aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* agent: Improve error message for the KEYTOCARD command.Werner Koch2017-03-021-12/+27
| | | | | | | | * agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify timestamp checking and do an early test with an appropriate error message. Signed-off-by: Werner Koch <[email protected]>
* g10: Signal an error when trying to revoke non-existant UID.Justus Winter2017-03-022-0/+8
| | | | | | | | | * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to revoke non-existant UID. * tests/openpgp/quick-key-manipulation.scm: Test that. GnuPG-bug-id: 2962 Signed-off-by: Justus Winter <[email protected]>
* tests: Log information about ssh, add comments to test.Justus Winter2017-03-021-5/+18
| | | | | | | | | | | | | | * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and log the binary and version used in the test. (ssh-supports?): Document how we test what algorithms are supported by ssh, and log ssh-keygen's replies. -- We have some trouble with this test on macOS, and adding some more information in verbose mode will hopefully make tracking down these problems easier in the future. GnuPG-bug-id: 2980 Signed-off-by: Justus Winter <[email protected]>
* common,tools: Always escape newlines when escaping data.Justus Winter2017-03-022-1/+16
| | | | | | | | | | * common/stringhelp.c (do_percent_escape): Always escape newlines. * tools/gpgconf-comp.c (gc_percent_escape): Likewise. -- Newlines always pose a problem for a line-based communication format. GnuPG-bug-id: 2387 Signed-off-by: Justus Winter <[email protected]>
* Post release updates.Werner Koch2017-03-012-1/+5
| | | | --
* Release 2.1.19gnupg-2.1.19Werner Koch2017-03-011-1/+42
| | | | Signed-off-by: Werner Koch <[email protected]>
* build: Add kludge for "make distcheck" in a release build.Werner Koch2017-03-013-2/+18
| | | | | | | | | | | | | | | | | | | | | | | * configure.ac: New option --enable-gnupg-builddir-envvar. (ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define. * common/homedir.c (gnupg_set_builddir_from_env): Consider ENABLE_GNUPG_BUILDDIR_ENVVAR. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ... (AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option --enable-gnupg-builddir-envvar. -- Our regression test suite makes use of the envvar GNUPG_BUILDDIR. Now the code in gnupg for evaluating this envvar is only included in a development version (that is one with a "-betaNNN" suffix). For a real release the envvar is not considered. However during a "make distcheck" a "make check" is done for the build directory. Without defining that envar we would try to run binaries in the install directory ("_inst" sub-directory) which are not yet installed at that time. Signed-off-by: Werner Koch <[email protected]>
* po: Auto-updateWerner Koch2017-03-0125-653/+1273
| | | | --
* po: Update Ukrainian translationYuri Chornoivan2017-03-011-194/+173
|
* po: Update Russian translationIneiev2017-03-011-392/+273
| | | | Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --export-options work with --export-secret-keys.Werner Koch2017-03-014-22/+26
| | | | | | | | | | | | | | | | | * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to do_export. (export_secsubkeys): Ditto. * g10/gpg.c (main): Pass opt.export_options to export_seckeys and export_secsubkeys -- Back in the old days we did not used the export options for secret keys export because of a lot of duplicated code and that the old secring.gpg was anyway smaller that the pubring.gpg. With 2.1 it was pretty easy to enable it. Reported-by: Peter Lebbing GnuPG-bug-id: 2973
* gpg: Allow creating keys using an existing ECC key.Werner Koch2017-03-014-83/+34
| | | | | | | | | | | * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO. Change to return the algo id. Reimplement using get_pk_algo_from_key. * g10/keygen.c (check_keygrip): Adjust for change. * sm/certreqgen-ui.c (check_keygrip): Ditto. -- GnuPG-bug-id: 2976 Signed-off-by: Werner Koch <[email protected]>
