aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* systemd-user: Drop RefuseManualStart=true.Daniel Kahn Gillmor2017-08-072-4/+0
| | | | | | | | | | | | * doc/examples/systemd-user/*.service: drop RefuseManualStart=true -- These user services can be safely started manually as long as at least their primary sockets are available. They'll just start with nothing to do, which should be fine. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* tests: Do not run all tests unless in maintainer mode.Justus Winter2017-08-073-15/+38
| | | | | | | | | | | | | * configure.ac: Leak the maintainer mode flag into 'config.h'. * tests/gpgscm/ffi.c: Pass it into the scheme environment. * tests/openpgp/all-tests.scm: Only run tests against non-default configurations (keyring, extended-key-format) in maintainer mode. -- Werner is concerned that the tests do take up too much time and asked me to reduce the runtime of the tests for normal users. Signed-off-by: Justus Winter <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-08-071-1/+1
| | | | | | * doc/gpg.texi: s/occured/occurred/ Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Simple typo fix.Daniel Kahn Gillmor2017-08-071-1/+1
| | | | | | * agent/gpg-agent.c: Correct spelling in comment. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* gpg: Install gpg by default under the name gpg.Werner Koch2017-08-053-21/+18
| | | | | | | | | | * configure.ac: Remove option --enable-gpg2-is-gpg. Add option --enable-gpg-is-gpg2. * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove --enable-gpg2-is-gpg. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: gpgconf needs to support the now default --auto-key-retrieve.Werner Koch2017-08-051-0/+2
| | | | | | | | | | * tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve". -- Although this option is invisible, it might be in use by gpgconf profiles. We don't want to break them. Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix memory leak in parse_auto_key_locate.Werner Koch2017-08-041-3/+4
| | | | | | | | | * g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS. -- It was probably too late for me to hack. Signed-off-by: Werner Koch <[email protected]>
* tests: Adjust tests for changed --auto-key-locate default.Werner Koch2017-08-041-0/+2
| | | | | | * tests/openpgp/defs.scm (create-gpghome): Disable new defaults. Signed-off-by: Werner Koch <[email protected]>
* gpg: Make --no-auto-key-retrieve gpgconf-igurable.Werner Koch2017-08-042-2/+2
| | | | | | | | | * g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of auto-key-retrieve. * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by no-auto-key-retrieve and chnage level from invisible to advanced. Signed-off-by: Werner Koch <[email protected]>
* gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.Werner Koch2017-08-044-13/+32
| | | | | | | | | | | | * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <[email protected]>
* agent: Make --no-grab the default.Werner Koch2017-08-043-9/+23
| | | | | | | | | | | * agent/gpg-agent.c (oGrab): New const. (opts): New option --grab. Remove description for --no-grab. (parse_rereadable_options): Make --no-grab the default. (finalize_rereadable_options): Allow --grab to override --no-grab. (main) <gpgconflist>: Add "grab". * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab". Signed-off-by: Werner Koch <[email protected]>
* gpg: Avoid double fingerprint printing with import-show.Werner Koch2017-08-041-1/+2
| | | | | | | * g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint options. Signed-off-by: Werner Koch <[email protected]>
* gpg: New import option show-only.Werner Koch2017-08-043-2/+9
| | | | | | | | | | | | | * g10/options.h (IMPORT_DRY_RUN): New. * g10/import.c (parse_import_options): Add "show-only". (import_one): use that as alternative to opt.dry_run. -- This is just a convenience thing for --import-options import-show --dry-run Signed-off-by: Werner Koch <[email protected]>
* wks: Allow gpg-wks-client --supported with just the domain nameWerner Koch2017-08-031-1/+8
| | | | | | | * tools/gpg-wks-client.c (command_supported): Hack for missing local part. Signed-off-by: Werner Koch <[email protected]>
* g10: Always save standard revocation certificate in file.Marcus Brinkmann2017-08-021-0/+4
