1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00

8581 Commits

Author SHA1 Message Date
NIIBE Yutaka
61aea64b3c scd: Fix the use case of verify_chv2 by CHECKPIN.
* scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
when needed.

--

Backport of master commit of:
	6e51f2044aebb885ea81dae259db1b7f477b1c44

Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:46:50 +09:00
Werner Koch
a084924d07
gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
* dirmngr/server.c (cmd_killdirmngr): Return 0.
* tools/gpg-connect-agent.c (main): Catch signals.
--

And we also print nicer diagnostics.  The reason we need this is that
for example "gpgconf --kill dirmngr" uses gpg-connect-agent to send a
command to dirmngr.  This may results in a SIGPIPE which in turn leads
to an annoying error message from gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:05:37 +02:00
Werner Koch
72e04b03b1
dirmngr: Fix the pool keyserver case for a single host in the pool.
* dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
localhost and if there is no pool.
2020-09-10 11:04:46 +02:00
Werner Koch
e4f3b74c91
dirmngr: Align the gnutls use of CAs with the ntbtls code.
* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--

The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate.  This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 11:04:15 +02:00
Werner Koch
7de9ed521e
agent: Keep some permissions of private-keys-v1.d.
* common/sysutils.c (modestr_to_mode): Re-implement.
(gnupg_chmod): Support keeping of permissions.
--

GnuPG-bug-id: 2312
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 07:46:25 +02:00
Werner Koch
5b6cfef620
build: Fix recent commit for SOURCE_DATE_EPOCH.
--

Fixes-commit: 5ade2b68db231c78d8ecca0eb21db2153da958d2
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.

(cherry picked from commit 61bb75d045a3709d1cba0084c95e991dfd52c8ee)
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 15:40:08 +02:00
Werner Koch
8a2193380c
tests: New test run envvar to run gpg under valgrind.
--

Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:29:32 +02:00
Werner Koch
6ce8fdc4b2
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.  Tested with gcc 8.3.0 and valgrind 3.14.0.
2020-09-04 11:24:34 +02:00
Werner Koch
390ae3c309
Post release updates
--
2020-09-03 17:49:21 +02:00
Werner Koch
e234d04c3c
Release 2.2.23 gnupg-2.2.23 2020-09-03 17:06:37 +02:00
Werner Koch
aeb8272ca8
gpg: Fix AEAD preference list overflow
* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
--

GnuPG-bug-id: 5050
Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f
which introduced a feature to show the AEAD preferences of keys
created with rfc4880bis capable software (e.g. GnuPG 2.3-beta).
The same code in 2.3 is correct, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:06:29 +02:00
Werner Koch
0383146653
po: auto update
--
2020-09-03 17:05:17 +02:00
Yuri Chornoivan
1a4b0fd793
po: Update Ukrainian translation
--

The provided patch did not cleany apply (3 of 31 hunks failed).

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:05:12 +02:00
Jakub Bogusz
93d10403ad
po: Update Polish translation
--
2020-09-03 17:05:10 +02:00
Werner Koch
a8a8105bc7
po: Add key-check.c to the list of translatable sources.
--
2020-09-03 17:05:09 +02:00
Petr Pisar
cad9955ac9
po: Update Czech translation.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 17:05:06 +02:00
Werner Koch
896c528ba0
gpg: Fix segv importing certain keys.
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
from 2017

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 16:06:46 +02:00
NIIBE Yutaka
0a9665187a scd: Fix a regression for OpenPGP card.
* scd/app-openpgp.c (verify_chv2): Make sure loading keys.

--

Fixes-commit: d2f1a0a791db3eb03c003365cbcd010bd8066edb
Reported-by: Michał Górny
GnuPG-bug-id: 5039
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-01 15:23:59 +09:00
Nagy Ferenc László
bcae9cd4e3
po: Minor update to the Hungarian translation.
--
2020-08-28 12:31:14 +02:00
Werner Koch
d2fe2ffd75
sm: Fix a bug in the rfc2253 parser
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--

This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory.  However, it is harmless because the rfc2253
strings have been constructed by libksba.

GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-28 09:09:34 +02:00
Werner Koch
f799b3ddbb
Post release updates
--
2020-08-27 14:55:48 +02:00
Werner Koch
f9c120a299
Release 2.2.22 gnupg-2.2.22 2020-08-27 14:11:06 +02:00
Gavin L. Rebeiro
27652e0ca7
doc: Fix typos
--
2020-08-27 12:53:10 +02:00
Werner Koch
b5de213efe
doc: Add a remark about keyservers.
--
2020-08-27 12:51:12 +02:00
Werner Koch
45499b2ca3
dirmngr: Print the last alert message returned by NTBTLS.
* dirmngr/http.c (send_request): Print the last TLS alert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-27 09:03:27 +02:00
NIIBE Yutaka
d2f1a0a791 scd: Add condition for VERIFY with 0x82.
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.

