aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.0.26gnupg-2.0.26Werner Koch2014-08-122-2/+17
|
* po: Auto-update due to removed string.Werner Koch2014-08-1228-84/+36
| | | | --
* sm: Create homedir and lock empty keybox creation.Werner Koch2014-08-123-88/+211
| | | | | | | | | * sm/gpgsm.h (opt): Add field "no_homedir_creation". * sm/gpgsm.c (main): Set it if --no-options is used. * sm/keydb.c: Include fcntl.h. (try_make_homedir): New. Similar to the one from g10/openfile.c (maybe_create_keybox): New. Similar to the one from g10/keydb.c. (keydb_add_resource): Replace some code by maybe_create_keybox.
* Remove trailing white space from two files.Werner Koch2014-08-122-13/+13
| | | | --
* jnlib: Fix typo in header inclusion protection macro.Werner Koch2014-08-111-1/+1
| | | | | -- GnuPG-bug-id: 1669
* po: Update Japanese translation.NIIBE Yutaka2014-08-081-12/+9
|
* gpg: Fix regression due to the keyserver import filter.Werner Koch2014-08-063-34/+49
| | | | | | | | | | * g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite to take subpakets in account. * g10/import.c (import_one, import_secret_one): Pass keyblock to filter. -- GnuPG-bug-id: 1680
* gpg: Add kbnode_t for easier backporting.Werner Koch2014-08-061-0/+1
| | | | * g10/gpg.h (kbnode_t): New.
* Add OpenPGP card manufacturer Yubico (6).Simon Josefsson2014-07-211-0/+1
|
* scd: Allow for certificates > 1024 with PC/SC.Andreas Schwier2014-07-211-1/+1
| | | | | * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too allow for larger certificates.
* gpg: Cap size of attribute packets at 16MB.Werner Koch2014-07-211-1/+12
| | | | | | | | | | | | | | | | | | * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap size of packet. -- Tavis Ormandy reported a fatal error for attribute packets with a zero length payload. This is due to a check in Libgcrypt's xmalloc which rejects a malloc(0) instead of silently allocating 1 byte. The fix is obvious. In addition we cap the size of attribute packets similar to what we do with user id packets. OpenPGP keys are not the proper way to store movies. Resolved conflicts: g10/parse-packet.c - indentation. Use plain fprintf.
* Post release updates.Werner Koch2014-06-302-1/+4
| | | | --
* Release 2.0.25gnupg-2.0.25Werner Koch2014-06-301-1/+12
|
* estream: Fix minor glitch in "%.*s" format.Werner Koch2014-06-301-94/+96
| | | | | | | | * common/estream-printf.c (pr_string): Take care of non-nul terminated strings. -- Resolved conflicts: common/estream-printf.c - white spaces
* scd: Support reader Gemalto IDBridge CT30Werner Koch2014-06-271-0/+6
| | | | | | | | | | | | * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that reader. (GEMPC_CT30): New product id. -- GnuPG-bug-id: 1638 Resolved conflicts: scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
* gpg: Limit keysize for unattended key generation to useful values.Werner Koch2014-06-271-2/+12
| | | | | | | | | | | | | * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096. (gen_rsa): Enforce keysize 1024 to 4096. (gen_dsa): Enforce keysize 768 to 3072. -- It was possible to create 16k RSA keys in batch mode. In addition to the silliness of such keys, they have the major drawback that under GnuPG and Libgcrypt, with their limited amount of specially secured memory areas, the use of such keys may lead to an "out of secure memory" condition.
* agent: Let gpg-protect-tool pass envvars to pinentry.Werner Koch2014-06-251-52/+56
| | | | | | | | | | | | | * agent/protect-tool.c (opt_session_env): New. (main): Pass session environment object to gnupg_prepare_get_passphrase. -- GnuPG-bug-id: 1402 The full story can be found at https://bugzilla.redhat.com/show_bug.cgi?id=548528 Sorry for the delay.
