6 years agoagent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
Werner Koch [Mon, 10 Dec 2012 13:45:26 +0000 (14:45 +0100)]
agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"

* agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
an invoked process.

This environment variable is useful for debugging if
--use-standard-socket is used (which is the default since 2.1).
Commonly you should have this in your init script (e.g. ~/.bashrc):

    unset GPG_AGENT_INFO
    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK

The problem is that gpg-agent won't be able to override the
SSH_AUTH_SOCK envvar if gpg-agent has been invoked as

  gpg-agent --enable-ssh-support --daemon /bin/bash

To fix this you should instead use this code in the init script:

  if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

This will work in all cases and thus allows to start gpg-agent for
testing purposes with a different homedir and use this gpg-agent as an
ssh-agent.  Example:

  GNUPGHOME=$(pwd) gpg-agent --enable-ssh-support --daemon /bin/bash

gnupg_SSH_AUTH_SOCK_by is set to the PID of the exec-ed process and
thus will work safely if called recursively.

6 years agoconfig: Update npth.m4.
Werner Koch [Mon, 10 Dec 2012 08:40:40 +0000 (09:40 +0100)]
config: Update npth.m4.

* m4/npth.m4: Take from current npth master.

6 years agoRevert SCD changes of 2010-05-03.
NIIBE Yutaka [Tue, 4 Dec 2012 05:37:56 +0000 (14:37 +0900)]
Revert SCD changes of 2010-05-03.

* scd/apdu.c (pcsc_no_service): Remove.
(open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
pcsc_no_service support.
(apdu_open_reader): Remove R_NO_SERVICE.
* scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
* scd/command.c (reader_disabled): Remove.
(get_current_reader): Follow the change of R_NO_SERVICE.
(open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
* scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
Daemon should handle all possible cases.  Even if such a difficult
case like reader_disabled, it should not exit.

6 years agoDon't keep opening unavailable card reader.
NIIBE Yutaka [Thu, 22 Nov 2012 07:04:51 +0000 (16:04 +0900)]
Don't keep opening unavailable card reader.

* scd/command.c (update_reader_status_file): Don't call

This fix has a impact that the insertion of a card reader will not be
detected upon the insertion, but will be deferred until user tries to
access his card.

6 years agoRefresh sample keys
David Shaw [Fri, 30 Nov 2012 17:47:49 +0000 (12:47 -0500)]
Refresh sample keys

6 years agoAdjust awk to not add trailing whitespace.
David Shaw [Fri, 30 Nov 2012 17:43:34 +0000 (12:43 -0500)]
Adjust awk to not add trailing whitespace.

* mksamplekeys: Tweak awk script to not add trailing whitespace to
  blank lines (makes git pre-commit hook unhappy)

6 years agoThe keyserver search menu should honor --keyid-format
David Shaw [Thu, 29 Nov 2012 17:00:46 +0000 (12:00 -0500)]
The keyserver search menu should honor --keyid-format

* keyserver.c (print_keyrec): Honor --keyid-format when getting back
  full fingerprints from the keyserver (the comment in the code was
  correct, the code was not).

6 years agoFix printing of ECC algo names in hkp keyserver listings.
Werner Koch [Tue, 27 Nov 2012 15:51:09 +0000 (16:51 +0100)]
Fix printing of ECC algo names in hkp keyserver listings.

* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.

6 years agoCheck for inet_addr() in -lnsl.
Ben Kibbey [Thu, 22 Nov 2012 22:17:33 +0000 (17:17 -0500)]
Check for inet_addr() in -lnsl.

* Check for inet_addr() in libnsl.

OpenSolaris/OpenIndiana requires this.

6 years agoDo not use a broken ttyname.
Werner Koch [Tue, 20 Nov 2012 18:01:13 +0000 (19:01 +0100)]
Do not use a broken ttyname.

* (HAVE_BROKEN_TTYNAME): New ac_define set for Android
* common/util.h (gnupg_ttyname): New macro.  Change all callers of
ttyname to use this macro instead.
(ttyname) [W32]: Rename to _gnupg_ttyname and use also if
* common/simple-pwquery.c (agent_send_all_options): Keep on using
ttyname unless HAVE_BROKEN_TTYNAME is set.  This is because this file
may be used standalone.

6 years agoFix non-portable use of chmod in
Werner Koch [Fri, 16 Nov 2012 09:36:53 +0000 (10:36 +0100)]
Fix non-portable use of chmod in

* Remove option -c from chmod.

