1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

9882 Commits

Author SHA1 Message Date
NIIBE Yutaka
e89d57a2cb
tests: Fix tests/gpgme for in-source-tree builds.
* tests/gpgme/Makefile.am: Don't use setup.scm/ dir.
* tests/gpgme/all-tests.scm: Fix the name of the environment.

--

GnuPG-bug-id: 6313
Fixes-commit: c19ea75f10d6278569619f90977ce7c820e9319d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-21 10:52:24 +09:00
Werner Koch
9610faad90
Post release updates
--
2022-12-16 18:30:15 +01:00
Werner Koch
c0556edb80
Release 2.4.0 gnupg-2.4.0 2022-12-16 17:38:03 +01:00
Werner Koch
ca60c02d92
po: update-po
--
2022-12-16 17:37:33 +01:00
Werner Koch
e09750cd39
po: Fixed two new fuzzies in the Czech translation.
--

They were obvious.
2022-12-16 17:36:25 +01:00
Petr Pisar
c6e742dffe
po: Update Czech translation
--
2022-12-16 17:31:44 +01:00
Werner Koch
30a98b0b21
common: Fix translations in --help for gpgrt < 1.47
* common/mapstrings.c (map_static_macro_string): Add hack.
--
2022-12-16 17:29:12 +01:00
Werner Koch
7d1010256b
po: Update German translation
--
2022-12-16 16:26:07 +01:00
Werner Koch
548c3701e5
gpg: Fix a typo in a rarely shown diagnostic
--
2022-12-16 16:25:20 +01:00
Werner Koch
49d16f4f6e
gpg: Do not continue the export after a cancel for the primary key.
* g10/export.c (do_export_one_keyblock): Handle a cancel for the
primary key special.
--

GnuPG-bug-id: 6093
2022-12-16 15:34:41 +01:00
Werner Koch
f297803a67
gpg: Replace use of PRIu64 in log_debug
* g10/cipher-aead.c (do_flush): Use %llu and a cast.
* g10/decrypt-data.c (aead_underflow): Ditto.
--

Fixes-commit: b2cedc108d5cabb07f496c31c11c9cba6f328f76

We don't use the system's printf but the one implemented by
us (gpgrt's estream-printf) thus the PRIu64 may or may not be correct.
We can't do much about the -Wformat errors due to our different
implementation.
2022-12-16 15:34:37 +01:00
Werner Koch
329dd3fa8c
tests: Fix missing test message.
--
2022-12-16 12:02:35 +01:00
Werner Koch
89d75b9352
speedo: Add updates from 2.2
--
2022-12-16 11:24:07 +01:00
Werner Koch
fc8b811283
Update NEWS for 2.4.0 2022-12-16 11:01:24 +01:00
Werner Koch
25bef01e7a
doc: Typo fixes
--

Reported-by: Andreas Metzler
GnuPG-bug-id: 6309
2022-12-16 11:01:23 +01:00
NIIBE Yutaka
c19ea75f10
tests: Fix make check with GPGME.
* tests/gpgme/Makefile.am: Create directories for logs.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-16 13:11:14 +09:00
Werner Koch
f9ea5dc831
agent: Allow arguments to "scd serialno" in restricted mode.
* agent/command.c (cmd_scd): Allow it.
--

This is important because Scute uses "SCD SERIALNO --all".
2022-12-12 14:43:01 +01:00
Werner Koch
061efac03f
scd:p15: Skip deleted records.
* scd/app-p15.c (select_and_read_record): Special case deleted
records.  Support 3 byte TLVs.
(read_ef_prkdf): Skip deleted records.
(read_ef_pukdf): Ditto.
(read_ef_cdf): Ditto.
(read_ef_aodf): Ditto.
--

This fixes a problem with some CardOS 5 applications.
2022-12-09 08:49:28 +01:00
NIIBE Yutaka
f32d0c9c0f
build: Remove Windows CE support.
* agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove.
* autogen.sh: Remove W32ce_ variables.
* configure.ac: Likewise.
* dirmngr/Makefile.am (extra_bin_ldflags): Remove.
* g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove.
* kbx/Makefile.am: Likewise.
* sm/Makefile.am (extra_bin_ldflags): Remove.
* tools/Makefile.am (extra_bin_ldflags): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-09 14:06:08 +09:00
Werner Koch
278f85d1bc
wkd: Do not send/install/mirror expired user ids.
* tools/gpg-wks.h (struct uidinfo_list_s): Add fields expired and
revoked.
* tools/wks-util.c (append_to_uidinfo_list): Add args expired and
revoked.
(set_expired_revoked): New.
(wks_list_key): Set expired and revoked.
(wks_cmd_install_key): Skip expired uids.
* tools/gpg-wks-client.c (command_check): Print flags.
(command_send): Ignore expired keys.
(mirror_one_key): Ditto.

