* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
* tools/rfc822parse.c (struct rfc822parse_context): Add field
this_part.
(release_handle_data): Clear this_part.
(rfc822parse_open): Set this_part.
(set_current_part_to_parent): Ditto.
(insert_header): Ditto.
(rfc822parse_enum_header_lines): Replace current_part by this_part.
(find_header): Ditto.
* tools/rfc822parse.c (my_strcasecmp): Remove.
(same_header_name): New.
(rfc822_capitalize_header_name): Use new function instead.
--
With this change the header function can now be sued after the
transition to the body. Thus up until thenext MIME block is reached
the headers of the former MIME block are returned.
This also fixes a problem with the "MIME-Version" header name
capitalization.
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--
GnuPG-bug-id: 6815
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
does not end with .p12 or .pfx.
--
Since using encrypted PKCS#12 containers with askpass
is unpractical when signing many files. This adds support
to use an PKCS#8 key for codesigning.
* tools/gpg-authcode-sign.sh (cleanup): New.
--
When using osslsigncode it does not delete the
output file on error. Errors or cancels there
can happen easily with either timestamp problems
or a wrong password.
Additionally, if an output file exists, osslsigncode
does not write a good error message but shows
some exception.
* build-aux/speedo.mk (AUTHENTICODE_FILES): Sign ntbtls files.
(speedo_pkg_ntbtls_configure): Remove duplicated
32 bit entry.
* build-aux/speedo/w32/inst.nsi,
build-aux/speedo/w32/wixlib.wxs: Package ntblts dll.
--
This changes ntbtls to be built with default options both
on 64 bit and on 32 bit. Previously on 32 bit Windows it
would have been linked statically. But since the file lists
are hardcoded this should be independent of the architecture.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used. Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--
This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
"oops: public key not found for preference check\n"
due to ADSK keys. The error is mostly harmless but lets gpg return
with an exit code of 2.
* g10/options.h (DBG_KEYDB_VALUE): New.
* g10/gpg.c (debug_flags): Add it.
* g10/keydb.c: Replace all DBG_LOOKUP by DBG_KEYDB.
* g10/keyring.c: Ditto.
* g10/call-keyboxd.c: Ditto.
--
Using "lookup" also for key search debugging was not a good idea.
This uses a separate flag for the latter.
* build-aux/speedo.mk (AUTHENTICODE_sign): Do version check
in subshell to get the return code.
--
Otherwise this will fail not with the intended error message
but with "no such file or directory."
--
Here is the Git patch of the updated GnuPG pt.po translation.
From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.
Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro. Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff. Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO. Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags. More debug output. Handle cramming
here. Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates. Adjust for
changes in _tlv_parser_next. Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.
* sm/minip12.c (dump_to_file): New. Enablein debug mode and if a
envvar ist set. Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--
GnuPG-bug-id: 7213
Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.
* sm/t-minip12.c (cram_file): New.
(main): Add option --cram.
--
This is sometimes useful to convert constructed octet strings into
primitive octet strings.
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--
Example:
$ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
D Magrathea
OK
* scd/command.c (cmd_getinfo): Add subcommand. Always init CTRL for
simplicity.
--
A state dump looks like
app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
app_dump_state: app=0x00007f1b38018100 type='openpgp'
app_dump_state: app=0x00007f1b3800cb70 type='piv'
app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
app_dump_state: app=0x00007f1b38016fc0 type='openpgp'
and can also be triggered by a SIGUSR1. This explicit command allows
to dump the state also on Windows. Use for example
gpg-connect-agent 'scd getinfo dump_state' /bye
--
Fixes-commit: 7a9214b0d41ecf1aacada79a850da05d558320ff.
Using a remote repo is dangerous; for a local repo it can be expected
that it has been properly pulled and checked.
* agent/command-ssh.c (ssh_send_available_keys): Close file and
directory on error paths.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* tools/gpg-auth.c (ssh_authorized_keys): Free list on error.
* tools/gpgtar-extract.c (gpgtar_extract): Free memory on error.
--
GnuPG-bug-id: 7201
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* build-aux/speedo/w32/inst.nsi (InstallDir): Move to the
MUI definitions for clarity.
(MULTIUSER_INSTALLMODE_INSTDIR): Use pretty name.
(-gnupginst): Handle regviews and upgrades
--
As MultiUser.nsh sets the INSTDIR variable we have
to define MULTIUSER_USE_PROGRAMFILES64.
The resulting installer created by makensis itself
is still a 32bit binary we have to use SetRegView to
use the correct registry hive for 64 bit software.
To better handle the path switch from ProgramFiles (x86)
to ProgramFiles on update we now call the uninstaller
of the previous version before installing the new
version. This additionally ensures that there
are no leftover files and a dirty install directory
after some upgrades.
* build-aux/speedo.mk (SETVARS): Set --libdir when cross
compiling.
--
This ensures that the libdir is reliably named "lib" instead
of lib64 for 64 bit builds on systems which have this as
the default. This fixes among other things that PKG_CONFIG_PATH
is then set correctly.
* build-aux/speedo.mk (VERBOSE): New variable.
--
While the configuration output stays silent by default
having the option to show it can be useful in case of
errors.