1 2014-08-12 Werner Koch <wk@gnupg.org>
5 sm: Create homedir and lock empty keybox creation.
6 * sm/gpgsm.h (opt): Add field "no_homedir_creation".
7 * sm/gpgsm.c (main): Set it if --no-options is used.
8 * sm/keydb.c: Include fcntl.h.
9 (try_make_homedir): New. Similar to the one from g10/openfile.c
10 (maybe_create_keybox): New. Similar to the one from g10/keydb.c.
11 (keydb_add_resource): Replace some code by maybe_create_keybox.
13 2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
15 po: Update Japanese translation.
17 2014-08-06 Werner Koch <wk@gnupg.org>
19 gpg: Fix regression due to the keyserver import filter.
20 * g10/keyserver.c (keyserver_retrieval_filter): Change args. Rewrite
21 to take subpakets in account.
22 * g10/import.c (import_one, import_secret_one): Pass keyblock to
25 gpg: Add kbnode_t for easier backporting.
26 * g10/gpg.h (kbnode_t): New.
28 2014-07-21 Simon Josefsson <simon@josefsson.org>
30 Add OpenPGP card manufacturer Yubico (6).
32 2014-07-21 Andreas Schwier <andreas.schwier@cardcontact.de>
34 scd: Allow for certificates > 1024 with PC/SC.
35 * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
36 allow for larger certificates.
38 2014-07-21 Werner Koch <wk@gnupg.org>
40 gpg: Cap size of attribute packets at 16MB.
41 * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
44 2014-06-30 Werner Koch <wk@gnupg.org>
48 estream: Fix minor glitch in "%.*s" format.
49 * common/estream-printf.c (pr_string): Take care of non-nul terminated
52 2014-06-27 Werner Koch <wk@gnupg.org>
54 scd: Support reader Gemalto IDBridge CT30.
55 * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
57 (GEMPC_CT30): New product id.
59 gpg: Limit keysize for unattended key generation to useful values.
60 * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
61 (gen_rsa): Enforce keysize 1024 to 4096.
62 (gen_dsa): Enforce keysize 768 to 3072.
64 2014-06-25 Werner Koch <wk@gnupg.org>
66 agent: Let gpg-protect-tool pass envvars to pinentry.
67 * agent/protect-tool.c (opt_session_env): New.
68 (main): Pass session environment object to
69 gnupg_prepare_get_passphrase.
71 gpg: Make screening of keyserver result work with multi-key commands.
72 * g10/keyserver.c (ks_retrieval_filter_arg_s): new.
73 (keyserver_retrieval_filter): Use new struct and check all
75 (keyserver_spawn): Pass filter arg suing the new struct.
77 2014-06-24 Werner Koch <wk@gnupg.org>
81 2014-06-24 Kristian Fiskerstrand <kf@sumptuouscapital.com>
83 gpg: Fix a couple of spelling errors.
85 2014-06-24 Werner Koch <wk@gnupg.org>
87 gpg: Do not link gpgv against libassuan.
88 * g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
92 common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6.
93 * common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
96 Remove thread callbacks for libgcrypt >= 1.6.
97 * agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
100 * scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
103 gpg: Use more specific reason codes for INV_RECP.
104 * g10/pkclist.c (build_pk_list): Use more specific reasons codes for
107 gpg: Make show-uid-validity the default.
109 2014-06-24 Stefan Tomanek <tomanek@internet-sicherheit.de>
111 gpg: Screen keyserver responses.
112 * g10/main.h (import_filter_t): New.
113 * g10/import.c (import): Add filter callbacks to param list.
115 (import_secret_one): Ditto.
116 (import_keys_internal): Ditto.
117 (import_keys_stream): Ditto.
118 * g10/keyserver.c (keyserver_retrieval_filter): New.
119 (keyserver_spawn): Pass filter to import_keys_stream()
121 2014-06-24 Werner Koch <wk@gnupg.org>
123 gpg: Allow key-to-card upload for cert-only keys.
124 * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
126 2014-06-23 Werner Koch <wk@gnupg.org>
128 ssh: Fix for newer Libgcrypt versions.
129 * common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.
131 2014-06-20 Werner Koch <wk@gnupg.org>
133 gpg: Avoid infinite loop in uncompressing garbled packets.
134 * g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
136 2014-06-03 Werner Koch <wk@gnupg.org>
138 doc: Update for modern makeinfo.
139 * doc/texi.css: Remove.
140 * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
144 doc: Adjust Makefile for fixed yat2m.
145 * doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.
147 gpg: New %U expando for the photo viewer.
148 * g10/photoid.c (show_photos): Set namehash.
149 * g10/misc.c (pct_expando): Add "%U" expando.
151 common: Add z-base-32 encoder.
152 * common/zb32.c: New.
153 * common/t-zb32.c: New.
154 * common/Makefile.am (common_sources): Add zb82.c
156 gpg: Reject signatures made with MD5.
157 * g10/gpg.c: Add option --allow-weak-digest-algos.
158 (main): Set option also in PGP2 mode.
159 * g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
160 * g10/sig-check.c (do_check): Reject MD5 signatures.
161 * tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
163 gpg: Remove useless diagnostic in MDC verification.
164 * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
165 MDC packer header and a bad MDC.
167 gpg: Fix glitch entering a full expiration time.
168 * g10/keygen.c (ask_expire_interval): Get the current time after the
171 2014-06-02 Werner Koch <wk@gnupg.org>
173 gpg: Graceful skip reading of corrupt MPIs.
174 * g10/parse-packet.c (mpi_read): Change error message on overflow.
176 gpg: Simplify default key listing.
177 * g10/mainproc.c (list_node): Rework.
179 gpgsm: Handle re-issued CA certificates in a better way.
180 * sm/certchain.c (find_up_search_by_keyid): Consider all matching
182 (find_up): Add some debug messages.
184 gpgsm: Add a way to save a found state.
185 * kbx/keybox-defs.h (keybox_found_s): New.
186 (keybox_handle): Factor FOUND out to above. Add saved_found.
187 * kbx/keybox-init.c (keybox_release): Release saved_found.
188 (keybox_push_found_state, keybox_pop_found_state): New.
190 * sm/keydb.c (keydb_handle): Add field saved_found.
191 (keydb_new): Init it.
192 (keydb_push_found_state, keydb_pop_found_state): New.
194 gpg: Fix bug parsing a zero length user id.
195 * g10/getkey.c (get_user_id): Do not call xmalloc with 0.
197 * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
198 pass 0 to the arguments.
200 2014-04-22 Werner Koch <wk@gnupg.org>
202 gpg: Print a warning if GKR has hijacked gpg-agent.
203 * g10/call-agent.c (check_hijacking): New.
204 (start_agent): Call it.
205 (membuf_data_cb, default_inq_cb): Move more to the top.
207 2014-04-16 Werner Koch <wk@gnupg.org>
209 gpg: Fix use of deprecated RSA_E and RSA_E with newer libgcrypts.
