1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

8061 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor
263a07f04d dirmngr: Only use SKS pool CA for SKS pool
* dirmngr/http.c (http_session_new): when checking whether the
keyserver is the HKPS pool, check specifically against the pool name,
as ./configure might have been used to select a different default
keyserver.  It makes no sense to apply Kristian's certificate
authority to anything other than the literal host
hkps.pool.sks-keyservers.net.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Name dirmngr-Only-use-SKS-pool-CA-for-SKS-pool.patch
2019-07-20 14:16:20 -04:00
Vincent Breitmoser
b2605ad614 gpg: accept subkeys with a good revocation but no self-sig during import
* g10/import.c (chk_self_sigs): Set the NODE_GOOD_SELFSIG flag when we
encounter a valid revocation signature. This allows import of subkey
revocation signatures, even in the absence of a corresponding subkey
binding signature.

--

This fixes the remaining test in import-incomplete.scm.

GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic import-merge-without-userid
Gbp-Pq: Name gpg-accept-subkeys-with-a-good-revocation-but-no-self-sig.patch
2019-07-20 14:16:20 -04:00
Vincent Breitmoser
e70841404d gpg: allow import of previously known keys, even without UIDs
* g10/import.c (import_one): Accept an incoming OpenPGP certificate that
has no user id, as long as we already have a local variant of the cert
that matches the primary key.

--

This fixes two of the three broken tests in import-incomplete.scm.

GnuPG-Bug-id: 4393
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic import-merge-without-userid
Gbp-Pq: Name gpg-allow-import-of-previously-known-keys-even-without-UI.patch
2019-07-20 14:16:20 -04:00
Vincent Breitmoser
2627cd5e54 tests: add test cases for import without uid
This commit adds a test case that does the following, in order:
- Import of a primary key plus user id
- Check that import of a subkey works, without a user id present in the
imported key
- Check that import of a subkey revocation works, without a user id or
subkey binding signature present in the imported key
- Check that import of a primary key revocation works, without a user id
present in the imported key

--

Note that this test currently fails.  The following changesets will
fix gpg so that the tests pass.

GnuPG-Bug-id: 4393
Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic import-merge-without-userid
Gbp-Pq: Name tests-add-test-cases-for-import-without-uid.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
7576681260 gpg: Prefer SHA-512 and SHA-384 in personal-digest-preferences.
* g10/keygen.c (keygen_set_std_prefs): prefer SHA-512
and SHA-384 by default.

--

In 8ede3ae29a39641a2f98ad9a4cf61ea99085a892, upstream changed the
defaults for --default-preference-list to advertise a preference for
SHA-512, without touching --personal-digest-preferences.  This makes
the same change for --personal-digest-preferences, since every modern
OpenPGP library supports them all.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name gpg-Prefer-SHA-512-and-SHA-384-in-personal-digest.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
a446c4db95 gpg: Default to SHA-512 for all signature types on RSA keys.
* g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA512 instead of SHA256 in
--gnupg mode (leave strict RFC and PGP modes alone).
* configure.ac: Do not allow disabling sha512.
* g10/misc.c (map_md_openpgp_to_gcry): Always support SHA512.

--

SHA512 is more performant on most 64-bit platforms than SHA256, and
offers a better security margin.  It is also widely implemented.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic update-defaults
Gbp-Pq: Name gpg-Default-to-SHA-512-for-all-signature-types-on-RS.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
f7c7872853 gpg: default to AES-256.
* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 73ff075204df09db5248170a049f06498cdbb7aa)

Gbp-Pq: Topic from-master
Gbp-Pq: Name gpg-default-to-AES-256.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
9420c525db gpg: default to 3072-bit RSA keys.
* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

(cherry picked from commit 909fbca19678e6e36968607e8a2348381da39d8c)

Gbp-Pq: Topic from-master
Gbp-Pq: Name gpg-default-to-3072-bit-RSA-keys.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
b76dacf10d agent: Avoid scheduled checks on socket when inotify is working.
* agent/gpg-agent.c (handle_connections): When inotify is working, we
do not need to schedule a timer to evaluate whether we control our own
socket or not.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic gpg-agent-idling
Gbp-Pq: Name agent-Avoid-scheduled-checks-on-socket-when-inotify-.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
e7e5708091 agent: Avoid tight timer tick when possible.
* agent/gpg-agent.c (need_tick): Evaluate whether the short-phase
handle_tick() is needed.
(handle_connections): On each cycle of the select loop, adjust whether
we should call handle_tick() or not.
(start_connection_thread_ssh, do_start_connection_thread): Signal the
main loop when the child terminates.
* agent/call-scd.c (start_scd): Call interrupt_main_thread_loop() once
the scdaemon thread context has started up.

