gnupg.git
3 years agobuild: ignore scissor line for the commit-msg hook
Peter Wu [Thu, 9 Jul 2015 15:11:33 +0000 (17:11 +0200)]
build: ignore scissor line for the commit-msg hook

* build-aux/git-hooks/commit-msg: Stop processing more lines when the
  scissor line is encountered.
--
This allows the command `git commit -v` to work even if the code is
longer than 72 characters. Note that comments are already ignored by the
previous line.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3 years agoscd: Format change to specify "rsa2048" for KEY-ATTR.
NIIBE Yutaka [Thu, 23 Jul 2015 05:10:03 +0000 (14:10 +0900)]
scd: Format change to specify "rsa2048" for KEY-ATTR.

* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.

3 years agodoc: Add a comment to --set-filename.
Werner Koch [Wed, 22 Jul 2015 14:41:22 +0000 (16:41 +0200)]
doc: Add a comment to --set-filename.

--

3 years agodoc: Improve documentation about VALIDSIG
Daniel Kahn Gillmor [Tue, 7 Jul 2015 16:00:16 +0000 (12:00 -0400)]
doc: Improve documentation about VALIDSIG

--

The claim that VALIDSIG is the same as GOODSIG is simply wrong.
Attempt to clarify it.  Also, the paragraph about primary-key-fpr and
sig-version was weirdly re-ordered during the org-mode conversion in
65eb98966a569a91c97d0c23ba5582a9a7558de0; repair it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agodoc: Clarify constraints on who modifies files in ~/.gnupg
Daniel Kahn Gillmor [Tue, 7 Jul 2015 13:16:41 +0000 (09:16 -0400)]
doc: Clarify constraints on who modifies files in ~/.gnupg

--

3 years agoAvoid a leading double slash in make_filename.
Werner Koch [Wed, 22 Jul 2015 09:05:32 +0000 (11:05 +0200)]
Avoid a leading double slash in make_filename.

* common/stringhelp.c (do_make_filename): Special case leading '/'.

3 years agoscd: change_keyattr_from_string for ECC.
NIIBE Yutaka [Tue, 21 Jul 2015 05:27:02 +0000 (14:27 +0900)]
scd: change_keyattr_from_string for ECC.

* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Support ECC.
(rsa_writekey): Don't change key attribute.

3 years agoscd: Use openpgpdefs.h for constants.
NIIBE Yutaka [Fri, 17 Jul 2015 00:34:47 +0000 (09:34 +0900)]
scd: Use openpgpdefs.h for constants.

* scd/app-openpgp.c: Include openpgpdefs.h.

3 years agoDon't segfault if the first 'auto-key-locate' option is 'clear'.
Neal H. Walfield [Thu, 16 Jul 2015 07:57:27 +0000 (09:57 +0200)]
Don't segfault if the first 'auto-key-locate' option is 'clear'.

* g10/getkey.c (free_akl): If AKL is NULL, just return.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Reported-by: Sami Farin.
GnuPG-bug-id: 2045

3 years agoagent: Support non-NLS build.
NIIBE Yutaka [Fri, 10 Jul 2015 00:21:32 +0000 (09:21 +0900)]
agent: Support non-NLS build.

* agent/agent.h: Use ENABLE_NLS and define L_() macro.

--

GnuPG-bug-id: 2032

This is a fix for e76d4c05b24211f3981ab69cddb3fccc17d21e0e.

3 years agoscd: Remove unused files.
NIIBE Yutaka [Thu, 9 Jul 2015 03:44:11 +0000 (12:44 +0900)]
scd: Remove unused files.

* scd/Makefile.am (sc_copykeys_*): Remove.
* scd/sc-copykeys.c: Remove.
* scd/pcsc-wrapper.c: Remove.
* scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.

--

sc-copykeys doesn't work any more because it's based on old API.
pcsc-wrapper has gone because of nPth which is compatible to pthreads.
The card* files are old files, now we have app*.

3 years agog10: Use canonical name for curve.
NIIBE Yutaka [Wed, 8 Jul 2015 06:05:06 +0000 (15:05 +0900)]
g10: Use canonical name for curve.

* g10/import.c (transfer_secret_keys): Use canonical name.
* common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
* g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/parse-packet.c (parse_key): Ditto.

