1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

4672 Commits

Author SHA1 Message Date
Werner Koch
f0f5cb6b3e w32: Fix http access module.
* common/http.c (write_server) [W32]: Rework to use send() instead of
write even when build with npth.
(cookie_read) [W32]: Rework to use recv() instead of read even when
build with npth.
2014-11-07 18:21:50 +01:00
Werner Koch
c7c79e3193 build: Add method to use a custom swdb.lst and use adns with Windows.
* build-aux/getswdb.sh: Add option --skip-verify.
* build-aux/speedo.mk: Add config var CUSTOM_SWDB.  Tage adns version
from swdb and build for Windows with adns.
2014-11-07 18:20:06 +01:00
Werner Koch
f7e1be24c8 build: Improve test for ADNS
* configure.ac <adns>: Use adns_free as probe function for libadns.
(HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
(ADNSLIBS): Do not ac_subst - it is only used within configure.
--

adns_free is required on Windows anyway (for robustness reasons) and
it has been around for so long now that we do not need a separate
test.  An upstream adns 1.5 has meanwhile been release but I doubt that
this has the required Windows code - and it is not libtool based
anyway.
2014-11-07 18:17:52 +01:00
Werner Koch
e0db5af7ed doc: Add announce text for 2.1
--
2014-11-06 10:03:39 +01:00
Werner Koch
8ec0b384a8 speedo: Append the date to the Windows installer.
* build-aux/speedo.mk (BUILD_DATESTR): New.
(dist-source, installer): Use it.
2014-11-05 21:40:52 +01:00
Werner Koch
d280a52757 Post release updates.
--
2014-11-05 16:46:52 +01:00
Werner Koch
e22b459b91 Release 2.1.0 gnupg-2.1.0 2014-11-05 15:29:58 +01:00
Werner Koch
2402887584 speedo: Do not not assume GNU tar.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 15:29:41 +01:00
Werner Koch
6b54759976 build: Update README.maint.
--
Also fixed some typos.
2014-11-05 08:55:17 +01:00
Werner Koch
b453226f56 po: Auto update.
--

Due to removed strings.
2014-11-05 08:27:47 +01:00
Werner Koch
91b826a388 Avoid sign extension when shifting the MSB.
* sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
shifting.
* g10/build-packet.c (delete_sig_subpkt): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-05 08:23:15 +01:00
Werner Koch
46fa1e0fe9 Remove all expired common CA certificates.
* doc/com-certs.pem: Remove certifciates.
--

They might be useful for the chain validation mode but I doubt that it
is used often enough to justify having all these expired certificates
in the store.
2014-11-04 21:47:03 +01:00
Werner Koch
e568b488e7 Typo fixes.
--
2014-11-04 21:29:58 +01:00
Werner Koch
47fedda47a doc: Added What's new in 2.1 article.
--
2014-11-04 21:29:45 +01:00
Werner Koch
b3ebecfc7c Add open card manufacturer 0x0008.
--
2014-11-04 16:32:30 +01:00
Werner Koch
5e8c5727ab Remove note about estream from AUTHORS.
--

estream has been moved to libgpg-error.
2014-11-04 16:31:44 +01:00
Werner Koch
cf41763cdf Change a couple of files to use abbreviated copyright notes.
--

Also fixed some of my own copyright notices due to the termination of
my assignment.  The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
2014-11-04 16:28:03 +01:00
Werner Koch
587a0956b9 gpg: Print use --full-gen-key note using the installed name of gpg.
--
2014-11-04 10:53:12 +01:00
David Prévot
43595e8d4f po: Update French translation
--
Proofread-By: Frédéric Marchal <fmarchal@perso.be>
Proofread-By: appzer0 <appzer0@free.fr>
Proofread-By: Jean-Philippe Guérard
              <jean-philippe.guerard@tigreraye.org>
2014-11-03 11:24:31 +01:00
Werner Koch
f8c993fbe2 gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
* agent/command.c (cmd_export_key): Actually implement the cache_nonce
feature.
* g10/export.c (do_export_stream): Make use of a cache_nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 17:51:30 +01:00
Werner Koch
d95f05c314 gpg: Fix endless loop in keylisting with fingerprint.
* g10/getkey.c (getkey_next): Disable cache.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:36:40 +01:00
Werner Koch
440e8f5170 gpg: Minor cleanup for key listing related code.
* g10/getkey.c (get_pubkey_next): Divert to getkey_next.
(get_pubkey_end): Move code to getkey_end.
* g10/keydb.c (keydb_search_reset): Add a debug statement.
(dump_search_desc): Add arg HD and print the handle.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 16:31:30 +01:00
Werner Koch
a929f36693 gpg: Do not show an useless passphrase prompt in batch mode.
* g10/keygen.c: Remove unused PASSPHRASE related code.
(proc_parameter_file): Remove useless asking for a passphrase in batch
mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-02 15:43:52 +01:00
Werner Koch
794a687be0 speedo: Use --disable-ntbtls for gnupg for now.
--
2014-10-31 21:33:18 +01:00
Werner Koch
f4df71aa2d gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
* g10/gpg.c (main): Remove check.
--

