1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

10342 Commits

Author SHA1 Message Date
Werner Koch
3af8731bbb
gpgconf: Add list flag to trusted-key et al.
* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
options.
--

GnuPG-bug-id: 7313
2024-11-08 08:43:48 +01:00
NIIBE Yutaka
6022f10da3
gpg: Robust error handling for SCD READKEY.
* g10/keygen.c (ask_algo): List the card key only when it's valid.

--

GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-08 08:42:03 +01:00
Werner Koch
99069e9f6b
gpg-mail-type: Assume text/plain for missing content-type.
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity.  Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--

Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
2024-11-07 15:13:07 +01:00
Werner Koch
0daad02dc0
gpg-mail-tube: New feature --as-attach.
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
2024-11-07 15:12:50 +01:00
Werner Koch
f658bbd688
gpgtar: Make sure to create upper directories for regular files.
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.

* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--

If tarball was created with
    tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.

GnuPG-bug-id: 7380

The second patch avoid a wrong exist status status line due to the use
of log_error.  But the actual cause needs stuill needs tobe
investigated.
2024-11-07 15:12:11 +01:00
Werner Koch
794950ec75
gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--

If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage.  However, it used to have that E usage when it was added.

While testing this I found another pecularity: If you do
  gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error.  I hesitate to fix that due to
possible side-effects.

GnuPG-bug-id: 6882
2024-10-31 15:13:49 +01:00
NIIBE Yutaka
c0cb0175c9
scd: Add <unistd.h> for read(2) / write(2) .
* scd/app.c: Include <unistd.h>.

--

Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
2024-10-30 09:55:37 +01:00
Werner Koch
fbcdee805c
Post release updates
--
2024-10-29 14:46:35 +01:00
Werner Koch
5340576c08
Release 2.4.6 gnupg-2.4.6 2024-10-29 13:50:39 +01:00
Ingo Klöcker
f355f3f381
gpg: Fix --quick-set-expire for V5 subkey fingerprints
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
(cherry picked from commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823)
2024-10-29 13:11:47 +01:00
NIIBE Yutaka
2ae017a25f
common: Fix a race condition in creating socketdir.
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.

--

GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 71840b57f48680b7555451a29026d9c6de4fe2bc)
2024-10-29 12:27:30 +01:00
Werner Koch
4728d7f0df
po: Update German translation
--
2024-10-15 13:41:34 +02:00
Werner Koch
afe87ffc08
speedo: Enable additional runtime protections on Windows.
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default.  Enable control flow
protection.
--

Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.
2024-10-15 13:24:57 +02:00
Werner Koch
a8b503c42b
gpg: Emit status error for an invalid ADSK.
* g10/keygen.c (prepare_adsk): Emit status error.
--

This is useful for GPGME.

GnuPG-bug-id: 7322
2024-10-07 08:25:56 +02:00
Werner Koch
8b4ad616de
gpg: Exclude expired trusted keys from the key validation process.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--

This patch makes sure that an expired trusted key is not used for
trust computation.  The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.

GnuPG-bug-id: 7200
2024-09-25 15:26:26 +02:00
Werner Koch
ceec31751c
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--

The revalidation mark was only set if the imported key had a new key
signature.  This is in general correct but not if the imported key is
a trusted key.

GnuPG-bug-id: 7200
2024-09-25 15:26:25 +02:00
Werner Koch
ce54266d66
gpg: Remove useless variable in validate_keys.
* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--

This has been here since 2003.  The variable was never evaluated -
only stored.

Also added some comments.
2024-09-25 15:26:24 +02:00
NIIBE Yutaka
26d171d36d
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-25 14:13:29 +09:00
Werner Koch
03459618c5
w32: Fix last commit to build on Windows.
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--

Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
2024-09-20 14:05:56 +02:00
NIIBE Yutaka
c98385d311
scd: Fix DEVINFO, allowing no clients which watch the change.
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-20 12:07:45 +02:00
Werner Koch
f1e42cdf53
doc: Update NEWS
--
2024-09-19 16:32:41 +02:00
Werner Koch
94a7a67473
speedo: Make use of wget more robust
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
2024-09-19 16:32:40 +02:00
Werner Koch
f6858322a3
po: Update German translation
--
2024-09-19 15:43:38 +02:00
Werner Koch
cc30ceee5c
po: Updated one string of the Portuguese translation
--

Taken from master
2024-09-19 15:43:22 +02:00
Werner Koch
ed5edb4315
speedo: Add ntbtls to the wixlib
--
2024-09-19 15:16:12 +02:00
Werner Koch
15aea30de0
speedo: Update to be more aligned with the version in master
--
2024-09-19 14:21:47 +02:00
Werner Koch
35d80ebd78
doc: Add support for generating HTML versions of the man pages.
* doc/Makefile.am (yat2m-stamp): Also call yat2m with --html options.
* doc/yat2m.c (main): Add dummy options.
--

Note that the generated html versions of the man pages will only be
correct if the external yat2m tool is installed - at least for the
maintainers of the website this will be the case.
2024-09-19 14:00:32 +02:00
NIIBE Yutaka
a698adbb53
kbx: Fix a race condition on DATABASE_HD.
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.

--

GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:28 +02:00
NIIBE Yutaka
32476f870d
scd: Fix DEVINFO to allow multiple clients.
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:22 +02:00
Werner Koch
e76bac2ef2
build: Fix make distclean for gnupg.7.html
--
2024-09-19 13:21:15 +02:00
Werner Koch
685acf650a
build: Also cleanup generated html file in a make distcheck
* doc/Makefile.am (myman_pages): Add gpg and gpgv.
(USE_GPG2_HACK): Remove conditional.
(myhtmlman_pages): New.
(DISTCLEANFILES): Add html pages.
--
2024-09-19 13:20:47 +02:00
Werner Koch
b8ddffead5
doc: Updated comments in speedo.mk
--
2024-09-19 13:19:07 +02:00
NIIBE Yutaka
a17584d000
gpg: Fix getting key by IPGP.
* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Check if DATA for key.

