| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* build-aux/speedo.mk (dist-source): Exclude them.
--
GnuPG-bug-id: 7442
|
|
* agent/findkey.c (read_key_file): Free BUF.
--
Fixes-commit: 434a641d40cbff82beb9f485e0adca72419bfdf2
Signed-off-by: Sorah Fukumori <her@sorah.jp>
|
|
--
Not tested.
|
|
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpg-authcode-sign.sh: Skip too short files and rename certain
files to ".dll".
--
osslsigncode requires file suffixes of exe or dll but not dll-x or
dll-ex which we use in our gpg4win build system. This adds
workarounds for this and for short dummy files.
|
|
* g10/card-util.c (USER_PIN_DEFAULT): Move to the top. Same for the
other constants.
(show_pin_hint): New.
(generate_card_keys): Use show_pin_hint.
(do_change_keyattr): Also show pin hint here.
(change_name): And here.
--
We used to show a hint for the default PINs only before generate.
However it is often useful to first change the attributes and thus the
hint should be show here as well.
The above is only done if no name has yet been set, thus before
setting the name we also show the hint.
|
|
--
|
|
|
|
--
|
|
|
|
--
GnuPG-bug-id: 7479
|
|
* agent/gpg-agent.c (opts): Rename option supervised.
* dirmngr/dirmngr.c (opts): Ditto.
--
The --supervised way to start gpg-agent has been deprecated for 2.5
years and will probably entirely removed with version 2.6.0. To allow
its use until its removal the systemd service description need to be
adjusted to use this option. The reason for the deprecation are
conflicts with the way systemd starts gpg-agent and gpg expects how
gpg-agent is started. In particular gpg expects that the gpg-agent
matching its own version is started. Further the systemd way is not
portable to other platforms and long term experience on Windows has
show that the standard way of starting gpg-agent is less error prone.
Note to those who want to re-introduse this option: Pretty please do
not use socket names conflicting with our standard socket names. For
example use /run/user/1000/foo-gnupg/S.gpg-agent.
|
|
--
|
|
* g10/keygen.c (card_write_key_to_backup_file): Fix error handing by
removing the RC variable. Add warning note.
--
GnuPG-bug-id: 2169
|
|
* g10/encrypt.c (create_dek_with_warnings): Forcefully use AES-256 if
PQC encryption was required or if all recipient keys are Kyber keys.
--
If --require-pqc-encryption was set, then it should be safe to always
force AES-256, without even checking if we are encrypting to Kyber keys
(if some recipients do not have Kyber keys, --require-pqc-encryption
will fail elsewhere).
Otherwise, we force AES-256 if we encrypt *only* to Kyber keys -- unless
the user explicitly requested another algo, in which case we assume they
know what they are doing.
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Man page entry extended
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/pubkey-enc.c (get_it): Do not error out when decrypting a session
key of less than 32 octets encrypted to a Kyber key.
--
GnuPG-bug-id: 7472
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
|
|
--
(proofread by the debian-l10n-french team)
GnuPG-bug-id:7469
Changed original patch to use positional arguments for
"un hachage de %1$u bits n'est pa[...]"
|
|
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app.c (report_change): Use gpgrt_spawn_actions_set_env_rev.
--
It's UTF-8 string.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* agent/call-scd.c (agent_card_pkdecrypt): Remove unused variables.
--
Fixes-commit: fe147645d2397dd77b646a253965c5994f360f26
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/keygen.c (ask_algo): Fix condition. Continue the loop when
failure.
--
Fixes-commit: e7891225788ab5f6d050a06643b1f488c227771f
GnuPG-bug-id: 7309, 7457
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/parse-packet.c (parse_signature): Increase the cap for hashed
subpackets to 30000. Print the value in the error message. Do not
return an error but skip a too long signature.
--
The limit of 10000 served us well for decades but given the option to
put a key into the signature, a larger limit will eventually be
useful. The second part makes things a bit robust against rogue
subpackets on a keyserver.
|
|
* build-aux/speedo.mk (W32VERSION): Default to 64 bit.
* build-aux/speedo/w32/inst.nsi: Remove the doc dir.
|
|
* g10/trustdb.c (validate_keys): Take care of --quiet.
--
GnuPG-bug-id: 7351
|
|
--
|
|
|
|
--
|
|
--
|
|
* agent/call-scd.c (prepare_setdata): New.
(agent_card_pksign): Use prepare_setdata for SETDATA.
(agent_card_pkdecrypt): Likewise.
--
GnuPG-bug-id: 7436
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* configure.ac (NEED_GPGRT_VERSION): Bump to 1.51.
* g10/keydb.c (internal_keydb_update_keyblock) [!USE_TOFU]: Mark an
arg unused.