3 years agodrop long-deprecated gpgsm-gencert.sh
Daniel Kahn Gillmor [Thu, 2 Jul 2015 19:10:49 +0000 (15:10 -0400)]
drop long-deprecated gpgsm-gencert.sh

 * tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
   fully replaced by gpgsm --gen-key
 * doc/tools.texi: remove gpgsm-gencert.sh documentation
 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
 * doc/Makefile.am: quit making the manpage
 * tools/Makefile.am: quit distributing the script
 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
   gpgsm --gen-key and tweak explanations

--

The commit deprecating gpgsm-gencert.sh
(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.

 https://codesearch.debian.net/results/gpgsm-gencert.sh

suggests that in all of debian it is only referenced in documentation
(for poldi and scute) and example files (libept), and isn't actually
used directly anywhere.

Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
certificate-signing request failed for me, following the examples in
doc/howto-create-a-server-cert.texi exactly.

It's time we ripped off this band-aid :)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 2 Jul 2015 03:22:37 +0000 (12:22 +0900)]
po: Update Japanese translation.

3 years agoscd: Support AES decryption for OpenPGPcard v3.0.
NIIBE Yutaka [Thu, 2 Jul 2015 03:14:40 +0000 (12:14 +0900)]
scd: Support AES decryption for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_decipher): Support AES decryption.

3 years agoPost release updates
Werner Koch [Wed, 1 Jul 2015 13:07:47 +0000 (15:07 +0200)]
Post release updates

--

3 years agoRelease 2.1.6 gnupg-2.1.6
Werner Koch [Wed, 1 Jul 2015 12:16:40 +0000 (14:16 +0200)]
Release 2.1.6

3 years agoagent: Unset INSIDE_EMACS on gpg-agent startup
Daiki Ueno [Wed, 1 Jul 2015 01:39:40 +0000 (10:39 +0900)]
agent: Unset INSIDE_EMACS on gpg-agent startup

* agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.

--

The variable is set only temporarily when gpg is called from Emacs,
keeping it during the session makes no sense.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
3 years agopo: Auto-update
Werner Koch [Wed, 1 Jul 2015 11:22:26 +0000 (13:22 +0200)]
po: Auto-update

--

3 years agopo: Update Russian translation
Ineiev [Wed, 1 Jul 2015 11:17:48 +0000 (13:17 +0200)]
po: Update Russian translation

--

3 years agopo: Update German translation
Werner Koch [Wed, 1 Jul 2015 11:12:02 +0000 (13:12 +0200)]
po: Update German translation

--

3 years agocommon: Implement i18n_localegettext.
Werner Koch [Wed, 1 Jul 2015 09:49:37 +0000 (11:49 +0200)]
common: Implement i18n_localegettext.

* common/i18n.c (msg_cache_s, msg_cache_head_s): New.
(msgcache): New.
(i18n_localegettext): Implement locale dependent lookup.
--

This is the second and final part of the change to use the gpg
provided locale for Pinentry strings.  It does not yet work on
Windows, though.

This commit should resolve
Debian-bug-id: 788983

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoPass DBUS_SESSION_BUS_ADDRESS for gnome3
Daniel Kahn Gillmor [Tue, 30 Jun 2015 16:41:29 +0000 (12:41 -0400)]
Pass DBUS_SESSION_BUS_ADDRESS for gnome3

* common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
--

pinentry-gnome3 talks to the gcr prompter via dbus.  Without this
environment variable, it can't find the correct session to talk to.

3 years agoFlag the L_() function with attribute format_arg.
Werner Koch [Tue, 30 Jun 2015 20:28:41 +0000 (22:28 +0200)]
Flag the L_() function with attribute format_arg.

* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext.  Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Use different translation func for Pinentry strings.
Werner Koch [Tue, 30 Jun 2015 19:58:02 +0000 (21:58 +0200)]
agent: Use different translation func for Pinentry strings.

* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning.  Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--

Static strings in gpg-agent need to be translated according to the
locale set by the caller.  This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another.  If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.

This is only the first part of the change the actual local switching
still needs to be implemented.

Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoRemove obsolete file g10/comment.c.
Werner Koch [Tue, 30 Jun 2015 09:56:01 +0000 (11:56 +0200)]
Remove obsolete file g10/comment.c.

