gnupg.git
3 years agodoc: Updated HACKING.
Werner Koch [Tue, 30 Jun 2015 09:55:17 +0000 (11:55 +0200)]
doc: Updated HACKING.

--

Added used commit keywords.
Add some comments to the list of files.

3 years agogpg: Make show-sig-subpackets work again.
Werner Koch [Tue, 30 Jun 2015 09:01:16 +0000 (11:01 +0200)]
gpg: Make show-sig-subpackets work again.

* g10/gpg.c (parse_list_options): Fix offset for subpackets.
--

Regression-due-to: 7d0492075ea638607309b3ea6a792b0e95ea7d98
GnuPG-bug-id: 2008
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Improve a comment.
Werner Koch [Tue, 30 Jun 2015 08:34:56 +0000 (10:34 +0200)]
agent: Improve a comment.

--

3 years agoagent: Prepare for Libassuan with Cygwin support.
Werner Koch [Mon, 29 Jun 2015 19:26:09 +0000 (21:26 +0200)]
agent: Prepare for Libassuan with Cygwin support.

* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoShow passphrase constraints errors as password prompt errors
Neal H. Walfield [Thu, 18 Jun 2015 03:10:47 +0000 (00:10 -0300)]
Show passphrase constraints errors as password prompt errors

* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2.  If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *.  Pass it to check_passphrase_constraints.  If it
contains malloc's memory, free it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Based on a patch provided by Watson Yuuma Sato <yuuma.sato@gmail.com>
in issue 2018.

3 years agoImprove documentation for default-cache-ttl and default-cache-ttl-ssh.
Neal H. Walfield [Tue, 16 Jun 2015 14:16:57 +0000 (16:16 +0200)]
Improve documentation for default-cache-ttl and default-cache-ttl-ssh.

* doc/gpg-agent.texi (Agent Options): Improve documentation for
default-cache-ttl and default-cache-ttl-ssh.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoDon't raise max-cache-ttl to default-cache-ttl.
Neal H. Walfield [Tue, 16 Jun 2015 14:13:51 +0000 (16:13 +0200)]
Don't raise max-cache-ttl to default-cache-ttl.

* agent/gpg-agent.c (finalize_rereadable_options): Don't raise
max-cache-ttl to default-cache-ttl.  Likewise for max-cache-ttl-ssh
and default-cache-ttl-ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This closes issue #2009.

3 years agoImprove the description of old packets with an indeterminate length.
Neal H. Walfield [Mon, 29 Jun 2015 13:50:48 +0000 (15:50 +0200)]
Improve the description of old packets with an indeterminate length.

* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoagent: Add --verify to the PASSWD command.
Werner Koch [Mon, 29 Jun 2015 10:50:16 +0000 (12:50 +0200)]
agent: Add --verify to the PASSWD command.

* agent/command.c (cmd_passwd): Add option --verify.
--

GnuPG-bug-id: 1951
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent,w32: Do not create a useless socket with --enable-putty-support.
Werner Koch [Mon, 29 Jun 2015 10:24:58 +0000 (12:24 +0200)]
agent,w32: Do not create a useless socket with --enable-putty-support.

* agent/agent.h (opt): Remove field ssh_support.
* agent/gpg-agent.c (ssh_support): New.  Replace all opt.ssh_support
by this.
(main): Do not set ssh_support along with setting putty_support.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgsm: Add command option "offline".
Werner Koch [Mon, 29 Jun 2015 09:03:58 +0000 (11:03 +0200)]
gpgsm: Add command option "offline".

* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--

Adding this option makes it easier to implement the corresponding
feature in gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Support button flag and AES key data for OpenPGPcard v3.0.
NIIBE Yutaka [Fri, 26 Jun 2015 06:14:27 +0000 (15:14 +0900)]
scd: Support button flag and AES key data for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
Support button and symmetric decryption.
(do_setattr): Support setting AESKEY.

3 years agosm: Fix cert storage for ephemeral certs
Andre Heinecke [Wed, 24 Jun 2015 16:55:24 +0000 (18:55 +0200)]
sm: Fix cert storage for ephemeral certs

* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.

--

Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.

GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
3 years agoAllow use of debug flag names for all tools.
Werner Koch [Tue, 23 Jun 2015 07:12:44 +0000 (09:12 +0200)]
Allow use of debug flag names for all tools.

* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto.  But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Improve fucntion parse_debug_flag.
Werner Koch [Tue, 23 Jun 2015 07:10:56 +0000 (09:10 +0200)]
common: Improve fucntion parse_debug_flag.