* speedo,w32: Install sks-keyservers.netCA.pem.Werner Koch2017-03-011-0/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Do not require a trustdb for decryption.Werner Koch2017-02-2811-54/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE. Change to return an error code. Change all callers to to pass False for NO_CREATE. (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test for a non-existing trustdb. Change all callers to to pass False for NO_CREATE. (tdb_get_min_ownertrust): Ditto. * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call init_trustdb for a quick check. (get_ownertrust_info): Add arg NO_CREATE. (get_ownertrust_string): Ditto. * g10/gpgv.c (get_ownertrust_info): Adjust stub. * g10/test-stubs.c (get_ownertrust_info): Ditto. * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE set. * g10/pubkey-enc.c (get_it): Ditto. -- Fixes-commit: effa80e0b5fd8cf9e31a984afe391c2406edee8b For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to gnupg-devel 'test failure on git master with decrypt-session-key.scm (and: continuous integration?)' Signed-off-by: Werner Koch <[email protected]>
* gpgscm: Improve parsing.Justus Winter2017-02-281-0/+3
| | | | | | | | * tests/gpgscm/scheme.c (port_increment_current_line): Avoid creating the same integer if the delta is zero. This happens a lot during parsing, and puts pressure on the memory allocator. Signed-off-by: Justus Winter <[email protected]>
* gpgscm: Fix calculating the line number.Justus Winter2017-02-281-2/+2
| | | | | | | | * tests/gpgscm/scheme.c (opexe_5): Only increment the line number on newlines. Fixes-commit: 7cc57e2c63d0fa97569736419db5c76117e7685b Signed-off-by: Justus Winter <[email protected]>
* gpg,tools: Make auto-key-retrieve configurable via gpgconf.Justus Winter2017-02-282-0/+3
| | | | | | | | * g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'. * tools/gpgconf-comp.c (gc_options_gpg): Likewise. GnuPG-bug-id: 2381 Signed-off-by: Justus Winter <[email protected]>
* tests: Improve support for gpgconf.Justus Winter2017-02-283-40/+50
| | | | | | | | * tests/openpgp/defs.scm: Improve high-level inteface to gpgconf. * tests/openpgp/gpgconf.scm: Adapt. * tests/openpgp/tofu.scm: Use it to select the trust model. Signed-off-by: Justus Winter <[email protected]>
* gpg,tools: Make trust-model configurable via gpgconf.Justus Winter2017-02-282-0/+5
| | | | | | | | * g10/gpg.c (gpgconf_list): Add 'trust-model'. * tools/gpgconf-comp.c (gc_options_gpg): Likewise. GnuPG-bug-id: 2381 Signed-off-by: Justus Winter <[email protected]>
* gpgscm: Track source locations in every kind of ports.Justus Winter2017-02-282-96/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tests/gpgscm/scheme-private.h (struct port): Move location information out of the union. * tests/gpgscm/scheme.c (mark): All ports need marking now. (gc): Likewise all ports on the load stack. (port_clear_location): Adapt accordingly. Also, add an empty function for !SHOW_ERROR_LINE. (port_increment_current_line): Likewise. (port_reset_current_line): Drop function in favor of... (port_init_location): ... this new function. (file_push): Simplify. (file_pop): Likewise. (port_rep_from_filename): Likewise. (port_rep_from_file): Likewise. (port_rep_from_string): Also initialize the location. (port_rep_from_scratch): Likewise. (port_close): Simplify and generalize. (skipspace): Likewise. (token): Likewise. (_Error_1): Generalize. (opexe_5): Likewise. (scheme_deinit): Simplify and generalize. (scheme_load_named_file): Likewise. (scheme_load_string): Also initialize the location. -- This change tracks the location of source code loaded from non-file ports that is used in error messages. It also simplifies the code quite a bit. Signed-off-by: Justus Winter <[email protected]>
* gpgv,w32: Fix --status-fd.Werner Koch2017-02-281-1/+3
| | | | | | * g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd. Signed-off-by: Werner Koch <[email protected]>
* w32: Make pipes really pollable.Werner Koch2017-02-282-2/+15
| | | | | | | | | | | | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle to print the fd for the command line. * common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so that the streams are actually pollable. -- This addresses two bugs: - Using the "-&@INEXTRA@" kludges requires that we pass the value of the handle on the command line and not the libc fd. - gpgrt_poll requires the use of the ReadFile/WriteFile backend which is currently only used when the stream has been created with gpgrt_sysopen. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Avoid warnings during non-ntbtls build.Daniel Kahn Gillmor2017-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not using ntbtls. -- Without this patch, when building without ntbtls, we see the following warnings during "make check": t-http.c: In function ‘my_http_tls_verify_cb’: t-http.c:141:16: warning: implicit declaration of function ‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^~~~~~~~~~~~~~~~~~~~~~~~~ t-http.c:141:14: warning: assignment makes pointer from integer without a cast -Wint-conversion] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^ At top level: t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not used [-Wunused-function] my_http_tls_verify_cb (void *opaque, ^~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* trustdb: Respect --quiet during --import-ownertrust.Daniel Kahn Gillmor2017-02-261-6/+10
