1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

10362 Commits

Author SHA1 Message Date
Werner Koch
7bdaf56479
Release 2.4.7 gnupg-2.4.7 2024-11-25 11:48:46 +01:00
Werner Koch
b6e1c77b5d
po: msgmerge for release
--
2024-11-25 11:47:03 +01:00
NIIBE Yutaka
7c378e0be7
gpg: Fix modifying signature data by pk_verify for Ed25519.
* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.

--

GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Also avoid clearing the error by the S code of a failed mpi_print of
R.

Signed-off-by: Werner Koch <wk@gnupg.org>
2024-11-25 11:10:25 +01:00
Werner Koch
72c5f7b0f7
common: Change daemon startup timeout from 5 to 8 seconds.
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--

Experience on Windows showed that right after re-booting we may need
some more time to get things up.
2024-11-25 10:53:14 +01:00
Werner Koch
8e9769337f
gpg: Fix comparing ed448 vs ed25519 with --assert-pubkey-algo.
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--

GnuPG-bug-id: 7425
2024-11-22 16:57:49 +01:00
Werner Koch
98b2b35e5c
doc: Explain that qualified.txt is a legacy method.
--
2024-11-22 13:46:40 +01:00
NIIBE Yutaka
7b57539cf2
scd: No hard lock-up when apdu_connect never returns.
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.

--

GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-18 08:58:35 +01:00
Werner Koch
269d1ea10c
gpgconf: Include a minimal secure version in the --query-swdb output.
* tools/gpgconf.c (query_swdb): Parse the new minver tag.
2024-11-18 08:58:32 +01:00
NIIBE Yutaka
b2e3f5770f
scd: Fix a memory leak.
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-13 10:42:05 +01:00
NIIBE Yutaka
1e28c55e11
scd: Fix resource leaks on error paths.
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-13 10:41:51 +01:00
NIIBE Yutaka
e4d9fe0556
agent: Fix resource leak for PRIMARY_CTX.
* agent/call-daemon.c (wait_child_thread): Call assuan_release for
PRIMARY_CTX when it's kept for reuse.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-13 10:39:49 +01:00
Werner Koch
e6232c995f
gpgconf: Show also the used nPth version with -V
* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.
--

Note that this requires nPth 1.8
2024-11-12 14:01:30 +01:00
Werner Koch
c8a7e8d253
gpg-mail-tube: Fix content type for an attached non-plaintext.
* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
attached message.
--

We can't use message/rfc822 if we encrypt this message as a simple PGP
file.
2024-11-12 14:01:27 +01:00
NIIBE Yutaka
f9a4d6408b
scd: Clean up app_send_active_apps and app_send_card_list.
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-12 14:01:21 +01:00
Werner Koch
d97d911502
Update NEWS
--
2024-11-08 09:04:38 +01:00
NIIBE Yutaka
73c211889b
scd: Fix getinfo active_apps.
* scd/app.c (send_card_and_app_list): Avoid locking recursively.

--

Fixes-commit: 25a140542a9186a27b7df9cd3ca3d478b59cbf1b
GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-08 08:49:59 +01:00
NIIBE Yutaka
394a6feb22
scd: Serialize CARD access for send_card_and_app_list.
* scd/app.c (send_card_and_app_list): Lock the CARD.

--

GnuPG-bug-id: 7323
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-08 08:49:57 +01:00
Werner Koch
b30e0164de
po: Align German trustlist question to what we use in Kleopatra.
--

This replaces our long standing wedding style prompt to something more
straight.
2024-11-08 08:49:41 +01:00
Werner Koch
aa1d4804ae
gpg: Do not fail with an error for a "Note:" diagnostic
* g10/trustdb.c (validate_keys): Use log_info instead of log_error for
not found or expired UTKs.
--

Actually the not-found case used log_error for decades.  The
semantically simialr expired case did thus the same.  The actual
problem is for example in the import case where gpg exits with a
failure despite that a key validation was requested.

GnuPG-bug-id: 7351
2024-11-08 08:46:47 +01:00
Werner Koch
5f9975abf5
gpgsm: Possible improvement for some rare P12 files.
* sm/minip12.c (parse_shrouded_key_bag): Increase size of salt buffer.
--

Reported on the mailing list.  The change does not seem to have a big
regression risk, thus applied.  See below for the mail

# ------------------------ >8 ------------------------
https://lists.gnupg.org/pipermail/gnupg-users/2024-September/067312.html
2024-11-08 08:44:02 +01:00
Werner Koch
3af8731bbb
gpgconf: Add list flag to trusted-key et al.
* tools/gpgconf-comp.c (known_options_gpg): Add list flag to sume
options.
--

GnuPG-bug-id: 7313
2024-11-08 08:43:48 +01:00
NIIBE Yutaka
6022f10da3
gpg: Robust error handling for SCD READKEY.
* g10/keygen.c (ask_algo): List the card key only when it's valid.

