| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--
The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.
GnuPG-bug-id: 7298
(cherry picked from commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823)
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.
--
GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <[email protected]>
(cherry picked from commit 71840b57f48680b7555451a29026d9c6de4fe2bc)
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default. Enable control flow
protection.
--
Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.
|
| |
|
|
|
|
|
|
|
| |
* g10/keygen.c (prepare_adsk): Emit status error.
--
This is useful for GPGME.
GnuPG-bug-id: 7322
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--
This patch makes sure that an expired trusted key is not used for
trust computation. The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.
GnuPG-bug-id: 7200
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/trustdb.c (store_validation_status): Remove arg 'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--
This has been here since 2003. The variable was never evaluated -
only stored.
Also added some comments.
|
| |
|
|
|
|
| |
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--
Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
|
| |
|
|
|
|
|
|
|
|
|
| |
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
|
| |
|
|
| |
--
|
| |
|
|
|
|
| |
--
Taken from master
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* doc/Makefile.am (yat2m-stamp): Also call yat2m with --html options.
* doc/yat2m.c (main): Add dummy options.
--
Note that the generated html versions of the man pages will only be
correct if the external yat2m tool is installed - at least for the
maintainers of the website this will be the case.
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.
--
GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.
--
GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.
--
GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--
Fixes-commit: 2fdb950471bd36f046672254ff26ca94797cc9f1
GnuPG-bug-id: 6528
The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--
Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
|
| |
|
|
| |
* g10/free-packet.c (is_mpi_copy_broken): Remove.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--
This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.
Fixes-commit: 122803bf1ac9ee720d9fc214f5ae5c2a0ec22bf5
GnuPG-bug-id: 7042
|
| |
|
|
|
|
|
|
| |
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--
Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/exechelp.h [HAVE_W32_SYSTEM] (get_max_fds): Don't expose.
(close_all_fds, get_all_open_fds): Likewise.
* common/exechelp-w32.c: Don't expose unused functions.
--
GnuPG-bug-id: 7293
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--
GnuPG-bug-id: 7286
|
| |
|
|
| |
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
|
| |
|
|
|
|
|
|
|
| |
* agent/command.c (cmd_keytocard): Copy LINE.
--
GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5
|
| |
|
|
|
|
| |
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
|
| |
|
|
|
|
|
| |
* g10/photoid.c (show_photo): No return for a void function.
--
GnuPG-bug-id: 7256
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used. Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--
This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
"oops: public key not found for preference check\n"
due to ADSK keys. The error is mostly harmless but lets gpg return
with an exit code of 2.
Backported-from-master: 6fa4d7973db34d118b7735d5a3d1aa8cc4412f46
|
| |
|
|
| |
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
|
| |
|
|
| |
--
|
| |
|
|
|
| |
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--
Here is the Git patch of the updated GnuPG pt.po translation.
From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <[email protected]>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.
Signed-off-by: Daniel Cerqueira <[email protected]>
Backported-from-master: d73beb5398c6052ff0c091903d0bd6990bd69dc7
(I hope that I did not break too much)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro. Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags. More debug output. Handle cramming
here. Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates. Adjust for
changes in _tlv_parser_next. Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.
* sm/minip12.c (dump_to_file): New. Enablein debug mode and if a
envvar ist set. Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--
GnuPG-bug-id: 7213
Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.
Backported-from-master: 690fd61a0cf2b4b51ee64811656692eb644d2918
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--
Example:
$ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
D Magrathea
OK
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for
simplicity.
--
A state dump looks like
app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
app_dump_state: app=0x00007f1b38018100 type='openpgp'
app_dump_state: app=0x00007f1b3800cb70 type='piv'
app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
app_dump_state: app=0x00007f1b38016fc0 type='openpgp'
and can also be triggered by a SIGUSR1. This explicit command allows
to dump the state also on Windows. Use for example
gpg-connect-agent 'scd getinfo dump_state' /bye
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
| |
--
Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista. Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.
The SO number of libassuan needs an update too.
|
| |
|
|
| |
--
|
