aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Update NEWSWerner Koch2025-05-061-2/+19
| | | | --
* gpgsm: Always print info about certs-only message.Werner Koch2025-05-062-5/+6
| | | | | | | | | | | * sm/verify.c (gpgsm_verify): Always print info that a certs-only message has been processed. -- Prior to this patch the message was only printed if no data file has been given. Reported-by: Albrecht Dreß
* gpg: Fix another regression due to the T7547 fix.Werner Koch2025-05-021-3/+5
| | | | | | | | | | | | | * g10/getkey.c (get_pubkey_for_sig): Keep a requested PUBKEY_USAGE_CERT. (finish_lookup): For correctness in future use cases allow PUBKEY_USAGE_CERT to also trigger verify mode. -- The case here was that a cert-only primary key was removed with export-clean. GnuPG-bug-id: 7583
* common: Fix logic for certain recsel conditions.Werner Koch2025-04-302-4/+9
| | | | | | | | | | | | | | | * common/recsel.c (recsel_select): Change processing of NULL values. * common/t-recsel.c (run_test_2): Adjust for this change. Also a type fix for s/"letter"/"letters"/. -- The getval function may return NULL which indicates that there is no useful value available. For example because the propertyname is not defined for some external context (e.g. in gpg the packet type). This also required to fix the test for boolean tests of a non existing property name. Reported-by: shniubobo at gnupg-users on 2025-04-18.
* gpg: Add debug flag "recsel".Werner Koch2025-04-306-0/+29
| | | | | | | | | | | | * g10/gpg.c: Include recsel.h. (debug_flags): New flag "recsel". (set_debug): Set it. * g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New. * g10/import.c (impex_filter_getval): Add debug diagnostics. * g10/keylist.c (parse_and_set_list_filter): Dump the record filter. * common/recsel.c (recsel_debug): New variable. (recsel_set_debug): New function. (recsel_select): Add debug output if requested.
* doc: Register DCO for Collin FunkWerner Koch2025-04-301-0/+3
| | | | --
* Fix access to the bintoasc mapping in the libksba support.Collin Funk2025-04-301-1/+1
| | | | | | | | | | | | | * common/ksba-io-support.c (has_only_base64): Use memchr since calling strchr on a non-NUL terminated string is undefined behavior. -- Signed-off-by: Collin Funk <[email protected]> This patch has been stripped from Colin's original patch because this is not just about a warning but an actual bug. That bug was introduced in 2003 by me. - wk
* gpg: New command --quick-tsign-key.Werner Koch2025-04-295-18/+183
| | | | | | | | | | | * g10/gpg.c (aQuickTSignKey): New. (opts): Add new command. (main): Parse args for it. * g10/keyedit.c: Include mbox-util.h. (parse_trustsig_string): New. (sign_uids): Add arg trustsig for use in quick mode. (keyedit_quick_sign): Also add arg trustsig and print a diagnostic on error.
* gpg: Make the internal sign_uids function easier to read.Werner Koch2025-04-292-48/+65
| | | | | | | | | * g10/keyedit.c (SIGN_UIDS_LOCAL): New. (SIGN_UIDS_NONREVOCABLE): New. (SIGN_UIDS_TRUSTSIG): New. (SIGN_UIDS_INTERACTIVE): New. (SIGN_UIDS_QUICK): New. (sign_uids): Replace several boolean args by flags arg.
* gpg: New list options "show-trustsig"Werner Koch2025-04-295-0/+71
| | | | | | | * g10/options.h (LIST_SHOW_TRUSTSIG): New. * g10/gpg.c (parse_list_options): Add "show-trustsig". * g10/keylist.c (parse_trust_name): New. (list_signature_print): Print trust signature info.
* doc: Add missing whitespace gnupg7 manpage.Andreas Metzler2025-04-241-1/+1
| | | | --
* scd:p15: Accept P15 cards with a zero-length label.Werner Koch2025-04-241-2/+11
| | | | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label. -- Some versions of the CardOS personalisation software seem to store a missing labels as zero-length object instead of not storing the object at all. Due to a lack of such a card this patch has not been tested.
