7 years agoOnly set gcrypt thread callback for older version of gcrypt.
Marcus Brinkmann [Mon, 2 Jan 2012 21:15:00 +0000 (22:15 +0100)]
Only set gcrypt thread callback for older version of gcrypt.

* agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
(USE_GCRY_THREAD_CBS): New macro, defined if
(fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
(main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.

7 years agoUse the longest key ID available when talking to a HKP server.
David Shaw [Wed, 28 Dec 2011 21:41:31 +0000 (16:41 -0500)]
Use the longest key ID available when talking to a HKP server.

This is issue 1340.  Now that PKSD is dead, and SKS supports long key
IDs, this is safe to do.  Patch from Daniel Kahn Gillmor

7 years agoPost-release version number update
Werner Koch [Tue, 20 Dec 2011 16:10:28 +0000 (17:10 +0100)]
Post-release version number update

7 years agoRelease 2.1.0beta3. gnupg-2.1.0beta3
Werner Koch [Tue, 20 Dec 2011 15:46:18 +0000 (16:46 +0100)]
Release 2.1.0beta3.

7 years agoPrepare for the beta3 release.
Werner Koch [Tue, 20 Dec 2011 14:55:43 +0000 (15:55 +0100)]
Prepare for the beta3 release.

7 years agopo: Update the German translation.
Werner Koch [Tue, 20 Dec 2011 14:54:43 +0000 (15:54 +0100)]
po: Update the German translation.

7 years agoAdd the STEED Self-Signing Nonthority certificate.
Werner Koch [Tue, 20 Dec 2011 14:35:42 +0000 (15:35 +0100)]
Add the STEED Self-Signing Nonthority certificate.

* doc/com-certs.pem: Install it when creating a keybox.

7 years agofaq: Add section on US export restrictions.
Werner Koch [Tue, 20 Dec 2011 10:13:40 +0000 (11:13 +0100)]
faq: Add section on US export restrictions.

7 years agoRequire Libassuan 2.0.3
Werner Koch [Tue, 20 Dec 2011 10:12:21 +0000 (11:12 +0100)]
Require Libassuan 2.0.3

* Require Libassuan 2.0.3.
* agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
* agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
(cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
* scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.

7 years agoAdd error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
NIIBE Yutaka [Tue, 20 Dec 2011 04:34:27 +0000 (13:34 +0900)]
Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.

* scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
(pcsc_keypad_modify): Likewise.

7 years agoscd: Fix for card change returning GPG_ERR_CARD_RESET.
Werner Koch [Mon, 19 Dec 2011 17:26:47 +0000 (18:26 +0100)]
scd: Fix for card change returning GPG_ERR_CARD_RESET.

* scd/apdu.c (apdu_connect): Do not test for zero atrlen.
When gpg-agent prompts for insertion of a card this error would be

Co-authored-by: Ben Kibbey <>
7 years agoDon't kill pinentry by SIGKILL but let it quit by SIGINT.
NIIBE Yutaka [Fri, 16 Dec 2011 00:07:56 +0000 (09:07 +0900)]
Don't kill pinentry by SIGKILL but let it quit by SIGINT.

* agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send

7 years agoMerge fix for issue 1331 from 1.4.
David Shaw [Thu, 15 Dec 2011 21:46:28 +0000 (16:46 -0500)]
Merge fix for issue 1331 from 1.4.

* photoid.c (generate_photo_id): Check for the JPEG magic numbers
instead of JFIF since some programs generate an EXIF header first.

7 years agoscd: Prefer application Geldkarte over DINSIG.
Werner Koch [Thu, 15 Dec 2011 20:45:35 +0000 (21:45 +0100)]
scd: Prefer application Geldkarte over DINSIG.

* scd/app.c (select_application): Reorder application tests.

Although the DINSIG application is available on most German cards, it
is in reality not used.  Thus showing the Geldkarte application is
more desirable for a good user experience.

7 years agoscd: Add option --dump-atr to command APDU.
Werner Koch [Thu, 15 Dec 2011 13:47:04 +0000 (14:47 +0100)]
scd: Add option --dump-atr to command APDU.

