aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgconf: Allow changing gpg's deprecated keyserver optionikloecker/t5462Ingo Klöcker2021-11-031-0/+1
| | | | | | | | | | * tools/gpgconf-comp.c (known_options_gpg): Add "keyserver". -- This allows Kleopatra to read and change the keyserver that is used by gpg if the deprecated keyserver option in gpg.conf is set. GnuPG-bug-id: 5462
* scd: Simplify the loop of DEVINFO.NIIBE Yutaka2021-11-021-11/+5
| | | | | | | | * scd/app.c (app_send_devinfo): Factor out lock/unlock. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix the previous commit.NIIBE Yutaka2021-10-291-5/+1
| | | | Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Modify DEVINFO behavior to support looping forever.NIIBE Yutaka2021-10-293-79/+104
| | | | | | | | | | | | | | | | | | | | | * scd/app.c (struct mrsw_lock): Add notify_cond member. (notify_cond): Remove. (card_list_r_lock, card_list_r_unlock): Rename. (card_list_w_lock, card_list_w_unlock): Rename. (card_list_signal, card_list_wait): New, fixing thinko about notify/wakeup with MRSW lock. (app_send_devinfo): Support looping. (select_application): Notify app_send_devinfo thread for newly detected device. (initialize_module_command): Initialize notify_cond member. (app_wait): Remove. * scd/command.c (cmd_devinfo): Use new API of app_send_devinfo. * scd/scdaemon.h (app_wait): Remove. -- GnuPG-bug-id: 5359 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Support MYPROC_SELF_EXE for SolarisWerner Koch2021-10-272-1/+3
| | | | | | | * common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS. -- GnuPG-bug-id: 5671
* gpg: Fix printing of binary notations.Werner Koch2021-10-221-2/+6
| | | | | | | * g10/keylist.c (show_notation): Print binary notation from BDAT. -- GnuPG-bug-id: 5667
* common: Silence warning from unix_rootdir on systems w/o /procWerner Koch2021-10-201-4/+6
| | | | | | | | | * common/homedir.c (unix_rootdir): Silence diagnostic in the common case. (MYPROC_SELF_EXE): Support NetBSD. -- GnuPG-bug-id: 5656
* common,w32: Do not always print "Garbled console data" warning.Werner Koch2021-10-201-2/+8
| | | | | * common/init.c (_init_common_subsystems): Silence message. --
* dns: Make reading resolv.conf more robust.NIIBE Yutaka2021-10-151-1/+6
| | | | | | | | | | * dirmngr/dns.c (dns_resconf_loadfile): Skip "search" which begins with '.'. -- GnuPG-bug-id: 5657 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --override-compliance-checkWerner Koch2021-10-134-12/+56
| | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (oOverrideComplianceCheck): New. (opts): Add new option. (main): Set option and add check for batch mode. * g10/options.h (opt): Add flags.override_compliance_check. * g10/sig-check.c (check_signature2): Factor complaince checking out to ... (check_key_verify_compliance): this. Turn error into a warning in override mode. -- There is one important use case for this: For systems configured globally to use de-vs mode, Ed25519 and other key types are not allowed because they are not listred in the BSI algorithm catalog. Now, our release signing keys happen to be Ed25519 and thus we need to offer a way for users to check new versions even if the system is in de-vs mode. This does on purpose not work in --batch mode so that scripted solutions won't accidently pass a signature check. GnuPG-bug-id: 5655
* Post release updatesWerner Koch2021-10-122-1/+7
| | | | --
* Release 2.3.3gnupg-2.3.3Werner Koch2021-10-121-1/+29
|
* speedo: Put the keyboxd into the Windows installerWerner Koch2021-10-123-6/+18
| | | | | | * build-aux/speedo/w32/inst.nsi: Install keyboxd. * Makefile.am (sign-release): Sign the wixlib only if generated. * autogen.rc: Remove meanwhile obsolete option --with-regex.
