aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.33gnupg-2.2.33Werner Koch2021-11-231-1/+45
|
* po: Auto updateWerner Koch2021-11-2326-207/+405
| | | | --
* po: Update Russian translation.Ineiev2021-11-231-14/+10
|
* gpg: New option --forbid-gen-key.Werner Koch2021-11-222-9/+44
| | | | | | | | | | | | * g10/gpg.c (oForbidGenKey, opts): New option. (mopt): New local struct (gen_key_forbidden): New. (main): Set and handle the option. -- In large system installation it is sometimes useful to make it a bit harder for users to generate their own keys. An example is a policy to not use on-disk keys.
* gpgconf: Include output of --list-dirs in --show-configs.Werner Koch2021-11-191-14/+28
| | | | | | * tools/gpgconf.c (list_dirs): Add arg special. (show_other_registry_entries): Print the Homedir. (show_configs): List directories.
* gpgconf: --show-configs now prints a bunch of Registry entries.Werner Koch2021-11-181-11/+103
| | | | | | * tools/gpgconf.c (show_other_registry_entries): New. (show_configs): Call it. Minor reformatting. --
* gpgconf: Extend --show-config to show envvars.Werner Koch2021-11-181-19/+112
| | | | | | | | | * tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain things. (show_configs_one_file): New arg LISTP to be passed thru. (show_configs): Show envars and regisiry values. Signed-off-by: Werner Koch <[email protected]>
* common,w32: New function read_w32_reg_string.Werner Koch2021-11-183-18/+74
| | | | | | * common/w32-reg.c (read_w32_reg_string): New. * common/t-w32-reg.c (test_read_registry): Add another test.
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-188-9/+59
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* po: Replace "PIN-Cache" by "Passwort Cache" in German.Werner Koch2021-11-181-10/+18
| | | | | | | | -- For whatever reason (maybe because it is shorter) we used the term "PIN" instead of "Passphrase" or "Passwort". That is confusing because there is no cache for smartcard PINs.
* sm: Detect circular chains in --list-chain.Werner Koch2021-11-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Fix several "include file not found" problemsIngo Klöcker2021-11-143-7/+8
| | | | | | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add NPTH_CFLAGS. * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. -- The tools include gcrypt.h via common/util.h. GnuPG-bug-id: 5592
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+12
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* Update release signing keysWerner Koch2021-11-131-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- The last key is new. As usual the key is on a dedicated card with the Admin PIN accessible to a few core hackers. # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]> pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid GnuPG.com (Release Signing Key 2021) sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021) sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020) sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* gpg: Remove stale ultimately trusted keys from the trustdb.Werner Koch2021-11-137-33/+85
| | | | | | | | | | | | | | | | * g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <[email protected]>
* gpgconf: New command --show-configs.Werner Koch2021-11-131-6/+155
| | | | | | | | | | | | | | | | | | * tools/gpgconf.c (aShowConfigs): New. (opts): Add --show-configs. (CUTLINE_FMT): New. (show_version_gnupg): Add arg "prefix" and adjust caller. (my_copy_file): New. (show_configs_one_file): New.New. (show_configs): New. (main): Call show_configs. -- The ability to have a consolidated list of all config files is very useful for support cases. This is in particular important due to the global config files and their conditional constructs. Signed-off-by: Werner Koch <[email protected]>
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-133-9/+41
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify the "ntds" AKL mechanism.Werner Koch2021-11-121-1/+3
| | | | --
* scd: More conservative selection of a card reader.NIIBE Yutaka2021-11-101-1/+1
| | | | | | | | | | * scd/apdu.c (select_a_reader): Only SPRx32 is in the white list. -- GnuPG-bug-id: 5644 Fixes-commit: 752422a792cecf459b37f517d634bcf272292b14 Signed-off-by: NIIBE Yutaka <[email protected]>
* wks: Do not mark key files as executableBernhard M. Wiedemann2021-11-091-1/+1
