1 2016-12-20 Werner Koch <wk@gnupg.org>
5 sm: Remove wrong example from gpgsm --help.
6 * sm/gpgsm.c (opts): Remove group 303.
8 dirmngr: New option --resolver-timeout.
9 * dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
10 (opt_timeout): New var.
11 (set_dns_timeout): New.
12 (libdns_res_open): Set the default timeout.
13 (libdns_res_wait): Use configurable timeout.
14 (resolve_name_libdns): Ditto.
16 * dirmngr/dirmngr.c (oResolverTimeout): New const.
17 (opts): New option --resolver-timeout.
18 (parse_rereadable_options): Set that option.
19 (main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
20 * tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
23 * dirmngr/http.c (connect_server): Fix yesterday introduced bug in
26 2016-12-19 Werner Koch <wk@gnupg.org>
28 dirmngr: Fix problems with the getsrv function.
29 * dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
30 (set_dns_verbose): New func.
31 (libdns_switch_port_p): Add debug output.
32 (resolve_dns_name): Ditto.
33 (get_dns_cert): Ditto.
34 (get_dns_cname): Ditto.
35 (getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
36 (getsrv): Rename to ...
37 ((get_dns_srv): this. Add arg R_COUNT and return an error. Add debug
39 * dirmngr/http.c: Adjust for chnaged getsrv().
40 * dirmngr/ks-engine-hkp.c (map_host): Ditto.
41 * dirmngr/t-dns-stuff.c (main): Ditto. Call set_dns_verbose.
42 * dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
44 build: Add target to sign the windows installer.
45 * build-aux/speedo.mk (w32-sign-installer): New.
46 (AUTHENTICODE_KEY): New.
47 (installer-from-source): Use cp instead of mv. Factor code out to ...
48 (MKSWDB_commands): new macro.
49 (sign-installer): New.
51 2016-12-19 Justus Winter <justus@g10code.com>
53 tests: Use the common test framework for the migration tests.
54 * tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
55 (TESTS_ENVIRONMENT): Populate.
56 (TESTS): Rename to 'XTESTS'.
58 (EXTRA_DIST): Add new files.
59 (CLEANFILES): Remove log files.
60 * tests/migrations/common.scm: Honor 'verbose', fix paths.
61 * tests/migrations/run-tests.scm: New file.
62 * tests/migrations/setup.scm: Likewise.
64 tests: Use sequential test runner if only one test is given.
65 * tests/openpgp/run-tests.scm: Use sequential test runner if only one
68 2016-12-19 Werner Koch <wk@gnupg.org>
70 dirmngr,w32: Hack around a select problem.
71 * dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
72 (dns_poll): Return an error instead of hitting an assertion failure.
74 2016-12-19 Neal H. Walfield <neal@g10code.com>
76 test: Extend TOFU tests to also check the days with signatures.
77 * tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
78 (faketime): New function.
79 (days->seconds): Likewise.
81 (check-counts): Also check the number of expected days with signatures
82 and encryptions. Update callers. Extend tests.
84 2016-12-19 Justus Winter <justus@g10code.com>
86 tests: New test for --delete-[secret-]keys.
87 * tests/openpgp/Makefile.am (XTESTS): Add new test.
88 * tests/openpgp/defs.scm (keys): New variable.
89 (have-public-key?): New function.
90 (have-secret-key?): Likewise.
91 (have-secret-key-file?): Likewise.
92 * tests/openpgp/delete-keys.scm: New file.
93 * tests/openpgp/quick-key-manipulation.scm: Move the accessors to
96 gpgscm: Change associativity of ::.
97 * tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
98 infix-operator. This makes it possible to naturally express accessing
99 nested structures (e.g. a::b::c).
101 gpgscm: Display location when assertions fail.
102 * tests/gpgscm/lib.scm (assert): Use location information if
105 gpgscm: Make exception handling more robust.
106 * tests/gpgscm/init.scm (throw'): Check that args is a list.
108 2016-12-19 Andre Heinecke <aheinecke@intevation.de>
110 speedo,w32: Use nsExec::ExecToLog to avoid popups.
111 * build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
114 2016-12-19 Werner Koch <wk@gnupg.org>
116 Remove unused debug flags and add "dns" and "network".
117 * g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
118 * g10/gpg.c (debug_flags): Remove "cardio".
119 * agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
120 * agent/gpg-agent.c (debug_flags): Remove "command".
121 * scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
122 * scd/scdaemon.c (debug_flags): Remove "command".
123 * dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
124 (DBG_NETWORK_VALUE, DNG_NETWORK): New.
125 * dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
127 2016-12-17 Werner Koch <wk@gnupg.org>
129 dirmngr: Fix setup of libdns for W32.
130 * configure.ac (DNSLIB) {W32]: Add -liphlpapi.
131 * dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
133 (libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
134 * dirmngr/t-dns-stuff.c (init_sockets): New.
137 2016-12-16 Werner Koch <wk@gnupg.org>
139 dirmngr: Auto-switch from Tor port to Torbrowser port.
140 * dirmngr/dns-stuff.c (libdns_tor_port): New var.
141 (set_dns_nameserver): Clear that var.
142 (libdns_init): Init var to the default port.
143 (libdns_switch_port_p): New func.
144 (resolve_dns_name): Use function to switch the port
145 (get_dns_cert): Ditto.
147 (get_dns_cname): Ditto.
149 dirmngr: Use one context for all libdns queries.
150 * dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
151 (enable_recursive_resolver): Set var.
152 (set_dns_nameserver): Ditto.
153 (libdns_init): Avoid double initialization.
154 (libdns_deinit): New.
155 (reload_dns_stuff): New.
156 (libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
157 * dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
159 * dirmngr/dirmngr.c (cleanup): Ditto.
160 (dirmngr_sighup_action): Call reload_dns_stuff to set
161 LIBDNS_REINIT_PENDING.
163 dirmngr: Pass Tor credentials to libdns.
164 * dirmngr/dns-stuff.c (tor_credentials): Replace by ...
165 (tor_socks_user, tor_socks_password): new vars.
166 (enable_dns_tormode): Set these new vars.
167 (libdns_res_open): Tell libdns the socks credentials.
169 dirmngr: Factor common libdns code out.
170 * dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init
171 and dns-res_open by a call to this func.
172 (libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls.
173 (libdns_res_wait): New function.
174 (resolve_name_libdns): Replace loop by libdns_res_wait.
175 (get_dns_cert_libdns): Ditto.
176 (getsrv_libdns): Ditto.
178 gpg,sm: A few more option for --gpgconf-list.
179 * g10/gpg.c (gpgconf_list): Add --compliance and
180 --default-new-key-algo.
181 (parse_compliance_option):
182 * sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.
184 gpgconf: New command --apply-profile.
185 * tools/gpgconf.c (aApplyProfile): New.
186 (opts): New command --apply-profile.
187 (main): Implement that command.
188 * tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
189 (change_options_program): Ditto.
190 (change_one_value): Ditto.
191 (gc_component_change_options): Ditto.
192 (gc_apply_profile): New.
194 gpgconf: Fix --apply-defaults.
195 * tools/gpgconf-comp.c: Skip pinentry also in process_all mode.
197 2016-12-16 Justus Winter <justus@g10code.com>
199 doc: Mention extra information in pinentry status lines.
200 * doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
203 sm: Fix agent communication.
204 * sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle
206 (gpgsm_scd_pksign): Likewise.
207 (gpgsm_agent_reaedkey): Likewise.
209 2016-12-16 Neal H. Walfield <neal@g10code.com>
212 * doc/gpg.texi: Remove comment about options being parsed in-order.
215 g10: Use total days, not total messages to compute TOFU validity.
216 * g10/tofu.c (write_stats_status): Use the number of days with
217 signatures / encryptions to compute the validity, not the total number
218 of signatures / encryptions.
219 (BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
220 (FULL_TRUST_THRESHOLD): Likewise.
222 g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
223 * doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
225 * g10/tofu.c (write_stats_status): Take additional parameters
226 signature_days and encryption_days. Update callers. Include them in
227 the tfs record and TOFU status lines.
228 (show_statistics): Compute the number of days on which we saw a
229 message signed by FINGERPRINT, and the number of days on which we
230 encrypted a message to it.
232 2016-12-16 Justus Winter <justus@g10code.com>
234 doc: Improve section on unattended key generation.
235 * doc/gpg.texi: Improve the subsection on unattended key generation by
236 suggesting the quick key manipulation interface as an alternative, and
237 by suggesting alternatives to '%pubring' and '%secring'. Simplify
238 examples accordingly.
240 doc: Add documentation for programmatic use of GnuPG.
241 * doc/gpg.texi: New subsections on programmatic use of GnuPG,
242 ephemeral home directories, and the quick key manipulation interface.
244 2016-12-16 Neal H. Walfield <neal@g10code.com>
246 g10: On a TOFU conflict, write the conflicting keys to the status fd.
247 * g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
248 their statistics on the status fd.
249 (get_trust): Likewise, if we don't call ask_about_binding.
250 (show_statistics): Have the caller pass the policy as returned by
251 get_policy. Add argument only_status_fd and don't emit any output on
252 stdout if it is set. Update callers.
254 g10: Add missing space.
255 * g10/tofu.c (tofu_register_encryption): Add missing space.
257 2016-12-15 Justus Winter <justus@g10code.com>
259 g10: Avoid translating simple error messages.
260 * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
262 g10: Rework the --quick-* interface.
263 * g10/gpg.c (opts): Rename options.
264 (main): Update errors.
265 * doc/gpg.texi: Update accordingly.
267 g10: Rename 'card-edit' to 'edit-card'.
268 * g10/gpg.c (opts): Rename option.
269 * g10/call-agent.c (agent_scd_learn): Update comment.
270 * doc/gpg.texi: Update accordingly.
272 g10: Spell out --desig-revoke.
273 * g10/gpg.c (opts): Rename option.
274 * doc/gpg.texi: Update accordingly.
276 g10: Shorten unreasonably long option.
277 * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
278 'generate-revocation'.
279 * doc/gpg.texi: Update accordingly.
280 * po: Update translations.
282 doc: Add aliases of all changed options.
283 * doc/gpg.texi: Add the old version of every option that was updated
284 with the last change set.
285 * doc/gpgsm.texi: Likewise.
287 2016-12-15 Werner Koch <wk@gnupg.org>
289 dirmngr: First patch to re-enable Tor support.
290 * dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
292 (libdns_init): Start adding tor support.
293 (resolve_name_libdns): Pass socks hosts to dns_res_open.
294 (get_dns_cert_libdns): Ditto.
295 (getsrv_libdns): Ditto.
296 (get_dns_cname_libdns): Ditto.
298 2016-12-15 Justus Winter <justus@g10code.com>
300 build: Fix distcheck.
301 * tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs.
303 2016-12-14 Justus Winter <justus@g10code.com>
305 tests: Reuse GPGME's tests.
306 * configure.ac (AC_CONFIG_FILES): Add new Makefile.
307 * tests/Makefile.am (SUBDIRS): Add new directory.
308 * tests/gpgme/Makefile.am: New file.
309 * tests/gpgme/gpgme-defs.scm: Likewise.
310 * tests/gpgme/run-tests.scm: Likewise.
311 * tests/gpgme/setup.scm: Likewise.
312 * tests/gpgme/wrap.scm: Likewise.
314 common: Support locating components in the build tree.
315 * common/homedir.c (gnupg_build_directory): New variable.
316 (gnupg_module_name_called): Likewise.
317 (gnupg_set_builddir): New function.
318 (gnupg_set_builddir_from_env): Likewise.
319 (gnupg_module_name): Support locating components in the build tree.
320 * common/util.h (gnupg_set_builddir): New prototype.
321 * tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
322 (tool): Rename to 'tool-hardcoded.
323 (gpg-conf): New function, with accessors for the results.
324 (gpg-components): New variable.
325 (tool): New function.
326 * tools/gpgconf.c (enum cmd_and_opt_values): New key.
327 (opts): New option '--build-prefix'.
328 (main): Handle new option.
330 tests: Rework check for trust models.
331 * tests/openpgp/defs.scm (gpg-has-option?): New function.
332 (have-opt-always-trust): Use a simpler test for that option. This way
333 that is less distracting when we run the tests with verbose=3.
335 2016-12-14 Werner Koch <wk@gnupg.org>
337 dirmngr: New configure option --disable-libdns.
338 * configure.ac: Add option --disable-libdns
339 (USE_LIBDNS): New ac_subst and am_conditional.
340 (USE_C99_CFLAGS): Set only if libdns is used.
341 * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
342 (dirmngr_SOURCES) [USE_LIBDNS0: here.
343 (t_common_src): Ditto.
344 * dirmngr/dirmngr.c (oRecursiveResolver): New constant.
345 (opts): New option "--recursive-resolver".
346 (parse_rereadable_options): Set option.
347 * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
348 * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
350 * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
351 Also build and call dnslib functions only if USE_DNSLIB is defined.
352 (recursive_resolver): New var.
353 (enable_recursive_resolver): New func.
354 (recursive_resolver_p): New func.
356 dirmngr: Implement CERT record lookup via libdns.
357 * dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
358 (get_dns_cert_standard): Fix URL malloc checking.
360 dirmngr: Implement CNAME and SRV record lookup via libdns.
361 * dirmngr/dns-stuff.c (dns_free): New macro.
362 (libdns): Move var to the top.
363 (libdns_error_to_gpg_error): Map error codes to the new gpg-error
365 (resolve_name_libdns): Restructure code.
366 (getsrv_libdns): New.
367 (get_dns_cname_libdns): New.
369 dirmngr: Fix bugs in the standard resolver code.
370 * dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
372 (get_h_errno_as_gpg_error): New.
373 (get_dns_cert_libdns): Fix error code.
374 (getsrv_libdns): Add arg R_COUNT and return an error code.
375 (getsrv_standard): Ditto. Fix handling of res_query errors and
376 provide the correct size for the return buffer.
377 (getsrv): Adjust for changed worker functions.
378 (get_dns_cname_standard): Fix handling of res_query errors and provide
379 the correct size for the return buffer.
381 dirmngr: Require a c99 compiler.
382 * configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for
384 * dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
385 (t_http_CFLAGS): Ditto.
386 (t_ldap_parse_uri_CFLAGS): Ditto.
387 (t_dns_stuff_CFLAGS): Ditto.
389 doc: Add license notes for libdns.
390 * COPYING.other: New.
391 * Makefile.am (EXTRA_DIST): Add it.
392 * AUTHORS: Add info on libdns.
393 * build-aux/speedo/w32/pkg-copyright.txt: Add license terms.
395 common: Add replacements for error codes from gpg-error 1.26.
397 2016-12-14 Justus Winter <justus@g10code.com>
399 dirmngr: New libdns snapshot.
401 dirmngr: Add basic libdns support.
402 * dirmngr/dns.c: New file.
403 * dirmngr/dns.h: New file.
404 * dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
405 * dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
406 (libdns): New global var for the libdns state.
407 (libdns_error_to_gpg_error): New.
409 (resolve_name_libdns): New.
410 (get_dns_cert_libdns): New stub.
411 (getsrv_libdns): New stub.
412 (get_dns_cname_libdns): New stub.
414 dirmngr,build: Remove support for ADNS.
415 * autogen.rc: Remove '--with-adns' argument.
416 * configure.ac: Remove check for ADNS.
417 * dirmngr/dns-stuff.c: Remove all code that uses ADNS.
418 * dirmngr/server.c (cmd_getinfo): Update status line.
419 * doc/dirmngr.texi: Do not mention ADNS.
421 2016-12-14 NIIBE Yutaka <gniibe@fsij.org>
423 dirmngr: Improve ntbtls support.
424 * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
425 (send_request): Call ntbtls_set_transport.
426 (cookie_read, cookie_write): Implement.
427 (cookie_close): Add initial implementation for ntbtls.
429 2016-12-13 Justus Winter <justus@g10code.com>
431 g10,sm: Spell out --passwd.
432 * g10/gpg.c (opts): Spell out option.
433 * sm/gpgsm.c (opts): Likewise.
434 * doc/gpg.texi: Update accordingly.
435 * doc/gpgsm.texi: Likewise.
437 g10: Spell out --gen-revoke.
438 * g10/gpg.c (opts): Spell out option.
439 * doc/gpg.texi: Update accordingly.
440 * po: Update translations.
442 g10: Spell out --full-gen-key.
443 * g10/gpg.c (opts): Spell out option.
445 * g10/keygen.c (generate_keypair): Likewise.
446 * doc/gpg.texi: Update accordingly.
448 g10,sm: Spell out --gen-key.
449 * g10/gpg.c (opts): Spell out option.
450 * sm/gpgsm.c (opts): Likewise.
451 * doc/gpg.texi: Update accordingly.
453 g10,sm: Spell out --check-sigs.
454 * g10/gpg.c (opts): Spell out option.
455 * sm/gpgsm.c (opts): Likewise.
456 * doc/gpg.texi: Update accordingly.
458 g10,sm: Spell out --list-sigs.
459 * g10/gpg.c (opts): Spell out option.
460 * sm/gpgsm.c (opts): Likewise.
461 * doc/gpg.texi: Update accordingly.
463 g10: Hyphenate --clearsign.
464 * g10/gpg.c (opts): Hyphenate option.
465 * doc/gpg.texi: Update accordingly.
466 * po: Update translations.
467 * tests/openpgp: Update tests.
469 g10: Spell out --recv-keys.
470 * g10/gpg.c (opts): Spell out option.
471 * doc/gpg.texi: Update accordingly.
473 g10: Create expiring keys in quick key generation mode.
474 * doc/gpg.texi: Document that fact.
475 * g10/keygen.c (quick_generate_keypair): Use a default value.
476 * tests/openpgp/quick-key-manipulation.scm: Test that fact.
478 gpgscm: Print failed and skipped tests.
479 * tests/gpgscm/tests.scm (test-pool::report): Print failed and skipped
482 gpgscm: Generalize the test runner.
483 * tests/gpgscm/tests.scm (test::scm) Add explicit name argument.
484 (test::binary): Likewise. Also, add missing unquote.
485 * tests/openpgp/run-tests.scm: Adapt accordingly.
487 gpgscm: Move the test runner to the Scheme library.
488 * tests/openpgp/run-tests.scm: Move most of the code...
489 * tests/gpgscm/tests.scm: ... here.
491 tests: Refactor test runner.
492 * tests/openpgp/run-tests.scm (locate-test): New function.
493 (test): Factor-out the code starting the child process.
494 (test::binary): New function.
496 gpgscm: Improve library functions.
497 * tests/gpgscm/tests.scm (absolute-path?): New function.
498 (canonical-path): Use the new function.
499 * tests/gpgscm/lib.scm (string-split-pln): New function.
500 (string-indexp, string-splitp): Likewise.
501 (string-splitn): Express using the above function.
502 (string-ltrim, string-rtrim): Fix corner case.
503 (list->string-reversed): New function.
504 (read-line): Fix performance.
506 2016-12-12 Werner Koch <wk@gnupg.org>
508 gpg: Fix memory leak in ecc key generation.
509 * g10/keygen.c (ecckey_from_sexp): Release curve.
511 gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
512 * g10/keygen.c (get_default_pubkey_algo): New.
513 (parse_key_parameter_string): Use it.
514 * g10/gpg.c (gpgconf_list): Take value from new function.
516 gpg: Fix algo string parsing of --quick-addkey.
517 * g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
518 (parse_key_parameter_part): Use default key size if only "rsa", "dsa",
521 2016-12-09 Justus Winter <justus@g10code.com>
523 g10: Create keys that expire in simple key generation mode.
524 * g10/keygen.c (default_expiration_interval): New variable.
525 (generate_keypair): Use the new default.
527 tests: Add a test for '--quick-addkey'.
528 * tests/openpgp/quick-key-manipulation.scm: Test '--quick-addkey'.
530 tests: New test using all available compression algorithms.
531 * tests/openpgp/Makefile.am (XTESTS): Add new test.
532 * tests/openpgp/compression.scm: New file.
533 * tests/openpgp/defs.scm (all-compression-algos): New variable.
535 g10: List compression algorithms using human-readable names.
536 * g10/gpg.c (list_config): List all enabled compression algorithms
537 under the key 'compressname'.
539 g10: Fix memory leak.
540 * g10/sign.c (do_sign): Release old signature data.
542 2016-12-08 Werner Koch <wk@gnupg.org>
544 common: Skip the Byte Order Mark in conf files.
545 * common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM.
547 Fix 2 compiler warnings.
548 * dirmngr/loadswdb.c: Set ERR on malloc failure.
549 * g10/passphrase.c (passphrase_to_dek): Initialize all fields of
552 wks: New option --status-fd for gpg-wks-client.
553 * tools/wks-util.c: Include status.h.
554 (statusfp): New global var.
555 (wks_set_status_fd): New func.
556 (wks_write_status): New func.
557 * tools/gpg-wks-client.c: Include status.h.
558 (oStatusFD): New constant.
559 (opts): New option --status-fd.
560 (parse_arguments): Handle that option.
561 (main): Return STATUS_SUCCESS or STATUS_FAILURE.
563 2016-12-08 Justus Winter <justus@g10code.com>
565 gpgscm: Better error reporting.
566 * tests/gpgscm/ffi.scm: Move the customized exception handling and
568 * tests/gpgscm/init.scm: ... here.
569 (throw): Record the current history.
570 (throw'): New function that is history-aware.
571 (rethrow): New function.
572 (*error-hook*): Use the new throw'.
573 * tests/gpgscm/main.c (load): Fix error handling.
574 (main): Save and use the 'sc->retcode' as exit code.
575 * tests/gpgscm/repl.scm (repl): Print call history.
576 * tests/gpgscm/scheme.c (_Error_1): Make a snapshot of the history,
577 use it to provide a accurate location of the expression causing the
578 error at runtime, and hand the history trace to the '*error-hook*'.
579 (opexe_5): Tag all lists at parse time with the current location.
580 * tests/gpgscm/tests.scm: Update calls to 'throw', use 'rethrow'.
582 gpgscm: Keep a history of calls for error messages.
583 * tests/gpgscm/init.scm (vm-history-print): New function.
584 * tests/gpgscm/opdefines.h: New opcodes 'CALLSTACK_POP', 'APPLY_CODE',
586 * tests/gpgscm/scheme-private.h (struct history): New definition.
587 (struct scheme): New field 'history'.
588 * tests/gpgscm/scheme.c (gc): Mark objects in the history.
589 (history_free): New function.
590 (history_init): Likewise.
591 (history_mark): Likewise.
592 (add_mod): New macro.
594 (tailstack_clear): New function.
595 (callstack_pop): Likewise.
596 (callstack_push): Likewise.
597 (tailstack_push): Likewise.
598 (tailstack_flatten): Likewise.
599 (callstack_flatten): Likewise.
600 (history_flatten): Likewise.
601 (opexe_0): New variable 'callsite', keep track of the expression if it
602 is a call, implement the new opcodes, record function applications in
604 (opexe_6): Implement new opcode.
605 (scheme_init_custom_alloc): Initialize history.
606 (scheme_deinit): Free history.
607 * tests/gpgscm/scheme.h (USE_HISTORY): New macro.
609 gpgscm: Add flag TAIL_CONTEXT.
610 * tests/gpgscm/scheme.c (S_FLAG_TAIL_CONTEXT): New macro. This flag
611 indicates that the interpreter is evaluating an expression in a tail
612 context (see R5RS, section 3.5).
613 (opexe_0): Clear and set the flag according to the rules layed out in
617 gpgscm: Add flags to the interpreter.
618 * tests/gpgscm/scheme-private.h (struct scheme): Add field 'flags'.
619 * tests/gpgscm/scheme.c (S_OP_MASK): New macro.
620 (S_FLAG_MASK, s_set_flag, s_clear_flag, s_get_flag): Likewise.
621 (_s_return): Unpack the encoded opcode and flags.
622 (s_save): Encode the flags along with the opcode. Use normal
623 integers to encode the result.
624 (scheme_init_custom_alloc): Initialize 'op' and 'flags'.
626 gpgscm: Implement tags.
627 * tests/gpgscm/opdefines.h: Add opcodes to create and retrieve tags.
628 * tests/gpgscm/scheme.c (T_TAGGED): New macro.
629 (mk_tagged_value): New function.
633 (opexe_4): Implement new opcodes.
634 * tests/gpgscm/scheme.h (USE_TAGS): New macro.
636 2016-12-08 Werner Koch <wk@gnupg.org>
638 gpg: Fix the fix out-of-bounds access.
639 * g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
641 wks: New option --check for gpg-wks-client.
642 * tools/call-dirmngr.c (wkd_get_key): New.
643 * tools/gpg-wks-client.c (aCheck): New constant.
644 (opts): New option "--check".
645 (main): Call command_check.
646 (command_check): New.
648 tools: Move a function from gpg-wks-server to wks-util.c.
649 * tools/gpg-wks-server.c (list_key_status_cb): Remove.
650 (list_key): Move to ...
651 * tools/wks-util.c (wks_list_key): here and rename. Add new args
652 R_FPR and R_MBOXES and remove the CTX.
653 (list_key_status_cb): New.
654 * tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h.
655 * tools/gpg-wks-server.c (process_new_key): Replace list_key by
657 (check_and_publish): Ditto.
659 2016-12-08 Justus Winter <justus@g10code.com>
661 gpgscm: Generalize 'for-each-p'.
662 * tests/gpgscm/tests.scm (for-each-p): Generalize to N lists like
664 (for-each-p'): Likewise.
666 g10: Fix out-of-bounds access.
667 * g10/tofu.c (build_conflict_set): Use 'char'.
669 2016-12-08 Werner Koch <wk@gnupg.org>
671 tools: Fix use of uninitialized var in mime-maker.
672 * tools/mime-maker.c (ensure_part): Make sure to set R_PARENT on
674 (add_missing_headers): Ensure that ERR is set on success.
676 * tools/wks-util.c (wks_parse_policy): Fix indentation.
678 tools: Fix memleak in gpgconf.
679 * tools/gpgconf.c (main): Free SOCKETDIR.
681 gpg: Fix portability problem.
682 * g10/tofu.c (build_conflict_set): Replace variable dynamic array.
684 2016-12-07 Justus Winter <justus@g10code.com>
686 tests: Add test for '--quick-set-expire'.
687 * tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-expire'.
689 tests: Improve quick key manipulation test.
690 * tests/openpgp/quick-key-manipulation.scm: Do not update the trust
691 database, rather be more specific when filtering the user ids.
693 2016-12-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
695 agent: Respect --enable-large-secmem.
696 * agent/gpg-agent.c (main): Initialize secmem to the configured buffer
699 2016-12-06 Justus Winter <justus@g10code.com>
701 tests: Add test importing a revocation certificate.
702 * tests/openpgp/Makefile.am (XTESTS): Add new test.
703 * tests/openpgp/import-revocation-certificate.scm: New file.
704 * tests/openpgp/samplemsgs/revoke-2D727CC768697734.asc: Likewise.
706 tests: Rename 'error' to 'fail'.
707 * tests/gpgscm/tests.scm (error): Rename to 'fail'. 'error' is a
708 primitive function (an opcode) of the TinySCHEME vm, and 'error' is
709 also defined by R6RS. Better avoid redefining that. Fix all call
711 * tests/openpgp/4gb-packet.scm: Adapt.
712 * tests/openpgp/decrypt-multifile.scm: Likewise.
713 * tests/openpgp/ecc.scm: Likewise.
714 * tests/openpgp/export.scm: Likewise.
715 * tests/openpgp/gpgtar.scm: Likewise.
716 * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
717 * tests/openpgp/import.scm: Likewise.
718 * tests/openpgp/issue2015.scm: Likewise.
719 * tests/openpgp/issue2346.scm: Likewise.
720 * tests/openpgp/issue2419.scm: Likewise.
721 * tests/openpgp/key-selection.scm: Likewise.
722 * tests/openpgp/mds.scm: Likewise.
723 * tests/openpgp/multisig.scm: Likewise.
724 * tests/openpgp/setup.scm: Likewise.
725 * tests/openpgp/signencrypt.scm: Likewise.
726 * tests/openpgp/ssh-import.scm: Likewise.
727 * tests/openpgp/tofu.scm: Likewise.
728 * tests/openpgp/verify.scm: Likewise.
730 tests: Remove debugging display.
731 * tests/openpgp/tofu.scm: Remove debugging display.
733 2016-12-06 Neal H. Walfield <neal@g10code.com>
735 tests: Update distributed files.
736 * tests/openpgp/Makefile.am (TEST_FILES): Remove tofu-keys.asc,
737 tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and
738 tofu-EE37CF96-1.txt. Add tofu/conflicting/1C005AF3.gpg,
739 tofu/conflicting/1C005AF3-secret.gpg, tofu/conflicting/1C005AF3-1.txt,
740 tofu/conflicting/1C005AF3-2.txt, tofu/conflicting/1C005AF3-3.txt,
741 tofu/conflicting/1C005AF3-4.txt, tofu/conflicting/1C005AF3-5.txt,
742 tofu/conflicting/B662E42F.gpg, tofu/conflicting/B662E42F-secret.gpg,
743 tofu/conflicting/B662E42F-1.txt, tofu/conflicting/B662E42F-2.txt,
744 tofu/conflicting/B662E42F-3.txt, tofu/conflicting/B662E42F-4.txt,
745 tofu/conflicting/B662E42F-5.txt, tofu/conflicting/BE04EB2B.gpg,
746 tofu/conflicting/BE04EB2B-secret.gpg, tofu/conflicting/BE04EB2B-1.txt,
747 tofu/conflicting/BE04EB2B-2.txt, tofu/conflicting/BE04EB2B-3.txt,
748 tofu/conflicting/BE04EB2B-4.txt, tofu/conflicting/BE04EB2B-5.txt and
749 tofu/conflicting/README.
751 doc: Improve the text in the gpg manual.
752 * doc/gpg.texi: Improve the text.
754 g10: Avoid a memory leak.
755 * g10/gpg.c (main): Free KB when we're done with it.
757 tests: Change (interactive-shell) to start an interactive shell.
758 * tests/gpgscm/tests.scm (interactive-shell): Start an interactive
761 tests: Check the signature count in the TOFU TFS record.
762 * tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
765 tests: Replace data used by the TOFU conflict test.
766 * tests/openpgp/tofu-2183839A-1.txt: Remove file.
767 * tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
768 * tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
769 * tests/openpgp/tofu-keys-secret.asc: Remove file.
770 * tests/openpgp/tofu-keys.asc: Remove file.
771 * tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
772 * tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
773 * tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
774 * tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
775 * tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
776 * tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
777 * tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
778 * tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
779 * tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
780 * tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
781 * tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
782 * tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
783 * tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
784 * tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
785 * tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
786 * tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
787 * tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
788 * tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
789 * tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
790 * tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
791 * tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
792 * tests/openpgp/tofu/conflicting/README: New file.
793 * tests/openpgp/tofu.scm: Update accordingly.
795 g10: Remove dead code.
796 * g10/tofu.c (tofu_set_policy_by_keyid): Remove function.
798 2016-12-05 Werner Koch <wk@gnupg.org>
800 gpg: New option --quick-set-expire.
801 * g10/gpg.c (aQuickSetExpire): New.
802 (opts): New option --quick-set-expire.
803 (main): Implement option.
804 * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
805 NEWEXPIRATION. Change semantics of the return value. Change caller.
806 (keyedit_quick_set_expire): New.
808 2016-12-05 Justus Winter <justus@g10code.com>
810 tests: New test for '--enarmor' and '--dearmor'.
811 * tests/openpgp/Makefile.am (XTESTS): Add new test.
812 * tests/openpgp/enarmor.scm: New file.
814 2016-12-03 Werner Koch <wk@gnupg.org>
816 gpg: Fix error code arg in ERRSIG status line.
817 * g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
818 error code in ERRSIG.
820 2016-12-02 Werner Koch <wk@gnupg.org>
822 gpg: New option --default-new-key-algo.
823 * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
824 R_ALGO and change all callers.
825 * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
826 * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
827 * g10/gpg.c (oDefaultNewKeyAlgo): New enum.
828 (opts): New option "--default-new-key-algo".
829 (main): Set the option.
830 * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
832 (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
833 (get_keysize_range): Remove arg R_DEF and return that value instead.
835 (gen_rsa): Use get_keysize_range instead of the removed
837 (parse_key_parameter_part): New function.
838 (parse_key_parameter_string): New function.
839 (quick_generate_keypair): Refactor using parse_key_parameter_string.
840 (generate_keypair): Ditto.
841 (parse_algo_usage_expire): Ditto.
843 2016-12-02 Neal H. Walfield <neal@g10code.com>
845 g10: Improve debugging output.
846 * g10/tofu.c (string_to_long): Improve debugging output.
847 (string_to_ulong): Likewise.
849 2016-12-01 Neal H. Walfield <neal@g10code.com>
851 g10: In the TOFU module, make strings easier to translate.
852 * g10/tofu.c: Remove dead code.
853 (time_ago_str): Simplify implementation since we only want the most
855 (format_conflict_msg_part1): Use ngettext.
856 (ask_about_binding): Likewise and only emit full sentences.
857 (show_statistics): Likewise.
859 2016-12-01 Werner Koch <wk@gnupg.org>
861 dirmngr: Add option --standard-resolver.
862 * dirmngr/dirmngr.c (oStandardResolver): New constant.
863 (opts): New option --standard-resolver.
864 (parse_rereadable_options): Set option.
865 * dirmngr/dns-stuff.c: Refactor all code to support the new option.
866 (standard_resolver): New var.
867 (enable_standard_resolver, standard_resolver_p): New func.
868 * dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
870 * dirmngr/ks-engine-hkp.c (map_host): Ditto.
871 * dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
872 * configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define
873 USE_ADNS in the adns checking code. Remove options --disable-dns-srv
874 and --disable-dns-cert. Always look for the system resolver. Print
875 warning if no system resolver was found.
876 (USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
877 (HAVE_SYSTEM_RESOLVER): New ac_define.
878 (USE_DNS_SRV): Remove am_conditional; not used anyway.
880 gpg: Let only Dirmngr decide whether CERT is supported.
881 * g10/getkey.c (parse_auto_key_locate): Do not build parts depending
884 2016-12-01 Justus Winter <justus@g10code.com>
886 tests,build: Fix distcheck.
887 * tests/openpgp/Makefile.am (sample_msgs): Add messages required for
888 the new test 'verify-multifile.scm'.
890 tests: Add test for '--verify --multifile'.
891 * tests/openpgp/Makefile.am (XTESTS): Add new test.
892 * tests/openpgp/verify-multifile.scm: New file.
894 2016-11-30 Justus Winter <justus@g10code.com>
896 tests: Add test for '--encrypt --multifile'.
897 * tests/openpgp/Makefile.am (XTESTS): Add new test.
898 * tests/openpgp/encrypt-multifile.scm: New file.
900 2016-11-29 Werner Koch <wk@gnupg.org>
902 agent,dirmngr: Tiny restructuring.
903 * agent/gpg-agent.c (handle_connections): Add a comment.
904 * dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
906 (handle_connections): here. Add a comment why we keep the
907 listening socket open during a shutdown.
909 agent,dirmngr: Handle corner case in shutdown mode.
910 * agent/gpg-agent.c (handle_connections): Keep on selecting on the
911 inotify fd even when a shutdown is pending.
912 * dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
913 use of the HAVE_INOTIFY_INIT cpp conditional.
915 gpgsm: Allow decryption with a card returning a PKCS#1 stripped key.
916 * sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
918 agent,w32: Initialize nPth in server mode.
919 * agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
922 gpg: Make --decrypt with output '-&nnnn' work.
923 * g10/plaintext.c (get_output_file): Check and open special filename
924 before falling back to stdout.
926 gpg,sm: Merge the two versions of check_special_filename.
927 * sm/gpgsm.c (check_special_filename): Move to ..
928 * common/sysutils.c (check_special_filename): here. Add arg
930 (allow_special_filenames): New local var.
931 (enable_special_filenames): New public functions.
932 * sm/gpgsm.c (allow_special_filenames): Remove var.
933 (main): Call enable_special_filenames instead of setting the var.
934 (open_read, open_es_fread, open_es_fwrite): Call
935 check_special_filename with 0 for NOTRANSLATE.
936 * common/iobuf.c (special_names_enabled): Remove var.
937 (iobuf_enable_special_filenames): Remove func.
938 (check_special_filename): Remove func.
939 (iobuf_is_pipe_filename): Call new version of the function with
942 * g10/gpg.c (main): Call enable_special_filenames instead of
943 iobuf_enable_special_filenames.
944 * g10/gpgv.c (main): Ditto.
946 2016-11-29 Justus Winter <justus@g10code.com>
948 g10: Fix memory leak.
949 * g10/decrypt.c (decrypt_messages): Properly decrease the reference
950 count of the armor filters after pushing them.
952 tools,build: Build WKS tools against libintl.
953 * tools/Makefile.am (gpg_wks_server_LDADD): Link against libintl.
954 (gpg_wks_client_LDADD): Likewise.
956 2016-11-29 Neal H. Walfield <neal@g10code.com>
958 Improve some comments.
960 g10: Extend TOFU_STATS to always show the validity.
961 * doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
962 a new field called VALIDITY.
963 * g10/tofu.c (write_stats_status): Update output accordingly.
965 2016-11-29 Justus Winter <justus@g10code.com>
967 tests: Add test for '--decrypt --multifile'.
968 * tests/openpgp/Makefile.am (XTESTS): Add new test.
969 * tests/openpgp/decrypt-multifile.scm: New file.
971 gpgscm: Avoid truncating pointers.
972 * tests/gpgscm/scheme.c (_alloc_cellseg): Avoid truncating pointers on
973 systems where sizeof(unsigned long) < sizeof(void *).
975 2016-11-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
977 dirmngr: Lazily launch ldap reaper thread.
978 * dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
980 * dirmngr/ldap-wrapper.c (ldap_wrapper): Call
981 ldap_wrapper_launch_thread() just in time (before any attempt to use
984 2016-11-29 Werner Koch <wk@gnupg.org>
986 build: Remove more keywords from the generated ChangeLog.
987 * build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword
990 2016-11-28 Justus Winter <justus@g10code.com>
992 tests: Add test for the ssh key export.
993 * tests/openpgp/Makefile.am (XTESTS): Add new test.
994 (sample_keys): Add new files.
995 * tests/openpgp/samplekeys/authenticate-only.pub.asc: New file.
996 * tests/openpgp/samplekeys/authenticate-only.sec.asc: Likewise.
997 * tests/openpgp/ssh-export.scm: Likewise.
999 g10: Fix iteration over getkey results.
1000 * g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
1001 our caller requested the key. Fixes a crash in 'lookup'.
1003 tests: Rename ssh test.
1004 * tests/openpgp/ssh.scm: Rename to 'ssh-import.scm'.
1005 * tests/openpgp/Makefile (XTESTS): Likewise.
1007 2016-11-25 NIIBE Yutaka <gniibe@fsij.org>
1009 scd: Support OpenPGP card V3 for RSA.
1010 * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
1011 max_rsp_data fields as Extended Capabilities bits are different.
1012 (get_cached_data) Use extcap.max_certlen_3.
1013 (get_one_do): Don't use exmode=1.
1014 (determine_rsa_response): New.
1015 (get_public_key, do_genkey): Call determine_rsa_response.
1016 (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
1017 (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
1018 (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
1019 (show_caps): Remove max_cmd_data and max_rsp_data.
1020 (app_select_openpgp): Likewise.
1022 2016-11-23 Justus Winter <justus@g10code.com>
1024 gpgscm: Make 'reverse' compatible with 'reverse_in_place'.
1025 * tests/gpgscm/scheme.c (reverse): Update prototype, add terminator
1027 (opexe_4): Update callsite.
1029 gpgscm: Clean sweeped cells.
1030 * tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells.
1032 gpgscm: Fix initialization of 'sink'.
1033 * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize
1036 2016-11-23 Neal H. Walfield <neal@g10code.com>
1038 g10: Avoid gratuitously loading a keyblock when it is already available.
1039 * g10/trust.c (get_validity): Add new, optional parameter KB. Only
1040 load the keyblock if KB is NULL. Update callers.
1041 (get_validity): Likewise.
1042 * g10/trustdb.c (tdb_get_validity_core): Likewise.
1044 2016-11-22 Neal H. Walfield <neal@g10code.com>
1046 g10: Use es_fopen instead of open.
1047 * g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
1048 (busy_handler): Replace use of open with es_fopen.
1050 g10: If the set of UTKs changes, invalidate any changed policies.
1051 * g10/trustdb.c (tdb_utks): New function.
1052 * g10/tofu.c (check_utks): New function.
1054 * tests/openpgp/tofu.scm: Modify test to check the effective policy of
1055 keys whose effective policy changes when we change the set of UTKs.
1057 2016-11-22 NIIBE Yutaka <gniibe@fsij.org>
1059 scd: Fix receive buffer size.
1060 * scd/apdu.c (send_le): Fix the size, adding two for status
1063 2016-11-22 Justus Winter <justus@g10code.com>
1066 * tests/gpgscm/scheme.c (opexe_0): Reduce code duplication.
1068 gpgscm: Fix property lists.
1069 * tests/gpgscm/opdefines.h (put, get): Check arguments. Also rename
1070 to 'set-symbol-property' and 'symbol-property', the names used by
1071 Guile, because put and get are too unspecific.
1072 * tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
1073 (get_property): New function.
1074 (set_property): Likewise.
1075 (opexe_4): Use the new functions.
1077 gpgscm: Fix installation of error handler.
1078 * tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the
1079 interpreter will use our function.
1081 gpgscm: Use a static pool of cells for small integers.
1082 * tests/gpgscm/scheme-private.h (struct scheme): New fields for the
1083 static integer cells.
1084 * tests/gpgscm/scheme.c (_alloc_cellseg): New function.
1085 (alloc_cellseg): Use the new function.
1086 (MAX_SMALL_INTEGER): New macro.
1087 (initialize_small_integers): New function.
1088 (mk_small_integer): Likewise.
1089 (mk_integer): Return a small integer if possible.
1090 (_s_return): Do not free 'op' if it is a small integer.
1091 (s_save): Use a small integer to box the opcode.
1092 (scheme_init_custom_alloc): Initialize small integers.
1093 (scheme_deinit): Free chunk of small integers.
1094 * tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.
1096 tests: Delay querying the avaliable algorithms.
1097 * tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos'
1099 * tests/openpgp/conventional-mdc.scm: Force the promises.
1100 * tests/openpgp/conventional.scm: Likewise.
1101 * tests/openpgp/encrypt-dsa.scm: Likewise.
1102 * tests/openpgp/encrypt.scm: Likewise.
1103 * tests/openpgp/gpgtar.scm: Likewise.
1104 * tests/openpgp/sigs.scm: Likewise.
1106 g10: Fix memory leak.
1107 * g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
1108 to 'hexfingerprint'.
1110 2016-11-21 Neal H. Walfield <neal@g10code.com>
1112 g10: Cache the effective policy. Recompute it when required.
1113 * g10/tofu.c (initdb): Add column effective_policy to the bindings
1115 (record_binding): New parameters effective_policy and set_conflict.
1116 Save the effective policy. If SET_CONFLICT is set, then set conflict
1117 according to CONFLICT. Otherwise, preserve the current value of
1118 conflict. Update callers.
1119 (get_trust): Don't compute the effective policy here...
1120 (get_policy): ... do it here, if it was not cached. Take new
1121 parameters, PK, the public key, and NOW, the time that the operation
1122 started. Update callers.
1123 (show_statistics): New parameter PK. Pass it to get_policy. Update
1125 (tofu_notice_key_changed): New function.
1126 * g10/gpgv.c (tofu_notice_key_changed): New stub.
1127 * g10/import.c (import_revoke_cert): Take additional argument CTRL.
1128 Pass it to keydb_update_keyblock.
1129 * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
1131 [USE_TOFU]: Call tofu_notice_key_changed.
1132 * g10/test-stubs.c (tofu_notice_key_changed): New stub.
1133 * tests/openpgp/tofu.scm: Assume that manually setting a binding's
1134 policy to auto does not cause the tofu engine to forget about any
1137 g10: Correctly parameterize ngettext.
1138 * g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.
1140 g10: Don't use the same variable for multiple SQL compiled statements.
1141 * g10/tofu.c (struct tofu_dbs_s): Remove unused field
1142 record_binding_update2. Replace register_insert with
1143 register_signature and register_encryption.
1144 (tofu_register_signature): Don't use dbs->s.register_insert, but
1145 dbs->s.register_signature.
1146 (tofu_register_encryption): Don't use dbs->s.register_insert, but
1147 dbs->s.register_encryption.
1149 g10: Add a convenience function for checking if a key is a primary key.
1150 * g10/keydb.h (pk_is_primary): New function.
1151 * g10/tofu.c (get_trust): Use it.
1152 (tofu_register_signature): Likewise.
1153 (tofu_register_encryption): Likewise.
1154 (tofu_set_policy): Likewise.
1155 (tofu_get_policy): Likewise.
1157 2016-11-21 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1159 doc: Ship example gpg-agent-browser.socket in examples/systemd-user/.
1160 * doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
1161 systemd user service example files.
1163 2016-11-21 NIIBE Yutaka <gniibe@fsij.org>
1165 agent: Fix npth + daemon mode problem.
1166 * agent/gpg-agent.c (main): Remove duplicated initialization in daemon
1169 2016-11-18 Werner Koch <wk@gnupg.org>
1173 2016-11-18 Ineiev <ineiev@gnu.org>
1175 po: Update Russian translation.
1177 2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
1179 g10: Fix flags to open for lock of ToFU.
1180 * g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
1182 2016-11-18 Werner Koch <wk@gnupg.org>
1184 dirmngr: Use a longer timer tick interval.
1185 * dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
1186 we did for WindowsCE.
1188 2016-11-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1190 dirmngr: More w32 system daemon cleanup.
1191 * dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
1192 shutdown_pending; no longer needed.
1194 2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
1196 g10: Fix creating a lock for ToFU.
1197 * g10/tofu.c (busy_handler): Add third argument which is mandatory for
1200 scd: Don't limit to ST-2xxx for PC/SC.
1201 * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
1203 2016-11-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1205 dirmngr: Use a default keyserver if none is explicitly set.
1206 * configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
1207 * dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
1208 * doc/dirmngr.texi: Document this behavior.
1210 dirmngr: Add system CAs if no hkp-cacert is given.
1211 * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
1212 the HKPS pool, and they have not specified any hkp-cacert, then we
1213 should default to the system CAs, rather than nothing.
1214 * doc/dirmngr.texi: Document choice of CAs.
1216 dirmngr: Register hkp-cacert even if the file doesn't exist yet.
1217 * dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
1218 an argument for hkp-cacert into an absolute filename, terminate
1220 * dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
1221 immediately accessible, but register it anyway.
1223 2016-11-17 Justus Winter <justus@g10code.com>
1225 gpgscm: Re-enable the garbage collector in case of errors.
1226 * tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.
1229 * tests/gpgscm/scheme.c (type_to_string): Fix string.
1231 2016-11-17 Werner Koch <wk@gnupg.org>
1233 dirmngr: Auto-sownload the swdb.lst.
1234 * dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
1235 * dirmngr/dirmngr.c (oAllowVersionCheck): New.
1236 (opts): Add --allow-version-check.
1237 (network_activity_seen): New variable.
1238 (parse_rereadable_options): Set opt.allow_version_check.
1239 (main) <aGPGConfList>: Do not anymore set the no change flag for
1240 Windows. Add allow-version-check.
1241 (netactivity_action): Set network_activity_seen.
1242 (housekeeping_thread): Call dirmngr_load_swdb.
1243 * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
1244 Make "use-tor" available at Basic level.
1246 dirmngr: Improve downloading of swdb.lst.
1247 * dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
1249 (dirmngr_load_swdb): Avoid unnecessary disk or network access witout
1250 FORCE. Do not update swdb.lst if it did not change.
1252 gpgconf: Change the displayed names of the components.
1254 2016-11-16 Werner Koch <wk@gnupg.org>
1256 dirmngr: Add command to only load the swdb.
1257 * dirmngr/loadswdb.c: New.
1258 * dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
1259 * dirmngr/server.c: Remove includes cpparray.h and exectool.h.
1260 (cmd_loadswdb): New.
1261 (parse_version_number,parse_version_string): Remove.
1262 (my_mktmpdir, cmp_version): Remove.
1263 (fetch_into_tmpdir): Remove.
1264 (struct verify_swdb_parm_s): Remove.
1265 (verify_swdb_status_cb): Remove.
1266 (cmd_versioncheck): Remove.
1267 (register_commands): Register LOADSWDB. Remove VERSIONCHECK.
1269 scd,dirmngr: Keep the standard fds when daemonizing.
1270 * dirmngr/dirmngr.c (main): Before calling setsid do not close the
1271 standard fds but connect them to /dev/null.
1272 * scd/scdaemon.c (main): Ditto. Noet that the old test for a log
1273 stream was even reverted.
1275 common: Rename keybox_file_rename to gnupg_rename_file.
1276 * kbx/keybox-util.c (keybox_file_rename): Rename to ...
1277 * common/sysutils.c (gnupg_rename_file): this. Change all callers.
1279 wks: Always build gpg-wks-client.
1280 * tools/Makefile.am (gpg_wks_client): Remove macro.
1281 (libexec_PROGRAMS): Add gpg-wks-client.
1283 gpg: New option --override-session-key-fd.
1284 * g10/gpg.c (oOverrideSessionKeyFD): New.
1285 (opts): Add option --override-session-key-fd.
1286 (main): Handle that option.
1287 (read_sessionkey_from_fd): New.
1289 2016-11-15 Werner Koch <wk@gnupg.org>
1291 gpgv: New option --enable-special-filenames.
1292 * g10/gpgv.c (oEnableSpecialFilenames): New.
1293 (opts): Add option --enable-special-filenames.
1294 (main): Implement that option.
1296 gpg: Add new compliance mode "de-vs".
1297 * g10/options.h (CO_DE_VS): New.
1298 (GNUPG): Also allow CO_DE_VS.
1299 * g10/gpg.c (oDE_VS): New.
1300 (parse_compliance_option): Add "de-vs".
1301 (set_compliance_option): Set "de-vs".
1302 * g10/misc.c (compliance_option_string): Return a description string.
1303 (compliance_failure): Ditto.
1304 * g10/keygen.c (ask_algo): Take care of CO_DE_VS.
1305 (get_keysize_range): Ditto.
1306 (ask_curve): Add new field to CURVES and trun flags into bit flags.
1307 Allow only Brainpool curves in CO_DE_VS mode.
1309 gpg: Use usual free semantics for packet structure free functions.
1310 * g10/free-packet.c (free_attributes): Turn function into a nop for a
1312 (free_user_id): Ditto.
1313 (free_compressed): Ditto.
1314 (free_encrypted): Ditto.
1315 (free_plaintext): Ditto.
1316 (release_public_key_parts): Avoid extra check for NULL.
1317 * g10/getkey.c (get_best_pubkey_byname): Ditto.
1319 2016-11-15 Justus Winter <justus@g10code.com>
1321 g10: Optimize key iteration.
1322 * g10/getkey.c (get_best_pubkey_byname): Use the node returned by
1323 'getkey_next' instead of doing another lookup.
1325 g10: Fix memory leak.
1326 * g10/getkey.c (finish_lookup): Clarify that we do not return a
1328 (lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
1329 Check arguments. Actually release the node if it is not returned.
1331 g10: Fix iteration over getkey results.
1332 * g10/getkey.c (getkey_next): Fix invocation of 'lookup'. If we want
1333 to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.
1335 g10: Fix use-after-free.
1336 * g10/getkey.c (pubkey_cmp): Make a copy of the user id.
1337 (get_best_pubkey_byname): Free the user ids.
1339 2016-11-15 Werner Koch <wk@gnupg.org>
1341 sm: New stub option --compliance.
1342 * sm/gpgsm.c (oCompliance): New.
1343 (opts): Add "--compliance".
1344 (main): Implement as stub.
1346 2016-11-15 NIIBE Yutaka <gniibe@fsij.org>
1348 g10: Fix memory leak.
1349 * g10/keyedit.c (menu_adduid): Don't copy 'sig'.
1351 2016-11-15 Werner Koch <wk@gnupg.org>
1353 gpg: New option --compliance.
1354 * g10/gpg.c (oCompliance): New.
1355 (opts): Add "--compliance".
1356 (parse_tofu_policy): Use a generic description string for "help".
1357 (parse_compliance_option): New.
1358 (main): Add option oCompliance. Factor out code for compliance
1360 (set_compliance_option): new.
1362 2016-11-15 Justus Winter <justus@g10code.com>
1364 g10: Fix memory leak.
1365 * g10/keyedit.c (menu_adduid): Deallocate 'sig'.
1367 gpgscm: Mark cells requiring finalization.
1368 * tests/gpgscm/scheme.c (T_FINALIZE): New macro.
1369 (mk_port): Use the new macro.
1370 (mk_foreign_object): Likewise.
1371 (mk_counted_string): Likewise.
1372 (mk_empty_string): Likewise.
1373 (gc): Only call 'finalize_cell' for cells with the new flag.
1375 gpgscm: Recover more cells.
1376 * tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
1379 2016-11-14 Justus Winter <justus@g10code.com>
1381 g10: Fix memory leak.
1382 * g10/mainproc.c (check_sig_and_print): Free 'pk'.
1384 gpgscm: Avoid cell allocation overhead.
1385 * tests/gpgscm/scheme-private.h (struct scheme): New fields
1386 'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
1387 * tests/gpgscm/scheme.c (GC_ENABLED): New macro.
1388 (USE_GC_LOCKING): Likewise.
1389 (gc_reservations): Likewise.
1390 (gc_reservation_failure): New function.
1391 (_gc_disable): Likewise.
1392 (gc_disable): New macro.
1393 (gc_enable): Likewise.
1394 (gc_enabled): Likewise.
1395 (gc_consume): Likewise.
1396 (get_cell_x): Consume reserved cell if garbage collection is disabled.
1397 (_get_cell): Assert that gc is enabled.
1398 (get_cell): Only record cell in the list of recently allocated cells
1400 (get_vector_object): Likewise.
1401 (gc): Assert that gc is enabled.
1402 (s_return): Add comment, adjust call to '_s_return'.
1403 (s_return_enable_gc): New macro.
1404 (_s_return): Add flag 'enable_gc' and re-enable gc if set.
1405 (oblist_add_by_name): Use the new facilities to protect the
1407 (new_frame_in_env): Likewise.
1408 (new_slot_spec_in_env): Likewise.
1410 (opexe_0): Likewise.
1411 (opexe_1): Likewise.
1412 (opexe_2): Likewise.
1413 (opexe_5): Likewise.
1414 (opexe_6): Likewise.
1415 (scheme_init_custom_alloc): Initialize the new fields.
1417 2016-11-14 NIIBE Yutaka <gniibe@fsij.org>
1419 scd: Fix status info encoding.
1420 * scd/command.c (send_status_info): Do percent plus encoding correctly.
1422 2016-11-12 Werner Koch <wk@gnupg.org>
1424 agent: Improve concurrency when Libgcrypt 1.8 is used.
1425 * agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
1427 (agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
1430 2016-11-11 Werner Koch <wk@gnupg.org>
1432 agent: Kludge to mitigate blocking calls in Libgcrypt.
1433 * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
1436 dirmngr: Prepare to trigger jobs by network activity.
1437 * dirmngr/http.c (netactivity_cb): New.
1438 (http_register_netactivity_cb): New.
1439 (notify_netactivity): New.
1440 (connect_server): Call that function.
1441 * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
1442 (netactivity_action): New stub handler.
1444 2016-11-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1446 agent: Clean up comments.
1447 * agent/agent.h: Clean up comments.
1449 2016-11-10 Werner Koch <wk@gnupg.org>
1451 gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
1452 * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
1453 file-global. Write a STATUS_ERROR.
1454 (maybe_create_keyring_or_box): Check for non-accessible but existant
1456 (keydb_search): Write a STATUS_ERROR if no keyring has been registered
1457 but continue to return NOT_FOUND.
1458 * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
1459 and make file-global. Write a STATUS_ERROR.
1460 (keydb_search): Write a STATUS_ERROR if no keyring has been registered
1461 but continue to return NOT_FOUND. Also add new arg CTRL and change
1462 all callers to pass it down.
1464 sm: Remove unused arg SECRET from keydb functions.
1465 * sm/keydb.c (struct resource_item): Remove field 'secret'.
1466 (keydb_add_resource): Remove arg 'secret' and change all callers.
1469 2016-11-10 Justus Winter <justus@g10code.com>
1471 gpgscm: Recover cells from the list of recently allocated cells.
1472 * tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells.
1474 gpgscm: Recover cells used to maintain interpreter state.
1475 * tests/gpgscm/scheme.c (free_cell): New function.
1476 (free_cons): Likewise.
1477 (_s_return): Use the new function to recover cells used to save the
1478 state of the interpreter in 's_save'. This reduces the need to do a
1479 garbage collection considerably.
1481 gpgscm: Reduce opcode dispatch overhead.
1482 * tests/gpgscm/scheme.c (s_thread_to): New macro.
1484 (opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace
1485 's_goto' with 's_thread_to' where applicable.
1487 gpgscm: Make the compile-hook configurable.
1488 * tests/gpgscm/scheme-private.h (struct scheme): Make field
1489 'COMPILE_HOOK' optional.
1490 * tests/gpgscm/scheme.c (opexe_0): Fix guard.
1491 (scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'.
1492 * tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default.
1494 gpgscm: Drop obsolete commented-out code.
1495 * tests/gpgscm/scheme.c (opexe_5): Drop obsolete code.
1497 gpgscm: Remove dubious stack implementation.
1498 * tests/gpgscm/scheme-private.h (struct scheme): Remove related fields.
1499 * tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code.
1500 * tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro.
1502 2016-11-10 Werner Koch <wk@gnupg.org>
1504 gpg: Improve error message for --quick-gen-key.
1505 * g10/keygen.c (parse_algo_usage_expire): Use a different error
1506 message for an unknown algorithm name.
1508 dirmngr: Improve concurrency in the non-adns case.
1509 * dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
1510 (resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
1511 (getsrv) [!USE_ADNS]: Call res_query outside of nPth.
1513 2016-11-08 Justus Winter <justus@g10code.com>
1515 tests: Fix environment setup.
1516 * tests/openpgp/defs.scm (setup-legacy-environment): Do not call
1517 'setup-environment' because that will start the agent, and hence
1518 register the atexit function twice.
1520 Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337
1522 tests: Log and display output from tests when run in parallel.
1523 * tests/openpgp/run-tests.scm (test): Add field 'logfd'.
1524 (test::new, test::set-*): Adapt accordingly.
1525 (test::set-logfd): New function.
1526 (test::open-log-file): Likewise.
1527 (test::run-sync): Use the new function.
1528 (test::run-async): Likewise.
1529 (test::report): Replay the log.
1530 (run-tests-parallel): Reverse the results to restore the original
1533 tests: Simplify test.
1534 * tests/openpgp/issue2417.scm: Simplify.
1536 gpgscm: Expose seek and associated constants.
1537 * tests/gpgscm/ffi.c (do_seek): New function.
1538 (ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'.
1539 * tests/gpgscm/lib.scm: Document the new function.
1541 gpgscm: Fix error message.
1542 * tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
1545 tests,w32: Make cleanup more robust.
1546 * tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
1547 removing the working directory. On Windows this can fail if there is
1548 still a process using one of the files there.
1549 (run-tests-sequential): Likewise.
1551 common,w32: Simplify locking.
1552 * common/asshelp.c (lock_spawning): Use the same code on Windows that
1553 we use on all other platforms.
1554 (unlock_spawning): Likewise.
1556 2016-11-07 Justus Winter <justus@g10code.com>
1558 tests: Write a log file for each test.
1559 * tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
1560 * tests/openpgp/run-tests.scm (test::run-sync): Write logs.
1562 gpgscm: Generalize splice to write to multiple sinks.
1563 * tests/gpgscm/ffi.c (ordinal_suffix): New function.
1564 (do_splice): Generalize splice to write to multiple sinks.
1565 * tests/gpgscm/lib.scm (splice): Document this fact.
1567 gpgscm: Drop 'len' argument from splice.
1568 * tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
1569 * tests/gpgscm/lib.scm (splice): Document foreign function.
1571 tests: Move environment creation and teardown into each test.
1572 * tests/gpgscm/tests.scm (log): New function.
1573 * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
1574 startup and teardown scripts.
1575 (run-tests-sequential): Likewise.
1576 * tests/openpgp/setup.scm: Move all functions...
1577 * tests/openpgp/defs.scm: ... here and make them less verbose.
1578 (setup-environment): New function.
1579 (setup-legacy-environment): Likewise.
1580 (start-agent): Make less verbose, run 'stop-agent' at interpreter
1582 (stop-agent): Make less verbose.
1583 * tests/openpgp/finish.scm: Drop file.
1584 * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
1585 * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
1586 'setup-legacy-environment' as appropriate.
1587 * tests/openpgp/armdetach.scm: Likewise.
1588 * tests/openpgp/armdetachm.scm: Likewise.
1589 * tests/openpgp/armencrypt.scm: Likewise.
1590 * tests/openpgp/armencryptp.scm: Likewise.
1591 * tests/openpgp/armor.scm: Likewise.
1592 * tests/openpgp/armsignencrypt.scm: Likewise.
1593 * tests/openpgp/armsigs.scm: Likewise.
1594 * tests/openpgp/clearsig.scm: Likewise.
1595 * tests/openpgp/conventional-mdc.scm: Likewise.
1596 * tests/openpgp/conventional.scm: Likewise.
1597 * tests/openpgp/decrypt-dsa.scm: Likewise.
1598 * tests/openpgp/decrypt.scm: Likewise.
1599 * tests/openpgp/default-key.scm: Likewise.
1600 * tests/openpgp/detach.scm: Likewise.
1601 * tests/openpgp/detachm.scm: Likewise.
1602 * tests/openpgp/ecc.scm: Likewise.
1603 * tests/openpgp/encrypt-dsa.scm: Likewise.
1604 * tests/openpgp/encrypt.scm: Likewise.
1605 * tests/openpgp/encryptp.scm: Likewise.
1606 * tests/openpgp/export.scm: Likewise.
1607 * tests/openpgp/finish.scm: Likewise.
1608 * tests/openpgp/genkey1024.scm: Likewise.
1609 * tests/openpgp/gpgtar.scm: Likewise.
1610 * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
1611 * tests/openpgp/import.scm: Likewise.
1612 * tests/openpgp/issue2015.scm: Likewise.
1613 * tests/openpgp/issue2417.scm: Likewise.
1614 * tests/openpgp/issue2419.scm: Likewise.
1615 * tests/openpgp/key-selection.scm: Likewise.
1616 * tests/openpgp/mds.scm: Likewise.
1617 * tests/openpgp/multisig.scm: Likewise.
1618 * tests/openpgp/quick-key-manipulation.scm: Likewise.
1619 * tests/openpgp/seat.scm: Likewise.
1620 * tests/openpgp/shell.scm: Likewise.
1621 * tests/openpgp/signencrypt-dsa.scm: Likewise.
1622 * tests/openpgp/signencrypt.scm: Likewise.
1623 * tests/openpgp/sigs-dsa.scm: Likewise.
1624 * tests/openpgp/sigs.scm: Likewise.
1625 * tests/openpgp/ssh.scm: Likewise.
1626 * tests/openpgp/tofu.scm: Likewise.
1627 * tests/openpgp/use-exact-key.scm: Likewise.
1628 * tests/openpgp/verify.scm: Likewise.
1629 * tests/openpgp/version.scm: Likewise.
1630 * tests/openpgp/issue2346.scm: Likewise and simplify.
1632 tests: Do not allow tests to be run in a shared environment.
1633 * tests/openpgp/README: Update.
1634 * tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
1636 (run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
1637 (run-tests-sequential-shared): Drop function.
1638 (run-tests-sequential-isolated): Rename to 'run-tests-sequential'.
1641 * tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.
1643 Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
1645 2016-11-07 Werner Koch <wk@gnupg.org>
1647 wks: Encrypt all client mails also the target key,
1648 * tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
1649 (send_confirmation_response): Ditto.
1650 (process_confirmation_request): Parse out fingerprint and pass
1651 send_confirmation_response.
1653 2016-11-07 Justus Winter <justus@g10code.com>
1655 tests,tools: Reimplement 'mk-tdata' in Scheme.
1656 * tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
1657 * tests/openpgp/setup.scm (make-test-data): New function.
1658 * tests/openpgp/verify.scm: Avoid 'mk-tdata'.
1659 * tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
1660 * tools/mk-tdata.c: Drop file.
1662 gpgscm,w32: Provide schemish file handling for binary files.
1663 * tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
1664 (call-with-binary-output-file): Likewise.
1666 gpgscm: Add support for pseudo-random numbers.
1667 * tests/gpgscm/ffi.c (do_getpid): New function.
1668 (do_srandom): Likewise.
1669 (random_scaled): Likewise.
1670 (do_random): Likewise.
1671 (do_make_random_string): Likewise.
1672 (ffi_init): Expose the new functions.
1673 * tests/gpgscm/lib.scm: Document the new functions.
1676 * g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
1677 not return a getkey context, then it can return at most one key,
1678 therefore there is nothing to rank. Also, always initialize '*retctx'
1679 to be on the safe side.
1681 Fixes: ab89164be02012f1bf159c971853b8610e966301
1683 2016-11-04 Justus Winter <justus@g10code.com>
1685 gpgscm: Fix printing strings containing zero bytes.
1686 * tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
1687 strings. Scheme strings can contain zero bytes.
1689 gpgscm: Implement 'atexit'.
1690 * tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
1691 terminating the interpreter.
1692 (*atexit-handlers*): New variable.
1693 (*run-atexit-handlers*): New function.
1695 * tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
1696 interpreter shutdown.
1698 2016-11-04 NIIBE Yutaka <gniibe@fsij.org>
1700 scd: Fix length error for READKEY.
1701 * scd/app-openpgp.c (do_readkey): Decrement the length.
1703 scd: Add --advanced option for READKEY.
1704 * scd/command.c (cmd_readkey) : Support ADVANCED arg.
1705 * scd/app.c (app_readcert): Add ADVANCED arg.
1706 * scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
1707 * scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
1709 2016-11-03 Werner Koch <wk@gnupg.org>
1711 agent: Extend the PINENTRY_LAUNCHED inquiry and status.
1712 * agent/call-pinentry.c (start_pinentry): Get flavor and version and
1713 pass it to agent_inq_pinentry_launched.
1714 * agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
1715 * g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
1717 2016-11-03 Justus Winter <justus@g10code.com>
1719 g10: Improve and unify key selection for -r and --locate-keys.
1720 * g10/getkey.c (struct pubkey_cmp_cookie): New type.
1721 (key_is_ok, uid_is_ok, subkey_is_ok): New functions.
1722 (pubkey_cmp): Likewise.
1723 (get_best_pubkey_byname): Likewise.
1724 * g10/keydb.h (get_best_pubkey_byname): New prototype.
1725 * g10/keylist.c (locate_one): Use the new function.
1726 * g10/pkclist.c (find_and_check_key): Likewise.
1727 * tests/openpgp/Makefile.am (XTESTS): Add new test.
1728 (TEST_FILES): Add new files.
1729 * tests/openpgp/key-selection.scm: New file.
1730 * tests/openpgp/key-selection/0.asc: Likewise.
1731 * tests/openpgp/key-selection/1.asc: Likewise.
1732 * tests/openpgp/key-selection/2.asc: Likewise.
1733 * tests/openpgp/key-selection/3.asc: Likewise.
1734 * tests/openpgp/key-selection/4.asc: Likewise.
1736 gpgscm,tests: Add new functions to the test environment.
1737 * tests/gpgscm/lib.scm (first, last, powerset): New functions.
1738 * tests/gpgscm/tests.scm (interactive-shell): New function.
1739 * tests/openpgp/Makefile.am (EXTRA_DIST): Add new file.
1740 * tests/openpgp/README: Document 'interactive-shell'.
1741 * tests/openpgp/shell.scm: New file.
1743 2016-11-03 Werner Koch <wk@gnupg.org>
1745 gpgconf: Add a new field to the --query-swdb output.
1746 * tools/gpgconf.c (query_swdb): Insert new field with the installed
1747 version. Check that the supplied version does not contain a colon.
1749 2016-11-02 Werner Koch <wk@gnupg.org>
1751 gpgconf: Add command --query-swdb.
1752 * tools/gpgconf.c (aQuerySWDB): New.
1753 (opts): Add --query-swdb.
1754 (valid_swdb_name_p): New.
1756 (main): Implement command --query-swdb.
1758 common: Improve compare_string_versions.
1759 * common/stringhelp.c: Include limits.h.
1760 (compare_version_strings): Change semantics to behave like strcmp.
1761 Include the patch lebel in the comparison. Allow checking a single
1763 * common/t-stringhelp.c (test_compare_version_strings): Adjust test
1764 vectors and a few new vectors.
1765 * g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
1766 * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
1767 * sm/call-agent.c (warn_version_mismatch): Ditto.
1768 * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
1770 2016-11-02 Justus Winter <justus@g10code.com>
1772 gpgscm: Fix inclusion of readline header.
1773 * tests/gpgscm/ffi.c: Define magic macro to prevent the completion
1774 function from redefined.
1776 2016-11-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1778 build: Fix misspelled dirmngr.
1780 Spelling: correct spelling of "passphrase".
1781 There were several different variant spellings of "passphrase". This
1782 should fix them all for all English text.
1784 I did notice that po/it.po contains multiple instances of
1785 "passhprase", which also looks suspect to me, but i do not know
1786 Italian, so i did not try to correct it.
1788 2016-11-02 Justus Winter <justus@g10code.com>
1790 g10,w32: Fix build on Windows.
1791 * g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.
1793 2016-10-31 Werner Koch <wk@gnupg.org>
1795 common: New function gnupg_usleep.
1796 * configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
1797 * common/sysutils.c: Always include time.h.
1798 (gnupg_usleep): New.
1800 2016-10-31 Andre Heinecke <aheinecke@intevation.de>
1802 w32: Fix PKG_CONFIG_LIBDIR in --build-w32.
1803 * autogen.sh: Point pkg-config to the right location.
1805 2016-10-31 Neal H. Walfield <neal@g10code.com>
1807 g10: Avoid gratuitious SQLite aborts and starving writers.
1808 * g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
1809 (tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
1810 (begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
1811 changed since we took the lock. Don't use gpgrt_yield to yield, but
1812 sleep for 100ms. After taking the batch lock, update
1813 DBS->WANT_LOCK_FILE_CTIME. Also take the batch lock the first time we
1814 take the real lock. When taking the real lock, use immediate not
1815 deferred mode to avoid gratuitious aborts.
1816 (end_transaction): When dropping the outermost real lock, drop the
1818 (busy_handler): New function.
1819 (opendbs): Set the busy handler to it when opening the DB. Initialize
1820 CTRL->TOFU.DBS->WANT_LOCK_FILE.
1821 (tofu_closedbs): Free DBS->WANT_LOCK_FILE.
1823 2016-10-30 Neal H. Walfield <neal@g10code.com>
1825 g10: Avoid reading in keys when possible.
1826 * g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
1827 element, don't bother to check for cross sigs. Add parameter PK.
1830 g10: Fix bit setting.
1831 * g10/tofu.c (build_conflict_set): Fix bit setting.
1833 2016-10-28 Werner Koch <wk@gnupg.org>
1835 gpg: Enable the Issuer Fingerprint from rfc4880bis.
1836 * g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
1837 Issuer Fingerprint sub-packet.
1838 * g10/mainproc.c (check_sig_and_print): Always consider that
1841 2016-10-27 Werner Koch <wk@gnupg.org>
1843 dirmngr: Fix signature checking.
1844 * dirmngr/server.c: Include cpparray.h.
1845 (verify_swdb_parm_s): New.
1846 (verify_swdb_status_cb): New.
1847 (cmd_versioncheck): Use gpgv to correclty verify the signature.
1848 Rename some variable to comply with GNU standards.
1850 gpg: Verify multiple detached signatures with different hash algos.
1851 * g10/mainproc.c (proc_tree): Loose check. Enable all algos.
1853 common: Add GNUPG_MODULE_NAME_GPGV.
1854 * common/util.h (GNUPG_MODULE_NAME_GPGV): New.
1855 * common/homedir.c (gnupg_module_name): Implement.
1857 2016-10-27 Justus Winter <justus@g10code.com>
1859 g10: Fix iteration over getkey results.
1860 * g10/getkey.c (getkey_next): Return the public key in PK even if
1861 RET_KEYBLOCK is NULL.
1863 g10: Assert preconditions.
1864 * g10/getkey.c (get_pubkey_byname): Assert preconditions.
1866 2016-10-27 Werner Koch <wk@gnupg.org>
1868 dirmngr: Do not implement --supervised in Windows.
1869 * dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
1870 (main) [W32]: Ditto.
1872 common: Remove debug output from gnupg_get_socket_name.
1873 * common/sysutils.c (gnupg_get_socket_name): Remove debug message and
1874 use my_error_from_syserror.
1876 2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
1878 dirmngr: ADNS error handling fix.
1879 * dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
1880 Use gpg_error and gpg_err_code_from_errno to compose the error value.
1882 2016-10-27 Werner Koch <wk@gnupg.org>
1884 gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
1885 * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
1886 (gpg_dirmngr_wkd_get): Ditto.
1887 * g10/keyserver.c (keyserver_get): Add arg 'quick'.
1888 (keyserver_get_chunk): Add arg 'quick'.
1889 (keyserver_import_fprint): Ditto. Change callers to pass 0 for it.
1890 (keyserver_import_keyid): Ditto.
1891 (keyserver_import_wkd): Ditto.
1892 * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
1895 2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
1897 common: Fix gnupg_inotify_has_name, differently.
1898 * common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
1901 dirmngr: More ADNS error fix.
1902 * dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
1905 dirmngr: Fix error return for ADNS.
1906 * dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.
1908 g10: Fix ECDH, clarifying the format.
1909 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
1910 it's short. Clarify the format. Handle other prefixes correctly.
1912 scd: Add 0x41 prefix for x-coordinate only result.
1913 * scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
1916 2016-10-27 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
1918 g10: ECDH shared point format.
1919 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
1920 ECDH shared point format.
1922 2016-10-27 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1924 dirmngr: Implement --supervised command (for systemd, etc).
1925 * dirmngr/dirmngr.c (main): Add new --supervised command, which is a
1926 mode designed for running under a process supervision system like
1928 * doc/dirmngr.texi: document --supervised option.
1930 agent,common: move get_socket_name() into common.
1931 * agent/gpg-agent.c (get_socket_name): move to ...
1932 * common/sysutils.c (gnupg_get_socket_name): ... here.
1934 dirmngr: report actual socket name.
1935 * dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
1936 to report known socket name.
1937 * dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
1938 to report correct socket name.
1940 2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
1942 common: Fix gnupg_inotify_has_name.
1943 * common/sysutils.c (gnupg_inotify_has_name): Take care of the
1946 dirmngr: Fix help string and argument.
1947 * dirmngr/server.c (hlp_versioncheck): Add a newline.
1948 (cmd_versioncheck): Fix argument.
1950 2016-10-26 Werner Koch <wk@gnupg.org>
1952 dirmngr: Fix hang due to deferred thread initialization.
1953 * dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
1956 agent: Avoid double error message.
1957 * agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
1958 Remove unneeded diagnostic.
1960 common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
1961 * common/sysutils.c (gnupg_inotify_watch_socket): Return
1962 GPG_ERR_INV_VALUE for a missing socket name and set proper error
1965 tests: Improve portability of fake-pinentry.
1966 * tests/openpgp/fake-pinentry.c: Make all functions static.
1967 (get_passphrase): s/unlink/remove/ because that is standard C.
1968 (spacep): Rename to whitespace and change all callers.
1969 (main): Move macro out of if-then chain.
1971 2016-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
1973 agent: --supervised mode improvements.
1974 * agent/gpg-agent.c (map_supervised_socket): if the agent is running
1975 in --supervised mode and is not actually given LISTEN_FDNAMES
1976 directives, require at least fd 3 to be open for listening.
1978 common: avoid segfault.
1979 * common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
1980 socket_name is NULL, rather than segfaulting
1982 2016-10-25 Justus Winter <justus@g10code.com>
1984 agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
1985 * agent/call-pinentry.c (start_pinentry): Also send the user data
1986 using an Assuan 'OPTION' command.
1987 * tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
1989 (spacep): Include newline characters.
1990 (rstrip): New function.
1991 (main): Handle Windows line endings. Handle the userdata option, and
1992 restart with the new options.
1994 tests: Do not autostart gpg-agents on teardown.
1995 * tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling
1998 2016-10-25 Werner Koch <wk@gnupg.org>
2000 dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.
2001 * dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
2002 (cmp_version): Extend to handle the MICRO part.
2003 (confucius_mktmpdir): Rename to my_mktmpdir.
2004 (my_mktmpdir): xstrconcat does not fail; use strconcat.
2005 (fetch_into_tmpdir): Improve error checking.
2007 common: Use strconcat in gnupg_setenv.
2008 * common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
2009 strconcat. Indent cpp conditionals.
2010 (gnupg_unsetenv): Indent cpp conditionals.
2012 2016-10-24 Werner Koch <wk@gnupg.org>
2014 gpg: Replace two sprintf calls.
2015 * g10/keygen.c (print_status_key_created): Use snprintf for now.
2016 (ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
2018 agent: Minor cleanup for recent change in findkey.c.
2019 * agent/findkey.c (agent_write_private_key): Avoid label name error.
2021 agent: Slightly change structure of cmd_readkey.
2022 * agent/command.c (cmd_readkey): Avoid a leave label in the middle of
2023 the code. Remove the special return.
2025 2016-10-24 Kai Michaelis <kai@gnupg.org>
2027 dirmngr: Fix segfault in VERSIONCHECK.
2028 * dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes
2029 when called without program version.
2031 2016-10-24 NIIBE Yutaka <gniibe@fsij.org>
2033 scd: Use canonical curve name of libgcrypt.
2034 * scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
2036 (ecc_read_pubkey): Use ecdh_params. Use curve name.
2037 (ecc_writekey): Likewise.
2038 (ecc_curve): Rename from ecc_oid.
2039 (parse_algorithm_attribute): Use ecc_curve.
2040 * g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
2041 intern the curve name string.
2042 * g10/card-util.c (card_status): Conver curve name to alias for print.
2044 common: Fix openpgp_is_curve_supported.
2045 * common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
2046 canonical name of the curve and alias.
2048 g10: Fix card keygen for decryption.
2049 * g10/keygen.c (do_generate_keypair): Fix arguments.
2051 2016-10-22 NIIBE Yutaka <gniibe@fsij.org>
2053 g10: More card key generation change.
2054 * g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
2055 Don't get ALGO by KEY-ATTR by this function. It's caller to provide
2056 ALGO. Don't do that by both of caller and callee.
2057 (generate_keypair): Only put paramerters needed. Use parameters
2058 for ALGO to call gen_card_key.
2059 (generate_card_subkeypair): Get ALGO and call gen_card_key with it.
2061 2016-10-21 Andre Heinecke <aheinecke@intevation.de>
2063 g10: Write first keybox record in binary mode.
2064 * g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.
2066 2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
2068 g10,scd: Fix ECC keygen.
2069 * g10/keygen.c (generate_keypair): For card key generation, fill
2070 parameters by KEY-ATTR.
2072 * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
2073 after its reference by OIDBUF is finished.
2074 (ecc_writekey): Likewise.
