1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00
Commit Graph

10293 Commits

Author SHA1 Message Date
Andre Heinecke
6878634c25
speedo,w32: Update libassuan dll name in wxs
* build-aux/speedo/w32/wixlib.wxs: Update name and UID for
libassuan
2024-08-12 15:02:24 +02:00
Daniel Cerqueira
4349855bd3
po: Update pt.po
--

Here is the Git patch of the updated GnuPG pt.po translation.

From d05a67bc357752ab64521a34bdd4bb461998d78d Mon Sep 17 00:00:00 2001
From: Daniel Cerqueira <dan.git@lispclub.com>
Date: Fri, 2 Aug 2024 14:21:47 +0100
Subject: [PATCH GnuPG] po: Update Portuguese Translation.

Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>

Backported-from-master: d73beb5398
(I hope that I did not break too much)
2024-08-12 15:01:32 +02:00
Werner Koch
3a28da61ae
sm: More improvements for PKCS#12 parsing for latest IVBB changes.
* common/tlv.h (TLV_PARSER_FLAG_T5793): New.
(tlv_parser_new): New macro.  Rename function with an underscore.
(tlv_next_with_flag): New.
* common/tlv-parser.c (struct tlv_parser_s): Remove const from buffer.
Add fields crammed, lasttlv, and origoff.  Remove bufferlist ands ist
definition.
(dump_to_file): New but disabled debug helper.
(parse_tag): Print more info on error.
(_tlv_parser_new): Add args lasttlv and LNO.  Take a copy of the data.
(_tlv_parser_release): Free the copy of the buffer and return the
recorded TLV object from tlv_parser_new.
(_tlv_peek, tlv_parser_peek, _tlv_parser_peek_null): Remove.
(_tlv_push): Record crammed length.
(_tlv_pop): Restore crammed length.
(_tlv_parser_next): Add arg flags.  More debug output.  Handle cramming
here.  Take care of cramming here.
(tlv_expect_object): Simplify to adjust for changes in _tlv_parser_next.
(tlv_expect_octet_string): Remove arg encapsulates.  Adjust for
changes in _tlv_parser_next.  Change all allers.
(tlv_expect_null): New.
(cram_octet_string): Rewrite.
(need_octet_string_cramming): Remove.

* sm/minip12.c (dump_to_file): New.  Enablein debug mode and if a
envvar ist set.  Replace all explict but disabled dumping to call this
function.
(parse_bag_encrypted_data): Replace tlv_peek_null and a peeking for an
optional SET by non-peeking code.
(parse_cert_bag): Ditto.
(parse_shrouded_key_bag): Replace tlv_peek_null by non-peeking code.
(parse_bag_encrypted_data): Use the new TLV_PARSER_FLAG_T5793 to
enable the Mozilla workaround.
(parse_bag_encrypted_data): Replace the 'renewed_tlv' code by the new
tlv_parser_release semantics.
(parse_shrouded_key_bag): Ditto.
(parse_shrouded_key_bag): Create a new context instead of using the
former encapsulated mechanism for tlv_expect_octet_string.
(parse_bag_data): Ditto.
(p12_parse): Ditto.
--

GnuPG-bug-id: 7213

Fixing this took way too long; I should have earlier explained the
code to a co-hacker to find the problem myself in my code by this.

Backported-from-master: 690fd61a0c
2024-08-07 10:22:01 +02:00
Werner Koch
e4298d5684
scd: New getinfo subcommand "manufacturer"
* scd/command.c (cmd_getinfo): Add subcommand "manufacturer".
* scd/app-openpgp.c (get_manufacturer): Rename to ...
(app_openpgp_manufacturer): this and make global.
--

Example:

  $ gpg-connect-agent 'scd getinfo manufacturer 42' /bye
  D Magrathea
  OK
2024-08-07 10:20:21 +02:00
Werner Koch
b614309876
scd: New getinfo subcommand "dump_state".
* scd/command.c (cmd_getinfo): Add subcommand.  Always init CTRL for
simplicity.
--

