aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpgconf: Fix argv overflow if --homedir is used.Werner Koch2021-03-261-1/+2
| | | | | | | | | | | | | | | | * tools/gpgconf-comp.c (gc_component_launch): Fix crash due to too small array. -- GnuPG-bug-id: 5366 Depending on the stack layout this could have led to zeroing out the PID variable if --homedir was used and thus under Windows to a leaked handle. However, gpgconf is a short running process and thus no really harm. Co-authored-by: [email protected] Signed-off-by: Werner Koch <[email protected]>
* gpg: New option --force-sign-keyWerner Koch2021-03-114-13/+32
| | | | | | | | | | * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key". (main): Set it. * g10/options.h (opt): New flag flags.force_sign_key. * g10/keyedit.c (sign_uids): Use new flag. -- GnuPG-bug-id: 4584
* sm: Do away with the locked flag in keydb.cWerner Koch2021-03-021-21/+15
| | | | | | | | | | | | | | | | | | | | * sm/keydb.c (struct keydb_handle): Remove field locked. (keydb_lock): Remove use of locked flag. (lock_all): Ditto. (unlock_all): Ditto. (keydb_set_flags): Use dotlock_is_locked instead of the locked flag. (keydb_insert_cert): Ditto. (keydb_delete): Ditto. (keydb_search): s/keydb_lock/lock_all/. (keydb_set_cert_flags): Ditto. (keydb_clear_some_cert_flags): Ditto. * sm/keydb.c (maybe_create_keybox): s/access/gnupg_access/. -- We already keep the lock state in the dotlock module so it does not make sense to add and sync another one here. Instead we use a new dotlock function to test whether we are locked.
* common: New function dotlock_is_locked.Werner Koch2021-03-022-4/+19
| | | | | | | | | | | | | * common/dotlock.c (dotlock_is_locked): New. (dotlock_take): Set locked flag also in disabled mode. No more warning if the lock has already been taken. (dotlock_release): Clear locked flag also in disabled mode. No more warning if the lock has not been taken. -- This allow to use dotlock_take and dotlock_release even if they have already been called. Before this changes this worked too but a diagnostic was printed.
* sm: Lock kbx files also before a search.Werner Koch2021-03-021-1/+6
| | | | | | | | | | * sm/keydb.c (keydb_search): Lock files. -- This is required for Windows to avoid update locks. We use it also on Unix so that the locking behaviour is more or less indentical. GnuPG-bug-id: 4505
* sm: On Windows close the kbx files at several places.Werner Koch2021-03-026-1/+56
| | | | | | | | | | | | | | | | * kbx/keybox-search.c (keybox_search_reset) [W32]: Always close. * kbx/keybox-init.c (keybox_close_all_files): New. * sm/keydb.c (keydb_close_all_files): New. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Call new function. (gpgsm_dirmngr_lookup): Ditto. (gpgsm_dirmngr_run_command): Ditto. -- We need to make sure that there are no open files on Windows. Thus we close them at several strategic locations. GnuPG-bug-id: 4505
* sm: Remove unused function.Werner Koch2021-03-024-52/+0
| | | | | * sm/keydb.c (keydb_insert_cert): Remove. * kbx/keybox-update.c (keybox_update_cert): Remove stub.
* gpg: Keep temp files when opening images via xdg-openNicolas Fella via Gnupg-devel2021-03-011-1/+5
| | | | | | | | | | | | | * g10/photoid.c (get_default_photo_command): Change parameter for xdg-open. -- xdg-open spawns the user's preferred image viewer and then exits. Therefore we must not remove the temp file when it exits, otherwise by the time the actual image viewer is started the file doesn't exist any more. Signed-off-by: Nicolas Fella <[email protected]>
* sm: Silence some other pkcs#12 import prattleWerner Koch2021-03-011-2/+3
| | | | | | * sm/minip12.c (parse_bag_data): Print a regular log_info only in verbose mode. --
* doc: Explain how Tor is detected.Werner Koch2021-02-241-1/+4
| | | | --
* sm: Silence some output on --quietWerner Koch2021-02-245-6/+28
| | | | | | | | | | | | * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet. * sm/gpgsm.c: Include minip12.h. (set_debug): Call p12_set_verbosity. * sm/import.c (parse_p12): Dump keygrip only in debug mode. * sm/minip12.c (opt_verbose, p12_set_verbosity): New. (parse_bag_encrypted_data): Print info messages only in verbose mode. -- GnuPG-bug-id: 4757
* scd: Change parameters of readkey fucntion pointer.Werner Koch2021-02-194-7/+10
| | | | | | * scd/app-common.h (APP_READKEY_FLAG_ADVANCED): New. (struct app_ctx_s): Replace param advanced by flags in readkey. Change all users.
