3 years agoRelease 0.9.7 pinentry-0.9.7
Werner Koch [Mon, 7 Dec 2015 09:33:14 +0000 (10:33 +0100)]
Release 0.9.7

3 years agodoc: Add a note about translated strings in Pinentry.
Werner Koch [Tue, 1 Dec 2015 12:01:29 +0000 (13:01 +0100)]
doc: Add a note about translated strings in Pinentry.

Suggested-by: Daniel Kahn Gillmor
3 years agoRemove unused code.
Werner Koch [Tue, 1 Dec 2015 11:54:38 +0000 (12:54 +0100)]
Remove unused code.

* secmem/util.c (lower_privs, raise_privs): Remove commented

3 years agotty: Fix formatting.
Neal H. Walfield [Fri, 27 Nov 2015 09:26:46 +0000 (10:26 +0100)]
tty: Fix formatting.

* tty/pinentry-tty.c (password): Remove trailing space.

3 years agotty: Flush output. Show an error if an invalid option is selected.
Neal H. Walfield [Wed, 18 Nov 2015 12:40:47 +0000 (13:40 +0100)]
tty: Flush output.  Show an error if an invalid option is selected.

* tty/pinentry-tty.c (confirm): Flush the output after printing the
prompt.  Echo what the user typed.  If the user's selection is
invalid, indicate as much.

Signed-off-by: Neal H. Walfield <>
3 years agoQt: Do not use temporary reference to utf8 pin
Dirk Mueller [Wed, 21 Oct 2015 12:41:53 +0000 (14:41 +0200)]
Qt: Do not use temporary reference to utf8 pin

* qt/main.cpp (qt_cmd_handler): Keep utf8 pin byte array.

The pin pointer was invalid after the UTF8 conversion
as the converted byte array only was temporary in that
call and the data pointer becomes invalid after it's

Commit message amended by Andre Heinecke. The original
commit message was:

const char* does not keep the temporary string returned
from toUtf8() active, since it doesn't keep the reference counter
set. So you usually just copy out garbage instead of the
pin that was entered. Just keep the QByteArray which keeps
the reference active.

GnuPG-bug-id: 2133

3 years agoQt: Fix assignment of have_qt5_libs variable.
Andre Heinecke [Fri, 2 Oct 2015 08:21:55 +0000 (10:21 +0200)]
Qt: Fix assignment of have_qt5_libs variable.

* m4/qt.m4 (FIND_QT): Remove spaces in variable assignment.

GnuPG-bug-id: 2105

3 years agoQt: Fix quoting of have_qt5_libs init in FIND_QT
Andre Heinecke [Fri, 2 Oct 2015 07:47:21 +0000 (09:47 +0200)]
Qt: Fix quoting of have_qt5_libs init in FIND_QT

* m4/qt.m4 (FIND_QT): Quote initialization of have_qt5_libs var.


Problem reported by Kristian F.

GnuPG-bug-id: 2105

3 years agoAdd option to disable looking for qt5
Andre Heinecke [Fri, 25 Sep 2015 13:56:55 +0000 (15:56 +0200)]
Add option to disable looking for qt5

* m4/qt.m4 (FIND_QT): Add --disable-pinentry-qt5 option to
disable qt5 support even if it is available.

As requested by Kristan F.

GnuPG-bug-id: 2105

3 years agoAdd option "invisible-char".
Werner Koch [Wed, 16 Sep 2015 18:56:47 +0000 (20:56 +0200)]
Add option "invisible-char".

* pinentry/pinentry.h (struct pinentry): Add field invisible_char.
* pinentry/pinentry.c (pinentry_reset): Restore that.
(option_handler): Add option "invisible-char".
* gtk+-2/pinentry-gtk-2.c (create_window): Set the invisible char if

The default GTK+ invisible character is pretty wide so that only ~16
characters show up in the smalles pinentry.  This is a bit annoying if
the passphrase is a longer due to the missing visual feedback.  By
using #x2022 ("•") this allows for ~23 characters and a plain "*" even
3 more characters.  Tastes are different so we allow to change that
character at runtime.

Signed-off-by: Werner Koch <>
3 years agoPost release updates
Werner Koch [Thu, 10 Sep 2015 18:38:29 +0000 (20:38 +0200)]
Post release updates


3 years agoRelease 0.9.6 pinentry-0.9.6
Werner Koch [Thu, 10 Sep 2015 18:31:00 +0000 (20:31 +0200)]
Release 0.9.6

Signed-off-by: Werner Koch <>
3 years agotty: When reading the password, print any supplied error message.
Neal H. Walfield [Mon, 24 Aug 2015 08:43:33 +0000 (10:43 +0200)]
tty: When reading the password, print any supplied error message.

* tty/pinentry-tty.c (password): Print any supplied error message.

3 years agotty: Refactor the code for printing error messages.
Neal H. Walfield [Mon, 24 Aug 2015 08:42:40 +0000 (10:42 +0200)]
tty: Refactor the code for printing error messages.

* tty/pinentry-tty.c (dump_error_text): New function to display error
(confirm): Use it.
(password): Likewise.

3 years agoClarify comment about fds in pinentry_loop2
Andre Heinecke [Tue, 18 Aug 2015 18:15:08 +0000 (20:15 +0200)]
Clarify comment about fds in pinentry_loop2

* pinentry/pinentry.h (pinetry_loop2): Clarify comment.

