* call-agent.c (start_agent): Don't use log_error when using the
fallback hack to start the agent. This is bug 782.
scripts/
* mail-to-translators: Copied from 1.4. and adjusted.
tools/
* gpgconf-comp.c: Allow changing of --allow-mark-trusted.
* gpg-connect-agent.c (main): New option --decode and commands
decode and undecode.
(read_and_print_response): Implement option.
* keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL):
New.
* keybox-update.c (keybox_compress): Use it here instead of a
magic constant.
sm/
* fingerprint.c (gpgsm_get_fingerprint): Add caching.
(gpgsm_get_fingerprint_string): Use bin2hexcolon().
(gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
as much memory as required.
(gpgsm_get_keygrip_hexstring): Use bin2hex.
* certchain.c (gpgsm_validate_chain): Keep track of the
certificate chain and reset the ephemeral flags.
* keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
Changed caller to use a mask of ~0. Return a proper error code if
the certificate is not available.
g10/
* passphrase.c (passphrase_get): Set the cancel flag on all error
from the agent. Fixes a bug reported by Tom Duerbusch.
sm/
* gpgsm.c (main): Let --gen-key print a more informative error
message.
doc/
* com-certs.pem: Added the current root certifcates of D-Trust and
S-Trust.
g10/
* status.c (write_status_begin_signing): New.
* sign.c (sign_file, sign_symencrypt_file): Call it.
* textfilter.c (copy_clearsig_text): Call it.
* call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
required.
* gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
warning.
* misc.c (obsolete_option): New.
* base64.c: Add new members READER and WRITER in union U2.
(gpgsm_create_reader): Initialise CTX->u2.reader.
(gpgsm_destroy_reader): Invoke ksba_reader_release. Return early
if CTX is NULL.
(gpgsm_create_writer): Initialise CTX->u2.writer.
(gpgsm_destroy_writer): Invoke ksba_writer_release. Return early
if CTX is NULL.
* server.c (skip_options): Skip leading spaces.
(has_option): Honor "--".
(cmd_export): Add option --data to do an inline export. Skip all
options.
* certdump.c (gpgsm_fpr_and_name_for_status): New.
* verify.c (gpgsm_verify): Use it to print correct status messages.
doc/
* gpgsm.texi (GPGSM EXPORT): Document changes.
* server.c (register_commands): New commands DUMPKEYS and
DUMPSECRETKEYS.
(cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
(option_handler): Support with-key-data option.
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
it is locked.
(keydb_store_cert): Lock here.
* keydb.h (keydb_delete): Accept new argument UNLOCK.
* keydb.c (keydb_delete): Likewise. Only unlock if this is set.
* delete.c (delete_one): Add new argument to invocation of
keydb_delete.
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
to allow enumeration. Changed all callers.
(create_request): Process DNS and URI parameters.
* gpgsm-gencert.sh: Reworked to allow for multiple email addresses
as well as DNsanmes and URi. Present the parameter file before
creating the certificate.
char * vs. unsigned char * warnings. The GNU coding standards used to
say that these mismatches are okay and better than a bunch of casts.
Obviously this has changed now.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
* certchain.c (gpgsm_basic_cert_check): Dump certificates after a
failed gcry_pk_verify.
(find_up): Do an external lookup also for an authorityKeyIdentifier
lookup. Factored external lookup code out to ..
(find_up_external): .. new.
* Makefile.am (gpg_preset_passphrase_LDADD): Reorder libs so that
pwquery may use stuff from jnlib. Conditionally add -lwsock2
(gpg_protect_tool_LDADD): Ditto.
* preset-passphrase.c (main): Use default_homedir().
(main) [W32]: Initialize sockets.
* simple-pwquery.c (agent_open) [W32]: Implement for W32.
(readline) [W32]: Use recv instead of read.
(writen) [W32]: Use send instead of write.
(my_stpcpy): Define a stpcpy replacement so that this file
continues to be self-contained.
(agent_send_all_options) [W32]: Don't call ttyname.
* gnupg-badge-openpgp.eps, gnupg-badge-openpgp.jpg: New
* gnupg.texi: Add a logo.
* sysnotes.texi: New.
