aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* doc: Add missing whitespace gnupg7 manpage.HEADmasterAndreas Metzler2 days1-1/+1
| | | | --
* scd:p15: Accept P15 cards with a zero-length label.Werner Koch2 days1-2/+11
| | | | | | | | | | | * scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label. -- Some versions of the CardOS personalisation software seem to store a missing labels as zero-length object instead of not storing the object at all. Due to a lack of such a card this patch has not been tested.
* gpgscm: Fix initialization for fixed size chars.NIIBE Yutaka4 days3-207/+207
| | | | | | | | | | | | | | * tests/gpgscm/opdefines.h: Change the order of arguments. * tests/gpgscm/scheme-private.h (_OP_DEF): OP comes first, and use variadic args for the macro. * tests/gpgscm/scheme.c (_OP_DEF): Likewise. (TST_*): Use integers. (check_arguments): Follow the change of TST_LIST. -- GnuPG-bug-id: 7623 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgscm: Fix for CHARNAMES.NIIBE Yutaka5 days1-1/+1
| | | | | | | | | | * tests/gpgscm/scheme.c (charnames): It's an array of strings, not fixed size characters. -- GnuPG-bug-id: 7623 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpgconf: Show also stuff from the Registry emulation.Werner Koch2025-04-091-6/+84
| | | | | | * tools/gpgconf.c (my_read_reg_string): New. Use it for the registry listing stuff. (show_registry_entries_from_file): Use also on Unix.
* dirmngr: Fix libdns with 127.0.0.1.NIIBE Yutaka2025-04-071-6/+6
| | | | | | | | | | | * dirmngr/dns.c (dns_so_check): Ifdef-out Linux specific code. Remove retrying udp_connect_retry when ECONNREFUSED. -- Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93 GnuPG-bug-id: 4021 Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg: New key generation parameter "User-Id".Werner Koch2025-04-042-5/+8
| | | | * g10/keygen.c (read_parameter_file): Add keyword "User-Id".
* keyboxd: Searching UpperCaseAddress.NIIBE Yutaka2025-03-261-10/+28
| | | | | | | | | | * kbx/backend-sqlite.c (run_select_statement): Convert with ascii_strlwr when the mode is KEYDB_SEARCH_MODE_MAIL. -- GnuPG-bug-id: 7576 Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Update NEWSWerner Koch2025-03-252-0/+20
| | | | --
* gpgsm: Simplify the expiration check.Werner Koch2025-03-181-18/+8
| | | | | * sm/certlist.c (gpgsm_add_to_certlist): Remove the on-demand setting of the current time.
* gpgsm: Fix error message if all selected certificates are expired.Ramón García2025-03-181-17/+28
| | | | | | | | | | | | | | | | | * sm/certlist.c (gpgsm_add_to_certlist): Track expired error. Make the expired check easier to read by using if and case. -- Original ChangeLog: If all selected certificates are expired, don't mislead the user saying that no certificate was found. Instead, return the error of the first certificate selected. * sm/certlist.c: if one expired certificate was found, don't return no certificate found, return instead the expiration error I heavily changed Ramon's original patch and hope that I don't introduced a regression to his patch. - [email protected]
* gpgsm: Avoid increasing error count when enumerating an expired cert.Ramón García2025-03-183-30/+42
| | | | | | | | | | | * sm/certchain.c (check_validity_period_cm): Add arg no_log_expired to avoid bumping of the error counter due to the do_list function. * sm/certlist.c (gpgsm_add_to_certlist): Set no_log_expired when checking the expiration. -- I modified the original patch to make the patch smaller and the code easier to read. - [email protected]
* gpgsm: When selecting certs also skip certificates too young.Ramón García2025-03-181-1/+2
| | | | | * sm/certlist.c (gpgsm_add_to_certlist): Also check for not yet valid certs.
