* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.
--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.
A use case for this is to enable multiple local signatures, which
can be used together with annotations for:
GnuPG-Bug-Id: T4734
* tests/json/t-decrypt-verify.out.json: Remove check with key of
04071FB807287134.
--
GnuPG 2.3 changes how public key decryption works; It collects list of
PUBKEY_ENC packets and then processes an ENCRYPTED* packet. At the
stage of processing an ENCRYPTED* packet, it checks if private keys
can decrypt any of PUBKEY_ENC packets. It does not necessarily
examine all of PUBKEY_ENC packets. Only when it finds a PUBKEY_ENC
packet cannot be decrypted, it reports STATUS_NO_SECKEY with keyid of
that packet.
GnuPG 2.2 or older tries PUBKEY_ENC packets in order, and the first
successful PUBKEY_ENC packet is used. Rest of PUBKEY_ENC packets are
not examined, but STATUS_NO_SECKEY with keyid is reported even when
there is a valid private key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/engine-gpg.c (build_argv): Properly check for all
arguments and allocate memory for them.
--
This fixes a potential buffer overflow which could be created
by using unusual and partially contradictory options.
Like offline and auto-key-locate together while
using ignore-mdc-error.
As the list of arguments should not be user controlled the
impact of this is very low.
To ensure that this does not happen in the future an
assert is also added with this patch.
* lang/python/doc/Makefile.am (EXTRA_DIST): Remove files not
distributed like files under meta.
* Add rules to generate .rst and .texi files.
* lang/python/doc/rst: Remove .rst files to be generated.
* lang/python/doc/texinfo: Remove .texi files to be generated.
GnuPG-bug-id: 4275
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
* Connection.js: In some cases, the browser disconnect does not
happen inmediately (e.g. wrong extension for the app). I added a
delay of 25 ms to see if the connection was closed by the browser.
Also, I tried to make the checkConnection more readable.
--
* Connection.js
- Add some meaningful nativeMessaging feedback for failing
communication due to misconfiguration or other browser-originated
fails
- add an "isDisconnected" property
- "isNativeHostUnknown" tries to match browser's feedback string if
the browser does not find gpgme-json
* init.js
- initialization will now reject with a more meaningful error if the
configuration is not set up or other browser-based errors
(chrome.runtime.lastError) are present. This should speed up
the normal initialization (not having to waiting for a timeout
any more in case of improper setup)
* errors.js
- CONN_NATIVEMESSAGE: New error that passes the browser's
nativeMessaging error
- CONN_NO_CONFIG: native messaging error indicating that the
nativeMessaging host was not set up properly
* unittests.js:
- added the "isDisconnected" property to the startup tests
- added tests for proper behavior of connection checks
* lang/python/tests/Makefile.am (gpg.conf): Set a default key.
--
It seems we need to set a default key because at least t-sign.py does
not specify the key to use and we do not want to rely on the order of
keys in the keyring.
Also
Fixes-commit: f3ca2c9ce9
gpg 2.0 is end-of-life and we don't need these extra options anymore.
In fact they for the use of some gpg version and don't use the version
gpgconf knows about. This also aligns the python tests to what we use
for the C test suite.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.c (_gpgme_debug_buffer): Switch between two output
formats.
--
The new format is much more practical than the bunch of hex digits
followed by just 16 ascii chars. To get the old behaviour use a debug
level of 10.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/run-threaded.c (random_data_close): Correct FD test.
--
An invalid DS is -1 and not 0; this fix is for correctness and does
not chnage anything in the real world.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/posix-io.c (_gpgme_is_fd_valid): New out-commented function.
--
This code is sometimes useful to track down invalid file descriptors.
We keep it commented in the code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/wait.c (_gpgme_run_io_cb): Fix return code.
--
The function needs to return an gpg_error_t and not ERRNO.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/run-threaded.c (main): Handle allow-del.
(allow-del): New. Variable to allow deletion of keys.
(import): Delete key after import if allow-del is set.
(delete_impres): Delete keys from an import result.
(delete_fpr): Delete a key by fingerprint.
--
This is intended to test write access and locking of the
keyring by repeatedly importing and deleting pubkeys.
It is an option because it might cause keyring corruption
etc. so it should be explicitly enabled.
* src/debug.c (_gpgme_debug): Take better care of NULL userinfo.
(_gpgme_debug_end): Rework.
(_trace_sysres): Print ERRNO and not the supplied RES.
--
The TRACE_SYSRES patch fixes
Regression-due-to: 7a1e7006d0
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.c (_gpgme_debug): Add arg LINE. Chnage all callers.
(_gpgme_debug_begin): Remove.
* src/debug.h (TRACE_SEQ): Use the LINE arg of _gpgme_debug.
--
This includes chnages to always print fds in decimal as weel as
tweaking the TARCE_SEQ function to make use of the new machinery.
The standard 'tag' can now always be NULL and no tag information will
be printed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/debug.c (debug_lock): Remove. Also remove all users.
(_gpgme_debug): Use gpgrt_bsprintf to prepare the output and finally
print using standard fprintf. Reformat to prefix to be narrower.
--
Note that the locks are now implicitly done using the systems stdio.
