aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* build: Update for newer autoconf.NIIBE Yutaka2021-12-223-22/+9
| | | | | | | | | | | | | | | * configure.ac (AC_PREREQ): Use >= 2.69. (AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER. (AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros. (sys/time.h): Add the check of the header. (time_t): Don't use TIME_WITH_SYS_TIME. * acinclude.m4 (AC_HEADER_TIME): Don't require. Don't use TIME_WITH_SYS_TIME. * dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2021-12-211-15/+12
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Fix comment for .po generation.NIIBE Yutaka2021-12-211-3/+3
| | | | | | | | | * agent/call-pinentry.c (setup_formatted_passphrase): Move comment to inside. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updates.Werner Koch2021-12-202-1/+8
| | | | --
* Release 2.3.4gnupg-2.3.4Werner Koch2021-12-202-2/+49
|
* gpg: Correctly set the ownertrust for a new key.Werner Koch2021-12-201-3/+1
| | | | | | | * g10/keygen.c (do_generate_keypair): Use update_ownertrust. -- GnuPG-bug-id: 5742
* po: auto updateWerner Koch2021-12-2025-200/+516
|
* po: Update German translationWerner Koch2021-12-201-9/+20
| | | | --
* gpg: Add unfinished code for --export-secret-ssh-key.Werner Koch2021-12-203-35/+449
| | | | | | | | | | | | | | | | * g10/gpg.c (exportSecretSshKey): New. (opts): Add --export-secret-ssh-key. (main): Implement option. * g10/export.c (do_export_stream): Factor keywrap key code out to ... (get_keywrap_key): new. (mb_write_uint32, mb_write_uint8) (mb_write_data, mb_write_cstring) (mb_write_string, mb_write_mpi): New. (receive_raw_seckey_from_agent): New. (export_secret_ssh_key): New. -- Due to time constraints the code is not yet ready.
* gpg: Allow passing a keygrip as description to pinentry.Werner Koch2021-12-202-15/+37
| | | | | | | * g10/keydb.h (FORMAT_KEYDESC_KEYGRIP): New. * g10/passphrase.c (gpg_format_keydesc): Add new mode. Signed-off-by: Werner Koch <[email protected]>
* common: Add set_membuf_err.Werner Koch2021-12-202-0/+13
| | | | * common/membuf.c (set_membuf_err): New.
* wkd: Don't beg for donationsWerner Koch2021-12-201-3/+3
| | | | | | * tools/gpg-wks-server.c (send_congratulation_message): Remove donation hint from message. --
* dirmngr: Ask keyservers to provide the key fingerprintsIngo Klöcker2021-12-201-1/+1
| | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to request URL. -- Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not provide the key fingerprints by default. Therefore, we ask for the fingerprints explicitly. GnuPG-bug-id: 5741
* dirmngr: Fix ldap-url.c.NIIBE Yutaka2021-12-171-2/+2
| | | | | | | | | * dirmngr/ldap-url.c (ldap_charray2str): Use memcpy instead of strncpy when length is computed by strlen beforhand. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Prepare for the case gcrypt.h will not include winsock2.h.NIIBE Yutaka2021-12-177-2/+21
| | | | | | | | | | | | | | | * common/dynload.h: Include specific headers only. * common/exechelp-w32.c: Include <windows.h>. * common/gettime.c: Likewise. * common/utf8conv.c: Likewise. * tests/gpgscm/ffi.c: Likewise. * tools/gpgconf.c: Likewise. * configure.ac: Check winsock2.h, removing gl_HEADER_SYS_SOCKET. -- GnuPG-bug-id: 5731 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Emit compatible Ed25519 signature.NIIBE Yutaka2021-12-103-1/+87
| | | | | | | | | | | | | * g10/pkglue.c (sexp_extract_param_sos_nlz): New. * g10/pkglue.h: Add the declaration. * g10/sign.c (do_sign): Use sexp_extract_param_sos_nlz for Ed25519. -- Ed25519 signature in GnuPG 2.2 has no leading zeros. GnuPG-bug-id: 5331 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix function prototype to match declaration.Jakub Jelen2021-11-241-3/+7
| | | | | | | | * g10/test-stubs.c (keyserver_import_mbox): Fix prototype -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* kbx: Fix allocation checkJakub Jelen2021-11-241-1/+1
| | | | | | | | * kbx/kbxserver.c (cmd_search): Fix allocation check -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* homedir: Avoid memory leaks on errorsJakub Jelen2021-11-241-0/+2
| | | | | | | | * common/homedir.c (unix_rootdir): Free allocated memory on error path -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* dirmngr: Avoid memory leaks on errorsJakub Jelen2021-11-241-2/+4
| | | | | | | | | * dirmngr/ldap-misc.c (ldap_parse_extfilter): Avoid direct return without freeing resources on errors. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Fix format_keyid.NIIBE Yutaka2021-11-241-5/+4
| | | | | | | | * g10/keyid.c (format_keyid): Allocate buffer earlier. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix key conversion for SSH.NIIBE Yutaka2021-11-241-5/+6
| | | | | | | | | | * g10/export.c (key_to_sshblob): Use put_membuf with length counted beforehand, and use memcmp instead of strncmp. -- GnuPG-bug-id: 5393 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New option --forbid-gen-key.Werner Koch2021-11-222-9/+46
| | | | | | | | | | | | * g10/gpg.c (oForbidGenKey, opts): New option. (mopt): New local struct (gen_key_forbidden): New. (main): Set and handle the option. -- In large system installation it is sometimes useful to make it a bit harder for users to generate their own keys. An example is a policy to not use on-disk keys.