* tests: New way to make use of gpgconf.ctl in tests.Werner Koch2021-10-129-55/+61
| | | | | | | | | | | | | | | | | | | | | | | * Makefile.am (all-local): New to setup symlinks. (distclean-local): New. * tests/Makefile.am: Remove the gpgconf related targets. Just keep gpgconf.ctl.in in EXTRA_DIST * tests/cms/Makefile.am (GNUPG_BUILD_ROOT): * tests/gpgme/Makefile.am (GPGSCM_PATH): * tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT): * tests/pkits/Makefile.am (GNUPG_BUILD_ROOT): * tests/tpm2dtests/defs.scm (tools): Revert to the former values. * tests/openpgp/defs.scm (tools): Ditto. -- This Fixes-commit: 399ebf6d873d4178c1d527aa4df34bf16a76360e Fixes-commit: 84fcd8e6eb7e0786399e1f6461c3f60b0db2d070 because we ran into problems with the idea of first doing a test-install for the checks. "make distcheck" turned out to be too problematic. Symlinks are a better way of doing this. Also fixes GnuPG-bug-id: 5634
* build: Let the release target also sign the wixlib.Werner Koch2021-10-111-1/+3
| | | | --
* Do not build keyxboxd if sqlite has been disabled.Werner Koch2021-10-101-1/+4
| | | | | | | * configure.ac: Move clearing of build_keyboxd out of the conditional. -- GnuPG-bug-id: 5588
* common: Respect gpgconf.ctl when looking up translationsIngo Klöcker2021-10-062-4/+4
| | | | | | | | | | | | | * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR. (i18n_localegettext): Ditto. * tools/gpgconf-comp.c (my_dgettext): Ditto. -- On Unix, gnupg_localedir() returns the locale directory relative to the root directory of the gnupg installation if specified in the gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR. GnuPG-bug-id: 5999
* dirmngr: New option --ignore-certWerner Koch2021-10-065-7/+98
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. (opt): Add field ignored_certs. * dirmngr/dirmngr.c: Add option --ignore-cert (parse_rereadable_options): Handle that option. (parse_ocsp_signer): Rename to ... (parse_fingerprint_item): this and add two args. * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. Change callers to handle the new error return. -- This option is useful as a workaround in case we ill run into other chain validation errors like what we fixed in GnuPG-bug-id: 5639
* dirmngr: Fix Let's Encrypt certificate chain validation.Werner Koch2021-10-061-8/+31
| | | | | | | | | | | | * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted certififcate if any. -- This is basically the same as using OpenSSL with ist X509_V_FLAG_TRUSTED_FIRST flag. See https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ GnuPG-bug-id: 5639
* agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.NIIBE Yutaka2021-10-059-13/+13
| | | | | | | | | | | | | | | | * agent/findkey.c (unprotect): Use gnupg_sleep. * agent/gpg-agent.c (handle_connections): Likewise. * dirmngr/crlfetch.c (handle_connections): Likewise. * kbx/keyboxd.c (handle_connections): Likewise. * tpm2d/tpm3daemon.c (handle_connections): Likewise. * scd/scdaemon.c (handle_connections): Likewise. * scd/command.c (cmd_lock): Likewise. * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise. (ldap_wrapper_wait_connections): Use gnupg_usleep. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix calibrate_get_time use of clock_gettime.NIIBE Yutaka2021-10-051-1/+22
| | | | | | | | | | | * agent/protect.c (USE_CLOCK_GETTIME): New macro. (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME. -- GnuPG-bug-id: 5623 Fixes-commit: 380bce13d94ff03c96e39ac1d834f382c5c730a1 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use the new gpgconf.ctl based method.Werner Koch2021-10-013-46/+33
| | | | | | | | | | | | | * tests/openpgp/defs.scm: We expect that stuff is now installed. (tools): Fix the names. (intsalled?, bin-prefix): Remove. (tool-hardcoded): Simplify. (gpg-conf'): Simplify. (GNUPG_BUILDDIR): Do not anymore set this envvar. * tests/tpm2dtests/defs.scm: Ditto. -- This simplifies things a bit.
