* dirmngr/ks-engine-ldap.c: when compiling with Windows/MinGW headers,
`ldap_parse_page_control` and `ldap_parse_result` expects `ULONG`.
This has become a hard error when using GCC 15.
Signed-off-by: Zhang Maiyun <me@maiyun.me>
* g10/keygen.c (ask_curve): Add a curve aparemter to no list a curbe in
the menu.
--
This is non-standard curve and thus has severe interop problems. To
avoid accidental selection of this curve, it may now only be given by
its name.
* g10/import.c (get_revocation_reason): Fix setting of r_reason.
--
Note that gpgme has not yet support for parsing the revocation reason.
Due to the split of gpgme it was not tested with gpgmeqt which has its
own parser in its regression tests which kicked it when building
debian packages.
GnuPG-bug-id: 7083
Fixes-commit: 3f825b044b2f1db8773f27a96034c925177fe9f0
* g10/packet.h (struct revoke_info): Extend to carry the recocation
reason.
* g10/getkey.c (sig_to_revoke_info): Extend to strore the reason.
(merge_selfsigs): Extend to also store the reason in the public key.
* g10/keylist.c (list_signature_print): Factor some code out to ...
(print_revocation_reason_comment): new function.
(print_revocation_reason): New.
(print_key_line): Call new function to print the reason.
* g10/import.c (get_revocation_reason): Use
print_revocation_reason_comment and factor some code out to ...
(revocation_reason_code_to_str): new function.
* g10/gpgv.c (revocation_reason_code_to_str): Add stub.
* g10/test-stubs.c (revocation_reason_code_to_str): Ditto.
--
With this change the revocation reason of a revoked key (but not for a
revoked uid or subkey) is now displayed in "gpg -k" listing right
below the primary key fingerprint. Before that "gpg --checks-sigs"
was required to do show this info.
GnuPG-bug-id: 7083
* tools/gpgtar-extract.c (gpgtar_extract): Initialize PROC as NULL,
and release at the end for the case of jumping to "leave:" label.
* tools/gpgtar-list.c (gpgtar_list): Release at the end.
--
Fixes-commit: 29bc14f56f6430294f225b6744012ab1f5df62e6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* build-aux/speedo/w32/inst.nsi: Install the template files.
--
The help files are not very well known but we should at least install
some. We also install those for the wks-utils in case we will ever
support gpg-wks-server of gpg-mail-tube on Windows.
Release 2.5.7
* common/helpfile.c (gnupg_get_template): Add arg locale_override and
adjust all callers.
* tools/wks-receive.c (struct receive_ctx_s): Add field ct_language.
(get_language): New.
(new_part): Call it.
(wks_receive): Pass language to the result callback.
* tools/gpg-wks-client.c (short_locale): New.
(main): Get and store the current locale.
(command_create): Fix a glitch for the Posteo hack. Insert the locale
into the confirmation request.
(send_confirmation_response): Ditto.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field language.
(only_ascii): New.
(struct my_subst_vars_s, my_subst_vars_cb, my_subst_vars): New.
(send_confirmation_request): Use a template.
(send_congratulation_message): Ditto.
(check_and_publish): Pss ctx to send_congratulation_message.
(command_receive_cb): Add arg language.
* doc/wks-utils.txt, doc/wks-utils.de.txt: New.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
Note that the subject is not yet translated or templated due to a
missing header encoding function.
* tools/gpg-mail-tube.c: Include i18n.h.
(main): Call i18n.h
(only_ascii): New.
(mail_tube_encrypt): Use a template or fallback to the old version.
* doc/mail-tube.txt, doc/mail-tube.de.txt: Two standard templates.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
* common/util.h (GET_TEMPLATE_CURRENT_LOCALE): New.
(GET_TEMPLATE_SUBST_ENVVARS): New.
(GET_TEMPLATE_CRLF): New.
* common/helpfile.c (findkey_fname): Add arg flags and terminate line
with CRLF if requested.
(findkey_locale): Replace arg only_current_locale by flags and add arg
domain.
(gnupg_get_help_string): Factor all code out to ...
(gnupg_get_template): new. Add arg domain. Handle SUBST flags. Do
not trim tralins spaces with the CRLF flag.
* common/t-helpfile.c (main): Require domain name and add two options.
* tools/gpgtar-extract.c (gpgtar_extract): Do final process_release.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
Fixes-commit: 29bc14f56f6430294f225b6744012ab1f5df62e6
Running "make -C tests/openpgp check verbose=3" failed with
Creating configuration files
Executing: '/home/wk/b/gnupg/tools/gpgtar' '--extract' \
'--directory=.' \
'/tmp/gpgscm-20250530T121329-run-tests-vGAT4R/environment-cache'
make: *** [Makefile:998: xcheck] Terminated
for unknown reasons. Not calling the gpgrt_process_release fixes this
regression. The real cause needs to be investigated.
* scd/app-piv.c (PIV_ALGORITHM_RSA): Rename to PIV_ALGORITHM_RSA_2048.
(PIV_ALGORITHM_RSA_3072): New.
(get_key_algorithm_by_dobj): Decide whether to use 3072 or 2048.
(do_sign): Support rsa3072.
(do_decipher): Ditto.
(do_genkey): Ditto.
--
Take care: Due to a lack of a PIV token capable of 3072, this has
not been tested at all.
--
Using the given command line for installation is almost always good,
so don't confuse the user with the first sentence. Also explain how
to disable systemd for keyboxd and dirmngr.
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.
--
GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
* g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for
PUBKEY_ALGO_ECDH.
* g10/pubkey-enc.c (ecdh_sexp_build): New.
(get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use
pk_ecdh_decrypt since it's done by agent.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
A common problem with a self-build gnupg is that systemd starts
another version of a daemon while the self-build gnupg has a different
idea on the provided features of those daemons.
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
--
The commit was entirely bogus because the check_nonce function closes
the socket itself if it returns with true. Thus closing the socket by
the caller in the true case was bogus.
The more likely cause for the hangs on Windows are in scdaemon:
* scd: Fix posssible lockup on Windows due to a lost select
result. [rGa7ec3792c5]
GnuPG-bug-id: 7434
Fixes-commit: 73f6c2dd4d3e5b58faf69821726988ae984fad89.
* common/openpgp-oid.c (oidtable): Fill the information for KEM
API for NIST curves.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (agent_key_from_file): Take care of the case
where GRIP==CTRL->keygrip1.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use NULL for the
GRIP, it's for crypto operation where prompt is expected.
--
GnuPG-bug-id: 7648
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (list_keyblock_simple): Take care of
show-unusable-uids.
--
This allows to upload revoked keys to a WKD.
Suggested-by: Uwe Kleine-König
* sm/certchain.c (gpgsm_walk_cert_chain): Handle an empty subject.
--
During import a certificate was imported but gpgsm used log_error when
trying to figure out whether this is a root cert. This patch changes
this to just print a note.
GnuPG-bug-id: 7171