* gpgconf: Fix last commit.Werner Koch2021-11-191-3/+3
| | | | | -- Oops, I noticed the warning only after backporting to 2.2.
* gpgconf: Include output of --list-dirs in --show-configs.Werner Koch2021-11-191-14/+28
| | | | | | * tools/gpgconf.c (list_dirs): Add arg special. (show_other_registry_entries): Print the Homedir. (show_configs): List directories.
* gpg,gpgsm: Add option --min-rsa-length.Werner Koch2021-11-188-10/+57
| | | | | | | | | | | | | | | * common/compliance.c (min_compliant_rsa_length): New. (gnupg_pk_is_compliant): Take in account. (gnupg_pk_is_allowed): Ditto. (gnupg_set_compliance_extra_info): New. * g10/gpg.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * g10/options.h (opt): Add field min_rsa_length. * sm/gpgsm.c (oMinRSALength): New. (opts): Add --min-rsa-length. (main): Set value. * sm/gpgsm.h (opt): Add field min_rsa_length.
* gpgconf: --show-configs now prints a bunch of Registry entries.Werner Koch2021-11-171-11/+103
| | | | | | * tools/gpgconf.c (show_other_registry_entries): New. (show_configs): Call it. Minor reformatting. --
* gpgconf: Extend --show-config to show envvars.Werner Koch2021-11-171-19/+112
| | | | | | | | | * tools/gpgconf.c (my_copy_file): Add arg LISTP and record certain things. (show_configs_one_file): New arg LISTP to be passed thru. (show_configs): Show envars and regisiry values. Signed-off-by: Werner Koch <[email protected]>
* common,w32: New function read_w32_reg_string.Werner Koch2021-11-173-179/+65
| | | | | | | * common/w32-reg.c (get_root_key): Remove. (read_w32_registry_string): Turn into a wrapper for the gpgrt function. (read_w32_reg_string): New.
* sm: Detect circular chains in --list-chain.Werner Koch2021-11-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/keylist.c (list_cert_chain): Break loop for a too long chain. -- This avoids endless loops in case of circular chain definitions. We use such a limit at other palces as well. Example for such a chain is # ------------------------ >8 ------------------------ ID: 0xBE231B05 S/N: 51260A931CE27F9CC3A55F79E072AE82 (dec): 107864989418777835411218143713715990146 Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53 sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05 md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6 pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678 certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82 keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9 notBefore: 2005-06-07 08:09:10 notAfter: 2019-06-24 19:06:30 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A authKeyId: [none] authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F [...] Certified by ID: 0xCE2E4C63 S/N: 46EAF096054CC5E3FA65EA6E9F42C664 (dec): 94265836834010752231943569188608722532 Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73 sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63 md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27 pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840 certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664 keygrip: 10678FB5A458D99B7692851E49849F507688B847 notBefore: 2005-06-07 08:09:10 notAfter: 2020-05-30 10:48:38 hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) keyType: rsa2048 subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F authKeyId: [none] authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A keyUsage: certSign crlSign [...] Which has a circular dependency on subKeyId/authkeyId.ki.
* scd:openpgp: Support longer data for INTERNAL_AUTHENTICATE.NIIBE Yutaka2021-11-151-0/+8
| | | | | | | | | | * scd/app-openpgp.c (do_auth): Use extended Lc, when supported. -- GnuPG-bug-id: 5682 Co-authored-by: Klas Lindfors Signed-off-by: NIIBE Yutaka <[email protected]>
* agent: Print the non-option warning earlier.Werner Koch2021-11-141-10/+10
| | | | | | | | * agent/gpg-agent.c (main): Move detection up. -- The problem is that PARGS is re-used and when detecting a possible incorrect use, the flag that "--" has already been seen has gone.
