aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tests: Fix plain invocation of "make check".NIIBE Yutaka2022-05-021-1/+2
| | | | | | | | | * tests/openpgp/run-tests.scm: Check if *args* is null or not. -- Fixes-commit: ba2f2085a95be47a06ac6ba75a4c7def7c6599b2 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Add a test for Ed25519 keys for non-protected secret.NIIBE Yutaka2022-05-021-0/+69
| | | | | | | | | * tests/openpgp/issue5120.scm: New. -- GnuPG-bug-id: 5120, 5953 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Fix a race condition which results no status report.NIIBE Yutaka2022-04-273-11/+25
| | | | | | | | | | | | | | * kbx/keyboxd.h (kbxd_status_printf): New. * kbx/backend-support.c (be_return_pubkey): Use kbxd_status_printf. * kbx/kbxserver.c (kbxd_status_printf): New. * kbxd_start_command_handler (kbxd_start_command_handler): Don't use set_assuan_context_func, because the function pointer is shared by multiple threads. -- GnuPG-bug-id: 5948 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Look up user ID to revoke by UID hashIngo Klöcker2022-04-262-31/+93
| | | | | | | | | | | | | | * g10/keyedit.c (find_userid_by_namehash, find_userid): New. (keyedit_quick_revuid): Use find_userid() instead of iterating over the nodes of the keyblock. * tests/openpgp/quick-key-manipulation.scm: Add test for revoking a user ID specified by its hash. -- This makes it possible to specify the user ID to revoke as UID hash when calling --quick-revoke-uid. GnuPG-bug-id: 5936
* tests: Avoid auto-removal when test fails.NIIBE Yutaka2022-04-262-1/+4
| | | | | | | | | | | * tests/gpgscm/init.scm (*exit-status*): New. (exit): Set *exit-status*. * tests/gpgscm/tests.scm (mkdtemp-autoremove): Check exit-status and only remove the directory if not zero. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Support single invocation with variant.NIIBE Yutaka2022-04-261-4/+26
| | | | | | | | * tests/openpgp/run-tests.scm: Add GPGSCM_TEST_VARIANT support. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for C90 compiler.NIIBE Yutaka2022-04-261-1/+2
| | | | | | | | * dirmngr/dirmngr.c (main): Declaration before a statement. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Let make check-all work again.NIIBE Yutaka2022-04-261-0/+1
| | | | | | | | * Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_BUILD_ROOT. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use module_tests for testing agent/.NIIBE Yutaka2022-04-262-2/+4
| | | | | | | | | * agent/Makefile.am (module_test): New. * agent/all-tests.scm: Use module_tests instead of TESTS. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Skip testsing g13 when it's not enabled.NIIBE Yutaka2022-04-261-7/+20
| | | | | | | | * g13/all-tests.scm: Skip the test by examining $objdir/Makefile. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Fix check-all for tests/openpgp.NIIBE Yutaka2022-04-262-3/+2
| | | | | | | | | | * tests/openpgp/Makefile.am: Revert the change by DISABLE_REGEXP. * tests/openpgp/all-tests.scm: Likewise. -- Fixes-commit: ba247a114c75a84473c11c1484013b09fbb9bcd1 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-04-252-1/+8
| | | | --
* Release 2.3.6gnupg-2.3.6Werner Koch2022-04-251-1/+15
|
* po: Auto updateWerner Koch2022-04-2524-464/+573
| | | | --
* po: Fixed two fuzzies in the Japanese translationWerner Koch2022-04-251-23/+26
| | | | --
* po: Update German translationWerner Koch2022-04-251-36/+30
| | | | --
* gpg: Avoid NULL ptr access due to corrupted packets.Werner Koch2022-04-251-6/+13
| | | | | | | | | * g10/parse-packet.c (parse_signature): Do not create an opaque MPI with NULL and length > 0 (parse_key): Ditto. -- GnuPG-bug-id: 5940, 5946
