aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.0.31gnupg-2.0.31STABLE-BRANCH-2-0Werner Koch2017-12-293-1/+11
|
* po: Fix a string in de and nl. Mark a string in ro and sk fuzzy.Werner Koch2017-12-194-4/+6
| | | | | | | | | | | | | | | | | -- These wrong translations are propably due to accidently removing a fuzzy mark. A German translation (gpgsm audit feature) was actually reversed. A Dutch translation has an unused ": %s" at the end. I am not 100% of the Romanian and Slovak strings, thus I marked them as fuzzy. GnuPG-bug-id: 3619 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese translation.NIIBE Yutaka2017-12-181-4/+4
| | | | | | | | | | | | | | * po/ja.po: Fix message with no "%s". -- Backport of master commit from: 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8 The wrong message caused segmentation fault for key generation when no expiration is specified. GnuPG-bug-id: 3619 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix regexp sanitization.NIIBE Yutaka2017-12-041-1/+5
| | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (sanitize_regexp): Only escape operators. -- Backport from master commit: ccf3ba92087e79abdeaa0208795829b431c6f201 To sanitize a regular expression, quoting by backslash should be only done for defined characters. POSIX defines 12 characters including dot and backslash. Quoting other characters is wrong, in two ways; It may build an operator like: \b, \s, \w when using GNU library. Case ignored match doesn't work, because quoting lower letter means literally and no much to upper letter. GnuPG-bug-id: 2923 Co-authored-by: Damien Goutte-Gattat <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgsm: Allow ciphers AES192 and SERPENT256Werner Koch2017-07-131-1/+3
| | | | | | | | | | | | | | * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256. -- Note that currently released Libcgrypt versions miss OIDs for Serpent and thus Serpent can only be used with tye forthcoming Libgcrypt 1.7.1. (backport of master commit 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68) GnuPG-bug-id: 2273, 2934 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix export porting of zero length user ID packets.Werner Koch2017-03-301-2/+7
| | | | | | | | | | | | | | * g10/build-packet.c (do_user_id): Avoid indeterminate length header. -- We are able to import such user ids but when exporting them the exported data could not be imported again because the parser bails out on invalid keyrings. This is now fixed and should be backported. Note that in 2.0 this is only an issue for attribute packets. In 2.1 user IDs were also affected.a Signed-off-by: Werner Koch <[email protected]>
* scd: Support OpenPGP card V3 for RSA.NIIBE Yutaka2016-11-301-23/+34
| | | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and max_rsp_data fields as Extended Capabilities bits are different. (get_cached_data) Use extcap.max_certlen_3. (get_one_do): Don't use exmode=1. (determine_rsa_response): New. (get_public_key, do_genkey): Call determine_rsa_response. (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data. (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data. (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8. (show_caps): Remove max_cmd_data and max_rsp_data. (app_select_openpgp): Likewise. -- Backport of master commit: b89e63e5c326af71470124b410e6429cbd2b5c43 OpenPGP card V3 had introduced incompatible change in Extended Capabilities bits. We can work around by this change by not using those bits. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix receive buffer size.NIIBE Yutaka2016-11-301-2/+3
| | | | | | | | | | | | | | * scd/apdu.c (send_le): Fix the size, adding two for status bytes to Le. -- Backport of master commit: 5c2db9dedfe9dbb14ffec24751ca23a69cead94e This is long standing bug. So far, Le was not exact value. Since forthcoming change will introduce exact value of expected length of response data, this change is needed. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't limit to ST-2xxx for PC/SC.NIIBE Yutaka2016-11-301-1/+5
| | | | | | | | | | | | * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID. -- Backport of master commit: b6066ab18a67195817babaf9eccf896c2b3c7b0e Some other products by Cherry works with pinpad, although it only works for smaller keys (RSA 1024). TPDU support is good for larger keys. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix status info encoding.NIIBE Yutaka2016-11-301-1/+2
| | | | | | | | | | * scd/command.c (send_status_info): Do percent plus encoding correctly. -- Backport of master commit: 4ee4d0b02172cf56d9582bb99e32a65c75315b25 Reported-by: David Härdeman <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: minor cleanup to merge other works.NIIBE Yutaka2016-11-303-42/+35
