* agent/gpg-agent.c (opts): Rename option supervised.
* dirmngr/dirmngr.c (opts): Ditto.
--
The --supervised way to start gpg-agent has been deprecated for 2.5
years and will probably entirely removed with version 2.6.0. To allow
its use until its removal the systemd service description need to be
adjusted to use this option. The reason for the deprecation are
conflicts with the way systemd starts gpg-agent and gpg expects how
gpg-agent is started. In particular gpg expects that the gpg-agent
matching its own version is started. Further the systemd way is not
portable to other platforms and long term experience on Windows has
show that the standard way of starting gpg-agent is less error prone.
Note to those who want to re-introduse this option: Pretty please do
not use socket names conflicting with our standard socket names. For
example use /run/user/1000/foo-gnupg/S.gpg-agent.
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Man page entry extended
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
--
(proofread by the debian-l10n-french team)
GnuPG-bug-id:7469
Changed original patch to use positional arguments for
"un hachage de %1$u bits n'est pa[...]"
* g10/parse-packet.c (parse_signature): Increase the cap for hashed
subpackets to 30000. Print the value in the error message. Do not
return an error but skip a too long signature.
--
The limit of 10000 served us well for decades but given the option to
put a key into the signature, a larger limit will eventually be
useful. The second part makes things a bit robust against rogue
subpackets on a keyserver.
* configure.ac (NEED_GPGRT_VERSION): Bump to 1.51.
* g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an
arg unused.
* common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an
arg unused.
* common/compliance.c (get_assumed_de_vs_compliance): Also consider a
registry entry.
--
On Windows it is easier to set the registry key than to use an envvar.
--
- Follow conventions from other zh_TW user interfaces
- Use "確定" for "OK" like KDE
- Remove extra space between keyboard accelerator like in "取消(_C)"
- Follow conventions of modern zh_TW
- Character -> 字元
- 衹有 -> 「只」有
- Fix some "pinentry" translations
Sometimes it was translated as an entry of PIN codes among a list and
not the "pinentry" tool
Signed-off-by: Kisaragi Hiu <mail@kisaragi-hiu.com>
* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.
--
GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Also avoid clearing the error by the S code of a failed mpi_print of
R.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--
Experience on Windows showed that right after re-booting we may need
some more time to get things up.
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
attached message.
--
We can't use message/rfc822 if we encrypt this message as a simple PGP
file.
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.
* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--
If tarball was created with
tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.
GnuPG-bug-id: 7380
The second patch avoid a wrong exist status status line due to the use
of log_error. But the actual cause needs stuill needs tobe
investigated.
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity. Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--
Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--
If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage. However, it used to have that E usage when it was added.
While testing this I found another pecularity: If you do
gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error. I hesitate to fix that due to
possible side-effects.
GnuPG-bug-id: 6882
* agent/trustlist.c (istrusted_internal): When LISTMODE is enabled,
TRUSTLISTFPR status output should be done.
--
GnuPG-bug-id: 7363
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Fixes-commit: 4275d5fa7a51731544d243ba16628a9958ffe3ce