* scd: Pass ctrl parameter to more app functions.Werner Koch2021-02-197-39/+63
| | | | | | | | * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to function pointers for readkey, setattr, sign, auth, decipher, and check_pin. -- This is a yet another patch to allow for easier backporting.
* scd: Detect Yubikey and provide nicer display-s/n.Werner Koch2021-02-193-11/+182
| | | | | | | | | * scd/app-common.h (struct app_ctx_s): Rename unused field card_version to cardversion. * scd/app.c (app_new_register): Add code rom 2.3 to detect the Yubikey and set cardversion. (app_get_dispserialno): New. * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
* scd: Change the apptype from a string to an enum.Werner Koch2021-02-198-26/+108
| | | | | | | | | | | | | | | | | | * scd/app-common.h (cardtype_t): New. (apptype_t): New. (struct app_ctx_s): Change type of field apptype. Add fields appversion and cardtype. Adjust all app-*.c for the new type. * scd/app.c (supported_app_list): New. (strapptype): New. (apptype_from_name): New. (app_dump_state): Use strapptype. (app_write_learn_status): Ditto. (app_getattr): Ditto. (check_conflict): Use apptype_from_name and integer comparison. * scd/app-openpgp.c: Replace app->card_version by app->appversion. -- This is another patch to make backporting from 2.3 easier.
* scd: Add some compatibility code for easier backporting.Werner Koch2021-02-1912-11/+39
| | | | | | | | | | | | | | | | | | | | | | | * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New. (APP_READKEY_FLAG_INFO): New. (APP_LEARN_FLAG_KEYPAIRINFO): New. (APP_LEARN_FLAG_MULTI): New. (struct app_ctx_s): New forward declaration. (struct app_ctx_s): Add members prep_reselect, reselect, and with_keygrip. (KEYGRIP_ACTION_SEND_DATA): New. (KEYGRIP_ACTION_WRITE_STATUS): New. (KEYGRIP_ACTION_LOOKUP): New. (APP_CARD): New macro. * scd/scdaemon.h: Include app-common.h and remove from all other files. (app_t): Move typedef to ... * scd/app-common.h: here. -- These changes will make it easier to backport changes from 2.3 to 2.2. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.Werner Koch2021-02-174-21/+32
| | | | | | | | | | | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds extension. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with hostname - which is NULL and thus the same if not given. Fix minor error in error code handling. -- Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet been officially regisetered. Thus for correctness the OID can be used: 1.3.6.1.4.1.11591.2.5 LDAP URL extensions 1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user) Note that the value must be 1; all other values won't enable AD authentication and are resevered for future use.
* dirmngr: Rewrite a weird function by straighter code.Werner Koch2021-02-171-15/+5
| | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_uri_p): Use ascii-memcasecmp. -- Note that the first test on ldaps or ldaps in the original code did not worked at all so that the Mixed Case part took over there. Signed-off-by: Werner Koch <[email protected]>
* common: Fix compiler warningWerner Koch2021-02-171-1/+1
| | | | --
* doc: Remove man page for symcryptrun.Werner Koch2021-02-092-123/+1
| | | | | | | | | | -- The tool has no more configure option to build it and thus the man page does not make sense. We keep the actual file for reference, though. GnuPG-bug-id: 5290
* po: Update Simplified Chinese Translation.bobwxc2021-02-091-199/+130
| | | | | | -- Signed-off-by: bobwxc <[email protected]>
* Include the library version in the compliance checks.Werner Koch2021-01-286-17/+69
| | | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_gcrypt_is_compliant): New. (gnupg_rng_is_compliant): Also check library version. * g10/mainproc.c (proc_encrypted): Use new function. (check_sig_and_print): Ditto. * sm/decrypt.c (gpgsm_decrypt): Ditto. * sm/encrypt.c (gpgsm_encrypt): Ditto. * sm/verify.c (gpgsm_verify): Ditto -- This will eventually allow us to declare Libgcrypt 1.9 to be de-vs compliant. GnuPG can use this information then for its own checks. As of now GnuPG tests the version of the used library but that is a bit cumbersome to maintain. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f)
