* tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
flag for the arg parser only in --verbose mode.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ad1254b59d41e127879fc9f495d392316135b4a5)
GnuPG-bug-id: 5874
* g10/options.h (opt): Add field flags.require_compliance.
* g10/gpg.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* g10/mainproc.c (proc_encrypted): Emit error if non de-vs compliant.
(check_sig_and_print): Ditto.
* g10/encrypt.c (encrypt_crypt): Ditto.
--
Note that in the --encrypt and --verify cased other checks may kick in
earlier than this new --require-compliance controlled one.
* g10/Makefile.am (AM_CFLAGS): Reorder.
--
The more specific CLFAGS should come first so these are picked up
first. We really should improve the build system to enforce this
rule. In particular /usr/local/include should come after any more
specific location.
* tools/gpgtar.c: Replace assert by log_assert.
* tools/gpgtar-extract.c: Ditto.
(extract_regular): Create files with sysopen flag.
* tools/gpgtar-create.c (scan_directory): Use gpgrt_fname_to_wchar.
--
Note that for this change libgpg-error 1.45 is required for Windows.
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_mdc'.
(release_list): Clear 'seen_pkt_encrypted_mdc'.
(proc_encrypted): Set 'seen_pkt_encrypted_mdc'.
(have_seen_pkt_encrypted_aead): Rename to...
(have_seen_pkt_encrypted_aead_or_mdc): ...this and add check for
'seen_pkt_encrypted_mdc'.
(proc_plaintext): Do not enable extra hash contexts when decrypting
MDC input.
--
Avoiding extra hash contexts speeds up CFB/MDC decryption quite
a lot. For example, decrypting symmetric-key AES-256 encrypted
4 GiB file from RAM to /dev/null sees ~3.4x speed increase on
AMD Ryzen 5800X:
AES256.CFB encryption: 783 MB/s
AES256.CFB decryption: 386 MB/s (before)
AES256.CFB encryption: 1.3 GB/s (after patch)
Note, AEAD is still significantly faster:
AES256.OCB encryption: 2.2 GB/s
AES256.OCB decryption: 3.0 GB/s
GnuPG-bug-id: T5820
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit ab177eed514f7f3432d78e7e6521ad24cc0f4762)
Even 2.2 with the older Libgcrypt 1.8 gets a threefold speedup; see
https://dev.gnupg.org/T5820#155447 (AES-128 vs. AES-256 does not make
a substanial difference)
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (apdu_send_direct): Use lock_slot.
--
Cherry-pick the master commit of:
f808012ac2cf67ec563da178d963f300a7f2564d
With trylock_slot, it may return SW_HOST_BUSY. This may occur when
apdu_get_status is called by scd_update_reader_status_file.
Simply using lock_slot is much easier for user of apdu_send_direct.
GnuPG-bug-id: 5831
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpgconf-comp.c: Remove "quiet" and two unsupported options
--
The --quiet option is not intended for config files and thus should
not be displayed by config dialogs.
--
Note that for this LTS version we now print g10 Code as the first
copyright holder with --version. This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
* tools/gpgconf.h (gc_component_id_t): Fix the order.
--
The order has not been adjusted here in 2.2 after we have changed the
order of the gc_components array to have a more logical layout of the
tabs in Gpa and Kleopatra's setting dialogs. In 2.3 everything is
correct, probably because we have another component (keyboxd) there.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
--
The w32_try_mkdir was once introduced for WindowsCE and unfortunately
at a too brief inspection it looks like it does the utf8->wchar
conversion. Which it does not. Thus I obviously never tested the
switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name.
That might have been due to the use of the very same code for the
homedir - but there is other code in gpg to create the homedir; thus a
failure here is mostly fixed later.
The missing error diagnostic was - and is - on purpose to avoid such
error messages due to a race between several running gpg instances.
GnuPG-bug-id: 5537
* dirmngr/dirmngr.c (dirmngr_never_use_tor_p): New.
* dirmngr/server.c (ensure_keyserver): Don't even test for the Tor
proxy in never-use-tor Mode.
* tools/gpgtar-create.c: Include unistd.h to avoid a warning on
Windows.
--
This delay of 2 or 3 seconds is in particular annoying on Windows.
This is now suppressed, as it should be, if --no-use-tor is used.
The second patch is unrelated
* agent/command-ssh.c (sexp_key_construct): Do not put an empty string
into an S-expression.
(stream_read_string): Do not not try to a read a zero length block.
--
Actually we could handles this different by not putting a comment tag
into the s-expression, however this requires more code and at other
places we already return "(none)" instead of an empty comment.
The second fix is more or less a cosmetic thing to get better error
messages in case the underlying read system call returns an error.
GnuPG-bug-id: 5794
* tools/gpgconf-comp.c (known_options_gpgsm): Make "keyserver"
invisible.
(known_options_dirmngr): Add "ldapserver".
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and makr it as obsolete.
--
We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.
GnuPG-bug-id: 5801
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default. Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags. Remove
"options". Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.
* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name. Thus we list list options from the known_options
tables.
* tools/gpgconf-comp.c: Remove assert.h and replace all assert calls
by log_assert.
(known_options_gpg): Add "keyserver" as invisible. Remove "options".
(known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
(gc_component): Add field known_pseudo_options.
(struct read_line_wrapper_parm_s): New.
(read_line_wrapper): New.
(retrieve_options_from_program): Use read_line_wrapper to handle
pseudo options.
(retrieve_options_from_program): Ignore to be ignored options. Add
failsafe code to avoid calling percent_escape with NULL.
--
GnuPG-bug-id: 5341,5800
Due to reading the list of options from the argparser of the
component, we had no more information about the pseudo options and
thus could not emit them. Well, there is just one pseudo option right
now, but with this change we have a generalized concept for them:
Pseudo options are used to convey information from a component to
gpgconf; for example build-in values.
This is a combined backport of patches to master.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799
This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
--
This fixes fatal errors reported by msgfmt which made the build fail.
Note: The other translation of "Please re-enter this passphrase" uses
"das Passwort" instead of "die Passphrase". I chose to keep the
translation using "das Passwort" which seems to be the preferred
translation of "passphrase" used in almost all German strings.
Fixes-commit: c54f7e154f1e1054af5b4819450d03aa05ad9106
Cherry picking translations is dangerous. Sorting messages by msgid
should make it less dangerous and would make it much easier to spot
duplicates.
--
GnuPG-bug-id: 4777
This also fixes a bad fuzzy translation which accidently had been
commited without realizing that there was indeed a change (from
"... GnuPG" to "... %s").
(cherry picked from commit 5ed1567e7c6b08988a134effb3c1f42ef6d5319a)
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--
We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well. Thus the fallback also happens if the key
exists but not the actual entry.
* tools/gpgtar.h (TF_EXTHDR, TF_GEXTHDR): New.
* tools/gpgtar-list.c (parse_header): Set the new type flags.
(parse_extended_header): New.
(read_header): Add arg r_extheader and parse extended header.
(print_header): Consult the extended header.
(gpgtar_list): Pass an extended header object.
(gpgtar_read_header): Ditto.
(gpgtar_print_header): Ditto.
* tools/gpgtar-extract.c (extract): New arg exthdr and factor name
checking out to ...
(check_suspicious_name): new.
(extract_regular): Add arg exthdr and consult it.
(extract_directory): Likewise.
(gpgtar_extract): Provide extheader object.
--
GnuPG-bug-id: 5754
* tools/gpgtar-create.c (global_header_count): new.
(myreadlink): New.
(build_header): New arg r_exthdr. Detect and store long file and link
names. Factor checkum computation out to ...
(compute_checksum): new.
(add_extended_header_record): New.
(write_extended_header): New.
(write_file): Write extended header.
--
GnuPG-bug-id: 5754
* tools/gpgconf-comp.c (list_one_option): Skip ignored options and set
the no_change flag for forced options.
(retrieve_options_from_program): Put the attributes into the option
table.
--
(cherry picked from commit 42785d7c8a524129d9fe1a5afae553ff73f8e25b)
This commit also marks the end of the back port as requested by
GnuPG-bug-id: 5732
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4c43fabbb0124bacbbaad2521a3085709e7f8249)
--
This looks better and is also required for further simplifications of
gpgconf.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9bc3e7ec037e54c6521d7ac259604836518baa1b)