--

GnuPG-bug-id: 7309
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-11-08 08:42:03 +01:00
Werner Koch
99069e9f6b
gpg-mail-type: Assume text/plain for missing content-type.
* tools/gpg-mail-tube.c (mail_tube_encrypt): Rename var ct_text for
clarity.  Replace debug diagnostic by log_info. Assume text/plain for
missing content-type.
--

Without this fix we would create message/rfc822 attachment instead of
a text/plain attachment with the encrypted body.
2024-11-07 15:13:07 +01:00
Werner Koch
0daad02dc0
gpg-mail-tube: New feature --as-attach.
* tools/gpg-mail-tube.c (oAsAttach): NEw.
(opts): Add --as-attach.
(opt): Add .as_attach.
(parse_arguments): Set it.
(mail_tube_encrypt): Detect plain text and hhandle new option.
2024-11-07 15:12:50 +01:00
Werner Koch
f658bbd688
gpgtar: Make sure to create upper directories for regular files.
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.

* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--

If tarball was created with
    tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.

GnuPG-bug-id: 7380

The second patch avoid a wrong exist status status line due to the use
of log_error.  But the actual cause needs stuill needs tobe
investigated.
2024-11-07 15:12:11 +01:00
Werner Koch
794950ec75
gpg: Allow the use of an ADSK subkey as ADSK subkey.
* g10/packet.h (PKT_public_key): Increased size of req_usage to 16.
* g10/getkey.c (key_byname): Set allow_adsk in the context if ir was
requested via req_usage.
(finish_lookup): Allow RENC usage matching.
* g10/keyedit.c (append_adsk_to_key): Adjust the assert.
* g10/keygen.c (prepare_adsk): Also allow to find an RENC subkey.
--

If an ADSK is to be added it may happen that an ADSK subkey is found
first and this should then be used even that it does not have the E
usage.  However, it used to have that E usage when it was added.

While testing this I found another pecularity: If you do
  gpg -k ADSK_SUBKEY_FPR
without the '!' suffix and no corresponding encryption subkey is dound,
you will get an unusabe key error.  I hesitate to fix that due to
possible side-effects.

GnuPG-bug-id: 6882
2024-10-31 15:13:49 +01:00
NIIBE Yutaka
c0cb0175c9
scd: Add <unistd.h> for read(2) / write(2) .
* scd/app.c: Include <unistd.h>.

--

Reported-by: David Bohman
GnuPG-bug-id: 7193
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 1d5cfa9b7fd22e1c46eeed5fa9fed2af6f81d34f)
2024-10-30 09:55:37 +01:00
Werner Koch
fbcdee805c
Post release updates
--
2024-10-29 14:46:35 +01:00
Werner Koch
5340576c08
Release 2.4.6 gnupg-2.4.6 2024-10-29 13:50:39 +01:00
Ingo Klöcker
f355f3f381
gpg: Fix --quick-set-expire for V5 subkey fingerprints
* g10/keyedit.c (keyedit_quick_set_expire): Use actual size of
fingerprint.
--

The size of the fingerprints is either 20 (V4) or 32 (V5). Using the
actual size of the fingerprints fixes the lookup of subkeys with V5
fingerprint.

GnuPG-bug-id: 7298
(cherry picked from commit 79298e87d8436bf0b0bd07c2c1513d10a7eb5823)
2024-10-29 13:11:47 +01:00
NIIBE Yutaka
2ae017a25f
common: Fix a race condition in creating socketdir.
* common/homedir.c (_gnupg_socketdir_internal): Check return code
of gnupg_mkdir and handle the case of GPG_ERR_EEXIST.

--

GnuPG-bug-id: 7332
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 71840b57f48680b7555451a29026d9c6de4fe2bc)
2024-10-29 12:27:30 +01:00
Werner Koch
4728d7f0df
po: Update German translation
--
2024-10-15 13:41:34 +02:00
Werner Koch
afe87ffc08
speedo: Enable additional runtime protections on Windows.
* build-aux/speedo.mk (speedo_w32_cflags): Remove -mms-bitfields
because it is for a long time the gcc default.  Enable control flow
protection.
--

Note that due to mingw static linking problems with libssp the stack
protector is not yet enabled.
2024-10-15 13:24:57 +02:00
Werner Koch
a8b503c42b
gpg: Emit status error for an invalid ADSK.
* g10/keygen.c (prepare_adsk): Emit status error.
--

This is useful for GPGME.

