aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Make really sure that --verify-files always returns an error.Werner Koch2020-02-101-5/+13
| | | | | | | | | | | | | | | | | * g10/verify.c (verify_files): Track the first error code. -- It seems to be possible to play tricks with packet structures so that log_error is not used for a bad input data. By actually checking the return code and let the main driver in gpg call log_error, we can fix this case. Note that using gpg --verify-files and relying solely on gpg's return code is at best a questionable strategy. It is for example impossible to tell which data has been signed. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 5681b8eaa44005afdd30211b47e5fb1a799583dd)
* common: Also protect log_inc_errorcount against counter overflow.Werner Koch2020-02-101-4/+4
| | | | | | | | | | | | | | | | * common/logging.c (log_inc_errorcount): Also protect against overflow. (log_error): Call log_inc_errorcount instead of directly bumping the counter. -- We already had an overflow checking for log_error but not for the silent increment function. This is basically the same fix we have in libgpg-error (libgpg-error commit d72c1ddfde09ffa69745ec2439c5a16d15e2202f) Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendor.Werner Koch2020-01-281-0/+1
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* card: Add new OpenPGP card vendorWerner Koch2020-01-211-0/+1
| | | | | | -- Backport from master.
* gpgconf,w32: Print a warning for a suspicious homedir.Werner Koch2020-01-172-0/+17
| | | | | | | | | * tools/gpgconf.c (list_dirs): Check whether the homedir has been taken from the registry. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
* gpg: default-key: Simply don't limit by capability.NIIBE Yutaka2020-01-161-4/+0
| | | | | | | | | | | | | * g10/getkey.c (parse_def_secret_key): Remove the check. -- Backport from master commit: 1aa2a0a46dc19e108b79dc129a3b0c5576d14671 GnuPG-bug-id: 4810 Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2020-01-151-28/+12
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Removed the footnote that OpenPGP is not used with the keyboxWerner Koch2020-01-081-5/+1
| | | | | -- GnuPG-bug-id: 4799
* Update wk's signing keyWerner Koch2020-01-011-0/+0
| | | | | | -- The expiration time of that smartcard based key has been prolonged by 2 years.
* gpg: Fix output of --with-secret if a pattern is given.Werner Koch2019-12-231-8/+25
| | | | | | | | | | | | | | * g10/keylist.c (list_one): Probe for a secret key in --with-secret mode. -- In contrast to list_all(), list_one() did not tests for a secret key and took MARK_TRUSTED verbatim as an indication for "secret key available". GnuPG-bug: 4061 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5)
* speedo: Make signing optional for w32-releaseAndre Heinecke2019-12-191-1/+3
| | | | | * build-aux/speedo.mk (AUTHENTICODE_sign): Check if certificates are available.
* speedo: Use multithreaded xz for w32 sourceAndre Heinecke2019-12-191-1/+1
| | | | * build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
* speedo: Improve and document wixlib buildAndre Heinecke2019-12-192-10/+34
| | | | | * Makefile.am (sign-release): Add handling for wixlib. * build-aux/speedo.mk: Add help-wixlib and improve handling.
* speedo, w32: Add w32-wixlib target for MSI packageAndre Heinecke2019-12-173-2/+752
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Makefile.am (EXTRA_DIST): Add wixlib.wxs * build-aux/speedo.mk (w32-wixlib): New target. (w32-release): Build wixlib if WIXPREFIX is set. (help): Add documentation. * build-aux/speedo/w32/wixlib.wxs -- This build a wixlib of the Windows binaries of GnuPG. A wixlib is a module that can be linked into another wix project to create an installer including this module. Gpg4win uses the wixlib from GnuPG for it's MSI Package. To build the wixlib you need wine with wine-mono installed and the wixtoolset. When calling speedo set the variable WIXPREFIX to the location containing the extracted toolset. e.g.: make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix (cherry picked from commit 0b7088dc8035e8d5832c89085eea3b288de67710)
* Post release updatesWerner Koch2019-12-072-1/+5
| | | | --
* Release 2.2.19gnupg-2.2.19Werner Koch2019-12-071-3/+15
|
* po: Auto-updateWerner Koch2019-12-0725-108/+1163
| | | | --
* po: Update German translationWerner Koch2019-12-071-5/+39
| | | | --
* po: Make g10/call-dirmngr.c translatable.Werner Koch2019-12-072-3/+4
