1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-26 10:59:58 +01:00

8684 Commits

Author SHA1 Message Date
Werner Koch
c1d716cd65
card: Add new OpenPGP card vendor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-01-28 15:50:08 +01:00
Werner Koch
9f386cca64
card: Add new OpenPGP card vendor
--

Backport from master.
2020-01-21 11:20:12 +01:00
Werner Koch
a265d3997a
gpgconf,w32: Print a warning for a suspicious homedir.
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
2020-01-17 14:28:13 +01:00
NIIBE Yutaka
a7840777e4 gpg: default-key: Simply don't limit by capability.
* g10/getkey.c (parse_def_secret_key): Remove the check.

--

Backport from master commit:
	1aa2a0a46dc19e108b79dc129a3b0c5576d14671

GnuPG-bug-id: 4810
Fixes-commit: e573e6188dada4d70f6897aa2fda3c3af8c50441
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-16 10:31:23 +09:00
NIIBE Yutaka
6e4f7fe26e po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-01-15 15:51:41 +09:00
Werner Koch
b966d05837
doc: Removed the footnote that OpenPGP is not used with the keybox
--
GnuPG-bug-id: 4799
2020-01-08 13:32:23 +01:00
Werner Koch
31f1fc3131
Update wk's signing key
--
The expiration time of that smartcard based key has been prolonged
by 2 years.
2020-01-01 19:06:30 +01:00
Werner Koch
def1ceccf0
gpg: Fix output of --with-secret if a pattern is given.
* g10/keylist.c (list_one): Probe for a secret key in --with-secret
mode.
--

In contrast to list_all(), list_one() did not tests for a secret key
and took MARK_TRUSTED verbatim as an indication for "secret key
available".

GnuPG-bug: 4061
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5)
2019-12-23 12:44:00 +01:00
Andre Heinecke
a56c591f90
speedo: Make signing optional for w32-release
* build-aux/speedo.mk (AUTHENTICODE_sign): Check if
certificates are available.
2019-12-19 13:14:19 +01:00
Andre Heinecke
28403cb5fe
speedo: Use multithreaded xz for w32 source
* build-aux/speedo.mk (dist-source): Add -T0 parameter to xz.
2019-12-19 13:13:30 +01:00
Andre Heinecke
4d9b262584
speedo: Improve and document wixlib build
* Makefile.am (sign-release): Add handling for wixlib.
* build-aux/speedo.mk: Add help-wixlib and improve handling.
2019-12-19 13:13:24 +01:00
Andre Heinecke
c461de93f4
speedo, w32: Add w32-wixlib target for MSI package
* Makefile.am (EXTRA_DIST): Add wixlib.wxs
* build-aux/speedo.mk (w32-wixlib): New target.
(w32-release): Build wixlib if WIXPREFIX is set.
(help): Add documentation.
* build-aux/speedo/w32/wixlib.wxs

--
This build a wixlib of the Windows binaries of GnuPG.
A wixlib is a module that can be linked into another
wix project to create an installer including this
module. Gpg4win uses the wixlib from GnuPG for
it's MSI Package.

To build the wixlib you need wine with wine-mono installed
and the wixtoolset.

When calling speedo set the variable WIXPREFIX to
the location containing the extracted toolset.

e.g.:

    make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix

(cherry picked from commit 0b7088dc8035e8d5832c89085eea3b288de67710)
2019-12-17 16:29:50 +01:00
Werner Koch
0bdbd37b87
Post release updates
--
2019-12-07 12:51:18 +01:00
Werner Koch
1c841c8389
Release 2.2.19 gnupg-2.2.19 2019-12-07 12:00:09 +01:00
Werner Koch
c6feb84bc9
po: Auto-update
--
2019-12-07 11:58:16 +01:00
Werner Koch
8823adaa40
po: Update German translation
--
2019-12-07 11:57:27 +01:00
Werner Koch
03983711b3
po: Make g10/call-dirmngr.c translatable.
* po/POTFILES.in: Add g10/call-dirmngr.c
* g10/call-dirmngr.c (create_context): Change an i18n sting for easier
reuse.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-07 11:56:13 +01:00
Werner Koch
438a1ec297
dirmngr: Tell gpg about WKD lookups resulting from a cache.
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--

This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-07 11:41:51 +01:00
Werner Koch
8c167febc0
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--

See the code for a description of the problem. Tested using the certs
from the bug report and various command lines

  gpgsm --faked-system-time=XXXX --disable-crl-checks \
         -ea -v --debug x509  -r 0x95599828

with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired

The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.

GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d246f317c04862cacfefc899c98da182ee2805a5)
2019-12-06 20:32:57 +01:00
Werner Koch
78bb81e9de
gpg: Use AKL for angle bracketed mail address with -r.
* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
(get_best_pubkey_byname): Ditto.
--

With this patch it is now possible to use

  gpg -e -r '<foo@example.org>'

and auto key locate will find the key.  Without that a plain mail
address; i.e.

  gpg -e -r 'foo@example.org'

was required.

GnuPG-bug-id: 4726
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-04 16:18:36 +01:00
NIIBE Yutaka
db34d84a1b po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-12-03 17:12:21 +09:00
Werner Koch
9ac182f376
gpg: Fix double free with anonymous recipients.
* g10/pubkey-enc.c (get_session_key): Do not release SK.
--

Bug is in 2.2.18 only.

The semantics of the enum_secret_keys function changed in master.
When back porting this for 2.2.18 I missed this change and thus we ran
into a double free.  The patches fixes the regression but is it clumsy.
We need to change the enum_secret_keys interface to avoid such a
surprising behaviour; this needs to be done in master first.

Regression-due-to: 9a317557c58d2bdcc504b70c366b77f4cac71df7
GnuPG-bug-id: 4762
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-29 17:44:12 +01:00
Werner Koch
80971adbc1
Post release updates
--
2019-11-25 21:50:26 +01:00
Werner Koch
82b9e1bdbd
Release 2.2.18 gnupg-2.2.18 2019-11-25 20:28:33 +01:00
Werner Koch
253fadbf88
po: auto-update
--
2019-11-25 20:24:48 +01:00
Andre Heinecke
f29a9ed9d0
speedo: Tell makensis the used charset of the script.
--

Adapted from the version in master.
2019-11-25 20:09:48 +01:00
Werner Koch
8e49fc7f43
tests: Adjust for now invalid SHA-1 key signatures.
* tests/openpgp/defs.scm (create-gpghome): Add
allow-weak-key-signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-25 16:28:06 +01:00
Werner Koch
f027c2d5be
po: Update German translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-25 16:26:25 +01:00
Werner Koch
96c4943a5b
agent: Improve --debug-pinentry diagnostics
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--

We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging.  Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c8783b3a204b371d44b8953429652101cf2e4d1b)
2019-11-25 11:41:02 +01:00
Werner Koch
10168a103b
doc: Prepare a NEWS file for the next release.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-24 20:42:57 +01:00
Werner Koch
dd373d4a27
doc,dirmngr: Clarify --standard-resolver.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c21267e1c7aab332ebcd26f27f7f9724839a8e3a)
GnuPG-bug-id: 4547
2019-11-23 20:30:22 +01:00
Werner Koch
6e893061b5
wkd: Let --install-key write a template policy file.
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--

GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d)
2019-11-23 13:50:21 +01:00
Werner Koch
499cd4d2eb
doc: Clarify how to use --log-file in gpg.
--

Note that in 2.3 --batch is not anymore required.
2019-11-18 18:51:36 +01:00
Werner Koch
3efc94f1eb
dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:36 +01:00
Werner Koch
4dd5099125
dirmngr: Forward http redirect warnings to gpg.
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--

This should make it easier to diagnose problems with bad WKD servers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:33 +01:00
Werner Koch
466bdf7c07
dirmngr: Factor some prototypes out to dirmngr-status.h.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (t_common_src): Add new file.
--

This helps to backport changes from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-18 18:44:30 +01:00
Werner Koch
0f37727fca
dirmngr: Fixed typo in recently added diagnostic.
--
2019-11-18 18:44:28 +01:00
NIIBE Yutaka
9b41f58c8a scd,ccid: Add support of GEMPC_EZIO.
* scd/ccid-driver.h (GEMPC_EZIO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Support GEMPC_EZIO.