--

3 years agodoc: Updated HACKING.
Werner Koch [Tue, 30 Jun 2015 09:55:17 +0000 (11:55 +0200)]
doc: Updated HACKING.

--

Added used commit keywords.
Add some comments to the list of files.

3 years agogpg: Make show-sig-subpackets work again.
Werner Koch [Tue, 30 Jun 2015 09:01:16 +0000 (11:01 +0200)]
gpg: Make show-sig-subpackets work again.

* g10/gpg.c (parse_list_options): Fix offset for subpackets.
--

Regression-due-to: 7d0492075ea638607309b3ea6a792b0e95ea7d98
GnuPG-bug-id: 2008
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Improve a comment.
Werner Koch [Tue, 30 Jun 2015 08:34:56 +0000 (10:34 +0200)]
agent: Improve a comment.

--

3 years agoagent: Prepare for Libassuan with Cygwin support.
Werner Koch [Mon, 29 Jun 2015 19:26:09 +0000 (21:26 +0200)]
agent: Prepare for Libassuan with Cygwin support.

* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoShow passphrase constraints errors as password prompt errors
Neal H. Walfield [Thu, 18 Jun 2015 03:10:47 +0000 (00:10 -0300)]
Show passphrase constraints errors as password prompt errors

* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2.  If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *.  Pass it to check_passphrase_constraints.  If it
contains malloc's memory, free it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Based on a patch provided by Watson Yuuma Sato <yuuma.sato@gmail.com>
in issue 2018.

3 years agoImprove documentation for default-cache-ttl and default-cache-ttl-ssh.
Neal H. Walfield [Tue, 16 Jun 2015 14:16:57 +0000 (16:16 +0200)]
Improve documentation for default-cache-ttl and default-cache-ttl-ssh.

* doc/gpg-agent.texi (Agent Options): Improve documentation for
default-cache-ttl and default-cache-ttl-ssh.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoDon't raise max-cache-ttl to default-cache-ttl.
Neal H. Walfield [Tue, 16 Jun 2015 14:13:51 +0000 (16:13 +0200)]
Don't raise max-cache-ttl to default-cache-ttl.

* agent/gpg-agent.c (finalize_rereadable_options): Don't raise
max-cache-ttl to default-cache-ttl.  Likewise for max-cache-ttl-ssh
and default-cache-ttl-ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This closes issue #2009.

3 years agoImprove the description of old packets with an indeterminate length.
Neal H. Walfield [Mon, 29 Jun 2015 13:50:48 +0000 (15:50 +0200)]
Improve the description of old packets with an indeterminate length.

* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoagent: Add --verify to the PASSWD command.
Werner Koch [Mon, 29 Jun 2015 10:50:16 +0000 (12:50 +0200)]
agent: Add --verify to the PASSWD command.

* agent/command.c (cmd_passwd): Add option --verify.
--

GnuPG-bug-id: 1951
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent,w32: Do not create a useless socket with --enable-putty-support.
Werner Koch [Mon, 29 Jun 2015 10:24:58 +0000 (12:24 +0200)]
agent,w32: Do not create a useless socket with --enable-putty-support.

* agent/agent.h (opt): Remove field ssh_support.
* agent/gpg-agent.c (ssh_support): New.  Replace all opt.ssh_support
by this.
(main): Do not set ssh_support along with setting putty_support.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgsm: Add command option "offline".
Werner Koch [Mon, 29 Jun 2015 09:03:58 +0000 (11:03 +0200)]
gpgsm: Add command option "offline".

* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--

Adding this option makes it easier to implement the corresponding
feature in gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Support button flag and AES key data for OpenPGPcard v3.0.
NIIBE Yutaka [Fri, 26 Jun 2015 06:14:27 +0000 (15:14 +0900)]
scd: Support button flag and AES key data for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
Support button and symmetric decryption.
(do_setattr): Support setting AESKEY.

3 years agosm: Fix cert storage for ephemeral certs
Andre Heinecke [Wed, 24 Jun 2015 16:55:24 +0000 (18:55 +0200)]
sm: Fix cert storage for ephemeral certs

* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.

--

Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.

GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
3 years agoAllow use of debug flag names for all tools.
Werner Koch [Tue, 23 Jun 2015 07:12:44 +0000 (09:12 +0200)]
Allow use of debug flag names for all tools.

* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto.  But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Improve fucntion parse_debug_flag.
Werner Koch [Tue, 23 Jun 2015 07:10:56 +0000 (09:10 +0200)]
common: Improve fucntion parse_debug_flag.

* common/miscellaneous.c (parse_debug_flag): Add hack not to call
exit.  Add "none" and "all" flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: pinpad workaround for PC/SC implementations.
NIIBE Yutaka [Tue, 23 Jun 2015 01:10:15 +0000 (10:10 +0900)]
scd: pinpad workaround for PC/SC implementations.

* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.

--

GnuPG-bug-id: 2003, 2004

This is needed for PC/SC on Debian Jessie.  Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.

3 years agogpg: Allow debug flag names for --debug.
Werner Koch [Mon, 22 Jun 2015 19:01:10 +0000 (21:01 +0200)]
gpg: Allow debug flag names for --debug.

* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function parse_debug_flag
Werner Koch [Mon, 22 Jun 2015 18:54:23 +0000 (20:54 +0200)]
common: Add function parse_debug_flag

* common/miscellaneous.c (parse_debug_flag): New.
* common/util.h (struct debug_flags_s): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function strtokenize.
Werner Koch [Mon, 22 Jun 2015 17:28:33 +0000 (19:28 +0200)]
common: Add function strtokenize.

* common/stringhelp.c: Include assert.h.
(strtokenize): New.
* common/t-stringhelp.c (test_strtokenize): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix regression due to recent commit 6500f33
Werner Koch [Mon, 22 Jun 2015 13:15:39 +0000 (15:15 +0200)]
gpg: Fix regression due to recent commit 6500f33

* g10/keydb.c (kid_list_s): Keep a state in the table.
(kid_not_found_table): Rename to kid_found_table.
(n_kid_not_found_table): Rename to kid_found_table_count.
(kid_not_found_p): Return found state.
(kid_not_found_insert): Add arg found.
(keydb_search): Store found state in the table.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Fix Cherry ST-2000 support for pinpad input.
NIIBE Yutaka [Mon, 22 Jun 2015 05:31:25 +0000 (14:31 +0900)]
scd: Fix Cherry ST-2000 support for pinpad input.

* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.

--

GnuPG-bug-id: 2003, 2004

3 years agogpg: Print number of good signatures with --check-sigs.
Werner Koch [Sat, 20 Jun 2015 13:05:32 +0000 (15:05 +0200)]
gpg: Print number of good signatures with --check-sigs.

* g10/keylist.c (keylist_context): Add field good_sigs.
(list_keyblock_print): Updated good_sigs.
(print_signature_stats): Print number of good signatures and use
log_info instead of tty_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve speed of --check-sigs and --lish-sigs.
Werner Koch [Sat, 20 Jun 2015 13:03:32 +0000 (15:03 +0200)]
gpg: Improve speed of --check-sigs and --lish-sigs.

* g10/keydb.c (kid_list_t): New.
(kid_not_found_table, n_kid_not_found_table): New.
(kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
(keydb_insert_keyblock): Flush the new cache.
(keydb_delete_keyblock): Ditto.
(keydb_update_keyblock): Ditto.
(keydb_search): Use the new cache.
(keydb_dump_stats): New.
* g10/gpg.c (g10_exit): Dump keydb stats.
--

What we do here is to keep track of key searches by long keyids (as
stored in all signatures) so that we do not need to scan the keybox
again after we already found that this keyid will result in
not-found.  As soon as we change gpg to run as a co-process we should
store this table per session because other instances of gpg may have
updated the keybox without us knowing.

On a test ring with

  gpg: 94721 good signatures
  gpg: 6831 bad signatures
  gpg: 150703 signatures not checked due to missing keys
  gpg: 5 signatures not checked due to errors
  gpg: keydb: kid_not_found_table: total: 14132

this new cache speeds a --check-sigs listing up from 28 minutes to
less than 3 minutes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add more log_clock calls to keydb.c
Werner Koch [Fri, 19 Jun 2015 14:59:46 +0000 (16:59 +0200)]
gpg: Add more log_clock calls to keydb.c

* g10/keydb.c (keydb_get_keyblock): Add log_clock calls.

