gnupg.git
3 months agoindent: Fix indentation of read_block in g10/import.c
Werner Koch [Wed, 4 Jul 2018 07:45:52 +0000 (09:45 +0200)]
indent: Fix indentation of read_block in g10/import.c

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Extra check for sign usage when verifying a data signature.
Werner Koch [Wed, 4 Jul 2018 06:59:12 +0000 (08:59 +0200)]
gpg: Extra check for sign usage when verifying a data signature.

* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--

Without this patch the signature verification fails only due to the
missing back signature.  This check better explains what went wrong.

GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agog10: Fix memory leak for PKT_signature.
NIIBE Yutaka [Tue, 3 Jul 2018 00:07:03 +0000 (09:07 +0900)]
g10: Fix memory leak for PKT_signature.

* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agoagent: New commands PUT_SECRET and GET_SECRET.
Werner Koch [Mon, 2 Jul 2018 19:24:15 +0000 (21:24 +0200)]
agent: New commands PUT_SECRET and GET_SECRET.

* agent/agent.h (CACHE_MODE_DATA): New const.
* agent/cache.c (DEF_CACHE_TTL_DATA): new.
(housekeeping): Tweak for CACHE_MODE_DATA.
(cache_mode_equal): Ditto.
(agent_get_cache): Ditto.
(agent_put_cache): Implement CACHE_MODE_DATA.
* agent/command.c (MAXLEN_PUT_SECRET): New.
(parse_ttl): New.
(cmd_get_secret): New.
(cmd_put_secret): New.
(register_commands): Register new commands.
--

These commands allow to store secrets in memory for the lifetime of
the gpg-agent process.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agocommon: New function percent_data_escape.
Werner Koch [Mon, 2 Jul 2018 18:24:10 +0000 (20:24 +0200)]
common: New function percent_data_escape.

* common/percent.c (percent_data_escape): New.
* common/t-percent.c (test_percent_data_escape): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agoagent: Fix segv running in --server mode
Werner Koch [Mon, 2 Jul 2018 18:22:42 +0000 (20:22 +0200)]
agent: Fix segv running in --server mode

* agent/command.c (start_command_handler): Do not write to
CLIENT_CREDS after an error.
--

assuan_get_peercred is special insofar that it returns a pointer into
CTX.  Writing data via this pointer should never be done.

Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agolibdns: For SOCKS connection, just fails.
NIIBE Yutaka [Mon, 2 Jul 2018 01:37:49 +0000 (10:37 +0900)]
libdns: For SOCKS connection, just fails.

* dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
iterate to other server, but return the error immediately.

--

In the function libdns_switch_port_p in dns-stuff.c, this patch
allows to fallback using TOR_PORT2 correctly.

Fixes-commit: bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agogpg: Print revocation reason for "rev" records.
Werner Koch [Thu, 21 Jun 2018 18:28:40 +0000 (20:28 +0200)]
gpg: Print revocation reason for "rev" records.

* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Print revocation reason for "rvs" records.
Werner Koch [Thu, 21 Jun 2018 16:32:13 +0000 (18:32 +0200)]
gpg: Print revocation reason for "rvs" records.

* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--

Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason.  GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.

A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment.  Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.

This is partial solution to
GnuPG-bug-id: 1173

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agogpg: Let --show-keys print revocation certificates.
Werner Koch [Thu, 21 Jun 2018 13:06:30 +0000 (15:06 +0200)]
gpg: Let --show-keys print revocation certificates.

* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--

GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agobuild: Remove duplicates from AC_CHECK_FUNCS
Werner Koch [Thu, 21 Jun 2018 10:56:40 +0000 (12:56 +0200)]
build: Remove duplicates from AC_CHECK_FUNCS

* configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
--

A few functions were tested two times which slightly increases the size
of the configure script.  Also put the functions in sorted order into
the macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 months agolibdns: Let kernel to decide the local port.
NIIBE Yutaka [Tue, 19 Jun 2018 23:59:05 +0000 (08:59 +0900)]
libdns: Let kernel to decide the local port.

* dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
(dns_socket): Don't select ephemeral port in user space.

--

There is no good reason to bind local port aggressively.  It might be
some reason to do so, then, a user can specify it in /etc/resolv.conf
by the second argument of "interface" directive.

At least, it causes a problem on Windows.  Binding a specified port in
user space can trigger the Firewall dialog on Windows.  Since it can
be considered valid question, it is better not to bind with an
ephemeral port which is selected in user space, by default.

GnuPG-bug-id: 3610
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agowks: Take name of sendmail from configure.
Werner Koch [Tue, 19 Jun 2018 06:06:50 +0000 (08:06 +0200)]
wks: Take name of sendmail from configure.

* configure.ac (NAME_OF_SENDMAIL): New ac_define.
* tools/send-mail.c (run_sendmail): Use it.
--

We used to ac_subst the SENDMAIL in the old keyserver via mail script.
We cab reuse this to avoid a fixed name for sendmail in the
send-mail.c helper.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agolibdns: Fix for non-FQDN hostname.
NIIBE Yutaka [Mon, 18 Jun 2018 01:13:35 +0000 (10:13 +0900)]
libdns: Fix for non-FQDN hostname.

* dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
hostname.

--

GnuPG-bug-id: T3803
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Fix connect and try next nameserver when ECONNREFUSED.
NIIBE Yutaka [Fri, 15 Jun 2018 03:58:29 +0000 (12:58 +0900)]
libdns: Fix connect and try next nameserver when ECONNREFUSED.

* dirmngr/dns.c (dns_so_check): When EINVAL, release the association
by connect with AF_UNSPEC and try again.  Also try again for
ECONNREFUSED.
(dns_res_exec): Try next nameserver when ECONNREFUSED.

--

GnuPG-bug-id: T3374
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Clear struct sockaddr_storage by zero.
NIIBE Yutaka [Fri, 15 Jun 2018 01:38:22 +0000 (10:38 +0900)]
libdns: Clear struct sockaddr_storage by zero.

* dirmngr/dns.c (dns_resconf_pton): Clear SS.
(dns_resconf_setiface): Clear ->IFACE.
(dns_hints_root, send_query): Clear SS.

--

POSIX requires clear the structure of struct sockaddr_in6.  On macOS,
in some case like bind, it is better to clear even for struct
sockaddr_in.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agolibdns: Sync to upstream.
NIIBE Yutaka [Thu, 14 Jun 2018 04:10:57 +0000 (13:10 +0900)]
libdns: Sync to upstream.

* dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.

--

Reverting local change, merge upstream's debug-tracing branch.
(commit 21281fc1b63bb74d51762b8e363c49b1a258783d)

Fixes-commit: d4c0187dd93163f12e9f953366adef81ecf526a6
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agodirmngr: Fix recursive resolver mode.
NIIBE Yutaka [Thu, 14 Jun 2018 04:01:45 +0000 (13:01 +0900)]
dirmngr: Fix recursive resolver mode.

* dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.

--

To reproduce an error, run:

    ./t-dns-stuff --debug --recursive-resolver www.gnupg.org

Then, it returns "No name" error.  That's because there was only setup
for root servers, and no setup for recursive query in fact.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agoSome preparations to eventuallt use gpgrt_argparse.
Werner Koch [Tue, 12 Jun 2018 14:11:19 +0000 (16:11 +0200)]
Some preparations to eventuallt use gpgrt_argparse.

* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoRequire libgpg-error 1.29 and remove internal logging functions.
Werner Koch [Tue, 12 Jun 2018 11:46:00 +0000 (13:46 +0200)]
Require libgpg-error 1.29 and remove internal logging functions.

* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
* common/util.h: Remove replacement error codes.
* common/logging.h: Remove fallback to internal logging functions.
* common/logging.c: Remove.
* common/Makefile.am (common_sources): Remove logging.c

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Do not import revocations with --show-keys.
Werner Koch [Tue, 12 Jun 2018 06:44:55 +0000 (08:44 +0200)]
gpg: Do not import revocations with --show-keys.

* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
IMPORT_DRY_RUN.
--

GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agocard: Fix memory leak for fetch-url sub command.
NIIBE Yutaka [Tue, 12 Jun 2018 06:54:18 +0000 (15:54 +0900)]
card: Fix memory leak for fetch-url sub command.

* g10/card-util.c (fetch_url): Release INFO.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Add new usage option for drop-subkey filters.
Daniel Kahn Gillmor [Tue, 12 Jun 2018 04:41:59 +0000 (00:41 -0400)]
gpg: Add new usage option for drop-subkey filters.

* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--

For example, this permits extraction of only encryption-capable
subkeys like so:

    gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR

GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4 months agodoc: Include release info from 2.2.8
Werner Koch [Mon, 11 Jun 2018 06:55:20 +0000 (08:55 +0200)]
doc: Include release info from 2.2.8

--

4 months agogpg: Set some list options with --show-keys
Werner Koch [Mon, 11 Jun 2018 06:46:37 +0000 (08:46 +0200)]
gpg: Set some list options with --show-keys

* g10/gpg.c (main): Set some list options.
--

The new command --show-keys is commonly used to check the content of a
file with keys.  In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Sanitize diagnostic with the original file name.
Werner Koch [Fri, 8 Jun 2018 08:45:21 +0000 (10:45 +0200)]
gpg: Sanitize diagnostic with the original file name.

* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012

4 months agogpg: Improve import's repair-key duplicate signature detection.
Werner Koch [Thu, 7 Jun 2018 16:41:17 +0000 (18:41 +0200)]
gpg: Improve import's repair-key duplicate signature detection.

* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--

This is a follupup for commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
to cleanup the code and to add a second de-duplicate step when needed.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Fix import's repair-key duplicate signature detection.
Werner Koch [Thu, 7 Jun 2018 15:22:58 +0000 (17:22 +0200)]
gpg: Fix import's repair-key duplicate signature detection.

* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--

The key_check_all_keysigs first does a detection of duplicate
signature.  This is done over all signatures at once.  The problem
here is for example:

   key
   uid_1
     sig_uid_1.1
     sig_uid_1.2
   subkey_1
     sig_sub_1.1
   subkey_2
     sig_sub_2.1
     sig_sub_2.2  (duplicate of sig_sub_1.1)

Now the de-duplication deletes the first signature and keeps the
second.  That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore.  In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid.  The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).

The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey).  This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.

In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1.  This duplicates the
signature and for cleanness we should kick the de-duplication process
again.  This will be done with a followup patch.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Improve verbose output during import.
Werner Koch [Thu, 7 Jun 2018 08:30:07 +0000 (10:30 +0200)]
gpg: Improve verbose output during import.

* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agoagent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
Werner Koch [Wed, 6 Jun 2018 16:28:44 +0000 (18:28 +0200)]
agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.

* agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
with the standard list.
--

Although the function agent_copy_startup_env is newer than
session_env_list_stdenvnames the latter was not used.  When
DBUS_SESSION_BUS_ADDRESS was added to the latter it was forgotten to
add it to the former as well.  Having all stdnames here seems to be
the Right Thing (tm) to do.

GnuPG-bug-id: 3947
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Typo fixes
Werner Koch [Wed, 6 Jun 2018 15:25:51 +0000 (17:25 +0200)]
doc: Typo fixes

--

Reported-by: Claus Assmann <ca+gnupg-users@esmtp.org>
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Also detect a plaintext packet before an encrypted packet.
Werner Koch [Wed, 6 Jun 2018 13:46:24 +0000 (15:46 +0200)]
gpg: Also detect a plaintext packet before an encrypted packet.

* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--

Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line.  We fail only later to get more information.  Callers
need to check and act upon the decryption error code anyway.

Thanks to Marcus for pointing out this case.

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: New command --show-keys.
Werner Koch [Wed, 6 Jun 2018 09:50:58 +0000 (11:50 +0200)]
gpg: New command --show-keys.

* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--

Using

  --import --import-options show-only

to look at a key is too cumbersome.  Provide this shortcut and also
remove some diagnostic cruft in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agog10: Remove bogus comment.
NIIBE Yutaka [Tue, 5 Jun 2018 02:22:10 +0000 (11:22 +0900)]
g10: Remove bogus comment.

* g10/mainproc.c (proc_pubkey_enc): Remove a comment.

--

GnuPG always uses the OpenPGP algo number in its status report.
We can find a function in GPGME, it's _gpgme_map_pk_algo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 months agogpg: Print a hint on how to decrypt a non-mdc message anyway.
Werner Koch [Thu, 31 May 2018 10:59:40 +0000 (12:59 +0200)]
gpg: Print a hint on how to decrypt a non-mdc message anyway.

* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC.  Also print a dedicated status error code

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Ignore the multiple message override options.
Werner Koch [Wed, 30 May 2018 20:05:57 +0000 (22:05 +0200)]
gpg: Ignore the multiple message override options.

* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--

These options are very old compatibility hacks and should not be used
anymore.  We keep them as dummy options in case someone has them in
the conf file.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Detect multiple literal plaintext packets more reliable.
Werner Koch [Wed, 30 May 2018 19:45:37 +0000 (21:45 +0200)]
gpg: Detect multiple literal plaintext packets more reliable.

* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Remove PGP6 compliance mode.
Werner Koch [Tue, 29 May 2018 11:01:12 +0000 (13:01 +0200)]
gpg: Remove PGP6 compliance mode.

* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove.  Adjust all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agodoc: Add a hint about gpgsm and DECRYPTION_INFO.
Werner Koch [Tue, 29 May 2018 10:43:39 +0000 (12:43 +0200)]
doc: Add a hint about gpgsm and DECRYPTION_INFO.

--

4 months agogpg: Remove MDC options
Werner Koch [Tue, 29 May 2018 10:42:44 +0000 (12:42 +0200)]
gpg: Remove MDC options

* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agogpg: Fix detection of the AEAD feature flag.
Werner Koch [Tue, 29 May 2018 10:24:19 +0000 (12:24 +0200)]
gpg: Fix detection of the AEAD feature flag.

* g10/getkey.c (fixup_uidnode): Use bitmask 0x02.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 months agopo: Update Spanish translation.
emma peel [Fri, 25 May 2018 15:45:13 +0000 (15:45 +0000)]
po: Update Spanish translation.

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5 months agogpg: Hard fail on a missing MDC even for legacy algorithms.
Werner Koch [Tue, 15 May 2018 10:33:03 +0000 (12:33 +0200)]
gpg: Hard fail on a missing MDC even for legacy algorithms.

* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Turn --no-mdc-warn into a NOP.
Werner Koch [Tue, 15 May 2018 10:19:40 +0000 (12:19 +0200)]
gpg: Turn --no-mdc-warn into a NOP.

* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--

Users should not be allowed to suppress the warning that they are
shooting into their foot.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agopo: Fix Swedish and Turkish translations.
NIIBE Yutaka [Mon, 14 May 2018 13:39:44 +0000 (22:39 +0900)]
po: Fix Swedish and Turkish translations.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agopo: Fix Danish translation.
NIIBE Yutaka [Mon, 14 May 2018 13:18:43 +0000 (22:18 +0900)]
po: Fix Danish translation.

