1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

5486 Commits

Author SHA1 Message Date
NIIBE Yutaka
a20b4c9543 po: Update Japanese Translation.
--
2014-11-18 12:01:22 +09:00
Werner Koch
32e85668b8 gpg: Fix a NULL-deref for invalid input data.
* g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
entry.
--

GnuPG-bug-id: 1761
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-17 13:08:23 +01:00
Werner Koch
165bc397be speedo: Install -dev files for the libraries.
--
2014-11-13 19:23:17 +01:00
Werner Koch
9d897f8178 po: Auto-update.
--
2014-11-13 17:51:09 +01:00
Werner Koch
69384568f6 gpg: Make the use of "--verify FILE" for detached sigs harder.
* g10/openfile.c (open_sigfile): Factor some code out to ...
(get_matching_datafile): new function.
* g10/plaintext.c (hash_datafiles): Do not try to find matching file
in batch mode.
* g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
matching data file is not used by a standard signatures.
--

Allowing to use the abbreviated form for detached signatures is a long
standing bug which has only been noticed by the public with the
release of 2.1.0.  :-(

What we do is to remove the ability to check detached signature in
--batch using the one file abbreviated mode.  This should exhibit
problems in scripts which use this insecure practice.  We also print a
warning if a matching data file exists but was not considered because
the detached signature was actually a standard signature:

  gpgv: Good signature from "Werner Koch (dist sig)"
  gpgv: WARNING: not a detached signature; \
  file 'gnupg-2.1.0.tar.bz2' was NOT verified!

We can only print a warning because it is possible that a standard
signature is indeed to be verified but by coincidence a file with a
matching name is stored alongside the standard signature.

Reported-by: Simon Nicolussi (to gnupg-users on Nov 7)
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:39:31 +01:00
Werner Koch
22748338da gpg: Fix a missing LF in debug output.
* g10/kbnode.c (dump_kbnode): Print a LF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 17:01:17 +01:00
Werner Koch
63c6514415 gpg: Re-indent two files.
--
2014-11-13 15:21:10 +01:00
Werner Koch
e30cb8f617 gpg: Remove PGP-2 related cruft.
* g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
header.
(fake_packet): Remove pgp-2 workaround for white space stripping.
* g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
* g10/options.h (opt): Remove field pgp2_workarounds.
* g10/gpg.c (main): Do not set this field.
* g10/gpgv.c (main): Ditto.
* g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
  algo.  Using MD5 here is useless.
(proc_plaintext): Remove PGP-2 related woraround
(proc_tree): Remove another workaround but keep the one for PGP-5.
--

The removed code was either not anymore used or its use would have
caused an error message later anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-13 12:01:42 +01:00
Werner Koch
81e177be10 gpg: Improve perceived speed of secret key listings.
* g10/keylist.c (list_keyblock): Flush stdout for secret keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:41:20 +01:00
Werner Koch
eecbed004c gpg: Fix regression in --refresh-keys
* g10/keyserver.c (keyserver_get): Factor all code out to ...
(keyserver_get_chunk): new.  Extimate line length.
(keyserver_get): Split up requests into chunks.
--

Note that refreshing all keys still requires way to much memory
because we build an in-memory list of all keys first.  It is required
to first get a list of all keys to avoid conflicts while updating the
key store in the process of receiving keys.  A better strategy would
be a background process and tracking the last update in the key store.

GnuPG-bug-id: 1755
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-12 12:14:32 +01:00
Werner Koch
ffc2307843 gpg: Add import options "keep-ownertrust".
* g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
* g10/import.c (parse_import_options): Add "keep-ownertrust".
(import_one): Act upon new option.
--

This option is in particular useful to convert from a pubring.gpg to
the new pubring.kbx in GnuPG 2.1 or vice versa:

gpg1 --export | gpg2 --import-options keep-ownertrust --import
2014-11-12 09:56:40 +01:00
Werner Koch
b8cdfac353 Remove use of gnulib (part 2)
* configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
(gl_EARLY): Remove.
* common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
* common/sysutils.c (gnupg_mkdtemp): New.  Based on code from
glibc-2.6.
(gnupg_setenv): Rewrite.
(gnupg_unsetenv): Rewrite.
* g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
* g13/be-encfs.c: Ditto.
* g13/mount.c: Ditto.
* tools/symcryptrun.c (confucius_mktmpdir): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 15:14:31 +01:00
Werner Koch
1adf719b2d Remove use of gnulib (part 1)
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.

* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"

* common/t-timestuff.c: Use putenv if setenv is not available.
--

gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X.  This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.

In part two we will address the functions

 mkdtemp
 setenv
 unsetenv
 strpbrk

which may bot be implemented on all platforms.  They are not required
on a libc based system.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-11 10:13:10 +01:00
Werner Koch
7362c8c6e6 gpg: Remove warning message for non-implemented search modes.
* kbx/keybox-search.c (keybox_search): Silently ignore.
* doc/specify-user-id.texi: Docuement '@", '+', and '.' search
prefixes.
2014-11-07 18:42:37 +01:00
Werner Koch
f0f5cb6b3e w32: Fix http access module.
* common/http.c (write_server) [W32]: Rework to use send() instead of
write even when build with npth.
(cookie_read) [W32]: Rework to use recv() instead of read even when
build with npth.
2014-11-07 18:21:50 +01:00
Werner Koch
c7c79e3193 build: Add method to use a custom swdb.lst and use adns with Windows.
* build-aux/getswdb.sh: Add option --skip-verify.
* build-aux/speedo.mk: Add config var CUSTOM_SWDB.  Tage adns version
from swdb and build for Windows with adns.
2014-11-07 18:20:06 +01:00
Werner Koch
f7e1be24c8 build: Improve test for ADNS
* configure.ac <adns>: Use adns_free as probe function for libadns.
(HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
(ADNSLIBS): Do not ac_subst - it is only used within configure.
--

adns_free is required on Windows anyway (for robustness reasons) and
it has been around for so long now that we do not need a separate
test.  An upstream adns 1.5 has meanwhile been release but I doubt that
this has the required Windows code - and it is not libtool based
anyway.
2014-11-07 18:17:52 +01:00
Werner Koch
e0db5af7ed doc: Add announce text for 2.1
--
2014-11-06 10:03:39 +01:00
Werner Koch
8ec0b384a8 speedo: Append the date to the Windows installer.
* build-aux/speedo.mk (BUILD_DATESTR): New.
(dist-source, installer): Use it.
2014-11-05 21:40:52 +01:00
Werner Koch
d280a52757 Post release updates.
--
2014-11-05 16:46:52 +01:00
Werner Koch
e22b459b91 Release 2.1.0 gnupg-2.1.0 2014-11-05 15:29:58 +01:00
Werner Koch
2402887584 speedo: Do not not assume GNU tar.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 15:29:41 +01:00
Werner Koch
6b54759976 build: Update README.maint.
--
Also fixed some typos.
2014-11-05 08:55:17 +01:00
Werner Koch
b453226f56 po: Auto update.
--

Due to removed strings.
2014-11-05 08:27:47 +01:00
Werner Koch
91b826a388 Avoid sign extension when shifting the MSB.
* sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
shifting.
* g10/build-packet.c (delete_sig_subpkt): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 08:23:15 +01:00
Werner Koch
46fa1e0fe9 Remove all expired common CA certificates.
* doc/com-certs.pem: Remove certifciates.
--

