1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10551 Commits

Author SHA1 Message Date
NIIBE Yutaka
2b19474aab
common: On Windows, we care about how PIPE handles are inherited.
* agent/gpg-agent.c (handle_connections): It's for POSIX.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/app.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
tpm2d/tpm2daemon.c (handle_connections): Ditto.
* tests/gpgscm/ffi.c (do_pipe): Use GNUPG_PIPE_BOTH.
(do_inbound_pipe): Use GNUPG_PIPE_INBOUND.
(do_outbound_pipe): Use GNUPG_PIPE_OUTBOUND.
* common/call-gpg.c (_gpg_encrypt): Specify outbound and inbound.
(_gpg_decrypt): Likewise.
* common/exechelp-posix.c (gnupg_create_pipe): Add an argument.
* common/exechelp-w32.c (create_pipe_and_estream): Care about
how PIPE handles are inherited to child process.
(gnupg_create_pipe): Add an argument.
* common/exechelp.h: Add enum values.

--

Fixes-commit: af6c47b2910f394faf582800d60d88e9b4dcf834
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 15:15:13 +09:00
NIIBE Yutaka
1d5cfa9b7f
scd: Add <unistd.h> for read(2) / write(2) .
* scd/app.c: Include <unistd.h>.

--

Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:48:02 +09:00
NIIBE Yutaka
af6c47b291
common,kbx,tests: Clean up the PIPE function API.
* common/call-gpg.c (_gpg_encrypt, _gpg_decrypt): Simply, use
gnupg_create_pipe.
* tests/gpgscm/ffi.c (do_inbound_pipe): Likewise.
* common/exechelp.h (gnupg_create_inbound_pipe): Use gnupg_fd_t
for native pipe descriptor and don't expose other end of pipe.
(gnupg_create_outbound_pipe): Ditto.
* common/exechelp-posix.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
* common/exechelp-w32.c (create_pipe_and_estream): Clean up.
(gnupg_create_inbound_pipe): Fail if R_FD or R_FP is NULL.
(gnupg_create_outbound_pipe: Ditto.
(gnupg_create_pipe): Move the code from original
create_pipe_and_estream to call _open_osfhandle.
* common/exectool.c (gnupg_exec_tool_stream): Follow the change of
API.
* kbx/kbx-client-util.c (prepare_data_pipe): Likewise.

--

GnuPG-bug-id: 7194
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:41:03 +09:00
NIIBE Yutaka
953dd67368
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.

--

GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:04:16 +09:00
Werner Koch
c333e9dad6
speedo: Set PREFIX for bzip2 build also for Unix.
--

bzip2 is a make-only package and thus we can't set the prefix with
configure.  We need to set PREFIX here so that the install target:

  if ( test ! -d $(PREFIX)/lib ) ; then mkdir -p $(PREFIX)/lib;fi
  [...]

does not try to install to the default PREFIX /usr/local/lib.
2024-07-08 10:59:06 +02:00
Werner Koch
8828a5fe54
Post release updates
--
2024-07-05 17:28:09 +02:00
Werner Koch
4668fb1a70
Release 2.5.0 gnupg-2.5.0 2024-07-05 14:45:16 +02:00
Werner Koch
03d06612ea
po: msgmerge
--
2024-07-05 14:35:29 +02:00
Werner Koch
32500440c2
po: Update the German translation.
--
2024-07-05 14:33:59 +02:00
Werner Koch
ff6cffab92
speedo: Let install also copy the SO's symlinks.
* build-aux/speedo.mk (install-speedo): Also instal the sumlinks for
the SOs.
2024-07-05 14:23:30 +02:00
Werner Koch
7c4c35f542
build: Prepare docs for GnuPG 2.6
--
2024-07-05 12:09:23 +02:00
Werner Koch
6a40cfa6c0
gpg: Print a warning if the (draft) Kyber algorithm is used.
* g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
2024-07-05 11:12:12 +02:00
Werner Koch
ca3b8d2541
gpgconf: Fix error in --show-versions due to recent spawn changes.
* tools/gpgconf.c (show_versions_via_dirmngr): Fail only on
exitcode!=0.
2024-07-05 09:14:47 +02:00
Jakub Jelen
cf3cec982d
tpm2d: Fix key import.
* tpm2d/tpm2.c (tpm2_import_key): Set the lengths from right
variables.

--

Fixes-commit: d631c8198c254107c0a4e704511fa0f33d3dda5f
GnuPG-bug-id: 7186
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2024-07-05 14:21:22 +09:00
Werner Koch
736579331b
gpgconf: Print the full commit id.
* autogen.sh: Update to version 2024-07-04 from libgpg-error.
* configure.ac (BUILD_REVISION): Rename the ac_define by
BUILD_COMMITID.
* tools/gpgconf.c (show_version_gnupg): Use it here.
2024-07-04 17:21:45 +02:00
NIIBE Yutaka
d78131490e
build: Require libgpg-error 1.50 or later.
* configure.ac (NEED_GPGRT_VERSION): Need 1.50.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-02 09:56:24 +09:00
Werner Koch
22072f635f
speedo,w32: Also sign the new libassuan SO name.
--
2024-07-01 17:25:06 +02:00
Werner Koch
d56b63a661
speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.
--

Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista.  Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.

The SO number of libassuan needs an update too.
2024-07-01 16:57:03 +02:00
Werner Koch
df977729ff
gpgconf: Allow listing of some new options
--

Also one old option.

