* scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop
when an event was encountered.
--
Here the event handle is passed to npth_eselect so that this function
can detect the event and reset the event. There is no need to consume
this information here. However, npth_select might also got a ready
file descriptor along with the event and by doing a "continue" we
would miss the ready state of the file descriptor. The fix is to do
nothing here, similar to what we do in gpg-agent.
Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12
GnuPG-bug-id: 2982
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
* common/recsel.c (struct recsel_expr_s): Add field lefta.
(recsel_parse_expr): Parse it.
(recsel_select): Implement selection.
--
This flags makes it for example easy to select keys last updated from
an ldap server:
gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \
-k --with-key-origin
* tools/gpg-card.c (cmd_list): Add optional ar use_opt_cards.
(enum cmdids): Add cmdLISTCARDS.
(cmds): New command "ll".
(interactive_loop): Ditto.
--
Using "l --cards" is a command required very often thus it makes sense
to have an alias for it. ll also allows to switch the card without
showing the long listing.
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--
Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158
GnuPG-bug-id: 7547
* dirmngr/dirmngr.c (initialize_modules): New.
(thread_init): Run npth_init only once. Re-init Libassuan and
Libgcrypt syscall clamps. Replace all calls by calls to
initialize_modules.
--
GnuPG-bug-id: 6606
* agent/gpg-agent.c (start_connection_thread_std): Close socket on
nonce mismatch.
(start_connection_thread_extra): Ditto.
(start_connection_thread_browser): Ditto.
(start_connection_thread_ssh): Ditto.
* dirmngr/dirmngr.c (start_connection_thread): Ditto.
* kbx/keyboxd.c (start_connection_thread): Ditto.
--
Usually Libassuan takes care of closing the socket but because we do
the nonce check before setting up Assuan we need to explicit close
it.
GnuPG-bug-id: 7434
* build-aux/speedo.mk: Remove support gpgme.
* build-aux/speedo/w32/inst.nsi: Ditto.
* build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components.
--
GPGME is either already availabale on Unix platforms or can be
installed on Widnows with gpg4win. GnuPG itself does not require
gpgme.
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new. Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig. Also re-check the signature after the import
of an included keyblock.
--
The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.
Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.
GnuPG-bug-id: 7527
* doc/Makefile.am: Ship gnupg.7.html with other html, not with
manpages.
--
Without this change, gnupg.7.html gets placed in /usr/share/manh/
Since it can't be correctly rendered by groff, this is undesirable.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/getkey.c (get_keyblock_byfpr_fast): Add arg primary_only and
implement.
* g10/import.c (import_one_real): Simplify filling the fpr buffer with
zeroes.
(import_one_real): Find key only by primary fingerprint.
--
This should have been done early: When looking up the original
keyblock we want to update, we need to lookup it up only using the
primary key. This avoids to find a key which has the primary key also
has a subkey.
GnuPG-bug-id: 7527
* g10/call-agent.c (agent_crosslink_keys): New.
* g10/keygen.c (common_gen): Store the Link attribute.
--
The Link attribute may be useful to quickly find the other part of a
composite private key.
GnuPG-bug-id: 6638
* g10/options.h (flags): Add field disable_pqc_encryption.
* g10/gpg.c (oDisablePQCEncryption): New.
(opts): Add --option.
(main): Set option.
* g10/getkey.c (finish_lookup): Skip subkeys if option is set.
--
This option can be used to avoid the use of Kyber encryption subkeys
if this does not make sense (i.e. protection of local files).
* kbx/keybox-fwddecl.h: New.
* kbx/keybox.h: Replace typedef for KEYBOX_HANDLE by including the new
file.
* g10/keydb-private.h: Ditto.
--
The duplicated typedef was a bit ugly and will fail, depending on
compiler, iof for example building without keyboxd. Fix only tested
in the standard case but the fix is obvious.
* tests/gpgscm/ffi.c (do_process_spawn_io): Fix use of FD_ISSET.
--
This bug was detected on an i686 with gcc 4.1 and Linux 2.6.18
Fixes-commit: 1b0ce9918c321a5060fb7c59a234ab683187e8c1
* tests/gpgscm/scheme.c (MY_GCC_VERSION): New.
(type_to_string): Use gcc build in only when supported.
--
Note that we do not wnat to use the GPGRT macro to keep this file as
close to upstream as possible.
* g10/gpg.c (set_compliance_option) <oDE_VS>: Change.
--
This version has not yet been evaluated and thus we are able to
change it to a more useful default.
* g10/gpg.c (set_compliance_option): Base most settings on oGnuPG.
For oGnuPG explictly clear the allow_old_cipher_algos flag.
--
Note that --allow-old-cipher-algos must now come after a compliance
settings. This avoids a bug when first setting oRFC2440 and then
oGnuPG which would not clear the flag.
GnuPG-bug-id: T7501
* doc/gpg.texi (Compliance options): Explain that when multiple
--compliance options are given, the final one supersedes any previous
option.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): oPGP7 and oPGP8 both restore
policy-relevant default options before setting the compliance flag.
--
With this change, any ordering of --compliance options will always
result in the options selected from the last option given.
GnuPG-bug-id: 7501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): oGnuPG restores default
policy-affected options, moved from...
(main): ...here. Invoke set_compliance_option(oGnuPG) directly
instead of just setting opt.compliance.
--
Some of these default option values (flags.dsa2, rfc2440_text,
allow_non_selfsigned_uid, allow_freeform_uid) had to be inferrerd from
the fact that the opt struct is static and therefore initialized to
zero by the compiler.
With this change, --compliance=gnupg now completely reverts to the
defaults that were changed from other --compliance= options.
GnuPG-bug-id: T7501
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (set_compliance_option): clear
opt.flags.require_cross_cert with oRFC2440
--
This aligns with the expectations in RFC 2440, which doesn't specify
any cross-certifications. As doc/gpg.texi says: "This is dangerous",
but it aligns with the specification.
The comment above says that 4880 is the same as 2440, "but with [...]
--require-cross-certification", so we align the code with the intent
from the comment. It looks like opt.require_cross_cert was turned on
by default after that comment (and the oRFC2440 section) was written,
but the oRFC2440 section was never updated to turn it off.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