* sm: Use gpg_err_code() instead of -1Todd Zullinger2022-04-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1' comparison. -- In ed6ebb696e (sm: Implement initial support for keyboxd., 2020-09-10), the return of keydb_search() was changed to use gpg_err_code(). Adjust gpgsm_verify() to use it. This provides a nicer error message to users when a certificate is not found -- the same error that is seen from 2.2. Prior to this change, when a cert was not found, gpgsm output: gpgsm: failed to find the certificate: Not found as opposed to the more human-readable message from 2.2: gpgsm: certificate not found They now return the same message. Signed-off-by: Todd Zullinger <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-254-7/+11
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* gpg: Emit an ERROR status as hint for a bad passphrase.Werner Koch2022-04-251-8/+20
| | | | | | | | | | | | | | * g10/mainproc.c (proc_symkey_enc): Issue new error code. (proc_encrypted): Ditto. -- This allows GPGME to return a better error message than "bad session key" to the user. Technically we could get run into these errors also in other cases but this more unlikley. For the command line use we don't do anything to not change the expected output of the command line interface. GnuPG-bug-id: 5943
* common:iobuf: Exclude cases with IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.NIIBE Yutaka2022-04-251-4/+7
| | | | | | | | | | * common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP. (iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP. -- GnuPG-bug-id: 5941 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Fix hard-coded constant for RSA auth.NIIBE Yutaka2022-04-251-3/+9
| | | | | | | | | | | | * scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096. -- OpenPGPcard specification says that it will be rejected by the card when it's larger. We have been the check on host side too, but it was written when it only had a support for RSA-2048. Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Fix line end in error messageIngo Klöcker2022-04-221-1/+1
| | | | | | | | | * g10/keyedit.c (menu_adduid): Move linefeed character to the format string. -- This fixes a literal '\n' in the error message and a missing line feed after the error message.
* agent: Not writing password into file.NIIBE Yutaka2022-04-221-35/+20
| | | | | | | | | | * agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke pattern check program. -- GnuPG-bug-id: 5917 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Don't inhibit SSH authentication for larger data if it can.NIIBE Yutaka2022-04-221-0/+5
| | | | | | | | | * scd/app-openpgp.c (do_auth): Use command chaining if available. -- GnuPG-bug-id: 5935 Signed-off-by: NIIBE Yutaka <[email protected]>
* Post release updatesWerner Koch2022-04-212-1/+7
| | | | --
* Release 2.3.5gnupg-2.3.5Werner Koch2022-04-211-1/+127
|
* po: Auto updateWerner Koch2022-04-2126-945/+1486
| | | | --
* speedo: Fix authenticode signingWerner Koch2022-04-211-0/+29
| | | | --
* dirmngr: Fix MakefileWerner Koch2022-04-211-1/+1
| | | | | -- Fixes-commit: 89dc9f1e6916ebd123852534b8cada2fc3555688
* po: Update Simplified Chinese Translation.NIIBE Yutaka2022-04-211-20/+17
| | | | | | | -- Reviewed-by: NIIBE Yutaka <[email protected]> Signed-off-by: bobwxc <[email protected]>
* po: Update German translationWerner Koch2022-04-201-1/+5
| | | | --
* dirmngr: Changes to the linking order.Werner Koch2022-04-201-11/+15
| | | | | | * dirmngr/Makefile.am: Tweak library order. -- (cherry picked from commit 3c79ff34c417bfc392008eca1970b86bec54d6c3)
* build: Fix makedist target in m4.Werner Koch2022-04-201-2/+3
| | | | --
* w32: Do no use Registry item DefaultLogFile for the main tools.Werner Koch2022-04-204-4/+6
| | | | | | | | | | | | | | | | * g10/gpg.c (main): Set LOG_NO_REGISTRY. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (main): Ditto. * tools/gpgconf.c (main): Ditto. (show_other_registry_entries): Print "DefaultLogFile". -- The intention of this mostly forgotten registry entry was to allow for easy debugging of the tools. However, with the global config file common.conf things are anyway better. We disable the use for the commonly used tools so that it does not look like calling gpg on the command line seems to block with no output if the log server (e.g. tcp://1.2.3.4:11111) is not reachable.
