aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* gpg: Improve verbose output during import.Werner Koch2018-06-071-13/+32
| | | | | | | | | * g10/import.c (chk_self_sigs): Print the subkeyid in addition to the keyid. (delete_inv_parts): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20)
* agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.Werner Koch2018-06-061-7/+7
| | | | | | | | | | | | | | | | * agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list with the standard list. -- Although the function agent_copy_startup_env is newer than session_env_list_stdenvnames the latter was not used. When DBUS_SESSION_BUS_ADDRESS was added to the latter it was forgotten to add it to the former as well. Having all stdnames here seems to be the Right Thing (tm) to do. GnuPG-bug-id: 3947 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 7ffc1ac7dd95d4cc1897a4c36d5cd628741c12f2)
* doc: Typo fixesWerner Koch2018-06-063-4/+4
| | | | | | | | -- Reported-by: Claus Assmann <[email protected]> Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 70f26e4263364f4b521c7856c38ba7ee59e38445)
* gpg: Also detect a plaintext packet before an encrypted packet.Werner Koch2018-06-061-0/+12
| | | | | | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Print warning and later force an error. -- Note that when this error is triggered the plaintext from the literal data packet has already been outputted before the BEGIN_DECRYPTION status line. We fail only later to get more information. Callers need to check and act upon the decryption error code anyway. Thanks to Marcus for pointing out this case. GnuPG-bug-id: 4000 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 344b548dc71657d0285d93f78f17a2663b5e586f)
* gpg: New command --show-keys.Werner Koch2018-06-063-2/+28
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c (aShowKeys): New const. (opts): New command --show-keys. (main): Implement command. * g10/import.c (import_keys_internal): Don't print stats in show-only mode. (import_one): Be silent in show-only mode. -- Using --import --import-options show-only to look at a key is too cumbersome. Provide this shortcut and also remove some diagnostic cruft in this case. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 257661d6ae0ca376df758c38fabab2316d10e3a9)
* po: Fix Swedish and Turkish translations.NIIBE Yutaka2018-06-052-3/+3
| | | | | | | | -- (cherry picked from commit 61b1508281cda47b65c2bbd99cdef67fd6855c7c) Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Fix Danish translation.NIIBE Yutaka2018-06-051-1/+1
| | | | | | | | | | -- (cherry picked from commit 49bbbd9dc5e1d4809e508ff4ab32fa238588917d) Debian-bug-id: 898552 Reported-by: Jonas Smedegaard <[email protected]> Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: Print a hint on how to decrypt a non-mdc message anyway.Werner Koch2018-05-311-2/+19
| | | | | | | | * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o MDC. Also print a dedicated status error code Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 874e391665405fc413a69f2ffacdb94bb08da7ff)
* gpg: Detect multiple literal plaintext packets more reliable.Werner Koch2018-05-311-2/+15
| | | | | | | | | * g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN. -- GnuPG-bug-id: 4000 Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 97183b5c0fae05fcda942caa7df14ee6a133d846)
* gpg: Remove MDC optionsWerner Koch2018-05-315-77/+28
| | | | | | | | | | | | | | | | | | | | * g10/gpg.c: Turn options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. * g10/cipher.c (write_header): Include extra hint and make translatable. * g10/options.h (struct opt): Remove fields force_mdc and disable_mdc. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. This is a stripped down version of commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709 which could not directly be applied due to the AEAD mechanisms there. Signed-off-by: Werner Koch <[email protected]>
* gpg: Hard fail on a missing MDC even for legacy algorithms.Werner Koch2018-05-313-12/+11
| | | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to allow testing with the current files. -- Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f) Resolved Conflicts: g10/mainproc.c - Remove AEAD stuff.
