security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-23 20:08:04 +01:00
Code Activity
10,755 Commits 102 Branches 311 Tags
Commit Graph

649 Commits

Author SHA1 Message Date
Werner Koch
bec71fdbe5
speedo: Do not build gpgme anymore. 
* build-aux/speedo.mk: Remove support gpgme.
* build-aux/speedo/w32/inst.nsi: Ditto.
* build-aux/speedo/w32/wixlib.wxs: Remove the gpgme components.
--

GPGME is either already availabale on Unix platforms or can be
installed on Widnows with gpg4win.  GnuPG itself does not require
gpgme.
 2025-02-21 12:58:39 +01:00
Werner Koch
48978ccb4e
gpg: Fix a verification DoS due to a malicious subkey in the keyring. 
* g10/getkey.c (get_pubkey): Factor code out to ...
(get_pubkey_bykid): new.  Add feature to return the keyblock.
(get_pubkey_for_sig): Add arg r_keyblock to return the used keyblock.
Request a signing usage.
(get_pubkeyblock_for_sig): Remove.
(finish_lookup): Improve debug output.
* g10/sig-check.c (check_signature): Add arg r_keyblock and pass it
down.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Use the keyblock returned by do_check_sig to
show further information instead of looking it up again with
get_pubkeyblock_for_sig.  Also re-check the signature after the import
of an included keyblock.
--

The problem here is that it is possible to import a key from someone
who added a signature subkey from another public key and thus inhibits
that a good signature good be verified.

Such a malicious key signature subkey must have been created w/o the
mandatory backsig which bind a signature subkey to its primary key.
For encryption subkeys this is not an issue because the existence of a
decryption private key is all you need to decrypt something and then
it does not matter if the public subkey or its binding signature has
been put below another primary key; in fact we do the latter for
ADSKs.

GnuPG-bug-id: 7527
 2025-02-21 12:17:46 +01:00
Werner Koch
80491dd91a
Post release updates 
--
 2025-02-12 11:59:51 +01:00
Werner Koch
ec6c2e38f1
Release 2.5.4 2025-02-12 11:42:00 +01:00
Werner Koch
ef4acfd77b
Update NEWS 
--
 2025-02-07 11:56:27 +01:00
Werner Koch
f476370916
Post release updates 
--
 2025-01-09 10:04:56 +01:00
Werner Koch
cc3e34b82a
Release 2.5.3 2025-01-09 09:22:27 +01:00
Werner Koch
a2f2523b99
Remove the default keyserver. 2025-01-08 18:19:49 +01:00
Werner Koch
a04c936096
doc: One typo fix. 
--
GnuPG-bug-id: 7479
 2025-01-08 17:26:17 +01:00
Werner Koch
faa2d3a2e7
Update README and copyright years. 
--
 2025-01-08 15:39:02 +01:00
Werner Koch
7b2748c6d8
gpg: Silence expired trusted-key diagnostics in quiet mode. 
* g10/trustdb.c (validate_keys): Take care of --quiet.
--

GnuPG-bug-id: 7351
 2024-12-05 16:32:25 +01:00
Werner Koch
0f76dd905d
Post release updates 
--
 2024-12-05 11:30:56 +01:00
Werner Koch
84e1781201
Release 2.5.2 2024-12-05 11:13:14 +01:00
Werner Koch
7e066f614a
gpg: For composite algos add the algo string to the colons listings. 
* g10/keylist.c (list_keyblock_colon): Put the algo string into the
curve field for Kyber.
--

GnuPG-bug-id: 6638
 2024-11-14 14:04:50 +01:00
Werner Koch
6b02292d31
gpg: Add option to create Kyber with --full-gen-key. 
* g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New.
(PQC_STD_KEY_PARAM): Construct from above.
(gen_kyber): Allow short curve names.
(ask_algo): Add Entry for ecc+kyber.
(ask_kyber_variant): New.
(generate_keypair): Generate ECC primary and Kyber sub.
--

GnuPG-bug-id: 6638
 2024-11-13 16:13:43 +01:00
Werner Koch
f8b1b7b4df
dirmngr: Print a brief list of URLs with LISTCRLS. 
* dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs.

* sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to
stdout if the dirmngr has been disabled.
--

GnuPG-bug-id: 7337
 2024-10-14 16:48:37 +02:00
Werner Koch
ff63ffa606
Post release updates 
--
 2024-09-12 12:08:19 +02:00
Werner Koch
72ef316aab
Release 2.5.1 2024-09-12 11:26:44 +02:00
Werner Koch
33e571a74a
gpgsm: New option --assert-signer 
* sm/gpgsm.c (oAssertSigner, oNoop): New.
(opts): Add option --assert-signer.
(assert_signer_true): New var.
(main): Set new option.
(gpgsm_exit): Handle assert_signer_true.
* sm/gpgsm.h (opt): Add field assert_signer_list.
* sm/verify.c (is_x509_fingerprint): New.
(check_assert_signer_list): New.
(gpgsm_verify): Handle option.
--

GnuPG-bug-id: 7286
 2024-09-11 14:30:40 +02:00
Werner Koch
1eb382fb1f
gpg: New option --proc-all-sigs 
* g10/options.h (flags): Add proc_all_sigs.
* g10/mainproc.c (proc_tree): Do not stop signature checking if this
new option is used.
* g10/gpg.c (oProcAllSigs): New.
(opts): Add "proc-all-sigs".
(main): Set it.
--

