aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Post release updatesSTABLE-BRANCH-2-2.40Werner Koch2022-12-092-1/+7
| | | | --
* Release 2.2.41gnupg-2.2.41Werner Koch2022-12-091-4/+5
|
* po: Auto updateWerner Koch2022-12-0925-0/+250
| | | | --
* po: Update German translationWerner Koch2022-12-091-51/+9
| | | | --
* scd:p15: Skip deleted records.Werner Koch2022-12-081-8/+37
| | | | | | | | | | | | * scd/app-p15.c (select_and_read_record): Special case deleted records. Support 3 byte TLVs. (read_ef_prkdf): Skip deleted records. (read_ef_pukdf): Ditto. (read_ef_cdf): Ditto. (read_ef_aodf): Ditto. -- This fixes a problem with some CardOS 5 applications.
* speedo: Support CUSTOM_SWDB builds.Werner Koch2022-12-072-14/+33
| | | | --
* speedo: Introduce the OVERRIDE_TARBALLS featureWerner Koch2022-12-061-0/+11
| | | | --
* doc: Prepare NEWSWerner Koch2022-12-062-6/+17
| | | | --
* wkd: Do not send/install/mirror expired user ids.Werner Koch2022-12-064-8/+72
| | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and revoked. * tools/wks-util.c (append_to_uidinfo_list): Add args expired and revoked. (set_expired_revoked): New. (wks_list_key): Set expired and revoked. (wks_cmd_install_key): Skip expired uids. * tools/gpg-wks-client.c (command_check): Print flags. (command_send): Ignore expired keys. (mirror_one_key): Ditto. * g10/export.c (do_export_stream): Silence warning. -- GnuPG-bug-id: 6292 Backported-from-master: 278f85d1bc6cd012b3b2e87536e50954b21d2d91
* gpgsm: Silence the "non-critical certificate policy not allowed".Werner Koch2022-12-061-2/+3
| | | | | | | * sm/certchain.c (check_cert_policy): Print non-critical policy warning only in verbose mode. (cherry picked from commit 4f1b9e3abb337470e5e4809b3a7f2df33f5a63a4)
* wkd: New option --add-revocs and some fixes.Werner Koch2022-11-304-33/+228
| | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-wks.h (opt): Add add_revocs. * tools/wks-util.c (wks_get_key): Add arg 'binary'. (wks_armor_key): New. (wks_find_add_revocs): New. (wks_cmd_install_key): Get key in binary mode and add revocations if enabled. * tools/gpg-wks-client.c (oAddRevocs): New. (opts): Add --add-revocs. (parse_arguments): Set option, (command_send): Get key in binary mode, add revocations if enabled, and explictly armor key. Remove kludge to skip the Content-type line in no_encrypt mode. (mirror_one_keys_userid): Always filter the key to get rid of the armor as received from dirmngr. Add revocations from the local keyring. -- Note that this also fixes an oddity of the new mirror command which used to store the keys armored as received from dirmngr.
* wkd: Make use of --debug extprog.Werner Koch2022-11-301-1/+20
| | | | | | | | * tools/wks-util.c (debug_gpg_invocation): New. (get_key_status_cb): Enable debug output. (wks_get_key): Show gpg invocation. (wks_list_key): Ditto. (wks_filter_uid): Ditto.
* gpg: New export-filter export-revocsWerner Koch2022-11-303-5/+129
| | | | | | | | | | | | | | * g10/options.h (EXPORT_REVOCS): New. * g10/export.c (export_select_filter): New. (struct export_filter_attic_s): Add field. (cleanup_export_globals): Cleanup. (parse_export_options): Add option "export-revocs". (parse_and_set_export_filter): Parse the select type. (do_export_revocs): New. (do_export_stream): Add a way to select things for export. -- Backported-from-master: c985b52e71a83d14099f00f80e3588bd3ad28b98
* gpg: Fix double-free in gpg --card-edit.NIIBE Yutaka2022-11-291-1/+0
| | | | | | | | * g10/card-util.c (change_name): Don't free ISONAME here. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: use iobuf_read for higher detached signing speedWerner Koch2022-11-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | * g10/sign.c (sign_file): Use iobuf_read instead of iobuf_get for reading data from detached file. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signing. Detached signing speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 3.951s after: 1.898s (2.0x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]> Backported-from-master: f8943ce098f6f193da791faf43fff823568697d9 Numbers above are given for the version in master but should be similar for here (2.2).
