gnupg.git
13 years ago* ksutil.h, ksutil.c (classify_ks_search): Add KS_SEARCH_KEYID_SHORT
David Shaw [Tue, 11 Apr 2006 03:00:50 +0000 (03:00 +0000)]
* ksutil.h, ksutil.c (classify_ks_search): Add KS_SEARCH_KEYID_SHORT
and KS_SEARCH_KEYID_LONG to search for a key ID.

* gpgkeys_ldap.c (search_key): Use it here to flip from pgpUserID
searches to pgpKeyID or pgpCertID.

13 years ago* gpg.sgml: Some typo fixes. This is Debian 361324.
David Shaw [Sun, 9 Apr 2006 23:22:24 +0000 (23:22 +0000)]
* gpg.sgml: Some typo fixes.  This is Debian 361324.

13 years ago* getkey.c (parse_auto_key_locate): Fix dupe-removal code.
David Shaw [Sun, 9 Apr 2006 03:34:09 +0000 (03:34 +0000)]
* getkey.c (parse_auto_key_locate): Fix dupe-removal code.

* keyedit.c (menu_backsign): Allow backsigning even if the secret
subkey doesn't have a binding signature.

* armor.c (radix64_read): Don't report EOF when reading only a pad (=)
character.  The EOF actually starts after the pad.

* gpg.c (main): Make --export, --send-keys, --recv-keys,
--refresh-keys, and --fetch-keys follow their arguments from left to
right.  Suggested by Peter Palfrader.

13 years agoFixed segv
Werner Koch [Sat, 8 Apr 2006 01:23:23 +0000 (01:23 +0000)]
Fixed segv

13 years agoSee ChangeLog
Werner Koch [Sat, 8 Apr 2006 00:36:51 +0000 (00:36 +0000)]
See ChangeLog

13 years ago* memory.c (realloc): Fix compile problem with --enable-m-guard.
David Shaw [Thu, 6 Apr 2006 17:58:13 +0000 (17:58 +0000)]
* memory.c (realloc): Fix compile problem with --enable-m-guard.

13 years ago* make-dns-cert.c: Some changes from Peter Palfrader to send errors to
David Shaw [Wed, 5 Apr 2006 14:25:40 +0000 (14:25 +0000)]
* make-dns-cert.c: Some changes from Peter Palfrader to send errors to
stderr and allow spaces in a fingerprint.  Also warn when a key is
over 16k (as that is the default max-cert-size) and fail when a key is
over 64k as that is the DNS limit in many places.

13 years ago* make-dns-cert.c: New program to generate properly formatted CERT records
David Shaw [Tue, 4 Apr 2006 22:19:13 +0000 (22:19 +0000)]
* make-dns-cert.c: New program to generate properly formatted CERT records
so people don't have to do it manually.

13 years agopost release updates
Werner Koch [Mon, 3 Apr 2006 11:16:19 +0000 (11:16 +0000)]
post release updates

13 years agoAbout to release 1.4.3 gnupg-1.4.3
Werner Koch [Mon, 3 Apr 2006 10:13:23 +0000 (10:13 +0000)]
About to release 1.4.3

13 years ago* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve unlock.
David Shaw [Sat, 1 Apr 2006 02:47:53 +0000 (02:47 +0000)]
* getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve unlock.
Fix strings to not start with a capital letter as per convention.

13 years agoUpdate copyright
David Shaw [Thu, 30 Mar 2006 23:55:45 +0000 (23:55 +0000)]
Update copyright

13 years ago* main.h, seskey.c (encode_md_value): Modify to allow a q size greater
David Shaw [Thu, 30 Mar 2006 19:20:59 +0000 (19:20 +0000)]
* main.h, seskey.c (encode_md_value): Modify to allow a q size greater
than 160 bits as per DSA2.  This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.

* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.

13 years ago* README: Some more notes about building fat binaries.
David Shaw [Thu, 30 Mar 2006 14:19:08 +0000 (14:19 +0000)]
* README: Some more notes about building fat binaries.

