-2021-10-12 Werner Koch <wk@gnupg.org>
-
- Release 2.3.3.
- + commit 9470d0338364b781d701ad8e81972c782b48aa2d
-
-
- speedo: Put the keyboxd into the Windows installer.
- + commit 10f52f9bf3bcc6cf29835c2f11ea91ab0d5e7cdc
- * build-aux/speedo/w32/inst.nsi: Install keyboxd.
- * Makefile.am (sign-release): Sign the wixlib only if generated.
- * autogen.rc: Remove meanwhile obsolete option --with-regex.
-
- tests: New way to make use of gpgconf.ctl in tests.
- + commit bcd5feec0e916b864d004a47f36a41e2eba3b10e
- * Makefile.am (all-local): New to setup symlinks.
- (distclean-local): New.
- * tests/Makefile.am: Remove the gpgconf related targets. Just keep
- gpgconf.ctl.in in EXTRA_DIST
- * tests/cms/Makefile.am (GNUPG_BUILD_ROOT):
- * tests/gpgme/Makefile.am (GPGSCM_PATH):
- * tests/openpgp/Makefile.am (GNUPG_BUILD_ROOT):
- * tests/pkits/Makefile.am (GNUPG_BUILD_ROOT):
- * tests/tpm2dtests/defs.scm (tools): Revert to the former values.
- * tests/openpgp/defs.scm (tools): Ditto.
-
-2021-10-10 Werner Koch <wk@gnupg.org>
-
- Do not build keyxboxd if sqlite has been disabled.
- + commit cf29c7dec0e845040a71aac383ee9f1dda901590
- * configure.ac: Move clearing of build_keyboxd out of the conditional.
-
-2021-10-06 Ingo Klöcker <dev@ingo-kloecker.de>
-
- common: Respect gpgconf.ctl when looking up translations.
- + commit e99b9890c28dae491653279791e52771be866188
- * common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
- (i18n_localegettext): Ditto.
- * tools/gpgconf-comp.c (my_dgettext): Ditto.
-
-2021-10-06 Werner Koch <wk@gnupg.org>
-
- dirmngr: New option --ignore-cert.
- + commit 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
- * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
- (opt): Add field ignored_certs.
- * dirmngr/dirmngr.c: Add option --ignore-cert
- (parse_rereadable_options): Handle that option.
- (parse_ocsp_signer): Rename to ...
- (parse_fingerprint_item): this and add two args.
- * dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
- Change callers to handle the new error return.
-
- dirmngr: Fix Let's Encrypt certificate chain validation.
- + commit 68799378859739887549108bf765568ccbc328bc
- * dirmngr/certcache.c (find_cert_bysubject): Return the first trusted
- certififcate if any.
-
-2021-10-05 NIIBE Yutaka <gniibe@fsij.org>
-
- agent,dirmngr,kbx,scd,tpm2d: Use gnupg_sleep.
- + commit 3918fa1a9488d56040d43e4af1254f9564266513
- * agent/findkey.c (unprotect): Use gnupg_sleep.
- * agent/gpg-agent.c (handle_connections): Likewise.
- * dirmngr/crlfetch.c (handle_connections): Likewise.
- * kbx/keyboxd.c (handle_connections): Likewise.
- * tpm2d/tpm3daemon.c (handle_connections): Likewise.
- * scd/scdaemon.c (handle_connections): Likewise.
- * scd/command.c (cmd_lock): Likewise.
- * dirmngr/ldap-wrapper.c (ldap_reaper_thread): Likewise.
- (ldap_wrapper_wait_connections): Use gnupg_usleep.
-
- agent: Fix calibrate_get_time use of clock_gettime.
- + commit eeb25df6f8fc1e3cf18ec5578445f8fc281e41bc
- * agent/protect.c (USE_CLOCK_GETTIME): New macro.
- (calibrate_get_time): Only use clock_gettime if USE_CLOCK_GETTIME.
-
-2021-10-01 Werner Koch <wk@gnupg.org>
-
- tests: Use the new gpgconf.ctl based method.
- + commit 84fcd8e6eb7e0786399e1f6461c3f60b0db2d070
- * tests/openpgp/defs.scm: We expect that stuff is now installed.
- (tools): Fix the names.
- (intsalled?, bin-prefix): Remove.
- (tool-hardcoded): Simplify.
- (gpg-conf'): Simplify.
- (GNUPG_BUILDDIR): Do not anymore set this envvar.
- * tests/tpm2dtests/defs.scm: Ditto.
-
- build: Prepare for using installed versions for tests.
- + commit 399ebf6d873d4178c1d527aa4df34bf16a76360e
- * tests/gpgconf.ctl.in: New.
- * tests/Makefile.am (EXTRA_DIST): Add new file.
- (TESTINST_DIRS): New.
- (clean-local): New.
- (clean-local-testinst): New.
- (check-recursive): New hook.
- (bin/gpgconf.ctl): Run a test install.
- * tests/cms/Makefile.am (TESTS_ENVIRONMENT): Set new envvar
- GNUPG_BUILD_ROOT.
- * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto.
- * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto.
- * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto.
- * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto.
-
- common: Support gpgconf.ctl also for BSDs.
- + commit dbe1b237a6525585b36ed84c8634d6436dddaad1
- * common/homedir.c (MYPROC_SELF_EXE): New.
- (unix_rootdir): Use it here. Also support GNUPG_BUILD_ROOT as
- fallback.
-
- common: Add keyword sysconfdir to the optional gpgconf.ctl file.
- + commit ec847cf17fa85b8684e88ccf04c6d4c75d59c3ba
- * common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
- (gnupg_sysconfdir): Return it.
-
-2021-09-30 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Let it include keybox.h to avoid multiple typedefs.
- + commit ca54d3f148933baac1f0243f76e4961abca285b1
- * kbx/backend.h: Include keybox.h.
-
-2021-09-29 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Handle backsig for v5 signature.
- + commit dd2e092339627c03cd0f506f3ef1be3e98d5ff83
- * g10/getkey.c (merge_selfsigs_subkey): Check v5 signature correctly.
-
- gpg: Ed448 and X448 are only for v5 (for subkey).
- + commit 86cb04a23d2b0849cf684238d6d704aa45293214
- * g10/keygen.c (generate_subkeypair): Specify
- KEYGEN_FLAG_CREATE_V5_KEY for Ed448 or X448 key.
-
-2021-09-28 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: A 20 byte fingerprint is right filled in version 2 blob.
- + commit 08a3a4db27dcc3d50038cf5bdba94a6f0b548b01
- * kbx/keybox-blob.c (create_blob_header): Fix creating FPR20 key
- in blob with 32-byte fingerprint.
-
- gpg: Skip the packet when not used for AEAD.
- + commit cc6152b802f2ab0ceaf3abb20caef6f7d806ffa3
- * g10/free-packet.c (free_packet): Add the case for case
- PKT_ENCRYPTED_AEAD.
-
-2021-09-20 Ingo Klöcker <dev@ingo-kloecker.de>
-
- build: Fix several "include file not found" problems.
- + commit e2069d563283ab295858d33a250f229aab240f75
- * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS.
- * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add
- NPTH_CFLAGS.
- * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS,
- gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS.
-
-2021-09-20 giomba <giomba@linux.it>
-
- po: Fixed Italian translation for key expiration.
- + commit 548ff0398353c106f4e361a46818cd1716b825b8
- * po/it.po: Fix italian translation.
-
-2021-09-17 Werner Koch <wk@gnupg.org>
-
- common: Support a gpgconf.ctl file under Unix.
- + commit d4768bb982adb5c8410303334ee8d82ba0d71f3b
- * common/homedir.c (unix_rootdir): New.
- (gnupg_bindir): Use it.
- (gnupg_libexecdir): Use it.
- (gnupg_libdir): Use it.
- (gnupg_datadir): Use it.
- (gnupg_localedir): Use it.
-
- common: New function substitute_envvars.
- + commit 9c272dc245456d5403e3bd50553b4fdccb370e27
- * common/stringhelp.c (substitute_envvars): New. Based on code in
- gpg-connect-agent.
- * common/t-stringhelp.c: Include sysutils.h.
- (test_substitute_envvars): New.
-
-2021-09-14 Werner Koch <wk@gnupg.org>
-
- gpg: Print a warning when importing a bad cv25519 secret key.
- + commit dbfb7f809b89cfe05bdacafdb91a2d485b9fe2e0
- * g10/import.c (transfer_secret_keys): Add simple check.
-
-2021-09-13 Werner Koch <wk@gnupg.org>
-
- common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
- + commit f2b01025c3da97068b699c1f51309e18730a4bdb
- * common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
- breakaway messages and turn them again into debug messages.
-
-2021-09-09 Werner Koch <wk@gnupg.org>
-
- sm: Add LotW support to the key listing.
- + commit 255d4d5815d00f8d1b45d93cc617c49d375e891b
- * sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
- * sm/keylist.c (oidtranstbl): Some more OIDs.
-
-2021-09-08 Ingo Klöcker <dev@ingo-kloecker.de>
-
- build: Fix "ksba.h not found" problem.
- + commit 08f227052fa3cc7089829a3b2ab8c4dda990b05b
- * sm/Makefile.am (t_minip12_CFLAGS): Add KSBA_CFLAGS.
-
-2021-09-07 Werner Koch <wk@gnupg.org>
-
- agent: Fix segv in GET_PASSPHRASE (regression)
- + commit af3b1901549baa8fbe8140d9fa75a4a2b7a77a7e
- * agent/command.c (cmd_get_passphrase): Do not deref PI. PI is always
- NULL.
-
-2021-08-27 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Fix checksum computation for no UBID entry on disk.
- + commit 0b64c27446c6f17f9c108e0fa95639db12d376ff
- * kbx/keybox-blob.c (create_blob_header): Fix the flag to match no
- UBID entry,
- (create_blob_finish): Fix the length of data to be hashed.
-
- common: Fix put_membuf.
- + commit f271c6916469c0054c143adb4cee0588866a2a61
- * common/membuf.c (put_membuf): Allow NULL for the second arg.
-
-2021-08-26 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix get_signal_name for GNU/Linux.
- + commit c4ba712736ddeda66055567874d573e79d22666b
- * common/signal.c (get_signal_name): Use sigdescr_np if available.
- * configure.ac: Check the function.
-
-2021-08-24 Werner Koch <wk@gnupg.org>
-
- Release 2.3.2.
- + commit 3bf8d7e1b7e0482f698b54a6975bdd9aa354244e
-
-
- dirmngr: Change the default keyserver.
- + commit 55b5928099bafbd5409d3377a42259c11e394cd0
- * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
- keyserver.ubuntu.com.
-
- * dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
- * dirmngr/http.c (http_session_new): Ditto.
-
- * dirmngr/server.c (make_keyserver_item): Use a different mapping for
- the gnupg.net names.
-
-2021-08-24 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Report the status of NO_SECKEY for decryption.
- + commit 3ed5f566fc057975d0158bb637c72bd118aba7f8
- * g10/mainproc.c (proc_encrypted): Fix the condition to report
- NO_SECKEY even when the key was not considered by get_session_key.
-
-2021-08-20 Werner Koch <wk@gnupg.org>
-
- wkd: Properly unescape the user-id from a key listing.
- + commit 87d238de3d9d537cacc9dd3c6d954845203ea2cb
- * tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
-
- wkd: Fix client issue with leading or trailing spaces in user-ids.
- + commit b4345f7521cb4c3f4af7894f5d6d840fda85e82f
- * common/recsel.c (recsel_parse_expr): Add flag -t.
- * common/stringhelp.c: Remove assert.h.
- (strtokenize): Factor code out to do_strtokenize.
- (strtokenize_nt): New.
- (do_strtokenize): Add arg trim to support the strtokenize_nt.
- * common/t-stringhelp.c (test_strtokenize_nt): New test cases.
-
- * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel
- flag -t.
-
-2021-08-20 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Don't release the context until list_finish for PC/SC.
- + commit 1565baa93ae39a81c5b00ca4558cd24838b4ce54
- * scd/apdu.c (apdu_dev_list_start): Increment PCSC.COUNT here.
- (apdu_dev_list_finish): Decrement PCSC.COUNT.
-
-2021-08-19 Werner Koch <wk@gnupg.org>
-
- gpg: Return SUCCESS/FAILURE status also for --card-edit/name.
- + commit c1a23c3664753656bd4d22aafe0fb89d9bac5147
- * g10/card-util.c (change_name): Call write_sc_op_status.
-
-2021-08-18 Werner Koch <wk@gnupg.org>
-
- agent: Use the sysconfdir for a pattern file.
- + commit 661c2ae96699e135294cfd98e1fbc385d35f5f0e
- * agent/genkey.c (do_check_passphrase_pattern): Use make_filename.
-
- agent: Ignore passphrase constraints for a generated passphrase.
- + commit b89b1f35c29ceaebe39b31444936aa66c9297f2c
- * agent/agent.h (PINENTRY_STATUS_PASSWORD_GENERATED): New.
- (MAX_GENPIN_TRIES): Remove.
- * agent/call-pinentry.c (struct entry_parm_s):
- (struct inq_cb_parm_s): Add genpinhash and genpinhas_valid.
- (is_generated_pin): New.
- (inq_cb): Suppress constraints checking for a generated passphrase.
- No more need for several tries to generate the passphrase.
- (do_getpin): Store a generated passphrase/pin in the status field.
- (agent_askpin): Suppress constraints checking for a generated
- passphrase.
- (agent_get_passphrase): Ditto.
- * agent/command.c (cmd_get_passphrase): Ditto.
-
- agent: Improve the GENPIN callback.
- + commit 8ed79103474c17d8dce20c740fc9813ada5f79ac
- * agent/call-pinentry.c (DEFAULT_GENPIN_BYTES): Replace by ...
- (DEFAULT_GENPIN_BITS): this and increase to 150.
- (generate_pin): Make sure that we use at least 128 bits.
-
- agent: Fix for zero length help string in pinentry hints.
- + commit 9fb646660258c2842edd6662688eafbc8d751ba7
- * agent/call-pinentry.c: Remove unused assert.h.
- (inq_cb): Fix use use of assuan_end_confidential in case of nested
- use.
- (do_getpin): Ditto.
- (setup_formatted_passphrase): Escape the help string.
- (setup_enforced_constraints): Ignore empty help strings.
-
- common,w32: Replace log_debug by log_info for InProcessJobs.
- + commit 629f4a5cffb737454aaf6a5965cfb6d7b03796fc
- * common/exechelp-w32.c (gnupg_spawn_process_detached): Use log_info.
-
-2021-08-13 Werner Koch <wk@gnupg.org>
-
- agent: Make QT_QPA_PLATFORMTHEME=qt5ct work for the pient.
- + commit 1305baf0994059f458b1d5ca28a355c12932fab3
- * agent/call-pinentry.c (atfork_core): Pass DISPLAY.
-
- agent: New option --check-sym-passphrase-pattern.
- + commit 7c45a69eb988e9c0329d75900af0c5b1e47291b7
- * agent/gpg-agent.c (oCheckSymPassphrasePattern): New.
- (opts): Add --check-sym-passphrase-pattern.
- (parse_rereadable_options): Set option.
- (main): Return option info.
- * tools/gpgconf-comp.c: Add new option.
- * agent/agent.h (opt): Add var check_sym_passphrase_pattern.
- (struct pin_entry_info_s): Add var constraints_flags.
- (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1.
- (CHECK_CONSTRAINTS_NEW_SYMKEY): New.
- * agent/genkey.c (check_passphrase_pattern): Rename to ...
- (do_check_passphrase_pattern): this to make code reading
- easier. Handle the --check-sym-passphrase-pattern option.
- (check_passphrase_constraints): Replace arg no_empty by a generic
- flags arg. Also handle --check-sym-passphrase-pattern here.
- * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass
- CHECK_CONSTRAINTS_NEW_SYMKEY flag.
- * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags.
- (struct inq_cb_parm_s): New.
- (inq_cb): Use new struct for parameter passing. Pass flags to teh
- constraints checking.
- (do_getpin): Pass constraints flag down.
- (agent_askpin): Take constrainst flag from the supplied pinentry
- struct.
-
-2021-08-12 Ingo Klöcker <dev@ingo-kloecker.de>
-
- agent: Make --pinentry-formatted-passphrase a simple flag.
- + commit 99601778f4a9dc1c9fee792361c959f5e0732cfd
- * agent/agent.h (opt): Change type of pinentry_formatted_passphrase
- to int (as for other flags).
- * agent/call-pinentry.c (setup_formatted_passphrase): Remove no longer
- needed translated strings. Write option without value to Assuan
- connection.
- * agent/gpg-agent.c (opts): Use ARGPARSE_s_n for
- oPinentryFormattedPassphrase.
- (parse_rereadable_options): Set option to 1.
-
-2021-08-11 Werner Koch <wk@gnupg.org>
-
- w32: Move socketdir to LCOAL_APPDATA.
- + commit 0802cbb59b21e06e16b4fd8596934c5565e7f659
- * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir
- instead of the constant which makes a difference on Windows.
- (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA.
- (gnupg_cachedir): Remove unsued function.
-
- * common/sysutils.c (gnupg_rmdir): New.
- * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/.
-
- gpgconf,w32: Print more registry diagnostics with --list-dirs.
- + commit 4cc534020669fa038f6a2107a55fe3b42fc065dc
- * tools/gpgconf.c (list_dirs): Figure out classes with the key.
-
-2021-08-10 Ingo Klöcker <dev@ingo-kloecker.de>
-
- agent: Add checkpin inquiry for pinentry.
- + commit 5976d293ef9bd953b6e9c61a45ad1f4e85a2743c
- * agent/call-pinentry.c (inq_cb): Handle checkpin inquiry.
- (setup_enforced_constraints): New.
- (agent_get_passphrase): Call setup_enforced_constraints if new
- passphrase is requested.
-
- agent: New option --pinentry-formatted-passphrase.
- + commit bf20a80f68449cc83b67c53ba9a0a84c45827ac4
- * agent/agent.h (opt): Add field pinentry_formatted_passphrase.
- * agent/call-pinentry.c (setup_formatted_passphrase): New.
- (agent_get_passphrase): Pass option to pinentry.
- * agent/gpg-agent.c (oPinentryFormattedPassphrase): New.
- (opts): Add option.
- (parse_rereadable_options): Set option.
-
-2021-08-05 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Simplify for string.h and getopt.h.
- + commit 29d58e9de7838bcf32e358602abd4ed4498566f8
- * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
- * dirmngr/ks-engine-ldap.c: Remove including getopt.h.
- * tools/make-dns-cert.c: Likewise.
-
- sm: Fix pwri.
- + commit 100c954ab0d6df509df582cb22ef515171462654
- * sm/decrypt.c (pwri_parse_pbkdf2): Use int for digest algo.
- (pwri_decrypt): Use int for cipher algo and digest algo.
-
- build: Remove duplication of AC_HEADER_TIME.
- + commit 3f33c7ffcca09d4252d0418fdc2d31c0c8e486f4
- * configure.ac: Have a single AC_HEADER_TIME.
-
- build: Update checking headers.
- + commit a89f13726d08413d4bddcb6afed402de1de9e4fd
- * configure.ac (AC_CHECK_HEADERS): Remove pty.h utmp.h, util.h,
- and libutil.h.
-
-2021-08-02 Ingo Klöcker <dev@ingo-kloecker.de>
-
- common: Pass XDG_SESSION_TYPE and QT_QPA_PLATFORM envvars to pinentry.
- + commit 94d18320b2b0bb5e3fa2023df8ac57078b2f6ecb
- * common/session-env.c (stdenvnames): Add XDG_SESSION_TYPE and
- QT_QPA_PLATFORM.
-
-2021-07-29 Werner Koch <wk@gnupg.org>
-
- sm,w32: Fix Unicode problem on key box creation.
- + commit 7cdd06af479298748c79357dcb36ca1ba4d36bb1
- * sm/keydb.c (maybe_create_keybox): Replace access by gnupg_access
-
- tools: Extend gpg-check-pattern.
- + commit 73c03e02322880c740310207dd2151cfd843792e
- * tools/gpg-check-pattern.c: Major rewrite.
-
-2021-07-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Small clean up for card access.
- + commit 5c8124b8b9554c7843feccf408648c9689bce243
- * scd/app.c (app_get_challenge): Remove the check to ref_count.
- * scd/command.c (send_client_notifications): Update comments.
-
- scd: Fix direct use of card with no ctrl->card_ctx.
- + commit 50ad29f9a72f5454067bd0ca34fc1a71ac06b831
- * scd/app.c (maybe_switch_app): Remove check of ref_count.
-
-2021-07-21 Ingo Klöcker <dev@ingo-kloecker.de>
-
- agent: Add translatable text for Caps Lock hint.
- + commit b2a6e5b5169602052ae87d38588bdd3bd76fddad
- * agent/call-pinentry.c (start_pinentry): Add new default text.
-
-2021-07-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix access to list of cards (3/3).
- + commit 0d6b4210cf31d1c3ca0e8b034537a158fe3caca8
- * scd/app-common.h (card_reset): Simplify more.
- (select_additional_application): Supply CARD.
- (card_ref, card_unref): Remove.
- (card_get, card_put): New.
- * scd/app.c (card_reset): No locking/unlocking inside.
- (app_switch_current_card): Fix comment.
- (select_additional_application): No locking/unlocking inside.
- (do_with_keygrip): New, unlocked version.
- (card_get): New, with support of KEYGRIP.
- (card_unref): Remove.
- (card_put): New.
- (app_write_learn_status, app_readcert: No locking/unlocking inside.
- (app_readkey, app_getattr, app_setattr, app_sign, app_auth): Likewise.
- (app_decipher, app_writecert, app_writekey): Likewise.
- (app_genkey, app_get_challenge, app_change_pin): Likewise.
- (app_check_pin, app_switch_active_app): Likewise.
- * scd/command.c (do_reset): Use card_get/card_put.
- (open_card_with_request): Use card_get/card_put, return CARD locked.
- (cmd_serialno): Follow the change of open_card_with_request.
- (cmd_switchapp): Use card_get/card_put.
- (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign): Likewise.
- (cmd_pkauth, cmd_pkdecrypt, cmd_getattr): Likewise.
- (cmd_setattr, cmd_writecert, cmd_writekey): Likewise.
- (cmd_genkey, cmd_random, cmd_passwd): Likewise.
- (cmd_checkpin, cmd_getinfo, cmd_restart): Likewise.
- (cmd_disconnect, cmd_apdu, cmd_devinfo): Likewise.
-
- scd: Fix access to list of cards (2/3).
- + commit b436fb6766b400167e5d57ff1116600bb496b04f
- * scd/app-common.h (card_reset, select_application): Simplify.
- * scd/app.c (card_reset, select_application): Simplify.
- * scd/command.c (do_reset): Follow the change.
- (open_card, open_card_with_request): Follow the change.
-
- scd: Fix access to list of cards (1/3).
- + commit 216945a80e7b6b9d366493fa43fc7e99c830d81c
- * scd/app.c (card_list_lock): Use MRSW lock.
- (lock_r_card_list, unlock_r_card_list): New.
- (lock_w_card_list, unlock_w_card_list): New.
- (app_dump_state, app_send_devinfo): Use the MRSW lock.
- (select_application, app_switch_current_card): Likewise.
- (scd_update_reader_status_file): Likewise.
- (initialize_module_command, send_card_and_app_list): Likewise.
- (app_do_with_keygrip, app_wait): Likewise.
-
-2021-07-08 Werner Koch <wk@gnupg.org>
-
- kbx: Improve debugging of the search descriptions in keyboxd.
- + commit b871824fefa114db931762243537663cc1095cfa
- * kbx/frontend.c (dump_search_desc): New.
- (kbxd_search): Actually log the search descriptions.
-
- kbx: Fix keyboxd searching with multiple patterns.
- + commit 101ba4f18aceb39c4d5f0e0a7e16e66827f8e612
- * kbx/keybox-search-desc.h (struct keydb_search_desc): New flag
- name_used.
- * common/userids.c (classify_user_id): Set flag.
- * kbx/kbxserver.c (struct search_backing_store_s): New.
- (cmd_search): use a backing store for the const pointers.
- (kbxd_start_command_handler): Release the backing store.
-
-2021-07-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Detect external interference when PCSC_SHARED.
- + commit 044e5a3c3801fde7fa3b26986825377016e73103
- * scd/app-common.h (check_aid): New method.
- * scd/app-openpgp.c (do_check_aid): New.
- * scd/app-piv.c (do_check_aid): New.
- * scd/app.c (check_external_interference): New.
- (maybe_switch_app): Check interference to determine switching is
- needed.
-
-2021-06-29 Werner Koch <wk@gnupg.org>
-
- artwork: Explain the license for the logo.
- + commit 5f78ae696c10df43c2b2fc29765e28b85caf5376
-
-
-2021-06-25 Werner Koch <wk@gnupg.org>
-
- agent: Fix regression in agent_get_shadow_info_type.
- + commit a6efde307f7beb199b543f78b61c317fa2708202
- * agent/protect.c (agent_get_shadow_info_type): Return the correct
- value.
-
- gpg: Let --fetch-key return an exit code on failure.
- + commit 9579c7786278b75d9c58b7c21b2f3c8bc7849810
- * g10/keyserver.c (keyserver_fetch): Return an error code.
- * g10/gpg.c (main) <aFetchKeys>: Return 1 in case of no data.
-
-2021-06-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:ccid: Handle LIBUSB_TRANSFER_OVERFLOW interrupt transfer.
- + commit 25ae80b8eb6e9011049d76440ad7d250c1d02f7c
- * scd/ccid-driver.c (intr_cb): Ignore LIBUSB_TRANSFER_OVERFLOW.
-
-2021-06-22 Werner Koch <wk@gnupg.org>
-
- tools: Extend ccidmon to print T=1 APDUs.
- + commit 2c6b62b3572fe43cb6b89ec5fb0bc62385a4b230
- * tools/ccidmon.c (print_as_ascii): New.
- (print_t1_block): New.
- (print_p2r_xfrblock): Print APDUs
- (print_r2p_datablock): Ditto.
-
- tests: Cope with broken Libgcrypt versions.
- + commit 5df658233a3a0c05fac0b4d4889f033ea0d0e034
- * common/t-sexputil.c (test_ecc_uncompress): Ignore unknwon curve
- errors.
-
- w32: Add fallback in case the Windows console can't cope with Unicode.
- + commit edfe9453be5f8ba374da0ab860be863d66965c56
- * common/ttyio.c (w32_write_console): Fallback to WriteConsoleA on
- error.
-
- scd:p15: Prepare AODF parsing for other authentication types.
- + commit e387cc97c82313457e4f79729a137e5871891bc1
- * scd/app-p15.c (auth_type_t): New.
- (struct aodf_object_s): Add field auth_type.
- (read_ef_aodf): Distinguish between pin and authkey types. Include
- the authtype in the verbose mode diags.
-
-2021-06-21 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix regression in KS_GET for mail address pattern.
- + commit d5126efd895bc2af0a7e63dbf4aa782ce47ecc40
- * dirmngr/ks-engine-hkp.c (ks_hkp_search): Munge mail address pattern.
- (ks_hkp_get): Allow for mail addresses.
- -
-
- Before the keyserver changes in 2.2.28 gpg passed dirmngr a pail
- address as an exact pattern (e.g. "=foo@example.org"). Since 2.2.28
- the mail address is detected gpg gpg and we see for example
- "<foo@example.org>". This patch fixes this to turn a mail address
- into an exact match again.
-
-2021-06-18 Werner Koch <wk@gnupg.org>
-
- scd:p15: Add pre-check for ascii-numeric PINs.
- + commit 029924a46e08ffcda038d89f06abfb41c980a9ad
- * scd/app-p15.c (verify_pin): acii-numerix is different than BCD.
-
- scd:p15: Add basic support for AET JCOP cards.
- + commit 544ec7872aed24c296ea34fac777eca287f7bb47
- * scd/app-p15.c (CARD_TYPE_AET): New.
- (cardtype2str): Add string.
- (card_atr_list): Add corresponding ATR.
- (app_local_s): New flag no_extended_mode. Turn two other flags into
- bit flags.
- (select_ef_by_path): Hack to handle the 3FFF thing.
- (readcert_by_cdf): Do not use etxended mode for AET.
- (app_select_p15): Set no_extended_mode.
-
- scd:p15: Handle cards with bad encoded path objects.
- + commit 7a8545c91b09277b0833dc0e5881ba5d1c8dbca3
- * scd/app-p15.c (read_ef_prkdf, read_ef_pukdf)
- (read_ef_cdf, read_ef_aodf): Allow for a zero length path and
- correctly skip unsupported auth types.
-
- scd: Improve reading of binary records.
- + commit 44f977d0e332e77fb8a775c4837c00118bbe08cb
- * scd/iso7816.c (iso7816_read_binary_ext): Handle the 0x6a86 SW the
- same as 6b00.
- * scd/apdu.c (apdu_get_atr): Modify debug messages.
- * scd/app-p15.c (app_select_p15): Print FCI on error.
- (read_p15_info): Clean up diag in presence of debug options.
-
-2021-06-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix RESET handling.
- + commit 7718244168c948171ffd37d7e964cbcd172661c6
- * scd/app.c (scd_update_reader_status_file): Clear ->reset_requested.
-
-2021-06-16 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix build with --disable-ldap.
- + commit c6900f5723b4edc899aaea267ed599b5ad724142
- * dirmngr/dirmngr.c (parse_rereadable_options) [USE_LDAP]:
- Conditionalize.
-
-2021-06-16 Werner Koch <wk@gnupg.org>
-
- sm: New option --ldapserver as an alias for --keyserver.
- + commit 89df86157e3580aae7e391382f4a5451a192fc68
- * sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
- alias.
-
- dirmngr: Allow to pass no filter args to dirmngr_ldap.
- + commit 14528ec66bd7dce28c7540fa9a34f35de54261c1
- * dirmngr/dirmngr_ldap.c (main): Handle no args case.
-
- dirmngr: Rewrite the LDAP wrapper tool.
- + commit 864ea251983977b91a7f6ff5964e497cf4b208dc
- * dirmngr/ldap-misc.c: New.
- * dirmngr/ldap-misc.h: New.
- * dirmngr/ks-engine-ldap.c: Include ldap-misc.h.
- (ldap_err_to_gpg_err, ldap_to_gpg_err): Move to ldap-misc.c.
- * dirmngr/ldap-wrapper.c (ldap_wrapper): Print list of args in debug
- mode.
- * dirmngr/server.c (lookup_cert_by_pattern): Handle GPG_ERR_NOT_FOUND
- the saqme as GPG_ERR_NO_DATA.
- * dirmngr/ldap.c (run_ldap_wrapper): Add args tls_mode and ntds.
- Remove arg url. Adjust for changes in dirmngr_ldap.
- (url_fetch_ldap): Remove args host and port. Parse the URL and use
- these values to call run_ldap_wrapper.
- (attr_fetch_ldap): Pass tls flags to run_ldap_wrapper.
- (rfc2254_need_escape, rfc2254_escape): New.
- (extfilt_need_escape, extfilt_escape): New.
- (parse_one_pattern): Rename to ...
- (make_one_filter): this. Change for new dirmngr_ldap calling
- convention. Make issuer DN searching partly work.
- (escape4url, make_url): Remove.
- (start_cert_fetch_ldap): Change for new dirmngr_ldap calling
- convention.
- * dirmngr/dirmngr_ldap.c: Major rewrite.
-
- * dirmngr/t-ldap-misc.c: New.
- * dirmngr/t-support.h (DIM, DIMof): New.
- * dirmngr/Makefile.am (dirmngr_ldap_SOURCES): Add ldap-misc.c
- (module_tests) [USE_LDAP]: Add t-ldap-misc.
- (t_ldap_parse_uri_SOURCES): Ditto.
- (t_ldap_misc_SOURCES): New.
-
- dirmngr: Remove useless code.
- + commit bcb99315627ec38aa5c9fe097075a82bdc8a2043
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Remove the
- password_param thing because we set the password directly without an
- intermediate var.
-
- dirmngr: Fix default port for our redefinition of ldaps.
- + commit 58e4c82512a4b0828f78fc9f03dbcdbf77760b5c
- * dirmngr/server.c (make_keyserver_item): Fix default port for ldaps.
- Move a tmpstr out of the blocks.
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Improve diagnostics.
-
- dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.
- + commit 3e05f99e8db5c4039d352d5bd9dde01ed9653f2f
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT.
-
- * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ...
- (parse_rereadable_options): here.
-
- dirmngr: New option --ldapserver.
- + commit 52cf32ce2f904b2e6f53f406a90458f6ef148af9
- * dirmngr/dirmngr.c (opts): Add option --ldapserver.
- (ldapserver_list_needs_reset): New var.
- (parse_rereadable_options): Implement option.
- (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used.
-
- * dirmngr/server.c (cmd_ldapserver): Add option --clear and list
- configured servers if none are given.
-
- dirmngr: Allow for non-URL specified ldap keyservers.
- + commit eb3a629154de10a5414a5d2c2b9941ef8bf1eeaf
- * dirmngr/server.c (cmd_ldapserver): Strip an optional prefix.
- (make_keyserver_item): Handle non-URL ldap specs.
- * dirmngr/dirmngr.h (struct ldap_server_s): Add fields starttls,
- ldap_over_tls, and ntds.
-
- * dirmngr/ldapserver.c (ldapserver_parse_one): Add for an empty host
- string. Improve error messages for the non-file case. Support flags.
- * dirmngr/ks-action.c (ks_action_help): Handle non-URL ldap specs.
- (ks_action_search, ks_action_get, ks_action_put): Ditto.
- * dirmngr/ks-engine-ldap.c: Include ldapserver.h.
- (ks_ldap_help): Handle non-URL ldap specs.
- (my_ldap_connect): Add args r_host and r_use_tls. Rewrite to support
- URLs and non-URL specified keyservers.
- (ks_ldap_get): Adjust for changes in my_ldap_connect.
- (ks_ldap_search): Ditto.
- (ks_ldap_put): Ditto.
-
- gpg,sm: Simplify keyserver spec parsing.
- + commit bebc71d2291e93afb76792c5e210836857103c36
- * common/keyserver.h: Remove.
- * sm/gpgsm.h (struct keyserver_spec): Remove.
- (opt): Change keyserver to a strlist_t.
- * sm/gpgsm.c (keyserver_list_free): Remove.
- (parse_keyserver_line): Remove.
- (main): Store keyserver in an strlist.
- * sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist. Avoid
- an ambiguity in dirmngr by adding a prefix if needed.
-
- * g10/options.h (struct keyserver_spec): Move definition from
- keyserver.h to here. Remove most fields.
- * g10/keyserver.c (free_keyserver_spec): Adjust.
- (cmp_keyserver_spec): Adjust.
- (parse_keyserver_uri): Simplify.
- (keyidlist): Remove fakev3 arg which does not make any sense because
- we don't even support v3 keys.
-
- dirmngr: Support pseudo URI scheme "opaque".
- + commit 1c96f4d663c020167ed3d39e513751641dfc3567
- * dirmngr/http.h (HTTP_PARSE_NO_SCHEME_CHECK): New.
- * dirmngr/http.c (http_parse_uri): Use this flag. Change all callers
- to use the new macro for better readability.
- (do_parse_uri): Add pseudo scheme "opaque".
- (uri_query_value): New.
-
-2021-06-11 Werner Koch <wk@gnupg.org>
-
- sm: Fix finding of issuer in use-keyboxd mode.
- + commit 6b76693ff54297456b724ba53f7e6283e2a5a126
- * sm/keydb.c (struct keydb_local_s): Add field saved_search_result.
- (keydb_push_found_state): Implement for keyboxd.
- (keydb_pop_found_state): Ditto.
- (keydb_get_cert): Do not release the cert so that the function can be
- used again to get the same cert. This is the same behaviour as in
- pubring.kbx mode.
-
- * sm/certchain.c, sm/import.c: Improve some error messages.
-
-2021-06-11 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support clearing of Reset Code by ''.
- + commit 4e02db75e3a1da9012176f2cfe1638c8c0129f6f
- * scd/app-openpgp.c (do_change_pin): Allow null-string.
-
-2021-06-09 Werner Koch <wk@gnupg.org>
-
- gpgtar,w32: Fix file size computation.
- + commit 14e36bdbe1c39bc23e70db775e05319367ee8adb
- * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses.
-
-2021-06-09 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix importing protected secret key.
- + commit 7a80004d5407c6c48b21d57ba6edb8e5a2db4995
- * agent/cvt-openpgp.c (do_unprotect): Only modify SKEY when it is
- correctly decrypted.
-
-2021-06-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix serial number detection for Yubikey 5.
- + commit c3a9ee0b658887ca9baa4514187b17857fdf6586
- * scd/app.c (app_new_register): Handle serial number correctly.
-
-2021-06-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix READER-PORT option handling for PC/SC.
- + commit ee5b6af370fbee1b08136e5dc384cf7996bcfc4c
- * scd/apdu.c (apdu_open_reader): READERNO should be -1 when
- READER-PORT is specified for PC/SC.
-
-2021-06-04 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Appropriate error code for importing key with no passwd.
- + commit 21ef425e222ddfa460b37dece63adb67ff2e4dd1
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Return
- GPG_ERR_BAD_SECKEY.
-
-2021-06-03 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Support KEYGRIP search with traditional keyring.
- + commit 9668ee097a1474299b8debecb1ee38620a327082
- * g10/keyring.c (keyring_search): Handle KEYDB_SEARCH_MODE_KEYGRIP.
-
-2021-06-02 Werner Koch <wk@gnupg.org>
-
- common: Allow for GCM decryption in de-vs mode.
- + commit c17dac5ac3ccb374e5a1276d4bc9b444c390a4c5
- * common/compliance.c (gnupg_cipher_is_allowed): Allow GCM for gpgsm
- in decrypt mode.
-
- * tests/cms/samplemsgs/pwri-sample.gcm.p7m: Remove duplicated authtag
-
- sm: Support AES-GCM decryption.
- + commit 4980fb3c6dde8c1dda975e8a36d6086c8456a631
- * tests/cms/samplemsgs/: Add sample messages.
- * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error.
- * sm/decrypt.c (decrypt_gcm_filter): New.
- (gpgsm_decrypt): Use this filter if requested. Check authtag.
-
-2021-05-28 Werner Koch <wk@gnupg.org>
-
- gpgconf: Make runtime changes with different homedir work.
- + commit 31c0aa2ff37f662c6391885d61ffd46ec3062e5a
- * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
-
-2021-05-28 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix calling handle_pincache_put.
- + commit 36f50b259cae0428264f4b7d60b82209e3dd8725
- * agent/call-scd.c (padding_info_cb): Fix the argument.
-
- scd: Fix zero-byte handling in ECC.
- + commit 5b1806454c03b3b493222f405ffced80a5d430ad
- * scd/app-openpgp.c (ecc_writekey): Don't remove zero-byte.
-
-2021-05-27 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Ed448 and X448 are only for v5 for --full-gen-key.
- + commit 2b50f942672d9a2c325a818f21f69d3ee69255d3
- * g10/keygen.c (generate_keypair): Set pVERSION = 5, pSUBVERSION = 5,
- when it's Ed448 or X448.
-
- build: _DARWIN_C_SOURCE should be 1.
- + commit be81941e1aca75d9e1d0dd2e2b234ae6df53c05a
- * configure.ac (*-apple-darwin*): Set _DARWIN_C_SOURCE 1.
-
-2021-05-25 Werner Koch <wk@gnupg.org>
-
- gpg: Partial fix for Unicode problem in output files.
- + commit 30563ea29705016b08ff04fd8a833940ea94e4e8
- * g10/openfile.c (overwrite_filep): Use gnupg_access.
-
-2021-05-21 Werner Koch <wk@gnupg.org>
-
- common: Annotate leaked memory in homedir.c.
- + commit 260bbb4ab27eab0a8d4fb68592b0d1c20d80179c
- * g10/trustdb.c (how_to_fix_the_trustdb): Use gnupg_homedir.
- * common/homedir.c (standard_homedir): Annotate leaked memory.
- (gnupg_daemon_rootdir): Ditto.
- (gnupg_socketdir): Ditto.
- (gnupg_sysconfdir): Ditto.
- (gnupg_bindir): Ditto.
- (gnupg_libdir): Ditto.
- (gnupg_datadir): Ditto.
- (gnupg_localedir): Ditto.
- (gnupg_cachedir): Ditto.
- (gpg_agent_socket_name): Ditto.
- (dirmngr_socket_name): Ditto.
- (keyboxd_socket_name): Ditto.
- (get_default_pinentry_name): Ditto.
- (gnupg_module_name): Ditto.
- (default_homedir): Ditto. Make static.
-
-2021-05-20 Werner Koch <wk@gnupg.org>
-
- sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
- + commit 52bbdc731fd54ff6d2744d7aca8e48e2c2389cc9
- * sm/keylist.c (list_cert_raw): Print the OpenPGP fpr.
-
-2021-05-20 Jakub Jelen <jjelen@redhat.com>
-
- card: Intialize pointer to avoid double free.
- + commit 98c52aeb31f4bf2604727aacad982fb51c04063f
- * tools/gpg-card.c (cmd_salut): Initialize data pointer
-
- scd: avoid memory leaks.
- + commit 27e7bde12ee2b67425ae7011d976d2544c90fd9a
- * scd/app-p15.c (send_certinfo): free labelbuf
- (do_sign): goto leave instead of return
- * scd/app-piv.c (do_sign): goto leave instead of return, fix typo in
- variable name, avoid using uninitialized variables
- * scd/command.c (cmd_genkey): goto leave instead of return
-
- kbx: Avoid uninitialized read.
- + commit fc5fac83b778f0ff61608c286448ab7fa14ccb2d
- * kbx/kbx-client-util.c (datastream_thread): Initialize pointer
- * kbx/keybox-dump.c (_keybox_dump_cut_records): free blob
- * kbx/kbxserver.c (kbxd_start_command_handler): do not free passed ctrl
- * kbx/keyboxd.c (check_own_socket): free sockname
-
- g10: Avoid memory leaks.
- + commit fa0771f609b5fcb104c64a11aefc501b7a91696d
- * g10/call-agent.c (card_keyinfo_cb): free keyinfo. Restructure to
- avoid backward gotos.
- * g10/keyedit.c (menu_set_keyserver_url): properly enclose the block
- * g10/keygen.c (gen_card_key): free pk and pkt
-
- dirmgr: Avoid double free.
- + commit 25aa353bf833fdae1a96158b49daf7588ae3b109
- * dirmgr/http.c (http_prepare_redirect): Avoid double free
- * dirmgr/ocsp.c (check_signature): Initialize pointer
-
- common: Avoid double-free.
- + commit 4704d1ce4e1e2ba9f986fb221346eda5c97f947b
- * common/name-value.c (do_nvc_parse): reset to null after ownership
- change
-
- agent: Fix memory leaks.