* common/miscellaneous.c (parse_debug_flag): Add hack not to call
exit.  Add "none" and "all" flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: pinpad workaround for PC/SC implementations.
NIIBE Yutaka [Tue, 23 Jun 2015 01:10:15 +0000 (10:10 +0900)]
scd: pinpad workaround for PC/SC implementations.

* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.

--

GnuPG-bug-id: 2003, 2004

This is needed for PC/SC on Debian Jessie.  Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.

3 years agogpg: Allow debug flag names for --debug.
Werner Koch [Mon, 22 Jun 2015 19:01:10 +0000 (21:01 +0200)]
gpg: Allow debug flag names for --debug.

* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function parse_debug_flag
Werner Koch [Mon, 22 Jun 2015 18:54:23 +0000 (20:54 +0200)]
common: Add function parse_debug_flag

* common/miscellaneous.c (parse_debug_flag): New.
* common/util.h (struct debug_flags_s): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function strtokenize.
Werner Koch [Mon, 22 Jun 2015 17:28:33 +0000 (19:28 +0200)]
common: Add function strtokenize.

* common/stringhelp.c: Include assert.h.
(strtokenize): New.
* common/t-stringhelp.c (test_strtokenize): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix regression due to recent commit 6500f33
Werner Koch [Mon, 22 Jun 2015 13:15:39 +0000 (15:15 +0200)]
gpg: Fix regression due to recent commit 6500f33

* g10/keydb.c (kid_list_s): Keep a state in the table.
(kid_not_found_table): Rename to kid_found_table.
(n_kid_not_found_table): Rename to kid_found_table_count.
(kid_not_found_p): Return found state.
(kid_not_found_insert): Add arg found.
(keydb_search): Store found state in the table.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Fix Cherry ST-2000 support for pinpad input.
NIIBE Yutaka [Mon, 22 Jun 2015 05:31:25 +0000 (14:31 +0900)]
scd: Fix Cherry ST-2000 support for pinpad input.

* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.

--

GnuPG-bug-id: 2003, 2004

3 years agogpg: Print number of good signatures with --check-sigs.
Werner Koch [Sat, 20 Jun 2015 13:05:32 +0000 (15:05 +0200)]
gpg: Print number of good signatures with --check-sigs.

* g10/keylist.c (keylist_context): Add field good_sigs.
(list_keyblock_print): Updated good_sigs.
(print_signature_stats): Print number of good signatures and use
log_info instead of tty_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve speed of --check-sigs and --lish-sigs.
Werner Koch [Sat, 20 Jun 2015 13:03:32 +0000 (15:03 +0200)]
gpg: Improve speed of --check-sigs and --lish-sigs.

* g10/keydb.c (kid_list_t): New.
(kid_not_found_table, n_kid_not_found_table): New.
(kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
(keydb_insert_keyblock): Flush the new cache.
(keydb_delete_keyblock): Ditto.
(keydb_update_keyblock): Ditto.
(keydb_search): Use the new cache.
(keydb_dump_stats): New.
* g10/gpg.c (g10_exit): Dump keydb stats.
--

What we do here is to keep track of key searches by long keyids (as
stored in all signatures) so that we do not need to scan the keybox
again after we already found that this keyid will result in
not-found.  As soon as we change gpg to run as a co-process we should
store this table per session because other instances of gpg may have
updated the keybox without us knowing.

On a test ring with

  gpg: 94721 good signatures
  gpg: 6831 bad signatures
  gpg: 150703 signatures not checked due to missing keys
  gpg: 5 signatures not checked due to errors
  gpg: keydb: kid_not_found_table: total: 14132

this new cache speeds a --check-sigs listing up from 28 minutes to
less than 3 minutes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add more log_clock calls to keydb.c
Werner Koch [Fri, 19 Jun 2015 14:59:46 +0000 (16:59 +0200)]
gpg: Add more log_clock calls to keydb.c

* g10/keydb.c (keydb_get_keyblock): Add log_clock calls.

4 years agogpg: Print available debug flags using "--debug-level help".
Werner Koch [Fri, 19 Jun 2015 12:56:46 +0000 (14:56 +0200)]
gpg: Print available debug flags using "--debug-level help".

* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix export problem in case an old keyring has PGP-2 keys.
Werner Koch [Fri, 19 Jun 2015 10:39:29 +0000 (12:39 +0200)]
gpg: Fix export problem in case an old keyring has PGP-2 keys.

* g10/export.c (do_export_stream): Skip legacy keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Fix the cleanup zombies fix (685b782).
Werner Koch [Thu, 18 Jun 2015 11:34:48 +0000 (13:34 +0200)]
dirmngr: Fix the cleanup zombies fix (685b782).

* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
stdout reader after EOF from read_log_data.
* dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
the next iteration.
--

I assumed that the log_fd also has a reader object but that reader
object is used for stdout and needs to be closed by the consumer.

The real bug with the non-released ldap_wrapper control objects was
that when looping over distribution points we did not closed the used
reader object before the next iteration.  Now, the test case had more
than one DP and thus we lost one reader object.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Print a warning for obsolete options.
Werner Koch [Wed, 17 Jun 2015 10:59:29 +0000 (12:59 +0200)]
agent: Print a warning for obsolete options.

* g10/misc.c (obsolete_scdaemon_option): Move to
* common/miscellaneous.c (obsolete_option): ... here.
* agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
options.
--

GnuPG-bug-id: 2016
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Cleanup zombies and fix hang on shutdown.
Werner Koch [Tue, 16 Jun 2015 16:08:32 +0000 (18:08 +0200)]
dirmngr: Cleanup zombies and fix hang on shutdown.

* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
into the loop.  Check the queue also on timeout.  Close log_fd and
reader context on EOF or error.
--

The major bug here was that on an EOF of the log fd the log fd was not
closed and thus the final queue item removal could not work.  Checking
the queue on a timeout is not really necessary but it help in case
there is a race condition lingering.

GnuPG-bug-id: 1838, 1978
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Add missing cast for use of pid_t in printf.
Werner Koch [Tue, 16 Jun 2015 09:47:07 +0000 (11:47 +0200)]
dirmngr: Add missing cast for use of pid_t in printf.

--

4 years agodirmngr: Avoid accessing uninitialized memory in log callback.
Werner Koch [Tue, 16 Jun 2015 10:12:03 +0000 (12:12 +0200)]
dirmngr: Avoid accessing uninitialized memory in log callback.

* dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
use.
(start_connection_thread): Ditto.
(handle_connections): Ditto.
--

Example valgrind output:

==2921== Conditional jump or move depends on uninitialised value(s)
==2921==    at 0x5BBDEF4: pthread_getspecific (pthread_getspecific.c:57)
==2921==    by 0x40AAEE: pid_suffix_callback (dirmngr.c:614)
==2921==    by 0x433F5A: do_logv (logging.c:684)

This is because on 64 bit systems "sizeof aptr > sizeof aint" and thus
Valgrind complains about this.  It is no a real problem because we
don't use the unitialized bits.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agobuild: Distribute swdb.lst with the w32-source target.
Werner Koch [Tue, 16 Jun 2015 09:41:55 +0000 (11:41 +0200)]
build: Distribute swdb.lst with the w32-source target.

--

4 years agoDon't prompt for the password multiple times in pinentry loopback mode.
Neal H. Walfield [Tue, 16 Jun 2015 14:00:39 +0000 (16:00 +0200)]
Don't prompt for the password multiple times in pinentry loopback mode.

* g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
clear OPT.PASSPHRASE_REPEAT.

4 years agopo: Update Japanese Translation.
NIIBE Yutaka [Tue, 16 Jun 2015 03:52:45 +0000 (12:52 +0900)]
po: Update Japanese Translation.

4 years agodoc: Add defs.inc to BUILT_SOURCES
Werner Koch [Mon, 15 Jun 2015 14:19:44 +0000 (16:19 +0200)]
doc: Add defs.inc to BUILT_SOURCES

4 years agodoc: Update the record description of the trustdb.
Werner Koch [Mon, 15 Jun 2015 13:37:30 +0000 (15:37 +0200)]
doc: Update the record description of the trustdb.

--

This now reflects the used version of the trustdb.  However, it still
missed a detailed description on how it works.

4 years agoAdded release date of older versions to NEWS.
Werner Koch [Mon, 15 Jun 2015 12:12:43 +0000 (14:12 +0200)]
Added release date of older versions to NEWS.

--

4 years agoPost release updates.
Werner Koch [Thu, 11 Jun 2015 13:37:50 +0000 (15:37 +0200)]
Post release updates.

--

4 years agoRelease 2.1.5 gnupg-2.1.5
Werner Koch [Thu, 11 Jun 2015 12:43:57 +0000 (14:43 +0200)]
Release 2.1.5

4 years agow32: Adjust mkdefsinc.c for Windows
Werner Koch [Thu, 11 Jun 2015 12:43:38 +0000 (14:43 +0200)]
w32: Adjust mkdefsinc.c for Windows

--

Under Windows the file names are determined at runtime.  To have
somewhat useful names in the manuals, we provide replacements using
the strings "INSTDIR" and "APPDATA" for the installation directory and
the user specific application data.