13 years ago* cert.c (main): Fix test program build warning on OSX.
David Shaw [Thu, 30 Mar 2006 14:13:35 +0000 (14:13 +0000)]
* cert.c (main): Fix test program build warning on OSX.

13 years ago* gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so they use
David Shaw [Mon, 27 Mar 2006 19:06:46 +0000 (19:06 +0000)]
* gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so they use
the regular old API that is compatible with other LDAP libraries.

13 years ago* README: Missing some instructions on building a fat binary.
David Shaw [Sat, 25 Mar 2006 03:05:30 +0000 (03:05 +0000)]
* README: Missing some instructions on building a fat binary.

13 years ago* getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
David Shaw [Wed, 22 Mar 2006 23:05:32 +0000 (23:05 +0000)]
* getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
than causing an error.

13 years agoChanged URLs
Werner Koch [Wed, 22 Mar 2006 16:43:59 +0000 (16:43 +0000)]
Changed URLs

13 years ago* mainproc.c (get_pka_address): Fix bug introduced as part of
David Shaw [Wed, 22 Mar 2006 14:37:53 +0000 (14:37 +0000)]
* mainproc.c (get_pka_address): Fix bug introduced as part of
sig_to_notation conversion.  Noted by Peter Palfradrer.

13 years agoAllow for rmd160 signatures when using gpg-agent.
Werner Koch [Tue, 21 Mar 2006 13:01:45 +0000 (13:01 +0000)]
Allow for rmd160 signatures when using gpg-agent.

13 years ago* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert previous
David Shaw [Mon, 20 Mar 2006 16:40:28 +0000 (16:40 +0000)]
* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert previous
change.  It's now all done in configure.

13 years ago* configure.ac: Improved --disable-endian-check that doesn't involve
David Shaw [Mon, 20 Mar 2006 16:13:52 +0000 (16:13 +0000)]
* configure.ac: Improved --disable-endian-check that doesn't involve
changing #ifdefs in the rest of the code.

13 years ago* configure.ac: Add --disable-endian-check for building fat binaries
David Shaw [Mon, 20 Mar 2006 00:57:33 +0000 (00:57 +0000)]
* configure.ac: Add --disable-endian-check for building fat binaries
on OSX.

* README: Add note on how to build a fat binary on OSX.

13 years ago* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use '#if'
David Shaw [Mon, 20 Mar 2006 00:39:44 +0000 (00:39 +0000)]
* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use '#if'
rather than '#ifdef' BIG_ENDIAN_HOST.  Harmless as we explicitly
define BIG_ENDIAN_HOST to 1 when we need it, but needed for OSX fat
builds when we define BIG_ENDIAN_HOST to another macro.

13 years ago* configure.ac: Allow the DNS stuff to work on OSX by trying the
David Shaw [Sat, 18 Mar 2006 05:36:32 +0000 (05:36 +0000)]
* configure.ac: Allow the DNS stuff to work on OSX by trying the
Apple-specific BIND_8_COMPAT.

13 years ago* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
David Shaw [Fri, 17 Mar 2006 05:20:13 +0000 (05:20 +0000)]
* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.

13 years ago* cert.c (get_cert): Handle the fixed IPGP type with fingerprint.
David Shaw [Thu, 16 Mar 2006 22:40:04 +0000 (22:40 +0000)]
* cert.c (get_cert): Handle the fixed IPGP type with fingerprint.

13 years ago* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
David Shaw [Tue, 14 Mar 2006 03:16:21 +0000 (03:16 +0000)]
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.

* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched.  This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it.  In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker.  By forcing the use of
the fingerprint, we won't use the attacker's key here.

13 years ago* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
David Shaw [Tue, 14 Mar 2006 02:42:02 +0000 (02:42 +0000)]
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.

13 years ago* main.h, import.c (import_one): Optionally return the fingerprint of
David Shaw [Tue, 14 Mar 2006 02:23:00 +0000 (02:23 +0000)]
* main.h, import.c (import_one): Optionally return the fingerprint of
the key being imported.  (import_keys_internal, import_keys_stream,
import): Change all callers.