* scd/atr.c: Rewrite.
* scd/ (scdaemon_SOURCES): Add atr.c and atr.h.
* scd/command.c (cmd_apdu): Add option --dump-atr.

7 years agoestream: New function es_fclose_snatch.
Werner Koch [Thu, 15 Dec 2011 13:45:08 +0000 (14:45 +0100)]
estream: New function es_fclose_snatch.

* common/estream.c (cookie_ioctl_function_t): New type.
(es_fclose_snatch): New function.
(struct estream_internal): Add field FUNC_IOCTL.
(es_initialize): Clear FUNC_IOCTL.
(es_func_mem_ioctl): New function.
(es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL.

7 years agoscd: Skip S/N reading for the "undefined" application.
Werner Koch [Wed, 14 Dec 2011 17:56:10 +0000 (18:56 +0100)]
scd: Skip S/N reading for the "undefined" application.

* scd/app.c (select_application): Skip serial number reading.

7 years agoscd: Add more status word values for documentation.
Werner Koch [Wed, 14 Dec 2011 17:48:47 +0000 (18:48 +0100)]
scd: Add more status word values for documentation.

7 years agoscd: Add the "undefined" stub application.
Werner Koch [Wed, 14 Dec 2011 16:00:50 +0000 (17:00 +0100)]
scd: Add the "undefined" stub application.

* scd/app.c (select_application): Implement the "undefined"

7 years agoagent: Pass comment lines from scd verbatim thru gpg-agent.
Werner Koch [Wed, 14 Dec 2011 14:42:28 +0000 (15:42 +0100)]
agent: Pass comment lines from scd verbatim thru gpg-agent.

* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".

7 years agoscd: Fix resetting and closing of the reader.
Werner Koch [Wed, 14 Dec 2011 09:30:01 +0000 (10:30 +0100)]
scd: Fix resetting and closing of the reader.

* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
(do_reset): Ignore apdu_reset error codes for no and inactive card.
Close the reader before setting the slot to -1.
(update_reader_status_file): Notify the application before closing the

With this change the scd now works as it did in the past.  In
particular there is no more endless loop trying to open the reader by
the update_reader_status_file ticker function.  That bug basically
blocked all card operations until the scdaemon was killed.

7 years agoscd: Add debug option for reader function calls.
Werner Koch [Wed, 14 Dec 2011 09:21:15 +0000 (10:21 +0100)]
scd: Add debug option for reader function calls.

* scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New.
* scd/apdu.c (apdu_open_reader, apdu_close_reader)
(apdu_shutdown_reader, apdu_connect, apdu_disconnect)
(apdu_reset, apdu_get_atr, apdu_get_status): Add debug code.
(apdu_activate): Remove this unused function.

7 years agoscd: New option --debug-assuan-log-cats.
Werner Koch [Tue, 13 Dec 2011 16:59:00 +0000 (17:59 +0100)]
scd: New option --debug-assuan-log-cats.

* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.


The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.

7 years agoscd: Introduce a virtual reader table.
Werner Koch [Tue, 13 Dec 2011 15:55:42 +0000 (16:55 +0100)]
scd: Introduce a virtual reader table.

The vreader table makes the code more clear by explicitly talking
about APDU slots and reader indices.  It also accommodates for future

* scd/scdaemon.h (server_control_s): Remove READER_SLOT.
* scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
* scd/app.c (check_application_conflict): Add arg SLOT.
* scd/command.c (slot_status_s): Rename to vreader_s.
(server_local_s): Add field VREADER_IDX as replacement for
the READER_SLOT in server_control_s.  Change all users.
(slot_table): Rename to vreader_table.  Change all users.
(vreader_slot): New.
(do_reset, cmd_apdu): Map vreader to apdu slot.
(get_reader_slot): Rename to get_current_reader.  Return -1 on error.
(open_card): Map vreader toapdu slot.  Pass slot to
(scd_command_handler): Init VREADER_IDX.
(update_reader_status_file): Reset SLOT field on error.

7 years agoscd: Retry command SERIALNO for an inactive card.
Werner Koch [Mon, 12 Dec 2011 20:02:54 +0000 (21:02 +0100)]
scd: Retry command SERIALNO for an inactive card.

* scd/command.c (cmd_serialno): Retry once for an inactive card.

