1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10537 Commits

Author SHA1 Message Date
Werner Koch
736579331b
gpgconf: Print the full commit id.
* autogen.sh: Update to version 2024-07-04 from libgpg-error.
* configure.ac (BUILD_REVISION): Rename the ac_define by
BUILD_COMMITID.
* tools/gpgconf.c (show_version_gnupg): Use it here.
2024-07-04 17:21:45 +02:00
NIIBE Yutaka
d78131490e
build: Require libgpg-error 1.50 or later.
* configure.ac (NEED_GPGRT_VERSION): Need 1.50.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-02 09:56:24 +09:00
Werner Koch
22072f635f
speedo,w32: Also sign the new libassuan SO name.
--
2024-07-01 17:25:06 +02:00
Werner Koch
d56b63a661
speedo,w32: Add extra flags for gpgrt and fix SO name of libassuan.
--

Due to the recently introduced use of STARTUPINFOEXW in gpgrt we now
need at least Windows Vista.  Version 8 of Mingw defaults to XP SP2
which requires us to explicit override that default.

The SO number of libassuan needs an update too.
2024-07-01 16:57:03 +02:00
Werner Koch
df977729ff
gpgconf: Allow listing of some new options
--

Also one old option.

GnuPG-bug-id: 6882
2024-07-01 15:47:03 +02:00
Werner Koch
0c34edc443
gpg: Make --with-sig-check with -with --show-key in non-colon mode.
* g10/keylist.c (list_keyblock_direct): Set check_sigs.
2024-07-01 09:21:49 +02:00
Werner Koch
28a080bc9f
gpg-mail-tube: New utility.
* tools/gpg-mail-tube.c: new.
* tools/Makefile.am: Add it.
2024-06-28 17:59:55 +02:00
Werner Koch
675b12ddd8
tools: New support functions for the mail parser.
* tools/rfc822parse.h (RFC822PARSE_HEADER_SEEN): New.
* tools/rfc822parse.c (rfc822_cmp_header_name): New.
(insert_header): Run header seen callback.
(rfc822parse_last_header_line): New.
(rfc822_free): New.
* tools/wks-receive.c (t2body): Use it here.
* tools/mime-parser.c (parse_message_cb): and here.
2024-06-28 17:59:55 +02:00
NIIBE Yutaka
c4ff9c5def
agent: Require use of "SCD DEVINFO --watch" command with socket.
* agent/call-scd.c (agent_card_devinfo): Check if client connects
by a socket.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:51:22 +09:00
NIIBE Yutaka
14400b2fb3
agent: Initialize thread_startup.fd for pipe connection.
* agent/gpg-agent.c (main): Let it have defined value.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-28 13:48:04 +09:00
NIIBE Yutaka
b3f1f2cd19
agent: Handle SCD DEVINFO --watch command in a special way.
* agent/call-scd.c (devinfo_watch_thread): New.
(agent_card_devinfo): New.
(agent_card_scd): Call agent_card_devinfo when it's
DEVINFO_WATCH_COMMAND.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:29:01 +09:00
NIIBE Yutaka
5d980802ac
agent:daemon: Add an argument to specify requiring socket connection.
* agent/agent.h (daemon_start): Add REQ_SOCK argument.
* agent/call-daemon.c (daemon_start): Support specifying a socket
connection.
* agent/call-scd.c (start_scd): Connection don't care.
* agent/call-tpm2d.c (start_tpm2d): Likewise.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-27 15:26:25 +09:00
NIIBE Yutaka
d98521b934
scd: Restrict use of DEVINFO --watch command for socket connection.
* scd/app.c (app_send_devinfo): Return GPG_ERR_INV_HANDLE when
it's not socket when KEEP_LOOPING != 0.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-26 11:13:05 +09:00
Frans Spiesschaert
f4e3ee61b8
po: Update Dutch translation
--
2024-06-25 09:46:07 +02:00
Todd Zullinger via Gnupg-devel
60677e65fb
doc: fix home dir path in common.conf
* doc/examples/common.conf: fix home dir path

--

Fix a few typos in user-specific path of common.conf added in d13c5bc24
(gpg,gpgsm: Move use-keyboxd to the new conf file common.conf,
2021-04-19).  The file is in the GnuPG home dir.  Replace 'use if' with
'use of' as well.