* gpgsm: select unexpired certificates skipping expired onesRamón García2025-03-183-11/+55
| | | | | | | | | | | | | | | | * sm/certchain.c (check_validity_period_cm): Make function global. * sm/certlist.c (gpgsm_add_to_certlist): If an expired certificate is found, continue looking for another one. -- This enables the user to select a certificate by subject, and keep old expired certificates in the store in case he wishes to decrypt or verify an old file. This makes renewal of certificate smoother. Due to a broken patch I had to massage the patch and while doing this also fixed the indentation and moved a declaration to the begin of a block. - [email protected]
* doc: Register DCO for Ramon García F.Werner Koch2025-03-181-0/+3
| | | | --
* gpgsm: Extend --learn-card by an optional s/n argument.Werner Koch2025-03-179-39/+99
| | | | | | | | | | | | | | | | * agent/command.c (cmd_learn): Allow for s/n argument. * agent/learncard.c (agent_handle_learn): Ditto. * agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd. * scd/command.c (cmd_switchcard): Factor most code out to ... (switchcard_core): new. (cmd_learn): Add option --demand to specify a s/n. * sm/gpgsm.c (main): Allow a s/n argument for --learn-card. -- This help Kleopatra to get a stable certificate listing. GnuPG-bug-id: 7379
* gpgconf: Fix reload and kill of keyboxd.Werner Koch2025-03-171-4/+4
| | | | | | | | * tools/gpgconf-comp.c (keyboxd_runtime_change): Fix order of args. -- Fixes-commit: acaeba2dbdb9bbd68a823c671d5c3577fef5d26d GnuPG-bug-id: 7569
* scd,w32: Fix posssible lockup due to lost select results.Werner Koch2025-03-141-2/+5
| | | | | | | | | | | | | | | | * scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop when an event was encountered. -- Here the event handle is passed to npth_eselect so that this function can detect the event and reset the event. There is no need to consume this information here. However, npth_select might also got a ready file descriptor along with the event and by doing a "continue" we would miss the ready state of the file descriptor. The fix is to do nothing here, similar to what we do in gpg-agent. Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12 GnuPG-bug-id: 2982
* doc: Minor updatesWerner Koch2025-03-143-3/+14
| | | | --
* gpg: Fix double free of internal data.Werner Koch2025-03-131-1/+2
| | | | | | | | | * g10/sig-check.c (check_signature_over_key_or_uid): Do not free in no-sig-cache mode if allocated by caller. -- GnuPG-bug-id: 7547 Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
* common: Add a flag for left anchored substring match to recsel.Werner Koch2025-03-123-6/+38
| | | | | | | | | | | | | * common/recsel.c (struct recsel_expr_s): Add field lefta. (recsel_parse_expr): Parse it. (recsel_select): Implement selection. -- This flags makes it for example easy to select keys last updated from an ldap server: gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \ -k --with-key-origin
* Update autogen.sh from upstream to version 2025-03-10Werner Koch2025-03-101-8/+7
| | | | --
* card: Add command "ll"Werner Koch2025-03-101-10/+20
| | | | | | | | | | | | * tools/gpg-card.c (cmd_list): Add optional ar use_opt_cards. (enum cmdids): Add cmdLISTCARDS. (cmds): New command "ll". (interactive_loop): Ditto. -- Using "l --cards" is a command required very often thus it makes sense to have an alias for it. ll also allows to switch the card without showing the long listing.
* Post release updatesWerner Koch2025-03-072-1/+5
| | | | --
* Release 2.5.5gnupg-2.5.5Werner Koch2025-03-071-2/+9
|
* po: msgmergeWerner Koch2025-03-0726-0/+121
| | | | --
* po: Update German translationWerner Koch2025-03-071-1/+5
| | | | --
* Typo fix and add missing prototype.Werner Koch2025-03-072-1/+2
| | | | --
* build: Update Libassuan M4 macrosWerner Koch2025-03-071-2/+2
| | | | | -- GnuPG-bug-id: 7541
* gpg: Fix regression for the recent malicious subkey DoS fix.Werner Koch2025-03-062-19/+34
| | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_VERIFY): New. * g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested usage. (finish_lookup): Introduce a verify_mode. -- Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158 GnuPG-bug-id: 7547
* dirmngr: Use the same thread init strategy as gpg-agent et al.Werner Koch2025-03-061-29/+42
| | | | | | | | | | * dirmngr/dirmngr.c (initialize_modules): New. (thread_init): Run npth_init only once. Re-init Libassuan and Libgcrypt syscall clamps. Replace all calls by calls to initialize_modules. -- GnuPG-bug-id: 6606
* w32: On socket nonce mismatch close the socket.Werner Koch2025-03-054-11/+19
| | | | | | | | | | | | | | | | | * agent/gpg-agent.c (start_connection_thread_std): Close socket on nonce mismatch. (start_connection_thread_extra): Ditto. (start_connection_thread_browser): Ditto. (start_connection_thread_ssh): Ditto. * dirmngr/dirmngr.c (start_connection_thread): Ditto. * kbx/keyboxd.c (start_connection_thread): Ditto. -- Usually Libassuan takes care of closing the socket but because we do the nonce check before setting up Assuan we need to explicit close it. GnuPG-bug-id: 7434
* Log the Windows system error code at more places.Werner Koch2025-03-057-17/+43
| | | | | | | | | | | | | | | * common/asshelp.c (log_libassuan_system_error): New. * agent/gpg-agent.c (create_server_socket): Use new log function. (handle_connections): Log system error code for a failed accept. * dirmngr/dirmngr.c (handle_connections): Ditto. * kbx/keyboxd.c (handle_connections): Ditto. * scd/scdaemon.c (handle_connections): Ditto. * tpm2d/tpm2daemon.c (handle_connections): Ditto. * dirmngr/dirmngr.c (main): Log system error code for a failed bin. * kbx/keyboxd.c (create_server_socket): Ditto. * scd/scdaemon.c (create_server_socket): Ditto. * tpm2d/tpm2daemon.c (create_server_socket): Ditto.