* gpgscm: Fix initialization for fixed size chars.NIIBE Yutaka2025-04-223-207/+207
| | | | | | | | | | | | | | * tests/gpgscm/opdefines.h: Change the order of arguments. * tests/gpgscm/scheme-private.h (_OP_DEF): OP comes first, and use variadic args for the macro. * tests/gpgscm/scheme.c (_OP_DEF): Likewise. (TST_*): Use integers. (check_arguments): Follow the change of TST_LIST. -- GnuPG-bug-id: 7623 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgscm: Fix for CHARNAMES.NIIBE Yutaka2025-04-221-1/+1
| | | | | | | | | | * tests/gpgscm/scheme.c (charnames): It's an array of strings, not fixed size characters. -- GnuPG-bug-id: 7623 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Show also stuff from the Registry emulation.Werner Koch2025-04-091-6/+84
| | | | | | * tools/gpgconf.c (my_read_reg_string): New. Use it for the registry listing stuff. (show_registry_entries_from_file): Use also on Unix.
* dirmngr: Fix libdns with 127.0.0.1.NIIBE Yutaka2025-04-071-6/+6
| | | | | | | | | | | * dirmngr/dns.c (dns_so_check): Ifdef-out Linux specific code. Remove retrying udp_connect_retry when ECONNREFUSED. -- Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93 GnuPG-bug-id: 4021 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New key generation parameter "User-Id".Werner Koch2025-04-042-5/+8
| | | | * g10/keygen.c (read_parameter_file): Add keyword "User-Id".
* keyboxd: Searching UpperCaseAddress.NIIBE Yutaka2025-03-261-10/+28
| | | | | | | | | | * kbx/backend-sqlite.c (run_select_statement): Convert with ascii_strlwr when the mode is KEYDB_SEARCH_MODE_MAIL. -- GnuPG-bug-id: 7576 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Update NEWSWerner Koch2025-03-252-0/+20
| | | | --
* gpgsm: Simplify the expiration check.Werner Koch2025-03-181-18/+8
| | | | | * sm/certlist.c (gpgsm_add_to_certlist): Remove the on-demand setting of the current time.
* gpgsm: Fix error message if all selected certificates are expired.Ramón García2025-03-181-17/+28
| | | | | | | | | | | | | | | | | * sm/certlist.c (gpgsm_add_to_certlist): Track expired error. Make the expired check easier to read by using if and case. -- Original ChangeLog: If all selected certificates are expired, don't mislead the user saying that no certificate was found. Instead, return the error of the first certificate selected. * sm/certlist.c: if one expired certificate was found, don't return no certificate found, return instead the expiration error I heavily changed Ramon's original patch and hope that I don't introduced a regression to his patch. - [email protected]
* gpgsm: Avoid increasing error count when enumerating an expired cert.Ramón García2025-03-183-30/+42
| | | | | | | | | | | * sm/certchain.c (check_validity_period_cm): Add arg no_log_expired to avoid bumping of the error counter due to the do_list function. * sm/certlist.c (gpgsm_add_to_certlist): Set no_log_expired when checking the expiration. -- I modified the original patch to make the patch smaller and the code easier to read. - [email protected]
* gpgsm: When selecting certs also skip certificates too young.Ramón García2025-03-181-1/+2
| | | | | * sm/certlist.c (gpgsm_add_to_certlist): Also check for not yet valid certs.