2076 scd: Fix segfault changing key attr.
2077 * asc/app-openpgp.c (change_keyattr_from_string): Release after
2080 2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
2081 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2083 g10: Don't ask keysize for for non-RSA card.
2084 * g10/card-util.c (card_status): Bug fix for keyno.
2085 (ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
2086 (generate_card_keys): Only ask keysize when RSA.
2087 (card_generate_subkey): Likewise.
2089 g10: Support ECC for gen_card_key.
2090 * g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
2091 (do_generate_keypair, generate_card_subkeypair): Follow the change.
2093 2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
2095 Fix use cases of snprintf.
2096 * agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
2097 build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
2098 dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
2099 g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
2100 sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
2102 agent: Fix saving with FORCE=1.
2103 * agent/findkey.c (agent_write_private_key): Recover from an error of
2104 GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
2106 2016-10-20 Justus Winter <justus@g10code.com>
2108 tests: Simplify test.
2109 * tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
2110 home directory, just make the uids unique.
2112 tests: Flush stdout in the fake pinentry.
2113 * tests/openpgp/fake-pinentry.c (reply): Flush stdout.
2115 common,w32: Fix setting environment variables on Windows.
2116 * common/sysutils.c (gnupg_setenv): Also update the environment block
2117 maintained by the C runtime.
2118 (gnupg_unsetenv): Likewise.
2119 * tests/gpgscm/ffi.c (do_setenv): Fix error handling.
2121 tests,w32: Cope with Windows line endings.
2122 * tests/openpgp/issue2015.scm: Rstrip line before comparison.
2124 tests: Create and remove socket directories.
2125 * tests/openpgp/defs.scm (start-agent): Move function here and create
2126 the socket directory prior to starting the agent.
2127 (stop-agent): Move function here and remove the socket directory.
2128 * tests/openpgp/finish.scm: Adapt.
2129 * tests/openpgp/setup.scm: Likewise.
2131 2016-10-20 NIIBE Yutaka <gniibe@fsij.org>
2133 agent, g10: Fix keygen.
2134 * agent/command.c (cmd_readkey): Get length after card_readkey.
2135 * g10/keygen.c (gen_card_key): Fix off-by-one error.
2137 scd: GENKEY updates the public key in APP.
2138 * scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
2139 (read_public_key): New.
2140 (get_public_key, do_genkey): Use read_public_key.
2142 g10: smartcard keygen change.
2143 * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
2144 (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
2145 (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out
2147 (agent_readkey): Use READKEY --card instead of SCD READKEY.
2148 * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
2149 to retrieve public key information from card and let the agent make
2150 a file for private key with shadow info.
2152 agent: Add --card option for READKEY.
2153 * agent/findkey.c (agent_write_shadow_key): New.
2154 * agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
2155 * agent/learncard.c (agent_handle_learn): Likewise.
2156 * agent/command.c (cmd_readkey): Add --card option.
2158 2016-10-19 Kai Michaelis <kai@gnupg.org>
2160 dirmngr: improve VERSIONCHECK.
2161 Replace strtok_r() and code formatting. Use code from libgpg-error for
2164 2016-10-18 Justus Winter <justus@g10code.com>
2166 common: Fix copying data to estreams.
2167 * common/exectool.c (copy_buffer_do_copy): Correctly account for
2168 partially written data in the event of errors.
2170 common,w32: Communicate with child in non-blocking mode.
2171 * common/exechelp-w32.c (gnupg_spawn_process): Open streams in
2172 non-blocking mode if requested.
2174 common,w32: Extend gnupg_create_inbound_pipe et al.
2175 * common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
2176 create a stream if reqested.
2177 (gnupg_create_inbound_pipe): Use the extended function to open the
2178 stream if requested.
2179 (gnupg_create_outbound_pipe): Likewise.
2180 (gnupg_create_pipe): Update call site.
2182 common,w32: Make use of default_errsource in exechelp.
2183 * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
2184 Use them instead of gpg_error and gpg_error_from_syserror.
2186 2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
2187 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2189 scd: Support ECC key generation.
2190 * scd/app-openpgp.c (get_public_key): Fix a message.
2191 (change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
2192 (do_genkey): Add ECC support.
2194 2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
2196 scd: minor cleanup to merge other works.
2197 * scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
2198 (iso7816_generate_keypair, iso7816_read_public_key): Likewise.
2199 * scd/app-openpgp.c (get_public_key): Follow the change.
2200 (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT.
2202 2016-10-17 Justus Winter <justus@g10code.com>
2204 gpgscm: Initialize nesting stack.
2205 * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting
2208 2016-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2210 doc: Document how to manually shut down gpg-agent.
2211 * doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
2214 This was requested in a side-comment in https://bugs.debian.org/840669
2216 doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
2217 * doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
2220 2016-10-17 NIIBE Yutaka <gniibe@fsij.org>
2222 scd: Fix keytocard for ECC.
2223 * scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
2224 than 128 when it comes with public key for curve of larger field.
2226 gpgconf: Fix for --homedir.
2227 * tools/gpgconf-comp.c (gpg_agent_runtime_change,
2228 scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
2229 arguments by --homedir when it's not default.
2231 2016-10-16 Werner Koch <wk@gnupg.org>
2233 agent: Use straightforward names for the default socket names.
2234 * configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
2235 (GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
2237 2016-10-15 Werner Koch <wk@gnupg.org>
2239 agent: Move inotify code to common and improve it.
2240 * common/sysutils.c: Include sys/inotify.h.
2241 (my_error_from_syserror, my_error): New.
2242 (gnupg_inotify_watch_socket): New.
2243 (gnupg_inotify_has_name): New.
2244 * agent/gpg-agent.c: Do not include sys/inotify.h.
2245 (my_inotify_is_name): Remove.
2246 (handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
2249 2016-10-14 Kai Michaelis <kai@gnupg.org>
2251 dirmngr: use gnupg_mkdtemp instead of mkstemp.
2252 MinGW on debian does not support mkstemp.
2254 dirmngr: add VERSIONCHECK command.
2255 Given an application name and version VERSIONCHECK fetches the software
2256 version list from version.gnupg.org, verifies the signature and returns
2257 whenever the given version is older (UPDATE), current (CURRENT) or newer
2260 2016-10-13 Neal H. Walfield <neal@g10code.com>
2262 tests: Use shorter filenames.
2263 * tests/openpgp/tofu/cross-sigs/
2264 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this...
2265 * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this.
2266 * tests/openpgp/tofu/cross-sigs/
2267 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this...
2268 * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this.
2269 * tests/openpgp/tofu/cross-sigs/
2270 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this...
2271 * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this.
2272 * tests/openpgp/tofu/cross-sigs/
2273 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this...
2274 * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this.
2275 * tests/openpgp/tofu/cross-sigs/
2276 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this...
2277 * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this.
2278 * tests/openpgp/tofu/cross-sigs/
2279 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from
2281 * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this.
2282 * tests/openpgp/tofu/cross-sigs/
2283 DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this...
2284 * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this.
2285 * tests/openpgp/tofu/cross-sigs/
2286 DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this...
2287 * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this.
2288 * tests/openpgp/tofu/cross-sigs/
2289 DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this...
2290 * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this.
2291 * tests/openpgp/tofu/cross-sigs/
2292 DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this...
2293 * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this.
2294 * tests/openpgp/tofu/cross-sigs/
2295 DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this...
2296 * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this.
2297 * tests/openpgp/tofu/cross-sigs/
2298 DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this...
2299 * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this.
2300 * tests/openpgp/tofu/cross-sigs/
2301 DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this...
2302 * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this.
2303 * tests/openpgp/tofu/cross-sigs/
2304 DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from
2306 * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this.
2307 * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly.
2309 g10: Be more careful when checking if a binding is signed by a UTK.
2310 * g10/tofu.c (signed_by_utk): When checking if a key is signed by an
2311 ultimately trusted key, only consider the signatures on the specified
2313 * tests/openpgp/tofu.scm: Add test for the above.
2315 tests: Add test data to TEST_FILES.
2316 * tests/openpgp/Makefile.am (TEST_FILES): Add new test data.
2318 g10: Be more careful when checking cross signatures.
2319 * g10/tofu.c (cross_sigs): When checking cross signatures, only
2320 consider the signatures on the specified user id.
2321 * tests/openpgp/tofu.scm: Add test for the above.
2322 * tests/openpgp/tofu/cross-sigs/
2323 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
2325 * tests/openpgp/tofu/cross-sigs/
2326 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
2327 * tests/openpgp/tofu/cross-sigs/
2328 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
2329 * tests/openpgp/tofu/cross-sigs/
2330 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
2331 * tests/openpgp/tofu/cross-sigs/
2332 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
2333 * tests/openpgp/tofu/cross-sigs/
2334 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
2335 * tests/openpgp/tofu/cross-sigs/
2336 DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
2337 * tests/openpgp/tofu/cross-sigs/
2338 DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
2339 * tests/openpgp/tofu/cross-sigs/
2340 DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
2341 * tests/openpgp/tofu/cross-sigs/
2342 DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
2343 * tests/openpgp/tofu/cross-sigs/
2344 DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
2345 * tests/openpgp/tofu/cross-sigs/
2346 DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
2347 * tests/openpgp/tofu/cross-sigs/
2348 DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
2349 * tests/openpgp/tofu/cross-sigs/
2350 DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
2351 * tests/openpgp/tofu/cross-sigs/README: New file.
2353 g10: Still check if the key is an UTK or cross signed in batch mode.
2354 * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
2355 bail immediately. Instead, check if the key in question is an
2356 ultimately trusted key or cross signed.
2358 g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
2359 * g10/tofu.c (get_policy): If an sqlite operation fails, map the error
2360 code to GPG_ERR_GENERAL.
2361 (ask_about_binding): Likewise.
2362 (build_conflict_set): Likewise.
2363 (get_trust): Likewise.
2364 (show_statistics): Likewise.
2365 (tofu_register_signature): Likewise.
2366 (tofu_register_encryption): Likewise.
2368 tests: Remove support for deprecated functionality.
2369 * tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated.
2371 2016-10-12 Neal H. Walfield <neal@g10code.com>
2373 g10: When changing a TOFU binding's policy, update the conflict info.
2374 * g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
2375 Set the binding's conflict accordingly. Update callers.
2377 g10: Make a singular string singular.
2378 * g10/tofu.c (ask_about_binding): Make the singular string singular.
2380 g10: Correctly determine whether a binding has a conflict.
2381 * g10/tofu.c (build_conflict_set): A binding has a conflict is
2382 conflict is *not* NULL, not if it is NULL.
2384 g10: Fix a column's type in TOFU DB.
2385 * g10/tofu.c (initdb): Change policy from a boolean to an integer.
2387 2016-10-07 Justus Winter <justus@g10code.com>
2389 tests: Rework test environment setup.
2390 * tests/openpgp/setup.scm: Import one keyring at a time. This works
2391 around a yet to be investigated hang on Windows. It is also much
2394 tests: Improve handling of Windows newlines.
2395 * tests/gpgscm/lib.scm (string-split-newlines): New function.
2396 * tests/openpgp/default-key.scm: Use new function.
2397 * tests/openpgp/defs.scm: Likewise.
2398 * tests/openpgp/export.scm: Likewise.
2399 * tests/openpgp/import.scm: Likewise.
2401 gpgscm: Improve test of low-level functions.
2402 * tests/gpgscm/t-child.c: Print large amounts of data.
2403 * tests/gpgscm/t-child.scm: Test that this works.
2405 gpgscm: Improve path handling.
2406 * tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'.
2407 * tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with
2408 drive letter on Windows. Use 'path-join'.
2409 (path-expand): Use 'path-join'.
2411 tools: Fix error handling.
2412 * tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
2415 2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
2417 agent: Fix get_socket_name.
2418 * agent/gpg-agent.c (get_socket_name): Fix the size of copying.
2420 2016-10-07 Werner Koch <wk@gnupg.org>
2422 gpg: Put extra parens around bit tests.
2423 * g10/options.h (DBG_MPI): New.
2424 * g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
2425 * g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
2427 2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
2429 agent, dirmngr, scd: Fix init_common_subsystems.
2430 * common/init.c (_init_common_subsystems): Don't call
2431 gpgrt_set_syscall_clamp in this function.
2432 * agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
2433 gpgrt_set_syscall_clamp after npth_init.
2435 2016-10-06 Justus Winter <justus@g10code.com>
2437 common: Avoid pointer arithmetic on string literals.
2438 * common/gettime.c (rfctimestamp): Use indexing instead.
2439 * common/signal.c (got_fatal_signal): Likewise.
2441 g10: Fix singular term.
2442 * g10/tofu.c (ask_about_binding): Fix singular message.
2444 g10: Use appropriate variant of 'abs'.
2445 * g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.
2447 sm: Remove statement without effect.
2448 * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
2451 g10: Fix testing for debug flag.
2452 * g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
2455 tools: Improve error handling.
2456 * tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.
2458 gpgscm: Update callsite of 'gnupg_spawn_process'.
2459 * tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to
2460 'gnupg_spawn_process'.
2462 2016-10-05 Werner Koch <wk@gnupg.org>
2464 wks: Send key encrypted as required by draft -02.
2465 * tools/gpg-wks-client.c (get_key): Encrypt.
2466 (encrypt_response): Take care of --fake-submission-addr.
2468 wks: Add option --fake-submission-addr to gpg-wks-client.
2469 * tools/gpg-wks-client.c (oFakeSubmissionAddr): New.
2470 (opts): Add option --fake-submission-addr.
2471 (fake_submission_addr): New variable.
2472 (parse_arguments): Set it.
2473 (command_send): Use --fake-submission-addr.
2475 agent: Another minor fix to map_supervised_sockets.
2476 * agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
2477 Provide correct fd in the second error case.
2479 agent: Fix npth + supervised mode problem.
2480 * agent/gpg-agent.c (main): Initialize modules in supervised mode.
2482 2016-10-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2484 agent: Fix error handling in map_supervised_sockets.
2485 * agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
2486 close on error is fd, not i.
2488 2016-10-04 Werner Koch <wk@gnupg.org>
2490 agent: Streamline the supervised mode code.
2491 * agent/gpg-agent.c (get_socket_path): Rename to ...
2492 (get_socket_name): this. This is to comply with the GNU coding guide.
2493 Use xtrymalloc instead of malloc. Do not build for W32.
2494 (map_supervised_sockets): Use strtokenize and set the the socket names
2496 (main): Adjust for above change. Do not close the socket.
2498 agent: Adjust cleanup for supervised mode. Fix for W32.
2499 * agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
2500 (is_supervised): Move from main() to global.
2501 (inhibit_socket_removal): New.
2502 (cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
2503 (check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
2504 seting the socket names to empty.
2506 agent: Adjust supervised mode for the new default socket names.
2507 * agent/gpg-agent.c (main): In supervised mode do not provide default
2508 socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and
2511 2016-10-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2513 agent: Implement --supervised command (for systemd, etc).
2514 * agent/gpg-agent.c (get_socket_path): New function for POSIX systems
2515 to return the path for a provided unix-domain socket.
2516 (map_supervised_sockets): New function to inspect $LISTEN_FDS and
2517 $LISTEN_FDNAMES and map them to the specific functionality offered by
2519 (main): Add --supervised command. When used, listen on already-open
2520 file descriptors instead of opening our own.
2521 * doc/gpg-agent.texi: Document --supervised option.
2523 2016-10-04 Justus Winter <justus@g10code.com>
2525 build,w32: Unconditionally build tests.
2526 * configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
2527 variables. They are misleadingly named, as they inhibit building the
2528 tests. There is no reason not to build the tests even when
2529 cross-compiling, as they are only run if one does 'make check'.
2530 * Makefile: Adapt accordingly.
2531 * tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on
2532 Windows as it uses non-portable functions.
2534 tests,w32: Do not expose 'glob' to gpgscm.
2535 * tests/gpgscm/ffi.c (do_glob): Remove function.
2536 (ffi_init): Likewise.
2538 tests,w32: Avoid using 'glob'.
2539 * tests/openpgp/setup.scm: Avoid 'glob' which is not available on
2542 tools: Ignore existing directories in gpgtar.
2543 * tools/gpgtar-extract.c (extract_directory): Ignore existing
2544 directories now that we have '--directory'.
2546 2016-10-04 NIIBE Yutaka <gniibe@fsij.org>
2548 agent, dirmngr, scd: npth_init must be after fork.
2549 * agent/gpg-agent.c (thread_init_once, initialize_modules): New.
2550 (main): Make sure no daemonizing-fork call after npth_init, and no npth
2551 calls before npth_init, with care of npth calls by assuan hooks.
2552 * dirmngr/dirmngr.c (thread_init): New.
2553 (main): Make sure npth_init must not be called before daemonizing fork.
2554 * scd/scdaemon.c (main): Likewise.
2556 2016-09-30 Werner Koch <wk@gnupg.org>
2558 agent: Remove the warning for the GKR hijacking.
2559 * g10/call-agent.c (check_hijacking): Remove.
2560 (start_agent): Remove call.
2562 agent: Create the extra sockets in the standard socket dir.
2563 * agent/gpg-agent.c (main): Take the socketdir in account for the
2565 * tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
2566 "agent-browser-socket".
2568 agent: Kludge to allow disabling of the extra sockets.
2569 * agent/gpg-agent.c (main): Check for special socket names.
2571 wks: Avoid long trustdb checks.
2572 * tools/wks-receive.c (verify_signature): Use --always-trust.
2574 2016-09-30 Justus Winter <justus@g10code.com>
2576 build: Fix build against libiconv.
2577 * agent/Makefile.am: Add INCICONV and LIBICONV.
2578 * common/Makefile.am: Likewise.
2579 * tools/Makefile.am: Likewise.
2581 agent: Enable restricted, browser, and ssh socket by default.
2582 * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
2583 'browser-socket', enable ssh socket by default, but do not emit the
2584 'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
2585 * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
2586 * doc/gpg-agent.texi: Update documentation.
2588 w32: Fix STARTTLS on LDAP connections.
2589 * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
2592 2016-09-29 Werner Koch <wk@gnupg.org>
2594 wks: Partly implement draft-koch-openpgp-webkey-service-02.
2595 * tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
2596 * tools/wks-receive.c: Include rfc822parse.h.
2597 (struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
2598 MULTIPART_MIXED_SEEN.
2599 (decrypt_data): Add --no-options.
2600 (verify_signature): Ditto.
2601 (new_part): Check for Wks-Draft-Version header. Take care of text
2603 (wks_receive): Set Parser and pass a flag value to RESULT_CB.
2604 * tools/gpg-wks-client.c (read_confirmation_request): New.
2605 (main) <aRead>: Call read_confirmation_request instead of
2606 process_confirmation_request.
2607 (command_receive_cb): Ditto. Add arg FLAGS..
2608 (decrypt_stream_status_cb, decrypt_stream): New.
2609 (command_send): Set header Wks-Draft-Version.
2610 * tools/gpg-wks-server.c (struct server_ctx_s): Add field
2612 (sign_stream_status_cb, sign_stream): New.
2613 (command_receive_cb): Set draft flag.
2614 (send_confirmation_request): Rework to implement protocol draft
2617 * tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
2618 (DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain
2619 opt.debug where useful.
2620 * tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
2621 * tools/gpg-wks-server.c (debug_flags): Ditto.
2623 tools: Convey signeddata also to the part_data callback in mime-parser.
2624 * tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
2625 (process_part_data): new.
2626 ((mime_parser_parse): Also call process_part_data for signed data.
2628 tools: Allow retrieval of signed data from mime-maker.
2629 * tools/mime-maker.c (find_part): New.
2630 (mime_maker_get_part): New.
2632 tools: Change mime-maker to write out CR,LF.
2633 * tools/mime-maker.c (struct part_s): Add field PARTID.
2634 (struct mime_maker_context_s): Add field PARTID_COUNTER.
2635 (dump_parts): Print part ids.
2636 (mime_maker_add_header): Assign PARTID.
2637 (mime_maker_add_container): Ditto.
2638 (mime_maker_get_partid): New.
2639 (write_ct_with_boundary): Remove.
2640 (add_header): Strip trailing white spaces.
2641 (write_header): Remove trailing spaces trimming. Add arg BOUNDARY.
2642 Handle emdedded LFs.
2643 (write_gap, write_boundary, write_body): New.
2644 (write_tree): Use new functions.
2646 tools: Simplify the mime-maker container creation.
2647 * tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
2648 (release_parts): Ditto.
2649 (dump_parts): Print a body line only if tehre is a body.
2650 (mime_maker_add_header): Check for body or container.
2651 (mime_maker_add_container): Remove arg MEDIATYPE. Change all callers.
2652 (mime_maker_end_container): New.
2654 tools: Give mime parser callbacks access to the rfc822 parser.
2655 * tools/mime-parser.c (mime_parser_context_s): Add field MSG.
2656 (parse_message_cb): Set it.
2657 (mime_parser_rfc822parser): New.
2658 * tools/mime-parser.h: Declare rfc822parse_t for the new prototype.
2660 2016-09-29 Justus Winter <justus@g10code.com>
2662 dirmngr: Fix STARTTLS on LDAP connections.
2663 * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
2665 2016-09-28 Werner Koch <wk@gnupg.org>
2667 gpg: Improve WKD by importing only the requested UID.
2668 * g10/keyserver.c: Include mbox-util.h.
2669 (keyserver_import_wkd): Do not use the global import options but
2670 employ an import filter.
2672 gpg: Reject import if an import filter removed all user ids.
2673 * g10/import.c (any_uid_left): New.
2674 (import_one): Check that a UID is left.
2676 gpg: Make import filter data object more flexible.
2677 * g10/main.h (import_filter_t): New.
2678 * g10/import.c (struct import_filter_s): Declare struct.
2679 (import_keep_uid, import_drop_sig): Replace by ...
2680 (import_filter): new. Adjust all users.
2681 (cleanup_import_globals): Move code to ...
2682 (release_import_filter): new.
2683 (save_and_clear_import_filter): New.
2684 (restore_import_filter): New.
2686 gpg: Make sure that internal key import is done with a binary stream.
2687 * g10/import.c (import_keys_internal): Open stream in binary mode.
2689 2016-09-27 Justus Winter <justus@g10code.com>
2691 build: Do not link gpg-connect-agent against npth.
2692 * tools/Makefile.am: Do not link gpg-connect-agent against npth.
2694 build: Fix check for resolver library on macOS.
2695 * configure.ac: Check for the mangled name of 'dn_skipname' first.
2697 common: Correctly handle modules relying on npth.
2698 * common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
2699 (with_npth_sources): New variable.
2700 (libcommonpth_a_SOURCES): Use the new variable.
2702 2016-09-27 NIIBE Yutaka <gniibe@fsij.org>
2704 agent, sm: Set CTX after start_agent.
2705 * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
2706 * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
2707 (gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
2708 (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
2709 (gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
2710 (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
2711 (gpgsm_agent_export_key): Likewise.
2713 dirmngr: Removal of no-libgcrypt.o.
2714 * dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
2716 agent: Allow only specific digest size for ECDSA.
2717 * agent/pksign.c (do_encode_dsa): Fix validation of digest size.
2719 2016-09-22 Neal H. Walfield <neal@g10code.com>
2721 g10: When adding a user id, make sure the keyblock has been prepared.
2722 * g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
2723 KEYBLOCK before adding the user id.
2724 * tests/openpgp/quick-key-manipulation.scm: Make sure that the key
2725 capabilities don't change when adding a user id.
2726 (key-data): New function.
2728 2016-09-20 Justus Winter <justus@g10code.com>
2730 tests: Add documentation, make interactive debugging possible.
2731 * tests/openpgp/README: Add documentation about debugging and
2732 interfacing with GnuPG.
2733 * tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the
2734 child so that we can use a repl in the tests.
2736 tests: Port the quick key manipulation test to Scheme.
2737 * tests/openpgp/Makefile.am (XTESTS): Add new test.
2738 * tests/openpgp/quick-key-manipulation.scm: New file.
2740 tests: Remove list of tests from the test runner.
2741 * tests/openpgp/run-tests.scm: Drop hardcoded list.
2743 tests: Reduce runtime of excessive test.
2744 * tests/openpgp/conventional-mdc.scm: Use only two plaintexts when
2745 iterating over all cipher algorithms.
2748 * dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.
2750 2016-09-20 Andre Heinecke <aheinecke@intevation.de>
2752 dirmngr: Open file CRL's in binary mode.
2753 * dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
2755 2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
2757 doc: Fix a xref usage.
2759 2016-09-20 Ineiev <ineiev@gnu.org>
2761 doc: Do not end section names with "."
2763 2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
2765 doc: minor fix for @xref.
2766 * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref.
2768 2016-09-20 Justus Winter <justus@g10code.com>
2770 doc: Implement simple '@ref'erences.
2771 * doc/yat2m.c (proc_texi_cmd): Handle '@ref'.
2773 2016-09-20 Ineiev <ineiev@gnu.org>
2775 doc: Fix full stops.
2776 * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
2777 doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
2778 doc/tools.texi: Fix.
2781 * doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi,
2782 doc/gpg.texi, doc/tools.texi: Fix.
2784 doc: Improve markup.
2785 * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
2786 doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
2787 doc/specify-user-id.texi, doc/tools.texi: Fix.
2789 doc: Replace rfc0123 with RFC-0123.
2790 * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
2792 doc: Add missing description of datafile.
2793 * doc/gpg.texi: Fix.
2795 doc: Replace UTF8 with UTF-8.
2796 * doc/gpg.texi: Fix.
2799 * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
2800 doc/howto-create-a-server-cert.texi,
2801 doc/scdaemon.texi, doc/tools.texi: Fix.
2803 doc: Eliminate inconsistent UK English.
2804 * doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi,
2805 doc/tools.texi: Fix.
2807 doc: Use the right reference commands.
2808 * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
2809 doc/tools.texi: Fix.
2811 doc: Fix "Not(e) that you can(not) abbreviate".
2812 * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
2813 doc/scdaemon.texi, doc/tools.texi: Fix.
2816 * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
2817 * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
2818 * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
2819 * doc/specify-user-id.texi, doc/tools.texi: Fix.
2821 doc: Fix Martin Hellman's name.
2822 * doc/contrib.texi: Fix.
2824 2016-09-19 Justus Winter <justus@g10code.com>
2826 tests: Refine the repl function.
2827 * tests/gpgscm/repl.scm (repl): Add an argument 'environment'.
2828 (interactive-repl): Add an optional argument 'environment'.
2830 tests: Implement interpreter shutdown using exceptions.
2831 * tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'.
2832 * tests/gpgscm/ffi.scm (*interpreter-exit*): New variable.
2833 (throw): New function.
2834 (exit): New function.
2836 tests: Correctly handle exceptions in resource handling macros.
2837 * tests/gpgscm/tests.scm (letfd): Correctly release resources when an
2838 exception is thrown.
2839 (with-working-directory): Likewise.
2840 (with-temporary-working-directory): Likewise.
2843 tests: Refine exception handling.
2844 * tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in
2845 the error handler, update and fix comment.
2846 (*error-hook*): Revert to original definition.
2847 * tests/gpgscm/tests.scm (tr:do): Adapt accordingly.
2848 * tests/openpgp/issue2419.scm: Likewise.
2850 tests: Use descriptive temporary file names.
2851 * tests/gpgscm/ffi.c (do_get_isotime): New function.
2852 (ffi_init): Add parameter 'scriptname', bind new function and
2854 * tests/gpgscm/ffi.h (ffi_init): Update prototype.
2855 * tests/gpgscm/main.c (main): Hand in the script name.
2856 * tests/gpgscm/tests.scm (mkdtemp): Use current time and script name
2857 for the names of temporary directories.
2859 2016-09-19 Werner Koch <wk@gnupg.org>
2861 gpg: Fix regression in fingerprint printing.
2862 * g10/keylist.c (list_keyblock_print): Do not depend calling
2863 print_fingerprint on opt.keyid_format.
2865 dirmngr: Silence diagnostics about starting housekeeping.
2866 * dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
2869 2016-09-19 Justus Winter <justus@g10code.com>
2871 g10: Fix memory leak.
2872 * g10/tofu.c (build_conflict_set): Free 'kb_all'.
2874 2016-09-19 Werner Koch <wk@gnupg.org>
2876 doc: Update license information.
2877 * tests/fake-pinentries/COPYING: Rename to ...
2878 * COPYING.CC0: this. Add a note on the scope of this license.
2879 * COPYING.LIB: Add a note on the scope of this license.
2880 * AUTHORS (License): Mention CC) license.
2882 gpgscm: Fix gcrypt version check.
2883 * tests/gpgscm/main.c (main): Check against required and not installed
2886 gpg: Avoid malloc failure due to no key signatures.
2887 * g10/keyedit.c (check_all_keysigs): Check early for no key
2888 signatures. Use xtrycalloc.
2890 2016-09-17 NIIBE Yutaka <gniibe@fsij.org>
2892 Fix comment and format.
2893 * agent/protect-tool.c (main): Fix comment.
2894 * doc/DETAILS (colon listings): Fix list.
2895 * tests/openpgp/multisig.test: Fix comment.
2897 2016-09-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2900 * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
2901 agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
2902 common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
2903 doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
2904 doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
2905 doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
2906 g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
2907 g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
2908 sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
2909 tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
2910 tests/openpgp/multisig.test, tests/openpgp/verify.scm,
2911 tests/pkits/README, tools/applygnupgdefaults,
2912 tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
2913 minor spelling cleanup.
2915 move some file encodings to UTF-8.
2916 * dirmgnr/cdblib.c: comment used unnecesary hyphenation
2917 * dirmngr/crlcache.h: comment was iso-8859-1
2918 * doc/contrib.text: list contributors using UTF-8 (now we can
2919 acknowledge many more people using their preferred orthography)
2921 At least one other files remains in a non-UTF-8 encoding, which i'm
2922 not sure what to do with:
2924 - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
2927 2016-09-16 Neal H. Walfield <neal@g10code.com>
2929 g10: On failure, propagate the return code.
2930 * g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.
2932 g10: Don't ignore failure. On failure, rollback.
2933 * g10/tofu.c (tofu_set_policy): If record_binding fails, fail. If the
2934 function fails, rollback the transaction.
2936 g10: Load the key block if the supplied user id list is NULL.
2937 * g10/tofu.c (tofu_register_encryption): Load the key block if
2938 USER_ID_LIST is NULL.
2940 g10: Use the accessor functions for accessing and comparing key ids.
2941 * g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
2942 (tofu_register_signature): Likewise.
2943 (tofu_register_encryption): Likewise.
2944 (tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.
2946 2016-09-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2948 po: convert localizations to UTF-8.
2949 * po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8
2951 This was an automated conversion process, using:
2953 for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
2954 cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
2955 iconv -f $cs -t UTF-8 < $x >$x.tmp
2956 sed "s/$cs/UTF-8/" < $x.tmp > $x
2960 2016-09-16 NIIBE Yutaka <gniibe@fsij.org>
2962 scd: Add support of ECC pubkey attribute.
2963 * scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
2964 (send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
2965 (parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
2966 (build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
2967 Support offering public key when ECC_FLAG_PUBKEY sets.
2968 (ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
2969 (parse_algorithm_attribute): Parse pubkey-required byte.
2971 2016-09-15 Justus Winter <justus@g10code.com>
2973 g10: Add missing header.
2974 * g10/trustdb.c: Include 'mbox-util.h'.
2976 2016-09-15 Neal H. Walfield <neal@g10code.com>
2978 g10: Only consider bindings matching the signer's user id.
2979 * g10/trustdb.c (tdb_get_validity_core): If the signer's user id
2980 subpacket is present, only consider matching user ids.
2982 g10: Don't include the signature when printing a binding's validity.
2983 * g10/mainproc.c (check_sig_and_print): When printing information
2984 about a binding don't include the current signature.
2986 2016-09-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2988 tests/fake-pinentries: fake pinentries for downstream developers.
2989 * tests/fake-pinentries/README.txt and
2990 tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
2991 domain (CC0) files to encourage better test suite practices from
2992 downstream developers.
2993 * tests/fake-pinentries/COPYING (new): a copy of
2994 https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
2996 spelling: conenction should be connection.
2997 * dirmngr/server.c, sm/server.c: s/conenction/connection/
2999 spelling: correct achived to achieved.
3001 2016-09-15 NIIBE Yutaka <gniibe@fsij.org>
3003 tests/gpgscm: Fix use of pointer.
3004 * tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
3006 * tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use
3007 (void *) for coercion of address calculation.
3009 2016-09-14 Neal H. Walfield <neal@g10code.com>
3011 g10: Fix whitespace.
3012 * g10/tofu.c (show_statistics): Fix whitespace.
3014 g10: Correctly compute the euclidean distance.
3015 * g10/tofu.c (write_stats_status): Correctly compute the euclidean
3017 (show_statistics): Likewise.
3019 g10: Change the default TOFU policy for UTKs to good.
3020 * g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
3023 g10: Add missing static qualifier.
3024 * g10/tofu.c (cross_sigs): Add missing static qualifier.
3026 g10: Default to the "good" TOFU policy for keys signed by a UTK.
3027 * g10/tofu.c (signed_by_utk): New function.
3028 (get_trust): If a key is signed by an ultimately trusted key, then
3029 set any bindings to good.
3031 2016-09-14 Werner Koch <wk@gnupg.org>
3033 gpg: Emit a new error status line in --quick-adduid.
3034 * g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
3037 gpg: Allow use of "default" algo for--quick-addkey.
3038 * g10/keygen.c (quick_generate_keypair): Write a status error.
3039 (parse_algo_usage_expire): Set a default curve.
3041 2016-09-13 Werner Koch <wk@gnupg.org>
3043 gpg: Improve usability of --quick-gen-key.
3044 * g10/keygen.c (FUTURE_STD_): New constants.
3045 (parse_expire_string): Handle special keywords.
3046 (parse_algo_usage_expire): Allow "future-default". Simplify call to
3047 parse_expire_string.
3048 (quick_generate_keypair): Always allow an expiration date. Replace
3049 former "test-default" by "future-default".
3051 2016-09-12 Werner Koch <wk@gnupg.org>
3053 gpg: Avoid mixing up status and colon line output.
3054 * g10/keylist.c (list_keyblock_colon): Avoid calling functions which
3055 trigger a status line output before having printed a LF.
3057 2016-09-12 Justus Winter <justus@g10code.com>
3059 tests: Simplify tofu test.
3060 * tests/openpgp/tofu.scm: Simplify now that we only have one db
3063 2016-09-10 Ben Kibbey <bjk@luxsci.net>
3065 Portability build fix.
3066 * kbx/Makefile.am: Add NETLIBS.
3067 * dirmngr/Makefile.am: Ditto for dirmngr_ldap.
3069 Fix symbol conflict.
3070 * g10/gpgcompose.c: Rename struct siginfo to signinfo.
3072 2016-09-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3074 gpg: print fingerprint regardless of keyid-format.
3075 * g10/keylist.c (print_fingerprint): use compact format independent of
3076 keyid-format; (print_key_line): always print the fingerprint
3078 2016-09-08 Werner Koch <wk@gnupg.org>
3080 gpg: Remove option --yes from gpgv.
3081 * g10/gpgv.c (opts): Remove --yes.
3082 (main): Always set opt.ANSWER_YES.
3084 gpg: Add options --output and --yes to gpgv.
3085 * g10/gpgv.c (oOutput, oAnswerYes): New.
3086 (opts): Add --output and --yes.
3087 (main): Implement options.
3089 gpg: Make --output work with --verify.
3090 * g10/mainproc.c (proc_plaintext): Handle opt.output.
3092 2016-09-07 Werner Koch <wk@gnupg.org>
3094 dirmngr: Terminate on deletion of the socket file (Linux only).
3095 * dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
3096 (oDisableCheckOwnSocket): New.
3097 (opts): Add --disable-check-own-socket.
3098 (disable_check_own_socket): New var.
3099 (parse_rereadable_options): Set that var.
3100 (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
3101 (handle_connections) [HAVE_INOTIFY_INIT]: New.
3103 2016-09-07 Neal H. Walfield <neal@g10code.com>
3105 g10: Use the time a signature was seen, not the embedded time, for stats
3106 * g10/tofu.c (ask_about_binding): Use the time that a signature was
3107 seen, not allegedly generated, when generating statistics.
3109 tests: Don't use --tofu-db-format.
3110 * tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
3113 g10: Check for a new binding a bit later.
3114 * g10/tofu.c (build_conflict_set): Check for the current key after
3115 looking for conflicts and removing any '!'.
3117 g10: Change TOFU code to respect --faked-system-time.
3118 * g10/tofu.c (record_binding): New parameter now. Update callers.
3119 Don't use SQLite's strftime('%s','now') to get the current time, use
3121 (ask_about_binding): Likewise.
3122 (get_trust): New parameter now. Update callers.
3123 (show_statistics): Likewise.
3124 (tofu_register_signature): Don't use SQLite's strftime('%s','now') to
3125 get the current time, use gnupg_get_time().
3126 (tofu_register_encryption): Likewise.
3128 g10: Use the correct conversion function.
3129 * g10/tofu.c (show_statistics): Use string_to_ulong, not
3132 2016-09-07 Werner Koch <wk@gnupg.org>
3134 gpg: Fix format string issues in tofu.
3135 * g10/tofu.c (write_stats_status): Use ulong for MESSSAGES. Fix
3136 format strings. Simplify by using the new write_status_printf.
3138 2016-09-06 Neal H. Walfield <neal@g10code.com>
3140 g10: Make sure some functions are passed a primary key.
3141 * g10/tofu.c (get_trust): Make sure the caller provides a primary key.
3142 (tofu_register_signature): Likewise.
3144 g10: Tweak TOFU's verbosity.
3145 * g10/tofu.c (time_ago_str): Only show the most significant unit.
3146 * g10/tofu.c (show_statistics): Tweak the output.
3148 g10: Only show the TOFU warning once per key.
3149 * g10/tofu.c (show_statistics): Return whether to call show_warning.
3150 Move the warning from here...
3151 (show_warning): ... to this new function.
3152 (tofu_get_validity): If show_statistics returns a non-zero value, call
3155 g10: Record and show statistics for encrypted messages when using TOFU.
3156 * g10/tofu.c: Include "sqrtu32.h".
3157 (struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
3158 get_trust_gather_signature_stats. Add new field
3159 get_trust_gather_encryption_stats.
3160 (initdb): Create the encryptions table.
3161 (ask_about_binding): Show the encryption statistics too.
3162 (tofu_register): Rename from this...
3163 (tofu_register_signature): ... to this and update callers.
3164 (tofu_register_encryption): New function.
3165 (write_stats_status): Add parameters encryption_count,
3166 encryption_first_done and encryption_most_recent. Update callers.
3167 Compute the trust using the euclidean distance of the signature and
3168 signature count. Compare with twice the threshold. Include
3169 encryption count information in the TFS and TOFU_STATS lines.
3170 (show_statistics): Also get information about the encrypted messages.
3171 * g10/trustdb.c (tdb_get_validity_core): Use it.
3173 g10: Simplify the binding statistics shown for a TOFU conflict.
3174 * g10/tofu.c (ask_about_binding): Simplify binding statistics.
3176 2016-09-06 Justus Winter <justus@g10code.com>
3178 gpgscm: Fix detection of unbalanced parenthesis.
3179 * tests/gpgscm/main.c (load): Print error message.
3180 * tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
3184 * tests/openpgp/multisig.scm: Add missing parenthesis.
3186 2016-09-06 Werner Koch <wk@gnupg.org>
3188 agent: Terminate on deletion of the socket file (Linux only).
3189 * configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
3190 * agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
3191 (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
3192 (handle_connections) [HAVE_INOTIFY_INIT]: New.
3194 2016-09-05 Justus Winter <justus@g10code.com>
3196 tests: Speed up the test suite.
3197 * tests/openpgp/run-tests.scm (test::run-sync): Pass additional
3198 arguments to the test.
3199 (test::run-sync-quiet): Likewise.
3200 (test::run-async): Likewise.
3201 (run-tests-{parallel,sequential}-isolated): Create a tarball of the
3202 gnupghome, then extract it for each test.
3203 * tests/openpgp/setup.scm: Refactor into functions, add an interface
3204 to tar-up the created environment, and untar it multiple times.
3206 common: Restore a simpler variant of 'gnupg_wait_process'.
3207 * common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
3210 common: Fix error handling.
3211 * common/exechelp-posix.c (store_result): Use xtrymalloc.
3212 (gnupg_wait_processes): Likewise, and check result.
3214 2016-09-05 Neal H. Walfield <neal@g10code.com>
3216 g10: Don't add user attributes to the TOFU DB.
3217 * g10/trustdb.c (tdb_get_validity_core): Skip user attributes.
3219 2016-09-05 Werner Koch <wk@gnupg.org>
3221 agent: Silence --debug IPC output for connections from self.
3222 * agent/command.c (server_local_s): Add fields 'greeting_seen' and
3223 'connect_from_self'.
3224 (io_monitor): Do not log connections from self.
3225 (start_command_handler): Set flag 'connect_from_self'.
3226 * agent/gpg-agent.c (check_own_socket_thread): Disable logging.
3227 (do_start_connection_thread): Do not log conection start and
3228 termination if IPC debugging is enabled.
3230 agent: Small improvement of the server's local state.
3231 * agent/command.c (sserver_local_s): Change flags to use only one bit.
3232 (option_handler): Make an atoi return 1 or 0.
3234 2016-09-05 Neal H. Walfield <neal@g10code.com>
3236 g10: Refactor cross sig check code.
3237 * g10/tofu.c (BINDING_NEW): New enum value.
3238 (BINDING_CONFLICT): Likewise.
3239 (BINDING_EXPIRED): Likewise.
3240 (BINDING_REVOKED): Likewise.
3241 (ask_about_binding): Move cross sig check from here...
3242 (get_trust): ... and the conflict set building from here...
3243 (build_conflict_set): ... to this new function.
3244 (format_conflict_msg_part1): Replace parameter conflict with
3245 conflict_set. Drop parameter fingerprint. Update callers.
3246 (ask_about_binding): Drop unused parameter conflict and redundant
3247 parameter bindings_with_this_email_count. Rename parameter
3248 bindings_with_this_email to conflict_set. Update callers.
3250 2016-09-05 Justus Winter <justus@g10code.com>
3252 tests: Update README.
3253 * tests/openpgp/README: Update.
3255 tests: Pass flags to test driver.
3256 * tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.
3258 common: Improve waiting for processes on POSIX.
3259 * common/exechelp-posix.c (struct terminated_child): New definition.
3260 (terminated_children): New variable.
3261 (store_result): New function.
3262 (get_result): Likewise.
3263 (gnupg_wait_process): Store results that were not requested and
3264 consider previously stored results.
3266 waitpid(2) may return information about terminated children that we
3267 did not yet request, and there is no portable way to wait for a
3268 specific set of children. As a workaround, we store the results of
3269 children for later use.
3271 2016-09-05 Werner Koch <wk@gnupg.org>
3273 dirmngr: Exclude D lines from the IPC debug output.
3274 * dirmngr/dirmngr.h: Include asshelp.h.
3275 * dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
3276 (data_line_write): Implement logging inhibit.
3277 (data_line_cookie_close): Print non-logged D lines.
3278 (cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
3279 (dirmngr_assuan_log_monitor): New.
3280 * dirmngr/dirmngr.c (main): Register monitor function.
3282 common: Add an assuan logging monitor.
3283 * common/asshelp.c (my_log_monitor): New var.
3284 (my_libassuan_log_handler): Run that monitor.
3285 (setup_libassuan_logging): Add arg to set a log monitor and change all
3288 gpg: New export filter drop-subkey.
3289 * g10/import.c (impex_filter_getval): Add properties for key packets.
3290 * g10/export.c (export_drop_subkey): New var.
3291 (cleanup_export_globals): Release that var.
3292 (parse_and_set_export_filter): Add filter "drop-subkey".
3293 (apply_drop_subkey_filter): New.
3294 (do_export_stream): Run that filter.
3296 common: Add string operator gt,ge,le,lt to recsel.
3297 * common/recsel.c (recsel_parse_expr): Add them.
3298 (recsel_dump): Print them.
3299 (recsel_select): Evaluate them.
3301 gpg: Use a common filter_getval for import and export.
3302 * g10/import.c (filter_getval): Rename to ...
3303 (impex_filter_getval): this. Make global.
3304 (apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
3305 * g10/export.c (filter_getval): Remove.
3306 (apply_drop_sig_filter): Use impex_filter_getval.
3308 2016-09-03 NIIBE Yutaka <gniibe@fsij.org>
3310 scd: Fix an action after card removal.
3311 * scd/command.c (update_card_removed): Call apdu_close_reader here.
3313 2016-09-02 Werner Koch <wk@gnupg.org>
3315 wks: Add framework for policy flags.
3316 * tools/call-dirmngr.c (wkd_get_policy_flags): New.
3317 * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
3318 * tools/wks-util.c (wks_parse_policy): New.
3319 * tools/gpg-wks-client.c (command_send): Get the policy flags to show
3321 * tools/gpg-wks-server.c (get_policy_flags): New.
3322 (process_new_key): get policy flag and add a stub for "auth-submit".
3323 (command_list_domains): Check policy flags.
3325 dirmngr: Add --policy-flags option to WKD_GET.
3326 * dirmngr/server.c (cmd_wkd_get): Add new option.
3328 common: Check read errors in name-value.c.
3329 * common/name-value.c: Check for read errors.
3331 2016-09-02 NIIBE Yutaka <gniibe@fsij.org>
3333 scd: Release the card reader after card removal.
3334 * scd/command.c (update_reader_status_file): Call apdu_close_reader.
3336 scd: Clean up unused shutdown method.
3337 * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
3338 (reset_ccid_reader): Don't set shutdown_reader.
3339 * scd/ccid-driver.c (ccid_shutdown_reader): Remove.
3341 agent: invoke scdaemon with --homedir.
3342 * agent/call-scd.c (start_scd): Supply --homedir option when it's not
3345 po: Update Japanese translation.
3347 2016-09-01 Neal H. Walfield <neal@g10code.com>
3349 g10: End transaction earlier.
3350 * g10/tofu.c (ask_about_binding): End the transaction earlier.
3352 g10: Don't consider cross-signed keys to be in conflict.
3353 * g10/tofu.c (cross_sigs): New function.
3354 (ask_about_binding): If apparently conflicting keys are cross signed,
3355 then don't mark them as conflicting.
3357 2016-09-01 Werner Koch <wk@gnupg.org>
3359 gpg: Avoid homedir creation by --list-config.
3360 * g10/gpg.c (main): Do not register a key for the list config
3363 gpg: Simplify code to print VALIDSIG.
3364 * g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
3365 write_status_printf.
3367 gpg: Add new function write_status_printf.
3368 * g10/cpr.c (write_status_printf): New.
3370 gpg: Fix printing of pubkey algo in --verbose signature verify.
3371 * g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
3372 change the semantics. Also clear the other R_ args on function entry,
3373 use gpg_error() and change retturn type to gpg_error_t.
3374 * g10/mainproc.c (do_check_sig): Add arg R_PK.
3375 (list_node): Pass NULL for new arg.
3376 (check_sig_and_print): Rework to make use of the returned PK.
3378 2016-09-01 Neal H. Walfield <neal@g10code.com>
3380 g10: When asking about a TOFU binding conflict, default to unknown.
3381 * g10/tofu.c (ask_about_binding): Default to unknown.
3383 g10: Add support for TRUST_NEVER.
3384 * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
3385 returned by the TOFU trust model.
3386 (do_we_trust_pre): Print a different message if TRUSTLEVEL is
3388 (check_signatures_trust): Improve comment.
3391 * g10/tofu.c (show_statistics): Improve the text (key and user id, not
3394 g10: Remove unused parameter.
3395 * g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
3398 2016-09-01 Werner Koch <wk@gnupg.org>
3400 gpg: Copy the correct digest for use by TOFU.
3401 * g10/mainproc.c (do_check_sig): Use the current digest algo.
3403 2016-09-01 Neal H. Walfield <neal@g10code.com>
3405 g10: Be careful to not be in a transaction during long operations.
3406 * g10/tofu.c (begin_transaction): New parameter only_batch. If set,
3407 only start a batch transaction if there is none and one has been
3408 requested. Update callers.
3409 (tofu_suspend_batch_transaction): New function.
3410 (tofu_resume_batch_transaction): Likewise.
3411 (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update
3412 callers. Gather statistics within a transaction. Suspend any batch
3413 transaction when getting user input.
3414 (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers.
3415 Enclose in a transaction.
3416 (tofu_get_validity): Use a batch transaction, not a normal
3419 2016-09-01 Werner Koch <wk@gnupg.org>
3421 tests: Run test requiring the network only in maintainer-mode.
3422 * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
3423 (module_tests): Move t-dns-test to ...
3424 (module_net_tests): here.
3426 2016-08-31 Werner Koch <wk@gnupg.org>
3428 wks: Send a final message to the user.
3429 * tools/gpg-wks-server.c (send_congratulation_message): New.
3430 (check_and_publish): Call it.
3432 wks: Relax permission check for the top directory.
3433 * tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.
3435 2016-08-31 Neal H. Walfield <neal@g10code.com>
3437 g10: On a TOFU conflict, show whether the uids are expired or revoked.
3438 * g10/tofu.c (struct signature_stats): Add fields is_expired and
3440 (signature_stats_prepend): Clear *stats when allocating it.
3441 (ask_about_binding): Also show whether the user ids are expired or
3444 doc: Add a help text for tofu.conflict.
3445 * doc/help.txt (.gpg.tofu.conflict): New help text.
3447 g10: Always trust ultimately trusted keys.
3448 * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
3451 g10: Fix error detection.
3452 * g10/tofu.c: first_seen == 0 is not an error.
3454 g10: Update a key's TOFU policy in a transaction.
3455 * g10/tofu.c (tofu_set_policy): Do the update in a transaction.
3456 * g10/gpg.c (main): Do a TOFU policy update in a batch transaction.
3458 g10: Fix the show old policy functionality when changing a TOFU policy.
3459 * g10/tofu.c (record_binding): Fix the show old policy functionality.
3461 g10: Drop unused argument.
3462 * g10/tofu.c (begin_transaction): Remove unused option only_batch.
3464 gpg: Move state local to tofu.c to a private structure.
3465 * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
3466 and batch_update_started from here...
3467 * g10/tofu.c (struct tofu_dbs_s): ... to here.
3469 gpg: Avoid name spaces clash with future sqlite versions (2).
3470 * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
3471 GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
3472 to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
3473 SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.
3475 2016-08-31 Werner Koch <wk@gnupg.org>
3477 gpg: Fix regression in gpgv's printing of the keyid.
3478 * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
3480 2016-08-30 Neal H. Walfield <neal@g10code.com>
3482 g10: Improve TOFU batch update code.
3483 * g10/gpg.h (tofu): Rename field batch_update_ref to
3484 batch_updated_wanted.
3485 * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
3486 in_batch_transaction.
3487 (begin_transaction): Only end an extant batch transaction if we are
3488 not in a normal transaction. When ending a batch transaction, really
3489 end it. Update ctrl->tofu.batch_update_started when starting a batch
3491 (end_transaction): Only release a batch transaction if ONLY_BATCH is
3492 true. When releasing a batch transaction, assert that there is no
3493 open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is
3495 (tofu_begin_batch_update): Don't update
3496 ctrl->tofu.batch_update_started.
3497 (opendbs): Call end_transaction unconditionally.
3499 g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
3500 * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
3501 user ids, change TOFU to return TRUST_NEVER.
3503 g10: Change tofu_register & tofu_get_validity to process multiple uids.
3504 * g10/tofu.c (tofu_register): Take a list of user ids, not a single
3505 user id. Only register the bindings, don't compute the trust. Thus,
3506 change return type to an int and remove the may_ask parameter. Update
3508 (tofu_get_validity): Take a list of user ids, not a single user id.
3509 Update callers. Observe signatures made by expired user ids, but
3510 don't include them in the trust calculation.
3512 g10: Support nested transactions on the TOFU DB.
3513 * g10/gpg.h (struct server_control_s): New field in_transaction.
3514 * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
3515 savepoint_inner_commit.
3516 (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the
3517 savepoint according to the nesting level.
3518 (end_transaction): Name the savepoint according to the nesting level.
3519 Decrement CTRL->TOFU.IN_TRANSACTION.
3520 (rollback_transaction): Likewise. Only ever rollback a non-batch
3522 (opendbs): Assert that there are no outstanding transactions.
3524 g10: Print the info text in more situations.
3525 * g10/tofu.c (ask_about_binding): Print the info text when the policy
3526 is ask and there are multiple bindings with the email address.
3528 g10: Print the formatted text.
3529 * g10/tofu.c (ask_about_binding): Print the formatted text, not the
3532 g10: When showing a user id's trust, pass the current signature.
3533 * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
3536 2016-08-29 Werner Koch <wk@gnupg.org>
3538 w32: Fix build regression due to 2aa0701.
3539 * common/logging.c (fun_writer): Always declare 'name_for_err'.
3541 gpgconf: Print the plain socket directory with --list-dirs.
3542 * tools/gpgconf.c (list_dirs): Add plain socketdir out.
3544 common: Add a default socket name feature.
3545 * common/logging.c (log_set_socket_dir_cb): New.
3546 (socket_dir_cb): New.
3547 (set_file_fd): Allow "socket://".
3548 (fun_writer): Implement default socket name.
3549 * common/init.c (_init_common_subsystems): Register default socket.
3551 gpg: Make decryption of -R work w/o --try-secret-key or --default-key.
3552 * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
3553 cases not just when --try-all-secrets is used.
3555 2016-08-25 Werner Koch <wk@gnupg.org>
3557 gpg: Fix false negatives in Ed25519 signature verification.
3558 * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
3559 * tests/openpgp/verify.scm (msg_ed25519_rshort): New
3560 (msg_ed25519_sshort): New.
3561 ("Checking that a valid Ed25519 signature is verified as such"): New.
3563 common: Rename an odd named function.
3564 * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
3565 (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change
3568 gpg: New option --with-tofu-info.
3569 * g10/gpg.c (oWithTofuInfo): New.
3570 (opts): Add --with-tofu-info.
3571 (main): Set opt.with_tofu_info.
3572 * g10/options.h (struct opt): Add field WITH_TOFU_INFO.
3573 * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
3574 special mode if not NULL. Change all callers.
3575 (tofu_write_tfs_record): New.
3576 * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
3577 part of the "uid" record. Print a new "tfs" record if the new option
3579 * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
3581 2016-08-24 Werner Koch <wk@gnupg.org>
3583 gpg: Change TOFU_STATS to return timestamps.
3584 * g10/tofu.c (write_stats_status): Add arg FP to print a colon
3585 formated line. Adjust for changed TOFU_STATS interface.
3586 (show_statistics): Let the query return timestamps and use
3587 gnupg_get-time to compute the "time ago" values.
3589 common: Guarantee that gnupg_get_time does not return an error.
3590 * common/gettime.c (gnupg_get_time): Abor if time() failed.
3591 (gnupg_get_isotime): Remove now useless check.
3592 (make_timestamp): Remove check becuase we already checked this modulo
3593 the faked time thing.
3595 wks: Add command --supported to gpg-wks-client.
3596 * tools/gpg-wks-client.c (aSupported): New.
3597 (opts): Add --supported.
3598 (parse_arguments): Ditto.
3599 (main): Call command_supported.
3600 (command_supported): New.
3602 2016-08-22 Werner Koch <wk@gnupg.org>
3604 wks: Install gpg-wks-client under libexec.
3605 * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ...
3606 (libexec_PROGRAMS): ...here.
3608 common: Remove unused vars in simple-pwquery.
3609 * common/simple-pwquery.c (agent_send_option): Remove unused vars.
3610 (simple_query): Ditto.
3611 (agent_open): Ditto. Return RC on error.
3612 (simple_pwquery): Remove unused vars. Remove shadowing of 'p'.
3614 2016-08-18 Werner Koch <wk@gnupg.org>
3618 po: Update German translation.
3620 2016-08-18 Åka Sikrom <a4@hush.com>
3622 po: Update Norwegian translation.
3624 2016-08-18 Ineiev <ineiev@gnu.org>
3626 po: Update Russian translation.
3628 2016-08-18 Werner Koch <wk@gnupg.org>
3630 gpg: Add import filter "drop-sig".
3631 * g10/import.c (import_drop_sig): New variable.
3632 (cleanup_import_globals): Release that.
3633 (parse_and_set_import_filter): Add filter "drop-sig".
3634 (filter_getval): Implement properties for drop-sig.
3635 (apply_drop_sig_filter): New.
3636 (import_one): Apply that filter.
3638 dirmngr: Remove all system daemon features.
3639 * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
3641 * common/homedir.c (dirmngr_sys_socket_name): Remove.
3642 (dirmngr_user_socket_name): Rename to ...
3643 (dirmngr_socket_name): this. Change call callers.
3644 * common/asshelp.c (start_new_dirmngr): Remove the system socket
3646 * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
3647 * sm/server.c (gpgsm_server): Adjust for removed system socket feature.
3648 * dirmngr/server.c (cmd_getinfo): Ditto.
3649 (cmd_killdirmngr): Remove check for system daemon.
3650 (cmd_reloaddirmngr): Ditto.
3651 * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
3653 (opts): Remove --service.
3654 (w32_service_control): Remove.
3655 (real_main, call_real_main) [W32]: Remove wrapper.
3656 (main): Remove Windows system service feature. Remove system dameon
3657 feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
3658 * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
3660 * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
3661 * dirmngr/ocsp.c (validate_responder_cert): Do not call
3662 validate_cert_chain which was used only in system daemon mode.
3663 * dirmngr/validate.c (validate_cert_chain): Always use the code.
3665 gpg: New option --sender.
3666 * g10/options.h (struct opt): Add field 'sender_list'.
3667 * g10/gpg.c: Include mbox-util.h.
3669 (opts): Add option "--sender".
3670 (main): Parse option.
3672 2016-08-16 Werner Koch <wk@gnupg.org>
3674 agent: Allow import of overly large keys.
3675 * agent/command.c (MAXLEN_KEYDATA): Double the size.
3677 2016-08-14 Werner Koch <wk@gnupg.org>
3679 g13: Allow the use of a g13tab label for --mount.
3680 * g13/mount.c (g13_mount_container): Do not run the first access check
3681 if syshelp is required.
3683 g13: Implement --umount for dm-crypt.
3684 * g13/g13.c (main): Implement command --umount.
3685 * g13/mount.c (g13_umount_container): use the syshelper if needed.
3686 * g13/backend.c (be_umount_container): New.
3687 * g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
3688 * g13/call-syshelp.c (call_syshelp_run_umount): New.
3689 * g13/sh-cmd.c (cmd_umount): New.
3690 (register_commands): Register UMOUNT.
3691 * g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.
3693 2016-08-13 Werner Koch <wk@gnupg.org>
3695 g13: Fix double free bug.
3696 * g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.
3698 g13: Consider g13tab for a mount command.
3699 * g13/sh-cmd.c (cmd_getkeyblob): New.
3700 (register_commands): Register it.
3701 * g13/call-syshelp.c (getkeyblob_data_cb): New.
3702 (call_syshelp_get_keyblob): New.
3703 * g13/mount.c: Include callsyshelp.h.
3704 (g13_mount_container): Ask syshelp whether the filename is managed by
3705 g13tab. Call syshelp to get the encrypted keyblob in this case.
3707 g13: Move some function around.
3708 * g13/keyblob.c (g13_keyblob_decrypt): Move to ...
3709 * g13/server.c: to here.
3710 * g13/suspend.c, g13/mount.c: Include server.h.
3711 * g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
3713 g13: New command --find-device.
3714 * common/status.h (STATUS_BLOCKDEV: New.
3715 * g13/call-syshelp.c: Include "call-syshelp.h".
3716 (finddevice_status_cb, call_syshelp_find_device): New.
3717 * g13/g13.c (aFindDevice): New.
3718 (opts): Add "--find-device".
3719 (main): Implement --find-device.
3720 * g13/sh-cmd.c (cmd_finddevice): New.
3721 (register_commands): Register new command.
3723 2016-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3725 Avoid leading ": " in the log output when there are no prefixes.
3726 * common/logging.c (do_logv): When no prefixes have been requested,
3727 omit the ": " separator, since there is nothing on the left-hand
3730 Call log_set_prefix() with human-readable labels.
3731 * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
3732 * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
3733 * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
3734 * tests/gpgscm/main.c, tools/gpg-check-pattern.c
3735 * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
3736 * tools/symcryptrun.c: Invoke log_set_prefix() with
3737 human-readable labels.
3739 2016-08-11 Werner Koch <wk@gnupg.org>
3741 gpg: New option --input-size-hint.
3742 * g10/options.h: Include stdint.h.
3743 (struct opt): Add field 'input_size_hint'.
3744 * g10/gpg.c (oInputSizeHint): New.
3745 (opts): Add --input-size-hint.
3746 (main): Set opt.input_size_hint.
3747 * g10/progress.c (write_status_progress): Use the hint.
3749 common: New function string_to_u64.
3750 * common/stringhelp.c (string_to_u64): New.
3751 * dirmngr/http.c (longcounter_t): Remove.
3752 (struct cookie_s): Change content_length to uint64_t.
3753 (parse_response): Use string_to_u64.
3755 2016-08-11 Justus Winter <justus@g10code.com>
3757 common: Remove compatibility code.
3758 * common/Makefile.am: Drop deleted files.
3759 * common/w32-afunix.c: Delete file.
3760 * common/w32-afunix.h: Likewise.
3762 common: Rework the simple password query module.
3763 * common/simple-pwquery.c (writen, readline): Drop.
3764 (agent_send_option, agent_send_all_options, agent_open): Just use
3766 (simple_pw_set_socket): Simplify.
3767 (default_inq_cb): New function.
3768 (simple_pwquery, simple_query): Just use libassuan.
3769 * agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan.
3770 * tools/Makefile.am (symcryptrun_LDADD): Likewise.
3772 common: Remove simple password query error codes.
3773 * common/simple-pwquery.h: Remove mapping function. Move all
3774 definitions of status codes...
3775 * common/simple-pwquery.c: ... here, and define them to meaningful gpg
3777 * agent/preset-passphrase.c (preset_passphrase): Use error code as-is.
3778 (forget_passphrase): Likewise.
3779 * tools/symcryptrun.c (confucius_get_pass): Likewise.
3781 2016-08-10 Werner Koch <wk@gnupg.org>
3783 gpg: Print the signer's UID during verification.
3784 * g10/parse-packet.c (parse_signature): Sanitize the value stored in
3786 * g10/mainproc.c (issuer_fpr_string): New.
3787 (check_sig_and_print): Print the signers' UID. Print the issuer
3788 fingerprint in --rfc4880bis mode.
3790 common: New function try_make_printable_string.
3791 * common/stringhelp.c (sanitize_buffer): Remove. Move code to ...
3792 * common/miscellaneous.c (try_make_printable_string): new.
3793 (make_printable_string): Call try_make_printable_string.
3795 2016-08-10 Justus Winter <justus@g10code.com>
3797 tests: Fix distcheck.
3798 * tests/openpgp/issue2417.scm: Copy configuration.
3800 2016-08-10 Werner Koch <wk@gnupg.org>
3802 gpg: Remove tofu database format "split".
3803 * g10/options.h (struct opt): Remove field tofu_db_format.
3804 * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
3805 tofu.batch_update_started.
3806 * g10/gpg.c (parse_tofu_db_format): Remove.
3807 (main): Make option --tofu-db-format obsolete.
3808 * g10/tofu.c: Major rework. Remove the pretty complicated and slower
3809 split format and with that all the caching. Use the dbs struct
3810 directly. Move global vars for batch update into CTRL. Change
3811 calling conventions of some function to take CTRL or DBS pointers
3812 instead of the former low-level database pointer.
3814 2016-08-10 Justus Winter <justus@g10code.com>
3816 g10: Fix opening of trust database.
3817 * g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for
3818 the file size, but handled the case of a zero-sized file incorrectly
3819 by returning success. Fix this by initializing the database in that
3821 * tests/openpgp/Makefile.am (XTESTS): Add new test.
3822 * tests/openpgp/issue2417.scm: New file.
3824 tests: Fix distcheck.
3825 * tests/openpgp/Makefile.am (EXTRA_DIST): Explicitly add setup and
3826 teardown scripts now that they no longer are included in the list of
3829 tests: Improve temporary directory handling.
3830 * tests/gpgscm/ffi.c (ffi_init): Rename 'mkdtemp'.
3831 * tests/gpgscm/tests.scm (mkdtemp): New function that uses a sensible
3832 location and template if no arguments are given.
3833 (with-temporary-working-directory): Simplify accordingly.
3834 (make-temporary-file): Likewise.
3835 * tests/openpgp/run-tests.scm (run-tests-parallel-isolated): Likewise.
3836 (run-tests-sequential-isolated): Likewise.
3838 gpgscm: Make the name of foreign functions more unique.
3839 * tests/gpgscm/ffi-private.h (ffi_define_function_name): Add another
3842 tests: Run each test in a clean environment.
3843 * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Drop obsolete
3844 variables, add 'srcdir', use absolute paths.
3845 (TESTS): Rename to 'XTESTS' to avoid emitting the automake test
3846 runner. Drop 'setup.scm' and 'finish.scm'.
3847 (xcheck): New target that runs 'run-tests.scm', our Scheme test suite
3848 runner. It will run each test in a clean environment, isolated from
3850 (EXTRA_DIST): Adapt accordingly.
3851 * tests/openpgp/README: Likewise.
3853 tests: Make ssh test more robust.
3854 * tests/openpgp/ssh.scm: Drop the 'MD5:' which was not printed by
3855 previous ssh versions.
3857 2016-08-10 NIIBE Yutaka <gniibe@fsij.org>
3859 agent: SSH support fix.
3860 * agent/command-ssh.c (ssh_handler_request_identities): Keep error
3863 2016-08-09 Werner Koch <wk@gnupg.org>
3865 agent: Fix regression in recent ssh changes.
3866 * agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
3868 gpg: Extend the PROGRESS line to give the used unit.
3869 * g10/progress.c (write_status_progress): Print the units parameter.
3871 2016-08-09 Ben Kibbey <bjk@luxsci.net>
3873 Cleanup initialization of libgcrypt.
3874 * common/init.c (init_common_subsystems): Initialize libgcrypt.
3875 * dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
3877 2016-08-09 NIIBE Yutaka <gniibe@fsij.org>
3879 agent: SSH support improvement.
3880 * agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
3881 error, not giving up to handle the request itself.
3882 * agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.
3884 2016-08-08 Werner Koch <wk@gnupg.org>
3886 gpg: Cleanup of dek_to_passphrase function (part 2).
3887 * g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg
3889 (passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg
3890 MODE into CREATE and NOCACHE. Change all callers and adjust stubs.
3891 (passphrase_clear_cache): Remove args KEYID and ALGO. They are not
3892 used. Change caller.
3894 gpg: Cleanup of dek_to_passphrase function (part 1).
3895 * g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
3896 CUSTPROMPT. Merge into the passphrase_to_dek wrapper.
3897 (passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
3899 2016-08-08 NIIBE Yutaka <gniibe@fsij.org>
3901 agent: More clean up of SSH support.
3902 * common/util.h (get_pk_algo_from_key): New.
3903 * common/sexputil.c (get_pk_algo_from_key): The implementation.
3904 * agent/gpg-agent.c: Remove include of openpgpdefs.h.
3905 * agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
3906 (ssh_key_types): Update with GCRY_PK_*.
3907 (make_cstring, sexp_extract_identifier): Remove.
3908 (sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
3909 (ssh_key_to_blob): Use cadr to get value list.
3910 (ssh_key_type_lookup): Lookup with integer ALGO.
3911 (ssh_receive_key): Follow the change of ssh_key_type_lookup.
3912 (ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
3914 tests: Add openpgp/gpgv-forged-keyring.scm.
3915 * tests/openpgp/gpgv-forged-keyring.scm: New.
3916 * tests/openpgp/forged-keyring.gpg: New.
3917 * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
3918 * tests/openpgp/defs.scm (tools): Add GPGV.
3921 2016-08-06 Werner Koch <wk@gnupg.org>
3923 agent: Fix long standing regression tracking the connection count.
3924 * agent/gpg-agent.c (get_agent_active_connection_count): New.
3925 (do_start_connection_thread, start_connection_thread_ssh): Bump
3926 ACTIVE_CONNECTIONS up and down.
3927 * agent/command.c (cmd_getinfo): Add subcommand "connections".
3929 2016-08-06 NIIBE Yutaka <gniibe@fsij.org>
3931 agent: Clean up SSH support.
3932 * agent/command-ssh.c (file_to_buffer): Remove.
3933 (ssh_handler_request_identities): Use agent_public_key_from_file.
3935 2016-08-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3937 gpg: Avoid publishing the GnuPG version by default.
3938 * g10/gpg.c (main): initialize opt.emit_version to 0
3939 * doc/gpg.texi: document different default for --emit-version
3941 2016-08-04 Werner Koch <wk@gnupg.org>
3943 gpg: Make sure that keygrips are printed for each subkey.
3944 * g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of
3947 gpg: Always print the fingerprint in colons mode.
3948 * g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print
3949 fingerprint records. For secret keys always print keygrip records.
3951 tests: Use gpgconf to set the ssh socket envvar.
3952 * tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf.
3954 gpgconf: Add limited support for -0.
3955 * tools/gpgconf.h (opt): Add field 'null'.
3956 * tools/gpgconf.c: Add option --null/-0.
3957 (list_dirs): Use it here.
3959 2016-08-04 Justus Winter <justus@g10code.com>
3961 tests: Update list of tests in Scheme test runner.
3962 * tests/openpgp/run-tests.scm: Add missing tests.
3964 tests: Fix path to fake-pinentry.
3965 * tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry.
3967 2016-08-04 NIIBE Yutaka <gniibe@fsij.org>
3969 po: Update Japanese translation.
3971 po: update Japanese translation.
3973 g10: Fix checking key for signature validation.
3974 * g10/sig-check.c (check_signature2): Not only subkey, but also primary
3975 key should have flags.valid=1.
3977 2016-08-03 Justus Winter <justus@g10code.com>
3979 kbx: Add missing header file.
3980 * kbx/keybox-update.c: Add missing header file.
3982 2016-08-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3984 More cleanup of "allow to".
3985 * README, agent/command.c, agent/keyformat.txt, common/i18n.c,
3986 common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
3987 dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
3988 doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
3989 doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
3990 g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
3991 m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
3992 po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
3993 po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
3994 po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
3995 po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
3996 scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
3997 sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
4000 In standard English, the normal construction is "${XXX} allows ${YYY}
4001 to" -- that is, the subject (${XXX}) of the sentence is allowing the
4002 object (${YYY}) to do something. When the object is missing, the
4003 phrasing sounds awkward, even if the object is implied by context.
4004 There's almost always a better construction that isn't as awkward.
4006 These changes should make the language a bit clearer.
4008 dirmngr: Emit correct spelling of "superseded".
4009 * dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly.
4010 * dirmngr/ocsp.c (ocsp_invalid): Likewise.
4012 This might break some tools which parse the existing output and expect
4013 misspellings, but i'm not sure there are many such tools, and we
4014 should use standardized orthography going forward.
4016 Fix spelling and grammar.
4017 * agent/learncard.c: s/coccured/occurred/
4018 * doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
4019 s/reponses/responses/i
4020 * doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
4021 to" to more conventional english usage.
4022 * doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
4023 tests/openpgp/armor.test: s/occured/occurred/
4024 * tools/gpgsplit.c: s/calcualting/calculating/
4025 * sm/server.c: s/formated/formatted/
4027 2016-08-03 Werner Koch <wk@gnupg.org>
4029 gpg,gpgsm: Block signals during keyring/keybox update.
4030 * kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS.
4031 * kbx/keybox-update.c (rename_tmp_file): Block all signals when doing
4033 * g10/keyring.c (rename_tmp_file): Block all signals during the double
4036 common: New file utilproto.c.
4037 * common/util.h: Factor prototypes from signal.c out to ...
4038 * common/utilproto.h: new.
4039 * common/Makefile.am (common_sources): Add new file.
4041 2016-08-01 Justus Winter <justus@g10code.com>
4043 gpgsm: Fix machine-readable key listing.
4044 * sm/keylist.c (list_cert_colon): Drop superfluous colon.
4046 tests: Distribute standalone test runner.
4047 * tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file
4050 2016-07-28 Justus Winter <justus@g10code.com>
4052 tests: Fix distcheck.
4053 * tests/openpgp/Makefile.am (sample_msgs): New variable.
4054 (EXTRA_DIST): Also ship the sample msgs.
4056 2016-07-27 Fredrik Fornwall <fredrik@fornwall.net>
4058 build: Fix check for Android.
4059 * configure.ac: Match other Android targets as well.
4061 2016-07-26 Justus Winter <justus@g10code.com>
4063 common: Fix iobuf_peek corner case.
4064 Previously, iobuf_peek on a file smaller than 'buflen' would hang.
4066 * common/iobuf.c (underflow): Generalize by adding a target parameter.
4067 (iobuf_peek): Use this to prevent looping here.
4068 * tests/openpgp/Makefile.am (TESTS): Add new test.
4069 * tests/openpgp/setup.scm (dearmor): Move function...
4070 * tests/openpgp/defs.scm (dearmor): ... here.
4071 * tests/openpgp/issue2419.scm: New file.
4072 * tests/openpgp/samplemsgs/issue2419.asc: Likewise.
4074 gpgscm: Do not shadow common function name in catch macro.
4075 * tests/gpgscm/init.scm (catch): Do not shadow 'exit'.
4077 tests: Fix distcheck.
4078 * tests/openpgp/Makefile.am (samplekeys): Add missing key.
4080 gpgscm: Make the verbose setting more useful.
4081 * tests/gpgscm/ffi.c (do_get_verbose): New function.
4082 (do_set_verbose): Likewise.
4083 (ffi_init): Turn *verbose* into a function, add *set-verbose!*.
4084 * tests/gpgscm/tests.scm (call): Adapt accordingly.
4085 (call-with-io): Dump output if *verbose* is high.
4086 (pipe-do): Adapt accordingly.
4087 * tests/openpgp/defs.scm: Set verbosity according to environment.
4088 * tests/openpgp/run-tests.scm (test): Adapt accordingly.
4090 common: Avoid excessive stack use.
4091 * common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
4092 (gnupg_exec_tool_stream): Allocate copy buffers from the heap.
4094 common: Rework resource cleanup when handling errors.
4095 * common/exectool.c (gnupg_exec_tool_stream): Rework error handling.
4097 common: Add unit test for exectool.
4098 * common/Makefile.am: Build new test.
4099 * common/t-exectool.c: New file.
4101 2016-07-25 Justus Winter <justus@g10code.com>
4103 g10: Fix key import statistics.
4104 'transfer_secret_keys' collects statistics on a subkey-basis, while
4105 the other code does not. This leads to inflated numbers when
4106 importing secret keys. E.g. 'count' is incremented by the main
4107 parsing loop in 'import', and again in 'transfer_secret_keys', leading
4108 to a total of 3 if one key with two secret subkeys is imported.
4110 * g10/import.c (import_secret_one): Adjust to the fact that
4111 'transfer_secret_keys' collects subkey statistics.
4112 * tests/openpgp/Makefile.am (TESTS): Add new test.
4113 * tests/openpgp/issue2346.scm: New file.
4114 * tests/openpgp/samplekeys/issue2346.gpg: Likewise.
4116 2016-07-22 Justus Winter <justus@g10code.com>
4118 gpgscm: Make function more general.
4119 * tests/gpgscm/tests.scm (in-srcdir): Accept more path fragments.
4121 g10: Properly ignore legacy keys in the keyring cache.
4122 * g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys
4123 in the keyring cache.
4124 * tests/migrations/Makefile.am (TESTS): Add new test.
4125 * tests/migrations/common.scm (GPG-no-batch): New variable.
4126 (run-test): New function.
4127 * tests/migrations/issue2276.scm: New file.
4128 * tests/migrations/issue2276.tar.asc: Likewise.
4130 2016-07-21 Justus Winter <justus@g10code.com>
4132 g10: Fix error handling.
4133 * g10/tofu.c (show_statistics): Fix error handling, 0 is a valid
4136 g10: Drop superfluous begin transaction.
4137 * g10/tofu.c (record_binding): We only need a transaction for the
4140 gpgscm: Make assert macro more accurate.
4141 * tests/gpgscm/lib.scm (assert): Print the representation of the
4144 gpgscm: Make error message more useful.
4145 * tests/gpgscm/scheme.c (opexe_0): Include names of missing function
4146 parameters in the error message.
4149 * g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
4150 cache limit. Previously, this would crash if db_cache_count == count.
4152 2016-07-20 NIIBE Yutaka <gniibe@fsij.org>
4154 scd: Fix card removal/reset on multiple contexts.
4155 * scd/app.c (application_notify_card_reset): Add message for debug.
4156 *scd/command.c (update_card_removed): Call release_application and set
4158 (struct server_local_s): Remove app_ctx_marked_for_release.
4159 (do_reset): Don't mark release but call release_application here.
4160 (open_card): Remove app_ctx_marked_for_release handling.
4161 (update_reader_status_file): Don't set SLOT here, so that it can be
4162 released the APP by application_notify_card_reset in
4163 update_card_removed.
4165 2016-07-19 Justus Winter <justus@g10code.com>
4167 agent: Add known keys to sshcontrol.
4168 * agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
4169 even if it is already in the private key store.
4170 * tests/openpgp/ssh.scm: Test this.
4172 tests: Add test for ssh support.
4173 * tests/gpgscm/tests.scm (path-expand): New function.
4174 * tests/openpgp/Makefile.am (TESTS): Add new test.
4175 (sample_keys): Add new keys.
4176 (CLEANFILES): Clean ssh socket and control file.
4177 * tests/openpgp/fake-pinentry.c (main): Add a default passphrase.
4178 * tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support.
4179 * tests/openpgp/samplekeys/ssh-dsa.key: New file.
4180 * tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise.
4181 * tests/openpgp/samplekeys/ssh-ed25519.key: Likewise.
4182 * tests/openpgp/samplekeys/ssh-rsa.key: Likewise.
4183 * tests/openpgp/ssh.scm: Likewise.
4185 2016-07-19 NIIBE Yutaka <gniibe@fsij.org>
4187 scd: Fix race conditions for release_application.
4188 * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
4189 release_application.
4191 2016-07-18 Justus Winter <justus@g10code.com>
4193 agent: Fix passphrase cache lookups.
4194 CACHE_MODE_ANY is supposed to match any cache mode except
4195 CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.
4197 * agent/cache.c (cache_mode_equal): New function.
4198 (agent_set_cache): Use the new function to compare cache modes.
4199 (agent_get_cache): Likewise.
4200 * tests/openpgp/Makefile.am (TESTS): Add new test.
4201 * tests/openpgp/issue2015.scm: New file.
4203 2016-07-15 Justus Winter <justus@g10code.com>
4205 build: Always build gpgtar.
4206 We use gpgtar to unpack test data, hence we always build it. If the
4207 user opts out, we simply don't install it.
4209 * configure.ac: Add comment.
4210 * tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is
4212 * tools/Makefile.am: Always build gpgtar, but do not install it if the
4213 user used '--disable-gpgtar'.
4215 2016-07-15 Werner Koch <wk@gnupg.org>
4217 wks: Publish as binary file.
4218 * tools/gpg-wks-server.c (copy_key_as_binary): New.
4219 (check_and_publish): Use new function instead of rename.
