aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.4.2gnupg-2.4.2Werner Koch2023-05-301-2/+3
|
* po: msgmerge doneWerner Koch2023-05-3025-162/+256
| | | | --
* po: Translated one new string to German.Werner Koch2023-05-301-5/+9
| | | | --
* Prepare the NEWS for the next releaseWerner Koch2023-05-261-0/+22
| | | | --
* agent: Do not overwrite a key file by a shadow key file.Werner Koch2023-05-261-90/+64
| | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Partly rewrite to align with 2.2 code and to make sure that we don't overwrite a real key. (is_shadowed_key): New. -- This change is now also needed in 2.4 due to the the former change "Create and use Token entries to track the display s/n". GnuPG-bug-id: 6386
* agent: Update key files by first writing to a temp file.Werner Koch2023-05-261-66/+97
| | | | | | | * agent/findkey.c (fname_from_keygrip): New. (agent_write_private_key): Use here. Use temp file for updating. (agent_update_private_key): Use fname_from_keygrip and use gnupg rename function instead of a vanilla rename.
* agent: Create and use Token entries to track the display s/n.Werner Koch2023-05-2610-29/+102
| | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Add arg dispserialno and update the token. (agent_write_shadow_key): Add arg dispserialno and adjust all callers. -- GnuPG-bug-id: 6135 Note that this has been forward ported from 2.2
* common: New function nve_setWerner Koch2023-05-262-0/+27
| | | | | | | * common/name-value.c (nve_set): New. -- Taken from 2.2 commit 706adf669173ec604158e4a2f4337e3da6cb1e45
* gpg: Skip keys found via ADSKs.Werner Koch2023-05-252-15/+28
| | | | | | | | | | | | | | | * g10/encrypt.c (write_pubkey_enc): Indicate encryption to an ADSK. * g10/getkey.c (finish_lookup): Skip ADKS keys. -- If a key is searched by fingerprint or keyid and it happens that this is an ADSK (subkey with the RENC usage), we need to skip this key because it is not the key we actually want to encrypt to. The actual ADSK key is taken later by looking at all subkeys of the actual selected key. This is related to GnuPG-bug-id: 6504
* gpg: Fix searching for the ADSK key when adding an ADSK.Werner Koch2023-05-252-0/+12
| | | | | | | | * g10/keyedit.c (menu_addadsk): Request an exact search. * g10/getkey.c (finish_lookup): Add an debug output. -- GnuPG-bug-id: 6504
* po: Update Japanese Translation.NIIBE Yutaka2023-05-251-5/+9
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,w32: Fix resource leak for a process.NIIBE Yutaka2023-05-251-2/+2
| | | | | | | * agent/call-daemon.c (wait_child_thread): Call assuan_set_flag only for !HAVE_W32_SYSTEM. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Return ERROR status for --quick-sign-key.Werner Koch2023-05-241-3/+6
| | | | | * g10/keyedit.c (keyedit_quick_sign): Return an error status line. --
* w32: Add missing supportedOS Ids for Windows-10Werner Koch2023-05-248-2/+8
| | | | --
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-2431-22/+534
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503
* common,w32: Set a proper error code when creating an output file.Werner Koch2023-05-231-2/+10
| | | | | | * common/iobuf.c (direct_open) [W32]: Set errno. (fd_cache_open): Ditto. --
* sm: Emit STATUS_FAILURE for non-implemented commands.Werner Koch2023-05-222-5/+13
| | | | * sm/gpgsm.c (main): Do it here.
* gpgtar: Emit FAILURE status line.Werner Koch2023-05-191-0/+10
| | | | | | | | | | * tools/gpgtar.c (main): Write status line before exit. -- Due to the new way we support gpgtar in GPGME we need status lines to detect a final error. GnuPG-bug-id: 6497
* kbx,w32: Disable the fd-passing.Werner Koch2023-05-171-1/+7
| | | | | | | | | | | * kbx/kbxserver.c (kbxd_start_command_handler): No fd-passing udner Windows. -- file descriptor passing does not work reliable in libassuan for Windows and we actually don't need it here. It is not even used by gpg or gpgsm. As soon as we enable fd-passing in gpgme for Windows and see that it is robust enough we should back out this patch.
* gpg: New option --debug-ignore-expiration to help with testing.Werner Koch2023-05-095-9/+26
| | | | | | | | | | | | | * g10/gpg.c (oDebugIgnoreExpiration): New. (opts): Add option. (main): Set flag. * g10/options.h (opt): Add field ignore_expiration. * g10/pkclist.c (do_we_trust): Handle the option. * g10/getkey.c (skip_unusable): Ditto. (finish_lookup): Ditto. -- GnuPG-bug-id: 2703
* gpg: Print a warning if no more encryption subkey was left over.Werner Koch2023-05-083-0/+37
| | | | | | | * g10/keyedit.c (no_usable_encr_subkeys_warning): New. (keyedit_menu): Call it after running an expire command. * g10/import.c (import_one_real): Call it in the show_key case. --
* kbx: For non-Windows use 64k buffers by default instead of 128k.Werner Koch2023-05-081-1/+7
| | | | | | | | | * kbx/keybox-init.c (DEFAULT_LL_BUFFER_SIZE): New. -- A simple gpg --check-sigs benchmark showed on Linux a small performance peak at around 64k (5m52 vs. 6m8 for 128k and 6m33 for system size).