GnuPG-bug-id: 6882
2024-07-01 15:47:03 +02:00
Werner Koch
0c34edc443
gpg: Make --with-sig-check with -with --show-key in non-colon mode.
* g10/keylist.c (list_keyblock_direct): Set check_sigs.
2024-07-01 09:21:49 +02:00
Werner Koch
28a080bc9f
gpg-mail-tube: New utility.
* tools/gpg-mail-tube.c: new.
* tools/Makefile.am: Add it.
2024-06-28 17:59:55 +02:00
Werner Koch
675b12ddd8
tools: New support functions for the mail parser.
* tools/rfc822parse.h (RFC822PARSE_HEADER_SEEN): New.
* tools/rfc822parse.c (rfc822_cmp_header_name): New.
(insert_header): Run header seen callback.
(rfc822parse_last_header_line): New.
(rfc822_free): New.
* tools/wks-receive.c (t2body): Use it here.
* tools/mime-parser.c (parse_message_cb): and here.
2024-06-28 17:59:55 +02:00
NIIBE Yutaka
c4ff9c5def
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:51:22 +09:00
NIIBE Yutaka
14400b2fb3
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:48:04 +09:00
NIIBE Yutaka
b3f1f2cd19
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:29:01 +09:00
NIIBE Yutaka
5d980802ac
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:26:25 +09:00
NIIBE Yutaka
d98521b934
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-26 11:13:05 +09:00
Frans Spiesschaert
f4e3ee61b8
po: Update Dutch translation
--
2024-06-25 09:46:07 +02:00
Todd Zullinger via Gnupg-devel
60677e65fb
doc: fix home dir path in common.conf
* doc/examples/common.conf: fix home dir path

--

Fix a few typos in user-specific path of common.conf added in d13c5bc24
(gpg,gpgsm: Move use-keyboxd to the new conf file common.conf,
2021-04-19).  The file is in the GnuPG home dir.  Replace 'use if' with
'use of' as well.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2024-06-25 09:41:14 +02:00
NIIBE Yutaka
36d8cffc6c
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-25 15:34:32 +09:00
NIIBE Yutaka
9aa6faaf10
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-25 15:34:25 +09:00
Werner Koch
1695cf267e
gpg: New option --show-only-session-key
* g10/options.h (opt): Add show_only_session_key and turn
show_session_key into a bit flag.
* g10/gpg.c (oShowOnlySessionKey): New.
(opts): Add "show-only-session-key".
(main): Set flag.
* g10/mainproc.c (proc_encrypted): Handle the new option.

* g10/decrypt-data.c (decrypt_data): Ditto.  Add compliance error flag
to the DECRYPTION_INFO status line.
--

This new option is somehow related to
GnuPG-bug-id: 1825
2024-06-24 16:31:40 +02:00
Werner Koch
4c65dfeb28
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:49:05 +02:00
Werner Koch
1067e544c2
sm: Emit user IDs in colon mode even if the Subject is empty.
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
2024-06-21 10:19:00 +02:00
NIIBE Yutaka
9bc3f2ad52
Fix the previous commit.
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.

--

GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-17 17:19:18 +09:00
NIIBE Yutaka
01fa318be0
scd: Fix how scdaemon pipe server finishes.
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-17 11:44:41 +09:00
NIIBE Yutaka
c4e6b6aba2
m4: Update m4 files.
* m4/gpg-error.m4: Update libgpg-error master.
* m4/libassuan.m4: Update libassuan master.
* m4/libgcrypt.m4: Update libgcrypt master.
* m4/ksba.m4: Update libksba master.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-14 11:57:01 +09:00
Werner Koch
8e691efb05
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:52:07 +02:00
Werner Koch
12ac129a70
gpg: Allow shortcut algo string "pqc" for --quick-gen-key.
* g10/keygen.c (PQC_STD_KEY_PARAM): New.
(quickgen_set_para): Always store the provided NBITS.
(parse_key_parameter_string): Detect the special value "pqc".
(quick_generate_keypair): Ditto.
--

With this change we can finally do a

  gpg --quick-gen-key --batch --passphrase='' foo@example.org  pqc

and get a full key.  Currently with a brainpoolp386r1 primary key and
a Kyber768_brainpoolp256 subkey.
2024-06-11 15:39:00 +02:00
Werner Koch
d81bb417c0
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:43:47 +02:00
Werner Koch
640c58135e
tools: Make gpg-authcode-sign.sh more robust on network errors.
* tools/gpg-authcode-sign.sh: Return on HTTP status 500
--

We have seen timestamping failures after signing some file using
GlobalSign certs.
2024-06-11 08:46:31 +02:00
NIIBE Yutaka
55559c8b66
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:36:17 +09:00
NIIBE Yutaka
563bfbb0be
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:21:19 +09:00
Werner Koch
fee890a2ab
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.
2024-06-06 11:59:22 +02:00
NIIBE Yutaka
e02880d512
common:w32: Fix for 64-bit Windows.
* common/exectool.c (gnupg_exec_tool_stream): 64-bit Windows is LLP64.

--

GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-06 08:56:27 +09:00
Werner Koch
77afc9ee1c
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
2024-06-05 17:04:33 +02:00
Werner Koch
8cbcac89fe
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 10:01:44 +02:00
Werner Koch
9d618d1273
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.
2024-06-05 10:01:43 +02:00
Werner Koch
465ea9116d
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
2024-06-05 10:01:36 +02:00
Werner Koch
068ebb6f1e
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
2024-06-04 18:02:02 +02:00