* tests/gpgscm/ffi.c (ffi_init): Undefine 'open' so it does not get
expanded to 'open64' in the ffi_define_function macro.
--
GnuPG-bug-id: 7632
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
[[PGP Signed Part:No public key for 4893CA2AF4416CED created at 2025-04-16T23:13:02+0200 using EDDSA]]
--
Signed-off-by: Mattia Narducci <mattianarducci1@gmail.com>
* sm/verify.c (gpgsm_verify): Always print info that a certs-only
message has been processed.
--
Prior to this patch the message was only printed if no data file has
been given.
Reported-by: Albrecht Dreß
* g10/getkey.c (get_pubkey_for_sig): Keep a requested
PUBKEY_USAGE_CERT.
(finish_lookup): For correctness in future use cases allow
PUBKEY_USAGE_CERT to also trigger verify mode.
--
The case here was that a cert-only primary key was removed with
export-clean.
GnuPG-bug-id: 7583
* common/recsel.c (recsel_select): Change processing of NULL values.
* common/t-recsel.c (run_test_2): Adjust for this change. Also a type
fix for s/"letter"/"letters"/.
--
The getval function may return NULL which indicates that there is no
useful value available. For example because the propertyname is not
defined for some external context (e.g. in gpg the packet type). This
also required to fix the test for boolean tests of a non existing
property name.
Reported-by: shniubobo at gnupg-users on 2025-04-18.
* g10/gpg.c: Include recsel.h.
(debug_flags): New flag "recsel".
(set_debug): Set it.
* g10/options.h (DBG_RECSEL_VALUE, DBG_RECSEL): New.
* g10/import.c (impex_filter_getval): Add debug diagnostics.
* g10/keylist.c (parse_and_set_list_filter): Dump the record filter.
* common/recsel.c (recsel_debug): New variable.
(recsel_set_debug): New function.
(recsel_select): Add debug output if requested.
* common/ksba-io-support.c (has_only_base64): Use memchr since calling
strchr on a non-NUL terminated string is undefined behavior.
--
Signed-off-by: Collin Funk <collin.funk1@gmail.com>
This patch has been stripped from Colin's original patch because this
is not just about a warning but an actual bug. That bug was
introduced in 2003 by me. - wk
* g10/gpg.c (aQuickTSignKey): New.
(opts): Add new command.
(main): Parse args for it.
* g10/keyedit.c: Include mbox-util.h.
(parse_trustsig_string): New.
(sign_uids): Add arg trustsig for use in quick mode.
(keyedit_quick_sign): Also add arg trustsig and print a diagnostic on
error.
* scd/app-p15.c (read_ef_tokeninfo): Allow for a zero length label.
--
Some versions of the CardOS personalisation software seem to store a
missing labels as zero-length object instead of not storing the object
at all.
Due to a lack of such a card this patch has not been tested.
* tests/gpgscm/opdefines.h: Change the order of arguments.
* tests/gpgscm/scheme-private.h (_OP_DEF): OP comes first, and use
variadic args for the macro.
* tests/gpgscm/scheme.c (_OP_DEF): Likewise.
(TST_*): Use integers.
(check_arguments): Follow the change of TST_LIST.
--
GnuPG-bug-id: 7623
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* kbx/backend-sqlite.c (run_select_statement): Convert with
ascii_strlwr when the mode is KEYDB_SEARCH_MODE_MAIL.
--
GnuPG-bug-id: 7576
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* sm/certlist.c (gpgsm_add_to_certlist): Track expired error. Make
the expired check easier to read by using if and case.
--
Original ChangeLog:
If all selected certificates are expired, don't mislead the user
saying that no certificate was found. Instead, return the error
of the first certificate selected.
* sm/certlist.c: if one expired certificate was found, don't return
no certificate found, return instead the expiration error
I heavily changed Ramon's original patch and hope that I don't
introduced a regression to his patch. - wk@gnupg.org
* sm/certchain.c (check_validity_period_cm): Add arg no_log_expired to
avoid bumping of the error counter due to the do_list function.