3 years agoQt: Make it possible to build qt5 variant static
Andre Heinecke [Tue, 18 Aug 2015 17:54:04 +0000 (19:54 +0200)]
Qt: Make it possible to build qt5 variant static

* qt/main.cpp: Import static platform plugins when necessary.

As pkg-config does not expose all libraries needed to link
qt5 statically with this patch it is possible to get a
static build by setting the LIBS variable correctly.

3 years agoRespect SYSROOT variable when looking for assuan
Andre Heinecke [Tue, 18 Aug 2015 17:47:42 +0000 (19:47 +0200)]
Respect SYSROOT variable when looking for assuan

* m4/libassuan.m4: Respect SYSROOT Variable.

This change makes the libassuan lookup work similar
to the libgpg-error lookup simplifying cross-compiling
a bit.

3 years agoFix pinentry for Windows
Andre Heinecke [Tue, 18 Aug 2015 17:24:25 +0000 (19:24 +0200)]
Fix pinentry for Windows

* pinentry/pinentry.c (pinentry_loop2): Use assuan_fdopen for pipe fds.
* pinentry/pinentry.h (pinentry_loop2): Mention this in the comment.

For Windows calling assuan_fdopen is neccessary as this does
some internal platform specific stuff (get_osfilehandle).

This issue was introduced by using the real libassuan instead
of the built in variant.

3 years agotty: Correctly implement the repeat passphrase functionality.
Neal H. Walfield [Tue, 11 Aug 2015 12:26:26 +0000 (14:26 +0200)]
tty: Correctly implement the repeat passphrase functionality.

* tty/pinentry-tty.c (password): If the user repeated the passphrase
and they matched, then set PINENTRY->REPEAT_OKAY.

3 years agotty: Fix buffer resizing bug.
Neal H. Walfield [Tue, 11 Aug 2015 12:25:05 +0000 (14:25 +0200)]
tty: Fix buffer resizing bug.

* tty/pinentry-tty.c (read_password): Fix buffer resizing bug.

3 years agoQt4: Rename to pinentry-qt and add Qt5 Support
Andre Heinecke [Tue, 28 Jul 2015 12:45:45 +0000 (14:45 +0200)]
Qt4: Rename to pinentry-qt and add Qt5 Support

* qt4: Moved to qt.
* Change qt4 suffix to qt.
* m4/qt.m4: Remove old qt lookup functions.
  (FIND_QT): New. Use pkg-config to find either Qt5 or Qt4
* Change qt4 suffix to qt. Use new FIND_QT function.
* qt/ Change qt4 suffix to qt. Use new FLAGS / LIBS.
* qt/pinentrydialog.cpp, qt/qrc_pinentry.cpp: Fix whitespace.
* .gitignore: Change qt4 paths to qt.
* README: Update accordingly.
* autogen.rc: Change qt4 to qt.
* qt/main.cpp (qt_cmd_handler, main): Change qt4 to qt.

Now if Qt5 is found with pkg-config Qt5 is used. Qt4 is still
supported as a fallback in case Qt5 is not found.

GnuPG-bug-id: 1806

3 years agodoc: Describe the frontends and their security implications.
Neal H. Walfield [Tue, 28 Jul 2015 09:53:25 +0000 (11:53 +0200)]
doc: Describe the frontends and their security implications.

* doc/pinentry.texi: Describe the frontends and their security

GnuPG-bug-id: 2034

3 years agoqt4: Replace the custom, secure entry widget with the standard widget.
Andre Heinecke [Tue, 28 Jul 2015 09:32:36 +0000 (11:32 +0200)]
qt4: Replace the custom, secure entry widget with the standard widget.

* Remove enable-pinentry-qt4-clipboard option.
* qt4/qsecurelineedit.cpp, qt4/qsecurelineedit.h,
  qt4/qsecurelineedit_p.h, qt4/secstring.cpp,
  qt4/secstring.h: Removed.
* qt4/ Update accordingly.
* qt4/main.cpp (qt_cmd_handler): Use QString instead of secqstring.
* qt4/pinentrydialog.cpp (PinentryDialog::PinentryDialog),
  (PinEntryDialog::error, PinEntryDialog::pin),
  (PinEntryDialog::updateQuality): Use QLineEdit and QString
  instead of secmem variants.
* qt4/pinentrydialog.cpp (PinentryDialog::PinentryDialog):
  Set echo mode to password.
* qt4/pinentrydialog.h: Update accordingly.

3 years agogtk2: Use gtk_widget_get_window instead of accessing the struct.
Neal H. Walfield [Sun, 26 Jul 2015 18:04:47 +0000 (20:04 +0200)]
gtk2: Use gtk_widget_get_window instead of accessing the struct.

* gtk+-2/pinentry-gtk-2.c (make_transient): Don't directly access the
window field of WIN.  Use gtk_widget_get_window instead.
(grab_keyboard): Likewise.
(ungrab_keyboard): Likewise.

Patch-by: Dimitri John Ledkov <>.
3 years agogtk2: Use newer tooltips functions, if available.
Neal H. Walfield [Sun, 26 Jul 2015 18:03:14 +0000 (20:03 +0200)]
gtk2: Use newer tooltips functions, if available.

* gtk+-2/pinentry-gtk-2.c (tooltips): Don't declare for Gtk+ >=2.12.0.
(create_window): Gtk+ >=2.12.0, use gtk_widget_set_tooltip_text
instead of gtk_tooltips_set_tip.