* gpg: Make screening of keyserver result work with multi-key commands.Werner Koch2014-06-251-23/+45
| | | | | | | | | | | | | | * g10/keyserver.c (ks_retrieval_filter_arg_s): new. (keyserver_retrieval_filter): Use new struct and check all descriptions. (keyserver_spawn): Pass filter arg suing the new struct. -- This is a fix for commit 5e933008. The old code did only work for a single key. It failed as soon as several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A B C").
* Add CVE numberWerner Koch2014-06-242-43/+30
| | | | --
* Post release updatesWerner Koch2014-06-243-4/+7
| | | | --
* Release 2.0.24gnupg-2.0.24Werner Koch2014-06-242-5/+24
|
* po: Auto-updateWerner Koch2014-06-2427-0/+325
| | | | --
* gpg: Fix a couple of spelling errorsKristian Fiskerstrand2014-06-241-2/+2
|
* doc: Update from master.Werner Koch2014-06-244-29/+96
| | | | --
* gpg: Do not link gpgv against libassuan.Werner Koch2014-06-241-1/+1
| | | | | | | | | * g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS. -- This is not required. GnuPG-bug-id: 1533
* po: Update de.poWerner Koch2014-06-241-1/+12
|
* common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6Werner Koch2014-06-241-0/+2
| | | | | * common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if defined.
* Remove thread callbacks for libgcrypt >= 1.6.Werner Koch2014-06-242-3/+14
| | | | | | | | | | | | * agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with libgcrypt >= 1.6. (main): Ditto. * scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto. (main): Ditto. -- This is not anymore needed but kept for compatibility with Libgcrypt < 1.6.
* Improve configure option --with-libgpg-error-prefixWerner Koch2014-06-247-11/+12
| | | | | | | | | | | -- GnuPG-bug-id: 1561 Note that this is not a complete solution. The libgpg-error include directory has now a higher preference but ld may not pick up the right library if another one is installed. The problem is that the -L option and the -l options are not emitted separately by gpg-error-config.
* gpg: Use more specific reason codes for INV_RECP.Werner Koch2014-06-241-5/+13
| | | | | | | | | | * g10/pkclist.c (build_pk_list): Use more specific reasons codes for INV_RECP. -- GnuPG-bug-id: 1650 Note that this patch is a bit more limited than the one in 2.1.
* gpg: Make show-uid-validity the default.Werner Koch2014-06-241-0/+2
|
* gpg: Screen keyserver responses.Stefan Tomanek2014-06-243-80/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/main.h (import_filter_t): New. * g10/import.c (import): Add filter callbacks to param list. (import_one): Ditto. (import_secret_one): Ditto. (import_keys_internal): Ditto. (import_keys_stream): Ditto. * g10/keyserver.c (keyserver_retrieval_filter): New. (keyserver_spawn): Pass filter to import_keys_stream() -- These changes introduces import functions that apply a constraining filter to imported keys. These filters can verify the fingerprints of the keys returned before importing them into the keyring, ensuring that the keys fetched from the keyserver are in fact those selected by the user beforehand. Signed-off-by: Stefan Tomanek <[email protected]> Re-indention and minor changes by wk. Resolved conflicts: g10/import.c g10/keyserver.c g10/main.h
* gpg: Allow key-to-card upload for cert-only keysWerner Koch2014-06-241-47/+47
| | | | | | | * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0. -- Suggested-by: Dominik Heidler <[email protected]>
* ssh: Fix for newer Libgcrypt versions.Werner Koch2014-06-231-0/+1
| | | | | | | * common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case. -- Reported-by: Anatol Pomozov
* gpg: Avoid infinite loop in uncompressing garbled packets.Werner Koch2014-06-201-8/+11
| | | | | | | | | | | | | | | * g10/compress.c (do_uncompress): Limit the number of extra FF bytes. -- A packet like (a3 01 5b ff) leads to an infinite loop. Using --max-output won't help if it is a partial packet. This patch actually fixes a regression introduced on 1999-05-31 (c34c6769). Actually it would be sufficient to stuff just one extra 0xff byte. Given that this problem popped up only after 15 years, I feel safer to allow for a very few FF bytes. Thanks to Olivier Levillain and Florian Maury for their detailed report.