6 years agoImprove parsing of the GIT revision number.
Werner Koch [Fri, 16 Nov 2012 09:35:33 +0000 (10:35 +0100)]
Improve parsing of the GIT revision number.

* (mmm4_revision): Use git rev-parse.

6 years agoAdd an OpenPGP card vendor.
Werner Koch [Thu, 15 Nov 2012 13:34:20 +0000 (14:34 +0100)]
Add an OpenPGP card vendor.

* g10/card-util.c (get_manufacturer): Add Yubico.

6 years agoFix description of validity flag 'n'.
Werner Koch [Sat, 10 Nov 2012 10:34:21 +0000 (11:34 +0100)]
Fix description of validity flag 'n'.

Thanks to Hauke Laging for spotting this.

6 years agoagent: Use wipememory instead of memset in one place.
Werner Koch [Tue, 6 Nov 2012 17:51:47 +0000 (18:51 +0100)]
agent: Use wipememory instead of memset in one place.

* agent/command.c (clear_outbuf): Use wipememory.  Suggested by Ben

6 years agoAllow decryption with card keys > 3072 bits
Werner Koch [Tue, 6 Nov 2012 11:02:25 +0000 (12:02 +0100)]
Allow decryption with card keys > 3072 bits

* scd/command.c (MAXLEN_SETDATA): New.
(cmd_setdata): Add option --append.
* agent/call-scd.c (agent_card_pkdecrypt): Use new option for long

* scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
(app_select_openpgp): Store manufacturer.
(do_decipher): Print a note for broken cards.


Please note that I was not able to run a full test because I only have
broken cards (S/N < 346) available.

6 years agoagent: Fix wrong use of gcry_sexp_build_array
NIIBE Yutaka [Wed, 31 Oct 2012 07:09:06 +0000 (16:09 +0900)]
agent: Fix wrong use of gcry_sexp_build_array

* findkey.c (agent_public_key_from_file): Fix use of

A test case leading to a segv in Libgcrypt is

  gpg-connect-agent \
    "READKEY 9277C5875C8AFFCB727661C18BE4E0A0DEED9260" /bye

The keygrip was created by "monkeysphere s", which has a comment.

gcry_sexp_build_array expects pointers to the arguments which is quite
surprising.  Probably ARG_NEXT was accidentally implemented wrongly.
Anyway, we can't do anything about it and thus need to fix the check
the users of this function.

Some-comments-by: Werner Koch <>
6 years agoSCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
NIIBE Yutaka [Wed, 31 Oct 2012 02:05:55 +0000 (11:05 +0900)]
SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.

* scd/apdu.c (PCSC_E_NO_SERVICE): New.
(open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
(open_pcsc_reader_wrapped): Set pcsc_no_service.

7 years agoUpdate and enable French translation
Werner Koch [Fri, 24 Aug 2012 15:42:36 +0000 (17:42 +0200)]
Update and enable French translation

* po/fr.po: Update.
* po/LINGUAS: Enable fr.

7 years agoAdd POT file to .gitignore
Werner Koch [Fri, 24 Aug 2012 15:41:21 +0000 (17:41 +0200)]
Add POT file to .gitignore


7 years agoUpdate German translation
Werner Koch [Fri, 24 Aug 2012 08:20:16 +0000 (10:20 +0200)]
Update German translation

Actually only updates due to typo fixes in the English source.

7 years agoFix typos spotted during translations
David Prévot [Wed, 22 Aug 2012 16:54:38 +0000 (12:54 -0400)]
Fix typos spotted during translations

* agent/genkey.c: s/to to/to/
* sm/*.c: s/failed to allocated/failed to allocate/
* sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
* g10/seskey.c: missing closing parenthesis
* dirmngr/crlcache.c: s/may has/may have/

Consistency fix:

* g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
* dirmngr/dirmngr_ldap: no period in Syntax
* dirmngr/dirmngr-client.c: infinitive for option description:
s/certificates are expected/expect certificates/

7 years agoActually show translators comments in PO files
David Prévot [Wed, 22 Aug 2012 16:54:37 +0000 (12:54 -0400)]
Actually show translators comments in PO files


7 years agoKeep previous msgids of translated messages
David Prévot [Wed, 22 Aug 2012 16:54:36 +0000 (12:54 -0400)]
Keep previous msgids of translated messages

* po/ Use --previous with msgmerge.