Patch-by: Dimitri John Ledkov <>.
3 years agoDon't build the emacs pinentry program by default.
Neal H. Walfield [Sun, 26 Jul 2015 17:45:45 +0000 (19:45 +0200)]
Don't build the emacs pinentry program by default.

3 years agogtk2: Replace the custom, secure entry widget with the standard widget.
Neal H. Walfield [Sun, 26 Jul 2015 17:36:38 +0000 (19:36 +0200)]
gtk2: Replace the custom, secure entry widget with the standard widget.

* gtk+-2/ (pinentry_gtk_2_SOURCES): Remove gtksecentry.c,
gtksecentry.h and gseal-gtk-compat.h.
* gtk+-2/gseal-gtk-compat.h: Remove file.
* gtk+-2/gtksecentry.c: Remove file.
* gtk+-2/gtksecentry.h: Remove file.
* gtk+-2/pinentry-gtk-2.c: Don't include "gtksecentry.h".
(button_clicked): Use gtk_entry_get_text instead of
(changed_text_handler): Use gtk_entry_get_text instead of
gtk_secure_entry_get_text and use gtk_entry_set_text instead of
(create_window): Use gtk_entry_new instead of gtk_secure_entry_new.
Disable text visibility on ENTRY and REPEAT_ENTRY.
(main): Don't override the memory allocation functions.

3 years agogtk2: Simplify focus / default entry management.
Neal H. Walfield [Sun, 26 Jul 2015 17:29:49 +0000 (19:29 +0200)]
gtk2: Simplify focus / default entry management.

* gtk+-2/pinentry-gtk-2.c (create_window): Don't have ENTRY or
REPEAT_ENTRY explicitly grab the focus.  The default is fine.  Don't
QUALITYBAR.  Only set GTK_CAN_DEFAULT on the ok button.  In pin entry
mode, make the ok button the default.

3 years agogtk2: Have enter in the text entry, send the focus to the repeat entry.
Neal H. Walfield [Sun, 26 Jul 2015 17:23:53 +0000 (19:23 +0200)]
gtk2: Have enter in the text entry, send the focus to the repeat entry.

* gtk+-2/pinentry-gtk-2.c (enter_callback): Rename anentry to
next_widget.  If NEXT_WIDGET is not NULL, send the focus to it.
Otherwise, call button_clicked.
(create_window): Initialize repeat_entry to NULL.  When connecting the
enter_callback entry to REPEAT_ENTRY, set the user data paramter to
NULL.  Connect the entry_callback entry to ENTRY after initializing
REPEAT_ENTRY (if applicable) and set the user data parameter to

3 years agogtk2: Simplify: combine confirm_button_clicked and button_clicked.
Neal H. Walfield [Sun, 26 Jul 2015 16:54:14 +0000 (18:54 +0200)]
gtk2: Simplify: combine confirm_button_clicked and button_clicked.

* gtk+-2/pinentry-gtk-2.c (confirm_mode): New global static.
(confirm_button_clicked): Fold this function...
(button_clicked): ... into this one.  Update all callers.
(create_window): Remove argument confirm_mode.
(gtk_cmd_handler): Set confirm_mode.

3 years agoPost release updates
Werner Koch [Wed, 1 Jul 2015 15:14:01 +0000 (17:14 +0200)]
Post release updates


3 years agoRelease 0.9.5 pinentry-0.9.5
Werner Koch [Wed, 1 Jul 2015 15:09:25 +0000 (17:09 +0200)]
Release 0.9.5

3 years agow32: Adjust for use of standard libassuan.
Werner Koch [Wed, 1 Jul 2015 15:00:41 +0000 (17:00 +0200)]
w32: Adjust for use of standard libassuan.

* autogen.rc: Add gpg-error and libassuan prefix options.
(pinentry_w32_LDADD): Use COMMON_LIBS.

3 years agoDistribute files in m4/
Werner Koch [Wed, 1 Jul 2015 14:45:27 +0000 (16:45 +0200)]
Distribute files in m4/

3 years agocurses: remove hard-wired ncursesw include path
Gergely Imreh [Wed, 24 Jun 2015 09:52:56 +0000 (09:52 +0000)]
curses: remove hard-wired ncursesw include path

* pinentry/pinentry-curses.c: pkg-config finds the correct include
paths so should not hard-wire the path for the ncursesw header file.

3 years agoemacs: Don't link against ../assuan/libassuan.a.
Neal H. Walfield [Tue, 23 Jun 2015 18:59:19 +0000 (20:59 +0200)]
emacs: Don't link against ../assuan/libassuan.a.

* emacs/ (LDADD): Don't link against ../assuan/libassuan.a.
We now use the system libassuan.

3 years agocurses: Recognize ASCII DEL as backspace.
Neal H. Walfield [Tue, 23 Jun 2015 17:57:11 +0000 (19:57 +0200)]
curses: Recognize ASCII DEL as backspace.

* pinentry/pinentry-curses.c (dialog_input): Recognize ASCII DEL as

Reported-by chdiza
GnuPG-bug-id: 2020

3 years agoAdd inside-Emacs mode to GUI pinentry programs
Daiki Ueno [Wed, 17 Jun 2015 01:32:22 +0000 (10:32 +0900)]
Add inside-Emacs mode to GUI pinentry programs

* Add --enable-pinentry-emacs and
--enable-inside-emacs option.
(BUILD_PINENTRY_EMACS): New conditional.
(INSIDE_EMACS): New conditional.
* (pinentry_emacs): New.
(SUBDIRS): Add "emacs" subdir if PINENTRY_EMACS is set.