They might be useful for the chain validation mode but I doubt that it
is used often enough to justify having all these expired certificates
in the store.
2014-11-04 21:47:03 +01:00
Werner Koch
e568b488e7 Typo fixes.
--
2014-11-04 21:29:58 +01:00
Werner Koch
47fedda47a doc: Added What's new in 2.1 article.
--
2014-11-04 21:29:45 +01:00
Werner Koch
b3ebecfc7c Add open card manufacturer 0x0008.
--
2014-11-04 16:32:30 +01:00
Werner Koch
5e8c5727ab Remove note about estream from AUTHORS.
--

estream has been moved to libgpg-error.
2014-11-04 16:31:44 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
David Prévot
43595e8d4f po: Update French translation
--
Proofread-By: Frédéric Marchal <fmarchal@perso.be>
Proofread-By: appzer0 <appzer0@free.fr>
Proofread-By: Jean-Philippe Guérard
              <jean-philippe.guerard@tigreraye.org>
2014-11-03 11:24:31 +01:00
Werner Koch
f8c993fbe2 gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
* agent/command.c (cmd_export_key): Actually implement the cache_nonce
feature.
* g10/export.c (do_export_stream): Make use of a cache_nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 17:51:30 +01:00
Werner Koch
d95f05c314 gpg: Fix endless loop in keylisting with fingerprint.
* g10/getkey.c (getkey_next): Disable cache.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:36:40 +01:00
Werner Koch
440e8f5170 gpg: Minor cleanup for key listing related code.
* g10/getkey.c (get_pubkey_next): Divert to getkey_next.
(get_pubkey_end): Move code to getkey_end.
* g10/keydb.c (keydb_search_reset): Add a debug statement.
(dump_search_desc): Add arg HD and print the handle.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:31:30 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
794a687be0 speedo: Use --disable-ntbtls for gnupg for now.
--
2014-10-31 21:33:18 +01:00
Werner Koch
f4df71aa2d gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
* g10/gpg.c (main): Remove check.
--

We require 1.6.0 anyway.
2014-10-31 14:47:02 +01:00
Werner Koch
f74ca872df Add more signing keys.
--
The keys which may be used to sign GnuPG packages are:

  rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) <dshaw@jabberwocky.com>

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

These keys are all created and used on tokens.  7EFD60D9 is currently
not used but ready to replace 4F25E3B6 in case the former token break.
2014-10-31 14:21:34 +01:00
Werner Koch
935edf88ab kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--

Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
433208a553 gpg: Fix testing for secret key availability.
* g10/getkey.c (have_secret_key_with_kid): Do not change the search
mode.
--

The search mode was accidentally changed to search-next after finding
the first keyblock.  The intention was to look for a duplicate keyid
in the keydb which works by not doing a keydb_search_reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 09:22:47 +01:00
Werner Koch
cb46e32628 gpg: Remove commented code.
--
2014-10-31 09:14:03 +01:00
Werner Koch
b47fe2b14e build: Avoid distributing backup files etc.
* Makefile.am (EXTRA_DIST): Do not include directories.
--

The make dist rules uses "cp -R" for each listed file.  Thus all cruft
from a directory is also put into the tarball.  Obviously we do not
want this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 08:04:38 +01:00
Werner Koch
9546aa3cc8 tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-30 09:55:51 +01:00
Werner Koch
982a6e6e55 po: Add a new German translation
--
Also fixed a typo in the docs.
2014-10-29 17:10:03 +01:00
Werner Koch
0d73a242cb common: Check option arguments for a valid range.
* common/argparse.h (ARGPARSE_INVALID_ARG): New.
* common/argparse.c: Include limits h and errno.h.
(initialize): Add error strings for new error constant.
(set_opt_arg): Add range checking.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-29 17:07:51 +01:00
Werner Koch
f5592fcff3 Fix stdint.h problem for Apple.
* gl/stdint_.h [__APPLE__]: Include hack.
--

Patch suggested by Patrick Brunschwig.
2014-10-29 15:41:28 +01:00
Werner Koch
158fe90018 speedo: Fixes for native build.
* build-aux/speedo.mk (TARGETOS): Init with empty string.
(speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
(INST_VERSION, INST_PROD_VERSION): Create only for w32.
2014-10-27 18:02:46 +01:00