7 years agoFix build system for Android by disabling tests since its x-compiled
Hans-Christoph Steiner [Fri, 17 Aug 2012 02:43:15 +0000 (22:43 -0400)]
Fix build system for Android by disabling tests since its x-compiled

(AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname.
* Depend tests on new RUN_TESTS conditional.

7 years agoFix left over use of jnlib on some platforms
Werner Koch [Fri, 24 Aug 2012 07:29:56 +0000 (09:29 +0200)]
Fix left over use of jnlib on some platforms

* tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/.


Also fixed in some comments.

7 years agoFix incorrect description of --delete-secret-key
Werner Koch [Thu, 9 Aug 2012 12:45:18 +0000 (14:45 +0200)]
Fix incorrect description of --delete-secret-key


This is bug#1429.

7 years agoscd: handle reader/token removal.
NIIBE Yutaka [Sun, 24 Jun 2012 01:45:49 +0000 (10:45 +0900)]
scd: handle reader/token removal.

* scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means

7 years agoChange all quotes in strings and comments to the new GNU standard.
Werner Koch [Tue, 5 Jun 2012 17:29:22 +0000 (19:29 +0200)]
Change all quotes in strings and comments to the new GNU standard.

The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems.  We now use two \x27 characters ('...').

The proper solution would be to use the correct Unicode symmetric
quotes here.  However this has the disadvantage that the system
requires Unicode support.  We don't want that today.  If Unicode is
available a generated po file can be used to output proper quotes.  A
simple sed script like the one used for en@quote is sufficient to
change them.

The changes have been done by applying

  sed -i "s/\`\([^'\`]*\)'/'\1'/g"

to most files and fixing obvious problems by hand.  The msgid strings in
the po files were fixed with a similar command.

7 years agoPrint the hash algorithm in colon mode key listing.
Werner Koch [Thu, 24 May 2012 08:13:39 +0000 (10:13 +0200)]
Print the hash algorithm in colon mode key listing.

* g10/keylist.c (list_keyblock_colon): Print digest_algo.

7 years agoFix type conflict warning.
Werner Koch [Thu, 24 May 2012 08:11:49 +0000 (10:11 +0200)]
Fix type conflict warning.

* g10/keylist.c: Change min_cert_level to a byte.

7 years agoSwitch to the new automagic beta numbering scheme.
Werner Koch [Fri, 11 May 2012 08:20:29 +0000 (10:20 +0200)]
Switch to the new automagic beta numbering scheme.

* Add all the require m4 magic.

This also removes the hack to allow custom version numbers which are
not considered a development version.  A custom version number can be
done anyway by simply setting the version to it and tag the release
with it.

7 years agoAdd tweaks for the not anymore patented IDEA algorithm.
Werner Koch [Tue, 8 May 2012 16:18:32 +0000 (18:18 +0200)]
Add tweaks for the not anymore patented IDEA algorithm.

* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove.  Also remove all callers.
* common/status.h (STATUS_RSA_OR_IDEA): Remove.  Do not emit this
status anymore.

To keep the number of actually used algorithms low, we want to support
IDEA only in a basically read-only way (unless --pgp2 is used during
key generation).  It does not make sense to suggest the use of this
old 64 bit blocksize algorithm.  However, there is old data available
where it might be helpful to have IDEA available.

7 years agoAlways require libksba.
Werner Koch [Tue, 8 May 2012 12:33:34 +0000 (14:33 +0200)]
Always require libksba.

The extra test for libksba and possible trouble building GnuPG without
ksba is not anymore worth the trouble.

7 years agopo: Update de.po.
Werner Koch [Tue, 8 May 2012 13:18:26 +0000 (15:18 +0200)]
po: Update de.po.

* po/de.po: Update.

7 years agocommon: Remove generated files only during maintainer-clean.
Werner Koch [Tue, 8 May 2012 13:14:58 +0000 (15:14 +0200)]
common: Remove generated files only during maintainer-clean.


In general this is not required because automake does this for files
in BUILT_SOURCES anyway.  However, having them in CLEANFILES is wrong.
This is bug#1398.

7 years agoagent: Fix deadlock in trustlist due to the switch to npth.
Werner Koch [Mon, 30 Apr 2012 12:37:36 +0000 (14:37 +0200)]
agent: Fix deadlock in trustlist due to the switch to npth.

