aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.20gnupg-2.2.20Werner Koch2020-03-202-3/+31
| | | | * build-aux/speedo.mk (sign-installer): Fix syntax error.
* po: Auto-updateWerner Koch2020-03-2024-0/+230
| | | | --
* Copyright notice updates et al.Werner Koch2020-03-194-13/+15
| | | | --
* po: Update German translationWerner Koch2020-03-191-1/+7
| | | | --
* gpgconf: Take care of --homedir when reading/updating options.Werner Koch2020-03-191-4/+22
| | | | | | | | | | | | * tools/gpgconf-comp.c (gc_component_check_options): Take care of --homedir. (retrieve_options_from_program): Ditto. -- Note that due to the large changes in master we could not backport the patch from there. GnuPG-bug-id: 4882
* po: Update Japanese Translation.NIIBE Yutaka2020-03-191-1/+9
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix pinpad handling when KDF enabled.NIIBE Yutaka2020-03-181-0/+2
| | | | | | | | | | * scd/app-openpgp.c (do_getattr): Send the KDF DO information. -- Fixes-commit: 95c7498b76231d3297541172d878f6a26702539b Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 11da441016222337284c519ff56aca34e3042373)
* scd: Disable pinpad if it's impossible by KDF DO.NIIBE Yutaka2020-03-181-6/+29
| | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field. (do_getattr): Set pinpad.disabled field. (check_pinpad_request): Use the pinpad.disabled field. (do_setattr): Update pinpad.disabled field. -- GnuPG-bug-id: 4832 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 95c7498b76231d3297541172d878f6a26702539b) Signed-off-by: Werner Koch <[email protected]>
* gpg: Print a hint for --batch mode and --delete-secret-key.Werner Koch2020-03-181-0/+6
| | | | | | | | | | | | | * g10/delkey.c: Include shareddefs.h. (delete_keys): Print a hint. -- The option --yes has some side-effects so it is not desirable to use it automatically. The code in master (2.3) has special treatment of confirm messages and thus this patch is only for 2.2. GnuPG-bug-id: 4667 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Improve finding OCSP cert.Werner Koch2020-03-181-1/+35
| | | | | | | | | | | | | | | | | * dirmngr/certcache.c (find_cert_bysubject): Add better debug output and try to locate by keyid. -- This change was suggested in T4536 but we do not have any test cases for this. GnuPG-bug-id: 4536 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 4699e294cc9e59f35262adca26ca291927acca9e) The bug report meanwhile has a test description but I have not done the testing yet. I port this back to 2.2 anyway given that no regression have been reported for master in nearly a year.
* gpg: Update --trusted-key to accept fingerprint as well as long key id.Daniel Kahn Gillmor2020-03-182-8/+20
| | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well as long key ID. * doc/gpg.texi: document that --trusted-key can accept a fingerprint. -- GnuPG-bug-id: 4855 Signed-off-by: Daniel Kahn Gillmor <[email protected]> Fixed uses or return and kept the old string to avoid breaking translations. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb) Remove the test for FPRLEN which we do not have in 2.2 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix key expiration and usage for keys created at the Epoch.Werner Koch2020-03-181-12/+16
| | | | | | | | | | | | | | | | * g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in account. -- Keys created at the Epoch have a creation time of 0; when figuring out the latest signature with properties to apply to a key the usual comparison A > B does not work if A is always 0. We now special case this for the expiration and usage data. Co-authored-by: [email protected] GnuPG-bug-id: 4670 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad)
* gpg: New option --auto-key-importWerner Koch2020-03-145-11/+44
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (opts): New options --auto-key-import, --no-auto-key-import, and --no-include-key-block. (gpgconf_list): Add them. * g10/options.h (opt): Add field flags.auto_key_import. * g10/mainproc.c (check_sig_and_print): Use flag to enable that feature. * tools/gpgconf-comp.c: Give the new options a Basic config level. -- Note that the --no variants of the options are intended for easy disabling at the command line. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make use of the included key block in a signature.Werner Koch2020-03-1411-53/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/import.c (read_key_from_file): Rename to ... (read_key_from_file_or_buffer): this and add new parameters. Adjust callers. (import_included_key_block): New. * g10/packet.h (PKT_signature): Add field flags.key_block. * g10/parse-packet.c (parse_signature): Set that flags. * g10/sig-check.c (check_signature2): Add parm forced_pk and change all callers. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Try the included key block if no key is available. -- This is is the second part to support the new Key Block subpacket. The idea is that after having received a signed mail, it is instantly possible to reply encrypted - without the need for any centralized infrastructure. There is one case where this does not work: A signed mail is received using a specified signer ID (e.g. using gpg --sender option) and the key block with only that user ID is thus imported. The next time a mail is received using the same key but with a different user ID; the signatures checks out using the key imported the last time. However, the new user id is not imported. Now when trying to reply to that last mail, no key will be found. We need to see whether we can update a key in such a case. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --include-key-block.Werner Koch2020-03-146-11/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New. * g10/gpg.c (oIncludeKeyBlock): New. (opts): New option --include-key-block. (main): Implement. * g10/options.h (opt): New flag include_key_block. * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK. (parse_one_sig_subpkt): Ditto. (can_handle_critical): Ditto. * g10/sign.c (mk_sig_subpkt_key_block): New. (write_signature_packets): Call it for data signatures. -- This patch adds support for a to be proposed OpenPGP ferature: Introduce the Key Block subpacket to align OpenPGP with CMS. This new subpacket may be used similar to the CertificateSet of CMS (RFC-5652) and thus allows to start encrypted communication after having received a signed message. In practice a stripped down version of the key should be including having only the key material and the self-signatures which are really useful and shall be used by the recipient to reply encrypted. #### Key Block (1 octet with value 0, N octets of key data) This subpacket MAY be used to convey key data along with a signature of class 0x00, 0x01, or 0x02. It MUST contain the key used to create the signature; either as the primary key or as a subkey. The key SHOULD contain a primary or subkey capable of encryption and the entire key must be a valid OpenPGP key including at least one User ID packet and the corresponding self-signatures. Implementations MUST ignore this subpacket if the first octet does not have a value of zero or if the key data does not represent a valid transferable public key. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]> Backported from master. Signed-off-by: Werner Koch <[email protected]>
* gpg: Add property "fpr" for use by --export-filter.Werner Koch2020-03-147-2/+71
| | | | | | | | | | | | | | | | * g10/export.c (push_export_filters): New. (pop_export_filters): New. (export_pubkey_buffer): Add args prefix and prefixlen. Adjust callers. * g10/import.c (impex_filter_getval): Add property "fpr". * g10/main.h (struct impex_filter_parm_s): Add field hexfpr. -- The push and pop feature will help us to use the export filter internally in gpg. Same for the export_pubkey_buffer change. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <[email protected]>
* gpg: Add a new OpenPGP card vendor.Werner Koch2020-03-142-0/+5
| | | | --
* gpg: Add new card vendorWerner Koch2020-03-031-0/+1
| | | | --
* gpg: Fix default-key selection when card is available.NIIBE Yutaka2020-02-191-1/+9
| | | | | | | | | | * g10/getkey.c (get_seckey_default_or_card): Handle the case when card key is not suitable for requested usage. -- GnuPG-bug-id: 4850 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Correction of typo in documentation of KEY_CONSIDEREDNick Piper2020-02-181-1/+1
| | | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]> (cherry picked from commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f)
* sm: Remove left over debug output.Werner Koch2020-02-171-1/+0
| | | | --
* gpgsm: Fix import of some CR,LF ternminated certificatesWerner Koch2020-02-151-8/+18
| | | | | | | | | | | | * common/ksba-io-support.c (base64_reader_cb): Detect the END tag and don't just rely on the padding chars. This could happen only with CR+LF termnmated PEM files. Also move the detection into the invalid character detection branch for a minor parser speedup. -- GnuPG-bug-id: 4847 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)