--

With this change, an idle gpg-agent that has no scdaemon running only
wakes up once a minute (to check_own_socket).

Thanks to Ian Jackson and NIIBE Yutaka who helped me improve some of
the blocking and corner cases.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic gpg-agent-idling
Gbp-Pq: Name agent-Avoid-tight-timer-tick-when-possible.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
d369f30f31 agent: Allow threads to interrupt main select loop with SIGCONT.
* agent/gpg-agent.c (interrupt_main_thread_loop): New function on
non-windows platforms, allows other threads to interrupt the main loop
if there's something that the main loop might be interested in.

--

For example, the main loop might be interested in changes in program
state that affect the timers it expects to see.

I don't know how to do this on Windows platforms, but i welcome any
proposed improvements.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic gpg-agent-idling
Gbp-Pq: Name agent-Allow-threads-to-interrupt-main-select-loop-wi.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
758212d3b2 agent: Create framework of scheduled timers.
agent/gpg-agent.c (handle_tick): Remove intermittent call to
check_own_socket.
(tv_is_set): Add inline helper function for readability.
(handle_connections) Create general table of pending scheduled
timeouts.

--

handle_tick() does fine-grained, rapid activity.  check_own_socket()
is supposed to happen at a different interval.

Mixing the two of them makes it a requirement that one interval be a
multiple of the other, which isn't ideal if there are different delay
strategies that we might want in the future.

Creating an extensible regular timer framework in handle_connections
should make it possible to have any number of cadenced timers fire
regularly, without requiring that they happen in cadences related to
each other.

It should also make it possible to dynamically change the cadence of
any regularly-scheduled timeout.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic gpg-agent-idling
Gbp-Pq: Name agent-Create-framework-of-scheduled-timers.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
38ab07d344 dirmngr: Avoid automatically checking upstream swdb.
* dirmngr/dirmngr.c (housekeeping_thread): Avoid automatically
checking upstream's software database.  In Debian, software updates
should be handled by the distro mechanism, and additional upstream
checks only confuse the user.
* doc/dirmngr.texi: document that --allow-version-check does nothing.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic dirmngr-idling
Gbp-Pq: Name dirmngr-Avoid-automatically-checking-upstream-swdb.patch
2019-07-20 14:16:20 -04:00
Daniel Kahn Gillmor
4e63d9c07c dirmngr: Avoid need for hkp housekeeping.
* dirmngr/ks-engine-hkp.c (host_is_alive): New function.  Test whether
host is alive and resurrects it if it has been dead long enough.
(select_random_host, map_host, ks_hkp_mark_host): Use host_is_alive
instead of testing hostinfo_t->dead directly.
(ks_hkp_housekeeping): Remove function, no longer needed.
* dirmngr/dirmngr.c (housekeeping_thread): Remove call to
ks_hkp_housekeeping.

--

Rather than resurrecting hosts upon scheduled resurrection times, test
whether hosts should be resurrected as they're inspected for being
dead.  This removes the need for explicit housekeeping, and makes host
resurrections happen "just in time", rather than being clustered on
HOUSEKEEPING_INTERVAL seconds.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic dirmngr-idling
Gbp-Pq: Name dirmngr-Avoid-need-for-hkp-housekeeping.patch
2019-07-20 14:16:19 -04:00
Daniel Kahn Gillmor
24507b1567 dirmngr: hkp: Avoid potential race condition when some hosts die.
* dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
through the host table instead of risking out-of-bounds write.

--

Multiple threads may write to hosttable[x]->dead while
select_random_host() is running.  For example, a housekeeping thread
might clear the ->dead bit on some entries, or another connection to
dirmngr might manually mark a host as alive.

If one or more hosts are resurrected between the two loops over a
given table in select_random_host(), then the allocation of tbl might
not be large enough, resulting in a write past the end of tbl on the
second loop.

This change collapses the two loops into a single loop to avoid this
discrepancy: each host's "dead" bit is now only checked once.

As Werner points out, this isn't currently strictly necessary, since
npth will not switch threads unless a blocking system call is made,
and no blocking system call is made in these two loops.

