| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
* kbx/backend-sqlite.c (run_select_statement): Convert with
ascii_strlwr when the mode is KEYDB_SEARCH_MODE_MAIL.
--
GnuPG-bug-id: 7576
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label.
--
Some versions of the CardOS personalisation software seem to store a
missing labels as zero-length object instead of not storing the object
at all.
Due to a lack of such a card this patch has not been tested.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop
when an event was encountered.
--
Here the event handle is passed to npth_eselect so that this function
can detect the event and reset the event. There is no need to consume
this information here. However, npth_select might also got a ready
file descriptor along with the event and by doing a "continue" we
would miss the ready state of the file descriptor. The fix is to do
nothing here, similar to what we do in gpg-agent.
Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12
GnuPG-bug-id: 2982
(cherry picked from commit a7ec3792c5d1891180265c946bc021cd8a205e54)
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (keyboxd_runtime_change): Fix order of args.
--
Fixes-commit: acaeba2dbdb9bbd68a823c671d5c3577fef5d26d
GnuPG-bug-id: 7569
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): Fix condition. Continue the loop when
failure.
--
Fixes-commit: 6022f10da39e512b5b3fed3869fd6579d954090c
GnuPG-bug-id: 7309, 7457
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--
Fixes-commit: da0164efc7f32013bc24d97b9afa9f8d67c318bb
GnuPG-bug-id: 7547
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
Backported-from-master: 48978ccb4e20866472ef18436a32744350a65158
|
| |
|
|
|
|
| |
* g10/sig-check.c (check_signature2): Rename to
(check_signature): this and remove the old wrapper. Adjust all
callers.
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* doc/Makefile.am: Ship gnupg.7.html with other html, not with
manpages.
--
Without this change, gnupg.7.html gets placed in /usr/share/manh/
Since it can't be correctly rendered by groff, this is undesirable.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/getkey.c (get_keyblock_byfpr_fast): Add arg primary_only and
implement.
* g10/import.c (import_one_real): Simplify filling the fpr buffer with
zeroes.
(import_one_real): Find key only by primary fingerprint.
--
This should have been done early: When looking up the original
keyblock we want to update, we need to lookup it up only using the
primary key. This avoids to find a key which has the primary key also
has a subkey.
GnuPG-bug-id: 7527
|
| |
|
|
|
|
|
|
| |
* g10/keygen.c (adjust_algo_for_ecdh_ecdsa): New.
(parse_algo_usage_expire): Adjust key algo.
--
GnuPG-bug-id: 7506
|
| |
|
|
|
|
|
|
| |
* g10/keygen.c (card_write_key_to_backup_file): Fix error handing by
removing the RC variable. Add warning note.
--
GnuPG-bug-id: 2169
|
| |
|
|
|
|
|
|
| |
--
(proofread by the debian-l10n-french team)
Changed original patch to use positional arguments for
"un hachage de %1$u bits n'est pa[...]" and at two other places.
|
| |
|
|
|
|
|
| |
* build-aux/speedo/w32/inst.nsi: Remove the doc dir.
--
GnuPG-bug-id: 7452
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.
--
GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <[email protected]>
Also avoid clearing the error by the S code of a failed mpi_print of
R.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--
Experience on Windows showed that right after re-booting we may need
some more time to get things up.
|
| |
|
|
|
|
|
|
| |
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--
GnuPG-bug-id: 7425
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
* tools/gpgconf.c (query_swdb): Parse the new minver tag.
|
| |
|
|
|
|
|
|
| |
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.
--
Note that this requires nPth 1.8
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
attached message.
--
We can't use message/rfc822 if we encrypt this message as a simple PGP
file.
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* scd/app.c (send_card_and_app_list): Avoid locking recursively.
--
Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app.c (send_card_and_app_list): Lock the CARD.
--
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
--
This replaces our long standing wedding style prompt to something more
straight.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (validate_keys): Use log_info instead of log_error for
not found or expired UTKs.
--
Actually the not-found case used log_error for decades. The
semantically simialr expired case did thus the same. The actual
problem is for example in the import case where gpg exits with a
failure despite that a key validation was requested.
GnuPG-bug-id: 7351
|
| |
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.
--
Reported on the mailing list. The change does not seem to have a big
regression risk, thus applied. See below for the mail
# ------------------------ >8 ------------------------
https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
|
| |
|
|
|
|
|
|
| |
* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
options.
--
GnuPG-bug-id: 7313
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_algo): List the card key only when it's valid.
--
GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity. Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--
Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
|
| |
|
|
|
|
|
|
| |
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.
* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--
If tarball was created with
tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.
GnuPG-bug-id: 7380
The second patch avoid a wrong exist status status line due to the use
of log_error. But the actual cause needs stuill needs tobe
investigated.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app.c: Include <unistd.h>.
--
Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--
The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.
GnuPG-bug-id: 7298
(cherry picked from commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823)
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.
--
GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 71840b57f48680b7555451a29026d9c6de4fe2bc)
|
| |
|
|
| |
--
|