4 years agopo: Auto-update
Werner Koch [Thu, 11 Jun 2015 11:05:53 +0000 (13:05 +0200)]
po: Auto-update

--

4 years agopo: Update German translation
Werner Koch [Thu, 11 Jun 2015 11:04:31 +0000 (13:04 +0200)]
po: Update German translation

--

4 years agopo: Update Russian translation
Ineiev [Thu, 11 Jun 2015 11:01:17 +0000 (13:01 +0200)]
po: Update Russian translation

--

4 years agoagent: Fix --extra-socket on Windows.
Werner Koch [Thu, 11 Jun 2015 07:43:32 +0000 (09:43 +0200)]
agent: Fix --extra-socket on Windows.

* agent/gpg-agent.c (start_connection_thread): Rename to ...
(do_start_connection_thread): this.  Factor nonce checking out to ...
(start_connection_thread_std): this,
(start_connection_thread_extra): this,
(start_connection_thread_browser): and this.
--

Although not tested, the code did not worked on Windows becuase we
were checning the wrong nonce.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add experimental option --browser-socket.
Werner Koch [Thu, 11 Jun 2015 07:36:27 +0000 (09:36 +0200)]
agent: Add experimental option --browser-socket.

* agent/agent.h (opt): Add field "browser_socket".
* agent/command.c (cmd_setkeydesc): Use a different message for
restricted==2.
* agent/gpg-agent.c (oBrowserSocket): New.
(opts): Add --browser-socket.
(socket_name_browser, redir_socket_name_browser): New.
(socket_nonce_browser): New.
(cleanup): Cleanup browser socket.
(main): Implement option.
(start_connection_thread_browser): New.
(handle_connections): Add arg listen_fd_browser and use it.
--

This is very similar to --extra-socket but intended to be used by a web
browser session.  AS of now it only displays a different "Note: in
the Pinentry than --extra-socket but it may eventually be tweaked for
the use by browser extensions making use of gpg-agent.

It is marked experimental and and thus may be removed in later
versions.

To better support the different "client classes", it would be useful
to add corresponsing cache classes so that each class has its own
cache.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add option --allow-emacs-pinentry
Daiki Ueno [Tue, 9 Jun 2015 12:07:00 +0000 (21:07 +0900)]
agent: Add option --allow-emacs-pinentry

* agent/agent.h (opt): Add field allow_emacs_pinentry.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oAllowEmacsPinentry): New.
(opts): Add option --allow-emacs-pinentry.
(parse_rereadable_options): Set this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
--

gpgconf-comp and manual entry added by wk.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Do not used fixed file names in the manuals.
Werner Koch [Tue, 9 Jun 2015 19:29:15 +0000 (21:29 +0200)]
doc: Do not used fixed file names in the manuals.

* doc/mkdefsinc.c: New.
* doc/Makefile.am: Include cmacros.am.
(EXTRA_DIST): Add mkdefsinc.c defsincdate.
(BUILT_SOURCES): Add defsincdate
(CLEANFILES): Add mkdefsinc and defs.inc.
(mkdefsinc): New rule.
(yat2m-stamp): Depend on defs.inc.
($(myman_pages) gnupg.7): Ditto.
(gnupg.texi): Remove rule to touch itself.
(dist-hook): New.
(defsincdate): New.
(defs.inc): New.
* doc/gnupg.texi: Remove inclusion of version.texi.  Include defs.inc.
Also include defs.inc in all files used to build man files.  Change
fixed directory names to those from defs.inc.
--

GnuPG-bug-id: 1661
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Avoid crash due to an empty crls.d/DIR.txt.
Werner Koch [Tue, 9 Jun 2015 09:31:06 +0000 (11:31 +0200)]
dirmngr: Avoid crash due to an empty crls.d/DIR.txt.

* dirmngr/crlcache.c (check_dir_version): Avoid segv.
--

GnuPG-bug-id: 1842
Debian-bug-id: 776611

4 years agodoc: Change the manual source to be only for GnuPG 2.1
Werner Koch [Mon, 8 Jun 2015 17:27:08 +0000 (19:27 +0200)]
doc: Change the manual source to be only for GnuPG 2.1

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoConvey envvar INSIDE_EMACS to the pinentry.
Werner Koch [Mon, 8 Jun 2015 16:58:27 +0000 (18:58 +0200)]
Convey envvar INSIDE_EMACS to the pinentry.

* common/session-env.c (stdenvnames): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add command "getinfo std_env_names".
Werner Koch [Mon, 8 Jun 2015 16:38:00 +0000 (18:38 +0200)]
agent: Add command "getinfo std_env_names".

