1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

3878 Commits

Author SHA1 Message Date
Werner Koch
ebbce67489 Update the German translation. 2013-07-03 15:21:33 +02:00
Werner Koch
90b419f3e9 agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 15:20:25 +02:00
Werner Koch
8b0cf1f59e po: Auto updates.
--
2013-07-03 13:40:16 +02:00
Werner Koch
0c01a04369 Update the German translation. 2013-07-03 13:32:52 +02:00
Werner Koch
9f32499f99 ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support.  Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--

This patch enables support for Putty.  It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file.  It
also works with a smartcard key.

May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 13:29:47 +02:00
Werner Koch
ed056d67c7 agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--

This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC.  OpenSSL for Cygwin uses only a quite
similar one.  gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 13:10:29 +02:00
Werner Koch
27e403bff7 Silence deprecated warnings from gcc 4.6.3.
* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--

Frankly, I don't understand why gcc prints them.  We don't use them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 12:59:56 +02:00
Werner Koch
9b8518ffc9 estream: Backport es_fopemem_init from master.
* common/estream.c (es_fopenmem_init): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-03 09:30:22 +02:00
Werner Koch
a1398844ad Update NEWS.
--
2013-07-01 20:49:50 +02:00
Werner Koch
e065969018 ssh: Mark unused arg.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to
void.
2013-07-01 20:34:55 +02:00
Werner Koch
b4cb20cfc3 ssh: Support ECDSA keys.
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.

* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.

* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--

The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation.  I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.

Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward.  And yes, the data structures are way too
complicated.

(cherry picked from commit 649b31c663b8674bc874b4ef283d714a13dc8cfe)

Solved conflicts:

	agent/protect.c
	agent/t-protect.c
        common/ssh-utils.c (different variabale name)
2013-07-01 20:31:16 +02:00
Werner Koch
4b4df62eaf estream: New function es_fclose_snatch.
* common/estream.c (cookie_ioctl_function_t): New type.
(es_fclose_snatch): New function.
(COOKIE_IOCTL_SNATCH_BUFFER): New constant.
(struct estream_internal): Add field FUNC_IOCTL.
(es_initialize): Clear FUNC_IOCTL.
(es_func_mem_ioctl): New function.
(es_fopenmem): Init FUNC_IOCTL.
--

(back ported from commit id 7737a2c269657189a583cde7f214f20871d264f8)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-07-01 20:31:14 +02:00
Werner Koch
cf7f930327 ssh: Rewrite a function for better maintainability
* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
--

Using es_fopenmem instead of a preallocated buffer is safer and easier
to read.
(cherry picked from commit f76a0312c3794afd81fe1e172df15eb0612deae0)
2013-07-01 20:31:12 +02:00
Werner Koch
9011625791 ssh: Improve key lookup for many keys.
* agent/command-ssh.c: Remove dirent.h.
(control_file_s): Add struct item.
(rewind_control_file): New.
(search_control_file): Factor code out to ...
(read_control_file_item): New.
(ssh_handler_request_identities): Change to iterate over entries in
sshcontrol.
--

Formerly we scanned the private key directory for matches of entries
in sshcontrol.  This patch changes it to scan the sshcontrol file and
thus considers only keys configured there.  The rationale for this is
that it is common to have only a few ssh keys but many private keys.
Even if that assumption does not hold true, the scanning of the
sshcontrol file is faster than reading the directory and only then
scanning the ssh control for each directory entry.

(cherry picked from commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f)
2013-07-01 20:31:11 +02:00
Werner Koch
336112e519 ssh: Cleanup sshcontrol file access code.
* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
the direct use of the string.
(struct control_file_s, control_file_t): New.
(open_control_file, close_control_file): New.  Use them instead of
using fopen/fclose directly.
--

(cherry picked from commit 25fb53ab4ae7e1c098500229c776d29b82713a20)

Fixed conflicts in some variabale names.
2013-07-01 20:31:07 +02:00
Werner Koch
fc7d033d8e ssh: Do not look for a card based ssh key if scdaemon is disabled.
* agent/command-ssh.c (ssh_handler_request_identities): Do not call
card_key_available if the scdaemon is disabled.
--

(back ported from commit id 781e9746dff21fc2721373205e63d1d09722d590)
2013-07-01 20:30:56 +02:00
Werner Koch
7ce72c97bf ssh: Make the mode extension "x" portable by a call to es_fopen.
* agent/command-ssh.c (open_control_file): Use_es_fopen to support
the "wx" mode flag.

