| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
* po/ja.po: Fix wrong translations for designated revocation.
Reported by Hideki Saito.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
(keydb_add_resource): Handle scheme "gnupg-kbx:". Detect Keybox
magic. Print wanrning note for Keybox.
(keydb_new, keydb_release, keydb_get_resource_name)
(lock_all, unlock_all, keydb_get_keyblock)
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
(keydb_search2): Ignore Keybox type in switches.
* g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
--
GnuPG 2.1 will support Keybox files in GPG and thus users might see
weird error messages if they accidentally use a keybox file with 2.0.
Better print a note here.
|
| |
|
|
| |
--
|
| |
|
|
| |
* po/ja.po: Fix terms and expressions.
|
| |
|
|
| |
* po/ja.po: Translate all untranslated messages.
|
| |
|
|
|
| |
* po/ja.po: Fix all fuzzy translations. Fill some of unstanslated
messages.
|
| |
|
|
| |
* po/ja.po: Remove old entries.
|
| |
|
|
| |
* po/ja.po: Fix headers. Update by msgmerge -U ja.po gnupg2.pot.
|
| |
|
|
| |
* po/ja.po: Change the encoding to UTF-8 (was: EUC-JP).
|
| |
|
|
| |
* keyserver/gpgkeys_hkp.c (srv_replace): Initialize srvcount.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--
A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring. This change skips all
packets which are not allowed in a keyblock.
GnuPG-bug-id: 1455
(cherry-picked from commit 3a4b96e665fa639772854058737ee3d54ba0694e)
|
| |
|
|
| |
--
|
| |
|
|
| |
* g10/sign.c (update_keysig_packet): Use digest_algo.
|
| |
|
|
|
|
|
|
| |
* g10/pkclist.c (build_pk_list): Print two diagnostics only in
non-quiet mode.
--
(back-ported from commit 8325d616593187ff227853de0295e3269b96edcb)
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
(cherry-picked from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
|
| |
|
|
|
| |
* keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
have SRV support in the first place.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Check for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl
library.
* keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
each target. Once we find one that resolves to an address (whether
IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
SRV name as the "host". Force the HTTP Host header to be the same.
|
| |
|
|
|
|
| |
* common/http.c (send_request, connect_server): Set proper Host header
(no :port, host is that of the SRV) when SRV is used in the
curl-shim.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/http.c (send_request, connect_server, http_open): Use a
struct srv instead of a single srvtag so we can pass the chosen host
and port back to the caller.
(connect_server): Use the proper port in the HAVE_GETADDRINFO case.
* keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
chosen host and port.
* keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
|
| |
|
|
| |
* scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_no_service): Remove.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
pcsc_no_service support.
(apdu_open_reader): Remove R_NO_SERVICE.
* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
* scd/command.c (reader_disabled): Remove.
(get_reader_slot): Follow the change of R_NO_SERVICE.
(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
support.
* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
--
Daemon should handle all possible cases. Even if such a difficult
case like reader_disabled, it should not exit.
|
| |
|
|
|
|
|
|
|
|
| |
* scd/command.c (update_reader_status_file): Don't call
get_reader_slot.
--
This fix has a impact that the insertion of a card reader will not be
detected upon the insertion, but will be deferred until user tries to
access his card.
|
| | |
|
| |
|
|
|
|
| |
* keyserver.c (print_keyrec): Honor --keyid-format when getting back
full fingerprints from the keyserver (the comment in the code was
correct, the code was not).
|
| |
|
|
|
|
|
|
|
|
| |
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--
Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings. This will only work while using
a ECC enabled Libgcrypt. Problem reported by Kristian Fiskerstrand.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.
--
Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* findkey.c (agent_public_key_from_file): Fix use of
gcry_sexp_build_array.
--
A test case leading to a segv in Libgcrypt is
gpg-connect-agent \
"READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye
The keygrip was created by "monkeysphere s", which has a comment.
gcry_sexp_build_array expects pointers to the arguments which is quite
surprising. Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.