7 years agoFix detection of card removal and insertion.
Werner Koch [Mon, 12 Dec 2011 19:34:12 +0000 (20:34 +0100)]
Fix detection of card removal and insertion.

* scd/apdu.c (apdu_connect): Return status codes for no card available
and inactive card.
* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.

7 years agogitlog-to-changelog: New option --tear-off.
Werner Koch [Mon, 12 Dec 2011 19:28:58 +0000 (20:28 +0100)]
gitlog-to-changelog: New option --tear-off.

* scripts/gitlog-to-changelog: Add option --tear-off.
* (gen-ChangeLog): Use that option.

7 years agogpgsm: Add new validation model "steed".
Werner Koch [Wed, 7 Dec 2011 15:15:15 +0000 (16:15 +0100)]
gpgsm: Add new validation model "steed".

* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.

This is the first part of changes to implement the STEED proposal as
described at .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.

7 years agoCorrect punctuation in the ChangeLog summary line.
Werner Koch [Wed, 7 Dec 2011 10:07:21 +0000 (11:07 +0100)]
Correct punctuation in the ChangeLog summary line.

* (gen-ChangeLog): Supply --append-dot.

7 years agoAllow comments which will not show up in the ChangeLog
Werner Koch [Wed, 7 Dec 2011 10:01:39 +0000 (11:01 +0100)]
Allow comments which will not show up in the ChangeLog

* scripts/gitlog-to-changelog: Ignore lines after a "--" line.

The first line with two dashes at the start of a line (optionally
followed by white space) stops copying the commit log lines to the
ChangeLog entry in "make dist".  This is useful to allow adding
comments to the log which are not useful in a ChangeLog.

7 years agogpgsm: Allow specification of an AuthorityKeyIdentifier.
Werner Koch [Tue, 6 Dec 2011 20:43:18 +0000 (21:43 +0100)]
gpgsm: Allow specification of an AuthorityKeyIdentifier.

* sm/certreqgen.c (pAUTHKEYID): New.
(read_parameters): Add keyword Authority-Key-Id.
(proc_parameters): Check its value.
(create_request): Insert an Authority-Key-Id.

7 years agogpgsm: Allow arbitrary extensions for cert creation.
Werner Koch [Tue, 6 Dec 2011 18:57:27 +0000 (19:57 +0100)]
gpgsm: Allow arbitrary extensions for cert creation.

* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".

7 years agogpgsm: Fix storing of the serial number
Werner Koch [Tue, 6 Dec 2011 15:45:46 +0000 (16:45 +0100)]
gpgsm: Fix storing of the serial number

* sm/certreqgen.c (create_request): Fix hex-bin conversion.

7 years agoFix last change.
Werner Koch [Mon, 5 Dec 2011 14:14:47 +0000 (15:14 +0100)]
Fix last change.

* agent/command.c (start_command_handler): Remove use of removed var.

7 years agoAmend the agent code with more comments.
Werner Koch [Mon, 5 Dec 2011 09:54:59 +0000 (10:54 +0100)]
Amend the agent code with more comments.

* agent/command.c (server_local_s): Remove unused field MESSAGE_FD.

7 years agoSupport the Cherry ST-2000 card reader.
Werner Koch [Fri, 2 Dec 2011 17:09:58 +0000 (18:09 +0100)]
Support the Cherry ST-2000 card reader.

* scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
(SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
(parse_ccid_descriptor): Use them.
(scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
ST-2000.  Suggested by Matthias-Christian Ott.

7 years agoAvoid possible double free in export.c.
Werner Koch [Fri, 2 Dec 2011 16:04:58 +0000 (17:04 +0100)]
Avoid possible double free in export.c.

* g10/export.c (transfer_format_to_openpgp): Avoid possible double
  free of LIST.  Reported by NIIBE Yutaka.

7 years agoFix pinpad input support for passphrase modification.
NIIBE Yutaka [Fri, 2 Dec 2011 04:57:12 +0000 (13:57 +0900)]
Fix pinpad input support for passphrase modification.

* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.

* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on.  use_keypad only makes sense for

* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.

7 years agoAdd hook to check the commit log syntax.
Werner Koch [Thu, 1 Dec 2011 17:13:44 +0000 (18:13 +0100)]
Add hook to check the commit log syntax.