13 years ago* sig-check.c (signature_check2): Print the backsig warning when there
David Shaw [Sun, 12 Mar 2006 15:33:57 +0000 (15:33 +0000)]
* sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.

13 years ago* samplekeys.asc: Update 99242560 to have a signing subkey backsig.
David Shaw [Sat, 11 Mar 2006 15:29:57 +0000 (15:29 +0000)]
* samplekeys.asc: Update 99242560 to have a signing subkey backsig.

13 years ago* gpg.sgml: Clarify new notation delete feature.
David Shaw [Thu, 9 Mar 2006 19:47:35 +0000 (19:47 +0000)]
* gpg.sgml: Clarify new notation delete feature.

13 years ago* build-packet.c (string_to_notation): Add ability to indicate a notation
David Shaw [Thu, 9 Mar 2006 19:43:29 +0000 (19:43 +0000)]
* build-packet.c (string_to_notation): Add ability to indicate a notation
to be deleted with a '-' prefix.

* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'.  This works with either "-notation" or "-notation=value".

13 years agokeep on walking towards rc3
Werner Koch [Thu, 9 Mar 2006 19:24:59 +0000 (19:24 +0000)]
keep on walking towards rc3

13 years agoUpdated gnupg-1.4.3rc2
Werner Koch [Thu, 9 Mar 2006 12:58:26 +0000 (12:58 +0000)]
Updated

13 years agoPreparing for an RC23
Werner Koch [Thu, 9 Mar 2006 12:45:02 +0000 (12:45 +0000)]
Preparing for an RC23

13 years ago* gpg.sgml: Document "notation".
David Shaw [Thu, 9 Mar 2006 04:00:18 +0000 (04:00 +0000)]
* gpg.sgml: Document "notation".

13 years ago* keyedit.c (menu_set_notation): New function to set notations on
David Shaw [Thu, 9 Mar 2006 03:49:39 +0000 (03:49 +0000)]
* keyedit.c (menu_set_notation): New function to set notations on
self-signatures.  (keyedit_menu): Call it here.
(tty_print_notations): Helper.  (show_prefs): Show notations in
"showpref".

13 years ago* mainproc.c (get_pka_address), keylist.c (show_notation): Remove
David Shaw [Thu, 9 Mar 2006 03:35:26 +0000 (03:35 +0000)]
* mainproc.c (get_pka_address), keylist.c (show_notation): Remove
duplicate code by using notation functions.

13 years ago* argparse.c (default_strusage): Update copyright year to 2006.
David Shaw [Thu, 9 Mar 2006 03:31:28 +0000 (03:31 +0000)]
* argparse.c (default_strusage): Update copyright year to 2006.

13 years ago* packet.h, build-packet.c (sig_to_notation), keygen.c
David Shaw [Thu, 9 Mar 2006 01:15:18 +0000 (01:15 +0000)]
* packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Provide printable text for non-human-readable
notation values.

13 years ago* packet.h, build-packet.c (sig_to_notation), keygen.c
David Shaw [Wed, 8 Mar 2006 23:42:45 +0000 (23:42 +0000)]
* packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Tweak to handle non-human-readable notation
values.

13 years ago* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
David Shaw [Wed, 8 Mar 2006 23:30:12 +0000 (23:30 +0000)]
* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.

13 years ago* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
David Shaw [Wed, 8 Mar 2006 02:40:42 +0000 (02:40 +0000)]
* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.

13 years ago* NEWS: Note CERT retrieval. Tweak PKA and backsig language to match
David Shaw [Wed, 8 Mar 2006 02:36:37 +0000 (02:36 +0000)]
* NEWS: Note CERT retrieval.  Tweak PKA and backsig language to match
current code.

13 years ago* gpg.sgml: Rename backsigs to cross-certification (backsigs is just
David Shaw [Tue, 7 Mar 2006 22:44:23 +0000 (22:44 +0000)]
* gpg.sgml: Rename backsigs to cross-certification (backsigs is just
shorthand).  Document max-cert-size.

13 years ago* gpg.sgml: Document new way of enabling the PKA functions. Some minor
David Shaw [Tue, 7 Mar 2006 21:47:36 +0000 (21:47 +0000)]
* gpg.sgml: Document new way of enabling the PKA functions.  Some minor
other cleanups.