* agent/command.c (cmd_getinfo): Add new sub-command.
--

The current output is:

  > getinfo std_env_names
  D GPG_TTY
  D TERM
  D DISPLAY
  D XAUTHORITY
  D XMODIFIERS
  D GTK_IM_MODULE
  D QT_IM_MODULE
  D PINENTRY_USER_DATA
  OK

Note that there is an invisible \x00 at the end of each line.

4 years agoscd: do_decipher change for OpenPGPcard v3.0.
NIIBE Yutaka [Fri, 5 Jun 2015 05:02:40 +0000 (14:02 +0900)]
scd: do_decipher change for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_decipher): Add a header for ECDH.

4 years agogpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c
Werner Koch [Thu, 4 Jun 2015 16:08:26 +0000 (18:08 +0200)]
gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c

* g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
* g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
* g10/trustdb.c (read_trust_record): Ditto.
(tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust, update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts, update_validity): Ditto.
(tdb_cache_disabled_value): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Cleanup error code path in case of a bad trustdb.
Werner Koch [Thu, 4 Jun 2015 15:39:55 +0000 (17:39 +0200)]
gpg: Cleanup error code path in case of a bad trustdb.

* g10/tdbio.c (tdbio_read_record): Fix returning of the error.
--

Actually the returned error will anyway be GPG_ERR_TRUSTDB but the old
code was not correct.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix output in case of a corrupted trustdb.
Werner Koch [Thu, 4 Jun 2015 15:34:33 +0000 (17:34 +0200)]
gpg: Fix output in case of a corrupted trustdb.

* g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
es_stdout.
* g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
list_trustdb only in verbose > 1 mode and let it dump to stderr.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Re-indent and improve documentation of g10/tdbio.c
Werner Koch [Thu, 4 Jun 2015 15:25:09 +0000 (17:25 +0200)]
gpg: Re-indent and improve documentation of g10/tdbio.c

--

4 years agodoc: Replace "conventional encryption" by "symmetric encryption".
Werner Koch [Tue, 2 Jun 2015 15:46:42 +0000 (17:46 +0200)]
doc: Replace "conventional encryption" by "symmetric encryption".

--

Suggested-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Ported from 2.0.

4 years agoscd: Fix key template of ECC.
NIIBE Yutaka [Fri, 29 May 2015 05:06:38 +0000 (14:06 +0900)]
scd: Fix key template of ECC.

* scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.

--

Forthcoming OpenPGPcard specification 3.0 will address this 0x92.

4 years agog10: Fix a race condition initially creating trustdb.
NIIBE Yutaka [Thu, 28 May 2015 08:08:37 +0000 (17:08 +0900)]
g10: Fix a race condition initially creating trustdb.

* g10/tdbio.c (take_write_lock, release_write_lock): New.
(put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
new lock functions.
(tdbio_set_dbname): Fix the race.
(open_db): Don't call dotlock_create.

--

GnuPG-bug-id: 1675

4 years agog10: Remove g10/signal.c.
NIIBE Yutaka [Wed, 27 May 2015 01:22:32 +0000 (10:22 +0900)]
g10: Remove g10/signal.c.

* g10/signal.c: Remove.
* g10/main.h: Remove old function API.
* g10/tdbio.c: Use new API, even in the dead code.

--

We use common/signal.c now.  The file g10/signal.c has been useless
since 2003-06-27.  Now, the removal.

4 years agoagent: Cleanup caching code for command GET_PASSPHRASE.
Werner Koch [Wed, 20 May 2015 14:13:55 +0000 (16:13 +0200)]
agent: Cleanup caching code for command GET_PASSPHRASE.

* agent/command.c (cmd_get_passphrase): Read from the user cache.
--

We used to read the passphrase with mode CACHE_MODE_NORMAL but we put
it into the cache with CACHE_MODE_USER.  However, agent_get_cache does
not yet distinguish between them and thus this does not change
anything.

4 years agoagent: When the password cache is cleared, also clear the ext. cache.
Neal H. Walfield [Tue, 19 May 2015 13:00:16 +0000 (15:00 +0200)]
agent: When the password cache is cleared, also clear the ext. cache.

* agent/agent.h (agent_clear_passphrase): New declaration.
* agent/call-pinentry.c (agent_clear_passphrase): New function.
* agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agoagent: Modify agent_clear_passphrase to support an ext. password cache.
Neal H. Walfield [Tue, 19 May 2015 12:58:04 +0000 (14:58 +0200)]
agent: Modify agent_clear_passphrase to support an ext. password cache.

* agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
cache_mode.  Update callers.
* agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
and cache_mode.  If KEYINFO and CACHE_MODE describe a cachable key,
then send SETKEYINFO to the pinentry.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agog10: detects public key encryption packet error properly.
NIIBE Yutaka [Tue, 19 May 2015 01:32:07 +0000 (10:32 +0900)]
g10: detects public key encryption packet error properly.

g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
encryption.

4 years agotests: More OpenPGP test keys
Werner Koch [Sat, 16 May 2015 10:20:02 +0000 (12:20 +0200)]
tests: More OpenPGP test keys

--

4 years agobuild: Make --disable-gpgsm work.
Werner Koch [Fri, 15 May 2015 11:20:52 +0000 (13:20 +0200)]
build: Make --disable-gpgsm work.

* Makefile.am: Always build kbx/
* g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
--

Note that "make check" still prints a warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoPost release updates.
Werner Koch [Tue, 12 May 2015 13:40:09 +0000 (15:40 +0200)]
Post release updates.

--

4 years agoRelease 2.1.4 gnupg-2.1.4
Werner Koch [Tue, 12 May 2015 13:07:38 +0000 (15:07 +0200)]
Release 2.1.4

4 years agopo: Auto-update
Werner Koch [Tue, 12 May 2015 12:57:05 +0000 (14:57 +0200)]
po: Auto-update

--

4 years agospeedo,w32: Update Windows README.
Werner Koch [Tue, 12 May 2015 12:54:29 +0000 (14:54 +0200)]
speedo,w32: Update Windows README.

--

4 years agospeedo: Add make option SELFCHECK=0 to build a new release.
Werner Koch [Tue, 12 May 2015 12:27:14 +0000 (14:27 +0200)]
speedo: Add make option SELFCHECK=0 to build a new release.

* build-aux/getswdb.sh: Add option --skip-selfcheck.
* build-aux/speedo.mk: Add option SELFCHECK.

4 years agopo: Update German translation
Werner Koch [Tue, 12 May 2015 11:20:20 +0000 (13:20 +0200)]
po: Update German translation

--

4 years agogpgparsemail: Rename a variable.
Werner Koch [Tue, 12 May 2015 09:31:11 +0000 (11:31 +0200)]
gpgparsemail: Rename a variable.

--

For unknown reason I used the term MOSS for an RFC1847 structure.
MOSS is a historic and broken security format for MIME define in 1848.
To avoid misunderstandings this patch changes the term to SMFM which
stands for Security Multiparts for MIME (rfc-1847).

4 years agocommon: Cope with AIX problem on number of open files.
Werner Koch [Mon, 11 May 2015 18:18:08 +0000 (20:18 +0200)]
common: Cope with AIX problem on number of open files.

* common/exechelp-posix.c: Limit returned value for too hight values.
--

GnuPG-bug-id: 1778
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg-connect-agent: Fix quoting of internal percent+ function.
Werner Koch [Mon, 11 May 2015 17:38:07 +0000 (19:38 +0200)]
gpg-connect-agent: Fix quoting of internal percent+ function.

* tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
escape '+'.
--

GnuPG-bug-id: 1841
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add option --no-allow-external-cache.
Werner Koch [Mon, 11 May 2015 16:08:44 +0000 (18:08 +0200)]
agent: Add option --no-allow-external-cache.

* agent/agent.h (opt): Add field allow_external_cache.
* agent/call-pinentry.c (start_pinentry): Act upon new var.
* agent/gpg-agent.c (oNoAllowExternalCache): New.
(opts): Add option --no-allow-external-cache.
(parse_rereadable_options): Set this option.
--

Pinentry 0.9.2 may be build with libsecret support and thus an extra
checkbox is displayed to allow the user to get passwords out of an
libsecret maintained cache.  Security aware user may want to avoid
this feature and may do this at runtime by enabling this option.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add strings for use by future Pinentry versions.
Werner Koch [Mon, 11 May 2015 08:25:09 +0000 (10:25 +0200)]
agent: Add strings for use by future Pinentry versions.

* agent/call-pinentry.c (start_pinentry): Add more strings.
--

We do this so that translations of these strings will be available at
the time a pinentry implements features which require these strings.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add option --debug-pinentry.
Werner Koch [Mon, 11 May 2015 08:23:24 +0000 (10:23 +0200)]
agent: Add option --debug-pinentry.