| | | | | | | | * g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL temporarily to create certificate in right place. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3015
* Revert "g10: Always save standard revocation certificate in file."Marcus Brinkmann2017-08-017-18/+16
| | | | This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
* g10: Always save standard revocation certificate in file.Marcus Brinkmann2017-08-017-16/+18
| | | | | | | | | | | | | * g10/main.h (open_outfile): New parameter NO_OUTFILE. * g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given, never use opt.outfile. * g10/revoke.c (create_revocation): If FILENAME is true, also set NO_OUTFILE to true (for standard revocation certificates). * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c, g10/sign.c: Adjust all other callers. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3015
* artwork: Add icons.Marcus Brinkmann2017-08-0129-0/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * artwork/icons/index.css: New file. * artwork/icons/index.html: New file. * artwork/icons/lock-12.png: New file. * artwork/icons/lock-128.png: New file. * artwork/icons/lock-16.png: New file. * artwork/icons/lock-24.png: New file. * artwork/icons/lock-256.png: New file. * artwork/icons/lock-32.png: New file. * artwork/icons/lock-48.png: New file. * artwork/icons/lock-64.png: New file. * artwork/icons/lock-wing-12.png: New file. * artwork/icons/lock-wing-128.png: New file. * artwork/icons/lock-wing-16.png: New file. * artwork/icons/lock-wing-24.png: New file. * artwork/icons/lock-wing-256.png: New file. * artwork/icons/lock-wing-32.png: New file. * artwork/icons/lock-wing-48.png: New file. * artwork/icons/lock-wing-64.png: New file. * artwork/icons/lock-wing.svg: New file. * artwork/icons/lock.svg: New file. * artwork/icons/wing-12.png: New file. * artwork/icons/wing-128.png: New file. * artwork/icons/wing-16.png: New file. * artwork/icons/wing-24.png: New file. * artwork/icons/wing-256.png: New file. * artwork/icons/wing-32.png: New file. * artwork/icons/wing-48.png: New file. * artwork/icons/wing-64.png: New file. * artwork/icons/wing.svg: New file. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 3019
* gpg,sm: Error out on compliance mismatch while decrypting.Werner Koch2017-08-012-25/+36
| | | | | | | | | | | | | | | | | | | | * g10/pubkey-enc.c (get_session_key): Bail out if the algo is not allowed in the current compliance mode. * sm/decrypt.c (gpgsm_decrypt): Ditto. -- The idea here is that the owner of the key created a non-compliant key and later receives a mail encrypted to that key. The sender should have checked this key too but we can't guarantee that. By hard failing here the owner of the key will notice that he had created a non-compliant key and thus has a chance to generate a new compliant key. In case the compliant criteria changes and the owner wants to decrypt an old message he can still switch gpg to another compliant mode. Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9 GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <[email protected]>
* indent: Wrap overlong lines in argparse.cWerner Koch2017-08-011-5/+10
| | | | --
* Simple typo fix.NIIBE Yutaka2017-08-011-1/+1
| | | | | | * tools/rfc822parse.c: Fix. Signed-off-by: NIIBE Yutaka <[email protected]>
* po: Update Japanese translationNIIBE Yutaka2017-08-011-40/+25
|
* dirmngr,w32: Fix http connection timeout problem.Werner Koch2017-07-311-1/+5
| | | | | | | | * dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN. -- GnuPG-bug-id: 3319 Signed-off-by: Werner Koch <[email protected]>
* Explain the "server is older than xxx warning".Werner Koch2017-07-314-0/+29
| | | | | | | | | | | | | | | | * g10/call-agent.c (warn_version_mismatch): Print a note on how to restart the servers. * g10/call-dirmngr.c (warn_version_mismatch): Ditto. * sm/call-agent.c (warn_version_mismatch): Ditto. * sm/call-dirmngr.c (warn_version_mismatch): Ditto. -- We should move this fucntion to common. However, the status output functions are different and would need to be streamlined too. GnuPG-bug-id: 3117 Debian-bug-id: 860745 Signed-off-by: Werner Koch <[email protected]>