* gpgsm.c (main): Use default_homedir().
(main) [W32]: Default to disabled CRL checks.
* gpgconf-comp.c (get_config_pathname) [DOSISH]: Detect absolute
pathnames with a drive letter.
directories default to c:/gnupg. Require libassuan 0.6.9.
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket. Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
* import.c: Include unistd.h for dup and close.
(run_command_status_cb): Return cancel status if gpgsm_status
returned an error.
* server.c (gpgsm_status, gpgsm_status2)
(gpgsm_status_with_err_code): Return an error code.
(gpgsm_status2): Always call va_end().
upstream.
(isvalid_status_cb): Ditto.
(gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
(gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
status callback and handle PROGRESS.
* stringhelp.c (w32_strerror) [W32]: New.
* w32-pth.c, w32-pth.h: Added real code written by Timo Schulz.
Not finished, though.
* gpgconf-comp.c <ignore-ocsp-service-url>: Fixed typo.
* w32-pth.c, w32-pth.h: New.
* Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
under W32 we need the w32 pth code from jnlib.
* misc.c (setup_pinentry_env) [W32]: Disabled.
* gpgsm.c (run_protect_tool) [_WIN32]: Disabled.
* import.c (popen_protect_tool): Simplified by making use of
gnupg_spawn_process.
(parse_p12): Likewise, using gnupg_wait_process.
* export.c (popen_protect_tool): Ditto.
(export_p12): Ditto.
* kbxutil.c (i18n_init): Always use LC_ALL.
* gpgsm.c (i18n_init): Always use LC_ALL.
* certdump.c (gpgsm_format_name): Factored code out to ..
(gpgsm_format_name2): .. new.
(gpgsm_print_name): Factored code out to ..
(gpgsm_print_name2): .. new.
(print_dn_part): New arg TRANSLATE. Changed all callers.
(print_dn_parts): Ditto.
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
it to stay UTF-8 but we still want to filter out bad control
characters.
* gpgconf.c (i18n_init): Always use LC_ALL.
* POTFILES.in: Add more files.
* app-openpgp.c (do_sign): Add the error string to the verify
failed messages.
* keylist.c (list_cert_colon): Make sure that the expired flag has
a higher precedence than the invalid flag.
passphrase has been given.
* gpg-agent.texi (Invoking GPG-AGENT): Add a few words about the
expected pinentry filename.
* import.c (parse_p12): Write an error status line for bad
passphrases. Add new arg CTRL and changed caller.
* export.c (export_p12): Likewise.
--with-validation is set.
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.
tests/pkits: New directory
stable version 0.1.x.
* scdaemon.texi (Card applications): New section.
* scdaemon.c (main): New option --disable-application.
* app.c (is_app_allowed): New.
(select_application): Use it to check for disabled applications.
* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
(start_connection_thread): Hack to simulate a ticker.
* trustlist.c (agent_trustlist_housekeeping)
(agent_reload_trustlist): New. Protected all global functions
here with a simple counter which is sufficient for Pth.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
(list_cert_colon): Reorganized to be able to tell whether a root
certificate is trusted.
message.
* decrypt.c (gpgsm_decrypt): Ditto.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
(enable_core_dumps): New.
* gpgsm.texi (Esoteric Options): Add --debug-allow-core-dump.
* gpgsm.c: New option --debug-allow-core-dump.
* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
* server.c (gpgsm_server): Print some additional information with
the hello in verbose mode.
(store_private_key): Print status messages for imported keys.
(read_and_unprotect): Ditto for bad passphrase.
* import.c (check_and_store): Do not update the stats for hidden
imports of issuer certs.
(popen_protect_tool): Request statusmessages from the protect-tool.
(parse_p12): Detect status messages. Add new arg STATS and update them.
(print_imported_summary): Include secret key stats.
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL. Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
Introduce PACKAGE_GT and set it to gnupg2.
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
* Makevars (DOMAIN): Init from PACKAGE_GT
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
not just warn if a cert is not suitable; bail out immediately.
* call-dirmngr.c (isvalid_status_cb): New.
(unhexify_fpr): New. Taken from ../g10/call-agent.c
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
it thru. Detect need to check the respondert cert and do that.
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed
all callers.