210 * g10/misc.c (pubkey_get_npkey): Map RSA_E and RSA_S to RSA.
211 (pubkey_get_nskey): Ditto.
212 (pubkey_get_nsig): Ditto.
213 (pubkey_get_nenc): Ditto.
214 (pubkey_nbits): Take care of RSA_E and RSA_S.
216 2014-03-12 Werner Koch <wk@gnupg.org>
218 scd: Skip S/N reading for the "undefined" application.
219 * scd/app.c (select_application): Skip serial number reading.
221 2013-12-11 Werner Koch <wk@gnupg.org>
223 gpg: Change --show-session-key to print the session key earlier.
224 * g10/cpr.c (write_status_strings): New.
225 (write_status_text): Replace code by a call to write_status_strings.
226 * g10/mainproc.c (proc_encrypted): Remove show_session_key code.
227 * g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
229 2013-11-27 Werner Koch <wk@gnupg.org>
231 Silence annoying ABI change warning.
232 * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc
233 option tests for gcc >= 4.6
235 scd: Fix two compiler warnings.
236 * scd/apdu.c (pcsc_vendor_specific_init): Add suggested parens.
237 * scd/ccid-driver.c (ccid_get_atr): Cast DEBUGOUT_1 arg to int.
239 gpg: Change armor Version header to emit only the major version.
240 * g10/options.h (opt): Rename field no_version to emit_version.
241 * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version
242 to bump up opt.emit_version.
243 * g10/armor.c (armor_filter): Implement different --emit-version
246 2013-11-15 Werner Koch <wk@gnupg.org>
248 common: Fix build problem with Sun Studio compiler.
249 * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
251 (ESTREAM_MUTEX_INITIALIZE): Ditto.
253 2013-11-13 NIIBE Yutaka <gniibe@fsij.org>
255 scd: more pinpad input fix for PC/SC.
256 * scd/apdu.c (check_pcsc_pinpad): Set default values here.
257 (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
258 values, as it's too late.
260 2013-11-11 NIIBE Yutaka <gniibe@fsij.org>
262 scd: more pinpad fix.
263 * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
265 (pcsc_pinpad_modify): Remove old check code.
267 2013-10-29 NIIBE Yutaka <gniibe@fsij.org>
269 scd: pinpad fix for PC/SC on Windows.
270 * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
272 2013-10-25 NIIBE Yutaka <gniibe@fsij.org>
274 scd: fix pinpad input on Windows.
275 * scd/apdu.c (open_pcsc_reader_direct): Don't call
276 pcsc_vendor_specific_init here, but...
277 (connect_pcsc_card): Call it here.
279 2013-10-23 NIIBE Yutaka <gniibe@fsij.org>
281 po: Update Japanese translation.
283 2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
285 scd: add pinpad readers information for PC/SC service.
286 * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
287 ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
290 2013-10-15 NIIBE Yutaka <gniibe@fsij.org>
292 scd: remove pin length check.
293 * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
296 2013-10-11 Werner Koch <wk@gnupg.org>
298 gpg: Do not require a trustdb with --always-trust.
299 * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
300 * g10/trustdb.c (trustdb_args): Add field no_trustdb.
301 (init_trustdb): Set that field.
302 (revalidation_mark): Take care of a nonexistent trustdb file.
303 (read_trust_options): Ditto.
304 (get_ownertrust): Ditto.
305 (get_min_ownertrust): Ditto.
306 (update_ownertrust): Ditto.
307 (update_min_ownertrust): Ditto.
308 (clear_ownertrusts): Ditto.
309 (cache_disabled_value): Ditto.
310 (check_trustdb_stale): Ditto.
311 (get_validity): Ditto.
312 * g10/gpg.c (main): Do not create a trustdb with most commands for
315 gpg: Fix --version output and explicitly disable ECC.
316 * g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/
317 to gcry_pk_algo_name by a call to this function.
318 (map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG.
319 (openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of
320 GCRY_PK_ELG_E. Return an error for ECC algos.
321 (openpgp_pk_test_algo2): Return an error for ECC algos.
322 * g10/gpg.c (build_list): Avoid printing ECC two times.
323 * include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*.
325 2013-10-04 Werner Koch <wk@gnupg.org>
329 doc: Update from master.
331 gpg: Print a "not found" message for an unknown key in --key-edit.
332 * g10/keyedit.c (keyedit_menu): Print message.
334 gpg: Kludge not to bail out on ECC if build with Libgcrypt 1.6.
335 * g10/misc.c (print_pubkey_algo_note): Map the algo.
336 (openpgp_pk_test_algo, openpgp_pk_test_algo2): Ditto.
337 (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig)
338 (pubkey_get_nenc): Return 0 for ECC algorithms.
340 po: Update Czech translation.
342 gpg: Protect against rogue keyservers sending secret keys.
343 * g10/options.h (IMPORT_NO_SECKEY): New.
344 * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
346 * g10/import.c (import_secret_one): Deny import if flag is set.
348 2013-10-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
350 gpg: Allow setting of all zero key flags.
351 * g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
352 (cherry picked from commit b693ec02c467696bf9d7324dd081e279f9965151)
354 2013-10-04 Werner Koch <wk@gnupg.org>
356 gpg: Distinguish between missing and cleared key flags.
357 * include/cipher.h (PUBKEY_USAGE_NONE): New.
358 * g10/getkey.c (parse_key_usage): Set new flag.
360 keyserver: Allow use of cURL's default CA store.
361 * keyserver/gpgkeys_curl.c (main): Set CURLOPT_CAINFO only if a file
363 * keyserver/gpgkeys_hkp.c (main): Ditto.
365 gpg: Limit the nesting level of I/O filters.
366 * common/iobuf.c (MAX_NESTING_FILTER): New.
367 (iobuf_push_filter2): Limit the nesting level.
369 * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
370 and ANY_SIG_SIGN to bit fields of ANY. Add bit field
372 (proc_compressed): Avoid printing multiple Bad Data messages.
373 (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
375 2013-10-02 Werner Koch <wk@gnupg.org>
377 gpg: Fix bug with deeply nested compressed packets.
378 * g10/mainproc.c (MAX_NESTING_DEPTH): New.
379 (proc_compressed): Return an error code.
380 (check_nesting): New.
381 (do_proc_packets): Check packet nesting depth. Handle errors from
384 2013-09-18 Marcus Brinkmann <mb@g10code.com>
386 2009-11-10 Marcus Brinkmann <marcus@g10code.de>
387 * server.c (cmd_getauditlog): Don't dup FD for es_fdopen_nc as
388 this leaks the FD here.
390 (cherry picked from commit b3cda3f45cdbf3c66538589c7e108cbf73adc850)
393 sm/ChangeLog-2011 - Removed.
397 2013-08-30 Werner Koch <wk@gnupg.org>
399 gpg: Use 2048 as the default keysize in batch mode.
400 * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
403 gpgtar: Fix building for systems with a separate libintl.
404 * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL.
