aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Release 2.2.44gnupg-2.2.44Werner Koch2024-08-124-5/+25
|
* speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.Werner Koch2024-08-122-3/+5
| | | | | | | | | | | | -- Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now need at least Windows Vista. Version 8 of Mingw defaults to XP SP2 which requires us to explicit override that default. The SO number of libassuan needs an update too. (cherry picked from commit d56b63a66181b4f029e91dcea095e9eb149895b7)
* gpgconf: Print the full commit id.Werner Koch2024-08-123-43/+75
| | | | | | | | | | * autogen.sh: Update to version 2024-07-04 from libgpg-error. * configure.ac (BUILD_REVISION): Rename the ac_define by BUILD_COMMITID. * tools/gpgconf.c (show_version_gnupg): Use it here. -- (cherry picked from commit 736579331b14035db5b857812d18b493678f7769)
* po: msgmergeWerner Koch2024-08-1225-0/+124
| | | | --
* po: Add German translation for a new string.Werner Koch2024-08-121-1/+5
| | | | --
* gpg: Improve decryption diagnostic for an ADSK key.Werner Koch2024-08-124-8/+37
| | | | | | | | | | | | | | | | | | | | | * g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant. * g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant. * g10/pubkey-enc.c (get_it): Print a note if an ADSK key was used. Use the new get_pubkeyblock flag. * g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk. (get_pubkeyblock): Factor all code out to ... (get_pubkeyblock_ext): new. (finish_lookup): Add new arg allow_adsk and make use of it. -- This patch solves two purposes: - We write a note that the ADSK key was used for decryption - We avoid running into a "oops: public key not found for preference check\n" due to ADSK keys. The error is mostly harmless but lets gpg return with an exit code of 2. Backported-from-master: 882ab7fef9bf4440900c32d7463469307224f11a
* speedo,w32: Update libassuan dll name in wxsAndre Heinecke2024-08-121-2/+2
| | | | | * build-aux/speedo/w32/wixlib.wxs: Update name and UID for libassuan
* agent: Fix an unitialized variable in an error path.Werner Koch2024-08-081-1/+1
| | | | | | | | | | | | | | | * agent/findkey.c (agent_write_private_key): Init FP. -- With Fixes-commit: 3b69d8bf7146b8d10737d0cfea9c97affc60ad73 we took a shortcut but forgot to init FP which is usually set after the new check. At least in the AppImage this always triggered a segv and gpg or Kleopatra had to restart the agent. Not a problem in 2.4 becuase this code is a hack we don't need in 2.4 due to that new ephemeral key storing feature. GnuPG-bug-id: 6944
* common: Allow building with libgpg-error < 1.47Werner Koch2024-08-081-0/+5
| | | | | | | | | * common/util.h (GPG_ERR_BAD_RESET_CODE): New replacement. (GPG_ERR_NO_RESET_CODE): New. (GPG_ERR_BAD_PUK): New. -- But as least 1.38 is required. Tested with 1.42
* common: Add missing file to repoWerner Koch2024-08-081-0/+827
| | | | | -- Fixes-commit: 0dcd1504babb4b98898f7bd738d7aaa1e4a73a05
* sm: More improvements for PKCS#12 parsing for latest IVBB changes.Werner Koch2024-08-073-887/+306
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/tlv.h (TLV_PARSER_FLAG_T5793): New. (tlv_parser_new): New macro. Rename function with an underscore. (tlv_next_with_flag): New. * common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer. Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist definition. (dump_to_file): New but disabled debug helper. (parse_tag): Print more info on error. (_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data. (_tlv_parser_release): Free the copy of the buffer and return the recorded TLV object from tlv_parser_new. (_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove. (_tlv_push): Record crammed length. (_tlv_pop): Restore crammed length. (_tlv_parser_next): Add arg flags. More debug output. Handle cramming here. Take care of cramming here. (tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next. (tlv_expect_octet_string): Remove arg encapsulates. Adjust for changes in _tlv_parser_next. Change all allers. (tlv_expect_null): New. (cram_octet_string): Rewrite. (need_octet_string_cramming): Remove. * sm/minip12.c (dump_to_file): New. Enable in debug mode and if an envvar ist set. Replace all explict but disabled dumping to call this function. (parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an optional SET by non-peeking code. (parse_cert_bag): Ditto. (parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code. (parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to enable the Mozilla workaround. (parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new tlv_parser_release semantics. (parse_shrouded_key_bag): Ditto. (parse_shrouded_key_bag): Create a new context instead of using the former encapsulated mechanism for tlv_expect_octet_string. (parse_bag_data): Ditto. (p12_parse): Ditto. * common/tlv-parser.c: New * common/Makefile.am: Add new file. -- GnuPG-bug-id: 7213 Backported-from-master: 690fd61a0cf2b4b51ee64811656692eb644d2918 This backport required to introduce the new tlv-parser.c file and remove most source copied stuff from minip12.c. Thus the above ChangeList is not fully correct.