* Install commit-msg hook for git.

7 years agoGenerate the ChangeLog from commit logs.
Werner Koch [Thu, 1 Dec 2011 09:51:36 +0000 (10:51 +0100)]
Generate the ChangeLog from commit logs.

* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.

7 years agoFix pinpad input support
NIIBE Yutaka [Thu, 1 Dec 2011 02:09:51 +0000 (11:09 +0900)]
Fix pinpad input support

7 years agoRewrite dns-cert.c to not use the gpg-only iobuf stuff.
Werner Koch [Wed, 30 Nov 2011 16:14:08 +0000 (17:14 +0100)]
Rewrite dns-cert.c to not use the gpg-only iobuf stuff.

* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert.  Remove MAX_SIZE arg.  Change
iobuf arg to a estream-t.  Rewrite function to make use of estream
instead of iobuf.  Require all parameters.  Return an gpg_error_t
error instead of the type.  Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.

7 years ago* common/estream.c (es_fopenmem_init): New.
Werner Koch [Wed, 30 Nov 2011 16:03:53 +0000 (17:03 +0100)]
* common/estream.c (es_fopenmem_init): New.
* common/estream.h (es_fopenmem_init): New.

7 years agoAdd parameter checks and extend documentation of estream.
Werner Koch [Tue, 29 Nov 2011 17:02:05 +0000 (18:02 +0100)]
Add parameter checks and extend documentation of estream.

* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is not
set.  Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is given.

7 years agodns-cert.c: Use constants for better readability.
Werner Koch [Tue, 29 Nov 2011 12:17:20 +0000 (13:17 +0100)]
dns-cert.c: Use constants for better readability.

7 years agoActually increase buffer size of t-dns-cert.c.
Werner Koch [Mon, 28 Nov 2011 17:36:21 +0000 (18:36 +0100)]
Actually increase buffer size of t-dns-cert.c.

7 years agoRe-indented dns-cert.c
Werner Koch [Mon, 28 Nov 2011 17:35:19 +0000 (18:35 +0100)]
Re-indented dns-cert.c

7 years agoIncrease the default buffer size for DNS certificates.
Werner Koch [Mon, 28 Nov 2011 17:18:12 +0000 (18:18 +0100)]
Increase the default buffer size for DNS certificates.

* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.

7 years agoUse separate test module for dns-cert.c.
Werner Koch [Mon, 28 Nov 2011 17:11:59 +0000 (18:11 +0100)]
Use separate test module for dns-cert.c.

* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.

7 years agoMerge branch 'master' of git+ssh://
NIIBE Yutaka [Tue, 29 Nov 2011 08:59:56 +0000 (17:59 +0900)]
Merge branch 'master' of git+ssh://

7 years agoPC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin).
NIIBE Yutaka [Tue, 29 Nov 2011 08:56:22 +0000 (17:56 +0900)]
PC/SC pinpad support (pinpad input for modify pass phrase with resetcode, by admin).

7 years agoMake sure HOME et al have no unsafe characters.
Werner Koch [Tue, 29 Nov 2011 07:52:12 +0000 (08:52 +0100)]
Make sure HOME et al have no unsafe characters.

7 years agoPC/SC pinpad support (pinpad input for modify pass phrase).
NIIBE Yutaka [Tue, 29 Nov 2011 02:59:32 +0000 (11:59 +0900)]
PC/SC pinpad support (pinpad input for modify pass phrase).

7 years agoAdd build script to build all components in one run.
Werner Koch [Mon, 28 Nov 2011 19:28:10 +0000 (20:28 +0100)]
Add build script to build all components in one run.

Run this script in the parent directory of the working copies.  It
does a VPATH build in ~/tmp/gpg-tmp/b in the right order and installs
everything below ~/tmp/gpg-tmp/.

Based on a script by Jim Meyering.

7 years agoaccept --with-libgpg-error-prefix as well as --with-gpg-error-prefix
Jim Meyering [Mon, 28 Nov 2011 12:47:08 +0000 (13:47 +0100)]
accept --with-libgpg-error-prefix as well as --with-gpg-error-prefix

* m4/gpg-error.m4: Update from git master.