* doc: Improve the warning section of the gpg man page.Werner Koch2020-02-101-11/+17
| | | | | | | * doc/gpg.texi: Update return value and warning sections. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 113a8288b85725f7726bb2952431deea745997d8)
* build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.Werner Koch2020-02-1028-18/+35
| | | | | | | | | | | | | | | | | | | | | | * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only here but now without the Norcroft-C. Change all other places where it gets defined. * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as extern. * common/iobuf.c (iobuf_debug_mode): Define it here. * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in all main modules of all other programs. * g10/main.h: Put util.h before the local header files. -- This change is required for use with gcc/ld's LTO feature which does not allow common blocks. Further gcc 10 will make -fno-common the default and thus this chnage is always needed. What a pitty. Co-authored-by: Tomáš Mráz GnuPG-bug-id: 4831 Signed-off-by: Werner Koch <[email protected]>
* gpg: Make really sure that --verify-files always returns an error.Werner Koch2020-02-101-5/+13
| | | | | | | | | | | | | | | | | * g10/verify.c (verify_files): Track the first error code. -- It seems to be possible to play tricks with packet structures so that log_error is not used for a bad input data. By actually checking the return code and let the main driver in gpg call log_error, we can fix this case. Note that using gpg --verify-files and relying solely on gpg's return code is at best a questionable strategy. It is for example impossible to tell which data has been signed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5681b8eaa44005afdd30211b47e5fb1a799583dd)
* common: Also protect log_inc_errorcount against counter overflow.Werner Koch2020-02-101-4/+4
| | | | | | | | | | | | | | | | * common/logging.c (log_inc_errorcount): Also protect against overflow. (log_error): Call log_inc_errorcount instead of directly bumping the counter. -- We already had an overflow checking for log_error but not for the silent increment function. This is basically the same fix we have in libgpg-error (libgpg-error commit d72c1ddfde09ffa69745ec2439c5a16d15e2202f) Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendor.Werner Koch2020-01-281-0/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendorWerner Koch2020-01-211-0/+1
| | | | | | -- Backport from master.
* gpgconf,w32: Print a warning for a suspicious homedir.Werner Koch2020-01-172-0/+17
| | | | | | | | | * tools/gpgconf.c (list_dirs): Check whether the homedir has been taken from the registry. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
* gpg: default-key: Simply don't limit by capability.NIIBE Yutaka2020-01-161-4/+0
| | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Remove the check. -- Backport from master commit: 1aa2a0a46dc19e108b79dc129a3b0c5576d14671 GnuPG-bug-id: 4810 Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2020-01-151-28/+12
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Removed the footnote that OpenPGP is not used with the keyboxWerner Koch2020-01-081-5/+1
| | | | | -- GnuPG-bug-id: 4799
* Update wk's signing keyWerner Koch2020-01-011-0/+0
| | | | | | -- The expiration time of that smartcard based key has been prolonged by 2 years.
* gpg: Fix output of --with-secret if a pattern is given.Werner Koch2019-12-231-8/+25
| | | | | | | | | | | | | | * g10/keylist.c (list_one): Probe for a secret key in --with-secret mode. -- In contrast to list_all(), list_one() did not tests for a secret key and took MARK_TRUSTED verbatim as an indication for "secret key available". GnuPG-bug: 4061 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5)
* speedo: Make signing optional for w32-releaseAndre Heinecke2019-12-191-1/+3
| | | | | * build-aux/speedo.mk (AUTHENTICODE_sign): Check if certificates are available.
* speedo: Use multithreaded xz for w32 sourceAndre Heinecke2019-12-191-1/+1
| | | | * build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
* speedo: Improve and document wixlib buildAndre Heinecke2019-12-192-10/+34
| | | | | * Makefile.am (sign-release): Add handling for wixlib. * build-aux/speedo.mk: Add help-wixlib and improve handling.