* gpg: Turn --no-mdc-warn into a NOP.Werner Koch2018-05-315-10/+3
| | | | | | | | | | | | | | | | * g10/gpg.c (oNoMDCWarn): Remove. (opts): Make --no-mdc-warn a NOP. (main): Don't set var. * g10/options.h (struct opt): Remove 'no_mdc_var'. * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false. * g10/mainproc.c (proc_encrypted): Ditto. -- Users should not be allowed to suppress the warning that they are shooting into their foot. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 96350c5d5afcbc7f66c535e38b9fcc7355622855)
* po: Update Spanish translation.emma peel2018-05-251-45/+27
| | | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc: Fix URL in NEWS.Werner Koch2018-05-131-1/+1
| | | | --
* doc: Update description of displayed trust values.Ineiev2018-05-074-32/+65
| | | | | | | | | | | | | | * doc/trust-values.texi: New file. * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi. * doc/gnupg.texi (Trust Values): New chapter. * doc/gpg.texi (OpenPGP Key Management): Update the description of how trust values are displayed, replace table with a reference to Trust Values. * doc/gpg.texi (GPG Examples): Add @mansect trust values. -- Signed-off-by: Ineiev <[email protected]>
* Post release updatesWerner Koch2018-05-022-1/+5
| | | | --
* Release 2.2.7gnupg-2.2.7Werner Koch2018-05-021-4/+16
| | | | Signed-off-by: Werner Koch <[email protected]>
* speedo,w32: Install dirmmngr_ldap.exe.Werner Koch2018-05-021-0/+2
| | | | --
* po: Auto updateWerner Koch2018-05-0226-914/+727
| | | | --
* gpg: Fix minor memory leak in the compress filter.Werner Koch2018-05-023-9/+21
| | | | | | | | | | | | * g10/compress.c (push_compress_filter2): Return an error if no filter was pushed. (push_compress_filter): Ditto. (handle_compressed): Free CFX if no filter was pushed. * g10/import.c (read_block): Ditto. -- GnuPG-bug-id: 3898, 3930 Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix "Too many open files" when using --multifile.Werner Koch2018-05-021-0/+1
| | | | | | | | | | | * common/miscellaneous.c (is_file_compressed): Don't cache the file. -- This seems to be a pretty old bug. The fix is easy and also reveals that -z0 can be used as a workaround. GnuPG-bug-id: 3951 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Implement timeout for dirmngr_ldap under Windows.Werner Koch2018-05-021-4/+44
| | | | | | | | | * dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New. (set_timeout): Implement for W32. -- GnuPG-bug-id: 3937 Signed-off-by: Werner Koch <[email protected]>
* build: New configure option to help with nPth debugging.Werner Koch2018-05-021-0/+11
| | | | | | | | | * configure.ac: Add option --enable-npth-debug -- This requires a not yet release nPth version to have an effect. Signed-off-by: Werner Koch <[email protected]>
* speedo: Install Spanish translation for Libgpg-error.Werner Koch2018-05-021-0/+5
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* common,w32: Hide spawned processes by defaultAndre Heinecke2018-05-021-1/+1
| | | | | | | | | | | | | | | | | | | | * common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE instead of SW_MINIMIZE. -- Spawning minimized shows icons in the task bar so users see that background processes are started, which is unusual. I'm pretty sure that the intention of the code was to hide the window if not in spawn debug mode. This is also what GPGME does. This fixes dirmngr_ldap process windows and other spurious reports about e.g. a gpgv console window from loadswdb. GnuPG-Bug-Id: T3937 Signed-off-by: Andre Heinecke <[email protected]>
* dirmngr: Sleep in the ldap wrapper thread.Werner Koch2018-04-301-212/+311
| | | | | | | | * dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list. (ldap_reaper_thread): Protect all list modification with a mutex. Use a condition var to wake up the reaper thread. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Use the LDAP wrapper process also for Windows.Werner Koch2018-04-273-187/+237
| | | | | | | | | | | | | | | | * dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for portability. * configure.ac: Always use the ldap wrapper. -- Since the migration from GNU Pth to nPth the ldap wrapper never worked reliable on Windows. Our long term use of the old Window CE wrapper thing didn't fixed this either. The new code uses the portable es_poll function and thus code which is tested at several other places. It Should(tm) fix the Windows issues. GnuPG-bug-id: 3937 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Silence log output from dirmngr_ldap.Werner Koch2018-04-273-5/+13
| | | | | | | | | | | | | | | * dirmngr/dirmngr_ldap.c: Remove assert.h. (main): Replace assert by log_assert. * dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass verbose options to dirmngr_ldap. (start_cert_fetch_ldap): Ditto. -- verbose is a pretty common option in dirmngr.conf and it would clutter the logs with output from dirmngr_ldap. Now we require DBG_EXTPROG or DBG_LOOKUP to make dirmngr_ldap more verbose. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Lower the dead host resurrection time to 1.5hWerner Koch2018-04-262-2/+4
| | | | | | | | * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease. (INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely for development. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix handling of CNAMEed keyserver pools.Werner Koch2018-04-263-1/+36
| | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST. * dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net. -- For a description of the problem see the comment in make_keyserver_item. GnuPG-bug-id: 3755 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add the used TLS library to the debug output.Werner Koch2018-04-252-4/+15
| | | | | | | | | | | * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Allow redirection from https to http for CRLsWerner Koch2018-04-255-21/+40
| | | | | | | | | | | | | | | | | * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag. (KS_HTTP_FETCH_TRUST_CFG): Ditto. (KS_HTTP_FETCH_NO_CRL): Ditto. (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache and extra_http_trust_flags by a new flags arg. Allow redirectiong from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set. * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE. * dirmngr/ks-action.c (ks_action_get): Ditto. (ks_action_fetch): Ditto. * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags. -- Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Implement CRL fetching via https.Werner Koch2018-04-2510-131/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag. * dirmngr/http.c (http_register_cfg_ca): New. (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag. * dirmngr/certcache.c (load_certs_from_dir): Call new function. (cert_cache_deinit): Ditto. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to provide the default value. * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of ks_http_fetch. -- The old code simply did not use https for downloading of CRLS. Instead it rewrote https to http under the assumption that the CRL service was also available without encryption. Note that a CRL is self-standing and thus it does not need to have extra authenticity as provided by TLS. These days we should not use any unencrypted content and thus this patch. Be aware that cacert.org give a https CRL DP but that currently redirects to to http! This is a downgrade attack which we detect and don't allow. The outcome is that it is right now not possible to use CAcert certificates. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix printing the keygrip with --card-status.NIIBE Yutaka2018-04-251-1/+1
| | | | | | | | | * g10/card-util.c (current_card_status): Keygrip for Auth is 3. -- Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fallback to CRL if no default OCSP responder is configured.Werner Koch2018-04-242-47/+59
| | | | | | | | | * dirmngr/server.c (cmd_isvalid): Use option second arg to trigger OCSP checkibng. Fallback to CRL if no default OCSP responder has been configured. * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly. Signed-off-by: Werner Koch <[email protected]>
* doc: Update NEWS and add an example to gpg.texi.Werner Koch2018-04-232-1/+23
| | | | --
* Revert "po: correct label tags in Polish translation"Werner Koch2018-04-231-34/+34
| | | | | | | | | | -- The changed tags need to be kept localized because the description text refers them. Using the English for the tag and then the translated version in the description confuses users. Fixes-commit: a5290dace7f85d66272af3e14f9f2bc43d2a4af8.