13 years ago* options.h, gpg.c (main, parse_trust_model), pkclist.c
David Shaw [Tue, 7 Mar 2006 20:14:20 +0000 (20:14 +0000)]
* options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.

13 years ago* NEWS: Note --auto-key-locate and that keyservers can handle binary data
David Shaw [Tue, 7 Mar 2006 16:20:03 +0000 (16:20 +0000)]
* NEWS: Note --auto-key-locate and that keyservers can handle binary data
now.

13 years agoMore tests added; make distcheck works
Werner Koch [Tue, 7 Mar 2006 11:05:41 +0000 (11:05 +0000)]
More tests added; make distcheck works

13 years ago* gpg.sgml: Document --auto-key-locate.
David Shaw [Tue, 7 Mar 2006 05:06:31 +0000 (05:06 +0000)]
* gpg.sgml: Document --auto-key-locate.

13 years ago* sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that
David Shaw [Tue, 7 Mar 2006 01:16:31 +0000 (01:16 +0000)]
* sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that
is not a PGP 2.x algorithm.

13 years ago* mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
David Shaw [Mon, 6 Mar 2006 23:14:13 +0000 (23:14 +0000)]
* mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
algorithm.

13 years agoStricter test of allowed signature packet compositions.
Werner Koch [Mon, 6 Mar 2006 21:28:25 +0000 (21:28 +0000)]
Stricter test of allowed signature packet compositions.
There is still one problem to solve.

13 years agoFixed problem with PGP2 style signatures and mutilple plaintext data
Werner Koch [Mon, 6 Mar 2006 12:28:46 +0000 (12:28 +0000)]
Fixed problem with PGP2 style signatures and mutilple plaintext data

13 years agoReplaced an assert and fixed batch mode issue in cardglue.
Werner Koch [Sun, 5 Mar 2006 15:13:18 +0000 (15:13 +0000)]
Replaced an assert and fixed batch mode issue in cardglue.

13 years ago* gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP
David Shaw [Fri, 3 Mar 2006 21:55:38 +0000 (21:55 +0000)]
* gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP
libraries that have TLS.

13 years ago* getkey.c (parse_auto_key_locate): Error if the user selects "cert" or
David Shaw [Wed, 1 Mar 2006 18:16:55 +0000 (18:16 +0000)]
* getkey.c (parse_auto_key_locate): Error if the user selects "cert" or
"pka" when those features are disabled.

* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha.  Noted by Nelson H.
F. Beebe.

13 years ago* configure.ac: Fix accidental enabling of SHA-384/512. Noted by Nelson
David Shaw [Wed, 1 Mar 2006 17:05:38 +0000 (17:05 +0000)]
* configure.ac: Fix accidental enabling of SHA-384/512.  Noted by Nelson
H. F. Beebe.

13 years ago* options.skel: Document auto-key-locate and give a pointer to Simon
David Shaw [Mon, 27 Feb 2006 19:31:13 +0000 (19:31 +0000)]
* options.skel: Document auto-key-locate and give a pointer to Simon
Josefsson's page for CERT.

13 years ago* gpg.sgml: Document new --keyserver syntax.
David Shaw [Sat, 25 Feb 2006 00:21:20 +0000 (00:21 +0000)]
* gpg.sgml: Document new --keyserver syntax.

13 years ago* keydb.h, getkey.c (release_akl), gpg.c (main): Add
David Shaw [Fri, 24 Feb 2006 14:27:22 +0000 (14:27 +0000)]
* keydb.h, getkey.c (release_akl), gpg.c (main): Add
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.

13 years ago* keyserver.c (parse_keyserver_options): Only change max_cert if it is
David Shaw [Fri, 24 Feb 2006 03:57:11 +0000 (03:57 +0000)]
* keyserver.c (parse_keyserver_options): Only change max_cert if it is
used.

13 years ago* options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special
David Shaw [Thu, 23 Feb 2006 22:39:40 +0000 (22:39 +0000)]
* options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special
treatment of include-revoked, include-subkeys, and try-dns-srv.  These are
keyserver features, and GPG shouldn't get involved here.