* scd: New getinfo subcommand "manufacturer"Werner Koch2024-08-073-15/+24
| | | | | | | | | | | | | | | * scd/command.c (cmd_getinfo): Add subcommand "manufacturer". * scd/app-openpgp.c (get_manufacturer): Rename to ... (app_openpgp_manufacturer): this and make global. -- Example: $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye D Magrathea OK Backported-from-master: a8cef7ebc2b8c3aa1477b61fecfaa8e5d63446d7
* doc: Fix URL to the OpenPGP card specsWerner Koch2024-08-071-3/+2
| | | | --
* gpg: Rename recently added import option no-seckeys to only-pubkeys.Werner Koch2024-06-244-8/+8
| | | | | | | | | * g10/import.c (parse_import_options): Rename option. * g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS. Change all users. -- GnuPG-bug-id: 7146
* gpg: Add --import-option "no-seckeys".Werner Koch2024-06-112-0/+5
| | | | | | | * g10/import.c (parse_import_options): Add "no-seckeys". -- GnuPG-bug-id: 7146
* gpg: Do not bail out on secret keys with an unknown algoWerner Koch2024-06-111-0/+2
| | | | | | | | | * g10/getkey.c (lookup): Skip keys with unknown algos. -- If the local store has private keys with an algorithm not supported by thi version of gpg, gpg used to bail out. Thus decryption of proper messages was not possible. This fix skips such secret keys.
* gpg: Do not show RENC if no key capabilities are found for a key.Werner Koch2024-06-052-2/+9
| | | | | | | * g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New. * g10/getkey.c (merge_selfsigs_subkey): Mask the default. (merge_selfsigs_main): Ditto. --
* gpgsm: Avoid double free when checking rsaPSS signatures.Jakub Jelen2024-05-291-2/+0
| | | | | | | | | | | | * sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on error. Its owned and freed by the caller. -- This is part of GnuPG-bug-id: 7129 Signed-off-by: Jakub Jelen <[email protected]> Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91 (cherry picked from commit dcb0b6fd4822107d68bcb046d4d0650d02c82522)
* agent: Avoid uninitialized access in GENKEY command on parameter error.Jakub Jelen2024-05-291-2/+2
| | | | | | | | | | | | * agent/command.c (cmd_genkey): Moved init_membuf to the top. -- Signed-off-by: Jakub Jelen <[email protected]> This is part of GnuPG-bug-id: 7129 (cherry picked from commit 379fc5569d604c4a7b5f12b2bbfc4106893c2a9e)
* wks: Make sure that ERR is always initialized.Werner Koch2024-05-291-0/+1
| | | | | | | | | | | | * tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case the loop is never run. -- This is part of GnuPG-bug-id: 7129 Co-authored-by: Jakub Jelen <[email protected]> (cherry picked from commit 021c27510b52f86a95ae70b5f4ed5d2c3886c3e8)
* scd:openpgp: Fix PIN pin2hash_if_kdf.NIIBE Yutaka2024-05-161-1/+1
| | | | | | | | | | | * scd/app-openpgp.c (pin2hash_if_kdf): DEK had been changed to pointer to allocated memory, so, we need to use DEKLEN for the length. -- GnuPG-bug-id: 7121 Fixes-commit: 20e85585ed20af67ce68e637ea5c3637615ba2e9 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,gpgsm: Remove compatibility_flags allow-ecc-encr and vsd-allow-encr.Werner Koch2024-05-068-20/+3
| | | | | | | | | | | | | | | | * g10/options.h (COMPAT_VSD_ALLOW_OCB): Remove. * g10/gpg.c (compatibility_flags): Remove "vsd-allow_ocb". (main): Alwas set CO_EXTRA_INFO_VSD_ALLOW_OCB. * g10/keygen.c (keygen_set_std_prefs): Always set OCB feature flag. * g10/encrypt.c (use_aead): Always OCB also in de-vs mode. * sm/gpgsm.h (COMPAT_ALLOW_ECC_ENCR): Remove. * sm/gpgsm.c (compatibility_flags): Remove "allow-ecc-encr". * sm/encrypt.c (encrypt_dek): Always allow ecc encryption. * sm/certreqgen.c (proc_parameters): Likewise. -- Both feature are meanwhile approved in de-vs mode thus there is no more need for the flags.