* kbx: Use custom estream bufferingWerner Koch2023-05-084-3/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * kbx/keybox-init.c (ll_buffer_size): New var intialized to 128k (stream_buffers): New var. (keybox_set_buffersize): New. (_keybox_ll_open, _keybox_ll_close): Implement buffering. * sm/gpgsm.c (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. * g10/gpg.c: Include keybox.h. * (oKbxBufferSize): New. (opts): Add option --kbx-buffer-size. (main): Call keybox_set_buffersize. -- Running a test on Windows using a pubring.kbx with Total number of blobs: 2098 openpgp: 1294 x509: 803 and a size of 42MiB with gpgsm -k --with-validation --disable-dirmngr --kbx-buffer-size N >nul gives these performance figures using procmon | N(k) | file events | time(s) | |------+-------------+---------| | 0 | 4900000 | 86 | | 16 | 2456000 | 58 | | 32 | 1233000 | 43 | | 64 | 622000 | 37 | | 128 | 317000 | 32 | | 256 | 164000 | 31 | | 512 | 88000 | 30 | Using _open instead of CreateFile give the same number of file events but increased the time slight by one second for the measured buffer size of 64k and 128k. Benchmarks for gpg have not been conducted.
* kbx: Use wrapper functions for es_fclose and es_fopen.Werner Koch2023-05-054-88/+120
| | | | | | | | | | | | | * kbx/keybox-defs.h (KEYBOX_LL_OPEN_READ) (KEYBOX_LL_OPEN_UPDATE, KEYBOX_LL_OPEN_CREATE): New. * kbx/keybox-init.c (_keybox_ll_open): New. Replace all keybox use of es_fopen by this function. (_keybox_ll_close): New. Replace all keybox use of es_fclose by this function. -- Note that this has not been done for the utilities and the backend-kbx of keyboxd.
* kbx: Add extra flags to fopen for use by Windows.Werner Koch2023-05-043-8/+8
| | | | | | | | | | | | | | | | | | * kbx/keybox-search.c (open_file): Use sysopen and sequential. * kbx/keybox-update.c (create_tmp_file): Ditto. (blob_filecopy): Ditto. (keybox_set_flags): Ditto. (keybox_delete): Ditto. (keybox_compress): Ditto. -- Under Windows "sysopen" requests that direct API calls (CreateFile et al.) are used instead of the libc wrappers. This may or may not improve the performance. Using "sequential" is a hint to Windows to assume that a file is in general access in a sequential manner. This will have an affect only with a future libgpg-error.
* gpgsm: Cache the non-existence of the policy file.Werner Koch2023-05-041-2/+17
| | | | | | | | | * sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
* dirmngr: Fix API of functions wrt their error type.NIIBE Yutaka2023-05-012-10/+10
| | | | | | | | | | * dirmngr/crlcache.h (fakecrl_isvalid): Fix return type. * dirmngr/http.c (parse_response): Fix return type to gpg_error_t, modifying the function implementation. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix parsing ECC key.NIIBE Yutaka2023-05-011-1/+1
| | | | | | | | * common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix cmd_apdu on error.NIIBE Yutaka2023-05-012-2/+5
| | | | | | | | | | * scd/command.c (cmd_apdu): Fix the code path on error. -- GnuPG-bug-id: 6476 Reported-by: Robin Krahl Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2023-04-282-1/+5
| | | | --
* Release 2.4.1gnupg-2.4.1Werner Koch2023-04-281-4/+22
|
* po: msgmerge doneWerner Koch2023-04-2826-385/+1337
| | | | --
* po: Update German translationWerner Koch2023-04-281-17/+52
| | | | --
* regexp: Update UnicodeData for Unicode 15.0.0.NIIBE Yutaka2023-04-271-4/+1131
| | | | | | | | | | | | | * regexp/UnicodeData.txt: Update from upstream. -- https://www.unicode.org/Public/15.0.0/ucd/UnicodeData.txt See: https://www.unicode.org/versions/Unicode15.0.0/ https://www.unicode.org/reports/tr44/ Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo,w32: Adjustments for the new Unicode NSIS plugins.Werner Koch2023-04-262-23/+25
| | | | | | | | | * build-aux/speedo/w32/inst.nsi: Convert to UTF-8. Add Unicode statement. * build-aux/speedo.mk (installer): Remove -INPUTCHARSET. -- GnuPG-bug-id: 6448
* speedo: Update NSIS helper DLL from Gpg4winWerner Koch2023-04-266-261/+724
| | | | | | | | | * build-aux/speedo/w32/inst.nsi: Re-enable run-once check. * build-aux/speedo/w32/exdll.c: New. * build-aux/speedo.mk (g4wihelp.dll): Change build commands. -- GnuPG-bug-id: 6448
* po: Update Japanese Translation.NIIBE Yutaka2023-04-261-23/+59
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix for overridden key import.NIIBE Yutaka2023-04-251-1/+1
| | | | | | | | | | | * g10/import.c (do_transfer): Force the overridden key import even when smartcard is available. -- Fixes-commit: 2c1297055041b4657ea1a927acac978c2b09a483 GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix writing ECDH keys to OpenPGP smartcards.Werner Koch2023-04-218-37/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378
* common: Incorporate upstream changes of regexp.NIIBE Yutaka2023-04-211-3/+6
| | | | | | | | | | | | | | * regexp/jimregexp.c (regatom): Raise REG_ERR_UNMATCHED_BRACKET when no matching end bracket. (regmatch): Fix the end of word check. -- Original changes: Signed-off-by: Steve Bennett <[email protected]> GnuPG-bug-id: 6455 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd,p15: Enforce a min. PIN length for certain cards.Werner Koch2023-04-201-5/+10
| | | | * scd/app-p15.c (verify_pin): Enforce 6 for RSCS cards.