| | | | | | | * g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send log_info messages. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* g10: fix typoManish Goregaokar2017-02-261-1/+1
| | | | | | | I already have copyright assignment with the FSF for GDB. I don't think I'll need to do the DCO thing. Signed-off-by: Manish Goregaokar <[email protected]>
* Clarify text of LGPLv2+/GPLv2+ licensed files.Werner Koch2017-02-2425-50/+50
| | | | --
* gpgv: New options --log-file and --debugWerner Koch2017-02-242-0/+42
| | | | | | | | * g10/gpgv.c (oLoggerFile, oDebug): New consts. (opts): Add options --log-file and --debug. (main): Implement options. Signed-off-by: Werner Koch <[email protected]>
* speedo,w32: Fix gpg-wks-client installationAndre Heinecke2017-02-241-1/+1
| | | | | | | * build-aux/speedo/w32/inst.nsi: gpg-wks-client is an exe. -- Signed-off-by: Andre Heinecke <[email protected]>
* dirmngr: Add new debug flag "extprog"Werner Koch2017-02-234-4/+14
| | | | | | | | | * dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros. * dirmngr/dirmngr.c (debug_flags): Add flag "extprog". (handle_connections): Use a macro instead of -1 for an invalid socket. * dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call. Signed-off-by: Werner Koch <[email protected]>
* wks: Make sure that the draft 2 request is correctly detected.Werner Koch2017-02-234-35/+119
| | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (WKS_DRAFT_VERSION): New. * tools/wks-receive.c (new_part): Move test wks draft version to ... (t2body): new callback. (wks_receive): Register this callback. * tools/gpg-wks-server.c (send_confirmation_request): Emit draft version header. (send_congratulation_message): Ditto. * tools/gpg-wks-client.c (decrypt_stream_parm_s): New. (decrypt_stream_status_cb): Check DECRYTPION_KEY status. (decrypt_stream): Get infor from new callback. (process_confirmation_request): New arg 'mainfpr'. Check that it matches the decryption key. (read_confirmation_request): Check that the decryption key has been generated by us. (command_send): Use macro from draft version header. (send_confirmation_response): Emit draft version header. -- This patch also adds a check to only send a confirmation when the decryption has been done by an ultimately trusted (self-generated) key. Signed-off-by: Werner Koch <[email protected]>
* wks: New callback for the mime parser.Werner Koch2017-02-232-0/+27
| | | | | | | | | | | * tools/mime-parser.c (mime_parser_context_s): New field 't2body'. (parse_message_cb): Call that callback. (mime_parser_set_t2body): New. -- This callback allows to process header values even on the outer level. Signed-off-by: Werner Koch <[email protected]>
* gpg: Emit new status DECRYPTION_KEYWerner Koch2017-02-233-3/+33
| | | | | | | * common/status.h (STATUS_DECRYPTION_KEY): New. * g10/pubkey-enc.c (get_it): Emit that status. Signed-off-by: Werner Koch <[email protected]>
* speedo,w32: Install gpg-wks-client.Werner Koch2017-02-231-0/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr,w32: Make https with ntbtls work.Werner Koch2017-02-231-27/+100
| | | | | | | | | | * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <[email protected]>
* po: Adjust the German translation.Werner Koch2017-02-221-6/+10
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* scd,agent: Improve the OpenPGP PIN prompt texts.Werner Koch2017-02-222-14/+84
| | | | | | | | | | | | | * scd/app-openpgp.c (get_prompt_info): Change texts. * agent/call-pinentry.c (struct entry_features): New. (getinfo_features_cb): New. (start_pinentry): Set new fucntion as status callback. (build_cmd_setdesc): New. Replace all snprintf for SETDESC by this one. -- Suggested-by: Andre Heinecke Signed-off-by: Werner Koch <[email protected]>
* Revert "scd: Nitpicks on the improved card prompts"Werner Koch2017-02-221-7/+7
| | | | | | | -- This reverts commit 143ca039e1e81140ae520cc1025f8e25c01acc80. I have a more improved version in the works.