--

Debian-bug-id: 898552
Reported-by: Jonas Smedegaard <dr@jones.dk>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodoc: Include release info for 2.2.7
Werner Koch [Sun, 13 May 2018 11:31:19 +0000 (13:31 +0200)]
doc: Include release info for 2.2.7

--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Sun, 13 May 2018 11:29:40 +0000 (13:29 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--

Resolved Conflicts:
NEWS  - removed
configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodoc: Fix URL in NEWS.
Werner Koch [Sun, 13 May 2018 11:21:57 +0000 (13:21 +0200)]
doc: Fix URL in NEWS.

--

5 months agodoc: Update description of displayed trust values.
Ineiev [Sun, 6 May 2018 05:58:23 +0000 (05:58 +0000)]
doc: Update description of displayed trust values.

* doc/trust-values.texi: New file.
* doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
* doc/gnupg.texi (Trust Values): New chapter.
* doc/gpg.texi (OpenPGP Key Management): Update the description
of how trust values are displayed, replace table with a reference
to Trust Values.
* doc/gpg.texi (GPG Examples): Add @mansect trust values.

--

Signed-off-by: Ineiev <ineiev@gnu.org>
5 months agoPost release updates
Werner Koch [Wed, 2 May 2018 20:02:40 +0000 (22:02 +0200)]
Post release updates

--

5 months agoRelease 2.2.7 gnupg-2.2.7
Werner Koch [Wed, 2 May 2018 18:58:19 +0000 (20:58 +0200)]
Release 2.2.7

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agospeedo,w32: Install dirmmngr_ldap.exe.
Werner Koch [Wed, 2 May 2018 19:33:41 +0000 (21:33 +0200)]
speedo,w32: Install dirmmngr_ldap.exe.

--

5 months agopo: Auto update
Werner Koch [Wed, 2 May 2018 18:42:51 +0000 (20:42 +0200)]
po: Auto update

--

5 months agogpg: Fix minor memory leak in the compress filter.
Werner Koch [Wed, 2 May 2018 17:44:10 +0000 (19:44 +0200)]
gpg: Fix minor memory leak in the compress filter.

* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--

GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Fix "Too many open files" when using --multifile.
Werner Koch [Wed, 2 May 2018 17:03:07 +0000 (19:03 +0200)]
gpg: Fix "Too many open files" when using --multifile.

* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--

This seems to be a pretty old bug.  The fix is easy and also reveals
that -z0 can be used as a workaround.

GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Implement timeout for dirmngr_ldap under Windows.
Werner Koch [Wed, 2 May 2018 16:40:01 +0000 (18:40 +0200)]
dirmngr: Implement timeout for dirmngr_ldap under Windows.

* dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
(set_timeout): Implement for W32.
--

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agobuild: New configure option to help with nPth debugging.
Werner Koch [Wed, 2 May 2018 15:06:22 +0000 (17:06 +0200)]
build: New configure option to help with nPth debugging.

* configure.ac: Add option --enable-npth-debug
--

This requires a not yet release nPth version to have an effect.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agospeedo: Install Spanish translation for Libgpg-error.
Werner Koch [Tue, 1 May 2018 17:48:44 +0000 (19:48 +0200)]
speedo: Install Spanish translation for Libgpg-error.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocommon,w32: Hide spawned processes by default
Andre Heinecke [Wed, 2 May 2018 12:01:33 +0000 (14:01 +0200)]
common,w32: Hide spawned processes by default

* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.

--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.

I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.

This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.

GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
5 months agodirmngr: Sleep in the ldap wrapper thread.
Werner Koch [Fri, 27 Apr 2018 13:20:45 +0000 (15:20 +0200)]
dirmngr: Sleep in the ldap wrapper thread.

* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex.  Use
a condition var to wake up the reaper thread.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Use the LDAP wrapper process also for Windows.
Werner Koch [Fri, 27 Apr 2018 10:03:41 +0000 (12:03 +0200)]
dirmngr: Use the LDAP wrapper process also for Windows.

* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--

Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows.  Our long term use of the old Window CE wrapper
thing didn't fixed this either.  The new code uses the portable
es_poll function and thus code which is tested at several other
places.  It Should(tm) fix the Windows issues.

GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Silence log output from dirmngr_ldap.
Werner Koch [Fri, 27 Apr 2018 09:57:08 +0000 (11:57 +0200)]
dirmngr: Silence log output from dirmngr_ldap.

* dirmngr/dirmngr_ldap.c: Remove assert.h.
(main): Replace assert by log_assert.
* dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
verbose options to dirmngr_ldap.
(start_cert_fetch_ldap): Ditto.
--

verbose is a pretty common option in dirmngr.conf and it would clutter
the logs with output from dirmngr_ldap.  Now we require DBG_EXTPROG
or DBG_LOOKUP to make dirmngr_ldap more verbose.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Lower the dead host resurrection time to 1.5h
Werner Koch [Thu, 26 Apr 2018 10:39:59 +0000 (12:39 +0200)]
dirmngr: Lower the dead host resurrection time to 1.5h

* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
(INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
for development.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Fix handling of CNAMEed keyserver pools.
Werner Koch [Thu, 26 Apr 2018 10:28:53 +0000 (12:28 +0200)]
dirmngr: Fix handling of CNAMEed keyserver pools.

* dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
* dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
--

For a description of the problem see the comment in
make_keyserver_item.

GnuPG-bug-id: 3755
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Add the used TLS library to the debug output.
Werner Koch [Wed, 25 Apr 2018 13:25:14 +0000 (15:25 +0200)]
dirmngr: Add the used TLS library to the debug output.

* dirmngr/http.c (send_request): Print the used TLS library in debug
mode.
--

We allow two different TLS libararies and thus it is useful to see
that in the debug output of bug reports.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Allow redirection from https to http for CRLs
Werner Koch [Wed, 25 Apr 2018 10:37:34 +0000 (12:37 +0200)]
dirmngr: Allow redirection from https to http for CRLs

* dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
(KS_HTTP_FETCH_TRUST_CFG): Ditto.
(KS_HTTP_FETCH_NO_CRL): Ditto.
(KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
and extra_http_trust_flags by a new flags arg.  Allow redirectiong
from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
* dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
* dirmngr/ks-action.c (ks_action_get): Ditto.
(ks_action_fetch): Ditto.
* dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Implement CRL fetching via https.
Werner Koch [Wed, 25 Apr 2018 07:43:18 +0000 (09:43 +0200)]
dirmngr: Implement CRL fetching via https.

* dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
* dirmngr/http.c (http_register_cfg_ca): New.
(http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
* dirmngr/certcache.c (load_certs_from_dir): Call new function.
(cert_cache_deinit): Ditto.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
'send_no_cache' and 'extra_http_trust_flags'.  Change all callers to
provide the default value.
* dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
ks_http_fetch.
--

The old code simply did not use https for downloading of CRLS.
Instead it rewrote https to http under the assumption that the CRL
service was also available without encryption.  Note that a CRL is
self-standing and thus it does not need to have extra authenticity as
provided by TLS.  These days we should not use any unencrypted content
and thus this patch.

Be aware that cacert.org give a https CRL DP but that currently
redirects to to http!  This is a downgrade attack which we detect and
don't allow.  The outcome is that it is right now not possible to use
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agog10: Fix printing the keygrip with --card-status.
NIIBE Yutaka [Wed, 25 Apr 2018 00:37:21 +0000 (09:37 +0900)]
g10: Fix printing the keygrip with --card-status.

* g10/card-util.c (current_card_status): Keygrip for Auth is 3.

--

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodirmngr: Fallback to CRL if no default OCSP responder is configured.
Werner Koch [Tue, 24 Apr 2018 09:40:51 +0000 (11:40 +0200)]
dirmngr: Fallback to CRL if no default OCSP responder is configured.

* dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
OCSP checkibng.  Fallback to CRL if no default OCSP responder has been
configured.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodoc: Update NEWS and add an example to gpg.texi.
Werner Koch [Mon, 23 Apr 2018 07:23:41 +0000 (09:23 +0200)]
doc: Update NEWS and add an example to gpg.texi.