* g10/plaintext: do_hash: use iobuf_read for higher performanceJussi Kivilinna2022-11-291-2/+7
| | | | | | | | | | | | | | | | | | | | * g10/plaintext.c (do_hash): Use iobuf_read instead of iobuf_get for reading data; Use gcry_md_write instead of gcry_md_putc for hash data. -- This patch reduces iobuf_read per byte processing overhead and speeds up detached signature verifying. Detached verifying speed on AMD Ryzen 5800X (4.3GiB file, SHA256): gpg process user time before: 9.410s after: 1.913s (4.9x faster) GnuPG-bug-id: T5826 Signed-off-by: Jussi Kivilinna <[email protected]> (cherry picked from commit 4e27b9defc608f1fa31ca50f1ed1d5761b73b480)
* gpg: Make --require-compliance work with out --status-fdWerner Koch2022-11-281-1/+1
| | | | | | | | | * g10/mainproc.c (proc_encrypted): Set complaince_de_vs also if require-compliance is set. -- Without this fix require-compliance would fail if no --status-fd was used.
* Update NEWS for 2.2.41Werner Koch2022-11-251-0/+15
| | | | --
* w32: Fix for make check.NIIBE Yutaka2022-11-251-1/+1
| | | | | | | | | * tests/gpgsm/Makefile.am: Add $(EXEEXT). -- Fixes-commit: a27e6505daabd7ea1405244d128ad3c2ef5bb6f6 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Fix to support --enable-all-tests and variants.NIIBE Yutaka2022-11-258-11/+30
| | | | | | | | | | | | | | | | | | * tests/gpgscm/tests.scm (test::scm): Add VARIANT argument. (tests::new): Likewise. (open-log-file, report): Support VARIANT. * tests/gpgme/all-tests.scm (setup-c, setup-py): Follow the change. * tests/gpgsm/all-tests.scm (setup): Likewise. * tests/gpgsm/run-tests.scm: Likewise. * tests/migrations/all-tests.scm: Likewise. * tests/migrations/run-tests.scm: Likewise. * tests/openpgp/all-tests.scm: Likewise. * tests/openpgp/run-tests.scm: Likewise. -- Fixes-commit: 1c88104a3f00f7ca3790fbaab8f67b2b68cd6e18 Signed-off-by: NIIBE Yutaka <[email protected]>
* tests:w32: Fix for non-dot file name for Windows.NIIBE Yutaka2022-11-251-1/+1
| | | | | | | | | * tests/migrations/from-classic.scm (assert-migrated): Handle the case on Windows. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests:gpgscm:w32: Fix for GetTempPath.NIIBE Yutaka2022-11-251-0/+5
| | | | | | | | * tests/gpgscm/ffi.c (do_get_temp_path): Remove the last backslash. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Keep .log files in objdir.NIIBE Yutaka2022-11-251-1/+3
| | | | | | | | | | | | * tests/gpgscm/tests.scm (open-log-file): Keep the log file in objdir. -- Before the change, it is at ephemeral temp directory which is removed. This is not useful at all. Possibly, it was done before the introduce of ephemeral temp directory for each test and not changed. Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Use 233 for invalid value of FD.NIIBE Yutaka2022-11-251-1/+1
| | | | | | | | | | | * tests/openpgp/issue2941.scm: Use 233. -- On Windows machine (emulated by Wine), 23 may be valid value for handle. Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Exclude tests with HOME.NIIBE Yutaka2022-11-251-0/+4
| | | | | | | | | | | | * common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not defined, so, exclude the tests. -- Backport master commit of: b47a23f5fac551727d24f65765e21485ed2bb02c Signed-off-by: NIIBE Yutaka <[email protected]>
* w32: Fix for make check.NIIBE Yutaka2022-11-255-7/+14
| | | | | | | | | | | | | | | | * common/Makefile.am (module_tests): Exclude t-exechelp and t-exectool. * common/t-stringhelp.c (mygetcwd): Convert '\' to '/'. * tests/gpgme/Makefile.am: Add $(EXEEXT). * tests/migrations/Makefile.am: Likewise. * tests/openpgp/Makefile.am: Likewise. -- Backport master commit of: 39d478f5ba5d74cdd1d2e40311ff120c932bac37 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Redact --debug cardio output of a VERIFY APDU.Werner Koch2022-11-251-2/+16
| | | | | | | | | | * scd/apdu.c (pcsc_send_apdu) [DBG_CARD_IO]: Detect and redact a VERIFY. (send_apdu_ccid): Ditto. -- This should handle the most common case. GnuPG-bug-id: 5085
* gpg: Add a notation to encryption subkeys in de-vs mode.Werner Koch2022-11-251-3/+57
| | | | | | | | | | | * g10/keygen.c (struct opaque_data_usage_and_pk): Add cpl_notation. (do_add_notation): New. (keygen_add_key_flags_and_expire): Set [email protected] notation if requested. (write_keybinding): Request notation for subkeys in de-vs mode. -- GnuPG-bug-id: 6279
* scd:nks: Fix ECC signing if key not given by keygrip.Werner Koch2022-11-251-0/+2
| | | | * scd/app-nks.c (keygripstr_from_pk_file): Set r_algo if not in cache.
