found. Also remove all uids. (remove_all_uids): New. * g10/export.c (parse_export_options): Add option "export-drop-uids". (do_export_one_keyblock): Implement option. -- These options are required for experiments with changes to the keyserver infrastructure. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02common: Fix gnupg_reopen_std.NIIBE Yutaka1-6/+5
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat. -- When gpg was invoked by a Perl web application on FreeBSD, fstat in gnupg_reopen_std failed with EBADF. Using fcntl, which is considered lighter than fstat, it works fine. Since uur purpose is to check if file descriptor is valid or not, lighter operation is better. Reported-by: Marcin Gryszkalis <mg@fork.pl> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-27g10,scd: Support UIF changing command.NIIBE Yutaka2-5/+48
* g10/card-util.c (uif, cmdUIF): New. (card_edit): Add call to uif by cmdUIF. * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3. (do_setattr): Likewise. (do_learn_status): Learn UIF-1, UIF-2, and UIF-3. -- GnuPG-bug-id: 4158 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-18g10: Fix memory leak for --card-status.NIIBE Yutaka1-4/+3
* g10/card-util.c (card_status): Release memory of serial number. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14g10: Fix another memory leak.NIIBE Yutaka1-4/+3
* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t. -- The use of pubkey_t was wrong. The use is just a list of keys, not with keyblock. With SK_LIST, release_sk_list releases memory by free_public_key. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14g10: Fix memory leak (more).NIIBE Yutaka1-5/+9
* g10/skclist.c (enum_secret_keys): Free SERIALNO on update. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14g10: Fix memory leak in enum_secret_keys.NIIBE Yutaka1-2/+10
* g10/skclist.c (enum_secret_keys): Don't forget to call free_public_key in the error return paths. -- Reported-by: Philippe Antoine GnuPG-bug-id: 4140 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-11Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."NIIBE Yutaka1-10/+13
This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9. -- Now the access to hosttable is serialized correctly.
2018-09-11dirmngr: Serialize access to hosttable.NIIBE Yutaka3-8/+64
* dirmngr/dirmngr.h (ks_hkp_init): New. * dirmngr/dirmngr.c (main): Call ks_hkp_init. * dirmngr/ks-engine-hkp.c (ks_hkp_init): New. (ks_hkp_mark_host): Serialize access to hosttable. (ks_hkp_print_hosttable, make_host_part): Likewise. (ks_hkp_housekeeping, ks_hkp_reload): Likewise. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10common: Use iobuf_get_noeof to avoid undefined behaviors.NIIBE Yutaka1-3/+3
* common/iobuf.c (block_filter): Use iobuf_get_noeof. -- When singed integer has negative value, left shift computation is undefined in C. GnuPG-bug-id: 4093 Reported-by: Philippe Antoine Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10agent: Fix error code check from npth_mutex_init.NIIBE Yutaka1-2/+6
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an error when npth_mutex_init returns non-zero. -- Actually, initialize_module_call_pinentry is only called once from main. So, this bug had no harm and having the static variable INITIALIZED is not needed. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-07dirmngr: Emit SOURCE status also on NO_DATA.Werner Koch2-5/+20
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on NO DATA error. (ks_hkp_get): Ditto. * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info also on error. (gpg_dirmngr_ks_get): Ditto. -- If a keyserver does not return any data it can be useful to know which keyserver out of the pool answered. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-07dirmngr: hkp: Avoid potential race condition when some hosts die.Daniel Kahn Gillmor1-13/+10
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass through the host table instead of risking out-of-bounds write. -- Multiple threads may write to hosttable[x]->dead while select_random_host() is running. For example, a housekeeping thread might clear the ->dead bit on some entries, or another connection to dirmngr might manually mark a host as alive. If one or more hosts are resurrected between the two loops over a given table in select_random_host(), then the allocation of tbl might not be large enough, resulting in a write past the end of tbl on the second loop. This change collapses the two loops into a single loop to avoid this discrepancy: each host's "dead" bit is now only checked once. As Werner points out, this isn't currently strictly necessary, since npth will not switch threads unless a blocking system call is made, and no blocking system call is made in these two loops. However, in a subsequent change in this series, we will call a function in this loop, and that function may sometimes write(2), or call other functions, which may themselves block. Keeping this as a single-pass loop avoids the need to keep track of what might block and what might not. GnuPG-bug-id: 2836 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-09-07g10: Fix memory leak.NIIBE Yutaka1-0/+2