A state dump looks like

  app_dump_state: card=0x00007f1b38017c90 slot=1 type=yubikey refcount=1
  app_dump_state:   app=0x00007f1b38018100 type='openpgp'
  app_dump_state:   app=0x00007f1b3800cb70 type='piv'
  app_dump_state: card=0x00007f1b38013a10 slot=0 type=gnuk refcount=0
  app_dump_state:   app=0x00007f1b38016fc0 type='openpgp'

and can also be triggered by a SIGUSR1.  This explicit command allows
to dump the state also on Windows.  Use for example

  gpg-connect-agent 'scd getinfo dump_state' /bye
2024-08-07 10:20:19 +02:00
Werner Koch
658a139d68
doc: Fix URL to the OpenPGP card specs
--
2024-08-07 10:20:12 +02:00
Werner Koch
5d3f3c8076
speedo,w32: Also sign the new libassuan SO name.
--
2024-07-01 17:25:32 +02:00
Werner Koch
5d3995b16b
speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.
--

Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista.  Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.

The SO number of libassuan needs an update too.
2024-07-01 16:59:38 +02:00
Werner Koch
83ede262b7
Update NEWS
--
2024-07-01 15:48:28 +02:00
Werner Koch
4d901904d7
gpgconf: Allow listing of some new options
--

Also one old option.

GnuPG-bug-id: 6882
(cherry picked from commit df977729ff)
2024-07-01 15:47:37 +02:00
Werner Koch
3765b42383
sm: Emit user IDs in colon mode even if the Subject is empty.
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
(cherry picked from commit 1067e544c2)
2024-07-01 15:12:09 +02:00
Werner Koch
dc9a52cb4e
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.

(cherry picked from commit fee890a2ab)
2024-07-01 15:07:37 +02:00
Werner Koch
ce75af47eb
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
(cherry picked from commit 77afc9ee1c)
2024-07-01 15:07:03 +02:00
Werner Koch
222045d850
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.

(cherry picked from commit 9d618d1273)
2024-07-01 15:01:50 +02:00
Werner Koch
330354972a
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
(cherry picked from commit 465ea9116d)
2024-07-01 15:01:14 +02:00
Werner Koch
c6cecbd89a
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
(cherry picked from commit ed118e2ed5)
2024-07-01 15:00:16 +02:00
Werner Koch
28dd05a079
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.

(cherry picked from commit d2dca58338)
2024-07-01 14:58:42 +02:00
Werner Koch
6551281ca3
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.

(cherry picked from commit 068ebb6f1e)
2024-07-01 14:48:48 +02:00
NIIBE Yutaka
5746c944cd
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit c4ff9c5def)
2024-07-01 14:38:51 +02:00
NIIBE Yutaka
81fc7b291e
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 14400b2fb3)
2024-07-01 14:38:50 +02:00
Werner Koch
0ed8e9ae3e
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit b3f1f2cd19)
2024-07-01 14:38:46 +02:00
NIIBE Yutaka
fd9872295b
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 5d980802ac)
2024-07-01 14:17:09 +02:00
NIIBE Yutaka
59e785b543
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d98521b934)
2024-07-01 14:16:48 +02:00
NIIBE Yutaka
6996e5f6ff
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 36d8cffc6c)
2024-07-01 14:16:18 +02:00
NIIBE Yutaka
fc732131a1
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9aa6faaf10)
2024-07-01 14:15:39 +02:00
NIIBE Yutaka
e94f793ebf
Fix the previous commit.
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.

--

GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 9bc3f2ad52)
2024-07-01 14:14:59 +02:00
NIIBE Yutaka
70bb9c5127
scd: Fix how scdaemon pipe server finishes.
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 01fa318be0)
2024-07-01 14:14:49 +02:00
NIIBE Yutaka
76066d71f4
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 55559c8b66)
2024-07-01 14:13:51 +02:00
NIIBE Yutaka
c868d23f61
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 563bfbb0be)
2024-07-01 14:13:10 +02:00
Werner Koch
a564a9f66c
gpg-mail-tube: New utility.
* tools/gpg-mail-tube.c: New.
* tools/Makefile.am: Add it.
--