- + commit 33a2362e566c0e0d7011abf2e5fa5704d7cb4206
- * agent/call-daemon.c (daemon_start): free wctp
- * agent/call-scd.c (agent_card_pksign): return error instead of noop
- (card_keyinfo_cb): free keyinfo. Restructure to avoid a goto backwards.
- * agent/protect.c (agent_get_shadow_info_type): allocate only as a last
- action. Catch xtrymalloc failure.
- (agent_is_tpm2_key): Free buf.
-
- sm: Avoid memory leaks and double double-free.
- + commit e6132bc9f41727ea1abe2d6298610223c11639a2
- * sm/certcheck.c (extract_pss_params): Avoid double free
- * sm/decrypt.c (gpgsm_decrypt): goto leave instead of return
- * sm/encrypt.c (encrypt_dek): release s_pkey
- * sm/server.c (cmd_export): free list
- (do_listkeys): free lists
-
- g10: Fix memory leaks.
- + commit 2af7bb2295cda5377546cedd0c906a3cff4d2427
- * g10/card-util.c (change_pin): free answer on errors
- (ask_card_keyattr): free answer on error
- * g10/cpr.c (do_get_from_fd): free string
- * g10/gpg.c (check_permissions): free dir on weird error
- * g10/import.c (append_new_uid): release knode
- * g10/keyedit.c (menu_set_keyserver_url): free answer
- (menu_set_keyserver_url): free user
- * g10/keygen.c (print_status_key_not_created): move allocation after
- sanity check
- (ask_expire_interval): free answer
- (card_store_key_with_backup): goto leave instaed of return
- * g10/keyserver.c (parse_keyserver_uri): goto fail instead of return
- * g10/revoke.c (gen_desig_revoke): release kdbhd
- (gen_desig_revoke): free answer
- * g10/tofu.c (ask_about_binding): free sqerr and response
- * g10/trustdb.c (ask_ownertrust): free pk
-
- dirmgr: clean up memory on error code paths.
- + commit 0d2c1e9046faf102809bc65329c22b6cf8d62ea0
- * dirmgr/crlcache.c (finish_sig_check): goto leave instead of return
- * dirmgr/http.c (send_request): free authstr and proxy_authstr
- * dirmgr/ldap.c (start_cert_fetch_ldap): free proxy
- * dirmgr/ocsp.c (check_signature): release s_hash
-
- agent: Avoid memory leaks in error code paths.
- + commit a95ddffdcd58383cce93677be5e7e11c5c229a98
- * agent/command.c (cmd_genkey): Use goto instead of return.
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Ditto.
- * agent/genkey.c (agent_ask_new_passphrase): Fix typo to free correct
- pointer
- (agent_genkey): Release memory
- * agent/gpg-agent.c (check_own_socket): Free sockname
- * agent/protect-tool.c (read_key): Free buf.
- (agent_askpin): Free passphrase
-
-2021-05-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: For KS_SEARCH return the fingerprint also with LDAP.
- + commit a660e1060630e8d75ecb43abf69dbb73378c1df9
- * dirmngr/ks-engine-ldap.c (extract_keys): Return the fingerprint if
- available.
- (ks_ldap_search): Ditto.
- (extract_keys): Make sure to free the ldap values also in corner
- cases.
- (my_ldap_value_free): New.
- (ks_ldap_get): Ditto.
- (ks_ldap_search): Ditto.
- (my_ldap_connect): Ditto.
-
- gpg: Improve speed of secret key listing.
- + commit 40da61b89b62dcb77847dc79eb159e885f52f817
- * agent/command.c (cmd_keyinfo): Factor some code out to ...
- (get_keyinfo_on_cards): ... new.
- (cmd_havekey): Add --list mode.
- * g10/gpg.h (struct server_control_s): Add new caching vars.
- * g10/gpg.c (gpg_deinit_default_ctrl): Release cache.
- * g10/call-agent.c (agent_probe_any_secret_key): Init and try to use
- the keygrip cache.
- (agent_genkey): Clear the cache.
- (agent_import_key): Ditto.
-
- * g10/keylist.c (list_all, list_one): Pass ctrl to
- agent_probe_any_secret_key.
- * g10/getkey.c (lookup): Ditto.
-
-2021-05-18 Werner Koch <wk@gnupg.org>
-
- gpg: Fix sending an OpenPGP key with umlaut to an LDAP keyserver.
- + commit b8e6e485ee0b3389992f5de4d717e2e9cca92a9e
- * g10/call-dirmngr.c (record_output): Rewrite.
-
-2021-05-18 Ingo Klöcker <dev@ingo-kloecker.de>
-
- scd:p15: Fix logic for appending product name to MANUFACTURER.
- + commit 65bc5ea95e608869fe57dae43e201ed47b98f9fe
- * scd/app-p15.c (do_getattr): Append product name to MANUFACTURER if
- manufacturer_id does not already contain a bracket and if we have a
- product name.
-
-2021-05-17 Werner Koch <wk@gnupg.org>
-
- gpg: Use a more descriptive prompt for symmetric decryption.
- + commit 6dfae2f402a702ccd7f2c585b28cb356e9f26a26
- * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
- (passphrase_to_dek_ext): Remove this obsolete prototype.
- * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
- value.
- (passphrase_to_dek): Add arg flags and pass it on.
- * g10/mainproc.c (proc_symkey_enc): Use new flag.
-
- * sm/decrypt.c (pwri_decrypt): Use "passphrase".
-
- dirmngr: LDAP search by a mailbox now ignores revoked keys.
- + commit 1406f551f1e00a03eabf5b8bd3011bf6393ce318
- * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
- and disable keys in mail mode.
-
- sm: Ask for the password for password based decryption (pwri)
- + commit eeb65d3bbd7d461694d30009631739735a2b9bad
- * sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase.
-
- * sm/export.c (export_p12): Mark string as translatable.
- * sm/import.c (parse_p12): Ditto.
-
-2021-05-14 Werner Koch <wk@gnupg.org>
-
- sm: Support decryption of password based encryption (pwri)
- + commit 02029f9eab87e9fd667829dfb083846275576398
- * sm/decrypt.c (pwri_parse_pbkdf2): New.
- (pwri_decrypt): New.
- (prepare_decryption): Support pwri.
- (gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM.
-
-2021-05-14 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Remove wrong assertion and add protection to PCSC.COUNT.
- + commit 58b330e935b9225d5a389c5d858a0e7304f573ad
- * scd/apdu.c (apdu_dev_list_finish): Fix for calling
- release_pcsc_context.
-
-2021-05-12 Werner Koch <wk@gnupg.org>
- Jakub Jelen <jjelen@redhat.com>
-
- agent: Use SHA-256 for SSH fingerprint by default.
- + commit 310b064f5271fe8566ebc996702ea1422875f425
- * agent/gpg-agent.c (parse_rereadable_options): Change default ssh
- fingerprint digest.
- (main): Ditto.
-
-2021-05-11 Werner Koch <wk@gnupg.org>
-
- A few minor code cleanups and typo fixes.
- + commit 965bb0693c0df04e6dbd57a8b471944367cf6c4e
- * agent/command-ssh.c (ssh_handler_request_identities): Remove double
- check of ERR.
- * g10/getkey.c (get_pubkey_byname): Remove double use of break.
- * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to
- failed malloc.
-
-2021-05-11 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix allocation for EXTRAHASH.
- + commit ac731dbbbd21f53d2f6bf69343e6bf553ebc9dad
- * g10/sign.c (clearsign_file): Fix the size to allocate.
-
- scd: Serialize READER_TABLE access for PC/SC.
- + commit 32baa9acfb153004bdb2509f9516482b78f256a4
- * scd/apdu.c (apdu_dev_list_start): Remove locking READER_TABLE_LOCK.
- Don't increment PCSC.COUNT here.
- (apdu_dev_list_finish): Don't decrement PCSC.COUNT here.
- (apdu_open_reader): Protect access with READER_TABLE_LOCK.
-
-2021-05-10 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix close_pcsc_reader.
- + commit ec5591dc4e1f1b0340b9043a410dc62b63a90416
- * scd/apdu.c (close_pcsc_reader): Don't touch .RDRNAME field.
- (apdu_dev_list_finish): Clear .RDRNAME field and replace call of
- close_pcsc_reader by release_pcsc_context. Add assertion.
-
- scd: Make sure releasing PC/SC context.
- + commit cccc9bd5db1f00c35dff192935e91d46cafb259f
- * scd/apdu.c (release_pcsc_context): New.
- (close_pcsc_reader): Use release_pcsc_context. Add assertion.
- (apdu_dev_list_start): Replace call of close_pcsc_reader
- into release_pcsc_context, add condition.
-
-2021-05-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Increment PCSC.COUNT correctly.
- + commit 0498ea8fbd57d0df3093301d551db6b287ccf622
- * scd/apdu.c (open_pcsc_reader): PCSC.COUNT should
- be incremented before possible call of close_pcsc_reader.
-
- scd: Fix memory leak for RDRNAME and serialize access.
- + commit 5d1b41310682a599a16bcb95e18f56e62299059e
- * scd/apdu.c (close_pcsc_reader): Move locking to...
- (apdu_close_reader): ... here, as it's also needed for CCID driver.
- Free RDRNAME when closed.
-
- scd: Fix declarations for PC/SC access.
- + commit 039aed9d401f3875eee0251d34be74de7a1daf84
- * scd/apdu.c (pcsc_begin_transaction, pcsc_transmit): Use HANDLE.
-
-2021-05-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Recover the partial match for PORTSTR for PC/SC.
- + commit 53bdc6288f9b474e53f06088130e304cee41b12d
- * scd/apdu.c (apdu_open_reader): Allow partial match of
- PORTSTR again just like 2.2 does.
-
- scd: When reader is specified, make sure only open once.
- + commit d6fe82d3d1699eb417f87b487048f95fee91e2cd
- * scd/apdu.c (apdu_open_reader): Make sure not to try multiple times,
- when PORTSTR is specified.
-
-2021-04-29 Werner Koch <wk@gnupg.org>
-
- scd: Fix PC/SC removed card problem.
- + commit 8d81fd7c01e8dfacc719ff190f8e364014e32fdf
- * scd/apdu.c (pcsc_cancel): New.
- (pcsc_init): Load new function.
- (connect_pcsc_card): Use it after a removed card error.
-
-2021-04-28 Werner Koch <wk@gnupg.org>
-
- scd: Fix problem with reader list becoming empty.
- + commit bb8e3996e44f4f057f0771b9b72c89feae00f1b1
- * scd/apdu.c (close_pcsc_reader): Do not decrement refcount if already
- zero. Always release context if or becomes zero.
- (apdu_dev_list_start): Unlock prior to close_pcsc_reader. For PC/SC
- increment the count. Always release the lock.
- (apdu_dev_list_finish): No more unlocking. Use close_pcsc_reader
- instead of code duplication.
-
- * scd/apdu.c (pcsc_error_string): Add an error code.
- * scd/scdaemon.c (scd_kick_the_loop): Fix a diagnostic.
-
-2021-04-27 Kirill Elagin <kirelagin@gmail.com>
-
- scd: Fix unblock PIN by a Reset Code with KDF.
- + commit f209d7d2db0e963a6ad1fa8c4f0c034ba0297842
- * scd/app-openpgp.c (do_change_pin): Use correct CHVNO=1 for
- pin2hash_if_kdf, for user's PIN.
-
-2021-04-26 Werner Koch <wk@gnupg.org>
-
- gpg: Fix mailbox based search via AKL keyserver method.
- + commit 4fcfac6feb2a6c2b14883ba406afc917e8d4be42
- * g10/keyserver.c (keyserver_import_name): Rename to ...
- (keyserver_import_mbox): this. And use mail search mode.
- * g10/getkey.c (get_pubkey_byname): Change the two callers.
-
- gpg: Do not use import-clean for LDAP keyserver imports.
- + commit 99db4b0c7fd128ea5b2e251fe854bd57f6322238
- * g10/options.h (opts): New field expl_import_only.
- * g10/import.c (parse_import_options): Set it.
- * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
-
-2021-04-25 Werner Koch <wk@gnupg.org>
-
- gpg: Auto import keys specified with --trusted-keys.
- + commit 100037ac0f558e8959fc065d4703c85c2962489e
- * g10/getkey.c (get_pubkey_with_ldap_fallback): New.
- * g10/trustdb.c (verify_own_keys): Use it.
-
- scd:p15: Fix last commit and improve D-TRUST detection.
- + commit cc5aa68b6310bdeaa1102bb0d6a33420920648e7
- * scd/app-p15.c (read_p15_info): Improve D-TRUST card detection.
- (do_getattr): Fix faulty code for the last commit. Append the product
- name to MANUFACTURER.
-
- scd:p15: Shorten the displayed s/n of RSCS cards.
- + commit 21e3f750bd7dde2ae9ece01b1abdd1b47ba4fb04
- * scd/app-p15.c (get_dispserialno): Add dedicated handling for RSCS.
-
-2021-04-23 Werner Koch <wk@gnupg.org>
-
- gpg: Replace an obsolete trustdb function.
- + commit 3cbc66410d62ad2f7e559095753a2385fe644d07
- * g10/trustdb.c (tdb_register_trusted_keyid): Make static.
- (tdb_register_trusted_key): Replace register_trusted_keyid by
- tdb_register_trusted_key.
- * g10/keygen.c (do_generate_keypair): Ditto.
- * g10/trust.c (register_trusted_keyid): Remove.
-
- gpg: Allow decryption w/o public key but with correct card inserted.
- + commit 50293ec2ebf2a997dbad9a47166d694efcc0709a
- * agent/command.c (cmd_readkey): Add option --no-data and special
- handling for $SIGNKEYID and $AUTHKEYID.
- * g10/call-agent.c (agent_scd_getattr): Create shadow keys for KEY-FPR
- output.
- * g10/skclist.c (enum_secret_keys): Automagically get a missing public
- key for the current card.
-
- agent: Require verbose level 2 for handler started/terminated notices.
- + commit 84c2d97cca76045bbe9d0598a10623d5d91e6530
- * agent/gpg-agent.c (do_start_connection_thread): Silence diags even
- more.
-
-2021-04-23 NIIBE Yutaka <gniibe@fsij.org>
-
- tools: Fix for --disable-tpm2d.
- + commit 97ba94e52b2390f43fc1ac7db98e8ee7a37ddfb1
- * tools/gpgconf-comp.c: Conditionalize with BUILD_WITH_TPM2D.
-
-2021-04-22 Werner Koch <wk@gnupg.org>
-
- scd: Fix PSO_CSV for 512 bit curves.
- + commit 9e24f2a45ce8038f662ec1a9893669e1d5604ec7
- * scd/iso7816.c (iso7816_pso_csv): Use BER-TLV instead of SIMPLE-TLV
-
- tests: Make sure that the build keyboxd is used.
- + commit d36c4dc95b72b780375d57311bdf4ae842fd54fa
- * tests/openpgp/defs.scm (create-gpghome): Add keyboxd-program.
-
-2021-04-21 Werner Koch <wk@gnupg.org>
-
- card: New option --shadow for command list.
- + commit 2fce99d73a6afc1a1a29041722a934bb81c7d739
- * tools/card-call-scd.c (scd_readkey): Add arg create_shadow.
- * tools/gpg-card.c (list_one_kinfo): Add arg create_shadow and pass it
- down to scd-readkey. Change all callers to convey this arg.
- (cmd_list): Add option --shadow.
-
- agent: Silence error messages for READKEY --card.
- + commit 8f2c9cb73538baab7da8107f2cceb2f6fc49642a
- * agent/command.c (cmd_readkey): Test for shadow key before creating
- it.
-
- gpg: Allow fingerprint based lookup with --locate-external-key.
- + commit ec36eca08cdbf6653e7362e8e0e6c5f2c75b4a60
- * g10/keyserver.c (keyserver_import_fprint_ntds): New.
- * g10/getkey.c (get_pubkey_byname): Detect an attempt to search by
- fingerprint in no_local mode.
-
- keyboxd: Fix searching for exact mail addresses.
- + commit f79e9540ca643b5cb912e7bfca2af56be428efed
- * kbx/kbxserver.c (cmd_search): Use the openpgp hack for calling
- classify_user_id.
- * kbx/backend-sqlite.c (run_select_statement): Remove angle brackets
- in exact addrspec mode.
- * g10/call-keyboxd.c (keydb_search): Do not duplicate the left angle
- bracket.
- * sm/keydb.c (keydb_search): Ditto.
-
- gpg,sm: Ignore the log-file option from common.conf.
- + commit d153e4936e05ab3b15df3c092024d83ac9d6ca46
- * g10/gpg.c (main): Don't use the default log file from common.conf.
- * sm/gpgsm.c (main): Ditto.
-
-2021-04-20 Werner Koch <wk@gnupg.org>
-
- Release 2.3.1.
- + commit cbbdb88627fe57ebf02b8b4bf9002d356e57e2e4
-
-
- Support log-file option from common.conf for all daemon.
- + commit 45918813f0599505e4f84bd44b09fb708b4e7f23
- * agent/gpg-agent.c: Include comopt.h.
- (main): Read log-file option from common.conf.
- (reread_configuration): Ditto.
- * dirmngr/dirmngr.c: Include comopt.h.
- (main): Read log-file option from common.conf.
- (reread_configuration): Ditto.
- * kbx/keyboxd.c: Include comopt.h.
- (main): Read log-file option from common.conf.
- (reread_configuration): Ditto.
- * scd/scdaemon.c: Include comopt.h.
- (main): Read log-file option from common.conf.
-
- gpgconf: Fix a diagnostic output.
- + commit b657d6c3bd8103d40d511a3293313a891a26a9f5
- * tools/gpgconf-comp.c (gc_component_launch): Fix diagnostic.
- * doc/examples/common.conf: Fix example.
-
- sm: New command --show-certs.
- + commit 51419d63415ae2aa029f8829099b6789b264edc5
- * sm/keylist.c (do_show_certs): New.
- (gpgsm_show_certs): New.
- * sm/gpgsm.c (aShowCerts): New.
- (opts): Add --show-certs.
- (main): Call gpgsm_show_certs.
-
-2021-04-19 Werner Koch <wk@gnupg.org>
-
- build: Fix build problems on macOS for gpgsm tests and gpg-card.
- + commit 5fe60576d50f7c857d0a865a9630212422fa1ad1
- * tools/gpg-card.c: Include ctype.h.
- * sm/Makefile.am (t_common_ldadd): Add LIBICONV.
-
-2021-04-19 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
-
- build: Allow selection of TSS library.
- + commit 93c88d0af36b70a406997b40c49bfc14c17b4cd2
- * configure.ac: New option --with-tss to force the use of a
- specific TSS library.
-
- gpg: Fix showpref to list AEAD feature.
- + commit 86f446fd446fcc7295ecf6b37a3f4cca45a165f1
- * g10/keyedit.c (show_prefs): Show 'AEAD' if flags.aead is set.
-
-2021-04-19 Werner Koch <wk@gnupg.org>
-
- gpg,gpgsm: Move use-keyboxd to the new conf file common.conf.
- + commit d13c5bc244ce1daed285424d920171fc2bcd7290
- * common/comopt.c, common/comopt.h: New.
- * common/Makefile.am: Add them.
- * g10/gpg.c: Include comopt.h.
- (main): Also parse common.conf.
- * sm/gpgsm.c: Include comopt.h.
- (main): Set a flag for the --no-logfile option. Parse common.conf.
-
- * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
- pseudo option "use_keyboxd".
- (known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
- (known_options_gpgsm): Remove "use-keyboxd".
-
- * tests/openpgp/defs.scm (create-gpghome): Create common.conf.
-
- * doc/examples/common.conf: New.
-
-2021-04-16 Werner Koch <wk@gnupg.org>
-
- gpg: Lookup a missing public key of the current card via LDAP.
- + commit d7e707170fbe2956deb3d81e2802d21352079722
- * g10/getkey.c (get_seckey_default_or_card): Lookup a missing public
- key from the current card via LDAP.
- * g10/call-dirmngr.c: Include keyserver-intetnal.h.
- (gpg_dirmngr_ks_get): Rename arg quick into flags. Take care of the
- new LDAP flag.
- * g10/keyserver-internal.h (KEYSERVER_IMPORT_FLAG_QUICK): New.
- Replace the use of the value 1 for the former quick arg.
- (KEYSERVER_IMPORT_FLAG_LDAP): New.
- * g10/keyserver.c (keyserver_get_chunk): Increase the reserved line
- length.
- * dirmngr/ks-action.c (ks_action_get): Add arg ldap_only.
- * dirmngr/server.c (cmd_ks_get): Add option --ldap.
-
- scd:p15: Support attribute KEY-FPR.
- + commit 30f90fc8574be4c48ac8d3ff41479481414c0dee
- * scd/app-p15.c: Include openpgpdefs.h.
- (struct prkdf_object_s): Add fields have_keytime and ecdh_kdf.
- (read_p15_info): Set ecdh_kdf.
- (keygrip_from_prkdf): Flag that we have the keytime.
- (send_keypairinfo): Send the key time only if valid.
- (send_key_fpr_line): New.
- (send_key_fpr): New.
- (do_getattr): Add KEY-FPR.
-
- common: New module to compute openpgp fingerprints.
- + commit 2f2bdd9c0894eb43f719da8b529b4c7a46f742a0
- * common/openpgp-fpr.c: New.
- * common/Makefile.am (common_sources): Add it.
-
-2021-04-13 Werner Koch <wk@gnupg.org>
-
- gpg: Do not use self-sigs-only for LDAP keyserver imports.
- + commit 6c26e593df51475921410ac97e9227df6b258618
- * dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
- * g10/options.h (opts): New field expl_import_self_sigs_only.
- * g10/import.c (parse_import_options): Set it.
- * g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
-
-2021-04-13 Jakub Jelen <jjelen@redhat.com>
-
- common: Fix memory leaks.
- + commit a16f726f9404f173705cc3bef71daee38d2c094b
- * common/name-value.c (do_nvc_parse): Free NAME.
- * common/recsel.c (recsel_parse_expr): Release SE_HEAD and EXPR_BUFFER.
-
- kbx: Fix memory leak.
- + commit 51bbd99a3c9b09a78e766a312d97a1d40372c6cd
- * kbx/keybox-update.c (blob_filecopy): Goto leave instead of return.
-
- tools: Fix memory leaks.
- + commit 4c8be54cc430bbebd41fd7c452ff4ff9e8ff2bd5
- * tools/gpgsplit.c (write_part): Free BLOB on error.
-
- scd: Fix memory leaks.
- + commit 7cbe29c4fb4f593e194b6c25cb31633b4a6e0b2b
- * scd/apdu.c (apdu_dev_list_start): Free DL.
- * scd/app-nks.c (pubkey_from_pk_file): Fix typo in condition.
-
- agent,kbx: Add LIBASSUAN_CLFAGS.
- + commit cd66b2eb0d34b135175899362e191fff81588608
- * agent/Makefile.am (gpg_preset_passphrase_CFLAGS, t_protect_CFLAGS):
- Add LIBASSUAN_CFLAGS.
- * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS):
- Likewise.
-
-2021-04-12 Werner Koch <wk@gnupg.org>
-
- scd:p15: Match private keys with certificates also by labels.
- + commit ecb9265b8dc03a153044e19be804d4c2d2caa4e8
- * scd/app-p15.c (cdf_object_from_label): New.
- (cdf_object_from_certid): Fallback to label matching.
- (read_p15_info): Ditto.
- (keygrip_from_prkdf): Ditto. Replace duplicated code by a call to
- cdf_object_from_objid.
-
-2021-04-08 Werner Koch <wk@gnupg.org>
-
- scd:nks: Handle APP_READKEY_FLAG_INFO.
- + commit 63320ba2f8147ee86f4406c9590f6b28cad4771d
- * scd/app-nks.c (keygripstr_from_pk_file): Fix ignored error.
- (get_nks_tag): New.
- (do_learn_status_core): Use it. Make sure not to mange the
- KEYPAIRINFO line if no usage is known.
- (do_readkey): Output the KEYPAIRINFO for the keygrip case.
-
- scd: Fix duplicate output of KEYPAIRINFO by readkey command.
- + commit 22fd48e48d007a0cba6c8a8f6ad6cb4fe7470534
- * scd/app-help.c (app_help_get_keygrip_string_pk): Make HEXKEYGRIP
- parm optional.
- * scd/command.c (do_readkey): Remove duplicate output of keypairinfo
- lines.
-
-2021-04-08 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Ed448 and X448 are only for v5.
- + commit 36355394d865f5760075e62267d70f7a7d5dd671
- * g10/keygen.c (parse_key_parameter_part): Generate with version 5
- packet, when it's Ed448 or X448.
-
- scd: Fix CCID driver for SCM SPR332/SPR532.
- + commit ab66c4357595b8a10ca25fd735f439fe795919b2
- * scd/ccid-driver.c (ccid_vendor_specific_pinpad_setup): New.
- (ccid_vendor_specific_setup): Only send CLEAR_HALT.
- (ccid_transceive_secure): Each time, use send_escape_cmd.
-
- common: Fix gnupg_wait_processes, by skipping invalid PID.
- + commit d82dae5d2229a30dbc78aadc4d544d30dac76a1c
- * common/exechelp-posix.c (gnupg_wait_processes): Skip invalid PID.
-
-2021-04-07 Werner Koch <wk@gnupg.org>
-
- Release GnuPG 2.3.0.
- + commit c922a798a341261f1aafaf7c1c0217e4ce3e3acf
-
-
-2021-04-01 Werner Koch <wk@gnupg.org>
-
- gpgconf: Return a new pseudo option compliance_de_vs.
- + commit a78475fbb7b60ca96137fbe179d8b939cfe2cd89
- * tools/gpgconf-comp.c (known_pseudo_options_gpg): Add
- "compliance_de_vs".
- * g10/gpg.c (gpgconf_list): Returh that pseudo option.
-
- common: Make the compliance check more robust.
- + commit 1d1ec1146c04415c7051af62e133459a4537c945
- * common/compliance.c (get_compliance_cache): New.
- (gnupg_rng_is_compliant): Use per mode cache.
- (gnupg_gcrypt_is_compliant): Ditto.
-
- card: New flag --reread for LIST.
- + commit c727951a2440913bbab5b250c9bd2bb1d35ab0d7
- * tools/gpg-card.c (cmd_list): Add flag --reread.
- * tools/card-call-scd.c (scd_learn): New arg reread.
-
- * tools/card-call-scd.c (release_card_info): Fix releasing of the new
- label var.
-
- scd: New flag --reread for LEARN.
- + commit ff87f4e578f412332ae59fdab016f0a5304baaf9
- * scd/command.c (cmd_learn): Add flag --reread.
- * scd/app-common.h (struct app_ctx_s): New field need_reset.
- * scd/app.c (write_learn_status_core): Set need_reset if we notice an
- error after returning from a reread. Change all callers of card
- functions to return GPG_ERR_CARD_RESET so that that app is not anymore
- used.
-
- scd:p15: New flag APP_LEARN_FLAG_REREAD.
- + commit e17d3f866057543d142d63379fd4f4a36d79147f
- * scd/app-p15.c (do_deinit): Factor code out to ...
- (release_lists, release_tokeninfo): new.
- (read_ef_tokeninfo): Reset all data before reading.
- (read_p15_info): Ditto.
- (do_learn_status): Implement reread flag.
-
-2021-03-31 Werner Koch <wk@gnupg.org>
-
- scd: Replace all assert macros by the log_assert macro.
- + commit 1c16878efd0bcf036f56abef93d64ac41ce9e95b
-
-
- build: Require automake 1.16.3.
- + commit 6ca540715139899137e1f86c7e1dcbd0288f15b3
- * configure.ac (min_automake_version): Bump to 1.16.3
-
-2021-03-31 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update gpg-error.m4.
- + commit 8d6152a4cfd8a4cf176c01f99e1d49eeecab4367
- * m4/gpg-error.m4: Update from libgpg-error.
-
-2021-03-30 Werner Koch <wk@gnupg.org>
-
- card: Print the key's label if available.
- + commit 0d6f276f61c583d776687029c715b1ee4280e4ed
- * tools/gpg-card.h (struct key_info_s): Add field 'label'.
- * tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL.
- (scd_learn): Always request KEY-LABEL.
- * tools/gpg-card.c (nullnone): New.
- (list_one_kinfo, list_card): Use it. Print the label.
-
- scd:p15: Return labels for keys and certificates.
- + commit 7f9126363265a6b6fe4223d68fc4e87678c4ddfc
- * scd/app-p15.c (send_certinfo): Extend certinfo.
- (do_getattr): Support KEY-LABEL.
-
- scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.
- + commit 651c07a7301c33229af051d83edbf898bae52e8b
- * scd/app-p15.c (verify_pin): Take care of verify status.
-
- scd:p15: Return the creation time of the keys.
- + commit de4d3c99aa58ee06ae978d59e7e3aa7bace1c440
- * scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr.
- (keygrip_from_prkdf): Set them.
- (send_keypairinfo): Extend KEYPAIRINFO.
-
-2021-03-30 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Fix for make distcheck, no EPS support.
- + commit d1bac0a3be7081a4bfc7f813f9d626e1396ad5c1
- * Makefile.am (AM_DISTCHECK_DVI_TARGET): Specify 'pdf'.
- * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Remove EPS files.
- (gnupg.dvi): Remove.
-
-2021-03-29 Werner Koch <wk@gnupg.org>
-
- scd:p15: Make RSA with SHA512 work with CardOS.
- + commit 592f48011790e30d4bcfd9093eb58b786c8c9a8b
- * scd/app-p15.c (do_sign): Rewrite.
-
- agent: Skip unknown unknown ssh curves seen on cards.
- + commit 2d2391dfc25cfe160581b1bb4b4b8fc4764ac304
- * agent/command-ssh.c (ssh_handler_request_identities): Skip unknown
- curves.
-
- scd:p15: Support ECDSA and ECDH for CardOS.
- + commit a494b29af9cc9c4c8c8323bae20e845d5a390448
- * scd/iso7816.c (iso7816_pso_csv): New.
- * scd/app-help.c (app_help_pubkey_from_cert): Uncompress a point if
- needed.
-
- * scd/app-p15.c (CARD_PRODUCT_RSCS): New.
- (struct prkdf_object_s): Add fields is_ecc, token_label, and
- tokenflags.
- (do_deinit): Free new fields.
- (cardproduct2str): New.
- (read_ef_prkdf): Set new is_ecc flag.
- (read_ef_tokeninfo): Store some data and move Tokeninfo diags to ...
- (read_p15_info): here. set the product info here after all data has
- been gathered.
- (send_keypairinfo): Chnage the way the gpgusage flags are used.
- (make_pin_prompt): If the token has a label and the current cert has
- no CN, show the label as holder info.
- (do_sign): Support ECDSA. Take care of the gpgusage flags.
- (do_decipher): Support ECDH. Take care of the gpgusage flags.
-
- gpg: Allow ECDH with a smartcard returning just the x-ccordinate.
- + commit f129b0e97730b47d62482fba9599db39b526f3d2
- * g10/ecdh.c (extract_secret_x): Add extra safety check. Allow for
- x-only coordinate.
-
-2021-03-28 Werner Koch <wk@gnupg.org>
-
- gpgconf: Do not i18n an empty string to the PO files meta data.
- + commit 18d884f8411a0ca263a8aa588bb49eb0dae9ee19
- * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings.
-
-2021-03-26 Werner Koch <wk@gnupg.org>
-
- tests: Make sure the built keyboxd is used by the tests.
- + commit a5e72b663b3649c939d32d6526b5e2b3347dedd9
- * tests/openpgp/defs.scm (tool): Add keyboxd.
- * tests/openpgp/setup.scm: Ditto.
-
- gpgconf: Fix another argv overflow if --homedir is used.
- + commit 057131159b445d2d49392e95c677ad7b4cd4ae9c
- * tools/gpgconf-comp.c (gc_component_check_options): Increase array.
-
- gpgconf: Fix argv overflow if --homedir is used.
- + commit d3d57a1bc88ece0c12c91f54b089482cce92c5a0
- * tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too
- small array.
- (gpg_agent_runtime_change): Fix error message.
- (scdaemon_runtime_change): Ditto.
- (tpm2daemon_runtime_change): Ditto.
- (dirmngr_runtime_change): Ditto.
- (keyboxd_runtime_change): Ditto.
-
- agent: Add debug output for failed RSA signature verification.
- + commit 6de1ec3ba59fa54ab60b2923ba9caa77fc9d5281
- * agent/pksign.c (agent_pksign_do): Support ECC and DSA verification
- and print some debug info in the error case.
-
- common: New function to uncompress an ECC public key.
- + commit 935765b451aadc63fbba763a4a00f4efa0254436
- * common/sexputil.c (ec2os): New.
- (uncompress_ecc_q_in_canon_sexp): New.
-
- * common/t-sexputil.c (fail2): new.
- (test_ecc_uncompress): New.
- (main): Run new test.
-
-2021-03-26 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix PC/SC error handling at apdu_dev_list_start.
- + commit d4e5979c630c2960cf1fd5796f1060419e71cb04
- * scd/apdu.c (PCSC_E_NO_READERS_AVAILABLE): Add.
- (pcsc_error_to_sw): Handle PCSC_E_NO_READERS_AVAILABLE.
- (apdu_dev_list_start): Return error correctly.
-
-2021-03-24 Werner Koch <wk@gnupg.org>
-
- card: Add option --use-default-pin to command "login".
- + commit 73bad368dacf5334bf78af15b243d06fd1273849
- * tools/gpg-card.c (cmd_login): Add option.
-
- scd:p15: Make $SIGNKEY et al determination more fault tolerant.
- + commit 964363e788210f96a471e31ffa8fd17b534c0aa8
- * scd/app-p15.c (do_getattr): Change how we use gpgUsage to figure out
- the keys to use.
-
-2021-03-24 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix v5 signature for clearsign.
- + commit 14ef703ad65850fa22d394c4d521ba602ff2cc8d
- * g10/sign.c (clearsign_file): Prepare EXTRAHASH.
-
- gpg: Support ECDH with v5 key.
- + commit 90a5b4e648b3c8a6fe645df7e61654dfdb3548be
- * g10/ecdh.c (build_kdf_params): Use the first 20 octets.
- * g10/pkglue.c (pk_encrypt): Remove length check to 20.
- * g10/pubkey-enc.c (get_it): Likewise.
-
-2021-03-23 Werner Koch <wk@gnupg.org>
-
- gpgconf: Fix listing of default_pubkey_algo.
- + commit a107b24ddb45c9eef432d456f302c1acea3af27c
- * tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No
- flags needed for pseudo options.
- (known_pseudo_options_gpg, known_pseudo_options_gpgsm): New.
- (gc_component): Add field known_pseudo_options.
- (struct read_line_wrapper_parm_s): New.
- (read_line_wrapper): New.
- (retrieve_options_from_program): Use read_line_wrapper to handle
- pseudo options.
-
-2021-03-22 Werner Koch <wk@gnupg.org>
-
- kbxd: Group the options.
- + commit ed82ef91459f72b955f4e342ab88a7a0949c436b
- * kbx/keyboxd.h (opt): Remove unused field 'batch'.
- * kbx/keyboxd.c (opts): Remove --batch. Add group descriptions.
-
-2021-03-22 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Support exporting Ed448 SSH key.
- + commit 1524a942b645d9facbedd9ed4a472e343838b6a1
- * common/openpgp-oid.c (oid_ed448, openpgp_oidbuf_is_ed448): New.
- (openpgp_oid_is_ed448): New.
- * common/util.h (openpgp_oid_is_ed448): New.
- * g10/export.c (export_one_ssh_key): Support Ed448 key.
-
- gpg: Fix exporting SSH key.
- + commit 0b45c5a9941094bd4529c3bf5b1cb8ce2584b9a4
- * g10/export.c (export_one_ssh_key): Finish base 64 encoder before
- writing out the comment string.
-
-2021-03-19 Werner Koch <wk@gnupg.org>
-
- card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.
- + commit 475644e049436c49de7620a1539515479ad2aa4f
- * tools/gpg-card.c (cmd_writecert): Allow the other key references.
- (cmd_readcert): Ditto.
-
- scd:openpgp: Allow reading and writing user certs for keys 1 and 2.
- + commit 37b1c5c2004c1147a13b388863aaa8f0caf7d71f
- * scd/iso7816.c (CMD_SELECT_DATA): New.
- (iso7816_select_data): New.
- * scd/app-openpgp.c (do_readcert): Allow OpenPGP.1 and OPENPGP.2
- (do_writecert): Ditto.
- (do_setattr): Add CERT-1 and CERT-2.
-
- scd:openpgp: Rename an internal variable.
- + commit bbdb48ec0ddd99ce23fcba42949c00a2594fb9a5
- * scd/app-openpgp.c (struct app_local_s): s/extcap_v3/is_v3/.
- s/max_certlen_3/max_certlen. Change users.
-
- scd:openpgp: Small speedup reading card properties.
- + commit d5fb5983232cf4d60cf6aa00d0ae5a16cf948e19
- * scd/app-openpgp.c (struct app_local_s): Add new flag.
- (get_cached_data): Force chace use if flag is set.
- (app_select_openpgp): Avoid reading DO 6E multiple times.
-
-2021-03-18 Werner Koch <wk@gnupg.org>
-
- scd:p15: Allow to use an auth object label with cmd CHECKPIN.
- + commit 85082a83c2c1bda50fe6b7aa2ac68cef4faca4c7
- * scd/app-p15.c (prepare_verify_pin): Allow for PRKDF to be NULL.
- (make_pin_prompt): Ditto.
- (verify_pin): Ditto.
- (do_check_pin): Allow using the Label to specify a PIN.
-
- card: Print PIN descriptions and fix number of printed retry counters.
- + commit 1ac189f2df6cedab3a133baca69558fdf6a908d4
- * tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo,
- and chvlabels.
- * tools/card-call-scd.c (release_card_info): Free chvlabels.
- (learn_status_cb): Parse CHV-LABEL. Set nmaxlen and nchvinfo.
- * tools/gpg-card.c (list_retry_counter): Print CHV labels.
-
- scd:p15: New attribute CHV-LABEL.
- + commit ef29a960bf06005c34093cd9a6bca5a202ed359a
- * scd/app-p15.c (parse_common_obj_attr): Map spaces in the lapel to
- underscores.
- (read_ef_aodf): Prettify printing of the type.
- (do_getattr): New attribute CHV-LABEL
- (do_learn_status): Emit CHV-LABEL.
- (verify_pin): Distinguish the PIN prompts.
-
- agent: Simplify a function.
- + commit 26215cb211ad93ad9cc51fb4f8257b9e3c254a4e
- * agent/findkey.c (agent_public_key_from_file): Use a membuf instead
- of handcounting space.
-
-2021-03-16 Werner Koch <wk@gnupg.org>
-
- scd:p15: Implement CHV-STATUS attribute.
- + commit bf1d7bc3697c7d650994ba94d3704af189594657
- * scd/command.c (send_status_direct): Return an error.
- * scd/app-p15.c (do_learn_status): Emit CHV-STATUS.
- (compare_aodf_objid): New.
- (do_getattr): Implement CHV-STATUS.
-
- card: Generalize the CHV counter printing.
- + commit e4c2d7be22ffb47b41a3b6c1152bd75dceed74e2
- * tools/gpg-card.c (list_retry_counter): New. Factored out from the
- other functions.
- (cmd_verify): Re-read the chv status.
-
-2021-03-16 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
-
- build: Check for the IBM TSS tools to run the tpm2d tests.
- + commit c0f50811fcf81e5ebe2df326342081cfdacfbbfc
- * configure.ac (TEST_LIBTSS): Make that conditional depend on the
- detection of tssstartup.
-
- build: Fix distcheck when tpm2dtests are run.
- + commit ad481666ea6ef3743041ec6d043a3e6901ebab33
- * tests/tpm2dtests/Makefile.am (EXTRA_DIST): Distribute test files.
- (CLEANFILES): Make sure to remove log files.
-
-2021-03-15 James Bottomley <James.Bottomley@HansenPartnership.com>
-
- tests:tpm2d: add missing start_sw_tpm.sh script.
- + commit a788f2e8306d80f7f3df34eb62ec7ce1a62d48e1
- * tests/tpm2dtests/start_sw_tpm.sh: New.
- * tests/tpm2dtests/Makefile.am: Add.
-
-2021-03-15 Werner Koch <wk@gnupg.org>
-
- gpg: New option --no-auto-trust-new-key.
- + commit 1523b5f76f6e600c4f2d153b49a807ff2dc8d268
- * g10/gpg.c (oNoAutoTrustNewKey): New.
- (opts): Add --no-auto-trust-new-key.
- (main): Set it.
- * g10/options.h (opt): Add flags.no_auto_trust_new_key.
-
- build: new option to disable building of tpm2daemon.
- + commit 8d6123faa8cae0bad6f82c9021e9ac6686b2f55d
- * configure.ac (build_tpmd): New configure option --disable-tpm2d
- (BUILD_WITH_TPM2D): New.
- * Makefile.am (tests): Use conditionally BUILD_TPM2D instead of
- HAVE_LIBTSS.
- * build-aux/speedo.mk (speedo_pkg_gnupg_configure) [W32]: Do not build
- tpm2d.
- * autogen.rc: Ditto.
-
-2021-03-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add handling of Ed448 key.
- + commit b743942a9719be59f1da67cd338248fe7ee5aeab
- * scd/app-openpgp.c (struct app_local_s): Add ecc.algo field.
- (send_key_attr): Use ecc.algo field.
- (ecc_read_pubkey): Use ecc.algo field.
- (ecc_writekey): Ed448 means EdDSA.
- (parse_algorithm_attribute): Set ecc.algo field from card.
- Add checking for Ed25519 for ECC_FLAG_DJB_TWEAK flag.
-
- scd: Fix count_sos_bits handling.
- + commit f482e4bd121ff2862bfb53a82f1d5c2cf3524a10
- * scd/app-openpgp.c (count_sos_bits): Handle an exceptional case.
-
- common: Fix the NBITS of Ed448in OIDTABLE.
- + commit 373b52e69a6ca609a663a0c4a018358fdf52dc7e
- common/openpgp-oid.c (oidtable): Ed448 uses 456-bit signature.
-
-2021-03-12 Werner Koch <wk@gnupg.org>
-
- scd: New option --pcsc-shared.
- + commit 5732e7a8e97cebf8e850c472e644e2a9b040836f
- * scd/scdaemon.h (opt): Add field opcsc_shared.
- * scd/scdaemon.c (opcscShared): New.
- (opts): Add "--pcsc-shared".
- (main): Set flag.
- * scd/apdu.c (connect_pcsc_card): Use it.
- (pcsc_get_status): Take flag in account.
- * scd/app-openpgp.c (cache_pin): Bypass in shared mode.
- (verify_chv2: Do not auto verify chv1 in shared mode.