* pinentry/pinentry-emacs.h: New file.
* pinentry/pinentry-emacs.c: New file.
* pinentry/ New file.
* pinentry/pinentry.c (option_handler): Handle the allow-emacs-prompt
Assuan option.

* emacs/pinentry-emacs.c: New file.
* emacs/ New file.

3 years agoIf we fail to initialize gtk, fallback to the curses frontend.
Neal H. Walfield [Tue, 16 Jun 2015 10:52:46 +0000 (12:52 +0200)]
If we fail to initialize gtk, fallback to the curses frontend.

* gnome3/pinentry-gnome3.c (main): Use gtk_init_check instead of
gtk_init.  If it fails, fallback to the curses frontend.

3 years agoFix comment for pinentry_cmd_handler_t.
Neal H. Walfield [Tue, 16 Jun 2015 10:18:06 +0000 (12:18 +0200)]
Fix comment for pinentry_cmd_handler_t.

* pinentry/pinentry.h (pinentry_cmd_handler_t): Fix comment.

3 years agoDescribe default-prompt in the implementation section of the manual.
Neal H. Walfield [Tue, 16 Jun 2015 10:17:32 +0000 (12:17 +0200)]
Describe default-prompt in the implementation section of the manual.

* doc/pinentry.texi (Implementation Details): Describe default-prompt.

3 years agoRemove internal mini-libassuan implementation and link to libassuan.
Neal H. Walfield [Sat, 13 Jun 2015 19:43:33 +0000 (21:43 +0200)]
Remove internal mini-libassuan implementation and link to libassuan.

* assuan/ChangeLog-old: Remove file.
* assuan/ Remove file.
* assuan/README.1st: Remove file.
* assuan/assuan-buffer.c: Remove file.
* assuan/assuan-defs.h: Remove file.
* assuan/assuan-handler.c: Remove file.
* assuan/assuan-listen.c: Remove file.
* assuan/assuan-pipe-server.c: Remove file.
* assuan/assuan-util.c: Remove file.
* assuan/assuan.h: Remove file.
* assuan/mkerrors: Remove file.

* Check for libgpg-error and libassuan.
(AC_CONFIG_FILES): Don't generate assuan/Makefile.
(config.h): Define GPG_ERR_SOURCE_DEFAULT.
* (SUBDIRS): Remove assuan.
* curses/ (LDADD): Remove ../assuan/libassuan.a.
* gnome3/ (AM_CPPFLAGS): Remove -I$(top_srcdir)/assuan.
(LDADD): Remove ../assuan/libassuan.a.
* gtk+-2/ (LDADD): Remove ../assuan/libassuan.a.
* pinentry/ Remove -I$(top_srcdir)/assuan.
* qt4/ (AM_CPPFLAGS): Remove -I$(top_srcdir)/assuan.
(pinentry_qt4_LDADD): Remove $(top_builddir)/assuan/libassuan.a.
* tty/ (LDADD): Remove ../assuan/libassuan.a.

* gnome3/pinentry-gnome3.c: Include <assuan.h>, not "assuan.h".
Replace ASSUAN_General_Error, etc. with gpg_error or
* pinentry/pinentry-curses.c: Likewise.
* pinentry/pinentry.c: Likewise.
(pinentry_assuan_reset_handler): Change return type to gpg_error_t.
Change type of argument CTX from ASSUAN_CONTEXT to assuan_context_t.
Return 0.
(pinentry_inq_quality): Change variable CTX's type from ASSUAN_CONTEXT
to assuan_context_t.
(assuan_malloc_hooks): New variable.
(pinentry_init): Call gpgrt_check_version.  Change use of
assuan_set_malloc_hooks to match libassuan's semantics.
(option_handler): Return a gpg_error_t, not an int.  Replace use of
ASSUAN_Out_Of_Core, etc. with gpg_error or gpg_error_from_syserror.
(cmd_setdesc): Return a gpg_error_t, not an int.  Change argument
CTX's type from ASSUAN_CONTEXT to assuan_context_t.  Replace use of
ASSUAN_Out_Of_Core, etc. with gpg_error or gpg_error_from_syserror.
(cmd_setprompt): Likewise.
(cmd_setkeyinfo): Likewise.
(cmd_setrepeat): Likewise.
(cmd_setrepeaterror): Likewise.
(cmd_seterror): Likewise.
(cmd_setok): Likewise.
(cmd_setnotok): Likewise.
(cmd_setcancel): Likewise.
(cmd_settimeout): Likewise.
(cmd_settitle): Likewise.
(cmd_setqualitybar): Likewise.
(cmd_setqualitybar_tt): Likewise.
(cmd_getpin): Likewise.
(cmd_confirm): Likewise.
(cmd_message): Likewise.
(cmd_getinfo): Likewise.
(cmd_clear_passphrase): Likewise.
(register_commands): Likewise.  Change use of assuan_register_command
to match libassuan's semantics.
(pinentry_loop2): Change variable RC's type from int to gpg_error_t.
Change variable CTX's type from ASSUAN_CONTEXT to assuan_context_t.
Use assuan_new to initialize CTX.  Change use of
assuan_init_pipe_server to match libassuan's semantics.  Replace use
of assuan_strerror with gpg_strerror.  Call assuan_release instead of

3 years agoQt4: Fix GCC compile warnings
Andre Heinecke [Tue, 19 May 2015 15:19:48 +0000 (17:19 +0200)]
Qt4: Fix GCC compile warnings

* qt4/qsecurelineedit.cpp (QSecureLineEdit::sizeHint),
(QSecureLineEdit::minimumSizeHint): Remove unused Q_D macros.
(QSecureLineEdit::setCursorPosition, QSecureLineEditPrivate::setText),
(QSecureLineEditPrivate::hasAcceptableInput): Explicitly cast length to int.
(QSecureLineEditPrivate::maskString): Use unsigned type for strIndex.
(QSecureLineEditPrivate::maskString): Remove uneccesary casts.
* qt4/secstring.cpp (toUtf8): Remove unused variable.