4221 2016-07-15 Justus Winter <justus@g10code.com>
4223 gpgscm: Fix linking.
4224 * tests/gpgscm/Makefile.am: Add -lintl.
4226 g10: Fix building without trust models.
4227 * g10/pkclist.c (write_trust_status): Fall back to the previous
4230 tests: Check for gpgtar.
4231 * tests/migrations/extended-pkf.scm: Skip test if gpgtar is not built.
4232 * tests/migrations/from-classic.scm: Likewise.
4233 * tests/openpgp/gpgtar.scm: Fix check for gpgtar.
4235 2016-07-14 Werner Koch <wk@gnupg.org>
4239 po: Update the German translation.
4241 2016-07-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
4243 dirmngr: fix handling of HTTP redirections.
4244 * dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session
4245 when following a HTTP redirection.
4247 2016-07-14 Werner Koch <wk@gnupg.org>
4249 gpg: Remove options --print-dane-records and --print-pka-records.
4250 * g10/gpg.c (main): Remove options but print a dedicated warning.
4251 * g10/options.h (struct opt): Remove fields 'print_dane_records' and
4252 'print_pka_records'.
4253 * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
4254 (list_keyblock_pka): Remove.
4256 2016-07-14 Åka Sikrom <a4@hush.com>
4258 po: Complete update of the Norwegian translation.
4260 2016-07-14 Yuri Chornoivan <yurchor@ukr.net>
4262 Update Ukrainian translation.
4264 2016-07-14 Ineiev <ineiev@gnu.org>
4266 Update Russian translation.
4268 2016-07-14 Werner Koch <wk@gnupg.org>
4270 gpg: Fix regression since 2.1 in --search-key with a fingerprint.
4271 * dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
4273 gpgscm: Use kludge to avoid improper use of ffi_schemify_name.
4274 * tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of
4277 build: Require latest released libraries.
4278 * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
4279 (do_encryption): Always support OCB.
4280 (do_decryption): Ditto.
4281 (agent_unprotect): Ditto.
4282 * dirmngr/server.c (is_tor_running): Unconditionally build this.
4284 2016-07-13 Werner Koch <wk@gnupg.org>
4286 build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
4287 * build-aux/config.guess: Update.
4288 * build-aux/config.sub: Update.
4290 gpg: Fix regression due to the new --mimemode options.
4291 * g10/gpg.c (opts): Re-add oTextmodeShort.
4293 2016-07-13 Daiki Ueno <ueno@gnu.org>
4295 gpg: Make --try-all-secrets work for hidden recipients.
4296 * g10/getkey.c (enum_secret_keys): Really enumerate all secret
4297 keys if --try-all-secrets is specified.
4299 2016-07-13 Werner Koch <wk@gnupg.org>
4301 gpg: Do not print a the short keyid if the high word is zero.
4302 * g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.
4304 gpg: New option --mimemode.
4305 * g10/gpg.c (oMimemode): New.
4306 (opts): Add --mimemode.
4307 (main): Use --mimemode only in rfc4880bis compliance mode.
4308 * g10/options.h (struct opt): Add field "mimemode".
4309 * g10/build-packet.c (do_plaintext): Allow for mode 'm'.
4310 * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
4311 * g10/plaintext.c (handle_plaintext): Handle 'm' mode.
4312 * g10/sign.c (write_plaintext_packet): Handle 'm' mode.
4313 (sign_file, sign_symencrypt_file): Use 'm' if requested.
4315 wks: Use correct key for the confirmation.
4316 * tools/gpg-wks-client.c (send_confirmation_response): Actually
4317 encrypt to the recipient.
4319 wks: New server command --list-domains.
4320 * tools/gpg-wks-server.c (aListDomains): New.
4321 (opts): Add --list-domains.
4322 (parse_arguments): Implement.
4323 (main): Ditto. Use only one final diagnostic message.
4324 (command_list_domains): New.
4325 (check_and_publish): Remove directory creation.
4326 (get_domain_list): New.
4327 (expire_pending_confirmations): Rewrite using a list of directories.
4328 (command_cron): Get domain list and pass to
4329 expire_pending_confirmations.
4331 2016-07-13 NIIBE Yutaka <gniibe@fsij.org>
4333 agent: Fix envvars for UPDATESTARTUPTTY.
4334 agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
4337 2016-07-12 Werner Koch <wk@gnupg.org>
4340 * g13/g13tuple.c (create_tupledesc): Init refcount to 1.
4342 wks: Add --cron command to gpg-wks-server.
4343 * tools/gpg-wks-server.c (PENDING_TTL): New.
4344 (expire_one_domain, expire_pending_confirmations): New.
4345 (command_cron): New.
4346 (main): Implement --cron.
4348 wks: Try to send an encrypted confirmation back.
4349 * tools/gpg-wks-client.c (encrypt_response_status_cb): New.
4350 (encrypt_response): New.
4351 (send_confirmation_response): Encrypt the response.
4353 * tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
4356 wks: Also create DANE record.
4357 * tools/gpg-wks-server.c (copy_key_as_dane): New.
4358 (check_and_publish): Also publish as DANE record.
4360 gpg: Extend import-option import-export to print PKA or DANE.
4361 * g10/export.c (do_export_stream): Move PKA and DANE printing helper
4363 (print_pka_or_dane_records): this fucntion.
4364 (write_keyblock_to_output): Add arg OPTIOSN and call
4365 print_pka_or_dane_records if requested.
4367 gpg: Move a function from import.c to export.c.
4368 * g10/import.c (write_keyblock_to_output): Move to ...
4369 * g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR.
4370 Also make sure never to export ring trust packets.
4372 2016-07-11 Werner Koch <wk@gnupg.org>
4374 gpgconf: Enhance --list-dirs.
4375 * tools/gpgconf.c (main) <aListDir>: Factor code out to ...
4376 (list_dirs): new. Rewrite to use a table. Allow selection of a
4377 items. Add "agent-ssh-socket".
4379 2016-07-09 NIIBE Yutaka <gniibe@fsij.org>
4381 gpgv: Tweak default options for extra security.
4382 * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
4383 cached status. Similarly, set opt.flags.require_cross_cert for backsig
4384 validation for subkey signature.
4386 2016-07-07 Werner Koch <wk@gnupg.org>
4388 gpg: Add export options "export-pka" and "export-dane".
4389 * g10/options.h (EXPORT_PKA_FORMAT): New.
4390 * g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
4391 * g10/export.c: Include zb32.h.
4392 (parse_export_options): Add options "export-pka" and "export-dane".
4393 (do_export): Do not armor if either of these option is set.
4394 (print_pka_or_dane_records): New.
4395 (do_export_stream): Implement new options.
4397 gpg: Split a too large export function.
4398 * g10/export.c (do_export_stream): Factor some code out to ...
4399 (do_export_one_keyblock): new.
4401 2016-07-07 Justus Winter <justus@g10code.com>
4403 gpgscm: Capture output of spawned processes.
4404 * tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
4405 return stdout if the child exited successfully, or include stderr in
4407 * tests/openpgp/version.scm: Demonstrate this by checking the stdout.
4409 2016-07-06 Werner Koch <wk@gnupg.org>
4411 doc: Escape file names in generated macros.
4412 * doc/mkdefsinc.c (print_filename): New.
4413 (main): Use it here.
4415 wks: Let the server take the encrytion key from the file.
4416 * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
4418 (store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
4419 (send_confirmation_request): Add arg 'keyfile'.
4420 (process_new_key): Pass on the name of the keyfile.
4422 gpg: New options --recipient-file and --hidden-recipient-file.
4423 * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
4424 (opts): Add options --recipient-file and --hidden-recipient-file.
4425 (main): Implement them. Also remove duplicate code from similar
4427 * g10/keydb.h (PK_LIST_FROM_FILE): New.
4428 (PK_LIST_SHIFT): Bump up.
4429 * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
4430 (find_and_check_key): Add and implement arg FROM_FILE.
4431 (build_pk_list): Pass new value for new arg.
4432 * g10/getkey.c (get_pubkey_fromfile): New.
4433 * g10/gpgv.c (read_key_from_file): New stub.
4434 * g10/test-stubs.c (read_key_from_file): New stub.
4435 * g10/server.c (cmd_recipient): Add flag --file.
4436 * g10/import.c (read_key_from_file): New.
4438 * tests/openpgp/defs.scm (key-file1): New.
4440 * tests/openpgp/setup.scm: Add their private keys and import the
4442 * tests/openpgp/encrypt.scm: Add new test.
4444 gpg: New option --no-keyring.
4445 * g10/gpg.c (oNoKeyring): New.
4446 (opts): Add "--no-keyring".
4447 (main): Do not register any keyring if the option is used.
4449 gpg: Document use of node flags in import.c and remove unused args.
4450 * g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1.
4451 (NODE_BAD_SELFSIG): New. Use instead of 2.
4452 (NODE_DELETION_MARK): New. Use instead of 4.
4453 (NODE_FLAG_A): New. Use to mark new nodes in merge_blocks.
4454 (chk_self_sigs): Remove unused args FNAME and PK.
4455 (import_one): Adjust call. Simplify error return because
4456 chk_self_sigs does not return an error code.
4457 (append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
4458 args FNAME and KEYID.
4459 (merge_blocks, import_one, import_secret_one)
4460 (import_revoke_cert): Remove unused arg FNAME.
4462 gpg: Get rid of an unused arg in a function in getkey.c.
4463 * g10/getkey.c (pk_from_block): Remove unused arg CTX. Change all
4466 gpg: Change calling convention for a function in getkey.c.
4467 * g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE
4469 (finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here...
4470 (lookup): and not here.
4472 2016-07-05 Werner Koch <wk@gnupg.org>
4474 gpg: Fix possible out-of-bounds read in is_armored.
4475 * g10/armor.c (check_input): Call is_armored only if LEN >= 2.
4476 (unarmor_pump): Use a 2 byte buffer for is_armored.
4478 2016-07-05 Justus Winter <justus@g10code.com>
4480 tests: Honor environment variable 'TMP'.
4481 This fixes problems with long socket names, e.g. when doing distcheck.
4483 * tests/gpgscm/tests.scm (path-join): New function.
4484 (with-temporary-working-directory): Honor 'TMP'.
4485 (make-temporary-file): Likewise.
4486 * tests/migrations/Makefile.am (TMP): Default to '/tmp'.
4487 (TESTS_ENVIRONMENT): Set 'TMP'.
4488 * tests/openpgp/Makefile.am (TMP): Default to '/tmp'.
4489 (TESTS_ENVIRONMENT): Set 'TMP'.
4491 gpgscm: Improve robustness and compatibility.
4492 * tests/gpgscm/ffi.c (do_getenv): Avoid gccism.
4493 (do_mkdtemp): Handle errors.
4495 tests/migrations: Fix distcheck.
4496 * tests/migrations/Makefile.am (TESTS): Rename test.
4497 (TEST_FILES): Update list.
4498 (EXTRA_DIST): Add common.scm.
4499 * tests/migrations/common.scm (GPGTAR): New variable.
4500 (dearmor): Rename and untar archive.
4501 * tests/migrations/extended-private-key-format.scm: Rename.
4503 * tests/migrations/extended-pkf.tar.asc: New file.
4504 * tests/migrations/extended-private-key-format.gpghome: Delete.
4505 * tests/migrations/from-classic.gpghome: Likewise.
4506 * tests/migrations/from-classic.scm (setup): Update.
4507 * tests/migrations/from-classic.tar.asc: New file.
4509 tools/gpgtar: Provide --create and --extract.
4510 * tools/gpgtar.c (cmd_and_opt_values): New values.
4511 (opts): New actions.
4512 (parse_arguments): Handle new actions.
4513 * tests/openpgp/gpgtar.scm: Test new interface.
4515 g10: Fix out-of-bounds read.
4516 * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.
4518 2016-07-04 Werner Koch <wk@gnupg.org>
4520 wks: Add command --read to gpg-wks-client.
4521 * tools/gpg-wks-client.c (aRead): New.
4522 (opts): Add command "--read".
4523 (main): Implement that.
4525 tests: Add a gettime test for sizeof (time_t) > 4.
4526 * common/t-gettime.c (test_isotime2epoch): Add 4 more tests.
4528 2016-07-03 Werner Koch <wk@gnupg.org>
4530 gpg: Avoid spurious failures on keyblocks with no or only deleted nodes.
4531 * g10/import.c (write_keyblock_to_output): Clear ERR on success.
4533 wks: Let the client only export the requested UID.
4534 * tools/gpg-wks-client.c (get_key): Export only the requested uid.
4536 tools: Call sendmail directly from the wks tools.
4537 * tools/send-mail.c, tools/send-mail.h: New.
4538 * tools/wks-util.c: New.
4539 * tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
4540 (gpg_wks_client_SOURCES): Ditto.
4541 * tools/gpg-wks.h (opt): Add fields use_sendmail and output.
4542 * tools/gpg-wks-client.c: Add options --send and --output. Rename
4543 command --send to --create.
4544 (command_send, send_confirmation_response): Output via wks_send_mime.
4545 * tools/gpg-wks-server.c: Add options --send and --output.
4546 (send_confirmation_request): Output via wks_send_mime.
4547 (check_and_publish): Add hack for name-value bug.
4549 2016-07-02 Werner Koch <wk@gnupg.org>
4551 tools: Add options to gpg-wks-server.
4552 * tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
4553 * tools/gpg-wks-server.c (oFrom, oHeader): New.
4554 (parse_arguments): Set them and check args.
4555 (get_submission_address): New.
4556 (send_confirmation_request): Set correct From address. Add extra
4558 (process_new_key): Return an error code.
4560 tools: Extend mime-maker.c:mime_maker_add_header.
4561 * tools/mime-maker.c (add_header): Check header name and allow
4563 (mime_maker_add_header): Add mode for a syntax check.
4565 doc: Describe filter expressions.
4566 * doc/gpg.texi: Remove some superfluous .E.
4567 (FILTER EXPRESSIONS): New.
4569 yat2m: Fix table formatting.
4570 * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the
4571 end of a level 0 table.
4573 2016-07-01 Werner Koch <wk@gnupg.org>
4575 gpg: New option --export-filter.
4576 * g10/gpg.c (oExportFilter): New.
4577 (opts): Add --export-filter.
4578 (main): Handle option.
4579 * g10/export.c: Include recsel.h, init.h, and mbox-util.h.
4580 (export_keep_uid): New global var.
4581 (cleanup_export_globals): New.
4582 (parse_and_set_export_filter): New.
4583 (filter_getval): New.
4584 (apply_keep_uid_filter): New.
4585 (do_export_stream): Apply filter if set.
4587 gpg: New option --import-filter.
4588 * g10/gpg.c (oImportFilter): New.
4589 (opts): Add --import-filter.
4590 (main): Handle option.
4591 * g10/import.c: Include recsel.h, init.h, and mbox-util.h.
4592 (import_keep_uid): New global var.
4593 (cleanup_import_globals): New.
4594 (parse_and_set_import_filter): New.
4595 (filter_getval): New.
4596 (apply_keep_uid_filter): New.
4597 (import_one): Apply filter if set.
4599 gpg: Allow to cache the mbox in a user id struct.
4600 * g10/packet.h (PKT_user_id): Add field 'mbox'.
4601 * g10/free-packet.c (free_user_id): Free that.
4603 gpg: Make sure a user ID packet has always a terminating Nul in memory.
4604 * g10/keygen.c (write_uid): Avoid overflow.
4606 common: Add function to select records etc.
4607 * common/recsel.c, common/recsel.h: New.
4608 * common/t-recsel.c: New.
4610 common: Smart up register_mem_cleanup_func.
4611 * common/init.c (register_mem_cleanup_func): Avoid double registration.
4613 2016-07-01 Justus Winter <justus@g10code.com>
4615 common: Annotate semi-static allocation.
4616 * common/argparse.c (optfile_parse): Allow string arguments to leak.
4618 g10: Fix memory leak.
4619 * g10/keyserver.c (parse_keyserver_uri): Free URI.
4621 tools/gpgtar: Annotate semi-static allocation.
4622 * tools/gpgtar.c (shell_parse_argv): Annotate argument vector as
4625 g10: Fix memory leak.
4626 * g10/import.c (transfer_secret_keys): Release curve from the previous
4629 g10: Fix build with disabled kbnode cache.
4630 * g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode
4633 g10: Fix memory leak.
4634 * g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak.
4636 g10: Fix memory leak.
4637 * g10/keygen.c (keygen_set_std_prefs): Fix memory leak.
4639 Fix trivial memory leaks in tests.
4640 * dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result.
4641 * g10/t-stutter.c (main): Free file name.
4643 2016-06-30 Justus Winter <justus@g10code.com>
4645 tools: Fix trivial memory leak.
4646 * tools/gpg-connect-agent.c (main): Fix trivial memory leak.
4648 g10: Fix memory leak.
4649 * g10/export.c (do_export_stream): Free secret parameters.
4651 g10: Fix memory leak.
4652 * g10/keygen.c (read_parameter_file): Free 'line'.
4654 g10: Fix memory leak.
4655 * g10/sign.c (mk_notation_policy_etc): Free 'mbox'.
4657 common: Fix memory leak.
4658 * g10/textfilter.c (copy_clearsig_text): Free buffer.
4660 common: Fix memory leak.
4661 * common/iobuf.c (iobuf_set_partial_body_length_mode): Only create
4662 context if necessary.
4664 common: Fix memory leak.
4665 * common/simple-pwquery.c (agent_open): Free socket path.
4667 g10: Fix keybox-related memory leaks.
4668 * g10/keydb.c (keydb_release): Clear keyblock cache.
4669 (keydb_get_keyblock): Revert previous change.
4670 * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free
4671 fixups after applying them.
4672 (_keybox_release_blob): Free buffer. Currently, the buffer has been
4673 extracted before the keybox is released, but this is the right thing
4676 g10: Fix memory leak.
4677 * g10/compress.c (release_context): Free buffers.
4679 g10: Fix memory leak.
4680 * g10/sign.c (write_plaintext_packet): Free packet.
4682 g10: Fix memory leak.
4683 * g10/mainproc.c (release_list): Do not exit early if list is NULL,
4684 there are other resources that must be released.
4686 gpgscm: Fix reallocating string ports.
4687 * tests/gpgscm/scheme.c (realloc_port_string): Use memcpy because
4688 Scheme strings may contain 0s.
4690 gpgscm: Free memory backing string ports.
4691 * tests/gpgscm/scheme.c (finalize_cell): Free memory backing string
4694 gpgscm: Use the allocator from libgcrypt.
4695 * tests/gpgscm/main.c (main): Use the allocator from libgcrypt.
4698 * g10/keyedit.c (keyedit_quick_revuid): Fix call to
4699 'check_trustdb_stale'.
4701 2016-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
4703 g10: Implement gpg --quick-revuid.
4704 * g10/revoke.c (get_default_uid_revocation_reason): New.
4705 * g10/keyedit.c (menu_revuid): Break out creation of uid revocation
4706 into new function core_revuid.
4707 * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
4708 uid, invokes core_revuid.
4709 * g10/gpg.c (main): Handle --quick-revuid argument.
4710 * doc/gpg.texi: Document --quick-revuid.
4712 2016-06-29 Werner Koch <wk@gnupg.org>
4714 tools: Add gpg-wks-client and gpg-wks-server.
4715 * configure.ac: Add option --enable-wks-tools
4716 * tools/gpg-wks-client.c: New.
4717 * tools/gpg-wks-server.c: New.
4718 * tools/gpg-wks.h: new.
4719 * tools/wks-receive.c: New.
4720 * tools/call-dirmngr.c, tools/call-dirmngr.h: New.
4722 build: Improve GNUPG_BUILD_PROGRAM macro.
4723 * acinclude.m4 (GNUPG_BUILD_PROGRAM): Allow for dash in options.
4725 tools: Add modules for MIME parsing and creating.
4726 * tools/mime-maker.c: New.
4727 * tools/mime-maker.h: New.
4728 * tools/mime-parser.c: New.
4729 * tools/mime-parser.h: New.
4731 2016-06-28 Justus Winter <justus@g10code.com>
4733 gpgscm: Fix memory leaks.
4734 * tests/gpgscm/ffi-private.h (ffi_schemify_name): Fix prototype.
4735 (ffi_define_function_name): Free schemified name.
4736 (ffi_define_function): Likewise.
4737 (ffi_define_constant): Likewise.
4738 (ffi_define_variable_pointer): Likewise.
4739 * tests/gpgscm/ffi.c (do_wait_processes): Free arrays.
4740 (ffi_schemify_name): Fix type.
4741 * tests/gpgscm/main.c (main): Free 'sc'.
4743 gpgscm: Free file names.
4744 * tests/gpgscm/scheme.c (scheme_load_named_file): Free file name.
4746 gpgscm: Fix buffer overflow.
4747 * tests/gpgscm/scheme.c (store_string): Avoid writing past allocated
4750 g10: Fix memory leaks.
4751 * g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'.
4752 * g10/t-keydb-get-keyblock.c: Fix trivial memory leaks.
4753 * g10/t-keydb.c: Likewise.
4755 common: Fix memory leaks.
4756 * common/ccparray.c (ccparray_put): Free old array.
4757 * common/stringhelp.c (do_make_filename): Free 'home'.
4758 * common/t-convert.c: Fix trivial memory leaks.
4759 * common/t-iobuf.c: Likewise.
4760 * common/t-mbox-util.c: Likewise.
4761 * common/t-name-value.c: Likewise.
4762 * common/t-stringhelp.c: Likewise.
4763 * common/t-strlist.c: Likewise.
4765 2016-06-28 Werner Koch <wk@gnupg.org>
4767 dirmngr: add option to retrieve extra WKS info.
4768 * dirmngr/server.c (cmd_wkd_get): Add option --submission-address.
4770 gpg: Add hack to --quick-gen-key to create Curve25519 keys.
4771 * g10/keygen.c (quick_generate_keypair): Add special algo string
4774 common: New function rfctimestamp.
4775 * common/gettime.c (rfctimestamp): New.
4777 common: Add missing header file for clarity.
4778 * common/zb32.c: Include zb32.h.
4780 2016-06-28 Justus Winter <justus@g10code.com>
4782 tools/gpgtar: Fix handling of '-'.
4783 * tools/gpgtar-extract.c (gpgtar_extract): Use stdin if file is '-'.
4784 * tools/gpgtar-list.c (gpgtar_list): Likewise.
4786 common: Close input stream.
4787 * common/exechelp-posix.c (gnupg_spawn_process): Also close the input
4788 stream in the child.
4790 common: Fix copying data from the spawned child.
4791 Fixes intermittent gpgtar failures.
4793 * common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'.
4794 (gnupg_exec_tool_stream): Loop until all data is copied.
4796 2016-06-28 NIIBE Yutaka <gniibe@fsij.org>
4798 g10: Fix --list-packets.
4799 * g10/gpg.c (main): Call set_packet_list_mode after assignment of
4801 * g10/mainproc.c (do_proc_packets): Don't stop processing with
4802 --list-packets as the comment says.
4803 * g10/options.h (list_packets): Fix the comment.
4804 * g10/parse-packet.c: Fix the condition for opt.list_packets.
4806 2016-06-25 Werner Koch <wk@gnupg.org>
4808 build: Add aclocal macro from pkg-config.
4811 yat2m: Silence lint warnings and fix a printf format bug.
4812 * doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New.
4813 (die, err, inf, xmalloc, xcalloc): New prototypes with attributes.
4814 (get_section_buffer): Take care of !N_SECTIONS.
4815 (proc_texi_cmd): Cast precision format arg.
4816 (proc_texi_buffer): Do not set IN_CMD when not used afterwards.
4818 2016-06-24 Werner Koch <wk@gnupg.org>
4820 gpg: New import option "import-export".
4821 * g10/import.c (parse_import_options): Add option "import-export".
4822 (write_keyblock_to_output): New.
4823 (import_one): Implement option.
4825 2016-06-23 Werner Koch <wk@gnupg.org>
4827 gpg: New import option "import-show".
4828 * g10/options.h (IMPORT_SHOW): New.
4829 * g10/import.c (parse_import_options): Add "import-show".
4830 (import_one): Implement that.
4832 gpg: Do not print the validity after key generation.
4833 * g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
4834 (list_keyblock_print): Take care of it.
4835 (list_keyblock_direct): Add arg NO_VALIDITY.
4836 * g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
4839 common: Fix possible small memory leak in b64dec.c.
4840 * common/b64dec.c (b64dec_finish): Always release TITLE.
4842 2016-06-23 Justus Winter <justus@g10code.com>
4844 tests/openpgp: Fake the system time for the tofu test.
4845 The keys in the tofu test are set to expire on 2016-09-17. Fake the
4846 system time for this test.
4848 This commit includes changes to the old test as well, for those who
4849 need to backport it.
4851 * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines.
4852 * tests/openpgp/tofu.scm: Fake system time.
4853 * tests/openpgp/tofu.test: Likewise.
4855 gpgscm: Handle exceptions in the transformation monad.
4856 * tests/gpgscm/tests.scm (pipe:do): Raise errors.
4857 (tr:spawn): Catch and return errors.
4858 (tr:call-with-content): Likewise.
4859 (tr:{open,write-to,pipe-do,assert-identity,assert-weak-identity}):
4862 tests/openpgp: Improve tests.
4863 * tests/openpgp/multisig.scm: Simplify test.
4864 * tests/openpgp/setup.scm (dearmor): Use pipe.
4866 gpgscm: Add types for special objects.
4867 * tests/gpgscm/scheme.c (enum scheme_types): Add types for boolean,
4868 nil, eof, and the sink object.
4869 (type_to_string): Handle new types.
4870 (scheme_init_custom_alloc): Give special objects a type.
4872 gpgscm: Fix Scheme initialization.
4873 This potentially causes a crash if the garbage collector marks an eof
4876 * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize
4879 2016-06-23 Werner Koch <wk@gnupg.org>
4881 common: Add dedicated private key functions to name-value.c.
4882 * common/name-value.c (struct name_value_container): Add field
4884 (my_error): New. Use instead of gpg_error.
4885 (nvc_new_private_key): New.
4886 (nve_release): Add arg 'private_key_mode'.
4887 (nvc_release): Call nve_release with private_key_mode flag.
4888 (nvc_delete): Ditto.
4889 (_nvc_add): Do no special case "Key:" in non-private_key_mode.
4890 (nvc_get_private_key): Return error in non-private_key_mode.
4891 (nvc_set_private_key): Ditto.
4892 (nvc_parse): Factor all code out to ...
4893 (do_nvc_parse): new. Add arg 'for_private_key'.
4894 (nvc_parse_private_key): New.
4895 * agent/findkey.c (write_extended_private_key): Replace nvc_parse by
4896 nvc_parse_private_key.
4897 (read_key_file): Ditto.
4899 * common/t-name-value.c (private_key_mode): New variable.
4900 (my_nvc_new): New. Replace all callers.
4901 (test_key_extraction): Take mode in account.
4903 (run_modification_tests): Ditto.
4905 (main): Add option --parse and rename --parse to --parse-key.
4907 common: Rename external symbols in name-value.c.
4908 * common/name-value.c, common/name-value.h: Rename symbol prefixes
4909 from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers.
4911 common: Rename private-keys.c to name-value.c.
4912 * common/private-keys.c: Rename to name-value.c.
4913 * common/private-keys.h: Rename to name-value.h. Chage all users.
4914 * common/t-private-keys.c: Rename to t-name-value.c.
4915 * common/Makefile.am: Adjust accordingly.
4917 common: Add PGP armor decoding to b64dec.
4918 * common/b64dec.c (decoder_states): Add new states.
4919 (b64dec_proc): Handle PGP armored format.
4921 2016-06-23 NIIBE Yutaka <gniibe@fsij.org>
4923 g10: Fix regression of card-edit/fetch.
4924 * g10/card-util.c (fetch_url): Call keyserver_fetch instead of
4925 keyserver_import_fprint.
4927 2016-06-21 Justus Winter <justus@g10code.com>
4929 tests/migrations: Convert to Scheme and re-enable.
4930 * configure.ac: Re-enable.
4931 * tests/Makefile.am: Likewise.
4932 * tests/migrations/Makefile.am (TESTS): Use Scheme tests.
4933 * tests/migrations/common.scm: New file.
4934 * tests/migrations/extended-private-key-format.scm: Likewise.
4935 * tests/migrations/from-classic.scm: Likewise.
4936 * tests/migrations/extended-private-key-format.test: Drop file.
4937 * tests/migrations/from-classic.test: Drop file.
4939 gpgscm: Add more file handling functions.
4940 * tests/gpgscm/ffi.c (do_glob): New function.
4941 (ffi_init): Define new function.
4942 * tests/gpgscm/tests.scm (basename-suffix): New function.x
4944 tests/openpgp: Port the remaining tests to Scheme.
4945 * tests/openpgp/Makefile.am (TESTS): Add new tests.
4946 * tests/openpgp/defs.scm (gpg-with-colons): New function.
4947 (get-config): Use new function.
4948 * tests/openpgp/export.scm: New file.
4949 * tests/openpgp/tofu.scm: Likewise.
4951 gpgscm: Improve test framework.
4952 * tests/gpgscm/lib.scm (echo): Move...
4953 * tests/gpgscm/tests.scm (echo): ... here.
4954 (info, error, skip): And use echo here.
4955 (file-exists?): New function.
4956 (tr:spawn): Check that source exists and if the sink has been created.
4957 (tr:call-with-content): Hand in optional arguments.
4959 gpgscm: Use native string searching functions.
4960 * tests/gpgscm/ffi-private.h: Handle character arguments.
4961 * tests/gpgscm/ffi.c (do_string_index): New function.
4962 (do_string_rindex): Likewise.
4963 (do_string_contains): Likewise.
4964 (ffi_init): Define new functions.
4965 * tests/gpgscm/ffi.scm (ffi-define): New macro.
4966 * tests/gpgscm/lib.scm (string-index): Use native function,
4967 demonstrate behavior.
4968 (string-rindex): Likewise.
4969 (string-contains?): Likewise.
4970 Demonstrate behavior of various other functions.
4971 (read-all): Rework so that it can handle large files.
4973 gpgscm: Improve error reporting.
4974 * tests/gpgscm/scheme.c (type_to_string): New function.
4975 (Eval_Cycle): Include actual type in error message.
4977 gpgscm: Make memory allocation failures fatal.
4978 * tests/gpgscm/scheme.c (Eval_Cycle): Exit if we run out of memory.
4980 2016-06-21 Werner Koch <wk@gnupg.org>
4982 sm: Do not install cacert and other root certificates.
4983 * doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and
4984 com-certs.pem to ...
4987 2016-06-20 Werner Koch <wk@gnupg.org>
4989 gpg: Add experimental support for an issuer fpr.
4990 * common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
4991 * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
4992 insert the issuer fpr if needed.
4993 * g10/sign.c (write_signature_packets): Pass signing key.
4994 (make_keysig_packet): Ditto.
4995 (update_keysig_packet): Ditto.
4996 * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
4997 (parse_one_sig_subpkt): Detect issuer fpr.
4998 (can_handle_critical): Add issuer fpr.
4999 * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
5000 * g10/gpgv.c (keyserver_import_fprint): New stub.
5001 * g10/test-stubs.c (keyserver_import_fprint): New stub.
5003 gpg: New option --rfc4880bis.
5004 * g10/options.h (struct opt): Add field flags.rfc4880bis.
5005 * g10/gpg.c (oRFC4880bis): new.
5006 (opts): add --rfc4880bis.
5007 (main): Implement that and print a warning.
5009 2016-06-19 Niibe Yutaka <gniibe@fsij.org>
5011 scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
5012 * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.
5014 2016-06-17 Werner Koch <wk@gnupg.org>
5016 tests: Make make distcheck work again.
5017 * Makefile.am (tests): Remove test code which would led to doubling
5018 calls to for e.g. "make distclean".
5019 * tests/Makefile.am: Typo fixes.
5020 * tests/gpgscm/Makefile.am (EXTRA_DIST): Fix name of License file.
5022 (check): Replace by check-local because check is a standard automake
5024 * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Replace gmake0sim by
5025 automake generated macro.
5026 (EXTRA_DIST): Add defs.scm
5028 gpgscm: Silence compiler warnings.
5029 * tests/gpgscm/scheme.c (mk_integer): Rename arg NUM to N.
5030 (fill_vector): Ditto.
5031 (mark): Rename var NUM to N.
5032 (set_slot_in_env): Mark SC as unused.
5033 (is_any): Mark P as unused.
5035 Add license notices for TinySCHEME.
5036 * tests/gpgscm/COPYING: Rename to ...
5037 * tests/gpgscm/LICENSE.TinySCHEME: this.
5038 * AUTHORS: Add a note about TinySCHEME.
5039 * build-aux/speedo/w32/pkg-copyright.txt: Add TinySCHEME notice.
5041 2016-06-17 Justus Winter <justus@g10code.com>
5043 tests/openpgp: Reimplement tests in Scheme.
5044 * Makefile.am: Build the test infrastructure on Windows.
5045 * tests/openpgp/Makefile.am (required_pgms): Add gpgscm.
5046 (TESTS_ENVIRONMENT): Make sure gpgscm and the libraries are found.
5047 (TESTS): Replace tests with the new Scheme implementations.
5048 * tests/openpgp/4gb-packet.scm: New file.
5049 * tests/openpgp/README: Likewise.
5050 * tests/openpgp/armdetach.scm: Likewise.
5051 * tests/openpgp/armdetachm.scm: Likewise.
5052 * tests/openpgp/armencrypt.scm: Likewise.
5053 * tests/openpgp/armencryptp.scm: Likewise.
5054 * tests/openpgp/armor.scm: Likewise.
5055 * tests/openpgp/armsignencrypt.scm: Likewise.
5056 * tests/openpgp/armsigs.scm: Likewise.
5057 * tests/openpgp/clearsig.scm: Likewise.
5058 * tests/openpgp/conventional-mdc.scm: Likewise.
5059 * tests/openpgp/conventional.scm: Likewise.
5060 * tests/openpgp/decrypt-dsa.scm: Likewise.
5061 * tests/openpgp/decrypt.scm: Likewise.
5062 * tests/openpgp/default-key.scm: Likewise.
5063 * tests/openpgp/defs.scm: Likewise.
5064 * tests/openpgp/detach.scm: Likewise.
5065 * tests/openpgp/detachm.scm: Likewise.
5066 * tests/openpgp/ecc.scm: Likewise.
5067 * tests/openpgp/encrypt-dsa.scm: Likewise.
5068 * tests/openpgp/encrypt.scm: Likewise.
5069 * tests/openpgp/encryptp.scm: Likewise.
5070 * tests/openpgp/finish.scm: Likewise.
5071 * tests/openpgp/genkey1024.scm: Likewise.
5072 * tests/openpgp/gpgtar.scm: Likewise.
5073 * tests/openpgp/import.scm: Likewise.
5074 * tests/openpgp/mds.scm: Likewise.
5075 * tests/openpgp/multisig.scm: Likewise.
5076 * tests/openpgp/run-tests.scm: Likewise.
5077 * tests/openpgp/seat.scm: Likewise.
5078 * tests/openpgp/setup.scm: Likewise.
5079 * tests/openpgp/signencrypt-dsa.scm: Likewise.
5080 * tests/openpgp/signencrypt.scm: Likewise.
5081 * tests/openpgp/sigs-dsa.scm: Likewise.
5082 * tests/openpgp/sigs.scm: Likewise.
5083 * tests/openpgp/use-exact-key.scm: Likewise.
5084 * tests/openpgp/verify.scm: Likewise.
5085 * tests/openpgp/version.scm: Likewise.
5087 tests/gpgscm: Add a TinySCHEME-based test driver.
5088 * configure.ac: Add new component.
5089 * tests/Makefile.am: Likewise.
5090 * tests/gpgscm/Makefile.am: New file.
5091 * tests/gpgscm/ffi-private.h: Likewise.
5092 * tests/gpgscm/ffi.c: Likewise.
5093 * tests/gpgscm/ffi.h: Likewise.
5094 * tests/gpgscm/ffi.scm: Likewise.
5095 * tests/gpgscm/lib.scm: Likewise.
5096 * tests/gpgscm/main.c: Likewise.
5097 * tests/gpgscm/private.h: Likewise.
5098 * tests/gpgscm/repl.scm: Likewise.
5099 * tests/gpgscm/scheme-config.h: Likewise.
5100 * tests/gpgscm/t-child.c: Likewise.
5101 * tests/gpgscm/t-child.scm: Likewise.
5102 * tests/gpgscm/tests.scm: Likewise.
5104 tests/gpgscm: Foreign objects support for TinySCHEME.
5105 * tests/gpgscm/scheme-private.h (struct cell): Add 'foreign_object'.
5106 (is_foreign_object): New prototype.
5107 (get_foreign_object_{vtable,data}): Likewise.
5108 * tests/gpgscm/scheme.c (enum scheme_types): New type.
5109 (is_foreign_object): New function.
5110 (get_foreign_object_{vtable,data}): Likewise.
5111 (mk_foreign_object): Likewise.
5112 (finalize_cell): Free foreign objects.
5113 (atom2str): Pretty-print foreign objects.
5114 (vtbl): Add new functions.
5115 * tests/gpgscm/scheme.h (struct foreign_object_vtable): New type.
5116 (mk_foreign_object): New prototype.
5117 (struct scheme_interface): Add new functions.
5119 Patch from Thomas Munro,
5120 https://sourceforge.net/p/tinyscheme/patches/13/
5122 tests/gpgscm: Dynamically allocate string buffer.
5123 * tests/gpgscm/scheme-config.h (strbuff{,_size}): Make buffer dynamic.
5124 * tests/gpgscm/scheme.c (expand_strbuff): New function.
5125 (putcharacter): Adapt length test.
5126 (readstrexp): Expand buffer if necessary.
5127 (scheme_init_custom_alloc): Initialize buffer.
5128 (scheme_deinit): Free buffer.
5130 Patch from Thomas Munro,
5131 https://sourceforge.net/p/tinyscheme/patches/11/
5133 tests/gpgscm: Make exception value available.
5134 * tests/gpgscm/init.scm (throw): Hand exception value to the handler.
5135 (catch): And bind it to *error*.
5137 tests/gpgscm: Add package macro.
5138 * tests/gpgscm/init.scm: Add package macro from manual.
5140 tests/gpgscm: Expose function to open streams as Scheme ports.
5141 * tests/gpgscm/scheme.c (vtbl): Add 'port_from_file' to the vtable.
5142 * tests/gpgscm/scheme.h (struct scheme_interface): New field
5143 'mk_port_from_file'.
5145 tests/gpgscm: Nicer error message.
5146 * tests/gpgscm/scheme.c (opexe_0): Include the value that we tried to
5147 evaluate as function-like in the error message.
5149 tests/gpgscm: Fix error hook.
5150 * tests/gpgscm/init.scm (*error-hook*): Fix error hook so that the
5151 whole error message is displayed.
5153 tests/gpgscm: Handle unhandled enumeration values.
5154 * tests/gpgscm/scheme.c (opexe_{3,4}): Handle unhandled enumeration
5155 values in the opcode dispatching code.
5157 tests/gpgscm: Verbatim import of latest TinySCHEME.
5158 Revision 110 from svn://svn.code.sf.net/p/tinyscheme/code/trunk
5160 * tests/gpgscm/COPYING: New file.
5161 * tests/gpgscm/Manual.txt: Likewise.
5162 * tests/gpgscm/init.scm: Likewise.
5163 * tests/gpgscm/opdefines.h: Likewise.
5164 * tests/gpgscm/scheme-private.h: Likewise.
5165 * tests/gpgscm/scheme.c: Likewise.
5166 * tests/gpgscm/scheme.h: Likewise.
5168 2016-06-17 Werner Koch <wk@gnupg.org>
5170 scd: Make option --homedir work.
5171 * scd/scdaemon.c (opts): Add --homedir.
5173 2016-06-16 Werner Koch <wk@gnupg.org>
5177 2016-06-16 Yuri Chornoivan <yurchor@ukr.net>
5179 po: Update Ukrainian translation.
5181 2016-06-16 Ineiev <ineiev@gnu.org>
5183 po: Update Russian translation.
5185 2016-06-16 Werner Koch <wk@gnupg.org>
5187 po: Update German translation.
5189 Add missing files so that make distcheck works again,
5190 * tests/openpgp/Makefile.am (CLEANFILES): Add created file
5192 * tools/Makefile.am (EXTRA_DIST): Add no-libgcrypt.c.
5194 tools: Fix typo in function name of symcryptrun.
5195 * tools/symcryptrun.c (main): Fix typo.
5197 2016-06-15 Niibe Yutaka <gniibe@fsij.org>
5199 g10: Fix another race condition for trustdb access.
5200 * g10/tdbio.c (create_version_record): Call create_hashtable to always
5201 make hashtable, together with the version record.
5202 (get_trusthashrec): Remove call to create_hashtable.
5204 2016-06-14 Werner Koch <wk@gnupg.org>
5206 gpg: Print the subkey's curve and not the primary key curve.
5207 * g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve.
5209 ldap: Improve info output for v3 fallback.
5210 * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an
5211 unprotected section. Replace log_debug by log_info in verbose mode.
5213 2016-06-14 Andre Heinecke <aheinecke@intevation.de>
5215 dirmngr: Try ldap protocol V3 as fallback.
5216 * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case
5217 default Protocol gives error.
5219 dirmngr: Print ldap error if bind fails.
5220 * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind
5223 2016-06-14 Werner Koch <wk@gnupg.org>
5225 gpgsm: Allow ciphers AES192 and SERPENT256.
5226 * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256.
5228 doc: Add files and envvars to a new index.
5229 * doc/gnupg.texi: Define new index "ef".
5230 (Environment Index): New.
5232 gpg: Avoid endless loop in a tofu error case.
5233 * g10/tofu.c (get_trust): Do not jump to out.
5235 gpg: Split tofu's get_trust function into several smaller ones.
5236 * g10/tofu.c (get_trust): Factor code out to ...
5237 (format_conflict_msg_part1): new and to ...
5238 (ask_about_binding): new.
5240 2016-06-13 Werner Koch <wk@gnupg.org>
5242 gpg: Un-deprecate option --auto-key-retrieve.
5243 * g10/gpg.c (main): Remove deprecation warning.
5245 gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
5246 * g10/gpg.c (oDisableSignerUID): New.
5247 (opts): New option '--disable-signer-uid'.
5249 * g10/options.h (opt): Add field flags.disable_signer_uid.
5250 * g10/sign.c: Include mbox-util.h.
5251 (mk_notation_policy_etc): Embed the signer's uid.
5252 * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
5253 retrieval if --disable-signer-uid is used.
5255 gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
5256 * g10/packet.h (PKT_signature): Add field 'signers_uid'.
5257 * g10/parse-packet.c (parse_signature): Set this field.
5258 * g10/free-packet.c (free_seckey_enc): Free field.
5259 (copy_signature): Copy field.
5260 * g10/mainproc.c (akl_has_wkd_method): New.
5261 (check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
5262 locate a missing key via the signature's Signer's User ID sub-packet.
5263 Do this right before trying a keyserver lookup.
5265 2016-06-11 Werner Koch <wk@gnupg.org>
5267 gpg: Remove C-99ism, re-indent, and simplify one function.
5268 * g10/call-agent.c (struct keyinfo_data): Rename to
5269 keyinfo_data_parm_s.
5270 (agent_get_keyinfo): Replace C-99 style init.
5271 (keyinfo_status_cb): Use new fucntion split_fields.
5272 * g10/export.c (match_curve_skey_pk): Add missings returns error
5274 (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
5276 common: New function split_fields.
5277 * common/stringhelp.c (split_fields): New.
5278 * common/t-stringhelp.c: Include assert.h.
5279 (test_split_fields): New.
5282 2016-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
5284 g10: Export cleartext keys as cleartext.
5285 * g10/export.c (do_export_stream): If a key is stored by the agent in
5286 cleartext, then try to export it as cleartext.
5287 * tests/openpgp/export.test: For secret keys that are stored in
5288 cleartext, test should try to export without pinentry interaction.
5290 g10: Allow receiving cleartext secret keys from agent.
5291 * g10/export.c (match_curve_skey_pk): New function, testing whether an
5292 OpenPGP public key and an S-expression use the same curve.
5293 * g10/export.c (cleartext_secret_key_to_openpgp): New function,
5294 filling in the secret key parameters of a PKT_public_key object from
5295 a corresponding cleartext S-expression.
5296 * g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
5297 parameter, enabling retrieval of the secret key, unlocked.
5298 * g10/export.c (do_export_stream): Send cleartext as 0, keeping current
5300 * g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
5301 that smartcard backups are all passphrase-locked.
5303 g10: Add openpgp_protected flag to agent secret key export functions.
5304 * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
5305 openpgp_protected flag.
5306 * g10/export.c (receive_seckey_from_agent): Request openpgp_protected
5307 secret keys from agent.
5308 * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
5309 brief description of the effect of --openpgp.
5311 g10: report whether key in agent is passphrase-protected or not.
5312 * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
5313 r_cleartext parameter to report whether a key is stored without
5314 passphrase protection.
5315 * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
5317 * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
5318 g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
5319 need to know whether agent is passphrase-protected.
5321 2016-06-08 Werner Koch <wk@gnupg.org>
5323 Explicitly restrict socket permissions.
5324 * agent/gpg-agent.c (create_server_socket): Call chmod before listen.
5325 * scd/scdaemon.c (create_server_socket): Ditto.
5326 * dirmngr/dirmngr.c (main): Ditto.
5328 w32: Fix recent build regression.
5329 * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
5331 * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir.
5333 * agent/gpg-agent.c (remove_socket): Remove unused var P.
5334 * scd/scdaemon.c (cleanup): Ditto.
5336 gpgconf: New commands --create-socketdir and --remove-socketdir.
5337 * tools/gpgconf.c: Include unistd.h.
5338 (aCreateSocketDir, aRemoveSocketDir): New.
5339 (opts): Add --create-socketdir and --remove-socketdir.
5340 (main): Implement them.
5342 Implement /run/user/UID/gnupg based sockets.
5343 * common/homedir.c: Include sys/stat.h and zb32.h.
5344 (w32_portable_app, w32_bin_is_bin): Change type from int to byte.
5345 (non_default_homedir): New.
5346 (is_gnupg_default_homedir): New.
5347 (default_homedir): Set non_default_homedir.
5348 (gnupg_set_homedir): Set non_default_homedir and make
5349 the_gnupg_homedir and absolute directory name.
5350 (gnupg_homedir): Return an absolute directory name.
5351 (_gnupg_socketdir_internal): New.
5352 (gnupg_socketdir): Implement /run/user/ based sockets.
5353 * tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
5354 make_filename by xstrdup.
5355 * tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
5357 gpgconf: Add option --homedir.
5358 * tools/gpgconf.c (opts): Add --homedir.
5359 (main): Set homedir.
5361 Do not use no-libgcrypt dummy for tools.
5362 * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c.
5363 (gpgconf_LDADD): Add LIBGCRYPT_LIBS.
5364 (gpg_connect_agent_LDADD): Ditto.
5365 (gpgtar_LDADD): Ditto.
5366 * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto.
5367 (t_common_ldadd): Ditto. Remove no-libgcrypt.o.
5369 Do not try to remove the enclosing directory of sockets.
5370 * agent/gpg-agent.c (remove_socket): Do not remove the enclosing
5372 * scd/scdaemon.c (cleanup): Ditto.
5374 2016-06-07 Werner Koch <wk@gnupg.org>
5376 common: New function gnupg_socketdir.
5377 * common/homedir.c (gnupg_socketdir): New.
5378 * agent/gpg-agent.c (create_socket_name): Use new function instead of
5380 (check_own_socket): Ditto.
5381 (check_for_running_agent): Ditto.
5382 * agent/preset-passphrase.c (main): Ditto.
5383 * common/asshelp.c (start_new_gpg_agent): Ditto.
5384 * scd/scdaemon.c (create_socket_name): Ditto.
5385 * tools/gpgconf.c (main): Ditto.
5386 * tools/symcryptrun.c (main): Ditto.
5388 common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
5389 * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
5390 favor of gnupg_homedir (). Change all callers.
5391 (start_new_dirmngr): Ditto.
5392 * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
5395 Replace use of opt.homedir by accessor functions.
5396 * common/homedir.c (the_gnupg_homedir): New var.
5397 (gnupg_set_homedir): New.
5398 (gnupg_homedir): New.
5399 * g10/options.h (struct opt): Remove 'homedir' and replace all users
5400 by the new accessor functions.
5401 * g13/g13-common.h (struct opt): Ditto.
5402 * scd/scdaemon.h (struct opt): Ditto.
5403 * sm/gpgsm.h (struct opt): Ditto.
5404 * dirmngr/dirmngr.h (struct opt): Ditto.
5405 * agent/preset-passphrase.c (opt_homedir): Ditto.
5406 * agent/protect-tool.c (opt_homedir): Ditto.
5408 2016-06-07 NIIBE Yutaka <gniibe@fsij.org>
5410 po: Update Japanese translation.
5412 gpg: Fix command line parsing of --quick-addkey and --quick-gen-key.
5413 * g10/gpg.c (main): Compose a block by curly braces.
5415 2016-06-06 Werner Koch <wk@gnupg.org>
5417 gpg: Use --keyid-format=none by default.
5418 * g10/gpg.c (main): Init keyid_format to KF_NONE.
5419 * g10/keyid.c (format_keyid): Ditto.
5422 gpg: Add option --with-subkey-fingerprint.
5423 * g10/gpg.c (oWithSubkeyFingerprint): New.
5424 (opts): Add --with-subkey-fingerprint[s].
5425 (main): Set that option.
5426 * g10/options.h (struct opt): Add 'with_subkey_fingerprint'.
5427 * g10/keylist.c (list_keyblock_print): Print subkey fingerprint.
5428 (print_fingerprint): Tweak printing to use compact format if
5431 gpg: Implement --keyid-format=none.
5432 * g10/gpg.c (main): Add option "none" to --keyid-format.
5433 * g10/options.h (KF_NONE): New.
5434 * g10/keyid.c (format_keyid): Implement that.
5435 (keystr): Use format "long" is KF_NONE is in use.
5436 (keystr_with_sub): Ditto.
5437 * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
5438 Factor some code out to ...
5439 (print_key_line): new.
5440 (print_fingerprint): Add mode 20.
5441 * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
5442 flags.primary in the PK. Fix putting a " revoked..." string into the
5444 * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
5445 slightly changes the putput format.
5446 * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
5447 also put "expires: " into the output.
5449 2016-06-04 Werner Koch <wk@gnupg.org>
5451 w32: Require --enable-build-timestamp for the BUILD_HOSTNAME.
5452 * configure.ac (BUILD_HOSTNAME): Set to "<anon>" bey default.
5453 * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add
5454 --enable-build-timestamp.
5456 2016-06-02 Werner Koch <wk@gnupg.org>
5458 gpg: Add the fingerprint to KEY_CREATED for subkeys.
5459 * g10/keygen.c (print_status_key_created): Make more robust by
5460 allowing a NULL for PK.
5461 (generate_subkeypair): Use print_status_key_created.
5462 (generate_card_subkeypair): Ditto.
5464 gpg: Try to use the passphrase from the primary for --quick-addkey.
5465 * agent/command.c (cmd_genkey): Add option --passwd-nonce.
5466 (cmd_passwd): Return a PASSWD_NONCE in verify mode.
5467 * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
5468 not send a RESET if given.
5469 (agent_passwd): Add arg 'verify'.
5470 * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
5471 (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
5472 (generate_subkeypair): Use sepeare hexgrip var for the to be created
5473 for hexgrip feature. Verify primary key first. Make use of the
5474 passwd nonce. Allow for a static passphrase.
5476 gpg: Extend the --quick-gen-key command.
5477 * g10/keygen.c (quickgen_set_para): Add arg 'use'.
5478 (quick_generate_keypair): Add args 'algostr', 'usagestr', and
5479 'expirestr'. Implement primary only key mode.
5480 (parse_algo_usage_expire): Set NBITS for the default algo.
5481 * g10/gpg.c (main): Extend --quick-gen-key command.
5483 gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
5484 * g10/keygen.c (parse_usagestr): Allow "cert".
5485 (generate_subkeypair): Factor expire parsing out to ...
5486 (parse_subkey_algostr_usagestr): here. Rename to ...
5487 (parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for
5488 primary key and check that it is not set for subkeys.
5490 gpg: New command --quick-addkey.
5491 * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
5492 (ask_keysize): Factor code out to ...
5493 (get_keysize_range, fixup_keysize): new.
5494 (parse_parameter_usage): Factor parsing out to ...
5495 (parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
5496 (parse_subkey_algostr_usagestr): New.
5497 (generate_subkeypair): Add new args. Implement unattended mode.
5499 * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
5500 (find_by_primary_fpr): new.
5501 (keyedit_quick_addkey): New.
5502 * g10/gpg.c (aQuickAddKey): New.
5503 (opts): Add --quick-addkey.
5506 gpg: Do not abort on certain invalid packets.
5507 * g10/build-packet.c (write_fake_data): Check for non-opaque data.
5508 * g10/seskey.c (do_encode_md): Return NULL instead of abort.
5510 common: New function openpgp_is_curve_supported.
5511 * common/openpgp-oid.c: Include openpgpdefs.h.
5512 (oidtable): Add field pubkey_algo.
5513 (openpgp_is_curve_supported): New.
5515 2016-06-01 NIIBE Yutaka <gniibe@fsij.org>
5517 g10: Allow User ID length >= 256.
5518 * build-packet.c (do_user_id): Call write_header2 with HDRLEN not set.
5520 2016-05-31 Werner Koch <wk@gnupg.org>
5522 gpg: New status code NOTATION_FLAGS.
5523 * common/status.h (STATUS_NOTATION_FLAGS: New.
5524 * g10/packet.h (struct notation): Add flags.human.
5525 (notation_t): New typedef.
5526 * g10/build-packet.c (sig_to_notation): Set flags.human.
5527 * g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
5529 2016-05-28 Werner Koch <wk@gnupg.org>
5531 common: Add a status callback to gnupg_exec_tool_stream.
5532 * common/exectool.h (exec_tool_status_cb_t): New.
5533 * common/exectool.c: Include missing exectool.h.
5534 (read_and_log_buffer_t): Replace array by pointer.
5535 (gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'.
5536 Change all callers to pass NULL for them. Malloc buffer for
5538 (read_and_log_stderr): Implement status_fd feature.
5540 2016-05-27 Werner Koch <wk@gnupg.org>
5542 common: Allow a second input stream for gnupg_exec_tool_stream.
5543 * common/exechelp-posix.c (do_exec): Add arg 'except' and pass to
5545 (gnupg_spawn_process): Add arg 'except'. Change callers to pass NULL
5547 * common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'.
5548 * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
5549 * common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK.
5550 (gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass
5551 NULL for it. Allow NULL for OUTPUT.
5553 common: Simplify the fd closing patch 512c56a.
5554 * common/exechelp-posix.c (get_max_fds): Use /proc/self.
5556 common: Speedup closing fds before an exec.
5557 * common/exechelp-posix.c [__linux__]: Include dirent.h.
5558 (get_max_fds) [__linux__]: Return the actual used highest fd.
5560 tools: Improve debug output of rfc822parse.
5561 * tools/rfc822parse.c (show_event): Add missing events.
5563 build: Remove obsolete tests for funopen and fopencookie.
5564 * configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
5566 common: Extend gnupg_create_inbound_pipe et al.
5567 * common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
5569 (gnupg_create_outbound_pipe): Ditto.
5570 * common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
5571 functional args 'r_fp' and 'nonblock'.
5572 (gnupg_create_outbound_pipe): Ditto.
5573 * common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
5574 (gnupg_create_outbound_pipe): Ditto.
5576 common: Make use of default_errsource in exechelp.
5577 * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
5578 Use them instead of gpg_error and gpg_error_from_syserror.
5579 (create_pipe_and_estream): Remove arg ERRSOURCE and fix use of
5580 OUTBOUND which has a wrong name. Adjust callers.
5581 (gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of
5583 * common/exechelp-w32.c (gnupg_spawn_process): Ditto.
5584 * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
5585 * common/exectool.c (gnupg_exec_tool_stream): Do not pass
5586 GPG_ERROR_FROM_SYSERROR.
5587 * tools/gpgconf-comp.c (gc_component_check_options): Ditto.
5588 (retrieve_options_from_program): Ditto.
5590 gpg: Keep current and total of PROGESS status lines small enough.
5591 * g10/progress.c (progress_filter): Factor status wrote out to...
5592 (write_status_progress): New. Scale values down.
5594 2016-05-27 NIIBE Yutaka <gniibe@fsij.org>
5596 configure: Detection of libusb on FreeBSD.
5597 * configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB.
5599 2016-05-25 Werner Koch <wk@gnupg.org>
5601 build: Switch to new URL for swdb.lst.
5603 2016-05-24 Werner Koch <wk@gnupg.org>
5605 gpgtar: Simplify code by using ccparray.
5606 * tools/gpgtar-create.c (gpgtar_create): Use ccparray functions.
5607 * tools/gpgtar-extract.c (gpgtar_extract): Ditto.
5608 * tools/gpgtar-list.c (gpgtar_list): Ditto.
5610 common: Add simple dynamic array function.
5611 * common/ccparray.c: New.
5612 * common/ccparray.h: New.
5613 * common/t-ccparray.c: New.
5614 * common/Makefile.am (common_sources): Add files.
5615 (module_tests): Add test file.
5616 (t_ccparray_LDADD): New.
5618 2016-05-23 Justus Winter <justus@g10code.com>
5620 tests: Test the pinentry interactions when exporting keys.
5621 * tests/openpgp/export.test: Test pinentry interactions.
5623 tests: Add support for a passphrase queue to fake pinentry.
5624 * tests/openpgp/fake-pinentry.c (get_passphrase): New function.
5625 (main): Add option --passphrasefile and read passphrases from it.
5627 tests: Add logging to fake pinentry.
5628 * tests/openpgp/fake-pinentry.c (log_stream): New variable.
5629 (reply): New function.
5630 (spacep,skip_options,option_value): Copy from common.
5631 (main): Parse arguments, add --logfile option, write logfile.
5633 tests: Add export test.
5634 * tests/openpgp/Makefile.am (TESTS): Add new file.
5635 * tests/openpgp/export.test: New file.
5637 2016-05-21 Werner Koch <wk@gnupg.org>
5639 gpg: Speed up key listing in Tofu mode.
5640 * g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra
5641 lookup of the public key by fingerrpint.
5642 (tofu_register): Pass PK to get_trust.
5643 (tofu_get_validity): Ditto.
5645 *g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
5647 gpg: Avoid name spaces clash with future sqlite versions.
5648 * g10/sqlite.c: Rename to gpgsql.c. Change function prefixes to
5650 * g10/sqlite.h: Rename to gpgsql.h.
5651 * g10/tofu.c: Adjust for changes.
5653 gpg: Explicitly close a combined Tofu DB.
5654 * g10/tofu.c (tofu_closedbs): Close combined DB.
5656 gpg: Store the Tofu meta handle for databases in CTRL.
5657 * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
5658 (struct server_control_s): Add field tofu.dbs.
5659 * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by
5661 (opendbs): Add arg CTRL. Cache the DBS in CTRL.
5662 (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL.
5663 (tofu_register): Add arg CTRL. Change all callers. Do not call
5665 (tofu_get_validity): Ditto.
5666 (tofu_set_policy): Ditto.
5667 (tofu_get_policy): Ditto.
5668 (tofu_set_policy_by_keyid): Add arg CTRL.
5669 * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.
5671 gpg: Pass CTRL object down to the trust functions.
5673 gpg: Fix the TOFU_STATS_LONG status.
5674 * g10/tofu.c (show_statistics): Print TOFU STATS with formatting
5677 2016-05-19 Werner Koch <wk@gnupg.org>
5679 gpg: Print "[ never ]" instead of err for validity.
5680 * g10/trust.c (uid_trust_string_fixed): Handle NEVER.
5682 2016-05-18 Werner Koch <wk@gnupg.org>
5684 dirmngr: Adjust the WKD lookup to specs version -01.
5685 * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
5688 2016-05-17 Werner Koch <wk@gnupg.org>
5690 gpg: Emit new status line KEY_CONSIDERED.
5691 * common/status.h (STATUS_KEY_CONSIDERED): New.
5692 * g10/getkey.c: Include status.h.
5693 (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
5694 (finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
5695 set flag. Check a requested usage before checking for expiraion or
5697 (print_status_key_considered): New.
5698 (lookup): Print new status.
5700 2016-05-11 NIIBE Yutaka <gniibe@fsij.org>
5702 g10: Fix signature checking.
5703 * g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
5706 2016-05-10 Werner Koch <wk@gnupg.org>
5708 gpg: Allow unattended deletion of secret keys.
5709 * agent/command.c (cmd_delete_key): Make the --force option depend on
5710 --disallow-loopback-passphrase.
5711 * g10/call-agent.c (agent_delete_key): Add arg FORCE.
5712 * g10/delkey.c (do_delete_key): Pass opt.answer_yes to
5715 2016-05-09 Werner Koch <wk@gnupg.org>
5717 gpg: Fix buglet in the check_all_keysigs function.
5718 * g10/keyedit.c (sig_comparison): Actually compare the pubkey
5721 gpg: Request a "save" after cmd "check" fixed something.
5722 * g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
5724 2016-05-09 NIIBE Yutaka <gniibe@fsij.org>
5726 po: Update Japanese translation.
5728 2016-05-04 Werner Koch <wk@gnupg.org>
5732 speedo,w32: Remove the installation directory page.
5733 * build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove.
5735 gpg: Fix const char pointer mismatch with gettext.
5736 * g10/tofu.c (get_trust): Use const char *.
5738 speedo: Build sqlite with static-libgcc.
5739 * build-aux/speedo/patches/sqlite.patch: New.
5740 * Makefile.am (EXTRA_DIST): Add file.
5742 speedo: Also try patch files w/o version number.
5743 * build-aux/speedo.mk (SPKG_template): Try such a patch file.
5745 2016-05-04 Andre Heinecke <aheinecke@intevation.de>
5747 speedo,w32: Install sqlite.
5748 * build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New.
5750 speedo,w32: Fix uninstallation.
5751 * build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and
5754 speedo,w32: Install localisation.
5755 * build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n.
5756 (-un.libgpg-error, -un.gnupg): Uninstall l10n files.
5758 2016-05-04 Werner Koch <wk@gnupg.org>
5760 tests: Disable the migrations tests.
5761 * tests/Makefile.am (SUBDIRS): Remove migrations.
5762 * configure.ac (AC_CONFIG_FILES): Remove migrations Makefile.
5764 2016-05-04 Ineiev <ineiev@gnu.org>
5766 po: Update Russian translation.
5768 2016-05-04 Werner Koch <wk@gnupg.org>
5770 po: Update German translation.
5772 Some minor string changes and fixed a printf format.
5773 * g10/build-packet.c (notation_value_to_human_readable_string): Use
5776 build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
5777 * build-aux/config.guess: Update.
5778 * build-aux/config.sub: Update.
5780 agent: Make --allow-loopback-pinentry the default.
5781 * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
5782 (opts): Add --no-allow-loopback-pinentry. Hide
5783 description of --allow-loopback-pinentry.
5784 (parse_rereadable_options): Set opt.allow_loopback_pinentry by
5786 (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
5787 in the gpgconf list.
5788 * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
5790 2016-05-03 Werner Koch <wk@gnupg.org>
5792 common: Print https URLs in help messages.
5793 * common/argparse.c (strusage): Print https URLS.
5795 tests: Silence output of some tests.
5796 * common/t-exechelp.c (print_open_fds): Silence non-verbose output.
5797 (test_close_all_fds): Ditto.
5798 * common/t-session-env.c (show_stdnames): Indent output.
5799 * g10/test.c (TEST): Silence non-verbose okay output.
5800 (exit_tests): Ditto.
5801 * tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
5802 * tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
5803 * tests/openpgp/mds.test: Indent MD5 notice.
5804 * tests/openpgp/version.test: Indent --version output.
5806 gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
5807 * g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
5808 (FULL_TRUST_THRESHOLD): New.
5809 (write_stats_status): New.
5810 (show_statistics): Call new function. Print TOFU_STATS_LONG.
5812 2016-05-02 Werner Koch <wk@gnupg.org>
5814 gpg: Extend TRUST_foo status lines with the trust model.
5815 * g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
5816 * g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg
5817 "model" and change callers to call with OPT.TRUST_MODEL.
5818 * g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
5819 * g10/pkclist.c (write_trust_status): New.
5820 (check_signatures_trust): Call new function.
5822 gpg: Improve line wrapping for a tofu message.
5823 * g10/tofu.c (time_ago_str): Mark non-breakable spaces.
5824 (show_statistics): Remove marks.
5826 gpg: Re-format some tofu messages.
5827 * common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
5828 (STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
5829 * g10/tofu.c (NO_WARNING_THRESHOLD): New.
5830 (record_binding, tofu_register): Take care of --dry-run.
5831 (show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
5832 Fix the ngettext/strcmp thing. Use log_string instead of log_info.
5833 Use NO_WARNING_THRESHOLD constant.
5834 (get_trust): Use format_text and print a compact fingerprint.
5836 2016-05-02 NIIBE Yutaka <gniibe@fsij.org>
5838 scd: More fix of error return path.
5839 * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
5842 2016-04-29 Werner Koch <wk@gnupg.org>
5844 common: Extend log_string to indent lines.
5845 * common/logging.c (do_logv): Add indentation when called via
5848 gpg: Factor some code code out of tofu.c.
5849 * g10/tofu.c (string_to_long): New.
5850 (string_to_ulong): New.
5851 (get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
5852 (get_single_long_cb): Ditto.
5853 (signature_stats_collect_cb): Ditto.
5854 (get_policy): Ditto.
5855 (show_statistics): Ditto. Uese es_free instead of free.
5857 gpg: Remove all assert.h and s/assert/log_assert/.
5859 common: Improve log_assert.
5860 * common/logging.c (bug_at): Do not i18n the string.
5862 * common/logging.h (log_assert): Use new function and pass line
5865 2016-04-28 NIIBE Yutaka <gniibe@fsij.org>
5867 scd: Fix error return path.
5868 * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
5869 Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.
5871 2016-04-27 NIIBE Yutaka <gniibe@fsij.org>
5873 scd: Fix memory leaks.
5874 * scd/ccid-driver.c (scan_or_find_usb_device): Return on
5875 LIBUSB_ERROR_NO_MEM. Free CONFIG before return except on error.
5876 (scan_or_find_devices): Free device list.
5878 2016-04-27 Werner Koch <wk@gnupg.org>
5880 gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
5881 * g10/getkey.c (parse_auto_key_locate): Add method "wkd".
5882 (get_pubkey_byname): Implement that method. Also rename a variable.
5883 * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
5884 * g10/keyserver.c (keyserver_import_wkd): New.
5885 * g10/test-stubs.c (keyserver_import_wkd): Add stub.
5886 * g10/gpgv.c (keyserver_import_wkd): Ditto.
5887 * g10/options.h (opt): Add field 'with_wkd_hash'.
5890 * g10/gpg.c (oWithWKDHash): New.
5891 (opts): Add option --with-wkd-hash.
5892 (main): Set that option.
5893 * g10/keylist.c (list_keyblock_print): Implement that option.
5895 dirmngr: Add experimental command WKD_GET.
5896 * dirmngr/server.c (cmd_wkd_get): New.
5897 (register_commands): Add command WKD_GET.
5899 dirmngr: Use system provided root CAs with KS_FETCH.
5900 * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
5902 2016-04-26 Werner Koch <wk@gnupg.org>
5904 http: Allow to request system defined CAs for TLS.
5905 * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
5906 * dirmngr/http.c (http_session_new): Add arg "flags".
5907 * dirmngr/ks-engine-hkp.c (send_request): Use new flag
5908 HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
5909 * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
5910 * dirmngr/t-http.c (main): Ditto.
5912 2016-04-25 Werner Koch <wk@gnupg.org>
5914 common: Minor fixes for the new private-keys.c.
5915 * common/private-keys.c (my_error_from_syserror): New. Use it in
5916 place of gpg_error_from_syserror.
5917 (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
5918 (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
5920 (_pkc_add): Add braces around if-statement.
5922 common: Use new function to print a failure of xtrymalloc.
5923 * common/miscellaneous.c (xoutofcore): New.
5924 * common/strlist.c (append_to_strlist): Use instead of abort.
5925 (append_to_strlist_try): Use xtrymalloc instead of xmalloc.
5927 2016-04-21 Justus Winter <justus@g10code.com>
5929 common: Add support for the new extended private key format.
5930 * agent/findkey.c (write_extended_private_key): New function.
5931 (agent_write_private_key): Detect if an existing file is in extended
5932 format and update the key within if it is.
5933 (read_key_file): Handle the new format.
5934 * agent/keyformat.txt: Document the new format.
5935 * common/Makefile.am: Add the new files.
5936 * common/private-keys.c: New file.
5937 * common/private-keys.h: Likewise.
5938 * common/t-private-keys.c: Likewise.
5939 * common/util.h (alphap, alnump): New macros.
5940 * tests/migrations: Add test demonstrating that we can cope with the
5943 common: Add 'free_strlist_wipe' which wipes memory.
5944 * common/strlist.c (free_strlist_wipe): New function.
5945 * common/strlist.h (free_strlist_wipe): New prototype.
5947 common: Add 'append_to_strlist_try' which can fail.
5948 * common/strlist.c (append_to_strlist): Use the new function.
5949 (append_to_strlist_try): New function.
5950 * common/strlist.h (append_to_strlist_try): New prototype.
5952 agent: Convert key format document to org.
5953 * agent/keyformat.txt: Convert to org mode.
5955 tests: Make migration test more robust and silent.
5956 * tests/migrations/from-classic.test: Fix in-tree build, silence test.
5958 2016-04-21 Werner Koch <wk@gnupg.org>
5960 w32: Use --enable-gpg2-is-gpg by default.
5961 * autogen.rc: Add option also for plain Windows.
5963 w32: Replace libiconv DLL by iconv feature of libgpg-error.
5964 * configure.ac: Do nor require libiconv for W32.
5965 * common/utf8conv.c [W32]: Do not incluce iconv.h. Request
5966 libgpg-error iconv macros.
5967 (jnlib_iconv): Use ICONV_CONST macro.
5968 * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
5969 * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
5971 2016-04-20 Justus Winter <justus@g10code.com>
5973 agent: Sanitize permissions of the private key directory.
5974 * agent/gpg-agent.c (create_private_keys_directory): Set permissions.
5975 * common/sysutils.c (modestr_to_mode): New function.
5976 (gnupg_mkdir): Use new function.
5977 (gnupg_chmod): New function.
5978 * common/sysutils.h (gnupg_chmod): New prototype.
5979 * tests/migrations/from-classic.test: Test migration with existing
5982 tests: Test the migration from a classic GnuPG home directory.
5983 * configure.ac: Add new directory.
5984 * tests/Makefile.am (SUBDIRS): Likewise.
5985 * tests/migrations/Makefile.am: New file.
5986 * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise.
5987 * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise.
5988 * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise.
5989 * tests/migrations/from-classic.test: Likewise.
5991 2016-04-20 Werner Koch <wk@gnupg.org>
5993 speedo: Use swdb.lst to define the SQLite version.
5994 * build-aux/speedo.mk: Change sqlite to use our mirror and the
5996 * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
5999 2016-04-19 Werner Koch <wk@gnupg.org>
6001 gpg: Improve UID selction of --quick-sign-key.
6002 * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
6003 error for non-found userids.
6005 gpg: Avoid debug like output at start of --edit-key.
6006 * g10/keyedit.c (check_all_keysigs): Print info only after something
6009 2016-04-15 Andre Heinecke <aheinecke@intevation.de>
6011 dirmngr: Fix https never reported in general help.
6012 * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https
6013 when supported and no uri provided.
6015 dirmngr: Fix https incorrectly reported in help.
6016 * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
6019 2016-04-14 Werner Koch <wk@gnupg.org>
6021 agent: Fix regression due to recent commit 4159567.
6022 * agent/protect.c (do_encryption): Fix CBC hashing.
6024 agent: Allow gpg-protect-tool to handle openpgp-native protection.
6025 * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
6027 (main): Allocate a simple CTRL object and pass it to
6029 (convert_from_openpgp_native): Remove stub.
6030 (agent_key_available, agent_get_cache): New stubs.
6031 (agent_askpin): New emulation for the one in call-pinentry.c.
6032 (agent_write_private_key): New to dump key.
6033 * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
6035 tests: Set fake-pinentry's stdout and stdin to _IOLBF.
6036 * tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase
6037 at startup. Increase buffer.
6039 2016-04-12 Werner Koch <wk@gnupg.org>
6041 agent: Implement new protection mode openpgp-s2k3-ocb-aes.
6042 * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
6043 to pass -1 for default.
6044 * agent/protect-tool.c: New option --debug-use-ocb.
6045 (oDebugUseOCB): New.
6046 (opt_debug_use_ocb): New.
6048 (read_and_protect): Implement option.
6050 * agent/protect.c (OCB_MODE_SUPPORTED): New macro.
6051 (PROT_DEFAULT_TO_OCB): New macro.
6052 (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
6053 and timestamp_exp_len. Implement OCB.
6054 (agent_protect): Change to support OCB.
6055 (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
6057 (merge_lists): Allow NULL for sha1hash.
6058 (agent_unprotect): Change to support OCB.
6059 (agent_private_key_type): Remove debug output.
6061 indent: Help Emacs not to get confused by conditional compilation.
6062 * agent/protect.c (calibrate_get_time) [W32]: Use separate function
6063 calls for W32 and W32CE.
6065 2016-04-07 Justus Winter <justus@g10code.com>
6067 g10: Fix exporting secret keys of certain sizes.
6068 * g10/build-packet.c (do_key): Do not use the header length specified
6069 by the public key packet from the keyring, but let 'write_header2'
6070 compute the required length.
6072 2016-04-06 Justus Winter <justus@g10code.com>
6074 Revert "g10: Support armored keyrings in gpgv."
6075 This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
6077 2016-04-05 Justus Winter <justus@g10code.com>
6079 dirmngr: Autodetect PEM format in dirmngr-client.
6080 * dirmngr/dirmngr-client.c (init_asctobin): New function.
6081 (main): Move the initialization code to the new function.
6082 (read_pem_certificate): Initialize base64 table.
6083 (read_certificate): Try to decode certificates given in files as PEM
6086 2016-04-05 Werner Koch <wk@gnupg.org>
6088 build: Fix for: Build gpgcompose only in maintainer mode.
6089 * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
6091 doc: Install gpg and gpgv man pages under the correct name.
6092 * doc/mkdefsinc.c (main): Add double include guard. Set variable
6093 gpgtwohack. Define macros gpgname and gpgvname.
6094 * doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var
6095 gpgtwohack to prepare the man pages. Use @gpgname everywhere.
6096 * doc/gpgv.texi: Likewise.
6097 * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
6098 them depending on USE_GPG2_HACK.
6100 build: Build gpgcompose only in maintainer mode.
6101 * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
6104 gpg: Replace use of "gpg2" by GPG_NAME.
6106 2016-04-04 Werner Koch <wk@gnupg.org>
6108 Now build "gpg" binary but install as "gpg2"
6109 * configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
6110 * common/homedir.c (gnupg_module_name): Replace use of macro
6111 NAME_OF_INSTALLED_GPG.
6112 * g10/keygen.c (generate_keypair): Ditto.
6113 * g10/Makefile.am (bin_PROGRAMS): Remove.
6114 (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
6115 (gpg2_hack_list): New.
6116 (use_gpg2_hack): New.
6117 (gpg2_SOURCES): Rename to gpg_SOURCES.
6118 (gpgv2_SOURCES): Rename to gpgv_SOURCES.
6119 (gpg2_LDADD): Rename to gpg_LDADD.
6120 (gpgv2_LDADD): Rename to gpgv_LDADD.
6121 (gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
6122 (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
6123 (install-exec-hook): Remove WinCE specific rules and add new rules.
6124 (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
6125 * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
6126 * tests/openpgp/defs.inc: Ditto.
6127 * tests/openpgp/gpgtar.test: Ditto.
6128 * tests/openpgp/mkdemodirs: Ditto.
6129 * tests/openpgp/signdemokey: Ditto.
6131 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
6132 --enable-mailto, add --enable-gpg2-is-gpg.
6134 tests: Add missing file.
6135 * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
6137 2016-04-04 Justus Winter <justus@g10code.com>
6139 g10: Support armored keyrings in gpgv.
6140 * doc/gpgv.texi: Document the feature.
6141 * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
6142 * g10/dearmor.c (dearmor_file): Add sink argument.
6143 * g10/gpg.c (main): Adapt accordingly.
6144 * g10/gpgv.c (make_temp_dir): New function.
6145 (main): De-armor keyrings.
6146 * g10/main.h (dearmor_file): Adapt prototype.
6148 tests: Fix default key test.
6149 * tests/openpgp/default-key.test: Avoid using the option
6150 '--trust-model' unconditionally.
6152 2016-04-01 Justus Winter <justus@g10code.com>
6154 build: Check for conflicting trust model options.
6155 * configure.ac: Disable TOFU if configured without trust models, and
6156 check for conflicting options.
6158 g10: Remove option --always-trust if compiled without trust models.
6159 * g10/gpg.c (opts): Remove option --always-trust if compiled without
6162 2016-03-31 Justus Winter <justus@g10code.com>
6164 speedo,w32: Build libsqlite3.
6165 * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
6166 (libsqlite3_ver): New variable.
6167 (speedo_pkg_libsqlite3_tar): Likewise.
6169 g10: Use gpg-error abstraction of sched_yield.
6170 * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.
6172 2016-03-29 Werner Koch <wk@gnupg.org>
6174 gpg: Fix NULL-segv for missing tofu DB.
6175 * g10/tofu.c (opendb): Guard call to timeout function.
6177 2016-03-22 Werner Koch <wk@gnupg.org>
6179 gpg: Improve message when asking for key capabilities.
6180 * g10/keygen.c (ask_key_flags): Improve message.
6182 gpg: Remove the extra prompt for Curve25519.
6183 * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
6184 (ask_curve): Use a fixed table of curve names and reserve a slot for
6185 Curve448. Simplify CurveNNNN/EdNNNN switching.
6186 (ask_curve): Remove the Curve25519 is non-standard prompt.
6188 2016-03-19 Werner Koch <wk@gnupg.org>
6190 gpg: Silence trustdb computation with --quiet.
6191 * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
6194 2016-03-17 Werner Koch <wk@gnupg.org>
6196 sm: Always create a keybox header when creating a new keybox.
6197 * sm/keydb.c (maybe_create_keybox): Create the header blob.
6199 2016-03-17 Neal H. Walfield <neal@g10code.com>
6201 doc: Improve documentation of --enable-large-rsa.
6202 * doc/gpg.texi (--enable-large-rsa): Improve text.
6204 2016-03-17 NIIBE Yutaka <gniibe@fsij.org>
6206 agent: allow removal of the shadowed key.
6207 * agent/findkey.c (agent_delete_key): Remove the key when asked.
6209 2016-03-16 NIIBE Yutaka <gniibe@fsij.org>
6211 g10: Add const qualifier.
6212 * g10/gpgcompose.c (show_help): Those are strings not to be modified.
6214 2016-03-15 Werner Koch <wk@gnupg.org>
6216 gpg: Do not rely on a certain evaluation order.
6217 * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
6218 before derefing IS_SELFSIG.
6220 2016-03-14 Werner Koch <wk@gnupg.org>
6222 scd: Add manufacturer id 0x000a.