3 years agogpg: Print available debug flags using "--debug-level help".
Werner Koch [Fri, 19 Jun 2015 12:56:46 +0000 (14:56 +0200)]
gpg: Print available debug flags using "--debug-level help".

* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix export problem in case an old keyring has PGP-2 keys.
Werner Koch [Fri, 19 Jun 2015 10:39:29 +0000 (12:39 +0200)]
gpg: Fix export problem in case an old keyring has PGP-2 keys.

* g10/export.c (do_export_stream): Skip legacy keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Fix the cleanup zombies fix (685b782).
Werner Koch [Thu, 18 Jun 2015 11:34:48 +0000 (13:34 +0200)]
dirmngr: Fix the cleanup zombies fix (685b782).

* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
stdout reader after EOF from read_log_data.
* dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
the next iteration.
--

I assumed that the log_fd also has a reader object but that reader
object is used for stdout and needs to be closed by the consumer.

The real bug with the non-released ldap_wrapper control objects was
that when looping over distribution points we did not closed the used
reader object before the next iteration.  Now, the test case had more
than one DP and thus we lost one reader object.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Print a warning for obsolete options.
Werner Koch [Wed, 17 Jun 2015 10:59:29 +0000 (12:59 +0200)]
agent: Print a warning for obsolete options.

* g10/misc.c (obsolete_scdaemon_option): Move to
* common/miscellaneous.c (obsolete_option): ... here.
* agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
options.
--

GnuPG-bug-id: 2016
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Cleanup zombies and fix hang on shutdown.
Werner Koch [Tue, 16 Jun 2015 16:08:32 +0000 (18:08 +0200)]
dirmngr: Cleanup zombies and fix hang on shutdown.

* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
into the loop.  Check the queue also on timeout.  Close log_fd and
reader context on EOF or error.
--

The major bug here was that on an EOF of the log fd the log fd was not
closed and thus the final queue item removal could not work.  Checking
the queue on a timeout is not really necessary but it help in case
there is a race condition lingering.

GnuPG-bug-id: 1838, 1978
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add missing cast for use of pid_t in printf.
Werner Koch [Tue, 16 Jun 2015 09:47:07 +0000 (11:47 +0200)]
dirmngr: Add missing cast for use of pid_t in printf.

--

3 years agodirmngr: Avoid accessing uninitialized memory in log callback.
Werner Koch [Tue, 16 Jun 2015 10:12:03 +0000 (12:12 +0200)]
dirmngr: Avoid accessing uninitialized memory in log callback.

* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--

Example valgrind output:

==2921== Conditional jump or move depends on uninitialised value(s)
==2921==    at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921==    by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921==    by 0x433F5A: do_logv (logging.c:684)

This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this.  It is no a real problem because we
don't use the unitialized bits.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Distribute swdb.lst with the w32-source target.
Werner Koch [Tue, 16 Jun 2015 09:41:55 +0000 (11:41 +0200)]
build: Distribute swdb.lst with the w32-source target.

--

3 years agoDon't prompt for the password multiple times in pinentry loopback mode.
Neal H. Walfield [Tue, 16 Jun 2015 14:00:39 +0000 (16:00 +0200)]
Don't prompt for the password multiple times in pinentry loopback mode.

* g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
clear OPT.PASSPHRASE_REPEAT.

3 years agopo: Update Japanese Translation.
NIIBE Yutaka [Tue, 16 Jun 2015 03:52:45 +0000 (12:52 +0900)]
po: Update Japanese Translation.

3 years agodoc: Add defs.inc to BUILT_SOURCES
Werner Koch [Mon, 15 Jun 2015 14:19:44 +0000 (16:19 +0200)]
doc: Add defs.inc to BUILT_SOURCES

3 years agodoc: Update the record description of the trustdb.
Werner Koch [Mon, 15 Jun 2015 13:37:30 +0000 (15:37 +0200)]
doc: Update the record description of the trustdb.

--

This now reflects the used version of the trustdb.  However, it still
missed a detailed description on how it works.