* agent/trustlist.c (clear_trusttable): New.
(agent_reload_trustlist): Use new function.
(read_trustfiles): Require to be called with lock held.
(agent_istrusted): Factor all code out to ...
(istrusted_internal): new.  Add ALREADY_LOCKED arg.  Make sure the
table islocked.  Do not print TRUSTLISTFLAG stati if called internally.
(agent_marktrusted): Replace calls to agent_reload_trustlist by
explicit code.

In contrast to pth, npth does not use recursive mutexes by default.
However, the code in trustlist.c assumed recursive locks and thus we
had to rework it.

7 years agomake DNS and URI fields work in gpgsm --gen-key.
NIIBE Yutaka [Thu, 26 Apr 2012 08:23:39 +0000 (10:23 +0200)]
make DNS and URI fields work in gpgsm --gen-key.

* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and
mb_dns.avoid buffer strncpy-induced buffer overrun

7 years agoavoid buffer strncpy-induced buffer overrun
Jim Meyering [Wed, 25 Apr 2012 15:42:53 +0000 (17:42 +0200)]
avoid buffer strncpy-induced buffer overrun

* dirmngr/crlcache.c (open_dir): Ensure that both this_update
and next_update member strings are NUL-terminated.

7 years agoremove doubled words in a comment
Jim Meyering [Wed, 25 Apr 2012 15:40:48 +0000 (17:40 +0200)]
remove doubled words in a comment

7 years agoChange license for some files in common to LGPLv3+/GPLv2+.
Werner Koch [Fri, 20 Apr 2012 13:43:06 +0000 (15:43 +0200)]
Change license for some files in common to LGPLv3+/GPLv2+.

Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan).  This
is good for interoperability and to reduces bugs.

* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/

7 years agofaq: Replace --list-ownerturst by --export-ownertrust.
Werner Koch [Tue, 17 Apr 2012 07:55:44 +0000 (09:55 +0200)]
faq: Replace --list-ownerturst by --export-ownertrust.


7 years agoFix killing PID -1.
Ben Kibbey [Tue, 10 Apr 2012 00:52:22 +0000 (20:52 -0400)]
Fix killing PID -1.

When the KILLSCD command had been sent a race condition would occur
causing PID -1 getting killed, which on Linux seems to terminate all
applications for the current user.

7 years agoDo not mix test result with progress lines.
Werner Koch [Thu, 5 Apr 2012 18:32:42 +0000 (20:32 +0200)]
Do not mix test result with progress lines.

This makes parsing of the results easier.  Fixes bug#1400.

* tests/openpgp/ (progress_cancel, progress_end)
(progress_new): New.
* tests/openpgp/conventional-mdc.test: Use progress functions
* tests/openpgp/conventional.test: Ditto.
* tests/openpgp/encrypt-dsa.test: Ditto.
* tests/openpgp/encrypt.test: Ditto.
* tests/openpgp/sigs.test: Ditto.
The new output style is now:

      > MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 <
  PASS: sigs.test

or if the test fails:

      > MD5 SHA1
  sigs.test: ooops
  FAIL: sigs.test

7 years agoMention status messages in the documentation.
Ben Kibbey [Wed, 4 Apr 2012 00:53:23 +0000 (20:53 -0400)]
Mention status messages in the documentation.


7 years agoDocument PASSWD --preset.
Ben Kibbey [Wed, 4 Apr 2012 00:53:22 +0000 (20:53 -0400)]
Document PASSWD --preset.

7 years agoDocument GENKEY options.
Ben Kibbey [Wed, 4 Apr 2012 00:53:21 +0000 (20:53 -0400)]
Document GENKEY options.

7 years agoDocument PRESET_PASSPHRASE.
Ben Kibbey [Wed, 4 Apr 2012 00:53:20 +0000 (20:53 -0400)]

7 years agoDocument CLEAR_PASSPHRASE.
Ben Kibbey [Wed, 4 Apr 2012 00:53:19 +0000 (20:53 -0400)]

And describe the --mode=normal option.

7 years agoFix timegm regression test.
Werner Koch [Tue, 27 Mar 2012 17:46:20 +0000 (19:46 +0200)]
Fix timegm regression test.

* common/t-timestuff.c (test_timegm): Change test to use January and
not February or December+1.  Bug spotted by Daniel Kahn Gillmor.

7 years agoPrint warning for arguments not considered an option.
Werner Koch [Tue, 27 Mar 2012 10:35:13 +0000 (12:35 +0200)]
Print warning for arguments not considered an option.