--

GnuPG-bug-id: 7288
Reported-by: Wilfried Teiken
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:18:56 +02:00
Werner Koch
178c3fe62c
gpg: Improve detection of input data read errors.
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--

Fixes-commit: 2fdb950471bd36f046672254ff26ca94797cc9f1
GnuPG-bug-id: 6528

The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
2024-09-19 13:18:20 +02:00
Werner Koch
e16728f3d6
gpg: Make --no-literal work again for -c and --store.
* g10/dearmor.c (dearmor_file): Check for errors of iobuf_copy.
(enarmor_file): Ditto.
* g10/encrypt.c (encrypt_simple): Fix error check of iobuf_copy
(encrypt_crypt): Use iobuf_copy.
--

Fixes-commit: 756c0bd5d89bd0a773f844fbc2ec508c1a36c63d
GnuPG-bug-id: 5852
2024-09-19 13:15:34 +02:00
Werner Koch
0f0c59d6ff
gpg: remove workaround for Libgcrypt < 1.8.6
* g10/free-packet.c (is_mpi_copy_broken): Remove.
2024-09-19 13:12:41 +02:00
Werner Koch
e8598390be
gpg: Avoid wrong decryption_failed for signed+OCB msg w/o pubkey.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--

This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.

Fixes-commit: 122803bf1ac9ee720d9fc214f5ae5c2a0ec22bf5
GnuPG-bug-id: 7042
2024-09-19 10:02:29 +02:00
Werner Koch
6ff13380a2
agent: Fix detection of the trustflag de-vs.
* agent/trustlist.c (read_one_trustfile): Fix comparison.
--

Fixes-commit: a5360ae4c7bfe6df6754409d5bd5c5a521ae5e6f
GnuPG-bug-Id: 5079
2024-09-17 13:39:52 +02:00
NIIBE Yutaka
730593affa
common:w32: Don't expose unused functions.
* common/exechelp.h [HAVE_W32_SYSTEM] (get_max_fds): Don't expose.
(close_all_fds, get_all_open_fds): Likewise.
* common/exechelp-w32.c: Don't expose unused functions.

--

GnuPG-bug-id: 7293
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-17 09:24:41 +09:00
Werner Koch
54e06273c0
gpgsm: New option --assert-signer
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
2024-09-13 16:37:37 +02:00
Werner Koch
f7f939234b
gpgconf: Add missing linefeed to the -X output.
* tools/gpgconf.c (show_registry_entries_from_file): Add missing LF.
2024-09-03 11:16:48 +02:00
NIIBE Yutaka
5a1bf7e552
agent: Fix KEYTOCARD for the use case with loopback pinentry.
* agent/command.c (cmd_keytocard): Copy LINE.

--

GnuPG-bug-id: 7283
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-03 11:13:20 +02:00
Werner Koch
1ea66b6df3
doc: Explain why we use D-Lines for keyboxd communication.
--
2024-08-28 10:11:39 +02:00
Werner Koch
cb739bb2a5
gpg: New option --proc-all-sigs
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (check_sig_and_print): Do not stop signature checking
if this new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
Backported-from-master: 1eb382fb1f431575872b47dc160807858b7df3e5
2024-08-23 11:46:06 +02:00
Werner Koch
92667aa8c2
gpg: Warn if a keyring is specified along with --use-keyboxd.
* g10/gpg.c (main): Print the warning.
--
GnuPG-bug-id: 7265
2024-08-23 09:20:58 +02:00
Werner Koch
c884e22140
gpg: Minor fix when building with --disable-exec
* g10/photoid.c (show_photo): No return for a void function.
--

GnuPG-bug-id: 7256
2024-08-19 10:32:33 +02:00
Werner Koch
1af3c09831
gpg: Improve decryption diagnostic for an ADSK key.
* g10/keydb.h (GET_PUBKEYBLOCK_FLAG_ADSK): New constant.
* g10/packet.h (PUBKEY_USAGE_XENC_MASK): New constant.
* g10/pubkey-enc.c (get_session_key): Consider an ADSK also as "marked
for encryption use".
(get_it): Print a note if an ADSK key was used.  Use the new
get_pubkeyblock flag.
* g10/getkey.c (struct getkey_ctx_s): Add field allow_adsk.
(get_pubkeyblock): Factor all code out to ...
(get_pubkeyblock_ext): new.
(finish_lookup): Add new arg allow_adsk and make use of it.
--

This patch solves two purposes:
- We write a note that the ADSK key was used for decryption
- We avoid running into a
  "oops: public key not found for preference check\n"
  due to ADSK keys.  The error is mostly harmless but lets gpg return
  with an exit code of 2.

Backported-from-master: 6fa4d7973db34d118b7735d5a3d1aa8cc4412f46
2024-08-12 15:05:44 +02:00
Werner Koch
6fa4d7973d
agent: When diverting to a card show the name of unsupported algos.
* agent/divert-scd.c (divert_pkdecrypt): Improve error message.
2024-08-12 15:03:40 +02:00
Werner Koch
5d8bc309c7
doc: Explain that sort-sigs has no effect in colon mode.
--
2024-08-12 15:03:17 +02:00
Andre Heinecke
6878634c25
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-12 15:02:24 +02:00