aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Exclude expired trusted keys from the key validation process.Werner Koch2024-09-251-14/+47
| | | | | | | | | | | | | | | * g10/trustdb.c (copy_key_item): New. (validate_keys): Use a stripped down UTK list w/o expired keys. -- This patch makes sure that an expired trusted key is not used for trust computation. The test case is to delete a trusted key from the keyring, import a copy of that key which has already expired, check that a signed key is not anymore fully trusted and finally import a prolonged version of the trusted key and check that the signed key is now again fully trusted. GnuPG-bug-id: 7200
* gpg: Validate the trustdb after the import of a trusted key.Werner Koch2024-09-251-4/+16
| | | | | | | | | | | | | * g10/import.c (import_one_real): Rename non_self to non_self_or_utk. If not set after chk_self_sigs check whether the imported key is an ultimately trusted key. -- The revalidation mark was only set if the imported key had a new key signature. This is in general correct but not if the imported key is a trusted key. GnuPG-bug-id: 7200
* gpg: Remove useless variable in validate_keys.Werner Koch2024-09-251-30/+34
| | | | | | | | | | | * g10/trustdb.c (store_validation_status): Remove arg 'stored'. (validate_keys): Remove keyhashtable 'stored' which was never used. -- This has been here since 2003. The variable was never evaluated - only stored. Also added some comments.
* po: Update Japanese Translation.NIIBE Yutaka2024-09-251-17/+11
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.NIIBE Yutaka2024-09-251-1/+1
| | | | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe. -- Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix --quick-set-expire for V5 subkey fingerprintsIngo Klöcker2024-09-241-1/+1
| | | | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_expire): Use actual size of fingerprint. -- The size of the fingerprints is either 20 (V4) or 32 (V5). Using the actual size of the fingerprints fixes the lookup of subkeys with V5 fingerprint. GnuPG-bug-id: 7298
* common: Add debug code to gnupg_exec_tool_streamWerner Koch2024-09-241-0/+7
| | | | | | | * common/exectool.c (gnupg_exec_tool_stream): Add diagnostic. -- This should help if something is broken with poll.
* w32: Fix last commit to build on Windows.Werner Koch2024-09-201-1/+1
| | | | | | | | * scd/app.c (struct mrsw_lock): Move notify_watchers out of the system specific condition. -- Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
* scd: Fix DEVINFO, allowing no clients which watch the change.NIIBE Yutaka2024-09-201-3/+7
| | | | | | | | | | | * scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers. (card_list_signal): Only when watchers wait, kick by write(2). (card_list_wait): Increment/decrement notify_watchers field. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* speedo: Make use of wget more robustWerner Koch2024-09-192-5/+15
| | | | | | | * build-aux/getswdb.sh: Add option --wgetopt. * build-aux/speedo.mk (WGETOPT): New. (getswdb_options): Pass to getswdb. (unpack): Use wget with new options.
* po: Update Portuguese Translation.Daniel Cerqueira2024-09-191-27/+10
| | | | | | -- Signed-off-by: Daniel Cerqueira <[email protected]>
* gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.Werner Koch2024-09-192-5/+11
| | | | | | | | | | | | | | | | | | | | | | * g10/decrypt-data.c (struct decode_filter_context_s): Add flag checktag_failed. (aead_checktag): Set flag. (decrypt_data): Initially clear that flag and check the flag after the decryption. * g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based check. -- This fixes a bug where for an OCB encrypted and signed message with the signing key missing during decryption the DECRYPTION_FAILED status line was printed along with "WARNING: encrypted message has been manipulated". This was because we use log_error to show that the signature could not be verified due to the missing pubkey; the original fix looked at the error counter and thus triggered the decryption failed status. Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e GnuPG-bug-id: 7042
* agent: Fix detection of the trustflag de-vs.Werner Koch2024-09-191-1/+1
| | | | | | | | * agent/trustlist.c (read_one_trustfile): Fix comparison. -- Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f GnuPG-bug-Id: 5079
* kbx: Fix a race condition on DATABASE_HD.NIIBE Yutaka2024-09-191-3/+6
| | | | | | | | | | * kbx/backend-sqlite.c (create_or_open_database): Protect the access to DATABASE_HD. -- GnuPG-bug-id: 7294 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix DEVINFO to allow multiple clients.NIIBE Yutaka2024-09-181-0/+9
| | | | | | | | | * scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe. -- GnuPG-bug-id: 7151 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests:gpgscm: Raise an error correctly for process spawning.NIIBE Yutaka2024-09-131-3/+13
| | | | | | | | | | * tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR. (do_process_spawn_fd): Likewise. -- Reported-by: Marcel Telka <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2024-09-122-1/+9
| | | | --
* Release 2.5.1gnupg-2.5.1Werner Koch2024-09-121-1/+31
|
* tools: Fix recent regressions in gpg-authcode-sign.shWerner Koch2024-09-111-2/+2
| | | | | * tools/gpg-authcode-sign.sh (cleanup): Fix syntax error. (trap): Remove bashism.