GnuPG requires that options are given before other arguments.  This
can sometimes be confusing.  We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option.  This is bug#1343.

* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.

7 years agoUpdate the maintenance instructions.
Werner Koch [Tue, 27 Mar 2012 09:21:33 +0000 (11:21 +0200)]
Update the maintenance instructions.


7 years agoAllow compress algorithm 0.
Werner Koch [Mon, 26 Mar 2012 13:52:15 +0000 (15:52 +0200)]
Allow compress algorithm 0.

* g10/mainproc.c (proc_compressed): Remove superfluous check for
compress algorithm 0.  Reported by pfandrade.  This is bug#1326.

7 years agoTypo fixes in de.po.
Werner Koch [Mon, 26 Mar 2012 13:50:13 +0000 (15:50 +0200)]
Typo fixes in de.po.

This is bug#1276 and

7 years agoAdd mksamplekeys script.
Werner Koch [Mon, 26 Mar 2012 13:48:47 +0000 (15:48 +0200)]
Add mksamplekeys script.

* doc/mksamplekeys: New.
Note that we have the same script in the 1.4 branch.  That should be
removed and only this one shall be used.

7 years agoReplace npth_yield in busy wait by npth_usleep.
Marcus Brinkmann [Tue, 28 Feb 2012 16:26:32 +0000 (17:26 +0100)]
Replace npth_yield in busy wait by npth_usleep.

* dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call
npth_usleep instead of npth_yield.

7 years agoCheck for lber and link dirmngr_ldap to it.
Marcus Brinkmann [Thu, 16 Feb 2012 16:51:20 +0000 (17:51 +0100)]
Check for lber and link dirmngr_ldap to it.

* (LBER_LIBS, HAVE_LBER): New variables, check for lber.
* dirmngr/ (dirmngr_lda_LDADD): Add $(LBER_LIBS).

7 years agoagent: Add pin length field to the shadowed private key format.
Werner Koch [Tue, 7 Feb 2012 13:17:33 +0000 (14:17 +0100)]
agent: Add pin length field to the shadowed private key format.

This is not yet fully implemented.  It will eventually allow to
support pinpad equipped readers which do not support variable length
pin lengths.
* agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
parse pinlen info.  Change all callers to pass NULL for it.

7 years agoUse new status printing functions.
Werner Koch [Tue, 7 Feb 2012 12:51:47 +0000 (13:51 +0100)]
Use new status printing functions.

* agent/command.c (cmd_geteventcounter): Get rid of static buffers.
* scd/command.c (cmd_serialno, cmd_learn): Simplify by using

7 years agoagent: New function agent_print_status.
Werner Koch [Tue, 7 Feb 2012 11:46:32 +0000 (12:46 +0100)]
agent: New function agent_print_status.

* common/asshelp2.c (vprint_assuan_status): New.
(print_assuan_status): Re-implement using above func.
* agent/command.c (agent_print_status): New.

7 years agoAdd an item to NEWS.
Werner Koch [Tue, 7 Feb 2012 09:20:12 +0000 (10:20 +0100)]
Add an item to NEWS.


7 years agopo: Add Ukrainian translation.
Werner Koch [Tue, 7 Feb 2012 09:19:16 +0000 (10:19 +0100)]
po: Add Ukrainian translation.

* po/uk.po: New.

Note that all but one translation are currently disabled in LINGUAS.

7 years agocommon: Replace macro based function calls by using DEFAULT_ERRSOURCE.
Werner Koch [Tue, 7 Feb 2012 09:15:57 +0000 (10:15 +0100)]
common: Replace macro based function calls by using DEFAULT_ERRSOURCE.

* common/dns-cert.h (get_dns_cert): Remove macro.
* common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert.  Replace
* common/http.h (http_parse_uri, http_raw_connect, http_open)
(http_open_document, http_wait_response): Remove macros.
* common/http.c (_http_parse_uri, _http_raw_connect, _http_open)
(_http_open_document, _http_wait_response): Remove underscore from
symbols.  Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
* common/ssh-utils.h (ssh_get_fingerprint)
(ssh_get_fingerprint_string): Remove macros.
* common/ssh-utils.h (_ssh_get_fingerprint)
(_ssh_get_fingerprint_string): Remove underscore from symbols.
* common/tlv.h (parse_ber_header, parse_sexp): Remove macros.
* common/tlv.c: Include util.h.
(_parse_ber_header, _parse_sexp): Remove underscore from symbols.