- * scd/app-piv.c (cache_pin): By pass caceh in shared mode.
-
-2021-03-12 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix computing fingerprint for ECC with SOS.
- + commit 95156ef9bfb6a3a525454d50ae2f5b538ccbd774
- * scd/app-openpgp.c (count_sos_bits): New. Count as sos_write does.
- (store_fpr): For ECC, use count_sos_bits.
-
- gpg: Fix compute_fingerprint for ECC with SOS.
- + commit cfc1497efa8c98cf490f5efc9b280a6ec44514bd
- * g10/keyid.c (hash_public_key): Tweak NBITS just as sos_write does.
-
-2021-03-11 Valtteri Vuorikoski <vuori@notcom.org>
-
- scd:piv: Improve APT parser compatibility.
- + commit 8cad11d13b15b0ef672545b06450dfbea1fef18e
- * scd/app-piv.c (app_select_piv): Allow for full AID.
-
-2021-03-11 Werner Koch <wk@gnupg.org>
-
- gpg: New option --force-sign-key.
- + commit fe02ef04500c1b35cd27132fb99ac1961f555193
- * g10/gpg.c (oForceSignKey,opts): New option "--force-sign-key".
- (main): Set it.
- * g10/options.h (opt): New flag flags.force_sign_key.
- * g10/keyedit.c (sign_uids): Use new flag.
-
-2021-03-11 James Bottomley via Gnupg-devel <gnupg-devel@gnupg.org>
-
- tpmd2: Add Support for the Intel TSS.
- + commit b9c560e3a400da83073b232ee12fae090b21d20c
- * configure.ac: Check for Intel TSS.
- * tpm2d/intel-tss.h: New.
- * tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
-
-2021-03-10 James Bottomley <James.Bottomley@HansenPartnership.com>
-
- tpm2d: add tests for the tpm2daemon.
- + commit 6720f1343aef9342127380b155c19e12c92d65ac
- * configure.ac: Detect TPM emulator and enable tests.
- * tests/tpm2dtests/: New test suite.
- * tests/Makefile.am: Run tests.
-
- gpg: Add new command keytotpm to convert a private key to TPM format.
- + commit 92b601fceec7da64939591001dba94e202f6e6a0
- * agent/command.c (cmd_keytotpm): New.
- (agent/command.c): Register new command KEYTOTPM.
- * g10/call-agent.c (agent_keytotpm): New.
- * g10/keyedit.c (cmdKEYTOTPM): New command "keytotpm".
- (keyedit_menu): Implement.
-
- agent: Add new shadow key type and functions to call tpm2daemon.
- + commit 1f995b9ba42b76c1d83b484e5362548a54a70dab
- * agent/call-tpm2d.c: New.
- * divert-tpm2.c: New.
- * agent/Makefile.am: Add new files.
- * agent/agent.h (DAEMON_TPM2D): New. Add stub fucntions.
- * agent/call-daemon.c (GNUPG_MODULE_NAME_TPM2DAEMON): New.
- * agent/command.c (do_one_keyinfo): Handle tpmv2.
- * agent/gpg-agent.c (oTpm2daemonProgram): New.
- (opts): New option --tpm2daemon-program.
- (parse_rereadable_options): Handle option.
- * agent/pkdecrypt.c (agent_pkdecrypt): Divert to tpm2d.
- (agent_pksign_do): Ditto.
- ---
-
- A new shadow key type: "tpm2-v1" is introduced signalling that the
- shadowed key is handled by the tpm2daemon. A function to identify
- this type is introduced and diversions to the tpm2daemon functions are
- conditioned on this function for pkign and pkdecrypt where the same
- diversions to scd are currently done. The (info) field of the
- shadowed key stores the actual TPM key. The TPM key is encrypted so
- only the physical TPM it was created on can read it (so no special
- protection is required for the info filed), but if the (info) field
- becomes corrupt or damaged, the key will be lost (unlike the token
- case, where the key is actually moved inside the token).
-
- Note, this commit adds handling for existing TPM format shadow keys,
- but there is still no way to create them.
-
-
- Additional changes:
- * Add ChangeLog entries.
- * Some minor indentation fixes.
- * agent/Makefile.am (gpg_agent_SOURCES): Change to make distcheck
- work.
- * agent/agent.h [!HAVE_LIBTSS]: Do not return -EINVAL but an
- gpg_error_t. Mark args as unused.
- * agent/protect.c (agent_is_tpm2_key): Free BUF.
-
- tpm2d: Add tpm2daemon code.
- + commit 62a7854816b8f3661fb41f05463289e5b96663ee
- * tpm2d: New directory.
- * Makefile.am (SUBDIRS): Add directory.
- * configure.ac: Detect libtss and decide whether to build tpm2d.
- * am/cmacros.am: Add a define.
- * util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New.
- * common/homedir.c (gnupg_module_name): Add tpm2d.
- * common/mapstrings.c (macros): Add "TPM2DAEMON".
- * tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New.
- * tools/gpgconf-comp.c (known_options_tpm2daemon): New.
- (gc_component): Add TPM2.
- (tpm2daemon_runtime_change): New.
- * tpm2d/Makefile.am: New.
- * tpm2d/command.c: New.
- * tpm2d/ibm-tss.h: New.
- * tpm2d/tpm2.c: New.
- * tpm2d/tpm2.h: New.
- * tpm2d/tpm2daemon.c: New.
- * tpm2d/tpm2daemon.h: New.
-
- ---
- This commit adds and plumbs in a tpm2daemon to the build to mirror the
- operation of scdaemon. The architecture of the code is that
- tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with
- updated function prefixes (this argues there could be some further
- consolidation of the daemon handling code). Note that although this
- commit causes the daemon to be built and installed, nothing actually
- starts it or uses it yet.
-
- Command handling
- ----------------
-
- command.c is copied from the command handler in scd.c except that the
- command implementation is now done in terms of tpm2 commands and the
- wire protocol is far simpler. The tpm2daemon only responds to 4
- commands
-
- IMPORT: import a standard s-expression private key and export it to
- TPM2 format. This conversion cannot be undone and the
- private key now can *only* be used by the TPM2. To anyone
- who gets hold of the private key now, it's just an
- encrypted binary blob.
-
- PKSIGN: create a signature from the tpm2 key. The TPM2 form private
- key is retrieved by KEYDATA and the hash to be signed by
- EXTRA. Note there is no hash specifier because the tpm2
- tss deduces the hash type from the length of the EXTRA
- data. This is actually a limitation of the tpm2 command
- API and it will be interesting to see how this fares if the
- tpm2 ever supports say sha3-256 hashes.
-
- PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key.
- The tpm2 for private key is retrieved by KEYDATA and the
- information used to create the symmetric key by EXTRA.
-
- KILLTPM2D: stop the daemon
-
- All the tpm2 primitives used by command.c are in tpm2.h and all the
- tpm2 specific gunk is confined to tpm2.c, which is the only piece of
- this that actually does calls into the tss library.
-
-
- Changes from James' patch:
-
- - gpgconf: The displayed name is "TPM" and not "TPM2". That
- string is used by GUIs and should be something the user
- understands. For example we also use "network" instead
- of "Dirmngr".
- - Removed some commented includes.
- - Use 16 as emulation of GPG_ERR_SOURCE_TPM2.
- - Silenced a C90 compiler warning and flags unused parameters.
- - Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing
- files so that make distcheck works.
-
-2021-03-10 Werner Koch <wk@gnupg.org>
-
- scd:p15: Support special extended usage flags for OpenPGP keys.
- + commit 08b5ac492afc6c6e7eaaa1f70d67c81cbda2c9be
- * scd/app-p15.c (struct gpgusage_flags_s): New.
- (struct prkdf_object_s): Add field gpgusage.
- (struct app_local_s): Add field any_gpgusage.
- (dump_gpgusage_flags): New.
- (read_p15_info): Parse athe gpgusage flags.
- (do_getattr): Take care of the gpgusage flags.
-
-2021-03-08 Werner Koch <wk@gnupg.org>
-
- sm: Init nPth which might be used by some helper code.
- + commit a4021d9be4aeac7429bf6a8e9f336dbb62cacfc4
- * sm/gpgsm.c: Include npth.h.
- (main): Init nPth.
-
- w32: Cleanup use of pid_t in call-daemon.
- + commit 33c492dcb955bff01fffae31fb7750f88e07b8ff
- * agent/call-daemon.c (struct wait_child_thread_parm_s) [W32]: Do not
- use HANDLE for pid_t.
- (wait_child_thread): Ditto.
-
- w32: Change spawn functions to use Unicode version of CreateProcess.
- + commit cf2f6d8a3f0594c03c383b4989a3041e9c4536d7
- * common/exechelp-w32.c (gnupg_spawn_process): Change to use
- CreateProcessW.
- (gnupg_spawn_process_fd): Ditto.
- (gnupg_spawn_process_detached): Ditto.
- * g10/exec.c (w32_system): Ditto.
-
-2021-03-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for X448.
- + commit fc99f77b14b6c2cdfb547607651922c16863dcf0
- * scd/app-openpgp.c (do_decipher): Support with no prefix.
-
-2021-03-05 Werner Koch <wk@gnupg.org>
-
- w32: Always use Unicode for console input and output.
- + commit 8c41b8aac3efb78178fe1eaf52d8d1bbc44941a8
- * common/init.c (_init_common_subsystems) [W32]: Set the codepage to
- UTF-8 for input and putput. Switch gettext to UTF-8.
- * tools/gpgconf.c (main): Display the input and output codepage if
- they differ.
- * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set.
-
- w32: Free memory allocated by new function w32_write_console.
- + commit 31b708e268ebb725307856865f34a61670a35586
- * common/ttyio.c (w32_write_console): Free buffer.
-
- common,w32: Allow Unicode input and output with the console.
- + commit f165c8a737cc968554c9d78932c69869456108ff
- * common/ttyio.c (do_get) [W32]: Use ReadConsoleW.
- (w32_write_console): New.
- (tty_printf, tty_fprintf) [W32]: Use new function.
-
- common: Re-indent ttyio.c and remove EMX, RISCOS, and CE support.
- + commit 8622f53994249d8fb49a488cfe480ffbeb8cbfba
- * common/ttyio.c: Remove cruft like EMX and RISCOS support. Translate
- a few strings. Re-indent.
-
-2021-03-04 Werner Koch <wk@gnupg.org>
-
- common: Rename w32-misc.c to w32-cmdline.c.
- + commit 7262d602d802c4a3840097d5de217fcfb9728b49
- * common/w32-misc.c: Rename to ....
- * common/w32-cmdline.c: this.
- * common/Makefile.am: Adjust.
-
- common,w32: Implement globing of command line args.
- + commit 089c9439674e8ecbc64f0ba924e6fb447bbc2b9d
- * common/w32-misc.c [W32]: Include windows.h
- (struct add_arg_s): New.
- (add_arg): New.
- (glob_arg): New.
- (parse_cmdstring): Add arg argvflags and set it.
- (w32_parse_commandline): Add arg r_itemsalloced. Add globing.
-
- * common/init.c (prepare_w32_commandline): Mark glob created items as
- leaked.
-
- * common/t-w32-cmdline.c : Include windows.h
- (test_all): Add simple glob test for Unix.
- (main): Add manual test mode for Windows.
-
- common,w32: Refine the command line parsing for \ in quotes.
- + commit 20c60076866904187a09393de596deef286116f8
- * common/t-w32-cmdline.c (test_all): Add new test cases.
- * common/w32-misc.c (strip_one_arg): Add arg endquote.
- (parse_cmdstring): Take care of backslashes in quotes.
-
- gpg: Prepare for globing with UTF-8.
- + commit 8e15506d6680bbee85bc01453da28fc90b4cb673
- * g10/gpg.c (_dowildcard): Remove.
- (my_strusage): Enable wildcards using our new system.
-
- common: First take on handling Unicode command line args.
- + commit deb6c94362c0f179de1cac18707aad2f51a21e10
- * common/w32-misc.c: New.
- * common/t-w32-cmdline.c: New.
- * common/init.c: Include w32help.h.
- (prepare_w32_commandline): New.
- (_init_common_subsystems) [W32]: Call prepare_w32_commandline.
-
- * common/Makefile.am (common_sources) [W32]: Add w32-misc.c
- (module_tests): Add t-w32-cmdline
- (t_w32_cmdline_LDADD): New.
-
-2021-03-01 Nicolas Fella via Gnupg-devel <gnupg-devel@gnupg.org>
-
- gpg: Keep temp files when opening images via xdg-open.
- + commit be2da244565822ad1f268f84dc88a23e5aa8d26a
- * g10/photoid.c (get_default_photo_command): Change parameter for
- xdg-open.
-
-2021-02-25 Werner Koch <wk@gnupg.org>
-
- scd:p15: Read out the access flags.
- + commit d51a5ca1084c69c0ed304126a7aaa0a648b2eba6
- * scd/app-p15.c (struct keyaccess_flags_s): New.
- (struct prkdf_object_s): Add field accessflags.
- (dump_keyusage_flags): New.
- (dump_keyaccess_flags): New.
- (parse_keyaccess_flags): New.
- (parse_common_key_attr): Return access flags.
- (read_ef_prkdf): Parse the access flags. Allow for ECkeys.
- (read_ef_pukdf): Ditto. Use new functions for printing.
- (read_p15_info): Use new fucntion for printing.
-
- sm: Do not print certain issuer not found diags in quiet mode.
- + commit a170f0e73f38e474b6d4463433fe344eca865fa5
- * sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
- verbose mode. Do not print issuer not found diags in quiet mode.
- * sm/minip12.c (parse_bag_data): Add missing verbose condition.
-
- sm: Fix issuer certificate look error due to legacy error code.
- + commit 473b83d1b9efe51fcca68708580597dddf3f50b7
- * sm/certchain.c (find_up): Get rid of the legacy return code -1 and
- chnage var name rc to err.
- (gpgsm_walk_cert_chain): Change var name rc to err.
- (do_validate_chain): Get rid of the legacy return code -1.
-
-2021-02-24 Werner Koch <wk@gnupg.org>
-
- scd:p15: Get the label value of all objects for better diagnostics.
- + commit cfdaf2bcc85b3b6f16904006f239b400a3487ff8
- * scd/app-p15.c (struct cdf_object_s): Add fields authid, authidlen,
- and label.
- (struct prkdf_object_s): Add field label.
- (struct aodf_object_s): Ditto.
- (release_cdflist): Free new fields.
- (release_prkdflist): Free new field.
- (release_aodf_object): Ditto.
- (parse_common_obj_attr): Return the label.
- (read_ef_prkdf): Store the label.
- (read_ef_pukdf): Ditto.
- (read_ef_cdf): Use parse_common_obj_attr and store authid and label.
- Print them im verbose mode.
- (read_ef_aodf): Store the label and print it.
-
- sm: Silence some output on --quiet.
- + commit 615d2e4fb15859320ea0ebec1bb457c692c57f0a
- * sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
- * sm/gpgsm.c: Include minip12.h.
- (set_debug): Call p12_set_verbosity.
- * sm/import.c (parse_p12): Dump keygrip only in debug mode.
- * sm/minip12.c (opt_verbose, p12_set_verbosity): New.
- (parse_bag_encrypted_data): Print info messages only in verbose mode.
-
-2021-02-23 Werner Koch <wk@gnupg.org>
-
- scd:p15: Make it code work again for D-Trust cards.
- + commit 33aaa37e5bc0beb75305cdf9d8be850daccaee5e
- * scd/app-p15.c (select_and_read_binary): Allow to skip the select.
- (select_and_read_record): Return the statusword. Silence error
- message for SW_FILE_STRUCT.
- (select_ef_by_path): Fix selection with a home_DF.
- (read_first_record): Fallback to read_binary for CardOS and return
- info about this.
- (read_ef_prkdf): Use info from read_first_record to decide whether to
- use record or binary mode.
- (read_ef_pukdf): Ditto.
- (read_ef_aodf): Ditto.
- (read_ef_cdf): Ditto. New arg cdftype for diagnostics.
- (read_p15_info): Pass cdftype.
-
- * scd/apdu.h (SW_FILE_STRUCT): New.
- * scd/apdu.c (apdu_strerror): Map that one to a string.
- * scd/iso7816.c (map_sw): and to a gpg-error.
-
-2021-02-22 Werner Koch <wk@gnupg.org>
-
- scd: Fix readkey --info in case a readkey command is available.
- + commit 2490f4e8e1d1feecb44aefa79bd71f5f8b06c9a4
- * scd/command.c (do_readkey): Make --info also work if a readkey
- command is available.
-
- * scd/app-p15.c (cdf_object_from_certid): Fix a but introduced with
- the previous commit.
-
- scd:p15: Extract extended usage flagsand act upon them.
- + commit 488eaedc9a332d8164dea22e469354fc10b0a253
- * scd/app-p15.c: Add a couple of oid constants.
- (struct cdf_object_s): Replace fields image and imagelen by cert.
- (struct prkdf_object_s): Add extusage flags
- (send_keypairinfo): Use them.
- (cdf_object_from_certid): Factor parts out to ...
- (cdf_object_from_objid): new function.
- (read_ef_prkdf): Move info printing to ...
- (read_p15_info): here. Fill the extusage flags.
- (readcert_by_cdf): Cache the ksba cert object instead of the binary
- cert.
- * scd/app.c (select_additional_application): Fix a log_debug call.
- (scd_update_reader_status_file): Ditto.
-
- sm: Extend the list of known OIDs.
- + commit 4c9b509d2402f79668e502a9db5879280a4f683b
- * sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
- key usage.
-
-2021-02-19 Werner Koch <wk@gnupg.org>
-
- build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.
- + commit 5573ab714b92f6ee899a816998e56e1238f4c573
- * configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional.
- * tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always.
-
- scd: Minor tweak for easier backporting.
- + commit 6d4280b13ddc928ff6bc41bdf482030f0f814fdb
- * scd/app-common.h (APP_CARD): New. Use it in app-*.c to access
- app->card.
-
-2021-02-18 Werner Koch <wk@gnupg.org>
-
- po: Change translatability of a fallback string.
- + commit 0be4861762c21ebfb4c2e28bb9a3e5cfbc08e1a9
- * agent/call-pinentry.c (setup_genpin): Do not make the fallback
- translatable.
-
- speedo: Update w32 stuff from 2.2.
- + commit 919a969354d4021f2e64a948b4c224cd37323713
- * build-aux/speedo.mk: Update from 2.2. Add target w32-msi-release.
- * build-aux/speedo/w32/inst.nsi: Fix location of doc files.
- * build-aux/speedo/w32/wixlib.wxs: Add gpg-card and fix a wrong name.
- * Makefile.am (release): Support a WITH_MSI variable.
- (wixlibfile): Improve copying to archive.
- (release): Use AMTAR instead of TAR.
-
-2021-02-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
- + commit ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe
- * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
- extension.
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
- hostname - which is NULL and thus the same if not given. Fix minor
- error in error code handling.
-
-2021-02-16 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update gpg-error.m4 again.
- + commit 3fa1fa747b61867076e344c3eb07a66826c1983a
- * m4/gpg-error.m4: Update from libgpg-error.
-
-2021-02-15 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update gpg-error.m4.
- + commit 985e85dc0e6c54aa465a2af610c5a04fc10649a0
- * m4/gpg-error.m4: Update from libgpg-error.
-
-2021-02-12 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update gpg-error.m4.
- + commit e1e3f1db4660b5416828aeb636a7f767fadcc7a4
- * m4/gpg-error.m4: Update from libgpg-error.
-
- build: Fix library dependency of g13 test program.
- + commit 83e0a9d6b990aa517bc338b578f7faf393ae1b0d
- * g13/Makefile.am (t_common_ldadd): Add GPG_ERROR_LIBS.
-
-2021-02-10 Werner Koch <wk@gnupg.org>
-
- gpg: Do not allow old cipher algorithms for encryption.
- + commit 825dd7220ff6079cbe2d0df7fde93526c077fb6d
- * g10/gpg.c: New option --allow-old-cipher-algos.
- (set_compliance_option): Set --rfc4880bis explictly to SHA256 and
- AES256. Allow old cipher algos for OpenPGP, rfc4880, and rfc2440.
- * g10/options.h (opt): Add flags.allow_old_cipher_algos.
- * g10/misc.c (print_sha1_keysig_rejected_note): Always print the note
- unless in --quiet mode.
- * g10/encrypt.c (setup_symkey): Disallow by default algos with a
- blocklengt < 128.
- (encrypt_crypt): Ditto. Fallback by default to AES instead of 3DES.
- * g10/pkclist.c (algo_available): Take care of old cipher also.
- (select_algo_from_prefs): Use AES as implicit algorithm by default.
-
- * tests/openpgp/defs.scm (create-gpghome): Set allow-old-cipher-algos.
-
- Remove obsolete M4 macros.
- + commit 6e730c18816fbb3e074d93840396ed18f00ab7e2
- * m4/gnupg-pth.m4: Remove.
- * m4/libcurl.m4: Remove.
-
- Require GpgRT version 1.41.
- + commit 2b75b256054427119a284792540243c3471267d4
- * configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
- and set to 1.41.
- * common/sysutils.c (gnupg_access): Remove code for older gpgrt
- versions.
- * kbx/backend-sqlite.c: Ditto.
- * sm/gpgsm.c (main): Ditto.
-
-2021-02-09 Werner Koch <wk@gnupg.org>
-
- build: Make make distcheck work again.
- + commit f9e4dae08d7caed741d35916c46b8302e098d521
- * m4/Makefile.am (EXTRA_DIST): Remove isc-posix.m4
-
- tools: Remove the symcryptrun tool.
- + commit 209b7113f3493bd829ec5c90275ff95a273d9dd4
- * tools/symcryptrun.c: Remove.
- * tools/Makefile.am: Ditto.
- * doc/tools.texi: Remove man page.
- * configure.ac: Remove build option and tests used only by this tool.
- * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build
- symcryptrun.
-
-2021-02-05 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix selection of key.
- + commit 390f597868a5b5934f21f81ebf6ff110b6792283
- * g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED.
-
-2021-02-02 Werner Koch <wk@gnupg.org>
-
- gpg: Remove support for PKA.
- + commit 7f3ce66ec56a5aea6170b7eb1bda5626eb208c83
- * g10/gpg.c (oPrintPKARecords): Remove.
- (opts): Remove --print-pka-records.
- (main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
- * g10/options.h (EXPORT_DANE_FORMAT): Remove.
- (VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
- (KEYSERVER_HONOR_PKA_RECORD): Remove.
- * g10/packet.h (pka_info_t): Remove.
- (PKT_signature): Remove flags.pka_tried and pka_info.
- * g10/parse-packet.c (register_known_notation): Remove
- "pka-address@gnupg.org".
- * g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
- * g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
- * g10/export.c (parse_export_options): Remove "export-pka".
- (do_export): Adjust for this.
- (write_keyblock_to_output): Ditto.
- (do_export_stream): Ditto.
- (print_pka_or_dane_records): Rename to ...
- (print_dane_records): this and remove two args. Remove PKA printing.
- * g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
- pka_info field.
- * g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
- * g10/keyserver.c: Remove "honor-pka-record".
- (keyserver_import_pka): Remove.
- * g10/mainproc.c (get_pka_address): Remove.
- (pka_uri_from_sig): Remove.
- (check_sig_and_print): Remove code for PKA.
-
- gpg: Remove more or less useless tool gpgcompose.
- + commit fde7d833573d358b2c5b5eb7d837bc27c6dcb3d1
- * g10/gpgcompose.c: Remove
-
- gpg: Remove experimental feature to export w/o user-ids.
- + commit 3491faa3bb62c1c96c6dd5947516128b2a966535
- * g10/options.h (IMPORT_DROP_UIDS, EXPORT_DROP_UIDS): Remove.
- * g10/import.c (parse_import_options): Remove option import-drop-uids.
- (import_one_real): Remove drop uids code.
- (remove_all_uids): Remove function.
- * g10/export.c (parse_export_options): Remove option export-drop-uids.
- (do_export_one_keyblock): Remove drop uids code.
-
- card: List keys of pkcs#15 cards.
- + commit a06c79b6143fc49e6f5169b8a9f53c691031d6ca
- * tools/gpg-card.c (list_p15): New.
- (list_card): Call it.
-
- scd:p15: Read PuKDF and minor refactoring.
- + commit 0c080ed5791ecf1606d1c2fddc0c55362fd171d3
- * scd/app-p15.c (pukdf_object_t): New.
- (struct app_local_s): Add field public_key_info.
- (release_pukdflist): New.
- (select_and_read_record): No diagnostic in case of not_found.
- (read_first_record): New. Factored out from the read_ef_ fucntions.
- (read_ef_pukdf): New. Basically a copy of read_ef_prkdf for now.
- (read_p15_info): Also read the public keys.
-
- (cardtype2str): New.
- (read_ef_tokeninfo): Print a string with the cardtype.
-
-2021-02-01 Werner Koch <wk@gnupg.org>
-
- sm: Add a few OIDs and merge OID tables.
- + commit 0737dc8187a0eb9ca4661e2ad45954c718daa451
- * sm/keylist.c (OID_FLAG_KP): New.
- (key_purpose_map): Merge into ...
- (oidtranstbl): this.
- (get_oid_desc): New arg 'matchflag'. Use function in place of direct
- access to key_purpose_map.
-
-2021-01-28 Werner Koch <wk@gnupg.org>
-
- Include the library version in the compliance checks.
- + commit 90c514868ff5fcf6d39490d4874ac3a31ba9e85f
- * common/compliance.c (gnupg_gcrypt_is_compliant): New.
- (gnupg_rng_is_compliant): Also check library version.
- * g10/mainproc.c (proc_encrypted): Use new function.
- (check_sig_and_print): Ditto.
- * sm/decrypt.c (gpgsm_decrypt): Ditto.
- * sm/encrypt.c (gpgsm_encrypt): Ditto.
- * sm/verify.c (gpgsm_verify): Ditto
-
-2021-01-27 Werner Koch <wk@gnupg.org>
-
- scd:p15: Make file selection more robust.
- + commit 1e197c29ed95d021f5693cd3652b6acb07d928ea
- * scd/app-p15.c: Include host2net.h.
- (DEFAULT_HOME_DF): New.
- (select_and_read_binary): Replace slot by app. Change callers. Use
- select_ef_by_path.
- (select_and_read_record): ditto.
- (select_ef_by_path): Make use use the home_df.
- (parse_certid): Adjust for always set home_df.
- (print_tokeninfo_tokenflags): Ditto.
- (app_select_p15): Take the home_df from the FCI returned by select.
-
- scd: Define new status word.
- + commit 7620473cd007c074b0625a678caa6105a4c87142
- * scd/apdu.h (SW_NO_CURRENT_EF): New.
-
- scd:p15: Factor the commonKeyAttributes parser out.
- + commit 5bcbc8cee310067aa3cc48665b0fb0595c64ae4d
- * scd/app-p15.c (read_ef_prkdf): Fix detection of unsupported key
- objects. Factor some code out to ...
- (parse_common_key_attr): new.
-
- gpg: Fix ugly error message for an unknown symkey algorithm.
- + commit b08418d22cc898c9d135217e07ca77f3daf3c9e9
- * g10/mainproc.c (proc_symkey_enc): Do not continue with an unknown
- algorithm.
-
-2021-01-26 Werner Koch <wk@gnupg.org>
-
- scd:p15: Factor the commonObjectAttributes parser out.
- + commit fb84674d6c645a423b8ed9835437d25e4893e183
- * scd/app-p15.c (parse_common_obj_attr): New.
- (read_ef_prkdf): Use new function.
- (read_ef_aodf): Ditto.
-
- scd:p15: First step towards real CardOS 5 support.
- + commit fc287c0552b0fe489c66bb493879f4330c34f287
- * scd/iso7816.c (iso7816_select_path): Add arg from_cdf.
- * scd/app-nks.c (do_readkey): Adjust for this change.
-
- * scd/app-p15.c (CARD_TYPE_CARDOS_53): New.
- (IS_CARDOS_5): New.
- (card_atr_list): Add standard ATR for CardOS 5.3.
- (select_and_read_binary): Remove the fallback to record read hack.
- (select_and_read_record): New.
- (select_ef_by_path): Rework and support CardOS feature.
- (read_ef_prkdf): Use read record for CardOS.
- (read_ef_cdf): Ditto.
- (read_ef_aodf): Ditto. Also fix bug in the detection of other
- unsupported attribute types.
- (verify_pin): Use IS_CARDOS_5 macro.
- (app_select_p15): Force direct method for CardOS.
-
-2021-01-25 Werner Koch <wk@gnupg.org>
-
- agent: Support ssh-agent extensions for environment variables.
- + commit 224e26cf7b67f22bb0140133eac6b4ad24f3b1b7
- * common/session-env.c (session_env_list_stdenvnames): Extend to allow
- return all names as one string.
- * agent/command-ssh.c (SSH_REQUEST_EXTENSION): New.
- (SSH_RESPONSE_EXTENSION_FAILURE): New.
- (request_specs): Add handler for the extension command.
- (ssh_handler_extension): New.
-
-2021-01-21 Werner Koch <wk@gnupg.org>
-
- scd:p15: Show the ATR as part of the TokenInfo diagnostics.
- + commit 60499d98940d4b7a1673b8584cafe0f7ac2901dd
- * scd/app-p15.c (read_ef_tokeninfo): Print the ATR in verbose mode.
-
-2021-01-19 Werner Koch <wk@gnupg.org>
-
- Require Libgcrypt 1.9.
- + commit 9500432b7ae10d98b30c58de4357e2ffb93bf795
- * configure.ac: Require at least Libgcrypt 1.9.0. Remove all
- GCRYPT_VERSION_NUMBER dependent code.
-
-2021-01-12 Werner Koch <wk@gnupg.org>
-
- tools: Add option --clock to watchgnupg.
- + commit 93d5d7ea2a8b110b3ad88be25f2f67d706361e44
- * tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use
- clock_gettime.
- (print_version): New option --clock.
-
-2021-01-11 Werner Koch <wk@gnupg.org>
-
- gpg,w32: Fix gnupg_remove.
- + commit b6967d31912912ad3c0a2ff6bf6eb9822a194562
- * common/sysutils.c (map_w32_to_errno): New.
- (gnupg_w32_set_errno): New.
- (gnupg_remove) [w32]: Set ERRNO
-
-2021-01-06 Ingo Klöcker <dev@ingo-kloecker.de>
-
- I meant "SHA-2 digests" in the previous commit.
- + commit 7eef40cc1143fb19132786ebcca1c9a6c9a85e6e
-
-
- scd:nks: Add support for signing plain SHA-3 digests.
- + commit 8fe976d5b9a0f2902868737dd502c749565222a6
- * scd/app-nks.c (do_sign): Handle plain SHA-3 digests and verify
- encoding of ASN.1 encoded hashes.
-
-2020-12-30 Werner Koch <wk@gnupg.org>
-
- wkd: Minor permission fix for created files.
- + commit c008e8d20e12c8845403ad7dad499f6a196ecc6a
- * tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file.
- (ensure_policy_file): No need to make the policy file group writable.
-
-2020-12-21 Werner Koch <wk@gnupg.org>
-
- common: Remove superfluous debug output from dotlock.c.
- + commit fc0eaa9add3c9bc93d4404988be3e1eb8f88ffa2
- * common/dotlock.c (dotlock_create_unix): Remove debug output.
-
- doc: Explain LDAP keyserver parameters.
- + commit e0cbb97925a109fee7c0a7450bcac120f2766ed2
-
-
-2020-12-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Do not block threads in LDAP keyserver calls.
- + commit 355e2992c043dd3241a9e838255f01418490ef33
- * dirmngr/ks-engine-ldap.c: Wrap some ldap calls.
-
-2020-12-17 Werner Koch <wk@gnupg.org>
-
- gpg: New AKL method "ntds"
- + commit 4a3836e2b2f9a91995d5ce058820e1121298f548
- * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Change the new
- support for KEYDB_SEARCH_MODE_MAIL.
- (ks_ldap_get): Add a debug.
- * g10/options.h (AKL_NTDS): New.
- * g10/keyserver.c (keyserver_import_ntds): New.
- (keyserver_get_chunk): Allow KEYDB_SEARCH_MODE_MAIL.
- * g10/getkey.c (parse_auto_key_locate): Support "ntds".
- (get_pubkey_byname): Ditto.
-
- dirmngr: Support "ldap:///" for the current AD user.
- + commit 1194e4f7e2dff620e0da87f212f3a35f8021b142
- * dirmngr/http.h (struct parsed_uri_s): Add field ad_current.
- * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Set it.
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Take care of ad_current.
-
- dirmngr: Allow LDAP searches via fingerprint.
- + commit 2cadcce3e877c857bb8859574762b59b9c193b44
- * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Add arg
- serverinfo and allow searching by fingerprint.
- (ks_ldap_get, ks_ldap_search): First connect then create teh filter.
-
-2020-12-15 Werner Koch <wk@gnupg.org>
-
- dirmngr: Store all version 2 schema attributes.
- + commit a2434ccabdd1956876b44e05e07c3c3630c50f8f
- * g10/call-dirmngr.c (ks_put_inq_cb): Emit "fpr" records.
- * dirmngr/ks-engine-ldap.c (extract_attributes): Add args
- extract-state and schemav2. Add data for the new schema version.
- remove the legacy code to handle UIDs in the "pub" line.
- (ks_ldap_put): Set new attributes for NTDS use the fingerprint as CN.
-
-2020-12-14 Werner Koch <wk@gnupg.org>
-
- dirmngr: Support the new Active Directory schema.
- + commit e9ddd61fe979b1b8e1a4801f7f916d0222397245
- * dirmngr/ks-engine-ldap.c (SERVERINFO_): New constants.
- (my_ldap_connect): Relace args pgpkeyattrp and real_ldapp by a new
- serverinfo arg. Set the new info flags.
- (ks_ldap_get): Adjust for change.
- (ks_ldap_search): Ditto.
- (ks_ldap_put): Ditto. Replace xmalloc by xtrymalloc. Change the DN
- for use with NTDS (aka Active Directory).
- * doc/ldap/gnupg-ldap-init.ldif (pgpSoftware): Update definition of
- pgpVersion.
- * doc/ldap/gnupg-ldap-ad-init.ldif: New.
- * doc/ldap/gnupg-ldap-ad-schema.ldif: New.
-
- dirmngr: Do not store the useless pgpSignerID in the LDAP.
- + commit cc056eb534c1b8f7d1a90af3b9ecb9d6b2f322fa
- * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
- pgpSignerID.
- * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
-
- dirmngr: Fix adding keys to an LDAP server.
- + commit 37a899d0e4fd49512d522e7f6f86b6968309fece
- * dirmngr/ks-engine-ldap.c (ks_ldap_put): Extract attribites into
- addlist.
-
-2020-12-11 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:nks: Support READKEY with keygrip and for "NKS-IDLM" keyref.
- + commit 3b392630881350baabeba16fa760bad04be94d03
- * scd/app-nks.c (do_readkey): Allow KEYGRIP access.
- Support NKS-IDLM.XXXX keyref.
-
- scd:nks: Factor out pubkey retrieval from keygrip handling.
- + commit b7c087375d84c31ab8a645cd81e6b1e6185cb30d
- * scd/app-nks.c (pubkey_from_pk_file): New.
- (keygripstr_from_pk_file): Use pubkey_from_pk_file.
-
-2020-12-10 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:nks: Add support of KEYGRIP for do_readcert.
- + commit 4020cd9d656264bec5e7fb5e45c5e06eff8656c3
- * scd/app-nks.c (do_readcert): Support KEYGRIP.
-
- scd:nks: Factor out iteration over filelist.
- + commit 6c4365847666cefac73ccc743a99fac473da2186
- * scd/app-nks.c (iterate_over_filelist): New.
- (do_with_keygrip): Use iterate_over_filelist.
-
-2020-12-09 Werner Koch <wk@gnupg.org>
-
- wks-client: Improve an error message.
- + commit c7c88648b71b8ce3a5507946afb91761fc6d931e
- * tools/gpg-wks-client.c (read_confirmation_request): Print trust
- letter.
-
-2020-12-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:ccid:spr532: Extend abort_cmd for initialization time.
- + commit a9aa30ed2c2c399c2baa6a5aa2624d8fdee6286f
- * scd/ccid-driver.c (abort_cmd): Add INIT argument to support
- synchronize until success, even ignoring timeout.
- (bulk_in): Normal use case of abort_cmd.
- (ccid_vendor_specific_init): Initial use case of abort_cmd.
-
- scd:ccid: Call libusb_clear_halt in ccid_vendor_specific_setup.
- + commit f50373027222f28ab9d37843178a5d44cc1e3cc0
- * scd/ccid-driver.c (ccid_vendor_specific_setup): Only for SPR532,
- call libusb_clear_halt.
-
- scd:ccid: Revert the addition of libusb_clear_halt for EP_INTR.
- + commit ffabc29d5eadfe81b9f62b7d4fe6e858b191354d
- * scd/ccid-driver.c (ccid_setup_intr): Don't call libusb_clear_halt.
-
-2020-12-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:yubikey: Fix support of Yubikey NEO.
- + commit 946555ea3ceb823b95ed13654ae4fd667daa4337
- * scd/app-openpgp.c (get_public_key): Yubikey NEO also has this issue.
-
- agent: Allow decryption with card but no file.
- + commit eda3c688fc2e85c7cd63029cb9caf06552d203b4
- * agent/pkdecrypt.c (agent_pkdecrypt): Support decryption with card
- but without a stub key.
-
- agent: Clean up the API of agent_pkdecrypt.
- + commit 9beab36dfa39106f6efd1bb89551a581bcf9df60
- * agent/agent.h (agent_pkdecrypt): Use gpg_error_t type.
- * agent/pkdecrypt.c (agent_pkdecrypt): Use gpg_error_t type.
-
- agent: Allow pksign operation with card but no file.
- + commit cbb0e069f55bc45037bbd69d54ce23dae2af2ac6
- * agent/pksign.c (agent_pksign_do): Add support with no file.
-
-2020-12-07 Ingo Klöcker <dev@ingo-kloecker.de>
-
- gpg: Make quick-gen-key with algo "card" work for keys without keytime.
- + commit 255d33d65126df00bc036580d0b32735d7178c8b
- * g10/keygen.c (quick_generate_keypair): Set pCARDKEY flag if algostr
- is "card" or "card/...".
-
-2020-12-07 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg,card: Allow no version information of Yubikey.
- + commit 1cd615afe3010d2c3919de489d7c9a78513c8694
- * g10/call-agent.c (learn_status_cb): Assume >= 2 when no version.
- * tools/card-call-scd.c (learn_status_cb): Likewise.
-
-2020-12-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:nks: Fix caching keygrip (more).
- + commit 87d2c579cc38c1d2787945650125fb0e0336652c
- * scd/app-nks.c (keygripstr_from_pk_file): Distinguish by APP_ID.
-
- scd: Fix KEYINFO command with --data option.
- + commit 54b88ae4606265f3d51c1ca603dbf846f3dfd678
- * scd/command.c (cmd_keyinfo): Handle --data option correctly.
-
- scd:openpgp: Fix writing ECC key to card.
- + commit a25c99b156ca9acaa7712e9c09a6df0a7a23c833
- * scd/app-openpgp.c (build_privkey_template): Adding another argument
- of ecc_d_fixed_len to handle variable-size MPI.
-
-2020-12-02 Werner Koch <wk@gnupg.org>
-
- kbx: Better error message in case of a crippled Libgcrypt.
- + commit 63ed2054a1f3cfbdff5cda390952f10a512dab83
- * kbx/keybox-openpgp.c (keygrip_from_keyparm): Detect missing curve.
-
-2020-12-01 Jens Meißner <meissner@b1-systems.de>
-
- doc: Add parameters for batch generation of ECC keys.
- + commit 4f9ac5dac093300ac18fd3732bffdd2a3fc38776
- * doc/gpg.texi: Add parameters for batch generation of ECC keys.
-
-2020-11-30 Werner Koch <wk@gnupg.org>
-
- scd:nks: Minor additions to the basic IDLM application support.
- + commit 806547d9d243b26c2275fc00c645ee39d258b49b
- * scd/app-nks.c (filelist): Use special value -1 for IDLM pubkeys.
- (keygripstr_from_pk_file): Handle special value.
- (do_readcert): Ditto.
- (do_writecert): Ditto.
-
-2020-11-27 Werner Koch <wk@gnupg.org>
-
- card: Let the APDU command prints a description of the status word.
- + commit ad469609b101fe6c1128135180fef8eae13279ff
- * tools/card-call-scd.c (scd_apdu_strerror): New.
- * tools/gpg-card.c (cmd_apdu): Print a description.
-
- scd: New getinfo sub-command apdu_strerror.
- + commit 0e34683a6c4b037aa50ca0f97ddb9d5c4e499084
- * scd/apdu.c (apdu_strerror): Add missing status codes.
- * scd/command.c (cmd_getinfo): New sub-command apdu_strerror.
-
- card: Netkey improvement for passwd.
- + commit 5804db1a13d2cf8f4010d1257c586bed978c3173
- * tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the
- card does not support it. Print no error in cases the user canceled.
-
-2020-11-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd:ccid-driver: Fix pinpad error handling for cancel/timeout.
- + commit bb591222c3c5cb1a1750b1b1dd26d0bc53b347cb
- * scd/apdu.h (SW_HOST_UI_CANCELLED, SW_HOST_UI_TIMEOUT): New.
- * scd/ccid-driver.h (CCID_DRIVER_ERR_UI_CANCELLED): New.
- (CCID_DRIVER_ERR_UI_TIMEOUT): New.
- * scd/ccid-driver.c (bulk_in): Handle PIN input cancel/timeout error.
- * scd/iso7816.c (map_sw): Support SW_HOST_UI_CANCELLED and
- SW_HOST_UI_TIMEOUT.
-
-2020-11-26 Werner Koch <wk@gnupg.org>
-
- agent: Fix YK s/n and prettify the request card prompt for Yubikeys.
- + commit 7113263a00d8c9b09f0dfdb9590bfe2bab1bc776
- * agent/divert-scd.c (ask_for_card): Detect and re-format the Yubikey
- prompt.
- * scd/app.c (app_munge_serialno): Fix Yubikey s/n munging.
- (card_get_dispserialno): Ditto.
- * scd/app-openpgp.c (get_disp_serialno): Remove.
- (get_prompt_info): Use app_get_dispserialno.--
-
- scd: Do not try to use a non-enabled app after card switching.
- + commit d784e763495c8d53e29a2debdd9c0e0578f15a6a
- * scd/app.c (app_dump_state): Also print the refcount.
- (maybe_switch_app): Make sure the app exists on the card.
-
- scd: Add special serialno compare for OpenPGP cards.
- + commit 764c69a841abc1a4dff2fa86b4cd0b63ec737860
- * scd/app.c (is_same_serialno): New.
- (check_application_conflict): Use this.