3 years agognome3: Actually respect the user's choice of using a password manager.
Neal H. Walfield [Sun, 7 Jun 2015 12:36:39 +0000 (14:36 +0200)]
gnome3: Actually respect the user's choice of using a password manager.

* gnome3/pinentry-gnome3.c (create_prompt) [HAVE_LIBSECRET]: Only show
the libsecret prompt in this case.
(gnome3_cmd_handler) [HAVE_LIBSECRET]: Set PE->MAY_CACHE_PASSWORD
according to the user's choice.

3 years agoPost release updates.
Werner Koch [Fri, 5 Jun 2015 18:46:52 +0000 (20:46 +0200)]
Post release updates.


3 years agoRelease 0.9.4 pinentry-0.9.4
Werner Koch [Fri, 5 Jun 2015 18:40:28 +0000 (20:40 +0200)]
Release 0.9.4

3 years agosecmem: When clearing memory, don't clear beyond the end of the buffer.
Neal H. Walfield [Fri, 5 Jun 2015 03:29:03 +0000 (05:29 +0200)]
secmem: When clearing memory, don't clear beyond the end of the buffer.

* secmem/secmem.c (secmem_malloc): Only clear the user memory; don't
clear beyond the end of the buffer.

3 years agoMake pinentry_setbufferlen always return the pin buffer.
Daniel Kahn Gillmor [Wed, 3 Jun 2015 17:27:26 +0000 (13:27 -0400)]
Make pinentry_setbufferlen always return the pin buffer.

* pinentry/pinentry.c (pinentry_setbufferlen): When the pin buffer is
already large enough, return the buffer instead of NULL.


Signed-Off-By: Daniel Kahn Gillmor <>
Debian-Bug-Id: 787639

3 years agoFixed compiler warnings - mostly unused parameter.
Werner Koch [Tue, 2 Jun 2015 09:36:36 +0000 (11:36 +0200)]
Fixed compiler warnings - mostly unused parameter.

3 years agoAdd more GCC warnings flags.
Werner Koch [Tue, 2 Jun 2015 09:19:57 +0000 (11:19 +0200)]
Add more GCC warnings flags.

* Add GCC specific -W flags.

Note that --enable-maintainer-mode is required to see all warnings.

3 years agouse g_debug(format, ...) safely
Daniel Kahn Gillmor [Tue, 2 Jun 2015 02:52:23 +0000 (22:52 -0400)]
use g_debug(format, ...) safely

* pinentry/password-cache.c (password_cache_clear): use g_debug safely
  in case error->message is malformed.


Without this change, with -Werror=format-security, we see:

password-cache.c: In function ‘password_cache_clear’:
password-cache.c:153:7: error: format not a string literal and no format arguments [-Werror=format-security]

3 years agoPost release updates
Werner Koch [Mon, 1 Jun 2015 16:30:38 +0000 (18:30 +0200)]
Post release updates


3 years agoRelease 0.9.3 pinentry-0.9.3
Werner Koch [Mon, 1 Jun 2015 16:13:58 +0000 (18:13 +0200)]
Release 0.9.3

3 years agoFix qt4 pinentry window created in the background
Stanislav Ochotnicky [Wed, 12 Nov 2014 19:48:28 +0000 (20:48 +0100)]
Fix qt4 pinentry window created in the background

This is probably just a workaround. Proper fix is being investigated.

GnuPG-bug-id: 1981

3 years agoImprove configure log messages for ncurses/ncursesw.
Werner Koch [Wed, 20 May 2015 10:11:57 +0000 (12:11 +0200)]
Improve configure log messages for ncurses/ncursesw.

* m4/pkg.m4: Print the moule name not the variable name.

We now show

  checking for ncursesw... no
  checking for ncurses... yes

instead of

  checking for ncurses... no
  checking for ncurses... yes

3 years agoRemove obsolete qt/ from the repo.
Werner Koch [Wed, 20 May 2015 08:32:58 +0000 (10:32 +0200)]
Remove obsolete qt/ from the repo.


qt/ was the QT3 version.

3 years agoRemove obsolete gtk/ from the repo.
Werner Koch [Wed, 20 May 2015 08:29:55 +0000 (10:29 +0200)]
Remove obsolete gtk/ from the repo.


3 years agoRemove debian/ from the repo.
Werner Koch [Wed, 20 May 2015 08:29:00 +0000 (10:29 +0200)]
Remove debian/ from the repo.


3 years agoAllow building without ncursesw and other minor fixes.
Werner Koch [Wed, 20 May 2015 08:23:46 +0000 (10:23 +0200)]
Allow building without ncursesw and other minor fixes.

* pinentry/password-cache.c (password_cache_clear): s/debug/g_debug/.
* pinentry/pinentry-curses.c (dialog_input): Actually bail out.
(dialog_run) [!HAVE_NCURSESW]: Define alt.