7 years agoAdd replacement hack for Android's broken ttyname.
Werner Koch [Mon, 6 Feb 2012 20:06:16 +0000 (21:06 +0100)]
Add replacement hack for Android's broken ttyname.

* (HAVE_TTYNAME) [__ANDROID__]: Add hack.

7 years agoagent: Simplify printing of INQUIRE_MAXLEN.
Werner Koch [Mon, 6 Feb 2012 20:04:22 +0000 (21:04 +0100)]
agent: Simplify printing of INQUIRE_MAXLEN.

* agent/command.c: Include asshelp.h.
(cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
(pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.

7 years agocommon: Add function print_assuan_status.
Werner Koch [Mon, 6 Feb 2012 19:52:27 +0000 (20:52 +0100)]
common: Add function print_assuan_status.

* common/asshelp2.c: New.
(print_assuan_status): New function.
* common/ (common_sources): Add asshelp2.c.

7 years agocommon: Add a global variable to for the default error source.
Werner Koch [Mon, 6 Feb 2012 19:50:47 +0000 (20:50 +0100)]
common: Add a global variable to for the default error source.

For the shared code parts it is cumbersome to pass an error sourse
variable to each function.  Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems.  Set
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.

7 years agoAlso let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.
Ben Kibbey [Fri, 3 Feb 2012 22:50:22 +0000 (17:50 -0500)]
Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.

* agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status
message before doing the inquire.
(cmd_genkey): Ditto.

7 years agoInform the client of the preset passphrase length.
Ben Kibbey [Thu, 2 Feb 2012 02:38:13 +0000 (21:38 -0500)]
Inform the client of the preset passphrase length.

* agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN
status message before inquiring the passphrase.

7 years agoHonor --cert-digest-algo when recreating a cert.
David Shaw [Wed, 1 Feb 2012 02:30:05 +0000 (21:30 -0500)]
Honor --cert-digest-algo when recreating a cert.

* g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
  recreating a cert.

This is used by various things in --edit-key like setpref, primary,
etc.  Suggested by Christian Aistleitner.

7 years agogl: Add support for Android to stdint.h replacement.
Werner Koch [Fri, 27 Jan 2012 16:29:57 +0000 (17:29 +0100)]
gl: Add support for Android to stdint.h replacement.

* gl/stdint_.h: When included from Bionic <sys/types.h>, just include
the system's <stdint.h>.

7 years agogpg-connect-tool: Take the string "true" as a true condition.
Werner Koch [Fri, 27 Jan 2012 14:40:24 +0000 (15:40 +0100)]
gpg-connect-tool: Take the string "true" as a true condition.

* tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in
conditions as expected.

7 years agoReturn GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.
Ben Kibbey [Thu, 26 Jan 2012 00:16:33 +0000 (19:16 -0500)]
Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.

Since there isn't a way to prompt the user to insert the smartcard when
pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of

* agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
when pinentry-mode=loopback.

7 years agoAlso check for GPG_ERR_ASS_CANCELED during an inquire.
Ben Kibbey [Wed, 25 Jan 2012 23:14:51 +0000 (18:14 -0500)]
Also check for GPG_ERR_ASS_CANCELED during an inquire.

Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
This is similar to commit 4f21f8d but for both protocol command
cancellation and pinentry cancellation.

* agent/call-scd.c (agent_card_pkdecrypt): Check for
(agent_card_pksign): Ditto.

7 years agonPth is now a hard requirement for GnuPG.
Werner Koch [Wed, 25 Jan 2012 14:48:01 +0000 (15:48 +0100)]
nPth is now a hard requirement for GnuPG.

* Remove cruft to allow building without npth.

Previous versions of GnuPG allowed to build a subset of it without
support of Pth.  Meanwhile gpg-agent is a requirement even for gpg and
thus it does not make any sense to allow such a restricted build.

7 years agoRequire libassuan 2.1.0.
Werner Koch [Wed, 25 Jan 2012 14:01:19 +0000 (15:01 +0100)]
Require libassuan 2.1.0.

* (NEED_LIBASSUAN_VERSION): Set to 2.1.0.  This is due to
the npth changes.
Note that libassuan 2.1.0 has not yet been released.