13 years ago* ksutil.c (init_ks_options): Default include-revoked and include-subkeys
David Shaw [Thu, 23 Feb 2006 21:06:32 +0000 (21:06 +0000)]
* ksutil.c (init_ks_options): Default include-revoked and include-subkeys
to on, as gpg isn't doing this any longer.

13 years ago* keyserver.c (parse_keyserver_uri, add_canonical_option): Always append
David Shaw [Thu, 23 Feb 2006 20:54:30 +0000 (20:54 +0000)]
* keyserver.c (parse_keyserver_uri, add_canonical_option): Always append
options to the list, as ordering may be significant to the user.

13 years ago* gpg.c (add_notation_data): Fix reversed logic for isascii check when
David Shaw [Thu, 23 Feb 2006 19:52:20 +0000 (19:52 +0000)]
* gpg.c (add_notation_data): Fix reversed logic for isascii check when
adding notations.  Noted by Christian Biere.

13 years ago* options.h, keyserver.c (add_canonical_option): New.
David Shaw [Thu, 23 Feb 2006 17:00:02 +0000 (17:00 +0000)]
* options.h, keyserver.c (add_canonical_option): New.
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).

13 years ago* options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
David Shaw [Wed, 22 Feb 2006 23:37:23 +0000 (23:37 +0000)]
* options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.

13 years ago* gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on
David Shaw [Wed, 22 Feb 2006 23:19:36 +0000 (23:19 +0000)]
* gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on
odd matches.

13 years ago* options.h, keyserver.c (parse_keyserver_options): Remove
David Shaw [Wed, 22 Feb 2006 20:34:48 +0000 (20:34 +0000)]
* options.h, keyserver.c (parse_keyserver_options): Remove
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.

13 years ago* options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
David Shaw [Wed, 22 Feb 2006 20:20:58 +0000 (20:20 +0000)]
* options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.

13 years ago* options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
David Shaw [Wed, 22 Feb 2006 19:06:23 +0000 (19:06 +0000)]
* options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.

13 years ago* gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow
David Shaw [Wed, 22 Feb 2006 04:19:21 +0000 (04:19 +0000)]
* gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow
duplicate attributes as OpenLDAP is now enforcing this.

13 years ago* gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass
David Shaw [Wed, 22 Feb 2006 03:49:49 +0000 (03:49 +0000)]
* gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass
credentials to a remote LDAP server.

13 years ago* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
David Shaw [Wed, 22 Feb 2006 02:11:35 +0000 (02:11 +0000)]
* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
curl_easy_perform): Mingw has 'stderr' as a macro?

13 years ago* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
David Shaw [Tue, 21 Feb 2006 22:23:35 +0000 (22:23 +0000)]
* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.

13 years ago* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
David Shaw [Tue, 21 Feb 2006 16:16:09 +0000 (16:16 +0000)]
* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier
debugging.

13 years ago* gpgv.c: Stub keyserver_import_ldap.
David Shaw [Tue, 21 Feb 2006 16:09:09 +0000 (16:09 +0000)]
* gpgv.c: Stub keyserver_import_ldap.

* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.

13 years ago* keyserver.c (parse_keyserver_uri): Include the scheme in the uri
David Shaw [Tue, 21 Feb 2006 05:20:08 +0000 (05:20 +0000)]
* keyserver.c (parse_keyserver_uri): Include the scheme in the uri
even when we've assumed "hkp" when there was no scheme.

13 years ago* http.c (send_request): A zero length proxy is the same as no proxy.
David Shaw [Sun, 19 Feb 2006 21:03:01 +0000 (21:03 +0000)]
* http.c (send_request): A zero length proxy is the same as no proxy.

13 years ago* configure.ac: Try linking the UINT64_C test program (rather than
David Shaw [Sun, 19 Feb 2006 02:08:43 +0000 (02:08 +0000)]
* configure.ac: Try linking the UINT64_C test program (rather than
just compiling it) as UINT64_C looks like a (missing) function,
causing a false positive.  Noted by Claus Assmann.

