1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-27 11:10:13 +01:00

9002 Commits

Author SHA1 Message Date
NIIBE Yutaka
c31ba1fcbd po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-01-12 13:52:02 +09:00
Werner Koch
2ba2b7644e
Post release updates
--
2021-01-11 19:55:46 +01:00
Werner Koch
0c103cde00
Release 2.2.27 gnupg-2.2.27 2021-01-11 18:42:08 +01:00
Werner Koch
4c53b2b867
Update copyright notices.
--
2021-01-11 18:40:45 +01:00
Werner Koch
8df4f519ec
po: Auto updates
--
2021-01-11 18:39:24 +01:00
Werner Koch
3901c1a8c5
gpg,w32: Fix gnupg_remove.
* common/sysutils.c (map_w32_to_errno): New.
(gnupg_w32_set_errno): New.
(gnupg_remove) [w32]: Set ERRNO
--

To support Unicode gnupg_remove was changed to use DeleteFileW and not
properly tested because the code was alreadt used in Windows CE.
However, ERRNO was not set and thus Dirmngr failed due to

 if (!gnupg_remove (fname))
   log_info (_("removed stale te[...] file '%s'\n"), fname);
 else if (errno != ENOENT)
   {
     err = gpg_error_from_syserror ();
     log_error (_("problem remov[...] file '%s': %s\n"),
                fname, gpg_strerror (err));
     goto leave;
   }

GnuPG-bug-id: 5230
(cherry picked from commit b6967d31912912ad3c0a2ff6bf6eb9822a194562)
2021-01-11 14:26:27 +01:00
Werner Koch
cf0f67199f
speedo: Do not enable build timestamps.
--
2021-01-08 20:11:03 +01:00
Werner Koch
9f37d3e6f3
gpg: Fix --gpgconf-list case with no conf files at all.
* g10/gpg.c (get_default_configname): Remove unused function.
(main): Provide a proper filename to gpgconf_list.
--

With the new option pasrer we used "UNKOWN" in this case.  The problem
was that gpgconf --list-options chekcs that an absolute file is
provided and thus bails out if no config file is in /etc/gnupg or in
~/.gnupg/.

get_default_configname was not anymore in use because its function is
part of the new option parser.
2021-01-08 14:09:59 +01:00
Werner Koch
ff30fcd3dc
gpgconf: Fix description of two new options.
* tools/gpgconf-comp.c: Fix auto-key-import and include-key-block.
--

GnuPG-bug-id: 5221
Fixes-commit: 95b42278cafe7520d87168fb993ba715699e6bb6
2021-01-07 13:22:35 +01:00
Werner Koch
fdc5485026
wkd: Minor permission fix for created files.
* tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
(ensure_policy_file): No need to make the policy file group writable.
--

The policy file is rarely changed thus no need to g+w.  Setting +x on
a plain file does not make sense at all.

GnuPG-bug-id: 5214
(cherry picked from commit c008e8d20e12c8845403ad7dad499f6a196ecc6a)
2020-12-30 15:06:33 +01:00
Werner Koch
83e875a2d1
gpg: Initialize a variable even in a never used code path.
* g10/sign.c (write_signature_packets): Init ERR.
--

Actually we could also remove the conditional or replace it by a
log_assert.

GnuPG-bug-id: 5204
2020-12-23 16:06:09 +01:00
Werner Koch
1d5c4788ff
Post release updates
--
2020-12-21 19:09:58 +01:00
Werner Koch
c77bb1a750
Release 2.2.26 gnupg-2.2.26 2020-12-21 17:38:05 +01:00
Werner Koch
323a69ef65
common: Remove superfluous debug output from dotlock.c.
* common/dotlock.c (dotlock_create_unix): Remove debug output.
--

This was left over from developement about 10 years ago.  Exhibits
itself when using sshfs.

GnuPG-bug-id: 5193
2020-12-21 17:37:58 +01:00
Werner Koch
566c48da73
po: Auto-merge
--
2020-12-21 17:24:52 +01:00
Werner Koch
c2bc8435a9
po: Update German translation
--
2020-12-21 17:24:46 +01:00
Werner Koch
725f4a487f
build: Remove the code to build symcryptrun
--

syncryptrun is too ancient to be of any use and has not been tested in
many years.  Thus we should not allow to build it.
2020-12-21 17:24:44 +01:00
Werner Koch
261fb98c6f
doc: Explain LDAP keyserver parameters 2020-12-21 17:24:41 +01:00
Werner Koch
09dc59f6d4
common: Fix the "ignore" meta command in argparse.c
* src/argparse.c (gnupg_argparse): Factor some code out to ...
(prepare_arg_return): new.
(gnupg_argparse): No missing arg error in ignore sections.
* common/sysutils.c: Include pwd.h.
(gnupg_getusername): New.
--

Options in an [ignore] section do not anymore lead to an error if an
argument is missing.  However, if the option is also in a force
section the error is thrown.