3 years agogtk+-2: Make sure the save-passphrase-externally checkbox is not checked.
Neal H. Walfield [Tue, 19 May 2015 13:41:26 +0000 (15:41 +0200)]
gtk+-2: Make sure the save-passphrase-externally checkbox is not checked.

* gtk+-2/pinentry-gtk-2.c (create_window): Make sure the check button
to save the passphrase externally is not checked by default.

3 years agoProvide an Assuan command to clear a cached password.
Neal H. Walfield [Tue, 19 May 2015 09:14:33 +0000 (11:14 +0200)]
Provide an Assuan command to clear a cached password.

* pinentry/password-cache.c (password_cache_clear): New function.
* pinentry/password-cache.h (password_cache_clear): New declaration.
* pinentry/pinentry.c (cmd_getinfo): New function.
(register_commands): Have the Assuan command "CLEARPASSPHRASE" call

3 years agoIf there is an error message, show it and don't read from the cache.
Neal H. Walfield [Tue, 19 May 2015 08:45:45 +0000 (10:45 +0200)]
If there is an error message, show it and don't read from the cache.

* pinentry/pinentry.c (cmd_getpin): If PINENTRY.ERROR is not NULL,
don't read the password from the cache.

3 years agocurses: When creating the button text, respect underscores.
Neal H. Walfield [Mon, 18 May 2015 20:34:50 +0000 (22:34 +0200)]
curses: When creating the button text, respect underscores.

* pinentry/pinentry-curses.c (MAKE_BUTTON): When creating the button
text, respect underscores.

3 years agocurses: Make control-l repaint the screen.
Neal H. Walfield [Mon, 18 May 2015 20:23:56 +0000 (22:23 +0200)]
curses: Make control-l repaint the screen.

* pinentry/pinentry-curses.c (dialog_input): Make control-l repaint
the screen.

3 years agocurses: Make control-h an alias for backspace.
Neal H. Walfield [Mon, 18 May 2015 20:23:26 +0000 (22:23 +0200)]
curses: Make control-h an alias for backspace.

* pinentry/pinentry-curses.c (dialog_input): Add control-h an alias
for backspace.

3 years agoWhen checking for ncurses, first try using PKG_CHECK_MODULES.
Neal H. Walfield [Mon, 18 May 2015 07:57:00 +0000 (09:57 +0200)]
When checking for ncurses, first try using PKG_CHECK_MODULES.

* m4/curses.m4: When checking for ncurses, first try using

Patch-By: Alon Bar-Lev
3 years agoPurge dead code enabled by ENABLE_ENHANCED.
Neal H. Walfield [Mon, 18 May 2015 07:52:38 +0000 (09:52 +0200)]
Purge dead code enabled by ENABLE_ENHANCED.

3 years agogtk+-2: If gtk fails to initialize, fallback to the curses backend.
Neal H. Walfield [Sat, 16 May 2015 20:51:20 +0000 (22:51 +0200)]
gtk+-2: If gtk fails to initialize, fallback to the curses backend.

* gtk+-2/pinentry-gtk-2.c (main): Use gtk_init_check instead of
gtk_init.  If gtk_init_check fails, fallback to the curses backend.


Reported-by: Daniel Kahn Gillmorr <>. Closes
issue #1982.

3 years agocurses: Handle control-u, control-w and alt-backspace.
Neal H. Walfield [Sat, 16 May 2015 20:33:05 +0000 (22:33 +0200)]
curses: Handle control-u, control-w and alt-backspace.

* pinentry/pinentry-curses.c (dialog_input): Take additional argument,
alt.  Update callers.  If passed control-u, erase the whole line.  If
passed alt-backspace or control-w, erase any white space the the
previous word.
(dialog_run): Detect when alt is pressed.

3 years agosecmem: Clear the buffer before returning it from secmem_malloc.
Neal H. Walfield [Sat, 16 May 2015 19:35:02 +0000 (21:35 +0200)]
secmem: Clear the buffer before returning it from secmem_malloc.

* secmem/secmem.c (secmem_malloc): In case wipememory2 gets optimized
away in secmem_free, clear the buffer before returning it.

3 years agocurses: NUL terminate the pin entry buffer.
Neal H. Walfield [Sat, 16 May 2015 19:34:06 +0000 (21:34 +0200)]
curses: NUL terminate the pin entry buffer.

* pinentry/pinentry-curses.c (dialog_run): NUL terminate the pin entry

3 years agocurses: Make sure the pin entry buffer is larger enough.
Neal H. Walfield [Sat, 16 May 2015 19:30:33 +0000 (21:30 +0200)]
curses: Make sure the pin entry buffer is larger enough.

* pinentry/pinentry-curses.c (dialog_input): Make sure the pin entry
buffer is large enough.

3 years agocurses: Avoid aliasing the pin buffer.
Neal H. Walfield [Sat, 16 May 2015 19:25:42 +0000 (21:25 +0200)]
curses: Avoid aliasing the pin buffer.

* pinentry/pinentry-curses.c (struct dialog): Remove field pin.  Add
field pinentry.
(dialog_create): Don't set DIALOG->PIN to PINENTRY->PIN.  Set
DIALOG->PINENTRY->PIN.  Update other users.

3 years agogtk+-2: When the dialog is destroyed, remove any pending timers.
Neal H. Walfield [Sat, 16 May 2015 16:39:14 +0000 (18:39 +0200)]
gtk+-2: When the dialog is destroyed, remove any pending timers.