| | | | | | | | * po/POTFILES.in: Add g10/call-dirmngr.c * g10/call-dirmngr.c (create_context): Change an i18n sting for easier reuse. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Tell gpg about WKD lookups resulting from a cache.Werner Koch2019-12-072-2/+8
| | | | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Print new NOTE status "wkd_cached_result". * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein verbose mode. -- This little patch is helpful to see why a WKD change still does not work after it has been updated on the server. Signed-off-by: Werner Koch <[email protected]>
* sm: Add special case for expired intermediate certificates.Werner Koch2019-12-062-17/+91
| | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct server_control_s): Add field 'current_time'. * sm/certchain.c (find_up_search_by_keyid): Detect a corner case. Also simplify by using ref-ed cert objects in place of an anyfound var. -- See the code for a description of the problem. Tested using the certs from the bug report and various command lines gpgsm --faked-system-time=XXXX --disable-crl-checks \ -ea -v --debug x509 -r 0x95599828 with XXXX being 20190230T000000 -> target cert too young with XXXX being 20190330T000000 -> okay with XXXX being 20190830T000000 -> okay, using the long term cert with XXXX being 20220330T000000 -> target cert expired The --disabled-crl-checks option is required because in our a simple test setting dirmngr does not know about the faked time. GnuPG-bug-id: 4696 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d246f317c04862cacfefc899c98da182ee2805a5)
* gpg: Use AKL for angle bracketed mail address with -r.Werner Koch2019-12-041-6/+31
| | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking. (get_best_pubkey_byname): Ditto. -- With this patch it is now possible to use gpg -e -r '<[email protected]>' and auto key locate will find the key. Without that a plain mail address; i.e. gpg -e -r '[email protected]' was required. GnuPG-bug-id: 4726 Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2019-12-031-13/+9
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix double free with anonymous recipients.Werner Koch2019-11-292-4/+11
| | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Do not release SK. -- Bug is in 2.2.18 only. The semantics of the enum_secret_keys function changed in master. When back porting this for 2.2.18 I missed this change and thus we ran into a double free. The patches fixes the regression but is it clumsy. We need to change the enum_secret_keys interface to avoid such a surprising behaviour; this needs to be done in master first. Regression-due-to: 9a317557c58d2bdcc504b70c366b77f4cac71df7 GnuPG-bug-id: 4762 Signed-off-by: Werner Koch <[email protected]>
* Post release updatesWerner Koch2019-11-252-1/+5
| | | | --
* Release 2.2.18gnupg-2.2.18Werner Koch2019-11-251-3/+3
|
* po: auto-updateWerner Koch2019-11-2526-774/+1247
| | | | --
* speedo: Tell makensis the used charset of the script.Andre Heinecke2019-11-251-1/+2
| | | | | | -- Adapted from the version in master.
* tests: Adjust for now invalid SHA-1 key signatures.Werner Koch2019-11-251-0/+1
| | | | | | | * tests/openpgp/defs.scm (create-gpghome): Add allow-weak-key-signatures. Signed-off-by: Werner Koch <[email protected]>
* po: Update German translationWerner Koch2019-11-251-31/+49
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* agent: Improve --debug-pinentry diagnosticsWerner Koch2019-11-251-19/+35
| | | | | | | | | | | | | | | * agent/call-pinentry.c (atfork_cb): Factor code out to ... (atfork_core): new. -- We convey certain envvars directly via the environment to Pinentry and thus they don't show up in the Assuan logging. Because we better don't call a logging function in an atfork handle, this patch splits the code up and uses the same code to display what was done in at fork after the connection has been established. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c8783b3a204b371d44b8953429652101cf2e4d1b)
* doc: Prepare a NEWS file for the next release.Werner Koch2019-11-241-0/+66
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc,dirmngr: Clarify --standard-resolver.Werner Koch2019-11-231-1/+2
| | | | | | | | -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit c21267e1c7aab332ebcd26f27f7f9724839a8e3a) GnuPG-bug-id: 4547
* wkd: Let --install-key write a template policy file.Werner Koch2019-11-231-0/+83
| | | | | | | | | | * tools/wks-util.c (ensure_policy_file): New. (wks_cmd_install_key): Call it. -- GnuPG-bug-id: 4753 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d)
* doc: Clarify how to use --log-file in gpg.Werner Koch2019-11-181-1/+3
| | | | | | -- Note that in 2.3 --batch is not anymore required.