406 2013-08-30 NIIBE Yutaka <gniibe@fsij.org>
408 scd: PC/SC pinpad input improvement.
409 * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
410 PINPAD_VERLEN_SUPPORTED.
411 (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
412 PCSCv2_PART10_PROPERTY_*): New.
413 (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
414 (pcsc_vendor_specific_init): New.
415 (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
416 pcsc_vendor_specific_init.
417 (check_pcsc_pinpad): Not detect here but use the result of
418 pcsc_vendor_specific_init.
419 (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.
421 2013-08-29 Jonas Borgström <jonas@borgstrom.se>
423 scd: add support for RSA_CRT and RSA_CRT_N key import.
424 * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
426 2013-08-27 NIIBE Yutaka <gniibe@fsij.org>
428 scd: fix parsing login-data DO.
429 * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing.
431 scd: fix Vega for Alpha reader.
432 * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
435 2013-08-21 Werner Koch <wk@gnupg.org>
437 scd: Make SPRx32 pinpad work with PC/SC on Windows.
438 * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
439 (SCARD_CTL_CODE): Define if not defined.
440 (reader_table_s): Add is_spr532.
441 (new_reader_slot): Clear it.
442 (check_pcsc_pinpad): Set it.
443 (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
445 (cherry picked from commit 5c5e52df4b92e23045ac87abac09357de58920d4)
447 scd: Improve --enable-pinpad-varlen.
448 * tools/gpgconf-comp.c (gc_options_scdaemon): Add
449 enable-pinpad-varlen.
450 * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.
452 (cherry picked from commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b)
454 2013-08-19 Werner Koch <wk@gnupg.org>
458 Require libgpg-error 1.11.
459 * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
460 * common/util.h: Remove GPG_ERR_ replacements.
462 2013-08-19 Jakub Bogusz <qboosh@pld-linux.org>
464 Update the Polish translation.
466 2013-08-19 Werner Koch <wk@gnupg.org>
468 agent: Fix UPDATESTARTUPTTY for ssh.
469 * agent/command-ssh.c (setup_ssh_env): Fix env setting.
471 tests: Make sure not to create files outside the build directory.
472 * tests/openpgp/Makefile.am (./gpg_dearmor): Add option --homedir.
474 gpgv: Init Libgcrypt to avoid syslog warning.
475 * g10/gpgv.c (main): Check libgcrypt version and disable secure
478 2013-08-08 Werner Koch <wk@gnupg.org>
480 agent: Extend cmd KEYINFO to return data from sshcontrol.
481 * agent/command-ssh.c (struct control_file_s): Rename to
483 (ssh_open_control_file, ssh_close_control_file)
484 (ssh_read_control_file, ssh_search_control_file): New.
485 (control_file_t): Rename and move to ...
486 * agent/agent.h (ssh_control_file_t): here.
487 * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
488 and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend
490 (cmd_keyinfo): Add options --ssh-list and --with-ssh.
492 2013-08-06 Werner Koch <wk@gnupg.org>
494 Improve libcurl detection.
495 * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
496 given. Suggested by John Marshall.
498 gpg: Remove legacy keyserver examples from the template conf file.
499 * g10/options.skel: Update.
501 2013-08-02 Werner Koch <wk@gnupg.org>
503 gpg: No need to create a trustdb when encrypting with --always-trust.
504 * g10/gpg.c (main): Special case setup_trustdb for --encrypt.
506 2013-08-01 Werner Koch <wk@gnupg.org>
508 w32: Add code to support a portable use of GnuPG.
509 * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
510 (check_portable_app) [W32]: New.
511 (standard_homedir, default_homedir) [W32]: Support the portable flag.
512 (w32_rootdir, w32_commondir) [W32]: Ditto.
513 (gnupg_bindir) [W32]: Ditto.
515 w32: Always require libiconv.
516 * configure.ac (missing_iconv): Set and die if we have no libiconv.
517 * m4/iconv.m4: Update from libiconv 1.14.
518 * tools/Makefile.am (gpgtar_LDADD): Add LIBICONV.
519 * jnlib/utf8conv.c: Always include iconv.h
520 (load_libiconv): Remove this w32 only function.
521 (iconv_open, iconv, iconv_close): Remove W32 function pointer.
522 (set_native_charset): Do not call load_libiconv.
523 (jnlib_iconv_open, jnlib_iconv, jnlib_iconv_close): Ditto.
525 w32: Remove unused code.
526 * jnlib/w32-reg.c (write_w32_registry_string): Remove.
528 2013-07-03 Werner Koch <wk@gnupg.org>
530 Update the German translation.
532 agent: Make --allow-mark-trusted the default.
533 * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
534 Put this option into the gpgconf-list.
535 (main): Enable opt.allow_mark_trusted by default.
536 * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
537 allow-mark-trusted by no-allow-mark-trusted.
539 * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.
541 Update the German translation.
543 ssh: Add support for Putty.
544 * agent/gpg-agent.c [W32]: Include Several Windows header.
545 (opts): Change help text for enable-ssh-support.
546 (opts, main): Add option --enable-putty-support
547 (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
548 (agent_init_default_ctrl): Add and asssert call.
549 (putty_message_proc, putty_message_thread): New.
550 (handle_connections) [W32]: Start putty message thread.
551 * common/sysutils.c (w32_get_user_sid): New for W32 only
552 * tools/gpgconf-comp.c (gc_options_gpg_agent): Add
553 --enable-ssh-support and --enable-putty-support. Make the
554 configuration group visible at basic level.
555 * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
557 agent: Fix binary vs. text mode problem in ssh.
558 * agent/command-ssh.c (file_to_buffer)
559 (ssh_handler_request_identities): Open streams in binary mode.
560 (start_command_handler_ssh): Factor some code out to ..
561 (setup_ssh_env): new function.
563 Silence deprecated warnings from gcc 4.6.3.
564 * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
566 estream: Backport es_fopemem_init from master.
567 * common/estream.c (es_fopenmem_init): New.
569 2013-07-01 Werner Koch <wk@gnupg.org>
571 ssh: Mark unused arg.
572 * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to
575 ssh: Support ECDSA keys.
576 * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
577 (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
578 (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
579 (ssh_signature_encoder_t): Add arg spec and adjust all callers.
580 (ssh_signature_encoder_ecdsa): New.
581 (sexp_key_construct, sexp_key_extract, ssh_receive_key)
582 (ssh_convert_key_to_blob): Support ecdsa.
583 (ssh_identifier_from_curve_name): New.
584 (ssh_send_key_public): Retrieve and pass the curve_name.
585 (key_secret_to_public): Ditto.
586 (data_sign): Add arg SPEC and change callers to pass it.
587 (ssh_handler_sign_request): Get the hash algo from SPEC.
588 * common/ssh-utils.c (get_fingerprint): Support ecdsa.
590 * agent/protect.c (protect_info): Add flag ECC_HACK.
591 (agent_protect): Allow the use of the "curve" parameter.
592 * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
594 * agent/command-ssh.c (ssh_key_grip): Print a better error code.