- (select_application): Ditto.
- (app_switch_current_card): Ditto.
- * scd/app-openpgp.c (check_keyidstr): Ignore the card version and also
- compare case insensitive.
-
-2020-11-26 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Report an error for receiving key from agent.
- + commit 605ab99912ac632363d1b4378a710229e40ca99e
- * g10/export.c (do_export_one_keyblock): Report an error.
-
- scd,nks: Fix caching keygrip.
- + commit 920154370834ad8d947aed19c9d914a27dde6baa
- * scd/app-nks.c (keygripstr_from_pk_file): Identify by cfid if
- available.
-
-2020-11-25 Werner Koch <wk@gnupg.org>
-
- scd:p15: Print the internal card type.
- + commit 00037f499db830c75fee2111dfbef72fa11bd98a
- * scd/app-p15.c (read_ef_tokeninfo): Print the internal card type.
-
- scd:p15: Improve support for some CardOS based cards.
- + commit c7b9a4ee439eca5a4bde4781f7d8983af3b9201e
- * scd/iso7816.c (iso7816_read_binary_ext): Add optional arg r_sw and
- change callers.
- (iso7816_read_record): Factor all code out to ...
- (iso7816_read_record_ext): new.
- * scd/app-p15.c (select_and_read_binary): Fallback to record reading.
- (read_ef_aodf): Clear EOF error.
-
- scd: Rework the handling of the displayed serial number.
- + commit 3a8250c02031080c6c8eebd5dea03f5f87f9ddd7
- * scd/app.c (app_new_register): Call app_munge_serialno for Yubikeys.
- (app_munge_serialno): Handle Yubikey serial numbers.
- (card_get_serialno): Remove special Yubikey treatment. Drop arg
- is_canonical.
- (app_get_serialno): Clear ERRNO on error.
- (card_get_dispserialno): New. Also change formatting of Yubikey and
- OpenPGP numbers to match those printed on the card.
- (app_get_dispserialno): New.
- * scd/app-openpgp.c (do_getattr): Use app_get_dispserialno.
- (yubikey_get_serialno): Remove.
- * scd/app-piv.c (get_dispserialno): Remove.
- (do_getattr): Use app_get_dispserialno.
-
-2020-11-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix an error return for READKEY.
- + commit c3a20c88fb30b0fc4ce50a01de97fae333003682
- * scd/command.c (cmd_readkey): Return when error.
-
- scd,nks: Fix SEGV for learn for older card.
- + commit 006944b856ee2202905290e8a2f5523a7877d444
- * scd/app-nks.c (keygripstr_from_pk_file): Set algostr.
-
-2020-11-20 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Change API of agent_scd_serialno.
- + commit 777019faf0b8f10a897c3ee477d35f9b29f02224
- * g10/call-agent.c (agent_scd_serialno): Extend API to allow with
- R_SERIALNO == NULL.
- * g10/card-util.c (card_status): Use NULL for agent_scd_serialno.
- (factory_reset): Likewise.
- * g10/skclist.c (build_sk_list): Likewise.
-
- Fix the previous comment changes help doc string.
- + commit cc8b99d18e26397028ca185e44d0886a94cc1bf6
- * scd/command.c (hlp_learn): Fix the doc string.
-
-2020-11-19 Werner Koch <wk@gnupg.org>
-
- gpgconf: Also print revision of libksba.
- + commit 4070f302e4decc8d54d1305cbd30f6dab052ef7e
- * dirmngr/dirmngr.c (get_revision_from_blurb): Fix detection of empty
- string.
- (gpgconf_versions): Print ksba revision.
-
-2020-11-19 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix creating shadow key on card key generation.
- + commit 8ddadbbdbbe20b9e87eb2bfa142577e26dae297e
- * agent/command.c (cmd_readkey): Fix handling --card option.
-
- gpg: Fix --card-edit command.
- + commit e45455d3020ca8f21c54112b6dfb1cc9bd3f2623
- * g10/card-util.c (get_info_for_key_operation): Revert the change.
-
-2020-11-18 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update to newer autoconf constructs.
- + commit d66fb3aa53a6c4a815fe35a15e3c61886c5df628
- * acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
- AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
- (GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
- * configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
- Use AS_HELP_STRING instead of AC_HELP_STRING.
- (AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
- (AC_TYPE_SIGNAL): Remove.
- * m4/isc-posix.m4: Remove.
- * m4/codeset.m4: Update from gnulib.
- * m4/gettext.m4: Update from gnulib.
- * m4/lcmessage.m4: Update from gnulib.
- * m4/socklen.m4: Update from gnulib.
- * m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
- Use AC_LINK_IFELSE instead of AC_TRY_LINK.
- Use AC_RUN_IFELSE instead of AC_TRY_RUN.
- * m4/gpg-error.m4: Update from libgpg-error.
- * m4/readline.m4: Update from libgpg-error.
- * m4/npth.m4: Update from npth.
- * m4/libassuan.m4: Update from libassuan.
- * m4/libgcrypt.m4: Update from libgcrypt.
- * m4/ksba.m4: Update from libksba.
- * m4/ntbtls.m4: Update from ntbtls.
- * common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
- RETSIGTYPE to void.
- [!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
-
- build: Use modern Autoconf check for types.
- + commit aeeb8e975dc740cb79954de7fec4fcfe902d3a42
- * common/types.h: Use HAVE_TYPE_BYTE, HAVE_USHORT_TYPEDEF,
- HAVE_ULONG_TYPEDEF, HAVE_U16_TYPEDEF, and HAVE_TYPE_U32.
- * configure.ac (byte, ushort, ulong, u16, u32): Use AC_CHECK_TYPES.
-
-2020-11-13 Werner Koch <wk@gnupg.org>
-
- gpg: Fix the encrypt+sign hash algo preference selection for ECDSA.
- + commit e37c2e184448f64e285f925ab9636b5f21be99f7
- * g10/keydb.h (pref_hint): Change from union to struct and add field
- 'exact'. Adjust callers.
- * g10/pkclist.c (algo_available): Take care of the exact hint.
- * g10/sign.c (sign_file): Rework the hash detection from
- recipient prefs.
-
-2020-11-12 Werner Koch <wk@gnupg.org>
-
- gpgconf: Yet another fix for --apply-profile.
- + commit e546cc78b75978a696298f2fcc072faeb7f69be4
- * tools/gpgconf.c (main): Use gnupg_homedir instead of
- default_homedir. Check for existance of the directory.
-
-2020-11-11 Werner Koch <wk@gnupg.org>
-
- w32: Replace some fopen by es_fopen.
- + commit d574213ce21c495d9432eeb5956e8857826876c6
- * agent/protect-tool.c (read_file): Replace fopen by es_fopen.
- * dirmngr/dirmngr-client.c (read_pem_certificate): Ditto.
- (read_certificate): Ditto.
- * g10/keydb.c (rt_from_file): Ditto.
- * kbx/kbxutil.c (read_file): Ditto.
- * g10/plaintext.c (get_output_file) [__riscos__]: Remove code.
-
-2020-11-11 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix the previous commit.
- + commit dd2703096f3ee7f4b6b96e2b649daf85aa8d6030
- * g10/delkey.c (do_delete_key): Fix the condition for the error.
-
-2020-11-10 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: In batch mode, delete-secret-key is not okay without --yes.
- + commit f9bbc751633f38f58fecb71c33aae735e9b30241
- * g10/delkey.c (do_delete_key): Emit an error when not --yes.
-
- gpg: Fix agent_delete_key interaction.
- + commit 9854369a729b9fde43eac2e2f7154f5187378787
- * g10/call-agent.c (agent_delete_key): Set up CTX.
-
-2020-11-09 Werner Koch <wk@gnupg.org>
-
- card: Run factory-reset in locked stated also in gpg-card.
- + commit 12fd10791f1dec4ec42810d7b92c69e1ae2327b9
- * tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs.
- * tools/card-misc.c (send_apdu): Handle them.
- * tools/gpg-card.c (cmd_factoryreset): Use lock commands.
-
- card: Run factory-reset in locked stated.
- + commit 8fb0d5e3c775f40e321689b35431d81425406237
- * scd/command.c (reset_notify): Add option --keep-lock.
- (do_reset): Add arg keep_lock.
- (cmd_lock): Send progress status.
- * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs.
- * g10/card-util.c (send_apdu): Ditto.
- (factory_reset): Use lock commands.
-
- gpg: Do not print rejected digest algo notes with --quiet.
- + commit e08e1d62d089a154ec5d7c80cd58e8e3b18d2d6b
- * g10/misc.c (print_digest_rejected_note): Do not print in quiet mode.
- (print_sha1_keysig_rejected_note): Ditto.
-
-2020-11-09 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix SOS handling when exporting SSH key with libgcrypt 1.8.
- + commit bf3a9377d147d8a83d9c71ca5a7284897c913951
- * g10/export.c (key_to_sshblob): Fix SOS correctly.
-
- agent: Fix SOS handling with libgcrypt 1.8.
- + commit ba4f68416742eb241ec5490d16f88b0eb0bdc811
- * agent/cvt-openpgp.c (apply_protection): Handle opaque MPI.
-
-2020-11-06 Werner Koch <wk@gnupg.org>
-
- agent: Minor tweaks to the new genpin inquiry.
- + commit c896112fa3f7f3289b5198bfac992160feb0ad0a
- * agent/call-pinentry.c (generate_pin): Use STRING random which is
- sufficient for a passphrase.
- (inq_cb): s/rc/err/. Do not print two errors in case generate_pin
- fails. Lowercase strings as per GNU standards.
- (setup_genpin): Fix translation test.
- (setup_qualitybar): Ditto.
-
-2020-11-06 Andre Heinecke <aheinecke@gnupg.org>
-
- agent: Add genpin inquiry for pinentry.
- + commit 557ddbde32585c534626b57a595a2ccf28fd585e
- * agent/call-pinentry.c (agent_get_passphrase): Setup genpin.
- (do_getpin): Update with new name for inquire callback.
- (inq_quality): Rename to inq_cb and add genpin support.
- (inq_cb): Renamed form inq_quality.
- (generate_pin): New helper to generate a pin.
- (agent_askpin): Fix some typos.
- (setup_genpin): Provide new strings for pinentry.
-
-2020-11-05 Ben Kibbey <bjk@luxsci.net>
-
- gpg: Add canceled status message.
- + commit 31e47dfad0f40e31e8b3113b933696e8e4105136
- * common/status.h (STATUS_CANCELED_BY_USER): New.
- * g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
- instead of STATUS_MISSING_PASSPHRASE when canceled is set.
-
-2020-11-05 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Use lock_slot for apdu_send_direct.
- + commit f808012ac2cf67ec563da178d963f300a7f2564d
- * scd/apdu.c (apdu_send_direct): Use lock_slot.
-
- scd: Internal CCID driver: Fix a race condition on close.
- + commit 484bafda4dbf5ffe9e7c41ef24fbc5bd791a3b32
- * scd/ccid-driver.c (ccid_require_get_status): For VENDOR_SCM reader,
- return 0 only at the initial call.
- (bulk_in): Don't detect an error for VENDOR_SCM reader, just kicking
- the loop, to invoke scd_update_reader_status_file, which calls
- ccid_slot_status again.
- (ccid_slot_status): Move the call of ccid_vendor_specific_setup to...
- (ccid_get_atr): ... here.
-
-2020-11-04 Werner Koch <wk@gnupg.org>
-
- speedo,w32: Install gpg-check-pattern and example profiles.
- + commit f5a81953e172a7bb4d02f2dc0e398f379c39ec84
- * doc/examples/vsnfd.prf: Rename to VS-NfD.prf.
- * doc/examples/Automatic.prf: New.
- * doc/Makefile.am (examples): Adjust.
- * build-aux/speedo/w32/inst.nsi: Install gpg-check-pattern.exe and 3
- example files.
- * build-aux/speedo/w32/wixlib.wxs: Add new files.
-
- g13: Include a now missing header file.
- + commit b7f4e2d71fe3dee680f834cfc3dd620352830147
- * g13/create.c: Include sysutuls.h
-
- gpgconf: Make sure the homedir exists for --apply-profile.
- + commit 7d95f2e7e7a09e3d433d449b117e3470f9dd38c7
- * tools/gpgconf.c (main) <aApplyDefaults, aApplyProfile>: Create the
- standard home directory.
-
- common: Fix duplicate implementation of try_make_homedir.
- + commit dabc314b71378f585fac2753149f3358e32ec621
- * g10/openfile.c (try_make_homedir): Move core of the code to ...
- * common/homedir.c (gnupg_maybe_make_homedir): new.
- * sm/keydb.c (try_make_homedir): Implement using new function.
-
- * common/homedir.c: Include i18n.h.
- * po/POTFILES.in: Add common/homedir.c.
-
-2020-11-04 Andre Heinecke <aheinecke@gnupg.org>
-
- w32: Add another pinentry search path.
- + commit c8f6f6bbc8b203e633d382aa84862807c1aeb3d1
- * common/homedir.c (get_default_pinentry_name): Try ../bin/pinentry.exe
-
- w32: Add windows subsystem variant of gpgconf.
- + commit e2659f4bf603693c43af0444239bc52744291edc
- * tools/Makefile.am (gpgconf-w32): New target. Builds gpgconf with
- subsystem windows.
- * build-aux/speedo/w32/wixlib.wxs: Package it.
-
-2020-11-03 Werner Koch <wk@gnupg.org>
-
- w32: Fix strftime problem on Windows.
- + commit e8aae18b997b3fdbfac86c644be94044aa67224d
- * common/gettime.c: Include locale.h.
- (asctimestamp): Increase buffer. On Windows use setlocale.
-
- gpg: Switch to AES256 for symmetric encryption in de-vs mode.
- + commit d1f2a6d9f71cf50318f4891c84aeedb975553896
- * g10/gpg.c (set_compliance_option): For AES256 and SHA256 in de-vs
- mode.
- * g10/encrypt.c (setup_symkey): Add extra compliance check.
- (encrypt_simple): Avoid printing a second error oncplinace failure.
-
-2020-11-02 Werner Koch <wk@gnupg.org>
-
- gpg: Allow setting notations with the empty string as value.
- + commit e1bafa3574ccd56d9f8f8c1deb3d8fb9fd7025cc
- * g10/misc.c (pct_expando): Catch special case of the empty string.
- Also map a NULL to the empty string.
- * g10/photoid.c (show_photos): Make an empty string used as command
- fail.
-
- build: Remove m4 macro defs which are not anymore used.
- + commit 6397cf5fbe3bbc1f616431b011f76e031a387d4c
- * configure.ac (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Do not use.
- * acinclude.m4 (GNUPG_FUNC_MKDIR_TAKES_ONE_ARG): Remove unused macro
- defs.
- (GNUPG_CHECK_FAQPROG): Ditto.
- (GNUPG_CHECK_DOCBOOK_TO_TEXI): Ditto.
- (GNUPG_CHECK_MLOCK): Ditto.
-
- gpg: Do not use weak digest algos if selected by recipient prefs.
- + commit 15746d60d492f5792e4a179ab0a08801b4049695
- * g10/misc.c (is_weak_digest): New.
- (print_digest_algo_note): Use it here.
- * g10/sig-check.c (check_signature_end_simple): Use it.
- * g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
- the least of weak digest algorithm.
-
-2020-11-02 Ingo Klöcker <dev@ingo-kloecker.de>
-
- gpg: Fix iteration over signatures.
- + commit b004701adca89ba85f75e12a4d284297147fe4f2
- * g10/keyedit.c (keyedit_quick_revsig): Take signature of correct node
-
-2020-11-02 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Don't put zero-byte for ECC.
- + commit 8211d0bc3ba5ed15d0668050c08a6e28228b08a4
- * kbx/keybox-openpgp.c (parse_key): Only put zero for non-ECC.
-
- gpg: Fix debug output for key_check_all_keysigs with opaque MPI.
- + commit 90c3d623ce37695a1eb29c0a7276b23490d14603
- * g10/key-check.c (key_check_all_keysigs): Handle opaque MPI.
-
- gpg: Fix check_signature2 for opaque MPI.
- + commit 029ba6dc961c683d6683c97667d3c0e103738aa4
- * g10/sig-check.c (check_signature2): Handle the case of opaque MPI.
-
- gpg: Change the API for checksum to use const qualifier.
- + commit 21d8927f794bd901b13feaaac6d31d463349a64f
- * g10/main.h (checksum): Use const.
- * g10/misc.c (checksum): Use const.
-
- gpg: Fix counting buffer size in check_signature2.
- + commit 3151210e455f14848921fac838a5064749258d9f
- * g10/sig-check.c (check_signature2): Use GCRYMPI_FMT_PGP.
-
-2020-10-30 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix SOS handling with libgcrypt version <= 1.8.
- + commit 813e24108a139c8059dad8bc679b2ab76b807ed9
- * g10/misc.c (checksum_mpi): Don't depend new feature
- of gcry_mpi_print which supports opaque MPI.
-
- gpg: Fix first zero-byte case for SOS handling.
- + commit dd4fb1c8f668f78fbcf5052e80c5c40d4cdad20c
- * g10/export.c (transfer_format_to_openpgp): Check the first byte.
- * g10/pkglue.c (sexp_extract_param_sos): Likewise.
-
-2020-10-28 Werner Koch <wk@gnupg.org>
-
- gpg: New command --quick-revoke-sig.
- + commit 243f9176e799b2328f2e5bed93099bfc474fdc5a
- * g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
- (opts): Add --quick-revoke-sig.
- (main): Implement.
- * g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
- adjust all callers.
- (keyedit_quick_revsig): new.
- * g10/revoke.c (get_default_sig_revocation_reason): New.
- * g10/keylist.c (cmp_signodes): Make global.
-
-2020-10-27 Werner Koch <wk@gnupg.org>
-
- gpg: Sort the signatures in standard key listings.
- + commit 742e2729f4bcadfeb93260107462f4faa108d3b2
- * g10/gpg.c (parse_list_options): Add "sort-sigs".
- (main): Make it the default.
- * g10/options.h (LIST_SORT_SIGS): New.
- * g10/keylist.c (cmp_signodes): New.
- (list_keyblock_print): Sort signatures and factor signature printing
- code out to ...
- (list_signature_print): new.
-
-2020-10-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Handle canonical serialno and app specific serialno differently.
- + commit e59d2b3632d8c778bd2c4375a1c3ba9c786c4360
- * scd/app-common.h (card_get_serialno): Add IS_CANONICAL arg.
- * scd/app.c (app_send_devinfo): Use app specific serialno.
- (card_get_serialno): Support two different cases.
- (app_get_serialno): Return app specific serialno.
- (send_serialno_and_app_status): Return canonical serialno.
- * scd/command.c (cmd_serialno): Return app specific serialno.
- (cmd_learn): Return canonical serialno.
-
-2020-10-26 Werner Koch <wk@gnupg.org>
-
- g10: Make call to agent_scd_serialno more robust.
- + commit 0f780b1aebb1b1bde219401735a1c24c1f0a7978
- * g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored
- on error at r_serialno.
- * g10/card-util.c (card_status): Simplify freeing of seriaono.
- (factory_reset): Ditto.
-
-2020-10-26 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Flush the cache when writing cert data object.
- + commit 8264b10d33e46d2caac2f2c38ccb5f764c31ad77
- * scd/app-piv.c (do_writecert): Flush the cache of the data object.
-
- gpg: Fix double free on error.
- + commit a153d0f7691486efe0aadfb1e226544ae6d20ffd
- * g10/card-util.c (card_status): Check an error return.
-
- gpg,tools: Fix detecting OpenPGP card by serialno.
- + commit 157f1de64e437cecd75335e9f4077ba9835e3da0
- * tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
- APP.
- * g10/card-util.c (get_info_for_key_operation): Likewise.
- (current_card_status): Even if its SERIALNO is not like OpenPGP card,
- it's OpenPGP card when app says so.
-
- scd: Internal CCID driver thing only for SPR532.
- + commit 31def32eeed8cff705ca827e4bbc0bfcc80c512f
- * scd/ccid-driver.c (ccid_vendor_specific_setup): New. Limit
- only for SPR532, excluding other readers by SCM.
- (ccid_slot_status): Use ccid_vendor_specific_setup.
-
-2020-10-24 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Internal CCID driver limiting only for SPR532.
- + commit 3c6b5dfa2a2379a5f5eaa052f7dbc73462097425
- * scd/ccid-driver.c (ccid_vendor_specific_init): Only do that for
- SPR532.
-
-2020-10-23 Werner Koch <wk@gnupg.org>
-
- common: Allow building with released libgpg-error.
- + commit 32f336d9555f18464d72a5068c290ab82ee92617
- * common/sysutils.c (gnupg_access) [W32]: Fix for older libgpgrt.
-
-2020-10-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Handle Yubikey's multiple apps and serialno.
- + commit 2d4de4b6f06c87cd0f72b2a0d09950e1b50841b2
- * scd/app-common.h (yubikey_get_serialno): New.
- * scd/app-openpgp.c (yubikey_get_serialno): New.
- * scd/app.c (card_get_serialno): Use OpenPGP app's serialno,
- when it's enabled for Yubikey.
- (send_serialno_and_app_status): Use card_get_serialno, not
- directly accessing ->serialno.
-
- scd: Use app_get_serialno for app_getattr.
- + commit c8cc35dd2c106d91a793667690c0b200560d5d2d
- * scd/app.c (app_getattr): Use app_get_serialno.
-
- scd: Don't overwrite serialno for Yubikey.
- + commit 65c91e601ae93aee1a5fa399d4a5d4498ad76eda
- * scd/app-openpgp.c (app_select_openpgp): Keep ->serialno.
-
- scd,openpgp: Use app_get_serialno function to get SERIALNO.
- + commit 41505f0ae544535b524a409d87aa2540607fc9a4
- * scd/app-openpgp.c (check_keyidstr): Don't directly access
- app->serialno, but use app_get_serialno.
- (do_with_keygrip): Likewise.
-
-2020-10-21 Werner Koch <wk@gnupg.org>
-
- common: New functions gnupg_opendir et al.
- + commit 7e22e08e2ab09cd3c2317f5e80e8ee47d46eff4b
- * common/sysutils.h (struct gnupg_dirent_s): New.
- * common/sysutils.c: Include dirent.h.
- (struct gnupg_dir_s): New.
- (gnupg_opendir, gnupg_readdir, gnupg_closedir): New. Change all
- callers of opendir, readdir, and closedir to use these functions.
-
- w32: Make gnupg_remove and gnupg_rename_file Unicode aware.
- + commit 9a0197b6fe412cfc66b0cece521267180e454416
- * common/sysutils.c (w32_rename): New.
- (gnupg_rename_file) [W32]: Support Unicode.
- (gnupg_remove) [W32]: Support Unicode. Drop Windows-CE support.
-
-2020-10-20 Werner Koch <wk@gnupg.org>
-
- Replace all calls to stat by gnupg_stat.
- + commit 18e5dd7b03ced51611c9ba1345cf498a0aaf14a6
- * common/sysutils.c (gnupg_stat): New.
- * common/sysutils.h: Include sys/stat.h.
-
- Replace most calls to open by a new wrapper.
- + commit 4dcef0e17836e8725c31a3b76f2bf7144345c808
- * common/sysutils.c (any8bitchar) [W32]: New.
- (gnupg_open): New. Replace most calls to open by this.
- * common/iobuf.c (any8bitchar) [W32]: New.
- (direct_open) [W32]: Use CreateFileW if needed.
-
- w32: Allow Unicode filenames for dotlock.
- + commit b47c355b18d9537ccc3dd3e80cc1825b018ecff7
- * common/dotlock.c (any8bitchar) [W32]: New.
- (dotlock_create_w32): Use strconcat and CreateFileW.
-
- * common/t-dotlock.c: Source include dotlock.c and modify to allow
- manual testing on Windows.
-
- Replace all calls to access by gnupg_access.
- + commit c94ee1386e0d5cdac51086c4d5b92de59c09c9b5
- * common/sysutils.c (gnupg_access): New. Replace all calls to access
- by this wrapper.
- * common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
- directory name.
- (standard_homedir): Adjust for change.
- (w32_commondir, gnupg_cachedir): Ditto.
-
-2020-10-09 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg,ecc: Fix SOS handling when receiving from agent.
- + commit 228836f79f64559c9582ac2d475e50af57684bf8
- * g10/export.c (transfer_format_to_openpgp): It's not simple opaque
- MPI, but SOS.
-
- agent: Fix SEGV when debuging for cache enabled.
- + commit 33cb1655f1b7c597d1ebdcb38447648477e6ac9f
- * agent/cache.c (agent_get_cache): Avoid dereferencing NULL.
-
-2020-10-05 Werner Koch <wk@gnupg.org>
-
- gpgsm: Fix detection of too old keyboxd.
- + commit 4eb9ce847825e8c6a07ce27d303c56233e85d007
- * sm/keydb.c (warn_version_mismatch): Add arg ctrl and pass on.
- (create_new_context): Pass ctrl to warn function.
-
- dirmngr: Minor cleanup for better readability.
- + commit b258f8de7e9fc436d72c4d4ff8f98e9b86d2f3f5
- * dirmngr/ldap.c (start_default_fetch_ldap): Rename to
- start_cacert_fetch_ldap and remove arg attr. Instead use
- "cACertificate" directly.
- * dirmngr/crlfetch.c (ca_cert_fetch): Change the only caller.
- (start_cert_fetch_ldap): Rename arg for clarity.
-
- dirmngr: Add warning on the use of --add-servers.
- + commit 210575d8826ea61e4914e4b61eff7b875c972b85
- * tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to
- expert mode.
-
- gpg: Switch to ed25519+cv25519 as default algo.
- + commit ff31dde456f32950f0df6c974b4c41f1d650d68f
- * g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
- default ago.
- (ask_algo): Change default and also the way we indicate the default
- algo in the list of algos.
- (ask_curve): Indicate the default curve.
-
- keyboxd: Fix duplicates when listing keys by uid.
- + commit 194034f813a09a0021e6aa82d64ea0693b37c8d0
- * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add fields
- lastubid_valid and lastubid.
- (run_sql_prepare): Add optional extra2 arg and chage callers.
- (run_select_statement): Add an ORDER BY clause to most SELECTs.
- (be_sqlite_search): Skip duplicated keyblocks in a search.
-
-2020-10-04 Werner Koch <wk@gnupg.org>
-
- build: Fix SENDMAIL define for a PATH with spaces.
- + commit 6c36b8bb23bb033aaae5f1dff3b38d8e0e44717c
- * configure.ac: Fix use of $PATH
-
- (cherry picked from commit 77e416741abb0a871733bd46cbc81329859de96e)
-
-2020-10-02 Werner Koch <wk@gnupg.org>
-
- gpgconf: New option --show-versions.
- + commit 357ad9ae29677c1676b56d2b81282e2f78ec8040
- * tools/gpgconf.c: Include exechelp.h. New option --show-versions.
- (get_revision_from_blurb): New.
- (show_version_gnupg): New.
- (show_version_libgcrypt): New.
- (show_version_gpgrt): New.
- (show_versions_via_dirmngr): New.
- (show_versions): New.
- * tools/gpgconf-comp.c (GPGNAME): Remove unused macro.
- * dirmngr/dirmngr.c (main): New internal option --gpgconf-versions.
- (get_revision_from_blurb): New.
- (gpgconf_versions): New.
-
- w32: Silence warning due to recent change of split_fields.
- + commit 371228a244232f2b74181e0aa3c44d698df840ce
- * common/compliance.c (gnupg_rng_is_compliant): Make fields const.
-
- gpg: Fix parameter parsing form ed448.
- + commit e824e27d36021a868c855244d22c7d40a88a396e
- * g10/keygen.c (parse_key_parameter_part): Set algo also for 448.
-
-2020-10-01 Andre Heinecke <aheinecke@gnupg.org>
-
- doc: Remove enable-extended-key-format in vsnfd.
- + commit d84862cf109c75ae30ed5e2531b4554083c6a558
- * doc/examples/vsnfd.prf: Remove enable-extended-key-format
-
-2020-09-30 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Internal CCID driver: More fix for SPR532.
- + commit 920f258eb6018ecec1d63bad6a0fb0772f72affa
- * scd/ccid-driver.c (bulk_in): Handle the case of missing intr_cb.
-
- scd: Report any error for LEARN command.
- + commit 862d9c6face9b4ad61f6e59bf1ba9b5f5d05c58c
- * scd/app-openpgp.c (do_learn_status): Report any error.
-
-2020-09-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Internal CCID driver fix.
- + commit 1444203ca32ccfa4bd5097d2d49565c4055c620b
- * scd/ccid-driver.c (intr_cb): More useful debug output.
- (ccid_slot_status): Remove redundant condition.
-
- scd: Internal CCID driver: Call libusb_clear_halt at ccid_setup_intr.
- + commit 6af978713e4c69d7814f47e709f1dfb3fe9076d1
- * scd/ccid-driver.c (ccid_setup_intr): Reset the endpoint.
- (ccid_vendor_specific_init): Don't call libusb_clear_halt.
-
-2020-09-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Internal CCID driver: Fix a failure path.
- + commit d561c936a217627bc29aac628a8d01f7003dcd28
- * scd/ccid-driver.c (ccid_open_usb_reader): On error, call
- libusb_release_interface.
-
- scd: Internal CCID: Handle LIBUSB_ERROR_TIMEOUT at ccid_get_atr.
- + commit b1e8072320c19246962beb6d67dc5784b5a72364
- * scd/ccid-driver.c (ccid_slot_status): Handle LIBUSB_ERROR_TIMEOUT.
-
- scd: Internal CCID: Clear the handle after use.
- + commit c5e8ef3ab980012b64f5894f437e2ff568b02f43
- * scd/apdu.c (close_ccid_reader): Clear the handle.
- (open_ccid_reader): Likewise.
-
- scd: Change handling of SPR532 card reader.
- + commit 684a52dffa8b7f79b26fe53b3ab10d7748a8fb37
- * scd/ccid-driver.c (ccid_vendor_specific_init): Put some workaround
- for SPR532 initialization.
- (ccid_slot_status): Send ESCape command after GetSlotStatus.
-
-2020-09-25 Werner Koch <wk@gnupg.org>
-
- keyboxd: Make use of the config table.
- + commit f8fbd9e7346ee0c3b09271ec2cdb589282eae1c9
- * kbx/backend-sqlite.c (DATABASE_VERSION): New.
- (table_definitions): Make column name of table config unique.
- (create_or_open_database): Read and set the database version.
- (get_config_value, set_config_value): New.
-
-2020-09-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: For PC/SC, send the ESC command at init for SPR532 reader.
- + commit 93e3c97889120dd17d79b7c8dd04293553785c9b
- * scd/apdu.c (struct reader_table_s): Remove is_spr532.
- (pcsc_vendor_specific_init): Send the ESC command for SPR532.
- (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove no_lc hack.
-
- scd: For SPR532, submit the ESCape command at initialization.
- + commit 4fae55f8ee11b3f710524e5e8b8a91b159949f2d
- * scd/ccid-driver.c (ccid_vendor_specific_init): Submit the ESC
- command for VENDOR_SCM.
- (ccid_transceive_secure): Don't submit the ESC command every time.
-
-2020-09-24 Werner Koch <wk@gnupg.org>
-
- gpg: New experimental import option "bulk-import"
- + commit d49a945b12d98fadd0d37f4e50b5e02799e16305
- * g10/options.h (IMPORT_BULK): New.
- * g10/import.c (parse_import_options): Add "bulk-import".
- * g10/call-keyboxd.c (in_transaction): New var.
- (gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
- mode.
- (create_new_context): Run a begin transaction if in bulk import mode.
-
- keyboxd: New command TRANSACTION.
- + commit c2b14f5d6852fb9efaca8aeec7961e9d036203e8
- * kbx/backend-sqlite.c (be_sqlite_rollback): New.
- (be_sqlite_commit): New.
- (be_sqlite_search): Take care of global transactions.
- (be_sqlite_store): Ditto.
- (be_sqlite_delete): Ditto.
- * kbx/frontend.c (kbxd_rollback, kbxd_commit): New.
- * kbx/keyboxd.h (opt): Add vars for transactions.
- * kbx/kbxserver.c (struct server_local_s): Add fields next_session and
- client_pid.
- (session_list): New var.
- (cmd_transaction): New.
- (register_commands): Register command.
- (kbxd_start_command_handler): Store pids and track sessions. Do a
- final rollback.
-
- tests: Integrate --use-keyboxd into the OpenPGP test suite.
- + commit b19a60c6f7e892635db9e22499a7a44087c86c41
- * tests/openpgp/all-tests.scm (all-tests): Replace extended-key-format
- mode with a new keyboxd mode.
- * tests/openpgp/defs.scm (create-gpghome): Ditto.
- * tests/openpgp/gpgv.scm: Adjust for keyboxd mode.
- * tests/openpgp/issue2419.scm: Fix to allow setting a log-file into
- gpg.conf for debugging.
-
- keyboxd: Implement multiple search descriptions.
- + commit 25ad3c22d79d06c16a5fc652b0a6e3ffd99ad2b6
- * kbx/kbx-client-util.c (kbx_client_data_simple): New.
- * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
- (be_sqlite_search): Use that.
- * g10/call-keyboxd.c (keydb_search): Implement multi mode.
-
- keyboxd: Fix UDPATE keyblob SQL statement.
- + commit 1f89d50537b3b16165e921df60734ce6203650cb
- * kbx/backend-sqlite.c: Always use ?NNN for SQL parameters.
-
- tests: Fix convenience function to run gpg.
- + commit 97798eec4b77470b3aecdbee9729fa76b8550dfe
- * tests/openpgp/defs.scm (pipe:gpg): Remove stray dash.
-
- keyboxd: Remove unused variables.
- + commit 0ac003b4576392ca3e930304a98bbf8183ab5f8b
- * kbx/kbx-client-util.c (datastream_thread): No need to set PK_NO and
- UID_NO.
-
- keyboxd: Integrate into gpgconf.
- + commit acaeba2dbdb9bbd68a823c671d5c3577fef5d26d
- * common/asshelp.c (lock_spawning): Use a dedicated name for keyboxd.
- * common/homedir.c (keyboxd_socket_name): New.
- (gnupg_module_name): Put keyboxd into libexecdir.
- * tools/gpgconf-comp.c (known_options_keyboxd): New.
- (gc_component): Add entry for keyboxd.
- (keyboxd_runtime_change): New.
- (gc_component_launch): Support keyboxd.
- * tools/gpgconf.c (list_dirs): Emit new item keyboxd-socket.
- (main): Also remove keyboxd socket.
-
-2020-09-24 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix CCID internal driver for interrupt transfer.
- + commit 7cbb513a2dc150a90a30c53316970df2a439d494
- * scd/ccid-driver.c (intr_cb): Handle the case of multiple messages.
-
-2020-09-22 Werner Koch <wk@gnupg.org>
-
- gpg: Set the found-by flags in the keyblock in keyboxd mode.
- + commit 183509756179fadd95d1cc740047b94dc16bb279
- * g10/keydb-private.h (struct keydb_handle_s): Add fields to return
- the ordinals of the last found blob.
- * g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
- parser.
-
- sm: Fix returning of the ephemeral flag in keyboxd mode.
- + commit b810320b1bf76209dc1087cb91ca34232d9268c3
- * sm/keydb.c (search_status_cb): Skip over the ubid.
-
- common: Fix name of keyboxd.
- + commit c81a7b09368a474de4e3572fbb527d1597408ab1
- * common/homedir.c (gnupg_module_name): Fix name.
-
- keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.
- + commit 0e892bda4e0bf9db9116d7d5585d4e7b0d2eae57
- * kbx/backend-sqlite.c (table_definitions): Add column UINO to
- userids.
- (be_sqlite_local_s): Add fields select_col_uidno and
- select_col_subkey.
- (run_select_statement): Also select subkey or uidno column.
- (be_sqlite_search): Return their values.
- (store_into_userid): Store the UIDNO.
- * kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO.
-
- kbx: Add bounds check to detect corrupt keyboxes.
- + commit e0a312bfd646485ae8a0ae5e26720fc1667c5490
- * kbx/keybox-dump.c (_keybox_dump_blob): Fix the fixmes.
-
-2020-09-21 Werner Koch <wk@gnupg.org>
-
- scd: Extend KEYPAIRINFO with an algorithm string.
- + commit 26da47ae53d51e16ae6867cd419ddbf124a94933
- * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part
- of a KEYPAIRINFO.
- * scd/command.c (do_readkey): Ditto.
- * scd/app-piv.c (do_readkey): Ditto.
- * scd/app-nks.c (do_learn_status_core): Ditto.
- (struct fid_cache_s): Add field algostr.
- (flush_fid_cache): Release it.
- (keygripstr_from_pk_file): Fill it and add it to the cache. Use a
- single exit label.
- * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg
- r_algostr. Change all callers.
-
- sm: Implement delete key in keyboxd mode.
- + commit c772770574ea2d337f8745ff304b1b8acd8a2e4c
- * sm/keydb.c (keydb_delete): Implement keyboxd mode.
- (keydb_update_cert): Disable unused function.
- * kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer.
-
-2020-09-18 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix regression for access through the extra secket.
- + commit 8a84a71f3a58a3e943f238b70743cd6408477eba
- * agent/command.c (cmd_keyinfo): Allow KEYINFO command for one key.
- (cmd_scd): Allow SCD command to invoke GETINFO, GETATTR, and
- KEYINFO --list=encr sub commands.
-
- common,agent,dirmngr,g10,tools: Fix split_fields API.
- + commit dfdcf14738976c6b236f4fa1c3b68af351024b3c
- * common/stringhelp.h (split_fields): Use const * for the strings in
- the ARRAY.
- (split_fields_colon): Likewise.
- * common/stringhelp.c (split_fields, split_fields_colon): Fix
- the implementation.
- * agent/call-scd.c, agent/command.c: Follow the change.
- * common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
- * g10/call-agent.c, tools/card-call-scd.c: Likewise.
- * tools/card-yubikey.c, tools/gpg-card.c: Likewise.
- * tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
- * tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
- * tools/wks-util.c: Likewise.
-
-2020-09-16 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Clear PIN cache when changing key attributes.
- + commit 8ff36630277f05fbe4e43c7d757eb90da8645e3f
- * scd/app-openpgp.c (change_keyattr): Clear all PINs.
-
- scd: Clear caching PIN at KDF setup.
- + commit f4c07fc3d3c32e96d4306f6daa60b6de7fba7dc5
- * scd/app-openpgp.c (do_setattr): Clear PINs.
-
- scd: Add better support for KDF feature.
- + commit 316a8cbc7523560d999e46eb524165db11682210
- * scd/app-openpgp.c (do_setattr): Handle kdf-seup "off" for Gnuk.
-
- gpg,scd: Fix handling of KDF feature.
- + commit 8dfd0ebfd8cf2b6bcecbd91c8f7fad6db583aa5a
- * g10/card-util.c (kdf_setup): Fix the default value.
- * scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
- Zeitcontrol. Make sure Gnuk and Yubikey work well.
-
-2020-09-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix the use case of verify_chv2 by CHECKPIN.
- + commit 6e51f2044aebb885ea81dae259db1b7f477b1c44
- * scd/app-openpgp.c (verify_chv2): Call verify_a_chv with chvno=1
- when needed.
-
-2020-09-11 Werner Koch <wk@gnupg.org>
-
- scd:piv: Avoid conflict when writing a cert.
- + commit fbc1b199fdc8fd9a4ab422f005b4eb521b594c5c
- * scd/app-piv.c (map_curve_name_to_oid): New.
- (my_cmp_public_key): New.
- (do_writecert): Replace simple memcmp by cmp_canon_sexp.
-
- common: New function cmp_canon_sexp.
- + commit b6ba6a79ce9336f1b53f16f3d1190dd009fb166e
- * common/sexputil.c (cmp_canon_sexp): New.
- (cmp_canon_sexp_def_tcmp): New.
- * common/t-sexputil.c (test_cmp_canon_sexp): Add a simple test.
-
- keyboxd: Implement lookup by short and long keyid.
- + commit 9a94db1f662a1c5973b57b25e25aeab1bc33250e
- * kbx/backend-sqlite.c: Change definition of column KID.
- (kid_from_mem): Remove.
- (kid_from_u32): Rewrite.
- (run_sql_bind_int64): Remove.
- (run_select_statement): Implement lookup by short keyid. Fix lookup
- by long keyid.
- (store_into_fingerprint): Adjust kid arg.
-
- keyboxd: Add ephemeral and revoked flag to the sqlite backend.
- + commit 616c60d93dfab27dde00e1489c6c51340ec93b6c
- * kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and
- is_revoked. Adjust callers.
- * kbx/backend-sqlite.c: Alter table pubkey to add new columns.
- (run_select_statement): Add new column to all selects.
- (be_sqlite_search): Return the new flags.
-
-2020-09-10 Andre Heinecke <aheinecke@gnupg.org>
-
- doc: Update and extend module overview.
- + commit d62797ebcc15ffac52664fe08759d18a92491ddc
- * doc/gnupg-module-overview.svg: Add examples of GPGME aware
- applications
-
-2020-09-10 Werner Koch <wk@gnupg.org>
-
- sm: Implement initial support for keyboxd.
- + commit ed6ebb696e4063dc664d7ee74fc492025881c459
- * sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
- * sm/keydb.c (struct keydb_local_s): Change definition of
- search_result.
- (keydb_get_cert): Implement keyboxd mode.
- (keydb_get_flags): Temporary hack for keyboxd mode. Needs to be
- fixed.
- (struct store_parm_s, store_inq_cb): New.
- (keydb_insert_cert): Implement keyboxd mode.
- (keydb_locate_writable): Make static.
- (keydb_search_reset): Implement keyboxd mode.
- (search_status_cb): New.
- (keydb_search): Implement keyboxd mode. Replace return code -1 by
- GPG_ERR_NOT_FOUND.
- (keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
- * sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
- GPG_ERR_NOT_FOUND.
- (list_internal_keys): Ditto.
- * sm/sign.c (add_certificate_list): Ditto.
- * sm/certchain.c (find_up_search_by_keyid): Ditto.
- (find_up_external, find_up, find_up_dirmngr): Ditto.
- (gpgsm_walk_cert_chain): Ditto.
- (get_regtp_ca_info): Ditto.
- * sm/certlist.c (gpgsm_add_to_certlist): Ditto.
- (gpgsm_find_cert): Ditto.
- * sm/delete.c (delete_one): Ditto.
- * sm/export.c (gpgsm_export): Ditto.
- (gpgsm_p12_export): Ditto.
- * sm/import.c (gpgsm_import_files): Ditto.
-
- keyboxd: Add basic support for X.509.
- + commit c9677d416e6ff190c589af35b514a01a787085fb
- * kbx/keybox-blob.c (x509_email_kludge): Rename to ...
- (_keybox_x509_email_kludge): this and make global.
