| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--
1. Prints the TLS alert description.
2. Detect case where the DNS returns an IP address but the server is
not reachable at this address. This may happen for a server which
is reachable only at IPv6 but but the local machine has no full
IPv6 configuration.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (opt): Remove keyserver_options.other.
* g10/gpg.c (main): Obsolete option --honor-http-proxt.
* g10/keyserver.c (add_canonical_option): Replace by ...
(warn_kshelper_option): New.
(parse_keyserver_uri): Obsolete "x-broken-http".
--
Some of these options are deprecated for 10 years and they do not make
any sense without the keyserver helpers. For one we print a hint on
how to replace it:
gpg: keyserver option 'ca-cert-file' is obsolete; \
please use 'hkp-cacert' in dirmngr.conf
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t. Change all
callers.
--
The functions used to return an error code via ERRNO. However, this
does not allow to return extra error codes in a portable way. Thus we
change the function to directly return a gpg_error_t.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* g10/keyserver.c (keyserver_put): Write an status error.
|
| |
|
|
|
| |
* scd/app-openpgp.c (get_algo_byte): It catches 22.
(store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
doc: Document no-allow-mark-trusted for gpg-agent
* doc/gpg-agent.texi: Change allow-mark-trusted doc to
no-allow-mark-trusted.
--
Since rev. 78a56b14 allow-mark-trusted is the default option
and was replaced by no-allow-mark-trusted to disable the
interactive prompt.
Signed-off-by: Andre Heinecke <[email protected]>
|
| |
|
|
|
|
| |
* g10/card-util.c (card_store_subkey): Error check.
* scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
(do_writekey): Error check.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--
The key which triggered the problem was 0x57930DAB0B86B067. With this
patch it can be imported. Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--
See mails starting
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
|
| |
|
|
|
|
|
|
|
| |
* agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
* agent/command-ssh.c (ssh_identity_register): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
put_membuf_printf.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
* tools/watchgnupg.c: Include it.
--
It seems http://www.musl-libc.org/ is quite limited and requires
the use sys/select.h instead of unistd.h et al.
|
| |
|
|
|
|
|
|
| |
* g10/export.c (do_export_stream): Disable caching.
* g10/keyserver.c (keyidlist): Ditto.
--
GnuPG-bug-id: 1774
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (ENAMETOOLONG): New.
(redir_socket_name): New.
(cleanup): Take care of a redirected socket.
(main): Pass redir_socket_name to create_server_socket.
(create_socket_name): Remove superfluous length check.
(create_server_socket): Add arg r_redir_name and implement
redirection. Replace assert for older Assuan by an error message.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (ENAMETOOLONG): new.
(redir_socket_name): New.
(main): Add Assuan socket redirection.
(cleanup): Adjust cleanup for redirection.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* agent/gpg-agent.c (ENAMETOOLONG): New.
(redir_socket_name, redir_socket_name_extra)
(redir_socket_name_ssh): New.
(remove_socket): Take care of the redir names.
(main): Pass the redir names to create_server_socket.
(create_socket_name): Remove length check - that is anyway done later.
(create_server_socket): Add arg r_redir_name and implement redirection
if Libassuan is at least 2.14.
|
| |
|
|
|
|
| |
* g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.
* common/util.h (GPG_ERR_FORBIDDEN): New.
|
| |
|
|
| |
* agent/gpg-agent.c (opts): Use ARGPARSE_ macros.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
--
Only report support for the hkps scheme when GnuPG / dirmngr
has been built with a TLS library.
This helps debuging and enable the user to detect whether support
for hkps is included by doing a
`gpg-connect-agent --dirmngr 'keyserver --help' /bye`.
Currently hkps will be listed as a supported scheme but trying to
add a keyserver using it will silently fail.
As a digression, https is never listed as a valid scheme.
|
| |
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (decrypt_data): Return an error code instead of
calling BUG().
--
This code path can be triggered by fuzzing gpg and thus with some
likeness also by corrupt messages for other reasons.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
* common/t-openpgp-oid.c (BADOID): New.
(test_openpgp_oid_to_str): Add test cases.