6223 * g10/card-util.c (get_manufacturer): Add it.
6225 2016-03-10 Kevin J. McCarthy <kevin@8t8.us>
6227 g10: Silence message if --quiet is given.
6228 * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
6231 2016-03-08 Neal H. Walfield <neal@g10code.com>
6233 gpg: Add a new test.
6234 * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
6235 (module_tests): Add t-stutter.
6236 (t_stutter_SOURCES): New variable.
6237 (t_stutter_LDADD): New variable.
6239 2016-03-07 Justus Winter <justus@g10code.com>
6241 sm: Implement pinentry loopback and reading passphrases from fd.
6242 * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
6243 * sm/Makefile.am (gpgsm_SOURCES): Add new files
6244 * sm/call-agent.c (struct default_inq_parm_s): New definition.
6245 (start_agent): Pass in the pinentry mode.
6246 (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
6247 Adapt all call sites to the new callback cookie.
6248 * sm/gpgsm.c (cmd_and_opt_values): Add new values.
6249 (opts): Add new options.
6250 (main): Handle new options.
6251 * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
6252 * sm/passphrase.c: New file.
6253 * sm/passphrase.h: Likewise.
6255 sm: Remove unused argument '--fixed-passphrase'.
6256 * doc/gpgsm.texi: Drop description.
6257 * sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
6258 (opts): Drop argument.
6259 (main): Drop argument handling.
6260 * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
6262 kbx: Avoid undefined behavior.
6263 * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before
6266 2016-03-07 NIIBE Yutaka <gniibe@fsij.org>
6268 scd: Bug fix for a device with multiple interfaces.
6269 * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when
6270 accessing interface information.
6272 2016-03-04 Justus Winter <justus@g10code.com>
6274 build: Make libusb a hard requirement if the ccid driver is requested.
6275 * configure.ac: Print an error message and die if the internal ccid
6276 driver is requested but no suitable libusb is found.
6278 g10: Drop superfluous declaration.
6279 * g10/main.h (disable_core_dumps): Drop declaration.
6281 g10: Guard code against errors.
6282 * g10/keygen.c (do_generate_keypair): Check for errors, in which case
6285 2016-03-03 Justus Winter <justus@g10code.com>
6287 dirmngr: Add more missing CFLAGS.
6288 * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
6290 (t_dns_stuff_CFLAGS): Likewise.
6292 tests/openpgp: Skip gpgtar test if it has not been built.
6293 * tests/openpgp/gpgtar.test: Check if executable exists.
6295 2016-03-02 Neal H. Walfield <neal@g10code.com>
6297 gpg: Add new program gpgcompose.
6298 * g10/packet.h: Include "util.h".
6299 * g10/encrypt.c (encrypt_seskey): Don't mark as static.
6300 * g10/gpgcompose.c: New file.
6301 * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
6302 (gpg2_SOURCES): Split everything but gpg.c into...
6303 (gpg_sources): ... this new variable.
6304 (gpgcompose_SOURCES): New variable.
6305 (gpgcompose_LDADD): Likewise.
6306 (gpgcompose_LDFLAGS): Likewise.
6308 gpg: More robustly detect valid non-armored OpenPGP messages.
6309 * g10/armor.c (is_armored): More robustly detect valid non-armored
6312 common: Provide a function for mapping packet types to strings.
6313 * common/openpgpdefs.h (pkttype_str): New function.
6315 gpg: Rename pop_filter to iobuf_pop_filter and export it.
6316 * common/iobuf.c (pop_filter): Rename from this...
6317 (iobuf_pop_filter): ... to this. Don't mark it as static.
6319 gpg: Split write_pubkey_enc_from_list.
6320 * g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
6321 function out into...
6322 (write_pubkey_enc): ... this new function.
6324 gpg: Allow the caller to write the contents of a plaintext packet.
6325 * g10/build-packet.c (do_plaintext): Change the semantics such that if
6326 PT->BUF is NULL, it is the caller's responsibility to write the
6327 content (and disable partial body length mode, if appropriate).
6329 gpg: Add a new function for creating binary notations.
6330 * g10/build-packet.c (blob_to_notation): New function.
6332 gpg: Refactor the printing of binary notations.
6333 * g10/build-packet.c (sig_to_notation): Break printing of binary
6335 (notation_value_to_human_readable_string): ... this new function.
6336 Provide a small preview of the binary data substituting non-printable
6337 characters with '?'.
6339 2016-03-02 Uldis Anšmits <uldis.ansmits@tieto.com>
6341 tests/openpgp: Make tests more portable.
6342 * tests/openpgp/default-key.test: Avoid 'grep -q'.
6343 * tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'.
6344 * tests/openpgp/use-exact-key.test: Avoid 'grep -q'.
6346 2016-03-02 Justus Winter <justus@g10code.com>
6348 common: Consolidate Assuan server argument handling.
6349 * common/Makefile.am (common_sources): Add new files.
6350 * common/server-help.c: New file.
6351 * common/server-help.h: Likewise.
6352 * agent/command.c: Drop argument handling primitives in favor of using
6353 the consolidated ones.
6354 * dirmngr/server.c: Likewise.
6355 * g10/server.c: Likewise.
6356 * g13/server.c: Likewise.
6357 * scd/command.c: Likewise.
6358 * sm/server.c: Likewise.
6360 2016-03-01 Justus Winter <justus@g10code.com>
6362 dirmngr: Add missing CFLAGS.
6363 * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
6365 (t_dns_stuff_CFLAGS): Likewise.
6367 tools: Drop superfluous include.
6368 * tools/gpgtar.c: Do not include unused 'npth.h'.
6370 2016-02-26 Werner Koch <wk@gnupg.org>
6372 gpg: Prettify a 2 octet hex output.
6373 * g10/sig-check.c (check_key_signature2): Wrap line and use %02x.
6375 2016-02-25 Neal H. Walfield <neal@g10code.com>
6377 gpg: Show debugging info if a sig with an unsupported sig class is used.
6378 * g10/sig-check.c (check_key_signature2): If SIG->CLASS is
6379 unsupported, show some debugging information. Don't use BUG to fail.
6380 Just return GPG_ERR_BAD_SIGNATURE.
6382 gpg: More carefully encode a packet's length.
6383 * g10/build-packet.c (write_header2): Make sure the length bits are
6384 cleared. Fail if HDRLEN is set and the specified length can't be
6385 encoded in the available space.
6387 gpg: Avoid directly twiddling bits.
6388 * g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
6390 (write_header2): Likewise.
6392 gpg: Add some asserts.
6393 * g10/build-packet.c (ctb_new_format_p): New function.
6394 (ctb_pkttype): New function.
6395 (do_user_id): Add some asserts.
6397 (do_symkey_enc): Likewise.
6398 (do_pubkey_enc): Likewise.
6399 (do_plaintext): Likewise.
6400 (do_encrypted): Likewise.
6401 (do_encrypted_mdc): Likewise.
6402 (do_compressed): Likewise.
6403 (do_signature): Likewise.
6404 (do_signature): Likewise.
6405 (write_header2): Likewise.
6407 gpg: Avoid an unnecessary copy.
6408 * g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
6409 the data: the size of the packet is fixed.
6411 2016-02-23 Neal H. Walfield <neal@g10code.com>
6413 common: Reduce buffer size.
6414 * common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB.
6416 common: Improve a function's documentation and comments.
6417 * common/iobuf.c (iobuf_set_partial_body_length_mode): Fix
6418 documentation and comment. Add an assert.
6420 common: Add log_assert.
6421 * common/logging.h (log_assert): New macro.
6423 gpg: Use higher-level functions.
6424 * g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
6425 iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
6426 iobuf_write in a loop. Move the memory wiping from here...
6427 * common/iobuf.c (iobuf_copy): ... to here.
6429 common: Check for an error before reading.
6430 * common/iobuf.c (iobuf_copy): If DEST has a pending error, don't
6433 common: More accurately name function.
6434 * common/iobuf.c (iobuf_set_partial_block_mode): Rename from this...
6435 (iobuf_set_partial_body_length_mode): ... to this. Update callers.
6437 2016-02-23 Werner Koch <wk@gnupg.org>
6439 g13: Add commands --suspend and --remove.
6440 * g13/g13.c (aSuspend, aResume): New.
6441 (opts): Add commands --suspend and --resume.
6442 (main): Implement dummy command aUmount. Implement commands aResume
6444 * g13/sh-cmd.c (cmd_suspend): New.
6446 (register_commands): Add commands RESUME and SUSPEND.
6447 * g13/server.c (cmd_suspend): New.
6449 (register_commands): Add commands RESUME and SUSPEND.
6450 * g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
6451 (be_dmcrypt_resume_container): New.
6452 * g13/backend.c (be_suspend_container): New.
6453 (be_resume_container): New.
6454 * g13/suspend.c, g13/suspend.h: New.
6455 * g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
6456 (decrypt_keyblob, g13_is_container): Move to ...
6457 * g13/keyblob.c: new file.
6458 (keyblob_read): Rename to g13_keyblob_read and make global.
6459 (keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
6460 * g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
6461 (sh_dmcrypt_suspend_container): New.
6462 (sh_dmcrypt_resume_container): New.
6463 * g13/call-syshelp.c (call_syshelp_run_suspend): New.
6464 (call_syshelp_run_resume): New.
6466 g13: Run mount after dmsetup.
6467 * g13/g13-syshelp.c (main): Reject userids with a slash.
6468 * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
6469 mountpoint is known.
6471 2016-02-23 Justus Winter <justus@g10code.com>
6473 tests/openpgp: Qualify executables with extension.
6474 * tests/openpgp/Makefile.am (required_pgms): Qualify executables with
6477 tests/openpgp: Reimplement 'pinentry.sh' in c.
6478 * tests/openpgp/Makefile.am: Build new program.
6479 * tests/openpgp/defs.inc: Use the new program.
6480 * tests/openpgp/fake-pinentry.c: New file.
6482 tests/openpgp: Avoid dependency on source files.
6483 * tests/openpgp/plain-largeo.asc: New file.
6484 * tests/openpgp/version.test: Dearmor the new file instead of relying
6485 on the source being present.
6487 tests/openpgp: Fix file removal.
6488 * tests/openpgp/version.test: Fix file removal.
6490 common/exechelp: Provide a way to wait for multiple processes.
6491 * common/exechelp-posix.c (gnupg_wait_process): Generalize to
6492 'gnupg_wait_processes'.
6493 * common/exechelp-w32.c (gnupg_wait_process): Likewise.
6494 * common/exechelp-w32ce.c (gnupg_wait_process): New function stub.
6495 * common/exechelp.h (gnupg_wait_process): New prototype.
6497 common/exechelp: Add general pipe function.
6498 * common/exechelp-posix.c (gnupg_create_pipe): New function.
6499 * common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros.
6500 (create_inheritable_pipe): Generalize so that both ends can be
6502 (do_create_pipe): Rename argument accordingly.
6503 (gnupg_create_{in,out}bound_pipe): Use new flags.
6504 (gnupg_create_pipe): New function.
6505 (gnupg_spawn_process): Use new flags.
6506 * common/exechelp-w32ce.c (gnupg_create_pipe): New stub.
6507 * common/exechelp.h (gnupg_create_pipe): New prototype.
6509 common/exechelp: Mute the Windows version.
6510 * common/exechelp-w32.c (gnupg_wait_process): Do not print an error if
6511 the exit code can be returned. This makes the Windows version behave
6512 like the POSIX version.
6514 common/exechelp: Avoid magic numbers.
6515 * common/exechelp-w32.c (do_create_pipe): Use symbolic names.
6517 common/exechelp: Disable debugging by default.
6518 * common/exechelp-w32.c (DEBUG_W32_SPAWN): Set to 0.
6520 common/exechelp: Fix handle leak.
6521 * common/exechelp-w32.c (gnupg_spawn_process_detached): Close process
6524 common/exechelp: Fix opening the 'nul' device.
6525 * common/exechelp-w32.c (gnupg_spawn_process): Fix opening the 'nul'
6528 common/exechelp: Fix error handling.
6529 * common/exechelp-w32.c (gnupg_spawn_process): Close the right handle.
6531 common/exechelp: Fix pipe creation.
6532 * common/exechelp-w32.c (gnupg_spawn_process): Fix the creation of the
6535 tools/mk-tdata: Fix data generation on Windows.
6536 * tools/mk-tdata.c (main): Set stdout to binary mode to avoid newline
6539 2016-02-19 Neal H. Walfield <neal@g10code.com>
6541 gpg: Systematically detect and fix signatures that are out of order.
6542 * g10/keyedit.c (sig_comparison): New function.
6543 (fix_key_signature_order): Merge functionality into...
6544 (check_all_keysigs): ... this function. Rewrite to eliminate
6545 duplicates and use a systematic approach to detecting and moving
6546 signatures that are out of order instead of a heuristic.
6547 (fix_keyblock): Don't call fix_key_signature_order. Call
6548 check_all_keysigs instead after collapsing the uids.
6550 gpg: Split check_key_signature2.
6551 * g10/sig-check.c (hash_uid_node): Rename from this...
6552 (hash_uid_packet): ... to this. Take a PKT_user_id instead of a
6554 (check_key_signature2): Split the basic signature checking
6555 functionality into...
6556 (check_signature_over_key_or_uid): ... this new function.
6558 gpg: Split print_and_check_one_sig.
6559 * g10/keyedit.c (print_and_check_one_sig): Split the print
6560 functionality into...
6561 (print_one_sig): ... this new function.
6563 gpg: Split the function check_signature_end.
6564 * g10/sig-check.c (check_signature_end): Break the basic signature
6566 (check_signature_end_simple): ... this new function.
6568 gpg: Use format_keyid rather than manually formatting the keyid.
6569 * g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
6570 manually formatting the keyid.
6571 * g10/keygen.c (card_write_key_to_backup_file): Likewise.
6573 gpg: Initialize the primary key when generating a key.
6574 * g10/keygen.c (do_generate_keypair): Initialize
6575 pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.
6577 gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
6578 * g10/keydb.h (keyid_cmp): New function.
6579 * g10/keyid.c (pk_keyid): New function.
6580 (pk_main_keyid): New function.
6581 (keyid_copy): New function.
6582 (pk_keyid_str): New function.
6583 * g10/packet.h (PKT_public_key): Update comments for main_keyid and
6586 2016-02-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6588 gpgparsemail: Allow weirdly-mixed pkcs7 signatures.
6589 * tools/gpgparsemail.c: Add and check info->signing_protocol_2.
6591 gpg: Clean up dangling agent_open and agent_closed declarations.
6592 * g10/keydb.h: Remove agent_open, agent_close declarations/
6593 * g10/migrate.c: #include <unistd.h> for access()
6595 2016-02-16 Werner Koch <wk@gnupg.org>
6597 w32: Make scdaemon build again due to libusb problem.
6598 * configure.ac: Add hack to disable libusb for Windows. Also use
6599 $host instead of $target in the switch
6602 The new test for libusb does not support cross-compiling. As a quick
6603 workaround we disable libusb for Windows because we can't use it anyway.
6605 w32: Do not error out if gpgconf is not installed.
6606 * common/homedir.c (check_portable_app): Remove error message.
6608 2016-02-16 Neal H. Walfield <neal@g10code.com>
6610 gpg: Make ASCII armor decoding more robust to encoding errors.
6611 * g10/armor.c (radix64_read): If the = is followed by the string "3D",
6612 check if the following four characters are valid radix 64 and are
6613 followed by a new line. If so, warn and ignore the '3D'.
6615 2016-02-16 Werner Koch <wk@gnupg.org>
6617 doc: Add a gnupg-module-overview picture.
6618 * doc/gnupg-module-overview.svg: New.
6619 * doc/debugging.texi (Component interaction): New.
6620 * doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
6621 gnupg-module-overview.svg. Remove two eps files.
6622 (BUILT_SOURCES): Add gnupg-module-overview.pdf and .png. Remove
6623 gnupg-card-architecture.epsl
6624 (gnupg_TEXINFOS): Add gnupg-module-overview.svg
6626 (DISTCLEANFILES): Remove build eps files.
6628 2016-02-15 NIIBE Yutaka <gniibe@fsij.org>
6630 common, g10: Fix indentation to silence GCC-6.
6631 * common/iobuf.c (iobuf_ioctl): Fix.
6632 * g10/encrypt.c (encrypt_filter): Likewise.
6633 * g10/keyring.c (prepare_search): Likewise.
6635 dirmngr: fix for memory alignment.
6636 * dirmngr/dns-stuff.c (get_dns_cert): Cast through void *.
6637 (getsrv, get_dns_cname): Make sure it's aligned for HEADER.
6639 2016-02-14 Werner Koch <wk@gnupg.org>
6641 gpg: Add hidden key-edit subcommand "change-usage".
6642 * g10/keyedit.c (cmdCHANGEUSAGE): New.
6643 (cmds): Add command "change-usage".
6644 (keyedit_menu): Handle that command.
6645 (menu_changeusage): New.
6646 * g10/keygen.c (keygen_add_key_flags): New.
6647 (ask_key_flags): Add optional arg current.
6649 2016-02-14 Neal H. Walfield <neal@g10code.com>
6651 gpg: Improve API documentation.
6652 * g10/seskey.c (make_session_key): Improve documentation.
6653 (encode_session_key): Improve documentation.
6654 * g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
6655 * g10/dek.h (DEK): Improve documenation.
6657 gpg: Fix calc_header_length when LEN is 0 and improve documentation.
6658 * g10/build-packet.c (calc_header_length): Return the correct haeder
6659 size when LEN is 0. Fix documentation.
6661 gpg: Fix format_keyid when dynamically allocating the buffer.
6662 * g10/keyid.c (format_keyid): Return a char *, not a const char *. If
6663 BUFFER is NULL, then set LEN to the static buffer's size.
6665 common: Fix comment.
6666 * common/iobuf.c (iobuf_flush_temp): Fix comment.
6668 2016-02-13 Werner Koch <wk@gnupg.org>
6670 g13: Require a confirmation before g13 is used for DM-Crypt.
6671 * g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
6672 * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
6673 (sh_dmcrypt_mount_container): Call it.
6675 g13: Second chunk of code to support dm-crypt.
6676 * g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
6677 * g13/Makefile.am (g13_SOURCES): Add them.
6678 * g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
6679 (no_such_backend): Rename to _no_such_backend and provide replacement
6681 (be_is_supported_conttype): Support DM-Crypt.
6682 (be_take_lock_for_create): Call set_segvice for DM-Crypt.
6683 (be_create_new_keys): Make it a dummy for DM-Crypt.
6684 (be_create_container): Call be_dmcrypt_create_container.
6685 (be_mount_container): call be_dmcrypt_mount_container.
6686 * g13/g13-syshelp.c (main): Enable verbose mode.
6687 * g13/g13tuple.c (get_tupledesc_data): New.
6688 * g13/g13tuple.h (unref_tupledesc): New.
6689 * g13/g13.h (server_control_): Add field "recipients".
6690 * g13/g13.c (main): Fix setting of recipients via cmdline.
6691 (g13_deinit_default_ctrl): Release recipients list.
6692 (g13_request_shutdown): New. Replace all direct update of
6693 shutdown_pending by calls this function.
6694 * g13/server.c (server_local_s): Remove field recipients which is now
6696 (reset_notify, cmd_recipient, cmd_create): Adjust for this change.
6697 * g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
6698 (g13_create_container): Support DM-Crypt.
6699 * g13/mount.c (parse_header): Allow for meta data copies.
6700 (g13_mount_container): Support DM-Crypt.
6701 * g13/sh-cmd.c (cmd_create): Make it work.
6703 * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
6704 (sh_dmcrypt_mount_container): New.
6706 g13: Improve dump_keyblob.
6707 * g13/g13tuple.c: Include keyblob.h.
6708 (find_tuple_uint): Factor code out to ...
6709 (convert_uint): new.
6710 (all_printable): New.
6711 * g13/mount.c (dump_keyblob: Move and rename to ...
6712 * g13/g13tuple.c (dump_tupledesc): here. Revamp and pretyy print uint
6715 g13: Define 3 new tags.
6716 * g13/keyblob.h (KEYBLOB_TAG_CONT_NSEC): New.
6717 (KEYBLOB_TAG_ENC_NSEC): New.
6718 (KEYBLOB_TAG_ENC_OFF): New.
6720 g13: Rename utils.c to g13tuple.c.
6721 * g13/utils.c: Rename to g13tuple.c.
6722 * g13/utils.h: Rename to g13tuple.h. Change all users.
6723 * g13/Makefile.am: Adjust accordingly
6725 g13: Add functions to handle uint in a keyblob.
6726 * g13/utils.c (append_tuple_uint): New.
6727 (find_tuple_uint): New.
6728 * g13/t-utils.c: New.
6729 * g13/Makefile.am (noinst_PROGRAMS, TESTS): New.
6730 (module_tests, t_common_ldadd): New.
6731 (t_utils_SOURCES, t_utils_LDADD): New.
6733 g13: Re-factor high level create code.
6734 * g13/create.c (g13_create_container): Factor some code out to ...
6735 * g13/backend.c (be_take_lock_for_create): new.
6737 g13: Return an error for non-existing device.
6738 * g13/sh-cmd.c (cmd_device): Set ERR.
6740 g13: Fix releasing of a syshelp context.
6741 * g13/call-syshelp.c (call_syshelp_release): Allow a NULL arg.
6743 g13: Switch over to common/exectool.c.
6744 * g13/sh-exectool.c: Remove. It has been replaced by common/exectool.c.
6745 * g13/Makefile.am (g13_syshelp_SOURCES): Remove sh-exectool.c
6746 * g13/sh-blockdev.c: Include exectool.h. Change sh_exec_tool to
6748 * g13/sh-dmcrypt.c: Ditto.
6750 common: Make gnupg_exec_tool conform to spec.
6751 * common/exectool.c (gnupg_exec_tool): Allocate extra byte. Allow
6752 zero length read. Append hidden byte. Release memory on error.
6754 g13: First chunk of code to support dm-crypt.
6755 * g13/call-syshelp.c, g13/call-syshelp.h: New.
6756 * g13/g13-syshelp.c, g13/g13-syshelp.h: New.
6757 * g13/sh-cmd.c: New.
6758 * g13/sh-blockdev.c: New.
6759 * g13/sh-exectool.c: New.
6760 * g13/sh-dmcrypt.c: New.
6761 * g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c
6762 (g13_syshelp_SOURCES): New.
6763 (g13_syshelp_LDADD): New.
6765 * g13/g13.c (opts): Add option --type.
6766 (g13_deinit_default_ctrl): New.
6767 (main): Implement that option. Call g13_deinit_default_ctrl.
6768 * g13/g13.h (struct call_syshelp_s): New declaration.
6769 (server_control_s): Add field syshelp_local.
6770 * g13/keyblob.h (KEYBLOB_TAG_CREATED): New.
6771 (KEYBLOB_TAG_ALGOSTR): New.
6772 (KEYBLOB_TAG_HDRCOPY): New.
6773 * g13/backend.c (be_parse_conttype_name): New.
6774 (be_get_detached_name): Add CONTTYPE_DM_CRYPT.
6776 tests: Remove some harmless warnings in regression tests.
6777 * tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket.
6779 2016-02-12 Neal H. Walfield <neal@g10code.com>
6781 common: Change simple_query to ignore status messages.
6782 * common/simple-pwquery.c (simple_query): Ignore status messages.
6784 2016-02-12 NIIBE Yutaka <gniibe@fsij.org>
6786 g10: Make sure to have the directory for trustdb.
6787 * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
6788 the directory and create it if none before calling take_write_lock.
6790 2016-02-02 Neal H. Walfield <neal@g10code.com>
6792 doc: Note that rngd can also be used to quickly generate insecure keys.
6793 * doc/gpg-agent.texi (Agent Options): Add comment to the description
6794 of --debug-quick-random that rngd can also be used to quickly generate
6797 2016-01-27 Werner Koch <wk@gnupg.org>
6799 scd: Fix size_t/int mismatch in libusb.
6800 * scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to
6803 scd: Fix detection of libusb.
6804 * configure.ac (HAVE_LIBUSB): Clear if no header file was found.
6805 (LIBUSB_LIBS): Ditto.
6807 dirmngr: Build fix for FreeBSD (EAI macros)
6808 * dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
6809 EAI_ADDRFAMILY only if defined.
6811 2016-01-27 NIIBE Yutaka <gniibe@fsij.org>
6813 scd: Migrate to new API of libusb 1.0.
6814 * configure.ac (LIBUSB_CPPFLAGS): New.
6815 * scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
6816 * scd/ccid-driver.c: Use libusb 1.0 API.
6818 2016-01-26 Werner Koch <wk@gnupg.org>
6822 2016-01-26 Andre Heinecke <aheinecke@intevation.de>
6824 gpgtar,w32: Fix gpgtar 8 bit encoding handling on W32.
6825 * common/utf8conv.c (wchar_to_utf8): Factor code out to ...
6827 (utf8_to_wchar): Factor code out to ...
6829 (wchar_to_native): New.
6830 (native_to_wchar): New.
6831 * tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar.
6832 (scan_directory): Use wchar_to_native.
6834 2016-01-26 NIIBE Yutaka <gniibe@fsij.org>
6836 g10: Fix segfault on unsupported curve.
6837 * g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
6839 sm: small fix for GCC 6.
6840 * sm/export.c (insert_duptable): Use unsigned 0.
6842 2016-01-25 Werner Koch <wk@gnupg.org>
6843 Daiki Ueno <ueno@gnu.org>
6845 gpg: Print PROGRESS status lines during key generation.
6846 * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using
6847 has_leading_keyword. Handle PROGRESS lines.
6849 2016-01-25 Werner Koch <wk@gnupg.org>
6851 agent: Send PROGRESS status lines to the client.
6852 * agent/gpg-agent.c (struct progress_dispatch_s): New.
6853 (progress_dispatch_list): New.
6854 (main): Register libgcrypt pogress handler.
6855 (agent_libgcrypt_progress_cb): New.
6856 (agent_set_progress_cb): New.
6857 (unregister_progress_cb): New.
6858 (agent_deinit_default_ctrl): Call unregister.
6859 * agent/command.c (progress_cb): New.
6860 (start_command_handler): Register progress callback.
6862 speedo: Allow use of SHA-256 checksums.
6863 * build-aux/getswdb.sh: Add option --find-sha256sum.
6864 * build-aux/speedo.mk (libgpg_error_sha2): New var. Also for all
6867 (SETVARS, SETVARS_W64): Prefer sha256sum over sha1sum.
6868 (installer-from-source): Create swdb fragment.
6870 2016-01-22 Werner Koch <wk@gnupg.org>
6872 dirmngr: Indicate that serial numbers are hexadecimal.
6873 * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all
6875 * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N.
6877 dirmngr: Provide the keyserver pool name even if there is no CNAME.
6878 * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname.
6880 2016-01-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6883 dirmngr: Use sks-keyservers CA by default for the hkps pool.
6884 * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
6885 * dirmngr/http.c (http_session_new): Add optional arg
6886 intended_hostname and set a default cert.
6887 * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
6890 2016-01-22 Werner Koch <wk@gnupg.org>
6892 gpg: Allow new user ids with only the mail address.
6893 * g10/keygen.c (ask_user_id): Allow empty name.
6895 2016-01-21 Werner Koch <wk@gnupg.org>
6897 gpg: Improve header text of the auto-created revocations.
6898 * g10/revoke.c (gen_standard_revoke): Improve header text for the
6899 file. Add info output.
6901 gpg: Make --auto-key-retrieve work with dirmngr configured server.
6902 * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
6903 * g10/keyserver.c (keyserver_any_configured): New.
6904 (keyserver_put): Remove arg keyserver because this will always receive
6905 opt.keyserver which is anyway used when connecting dirmngr. Do not
6906 check opt.keyserver.
6907 (keyserver_import_cert): Replace opt.keyserver by
6908 keyserver_any_configured.
6909 * g10/mainproc.c (check_sig_and_print): Ditto.
6910 * g10/import.c (revocation_present): Ditto.
6911 * g10/getkey.c (get_pubkey_byname): Ditto.
6912 * g10/gpgv.c (keyserver_any_configured): Add stub.
6913 * g10/test-stubs.c (keyserver_any_configured): Add stub.
6915 2016-01-20 Werner Koch <wk@gnupg.org>
6917 gpg: Silence message about ignoring revoked user ids.
6918 * g10/trustdb.c (tdb_get_validity_core): Print message only in debug
6921 agent: New option --pinentry-timeout.
6922 * agent/gpg-agent.c (oPinentryTimeout): New.
6923 (opts): Add new option.
6924 (parse_rereadable_options): PArse that option.
6925 (main): Tell gpgconf about this option.
6926 * agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
6927 * tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
6929 2016-01-19 Werner Koch <wk@gnupg.org>
6931 gpg: Streamline use of error messages in tofu.c.
6932 * g10/tofu.c: Make use of print_further_info to reduce the number of
6933 different error messages to be translated. Also streamline some
6936 common: Add substitute code for libgpg-error < 1.22.
6937 * common/util.h (GPG_ERR_DB_CORRUPTED): New.
6939 gpg: Add function print_further_info.
6940 * g10/misc.c (print_further_info): New.
6942 2016-01-18 Werner Koch <wk@gnupg.org>
6944 g10: Improve strings printed by tofu.c.
6945 * g10/tofu.c: Include ttyio.h. Change many strings to help
6946 translating. Make use of ngettext wehere needed.
6948 (TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
6949 (time_ago_unit): Remove.
6950 (get_trust): Use tty_prints and cpr_get only for the actual prompt.
6952 (show_statistics): Use two English strings for singular and plural.
6954 * po/POTFILES.in: Add tofu.c.
6956 gpg: Use "days" in "...newer than..." diagnostics.
6957 * g10/sig-check.c (check_signature_metadata_validity): Use days if
6960 Use ngettext for some strings.
6961 * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
6964 * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
6965 * g10/keylist.c (print_signature_stats): Ditto.
6966 * g10/keyserver.c (keyserver_refresh): Ditto.
6967 * g10/sig-check.c (check_signature_metadata_validity): Ditto.
6968 * g10/sign.c (do_sign): Ditto.
6969 * g10/trustdb.c (reset_trust_records): Ditto.
6970 (validate_keys): Use a table like diagnostic output.
6972 2016-01-15 Werner Koch <wk@gnupg.org>
6974 kbx,w32: Use shorter retry intervals for keybox_file_rename.
6975 * kbx/keybox-util.c (keybox_file_rename): Restart retry intervals
6978 2016-01-14 Werner Koch <wk@gnupg.org>
6980 w32: Fix deadlock introduced by keybox_file_rename.
6981 * g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
6983 * kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
6986 gpg: Detect race between pubring.gpg and pubring.kbx use.
6987 * g10/keydb.c (maybe_create_keyring_or_box): Detect race condition.
6989 kbx: New function keybox_file_rename to replace rename.
6990 * kbx/keybox-util.c: Include windows.h.
6991 (keybox_file_rename): New.
6992 * kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by
6994 * g10/keyring.c (rename_tmp_file): Ditto.
6996 kbx: Add function keybox_tmp_names to avoid code duplication.
6997 * kbx/keybox-update.c (create_tmp_file): Move some code to...
6998 * kbx/keybox-util.c (keybox_tmp_names): new.
6999 * g10/keyring.c: Include keybox.h.
7000 (create_tmp_file): Replace parts by keybox_tmp_names.
7002 gpg: Make --list-options show-usage the default.
7003 * g10/gpg.c (main): Add LIST_SHOW_USAGE.
7005 2016-01-13 Werner Koch <wk@gnupg.org>
7007 kbx: Change return type of search functions to gpg_error_t.
7008 * kbx/keybox-search.c (keybox_search_reset): Change return type to
7010 (keybox_search): Ditto. Also handle GPG_ERR_EOF.
7011 * sm/keydb.c (keydb_search_reset): Ditto.
7013 gpg: Improve error code from lock_all.
7014 * g10/keydb.c (lock_all): Do not clobber RC during failur cleanup.
7016 kbx: Improve and fix keybox_lock.
7017 * kbx/keybox-init.c (keybox_lock): Make sure ERR is initialized. Get
7018 error codes from dotlock functions.
7020 common: Make sure dotlock functions set a proper ERRNO.
7021 * common/dotlock.c (map_w32_to_errno): New.
7022 (read_lockfile): Return a proper ERRNO.
7023 (dotlock_create_unix): Do not let log functions clobber ERRNO.
7024 (dotlock_take_unix): Ditto.
7025 (dotlock_release_unix): Ditto.
7026 (dotlock_create_w32): Set proper ERRNO.
7027 (dotlock_take_w32): Ditto.
7028 (dotlock_release_w32): Ditto.
7030 kbx: Implement keybox_lock for use by gpg.
7031 * kbx/keybox-defs.h: Include dotlock.h and logging.h.
7032 (CONST_KB_NAME): Remove. Replace usage by KB_NAME.
7033 (struct keybox_name): Add field "lockhd".
7034 * kbx/keybox-init.c (keybox_register_file): Init LOCKHD.
7035 (keybox_lock): Chnage to return gpg_error_t. Implement locking.
7037 gpg: Make sure to mark a duplicate registered keybox as primary.
7038 * kbx/keybox-init.c (keybox_register_file): Change interface to return
7039 the token even if the file has already been registered.
7040 * g10/keydb.c (primary_keyring): Rename to primary_keydb.
7041 (maybe_create_keyring_or_box): Change return type to gpg_error_t.
7042 (keydb_add_resource): Ditto. s/rc/err/.
7043 (keydb_add_resource): Mark an already registered as primary.
7044 * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
7045 (keydb_add_resource): Ditto. s/rc/err/.
7046 (keydb_add_resource): Adjust for changed keybox_register_file.
7048 2016-01-13 NIIBE Yutaka <gniibe@fsij.org>
7050 Fix to support git worktree.
7051 * autogen.sh, Makefile.am, doc/Makefile.am: Use -e for testing .git.
7053 2016-01-12 Werner Koch <wk@gnupg.org>
7055 ssh: Accept OpenSSH *cert-v01 key variants.
7056 * agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
7057 (ssh_key_types): Add OpenSSH cert types.
7058 (stream_read_string): Allow a dummy read.
7059 (ssh_receive_mpint_list): Pass SPEC by reference.
7060 (ssh_receive_mpint_list): New arg CERT and use it.
7061 (ssh_receive_key): Read certificate into an estream object and modify
7062 parser to make use of that object.
7064 2016-01-12 NIIBE Yutaka <gniibe@fsij.org>
7066 common: Fix iobuf API of filter function for alignment.
7067 * common/iobuf.h: Fix comment.
7069 common: Fix iobuf API of filter function for alignment.
7070 * common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics.
7071 * common/iobuf.c (iobuf_desc): Add the second argument DESC.
7072 (print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl)
7073 (iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls
7075 (file_filter, file_es_filter, sock_filter, block_filter): Fill the
7077 * common/t-iobuf.c (every_other_filter, double_filter): Likewise.
7078 * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
7079 g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c,
7080 g10/textfilter.c: Likewise.
7082 2016-01-11 Werner Koch <wk@gnupg.org>
7084 gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
7085 * g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
7087 2016-01-09 Werner Koch <wk@gnupg.org>
7089 tools: Remove gpgkey2ssh.
7090 * tools/gpgkey2ssh.c: Remove.
7091 * tools/Makefile.am (bin_PROGRAMS): Ditto.
7093 2016-01-08 Werner Koch <wk@gnupg.org>
7095 gpg: Support ECDSA keys with --export-ssh-key.
7096 * g10/export.c (key_to_sshblob): Add hack for ECDSA.
7098 gpg: New command --export-ssh-key.
7099 * g10/export.c: Include membuf.h and host2net.h.
7100 (key_to_sshblob): New.
7101 (export_ssh_key): New.
7102 * g10/gpg.c (aExportSshKey): New.
7103 (opts): Add command.
7104 (main): Implement that command.
7106 gpg: Add an exact search flag to the PK struct.
7107 * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
7108 (finish_lookup): Set exact flag.
7109 * g10/packet.h (PKT_public_key): Add field flags.exact.
7111 Print warnings if old daemon versions are used.
7112 * common/status.h (STATUS_WARNING): New.
7113 * g10/call-agent.c (warn_version_mismatch): New.
7114 (start_agent): Call warn function.
7115 * g10/call-dirmngr.c: Include status.h.
7116 (warn_version_mismatch): New.
7117 (create_context): Call warn function.
7118 * sm/call-agent.c (warn_version_mismatch): New.
7119 (start_agent): Call warn function.
7120 (gpgsm_agent_learn): Call warn function.
7121 * sm/call-dirmngr.c (warn_version_mismatch): New.
7122 (prepare_dirmngr): Call warn function.
7124 common: New function compare_version_strings.
7125 * common/stringhelp.c (parse_version_number): New.
7126 (parse_version_string): New.
7127 (compare_version_strings): New.
7128 * common/t-stringhelp.c (test_compare_version_strings): New.
7129 (main): Call test. Return ERRCOUNT instead of 0.
7131 common: New function get_assuan_server_version.
7132 * common/asshelp.c: Include membuf.h.
7133 (get_assuan_server_version): New.
7134 * g10/call-agent.c (agent_get_version): Use new function.
7136 common: New put_membuf_cb to replace static membuf_data_cb.
7137 * common/membuf.c (put_membuf_cb): New.
7138 * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use
7140 * common/get-passphrase.c (membuf_data_cb): Ditto.
7141 * g10/call-agent.c (membuf_data_cb): Ditto.
7142 * sm/call-agent.c (membuf_data_cb): Ditto.
7144 2016-01-07 Werner Koch <wk@gnupg.org>
7146 gpg: Return an error code from keygrip_from_pk.
7147 * g10/keyid.c (keygrip_from_pk): Return an error code.
7149 gpg: Avoid warnings about possible NULL deref.
7150 * g10/getkey.c (cache_public_key): Protect deref of CE which actually
7152 * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
7153 * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
7155 * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
7158 gpg: Fix warnings about useless assignments.
7159 * g10/armor.c (parse_hash_header): Remove duplicate var assignment.
7160 * g10/getkey.c (cache_user_id): Ditto.
7161 * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory
7164 * g10/keygen.c (proc_parameter_file): Remove useless assignment or
7166 (generate_keypair): Ditto.
7167 * g10/getkey.c (finish_lookup, lookup): Ditto.
7168 * g10/card-util.c (change_pin): Ditto.
7169 * g10/gpg.c (main) <aVerify>: Ditto.
7170 * g10/import.c (import): Ditto.
7171 (print_import_check): Ditto
7172 * g10/keyring.c (do_copy): Ditto.
7173 * g10/tdbio.c (tdbio_read_record): Ditto.
7174 * g10/trustdb.c (tdb_update_ownertrust): Ditto.
7175 (update_validity): Ditto.
7177 * g10/server.c (cmd_passwd): Remove useless call to skip_options.
7179 sm: Avoid warnings about useless assignments.
7180 * sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR.
7181 (unhexify_fpr): Remove useless computation on N.
7182 * sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove
7183 useless setting of RC.
7184 * sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC.
7185 * sm/gpgsm.c (build_list): Replace final stpcpy by strcpy.
7186 * sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC.
7187 * sm/server.c (cmd_getauditlog): Comment unused skip_options.
7189 kbx: Avoid warnings about useless assignments.
7190 * kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE
7191 and the last increment of P.
7193 gpg: Fix DNS cert lookup returning an URL.
7194 * g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
7195 param. The old code was entirely buggy (c+p error).
7197 2016-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7199 Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
7200 * g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
7201 default to KF_SHORT.
7202 (format_keyid): Default to KF_SHORT, not KF_0xLONG.
7204 2016-01-06 Werner Koch <wk@gnupg.org>
7206 gpg: Silence some regression tests.
7207 * g10/test.c (TEST): Print diagnostics only in verbose mode.
7209 gpg: Avoid using an uninitialized SALT on premature EOF.
7210 * g10/parse-packet.c (parse_key): Check for premature end of salt.
7212 gpg: Silence warnings found by static analyzer.
7213 * g10/keyedit.c (change_passphrase): Remove useless init of ANY.
7214 (keyedit_quick_adduid): Remove useless setting of ERR.
7215 * g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
7216 it has been checked before the loop.
7217 (parse_plaintext): Remove useless init of PKTLEN.
7219 kbx: Avoid faulty fclose in an error case.
7220 * kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized
7221 file pointer after a failure to create a temp file.
7222 * kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of
7225 dirmngr: Silence one regression test.
7226 * dirmngr/t-dns-stuff.c (main): Do not print info during standard
7229 common: Avoid warnings about useless assignments.
7230 * common/b64enc.c (b64enc_finish): Remove var assignment which is not
7232 * common/iobuf.c (file_filter): Ditto.
7233 * common/tlv.c (do_find_tlv): Ditto.
7234 * common/userids.c (classify_user_id): Ditto.
7236 tests: Use info and error instead of a plain echo.
7237 * tests/openpgp/4gb-packet.test: Use error and info.
7239 common: Do not deref vars in tests after a fail().
7240 * common/t-convert.c (test_bin2hex): Turn if conditions into if-else
7241 chains to avoid accessing unchecked data.
7242 (test_bin2hexcolon): Ditto.
7243 * common/t-mapstrings.c (test_map_static_macro_string): Ditto.
7244 * common/t-stringhelp.c (test_percent_escape): Ditto.
7245 (test_make_filename_try): Ditto.
7246 (test_make_absfilename_try): Ditto.
7247 * common/t-timestuff.c (test_timegm): Ditto.
7249 2016-01-05 Werner Koch <wk@gnupg.org>
7251 gpg: Align notes about minimal keysize with actual checks.
7252 * g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
7253 export mode. Improve readability.
7255 2016-01-05 NIIBE Yutaka <gniibe@fsij.org>
7257 agent: Fix RSA verification for card.
7258 * agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
7261 2016-01-04 Neal H. Walfield <neal@g10code.com>
7263 gpg: Fix double free.
7264 * g10/getkey.c (get_pubkeys): Fix double free.
7266 2015-12-24 NIIBE Yutaka <gniibe@fsij.org>
7268 agent: IMPORT_KEY with --force option fix.
7269 * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
7270 to check existing key.
7271 (convert_from_openpgp): Ditto.
7272 (convert_from_openpgp_native): Call convert_from_openpgp_main with
7274 * agent/command.c (cmd_import_key): Call with dontcare_exist=force.
7276 g10: Use --force when importing key for bkuptocard.
7277 * g10/call-agent.c (agent_import_key): Add an argument FORCE.
7278 * g10/import.c (transfer_secret_keys): Likewise.
7279 (import_secret_one): Call transfer_secret_keys with FORCE=0.
7280 * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
7282 g10: Remove subcommand checkbkupkey for --key-edit.
7283 * g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
7285 g10: Allow relative path for specifying the file for bkuptocard.
7286 * g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
7287 Also support tilda expansion.
7289 g10: fix regression of bkuptocard subcommand in --edit-key.
7290 * g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
7291 * g10/import.c (transfer_secret_keys): Make it global function.
7294 agent: Support --force option for IMPORT_KEY.
7295 * agent/command.c (cmd_keywrap_key): New option --force.
7297 2015-12-23 Werner Koch <wk@gnupg.org>
7299 gpg: Rename struct pubkey to pukey_s and add pubkey_t.
7300 * g10/keydb.h (struct pubkey): Rename to pubkey_s.
7301 (pubkey_t): New. Change all struct pubkey_s to use this type.
7302 * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
7304 gpg: Simplify status message code from commit b30c15bf.
7305 * g10/keygen.c (card_write_key_to_backup_file): Simplify by using
7308 gpg: Add standard free() semantic to pubkey_free.
7309 * g10/getkey.c (pubkey_free): Check for NULL arg.
7311 gpg: Fix use of assert from commit dc417bf0.
7312 * g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use
7315 gpg: Do not translate debug output.
7316 * g10/getkey.c (parse_def_secret_key): Do not make strings passed to
7317 log_debug translatable.
7319 2015-12-23 NIIBE Yutaka <gniibe@fsij.org>
7321 scd: Fix commit b30c15bf (again).
7322 * g10/keygen.c (do_generate_keypair): Clear the variable S.
7324 2015-12-22 Neal H. Walfield <neal@g10code.com>
7327 * g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.
7329 gpg: Fix error message.
7330 * g10/getkey.c (parse_def_secret_key): Fix error message.
7332 gpg: Don't check for ambiguous keys.
7333 * g10/gpg.c (struct result): Move from here...
7334 * g10/keydb.h (struct pubkey): ... to here. Update users.
7335 * g10/gpg.c (check_user_ids): Move from here...
7336 * g10/getkey.c (get_pubkeys): ... to here. Update users. Use
7337 get_pubkey_byname to look up the keys (this also prunes invalid keys).
7338 (pubkey_free): New function.
7339 (pubkeys_free): New function.
7340 * g10/gpg.c (main): Don't check for ambiguous key specifications.
7342 gpg: Lazily evaluate --default-key.
7343 * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
7344 add --default-key's value to REMUSR here...
7345 * g10/pkclist.c (build_pk_list): ... do it here.
7346 * tests/openpgp/Makefile.am (TESTS): Add default-key.test.
7347 * tests/openpgp/default-key.test: New file.
7349 gpg: Remove unused parameter.
7350 * g10/pkclist.c (build_pk_list): Remove parameter use, which is always
7351 called set to PUBKEY_USAGE_ENC. Update callers.
7353 gpg: Improve check for ambiguous keys.
7354 * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
7355 encryption-only keys when a signing key is needed and vice-versa.
7357 gpg: Fix TOCTTOU when updating keyblocks.
7358 * g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
7359 current offset. After taking the lock, extract the fingerprint from
7360 the keyblock, find it and then replace it.
7362 Only add the user supplied CFLAGS after running any autoconf tests.
7363 * configure.ac: Only add the user supplied CFLAGS after running any
7366 gpg: Suppress a warning.
7367 * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
7368 avoid a warning when ADNS is not available.
7370 gpg: Remove dead code.
7371 * kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields
7372 offset and n_packets.
7374 gpg: Display the key that is invalid, not the search description.
7375 * g10/getkey.c (parse_def_secret_key): Display the key that is
7376 invalid, not the search description.
7378 gpg: Mark more options as coming from the config file (when this holds)
7379 * g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
7380 taken from the config file, note this.
7382 gpg: Use enums instead of defines.
7383 * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
7384 (PK_LIST_HIDDEN): Likewise.
7385 (PK_LIST_CONFIG): Likewise.
7386 (PK_LIST_SHIFT): Likewise.n
7388 2015-12-21 NIIBE Yutaka <gniibe@fsij.org>
7390 po: Update Japanese translation.
7392 g10: clean up of headers for card.
7393 * g10/main.h (save_unprotected_key_to_card): Remove.
7394 * g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
7396 2015-12-21 Werner Koch <wk@gnupg.org>
7398 common: New file fwddecl.h.
7399 * common/util.h (server_control_s, ctrl_t): Move to ...
7400 * common/fwddecl.h: New file.
7401 * common/call-gpg.h: Replace typedef by fwddecl.h. Change include
7402 protection macro name.
7403 * common/Makefile.am (common_sources): Add fwddecl.h.
7405 2015-12-18 Werner Koch <wk@gnupg.org>
7407 build: Add required macro for pkg-config.
7408 * configure.ac (PKG_PROG_PKG_CONFIG): New.
7410 2015-12-18 NIIBE Yutaka <gniibe@fsij.org>
7412 g10: Remove deprecated internal functions.
7413 * g10/keygen.c (do_ask_passphrase, generate_raw_key)
7414 (gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
7416 g10: Fix a regression for generating card key with backup.
7417 * g10/main.h (receive_seckey_from_agent): Declare.
7418 * g10/keygen.c (card_write_key_to_backup_file): New.
7419 (card_store_key_with_backup): New.
7420 (do_generate_keypair): Create a key on host for encryption key when
7421 backup is requested. Then, call card_store_key_with_backup.
7423 2015-12-17 NIIBE Yutaka <gniibe@fsij.org>
7425 g10: factor out a function for secret key retrieval.
7426 * g10/export.c (receive_seckey_from_agent): New.
7427 (do_export_stream): Use it.
7429 2015-12-16 Neal H. Walfield <neal@g10code.com>
7431 gpg: When checking for ambiguous keys, ignore invalid keys.
7432 * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
7433 disabled, revoked and expired keys (if appropriate for the provided
7436 2015-12-15 Werner Koch <wk@gnupg.org>
7438 common: Use default_errsource for call-gpg and exectool.
7439 * common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
7441 * common/exectool.c (my_error_from_syserror): New. Use these
7444 gpg: Reduce number of strings to translate.
7445 * g10/getkey.c (parse_def_secret_key): Do not make debug messages
7446 translatable. Make use of print_reported_error.
7448 gpg: New function to printed a detailed error code.
7449 * g10/misc.c (print_reported_error): New.
7451 2015-12-15 Neal H. Walfield <neal@g10code.com>
7453 gpg: Improve the keyblock cache's transparency.
7454 * kbx/keybox-search.c (keybox_seek): New function.
7455 * g10/keydb.c (keydb_search): When reading from the cache, seek to
7456 just after the cached record.
7458 gpg: Improve the keyblock cache's transparency.
7459 * kbx/keybox-search.c (keybox_offset): New function.
7460 * g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
7461 (keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
7462 HD->KEYBLOCK_CACHE.OFFSET.
7463 (keydb_search): Don't use the cached result if it comes before the
7464 current file position. When caching an entry, also record the
7465 position at which it was found.
7467 gpg: Use more descriptive names.
7468 * g10/keyring.c (KR_NAME): Rename this...
7469 (KR_RESOURCE): ... to this. Update users.
7470 (struct keyring_name): Rename this...
7471 (struct keyring_resource): ... to this. Update users.
7472 (struct off_item): Rename this...
7473 (struct key_present): ... to this. Update users.
7474 (OffsetHashTable): Rename this...
7475 (key_present_hash_t): ... to this. Update users.
7476 (kr_offtbl): Rename this...
7477 (key_present_hash): ... to this. Update users.
7478 (kr_offtbl_ready): Rename this...
7479 (key_present_hash_ready): ... to this. Update users.
7480 (KEY_PRESENT_HASH_BUCKETS): New define. Replace use of literals
7482 (new_offset_item): Rename this...
7483 (key_present_value_new): ... to this. Update users.
7484 (release_offset_items): Drop dead code.
7485 (new_offset_hash_table): Rename this...
7486 (key_present_hash_new): ... to this. Update users.
7487 (release_offset_hash_table): Drop dead code.
7488 (lookup_offset_hash_table): Rename this...
7489 (key_present_hash_lookup): ... to this. Update users.
7490 (update_offset_hash_table): Rename this...
7491 (key_present_hash_update): ... to this. Drop unused parameter off.
7493 (update_offset_hash_table_from_kb): Rename this...
7494 (key_present_hash_update_from_kb): ... to this. Drop unused parameter
7497 2015-12-15 NIIBE Yutaka <gniibe@fsij.org>
7499 sm: Handle gcry_pk_encrypt return value.
7500 * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.
7502 2015-12-14 Werner Koch <wk@gnupg.org>
7504 common: Change license of isascii.c to all-premissive,
7505 * common/isascii.c: Change.
7507 common: Change license of some modules to LGPLv3+/GPLv2+.
7508 * common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
7509 * common/status.h: Ditto.
7510 * common/yesno.c: Ditto.
7511 * common/common-defs.h: Ditto.
7512 * common/gettime.h: Ditto.
7513 * common/keyserver.h: Ditto.
7515 common: Change license for exectool to LGPLv3+/GPLv2+.
7516 * common/exectool.c, common/exectool.h: Change license.
7518 common: Rename sh-exectool to exectool.
7519 * common/sh-exectool.c: Rename to exectool.c.
7520 * common/sh-exectool.h: Rename to exectool.h.
7521 * common/Makefile.am (common_sources): Adjust for rename.
7522 * common/exectool.c (sh_exec_tool_stream): Rename to
7523 gnupg_exec-tool-stream.
7524 (sh_exec_tool): Rename to gnupg_exec_tool.
7525 * tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
7526 * tools/gpgtar-extract.c: Adjust for changes.
7527 * tools/gpgtar-list.c: Adjust for changes.
7529 2015-12-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
7531 gpg: Print ownertrust in TOFU+PGP trust model.
7532 * g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
7534 2015-12-14 Neal H. Walfield <neal@g10code.com>
7536 gpg: Fix --default-key checks.
7537 * g10/getkey.c (parse_def_secret_key): Don't just check if a secret
7538 key is available for the public key, also consider subkeys. Also
7539 check that the key has the signing capability, is not revoked, is not
7540 expired and is not disabled. Print a warning if there was a least one
7541 value passed to --default-key and all were ignored.
7543 2015-12-14 NIIBE Yutaka <gniibe@fsij.org>
7545 scd: Fix regression for generating RSA keys on card.
7546 * scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
7549 2015-12-12 Werner Koch <wk@gnupg.org>
7551 gpg: Use a regular type instead of a void* for import stats.
7552 * g10/import.c (struct stats_s): Rename to import_stats_s. Change all
7554 * g10/main.h (import_stats_t): New. Change fucntions to use this
7555 instead of a void pointer.
7557 Remove replacements for libgpg-error < 1.21.
7558 * common/util.h: Remove replacement macros for libgpg-error<1.21.
7559 * common/types.h: Ditto.
7560 * common/mischelp.h: Ditto.
7561 * common/t-mapstrings.c: Include t-support.h before stringhelp.h
7562 * common/t-stringhelp.c: Ditto.
7563 * common/t-support.h: Always include gpg-error.h.
7564 * kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
7567 2015-12-11 Neal H. Walfield <neal@g10code.com>
7569 gpg: Fix buffer overflow.
7570 * g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
7572 2015-12-11 Justus Winter <justus@g10code.com>
7574 agent: Improve error handling.
7575 * agent/pksign.c (agent_pksign_do): Improve error handling.
7577 Fix required libgpg-error version.
7578 * configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the
7581 2015-12-11 Neal H. Walfield <neal@g10code.com>
7583 gpg: Don't error out if a key occurs multiple times in the keyring.
7584 * g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
7585 times in the keyring. Instead, print a warning. When printing out
7586 fingerprint prints, use format_hexfingerprint to format them.
7588 2015-12-10 Daniel Hoffend <dh@dotlan.net>
7590 scd: Fix removal of unplugged usb readers on Windows.
7591 * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
7592 PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
7594 2015-12-07 Justus Winter <justus@g10code.com>
7596 tests: Add some more gpgtar tests.
7597 * tests/openpgp/gpgtar.test: Add more tests.
7599 dirmngr: Initialize http status code.
7600 * dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
7601 it is unused if LDAP is used to search for keys.
7603 2015-12-04 Daiki Ueno <ueno@gnu.org>
7605 gpg: Write ERROR status on delete-key cancellation.
7606 * g10/delkey.c (do_delete_key): Write ERROR status code with the error
7607 location "delete_key.secret", when the user cancelled the operation on
7610 2015-12-04 Justus Winter <justus@g10code.com>
7612 dirmngr: Stricter handling of http error codes.
7613 * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
7614 responded with a '404 Not Found'.
7615 * dirmngr/ks-engine-hkp.c (send_request): Return http status code.
7616 (ks_hkp_search): Likewise.
7617 (ks_hkp_{get,put}): Adapt call to 'send_request'.
7618 * dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
7620 dirmngr: Really search all keyservers for patterns.
7621 * dirmngr/ks-action.c (ks_action_search): Search all configured
7622 keyservers for the given patterns.
7624 dirmngr: Handle http status '501 Not Implemented'.
7625 * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return
7626 GPG_ERR_NOT_IMPLEMENTED.
7628 tools/gpgtar: Implement symmetric encryption.
7629 * tests/openpgp/gpgtar.test: Add test case.
7630 * tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
7632 * tools/gpgtar.c (parse_arguments): We do handle the argument now.
7634 tools/gpgtar: Implement signing.
7635 * tests/openpgp/gpgtar.test: Test signing.
7636 * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
7637 appropriate gpg arguments to implement signing and selecting the local
7639 * tools/gpgtar.c (parse_options): We do handle '--local-user' now.
7640 (main): Handle signing, encrypting, and doing both when creating an
7642 * tools/gpgtar.h (gpgtar_create): Update prototype.
7644 tools/gpgtar: Use the new exectool helper.
7645 * tools/Makefile.am: gpgtar now requires neither npth nor libassuan.
7646 * tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool'
7648 * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
7649 * tools/gpgtar-list.c (gpgtar_list): Likewise.
7650 * tools/gpgtar.c (main): Set default gpg program. Drop the
7651 initialization of npth and libassuan.
7653 common: Add a stream interface to 'sh-exectool'.
7654 * common/sh-exectool.c (struct copy_buffer): Add infrastructure for
7655 copying between streams.
7656 (copy_buffer_{init,shred,do_copy,flush}): New functions.
7657 (sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
7658 (nop_free): New function.
7659 (sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
7660 * common/sh-exectool.h (sh_exec_tool_stream): New prototype.
7662 common: Add header file and build the new code.
7663 * common/Makefile.am (common_sources): Add new files.
7664 * common/sh-exectool.h: New file.
7666 2015-12-04 Werner Koch <wk@gnupg.org>
7668 common: Add code to execute a helper.
7669 * common/sh-exectool.c: New file.
7673 2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
7675 po: Japanese translation.
7677 2015-12-04 Werner Koch <wk@gnupg.org>
7679 speedo,w32: Improve installer.
7680 * build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and
7682 (un.gnupglast): Stop dirmngr.
7684 gpg: Do not pre-check keys given on the command line.
7685 * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
7686 (PK_LIST_SHIFT): New.
7687 * g10/pkclist.c (build_pk_list): Use them here.
7688 * g10/gpg.c (check_user_ids, main): Ditto.
7690 * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
7691 (check_user_ids): Skip check for command line specified options.
7693 dirmngr: Add command to print the resolver version.
7694 * dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
7696 gpg: Allow "help" as value for --tofu-policy.
7697 * g10/gpg.c (parse_tofu_policy): Add keyword "help".
7698 (parse_tofu_db_format): Ditto.
7700 Do not translate messages printed with log_debug.
7701 * common/asshelp.c (start_new_gpg_agent): Do not i18n string.
7702 (start_new_dirmngr): Ditto.
7703 * g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
7706 2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
7708 scd: Fix for removing the prefix.
7709 * scd/app-openopg.c (do_decipher): Fix the condition.
7711 scd: Simplify saving application context.
7712 * scd/app.c (lock_table): Remove LAST_APP field.
7713 (lock_reader, app_dump_state, application_notify_card_reset)
7714 (release_application): Follow the change.
7715 (check_conflict): New.
7716 (check_application_conflict): Lock the slot and call check_conflict.
7717 (select_application): Call check_conflict and not use LAST_APP.
7719 scd: More fix for Curve25519 prefix handling.
7720 * scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
7721 Also fix xfree bug introduced.
7723 2015-12-03 Werner Koch <wk@gnupg.org>
7725 scd: Another fix for Curve25519 prefix handling.
7726 * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
7728 (do_decipher): Fix integer arithmetic in void pointer.
7729 (do_decipher): Add missing memcpy.
7731 build: Avoid dependecy problems in "make distcheck".
7732 * doc/Makefile.am (gnupg.texi): Depend on defs.inc.
7734 build: Change how caller provided CFLAGS are used by configure.
7735 * configure.ac: Append instead of prepend caller provided CFLAGS.
7737 gpg: Add variant of 'key "%s" not found: %s' error message.
7738 * g10/gpg.c (check_user_ids): Change error message.
7739 * g10/delkey.c (do_delete_key): Ditto.
7741 gpg: Make keyidlist more robust in case of errors.
7742 * g10/keyserver.c (keyidlist): Clear *KLIST on error.
7744 gpg: Take care of keydb_new returning NULL.
7745 * g10/keydb.c (keydb_new): Print an error message if needed. Also use
7746 xtrycalloc because we return an error anyway.
7747 * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
7748 * g10/export.c (do_export_stream): Ditto.
7749 * g10/getkey.c (get_pubkey): Ditto.
7750 (get_pubkey_fast): Ditto.
7751 (get_pubkeyblock): Ditto.
7752 (get_seckey): Ditto.
7753 (key_byname): Ditto.
7754 (get_pubkey_byfprint): Ditto.
7755 (get_pubkey_byfprint_fast): Ditto.
7756 (parse_def_secret_key): Ditto.
7757 (have_secret_key_with_kid): Ditto.
7758 * g10/import.c (import_one): Ditto.
7759 (import_revoke_cert): Ditto.
7760 * g10/keyedit.c (keyedit_quick_adduid): Ditto.
7761 * g10/keygen.c (quick_generate_keypair): Ditto.
7762 (do_generate_keypair): Ditto.
7763 * g10/trustdb.c (validate_keys): Ditto.
7764 * g10/keyserver.c (keyidlist): Ditto.
7765 * g10/revoke.c (gen_desig_revoke): Ditto.
7766 (gen_revoke): Ditto.
7767 * g10/gpg.c (check_user_ids): Ditto.
7768 (main): Do not print an error message for keydb_new error.
7769 * g10/keylist.c (list_all): Use actual error code returned by
7772 * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
7773 * g10/t-keydb.c (do_test): Ditto.
7775 * g10/keyring.c (keyring_new): Actually return an error so that the
7776 existing keydb_new error checking makes sense for a keyring resource.
7777 (keyring_rebuild_cache): Take care of keyring_new returning an error.
7779 gpg: Change some error messages.
7780 * g10/getkey.c (parse_def_secret_key): Change error message. Replace
7781 log_debug by log_info.
7782 * g10/gpg.c (check_user_ids): Make function static. Change error
7784 (main): Change error messages.
7785 * g10/revoke.c (gen_revoke): Ditto.
7787 2015-12-03 NIIBE Yutaka <gniibe@fsij.org>
7789 scd: Fix "Conflicting usage" bug.
7790 * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
7791 got an error from apdu_disconnect.
7792 * scd/app-common.h (no_reuse): Remove.
7793 * scd/app.c (application_notify_card_reset): Deallocate APP here.
7794 (select_application, release_application): Don't use NO_REUSE.
7796 scd: Fix for Curve25519 prefix handling.
7797 * scd/app-openpgp.c (do_decipher): More condition for AES decipher.
7798 Handle the prefix in cipher text. Always add the prefix in result.
7800 2015-12-03 Neal H. Walfield <neal@g10code.com>
7802 gpg: Use the matching key if the search description is exact.
7803 * g10/gpg.c (check_user_ids): If the search description is for an
7804 exact match (a keyid or fingerprint that ends in '!'), then use the
7805 matching key, not the primary key.
7806 * tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
7807 (priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
7808 privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
7809 privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
7810 privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
7811 privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
7813 samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
7814 * tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
7816 * tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
7818 * tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
7820 * tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
7822 * tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
7824 * tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
7826 * tests/openpgp/use-exact-key.test: New file.
7827 * tests/openpgp/version.test: Install the new private keys.
7829 2015-12-02 Werner Koch <wk@gnupg.org>
7831 build: Require at least Libassuan 2.4.1.
7832 * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
7833 * agent/gpg-agent.c (create_server_socket): Remove check for
7834 libassuan >= 2.3.0 and >= 2.1.4.
7835 (main): Remove check for libassuan >= 2.1.4.
7836 * scd/scdaemon.c (create_server_socket): Remove check for
7838 * dirmngr/dirmngr.c (set_tor_mode): Remove check for
7840 * dirmngr/http.c (http_raw_connect, send_request): Remove checks for
7843 2015-12-02 Neal H. Walfield <neal@g10code.com>
7845 gpg: Improve documentation.
7846 * g10/tofu.c (initdb): Improve documentation.
7848 gpg: Fix type mismatch resulting in a buffer overflow.
7849 * g10/tofu.c (record_binding): Change policy_old's type from an enum
7850 tofu_policy to a long: this variable is passed by reference and a long
7853 2015-12-02 Werner Koch <wk@gnupg.org>
7855 dirmngr: Switch to an onion address if Tor is running.
7856 * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
7857 * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
7858 --keyserver options.
7859 * dirmngr/server.c (server_local_s): Add field 'tor_state'.
7860 (release_uri_item_list): New.
7861 (release_ctrl_keyservers): Use it.
7862 (start_command_handler): Release list of keyservers.
7863 (is_tor_running): New.
7864 (cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
7865 (ensure_keyserver): Rewrite.
7866 * g10/dirmngr-conf.skel: Add two keyserver options.
7868 http: Enhance parser to detect .onion addresses.
7869 * dirmngr/http.h (parsed_uri_s): Add flag 'onion'.
7870 * dirmngr/http.c (do_parse_uri): Set that flag.
7871 * dirmngr/t-http.c (main): Print flags.
7873 2015-12-02 Neal H. Walfield <neal@g10code.com>
7875 common,gpg: Fix processing of search descriptions ending in '!'.
7876 * g10/gpg.c (check_user_ids): If the search description describes a
7877 keyid or fingerprint and ends in a '!', include the '!' in the
7878 rewritten description.
7879 * common/userids.c (classify_user_id): Accept keyids and fingerprints
7882 2015-12-01 Justus Winter <justus@g10code.com>
7884 dirmngr: Improve error handling.
7885 * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
7886 checking for errors, but silently ignore errors when looking up SRV
7889 2015-12-01 Werner Koch <wk@gnupg.org>
7891 build: Let configure show the the status of Tor support.
7892 * configure.ac (show_tor_support): New
7894 2015-11-30 Werner Koch <wk@gnupg.org>
7896 doc: Make make distcheck work again.
7897 * doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1
7899 yat2m: Add keyword @url.
7900 * doc/yat2m.c (proc_texi_cmd): Add keyword @url.
7902 doc: Build man pages with the same date as the info files.
7903 * doc/Makefile.am (yat2m-stamp): Use option --date.
7905 yat2m: New option --date.
7906 * doc/yat2m.c (opt_date): new.
7907 (isodatestring): Use it if set.
7908 (main): New option --date.
7910 2015-11-27 Werner Koch <wk@gnupg.org>
7912 gpg: Avoid extra translation strings.
7913 * g10/keyedit.c (menu_expire): Use only one prompt.
7915 kbx: Include gpg-error prior to mischelp.h.
7916 * kbx/keybox-init.c: Change order of includes.
7918 gpg,w32: Fix a format string error.
7919 * g10/keyring.c (keyring_search): Fix format string for off_t.
7921 Silence compiler warnings related to not using assuan_fd_t.
7922 * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
7923 declaration was already fixed by a previous change.
7924 * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
7926 Avoid incompatible pointer assignment warnings on Windows.
7927 * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
7928 * dirmngr/server.c (data_line_cookie_write): Ditto.
7929 * sm/certdump.c (format_name_writer): Ditto.
7930 * sm/server.c (data_line_cookie_write): Ditto.
7931 * dirmngr/http.c (cookie_read, cookie_write): Ditto.
7933 dirmngr: Avoid a declarations after statements.
7934 * tools/gpgtar.c (parse_arguments): Use a block for a local varibale
7937 dirmngr: Avoid casting away a const from an char**.
7938 * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from
7941 dirmngr: Allow testing for a running Tor via "getinfo tor".
7942 * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not
7945 2015-11-26 Werner Koch <wk@gnupg.org>
7947 g13: Fix commit 1a045b13.
7948 * g13/g13.c (main): Use existsing function.
7950 common: Fix off-by-one access in the new format_text.
7951 * common/stringhelp.c (format_text): Use existsing fucntion to trim
7952 trailing spaces. Fix off-by-one access.
7954 dirmngr: Improve output of "getinfo tor".
7955 * dirmngr/server.c (cmd_getinfo): Print a message along with OK.
7957 dirmngr: Let Libassuan employ nPth wrappers for connect.
7958 * dirmngr/http.c (my_unprotect, my_protect): Remove.
7959 (connect_server): Do not use these wrappers.
7961 2015-11-26 Justus Winter <justus@g10code.com>
7963 tools/gpgtar: Add '--dry-run'.
7964 * tools/gpgtar-extract.c (extract_{regular,directory}): Honor
7966 * tools/gpgtar.c (enum cmd_and_opt_values): New value.
7967 (opts): Add '--dry-run'.
7968 (parse_arguments): Handle '--dry-run'.
7969 * tools/gpgtar.h (opt): Add field 'dry_run'.
7971 tools/gpgtar: Handle '--gpg-args'.
7972 * tools/gpgtar-create.c (gpgtar_create): Use given arguments.
7973 * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
7974 * tools/gpgtar-list.c (gpgtar_list): Likewise.
7975 * tools/gpgtar.c (enum cmd_and_opt_values): New value.
7976 (opts): Add 'gpg-args'.
7977 (parse_arguments): Handle arguments.
7978 * tools/gpgtar.h (opt): Add field 'gpg_arguments'.
7979 * tests/openpgp/gpgtar.test: Simplify accordingly.
7981 common: Make the GPG arguments configurable in call-gpg.
7982 * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'.
7983 (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise.
7984 (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise.
7985 * common/call-gpg.h: Adapt prototypes.
7986 * g13/create.c (encrypt_keyblob): Adapt callsite.
7987 * g13/g13-common.h (opt): Add field 'gpg_arguments'.
7988 * g13/g13.c (main): Construct default arguments.
7989 * g13/mount.c (decrypt_keyblob): Adapt callsite.
7990 * tools/gpgtar-create.c (gpgtar_create): Likewise.
7991 * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
7992 * tools/gpgtar-list.c (gpgtar_list): Likewise.
7994 tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip.
7995 * tools/gpgtar.c (enum cmd_and_opt_values): New value.
7996 (opts): Add new group for tar options, rearrange a little, add
7998 (tar_opts): New variable.
7999 (shell_parse_stringlist): New function.
8000 (shell_parse_argv): Likewise.
8001 (parse_arguments): Add option argument, handle '--tar-args'.
8002 (main): Fix invokation of 'parse_arguments'.
8003 * tests/openpgp/gpgtar.test: Simplify decryption.
8005 tools/gpgtar: Rework argument parsing.
8006 * tools/gpgtar.c (main): Move argument parsing into its own function.
8008 2015-11-25 Justus Winter <justus@g10code.com>
8010 tests: Add tests for gpgtar and gpg-zip.
8011 * tests/openpgp/Makefile.am (TESTS): Add new file.
8012 * tests/openpgp/gpgtar.test: New file.
8014 tools/gpgtar: Handle '--directory' argument.
8015 * tools/gpgtar-extract.c (gpgtar_extract): Only generate a directory
8016 name if none is given via arguments.
8017 * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
8018 (opts): Add argument.
8019 (main): Parse argument.
8020 * tools/gpgtar.h (opt): New field 'directory'.
8022 tools/gpgtar: Handle '--gpg' argument.
8023 * tools/gpgtar-create.c (gpgtar_create): Use given gpg program.
8024 * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
8025 * tools/gpgtar-list.c (gpgtar_list): Likewise.
8026 * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
8027 (opts): Add argument.
8028 (main): Handle argument.
8029 * tools/gpgtar.h (opt): Add field 'gpg_program'.
8031 tools/gpgtar: Improve error handling.
8032 * tools/gpgtar-create.c (gpgtar_create): Return an error code, fix
8034 * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
8035 * tools/gpgtar-list.c (read_header): Return an error code.
8036 (gpgtar_list): Return an error code, fix error handling.
8037 (gpgtar_read_header): Return an error code.
8038 * tools/gpgtar.c: Add missing include.
8039 (main): Print an generic error message if a command failed and no
8040 error has been printed yet.
8041 * tools/gpgtar.h (gpgtar_{create,extract,list,read_header}): Fix the
8042 prototypes accordingly.
8044 tools: Add encryption and decryption support to gpgtar.
8045 * tools/Makefile.am: Amend CFLAGS and LDADD.
8046 * tools/gpgtar-create.c (gpgtar_create): Add encrypt flag and encrypt
8047 stream if requested.
8048 * tools/gpgtar-extract.c (gpgtar_extract): Likewise for decryption.
8049 * tools/gpgtar-list.c (gpgtar_list): Likewise.
8050 * tools/gpgtar.c (main): Initialize npth and assuan. Parse recipient
8051 and local user, and note which flags are currently ignored. Adapt
8052 calls to gpgtar_list and friends.
8053 (tar_and_encrypt): Drop stub function and prototype.
8054 (decrypt_and_untar): Likewise.
8055 (decrypt_and_list): Likewise.
8056 * tools/gpgtar.h (gpgtar_{create,extract,list}): Add encryption or
8057 decryption argument.
8059 common: Add stream interface to call-pgp.
8060 * common/call-gpg.c (struct writer_thread_parms): Add field 'stream'.
8061 (writer_thread_main): Support reading from a stream.
8062 (start_writer): Add stream argument.
8063 (struct reader_thread_parms): Add field 'stream'.
8064 (reader_thread_main): Support writing to a stream.
8065 (start_reader): Add stream argument.
8066 (_gpg_encrypt): Add stream api.
8067 (gpg_encrypt_blob): Adapt accordingly.
8068 (gpg_encrypt_stream): New function.
8069 (_gpg_decrypt): Add stream api.
8070 (gpg_decrypt_blob): Adapt accordingly.
8071 (gpg_decrypt_stream): New function.
8072 * common/call-gpg.h (gpg_encrypt_stream): New prototype.
8073 (gpg_decrypt_stream): Likewise.
8075 common: Refactor the call-gpg code.
8076 * common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code
8077 into two new functions, _gpg_encrypt and _gpg_decrypt.
8079 g13: Move 'call-gpg.c' to common.
8080 * common/Makefile.am (common_sources): Add files.
8081 * g13/call-gpg.c: Move to 'common' and adapt slightly. Add a
8082 parameter to let callees override the gpg program to execute.
8083 * g13/call-gpg.h: Likewise.
8084 * g13/Makefile.am (g13_SOURCES): Drop files.
8085 * g13/create.c (encrypt_keyblob): Hand in the gpg program to execute.
8086 * g13/mount.c (decrypt_keyblob): Likewise.
8088 2015-11-24 Neal H. Walfield <neal@g10code.com>
8090 gpg: When comparing keyids, use the keyid, not the fingerprint's suffix.
8091 * g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
8092 inline tests. Don't compare P to the suffix of the fingerprint. If P
8093 appears to be a keyid, do an exact compare against the keyid. If it
8094 appears to be a fingerprint, do an exact compare against the
8097 2015-11-23 Neal H. Walfield <neal@g10code.com>
8099 gpg: Reflow long texts.
8100 * common/stringhelp.c (format_text): New function.
8101 * common/t-stringhelp.c (stresc): New function.
8102 (test_format_text): New function. Test format_text.
8103 * g10/tofu.c (get_trust): Use format_text to reflow long texts.
8104 (show_statistics): Likewise.
8106 common: Extend utf8_charcount to include the string's length.
8107 * common/stringhelp.c (utf8_charcount): Take additional parameter,
8108 len. Process at most LEN bytes.
8110 2015-11-23 Justus Winter <justus@g10code.com>
8112 dirmngr: Fix http lookups when libadns is used.
8113 * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
8115 dirmngr: Fix SRV record lookups when using the system resolver.
8116 * dirmngr/dns-stuff.c (getsrv): Fix error handling.
8118 dirmngr: Honor ports specified in SRV records.
8119 * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
8120 (create_new_hostinfo): Initialize 'port'.
8121 (add_host): Add host parameter and update the hosttable entry.
8122 (map_host): Return port if known, adjust calls to 'add_host'.
8123 (make_host_part): Let 'map_host' specify the port if known.
8125 dirmngr: Support hkp server pools using SRV records.
8126 * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
8128 dirmngr: Refactor 'map_host'.
8129 * dirmngr/ks-engine-hkp.c (add_host): New function.
8130 (map_host): Use the new function.
8132 dirmngr: Fix pool detection.
8133 * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
8135 dirmngr: Refactor 'map_host'.
8136 * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
8137 (map_host): Use the new function.
8139 dirmngr: Start dirmngr on demand.
8140 * common/asshelp.h: Include 'util.h'.
8141 * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
8143 (start_dirmngr): Drop now unused declaration and function.
8145 2015-11-23 Neal H. Walfield <neal@g10code.com>
8147 gpg: If sqlite is not available, don't build things depending on it.
8148 * configure.ac: Define the automake conditional SQLITE3.
8149 * tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
8151 (sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
8152 defined, then clear this variable.
8154 gpg: Allow updating the expiration time of multiple subkeys at once.
8155 * g10/keyedit.c (menu_expire): Allow updating the expiration time of
8156 multiple subkeys at once.
8158 gpg: Don't crash if key is not passed an argument.
8159 * g10/keyedit.c (menu_select_key): Don't crash if P is NULL.
8161 2015-11-20 Neal H. Walfield <neal@g10code.com>
8163 gpg: Fail if the search description passed to --gen-revoke is ambiguous.
8164 * g10/revoke.c (gen_revoke): Error out if the search description is
8167 gpg: Refactor print_seckey_info.
8168 * g10/keylist.c (print_seckey_info): Break formatting functionality
8170 (format_seckey_info): ... this new function.
8172 gpg: Improve an error message.
8173 * g10/revoke.c (gen_revoke): Provide a more descriptive error message
8174 if searching for a key fails.
8176 2015-11-19 Justus Winter <justus@g10code.com>
8178 dirmngr: Improve error handling.
8179 * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break.
8181 dirmngr: Fix memory leak.
8182 * dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
8185 agent: Improve error handling.
8186 * agent/trustlist.c (istrusted_internal): Initialize 'err'.
8188 common: Avoid undefined behavior.
8189 * common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter'
8190 will make use of it.
8192 g10: Avoid undefined behavior.
8193 * g10/trust.c (clean_one_uid): Avoid a computation involving an
8194 uninitialized value.
8196 scd: Improve error handling.
8197 * scd/app-openpgp.c (get_public_key): Improve error handling.
8199 2015-11-18 Justus Winter <justus@g10code.com>
8201 dirmngr: Gracefully handle premature termination of TLS streams.
8202 * dirmngr/http.c (close_tls_session): New function.
8203 (session_unref): Use the new function to close the TLS stream.
8204 (cookie_read): If the stream terminated prematurely, close it and
8205 return a short read.
8207 2015-11-17 Neal H. Walfield <neal@g10code.com>
8208 Michael Mönch <michael.moench@marktjagd.de>
8210 tools: Fix option parsing for gpg-zip.
8211 * tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
8212 Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar.
8214 2015-11-17 Neal H. Walfield <neal@g10code.com>
8216 gpg: Allow selecting subkeys using a keyid.
8217 * g10/keyedit.c (menu_select_key): Take an additional argument, p.
8218 Update callers. If P is a hex string, then assume that P is a key id
8219 or fingerprint and select subkeys with matching key ids or
8221 * doc/gpg.texi: Update documentation for the key subcommand.
8223 2015-11-17 Justus Winter <justus@g10code.com>
8225 dirmngr: Fix specifying keyservers by IP address.
8226 * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
8227 entry instead of creating another one.
8229 2015-11-17 Neal H. Walfield <neal@g10code.com>
8231 gpg: Change keydb_search to not return legacy keys.
8232 * g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
8233 If set, skip any legacy keys. Update callers.
8234 * g10/keydb.c (keydb_search): Skip any legacy keys.
8235 (keydb_search_first): Don't skip legacy keys. Treat them
8237 (keydb_search_next): Likewise.
8238 (keydb_search_fpr): Likewise.
8239 * g10/export.c (do_export_stream): Likewise.
8240 * g10/getkey.c (lookup): Likewise.
8241 (have_secret_key_with_kid): Likewise.
8242 * g10/keylist.c (list_all): Likewise.