* g10/export.c (do_export_stream): Silence warning.
--

GnuPG-bug-id: 6292
2022-12-06 09:23:16 +01:00
Werner Koch
58819c024a
gpgsm: Print the revocation time also with --verify.
* sm/certchain.c (is_cert_still_valid): Print revocation reason.
2022-12-05 17:48:24 +01:00
Werner Koch
1c2bdd80b1
gpgsm: Fix "problem re-searching certificate" case.
* sm/keydb.c (keydb_set_cert_flags): Fix error test.
2022-12-05 17:30:26 +01:00
Werner Koch
b6abaed2b5
gpgsm: Print revocation date and reason in cert listings.
* dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and
r_revocation_reason.
* dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status.
(cmd_checkocsp): Ditto.

* sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields.
(isvalid_status_cb): Parse REVOCATIONINFO.
(gpgsm_dirmngr_isvalid): Add args r_revoked_at and
r_revocation_reason.

* sm/gpgsm.h (struct server_control_s): Add fields revoked_art and
revocation_reason.
* sm/keylist.c (list_cert_raw): Print revocation date.
(list_cert_std): Ditto.
--

Note that for now we do this only for OCSP because it is an important
piece of information when using the chain model.  For a sample key see
commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
2022-12-05 16:42:08 +01:00
Werner Koch
4f1b9e3abb
gpgsm: Silence the "non-critical certificate policy not allowed".
* sm/certchain.c (check_cert_policy): Print non-critical policy
warning only in verbose mode.
2022-12-05 14:31:45 +01:00
Werner Koch
7fa1d3cc82
gpgsm: Always use the chain model if the root-CA requests this.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Do not use
option --force-default-responder.
* sm/certchain.c (is_cert_still_valid): Rename arg for clarity.
(gpgsm_validate_chain): Always switch to chain model.
--

The trustlist.txt may indicate that a root CA issues certificates
which shall be validated using the chain model.  This is for example
the case for qualified signatures.  Before this change we did this
only if the default shell model indicated that a certificate has
expired.  This optimization is technically okay but has one problem:
The chain model requires the use of OCSP but we switch to this only
when running the chain model validation.  To catch revoked
certificates using OCSP we need to always switch to the chain model
unless OCSP has been enabled anyway.

Note that the old --force-default-responder option is not anymore
used.

Test cases are certificates issued by

  # CN=TeleSec qualified Root CA 1
  # O=Deutsche Telekom AG
  # C=DE
  # 2.5.4.97=USt-IdNr. DE 123475223
  90:C6:13:6C:7D:EF:EF:E9:7C:C7:64:F9:D2:67:8E:AD:03:E5:52:96 \
    S cm qual relax

A sample revoked certificate is

-----BEGIN CERTIFICATE-----
MIIDTzCCAvSgAwIBAgIQIXfquQjq32B03CdaflIbiDAMBggqhkjOPQQDAgUAMHEx
CzAJBgNVBAYTAkRFMRwwGgYDVQQKDBNEZXV0c2NoZSBUZWxla29tIEFHMSMwIQYD
VQQDDBpUZWxlU2VjIFBLUyBlSURBUyBRRVMgQ0EgMTEfMB0GA1UEYQwWVVN0LUlk
TnIuIERFIDEyMzQ3NTIyMzAeFw0yMDA2MjIxMDQ1NDJaFw0yMzA2MjUyMzU5MDBa
MDAxCzAJBgNVBAYTAkRFMRUwEwYDVQQDDAxLb2NoLCBXZXJuZXIxCjAIBgNVBAUT
ATMwWjAUBgcqhkjOPQIBBgkrJAMDAggBAQcDQgAEbkEXUuXTriWOwqQhjlh11oCc
6Z8lQdQDz3zY/OEh8fMJS7AKBNo8zkpPKDJ2olPph18b1goEbLiqHQsPRPahDaOC
AaowggGmMB8GA1UdIwQYMBaAFP/0iep1rMXT0iQ0+WUqBvLM6bqBMB0GA1UdDgQW
BBQEI3xsIUDnoOx+gLYbG63v5/f9kjAOBgNVHQ8BAf8EBAMCBkAwDAYDVR0TAQH/
BAIwADAgBgNVHREEGTAXgRV3ZXJuZXIua29jaEBnbnVwZy5jb20wPQYDVR0gBDYw
NDAyBgcEAIvsQAECMCcwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wa3MudGVsZXNlYy5k
ZS9jcHMwgYQGCCsGAQUFBwEBBHgwdjBLBggrBgEFBQcwAoY/aHR0cDovL3RxcmNh
MS5wa2kudGVsZXNlYy5kZS9jcnQvVGVsZVNlY19QS1NfZUlEQVNfUUVTX0NBXzEu
Y3J0MCcGCCsGAQUFBzABhhtodHRwOi8vcGtzLnRlbGVzZWMuZGUvb2NzcHIwXgYI
KwYBBQUHAQMEUjBQMAgGBgQAjkYBATAIBgYEAI5GAQQwOgYGBACORgEFMDAwLhYo
aHR0cHM6Ly93d3cudGVsZXNlYy5kZS9zaWduYXR1cmthcnRlL2FnYhMCZW4wDAYI
KoZIzj0EAwIFAANHADBEAiAqgB8gyZyj05CRdHD5KJcpG68DzQECYnYP6ZPasUYK
AQIgI1GtRMJWvFTIKsZpgY+ty0pRb5/K09fbmvaSAKFpv/I=
-----END CERTIFICATE-----
2022-12-05 14:25:04 +01:00
Werner Koch
1a85ee9a43
gpg: New export option "mode1003".
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--