* tools: Add envvar GPG_AUTHCODE_SIGN_MODE to disable signing.Werner Koch2025-02-241-0/+4
| | | | * tools/gpg-authcode-sign.sh: Check envvar for value "disable".
* dirmngr: Prepare for new command KS_DEL.Werner Koch2025-02-214-0/+95
| | | | | | | | | * dirmngr/server.c (cmd_ks_del): New. * dirmngr/ks-action.c (ks_action_del): New. * dirmngr/ks-engine-ldap.c (ks_ldap_del): New stub. -- GnuPG-bug-id: 5447
* dirmngr: Factor a common command parsing code out.Werner Koch2025-02-211-51/+51
| | | | | | * dirmngr/server.c (percentplus_line_to_strlist): New. Code taken from cmd_ks_get. (cmd_ks_search, cmd_ks_get): Use it here.
* build: Update autogen.sh to the current version.Werner Koch2025-02-211-6/+31
| | | | | | -- This is a general maintenance update
* speedo: Do not build gpgme anymore.Werner Koch2025-02-214-56/+4
| | | | | | | | | | | * build-aux/speedo.mk: Remove support gpgme. * build-aux/speedo/w32/inst.nsi: Ditto. * build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components. -- GPGME is either already availabale on Unix platforms or can be installed on Widnows with gpg4win. GnuPG itself does not require gpgme.
* gpg: Fix a verification DoS due to a malicious subkey in the keyring.Werner Koch2025-02-217-86/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/getkey.c (get_pubkey): Factor code out to ... (get_pubkey_bykid): new. Add feature to return the keyblock. (get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock. Request a signing usage. (get_pubkeyblock_for_sig): Remove. (finish_lookup): Improve debug output. * g10/sig-check.c (check_signature): Add arg r_keyblock and pass it down. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Use the keyblock returned by do_check_sig to show further information instead of looking it up again with get_pubkeyblock_for_sig. Also re-check the signature after the import of an included keyblock. -- The problem here is that it is possible to import a key from someone who added a signature subkey from another public key and thus inhibits that a good signature good be verified. Such a malicious key signature subkey must have been created w/o the mandatory backsig which bind a signature subkey to its primary key. For encryption subkeys this is not an issue because the existence of a decryption private key is all you need to decrypt something and then it does not matter if the public subkey or its binding signature has been put below another primary key; in fact we do the latter for ADSKs. GnuPG-bug-id: 7527
* gpg: Remove a signature check function wrapper.Werner Koch2025-02-203-31/+14
| | | | | | * g10/sig-check.c (check_signature2): Rename to (check_signature): this and remove the old wrapper. Adjust all callers.
* doc: Declare --disable-http as legacy.Werner Koch2025-02-191-1/+6
| | | | --
* agent: Improve diagnostics for a bind call failure.Werner Koch2025-02-181-3/+11
| | | | | | | | | * agent/gpg-agent.c (create_server_socket): Fix translation. Add diagnostic for bind retry. Print windows error code after bind failure. -- GnuPG-bug-id: 7434
* doc: Add some notesWerner Koch2025-02-182-0/+9
| | | | --
* Post release updatesWerner Koch2025-02-122-1/+9
| | | | --
* Release 2.5.4gnupg-2.5.4Werner Koch2025-02-121-2/+10
|
* po: msgmergeWerner Koch2025-02-1227-368/+334
| | | | --
* Update Turkish translationsEmir SARI2025-02-121-97/+40
|
* agent: New option --change-std-env-name.Werner Koch2025-02-124-7/+60
| | | | | | | | | | | | | * common/session-env.c (stdenvnames): Add field "disabled". (INITIAL_ARRAYSIZE): Increase size a bit. (session_env_mod_stdenvnames): New. (session_env_list_stdenvnames): Handle the disabled flag. * agent/gpg-agent.c (oChangeStdEnvName): New. (opts): Add --change-std-env-name. (main): Implement option. -- GnuPG-bug-id: 7522
* gpgsm: Remove unused function.Werner Koch2025-02-122-58/+0
| | | | * sm/misc.c (setup_pinentry_env): Remove.
* doc: Do not install gnupg.7.html into usr/share/man/manh/Daniel Kahn Gillmor2025-02-121-4/+5
| | | | | | | | | | | | * doc/Makefile.am: Ship gnupg.7.html with other html, not with manpages. -- Without this change, gnupg.7.html gets placed in /usr/share/manh/ Since it can't be correctly rendered by groff, this is undesirable. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 15:39:23 +0000