1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

3942 Commits

Author SHA1 Message Date
Werner Koch
b9b6ac9d26 gpg: Add shortcut for setting key capabilities.
* g10/keygen.c (ask_key_flags): Add shortcut '='.
* doc/help.txt (gpg.keygen.flags): New.
2014-09-26 14:44:44 +02:00
Daniel Kahn Gillmor
c76117f8b0 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
* g10/gpg.c: Add config options that should belong in scdaemon.conf
* g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.

--

In gpg2, the following options are only relevant for scdaemon:

 reader-port
 ctapi-driver
 pcsc-driver
 disable-ccid

but in gpg1, they are options for gpg itself.

Some users of gpg1 might have these options in their
~/.gnupg/gpg.conf, which causes gpg2 to fail hard if it reads that
config file.

gpg2 should not fail hard, though giving a warning (and suggesting a
move to scdaemon.conf) seems OK.

This patch does *not* reintroduce any documentation for these options
in gpg.texi, even to indicate that they are "dummy" options, since
scdaemon.texi contains the appropriate documentation.

Debian-bug-id: 762844

Program names factored out from obsolete_scdaemon_option to make
reuse without new translations easier. -wk

This is a backport of commit 371c2b14b0347209efd23b4e54e1981a12d7aeab
with parts of 20c6da50d4f6264d26d113d7de606971f719a0ca but without those
which would change existing translated strings. -wk
2014-09-25 22:28:36 +02:00
Kristian Fiskerstrand
07006c9916 gpg: Need to init the trustdb for import.
* g10/trustdb.c (clear_ownertrusts): Init trustdb.

--

This was fixed in 1.4 branch in commit
23191d7851eae2217ecdac6484349849a24fd94a but was not applied to the
2.0 branch that exhibits the same problem. This is actually a hack
to fix a bug introduced with commit 2528178.

GnuPG-bug-id: 1622
2014-09-03 09:46:30 +02:00
Werner Koch
d91db67e51 build: Print an error message if zlib is not installed.
* configure.ac (missing_zlib): New.
2014-08-26 16:13:21 +02:00
Werner Koch
c45b9819e8 gpg: Allow for positional parameters in the passphrase prompt.
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--

Without that at least the French translation does not always work
because it requires positional parameters.  Windows for example does
not support them as they are not defined by C99 but by POSIX.
2014-08-26 10:16:44 +02:00
Werner Koch
ee30bb945f Post release updates.
--
2014-08-12 20:41:28 +02:00
Werner Koch
5b2dcdd513 Release 2.0.26 gnupg-2.0.26 2014-08-12 20:28:25 +02:00
Werner Koch
9f3619cb5d po: Auto-update due to removed string.
--
2014-08-12 16:09:21 +02:00
Werner Koch
b972ec3966 sm: Create homedir and lock empty keybox creation.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c: Include fcntl.h.
(try_make_homedir): New.  Similar to the one from g10/openfile.c
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
2014-08-12 16:08:09 +02:00
Werner Koch
90397c9343 Remove trailing white space from two files.
--
2014-08-12 16:03:02 +02:00
Werner Koch
5860cc7938 jnlib: Fix typo in header inclusion protection macro.
--
GnuPG-bug-id: 1669
2014-08-11 17:25:36 +02:00
NIIBE Yutaka
f7eb5be511 po: Update Japanese translation. 2014-08-08 10:08:01 +09:00
Werner Koch
088f82c0b5 gpg: Fix regression due to the keyserver import filter.
* g10/keyserver.c (keyserver_retrieval_filter): Change args.  Rewrite
to take subpakets in account.
* g10/import.c (import_one, import_secret_one): Pass keyblock to
filter.
--

GnuPG-bug-id: 1680
2014-08-06 17:11:21 +02:00
Werner Koch
25d5480e98 gpg: Add kbnode_t for easier backporting.
* g10/gpg.h (kbnode_t): New.
2014-08-06 17:09:15 +02:00
Simon Josefsson
4500d3cb6d Add OpenPGP card manufacturer Yubico (6). 2014-07-21 16:05:54 +02:00
Andreas Schwier
5798673156 scd: Allow for certificates > 1024 with PC/SC.
* scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
allow for larger certificates.
2014-07-21 14:49:43 +02:00
Werner Koch
9a1e195348 gpg: Cap size of attribute packets at 16MB.
* g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
size of packet.
--

Tavis Ormandy reported a fatal error for attribute packets with a zero
length payload.  This is due to a check in Libgcrypt's xmalloc which
rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
obvious.

In addition we cap the size of attribute packets similar to what we do
with user id packets.  OpenPGP keys are not the proper way to store
movies.