596 estream: New function es_fclose_snatch.
597 * common/estream.c (cookie_ioctl_function_t): New type.
598 (es_fclose_snatch): New function.
599 (COOKIE_IOCTL_SNATCH_BUFFER): New constant.
600 (struct estream_internal): Add field FUNC_IOCTL.
601 (es_initialize): Clear FUNC_IOCTL.
602 (es_func_mem_ioctl): New function.
603 (es_fopenmem): Init FUNC_IOCTL.
605 ssh: Rewrite a function for better maintainability.
606 * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
608 ssh: Improve key lookup for many keys.
609 * agent/command-ssh.c: Remove dirent.h.
610 (control_file_s): Add struct item.
611 (rewind_control_file): New.
612 (search_control_file): Factor code out to ...
613 (read_control_file_item): New.
614 (ssh_handler_request_identities): Change to iterate over entries in
617 ssh: Cleanup sshcontrol file access code.
618 * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
619 the direct use of the string.
620 (struct control_file_s, control_file_t): New.
621 (open_control_file, close_control_file): New. Use them instead of
622 using fopen/fclose directly.
624 ssh: Do not look for a card based ssh key if scdaemon is disabled.
625 * agent/command-ssh.c (ssh_handler_request_identities): Do not call
626 card_key_available if the scdaemon is disabled.
628 ssh: Make the mode extension "x" portable by a call to es_fopen.
629 * agent/command-ssh.c (open_control_file): Use_es_fopen to support
632 2013-05-11 Werner Koch <wk@gnupg.org>
634 Fix syntax error for building on APPLE.
635 * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
637 2013-05-10 Werner Koch <wk@gnupg.org>
641 Update gpg-error, libgcrypt, and ksba m4 scripts.
642 * m4/gpg-error.m4: Update from libgpg-error repo.
643 * m4/ksba.m4: Likewise.
644 * m4/libgcrypt.m4: Likewise.
646 2013-05-10 Yuri Chornoivan <yurchor@ukr.net>
648 Update Ukrainian translation.
650 2013-05-07 Werner Koch <wk@gnupg.org>
652 w32: Add icons and version information.
653 * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
654 * agent/gpg-agent-w32info.rc: New.
655 * g10/gpg-w32info.rc: New.
656 * scd/scdaemon-w32info.rc: New.
657 * sm/gpgsm-w32info.rc: New.
658 * tools/gpg-connect-agent-w32info.rc: New.
659 * common/w32info-rc.h.in: New.
660 * configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
661 (BUILD_HOSTNAME): New.
662 (AC_CONFIG_FILES): Add w32info-rc.h.
663 * am/cmacros.am (.rc.o): New rule.
664 * agent/Makefile.am, common/Makefile.am, g10/Makefile.am
665 * scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
666 build resource files.
668 2013-05-07 Ian Abbott <abbotti@mev.co.uk>
670 doc: fix some Texinfo warnings.
671 * doc/gpg.texi: Fix syntax and add missing menu entries.
672 * doc/gpgsm.texi: Fix subsectioning.
674 2013-04-24 Jedi <jedi@jedi.org>
676 Update helper scripts.
677 * compile, config.guess, config.rpath, config.sub, depcomp,
678 * install-sh, mdate-sh, mkinstalldirs: Update to Feb 25 versions from
681 2013-04-24 Joe Hansen <joedalton2@yahoo.dk>
683 Update Danish translation.
686 2013-04-24 Jaime Suarez <jaime.suma@gmail.com>
688 Update Spanish translation.
690 2013-04-24 Werner Koch <wk@gnupg.org>
692 Update de.po and fr.po for keypad->pinpad change.
694 2013-04-24 NIIBE Yutaka <gniibe@fsij.org>
696 scd: Add pinpad support for REINER SCT cyberJack go.
697 * scd/ccid-driver.c (VENDOR_REINER, CYBERJACK_GO): New.
698 (ccid_transceive_secure): Handle the case for VENDOR_REINER.
699 Original work was by Alina Friedrichsen (tiny change).
701 2013-04-23 Werner Koch <wk@gnupg.org>
703 Allow building gpgkeys_ldap with the 32 bit mingw-w64 toolchain.
704 * keyserver/gpgkeys_ldap.c (my_ldap_start_tls_s): Define macro
705 depending on compiler version.
706 (main): Use new macro.
708 2013-04-22 Werner Koch <wk@gnupg.org>
710 Fix potential heap corruption in "gpg -v --version".
711 * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
714 Switch to the new automagic beta numbering scheme.
715 * configure.ac: Add all the required m4 magic.
717 Update docs from master.
718 * doc/gpg-agent.texi: Update from master.
719 * doc/gpg.texi: Ditto.
720 * doc/gpgsm.texi: Ditto.
721 * doc/gpl.texi: Ditto.
722 * doc/yat2m.c: Ditto.
724 Ignore obsolete option --disable-keypad.
725 * scd/scdaemon.c (opts): Ignore --disable-keypad.
727 Allow marking options as ignored.
728 * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
729 (ARGPARSE_TYPE_MASK): New, for internal use.
730 (ARGPARSE_ignore): New.
731 * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
733 (optfile_parse): Implement ARGPARSE_OPT_IGNORE.
734 (arg_parse): Exclide ignore options from --dump-options.
736 Do not mix test result with progress lines.
737 This makes parsing of the results easier. Fixes bug#1400.
739 * tests/openpgp/defs.inc (progress_cancel, progress_end)
741 * tests/openpgp/conventional-mdc.test: Use progress functions
742 * tests/openpgp/conventional.test: Ditto.
743 * tests/openpgp/encrypt-dsa.test: Ditto.
744 * tests/openpgp/encrypt.test: Ditto.
745 * tests/openpgp/sigs.test: Ditto.
747 2013-04-01 NIIBE Yutaka <gniibe@fsij.org>
749 scd: move SCDaemon to libexecdir.
750 * common/homedir.c (gnupg_module_name): It's now libexecdir.
751 * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
752 (bin_PROGRAMS): Remove scdaemon.
754 2013-03-26 NIIBE Yutaka <gniibe@fsij.org>
756 scd: PC/SC status fix.
757 * scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
760 * scd/pcsc-wrapper.c (handle_status): Ditto.
762 scd: PC/SC cleanup (more).
763 * scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
764 (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
767 scd: call update_card_removed only when detecting removal.
768 * scd/command.c (update_reader_status_file): Add condition
771 2013-03-22 NIIBE Yutaka <gniibe@fsij.org>
774 * scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
775 when a word was 16-bit.
776 (struct reader_table_s): Fixes for types.
777 (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
778 Throughout: Fixes for types.
780 * scd/pcsc-wrapper.c: Likewise.
782 2013-03-21 NIIBE Yutaka <gniibe@fsij.org>
784 scd: change default value of pinpad maxlen.
785 * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
786 of maxlen for pinpad input is now 15 (was: 25).
788 * scd/ccid-driver.c (ccid_transceive_secure): Likewise.