13 years agoabout to release 1.4.3rc1 gnupg-1.4.3rc1
Werner Koch [Tue, 14 Feb 2006 16:28:34 +0000 (16:28 +0000)]
about to release 1.4.3rc1

13 years agoFixed a wrong return code with gpg --verify
Werner Koch [Tue, 14 Feb 2006 10:17:57 +0000 (10:17 +0000)]
Fixed a wrong return code with gpg --verify

13 years agoLock random seed file
Werner Koch [Thu, 9 Feb 2006 12:54:41 +0000 (12:54 +0000)]
Lock random seed file

13 years agoFixed a couple of problems
Werner Koch [Wed, 8 Feb 2006 17:55:20 +0000 (17:55 +0000)]
Fixed a couple of problems

13 years agoAdd support fro CardMan 4040
Werner Koch [Mon, 6 Feb 2006 16:34:20 +0000 (16:34 +0000)]
Add support fro CardMan 4040

13 years ago* cert.c (get_cert): Disable IPGP types for now until the format questions
David Shaw [Thu, 26 Jan 2006 16:51:04 +0000 (16:51 +0000)]
* cert.c (get_cert): Disable IPGP types for now until the format questions
in the draft are settled.

* srv.c (getsrv): Error on oversize SRV responses.

13 years ago* keyserver.c (parse_keyserver_uri): If there is a path present, set the
David Shaw [Tue, 24 Jan 2006 21:03:06 +0000 (21:03 +0000)]
* keyserver.c (parse_keyserver_uri): If there is a path present, set the
direct_uri flag so the right keyserver helper is run.

13 years ago* keyserver.c (keyserver_spawn): Include the EXEEXT so we can find
David Shaw [Sun, 22 Jan 2006 21:40:20 +0000 (21:40 +0000)]
* keyserver.c (keyserver_spawn): Include the EXEEXT so we can find
keyserver helpers on systems that use extensions.

* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.

13 years ago* configure.ac: Add define for EXEEXT so we can find keyserver helpers
David Shaw [Sun, 22 Jan 2006 21:38:02 +0000 (21:38 +0000)]
* configure.ac: Add define for EXEEXT so we can find keyserver helpers
on systems that use extensions.

13 years ago* keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" a
David Shaw [Tue, 17 Jan 2006 20:55:53 +0000 (20:55 +0000)]
* keydb.h, passphrase.c (next_to_last_passphrase): New.  "Touch" a
passphrase as if it was used (move from next_pw to last_pw).

* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key).  This also handles the case where a secret key is
located on a card and a secret key with no passphrase.  Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.

13 years ago* libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines.
David Shaw [Tue, 17 Jan 2006 16:03:51 +0000 (16:03 +0000)]
* libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines.

13 years ago* libcurl.m4: Remove GOPHER, as that is not supported in libcurl any
David Shaw [Mon, 16 Jan 2006 20:22:58 +0000 (20:22 +0000)]
* libcurl.m4: Remove GOPHER, as that is not supported in libcurl any
longer.

13 years ago* gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST when
David Shaw [Mon, 16 Jan 2006 17:59:46 +0000 (17:59 +0000)]
* gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST when
uploading a key.

13 years ago* keyserver.c (keyserver_refresh): Fix problem when more than one key
David Shaw [Sat, 7 Jan 2006 21:04:13 +0000 (21:04 +0000)]
* keyserver.c (keyserver_refresh): Fix problem when more than one key
in a refresh batch has a preferred keyserver set.  Noted by Nicolas
Rachinsky.

13 years ago* mainproc.c (check_sig_and_print), keyserver.c
David Shaw [Sun, 1 Jan 2006 18:12:57 +0000 (18:12 +0000)]
* mainproc.c (check_sig_and_print), keyserver.c
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.

13 years ago* sign.c (write_signature_packets): Lost a digest_algo line.
David Shaw [Sun, 1 Jan 2006 17:59:57 +0000 (17:59 +0000)]
* sign.c (write_signature_packets): Lost a digest_algo line.