--

5 months agoRevert "po: correct label tags in Polish translation"
Werner Koch [Mon, 23 Apr 2018 06:44:48 +0000 (08:44 +0200)]
Revert "po: correct label tags in Polish translation"

--

The changed tags need to be kept localized because the description
text refers them.  Using the English for the tag and then the
translated version in the description confuses users.

Fixes-commit: a5290dace7f85d66272af3e14f9f2bc43d2a4af8.

5 months agoRevert "po: correct label tags in Finnish translation"
Werner Koch [Mon, 23 Apr 2018 06:42:08 +0000 (08:42 +0200)]
Revert "po: correct label tags in Finnish translation"

--

The changed tags need to be kept localized because the description
text refers them.  Using the English for the tag and then the
translated version in the description confuses users.

Fixes-commit: e12475429578add12a53fb2232cb45dc9e2aae1b.

5 months agodirmngr: More binary I/O on Windows for CRLs
Andre Heinecke [Fri, 20 Apr 2018 13:53:58 +0000 (15:53 +0200)]
dirmngr: More binary I/O on Windows for CRLs

* dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
file in binary mode.

--
CRLs on Windows would have line ending entries converted. This
did not cause problems in a surprising amount of cases but
can lead to unexpected and random parse / read errors. Especially
with large CRLs like cacert.

This bug has been around since 2004.

GnuPG-Bug-Id: T3923
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
5 months agodoc: Remove unneccesary empty flags in vsndf.prf
Andre Heinecke [Fri, 20 Apr 2018 08:59:28 +0000 (10:59 +0200)]
doc: Remove unneccesary empty flags in vsndf.prf

* doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
6 months agopo: more updates to Spanish translation
emma peel [Mon, 16 Apr 2018 19:58:31 +0000 (12:58 -0700)]
po: more updates to Spanish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agopo: correct attribution for Spanish translation
emma peel [Mon, 16 Apr 2018 19:47:14 +0000 (12:47 -0700)]
po: correct attribution for Spanish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agopo: correct label tags in Polish translation
emma peel [Mon, 16 Apr 2018 19:42:21 +0000 (12:42 -0700)]
po: correct label tags in Polish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agopo: correct label tags in Finnish translation
emma peel [Mon, 16 Apr 2018 19:39:14 +0000 (12:39 -0700)]
po: correct label tags in Finnish translation

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agobuild: New target "release" to automate the release process.
Werner Koch [Sun, 15 Apr 2018 19:01:50 +0000 (21:01 +0200)]
build: New target "release" to automate the release process.

* Makefile.am (RELEASE_ARCHIVE_DIR): New.
(RELEASE_SIGNING_KEY): New.
(AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
(RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
(release, sign-release): New.
--

This requires GNU make and also some other decent utilities;  however,
they are anyway required for building the W32 installer.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agog10: Fix memory leak in check_sig_and_print.
NIIBE Yutaka [Fri, 13 Apr 2018 07:42:34 +0000 (16:42 +0900)]
g10: Fix memory leak in check_sig_and_print.

* g10/mainproc.c (check_sig_and_print): Free the public key.

--

GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agog10: Push compress filter only if compressed.
NIIBE Yutaka [Fri, 13 Apr 2018 01:09:02 +0000 (10:09 +0900)]
g10: Push compress filter only if compressed.

* g10/compress.c (handle_compressed): Fix memory leak.

--

All other calls of push_compress_filter checks ALGO,
so, do it here, too.

GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agopo: Update Spanish translation
emma peel [Thu, 12 Apr 2018 18:26:42 +0000 (14:26 -0400)]
po: Update Spanish translation

--

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agogpg: Extend the "sig" record in --list-mode.
Werner Koch [Thu, 12 Apr 2018 15:53:17 +0000 (17:53 +0200)]
gpg: Extend the "sig" record in --list-mode.

* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: Extend the ERRSIG status line with a fingerprint.
Werner Koch [Thu, 12 Apr 2018 14:41:05 +0000 (16:41 +0200)]
gpg: Extend the ERRSIG status line with a fingerprint.

* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: Relax printing of STATUS_FAILURE.
Werner Koch [Thu, 12 Apr 2018 09:49:36 +0000 (11:49 +0200)]
gpg: Relax printing of STATUS_FAILURE.

* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--

This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation.  The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures.  Using that log_error is correct in that case.

Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agoagent,dirmngr: Add "getenv" to the getinfo command.
Werner Koch [Thu, 12 Apr 2018 09:24:54 +0000 (11:24 +0200)]
agent,dirmngr: Add "getenv" to the getinfo command.

* agent/command.c (cmd_getinfo): Add sub-command getenv.
* dirmngr/server.c (cmd_getinfo): Ditto.
--

It is sometimes helpful to be able to inspect certain envvars in a
running agent.  For example "http_proxy".

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agobuild: Update getswdb version check to 2.2
Andre Heinecke [Thu, 12 Apr 2018 06:56:00 +0000 (08:56 +0200)]
build: Update getswdb version check to 2.2

* build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
longer exists.

6 months agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 12 Apr 2018 01:52:51 +0000 (10:52 +0900)]
po: Update Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agogpg: New option --no-symkey-cache.
Werner Koch [Wed, 11 Apr 2018 18:35:40 +0000 (20:35 +0200)]
gpg: New option --no-symkey-cache.

* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Include release info from 2.2.6
Werner Koch [Tue, 10 Apr 2018 06:37:27 +0000 (08:37 +0200)]
doc: Include release info from 2.2.6

--

6 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Tue, 10 Apr 2018 08:14:30 +0000 (10:14 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2

6 months agoagent: Improve the unknown ssh flag detection.
Werner Koch [Tue, 10 Apr 2018 05:59:52 +0000 (07:59 +0200)]
agent: Improve the unknown ssh flag detection.

* agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
of flags.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agoagent: unknown flags on ssh signing requests cause an error. T3880 T3880-fix
Daniel Kahn Gillmor [Mon, 9 Apr 2018 22:06:38 +0000 (18:06 -0400)]
agent: unknown flags on ssh signing requests cause an error.

* agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
during an signature request that we do not know how to apply, return
GPG_ERR_UNKNOWN_OPTION.

--

https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.5 says:

    If the agent does not support the requested flags, or is otherwise
    unable or unwilling to generate the signature (e.g. because it
    doesn't have the specified key, or the user refused confirmation of a
    constrained key), it must reply with a SSH_AGENT_FAILURE message.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3880

6 months agoagent: change documentation reference for ssh-agent protocol.
Daniel Kahn Gillmor [Thu, 5 Apr 2018 15:49:44 +0000 (11:49 -0400)]
agent: change documentation reference for ssh-agent protocol.

* agent/command-ssh.c: repoint documentation reference.

--

Damien Miller is now documenting the ssh-agent protocol via the IETF.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agoPost release updates
Werner Koch [Mon, 9 Apr 2018 20:25:37 +0000 (22:25 +0200)]
Post release updates

--

6 months agoRelease 2.2.6 gnupg-2.2.6
Werner Koch [Mon, 9 Apr 2018 19:21:38 +0000 (21:21 +0200)]
Release 2.2.6

6 months agopo: Auto-update.
Werner Koch [Mon, 9 Apr 2018 19:20:25 +0000 (21:20 +0200)]
po: Auto-update.

--

6 months agopo: Update German translation
Werner Koch [Mon, 9 Apr 2018 18:39:48 +0000 (20:39 +0200)]
po: Update German translation

--

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Typo fix in gpg.texi
Werner Koch [Mon, 9 Apr 2018 17:46:54 +0000 (19:46 +0200)]
doc: Typo fix in gpg.texi

--

Reported-by: Cody Brownstein