* g10/import.c (read_block): Call free_packet to skip the packet. -- Reported-by: Philippe Antoine GnuPG-bug-id: 3916 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06gpgscm: Suppress warnings for GCC > 6.NIIBE Yutaka1-15/+14
* tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6. (FALLTHROUGH): New for fallthrough. (Eval_Cycle): Use FALLTHROUGH. Remove not-needed comment of fallthrough. -- Since GCC combines C preprocessor macro expansion, the fallthrough comment doesn't work well to suppress warnings for -Wimplicit-fallthrough, near the macro CASE. To handle this problem, we use GCC's extension of unused label and fallthrough attributes. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06Fix use of strncpy, which is actually good to use memcpy.NIIBE Yutaka2-2/+2
* common/ssh-utils.c (get_fingerprint): Use memcpy. * g10/build-packet.c (string_to_notation): Use memcpy. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-30artwork: State license of the logoWerner Koch1-0/+8
--
2018-08-29gpg: Explain error message in key generation with --batchWerner Koch1-1/+3
* g10/keygen.c (generate_keypair): Show more info. -- GnuPG-bug-id: 3912 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29doc: Minor additions to the gpg man pageWerner Koch1-4/+10
-- Includes a fix for GnuPG-bug-id: 3906 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29gpg: Remove unused function get_pubkeys.Werner Koch2-274/+4
* g10/getkey.c (get_pubkeys): Remove. (pubkey_free): Remove and use code directly ... (pubkeys_free): ... here. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29doc: Show how to list envvars send to gpg-agent.Werner Koch1-0/+9
-- GnuPG-bug: 3353 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29gpg: New option --known-notation.Werner Koch4-7/+64
* g10/gpg.c (oKnownNotation): New const. (opts): Add option --known-notation. (main): Set option. * g10/parse-packet.c (known_notations_list): New local var. (register_known_notation): New. (can_handle_critical_notation): Rewrite to handle the new feature. Also print the name of unknown notations in verbose mode. -- GnuPG-bug-id: 4060 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28gpg: Refresh expired keys originating from the WKD.Werner Koch2-17/+99
* g10/getkey.c (getkey_ctx_s): New field found_via_akl. (get_pubkey_byname): Set it. (only_expired_enc_subkeys): New. (get_best_pubkey_byname): Add support to refresh expired keys from the WKD. -- A little drawback of that code is that if the WKD has no update for an expired key each access of the key will trigger a WKD lookup (unless cached by the dirmngr). To avoid this we need to record the last time we have checked for an update but that would in turn require that we update the keyring for each check. We defer this until we have a better key database which allows for fast updates of meta data. Testing the code is currently a bit cumbersome because it requires to update a key in the WKD several times. Eventually we we need a network emulation layer to provide sample data for the regression tests. GnuPG-bug-id: 2917 Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28gpg: Remove unused arg from a function.Werner Koch4-5/+5
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'. Change both callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27gpg: Prepare for longer card fingerprints.Werner Koch4-76/+89
* g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to "*len". * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to return the actual length. (agent_release_card_info): Adjust for these changes. * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add arg FPRLEN. Change all callers to pass the length. (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg FPRLEN. Change all callers to pass the length. (fpr_is_zero): Add arg FPRLEN. (fpr_is_ff): Ditto. (show_card_key_info): Use the new functions. * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN. -- This is not needed right now but we should get rid of all hard coded fingerprint lengths. Thus this change. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27g10: Fix enum_secret_keys for card keys.NIIBE Yutaka1-3/+8
* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns fingerprint in binary, change it to hex string. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>