--

This also patch also specifies a file mode parameter.  However, this
will only be used with an updated version of es_stream which we have
not yet done.
2013-07-01 20:30:30 +02:00
Werner Koch
8ddf604659 Fix syntax error for building on APPLE.
* scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
--

For W32 and probably for Cygwin we don't need the wrapper, thus the
problems does not exhibit itself.
2013-05-11 21:46:43 +02:00
Werner Koch
9b8760233f Post release version bump.
--
2013-05-10 18:30:30 +02:00
Werner Koch
11ce4c79bb Release 2.0.20 gnupg-2.0.20 2013-05-10 15:54:31 +02:00
Werner Koch
45451565b9 po: Auto updates
--
2013-05-10 15:48:40 +02:00
Werner Koch
3f79a0b4b4 Update gpg-error, libgcrypt, and ksba m4 scripts.
* m4/gpg-error.m4: Update from libgpg-error repo.
* m4/ksba.m4: Likewise.
* m4/libgcrypt.m4: Likewise.
--

GnuPG-bug-id: 1496.
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-10 15:33:04 +02:00
Yuri Chornoivan
0a9a4a38df Update Ukrainian translation. 2013-05-10 15:02:45 +02:00
Werner Koch
e877f9ee12 Note: Wrong author in previous commit 049b3d9.
--

Magit keeps the author and date from the last commit unless reset with
a c-t.  Time for Jim's git-log-fix.
2013-05-07 21:57:56 +02:00
Ian Abbott
049b3d9ca0 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-07 21:17:04 +02:00
Ian Abbott
4d67f59a33 doc: fix some Texinfo warnings.
* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)
2013-05-07 21:10:37 +02:00
Jedi
42c44e9ccd Fix a typo and a wrong code indentation.
--

Reported-by: NIIBE Yutaka <gniibe@fsij.org>
2013-04-25 09:33:33 +02:00
Jedi
6ac7a80c48 Update Traditional Chinese translation.
--

Kudos to Jedi for this really fast update (wk).
2013-04-24 16:07:53 +02:00
Jedi
7986eb454e Point to copies in the master branch for some doc file.
--
2013-04-24 13:02:38 +02:00
Jedi
e94aee4b77 Update helper scripts.
* compile, config.guess, config.rpath, config.sub, depcomp,
* install-sh, mdate-sh, mkinstalldirs: Update to Feb 25 versions from
gnulib.
2013-04-24 12:50:28 +02:00
Jedi
bfbd0cb9ff Update Traditional Chinese translation.
--

Original translation date was 2012-05-13.  Some fuzzies fixed by wk.
2013-04-24 12:39:48 +02:00
Joe Hansen
de61e33e4a Update Danish translation
* po/da.po: Update.
2013-04-24 12:39:47 +02:00
Jaime Suarez
e4fea6f8ae Update Spanish translation. 2013-04-24 12:39:47 +02:00
Werner Koch
3c008a4d0f Run an update-po.
--
2013-04-24 12:39:47 +02:00
Werner Koch
798b4b3d3f Update de.po and fr.po for keypad->pinpad change. 2013-04-24 12:39:46 +02:00
NIIBE Yutaka
145d672fbf scd: Add pinpad support for REINER SCT cyberJack go
* scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New.
(ccid_transceive_secure): Handle the case for VENDOR_REINER.
Original work was by Alina Friedrichsen (tiny change).
--
This is revised version which adapts changes of ccid-driver.
2013-04-24 08:36:31 +09:00
Werner Koch
40ca0022a7 w32: Almost everywhere include winsock2.h before windows.h.
--

This is required by newer mingw toolchain versions which demand that
winsock2.h is included before windows.h.  Now, due to the use of
socket definitions in pth.h we need to include winsock2.h also in
pth.h, now pth.h is often included after an include of windows.h and
thus the compiler spits out a warning.  To avoid that we include
winsock2.h at all places the compiler complains about.
2013-04-23 18:06:46 +02:00
Werner Koch
a557a74615 Allow building gpgkeys_ldap with the 32 bit mingw-w64 toolchain.
* keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro
depending on compiler version.
(main): Use new macro.
--