* agent/gpg-agent.c (oDebugPinentry): New.
(opts): Add --debug-pinentry.
(parse_rereadable_options): Set that option.
* agent/call-pinentry.c (start_pinentry): Pass option to
assuan_set_flag.
--

This option is quite useful to see the IPC between gpg-agent and
Pinentry.  Note that "debug 1024" is also required.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Avoid cluttering stdout with trustdb info in verbose mode.
Werner Koch [Fri, 8 May 2015 14:30:04 +0000 (16:30 +0200)]
gpg: Avoid cluttering stdout with trustdb info in verbose mode.

* g10/trustdb.c (validate_keys): Call dump_key_array only in debug
mode.
--

I guess that is a left-over from an early attempt to output
information on the trustdb for use by other tools.  Maybe related to
the former --list-trust-path command.  Sending it to stdout is
probably useful so we do this now only in debug mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix wrong output in list mode.
Werner Koch [Fri, 8 May 2015 14:20:26 +0000 (16:20 +0200)]
gpg: Fix wrong output in list mode.

* g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
LISTFP.
--

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This was an oversight from the conversion to estream or a separate
listing stream.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: New command --quick-adduid.
Werner Koch [Fri, 8 May 2015 14:08:57 +0000 (16:08 +0200)]
gpg: New command --quick-adduid.

* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add push/pop found state feature to keydb.
Werner Koch [Fri, 8 May 2015 13:51:11 +0000 (15:51 +0200)]
gpg: Add push/pop found state feature to keydb.

* g10/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init new field.
(keydb_push_found_state, keydb_pop_found_state): New.
* g10/keyring.c (kyring_handle): Add field saved_found.
(keyring_push_found_state, keyring_pop_found_state): New.
--

We have the same feature in gpgsm.  It is very useful to check for an
unambiguous user id with a follow up update of the keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Minor code merging in keyedit.
Werner Koch [Fri, 8 May 2015 10:05:52 +0000 (12:05 +0200)]
gpg: Minor code merging in keyedit.

* g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
(fix_keyblock): New.  Call fix_key_signature_order and other fix
functions.
(keyedit_menu): Factor code out to new fix_keyblock.
(keyedit_quick_sign): Ditto.  Check for primary fpr before calling
fix_keyblock.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoTypo fixes
Werner Koch [Fri, 8 May 2015 06:55:57 +0000 (08:55 +0200)]
Typo fixes

--

4 years agoagent: Minor change for 56b5c9f.
Werner Koch [Thu, 7 May 2015 13:42:00 +0000 (15:42 +0200)]
agent: Minor change for 56b5c9f.

* agent/call-pinentry.c (agent_askpin): Move option setting to ...
(start_pinentry): here.  Fix error code check.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Fix segfault in ldap engine
Kristian Fiskerstrand [Sat, 11 Apr 2015 23:11:07 +0000 (01:11 +0200)]
dirmngr: Fix segfault in ldap engine

(ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
initialized

4 years agoagent: Improve some comments.
Neal H. Walfield [Wed, 6 May 2015 13:27:23 +0000 (15:27 +0200)]
agent: Improve some comments.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agoagent: Improve support for externally cached passwords.
Neal H. Walfield [Wed, 6 May 2015 13:20:32 +0000 (15:20 +0200)]
agent: Improve support for externally cached passwords.

* agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
constant.
(pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
provided.
(agent_askpin): Pass "OPTION allow-external-password-cache" to the
pinentry.  Always pass SETKEYINFO to the pinentry.  If there is no
stable identifier, then use "--clear".  If the password is incorrect
and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
then decrement PININFO->FAILED_TRIES.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agoagent: Or in the value; don't overwrite the variable.
Neal H. Walfield [Wed, 6 May 2015 12:50:38 +0000 (14:50 +0200)]
agent: Or in the value; don't overwrite the variable.

* agent/call-pinentry.c (pinentry_status_cb): Or in
PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agoagent: Avoid magic numbers. Use more accurate names.
Neal H. Walfield [Wed, 6 May 2015 12:35:22 +0000 (14:35 +0200)]
agent: Avoid magic numbers.  Use more accurate names.

* agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
(PINENTRY_STATUS_PIN_REPEATED): Likewise.
(close_button_status_cb): Rename from this...
(pinentry_status_cb): ... to this.  Use the constants.
(agent_askpin): Rename local variable from close_button to
pinentry_status.  Use symbolic constants rather than magic numbers.

--

Signed-off-by: Neal H. Walfield <neal@g10code.com>
4 years agogpg: Improve 'General key info' line of --card-status.
Werner Koch [Thu, 7 May 2015 10:01:12 +0000 (12:01 +0200)]
gpg: Improve 'General key info' line of --card-status.

* g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".

