* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity. Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--
Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.
* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--
If tarball was created with
tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.
GnuPG-bug-id: 7380
The second patch avoid a wrong exist status status line due to the use
of log_error. But the actual cause needs stuill needs tobe
investigated.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--
The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.
GnuPG-bug-id: 7298
(cherry picked from commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823)
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.
--
GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 71840b57f48680b7555451a29026d9c6de4fe2bc)
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default. Enable control flow
protection.
--
Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--
This patch makes sure that an expired trusted key is not used for
trust computation. The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.
GnuPG-bug-id: 7200
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
* g10/trustdb.c (store_validation_status): Remove arg 'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--
This has been here since 2003. The variable was never evaluated -
only stored.
Also added some comments.
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
* doc/Makefile.am (yat2m-stamp): Also call yat2m with --html options.
* doc/yat2m.c (main): Add dummy options.
--
Note that the generated html versions of the man pages will only be
correct if the external yat2m tool is installed - at least for the
maintainers of the website this will be the case.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--
Fixes-commit: 2fdb950471bd36f046672254ff26ca94797cc9f1
GnuPG-bug-id: 6528
The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--
This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.
Fixes-commit: 122803bf1ac9ee720d9fc214f5ae5c2a0ec22bf5
GnuPG-bug-id: 7042
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--
GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used. Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--
This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
"oops: public key not found for preference check\n"
due to ADSK keys. The error is mostly harmless but lets gpg return
with an exit code of 2.
Backported-from-master: 6fa4d7973db34d118b7735d5a3d1aa8cc4412f46