* build: Prepare for using installed versions for tests.Werner Koch2021-10-018-3/+51
| | | | | | | | | | | | | | | | | | | | | | | * tests/gpgconf.ctl.in: New. * tests/Makefile.am (EXTRA_DIST): Add new file. (TESTINST_DIRS): New. (clean-local): New. (clean-local-testinst): New. (check-recursive): New hook. (bin/gpgconf.ctl): Run a test install. * tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar GNUPG_BUILD_ROOT. * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto. -- Right now this helps only with the global configuraion dir which is now not set and thus the build host'ss own /etc/gnupg does not anymore affect the build. Signed-off-by: Werner Koch <[email protected]>
* common: Support gpgconf.ctl also for BSDs.Werner Koch2021-10-012-10/+31
| | | | | | | | | | * common/homedir.c (MYPROC_SELF_EXE): New. (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as fallback. -- In addition this adds a fallback method for AIX etc which do not have an easy way to get the info.
* common: Add keyword sysconfdir to the optional gpgconf.ctl file.Werner Koch2021-10-011-18/+69
| | | | | | | | | | * common/homedir.c (unix_rootdir): Add arg want_sysconfdir. (gnupg_sysconfdir): Return it. -- Our regression test suite has the problem that we can't disable the use of the global config files or test them using the regualr binaries. This new keyword will allow us to overcome the problem.
* kbx: Let it include keybox.h to avoid multiple typedefs.NIIBE Yutaka2021-09-301-6/+1
| | | | | | | | | * kbx/backend.h: Include keybox.h. -- GnuPG-bug-id: 5630 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Handle backsig for v5 signature.NIIBE Yutaka2021-09-291-6/+8
| | | | | | | | | * g10/getkey.c (merge_selfsigs_subkey): Check v5 signature correctly. -- GnuPG-bug-id: 5628 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Ed448 and X448 are only for v5 (for subkey).NIIBE Yutaka2021-09-291-1/+6
| | | | | | | | | | | | * g10/keygen.c (generate_subkeypair): Specify KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key. -- Reported-by: William Holmes Fixes-commit: 36355394d865f5760075e62267d70f7a7d5dd671 GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: A 20 byte fingerprint is right filled in version 2 blob.NIIBE Yutaka2021-09-281-0/+2
| | | | | | | | | | * kbx/keybox-blob.c (create_blob_header): Fix creating FPR20 key in blob with 32-byte fingerprint. -- GnuPG-bug-id: 5609 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Skip the packet when not used for AEAD.NIIBE Yutaka2021-09-281-0/+1
| | | | | | | | | | * g10/free-packet.c (free_packet): Add the case for case PKT_ENCRYPTED_AEAD. -- GnuPG-bug-id: 5464 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Fix several "include file not found" problemsIngo Klöcker2021-09-203-7/+8
| | | | | | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add NPTH_CFLAGS. * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. -- The tools include gcrypt.h via common/util.h. GnuPG-bug-id: 5592
* po: Fixed Italian translation for key expirationgiomba2021-09-201-1/+1
| | | | | | | | | | | * po/it.po: Fix italian translation. -- In English, "too" has two different meanings (eg. "too much" vs "change it too"). Italian translation used wrong meaning, and the sentence made no sense. Signed-off-by: Andre Heinecke <[email protected]>
* common: Support a gpgconf.ctl file under Unix.Werner Koch2021-09-171-17/+252