* agent: Allow trustlist on Windows in Unicode homedirs.Werner Koch2022-11-252-1/+32
| | | | * agent/trustlist.c (agent_marktrusted): Use gnupg_access.
* gpg: Fix trusted introducer for user-ids with only the mbox.Werner Koch2022-11-251-19/+31
| | | | | | | | * g10/trustdb.c (check_regexp): Kludge to match user-ids with only an mbox. -- (Also re-indented the function) GnuPG-bug-id: 6238
* gpg: Import stray revocation certificates.Werner Koch2022-11-253-13/+66
| | | | | | | | | | | | | | | | | | * g10/kbnode.c (new_kbnode2): New. * g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store misplaced revocations. (import_revoke_cert): Allow to pass an entire list. (import_one): Import revocations found by delete_inv_parts. -- It might be useful to distribute revocations of old keys along with new keys. This is in particicualrr useful for WKD stored keys. This patch allows to put unrelated standalone revocations into a key. For example they can simply appended to a keyblock. Right now it is a bit inaesthetic to see diagnostics about misplaced or bad revocation signatures. Backported-from-master: 7aaedfb10767c74f3e6868dd1563cbbf1282ab2f
* gpg: Make --list-packets work w/o --no-armor for plain OCB packets.Werner Koch2022-11-251-0/+1
| | | | | | | | * g10/armor.c (is_armored): Add PKT_ENCRYPTED_AEAD. -- With this fix it is now possible to feed a vanilla packet of type 20 without first forcing gpg to assume binary mode.
* gpg: New option --compatibility-flagsWerner Koch2022-11-253-1/+35
| | | | | | | | | | | * g10/gpg.c (oCompatibilityFlags): New. (opts): Add option. (compatibility_flags): New list. (main): Set flags and print help. * g10/options.h (opt): Add field compatibility_flags. -- No flags are yet defined but it is good to have the framework.
* scd:nks: Support non-ESIGN signing with the Signature Card v2Werner Koch2022-11-251-8/+20
| | | | | | | | * scd/app-nks.c (do_sign): Handle ECC for NKS cards -- Backported-from-master: 959c627892121ce9707bfa36f2510216b4f6f247 GnuPG-bug-id: 6252
* scd: Use app_get_slot at more places.Werner Koch2022-11-254-65/+84
| | | | | | -- This is helpful for backporting other changes.
* scd: Use APP_LEARN_FLAG_KEYPAIRINFO with more apps.Werner Koch2022-11-252-2/+2
| | | | | | | | * scd/app-nks.c (do_learn_status_core): Use new flag. * scd/app-sc-hsm.c (do_learn_status): Ditto. -- The flag was already backported to some apps but not to these.