* doc: Update for modern makeinfo.Werner Koch2014-06-032-11/+5
| | | | | * doc/texi.css: Remove. * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
* maint: Of course we only use https in the announcements.Werner Koch2014-06-031-4/+4
| | | | --
* Post release updates.Werner Koch2014-06-033-41/+48
| | | | --
* Release 2.0.23gnupg-2.0.23Werner Koch2014-06-033-13/+39
|
* po: Auto-update due to one new entry.Werner Koch2014-06-0328-1/+137
| | | | --
* doc: Adjust Makefile for fixed yat2m.Werner Koch2014-06-031-6/+3
| | | | * doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.
* doc: Update from masterWerner Koch2014-06-034-96/+309
| | | | --
* gpg: New %U expando for the photo viewer.Werner Koch2014-06-034-6/+25
| | | | | | | | | | | | | | * g10/photoid.c (show_photos): Set namehash. * g10/misc.c (pct_expando): Add "%U" expando. -- This makes is possible to extract all photos ids from a key to different files. (cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5) Resolved conflicts: g10/photoid.c - whitespaces
* common: Add z-base-32 encoder.Werner Koch2014-06-033-0/+123
| | | | | | | | | | | * common/zb32.c: New. * common/t-zb32.c: New. * common/Makefile.am (common_sources): Add zb82.c -- (cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e) Resolved conflicts: common/Makefile.am
* gpg: Reject signatures made with MD5.Werner Koch2014-06-036-5/+38
| | | | | | | | | | | | | | * g10/gpg.c: Add option --allow-weak-digest-algos. (main): Set option also in PGP2 mode. * g10/options.h (struct opt): Add flags.allow_weak_digest_algos. * g10/sig-check.c (do_check): Reject MD5 signatures. * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos. -- (cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c) Resolved conflicts: g10/gpg.c - adjust. tests/openpgp/defs.inc - no changes
* gpg: Remove useless diagnostic in MDC verification.Werner Koch2014-06-031-8/+4
| | | | | | | | | | * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad MDC packer header and a bad MDC. -- The separate diagnostic was introduced for debugging a problems. For explaining an MDC error a single error message is easier to understand.
* gpg: Fix glitch entering a full expiration time.Werner Koch2014-06-031-1/+2
| | | | | | | | | | | * g10/keygen.c (ask_expire_interval): Get the current time after the prompt. -- This almost avoid that an entered full ISO timestamp is not used as given but off by the time the user required to enter the timestamp. GnuPG-bug-id: 1639
* gpg: Graceful skip reading of corrupt MPIs.Werner Koch2014-06-021-5/+17
| | | | | | | | | | * g10/parse-packet.c (mpi_read): Change error message on overflow. -- This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a broken MPI. GnuPG-bug-id: 1593
* gpg: Simplify default key listing.Werner Koch2014-06-021-84/+49
| | | | | | | | | | | * g10/mainproc.c (list_node): Rework. -- The old code still merged the first user id into the key packet line which resulted in all kind of complexity. --fixed-list-mode is meanwhile the default and thus we also change this part of the code. GnuPG-bug-id: 1640
* gpgsm: Handle re-issued CA certificates in a better way.Werner Koch2014-06-021-86/+142
| | | | | | | | | | | | | | | | | | | | | * sm/certchain.c (find_up_search_by_keyid): Consider all matching certificates. (find_up): Add some debug messages. -- The DFN-Verein recently re-issued its CA certificates without generating new keys. Thus looking up the chain using the authority keyids works but may use still existing old certificates. This may break the CRL lookup in the Dirmngr. The hack to fix this is by using the latest issued certificate with the same subject key identifier. As usual Peter Gutman's X.509 style guide has some comments on that re-issuing. GnuPG-bug-id: 1644 Resolved conflicts: sm/certchain.c - whitespace fixes.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 23:54:47 +0000