* Post release updatesWerner Koch2017-07-282-1/+5
| | | | --
* Release 2.1.22gnupg-2.1.22Werner Koch2017-07-281-3/+42
|
* po: Auto-updateWerner Koch2017-07-2826-2411/+3221
| | | | --
* po: Update German translationWerner Koch2017-07-281-125/+138
|
* agent: Make --ssh-fingerprint-digest re-readable.Werner Koch2017-07-282-6/+19
| | | | | | | | | | | * agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ... (parse_rereadable_options): here. (opts): Change its description. (main) <aGPGConfList>: Include this option. * tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert level. Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: String changes for compliance diagnostics.Werner Koch2017-07-2812-52/+48
| | | | Signed-off-by: Werner Koch <[email protected]>
* agent: For OCB key files return Bad Passprase instead of Checksum Error.Werner Koch2017-07-282-3/+12
| | | | | | | | | | | | * agent/protect.c (do_decryption): Map error checksum to bad passpharse protection * agent/call-pinentry.c (unlock_pinentry): Don't munge the error source for corrupted protection. -- GnuPG-bug-id: 3266 Signed-off-by: Werner Koch <[email protected]>
* gpg: Minor rework for better readibility of get_best_pubkey_byname.Werner Koch2017-07-282-17/+17
| | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Change return type to gpg_error_t. Use var name err instead of rc. Move a gpg_error_from_syserror closer to the call. -- Signed-off-by: Werner Koch <[email protected]>
* gpg: Fix segv in get_best_pubkey_byname.Werner Koch2017-07-281-1/+1
| | | | | | | | | | | | * g10/getkey.c (get_best_pubkey_byname): Init NEW. -- We call free_user_id on NEW.uid and thus it needs to be initialized. This fixes the ref-count or invisible segv bug from GnuPG-bug-id: 3266 Signed-off-by: Werner Koch <[email protected]>
* agent: Minor cleanup (mostly for documentation).Werner Koch2017-07-285-161/+173
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'. * agent/findkey.c (read_key_file): Ditto. Change return type to gpg_error_t. On es_fessk failure return a correct error code. (agent_key_from_file): Change var name 'rc' to 'err'. * agent/pksign.c (agent_pksign_do): Ditto. Change return type to gpg_error_t. Return a valid erro code on malloc failure. (agent_pksign): Ditto. Change return type to gpg_error_t. replace xmalloc by xtrymalloc. * agent/protect.c (calculate_mic): Change return type to gpg_error_t. (do_decryption): Ditto. Do not init RC. (merge_lists): Change return type to gpg_error_t. (agent_unprotect): Ditto. (agent_get_shadow_info): Ditto. -- While code starring for bug 3266 I found two glitches and also changed var name for easier reading. Signed-off-by: Werner Koch <[email protected]>
* gpg: Tweak compliance checking for verificationWerner Koch2017-07-273-48/+54
| | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow verification. * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning. * g10/sig-check.c (check_signature2): Use log_error instead of log_info. -- We should be able to verify all signatures. So we only print a warning. That is the same beheavour as for untrusted keys etc. GnuPG-bug-id: 3311 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Allow encryption (with warning) to any key in de-vs mode.Werner Koch2017-07-272-18/+15
| | | | | | | | | * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key. * sm/encrypt.c (gpgsm_encrypt): Ditto. -- GnuPG-bug-id: 3306 Signed-off-by: Werner Koch <[email protected]>
* gpg,sm: Fix compliance checking for decryption.Werner Koch2017-07-273-48/+62
| | | | | | | | | | | | | | | | | | * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal signing check. We don't support Elgamal signing at all. (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA. Check the curvenames for ECDH. * g10/pubkey-enc.c (get_session_key): Print only a warning if the key is not compliant. * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg so that we have only one translation. -- We always allow decryption and print only a note if the key was not complaint at the encryption site. GnuPG-bug-id: 3308 Signed-off-by: Werner Koch <[email protected]>
* indent: Wrap an overlong line.Werner Koch2017-07-271-1/+3
| | | | | | -- Folks, please set your editors to 80 columns to notice such flaws.