* gpg: Fix ugly error message for an unknown symkey algorithm.Werner Koch2021-01-271-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown algorithm. -- Trying to encrypt data created with printf "\x8c\x49\x05\x0e\x0a\x03\x01" fails in version 2.2.19 with gpg: packet(3) with unknown version 5 but with later versions with gpg: encrypted with unknown algorithm 14 gpg: Ohhhh jeeee: ... this is a bug \ ([...]/passphrase.c:433:passphrase_to_dek) so we better catch this case earlier. Reported-by: Tavis Ormandy Signed-off-by: Werner Koch <[email protected]>
* po: Update Japanese Translation.NIIBE Yutaka2021-01-121-14/+9
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2021-01-112-1/+5
| | | | --
* Release 2.2.27gnupg-2.2.27Werner Koch2021-01-111-2/+2
|
* Update copyright notices.Werner Koch2021-01-115-9/+22
| | | | --
* po: Auto updatesWerner Koch2021-01-1126-117/+108
| | | | --
* gpg,w32: Fix gnupg_remove.Werner Koch2021-01-113-1/+132
| | | | | | | | | | | | | | | | | | | | | | | | * common/sysutils.c (map_w32_to_errno): New. (gnupg_w32_set_errno): New. (gnupg_remove) [w32]: Set ERRNO -- To support Unicode gnupg_remove was changed to use DeleteFileW and not properly tested because the code was alreadt used in Windows CE. However, ERRNO was not set and thus Dirmngr failed due to if (!gnupg_remove (fname)) log_info (_("removed stale te[...] file '%s'\n"), fname); else if (errno != ENOENT) { err = gpg_error_from_syserror (); log_error (_("problem remov[...] file '%s': %s\n"), fname, gpg_strerror (err)); goto leave; } GnuPG-bug-id: 5230 (cherry picked from commit b6967d31912912ad3c0a2ff6bf6eb9822a194562)
* speedo: Do not enable build timestamps.Werner Koch2021-01-081-2/+1
| | | | --
* gpg: Fix --gpgconf-list case with no conf files at all.Werner Koch2021-01-081-58/+7
| | | | | | | | | | | | | | * g10/gpg.c (get_default_configname): Remove unused function. (main): Provide a proper filename to gpgconf_list. -- With the new option pasrer we used "UNKOWN" in this case. The problem was that gpgconf --list-options chekcs that an absolute file is provided and thus bails out if no config file is in /etc/gnupg or in ~/.gnupg/. get_default_configname was not anymore in use because its function is part of the new option parser.
* gpgconf: Fix description of two new options.Werner Koch2021-01-071-2/+2
| | | | | | | | * tools/gpgconf-comp.c: Fix auto-key-import and include-key-block. -- GnuPG-bug-id: 5221 Fixes-commit: 95b42278cafe7520d87168fb993ba715699e6bb6
* wkd: Minor permission fix for created files.Werner Koch2020-12-301-2/+2
| | | | | | | | | | | | * tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file. (ensure_policy_file): No need to make the policy file group writable. -- The policy file is rarely changed thus no need to g+w. Setting +x on a plain file does not make sense at all. GnuPG-bug-id: 5214 (cherry picked from commit c008e8d20e12c8845403ad7dad499f6a196ecc6a)
* gpg: Initialize a variable even in a never used code path.Werner Koch2020-12-231-0/+2
| | | | | | | | | | * g10/sign.c (write_signature_packets): Init ERR. -- Actually we could also remove the conditional or replace it by a log_assert. GnuPG-bug-id: 5204
* Post release updatesWerner Koch2020-12-212-1/+5
| | | | --
* Release 2.2.26gnupg-2.2.26Werner Koch2020-12-212-2/+27
|
* common: Remove superfluous debug output from dotlock.c.Werner Koch2020-12-211-2/+0
| | | | | | | | | | * common/dotlock.c (dotlock_create_unix): Remove debug output. -- This was left over from developement about 10 years ago. Exhibits itself when using sshfs. GnuPG-bug-id: 5193
* po: Auto-mergeWerner Koch2020-12-2126-3361/+3010
| | | | --
* po: Update German translationWerner Koch2020-12-211-13/+30
| | | | --
* build: Remove the code to build symcryptrunWerner Koch2020-12-213-16/+3
| | | | | | | -- syncryptrun is too ancient to be of any use and has not been tested in many years. Thus we should not allow to build it.