GnuPG-bug-id: 7322
2024-10-07 08:25:56 +02:00
Werner Koch
8b4ad616de
gpg: Exclude expired trusted keys from the key validation process.
* g10/trustdb.c (copy_key_item): New.
(validate_keys): Use a stripped down UTK list w/o expired keys.
--

This patch makes sure that an expired trusted key is not used for
trust computation.  The test case is to delete a trusted key from the
keyring, import a copy of that key which has already expired, check
that a signed key is not anymore fully trusted and finally import a
prolonged version of the trusted key and check that the signed key is
now again fully trusted.

GnuPG-bug-id: 7200
2024-09-25 15:26:26 +02:00
Werner Koch
ceec31751c
gpg: Validate the trustdb after the import of a trusted key.
* g10/import.c (import_one_real): Rename non_self to non_self_or_utk.
If not set after chk_self_sigs check whether the imported key is an
ultimately trusted key.
--

The revalidation mark was only set if the imported key had a new key
signature.  This is in general correct but not if the imported key is
a trusted key.

GnuPG-bug-id: 7200
2024-09-25 15:26:25 +02:00
Werner Koch
ce54266d66
gpg: Remove useless variable in validate_keys.
* g10/trustdb.c (store_validation_status): Remove arg  'stored'.
(validate_keys): Remove keyhashtable 'stored' which was never used.
--

This has been here since 2003.  The variable was never evaluated -
only stored.

Also added some comments.
2024-09-25 15:26:24 +02:00
NIIBE Yutaka
26d171d36d
po: Update Japanese Translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-25 14:13:29 +09:00
Werner Koch
03459618c5
w32: Fix last commit to build on Windows.
* scd/app.c (struct mrsw_lock): Move notify_watchers out of the system
specific condition.
--

Fixes-commit: c98385d311ca37e1863d0e42ebf7bbc6b68efe35
2024-09-20 14:05:56 +02:00
NIIBE Yutaka
c98385d311
scd: Fix DEVINFO, allowing no clients which watch the change.
* scd/app.c [POSIX] (struct mrsw_lock): Add notify_watchers.
(card_list_signal): Only when watchers wait, kick by write(2).
(card_list_wait): Increment/decrement notify_watchers field.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-20 12:07:45 +02:00
Werner Koch
f1e42cdf53
doc: Update NEWS
--
2024-09-19 16:32:41 +02:00
Werner Koch
94a7a67473
speedo: Make use of wget more robust
* build-aux/getswdb.sh: Add option --wgetopt.
* build-aux/speedo.mk (WGETOPT): New.
(getswdb_options): Pass to getswdb.
(unpack): Use wget with new options.
2024-09-19 16:32:40 +02:00
Werner Koch
f6858322a3
po: Update German translation
--
2024-09-19 15:43:38 +02:00
Werner Koch
cc30ceee5c
po: Updated one string of the Portuguese translation
--

Taken from master
2024-09-19 15:43:22 +02:00
Werner Koch
ed5edb4315
speedo: Add ntbtls to the wixlib
--
2024-09-19 15:16:12 +02:00
Werner Koch
15aea30de0
speedo: Update to be more aligned with the version in master
--
2024-09-19 14:21:47 +02:00
Werner Koch
35d80ebd78
doc: Add support for generating HTML versions of the man pages.
* doc/Makefile.am (yat2m-stamp): Also call yat2m with --html options.
* doc/yat2m.c (main): Add dummy options.
--

Note that the generated html versions of the man pages will only be
correct if the external yat2m tool is installed - at least for the
maintainers of the website this will be the case.
2024-09-19 14:00:32 +02:00
NIIBE Yutaka
a698adbb53
kbx: Fix a race condition on DATABASE_HD.
* kbx/backend-sqlite.c (create_or_open_database): Protect
the access to DATABASE_HD.

--

GnuPG-bug-id: 7294
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:28 +02:00
NIIBE Yutaka
32476f870d
scd: Fix DEVINFO to allow multiple clients.
* scd/app.c (initialize_module_command): Use O_NONBLOCK for pipe.

--

GnuPG-bug-id: 7151
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-09-19 13:24:22 +02:00
Werner Koch
e76bac2ef2
build: Fix make distclean for gnupg.7.html
--
2024-09-19 13:21:15 +02:00