--
The code has an obvious error by not considering invalid encoding for
arc-2. A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules. Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.
The fix is obvious. Also added a few simple test cases. Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough. Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <[email protected]>
Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
|
| |
|
|
|
|
|
| |
--
1.15 has a bug which will lead to a segv when sending keys. Better
updated the requirements to avoid bug reports.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
sanitized.
--
We may not use "%s" to print an arbitrary buffer. At least "%.*s"
should have been used. However, it is in general preferable to escape
control characters while printf user data.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/parse-packet.c (parse_attribute_subpkts): Check that the
attribute packet is large enough for the subpacket type.
--
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
directly.
--
Interactive generation of the keys uses the OpenPGP algorithms numbers
but batch generation allows the use of strings.
Reported-by: Gaetan Bisson.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/argparse.c (initialize): Use correct value.
--
This avoids a dead path in the argparse code.
It's not clear that this is needed, however, since
ARGPARSE_AMBIGUOUS_COMMAND is never actually used in the code.
Another approach would be to trim out ARGPARSE_AMBIGUOUS_COMMAND
entirely.
|
| |
|
|
|
|
|
|
| |
* g10/encrypt.c: adjust error message
--
The full option name is --throw-keyids, so we should refer to it
consistently.
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c (stats_s): Add field v3keys.
(import): Update this field.
(import_print_stats): Print v3 key count.
(read_block): Skip v3 keys and return a count for them.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/parse-packet.c (parse): Better return just the gpg_err_code.
(parse_key): Return the error code.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/speedo/w32/README.txt: Include GnuPG Readme.
* build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
* build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
* build-aux/speedo/w32/inst.nsi: Add logos.
* build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
--
The welcome page logo is basically a placeholder until someone has
created a pretty one.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
--
This error was introduced with
commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
while separating EdDSA from ECDSA.
Found due to a related bug report from Brian Minton.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* common/init.c (default_errsource): Move to the .data segmemt.
--
See mails starting at
http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029089.html
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change
all callers to use 1 for it.
(start_new_dirmngr): Ditto.
* tools/gpg-connect-agent.c: Add option --no-autostart.
(main): Default autostart to 1.
(start_agent): Implement no-autostart.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* po/LINGUAS: Add new translations.
--
Note that be.ru and pt_BR.po have not been copied because they have
way too less translated strings (74, 290 out of 2054). The current
stats are:
ca.po: 464 translated, 1024 fuzzy translations, 566 untranslated.
cs.po: 1719 translated, 317 fuzzy translations, 18 untranslated.
da.po: 1468 translated, 444 fuzzy translations, 142 untranslated.
de.po: 2052 translated, 1 fuzzy translation, 1 untranslated message.
el.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
eo.po: 331 translated, 1109 fuzzy translations, 614 untranslated.
es.po: 1455 translated, 461 fuzzy translations, 138 untranslated.
et.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
fi.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
fr.po: 2052 translated, 1 fuzzy translation, 1 untranslated message.
gl.po: 458 translated, 1044 fuzzy translations, 552 untranslated.
hu.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
id.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
it.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
ja.po: 2022 translated, 23 fuzzy translations, 9 untranslated.
nb.po: 684 translated, 635 fuzzy translations, 735 untranslated.
pl.po: 1469 translated, 443 fuzzy translations, 142 untranslated.
pt.po: 400 translated, 1057 fuzzy translations, 597 untranslated.
ro.po: 874 translated, 726 fuzzy translations, 454 untranslated.
ru.po: 1257 translated, 478 fuzzy translations, 319 untranslated.
sk.po: 460 translated, 1025 fuzzy translations, 569 untranslated.
sv.po: 1452 translated, 458 fuzzy translations, 144 untranslated.
tr.po: 1386 translated, 494 fuzzy translations, 174 untranslated.
uk.po: 2016 translated, 27 fuzzy translations, 11 untranslated.
zh_CN.po: 927 translated, 690 fuzzy translations, 437 untranslated.
zh_TW.po: 1471 translated, 447 fuzzy translations, 136 untranslated.
|
| |
|
|
|
|
| |
--
Fixing previous commit.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--
GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <[email protected]>
|