* build: Fix make distclean for gnupg.7.htmlWerner Koch2024-09-111-3/+3
| | | | --
* po: msgmergeWerner Koch2024-09-1126-391/+983
| | | | --
* po: Update the German translationWerner Koch2024-09-111-17/+38
| | | | --
* gpgsm: New option --assert-signerWerner Koch2024-09-116-4/+184
| | | | | | | | | | | | | | | * sm/gpgsm.c (oAssertSigner, oNoop): New. (opts): Add option --assert-signer. (assert_signer_true): New var. (main): Set new option. (gpgsm_exit): Handle assert_signer_true. * sm/gpgsm.h (opt): Add field assert_signer_list. * sm/verify.c (is_x509_fingerprint): New. (check_assert_signer_list): New. (gpgsm_verify): Handle option. -- GnuPG-bug-id: 7286
* build: Remove configure option --enable-gpg-is-gpg2Werner Koch2024-09-117-156/+9
| | | | | | | | | | | | | | | | | * configure.ac (--enable-gpg-is-gpg2): Remove option. (USE_GPG2_HACK): Remove var. * common/homedir.c (gnupg_module_name): Remove code for gpg2 installation option. * g10/keygen.c (generate_keypair): Ditto. * g10/Makefile.am (noinst_PROGRAMS): Ditto. * doc/gpg.texi: Ditto. * doc/gpgv.texi: Ditto. -- This option and all its build stuff does not make anymore sense. gpg1 is way too old for anyone to use on a regualar base along with a standard gpg. It is better to rename that single gpg (1.4) binary to gpg1 and adjust any scripts.
* build: Also cleanup generated html file in a make distcheckWerner Koch2024-09-111-9/+14
| | | | | | | | * doc/Makefile.am (myman_pages): Add gpg and gpgv. (USE_GPG2_HACK): Remove conditional. (myhtmlman_pages): New. (DISTCLEANFILES): Add html pages. --
* tests: Updated PQC test data to the final Kyber algo id.Werner Koch2024-09-1110-342/+529
| | | | | | | | -- We actually reuse the private keys here by having deleted the subkey and crated a new one using the option "From existing key". Of course the encrypted data changed while the plaintext stayed the same.
* doc: Updated comments in speedo.mkWerner Koch2024-09-111-5/+6
| | | | --
* gpg: Fix getting key by IPGP.NIIBE Yutaka2024-09-111-1/+2
| | | | | | | | | | * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key. -- GnuPG-bug-id: 7288 Reported-by: Wilfried Teiken Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New commands --add-recipients and --change-recipients.Werner Koch2024-09-0911-66/+331
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aAddRecipients, aChangeRecipients): New consts. (opts): Add --add-recipients and --change-recipients. (main): Handle them. * g10/gpg.h (struct server_control_s): Add fields modify_recipients, clear_recipients, and last_read_ctb. * g10/armor.c (was_armored): New. * g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle re-encryption if desired. * g10/encrypt.c (write_pubkey_enc): Factor info printing out to ... (show_encrypted_for_user_info): new. (reencrypt_to_new_recipients): New. * g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc and last_ctb. (init_parse_packet): Clear them. * g10/parse-packet.c (parse): Store CTB in the context. Early return on pubkey_enc and symkey_enc packets if requested. * g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return early in modify-recipients mode. (proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'. Adjust callers. Call do_proc_packets in modify-recipients mode depending on the optional args. (do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save the last read CTB in CTRL and return after the last fooenc_enc packets. -- This basically works but does not yet handle symmetric encrypted packets (symkey_enc). GnuPG-bug-id: 1825 (Yes, this is an at least 9 year old feature request)
* gpg: Improve detection of input data read errors.Werner Koch2024-09-061-3/+10
| | | | | | | | | | | | * g10/build-packet.c (do_plaintext): Better error checking for iobuf_copy. -- Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995 GnuPG-bug-id: 6528 The original fix handles only the disk full case but didn't bother about read errors (i.e. I/O problems on an external drive).
* gpg: Make --no-literal work again for -c and --store.Werner Koch2024-09-062-18/+29
| | | | | | | | | | | * g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy. (enarmor_file): Ditto. * g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy (encrypt_crypt): Use iobuf_copy. -- Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d GnuPG-bug-id: 5852
* gpg: Simplify the pubkey_enc_list objectWerner Koch2024-09-064-62/+88
| | | | | | | | | | | | * g10/packet.h (struct pubkey_enc_list): Replace most by a PKT_pubkey_enc member. * g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ... (release_pubkey_enc_parts): new. (copy_pubkey_enc_parts): New. * g10/mainproc.c (release_list): Adjust for above change. (proc_pubkey_enc): Ditto. (print_pkenc_list): Ditto. (proc_encrypted): Ditto.
