gnupg.git
15 months agoRelease 2.2.0 gnupg-2.2.0
Werner Koch [Mon, 28 Aug 2017 09:18:26 +0000 (11:18 +0200)]
Release 2.2.0

15 months agopo: Auto update
Werner Koch [Mon, 28 Aug 2017 09:17:39 +0000 (11:17 +0200)]
po: Auto update

--

15 months agoscd: Convey the correct length for Le
Werner Koch [Sun, 27 Aug 2017 14:42:52 +0000 (16:42 +0200)]
scd: Convey the correct length for Le

* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Arnaud wrote:

  Actually, when the incorrect expected response length (i.e. Le
  field) is transmitted to the card, the card's answer is missing a
  byte (i.e. ...  6101) so an additional command has to be sent to the
  card to retrieve the last byte. Using the correct length avoids to
  send the additional command to retrieve the missing byte, when the
  computed length is wrong.

Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpg: Fix memory leak while running --check-trustdb.
Werner Koch [Thu, 24 Aug 2017 20:06:59 +0000 (22:06 +0200)]
gpg: Fix memory leak while running --check-trustdb.

* g10/trustdb.c (update_min_ownertrust): Free PK.
--

This bug was revealed by the new trust-pgp-2.scm test.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpg: Fix memory leak in sig-check.
Werner Koch [Thu, 24 Aug 2017 18:26:19 +0000 (20:26 +0200)]
gpg: Fix memory leak in sig-check.

* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition.  Actually free when SIGNER was allocated by us.
--

SIGNER_ALLOCATED never received a value of -1 but that was tested.

IF SIGNER_ALLOCATED was 2 the memory was never freed:

  if (signer_allocated == 1)
    if (signer_allocated == 2)
      free()

Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec

This function needs to be audited more thoroughly.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agoindent: Change comment style on two functions
Werner Koch [Thu, 24 Aug 2017 17:19:23 +0000 (19:19 +0200)]
indent: Change comment style on two functions

--

This is to make those function better readable.

  if (foo)
     /* Comment */
     {

     }

is bad style because it requires extra time to notice the begin of the
block and vice versa when noticing the block it is not clear whether
this is an conditioned or unconditioned block.

Having asterisks on the left is better for view impaired people and
for b/w printouts.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agobuild: Remove obsolete option from autogen.rc
Werner Koch [Thu, 24 Aug 2017 15:44:02 +0000 (17:44 +0200)]
build: Remove obsolete option from autogen.rc

* autogen.rc: Remove --enable-gpg2-is-gpg.
--

This option is now the default.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
Werner Koch [Wed, 23 Aug 2017 14:45:20 +0000 (16:45 +0200)]
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".

* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
"auto-key-retrieve" an expert option.
--

This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e
because --no-auto-key-retrieve is again the default.  Note that we
allow both options for the sake of profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agotests: Do not run trust-pgp-4.scm
Werner Koch [Wed, 23 Aug 2017 13:16:52 +0000 (15:16 +0200)]
tests: Do not run trust-pgp-4.scm

* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--

There are two problems with this test: First a syntax error in the
file name so that the test was not used at all.  Second the test
currently returns FAIL.

Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423
Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agobuild: Change SWDB tag "gnupg21" to "gnupg22".
Werner Koch [Wed, 23 Aug 2017 12:50:03 +0000 (14:50 +0200)]
build: Change SWDB tag "gnupg21" to "gnupg22".

* configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agopo: Update Norwegian translation
Åka Sikrom [Wed, 23 Aug 2017 12:19:01 +0000 (14:19 +0200)]
po: Update Norwegian translation

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agoagent: Fix string translation for Windows
Andre Heinecke [Wed, 23 Aug 2017 09:02:28 +0000 (11:02 +0200)]
agent: Fix string translation for Windows

* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.

--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.

GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
15 months agopo: Update Japanese translation
NIIBE Yutaka [Tue, 22 Aug 2017 02:24:31 +0000 (11:24 +0900)]
po: Update Japanese translation

15 months agotests: Add tests for the PGP trust model.
Damien Goutte-Gattat [Wed, 19 Jul 2017 20:17:29 +0000 (22:17 +0200)]
tests: Add tests for the PGP trust model.

* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agotests: Move some functions into a common module.
Damien Goutte-Gattat [Wed, 19 Jul 2017 20:17:28 +0000 (22:17 +0200)]
tests: Move some functions into a common module.

* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--

These functions will be re-used by the tests for the PGP trust
model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agogpgconf: Make WoT settings configurable by gpgconf.
Damien Goutte-Gattat [Mon, 21 Aug 2017 14:48:11 +0000 (16:48 +0200)]
gpgconf: Make WoT settings configurable by gpgconf.

* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--

Some tests to come for the PGP trust model will need to manipulate
these parameters.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agogpgscm: Fix -Wimplicit-fallthrough warnings.
Justus Winter [Mon, 21 Aug 2017 12:49:29 +0000 (14:49 +0200)]
gpgscm: Fix -Wimplicit-fallthrough warnings.

* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
is at the front.
(Eval_Cycle): Improve fallthrough annotations.

Signed-off-by: Justus Winter <justus@g10code.com>
16 months agogpg: default to --no-auto-key-retrieve.
Daniel Kahn Gillmor [Fri, 11 Aug 2017 06:26:52 +0000 (02:26 -0400)]
gpg: default to --no-auto-key-retrieve.

* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--

This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
earlier today, and came to the conclusion that:

 * the risk of metadata leakage represented by a default
   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
   contexts where GnuPG is used to verified signatures, is quite high.

 * the advantages of --auto-key-retrieve (in terms of signature
   verification) can sometimes be achieved in other ways, such as when
   a signed message includes a copy of its own key.

 * when those other ways are not useful, a graphical, user-facing
   application can still offer the user the opportunity to choose to
   fetch the key; or it can apply its own policy about when to set
   --auto-key-retrieve, without needing to affect the defaults.

Note that --auto-key-retrieve is specifically about signature
verification.  Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate.  This change
does not touch the --auto-key-locate default of "local,wkd".  The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agopo: Update Russian translation
Ineiev [Sat, 5 Aug 2017 12:27:44 +0000 (12:27 +0000)]
po: Update Russian translation

--

There was a small merge conflict.  I hope I did not mess it up. -wk

16 months agotests: Improve documentation.
Justus Winter [Thu, 10 Aug 2017 10:04:43 +0000 (12:04 +0200)]
tests: Improve documentation.

* tests/openpgp/README: Add quickstart instructions, how to use
shell.scm, remove no longer used MKDATA.

Signed-off-by: Justus Winter <justus@g10code.com>
16 months agog10: Write status error on error of --quick-revoke-uid.
Marcus Brinkmann [Wed, 9 Aug 2017 16:35:56 +0000 (18:35 +0200)]
g10: Write status error on error of --quick-revoke-uid.

* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2963

16 months agoPost release updates gnupg-2.2-base
Werner Koch [Wed, 9 Aug 2017 14:58:47 +0000 (16:58 +0200)]
Post release updates

--

16 months agoRelease 2.1.23 gnupg-2.1.23
Werner Koch [Wed, 9 Aug 2017 13:52:48 +0000 (15:52 +0200)]
Release 2.1.23

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agopo: Auto-update
Werner Koch [Wed, 9 Aug 2017 13:45:40 +0000 (15:45 +0200)]
po: Auto-update

--

16 months agopo: Update German translation
Werner Koch [Wed, 9 Aug 2017 10:50:44 +0000 (12:50 +0200)]
po: Update German translation

16 months agobuild: New configure option --enable-all-tests.
Werner Koch [Tue, 8 Aug 2017 15:28:25 +0000 (17:28 +0200)]
build: New configure option --enable-all-tests.

* configure.ac: New option --enable-all-tests.
* tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
* tests/openpgp/all-tests.scm (all-tests): Use that var instead
of *maintainer-mode*.
* Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
--

It is better to have a separate option to run all tests than to put
this on top of --enable-maintainer-mode.  This way we can also make
sure to run all tests during "make distcheck".

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpgscm: Make the test summary stand out
Werner Koch [Tue, 8 Aug 2017 11:47:00 +0000 (13:47 +0200)]
gpgscm: Make the test summary stand out

* tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
--

This is to make those summaries a bit more simlar to those from
automake.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agosm: Always print the keygrip in colon mode.
Werner Koch [Tue, 8 Aug 2017 11:04:12 +0000 (13:04 +0200)]
sm: Always print the keygrip in colon mode.

