| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
--
The key editor currently prints out the ownertrust value assigned
to a key only when using the classic or PGP trust models; but
that value is also meaningful in the recently introduced TOFU+PGP
combined model.
Signed-off-by: Damien Goutte-Gattat <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Don't just check if a secret
key is available for the public key, also consider subkeys. Also
check that the key has the signing capability, is not revoked, is not
expired and is not disabled. Print a warning if there was a least one
value passed to --default-key and all were ignored.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Regression-due-to: e16d7168
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
computation.
--
This bug is difficult to reproduce because the probability is 1/256,
and key generation takes long time. The regression was introduced
when we add the support for ECC.
GnuPG-bug-id: 2150
|
| |
|
|
|
|
|
|
|
| |
* g10/import.c (struct stats_s): Rename to import_stats_s. Change all
users.
* g10/main.h (import_stats_t): New. Change fucntions to use this
instead of a void pointer.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/util.h: Remove replacement macros for libgpg-error<1.21.
* common/types.h: Ditto.
* common/mischelp.h: Ditto.
* common/t-mapstrings.c: Include t-support.h before stringhelp.h
* common/t-stringhelp.c: Ditto.
* common/t-support.h: Always include gpg-error.h.
* kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
comes first.
--
This patch enhances commit d6e0149 from Dec 10.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
--
Signed-off-by: Neal H. Walfield <[email protected]>
Regression-due-to: 11ec478
Note: this buffer overflow will only occur if --debug=lookup is passed
to gpg and a search by fingerprint is done.
|
| |
|
|
|
|
| |
* agent/pksign.c (agent_pksign_do): Improve error handling.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
| |
--
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the
poll interface.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
times in the keyring. Instead, print a warning. When printing out
fingerprint prints, use format_hexfingerprint to format them.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
--
Signed-off-by: Daniel Hoffend <[email protected]>
GnuPG-bug-id: 2167
In Windows 8 (and later), PC/SC service only runs when reader/token is
plugged in. After its removal, it returns PCSC_E_NO_SERVICE error.
This error should be handled as no reader. This comment is by gniibe.
|
| |
|
|
|
|
| |
* tests/openpgp/gpgtar.test: Add more tests.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
it is unused if LDAP is used to search for keys.
--
This amends 6ac57a48.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/delkey.c (do_delete_key): Write ERROR status code with the error
location "delete_key.secret", when the user cancelled the operation on
Pinentry.
--
I changed the original patch to emit the full gpg_error_t code. -wk
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
responded with a '404 Not Found'.
* dirmngr/ks-engine-hkp.c (send_request): Return http status code.
(ks_hkp_search): Likewise.
(ks_hkp_{get,put}): Adapt call to 'send_request'.
* dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/ks-action.c (ks_action_search): Search all configured
keyservers for the given patterns.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1038
|
| |
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return
GPG_ERR_NOT_IMPLEMENTED.
Signed-off-by: Justus Winter <[email protected]>
GnuPG-bug-id: 1221
|
| |
|
|
|
|
|
|
|
| |
* tests/openpgp/gpgtar.test: Add test case.
* tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
gpg.
* tools/gpgtar.c (parse_arguments): We do handle the argument now.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* tests/openpgp/gpgtar.test: Test signing.
* tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
appropriate gpg arguments to implement signing and selecting the local
user.
* tools/gpgtar.c (parse_options): We do handle '--local-user' now.
(main): Handle signing, encrypting, and doing both when creating an
archive.
* tools/gpgtar.h (gpgtar_create): Update prototype.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* tools/Makefile.am: gpgtar now requires neither npth nor libassuan.
* tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool'
helper.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
* tools/gpgtar.c (main): Set default gpg program. Drop the
initialization of npth and libassuan.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/sh-exectool.c (struct copy_buffer): Add infrastructure for
copying between streams.
(copy_buffer_{init,shred,do_copy,flush}): New functions.
(sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
(nop_free): New function.
(sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
* common/sh-exectool.h (sh_exec_tool_stream): New prototype.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
|
| |
* common/Makefile.am (common_sources): Add new files.
* common/sh-exectool.h: New file.
Signed-off-by: Justus Winter <[email protected]>
|
| |
|
|
|
|
| |
* common/sh-exectool.c: New file.
Signed-off-by: Justus Winter <[email protected]>
|
| |\
| |
| |
| |
| |
| |
| | |
--
I forgot to merge the updated Japanese translation into the release
branch thus we need to fix it up here.
|
| | |
| |
| |
| | |
--
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
--
Merged with current POT - wk
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
--
Signed-off-by: Werner Koch <[email protected]>
The patch was from October 12 and thus 6 strings could not be applied
due to chnaged original strings.
|
| |/ |
|
| |
|
|
|
|
|
|
| |
* build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and
distsigkey.gpg.
(un.gnupglast): Stop dirmngr.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.
* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--
If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks. The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* g10/gpg.c (parse_tofu_policy): Add keyword "help".
(parse_tofu_db_format): Ditto.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
enabled.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
* scd/app-openopg.c (do_decipher): Fix the condition.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.
--
We don't need LAST_APP field but just keep the application context by
APP field. Since we have a reference counter, it is possible if we
can deallocate or not.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.
--
In old format with no prefix, cipher text can be trancated when it
is parsed as MPI. Recover the value adding back zeros.
Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--
I have not tested this fix but it is obvious.
Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* doc/Makefile.am (gnupg.texi): Depend on defs.inc.
--
Reported-by: Justus Winter
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* configure.ac: Append instead of prepend caller provided CFLAGS.
--
Suggested-by: Justus Winter
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
--
My statement that commit 04a6b903 changed the semantics of keydb_new
was plainly wrong. Not Neal broke it but me when I initially wrote
that function or copied it from gpgsm.
Sorry.
|
| |
|
|
|
|
|
| |
* g10/gpg.c (check_user_ids): Change error message.
* g10/delkey.c (do_delete_key): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* g10/keyserver.c (keyidlist): Clear *KLIST on error.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.c (keydb_new): Print an error message if needed. Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.
* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.
* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--
Commit 04a6b903 changed keydb_new to return an error. However the
error was not checked at most places which we fix with this patch. To
make things easier keydb_new prints an error message itself.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (parse_def_secret_key): Change error message. Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static. Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--
There are other smaller changes not described above.
This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations. It also tries to use existing strings and changes the
quoting to the most common style used in gpg.
Key specifications should in general use double quotes. Other values
should use single quotes. However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications. According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings. However,
strings which are used interactively should be properly capitalized
and end with a dot.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.
--
Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another. Remove a token.
Insert a token again. Type RET on both terminals. One of terminal
answers "Conflicting usage".
Perhaps, having NO_REUSE field was to avoid race conditions. Now,
APP can be safely deallocated by application_notify_card_reset.
Thanks to the2nd.
|
| |
|
|
|
| |
* scd/app-openpgp.c (do_decipher): More condition for AES decipher.
Handle the prefix in cipher text. Always add the prefix in result.
|