7 years agoFix strerror vs. gpg_strerror usage.
Werner Koch [Wed, 25 Jan 2012 13:59:01 +0000 (14:59 +0100)]
Fix strerror vs. gpg_strerror usage.

This bug was introduced by the migration to npth.
* agent/gpg-agent.c (handle_connections): Use strerror.

7 years agoRe-indent overlong lines.
Werner Koch [Wed, 25 Jan 2012 13:44:34 +0000 (14:44 +0100)]
Re-indent overlong lines.


7 years agoAdd missing variable.
Werner Koch [Wed, 25 Jan 2012 11:11:41 +0000 (12:11 +0100)]
Add missing variable.

* agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable.

7 years agoPort LDAP wrapper to NPTH.
Marcus Brinkmann [Tue, 24 Jan 2012 16:37:01 +0000 (17:37 +0100)]
Port LDAP wrapper to NPTH.

* agent/gpg-agent.c (handle_connections): Handle error.
* dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH.

7 years agoPort Windows code to NPTH.
Marcus Brinkmann [Thu, 19 Jan 2012 21:27:44 +0000 (22:27 +0100)]
Port Windows code to NPTH.

* agent/gpg-agent.c (get_agent_ssh_socket_name): Use
(handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
(handle_connections): Port Windows code to NPTH.
* dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
* g13/g13.c (handle_connections): Port Windows code to NPTH.
* scd/scdaemon.c (handle_connections): Port Windows code to NPTH.

7 years agoPort to npth.
Marcus Brinkmann [Tue, 3 Jan 2012 21:12:37 +0000 (22:12 +0100)]
Port to npth.

* Don't check for PTH but for NPTH.
(have_pth): Rename to ...
(have_npth): ... this.
(USE_GNU_NPTH): Rename to ...
(USE_GNU_PTH): ... this.
* m4/npth.m4: New file.
* agent/, agent/cache.c, agent/call-pinentry.c,
agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
agent/trustlist.c, common/, common/estream.c,
common/exechelp-posix.c, common/exechelp-w32.c,
common/exechelp-w32ce.c, common/http.c, common/init.c,
common/sysutils.c, dirmngr/, dirmngr/crlfetch.c,
dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/,
g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/,
scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
scd/scdaemon.c, tools/ Port to npth.

7 years agoRequire gitlog-to-changelog to be installed.
Werner Koch [Wed, 25 Jan 2012 11:11:41 +0000 (12:11 +0100)]
Require gitlog-to-changelog to be installed.

(gen-ChangeLog): Use installed version of gitlog-to-changelog.

In case an appropriate version of gitlog-to-changelog is not in the
PATH, it is possible to override it using something like:

  make distcheck GITLOG_TO_CHANGELOG=/foo/bar/my-gitlog-to-changelog

7 years agoExtend gitlog-to-changelog option --tear-off.
Werner Koch [Wed, 25 Jan 2012 10:58:54 +0000 (11:58 +0100)]
Extend gitlog-to-changelog option --tear-off.

It is now possible to suppress git log entries from being copied to
the ChangeLog by using the option --tear-off and having a "--" line
as the first line in the body (like this very log entry).

Note that the GnuPG master branch is the canonical source for our
version of the gitlog-to-changelog script.

7 years agoChanges to --min-cert-level should cause a trustdb rebuild (issue 1366)
David Shaw [Fri, 20 Jan 2012 03:33:51 +0000 (22:33 -0500)]
Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)

* g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level

* g10/trustdb.c (check_trustdb_stale): Request a rebuild if
  pending_check_trustdb is true (set when we detect a trustdb
  parameter has changed).

* g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
  listing for min_cert_level not matching.

* g10/tdbio.c (tdbio_update_version_record, create_version_record,
  tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
  tdbio_write_record): Add a byte for min_cert_level in the tdbio
  version record.

7 years agoestream: Fix unclean usage of realloc.
Werner Koch [Fri, 20 Jan 2012 13:27:36 +0000 (14:27 +0100)]
estream: Fix unclean usage of realloc.

* common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove.
(fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New.
(estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc
and my_printf_free.
(dynamic_buffer_out): Use my_printf_realloc instead of realloc.

This bug will never happen in current GnuPG/Libgcrypt because we use
the standard memory allocation functions via Libgcrypt.  However, when
used in other environments it would mess up the heap for an asprintf
with an output length larger than ~512 bytes.