* sm/keylist.c (list_cert_colon): Always print the keygrip as
described in the manual.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Add option '--disable-dirmngr'.
Justus Winter [Tue, 8 Aug 2017 09:43:22 +0000 (11:43 +0200)]
gpg: Add option '--disable-dirmngr'.

* doc/gpg.texi: Document new option.
* g10/call-dirmngr.c (create_context): Fail if option is given.
* g10/gpg.c (cmd_and_opt_values): New value.
(opts): New option.
(gpgconf_list): Add new option.
(main): Handle new option.
* g10/options.h (struct opt): New field 'disable_dirmngr'.
* tools/gpgconf-comp.c (gc_options_gpg): New option.

GnuPG-bug-id: 3334
Signed-off-by: Justus Winter <justus@g10code.com>
16 months agosystemd-user: Drop redundant After=*.socket.
Daniel Kahn Gillmor [Mon, 7 Aug 2017 08:14:02 +0000 (04:14 -0400)]
systemd-user: Drop redundant After=*.socket.

* doc/examples/systemd-user/*.service: Drop redundant After=*.socket
directive.

--

systemd.socket(5) says:

   Socket units will have a Before= dependency on the service which
   they trigger added implicitly.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agosystemd-user: Drop RefuseManualStart=true.
Daniel Kahn Gillmor [Mon, 7 Aug 2017 08:11:51 +0000 (04:11 -0400)]
systemd-user: Drop RefuseManualStart=true.

* doc/examples/systemd-user/*.service: drop RefuseManualStart=true

--

These user services can be safely started manually as long as at least
their primary sockets are available.  They'll just start with nothing
to do, which should be fine.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agotests: Do not run all tests unless in maintainer mode.
Justus Winter [Mon, 7 Aug 2017 09:15:56 +0000 (11:15 +0200)]
tests: Do not run all tests unless in maintainer mode.

* configure.ac: Leak the maintainer mode flag into 'config.h'.
* tests/gpgscm/ffi.c: Pass it into the scheme environment.
* tests/openpgp/all-tests.scm: Only run tests against non-default
configurations (keyring, extended-key-format) in maintainer mode.
--

Werner is concerned that the tests do take up too much time and asked
me to reduce the runtime of the tests for normal users.

Signed-off-by: Justus Winter <justus@g10code.com>
16 months agoFix spelling.
Daniel Kahn Gillmor [Mon, 7 Aug 2017 07:34:03 +0000 (03:34 -0400)]
Fix spelling.

* doc/gpg.texi: s/occured/occurred/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agoSimple typo fix.
Daniel Kahn Gillmor [Mon, 7 Aug 2017 05:03:52 +0000 (01:03 -0400)]
Simple typo fix.

* agent/gpg-agent.c: Correct spelling in comment.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agogpg: Install gpg by default under the name gpg.
Werner Koch [Sat, 5 Aug 2017 12:39:32 +0000 (14:39 +0200)]
gpg: Install gpg by default under the name gpg.

* configure.ac: Remove option --enable-gpg2-is-gpg.  Add option
--enable-gpg-is-gpg2.
* build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
--enable-gpg2-is-gpg.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: gpgconf needs to support the now default --auto-key-retrieve.
Werner Koch [Sat, 5 Aug 2017 12:26:22 +0000 (14:26 +0200)]
gpg: gpgconf needs to support the now default --auto-key-retrieve.

* tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".
--

Although this option is invisible, it might be in use by gpgconf
profiles.  We don't want to break them.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Fix memory leak in parse_auto_key_locate.
Werner Koch [Fri, 4 Aug 2017 20:46:40 +0000 (22:46 +0200)]
gpg: Fix memory leak in parse_auto_key_locate.

* g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.
--

It was probably too late for me to hack.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agotests: Adjust tests for changed --auto-key-locate default.
Werner Koch [Fri, 4 Aug 2017 20:28:13 +0000 (22:28 +0200)]
tests: Adjust tests for changed --auto-key-locate default.

* tests/openpgp/defs.scm (create-gpghome): Disable new defaults.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Make --no-auto-key-retrieve gpgconf-igurable.
Werner Koch [Fri, 4 Aug 2017 20:19:37 +0000 (22:19 +0200)]
gpg: Make --no-auto-key-retrieve gpgconf-igurable.

* g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
auto-key-retrieve.
* tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
no-auto-key-retrieve and chnage level from invisible to advanced.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
Werner Koch [Fri, 4 Aug 2017 19:58:46 +0000 (21:58 +0200)]
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.