* Revert "po: correct label tags in Finnish translation"Werner Koch2018-04-231-24/+24
| | | | | | | | | | -- The changed tags need to be kept localized because the description text refers them. Using the English for the tag and then the translated version in the description confuses users. Fixes-commit: e12475429578add12a53fb2232cb45dc9e2aae1b.
* dirmngr: More binary I/O on Windows for CRLsAndre Heinecke2018-04-201-2/+5
| | | | | | | | | | | | | | | | * dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache file in binary mode. -- CRLs on Windows would have line ending entries converted. This did not cause problems in a surprising amount of cases but can lead to unexpected and random parse / read errors. Especially with large CRLs like cacert. This bug has been around since 2004. GnuPG-Bug-Id: T3923 Signed-off-by: Andre Heinecke <[email protected]>
* doc: Remove unneccesary empty flags in vsndf.prfAndre Heinecke2018-04-201-1/+1
| | | | | | * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags. Signed-off-by: Andre Heinecke <[email protected]>
* po: more updates to Spanish translationemma peel2018-04-161-110/+105
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: correct attribution for Spanish translationemma peel2018-04-161-3/+2
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: correct label tags in Polish translationemma peel2018-04-161-34/+34
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* po: correct label tags in Finnish translationemma peel2018-04-161-24/+24
| | | | Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* build: New target "release" to automate the release process.Werner Koch2018-04-151-2/+73
| | | | | | | | | | | | | | * Makefile.am (RELEASE_ARCHIVE_DIR): New. (RELEASE_SIGNING_KEY): New. (AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg, (RELEASE_NAME, RELEASE_W32_STEM_NAME): New. (release, sign-release): New. -- This requires GNU make and also some other decent utilities; however, they are anyway required for building the W32 installer. Signed-off-by: Werner Koch <[email protected]>
* g10: Fix memory leak in check_sig_and_print.NIIBE Yutaka2018-04-131-0/+1
| | | | | | | | | * g10/mainproc.c (check_sig_and_print): Free the public key. -- GnuPG-bug-id: 3900 Signed-off-by: NIIBE Yutaka <[email protected]>
* g10: Push compress filter only if compressed.NIIBE Yutaka2018-04-131-5/+8
| | | | | | | | | | | | * g10/compress.c (handle_compressed): Fix memory leak. -- All other calls of push_compress_filter checks ALGO, so, do it here, too. GnuPG-bug-id: 3898 Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Spanish translationemma peel2018-04-121-2183/+1536
| | | | | | -- Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Extend the "sig" record in --list-mode.Werner Koch2018-04-1210-21/+55
| | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call callers. (get_user_id): Add arg R_NOUID. Change call callers. * g10/mainproc.c (issuer_fpr_string): Make global. * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key also in --list-mode. Print the "issuer fpr" field also if there is an issuer fingerprint subpacket. -- Scripts used to rely on the "User ID not found" string even in the --with-colons listing. However, that is not a good idea because that string is subject to translations etc. Now we have an explicit way of telling that a key is missing. For example: gpg --list-sigs --with-colons | \ awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}' Prints all keyids or fingerprint of signing keys for which we do not have the key in our local keyring. Signed-off-by: Werner Koch <[email protected]>
* gpg: Extend the ERRSIG status line with a fingerprint.Werner Koch2018-04-123-23/+50
| | | | | | | | | | | | | | * g10/mainproc.c (issuer_fpr_raw): New. (issuer_fpr_string): Re-implement using issuer_fpr_rtaw. (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW. Use write_status_printf. Extend ERRSIG status. -- Modern OpenPGP implementations put the ISSUER_FPR into the signature to make it easier to discover the, public needed to check the signature. This is also useful in error messages and thus we add it. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-20 21:59:39 +0000