7 years agoDo not copy default merge commit log entries into the ChangeLog.
Werner Koch [Fri, 20 Jan 2012 10:08:06 +0000 (11:08 +0100)]
Do not copy default merge commit log entries into the ChangeLog.

* scripts/gitlog-to-changelog: Skip merge commits.

7 years agoAdd the INQUIRE_MAXLEN status message.
Ben Kibbey [Wed, 18 Jan 2012 00:49:10 +0000 (19:49 -0500)]
Add the INQUIRE_MAXLEN status message.

This status message is used to inform the client of the maximum length
of an inquired passphrase and is used in pinentry-mode=loopback.

* agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
message before doing the inquire.

7 years agoyat2m: don't dereference pointer to freed memory
Jim Meyering [Sat, 14 Jan 2012 21:34:58 +0000 (22:34 +0100)]
yat2m: don't dereference pointer to freed memory

* doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop.

7 years agogpg-agent: fix lc-messages handling not to change Xauthority setting
Jim Meyering [Sat, 14 Jan 2012 21:20:39 +0000 (22:20 +0100)]
gpg-agent: fix lc-messages handling not to change Xauthority setting

* agent/gpg-agent.c (main): Supply omitted "break" statement for
lc-messages option.  Otherwise, control would fall through to the
following oXauthority case and use the same value there.

7 years agoFix indentation.
Werner Koch [Sun, 15 Jan 2012 11:37:33 +0000 (12:37 +0100)]
Fix indentation.

7 years agoFix scdaemon pinentry inquire cancelation.
Ben Kibbey [Sat, 14 Jan 2012 14:57:31 +0000 (09:57 -0500)]
Fix scdaemon pinentry inquire cancelation.

Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.

* agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
when returning from the PKDECRYPT operation of scdaemon and cancel the
(agent_card_pksign): Ditto.
(cancel_inquire): New.

7 years agogpg: Fix segv with RSA_S keys.
Werner Koch [Wed, 11 Jan 2012 19:15:47 +0000 (20:15 +0100)]
gpg: Fix segv with RSA_S keys.

* g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
(pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to

The problem is that Libgcrypt has no more support for the alternate
RSA ids and thus if asking for the number of parameters, they will
return zero.  Now, this leads to packing the key parameters into an
opaque MPI but because the algorithm id is actually known to GPG, it
assumes valid RSA parameters.

An example key with RSA_S is 0x5434509D.

7 years agoestream: Avoid printing leading zeroes by %p on 32 bit systems.
Werner Koch [Wed, 11 Jan 2012 16:06:17 +0000 (17:06 +0100)]
estream: Avoid printing leading zeroes by %p on 32 bit systems.

* common/estream-printf.c (pr_pointer): Synchronize definition of
AULONG with its use.

7 years agoRefresh sample keys
David Shaw [Tue, 10 Jan 2012 15:32:03 +0000 (10:32 -0500)]
Refresh sample keys

7 years agoAdapt HKP fix for fingerprint/long keyid retrievals for dirmngr
David Shaw [Tue, 10 Jan 2012 15:23:54 +0000 (10:23 -0500)]
Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr

* dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form

7 years agogpg: Make the double space in the middle of a fingerprint optional.
Werner Koch [Fri, 6 Jan 2012 14:17:49 +0000 (15:17 +0100)]
gpg: Make the double space in the middle of a fingerprint optional.

This change might help to c+p a fingerprint from an HTML page without
being enclosed in a "pre" tag.
* common/userids.c (classify_user_id): Skip a second blank in the
middle of a fingerprint.

7 years agogpg: Allow use of a standard space separated fingerprint.
Werner Koch [Fri, 6 Jan 2012 12:33:10 +0000 (13:33 +0100)]
gpg: Allow use of a standard space separated fingerprint.

* common/userids.c (classify_user_id): Check for space separated GPG

7 years agoMerge ccid_driver_improvement branch.
NIIBE Yutaka [Fri, 6 Jan 2012 04:50:21 +0000 (13:50 +0900)]
Merge ccid_driver_improvement branch.

* scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
(open_ccid_reader): Use ccid_keypad_operation for verify and modify.

* scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
(ccid_transceive_apdu_level): Permit sending packet where
apdulen <= 289.  Support receiving packets in a chain.
(ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.

7 years agoSilence gcc warning.
Marcus Brinkmann [Tue, 3 Jan 2012 16:38:24 +0000 (17:38 +0100)]
Silence gcc warning.

* sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized.