* doc/gpgme.texi (gpgme_verify_result_t): Explain
GPGME_STATUS_NO_ERROR more clearly.
--
This might help to avoid misunderstandings how the
status can be interpreted and explains why a verify
of unsigned PGP Data returns no error.
As a reaction to CVE-2020-10759 discovered by Justin Steven.
* doc/gpgme.texi: Fixes version number from 1.8.0 to
1.9.0 for GPGME_CREATE_NOEXPIRE.
GnuPG-Bug-Id: T4922
Signed-off-by: dupgit <olivier.delhomme@free.fr>
* src/engine-gpg.c (gpg_keylist_build_options): Send --with-keygrip
if --with-secret is used.
--
Since GnuPG 2.2.19 the keygrip was not anymore send if only
--with-secret was used in a public key listing. Given that
--with-secret requires computation of the keygrip anyway, there is no
point in not requesting the keyrip in this case.
GnuPG-bug-id: 4820
* src/gpgme.h.in (struct _gpgme_user_id): Add field 'uidhash'.
* src/key.c (gpgme_key_unref): Free it.
* src/keylist.c (keylist_colon_handler): Set it.
* tests/run-keylist.c (main): Print it.
--
The uidhash value is part of gpg's output since the year 2005. This
now adds support to gpgme. The application for uidhash is to select
a user id in an edit interactor: Instead of giving the number of the
user id, the uidhash value can be be used to avoid tracking the user
id numbers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/Makefile.am: Remove uiserver.texi
* doc/gpgme.texi: Remove UI-Server mentions.
* doc/uiserver.texi: Removed.
--
This prepares the removal of UI Server from implementing
applications like Kleopatra.
The only user of the UI Server is GpgEX and even that
does not need it at all and is better served with process
calls.
GnuPG-Bug-Id: T4030
* src/context.h (gpgme_context): Add new flag for extended-edit.
* src/engine-gpg.c (append_args_from_sig_notations): Add flags to
control the kind of notations.
(gpg_edit): Respect extended-edit and notations.
(gpg_encrypt_sign, gpg_sign): Update call to
append_args_from_sig_notations.
* src/gpgme.c (gpgme_set_ctx_flag, gpgme_get_ctx_flag): Support
extended-edit.
* NEWS, doc/gpgme.texi: Mention extended-edit.
--
This provides a way to get the extended key-edit interface without
breaking bad state machines that rely on the current command flow.
A use case for this is to enable multiple local signatures, which
can be used together with annotations for:
GnuPG-Bug-Id: T4734
* src/context.h (gpgme_context): Extend with trust_model.
* src/engine-gpg.c (engine_gpg): Extend with trust_model.
(gpg_set_engine_flags): Take trust_model from context.
(build_argv): Handle trust_model.
(gpg_release): Free trust_model.
* src/gpgme.c (gpgme_set_ctx_flag): Handle trust-model flag.
(gpgme_release): Release trust-model.
* doc/gpgme.texi: Document new flag for gpgme_set_ctx_flag.
(Context Flags): New subsection for the context flags.
* tests/run-keylist.c (show_usage, main): Add new --trust-model
parameter.
--
This gives a GPGME user fine grained control over the
trust-model.
Changing the trust model for only a single application depends
on:
GnuPG-Bug-Id: T4134
Maniphest Tasks: T4134
Differential Revision: https://dev.gnupg.org/D466
* conf/: New dir.
* configure.ac (AC_CONFIG_HEADER): Move header to conf dir.
* doc/Makefile.am (mkdefsinc): Adjust rule.
* lang/python/Makefile.am (copystamp): Ditto.
--
C++ uses those stupid files without a suffix and thus the new standard
header <version> as included by newer other libc++ versions may
conflict with the VERSION file in out top directory. This change
should solve the problem.
GnuPG-bug-id: 4168
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/Makefile.am: Removed a bit I forgot about.
* Renamed lang/python/docs to lang/python/doc bvecause apparently
automake cares about that too.
* Decided to be extra explicit in the manifest because if I don't then
all sorts of things get deleted ... like lang/python
* Tested on an external linux system just in case my osx workstation
introduces too much weirdness.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* doc/Makefile.am: removed the python howto from this file, restoring
it to just the main project and the newer .js files.
* deleted: doc/gpgme-python-howto.texi
* renamed the Short_History.org file to short-history.org to keep the
naming conventions similar.
* All the Python files can (and should) live together.
* Changed the order of python versions the configure/make process
checks for, placing Python 3.7 ahead of 3.6.
* Updated the HOWTO documentation to reflect this change.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Tightened up the docs a little bit, updated the "what's new"
section, dropped the "-draft" version in preparation for GPGME
1.12.0's release.
* Exported another .texi version (and updated the draft copies to this
commit (which ought to be 1.11.1-beta313).
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Sometimes you really do need or want punctuation in a heading, but
ideally without something else generating whitespace and other
annoyances to go with it.
* Trying a real decimal point instead.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Woumd up the "what's new" section.
* Added an example for sending a key to the keyservers via hkp4py.
* Updated the export key code to use a more complete check for the
$GNUPGHOME location.
* Expanded on the installation and reinstallation troubleshooting
section.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added a What's New section to summarise changes since the last
release. There have been quite a few and some attention does need
to be drawn to some of them.
* Confirming certain issues with some platform builds, especially
BSD/OSX vs. Linux issues which will need to update the installation
troubleshooting guides.
* Added more comprehensive examples using hkp4py and added a couple
more example scripts for protonmail.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Mostly tightening up the details on the hkp4py example script.
* Also fixed a typo in the LGPL boiler plate text included in all the
other example scripts for the HOWTO.
* added a new example script to search the keyservers and import the
results, this time using Marcel Fest's hkp4py module.
* Updated the key importing section to match this addition.
* Tested with the current version of hkp4py from github.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Confirmed that updates to the tests have significant'y improved that
output.
* Updated some of the additional notes for the section on hkp4py.
** This is in anticipation adding at least import examples using that
module as well. It may also include adding examples of exporting a
key and uploading it to the keyservers.
Tested-by: Ben McGinnes <ben@adversary.org>
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Added some material on using the new-ish hkp4py module with GPGME.
* Example code will be added later once a couple of little issues are
addressed.
Signed-off-by: Ben McGinnes <ben@adversary.org>
* Sanitized the shell command examples of extraneous whitespace.
* Removed keycount.c as sanitising it is pointless and it will be
generated by Cython when the example is followed.
* Regenerated the .texi version.
* Added new advanced section with an example of using the Python
bindings with CPython code compiled back to C code using Cython.
* Though it may seem a bit counter-intuitive to use the bindings just
to go back to C via a different route, this is not actually stupid.
* Added examples/howto/advanced/cython/ directory.
* Added keycount.pyx, setup.py and the keycount.c file which the first
two generated with Cython. Not including the .so and .o files from
the build.
* Exported the .texi version of the howto for the main docs.
* lang/python/docs/gpgme-python-howto.org: more tweaks and edits,
along with another build of output formats.
* doc/gpgme-python-howto.texi: updated texinfo version for parent docs.
* lang/python/docs/GPGMEpythonHOWTOen.org: Added corresponding GPGME
version number to table at the start and cut the shortcut from the
groups.py example.
* doc/gpgme-python-howto.texi: New export of Texinfo file for docs
build.
* gpgme.spec.in: Added gpgme-python-howto.info build on the grounds
that it now deals with certain possible installation issues and end
users encountering them would want the docs to hand.
* doc/gpgme.texi: updated the copyright year to this year.
* Added doc/gpgme-python-howto.texi: generated from
GPGMEpythonHOWTOen.org and then slightly modified so the generated
Info file doesn't use camelCase.
* doc/Makefile.am: Updated makefile to include the Python HOWTO with
gpgme_TEXINFOS and to export the generated files to the webserver
along with the main GPGME one.
This adds a new language binding "gpgme.js" to GPGME. It
serves as a bridge between the native-messaging service "gpgme-json"
and JavaScript Applications.
The first user of this binding will be Mailvelope which will
see GnuPG integration in the near future.
GnuPG-Bug-Id: T4107
* doc/examples/gpgme-chrome.json, doc/examples/gpgme-mozilla.json: New.
* doc/Makefile.am (EXTRA_DIST): Include them.
--
The id contained in the examples is the ID of Mailvelope.
* src/gpgme.h.in (gpgme_data_new_from_estream): New.
* src/data-estream.c: New.
* src/data.h (gpgme_data): New union member e_stream.
--
The estream functions (gpgrt_fopen et al.) are any waypart of the
required libgpg-error library and thus it makes sense to provide this
convenience interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpgme.texi (GPGME_KEYLIST_MODE_EXTERN),
(GPGME_KEYLIST_MODE_LOCATE, GPGME_KEYLIST_MODE_LOCAL): Mention
command line flags for CMS and OpenPGP Protocol.
--
This might help new users coming to gnupg to understand what
the flags do.
* src/engine-gpg.c (engine_gpg): Add diagnostics member.
(gpg_release): Release diagnostics data.
(gpg_new): Set up logger-fd and diagnostics.
(gpg_getauditlog): New. Copy diagnostics to a user data.
(engine_ops): Add getauditlog.
* src/engine-gpgsm.c (gpgsm_getauditlog): Return not implemented
for GPGME_AUDITLOG_DIAG.
* src/getauditlog.c (getauditlog_start): Don't reset engine
for diagnostics.
* src/gpgme.h.in (GPGME_AUDITLOG_DIAG): New.
(GPGME_AUDITLOG_DEFAULT): New alias to 0.
* tests/run-decrypt.c (show_usage, main): Add --diagnostics.
* doc/gpgme.texi(Additional Logs): Document getauditlog.
--
This enables users of GPGME to get more verbose information
from gpg which can assist users in figuring out a problem
that was before hidden behind a generalized error like
"Decryption Failed".
For GPGSM it is not yet available as it is problematic to
get it properly in server mode and GPGSM already had the
original audit log mechanism in place.
GPGME_AUDITLOG_DEFAULT was added for a more explicit
documentation.
* src/gpgme.h.in (_gpgme_op_decrypt_result): Add flag
legacy_cipher_nomdc.
* src/decrypt.c (parse_status_error): Set this flag.
* tests/run-decrypt.c (print_result): print it.
(main): Print the result even on error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* src/decrypt.c (struct op_data_t): Add field not_integrity_protected.
(parse_decryption_info): Set this. Also rename mode to aead_algo for
clarity.
(_gpgme_decrypt_status_handler): Force failure in case of a missing
MDC.
--
This extra check makes sure that a missing or stripped MDC in
- gpg < 2.1
- or gpg 2.2 with an old cipher algorithm
will lead to a decryption failure. gpg 2.3 will always fail in this
case. Implementing this check here and not backporting the 2.3 change
to 2.2 has the benefit that all GPGME using applications are protected
but scripts relying on rfc2440 (i.e. without MDC) will only break when
migrating to 2.3.
Note that S/MIME has no integrity protection mechanism but gpgsm
neither emits a DECRYPTION_INFO status line, so an error will not be
triggered. If in the future gpgsm supports authenticated encryption
it may issue a DECRYPTION_INFO line to force a failure here but it
will in that case also emit a DECRYPTION_FAILED anyway.
GnuPG-bug-id: 3981
Signed-off-by: Werner Koch <wk@gnupg.org>