* Update release signing keysWerner Koch2021-11-131-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -- The last key is new. As usual the key is on a dedicated card with the Admin PIN accessible to a few core hackers. # ------------------------ >8 ------------------------ pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 sig R BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) uid Andre Heinecke (Release Signing Key) sig 3 BCEF7E294B092E28 2017-03-17 Andre Heinecke (Release Signing Key) sig 1FDF723CF462B6B1 2017-03-17 Andre Heinecke <[email protected]> pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid Werner Koch (dist signing 2020) sig 3 528897B826403ADA 2020-08-24 Werner Koch (dist signing 2020) sig 249B39D24F25E3B6 2020-08-24 Werner Koch (dist sig) sig 63113AE866587D0A 2020-08-24 [email protected] sig E3FDFF218E45B72B 2020-08-24 Werner Koch (wheatstone commit signing) sig F2AD85AC1E42B367 2020-08-24 Werner Koch <[email protected]> pub ed25519 2021-05-19 [SC] [expires: 2027-04-04] AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD uid Niibe Yutaka (GnuPG Release Key) sig 3 E98E9B2D19C6C8BD 2021-05-19 Niibe Yutaka (GnuPG Release Key) sig 00B45EBD4CA7BABE 2021-09-14 NIIBE Yutaka <[email protected]> sig E267B052364F028D 2021-09-14 NIIBE Yutaka <[email protected]> pub brainpoolP256r1 2021-10-15 [SC] [expires: 2029-12-31] 02F38DFF731FF97CB039A1DA549E695E905BA208 uid GnuPG.com (Release Signing Key 2021) sig 3 549E695E905BA208 2021-10-15 GnuPG.com (Release Signing Key 2021) sig 528897B826403ADA 2021-10-15 Werner Koch (dist signing 2020) sig E3FDFF218E45B72B 2021-10-15 Werner Koch (wheatstone commit signing)
* gpg: Remove stale ultimately trusted keys from the trustdb.Werner Koch2021-11-137-18/+73
| | | | | | | | | | | | | | | | * g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <[email protected]>
* keyboxd: New option --steal-socket.Werner Koch2021-11-131-8/+20
| | | | | | | | | * kbx/keyboxd.c (oStealSocket): New const. (opts): Add option. (steal_socket): New file global flag. (main): Set option. (create_server_socket): Implement option. --
* agent,dirmngr: New option --steal-socketWerner Koch2021-11-133-9/+41
| | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. (create_server_socket): Implement option. * dirmngr/dirmngr.c (oStealSocket): New. (opts): Add option. (steal_socket): New file global var. (main): Set option. Add comment to eventually implement it. -- Note that --steal-socket has currently no effect on dirmngr because dirmngr does this anway. Signed-off-by: Werner Koch <[email protected]>
* doc: Clarify the "ntds" AKL mechanism.Werner Koch2021-11-121-1/+3
| | | | --
* gpg: Don't use malloc for kek_params.NIIBE Yutaka2021-11-121-8/+5
| | | | | | | | | * g10/ecdh.c (pk_ecdh_default_params): Use stack for kek_params. -- GnuPG-bug-id: 5393 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Avoid use of uninitialized value.Jakub Jelen2021-11-121-2/+2
| | | | | | | | | | | | * kbx/backend-kbx.c (be_kbx_search): Initialize skipped_long_blobs value which is passed to keybox_search and incremented there. (be_kbx_seek): Likewise. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* gpg: Avoid uninitialized revkey.fprlen.Jakub Jelen2021-11-121-0/+2
| | | | | | | | | | * g10/keygen.c (parse_revocation_key): Store the fingerprint length in created structure. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* agent: Avoid uninitialized buffer.Jakub Jelen2021-11-121-1/+1
| | | | | | | | | | | * agent/sexp-secret.c (fixup_when_ecc_private_key): Initialize buffer to avoid its use on unexpected inputs. -- GnuPG-bug-id: 5393 Co-authored-by: NIIBE Yutaka <[email protected]> Signed-off-by: Jakub Jelen <[email protected]>
* agent: Correctly free memory on error path.Jakub Jelen2021-11-121-1/+4
| | | | | | | | | * agent/protect.c (merge_lists): Free memory on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* scd: Avoid memory leak.Jakub Jelen2021-11-121-0/+1
| | | | | | | | | * scd/command.c (cmd_readkey): Free allocated memory on failure path. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* tools: Avoid memory leak from gpgspilt.Jakub Jelen2021-11-121-0/+1
| | | | | | | | | * tools/gpgsplit.c (write_part): Free memory when no longer needed. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* gpg-pair-tool: Fix typos in protocol description.Jakub Jelen2021-11-121-7/+7
| | | | | | | -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <[email protected]>
* wks: Do not mark key files as executableBernhard M. Wiedemann2021-11-091-1/+1
|
* wks: Allow access to newly created dirsBernhard M. Wiedemann2021-11-091-2/+2
|
* gpg: Fix indentation of --print-mds and --print-md sha512.Werner Koch2021-11-041-4/+4
| | | | | | | * g10/gpg.c (print_hex): Fix indentation. -- GnuPG-bug-id: 5679
* gpgconf: New command --show-configs.Werner Koch2021-11-041-5/+155
| | | | | | | | | | | | | | | | | | * tools/gpgconf.c (aShowConfigs): New. (opts): Add --show-configs. (CUTLINE_FMT): New. (show_version_gnupg): Add arg "prefix" and adjust caller. (my_copy_file): New. (show_configs_one_file): New.New. (show_configs): New. (main): Call show_configs. -- The ability to have a consolidated list of all config files is very useful for support cases. This is in particular important due to the global config files and their conditional constructs. Signed-off-by: Werner Koch <[email protected]>
* scd: Add new OpenPGP card vendor.Werner Koch2021-11-041-0/+1
| | | | --
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-10 20:08:17 +0000