7 years agoImprove ssh card key diagnostic message.
Werner Koch [Mon, 28 Nov 2011 09:39:36 +0000 (10:39 +0100)]
Improve ssh card key diagnostic message.

* command-ssh.c (card_key_available): Change wording of no key
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.

7 years agoPC/SC pinpad support.
NIIBE Yutaka [Mon, 28 Nov 2011 07:16:38 +0000 (16:16 +0900)]
PC/SC pinpad support.

Before this change, it is layered like following:

apdu_send_simple, apdu_send_simple_kp

After this change, it will be layered like:

iso7816_verify      iso7816_verify_kp
        apdu_send_simple    apdu_keypad_verify

and apdu_send_simple_kp will be deprecated.

For PC/SC API, we use:
  SCardControl API to compose CCID PC_to_RDR_Secure message
  SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message

Considering the support of PC/SC, we have nothing to share between _kp
version of iso7816_* and no _kp version.

7 years agoMerge branch 'master' of git+ssh://
Werner Koch [Thu, 24 Nov 2011 15:16:43 +0000 (16:16 +0100)]
Merge branch 'master' of git+ssh://

7 years agoMake HKP keyserver engine work again.
Werner Koch [Thu, 24 Nov 2011 14:48:24 +0000 (15:48 +0100)]
Make HKP keyserver engine work again.

We had some debug code here which prevented it from working.
The host selection code still needs a review!

* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.

* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.

7 years agoMake HKP kyeserver engine work again.
Werner Koch [Thu, 24 Nov 2011 14:48:24 +0000 (15:48 +0100)]
Make HKP kyeserver engine work again.

We had some debug code here which prevented it from working.
The host selection code still needs a review!

* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.

* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.

7 years agoUpdated the German translation.
Werner Koch [Thu, 24 Nov 2011 13:16:22 +0000 (14:16 +0100)]
Updated the German translation.

* po/de.po: Update.

7 years agoDon't print anonymous recipient messages in quiet mode.
Werner Koch [Tue, 22 Nov 2011 14:30:26 +0000 (15:30 +0100)]
Don't print anonymous recipient messages in quiet mode.

This is bug#1378.

7 years agoAllow creating subkeys using an existing key
Werner Koch [Sun, 6 Nov 2011 16:01:31 +0000 (17:01 +0100)]
Allow creating subkeys using an existing key

This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used.  It
will be easy to extend this to the primary key.

7 years agotypo fixes
Werner Koch [Wed, 2 Nov 2011 17:29:47 +0000 (18:29 +0100)]
typo fixes

7 years agoAllow distribution of dotlock.* also under a modified BSD license
Werner Koch [Mon, 24 Oct 2011 09:38:17 +0000 (11:38 +0200)]
Allow distribution of dotlock.* also under a modified BSD license

8 years agoTypo fix and remove of some colloquial terms
Werner Koch [Tue, 18 Oct 2011 12:18:36 +0000 (14:18 +0200)]
Typo fix and remove of some colloquial terms

8 years agoPut more options into the options index
Werner Koch [Wed, 12 Oct 2011 15:36:56 +0000 (17:36 +0200)]
Put more options into the options index

Also removed the single letter options from the index.

8 years agoExtend yat2m to allow indented tables.
Werner Koch [Wed, 12 Oct 2011 13:52:13 +0000 (15:52 +0200)]
Extend yat2m to allow indented tables.

Current makeinfo versions allow to indent the texinfo source.  However
yat2m had no support for this.  With this patch it is now possible to
use a simple indentation style while keeping man pages readable.

8 years agoChange JNLIB license to LGPLv3+ or GPLv2+.
Werner Koch [Fri, 30 Sep 2011 10:52:11 +0000 (12:52 +0200)]
Change JNLIB license to LGPLv3+ or GPLv2+.

This is to allow the use of this code with code under GPLv2(only).

8 years agoAdd prefix macro for dotlock functions.
Werner Koch [Fri, 30 Sep 2011 07:45:21 +0000 (09:45 +0200)]
Add prefix macro for dotlock functions.

Also fixed a type in the GLIB version.

8 years agoAdd dotlock_get_fd and dotlock_set_fd.
Werner Koch [Thu, 29 Sep 2011 14:51:48 +0000 (16:51 +0200)]
Add dotlock_get_fd and dotlock_set_fd.