- * kbx/backend.h: Include ksba.h.
- * kbx/backend-support.c (be_get_x509_serial): New.
- (be_get_x509_keygrip): New.
- * kbx/backend-sqlite.c (table_definitions): New table 'issuers'.
- (run_select_statement): Implements modes ISSUER, ISSUER_SN, SUBJECT.
- (store_into_userid): Add arg override_mbox.
- (store_into_issuer): New.
- (be_sqlite_store): Implement x509 part.
-
- keyboxd: Use D-lines instead of a separate thread.
- + commit 6fcc263c182fc49d9ba2d1bd7649b4af1e9f3e3a
- * kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
- * g10/call-keyboxd.c (open_context): Set DLINES to true.
- * sm/keydb.c (open_context): Ditto.
-
- keyboxd: Add options --openpgp and --x509 to SEARCH.
- + commit 29977e21d18188e16e50fee95a95e05fdbd97caf
- * kbx/keyboxd.h (struct server_control_s): Replace the two request
- objects by just one. Add filter flags.
- * kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
- (cmd_killkeyboxd): Do not return GPG_ERR_EOF.
- * kbx/frontend.c (kbxd_release_session_info): Adjust for the new
- request object.
- (kbxd_search, kbxd_store, kbxd_delete): Ditto.
- * kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
- (run_sql_prepare): Add optional arg 'extra'. Change callers.
- (run_sql_bind_ntext): New.
- (run_sql_bind_text): Just call run_sql_bind_ntext.
- (run_select_statement): Add ctrl arg. Implement the filter flags.
-
- * g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
-
- gpg-connect-agent: Catch signals so that SIGPIPE is ignored.
- + commit 3cf9bb4d73cfe78d3d48734e7c8a65d9a98112a5
- * dirmngr/server.c (cmd_killdirmngr): Return 0.
- * tools/gpg-connect-agent.c (main): Catch signals.
-
- dirmngr: Fix the pool keyserver case for a single host in the pool.
- + commit 5a87011c46b5b01659c3cbc3c7a04da94ae5ca9e
- * dirmngr/ks-engine-hkp.c (map_host): Set R_HOSTNAME also for
- localhost and if there is no pool.
-
- dirmngr: Align the gnutls use of CAs with the ntbtls code.
- + commit faabc49797df43c4904b6230f83e8c6677e88b22
- * dirmngr/http.c (http_session_new) <gnutls>: Use only the special
- pool certificate for the default keyserver.
-
-2020-09-10 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Flush KDF DO (0x00F9) when it's being set.
- + commit d4cb774ddd8830836c9c87a90db01f749ac8d67c
- * scd/app-openpgp.c (do_setattr): Call flush_cache_item always.
-
-2020-09-09 Werner Koch <wk@gnupg.org>
-
- agent: Keep some permissions of private-keys-v1.d.
- + commit 8ed85ef3de9cdeee86e281a8b46be1bd49a36e7a
- * common/sysutils.c (modestr_to_mode): Re-implement.
- (gnupg_chmod): Support keeping of permissions.
-
- kbx: Change X.509 S/N search definition.
- + commit adec6a84f6ee176764391da358ae150f92b1f1e4
- * kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
- SNLLEN with a hex flag. Add SNHEX.
- * kbx/keybox-search.c (keybox_search): Adjust.
- * common/userids.c (classify_user_id): Adjust.
- * sm/keydb.c (keydb_search_desc_dump): Adjust.
- * g10/keydb.c (keydb_search_desc_dump): Adjust.
-
-2020-09-08 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg,tools: Add handling of supported algorithms by a card.
- + commit 2bc1ec294422504e2d2e5d20716aba68f1c2b0d7
- * g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
- * g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
- (agent_release_card_info): Release supported_keyalgo.
- * tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
- * tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
- (release_card_info): Release supported_keyalgo.
-
- scd: Add a workaround for Yubikey.
- + commit 0db9c83555b4a8a0c52f96e96ec20dbfd3d75272
- * scd/app-openpgp.c (get_public_key): Handle wrong code for Yubikey.
-
-2020-09-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix handling 0x00FA to support OpenPGP card 3.4.
- + commit 270c49b8c6eaf99df7b417f9d0e45eba0acfb423
- * scd/app-openpgp.c (data_objects): It may be longer.
-
-2020-09-04 Werner Koch <wk@gnupg.org>
-
- gpg: Initialize a parameter to silence valgrind.
- + commit 65eb1569809a3c42e8afb064f6194fac2e34a03a
- * g10/keygen.c (read_parameter_file): Initialize nline.
- * g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
-
-2020-09-04 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support GET DATA response with no header for DO 0x00FA.
- + commit 43bbc25b0f57dec24412886ff46041e0b1f3de26
- * scd/app-openpgp.c (do_getattr): Support Gnuk, as well.
-
- scd: Parse "Algorithm Information" data object in scdaemon.
- + commit eba2563dabbb4f61537900289fbe3ae113904733
- * scd/app-openpgp.c (data_objects): 0x00FA for binary data.
- (do_getattr): Parse the data and send it in status lines.
- (get_algorithm_attribute_string): New.
-
-2020-09-03 Werner Koch <wk@gnupg.org>
-
- sm: New options to prepare the use of keyboxd.
- + commit 046f419f806036248c058c4bd44368f8596287b7
- * sm/Makefile.am (AM_CFLAGS): Add npth flags.
- (common_libs): Use npth version of the lib.
- (gpgsm_LDADD): Add npth libs.
- * sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
- (opts): New options --use-keyboxd and --keyboxd-program.
- (main): Set them.
- (gpgsm_deinit_default_ctrl): New.
- (main): Call it.
- * sm/server.c (gpgsm_server): Ditto.
- * sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
- (keydb_local_s): New type.
- (struct server_control_s): Add field keybd_local.
- * sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
- (struct keydb_local_s): New.
- (struct keydb_handle): Add fields for keyboxd use.
- (gpgsm_keydb_deinit_session_data): New.
- (warn_version_mismatch): New.
- (create_new_context): New.
- (open_context): New.
- (keydb_new): Implement keyboxd mode.
- (keydb_release): Ditto.
- (keydb_get_resource_name): Ditto.
-
- * sm/keydb.c: Add stub support for all other functions.
-
- sm: Add arg ctrl to keydb_new.
- + commit a7d006293ec84532cc1972cd2f990198eadf1a1a
- * sm/keydb.c (keydb_new): Add arg and change all callers.
-
-2020-09-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add handling of "Algorithm Information" DO.
- + commit 90d0072165cc5c6888f14462392a211de0c4b232
- * cd/app-openpgp.c (data_objects): Add 0x00FA.
- (do_getattr): Add KEY-ATTR-INFO.
-
-2020-09-02 Werner Koch <wk@gnupg.org>
-
- gpg: Fix segv importing certain keys.
- + commit 8ec9573e57866dda5efb4677d4454161517484bc
- * g10/key-check.c (key_check_all_keysigs): Initialize issuer.
-
- keyboxd: Restructure client access code.
- + commit 497db0b5bcd688c4e2144ba167bd2ac485069d1b
- * kbx/kbx-client-util.c: New.
- * kbx/kbx-client-util.h: New.
- * kbx/Makefile.am (client_sources): New.
- * g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
- and make global.
- * g10/call-keyboxd.c: Include kbx-client-util.h.
- (struct keyboxd_local_s): Remove struct datastream. Add field kcd.
- Remove per_session_init_done.
- (lock_datastream, unlock_datastream): Remove.
- (prepare_data_pipe, datastream_thread): Remove.
- (keydb_get_keyblock_do_parse): Remove.
- (gpg_keyboxd_deinit_session_data): Release the KCD object.
- (open_context): Use of kbx_client_data_new.
- (keydb_get_keyblock): Simplify.
- (keydb_search): Use kbx_client_data_cmd and _wait.
-
- keyboxd: Fix user id based queries.
- + commit 4d839f5a8083e1ddd4767c838f56a4079f846c6d
- * kbx/backend-sqlite.c (run_select_statement): Add the missing join
- for user id bases queries.
-
- common: New helper function gnupg_close_pipe.
- + commit 2042f5a4641f4e43137b7683077b4d733d216417
- * common/exechelp-posix.c (gnupg_close_pipe): New.
- * common/exechelp-w32.c (gnupg_close_pipe): New.
-
-2020-09-01 Werner Koch <wk@gnupg.org>
-
- Use only one copy of the warn_server_mismatch function.
- + commit 2cd8bae23d7382588cf096df3eed83e02331a2bf
- * common/asshelp.c (warn_server_version_mismatch): New. Actually a
- slightly modified version of warn_version_mismatch found in other
- modules.
- * common/status.c (gnupg_status_strings): New.
- * g10/cpr.c (write_status_strings2): New.
- * g10/call-agent.c (warn_version_mismatch): Use the new unified
- warn_server_version_mismatch function.
- * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
- * g10/call-keyboxd.c (warn_version_mismatch): Ditto.
- * sm/call-agent.c (warn_version_mismatch): Ditto.
- * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
- * tools/card-call-scd.c (warn_version_mismatch): Ditto.
-
-2020-08-28 Werner Koch <wk@gnupg.org>
-
- sm: Fix a bug in the rfc2253 parser.
- + commit 16c1d8a14e98894408f30349cab68ff17ef6b35e
- * sm/certdump.c (parse_dn_part): Fix parser flaw.
-
-2020-08-28 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix fallback handling to utf-8.
- + commit 393dcdd61c3b2da00a97176c647d9bd1c908ceba
- * common/utf8conv.c (handle_iconv_error): Set NO_TRANSLATION.
-
-2020-08-27 Werner Koch <wk@gnupg.org>
-
- scd: New option to APDU command to return the ATR as data.
- + commit a0a4744bd0640e587b33ec3dae819ec4054f0472
- * scd/command.c (cmd_apdu): Add new option --data-atr.
- * tools/gpg-card.c (cmd_apdu): Use that here. Also fix the --exlen
- option and do not print the statusword in atr mode.
- * tools/card-call-scd.c (scd_apdu): Detect atr mode anddon't assume a
- status word.
-
- scd: Fix reading of the ATR for card type detection.
- + commit 95b5a852e269e602ade6a07ed468e9072c247b8c
- * scd/app.c (app_new_register): Do not use apdu_get_slot.
-
- dirmngr: Print the last alert message returned by NTBTLS.
- + commit 05358d73841149f64dc5d620f4b8855255e7f4da
- * dirmngr/http.c (send_request): Print the last TLS alert.
-
-2020-08-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add heuristics to identify cardtype.
- + commit 9f148360a2bf04672b43ef7cec48e21d44b06ae1
- * scd/app-common.h (cardtype_t): Add CARDTYPE_GNUK and
- CARDTYPE_ZEITCONTROL.
- * scd/app.c (strcardtype): Handle CARDTYPE_GNUK and
- CARDTYPE_ZEITCONTROL.
- (app_new_register): Detect Gnuk and Zeit Control implementation
- by examining its ATR string.
-
- scd: Add condition for VERIFY with 0x82.
- + commit af189be481df02a77e088aa0a60a1fc02dfa12bf
- * scd/app-openpgp.c (verify_chv2): Check availability of keys in
- question.
-
-2020-08-26 Werner Koch <wk@gnupg.org>
-
- build: Silence gcc warning -Wformat-zero-length.
- + commit 90a87d96eaf5b97cd53cb0ee0495b646be7b84bb
- * configure.ac: Avoid useless gcc warning. We use an empty string
- quite often, for example in log_printhex.
-
-2020-08-25 Werner Koch <wk@gnupg.org>
-
- gpg: Remove left over debug output from recent change.
- + commit fc1a1857551c05135d54e2e620e609fda59d5bca
- * g10/import.c (collapse_subkeys): Remove debug out.
-
- examples: Simplify vsnfd.prf.
- + commit 40acc5ef3ef73494e67d88ea310503e5bf08bc36
- * doc/examples/vsnfd.prf: Remove default-new-key-algo option.
-
- sm: Do not require a default keyring for --gpgconf-list.
- + commit e7677da479c4fb5abd0339de807b27c0f487d2e0
- * sm/gpgsm.c (main): No default keyring for gpgconf mode.
-
- gpgconf: Silence warnings from parsing the options files.
- + commit ad1254b59d41e127879fc9f495d392316135b4a5
- * tools/gpgconf-comp.c (retrieve_options_from_program): Set verbose
- flag for the arg parser only in --verbose mode.
-
- agent: Allow using --gogconf-list even if HOME does not exist.
- + commit b17846e4fd02f65b24ada306855fb110c56c5e73
- * agent/gpg-agent.c (main): Do not create directories in gpgconf mode.
-
- gpgconf,w32: New debug command --show-codepages.
- + commit 32021dfa5bcaa056c18e4ec40fdcd0f8b7de382b
- * tools/gpgconf.c (aShowCodepages): New.
- (opts): New command --show-codepages.
- (main) [W32]: Implement
-
- gpg: Collapse duplicate subkeys.
- + commit 633c1fea5f0dc4cb270c22ee41c24e1ec0706204
- * g10/options.h (IMPORT_COLLAPSE_UIDS): New.
- (IMPORT_COLLAPSE_SUBKEYS): New.
- * g10/gpg.c (main): Make them the default.
- * g10/import.c (parse_import_options): New import options
- "no-collapse-uids" and "no-collapse_subkeys".
- (collapse_subkeys): New.
- (import_one_real): Collapse subkeys and allow disabling the collapsing
- using the new options.
- (read_key_from_file_or_buffer): Always collapse subkeys.
- * g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
-
-2020-08-21 Werner Koch <wk@gnupg.org>
-
- gpgtar,w32: Handle Unicode file names.
- + commit 34e7703a962809921e83770f20f3eb66599265d1
- * tools/gpgtar.c (oUtf8Strings): New.
- (opts): Add option --utf8-strings.
- (parse_arguments): Set option.
- * tools/gpgtar.h (opt): Add field utf8strings.
- * tools/gpgtar-create.c (name_to_utf8): New.
- (fillup_entry_w32): Use that.
- (scan_directory): Ditto.
- (scan_directory) [W32]: Convert file name to utf8.
- (gpgtar_create): Convert pattern.
-
- common: Use gpgrt functions for mkdir and chdir.
- + commit eec70e539e44c288068f26f190d52a5718fd3a10
- * common/sysutils.c (gnupg_mkdir): Divert to gpgrt_mkdir.
- (gnupg_chdir): Divert to gpgrt_chdir
-
- common,w32: Do not assume the ANSI code during string conversion.
- + commit 5305ce17ff7a68ecc88c5ae8c4bec5897df6322f
- * common/utf8conv.c (get_w32_codepage): New.
- (wchar_to_native): Use instead oc CP_ACP.
- (native_to_wchar): Ditto.
-
- common: Strip trailing CR,LF from w32_strerror.
- + commit 33fd55ca6f3efc50c260469179788e9f725ddc58
- * common/stringhelp.c (w32_strerror): Strip trailing CR,LF.
- * common/iobuf.c (iobuf_get_filelength): Use -1 and not 0 for the
- arg to w32_strerror.
-
-2020-08-20 Werner Koch <wk@gnupg.org>
-
- gpgtar: Make --files-from and --null work as described.
- + commit e276f63e4a80e8d1cb1ba5621cedaeb0ccda956d
- * tools/gpgtar-create.c (gpgtar_create): Add args files_from and
- null_names. Improve reading from a file.
- * tools/gpgtar.c: Make global vars static.
- (main): Remove tests for --files-from and --null option combinations.
- Pass option variables to gpgtar_create.
-
- build: New configure option --disable-tests.
- + commit 32aac55875f324f8c3d85dad8483604eae65e3e8
- * configure.ac: Add option --disable-tests. Print warnings in the
- summary.
- (DISABLE_TESTS): New am_conditional.
-
- gpg: Fix regression for non-default --passphrase-repeat option.
- + commit b8c4dd902df34faa4d23efb2bb4ac222c8bbdbdb
- * agent/command.c (cmd_get_passphrase): Take care of --repeat with
- --newsymkey.
-
-2020-08-19 Werner Koch <wk@gnupg.org>
-
- gpg,gpgsm: Record the creation time of a private key.
- + commit 4031c42bfd0135874a5b362df175de93a19f1b51
- * sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
- (gpgsm_agent_import_key): Ditto.
- * g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
- (agent_import_key): Ditto.
- * g10/import.c (transfer_secret_keys): Pass the creation date to the
- agent.
- * g10/keygen.c (common_gen): Ditto.
-
-2020-08-19 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix condition of string_to_aead_algo.
- + commit 1d66b518ca83e8d315283682b1e504f1e171a0b1
- * g10/misc.c (string_to_aead_algo): Only compare if not NULL.
-
- dns: Fix memory use-after-free.
- + commit cc0d53905ce9306b51bace2682ae3d1d122c7881
- * dirmngr/dns.c (dns_res_stub): Fix RESCONF usage.
-
- common: Fix iobuf.c.
- + commit f58d441bee7e93e6344f833acc1412b3be2f6818
- * common/iobuf.c (iobuf_cancel): Initialize DUMMY.
- (do_iobuf_fdopen): Initialize LEN.
- (iobuf_read_line): Fix the loop condition.
-
- Silence compiler warnings.
- + commit f3e424d4e7273e60e69747ca4936149af7b6482a
- * common/openpgp-oid.c (map_openpgp_pk_to_gcry): Use cast for enum
- conversion.
- * dirmngr/dns-stuff.c (get_dns_srv): Use explicit conversion from
- int to float.
- * sm/gpgsm.c (parse_keyserver_line): Initialize ERR.
-
- scd: Fix possible uninitialized variables.
- + commit 4fa0a65676a29cb53ee242caf13c393f7573c9a3
- * scd/app-openpgp.c (do_change_pin): Initialize resultlen2.
- (do_change_pin): Don't call wipe_and_free on the error path.
- Initialize bufferlen2.
-
-2020-08-17 Werner Koch <wk@gnupg.org>
-
- agent: Allow to pass a timestamp to genkey and import.
- + commit 0da923a1240ac78d60c92cdd8488c4e405c3243b
- * agent/command.c (cmd_genkey): Add option --timestamp.
- (cmd_import_key): Ditto.
- * agent/genkey.c (store_key): Add arg timestamp and change callers.
- (agent_genkey): Ditto.
- * agent/findkey.c (write_extended_private_key): Add args timestamp and
- new key to write a Created line.
- (agent_write_private_key): Add arg timestamp.
- (agent_write_shadow_key): Ditto.
- agent/protect-tool.c (agent_write_private_key): Ditto as dummy arg.
-
-2020-08-14 Werner Koch <wk@gnupg.org>
-
- Add --chuid to gpg, gpg-card, and gpg-connect-agent.
- + commit 6bcb609e1b2a507caa2e1a078178709d808b590b
- * g10/gpg.c (oChUid): New.
- (opts): Add --chuid.
- (main): Implement --chuid. Delay setting of homedir until the new
- chuid is done.
- * sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
- done.
- * tools/gpg-card.c (oChUid): New.
- (opts): Add --chuid.
- (changeuser): New helper var.
- (main): Implement --chuid.
- * tools/gpg-connect-agent.c (oChUid): New.
- (opts): Add --chuid.
- (main): Implement --chuid.
-
-2020-08-13 Werner Koch <wk@gnupg.org>
-
- gpg: Ignore personal_digest_prefs for ECDSA keys.
- + commit 53d84f98157070f24dc861f1a75980474d074ddb
- * g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
-
-2020-08-12 Werner Koch <wk@gnupg.org>
-
- scd: Log info about CCIDs with permission problems.
- + commit 2af884c64354182b1903d7a77df07e877f5ed7ba
- * scd/apdu.c (open_ccid_reader): Add arg r_cciderr.
- (apdu_open_reader): Print a note on EPERM of the USB device.
-
- scd: Map some error codes from libusb to ccid-driver error codes.
- + commit 9a8d7e41bba1926158a21ebdda542241493ef983
- * scd/ccid-driver.h (CCID_DRIVER_ERR_USB_*): New error codes.
- * scd/apdu.h: New SW_HOST error codes.
- * scd/apdu.c (host_sw_string): Print them
- * scd/ccid-driver.c (map_libusb_error): New.
- (ccid_open_usb_reader, bulk_in, abort_cmd): Map libusb error codes.
- * scd/iso7816.c (map_sw): Map new codes to gpg-error.
-
- common: Pass the WAYLAND_DISPLAY envvar along.
- + commit 3944430ffeaa032719fd82f8eaa118b3f326b8ed
- * common/session-env.c (stdenvnames): Add WAYLAND_DISPLAY.
-
-2020-08-10 Werner Koch <wk@gnupg.org>
-
- scd:piv: Allow signing using PSS.
- + commit cbf203801e021e0f4d4143ecc92296ae7d0f0dd7
- * scd/app-piv.c (do_sign): Allow for PSS.
-
- agent: Add option --pss to pksign to be used by smartcards.
- + commit bb096905b9ee1f5175efee1ab6c98045a26a2678
- * agent/command.c (cmd_sethash): Add option --pss and allow for
- --hash=null.
- * agent/agent.h (struct server_control_s): Add digest.is_pss and
- zero where needed.
- * agent/pksign.c (agent_pksign_do): Allow for PSS with cards.
- * scd/command.c (cmd_pksign): Add for --hash=none.
-
-2020-08-07 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix trustdb for v5key.
- + commit 373c975859a55f942276d6078f27ee33570bf2d5
- * g10/keydb.h (fpr20_from_pk): New.
- * g10/keyid.c (fpr20_from_pk): New.
- * g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
- * g10/trustdb.c (keyid_from_fpr20): New.
- (verify_own_keys): Use keyid_from_fpr20.
- (tdb_update_ownertrust): Use fpr20_from_pk.
- (update_min_ownertrust): Likewise.
- (update_validity): Likewise.
-
- gpg: Fix short key ID for v5key.
- + commit 20982bbd7539d2032f4d6249a2654c245445521d
- * g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
- * g10/keyring.c (keyring_search): Handle short key ID for v5key.
-
-2020-08-06 Werner Koch <wk@gnupg.org>
-
- gpgsm: New option --chuid.
- + commit 646a30fd394a739ef653556b1a7b2eeebda95951
- * sm/gpgsm.c (oChUid, opts): New option --chuid.
- (main): Implement option.
-
- gpgconf: New option --chuid.
- + commit d10f45184c4482036c41f4818c84c0725a0c2c94
- * tools/gpgconf.c (oChUid, opts): New option --chuid.
- (main): Implement.
-
- common: New helper function gnupg_chuid.
- + commit 8ff00ef0de871ca43076b00df4871c3165ced001
- * common/sysutils.c (try_set_envvar): New.
- (gnupg_chuid): New.
-
-2020-08-06 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Support v5key for short kid and long kid.
- + commit df531848a9618131921d584baba81c128f94de68
- * kbx/keybox-search.c (has_short_kid): Support v5key.
- (has_long_kid): Likewise.
-
-2020-08-05 Werner Koch <wk@gnupg.org>
-
- gpg: Add level 16 to --gen-random.
- + commit d847f0651ab4304129145b55353501636b4e4728
- * g10/gpg.c (main): Add that hack.
-
-2020-08-04 Werner Koch <wk@gnupg.org>
-
- sm: Also show the SHA-256 fingerprint.
- + commit e7d70923901eeb6a2c26445aee9db7e78f6f7f3a
- * sm/keylist.c (list_cert_colon): Emit a new "fp2" record.
- (list_cert_raw): Print the SHA2 fingerprint.
- (list_cert_std): Ditto.
-
-2020-08-03 NIIBE Yutaka <gniibe@fsij.org>
-
- w32: Fix cast from intptr_t of _get_osfhandle.
- + commit 8e04cf969e95ccaa31bbaa7333938af1ea7476c6
- * common/exectool.c (gnupg_exec_tool_stream): Cast to unsigned long.
-
-2020-07-31 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix coercion for pinentry_pid handling.
- + commit da3a4c54a8ce8a7dc442c70bda9b7eda22d43e57
- * agent/call-pinentry.c (start_pinentry): Don't use pid_t.
-
- scd: Silence compiler warning.
- + commit 2a34a2afea5fcb5f4ed206afa110650db3dd7ef0
- * scd/app-openpgp.c (build_ecc_privkey_template): Fix allocation size.
-
-2020-07-30 NIIBE Yutaka <gniibe@fsij.org>
-
- w32: Add NETLIBS for sm/t-minip12.
- + commit c1f81eb9fc2544a417ebc2ce19b04541525da684
- * sm/Makefile.am (t_minip12_LDADD): Add NETLIBS.
-
- w32: More adding NETLIBS.
- + commit 5fa4427419c875e46d051ae6ed376d5ad6037401
- * common/Makefile.am (t_common_ldadd): Add $(NETLIBS).
-
- w32: Add link to $(NETLIB) for -lws2_32.
- + commit d69f5570ee5e1b099e39fdf64e18add23ff5c815
- * dirmngr/Makefile.am (dirmngr_LDADD): Add $(NETLIBS).
- * sm/Makefile.am (gpgsm_LDADD): Ditto.
- * tools/Makefile.am (gpg_wks_client_LDADD): Ditto.
-
-2020-07-27 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Fix short KID and long KID handling for FPR32.
- + commit fa4a2bd7a1ba8d4bda5f9cec0826104f50142d4f
- * kbx/keybox-search.c (blob_cmp_fpr_part): For FPR32, it's
- the first part in the fingerprint.
-
-2020-07-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix closing reader and reeleasing context in PC/SC.
- + commit daa2cec6a543f06a2e408d97a80a5041027f16a9
- * scd/apdu.c (close_pcsc_reader): Unlock the reader_table_lock.
- (apdu_dev_list_finish): Release the context when no readers.
-
- Use gpgrt's new option parser for symcryptrun.
- + commit f484ac2b2d2ea176db1a70d961a778180147d9b2
- * tools/symcryptrun.c: Follow API change of the new option parser.
-
- scd: PC/SC: Don't release the context when it's in use.
- + commit 46d185f60397f68830bfdfb99627b29aea5016f1
- * scd/apdu.c (close_pcsc_reader): Check if it's not in the loop.
-
- gpg-card: Fix type of historyname.
- + commit 43000b0434b47a72608b41d67054ba42db21b699
- * tools/gpg-card.c (interactive_loop): Remove const qualifier.
-
-2020-07-16 Werner Koch <wk@gnupg.org>
-
- gpg: Do not close stdout after --export-ssh-key.
- + commit 5c514a274ca8ac6be875818237e2e1bbc0c6a2a5
- * g10/export.c (export_ssh_key): Do not close stdout.
-
-2020-07-16 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Avoid undefined behavior of left shift operator.
- + commit 8abf065307ff4a7ea873fe59f76173bf17dac241
- * common/iobuf.c (block_filter): Handle an error earlier.
- Make sure it's unsigned.
-
-2020-07-15 NIIBE Yutaka <gniibe@fsij.org>
-
- regexp: Import change from JimTcl.
- + commit 91cb46d948db234be1ea8092f5db9e14294f1b79
- * regexp/jimregexp.h, regexp/jimregexp.c: Fix from JimTcl.
-
-2020-07-14 Werner Koch <wk@gnupg.org>
-
- agent: Fix regression with --newsymkey in loopback mode.
- + commit 0a6af6dc12998ef7b19673ad05d11e82f826de9d
- * agent/command.c (cmd_get_passphrase): Never repeat in loopback mode;
- same as with !OPT_NEWSYMKEY.
-
-2020-07-13 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Handle EAFNOSUPPORT at connect_server.
- + commit 109d16e8f644da97ed9c00e6f9010a53097f587a
- * dirmngr/http.c (connect_server): Skip server with EAFNOSUPPORT.
-
-2020-07-10 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: For decryption, support use of a key with no 'encrypt' usage.
- + commit 31ae0718ba10c3b1b670ba6131b4995de24aa7a1
- * g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
- Emit information the key has no 'encrypt' usage.
-
-2020-07-08 Werner Koch <wk@gnupg.org>
-
- Do not use the pinentry's qualitybar.
- + commit 999d25d47d45a0f594c84d51c041da0b24d68c5d
- * agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
- * g10/call-agent.c (agent_get_passphrase): Ditto.
- * sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
-
- gpg: Use integrated passphrase repeat entry also for -c.
- + commit a6a4bbf6debd925a23c22eea86a562f061fdfe6c
- * g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
- * g10/passphrase.c (passphrase_get): Add arg newsymkey.
- (passphrase_to_dek): Pass it on.
-
- agent: New option --newsymkey for GET_PASSPHRASE.
- + commit eace4bbe1ded8b01f9ad52ebc1871f2fd13c3a08
- * agent/call-pinentry.c (agent_get_passphrase): Add arg pininfo.
- * agent/genkey.c (check_passphrase_constraints): New arg no_empty.
- * agent/command.c (reenter_passphrase_cmp_cb): New.
- (cmd_get_passphrase): Add option --newsymkey.
-
-2020-07-07 Werner Koch <wk@gnupg.org>
-
- gpg: Fix flaw in symmetric algorithm selection in mixed mode.
- + commit 6864bba78e76a1ff72aec140ae9f4e752454c463
- * g10/encrypt.c (setup_symkey): Use default_cipher_algo function
- instead of the fallback s2k_cipher_algo. Fix error code.
- (encrypt_simple): Use setup_symkey.
-
-2020-07-03 Werner Koch <wk@gnupg.org>
-
- sm: Exclude rsaPSS from de-vs compliance mode.
- + commit 969abcf40cdfc65f3ee859c5e62889e1a8ccde91
- * common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
- * common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
- test rsaPSS. Adjust all callers.
- (gnupg_pk_is_allowed): Ditto.
- * sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
- (gpgsm_get_hash_algo_from_sigval): New.
- * sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
- arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
- * sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
- also get the algo flags. Pass algo flags along.
-
-2020-07-02 Werner Koch <wk@gnupg.org>
-
- scd:nks: Implement writecert for the Signature card v2.
- + commit c1663c690b29d2dea8bc782c42de5eca08a24cc9
- * scd/iso7816.c (CMD_UPDATE_BINARY): New.
- (iso7816_update_binary): New.
- * scd/app-nks.c (do_deinit): Factor some code out to...
- (flush_fid_cache): new.
- (do_writecert): New.
- (app_select_nks): Register new handler.
-
- dirmngr: Silence annoying warning for missing default ldap server file.
- + commit f55a05a69ba07eb2ed354a9275e71e94c5e362aa
- * dirmngr/dirmngr.c (parse_ldapserver_file): Add arg ignore_enoent.
- (main): Use that arg for the default file.
-
- Support a history file in gpg-card and gpg-connect-agent.
- + commit d70b8769c888f42896ae3ef4972bf82e9b5a0c32
- * common/gpgrlhelp.c (read_write_history): New.
- (gnupg_rl_initialize): Register new function.
- * common/ttyio.c (my_rl_rw_history): New var.
- (tty_private_set_rl_hooks): Add arg read_write_history.
- (tty_read_history): New.
- (tty_write_history): New.
- * tools/gpg-card.c (HISTORYNAME): New.
- (oNoHistory): New enum value.
- (opts): New option --no-history.
- (cmd_history): New.
- (cmds): New command "history".
- (interactive_loop): Read and save the history.
- * tools/gpg-connect-agent.c (HISTORYNAME): New.
- (opts): New option --no-history.
- (main): Read and save the history. New command /history.
-
-2020-06-30 Werner Koch <wk@gnupg.org>
-
- scd:nks: Fix certificate read problem with TCOS signature card v2.
- + commit 07aef873ebc77241e9a2be225537319f6fc15a41
- * scd/app-nks.c (filelist): Add a dedicated key entry for ESIGN.
- (do_readcert): Test for the app_id.
-
- scd: Change how the removed card flag is set.
- + commit 58b091df831f61c8d3551114f2480d36e73de2da
- * scd/command.c (cmd_serialno): Set/clear card removed flags for all
- connections using the current card.
-
- card: Better detect removed cards. Add TCOS PIN menu.
- + commit fb10b6cba43f4ed8675093ac25f461de4dacdce9
- * tools/card-call-scd.c (scd_change_pin): Add arg 'nullpin'.
- * tools/gpg-card.h (struct card_info_s): Add field 'card_removed'.
- * tools/gpg-card.c (fixup_scd_errors): New.
- (maybe_set_card_removed): New.
- (list_one_kinfo): Change type of first arg to get access to INFO. Set
- card_removed flag.
- (list_all_kinfo): Improve label alignment.
- (cmd_list): Check that the current card is still available.
- (cmd_passwd): Add option --nullpin and menu to chnage TCOS PINs.
- (dispatch_command): Handle card_removed flag.
- (interactive_loop): Ditto.
-
-2020-06-30 NIIBE Yutaka <gniibe@fsij.org>
-
- ecc: Support Ed448/X448 key generation.
- + commit 45398518fb76e2b859d2d48cf4cdbc11fbbda4fa
- * g10/keygen.c (ask_curve): Support Ed448/X448 keys.
- (generate_keypair): Support switch to X448 key.
-
-2020-06-29 Werner Koch <wk@gnupg.org>
-
- scd: Shorten cardio debug output for all zeroes.
- + commit 9b6f574928546e6905a92c3e74d72478f1585c66
- * scd/apdu.c (all_zero_p): New.
- (send_le): Use it.
-
- sm: Fix regression in Friday's commit.
- + commit 4f1c257c03667497d642930884b65c4f2245adbd
- * sm/gpgsm.c (main): Set ERR also for encrypt.
-
-2020-06-26 Werner Koch <wk@gnupg.org>
-
- sm: Try not to output a partial new message after an error.
- + commit ccbb0cfeefed096a9841b6557d10eef12d55b721
- * sm/gpgsm.c (main) <aSign,aEncr>: Uses gpgrt_fcancel on error.
-
- sm: Print the serial number of a cert also in decimal.
- + commit 208a90197317fb9746ecf54a1d14acbeeddfbd18
- * sm/certdump.c: Include membuf.h.
- (gpgsm_print_serial_decimal): New.
- * sm/keylist.c (list_cert_raw): Print s/n also in decimal
- (list_cert_std): Ditto.
-
-2020-06-25 Werner Koch <wk@gnupg.org>
-
- scd:nks: Fix remaining tries warning in --reset mode.
- + commit 2429e8559844e27de478d7e90834a714b3748834
- * scd/app-nks.c (do_change_pin): Chnage computaion of 'remaining'.
-
- card: Add password change menu for NKS cards.
- + commit 28c069db3bb5a1065de69bcc0435c8415df87e5b
- * tools/gpg-card.c (cmd_passwd): Add menu for NKS. Add option
- --reset.
-
- sm: Fix support verification of nistp521 signatures.
- + commit 17a25c14f1ed1199898ad618c17204eafd5524c1
- * sm/certcheck.c (do_encode_md): Fix obvious bug.
-
-2020-06-24 James Bottomley <James.Bottomley@HansenPartnership.com>
- Werner Koch <wk@gnupg.org>
-
- agent: separate out daemon handling infrastructure for reuse.
- + commit f541e1d95a91d4764c7ed0df10c293bfd493dd41
- * agent/call-scd.c: Factor re-usable code out to ...
- * agent/call-daemon.c: new. Store infos in an array to allow for
- other backend daemons.
- * agent/Makefile.am (gpg_agent_SOURCES): Add new file.
- * agent/agent.h: Include assuan.h.
- (enum daemon_type): New.
- (opt): Replace scdaemon_program by daemon_program array. Replace
- scd_local by a array d_local. Change users accordingly.
-
-2020-06-24 Werner Koch <wk@gnupg.org>
-
- gpgconf: Fix regression in --launch and --kill from March.
- + commit 2d8f060679bafed27909a5ad54b7f74a9f8dd51b
- * tools/gpgconf.h (gc_component_id_t): Align order with gc_component
- array.
-
-2020-06-24 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg,agent: Support Ed448 signing.
- + commit a763bb2580b0d586a80b8ccd3654f41e49604f4f
- * agent/pksign.c (do_encode_eddsa): First argument is NBITs,
- so that it can support Ed448, as well as Ed25519.
- (agent_pksign_do): Follow the change.
- * agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
- for Ed448, it's only for classic curves.
- * common/openpgp-oid.c (oidtable): Add Ed448.
- * common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
- * g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
- * g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
- (ask_algo, parse_key_parameter_part): Handle "ed448".
- * g10/pkglue.c (pk_verify): Support Ed448.
- (pk_check_secret_key): Support Ed448.
- * g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
- (make_keysig_packet): Likewise.
-
-2020-06-23 NIIBE Yutaka <gniibe@fsij.org>
-
- ecc: Use "cv448" to specify key using X448.
- + commit c94eea15d6847c08d2d9ff1c7608953f25fea67d
- * common/openpgp-oid.c (oidtable): Use "cv448".
- (oid_cv448): Rename from oid_x448.
- (openpgp_oidbuf_is_cv448, openpgp_oid_is_cv448): Likewise.
- * common/util.h (openpgp_oid_is_cv448): Follow the change.
- * g10/ecdh.c (pk_ecdh_generate_ephemeral_key): Likewise.
- * g10/keygen.c (gen_ecc, ask_algo): Use "cv448".
- (parse_key_parameter_part): Likewise.
- * g10/pkglue.c (get_data_from_sexp): Fix for debug output.
-
-2020-06-19 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Use get_pk_algo_from_key.
- + commit 4bdade5b0bea1816a2479c73abc71b41f09ba727
- * agent/findkey.c (key_parms_from_sexp, is_eddsa): Remove.
- (agent_pk_get_algo): Remove.
- * agent/pksign.c (agent_pksign_do): Use get_pk_algo_from_key.
-
- agent: Clean up for getting info from SEXP.
- + commit d2e4aa5ee4c5128547cc45c2e1ac35fdc5c00f45
- * agent/agent.h (agent_is_dsa_key, agent_is_eddsa_key): Remove.
- (agent_pk_get_algo): New.
- * agent/findkey.c (agent_pk_get_algo): New.
- * agent/pksign.c (do_encode_dsa): Use generic GCRY_PK_ECC.
- (agent_pksign_do): Use agent_pk_get_algo.
-
- agent: A little clean up.
- + commit abc6a3100a33122ba3673b578a2b364a6b45d252
- * agent/findkey.c (agent_is_eddsa_key): Remove dead case.
-
-2020-06-17 Werner Koch <wk@gnupg.org>
-
- agent: Fix regression in 'd' fixup code for shadowed keys.
- + commit d1e1c622d55e783ae5bf601249598f0da8d5e688
- * agent/sexp-secret.c (fixup_when_ecc_private_key): Ignore shadowed
- keys.
-
- sm: Support verification of nistp521 signatures.
- + commit 596212e71abf33b30608348b782c093dace83110
- * sm/certcheck.c (do_encode_md): Take care of nistp521.
-
-2020-06-09 Werner Koch <wk@gnupg.org>
-
- gpg: Fix for new SOS changes when used with Libgcrypt < 1.8.6.
- + commit eeb599c9e261586a664430058b7cfad7025a503f
- * g10/free-packet.c (is_mpi_copy_broken): New.
- (my_mpi_copy): Mix gcry_mpi_copy.
-
- gpg: Extend the TRUST_ status lines.
- + commit 96f1ed5468002330ea21d9ad32ac3b464bb40b1a
- * g10/pkclist.c (write_trust_status): Add arg mbox.
- (check_signatures_trust): Appenmd mbox to the status lines.
-
-2020-06-09 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Use bytes for ECDH.
- + commit da5e0bc31b4c6f16ed5ff9b35063f3b03eb7ff16
- * g10/ecdh.c (extract_secret_x): Use byte * instead of MPI.
- (prepare_ecdh_with_shared_point): Use char * instead of MPI.
- (pk_ecdh_encrypt_with_shared_point): Likewise.
- (pk_ecdh_decrypt): Likewise.
- * g10/pkglue.h (pk_ecdh_encrypt_with_shared_point, pk_ecdh_decrypt):
- Change declaration.
- * g10/pkglue.c (get_data_from_sexp): New.
- (pk_encrypt): Use get_data_from_sexp instead of get_mpi_from_sexp.
- Follow the change of pk_ecdh_encrypt_with_shared_point.
- * g10/pubkey-enc.c (get_it): Follow the change of pk_ecdh_decrypt.
-
- gpg: Add X448 support.
- + commit e9760eb9e70b9804c988dafe01851f6600869d9e
- * common/openpgp-oid.c (oidtable): Add X448.
- (oid_x448,openpgp_oidbuf_is_x448,openpgp_oid_is_x448): New.
- * common/util.h (openpgp_oid_is_x448): New.
- * g10/ecdh.c (gen_k): Add handling of opaque MPI and support
- endianness.
- (pk_ecdh_generate_ephemeral_key): X448 requires opaque MPI.
- * g10/keygen.c (gen_ecc): Add support for X448.
- (ask_algo, parse_key_parameter_part): Likewise.
-
- gpg,ecc: Handle external representation as SOS with opaque MPI.
- + commit f5bc94555458123f93d8b07816a68fb7485421e1
- * g10/pkglue.h (sexp_extract_param_sos): New.
- * g10/build-packet.c (sos_write): New.
- (do_key, do_pubkey_enc, do_signature): Use sos_write for ECC.
- * g10/export.c (cleartext_secret_key_to_openpgp): Use
- sexp_extract_param_sos.
- (transfer_format_to_openpgp): Use opaque MPI for ECC.
- * g10/keygen.c (ecckey_from_sexp): Use sexp_extract_param_sos.
- * g10/keyid.c (hash_public_key): Handle opaque MPI for SOS.
- * g10/parse-packet.c (sos_read): New.
- (parse_pubkeyenc,parse_signature,parse_key): Use sos_read for ECC.
- * g10/pkglue.c (sexp_extract_param_sos): New.
- (pk_verify): Handle opaque MPI for SOS.
- (pk_encrypt): Use sexp_extract_param_sos.
- * g10/seskey.c (encode_session_key): Use opaque MPI.
- * g10/sign.c (do_sign): Use sexp_extract_param_sos.
-
-2020-06-08 Werner Koch <wk@gnupg.org>
-
- gpg: If possible TRUST values now depend on signer's UID or --sender.
- + commit 5c2080f4670a768787f5cb4ed5c32e0946837883
- * g10/mainproc.c (check_sig_and_print): Add failsafe check for PK.
- Pass KEYBLOCK down do check_signatures_trust. Protect existsing error
- ocde in case the signature expired.
- * g10/pkclist.c (is_in_sender_list): New.
- (check_signatures_trust): Add args keyblock and pk. Add new uid based
- checking code.
- * g10/test-stubs.c, g10/gpgv.c: Adjust stubs.
-
-2020-06-08 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix the condition to detect leading 0x00 problem.
- + commit e2e5736842299ebfb8263b674d5cbfb9b784d70f
- * agent/sexp-secret.c (fixup_when_ecc_private_key): Use curve name
- to identify the issue.