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): New. (gnupg_bindir): Use it. (gnupg_libexecdir): Use it. (gnupg_libdir): Use it. (gnupg_datadir): Use it. (gnupg_localedir): Use it. -- This feature is useful for building and using an AppImage version of gnupg and probably also for some other use cases. GnuPG-bug-id: 5999 Here is a sample gpgconf.ctl file --8<---------------cut here---------------start------------->8--- # gpgconf.ctl # # This file is used to change the directories where the gpg components # are installed. It does not change the configuration directories. # The file is expected in the same directory as gpgconf. The physical # installation directories are evaluated and no symlinks. Blank lines # and lines starting with pound signed are ignored. No errors are # printed for unknown keywords or commands. The only defined key for # now is "rootdir" which must be followed by one optional space, an # equal sign, and the value for the root directory. Environment # variables are substituted in standard shell manner, the final value # must start with a slash, trailing slashed are stripped. rootdir = $APPDIR/gnupg --8<---------------cut here---------------end--------------->8---
* common: New function substitute_envvars.Werner Koch2021-09-173-0/+206
| | | | | | | | | | * common/stringhelp.c (substitute_envvars): New. Based on code in gpg-connect-agent. * common/t-stringhelp.c: Include sysutils.h. (test_substitute_envvars): New. -- GnuPG-bug-id: 5599
* doc: Clarify some gpg keyring optionsWerner Koch2021-09-141-22/+28
| | | | | -- GnuPG-bug-id: 5594
* gpg: Print a warning when importing a bad cv25519 secret key.Werner Koch2021-09-141-1/+17
| | | | | | | | * g10/import.c (transfer_secret_keys): Add simple check. -- Note that the requirement for a set high bit is not yet checked. GnuPG-bug-id: 5464
* Update release signing keys.Werner Koch2021-09-141-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- These are now # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]>
* common: New envvar GNUPG_EXEC_DEBUG_FLAGS.Werner Koch2021-09-131-4/+16
| | | | | * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence breakaway messages and turn them again into debug messages.
* doc: Minor update of the AD schema.Werner Koch2021-09-093-39/+45
| | | | --
* sm: Add LotW support to the key listingWerner Koch2021-09-093-3/+11
| | | | | | | | | | * sm/certdump.c (parse_dn_part): Translate OID to "Callsign" * sm/keylist.c (oidtranstbl): Some more OIDs. -- This is Ham thingy to make it easier to read LotW certificates. Signed-off-by: Werner Koch <[email protected]>
* build: Fix "ksba.h not found" problemIngo Klöcker2021-09-081-1/+1
| | | | | | | * sm/Makefile.am (t_minip12_CFLAGS): Add KSBA_CFLAGS. -- GnuPG-bug-id: 5592
* agent: Fix segv in GET_PASSPHRASE (regression)Werner Koch2021-09-071-1/+1
| | | | | | | | | * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always NULL. -- Fixes-commit: b89b1f35c29ceaebe39b31444936aa66c9297f2c GnuPG-bug-id: 5577
* gpg: Print a note about the obsolete option --secret-keyring.Werner Koch2021-08-282-2/+2
| | | | | | -- GnuPG-bug-id: 2749
* gpg: Change default and max AEAD chunk size to 4 MiBWerner Koch2021-08-272-4/+4
| | | | | | | | | -- This is per OpenPGP WG design team decision from 2021-08-13 (raising a new wall after exactly 60 years ;-) Signed-off-by: Werner Koch <[email protected]>
* kbx: Fix checksum computation for no UBID entry on disk.NIIBE Yutaka2021-08-271-2/+2
| | | | | | | | | | | | * kbx/keybox-blob.c (create_blob_header): Fix the flag to match no UBID entry, (create_blob_finish): Fix the length of data to be hashed. -- GnuPG-bug-id: 5573 Fixes-commit: 915297705af6f1db74dacf0d6665b83eb0a58459 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix put_membuf.NIIBE Yutaka2021-08-271-1/+4
| | | | | | | | | | * common/membuf.c (put_membuf): Allow NULL for the second arg. -- There has been such a use case in keybox-blob.c. Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix get_signal_name for GNU/Linux.NIIBE Yutaka2021-08-262-1/+4
| | | | | | | | | | * common/signal.c (get_signal_name): Use sigdescr_np if available. * configure.ac: Check the function. -- GnuPG-bug-id: 5568 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2021-08-242-1/+8
| | | | --
* Release 2.3.2gnupg-2.3.2Werner Koch2021-08-242-8/+132
|
* dirmngr: Change the default keyserver.Werner Koch2021-08-247-57/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 11:45:53 +0000