* gpg: Replace an assert by a log_fatal.Werner Koch2022-04-141-3/+6
| | | | | | * g10/build-packet.c (do_signature): Use log_fatal. -- GnuPG-bug-id: 5809
* ssh: Returned faked response for the new session-bind extension.Werner Koch2022-04-141-0/+14
| | | | | | | | | | | | | | | | * agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New. (SSH_OPT_CONSTRAIN_EXTENSION): New. (ssh_handler_add_identity): Ignore them. (ssh_handler_extension): Take success for session-bind. -- OpenSSH 8.9 does not gracefully allow communication with older agent implementations. Until this new OpenSSH feature has been settled we return a faked response. Code has not yet been tested. GnuPG-bug-id: 5931
* scd: Renamed a constant in ccid-driver.cWerner Koch2022-04-141-3/+3
| | | | | | | * scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE. -- Just for documentation reasons.
* scd: Minor code reorganizationWerner Koch2022-04-141-16/+22
| | | | | * scd/ccid-driver.c: Move struct defines to the top. --
* scd: Fix memory leak in ccid-driver.Werner Koch2022-04-141-9/+9
| | | | | | | | | | | * scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count. -- Due to an assignment out of bounds this might lead to a crash if there are more than 15 readers. In any case it fixes a memory leak. Kudos to the friendly auditor who found that bug. Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
* tests: Fix warning in common/t-ssh-utils.cWerner Koch2022-04-141-1/+0
| | | | | | | | * common/t-ssh-utils.c (main): Remove continue. -- Obvious c+p bug. Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
* agent: Ignore MD5 Fingerprints for ssh keysJakub Jelen2022-04-141-2/+4
| | | | | | | | -- * agent/command-ssh.c (add_control_entry): Ignore failure of the MD5 digest Signed-off-by: Jakub Jelen <[email protected]>
* tests: Fix common/t-ssh-utils.NIIBE Yutaka2022-04-141-6/+10
| | | | | | | | * common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Honor FIPS modeJakub Jelen2022-04-141-11/+47
| | | | | | | | | | * common/t-ssh-utils.c (FLAGS_NOFIPS): New. (sample_keys): Add flags member. (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints first and expect the MD5 ones will fail. -- Signed-off-by: Jakub Jelen <[email protected]>
* scd:p15: Improve the PIN prompt for Genua cards.Werner Koch2022-04-131-4/+26
| | | | | | | * scd/app-p15.c (CARD_PRODUCT_GENUA): New. (cardproduct2str): Add it. (read_p15_info): Detect and set GENUA (make_pin_prompt): Take holder string from the AODF.
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-117-23/+122
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* scd: Support for GeNUA cards.Werner Koch2022-04-111-1/+10
| | | | | * scd/app-p15.c (read_p15_info): Disable extended mode for Genua cards.
* doc: Typo fix in commentWerner Koch2022-04-081-1/+1
| | | | --
* tpm: Fix recently introduced syntax errorWerner Koch2022-04-081-2/+2
| | | | | | -- Fixes-commit: 18eff31496a34156d58d757a2a110bcfde6c9908
* gpg: Remove restrictions for the name part of a user-id.Werner Koch2022-04-081-7/+0
| | | | | | | | | | | | * g10/keygen.c (ask_user_id): Allow for the name to start with a digit. Allow names shorter than 5. -- The reason for this change is that we don't enforce these constraints in the --quick-gen-key interface. I added the constraints right in the beginning of gnupg to make sure that we have a uniform style for user-ids. However, this is all problematic with non-Latin names and we prefer to use mail addresses anyway.