We require 1.6.0 anyway.
2014-10-31 14:47:02 +01:00
Werner Koch
f74ca872df Add more signing keys.
--
The keys which may be used to sign GnuPG packages are:

  rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
  D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
  Werner Koch (dist sig)

  rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
  46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
  David Shaw (GnuPG Release Signing Key) <dshaw@jabberwocky.com>

  rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
  031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
  NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org>

  rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
  D238 EA65 D64C 67ED 4C30  73F2 8A86 1B1C 7EFD 60D9
  Werner Koch (Release Signing Key)

These keys are all created and used on tokens.  7EFD60D9 is currently
not used but ready to replace 4F25E3B6 in case the former token break.
2014-10-31 14:21:34 +01:00
Werner Koch
935edf88ab kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--

Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
Werner Koch
28ae8ad70b gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--

That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 10:31:11 +01:00
Werner Koch
433208a553 gpg: Fix testing for secret key availability.
* g10/getkey.c (have_secret_key_with_kid): Do not change the search
mode.
--

The search mode was accidentally changed to search-next after finding
the first keyblock.  The intention was to look for a duplicate keyid
in the keydb which works by not doing a keydb_search_reset.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 09:22:47 +01:00
Werner Koch
cb46e32628 gpg: Remove commented code.
--
2014-10-31 09:14:03 +01:00
Werner Koch
b47fe2b14e build: Avoid distributing backup files etc.
* Makefile.am (EXTRA_DIST): Do not include directories.
--

The make dist rules uses "cp -R" for each listed file.  Thus all cruft
from a directory is also put into the tarball.  Obviously we do not
want this.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 08:04:38 +01:00
Werner Koch
9546aa3cc8 tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-30 09:55:51 +01:00
Werner Koch
982a6e6e55 po: Add a new German translation
--
Also fixed a typo in the docs.
2014-10-29 17:10:03 +01:00
Werner Koch
0d73a242cb common: Check option arguments for a valid range.
* common/argparse.h (ARGPARSE_INVALID_ARG): New.
* common/argparse.c: Include limits h and errno.h.
(initialize): Add error strings for new error constant.
(set_opt_arg): Add range checking.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-29 17:07:51 +01:00
Werner Koch
f5592fcff3 Fix stdint.h problem for Apple.
* gl/stdint_.h [__APPLE__]: Include hack.
--

Patch suggested by Patrick Brunschwig.
2014-10-29 15:41:28 +01:00
Werner Koch
158fe90018 speedo: Fixes for native build.
* build-aux/speedo.mk (TARGETOS): Init with empty string.
(speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
(INST_VERSION, INST_PROD_VERSION): Create only for w32.
2014-10-27 18:02:46 +01:00
Werner Koch
a59a866459 po: Fixed one wrong German string.
--
2014-10-27 14:12:51 +01:00
Werner Koch
436aa90be7 doc: Re-formated some NEWS entries and added update notes to some.
--
2014-10-26 20:07:16 +01:00
Werner Koch
cdd899e160 Update NEWS.
--
gnupg-2.1.0-beta895
2014-10-26 12:48:34 +01:00
Werner Koch
4a22711e25 po: Auto update
--
2014-10-26 12:40:30 +01:00
Werner Koch
af1ff08bb9 po: Translate new string to German.
--
2014-10-26 12:40:11 +01:00
Werner Koch
c9aadcb3a2 agent: Support pinentries with integrated repeat passphrase feature.
* agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
with_repeat.
* agent/call-pinentry.c (close_button_status_cb): Rewrite and check
for PIN_REPEAT.  Change users to check only the relevant bit.
(agent_askpin): Support repeat logic of new Pinentries.

* agent/command-ssh.c (ssh_identity_register): Use the new repeat
feature.
* agent/genkey.c (agent_ask_new_passphrase): Ditto.

--

If we need to confirm a passphrase entry (e.g. for new passphrase) we
set a flag into the pinentry info block.  The we try to use the new
pinentry command SETREPEATERROR; if that fails, we continue as usual.
If that succeeds we ask the pinentry to show the repeat (confirmation)
prompt and on successful return we set another flag in the pinentry
info block so that the caller can skip its own confirmation check. A
new status line from the pinentry indicates that the feature is
actually supported (it may not be supported on certain systems for
example when using the ncurses backend).

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-24 20:40:12 +02:00
Werner Koch
7c2668b70e misc: Add logo as used with PayPal.
--
2014-10-24 09:39:22 +02:00
Werner Koch
472a4a0d82 gpg: Silence "packet with obsolete versoin" warnings.
* g10/parse-packet.c (parse_key): Print warning only in very verbose
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:17:23 +02:00
Werner Koch
1b8decc476 gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--

Without a shadow key we can't create the self-signatures.  Thus we
need to issue the learn command after each key generation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-19 14:09:04 +02:00
Werner Koch
6d9491842d dirmngr: Allow building without LDAP support.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 15:59:45 +02:00
Werner Koch
a13705f4c1 w32: Set SYSROOT to help finding config scripts.
* autogen.sh <build-w32>: Set SYSROOT.
2014-10-17 15:55:08 +02:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
60d22d54a5 dirmngr: Minor usage output fix.
--
2014-10-17 13:31:07 +02:00
Werner Koch
0df36db63e doc: Minor doc fix for --quick-lsign-key.
--
2014-10-15 16:22:03 +02:00