8 years agoMake dotlock.c thread-safe on pthread systems.
Werner Koch [Thu, 29 Sep 2011 13:27:01 +0000 (15:27 +0200)]
Make dotlock.c thread-safe on pthread systems.

This is achieved by passing the define DOTLOCK_USE_PTHREAD.

8 years agoAdd a flag parameter to dotlock_create.
Werner Koch [Wed, 28 Sep 2011 13:41:58 +0000 (15:41 +0200)]
Add a flag parameter to dotlock_create.

This allows us to extend this function in the future.

8 years agoAllow arbitrary timeouts with dotlock.
Werner Koch [Wed, 28 Sep 2011 09:47:40 +0000 (11:47 +0200)]
Allow arbitrary timeouts with dotlock.

8 years agoImproved the dotlock module.
Werner Koch [Tue, 27 Sep 2011 15:18:56 +0000 (17:18 +0200)]
Improved the dotlock module.

- It is now more portable and may be used outside of GnuPG
- vfat file systems are now supported.
- The use of link(2) is more robust.
- Wrote extensive documentation.

8 years agoRemove check for gcry_kdf_derive
Werner Koch [Tue, 27 Sep 2011 15:17:06 +0000 (17:17 +0200)]
Remove check for gcry_kdf_derive

This is not anymore required because we require Libgcrypt 1.5.0 which
features this function.

8 years agoRenamed the lock functions.
Werner Koch [Fri, 23 Sep 2011 12:43:58 +0000 (14:43 +0200)]
Renamed the lock functions.

Also cleaned up the dotlock code for easier readability.

8 years agoRemove support for RISCOS from dotlock.c
Werner Koch [Thu, 22 Sep 2011 12:27:32 +0000 (14:27 +0200)]
Remove support for RISCOS from dotlock.c

8 years agoAllow NULL for free_public_key.
Werner Koch [Tue, 20 Sep 2011 17:24:52 +0000 (19:24 +0200)]
Allow NULL for free_public_key.

8 years agotests: avoid use of freed pointer
Jim Meyering [Tue, 20 Sep 2011 14:35:30 +0000 (16:35 +0200)]
tests: avoid use of freed pointer

[spotted by coverity]

This is only in tests/, but easy to fix, so...
I've included extra context so you can see how var->value would
be used in the following atoi call.

>From cf9ae83fd2da8d7a289b048ef0feed4096f6d263 Mon Sep 17 00:00:00 2001
From: Jim Meyering <>
Date: Tue, 20 Sep 2011 16:32:59 +0200
Subject: [PATCH] avoid use of free'd pointer

* asschk.c (set_type_var): Set var->value to NULL after freeing it,
to avoid subsequent use of freed pointer.

8 years agoavoid use of freed pointer
Jim Meyering [Tue, 20 Sep 2011 14:26:37 +0000 (16:26 +0200)]
avoid use of freed pointer

Without this patch, pk2 would be freed twice.

>From 2a18a4b757e0896e738fefbbaa8ff8c23a9edf89 Mon Sep 17 00:00:00 2001
From: Jim Meyering <>
Date: Tue, 20 Sep 2011 16:20:39 +0200
Subject: [PATCH] avoid use of freed pointer

If we free pk2 at the top of the for-loop, set it to NULL
so that we don't free it again just before returning.
* revoke.c (gen_desig_revoke): Don't use pk2 after freeing it.

8 years agoReplace gcry_md_start_debug by gcry_md_debug.
Werner Koch [Tue, 20 Sep 2011 07:54:27 +0000 (09:54 +0200)]
Replace gcry_md_start_debug by gcry_md_debug.

This is to allow building with Libgcrypt master (1.6) which has some
cleanups in the API/ABI.

8 years agoAllow no protection in pinentry-mode=loopback.
Ben Kibbey [Tue, 13 Sep 2011 00:13:19 +0000 (20:13 -0400)]
Allow no protection in pinentry-mode=loopback.

When the inquired passphrase has a 0 length then treat it as no

8 years agoFixed invalid free.
Ben Kibbey [Tue, 13 Sep 2011 00:13:18 +0000 (20:13 -0400)]
Fixed invalid free.