| | | | | | | | | | | * scd/iso7816.c (do_generate_keypair): Use const char * for DATA. (iso7816_generate_keypair, iso7816_read_public_key): Likewise. * scd/app-openpgp.c (get_public_key): Follow the change. (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT. -- Backport of master commit: f1845f25dbea79c191427710fa56ed01e63a045b Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix an action after card removal.NIIBE Yutaka2016-11-301-4/+2
| | | | | | | | | | | | | | | | | | * scd/command.c (update_card_removed): Call apdu_close_reader here. -- Backport of master commit: f9e49c80e706a27d5e30d4b3237ff26367a67130 This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 It is better apdu_close_reader is called in update_card_removed. The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a regression, it doesn't close the reader after removal of the card, while the code before the commit call apdu_close_reader in do_reset. So, this fix. GnuPG-bug-id: 2449 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Release the card reader after card removal.NIIBE Yutaka2016-11-301-1/+4
| | | | | | | | | | * scd/command.c (update_reader_status_file): Call apdu_close_reader. -- Backport of master commit: 8fe81055762d9c9e6f03fb7853a985c94ef73ac3 GnuPG-bug-id: 2651 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Clean up unused shutdown method.NIIBE Yutaka2016-11-303-103/+0
| | | | | | | | | | | * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove. (reset_ccid_reader): Don't set shutdown_reader. * scd/ccid-driver.c (ccid_shutdown_reader): Remove. -- Backport of master commit: d1ae7103352fbda2a05f098379cd3043a0ab5566 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix card removal/reset on multiple contexts.NIIBE Yutaka2016-11-292-37/+44
| | | | | | | | | | | | | | | | * scd/app.c (application_notify_card_reset): Add message for debug. *scd/command.c (update_card_removed): Call release_application and set SLOT -1 here. (struct server_local_s): Remove app_ctx_marked_for_release. (do_reset): Don't mark release but call release_application here. (open_card): Remove app_ctx_marked_for_release handling. (update_reader_status_file): Don't set SLOT here, so that it can be released the APP by application_notify_card_reset in update_card_removed. -- Backport of master commit: 1598a4476466822e7e9c757ac471089d3db4b545 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix race conditions for release_application.NIIBE Yutaka2016-11-291-4/+6
| | | | | | | | | | | | * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling release_application. -- Backport of master commit: 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3 Thanks to Ben Warren for the report. Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Make option --homedir work.Werner Koch2016-11-291-0/+1
| | | | | | | | | | | * scd/scdaemon.c (opts): Add --homedir. -- Backport of master commit: def512eb67c8a380f3b873cee0f156deef0b6dda Without that entry the homedir setting won't work. GnuPG-bug-id: 2386 Signed-off-by: Werner Koch <[email protected]>
* scd: More fix of error return path.NIIBE Yutaka2016-11-291-2/+2
| | | | | | | | | | | * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of apdu_connect. -- Backport of master commit: 6677d8b61446eb5760a30a2488c992d6e895a9ed GnuPG-bug-id: 2306 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Improve error handling.Justus Winter2016-11-291-1/+1
| | | | | | | | | | * scd/app-openpgp.c (get_public_key): Improve error handling. -- Backport master commit: 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d Found using the Clang Static Analyzer. Signed-off-by: Justus Winter <[email protected]>
* scd: Fix error handling with libusb-compat library.NIIBE Yutaka2016-11-291-7/+12
| | | | | | | | | | | * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE. -- With libusb-compat library, the error is different than original libusb. (The libusb-compat library is used by Fedora.) Backport of master commit: 1e94a672efb8bf66f416bc63bf6670e509a21fe5
* scd: Handle error correctly.NIIBE Yutaka2016-11-291-5/+5
| | | | | | | | * scd/apdu.c (apdu_connect): Initialize variables and check an error of apdu_get_status_internal. -- Backport from master commit: 6bb7206e357acfd7276a8f1334c0f0c9cc6ed100
* scd: KEYNO cleanup.NIIBE Yutaka2016-11-291-30/+33
| | | | | | | | | | * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey) (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey) (compare_fingerprint, check_against_given_fingerprint): KEYNO starts from 0. -- Backport of master commit: fd689e85423d0d80d725f0315c52d94f0e9766f8