--

Backport master commit of:
	af189be481df02a77e088aa0a60a1fc02dfa12bf

With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter.  This change
can avoid the issue.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-27 10:54:59 +09:00
Werner Koch
0be5decc09
build: Silence gcc warning -Wformat-zero-length
* configure.ac: Avoid useless gcc warning.  We use an empty string
quite often, for example in log_printhex.
--
2020-08-26 15:13:43 +02:00
NIIBE Yutaka
4c8d5eb0bd
agent: Allow TERM="".
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.

--

GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0076bef2026a87c4c0e05bad7d322638b1de3f37)
2020-08-26 15:12:06 +02:00
Werner Koch
2969525a60
speedo: Allow customizing the release process
--
2020-08-26 14:02:00 +02:00
Ineiev
00ac538e92
po: Update Russian translation. 2020-08-25 19:57:58 +02:00
Werner Koch
60f08969e1
gpg: Set default keysize to rsa3072
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 13:08:25 +02:00
Werner Koch
0847133e4c
sm: Do not require a default keyring for --gpgconf-list.
* sm/gpgsm.c (main): No default keyring for gpgconf mode.
--

GnuPG-bug-id: 4867
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:38:44 +02:00
Werner Koch
adea5ba7e7
agent: Allow using --gogconf-list even if HOME does not exist.
* agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
--

GnuPG-bug-id: 4866
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 11:17:35 +02:00
Werner Koch
f148803277
Add a new dist signing key
--

This is

  pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
        6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
  uid                      Werner Koch (dist signing 2020)
2020-08-24 19:48:13 +02:00
Werner Koch
5ac0cf1b81
gpg,gpgsm: Record the creation time of a private key.
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--

Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
2020-08-23 12:31:18 +02:00
Werner Koch
051830d7b4
agent: Allow to pass a timestamp to genkey and import.
* agent/command.c (cmd_genkey): Add option --timestamp.
(cmd_import_key): Ditto.
* agent/genkey.c (store_key): Add arg timestamp and change callers.
(agent_genkey): Ditto.
* agent/findkey.c (write_extended_private_key): Add args timestamp and
newkey to write a Created line.
(agent_write_private_key): Add arg timestamp.
(agent_write_shadow_key): Ditto.
* agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 0da923a1240ac78d60c92cdd8488c4e405c3243b
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-23 12:28:00 +02:00
Werner Koch
5b927b7b27
agent: Default to extended key format.
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option.  Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--

Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations.  Thus for
2.2.22 we will make use of the extended-key-format by default.

This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 15:10:08 +02:00
Werner Koch
843890663b
gpgtar,w32: Handle Unicode file names.
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--

Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii.  When recursing
into a directory Unicode file names work again.  This limitation is
due to  main(int, char**) which can't get the wchar version.  We could
fix that but is needs a bit more work in our init code.

GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:38:20 +02:00
Werner Koch
364cef997c
common: Use gpgrt functions for mkdir and chdir if available
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
--

To avoid bumping up the build dependency on libgpg-error 1.28 we use
the gpgrt version only if at least this libgpg-error version was used
at build time.  This won't fix any bugs though and it is in general
advisable to use the latest libgpg-error.  There are actually a couple
of very useful bug fixes for Windows in the upcoming libgpg-error 1.39
but on Unix you can live without them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:37:44 +02:00
Werner Koch
bef68efd8d
common,w32: Do not assume the ANSI codepage during string conversion.
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--

This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago.  At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively.  The fix comes late but well, it is done.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:23:05 +02:00
Werner Koch
73b0fdabdb
common: Strip trailing CR,LF from w32_strerror.
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.

--

This is in particular annoying since we started to use a string
argument sanitizer in the logging code.  Before that we just add an
extra blank line.

The second patch corrects a never yet seen error message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-22 14:22:01 +02:00
Werner Koch
1efe99f3d9
gpgtar: Make --files-from and --null work as described.
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names.  Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--

GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-20 15:53:06 +02:00
Werner Koch
829bc3bc60
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:58:52 +02:00
Werner Koch
77f97eec49
doc: Describe the relation between pubring.gpg and pubring.kbx
--
GnuPG-bug-id: 4958
2020-08-20 10:16:10 +02:00
Werner Koch
a4d73b1c8e
gpg: Fix regression for non-default --passphrase-repeat option.
* agent/command.c (cmd_get_passphrase): Take care of --repeat with
--newsymkey.
--

GnuPG-bug-id: 4997
2020-08-20 09:35:58 +02:00
Werner Koch
f0f8b124f0
gpg: Ignore personal_digest_prefs for ECDSA keys.
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:37:20 +02:00
Werner Koch
714b468538
tools: Install gpgsplit again
--

We will also set the gpgsplit from 1.4 to noninstall.

GnuPG-bug-id: 5023
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:01:58 +02:00
Werner Koch
3cf920a1e3
common: Pass the WAYLAND_DISPLAY envvar along
* common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
--
GnuPG-bug-id: 5016

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-12 09:28:20 +02:00
Werner Koch
fdcf536f70
build: Remove expired key of David Shaw from distsigkey.gpg.
--
2020-08-06 11:27:22 +02:00
Werner Koch
9c57de75cf
sm: Also show the SHA-256 fingerprint.
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a

Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).
2020-08-04 11:15:47 +02:00