1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

599 Commits

Author SHA1 Message Date
Werner Koch
789d240cb4
gpg: New option --no-symkey-cache.
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
Werner Koch
30081d2851
Post release updates
--
2018-04-09 22:25:37 +02:00
Werner Koch
6fbe2ddbaf
Release 2.2.6 2018-04-09 21:21:38 +02:00
Werner Koch
59ee87aae8
Post release updates.
--
2018-02-22 16:10:20 +01:00
Werner Koch
9581a65ccc
Release 2.2.5
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 15:32:36 +01:00
Werner Koch
84555d5372
Post release updates
--
2017-12-20 10:13:54 +01:00
Werner Koch
558b17593a
Release 2.2.4 2017-12-20 08:31:22 +01:00
Werner Koch
e0140c0a6a
Post release updates
--
2017-11-20 13:35:36 +01:00
Werner Koch
97f4feaaca
Release 2.2.3 2017-11-20 12:39:16 +01:00
Werner Koch
6530aff692
Post release updates.
--
2017-11-07 11:04:44 +01:00
Werner Koch
5bd5150050
Release 2.2.2
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-07 10:23:07 +01:00
Werner Koch
e1f04616e4
Post release updates
--
2017-09-19 08:34:36 +02:00
Werner Koch
355ca9e949
Release 2.2.1 2017-09-19 08:13:44 +02:00
Werner Koch
9e3d41bf72
Post release updates
--
2017-08-28 11:57:17 +02:00
Werner Koch
9d80fb8e00
Release 2.2.0 2017-08-28 11:18:26 +02:00
Werner Koch
d6b40a9c86
Post release updates
--
2017-08-09 16:58:47 +02:00
Werner Koch
e8ffa9a6ca
Release 2.1.23
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-09 15:52:48 +02:00
Werner Koch
dd56bc411e
Post release updates
--
2017-07-28 20:10:16 +02:00
Werner Koch
7d335ff496
Release 2.1.22 2017-07-28 18:59:04 +02:00
Werner Koch
3419a339d9
Change license of some files to LGPLv2.1.
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:42:13 +02:00
Werner Koch
99e68350a8
Post release updates
--
2017-05-15 17:21:58 +02:00
Werner Koch
9574820329
Release 2.1.21
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-15 16:11:09 +02:00
Werner Koch
943176c732
Post release updates.
--
2017-04-03 21:54:53 +02:00
Werner Koch
e7eb9b12de
Release 2.1.20
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:59:47 +02:00
Werner Koch
3cdb792007
Post release updates.
--
2017-03-01 19:26:16 +01:00
Werner Koch
4a28c212b3
Release 2.1.19
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-01 18:40:33 +01:00
NIIBE Yutaka
e17fa5c75d scd: Remove --debug-disable-ticker option.
* scd/scdaemon.c (ticker_disabled): Remove.
(handle_tick, need_tick): Remove.
(handle_connections): Don't check ticker_disabled.

--

Now, removal of device/card is only done by the function
scd_update_reader_status_file, it should be called if needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-01-31 15:29:08 +09:00
Werner Koch
9d45a20ece
Update NEWS with link to release announcement.
--
2017-01-23 22:56:50 +01:00
Werner Koch
14bc2fa43e
Post release updates
--
2017-01-23 22:24:20 +01:00
Werner Koch
f8289b1d28
Release 2.1.18
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 21:22:15 +01:00
Werner Koch
588121c158
doc: Add release announcement pointers to NEWS entries.
--

These are used by the website buider to link to the announcement
mails.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-04 18:38:24 +01:00
Werner Koch
e917dfcd97
wks: Let the client ignore missing policy flags.
* tools/gpg-wks-client.c (command_send): Ignore missing policy flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-22 14:40:43 +01:00
Werner Koch
bff47f6ec0
Post release updates.
--
2016-12-20 12:07:23 +01:00
Werner Koch
2051f29da2
doc: Update NEWS
--
2016-12-20 10:55:31 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
Werner Koch
7e174fcc74
Post release updates.
--
2016-11-18 21:50:34 +01:00
Werner Koch
0a641ad25d
Release 2.1.16 2016-11-18 16:52:04 +01:00
Daniel Kahn Gillmor
68b59bbc42 Spelling: correct spelling of "passphrase".
There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-11-02 12:53:58 +01:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Werner Koch
d4bd9743cf
Post release updates.
--
2016-08-18 18:23:28 +02:00
Werner Koch
c0f1dbd54a
Update NEWS.
--
2016-08-18 16:58:19 +02:00
Werner Koch
495fecaf7d
Post release updates
--
2016-07-14 17:07:27 +02:00
Werner Koch
09c448202f
Release 2.1.14 2016-07-14 16:00:06 +02:00
Werner Koch
88d8dc8d68
Post release updates
--
2016-06-16 18:10:08 +02:00
Werner Koch
b3df4e2ac6
Release 2.1.13 2016-06-16 17:21:01 +02:00
Werner Koch
c3db6f58f7
Post release updates.
--
2016-05-04 16:49:19 +02:00
Werner Koch
00df5b1236
Release 2.1.12 2016-05-04 15:59:11 +02:00
Werner Koch
167558a67e
Post release updates
--
2016-01-26 14:14:24 +01:00
Werner Koch
e9e5e83ec1
Release 2.1.11 2016-01-26 13:49:59 +01:00
Werner Koch
7313c5fd5a
Update copyright years.
--
2016-01-26 13:20:59 +01:00
Neal H. Walfield
7195b94345 gpg: Don't check for ambiguous keys.
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here.  Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here.  Update users.  Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc

This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks.  The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic.  Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality.  Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
2015-12-22 15:03:56 +01:00
Werner Koch
df1e0d27fa
Post release updates.
--
2015-12-04 12:00:05 +01:00
Werner Koch
9fadfdb310
Release 2.1.10 2015-12-04 10:50:51 +01:00
Werner Koch
28311d1fa5
gpg: Do not pre-check keys given on the command line.
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.

* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--

If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks.  The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
Werner Koch
9f4f77bc4b
Update NEWS file
--
2015-12-01 08:45:03 +01:00
Werner Koch
b0627ec259
Post release updates.
--
2015-10-10 11:49:41 +02:00
Werner Koch
086b8738f7
Release 2.1.9 2015-10-09 17:13:35 +02:00
Werner Koch
e41b6579f7
Post release updates.
--
2015-09-10 21:05:35 +02:00
Werner Koch
311816f6cf
Release 2.1.8. 2015-09-10 18:12:23 +02:00
Werner Koch
0675a3bd45
Post release updates.
--
2015-08-11 16:13:39 +02:00
Werner Koch
b5e081973b
Release 2.1.7 2015-08-11 13:54:29 +02:00
Daniel Kahn Gillmor
1be2cebf7f drop long-deprecated gpgsm-gencert.sh
* tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
   fully replaced by gpgsm --gen-key
 * doc/tools.texi: remove gpgsm-gencert.sh documentation
 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
 * doc/Makefile.am: quit making the manpage
 * tools/Makefile.am: quit distributing the script
 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
   gpgsm --gen-key and tweak explanations

--

The commit deprecating gpgsm-gencert.sh
(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.

 https://codesearch.debian.net/results/gpgsm-gencert.sh

suggests that in all of debian it is only referenced in documentation
(for poldi and scute) and example files (libept), and isn't actually
used directly anywhere.

Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
certificate-signing request failed for me, following the examples in
doc/howto-create-a-server-cert.texi exactly.

It's time we ripped off this band-aid :)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2015-07-03 22:21:52 +02:00
Werner Koch
279381b59e
Post release updates
--
2015-07-01 15:07:47 +02:00
Werner Koch
a499eeb6a6
Release 2.1.6 2015-07-01 14:16:40 +02:00
Werner Koch
b89a592a2e
Added release date of older versions to NEWS.
--
2015-06-15 14:12:43 +02:00
Werner Koch
ee438d6775
Post release updates.
--
2015-06-11 15:37:50 +02:00
Werner Koch
9b7bdfae82
Release 2.1.5 2015-06-11 14:43:57 +02:00
Werner Koch
43ea8f5d88
build: Make --disable-gpgsm work.
* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-15 13:20:52 +02:00
Werner Koch
c9180ac628
Post release updates.
--
2015-05-12 15:40:09 +02:00
Werner Koch
a67ead6525
Release 2.1.4 2015-05-12 15:07:38 +02:00
Werner Koch
482b2f8b5d
Post release updates.
--
2015-04-11 13:33:41 +02:00
Werner Koch
b1e1959d59
Release 2.1.3. 2015-04-11 13:14:43 +02:00
Andre Heinecke
070d7bf940 dirmngr: Initialize cache from sysconfig dir
* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.

