* dirmngr/http.c (http_session_new) <gnutls>: Use only the special
pool certificate for the default keyserver.
--
The gnutls version uses a different strategy than the ntbtls version
on when to use the special SKS pool certificate. This patch aligns it
so that we don't need to wonder about different kind of bug reports.
In short the special cert is now the only cert use with the default
keyserver.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Fixes-commit: 5ade2b68db231c78d8ecca0eb21db2153da958d2
which was recently pushed to make use of $SOURCE_DATE_EPOCH
as fallback.
(cherry picked from commit 61bb75d045a3709d1cba0084c95e991dfd52c8ee)
Signed-off-by: Werner Koch <wk@gnupg.org>
--
Take care: Running under valgrind takes loooong and in some case you
may run into an valgrind internal error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--
In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter. Thus there should be no
problem because the assert call check s buffer first. For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable. That does not happen with our
log_assert. Tested with gcc 8.3.0 and valgrind 3.14.0.
* g10/getkey.c (fixup_uidnode): Increase size of prefs array.
--
GnuPG-bug-id: 5050
Fixes-commit: ab7a0b07024c432233e691b5e4be7e32baf8d80f
which introduced a feature to show the AEAD preferences of keys
created with rfc4880bis capable software (e.g. GnuPG 2.3-beta).
The same code in 2.3 is correct, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/certdump.c (parse_dn_part): Fix parser flaw.
--
This could in theory result in reading bytes after a after Nul in a
string and thus possible segv on unallocated memory or reading other
parts of the memory. However, it is harmless because the rfc2253
strings have been constructed by libksba.
GnuPG-bug-id: 5037
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app-openpgp.c (verify_chv2): Check availability of keys in
question.
--
Backport master commit of:
af189be481df02a77e088aa0a60a1fc02dfa12bf
With buggy Gnuk (<= 1.2.15), when no encr/auth keys are available,
it fails decrementing the signature error counter. This change
can avoid the issue.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/call-pinentry.c (start_pinentry): When TERM is none,
don't send OPTION ttytype to pinentry.
--
GnuPG-bug-id: 4137
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0076bef2026a87c4c0e05bad7d322638b1de3f37)
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--
Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.
Signed-off-by: Werner Koch <wk@gnupg.org>
Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
* agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
(opts): Make --enable-extended-key-format a dummy option. Add
disable-extended-key-format.
(parse_rereadable_options): Implement oDisableExtendedKeyFormat.
* agent/protect.c (agent_protect): Be safe and set use_ocb either to
to 1 or 0.
--
Extended key format is supported since version 2.1.12 which should have
long been replaced by a newer version in all installations. Thus for
2.2.22 we will make use of the extended-key-format by default.
This is a backport of the commits:
05eff1f6623c272fcabd4e238842afc832710324
91ae3e7fb66271691f6fe507262a62fc7e2663a3
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar.c (oUtf8Strings): New.
(opts): Add option --utf8-strings.
(parse_arguments): Set option.
* tools/gpgtar.h (opt): Add field utf8strings.
* tools/gpgtar-create.c (name_to_utf8): New.
(fillup_entry_w32): Use that.
(scan_directory): Ditto.
(scan_directory) [W32]: Convert file name to utf8.
(gpgtar_create): Convert pattern.
--
Note that this works only with file names read from a file or if the
specified files on the command line are plain ascii. When recursing
into a directory Unicode file names work again. This limitation is
due to main(int, char**) which can't get the wchar version. We could
fix that but is needs a bit more work in our init code.
GnuPG-bug-id: 4083
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
(gnupg_chdir): Divert to gpgrt_chdir
--
To avoid bumping up the build dependency on libgpg-error 1.28 we use
the gpgrt version only if at least this libgpg-error version was used
at build time. This won't fix any bugs though and it is in general
advisable to use the latest libgpg-error. There are actually a couple
of very useful bug fixes for Windows in the upcoming libgpg-error 1.39
but on Unix you can live without them.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/utf8conv.c (get_w32_codepage): New.
(wchar_to_native): Use instead oc CP_ACP.
(native_to_wchar): Ditto.
--
This should fix quite some issue; we fixed it when using the iconv
based machinery about 14 years ago. At some point we introduced the
new conversion functions because Windows started to support UTF-8
natively. The fix comes late but well, it is done.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
* common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
arg to w32_strerror.
--
This is in particular annoying since we started to use a string
argument sanitizer in the logging code. Before that we just add an
extra blank line.
The second patch corrects a never yet seen error message.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgtar-create.c (gpgtar_create): Add args files_from and
null_names. Improve reading from a file.
* tools/gpgtar.c: Make global vars static.
(main): Remove tests for --files-from and --null option combinations.
Pass option variables to gpgtar_create.
--
GnuPG-bug-id: 5027
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
(list_cert_raw): Print the SHA2 fingerprint.
(list_cert_std): Ditto.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: e7d70923901eeb6a2c26445aee9db7e78f6f7f3a
Here in 2.2 we keep the string "fingerprint:" and no not change it to
"sha1 fpr" as we did in master (2.3).
--
With 2.2 we want to use libgcrypt 1.8 as long as this is maintained.
This is in particular necessary for the approved GnuPG VS Desktop
release.
Signed-off-by: Werner Koch <wk@gnupg.org>