* tests: Avoid new C23 keyword true.Werner Koch2024-04-221-4/+4
| | | | | | | * tests/asschk.c (eval_boolean): s/true/tru/ -- GnuPG-bug-is: 7093
* Post release updatesWerner Koch2024-04-162-1/+8
| | | | --
* Release 2.2.43gnupg-2.2.43Werner Koch2024-04-161-3/+4
|
* po: Update some translations for the |R| prompt flag.Werner Koch2024-04-0927-48/+60
| | | | --
* gpg: Do not allow to accidently set the RENC usage.Werner Koch2024-04-041-1/+13
| | | | | | | | | | | | * g10/keygen.c (print_key_flags): Print "RENC" if set. (ask_key_flags_with_mask): Remove RENC from the possible set of usages. Add a direct way to set it iff the key is encryption capable. -- This could be done by using "set your own capabilities" for an RSA key. In fact it was always set in this case. GnuPG-bug-id: 7072
* gpgconf: Change layout of the gpgconf -X output.Werner Koch2024-04-041-47/+78
| | | | | | | | | * tools/gpgconf.c (list_dirs): Change the config mode output. (my_copy_file): Adjust output for org-mode style. (show_configs_one_file): Ditto. (show_other_registry_entries): Ditto. (show_registry_entries_from_file): Ditto. (show_configs): Ditto.
* build: Update nPth configure macros.Werner Koch2024-03-181-2/+2
| | | | * m4/npth.m4: Update.
* Update NEWSWerner Koch2024-03-181-0/+14
| | | | --
* gpgconf: Check readability of some files with -XWerner Koch2024-03-181-8/+29
| | | | | | * tools/gpgconf.c (list_dirs): Rename arg from special to show_config_mode. Add "S.Uiserver" test and test existsing files for readability.
* gpg: Make sure a DECRYPTION_OKAY is never issued for a bad OCB tag.Werner Koch2024-03-142-1/+6
| | | | | | | | | | | | * g10/mainproc.c (proc_encrypted): Force a decryption failure if any error has been seen. * g10/decrypt-data.c (aead_checktag): Issue an ERROR line. -- GnuPG-bug-id: 7042 Note that gpg in any case returns a failure exit code but due to double forking GPGME would not see it.
* gpg-check-pattern: Consider an empty pattern file as validWerner Koch2024-03-131-1/+1
| | | | | | | | | | * tools/gpg-check-pattern.c (read_file): Check length before calling fread. -- The problem with an empty file is that es_fread is called to read one element of length zero which seems to be undefined behaviour and results in ENOENT on my test box.
* wks: Make gpg-wks-client --mirror work w/o args.Werner Koch2024-03-061-1/+1
| | | | | | | | | * tools/gpg-wks-client.c (mirror_one_key): Test for no domain specified. -- The code did not really work if no domain was given. It worked but filtered out all keys so that no key was actually exported.
