1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10684 Commits

Author SHA1 Message Date
NIIBE Yutaka
a269a27c4c
common: Fix gnupg_exec_tool_stream for INEXTRA==NULL.
* common/exectool.c (gnupg_exec_tool_stream): Initialize extrapipe.

--

Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-25 11:17:51 +09:00
Ingo Klöcker
79298e87d8 gpg: Fix --quick-set-expire for V5 subkey fingerprints
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
2024-09-24 23:05:13 +02:00
Werner Koch
11387b24a5
common: Add debug code to gnupg_exec_tool_stream
* common/exectool.c (gnupg_exec_tool_stream): Add diagnostic.
--

This should help if something is broken with poll.
2024-09-24 15:26:58 +02:00
Werner Koch
6ed2857d54
w32: Fix last commit to build on Windows.
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--

Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
2024-09-20 14:07:04 +02:00
NIIBE Yutaka
0a94582af5
scd: Fix DEVINFO, allowing no clients which watch the change.
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-20 10:39:35 +09:00
Werner Koch
8c0ac05f06
speedo: Make use of wget more robust
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
2024-09-19 16:33:27 +02:00
Daniel Cerqueira
e7ff519116
po: Update Portuguese Translation.
--

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
2024-09-19 14:53:39 +02:00
Werner Koch
2770efa75b
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 50e81ad38d2b5a5028fa6815da358c0496aa927e
GnuPG-bug-id: 7042
2024-09-19 10:06:55 +02:00
Werner Koch
6432d17385
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
2024-09-19 10:03:37 +02:00
NIIBE Yutaka
b804378f18
kbx: Fix a race condition on DATABASE_HD.
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.

--

GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:44:56 +09:00
NIIBE Yutaka
fc30f70596
scd: Fix DEVINFO to allow multiple clients.
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-18 13:44:53 +09:00
NIIBE Yutaka
b08d990607
tests:gpgscm: Raise an error correctly for process spawning.
* tests/gpgscm/ffi.c (do_process_spawn_io): Handle ERR.
(do_process_spawn_fd): Likewise.

--

Reported-by: Marcel Telka <marcel@telka.sk>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-13 11:01:31 +09:00
Werner Koch
ff63ffa606
Post release updates
--
2024-09-12 12:08:19 +02:00
Werner Koch
72ef316aab
Release 2.5.1 gnupg-2.5.1 2024-09-12 11:26:44 +02:00
Werner Koch
e5e3e225fe
tools: Fix recent regressions in gpg-authcode-sign.sh
* tools/gpg-authcode-sign.sh (cleanup): Fix syntax error.
(trap): Remove bashism.
2024-09-11 16:46:22 +02:00
Werner Koch
6f2180e912
build: Fix make distclean for gnupg.7.html
--
2024-09-11 14:51:35 +02:00
Werner Koch
c6f195821c
po: msgmerge
--
2024-09-11 14:30:40 +02:00
Werner Koch
ea178ca074
po: Update the German translation
--
2024-09-11 14:30:40 +02:00
Werner Koch
33e571a74a
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-11 14:30:40 +02:00
Werner Koch
2125f228d3
build: Remove configure option --enable-gpg-is-gpg2
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--

This option and all its build stuff does not make anymore sense.  gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg.  It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
2024-09-11 14:30:40 +02:00
Werner Koch
51bccae168
build: Also cleanup generated html file in a make distcheck
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
2024-09-11 14:30:40 +02:00
Werner Koch
138e018592
tests: Updated PQC test data to the final Kyber algo id.
--

We actually reuse the private keys here by having deleted the subkey
and crated a new one using the option "From existing key".  Of course
the encrypted data changed while the plaintext stayed the same.
2024-09-11 14:30:39 +02:00
Werner Koch
6b7868fc0e
doc: Updated comments in speedo.mk
--
2024-09-11 14:30:39 +02:00
NIIBE Yutaka
7e321c2c2a
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-11 13:51:16 +09:00
Werner Koch
d528d0b065
gpg: New commands --add-recipients and --change-recipients.
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'.  Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context.  Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL.  Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers.  Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'.  Adjust callers.  Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--

This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).

GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
2024-09-09 16:47:04 +02:00
Werner Koch
2cc340eca0
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 695cb04af5218cd7b42c7eaaefc186472b99a995
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-06 16:09:49 +02:00
Werner Koch
9a741aba3d
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
2024-09-06 16:09:49 +02:00
Werner Koch
1eaf1e236e
gpg: Simplify the pubkey_enc_list object
* g10/packet.h (struct pubkey_enc_list): Replace most by a
PKT_pubkey_enc member.
* g10/free-packet.c (free_pubkey_enc): Factor most stuff out to ...
(release_pubkey_enc_parts): new.
(copy_pubkey_enc_parts): New.
* g10/mainproc.c (release_list): Adjust for above change.
(proc_pubkey_enc): Ditto.
(print_pkenc_list): Ditto.
(proc_encrypted): Ditto.
2024-09-06 16:09:49 +02:00
Werner Koch
1e25157266
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-06 16:09:49 +02:00
NIIBE Yutaka
412e183e55
scd:w32: Fix for setting an environment block with GNUPGHOME.
* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-06 10:46:36 +09:00
NIIBE Yutaka
c9677e9501
scd:w32: Export GNUPGHOME for scd-event.
* scd/app.c (report_change): Set up GNUPGHOME.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-05 13:37:21 +09:00
Werner Koch
aac5a8f008
gpgconf: Add missing linefeed to the -X output.
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
2024-09-03 11:17:26 +02:00
NIIBE Yutaka
4a4c1efac5
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 14:06:48 +09:00
Werner Koch
05be36720d
tests: Add two plaintext test mails
--
2024-08-29 19:31:08 +02:00
Werner Koch
4511997e9e
gpg-mail-tube: New feature --as-attach.
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
2024-08-29 17:46:39 +02:00
Werner Koch
ac30449867
tools: Improve rfc822parse to allow access to headers for longer.
* tools/rfc822parse.c (struct rfc822parse_context): Add field
this_part.
(release_handle_data): Clear this_part.
(rfc822parse_open): Set this_part.
(set_current_part_to_parent): Ditto.
(insert_header): Ditto.
(rfc822parse_enum_header_lines): Replace current_part by this_part.
(find_header): Ditto.

* tools/rfc822parse.c (my_strcasecmp): Remove.
(same_header_name): New.
(rfc822_capitalize_header_name): Use new function instead.
--

With this change the header function can now be sued after the
transition to the body.  Thus up until thenext MIME block is reached
the headers of the former MIME block are returned.

This also fixes a problem with the "MIME-Version" header name
capitalization.
2024-08-29 17:42:19 +02:00
Werner Koch
80bd49224e
doc: Minor fix for the description of gpg's --default-*-expire
--
2024-08-29 15:06:05 +02:00
Werner Koch
8896bbd0f9
gpg: Switch Kyber to the final algo id and add it to the menu.
* common/openpgpdefs.h (pubkey_algo_t): Switch algo id for Kyber to 8.
* g10/keygen.c (do_generate_keypair): Remove the experimental algo
note ...
(write_keybinding): and the experimental notation data.
(ask_algo): Add a mode 16 for a Kyber subkey.
(generate_subkeypair): Set parameters for mode 16.
--

GnuPG-bug-id: 6815
2024-08-27 10:44:17 +02:00
Werner Koch
1eb382fb1f
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
2024-08-23 11:28:30 +02:00
Werner Koch
3171ca9b94
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:19:55 +02:00
Werner Koch
41b06b5579
common: Do not call the agent with the obsolete --use-standard-socket.
* common/asshelp.c (start_new_service): Drop that option.
--

This avoids a useless warnings.
2024-08-22 18:30:51 +02:00
Werner Koch
60c541f588
doc: Remove included yat2m and build HTML versions of the man pages.
* configure.ac (YAT2M): Use standard detection.
* doc/Makefile.am (EXTRA_DIST): Remove yat2m.c.
(CLEANFILES): Ditto.
(yat2m): Remove targets.
(yat2m-stamp): Also build html versions.
2024-08-19 14:00:26 +02:00
Werner Koch
8bef1e2821
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:31:44 +02:00
Werner Koch
1766efbe5e
doc: Add another example for gpg-mail-tube
--
2024-08-16 14:14:20 +02:00
Werner Koch
2f46029bec
tools: Fix bashishm
--

Fixes-commit: 536fc8d33db571108459493d1881cdfc8371d3cc
2024-08-16 11:12:44 +02:00
Andre Heinecke
3d015d106f
build-aux: Add PKCS#8 authenticode key support
* tools/gpg-authcode-sign.sh: Assume PKCS#8 if the key file
does not end with .p12 or .pfx.

--
Since using encrypted PKCS#12 containers with askpass
is unpractical when signing many files. This adds support
to use an PKCS#8 key for codesigning.
2024-08-15 22:45:06 +02:00
Andre Heinecke
536fc8d33d
build-aux: Add cleanup to gpg-authcode-sign.sh
* tools/gpg-authcode-sign.sh (cleanup): New.

--
When using osslsigncode it does not delete the
output file on error. Errors or cancels there
can happen easily with either timestamp problems
or a wrong password.
Additionally, if an output file exists, osslsigncode
does not write a good error message but shows
some exception.
2024-08-15 22:44:56 +02:00
Andre Heinecke
d80345244c
speedo,w32: Install ntbtls as a library
* build-aux/speedo.mk (AUTHENTICODE_FILES): Sign ntbtls files.
(speedo_pkg_ntbtls_configure): Remove duplicated
32 bit entry.
* build-aux/speedo/w32/inst.nsi,
build-aux/speedo/w32/wixlib.wxs: Package ntblts dll.

--
This changes ntbtls to be built with default options both
on 64 bit and on 32 bit. Previously on 32 bit Windows it
would have been linked statically. But since the file lists
are hardcoded this should be independent of the architecture.
2024-08-13 10:08:52 +02:00
Werner Koch
882ab7fef9
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.
2024-08-12 14:50:08 +02:00
Werner Koch
1d18c143f4
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-09 10:08:50 +02:00