* gtk+-2/pinentry-gtk-2.c (timeout_source): New variable.
(timeout_cb): Set it to 0.
(create_window): When setting up the timeout, save the source
identifier in TIMEOUT_SOURCE.
(gtk_cmd_handler): If TIMEOUT_SOURCE is not 0, remove the timeout.

Reported-by: Daniel Kahn Gillmorr <>.
3 years agocurses: If an error occurs while reading input, cancel the operation.
Neal H. Walfield [Sat, 16 May 2015 14:28:19 +0000 (16:28 +0200)]
curses: If an error occurs while reading input, cancel the operation.

* pinentry/pinentry-curses.c (dialog_run) [! HAVE_DOSISH_SYSTEM]: If
an error occurs while reading input, cancel the operation.

Patch-by: Julien Cristau and Daniel Kahn Gillmor.
3 years agotty: ok takes precedence over default-ok. Likewise for cancel.
Neal H. Walfield [Sat, 16 May 2015 14:07:19 +0000 (16:07 +0200)]
tty: ok takes precedence over default-ok.  Likewise for cancel.

* tty/pinentry-tty.c (confirm): When creating the ok button,
pinentry->ok takes precedence over pinentry->default-ok.  Likewise for
pinentry->cancel and pinentry->default_cancel.

3 years agoDon't use a static initializer to initialize PINENTRY.
Neal H. Walfield [Sat, 16 May 2015 12:56:27 +0000 (14:56 +0200)]
Don't use a static initializer to initialize PINENTRY.

* pinentry/pinentry.c (pinentry): Don't use a static initializer.
(pinentry_reset): Initialize PINENTRY here.
(pinentry_parse_opts): Call pinentry_reset here.
(pinentry_assuan_reset_handler): New function.
(pinentry_loop2): Register it as the assuan reset handler.

3 years agoDon't emit the LC_CTYPE-not-set warning more than once.
Neal H. Walfield [Sat, 16 May 2015 11:37:46 +0000 (13:37 +0200)]
Don't emit the LC_CTYPE-not-set warning more than once.

* pinentry/pinentry.c (lc_ctype_unknown_warning): New variable.
(pinentry_utf8_to_local): Only emit the LC_CTYPE warning if
lc_ctype_unknown_warning is not set.  After emitted such a warning,
set lc_ctype_unknown_warning.
(pinentry_local_to_utf8): Likewise.

3 years agocurses: Use default-ok and default-cancel if set.
Neal H. Walfield [Sat, 16 May 2015 11:28:16 +0000 (13:28 +0200)]
curses: Use default-ok and default-cancel if set.

* pinentry/pinentry-curses.c (default_notok): New macro.
(MAKE_BUTTON): Also check if default variant is set.

3 years agocurses: Don't show the notok button in pin entry mode.
Neal H. Walfield [Sat, 16 May 2015 11:10:41 +0000 (13:10 +0200)]
curses: Don't show the notok button in pin entry mode.

* pinentry/pinentry-curses.c (dialog_create): Don't show the notok
button in pin entry mode.

3 years agoAvoid implicit declaration of function addnwstr.
Daniel Kahn Gillmor [Wed, 13 May 2015 20:36:26 +0000 (16:36 -0400)]
Avoid implicit declaration of function addnwstr.

* pinentry/pinentry-curses.c [HAVE_NCURSESW]: Include <ncursesw/curses.h>.
[! HAVE_NCURSESW]: Only include <curses.h> in this case.


When built with libncursesw, we see this problem:

pinentry-curses.c:440:8: warning: implicit declaration of function ‘addnwstr’ [-Wimplicit-function-declaration]
        ADDCH (start[i]);

3 years agotty: Handle the case where the user needs to repeat the passphrase.
Neal H. Walfield [Wed, 13 May 2015 21:13:30 +0000 (23:13 +0200)]
tty: Handle the case where the user needs to repeat the passphrase.

* tty/pinentry-tty.c: Include "memory.h".
(read_password): Break into two functions: read_password and password.
(read_password): Just read the password from the terminal and return
it in secure memory (or NULL if the user canceled the entry or there
was an error).
(password): Improve output.  Handle the repeat passphrase case (i.e.,
when pinentry->repeat_passphrase is set).
* tty/ (AM_CPPFLAGS): Add "-I$(top_srcdir)/secmem".

3 years agoAdd a new helper function, pinentry_setbuffer_use.
Neal H. Walfield [Wed, 13 May 2015 21:09:46 +0000 (23:09 +0200)]
Add a new helper function, pinentry_setbuffer_use.

* pinentry/pinentry.c (pinentry_setbuffer_use): New function.
* pinentry/pinentry.h (pinentry_setbuffer_use): New declaration.

3 years agotty: Always call do_touch_file if we (potentially) touched the screen.
Neal H. Walfield [Wed, 13 May 2015 20:12:59 +0000 (22:12 +0200)]
tty: Always call do_touch_file if we (potentially) touched the screen.

* tty/pinentry-tty.c (tty_cmd_handler): Always call do_touch_file.

3 years agotty: Improve confirmation mode functionality.
Neal H. Walfield [Wed, 13 May 2015 20:09:15 +0000 (22:09 +0200)]
tty: Improve confirmation mode functionality.

* tty/pinentry-tty.c: Include <ctype.h>.
(ALERT_START): Define.
(button): New function.
(confirm): Rewrite to include all confirmation mode functionality.
(tty_cmd_handler): Don't include any confirmation mode functionality.
Just call confirm.

3 years agoFix linking order to work when linked with --as-needed.
Neal H. Walfield [Wed, 13 May 2015 19:47:11 +0000 (21:47 +0200)]
Fix linking order to work when linked with --as-needed.