3 years agoAdded release date of older versions to NEWS.
Werner Koch [Mon, 15 Jun 2015 12:12:43 +0000 (14:12 +0200)]
Added release date of older versions to NEWS.

--

3 years agoPost release updates.
Werner Koch [Thu, 11 Jun 2015 13:37:50 +0000 (15:37 +0200)]
Post release updates.

--

3 years agoRelease 2.1.5 gnupg-2.1.5
Werner Koch [Thu, 11 Jun 2015 12:43:57 +0000 (14:43 +0200)]
Release 2.1.5

3 years agow32: Adjust mkdefsinc.c for Windows
Werner Koch [Thu, 11 Jun 2015 12:43:38 +0000 (14:43 +0200)]
w32: Adjust mkdefsinc.c for Windows

--

Under Windows the file names are determined at runtime.  To have
somewhat useful names in the manuals, we provide replacements using
the strings "INSTDIR" and "APPDATA" for the installation directory and
the user specific application data.

3 years agopo: Auto-update
Werner Koch [Thu, 11 Jun 2015 11:05:53 +0000 (13:05 +0200)]
po: Auto-update

--

3 years agopo: Update German translation
Werner Koch [Thu, 11 Jun 2015 11:04:31 +0000 (13:04 +0200)]
po: Update German translation

--

3 years agopo: Update Russian translation
Ineiev [Thu, 11 Jun 2015 11:01:17 +0000 (13:01 +0200)]
po: Update Russian translation

--

3 years agoagent: Fix --extra-socket on Windows.
Werner Koch [Thu, 11 Jun 2015 07:43:32 +0000 (09:43 +0200)]
agent: Fix --extra-socket on Windows.

* agent/gpg-agent.c (start_connection_thread): Rename to ...
(do_start_connection_thread): this.  Factor nonce checking out to ...
(start_connection_thread_std): this,
(start_connection_thread_extra): this,
(start_connection_thread_browser): and this.
--

Although not tested, the code did not worked on Windows becuase we
were checning the wrong nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Add experimental option --browser-socket.
Werner Koch [Thu, 11 Jun 2015 07:36:27 +0000 (09:36 +0200)]
agent: Add experimental option --browser-socket.

* agent/agent.h (opt): Add field "browser_socket".
* agent/command.c (cmd_setkeydesc): Use a different message for
restricted==2.
* agent/gpg-agent.c (oBrowserSocket): New.
(opts): Add --browser-socket.
(socket_name_browser, redir_socket_name_browser): New.
(socket_nonce_browser): New.
(cleanup): Cleanup browser socket.
(main): Implement option.
(start_connection_thread_browser): New.
(handle_connections): Add arg listen_fd_browser and use it.
--

This is very similar to --extra-socket but intended to be used by a web
browser session.  AS of now it only displays a different "Note: in
the Pinentry than --extra-socket but it may eventually be tweaked for
the use by browser extensions making use of gpg-agent.

It is marked experimental and and thus may be removed in later
versions.

To better support the different "client classes", it would be useful
to add corresponsing cache classes so that each class has its own
cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Add option --allow-emacs-pinentry
Daiki Ueno [Tue, 9 Jun 2015 12:07:00 +0000 (21:07 +0900)]
agent: Add option --allow-emacs-pinentry

* agent/agent.h (opt): Add field allow_emacs_pinentry.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oAllowEmacsPinentry): New.
(opts): Add option --allow-emacs-pinentry.
(parse_rereadable_options): Set this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
--

gpgconf-comp and manual entry added by wk.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Do not used fixed file names in the manuals.
Werner Koch [Tue, 9 Jun 2015 19:29:15 +0000 (21:29 +0200)]
doc: Do not used fixed file names in the manuals.

* doc/mkdefsinc.c: New.
* doc/Makefile.am: Include cmacros.am.
(EXTRA_DIST): Add mkdefsinc.c defsincdate.
(BUILT_SOURCES): Add defsincdate
(CLEANFILES): Add mkdefsinc and defs.inc.
(mkdefsinc): New rule.
(yat2m-stamp): Depend on defs.inc.
($(myman_pages) gnupg.7): Ditto.
(gnupg.texi): Remove rule to touch itself.
(dist-hook): New.
(defsincdate): New.
(defs.inc): New.
* doc/gnupg.texi: Remove inclusion of version.texi.  Include defs.inc.
Also include defs.inc in all files used to build man files.  Change
fixed directory names to those from defs.inc.
--

GnuPG-bug-id: 1661
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Avoid crash due to an empty crls.d/DIR.txt.
Werner Koch [Tue, 9 Jun 2015 09:31:06 +0000 (11:31 +0200)]
dirmngr: Avoid crash due to an empty crls.d/DIR.txt.

