1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9728 Commits

Author SHA1 Message Date
NIIBE Yutaka
a9754879d1 tests: Use module_tests for testing agent/.
* agent/Makefile.am (module_test): New.
* agent/all-tests.scm: Use module_tests instead of TESTS.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:13:54 +09:00
NIIBE Yutaka
adf24ce618 tests: Skip testsing g13 when it's not enabled.
* g13/all-tests.scm: Skip the test by examining $objdir/Makefile.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 11:12:57 +09:00
NIIBE Yutaka
16720e1f54 tests: Fix check-all for tests/openpgp.
* tests/openpgp/Makefile.am: Revert the change by DISABLE_REGEXP.
* tests/openpgp/all-tests.scm: Likewise.

--

Fixes-commit: ba247a114c75a84473c11c1484013b09fbb9bcd1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-26 10:53:30 +09:00
Werner Koch
73ef575fe1
Post release updates
--
2022-04-25 16:37:47 +02:00
Werner Koch
3a8164e69c
Release 2.3.6 gnupg-2.3.6 2022-04-25 15:48:13 +02:00
Werner Koch
638354b117
po: Auto update
--
2022-04-25 15:47:37 +02:00
Werner Koch
d0a0c3f479
po: Fixed two fuzzies in the Japanese translation
--
2022-04-25 15:45:51 +02:00
Werner Koch
12b3666ebd
po: Update German translation
--
2022-04-25 15:42:31 +02:00
Werner Koch
f6caf5b173
gpg: Avoid NULL ptr access due to corrupted packets.
* g10/parse-packet.c (parse_signature): Do not create an opaque MPI
with NULL and length > 0
(parse_key): Ditto.
--

GnuPG-bug-id: 5940, 5946
2022-04-25 15:21:05 +02:00
Todd Zullinger
beb79f2705
sm: Use gpg_err_code() instead of -1
* sm/verify.c (gpgsm_verify): use gpg_err_code instead of 'rc == -1'
comparison.
--

In ed6ebb696e (sm: Implement initial support for keyboxd., 2020-09-10),
the return of keydb_search() was changed to use gpg_err_code().  Adjust
gpgsm_verify() to use it.  This provides a nicer error message to users
when a certificate is not found -- the same error that is seen from 2.2.

Prior to this change, when a cert was not found, gpgsm output:

    gpgsm: failed to find the certificate: Not found

as opposed to the more human-readable message from 2.2:

    gpgsm: certificate not found

They now return the same message.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2022-04-25 12:09:50 +02:00
Werner Koch
ca5d5142c6
Deprecate the --supervised options.
* agent/gpg-agent.c (main): Mark --supervised as deprecated.
* dirmngr/dirmngr.c (main): Ditto.
--

The supervised thing causes more trouble than it pretends to solve.
2022-04-25 12:03:45 +02:00
Werner Koch
0f8623d518
gpg: Emit an ERROR status as hint for a bad passphrase.
* g10/mainproc.c (proc_symkey_enc): Issue new error code.
(proc_encrypted): Ditto.
--

This allows GPGME to return a better error message than "bad session
key" to the user.  Technically we could get run into these errors also
in other cases but this more unlikley.  For the command line use we
don't do anything to not change the expected output of the command
line interface.

GnuPG-bug-id: 5943
2022-04-25 11:24:14 +02:00
NIIBE Yutaka
2fc91e15c6 common:iobuf: Exclude cases with IOBUF_INPUT_TEMP/IOBUF_OUTPUT_TEMP.
* common/iobuf.c (iobuf_read): Handle a case with IOBUF_INPUT_TEMP.
(iobuf_write): Handle a case with IOBUF_OUTPUT_TEMP.

--

GnuPG-bug-id: 5941
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 17:37:32 +09:00
NIIBE Yutaka
2848fe4c84 scd: Fix hard-coded constant for RSA auth.
* scd/app-openpgp.c (do_auth): Allow larger data for RSA-4096.

--

OpenPGPcard specification says that it will be rejected by the card
when it's larger.  We have been the check on host side too, but it was
written when it only had a support for RSA-2048.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-25 11:14:10 +09:00
Ingo Klöcker
8b3a24e517 gpg: Fix line end in error message
* g10/keyedit.c (menu_adduid): Move linefeed character to the format
string.
--

This fixes a literal '\n' in the error message and a missing line feed
after the error message.
2022-04-22 10:10:36 +02:00
NIIBE Yutaka
e529c54fe3 agent: Not writing password into file.
* agent/genkey.c (do_check_passphrase_pattern): Use stream to invoke
pattern check program.

--

GnuPG-bug-id: 5917
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 13:33:45 +09:00
NIIBE Yutaka
e8fb8e2b3e scd: Don't inhibit SSH authentication for larger data if it can.
* scd/app-openpgp.c (do_auth): Use command chaining if available.