This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.

Note that --import is not yet able to handle this new mode.  Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
2022-12-02 10:09:58 +01:00
Werner Koch
1d88e14de7
gpg: Remove a mostly duplicated function.
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
2022-12-02 10:09:58 +01:00
NIIBE Yutaka
0a93b5b96a
tests: Simplify fake-pinentry to use the option only.
* tests/openpgp/fake-pinentry.c (parse_pinentry_user_data): New.
(main): Don't use PINENTRY_USER_DATA env var.

--

Since environment variable is unreliable, use the option only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 16:55:49 +09:00
NIIBE Yutaka
7c6b014d3b
tests: Fix fake-pinentry for Windows.
* tests/openpgp/fake-pinentry.c (main): Override PINENTRY_USER_DATA,
by the option.

--

In the Assuan implementation for Windows, spawn function doesn't call
the atfork callback.  Thus, the environment variable is not updated by
gpg-agent when it spawns pinentry.  Reliable way is the interaction
to override the option.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 16:16:07 +09:00
NIIBE Yutaka
7663fdd983
tests: Fix make check-all.
* Makefile.am (TESTS_ENVIRONMENT): Add GNUPG_IN_TEST_SUITE.

--

Fixes-commit: 50d12860ef21e8480474fd94a0b4465d0339086d
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-02 09:58:51 +09:00
Werner Koch
e094616cb7
agent: Fix import of protected v5 keys.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Take care of
version 5 keys.
--

GnuPG-bug-id: 6294
2022-12-01 10:12:21 +01:00
Werner Koch
2d8ac55d26
gpgsm: Change default algo to AES-256.
* sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change.
2022-12-01 10:12:21 +01:00
NIIBE Yutaka
1b434111a1
tests: Put a workaround for semihosted environment.
* tests/openpgp/defs.scm [*win32*]: Use --build-prefix option.

--

On the semihosted environment, output of simple gpgconf
--list-components includes drive name (like Z:), which results failure
of command invocation.  This is a workaround.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 17:11:32 +09:00
NIIBE Yutaka
594c3274d6
tests: More fix for semihosted environment.
* common/all-tests.scm: Conditionalize by *win32*.
* tests/cms/Makefile.am (GPGSM): Add missing GPGSM.
* tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Add EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 17:09:45 +09:00
NIIBE Yutaka
f182c284fb
tests: Support semihosted environment.
* Makefile.am (check-all): Add EXEEXT.
* agent/all-tests.scm: Append EXEEXT.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 13:59:06 +09:00
NIIBE Yutaka
a9a1ee8726
tests: Fix tests under cms.
* tests/cms/all-tests.scm: Remove merge mistake.

--

Fixes-commit: 1246e16432b4240ad81c0bd757d7458b609dfd96
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 10:33:20 +09:00
NIIBE Yutaka
e1e26a49bf
tests,w32: Fix for semihosted environment.
* tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Add EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-12-01 09:21:41 +09:00
NIIBE Yutaka
50c6515360
w32: Fix for tests on semihosted environment.
* Makefile.am (all-local): Make links with EXEEXT.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 16:50:10 +09:00
NIIBE Yutaka
8e8971403f
w32: Fix gnupg_unsetenv.
* common/sysutils.c (gnupg_unsetenv): Don't use nonstandard extension
of "NAME", but "NAME=".

--

Microsoft implementation of putenv works to remove an environment
variable by "NAME=".