8243 (keyring_rebuild_cache): Likewise.
8244 * g10/keyserver.c (keyidlist): Likewise.
8245 * g10/trustdb.c (validate_key_list): Likewise.
8247 gpg: Correctly handle an error.
8248 * g10/keyring.c (keyring_search): If a compare function returns an
8249 error, treat it as an error.
8251 gpg: Correctly handle keyblocks followed by legacy keys.
8252 * g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
8253 packet after already having some non-legacy packets, then treat the
8254 legacy packet as a keyblock boundary, not as part of the keyblock.
8255 * g10/t-keydb-get-keyblock.c: New file.
8256 * g10/t-keydb-get-keyblock.gpg: New file.
8257 * g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
8258 (module_tests): Add t-keydb-get-keyblock.
8259 (t_keydb_get_keyblock_SOURCES): New variable.
8260 (t_keydb_get_keyblock_LDADD): Likewise.
8262 gpg: Make debugging search descriptors easier.
8263 * g10/keydb.c (dump_search_desc): Rename from this...
8264 (keydb_search_desc_dump): ... to this. Only process a single search
8265 descriptor. Improve output. Don't mark as static. Update callers.
8267 gpg: Add function format_keyid.
8268 * g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
8269 * g10/keyid.c (format_keyid): New function.
8272 gpg: Use a more appropriate error code.
8273 * g10/gpg.c (check_user_ids): Return a more appropriate error code if
8274 a user id is ambiguous.
8276 2015-11-17 Justus Winter <justus@g10code.com>
8278 Fix typos found using codespell.
8279 * agent/cache.c: Fix typos.
8280 * agent/call-pinentry.c: Likewise.
8281 * agent/call-scd.c: Likewise.
8282 * agent/command-ssh.c: Likewise.
8283 * agent/command.c: Likewise.
8284 * agent/divert-scd.c: Likewise.
8285 * agent/findkey.c: Likewise.
8286 * agent/gpg-agent.c: Likewise.
8287 * agent/w32main.c: Likewise.
8288 * common/argparse.c: Likewise.
8289 * common/audit.c: Likewise.
8290 * common/audit.h: Likewise.
8291 * common/convert.c: Likewise.
8292 * common/dotlock.c: Likewise.
8293 * common/exechelp-posix.c: Likewise.
8294 * common/exechelp-w32.c: Likewise.
8295 * common/exechelp-w32ce.c: Likewise.
8296 * common/exechelp.h: Likewise.
8297 * common/helpfile.c: Likewise.
8298 * common/i18n.h: Likewise.
8299 * common/iobuf.c: Likewise.
8300 * common/iobuf.h: Likewise.
8301 * common/localename.c: Likewise.
8302 * common/logging.c: Likewise.
8303 * common/openpgp-oid.c: Likewise.
8304 * common/session-env.c: Likewise.
8305 * common/sexputil.c: Likewise.
8306 * common/sysutils.c: Likewise.
8307 * common/t-sexputil.c: Likewise.
8308 * common/ttyio.c: Likewise.
8309 * common/util.h: Likewise.
8310 * dirmngr/cdblib.c: Likewise.
8311 * dirmngr/certcache.c: Likewise.
8312 * dirmngr/crlcache.c: Likewise.
8313 * dirmngr/dirmngr-client.c: Likewise.
8314 * dirmngr/dirmngr.c: Likewise.
8315 * dirmngr/dirmngr_ldap.c: Likewise.
8316 * dirmngr/dns-stuff.c: Likewise.
8317 * dirmngr/http.c: Likewise.
8318 * dirmngr/ks-engine-hkp.c: Likewise.
8319 * dirmngr/ks-engine-ldap.c: Likewise.
8320 * dirmngr/ldap-wrapper.c: Likewise.
8321 * dirmngr/ldap.c: Likewise.
8322 * dirmngr/misc.c: Likewise.
8323 * dirmngr/ocsp.c: Likewise.
8324 * dirmngr/validate.c: Likewise.
8325 * g10/encrypt.c: Likewise.
8326 * g10/getkey.c: Likewise.
8327 * g10/gpg.c: Likewise.
8328 * g10/gpgv.c: Likewise.
8329 * g10/import.c: Likewise.
8330 * g10/keydb.c: Likewise.
8331 * g10/keydb.h: Likewise.
8332 * g10/keygen.c: Likewise.
8333 * g10/keyid.c: Likewise.
8334 * g10/keylist.c: Likewise.
8335 * g10/keyring.c: Likewise.
8336 * g10/mainproc.c: Likewise.
8337 * g10/misc.c: Likewise.
8338 * g10/options.h: Likewise.
8339 * g10/packet.h: Likewise.
8340 * g10/parse-packet.c: Likewise.
8341 * g10/pkclist.c: Likewise.
8342 * g10/pkglue.c: Likewise.
8343 * g10/plaintext.c: Likewise.
8344 * g10/server.c: Likewise.
8345 * g10/sig-check.c: Likewise.
8346 * g10/sqlite.c: Likewise.
8347 * g10/tdbio.c: Likewise.
8348 * g10/test-stubs.c: Likewise.
8349 * g10/tofu.c: Likewise.
8350 * g10/trust.c: Likewise.
8351 * g10/trustdb.c: Likewise.
8352 * g13/create.c: Likewise.
8353 * g13/mountinfo.c: Likewise.
8354 * kbx/keybox-blob.c: Likewise.
8355 * kbx/keybox-file.c: Likewise.
8356 * kbx/keybox-init.c: Likewise.
8357 * kbx/keybox-search-desc.h: Likewise.
8358 * kbx/keybox-search.c: Likewise.
8359 * kbx/keybox-update.c: Likewise.
8360 * scd/apdu.c: Likewise.
8361 * scd/app-openpgp.c: Likewise.
8362 * scd/app-p15.c: Likewise.
8363 * scd/app.c: Likewise.
8364 * scd/ccid-driver.c: Likewise.
8365 * scd/command.c: Likewise.
8366 * scd/iso7816.c: Likewise.
8367 * sm/base64.c: Likewise.
8368 * sm/call-agent.c: Likewise.
8369 * sm/call-dirmngr.c: Likewise.
8370 * sm/certchain.c: Likewise.
8371 * sm/gpgsm.c: Likewise.
8372 * sm/import.c: Likewise.
8373 * sm/keydb.c: Likewise.
8374 * sm/minip12.c: Likewise.
8375 * sm/qualified.c: Likewise.
8376 * sm/server.c: Likewise.
8377 * tools/gpg-check-pattern.c: Likewise.
8378 * tools/gpgconf-comp.c: Likewise.
8379 * tools/gpgkey2ssh.c: Likewise.
8380 * tools/gpgparsemail.c: Likewise.
8381 * tools/gpgtar.c: Likewise.
8382 * tools/rfc822parse.c: Likewise.
8383 * tools/symcryptrun.c: Likewise.
8385 2015-11-16 Neal H. Walfield <neal@g10code.com>
8387 gpg: Fix error checking and improve error reporting.
8388 * g10/gpg.c (check_user_ids): Differentiate between a second result
8389 and an error. If the key specification is ambiguous or an error
8390 occurs, set RC appropriately.
8392 2015-11-14 Werner Koch <wk@gnupg.org>
8394 gpg: Use only one fingerprint formatting function.
8395 * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
8396 * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
8398 (format_hexfingerprint): New.
8399 * g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
8400 * g10/tofu.c (fingerprint_format): Remove. Replace calls by
8401 format_hexfingerprint.
8403 2015-11-13 Werner Koch <wk@gnupg.org>
8405 gpg: Simplify the tofu interface by using the public key packet.
8406 * g10/tofu.c (fingerprint_str): Remove.
8407 (tofu_register): Take a public key instead of a fingerprint as arg.
8408 Use hexfingerprint() to get a fpr from the PK.
8409 (tofu_get_validity): Ditto.
8410 (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
8411 * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
8412 instead of the fingerprint to the tofu functions.
8414 gpg: Make trusted-key override for Tofu robust against swapped tofu.db.
8415 * g10/tofu.c (get_trust): For the UTK check lookup the key by
8418 gpg: Fix regression in --locate-keys (in 2.1.9).
8419 * g10/getkey.c (getkey_ctx_s): Add field "extra_list".
8420 (get_pubkey_byname): Store strings in the context.
8421 (getkey_end): Free EXTRA_LIST.
8423 2015-11-12 Werner Koch <wk@gnupg.org>
8425 gpg: Print a new EXPORTED status line.
8426 * common/status.h (STATUS_EXPORTED): New.
8427 * g10/export.c (print_status_exported): New.
8428 (do_export_stream): Call that function.
8430 gpg: Print export statistics to the status-fd.
8431 * common/status.h (STATUS_EXPORT_RES): New.
8432 * g10/main.h (export_stats_t): New.
8433 * g10/export.c (export_stats_s): New.
8434 (export_new_stats, export_release_stats): New.
8435 (export_print_stats): New.
8436 (export_pubkeys, export_seckeys, export_secsubkeys)
8437 (export_pubkey_buffer, do_export): Add arg "stats".
8438 (do_export_stream): Add arg stats and update it.
8439 * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
8440 pass, and print a stats object to the export function calls.
8442 * g10/export.c (export_pubkeys_stream): Remove unused function.
8444 dirmngr: Do not block during ADNS calls.
8445 * dirmngr/dns-stuff.c: Include npth.h
8446 (my_unprotect, my_protect): New wrapper.
8447 (resolve_name_adns): Put unprotect/protect around adns calls.
8448 (get_dns_cert): Ditto.
8450 (get_dns_cname): Ditto.
8452 dirmngr: New option --nameserver.
8453 * dirmngr/dirmngr.c (oNameServer): New.
8454 (opts): Add --nameserver.
8455 (parse_rereadable_options): Act upon oNameServer.
8456 * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
8457 (tor_nameserver): New.
8458 (set_dns_nameserver): New.
8459 (my_adns_init): Make name server configurable.
8461 2015-11-11 Neal H. Walfield <neal@g10code.com>
8463 gpg: Fix cache consistency problem.
8464 g10/keyring.c (keyring_search): Only mark the cache as completely
8465 filled if we start the scan from the beginning of the keyring.
8467 2015-11-10 Neal H. Walfield <neal@g10code.com>
8469 gpg: Default to the the PGP trust model.
8470 * g10/trustdb.c (init_trustdb): If we can't read the trust model from
8471 the trust DB, default to TM_PGP, not TM_TOFU_PGP.
8473 gpg: Default to the flat TOFU DB format.
8474 * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
8475 is no TOFU DB, default to the flat format.
8477 2015-11-09 Werner Koch <wk@gnupg.org>
8479 dirmngr: Change to new ADNS Tor mode init scheme.
8480 * dirmngr/dns-stuff.c (tor_credentials): New.
8481 (enable_dns_tormode): Add arg new_circuit and update tor_credentials.
8482 (my_adns_init): Rework to set Tor mode using a config file options and
8483 always use credentials.
8484 * dirmngr/server.c (cmd_dns_cert): Improve error message.
8485 * dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
8487 dirmngr: Improve detection of ADNS.
8488 * configure.ac (HAVE_ADNS_FREE): New ac_define.
8490 2015-11-09 NIIBE Yutaka <gniibe@fsij.org>
8492 scd: Add reder information to --card-status.
8493 * g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
8494 g10/card-util.c (card_status): Add READER.
8495 * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
8496 (apdu_get_reader_name): New.
8497 * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
8498 * scd/command.c (cmd_learn): Return READER information.
8500 2015-11-06 Werner Koch <wk@gnupg.org>
8502 gpg: Avoid new strings.
8503 * g10/decrypt-data.c (decrypt_data): Use already translated strings.
8505 common: Fix commit f99830b.
8506 * common/userids.c (classify_user_id): Avoid underflow. Use spacep to
8509 2015-11-06 Neal H. Walfield <neal@g10code.com>
8511 gpg: Fix formatting string.
8512 * g10/decrypt-data.c (decrypt_data): Fix formatting string.
8514 gpg: Add new option --only-sign-text-ids.
8515 * g10/options.h (opt): Add field only_sign_text_ids.
8516 * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
8517 (opts): Handle oOnlySignTextIDs.
8519 * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
8520 select non-text based IDs automatically.
8521 (keyedit_menu): Adapt the prompt asking to sign all user ids according
8522 to OPT.ONLY_SIGN_TEXT_IDS.
8523 * doc/gpg.texi: Document the new option --only-sign-text-ids.
8525 common: When classifying keyids and fingerprints, reject trailing junk.
8526 * common/userids.c (classify_user_id): Trim any trailing whitespace.
8527 Before assuming that a hexstring corresponds to a key id or
8528 fingerprint, make sure that it is NUL terminated.
8530 gpg: Check for ambiguous or non-matching key specs.
8531 * g10/gpg.c (check_user_ids): New function.
8532 (main): Check that any user id specifications passed to --local-user
8533 and --remote-user correspond to exactly 1 user. Check that any user
8534 id specifications passed to --default-key correspond to at most 1
8535 user. Warn if any user id specifications passed to --local-user or
8536 --default-user are possible ambiguous (are not specified by long keyid
8538 * g10/getkey.c (parse_def_secret_key): Don't warn about possible
8539 ambiguous key descriptions here.
8541 common: Add new function strlist_rev.
8542 * common/strlist.c (strlist_rev): New function.
8543 * common/t-strlist.c: New file.
8544 * common/Makefile.am (common_sources): Add strlist.c and strlist.h.
8545 (module_tests): Add t-strlist.
8546 (t_strlist_LDADD): New variable.
8548 common: Include required, but not included headers in t-support.h.
8549 * common/t-support.h: Include <stdlib.h> and <stdio.h>.
8551 2015-11-05 Neal H. Walfield <neal@g10code.com>
8553 gpg: Indicate which characters are invalid.
8554 * g10/keygen.c (ask_user_id): Indicate which characters are invalid.
8556 gpg: Add support for unwrapping the outer level of encryption.
8557 * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
8558 copy the data to the output file instead of continuing to process it.
8559 * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
8560 (opts): Handle oUnwrap.
8562 * g10/options.h (opt): Add field unwrap_encryption.
8563 * g10/plaintext.c (handle_plaintext): Break the output file selection
8564 functionality into ...
8565 (get_output_file): ... this new function.
8567 common: Add a function for copying data from one iobuf to another.
8568 * common/iobuf.c (iobuf_copy): New function.
8570 doc: Note that gpgkey2ssh is deprecated.
8571 * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated.
8573 tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.
8574 * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most
8575 gratuitous asserts with error messages. Invoke gpg2, not gpg.
8577 2015-11-05 Neal H. Walfield <neal@g10code.com>
8578 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
8580 doc: Add documentation for gpgkey2ssh.
8581 * doc/tools.texi: Add documentation for gpgkey2ssh.
8583 2015-11-04 Neal H. Walfield <neal@g10code.com>
8585 gpg: Print a better error message for --multifile --sign --encrypt.
8586 * g10/gpg.c (main): Print a better error message for --multifile
8589 gpg: Add --encrypt-to-default-key.
8590 * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
8591 export the function.
8592 * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
8593 (opts): Handle oEncryptToDefaultKey.
8595 * g10/options.h (opt): Add field encrypt_to_default_key.
8597 gpg: Allow multiple --default-key options. Take the last available key.
8598 * g10/getkey.c (parse_def_secret_key): New function.
8599 (get_seckey_default): Add parameter ctrl. Update callers. Use
8600 parse_def_secret_key to get the default secret key, if any.
8601 (getkey_byname): Likewise.
8602 (enum_secret_keys): Likewise.
8603 * g10/options.h (opt): Change def_secret_key's type from a char * to a
8605 * g10/gpg.c (main): When processing --default-key, add the key to
8607 * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers.
8608 * g10/mainproc.c (proc_pubkey_enc): Likewise.
8609 (do_proc_packets): Likewise.
8610 * g10/pkclist.c (default_recipient): Likewise.
8611 * g10/pubkey-enc.c (get_session_key): Likewise.
8612 * g10/sign.c (clearsign_file): Likewise.
8613 (sign_symencrypt_file): Likewise.
8614 * g10/skclist.c (build_sk_list): Likewise.
8615 * g10/test-stubs.c (get_session_key): Likewise.
8617 2015-11-04 NIIBE Yutaka <gniibe@fsij.org>
8619 scd: Fix error handling with libusb-compat library.
8620 * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.
8622 scd: fix change_keyattr.
8623 * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.
8625 2015-11-03 Werner Koch <wk@gnupg.org>
8627 gpg: Change out of core error message.
8628 * g10/tofu.c (fingerprint_str): Die with the error code returned by
8629 the failed function.
8630 (time_ago_str): Ditto. Do not make a comma translatable.
8631 (fingerprint_format): Use "%zu" for a size_t.
8633 gpg: Make translation easier.
8634 * g10/import.c (import_secret_one): Split info string for easier
8637 2015-11-03 Neal H. Walfield <neal@g10code.com>
8639 gpg: Also show when the most recently signed message was observed.
8640 * g10/tofu.c (show_statistics): Also show when the most recently
8641 signed message was observed.
8643 gpg: Split a utility function out of a large function.
8644 * g10/tofu.c (show_statistics): Break the time delta to string code
8646 (time_ago_str): ... this new function.
8648 gpg: Fix message formatting.
8649 * g10/tofu.c (get_trust): Fix message formatting.
8651 gpg: Don't store formatting fingerprints in the TOFU DB.
8652 * g10/tofu.c (fingerprint_pp): Split this function into...
8653 (fingerprint_str): ... this function...
8654 (fingerprint_format): ... and this function.
8655 (record_binding): Store the unformatted fingerprint in the DB. Only
8656 use the formatting fingerprint when displaying a message to the user.
8657 (get_trust): Likewise.
8658 (show_statistics): Likewise.
8659 (tofu_register): Likewise.
8660 (tofu_get_validity): Likewise.
8661 (tofu_set_policy): Likewise.
8662 (tofu_get_policy): Likewise.
8664 2015-11-02 NIIBE Yutaka <gniibe@fsij.org>
8666 g10: notify a user when importing stub is skipped.
8667 * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
8668 when stub_key_skipped.
8669 (import_secret_one): Notify a user, suggesting --card-status.
8671 2015-10-31 Neal H. Walfield <neal@g10code.com>
8673 gpg: Consider newlines to be whitespace in an SQL statement.
8674 * g10/sqlite.c (sqlite3_stepx): When making sure that there is no
8675 second SQL statement, ignore newlines.
8677 2015-10-30 Werner Koch <wk@gnupg.org>
8679 common: Improve t-zb32 to be used for manual encoding.
8680 * common/t-support.h (no_exit_on_fail, errcount): New.
8681 (fail): Bump errcount.
8682 * common/t-zb32.c (main): Add options to allow manual use.
8684 common: Add separate header for zb32.c.
8685 * common/util.h (zb32_encode): Move prototype to ...
8686 * common/zb32.h: new. Include this for all callers of zb32_encode.
8688 2015-10-29 Neal H. Walfield <neal@g10code.com>
8690 gpg: Display the correct error message.
8691 * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
8692 RC does not contain the error code. Save the error code in rc2 and
8695 gpg: Eliminate a memory leak.
8696 * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
8699 gpg: Remove unused prototype.
8700 g10/keyring.h (keyring_locate_writable): Remove unused prototype.
8702 gpg: Eliminate a memory leak.
8703 * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.
8705 gpg: Fix keyring support.
8706 * g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
8707 if it is actually prepared, which it only is if the resource is a
8710 gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
8711 * g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
8712 (sqlite3_stepx_callback): New declaration.
8713 (sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
8714 which passes an additional parameter, the sqlite3_stmt *. Update
8717 gpg: Move sqlite helper functions into their own file.
8718 * g10/tofu.c (sqlite3_exec_printf): Move from here...
8719 * g10/sqlite.c (sqlite3_exec_printf): ... to this new file. Don't
8721 * g10/tofu.c (sqlite3_stepx): Move from here...
8722 * g10/sqlite.c (sqlite3_stepx): ... to this new file. Don't
8724 * g10/tofu.c (enum sqlite_arg_type): Move from here...
8725 * g10/sqlite.h (enum sqlite_arg_type): ... to this new file.
8727 2015-10-29 NIIBE Yutaka <gniibe@fsij.org>
8729 doc: Don't install gpg-zip.1.
8730 * doc/Makefile.am (myman_pages): Remove gpg-zip.1.
8731 (DISTCLEANFILES): Add gpg-zip.1.
8733 2015-10-28 Werner Koch <wk@gnupg.org>
8735 sm: Allow combination of usage flags --gen-key.
8736 * sm/certreqgen.c (create_request): Re-implement building of the
8737 key-usage extension.
8739 2015-10-28 Damien Goutte-Gattat <dgouttegattat@incenp.org>
8741 doc: Document some changed default options.
8742 * doc/gpg.texi: Update the description of some options which are
8743 now enabled by default.
8745 2015-10-28 Werner Koch <wk@gnupg.org>
8747 dirmngr: Fix NULL-deref while loading a CRL.
8748 * dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
8751 dirmngr: Minor cleanup of the SRV RR code.
8752 * dirmngr/dns-stuff.c: Include unistd.h.
8753 (getsrv): Run srand only once.
8754 * dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
8755 and change output format.
8757 dirmngr: Add a getaddrinfo wrapper backend using ADNS.
8758 * dirmngr/dns-stuff.c: Replace all use of default_errsource.
8759 (my_adns_init): Move to top.
8760 (resolve_name_adns): New.
8761 (resolve_dns_name) [USE_ADNS]: Divert to new func.
8763 2015-10-26 Werner Koch <wk@gnupg.org>
8765 gpg: Do not call an extra get_validity if no-show-uid-validity is used.
8766 * g10/mainproc.c (check_sig_and_print): Do not call the informational
8767 get_validity if we are not going to use it.
8769 2015-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
8771 gpg: Ensure all weak digest rejection notices are shown.
8772 * g10/main.h: Add rejection_shown flag to each weakhash struct
8773 * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
8774 treat MD5 separately; (print_digest_rejected_note): Use
8775 weakhash.rejection_shown instead of static shown.
8776 * g10/options.h (opt): Change from additional_weak_digests to
8778 * g10/sig-check.c: Do not treat MD5 separately.
8779 * g10/gpg.c (main): Explicitly set MD5 as weak.
8780 * g10/gpgv.c (main): Explicitly set MD5 as weak.
8782 2015-10-26 Werner Koch <wk@gnupg.org>
8784 w32: Make it build again if Tofu support is not available.
8785 * g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
8788 dirmngr: Support Tor hidden services.
8789 * dirmngr/dns-stuff.c (is_onion_address): New.
8790 * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
8791 (map_host): Special case onion addresses.
8792 (ks_hkp_print_hosttable): Print an 'O' for an onion address.
8793 * dirmngr/http.c (connect_server): Special case onion addresses.
8795 dirmngr,w32: Remove gethostbyname hack and make it build again.
8796 * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
8797 we require getaddrinfo anyway.
8798 * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
8799 (map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
8801 2015-10-26 Neal H. Walfield <neal@g10code.com>
8803 gpg: Make sure we only have a single SQL statement.
8804 * g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
8807 gpg: When the TOFU DB is in batch mode, periodically drop the locks.
8808 * g10/tofu.c: Include <sched.h>.
8809 (batch_update_started): New variable.
8810 (begin_transaction): If we've been in batch mode for a while, then
8811 commit any extant batch transactions.
8812 (tofu_begin_batch_update): If we are not in batch mode, initialize
8813 batch_update_started.
8815 2015-10-25 Werner Koch <wk@gnupg.org>
8817 dirmngr: Add workaround for broken getaddrinfo.
8818 * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
8819 first resolving the CNAME.
8820 (get_dns_cname): New.
8822 * dirmngr/t-dns-stuff.c (main): Add option --cname.
8824 dirmngr: Better handle systems without IPv6 or IPv4.
8825 * dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.
8827 dirmngr: Replace use of getnameinfo by resolve_dns_addr.
8828 * dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
8829 (map_host): Use resolve_dns_addr.
8831 dirmngr: Implement a getnameinfo wrapper.
8832 * dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
8833 (DNS_WITHBRACKET): New.
8834 * dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
8835 (map_eai_to_gpg_error): new.
8836 (resolve_addr_standard): New.
8837 (resolve_dns_addr): New.
8839 * dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
8840 * dirmngr/dns-stuff.c (is_ip_address): here. Add support for non
8841 bracketed v6 addresses.
8843 * dirmngr/t-dns-stuff.c: Remove header netdb.h.
8844 (main): Add option --bracket. Use resolve_dns_name instead of
8847 2015-10-23 Neal H. Walfield <neal@g10code.com>
8849 gpg: Provide an interface to patch TOFU updates.
8850 * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
8851 Rename end_transaction to savepoint_batch_commit. Update users.
8852 Remove field rollback. Add fields savepoint_inner and
8853 savepoint_inner_commit. Add field batch_update.
8854 (dump_cache): New function.
8855 (batch_update): New variable.
8856 (begin_transaction). New function.
8857 (end_transaction): New function.
8858 (rollback_transaction): New function.
8859 (tofu_begin_batch_update): New function.
8860 (tofu_end_batch_update): New function.
8861 (closedb): End any pending batch transaction.
8862 (closedbs): Assert that none of the DBs have a started batch
8863 transaction if we not in batch mode.
8864 (record_binding): Use the begin_transaction, end_transaction and
8865 rollback_transaction functions instead of including the SQL inline.
8866 Also start a batch mode transaction if we are using the flat format.
8867 (tofu_register): Use the begin_transaction, end_transaction and
8868 rollback_transaction functions instead of including the SQL inline.
8869 * g10/gpgv.c (tofu_begin_batch_update): New function.
8870 (tofu_end_batch_update): New function.
8871 * g10/test-stubs.c (tofu_begin_batch_update): New function.
8872 (tofu_end_batch_update): New function.
8874 gpg: Cache prepared SQL queries and open DB connections.
8875 * g10/tofu.c: Include <stdarg.h>.
8876 (prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
8877 (queries) [DEBUG_TOFU_CACHE]: New variable.
8878 (struct db): Add fields prevp, begin_transaction, end_transaction,
8879 rollback, record_binding_get_old_policy, record_binding_update,
8880 record_binding_update2, get_policy_select_policy_and_conflict,
8881 get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
8882 get_trust_gather_other_keys, register_already_seen, and
8884 [DEBUG_TOFU_CACHE]: Add field hits.
8885 (STRINGIFY): New macro.
8886 (STRINGIFY2): New macro.
8887 (enum sqlite_arg_type): New enum.
8888 (sqlite3_stepx): New function.
8889 (combined_db): Remove variable.
8890 (opendb): Don't cache the combined db.
8891 (struct dbs): New struct. Update users to use this as the head of the
8892 local DB list rather than overloading struct db.
8893 (unlink_db): New function.
8894 (link_db): New function.
8895 (db_cache): New variable.
8896 (db_cache_count): New variable.
8897 (DB_CACHE_ENTRIES): Define.
8898 (getdb): If the dbs specific cache doesn't include the DB, look at
8899 DB_CACHE. Only if that also doesn't include the DB open the
8901 (closedb): New function.
8902 (opendbs): Don't open the combined DB. Just return an initialized
8904 (closedbs): Don't close the dbs specific dbs. Attach them to the
8905 front of DB_CACHE. If DB_CACHE contains more than DB_CACHE_ENTRIES,
8906 close enough dbs from the end of the DB_CACHE list such that DB_CACHE
8907 only contains DB_CACHE_ENTRIES. Don't directly close the dbs, instead
8908 use the new closedb function.
8909 [DEBUG_TOFU_CACHE]: Print out some statistics.
8910 (record_binding): Use sqlite3_stepx instead of sqlite3_exec or
8911 sqlite3_exec_printf.
8912 (get_policy): Likewise.
8913 (get_trust): Likewise.
8914 (tofu_register): Likewise.
8916 gpg: Return the DBs meta-handle rather than the sqlite3 handle.
8917 * g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
8920 gpg: Use the proper type.
8921 * g10/options.h: Include "tofu.h".
8922 (opt.tofu_default_policy): Change type to enum tofu_policy.
8923 * g10/gpgv.c (enum tofu_policy): Don't redeclare.
8924 * g10/test-stubs.c (enum tofu_policy): Likewise.
8926 2015-10-22 Werner Koch <wk@gnupg.org>
8928 dirmngr: Implement Tor mode for SRV RRs.
8929 * dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
8930 (my_adns_init): new.
8931 (getsrv)[USE_ADNS]: Use my_adns_init.
8932 (getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
8934 * dirmngr/t-dns-stuff.c: Add option --use-tor.
8936 dirmngr: Do not use MAXDNAME.
8937 * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
8938 * dirmngr/dns-stuff.h (MAXDNAME): Remove.
8939 (struct srventry): Use a fixed value instead of MAXDNAME.
8940 * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
8941 Malloc a helper array.
8943 Move SRV RR code from common/ to dirmngr/.
8944 * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file.
8945 * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file.
8946 * common/Makefile.am (common_sources): Remove srv.c and srv.h.
8947 * g10/keyserver.c: Do not include srv.h. The code using it is anyway
8949 * dirmngr/http.c: Remove header srv.h and stubs.
8950 * dirmngr/t-dns-stuff.c: Add option --srv.
8952 2015-10-21 Werner Koch <wk@gnupg.org>
8954 dirmngr: Use the new DNS wrapper for the HTTP module.
8955 * dirmngr/t-http.c (main): Init assuan sockets.
8956 * dirmngr/http.c: Include dns-stuff.h.
8957 (connect_server)[!HAVE_GETADDRINFO]: Remove all code.
8958 (connect_server): Change to use resolve_dns_name.
8960 dirmngr: Allow use of http.c if USE_NPTH is not defined.
8961 * dirmngr/http.c (send_request): Always set the gnutls pull/push
8963 (my_npth_read): Rename to ...
8964 (my_gnutls_read) .. this. Use system read if !USE_NPTH.
8965 (my_npth_write): Rename to ...
8966 (my_gnutls_write) .. this. Use system write if !USE_NPTH.
8968 dirmngr: Check that getaddrinfo is available.
8969 * dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
8970 (t_ldap_parse_uri_SOURCES): Ditto.
8971 * dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
8974 dirmngr: Use the new DNS wrapper for the HKP engine.
8975 * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
8977 (map_host): Replace getaddrinfo by resolve_dns_name.
8979 dirmngr: Implement a getaddrinfo wrapper.
8980 * dirmngr/dns-stuff.h: Include some header files.
8981 (dns_addinfo_t, dns_addrinfo_s): New.
8982 * dirmngr/dns-stuff.c: Always include DNS related headers.
8983 (free_dns_addrinfo): New.
8984 (resolve_name_standard): New.
8985 (resolve_dns_name): New.
8987 * dirmngr/t-dns-stuff.c: Include netdb.h.
8988 (main): Keep old default mode with no args but else print outout of
8989 resolve_dns_name. Revamp option parser.
8991 common: Add more replacement error codes.
8992 * common/util.h (GPG_ERR_SERVER_FAILED): New.
8993 (GPG_ERR_NO_KEY): New.
8994 (GPG_ERR_NO_NAME): New.
8996 2015-10-21 Neal H. Walfield <neal@g10code.com>
8998 gpg: If the saved trust model is unknown, default to tofu+pgp.
8999 * g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
9000 default to tofu+pgp instead of pgp.
9002 gpg: Don't accidentally free UTK_LIST.
9003 * g10/trustdb.c (validate_keys): Don't free UTK_LIST.
9005 gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
9006 * g10/trustdb.c (validate_one_keyblock): When checking trust regular
9007 expressions, treat the tofu+pgp trust model the same as the pgp trust
9010 gpg: If a key is ultimate trusted, return that in the tofu model.
9011 * g10/tofu.c (get_trust): If the policy is auto or none, check if the
9012 key is ultimately trusted. If so, return that.
9013 (tofu_register): If the key is ultimately trusted, don't show any
9015 (tofu_get_validity): Likewise.
9017 gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
9018 * g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
9019 possibly saved trust models. Also register the ultimately trusted
9020 keys if the trust model is tofu or tofu+pgp.
9021 (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
9022 (update_trustdb): Likewise.
9023 (tdb_check_trustdb_stale): Likewise.
9024 (validate_keys): If the trust model is TOFU, just write out the
9025 ultimately trusted keys.
9027 gpg: Factor out code into a standalone function.
9028 * g10/trustdb.c (tdb_keyid_is_utk): New function.
9031 dirmngr: Allow building with libassuan < 2.3.
9032 * dirmngr/http.c (send_request): Use newer assuan function only if
9035 2015-10-21 Neal H. Walfield <neal@g10code.com>
9036 Andre Heinecke <aheinecke@intevation.de>
9038 gpg: Make the tofu DB check and initialization atomic.
9039 * g10/tofu.c (initdb): Make the version check and the database
9040 initialization atomic.
9042 2015-10-21 Werner Koch <wk@gnupg.org>
9044 build: Make --disable-g13 the default.
9045 * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13. Remove
9046 --enable-gpgtar because that is enabled anyway.
9047 * configure.ac: Do not build g13 by default.
9049 dirmngr: Rename file dns-cert.c.
9050 * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
9051 * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
9053 * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
9054 * dirmngr/Makefile.am: Adjust.
9056 common: Add status code for use by g13.
9057 * common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.
9059 2015-10-20 Werner Koch <wk@gnupg.org>
9061 dirmngr: Prefer ADNS over system resolver.
9062 * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
9063 (USE_DNS_CERT): Prefer ADNS over the system resolver.
9064 * dirmngr/dns-cert.c (tor_mode): New global var.
9065 (enable_dns_tormode): New func.
9066 (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
9067 * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
9069 w32: Allow building again.
9070 * dirmngr/http.c (connect_server): Fix called function name.
9072 build: Allow building without SQLlite support.
9073 * configure.ac: Add option --dsiable-tofu and --disable-sqlite.
9074 (NEED_SQLITE_VERSION): New var.
9075 (USE_TOFU): New ac_define and am_conditional.
9076 * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
9077 pkg-config find the correct .pc file.
9079 * g10/Makefile.am (tofu_source): New. Build only if enabled.
9080 * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
9081 (parse_tofu_policy)[!USE_TOFU]: Disable all.
9082 (parse_tofu_db_format)[!USE_TOFU]: Disable all.
9083 (main) <aTOFUPolicy>[!USE_TOFU]: Skip.
9084 * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
9085 call tofu functions.
9086 * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
9087 * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
9090 2015-10-20 Neal H. Walfield <neal@g10code.com>
9092 gpg: Don't die immediately if the TOFU DB is locked.
9093 * g10/tofu.c (opendb): Don't die immediately if the DB is locked.
9095 gpg: Improve output.
9096 * g10/tofu.c (get_trust): Also show the binding when indicating a
9099 gpg: Synchronize translation template.
9100 * g10/tofu.c (show_statistics): Synchronize translation template.
9102 gpg: When showing conflicts, also show bindings with no recorded sigs.
9103 * g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
9104 NULL, then both time_ago and count should be 0.
9105 (get_trust): Reverse the direction of the join so that we also get
9106 statistics about bindings without any signatures.
9109 * g10/tofu.c (show_statistics): Improve text.
9111 gpg: Use the right variable to display the information.
9112 * g10/tofu.c (get_trust): Use the right variable to display the
9115 gpg: Make failing to create a directory a soft error.
9116 * g10/tofu.c (getdb): Don't exit if we can't create the directory.
9117 Just return an error.
9119 common: Make sure tilde expansion works for the mkdir functions.
9120 * common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
9121 first directory component as well.
9123 gpg: Remove unused prototype digest_algo_from_sig.
9124 * g10/packet.h (digest_algo_from_sig): Remove prototype without a
9125 corresponding implementation.
9127 2015-10-19 Werner Koch <wk@gnupg.org>
9129 dirmngr: Allow building with libassuan < 2.3.
9130 * dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
9132 * dirmngr/http.c (http_raw_connect): Ditto.
9134 2015-10-19 Neal H. Walfield <neal@g10code.com>
9136 gpg: Fix --desig-revoke.
9137 * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
9138 Check that the secret key is available. If not, display an error
9141 gpg: Improve function documentation and some comments.
9142 * g10/main.h: Improve function documentation.
9143 * g10/packet.h.h: Improve function documentation.
9144 * g10/sig-check.c: Improve function documentation and some comments.
9146 gpg: Improve and regularize naming of signature checking functions.
9147 * g10/packet.h (signature_check): Rename from this...
9148 (check_signature): ... to this. Update users.
9149 (signature_check2): Rename from this...
9150 (check_signature2): ... to this. Update users.
9151 * g10/sig-check.c (do_check): Rename from this...
9152 (check_signature_end): ... to this. Update users.
9153 (do_check_messages): Rename from this...
9154 (check_signature_metadata_validity): ... to this. Update users.
9156 gpg: Mark local function as static.
9157 * g10/tdbio.c (put_record_into_cache): Mark as static.
9159 2015-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
9161 gpg: Print warning when rejecting weak digests.
9162 * g10/misc.c (print_md5_rejected_note): Rename to ..
9163 (print_digest_rejected_note): this. Parameterize function to take an
9165 * g10/sig-check.c: Use print_digest_rejected_note() when rejecting
9168 gpg: Add option --weak-digest to gpg and gpgv.
9169 * g10/options.h: Add additional_weak_digests linked list to opts.
9170 * g10/main.h: Declare weakhash linked list struct and
9171 additional_weak_digest() function to insert newly-declared weak
9173 * g10/misc.c: (additional_weak_digest): New function.
9174 (print_digest_algo_note): Check for deprecated digests; use proper
9176 * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
9177 * g10/gpg.c: Add --weak-digest option to gpg.
9178 * doc/gpg.texi: Document gpg --weak-digest option.
9179 * g10/gpgv.c: Add --weak-digest option to gpgv.
9180 * doc/gpgv.texi: Document gpgv --weak-digest option.
9182 2015-10-19 Werner Koch <wk@gnupg.org>
9184 dirmngr: Make --use-tor work - still leaks DNS.
9185 * dirmngr/dirmngr.c (set_tor_mode): New.
9186 (main, reread_configuration): Call it.
9187 * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
9188 mode is enabled if the FORCE_TOR flag is given.
9190 dirmngr: Use Assuan socket wrappers for http.c.
9191 * dirmngr/http.c: Include assuan.h. Changed all code taking a socket
9192 descriptor from int to assuan_fd_t.
9193 (my_unprotect, my_protect): New.
9194 (my_connect): Remove.
9195 (_my_socket_new, _my_socket_unref): use assuan_sock_close.
9196 (connect_server): Use assuan_sock_connect, assuan_sock_new, and
9198 * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
9200 2015-10-19 Neal H. Walfield <neal@g10code.com>
9202 gpg: Fix formatting.
9203 * g10/tofu.c (get_trust): Fix formatting.
9205 gpg: Don't forget to free some memory.
9206 * g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.
9208 gpg: If a conflict occurs in batch mode, record that.
9209 * g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
9210 set conflict to the key. When prompting the user, don't show the
9211 conflicting key if the conflicting key is the current key.
9213 2015-10-18 Werner Koch <wk@gnupg.org>
9215 gpg: Silence two more warnings.
9216 * g10/trustdb.c (tdb_get_validity_core): Silence a warning.
9217 * g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
9218 so that it is not uninitialized in case of an early error.
9220 gpg: Fix harmless compiler warnings.
9221 * g10/tofu.h (_tofu_GET_POLICY_ERROR): New. This avoids warnings
9222 about undefined enum values in a switch.
9223 * g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
9224 * g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
9225 (opendbs): Avoid compiler warning (use braces).
9226 (GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
9227 (get_policy): Remove assert.
9228 (GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
9229 (show_statistics): Undef MIN_SECS et al. after use.
9231 common: Avoid warning about const char ** assignment.
9232 * common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item. Return
9233 an error on malloc failure.
9234 (gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
9236 Move http module from common/ to dirmngr/.
9237 * common/http.c: Move to ../dirmngr/.
9238 * common/http.h: Move to ../dirmngr/.
9239 * common/t-http.c: Move to ../dirmngr/.
9240 * common/tls-ca.pem: Move to ../dirmngr/.
9241 * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
9242 Remove http.c related stuff.
9243 * po/POTFILES.in: Move http.c to dirmngr/.
9244 * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
9245 (module_maint_tests): New.
9246 (noinst_PROGRAMS): Add module_maint_tests.
9247 (dirmngr_SOURCES): Add http.c and http.h.
9248 (dirmngr_LDADD): Remove libcommontlsnpth.
9249 (t_common_ldadd): Ditto.
9250 (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
9251 (t_ldap_parse_uri_SOURCES): Add http.c.
9252 (t_ldap_parse_uri_CFLAGS): Build without npth.
9253 ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
9254 * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
9256 2015-10-18 Neal H. Walfield <neal@g10code.com>
9259 * g10/tofu.c (get_trust): Fix assert.
9261 g10: Add TOFU support.
9262 * configure.ac: Check for sqlite3.
9263 (SQLITE3_CFLAGS): AC_SUBST it.
9264 (SQLITE3_LIBS): Likewise.
9265 * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
9266 (gpg2_SOURCES): Add tofu.h and tofu.c.
9267 (gpg2_LDADD): Add $(SQLITE3_LIBS).
9268 * g10/tofu.c: New file.
9269 * g10/tofu.h: New file.
9270 * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
9271 (tofu_db_format): Define.
9272 * g10/packet.h (PKT_signature): Add fields digest and digest_len.
9273 * g10/gpg.c: Include "tofu.h".
9274 (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
9277 (parse_trust_model): Recognize the tofu and tofu+pgp trust models.
9278 (parse_tofu_policy): New function.
9279 (parse_tofu_db_format): New function.
9280 (main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
9281 Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
9282 * g10/mainproc.c (do_check_sig): If the signature is good, copy the
9283 hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
9284 * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
9286 (tdb_get_validity_core): Add arguments sig and may_ask. Update
9288 * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
9289 to tdb_get_validity_core.
9290 * g10/trustdb.c: Include "tofu.h".
9291 (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
9292 (tdb_get_validity_core): Add arguments sig and may_ask. If
9293 OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
9294 level. Combine it with the computed PGP trust level, if appropriate.
9295 * g10/keyedit.c: Include "tofu.h".
9296 (show_key_with_all_names_colon): If the trust mode is tofu or
9297 tofu+pgp, then show the trust policy.
9298 * g10/keylist.c: Include "tofu.h".
9299 (public_key_list): Also show the PGP stats if the trust model is
9301 (list_keyblock_colon): If the trust mode is tofu or
9302 tofu+pgp, then show the trust policy.
9303 * g10/pkclist.c: Include "tofu.h".
9304 * g10/gpgv.c (get_validity): Add arguments sig and may_ask.
9305 (enum tofu_policy): Define.
9306 (tofu_get_policy): New stub.
9307 (tofu_policy_str): Likewise.
9308 * g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
9309 (enum tofu_policy): Define.
9310 (tofu_get_policy): New stub.
9311 (tofu_policy_str): Likewise.
9312 * doc/DETAILS: Describe the TOFU Policy field.
9313 * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
9314 --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
9315 * tests/openpgp/Makefile.am (TESTS): Add tofu.test.
9316 (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
9317 tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
9318 (CLEANFILES): Add tofu.db.
9319 (clean-local): Add tofu.d.
9320 * tests/openpgp/tofu.test: New file.
9321 * tests/openpgp/tofu-2183839A-1.txt: New file.
9322 * tests/openpgp/tofu-BC15C85A-1.txt: New file.
9323 * tests/openpgp/tofu-EE37CF96-1.txt: New file.
9324 * tests/openpgp/tofu-keys.asc: New file.
9325 * tests/openpgp/tofu-keys-secret.asc: New file.
9327 2015-10-16 Neal H. Walfield <neal@g10code.com>
9329 common: Prefix the mkdir functions with gnupg_. Make args const.
9330 * common/mkdir_p.h (mkdir_p): Rename from this...
9331 (gnupg_mkdir_p): ... to this. Change directory_component's type from
9332 char * to const char *.
9333 (amkdir_p): Rename from this...
9334 (gnupg_amkdir_p): ... to this. Change directory_component's type from
9335 char * to const char *.
9336 * common/mkdir_p.c (mkdir_p): Rename from this...
9337 (gnupg_mkdir_p): ... to this. Change directory_component's type from
9338 char * to const char *.
9339 (amkdir_p): Rename from this...
9340 (gnupg_amkdir_p): ... to this. Change directory_component's type from
9341 char * to const char *.
9343 2015-10-14 NIIBE Yutaka <gniibe@fsij.org>
9345 cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
9346 * dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
9347 * kbx/keybox-update.c (keybox_set_flags): Call
9348 gpg_err_code_from_syserror.
9350 2015-10-13 NIIBE Yutaka <gniibe@fsij.org>
9352 po: Update Japanese translation.
9354 2015-10-12 Werner Koch <wk@gnupg.org>
9356 gpg: Try hard to use MDC also for sign+symenc.
9357 * g10/encrypt.c (use_mdc): Make it a global func.
9358 * g10/sign.c (sign_symencrypt_file): Use that function to decide
9359 whether to use an MDC.
9360 * tests/openpgp/conventional-mdc.test: Add a simple test case.
9362 2015-10-09 Werner Koch <wk@gnupg.org>
9366 2015-10-09 NIIBE Yutaka <gniibe@fsij.org>
9368 agent: simplify agent_get_passphrase.
9369 * agent/call-pinentry.c (agent_get_passphrase): Simplify.
9371 agent: fix agent_askpin.
9372 * agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
9374 agent: Fix function return type for check_cb and agent_askpin.
9375 * agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
9376 (start_pinentry, setup_qualitybar): Likewise.
9377 (agent_askpin): Fix return value check of check_cb.
9378 * agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
9379 (ssh_identity_register): Fix return value check of agent_askpin.
9380 * agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
9381 * agent/findkey.c (try_unprotect_cb): Likewise.
9382 * agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
9383 (agent_ask_new_passphrase): Fix return value check of agent_askpin.
9385 2015-10-08 Andre Heinecke <aheinecke@intevation.de>
9387 dirmngr: Default to http protocol for http-proxy.
9388 * common/http.c (send_request): Fix handling for hostname:port string.
9390 2015-10-08 Werner Koch <wk@gnupg.org>
9392 common: Allow building of mkdir_p.c for Windows.
9393 * common/mkdir_p.c: Change license and comment debug statements.
9394 (amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
9395 build an error code. Change return value to gpg_error_t.
9396 (amkdir_p): Use gnupg_mkdir.
9398 * common/membuf.c: Include util.h first to avoid redefined macro
9401 gpg: Add option --print-dane-records.
9402 * g10/options.h (opt): Add field "print_dane_records".
9403 * g10/gpg.c (oPrintDANERecords): new.
9404 (opts): Add --print-dane-records.
9405 (main): Set that option.
9406 * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
9407 (do_export_stream): Add EXPORT_DANE_FORMAT handling.
9408 * g10/keylist.c (list_keyblock_pka): Implement DANE record printing.
9410 * g10/gpgv.c (export_pubkey_buffer): New stub.
9411 * g10/test-stubs.c (export_pubkey_buffer): New stub.
9413 gpg: Pass CTRL parameter to all key listing functions.
9414 * g10/keylist.c (public_key_list): Add arg CTRL.
9415 (secret_key_list): Ditto.
9416 (list_all, list_one): Ditto.
9417 (locate_one): Ditto.
9418 (list_keyblock_pka): Ditto.
9419 (list_keyblock): Ditto.
9420 (list_keyblock_direct): Ditto.
9421 * g10/keygen.c (proc_parameter_file): Add arg CTRL.
9422 (read_parameter_file): Ditto.
9423 (quick_generate_keypair): Ditto.
9424 (do_generate_keypair): Ditto.
9425 (generate_keypair): Pass arg CTRL.
9426 * g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
9428 2015-10-07 Werner Koch <wk@gnupg.org>
9430 gpg: Remove unfinished experimental code to export as S-expressions.
9431 * g10/options.h (EXPORT_SEXP_FORMAT): Remove.
9432 (EXPORT_DANE_FORMAT): New.
9433 * g10/export.c (parse_export_options): Remove "export-sexp-format".
9434 (export_seckeys): Adjust for removed option.
9435 (export_secsubkeys): Ditto.
9436 (do_export): Prepare for DANE format.
9437 (build_sexp, build_sexp_seckey): Remove.
9438 (do_export_stream): Remove use of removed functions.
9440 2015-10-06 Werner Koch <wk@gnupg.org>
9442 gpg: Add new --auto-key-locate mechanism "dane".
9443 * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
9444 * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
9445 * g10/options.h (AKL_DANE): New.
9446 * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
9447 (parse_auto_key_locate): Ditto.
9449 dirmngr: Addlow fetching keys using OpenPGP DANE.
9450 * dirmngr/server.c (cmd_dns_cert): Add option --dane.
9452 dirmngr: Improve DNS code to retrieve arbitrary records.
9453 * dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
9455 * dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
9456 (DNS_CERTTYPE_RR61): New.
9458 dirmngr: Change DNS code to make additions easier.
9459 * dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
9460 adding more resource types.
9462 dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
9463 * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
9464 (cmd_reloaddirmngr): Use check_owner_permission.
9466 dirmngr: Do tilde expansion for --hkp-cacert.
9467 * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
9468 check for cert file existance in option --hkp-cacert.
9470 gpg: Fail decryption for AES etc message w/o MDC.
9471 * g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
9473 2015-10-06 NIIBE Yutaka <gniibe@fsij.org>
9475 agent: Fix verification of signature for smartcard.
9476 * agent/pksign.c (agent_pksign_do): Use public key smartcard.
9478 agent: Fix non-allocation for pinentry_loopback.
9479 * agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
9480 be allocated by pinentry_loopback.
9482 2015-10-05 Werner Koch <wk@gnupg.org>
9484 gpg: Install a dirmngr.conf file.
9485 * g10/dirmngr-conf.skel: New.
9486 * g10/Makefile.am (EXTRA_DIST): Add file.
9487 (install-data-local, uninstall-local): Install that file.
9488 * g10/openfile.c (copy_options_file): Add arg "name", return a value,
9489 simplify with xstrconcat, and factor warning message out to:
9490 (try_make_homedir): here. Also install dirmngr.conf.
9491 * g10/options.skel: Remove --keyserver entry.
9493 gpg: Deprecate the --keyserver option.
9494 * g10/keyserver.c (keyserver_refresh): Change return type to
9495 gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the
9497 (keyserver_search): Do not print the "no keyserver" error
9498 message. The same error is anyway returned from dirmngr.
9499 * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
9500 (ks_status_cb): Handle other status keywords.
9501 (gpg_dirmngr_ks_list): New.
9502 * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
9503 (gc_options_dirmngr): Add "Keyserver" group and "keyserver".
9505 dirmngr: Add option --keyserver.
9506 * dirmngr/dirmngr.c (oKeyServer): New.
9507 (opts): Add "keyserver".
9508 (parse_rereadable_options): Parse that options
9509 (main): Add option to the gpgconf list.
9510 * dirmngr/dirmngr.h (opt): Add field "keyserver".
9511 * dirmngr/server.c (ensure_keyserver): New.
9512 (make_keyserver_item): New. Factored out from
9513 (cmd_keyserver): here. Call ensure_keyserver.
9514 (cmd_ks_search): Call ensure_keyserver.
9515 (cmd_ks_get): Ditto.
9516 (cmd_ks_fetch): Ditto.
9517 (cmd_ks_put): Ditto.
9519 dirmngr: Make clear that --use-tor is not yet ready for use.
9520 * dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
9522 * tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.
9524 gpgconf: Change displayed name of Dirmngr to "Key Acquirer".
9525 * tools/gpgconf-comp.c (gc_component): Change printed name.
9527 2015-10-02 Werner Koch <wk@gnupg.org>
9529 dirmngr: Fix use-after-free due to a realloc shrinking.
9530 * dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
9533 agent: Fix alignment problem with the second passphrase struct.
9534 * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
9535 PI2. Check return value of the malloc function.
9536 * agent/command-ssh.c (ssh_identity_register): Use a separate malloc
9539 2015-10-01 Werner Koch <wk@gnupg.org>
9541 gpg: Fix a practical hang after use of --faked-system-time.
9542 * g10/sign.c (update_keysig_packet): Bail out if we would need to long
9543 for a new timestamp.
9545 gpg: Print more info with "check selfsig".
9546 * g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
9549 gpg: Add debug helper to --edit-keys's check sub-command.
9550 * g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
9551 print an asterisk for the chosen selfsig.
9552 (check_all_keysigs): Add arg "only_selfsig"
9553 (keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
9555 2015-10-01 NIIBE Yutaka <gniibe@fsij.org>
9557 common: Fix strsplit.
9558 * common/stringhelp.c (strsplit): Fix arguments order.
9560 2015-09-30 Neal H. Walfield <neal@g10code.com>
9562 common: Add mkdir_p.
9563 * common/mkdir_p.c: New file.
9564 * common/mkdir_p.h: New file.
9565 * common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.
9567 common: Remove unused files.
9568 * common/xmalloc.c: Remove file.
9569 * common/xmalloc.h: Remove file.
9571 common: Include <gpg-error.h>.
9572 * common/logging.h: Include <gpg-error.h>.
9574 2015-09-29 Neal H. Walfield <neal@g10code.com>
9576 g10: Remove unused struct cmp_help_context_s.
9577 * g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.
9579 g10: Avoid an unnecessary copy.
9580 * g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
9581 Instead, directly use the provided storage. If none is provided
9584 2015-09-29 NIIBE Yutaka <gniibe@fsij.org>
9586 ssh: Fix fingerprint computation for EdDSA key.
9587 * common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
9588 * common/t-ssh-utils.c (sample_keys): Add a new key.
9590 agent: RSA signature verification by gpg-agent.
9591 * g10/sign.c (do_sign): Let verify signature by gpg-agent.
9592 * agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.
9594 2015-09-28 Werner Koch <wk@gnupg.org>
9596 common: Provide two new error code replacements.
9597 * common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.
9599 common: Change calling convention for gnupg_spawn_process.
9600 * common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
9601 (GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
9603 * common/exechelp.h (gnupg_spawn_process): Change function to not take
9604 an optional stream for stdin but to return one.
9605 * common/exechelp-posix.c (gnupg_spawn_process): Implement change.
9606 (create_pipe_and_estream): Add args outbound and nonblock.
9607 * common/exechelp-w32.c (gnupg_spawn_process): Implement change.
9609 2015-09-28 NIIBE Yutaka <gniibe@fsij.org>
9611 scd: Handle error correctly.
9612 * scd/apdu.c (apdu_connect): Initialize variables and check an error
9613 of apdu_get_status_internal.
9615 2015-09-22 Werner Koch <wk@gnupg.org>
9617 ssh: Add 256, 384 and 521 bit test keys for the fingerprint.
9618 * common/t-ssh-utils.c (sample_keys): Add 3 new keys.
9620 ssh: Fix fingerprint computation for 384 bit ECDSA keys.
9621 * common/ssh-utils.c (get_fingerprint): Fix hashed string.
9623 2015-09-19 NIIBE Yutaka <gniibe@fsij.org>
9625 agent: Fix importing ECC key.
9626 * agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
9627 parameters are stored as opaque.
9628 (apply_protection): ARRAY members are all normal, non-opaque MPI.
9629 (extract_private_key): Get public key as normal, non-opaque MPI.
9630 Remove support of ECC key with '(flags param)'.
9631 Remove support of "ecdsa" and "ecdh" keys of our experiment.
9633 scd: Fix KEYTOCARD handling for ECC key.
9634 * scd/app-openpgp.c (ecc_writekey): Only public key can be native
9637 2015-09-19 Neal H. Walfield <neal@g10code.com>
9639 common: Add new function strlist_length.
9640 * common/strlist.c (strlist_length): New function.
9642 2015-09-18 Werner Koch <wk@gnupg.org>
9644 gpgconf: Change displayed name of Dirmngr to "Network Manager".
9645 * tools/gpgconf-comp.c (gc_component): Change printed name.
9647 dirmngr: Add option --use-tor as a stub.
9648 * dirmngr/dirmngr.h (opt): Add field "use_tor".
9649 * dirmngr/dirmngr.c (oUseTor): New.
9650 (opts): Add --use-tor.
9651 (parse_rereadable_options): Set option.
9652 (main): Tell gpgconf about that option.
9654 * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
9655 return an error if LDAP is used in TOR mode.
9656 (ca_cert_fetch): Return an error in TOR mode.
9657 (start_cert_fetch): Ditto.
9658 * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
9660 * dirmngr/ks-engine-hkp.c (send_request): Ditto.
9661 * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
9662 * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
9663 (ks_ldap_search): Ditto.
9664 (ks_ldap_put): Ditto.
9665 * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
9668 * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
9669 (cmd_dns_cert): Return an error in TOR mode.
9670 (cmd_getinfo): Add subcommand "tor"
9671 * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
9673 gpg: Report a conflict between honor-keyserver-url and TOR.
9674 * g10/call-dirmngr.c (create_context): Send option and print a verbose
9677 http: Add flag to force use of TOR (part 1)
9678 * common/http.h (HTTP_FLAG_FORCE_TOR): New.
9679 * common/http.c (http_raw_connect, send_request): Detect flag and
9680 return an error for now.
9682 2015-09-17 NIIBE Yutaka <gniibe@fsij.org>
9684 po: Update Japanese translation.
9686 scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
9687 * scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
9688 (ccid_transceive_apdu_level, ccid_transceive): Use.
9690 2015-09-16 Werner Koch <wk@gnupg.org>
9692 agent: New option --pinentry-invisible-char.
9693 * agent/gpg-agent.c (oPinentryInvisibleChar): New.
9695 (parse_rereadable_options): Set option.
9696 * agent/agent.h (opt): Add field pinentry_invisible_char.
9697 * agent/call-pinentry.c (start_pinentry): Pass option to pinentry.
9699 g13: Move some code to a separate module.
9700 * g13/g13-common.c, g13/g13-common.h: New.
9701 * g13/Makefile.am (g13_SOURCES): Add new files.
9702 * g13/g13.c (g13_errors_seen): Move to g13-common.c.
9703 (cmdline_conttype): New.
9704 (main): Use g13_init_signals and g13_install_emergency_cleanup.
9705 (emergency_cleanup, g13_exit): Move to g13-common.c.
9706 * g13/g13.h: Move OPT and some other code to g13-common.h.
9708 gpg: Fix skip function dummy parameter.
9709 * g10/trustdb.c (search_skipfnc): Fix dummy argument
9711 gpg: Change last commit to avoid extra translations.
9712 * g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
9715 2015-09-16 Neal H. Walfield <neal@g10code.com>
9717 g10: Improve error message.
9718 * g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
9719 must be selected, indicate what command to use to do this.
9721 g10: Be more careful when merging self-signed data.
9722 * g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
9723 data belonging to the public key when we encounter an attribute packet
9724 or a subkey packet, not just a user id packet. When looking for
9725 self-signed data belonging to a user id packet, stop when we see a
9726 user attribute packet.
9728 g10: Simplify some complicated boolean expressions.
9729 * g10/getkey.c (finish_lookup): Simplify logic.
9731 g10: Also mark revoked and expired keys as unusable.
9732 * g10/getkey.c (skip_unusable): Also mark the key as unusable if it
9733 has been revoked or has expired.
9735 g10: Release resources when returning an error in get_seckey.
9736 * g10/getkey.c (get_seckey): If the key doesn't have a secret key,
9739 g10: Improve documentation and comments for getkey.c.
9740 * g10/getkey.c: Improve documentation and comments for most
9741 functions. Move documentation for public functions from here...
9742 * g10/keydb.h: ... to here.
9744 g10: Remove unused function have_any_secret_key.
9745 * g10/getkey.c (have_any_secret_key): Remove function.
9747 g10: Bring cache semantics closer to non-cache semantics.
9748 * g10/getkey.c (get_pubkey_fast): When reading from the cache, only
9749 consider primary keys.
9751 g10: Break out of the loop earlier.
9752 * g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
9753 key or subkey, stop searching.
9755 g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
9756 * g10/getkey.c (lookup): Also don't skip legacy keys if the search
9757 mode is KEYDB_SEARCH_MODE_NEXT.
9759 g10: Remove unused function get_seckeyblock_byfprint.
9760 * g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
9761 * g10/getkey.c (get_seckeyblock_byfprint): Remove function.
9763 g10: Remove unused function get_seckey_byfprint.
9764 * g10/keydb.h (get_seckey_byfprint): Remove prototype.
9765 * g10/getkey.c (get_seckey_byfprint): Remove function.
9767 g10: Simplify get_seckey_byname: it was never called with NAME not NULL.
9768 * g10/keydb.h (get_seckey_byname): Rename from this...
9769 (get_seckey_default): ... to this. Drop the parameter name. Update
9771 * g10/getkey.c (get_seckey_byname): Rename from this...
9772 (get_seckey_default): ... to this. Drop the parameter name. Drop the
9773 code which assumed that NAME is not NULL.
9775 g10: Eliminate the redundant function get_keyblock_byfprint.
9776 * g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
9777 of this function with get_pubkey_byfprint.
9778 * g10/getkey.c (get_pubkey_byname): Remove function.
9780 g10: Simplify semantics of get_pubkey_byname.
9781 * g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
9782 the keyblock in R_KEYBLOCK independent of whether PK is set or not.
9784 g10: Eliminate the redundant function get_pubkey_byname.
9785 * g10/getkey.c (get_pubkey_byname): Remove function.
9786 (lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.
9788 g10: Eliminate the redundant function get_pubkey_end.
9789 * g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of
9790 function with getkey_end.
9791 * g10/getkey.c (get_pubkey_byname): Remove function.
9793 g10: Eliminate the redundant function get_pubkey_next.
9794 * g10/keydb.h (get_pubkey_next): Remove prototype.
9795 * g10/getkey.c (get_pubkey_next): Remove function.
9796 * g10/keylist.c (locate_one): Use getkey_next instead of
9799 kbx: Change skipfnc's prototype so that we can provide all information.
9800 * kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
9801 third parameter to be the index of the user id packet in the keyblock
9802 rather than the packet itself. Update users.
9804 g10: Remove unused prototype (get_pubkey_byfpr).
9805 * g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.
9807 g10: Remove unused function (get_pubkey_bynames).
9808 * g10/keydb.h (get_pubkey_bynames): Remove prototype.
9809 * g10/getkey.c (get_pubkey_bynames): Remove function.
9811 g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
9812 * g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
9813 (lookup): Add argument ret_found_key. If not NULL, set it to the
9814 found key. Update callers.
9815 (pk_from_block): Add argument found_key. Use it instead of
9816 CTX->FOUND_KEY. Update callers.
9817 (finish_lookup): Return a KBNODE (the found key) instead of an int.
9818 Don't set CTX->FOUND_KEY. Return the found key instead.
9820 g10: Remove unused field struct getkey_ctx_s.kbpos.
9821 * g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
9822 (getkey_end): Don't clear CTX->KBPOS.
9824 g10: Simplify code: remove field struct getkey_ctx_s.keyblock.
9825 * g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
9826 (finish_lookup): Add parameter keyblock. Update caller to pass this.
9827 (lookup): Add new local variable keyblock. Use this instead of
9828 ctx->keyblock for referencing the keyblock.
9830 2015-09-16 NIIBE Yutaka <gniibe@fsij.org>
9832 agent: Fix registering SSH Key of Ed25519.
9833 * agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.
9835 2015-09-15 NIIBE Yutaka <gniibe@fsij.org>
9837 po: Update Japanese translation.
9839 2015-09-10 Werner Koch <wk@gnupg.org>
9843 tests: Silence the 5gb-packet test.
9844 * tests/openpgp/4gb-packet.test: Send output to /dev/null.
9846 g10: Fix make distcheck problem.
9847 * g10/test.c: Include string.h.
9848 (prepend_srcdir): New. Taken from Libgcrypt.
9850 * g10/t-keydb.c (do_test): Malloc the filename.
9851 * g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
9852 (EXTRA_DIST): Add t-keydb-keyring.kbx.
9854 g10: Improve portability of the new test driver.
9855 * g10/test.c: Include stdio.h and stdlib.h.
9857 (print_results): Rename to exit_tests.
9858 (main): Remove atexit and call exit_tests. Set verbose.
9859 (ASSERT, ABORT): Call exit_tests instead of exit.
9861 2015-09-09 Werner Koch <wk@gnupg.org>
9863 dirmngr: Allow sending much larger keyblocks.
9864 * dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
9865 (MAX_KEYBLOCK_LENGTH): Increase to 20M.
9867 2015-09-07 NIIBE Yutaka <gniibe@fsij.org>
9869 scd: Force key attribute change for writekey.
9870 * scd/app-openpgp.c (change_rsa_keyattr): New.
9871 (change_keyattr_from_string): Use change_rsa_keyattr.
9872 (rsa_writekey): Call change_rsa_keyattr when different size.
9873 (ecc_writekey): Try to change key attribute.
9876 * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
9877 (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
9878 (compare_fingerprint, check_against_given_fingerprint): KEYNO starts
9881 2015-09-02 Neal H. Walfield <neal@g10code.com>
9883 g10: Remove unused field req_algo.
9884 * g10/packet.h (PKT_public_key): Remove unused field req_algo. Remove
9886 * g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
9889 g10: Use a symbolic constant instead of a literal.
9890 * g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
9891 (new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
9892 (release_key_hash_table): Likewise.
9893 (test_key_hash_table): Likewise.
9894 (add_key_hash_table): Likewise.
9896 g10: Add test for keydb as well as new testing infrastructure.
9897 * g10/Makefile.am (EXTRA_DIST): Add test.c.
9898 (AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
9899 (module_tests): Add t-keydb.
9900 (t_keydb_SOURCES): New variable.
9901 (t_keydb_LDADD): Likewise.
9902 * g10/t-keydb.c: New file.
9903 * g10/t-keydb-keyring.kbx: New file.
9904 * g10/test-stubs.c: New file.
9905 * g10/test.c: New file.
9907 g10: Make the keyblock cache per-handle rather than global.
9908 * g10/keydb.c (keyblock_cache): Don't declare this variable. Instead...
9909 (struct keyblock_cache): ... turn its type into this first class
9911 (struct keydb_handle): ... and instantiate it once per database
9912 handle. Update all users.
9913 (keydb_rebuild_caches): Don't invalidate the keyblock cache.
9915 g10: If iobuf_seek fails when reading from the cache, do a hard read.
9916 * g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
9917 reading from the cache, then simply clear the cache and try reading
9920 iobuf: Reduce verbosity of test.
9921 * common/t-iobuf.c (main): Reduce verbosity.
9923 iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
9924 * common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
9925 * common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
9926 IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer. Assert that LENGTH ==
9928 (iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
9929 filter an IOBUF_INPUT filter and set its buffer size to
9931 (underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
9932 remove already read data.
9933 (iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
9935 (iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
9936 (pop_filter): Allow USE == IOBUF_INPUT_TEMP.
9937 (iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
9938 (iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
9939 (iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
9940 (iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
9941 (iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.
9943 iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
9944 * common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
9945 IOBUF_OUTPUT_TEMP. Update users.
9947 iobuf: Use a first-class enum.
9948 * common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
9949 (struct iobuf_struct): Change the field use's type to it.
9952 * common/t-iobuf.c (content_filter): If there is nothing to read,
9953 don't forget to set *LEN to 0.
9956 2015-09-01 Werner Koch <wk@gnupg.org>
9958 agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
9959 * agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.
9961 gpg: Remove option --no-sig-create-check.
9962 * g10/gpg.c (opts): Remove --no-sig-create-check.
9963 * g10/options.h (struct opt): Remove field no_sig_create_check.
9964 * g10/sign.c (do_sign): Always check unless it is RSA and we are using
9967 common: Assume an utf-8 locale on iconv errors.
9968 * common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.
9970 common: Fix regression in building argpase.c standalone.
9971 * common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.
9973 2015-08-31 Neal H. Walfield <neal@g10code.com>
9975 g10: Don't leak memory if we fail to initialize a new database handle.
9976 * g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
9977 correctly release all resources.
9979 g10: Improve interface documentation of the keydb API.
9980 * g10/keydb.c: Improve code comments and documentation of internal
9981 interfaces. Improve documentation of public APIs and move that to...
9982 * g10/keydb.h: ... this file.
9984 g10: Don't cache search results if the search didn't scan the whole DB.
9985 * g10/keydb.c (struct keydb_handle): Add new field is_reset.
9986 (keydb_new): Initialize hd->is_reset to 1.
9987 (keydb_locate_writable): Set hd->is_reset to 1.
9988 (keydb_search): Set hd->is_reset to 0. Don't cache a key not found if
9989 the search started from the beginning of the database.
9991 g10: Have keydb_search_first call keydb_search_reset before searching.
9992 * g10/keydb.c (keydb_search_first): Reset the handle before starting
9995 g10: Remove unused parameter.
9996 * g10/keydb.h (keydb_locate_writable): Remove unused parameter
9997 reserved. Update users.
9999 2015-08-31 NIIBE Yutaka <gniibe@fsij.org>
10001 agent: Fix SSH public key for EdDSA.
10002 * agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.
10004 2015-08-26 Neal H. Walfield <neal@g10code.com>
10006 g10: Simplify cache. Only include data that is actually used.
10007 * g10/keydb.c (struct kid_list_s): Rename from this...
10008 (struct kid_not_found_cache_bucket): ... to this. Update users.
10009 Remove field state.
10010 (kid_list_t): Remove type.
10011 (KID_NOT_FOUND_CACHE_BUCKETS): Define. Use this instead of a literal.
10012 (kid_found_table): Rename from this...
10013 (kid_not_found_cache_bucket): ... to this. Update users.
10014 (kid_found_table_count): Rename from this...
10015 (kid_not_found_cache_count): ... to this. Update users.
10016 (kid_not_found_p): Only return whether a key with the specified key id
10017 is definitely not in the database.
10018 (kid_not_found_insert): Remove parameter found. Update callers.
10019 (keydb_search): Only insert a key id in the not found cache if it is
10020 not found. Rename local variable once_found to already_in_cache.
10022 2015-08-25 Werner Koch <wk@gnupg.org>
10024 Add configure option --enable-build-timestamp.
10025 * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
10027 gpg: Emit ERROR status for key signing failures.
10028 * g10/keyedit.c (sign_uids): Write an ERROR status for a signing
10030 (menu_adduid, menu_addrevoker, menu_revsig): Ditto.
10031 (menu_revuid, menu_revkey, menu_revsubkey): Ditto.
10033 gpg: Print a new FAILURE status after most commands.
10034 * common/status.h (STATUS_FAILURE): New.
10035 * g10/cpr.c (write_status_failure): New.
10036 * g10/gpg.c (main): Call write_status_failure for all commands which
10037 print an error message here.
10038 * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
10039 set the pinentry mode.
10041 2015-08-24 Neal H. Walfield <neal@g10code.com>
10043 agent: Raise the maximum password length. Don't hard code it.
10044 * agent/agent.h (MAX_PASSPHRASE_LEN): Define.
10045 * agent/command-ssh.c (ssh_identity_register): Use it instead of a
10046 hard-coded literal.
10047 * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
10048 * agent/findkey.c (unprotect): Likewise.
10049 * agent/genkey.c (agent_ask_new_passphrase): Likewise.
10051 2015-08-24 Werner Koch <wk@gnupg.org>
10053 sm: Support secret key export via the Assuan interface.
10054 * sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.
10056 2015-08-23 Werner Koch <wk@gnupg.org>
10058 dirmngr: Allow sending of Zack's key.
10059 * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.
10061 gpg: Fix regression in packet parser from Aug 19.
10062 * g10/parse-packet.c (parse): Use an int to compare to -1. Use
10065 gpg: Show not found keys with --locate-key --verbose.
10066 * g10/keylist.c (locate_one): Print a diagnostic for a not-found key.
10068 2015-08-21 Neal H. Walfield <neal@g10code.com>
10070 common: Don't incorrectly reject 4 GB - 1 sized packets.
10071 * g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
10072 Add the constraint that the type must be 63.
10073 * kbx/keybox-openpgp.c (next_packet): Likewise.
10074 * tests/openpgp/4gb-packet.asc: New file.
10075 * tests/openpgp/4gb-packet.test: New file.
10076 * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
10077 (TEST_FILES): Add 4gb-packet.asc.
10079 common: Don't assume on-disk layout matches in-memory layout.
10080 * g10/packet.h (PKT_signature): Change revkey's type from a struct
10081 revocation_key ** to a struct revocation_key *. Update users.
10083 common: Don't incorrectly copy packets with partial lengths.
10084 * g10/parse-packet.c (parse): We don't handle copying packets with a
10085 partial body length to an output stream. If this occurs, log an error
10088 common: Check parameters more rigorously.
10089 * g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
10091 (copy_all_packets): Likewise.
10093 common: Don't continuing processing on error.
10094 * g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
10096 (parse_packet): Likewise.
10097 (dbg_search_packet): Likewise.
10098 (search_packet): Likewise.
10100 common: Better respect the packet's length when reading it.
10101 * g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
10102 underflow. Be more careful that a read doesn't read more data than
10103 PKTLEN says is available.
10105 2015-08-20 Werner Koch <wk@gnupg.org>
10107 po: Add lost translation of validity strings.
10108 * po/POTFILES.in (trust.c): Add missing file.
10109 * po/de.po: Changed German validity strings.
10110 * doc/help.de.txt: Ditto.
10112 2015-08-20 Neal H. Walfield <neal@g10code.com>
10114 g10/parse-packet.c:parse: Try harder to not ignore an EOF.
10115 * g10/parse-packet.c (parse): Be more robust: make sure to process any
10118 g10/parse-packet.c: Replace literal with symbolic expression.
10119 * g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
10122 Add documentation for g10/parse-packet.c.
10123 * g10/packet.h: Add documentation for functions defined in
10125 * g10/parse-packet.c: Improve comments for many functions.
10127 g10/packet.h: Remove unused argument from enum_sig_subpkt.
10128 * g10/packet.h (enum_sig_subpkt): Remove argument RET_N. Update
10130 * g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.
10132 g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
10133 * g10/parse-packet.c (mpi_read): Improve documentation. Correctly
10134 handle an EOF. On overflow, correctly return the number of bytes read
10137 common/iobuf.c: Make control flow more obvious.
10138 * common/iobuf.c (iobuf_read): Make control flow more obvious.
10139 (iobuf_get_filelength): Likewise.
10140 (iobuf_get_fd): Likewise.
10141 (iobuf_seek): Likewise.
10143 common/iobuf.c: Add some sanity checks to catch programmer bugs.
10144 * common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
10145 (iobuf_readbyte): Check that A is an input filter. Check that the
10146 amount of read data is at most the amount of buffered data.
10147 (iobuf_read): Check that A is an input filter.
10148 (iobuf_writebyte): Check that A is not an input filter.
10149 (iobuf_writestr): Check that A is not an input filter.
10150 (iobuf_flush_temp): Check that A is not an input filter.
10152 common/iobuf.c:iobuf_write_temp: Elide redundant code.
10153 * common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp.
10156 common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte
10157 * common/iobuf.c (iobuf_write): Don't write a byte at a time. Use
10160 common/iobuf: Improve documentation and code comments.
10161 common/iobuf.h: Improve documentation and code comments.
10162 common/iobuf.c: Likewise.
10164 common/iobuf.c: Adjust buffer size of filters in front of temp filters.
10165 * common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
10166 filter, use IOBUF_BUFFER_SIZE for the new filter.
10168 common/iobuf.c: Buffered data should not be processed by new filters.
10169 * common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
10170 temp pipeline, the new filter shouldn't assume ownership of the old
10171 head's internal buffer: the data was written before the filter was
10173 * common/t-iobuf.c (double_filter): New function.
10174 (main): Add test cases for the above bug.
10176 common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
10177 * common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
10178 pipeline and copy the data from the last (not the first) filter's
10181 common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
10182 * common/iobuf.c (do_open): New function, which is a generalization of
10183 iobuf_open, iobuf_Create, iobuf_openrw.
10184 (iobuf_open): Call do_open.
10185 (iobuf_create): Likewise.
10186 (iobuf_openrw): Likewise.
10188 common/iobuf.h: Remove iobuf_open_fd_or_name.
10189 * common/iobuf.h (iobuf_open_fd_or_name): Remove prototype. Replace
10190 use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
10191 * common/iobuf.c (iobuf_open): Remove function.
10193 common/iobuf.c: Rename iobuf_flush and make it a static function.
10194 * common/iobuf.h (iobuf_flush): Remove prototype.
10195 * common/iobuf.c (filter_flush): New static prototype.
10196 (iobuf_flush): Rename...
10197 (filter_flush): ... to this. Make static. Simplify code. Update
10200 common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
10201 * common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
10202 freeing a filter fails. This needs to a memory leak. Instead, keep
10203 freeing and return the error code of the first filter that fails.
10205 common/iobuf.c: Improve iobuf_peek.
10206 * common/iobuf.c (underflow): Take additional parameter
10207 clear_pending_eof. If not set, don't clear a pending eof when
10208 returning EOF. Update callers.
10209 (iobuf_peek): Fill the internal buffer, if needed, to be able to
10210 better satisfy any request.
10212 common/iobuf.c: When requested, fill the buffer even if it is not empty.
10213 * common/iobuf.c (underflow): Don't require that the buffer be empty.
10214 When called, fill any available space.
10216 common/t-iobuf.c: Add a test case for multiple EOFs.
10217 common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
10220 common/iobuf.c: Better respect boundary conditions in iobuf_read_line.
10221 * common/iobuf.c (iobuf_read_line): Be more careful with boundary
10223 * common/iobuf.h: Include <gpg-error.h>.
10224 * common/t-iobuf.c: New file.
10225 * common/Makefile.am (module_tests): Add t-iobuf.
10226 (t_mbox_util_LDADD): New variable.
10228 common/iobuf.c: Fix filter type for iobuf_temp_with_content.
10229 * common/iobuf.c (iobuf_temp_with_content): Set the filter type to
10230 IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
10231 write into a dynamic buffer.
10233 common/iobuf.h: Remove unimplemented prototypes.
10234 * common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
10235 (iobuf_clear_eof): Likewise.
10236 (iobuf_append): Likewise.
10238 common/iobuf.c: Refactor code to not need the desc field.
10239 * common/iobuf.h (struct iobuf_struct): Remove field desc.
10240 * common/iobuf.c (iobuf_desc): New function. When a filter's
10241 description is needed, use this instead of the filter's desc field.
10243 common/iobuf.h: Clarify semantics of nofast. Simplify implementation.
10244 * common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
10245 Simplify use of nofast to implement just these semantics.
10247 common/iobuf.c: Remove dead code (directfp).
10248 * common/iobuf.h (struct iobuf_struct): Remove field directfp. Remove
10251 common/iobuf.c: Remove dead code (opaque).
10252 * common/iobuf.h (struct iobuf_struct): Remove field opaque. Remove
10255 common/iobuf.h: Replace further use of literals with symbolic constants.
10256 * common/iobuf.c: Move BLOCK_FILTER_INPUT,
10257 BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
10258 * common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
10259 and IOBUF_TEMP, respectively. Where appropriate, use these macros
10260 instead of a literal.
10262 2015-08-17 Werner Koch <wk@gnupg.org>
10264 gpg: Avoid linking to Libksba.
10265 * kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
10266 * sm/Makefile.am (AM_CPPFLAGS): Define it here.
10267 (common_libs): Change to libkeybox509.a
10268 * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
10269 (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
10270 * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
10271 (libkeybox509_a_SOURCES): New.
10272 (libkeybox_a_CFLAGS): New.