* speedo, w32: Add w32-wixlib target for MSI packageAndre Heinecke2019-12-173-2/+752
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Makefile.am (EXTRA_DIST): Add wixlib.wxs * build-aux/speedo.mk (w32-wixlib): New target. (w32-release): Build wixlib if WIXPREFIX is set. (help): Add documentation. * build-aux/speedo/w32/wixlib.wxs -- This build a wixlib of the Windows binaries of GnuPG. A wixlib is a module that can be linked into another wix project to create an installer including this module. Gpg4win uses the wixlib from GnuPG for it's MSI Package. To build the wixlib you need wine with wine-mono installed and the wixtoolset. When calling speedo set the variable WIXPREFIX to the location containing the extracted toolset. e.g.: make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix (cherry picked from commit 0b7088dc8035e8d5832c89085eea3b288de67710)
* Post release updatesWerner Koch2019-12-072-1/+5
| | | | --
* Release 2.2.19gnupg-2.2.19Werner Koch2019-12-071-3/+15
|
* po: Auto-updateWerner Koch2019-12-0725-108/+1163
| | | | --
* po: Update German translationWerner Koch2019-12-071-5/+39
| | | | --
* po: Make g10/call-dirmngr.c translatable.Werner Koch2019-12-072-3/+4
| | | | | | | | * po/POTFILES.in: Add g10/call-dirmngr.c * g10/call-dirmngr.c (create_context): Change an i18n sting for easier reuse. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Tell gpg about WKD lookups resulting from a cache.Werner Koch2019-12-072-2/+8
| | | | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Print new NOTE status "wkd_cached_result". * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein verbose mode. -- This little patch is helpful to see why a WKD change still does not work after it has been updated on the server. Signed-off-by: Werner Koch <[email protected]>
* sm: Add special case for expired intermediate certificates.Werner Koch2019-12-062-17/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct server_control_s): Add field 'current_time'. * sm/certchain.c (find_up_search_by_keyid): Detect a corner case. Also simplify by using ref-ed cert objects in place of an anyfound var. -- See the code for a description of the problem. Tested using the certs from the bug report and various command lines gpgsm --faked-system-time=XXXX --disable-crl-checks \ -ea -v --debug x509 -r 0x95599828 with XXXX being 20190230T000000 -> target cert too young with XXXX being 20190330T000000 -> okay with XXXX being 20190830T000000 -> okay, using the long term cert with XXXX being 20220330T000000 -> target cert expired The --disabled-crl-checks option is required because in our a simple test setting dirmngr does not know about the faked time. GnuPG-bug-id: 4696 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d246f317c04862cacfefc899c98da182ee2805a5)
* gpg: Use AKL for angle bracketed mail address with -r.Werner Koch2019-12-041-6/+31
| | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. (get_best_pubkey_byname): Ditto. -- With this patch it is now possible to use gpg -e -r '<[email protected]>' and auto key locate will find the key. Without that a plain mail address; i.e. gpg -e -r '[email protected]' was required. GnuPG-bug-id: 4726 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2019-12-031-13/+9
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix double free with anonymous recipients.Werner Koch2019-11-292-4/+11
| | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Do not release SK. -- Bug is in 2.2.18 only. The semantics of the enum_secret_keys function changed in master. When back porting this for 2.2.18 I missed this change and thus we ran into a double free. The patches fixes the regression but is it clumsy. We need to change the enum_secret_keys interface to avoid such a surprising behaviour; this needs to be done in master first. Regression-due-to: 9a317557c58d2bdcc504b70c366b77f4cac71df7 GnuPG-bug-id: 4762 Signed-off-by: Werner Koch <[email protected]>
* Post release updatesWerner Koch2019-11-252-1/+5
| | | | --
* Release 2.2.18gnupg-2.2.18Werner Koch2019-11-251-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 12:49:24 +0000