POSIX doesn't say that putenv with "NAME=" has same effect.  GNU
implementation doesn't support this way for removal of environment
variable.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 15:56:03 +09:00
NIIBE Yutaka
de0c563f29
doc: Deprecate scd-event option of scdaemon.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-30 11:47:01 +09:00
Werner Koch
c3f9f2d497
wkd: New option --add-revocs and some fixes.
* tools/gpg-wks.h (opt): Add add_revocs.
* tools/wks-util.c (wks_get_key): Add arg 'binary'.
(wks_armor_key): New.
(wks_find_add_revocs): New.
(wks_cmd_install_key): Get key in binary mode and add revocations if
enabled.
* tools/gpg-wks-client.c (oAddRevocs): New.
(opts): Add --add-revocs.
(parse_arguments): Set option,
(command_send): Get key in binary mode, add revocations if enabled,
and explictly armor key.  Remove kludge to skip the Content-type line
in no_encrypt mode.

(mirror_one_keys_userid): Always filter the key to get rid of the
armor as received from dirmngr.  Add revocations from the local
keyring.
--

Note that this also fixes an oddity of the new mirror command which
used to store the keys armored as received from dirmngr.
2022-11-29 17:17:50 +01:00
Werner Koch
fbc52f5501
doc: Comment typo fix
--
2022-11-29 15:28:35 +01:00
Werner Koch
34fafa50f1
wkd: Make use of --debug extprog.
* tools/wks-util.c (debug_gpg_invocation): New.
(get_key_status_cb): Enable debug output.
(wks_get_key): Show gpg invocation.
(wks_list_key): Ditto.
(wks_filter_uid): Ditto.
2022-11-29 10:43:54 +01:00
Werner Koch
c985b52e71
gpg: New export-filter export-revocs
* g10/options.h (EXPORT_REVOCS): New.
* g10/export.c (export_select_filter): New.
(struct export_filter_attic_s): Add field.
(cleanup_export_globals): Cleanup.
(parse_export_options): Add option "export-revocs".
(parse_and_set_export_filter): Parse the select type.
(do_export_revocs): New.
(do_export_stream): Add a way to select things for export.
2022-11-28 12:44:02 +01:00
NIIBE Yutaka
a4698d0fb2
gpg: Fix double-free in gpg --card-edit.
* g10/card-util.c (change_name): Don't free ISONAME here.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-28 16:59:21 +09:00
Werner Koch
2aacd843ad
gpg: Make --require-compliance work with out --status-fd
* g10/mainproc.c (proc_encrypted): Set complaince_de_vs also if
require-compliance is set.
--

Without this fix require-compliance would fail if no --status-fd was
used.
2022-11-28 08:21:59 +01:00
Werner Koch
1324dc3490
gpg: New option --list-filter
* g10/gpg.c (oListFilter): New.
(opts): Add --list-filter.
(main): Parse oListFilter.
* g10/keylist.c: Include init.h and recsel.h.
(struct list_filter_s, list_filter): New.
(release_list_filter): New.
(cleanup_keylist_globals): New.
(parse_and_set_list_filter): New.
(list_keyblock): Implement --list-filter type "select".

* g10/import.c (impex_filter_getval): Add scope support and new
property names "key-size", "algostr", "origin", "lastupd", and "url".
--

This option is pretty useful to select keys based on their properties.
The scope thing can be sued to limit a selection to just the primary
key or to subkeys.  For example:

  gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'

Lists all non-revoked keys with an ed25519 (signing)-subkey.
2022-11-25 16:04:54 +01:00
Werner Koch
d70779bdc6
dirmngr: Silence ocsp debug output.
* dirmngr/ocsp.c (check_signature_core): No debug output
--

Also typo and doc fixes.
2022-11-25 09:26:30 +01:00
NIIBE Yutaka
1246e16432
tests: Fix to support --enable-all-tests and variants.
* tests/gpgscm/tests.scm (test::scm): Add VARIANT argument.
(tests::new): Likewise.
(open-log-file, report): Support VARIANT.
* tests/gpgme/all-tests.scm (setup-c, setup-py): Follow the change.
* tests/cms/all-tests.scm: Likewise.
* tests/cms/run-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.

--

Forward port from 2.2 branch of:
	0fd7a902070ad9bdd835fa57dbadff25917bca42

Fixes-commit: 1c88104a3f00f7ca3790fbaab8f67b2b68cd6e18
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 15:57:25 +09:00
NIIBE Yutaka
7071f30762
tests:w32: Fix for non-dot file name for Windows.
* tests/migrations/from-classic.scm (assert-migrated): Handle the case
on Windows.

--

Forward port from 2.2 branch of:
	754175a46d3bc34e9ef8098dbd05abdfd61ada64

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-24 11:46:36 +09:00