|
* wks: Allow access to newly created dirsBernhard M. Wiedemann2021-11-091-2/+2
|
* doc: Minor fix for --http-proxy.Werner Koch2021-11-051-1/+1
| | | | --
* build: Let the release target also sign the wixlib.Werner Koch2021-11-021-2/+6
| | | | --
* common: Support MYPROC_SELF_EXE for SolarisWerner Koch2021-11-022-1/+3
| | | | | | | * common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS. -- GnuPG-bug-id: 5671
* common: Silence warning from unix_rootdir on systems w/o /procWerner Koch2021-11-021-4/+6
| | | | | | | | | * common/homedir.c (unix_rootdir): Silence diagnostic in the common case. (MYPROC_SELF_EXE): Support NetBSD. -- GnuPG-bug-id: 5656
* common: Respect gpgconf.ctl when looking up translationsIngo Klöcker2021-11-022-4/+4
| | | | | | | | | | | | | * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR. (i18n_localegettext): Ditto. * tools/gpgconf-comp.c (my_dgettext): Ditto. -- On Unix, gnupg_localedir() returns the locale directory relative to the root directory of the gnupg installation if specified in the gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR. GnuPG-bug-id: 5999
* common: Support gpgconf.ctl also for BSDs.Werner Koch2021-11-022-10/+31
| | | | | | | | | | * common/homedir.c (MYPROC_SELF_EXE): New. (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as fallback. -- In addition this adds a fallback method for AIX etc which do not have an easy way to get the info.
* common: Add keyword sysconfdir to the optional gpgconf.ctl file.Werner Koch2021-11-021-18/+69
| | | | | | | | | | * common/homedir.c (unix_rootdir): Add arg want_sysconfdir. (gnupg_sysconfdir): Return it. -- Our regression test suite has the problem that we can't disable the use of the global config files or test them using the regualr binaries. This new keyword will allow us to overcome the problem.
* common: Support a gpgconf.ctl file under Unix.Werner Koch2021-11-021-17/+252
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): New. (gnupg_bindir): Use it. (gnupg_libexecdir): Use it. (gnupg_libdir): Use it. (gnupg_datadir): Use it. (gnupg_localedir): Use it. -- This feature is useful for building and using an AppImage version of gnupg and probably also for some other use cases. GnuPG-bug-id: 5999 Here is a sample gpgconf.ctl file --8<---------------cut here---------------start------------->8--- # gpgconf.ctl # # This file is used to change the directories where the gpg components # are installed. It does not change the configuration directories. # The file is expected in the same directory as gpgconf. The physical # installation directories are evaluated and no symlinks. Blank lines # and lines starting with pound signed are ignored. No errors are # printed for unknown keywords or commands. The only defined key for # now is "rootdir" which must be followed by one optional space, an # equal sign, and the value for the root directory. Environment # variables are substituted in standard shell manner, the final value # must start with a slash, trailing slashed are stripped. rootdir = $APPDIR/gnupg --8<---------------cut here---------------end--------------->8---
* common: New function substitute_envvars.Werner Koch2021-11-023-0/+206
| | | | | | | | | | * common/stringhelp.c (substitute_envvars): New. Based on code in gpg-connect-agent. * common/t-stringhelp.c: Include sysutils.h. (test_substitute_envvars): New. -- GnuPG-bug-id: 5599
* common,w32: Do not always print "Garbled console data" warning.Werner Koch2021-11-021-2/+8
| | | | | * common/init.c (_init_common_subsystems): Silence message. --
* dns: Make reading resolv.conf more robust.NIIBE Yutaka2021-11-021-1/+6
| | | | | | | | | | * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which begins with '.'. -- GnuPG-bug-id: 5657 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix printing of binary notations.Werner Koch2021-10-221-2/+6
| | | | | | | * g10/keylist.c (show_notation): Print binary notation from BDAT. -- GnuPG-bug-id: 5667
* gpgconf: create local option file even if a global file exists.Werner Koch2021-10-222-0/+50
| | | | | | | | | | | | | | | | * tools/gpgconf-comp.c (munge_config_filename): New. (change_options_program): Call it. -- In case a system-wide config exists but no local file, the component returns the name of the system-wide config file and gpgconf tried to update this file. This fixes this by detecting the presense of a system-wide config file. This applies only to 2.2; the configuration system in 2.3 has been heavily changed to better handle system-wide configuration files. GnuPG-bug-id: 5650