* dirmngr/crlcache.c (check_dir_version): Avoid segv.
--

GnuPG-bug-id: 1842
Debian-bug-id: 776611

3 years agodoc: Change the manual source to be only for GnuPG 2.1
Werner Koch [Mon, 8 Jun 2015 17:27:08 +0000 (19:27 +0200)]
doc: Change the manual source to be only for GnuPG 2.1

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoConvey envvar INSIDE_EMACS to the pinentry.
Werner Koch [Mon, 8 Jun 2015 16:58:27 +0000 (18:58 +0200)]
Convey envvar INSIDE_EMACS to the pinentry.

* common/session-env.c (stdenvnames): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Add command "getinfo std_env_names".
Werner Koch [Mon, 8 Jun 2015 16:38:00 +0000 (18:38 +0200)]
agent: Add command "getinfo std_env_names".

* agent/command.c (cmd_getinfo): Add new sub-command.
--

The current output is:

  > getinfo std_env_names
  D GPG_TTY
  D TERM
  D DISPLAY
  D XAUTHORITY
  D XMODIFIERS
  D GTK_IM_MODULE
  D QT_IM_MODULE
  D PINENTRY_USER_DATA
  OK

Note that there is an invisible \x00 at the end of each line.

3 years agoscd: do_decipher change for OpenPGPcard v3.0.
NIIBE Yutaka [Fri, 5 Jun 2015 05:02:40 +0000 (14:02 +0900)]
scd: do_decipher change for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_decipher): Add a header for ECDH.

3 years agogpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c
Werner Koch [Thu, 4 Jun 2015 16:08:26 +0000 (18:08 +0200)]
gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c

* g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
* g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
* g10/trustdb.c (read_trust_record): Ditto.
(tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust, update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts, update_validity): Ditto.
(tdb_cache_disabled_value): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Cleanup error code path in case of a bad trustdb.
Werner Koch [Thu, 4 Jun 2015 15:39:55 +0000 (17:39 +0200)]
gpg: Cleanup error code path in case of a bad trustdb.

* g10/tdbio.c (tdbio_read_record): Fix returning of the error.
--

Actually the returned error will anyway be GPG_ERR_TRUSTDB but the old
code was not correct.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix output in case of a corrupted trustdb.
Werner Koch [Thu, 4 Jun 2015 15:34:33 +0000 (17:34 +0200)]
gpg: Fix output in case of a corrupted trustdb.

* g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
es_stdout.
* g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
list_trustdb only in verbose > 1 mode and let it dump to stderr.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Re-indent and improve documentation of g10/tdbio.c
Werner Koch [Thu, 4 Jun 2015 15:25:09 +0000 (17:25 +0200)]
gpg: Re-indent and improve documentation of g10/tdbio.c

--

3 years agodoc: Replace "conventional encryption" by "symmetric encryption".
Werner Koch [Tue, 2 Jun 2015 15:46:42 +0000 (17:46 +0200)]
doc: Replace "conventional encryption" by "symmetric encryption".

--

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Ported from 2.0.

3 years agoscd: Fix key template of ECC.
NIIBE Yutaka [Fri, 29 May 2015 05:06:38 +0000 (14:06 +0900)]
scd: Fix key template of ECC.

* scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.

--

Forthcoming OpenPGPcard specification 3.0 will address this 0x92.

3 years agog10: Fix a race condition initially creating trustdb.
NIIBE Yutaka [Thu, 28 May 2015 08:08:37 +0000 (17:08 +0900)]
g10: Fix a race condition initially creating trustdb.

* g10/tdbio.c (take_write_lock, release_write_lock): New.
(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
new lock functions.
(tdbio_set_dbname): Fix the race.
(open_db): Don't call dotlock_create.

