* tools/gpg-mail-tube.c: Include i18n.h.
(main): Call i18n.h
(only_ascii): New.
(mail_tube_encrypt): Use a template or fallback to the old version.
* doc/mail-tube.txt, doc/mail-tube.de.txt: Two standard templates.
* doc/Makefile.am (helpfiles): Add them.
--
GnuPG-bug-id: 7381
* common/util.h (GET_TEMPLATE_CURRENT_LOCALE): New.
(GET_TEMPLATE_SUBST_ENVVARS): New.
(GET_TEMPLATE_CRLF): New.
* common/helpfile.c (findkey_fname): Add arg flags and terminate line
with CRLF if requested.
(findkey_locale): Replace arg only_current_locale by flags and add arg
domain.
(gnupg_get_help_string): Factor all code out to ...
(gnupg_get_template): new. Add arg domain. Handle SUBST flags. Do
not trim tralins spaces with the CRLF flag.
* common/t-helpfile.c (main): Require domain name and add two options.
* tools/gpgtar-extract.c (gpgtar_extract): Do final process_release.
* tools/gpgtar-list.c (gpgtar_list): Ditto.
--
Fixes-commit: 29bc14f56f6430294f225b6744012ab1f5df62e6
Running "make -C tests/openpgp check verbose=3" failed with
Creating configuration files
Executing: '/home/wk/b/gnupg/tools/gpgtar' '--extract' \
'--directory=.' \
'/tmp/gpgscm-20250530T121329-run-tests-vGAT4R/environment-cache'
make: *** [Makefile:998: xcheck] Terminated
for unknown reasons. Not calling the gpgrt_process_release fixes this
regression. The real cause needs to be investigated.
* scd/app-piv.c (PIV_ALGORITHM_RSA): Rename to PIV_ALGORITHM_RSA_2048.
(PIV_ALGORITHM_RSA_3072): New.
(get_key_algorithm_by_dobj): Decide whether to use 3072 or 2048.
(do_sign): Support rsa3072.
(do_decipher): Ditto.
(do_genkey): Ditto.
--
Take care: Due to a lack of a PIV token capable of 3072, this has
not been tested at all.
--
Using the given command line for installation is almost always good,
so don't confuse the user with the first sentence. Also explain how
to disable systemd for keyboxd and dirmngr.
* common/sexputil.c (uncompress_ecc_q_in_canon_sexp): Only call memcmp
if the lengths are equal.
--
GnuPG-bug-id: 7662
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
* g10/call-agent.c (agent_pkdecrypt): Use --kem=PGP for
PUBKEY_ALGO_ECDH.
* g10/pubkey-enc.c (ecdh_sexp_build): New.
(get_it): Use ecdh_sexp_build for PUBKEY_ALGO_ECDH. And don't use
pk_ecdh_decrypt since it's done by agent.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
A common problem with a self-build gnupg is that systemd starts
another version of a daemon while the self-build gnupg has a different
idea on the provided features of those daemons.
* g10/import.c (read_block): Bail out on compressed packets.
* g10/options.h (COMPAT_COMPR_KEYS): New.
* g10/gpg.c (compatibility_flags): Add "compr-keys".
* common/util.h: Remove replacement code not any longer needed.
(GPG_ERR_UNEXPECTED_PACKET): Add a new replacement code.
--
Compressed key packets do not make much sense but historically they
were supported. Thus we also add a compatibility flag.
GnuPG-bug-id: 7014
--
The commit was entirely bogus because the check_nonce function closes
the socket itself if it returns with true. Thus closing the socket by
the caller in the true case was bogus.
The more likely cause for the hangs on Windows are in scdaemon:
* scd: Fix posssible lockup on Windows due to a lost select
result. [rGa7ec3792c5]
GnuPG-bug-id: 7434
Fixes-commit: 73f6c2dd4d3e5b58faf69821726988ae984fad89.
* common/openpgp-oid.c (oidtable): Fill the information for KEM
API for NIST curves.
--
GnuPG-bug-id: 7649
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/findkey.c (agent_key_from_file): Take care of the case
where GRIP==CTRL->keygrip1.
* agent/pkdecrypt.c (composite_pgp_kem_decrypt): Use NULL for the
GRIP, it's for crypto operation where prompt is expected.
--
GnuPG-bug-id: 7648
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (list_keyblock_simple): Take care of
show-unusable-uids.
--
This allows to upload revoked keys to a WKD.
Suggested-by: Uwe Kleine-König
* sm/certchain.c (gpgsm_walk_cert_chain): Handle an empty subject.
--
During import a certificate was imported but gpgsm used log_error when
trying to figure out whether this is a root cert. This patch changes
this to just print a note.
GnuPG-bug-id: 7171
* g10/getkey.c (merge_selfsigs_main): Do not mask out the group bit.
(merge_selfsigs_subkey): Ditto/
* g10/keygen.c (ask_key_flags_with_mask): Ditto.
(proc_parameter_file): Ditto.
--
Updates-commit: 0988e49c45d0fb73d0b536aa027bd114f9dc65a7
* tests/gpgscm/ffi.c (ffi_init): Undefine 'open' so it does not get
expanded to 'open64' in the ffi_define_function macro.
--
GnuPG-bug-id: 7632
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
[[PGP Signed Part:No public key for 4893CA2AF4416CED created at 2025-04-16T23:13:02+0200 using EDDSA]]
--
Signed-off-by: Mattia Narducci <mattianarducci1@gmail.com>
* sm/verify.c (gpgsm_verify): Always print info that a certs-only
message has been processed.
--
Prior to this patch the message was only printed if no data file has
been given.
Reported-by: Albrecht Dreß
* g10/getkey.c (get_pubkey_for_sig): Keep a requested
PUBKEY_USAGE_CERT.
(finish_lookup): For correctness in future use cases allow
PUBKEY_USAGE_CERT to also trigger verify mode.
--
The case here was that a cert-only primary key was removed with
export-clean.
GnuPG-bug-id: 7583
* common/recsel.c (recsel_select): Change processing of NULL values.
* common/t-recsel.c (run_test_2): Adjust for this change. Also a type
fix for s/"letter"/"letters"/.
--
The getval function may return NULL which indicates that there is no
useful value available. For example because the propertyname is not
defined for some external context (e.g. in gpg the packet type). This
also required to fix the test for boolean tests of a non existing
property name.
Reported-by: shniubobo at gnupg-users on 2025-04-18.
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
* common/ksba-io-support.c (has_only_base64): Use memchr since calling
strchr on a non-NUL terminated string is undefined behavior.
--
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
This patch has been stripped from Colin's original patch because this
is not just about a warning but an actual bug. That bug was
introduced in 2003 by me. - wk
* g10/gpg.c (aQuickTSignKey): New.
(opts): Add new command.
(main): Parse args for it.
* g10/keyedit.c: Include mbox-util.h.
(parse_trustsig_string): New.
(sign_uids): Add arg trustsig for use in quick mode.
(keyedit_quick_sign): Also add arg trustsig and print a diagnostic on
error.
* scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label.
--
Some versions of the CardOS personalisation software seem to store a
missing labels as zero-length object instead of not storing the object
at all.
Due to a lack of such a card this patch has not been tested.