* sm/certlist.c (gpgsm_add_to_certlist): Set no_log_expired when
checking the expiration.
--
I modified the original patch to make the patch smaller and the code
easier to read. - wk@gnupg.org
* sm/certchain.c (check_validity_period_cm): Make function global.
* sm/certlist.c (gpgsm_add_to_certlist): If an expired certificate is
found, continue looking for another one.
--
This enables the user to select a certificate by subject, and keep
old expired certificates in the store in case he wishes to decrypt
or verify an old file. This makes renewal of certificate smoother.
Due to a broken patch I had to massage the patch and while doing this
also fixed the indentation and moved a declaration to the begin of a
block. - wk@gnupg.org
* agent/command.c (cmd_learn): Allow for s/n argument.
* agent/learncard.c (agent_handle_learn): Ditto.
* agent/call-scd.c (agent_card_learn): Ditto. Pass it on to scd.
* scd/command.c (cmd_switchcard): Factor most code out to ...
(switchcard_core): new.
(cmd_learn): Add option --demand to specify a s/n.
* sm/gpgsm.c (main): Allow a s/n argument for --learn-card.
--
This help Kleopatra to get a stable certificate listing.
GnuPG-bug-id: 7379
* scd/scdaemon.c (handle_connections) [W32]: Do not continue the loop
when an event was encountered.
--
Here the event handle is passed to npth_eselect so that this function
can detect the event and reset the event. There is no need to consume
this information here. However, npth_select might also got a ready
file descriptor along with the event and by doing a "continue" we
would miss the ready state of the file descriptor. The fix is to do
nothing here, similar to what we do in gpg-agent.
Fixes-commit: f9acc7d18bb90f47dafe7e32ae92f567756d6b12
GnuPG-bug-id: 2982
* g10/sig-check.c (check_signature_over_key_or_uid): Do not free in
no-sig-cache mode if allocated by caller.
--
GnuPG-bug-id: 7547
Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
* common/recsel.c (struct recsel_expr_s): Add field lefta.
(recsel_parse_expr): Parse it.
(recsel_select): Implement selection.
--
This flags makes it for example easy to select keys last updated from
an ldap server:
gpg --list-filter 'select=origin=ks && -^ url =~ ldap' \
-k --with-key-origin
* tools/gpg-card.c (cmd_list): Add optional ar use_opt_cards.
(enum cmdids): Add cmdLISTCARDS.
(cmds): New command "ll".
(interactive_loop): Ditto.
--
Using "l --cards" is a command required very often thus it makes sense
to have an alias for it. ll also allows to switch the card without
showing the long listing.
* g10/packet.h (PUBKEY_USAGE_VERIFY): New.
* g10/getkey.c (get_pubkey_for_sig): Pass new flag also to requested
usage.
(finish_lookup): Introduce a verify_mode.
--
Fixes-commit: 48978ccb4e20866472ef18436a32744350a65158
GnuPG-bug-id: 7547
* dirmngr/dirmngr.c (initialize_modules): New.
(thread_init): Run npth_init only once. Re-init Libassuan and
Libgcrypt syscall clamps. Replace all calls by calls to
initialize_modules.
--
GnuPG-bug-id: 6606
* agent/gpg-agent.c (start_connection_thread_std): Close socket on
nonce mismatch.
(start_connection_thread_extra): Ditto.
(start_connection_thread_browser): Ditto.
(start_connection_thread_ssh): Ditto.
* dirmngr/dirmngr.c (start_connection_thread): Ditto.
* kbx/keyboxd.c (start_connection_thread): Ditto.
--
Usually Libassuan takes care of closing the socket but because we do
the nonce check before setting up Assuan we need to explicit close
it.
GnuPG-bug-id: 7434
