aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* g10: Always trust ultimately trusted keys.Neal H. Walfield2016-08-311-21/+21
| | | | | | | | * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately trusted keys. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Fix error detection.Neal H. Walfield2016-08-311-1/+1
| | | | | | | | | | * g10/tofu.c: first_seen == 0 is not an error. -- Signed-off-by: Neal H. Walfield <[email protected]> Fixes-commit: 0f1f02ac Regression-due-to: 45bb9a2a
* g10: Update a key's TOFU policy in a transaction.Neal H. Walfield2016-08-312-1/+8
| | | | | | | | * g10/tofu.c (tofu_set_policy): Do the update in a transaction. * g10/gpg.c (main): Do a TOFU policy update in a batch transaction. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Fix the show old policy functionality when changing a TOFU policy.Neal H. Walfield2016-08-311-23/+24
| | | | | | | * g10/tofu.c (record_binding): Fix the show old policy functionality. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Drop unused argument.Neal H. Walfield2016-08-311-6/+3
| | | | | | | * g10/tofu.c (begin_transaction): Remove unused option only_batch. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Move state local to tofu.c to a private structure.Neal H. Walfield2016-08-312-19/+19
| | | | | | | | | * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction and batch_update_started from here... * g10/tofu.c (struct tofu_dbs_s): ... to here. -- Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Avoid name spaces clash with future sqlite versions (2).Neal H. Walfield2016-08-313-36/+36
| | | | | | | | | | | | * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB. -- This commit completes the work started in b1ba460. Signed-off-by: Neal H. Walfield <[email protected]>
* gpg: Fix regression in gpgv's printing of the keyid.Werner Koch2016-08-311-0/+2
| | | | | | | | * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT. -- Debian-bug-id: 836144 Signed-off-by: Werner Koch <[email protected]>
* g10: Improve TOFU batch update code.Neal H. Walfield2016-08-302-46/+64
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.h (tofu): Rename field batch_update_ref to batch_updated_wanted. * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to in_batch_transaction. (begin_transaction): Only end an extant batch transaction if we are not in a normal transaction. When ending a batch transaction, really end it. Update ctrl->tofu.batch_update_started when starting a batch transaction. (end_transaction): Only release a batch transaction if ONLY_BATCH is true. When releasing a batch transaction, assert that there is no open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is true. (tofu_begin_batch_update): Don't update ctrl->tofu.batch_update_started. (opendbs): Call end_transaction unconditionally. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Improve TOFU debugging output and some comments.Neal H. Walfield2016-08-301-21/+23
| | | | | -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.Neal H. Walfield2016-08-301-1/+16
| | | | | | | | * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired) user ids, change TOFU to return TRUST_NEVER. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Change tofu_register & tofu_get_validity to process multiple uids.Neal H. Walfield2016-08-303-197/+238
| | | | | | | | | | | | | * g10/tofu.c (tofu_register): Take a list of user ids, not a single user id. Only register the bindings, don't compute the trust. Thus, change return type to an int and remove the may_ask parameter. Update callers. (tofu_get_validity): Take a list of user ids, not a single user id. Update callers. Observe signatures made by expired user ids, but don't include them in the trust calculation. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Support nested transactions on the TOFU DB.Neal H. Walfield2016-08-302-20/+22
| | | | | | | | | | | | | | | | * g10/gpg.h (struct server_control_s): New field in_transaction. * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and savepoint_inner_commit. (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the savepoint according to the nesting level. (end_transaction): Name the savepoint according to the nesting level. Decrement CTRL->TOFU.IN_TRANSACTION. (rollback_transaction): Likewise. Only ever rollback a non-batch transaction. (opendbs): Assert that there are no outstanding transactions. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Print the info text in more situations.Neal H. Walfield2016-08-301-1/+2
| | | | | | | | * g10/tofu.c (ask_about_binding): Print the info text when the policy is ask and there are multiple bindings with the email address. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: Print the formatted text.Neal H. Walfield2016-08-301-1/+1
| | | | | | | | * g10/tofu.c (ask_about_binding): Print the formatted text, not the unformatted text. -- Signed-off-by: Neal H. Walfield <[email protected]>
* g10: When showing a user id's trust, pass the current signature.Neal H. Walfield2016-08-301-1/+1
| | | | | | | | * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to get_validity. -- Signed-off-by: Neal H. Walfield <[email protected]>
* w32: Fix build regression due to 2aa0701.Werner Koch2016-08-291-1/+1