Some-comments-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* scd/apdu.c (PCSC_E_NO_SERVICE): New.
(open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
(open_pcsc_reader_wrapped): Set pcsc_no_service.
|
| |
|
|
| |
* po/fr.po: Update.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
agent/genkey.c: s/to to/to/
sm/*.c: s/failed to allocated/failed to allocate/
sm/certlist.c: s/should have not/should not have/
Consistency fix:
* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
|
| | |
|
| |
|
|
| |
* po/Makefile.in.in: Use --previous with msgmerge.
|
| |
|
|
| |
* scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ.
|
| |
|
|
|
| |
* scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
SW_HOST_NO_READER.
|
| |
|
|
| |
* scd/comman.c (do_reset): Let clear card_removed flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
--
Fixes a test case of:
No libpcsclite1 installed.
Run gpg-agent
Run command "gpg-connect-agent learn /bye" with no card/token
Sometimes it fails: ERR 100663356 Not supported <SCD>
While it should be always: ERR 100663404 Card error <SCD>
|
| |
|
|
|
|
|
| |
* scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move.
--
This is for upcoming changes.
|
| |
|
|
| |
* scd/iso7816.c (iso7816_reset_retry_counter): Implement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (select_application): Reorder application tests.
--
Although the DINSIG application is available on most German cards, it
is in reality not used. Thus showing the Geldkarte application is
more desirable for a good user experience.
Conflicts:
scd/app.c
|
| |
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_connect): Do not test for zero atrlen.
--
When gpg-agent prompts for insertion of a card this error would be
returned.
Co-authored-by: Ben Kibbey <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
(open_ccid_reader): Use ccid_keypad_operation for verify and modify.
* scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
(ccid_transceive_apdu_level): Permit sending packet where
apdulen <= 289. Support receiving packets in a chain.
(ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
|
| |
|
|
|
| |
* scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
(pcsc_keypad_modify): Likewise.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.
* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on. use_keypad only makes sense for
iso7816_change_reference_data_kp.
* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
|
| |
|
|
|
| |
* app-openpgp.c (do_change_pin): Fix pincb messages when
use_keypad == 1.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* iso7816.h (iso7816_change_reference_data_kp): Remove arguments
of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.
* iso7816.c (iso7816_change_reference_data_kp): Call
apdu_keypad_modify.
(iso7816_change_reference_data): Don't call
iso7816_change_reference_data_kp.
* apdu.h (apdu_keypad_modify): New.
* apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New.
(struct reader_table_s): New memeber function keypad_modify.
(new_reader_slot, open_ct_reader, open_ccid_reader)
(open_rapdu_reader): Initialize keypad_modify.
* app-openpgp.c (do_change_pin): Handle keypad and call
iso7816_change_reference_data_kp if it is the case.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN.
* iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only
handle thecase with PININFO.
(iso7816_verify): Call apdu_send_simple.
* app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of
iso7816_verify_kp.
* app-nks.c (verify_pin): Likewise.
* app-dinsig.c (verify_pin): Likewise.
* apdu.c: Include "iso7816.h".
(struct reader_table_s): New memeber function keypad_verify.
Add fields verify_ioctl and modify_ioctl in pcsc.
(CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT)
(FEATURE_MODIFY_PIN_DIRECT): New.
(pcsc_control): New.
(control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_keypad, pcsc_keypad_verify): New.
(ccid_keypad_verify, apdu_keypad_verify): New.
(new_reader_slot): Initialize with check_pcsc_keypad,
pcsc_keypad_verify, verify_ioctl and modify_ioctl.
(open_ct_reader): Initialize keypad_verify with NULL.
(open_ccid_reader): Initialize keypad_verify.
(open_rapdu_reader): Initialize keypad_verify with NULL.
(apdu_open_reader): Initialize pcsc_control.
* pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control.
(handle_control): New.
(main): Handle the case 6 of handle_control.
|
