security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-04 22:57:47 +02:00
Code Activity
6396f8d115
gnupg/g10
History
Werner Koch 2b7151b0a5
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. 
* g10/gpg.c (main): Change default.
--

Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures.  That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.

To revert to the old behavior add

  keyserver-optiions  no-self-sigs-only,no-import-clean

to gpg.conf.

GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 23c9786408)
2019-07-04 15:59:14 +02:00
..
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:24:35 +09:00
build-packet.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:28:11 +02:00
call-agent.c card: Display if KDF is enabled or not. 2018-12-06 17:05:03 +09:00
call-agent.h card: Display if KDF is enabled or not. 2018-12-06 17:05:03 +09:00
call-dirmngr.c dirmngr: Emit SOURCE status also on NO_DATA. 2018-11-05 09:13:39 +01:00
call-dirmngr.h gpg: Store key origin info for new DANE and WKD retrieved keys. 2017-07-24 20:09:52 +02:00
card-util.c scd: Make "learn" report about KDF data object. 2018-12-06 17:11:55 +09:00
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
cipher.c gpg: Remove MDC options 2018-05-31 12:08:22 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c spelling: Fix "synchronize" 2019-06-23 20:17:47 -04:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c gpg,sm: String changes for compliance diagnostics. 2017-07-28 17:46:43 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:42:42 +02:00
dek.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
delkey.c gpg: Allow deletion of subkeys with --delete-[secret-]key. 2019-05-27 11:41:35 +02:00
distsigkey.gpg build: Update distsigkey.gpg 2017-11-22 20:54:47 +01:00
ecdh.c g10: Fix symmetric cipher algo constant for ECDH. 2019-03-27 12:29:45 +01:00
encrypt.c gpg: Remove MDC options 2018-05-31 12:08:22 +02:00
exec.c gpg: Improve the photo image viewer selection. 2019-05-17 12:46:16 +02:00
exec.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
export.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 15:14:30 +02:00
filter.h gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
free-packet.c gpg: Fix possible double free of the card serialno. 2017-07-21 17:49:10 +02:00
getkey.c gpg: Avoid printing false AKL error message. 2019-07-04 15:22:00 +02:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: Add "self-sigs-only" and "import-clean" to the keyserver options. 2019-07-04 15:59:14 +02:00
gpg.h gpg: Fix build on Windows. 2018-03-08 14:08:51 +09:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgcompose.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 15:14:30 +02:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c gpg: Print revocation reason for "rev" records. 2018-07-03 11:56:18 +02:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Fallback to import with self-sigs-only on too large keyblocks. 2019-07-02 09:25:21 +02:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-18 13:16:35 +01:00
key-check.c gpg: Improve import's repair-key duplicate signature detection. 2018-06-07 18:43:17 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Remove multiple subkey bindings during export-clean. 2018-07-09 12:07:24 +02:00
key-clean.h gpg: Let export-clean remove expired subkeys. 2018-07-09 10:25:06 +02:00
keydb.c gpg: Do not bail on an invalid packet in the local keyring. 2019-05-21 17:40:41 +02:00
keydb.h gpg: New command --locate-external-key. 2019-07-04 15:14:43 +02:00
keyedit.c gpg: Make the get_pubkey_byname interface easier to understand. 2019-07-04 15:14:30 +02:00
keyedit.h gpg: During secret key import print "sec" instead of "pub". 2019-03-18 13:13:14 +01:00
keygen.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:28:11 +02:00
keyid.c gpg: Improve error message about failed keygrip computation. 2018-12-05 08:13:16 +01:00
keylist.c gpg: New command --locate-external-key. 2019-07-04 15:14:43 +02:00
keyring.c gpg: Do not bail out on v5 keys in the local keyring. 2019-03-18 14:10:16 +01:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg: Pass key origin values to import functions. 2017-07-13 18:29:01 +02:00
keyserver.c gpg: Do not print a hint to use the deprecated --keyserver option. 2019-05-14 07:57:07 +02:00
main.h gpg: New command --locate-external-key. 2019-07-04 15:14:43 +02:00
mainproc.c g10/mainproc: disable hash contexts when --skip-verify is used 2018-12-05 08:26:09 +01:00
Makefile.am gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
misc.c gpg: Allow generating Ed25519 key from an existing key. 2019-01-30 11:29:06 +01:00
openfile.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
options.h gpg: New import and keyserver option "self-sigs-only" 2019-07-01 15:23:23 +02:00
packet.h gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:28:11 +02:00
parse-packet.c gpg: Do not allow creation of user ids larger than our parser allows. 2019-05-21 16:28:11 +02:00
passphrase.c gpg: Extend the "sig" record in --list-mode. 2018-04-12 17:53:17 +02:00
photoid.c gpg: Improve the photo image viewer selection. 2019-05-17 12:46:16 +02:00
photoid.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
pkclist.c gpg: New command --locate-external-key. 2019-07-04 15:14:43 +02:00
pkglue.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pkglue.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
plaintext.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:42:42 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg,sm: Error out on compliance mismatch while decrypting. 2017-08-01 08:41:47 +02:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: Extend the "sig" record in --list-mode. 2018-04-12 17:53:17 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c Spelling fixes in docs and comments. 2017-04-28 10:06:33 +09:00
sig-check.c gpg: Fix extra check for sign usage of a data signature. 2018-10-22 19:27:24 +02:00
sign.c gpg: Change update_keysig_packet to replace SHA-1 by SHA-256. 2019-05-13 19:29:34 +02:00
skclist.c g10: Fix default-key selection for signing, possibly by card. 2017-05-22 09:27:36 +09:00
t-keydb-get-keyblock.c gpg: Fix actual leak and possible leaks in the packet parser. 2017-03-30 16:01:52 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
tdbio.c gpg: Don't take the a TOFU trust model from the trustdb, 2018-11-05 09:17:03 +01:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c gpg: Print revocation reason for "rev" records. 2018-07-03 11:56:18 +02:00
test.c tests: Locate resources and scripts relative to top source dir. 2017-04-24 14:14:05 +02:00
textfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
tofu.c gpg: Fixed i18n markup of some strings. 2019-05-27 12:52:58 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
trustdb.c gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-09 10:24:37 +02:00
verify.c Spelling fixes in docs and comments. 2017-04-28 10:06:33 +09:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00