790 2013-03-15 NIIBE Yutaka <gniibe@fsij.org>
792 scd: ccid-driver supporting larger APDU.
793 * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
796 2013-03-03 David Shaw <dshaw@jabberwocky.com>
798 Differentiate between success (full or partial), not-found, and failure.
799 * keyserver/gpgkeys_hkp.c (get_key): Use curl_easy_setinfo to get the
800 HTTP status code so we can tell the difference between a successful
801 retrieval, a partial retrieval, a not-found, or a server failed.
803 Emulate curl_easy_getinfo and CURLINFO_RESPONSE_CODE in curl-shim.
804 * keyserver/curl-shim.h, keyserver/curl-shim.c (curl_easy_getinfo):
805 New. Return the HTTP status code for the last transfer.
807 2013-02-28 David Shaw <dshaw@jabberwocky.com>
809 Bring the fix for bug 739 on 1.4 over to 2.0 (bug 1479)
810 * http.h, http.c (http_wait_response, main): Remove
811 HTTP_FLAG_NO_SHUTDOWN.
813 2013-02-12 NIIBE Yutaka <gniibe@fsij.org>
815 Japanese: minor doc update.
816 * doc/help.ja.txt: Update.
818 Japanese: updated po and doc.
819 * doc/help.ja.txt, po/ja.po: Updated.
821 2013-02-08 NIIBE Yutaka <gniibe@fsij.org>
823 scd: Rename 'keypad' to 'pinpad'.
824 * NEWS: Mention scd changes.
826 * agent/divert-scd.c (getpin_cb): Change message.
828 * agent/call-scd.c (inq_needpin): Change the protocol to
829 POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
830 * scd/command.c (pin_cb): Likewise.
832 * scd/apdu.c (struct reader_table_s): Rename member functions.
833 (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
834 check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
835 apdu_pinpad_verify, apdu_pinpad_modify): Rename.
837 * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
838 (apdu_pinpad_verify, apdu_pinpad_modify): Rename.
840 * scd/iso7816.h (iso7816_check_pinpad): Rename.
842 * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
843 (iso7816_check_pinpad): Rename.
844 (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
847 * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
848 * scd/ccid-driver.c (ccid_transceive_secure): Use it.
850 * scd/app-dinsig.c (verify_pin): Follow the change.
851 * scd/app-nks.c (verify_pin): Follow the change.
853 * scd/app-openpgp.c (check_pinpad_request): Rename.
854 (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
857 * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
859 * scd/scdaemon.h (opt): Rename to disable_pinpad,
860 enable_pinpad_varlen.
862 * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
865 2013-02-05 NIIBE Yutaka <gniibe@fsij.org>
867 scd: Fix check_keypad_request.
868 * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
871 * apdu.h (apdu_send_simple_kp): Remove.
872 * apdu.c (apdu_send_simple_kp): Remove.
874 SCD: Add vendor specific initalization.
875 * scd/ccid-driver.c (ccid_vendor_specific_init): New.
876 (ccid_open_reader): Call ccid_vendor_specific_init.
878 SCD: Support P=N format for login data.
879 * scd/app-openpgp.c (parse_login_data): Support P=N format.
881 SCD: Better interoperability.
882 * scd/apdu.c: Fill bTeoPrologue[2] field.
884 SCD: Defaults to use pinpad if the reader has the capability.
885 * scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
886 (parse_login_data): "P=0" means to disable pinpad.
887 (check_keypad_request): Default is to use pinpad if available.
889 SCD: handle keypad request on the card.
890 * scd/app-openpgp.c: Add 2013.
891 (struct app_local_s): Add keypad structure.
892 (parse_login_data): Add parsing keypad request on the card.
893 (check_keypad_request): New.
894 (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
895 to determine use of keypad.
897 SCD: Minor fix of ccid-driver.
898 * scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
900 SCD: Add support of Covadis VEGA_ALPHA reader.
901 * scd/ccid-driver.c: Add 2013.
902 (VENDER_VEGA, VEGA_ALPHA):New.
903 (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
904 Change bNumberMessage to 0x01, as it works better (was: 0xff).
906 SCD: Support fixed length PIN input for keypad (PC/SC).
907 * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
909 (pcsc_keypad_modify): Likewise.
910 * scd/ccid-driver.c (ccid_transceive_secure): Clean up.
912 SCD: Support fixed length PIN input for keypad.
913 * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
914 * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
915 * scd/app-nks.c (verify_pin): Likewise.
916 * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
918 * scd/apdu.c (check_pcsc_keypad): Add comment.
919 (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
920 readers with the feature of variable length input (yet).
921 (apdu_check_keypad): Set FIXEDLEN.
922 * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
924 Support fixed length PIN input for keypad.
926 SCD: API cleanup for keypad handling.
927 * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
928 Change meaning of MODE.
929 (pininfo_t): Rename from iso7816_pininfo_t.
930 * scd/sc-copykeys.c: Include "iso7816.h".
931 * scd/scdaemon.c, scd/command.c: Likewise.
932 * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
933 (ccid_transceive_secure): Follow the change of PININFO_T.
934 * scd/app.c: Include "apdu.h" after "iso7816.h".
935 * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
936 (iso7816_change_reference_data_kp): Follow the change of API.
937 * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
938 KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
939 (check_pcsc_keypad, check_ccid_keypad): Likewise.
940 (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
941 (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
942 (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
943 (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
944 (send_le): Follow the change of API.
945 * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
946 (apdu_keypad_modify): Change the API.
947 * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
950 SCD: Clean up. Remove PADLEN for keypad input.
951 * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
952 (struct reader_table_s): Remove last arg from check_keypad method.
953 (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
954 (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
955 (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
956 (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
959 * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
960 (apdu_keypad_modify): Remove PIN_PADLEN.
962 * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.
964 * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.
966 * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
967 (iso7816_change_reference_data_kp): Remove PADLEN.
969 * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
971 SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
972 * scd/scdaemon.h (opt): Add enable_keypad_varlen.
973 * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
974 (opts, main): Add oEnableKeypadVarlen.
975 * scd/ccid-driver.c (GEMPC_PINPAD): New.
976 (ccid_transceive_secure): Add enable_varlen handling.
979 SCD: Support not-so-smart card readers.
980 * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
981 auto_param, and auto_pps.
982 (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
983 Support non-autoconf readers.
984 (update_param_by_atr): New.
985 (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
986 Use 0x10 when nonnull_nad for SetParameters.
987 Call update_param_by_atr for parsing ATR, and use param for
989 Send PPS if reader requires it and card is negotiable.
990 When bNadValue in the return values of SetParameters == 0,
991 clear handle->nonnull_nad flag.
993 2013-02-04 NIIBE Yutaka <gniibe@fsij.org>
995 SCD: Hold lock for pinpad input.
996 * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
997 (apdu_keypad_modify): Hold lock to serialize communication.
999 agent: kill pinentry by SIGINT, fixing a bug to be killed by SIGINT.