-
-2020-06-05 NIIBE Yutaka <gniibe@fsij.org>
-
- agent,ecc: Use of opaque MPI for ECC, fixup 'd'.
- + commit 47c1c329ed823a562185f86e98ac903605104f11
- * agent/Makefile.am: Add sexp-secret.c.
- * agent/agent.h: New function declarations.
- * agent/sexp-secret.c: New.
- * agent/findkey.c (agent_key_from_file): Use sexp_sscan_private_key.
- * agent/protect-tool.c (read_and_unprotect): Fix up private part,
- calling fixup_when_ecc_private_key.
-
- agent: For ECC, use opaque MPI for key representation.
- + commit 2b118516240b4bddd34c68c23a99bea56682a509
- * agent/cvt-openpgp.c (scan_pgp_format): New with SOS support.
- (do_unprotect): Use scan_pgp_format, handle opaque MPI for ECC.
- (convert_from_openpgp_main): Use opaque MPI for ECC.
- (apply_protection): Set GCRYMPI_FLAG_USER1 flag for encrypted secret.
- (extract_private_key): Use "/qd" for ECC, opaque MPI.
-
- agent,ssh: Tighten condition for EdDSA.
- + commit a7d46c78e242e72f6ff681f6fe56ffc4dcb74a18
- * agent/command-ssh.c (ssh_key_to_blob): Prepare for non-prefixed
- point representation of EdDSA.
-
- agent: Remove duplicated code for EdDSA.
- + commit 2e988546c59ba25bf9e63521112c0c3c73b012f1
- * agent/command-ssh.c (ssh_receive_key): Curve is "Ed25519".
- Use sexp_key_construct always.
-
- agent: Clean up do_encode_md.
- + commit 4c0b12f817f15862111a01493aaadce943410ee9
- * agent/pksign.c (do_encode_md): Directly use sexp_build.
-
-2020-06-03 Werner Koch <wk@gnupg.org>
-
- doc: Minor enhancement for reproducibility.
- + commit 074ab108e768b2f946d789c1f3a7f14a65e07c52
- * doc/Makefile.am (defsincdate): In no repo mode and with
- SOURCE_DATE_EPOCH set, use that instead of blanking the date.
-
- card: Improve openpgp key writing in "writecert".
- + commit 4f6e0e12cbd3444b9e6ea5e4b92ea5b3072a3e17
- * tools/card-keys.c (struct export_key_status_parm_s): New.
- (export_key_status_cb): New.
- (get_minimal_openpgp_key): New.
- * tools/gpg-card.c (cmd_writecert): Allow writing a keyblock directly
- from an existing gpg key.
-
- gpg: Improve generation of keys stored on card (brainpool,cv25519).
- + commit 48251cf9a7d3776667342f4705ac3de89bd75534
- * g10/keygen.c (ask_key_flags_with_mask): Allow more than ECDH for
- legacy curves.
- (ask_algo): Tweak mapping of ECC to OpenPGP algos
- (parse_key_parameter_part): Ditto.
- (generate_subkeypair): Create the subkey with the time stored on the
- card.
-
- sm: Fix recently introduced regression in CSR creation.
- + commit 7558128e16d7fc20b9c40bf7e150ca08bbb4467f
- * sm/certreqgen.c (create_request): Also set SIGKEYLEN.
-
-2020-05-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix condition for C5 data object for newer Yubikey.
- + commit f3df8dbb696fed192501fa7f741c2e0e0936a3d5
- * scd/app-openpgp.c (compare_fingerprint): Relax the condition.
-
-2020-05-28 Werner Koch <wk@gnupg.org>
-
- card: Allow to store and retrieve keyblocks in OpenPGP cards.
- + commit 2d9592e78f4978307e378e07d6c170a28000a494
- * tools/gpg-card.c: Include tlv.h.
- (cmd_writecert): Add option --openpgp.
- (cmd_readcert): Ditto.
-
- card: New command "apdu"
- + commit ed0759f39be04dd6108237f5ed03c7cfd1cb4642
- * tools/card-call-scd.c (scd_apdu): Add optional arg 'options'.
- * tools/gpg-card.c (cmd_apdu): New.
- (enum cmdids): Add cmdAPDU.
- (dispatch_command): Add command "apdu".
- (interactive_loop): Ditto.
-
-2020-05-27 Werner Koch <wk@gnupg.org>
-
- card: Update card info after "generate".
- + commit 94d31660c6db22c3b539f440994d286f687c273f
- * tools/gpg-card.c (cmd_generate): Re-read the card on success.
-
- scd:openpgp: New KEY-STATUS attribute.
- + commit 21496761226c1020a98e3ec7dd2b9dd013d4386b
- * scd/app-openpgp.c (do_getattr): Return KEY-STATUS
-
- card: Add command "bye"
- + commit 08310849a28071fbca761fa4ca18702b39092947
- * tools/gpg-card.c: Add command "bye" as alias for "quit".
- * tools/gpg-connect-agent.c (main): Add "/quit" as alias for "/bye"
-
- card: Take care of removed and re-inserted cards.
- + commit 46a3de4b5acb37274ddd132499a3243e1f92b506
- * tools/gpg-card.c (cmd_list): Take care of the need_sn_cmd flag.
- (cmd_factoryreset): Clear that flag.
- (dispatch_command): Set flag after a reset and after a
- CARD_NOT_PRESENT error.
-
-2020-05-26 Werner Koch <wk@gnupg.org>
-
- card: Implement UID command and print capabilities.
- + commit c2a47475ba0f6bd1de80e92dd91949501256025e
- * tools/card-call-scd.c (learn_status_cb): Return the full value for
- UIF. Add info about SM, MCL3, and PD.
- * tools/gpg-card.h (struct card_info_s): Add corresponding fields.
- * tools/gpg-card.c (list_openpgp): Print capabilities. Print the
- permanent flag for UIF.
- (cmd_uif): Implement.
-
- scd:openpgp: Add attribute "UIF" for convenience.
- + commit 11f0700282c1eeaee8db6686c38aca0900271351
- * scd/app-openpgp.c (do_getattr): New attrubute "UIF".
- (do_learn_status): Use that.
-
- scd: Fix Yubikey app switching problem.
- + commit 20090886706e2af6723ca11e292272fc00cffe07
- * scd/app.c (select_all_additional_applications_internal): Re-select
- first app. Add arg 'ctrl'.
-
-2020-05-22 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Clean up ECDH code path (5).
- + commit 510bda7d3754801be18a592694578589fe503fb8
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Now, it's only for
- encrytion.
- (pk_ecdh_decrypt): Use prepare_ecdh_with_shared_point and move decrypt
- code path in original pk_ecdh_encrypt_with_shared_point here.
- * g10/pkglue.h (pk_ecdh_encrypt_with_shared_point): Change API.
- * g10/pkglue.c (pk_encrypt): Follow the change.
-
- gpg: Clean up ECDH code path (4).
- + commit 64d93271bfce1968ebe61324b900875dbd6dd2eb
- * g10/ecdh.c (prepare_ecdh_with_shared_point): New.
- (pk_ecdh_encrypt_with_shared_point): Fixing error paths for closing
- the cipher handle, use prepare_ecdh_with_shared_point.
-
- gpg: Clean up ECDH code path (3).
- + commit 80c02d13d9994abae9e67c3554528352c621cd9b
- * g10/ecdh.c (derive_kek): New.
- (pk_ecdh_encrypt_with_shared_point): Use derive_kek.
-
- gpg: Clean up ECDH code path (2).
- + commit a973d9113840282468015eb26f07f2b32f977d70
- * g10/ecdh.c (build_kdf_params): New.
- (pk_ecdh_encrypt_with_shared_point): Use build_kdf_params, and check
- things before extract_secret_x.
-
- gpg: Clean up ECDH code path (1).
- + commit 960d37644cbbe2a234352d0bc58095e2b0371eec
- * g10/ecdh.c (extract_secret_x): New.
- (pk_ecdh_encrypt_with_shared_point): Use extract_secret_x.
-
-2020-05-20 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: dns: Fix allocation of string buffer in stack.
- + commit 30eef28bc0f5deaa1b4b7f04293a6527524280a9
- * dirmngr/dns.h (dns_strsection, dns_strclass)
- (dns_strtype): Change APIs.
- * dirmngr/dns.c (dns_p_lines): Use __dst for dns_strsection.
- (dns_rr_print): Use __dst for dns_strclass and dns_strtype.
- (dns_trace_dump): Likewise.
- (dns_ai_print): Use __dst for dns_strtype.
- (dns_strsection): Add an argument __dst for storage.
- (dns_strclass, dns_strtype): Likewise.
- (parse_packet): Use __dst for dns_strsection.
- (send_query): Use __dst for dns_strtype.
- (isection): Use __dst for dns_strsection.
- (iclass): Use __dst for dns_strclass.
- (itype): Use __dst for dns_strtype.
-
-2020-05-19 Werner Koch <wk@gnupg.org>
-
- sm: Create ECC certificates with AKI and SKI by default.
- + commit 44676819f2873705b78849e7b2fd22214b691642
- * sm/certreqgen.c (create_request): Create AKI and SKI by default.
-
- common: New function to extract Q from an ECC key.
- + commit 3cd9dac7e0976643c6e4b6537cf363b2b12d422f
- * common/sexputil.c (get_ecc_q_from_canon_sexp): New.
-
-2020-05-18 Werner Koch <wk@gnupg.org>
-
- sm: Support creation of EdDSA certificates.
- + commit 6dc3846d78192e393be73c16c72750734a9174d1
- * sm/misc.c (transform_sigval): Support EdDSA.
- * sm/certreqgen.c (create_request): Support EdDSA cert creation.
- * sm/certcheck.c (gpgsm_check_cert_sig): Map some ECC algo OIDs to
- hash algos.
- * sm/call-agent.c (struct sethash_inq_parm_s): New.
- (sethash_inq_cb): New.
- (gpgsm_agent_pksign): Add mode to pass plain data for EdDSA.
-
- agent: Allow to use SETHASH for arbitrary data.
- + commit b18fb0264abdb6cb0a99ba0ba941dc9a6e35f74a
- * agent/agent.h (struct server_control_s): Add field digest.data.
- * agent/gpg-agent.c (agent_deinit_default_ctrl): Free that field.
- * agent/command.c (reset_notify): Ditto.
- (start_command_handler): ditto.
- (cmd_sethash): Add new option --inquire.
- * agent/call-scd.c (agent_card_pksign): For now return an error if
- inquire mode was used.
- * agent/command-ssh.c (ssh_handler_sign_request): Make sure
- digest.data is cleared.
- * agent/divert-scd.c (divert_pksign): Implement inquire mode.
- * agent/pksign.c (agent_pksign_do): Ditto.
-
-2020-05-13 Werner Koch <wk@gnupg.org>
-
- sm: Support import and verification of EdDSA certificates.
- + commit b1694987bb6484405d41d34046a5290176feadd0
- * sm/certdump.c (gpgsm_get_serial): New.
- * sm/certcheck.c (gpgsm_check_cert_sig): Support EdDSA signatures.
-
-2020-05-11 Werner Koch <wk@gnupg.org>
-
- sm: Support signing using ECDSA.
- + commit f44d395bdfec464b1e2a0a1aef39561e6e48a45c
- * sm/gpgsm.h (struct certlist_s): Add helper field pk_algo.
- * sm/sign.c (gpgsm_sign): Store the public key algo. Take the hash
- algo from the curve. Improve diagnostic output in verbose mode.
-
-2020-05-08 Werner Koch <wk@gnupg.org>
-
- sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
- + commit 68b857df13c8a4e6cae5e3a29fd065bf90764547
- * sm/decrypt.c (ecdh_decrypt): Support
- dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ...
- (ecdh_derive_kek): new global function. Allow for hashs shorter than
- the key.
- (hash_ecc_cms_shared_info): Make file-only.
- * sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
- new ecdh_derive_kek. Add test code to create data using
- dhSinglePass-stdDH-sha1kdf-scheme.
- * sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
- * sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
-
- sm: Print algorithm infos in data decryption mode.
- + commit 439c9b5cb55044f13d4af6563f4e791093d510b0
- * common/sexputil.c (cipher_mode_to_string): New.
- * sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
- (gpgsm_decrypt): Show key algo and fingerprint
-
- sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA.
- + commit 34b628db4618a8712536aea695f934b0286e7b18
- * common/sexputil.c (pubkey_algo_to_string): New.
- * sm/certcheck.c (do_encode_md): Replace GCRY_PK_ECDSA by GCRY_PK_ECC.
- * sm/certreqgen-ui.c (check_keygrip): Add all ECC algorithms.
- * sm/gpgsm.c (our_pk_test_algo): Also allow EdDSA.
- * sm/verify.c (gpgsm_verify): Map ECC algo to ECDSA. Use new pubkey
- algo name function
-
- sm: Improve readability of the data verification output.
- + commit a759fa963a42e0652134130029217270b6d5d00b
- * sm/verify.c (gpgsm_verify): Print the used algorithms.
-
-2020-05-07 Werner Koch <wk@gnupg.org>
-
- card: Allow listing of NKS cards.
- + commit 94966347452632f8140fae70f7fcbadcc2b81071
- * tools/card-call-scd.c (learn_status_cb): Always fill chvinfo.
- * tools/gpg-card.h (struct card_info_s): Increase size of chvinfo and
- chvmaxlen.
- * tools/gpg-card.c (list_nks): New.
- (print_a_version): Support single part version numbers.
- (list_card): Call list_nks.
-
- scd:nks: Add framework to support IDKey cards.
- + commit 1f6a39092fe4b5f02bc4741a0a23d102d30f4063
- * scd/app-nks.c (NKS_APP_IDLM): New.
- (struct app_local_s): Replace NKS_VERSION by the global APPVERSION.
- (do_learn_status): Always send CHV-STATUS.
- (find_fid_by_keyref): Basic support for IDLM only use.
- (do_learn_status_core): Ditto.
- (do_readcert): Ditto.
- (verify_pin): Ditto.
- (parse_pwidstr): Ditto.
- (do_with_keygrip): Ditto.
- (switch_application): Ditto.
- (app_select_nks): Fallback to IDLM.
-
- scd:nks: Get the PIN prompts right for the Signature Card.
- + commit aecc008acb64ebbb6c667c4a128af4e61da57f84
- * scd/app-nks.c (get_dispserialno): Move more to the top.
- (do_getattr): Add $DISPSERIALNO and SERIALNO. Make CHV-STATUS work
- with NKS15.
- (verify_pin): Use dedicated min. PIN lengths.
- (parse_pwidstr): Support NKS15
-
- sm: Print the key types as standard key algorithm strings.
- + commit 5c29d25e6c7c0a5a63ab4c46d4624217307adb78
- * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ...
- (gpgsm_get_key_algo_info2): new.
- (gpgsm_pubkey_algo_string): New.
- * sm/keylist.c (list_cert_colon): Put curve into field 17
- (list_cert_raw): Print the unified key algotithm string instead of the
- algo and size.
- (list_cert_std): Ditto.
-
- scd:nks: Support decryption using ECDH.
- + commit af45d884aa1c3eccbc6972a2e5197ece3fd1987a
- * scd/app-nks.c (struct fid_cache_s): Add field 'algo'.
- (keygripstr_from_pk_file): Add arg 'r_algo' to return the algo.
- (find_fid_by_keyref): Ditto.
- (get_dispserialno): New.
- (make_prompt): New.
- (verify_pin): Provide better prompts.
- (do_decipher): Support ECDH.
- (parse_pwidstr): Add hack tospecify any pwid..
- (do_change_pin): Support Signature Card V2.0 (NKS15) style NullPIN.
- Provide a better prompt.
-
- sm: Support decryption of ECDH data using a smartcard.
- + commit ee6d29f1797e06977ae3d2edae9edc1165c6f144
- * sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
- (prepare_decryption): Add arg nbits and pass on.
- (gpgsm_decrypt): Pass size of curve to prepare_decryption.
-
-2020-05-05 Werner Koch <wk@gnupg.org>
-
- scd: Extend an internal function to also return the algo.
- + commit 314859d7e7de5010ca1e9d90b83acf3bc8493631
- * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
- r_algo. Change all callers.
- (app_help_get_keygrip_string): Ditto.
-
-2020-05-04 Werner Koch <wk@gnupg.org>
-
- scd:nks: Add do_with_keygrip and implement a cache.
- + commit 1e72a1a218490c0fc07811a02ddad6cc38913f77
- * scd/app-nks.c (struct fid_cache_s): New.
- (struct app_local_s): Add field 'fid_cache'.
- (do_deinit): Release the cache.
- (keygripstr_from_pk_file): Implement the cache.
- (find_fid_by_keyref): New
- (do_sign, do_decipher): Use new function.
- (do_with_keygrip): New.
-
- sm: Support encryption using ECDH keys.
- + commit d5051e31a8fc07c339253c6b82426e0d0115a20a
- * sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
- * sm/encrypt.c (ecdh_encrypt): New.
- (encrypt_dek): Add arg PK_ALGO and support ECDH.
- (gpgsm_encrypt): Pass PK_ALGO.
-
-2020-04-27 Werner Koch <wk@gnupg.org>
-
- sm: Add support to export ECC private keys.
- + commit 5da6925a334c68d736804d8f19a684a678409d99
- * sm/minip12.c [TEST]: Remove test code. Include util.h, tlv.h. and
- openpgpdefs.h. Remove the class and tag constants and replace them by
- those from tlv.h.
- (builder_add_oid, builder_add_mpi): New.
- (build_key_sequence): Rename to ...
- (build_rsa_key_sequence): this.
- (build_ecc_key_sequence): New.
- (p12_build): Call RSA or ECC builder.
- (p12_raw_build): Ditto.
- * sm/export.c (gpgsm_p12_export): Use correct armor header for ECC.
- (sexp_to_kparms): Support ECC.
-
- * sm/t-minip12.c: New to replace the former TEST code in minip12.h.
-
-2020-04-24 Werner Koch <wk@gnupg.org>
-
- common: Add an easy to use DER builder.
- + commit 5ea878274ef51c819368f021c69c518b9aef6f82
- * common/tlv-builder.c: New.
- * common/tlv.c: Remove stuff only used by GnuPG 1.
- (put_tlv_to_membuf, get_tlv_length): Move to ...
- * common/tlv-builder.c: here.
- * common/tlv.h (tlv_builder_t): New.
-
-2020-04-23 Werner Koch <wk@gnupg.org>
-
- sm: Support decryption of ECDH data.
- + commit 95d83cf906177fe9f00e88ae42d4c118c7db4371
- * sm/decrypt.c: Include tlv.h.
- (string_from_gcry_buffer): New.
- (hash_ecc_cms_shared_info): New.
- (ecdh_decrypt): New.
- (prepare_decryption): Support ECDH. Add arg pk_algo.
- (gpgsm_decrypt): Lift some variables from an inner code block.
-
- common: Add functions to help create DER objects.
- + commit 5d015b38eb9f828acf522fa89e4944f3b343678c
- * common/tlv.c (put_tlv_to_membuf): New.
- (get_tlv_length): New.
- * common/tlv.h: Include membuf.h.
-
-2020-04-21 Werner Koch <wk@gnupg.org>
-
- sm: Support import of PKCS#12 encoded ECC private keys.
- + commit 8dfef5197af9f655697e0095c6613137d51c91e7
- * sm/minip12.c: Include ksba.h.
- (oid_pcPublicKey): New const.
- (parse_bag_data): Add arg 'r-curve'. Support parsing of ECC private
- keys.
- (p12_parse): Add arg 'r_curve'.
- * sm/import.c (parse_p12): Support ECC import.
-
-2020-04-17 Werner Koch <wk@gnupg.org>
-
- scd:nks: Allow retrieving certificates from a Signature Card v.20.
- + commit f05a32e5c9db7d0840c74fccc350a9e0ff5fb819
- * scd/app-nks.c: Major rework to support non-RSA cards.
-
- scd: Detect missing card in "getinfo all_active_apps".
- + commit 3633ca6e21f7feb97b6690025614575bb6909f8b
- * scd/app.c (send_card_and_app_list): Detect no app case.
-
-2020-04-16 Werner Koch <wk@gnupg.org>
-
- sm: Always allow authorityInfoAccess lookup if CRLs are also enabled.
- + commit bbb7edb8807b7d3c8bb5284d8fdf21adb67cd87d
- * sm/certchain.c (find_up): Disable external lookups in offline mode.
- Always allow AKI lookup if CRLs are also enabled.
-
- sm: Lookup missing issuers first using authorityInfoAccess.
- + commit f5efbd5a1169ca7700f430a4a26ba086e603c887
- * sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and
- adjust all callers.
- * sm/certchain.c (oidstr_caIssuers): New.
- (struct find_up_store_certs_s): Add additional fields.
- (find_up_store_certs_cb): Store the fingerprint.
- (find_up_via_auth_info_access): New.
- (find_up): Try the AIA URI first.
-
- dirmngr: Allow http URLs with "LOOKUP --url"
- + commit 7f1be1ea524ee53d8c7b628e0305b61ebad4ab25
- * dirmngr/crlfetch.c (read_cert_via_http): New.
- (fetch_cert_by_url): Implement http scheme.
-
- gpg: Make AEAD modes subject to compliance checks.
- + commit cec397e00240829495de2b487fe60d997d810c03
- * g10/decrypt-data.c (decrypt_data): Move aead algo detection up.
-
-2020-04-15 Werner Koch <wk@gnupg.org>
-
- gpg: Fix broken setting of AEAD algo.
- + commit df0edaf91a220f8c6dffbfd1f795e229858b096b
- * g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
-
- sm,dirmngr: Restrict allowed parameters used with rsaPSS.
- + commit c0d5c673542b3d517c33fe1a9ab26bcda1a5a95f
- * sm/certcheck.c (extract_pss_params): Check the used PSS params.
- * dirmngr/crlcache.c (finish_sig_check): Ditto.
- * dirmngr/validate.c (check_cert_sig): Ditto.
-
-2020-04-15 NIIBE Yutaka <gniibe@fsij.org>
-
- regexp: Fix generation of _unicode_mapping.c.
- + commit 50b320952e99ea20f9b77c6c501280fe37fd2598
- * configure.ac (AWK_HEX_NUMBER_OPTION): Detect GNU Awk.
- * regexp/Makefile.am: Use AWK_HEX_NUMBER_OPTION.
- * regexp/parse-unidata.awk: Don't use strtonum.
-
-2020-04-14 Werner Koch <wk@gnupg.org>
-
- sm: Support rsaPSS verification also for CMS signatures.
- + commit 6c28d9343ea6df9cda1b69e77751a9e958eb3d70
- * sm/certcheck.c (gpgsm_check_cert_sig): Factor PSS parsing out to ...
- (extract_pss_params): new.
- (gpgsm_check_cms_signature): Implement PSS.
-
-2020-04-09 Werner Koch <wk@gnupg.org>
-
- dirmngr: Support rsaPSS also in the general validate module.
- + commit ba34f1415366d91d1831d717ec310ddda33f9cc4
- * dirmngr/validate.c (hash_algo_from_buffer): New.
- (uint_from_buffer): New.
- (check_cert_sig): Support rsaPSS.
- * sm/certcheck.c (gpgsm_check_cert_sig): Fix small memory leak on
- error.
-
- sm,dirmngr: Support rsaPSS signature verification.
- + commit b45ab0ca08f8d6f9831192210b9ab141f4e450cf
- * sm/certcheck.c (hash_algo_from_buffer): New.
- (uint_from_buffer): New.
- (gpgsm_check_cert_sig): Handle PSS.
- * dirmngr/crlcache.c (hash_algo_from_buffer): New.
- (uint_from_buffer): New.
- (start_sig_check): Detect PSS and extract hash algo. New arg to
- return a PSS flag.
- (finish_sig_check): New arg use_pss. Extract PSS args and use them.
- (crl_parse_insert): Pass use_pss flag along.
-
- common: New function to map hash algo names.
- + commit 5d5b70ae0f515290a3d64daa1d687fe8c8477f76
- * common/sexputil.c (hash_algo_to_string): New.
-
- scd:p15: Return a display S/N via Assuan.
- + commit bfedc760efdcf606da7c214e84d12a10ee4cbcc0
- * scd/app-p15.c (make_pin_prompt): Factor some code out to ...
- (get_dispserialno): this.
- (do_getattr): Use new fucntion for a $DISPSERIALNO.
-
-2020-04-08 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: ECDH: Accept longer padding.
- + commit fd79cadf7ba5ce45dfb5e266975f58bf5c7ce145
- * g10/pubkey-enc.c (get_it): Remove check which mandates shorter
- padding.
-
-2020-04-07 Werner Koch <wk@gnupg.org>
-
- scd:p15: Show a pretty PIN prompt.
- + commit 9ec8d984be4676126843d5aa7dfd0b7d71eff13c
- * scd/app-p15.c (struct prkdf_object_s): New fields common_name and
- serial_number.
- (release_prkdflist): Free them.
- (keygrip_from_prkdf): Parse cert and set them.
- (any_control_or_space): New.
- (make_pin_prompt): New.
- (verify_pin): Construct a pretty PIN prompt.
- (do_sign): Remove debug output.
-
- scd: Return GPG_ERR_BAD_PIN on 0x63Cn status word.
- + commit f28795b615c3042f6eb7c9d941e232d0da50efbc
- * scd/iso7816.c (map_sw): Detect 0x63Cn status code.
-
- scd: Factor common PIN status check out.
- + commit 60d018f6a91c4c90b8ecf13f88ac4256699f4007
- * scd/iso7816.h (ISO7816_VERIFY_ERROR): New.
- (ISO7816_VERIFY_NO_PIN): New.
- (ISO7816_VERIFY_BLOCKED): New.
- (ISO7816_VERIFY_NULLPIN): New.
- (ISO7816_VERIFY_NOT_NEEDED): New.
- * scd/iso7816.c (iso7816_verify_status): New.
- * scd/app-nks.c (get_chv_status): Use new function.
- * scd/app-piv.c (get_chv_status): Ditto.
- (verify_chv): Ditto.
-
- scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
- + commit 42ddcc87f4bca40d605d133b6cdb4e761a49a1c9
- * scd/iso7816.c (iso7816_select_mf): New.
- * scd/app-p15.c (card_product_t): New.
- (struct app_local_s): Add field 'card_product'.
- (read_ef_tokeninfo): Detect D-Trust card.
- (prepare_verify_pin): Switch to D-Trust AID.
- (do_decipher): Restore a SE for D-TRust cards. Chnage the passing
- indicator to 0x81.
-
-2020-04-06 NIIBE Yutaka <gniibe@fsij.org>
-
- tools: Use internal regexp routines.
- + commit 7ee2a9687da9560a5d17c7046c87c2f7a6733d5c
- * tools/gpg-check-pattern.c: Use jimregexp.h.
-
-2020-04-03 Werner Koch <wk@gnupg.org>
-
- scd:p15: Emit MANUFACTURER, $ENCRKEYID, $SIGNKEYID.
- + commit aa60645b997d23ac2958f75fd349c1cd7b8af902
- * scd/app-p15.c (read_ef_tokeninfo): Store manufacturer_id.
- (do_getattr): Implement MANUFACTURER, $ENCRKEYID and $SIGNKEYID.
- (send_keypairinfo): Also print usage flags.
-
- gpg,card: Use the new MANUFACTURER attribute.
- + commit 15352b0eac335e7993fcd7720106a3a7d22caae1
- * tools/gpg-card.h (struct card_info_s): Add manufacturer fields.
- * tools/card-call-scd.c (release_card_info): Release them.
- (learn_status_cb): Parse MANUFACTURER attribute.
- * tools/gpg-card.c (get_manufacturer): Remove.
- (list_card): Use the new attribute.
- * g10/call-agent.h (struct agent_card_info_s): Add manufacturer fields.
- * g10/call-agent.c (agent_release_card_info): Release them.
- (learn_status_cb): Parse MANUFACTURER attribute.
- * g10/card-util.c (get_manufacturer): Remove.
- (current_card_status): Use new attribute.
-
- scd:openpgp: New attribute "MANUFACTURER".
- + commit 541a6a903e79c9146a379f5c6c0fb34e6c2b42c4
- * scd/app-openpgp.c (get_manufacturer): New..
- (do_getattr): Add new attribute "MANUFACTURER".
- (do_learn_status): Always print it.
-
-2020-04-03 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Add regular expression support.
- + commit ba247a114c75a84473c11c1484013b09fbb9bcd1
- * AUTHORS, COPYING.other: Update.
- * Makefile.am (SUBDIRS): Add regexp sub directory.
- * configure.ac (DISABLE_REGEX): Remove.
- * g10/Makefile.am (needed_libs): Add libregexp.a.
- * g10/trustdb.c: Remove DISABLE_REGEX support.
- * regexp/LICENSE, regexp/jimregexp.c, regexp/jimregexp.h,
- regexp/utf8.c, regexp/utf8.h: New from Jim Tcl.
- * regexp/UnicodeData.txt: New from Unicode.
- * regexp/Makefile.am, regexp/parse-unidata.awk: New.
- * tests/openpgp/Makefile.am: Remove DISABLE_REGEX support.
- * tools/Makefile.am: Remove DISABLE_REGEX support.
-
-2020-04-02 Werner Koch <wk@gnupg.org>
-
- scd:p15: Implement do_with_keygrip and capabilities.
- + commit 61c5b0767fac4c2d7fe95cdbc6d0f0a94878c813
- * scd/app-p15.c (prepare_verify_pin): Allow use without an AODF.
- (verify_pin): Ditto.
- (do_with_keygrip): Implement capability restrictions.
-
- scd:p15: Rename some variables and functions for clarity.
- + commit 8149742ddfea6c76898786cb7de7c92bbf8aab0a
- * scd/app-p15.c: Rename keyinfo to prkdf.
-
- scd: Use Gcrypt usage constants for the do_with_keygrip capabilities.
- + commit 5b7b42e2b2b7ba7b88f89ff4b4ee7baf0eef2a04
- * scd/command.c (cmd_keyinfo): Use Gcrypt constants for CAP.
- * scd/app-openpgp.c (do_with_keygrip): Adjust for them.
- * scd/app-piv.c (do_with_keygrip): Ditto.
-
-2020-04-02 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: New command DEVINFO.
- + commit 2ccbcfec121f768574a59aa2ecff22d8b422d61b
- * scd/app.c (notify_cond): New condition variable.
- (app_send_devinfo, app_wait): New.
- (scd_update_reader_status_file): Kick NOTIFY_COND.
- (initialize_module_command): Initialize NOTIFY_COND.
- * scd/command.c (struct server_local_s): Add watching_status.
- (cmd_devinfo): New.
- (register_commands): Add DEVINFO command.
- (send_client_notifications): Write status change to DEVINFO channel.
- * scd/scdaemon.h (app_wait, app_send_devinfo): New.
-
-2020-04-01 Werner Koch <wk@gnupg.org>
-
- scd:p15: Cache the PIN.
- + commit 29f8f52bf8161c238c26389ab178caa98801234e
- * scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
- (verify_pin): Make use of it.
-
- scd:p15: Run a keygrip_from_prkdf before verify_pin.
- + commit 132d82c1582009013af5c7bdb17cbaaa8807c70e
- * scd/app-p15.c (do_sign): Move keygrip_from_prkdf before PIN
- verification.
- (do_decipher): Add keygrip_from_prkdf.
-
- scd:p15: Support decryption with CardOS 5 cards.
- + commit ca4391399c690a45270cca30f03ac564c394c1f6
- * scd/app-p15.c (do_decipher): New.
-
- scd:p15: Factor PIN verification out to a new function.
- + commit 375b1454875ff079efc122e33b1216b412eecfaf
- * scd/app-p15.c (do_sign): Factor code out to ...
- (prepare_verify_pin, verify_pin): new functions.
-
- sm: Fix a warning in an es_fopencooie function.
- + commit c7ff8c59b9252f8f27cabee3fea503f06c7d46ff
- * sm/certdump.c (format_name_writer): Take care of a flush request.
-
-2020-03-31 Werner Koch <wk@gnupg.org>
-
- scd:p15: Support signing with CardOS 5 cards.
- + commit 103c1576b73ed75b771a8ffd1c97628651b99797
- * scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
- r_pkey and change all callers.
- (app_help_get_keygrip_string): Ditto.
- * scd/app-p15.c (struct cdf_object_s): Use bit flags
- (struct aodf_object_s): Ditto. Add field 'fid'.
- (struct prkdf_object_s): Ditto. Add fields keygrip, keyalgo, and
- keynbits.
- (parse_certid): Allow a keygrip instead of a certid aka keyref.
- (read_ef_aodf): Store the FID.
- (keygripstr_from_prkdf): Rename to ...
- (keygrip_from_prkdf): this. Remove arg r_gripstr and implement cache.
- Change callers to directly use the values from the object. Also store
- the algo and length of the key ion the object.
- (keyref_from_keyinfo): New. Factored out code.
- (do_sign): Support SHA-256 and >2048 bit RSA keys.
- (do_with_keygrip): New.
- (app_select_p15): Register new function.
-
- scd:p15: Read certificates in extended mode.
- + commit 2bdd4fc7b6cfd9ac5410d20f1cee66567a6b24c5
- * scd/app-p15.c (readcert_by_cdf): Allow reading in extended mode.
-
- scd: Add function for binary read in extended mode.
- + commit c9ad81070a2bb1116d3f096a440c43e57e6f933a
- * scd/iso7816.c (iso7816_read_binary): Factor code out to ...
- (iso7816_read_binary_ext): new function. Add arg extended_mode.
-
-2020-03-30 Werner Koch <wk@gnupg.org>
-
- scd:p15: Detect CardOS 5 cards and print some basic infos.
- + commit 8a68d497f1dd0b124318eb47db9da0c4b64c8b8b
- * scd/app-p15.c (read_ef_odf): Detect the home_DF on the fly. Silence
- the garbage warning for null bytes.
- (print_tokeninfo_tokenflags): New.
- (read_ef_tokeninfo): Print manufacturer, label, and flags.
- (app_select_p15): No need to use the app_get_slot macro.
- (CARD_TYPE_CARDOS_50): New const.
- (card_atr_list): Detect CardOS 5.0
-
- agent: Print an error if gpg-protect reads the extended key format.
- + commit c5c21a064671dc8e461434d19cbde67b89df25e2
- * agent/protect-tool.c (read_key): Detect simple extended key format.
-
- sm: Fix possible NULL deref in error messages of --gen-key.
- + commit 9c5c7c6f602c84589cd5c93a85a27b416e744338
- * sm/certreqgen.c: Protect printing the liniernur in case of !R.
-
-2020-03-27 Werner Koch <wk@gnupg.org>
-
- sm: Consider certificates w/o CRL DP as valid.
- + commit 0b583a555e75fbb9140310390a267febd3329a12
- * sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
- * common/audit.c (proc_type_verify): Print "n/a" if a cert has no
- distribution point.
- * sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
- * sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
- (opts): Add option --enable-issuer-based-crl-check.
- (main): Set option.
-
- scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
- + commit 4c4999b8185ace55eb5f3a6fa7d3dc0a77267b63
- * scd/app-openpgp.c (check_keyidstr): Add optional arg r_use_auth to
- test also for OpenPGP.3.
- (do_sign): Enable that new mode.
-
-2020-03-27 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgsm: Fix the previous commit.
- + commit e06a8e3e87f044a5bf6ee06f92cc4fd2a0914863
-
-
-2020-03-26 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgsm: Support key generation with ECC.
- + commit 49ea53b755f0fef468055a1493e790735908f865
- * sm/certreqgen.c (pKEYCURVE): New.
- (read_parameters): Add pKEYCURVE handling.
- (proc_parameters): Support ECC key generation.
-
- gpgsm: Remove restriction of key generation (only RSA).
- + commit 238707db8b05a385af5419e606ea5110ace31d2b
- * sm/certreqgen.c (proc_parameters): Remove checking GCRY_PK_RSA.
-
-2020-03-19 Werner Koch <wk@gnupg.org>
-
- gpgconf: Take care of --homedir when reading/updating options.
- + commit c1844ca7520f9a67bff85ee4fbf49c6725668289
- * tools/gpgconf-comp.c (gpg_agent_runtime_change): Remove unused var.
- (scdaemon_runtime_change): Ditto.
- (dirmngr_runtime_change): Ditto.
- (gc_component_check_options): Pass --homedir if needed.
- (retrieve_options_from_program): Take care of --homedir.
-
-2020-03-18 Werner Koch <wk@gnupg.org>
-
- gpg: Also allow a v5 fingerprint for --trusted-key.
- + commit 4287f89557b3bc9ab2876331e1bcb143d759fb47
- * g10/trustdb.c (tdb_register_trusted_key): Add case for 32 octet
- fingerprints.
-
-2020-03-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Update --trusted-key to accept fingerprint as well as long key id.
- + commit 810ea2cc684480c6aadceb2a10dd00f3fa67f2fb
- * g10/trustdb.c (tdb_register_trusted_key): accept fingerprint as well
- as long key ID.
- * doc/gpg.texi: document that --trusted-key can accept a fingerprint.
-
-2020-03-18 Werner Koch <wk@gnupg.org>
- gniibe@fsij.org
-
- gpg: Fix key expiration and usage for keys created at the Epoch.
- + commit 161a098be6f9d50fb5f7e120baee81e75d6eb5ad
- * g10/getkey.c (merge_selfsigs_main): Take a zero key creation time in
- account.
-
-2020-03-14 Werner Koch <wk@gnupg.org>
-
- gpgconf: Further simplify the gpgconf option processing.
- + commit 451cd1b3928172b312ca2597c3318e6e9e8be97d
- * common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
- * tools/gpgconf-comp.c: here.
- (known_options_scdaemon): Remove "options".
- (known_options_dirmngr): Remove "options".
- (known_options_gpgsm): Remove "options".
- (known_options_gpg): Remove "options" and "keyserver".
- (struct gc_option_s): Rename active t gpgconf_list.
- (gc_component_list_options): Do not act upon active.
- (option_check_validity): Ditto.
- (is_known_option): Make it work correctly for unknown options.
- (retrieve_options_from_program): Use renamed flag gpgconf_list only to
- detect duplicated items from --gpgconf-list. Do not set runtime.
- Only e set the options if set by --gpgconf-list; never clear them.
- * agent/gpg-agent.c: Simplify the --gpgconf-list output.
- * dirmngr/dirmngr.c: Ditto.
- * g10/gpg.c: Ditto.
- * kbx/keyboxd.c: Ditto.
- * scd/scdaemon.c: Ditto.
- * sm/gpgsm.c: Ditto.
- * tests/openpgp/gpgconf.scm: Use "compliance" instead of "keyserver"
- for the string arg test.
-
- gpg: New option --auto-key-import.
- + commit 6b306f45f4fbe36b90cec4685aabb267a61e283f
- * g10/gpg.c (opts): New options --auto-key-import,
- --no-auto-key-import, and --no-include-key-block.
- (gpgconf_list): Add them.
- * g10/options.h (opt): Add field flags.auto_key_import.
- * g10/mainproc.c (check_sig_and_print): Use flag to enable that
- feature.
- * tools/gpgconf-comp.c: Give the new options a Basic config level.
-
-2020-03-13 Werner Koch <wk@gnupg.org>
-
- gpg: Make use of the included key block in a signature.
- + commit 6a4443c8425fd548020553b22d5a16ffad98371f
- * g10/import.c (read_key_from_file): Rename to ...
- (read_key_from_file_or_buffer): this and add new parameters. Adjust
- callers.
- (import_included_key_block): New.
- * g10/packet.h (PKT_signature): Add field flags.key_block.
- * g10/parse-packet.c (parse_signature): Set that flags.
- * g10/sig-check.c (check_signature2): Add parm forced_pk and change
- all callers.
- * g10/mainproc.c (do_check_sig): Ditto.
- (check_sig_and_print): Try the included key block if no key is
- available.
-
- gpg: New option --include-key-block.
- + commit 865d485180240369a20d3be14d0c6499783df2b5
- * common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
- * g10/gpg.c (oIncludeKeyBlock): New.
- (opts): New option --include-key-block.
- (main): Implement.
- * g10/options.h (opt): New flag include_key_block.
- * g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
- (parse_one_sig_subpkt): Ditto.
- (can_handle_critical): Ditto.
- * g10/sign.c (mk_sig_subpkt_key_block): New.
- (write_signature_packets): Call it for data signatures.
-
- gpg: Add property "fpr" for use by --export-filter.
- + commit 32493ce50ad880de7b548d7870c6040a8233a8f5
- * g10/export.c (push_export_filters): New.
- (pop_export_filters): New.
- (export_pubkey_buffer): Add args prefix and prefixlen. Adjust
- callers.
- * g10/import.c (impex_filter_getval): Add property "fpr".
- * g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
-
-2020-03-12 Werner Koch <wk@gnupg.org>
-
- gpgconf: Rewrite the gpgconf-comp module.
- + commit b4f1159a5bd7b2799d7d35e883e0632ebf3339c8
- * tools/gpgconf.h (gc_component_t): Change type to ...
- (gc_component_id_t): this.
- (GC_COMPONENT_ANY): New, so that we can use that in gpgconf-comp.c
- directly.
- * tools/gpgconf-comp.c: Major rework.
-
-2020-03-06 Werner Koch <wk@gnupg.org>
-
- gpg: Re-group the options in the --help output.
- + commit 41eb5108ce59244d961df43bbf73b8aa6e95e9cd
- * g10/gpg.c (opts): Change oLoadExtensions, oStrict, and oNoStrict to
- use ARGPARSE_ignore and remove the code in the option switch.
-
- agent: Re-group the options in the --help output.
- + commit c693b7f4ade97357c33b410728bb741674255487
- * agent/gpg-agent.c (oGreeting): Remove non existant dummy option.
-
- gpgconf: Support reading global options (part 2).
- + commit 4423e9dcde5e1a8d73ff7386942fe3c0c4b917fc
- * tools/gpgconf-comp.c: Remove all regular option descriptions. They
- are now read in from the component. Also remove a few meanwhile
- obsolete options.
- * agent/gpg-agent.c: Add option description which were only set in
- gpgconf-comp.c.
- * dirmngr/dirmngr.c: Ditto.
- * scd/scdaemon.c: Ditto.
- * sm/gpgsm.c: Ditto.
- * g10/gpg.c: Ditto.
-
-2020-03-05 Werner Koch <wk@gnupg.org>
-
- gpgconf: Support reading global options (part 1).
- + commit d2425d1495f4fe4f5c3a79d7dc5571fda00849d8
- * tools/gpgconf.c (main): Set the coinfig directories.
- * tools/gpgconf-comp.c (gc_backend): Change the name of the config
- files.
- (struct gc_option): Add new field 'attr'.
- (retrieve_options_from_program): Rewrite to use gpgrt_argparser.
-
-2020-03-04 Werner Koch <wk@gnupg.org>
-
- common: Add xreallocarray function.