It seems that the LDAP keyserver helper if build with the old mingw32
toolchain never worked correctly for LDAPS.  The prototype there for
ldap_start_tls_s is plainly wrong for Windows.  However, the fix here
has special support so not to break building with the old compiler.
2013-04-23 17:04:56 +02:00
Werner Koch
d6e37554d2 Update NEWS and README
--
2013-04-22 20:29:44 +02:00
Werner Koch
44ded889e7 Fix bashism in autogen.sh.
--

The use of options for cp is not required.  Probably c+p cruft.
2013-04-22 20:28:55 +02:00
Werner Koch
abbee36cff Try to use w64 toolchain for --build-w32.
--
2013-04-22 20:27:44 +02:00
Werner Koch
3402a84720 Fix potential heap corruption in "gpg -v --version".
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>

(cherry picked from commit e33e74e3a4b2b4a0341f933410ddd5db7a12515e)

Note that this version uses utf8_charcount to get the indentation
mostly right.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 20:25:35 +02:00
Werner Koch
7db5c81e3a Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
2013-04-22 19:59:34 +02:00
Werner Koch
a206c9ee6e Adjust git-log-fix for cherry-picked commits.
--
2013-04-22 19:58:11 +02:00
Werner Koch
18ae751f28 Switch to the new automagic beta numbering scheme.
* configure.ac: Add all the required m4 magic.
--

This also removes the hack to allow custom version numbers which are
not considered a development version.  A custom version number can be
done anyway by simply setting the version to it and tag the release
with it.

This is a backport from master including the later patch to use
rev-parse.
2013-04-22 17:49:53 +02:00
Werner Koch
681338bfd3 Update docs from master.
* doc/gpg-agent.texi: Update from master.
* doc/gpg.texi: Ditto.
* doc/gpgsm.texi: Ditto.
* doc/gpl.texi: Ditto.
* doc/yat2m.c: Ditto.
--

(updated from commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c)
2013-04-22 17:29:57 +02:00
Werner Koch
e24e92d7e2 Ignore obsolete option --disable-keypad.
* scd/scdaemon.c (opts): Ignore --disable-keypad.
--

The renaming of --disable-keypad to --disable-pinpad might mess up
configuration files managed with a GUI.  The GUI does not not anymore
know about the old option and would allow the user to switch
"disable-pinpad" on.  However, a "disable-keypad" might still linger
in the conf file with gpgconf not knowing about it.  Thus the conf
file would always be rejected and manual intervention would be
required.  Ignoring the old option nicely solves the problem.
2013-04-22 15:19:38 +02:00
Werner Koch
54c54e2824 Allow marking options as ignored.
* jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
(ARGPARSE_TYPE_MASK): New, for internal use.
(ARGPARSE_ignore): New.
* jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
constants by macros.
(optfile_parse): Implement ARGPARSE_OPT_IGNORE.
(arg_parse): Exclide ignore options from --dump-options.
--

In addition to the ignore-invalid-option (commit 8ea49cf5) it is often
useful to mark options in a configuration which as NOP.  For example
options which have no more function at all but can be expected to be
found in existing conf files.  Such an option (or command) may now be
given as

  ARGPARSE_ignore (300, "obsolete-option")

The 300 is merely used as a non-valid single option name much like
group names or the 500+n values used for long options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 15:03:34 +02:00
Werner Koch
da0925973e Do not mix test result with progress lines.
This makes parsing of the results easier.  Fixes bug#1400.

* tests/openpgp/defs.inc (progress_cancel, progress_end)
(progress_new): New.
* tests/openpgp/conventional-mdc.test: Use progress functions
* tests/openpgp/conventional.test: Ditto.
* tests/openpgp/encrypt-dsa.test: Ditto.
* tests/openpgp/encrypt.test: Ditto.
* tests/openpgp/sigs.test: Ditto.
--
The new output style is now:

      > MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 <
  PASS: sigs.test

or if the test fails:

      > MD5 SHA1
  sigs.test: ooops
  FAIL: sigs.test

(cherry picked from commit f1e1387bee286c7434f0462185048872bcdb4484)
2013-04-22 09:30:47 +02:00
NIIBE Yutaka
79d7e1d86b scd: move SCDaemon to libexecdir.
* common/homedir.c (gnupg_module_name): It's now libexecdir.
* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
(bin_PROGRAMS): Remove scdaemon.
2013-04-01 11:42:11 +09:00