* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.
--
Reported on the mailing list. The change does not seem to have a big
regression risk, thus applied. See below for the mail
# ------------------------ >8 ------------------------
https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
* sm/certchain.c (ask_marktrusted): Avoid fingerprint printing in
quiet mode
--
And also don't print it anymore after the agent told us that the
feature has been disabled.
* sm/gpgsm.h (COMPAT_NO_CHAIN_CACHE): New.
(struct cert_cache_item_s, cert_cache_item_t): New.
(struct server_control_s): Add parent_cert_cache.
* sm/gpgsm.c (compatibility_flags): Add "no-chain-cache".
(parent_cache_stats): New.
(gpgsm_exit): Print the stats with --debug=memstat.
(gpgsm_deinit_default_ctrl): Release the cache.
* sm/certchain.c (gpgsm_walk_cert_chain): Cache the certificates.
(do_validate_chain): Ditto.
--
This gives another boost of 30% (from 6.5 to 4.0 seconds in the test
environment with ~1000 certs). do_validate_chain actually brings us
the speedup becuase the gpgsm_walk_cert_chain is not used during a key
listing. For the latter we actually cache all certificates because
that was easier.
GnuPG-bug-id: 7308
* kbx/keybox-search.c (keybox_get_cert): Store the blob clags in the
cert object.
* sm/certchain.c (do_validate_chain): Skip clearing of the ephemeral
flag if we know that it is not set.
--
GnuPG-bug-id: 7308
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--
This patch makes sure that an expired trusted key is not used for
trust computation. The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.
GnuPG-bug-id: 7200
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--
The revalidation mark was only set if the imported key had a new key
signature. This is in general correct but not if the imported key is
a trusted key.
GnuPG-bug-id: 7200
* g10/trustdb.c (store_validation_status): Remove arg 'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--
This has been here since 2003. The variable was never evaluated -
only stored.
Also added some comments.
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--
The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.
GnuPG-bug-id: 7298
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
* g10/decrypt-data.c (struct decode_filter_context_s): Add flag
checktag_failed.
(aead_checktag): Set flag.
(decrypt_data): Initially clear that flag and check the flag after the
decryption.
* g10/mainproc.c (proc_encrypted): Revert the log_get_errorcount based
check.
--
This fixes a bug where for an OCB encrypted and signed message with
the signing key missing during decryption the DECRYPTION_FAILED status
line was printed along with "WARNING: encrypted message has been
manipulated". This was because we use log_error to show that the
signature could not be verified due to the missing pubkey; the
original fix looked at the error counter and thus triggered the
decryption failed status.
Fixes-commit: 50e81ad38d
GnuPG-bug-id: 7042
* configure.ac (--enable-gpg-is-gpg2): Remove option.
(USE_GPG2_HACK): Remove var.
* common/homedir.c (gnupg_module_name): Remove code for gpg2
installation option.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (noinst_PROGRAMS): Ditto.
* doc/gpg.texi: Ditto.
* doc/gpgv.texi: Ditto.
--
This option and all its build stuff does not make anymore sense. gpg1
is way too old for anyone to use on a regualar base along with a
standard gpg. It is better to rename that single gpg (1.4) binary to
gpg1 and adjust any scripts.
--
We actually reuse the private keys here by having deleted the subkey
and crated a new one using the option "From existing key". Of course
the encrypted data changed while the plaintext stayed the same.
* g10/gpg.c (aAddRecipients, aChangeRecipients): New consts.
(opts): Add --add-recipients and --change-recipients.
(main): Handle them.
* g10/gpg.h (struct server_control_s): Add fields modify_recipients,
clear_recipients, and last_read_ctb.
* g10/armor.c (was_armored): New.
* g10/decrypt.c (decrypt_message): Add optional arg 'remusr'. Handle
re-encryption if desired.
* g10/encrypt.c (write_pubkey_enc): Factor info printing out to ...
(show_encrypted_for_user_info): new.
(reencrypt_to_new_recipients): New.
* g10/packet.h (struct parse_packet_ctx_s): Add fields only_fookey_enc
and last_ctb.
(init_parse_packet): Clear them.
* g10/parse-packet.c (parse): Store CTB in the context. Early return
on pubkey_enc and symkey_enc packets if requested.
* g10/mainproc.c (proc_encrypted): Allow for PKT being NULL. Return
early in modify-recipients mode.
(proc_encryption_packets): Add two optional args 'r_dek' and 'r_list'.
Adjust callers. Call do_proc_packets in modify-recipients mode
depending on the optional args.
(do_proc_packets): Add arg 'keep_dek_and_list'. Adjust callers. Save
the last read CTB in CTRL and return after the last fooenc_enc
packets.
--
This basically works but does not yet handle symmetric encrypted
packets (symkey_enc).
GnuPG-bug-id: 1825
(Yes, this is an at least 9 year old feature request)
* g10/build-packet.c (do_plaintext): Better error checking for
iobuf_copy.
--
Fixes-commit: 695cb04af5
GnuPG-bug-id: 6528
The original fix handles only the disk full case but didn't bother
about read errors (i.e. I/O problems on an external drive).
* scd/app.c (report_change): It's ASCII or multi-byte encoded string.
It's gpgrt's spawn function which converts it to wide char string
internally if needed.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
* tools/rfc822parse.c (struct rfc822parse_context): Add field
this_part.
(release_handle_data): Clear this_part.
(rfc822parse_open): Set this_part.
(set_current_part_to_parent): Ditto.
(insert_header): Ditto.
(rfc822parse_enum_header_lines): Replace current_part by this_part.
(find_header): Ditto.
* tools/rfc822parse.c (my_strcasecmp): Remove.
(same_header_name): New.
(rfc822_capitalize_header_name): Use new function instead.
--
With this change the header function can now be sued after the
transition to the body. Thus up until thenext MIME block is reached
the headers of the former MIME block are returned.
This also fixes a problem with the "MIME-Version" header name
capitalization.