* doc: Explain LDAP keyserver parametersWerner Koch2020-12-211-1/+20
|
* common: Fix the "ignore" meta command in argparse.cWerner Koch2020-12-213-36/+122
| | | | | | | | | | | | | | | | * src/argparse.c (gnupg_argparse): Factor some code out to ... (prepare_arg_return): new. (gnupg_argparse): No missing arg error in ignore sections. * common/sysutils.c: Include pwd.h. (gnupg_getusername): New. -- Options in an [ignore] section do not anymore lead to an error if an argument is missing. However, if the option is also in a force section the error is thrown. This is a port of the fix from libgpg-error. Also fixes the username fixme.
* gpg: Fix --trusted-key with fingerprint arg.Werner Koch2020-12-181-1/+2
| | | | | | | | | * g10/trustdb.c (tdb_register_trusted_key): Take care of that other constant. -- Fixes-commit: 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Do not block threads in LDAP keyserver calls.Werner Koch2020-12-181-6/+38
| | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c: Wrap some ldap calls. -- The former gpgkeys_ldap module has once been ported to dirmngr but unfortunately the dirmngr_ldap wrapper has not been used so that we have internal LDAP calls with these problems: - No usable timeouts. - On non-Windows platforms a lot of extra libs and possibly even a second copy of Libgcrypt is pulled in. - Only one threads runs at a time. This patch mitigates the last point. Signed-off-by: Werner Koch <[email protected]>
* Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2Werner Koch2020-12-1825-1397/+2529
|\ | | | | | | --
| * dirmngr: Fix backport of the new option parser from 2.3wk/stable-2.2-global-optionsWerner Koch2020-12-181-0/+5
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce gpgconf-dirmngr.conf. -- Fixes-commit: a028f24136a062f55408a5fec84c6d31201b2143
| * Backport of the new option parser from 2.3Werner Koch2020-12-0425-1402/+2529
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define. * common/argparse.c, common/argparse.h: Rewrite. * tests/gpgscm/main.c: Switch to the new option parser. * g10/gpg.c: Switch to the new option parser and enable a global conf file. * g10/gpgv.c: Ditto. * agent/gpg-agent.c: Ditto. * agent/preset-passphrase.c: Ditto. * agent/protect-tool.c: Ditto. * scd/scdaemon.c: Ditto. * dirmngr/dirmngr.c: Ditto. * dirmngr/dirmngr_ldap.c: Ditto * dirmngr/dirmngr-client.c: Ditto. * kbx/kbxutil.c: Ditto. * tools/gpg-card.c: Ditto. * tools/gpg-check-pattern.c: Ditto. * tools/gpg-connect-agent.c: Ditto. * tools/gpg-pair-tool.c: Ditto. * tools/gpg-wks-client.c: Ditto. * tools/gpg-wks-server.c: Ditto. * tools/gpgconf.c: Ditto. * tools/gpgsplit.c: Ditto. * tools/gpgtar.c: Ditto. * g13/g13.c: Ditto. * g13/g13-syshelp.c: Ditto. Do not force verbose mode. * sm/gpgsm.c: Ditto. Add option --no-options. -- This is backport from master commit cdbe10b762f38449b86da69076209324b0c99982 commit ba463128ce65a0f347643f7246a8e097c5be19f1 commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6 commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237 commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59 but without changing all functions names to gpgrt. Instead we use wrapper functions which, when building against old Libgpg-error versions, are implemented in argparse.c using code from the current libgpg-error. This allows to keep the dependency requirement at libgpg-error 1.27 to support older distributions. Tested builds against 1.27 and 1.40-beta. Note that g13-syshelp does not anymore default to --verbose because that can now be enabled in /etc/gnupg/g13-syshelp.conf. GnuPG-bug-id: 4788 Signed-off-by: Werner Koch <[email protected]>
* | gpg: New AKL method "ntds"Werner Koch2020-12-178-6/+90
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new support for KEYDB_SEARCH_MODE_MAIL. (ks_ldap_get): Add a debug. * g10/options.h (AKL_NTDS): New. * g10/keyserver.c (keyserver_import_ntds): New. (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL. * g10/getkey.c (parse_auto_key_locate): Support "ntds". (get_pubkey_byname): Ditto.
* | dirmngr: Support "ldap:///" for the current AD user.Werner Koch2020-12-173-16/+55
| | | | | | | | | | | | * dirmngr/http.h (struct parsed_uri_s): Add field ad_current. * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
* | dirmngr: Allow LDAP searches via fingerprint.Werner Koch2020-12-171-22/+40
| | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg serverinfo and allow searching by fingerprint. (ks_ldap_get, ks_ldap_search): First connect then create teh filter. -- With the new schema we can finally search by fingerprint.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 22:39:31 +0000