1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

5559 Commits

Author SHA1 Message Date
Justus Winter
582e684a48 tools/gpgtar: Implement symmetric encryption.
* tests/openpgp/gpgtar.test: Add test case.
* tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
gpg.
* tools/gpgtar.c (parse_arguments): We do handle the argument now.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:40 +01:00
Justus Winter
45c814f348 tools/gpgtar: Implement signing.
* tests/openpgp/gpgtar.test: Test signing.
* tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
appropriate gpg arguments to implement signing and selecting the local
user.
* tools/gpgtar.c (parse_options): We do handle '--local-user' now.
(main): Handle signing, encrypting, and doing both when creating an
archive.
* tools/gpgtar.h (gpgtar_create): Update prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:40 +01:00
Justus Winter
0c0dafd8e8 tools/gpgtar: Use the new exectool helper.
* tools/Makefile.am: gpgtar now requires neither npth nor libassuan.
* tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool'
helper.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
* tools/gpgtar.c (main): Set default gpg program.  Drop the
initialization of npth and libassuan.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:40 +01:00
Justus Winter
a81aca6e1c common: Add a stream interface to 'sh-exectool'.
* common/sh-exectool.c (struct copy_buffer): Add infrastructure for
copying between streams.
(copy_buffer_{init,shred,do_copy,flush}): New functions.
(sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
(nop_free): New function.
(sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
* common/sh-exectool.h (sh_exec_tool_stream): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:26 +01:00
Justus Winter
d955cb5e07 common: Add header file and build the new code.
* common/Makefile.am (common_sources): Add new files.
* common/sh-exectool.h: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:45:09 +01:00
Werner Koch
2ae07f826a common: Add code to execute a helper.
* common/sh-exectool.c: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:45:09 +01:00
Werner Koch
30af06ee94
Merge branch 'STABLE-BRANCH-2-2' into wk-master
--

I forgot to merge the updated Japanese translation into the release
branch thus we need to fix it up here.
2015-12-04 12:12:18 +01:00
Werner Koch
df1e0d27fa
Post release updates.
--
2015-12-04 12:00:05 +01:00
Werner Koch
9fadfdb310
Release 2.1.10 gnupg-2.1.10 2015-12-04 10:50:51 +01:00
Yuri Chornoivan
650f43053d
po: Update Ukrainian translation
--

Merged with current POT - wk
2015-12-04 10:45:06 +01:00
Ineiev
0c0ccf0928
po: Update Russian translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>

The patch was from October 12 and thus 6 strings could not be applied
due to chnaged original strings.
2015-12-04 10:25:03 +01:00
NIIBE Yutaka
762fcc027b po: Japanese translation. 2015-12-04 18:16:15 +09:00
Werner Koch
0fe3614d9a
speedo,w32: Improve installer.
* build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and
distsigkey.gpg.
(un.gnupglast): Stop dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 09:11:11 +01:00
Werner Koch
28311d1fa5
gpg: Do not pre-check keys given on the command line.
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.

* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--

If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks.  The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
Werner Koch
4ff2cae7de
dirmngr: Add command to print the resolver version.
* dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
2015-12-04 07:36:16 +01:00
Werner Koch
28c53ddbcb
po: Auto-update.
--
2015-12-04 07:36:16 +01:00
Werner Koch
59b42ceb93
po: Update German translation.
--
2015-12-04 07:36:14 +01:00
Werner Koch
59f6192cb7
gpg: Allow "help" as value for --tofu-policy.
* g10/gpg.c (parse_tofu_policy): Add keyword "help".
(parse_tofu_db_format): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
Werner Koch
218a52787a
Do not translate messages printed with log_debug.
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto.  Print only if debug is
enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 07:36:14 +01:00
NIIBE Yutaka
f03976f110 scd: Fix for removing the prefix.
* scd/app-openopg.c (do_decipher): Fix the condition.
2015-12-04 14:37:05 +09:00
NIIBE Yutaka
9639af5f16 scd: Simplify saving application context.
* scd/app.c (lock_table): Remove LAST_APP field.
(lock_reader, app_dump_state, application_notify_card_reset)
(release_application): Follow the change.
(check_conflict): New.
(check_application_conflict): Lock the slot and call check_conflict.
(select_application): Call check_conflict and not use LAST_APP.

--

We don't need LAST_APP field but just keep the application context by
APP field.  Since we have a reference counter, it is possible if we
can deallocate or not.
2015-12-04 14:13:23 +09:00
NIIBE Yutaka
f747adfa21 scd: More fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
Also fix xfree bug introduced.

--

In old format with no prefix, cipher text can be trancated when it
is parsed as MPI.  Recover the value adding back zeros.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
2015-12-04 14:02:48 +09:00
Werner Koch
e28f2e7a2f
scd: Another fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
INDATA.
(do_decipher): Fix integer arithmetic in void pointer.
(do_decipher): Add missing memcpy.
--

I have not tested this fix but it is obvious.

Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 13:46:03 +01:00
Werner Koch
0f61599ed0
build: Avoid dependecy problems in "make distcheck".
* doc/Makefile.am (gnupg.texi): Depend on defs.inc.
--

Reported-by: Justus Winter
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 13:28:28 +01:00
Werner Koch
4e9957250e
build: Change how caller provided CFLAGS are used by configure.
* configure.ac: Append instead of prepend caller provided CFLAGS.
--

Suggested-by: Justus Winter
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:51:52 +01:00
Werner Koch
fbf8b733a2
gpg: Additional comment on commit a28ac99e.
--

My statement that commit 04a6b903 changed the semantics of keydb_new
was plainly wrong.  Not Neal broke it but me when I initially wrote
that function or copied it from gpgsm.

Sorry.
2015-12-03 12:37:56 +01:00
Werner Koch
5e2c5e9ec5
gpg: Add variant of 'key "%s" not found: %s' error message.
* g10/gpg.c (check_user_ids): Change error message.
* g10/delkey.c (do_delete_key): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:25:37 +01:00
Werner Koch
50a568e738
gpg: Make keyidlist more robust in case of errors.
* g10/keyserver.c (keyidlist): Clear *KLIST on error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:19:30 +01:00
Werner Koch
a28ac99efe
gpg: Take care of keydb_new returning NULL.
* g10/keydb.c (keydb_new): Print an error message if needed.  Also use
xtrycalloc because we return an error anyway.
* g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
* g10/export.c (do_export_stream): Ditto.
* g10/getkey.c (get_pubkey): Ditto.
(get_pubkey_fast): Ditto.
(get_pubkeyblock): Ditto.
(get_seckey): Ditto.
(key_byname): Ditto.
(get_pubkey_byfprint): Ditto.
(get_pubkey_byfprint_fast): Ditto.
(parse_def_secret_key): Ditto.
(have_secret_key_with_kid): Ditto.
* g10/import.c (import_one): Ditto.
(import_revoke_cert): Ditto.
* g10/keyedit.c (keyedit_quick_adduid): Ditto.
* g10/keygen.c (quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
* g10/trustdb.c (validate_keys): Ditto.
* g10/keyserver.c (keyidlist): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.
* g10/gpg.c (check_user_ids): Ditto.
(main): Do not print an error message for keydb_new error.
* g10/keylist.c (list_all): Use actual error code returned by
keydb_new.

* g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
* g10/t-keydb.c (do_test): Ditto.

* g10/keyring.c (keyring_new): Actually return an error so that the
existing keydb_new error checking makes sense for a keyring resource.
(keyring_rebuild_cache): Take care of keyring_new returning an error.
--

Commit 04a6b903 changed keydb_new to return an error.  However the
error was not checked at most places which we fix with this patch.  To
make things easier keydb_new prints an error message itself.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
Werner Koch
9fcc047d92
gpg: Change some error messages.
* g10/getkey.c (parse_def_secret_key): Change error message.  Replace
log_debug by log_info.
* g10/gpg.c (check_user_ids): Make function static.  Change error
messages.
(main): Change error messages.
* g10/revoke.c (gen_revoke): Ditto.
--

There are other smaller changes not described above.

This change tries to avoid new error messages so not to increase the
the number of translated strings or break too many existing
translations.  It also tries to use existing strings and changes the
quoting to the most common style used in gpg.

Key specifications should in general use double quotes.  Other values
should use single quotes.  However. sometimes it is not easy to
distinguish between values given on the command line and key
specifications.  According to old GNU coding standards diagnostics
should not start capitalized - whether this is a good idea is a
different thing but we used this rules for most strings.  However,
strings which are used interactively should be properly capitalized
and end with a dot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 10:40:05 +01:00
NIIBE Yutaka
f42c50dbf0 scd: Fix "Conflicting usage" bug.
* scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
  got an error from apdu_disconnect.
* scd/app-common.h (no_reuse): Remove.
* scd/app.c (application_notify_card_reset): Deallocate APP here.
(select_application, release_application): Don't use NO_REUSE.

--

Reproducible scenario: Invoke gpg --card-edit session from a terminal.
Invoke another gpg --card-edit session from another.  Remove a token.
Insert a token again.  Type RET on both terminals.  One of terminal
answers "Conflicting usage".

Perhaps, having NO_REUSE field was to avoid race conditions.  Now,
APP can be safely deallocated by application_notify_card_reset.