--

GnuPG-bug-id: 5935
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-22 11:50:19 +09:00
Werner Koch
60fc743da4
Post release updates
--
2022-04-21 17:53:37 +02:00
Werner Koch
a4b25bcfe1
Release 2.3.5 gnupg-2.3.5 2022-04-21 16:48:34 +02:00
Werner Koch
b400ad2675
po: Auto update
--
2022-04-21 14:20:10 +02:00
Werner Koch
aec972732e
speedo: Fix authenticode signing
--
2022-04-21 14:18:27 +02:00
Werner Koch
9b297a9d44
dirmngr: Fix Makefile
--
Fixes-commit: 89dc9f1e6916ebd123852534b8cada2fc3555688
2022-04-21 14:18:14 +02:00
NIIBE Yutaka
3560cd0d9d po: Update Simplified Chinese Translation.
--

Reviewed-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: bobwxc <bobwxc@yeah.net>
2022-04-21 13:35:05 +09:00
Werner Koch
ac08517723
po: Update German translation
--
2022-04-20 18:48:42 +02:00
Werner Koch
89dc9f1e69
dirmngr: Changes to the linking order.
* dirmngr/Makefile.am: Tweak library order.
--
(cherry picked from commit 3c79ff34c417bfc392008eca1970b86bec54d6c3)
2022-04-20 18:48:35 +02:00
Werner Koch
3b48465ef9
build: Fix makedist target in m4.
--
2022-04-20 15:48:37 +02:00
Werner Koch
22fef189b1
w32: Do no use Registry item DefaultLogFile for the main tools.
* g10/gpg.c (main): Set LOG_NO_REGISTRY.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
(show_other_registry_entries): Print "DefaultLogFile".
--

The intention of this mostly forgotten registry entry was to allow for
easy debugging of the tools.  However, with the global config file
common.conf things are anyway better.  We disable the use for the
commonly used tools so that it does not look like calling gpg on the
command line seems to block with no output if the log
server (e.g. tcp://1.2.3.4:11111) is not reachable.
2022-04-20 09:30:56 +02:00
Werner Koch
41fb46007e
gpg: Replace an assert by a log_fatal.
* g10/build-packet.c (do_signature): Use log_fatal.
--
GnuPG-bug-id: 5809
2022-04-14 13:56:10 +02:00
Werner Koch
46d62d80a2
ssh: Returned faked response for the new session-bind extension.
* agent/command-ssh.c (SSH_OPT_CONSTRAIN_MAXSIGN): New.
(SSH_OPT_CONSTRAIN_EXTENSION): New.
(ssh_handler_add_identity): Ignore them.
(ssh_handler_extension): Take success for session-bind.
--

OpenSSH 8.9 does not gracefully allow communication with older agent
implementations.  Until this new OpenSSH feature has been settled we
return a faked response.

Code has not yet been tested.

GnuPG-bug-id: 5931
2022-04-14 12:30:55 +02:00
Werner Koch
dd727ec968
scd: Renamed a constant in ccid-driver.c
* scd/ccid-driver.c (MAX_DEVICE): Rename to CCID_MAX_DEVICE.
--

Just for documentation reasons.
2022-04-14 10:26:40 +02:00
Werner Koch
6294ae282d
scd: Minor code reorganization
* scd/ccid-driver.c: Move struct defines to the top.
--
2022-04-14 10:15:23 +02:00
Werner Koch
8ac92f0e80
scd: Fix memory leak in ccid-driver.
* scd/ccid-driver.c (ccid_dev_scan): Use loop var and not the count.
--

Due to an assignment out of bounds this might lead to a crash if there
are more than 15 readers.  In any case it fixes a memory leak.
Kudos to the friendly auditor who found that bug.

Fixes-commit: 8a41e73c31adb86d4a7dca4da695e5ad1347811f
2022-04-14 10:15:23 +02:00
Werner Koch
61038be813
tests: Fix warning in common/t-ssh-utils.c
* common/t-ssh-utils.c (main): Remove continue.
--
Obvious c+p bug.

Fixes-commit: 5e508ffcab185eb8149e2fb2833ce15820140368
2022-04-14 10:14:51 +02:00
Jakub Jelen
c4436ebfa5 agent: Ignore MD5 Fingerprints for ssh keys
--
* agent/command-ssh.c (add_control_entry): Ignore failure of the MD5
  digest

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:47:04 +09:00
NIIBE Yutaka
5e508ffcab tests: Fix common/t-ssh-utils.
* common/t-ssh-utils.c (main): Accept an error with MD5 in_fips_mode.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-14 11:46:58 +09:00
Jakub Jelen
1f0651dbfb tests: Honor FIPS mode
* common/t-ssh-utils.c (FLAGS_NOFIPS): New.
  (sample_keys): Add flags member.
  (main): Detect if libgcrypt is in FIPS mode, try SHA256 fingerprints
  first and expect the MD5 ones will fail.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2022-04-14 11:46:55 +09:00
Werner Koch
618aa8689a
scd:p15: Improve the PIN prompt for Genua cards.
* scd/app-p15.c (CARD_PRODUCT_GENUA): New.
(cardproduct2str): Add it.
(read_p15_info): Detect and set GENUA
(make_pin_prompt): Take holder string from the AODF.
2022-04-13 13:06:27 +02:00
Werner Koch
137e59a6a5
sm: Print diagnostic about CRL problems due to Tor mode.
* dirmngr/crlfetch.c (crl_fetch, crl_fetch_default)
(ca_cert_fetch, start_cert_fetch): Factor Tor error out to ...
(no_crl_due_to_tor): new.  Print status note.