* common: Fix minor bug in the jimregexp code.Werner Koch2023-04-201-2/+3
| | | | | | | | | | * regexp/jimregexp.c (regatom): Make error checking for stray backslash at end of the string work. Check that the pattern class is closed by a bracket. -- GnuPG-bug-id: 6455 Co-authored-by: Guldrelokk
* gpg: New command "openpgp" for --card-edit.Werner Koch2023-04-202-5/+22
| | | | | | | | | | | | | | | | | | * g10/card-util.c (current_card_status): Print a hint for fishy outputs. (enum cmdids): Add cmdOPENPGP. (cmds): Add "openpgp". (card_edit): Implement that command. -- If a Yubikey has been used in PIV mode the initial listing does not look correct. Although we explicitly switch to the OpenPGP app when needed, we don't want to do this in listing mode. Instead we offer a new command "openpgp" to force the openpgp mode. The ultimate goal will be to enhance the gpg-card tool to completely take over the --card-edit features. But we are not yet there. GnuPG-bug-id: 6462
* Use keyboxd on a fresh install also on Windows.Werner Koch2023-04-191-32/+40
| | | | | | | | | | * common/homedir.c (gnupg_maybe_make_homedir): Factor some code out to ... (create_common_conf): new. (standard_homedir): Call it also from here. -- Fixes-commit: d9e7488b17fdc617eec735e2c0485b69285ba511
* gpg: Make sure that we are not accidently working with the PIV app.Werner Koch2023-04-184-0/+30
| | | | | | | | | | | | | | | * g10/call-agent.c (agent_scd_switchapp): New. * g10/card-util.c (get_info_for_key_operation): Call it. -- It may happen that the active card was last used for PIV and in that case certain commands will fail because they assume the OpenPGP app. Fortunately we have a pretty central place to assure that the right app has been selected. The bug can be easily noticed on Windows. GnuPG-bug-id: 6378
* scd: On a Yubikey re-select the last app after the use of APDU.Werner Koch2023-04-183-2/+22
| | | | | | | | | | | | | * scd/app-common.h (struct card_ctx_s): Add maybe_check_aid flag. * scd/command.c (cmd_apdu): Set it. * scd/app.c (check_external_interference): Consult this flag. (maybe_switch_app): Do a re-select if this flag is set. -- After the gpg-card tool has issued a Yubikey specific command the current application is not anymore correctly selected. This then results in all kind of errors. We detect this now and try to re-select the last app.
* ssh: Allow to prefer on-disk keys over active card keys.Werner Koch2023-04-184-7/+61
| | | | | | | | * agent/command-ssh.c (ssh_send_available_keys): Redefine the order of keys. -- GnuPG-bug-id: 6212
* gpgtar: Read common.conf for the log-file option.Werner Koch2023-04-183-1/+21
| | | | | | | | | | | | | | | * common/util.h (GNUPG_MODULE_NAME_GPGTAR): New. * common/homedir.c (gnupg_module_name): Add it. * tools/gpgtar.c: Include comopt.h. (enum cmd_and_opt_values): Add oDebug. (opts): Add --debug. (any_debug): New. (main): Parse common.conf. -- Having a way to see the output of gpgtar is often useful for debugging. The only effect of the debug option is to show whether common.conf was read.
* gpg: Allow overridden key import when stub exists.NIIBE Yutaka2023-04-181-1/+11
| | | | | | | | | | * g10/import.c (do_transfer): Force importing when it's card reference. -- GnuPG-bug-id: 3456 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Curvenames may now compared case insensitive.Werner Koch2023-04-121-9/+12
| | | | | | | | | | | | * common/openpgp-oid.c (openpgp_curve_to_oid): Repalce strmcp by ascii_strcasecmp. (openpgp_oid_or_name_to_curve): Ditto. (openpgp_is_curve_supported): Ditto. (get_keyalgo_string): Ditto. -- It was just to hard to remember the correct capitalization of names like brainpoolP512r1.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-17 14:49:33 +0000