However, in a subsequent change in this series, we will call a
function in this loop, and that function may sometimes write(2), or
call other functions, which may themselves block.  Keeping this as a
single-pass loop avoids the need to keep track of what might block and
what might not.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Topic dirmngr-idling
Gbp-Pq: Name dirmngr-hkp-Avoid-potential-race-condition-when-some.patch
2019-07-20 14:16:19 -04:00
Daniel Kahn Gillmor
337ae2374e Avoid simple memory dumps via ptrace
This avoids needing to setgid gpg-agent.  It probably doesn't defend
against all possible attacks, but it defends against one specific (and
easy) one.  If there are other protections we should do them too.

This will make it slightly harder to debug the agent because the
normal user won't be able to attach gdb to it directly while it runs.

The remaining options for debugging are:

 * launch the agent from gdb directly
 * connect gdb to a running agent as the superuser

Upstream bug: https://dev.gnupg.org/T1211

Gbp-Pq: Topic block-ptrace-on-secret-daemons
Gbp-Pq: Name Avoid-simple-memory-dumps-via-ptrace.patch
2019-07-20 14:16:19 -04:00
Werner Koch
591523ec94
Release 2.2.17 gnupg-2.2.17 2019-07-09 14:33:53 +02:00
Werner Koch
e58dd1e736
po: Auto update
--
2019-07-09 14:30:12 +02:00
Ineiev
ad0c61972a
po: Update Russian translation. 2019-07-09 14:27:56 +02:00
Petr Pisar
4f8149b946
po: Update Czech translation
--
2019-07-09 14:26:11 +02:00
Werner Koch
bec3a6ee2e
po: Update Polish translation
--
2019-07-09 13:34:46 +02:00
Werner Koch
05abc36a12
po: Update German translation
--
2019-07-09 13:32:07 +02:00
Werner Koch
3c2cf5ea95
gpg: Do not try the import fallback if the options are already used.
* g10/import.c (import_one): Check options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-09 11:22:08 +02:00
Werner Koch
b6effaf466
gpg: Fix regression in option "self-sigs-only".
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--

Reported-by: Phil Pennock
Fixes-commit: adb120e663fc5e78f714976c6e42ae233c1990b0
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-09 11:07:35 +02:00
Werner Koch
40ea9dbdc2
Prepare NEWS for the next release
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-05 15:45:13 +02:00
Werner Koch
3242837d20
gpg: With --auto-key-retrieve prefer WKD over keyservers.
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver.  Remove keyserver lookup just by the
keyid.  Try a WKD lookup before a keyserver lookup.
--

The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.

GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9)
2019-07-05 10:43:55 +02:00
Werner Koch
6396f8d115
wkd: Change client/server limit back to 64 KiB
* tools/wks-receive.c (decrypt_data): Change limit.
--

The former limit ~1MiB of was used during development.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit b0e8724b102535c27a8c973ec038d340858a8eb8)
2019-07-05 10:34:43 +02:00
Daniel Kahn Gillmor
efb6e08ea2
dirmngr: fix handling of HTTPS redirections during HKP
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.

--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>

GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-07-04 16:31:56 +02:00
Werner Koch
2b7151b0a5
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* g10/gpg.c (main): Change default.
--

Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures.  That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.

To revert to the old behavior add

  keyserver-optiions  no-self-sigs-only,no-import-clean

to gpg.conf.

GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 23c978640812d123eaffd4108744bdfcf48f7c93)
2019-07-04 15:59:14 +02:00
Werner Koch
4cbd058a3d
gpg: Avoid printing false AKL error message.
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--

This change avoids error message like

  gpg: error retrieving 'foo@example.org' via None: No public key

A 'None' mechanism is something internal.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 91a6ba32347a21c9029728eec96b8ff80f944629)
2019-07-04 15:22:00 +02:00
Werner Koch
46f3283b34
gpg: New command --locate-external-key.
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname.  Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
--

This new command is a shortcut for

  --auto-key-locate nodefault,clear,wkd,... --locate-key

and uses the default or configured AKL list but does so without local.

See also
GnuPG-bug-id: 4599

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d00c8024e58822e0623b3fad99248ce68a8b7725)
2019-07-04 15:14:43 +02:00
Werner Koch
1187143343
gpg: Make the get_pubkey_byname interface easier to understand.
* g10/keydb.h (enum get_pubkey_modes): New.
* g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
change all callers.
--

This change prepares the implementation of GET_PUBKEY_NO_LOCAL.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9980f81da765f88a65604ab083563bf15ccdb425)
2019-07-04 15:14:30 +02:00
Werner Koch
d2e8d71251
dirmngr: Avoid endless loop in case of HTTP error 503.
* dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
(handle_send_request_error): Use it for 503 and 504.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
extra_tries.
--

This is a pretty stupid fix but one which works without much risk of
regressions.  We could have used the existing TRIES but in that case
the fallback to other host would have been too limited.  With the used
value we can have several fallbacks to other hosts.  Note that the
TRIES is still cumulative and not per host.