--

Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.
2015-02-12 13:02:53 +01:00
Werner Koch
b4c798b86e Post release updates.
--
2015-02-11 19:48:21 +01:00
Werner Koch
fc17562cc4 Release 2.1.2 2015-02-11 19:22:25 +01:00
Werner Koch
4d7c9b0e9a gpg: Support --passphrase with --quick-gen-key.
* g10/keygen.c: Include shareddefs.h.
(quick_generate_keypair): Support static passphrase.
(get_parameter_passphrase): New.
(do_generate_keypair): Use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 12:45:22 +01:00
Werner Koch
aa99ebde77 gpg: Re-enable the "Passphrase" parameter for batch key generation.
* agent/command.c (cmd_genkey): Add option --inq-passwd.
* agent/genkey.c (agent_genkey): Add new arg override_passphrase.
* g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
(agent_genkey): Add arg optional arg "passphrase".
* g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
(gen_rsa, do_create): Add arg "passphrase" and pass it through.
(do_generate_keypair): Make use of pPASSPHRASE.
(release_parameter_list): Wipe out a passphrase parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-01-21 11:31:20 +01:00
Werner Koch
7614014169 agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
* agent/gpg-agent.c (finalize_rereadable_options): New.
(main, reread_configuration): Call it.
--

This change should help to avoid surprising behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-19 13:28:14 +01:00
Werner Koch
22168c8359 Post release updates
--
2014-12-16 17:00:45 +01:00
Werner Koch
08c00cd4fe Release 2.1.1 2014-12-16 15:53:28 +01:00
Werner Koch
63e7891f0f gpg: Allow import of large keys.
* g10/import.c (import): Skip too large keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
--

The key which triggered the problem was 0x57930DAB0B86B067.  With this
patch it can be imported.  Keys larger than the now increased limit of
5MB will are skipped and the already existing not_imported counter is
bumped up.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-12-04 10:53:10 +01:00
Werner Koch
17b4662984 gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
* g10/gpg.c (opts): Remove them.
* g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
--

See mails starting
 http://lists.gnupg.org/pipermail/gnupg-devel/2014-November/029128.html
2014-12-03 11:28:10 +01:00
Werner Koch
0bfabe579d Update NEWS
--
2014-11-21 21:38:00 +01:00
Werner Koch
d280a52757 Post release updates.
--
2014-11-05 16:46:52 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
436aa90be7 doc: Re-formated some NEWS entries and added update notes to some.
--
2014-10-26 20:07:16 +01:00
Werner Koch
cdd899e160 Update NEWS.
--
2014-10-26 12:48:34 +01:00
Werner Koch
6d9491842d dirmngr: Allow building without LDAP support.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 15:59:45 +02:00
Werner Koch
0c52bfa395 doc: Minor fix.
--

Due to todays reminder:

  On Tue 2014-04-22 18:46:15 -0400, Daniel Kahn Gillmor wrote:
  > With --trust-model=always, all keys and user IDs are considered
  > automatically valid; they are not automatically trusted (setting
  > universal ownertrust to anything other than "ultimate" would be
  > insufficient to acheive the effect of --trust-model=always, due to
  > --max-cert-depth and certificate path reachability).
  >
  > Thanks to Nicolai Josuttis for pointing out this documentation
  error.
2014-10-03 20:19:08 +02:00
Werner Koch
0943c7cc23 Release 2.1.0-beta864. 2014-10-03 15:45:32 +02:00
Werner Koch
34a3e458d0 Post beta release update.
--
2014-09-18 18:28:40 +02:00
Werner Koch
93f158df38 Release 2.1.0-beta834. 2014-09-18 17:57:09 +02:00
Werner Koch
01dd1601a4 Post beta release update.
--
2014-08-14 17:31:33 +02:00
Werner Koch
a13198d9bc Release 2.1.0-beta783 2014-08-14 17:16:21 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
97f887a0f5 Post beta release update
--
2014-07-03 11:51:52 +02:00
Werner Koch
5ae34f574b Release 2.1.0-beta751 2014-07-03 11:33:55 +02:00
Werner Koch
518d835380 Post beta release update.
--

656fef6454972cb91741c37a0fd19cd9ade9db9c  gnupg-2.1.0-beta442.tar.bz2
2014-06-05 17:05:33 +02:00
Werner Koch
27f4ce40e0 Release 2.1.0-beta442.
--

This beta is small contribution for today's Reset The Net campaign.

  It is a crying shame that the government of my country is not
  willing to offer Edward Snowden asylum and protect him from the evil
  institutions of those allies who once thankfully kicked out the most
  evil German powers.  Back in these dark years, many people had to
  ask for asylum over there and it was granted.  Now we have to fear
  their Blockwarts who are listening to the entire world.  It would be
  more than justified for us to help that brave guy.
2014-06-05 16:47:19 +02:00