1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

612 Commits

Author SHA1 Message Date
Werner Koch
a43271cc08
Release 2.4.4 2024-01-25 11:06:01 +01:00
Werner Koch
b97a36f52d
Prepare the NEWS
--
2024-01-12 16:53:53 +01:00
Werner Koch
45f6357881
common,w32: Remove duplicated backslashes when setting the homedir.
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--

This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.

GnuPG-bug-id: 6833
2024-01-09 10:13:54 +01:00
Werner Koch
3572b19fbd
gpgsm: Support ECDSA in de-vs mode.
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

GnuPG-bug-id: 6802
2023-11-08 17:09:22 +01:00
Werner Koch
678c819027
w32: Use utf8 for the asctimestamp function.
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--

This has been suggested by the reporter of
GnuPG-bug-id: 6741
2023-10-27 14:22:10 +02:00
Werner Koch
0aa32e2429
dirmngr: Allow conf files to disable default keyservers.
* dirmngr/server.c (ensure_keyserver): Detect special value "none"
(cmd_keyserver): Ignore "none" and "hkp://none".
--

GnuPG-bug-id: 6708
2023-09-06 09:50:28 +02:00
Werner Koch
2378ccf97c
Post release updates
--
2023-07-04 16:44:01 +02:00
Werner Koch
d073f26d81
Release 2.4.3 2023-07-04 16:06:59 +02:00
Werner Koch
5377226ec0
Prepare NEWS for the next release
--
2023-06-30 10:59:06 +02:00
Werner Koch
3c97dc2714
Post release updates
--
2023-05-30 16:44:00 +02:00
Werner Koch
9e86dac84f
Release 2.4.2 2023-05-30 13:53:01 +02:00
Werner Koch
f953d67446
Prepare the NEWS for the next release
--
2023-05-26 15:53:52 +02:00
Werner Koch
625bd92410
Post release updates
--
2023-04-28 14:16:52 +02:00
Werner Koch
b331ae1c3f
Release 2.4.1 2023-04-28 11:16:29 +02:00
Werner Koch
fa4f716917
gpg: Make sure that we are not accidently working with the PIV app.
* g10/call-agent.c (agent_scd_switchapp): New.
* g10/card-util.c (get_info_for_key_operation): Call it.
--

It may happen that the active card was last used for PIV and in that
case certain commands will fail because they assume the OpenPGP app.
Fortunately we have a pretty central place to assure that the right
app has been selected.

The bug can be easily noticed on Windows.

GnuPG-bug-id: 6378
2023-04-18 17:07:04 +02:00
Werner Koch
98b8c518fa
ssh: Allow to prefer on-disk keys over active card keys.
* agent/command-ssh.c (ssh_send_available_keys): Redefine the order of
keys.
--

GnuPG-bug-id: 6212
2023-04-18 09:04:27 +02:00
Werner Koch
c9e95b8dee
gpg: New option --assert-signer.
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function.  Clear
assert_signer_true on a warning.

* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
2023-04-05 21:32:23 +02:00
Werner Koch
d9e7488b17
Use the keyboxd for a fresh install
* common/homedir.c (gnupg_maybe_make_homedir): Also create a
common.conf.
* g10/keydb.c: Include comopt.h.
(maybe_create_keyring_or_box): Detect the creation of a common.conf.
* g10/gpg.c (main): Avoid adding more resources in this case.
* sm/keydb.c:  Include comopt.h.
(maybe_create_keybox): Detect the creation of a common.conf.

* common/comopt.h (comopt): Remove the conditional "extern".
2023-04-04 16:39:59 +02:00
Werner Koch
7bf57a794b
gpg: Set the default digest algo for S2K to SHA256.
* g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO.
--

GnuPG-bug-id: 6367
2023-04-04 09:20:26 +02:00
Werner Koch
8996b0b655
gpgsm: Create binary detached sigs with definite form length octets.
* sm/sign.c: Include tlv.h.
(write_detached_signature): New,
(gpgsm_sign): Fixup binary detached signatures.
--

This helps some other software to verify detached signatures.
2023-04-03 12:01:37 +02:00
Werner Koch
3d094e2bcf
gpg: New option --add-desig-revoker
* g10/gpg.c (oAddDesigRevoker): New.
(opts): Add new option.
* g10/options.h (opt): Add field desig_revokers.
* g10/keygen.c (get_parameter_idx): New.
(get_parameter): Make use of get_parameter_idx.
(prepare_desig_revoker): New.
(get_parameter_revkey): Add arg idx.
(proc_parameter_file): Add designated revokers.
(do_generate_keypair): Write all designated revokers.
2023-02-16 18:10:03 +01:00
Werner Koch
103acfe9ca
gpg: New list-option --show-unusable-sigs.
* g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New.
* g10/gpg.c (parse_list_options): Add "show-unusable-sigs".
* g10/keydb.h (keyid_eq): New.
(pk_is_primary): New.
* g10/keylist.c (list_signature_print): Early return for weak key
signatures.  Print "self-signature" instead of user-id.
(list_keyblock_print): Simplify and always set self-sig node flag.
--

This patch avoid the printing of often hundreds of "Invalid digest
algorithm" notices during key signature listings if those key
signatures were done with SHA1.  The new option can be used to revert
the behaviour.