GnuPG-bug-id: 7261
 2024-08-23 11:28:30 +02:00
Werner Koch
c333e9dad6
speedo: Set PREFIX for bzip2 build also for Unix. 
--

bzip2 is a make-only package and thus we can't set the prefix with
configure.  We need to set PREFIX here so that the install target:

  if ( test ! -d $(PREFIX)/lib ) ; then mkdir -p $(PREFIX)/lib;fi
  [...]

does not try to install to the default PREFIX /usr/local/lib.
 2024-07-08 10:59:06 +02:00
Werner Koch
8828a5fe54
Post release updates 
--
 2024-07-05 17:28:09 +02:00
Werner Koch
4668fb1a70
Release 2.5.0 2024-07-05 14:45:16 +02:00
Werner Koch
6a40cfa6c0
gpg: Print a warning if the (draft) Kyber algorithm is used. 
* g10/keygen.c (do_generate_keypair): Check for draf Kyber stuff.
 2024-07-05 11:12:12 +02:00
Werner Koch
287e717b55
Merge branch 'STABLE-BRANCH-2-4' into master 
--
Fixed conflicts in:
	NEWS
	g10/call-agent.c
	g10/options.h
	kbx/kbxutil.c
	tools/gpgconf.c
 2024-05-16 09:46:36 +02:00
Werner Koch
3bbfcab606
Update NEWS 
--
 2024-05-15 12:31:33 +02:00
Werner Koch
4485930f9f
Merge branch 'STABLE-BRANCH-2-4' 
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
 2024-03-12 16:00:55 +01:00
Werner Koch
609b1ec0c6
Post release updates 
--
 2024-03-07 15:10:47 +01:00
Werner Koch
cbff323b3b
Release 2.4.5 2024-03-07 14:03:25 +01:00
Werner Koch
2ed1f68b48
doc: Fix spelling errors found by lintian. 
--

Reported-by: Andreas Metzler <ametzler@debian.org>
 2024-01-29 09:16:21 +01:00
Werner Koch
dfa60c09f5
Merge branch 'STABLE-BRANCH-2-4' 
--
Fixed conflicts:
	NEWS
	configure.ac
	doc/gpg.texi
 2024-01-26 09:41:00 +01:00
Werner Koch
367ae86019
Post release updates 
--
 2024-01-25 11:30:37 +01:00
Werner Koch
a43271cc08
Release 2.4.4 2024-01-25 11:06:01 +01:00
Werner Koch
b97a36f52d
Prepare the NEWS 
--
 2024-01-12 16:53:53 +01:00
Werner Koch
45f6357881
common,w32: Remove duplicated backslashes when setting the homedir. 
* common/homedir.c (copy_dir_with_fixup) [W32]: Fold double
backslashes.
--

This is in general no problem but when we hash or compare the directory
to test whether tit is the standard home directory, we may use a
different socket file and thus a second instance of a daemon.

GnuPG-bug-id: 6833
 2024-01-09 10:13:54 +01:00
Werner Koch
2764ee309a
Merge branch 'STABLE-BRANCH-2-4' 
--

Fixed conflicts in
        NEWS
	g10/encrypt.c
	sm/encrypt.c
	sm/sign.c
 2023-12-22 13:45:02 +01:00
Werner Koch
3572b19fbd
gpgsm: Support ECDSA in de-vs mode. 
* common/compliance.h (PK_ALGO_FLAG_ECC18): New.
* common/compliance.c (gnupg_pk_is_allowed): Implement.
* sm/decrypt.c (gpgsm_decrypt): Pass new flag.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--

GnuPG-bug-id: 6802
 2023-11-08 17:09:22 +01:00
Werner Koch
387ee7dcbd
Merge branch 'STABLE-BRANCH-2-4' 
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.

* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
 2023-11-07 20:38:27 +01:00
Werner Koch
678c819027
w32: Use utf8 for the asctimestamp function. 
* common/gettime.c (asctimestamp) [W32]: Use ".UTF8" for the locale.
--

This has been suggested by the reporter of
GnuPG-bug-id: 6741
 2023-10-27 14:22:10 +02:00
Werner Koch
0aa32e2429
dirmngr: Allow conf files to disable default keyservers. 
* dirmngr/server.c (ensure_keyserver): Detect special value "none"
(cmd_keyserver): Ignore "none" and "hkp://none".
--

GnuPG-bug-id: 6708
 2023-09-06 09:50:28 +02:00
Werner Koch
334f5d95c8
Merge branch 'STABLE-BRANCH-2-4' into master 2023-07-04 17:37:54 +02:00
Werner Koch
2378ccf97c
Post release updates 
--
 2023-07-04 16:44:01 +02:00
Werner Koch
d073f26d81
Release 2.4.3 2023-07-04 16:06:59 +02:00
Werner Koch
5377226ec0
Prepare NEWS for the next release 
--
 2023-06-30 10:59:06 +02:00
Werner Koch
6ed61d98a0
Add release dates of 2.4 versions to NEWS 
--
 2023-05-31 09:38:17 +02:00
Werner Koch
3c97dc2714
Post release updates 
--
 2023-05-30 16:44:00 +02:00
Werner Koch
9e86dac84f
Release 2.4.2 2023-05-30 13:53:01 +02:00
Werner Koch
f953d67446
Prepare the NEWS for the next release 
--
 2023-05-26 15:53:52 +02:00
Werner Koch
1e41878bf2
Prepare new development cycle 
--
 2023-05-10 10:23:59 +02:00
Werner Koch
625bd92410
Post release updates 
--
 2023-04-28 14:16:52 +02:00