The threadid is now printed with 4 digits in hex and thus without the
angle brackets and the 0x. However it is still a hex number even if it
may look like an octal number. The hex letters are uppercase to make
searching in locks easier iff the threadid happens to have a letter in
it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/cJSON.c: Include stdint.h.
(parse_number): Avoid overflob in SUBSCALE and cap integer values.
--
GnuPG-bug-id: 4330
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpg.c (append_args_from_recipients_string): Detect bad
options.
* src/engine-gpgsm.c (set_recipients_from_string): Implement option
parsing.
--
The only option we actually implement is "--" but the code layout is
now very simlar to engine-gpg and can easily be extended if ever
needed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/engine-gpgsm.c (gpgsm_encrypt): Fix argument check.
--
It is pretty obvious thar the string based new encrypt function has
never been tested for S/MIME. The fix was easy. A followup patch
will extend it to allow for keywords in the future.
GnuPG-bug-id: 4556
Fixes-commit: a1f76b3b54
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Configure new Makefiles.
* lang/python/Makefile.am: Remove dirs from extra dist and use
subdirs.
* lang/python/examples/Makefile.am, lang/python/src/Makefile.am,
lang/python/doc/Makefile.am: New. Files that list EXTRA_DIST files.
--
This is similar to what lang/js does by explicitly listing the
files. This ensures that we have clean distribution tarballs
without accidentall additions that just lay in the directory.
GnuPG-Bug-Id: T4481
* configure.ac (CFLAGS): Move -Wno flags out of the maintainer mode.
--
It makes sense to have more warnings in maintainer mode and
not more warnings in release builds.
GnuPG-Bug-Id: T4477
* src/core.py (decrypt): filter out signatures with errors from the
returned verify_result, but avoid raising BadSignatures
* tests/t-decrypt-verify.py: ensure that only a single signature is
returned when evaluating cipher-3.asc, since the other signature is
unknown.
--
This change preserves the invariant that decrypt() only ever returns
valid signatures in the verify_result, but it avoids unnecessary
errors in the face of the presence of an additional bad signature.
GnuPG-bug-id: 4276
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lang/python/tests/t-decrypt.py: test decryption of cipher-3.asc and
cipher-no-sig.asc
* lang/python/tests/t-decrypt-verify.py: test decryption and
verification of cipher-3.asc and cipher-no-sig.asc
--
note that this introduces a failed test -- decrypt-verify.py
misbehaves on cipher-3.asc by throwing a BadSignature even though
GnuPG-bug-id: 4276
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tests/gpg/cipher-3.asc: add an encrypted file containing signatures
(one from a known key, and one from an unknown key)
* tests/gpg/cipher-no-sig.asc: add an encrypted file containing no
signatures at all
--
We currently aren't using these files yet, but they should be useful
for exercising the library in unusual circumstances (where the bugs
are).
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* lang/python/tests/Makefile.am: prefer py_tests from the environment
if present.
--
I'm trying to make it nicer/quicker to hack on the testsuite for
python bindings. With this change, if you're improving the python
bindings test suite, you can selectively run only a few specific tests
like so:
lang/python$ make check py_tests='t-decrypt.py t-decrypt-verify.py'
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* src/engine-gpgsm.c [!USE_DESCRIPTOR_PASSING] (gpgsm_new): Remove
last call to _gpgme_io_set_close_notify.
--
It is called just after the code in question for all cases.
GnuPG-bug-id: 4456
Fixes-commit: dd21ec997c
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* src/w32-util.c (_gpgme_access): Respect mode parameter.
(_gpgme_create_process_utf8): Convert startupinfo, too.
--
This both did not show up in testing as we only use
mode F_OK and STARTUPINFOA is basically the same as
STARTUPINFOW.
Fixes commit: a82e3a0ae5
GnuPG-Bug-Id: T4453
* src/dirinfo.c (get_gpgconf_item): Use _gpgme_access.
* src/posix-util.c (_gpgme_access): Add forward to normal access.
* src/sys-util.h (_gpgme_access): New for posix and w32.
* src/w32-io.c (_gpgme_io_spawn): Use _gpgme_crate_process_utf8.
* src/w32-util.c (utf8_to_wchar, utf8_to_wchar0): The usual w32 conv.
(find_program_in_dir): Use _gpgme_access.
(find_program_at_standard_place): Use wchar API and convert to UTF-8.
(_gpgme_access): Convert UTF-8 to wchar and use wchar API.
(_gpgme_create_process_utf8): Convert UTF-8 to wchar and use wchar API.
--
While we should not say that we have full support for unicode path
installations of GnuPG, this ensures that GPGME works if GPGME
itself is installed in a unicode path. e.g.: Libreoffice supports
this.
GnuPG-Bug-Id: T4453
Based on a patch provided by Egor Pugin. Thanks.
* src/w32-io.c (_gpgme_io_spawn): Show MessageBox only once.
--
This prevents multiple message boxes from showing when
the GPGME installation is unworkable.
GnuPG-Bug-Id: T4453
* src/debug.c (_gpgme_debug): Use gpgrt_vasprintf instead of
vfprintf to have a more portable format.
--
This fixes crashes on Windows because "%zu" is used which
is not natively supported on Windows but which gpgrt supports.