Resolved conflicts:
	g10/parse-packet.c - indentation.  Use plain fprintf.
2014-07-21 14:46:41 +02:00
Werner Koch
40215d8ecd Post release updates.
--
2014-06-30 18:02:24 +02:00
Werner Koch
621aa6bb48 Release 2.0.25 gnupg-2.0.25 2014-06-30 17:41:18 +02:00
Werner Koch
998f085297 estream: Fix minor glitch in "%.*s" format.
* common/estream-printf.c (pr_string): Take care of non-nul terminated
strings.
--
Resolved conflicts:
	common/estream-printf.c - white spaces
2014-06-30 17:31:46 +02:00
Werner Koch
505f0a642f scd: Support reader Gemalto IDBridge CT30
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--

GnuPG-bug-id: 1638

Resolved conflicts:
	scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
2014-06-27 09:56:33 +02:00
Werner Koch
48d92bcc88 gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--

It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
2014-06-27 09:50:54 +02:00
Werner Koch
045c979a76 agent: Let gpg-protect-tool pass envvars to pinentry.
* agent/protect-tool.c (opt_session_env): New.
(main): Pass session environment object to
gnupg_prepare_get_passphrase.
--
GnuPG-bug-id: 1402

The full story can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=548528

Sorry for the delay.
2014-06-25 17:19:08 +02:00
Werner Koch
044847a0e2 gpg: Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--

This is a fix for commit 5e933008.

The old code did only work for a single key.  It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
2014-06-25 14:33:34 +02:00
Werner Koch
616126530f Add CVE number
--
2014-06-24 20:12:26 +02:00
Werner Koch
6aa0464db9 Post release updates
--
2014-06-24 15:43:46 +02:00
Werner Koch
41dcd32218 Release 2.0.24 gnupg-2.0.24 2014-06-24 15:22:31 +02:00
Werner Koch
3b90ddde25 po: Auto-update
--
2014-06-24 15:10:54 +02:00
Kristian Fiskerstrand
1242a72923 gpg: Fix a couple of spelling errors 2014-06-24 14:37:26 +02:00
Werner Koch
017c6f8fba doc: Update from master.
--
2014-06-24 13:54:30 +02:00
Werner Koch
8e39fe810d gpg: Do not link gpgv against libassuan.
* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
--

This is not required.

GnuPG-bug-id: 1533
2014-06-24 13:52:02 +02:00
Werner Koch
fb274a3cf3 po: Update de.po 2014-06-24 11:14:20 +02:00
Werner Koch
a37f63d7b8 common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6
* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
defined.
2014-06-24 11:06:32 +02:00
Werner Koch
aacb43a730 Remove thread callbacks for libgcrypt >= 1.6.
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--

This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
2014-06-24 10:56:19 +02:00
Werner Koch
2daa112a74 Improve configure option --with-libgpg-error-prefix
--
GnuPG-bug-id: 1561

Note that this is not a complete solution.  The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed.  The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
2014-06-24 10:36:15 +02:00
Werner Koch
76b0b076d0 gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--

GnuPG-bug-id: 1650

Note that this patch is a bit more limited than the one in 2.1.
2014-06-24 10:08:39 +02:00
Werner Koch
9607bc0b9f gpg: Make show-uid-validity the default. 2014-06-24 09:53:46 +02:00
Stefan Tomanek
5e933008be gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()

--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.

Signed-off-by: Stefan Tomanek <tomanek@internet-sicherheit.de>

Re-indention and minor changes by wk.

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
	g10/main.h
2014-06-24 09:53:04 +02:00
Werner Koch
e790671cb3 gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--

Suggested-by: Dominik Heidler <dominik@heidler.eu>
2014-06-24 09:13:38 +02:00
Werner Koch
ceef5568d5 ssh: Fix for newer Libgcrypt versions.
* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.
--

Reported-by: Anatol Pomozov
2014-06-23 13:16:44 +02:00
Werner Koch
014b2103fc gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--

A packet like (a3 01 5b ff) leads to an infinite loop.  Using
--max-output won't help if it is a partial packet.  This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.

Thanks to Olivier Levillain and Florian Maury for their detailed
report.
2014-06-20 20:24:52 +02:00
Werner Koch
52b96ef6b8 doc: Update for modern makeinfo.
* doc/texi.css: Remove.
* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
2014-06-03 13:34:24 +02:00
Werner Koch
07f8a37637 maint: Of course we only use https in the announcements.
--
2014-06-03 11:29:34 +02:00
Werner Koch
6d41c9b9ea Post release updates.
--
2014-06-03 11:25:04 +02:00
Werner Koch
6209c6d9ad Release 2.0.23 gnupg-2.0.23 2014-06-03 10:11:50 +02:00
Werner Koch
c18755a260 po: Auto-update due to one new entry.
--
2014-06-03 09:54:56 +02:00
Werner Koch
71b0cd534b doc: Adjust Makefile for fixed yat2m.
* doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.
2014-06-03 09:48:48 +02:00
Werner Koch
d03df68851 doc: Update from master
--
2014-06-03 09:05:25 +02:00
Werner Koch
d7750a15d5 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.

(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)

Resolved conflicts:
	g10/photoid.c - whitespaces
2014-06-03 08:55:31 +02:00
Werner Koch
2a415c47ea common: Add z-base-32 encoder.
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
--
(cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e)

Resolved conflicts:
	common/Makefile.am
2014-06-03 08:53:31 +02:00