* gpgsm: select unexpired certificates skipping expired onesRamón García2025-03-183-11/+55
| | | | | | | | | | | | | | | | * sm/certchain.c (check_validity_period_cm): Make function global. * sm/certlist.c (gpgsm_add_to_certlist): If an expired certificate is found, continue looking for another one. -- This enables the user to select a certificate by subject, and keep old expired certificates in the store in case he wishes to decrypt or verify an old file. This makes renewal of certificate smoother. Due to a broken patch I had to massage the patch and while doing this also fixed the indentation and moved a declaration to the begin of a block. - [email protected]
* doc: Register DCO for Ramon García F.Werner Koch2025-03-181-0/+3
| | | | --
* gpgsm: Extend --learn-card by an optional s/n argument.Werner Koch2025-03-179-39/+99
| | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Allow for s/n argument. * agent/learncard.c (agent_handle_learn): Ditto. * agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd. * scd/command.c (cmd_switchcard): Factor most code out to ... (switchcard_core): new. (cmd_learn): Add option --demand to specify a s/n. * sm/gpgsm.c (main): Allow a s/n argument for --learn-card. -- This help Kleopatra to get a stable certificate listing. GnuPG-bug-id: 7379
* gpgconf: Fix reload and kill of keyboxd.Werner Koch2025-03-171-4/+4
| | | | | | | | * tools/gpgconf-comp.c (keyboxd_runtime_change): Fix order of args. -- Fixes-commit: acaeba2dbdb9bbd68a823c671d5c3577fef5d26d GnuPG-bug-id: 7569
* scd,w32: Fix posssible lockup due to lost select results.Werner Koch2025-03-141-2/+5
| | | | | | | | | | | | | | | | * scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop when an event was encountered. -- Here the event handle is passed to npth_eselect so that this function can detect the event and reset the event. There is no need to consume this information here. However, npth_select might also got a ready file descriptor along with the event and by doing a "continue" we would miss the ready state of the file descriptor. The fix is to do nothing here, similar to what we do in gpg-agent. Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12 GnuPG-bug-id: 2982
* doc: Minor updatesWerner Koch2025-03-143-3/+14
| | | | --
* gpg: Fix double free of internal data.Werner Koch2025-03-131-1/+2
| | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Do not free in no-sig-cache mode if allocated by caller. -- GnuPG-bug-id: 7547 Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
* common: Add a flag for left anchored substring match to recsel.Werner Koch2025-03-123-6/+38
| | | | | | | | | | | | | * common/recsel.c (struct recsel_expr_s): Add field lefta. (recsel_parse_expr): Parse it. (recsel_select): Implement selection. -- This flags makes it for example easy to select keys last updated from an ldap server: gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \ -k --with-key-origin
* Update autogen.sh from upstream to version 2025-03-10Werner Koch2025-03-101-8/+7
| | | | --
* card: Add command "ll"Werner Koch2025-03-101-10/+20
| | | | | | | | | | | | * tools/gpg-card.c (cmd_list): Add optional ar use_opt_cards. (enum cmdids): Add cmdLISTCARDS. (cmds): New command "ll". (interactive_loop): Ditto. -- Using "l --cards" is a command required very often thus it makes sense to have an alias for it. ll also allows to switch the card without showing the long listing.
* Post release updatesWerner Koch2025-03-072-1/+5
| | | | --
* Release 2.5.5gnupg-2.5.5Werner Koch2025-03-071-2/+9
|
* po: msgmergeWerner Koch2025-03-0726-0/+121
| | | | --
* po: Update German translationWerner Koch2025-03-071-1/+5
| | | | --
* Typo fix and add missing prototype.Werner Koch2025-03-072-1/+2
| | | | --
* build: Update Libassuan M4 macrosWerner Koch2025-03-071-2/+2
| | | | | -- GnuPG-bug-id: 7541
* gpg: Fix regression for the recent malicious subkey DoS fix.Werner Koch2025-03-062-19/+34
| | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_VERIFY): New. * g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested usage. (finish_lookup): Introduce a verify_mode. -- Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158 GnuPG-bug-id: 7547
* dirmngr: Use the same thread init strategy as gpg-agent et al.Werner Koch2025-03-061-29/+42