* gpg: Fix mixed invocation with --trusted-keys and --no-options.Werner Koch2024-03-042-17/+39
| | | | | | | | | | | | * g10/trustdb.c: Move some definitions around. (user_utk_list): Rename to trusted_key_list. Change all users. (any_trusted_key_seen): New. (tdb_register_trusted_key): Set it here. Handle the new value "none". (verify_own_keys): Do not delete a trusted key from the trustdb if a trusted-key option was not used. -- GnuPG-bug-id: 7025
* agent: Allow simple KEYINFO command when restricted.NIIBE Yutaka2024-03-011-3/+3
| | | | | | | | | * agent/command.c (cmd_keyinfo): Only forbid list command. -- GnuPG-bug-id: 7003 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix keep-alive flag handling.NIIBE Yutaka2024-02-211-1/+9
| | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic Authentication. Fix resource leak of FP_WRITE. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix the regression of use of proxy for TLS connection.NIIBE Yutaka2024-02-211-12/+2
| | | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it causes resource leak of FP_WRITE. Don't try to read response body to fix the hang. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix proxy with TLS.NIIBE Yutaka2024-02-211-5/+0
| | | | | | | | | | | | * dirmngr/http.c (proxy_get_token, run_proxy_connect): Always available regardless of USE_TLS. (send_request): Remove USE_TLS. -- Since quite some time building w/o TLS won't work. GnuPG-bug-id: 6997
* More NEWS.Werner Koch2024-02-051-0/+2
| | | | --
* common: Update requisitesÁngel González2024-02-052-6/+2
| | | | | | | | | | | | | | * configure.ac: Require libgpg-error 1.38 and libksba 1.4.0 * common/util.h: Remove error number substitutes. -- These versions were already needed for a successful compilation, but it was not reflected by configure. GnuPG-bug-id: 6974 Signed-off-by: Ángel González <[email protected]> util.h patch by wk.
* gpgsm: Increase salt size in pkcs#12 parser.Werner Koch2024-02-051-1/+1
| | | | | | | * sm/minip12.c (parse_bag_encrypted_data): Need 32 bytes. -- GnuPG-bug-id: 6757
* scd:openpgp: Allow PIN length of 6 also with a reset code.Werner Koch2024-01-301-2/+15
| | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Fix PIN length check. Add "R" flag to the reset code prompt. -- When using the reset code it was not possible to set a PIN of length 6. The "R" flags fixes a funny prompt. Fixes-commit: efe325ffdf21205b90f888c8f0248bbd4f61404b
* Prepare NEWS for 2.2.43Werner Koch2024-01-291-0/+21
| | | | --
* scd:openpgp: Add the length check for new PIN.NIIBE Yutaka2024-01-261-14/+32
| | | | | | | | | | | * scd/app-openpgp.c (do_change_pin): Make sure new PIN length is longer than MINLEN. -- GnuPG-bug-id: 6843 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 2376cdff1318688d94c95fd01adc4b2139c4a8c7)
* scd:openpgp: Restructure the pin2hash_id_kdf function.Werner Koch2024-01-261-81/+111
| | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (wipe_and_free_string, wipe_and_free): Enable functions. (pin2hash_if_kdf): Change interface. The input PIN is not anymore changed. Further there are no more assumptions about the length of the provided buffer. (verify_a_chv): Adjust for changed pin2hash_if_kdf. (verify_chv2): Ditto (verify_chv3): Ditto. (do_change_pin): Ditto. (do_sign): Ditto. -- Note that this a part of the patch 63bda3aad8ec4163b0241f64e8b587d665d650c3 which we used in 2.4 to implement a PIN cache. For easier backporting we need to add this here.
* tools: Fix argparse table of gpgconf.NIIBE Yutaka2024-01-261-36/+40
| | | | | | | | | | * tools/gpgconf.c (opts): Use ARGPARSE macros. -- GnuPG-bug-id: 6902 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 2be53b214d1c9205f5326ca663115200609d8df4)
* dirmngr: For CRL issuer verification trust the system's root CA.Werner Koch2024-01-261-0/+1
| | | | | | | | * dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
* common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR.Werner Koch2024-01-261-1/+1
| | | | | | | | * common/exechelp-w32.c (gnupg_spawn_process): Fix macro. -- Fixes-commit: 7ba44d15ca2f800c402a56eb71bb524f91ea2ffa GnuPG-bug-id: 6961
* doc: Minor typo fix.Werner Koch2024-01-241-1/+1
| | | | | | -- Was already fixed in 2.4. A 2.2 user reported this to g10 Code.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:11:55 +0000