1000 * agent/call-pinentry.c (atfork_cb): Reset signal mask and signal
1001 handler for child process.
1002 (agent_popup_message_stop): Send SIGINT (was: SIGKILL).
1004 2013-01-11 Christian Aistleitner <christian@quelltextlich.at>
1006 gpg: Fix honoring --cert-digest-algo when recreating a cert.
1007 * g10/sign.c (update_keysig_packet): Override original signature's
1008 digest algo in hashed data and for hash computation.
1010 2013-01-07 NIIBE Yutaka <gniibe@fsij.org>
1012 Update Japanese Translation.
1013 * po/ja.po: Fix wrong translations for designated revocation.
1014 Reported by Hideki Saito.
1016 2013-01-03 Werner Koch <wk@gnupg.org>
1018 gpg: Detect Keybox files and print a diagnostic.
1019 * g10/keydb.c (KEYDB_RESOURCE_TYPE_KEYBOX): New.
1020 (keydb_add_resource): Handle scheme "gnupg-kbx:". Detect Keybox
1021 magic. Print wanrning note for Keybox.
1022 (keydb_new, keydb_release, keydb_get_resource_name)
1023 (lock_all, unlock_all, keydb_get_keyblock)
1024 (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
1025 (keydb_locate_writable, keydb_rebuild_caches, keydb_search_reset)
1026 (keydb_search2): Ignore Keybox type in switches.
1027 * g10/gpg.h (G10ERR_UNSUPPORTED): Map to correct gpg-error value.
1029 2012-12-29 NIIBE Yutaka <gniibe@fsij.org>
1031 Update Japanese Translation.
1032 * po/ja.po: Fix terms and expressions.
1034 Update Japanese Translation.
1035 * po/ja.po: Translate all untranslated messages.
1037 2012-12-27 NIIBE Yutaka <gniibe@fsij.org>
1039 Update Japanese Translation.
1040 * po/ja.po: Fix all fuzzy translations. Fill some of unstanslated
1043 Update Japanese Translation.
1044 * po/ja.po: Remove old entries.
1046 Update Japanese Translation.
1047 * po/ja.po: Fix headers. Update by msgmerge -U ja.po gnupg2.pot.
1049 Update Japanese tranlation.
1050 * po/ja.po: Change the encoding to UTF-8 (was: EUC-JP).
1052 2012-12-21 David Shaw <dshaw@jabberwocky.com>
1054 Make sure srvcount is initialized.
1055 * keyserver/gpgkeys_hkp.c (srv_replace): Initialize srvcount.
1057 2012-12-20 Werner Koch <wk@gnupg.org>
1059 gpg: Import only packets which are allowed in a keyblock.
1060 * g10/import.c (valid_keyblock_packet): New.
1061 (read_block): Store only valid packets.
1063 2012-12-19 Werner Koch <wk@gnupg.org>
1065 gpg: Make commit 258192d4 actually work.
1066 * g10/sign.c (update_keysig_packet): Use digest_algo.
1068 gpg: Suppress "public key already present" in quiet mode.
1069 * g10/pkclist.c (build_pk_list): Print two diagnostics only in
1072 2012-12-18 Werner Koch <wk@gnupg.org>
1074 jnlib: Add meta option ignore-invalid-option.
1075 * jnlib/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
1076 (initialize): Init field IIO_LIST.
1077 (ignore_invalid_option_p): New.
1078 (ignore_invalid_option_add): New.
1079 (ignore_invalid_option_clear): New.
1080 (optfile_parse): Implement meta option.
1082 2012-12-18 David Shaw <dshaw@jabberwocky.com>
1084 No point in defaulting try-dns-srv to on if we don't have SRV support.
1085 * keyserver/gpgkeys_hkp.c (main): Only default try-dns-srv to on if we
1086 have SRV support in the first place.
1088 Issue 1447: Pass proper Host header and SNI when SRV is used with curl.
1089 * configure.ac: Check for inet_ntop.
1091 * m4/libcurl.m4: Provide a #define for the version of the curl
1094 * keyserver/gpgkeys_hkp.c (main, srv_replace): Call getaddrinfo() on
1095 each target. Once we find one that resolves to an address (whether
1096 IPv4 or IPv6), pass it into libcurl via CURLOPT_RESOLVE using the
1097 SRV name as the "host". Force the HTTP Host header to be the same.
1099 2012-12-15 David Shaw <dshaw@jabberwocky.com>
1101 Part of issue 1447: Pass proper Host header when SRV is used.
1102 * common/http.c (send_request, connect_server): Set proper Host header
1103 (no :port, host is that of the SRV) when SRV is used in the
1106 Fix issue 1446: honor ports given in SRV responses.
1107 * common/http.c (send_request, connect_server, http_open): Use a
1108 struct srv instead of a single srvtag so we can pass the chosen host
1109 and port back to the caller.
1110 (connect_server): Use the proper port in the HAVE_GETADDRINFO case.
1112 * keyserver/curl-shim.c (curl_easy_perform): Use struct srv and log
1113 chosen host and port.
1115 * keyserver/gpgkeys_hkp.c (main): Properly take the port given by SRV.
1117 2012-12-13 NIIBE Yutaka <gniibe@fsij.org>
1119 SCD: Fix the process of writing key or generating key.
1120 * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
1122 2012-12-07 NIIBE Yutaka <gniibe@fsij.org>
1124 Revert SCD changes of 2010-05-03 (scd/ChangeLog 2010-03-17).
1125 * scd/apdu.c (pcsc_no_service): Remove.
1126 (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
1127 pcsc_no_service support.
1128 (apdu_open_reader): Remove R_NO_SERVICE.
1129 * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
1130 * scd/command.c (reader_disabled): Remove.
1131 (get_reader_slot): Follow the change of R_NO_SERVICE.
1132 (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
1134 * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
1136 Don't keep opening unavailable card reader.
1137 * scd/command.c (update_reader_status_file): Don't call
1140 2012-11-30 David Shaw <dshaw@jabberwocky.com>
1144 2012-11-29 David Shaw <dshaw@jabberwocky.com>
1146 The keyserver search menu should honor --keyid-format.
1147 * keyserver.c (print_keyrec): Honor --keyid-format when getting back
1148 full fingerprints from the keyserver (the comment in the code was
1149 correct, the code was not).
1151 2012-11-27 Werner Koch <wk@gnupg.org>
1153 Fix printing of ECC algo names in hkp keyserver listings.
1154 * g10/misc.c (map_pk_openpgp_to_gcry): New.
1155 * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
1157 2012-11-06 Werner Koch <wk@gnupg.org>
1159 Allow decryption with card keys > 3072 bit.
1160 * scd/command.c (MAXLEN_SETDATA): New.
1161 (cmd_setdata): Add option --append.
1162 * g10/call-agent.c (agent_scd_pkdecrypt): Use new option for long data
1164 * scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
1165 (app_select_openpgp): Store manufacturer.
1166 (do_decipher): Print a note for broken cards.