* g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
keyserver options.  Set the default for --auto-key-locate to
"local,wkd".  Reset that default iff --auto-key-locate has been given
in the option file or in the commandline.
* g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
--

GnuPG-bug-id: 3324
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoagent: Make --no-grab the default.
Werner Koch [Fri, 4 Aug 2017 16:34:03 +0000 (18:34 +0200)]
agent: Make --no-grab the default.

* agent/gpg-agent.c (oGrab): New const.
(opts): New option --grab.  Remove description for --no-grab.
(parse_rereadable_options): Make --no-grab the default.
(finalize_rereadable_options): Allow --grab to override --no-grab.
(main) <gpgconflist>: Add "grab".
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Avoid double fingerprint printing with import-show.
Werner Koch [Fri, 4 Aug 2017 15:09:17 +0000 (17:09 +0200)]
gpg: Avoid double fingerprint printing with import-show.

* g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
options.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: New import option show-only.
Werner Koch [Fri, 4 Aug 2017 15:03:03 +0000 (17:03 +0200)]
gpg: New import option show-only.

* g10/options.h (IMPORT_DRY_RUN): New.
* g10/import.c (parse_import_options): Add "show-only".
(import_one): use that as alternative to opt.dry_run.
--

This is just a convenience thing for

  --import-options import-show --dry-run

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agowks: Allow gpg-wks-client --supported with just the domain name
Werner Koch [Thu, 3 Aug 2017 19:16:22 +0000 (21:16 +0200)]
wks: Allow gpg-wks-client --supported with just the domain name

* tools/gpg-wks-client.c (command_supported): Hack for missing local
part.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agog10: Always save standard revocation certificate in file.
Marcus Brinkmann [Wed, 2 Aug 2017 13:19:04 +0000 (15:19 +0200)]
g10: Always save standard revocation certificate in file.

* g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
temporarily to create certificate in right place.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3015

16 months agoRevert "g10: Always save standard revocation certificate in file."
Marcus Brinkmann [Tue, 1 Aug 2017 17:08:16 +0000 (19:08 +0200)]
Revert "g10: Always save standard revocation certificate in file."

This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.

16 months agog10: Always save standard revocation certificate in file.
Marcus Brinkmann [Tue, 1 Aug 2017 15:41:03 +0000 (17:41 +0200)]
g10: Always save standard revocation certificate in file.

* g10/main.h (open_outfile): New parameter NO_OUTFILE.
* g10/openfile.c (open_outfile): New parameter NO_OUTFILE.  If given,
never use opt.outfile.
* g10/revoke.c (create_revocation): If FILENAME is true, also set
NO_OUTFILE to true (for standard revocation certificates).
* g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
g10/sign.c: Adjust all other callers.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3015

16 months agoartwork: Add icons.
Marcus Brinkmann [Tue, 1 Aug 2017 14:28:23 +0000 (16:28 +0200)]
artwork: Add icons.

* artwork/icons/index.css: New file.
* artwork/icons/index.html: New file.
* artwork/icons/lock-12.png: New file.
* artwork/icons/lock-128.png: New file.
* artwork/icons/lock-16.png: New file.
* artwork/icons/lock-24.png: New file.
* artwork/icons/lock-256.png: New file.
* artwork/icons/lock-32.png: New file.
* artwork/icons/lock-48.png: New file.
* artwork/icons/lock-64.png: New file.
* artwork/icons/lock-wing-12.png: New file.
* artwork/icons/lock-wing-128.png: New file.
* artwork/icons/lock-wing-16.png: New file.
* artwork/icons/lock-wing-24.png: New file.
* artwork/icons/lock-wing-256.png: New file.
* artwork/icons/lock-wing-32.png: New file.
* artwork/icons/lock-wing-48.png: New file.
* artwork/icons/lock-wing-64.png: New file.
* artwork/icons/lock-wing.svg: New file.
* artwork/icons/lock.svg: New file.
* artwork/icons/wing-12.png: New file.
* artwork/icons/wing-128.png: New file.
* artwork/icons/wing-16.png: New file.
* artwork/icons/wing-24.png: New file.
* artwork/icons/wing-256.png: New file.
* artwork/icons/wing-32.png: New file.
* artwork/icons/wing-48.png: New file.
* artwork/icons/wing-64.png: New file.
* artwork/icons/wing.svg: New file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3019

16 months agogpg,sm: Error out on compliance mismatch while decrypting.
Werner Koch [Tue, 1 Aug 2017 06:41:47 +0000 (08:41 +0200)]
gpg,sm: Error out on compliance mismatch while decrypting.

* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
allowed in the current compliance mode.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--

The idea here is that the owner of the key created a non-compliant key
and later receives a mail encrypted to that key.  The sender should
have checked this key too but we can't guarantee that.  By hard
failing here the owner of the key will notice that he had created a
non-compliant key and thus has a chance to generate a new compliant
key.  In case the compliant criteria changes and the owner wants to
decrypt an old message he can still switch gpg to another compliant
mode.

Fixes-commit: a0d0cbee7654ad7582400efaa92d493cd8e669e9
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoindent: Wrap overlong lines in argparse.c
Werner Koch [Tue, 1 Aug 2017 06:28:01 +0000 (08:28 +0200)]
indent: Wrap overlong lines in argparse.c

--

16 months agoSimple typo fix.
NIIBE Yutaka [Tue, 1 Aug 2017 02:44:52 +0000 (11:44 +0900)]
Simple typo fix.

* tools/rfc822parse.c: Fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agopo: Update Japanese translation
NIIBE Yutaka [Tue, 1 Aug 2017 02:43:56 +0000 (11:43 +0900)]
po: Update Japanese translation

16 months agodirmngr,w32: Fix http connection timeout problem.
Werner Koch [Mon, 31 Jul 2017 11:12:37 +0000 (13:12 +0200)]
dirmngr,w32: Fix http connection timeout problem.

* dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
--

GnuPG-bug-id: 3319
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoExplain the "server is older than xxx warning".
Werner Koch [Mon, 31 Jul 2017 09:20:47 +0000 (11:20 +0200)]
Explain the "server is older than xxx warning".

* g10/call-agent.c (warn_version_mismatch): Print a note on how to
restart the servers.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
--

We should move this fucntion to common.  However, the status output
functions are different and would need to be streamlined too.

GnuPG-bug-id: 3117
Debian-bug-id: 860745
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoPost release updates
Werner Koch [Fri, 28 Jul 2017 18:10:16 +0000 (20:10 +0200)]
Post release updates

--

16 months agoRelease 2.1.22 gnupg-2.1.22
Werner Koch [Fri, 28 Jul 2017 16:59:04 +0000 (18:59 +0200)]
Release 2.1.22

16 months agopo: Auto-update
Werner Koch [Fri, 28 Jul 2017 16:55:14 +0000 (18:55 +0200)]
po: Auto-update

--

16 months agopo: Update German translation
Werner Koch [Fri, 28 Jul 2017 16:51:27 +0000 (18:51 +0200)]
po: Update German translation

16 months agoagent: Make --ssh-fingerprint-digest re-readable.
Werner Koch [Fri, 28 Jul 2017 16:23:34 +0000 (18:23 +0200)]
agent: Make --ssh-fingerprint-digest re-readable.

* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
(parse_rereadable_options): here.
(opts): Change its description.
(main) <aGPGConfList>: Include this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
level.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg,sm: String changes for compliance diagnostics.
Werner Koch [Fri, 28 Jul 2017 15:46:43 +0000 (17:46 +0200)]
gpg,sm: String changes for compliance diagnostics.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoagent: For OCB key files return Bad Passprase instead of Checksum Error.
Werner Koch [Fri, 28 Jul 2017 09:40:56 +0000 (11:40 +0200)]
agent: For OCB key files return Bad Passprase instead of Checksum Error.

* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection

* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--

GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Minor rework for better readibility of get_best_pubkey_byname.
Werner Koch [Fri, 28 Jul 2017 09:08:32 +0000 (11:08 +0200)]
gpg: Minor rework for better readibility of get_best_pubkey_byname.

* g10/getkey.c (get_best_pubkey_byname): Change return type to
gpg_error_t.  Use var name err instead of rc.  Move a
gpg_error_from_syserror closer to the call.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Fix segv in get_best_pubkey_byname.
Werner Koch [Fri, 28 Jul 2017 08:58:59 +0000 (10:58 +0200)]
gpg: Fix segv in get_best_pubkey_byname.

* g10/getkey.c (get_best_pubkey_byname): Init NEW.
--

We call free_user_id on NEW.uid and thus it needs to be initialized.