* curses/ (LDADD): Add $(COMMON_LIBS) after all of the
local objects and object archives.
* gnome3/ (LDADD): Likewise.
* gtk+-2/ (LDADD): Likewise.
* qt4/ (pinentry_qt4_LDADD): Likewise.
* tty/ (LDADD): Likewise.

Reported-by: Daniel Kahn Gillmor <>
3 years agoDon't interpret the handler's return value as the passphrase's length.
Neal H. Walfield [Wed, 13 May 2015 12:20:23 +0000 (14:20 +0200)]
Don't interpret the handler's return value as the passphrase's length.

* pinentry/pinentry.c (cmd_getpin): Don't interpret the return value
as the passphrase length.  Use strlen instead.

3 years agoMake the management of more explicit.
Neal H. Walfield [Wed, 13 May 2015 11:52:03 +0000 (13:52 +0200)]
Make the management of more explicit.

* pinentry/pinentry.c: Include <assert.h>.
(pinentry): Set pin_len to 0.
(pinentry_setbufferlen): If len is less than 2048, set it to 2048.
Add an assertion.
(pinentry_setbuffer_clear): New function that releases the pin buffer.
(pinentry_setbuffer_init): New function that initializes the pin
(cmd_getpin): Use pinentry_setbuffer_init and pinentry_setbuffer_clear
instead of manual memory management.
(cmd_confirm): Use pinentry_setbuffer_clear instead of manual memory

3 years agoBetter document struct pinentry.
Neal H. Walfield [Wed, 13 May 2015 12:21:19 +0000 (14:21 +0200)]
Better document struct pinentry.

* pinentry/pinentry.h (struct pinentry): Better document the various

3 years agoFix some documentation details.
Neal H. Walfield [Tue, 12 May 2015 15:09:34 +0000 (17:09 +0200)]
Fix some documentation details.

* doc/pinentry.texi: Fix some details.

3 years agoAdd a GNOME3 pinentry based on gcr.
Neal H. Walfield [Tue, 12 May 2015 15:07:49 +0000 (17:07 +0200)]
Add a GNOME3 pinentry based on gcr.

* (--enable-pinentry-gnome3): Option to enable the GNOME3
(pinentry_gnome_3): Set to yes if enabled and gcr-3 and gcr-base-3 gcr
is available.
(GNOME3LIBS): Define and AC_SUBST.
* (pinentry_gnome_3): Define.
(SUBDIRS): Add ${pinentry_gnome_3}.
* gnome3/ New file.
* gnome3/pinentry-gnome3.c: New file.

3 years agoAdd new chapter to documentation describing implementation details.
Neal H. Walfield [Tue, 12 May 2015 13:47:27 +0000 (15:47 +0200)]
Add new chapter to documentation describing implementation details.

* doc/pinentry.texi: Add new chapter describing some implementation

3 years agoSimplify code.
Neal H. Walfield [Mon, 11 May 2015 14:35:12 +0000 (16:35 +0200)]
Simplify code.

* pinentry/pinentry.c (cmd_confirm): Don't use nested ternary

3 years agoImplement cmd_confirm in terms of cmd_message.
Neal H. Walfield [Mon, 11 May 2015 14:14:58 +0000 (16:14 +0200)]
Implement cmd_confirm in terms of cmd_message.

* pinentry/pinentry.c (cmd_confirm): Implement cmd_confirm in terms of

3 years agoFix memory allocation in pinentry_setbufferlen.
Neal H. Walfield [Mon, 11 May 2015 14:14:18 +0000 (16:14 +0200)]
Fix memory allocation in pinentry_setbufferlen.

* pinentry/pinentry.c (pinentry_setbufferlen): Set PIN->PIN to a
buffer that is LEN bytes large, not 2 * PIN->PIN_LENGTH.

3 years agoPost release updates.
Werner Koch [Mon, 11 May 2015 13:40:49 +0000 (15:40 +0200)]
Post release updates.


3 years agoRelease 0.9.2 pinentry-0.9.2
Werner Koch [Mon, 11 May 2015 13:30:24 +0000 (15:30 +0200)]
Release 0.9.2

3 years agogtk: Silence compiler warning at another place.
Werner Koch [Mon, 11 May 2015 11:12:17 +0000 (13:12 +0200)]
gtk: Silence compiler warning at another place.


This extends
commit 3d02645d757e573e4628a1caf2e36bb92d523e77

3 years agoReturn better error codes.
Werner Koch [Mon, 11 May 2015 11:10:14 +0000 (13:10 +0200)]
Return better error codes.

* assuan/assuan.h (ASSUAN_Too_Short): New
* pinentry/pinentry-curses.c: Include assuan.h.
(dialog_create, dialog_run): Set specific error codes.
* pinentry/pinentry.h (struct pinentry): Add field specific_err.
* pinentry/pinentry.c (cmd_getpin): Return specific_err.
(cmd_confirm, cmd_message): Ditto.

GnuPG-bug-id: 1463

3 years agocurses: Reset tty state on failed dialog creation.
Werner Koch [Mon, 11 May 2015 10:22:48 +0000 (12:22 +0200)]
curses: Reset tty state on failed dialog creation.

* pinentry/pinentry-curses.c (dialog_run): Cleanup on dialog_create

This may happen due to a too small tty.  We need to cleanup in this
case to keep the tty in a usable state.

GnuPG-bug-id: 1383