* scd: Use cipher.h for constants.NIIBE Yutaka2016-11-292-7/+9
| | | | | | | * scd/app-openpgp.c: Include cipher.h. -- Backport from master commit:f5d356fb5bbbd0e05a753612455253e4bc335266
* gpg: Avoid publishing the GnuPG version by defaultDaniel Kahn Gillmor2016-08-092-3/+3
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (main): initialize opt.emit_version to 0 * doc/gpg.texi: document different default for --emit-version -- The version of GnuPG in use is not particularly helpful. It is not cryptographically verifiable, and it doesn't distinguish between significant version differences like 2.0.x and 2.1.x. Additionally, it leaks metadata that can be used to distinguish users from one another, and can potentially be used to target specific attacks if there are known behaviors that differ between major versions. It's probably better to take the more parsimonious approach to metadata production by default. (backport of master commit c9387e41db7520d176edd3d6613b85875bdeb32c) Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: Fix checking key for signature validation.NIIBE Yutaka2016-08-041-2/+2
| | | | | | | | | | | | * g10/sig-check.c (signature_check2): Not only subkey, but also primary key should have flags.valid=1. -- (backport of master commit 6f284e6ed63f514b15fe610f490ffcefc87a2164) Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgv: Tweak default options for extra security.NIIBE Yutaka2016-07-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on cached status. Similarly, set opt.flags.require_cross_cert for backsig validation for subkey signature. -- (backport of master commit e32c575e0f3704e7563048eea6d26844bdfc494b) It is common that an organization distributes binary keyrings with signature cache (Tag 12, Trust Packet) and people use gpgv to validate signature with such keyrings. In such a use case, it is possible that the key validation itself is skipped. For the purpose of gpgv validation of signatures, we should not depend on signature cache in keyrings (if any), but we should validate the key by its self signature for primary key, and back signature for subkey. Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix keysize with --expert.NIIBE Yutaka2016-07-061-2/+2
| | | | | | | | | | | | * g10/keygen.c (ask_keysize): It's 768 only for DSA. -- (forwardport of 1.4 commit ca1fc596267b42a894a3fc85c3733007c672ed1f) GnuPG-bug-id: 2238 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix --list-packets.NIIBE Yutaka2016-06-284-5/+4
| | | | | | | | | | | | | | | | | * g10/gpg.c (main): Call set_packet_list_mode after assignment of opt.list_packets. * g10/mainproc.c (do_proc_packets): Don't stop processing with --list-packets as the comment says. * g10/options.h (list_packets): Fix the comment. * g10/parse-packet.c: Fix the condition for opt.list_packets. -- (backport of master commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a) Debian-bug-id: 828109 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Fix card-edit/fetch to use keyserver_fetch.NIIBE Yutaka2016-06-241-17/+7
| | | | | | | | | | | | * g10/card-util.c (fetch_url): Call keyserver_fetch instead of keyserver_import_fprint. -- Signed-off-by: NIIBE Yutaka <[email protected]> GnuPG-bug-id: 1828 (backport of master commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2)
* scd: Reset nonnull_nad to zero for VENDOR_GEMPC.Niibe Yutaka2016-06-191-1/+1
| | | | | | | | | | | | | | | | * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device. -- We can't use the driver for 08E6:3438, while it works well under PC/SC service. I found that the library of ccid always uses the node address = ZERO for all transactions. So, we extend the same handling for not only GEMPC_CT30, but also for all its devices. Debian-bug-id: 814584 Signed-off-by: NIIBE Yutaka <[email protected]> (backport form master commit 971064f8b7ad676326b2a468f688037a303717df)
* g10: Fix another race condition for trustdb access.Niibe Yutaka2016-06-141-2/+5
| | | | | | | | | | | | | | | | * g10/tdbio.c (create_version_record): Call create_hashtable to always make hashtable, together with the version record. (get_trusthashrec): Remove call to create_hashtable. -- GnuPG-bug-id: 1675 Thanks to Scott Moser to reproducible script and patience. Signed-off-by: NIIBE Yutaka <[email protected]> (backport from master commit 35a3ce2acf78a95fecbccfd8db0560cca24232df)
* doc: Remove description of --faked-system-time from gpg.texiWerner Koch2016-04-081-14/+0
| | | | | | -- This option is only available in 2.1.