This fixes the ref-count or invisible segv bug from
GnuPG-bug-id: 3266

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoagent: Minor cleanup (mostly for documentation).
Werner Koch [Fri, 28 Jul 2017 08:37:33 +0000 (10:37 +0200)]
agent: Minor cleanup (mostly for documentation).

* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto.  Change return type to
gpg_error_t.  On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
gpg_error_t.  Return a valid erro code on malloc failure.
(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto.  Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--

While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Tweak compliance checking for verification
Werner Koch [Thu, 27 Jul 2017 14:22:36 +0000 (16:22 +0200)]
gpg: Tweak compliance checking for verification

* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg,sm: Allow encryption (with warning) to any key in de-vs mode.
Werner Koch [Thu, 27 Jul 2017 12:54:50 +0000 (14:54 +0200)]
gpg,sm: Allow encryption (with warning) to any key in de-vs mode.

* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg,sm: Fix compliance checking for decryption.
Werner Koch [Thu, 27 Jul 2017 11:56:38 +0000 (13:56 +0200)]
gpg,sm: Fix compliance checking for decryption.

* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check.  We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
so that we have only one translation.
--

We always allow decryption and print only a note if the key was not
complaint at the encryption site.

GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoindent: Wrap an overlong line.
Werner Koch [Thu, 27 Jul 2017 09:41:40 +0000 (11:41 +0200)]
indent: Wrap an overlong line.

--

Folks, please set your editors to 80 columns to notice such flaws.

16 months agogpg: Avoid output to the tty during import.
Werner Koch [Thu, 27 Jul 2017 09:37:00 +0000 (11:37 +0200)]
gpg: Avoid output to the tty during import.

* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
output calls to use it.
* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
output calls to use it.
(keyedit_menu): Adjust for changes.
* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
* g10/import.c (import_one): Call key_check_all_keysigs with output to
the log stream.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
GnuPG-bug-id: 3288
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agog10: Make sure exactly one fingerprint is output with --quick-gen-key.
Marcus Brinkmann [Wed, 26 Jul 2017 16:06:29 +0000 (18:06 +0200)]
g10: Make sure exactly one fingerprint is output with --quick-gen-key.

* g10/keygen.c (do_generate_keypair): Only set fpr in
list_keyblock_direct invocation if neither --fingerprint nor
--with-fingerprints are given.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2741

16 months agodoc: Add man pages form gpg-wks-server and gpg-wks-client.
Werner Koch [Wed, 26 Jul 2017 15:51:03 +0000 (17:51 +0200)]
doc: Add man pages form gpg-wks-server and gpg-wks-client.

* doc/wks.texi: New.
* doc/gnupg.texi: Include wks.texi.
* doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
(myman_pages): Add new man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agowks: Fix program names in the usage diagnostics.
Werner Koch [Wed, 26 Jul 2017 15:45:28 +0000 (17:45 +0200)]
wks: Fix program names in the usage diagnostics.

* tools/gpg-wks-client.c (my_strusage): Add case 12.
* tools/gpg-wks-server.c (my_strusage): Add case 12:

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agowks: Add stubs for new gpg-wks-server commands.
Werner Koch [Wed, 26 Jul 2017 15:49:39 +0000 (17:49 +0200)]
wks: Add stubs for new gpg-wks-server commands.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agodoc: Update vsnfd profile example
Andre Heinecke [Wed, 26 Jul 2017 13:48:02 +0000 (15:48 +0200)]
doc: Update vsnfd profile example

* doc/examples/vsnfd.prf: Use rsa3072

--
This brings it in line with the requested default for vsnfd.

16 months agodirmngr: Do not use a blocking connect in Tor mode.
Werner Koch [Wed, 26 Jul 2017 11:48:27 +0000 (13:48 +0200)]
dirmngr: Do not use a blocking connect in Tor mode.

* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agodirmngr: Auto-enable Tor on startup or reload.
Werner Koch [Wed, 26 Jul 2017 08:58:15 +0000 (10:58 +0200)]
dirmngr: Auto-enable Tor on startup or reload.

* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
--

GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoagent,dirmngr: Check for homedir removal also using stat(2).
Werner Koch [Wed, 26 Jul 2017 08:02:52 +0000 (10:02 +0200)]
agent,dirmngr: Check for homedir removal also using stat(2).

* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main):  Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--

The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoagent: Lengthen timertick interval on Unix to 4 seconds.
Werner Koch [Wed, 26 Jul 2017 07:55:51 +0000 (09:55 +0200)]
agent: Lengthen timertick interval on Unix to 4 seconds.

* agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
Unix.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agocommon: Strip trailing slashes from the homedir.
Werner Koch [Tue, 25 Jul 2017 13:22:48 +0000 (15:22 +0200)]
common: Strip trailing slashes from the homedir.

* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.

--

is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names.  This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.

We now make sure that the home directory name never ends in a
slash (except for the roo of course).

GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agow32: Also change the directory on daemon startup.
Werner Koch [Tue, 25 Jul 2017 10:52:33 +0000 (12:52 +0200)]
w32: Also change the directory on daemon startup.

* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Note that only dirmngr did not call the chdir with --no-detach.  thus
we kept it this way.

Tested gpg-agent by checking the properties shown by procexp.

Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agocommon: New functions gnupg_daemon_rootdir and gnupg_chdir.
Werner Koch [Tue, 25 Jul 2017 10:24:01 +0000 (12:24 +0200)]
common: New functions gnupg_daemon_rootdir and gnupg_chdir.

* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoRevert "w32: Change directory on daemon startup."
Werner Koch [Tue, 25 Jul 2017 10:19:08 +0000 (12:19 +0200)]
Revert "w32: Change directory on daemon startup."

--
This reverts commit 78ebc62604d77600b9865950610717d28c6027a2.
Gnupg-bug-id: 2670

16 months agogpg: Update key origin info during import merge.
Werner Koch [Tue, 25 Jul 2017 09:23:08 +0000 (11:23 +0200)]
gpg: Update key origin info during import merge.

* g10/import.c (update_key_origin): New.
(merge_blocks): Add arg curtime.
(import_one): Pass curtime to merge_blocks.  Call update_key_origin.
--

We probably need to refine the rules on how this is done.  But it is a
start.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Store key origin for new userids during import merge.
Werner Koch [Tue, 25 Jul 2017 08:19:12 +0000 (10:19 +0200)]
gpg: Store key origin for new userids during import merge.

* g10/import.c (apply_meta_data): Rename to ...
(insert_key_origin): this.  Factor code out to ...
(insert_key_origin_pk, insert_key_origin_uid): new funcs.
(import_one): Move insert_key_origin behind clean_key.
(merge_blocks): Add args options, origin, and url.
(append_uid): Rename to ...
(append_new_uid): this.  Add args options, curtime, origin, and url.
Call insert_key_origin_uid for new UIDs.
--

This is a straightforward change to handle new user ids.

How to test:

With an empty keyring run

  gpg --with-key-origin --locate-key \
      --auto-key-locate clear,nodefault,wkd  wk@gnupg.org

and then append a new keyid using

  gpg --with-key-origin --locate-key \
      --auto-key-locate clear,nodefault,wkd  wk@g10code.com

Works with my current key 80615870F5BAD690333686D0F2AD85AC1E42B367.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agodirmngr: Add annotation for fallthrough.
NIIBE Yutaka [Tue, 25 Jul 2017 02:49:23 +0000 (11:49 +0900)]
dirmngr: Add annotation for fallthrough.

* dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agodoc: Use @var for meta variables in gpg.texi
Werner Koch [Mon, 24 Jul 2017 19:29:51 +0000 (21:29 +0200)]
doc: Use @var for meta variables in gpg.texi

--

This results in more standrard man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Extend --key-origin to take an optional URL arg.
Werner Koch [Mon, 24 Jul 2017 19:07:03 +0000 (21:07 +0200)]
gpg: Extend --key-origin to take an optional URL arg.

* g10/getkey.c (parse_key_origin): Parse appended URL.
* g10/options.h (struct opt): Add field 'key_origin_url'.
* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
* g10/import.c (apply_meta_data): Extend for file and url.
* g10/keyserver.c (keyserver_fetch): Pass the url to
import_keys_es_stream.
--

Example:

  gpg --key-origin url,myscheme://bla --import FILE

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Store key origin info for new keys from a keyserver
Werner Koch [Mon, 24 Jul 2017 18:47:41 +0000 (20:47 +0200)]
gpg: Store key origin info for new keys from a keyserver

* g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
done by fingerprint.
* g10/import.c (apply_meta_data): Implement that.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Store key origin info for new DANE and WKD retrieved keys.
Werner Koch [Mon, 24 Jul 2017 18:05:28 +0000 (20:05 +0200)]
gpg: Store key origin info for new DANE and WKD retrieved keys.