* doc: Make uploading of 2.2 manuals easierWerner Koch2022-11-251-2/+2
| | | | --
* build: Update gpg-error.m4.NIIBE Yutaka2022-11-251-1/+5
| | | | | | | | * m4/gpg-error.m4: Update from libgpg-error 1.46. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd:nks: Don't flag the ESIGN keypair EF as encryption capable.Werner Koch2022-10-201-1/+1
| | | | | | | | | | | * scd/app-nks.c (filelist): Tweak 0x4531. -- Actually the certificate has no encryption usage but we should also tell that via KEYINFO so that this key is never tried to create an encryption certificate. (cherry picked from commit 3a2fb1c30633373d17880469e0b84ab2a9524585)
* scd:nks: Some code cleanup.Werner Koch2022-10-201-107/+100
| | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Factor keyref parsing out to ... (parse_keyref): new. (do_readcert): Use new function instead of partly duplicated code. Make detection of keygrip more robust. (do_readkey): Make detection of keygrip more robust. (do_with_keygrip): Use get_nks_tag. -- Also added a couple of comments. (cherry picked from commit b92b3206e72b635fd815eaf85e7acc67c2a52ffe)
* scd:nks: Support the Telesec ESIGN application.Werner Koch2022-10-201-26/+81
| | | | | | | | | | | | | | | | | * scd/app-nks.c (find_fid_by_keyref): Disable the cache for now. (readcert_from_ef): Considere an all zero certificate as not found. (do_sign): Support ECC and the ESIGN application. -- This allows me to create qualified signatures using my Telesec card. There is of course more work to do but this is the first step. Note: The design of the FID cache needs to be reconsidered. Until that the lookup here has been disabled. The do_sign code should be revamped to be similar to what we do in app-p15. GnuPG-bug-id: 5219, 4938, 6252 Backported-from-master: 07eaf006c2763a6b40d2734b1c6704da466e0ed0
* scd:nks: Return USAGE information for KEYINFO command.NIIBE Yutaka2022-10-204-25/+26
| | | | | | | | | | | | | | | | | * scd/app-nks.c (set_usage_string): New. (do_learn_status_core, do_readkey): Use set_usage_string. (do_with_keygrip): Add USAGE to call send_keyinfo, using set_usage_string. * scd/command.c (send_keyinfo): Add arg usage. -- Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 5264d3f58e8a8362900c3518bdd683ff9a23cccc GnuPG-bug-id: 6252 This backports only the NKS parts of the original patch Signed-off-by: Werner Koch <[email protected]>
* scd:nks: Handle APP_READKEY_FLAG_INFO.Werner Koch2022-10-201-52/+117
| | | | | | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error. (get_nks_tag): New. (do_learn_status_core): Use it. Make sure not to mange the KEYPAIRINFO line if no usage is known. (do_readkey): Output the KEYPAIRINFO for the keygrip case. -- Note that this only handles the most common case of providing a keygrip. $AUTHKEYID and ODLM are not yet supported. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 63320ba2f8147ee86f4406c9590f6b28cad4771d)
* scd:nks: Add support for signing plain SHA-2 digests.Ingo Klöcker2022-10-201-17/+67
| | | | | | | | | | | | * scd/app-nks.c (do_sign): Handle plain SHA-2 digests and verify encoding of ASN.1 encoded hashes. -- This makes it possible to create CSRs for NetKey card keys which are signed with SHA256 by default. GnuPG-bug-id: 5184 (cherry picked from commit 8fe976d5b9a0f2902868737dd502c749565222a6)
* scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.NIIBE Yutaka2022-10-201-0/+22
| | | | | | | | | | | * scd/app-nks.c (do_readkey): Allow KEYGRIP access. Support NKS-IDLM.XXXX keyref. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 3b392630881350baabeba16fa760bad04be94d03)
* scd:nks: Factor out pubkey retrieval from keygrip handling.NIIBE Yutaka2022-10-201-84/+72
| | | | | | | | * scd/app-nks.c (pubkey_from_pk_file): New. (keygripstr_from_pk_file): Use pubkey_from_pk_file. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d)
* scd:nks: Add support of KEYGRIP for do_readcert.NIIBE Yutaka2022-10-201-0/+18
| | | | | | | | | | * scd/app-nks.c (do_readcert): Support KEYGRIP. -- GnuPG-bug-id: 5150 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3)
* scd:nks: Factor out iteration over filelist.NIIBE Yutaka2022-10-201-78/+114
| | | | | | | | * scd/app-nks.c (iterate_over_filelist): New. (do_with_keygrip): Use iterate_over_filelist. Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 6c4365847666cefac73ccc743a99fac473da2186)
* scd:nks: Fix caching keygrip (more).NIIBE Yutaka2022-10-201-5/+7
| | | | | | | | | | | * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID. -- GnuPG-bug-id: 5150, 5161 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 87d2c579cc38c1d2787945650125fb0e0336652c Fixes-commit: 00f594e3ecb26b010e87d5491b648369e7a92408
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 10:03:12 +0000