* po: Fix misleading german translation.Justus Winter2016-04-041-2/+1
| | | | | | -- GnuPG-bug-id: 2239 Signed-off-by: Justus Winter <[email protected]>
* Post release updatesWerner Koch2016-03-3131-117/+120
| | | | --
* Release 2.0.30gnupg-2.0.30Werner Koch2016-03-311-1/+20
|
* po: Auto updateWerner Koch2016-03-312-22/+19
| | | | --
* doc: Update help.ru.textIneiev2016-03-311-107/+226
|
* build: Create *.swdb file during make distcheck.Werner Koch2016-03-311-0/+14
| | | | | | * Makefile.am (distcheck-hook): New. Signed-off-by: Werner Koch <[email protected]>
* gpg: Silence trustdb messages with --quiet.Werner Koch2016-03-311-6/+8
| | | | | | * g10/trustdb.c (validate_keys): Silence messages Signed-off-by: Werner Koch <[email protected]>
* agent: Do not remove the ssh socket.Justus Winter2016-03-021-0/+2
| | | | | | | | | | * agent/gpg-agent.c (create_server_socket): Also inhibit the removal of the ssh socket if another agent process is already running. GnuPG modern is not affected. GnuPG-bug-id: 2258 Signed-off-by: Justus Winter <[email protected]>
* g10: Make sure to have the directory for trustdb.NIIBE Yutaka2016-02-121-55/+63
| | | | | | | | | | | | | | | | * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check the directory and create it if none before calling take_write_lock. -- Thanks to Marc Deslauriers for the bug report and his patch. GnuPG-bug-id: 2246 Signed-off-by: NIIBE Yutaka <[email protected]> (backport from master commit 2f3e42047d17313eeb38d354048f343158402a8d)
* common: Cope with AIX problem on number of open files.Werner Koch2016-01-151-38/+48
| | | | | | | | | | | * common/exechelp.c: Limit returned value for too hight values. -- GnuPG-bug-id: 1778 (backport from master commit 987532b038a2d9b9e76c0de425ee036ca2bffa1b) Signed-off-by: Werner Koch <[email protected]>
* Fix to support git worktree.NIIBE Yutaka2016-01-131-1/+1
| | | | | | | | | * Makefile.am: Use -e for testing .git. -- Signed-off-by: NIIBE Yutaka <[email protected]> (backport commit of 96237b9a63a50aed1884cb06f84279b977d6a8fa)
* sm: Handle gcry_pk_encrypt return value.NIIBE Yutaka2015-12-151-2/+5
| | | | | | | | | | | | * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt. -- Thanks to Sami Farin. GnuPG-bug-id: 2154 (backport commit of 4ee881bff4c8fdfa4b3b7a4b7afab611471e97f1)
* scd: Fix commit 9a9bfd77.NIIBE Yutaka2015-12-151-0/+1
| | | | * scd/app.c (check_application_conflict): Get SLOT.
* scd: Fix removal of unplugged usb readers on Windows.Daniel Hoffend2015-12-151-0/+3
| | | | | | | | | | | | | | | | * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code. -- Signed-off-by: Daniel Hoffend <[email protected]> GnuPG-bug-id: 2167 In Windows 8 (and later), PC/SC service only runs when reader/token is plugged in. After its removal, it returns PCSC_E_NO_SERVICE error. This error should be handled as no reader. This comment is by gniibe. (backport of commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f)
* scd: Simplify saving application context.NIIBE Yutaka2015-12-151-61/+41
| | | | | | | | | | | | | | | | | * scd/app.c (lock_table): Remove LAST_APP field. (lock_reader, app_dump_state, application_notify_card_reset) (release_application): Follow the change. (check_conflict): New. (check_application_conflict): Lock the slot and call check_conflict. (select_application): Call check_conflict and not use LAST_APP. -- We don't need LAST_APP field but just keep the application context by APP field. Since we have a reference counter, it is possible if we can deallocate or not. (backport of commit 9639af5f16a7ed908cbce2415330b9fcd88edc90)
* scd: Fix "Conflicting usage" bug.NIIBE Yutaka2015-12-153-27/+13
| | | | | | | | | | | | | | | | | | | | | | * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we got an error from apdu_disconnect. * scd/app-common.h (no_reuse): Remove. * scd/app.c (application_notify_card_reset): Deallocate APP here. (select_application, release_application): Don't use NO_REUSE. -- Reproducible scenario: Invoke gpg --card-edit session from a terminal. Invoke another gpg --card-edit session from another. Remove a token. Insert a token again. Type RET on both terminals. One of terminal answers "Conflicting usage". Perhaps, having NO_REUSE field was to avoid race conditions. Now, APP can be safely deallocated by application_notify_card_reset. Thanks to the2nd. (backport of commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3)
* doc: Don't install gpg-zip.1.NIIBE Yutaka2015-10-291-2/+2
| | | | | | | | | | | | | * doc/Makefile.am (myman_pages): Remove gpg-zip.1. (DISTCLEANFILES): Add gpg-zip.1. -- (backport of commit d25e29ad9374da1c11ccfc38f392dbab2d707042) Thanks to Thomas Klausner. GnuPG-bug-id: 2095
* agent: Fix alignment problem with the second passphrase struct.Werner Koch2015-10-052-16/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for PI2. Check return value of the malloc function. * agent/command-ssh.c (ssh_identity_register): Use a separate malloc for PI2. Wipe PI2. -- For whatever stupid reasons I once allocated only one memory area and split that into PI and PI2. This is actually a common pattern with malloc but here we used a made up object size and do not take the extra alignment required into account. One of these not yet hit by a (sig)bus PC/VAX hacker bugs. Instead of trying to fix the alignment, it is better to use a second calloc for the second struct. GnuPG-bug-id: 2112 Signed-off-by: Werner Koch <[email protected]> Resolved conflicts: agent/command-ssh.c agent/genkey.c (backport master commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 14:32:21 +0000