* g10/import.c (apply_meta_data): Remove arg 'merge'.  Add arg 'url'.
Implement WKD and DANE key origin.
(import_keys_internal): Add arg 'url' and change all callers.
(import_keys_es_stream): Ditto.
(import): Ditto.
(import_one): Ditto.
* g10/keylist.c (list_keyblock_print): Fix update URL printing.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
the SOURCE.  Pass ks_status_cb to assuan_transact.
* g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
the import function.
--

Note that this only for new keys.  Merging this info will be added
soon.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agogpg: Filter keys received via DANE
Werner Koch [Mon, 24 Jul 2017 17:35:45 +0000 (19:35 +0200)]
gpg: Filter keys received via DANE

* g10/keyserver.c (keyserver_import_cert): Use an import filter in
DANE mode.
--

We only want to see the user ids requested via DANE and not any
additional ids.  This filter enables this in the same way we do this
in WKD.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agodirmngr: Print a SOURCE status for WKD requests.
Werner Koch [Mon, 24 Jul 2017 16:21:11 +0000 (18:21 +0200)]
dirmngr: Print a SOURCE status for WKD requests.

* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
--

This status allows to see whether the the WKD requests has been
resolved from the standard address or from a SRV record derived one.
We return only host and port and not the .well-known suffix because
that is obvious.  HTTP redirects are not taken in account because they
may chnage at any time due to load balancing etc and not relevant for
gpg which may use the URL to detect changes in the WKD results.

For example my current setup returns

    S SOURCE https://wkd.gnupg.org

for wk@gnupg.org.  Without a SRV record

    S SOURCE https://gnupg.org

would have been returned.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agodirmngr: New function dirmngr_status_printf.
Werner Koch [Mon, 24 Jul 2017 16:14:37 +0000 (18:14 +0200)]
dirmngr: New function dirmngr_status_printf.

* dirmngr/server.c (dirmngr_status_printf): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agog10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
Marcus Brinkmann [Mon, 24 Jul 2017 15:18:42 +0000 (17:18 +0200)]
g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.

* call-agent.h (agent_import_key): Add keyid parameters.
* call-agent.c (agent_import_key): Set keyid parameters.
* import.c (transfer_secret_keys): Pass keyid parameters.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2667

16 months agow32: Change directory on daemon startup.
Marcus Brinkmann [Mon, 24 Jul 2017 14:31:55 +0000 (16:31 +0200)]
w32: Change directory on daemon startup.

* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670

16 months agog10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
Marcus Brinkmann [Mon, 24 Jul 2017 14:03:25 +0000 (16:03 +0200)]
g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.

* call-agent.h (agent_export_key): Add keyid parameters.
* call-agent.c (agent_export_key): Set keyid parameters.
* export.c (receive_seckey_from_agent): Pass keyid parameters.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2667

16 months agodoc: Revert the bug reporting address to bugs.gnupg.org
Werner Koch [Mon, 24 Jul 2017 08:41:30 +0000 (10:41 +0200)]
doc: Revert the bug reporting address to bugs.gnupg.org

--

dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org.  We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.

That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agoscd: Use unsigned int for fields.
NIIBE Yutaka [Mon, 24 Jul 2017 07:10:22 +0000 (16:10 +0900)]
scd: Use unsigned int for fields.

* scd/app-openpgp.c (data_objects): Use unsigned ints.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agodirmngr: More minor fix.
NIIBE Yutaka [Mon, 24 Jul 2017 07:09:11 +0000 (16:09 +0900)]
dirmngr: More minor fix.

* dirmngr/http.c (send_request): Care the case of !USE_TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agodirmngr: More minor fixes.
NIIBE Yutaka [Mon, 24 Jul 2017 06:35:34 +0000 (15:35 +0900)]
dirmngr: More minor fixes.

* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
* dirmngr/ldap.c (parse_one_pattern): Add comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
16 months agodirmngr: Minor fix for Windows.
NIIBE Yutaka [Mon, 24 Jul 2017 06:28:36 +0000 (15:28 +0900)]
dirmngr: Minor fix for Windows.

* dirmngr/http.c (connect_with_timeout): Use FD2INT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>