We now also print "[self-signature]" with --check-sigs or --list-sigs
instead of the primary user id.  This makes such listing easier to read.
2023-02-07 14:50:03 +01:00
Werner Koch
5a223303d7
gpg: Make "--list-options show-sig-subpackets=n,m" work again.
* g10/gpg.c (parse_list_options): Set value for show-sig-subpackets.
--

Fixes-commit: 811cfa34cb3e7166f0cf1f94565504dee21cd9f5
and thus a regression in 2.4.0
2023-01-31 11:32:41 +01:00
Werner Koch
9610faad90
Post release updates
--
2022-12-16 18:30:15 +01:00
Werner Koch
c0556edb80
Release 2.4.0 2022-12-16 17:38:03 +01:00
Werner Koch
fc8b811283
Update NEWS for 2.4.0 2022-12-16 11:01:24 +01:00
Werner Koch
edf3b8aa53
Post release updates
--
2022-10-13 18:27:32 +02:00
Werner Koch
6f12f952da
Release 2.3.8 2022-10-13 17:53:29 +02:00
Werner Koch
95651d1a4f
Post release updates
--
2022-07-11 13:39:39 +02:00
Werner Koch
bc5328f511
Release 2.3.7 2022-07-11 12:18:10 +02:00
Werner Koch
73ef575fe1
Post release updates
--
2022-04-25 16:37:47 +02:00
Werner Koch
3a8164e69c
Release 2.3.6 2022-04-25 15:48:13 +02:00
Werner Koch
60fc743da4
Post release updates
--
2022-04-21 17:53:37 +02:00
Werner Koch
a4b25bcfe1
Release 2.3.5 2022-04-21 16:48:34 +02:00
Werner Koch
02b59e282e
Post release updates.
--
2021-12-20 23:02:49 +01:00
Werner Koch
f74c65fd9b
Release 2.3.4 2021-12-20 22:03:05 +01:00
Werner Koch
d7d26eff85
Post release updates
--
2021-10-12 18:09:40 +02:00
Werner Koch
9470d03383
Release 2.3.3 2021-10-12 17:12:41 +02:00
Werner Koch
5f045c24ff
Post release updates
--
2021-08-24 19:30:52 +02:00
Werner Koch
3bf8d7e1b7
Release 2.3.2 2021-08-24 18:31:38 +02:00
Werner Koch
defd5793b6
Post release updates
--
2021-04-20 15:07:02 +02:00
Werner Koch
cbbdb88627
Release 2.3.1 2021-04-20 12:28:09 +02:00
Werner Koch
f88d6a5279
Post release updates
--
2021-04-07 20:46:21 +02:00
Werner Koch
c922a798a3
Release GnuPG 2.3.0 2021-04-07 19:04:46 +02:00
Werner Koch
1523b5f76f
gpg: New option --no-auto-trust-new-key.
* g10/gpg.c (oNoAutoTrustNewKey): New.
(opts): Add --no-auto-trust-new-key.
(main): Set it.
* g10/options.h (opt): Add flags.no_auto_trust_new_key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-03-15 10:47:19 +01:00
Werner Koch
521d3cdee5
doc: Update the NEWS file.
--
2021-03-08 22:17:04 +01:00
Werner Koch
c7d389e772
doc: Update NEWS
--
2021-02-19 18:01:25 +01:00
Werner Koch
4da91414e7
wkd: Install gpg-wks-client under bin and add wrapper for libexec
--

gpg-wks-client is a pretty useful command on the command line.
Thus we now install it at bin and provide a compatibility wrapper.
2021-02-19 12:11:38 +01:00
Werner Koch
9235c9b65b
doc: Add NEWS with news from the 2.2 series.
--
2021-02-11 12:53:28 +01:00
Werner Koch
7f3ce66ec5
gpg: Remove support for PKA.
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"pka-address@gnupg.org".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--

PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS.  This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME.  PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant.  It is anyway doubtful whether PKA was ever widely
used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-02 19:53:21 +01:00