--

GnuPG-bug-id: 1675

3 years agog10: Remove g10/signal.c.
NIIBE Yutaka [Wed, 27 May 2015 01:22:32 +0000 (10:22 +0900)]
g10: Remove g10/signal.c.

* g10/signal.c: Remove.
* g10/main.h: Remove old function API.
* g10/tdbio.c: Use new API, even in the dead code.

--

We use common/signal.c now.  The file g10/signal.c has been useless
since 2003-06-27.  Now, the removal.

3 years agoagent: Cleanup caching code for command GET_PASSPHRASE.
Werner Koch [Wed, 20 May 2015 14:13:55 +0000 (16:13 +0200)]
agent: Cleanup caching code for command GET_PASSPHRASE.

* agent/command.c (cmd_get_passphrase): Read from the user cache.
--

We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER.  However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.

3 years agoagent: When the password cache is cleared, also clear the ext. cache.
Neal H. Walfield [Tue, 19 May 2015 13:00:16 +0000 (15:00 +0200)]
agent: When the password cache is cleared, also clear the ext. cache.

* agent/agent.h (agent_clear_passphrase): New declaration.
* agent/call-pinentry.c (agent_clear_passphrase): New function.
* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoagent: Modify agent_clear_passphrase to support an ext. password cache.
Neal H. Walfield [Tue, 19 May 2015 12:58:04 +0000 (14:58 +0200)]
agent: Modify agent_clear_passphrase to support an ext. password cache.

* agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
cache_mode.  Update callers.
* agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
and cache_mode.  If KEYINFO and CACHE_MODE describe a cachable key,
then send SETKEYINFO to the pinentry.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agog10: detects public key encryption packet error properly.
NIIBE Yutaka [Tue, 19 May 2015 01:32:07 +0000 (10:32 +0900)]
g10: detects public key encryption packet error properly.

g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
encryption.

3 years agotests: More OpenPGP test keys
Werner Koch [Sat, 16 May 2015 10:20:02 +0000 (12:20 +0200)]
tests: More OpenPGP test keys

--

3 years agobuild: Make --disable-gpgsm work.
Werner Koch [Fri, 15 May 2015 11:20:52 +0000 (13:20 +0200)]
build: Make --disable-gpgsm work.

* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoPost release updates.
Werner Koch [Tue, 12 May 2015 13:40:09 +0000 (15:40 +0200)]
Post release updates.

--

3 years agoRelease 2.1.4 gnupg-2.1.4
Werner Koch [Tue, 12 May 2015 13:07:38 +0000 (15:07 +0200)]
Release 2.1.4

3 years agopo: Auto-update
Werner Koch [Tue, 12 May 2015 12:57:05 +0000 (14:57 +0200)]
po: Auto-update

--

3 years agospeedo,w32: Update Windows README.
Werner Koch [Tue, 12 May 2015 12:54:29 +0000 (14:54 +0200)]
speedo,w32: Update Windows README.

--

3 years agospeedo: Add make option SELFCHECK=0 to build a new release.
Werner Koch [Tue, 12 May 2015 12:27:14 +0000 (14:27 +0200)]
speedo: Add make option SELFCHECK=0 to build a new release.

* build-aux/getswdb.sh: Add option --skip-selfcheck.
* build-aux/speedo.mk: Add option SELFCHECK.

3 years agopo: Update German translation
Werner Koch [Tue, 12 May 2015 11:20:20 +0000 (13:20 +0200)]
po: Update German translation

--

3 years agogpgparsemail: Rename a variable.
Werner Koch [Tue, 12 May 2015 09:31:11 +0000 (11:31 +0200)]
gpgparsemail: Rename a variable.

--

For unknown reason I used the term MOSS for an RFC1847 structure.
MOSS is a historic and broken security format for MIME define in 1848.
To avoid misunderstandings this patch changes the term to SMFM which
stands for Security Multiparts for MIME (rfc-1847).

3 years agocommon: Cope with AIX problem on number of open files.
Werner Koch [Mon, 11 May 2015 18:18:08 +0000 (20:18 +0200)]
common: Cope with AIX problem on number of open files.

* common/exechelp-posix.c: Limit returned value for too hight values.
--

GnuPG-bug-id: 1778
Signed-off-by: Werner Koch <wk@gnupg.org>