GnuPG-bug-id: 4600
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 8b113bb148f273524682252233b3c65954e1419e)
2019-07-03 17:40:49 +02:00
Werner Koch
c9b133a54e
dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
* dirmngr/http.c (same_host_p): Consider certain subdomains to be the
same.
--

GnuPG-bug-id: 4603
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36)
2019-07-03 16:21:45 +02:00
Peter Lebbing
37b549dfe0
Mention --sender in documentation 2019-07-03 16:21:32 +02:00
Werner Koch
2c6d94702a
dirmngr: Fix previous commit
--
Ooops, forgot to commit the actual backport part.

GnuPG-bug-id: 4590
Fixes-commit: 458973f502b9a43ecf29e804a2c0c86e78f5927a
2019-07-03 15:43:47 +02:00
Werner Koch
458973f502
dirmngr: Support the new WKD draft with the openpgpkey subdomain.
* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
method.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd)
2019-07-03 15:33:13 +02:00
Werner Koch
a1f2f38dfb
gpg: Fallback to import with self-sigs-only on too large keyblocks.
* g10/import.c (import_one): Rename to ...
(import_one_real): this.  Do not print and update stats on keyring
write errors.
(import_one): New.  Add fallback code.
--

GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160)
2019-07-02 09:25:21 +02:00
Werner Koch
adb120e663
gpg: New import and keyserver option "self-sigs-only"
* g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
* g10/import.c (parse_import_options): Add option "self-sigs-only".
(read_block): Handle that option.
--

This option is intended to help against importing keys with many bogus
key-signatures.  It has obvious drawbacks and is not a bullet-proof
solution because a self-signature can also be faked and would be
detected only later.

GnuPG-bug-id: 4591
Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0)
2019-07-01 15:23:23 +02:00
Werner Koch
15a425a1df
gpg: Make read_block in import.c more flexible.
* g10/import.c: Change arg 'with_meta' to 'options'.  Change callers.
--

This chnage allows to pass more options to read_block.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-01 15:19:44 +02:00
NIIBE Yutaka
526714806d tools: gpgconf: Killing order is children-first.
* tools/gpgconf-comp.c (gc_component_kill): Reverse the order.

--

Cherry-picked from master commit:
	7c877f942a344e7778005840ed7f3e20ace12f4a

The order matters in a corner case; On a busy machine, there was a
race condition between gpg-agent's running KILLAGENT command and its
accepting incoming request on the socket.  If a request by
gpg-connect-agent was accepted, it resulted an error by sudden
shutdown.  This change of the order can remove such a race.

Here, we know backend=0 is none.

GnuPG-bug-id: 4577
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-07-01 13:13:36 +09:00
Daniel Kahn Gillmor
520f5d70e4 spelling: Fix "synchronize"
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-06-23 20:17:47 -04:00
Werner Koch
f325102375
Return better error code for some getinfo IPC commands.
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--

GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2.  Thus we can switch to this more
descriptive code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-06-03 16:33:50 +02:00
Daniel Kahn Gillmor
175d194b5d doc/wks.texi: fix typo
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2019-05-28 21:09:13 -04:00
Werner Koch
f9934dcb57
Post release updates
--
2019-05-28 17:40:16 +02:00
Werner Koch
3f2b7a53dd
Release GnuPG 2.2.16
Signed-off-by: Werner Koch <wk@gnupg.org>
gnupg-2.2.16
2019-05-28 17:01:00 +02:00
Werner Koch
626e05f07a
po: Auto-update
--
2019-05-28 16:58:38 +02:00
Werner Koch
5281ecbe3a
dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
* dirmngr/ocsp.c (do_ocsp_request): Remove arg md.  Add args r_sigval,
r_produced_at, and r_md.  Get the hash algo from the signature and
create the context here.
(check_signature): Allow any hash algo.  Print a diagnostic if the
signature does not verify.
--

GnuPG-bug-id: 3966
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-28 12:31:41 +02:00
Werner Koch
582dee2418
Prepare NEWS for the release
--
2019-05-27 19:59:56 +02:00
Werner Koch
a7a327d026
po: Update Polish translation
--
2019-05-27 17:31:34 +02:00