* scd: Select a reader for PC/SC.NIIBE Yutaka2021-10-221-4/+76
| | | | | | | | | | * scd/apdu.c (select_a_reader): New. (open_pcsc_reader): Use select_a_reader. -- GnuPG-bug-id: 5644 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --override-compliance-checkWerner Koch2021-10-134-11/+56
| | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): new. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655 Backported-from-master: fb26e144adfd93051501d58f5d0d4f8826ddf436
* Post release updatesWerner Koch2021-10-062-1/+7
| | | | --
* Release 2.2.32gnupg-2.2.32Werner Koch2021-10-061-1/+8
|
* gpg: Skip the packet when not used for AEAD.NIIBE Yutaka2021-10-061-0/+1
| | | | | | | | | | * g10/free-packet.c (free_packet): Add the case for case PKT_ENCRYPTED_AEAD. -- GnuPG-bug-id: 5584 Signed-off-by: NIIBE Yutaka <[email protected]> (bug id fixed in this backport)
* dirmngr: New option --ignore-certWerner Koch2021-10-065-7/+98
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. (opt): Add field ignored_certs. * dirmngr/dirmngr.c: Add option --ignore-cert (parse_rereadable_options): Handle that option. (parse_ocsp_signer): Rename to ... (parse_fingerprint_item): this and add two args. * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. Change callers to handle the new error return. -- This option is useful as a workaround in case we ill run into other chain validation errors like what we fixed in GnuPG-bug-id: 5639 Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
* dirmngr: Fix Let's Encrypt certificate chain validation.Werner Koch2021-10-061-8/+31
| | | | | | | | | | | | * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted certififcate if any. -- This is basically the same as using OpenSSL with ist X509_V_FLAG_TRUSTED_FIRST flag. See https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ GnuPG-bug-id: 5639
* Post release updatesWerner Koch2021-09-162-1/+7
| | | | --
* Release 2.2.31gnupg-2.2.31Werner Koch2021-09-151-1/+8
|
* po: Change German descriptions for password constraints.Werner Koch2021-09-151-8/+6
| | | | --
* Update release signing keys.Werner Koch2021-09-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- These are now # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]>
* scd: Remove context reference counting from pc/scWerner Koch2021-09-141-22/+16
| | | | | | | | | | | | | | | | | | | | * scd/apdu.c (pcsc): Add flag context_valid, remove count. (close_pcsc_reader): Use new flag instead of looking at magic context value. (pcsc_init): Set new flag. (open_pcsc_reader): Use new flag. (apdu_init): Clear new flag. * scd/apdu.c: Remove assert.h. Replace all assert by log_assert. -- The previous fix 192113552faa98f40cc91fe014ec55861474626c did not help, thus the new hypothesis is that PC/SC might return a valid context with the value -1. We now use a dedicated flag to track the validity of the context. The reference counting seems to be superfluous and is a relict due to backporting from 2.3. Removed.
* common: New envvar GNUPG_EXEC_DEBUG_FLAGS.Werner Koch2021-09-131-4/+16
| | | | | * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence breakaway messages and turn them again into debug messages.
* doc: Clarify some gpg keyring optionsWerner Koch2021-09-091-15/+15
| | | | | -- GnuPG-bug-id: 5594
* scd: Support PC/SC for "getinfo reader_list".Werner Koch2021-09-083-12/+88
| | | | | | | | | | | | | | | | | | | | | * scd/apdu.c: Include membuf.h. (pcsc): Add reader_list field. (open_pcsc_reader): Fill that field. (apdu_get_reader_list): New. * scd/command.c: Remove header ccid-driver.h. (pretty_assuan_send_data): New. (cmd_getinfo): Print all reader names. -- Note that depending on the card backend (ccid or PC/SC) it might be necessary to first send a reset followed by SERIALNO to get an updated list of reader. Or well send KILLSCD. The pretty printing of Assuan data lines does only work if you connect direct to scdaemon because the wrapper in gpg-agent does not know about this and combines the Assuan lines again. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-18 06:17:49 +0000