* common/homedir.c (create_common_conf) [!BUILD_WITH_KEYBOXD]: Mark an
arg unused.
|
|
* common/compliance.c (get_assumed_de_vs_compliance): Also consider a
registry entry.
--
On Windows it is easier to set the registry key than to use an envvar.
|
|
Signed-off-by: Daniel Cerqueira <dan.git@lispclub.com>
|
|
--
- Follow conventions from other zh_TW user interfaces
- Use "確定" for "OK" like KDE
- Remove extra space between keyboard accelerator like in "取消(_C)"
- Follow conventions of modern zh_TW
- Character -> 字元
- 衹有 -> 「只」有
- Fix some "pinentry" translations
Sometimes it was translated as an entry of PIN codes among a list and
not the "pinentry" tool
Signed-off-by: Kisaragi Hiu <mail@kisaragi-hiu.com>
|
|
* g10/pkglue.c (pk_verify): When fixing R and S, make sure those are
copies.
--
GnuPG-bug-id: 7426
Fixing-commit: 0a5a854510fda6e6990938a3fca424df868fe676
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Also avoid clearing the error by the S code of a failed mpi_print of
R.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* common/asshelp.c (SECS_TO_WAIT_FOR_AGENT): Change from 5 to 8
seconds.
(SECS_TO_WAIT_FOR_KEYBOXD): Ditto.
(SECS_TO_WAIT_FOR_DIRMNGR): Ditto.
--
Experience on Windows showed that right after re-booting we may need
some more time to get things up.
|
|
* g10/keyid.c (extra_algo_strength_offset): New.
(compare_pubkey_string_part): Use the mapping.
--
GnuPG-bug-id: 6425
|
|
--
|
|
* scd/app.c (new_card_lock): New.
(select_application): Scanning is serialized by NEW_CARD_LOCK.
For app_new_register, we hold the W-lock.
(initialize_module): Initialize NEW_CARD_LOCK.
--
GnuPG-bug-id: 7402
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* tools/gpgconf.c (query_swdb): Parse the new minver tag.
|
|
* common/compliance.c (gnupg_pk_is_compliant) <CO_DE_VS>: Consider
Brainpool Kyber variants compliant.
(gnupg_pk_is_allowed): Ditto.
(assumed_de_vs_compliance): Remove variable.
(get_assumed_de_vs_compliance): New.
(get_compliance_cache): Use new accessor.
(gnupg_status_compliance_flag): Ditto.
--
Use
GNUPG_ASSUME_COMPLIANCE=de-vs gpg --compliance=de-vs ....
for testing. This returns 2023 instead of 23 to indicate the
non-approval state.
GnuPG-bug-id: 6638
|
|
* g10/keygen.c (get_parameter_algo): Make "KYBER" to
PUBKEY_ALGO_KYBER.
--
GnuPG-bug-id: 7397
|
|
* g10/keylist.c (list_keyblock_colon): Put the algo string into the
curve field for Kyber.
--
GnuPG-bug-id: 6638
|
|
* g10/keygen.c (PQC_STD_KEY_PARAM_PRI, PQC_STD_KEY_PARAM_SUB): New.
(PQC_STD_KEY_PARAM): Construct from above.
(gen_kyber): Allow short curve names.
(ask_algo): Add Entry for ecc+kyber.
(ask_kyber_variant): New.
(generate_keypair): Generate ECC primary and Kyber sub.
--
GnuPG-bug-id: 6638
|
|
* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.
--
Note that this requires nPth 1.8
|
|
* tools/gpg-mail-tube.c (mail_tube_encrypt): Fix content type for an
attached message.
--
We can't use message/rfc822 if we encrypt this message as a simple PGP
file.
|
|
* scd/app.c (send_card_and_app_list): Only handle the case with
WANTCARD=NULL.
(app_send_card_list): Follow the change.
(app_send_active_apps): Factor out the case with WANTCARD!=NULL.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app-help.c (app_help_read_length_of_cert): Free the BUFFER.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/app-dinsig.c (do_readcert): Don't return directly but care about
releasing memory.
* scd/app-nks.c (readcert_from_ef): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/import.c (parse_import_options): Add a description to
only-pubkeys.
--
See gnupg-devel for a brief discussion.
|
|
* tools/gpgtar-extract.c (extract_directory): Factor parent directory
creation out to ..
(try_mkdir_p): new.
(extract_regular): Create directory on ENOENT.
* g10/pubkey-enc.c (get_it): Use log_info instead of log_error if the
public key was not found for preference checking.
--
If tarball was created with
tar cf tarball file1.txt foo/file2.txt
the tarball has no entry for foo/ and thus the extraction fails. This
patch fixes this.
GnuPG-bug-id: 7380
The second patch avoid a wrong exist status status line due to the use
of log_error. But the actual cause needs stuill needs tobe
investigated.
|