1168 2012-11-02 NIIBE Yutaka <gniibe@fsij.org>
1170 agent: Fix wrong use of gcry_sexp_build_array.
1171 * findkey.c (agent_public_key_from_file): Fix use of
1172 gcry_sexp_build_array.
1174 2012-10-31 NIIBE Yutaka <gniibe@fsij.org>
1176 SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
1177 * scd/apdu.c (PCSC_E_NO_SERVICE): New.
1178 (open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
1179 (open_pcsc_reader_wrapped): Set pcsc_no_service.
1181 2012-08-24 Werner Koch <wk@gnupg.org>
1183 Update French translation.
1186 2012-08-24 David Prévot <taffit@debian.org>
1188 Fix typos spotted during translations.
1189 agent/genkey.c: s/to to/to/
1190 sm/*.c: s/failed to allocated/failed to allocate/
1191 sm/certlist.c: s/should have not/should not have/
1195 * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
1197 Actually show translators comments in PO files.
1199 Keep previous msgids of translated messages.
1200 * po/Makefile.in.in: Use --previous with msgmerge.
1202 2012-07-20 NIIBE Yutaka <gniibe@fsij.org>
1204 scd: Add forgotten VENDOR_FSIJ to ccid-driver.
1205 * scd/ccid-driver.c (ccid_transceive_secure): Handle VENDOR_FSIJ.
1207 2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
1209 scd: handle reader/token removal. * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means SW_HOST_NO_READER.
1211 scd: Fix updating slot status. * scd/comman.c (do_reset): Let clear card_removed flag.
1213 scd: acquire lock in new_reader_slot.
1214 * scd/apdu.c (new_reader_slot): Acquire lock.
1215 (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
1216 (open_ccid_reader, open_rapdu_reader): Release lock.
1218 scd: move lock_slot, trylock_slot, unlock_slot functions.
1219 * scd/apdu.c (lock_slot, trylock_slot, unlock_slot): Move.
1221 scd: Fix merge mistake. * scd/iso7816.c (iso7816_reset_retry_counter): Implement.
1223 2012-06-25 Werner Koch <wk@gnupg.org>
1225 scd: Prefer application Geldkarte over DINSIG.
1226 * scd/app.c (select_application): Reorder application tests.
1228 2012-06-25 Werner Koch <wk@gnupg.org>
1229 Ben Kibbey <bjk@luxsci.net>
1231 scd: Fix for card change returning GPG_ERR_CARD_RESET.
1232 * scd/apdu.c (apdu_connect): Do not test for zero atrlen.
1234 2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
1236 Merge ccid_driver_improvement branch. (backport)
1237 * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
1238 (open_ccid_reader): Use ccid_keypad_operation for verify and modify.
1240 * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
1241 (ccid_transceive_apdu_level): Permit sending packet where
1242 apdulen <= 289. Support receiving packets in a chain.
1243 (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
1244 Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
1246 Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
1247 * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
1248 (pcsc_keypad_modify): Likewise.
1250 Fix pinpad input support for passphrase modification. (backport)
1251 * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
1252 (pcsc_keypad_modify): Likewise.
1253 (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
1254 bConfirmPIN value is determined by the parameter p0.
1256 * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
1257 reset_mode is on, or resetcode is on. use_keypad only makes sense for
1258 iso7816_change_reference_data_kp.
1260 * iso7816.h (iso7816_put_data_kp): Remove.
1261 (iso7816_reset_retry_counter_kp): Remove.
1262 (iso7816_reset_retry_counter_with_rc_kp): Remove.
1263 (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
1265 * iso7816.c (iso7816_put_data_kp): Remove.
1266 (iso7816_reset_retry_counter_kp): Remove.
1267 (iso7816_reset_retry_counter_with_rc_kp): Remove.
1268 (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
1270 scd: Fix pinpad input support (backport from master)
1271 * app-openpgp.c (do_change_pin): Fix pincb messages when
1274 scd: PC/SC pinpad support (pinpad input for modify pass phrase). (backport)
1275 * iso7816.h (iso7816_change_reference_data_kp): Remove arguments
1276 of OLDCHV, OLDCHVLEN, NEWCHV, and NEWCHVLEN.
1278 * iso7816.c (iso7816_change_reference_data_kp): Call
1280 (iso7816_change_reference_data): Don't call
1281 iso7816_change_reference_data_kp.
1283 * apdu.h (apdu_keypad_modify): New.
1285 * apdu.c (pcsc_keypad_modify, apdu_keypad_modify): New.
1286 (struct reader_table_s): New memeber function keypad_modify.
1287 (new_reader_slot, open_ct_reader, open_ccid_reader)
1288 (open_rapdu_reader): Initialize keypad_modify.
1290 * app-openpgp.c (do_change_pin): Handle keypad and call
1291 iso7816_change_reference_data_kp if it is the case.
1293 scd: PC/SC pinpad support. (Backported from master.)
1294 * iso7816.h (iso7816_verify_kp): Remove arguments of CHV and CHVLEN.
1296 * iso7816.c (iso7816_verify_kp): Call apdu_keypad_verify. Only
1297 handle thecase with PININFO.
1298 (iso7816_verify): Call apdu_send_simple.
1300 * app-openpgp.c (verify_a_chv, verify_chv3): Follow the change of
1303 * app-nks.c (verify_pin): Likewise.
1305 * app-dinsig.c (verify_pin): Likewise.
1307 * apdu.c: Include "iso7816.h".
1308 (struct reader_table_s): New memeber function keypad_verify.
1309 Add fields verify_ioctl and modify_ioctl in pcsc.
1310 (CM_IOCTL_GET_FEATURE_REQUEST, FEATURE_VERIFY_PIN_DIRECT)
1311 (FEATURE_MODIFY_PIN_DIRECT): New.
1312 (pcsc_control): New.
1313 (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
1314 (check_pcsc_keypad, pcsc_keypad_verify): New.
1315 (ccid_keypad_verify, apdu_keypad_verify): New.
1316 (new_reader_slot): Initialize with check_pcsc_keypad,
1317 pcsc_keypad_verify, verify_ioctl and modify_ioctl.
1318 (open_ct_reader): Initialize keypad_verify with NULL.
1319 (open_ccid_reader): Initialize keypad_verify.
1320 (open_rapdu_reader): Initialize keypad_verify with NULL.
1321 (apdu_open_reader): Initialize pcsc_control.
1323 * pcsc-wrapper.c (load_pcsc_driver): Initialize pcsc_control.
1324 (handle_control): New.
1325 (main): Handle the case 6 of handle_control.
1328 * scd/apdu.c (open_pcsc_reader_wrapped): Show error number.
1330 * scd/command.c (get_reader_slot): Return -1 on error.
1332 scd: Fix the changes of scd/command.c.
1333 * scd/command.c (do_reset): Assign slot after setting slot_table.
1335 2012-06-25 Werner Koch <wk@gnupg.org>
1337 scd: Fix resetting and closing of the reader. (Backported by gniibe)
1338 * scd/command.c (update_card_removed): Do no act on an invalid VRDR.