10273 (libkeybox509_a_CFLAGS): New.
10274 (kbxutil_CFLAGS): New.
10275 * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
10278 2015-08-16 Ben Kibbey <bjk@luxsci.net>
10280 Fix pinentry loopback and passphrase contraints.
10281 * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
10282 pinentry loopback mode.
10283 * agent/genkey.c (check_passphrase_constraints): Immediately return when
10284 pinentry mode is loopback.
10286 Fix sending INQUIRE_MAXLEN for symmetric data.
10287 * g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
10289 2015-08-15 Ben Kibbey <bjk@luxsci.net>
10291 Inform a user about inquire length limit.
10292 * common/status.h (INQUIRE_MAXLEN): New.
10293 * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
10294 client when inquiring a passphrase over pinentry-loopback.
10296 Allow --gen-key to inquire a passphrase.
10297 * g10/gpg.c (main): test for --command-fd during --gen-key parse.
10299 When --command-fd is set then imply --batch to let gpg inquire a
10300 passphrase rather than requiring a pinentry.
10302 2015-08-11 Werner Koch <wk@gnupg.org>
10306 2015-08-10 NIIBE Yutaka <gniibe@fsij.org>
10308 agent: fix ECC key handling.
10309 * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
10310 (convert_transfer_key): CURVE is the name of curve.
10312 2015-08-08 Neal H. Walfield <neal@g10code.com>
10314 common/iobuf.c: Replace use of literals with symbolic constants.
10315 * common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use
10316 this instead of a literal.
10317 (BLOCK_FILTER_OUTPUT): Likewise.
10318 (BLOCK_FILTER_TEMP): Likewise.
10320 2015-08-07 Werner Koch <wk@gnupg.org>
10322 gpg: Allow gpgv to work with a trustedkeys.kbx file.
10323 * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
10324 * g10/keydb.c (keydb_add_resource): Take care of new flag.
10325 * g10/gpgv.c (main): Use new flag.
10327 agent: Add option --force to the DELETE_KEY command.
10328 * agent/findkey.c (agent_delete_key): Add arg "force".
10329 * agent/command.c (cmd_delete_key): Add option --force.
10331 common: Change alias for Curve25519 to "cv25519".
10332 * common/openpgp-oid.c (oidtable): Change alias.
10334 2015-08-06 Werner Koch <wk@gnupg.org>
10336 gpg: Remove duplicated printing of the curve name in "sub" lines.
10337 * g10/keylist.c (list_keyblock_print): Do not print extra curve name.
10339 gpg: Add commands "fpr *" and "grip" to --edit-key.
10340 * g10/keyedit.c (cmdGRIP): New.
10341 (cmds): Add command "grip".
10342 (keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
10343 (keyedit_menu) <cmdGRIP>: Print keygrip.
10344 (show_key_and_fingerprint): Add arg "with_subkeys".
10345 (show_key_and_grip): New.
10346 * g10/keylist.c (print_fingerprint): Add mode 4.
10348 gpg: Adjust UID line indentation for common key algos.
10349 * g10/keylist.c (list_keyblock_print): Change UID line indentation
10350 * g10/mainproc.c (list_node): Ditto.
10352 2015-08-06 NIIBE Yutaka <gniibe@fsij.org>
10354 Curve25519 support.
10355 * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
10356 (convert_secret_key, convert_transfer_key): Ditto.
10357 * common/openpgp-oid.c (oidtable): Add Curve25519.
10358 (oid_crv25519, openpgp_oid_is_crv25519): New.
10359 * common/util.h (openpgp_oid_is_crv25519): New.
10360 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
10361 with Montgomery curve which uses x-only coordinate.
10362 * g10/keygen.c (gen_ecc): Handle Curve25519.
10363 (ask_curve): Change the API and second arg is to return subkey algo.
10364 (generate_keypair, generate_subkeypair): Follow chage of ask_curve.
10365 * g10/keyid.c (keygrip_from_pk): Handle Curve25519.
10366 * g10/pkglue.c (pk_encrypt): Handle Curve25519.
10367 * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
10368 * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
10369 (send_key_attr): Work with general ECC, Ed25519, and Curve25519.
10370 (get_public_key): Likewise.
10371 (ecc_writekey): Handle flag_djb_tweak.
10373 common: extend API of openpgp_oid_to_curve for canonical name.
10374 * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
10375 * common/util.h: Update.
10376 * g10/import.c (transfer_secret_keys): Follow the change.
10377 * g10/keyid.c (pubkey_string): Likewise.
10378 * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
10379 * parse-packet.c (parse_key): Likewise.
10380 * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
10382 2015-08-05 NIIBE Yutaka <gniibe@fsij.org>
10385 * scd/app-openpgp.c (ecc_oid): Call with OIDBUF.
10387 scd: Fix ECC support.
10388 * scd/app-openpgp.c (send_key_attr): Send KEYNO.
10389 (get_public_key): Fix SEXP composing.
10390 (ecc_writekey): Fix OID length calculation.
10391 (ecc_oid): Prepend the length before query.
10392 (parse_algorithm_attribute): Handle the case the curve is not available.
10394 2015-08-04 Werner Koch <wk@gnupg.org>
10396 gpg: Fix duplicate key import due to legacy key in keyring.
10397 * g10/keydb.c (keydb_search_fpr): Skip legacy keys.
10399 gpg: Properly handle legacy keys while looking for a secret key.
10400 * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
10402 2015-07-31 Werner Koch <wk@gnupg.org>
10404 gpg: Fix endless loop for expired keys given by fpr.
10405 * g10/getkey.c (lookup): Disable keydb caching when continuing a
10408 2015-07-29 Werner Koch <wk@gnupg.org>
10410 gpg: Do not return "Legacy Key" from lookup if a key is expired.
10411 * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
10413 gpg: Indicate secret keys and cards in a key-edit listing.
10414 * g10/keyedit.c (sign_uids): Add arg "ctrl".
10415 (show_key_with_all_names_colon): Ditto.
10416 (show_key_with_all_names): Ditto.
10418 * g10/keyedit.c (show_key_with_all_names): Print key record
10419 indicators by checking with gpg-agent.
10420 (show_key_with_all_names): Ditto. May now also print sec/sbb.
10422 2015-07-28 Werner Koch <wk@gnupg.org>
10424 gpg: Remove the edit-key toggle command.
10425 * g10/keyedit.c (cmds): Remove helptext from "toggle".
10426 (keyedit_menu): Remove "toggle" var and remove the sub/pub check
10429 common,w32: Avoid unused var warning about msgcache.
10430 * common/i18n.c (USE_MSGCACHE): New.
10431 (msgcache) [!USE_MSGCACHE]: Do not define.
10432 (i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.
10434 w32: Try more places to find an installed Pinentry.
10435 * common/homedir.c (get_default_pinentry_name): Re-implement to
10436 support several choices for Windows.
10438 2015-07-26 Werner Koch <wk@gnupg.org>
10440 scd: Fix size_t/unsigned int mismatch.
10441 * scd/app-openpgp.c (ecc_writekey): Use extra var n.
10443 Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
10444 * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
10445 libgpg-error < 1.20.
10446 * common/mischelp.h: Ditto.
10447 * common/types.h: Ditto.
10449 2015-07-25 NIIBE Yutaka <gniibe@fsij.org>
10451 scd: support any curves defined by libgcrypt.
10452 * g10/call-agent.h (struct agent_card_info_s): Add curve field.
10453 * g10/call-agent.c (learn_status_cb): Use curve name.
10454 * g10/card-util.c (card_status): Show pubkey name.
10455 * scd/app-openpgp.c (struct app_local_s): Record OID and flags.
10456 (store_fpr): Use ALGO instead of key type.
10457 (send_key_attr): Use curve name instead of OID.
10458 (get_public_key): Clean up by OID to curve name.
10459 (ecc_writekey): Support any curves in libgcrypt.
10460 (do_genkey, do_auth, ): Follow the change.
10462 (parse_algorithm_attribute): Show OID here.
10464 2015-07-23 Peter Wu <peter@lekensteyn.nl>
10466 build: ignore scissor line for the commit-msg hook.
10467 * build-aux/git-hooks/commit-msg: Stop processing more lines when the
10468 scissor line is encountered.
10470 2015-07-23 NIIBE Yutaka <gniibe@fsij.org>
10472 scd: Format change to specify "rsa2048" for KEY-ATTR.
10473 * g10/card-util.c (do_change_keysize): Put "rsa".
10474 * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
10475 Change the command format.
10476 (rsa_writekey): Check key type.
10477 (do_writekey): Remove "ecdh" and "ecdsa" support which was available
10478 in experimental libgcrypt before 1.6.0.
10480 2015-07-22 Werner Koch <wk@gnupg.org>
10482 Avoid a leading double slash in make_filename.
10483 * common/stringhelp.c (do_make_filename): Special case leading '/'.
10485 2015-07-21 NIIBE Yutaka <gniibe@fsij.org>
10487 scd: change_keyattr_from_string for ECC.
10488 * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
10490 (rsa_writekey): Don't change key attribute.
10492 2015-07-17 NIIBE Yutaka <gniibe@fsij.org>
10494 scd: Use openpgpdefs.h for constants.
10495 * scd/app-openpgp.c: Include openpgpdefs.h.
10497 2015-07-16 Neal H. Walfield <neal@g10code.com>
10499 Don't segfault if the first 'auto-key-locate' option is 'clear'.
10500 * g10/getkey.c (free_akl): If AKL is NULL, just return.
10502 2015-07-10 NIIBE Yutaka <gniibe@fsij.org>
10504 agent: Support non-NLS build.
10505 * agent/agent.h: Use ENABLE_NLS and define L_() macro.
10507 2015-07-09 NIIBE Yutaka <gniibe@fsij.org>
10509 scd: Remove unused files.
10510 * scd/Makefile.am (sc_copykeys_*): Remove.
10511 * scd/sc-copykeys.c: Remove.
10512 * scd/pcsc-wrapper.c: Remove.
10513 * scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.
10515 2015-07-08 NIIBE Yutaka <gniibe@fsij.org>
10517 g10: Use canonical name for curve.
10518 * g10/import.c (transfer_secret_keys): Use canonical name.
10519 * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
10520 * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
10521 * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
10522 * g10/parse-packet.c (parse_key): Ditto.
10524 2015-07-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
10526 drop long-deprecated gpgsm-gencert.sh.
10527 * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is
10528 fully replaced by gpgsm --gen-key
10529 * doc/tools.texi: remove gpgsm-gencert.sh documentation
10530 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
10531 * doc/Makefile.am: quit making the manpage
10532 * tools/Makefile.am: quit distributing the script
10533 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
10534 gpgsm --gen-key and tweak explanations
10536 2015-07-02 NIIBE Yutaka <gniibe@fsij.org>
10538 po: Update Japanese translation.
10540 scd: Support AES decryption for OpenPGPcard v3.0.
10541 * scd/app-openpgp.c (do_decipher): Support AES decryption.
10543 2015-07-01 Werner Koch <wk@gnupg.org>
10547 2015-07-01 Daiki Ueno <ueno@gnu.org>
10549 agent: Unset INSIDE_EMACS on gpg-agent startup.
10550 * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.
10552 2015-07-01 Werner Koch <wk@gnupg.org>
10554 common: Implement i18n_localegettext.
10555 * common/i18n.c (msg_cache_s, msg_cache_head_s): New.
10557 (i18n_localegettext): Implement locale dependent lookup.
10559 2015-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
10561 Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
10562 * common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
10564 2015-06-30 Werner Koch <wk@gnupg.org>
10566 Flag the L_() function with attribute format_arg.
10567 * agent/agent.h (LunderscorePROTO): New.
10568 * common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
10569 * common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
10570 i18n_localegettext. Expand LunderscorePROTO.
10571 * agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
10572 again to keep the old translations.
10574 agent: Use different translation func for Pinentry strings.
10575 * po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
10576 * common/i18n.c (i18n_localegettext): New stub.
10577 * common/i18n.h: Expand the LunderscoreIMPL macro.
10578 * agent/agent.h (L_): New.
10579 (LunderscoreIMPL): New.
10580 * agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
10582 * agent/findkey.c (try_unprotect_cb): Add local var ctrl.
10583 * agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
10584 by xtrystrdup to avoid gcc warning. Unfortinately this changes the
10586 (agent_ask_new_passphrase): Cleanup the use of initial_errtext.
10588 gpg: Make show-sig-subpackets work again.
10589 * g10/gpg.c (parse_list_options): Fix offset for subpackets.
10591 2015-06-29 Werner Koch <wk@gnupg.org>
10593 agent: Prepare for Libassuan with Cygwin support.
10594 * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call
10595 assuan_sock_set_flag if Assuan version is recent enough.
10596 (main): Create ssh server socket with Cygwin flag set.
10598 2015-06-29 Neal H. Walfield <neal@gnu.org>
10600 Show passphrase constraints errors as password prompt errors.
10601 * agent/agent.h (check_passphrase_constraints): Add parameter
10602 failed_constraint and remove parameter silent. Update callers.
10603 * agent/genkey.c (check_passphrase_constraints): Add parameter
10604 failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
10605 is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
10606 error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
10607 or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
10609 (agent_ask_new_passphrase): Change initial_errtext's type from a const
10610 char * to a char *. Pass it to check_passphrase_constraints. If it
10611 contains malloc's memory, free it.
10613 2015-06-29 Neal H. Walfield <neal@g10code.com>
10615 Improve documentation for default-cache-ttl and default-cache-ttl-ssh.
10616 * doc/gpg-agent.texi (Agent Options): Improve documentation for
10617 default-cache-ttl and default-cache-ttl-ssh.
10619 Don't raise max-cache-ttl to default-cache-ttl.
10620 * agent/gpg-agent.c (finalize_rereadable_options): Don't raise
10621 max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh
10622 and default-cache-ttl-ssh.
10624 Improve the description of old packets with an indeterminate length.
10625 * g10/parse-packet.c (parse): Make the description more accurate when
10626 listing packets: old format packets don't support partial lengths,
10627 only indeterminate lengths (RFC 4880, Section 4.2).
10629 2015-06-29 Werner Koch <wk@gnupg.org>
10631 agent: Add --verify to the PASSWD command.
10632 * agent/command.c (cmd_passwd): Add option --verify.
10634 agent,w32: Do not create a useless socket with --enable-putty-support.
10635 * agent/agent.h (opt): Remove field ssh_support.
10636 * agent/gpg-agent.c (ssh_support): New. Replace all opt.ssh_support
10638 (main): Do not set ssh_support along with setting putty_support.
10640 gpgsm: Add command option "offline".
10641 * sm/server.c (option_handler): Add "offline".
10642 (cmd_getinfo): Ditto.
10643 * sm/certchain.c (is_cert_still_valid):
10644 (do_validate_chain):
10645 * sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
10646 of --disable-dirmngr.
10647 * sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
10650 2015-06-26 NIIBE Yutaka <gniibe@fsij.org>
10652 scd: Support button flag and AES key data for OpenPGPcard v3.0.
10653 * scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
10654 Support button and symmetric decryption.
10655 (do_setattr): Support setting AESKEY.
10657 2015-06-25 Andre Heinecke <aheinecke@intevation.de>
10659 sm: Fix cert storage for ephemeral certs.
10660 * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
10661 existing certs if store should not be ephemeral.
10663 2015-06-23 Werner Koch <wk@gnupg.org>
10665 Allow use of debug flag names for all tools.
10666 * g13/g13.c: Make use of debug_parse_flag.
10667 * scd/scdaemon.c: Ditto.
10668 * sm/gpgsm.c: Ditto
10669 * agent/gpg-agent.c: Ditto. But do not terminate on "help"
10670 * dirmngr/dirmngr.c: Ditto.
10672 common: Improve fucntion parse_debug_flag.
10673 * common/miscellaneous.c (parse_debug_flag): Add hack not to call
10674 exit. Add "none" and "all" flags.
10676 2015-06-23 NIIBE Yutaka <gniibe@fsij.org>
10678 scd: pinpad workaround for PC/SC implementations.
10679 * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
10680 for TPDU card reader.
10682 2015-06-22 Werner Koch <wk@gnupg.org>
10684 gpg: Allow debug flag names for --debug.
10685 * g10/gpg.c (opts): Change arg for oDebug to a string.
10686 (debug_flags): New; factored out from set_debug.
10687 (set_debug): Remove "--debug-level help". Use parse_debug_flag to
10688 print the used flags.
10689 (main): Use parse_debug_flag for oDebug.
10691 common: Add function parse_debug_flag.
10692 * common/miscellaneous.c (parse_debug_flag): New.
10693 * common/util.h (struct debug_flags_s): New.
10695 common: Add function strtokenize.
10696 * common/stringhelp.c: Include assert.h.
10697 (strtokenize): New.
10698 * common/t-stringhelp.c (test_strtokenize): New.
10700 gpg: Fix regression due to recent commit 6500f33.
10701 * g10/keydb.c (kid_list_s): Keep a state in the table.
10702 (kid_not_found_table): Rename to kid_found_table.
10703 (n_kid_not_found_table): Rename to kid_found_table_count.
10704 (kid_not_found_p): Return found state.
10705 (kid_not_found_insert): Add arg found.
10706 (keydb_search): Store found state in the table.
10708 2015-06-22 NIIBE Yutaka <gniibe@fsij.org>
10710 scd: Fix Cherry ST-2000 support for pinpad input.
10711 * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
10712 * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
10715 2015-06-20 Werner Koch <wk@gnupg.org>
10717 gpg: Print number of good signatures with --check-sigs.
10718 * g10/keylist.c (keylist_context): Add field good_sigs.
10719 (list_keyblock_print): Updated good_sigs.
10720 (print_signature_stats): Print number of good signatures and use
10721 log_info instead of tty_printf.
10723 gpg: Improve speed of --check-sigs and --lish-sigs.
10724 * g10/keydb.c (kid_list_t): New.
10725 (kid_not_found_table, n_kid_not_found_table): New.
10726 (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
10727 (keydb_insert_keyblock): Flush the new cache.
10728 (keydb_delete_keyblock): Ditto.
10729 (keydb_update_keyblock): Ditto.
10730 (keydb_search): Use the new cache.
10731 (keydb_dump_stats): New.
10732 * g10/gpg.c (g10_exit): Dump keydb stats.
10734 2015-06-19 Werner Koch <wk@gnupg.org>
10736 gpg: Add more log_clock calls to keydb.c.
10737 * g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
10739 gpg: Print available debug flags using "--debug-level help".
10740 * g10/gpg.c (set_debug): Add "help" option and use a table for the
10743 gpg: Fix export problem in case an old keyring has PGP-2 keys.
10744 * g10/export.c (do_export_stream): Skip legacy keys.
10746 2015-06-18 Werner Koch <wk@gnupg.org>
10748 dirmngr: Fix the cleanup zombies fix (685b782).
10749 * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
10750 stdout reader after EOF from read_log_data.
10751 * dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
10752 the next iteration.
10754 2015-06-17 Werner Koch <wk@gnupg.org>
10756 agent: Print a warning for obsolete options.
10757 * g10/misc.c (obsolete_scdaemon_option): Move to
10758 * common/miscellaneous.c (obsolete_option): ... here.
10759 * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
10762 2015-06-16 Werner Koch <wk@gnupg.org>
10764 dirmngr: Cleanup zombies and fix hang on shutdown.
10765 * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
10766 into the loop. Check the queue also on timeout. Close log_fd and
10767 reader context on EOF or error.
10769 dirmngr: Avoid accessing uninitialized memory in log callback.
10770 * dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
10772 (start_connection_thread): Ditto.
10773 (handle_connections): Ditto.
10775 2015-06-16 Neal H. Walfield <neal@g10code.com>
10777 Don't prompt for the password multiple times in pinentry loopback mode.
10778 * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
10779 clear OPT.PASSPHRASE_REPEAT.
10781 2015-06-16 NIIBE Yutaka <gniibe@fsij.org>
10783 po: Update Japanese Translation.
10785 2015-06-15 Werner Koch <wk@gnupg.org>
10787 doc: Add defs.inc to BUILT_SOURCES.
10789 2015-06-11 Werner Koch <wk@gnupg.org>
10793 agent: Fix --extra-socket on Windows.
10794 * agent/gpg-agent.c (start_connection_thread): Rename to ...
10795 (do_start_connection_thread): this. Factor nonce checking out to ...
10796 (start_connection_thread_std): this,
10797 (start_connection_thread_extra): this,
10798 (start_connection_thread_browser): and this.
10800 agent: Add experimental option --browser-socket.
10801 * agent/agent.h (opt): Add field "browser_socket".
10802 * agent/command.c (cmd_setkeydesc): Use a different message for
10804 * agent/gpg-agent.c (oBrowserSocket): New.
10805 (opts): Add --browser-socket.
10806 (socket_name_browser, redir_socket_name_browser): New.
10807 (socket_nonce_browser): New.
10808 (cleanup): Cleanup browser socket.
10809 (main): Implement option.
10810 (start_connection_thread_browser): New.
10811 (handle_connections): Add arg listen_fd_browser and use it.
10813 2015-06-10 Daiki Ueno <ueno@gnu.org>
10815 agent: Add option --allow-emacs-pinentry.
10816 * agent/agent.h (opt): Add field allow_emacs_pinentry.
10817 * agent/call-pinentry.c (start_pinentry): Act upon new var.
10818 * agent/gpg-agent.c (oAllowEmacsPinentry): New.
10819 (opts): Add option --allow-emacs-pinentry.
10820 (parse_rereadable_options): Set this option.
10821 * tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
10823 2015-06-09 Werner Koch <wk@gnupg.org>
10825 doc: Do not used fixed file names in the manuals.
10826 * doc/mkdefsinc.c: New.
10827 * doc/Makefile.am: Include cmacros.am.
10828 (EXTRA_DIST): Add mkdefsinc.c defsincdate.
10829 (BUILT_SOURCES): Add defsincdate
10830 (CLEANFILES): Add mkdefsinc and defs.inc.
10831 (mkdefsinc): New rule.
10832 (yat2m-stamp): Depend on defs.inc.
10833 ($(myman_pages) gnupg.7): Ditto.
10834 (gnupg.texi): Remove rule to touch itself.
10836 (defsincdate): New.
10838 * doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc.
10839 Also include defs.inc in all files used to build man files. Change
10840 fixed directory names to those from defs.inc.
10842 dirmngr: Avoid crash due to an empty crls.d/DIR.txt.
10843 * dirmngr/crlcache.c (check_dir_version): Avoid segv.
10845 2015-06-08 Werner Koch <wk@gnupg.org>
10847 doc: Change the manual source to be only for GnuPG 2.1.
10849 Convey envvar INSIDE_EMACS to the pinentry.
10850 * common/session-env.c (stdenvnames): Add it.
10852 agent: Add command "getinfo std_env_names".
10853 * agent/command.c (cmd_getinfo): Add new sub-command.
10855 2015-06-05 NIIBE Yutaka <gniibe@fsij.org>
10857 scd: do_decipher change for OpenPGPcard v3.0.
10858 * scd/app-openpgp.c (do_decipher): Add a header for ECDH.
10860 2015-06-04 Werner Koch <wk@gnupg.org>
10862 gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c.
10863 * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
10864 * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
10865 * g10/trustdb.c (read_trust_record): Ditto.
10866 (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
10867 (tdb_update_ownertrust, update_min_ownertrust): Ditto.
10868 (tdb_clear_ownertrusts, update_validity): Ditto.
10869 (tdb_cache_disabled_value): Ditto.
10871 gpg: Cleanup error code path in case of a bad trustdb.
10872 * g10/tdbio.c (tdbio_read_record): Fix returning of the error.
10874 gpg: Fix output in case of a corrupted trustdb.
10875 * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
10877 * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
10878 list_trustdb only in verbose > 1 mode and let it dump to stderr.
10880 2015-05-29 NIIBE Yutaka <gniibe@fsij.org>
10882 scd: Fix key template of ECC.
10883 * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.
10885 2015-05-28 NIIBE Yutaka <gniibe@fsij.org>
10887 g10: Fix a race condition initially creating trustdb.
10888 * g10/tdbio.c (take_write_lock, release_write_lock): New.
10889 (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
10890 new lock functions.
10891 (tdbio_set_dbname): Fix the race.
10892 (open_db): Don't call dotlock_create.
10894 2015-05-27 NIIBE Yutaka <gniibe@fsij.org>
10896 g10: Remove g10/signal.c.
10897 * g10/signal.c: Remove.
10898 * g10/main.h: Remove old function API.
10899 * g10/tdbio.c: Use new API, even in the dead code.
10901 2015-05-20 Werner Koch <wk@gnupg.org>
10903 agent: Cleanup caching code for command GET_PASSPHRASE.
10904 * agent/command.c (cmd_get_passphrase): Read from the user cache.
10906 2015-05-19 Neal H. Walfield <neal@g10code.com>
10908 agent: When the password cache is cleared, also clear the ext. cache.
10909 * agent/agent.h (agent_clear_passphrase): New declaration.
10910 * agent/call-pinentry.c (agent_clear_passphrase): New function.
10911 * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
10913 agent: Modify agent_clear_passphrase to support an ext. password cache.
10914 * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
10915 cache_mode. Update callers.
10916 * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
10917 and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key,
10918 then send SETKEYINFO to the pinentry.
10920 2015-05-19 NIIBE Yutaka <gniibe@fsij.org>
10922 g10: detects public key encryption packet error properly.
10923 g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
10926 2015-05-15 Werner Koch <wk@gnupg.org>
10928 build: Make --disable-gpgsm work.
10929 * Makefile.am: Always build kbx/
10930 * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
10932 2015-05-12 Werner Koch <wk@gnupg.org>
10936 speedo: Add make option SELFCHECK=0 to build a new release.
10937 * build-aux/getswdb.sh: Add option --skip-selfcheck.
10938 * build-aux/speedo.mk: Add option SELFCHECK.
10940 2015-05-11 Werner Koch <wk@gnupg.org>
10942 common: Cope with AIX problem on number of open files.
10943 * common/exechelp-posix.c: Limit returned value for too hight values.
10945 gpg-connect-agent: Fix quoting of internal percent+ function.
10946 * tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
10949 agent: Add option --no-allow-external-cache.
10950 * agent/agent.h (opt): Add field allow_external_cache.
10951 * agent/call-pinentry.c (start_pinentry): Act upon new var.
10952 * agent/gpg-agent.c (oNoAllowExternalCache): New.
10953 (opts): Add option --no-allow-external-cache.
10954 (parse_rereadable_options): Set this option.
10956 agent: Add strings for use by future Pinentry versions.
10957 * agent/call-pinentry.c (start_pinentry): Add more strings.
10959 agent: Add option --debug-pinentry.
10960 * agent/gpg-agent.c (oDebugPinentry): New.
10961 (opts): Add --debug-pinentry.
10962 (parse_rereadable_options): Set that option.
10963 * agent/call-pinentry.c (start_pinentry): Pass option to
10966 2015-05-08 Werner Koch <wk@gnupg.org>
10968 gpg: Avoid cluttering stdout with trustdb info in verbose mode.
10969 * g10/trustdb.c (validate_keys): Call dump_key_array only in debug
10972 gpg: Fix wrong output in list mode.
10973 * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
10976 gpg: New command --quick-adduid.
10977 * g10/keygen.c (ask_user_id): Factor some code out to ...
10978 (uid_already_in_keyblock): new.
10979 (generate_user_id): Add arg UIDSTR. Fix leaked P.
10980 * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller.
10981 (keyedit_quick_adduid): New.
10982 * g10/gpg.c (aQuickAddUid): New.
10983 (opts): Add command --quick-adduid.
10984 (main): Implement that.
10986 gpg: Add push/pop found state feature to keydb.
10987 * g10/keydb.c (keydb_handle): Add field saved_found.
10988 (keydb_new): Init new field.
10989 (keydb_push_found_state, keydb_pop_found_state): New.
10990 * g10/keyring.c (kyring_handle): Add field saved_found.
10991 (keyring_push_found_state, keyring_pop_found_state): New.
10993 gpg: Minor code merging in keyedit.
10994 * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
10995 (fix_keyblock): New. Call fix_key_signature_order and other fix
10997 (keyedit_menu): Factor code out to new fix_keyblock.
10998 (keyedit_quick_sign): Ditto. Check for primary fpr before calling
11001 2015-05-07 Werner Koch <wk@gnupg.org>
11003 agent: Minor change for 56b5c9f.
11004 * agent/call-pinentry.c (agent_askpin): Move option setting to ...
11005 (start_pinentry): here. Fix error code check.
11007 2015-05-07 Kristian Fiskerstrand <kf@sumptuouscapital.com>
11009 dirmngr: Fix segfault in ldap engine.
11010 (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
11013 2015-05-07 Neal H. Walfield <neal@g10code.com>
11015 agent: Improve support for externally cached passwords.
11016 * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
11018 (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
11020 (agent_askpin): Pass "OPTION allow-external-password-cache" to the
11021 pinentry. Always pass SETKEYINFO to the pinentry. If there is no
11022 stable identifier, then use "--clear". If the password is incorrect
11023 and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
11024 then decrement PININFO->FAILED_TRIES.
11026 agent: Or in the value; don't overwrite the variable.
11027 * agent/call-pinentry.c (pinentry_status_cb): Or in
11028 PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.
11030 agent: Avoid magic numbers. Use more accurate names.
11031 * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
11032 (PINENTRY_STATUS_PIN_REPEATED): Likewise.
11033 (close_button_status_cb): Rename from this...
11034 (pinentry_status_cb): ... to this. Use the constants.
11035 (agent_askpin): Rename local variable from close_button to
11036 pinentry_status. Use symbolic constants rather than magic numbers.
11038 2015-05-07 Werner Koch <wk@gnupg.org>
11040 gpg: Improve 'General key info' line of --card-status.
11041 * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".
11043 * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
11044 * g10/keyid.c (keyid_from_fingerprint): Adjust for change.
11045 * g10/revoke.c (gen_desig_revoke): Adjust for change.
11046 * g10/card-util.c (card_status): Simplify by using new arg. Align
11049 * g10/card-util.c (card_status): Remove not used GnuPG-1 code.
11051 gpg: Fix regression not displaying the card serial number.
11052 * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
11054 2015-05-06 Werner Koch <wk@gnupg.org>
11056 speedo,w32: Install a native pinentry.
11057 * build-aux/speedo.mk: Always build pinentry for w32.
11058 (speedo_pkg_pinentry_configure): Adjust to modern pinentry.
11059 * build-aux/speedo/w32/inst.nsi: Install native pinentry under the
11060 name pinentry-basic.exe.
11062 2015-05-01 NIIBE Yutaka <gniibe@fsij.org>
11064 g10: fix cmp_public_key.
11065 * g10/free-packet.c (cmp_public_keys): Compare opaque
11066 data at the first entry of the array when it's unknown algo.
11068 2015-04-30 NIIBE Yutaka <gniibe@fsij.org>
11070 scd: PC/SC reader selection by partial string match.
11071 * scd/apdu.c (open_pcsc_reader_direct): Partial string match.
11073 2015-04-24 Werner Koch <wk@gnupg.org>
11075 common: Remove JNLIB from boiler plate (jnlib merge).
11076 * common/README.jnlib: Remove.
11078 common: Rename log and gcc attribute macros (jnlib merge).
11079 * common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
11080 * common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
11082 common: Remove two JNLIB_ macros (jnlib merge).
11083 * configure.ac: Merge seperate jnlib checks.
11084 (HAVE_JNLIB_LOGGING): Remove.
11085 * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
11086 Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests.
11088 common: Remove libjnlib-config.h (jnlib merge).
11089 * common/libjnlib-config.h: Remove.
11090 * common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed
11092 (getpid) [HAVE_W32CE_SYSTEM]: New. From removed header.
11093 * common/argparse.c: Include util.h and common-defs.h. Replace
11094 jnlib_ macro names for non-GNUPG builds by x* names.
11095 * common/dotlock.c: Ditto.
11096 * common/logging.c: Include util.h and common-defs.h. Replace jnlib_
11097 symbol names by x* names.
11098 * common/strlist.c: Ditto.
11099 * common/utf8conv.c: Ditto.
11100 * common/w32-reg.c: Ditto.
11101 * common/mischelp.c: Ditto. Also remove _jnlib_free.
11102 * common/stringhelp.c: Ditto.
11103 (JNLIB_LOG_WITH_PREFIX): Do not depend on this macro.
11104 * common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this
11107 2015-04-23 Werner Koch <wk@gnupg.org>
11109 gpg: Move all DNS access to Dirmngr.
11110 * common/dns-cert.h: Move to ../dirmngr/.
11111 * common/dns-cert.c: Move to ../dirmngr/. Change args to return the
11113 * common/t-dns-cert.c: Move to ../dirmngr/.
11114 * common/pka.c, common/pka.h, common/t-pka.c: Remove.
11116 * dirmngr/server.c (data_line_cookie_write): Factor code out to
11117 data_line_write and make it a wrapper for that.
11118 (data_line_write): New.
11119 (cmd_dns_cert): New.
11120 (register_commands): Register new command.
11122 * g10/Makefile.am (LDADD): Remove DNSLIBS.
11123 * g10/call-dirmngr.c (dns_cert_parm_s): New.
11124 (dns_cert_data_cb, dns_cert_status_cb): New.
11125 (gpg_dirmngr_dns_cert): New.
11126 (gpg_dirmngr_get_pka): New.
11127 * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
11128 * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
11129 gpg_dirmngr_dns_cert.
11130 (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
11131 * g10/mainproc.c: Include call-dirmngr.h.
11132 (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
11133 gpg_dirmngr_get_pka.
11135 common: Minor change of hex2str to allow for embedded nul.
11136 * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT.
11138 2015-04-23 NIIBE Yutaka <gniibe@fsij.org>
11140 common: removal of t-support.c from t_jnlib_src.
11141 * common/Makefile.am (t_jnlib_src): Remove t-support.c.
11143 2015-04-21 Werner Koch <wk@gnupg.org>
11145 gpg: Make keyserver-option http_proxy work.
11146 * g10/options.h (opt): Add field keyserver_options.http_proxy.
11147 * g10/keyserver.c (warn_kshelper_option): Add arg noisy.
11148 (parse_keyserver_options): Parse into new http_proxy field.
11149 * g10/call-dirmngr.c (create_context): Send the http-proxy option.
11151 common: Make proper use of http proxy parameter.
11152 * common/http.c (is_hostname_port): New.
11153 (send_request): Fix proxy name parsing.
11155 dirmngr: Add http proxy support for keyservers.
11156 * dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
11157 * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
11159 (dirmngr_deinit_default_ctrl): New.
11160 (main): Call dirmngr_deinit_default_ctrl.
11161 * dirmngr/server.c (start_command_handler): Ditto.
11162 (option_handler): Add option "http-proxy".
11163 * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
11164 * dirmngr/ocsp.c (do_ocsp_request): Ditto.
11165 * dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
11166 * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
11168 gpg: Do not use honor-keyserver-url sub-option by default.
11170 gpg: Make preferred keyservers work.
11171 * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
11172 (create_context): Move keyserver setting to ...
11173 (open_context): here.
11174 (clear_context_flags): New.
11175 (gpg_dirmngr_ks_get): Add arg override_keyserver.
11176 * g10/keyserver.c (keyserver_refresh): Improve diagnostics.
11177 (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get.
11179 gpg: Update sub-options of --keyserver-options.
11180 * g10/options.h (KEYSERVER_HTTP_PROXY): New.
11181 (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
11182 (KEYSERVER_TIMEOUT): New.
11183 * common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
11184 * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
11185 and "keep-temp-files". Add "http-proxy" and "timeout".
11186 (parse_keyserver_options): Remove 1.2 compatibility option
11187 "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files"
11190 2015-04-14 Werner Koch <wk@gnupg.org>
11192 agent: Send the new SETKEYINFO command to the Pinentry.
11193 * agent/call-pinentry.c (agent_askpin): Add args keyinfo and
11194 cache_mode. Change all callers to pass (NULL,0) for them. Send
11195 SETKEYINFO command.
11196 * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
11199 2015-04-14 NIIBE Yutaka <gniibe@fsij.org>
11201 scd: better handling of extended APDU.
11202 * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
11203 * scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
11204 * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard.
11205 (struct ccid_driver_s): New field of max_ccid_msglen.
11207 (parse_ccid_descriptor): Initialize max_ccid_msglen.
11208 (ccid_transceive_apdu_level): Implement sending extended APDU in
11209 chain of CCID message.
11211 2015-04-13 Werner Koch <wk@gnupg.org>
11213 gpg: Fix NULL-segv due to invalid imported data.
11214 * g10/free-packet.c (my_mpi_copy): New.
11215 (copy_public_key, copy_signature): Use instead of mpi_copy.
11217 2015-04-13 Neal H. Walfield <neal@g10code.com>
11219 dirmngr: If LDAP is not enable, don't build the LDAP bits.
11220 * dirmngr/Makefile.am (dirmngr_SOURCES): Only include
11221 ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
11223 (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
11224 * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
11226 (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
11228 (ks_action_search): Likewise.
11229 (ks_action_get): Likewise.
11230 (ks_action_put): Likewise.
11231 * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
11233 (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
11236 2015-04-13 Werner Koch <wk@gnupg.org>
11238 common: Do without nested fucntions to support non-gcc.
11239 * common/t-stringhelp.c (test_strsplit): Remove nested function.
11241 2015-04-11 Werner Koch <wk@gnupg.org>
11245 2015-04-11 Yuri Chornoivan <yurchor@ukr.net>
11247 po: Update Ukrainian translation.
11249 2015-04-11 Ineiev <ineiev@gnu.org>
11251 po: Update and review Russian translation.
11253 2015-04-10 Werner Koch <wk@gnupg.org>
11255 dirmngr,w32: Make it build for Windows.
11256 * dirmngr/Makefile.am (t_common_ldadd): Add missing libs.
11258 Remove obsolete directories from AM_CPPFLAGS.
11260 dirmngr,w32: Replace functions not available under Windows.
11261 * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and
11264 common: Add new function gnupg_gmtime.
11265 * common/gettime.c (gnupg_gmtime): New.
11266 (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning
11269 common: Add new function isodate_human_to_tm.
11270 * common/gettime.c (isotime_human_p): Add arg date_only.
11271 (isodate_human_to_tm): New.
11272 * common/t-gettime.c (test_isodate_human_to_tm): New.
11273 (main): Call new test.
11275 dirmngr,w32: Avoid name clash with existing function.
11276 * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect.
11278 gpgparsemail: Fix last commit (3f2bdac)
11279 * tools/rfc822parse.c (parse_field): Replace break by goto.
11281 2015-04-09 Werner Koch <wk@gnupg.org>
11283 gpgparsemail: Fix case of zero length continuation lines.
11284 * tools/rfc822parse.c (parse_field): Loop after continuation line.
11286 2015-04-08 Werner Koch <wk@gnupg.org>
11288 sm: Fix certificate lookup in dirmngr cache.
11289 * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
11291 2015-04-06 Werner Koch <wk@gnupg.org>
11293 gpg: Print the user id in --fast-list-mode.
11294 * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
11296 gpg: Prepare to pass additional context to the list functions.
11297 * g10/keylist.c (struct sig_stats): Rename to keylist_context and add
11299 (keylist_context_release): New.
11300 (list_all): Set listctx.check_sigs and call release func.
11302 (locate_one): Ditto.
11303 (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by
11305 (list_keyblock): Ditto. Make static.
11306 (list_keyblock_direct): New.
11307 * g10/keygen.c (do_generate_keypair): Replace list_keyblock by
11308 list_keyblock_direct.
11310 gpg: Merge duplicated code for get_user_id et al.
11311 * g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
11312 (get_user_id_string_native): Add new args.
11313 (get_long_user_id_string, get_user_id): Rewrite using
11314 get_user_id_string.
11316 gpg: Add new option --debug-iolbf.
11317 * g10/gpg.c (oDebugIOLBF): new.
11318 (opts): Add --debug-iolbf.
11319 (main): Set option.
11321 Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
11322 * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
11324 Fix use of DBG_CACHE and DBG_LOOKUP.
11325 * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
11326 * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
11327 * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
11329 gpg: Rename a debug macro.
11330 * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
11331 (DBG_CIPHER): Rename to DBG_CRYPTO.
11333 2015-04-05 Werner Koch <wk@gnupg.org>
11335 gpg: Fix DoS while parsing mangled secret key packets.
11336 * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
11339 2015-04-03 NIIBE Yutaka <gniibe@fsij.org>
11341 g10: Fix keytocard.
11342 g10/call-agent.h (agent_scd_learn): Add FORCE option.
11343 g10/call-agent.c (agent_scd_learn): Implement FORCE option.
11344 g10/keygen.c (gen_card_key): Follow the change of option.
11345 g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
11346 g10/keyedit.c (keyedit_menu): Update private key storage by
11349 agent: Add --force option for LEARN.
11350 * agent/command.c (cmd_learn): Handle --force option.
11351 (cmd_keytocard): Don't update key storage file.
11352 * agent/agent.h (agent_handle_learn): Add FORCE.
11353 * agent/learncard.c (agent_handle_learn): Implement FORCE to update
11356 2015-03-31 Neal H. Walfield <neal@g10code.com>
11358 dirmngr: Don't use alloca.
11359 * dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
11362 dirmngr: Simplify truncation of long strings in debug code.
11363 * dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
11366 dirmngr: Use a better error code.
11367 * dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
11368 GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
11370 dirmngr: Better encapsulate the keyservers variable.
11371 * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
11373 * dirmngr/server.c (struct server_local_s): ... to here. Update
11375 * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
11376 (ks_action_search): Likewise.
11377 (ks_action_get): Likewise.
11378 (ks_action_put): Likewise.
11379 * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
11380 Use it instead of ctrl->keyservers.
11381 (ks_action_search): Likewise.
11382 (ks_action_get): Likewise.
11383 (ks_action_put): Likewise.
11385 2015-03-28 Neal H. Walfield <neal@g10code.de>
11387 gpg: Only use the last specified keyserver.
11388 * g10/gpg.c (main): Only use the last specified keyserver.
11390 2015-03-25 Werner Koch <wk@gnupg.org>
11392 dirmngr: Fix resource leaks and check rare errors.
11393 * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
11395 (ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
11397 (modlist_dump): Check error from es_fopenmem.
11398 (uncescape): s/int/size_t/. Use existing macros.
11399 (extract_attributes): Use existing trim function.
11400 (ks_ldap_put): Do not segv on error from modlist_dump.
11402 dirmngr: Minor cleanups.
11403 * dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
11404 (ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
11405 (tm2ldaptime): Use snprintf.
11406 (ldap_connect): Get error code prior to log_error and and use modern
11407 function. Use xfree, xtrustrdup etc.
11408 (modlist_lookup): Use GNUPG_GCC_A_USED.
11409 (modlist_free): Use xfree.
11411 common: Add macro GNUPG_GCC_A_USED.
11412 * common/util.h (GNUPG_GCC_A_USED): New.
11414 sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
11415 * sm/certreqgen.c (create_request): Change default hash algo.
11416 * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo.
11418 2015-03-24 Werner Koch <wk@gnupg.org>
11420 gpg,w32: Handle forward slash in --keyring option.
11421 * g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
11423 2015-03-23 Neal H. Walfield <neal@g10code.de>
11425 Improve documentation for ks_hkp_get.
11426 * dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation.
11428 Improve documenation of http_parse_uri.
11429 * common/http.c (http_parse_uri): Improve documentation.
11431 Add support to talking to LDAP key servers.
11432 * g10/call-dirmngr.c (record_output): New function.
11433 (ks_put_inq_cb): Use it here to generate a --with-colons like output
11434 instead of a custom format.
11435 * dirmngr/ks-action.c: Include "ldap-parse-uri.h".
11436 (ks_action_help): If the provided URI is an LDAP URI, then use
11437 ldap_parse_uri to parse. Call ks_ldap_help.
11438 (ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
11439 (ks_action_get): Likewise.
11440 (ks_action_put): Likewise. Also, change data from a 'const void *' to
11441 a 'void *' and add info and infolen parameters. Add note that
11442 function may modify DATA.
11443 * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
11444 * dirmngr/server.c: Include "ldap-parse-uri.h".
11445 (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
11447 (hlp_ks_put): Improve documentation.
11448 (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve
11450 * dirmngr/ks-engine.h (ks_ldap_help): New declaration.
11451 (ks_ldap_search): Likewise.
11452 (ks_ldap_get): Likewise.
11453 (ks_ldap_put): Likewise.
11454 * dirmngr/ks-engine-ldap.c: New file.
11455 * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
11456 ldap-parse-uri.c and ldap-parse-uri.h.
11457 (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).
11459 Import _gpgme_parse_timestamp from gpgme as parse_timestamp.
11460 * common/gettime.h (parse_timestamp): New declaration.
11461 * common/gettime.c (_win32_timegm): New function imported from
11462 gpgme/src/conversion.c:_gpgme_timegm.
11463 (parse_timestamp): New function imported from
11464 gpgme/src/conversion.c:_gpgme_parse_timestamp.
11466 Move copy_stream function to misc.c.
11467 * dirmngr/ks-action.c (copy_stream): Move function from here...
11468 * dirmngr/misc.c (copy_stream): ... to here and drop the static
11470 * dirmngr/misc.h (copy_stream): Add declaration.
11472 Move armor_data to misc.c.
11473 * dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
11474 * dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
11475 * dirmngr/misc.h: New declaration.
11477 Add new LDAP utility functions.
11478 * dirmngr/Makefile.am (module_tests): New variable.
11479 (noinst_PROGRAMS): New primary. Set it to $(module_tests).
11480 (TESTS): New variable. Set it to $(module_tests).
11481 (t_common_src): New variable.
11482 (t_common_ldadd): Likewise.
11483 (t_ldap_parse_uri_SOURCES): New primary.
11484 (t_ldap_parse_uri_LDADD): Likewise.
11485 * dirmngr/ldap-parse-uri.c: New file.
11486 * dirmngr/ldap-parse-uri.h: Likewise.
11487 * dirmngr/t-ldap-parse-uri.c: Likewise.
11488 * dirmngr/t-support.h: Likewise.
11490 Add new function uri_query_lookup.
11491 * common/http.h (uri_query_lookup): New declaration.
11492 * common/http.c (uri_query_lookup): The corresponding implementation.
11494 Add new function strlist_find.
11495 * common/strlist.h (strlist_find): New declaration.
11496 * common/strlist.c (strlist_find): New function.
11498 common: Add new helper function, strsplit.
11499 * common/stringhelp.h (strsplit): New declaration.
11500 * common/stringhelp.c (strsplit): New function.
11501 * common/t-stringhelp.c (test_strsplit): New function.
11502 (main): Call it here.
11504 2015-03-20 Werner Koch <wk@gnupg.org>
11506 gpg: Consider a mailbox only userid in mail search mode.
11507 * kbx/keybox-search.c: Include mbox-util.h.
11508 (blob_cmp_mail): Improve OpenPGP uid parsing.
11510 common: Add function is_valid_mailbox_mem.
11511 * common/mbox-util.c (mem_count_chr): New.
11513 (has_invalid_email_chars): Change args to work on a buffer.
11514 (is_valid_mailbox_mem): New.
11515 (is_valid_mailbox): Rewrite to use is_valid_mailbox_mem.
11517 gpg: Find keys using mail addresses with garbage after the '>'
11518 * kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'.
11520 common: Fix syntax error when building with gnutls.
11521 * common/http.c (send_request): Add missing comma.
11523 2015-03-19 Werner Koch <wk@gnupg.org>
11525 gpg: Emit status line NEWSIG before signature verification starts.
11526 * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
11528 agent: Compute correct MPI length header for protected ECC keys.
11529 * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
11530 opaque MPIs to comply with the OpenPGP spec.
11532 hkps: Fix host name verification when using pools.
11533 * common/http.c (send_request): Set the requested for SNI.
11534 * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
11535 the selecting a host.
11537 Define replacement error codes from libgpg-error 1.19.
11538 * common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19.
11540 2015-03-17 Andre Heinecke <aheinecke@intevation.de>
11542 gpgtar: Fix extracting files with !(size % 512)
11543 * tools/gpgtar-extract.c (extract_regular): Handle size multiples
11546 2015-03-17 Werner Koch <wk@gnupg.org>
11548 common: Add feature to ease using argparse's usage().
11549 * common/argparse.c (show_help): Take care of flag value
11552 common: Allow standalone build of argparse.c.
11553 * common/argparse.h: Remove types.h - not required.
11554 * common/argparse.c: Change to allow standalone use.
11556 2015-03-16 Werner Koch <wk@gnupg.org>
11558 gpg: Create all MPIs with RFC-4880 correct length headers.
11559 * g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
11561 gpg: Allow printing of MPI values in --list-mode.
11562 * g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
11563 * g10/misc.c (mpi_print): Do not print an extra leading zero.
11565 gpg: Fix broken write of opaque MPI length header.
11566 * g10/build-packet.c (gpg_mpi_write): Use a char array for the length.
11568 2015-03-15 Werner Koch <wk@gnupg.org>
11570 gpg: Fix possible dead code elimination.
11571 * g10/encrypt.c: Change condition for detecting a real file.
11573 g13: Fix pointer wrap check.
11574 * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
11575 doing an overflow check.
11577 agent: Remove useless conditions in command.c.
11578 * agent/command.c (cmd_setkeydesc): Remove NULL check.
11579 (cmd_get_passphrase): Ditto.
11580 (cmd_clear_passphrase): Ditto.
11581 (cmd_get_confirmation): Ditto.
11582 (cmd_getval): Ditto.
11583 (cmd_putval): Ditto.
11585 agent: Fix length test in sshcontrol parser.
11586 * agent/command-ssh.c (ssh_search_control_file): Check S before
11589 agent: Remove useless conditions.
11590 * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
11591 * agent/command-ssh.c (ssh_identity_register): Ditto.
11593 gpg: Remove useless condition.
11594 * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
11595 (list_keyblock_print): Likewise.
11597 scd: Fix possible NULL deref in apdu.c.
11598 * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
11599 (control_pcsc_wrapped): Ditto.
11601 common: Make openpgp_oid_to_str more robust.
11602 * common/openpgp-oid.c (openpgp_oid_to_str): Take care of
11603 gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF.
11605 2015-03-11 Werner Koch <wk@gnupg.org>
11607 agent: Improve error reporting from Pinentry.
11608 * agent/call-pinentry.c (unlock_pinentry): Add error logging. Map
11609 error source of uncommon errors to Pinentry.
11611 2015-03-10 Werner Koch <wk@gnupg.org>
11613 gpg: Change --print-pka-records into an option.
11614 * g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
11615 use it as a command.
11616 * g10/keylist.c (list_keyblock): List PKA rceords also for secret
11619 gpg: Add --list-gcrypt-config and "curve" item for --list-config.
11620 * common/openpgp-oid.c (curve_supported_p): New.
11621 (openpgp_enum_curves): New.
11622 * common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
11623 (main): Add option --verbose.
11624 * g10/gpg.c (opts): Add --list-gcrypt-config.
11625 (list_config): Add items "curve" and "curveoid". Remove unused code.
11627 2015-03-09 NIIBE Yutaka <gniibe@fsij.org>
11629 scd: fix for 64-bit arch.
11630 * agent/pksign.c (agent_pksign_do): Use int.
11631 * scd/app-openpgp.c (get_public_key): Likewise.
11633 2015-03-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
11635 gpg: avoid chatter about trustdb when --quiet.
11636 * g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
11639 2015-02-26 Werner Koch <wk@gnupg.org>
11641 gpg: Lowercase mailbox for PKA lookups.
11642 * common/stringhelp.c (ascii_strlwr): New.
11643 * common/mbox-util.c (mailbox_from_userid): Downcase result.
11645 gpg: Fix memory leak due to PKA lookup.
11646 * g10/keyserver.c (keyserver_import_pka): Move the xfree.
11648 2015-02-25 Werner Koch <wk@gnupg.org>
11650 gpg: Switch to a hash and CERT record based PKA system.
11651 * common/dns-cert.c (get_dns_cert): Make r_key optional.
11652 * common/pka.c: Rewrite for the new hash based lookup.
11653 * common/t-pka.c: New.
11654 * configure.ac: Remove option --disable-dns-pka.
11655 (USE_DNS_PKA): Remove ac_define.
11656 * g10/getkey.c (parse_auto_key_locate): Always include PKA.
11658 common: Allow requesting a specific certtype with get_dns_cert()
11659 * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all
11661 (CERTTYPE_): Move constants to ...
11662 * common/dns-cert.h: here as DNS_CERTTYPE_.
11664 Move new mailbox.c source file to common/.
11665 * g10/mailbox.c: Move to ...
11666 * common/mbox-util.c: new file.
11667 * common/mbox-util.h: New. Include where needed.
11668 * g10/t-mailbox.c: Move to ...
11669 * common/t-mbox-util.c: new file.
11671 2015-02-24 Werner Koch <wk@gnupg.org>
11673 gpg: Add command --print-pka-records.
11674 * g10/gpg.c (main): Add command --print-pka-records.
11675 * g10/options.h (struct opt): Add field "print_pka_records".
11676 * g10/keylist.c (list_keyblock_pka): New.
11677 (list_keyblock): Call it if new option is set.
11678 (print_fingerprint): Add mode 10.
11680 gpg: Add function to extract the mailbox.
11681 * g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
11682 (is_valid_user_id): Move to ...
11683 * g10/mailbox.c: new file.
11684 (string_has_ctrl_or_space, has_dotdot_after_at): New.
11685 (has_invalid_email_chars): New.
11687 * g10/t-mailbox.c: New.
11688 * g10/Makefile.am (module_tests): Add t-mailbox.
11689 (t_mailbox_SOURCES, t_mailbox_LDADD): New.
11691 2015-02-23 Werner Koch <wk@gnupg.org>
11693 gpg: Add option to print fingerprints in ICAO spelling.
11694 * g10/gpg.c: Add option --with-icao-spelling.
11695 * g10/options.h (struct opt): Add with_icao_spelling.
11696 * g10/keylist.c (print_icao_hexdigit): New.
11697 (print_fingerprint): Print ICAO spelling.
11699 gpg: Skip legacy keys while searching keyrings.
11700 * g10/getkey.c (search_modes_are_fingerprint): New.
11701 (lookup): Skip over legacy keys.
11703 common: Fix regression due to commit 2183683b.
11704 * common/dns-cert.c (get_dns_cert): Remove cruft.
11706 2015-02-19 Werner Koch <wk@gnupg.org>
11708 gpg: Replace remaining uses of stdio by estream.
11709 * g10/sign.c (sign_file): Use log_printf instead of stderr.
11710 * g10/tdbdump.c (export_ownertrust): Use estream fucntions.
11711 (import_ownertrust): Ditto.
11712 * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t.
11714 gpg: Fix segv due to NULL value stored as opaque MPI.
11715 * g10/build-packet.c (gpg_mpi_write): Check for NULL return from
11716 gcry_mpi_get_opaque.
11717 (gpg_mpi_write_nohdr, do_key): Ditto.
11718 * g10/keyid.c (hash_public_key): Ditto.
11720 2015-02-12 Werner Koch <wk@gnupg.org>
11722 scd: Fix regression in 2.1.2 (due to commit 2183683)
11723 * scd/apdu.c (pcsc_vendor_specific_init): Replace use of
11724 bufNN_to_uint by direct code.
11726 2015-02-12 Andre Heinecke <aheinecke@intevation.de>
11728 dirmngr: Initialize cache from sysconfig dir.
11729 * dirmngr/certcache.c (cert_cache_init): Load certificates
11730 from sysconfig dir instead of the homeidr.
11731 * dirmngr/dirmngr.c (main): Removed parsing of obsolete
11732 homedir_data option.
11733 * dirmngr/dirmngr.h (opt): Removed homedir_data.
11734 * doc/dirmngr.texi: Update and clarify certs directory doc.
11736 2015-02-11 Werner Koch <wk@gnupg.org>
11740 dirmngr: Avoid warning about unused function.
11741 * dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used.
11743 build: Update standard build-aux files.
11745 Use inline functions to convert buffer data to scalars.
11746 * common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
11747 (buf16_to_ushort, buf16_to_u16): New.
11748 (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
11750 2015-02-09 Werner Koch <wk@gnupg.org>
11752 gpg: Prevent an invalid memory read using a garbled keyring.
11753 * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
11755 * g10/keydb.c (parse_keyblock_image): Ditto.
11757 gpg: Fix a NULL-deref in export due to invalid packet lengths.
11758 * g10/build-packet.c (write_fake_data): Take care of a NULL stored as
11761 gpg: Fix a NULL-deref due to empty ring trust packets.
11762 * g10/parse-packet.c (parse_trust): Always allocate a packet.
11764 2015-02-04 Werner Koch <wk@gnupg.org>
11766 gpg-agent: Use "pinentry-basic" as fallback.
11767 * common/homedir.c (get_default_pinentry_name): New.
11768 (gnupg_module_name): Use that for the default pinentry.
11769 (gnupg_module_name_flush_some): New.
11770 * agent/gpg-agent.c (agent_sighup_action): Flush some module names.
11771 * agent/call-pinentry.c (start_pinentry): Do not modify
11772 opt.pinentry_program.
11774 w32: Add manifest to gpg.
11775 * g10/gpg.w32-manifest.in: New.
11776 * g10/gpg-w32info.rc: Add manifest.
11777 * g10/Makefile.am (EXTRA_DIST): Add manifest.
11778 (gpg-w32info.o): Depend on manifest.
11779 * configure.ac (BUILD_VERSION): New.
11780 (AC_CONFIG_FILES): Add manifest.
11782 2015-02-03 Werner Koch <wk@gnupg.org>
11784 Update copyright years.
11785 * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG
11788 2015-02-02 Werner Koch <wk@gnupg.org>
11790 w32: Change default Windows install dir and add bin to PATH.
11791 * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is
11792 now build by default without any GUI stuff.
11793 * build-aux/speedo/w32/inst.nsi: Change standard installation
11795 (AddToPath, un.RemoveFromPath): New.
11796 (gnupginst): Add bin directory to the PATH.
11798 2015-02-01 Werner Koch <wk@gnupg.org>
11800 w32: Allow for Unicocde installation directory.
11801 * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
11804 2015-01-30 Joshua Rogers <git@internot.info>
11806 kbx: Fix resource leak.
11807 * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error
11808 return, 'fp' and 'newfp' was never closed.
11810 2015-01-29 Werner Koch <wk@gnupg.org>
11812 agent: Fix use of imported but unprotected openpgp keys.
11813 * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
11814 * agent/command.c (do_one_keyinfo): Implement it.
11815 * agent/findkey.c (agent_key_from_file): Ditto.
11816 (agent_key_info_from_file): Ditto.
11817 (agent_delete_key): Ditto.
11818 * agent/protect.c (agent_private_key_type): Add detection for openpgp
11821 2015-01-29 NIIBE Yutaka <gniibe@fsij.org>
11823 po: Update Japanese Translation.
11825 2015-01-28 Werner Koch <wk@gnupg.org>
11827 gpg: Limit the size of key packets to a sensible value.
11828 * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
11829 (MAX_UID_PACKET_LENGTH): New.
11830 (MAX_COMMENT_PACKET_LENGTH): New.
11831 (MAX_ATTR_PACKET_LENGTH): New.
11832 (parse_key): Limit the size of a key packet to 256k.
11833 (parse_user_id): Use macro for the packet size limit.
11834 (parse_attribute): Ditto.
11835 (parse_comment): Ditto.
11837 gpg: Fix buffering problem in --list-config.
11838 * g10/gpg.c (list_config): Replace print_sanitized_string2 by
11839 es_write_sanitized.
11841 * common/stringhelp.c (print_sanitized_buffer2): Remove.
11842 (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
11843 (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
11844 (print_sanitized_string): Remove.
11846 * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
11847 (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
11849 Add a hook to be called right after main.
11850 * common/init.c (early_system_init): New stub function.
11852 gpg: Allow predefined names as answer to the keygen.algo prompt.
11853 * g10/keygen.c (ask_algo): Add list of strings.
11855 agent: Add some extra robustness to extract_private_key.
11856 * agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
11857 Make sure that R_FLAGS and R_CURVE are set to NULL.
11859 2015-01-28 NIIBE Yutaka <gniibe@fsij.org>
11861 scd: Fix varargs call for 64-bit arch on ECC keys.
11862 * scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
11864 (rsa_writekey): Follow the change.
11865 (do_genkey): Likewise.
11866 (ecc_writekey): Likewise. Cast to size_t.
11868 2015-01-27 Werner Koch <wk@gnupg.org>
11870 gpg: Fix segv introduced to commit 4d7c9b0.
11871 * g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.
11873 2015-01-27 NIIBE Yutaka <gniibe@fsij.org>
11875 agent: Fix agent_public_key_from_file for ECC.
11876 * agent/cvt-openpgp.c (extract_private_key): New.
11877 (convert_to_openpgp): Use extract_private_key.
11878 * agent/findkey.c (agent_public_key_from_file): Use
11879 extract_private_key.
11881 2015-01-26 Werner Koch <wk@gnupg.org>
11883 sm: Simplify fix ed8383c6.
11884 * sm/minip12.c (p12_build): Release PWBUF only at the end.
11886 2015-01-25 Joshua Rogers <git@internot.info>
11888 ccid: Remove incorrect expression leading to errors.
11889 * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
11891 2015-01-23 Werner Koch <wk@gnupg.org>
11893 gpgconf: Fix validity check for UINT32 values.
11894 * tools/gpgconf-comp.c (option_check_validity): Enable check for
11897 2015-01-22 Werner Koch <wk@gnupg.org>
11899 gpg: Improve skipping of PGP-2 keys.
11900 * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
11902 * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
11903 (prepare_search): Ditto.
11904 (keyring_rebuild_cache): Skip legacy keys.
11905 * g10/keyserver.c (keyidlist): Ditto.
11906 * g10/trustdb.c (validate_key_list): Ditto.
11908 gpg: Add dedicated error code for PGP-2 keys.
11909 * g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
11911 * g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
11912 * g10/getkey.c (lookup): Silence error message for PGP-2 keys.
11914 * common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
11917 gpg: Replace remaining old error code macros by GPG_ERR_.
11918 * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
11920 (G10ERR_): Remove all macros and change all occurrences by their
11921 GPG_ERR_ counterparts.
11923 gpg: Remove an unused variable.
11924 * g10/getkey.c (getkey_ctx_s): Remove last_rc.
11926 2015-01-21 Werner Koch <wk@gnupg.org>
11928 dirmngr: Fix TLS build problems.
11929 * dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
11931 gpg: Support --passphrase with --quick-gen-key.
11932 * g10/keygen.c: Include shareddefs.h.
11933 (quick_generate_keypair): Support static passphrase.
11934 (get_parameter_passphrase): New.
11935 (do_generate_keypair): Use it.
11937 gpg: Re-enable the "Passphrase" parameter for batch key generation.
11938 * agent/command.c (cmd_genkey): Add option --inq-passwd.
11939 * agent/genkey.c (agent_genkey): Add new arg override_passphrase.
11940 * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
11941 (agent_genkey): Add arg optional arg "passphrase".
11942 * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
11943 (gen_rsa, do_create): Add arg "passphrase" and pass it through.
11944 (do_generate_keypair): Make use of pPASSPHRASE.
11945 (release_parameter_list): Wipe out a passphrase parameter.
11947 2015-01-19 Werner Koch <wk@gnupg.org>
11949 kbx: Minor cleanup for the previous fix.
11950 * kbx/keybox-search.c (blob_get_keyid): Rename to
11951 blob_get_first_keyid. Check number of keys and remove blob type check.
11953 2015-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
11955 kbx: Call skipfnc callback to filter out keys.
11956 * kbx/keybox-search.c (blob_get_keyid): New.
11957 (keybox-search): Call skipfnc callback function.
11959 2015-01-13 Andreas Schwier <andreas.schwier@cardcontact.de>
11961 scd: Allow for certificates > 1024 with PC/SC.
11962 * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
11963 allow for larger certificates.
11965 2015-01-08 NIIBE Yutaka <gniibe@fsij.org>
11967 dirmngr: Fix error code path of map_host.
11968 * dirmngr/ks-engine-hkp.c (map_host): Fix error return.
11970 2015-01-08 Joshua Rogers <git@internot.info>
11972 scd: fix get_public_key for OpenPGPcard v1.0.
11973 * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
11975 2015-01-07 NIIBE Yutaka <gniibe@fsij.org>
11977 dirmngr: fix LDAP query PATTERNS limit check.
11978 * dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.
11980 scd: fix merge failure.
11981 * scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
11984 2015-01-05 Werner Koch <wk@gnupg.org>
11986 sm,g13: Init local vars to avoid compiler warnings.
11987 * sm/misc.c (transform_sigval): Init RSA_S_LEN.
11988 * g13/mount.c (read_keyblob): Init HEADERLEN.
11990 gpg: Remove unused args from a function.
11991 * g10/keyserver.c (parse_keyserver_uri): Remove args configname and
11992 configlineno. Change all callers.
11994 gpg: Clear a possible rest of the KDF secret buffer.
11995 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
11997 build: Require automake 1.14.
11998 * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
12000 2015-01-04 Werner Koch <wk@gnupg.org>
12002 agent: Make --allow-loopback-pinentry gpgconf changeable.
12004 2014-12-22 Joshua Rogers <git@internot.info>
12006 tools: Free variable before return.
12007 * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
12010 2014-12-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12012 sm: Avoid double-free on iconv failure.
12013 * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
12014 double-free of pwbuf.
12016 scd: Avoid double-free on error condition in scd.
12017 * scd/command.c (cmd_readkey): avoid double-free of cert
12019 avoid future chance of using uninitialized memory.
12020 * common/iobuf.c: (iobuf_open): initialize len
12022 avoid double-close in unusual dotlock situations.
12023 * common/dotlock.c: (dotlock_create_unix) avoid double-close()
12024 in unusual situations.
12026 gpgkey2ssh: clean up varargs.
12027 * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
12029 2014-12-22 Werner Koch <wk@gnupg.org>
12031 doc: Fix memory leak in yat2m.
12032 * doc/yat2m.c (write_th): Free NAME.
12034 dirmngr: Fix memory leak.
12035 * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.
12037 * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
12039 dirmngr: Remove un-needed check.
12040 * dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
12042 dirmngr,gpgsm: Return NULL on fail.
12043 * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
12044 * sm/gpgsm.c (parse_keyserver_line): Ditto.
12046 2014-12-22 NIIBE Yutaka <gniibe@fsij.org>
12049 * agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
12050 * scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
12051 (send_key_attr): Support ECDH. Fix EdDSA algorithm value.
12052 (retrieve_key_material): Initialize fields.
12053 (get_public_key, ecc_writekey, do_writekey): Support ECDH.
12054 (ecdh_writekey): Remove.
12055 (do_decipher): Support ECDH.
12056 (parse_algorithm_attribute): Support ECDH. Fix EdDSA.
12058 2014-12-19 Werner Koch <wk@gnupg.org>
12060 agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
12061 * agent/gpg-agent.c (finalize_rereadable_options): New.
12062 (main, reread_configuration): Call it.
12064 agent: Keep the session environment for restricted connections.
12065 * agent/command-ssh.c (setup_ssh_env): Move code to ...
12066 * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
12068 * agent/command.c (start_command_handler): Call that fucntion for
12069 restricted connections.
12071 agent: Fix string prepended to remotely initiated prompts.
12072 * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
12075 2014-12-18 Werner Koch <wk@gnupg.org>
12077 build: Remove option to build without agent.
12078 * configure.ac (build-agent): Set to yes.
12080 2014-12-17 Werner Koch <wk@gnupg.org>
12082 gpgconf: Exit with failure if --launch fails.
12083 * tools/gpgconf-comp.c (gc_component_launch): Return an error code.
12084 * tools/gpgconf.c (main): Exit if launch failed.
12086 2014-12-16 Werner Koch <wk@gnupg.org>
12090 po: Update the German translation.
12092 2014-12-16 Petr Pisar <petr.pisar@atlas.cz>
12094 po: Update Czech translation.
12096 2014-12-16 Werner Koch <wk@gnupg.org>
12098 gpg: Show private DO information in the card status.
12099 * g10/call-agent.c (agent_release_card_info): Free private_do.
12100 (learn_status_cb): Parse PRIVATE-DO-n stati.
12102 2014-12-16 Ineiev <ineiev@gnu.org>
12104 po: Update Russian translation.
12106 2014-12-16 Jedi <jedi@jedi.org>
12108 po: Update zh_TW translation.
12110 2014-12-15 Werner Koch <wk@gnupg.org>
12112 gpg: Add sub-command "factory-reset" to --card-edit.
12113 * common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
12114 * scd/iso7816.c (map_sw): Add this error code.
12115 * scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
12116 * scd/app.c (select_application): Allow a return value of
12117 GPG_ERR_OBJ_TERM_STATE.
12118 * scd/scdaemon.c (set_debug): Print the DBG_READER value.
12119 * g10/call-agent.c (start_agent): Print a status line for the
12121 (agent_scd_learn): Make arg "info" optional.
12122 (agent_scd_apdu): New.
12123 * g10/card-util.c (send_apdu): New.
12124 (factory_reset): New.
12125 (card_edit): Add command factory-reset.
12127 gpg: Fix regression in notation data regression.
12128 * g10/misc.c (pct_expando): Reorder conditions for clarity.
12129 * g10/sign.c (write_signature_packets): Fix notation data creation.
12131 gpg: Avoid extra LF in notaion data listing.
12132 * g10/keylist.c (show_notation): Use log_printf.
12134 2014-12-12 Werner Koch <wk@gnupg.org>
12136 scd: Fix possibly inhibited checkpin of the admin pin.
12137 * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
12140 gpg: Let --card--status create a shadow key (card key stub).
12141 * agent/command.c (cmd_learn): Add option --sendinfo.
12142 * agent/learncard.c (agent_handle_learn): Add arg "send" andsend
12143 certifciate only if that is set.
12144 * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO
12146 (agent_learn): Remove.
12147 * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
12149 gpg: Fix possible read of unallocated memory.
12150 * g10/parse-packet.c (can_handle_critical): Check content length
12151 before calling can_handle_critical_notation.
12153 2014-12-11 Werner Koch <wk@gnupg.org>
12155 build: Replace deprecated autconf macro.
12156 * m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
12159 2014-12-08 Werner Koch <wk@gnupg.org>
12161 dirmngr: Improve dead host detection.
12162 * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
12163 also for 2 other error messages.
12165 http: Improve diagnostic messages.
12166 * common/http.c (send_request): Print TLS alert info
12167 (connect_server): Detect bogus DNS entry.
12169 gpg: Obsolete some keyserver helper options.
12170 * g10/options.h (opt): Remove keyserver_options.other.
12171 * g10/gpg.c (main): Obsolete option --honor-http-proxt.
12172 * g10/keyserver.c (add_canonical_option): Replace by ...
12173 (warn_kshelper_option): New.
12174 (parse_keyserver_uri): Obsolete "x-broken-http".
12176 dirmngr: Return a proper error for all dead hosts.
12177 * dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
12178 Return an error code for all dead hosts.
12179 (make_host_part): Change to return an gpg_error_t. Change all
12182 gpg: Write a status line for a failed --send-keys.
12183 * g10/keyserver.c (keyserver_put): Write an status error.
12185 2014-12-08 NIIBE Yutaka <gniibe@fsij.org>
12187 scd: Fix for EdDSA.
12188 * scd/app-openpgp.c (get_algo_byte): It catches 22.
12189 (store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
12191 2014-12-05 Andre Heinecke <aheinecke@intevation.de>
12193 Document no-allow-mark-trusted option.
12194 doc: Document no-allow-mark-trusted for gpg-agent
12196 * doc/gpg-agent.texi: Change allow-mark-trusted doc to
12197 no-allow-mark-trusted.
12200 Since rev. 78a56b14 allow-mark-trusted is the default option
12201 and was replaced by no-allow-mark-trusted to disable the
12202 interactive prompt.
12204 2014-12-05 NIIBE Yutaka <gniibe@fsij.org>
12206 scd: Fix for NIST P-256.
12207 * g10/card-util.c (card_store_subkey): Error check.
12208 * scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
12209 (do_writekey): Error check.
12211 2014-12-04 Werner Koch <wk@gnupg.org>
12213 gpg: Allow import of large keys.
12214 * g10/import.c (import): Skip too large keys.
12215 * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
12217 2014-12-03 Werner Koch <wk@gnupg.org>
12219 gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
12220 * g10/gpg.c (opts): Remove them.
12221 * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
12223 2014-12-02 Werner Koch <wk@gnupg.org>
12225 agent: Replace some sprintf.
12226 * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
12227 * agent/command-ssh.c (ssh_identity_register): Ditto.
12228 * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
12231 2014-12-01 Werner Koch <wk@gnupg.org>
12233 tools: Improve watchgnupg portability.
12234 * configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
12235 * tools/watchgnupg.c: Include it.
12237 gpg: Fix export bug using exact search with only one key in the keybox.
12238 * g10/export.c (do_export_stream): Disable caching.
12239 * g10/keyserver.c (keyidlist): Ditto.
12241 scd: Implement socket redirection.
12242 * scd/scdaemon.c (ENAMETOOLONG): New.
12243 (redir_socket_name): New.
12244 (cleanup): Take care of a redirected socket.
12245 (main): Pass redir_socket_name to create_server_socket.
12246 (create_socket_name): Remove superfluous length check.
12247 (create_server_socket): Add arg r_redir_name and implement
12248 redirection. Replace assert for older Assuan by an error message.
12250 dirmngr: Implement socket redirection.
12251 * dirmngr/dirmngr.c (ENAMETOOLONG): new.
12252 (redir_socket_name): New.
12253 (main): Add Assuan socket redirection.
12254 (cleanup): Adjust cleanup for redirection.
12256 2014-11-28 Werner Koch <wk@gnupg.org>
12258 agent: Implement socket redirection.
12259 * agent/gpg-agent.c (ENAMETOOLONG): New.
12260 (redir_socket_name, redir_socket_name_extra)
12261 (redir_socket_name_ssh): New.
12262 (remove_socket): Take care of the redir names.
12263 (main): Pass the redir names to create_server_socket.
12264 (create_socket_name): Remove length check - that is anyway done later.
12265 (create_server_socket): Add arg r_redir_name and implement redirection
12266 if Libassuan is at least 2.14.
12268 gpg: Change another BUG() call to a regular error message.
12269 * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.
12271 Add option --no-autostart.
12272 * g10/gpg.c: Add option --no-autostart.
12273 * sm/gpgsm.c: Ditto.
12274 * g10/options.h (opt): Add field autostart.
12275 * sm/gpgsm.h (opt): Ditto.
12276 * g10/call-agent.c (start_agent): Print note if agent was not
12278 * sm/call-agent.c (start_agent): Ditto.
12279 * g10/call-dirmngr.c (create_context): Likewise.
12280 * sm/call-dirmngr.c (start_dirmngr_ext): Ditto.
12282 2014-11-27 Мирослав Николић <wk@gnupg.org>
12284 gpg-agent: Add restricted connection feature.
12285 * agent/agent.h (opt): Add field extra_socket.
12286 (server_control_s): Add field restricted.
12287 * agent/command.c: Check restricted flag on many commands.
12288 * agent/gpg-agent.c (oExtraSocket): New.
12289 (opts): Add option --extra-socket.
12290 (socket_name_extra): New.
12291 (cleanup): Cleanup that socket name.
12292 (main): Implement oExtraSocket.
12293 (create_socket_name): Add arg homedir and change all callers.
12294 (create_server_socket): Rename arg is_ssh to primary and change
12296 (start_connection_thread): Take ctrl as arg.
12297 (start_connection_thread_std): New.
12298 (start_connection_thread_extra): New.
12299 (handle_connections): Add arg listen_fd_extra and replace the
12300 connection starting code by parameterized loop.
12301 * common/asshelp.c (start_new_gpg_agent): Detect the use of the
12302 restricted mode and don't fail on sending the pinentry environment.
12304 * common/util.h (GPG_ERR_FORBIDDEN): New.
12306 agent: Make auditing of the option list easier.
12307 * agent/gpg-agent.c (opts): Use ARGPARSE_ macros.
12309 2014-11-26 Kristian Fiskerstrand <kf@sumptuouscapital.com>
12311 dirmngr: Only report hkps scheme when available.
12312 * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
12314 2014-11-26 Werner Koch <wk@gnupg.org>
12316 gpg: Change a bug() call to a regular error message.
12317 * g10/decrypt-data.c (decrypt_data): Return an error code instead of
12320 2014-11-25 Werner Koch <wk@gnupg.org>
12322 Fix buffer overflow in openpgp_oid_to_str.
12323 * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
12325 * common/t-openpgp-oid.c (BADOID): New.
12326 (test_openpgp_oid_to_str): Add test cases.
12328 2014-11-24 Werner Koch <wk@gnupg.org>
12330 gpg: Fix use of uninit.value in listing sig subpkts.
12331 * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
12334 gpg: Fix off-by-one read in the attribute subpacket parser.
12335 * g10/parse-packet.c (parse_attribute_subpkts): Check that the
12336 attribute packet is large enough for the subpacket type.
12338 gpg: Fix batch generation of ECC keys.
12339 * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
12342 2014-11-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12344 Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}
12345 * common/argparse.c (initialize): Use correct value.
12347 gpg: Refer to --throw-keyids instead of --throw-keyid.
12348 * g10/encrypt.c: adjust error message
12350 2014-11-21 Werner Koch <wk@gnupg.org>
12352 gpg: Track number of skipped v3 keys on import.
12353 * g10/import.c (stats_s): Add field v3keys.
12354 (import): Update this field.
12355 (import_print_stats): Print v3 key count.
12356 (read_block): Skip v3 keys and return a count for them.
12358 gpg: Fix regression in parse_key.
12359 * g10/parse-packet.c (parse): Better return just the gpg_err_code.
12360 (parse_key): Return the error code.
12362 speedo: Add simple logos to the installer.
12363 * build-aux/speedo/w32/README.txt: Include GnuPG Readme.
12364 * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
12365 * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
12366 * build-aux/speedo/w32/inst.nsi: Add logos.
12367 * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
12369 2014-11-20 Werner Koch <wk@gnupg.org>
12371 gpg: Fix hash detection for ECDSA.
12372 * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
12374 Fix linker problem on OS X.
12375 * common/init.c (default_errsource): Move to the .data segmemt.
12377 2014-11-19 Werner Koch <wk@gnupg.org>
12379 gpg-connect-agent: Add convenience option --uiserver.
12381 Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.
12382 * common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change
12383 all callers to use 1 for it.
12384 (start_new_dirmngr): Ditto.
12385 * tools/gpg-connect-agent.c: Add option --no-autostart.
12386 (main): Default autostart to 1.
12387 (start_agent): Implement no-autostart.
12388 * tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
12389 (scdaemon_runtime_change): Ditto.
12390 (dirmngr_runtime_change): New.
12392 po: Copied missing translations from the 2.0 branch.
12393 * po/LINGUAS: Add new translations.
12395 2014-11-17 Werner Koch <wk@gnupg.org>
12397 gpg: Fix a NULL-deref for invalid input data.
12398 * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
12401 2014-11-13 Werner Koch <wk@gnupg.org>
12403 gpg: Make the use of "--verify FILE" for detached sigs harder.
12404 * g10/openfile.c (open_sigfile): Factor some code out to ...
12405 (get_matching_datafile): new function.
12406 * g10/plaintext.c (hash_datafiles): Do not try to find matching file
12408 * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
12409 matching data file is not used by a standard signatures.
12411 gpg: Fix a missing LF in debug output.
12412 * g10/kbnode.c (dump_kbnode): Print a LF.