This is a port of the fix from libgpg-error.  Also fixes the
username fixme.
2020-12-21 17:24:34 +01:00
Werner Koch
8a2e5025eb
gpg: Fix --trusted-key with fingerprint arg.
* g10/trustdb.c (tdb_register_trusted_key): Take care of that
other constant.
--

Fixes-commit: 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 17:10:01 +01:00
Werner Koch
15bfd189c0
dirmngr: Do not block threads in LDAP keyserver calls.
* dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
--

The former gpgkeys_ldap module has once been ported to dirmngr but
unfortunately the dirmngr_ldap wrapper has not been used so that we
have internal LDAP calls with these problems:

- No usable timeouts.
- On non-Windows platforms a lot of extra libs and possibly even a
  second copy of Libgcrypt is pulled in.
- Only one threads runs at a time.

This patch mitigates the last point.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-18 11:57:44 +01:00
Werner Koch
9e8d299e18
Merge branch 'wk/stable-2.2-global-options' into STABLE-BRANCH-2-2
--
2020-12-18 11:23:01 +01:00
Werner Koch
9b886adba4
dirmngr: Fix backport of the new option parser from 2.3
* dirmngr/dirmngr.c (main) <aGPGConfList>: Re-introduce
gpgconf-dirmngr.conf.
--

Fixes-commit: a028f24136a062f55408a5fec84c6d31201b2143
2020-12-18 11:21:18 +01:00
Werner Koch
559efd23e9
gpg: New AKL method "ntds"
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
support for KEYDB_SEARCH_MODE_MAIL.
(ks_ldap_get): Add a debug.
* g10/options.h (AKL_NTDS): New.
* g10/keyserver.c (keyserver_import_ntds): New.
(keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
* g10/getkey.c (parse_auto_key_locate): Support "ntds".
(get_pubkey_byname): Ditto.
2020-12-17 18:19:01 +01:00
Werner Koch
776bef74c7
dirmngr: Support "ldap:///" for the current AD user.
* dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
2020-12-17 16:09:31 +01:00
Werner Koch
c75fd75532
dirmngr: Allow LDAP searches via fingerprint.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
serverinfo and allow searching by fingerprint.
(ks_ldap_get, ks_ldap_search): First connect then create teh filter.
--

With the new schema we can finally search by fingerprint.
2020-12-17 11:19:22 +01:00
Werner Koch
c28cb5282b
dirmngr: Store all version 2 schema attributes.
* g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
* dirmngr/ks-engine-ldap.c (extract_attributes): Add args
extract-state and schemav2.  Add data for the new schema version.
remove the legacy code to handle UIDs in the "pub" line.
(ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3
2020-12-17 11:08:31 +01:00
Werner Koch
ac8ece9266
dirmngr: Support the new Active Directory schema
* dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
(my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
serverinfo arg.  Set the new info flags.
(ks_ldap_get): Adjust for change.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.  Replace xmalloc by xtrymalloc.  Change the DN
for use with NTDS (aka Active Directory).
--

This is a first take on better Active Directory support.  The main
change for NTDS in the code is that the an top-RDN of CN is used
instead of the old pgpCertID.  More changes to come; for example using
and storing the fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>

This is a backport from 2.3 without the new schema samples - they can
be found in the repo.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:05:46 +01:00
Werner Koch
0e88c73bc9
dirmngr: Do not store the useless pgpSignerID in the LDAP.
* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
              /* This bit is really for the benefit of people who
                 store their keys in LDAP servers.  It makes it easy
                 to do queries for things like "all keys signed by
                 Isabella".  */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures.  Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 11:02:49 +01:00
Werner Koch
e47de85382
dirmngr: Fix adding keys to an LDAP server.
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
addlist.
--

The code used the wrong list which resulting in adding attributes
marked for deletion.  In particular Active Directory does not accept
such an data and rejects them.  The bug was introduced into 2.1 while
porting the code from the old keyserver helpers to dirmngr.

Fixes-commit: 51341badb623927f2a358588c725a356fc77dbe7
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-17 10:23:46 +01:00
NIIBE Yutaka
3c55e15cee scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
* scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
call libusb_clear_halt.

--

Backport master commit of:
	f50373027222f28ab9d37843178a5d44cc1e3cc0

GnuPG-bug-id: 5167
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-16 10:15:43 +09:00
NIIBE Yutaka
585cfca0a6 scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
* scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.

--

Backport master commit of:

	ffabc29d5eadfe81b9f62b7d4fe6e858b191354d

GnuPG-bug-id: 5167
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-16 10:15:11 +09:00
NIIBE Yutaka
5a03bf6130 scd:openpgp: Fix writing ECC key to card.
* scd/app-openpgp.c (build_privkey_template): Adding another argument
of ecc_d_fixed_len to handle variable-size MPI.

--

Backport from master commit of:
	a25c99b156ca9acaa7712e9c09a6df0a7a23c833

GnuPG-bug-id: 5163
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-12-07 10:06:52 +09:00
Werner Koch
a028f24136
Backport of the new option parser from 2.3
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.

* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto.  Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--

This is backport from master

commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59

but without changing all functions names to gpgrt.  Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error.  This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions.  Tested builds
against 1.27 and 1.40-beta.

Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.

GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-04 12:12:20 +01:00
Werner Koch
acafa695e1
kbx: Better error message in case of a crippled Libgcrypt.
* kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
2020-12-02 11:11:47 +01:00
Jens Meißner
a3f95a29b9
doc: Add parameters for batch generation of ECC keys.
* doc/gpg.texi: Add parameters for batch generation of ECC keys.

--

There are parameters required for batch generation of ECC keys which
weren't mentioned in the documentation.

Signed-off-by: Jens Meißner <meissner@b1-systems.de>
2020-12-01 09:58:32 +01:00
NIIBE Yutaka
7d7a50ba72
common: Fix fallback handling to utf-8.
* common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.

--

GnuPG-bug-id: 5038
Fixes-commit: 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba)
2020-11-27 17:46:29 +01:00
Werner Koch
abd9aeecfb
Post release updates
--
2020-11-23 18:40:55 +01:00
Werner Koch
40f75823d2
Release 2.2.25 gnupg-2.2.25 2020-11-23 14:08:11 +01:00
Gavin L. Rebeiro
563db31467
doc: Fix typos
--
GnuPG-bug-id: 5071

Also fixed one in keyformat.txt [wk].

(cherry picked from commit 572bcacc287d24d0a2cc56442f9fb6a9ac49e12d)
2020-11-23 12:13:52 +01:00
Werner Koch
6594dc31f5
gpgconf: Also print revision of libksba.
* dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
string.
(gpgconf_versions): Print ksba revision.
--

The latest Libksba version support retrieving of the revision (commit)
id.  We now use that or print a question mark.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4070f302e4decc8d54d1305cbd30f6dab052ef7e)
2020-11-19 09:12:04 +01:00
Jakub Bogusz
f7cbf68fdd
po: Update Polish translation 2020-11-19 08:34:28 +01:00
NIIBE Yutaka
84020385be scd:openpgp: Public keys should be available for check_keyidstr.
* scd/app-openpgp.c (check_keyidstr): Call get_public_key.

--

GnuPG-bug-id: 5065
Fixes-commit: 1049f06c6d2e1a833af4c73ea67a05417bbd0967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-19 13:49:08 +09:00
Werner Koch
126fa09f8b
Post release updates
--
2020-11-17 10:51:01 +01:00
Werner Koch
5751c48035
Release 2.2.24 gnupg-2.2.24 2020-11-17 09:17:18 +01:00
Werner Koch
46f373e1a0
po: Auto update
--
2020-11-16 17:09:41 +01:00
Werner Koch
3274eb4637
scd:openpgp: Drop support for GnuPG 1.
--

It does not make sense to keep support form GnuPG 1 here given that we
don't intend to ever backport any of the current stuff to the legacy
version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-16 17:09:39 +01:00
Werner Koch
1049f06c6d
scd:openpgp: Allow keygrip to be used to reference a key
* scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
(store_keygrip): New.
(read_public_key): Store the keygrip.
(get_public_key): Sitto.
(send_keypair_info): USe the stored keygrip.
(check_keyidstr): New.  Factored out from other functions and
extended.
(do_sign): Use check_keyidstr.
(do_auth): Ditto.
(do_decipher): Ditto.
(do_check_pin): Ditto.
--

This code is a backport of commits:

b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
cd: Factor out a function to check keyidstr.

4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63
scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.

e769609cd3c12d2e26955538399172016f78d2d4
scd: Allow KEYGRIP as KEYIDSTR.

Co-authored-by: NIIBE Yutaka <gniibe@fsij.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-16 17:09:37 +01:00
Werner Koch
5d98f95aa9
gpg: Provide better diagnostic for replaced card keys.
* agent/divert-scd.c (divert_pksign): Add arg 'grip'.  Replace OPENPGP
key reference to keygrips.
(divert_pkdecrypt): Ditto.
* agent/protect.c (parse_shadow_info): Trim spaces.
* agent/pkdecrypt.c (agent_pkdecrypt): Pass the keygrip.
* agent/pksign.c (agent_pksign_do): Ditto.

* g10/mainproc.c (print_pkenc_list): Print extra info for an invalid
id error.
* g10/sign.c (do_sign): Ditto.
--

Using the keygrip instead of the identifier works on OpenPGP cards and
thus we use that to make sure that we are working on the right card.
For other cards we better don't do that to avoid regressions.  Those
other cards are also usually provided and do not allow to
self-generate the keys.

Note that old versions of the code (gpg 1.4) used the fingerprint as
additional check but that was eventually removed and now that we use
the keygrip all over the place, it is best to use this to identify a
key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-13 16:06:59 +01:00
Werner Koch
aeed0b93ff
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
* g10/keydb.h (pref_hint): Change from union to struct and add field
'exact'.  Adjust callers.
* g10/pkclist.c (algo_available): Take care of the exact hint.
* g10/sign.c (sign_file): Fix indentation.  Rework the hash from
recipient prefs.
--

This fixes a encrypt+sign case like: One recipient key has SHA512 as
highest ranked hash preference but the the signing key is a 256 bit
curve.  Because we don't want to use a truncated hash with ECDSA, we
need to have an exact match - this is in particular important for
smartcard which check that the hash matches the curves.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-13 16:02:00 +01:00