| | | | | | | | | | * dirmngr/dirmngr.c (initialize_modules): New. (thread_init): Run npth_init only once. Re-init Libassuan and Libgcrypt syscall clamps. Replace all calls by calls to initialize_modules. -- GnuPG-bug-id: 6606
* w32: On socket nonce mismatch close the socket.Werner Koch2025-03-054-11/+19
| | | | | | | | | | | | | | | | | * agent/gpg-agent.c (start_connection_thread_std): Close socket on nonce mismatch. (start_connection_thread_extra): Ditto. (start_connection_thread_browser): Ditto. (start_connection_thread_ssh): Ditto. * dirmngr/dirmngr.c (start_connection_thread): Ditto. * kbx/keyboxd.c (start_connection_thread): Ditto. -- Usually Libassuan takes care of closing the socket but because we do the nonce check before setting up Assuan we need to explicit close it. GnuPG-bug-id: 7434
* Log the Windows system error code at more places.Werner Koch2025-03-057-17/+43
| | | | | | | | | | | | | | | * common/asshelp.c (log_libassuan_system_error): New. * agent/gpg-agent.c (create_server_socket): Use new log function. (handle_connections): Log system error code for a failed accept. * dirmngr/dirmngr.c (handle_connections): Ditto. * kbx/keyboxd.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. * tpm2d/tpm2daemon.c (handle_connections): Ditto. * dirmngr/dirmngr.c (main): Log system error code for a failed bin. * kbx/keyboxd.c (create_server_socket): Ditto. * scd/scdaemon.c (create_server_socket): Ditto. * tpm2d/tpm2daemon.c (create_server_socket): Ditto.
* tools: Add envvar GPG_AUTHCODE_SIGN_MODE to disable signing.Werner Koch2025-02-241-0/+4
| | | | * tools/gpg-authcode-sign.sh: Check envvar for value "disable".
* dirmngr: Prepare for new command KS_DEL.Werner Koch2025-02-214-0/+95
| | | | | | | | | * dirmngr/server.c (cmd_ks_del): New. * dirmngr/ks-action.c (ks_action_del): New. * dirmngr/ks-engine-ldap.c (ks_ldap_del): New stub. -- GnuPG-bug-id: 5447
* dirmngr: Factor a common command parsing code out.Werner Koch2025-02-211-51/+51
| | | | | | * dirmngr/server.c (percentplus_line_to_strlist): New. Code taken from cmd_ks_get. (cmd_ks_search, cmd_ks_get): Use it here.
* build: Update autogen.sh to the current version.Werner Koch2025-02-211-6/+31
| | | | | | -- This is a general maintenance update
* speedo: Do not build gpgme anymore.Werner Koch2025-02-214-56/+4
| | | | | | | | | | | * build-aux/speedo.mk: Remove support gpgme. * build-aux/speedo/w32/inst.nsi: Ditto. * build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components. -- GPGME is either already availabale on Unix platforms or can be installed on Widnows with gpg4win. GnuPG itself does not require gpgme.
* gpg: Fix a verification DoS due to a malicious subkey in the keyring.Werner Koch2025-02-217-86/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey): Factor code out to ... (get_pubkey_bykid): new. Add feature to return the keyblock. (get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock. Request a signing usage. (get_pubkeyblock_for_sig): Remove. (finish_lookup): Improve debug output. * g10/sig-check.c (check_signature): Add arg r_keyblock and pass it down. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Use the keyblock returned by do_check_sig to show further information instead of looking it up again with get_pubkeyblock_for_sig. Also re-check the signature after the import of an included keyblock. -- The problem here is that it is possible to import a key from someone who added a signature subkey from another public key and thus inhibits that a good signature good be verified. Such a malicious key signature subkey must have been created w/o the mandatory backsig which bind a signature subkey to its primary key. For encryption subkeys this is not an issue because the existence of a decryption private key is all you need to decrypt something and then it does not matter if the public subkey or its binding signature has been put below another primary key; in fact we do the latter for ADSKs. GnuPG-bug-id: 7527
* gpg: Remove a signature check function wrapper.Werner Koch2025-02-203-31/+14
| | | | | | * g10/sig-check.c (check_signature2): Rename to (check_signature): this and remove the old wrapper. Adjust all callers.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 19:15:37 +0000