12414 gpg: Remove PGP-2 related cruft.
12415 * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
12417 (fake_packet): Remove pgp-2 workaround for white space stripping.
12418 * g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
12419 * g10/options.h (opt): Remove field pgp2_workarounds.
12420 * g10/gpg.c (main): Do not set this field.
12421 * g10/gpgv.c (main): Ditto.
12422 * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
12423 algo. Using MD5 here is useless.
12424 (proc_plaintext): Remove PGP-2 related woraround
12425 (proc_tree): Remove another workaround but keep the one for PGP-5.
12427 2014-11-12 Werner Koch <wk@gnupg.org>
12429 gpg: Improve perceived speed of secret key listings.
12430 * g10/keylist.c (list_keyblock): Flush stdout for secret keys.
12432 gpg: Fix regression in --refresh-keys.
12433 * g10/keyserver.c (keyserver_get): Factor all code out to ...
12434 (keyserver_get_chunk): new. Extimate line length.
12435 (keyserver_get): Split up requests into chunks.
12437 gpg: Add import options "keep-ownertrust".
12438 * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
12439 * g10/import.c (parse_import_options): Add "keep-ownertrust".
12440 (import_one): Act upon new option.
12442 2014-11-11 Werner Koch <wk@gnupg.org>
12444 Remove use of gnulib (part 2)
12445 * configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
12446 (gl_EARLY): Remove.
12447 * common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
12448 * common/sysutils.c (gnupg_mkdtemp): New. Based on code from
12450 (gnupg_setenv): Rewrite.
12451 (gnupg_unsetenv): Rewrite.
12452 * g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
12453 * g13/be-encfs.c: Ditto.
12454 * g13/mount.c: Ditto.
12455 * tools/symcryptrun.c (confucius_mktmpdir): Ditto.
12457 Remove use of gnulib (part 1)
12458 * gl/: Remove entire tree.
12459 * configure.ac: Remove gnulib tests and the gl/ Makefile.
12460 (setenv): Add to AC_CHECK_FUNCS.
12461 * autogen.rc (extra_aclocal_flags): Set to empty.
12462 * Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
12463 (SUBDIRS): Remove gl/.
12464 * agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
12465 * common/Makefile.am (t_common_ldadd): Ditto.
12466 * dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
12467 (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
12468 * g10/Makefile.am (needed_libs): Ditto.
12469 * g13/Makefile.am (g13_LDADD): Ditto.
12470 * kbx/Makefile.am (kbxutil_LDADD): Ditto.
12471 ($(PROGRAMS)): Ditto.
12472 * scd/Makefile.am (scdaemon_LDADD): Ditto.
12473 * sm/Makefile.am (common_libs): Ditto.
12474 * tools/Makefile.am (common_libs, commonpth_libs): Ditto.
12476 * agent/gpg-agent.c: Remove "mkdtemp.h"
12477 * g10/exec.c: Ditto.
12478 * scd/scdaemon.c: Ditto.
12479 * tools/symcryptrun.c: Ditto.
12480 * common/sysutils.c: Remove "setenv.h"
12482 * common/t-timestuff.c: Use putenv if setenv is not available.
12484 2014-11-07 Werner Koch <wk@gnupg.org>
12486 gpg: Remove warning message for non-implemented search modes.
12487 * kbx/keybox-search.c (keybox_search): Silently ignore.
12488 * doc/specify-user-id.texi: Docuement '@", '+', and '.' search
12491 w32: Fix http access module.
12492 * common/http.c (write_server) [W32]: Rework to use send() instead of
12493 write even when build with npth.
12494 (cookie_read) [W32]: Rework to use recv() instead of read even when
12497 build: Add method to use a custom swdb.lst and use adns with Windows.
12498 * build-aux/getswdb.sh: Add option --skip-verify.
12499 * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version
12500 from swdb and build for Windows with adns.
12502 build: Improve test for ADNS.
12503 * configure.ac <adns>: Use adns_free as probe function for libadns.
12504 (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
12505 (ADNSLIBS): Do not ac_subst - it is only used within configure.
12507 2014-11-05 Werner Koch <wk@gnupg.org>
12509 speedo: Append the date to the Windows installer.
12510 * build-aux/speedo.mk (BUILD_DATESTR): New.
12511 (dist-source, installer): Use it.
12515 Avoid sign extension when shifting the MSB.
12516 * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
12518 * g10/build-packet.c (delete_sig_subpkt): Ditto.
12520 2014-11-04 Werner Koch <wk@gnupg.org>
12522 Remove all expired common CA certificates.
12523 * doc/com-certs.pem: Remove certifciates.
12525 2014-11-02 Werner Koch <wk@gnupg.org>
12527 gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
12528 * agent/command.c (cmd_export_key): Actually implement the cache_nonce
12530 * g10/export.c (do_export_stream): Make use of a cache_nonce.
12532 gpg: Fix endless loop in keylisting with fingerprint.
12533 * g10/getkey.c (getkey_next): Disable cache.
12535 gpg: Minor cleanup for key listing related code.
12536 * g10/getkey.c (get_pubkey_next): Divert to getkey_next.
12537 (get_pubkey_end): Move code to getkey_end.
12538 * g10/keydb.c (keydb_search_reset): Add a debug statement.
12539 (dump_search_desc): Add arg HD and print the handle.
12541 gpg: Do not show an useless passphrase prompt in batch mode.
12542 * g10/keygen.c: Remove unused PASSPHRASE related code.
12543 (proc_parameter_file): Remove useless asking for a passphrase in batch
12546 2014-10-31 Werner Koch <wk@gnupg.org>
12548 gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
12549 * g10/gpg.c (main): Remove check.
12551 kbx: Let keydb_search skip unwanted blobs.
12552 * kbx/keybox.h (keybox_blobtype_t): New.
12553 * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
12554 * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
12555 non-matching blobs.
12556 * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
12557 * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
12559 gpg: Fix --rebuild-keydb-caches.
12560 * g10/parse-packet.c (parse_key): Store even unsupported packet
12562 * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
12563 versions less than 4.
12565 gpg: Fix testing for secret key availability.
12566 * g10/getkey.c (have_secret_key_with_kid): Do not change the search
12569 build: Avoid distributing backup files etc.
12570 * Makefile.am (EXTRA_DIST): Do not include directories.
12572 2014-10-30 Werner Koch <wk@gnupg.org>
12574 tests: Speed up the genkey1024.test by using not so strong random.
12575 * agent/gpg-agent.c (oDebugQuickRandom): New.
12576 (opts): New option --debug-quick-random.
12577 (main): Use new option.
12578 * common/asshelp.c (start_new_gpg_agent): Add hack to pass an
12579 additional argument for the agent name.
12580 * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
12581 starting parameters.
12582 * tests/openpgp/version.test: Ditto.
12584 2014-10-29 Werner Koch <wk@gnupg.org>
12586 common: Check option arguments for a valid range.
12587 * common/argparse.h (ARGPARSE_INVALID_ARG): New.
12588 * common/argparse.c: Include limits h and errno.h.
12589 (initialize): Add error strings for new error constant.
12590 (set_opt_arg): Add range checking.
12592 Fix stdint.h problem for Apple.
12593 * gl/stdint_.h [__APPLE__]: Include hack.
12595 2014-10-27 Werner Koch <wk@gnupg.org>
12597 speedo: Fixes for native build.
12598 * build-aux/speedo.mk (TARGETOS): Init with empty string.
12599 (speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
12600 (INST_VERSION, INST_PROD_VERSION): Create only for w32.
12602 2014-10-24 Werner Koch <wk@gnupg.org>
12604 agent: Support pinentries with integrated repeat passphrase feature.
12605 * agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
12607 * agent/call-pinentry.c (close_button_status_cb): Rewrite and check
12608 for PIN_REPEAT. Change users to check only the relevant bit.
12609 (agent_askpin): Support repeat logic of new Pinentries.
12611 * agent/command-ssh.c (ssh_identity_register): Use the new repeat
12613 * agent/genkey.c (agent_ask_new_passphrase): Ditto.
12615 2014-10-19 Werner Koch <wk@gnupg.org>
12617 gpg: Silence "packet with obsolete versoin" warnings.
12618 * g10/parse-packet.c (parse_key): Print warning only in very verbose
12621 gpg: Make card key generation work again.
12622 * g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
12623 (agent_learn): New.
12624 * g10/keygen.c (gen_card_key): Call new agent-learn.
12626 2014-10-17 Werner Koch <wk@gnupg.org>
12628 dirmngr: Allow building without LDAP support.
12629 * configure.ac: Add option --disable-ldap.
12630 (USE_LDAP): New ac_define and am_conditional.
12631 * dirmngr/Makefile.am: Take care of USE_LDAP.
12632 * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
12633 and do not call any ldap function.
12634 * dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
12635 * dirmngr/crlfetch.c (!USE_LDAP): Ditto.
12637 w32: Set SYSROOT to help finding config scripts.
12638 * autogen.sh <build-w32>: Set SYSROOT.
12640 gpg: Remove all support for v3 keys and always create v4-signatures.
12641 * g10/build-packet.c (do_key): Remove support for building v3 keys.
12642 * g10/parse-packet.c (read_protected_v3_mpi): Remove.
12643 (parse_key): Remove support for v3-keys. Add dedicated warnings for
12645 * g10/keyid.c (hash_public_key): Remove v3-key support.
12646 (keyid_from_pk): Ditto.
12647 (fingerprint_from_pk): Ditto.
12649 * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
12650 * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
12651 oForceV4Certs, oNoForceV4Certs.
12652 (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
12653 --no-force-v4-certs int dummy options.
12654 (main): Remove setting of the force_v3_sigs force_v4_certs flags.
12655 * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
12656 * g10/sign.c (hash_uid): Remove support for v3-signatures
12657 (hash_sigversion_to_magic): Ditto.
12658 (only_old_style): Remove this v3-key function.
12659 (write_signature_packets): Remove support for creating v3-signatures.
12660 (sign_file): Ditto.
12661 (sign_symencrypt_file): Ditto.
12662 (clearsign_file): Ditto. Remove code to emit no Hash armor line if
12663 only v3-keys are used.
12664 (make_keysig_packet): Remove arg SIGVERSION and force using
12665 v4-signatures. Change all callers to not pass a value for this arg.
12666 Remove all v3-key related code.
12667 (update_keysig_packet): Remove v3-signature support.
12668 * g10/keyedit.c (sign_uids): Always create v4-signatures.
12670 * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
12673 2014-10-13 Werner Koch <wk@gnupg.org>
12675 gpg: Remove extra RSA import status line.
12676 * g10/import.c (stats_s): Remove field "imported_rsa".
12677 (import_print_stats): Do not print separate value for RSA.
12678 (import_one): Remove the RSA counter.
12680 gpg: Fix informative printing of user ids.
12681 * g10/getkey.c (keyid_list): Add field "fpr".
12682 (cache_user_id): Store fpr and check for dups only by fpr.
12683 (get_pubkey_byfpr): New.
12684 (get_user_id_string): Make static and use xasprintf.
12685 (get_long_user_id_string): Use xasprintf.
12686 (get_user_id_byfpr): New.
12687 (get_user_id_byfpr_native): New.
12688 * g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
12689 * g10/import.c (import_one): Use get_user_id_byfpr_native.
12691 gpg: Allow importing keys with duplicated long key ids.
12692 * g10/keydb.c (keydb_handle): Add field no_caching.
12693 (keyblock_cache): Repalce field kid by fpr.
12694 (keydb_disable_caching): New.
12695 (keydb_search): Use the fingerprint as cache index.
12697 * g10/import.c (import_one): Use the fingerprint and not the kid to
12698 lookup the key. Call keydb_disable_caching beofre re-searching for
12701 * tests/openpgp/import.test: Add a test case.
12703 tests: Speed up conventional encryption tests for gpg.
12704 * tests/openpgp/conventional-mdc.test: Add an s2k-count option.
12705 * tests/openpgp/conventional.test: Ditto.
12707 2014-10-12 Werner Koch <wk@gnupg.org>
12709 gpg: Minor change for better readability.
12710 * g10/build-packet.c (write_version): Remove.
12711 (do_pubkey_enc, do_onepass_sig): Write version directly.
12713 2014-10-10 Werner Koch <wk@gnupg.org>
12715 doc: Fix a man page rendering problem.
12716 * doc/gpg-agent.texi (Agent Configuration): Fix rendering of the
12717 sshcontrol example.
12719 2014-10-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12721 gpg: Add build and runtime support for larger RSA keys.
12722 * configure.ac: Added --enable-large-secmem option.
12723 * g10/options.h: Add opt.flags.large_rsa.
12724 * g10/gpg.c: Contingent on configure option: adjust secmem size,
12725 add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
12726 * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
12727 * doc/gpg.texi: Document --enable-large-rsa.
12729 2014-10-09 Werner Koch <wk@gnupg.org>
12731 gpg: Skip overlong keys and a print a warning.
12732 * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
12734 * sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
12735 * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
12736 (keydb_search_reset): Reset that field.
12737 (keydb_search): Update that field.
12738 (keydb_get_skipped_counter): New.
12739 * g10/keylist.c (list_all): Print count of skipped keys.
12741 gpg: Sync keylist output and warning messages.
12742 * g10/keylist.c (list_all): Flush stdout before logging.
12743 * g10/misc.c (print_pubkey_algo_note): Ditto.
12744 (print_cipher_algo_note): Ditto.
12745 (print_digest_algo_note): Ditto.
12746 (print_md5_rejected_note): Ditto.
12748 kbx: Fix handling of overlong keys.
12749 * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB.
12750 (_keybox_read_blob2): Skip too long record records.
12751 (_keybox_write_blob): Do not accept too long record.
12752 * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs.
12753 (_keybox_dump_file): Print new counter.
12754 (_keybox_dump_file): Skip too long records.
12757 To test this feature you may set the limit back to 1MiB and use key
12758 F7F0E70F307D56ED which is in my local copy close to 2MiB. Without
12759 this patch it was possible to import the key but access to that key
12760 and all keys stored after it was not possible.
12762 gpg: Take care to use pubring.kbx if it has ever been used.
12763 * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
12764 * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
12766 * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
12767 and set header flag.
12768 * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
12769 and add arg for_openpgp.
12770 (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
12772 * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
12773 openpgp header flags.
12775 * g10/keydb.c (rt_from_file): New. Factored out and extended from
12776 keydb_add_resource.
12777 (keydb_add_resource): Switch to the kbx file if it has the openpgp
12780 * kbx/keybox-dump.c (dump_header_blob): Print header flags.
12782 2014-10-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12784 Avoid unnecessary library linkage.
12785 * dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
12786 * g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
12787 need $(LIBASSUAN_LIBS)
12788 * sm/Makefile.am: gpgsm does not need $(ZLIBS)
12789 * tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
12791 2014-10-08 Werner Koch <wk@gnupg.org>
12793 gpg: Avoid error exit if keygrip computations fails in a key listing.
12794 * g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error.
12796 2014-10-03 Werner Koch <wk@gnupg.org>
12798 Release 2.1.0-beta864.
12800 gpg: Allow creating a cert-only primary key.
12801 * g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
12803 build: Add configure options --disable-{ntb,gnu}tls.
12804 * configure.ac: Add --disable-ntbtls and --disable-gnutls.
12806 2014-10-03 Andre Heinecke <aheinecke@intevation.de>
12808 gpg: Check gpg-agent version before 2.1 migration.
12809 * g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
12810 * g10/migrate.c (migrate_secring): Abort migration if
12811 agent_get_version returns not at least 2.1.0
12813 2014-10-03 Werner Koch <wk@gnupg.org>
12815 po: Update German translation.
12817 Remove support for the GPG_AGENT_INFO envvar.
12818 * agent/agent.h (opt): Remove field use_standard_socket.
12819 * agent/command.c (cmd_killagent): Always allow killing.
12820 * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
12821 --write-env-file into dummy options. Always return true for
12822 --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
12823 setting or set that envvar.
12824 (create_socket_name): Simplify by removing non standard socket
12826 (check_for_running_agent): Ditto.
12827 * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
12828 * common/simple-pwquery.c (agent_open): Ditto.
12829 * configure.ac (GPG_AGENT_INFO_NAME): Remove.
12830 * g10/server.c (gpg_server): Do not print the AgentInfo comment.
12831 * g13/server.c (g13_server): Ditto.
12832 * sm/server.c (gpgsm_server): Ditto.
12833 * tools/gpgconf.c (main): Simplify by removing non standard socket
12836 2014-10-02 Werner Koch <wk@gnupg.org>
12838 gpg: Fix regression removing SHA256.
12839 * g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
12841 First changes for future use of NTBTLS.
12842 * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
12843 (HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
12844 * m4/ntbtls.m4: New.
12845 * m4/Makefile.am (EXTRA_DIST): Add new file.
12846 * common/http.c: Add conditionals to eventually use NTBTLS.
12848 build: Update m4 scripts.
12849 * m4/gpg-error.m4: Update from Libgpg-error git master.
12850 * m4/libgcrypt.m4: Update from Libgcrypt git master.
12851 * configure.ac: Declare SYSROOT a precious variable. Add extra error
12852 message for library configuration mismatches.
12854 2014-09-29 Werner Koch <wk@gnupg.org>
12856 doc: Remove GnuPG-1 related parts from gpg.texi.
12857 * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
12858 * doc/gpg.texi: Remove gpg1 related texts.
12860 2014-09-27 Werner Koch <wk@gnupg.org>
12862 gpg: Default to SHA-256 for all signature types on RSA keys.
12863 * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
12864 strict RFC or PGP modes.
12865 * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
12866 RSA key signatures.
12867 * configure.ac: Do not allow to disable sha256.
12869 gpg: Simplify command --gen-key and add --full-gen-key.
12870 * g10/gpg.c (aFullKeygen): New.
12871 (opts): Add command --full-key-gen.
12872 (main): Implement it.
12873 * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
12874 the value is identical.
12875 (DEFAULT_STD_CURVE): New.
12876 (DEFAULT_STD_SUBALGO): New.
12877 (DEFAULT_STD_SUBKEYSIZE): New.
12878 (DEFAULT_STD_SUBCURVE): New.
12879 (quick_generate_keypair): Use new macros here.
12880 (generate_keypair): Add arg "full" and fix call callers. Do not ask
12881 for keysize in non-full node.
12882 (ask_user_id): Add arg "full" and simplify for non-full mode.
12884 2014-09-26 Werner Koch <wk@gnupg.org>
12886 gpg: Add shortcut for setting key capabilities.
12887 * g10/keygen.c (ask_key_flags): Add shortcut '='.
12888 * doc/help.txt (gpg.keygen.flags): New.
12890 2014-09-25 Werner Koch <wk@gnupg.org>
12892 gpg: Do not always print dashes in obsolete_option.
12893 * g10/gpg.c (main): Pass option names to obsolete_option without
12895 * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
12896 dash only for command line options.
12898 2014-09-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
12900 gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
12901 * g10/gpg.c: Add config options that should belong in scdaemon.conf
12902 * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.
12904 2014-09-22 Werner Koch <wk@gnupg.org>
12906 speedo: Check that wget and gpgv are installed.
12907 * build-aux/getswdb.sh: Check for required tools.
12909 speedo: Autodetect sha1sum tools.
12910 * build-aux/getswdb.sh: Add option --find-sha1sum.
12911 * build-aux/speedo.mk (check-tools): New phony target. Not yet used.
12912 (SHA1SUM): New var. Use it instead of sha1sum.
12914 gpg: Create default keyring with .kbx suffix.
12915 * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
12916 (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
12917 and check and create .kbx.
12919 2014-09-20 Werner Koch <wk@gnupg.org>
12921 gpg: --delete-secret-key - check that a secret key exists.
12922 * g10/delkey.c (do_delete_key): Check availibility of a secret key.
12924 gpg: Make algorithm selection prompt for ECC more clear.
12925 * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
12927 2014-09-18 Werner Koch <wk@gnupg.org>
12929 Release 2.1.0-beta834.
12931 speedo: Distribute needed files.
12932 * Makefile.am (EXTRA_DIST): Add speedo stuff.
12934 build: Enable gpgtar by default.
12936 common: Do not build maintainer modules in non-maintainer mode.
12937 * common/Makefile.am (module_maint_tests): Use only in maintainer
12939 (t_common_cflags): New.
12941 common: Remove superfluous statements.
12942 * common/exechelp-posix.c: Remove weak pragmas.
12943 * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
12946 g13: Avoid segv after pipe creation failure.
12947 * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
12949 (gpg_decrypt_blob): Ditto.
12951 scd: Fix int/short mismatch in format string of app-p15.c.
12952 * scd/app-p15.c (parse_certid): Use snprintf and cast value.
12953 (send_certinfo): Ditto.
12954 (send_keypairinfo): Ditto.
12955 (do_getattr): Ditto.
12957 agent: Init a local variable in the error case.
12958 * agent/pksign.c (do_encode_md): Init HASH on error.
12960 agent: Remove left over debug output.
12961 * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
12964 agent: Silence compiler warning for a debug message.
12965 * agent/call-pinentry.c (agent_query_dump_state): Use %p for
12968 sm: Silence compiler warnings.
12969 * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
12970 * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
12973 gpg: Silence a compiler warning.
12974 * g10/parse-packet.c (enum_sig_subpkt): Replace hack.
12976 gpg: Replace a hash algo test function.
12977 * g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
12979 speedo: Various fixes.
12980 * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor
12983 2014-09-17 Werner Koch <wk@gnupg.org>
12985 gpg: Print a warning if the subkey expiration may not be what you want.
12986 * g10/keyedit.c (subkey_expire_warning): New.
12987 (keyedit_menu): Call it when needed.
12989 gpg: Improve passphrase caching.
12990 * agent/cache.c (last_stored_cache_key): New.
12991 (agent_get_cache): Allow NULL for KEY.
12992 (agent_store_cache_hit): New.
12993 * agent/findkey.c (unprotect): Call new function and try to use the
12996 * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
12997 make_keysig_packet.
12998 (gen_standard_revoke): Add arg CACHE_NONCE and pass to
13000 * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
13003 2014-09-12 Werner Koch <wk@gnupg.org>
13005 gpg: Use algorithm id 22 for EdDSA.
13006 * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
13007 * g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
13009 2014-09-11 Werner Koch <wk@gnupg.org>
13011 gpg: Stop early on bogus old style comment packets.
13012 * g10/parse-packet.c (parse_key): Take care of too short packets for
13013 old style commet packets.
13015 2014-09-10 Werner Koch <wk@gnupg.org>
13017 dirmngr: Support https for KS_FETCH.
13018 * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
13019 * dirmngr/misc.c (cert_log_cb): here.
13020 * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
13023 dirmngr: Fix the ks_fetch command for the http scheme.
13024 * common/http.c (http_session_ref): Allow for NULL arg.
13026 2014-09-08 Werner Koch <wk@gnupg.org>
13028 gpg: Fix memory leak in ECC encryption.
13029 * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
13032 2014-09-02 Werner Koch <wk@gnupg.org>
13034 gpg: Fix export of NIST ECC keys.
13035 * common/openpgp-oid.c (struct oidtable): New.
13036 (openpgp_curve_to_oid): Rewrite and allow OID as input.
13037 (openpgp_oid_to_curve): Make use of the new table.
13039 agent: Fix import of OpenPGP EdDSA keys.
13040 * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
13041 (convert_secret_key): Ditto.
13042 (convert_transfer_key): Ditto.
13043 (apply_protection): Handle opaque MPIs.
13045 (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
13046 unpacking an opaque mpi.
13048 2014-09-01 Kyle Butt <kylebutt@gmail.com>
13050 gpg: Fix export of ecc secret keys by adjusting check ordering.
13051 * g10/export.c (transfer_format_to_openpgp): Move the check against
13052 PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
13055 2014-09-01 Werner Koch <wk@gnupg.org>
13057 agent: Allow key unprotection using AES-256.
13058 * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
13060 (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe
13061 them instead of the hardwired values.
13062 (agent_unprotect): Change to use a table of protection algorithms.
13063 Add AES-256 variant.
13065 2014-08-28 Werner Koch <wk@gnupg.org>
13067 gpg: Do not show "MD5" and triplicated "RSA" in --version.
13068 * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
13069 (build_list_md_test_algo): Ignore MD5.
13071 gpg: Do not show "MD5" and triplicated "RSA" in --version.
13072 * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
13073 (build_list_md_test_algo): Ignore MD5.
13075 2014-08-26 Werner Koch <wk@gnupg.org>
13077 gpg: Remove CAST5 from the default prefs and order SHA-1 last.
13078 * g10/keygen.c (keygen_set_std_prefs): Update prefs.
13080 Switch to the libgpg-error provided estream.
13081 * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
13082 (GPGRT_ENABLE_ES_MACROS): Define.
13083 (estream_INIT): Remove.
13084 * m4/estream.m4: Remove.
13085 * common/estream-printf.c, common/estream-printf.h: Remove.
13086 * common/estream.c, common/estream.h: Remove.
13087 * common/init.c (_init_common_subsystems): Call gpgrt initialization.
13089 gpg: Allow for positional parameters in the passphrase prompt.
13090 * g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
13092 2014-08-20 Werner Koch <wk@gnupg.org>
13094 gpg: Fix "can't handle public key algorithm" warning.
13095 * g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
13098 2014-08-19 Werner Koch <wk@gnupg.org>
13100 speedo: Get version numbers from online database.
13101 * build-aux/getswdb.sh: New.
13102 * build-aux/speedo.mk: Get release version numbers from swdb.lst.
13104 build: Create VERSION file via autoconf.
13105 * Makefile.am (dist-hook): Remove creation of VERSION.
13106 (EXTRA_DIST): Add VERSION.
13107 * configure.ac: Let autoconf create VERSION.
13109 2014-08-18 Werner Koch <wk@gnupg.org>
13111 gpg: Install the current release signing pubkey.
13112 * g10/distsigkey.gpg: New.
13114 agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
13115 * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
13116 * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
13117 * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
13119 kbx: Make user id and signature data optional for OpenPGP.
13120 * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
13122 gpg: Change default cipher for --symmetric from CAST5 to AES-128.
13123 * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
13124 depending on configure option.
13125 * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
13127 yat2m: Support @set and @value.
13128 * doc/yat2m.c (variablelist): New.
13129 (set_variable): New.
13130 (macro_set_p): Also check the variables.
13131 (proc_texi_cmd): Support the @value command.
13132 (parse_file): Support the @set command.
13133 (top_parse_file): Release variablelist.
13135 yat2m: Support the $* command for man page rendering.
13137 2014-08-17 Werner Koch <wk@gnupg.org>
13139 estream: Change license from GPL to LPGL.
13140 * common/estream-printf.c, common/estream-printf.h: Change license.
13141 * common/estream.c, common/estream.h: Ditto.
13143 2014-08-14 Werner Koch <wk@gnupg.org>
13145 Release 2.1.0-beta783.
13147 po: Update the German (de) translation.
13149 sm: Create homedir and lock empty keybox creation.
13150 * sm/gpgsm.h (opt): Add field "no_homedir_creation".
13151 * sm/gpgsm.c (main): Set it if --no-options is used.
13152 * sm/keydb.c (try_make_homedir): New. Similar to the one from
13154 (maybe_create_keybox): New. Similar to the one from g10/keydb.c.
13155 (keydb_add_resource): Replace some code by maybe_create_keybox.
13157 gpg: Screen keyserver responses.
13158 * g10/main.h (import_screener_t): New.
13159 * g10/import.c (import): Add screener callbacks to param list.
13160 (import_one): Ditto.
13161 (import_secret_one): Ditto.
13162 (import_keys_internal): Ditto.
13163 (import_keys_stream): Ditto.
13164 * g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
13165 (keyserver_retrieval_screener): New.
13166 (keyserver_get): Pass screener to import_keys_es_stream().
13168 scd: Minor changes to app-sc-hsm.
13169 * scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
13170 after xfree for improbed robustness.
13171 (read_ef_prkd): Replace serial operator by blocks for better
13173 (apply_PKCS_padding): Rewrite for easier auditing.
13174 (strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN.
13176 gpg: Disable an MD5 workaround for pgp2 by default.
13177 * g10/sig-check.c (do_check): Move some code to ...
13178 * g10/misc.c (print_md5_rejected_note): new function.
13179 * g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
13180 only if option --allow-weak-digest-algos is used.
13182 gpg: Remove options --pgp2 and --rfc1991.
13183 * g10/gpg.c (oRFC1991, oPGP2): Remove
13184 (opts): Remove --pgp2 and --rfc1991.
13185 * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
13186 (RFC2440, PGP2): Remove. Remove all code only enabled by these
13188 * tests/openpgp/clearsig.test: Remove --rfc1991 test.
13190 build: Fix autogen.sh base version hack.
13191 * autogen.sh <find-version>: Fix.
13193 gpg: Remove --compress-keys and --compress-sigs feature.
13194 * g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
13195 (opts): Turn --compress-keys and --compress-signs in NOPs.
13196 * g10/options.h (opt): Remove fields compress_keys and compress_sigs.
13197 * g10/export.c (do_export): Remove compress_keys feature.
13198 * g10/sign.c (sign_file): Remove compress_sigs feature.
13200 2014-08-13 Werner Koch <wk@gnupg.org>
13202 gpg: Add list-option "show-usage".
13203 * g10/gpg.c (parse_list_options): Add "show-usage".
13204 * g10/options.h (LIST_SHOW_USAGE): New.
13205 * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller.
13206 * g10/keylist.c (list_keyblock_print): Print usage info.
13208 2014-08-12 Werner Koch <wk@gnupg.org>
13210 gpg: Make --with-colons work again for --search-keys.
13211 * g10/keyserver.c (search_line_handler): Replace log_debug by
13214 2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
13216 po: Update Japanese translation.
13218 2014-07-25 Werner Koch <wk@gnupg.org>
13220 scd: Minor and editorial changes to app-sc-hsm.c.
13221 * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
13222 (parse_certid): Remove useless test.
13223 (send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
13224 (do_getattr): Ditto.
13225 (verify_pin): Use SW_ macro.
13226 (do_decipher): Replace OFS variable and extend comment.
13228 scd: Add a new status word code.
13229 * scd/apdu.h (SW_REF_DATA_INV): New.
13230 * scd/apdu.c (apdu_strerror): Add string.
13232 2014-07-25 Andreas Schwier <andreas.schwier@cardcontact.de>
13234 scd: Support for SmartCard-HSM.
13235 * scd/app-sc-hsm.c: New.
13236 * scd/app.c (select_application, get_supported_applications): Register
13239 2014-07-25 Werner Koch <wk@gnupg.org>
13241 gpg: Switch to an EdDSA format with prefix byte.
13242 * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
13244 2014-07-23 Werner Koch <wk@gnupg.org>
13246 agent: Show just one warning with all failed passphrase constraints.
13247 * agent/genkey.c (check_passphrase_constraints): Build a final warning
13250 agent: Only one confirmation prompt for an empty passphrase.
13251 * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
13252 check to the front.
13254 gpg: Add command --quick-gen-key.
13255 * g10/gpg.c (aQuickKeygen): New.
13256 * g10/misc.c (is_valid_user_id): New stub.
13257 * g10/keygen.c (quickgen_set_para): New.
13258 (quick_generate_keypair): New.
13260 common: Add cpr_get_answer_is_yes_def()
13261 * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
13262 (cpr_get_answer_is_yes_def): ...new.
13264 gpg: Make --quick-sign-key promote local key signatures.
13265 * g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
13267 2014-07-22 Werner Koch <wk@gnupg.org>
13269 scd: Do not use the pcsc-wrapper.
13270 * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
13271 * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
13272 (gnupg_pcsc_wrapper_SOURCES): Remove.
13273 (gnupg_pcsc_wrapper_LDADD): Remove.
13274 (gnupg_pcsc_wrapper_CFLAGS): Remove.
13276 2014-07-21 Werner Koch <wk@gnupg.org>
13278 gpg: Improve --list-packets output for faulty packets.
13279 * g10/parse-packet.c: Add list_mode output for certain failures.
13281 gpg: Cap size of attribute packets at 16MB.
13282 * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
13285 2014-07-03 Werner Koch <wk@gnupg.org>
13287 Release 2.1.0-beta751.
13289 gpg: Make show-uid-validity the default.
13291 tests: Fix end-of-all-ticks test for Western locales.
13292 * common/t-timestuff.c (test_timegm): Use timegm if available.
13293 (main): Set TX to UTC if timegm is not available.
13295 2014-07-03 Kristian Fiskerstrand <kf@sumptuouscapital.com>
13297 gpg: Spelling error.
13299 2014-06-30 Werner Koch <wk@gnupg.org>
13301 gpg: Auto-create revocation certificates.
13302 * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
13303 * g10/revoke.c (create_revocation): Add arg "leadin".
13304 (gen_standard_revoke): New.
13305 * g10/openfile.c (get_openpgp_revocdir): New.
13306 (open_outfile): Add MODE value 3.
13307 * g10/keyid.c (hexfingerprint): New.
13308 * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
13310 estream: Fix minor glitch in "%.*s" format.
13311 * common/estream-printf.c (pr_string): Take care of non-nul terminated
13314 gpg: Rearrange code in gen_revoke.
13315 * g10/revoke.c (gen_revoke): Factor some code out to ...
13316 (create_revocation): new.
13318 gpg: Create exported secret files and revocs with mode 700.
13319 * common/iobuf.c (direct_open): Add arg MODE700.
13320 (iobuf_create): Ditto.
13321 * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
13322 callers to pass 0 for it.
13323 * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
13325 * g10/export.c (do_export): Pass true for new arg if SECRET is true.
13327 common: Minor code cleanup for a legacy OS.
13328 * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
13330 2014-06-27 Werner Koch <wk@gnupg.org>
13332 speedo: Fix the w32 installer name.
13334 po: Update some strings of the French (fr) translation.
13336 po: Update the German (de) translation.
13338 agent: Adjust for changed npth_eselect under W32.
13339 * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
13340 unsigned int to match the changed prototype.
13342 dirmngr: Use the homedir based socket also under W32.
13343 * common/homedir.c (dirmngr_user_socket_name): Use same code for all
13346 2014-06-27 Yuri Chornoivan <yurchor@ukr.net>
13348 po: Update and enable Ukrainian (uk) translation.
13350 Fix typos in messages.
13352 2014-06-27 Werner Koch <wk@gnupg.org>
13354 build: Remove unused options.
13355 * configure.ac: Remove option --build-agent-only.
13356 (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
13357 (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
13359 (GPGKEYS_KDNS): Remove ac_subst.
13360 * autogen.rc (final_info): Remove suggestion to use the removed option
13363 2014-06-27 NIIBE Yutaka <gniibe@fsij.org>
13365 scd: Add pinpad support for REINER SCT cyberJack go.
13366 * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
13367 * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
13368 VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
13370 2014-06-27 Werner Koch <wk@gnupg.org>
13372 scd: Support reader Gemalto IDBridge CT30.
13373 * scd/ccid-driver.h (GEMPC_CT30): New product id.
13374 * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
13377 2014-06-26 Werner Koch <wk@gnupg.org>
13379 gpg: Limit keysize for unattended key generation to useful values.
13380 * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
13381 (gen_rsa): Enforce keysize 1024 to 4096.
13382 (gen_dsa): Enforce keysize 768 to 3072.
13384 Enable DNS SRV records again.
13385 * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
13386 (use_dns_srv): Make test work.
13388 agent: Fix export of RSA keys to OpenPGP.
13389 * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format
13392 gpg,gpgsm: Simplify wrong_args function.
13394 speedo: "make clean-gnupg" may not remove the source.
13395 * build-aux/speedo.mk (clean-$(1)): Take care of gnupg.
13397 gpgsm: Fix default config name.
13399 2014-06-25 Werner Koch <wk@gnupg.org>
13401 doc: Improve the rendering of the manual.
13403 doc: Update for modern makeinfo.
13404 * doc/texi.css: Remove.
13405 * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
13407 gpg: Allow key-to-card upload for cert-only keys.
13408 * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
13410 2014-06-24 Werner Koch <wk@gnupg.org>
13412 doc: Add conditionals for GnuPG-1.
13414 2014-06-20 Werner Koch <wk@gnupg.org>
13416 gpg: Make export of ECC keys work again.
13417 * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
13418 of the curve parameters.
13419 * g10/export.c (canon_pubkey_algo): Rename to ...
13420 (canon_pk_algo): this. Support ECC.
13421 (transfer_format_to_openpgp): Expect curve name.
13423 gpg: Avoid infinite loop in uncompressing garbled packets.
13424 * g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
13426 2014-06-17 Kristian Fiskerstrand <kf@sumptuouscapital.com>
13428 gpg: Fix a couple of spelling errors.
13430 2014-06-17 Werner Koch <wk@gnupg.org>
13432 speedo: Support building from dist-source generated tarball.
13434 2014-06-13 Werner Koch <wk@gnupg.org>
13436 http: Print human readable GNUTLS status.
13437 * common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
13438 (http_verify_server_credentials): Print a human readable status.
13440 2014-06-12 Werner Koch <wk@gnupg.org>
13442 gpg: Improve the output of --list-packets.
13443 * g10/parse-packet.c (parse): Print packet meta info in list mode.
13445 2014-06-11 Werner Koch <wk@gnupg.org>
13447 speedo: Improve building of the w32 installer.
13448 * build-aux/speedo.mk: Change name of build directory to PLAY.
13449 Improve the dist-source target.
13450 * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
13451 line (plus comment).
13452 * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
13453 Install more tools.
13455 2014-06-10 Werner Koch <wk@gnupg.org>
13457 speedo: Revamped speedo and include a w32 installer.
13458 * build-aux/speedo/: New.
13459 * build-aux/speedo/w32/: New.
13461 build: Add more options to autogen.sh.
13462 * autogen.sh: Add options --print-host and --print-build.
13464 w32: Fix build problem with dirmngr.
13465 * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement
13468 gpg: Use more specific reason codes for INV_RECP.
13469 * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
13470 reasons codes for INV_RECP.
13472 2014-06-06 Werner Koch <wk@gnupg.org>
13474 Improve the beta number generation.
13475 * autogen.sh: Add option --find-version
13476 * configure.ac: Rework the setting of the mym4_ variables.
13478 2014-06-05 Werner Koch <wk@gnupg.org>
13480 Remove keyserver helper code.
13481 * configure.ac: Remove keyserver helper related stuff.
13482 * Makefile.am (SUBDIRS): Remove keyserver.
13483 * keyserver/Makefile.am: Remove.
13485 gpg: Require confirmation for --gen-key with experimental curves.
13486 * g10/keygen.c (ask_curve): Add arg both. Require confirmation for
13489 gpg: Auto-migrate existing secring.gpg.
13490 * g10/migrate.c: New.
13491 * g10/import.c (import_old_secring): New.
13492 (import_one): Add arg silent.
13493 (transfer_secret_keys): Add arg batch.
13494 (import_secret_one): Add args batch and for_migration.
13495 * g10/gpg.c (main): Call migration function.
13497 2014-06-04 Werner Koch <wk@gnupg.org>
13499 gpgsm: Fix commit be07ed65.
13500 * sm/server.c (option_handler): Use "with-secret".
13502 2014-06-03 Werner Koch <wk@gnupg.org>
13504 Add new option --with-secret.
13505 * g10/gpg.c: Add option --with-secret.
13506 * g10/options.h (struct opt): Add field with_secret.
13507 * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
13509 (list_all, list_one): Add arg mark_secret.
13510 (list_keyblock_colon): Add arg has_secret.
13511 * sm/gpgsm.c: Add option --with-secret.
13512 * sm/server.c (option_handler): Add option "with-secret".
13513 * sm/gpgsm.h (server_control_s): Add field with_secret.
13514 * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
13515 the token string from the wrong field 14 to 15.
13517 gpgsm: New commands --export-secret-key-{p8,raw}
13518 * sm/gpgsm.c: Add new commands.
13519 * sm/minip12.c (build_key_sequence): Add arg mode.
13520 (p12_raw_build): New.
13521 * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
13522 (gpgsm_p12_export): Ditto.
13523 (print_short_info): Print the keygrip.
13525 2014-06-02 Werner Koch <wk@gnupg.org>
13527 gpg: Avoid NULL-deref in default key listing.
13528 * g10/keyid.c (hash_public_key): Take care of NULL keys.
13529 * g10/misc.c (pubkey_nbits): Ditto.
13531 gpg: Simplify default key listing.
13532 * g10/mainproc.c (list_node): Rework.
13534 gpg: Graceful skip reading of corrupt MPIs.
13535 * g10/parse-packet.c (mpi_read): Change error message on overflow.
13537 gpgsm: Handle re-issued CA certificates in a better way.
13538 * sm/certchain.c (find_up_search_by_keyid): Consider all matching
13540 (find_up): Add some debug messages.
13542 gpgsm: Add a way to save a found state.
13543 * kbx/keybox-defs.h (keybox_found_s): New.
13544 (keybox_handle): Factor FOUND out to above. Add saved_found.
13545 * kbx/keybox-init.c (keybox_release): Release saved_found.
13546 (keybox_push_found_state, keybox_pop_found_state): New.
13548 * sm/keydb.c (keydb_handle): Add field saved_found.
13549 (keydb_new): Init it.
13550 (keydb_push_found_state, keydb_pop_found_state): New.
13552 gpg: Fix bug parsing a zero length user id.
13553 * g10/getkey.c (get_user_id): Do not call xmalloc with 0.
13555 * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
13556 pass 0 to the arguments.
13558 2014-05-19 Werner Koch <wk@gnupg.org>
13560 dirmngr: Print certificates on failed TLS verification.
13561 * dirmngr/ks-engine-hkp.c (cert_log_cb): New.
13562 (send_request): Set callback.
13564 http: Add callback to help logging of server certificates.
13565 * common/http.c (http_session_s): Add field cert_log_cb.
13566 (http_session_set_log_cb): New.
13567 (http_verify_server_credentials): Call callback.
13569 2014-05-16 Werner Koch <wk@gnupg.org>
13571 keyserver: Improve support for hkps pools.
13572 * dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
13574 (create_new_hostinfo): Clear them.
13575 (my_getnameinfo): Add args numeric and r_isnumeric.
13576 (is_ip_address): New.
13577 (map_host): Add arg r_host. Rewrite the code to handle pools in a
13579 (ks_hkp_print_hosttable): Change format of help info output.
13580 (make_host_part): Add arg optional r_httphost.
13581 (send_request): Add arg httphost.
13582 (ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
13585 http: Allow overriding of the Host header.
13586 * common/http.c (http_open): Add arg httphost.
13587 (http_open_document): Pass NULL for httphost.
13588 (send_request): Add arg httphost. If given, use HTTPHOST instead of
13589 SERVER. Use https with a proxy if requested.
13590 (http_verify_server_credentials): Do not stop at the first error
13592 * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
13593 * keyserver/curl-shim.c (curl_easy_perform): Ditto.
13594 * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
13595 * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
13597 2014-05-14 Werner Koch <wk@gnupg.org>
13599 gpg: Fix uninitialized access to search descindex with gpg keyboxes.
13600 * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
13602 * g10/keydb.c (keydb_search): Always set DESCINDEX.
13604 w32: Make make_absfilename work with drive letters.
13605 * common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
13607 gpg: Remove useless diagnostic in MDC verification.
13608 * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
13609 MDC packer header and a bad MDC.
13611 gpg: Fix glitch entering a full expiration time.
13612 * g10/keygen.c (ask_expire_interval): Get the current time after the
13615 2014-05-08 Werner Koch <wk@gnupg.org>
13617 agent: Fix import of non-protected gpg keys.
13618 * agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
13619 non-protected keys.
13620 (convert_from_openpgp_main): Do not call agent_askpin for a
13623 Make more use of *_NAME macros.
13624 * configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
13625 (GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
13626 (DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
13627 (GPGCONF_DISP_NAME): New.
13628 (SCDAEMON_SOCK_NAME): New.
13629 * common/argparse.c (show_help): Map description string.
13631 2014-05-08 NIIBE Yutaka <gniibe@fsij.org>
13633 agent: Fix auth key comment handling.
13634 * agent/command-ssh.c (ssh_send_key_public): Handle the case with no
13637 2014-05-07 Werner Koch <wk@gnupg.org>
13639 Make -jN work again.
13640 * common/Makefile.am ($(PROGRAMS)): New rule
13641 (t_http_LDADD): Use libcommontls.a without directory prefix.
13642 * dirmngr/Makefile.am ($(PROGRAMS)): New rule.
13644 gpg: Print the key algorithm/curve with signature info.
13645 * g10/mainproc.c (check_sig_and_print): Print the name and curve.
13647 gpg: Fix memleak in signature verification of bogus keys.
13648 * g10/mainproc.c (check_sig_and_print): Factor common code out to ...
13649 (print_good_bad_signature): here.
13651 gpg: Mark experimental algorithms in the key listing.
13652 * g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
13653 Print a note for experimental algorithms.
13654 * g10/misc.c (print_pubkey_algo_note): Fix warning message.
13656 gpg: Finish experimental support for Ed25519.
13657 * agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
13658 (get_keygrip): Add and use arg CURVE.
13659 (convert_secret_key): Ditto.
13660 (convert_transfer_key): Ditto.
13661 (get_npkey_nskey): New.
13662 (prepare_unprotect): Replace gcrypt functions by
13663 get_npkey_nskey. Allow opaque MPIs.
13664 (do_unprotect): Use CURVE instead of parameters.
13665 (convert_from_openpgp_main): Ditto.
13666 (convert_to_openpgp): Simplify.
13667 * g10/import.c (one_mpi_from_pkey): Remove.
13668 (transfer_secret_keys): Rewrite to use the curve instead of the
13670 * g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
13672 * common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
13673 "NIST P-256" et al.
13674 * g10/keygen.c (ask_curve): Add arg ALGO.
13675 (generate_keypair): Rewrite the ECC key logic.
13677 * tests/openpgp/ecc.test: Provide the "ecc" passphrase.
13679 kbx: Add experimental support for EDDSA.
13680 * kbx/keybox-openpgp.c (parse_key): Use algo constants and add
13681 experimental support for EdDSA.
13683 agent: Remove greeting message.
13684 * agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a
13687 2014-05-06 Werner Koch <wk@gnupg.org>
13689 Use "samethread" mode keyword for some es_fopenmem.
13690 * dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
13691 * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
13692 * scd/atr.c (atr_dump): Ditto.
13694 2014-05-05 Werner Koch <wk@gnupg.org>
13696 dirmngr: Add support for hkps keyservers.
13697 * dirmngr/dirmngr.c: Include gnutls.h.
13698 (opts): Add --gnutls-debug and --hkp-cacert.
13699 (opt_gnutls_debug, my_gnutls_log): New.
13700 (set_debug): Set gnutls log level.
13701 (parse_rereadable_options): Register a CA file.
13702 (main): Init GNUTLS.
13703 * dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
13704 (send_request): Ditto.
13706 http: Add reference counting to the session object.
13707 * common/http.c (http_session_t): Add field "refcount".
13708 (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
13709 (send_request, my_npth_read, my_npth_write): Use SOCK object for the
13711 (http_session_release): Factor all code out to ...
13712 (session_unref): here. Deref SOCK.
13713 (http_session_new): Init refcount and transport ptr.
13714 (http_session_ref): New. Ref and unref all assignments.
13716 2014-05-02 Werner Koch <wk@gnupg.org>
13718 http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
13719 * common/http.c (http_parse_uri): Factor code out to ...
13720 (parse_uri): here. Add arg FORCE_TLS.
13721 (do_parse_uri): Ditto. Implement flag.
13722 (http_get_tls_info): New.
13723 (http_register_tls_ca): Allow clearing of the list.
13724 (send_request): Use a default verification function.
13725 * common/http.h (HTTP_FLAG_FORCE_TLS): New.
13726 * common/t-http.c (main): Add several command line options.
13728 common: Fix test for openpgp_oid_is_ed25519.
13729 * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
13732 http: Revamp TLS API.
13733 * configure.ac (NEED_GNUTLS_VERSION): New.
13734 (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
13736 * common/http.h (http_session_t): New.
13737 * common/http.c: Remove compatibility for gnutls < 3.0.
13738 (http_session_s): New.
13739 (cookie_s): Replace gnutls_session_t by http_session_t.
13740 (tls_callback, tls_ca_certlist): New variables.
13741 (my_socket_unref): Add preclose args.
13742 (my_npth_read, my_npth_write): New.
13743 (make_header_line): Fix bug using int* instead of char*.
13744 (http_register_tls_callback): New.
13745 (http_register_tls_ca): New.
13746 (http_session_new): New.
13747 (http_session_release): New.
13748 (http_get_header_names): New.
13749 (escape_data): Add hack to escape in forms mode.
13750 (send_request) [HTTP_USE_GNUTLS]: Support SNI.
13751 (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
13752 (send_gnutls_bye): New.
13753 (cookie_close): Make use of preclose feature.
13754 (http_verify_server_credentials): New.
13755 (main) [TEST]: Remove test code.
13756 * common/t-http.c: New.
13757 * common/tls-ca.pem: New.
13758 * common/Makefile.am (tls_sources): New. Move http code to here.
13759 (libcommontls_a_SOURCES): New.
13760 (libcommontlsnpth_a_SOURCES): New.
13761 (EXTRA_DIST): Add tls-ca.pem
13762 (module_maint_tests): Add t-http.
13763 (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
13765 * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
13767 common: Cleanup the use of USE_NPTH and HAVE_NPTH macros.
13768 * configure.ac (HAVE_NPTH): New ac_define.
13769 * common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
13770 * common/http.c: Ditto. Replace remaining calls to pth by npth calls.
13771 (connect_server): Remove useless _().
13772 * common/exechelp-posix.c, common/exechelp-w32.c
13773 * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
13774 * common/init.c (_init_common_subsystems): Remove call to pth_init.
13775 * common/sysutils.c (gnupg_sleep): Use npth_sleep.
13776 * scd/ccid-driver.c (my_sleep): Ditto.
13778 2014-04-30 Werner Koch <wk@gnupg.org>
13780 estream: Implement "samethread" mode keyword.
13781 * src/estream.c (estream_internal): Add field SAMETHREAD.
13782 (init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
13783 (parse_mode): Add arg SAMETHREAD and parse that keyword.
13784 (es_initialize): Rename to ...
13785 (init_stream_obj): this. Add arg SAMETHREAD.
13786 (es_create): Add arg SAMETHREAD. Call init_stream_lock after
13788 (doreadline): Call es_create with samethread flag.
13789 (es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
13790 (do_fpopen, do_w32open): Implement "samethread" keyword.
13791 (es_freopen): Take samthread flag from old stream.
13792 (es_tmpfile): Call es)_create w/o samethread.
13794 estream: Fix deadlock in es_fileno.
13795 * src/estream.c (es_fileno_unlocked): Call the unlocked functions.
13797 estream: Add debug code to the lock functions.
13798 * common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.
13800 estream: Replace locking macros by functions.
13801 * common/estream.c: Replace most macros.
13803 2014-04-28 NIIBE Yutaka <gniibe@fsij.org>
13806 * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
13807 (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
13808 does not distinguish the detail.
13809 (do_unprotect, convert_from_openpgp_main): Don't call
13810 map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
13811 not the value defined by OpenPGP.
13812 (convert_to_openpgp): It's "ecc".
13813 * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
13814 * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
13815 * g10/pubkey-enc.c (get_it): Fix swapping the fields error.
13817 2014-04-22 Werner Koch <wk@gnupg.org>
13819 gpg: Pass --homedir to gpg-agent.
13820 * agent/gpg-agent.c (main): Make sure homedir is absolute.
13821 * common/asshelp.c (lock_spawning): Create lock file with an absolute
13823 (start_new_gpg_agent): Use an absolute name for the socket and pass
13824 option --homedir to the agent.
13825 (start_new_dirmngr): Use an absolute name for the --homedir.
13827 common: Add functions make_absfilename and make_absfilename_try.
13828 * common/stringhelp.c (do_make_filename): Add modes 2 and 3.
13829 (make_absfilename): New.
13830 (make_absfilename_try): New.
13832 common: Add function gnupg_getcwd.
13833 * tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
13834 * common/sysutils.c (gnupg_getcwd): .. here.
13835 * tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
13837 gpg: Print a warning if GKR has hijacked gpg-agent.
13838 * g10/call-agent.c (check_hijacking): New.
13839 (start_agent): Call it.
13840 (membuf_data_cb, default_inq_cb): Move more to the top.
13842 2014-04-17 Werner Koch <wk@gnupg.org>
13844 gpg: New %U expando for the photo viewer.
13845 * g10/photoid.c (show_photos): Set namehash.
13846 * g10/misc.c (pct_expando): Add "%U" expando.
13848 common: Add z-base-32 encoder.
13849 * common/zb32.c: New.
13850 * common/t-zb32.c: New.
13851 * common/Makefile.am (common_sources): Add zb82.c
13852 (module_tests): Add t-zb32.
13854 2014-04-16 Werner Koch <wk@gnupg.org>
13856 Two minor code cleanups and one NULL deref on error fix.
13857 * common/estream.c (es_freopen): Remove useless check for STREAM.
13858 * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
13860 * tools/sockprox.c (run_proxy): Do not fclose(NULL).
13862 2014-04-15 Werner Koch <wk@gnupg.org>
13864 gpg: Re-enable secret key deletion.
13865 * g10/call-agent.c (agent_delete_key): New.
13866 * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
13867 * g10/passphrase.c (gpg_format_keydesc): Support new format.
13868 * g10/delkey.c (do_delete_key): Add secret key deletion.
13870 gpg: Re-indent a file.
13871 * g10/delkey.c: Re-indent.
13872 (do_delete_key, delete_keys): Change return type top gpg_error_t.
13874 gpg: Fix regression in secret key export.
13875 * agent/cvt-openpgp.c (convert_to_openpgp): Fix use
13876 gcry_sexp_extract_param.
13877 * g10/export.c (do_export_stream): Provide a proper prompt to the
13880 gpg: Change pinentry prompt to talk about "secret key".
13881 * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
13882 * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
13883 (FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
13885 agent: Add command DELETE_KEY.
13886 * agent/command.c (cmd_delete_key): New.
13887 * agent/findkey.c (modify_description): Add '%C' feature.
13888 (remove_key_file): New.
13889 (agent_delete_key): New.
13890 * agent/command-ssh.c (search_control_file): Make arg R_DISABLE
13893 * configure.ac: Require libgpg-error 1.13.
13895 2014-04-09 NIIBE Yutaka <gniibe@fsij.org>
13897 scd: EdDSA support.
13898 * scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
13899 (struct app_local_s): Add eddsa.
13900 (get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
13901 (get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
13902 (send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
13903 (build_ecc_privkey_template): Rename as it supports both of
13905 (ecc_writekey): Rename. Support CURVE_ED25519, too.
13906 (do_writekey): Follow the change of ecc_writekey.
13907 (do_auth): Support KEY_TYPE_EDDSA.
13908 (parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
13909 (parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
13911 2014-04-08 Werner Koch <wk@gnupg.org>
13913 dirmngr: Fix compiler warning.
13914 * common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
13915 * dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
13916 (time_for_housekeeping_p): new.
13918 gpgconf: Add command --launch.
13919 * tools/gpgconf.c: Add command --launch.
13920 * tools/gpgconf-comp.c (gc_component_launch): New.
13922 scd: Silent compiler warnings about unused variables.
13923 * scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
13924 (ecdh_writekey): Mark unused args.
13926 2014-04-08 NIIBE Yutaka <gniibe@fsij.org>
13928 agent: Support EdDSA.
13929 * agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
13931 g10: EdDSA support.
13932 * g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
13933 * g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
13934 * common/openpgp-oid.c (oid_ed25519): Update.
13936 2014-04-04 NIIBE Yutaka <gniibe@fsij.org>
13938 agent: EdDSA support for SSH.
13939 * agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
13940 two 32-byte opaque data which should not be interpreted as number.
13942 2014-03-27 Werner Koch <wk@gnupg.org>
13944 gpg: Add commands --quick-sign-key and --quick-lsign-key.
13945 * g10/gpg.c (main): Add commands --quick-sign-key and
13947 * g10/keyedit.c (sign_uids): Add args FP and QUICK.
13948 (keyedit_quick_sign): New.
13949 (show_key_with_all_names): Add arg NOWARN.
13951 Change some keyedit functions to allow printing to arbitrary streams.
13952 * common/ttyio.c (tty_print_string): Add optional arg FP. Change all
13954 (tty_print_utf8_string2): Ditto.
13955 * g10/keyedit.c (show_prefs): Ditto.
13956 (show_key_with_all_names_colon): Ditto.
13957 (show_names): Ditto.
13958 * g10/keylist.c (print_revokers): Ditto.
13959 (print_fingerprint): Ditto.
13961 2014-03-23 Werner Koch <wk@gnupg.org>
13963 agent: Replace es_mopen by es_fopenmem for ssh.
13964 * agent/command-ssh.c (ssh_read_key_public_from_blob): Use
13966 (ssh_handler_request_identities): Ditto.
13967 (ssh_request_process): Ditto.
13969 2014-03-22 Werner Koch <wk@gnupg.org>
13971 agent: Put ssh key type as comment into sshcontrol.
13972 * agent/command-ssh.c (ssh_key_type_spec): Add field name.
13973 (ssh_key_types): Add human readable names.
13974 (add_control_entry): Add arg SPEC and print key type as comment.
13975 (ssh_identity_register): Add arg SPEC.
13976 (ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
13978 agent: Support the Ed25519 signature algorithm for ssh.
13979 * agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
13980 (ssh_key_types): Add entry for ssh-ed25519.
13981 (ssh_identifier_from_curve_name): Move to the top.
13982 (stream_read_skip): New.
13983 (stream_read_blob): New.
13984 (ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
13985 the s-exp parsing to here.
13986 (ssh_signature_encoder_dsa): Ditto.
13987 (ssh_signature_encoder_ecdsa): Ditto.
13988 (ssh_signature_encoder_eddsa): New.
13989 (sexp_key_construct): Rewrite.
13990 (ssh_key_extract): Rename to ...
13991 (ssh_key_to_blob): .. this and rewrite most of it.
13992 (ssh_receive_key): Add case for EdDSA.
13993 (ssh_convert_key_to_blob, key_secret_to_public): Remove.
13994 (ssh_send_key_public): Rewrite.
13995 (ssh_handler_request_identities): Simplify.
13996 (data_sign): Add rename args. Add new args HASH and HASHLEN. Make
13997 use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs
13998 which is now doe in the sgnature encoder functions.
13999 (ssh_handler_sign_request): Take care of Ed25519.
14000 (ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
14002 agent: Cleanups to prepare implementation of Ed25519.
14003 * agent/cvt-openpgp.c: Remove.
14004 (convert_to_openpgp): Use gcry_sexp_extract_param.
14005 * agent/findkey.c (is_eddsa): New.
14006 (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
14007 * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
14010 * common/ssh-utils.c (is_eddsa): New.
14011 (get_fingerprint): Take care or EdDSA.
14013 2014-03-18 Werner Koch <wk@gnupg.org>
14015 tools: Fix NULL deref in gpg-connect-agent.
14016 * tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to
14019 dirmngr: Resurrect hosts in the HKP hosttable.
14020 * dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
14021 (housekeeping_thread): New.
14022 (handle_tick): Call new function.
14023 * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
14024 (struct hostinfo_s): Add field died_at and set it along with the dead
14026 (ks_hkp_print_hosttable): Print that info.
14027 (ks_hkp_housekeeping): New.
14029 common: New function elapsed_time_string.
14030 * common/gettime.c (elapsed_time_string): New.
14032 2014-03-17 Werner Koch <wk@gnupg.org>
14034 gpg: Reject signatures made with MD5.
14035 * g10/gpg.c: Add option --allow-weak-digest-algos.
14036 (main): Set option also in PGP2 mode.
14037 * g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
14038 * g10/sig-check.c (do_check): Reject MD5 signatures.
14039 * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
14041 gpg: Make --auto-key-locate work again with keyservers.
14042 * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
14043 * g10/keyserver.c (keyserver_import_name): Implement.
14044 (keyserver_get): Use exact mode for name based import.
14045 (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
14047 gpg: New mechanism "clear" for --auto-key-locate.
14048 * g10/getkey.c (parse_auto_key_locate): Implement "clear".
14050 2014-03-14 Werner Koch <wk@gnupg.org>
14052 gpg-connect-agent: Make it easier to connect to the dirmngr.
14053 * tools/gpg-connect-agent.c: Add options --dirmngr and
14056 dirmngr: Make use of IPv4 and IPV6 more explicit.
14057 * common/http.c (connect_server): Handle the new flags.
14058 * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
14059 * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
14060 (make_host_part): Ditto.
14061 (send_request): Add arg httpflags.
14062 (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
14064 dirmngr: Do not use brackets around legacy IP addresses.
14065 * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
14066 complete addrinfo. Bracket only v6 addresses. Change caller.
14068 gpg: Print the actual used keyserver address.
14069 * dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
14071 * g10/call-dirmngr.c (ks_status_parm_s): New.
14072 (ks_search_parm_s): Add field stparm.
14073 (ks_status_cb): New.
14074 (ks_search_data_cb): Send source to the data callback.
14075 (gpg_dirmngr_ks_search): Change callback prototope to include the
14076 SPECIAL arg. Adjust all users. Use ks_status_cb.
14077 (gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
14078 * g10/keyserver.c (search_line_handler): Adjust callback and print
14079 "data source" disgnostic.
14080 (keyserver_get): Print data source diagnostic.
14082 dirmngr: Default to a user socket name and enable autostart.
14083 * common/homedir.c (dirmngr_socket_name): Rename to
14084 dirmngr_sys_socket_name.
14085 (dirmngr_user_socket_name): New.
14086 * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
14088 * dirmngr/dirmngr.c (main): Ditto.
14089 * dirmngr/server.c (cmd_getinfo): Ditto.
14090 * sm/server.c (gpgsm_server): Ditto.
14091 * dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
14092 * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.
14094 * configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
14096 2014-03-12 Werner Koch <wk@gnupg.org>
14098 gpg: Add option --dirmngr-program.
14099 * g10/gpg.c: Add option --dirmngr-program.
14100 * g10/options.h (struct opt): Add field dirmngr_program.
14101 * g10/call-dirmngr.c (create_context): Use new var.
14103 * dirmngr/dirmngr.c: Include gc-opt-flags.h.
14104 (main): Remove GC_OPT_FLAG_*.
14105 * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
14106 * common/gc-opt-flags.h: here.
14108 dirmngr: Detect dead keyservers and try another one.
14109 * dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
14110 (ks_action_search, ks_action_put): Ditto.
14111 (ks_action_get): Consult only the first server which retruned some
14114 * dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
14115 (map_host): Add arg CTRL and call dirmngr_tick.
14116 (make_host_part): Add arg CTRL.
14117 (mark_host_dead): Allow the use of an URL.
14118 (handle_send_request_error): New.
14119 (ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
14122 http: Add a flag to the URL parser indicating a literal v6 address.
14123 * common/http.h (struct parsed_uri_t): Add field v6lit.
14124 * common/http.c (do_parse_uri): Set v6lit.
14126 2014-03-12 NIIBE Yutaka <gniibe@fsij.org>
14128 scd: writekey support of ECC.
14129 * scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
14130 (store_fpr): Support ECC keys with varargs.
14131 (get_ecc_key_parameters, get_curve_name): Support secp256k1.
14132 (parse_ecc_curve): Likewise.
14133 (build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
14134 (ecdh_writekey): New. Not implemented yet.
14135 (do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
14136 (do_genkey): Follow the change of store_fpr.
14138 2014-03-11 Werner Koch <wk@gnupg.org>
14140 dirmngr: Put brackets around IP addresses in the hosttable.
14141 * dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
14142 (my_getnameinfo): New.
14143 (map_host): Use it.
14145 dirmngr: Add command option to mark hosts as dead or alive.
14146 * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
14147 (check_owner_permission): here.
14148 (cmd_keyserver): Add options --dead and --alive.
14149 * dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
14150 (ks_hkp_mark_host): New.
14152 dirmngr: Make Assuan output of keyblocks easier readable.
14153 * dirmngr/server.c (data_line_cookie_write): Print shorter data lines
14156 dirmngr: Fix HKP host selection code.
14157 * dirmngr/server.c (cmd_keyserver): Add option --resolve and change
14158 --print-hosttable to --hosttable.
14159 * dirmngr/ks-action.c (ks_printf_help): New.
14160 (ks_action_resolve): New.
14161 * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
14162 (ks_hkp_print_hosttable): Print to assuan stream.
14163 (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric
14164 IP addr if it can't be resolved.
14165 (make_host_part): Add arg FORCE_SELECT; change callers to pass false.
14166 (ks_hkp_resolve): New.
14168 List readline support in configure summary.
14169 * m4/readline.m4: Set gnupg_cv_have_readline.
14170 * configure.ac: Add readline support to summary output.
14172 2014-03-11 NIIBE Yutaka <gniibe@fsij.org>
14174 agent: API change of agent_key_from_file.
14175 * agent/findkey.c (agent_key_from_file): Always return S-expression.
14176 * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
14177 (cmd_export_key): Likewise. Free SHADOW_INFO.
14178 (cmd_keytocard): Likewise. Release S_SKEY.
14179 * agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
14180 * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to
14183 2014-03-10 Werner Koch <wk@gnupg.org>
14185 Backport useful code from fixes for bug 1447.
14186 * configure.ac: Cehck for inet_ntop.
14187 * m4/libcurl.m4: Provide a #define for the version of the curl
14190 scd: acquire lock in new_reader_slot.
14191 * scd/apdu.c (new_reader_slot): Acquire lock.
14192 (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
14193 (open_ccid_reader, open_rapdu_reader): Release lock.
14194 (lock_slot, trylock_slot, unlock_slot): Move more to the top.
14196 Do not require libiconv for Android.
14197 * configure.ac (require_iconv): New. Set to false for android.
14198 (AM_ICONV): Run only if required.
14200 2014-03-07 Werner Koch <wk@gnupg.org>
14202 dirmmgr: Use a portability wrapper for struct timeval.
14203 * dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
14204 (my_ldap_timeval_t): New.
14206 Silence more warnings about unused vars and args.
14207 * dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
14208 * dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
14209 * dirmngr/dirmngr.c (w32_service_control): Mark unused args.
14210 (call_real_main): New.
14211 (main) [W32]: Use new function to match prototype.
14212 (real_main) [W32]: Mark unused vars.
14213 (handle_signal) [W32]: Do not build the function at all.
14214 (handle_connections) [W32]: Do not define signo.
14215 * dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
14216 * g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
14218 dirmngr: Simplify strtok macro.
14219 * dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
14220 (ldap_str2charray): Remove lasts.
14222 Use attribute __gnu_printf__ also in estream header files.
14223 * common/estream-printf.h: Use attribute gnu_printf.
14224 * common/estream.h: Ditto.
14226 Use attribute __gnu_printf__ with our estream-printf functions.
14227 * common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
14228 (JNLIB_GCC_A_NR_PRINTF): Ditto.
14230 w32: Silence warnings about unused vars.
14231 * agent/gpg-agent.c (main) [W32]: Mark unused vars.
14232 * sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
14233 * g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
14234 * scd/scdaemon.c (main) [W32]: Ditto.
14235 (handle_connections) [W32]: Ditto.
14236 (handle_signal) [W32]: Do not build the function at all.
14237 * scd/apdu.c (pcsc_send_apdu_direct): Ditto.
14238 (connect_pcsc_card): s/long/pcsc_dword_t/.
14239 (open_pcsc_reader_direct): Remove var listlen.
14241 w32: Fix a potential problem in gpgconf's gettext.
14242 * tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure
14243 to return something even DOMAIN is not given.
14245 Silence several warnings when building under Windows.
14246 * agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
14247 (start_pinentry): Ditto.
14248 * common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
14249 * common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
14250 prototypes on Windows and some other platforms.
14251 * common/logging.c (fun_writer): Declare addrbuf only if needed.
14252 * g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
14253 * g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
14255 * g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
14256 by -1 as temporary hack for Windows.
14257 * g10/export.c (do_export): Ditto.
14258 * g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
14259 * g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
14260 * g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
14262 w32: Include winsock2.h to silence warnings.
14264 gl: Avoid warning about shadowing an arg.
14265 * gl/setenv.c (KNOWN_VALUE): s/value/_v/.
14267 common: Fix build problem with Sun Studio compiler.
14268 * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
14270 (ESTREAM_MUTEX_INITIALIZE): Ditto.
14272 gpg: Do not require a trustdb with --always-trust.
14273 * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
14274 * g10/trustdb.c (trustdb_args): Add field no_trustdb.
14275 (init_trustdb): Set that field.
14276 (revalidation_mark): Take care of a nonexistent trustdb file.
14277 (read_trust_options): Ditto.
14278 (tdb_get_ownertrust): Ditto.
14279 (tdb_get_min_ownertrust): Ditto.
14280 (tdb_update_ownertrust): Ditto.
14281 (update_min_ownertrust): Ditto.
14282 (tdb_clear_ownertrusts): Ditto.
14283 (tdb_cache_disabled_value): Ditto.
14284 (tdb_check_trustdb_stale): Ditto.
14285 (tdb_get_validity_core): Ditto.
14286 * g10/gpg.c (main): Do not create a trustdb with most commands for
14287 trust-model always.
14289 gpg: Print a "not found" message for an unknown key in --key-edit.
14290 * g10/keyedit.c (keyedit_menu): Print message.
14292 gpg: Protect against rogue keyservers sending secret keys.
14293 * g10/options.h (IMPORT_NO_SECKEY): New.
14294 * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
14296 * g10/import.c (import_secret_one): Deny import if flag is set.
14298 agent: Fix UPDATESTARTUPTTY for ssh.
14299 * agent/command-ssh.c (setup_ssh_env): Fix env setting.
14301 gpgv: Init Libgcrypt to avoid syslog warning.
14302 * g10/gpgv.c (main): Check libgcrypt version and disable secure
14305 Improve libcurl detection.
14306 * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
14307 given. Suggested by John Marshall.
14309 gpg: Remove legacy keyserver examples from the template conf file.
14310 * g10/options.skel: Update.
14312 (cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)
14314 w32: Define WINVER only if needed.
14315 * common/sysutils.c (WINVER): Define only if less that 5.0.
14317 w32: Remove unused code.
14318 * jnlib/w32-reg.c (write_w32_registry_string): Remove.
14320 agent: Make --allow-mark-trusted the default.
14321 * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
14322 Put this option into the gpgconf-list.
14323 (main): Enable opt.allow_mark_trusted by default.
14324 * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
14325 allow-mark-trusted by no-allow-mark-trusted.
14327 * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.
14329 ssh: Add support for Putty.
14330 * agent/gpg-agent.c [W32]: Include Several Windows header.
14331 (opts): Change help text for enable-ssh-support.
14332 (opts, main): Add option --enable-putty-support
14333 (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
14334 (agent_init_default_ctrl): Add and asssert call.
14335 (putty_message_proc, putty_message_thread): New.
14336 (handle_connections) [W32]: Start putty message thread.
14337 * common/sysutils.c (w32_get_user_sid): New for W32 only
14338 * tools/gpgconf-comp.c (gc_options_gpg_agent): Add
14339 --enable-ssh-support and --enable-putty-support. Make the
14340 configuration group visible at basic level.
14341 * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
14343 agent: Fix binary vs. text mode problem in ssh.
14344 * agent/command-ssh.c (file_to_buffer)
14345 (ssh_handler_request_identities): Open streams in binary mode.
14346 (start_command_handler_ssh): Factor some code out to ..
14347 (setup_ssh_env): new function.
14349 Fix syntax error for building on APPLE.
14350 * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
14352 Ignore obsolete option --disable-keypad.
14353 * scd/scdaemon.c (opts): Ignore --disable-keypad.
14355 Allow marking options as ignored.
14356 * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
14357 (ARGPARSE_TYPE_MASK): New, for internal use.
14358 (ARGPARSE_ignore): New.
14359 * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
14360 constants by macros.
14361 (optfile_parse): Implement ARGPARSE_OPT_IGNORE.
14362 (arg_parse): Exclide ignore options from --dump-options.
14364 2014-03-06 Werner Koch <wk@gnupg.org>
14366 common: Fix recent commit 55656208.
14367 * common/membuf.c (get_membuf_shrink): Fix use of LEN.
14369 2014-03-06 NIIBE Yutaka <gniibe@fsij.org>
14372 * g10/trust.c (register_trusted_keyid, register_trusted_key)
14373 (update_ownertrust): Call functions with tdb_.
14375 2014-02-26 Werner Koch <wk@gnupg.org>
14377 common: Replace all macros in strusage() returned strings.
14378 * common/argparse.c (writechar): Remove.
14379 (writestrings): Simplify.
14380 (strusage): Use map_static_macro_string.
14382 common: New function map_static_macro_string.
14383 * common/mapstrings.c: New.
14384 * common/t-mapstrings.c: New.
14385 * common/t-support.h (DIM, DIMof): Define if not defined.
14386 * common/Makefile.am: Add new files.
14388 common: New function get_membuf_shrink.
14389 * common/membuf.c (get_membuf_shrink): New.
14391 agent: Fixed unresolved symbol under Windows.
14392 * agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/.
14394 common: Require an installed libiconv.
14395 * common/utf8conv.c: Remove dynload.h.
14396 (load_libiconv): Remove. Remove all calls to it.
14398 2014-02-10 Werner Koch <wk@gnupg.org>
14400 gpg: Silent more compiler warnings due to some configure options.
14401 * g10/keygen.c (generate_keypair, gen_card_key)
14402 (gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
14404 tests: Avoid segv if dns cert lookup is not configured.
14405 * common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args.
14407 gpg: Cleanup compiler warnings due to some configure options.
14408 * g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
14410 * tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
14413 gpg: Allow building without any trust model support.
14414 * configure.ac: Add option --disable-trust-models
14415 (NO_TRUST_MODELS): New ac_define and am_conditional.
14416 * g10/Makefile.am (trust_source): New.
14417 (gpg2_SOURCES): Factor some files out to above. Add trust.c.
14418 * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
14419 --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
14420 --list-trustdb, --trustdb-name, --auto-check-trustdb,
14421 --no-auto-check-trustdb, and --force-ownertrust.
14422 (parse_trust_model) [NO_TRUST_MODELS]: Do not build.
14423 (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
14424 trustdb related option code.
14425 * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
14426 "enable", and "disable".
14427 * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
14430 * g10/trust.c: New.
14431 * g10/trustdb.c (struct key_item): Move to trustdb.h.
14432 (register_trusted_keyid): Rename to tdb_register_trusted_keyid.
14433 (register_trusted_key): Rename to tdb_register_trusted_key.
14434 (trust_letter, uid_trust_string_fixed, trust_value_to_string)
14435 (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
14436 (get_ownertrust_string, get_validity_info, get_validity_string)
14437 (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
14438 (mark_usable_uid_certs): Move to trust.c and make global.
14439 (is_in_klist): Move as inline to trustdb.h.
14440 (trustdb_check_or_update): Rename to tdb_check_or_update
14441 (revalidation_mark): Rename to tdb_revalidation_mark.
14442 (get_ownertrust): Rename to tdb_get_ownertrust.
14443 (get_min_ownertrust): Rename to tdb_get_min_ownertrust.
14444 (update_ownertrust): Rename to tdb_update_ownertrust.
14445 (clear_ownertrusts): Rename to tdb_clear_ownertrusts.
14446 (cache_disabled_value): Rename to tdb_cache_disabled_value.
14447 (check_trustdb_stale): Rename to tdb_check_trustdb_stale.
14448 (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
14449 factor some code out to ...
14450 * trust.c (get_validity): ...new.
14451 (check_or_update_trustdb): New wrapper.
14452 (revalidation_mark): New wrapper.
14453 (get_ownertrust): New wrapper.
14454 (get_ownertrust_with_min): New wrapper.
14455 (update_ownertrust): New wrapper.
14456 (clear_ownertrusts): New wrapper.
14457 (cache_disabled_value): New wrapper.
14458 (check_trustdb_stale): New wrapper.
14460 * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
14463 tests: Handle disabled algorithms.
14464 * tests/openpgp/mds.test: Skip disabled algorithms.
14465 * tests/openpgp/signencrypt-dsa.test: Ditto.
14466 * tests/openpgp/sigs-dsa.test: Ditto.
14468 2014-02-07 Werner Koch <wk@gnupg.org>
14470 Silence annoying ABI change warning.
14471 * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc
14472 option tests for gcc >= 4.6
14474 Allow disabling of card support.
14475 * configure.ac: Add option --disable-card-support. Also add
14476 am_conditional and do not build scd if card support is enabled.
14478 gpg: List only available algos in --gen-key.
14479 * g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.
14481 gpg: Change --print-mds to output enabled OpenPGP algos.
14482 * g10/gpg.c (print_mds): Use opengpg_md_test_algo. Test also for MD5
14485 gpg: Avoid compiler warnings for disabled algos.
14486 * g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo.
14487 (openpgp_pk_test_algo2): Ditto.
14488 (map_md_openpgp_to_gcry): Ditto.
14490 2014-02-05 Werner Koch <wk@gnupg.org>
14492 gpg: Change format for the key size in --list-key and --edit-key.
14493 * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
14494 * g10/options.h (struct opt): Add field legacy_list_mode.
14495 * g10/keydb.h (PUBKEY_STRING_SIZE): New.
14496 * g10/keyid.c (pubkey_string): New.
14497 * g10/import.c (import_one, import_secret_one): Use pubkey_string.
14498 * g10/keylist.c (print_seckey_info): Ditto.
14499 (print_pubkey_info, print_card_key_info): Ditto.
14500 (list_keyblock_print): Ditto.
14501 * g10/mainproc.c (list_node): Ditto.
14502 * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
14503 * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
14505 (show_basic_key_info): Ditto.
14506 * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
14507 (openpgp_oid_to_curve): Downcase "ed25519"
14509 2014-01-31 Werner Koch <wk@gnupg.org>
14511 gpg: Add configure options to disable algorithms.
14512 * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
14513 * configure.ac: Add --enable-gpg-* options to disable non MUS
14515 * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
14516 (openpgp_pk_test_algo2): Ditto.
14517 (map_md_openpgp_to_gcry): Ditto.
14518 (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
14520 gpg: Improve --version algo info output.
14521 * g10/misc.c (openpgp_pk_algo_name): Return a different string for
14522 each ECC algorithm.
14523 * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the
14524 different algo type enums.
14525 (build_list_pk_algo_name): Ditto.
14526 (build_list_cipher_test_algo): Ditto.
14527 (build_list_cipher_algo_name): Ditto.
14528 (build_list_md_test_algo): Ditto.
14529 (build_list_md_algo_name): Ditto.
14530 (my_strusage): Use them.
14531 (list_config): Ditto. Add "pubkeyname".
14532 (build_list): Add letter==1 hack.
14534 gpg: Start using OpenPGP digest algo ids.
14535 * g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg.
14536 (print_cipher_algo_note): Ditto.
14537 (print_digest_algo_note): Ditto.
14538 (map_md_openpgp_to_gcry): New.
14539 (openpgp_md_test_algo): Rewrite.
14540 (openpgp_md_algo_name): Rewrite to do without Libgcrypt.
14541 * g10/cpr.c (write_status_begin_signing): Remove hardwired list of
14544 gpg: Use only OpenPGP cipher algo ids.
14545 * g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
14546 use enums for the arg and return value.
14547 (map_cipher_gcry_to_openpgp): Ditto.
14548 (openpgp_cipher_blocklen): Use constant macros.
14549 (openpgp_cipher_test_algo): Use mapping function and prepare to
14550 disable algorithms.