Backported-from-master: 28a080bc9f

We had to use the old spawn interface from gnupg-2.4 here.
2024-07-01 12:16:12 +02:00
Werner Koch
2130760904
tools: New support functions for the mail parser.
* tools/rfc822parse.h (RFC822PARSE_HEADER_SEEN): New.
* tools/rfc822parse.c (rfc822_cmp_header_name): New.
(insert_header): Run header seen callback.
(rfc822parse_last_header_line): New.
(rfc822_free): New.
* tools/wks-receive.c (t2body): Use it here.
* tools/mime-parser.c (parse_message_cb): and here.
---

Backported-from-master: 675b12ddd8
2024-07-01 10:50:18 +02:00
Frans Spiesschaert
afcac631f1
po: Update Dutch translation
--
2024-06-25 09:48:15 +02:00
Todd Zullinger via Gnupg-devel
95062e27c6
doc: fix home dir path in common.conf
* doc/examples/common.conf: fix home dir path

--

Fix a few typos in user-specific path of common.conf added in d13c5bc24
(gpg,gpgsm: Move use-keyboxd to the new conf file common.conf,
2021-04-19).  The file is in the GnuPG home dir.  Replace 'use if' with
'use of' as well.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2024-06-25 09:43:23 +02:00
Werner Koch
489b9c6ebb
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:49:51 +02:00
Werner Koch
db556fcb7a
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:54:09 +02:00
Werner Koch
d6bbb90f1e
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:41:51 +02:00
Werner Koch
025a9853c7
build: Now uses an external gpg-authcode-sign.sh
--
2024-06-10 11:35:15 +02:00
Werner Koch
02fc728b41
Update NEWS
--
2024-06-10 09:30:40 +02:00
Werner Koch
a2966c9d89
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 11:18:13 +02:00
Jakub Jelen
f549446933
gpg-auth: Fix use after free.
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
(cherry picked from commit 9adaa79ab4)
2024-05-29 11:49:10 +02:00
Jakub Jelen
ece154562f
gpgsm: Avoid double free when checking rsaPSS signatures.
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40c
(cherry picked from commit dcb0b6fd48)
2024-05-29 11:48:54 +02:00
Jakub Jelen
524e3a9345
scd: Avoid buffer overrun with more than 16 PC/SC readers.
* scd/apdu.c (apdu_dev_list_start): Fix end condition.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f8999

(cherry picked from commit 4c1b007035)
2024-05-29 11:48:31 +02:00
Jakub Jelen
521455df07
agent: Avoid uninitialized access in GENKEY command on parameter error.
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129

(cherry picked from commit 379fc5569d)
2024-05-29 11:48:17 +02:00
Werner Koch
5e7ea64305
agent: Avoid double free of empty string in the PIN caching.
* agent/call-scd.c (handle_pincache_get): Set PIN to NULL.  Also add
DBG_CACHE conditionals and don't return the pin in the debug output.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit bdbf5cee2f)
2024-05-29 11:48:02 +02:00
Werner Koch
19d93a239d
agent: Make sure to return success in ephemeral store mode.
* agent/genkey.c (store_key): Clear ERR on success.
--

This fixes a real problem which might let ephemeral store mode fail
randomly.

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit fdc5003956)
2024-05-29 11:47:28 +02:00
Werner Koch
0b52f83780
wks: Make sure that ERR is always initialized.
* tools/wks-util.c (install_key_from_spec_file): Initialize ERR in case
the loop is never run.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit 021c27510b)
2024-05-29 11:47:13 +02:00
Werner Koch
234e9db3c3
gpg: Avoid a double free on error in the key generation.
* g10/keygen.c (card_store_key_with_backup): Avoid double free and
simplify error handling.
--

This is part of
GnuPG-bug-id: 7129
Co-authored-by: Jakub Jelen <jjelen@redhat.com>

(cherry picked from commit bcc002cd45)
2024-05-29 11:46:48 +02:00
Werner Koch
f46d75f0b2
scd:openpgp: Add new vendor.
--
2024-05-29 11:46:03 +02:00
Werner Koch
5355d08855
card: Fix compiler warning.
* tools/gpg-card.h (opt): Make gpg_program, gpgsm_program, and
agent_program const.
2024-05-16 09:34:52 +02:00
Werner Koch
7f661aa129
kbx: Use standard function to setup gcrypt logging in kbxutil.
* kbx/kbxutil.c (main): Use setup_libgcrypt_logging.
(my_gcry_logger): Remove.
2024-05-16 09:34:46 +02:00