* gpg: remove workaround for Libgcrypt < 1.8.6Werner Koch2024-09-061-29/+4
| | | | * g10/free-packet.c (is_mpi_copy_broken): Remove.
* scd:w32: Fix for setting an environment block with GNUPGHOME.NIIBE Yutaka2024-09-061-3/+2
| | | | | | | | | | * scd/app.c (report_change): It's ASCII or multi-byte encoded string. It's gpgrt's spawn function which converts it to wide char string internally if needed. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:w32: Export GNUPGHOME for scd-event.NIIBE Yutaka2024-09-051-12/+11
| | | | | | | | * scd/app.c (report_change): Set up GNUPGHOME. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Add missing linefeed to the -X output.Werner Koch2024-09-031-1/+11
| | | | * tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
* agent: Fix KEYTOCARD for the use case with loopback pinentry.NIIBE Yutaka2024-09-031-0/+7
| | | | | | | | | * agent/command.c (cmd_keytocard): Copy LINE. -- GnuPG-bug-id: 7283 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Add two plaintext test mailsWerner Koch2024-08-292-0/+48
| | | | --
* gpg-mail-tube: New feature --as-attach.Werner Koch2024-08-292-18/+87
| | | | | | | | * tools/gpg-mail-tube.c (oAsAttach): NEw. (opts): Add --as-attach. (opt): Add .as_attach. (parse_arguments): Set it. (mail_tube_encrypt): Detect plain text and hhandle new option.
* tools: Improve rfc822parse to allow access to headers for longer.Werner Koch2024-08-291-17/+25
| | | | | | | | | | | | | | | | | | | | | | | * tools/rfc822parse.c (struct rfc822parse_context): Add field this_part. (release_handle_data): Clear this_part. (rfc822parse_open): Set this_part. (set_current_part_to_parent): Ditto. (insert_header): Ditto. (rfc822parse_enum_header_lines): Replace current_part by this_part. (find_header): Ditto. * tools/rfc822parse.c (my_strcasecmp): Remove. (same_header_name): New. (rfc822_capitalize_header_name): Use new function instead. -- With this change the header function can now be sued after the transition to the body. Thus up until thenext MIME block is reached the headers of the former MIME block are returned. This also fixes a problem with the "MIME-Version" header name capitalization.
* doc: Minor fix for the description of gpg's --default-*-expireWerner Koch2024-08-291-2/+2
| | | | --
* gpg: Switch Kyber to the final algo id and add it to the menu.Werner Koch2024-08-272-26/+23
| | | | | | | | | | | | * common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8. * g10/keygen.c (do_generate_keypair): Remove the experimental algo note ... (write_keybinding): and the experimental notation data. (ask_algo): Add a mode 16 for a Kyber subkey. (generate_subkeypair): Set parameters for mode 16. -- GnuPG-bug-id: 6815
* gpg: New option --proc-all-sigsWerner Koch2024-08-235-3/+28
| | | | | | | | | | | | * g10/options.h (flags): Add proc_all_sigs. * g10/mainproc.c (proc_tree): Do not stop signature checking if this new option is used. * g10/gpg.c (oProcAllSigs): New. (opts): Add "proc-all-sigs". (main): Set it. -- GnuPG-bug-id: 7261
* gpg: Warn if a keyring is specified along with --use-keyboxd.Werner Koch2024-08-231-0/+3
| | | | | | * g10/gpg.c (main): Print the warning. -- GnuPG-bug-id: 7265
* common: Do not call the agent with the obsolete --use-standard-socket.Werner Koch2024-08-221-2/+0
| | | | | | | * common/asshelp.c (start_new_service): Drop that option. -- This avoids a useless warnings.
* doc: Remove included yat2m and build HTML versions of the man pages.Werner Koch2024-08-192-10/+8
| | | | | | | | * configure.ac (YAT2M): Use standard detection. * doc/Makefile.am (EXTRA_DIST): Remove yat2m.c. (CLEANFILES): Ditto. (yat2m): Remove targets. (yat2m-stamp): Also build html versions.
* gpg: Minor fix when building with --disable-execWerner Koch2024-08-191-1/+0
| | | | | | | * g10/photoid.c (show_photo): No return for a void function. -- GnuPG-bug-id: 7256
* doc: Add another example for gpg-mail-tubeWerner Koch2024-08-161-0/+33
| | | | --
* tools: Fix bashishmWerner Koch2024-08-161-6/+7
| | | | | | -- Fixes-commit: 536fc8d33db571108459493d1881cdfc8371d3cc
* build-aux: Add PKCS#8 authenticode key supportAndre Heinecke2024-08-151-2/+13
| | | | | | | | | | * tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file does not end with .p12 or .pfx. -- Since using encrypted PKCS#12 containers with askpass is unpractical when signing many files. This adds support to use an PKCS#8 key for codesigning.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-11 02:13:06 +0000