14551 (openpgp_cipher_algo_name): Do not use Libgcrypt.
14553 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
14554 CGRY_CIPHER_* by CIPHER_ALGO_*.
14556 * common/openpgpdefs.h (cipher_algo_t): Remove unused
14559 2014-01-30 Werner Koch <wk@gnupg.org>
14561 gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
14562 * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
14564 * g10/keygen.c (check_keygrip): Adjust for change.
14565 * sm/certreqgen-ui.c (check_keygrip): Likewise.
14567 * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
14569 * g10/misc.c (map_pk_openpgp_to_gcry): Remove.
14570 (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
14571 (openpgp_pk_test_algo2): Rewrite.
14572 (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
14573 (openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
14574 (pubkey_get_npkey, pubkey_get_nskey): Ditto.
14575 (pubkey_get_nsig, pubkey_get_nenc): Ditto.
14576 * g10/keygen.c(do_create_from_keygrip): Support EdDSA.
14577 (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
14578 * g10/build-packet.c (do_key): Ditto.
14579 * g10/export.c (transfer_format_to_openpgp): Ditto.
14580 * g10/getkey.c (cache_public_key): Ditto.
14581 * g10/import.c (transfer_secret_keys): Ditto.
14582 * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
14583 * g10/mainproc.c (proc_pubkey_enc): Ditto.
14584 * g10/parse-packet.c (parse_key): Ditto,
14585 * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
14586 * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
14587 * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
14588 OpenPGP algo ids and support EdDSA.
14589 * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
14590 * g10/seskey.c (encode_md_value): Ditto.
14592 2014-01-29 Werner Koch <wk@gnupg.org>
14594 gpg: Remove cipher.h and put algo ids into a common file.
14595 * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
14596 (compress_algo_t): New.
14597 * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
14598 * g10/cipher.h (DEK): Move to ...
14599 * g10/dek.h: new file.
14600 * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
14601 (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
14602 (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
14603 (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
14604 * g10/packet.h: here.
14605 * g10/cipher.h: Remove. Remove from all files.
14606 * g10/filter.h, g10/packet.h: Include dek.h.
14607 * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h.
14609 include: Remove this directory.
14610 * include/cipher.h: Move to ...
14611 * g10/cipher.h: here.
14612 * agent/gpg-agent.c: Adjust header file name.
14614 * include/host2net.h: Move to ...
14615 * common/host2net.h: here. Change license to LGPLv3/GPLv2. Adjust
14616 notices to reflect that only me worked on that file.
14618 * include/types.h: Remove.
14619 * common/types.h: Include inttypes.h. Add byte typedef and comments
14621 * common/iobuf.h: Adjust header file name.
14623 * include/_regex.h: Remove this unused file.
14625 * include/Makefile.am: Remove.
14626 * Makefile.am (SUBDIRS): Remove "include".
14627 * configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
14628 * include/ChangeLog-2011: Move to ...
14629 * common/ChangeLog-2011.include: here.
14630 * common/Makefile.am (EXTRA_DIST): Add file.
14632 * include/zlib-riscos.h: Move this repo only file to ...
14633 * g10/zlib-riscos.h: here.
14635 * include/: Remove.
14637 2014-01-17 Werner Koch <wk@gnupg.org>
14639 Remove unused u64 type definitions.
14640 * configure.ac: Remove check for uint64 and UINT64_C.
14641 * include/types.h: Remove u64 stuff.
14642 * common/types.h: Ditto.
14644 2014-01-16 NIIBE Yutaka <gniibe@fsij.org>
14646 agent: Not remove SSH socket when already running.
14647 * agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
14648 removal of the socket when it will die in create_server_socket for
14651 agent: Fix agent_is_eddsa_key.
14652 * agent/findkey.c (agent_is_eddsa_key): Implemented.
14654 2014-01-15 NIIBE Yutaka <gniibe@fsij.org>
14657 * common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
14658 (openpgp_oid_to_curve): Likewise.
14660 * g10/keygen.c (ask_curve): Add secp256k1.
14662 2014-01-10 Werner Koch <wk@gnupg.org>
14664 autogen.sh: Add rule for 64 bit windows.
14666 Turn autogen.sh into a generic script.
14667 * autogen.sh: Revamp.
14669 * Makefile.am (EXTRA_DIST): Add autogen.rc.
14671 Rename scripts/ to build-aux/
14672 * scripts/: Rename to build-aux/
14673 * Makefile.am: Adjust accordingly.
14674 * configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux.
14676 2014-01-09 Werner Koch <wk@gnupg.org>
14678 Improve the speedo make script.
14679 * scripts/gpg-w32-dev/README: Remove
14680 * scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
14682 * scripts/speedo.mk: this.
14684 gpgsplit: Allow building without zlib support.
14685 * tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
14686 (handle_zlib): Build only if HAVE_ZLIB is defined.
14687 (write_part): Support zlib and zip only if HAVE_ZLIB is defined.
14689 w32: Fix backslash quoting in registry name.
14690 * configure.ac (GNUPG_REGISTRY_DIR): Double backslashes.
14693 * configure.ac (HAVE_ZLIB): Define only if found.
14695 Add --enable-silent-rules stuff.
14696 * configure.ac: Add AM_SILENT_RULES.
14698 2014-01-08 Werner Koch <wk@gnupg.org>
14700 w32: Add macro for the registry key.
14701 * configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define.
14702 * common/homedir.c (default_homedir): Use it.
14703 * common/logging.c (do_logv): Use it.
14705 2013-12-11 Werner Koch <wk@gnupg.org>
14707 gpg: Change --show-session-key to print the session key earlier.
14708 * g10/cpr.c (write_status_strings): New.
14709 (write_status_text): Replace code by a call to write_status_strings.
14710 * g10/mainproc.c (proc_encrypted): Remove show_session_key code.
14711 * g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
14713 2013-12-05 Werner Koch <wk@gnupg.org>
14715 gpg: Change OID of Ed25519 and add Brainpool oids.
14716 * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
14717 Ed25519. Add brainpool OIDs.
14718 (openpgp_oid_to_curve): Ditto.
14720 2013-11-29 Werner Koch <wk@gnupg.org>
14722 common: Add put_membuf_printf.
14723 * common/membuf.c (put_membuf_printf): New.
14725 2013-11-27 Werner Koch <wk@gnupg.org>
14727 gpg: Change armor Version header to emit only the major version.
14728 * g10/options.h (opt): Rename field no_version to emit_version.
14729 * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version
14730 to bump up opt.emit_version.
14731 * g10/armor.c (armor_filter): Implement different --emit-version
14734 2013-11-18 Werner Koch <wk@gnupg.org>
14736 Make use of the *_NAME etc macros.
14737 Replace hardwired strings at many places with new macros from config.h
14738 and use the new strusage macro replacement feature.
14740 * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
14742 * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
14744 Add strusage macro replacement feature.
14745 * common/argparse.c (writechar): New.
14746 (writestrings): Add macro replacement feature.
14747 (show_help): Remove specialized @EMAIL@ replacement.
14748 * configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define.
14749 (GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define.
14750 (GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define.
14751 (GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define.
14752 (DIRMNGR_SOCK_NAME): Define.
14754 2013-11-15 Werner Koch <wk@gnupg.org>
14756 kbx: Implement update operation for OpenPGP keyblocks.
14757 * kbx/keybox-update.c (keybox_update_keyblock): Implement.
14758 * kbx/keybox-search.c (get_blob_flags): Move to ...
14759 * kbx/keybox-defs.h (blob_get_type): here.
14760 * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
14761 * g10/keydb.c (build_keyblock_image): Allow calling without
14763 (keydb_update_keyblock): Implement for keybox.
14765 * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
14766 size. Print "does not expire" also on 64 bit platforms.
14768 gpg: Rework ECC support and add experimental support for Ed25519.
14769 * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
14770 (agent_is_dsa_key): Ditto.
14771 (agent_is_eddsa_key): New. Not finished, though.
14772 * agent/pksign.c (do_encode_eddsa): New.
14773 (agent_pksign_do): Use gcry_log_debug functions.
14774 * agent/protect.c (agent_protect): Parse a flags parameter.
14775 * g10/keygen.c (gpg_curve_to_oid): Move to ...
14776 * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
14777 (oid_ed25519): New.
14778 (openpgp_oid_is_ed25519): New.
14779 (openpgp_oid_to_curve): New.
14780 * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
14781 * g10/build-packet.c (gpg_mpi_write): Write the length header also for
14783 (gpg_mpi_write_nohdr): New.
14784 (do_key): Use gpg_mpi_write_nohdr depending on algorithm.
14785 (do_pubkey_enc): Ditto.
14786 * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
14787 gpg_mpi_write_nohdr.
14788 * g10/export.c (transfer_format_to_openpgp):
14789 * g10/keygen.c (ecckey_from_sexp): Return the error.
14790 (gen_ecc): Repalce arg NBITS by CURVE.
14791 (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
14793 (generate_keypair, generate_subkeypair): Use ask_curve.
14794 (do_generate_keypair): Also pass curve name.
14795 * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
14797 * g10/parse-packet.c (mpi_read): Remove workaround for
14799 (parse_key): Fix ECC case. Print the curve name.
14800 * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
14801 (pk_verify, pk_check_secret_key): Add special case for Ed25519.
14802 * g10/seskey.c (encode_md_value): Ditto.
14803 * g10/sign.c (do_sign, hash_for, sign_file): Ditto.
14805 kbx: Fix possible segv in kbxdump.
14806 * kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.
14808 Require Libgcrypt 1.6.
14809 * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
14811 2013-11-13 NIIBE Yutaka <gniibe@fsij.org>
14813 scd: more pinpad input fix for PC/SC.
14814 * scd/apdu.c (check_pcsc_pinpad): Set default values here.
14815 (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
14816 values, as it's too late.
14818 2013-11-11 NIIBE Yutaka <gniibe@fsij.org>
14820 scd: more pinpad fix.
14821 * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
14822 those are specified.
14823 (pcsc_pinpad_modify): Remove old check code.
14825 2013-10-29 NIIBE Yutaka <gniibe@fsij.org>
14827 scd: pinpad fix for PC/SC on Windows.
14828 * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
14830 2013-10-28 Werner Koch <wk@gnupg.org>
14832 doc: Change yat2m to allow arbitrary condition names.
14833 * doc/yat2m.c (MAX_CONDITION_NESTING): New.
14834 (gpgone_defined): Remove.
14835 (condition_s, condition_stack, condition_stack_idx): New.
14836 (cond_is_active, cond_in_verbatim): New.
14837 (add_predefined_macro, set_macro, macro_set_p): New.
14838 (evaluate_conditions, push_condition, pop_condition): New.
14839 (parse_file): Rewrite to use the condition stack.
14840 (top_parse_file): Set prefined macros.
14841 (main): Change -D to define arbitrary macros.
14843 2013-10-25 NIIBE Yutaka <gniibe@fsij.org>
14845 scd: fix pinpad input on Windows.
14846 * scd/apdu.c (open_pcsc_reader_direct): Don't call
14847 pcsc_vendor_specific_init here, but...
14848 (connect_pcsc_card): Call it here.
14850 2013-10-23 NIIBE Yutaka <gniibe@fsij.org>
14852 po: Update Japanese translation.
14854 2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
14856 scd: add pinpad readers information for PC/SC service.
14857 * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
14858 ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
14861 2013-10-15 NIIBE Yutaka <gniibe@fsij.org>
14863 scd: remove pin length check.
14864 * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
14867 2013-10-04 Werner Koch <wk@gnupg.org>
14869 gpg: Limit the nesting level of I/O filters.
14870 * common/iobuf.c (MAX_NESTING_FILTER): New.
14871 (iobuf_push_filter2): Limit the nesting level.
14873 * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
14874 and ANY_SIG_SIGN to bit fields of ANY. Add bit field
14876 (proc_compressed): Avoid printing multiple Bad Data messages.
14877 (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
14879 2013-10-02 Werner Koch <wk@gnupg.org>
14881 gpg: Fix bug with deeply nested compressed packets.
14882 * g10/mainproc.c (MAX_NESTING_DEPTH): New.
14883 (proc_compressed): Return an error code.
14884 (check_nesting): New.
14885 (do_proc_packets): Check packet nesting depth. Handle errors from
14888 2013-09-08 Werner Koch <wk@gnupg.org>
14890 Switch to deterministic DSA.
14891 * agent/pksign.c (rfc6979_hash_algo_string): New.
14892 (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
14894 2013-08-30 Werner Koch <wk@gnupg.org>
14896 scd: Suppress gcc warning about possible uninitialized use.
14897 * scd/app-nks.c (parse_pwidstr): Always init r_pwid.
14899 gpg: Use 2048 as the default keysize in batch mode.
14900 * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
14903 gpgtar: Fix building for systems with a separate libintl.
14904 * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV.
14906 scd: Use vendor and product id macros also in apdu.c.
14907 * scd/ccid-driver.c: Move vendor and product ids to ...
14908 * scd/ccid-driver.h: here.
14909 * scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
14910 (pcsc_vendor_specific_init): Use vendor and product id macros.
14912 2013-08-30 NIIBE Yutaka <gniibe@fsij.org>
14914 scd: PC/SC pinpad input improvement.
14915 * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
14916 PINPAD_VERLEN_SUPPORTED.
14917 (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
14918 PCSCv2_PART10_PROPERTY_*): New.
14919 (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
14920 (pcsc_vendor_specific_init): New.
14921 (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
14922 pcsc_vendor_specific_init.
14923 (check_pcsc_pinpad): Not detect here but use the result of
14924 pcsc_vendor_specific_init.
14925 (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.
14927 2013-08-29 Jonas Borgström <jonas@borgstrom.se>
14929 scd: add support for RSA_CRT and RSA_CRT_N key import.
14930 * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
14932 2013-08-29 Werner Koch <wk@gnupg.org>
14934 kbx: Add a few macros for easier readability.
14935 * kbx/keybox-update.c (FILECOPY_INSERT)
14936 (FILECOPY_DELETE, FILECOPY_UPDATE): New macros. Replace numbers by
14939 2013-08-28 Werner Koch <wk@gnupg.org>
14941 Fix commit 04e2c83f.
14942 * agent/command-ssh.c (stream_read_string): Do not assign to a NULL
14945 gpg: Make decryption with the OpenPGP card work.
14946 * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
14947 * scd/app-openpgp.c (do_decipher): Add arg R_INFO.
14948 * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
14949 * scd/app.c (app_decipher): Add arg R_INFO.
14950 * scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
14951 * agent/call-scd.c (padding_info_cb): New.
14952 (agent_card_pkdecrypt): Add arg R_PADDING.
14953 * agent/divert-scd.c (divert_pkdecrypt): Ditto.
14954 * agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
14955 * agent/command.c (cmd_pkdecrypt): Print status line "PADDING".
14956 * g10/call-agent.c (padding_info_cb): New.
14957 (agent_pkdecrypt): Add arg R_PADDING.
14958 * g10/pubkey-enc.c (get_it): Use padding info.
14960 agent: Fix two compiler warnings.
14961 * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
14963 * scd/ccid-driver.c (ccid_get_atr): Ditto.
14964 * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
14965 avoid maybe_unitialized warning.
14967 2013-08-27 NIIBE Yutaka <gniibe@fsij.org>
14969 scd: fix parsing login-data DO.
14970 * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing.
14972 scd: fix Vega for Alpha reader.
14973 * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
14974 and size of command.
14976 2013-08-21 Werner Koch <wk@gnupg.org>
14978 scd: Make SPRx32 pinpad work with PC/SC on Windows.
14979 * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
14980 (SCARD_CTL_CODE): Define if not defined.
14981 (reader_table_s): Add is_spr532.
14982 (new_reader_slot): Clear it.
14983 (check_pcsc_pinpad): Set it.
14984 (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
14986 scd: Improve --enable-pinpad-varlen.
14987 * tools/gpgconf-comp.c (gc_options_scdaemon): Add
14988 enable-pinpad-varlen.
14989 * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.
14991 2013-08-08 Werner Koch <wk@gnupg.org>
14993 agent: Extend cmd KEYINFO to return data from sshcontrol.
14994 * agent/command-ssh.c (struct control_file_s): Rename to
14995 ssh_control_file_s.
14996 (ssh_open_control_file, ssh_close_control_file)
14997 (ssh_read_control_file, ssh_search_control_file): New.
14998 (control_file_t): Rename and move to ...
14999 * agent/agent.h (ssh_control_file_t): here.
15000 * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
15001 and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend
15003 (cmd_keyinfo): Add options --ssh-list and --with-ssh.
15005 2013-08-02 Werner Koch <wk@gnupg.org>
15007 gpg: No need to create a trustdb when encrypting with --always-trust.
15008 * g10/gpg.c (main): Special case setup_trustdb for --encrypt.
15010 2013-08-01 Werner Koch <wk@gnupg.org>
15012 w32: Fix recent patch 9ff72e4.
15013 * common/homedir.c (check_portable_app): Fix the name of the control
15016 agent: Include missing prototype.
15017 * agent/protect.c: Include cvt-openpgp.h.
15019 w32: Add code to support a portable use of GnuPG.
15020 * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
15021 (check_portable_app) [W32]: New.
15022 (standard_homedir, default_homedir) [W32]: Support the portable flag.
15023 (w32_rootdir, w32_commondir) [W32]: Ditto.
15024 (gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
15025 * common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
15026 * common/logging.c (no_registry): New variable.
15027 (log_set_prefix, log_get_prefix): Set/get that variable.
15028 (do_logv): Do not check the registry if that variable is set.
15030 Silence compiler warning about deprecated Libgcrypt symbols.
15031 * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
15033 dirmngr: Define missing LDAP constant.
15034 * dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.
15036 scd: Fix a syntax error for Apple and Windows.
15037 * scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.
15039 common: Fix a build error when using adns.
15040 * common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
15042 2013-07-31 Werner Koch <wk@gnupg.org>
15044 common: Comment out unused code.
15045 * common/w32-reg.c (write_w32_registry_string): Comment out.
15047 dirmngr: Remove unused file.
15048 * dirmngr/get-path.c: Remove.
15050 2013-06-27 Werner Koch <wk@gnupg.org>
15052 sm: Remove cruft from source files.
15053 * sm/keydb.c, sm/keydb.h: Remove disabled code parts.
15055 Prepare for newer automake versions.
15056 * configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
15057 option form. Add options from the top Makefile.
15058 (AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
15059 * Makefile.am (AUTOMAKE_OPTIONS): Remove.
15061 * kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some
15062 AM_CPPFLAGS options to AM_CFLAGS.
15064 2013-06-26 Werner Koch <wk@gnupg.org>
15066 Fix Makefile regression.
15067 * agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
15068 resolve conflict 2013-04-25.
15069 (gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
15070 (gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
15072 2013-05-22 Werner Koch <wk@gnupg.org>
15074 Implement unattended OpenPGP secret key import.
15075 * agent/command.c (cmd_import_key): Add option --unattended.
15076 * agent/cvt-openpgp.c (convert_transfer_key): New.
15077 (do_unprotect): Factor some code out to ...
15078 (prepare_unprotect): new function.
15079 (convert_from_openpgp): Factor all code out to ...
15080 (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement
15081 openpgp-native protection modes.
15082 (convert_from_openpgp_native): New.
15083 * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
15084 * agent/protect-tool.c (convert_from_openpgp_native): Ditto.
15085 * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all
15086 callers. Support openpgp-native protection.
15087 * g10/call-agent.c (agent_import_key): Add arg 'unattended'.
15088 * g10/import.c (transfer_secret_keys): Use unattended in batch mode.
15090 New debug functions log_printcanon and log_printsexp.
15091 * common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
15092 (log_printcanon, log_printsexp): New.
15094 agent: Fix length detection of canonical formatted openpgp keys.
15095 * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
15096 gcry_sexp_canon_len.
15098 agent: New option --disable-check-own-socket.
15099 * agent/gpg-agent.c (oDisableCheckOwnSocket): New.
15100 (disable_check_own_socket): New.
15101 (parse_rereadable_options): Set new option.
15102 (check_own_socket): Implement new option.
15104 2013-05-07 Werner Koch <wk@gnupg.org>
15106 w32: Add icons and version information.
15107 * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
15108 * agent/gpg-agent-w32info.rc: New.
15109 * g10/gpg-w32info.rc: New.
15110 * scd/scdaemon-w32info.rc: New.
15111 * sm/gpgsm-w32info.rc: New.
15112 * tools/gpg-connect-agent-w32info.rc: New.
15113 * common/w32info-rc.h.in: New.
15114 * configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
15115 (BUILD_HOSTNAME): New.
15116 (AC_CONFIG_FILES): Add w32info-rc.h.
15117 * am/cmacros.am (.rc.o): New rule.
15118 * agent/Makefile.am, common/Makefile.am, g10/Makefile.am
15119 * scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
15120 build resource files.
15122 2013-05-07 Ian Abbott <abbotti@mev.co.uk>
15124 doc: fix some Texinfo warnings.
15125 * doc/gpg.texi: Fix syntax and add missing menu entries.
15126 * doc/gpgsm.texi: Fix subsectioning.
15128 2013-04-22 Werner Koch <wk@gnupg.org>
15130 Fix potential heap corruption in "gpg -v --version".
15131 * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
15134 2013-04-19 Werner Koch <wk@gnupg.org>
15136 gpgsm: Remove non-implemented commands from --help.
15137 * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
15138 --send-keys, and --recv-keys.
15140 2013-04-19 Daiki Ueno <ueno@gnu.org>
15142 Make sure to call fflush if estream_t is backed with stdio.
15143 * common/estream.c (es_func_fp_write): Call fflush after fwrite.
15145 2013-04-19 Werner Koch <wk@gnupg.org>
15147 doc: Formatting fixes.
15148 * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
15149 * doc/gpg.texi: Fix cross reference for --options.
15150 * doc/gpgsm.texi: Likewise.
15151 * doc/gpl.texi: Fix enumerate and re-indent examples.
15153 2013-04-01 NIIBE Yutaka <gniibe@fsij.org>
15155 scd: move SCDaemon to libexecdir.
15156 * common/homedir.c (gnupg_module_name): It's now libexecdir.
15157 * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
15158 (bin_PROGRAMS): Remove scdaemon.
15160 2013-03-29 Werner Koch <wk@gnupg.org>
15162 copyright assignments are not anymore required.
15164 2013-03-26 NIIBE Yutaka <gniibe@fsij.org>
15166 scd: PC/SC status fix.
15167 * scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
15168 PCSC_STATE_PRESENT.
15170 * scd/pcsc-wrapper.c (handle_status): Ditto.
15172 scd: PC/SC cleanup (more).
15173 * scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
15174 (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
15177 scd: call update_card_removed only when detecting removal.
15178 * scd/command.c (update_reader_status_file): Add condition
15181 2013-03-22 NIIBE Yutaka <gniibe@fsij.org>
15183 scd: PC/SC cleanup.
15184 * scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
15185 when a word was 16-bit.
15186 (struct reader_table_s): Fixes for types.
15187 (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
15188 Throughout: Fixes for types.
15190 * scd/pcsc-wrapper.c: Likewise.
15192 2013-03-21 NIIBE Yutaka <gniibe@fsij.org>
15195 * po/LINGUAS: Enable ja.po.
15197 scd: change default value of pinpad maxlen.
15198 * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
15199 of maxlen for pinpad input is now 15 (was: 25).
15201 * scd/ccid-driver.c (ccid_transceive_secure): Likewise.
15203 2013-03-20 Werner Koch <wk@gnupg.org>
15205 Add code to allow for late memory cleanup.
15206 * common/init.c (mem_cleanup_item_t): New.
15207 (run_mem_cleanup): New.
15208 (_init_common_subsystems): Add an atexit for it.
15209 (register_mem_cleanup_func): New.
15211 * g10/kbnode.c (cleanup_registered): New.
15212 (release_unused_nodes): New.
15213 (alloc_node): Call register_mem_cleanup_func.
15215 kbx: Remove unused macro.
15216 * kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro.
15218 2013-03-19 Werner Koch <wk@gnupg.org>
15220 gpg: Print indicator for unknown key capability.
15221 * g10/keylist.c (print_capabilities): Print '?' for unknown usage.
15223 2013-03-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
15225 gpg: Allow setting of all zero key flags.
15226 * g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
15228 2013-03-19 Werner Koch <wk@gnupg.org>
15230 gpg: Distinguish between missing and cleared key flags.
15231 * include/cipher.h (PUBKEY_USAGE_NONE): New.
15232 * g10/getkey.c (parse_key_usage): Set new flag.
15234 2013-03-15 NIIBE Yutaka <gniibe@fsij.org>
15236 scd: ccid-driver supporting larger APDU.
15237 * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
15240 scd: fix missing close paren.
15241 * scd/app-openpgp.c (du_auth): Fix.
15243 2013-03-09 NIIBE Yutaka <gniibe@fsij.org>
15245 scd: support ECDSA signing.
15246 * scd/app-openpgp.c (do_sign): Only prepend message digest block
15247 for RSA or do_auth.
15248 (do_auth): Remove message digest block for ECDSA.
15250 2013-03-08 NIIBE Yutaka <gniibe@fsij.org>
15252 scd: support ECDSA public key.
15253 * scd/app-openpgp.c (key_type_t): New.
15254 (CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
15255 (struct app_local_s): Change keyattr to have key_type and union.
15256 (get_ecc_key_parameters, get_curve_name): New.
15257 (send_key_attr, get_public_key): Support ECDSA.
15258 (build_privkey_template, do_writekey, do_genkey): Follow the change
15259 of the member KEY_ATTR.
15260 (parse_historical): New.
15261 (parse_algorithm_attribute): Support ECDSA.
15263 2013-03-05 Werner Koch <wk@gnupg.org>
15265 Require libgpg-error 1.11.
15266 * configure.ac: Require libgpg-error 1.11.
15267 * common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
15268 (GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.
15270 2013-02-28 NIIBE Yutaka <gniibe@fsij.org>
15272 agent: pksign result conversion to sexp to upper layer.
15273 * agent/agent.h (divert_pksign): Add R_SIGLEN argument.
15274 * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
15275 * agent/call-scd.c (agent_card_pksign): Move composition of
15277 * agent/pksign.c (agent_pksign_do): ... here.
15279 2013-02-22 Werner Koch <wk@gnupg.org>
15281 Use has_leading_keyword in the assuan callbacks.
15282 * agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
15283 * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
15284 * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
15285 (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
15286 * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
15287 * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
15288 (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
15289 (keyinfo_status_cb, inq_import_key_parms): Ditto.
15290 * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
15291 (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
15293 Remove some unused variables.
15294 * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
15296 * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
15297 * g13/g13.c (main): Comment variable of yet unimplemented options.
15299 gpg: Fix a memory leak in batch key generation.
15300 * g10/keygen.c (append_to_parameter): New.
15301 (proc_parameter_file): Use new func to extend the parameter list.
15303 * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
15304 gcry_kdf_derive failed.
15305 * g10/keygen.c (proc_parameter_file): Print a diagnostic if
15306 passphrase_to_dek failed.
15308 gpg: Handle the agent's NEW_PASSPHRASE inquiry.
15309 * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
15311 common: Add func has_leading_keyword.
15312 * common/stringhelp.c (has_leading_keyword): New.
15314 Remove build hacks for FreeBSD.
15315 * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
15318 2013-02-22 NIIBE Yutaka <gniibe@fsij.org>
15320 agent: fix two bugs.
15321 * agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
15322 * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.
15324 gpg: fix keytocard and support ECC card for key attribute.
15325 * g10/call-agent.c (agent_keytocard): Supply PARM arg.
15326 * g10/card-util.c (card_status): Support ECC.
15327 (card_store_subkey): Don't assume RSA.
15329 2013-02-21 Werner Koch <wk@gnupg.org>
15331 gpg: Fix a memory leak in batch key generation.
15332 * g10/keygen.c (append_to_parameter): New.
15333 (proc_parameter_file): Use new func to extend the parameter list.
15335 * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
15336 gcry_kdf_derive failed.
15337 * g10/keygen.c (proc_parameter_file): Print a diagnostic if
15338 passphrase_to_dek failed.
15340 gpg: Handle the agent's NEW_PASSPHRASE inquiry.
15341 * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
15343 common: Add func has_leading_keyword.
15344 * common/stringhelp.c (has_leading_keyword): New.
15346 2013-02-20 Werner Koch <wk@gnupg.org>
15348 Remove build hacks for FreeBSD.
15349 * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
15352 2013-02-12 NIIBE Yutaka <gniibe@fsij.org>
15354 gpg: Implement card_store_subkey again.
15355 * g10/call-agent.h (agent_keytocard): New.
15356 * g10/call-agent.c (agent_keytocard): New.
15357 * g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
15358 (card_generate_subkey): Check return value of replace_existing_key_p.
15359 (card_store_subkey): Implement again using agent_keytocard.
15361 agent: Add KEYTOCARD command.
15362 * agent/agent.h (divert_writekey, agent_card_writekey): New.
15363 * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
15364 * agent/command.c (cmd_keytocard, hlp_keytocard): New.
15365 (register_commands): Add cmd_keytocard.
15366 * agent/divert-scd.c (divert_writekey): New.
15368 Japanese: update po and doc.
15369 * doc/help.ja.txt, po/ja.po: Updated.
15371 2013-02-08 NIIBE Yutaka <gniibe@fsij.org>
15373 scd: Rename 'keypad' to 'pinpad'.
15374 * NEWS: Mention scd changes.
15376 * agent/divert-scd.c (getpin_cb): Change message.
15378 * agent/call-scd.c (inq_needpin): Change the protocol to
15379 POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
15380 * scd/command.c (pin_cb): Likewise.
15382 * scd/apdu.c (struct reader_table_s): Rename member functions.
15383 (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
15384 check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
15385 apdu_pinpad_verify, apdu_pinpad_modify): Rename.
15387 * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
15388 (apdu_pinpad_verify, apdu_pinpad_modify): Rename.
15390 * scd/iso7816.h (iso7816_check_pinpad): Rename.
15392 * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
15393 (iso7816_check_pinpad): Rename.
15394 (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
15397 * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
15398 * scd/ccid-driver.c (ccid_transceive_secure): Use it.
15400 * scd/app-dinsig.c (verify_pin): Follow the change.
15401 * scd/app-nks.c (verify_pin): Follow the change.
15403 * scd/app-openpgp.c (check_pinpad_request): Rename.
15404 (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
15407 * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
15409 * scd/scdaemon.h (opt): Rename to disable_pinpad,
15410 enable_pinpad_varlen.
15412 * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
15415 2013-02-07 Werner Koch <wk@gnupg.org>
15417 gpg: Add pinentry-mode feature.
15418 * g10/gpg.c: Include shareddefs.h.
15419 (main): Add option --pinentry-mode.
15420 * g10/options.h (struct opt): Add field pinentry_mode.
15421 * g10/passphrase.c: Include shareddefs.h.
15422 (have_static_passphrase): Take care of loopback pinentry_mode.
15423 (read_passphrase_from_fd): Ditto.
15424 (get_static_passphrase): New.
15425 (passphrase_to_dek_ext): Factor some code out to ...
15426 (emit_status_need_passphrase): new.
15427 * g10/call-agent.c (start_agent): Send the pinentry mode.
15428 (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
15430 (agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
15431 (agent_pkdecrypt): Ditto.
15432 * g10/pubkey-enc.c (get_it): Pass new args.
15433 * g10/sign.c (do_sign): Pass new args.
15435 * g10/call-agent.c (struct default_inq_parm_s): New. Change all
15436 similar structs to reference this one. Change all users and inquire
15437 callback to use this struct, instead of NULL or some undefined but not
15438 used structs. This change will help to eventually get rid of global
15441 2013-02-06 Werner Koch <wk@gnupg.org>
15443 agent: Move a typedef to common and provide parse_pinentry_mode.
15444 * common/agent-opt.c: New.
15445 * common/shareddefs.h: New.
15446 * common/Makefile.am: Add new files.
15447 * agent/agent.h: Include shareddefs.h.
15448 (pinentry_mode_t): Factor out to shareddefs.h.
15449 * agent/command.c (option_handler): Use parse_pinentry_mode.
15451 agent: Return a better error code if no passphrase was given.
15452 * agent/protect.c (hash_passphrase): Handle an empty passphrase.
15454 2013-02-05 NIIBE Yutaka <gniibe@fsij.org>
15456 scd: Fix check_keypad_request.
15457 * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
15459 SCD: Add vendor specific initalization.
15460 * scd/ccid-driver.c (ccid_vendor_specific_init): New.
15461 (ccid_open_reader): Call ccid_vendor_specific_init.
15463 SCD: Support P=N format for login data.
15464 * scd/app-openpgp.c (parse_login_data): Support P=N format.
15466 SCD: Better interoperability.
15467 * scd/apdu.c: Fill bTeoPrologue[2] field.
15469 SCD: Defaults to use pinpad if the reader has the capability.
15470 * scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
15471 (parse_login_data): "P=0" means to disable pinpad.
15472 (check_keypad_request): Default is to use pinpad if available.
15474 SCD: handle keypad request on the card.
15475 * scd/app-openpgp.c: Add 2013.
15476 (struct app_local_s): Add keypad structure.
15477 (parse_login_data): Add parsing keypad request on the card.
15478 (check_keypad_request): New.
15479 (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
15480 to determine use of keypad.
15482 SCD: Minor fix of ccid-driver.
15483 * scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
15485 SCD: Add support of Covadis VEGA_ALPHA reader.
15486 * scd/ccid-driver.c: Add 2013.
15487 (VENDER_VEGA, VEGA_ALPHA):New.
15488 (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
15489 Change bNumberMessage to 0x01, as it works better (was: 0xff).
15491 SCD: Support fixed length PIN input for keypad (PC/SC).
15492 * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
15494 (pcsc_keypad_modify): Likewise.
15495 * scd/ccid-driver.c (ccid_transceive_secure): Clean up.
15497 SCD: Support fixed length PIN input for keypad.
15498 * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
15499 * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
15500 * scd/app-nks.c (verify_pin): Likewise.
15501 * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
15503 * scd/apdu.c (check_pcsc_keypad): Add comment.
15504 (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
15505 readers with the feature of variable length input (yet).
15506 (apdu_check_keypad): Set FIXEDLEN.
15507 * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
15509 Support fixed length PIN input for keypad.
15511 SCD: API cleanup for keypad handling.
15512 * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
15513 Change meaning of MODE.
15514 (pininfo_t): Rename from iso7816_pininfo_t.
15515 * scd/sc-copykeys.c: Include "iso7816.h".
15516 * scd/scdaemon.c, scd/command.c: Likewise.
15517 * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
15518 (ccid_transceive_secure): Follow the change of PININFO_T.
15519 * scd/app.c: Include "apdu.h" after "iso7816.h".
15520 * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
15521 (iso7816_change_reference_data_kp): Follow the change of API.
15522 * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
15523 KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
15524 (check_pcsc_keypad, check_ccid_keypad): Likewise.
15525 (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
15526 (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
15527 (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
15528 (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
15529 (send_le): Follow the change of API.
15530 * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
15531 (apdu_keypad_modify): Change the API.
15532 * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
15535 SCD: Clean up. Remove PADLEN for keypad input.
15536 * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
15537 (struct reader_table_s): Remove last arg from check_keypad method.
15538 (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
15539 (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
15540 (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
15541 (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
15544 * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
15545 (apdu_keypad_modify): Remove PIN_PADLEN.
15547 * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.
15549 * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.
15551 * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
15552 (iso7816_change_reference_data_kp): Remove PADLEN.
15554 * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
15556 SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
15557 * scd/scdaemon.h (opt): Add enable_keypad_varlen.
15558 * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
15559 (opts, main): Add oEnableKeypadVarlen.
15560 * scd/ccid-driver.c (GEMPC_PINPAD): New.
15561 (ccid_transceive_secure): Add enable_varlen handling.
15562 Enable GEMPC_PINPAD.
15564 2013-01-30 Werner Koch <wk@gnupg.org>
15566 Remove unused status codes.
15567 * common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
15568 (STATUS_SIEXPIRED): Remove unused codes.
15570 gpg: Add status line PINENTRY_LAUNCHED.
15571 * common/status.h (STATUS_PINENTRY_LAUNCHED): New.
15572 * g10/server.c (server_local_s): Add field allow_pinentry_notify.
15573 (option_handler): Add option "allow-pinentry-notify".
15574 (gpg_proxy_pinentry_notify): New.
15575 * g10/call-agent.c (default_inq_cb): Factor code out to the new
15578 2013-01-25 NIIBE Yutaka <gniibe@fsij.org>
15580 agent: Fix a bug of handling return code from npth_join.
15581 * agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
15584 2013-01-11 Christian Aistleitner <christian@quelltextlich.at>
15586 gpg: Fix honoring --cert-digest-algo when recreating a cert.
15587 * g10/sign.c (update_keysig_packet): Override original signature's
15588 digest algo in hashed data and for hash computation.
15590 2013-01-11 Werner Koch <wk@gnupg.org>
15592 Fix spurious cruft from configure summary output.
15593 * configure.ac (build_scdaemon_extra): Remove $tmp cruft.
15595 2013-01-11 NIIBE Yutaka <gniibe@fsij.org>
15597 SCD: Hold lock for pinpad input.
15598 * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
15599 (apdu_keypad_modify): Hold lock to serialize communication.
15601 2013-01-08 Werner Koch <wk@gnupg.org>
15603 kbx: Switch from MD5 to SHA-1 for the checksum.
15604 * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
15605 (create_blob_finish): Write just the needed space.
15606 (create_blob_finish): Switch to SHA-1.
15607 * kbx/keybox-dump.c (print_checksum): New.
15608 (_keybox_dump_blob): Print the checksum and the verification status.
15610 gpg: Cache keybox searches.
15611 * common/iobuf.c (iobuf_seek): Fix for temp streams.
15612 * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
15613 * g10/keydb.c (dump_search_desc): New.
15614 (enum_keyblock_states, struct keyblock_cache): New.
15615 (keyblock_cache_clear): New.
15616 (keydb_get_keyblock, keydb_search): Implement a keyblock cache.
15617 (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
15618 (keydb_rebuild_caches, keydb_search_reset): Clear the cache.
15620 Make log_clock easier to read.
15621 * common/logging.c (log_clock): Print in microseconds.
15623 gpg: Remove a function wrapper.
15624 * g10/keydb.h (keydb_search): Remove macro.
15625 * g10/keydb.c (keydb_search2): Rename to keydb_search. Change all
15628 2013-01-08 NIIBE Yutaka <gniibe@fsij.org>
15630 SCD: Support not-so-smart card readers.
15631 * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
15632 auto_param, and auto_pps.
15633 (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
15634 Support non-autoconf readers.
15635 (update_param_by_atr): New.
15636 (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
15637 Use 0x10 when nonnull_nad for SetParameters.
15638 Call update_param_by_atr for parsing ATR, and use param for
15640 Send PPS if reader requires it and card is negotiable.
15641 When bNadValue in the return values of SetParameters == 0,
15642 clear handle->nonnull_nad flag.
15644 2013-01-07 Werner Koch <wk@gnupg.org>
15646 gpg: Set the node flags while retrieving a keyblock.
15647 * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and
15648 set the note flags accordingly.
15649 (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image.
15650 * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part)
15651 (blob_cmp_name, blob_cmp_mail): Return the key/user number.
15652 (keybox_search): Set the key and user number into the found struct.
15653 (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from
15656 New function log_clock.
15657 * common/logging.c (log_clock): New.
15658 * g10/gpg.c (set_debug): Print clock debug flag.
15659 * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
15661 gpg: Allow searching for user ids in a keybox.
15662 * kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP
15663 use. Change callers.
15664 (blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP.
15666 (has_subject_or_alt): Rename to has_username.
15667 (has_username): Allow blobtype PGP.
15670 gpg: Allow generation of more than 4096 keys in one run.
15671 * g10/getkey.c (cache_public_key): Make room in the cache if needed.
15673 2013-01-07 NIIBE Yutaka <gniibe@fsij.org>
15675 Update Japanese Translation.
15676 * po/ja.po: Fix wrong translations for designated revocation.
15677 Reported by Hideki Saito.
15682 2013-01-05 NIIBE Yutaka <gniibe@fsij.org>
15684 Update Japanese Translation.
15685 * po/ja.po: Fix fuzzy translations.
15687 2013-01-03 NIIBE Yutaka <gniibe@fsij.org>
15689 Update Japanese Translation.
15690 * po/ja.po: Update with POT.
15692 Update Japanese Translation.
15693 * po/ja.po: Start from the new one of 2.0.
15695 2012-12-28 Werner Koch <wk@gnupg.org>
15697 gpg: Add signature cache support to the keybox.
15698 * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS.
15699 (keydb_get_keyblock): Handle it.
15700 (build_keyblock_image): Add arg SIGSTATUS.
15701 (keydb_insert_keyblock): Handle it.
15702 * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS.
15703 (_keybox_create_openpgp_blob): Ditto.
15704 * kbx/kbxutil.c (import_openpgp): Adjust for above change.
15705 * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New.
15706 * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag.
15707 (keybox_get_keyblock): Add arg R_SIGSTATUS.
15708 * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS.
15710 kbxutil: Improve format of the Sig-Expire lines.
15711 * kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp.
15713 gpg: First working support for keyboxes.
15714 * g10/getkey.c (get_pubkey_fast): Improve the assertion.
15715 * kbx/keybox.h: Include iobuf.h.
15716 * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF.
15717 (KEYBOX_WITH_OPENPGP): Remove use of this macro.
15718 (pgp_create_key_part_single): New.
15719 (pgp_temp_store_kid): Change to use the keybox-openpgp parser.
15720 (pgp_create_key_part): Ditto.
15721 (pgp_create_uid_part): Ditto.
15722 (pgp_create_sig_part): Ditto.
15723 (pgp_create_blob_keyblock): Ditto.
15724 (_keybox_create_openpgp_blob): Ditto.
15725 * kbx/keybox-search.c (keybox_get_keyblock): New.
15726 * kbx/keybox-update.c (keybox_insert_keyblock): New.
15727 * g10/keydb.c (parse_keyblock_image):
15728 (keydb_get_keyblock): Support keybox.
15729 (build_keyblock_image): New.
15730 (keydb_insert_keyblock): Support keybox.
15732 * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print
15733 a kbx file to stdout.
15735 * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6
15738 kbxutil: Print algo number and fold similar lines.
15739 * kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO.
15740 * kbx/keybox-openpgp.c (parse_key): Store algo.
15741 * kbx/kbxutil.c (dump_openpgp_key): Print algo number.
15742 * kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire
15743 value lines with a range of indices.
15745 2012-12-27 Werner Koch <wk@gnupg.org>
15747 gpg: First patches to support a keybox storage backend.
15748 * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to ..
15749 * kbx/keybox.h: here.
15750 * kbx/keybox-init.c (keybox_lock): Add dummy function
15751 * g10/keydb.c: Include keybox.h.
15752 (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX.
15753 (struct resource_item): Add field kb.
15754 (maybe_create_keyring_or_box): Add error descriptions to diagnostics.
15755 Add arg IS_BOX. Write a header for a new keybox file.
15756 (keydb_add_resource): No more need for the force flag. Rename the
15757 local variable "force" to "create". Add URL scheme "gnupg-kbx". Add
15758 magic test to detect a keybox file. Add basic support for keybox.
15759 (keydb_new, keydb_get_resource_name, keydb_delete_keyblock)
15760 (keydb_locate_writable, keydb_search_reset, keydb_search2): Add
15761 support for keybox.
15762 (lock_all, unlock_all): Ditto.
15763 * g10/Makefile.am (needed_libs): Add libkeybox.a.
15764 (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround.
15766 * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY)
15767 KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New.
15768 * g10/gpg.c, g10/gpgv.c (main): Use new constants.
15770 2012-12-20 Werner Koch <wk@gnupg.org>
15772 gpg: Import only packets which are allowed in a keyblock.
15773 * g10/import.c (valid_keyblock_packet): New.
15774 (read_block): Store only valid packets.
15776 2012-12-19 Werner Koch <wk@gnupg.org>
15778 gpg: Make commit 2b3cb2ee actually work.
15779 * g10/sign.c (update_keysig_packet): Use digest_algo.
15781 (cherry-picked from commit d23ec86095714d388acac14b515445fe69f019e9)
15783 gpg: Suppress "public key already present" in quiet mode.
15784 * g10/pkclist.c (find_and_check_key, build_pk_list): Print a
15785 diagnostic only in non-quiet mode.
15787 2012-12-18 Werner Koch <wk@gnupg.org>
15789 common: Add meta option ignore-invalid-option.
15790 * common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
15791 (initialize): Init field IIO_LIST.
15792 (ignore_invalid_option_p): New.
15793 (ignore_invalid_option_add): New.
15794 (ignore_invalid_option_clear): New.
15795 (optfile_parse): Implement meta option.
15797 2012-12-13 Werner Koch <wk@gnupg.org>
15798 Hans of Guardian <hans@guardianproject.info>
15800 utf8conv.c: Add hacks for Android.
15801 * common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h.
15802 (iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New
15804 (set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8".
15805 (jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32.
15806 (jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto.
15807 (jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto.
15809 2012-12-13 NIIBE Yutaka <gniibe@fsij.org>
15811 SCD: Fix the process of writing key or generating key.
15812 * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
15814 2012-12-12 Werner Koch <wk@gnupg.org>
15816 ssh: Support ECDSA keys.
15817 * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
15818 (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
15819 (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
15820 (ssh_signature_encoder_t): Add arg spec and adjust all callers.
15821 (ssh_signature_encoder_ecdsa): New.
15822 (sexp_key_construct, sexp_key_extract, ssh_receive_key)
15823 (ssh_convert_key_to_blob): Support ecdsa.
15824 (ssh_identifier_from_curve_name): New.
15825 (ssh_send_key_public): Retrieve and pass the curve_name.
15826 (key_secret_to_public): Ditto.
15827 (data_sign): Add arg SPEC and change callers to pass it.
15828 (ssh_handler_sign_request): Get the hash algo from SPEC.
15829 * common/ssh-utils.c (get_fingerprint): Support ecdsa.
15831 * agent/protect.c (protect_info): Add flag ECC_HACK.
15832 (agent_protect): Allow the use of the "curve" parameter.
15833 * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
15835 * agent/command-ssh.c (ssh_key_grip): Print a better error code.
15837 2012-12-11 Werner Koch <wk@gnupg.org>
15839 ssh: Rewrite a function for better maintainability.
15840 * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
15842 2012-12-10 Werner Koch <wk@gnupg.org>
15844 ssh: Improve key lookup for many keys.
15845 * agent/command-ssh.c: Remove dirent.h.
15846 (control_file_s): Add struct item.
15847 (rewind_control_file): New.
15848 (search_control_file): Factor code out to ...
15849 (read_control_file_item): New.
15850 (ssh_handler_request_identities): Change to iterate over entries in
15853 ssh: Cleanup sshcontrol file access code.
15854 * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
15855 the direct use of the string.
15856 (struct control_file_s, control_file_t): New.
15857 (open_control_file, close_control_file): New. Use them instead of
15858 using fopen/fclose directly.
15860 agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
15861 * agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
15862 an invoked process.
15864 config: Update npth.m4.
15865 * m4/npth.m4: Take from current npth master.
15867 2012-12-04 NIIBE Yutaka <gniibe@fsij.org>
15869 Revert SCD changes of 2010-05-03.
15870 * scd/apdu.c (pcsc_no_service): Remove.
15871 (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
15872 pcsc_no_service support.
15873 (apdu_open_reader): Remove R_NO_SERVICE.
15874 * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
15875 * scd/command.c (reader_disabled): Remove.
15876 (get_current_reader): Follow the change of R_NO_SERVICE.
15877 (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
15879 * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
15881 Don't keep opening unavailable card reader.
15882 * scd/command.c (update_reader_status_file): Don't call
15883 get_current_reader.
15885 2012-11-30 David Shaw <dshaw@jabberwocky.com>
15887 Refresh sample keys.
15889 Adjust awk to not add trailing whitespace.
15890 * mksamplekeys: Tweak awk script to not add trailing whitespace to
15891 blank lines (makes git pre-commit hook unhappy)
15893 2012-11-29 David Shaw <dshaw@jabberwocky.com>
15895 The keyserver search menu should honor --keyid-format.
15896 * keyserver.c (print_keyrec): Honor --keyid-format when getting back
15897 full fingerprints from the keyserver (the comment in the code was
15898 correct, the code was not).
15900 2012-11-27 Werner Koch <wk@gnupg.org>
15902 Fix printing of ECC algo names in hkp keyserver listings.
15903 * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
15905 2012-11-26 Ben Kibbey <bjk@luxsci.net>
15907 Check for inet_addr() in -lnsl.
15908 * configure.ac: Check for inet_addr() in libnsl.
15910 2012-11-20 Werner Koch <wk@gnupg.org>
15912 Do not use a broken ttyname.
15913 * configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
15915 * common/util.h (gnupg_ttyname): New macro. Change all callers of
15916 ttyname to use this macro instead.
15917 (ttyname) [W32]: Rename to _gnupg_ttyname and use also if
15918 HAVE_BROKEN_TTYNAME is defined.
15919 * common/simple-pwquery.c (agent_send_all_options): Keep on using
15920 ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file
15921 may be used standalone.
15923 2012-11-16 Werner Koch <wk@gnupg.org>
15925 Fix non-portable use of chmod in autogen.sh.
15926 * autogen.sh: Remove option -c from chmod.
15928 Improve parsing of the GIT revision number.
15929 * configure.ac (mmm4_revision): Use git rev-parse.
15931 Add an OpenPGP card vendor.
15932 * g10/card-util.c (get_manufacturer): Add Yubico.
15934 2012-11-06 Werner Koch <wk@gnupg.org>
15936 agent: Use wipememory instead of memset in one place.
15937 * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben
15940 Allow decryption with card keys > 3072 bits.
15941 * scd/command.c (MAXLEN_SETDATA): New.
15942 (cmd_setdata): Add option --append.
15943 * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
15946 * scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
15947 (app_select_openpgp): Store manufacturer.
15948 (do_decipher): Print a note for broken cards.
15950 2012-11-02 NIIBE Yutaka <gniibe@fsij.org>
15952 agent: Fix wrong use of gcry_sexp_build_array.
15953 * findkey.c (agent_public_key_from_file): Fix use of
15954 gcry_sexp_build_array.
15956 2012-10-31 NIIBE Yutaka <gniibe@fsij.org>
15958 SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
15959 * scd/apdu.c (PCSC_E_NO_SERVICE): New.
15960 (open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
15961 (open_pcsc_reader_wrapped): Set pcsc_no_service.
15963 2012-08-24 Werner Koch <wk@gnupg.org>
15965 Update and enable French translation.
15966 * po/fr.po: Update.
15967 * po/LINGUAS: Enable fr.
15969 2012-08-24 David Prévot <taffit@debian.org>
15971 Fix typos spotted during translations.
15972 * agent/genkey.c: s/to to/to/
15973 * sm/*.c: s/failed to allocated/failed to allocate/
15974 * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
15975 * g10/seskey.c: missing closing parenthesis
15976 * dirmngr/crlcache.c: s/may has/may have/
15980 * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
15981 * dirmngr/dirmngr_ldap: no period in Syntax
15982 * dirmngr/dirmngr-client.c: infinitive for option description:
15983 s/certificates are expected/expect certificates/
15985 Keep previous msgids of translated messages.
15986 * po/Makefile.in.in: Use --previous with msgmerge.
15988 2012-08-24 Hans-Christoph Steiner <hans@eds.org>
15990 Fix build system for Android by disabling tests since its x-compiled.
15991 * configure.ac (HAVE_ANDROID_SYSTEM, RUN_TESTS): New.
15992 (AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname.
15993 * Makefile.am: Depend tests on new RUN_TESTS conditional.
15995 2012-08-24 Werner Koch <wk@gnupg.org>
15997 Fix left over use of jnlib on some platforms.
15998 * tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/.
16000 2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
16002 scd: handle reader/token removal.
16003 * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
16006 2012-06-05 Werner Koch <wk@gnupg.org>
16008 Change all quotes in strings and comments to the new GNU standard.
16009 The asymmetric quotes used by GNU in the past (`...') don't render
16010 nicely on modern systems. We now use two \x27 characters ('...').
16012 The proper solution would be to use the correct Unicode symmetric
16013 quotes here. However this has the disadvantage that the system
16014 requires Unicode support. We don't want that today. If Unicode is
16015 available a generated po file can be used to output proper quotes. A
16016 simple sed script like the one used for en@quote is sufficient to
16019 The changes have been done by applying
16021 sed -i "s/\`\([^'\`]*\)'/'\1'/g"
16023 to most files and fixing obvious problems by hand. The msgid strings in
16024 the po files were fixed with a similar command.
16026 2012-05-24 Werner Koch <wk@gnupg.org>
16028 Print the hash algorithm in colon mode key listing.
16029 * g10/keylist.c (list_keyblock_colon): Print digest_algo.
16031 Fix type conflict warning.
16032 * g10/keylist.c: Change min_cert_level to a byte.
16034 2012-05-11 Werner Koch <wk@gnupg.org>
16036 Switch to the new automagic beta numbering scheme.
16037 * configure.ac: Add all the require m4 magic.
16039 2012-05-08 Werner Koch <wk@gnupg.org>
16041 Add tweaks for the not anymore patented IDEA algorithm.
16042 * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
16043 compatibility mode.
16044 * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
16045 * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this
16049 * po/de.po: Update.
16051 common: Remove generated files only during maintainer-clean.
16052 * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
16054 2012-04-30 Werner Koch <wk@gnupg.org>
16056 agent: Fix deadlock in trustlist due to the switch to npth.
16057 * agent/trustlist.c (clear_trusttable): New.
16058 (agent_reload_trustlist): Use new function.
16059 (read_trustfiles): Require to be called with lock held.
16060 (agent_istrusted): Factor all code out to ...
16061 (istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the
16062 table islocked. Do not print TRUSTLISTFLAG stati if called internally.
16063 (agent_marktrusted): Replace calls to agent_reload_trustlist by
16066 2012-04-26 NIIBE Yutaka <gniibe@fsij.org>
16068 make DNS and URI fields work in gpgsm --gen-key.
16069 * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and
16070 mb_dns.avoid buffer strncpy-induced buffer overrun
16072 2012-04-26 Jim Meyering <jim@meyering.net>
16074 avoid buffer strncpy-induced buffer overrun.
16075 * dirmngr/crlcache.c (open_dir): Ensure that both this_update
16076 and next_update member strings are NUL-terminated.
16078 remove doubled words in a comment.
16080 2012-04-20 Werner Koch <wk@gnupg.org>
16082 Change license for some files in common to LGPLv3+/GPLv2+.
16083 Having the LGPL on the common GnuPG code helps to share code
16084 between GnuPG and related projects (like GPGME and Libassuan). This
16085 is good for interoperability and to reduces bugs.
16087 * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
16088 * common/b64enc.c, common/convert.c, common/dns-cert.c
16089 * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
16090 * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
16091 * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
16092 * common/helpfile.c, common/homedir.c, common/http.c, common/http.h
16093 * common/i18n.c, common/init.c, common/init.h, common/iobuf.c
16094 * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
16095 * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
16096 * common/percent.c, common/pka.c, common/pka.h, common/session-env.c
16097 * common/session-env.h, common/sexp-parse.h, common/sexputil.c
16098 * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
16099 * common/ssh-utils.h, common/sysutils.c, common/sysutils.h
16100 * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
16101 * common/userids.c, common/userids.h, common/xasprintf.c: Change
16102 license to LGPLv3+/GPLv2+/
16104 2012-04-10 Ben Kibbey <bjk@luxsci.net>
16106 Fix killing PID -1.
16107 When the KILLSCD command had been sent a race condition would occur
16108 causing PID -1 getting killed, which on Linux seems to terminate all
16109 applications for the current user.
16111 2012-04-05 Werner Koch <wk@gnupg.org>
16113 Do not mix test result with progress lines.
16114 This makes parsing of the results easier. Fixes bug#1400.
16116 * tests/openpgp/defs.inc (progress_cancel, progress_end)
16117 (progress_new): New.
16118 * tests/openpgp/conventional-mdc.test: Use progress functions
16119 * tests/openpgp/conventional.test: Ditto.
16120 * tests/openpgp/encrypt-dsa.test: Ditto.
16121 * tests/openpgp/encrypt.test: Ditto.
16122 * tests/openpgp/sigs.test: Ditto.
16124 2012-04-04 Ben Kibbey <bjk@luxsci.net>
16126 Mention status messages in the documentation.
16127 Note INQUIRE_MAXLEN.
16129 Document PASSWD --preset.
16131 Document GENKEY options.
16133 Document PRESET_PASSPHRASE.
16135 Document CLEAR_PASSPHRASE.
16136 And describe the --mode=normal option.
16138 2012-03-27 Werner Koch <wk@gnupg.org>
16140 Fix timegm regression test.
16141 * common/t-timestuff.c (test_timegm): Change test to use January and
16142 not February or December+1. Bug spotted by Daniel Kahn Gillmor.
16144 Print warning for arguments not considered an option.
16145 GnuPG requires that options are given before other arguments. This
16146 can sometimes be confusing. We now print a warning if we found an
16147 argument looking alike a long option without being preceded by the
16148 stop option. This is bug#1343.
16150 * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
16151 * common/argparse.c (arg_parse): Set new flag.
16152 * g10/gpg.c (main): Print the warning.
16153 * agent/gpg-agent.c (main): Ditto.
16154 * dirmngr/dirmngr.c (main): Ditto.
16155 * g13/g13.c (main): Ditto.
16156 * scd/scdaemon.c (main): Ditto.
16157 * sm/gpgsm.c (main): Ditto.
16158 * tools/gpg-connect-agent.c (main): Ditto.
16159 * tools/gpgconf.c (main): Ditto.
16161 2012-03-26 Werner Koch <wk@gnupg.org>
16163 Allow compress algorithm 0.
16164 * g10/mainproc.c (proc_compressed): Remove superfluous check for
16165 compress algorithm 0. Reported by pfandrade. This is bug#1326.
16167 Add mksamplekeys script.
16168 * doc/mksamplekeys: New.
16170 2012-02-28 Marcus Brinkmann <mb@g10code.com>
16172 Replace npth_yield in busy wait by npth_usleep.
16173 * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call
16174 npth_usleep instead of npth_yield.
16176 2012-02-16 Marcus Brinkmann <mb@g10code.com>
16178 Check for lber and link dirmngr_ldap to it.
16179 * configure.ac (LBER_LIBS, HAVE_LBER): New variables, check for lber.
16180 * dirmngr/Makefile.am (dirmngr_lda_LDADD): Add $(LBER_LIBS).
16182 2012-02-07 Werner Koch <wk@gnupg.org>
16184 agent: Add pin length field to the shadowed private key format.
16185 This is not yet fully implemented. It will eventually allow to
16186 support pinpad equipped readers which do not support variable length
16188 * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
16189 parse pinlen info. Change all callers to pass NULL for it.
16191 Use new status printing functions.
16192 * agent/command.c (cmd_geteventcounter): Get rid of static buffers.
16193 * scd/command.c (cmd_serialno, cmd_learn): Simplify by using
16194 print_assuan_status.
16196 agent: New function agent_print_status.
16197 * common/asshelp2.c (vprint_assuan_status): New.
16198 (print_assuan_status): Re-implement using above func.
16199 * agent/command.c (agent_print_status): New.
16201 po: Add Ukrainian translation.
16204 common: Replace macro based function calls by using DEFAULT_ERRSOURCE.
16205 * common/dns-cert.h (get_dns_cert): Remove macro.
16206 * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace
16207 arg ERRSOURCE by global DEFAULT_ERRSOURCE.
16208 * common/http.h (http_parse_uri, http_raw_connect, http_open)
16209 (http_open_document, http_wait_response): Remove macros.
16210 * common/http.c (_http_parse_uri, _http_raw_connect, _http_open)
16211 (_http_open_document, _http_wait_response): Remove underscore from
16212 symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
16213 * common/ssh-utils.h (ssh_get_fingerprint)
16214 (ssh_get_fingerprint_string): Remove macros.
16215 * common/ssh-utils.h (_ssh_get_fingerprint)
16216 (_ssh_get_fingerprint_string): Remove underscore from symbols.
16217 Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
16218 * common/tlv.h (parse_ber_header, parse_sexp): Remove macros.
16219 * common/tlv.c: Include util.h.
16220 (_parse_ber_header, _parse_sexp): Remove underscore from symbols.
16221 Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
16223 2012-02-06 Werner Koch <wk@gnupg.org>
16225 Add replacement hack for Android's broken ttyname.
16226 * configure.ac (HAVE_TTYNAME) [__ANDROID__]: Add hack.
16228 agent: Simplify printing of INQUIRE_MAXLEN.
16229 * agent/command.c: Include asshelp.h.
16230 (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
16231 (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
16233 common: Add function print_assuan_status.
16234 * common/asshelp2.c: New.
16235 (print_assuan_status): New function.
16236 * common/Makefile.am (common_sources): Add asshelp2.c.
16238 common: Add a global variable to for the default error source.
16239 For the shared code parts it is cumbersome to pass an error sourse
16240 variable to each function. Its value is always a constant for a given
16241 binary and thus a global variable makes things a lot easier than the
16242 former macro stuff.
16243 * common/init.c (default_errsource): New global var.
16244 (init_common_subsystems): Rename to _init_common_subsystems. Set
16246 * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
16247 (init_common_subsystems): New macro.
16248 * common/util.h (default_errsource): Add declaration.
16249 * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
16251 2012-02-03 Ben Kibbey <bjk@luxsci.net>
16253 Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.
16254 * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status
16255 message before doing the inquire.
16256 (cmd_genkey): Ditto.
16258 2012-02-02 Ben Kibbey <bjk@luxsci.net>
16260 Inform the client of the preset passphrase length.
16261 * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN
16262 status message before inquiring the passphrase.
16264 2012-02-01 David Shaw <dshaw@jabberwocky.com>
16266 Honor --cert-digest-algo when recreating a cert.
16267 * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
16270 This is used by various things in --edit-key like setpref, primary,
16271 etc. Suggested by Christian Aistleitner.
16273 2012-01-27 Werner Koch <wk@gnupg.org>
16275 gl: Add support for Android to stdint.h replacement.
16276 * gl/stdint_.h: When included from Bionic <sys/types.h>, just include
16277 the system's <stdint.h>.
16279 gpg-connect-tool: Take the string "true" as a true condition.
16280 * tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in
16281 conditions as expected.
16283 2012-01-26 Ben Kibbey <bjk@luxsci.net>
16285 Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.
16286 Since there isn't a way to prompt the user to insert the smartcard when
16287 pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of
16288 GPG_ERR_NO_PIN_ENTRY.
16290 * agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
16291 when pinentry-mode=loopback.
16293 Also check for GPG_ERR_ASS_CANCELED during an inquire.
16294 Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
16295 This is similar to commit 4f21f8d but for both protocol command
16296 cancellation and pinentry cancellation.
16298 * agent/call-scd.c (agent_card_pkdecrypt): Check for
16299 GPG_ERR_ASS_CANCELED.
16300 (agent_card_pksign): Ditto.
16302 2012-01-25 Werner Koch <wk@gnupg.org>
16304 nPth is now a hard requirement for GnuPG.
16305 * configure.ac: Remove cruft to allow building without npth.
16307 Require libassuan 2.1.0.
16308 * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.1.0. This is due to
16311 Fix strerror vs. gpg_strerror usage.
16312 This bug was introduced by the migration to npth.
16313 * agent/gpg-agent.c (handle_connections): Use strerror.
16315 Add missing variable.
16316 * agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable.
16318 2012-01-25 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
16320 Port LDAP wrapper to NPTH.
16321 * agent/gpg-agent.c (handle_connections): Handle error.
16322 * dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH.
16324 Port Windows code to NPTH.
16325 * agent/gpg-agent.c (get_agent_ssh_socket_name): Use
16326 INVALID_HANDLE_VALUE instead of 0.
16327 (handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
16328 (handle_connections): Port Windows code to NPTH.
16329 * dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
16330 * g13/g13.c (handle_connections): Port Windows code to NPTH.
16331 * scd/scdaemon.c (handle_connections): Port Windows code to NPTH.
16334 * configure.ac: Don't check for PTH but for NPTH.
16335 (AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
16336 (have_pth): Rename to ...
16337 (have_npth): ... this.
16338 (USE_GNU_NPTH): Rename to ...
16339 (USE_GNU_PTH): ... this.
16340 * m4/npth.m4: New file.
16341 * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
16342 agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
16343 agent/trustlist.c, common/Makefile.am, common/estream.c,
16344 common/exechelp-posix.c, common/exechelp-w32.c,
16345 common/exechelp-w32ce.c, common/http.c, common/init.c,
16346 common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
16347 dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
16348 dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
16349 g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
16350 scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
16351 scd/scdaemon.c, tools/Makefile.am: Port to npth.
16353 2012-01-25 Werner Koch <wk@gnupg.org>
16355 Require gitlog-to-changelog to be installed.
16356 * Makefile.am (GITLOG_TO_CHANGELOG): New.
16357 (gen-ChangeLog): Use installed version of gitlog-to-changelog.
16359 2012-01-20 David Shaw <dshaw@jabberwocky.com>
16361 Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
16362 * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
16364 * g10/trustdb.c (check_trustdb_stale): Request a rebuild if
16365 pending_check_trustdb is true (set when we detect a trustdb
16366 parameter has changed).
16368 * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
16369 listing for min_cert_level not matching.
16371 * g10/tdbio.c (tdbio_update_version_record, create_version_record,
16372 tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
16373 tdbio_write_record): Add a byte for min_cert_level in the tdbio
16376 2012-01-20 Werner Koch <wk@gnupg.org>
16378 estream: Fix unclean usage of realloc.
16379 * common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove.
16380 (_ESTREAM_PRINTF_FREE): Remove.
16381 (_ESTREAM_PRINTF_REALLOC): New.
16382 (fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New.
16383 (estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc
16384 and my_printf_free.
16385 (dynamic_buffer_out): Use my_printf_realloc instead of realloc.
16387 Do not copy default merge commit log entries into the ChangeLog.
16388 * scripts/gitlog-to-changelog: Skip merge commits.
16390 2012-01-18 Ben Kibbey <bjk@luxsci.net>
16392 Add the INQUIRE_MAXLEN status message.
16393 This status message is used to inform the client of the maximum length
16394 of an inquired passphrase and is used in pinentry-mode=loopback.
16396 * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
16397 message before doing the inquire.
16399 2012-01-16 Jim Meyering <meyering@redhat.com>
16401 yat2m: don't dereference pointer to freed memory.
16402 * doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop.
16404 gpg-agent: fix lc-messages handling not to change Xauthority setting.
16405 * agent/gpg-agent.c (main): Supply omitted "break" statement for
16406 lc-messages option. Otherwise, control would fall through to the
16407 following oXauthority case and use the same value there.
16409 2012-01-15 Werner Koch <wk@gnupg.org>
16413 2012-01-14 Ben Kibbey <bjk@luxsci.net>
16415 Fix scdaemon pinentry inquire cancelation.
16416 Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.
16418 * agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
16419 when returning from the PKDECRYPT operation of scdaemon and cancel the
16421 (agent_card_pksign): Ditto.
16422 (cancel_inquire): New.
16424 2012-01-11 Werner Koch <wk@gnupg.org>
16426 gpg: Fix segv with RSA_S keys.
16427 * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
16428 (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
16431 estream: Avoid printing leading zeroes by %p on 32 bit systems.
16432 * common/estream-printf.c (pr_pointer): Synchronize definition of
16433 AULONG with its use.
16435 2012-01-11 David Shaw <dshaw@jabberwocky.com>
16437 Refresh sample keys.
16439 2012-01-10 David Shaw <dshaw@jabberwocky.com>
16441 Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr.
16442 * dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form
16444 2012-01-06 Werner Koch <wk@gnupg.org>
16446 gpg: Make the double space in the middle of a fingerprint optional.
16447 This change might help to c+p a fingerprint from an HTML page without
16448 being enclosed in a "pre" tag.
16449 * common/userids.c (classify_user_id): Skip a second blank in the
16450 middle of a fingerprint.
16452 gpg: Allow use of a standard space separated fingerprint.
16453 * common/userids.c (classify_user_id): Check for space separated GPG
16456 2012-01-06 NIIBE Yutaka <gniibe@fsij.org>
16458 Merge ccid_driver_improvement branch.
16459 * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
16460 (open_ccid_reader): Use ccid_keypad_operation for verify and modify.
16462 * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
16463 (ccid_transceive_apdu_level): Permit sending packet where
16464 apdulen <= 289. Support receiving packets in a chain.
16465 (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
16466 Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
16468 2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
16470 Silence gcc warning.
16471 * sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized.
16473 Revert last change, add comment about link() return values.
16474 * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Do not check
16475 return value of link().
16477 Fix compiler warnings.
16478 * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return
16480 * g13/g13.c: Make sure err is initialized.
16481 * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR.
16483 Fix last change: Only set gcrypt thread callback for older versions.
16484 * dirmngr/dirmngr.c, g13/g13.c: Rename FIX_GCRY_PTH_INIT to
16485 USE_GCRY_THREAD_CBS.
16487 2012-01-03 Werner Koch <wk@gnupg.org>
16489 Terminate csh commands with a semicolon also for dirmngr.
16490 * dirmngr/dirmngr.c (main): Terminate csh style output with a semicolon.
16492 Terminate csh commands with a semicolon.
16495 * agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
16496 * scd/scdaemon.c: Ditto.
16498 2012-01-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
16500 Only set gcrypt thread callback for older version of gcrypt.
16501 * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
16502 (USE_GCRY_THREAD_CBS): New macro, defined if
16503 GCRY_THREAD_OPTION_VERSION is 0.
16504 (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
16505 (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
16507 2011-12-28 David Shaw <dshaw@jabberwocky.com>
16509 Use the longest key ID available when talking to a HKP server.
16510 This is issue 1340. Now that PKSD is dead, and SKS supports long key
16511 IDs, this is safe to do. Patch from Daniel Kahn Gillmor
16512 <dkg@fifthhorseman.net>.
16514 2011-12-20 Werner Koch <wk@gnupg.org>
16516 Post-release version number update.
16518 Release 2.1.0beta3.
16520 Prepare for the beta3 release.
16522 po: Update the German translation.
16524 Add the STEED Self-Signing Nonthority certificate.
16525 * doc/com-certs.pem: Install it when creating a keybox.
16527 faq: Add section on US export restrictions.
16529 Require Libassuan 2.0.3.
16530 * configure.ac: Require Libassuan 2.0.3.
16531 * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
16532 * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
16534 (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
16535 * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
16537 2011-12-20 NIIBE Yutaka <gniibe@fsij.org>
16539 Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
16540 * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
16541 (pcsc_keypad_modify): Likewise.
16543 2011-12-19 Werner Koch <wk@gnupg.org>
16544 Ben Kibbey <bjk@luxsci.net>
16546 scd: Fix for card change returning GPG_ERR_CARD_RESET.
16547 * scd/apdu.c (apdu_connect): Do not test for zero atrlen.
16549 2011-12-16 NIIBE Yutaka <gniibe@fsij.org>
16551 Don't kill pinentry by SIGKILL but let it quit by SIGINT.
16552 * agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send
16553 SIGINT (was: SIGKILL).
16555 2011-12-15 David Shaw <dshaw@jabberwocky.com>
16557 Merge fix for issue 1331 from 1.4.
16558 * photoid.c (generate_photo_id): Check for the JPEG magic numbers
16559 instead of JFIF since some programs generate an EXIF header first.
16561 2011-12-15 Werner Koch <wk@gnupg.org>
16563 scd: Prefer application Geldkarte over DINSIG.
16564 * scd/app.c (select_application): Reorder application tests.
16566 scd: Add option --dump-atr to command APDU.
16567 * scd/atr.c: Rewrite.
16568 * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h.
16569 * scd/command.c (cmd_apdu): Add option --dump-atr.
16571 estream: New function es_fclose_snatch.
16572 * common/estream.c (cookie_ioctl_function_t): New type.
16573 (es_fclose_snatch): New function.
16574 (COOKIE_IOCTL_SNATCH_BUFFER): New constant.
16575 (struct estream_internal): Add field FUNC_IOCTL.
16576 (es_initialize): Clear FUNC_IOCTL.
16577 (es_func_mem_ioctl): New function.
16578 (es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL.
16580 2011-12-14 Werner Koch <wk@gnupg.org>
16582 scd: Skip S/N reading for the "undefined" application.
16583 * scd/app.c (select_application): Skip serial number reading.
16585 scd: Add more status word values for documentation.
16587 scd: Add the "undefined" stub application.
16588 * scd/app.c (select_application): Implement the "undefined"
16591 agent: Pass comment lines from scd verbatim thru gpg-agent.
16592 * agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
16593 * tools/gpg-connect-agent.c (help_cmd_p): New.
16594 (main): Treat an "SCD HELP" the same as "HELP".
16596 scd: Fix resetting and closing of the reader.
16597 * scd/command.c (update_card_removed): Do no act on an invalid VRDR.
16598 (do_reset): Ignore apdu_reset error codes for no and inactive card.
16599 Close the reader before setting the slot to -1.
16600 (update_reader_status_file): Notify the application before closing the
16603 scd: Add debug option for reader function calls.
16604 * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New.
16605 * scd/apdu.c (apdu_open_reader, apdu_close_reader)
16606 (apdu_shutdown_reader, apdu_connect, apdu_disconnect)
16607 (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code.
16608 (apdu_activate): Remove this unused function.
16610 2011-12-13 Werner Koch <wk@gnupg.org>
16612 scd: New option --debug-assuan-log-cats.
16613 * scd/scdaemon.c (oDebugAssuanLogCats): New.
16614 (opts): Add option --debug-assuan-log-cats.
16615 (main): Implement option.
16616 * common/asshelp.c (set_libassuan_log_cats): New.
16618 scd: Introduce a virtual reader table.
16619 The vreader table makes the code more clear by explicitly talking
16620 about APDU slots and reader indices. It also accommodates for future
16623 * scd/scdaemon.h (server_control_s): Remove READER_SLOT.
16624 * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
16625 * scd/app.c (check_application_conflict): Add arg SLOT.
16626 * scd/command.c (slot_status_s): Rename to vreader_s.
16627 (server_local_s): Add field VREADER_IDX as replacement for
16628 the READER_SLOT in server_control_s. Change all users.
16629 (slot_table): Rename to vreader_table. Change all users.
16630 (vreader_slot): New.
16631 (do_reset, cmd_apdu): Map vreader to apdu slot.
16632 (get_reader_slot): Rename to get_current_reader. Return -1 on error.
16633 (open_card): Map vreader toapdu slot. Pass slot to
16634 check_application_conflict.
16635 (scd_command_handler): Init VREADER_IDX.
16636 (update_reader_status_file): Reset SLOT field on error.
16638 2011-12-12 Werner Koch <wk@gnupg.org>
16640 scd: Retry command SERIALNO for an inactive card.
16641 * scd/command.c (cmd_serialno): Retry once for an inactive card.
16643 Fix detection of card removal and insertion.
16644 * scd/apdu.c (apdu_connect): Return status codes for no card available
16646 * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
16647 (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
16649 gitlog-to-changelog: New option --tear-off.
16650 * scripts/gitlog-to-changelog: Add option --tear-off.
16651 * Makefile.am (gen-ChangeLog): Use that option.
16653 2011-12-07 Werner Koch <wk@gnupg.org>
16655 gpgsm: Add new validation model "steed".
16656 * sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
16657 * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
16658 * sm/server.c (option_handler): Allow validation model "steed".
16659 * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
16660 * sm/certchain.c (do_validate_chain): Handle the
16661 well-known-private-key attribute. Support the "steed" model.
16662 (gpgsm_validate_chain): Ditto.
16663 * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
16664 * sm/keylist.c (list_cert_colon): Print the new 'w' flag.
16666 Correct punctuation in the ChangeLog summary line.
16667 * Makefile.am (gen-ChangeLog): Supply --append-dot.
16669 Allow comments which will not show up in the ChangeLog.
16670 * scripts/gitlog-to-changelog: Ignore lines after a "--" line.
16672 2011-12-06 Werner Koch <wk@gnupg.org>
16674 gpgsm: Allow specification of an AuthorityKeyIdentifier.
16675 * sm/certreqgen.c (pAUTHKEYID): New.
16676 (read_parameters): Add keyword Authority-Key-Id.
16677 (proc_parameters): Check its value.
16678 (create_request): Insert an Authority-Key-Id.
16680 gpgsm: Allow arbitrary extensions for cert creation.
16681 * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
16682 (read_parameters): Add new keywords.
16683 (proc_parameters): Check values of new keywords.
16684 (create_request): Add SubjectKeyId and extensions.
16685 (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
16687 gpgsm: Fix storing of the serial number.
16688 * sm/certreqgen.c (create_request): Fix hex-bin conversion.
16690 2011-12-05 Werner Koch <wk@gnupg.org>
16693 * agent/command.c (start_command_handler): Remove use of removed var.
16695 Amend the agent code with more comments.
16696 * agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
16698 2011-12-02 Werner Koch <wk@gnupg.org>
16700 Support the Cherry ST-2000 card reader.
16701 * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
16702 (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
16703 (parse_ccid_descriptor): Use them.
16704 (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
16705 ST-2000. Suggested by Matthias-Christian Ott.
16707 Avoid possible double free in export.c.
16708 * g10/export.c (transfer_format_to_openpgp): Avoid possible double
16709 free of LIST. Reported by NIIBE Yutaka.
16711 2011-12-02 NIIBE Yutaka <gniibe@fsij.org>
16713 Fix pinpad input support for passphrase modification.
16714 * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
16715 (pcsc_keypad_modify): Likewise.
16716 (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
16717 bConfirmPIN value is determined by the parameter p0.
16719 * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
16720 reset_mode is on, or resetcode is on. use_keypad only makes sense for
16721 iso7816_change_reference_data_kp.
16723 * iso7816.h (iso7816_put_data_kp): Remove.
16724 (iso7816_reset_retry_counter_kp): Remove.
16725 (iso7816_reset_retry_counter_with_rc_kp): Remove.
16726 (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
16728 * iso7816.c (iso7816_put_data_kp): Remove.
16729 (iso7816_reset_retry_counter_kp): Remove.
16730 (iso7816_reset_retry_counter_with_rc_kp): Remove.
16731 (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
16733 2011-12-01 Werner Koch <wk@gnupg.org>
16735 Add hook to check the commit log syntax.
16736 * autogen.sh: Install commit-msg hook for git.
16738 Generate the ChangeLog from commit logs.
16739 * scripts/gitlog-to-changelog: New script. Taken from gnulib.
16740 * scripts/git-log-fix: New file.
16741 * scripts/git-log-footer: New file.
16742 * doc/HACKING: Describe the ChangeLog policy
16743 * ChangeLog: New file.
16744 * Makefile.am (EXTRA_DIST): Add new files.
16745 (gen-ChangeLog): New.
16746 (dist-hook): Run gen-ChangeLog.
16748 Rename all ChangeLog files to ChangeLog-2011.
16750 2011-12-01 Werner Koch <wk@gnupg.org>
16752 NB: Changes done before December 1st, 2011 are described in
16753 per directory files named ChangeLog-2011. See doc/HACKING for
16757 Copyright (C) 2011 Free Software Foundation, Inc.
16759 Copying and distribution of this file and/or the original GIT
16760 commit log messages, with or without modification, are
16761 permitted provided the copyright notice and this notice are