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-183-7/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys [email protected] now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving '[email protected]' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Forward http redirect warnings to gpg.Werner Koch2019-11-185-1/+26
| | | | | | | | | | | | | | | | * dirmngr/http.c: Include dirmngr-status.h (http_prepare_redirect): Emit WARNING status lines for redirection problems. * dirmngr/http.h: Include fwddecl.h. (struct http_redir_info_s): Add field ctrl. * dirmngr/ks-engine-hkp.c (send_request): Set it. * dirmngr/ks-engine-http.c (ks_http_fetch): Set it. * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings. -- This should make it easier to diagnose problems with bad WKD servers. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Factor some prototypes out to dirmngr-status.h.Werner Koch2019-11-184-9/+87
| | | | | | | | | | | | | * dirmngr/dirmngr-status.h: New. * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes to that file. * dirmngr/t-support.c: New. * dirmngr/Makefile.am (t_common_src): Add new file. -- This helps to backport changes from master. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fixed typo in recently added diagnostic.Werner Koch2019-11-182-2/+2
| | | | --
* scd,ccid: Add support of GEMPC_EZIO.NIIBE Yutaka2019-11-152-5/+20
| | | | | | | | | | | * scd/ccid-driver.h (GEMPC_EZIO): New. * scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO. -- This is backport from master. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Use IPv4 or IPv6 interface only if available.Werner Koch2019-11-124-3/+119
| | | | | | | | | | | | | | | * dirmngr/dns-stuff.c (cached_inet_support): New variable. (dns_stuff_housekeeping): New. (check_inet_support): New. * dirmngr/http.c (connect_server): Use only detected interfaces. * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache. -- This currently works only for Windows but that is where users really ran into problems. The old workaround was to configure disable-ipv4 or disable-ipv6. Signed-off-by: Werner Koch <[email protected]>
* gpg: Forbid the creation of SHA-1 third-party key signatures.Werner Koch2019-11-111-7/+45
| | | | | | | | | | | | * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New. (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change callers to pass 0. (complete_sig): Add arg signhints and pass on. (make_keysig_packet, update_keysig_packet): Set signhints. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit dd18be979e138dd3712315ee390463e8ee1fe8c1)
* gpg: Add option --allow-weak-key-signatures.Werner Koch2019-11-116-4/+43
| | | | | | | | | | | | | | * g10/gpg.c (oAllowWeakKeySignatures): New. (opts): Add --allow-weak-key-signatures. (main): Set it. * g10/options.h (struct opt): Add flags.allow_weak_key_signatures. * g10/misc.c (print_sha1_keysig_rejected_note): New. * g10/sig-check.c (check_signature_over_key_or_uid): Print note and act on new option. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
* doc: Improved description of status PLAINTEXT_LENGTH.Werner Koch2019-11-071-1/+4
| | | | | | -- GnuPG-bug-id: 4741
* gpg: Fix a potential loss of key sigs during import with self-sigs-only.Werner Koch2019-11-072-7/+12
| | | | | | | | | | | | * g10/import.c (import_one_real): Don't do the final clean in the merge case. -- This fixes a regression introduced with self-sigs-only. GnuPG-bug-id: 4628 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
* po: Fix an accidentally translated keyword in zh_TW.Werner Koch2019-11-042-3/+4
| | | | | | | -- GnuPG-bug-id: 4737 Signed-off-by: Werner Koch <[email protected]>
* doc: Typo fix for gpg.texi in desc of --local-sigs.Werner Koch2019-10-171-1/+1
| | | | | | -- (Already fixed in master in January)
* gpg: Also delete key-binding signature when deleting a subkey.Werner Koch2019-10-151-16/+7
| | | | | | | | | * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion. -- GnuPG-bug-id: 4665, 4457 Fixes-commit: d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a Signed-off-by: Werner Koch <[email protected]>
* Revert "gpg: The first key should be in candidates."NIIBE Yutaka2019-10-151-8/+1
| | | | | | This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Extend --quick-gen-key for creating keys from a card.Werner Koch2019-10-152-60/+280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and support the special algo "card". (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP. Handle the "card" algo. Adjust callers. (parse_algo_usage_expire): Add arg R_KEYGRIP. (quickgen_set_para): Add arg KEYGRIP and put it into the parameter list. (quick_generate_keypair): Handle algo "card". (generate_keypair): Also handle the keygrips as returned by parse_key_parameter_string. (ask_algo): Support ed25519 from a card. -- Note that this allows to create a new OpenPGP key from an initialized OpenPGP card or from any other supported cards. It has been tested with the TCOS Netkey card. Right now a stub file for the cards might be needed; this can be achieved by running "gpgsm --learn" with the card plugged in. Example: gpg --quick-gen-key [email protected] card Signed-off-by: Werner Koch <[email protected]> Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead which required to remove the extra key version args. GnuPG-bug-id: 4681 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 16:31:40 +0000