| | | | | | | | * common/logging.c (fun_writer): Always declare 'name_for_err'. -- Regression-due-to: 2aa0701013f703ad93e17da3345c493c08aa04ee Signed-off-by: Werner Koch <[email protected]>
* gpgconf: Print the plain socket directory with --list-dirs.Werner Koch2016-08-291-0/+1
| | | | | | * tools/gpgconf.c (list_dirs): Add plain socketdir out. Signed-off-by: Werner Koch <[email protected]>
* common: Add a default socket name feature.Werner Koch2016-08-299-25/+63
| | | | | | | | | | | | | | | | | * common/logging.c (log_set_socket_dir_cb): New. (socket_dir_cb): New. (set_file_fd): Allow "socket://". (fun_writer): Implement default socket name. * common/init.c (_init_common_subsystems): Register default socket. -- This change allows the use of log-file socket:// in any configuration file. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make decryption of -R work w/o --try-secret-key or --default-key.Werner Koch2016-08-291-10/+7
| | | | | | | | | | * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all cases not just when --try-all-secrets is used. -- Regression-due-to: 82b90eee100cf1c9680517059b2d35e295dd992a Reported-by: Carola Grunwald Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix false negatives in Ed25519 signature verification.Werner Koch2016-08-252-3/+128
| | | | | | | | | | | | | | * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values. * tests/openpgp/verify.scm (msg_ed25519_rshort): New (msg_ed25519_sshort): New. ("Checking that a valid Ed25519 signature is verified as such"): New. -- About one out of 256 signature won't verify due to stripped zero bytes. See the source comment for details. Reported-by: Andre Heinecke Signed-off-by: Werner Koch <[email protected]>
* common: Rename an odd named function.Werner Koch2016-08-254-7/+7
| | | | | | | | | | | | | * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519. (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change callers. -- We use "cv25519" everywhere else and thus the test function should not have a surprising name. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --with-tofu-info.Werner Koch2016-08-259-38/+107
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oWithTofuInfo): New. (opts): Add --with-tofu-info. (main): Set opt.with_tofu_info. * g10/options.h (struct opt): Add field WITH_TOFU_INFO. * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter special mode if not NULL. Change all callers. (tofu_write_tfs_record): New. * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as part of the "uid" record. Print a new "tfs" record if the new option is set. * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record. -- A separate option is required to avoid slowing down key listings. Foer example the current code takes for a keylisting in tofu+pgp mode 17 seconds while it takes more than 5 minutes if the option is used. Signed-off-by: Werner Koch <[email protected]>
* gpg: Change TOFU_STATS to return timestamps.Werner Koch2016-08-242-35/+77
| | | | | | | | | * g10/tofu.c (write_stats_status): Add arg FP to print a colon formated line. Adjust for changed TOFU_STATS interface. (show_statistics): Let the query return timestamps and use gnupg_get-time to compute the "time ago" values. Signed-off-by: Werner Koch <[email protected]>
* common: Guarantee that gnupg_get_time does not return an error.Werner Koch2016-08-241-16/+10
| | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): Abor if time() failed. (gnupg_get_isotime): Remove now useless check. (make_timestamp): Remove check becuase we already checked this modulo the faked time thing. -- In reality a call foo = time (NULL) can never fail because the only defined error is EFAULT, but we don't provide a buffer. Signed-off-by: Werner Koch <[email protected]>
* wks: Add command --supported to gpg-wks-client.Werner Koch2016-08-241-0/+55
| | | | | | | | | | * tools/gpg-wks-client.c (aSupported): New. (opts): Add --supported. (parse_arguments): Ditto. (main): Call command_supported. (command_supported): New. Signed-off-by: Werner Koch <[email protected]>
* doc: Some additional source commentsWerner Koch2016-08-242-1/+6
| | | | --
* common: Change license of mbox-util to LGPLv2.1+.Werner Koch2016-08-222-28/+8
| | | | | | | | -- Noet that the code has entirely been written by me. Signed-off-by: Werner Koch <[email protected]>
* wks: Install gpg-wks-client under libexecWerner Koch2016-08-221-2/+5
| | | | | | | | * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ... (libexec_PROGRAMS): ...here. -- Signed-off-by: Werner Koch <[email protected]>
* common: Remove unused vars in simple-pwquery.Werner Koch2016-08-221-16/+5
| | | | | | | | | * common/simple-pwquery.c (agent_send_option): Remove unused vars. (simple_query): Ditto. (agent_open): Ditto. Return RC on error. (simple_pwquery): Remove unused vars. Remove shadowing of 'p'. Signed-off-by: Werner Koch <[email protected]>
* Post release updates.Werner Koch2016-08-182-1/+5
| | | | --
* Release 2.1.15gnupg-2.1.15Werner Koch2016-08-180-0/+0
|
* Update NEWS.Werner Koch2016-08-181-1/+48
| | | | --
* po: Auto updateWerner Koch2016-08-1825-2065/+2135
| | | | --
* po: Add init.c to POTFILES.inWerner Koch2016-08-181-1/+1
| | | | --
* po: Update German translationWerner Koch2016-08-181-76/+76
|
* po: Update Norwegian translation.Åka Sikrom2016-08-181-485/+242
|
* po: Update Russian translationIneiev2016-08-181-15/+9