--

This is backport from master.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-11-15 15:49:46 +09:00
Werner Koch
392e068e9f
dirmngr: Use IPv4 or IPv6 interface only if available.
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--

This currently works only for Windows but that is where users really
ran into problems.  The old workaround was to configure disable-ipv4
or disable-ipv6.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-12 20:31:34 +01:00
Werner Koch
754a03f5a2
gpg: Forbid the creation of SHA-1 third-party key signatures.
* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
(do_sign): Add arg signhints and inhibit SHA-1 signatures.  Change
callers to pass 0.
(complete_sig): Add arg signhints and pass on.
(make_keysig_packet, update_keysig_packet): Set signhints.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit dd18be979e138dd3712315ee390463e8ee1fe8c1)
2019-11-11 12:39:22 +01:00
Werner Koch
3b1fcf6523
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e624c41dbafd33af82c1153188d14de72fcc7cd8)
2019-11-11 12:29:18 +01:00
Werner Koch
1d83f92fa9
doc: Improved description of status PLAINTEXT_LENGTH.
--

GnuPG-bug-id: 4741
2019-11-07 15:46:00 +01:00
Werner Koch
2975868ede
gpg: Fix a potential loss of key sigs during import with self-sigs-only.
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--

This fixes a regression introduced with self-sigs-only.

GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6701a38f8e4a35ba715ad37743b8505bfd089541)
2019-11-07 15:13:13 +01:00
Werner Koch
3ae5cefc64
po: Fix an accidentally translated keyword in zh_TW.
--
GnuPG-bug-id: 4737

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-04 09:51:25 +01:00
Werner Koch
76d606d95d
doc: Typo fix for gpg.texi in desc of --local-sigs.
--

(Already fixed in master in January)
2019-10-17 16:40:46 +02:00
Werner Koch
d8052db74a
gpg: Also delete key-binding signature when deleting a subkey.
* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
--

GnuPG-bug-id: 4665, 4457
Fixes-commit: d9b31d3a20b89a5ad7e9a2158b6da63a9a37fa8a
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-15 14:37:54 +02:00
NIIBE Yutaka
2906636b92 Revert "gpg: The first key should be in candidates."
This reverts commit 66eb953f43800a91c4280ae8fd49f6dc8cf74578.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-15 20:54:10 +09:00
Werner Koch
652ca4b2bf
gpg: Extend --quick-gen-key for creating keys from a card.
* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
support the special algo "card".
(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
Handle the "card" algo.  Adjust callers.
(parse_algo_usage_expire): Add arg R_KEYGRIP.
(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
list.
(quick_generate_keypair): Handle algo "card".
(generate_keypair): Also handle the keygrips as returned by
parse_key_parameter_string.
(ask_algo): Support ed25519 from a card.
--

Note that this allows to create a new OpenPGP key from an initialized
OpenPGP card or from any other supported cards.  It has been tested
with the TCOS Netkey card.  Right now a stub file for the cards might
be needed; this can be achieved by running "gpgsm --learn" with the
card plugged in.

Example:

  gpg --quick-gen-key foo@example.org card

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead
which required to remove the extra key version args.

GnuPG-bug-id: 4681
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-10-15 12:11:02 +02:00
NIIBE Yutaka
fe02709ffd po: Update Japanese translation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-15 10:06:59 +09:00
NIIBE Yutaka
66eb953f43 gpg: The first key should be in candidates.
* g10/getkey.c (get_best_pubkey_byname): Handle the first key
as the initial candidate for the selection.

--

Cherry-picked from master commit:
	7535f1d47a35e30f736f0e842844555f7a4a9841

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-10-15 09:47:09 +09:00