Thanks to the2nd.
2015-12-03 11:26:24 +09:00
NIIBE Yutaka
11b2691edd scd: Fix for Curve25519 prefix handling.
* scd/app-openpgp.c (do_decipher): More condition for AES decipher.
  Handle the prefix in cipher text.  Always add the prefix in result.
2015-12-03 08:48:51 +09:00
Neal H. Walfield
cedbd4709e gpg: Use the matching key if the search description is exact.
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
2015-12-03 00:00:54 +01:00
Werner Koch
69db3285e4
build: Require at least Libassuan 2.4.1.
* configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
* agent/gpg-agent.c (create_server_socket): Remove check for
libassuan >= 2.3.0 and >= 2.1.4.
(main): Remove check for libassuan >= 2.1.4.
* scd/scdaemon.c (create_server_socket): Remove check for
libassuan >= 2.1.4.
* dirmngr/dirmngr.c (set_tor_mode): Remove check for
libassuan >= 2.3.0.
* dirmngr/http.c (http_raw_connect, send_request): Remove checks for
libassuan >= 2.3.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 18:57:49 +01:00
Neal H. Walfield
28195f8d27 gpg: Improve documentation.
* g10/tofu.c (initdb): Improve documentation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-02 15:21:58 +01:00
Neal H. Walfield
c73d75103c gpg: Fix type mismatch resulting in a buffer overflow.
* g10/tofu.c (record_binding): Change policy_old's type from an enum
tofu_policy to a long: this variable is passed by reference and a long
is expected.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Justus Winter <justus@g10code.com>
Fixes-commit: f77913e
2015-12-02 15:21:57 +01:00
Werner Koch
28e2513721
dirmngr: Switch to an onion address if Tor is running.
* dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
* dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
--keyserver options.
* dirmngr/server.c (server_local_s): Add field 'tor_state'.
(release_uri_item_list): New.
(release_ctrl_keyservers): Use it.
(start_command_handler): Release list of keyservers.
(is_tor_running): New.
(cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
(ensure_keyserver): Rewrite.
* g10/dirmngr-conf.skel: Add two keyserver options.
--

This feature is independent of --use-tor and automagically uses Tor if
available.  The dirmngr.conf file needs to specify two keyservers to
make this work.  For new installations this is done using the skeleton
file.  This feature requires the Libassuan 2.4.2 to work.

This patch also fixes a memory leak of opt.keyserver en passant.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 12:27:35 +01:00
Werner Koch
17ac843871
http: Enhance parser to detect .onion addresses.
* dirmngr/http.h (parsed_uri_s): Add flag 'onion'.
* dirmngr/http.c (do_parse_uri): Set that flag.
* dirmngr/t-http.c (main): Print flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-02 12:27:35 +01:00
Neal H. Walfield
10cca02c4c common,gpg: Fix processing of search descriptions ending in '!'.
* g10/gpg.c (check_user_ids): If the search description describes a
keyid or fingerprint and ends in a '!', include the '!' in the
rewritten description.
* common/userids.c (classify_user_id): Accept keyids and fingerprints
ending in '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: f99830b7
Fixes-commit: e8c53fca
2015-12-02 12:03:28 +01:00
Justus Winter
9c34711539 dirmngr: Improve error handling.
* dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
checking for errors, but silently ignore errors when looking up SRV
records.
--
This is a follow-up to 946faaff.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-01 13:24:38 +01:00
Werner Koch
9f4f77bc4b
Update NEWS file
--
2015-12-01 08:45:03 +01:00
Werner Koch
3be12d1e1b
build: Let configure show the the status of Tor support
* configure.ac (show_tor_support): New

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-01 08:04:49 +01:00
Werner Koch
fdd2cc5f3b
doc: Clarify dirmngr's --keyserver option.
--
GnuPG-bug-id: 2165
2015-11-30 16:01:07 +01:00
Werner Koch
b2b079cb2f
doc: Typo fix.
--
2015-11-30 11:47:23 +01:00
Werner Koch
4ecb5db804
doc: Make make distcheck work again.
* doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-30 11:45:28 +01:00
Werner Koch
b4756a54a5
yat2m: Add keyword @url.
* doc/yat2m.c (proc_texi_cmd): Add keyword @url.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-30 11:32:00 +01:00
Werner Koch
081c902f16
doc: Build man pages with the same date as the info files.
* doc/Makefile.am (yat2m-stamp): Use option --date.
--

This changes allows reproducible builds.

Debian-bug-id: 806494
2015-11-30 11:27:30 +01:00
Werner Koch
75eb071354
yat2m: New option --date.
* doc/yat2m.c (opt_date): new.
(isodatestring): Use it if set.
(main): New option --date.
2015-11-30 11:25:37 +01:00
Werner Koch
686f31c3d5
gpg: Avoid extra translation strings.
* g10/keyedit.c (menu_expire): Use only one prompt.
--

The old code was anyway not fully i18n because it did not used
ngettext.  Further we ran into const char*/char* conflicts on Windows
where we use a different gettext implementation.

FWIW: A better pattern in the case of a static and a malloced string
w/o error return on malloc failure would be:

  const char *s;
  char *s_buf;
  s_buf = xtryasprintf ("%d foo", n);
  if (!s_buf)
    s = "several foo";
  else
    s = s_buf;
  bar (s);
  xfree (s_buf);
2015-11-27 18:32:27 +01:00
Werner Koch
436a154ea8
kbx: Include gpg-error prior to mischelp.h.
* kbx/keybox-init.c: Change order of includes.
--

This is to avoid redefintion warnings about GPGRT_ATTR_PRINTF.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-27 18:32:26 +01:00