* gpg: Avoid output to the tty during import.Werner Koch2017-07-277-74/+96
| | | | | | | | | | | | | | | | * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all output calls to use it. * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all output calls to use it. (keyedit_menu): Adjust for changes. * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp. * g10/import.c (import_one): Call key_check_all_keysigs with output to the log stream. -- Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035 GnuPG-bug-id: 3288 Signed-off-by: Werner Koch <[email protected]>
* g10: Make sure exactly one fingerprint is output with --quick-gen-key.Marcus Brinkmann2017-07-261-1/+2
| | | | | | | | | * g10/keygen.c (do_generate_keypair): Only set fpr in list_keyblock_direct invocation if neither --fingerprint nor --with-fingerprints are given. Signed-off-by: Marcus Brinkmann <[email protected]> GnuPG-bug-id: 2741
* doc: Add man pages form gpg-wks-server and gpg-wks-client.Werner Koch2017-07-263-4/+346
| | | | | | | | | * doc/wks.texi: New. * doc/gnupg.texi: Include wks.texi. * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi. (myman_pages): Add new man pages. Signed-off-by: Werner Koch <[email protected]>
* wks: Fix program names in the usage diagnostics.Werner Koch2017-07-262-4/+4
| | | | | | | * tools/gpg-wks-client.c (my_strusage): Add case 12. * tools/gpg-wks-server.c (my_strusage): Add case 12: Signed-off-by: Werner Koch <[email protected]>
* wks: Add stubs for new gpg-wks-server commands.Werner Koch2017-07-261-0/+60
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc: Update vsnfd profile exampleAndre Heinecke2017-07-261-1/+1
| | | | | | | * doc/examples/vsnfd.prf: Use rsa3072 -- This brings it in line with the requested default for vsnfd.
* dirmngr: Do not use a blocking connect in Tor mode.Werner Koch2017-07-262-0/+25
| | | | | | | * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode. (send_request): Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Auto-enable Tor on startup or reload.Werner Koch2017-07-263-6/+22
| | | | | | | | * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility. -- GnuPG-bug-id: 2935 Signed-off-by: Werner Koch <[email protected]>
* agent,dirmngr: Check for homedir removal also using stat(2).Werner Koch2017-07-262-7/+48
| | | | | | | | | | | | | | | | | * agent/gpg-agent.c (have_homedir_inotify): New var. (reliable_homedir_inotify): New var. (main): Set reliable_homedir_inotify. (handle_tick): Call stat on the homedir. (handle_connections): Mark availibility of the inotify watch. * dirmngr/dirmngr.c (handle_tick): Call stat on the homedir. (TIMERTICK_INTERVAL_SHUTDOWN): New. (handle_connections): Depend tick interval on the shutdown state. -- The stat call is used on systems which do not support inotify and also when we assume that the inotify does not work reliable. Signed-off-by: Werner Koch <[email protected]>
* agent: Lengthen timertick interval on Unix to 4 seconds.Werner Koch2017-07-261-9/+7
| | | | | | | * agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and Unix. Signed-off-by: Werner Koch <[email protected]>
* common: Strip trailing slashes from the homedir.Werner Koch2017-07-252-7/+59
| | | | | | | | | | | | | | | | | | * common/homedir.c (default_homedir): Strip trailing slashes. (gnupg_set_homedir): Ditto. -- is_gnupg_default_homedir() does not ignore trailing slashes when comparing directory names. This can lead to multiple agents started on the same directory if the homedir was specified with --homedir or GNUPGHOME without or with a number of slashes. We now make sure that the home directory name never ends in a slash (except for the roo of course). GnuPG-bug-id: 3295 Signed-off-by: Werner Koch <[email protected]>
* w32: Also change the directory on daemon startup.Werner Koch2017-07-253-11/+14
| | | | | | | | | | | | | | | * agent/gpg-agent.c (main): Always to the chdir. * dirmngr/dirmngr.c (main): Ditto. * scd/scdaemon.c (main): Ditto. -- Note that only dirmngr did not call the chdir with --no-detach. thus we kept it this way. Tested gpg-agent by checking the properties shown by procexp. Gnupg-bug-id: 2670 Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-18 15:08:50 +0000