Signed-off-by: Todd Zullinger <tmz@pobox.com>
2024-06-25 09:41:14 +02:00
NIIBE Yutaka
36d8cffc6c
scd: Finish DEVINFO --watch command on input close.
* scd/app.c (card_list_signal): Use pipe on POSIX system, event on
Windows.
(card_list_wait): Detect input change as well as card list event
change.
(app_send_devinfo): Finish the command on input close.
(initialize_module_command): Initialize pipe or event.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-25 15:34:32 +09:00
NIIBE Yutaka
9aa6faaf10
scd: Factor out scd_init_event function.
* scd/scdaemon.c (scd_init_event): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-25 15:34:25 +09:00
Werner Koch
1695cf267e
gpg: New option --show-only-session-key
* g10/options.h (opt): Add show_only_session_key and turn
show_session_key into a bit flag.
* g10/gpg.c (oShowOnlySessionKey): New.
(opts): Add "show-only-session-key".
(main): Set flag.
* g10/mainproc.c (proc_encrypted): Handle the new option.

* g10/decrypt-data.c (decrypt_data): Ditto.  Add compliance error flag
to the DECRYPTION_INFO status line.
--

This new option is somehow related to
GnuPG-bug-id: 1825
2024-06-24 16:31:40 +02:00
Werner Koch
4c65dfeb28
gpg: Rename recently added import option no-seckeys to only-pubkeys.
* g10/import.c (parse_import_options): Rename option.
* g10/options.h (IMPORT_NO_SECKEY): Rename to IMPORT_ONLY_PUBKEYS.
Change all users.
--

GnuPG-bug-id: 7146
2024-06-24 11:49:05 +02:00
Werner Koch
1067e544c2
sm: Emit user IDs in colon mode even if the Subject is empty.
* sm/keylist.c (list_cert_colon): Rework listing of user IDs.
--

Only in colon mode this did not work.  Note that an updated libksba is
anyway required to parse a certificate with an empty Subject.

GnuPG-bug-id: 7171
2024-06-21 10:19:00 +02:00
NIIBE Yutaka
9bc3f2ad52
Fix the previous commit.
* scd/scdaemon.c (start_connection_thread): Recover call of
scd_command_handler.

--

GnuPG-bug-id: 7160
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-17 17:19:18 +09:00
NIIBE Yutaka
01fa318be0
scd: Fix how scdaemon pipe server finishes.
* scd/scdaemon.h (scd_command_handler): Fix the return type.
* scd/command.c (scd_command_handler): Not return a value.
* scd/scdaemon.c (pipe_server): Make it auto variable in main.
(main): Use auto PIPE_SERVER variable.
(start_connection_thread): When it's a pipe connection and it
finishes, let the service shutdown.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-17 11:44:41 +09:00
NIIBE Yutaka
c4e6b6aba2
m4: Update m4 files.
* m4/gpg-error.m4: Update libgpg-error master.
* m4/libassuan.m4: Update libassuan master.
* m4/libgcrypt.m4: Update libgcrypt master.
* m4/ksba.m4: Update libksba master.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-14 11:57:01 +09:00
Werner Koch
8e691efb05
gpg: Add --import-option "no-seckeys".
* g10/import.c (parse_import_options): Add "no-seckeys".
--

GnuPG-bug-id: 7146
2024-06-11 15:52:07 +02:00
Werner Koch
12ac129a70
gpg: Allow shortcut algo string "pqc" for --quick-gen-key.
* g10/keygen.c (PQC_STD_KEY_PARAM): New.
(quickgen_set_para): Always store the provided NBITS.
(parse_key_parameter_string): Detect the special value "pqc".
(quick_generate_keypair): Ditto.
--

With this change we can finally do a

  gpg --quick-gen-key --batch --passphrase='' foo@example.org  pqc

and get a full key.  Currently with a brainpoolp386r1 primary key and
a Kyber768_brainpoolp256 subkey.
2024-06-11 15:39:00 +02:00
Werner Koch
d81bb417c0
gpg: Do not bail out on secret keys with an unknown algo
* g10/getkey.c (lookup): Skip keys with unknown algos.
--