* po: Update the German translationAndre Heinecke2017-02-221-4/+4
| | | | --
* scd: Nitpicks on the improved card promptsAndre Heinecke2017-02-221-7/+7
| | | | | | | | | | | | | * src/app-openpgp.c (get_prompt_info): Change wording and order slightly. -- The word "Card" was repeated too much in the prompt and moving signatures to the bottom results in a more consistent layout between the prompts with signcount and the prompts without. Signed-off-by: Andre Heinecke <[email protected]>
* po: Update the German translationWerner Koch2017-02-221-25/+51
| | | | --
* po: Fix two fuzzy strings.Werner Koch2017-02-221-30/+53
| | | | | | | | | | | -- These strings rear the Key generation edit prompts without the option to change the comment of a user id. Module possible grammar bugs this should a straightforward change. GnuPG-bug-id: 2966 Signed-off-by: Werner Koch <[email protected]>
* scd: Improve the prompts for OpenPGP cards.Werner Koch2017-02-222-53/+220
| | | | | | | | | | | | | | | | * scd/app-openpgp.c (get_disp_name): New. (get_disp_serialno): New. (get_prompt_info): New. (build_enter_admin_pin_prompt): Rework the prompt texts. Factor some code out to ... (get_remaining_tries): New. (verify_a_chv): Print a remaining counter also for the standard PIN. Rework the prompt texts. * agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial no. Signed-off-by: Werner Koch <[email protected]>
* agent: Prepend the description to a PIN prompt.Werner Koch2017-02-224-19/+96
| | | | | | | | | | | | | | | | | | | | | | | | * agent/divert-scd.c (has_percent0A_suffix): New. (getpin_cb): Prepend DESC_TEXT to the prompt. * agent/findkey.c (modify_description): Rename to ... (agent_modify_description): this. MAke global. Add kludge to remove empty parentheses from the end. (agent_key_from_file, agent_delete_key): Adjust for above change. * agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when diverting to a card. -- Now that we have support for multiple tokens, it is important to show information on which key has been requested. Without that it may happen that the PIN for a wrong card is accidentally entered. The texts are a bit ugly, because they talk about "passphrase" but later about entering a PIN. A quick hack would be to s/passphrase/PIN/ in the description but that is complicated due to i18n. Another solution might be never to talk about PINs in the description but always about "passphrase: and only use "PIN" or "passphrase" on the left of the entry field.
* agent: Prepare to pass an additional parameter to the getpin callback.Werner Koch2017-02-225-46/+85
| | | | | | | | | | | | | | | | | | | | | | | | | * agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ... (inq_needpin_parm_s): new struct. Add new field 'getpin_cb_desc'. Change users to set all fields. (inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB. (agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to take an additional arg 'desc_text'. (agent_card_pkdecrypt): Ditto. (agent_card_writekey): Change arg 'getpin_cb' to take an additional arg 'desc_text'. (agent_card_scd): Ditto. * agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'. (divert_pksign): Add new arg 'desc_text' and pass is to agent_card_pksign. (divert_pkdecrypt): Add new arg 'desc_text' and pass is to agent_card_pkdecrypt. * agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to divert_pkdecrypt. * agent/pksign.c (agent_pksign_do): Pass DESC_TEXT to divert_pksign. -- Signed-off-by: Werner Koch <[email protected]>
* tests: No spelling fix for test text.NIIBE Yutaka2017-02-221-1/+4
| | | | | | | * tests/openpgp/verify.scm (msg_ed25519_rshort): Revert the spelling fix. Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo: Now build for W32 with ntbtls support.Werner Koch2017-02-211-3/+24
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-02-216-9/+9
| | | | | | | | | -- Clean up several other misspellings noticed while reviewing Yuri's de-duplication patch. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-2195-136/+136
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* dirmngr: Add special treatment for the standard hkps pool to ntbtls.Werner Koch2017-02-217-27/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove (VALIDATE_FLAG_EXTRATRUST): Remove (VALIDATE_FLAG_TRUST_SYSTEM): New. (VALIDATE_FLAG_TRUST_CONFIG): New. (VALIDATE_FLAG_TRUST_HKP): New. (VALIDATE_FLAG_TRUST_HKPSPOOL): New. (VALIDATE_FLAG_MASK_TRUST): New. * dirmngr/validate.c (check_header_constants): New. (validate_cert_chain): Call new function. Simplify call to is_trusted_cert. * dirmngr/crlcache.c (crl_parse_insert): Pass VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and VALIDATE_FLAG_TRUST_CONFIG. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS context. Set trustclass flags using the new VALIDATE_FLAG_TRUST values. * dirmngr/certcache.c (cert_cache_init): Load the standard pool certificate prior to the --hkp-cacerts. -- Note that this changes the way the standard cert is used: We require that it is installed at /usr/share/gnupg and we do not allow to change it. If this is not desired, the the standard cert can be removed or replaced by a newer one. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Load --hkp-cacert values into the certificate cache.Werner Koch2017-02-213-9/+23
| | | | | | | | | | | | | * dirmngr/dirmngr.c (hkp_cacert_filenames): New var. (parse_rereadable_options): Store filenames from --hkp-cacert in the new var. (main, dirmngr_sighup_action): Pass that var to cert_cache_init. * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load those certs. (load_certs_from_file): Use autodetect so that PEM and DER encodings are possible. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 21:11:35 +0000