1339 (do_reset): Ignore apdu_reset error codes for no and inactive card.
1340 Close the reader before setting the slot to -1.
1341 (update_reader_status_file): Notify the application before closing the
1344 scd: Retry command SERIALNO for an inactive card.
1345 * scd/command.c (cmd_serialno): Retry once for an inactive card.
1347 Fix detection of card removal and insertion.
1348 * scd/apdu.c (apdu_connect): Return status codes for no card available
1350 * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
1351 (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
1353 Support the Cherry ST-2000 card reader.
1354 * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
1355 (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
1356 (parse_ccid_descriptor): Use them.
1357 (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
1358 ST-2000. Suggested by Matthias-Christian Ott.
1360 2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
1362 fix wLangId in ccid-driver.c.
1364 2012-05-24 Werner Koch <wk@gnupg.org>
1366 Add provisions to build with Libgcrypt 1.6.
1367 Replace gcry_md_start_debug by gcry_md_debug in all files.
1369 * agent/gpg-agent.c (fixed_gcry_pth_init): Use only if
1370 GCRY_THREAD_OPTION_VERSION is 0
1371 * scd/scdaemon.c (fixed_gcry_pth_init): Ditto.
1373 Print the hash algorithm in colon mode key listing.
1374 * g10/keylist.c (list_keyblock_colon): Print digest_algo.
1376 2012-05-08 Werner Koch <wk@gnupg.org>
1378 common: Remove generated files only during maintainer-clean.
1379 * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
1381 Fix copyright years.
1382 * scripts/git-log-footer: Add more years; we actually published the
1385 2012-03-30 Werner Koch <wk@gnupg.org>
1387 Cast second value of a ?: to void in estream.c.
1388 * common/estream.c (ESTREAM_MUTEX_LOCK): Cast pth_mutex_acquire result
1389 to void. Some compilers choke on mixing void and int in an
1390 conditional operator. Reported by Nelson H. F. Beebe.
1392 2012-03-27 Werner Koch <wk@gnupg.org>
1396 Update zh_TW translation.
1398 Update config.{sub,guess} to version 2012-02-10.
1399 * scripts/config.guess, scripts/config.sub: Update.
1401 Update texinfo source from master.
1402 * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
1403 * doc/scdaemon.texi, doc/tools.texi: Update.
1404 * doc/yat2m.c: Update.
1406 Add target to update the texinfo files from master.
1407 * doc/Makefile.am (update-source): New.
1409 2012-03-26 Werner Koch <wk@gnupg.org>
1411 Fix make rules for audit-events.h et al.
1412 * common/Makefile.am (audit-events.h, status-codes.h): Fix target file
1415 Update samplekeys and NEWS.
1416 * doc/samplekeys.asc: Update.
1418 Allow compressed data with algorithm 0.
1419 * g10/mainproc.c (proc_compressed): Remove superfluous check for
1420 an algorithm number of 0. This is bug#1326.
1422 2012-02-01 David Shaw <dshaw@jabberwocky.com>
1424 Honor --cert-digest-algo when recreating a cert.
1425 * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
1428 This is used by various things in --edit-key like setpref, primary,
1429 etc. Suggested by Christian Aistleitner.
1431 2012-01-31 Werner Koch <wk@gnupg.org>
1433 Update copyright year.
1435 Require an installed gitlog_to_changelog for make dist.
1436 * scripts/gitlog-to-changelog: Remove.
1437 * Makefile.am (GITLOG_TO_CHANGELOG): New.
1438 (gen-ChangeLog): Use it. Add set -e.
1440 Add Ukrainian translation.
1442 * po/LINGUAS: Add uk.po.
1444 estream: Avoid printing leading zeroes by %p on 32 bit systems.
1445 * common/estream-printf.c (pr_pointer): Synchronize definition of
1446 AULONG with its use.
1448 gpg: Add a DECRYPTION_INFO status.
1449 * common/status.h (STATUS_DECRYPTION_INFO): New.
1450 * g10/encr-data.c: Include status.h.
1451 (decrypt_data): Emit STATUS_DECRYPTION_INFO line.
1453 2012-01-20 Werner Koch <wk@gnupg.org>
1455 Do not copy default merge commit log entries into the ChangeLog.
1456 * scripts/gitlog-to-changelog: Skip merge commits.
1458 Add files to .gitignore.
1460 2012-01-20 David Shaw <dshaw@jabberwocky.com>
1462 Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
1463 * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
1465 * g10/trustdb.c (check_trustdb_stale): Request a rebuild if
1466 pending_check_trustdb is true (set when we detect a trustdb
1467 parameter has changed).
1469 * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
1470 listing for min_cert_level not matching.
1472 * g10/tdbio.c (tdbio_update_version_record, create_version_record,
1473 tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
1474 tdbio_write_record): Add a byte for min_cert_level in the tdbio
1477 2012-01-11 David Shaw <dshaw@jabberwocky.com>
1479 Refresh sample keys.
1481 2012-01-03 Werner Koch <wk@gnupg.org>
1483 Terminate csh commands with a semicolon.
1486 * agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
1487 * scd/scdaemon.c: Ditto.
1489 2011-12-28 David Shaw <dshaw@jabberwocky.com>
1491 Use the longest key ID available when talking to a HKP server.
1492 This is issue 1340. Now that PKSD is dead, and SKS supports long key
1493 IDs, this is safe to do. Patch from Daniel Kahn Gillmor
1494 <dkg@fifthhorseman.net>.
1496 2011-12-15 David Shaw <dshaw@jabberwocky.com>
1498 Merge fix for issue 1331 from 1.4.
1499 * photoid.c (generate_photo_id): Check for the JPEG magic numbers
1500 instead of JFIF since some programs generate an EXIF header first.
1502 2011-12-02 Werner Koch <wk@gnupg.org>
1504 Generate the ChangeLog from commit logs.
1505 * scripts/gitlog-to-changelog: New script. Taken from gnulib.
1506 * scripts/git-log-fix: New file.
1507 * scripts/git-log-footer: New file.
1508 * scripts/git-hooks/commit-msg: New script.
1509 * autogen.sh: Install commit-msg hook for git.
1510 * doc/HACKING: Describe the ChangeLog policy.
1511 * ChangeLog: New file.
1512 * Makefile.am (EXTRA_DIST): Add new files.
1513 (gen-ChangeLog): New.
1514 (dist-hook): Run gen-ChangeLog.
1516 Rename all ChangeLog files to ChangeLog-2011.
1518 2011-12-01 Werner Koch <wk@gnupg.org>
1520 NB: Changes done before December 1st, 2011 are described in
1521 per directory files named ChangeLog-2011. See doc/HACKING for
1525 Copyright (C) 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
1526 2005, 2006, 2007, 2008, 2009, 2010, 2011,
1527 2012 Free Software Foundation, Inc.
1529 Copying and distribution of this file and/or the original GIT
1530 commit log messages, with or without modification, are
1531 permitted provided the copyright notice and this notice are