| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_pubkey_info): Reverse the condition.
--
This mistakes were introduced when replacing by estream.
It resulted 'gpg --card-status' from a process with no controlling
terminal fails.
Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
* g10/keylist.c (list_keyblock_simple): New.
(list_keyblock): Call it.
(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
mode.
--
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49)
* g10/keylist.c (list_keyblock_simple): Remove optional arg from
mailbox_from_userid
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
expression needs a space before the value.
(install_key_from_spec_file): Replace es_getline by es_read_line and
remove debug output.
--
A value of starting with '<' was considered an invalid operator due to
our tokenization method.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 0c36ec241d285545f286069843de4f663cd274a3)
|
| |
|
|
|
|
|
|
|
|
| |
* tools/wks-util.c (install_key_from_spec_file): New.
(wks_cmd_install_key): Call it.
* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
* tools/gpg-wks-server.c (main): Ditto.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit ba46a359b9d6549b74ec8401ea39bad434d87564)
|
| |
|
|
|
|
|
|
| |
* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
if needed.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
(opts): Add "--install-key", "--remove-key" and "-C".
(parse_arguments): Parse them.
(main): Check that the given directory exists. Implement the new
commands.
--
These commands maybe useful to prepare a WKD directory on a non-Unix
box using the standard wks client.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 602b1909632925d5a2e0778c102d66109795c627)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (write_to_file): Move to ...
* tools/wks-util.c: here.
* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
* tools/wks-util.c (wks_compute_hu_fname): here.
* tools/gpg-wks-server.c (fname_from_userid): Move to ...
* tools/wks-util.c (wks_fname_from_userid): here.
* tools/gpg-wks-server.c (command_install_key): Move to ...
* tools/wks-util.c (wks_cmd_install_key): here and change caller.
* tools/gpg-wks-server.c (command_remove_key): Move to ...
* tools/wks-util.c (wks_cmd_remove_key): here and change callers.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 99094c992c20dd22971beb3527cfda109cd1df89)
|
| |
|
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--
Signed-off-by: Jussi Kivilinna <[email protected]>
(cherry picked from commit 73e74de0e33bbb76300f96a4174024779047df06)
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--
Signed-off-by: Jussi Kivilinna <[email protected]>
(cherry picked from commit 654e353d9b20f10fa275e7ae10cc50480654f079)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
remove duplicated checks.
--
In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.
If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.
Signed-off-by: Jussi Kivilinna <[email protected]>
(cherry picked from commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c)
|
| |
|
|
|
|
|
| |
* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--
With this change a http query will not follow a redirect unless the
Location header gives the same host. If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144)
|
| |
|
|
|
|
| |
--
(cherry picked from commit e5c3a6999a374813134a9e68744444c25c3017f6)
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 4251
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.
--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.
GnuPG-Bug-Id: T3967
Differential Revision: https://dev.gnupg.org/D469
Signed-off-by: Andre Heinecke <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
| |
* g10/card-util.c (print_keygrip): Use tty_fprintf.
--
Reported-by: Joey Pabalinas <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(main): Change aSupported to take several domains in --with-colons
mode.
(command_send): Factor policy getting code out to ...
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
--
In addition to this the --create command now also supports a
submission address only in the policy file. That means the
submission-address file is not anymore required and can be replaced by
the policy file.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c)
|
| |
|
|
|
|
|
|
|
|
|
| |
* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
--disable-w32-qt option.
--
This option is obsolete since GPGME 1.7 (in 2016)
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit d7323bb2d957fbeb8192c0ecbd99b1d14d302912)
|
| |
|
|
|
|
|
| |
--
We don't want to do a release of gpgme right now, so we include just
this minimal but important fix.
|
| |
|
|
|
|
|
| |
* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 0a7f446c189201ca6e527af08b44da756b343209)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New. Copied from mime-maker.c.
(capitalize_header_name): Remove. Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--
This is a straightforward change with two minor chnages:
- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.
my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f03928b16c4fb00077d22d8ec141575ef6d26913)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--
This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb. This also requires that
the tofu trust model is requested on the command line. If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,
GnuPG-bug-id: 4134
(cherry picked from commit 150a33df41944d764621f037038683f3d605aa3f)
|
| |
|
|
|
|
| |
--
(cherry picked from commit 3c2ffd27f36dfe77005aa01005145904761d8743)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--
If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388)
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--
Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit a3a5a2451924640588e5ecc03a1d4ba6a6ba94a5)
|
| |
|
|
|
| |
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit b83fed64f8051279a8f36e024c1f12f7f13c4716)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--
Note that a policy file is meanwhile required and thus is is useful to
create it.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit f248416bc9792e80bb0785302058131de49d7639)
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--
GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 2b57a8159cdc3b212a4efc68787b40cafcd91ebe)
|
| |
|
|
|
|
|
|
|
| |
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--
GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit bafcf7095159493a656382997f8b0d0bb11a20e8)
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_genkey): Initialize 'value'.
--
GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 2bdc4b6ed97770ed15ec6c5afa02c2e44568a3bc)
|
| |
|
|
|
|
|
|
|
|
| |
* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--
GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 7385e1babf6eef586c79ad23f8e541aaf608c4e5)
|
| |
|
|
|
|
|
|
|
| |
* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.
GnuPG-bug-id: 4220
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 378719f25fe00d46393541f4a4f79e04484c3000)
|
| |
|
|
|
|
|
|
| |
* sm/gpgsm.c (main): Fix error message.
--
GnuPG-bug-id: 4219
(cherry picked from commit 793fd8d876777c24c4d5072301fa530333d6e1d9)
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (parse_ldapserver_file): Only print info
for ENOENT.
--
It is very common that there is no ldapserver file. In that
case users are confused by an error printed at dirmngr startup.
|
| |
|
|
|
|
|
|
|
|
| |
* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
(inq_certificate): Distinguish unsupported inquiry error.
--
When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
previously resulted in an error.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--
We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter. The general idea is that service
providers may use their own canonicalization rules. The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we. So consider this to be an experiment.
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit 256a280c51f9ea862e4bfb0bb530c2a96f9088f9)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/sig-check.c (check_signature_end_simple):
--
Obviously we should not ignore a back signature here.
Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <[email protected]>
(cherry picked from commit b6275f3bda8edff34274c5b921508567f491ab9c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
--
Cherry-picked from master commit of:
78f542e1f4495195db2e668f9cd41657fb1afc77
We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".
GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
--
Cherry-pick from master commit of:
50b02dba2060a8969da47b18d9c0ecdccbd30db4
When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF. Using fcntl, which is considered
lighter than fstat, it works fine. Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.
Reported-by: Marcin Gryszkalis <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (block_filter): Use iobuf_get_noeof.
--
Cherry-pick from master commit of:
f80346f42df4bdc7d0a9741c3922129aceae4f81
When singed integer has negative value, left shift computation is
undefined in C.
GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.
--
Cherry-pick from master commit of:
adce73b86fd49d5bbb8884231a26cc7533d400e2
Actually, initialize_module_call_pinentry is only called once from
main. So, this bug had no harm and having the static variable
INITIALIZED is not needed.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (read_block): Call free_packet to skip the packet.
--
Cherry-pick of master commit of:
7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e
Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.
--
Cherry-pick of master commit of:
625ced6e672daa892d334323cce6b3d42a6f929f
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
