* doc/gpg-agent.texi: improve documentation of CARD entry in
GETEVENTCOUNTER description.
--
"stati" is unclear and confusing, and describing something in the
singular is almost always less ambiguous than leaving it in the
plural.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* Makefile.am (EXTRA_DIST): Add wixlib.wxs
* build-aux/speedo.mk (w32-wixlib): New target.
(w32-release): Build wixlib if WIXPREFIX is set.
(help): Add documentation.
* build-aux/speedo/w32/wixlib.wxs
--
This build a wixlib of the Windows binaries of GnuPG.
A wixlib is a module that can be linked into another
wix project to create an installer including this
module. Gpg4win uses the wixlib from GnuPG for
it's MSI Package.
To build the wixlib you need wine with wine-mono installed
and the wixtoolset.
When calling speedo set the variable WIXPREFIX to
the location containing the extracted toolset.
e.g.:
make -f build-aux/speedo.mk w32-wixlib WIXPREFIX=~/wix
* build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
(AUTHENTICODE_TOOL): New.
(AUTHENTICODE_FILES): New.
(installer): Sign listed files.
(AUTHENTICODE_SIGNHOST): New macro.
(sign-installer): Use that macro instead of direct use of osslsigncode.
--
This also adds code to support signing via a Token. Because there is
no specification of that token, I was not able to write a free driver
for it. Thus we resort to use a running Windows-10 instance with an
enabled ssh server to do the code signing.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e6901c2bc8)
* g10/mainproc.c (proc_encrypted): Report status of STATUS_NO_SECKEY
only when some error occurred.
--
Fixes-commit: 6cc4119ec0
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/call-agent.c (agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
* sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
NUL-terminated data from the agent.
GnuPG-bug-id: 4652
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
(setup_input_file): Rename from make_tempdir.
(expand_args): Drop support of 'o' and 'O'.
(fill_command_argv, run_with_pipe, create_temp_file) New.
(show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
(show_photos): Call show_photo.
GnuPG-bug-id: 4362
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
value as defined section 6.2.6 in CCID specification.
--
For TPDU level transfer, it was handled. This is fix for APDU level
transfer.
GnuPG-bug-id: 4646
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
level transfer.
(ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
level transfer.
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/dek.h (DEK): Use debugger friendly type of unsigned int.
* g10/mainproc.c (symkey_decrypt_seskey): Add another check.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (proc_encrypted): Only call get_session_key when
PKENC_LIST is not NULL.
Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
it's encrypted only by symmetric key.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/import.c (read_block): Make sure KEYID is availabale also on a
pending packet.
--
Reported-by: Phil Pennock
Fixes-commit: 2e349bb617
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.
--
This fix is needed on big endian machine where size_t is bigger
than integer.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (check_sig_and_print): Print a hint on how to make
use of the preferred keyserver. Remove keyserver lookup just by the
keyid. Try a WKD lookup before a keyserver lookup.
--
The use of the the keyid for lookups does not make much sense anymore
since for quite some time we do have the fingerprint as part of the
signature.
GnuPG-bug-id: 4595
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/wks-receive.c (decrypt_data): Change limit.
--
The former limit ~1MiB of was used during development.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
and return the last error when no key is available.
Fix the error report with TMP_RC for second call of
ksba_cms_get_issuer_serial.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (proc_encrypted): Check ->result against -1.
When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
* g10/pubkey-enc.c (get_session_key): Set k->result by the result of
get_it.
When no secret key is available for some reasons, return the last
specific error, if any.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
following a HTTP redirection.
--
inspired by patch from Damien Goutte-Gattat <dgouttegattat@incenp.org>
GnuPG-Bug_id: 4566
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Originally applied to 2.2. Here a minor conflict fix was needed.
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkey_byname): Add special traeatment for default
and skipped-local.
--
This change avoids error message like
gpg: error retrieving 'foo@example.org' via None: No public key
A 'None' mechanism is something internal.
Signed-off-by: Werner Koch <wk@gnupg.org>