|
* gpg: Add import filter "drop-sig".Werner Koch2016-08-182-3/+104
| | | | | | | | | | | * g10/import.c (import_drop_sig): New variable. (cleanup_import_globals): Release that. (parse_and_set_import_filter): Add filter "drop-sig". (filter_getval): Implement properties for drop-sig. (apply_drop_sig_filter): New. (import_one): Apply that filter. Signed-off-by: Werner Koch <[email protected]>
* doc: Add comments on how to parse --list-colons output.Werner Koch2016-08-182-4/+12
| | | | | | -- GnuPG-bug-id: 2437
* dirmngr: Remove all system daemon features.Werner Koch2016-08-1813-365/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and 'system_daemon'. * common/homedir.c (dirmngr_sys_socket_name): Remove. (dirmngr_user_socket_name): Rename to ... (dirmngr_socket_name): this. Change call callers. * common/asshelp.c (start_new_dirmngr): Remove the system socket feature. * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket". * sm/server.c (gpgsm_server): Adjust for removed system socket feature. * dirmngr/server.c (cmd_getinfo): Ditto. (cmd_killdirmngr): Remove check for system daemon. (cmd_reloaddirmngr): Ditto. * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro. (aService): Remove. (opts): Remove --service. (w32_service_control): Remove. (real_main, call_real_main) [W32]: Remove wrapper. (main): Remove Windows system service feature. Remove system dameon feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file. * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the system dameon case. * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d". * dirmngr/ocsp.c (validate_responder_cert): Do not call validate_cert_chain which was used only in system daemon mode. * dirmngr/validate.c (validate_cert_chain): Always use the code. -- We are now starting dirmngr as needed as a user daemon. The deprecated system daemon mode does not anymore make sense. In case a system wide daemon is required, it is better to setup a dedicated account to run dirmngr and tweak socket permissions accordingly. Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --senderWerner Koch2016-08-184-0/+44
| | | | | | | | | | | | | * g10/options.h (struct opt): Add field 'sender_list'. * g10/gpg.c: Include mbox-util.h. (oSender): New. (opts): Add option "--sender". (main): Parse option. -- This option will eventually be used for more advanced purposes. Signed-off-by: Werner Koch <[email protected]>
* agent: Allow import of overly large keys.Werner Koch2016-08-161-1/+1
| | | | | | | | * agent/command.c (MAXLEN_KEYDATA): Double the size. -- Debian-bug-id: 834447 Signed-off-by: Werner Koch <[email protected]>
* g13: Allow the use of a g13tab label for --mount.Werner Koch2016-08-141-4/+6
| | | | | | | * g13/mount.c (g13_mount_container): Do not run the first access check if syshelp is required. Signed-off-by: Werner Koch <[email protected]>
* g13: Implement --umount for dm-crypt.Werner Koch2016-08-1411-22/+244
| | | | | | | | | | | | | * g13/g13.c (main): Implement command --umount. * g13/mount.c (g13_umount_container): use the syshelper if needed. * g13/backend.c (be_umount_container): New. * g13/be-dmcrypt.c (be_dmcrypt_umount_container): New. * g13/call-syshelp.c (call_syshelp_run_umount): New. * g13/sh-cmd.c (cmd_umount): New. (register_commands): Register UMOUNT. * g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New. Signed-off-by: Werner Koch <[email protected]>
* g13: Fix double free bug.Werner Koch2016-08-131-2/+0
| | | | | | * g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES. Signed-off-by: Werner Koch <[email protected]>
* g13: Consider g13tab for a mount command.Werner Koch2016-08-134-14/+132
| | | | | | | | | | | | * g13/sh-cmd.c (cmd_getkeyblob): New. (register_commands): Register it. * g13/call-syshelp.c (getkeyblob_data_cb): New. (call_syshelp_get_keyblob): New. * g13/mount.c: Include callsyshelp.h. (g13_mount_container): Ask syshelp whether the filename is managed by g13tab. Call syshelp to get the encrypted keyblob in this case. Signed-off-by: Werner Koch <[email protected]>
* g13: Move some function around.Werner Koch2016-08-137-26/+34
| | | | | | | | | | | | | * g13/keyblob.c (g13_keyblob_decrypt): Move to ... * g13/server.c: to here. * g13/suspend.c, g13/mount.c: Include server.h. * g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c -- This is done to be able to use keyblob read code in syshelp w/o requiring linking to call-gpg.c Signed-off-by: Werner Koch <[email protected]>
* g13: New command --find-device.Werner Koch2016-08-135-0/+162
| | | | | | | | | | | | | | | | * common/status.h (STATUS_BLOCKDEV: New. * g13/call-syshelp.c: Include "call-syshelp.h". (finddevice_status_cb, call_syshelp_find_device): New. * g13/g13.c (aFindDevice): New. (opts): Add "--find-device". (main): Implement --find-device. * g13/sh-cmd.c (cmd_finddevice): New. (register_commands): Register new command. -- This might be useful for scripting. Signed-off-by: Werner Koch <[email protected]>
* Avoid leading ": " in the log output when there are no prefixes.Daniel Kahn Gillmor2016-08-121-2/+3
| | | | | | | | * common/logging.c (do_logv): When no prefixes have been requested, omit the ": " separator, since there is nothing on the left-hand side of it. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-24 07:02:18 +0000