If the local store has private keys with an algorithm not supported by
thi version of gpg, gpg used to bail out.  Thus decryption of proper
messages was not possible.  This fix skips such secret keys.
2024-06-11 12:43:47 +02:00
Werner Koch
640c58135e
tools: Make gpg-authcode-sign.sh more robust on network errors.
* tools/gpg-authcode-sign.sh: Return on HTTP status 500
--

We have seen timestamping failures after signing some file using
GlobalSign certs.
2024-06-11 08:46:31 +02:00
NIIBE Yutaka
55559c8b66
agent: Clean up for scdaemon handling.
* agent/call-daemon.c (struct daemon_local_s): Remove G field.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:36:17 +09:00
NIIBE Yutaka
563bfbb0be
agent: Fix a race condition which results accessing finished scd.
* agent/call-daemon.c (daemon_start): Decision of connection/reuse of
CTX and assignment to ->ctx should be done with the lock.

--

When scdaemon is exiting and agent tries to spawn/connect/reconnect,
there is a race condition between detecting finish of scd and
spawn/connect/reconnect.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-11 15:21:19 +09:00
Werner Koch
fee890a2ab
agent: Silence debug output from the PIN caching.
* agent/call-scd.c (handle_pincache_put): Use log_debug only in cache
debug mode.
2024-06-06 11:59:22 +02:00
NIIBE Yutaka
e02880d512
common:w32: Fix for 64-bit Windows.
* common/exectool.c (gnupg_exec_tool_stream): 64-bit Windows is LLP64.

--

GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-06 08:56:27 +09:00
Werner Koch
77afc9ee1c
gpg: Add magic parameter "default" to --quick-add-adsk.
* g10/getkey.c (has_key_with_fingerprint): New.
* g10/keyedit.c (menu_addadsk): Replace code by new function.
(keyedit_quick_addadsk): Handle magic arg "default".
* g10/keygen.c (append_all_default_adsks): New.
--

GnuPG-bug-id: 6882
2024-06-05 17:04:33 +02:00
Werner Koch
8cbcac89fe
gpg: Do not show RENC if no key capabilities are found for a key.
* g10/packet.h (PUBKEY_USAGE_BASIC_MASK): New.
* g10/getkey.c (merge_selfsigs_subkey): Mask the default.
(merge_selfsigs_main): Ditto.
2024-06-05 10:01:44 +02:00
Werner Koch
9d618d1273
gpg: Print designated revokers also in a standard listing.
* g10/keylist.c (print_revokers): Add arg with_colon, adjust callers,
add human printable format.
(list_keyblock_print): Call print_revokers.
--

Designated revokers were only printed in --with-colons mode.  For
quick inspection of a key it is useful to see them right away.
2024-06-05 10:01:43 +02:00
Werner Koch
465ea9116d
gpg: Autoload designated revoker key and ADSK when needed.
* g10/options.h (opt): Move the definition of struct akl to global
scope.
* g10/keydb.h (enum get_pubkey_modes): Add GET_PUBKEY_TRY_LDAP.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_BYNAME.
* g10/keygen.c (prepare_desig_revoker): Use it here.
(prepare_adsk): and here.
--

The revoker key is required before we create it along with a new key.
This is because the we need to know the algo and also to make sure
that the key really exists.

GnuPG-bug-id: 7133
2024-06-05 10:01:36 +02:00
Werner Koch
068ebb6f1e
gpg: Implement the LDAP AKL method.
* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change
callers.
(keyserver_import_ldap): Remove.  It has always returned a not
implemented error since 2.1.
* g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the
same as KEYSERVER.
--

The old LDAP mechanism to locate a server via SRV records has long
been gone (since 2014) due to the dropping of the keyserver helpers.
The new purpose better reflects reality and can be used in
environments where keys are provided by an in-house LDAP server.
2024-06-04 18:02:02 +02:00
Werner Koch
04ce6765f4
gpg: Rename functions with an "fprint" part to "fpr"
--

The fprint is too uncommon in our code base and to similar to fprintf.
2024-06-04 15:27:41 +02:00
NIIBE Yutaka
8624482160
common:w32: Fix INEXTRA handling.
* common/exectool.c (gnupg_exec_tool_stream): On Windows, it's
HANDLE which a child process inherits.