- + commit 6fa1808cb7639f0f3745b78c4b7ce902e42b228c
- * common/miscellaneous.c (xreallocarray): New func.
- * common/util.h (xtryreallocarray): New macro.
-
-2020-03-03 Werner Koch <wk@gnupg.org>
-
- gpgconf: Always use xmalloc.
- + commit 178b3772ff79148b496715da1b8ca5ba86caf2bc
- * tools/gpgconf-comp.c: Fix spelling of "cannot". Use log_assert
- instead of a plain assert.
- (gc_percent_escape, percent_deescape): Fail on malloc error.
-
-2020-02-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix the previous commit.
- + commit 19f70b5072b2ef80759ced83fe0dac9cf4dde830
- * scd/app-openpgp.c (do_setattr): Flush the KDF DO just before setting.
-
- scd: Improve setattr for KDF.
- + commit 3ba7c9bcf7f19b0a308499fcf3dbbb15da38799a
- * scd/app-openpgp.c (do_setattr): For setting KDF DO, support standard
- OpenPGP card, which needs to update PIN.
-
- scd: Fix pinpad handling when KDF enabled.
- + commit 11da441016222337284c519ff56aca34e3042373
- * scd/app-openpgp.c (do_getattr): Send the KDF DO information.
-
-2020-02-25 Werner Koch <wk@gnupg.org>
-
- gpg: Re-enable versioned config files.
- + commit 79f2318aa5c54c57220aa73251635d21cee0ccfa
- * g10/gpg.c (main): Use ARGPARSE_FLAG_USERVERS.
-
- gpg: Re-add checking of config file permissions.
- + commit 7e8f28653c1b4305758a61c064d793e32ba633d5
- * g10/gpg.c (main): Re-add permission checking of the user config
- file. Re-add code to check against the SE-Linux secured file list.
- (get_default_configname): Remove unused func.
- * configure.ac (SAFE_VERSION, SAFE_VERSION_DOT)
- (SAFE_VERSION_DASH): Remove.
-
-2020-02-22 Werner Koch <wk@gnupg.org>
-
- Use gpgrt's new option parser for the new keyboxd.
- + commit 833c04334a53530bd40d7dd815b6a0f1ffef296d
- * kbx/keyboxd.c: Switch to the new option parser and enable a global
- conf file.
-
- agent,dirmngr: Re-read the user specified config file.
- + commit 941a48f9b12b4c470686321bf4fd58c23b6cf86d
- * agent/gpg-agent.c (reread_configuration): Use a two-part config
- file.
- * dirmngr/dirmngr.c (reread_configuration): Ditto.
-
- Remove the now obsolete argparse code.
- + commit cdbe10b762f38449b86da69076209324b0c99982
- * tests/gpgscm/main.c: Switch to the new option parser.
- * common/argparse.c, common/argparse.h: Remove.
- * common/init.c (_init_common_subsystems): Do not call obsolete func.
- * common/Makefile.am (common_sources): Remove those files.
-
-2020-02-21 Werner Koch <wk@gnupg.org>
-
- Use gpgrt's new option parser for the remaining daemons.
- + commit ba463128ce65a0f347643f7246a8e097c5be19f1
- * scd/scdaemon.c: Switch to the new option parser and enable a global
- conf file.
- * dirmngr/dirmngr.c: Ditto.
- * g13/g13.c: Ditto.
- * g13/g13-syshelp.c: Ditto. Do not force verbose mode.
- * dirmngr/dirmngr_ldap.c: Switch to the new option parser.
- * dirmngr/dirmngr-client.c: Switch to the new option parser.
-
- Use gpgrt's new option parser for the tools.
- + commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
- * agent/preset-passphrase.c: Switch to the new option parser.
- * agent/protect-tool.c: Ditto.
- * kbx/kbxutil.c: Ditto.
- * tools/gpg-card.c: Ditto.
- * tools/gpg-check-pattern.c: Ditto.
- * tools/gpg-connect-agent.c: Ditto.
- * tools/gpg-pair-tool.c: Ditto.
- * tools/gpg-wks-client.c: Ditto.
- * tools/gpg-wks-server.c: Ditto.
- * tools/gpgconf.c: Ditto.
- * tools/gpgsplit.c: Ditto.
- * tools/gpgtar.c: Ditto.
-
-2020-02-20 Werner Koch <wk@gnupg.org>
-
- Use gpgrt's new option parser for gpgc, gpgsm, and gpg-agent.
- + commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
- * g10/gpgv.c: Use new option parser.
- * sm/gpgsm.c: Ditto.
- * agent/gpg-agent.c: Ditto.
- (opts): Add option --no-options.
-
- gpg: Use gpgrt's new option parser to provide a global conf file.
- + commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59
- * common/util.h: Remove argparse.h.
- * common/argparse.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS.
- * configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
- * agent/gpg-agent.c: Undef GPGRT_ENABLE_ARGPARSE_MACROS and include
- argparse.h. Do this also for all main modules which use our option
- parser except for gpg. Replace calls to strusage by calls to
- gpgrt_strusage everywhere.
-
- * g10/gpg.c (opts): Change type to gpgrt_opt_t. Flag oOptions and
- oNoOptions with ARGPARSE_conffile and ARGPARSE_no_conffile.
- (main): Change type of pargs to gpgrt_argparse_t. Rework the option
- parser to make use of the new gpgrt_argparser.
-
-2020-02-19 Werner Koch <wk@gnupg.org>
-
- card: New option --info for command list and select by s/n.
- + commit ee911df979e9b53787162367865ca24682adae6e
- * tools/gpg-card.c (cmd_list): add option --info. Factor soem code
- out to ...
- (print_card_list): new.
-
-2020-02-19 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix default-key selection when card is available.
- + commit 41913d76f7db4a7dabab26c1bc439c96ad86712f
- * g10/getkey.c (get_seckey_default_or_card): Handle the case
- when card key is not suitable for requested usage.
-
-2020-02-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Spelling cleanup.
- + commit 0904b8ef348a52335c378bee6dc90a978885d66f
- No functional changes, just fixing minor spelling issues.
-
- ---
-
- Most of these were identified from the command line by running:
-
- codespell \
- --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \
- --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \
- doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \
- NEWS README README.maint TODO
-
-2020-02-19 Nick Piper <nick.piper@cgi.com>
-
- doc: Correction of typo in documentation of KEY_CONSIDERED.
- + commit 0e1cbabc0ad4fe2ca9644fffb5cf27b1a8a1509f
-
-
-2020-02-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Disable pinpad if it's impossible by KDF DO.
- + commit 95c7498b76231d3297541172d878f6a26702539b
- * scd/app-openpgp.c (struct app_local_s): Add pinpad.disabled field.
- (do_getattr): Set pinpad.disabled field.
- (check_pinpad_request): Use the pinpad.disabled field.
- (do_setattr): Update pinpad.disabled field.
-
-2020-02-15 Werner Koch <wk@gnupg.org>
-
- gpgsm: Fix import of some CR,LF ternminated certificates.
- + commit 6248739799fd4a877529089375e2a4103d33e6f4
- * common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
- don't just rely on the padding chars. This could happen only with
- CR+LF termnmated PEM files. Also move the detection into the invalid
- character detection branch for a minor parser speedup.
-
-2020-02-13 Werner Koch <wk@gnupg.org>
-
- build: New configure option --disable-keyboxd.
- + commit 6cac2bd0382eb7ed0d249f077522516e64fc1d8f
- * configure.ac: Add option --dsiable-keyboxd
- * kbx/Makefile.am: Do not build keyboxd in that case.
-
- scd: Print the main app name also for not fully supported cards.
- + commit 11d917c7796dc748e2d798d327a045ba295994f4
- * scd/app.c (send_serialno_and_app_status): Add fallback.
-
- card: Fix openpgp subkey listing.
- + commit e582d8f5b2c1bac8b6ccdfd6412b621a2584eb7f
- * tools/gpg-card.c (list_one_kinfo): Fix printing of the subkeys.
-
- gpg: New option --full-timestrings.
- + commit 86312b920a1d5817903d7175e9c2109bcf521b7c
- * g10/options.h (opt): Add flags.full_timestrings.
- * g10/gpg.c (oFullTimestrings): New.
- (opts): New option.
- (main): Set new flag.
- * g10/keyid.c (dateonlystr_from_pk): New.
- (dateonlystr_from_sig): New.
- (datestr_from_pk): Divert to isotimestamp if requested.
- (datestr_from_sig): Ditto.
- (expirestr_from_pk): Ditto.
- (expirestr_from_sig): Ditto.
- (revokestr_from_pk): Ditto.
- * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and
- dateonlystr_from_pk.
-
- gpg: Changes to allow direct key generation from an OpenPGP card.
- + commit 14ac350f868ca71492c20c7b682d0b55b4893c9c
- * g10/call-agent.h (struct keypair_info_s): Add fields keytime and
- usage.
- * g10/call-agent.c (struct keypairinfo_cb_parm_s): New.
- (scd_keypairinfo_status_cb): Rework to store parsed KEYPAIRINFO data.
- (agent_scd_keypairinfo): Change accordingly.
- (agent_scd_readkey): Add arg ctrl and change callers. Change return
- arg from an strlist_t to a keypair_info_t.
- (readkey_status_cb): Use KEYPAIRINFO instead of KEY-TIME.
- * g10/keygen.c (pSUBKEYCREATIONDATE): New.
- (pAUTHKEYCREATIONDATE): New.
- (get_parameter_u32): Allow for new parameters.
- (do_create_from_keygrip): For card keys use direct scd call which does
- not create a stub file.
- (ask_algo): Rework to use the new keypair_info_t as return from
- agent_scd_keypairinfo.
- (parse_key_parameter_part): Likewise. Also get and return the key
- creation time using a arg.
- (parse_key_parameter_string): New args r_keytime and r_subkeytime.
- (parse_algo_usage_expire): New arg r_keytime.
- (proc_parameter_file): Ignore the explict pCREATIONDATE for card keys.
- (quickgen_set_para): New arg keytime.
- (quick_generate_keypair): Get the keytimes and set the pCARDKEY flag.
- (generate_keypair): Likewise.
- (do_generate_keypair): Implement the cardkey with keytime thingy.
- (generate_subkeypair): Use the keytime parameters.
- * g10/keygen.c (pAUTHKEYCREATIONDATE): New. Not yet set but may come
- handy later.
- (get_parameter_u32): Take care of that.
- (do_generate_keypair): For cardkeys sign with the current time.
-
- card: Take the key creation time from the KEYPAIRINFO.
- + commit e63f8bee4044e0cc9ebc1f9c0f9f6b63660d45e8
- * tools/card-call-scd.c (learn_status_cb): Adjust for recent change.
-
- scd:openpgp: Return key creation time as part of KEYPARIINFO.
- + commit 1ad84aabb410e56bea074b82a06fe32b2897b660
- * scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time
- as part of a KEYPAIRINFO.
- (do_readkey): Do not return the KEY-TIME anymore.
-
- agent: Allow signing with card key even without a stub key.
- + commit 638526d37fee0a1febac9d29fab384b913819fc9
- * agent/call-scd.c (agent_card_serialno): Allow NULL for R_SERIAL.
- (struct readkey_status_parm_s): New.
- (readkey_status_cb): New.
- (agent_card_readkey): Add optional arg R_KEYREF and change all
- callers.
- * agent/findkey.c (key_parms_from_sexp): Allow also a "public-key".
- * agent/divert-scd.c (ask_for_card): Allow for SHADOW_INFO being NULL.
- * agent/pksign.c (agent_pksign_do): Fallback to sign with an on-card
- if there is no stub key yet. Create the stub key. Also fixed a
- misnaming between s_pkey and s_skey.
-
-2020-02-12 Werner Koch <wk@gnupg.org>
-
- gpg: Rename the struct card_key_info_s.
- + commit 8c63430d1a40a70ff8b4ddf1ed0fcabf9c0afbcc
- * g10/call-agent.h (struct card_key_info_s): Rename to ...
- (struct keypair_info_s): this.
- (keypair_info_t): New. Use this everywhere instead of
- card_key_info_s.
- * g10/call-agent.c (agent_scd_free_keyinfo): Rename to ..
- (free_keypair_info): this. Change all callers.
-
- card: Fix parsing of the received card_list.
- + commit 125c959677d55a8cf663c2dc248a3fc6f9be50bb
- * tools/card-call-scd.c (scd_cardlist): Allow for SERIALNO without any
- apps.
-
- card: List more info for an OpenPGP key.
- + commit 1abfce82bd525de2976c31b83bb0e67e33364e58
- * tools/gpg-card.h (struct pubkey_s): Add field created.
- * tools/card-keys.c (parse_key_record): Set that field.
- * tools/gpg-card.c (print_shax_fpr): Print the fingerprint without
- spaces for easier c+p.
- (list_one_kinfo): Print the actual used fingerprint and creation date
- from the keyblock.
-
- card: New option --no-key-lookup.
- + commit 2c6092bc5d794ae36cbf2f6b62337dc23f57bf3e
- * tools/gpg-card.h (opt): Add var no_key_lookup.
- * tools/gpg-card.c (oNoKeyLookup): New const.
- (opts): New option --no-key-lookup.
- (list_one_kinfo): Add arg no_key_lookup and implement.
- (list_all_kinfo): Add arg no_key_lookup.
- (list_openpgp, list_piv, list_card): Ditto.
- (cmd_list): New option --no-key-lookup.
-
-2020-02-11 Werner Koch <wk@gnupg.org>
-
- gpg: Improve key creation direct from the card.
- + commit 9c719c9c1ff34cc06a0fef2bfe29cfd7182753eb
- * g10/call-agent.c (readkey_status_cb): New.
- (agent_scd_readkey): Add new arg r_keytime and allow NULL for
- r_result. Change all callers.
- (agent_readkey): Minor code reformatting.
- * g10/keygen.c (pCARDKEY): New.
- (struct para_data_s): Add u.bool.
- (get_parameter_bool): New.
- (do_create_from_keygrip): Add arg cardkey and make use of it.
- (ask_algo): Add args r_cardkey and r_keytime. Read the keytime of the
- selected card key and return it.
- (generate_keypair): Store CARDKEY and KEYTIME.
- (do_generate_keypair): Pass CARDKEY to do_create_from_keygrip.
- (generate_subkeypair): Ditto.
-
- scd:openpgp: Send a KEY-TIME status with READKEY.
- + commit 77ea916533c5ca918b17ce83f6cc1b1afbd31e55
- * scd/app-openpgp.c (retrieve_fprtime_from_card): New.
- (do_readkey): Send a KEY_TIME status.
-
- card: First code to actually create openpgp keys.
- + commit 6bc7318ef55017e1aca6e52899fd0b223da7cfc1
- * tools/gpg-card.c (generate_all_openpgp_card_keys): Add demo key
- generation.
- (generate_key): Allow generatiing one OpenPGP key.
-
- scd:openpgp: Optional allow for lowercase keyrefs.
- + commit 323548acd9defde0a8ea7d74c18cd4a1b339ff2e
- * scd/app-openpgp.c (do_readkey): Use case insensitive match of the
- keyref.
- (do_writekey, do_sign, do_auth, do_decipher): Ditto.
-
- scd:openpgp: Allow auto-changing of the key attributes in genkey.
- + commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b
- * scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
- (parse_algorithm_attribute): Store the new keyalgo field.
- (change_keyattr): Change info message.
- (change_keyattr_from_string): Rewrite to also accept a keyref and a
- keyalgo string.
- (do_genkey): Change the keyattr if a keyalgo string is given.
-
- common: Extend the openpgp_curve_to_oid function.
- + commit 24095101a5069f15a9aea7512498ac436a76814a
- * common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
- Change all callers.
-
-2020-02-10 Werner Koch <wk@gnupg.org>
-
- doc: Improve the warning section of the gpg man page.
- + commit 113a8288b85725f7726bb2952431deea745997d8
- * doc/gpg.texi: Update return valeu and warning sections.
-
-2020-02-10 Werner Koch <wk@gnupg.org>
- Tomáš Mráz
-
- build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
- + commit 6aff8a132815a84bab69401c1e7de96ec549fbf2
- * common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
- here but now without the Norcroft-C. Change all other places where it
- gets defined.
- * common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
- extern.
- * common/iobuf.c (iobuf_debug_mode): Define it here.
- * agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
- all main modules of all other programs.
-
- * g10/main.h: Put util.h before the local header files.
-
-2020-02-10 Werner Koch <wk@gnupg.org>
-
- gpg: Make really sure that --verify-files always returns an error.
- + commit 5681b8eaa44005afdd30211b47e5fb1a799583dd
- * g10/verify.c (verify_files): Track the first error code.
-
- card: Remove command "key-attr" and hack on "generate".
- + commit 438b7881ba0bf4e5fd8e5d5212601e5691f2aafe
- * tools/gpg-card.h (struct key_attr): Remove.
- (struct key_info_s): Remove key_attr. Add keyalgo and keyalgo_id.
- * tools/card-call-scd.c (learn_status_cb): Rework the key-attr info.
- * tools/gpg-card.c (list_one_kinfo): Always show the algorithm; if
- there is no key show the key attributes instead.
- (list_openpgp): Do not print the "Key attributes".
- (generate_key): Factor the repalce key pormpt out to ...
- (ask_replace_keys): new.
- (generate_openpgp): Rename to generate_all_openpgp_card_keys and add
- an algo parameter.
- (generate_generic): Rename to generate_key. Prepare generation of a
- single OpenPGP key.
- (cmd_generate): Revamp.
- (ask_card_rsa_keysize): Remove.
- (ask_card_keyattr): Remove.
- (do_change_keyattr): Remove.
- (cmd_keyattr): Remove.
- (enum cmdids): Remove cmdKEYATTR.
- (cmds): Ditto.
- (dispatch_command): Ditto.
- (interactive_loop): Ditto.
-
- scd:openpgp: Let the genkey function also accept a full keyref.
- + commit fb6ff7ead7dff33541b595f3e8d5342f9c7a6d6c
- * scd/app-openpgp.c (send_key_attr): Use log_assert.
- (do_genkey): Allow prefix.
-
- common: Extend the new get_keyalgo_string function.
- + commit 332a72f7340895e7db1e9c5f89046f722bb7465b
- * common/openpgp-oid.c (openpgp_oid_or_name_to_curve): New.
- (get_keyalgo_string): Use it.
-
-2020-02-09 Werner Koch <wk@gnupg.org>
-
- common: Remove duplicated call to a function.
- + commit d1c518cdc9330c2dd4034efc544de0dd6ec73ea1
- * common/openpgp-oid.c (openpgp_oid_to_str): Remove duplicated call.
-
- common: New function get_keyalgo_string.
- + commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab
- * common/openpgp-oid.c (struct keyalgo_string_s): New.
- (keyalgo_strings): New.
- (keyalgo_strings_size, keyalgo_strings_used): New.
- (get_keyalgo_string): New.
-
- common: Add OpenPGP<->Gcrypt pubkey id mapping functions.
- + commit 49c891a9bfac24a1d95e76d33d44a49426247777
- * g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
- * common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
- Change all 4 callers.
- (map_openpgp_pk_to_gcry): New.
-
- card: Support brainpool curves in the generate command.
- + commit 9df9996b415ee671a0f22b6936745f829884eda2
- * tools/gpg-card.c (cmd_generate): Add brainpool curves and dummy name
- "help".
-
-2020-02-03 Werner Koch <wk@gnupg.org>
-
- sm: New option --issuer-der for the listkey commands.
- + commit 2e5ab34496fe7e1b9bd2194ab59a58cf44ca9d1e
- * sm/server.c (do_listkeys): Implement new option.
-
-2020-01-21 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix building w/o LDAP support.
- + commit d8973975e7636ec0f007575a0bede92147d835f8
- * dirmngr/Makefile.am: Conditionally build dirmngr_ldap.
-
- gpg: Fix printing of keyring name (regression in master)
- + commit bf931299e846fa47bcabe3716ec82af7c3290ce5
- * g10/keydb.c (keydb_get_resource_name):
-
-2020-01-20 Werner Koch <wk@gnupg.org>
-
- tools: Let watchgnupg determine the socket name via gpgconf.
- + commit e0d9181ad11aaf7e68231db4b3708978a9a52fd6
- * tools/watchgnupg.c: Include sys/wait.h.
- (GNUPG_DEF_COPYRIGHT_LINE): Add a default value for standalone
- building.
- (get_logname): New.
- (main): Use a default socket name and add option --homedir.
-
-2020-01-17 Werner Koch <wk@gnupg.org>
-
- gpgconf,w32: Print a warning for a suspicious homedir.
- + commit 7f12fb55f9757cd68147eca8f162c85378538405
- * tools/gpgconf.c (list_dirs): Check whether the homedir has been
- taken from the registry.
-
-2020-01-17 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Prefer card key on use in multiple subkeys situation.
- + commit 8748c50bfaa8df2b1e59c301d15fd6b9ddbd9c47
- * g10/call-agent.c (keyinfo_status_cb): Parse more fields.
- (agent_probe_secret_key): Use KEYINFO and returns bigger value
- representing the preference.
- * g10/getkey.c (finish_lookup): For subkeys, select one
- by using value of agent_probe_secret_key.
-
- gpg: Prepare enhancement of agent_probe_secret_key.
- + commit 853d5b7677ea01f65c9bc5160cd8509b62f486f7
- * g10/call-agent.c (agent_probe_secret_key): Change semantics of
- return value.
- * g10/call-agent.h (agent_probe_secret_key): Change comment.
- * g10/delkey.c (do_delete_key): Follow the change.
- * g10/getkey.c (get_seckey, parse_def_secret_key): Likewise.
- (finish_lookup, have_secret_key_with_kid): Likewise.
- * g10/gpgv.c (agent_probe_secret_key): Likewise.
- * g10/keyedit.c (keyedit_menu, quick_find_keyblock): Likewise.
- (show_key_with_all_names_colon): Likewise.
- * g10/revoke.c (gen_desig_revoke, gen_revoke): Likewise
- * g10/test-stubs.c (agent_probe_secret_key): Likewise.
-
-2020-01-16 Werner Koch <wk@gnupg.org>
-
- card: Allow switching of cards and applications.
- + commit bd85f9232ad639d4acba443272147c4fc01b1b65
- * tools/card-call-scd.c (struct card_cardlist_parm_s): Add field
- with_apps.
- (card_cardlist_cb): Handle the new with_apps flag.
- (scd_switchcard): New.
- (scd_switchapp): New.
- (scd_applist): New.
- (scd_serialno): Pass --all also in --demand mode.
-
- * tools/gpg-card.c (cmd_list): Simplify switching of cards. Add
- switching of alls. Print a list of apps per card.
-
- scd: New commands SWITCHCARD and SWITCHAPP.
- + commit 718555874efcbad502112449c7d15025cb193628
- * scd/app.c: Include membuf.h.
- (app_switch_current_card): New.
- (send_card_and_app_list): Factor code out to ...
- (send_serialno_and_app_status): new.
- (app_send_card_list): New.
- (app_send_active_apps): New.
- (app_switch_active_app): New.
- * scd/command.c (cmd_switchcard): New.
- (cmd_switchapp): New.
- (register_commands): Register new commands.
- (cmd_getinfo): New sub-commands "active_apps" and "all_active_apps".
-
- scd:piv: Remove debug code from a recent commit.
- + commit dd61164410ee185750d1aa55ee0e33dcab8f4542
- * scd/app-piv.c (ask_and_prepare_chv): here.
-
- gpg: Print better debug info in case of broken sig subpackets.
- + commit 3ccad75d76b9c17b9495c48df8dd4be46d3b3105
- * g10/parse-packet.c (enum_sig_subpkt): Print a hexdump.
-
-2020-01-16 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Use "SCD KEYINFO" to get available card keys.
- + commit 8edd4b8b8cdcbdcf1986214d6d17cadb604ddf54
- * g10/skclist.c (enum_secret_keys): Don't use agent_scd_cardlist and
- agent_scd_serialno, but agent_scd_keyinfo.
-
- gpg: Add agent_scd_keyinfo to retrieve available card keys.
- + commit 8240a70c31a8e1617de64c42168cf3299b85b39e
- * g10/call-agent.c (card_keyinfo_cb, agent_scd_free_keyinfo)
- (agent_scd_keyinfo): New.
- * g10/call-agent.h: Define new functions.
-
- gpg: default-key: Simply don't limit by capability.
- + commit 1aa2a0a46dc19e108b79dc129a3b0c5576d14671
- * g10/getkey.c (parse_def_secret_key): Remove the check.
-
-2020-01-15 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Cert only key should be usable with --default-key.
- + commit 9287f9e87b215e79fdb7fb9dfdf2b47666e6ea2f
- * g10/getkey.c (parse_def_secret_key): Allow cert-only key.
-
-2020-01-13 Werner Koch <wk@gnupg.org>
-
- scd: Make the PIN cache robust against wrongdoing of gpg-agent.
- + commit 2dd6b4b998dd6e156e2e75ede0f40fb768c69f40
- * scd/app-openpgp.c (struct app_local_s): New field pincache.
- (cache_pin): Set it.
- (pin_from_cache): Consult it.
- * scd/app-piv.c (struct app_local_s): New field pincache.
- (cache_pin): Set it.
- (pin_from_cache): Consult it.
-
- scd:piv: Implement PIN cache.
- + commit 60502c3606ee425d07c84b175ab310368c12b0ad
- * scd/command.c (pincache_put): Add arg pinlen and change all callers
- to provide it.
- * scd/app-piv.c (cache_pin): New.
- (pin_from_cache): New.
- (ask_and_prepare_chv): Add args no_cache and r_unpaddedpinlen. Take
- PIN from the cache. Return the unpadded length.
- (verify_chv): Add arg ctrl. Cache the PIN.
- (do_change_chv): Clear PIN cache.
-
- agent: Avoid multiple calls to scd for KEYINFO.
- + commit 2e86cca7f4181310bebfd795c059369ba03a8d8b
- * agent/command.c (struct server_local_s): Add last_card_keyinfo.
- (eventcounter): Add maybe_key_change.
- (cmd_genkey, cmd_scd, cmd_import_key, cmd_delete_key): Bump new
- counter.
- (cmd_keyinfo): Cache the keyinfo from the card.
- (start_command_handler): Release the cache.
-
- agent: Replace free by xfree in recently added code.
- + commit aaef0fc3a743d06012c4a7fd8caa80d969863cc9
- * agent/call-scd.c (agent_card_free_keyinfo): Use xfree.
-
- gpg,sm: Avoid useless ASFW diagnostic in loopback mode.
- + commit 14aa797bb8f3f7d3f4ef66b8fcdac7439000b49a
- * common/sysutils.c (inhibit_set_foregound_window): New var.
- (gnupg_inhibit_set_foregound_window): New func.
- (gnupg_allow_set_foregound_window): Use var.
- * g10/gpg.c (main): Inhibit in loopback mode.
- * sm/gpgsm.c (main): Ditto.
-
- scd: Fix memory leak in command READKEY.
- + commit 2b843be5ac9f37c9faf2d9ab720eafceb3d534ad
- * scd/command.c (cmd_readcert): Replace xstrdup by xtrystrdup.
- (cmd_readkey): Ditto. Fix memory leak.
-
- scd: Make SERIALNO --all work correctly and use it.
- + commit 0e48aa084921c77944d4802c86ac33c607c519af
- * scd/app.c (maybe_switch_app): Factor reselect code out to ...
- (run_reselect): new.
- (app_write_learn_status): Tweak diagnostics.
- (app_do_with_keygrip): Run reselect if a card has more than one
- switchable application.
-
- * agent/call-scd.c (agent_card_serialno): Ditto.
- * tools/card-call-scd.c (start_agent): Use option --all with SERIALNO.
- (scd_serialno): Ditto.
-
-2020-01-13 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: handle SSH operation by KEYGRIP.
- + commit 15028627a1655b7ad1835fbd0a32cf30debe807a
- * agent/command-ssh.c (card_key_available): Supply KEYINFO argument.
- Call agent_card_readkey by KEYGRIP of KEYINFO.
- Don't use $AUTHKEYID, but IDSTR of KEYINFO.
- (ssh_handler_request_identities): Follow the change of
- card_key_available.
-
- agent: Extend agent_card_getattr with KEYGRIP.
- + commit c31266716dd69fee7bd64cf1e33d7631cd328e72
- * agent/agent.h (struct card_key_info_s): KEYGRIP null terminated.
- (agent_card_getattr): Add KEYGRIP argument.
- * agent/call-scd.c (agent_card_getattr): Handle KEYGRIP argument.
- (card_keyinfo_cb): Make KEYGRIP null terminated.
- * agent/command.c (cmd_readkey): Follow the change.
-
-2020-01-10 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Implement direct access by KEYGRIP for GETATTR and READKEY.
- + commit 0cfded4bb1484366c785c268f2fb1061c7be5fdb
- * scd/app-openpgp.c (do_readkey): Handle KEYGRIP access.
- * scd/command.c (do_readkey): New.
- (cmd_readkey): Use do_readkey supporting KEYGRIP access.
- (cmd_getattr): Supporting KEYGRIP access.
-
-2020-01-09 Werner Koch <wk@gnupg.org>
-
- scd:openpgp: Implement PIN cache.
- + commit 63bda3aad8ec4163b0241f64e8b587d665d650c3
- * scd/app-openpgp.c (wipe_and_free, wipe_and_free_string): Use them
- everywere where we do a wipememory followed by a free.
- (pin2hash_if_kdf): Change interface. The input PIN is not anymore
- changed. Further there are no more assumptions about the length of
- the provided buffer.
- (cache_pin): Restructure.
- (chvno_to_keyref): New.
- (pin_from_cache): New.
- (verify_a_chv): Add arg CTRL. Adjust for changed pin2hash_if_kdf.
- Chache and retrieve the PIN here.
- (verify_chv2): Do not cache the PIN here.
- (build_enter_admin_pin_prompt): Add arg 'r_remaining'.
- (verify_chv3): Adjust for changed pin2hash_if_kdf. Implement the PIN
- cache.
- (do_change_pin): Clear the PIN cache. Do not change the PIN here.
- Lots of adjustments to cope with the chnaged pin2hash_if_kdf.
- (do_sign): Do not cache the PIN here.
-
- scd: Use a scdaemon internal key to protect the PIN cache IPC.
- + commit ce5a7fb72b599de592a087867768ac1f81fd2989
- * agent/call-scd.c (handle_pincache_put): Do not decrypt.
- (handle_pincache_get): New.
- (inq_needpin): Call it.
- * scd/command.c (set_key_for_pincache): New.
- (pincache_put): Restructure and set key.
- (pincache_get): Ditto.
-
-2020-01-09 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: SSH: SCD KEYINFO to list available keys.
- + commit 57b8ed61ab93dd5aa73159f6db8adeb83d54b85f
- * agent/agent.h (agent_card_cardlist): Remove.
- (agent_card_keyinfo): Add CAP argument.
- * agent/call-scd.c (card_cardlist_cb): Remove.
- (agent_card_cardlist): Remove.
- (agent_card_keyinfo): Support CAP constraint.
- * agent/command-ssh.c (card_key_list): Remove.
- (ssh_handler_request_identities): Use SCD KEYINFO command.
- * agent/command.c (cmd_keyinfo): Follow the API change.
- * agent/divert-scd.c (ask_for_card): Likewise.
-
-2020-01-07 Werner Koch <wk@gnupg.org>
-
- scd: First changes to implement a PIN cache.
- + commit fbf97a7856bd2f80a1714f63417c59d6c604d333
- * scd/command.c (pincache_put): New. Uses a dummy key for now.
- (pincache_get): New.
- * scd/app.c (select_application): Flush the PIN cache.
- (scd_update_reader_status_file): Ditto.
- (maybe_switch_app): Call the new prep_reselect function.
- (app_write_learn_status): Ditto.
- * scd/app-openpgp.c (cache_pin): New helper to cache a PIN.
- (verify_chv2): Call it.
- (verify_chv3): Call it.
- (clear_chv_status): Call it.
- (do_change_pin): Call it.
-
- * scd/app-common.h (struct app_ctx_s): Add function 'prep_select'.
- * scd/app-openpgp.c (do_prep_reselect): New stub function.
- (app_select_openpgp): Set new stub function.
- * scd/app-piv.c (do_prep_reselect): New stub function.
- (app_select_piv): Set new stub function.
-
- * scd/app-common.h (struct app_ctx_s): Add parameter ctrl to setattr,
- sign, auth, decipher, and check_pin. Change all implementations and
- callers to pass such a parameter.
-
- agent: First changes to support a PIN cache for scdaemon.
- + commit d5c00354bb02ae6cb2e3a72136a1a95cb2db7f3f
- * agent/agent.h (CACHE_MODE_PIN): New.
- * agent/cache.c (housekeeping): Special handling of new new mode.
- (agent_flush_cache): Ditto. Add arg 'pincache_only' and change
- caller.
- (agent_put_cache): Support new mode.
- (agent_get_cache): Ditto.
- * agent/call-scd.c (wait_child_thread): Flush the entire PIN cache.
- (start_scd): Ditto.
- (agent_card_killscd): Ditto.
- (handle_pincache_put): New. Uses a dummy encryption key for now.
- (pincache_put_cb): New.
- (inq_needpin): Prepare for PINCACHE_GET inquiry.
- (learn_status_cb): Handle the PINENTRY_PUT status line.
- (get_serialno_cb): Ditto
- (agent_card_pksign): Ditto.
- (padding_info_cb): Ditto.
- (agent_card_readcert): Ditto.
- (agent_card_readkey): Ditto.
- (agent_card_writekey): Ditto.
- (card_getattr_cb): Ditto.
- (card_cardlist_cb): Ditto.
- (card_keyinfo_cb): Ditto.
- (pass_status_thru): Ditto.
-
- kbx: Make sure the tables are joined in a select.
- + commit 41a882443622fe08ebaa75bf358e83630bbb8631
- * kbx/backend-sqlite.c (run_select_statement): Join the tables.
-
-2020-01-03 Werner Koch <wk@gnupg.org>
-
- scd: Minor fix for readibility.
- + commit c0625c15c1fb6d06202669eb8caff2710377952d
- * scd/command.c (open_card_with_request): Use NULL instead of
- APPTYPE_NULL.
-
-2020-01-02 Werner Koch <wk@gnupg.org>
-
- kbx: Initial support for an SQLite backend.
- + commit f4da1455c7ab858ea9007d0813774c6d04cd4576
- * kbx/backend-sqlite.c: New.
- * kbx/Makefile.am (keyboxd_SOURCES): Add it.
- (keyboxd_CFLAGS, keyboxd_LDADD): Add SQLite flags.
- * kbx/backend.h (enum database_types): Add DB_TYPE_SQLITE.
- (be_sqlite_local_t): New typedef.
- (struct db_request_part_s): Add field besqlite.
- * kbx/backend-support.c (strdbtype): Add string for DB_TYPE_SQLITE.
- (be_generic_release_backend): Support SQLite.
- (be_release_request): Ditto.
- (be_find_request_part): Ditto.
- (is_x509_blob): Rename to ...
- (be_is_x509_blob): this and make global.
- * kbx/frontend.c (kbxd_set_database): Detect ".db" suffix and use that
- for SQLite.
- (kbxd_search): Support SQLite
- (kbxd_store): Ditto.
- (kbxd_delete): Ditto.
- * kbx/frontend.h (kbxd_store_modes): Move to ...
- * kbx/keyboxd.h (enum kbxd_store_modes): here.
- * kbx/keyboxd.c (main): USe pubring.db for now. This is a temporary
- hack.
-
- * kbx/backend-kbx.c (be_kbx_delete): Remove unused var cert.
-
-2019-12-23 Werner Koch <wk@gnupg.org>
-
- gpg: Fix output of --with-secret if a pattern is given.
- + commit 59d49e4a0ac2ed27803507cb7d2c6af166527bd5
- * g10/keylist.c (list_one): Probe for a secret key in --with-secret
- mode.
-
- kbx: Change keyboxd to work only with one database.
- + commit 8a556c23a29776b2b5aa1d563e779b6ae0139dff
- * kbx/frontend.c (the_database): New var.
- (db_desc_t): Remove.
- (kbxd_add_resource): Renamed to ...
- (kbxd_set_database): this. Simplify.
- (kbxd_search): Change to use only one database.
- (kbxd_store): Ditto.
- (kbxd_delete): Ditto.
-
-2019-12-19 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Enhance KEYINFO command to limit listing with capability.
- + commit b2a2df174b216881387ae849770d875cd74984c2
- * scd/app-common.h: Add CAPABILITY argument to the WITH_KEYGRIP.
- (app_do_with_keygrip): Likewise.
- * scd/app-openpgp.c (send_keyinfo_if_available): New.
- (do_with_keygrip): Support listing with CAPABILITY.
- * scd/app-piv.c (do_with_keygrip): Likewise.
- * scd/app.c (maybe_switch_app): Supply the argument.
- (app_do_with_keygrip): Add CAPABILITY argument.
- * scd/command.c (cmd_pksign, cmd_pkauth): Supply the argument.
- (cmd_pkdecrypt): Likewise.
- (cmd_keyinfo): Support listing with CAPABILITY.
-
-2019-12-06 Werner Koch <wk@gnupg.org>
-
- sm: Add special case for expired intermediate certificates.
- + commit d246f317c04862cacfefc899c98da182ee2805a5
- * sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
- * sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
- Also simplify by using ref-ed cert objects in place of an anyfound
- var.
-
- dirmngr: Tell gpg about WKD looks resulting from a cache.
- + commit 8a6ecc6ff52b9ec045e200cc200977707278f89c
- * dirmngr/server.c (proc_wkd_get): Print new NOTE status
- "wkd_cached_result".
- * g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
- verbose mode.
-
-2019-12-04 Werner Koch <wk@gnupg.org>
-
- gpg: Use AKL for angle bracketed mail address with -r.
- + commit 1abb39fdaf44c2477719fbea43ef8042d8b9033e
- * g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
- (get_best_pubkey_byname): Ditto.
-
-2019-11-28 Werner Koch <wk@gnupg.org>
-
- gpg: Change the way v5 fingerprints are printed.
- + commit d2ff62dbdf891319e6db5850c6077c85e5eb784e
- * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
- * g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
-
- gpg: Implement insert, update, and delete via keyboxd.
- + commit 7244666926929f3b2475d8cab50db3ff620cdbe3
- * g10/call-keyboxd.c (struct store_parm_s): New.
- (store_inq_cb): New.
- (keydb_update_keyblock): Implement the keyboxd part.
- (keydb_insert_keyblock): Ditto.
- (keydb_delete_keyblock): Ditto.
- (keydb_search_reset): Clear ubid flag. Also use the correct union
- member for building the search string.
-
- kbx: Add new command DELETE.
- + commit 490e0cd0bab8d8d06ffdc5b8977964d5a76a8df0
- * kbx/kbxserver.c (cmd_delete): New.
- * kbx/frontend.c (kbxd_delete): New.
- * kbx/backend-kbx.c (be_kbx_delete): New.
-
- kbx: Redefine the UBID which is now the primary fingerprint.
- + commit 915297705af6f1db74dacf0d6665b83eb0a58459
- * common/util.h (UBID_LEN): New. Use it at all places.
- * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
- * kbx/keybox-dump.c (print_ubib): Remove.
- (_keybox_dump_blob): Do not print the now removed ubid flag.
- * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
- for the size of the ubid and grip.
- * kbx/keybox-search.c (blob_cmp_ubid): New.
- (has_ubid): Make it a simple wrapper around blob_cmp_ubid.
- (keybox_get_data): Add arg 'r_ubid'.
-
- * kbx/frontend.h (enum kbxd_store_modes): New.
- * kbx/kbxserver.c (cmd_store): Add new option --insert.
-
- * kbx/backend-cache.c (be_cache_initialize): New.
- (be_cache_add_resource): Call it here.
- * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
- (be_kbx_search): Get the UBID from keybox_get_data.
- * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
- (be_ubid_from_blob): new. Change all callers.
-
- * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
- use the new cache init function.
- (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the
- ubid. Take care of the mode.
-
-2019-11-27 Werner Koch <wk@gnupg.org>
-
- dirmngr: Replace no-strict-overflow pragma by wrapv pragma.
- + commit f59455d054a79068ebf480cd28f02993c1facf3b
- * dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
- Replace protecting macro.
-
- gpg: Move a keydb function to another file.
- + commit 61f41cdce5b60b9df05d6531ab1b7aab84ada659
- * g10/keydb.c (build_keyblock_image): Move to ...
- * g10/build-packet.c (build_keyblock_image): here.
-
-2019-11-26 Werner Koch <wk@gnupg.org>
-
- dirmngr: Rework of the LDAP code, part 1.
- + commit 264c15c72fe050f5e8d2f1cb2444a459df6fe99f
- * dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
- * dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a
- missing slashes in an http scheme if NO_SCHEME_CHECK is active.
- * dirmngr/t-http.c (main): Print new flag.
- * dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
- checking the scheme.
- * dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
- http_parse_uri.
- * dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
-
- dirmngr: Make building with a TLS library mandatory.
- + commit 1009e4e5f71347a1fe194e59a9d88c8034a67016
- * configure.ac: Do not build dirmngr if no TLS is available.
- * dirmngr/http.c: Remove all uses of the USE_TLS macro.
-
- doc: Fixed variable naming.
- + commit 8fb14d3b3f9c5c27ff8b9f0e7e7207ec388687ff
- * kbx/keybox.h: Fix naming of arguments.
- * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
- that this is anyway an impossible case.
-
-2019-11-25 Werner Koch <wk@gnupg.org>
-
- agent: Improve --debug-pinentry diagnostics.
- + commit c8783b3a204b371d44b8953429652101cf2e4d1b
- * agent/call-pinentry.c (atfork_cb): Factor code out to ...
- (atfork_core): new.
-
-2019-11-23 Werner Koch <wk@gnupg.org>
-
- wkd: Let --install-key write a template policy file.
- + commit 50cd1a58f3a612704a0056386e1d5cd7cb28d57d
- * tools/wks-util.c (ensure_policy_file): New.
- (wks_cmd_install_key): Call it.
-
-2019-11-19 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Apply removal of dirmngr/ldap-wrapper-ce.c.
- + commit 116dfb20013b73b950bbcee1d1f6c2a5d1d7ffdd
- * po/POTFILES.in: Update.
-
-2019-11-18 Werner Koch <wk@gnupg.org>
-
- dirmngr,gpg: Better diagnostic in case of bad TLS certificates.
- + commit d9c7935188483dae381c12e7eef19072bbade4b3
- * doc/DETAILS: Specify new status code "NOTE".
- * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
- bad TLS certificate.
- * g10/call-dirmngr.c (ks_status_cb): Detect this status.
-
- dirmngr: Forward http redirect warnings to gpg.
- + commit ae9acb8745c1654b446b3cd5b9322b235723d9cb
- * dirmngr/http.c: Include dirmngr-status.h
- (http_prepare_redirect): Emit WARNING status lines for redirection
- problems.