* g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
* g10/keyid.c (keyid_from_fingerprint): Adjust for change.
* g10/revoke.c (gen_desig_revoke): Adjust for change.
* g10/card-util.c (card_status): Simplify by using new arg.  Align
card-no string.

* g10/card-util.c (card_status): Remove not used GnuPG-1 code.
--

This now prints "sub" if the first used card key is actually a subkey.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression not displaying the card serial number
Werner Koch [Thu, 7 May 2015 09:54:34 +0000 (11:54 +0200)]
gpg: Fix regression not displaying the card serial number

* g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
--

This regression is due to
commit 585d5c62eece23911a768d97d11f159be138b13d
from February 2013!

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agospeedo,w32: Install a native pinentry.
Werner Koch [Wed, 6 May 2015 09:06:26 +0000 (11:06 +0200)]
speedo,w32: Install a native pinentry.

* build-aux/speedo.mk: Always build pinentry for w32.
(speedo_pkg_pinentry_configure): Adjust to modern pinentry.
* build-aux/speedo/w32/inst.nsi: Install native pinentry under the
name pinentry-basic.exe.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agog10: fix cmp_public_key.
NIIBE Yutaka [Thu, 30 Apr 2015 08:02:42 +0000 (17:02 +0900)]
g10: fix cmp_public_key.

* g10/free-packet.c (cmp_public_keys): Compare opaque
data at the first entry of the array when it's unknown algo.

--

(forwardported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a)

GnuPG-bug-id: 1962

4 years agoscd: PC/SC reader selection by partial string match.
NIIBE Yutaka [Thu, 30 Apr 2015 03:36:38 +0000 (12:36 +0900)]
scd: PC/SC reader selection by partial string match.

* scd/apdu.c (open_pcsc_reader_direct): Partial string match.

--

The card reader name by PC/SC service might include USB bus,
which varies (on some platform like GNU/Linux).  Thus, it's
better to match partial string.

Original patch was submitted by anstein.  I changed it to fallback to
the first reader if no match found.

Note that we need to change pcsc-wrapper.c in 2.0 backport.

GnuPG-bug-id: 1618, 1930

4 years agocommon: Remove JNLIB from boiler plate (jnlib merge).
Werner Koch [Fri, 24 Apr 2015 14:42:28 +0000 (16:42 +0200)]
common: Remove JNLIB from boiler plate (jnlib merge).

* common/README.jnlib: Remove.
--

This is the final part of merging jnlib into gnupg/common.

4 years agocommon: Rename log and gcc attribute macros (jnlib merge).
Werner Koch [Fri, 24 Apr 2015 13:49:18 +0000 (15:49 +0200)]
common: Rename log and gcc attribute macros (jnlib merge).

* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--

JNLIB has no more meaning.  Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Remove two JNLIB_ macros (jnlib merge).
Werner Koch [Fri, 24 Apr 2015 14:10:15 +0000 (16:10 +0200)]
common: Remove two JNLIB_ macros (jnlib merge).

* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL.  Change all tests.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Remove libjnlib-config.h (jnlib merge).
Werner Koch [Fri, 24 Apr 2015 13:19:10 +0000 (15:19 +0200)]
common: Remove libjnlib-config.h (jnlib merge).

* common/libjnlib-config.h: Remove.
* common/common-defs.h (getenv) [HAVE_GETENV]: New.  From removed
header.
(getpid) [HAVE_W32CE_SYSTEM]: New.  From removed header.
* common/argparse.c: Include util.h and common-defs.h.  Replace
jnlib_ macro names for non-GNUPG builds by x* names.
* common/dotlock.c: Ditto.
* common/logging.c: Include util.h and common-defs.h.  Replace jnlib_
symbol names by x* names.
* common/strlist.c: Ditto.
* common/utf8conv.c: Ditto.
* common/w32-reg.c: Ditto.
* common/mischelp.c: Ditto.  Also remove _jnlib_free.
* common/stringhelp.c: Ditto.
(JNLIB_LOG_WITH_PREFIX): Do not depend on this macro.
* common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this
macro.
--

This is part 1 of the patches to merge the jnlib files into common/.
It does not make much sense to keep jnlib/ files separate.  They are
not often use elsewhere and maintaining the complex marcos stuff is
too troublesome for the future.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Move all DNS access to Dirmngr.
Werner Koch [Thu, 23 Apr 2015 13:42:56 +0000 (15:42 +0200)]
gpg: Move all DNS access to Dirmngr.

* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/.  Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.

* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.

* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--

With this patch gpg does not do any network access itself but uses
dirmngr for that.  Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows.  Probably also required for Solaris etc.

Signed-off-by: Werner Koch <wk@gnupg.org>