--

GnuPG-bug-id: 7139
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-06-04 14:53:10 +09:00
Werner Koch
ed118e2ed5
gpg: New option --default-new-key-adsk.
* g10/options.h (opt): Add field def_new_key_adsks.
* g10/gpg.c (oDefaultNewKeyADSK): New.
(opts): Add --default-new-key-adsk.
(main): Parse option.
* g10/keyedit.c (menu_addadsk): Factor some code out to ...
(append_adsk_to_key): new.  Add compliance check.
* g10/keygen.c (pADSK): New.
(para_data_s): Add adsk to the union.
(release_parameter_list): Free the adsk.
(prepare_adsk): New.
(get_parameter_adsk): New.
(get_parameter_revkey): Remove unneeded arg key and change callers.
(proc_parameter_file): Prepare adsk parameter from the configured
fingerprints.
(do_generate_keypair): Create adsk.
--

GnuPG-bug-id: 6882
2024-06-03 18:52:06 +02:00
Werner Koch
d2dca58338
common: New function tokenize_to_strlist.
* common/strlist.c (append_to_strlist_try): Factor code out to ...
(do_append_to_strlist): new.
(tokenize_to_strlist): New.

* common/t-strlist.c (test_tokenize_to_strlist): New.
2024-05-31 17:36:41 +02:00
Daniel Kahn Gillmor
42b0e9558a
indent: Fix spelling
--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116
2024-05-31 12:28:32 +02:00
Werner Koch
253a701ed7
g13: Adjust for changed gnupg_process_spawn.
* g13/be-encfs.c (run_umount_helper): Adjust gnupg_process_spawn.
(run_encfs_tool): Ditto:
2024-05-31 12:28:30 +02:00
NIIBE Yutaka
fc3fde1bde
spawn: Remove spawn callback, introduce gnupg_spawn_actions.
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-31 15:36:39 +09:00
NIIBE Yutaka
34045ed9e1
common: Fix process termination check at release.
* src/exechelp-posix.c (gnupg_process_release): When NOT terminated,
terminate and wait.
* src/exechelp-w32.c (gnupg_process_release): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-30 13:39:31 +09:00
NIIBE Yutaka
aedeef6acf
m4: Update from each library.
* m4/ksba.m4: Update from its master.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-30 13:36:58 +09:00
Jakub Jelen
9adaa79ab4
gpg-auth: Fix use after free.
* tools/gpg-auth.c (ssh_authorized_keys): Move free after printing error
message.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
This is part of
GnuPG-bug-id: 7129
2024-05-28 17:19:37 +02:00
Jakub Jelen
dcb0b6fd48
gpgsm: Avoid double free when checking rsaPSS signatures.
* sm/certcheck.c (gpgsm_check_cms_signature): Do not free s_sig on
error. Its owned and freed by the caller.

--
This is part of
GnuPG-bug-id: 7129
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Fixes-commit: 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
2024-05-28 17:15:03 +02:00
Werner Koch
28c705a3be
gpgsm: Silence a lint warning
* sm/keydb.c (keydb_search): Init skipped.
--

Skipped is not actually used.
This is part of
GnuPG-bug-id: 7129
Reported-by: Jakub Jelen <jjelen@redhat.com>
2024-05-28 17:08:12 +02:00
Jakub Jelen
4c1b007035
scd: Avoid buffer overrun with more than 16 PC/SC readers.
* scd/apdu.c (apdu_dev_list_start): Fix end condition.

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
Fixes-commit: e8534f899915a039610973a84042cbe25a5e7ce2
2024-05-28 16:57:58 +02:00
Jakub Jelen
379fc5569d
agent: Avoid uninitialized access in GENKEY command on parameter error.
* agent/command.c (cmd_genkey): Moved init_membuf to the top.
--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

This is part of
GnuPG-bug-id: 7129
2024-05-28 16:50:59 +02:00