8 years agoFixed regression in libcurl.m4
Werner Koch [Mon, 12 Sep 2011 13:36:27 +0000 (15:36 +0200)]
Fixed regression in libcurl.m4

Fixed lost hash sign introduced by previous change (2011-04-08).
Reported by John Marshall.

8 years agoHandle pinentry-mode=loopback.
Ben Kibbey [Sun, 11 Sep 2011 20:55:34 +0000 (16:55 -0400)]
Handle pinentry-mode=loopback.

When this mode is set an inquire will be sent to the client to retrieve
the passphrase. This adds a new inquire keyword "NEW_PASSPHRASE" that the
GENKEY and PASSWD commands use when generating a new key.

8 years agoMark component descriptions for translation.
Werner Koch [Fri, 26 Aug 2011 13:20:41 +0000 (15:20 +0200)]
Mark component descriptions for translation.

8 years agoBeautified the online html manual
Werner Koch [Fri, 12 Aug 2011 12:40:47 +0000 (14:40 +0200)]
Beautified the online html manual

8 years agoFixed set but unused variable bugs
Werner Koch [Wed, 10 Aug 2011 12:11:30 +0000 (14:11 +0200)]
Fixed set but unused variable bugs

8 years agoFix autoconf warnings and update config.* files.
Werner Koch [Wed, 10 Aug 2011 11:39:38 +0000 (13:39 +0200)]
Fix autoconf warnings and update config.* files.

8 years agoTypo fix
Werner Koch [Wed, 10 Aug 2011 11:26:17 +0000 (13:26 +0200)]
Typo fix

8 years agoUpdate option s2k-count to match the documentation.
Ben Kibbey [Tue, 9 Aug 2011 22:56:16 +0000 (18:56 -0400)]
Update option s2k-count to match the documentation.

The option would previously return an error if its value was < 65536.

8 years agoMade the KILLAGENT and KILLSCD commands working again.
Werner Koch [Wed, 10 Aug 2011 09:47:04 +0000 (11:47 +0200)]
Made the KILLAGENT and KILLSCD commands working again.

This requires that GnuPG is build with a newer version of Libassuan

8 years agoAdjust for signed integer passed to OpenPGP card decrypt.
Werner Koch [Mon, 8 Aug 2011 08:44:03 +0000 (10:44 +0200)]
Adjust for signed integer passed to OpenPGP card decrypt.

8 years agoMinor doc updates v2.0 vs. v2.1)
Werner Koch [Mon, 8 Aug 2011 08:17:33 +0000 (10:17 +0200)]
Minor doc updates v2.0 vs. v2.1)

8 years agoDo not print read-only trustdb warning with --quiet.
Werner Koch [Fri, 29 Jul 2011 07:58:34 +0000 (09:58 +0200)]
Do not print read-only trustdb warning with --quiet.

This is only a warning and gpg would anyway print an error message if
it tries to write to the trustdb.

8 years agoMake the inquire cancel fix a little bit more robust.
Werner Koch [Wed, 27 Jul 2011 09:10:15 +0000 (11:10 +0200)]
Make the inquire cancel fix a little bit more robust.

8 years agoFixed gpg-agent SCD inquire command cancellation.
Ben Kibbey [Sat, 9 Jul 2011 12:25:22 +0000 (08:25 -0400)]
Fixed gpg-agent SCD inquire command cancellation.

Need to send the CANCEL command back to scdaemon otherwise the next SCD
command will fail.

8 years agoFix crash while reading unsupported ssh keys.
Werner Koch [Fri, 22 Jul 2011 07:29:40 +0000 (09:29 +0200)]
Fix crash while reading unsupported ssh keys.

This bug was found by n-roeser at
(gnupg-devel@, msgid

8 years agoTry to get the only-valid-if-cert-valid cert from the dirmngr first.
Werner Koch [Thu, 21 Jul 2011 08:24:03 +0000 (10:24 +0200)]
Try to get the only-valid-if-cert-valid cert from the dirmngr first.

This should always work because the dirmngr asked us to validate the
given certificate.  This should make OCSP configuration easier because
there is less requirement to install all certificates for Dirmngr and

CAUTION:  This code has not yet been tested.