* dirmngr/ks-engine-ldap.c (ks_ldap_get)
(ks_ldap_search, ks_ldap_put): Factor Tor error out to ...
(no_ldap_due_to_tor): new.  Print status note.

* dirmngr/ocsp.c (do_ocsp_request): Print status note.
* sm/misc.c (gpgsm_print_further_info): New.
* sm/call-dirmngr.c (warning_and_note_printer): New.
(isvalid_status_cb): Call it.
(lookup_status_cb): Ditto.
(run_command_status_cb): Ditto.

* common/asshelp2.c (vprint_assuan_status): Strip a possible trailing
LF.

--
2022-04-11 17:57:14 +02:00
Werner Koch
0dcc249852
scd: Support for GeNUA cards.
* scd/app-p15.c (read_p15_info): Disable extended mode for Genua
cards.
2022-04-11 17:48:45 +02:00
Werner Koch
198fad9fc1
doc: Typo fix in comment
--
2022-04-08 16:07:34 +02:00
Werner Koch
ca3e46a587
tpm: Fix recently introduced syntax error
--

Fixes-commit: 18eff31496a34156d58d757a2a110bcfde6c9908
2022-04-08 16:06:09 +02:00
Werner Koch
8945f1aedf
gpg: Remove restrictions for the name part of a user-id.
* g10/keygen.c (ask_user_id): Allow for the name to start with a
digit.  Allow names shorter than 5.
--

The reason for this change is that we don't enforce these constraints
in the --quick-gen-key interface.  I added the constraints right in the
beginning of gnupg to make sure that we have a uniform style for
user-ids.  However, this is all problematic with non-Latin names
and we prefer to use mail addresses anyway.
2022-04-08 16:03:12 +02:00
NIIBE Yutaka
9000081964 agent: Fix for possible support of Cygwin OpenSSH.
* agent/command-ssh.c (start_command_handler_ssh): Use es_sysopen.

--

With new (not-yet-released) libgpg-error, gpg-agent should be able to
handle connection from Cygwin version of OpenSSH.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-07 16:39:40 +09:00
NIIBE Yutaka
b47a23f5fa w32: Exclude tests with HOME.
* common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not
defined, so, exclude the tests.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 13:28:15 +09:00
NIIBE Yutaka
39d478f5ba w32: Fix for make check.
* common/Makefile.am (module_tests): Exclude t-exechelp and
t-exectool.
* common/t-stringhelp.c (mygetcwd): Convert '\' to '/'.
* tests/cms/Makefile.am: Add $(EXEEXT).
* tests/gpgme/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-06 11:28:00 +09:00
NIIBE Yutaka
48ee11722d agent:w32: Fix for use of socket.
* agent/command-ssh.c (get_client_info): Use type gnupg_fd_t for
socket, until call of socket API.
(start_command_handler_ssh): Don't convert here.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-04-04 16:39:27 +09:00
NIIBE Yutaka
f584ad9504 scd,tpm2d: Fix for consistent use of socket FD.
* scd/command.c (scd_command_handler): Use gnupg_fd_t for the argument
but no INT2FD to listen.  Use GNUPG_INVALID_FD.
* tpm2d/command.c (tpm2d_command_handler): Likewise.
* scd/scdaemon.c (start_connection_thread): Follow the change.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
* scd/scdaemon.h (scd_command_handler): Use gnupg_fd_t.
* tpm2d/tpm2daemon.h (tpm2d_command_handler): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-31 21:03:13 +09:00
NIIBE Yutaka
01ade6945d dirmngr: Fix for SOCK.
* dirmngr/http.c (connect_with_timeout): Use FD2INT to unwrap SOCK.

--

GnuPG-bug-id: 5899
Reported-by: Eli Zaretskii
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 13:05:41 +09:00
NIIBE Yutaka
18eff31496 tpm2d: Fix socket resource leak on Windows.
* tpm2d/tpm2daemon.c (main): Use gnupg_fd_t for socket, and use
assuan_sock_close for the socket allocated by assuan_sock_new.
(handle_connections): Use gnupg_fd_t for listen_fd.
Use assuan_sock_close for the socket by npth_accept.

--

Apply the same change of scdaemon to tpm2daemon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 13:01:14 +09:00
NIIBE Yutaka
2189b4bb63 common,w32: Fix handle_to_fd to match use of _open_osfhandle.
* common/exechelp-w32.c (handle_to_fd): Use intptr_t.
(gnupg_wait_processes): Fix to use pid_to_handle.

--

Both of original MinGW and MinGW-W64 use intptr_t for the first
argument of _open_osfhandle.  So, intptr_t is better here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-30 11:44:06 +09:00