- * dirmngr/http.h: Include fwddecl.h.
- (struct http_redir_info_s): Add field ctrl.
- * dirmngr/ks-engine-hkp.c (send_request): Set it.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
- * g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
-
-2019-11-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd,ccid: Fix detection of supported readers with pinpad.
- + commit 1cb9a831f6eedfa4c8950b8a7706ea77b74693f7
- * scd/ccid-driver.c (ccid_transceive_secure): When not supported,
- return CCID_DRIVER_ERR_NOT_SUPPORTED.
-
-2019-11-12 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use IPv4 or IPv6 interface only if available.
- + commit 12def3a84e0358528347107dc88cfe740a54941f
- * dirmngr/dns-stuff.c (cached_inet_support): New variable.
- (dns_stuff_housekeeping): New.
- (check_inet_support): New.
- * dirmngr/http.c (connect_server): Use only detected interfaces.
- * dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
-
-2019-11-12 Andre Heinecke <aheinecke@gnupg.org>
-
- dirmngr: Tune down err on missing ldapservers file.
- + commit 40daa0bc0bc87a521713d7dd1568f3874759a143
- * dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
- in case no such file exists.
-
-2019-11-11 Werner Koch <wk@gnupg.org>
-
- dirmngr: Remove cruft from dirmngr_ldap.
- + commit 4c295646ba0e175743e6be13457308c1e6d21dd3
- * configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
- * dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
- * dirmngr/ldap-wrapper-ce.c: Remove.
- * dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
- to debug output.
- * dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
- my_ldap macros.
- (fetch_ldap) [W32]: Use ldap_sslinit.
-
- gpg: Forbid the creation of SHA-1 third-party key signatures.
- + commit dd18be979e138dd3712315ee390463e8ee1fe8c1
- * g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
- (do_sign): Add arg signhints and inhibit SHA-1 signatures. Change
- callers to pass 0.
- (complete_sig): Add arg signhints and pass on.
- (make_keysig_packet, update_keysig_packet): Set signhints.
-
- dirmngr: Rename an enum value for clarity.
- + commit eebd43d5b688e99131fcbf8f8292a485b91402a2
- * dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
-
-2019-11-09 Werner Koch <wk@gnupg.org>
-
- gpgsm: Allow sepcification of ldaps servers.
- + commit 6e1c99bc397382f1ea2ba9d61a64328410adc95f
- * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
- * sm/gpgsm.c (parse_keyserver_line): Parse flags.
- * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
-
- * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
- * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
- * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
-
- * dirmngr/dirmngr_ldap.c: New option --tls.
- (fetch_ldap): Make use of that option.
-
-2019-11-07 Werner Koch <wk@gnupg.org>
-
- gpg: Fix a potential loss of key sigs during import with self-sigs-only.
- + commit 6701a38f8e4a35ba715ad37743b8505bfd089541
- * g10/import.c (import_one_real): Don't do the final clean in the
- merge case.
-
- gpg: Add option --allow-weak-key-signatures.
- + commit e624c41dbafd33af82c1153188d14de72fcc7cd8
- * g10/gpg.c (oAllowWeakKeySignatures): New.
- (opts): Add --allow-weak-key-signatures.
- (main): Set it.
- * g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
- * g10/misc.c (print_sha1_keysig_rejected_note): New.
- * g10/sig-check.c (check_signature_over_key_or_uid): Print note and
- act on new option.
-
- gpg: Print rfc4880bis note only in verbose mode.
- + commit f4047f56058cf9be2aa362fc439846ce930da8c7
- * g10/gpg.c (main): Change condition for an info diagnostic.
-
-2019-11-06 Werner Koch <wk@gnupg.org>
-
- gpg: Remove an unused variable.
- + commit fd88b8847a371a2927f52afceeeb457b64cce162
- * g10/delkey.c (do_delete_key): here.
-
- gpg: Do not require --batch when using --log-file.
- + commit 584b65ad7e937710a4fc6db42d6849bb3449d6ef
- * g10/gpg.c (main): Remove a long standing FIXME.
-
-2019-10-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd,ccid: Fix GEMPC_EZIO handling.
- + commit c6702d77d936b3e9d91b34d8fdee9599ab94ee1b
- * scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.
-
-2019-10-17 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: More fix of get_best_pubkey_byname.
- + commit e2c2b0fb2d9b31fa1b61803d04919645a9149996
- * g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
- setting of CTX.
-
- gpg: Fix two other cases in get_best_pubkey_byname.
- + commit 286d4c607574e91f590512a1385bb3320cf8da77
- * g10/getkey.c (pubkey_cmp): Handle a primary key with
- PUBKEY_USAGE_ENC, and make sure new key is for encryption.
- (get_best_pubkey_byname): Add comment for ranking.
-
- doc: Fix documentation about --locate-keys.
- + commit 627a990f8e306d4f34bc503b303dc8b13616029e
- * doc/gpg.texi (--locate-keys): Remove mentioning signing keys.
-
-2019-10-16 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix get_best_pubkey_byname to consider the first match.
- + commit f2734381ae1431e395a0bed16df2f4d5d13aa2c5
- * g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
- by get_pubkey_byname. Add initial call to pubkey_cmp to fill
- BEST at first before the loop.
-
-2019-10-15 Werner Koch <wk@gnupg.org>
-
- gpg: Also delete key-binding signature when deleting a subkey.
- + commit d1bc12d1b66e0657969a8eb846bdcd9bee717a7c
- * g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
-
-2019-10-15 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Put the first key in candidates correctly.
- + commit 44604209c1cfe18532d13eda63d8c1f86a6e12ec
- * g10/getkey.c (get_best_pubkey_byname): After the call of
- get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
- the loop.
-
- scd,ccid: Add 08e6:34c2 (GEMPC_EZIO).
- + commit c933c15d587a1c0df3f4b3bf37d8d15164dd318f
- * scd/ccid-driver.c (ccid_transceive_secure): Add pinpad support
- for 08e6:34c2 which supports extended APDU exchange.
-
-2019-10-09 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: The first key should be in candidates.
- + commit 7535f1d47a35e30f736f0e842844555f7a4a9841
- * g10/getkey.c (get_best_pubkey_byname): Handle the first key
- as the initial candidate for the selection.
-
-2019-10-07 Werner Koch <wk@gnupg.org>
-
- kbx: Implement update for the STORE command.
- + commit f4bdf8e590877e9bfddfd19a4e4167f6531c9fb1
- * kbx/backend-kbx.c (be_kbx_update): New.
- * kbx/frontend.c (kbxd_store): Call it.
-
-2019-10-07 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix a memory leak in get_best_pubkey_byname.
- + commit e28572116fe4c586ba9d1e8f27389bf3f06e036b
- * g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
-
-2019-10-03 Werner Koch <wk@gnupg.org>
-
- gpg: Ignore all SHA-1 signatures in 3rd party key signatures.
- + commit 7d9aad63c4f1aefe97da61baf5acd96c12c0278e
- * g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
- and remove debug output.
-
- gpg: Be prepared for chosen-prefix SHA-1 collisions in key signatures.
- + commit c4f2d9e3e1d77d2f1f168764fcdfed32f7d1dfc4
- * g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
- SHA-1 based signatures.
-
-2019-10-01 Werner Koch <wk@gnupg.org>
-
- gpg: Read the UBID from the keybox and detect wrong blob type.
- + commit 63dbc817e7dcc6edc757281f09e1ca80500ab2d1
- * g10/keydb-private.h (struct keydb_handle_s): Add fields for UBID.
- * g10/call-keyboxd.c (search_status_cb): New.
- (keydb_search): Set new UBID fields.
-
- kbx: Add first version of STORE command to keyboxd.
- + commit c7293a4d125c4675c86ecdee0f2f3186fc4bdaf7
- * kbx/Makefile.am (keyboxd_CFLAGS): -DKEYBOX_WITH_X509.
- (keyboxd_LDADD): Add libksba.
- * kbx/kbxserver.c (cmd_store): New.
- * kbx/frontend.c (kbxd_store): New.
- * kbx/backend-support.c (is_x509_blob): New.
- (be_fingerprint_from_blob): New.
- * kbx/backend-kbx.c (be_kbx_seek): Add args FPR and FPRLEN.
- (be_kbx_insert): New.
-
- common: New function hex2fixedbuf.
- + commit 61765136cf92be2884603bc3fac020a1c6ed91f4
- * common/convert.c (hex2fixedbuf): New.
-
-2019-09-30 Werner Koch <wk@gnupg.org>
-
- gpg: Fix --recv-key in case of a given fingerprint.
- + commit a605dbb430b1f73ef974ad54f74679dfc0eefb18
- * g10/keyserver.c (keyserver_retrieval_screener): Compare against
- actual length.
-
- gpg: Fix expand GPG groups when resolving a key.
- + commit ec81c437e71b4c630a799ed29447cc5e3db162cd
- * g10/expand-group.c (expand_group): Add arg prepend_input.
- * g10/pkclist.c (build_pk_list): Adjust for it.
- * g10/getkey.c (key_byname): Keep the expanded names in the CTX and
- don't premature free them.
- (get_pubkey_byname): Append the namelist to the extra_list.
-
-2019-09-27 Werner Koch <wk@gnupg.org>
-
- gpg: Fix a recently introduced printf format buglet.
- + commit b966a7c142ab6341f4149d55e2609dbb9914acec
- * g10/parse-packet.c (dump_sig_subpkt): Fix format error.
-
- kbx: Fix error code return in keyboxd.
- + commit 8e574130482167dc7d2e2888cc80ad6584345e3d
- * kbx/frontend.c (kbxd_add_resource): Print a diagnostic on error.
- * kbx/backend-kbx.c (be_kbx_add_resource): Acttually returh the error
- code.
-
- kbx: Store the UBIB in the blob.
- + commit 0af1c6447dc0f981ab7306e3bef520f37aded167
- * kbx/keybox-blob.c (create_blob_header): New blob flag UBIB.
- (create_blob_finish): Write the UBIB.
- * kbx/keybox-dump.c (print_ubib): New.
- (_keybox_dump_blob): Print UBIB flag.
- * kbx/keybox-search.c (has_ubid): Compare the stored UBIB if
- available.
-
- kbx,gpg: Allow lookup using a UBID.
- + commit 4be79b5abeae82b9840e6aa93874f743e13c6df7
- * common/userids.c (classify_user_id): Detect UBIDs.
- * kbx/backend-cache.c (blob_table_put): Store the public key type.
- (be_cache_search): Add search mode for UBIDs.
- * kbx/backend.h (struct db_request_part_s): Add cache.seqno_ubid.
- * g10/keydb.c (keydb_search_desc_dump): Fix printing of keygrip. Add
- ubid printing.
- * g10/call-keyboxd.c (keydb_search): Support search by UBID.
-
- kbx: First take on a cache for the keyboxd.
- + commit 280e9c9cfac31ae5ac874c928eee063cc922e27e
- * kbx/backend.h (enum database_types): Add DB_TYPE_CACHE.
- (struct db_request_part_s): Add seqno fields.
- (struct db_request_s): Add infos for the cache backend.
- * kbx/backend-support.c (struct backend_handle_s): Add 'backend_id'.
- (strdbtype): Support DB_TYPE_CACHE.
- (be_generic_release_backend): Ditto.
- (be_find_request_part): New.
- (be_return_pubkey): New arg UBID and chnage status name.
- * kbx/backend-cache.c: New.
- * kbx/backend-kbx.c (be_kbx_init_request_part): New.
- (be_kbx_search): Factor some code out to a support function.
- (be_kbx_seek): New.
- * kbx/frontend.c (kbxd_add_resource): Support DB_TYPE_CACHE.
- (kbxd_search): Support the NEXR operation with the cache.
- * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_UBID): New.
- (struct keydb_search_desc): Add field u.ubid.
- * kbx/keybox-search.c (has_ubid): New.
- (keybox_search): Support the UBID search.
-
-2019-09-20 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Build gpg-pair-tool only when there is newer libgcrypt.
- + commit bb5ed9fe1abfcbb6128325508366bc802eb576c5
- * configure.ac (HAVE_NEWER_LIBGCRYPT): New.
- * tools/Makefile.am: Conditionalize build of gpg-pair-tool.
-
-2019-09-19 NIIBE Yutaka <gniibe@fsij.org>
-
- tools: Fix gpg-pair-tool to follow new API.
- + commit 7c81e5cb97c77244be164daf7a80e29f6b6e437b
-
-
- tools: Don't prepare G in gpg-pair-tool.
- + commit b928de70e072fce15d7bba39f370d32dd8b74095
- * tools/gpg-pair-tool.c (create_dh_keypair): Use NULL for G.
-
- tools: Use new API of libgcrypt for gpg-pair-tool.
- + commit f22a00416149448172bf8110d466d65c87962cae
- * tools/gpg-pair-tool.c (create_dh_keypair): Just use
- gcry_random_bytes for secret. Call gcry_ecc_mul_point
- with G to get the public key.
- (compute_master_secret): Use gcry_ecc_mul_point.
-
-2019-09-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd,pcsc: Use HANDLE for context and card.
- + commit 49671b76eae2c7d1edb13ed927654d0c11d879f1
- * scd/apdu.c (HANDLE): New.
-
-2019-09-12 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Remove old fallback logic from CCID to PC/SC.
- + commit 980d0234d31699e51051e0cc6002ad177b6e7136
- * scd/apdu.c (apdu_dev_list_start): Return an error on failure.
-
- scd,pcsc: Support "reader-port" option for PC/SC reader.
- + commit 6d750fe7fc4224924f13ef578010a26cdbe0a67b
- * scd/apdu.c (apdu_open_reader): Skip use of a reader if it's not the
- one specified when it is specified.
-
- scd,pcsc: Remove the restriction of no-scanning in PC/SC.
- + commit c569e49d1764d2573aec5684f9cee397bdd8ccb1
- * scd/apdu.h (app_open_reader): Remove the last argument.
- * scd/apdu.c (app_open_reader): Ditto.
- * scd/app.c (select_application): Don't supply APP_EMPTY.
-
-2019-09-11 NIIBE Yutaka <gniibe@fsij.org>
-
- scd,pcsc: Fix examining the list of readers.
- + commit 92be4e87eec984a3f3737339c311761d2650c55a
- * scd/apdu.c (apdu_dev_list_start): Traverse the string+NUL carefully.
-
- scd,pcsc: Fix for initializing PC/SC.
- + commit 441106cdf0fdd310e3b36370186849167db11345
- * scd/apdu.c (pcsc_init): Load it at first.
- (apdu_open_reader): Check for the CCID internal driver.
-
- scd,pcsc: Support multiple card readers.
- + commit e8534f899915a039610973a84042cbe25a5e7ce2
- * scd/apdu.c (close_pcsc_reader, apdu_init): Clear pcsc.rdrname.
- (pcsc_init): Load of PC/SC module moved from ...
- (open_pcsc_reader): ... here.
- (apdu_dev_list_start): Add support for PC/SC.
- (apdu_dev_list_finish): Likewise.
- (apdu_open_reader): Likewise.
-
- scd,pcsc: Use a single context.
- + commit 1080e91efd60cb41c2d6dbafaee810e5967a3161
- * scd/apdu.c (pcsc): New variable.
- (struct reader_table_s): Remove pcsc.context from member.
- (pcsc_get_status, connect_pcsc_card): Use pcsc.context.
- (close_pcsc_reader): Release pcsc.context here with reference count.
- (pcsc_init): New.
- (open_pcsc_reader): Don't call pcsc_establish_context here. Call
- close_pcsc_reader instead of pcsc_release_context.
- (apdu_open_reader): Call pcsc_init if needed.
- (apdu_init): Initialize pcsc.count and pcsc.context.
-
- scd: Clean up the structure for future fix of PC/SC.
- + commit f44aa290c1368a3119b2323664c0f356195c4206
- * scd/apdu.c (struct dev_list): Rename from ccid_table, with void*.
- (open_ccid_reader): Follow the change.
- (apdu_dev_list_start, apdu_dev_list_finish): Likewise.
- (apdu_open_reader): Likewise.
- * scd/ccid-driver.c (ccid_dev_scan): Use void *.
- (ccid_dev_scan_finish, ccid_get_BAI, ccid_open_usb_reader): Likewise.
- * scd/ccid-driver.h: Change the APIs.
-
-2019-09-10 Werner Koch <wk@gnupg.org>
-
- gpg: First rough implementation of keyboxd access for key lookup.
- + commit ce9906b008c94c2aa4ac770a981d1e1e0b8aea47
- * g10/Makefile.am: Add nPth flags.
- * g10/gpg.c: Include npth.h.
- (gpg_deinit_default_ctrl): Deinit call-keyboxd local data.
- (main): Init nPth.
- * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and
- remove the search result and the assuan context.
- * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields.
- (lock_datastream, unlock_datastream): New.
- (gpg_keyboxd_deinit_session_data): Adjust for changed data structures.
- (prepare_data_pipe): New.
- (open_context): Return kbl instead of an Assuan context. Init mutexes
- etc.
- (close_context): Merge into ...
- (keydb_release): here. Adjust for changed data structures.
- (datastream_thread): New.
- (keydb_get_keyblock): Implement datastream stuff.
- (keydb_search): Ditto.
-
- * common/asshelp.c (wait_for_sock): Add arg connect_flags.
- (start_new_service): Set FDPASSING flag for the keyboxd.
-
- kbx: Allow fd-passing for the keyboxd.
- + commit 6c327b4dd6d8041b84f856ffc2a7d82b352d273f
- * kbx/kbxserver.c: Include host2net.h
- (struct server_local_s): Add field outstream.
- (prepare_outstream): New.
- (kbxd_writen): New.
- (kbxd_write_data_line): Write to file descrptor. Disable the slow
- human reader friendly data line formatting.
- (cmd_search, cmd_next): Disable data logging.
- (kbxd_start_command_handler): Add OUTPUT command.
- * kbx/keyboxd.c (main): Enable log monitor.
-
- common: Allow a readlimit for iobuf_esopen.
- + commit 2f0fdab8aabdf408495163ef99b2d4d111f74692
- * common/iobuf.c (file_es_filter_ctx_t): Add fields use_readlimit and
- readlimit.
- (file_es_filter): Implement them.
- (iobuf_esopen): Add new arg readlimit.
- * g10/decrypt-data.c (decrypt_data): Adjust for change.
- * g10/import.c (import_keys_es_stream): Ditto.
-
-2019-09-10 Andre Heinecke <aheinecke@gnupg.org>
-
- doc: Fix distchek for generated eps file.
- + commit c69a37dcbdc8db47489fbf744f58bb61399d223f
- * doc/Makefile.am (EXTRA_DIST, BUILT_SOURCES): Add
- gnupg-module-overview.eps, gnupg-card-architecture.eps
- (DISTCLEANFILES): Remove them.
-
-2019-09-09 Werner Koch <wk@gnupg.org>
-
- gpg: New option --use-keyboxd.
- + commit aba82684fe14289cf62b4694bc398f3a274b4762
- * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
- (opts): New options --use-keyboxd and --keyboxd-program.
- (main): Implement them.
- * g10/keydb.c: Move some defs out to ...
- * g10/keydb-private.h: new file.
- * g10/keydb.c: prefix function names with "internal" and move original
- functions to ...
- * g10/call-keyboxd.c: new file. Divert to the internal fucntion if
- --use-keyboxd is used. Add a CTRL arg to most fucntions and change
- all callers.
- * g10/Makefile.am (common_source): Add new files.
- (noinst_PROGRAMS): Do bot build gpgcompose.
-
- kbx: Fix keyboxd search first.
- + commit 5e00c1773d8fd44ba95b39a48e12b0ec94ac8cbe
- * kbx/kbxserver.c (cmd_next): Switch to mode next if needed.
-
- kbx: Allow searching from start.
- + commit 1545b948e1c8e8fa4873d434fb790a88ed96091c
- * kbx/kbxserver.c (cmd_search): Detect empty pattern.
-
-2019-09-06 Stephan Mueller <smueller@chronox.de>
-
- gpg: expand GPG groups when resolving a key.
- + commit e825aea2ba3529c333d7ec2c76e63998cb83d999
- * g10/expand-group.c: New
- * g10/pkclist.c: Extract expand_group and expand_id into expand-group.c.
- * g10/keydb.h: Add prototypes of expand_id and expand_group.
- * g10/getkey.c: Use expand_group before resolving key references.
- * g10/Makefile.am: Compile expand-group.c.
-
-2019-09-06 Werner Koch <wk@gnupg.org>
-
- gpg: Make --quiet work on --send-keys.
- + commit d9c4c3776b8ec3261e13693e230dd480b1127b18
- * g10/keyserver.c (keyserver_put): Act upon --quiet.
-
-2019-09-05 Werner Koch <wk@gnupg.org>
-
- gpg: Prepare parser for the new attestation certificates.
- + commit 209caaff66fbe96df144e6b1474435992e087fa4
- * common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New.
- * g10/keydb.h (IS_ATTST_SIGS): New.
- (IS_CERT): Include the new one.
- * g10/sign.c (mk_notation_policy_etc): Do not put notations into
- attestation key signatures.
- * g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo.
- Print the attestation sigs.
- (parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS.
- (can_handle_critical): Ditto.
- (enum_sig_subpkt): Pass digest algo to dump_sig_subpkt.
-
- gpg: Rework the signature subpacket iteration function.
- + commit e1d9be730ca07e10a20df5ef60d7562030f10676
- * g10/parse-packet.c (enum_sig_subpkt): Replace first arg by two args
- so that the entire signature packet is available. Change all callers.
- (parse_sig_subpkt): Ditto.
-
- scd: Implement auto-switching between Yubikey apps.
- + commit 7febb4f2476742936b829424ad23df662b37f4b4
- * scd/app.c (apptype_from_keyref): New.
- (maybe_switch_app): Add arg 'keyref' and use this also for switching.
- Change all callers to pass a keyref if needed.
-
- scd:openpgp: Avoid PIN caching issues after re-select.
- + commit 5d9eb060b764d45152edb266cd8a08f5724ad709
- * scd/app-openpgp.c (do_reselect): Clear PIN cache flags.
-
- scd:piv: Allow the keygrip as alternative to a keyref.
- + commit 947b44e835dec5967d400a9391d8746fb3f759df
- * scd/app-piv.c (find_dobj_by_keyref): Allow the keygrip as input.
-
- scd: Improve locking of app_do_with_keygrip.
- + commit c8d739a356d3dacdf63fa2d722d117401cf52caf
- * scd/app.c (app_do_with_keygrip): Lock once per card.
-
- scd: New debug flag "app".
- + commit 4e701953fec6efb10aaf34373e648b1dcafba054
- * scd/scdaemon.h (DBG_APP_VALUE, DBG_APP): New.
- * scd/scdaemon.c (debug_flags): Add "app".
- * scd/app.c (xstrapptype): New.
- (app_readcert, app_readkey, app_getattr): Add debug output.
- (app_setattr, app_sign, app_auth): Ditto.
- (app_writecert, app_writekey, app_change_pin): Ditto.
- (app_check_pin): Ditto.
-
-2019-09-05 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix ask_for_card to allow a key on multiple cards.
- + commit 9f39e0167d0642bcfb9bcabcbc7f8160b39a20ee
- * agent/divert-scd.c (ask_for_card): Don't use SERIALNO to select
- card, but use KEYGRIP.
-
-2019-09-04 Werner Koch <wk@gnupg.org>
-
- scd: New sub-command cmd_has_option for GETINFO.
- + commit fed9c93e05af4aeeb2fe9af81200fc7a745f2dec
- * scd/command.c (cmd_getinfo): Add cmd_has_option sub-command.
-
- scd: Add option --all to the SERIALNO command.
- + commit 9a0d8f2d8906d2f37c2755c4695b91c27c8acc2f
- * scd/command.c (cmd_serialno): Add option --all.
- (open_card_with_request): Implement that option.
- * scd/app.c (select_all_additional_applications_internal): New.
- (select_additional_application): Add mode to call new function.
-
- scd: Fix Error checking in additioal app selection.
- + commit fa258379424c6d48538b054b8dc7c1ab5c2d4290
- * scd/app.c (select_additional_application): Return error for unknown
- NAME.
-
- scd: Add option --multi to the LEARN command.
- + commit 5cf5a04bae03d622a42753735c60dfab3b24ade8
- * scd/app-common.h (APP_LEARN_FLAG_MULTI): New.
- * scd/command.c (cmd_learn): Add option --multi.
- * scd/app.c (app_write_learn_status): Factor some code out to ...
- (write_learn_status_core): new.
- (app_write_learn_status): Implement flag --multi.
-
- scd: Use a macro for the flag parameter of learn_status.
- + commit 2cdea776cd6db13c8f4ff45c89bd3292f216b186
- * scd/app-common.h (APP_LEARN_FLAG_KEYPAIRINFO): New flag macro..
- * scd/command.c (cmd_learn): Pass that flag instead of a plain number.
- * scd/app-nks.c (do_learn_status_core): Use new flag.
- * scd/app-p15.c (do_learn_status): Ditto.
- * scd/app-piv.c (do_learn_status): Ditto.
- * scd/app-sc-hsm.c (do_learn_status): Ditto.
- * scd/app.c (app_write_learn_status): Ditto.
-
-2019-08-23 Werner Koch <wk@gnupg.org>
-
- gpg,sm: Implement keybox compression run and release lock in gpgsm.
- + commit e64f0dfd72de548837f630bccd249a87451b89c5
- * g10/keydb.c (keydb_add_resource): Call keybox_compress.
- * sm/keydb.c (keydb_add_resource): Release the lock after a compress.
-
- kbx: Include deleted records into the --stats output.
- + commit 5ef0d7a795cf2462314ea0cb72c7efa7243ab405
- * kbx/keybox-dump.c (_keybox_dump_file): Take deleted records in
- account.
-
- kbx: Fix regression in compression trigger from July 18.
- + commit 30aaa4ba007210aa043c3d524415495a4d9fd17f
- * kbx/keybox-update.c (keybox_compress): Change condition back.
- Also use make_timestamp for CUT_TIME.
-
- gpg: Allow --locate-external-key even with --no-auto-key-locate.
- + commit d058d80ed0d5edeff6d85108054b1dfd45ddad7d
- * g10/getkey.c (akl_empty_or_only_local): New.
- * g10/gpg.c (DEFAULT_AKL_LIST): New.
- (main): Use it here.
- (main) <aLocateExtKeys>: Set default AKL if none is set.
-
- gpg: Silence some warning messages during -Kv.
- + commit d7aca1bef68589134b36395901b92496a7a37392
- * g10/options.h (glo_ctrl): Add flag silence_parse_warnings.
- * g10/keylist.c (list_all): Set that during secret key listsings.
- * g10/parse-packet.c (unknown_pubkey_warning): If new flag is set do
- not print info message normally emitted inh verbose mode.
- (can_handle_critical_notation, enum_sig_subpkt): Ditto.
- (parse_signature, parse_key, parse_attribute_subpkts): Ditto.
-
- gpg: Do not show two informational diagnostics with quiet.
- + commit f14ddeb89c4519cd7ccf52c4595b93ab11ccbda1
- * g10/trustdb.c (verify_own_keys): Silence informational diagnostic.
-
- gpgconf: Suggest the use of --gpgconf-test on --launch problems.
- + commit 2a45800b2f8043d2533403eaadf8736d15ad7017
- * tools/gpgconf-comp.c (gc_component_launch): Change suggestion.
-
-2019-08-22 Werner Koch <wk@gnupg.org>
-
- gpg: Extend --quick-gen-key for creating keys from a card.
- + commit d3f5d8544fdb43082ff34b106122bbf0619a0ead
- * g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
- support the special algo "card".
- (parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
- Handle the "card" algo. Adjust callers.
- (parse_algo_usage_expire): Add arg R_KEYGRIP.
- (quickgen_set_para): Add arg KEYGRIP and put it into the parameter
- list.
- (quick_generate_keypair): Handle algo "card".
- (generate_keypair): Also handle the keygrips as returned by
- parse_key_parameter_string.
- (ask_algo): Support ed25519 from a card.
-
-2019-08-22 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Factor export_ssh_key.
- + commit 6f760e6eb0e8820d386b33c28cb14210adfc6aef
- * g10/export.c (export_one_ssh_key): Factor out.
- (export_ssh_key): Use export_one_ssh_key.
-
- dns: Fix irrelevant use of tmpfile.
- + commit e00e68135c01351ed66fed3c4453a1b13c8d522f
- * dirmngr/dns.c (dns_trace_open): Don't use tmpfile.
-
-2019-08-21 Werner Koch <wk@gnupg.org>
-
- gpg: In a list of card keys show the standard keys.
- + commit ce403c74dbc9c027b823910f22338269e625f76f
- * g10/keygen.c (ask_algo): Identify the standard keys.
-
- scd:nks: Extend keypairinfo with usage flags.
- + commit 0d2c9ef29c1741845df2d56f0024f87eab42efb3
- * scd/app-nks.c (do_learn_status_core): Return usage.
-
- (cherry picked from commit 0a9053eff0406c6799ee201013194200c0ed3487)
-
- scd:nks: Support attributes $ENCRKEYID and $SIGNKEYID.
- + commit 671e54d62c39a9e196d13714cb67c2f3c38f2fa0
- * scd/app-nks.c (do_getattr): Add new attributes.
-
- gpg: New option --use-only-openpgp-card.
- + commit c97c2e578dd173ef5e7916a3aa539b3a65a7d86d
- * g10/gpg.c (opts): Add option.
- (main): Set flag.
- * g10/options.h: Add flags.use_only_openpgp_card.
- * g10/call-agent.c (start_agent): Implement option.
-
-2019-08-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix check_application_conflict.
- + commit 6fae96094c973be880919f3a7798ca69d9365b69
- * scd/scd/app.c (check_application_conflict): Compare APPTYPE.
-
- scd: Fix selecting additional APP.
- + commit 8dc19d35e854264cfe503cdbb9e5ccafa9bc97d0
- * scd/app.c (select_additional_application_internal): Factor out.
- (select_additional_application): Getting the lock and call
- select_additional_application_internal, set current_apptype, then.
- (select_application): Call select_additional_application_internal
- for Yubikey.
-
- scd: Fix how select_additional_application is called.
- + commit 4781c4a86608b57f9d1daf55b9b2970130fe6120
- * scd/app.c (check_application_conflict): Check against current APP.
- (select_additional_application): Update current_apptype of CTRL.
-
- scd: Fix resetting CARD_CTX.
- + commit 09d000babb71990ef1b3f42017a67516bb994388
- * scd/app.c (deallocate_card): Don't call scd_clear_current_app.
- (card_reset): Reset ctrl->current_apptype.
- * scd/command.c (open_card_with_request): Likewise.
- (send_client_notifications): Likewise.
- (scd_clear_current_app): Remove.
-
- scd: Fix switching to another APP.
- + commit d4f135c34b332f1f833617a7f1ef0bdbff5eb589
- * scd/app.c (select_additional_application): Initialize card of APP.
- Break after the selection.
- Don't free APP if success.
-
-2019-08-20 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: fix minor spelling and tense errors.
- + commit b7793c3af32b2d99359022f805636953a50d8c68
- * doc/{gpg,gpgsm,wks}.texi: minor orthographic cleanup.
-
- doc: clarify CARD event counter.
- + commit cba6e1bd7242e8b8c6822f4e93368cb315b5524b
- * doc/gpg-agent.texi: improve documentation of CARD entry in
- GETEVENTCOUNTER description.
-
-2019-08-08 Andre Heinecke <aheinecke@intevation.de>
-
- speedo, w32: Add w32-wixlib target for MSI package.
- + commit 0b7088dc8035e8d5832c89085eea3b288de67710
- * Makefile.am (EXTRA_DIST): Add wixlib.wxs
- * build-aux/speedo.mk (w32-wixlib): New target.
- (w32-release): Build wixlib if WIXPREFIX is set.
- (help): Add documentation.
- * build-aux/speedo/w32/wixlib.wxs
-
-2019-08-08 Werner Koch <wk@gnupg.org>
-
- build: Sign all Windows binaries.
- + commit 4964691861796ad6e7bd59dd553a617f68676b2b
- * build-aux/speedo.mk (AUTHENTICODE_SIGNHOST): New.
- (AUTHENTICODE_TOOL): New.
- (AUTHENTICODE_FILES): New.
- (installer): Sign listed files.
- (AUTHENTICODE_SIGNHOST): New macro.
- (sign-installer): Use that macro instead of direct use of osslsigncode.
-
-2019-08-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Remove fallback mechanism to PC/SC.
- + commit 100642e776964219936e493315eb8b7c99742f41
- * scd/apdu.c [HAVE_LIBUSB] (apdu_open_reader): Simply let it fail.
-
-2019-08-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix an error path of agent_get_confirmation.
- + commit bb82ad018a7bf93bd704cf44e51cd086e41a4ad5
- * agent/call-pinentry.c (agent_get_confirmation): Make sure
- unlock_pinentry is always called.
-
-2019-08-06 Werner Koch <wk@gnupg.org>
-
- kbx: Add framework for the SEARCH command.
- + commit 5ea6250cc5761612d17ca4fb34eed096f26e2826
- * kbx/backend-kbx.c: New.
- * kbx/backend-support.c: New.
- * kbx/backend.h: New.
- * kbx/frontend.c: New.
- * kbx/frontend.h: New.
- * kbx/kbxserver.c: Implement SEARCH and NEXT command.
- * kbx/keybox-search-desc.h (enum pubkey_types): New.
- * kbx/keybox-search.c (keybox_get_data): New.
- * kbx/keyboxd.c (main): Add a standard resource.
-
- kbx: Allow writing using a estream.
- + commit 1f980d23af8b818ed8246ec6bf13b9c61b963ec0
- * kbx/keybox-file.c (_keybox_write_header_blob): New optional arg
- stream. Change callers.
-
- tools: New option --keyboxd for gpg-connect-agent.
- + commit 0611f548bcd3c772084d6c3111dc88a09a67f65a
- * configure.ac: New option --keyboxd-pgm.
- (KEYBOXD_NAME, KEYBOXD_DISP_NAME): New ac_defines.
- * common/util.h: Add substitutes for new error codes.
- (GNUPG_MODULE_NAME_KEYBOXD): New.
- * common/homedir.c (gnupg_module_name): Support
- GNUPG_MODULE_NAME_KEYBOXD.
- * common/asshelp.c (SECS_TO_WAIT_FOR_KEYBOXD): New.
- (wait_for_sock): Support keyboxd.
- (start_new_service): Ditto.
- (start_new_keyboxd): New.
- * tools/gpg-connect-agent.c: New options --keyboxd and
- --keyboxd-program.
- (start_agent): Implement new option.
-
-2019-08-06 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix line break handling, finding a space.
- + commit f588dd8d1766de48c90a5501cf2d537f256d003e
- * common/name-value.c (assert_raw_value): Correctly find a space.
-
- gpg: Don't report NO_SECKEY for valid key.
- + commit d8a49bbcd1b1d40ab0ddadac0dbb16a5d75c626e
- * g10/mainproc.c (proc_encrypted): Report status of STATUS_NO_SECKEY
- only when some error occurred.
-
-2019-08-05 Werner Koch <wk@gnupg.org>
-
- common: Remove code duplication for service starting.
- + commit e22ebf357050f98558b428502a565fc3dc256932
- * common/homedir.c (gpg_agent_socket_name): New.
- * common/asshelp.c (start_new_service): New. Based on
- start_new_gpg_agent.
- (start_new_gpg_agent): Divert to start_new_service.
- (start_new_dirmngr): Ditto.
-
-2019-08-05 NIIBE Yutaka <gniibe@fsij.org>
-
- sm: Support AES-256 key.
- + commit ef2424144a070c9199e40424ec8d9b5a9919aa72
- * sm/decrypt.c (prepare_decryption): Handle a case for AES-256.
-
-2019-08-02 Werner Koch <wk@gnupg.org>
-
- common: Change yet unused status_printf function.
- + commit d8a84594abe4be933756db07b987dc8bcd79c8b9
- * common/asshelp2.c (status_printf): Rename to status_no_printf.
- (status_printf): New.
-
-2019-07-26 NIIBE Yutaka <gniibe@fsij.org>
-
- sm: Fix error checking of decryption result.
- + commit 15fe78184cc66ce6e657a6e949a522d7821f8a1c
- * sm/call-agent.c (gpgsm_agent_pkdecrypt): Fix condition.
-
-2019-07-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg,gpgsm: Handle pkdecrypt responses with/without NUL terminators.
- + commit 3ba091ab8c93c87741a451f579d63dd500d7621d
- * g10/call-agent.c (agent_pkdecrypt): accept but do not require
- NUL-terminated data from the agent.
- * sm/call-agent.c (gpgsm_agent_pkdecrypt): accept but do not require
- NUL-terminated data from the agent.
-
-2019-07-25 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: photoid: Use standard spawn API.
- + commit fd9e6ae22eb93aa5140b56e1b0fa14e6402d6099
- * g10/photoid.c (exec_write, exec_read, exec_finish): Remove.
- (setup_input_file): Rename from make_tempdir.
- (expand_args): Drop support of 'o' and 'O'.
- (fill_command_argv, run_with_pipe, create_temp_file) New.
- (show_photo): New with gnupg_spawn_process_fd and gnupg_wait_process.
- (show_photos): Call show_photo.
-
- gpg: photoid: Move functions from exec.c.
- + commit c57c5004ec6cc7dc7b7a4f250516199a8a1e31fc
- * g10/exec.c (w32_system): Expose to public.
- (exec_write, exec_read, exec_finish, make_tempdir, expand_args): Move
- to photoid.c.
- * g10/exec.h: Likewise.
- * g10/photoid.c (exec_write, exec_read, exec_finish, make_tempdir)
- (expand_args): Move here.
-
- scd: Handle CCID bwi of time extension.
- + commit 996c497a864d820af06333014b2c5f74d1054866
- * scd/ccid-driver.c (bulk_in): Increase timeout by the multiplier
- value as defined section 6.2.6 in CCID specification.
-
- scd: Fix bBWI value.
- + commit 858dc9564326e65e6d8771af160d4513aea1e4eb
- * scd/ccid-driver.c (ccid_transceive_apdu_level): Use bBWI=0 for APDU
- level transfer.
- (ccid_transceive): Use bBWI=0 or the value returend by WTX for TPDU
- level transfer.
-
-2019-07-24 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix the previous commit.
- + commit 044379772fc5b0f39c6a36809722e702808b6ec3
- * common/asshelp.c [HAVE_W32_SYSTEM] (start_new_gpg_agent): Use
- gnupg_spawn_process_detached.
- (start_new_dirmngr): Likewise.
-
- common: Use gnupg_spawn_process_fd to invoke gpg-agent/dirmngr.
- + commit b1c56cf9e2bb51abfd47747128bd2a6285ed1623
- * common/asshelp.c (start_new_gpg_agent): Call gnupg_spawn_process_fd
- and gnupg_wait_process.
- (start_new_dirmngr): Likewise.
-
- common,w32: Fix cast from gnupg_fd_t to call _open_osfhandle.
- + commit a64411c607d5450e786c3207b9023394574c979b
- * common/sysutils.c (translate_sys2libc_fd): Use intptr_t.
- (gnupg_tmpfile): Likewise.
-
-2019-07-23 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: A little clean up.
- + commit 7bfbb9fa7e7693cd7f19a8d130aa0a9a82825d5d
- * g10/keyserver.c: Don't include exec.h.
- * g10/photoid.c (image_type_to_string): It's constant.
- * g10/photoid.h (image_type_to_string): Likewise.
-
-2019-07-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Error code map fix for older Yubikey.
- + commit 13bc0431ff1ce51246694208df611cc4561fb4b3
- * scd/iso7816.c (map_sw): Recognize 6A86.
-
-2019-07-19 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: The option --passphrase= can be empty.
- + commit fcd766719a6e8f18f4be4c0f91e12aa157ca5506
- * g10/gpg.c (opts): Use ARGPARSE_o_s for oPassphrase to allow
- empty string.
-
- card: Fix showing KDF object attribute.
- + commit 98f4eff7ffde106ae4f60739d1104282430ac14f
- * g10/call-agent.c (learn_status_cb): Parse the KDF DO.
- * g10/card-util.c (current_card_status): Show it correctly.
-
- scd: Support "[CHV3]" attribute for keyid string.
- + commit 57565d5f975d3c00853bb49678d63ee8b896b741
- * scd/app-openpgp.c (check_keyidstr0: Relax the check.
-
- card: Support disabling KDF functionality.
- + commit 9c0cd9d07546698ab66cedd06c503e6b698593f9
- * g10/card-util.c (kdf_setup): Can be "off".
-
-2019-07-18 Werner Koch <wk@gnupg.org>
-
- kbx: Allow "gpgsm --faked-system-time" to kick off a compression run.
- + commit 824ca6f042dc69edaf67bf9d4e875be75babab00
- * kbx/keybox-update.c (keybox_compress): Use make_timestamp.
-
-2019-07-18 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: More check for symmetric key encryption.
- + commit 44be675b759d27bac310c2de8bae1b7882a26b65
- * g10/dek.h (DEK): Use debugger friendly type of unsigned int.
- * g10/mainproc.c (symkey_decrypt_seskey): Add another check.
-
-2019-07-16 NIIBE Yutaka <gniibe@fsij.org>
-
- doc: Fix description of the field 11.
- + commit 4195ce15f4942245a29ef20ace42ad0f27e82ffd
- * doc/DETAILS: Fix.
-
- dirmngr: Don't add system CAs for SKS HKPS pool.
- + commit 75e0ec65170b7053743406e3f3b605febcf7312a
- * dirmngr/http.c [HTTP_USE_GNUTLS] (http_session_new): Clear
- add_system_cas.
-
-2019-07-12 Werner Koch <wk@gnupg.org>
-
- scd: Remove useless GNUPG_SCD_MAIN_HEADER macro.
- + commit fb1c8978f57b8f92e2ea9d10afc1d133656c9706
- * scd/apdu.c (): Remove never set and useless macro.
- * scd/ccid-driver.c: Ditto.
- * scd/iso7816.c: Ditto.
-
-2019-07-12 NIIBE Yutaka <gniibe@fsij.org>
-
- doc: Dependencies for figures are only for maintainers.
- + commit 58bab1a8784b0dbae70b5d74757cd56484292d1c
- * doc/Makefile.am [MAINTAINER_MODE] (.svg.eps, etc.): Enable only
- when maintainer-mode.
-
- Fix a reference in comment.
- + commit 4e601c7643fcfa3d8babcce58daa4c6c6a42d338
- * common/openpgp-s2k.c: Fix.
-
- gpg: Don't try decryption by session key when NULL.
- + commit 89303b9998ea30d87b4c60dd48097dbe5e986a89
- * g10/mainproc.c (proc_encrypted): Only call get_session_key when
- PKENC_LIST is not NULL.
- Return GPG_ERR_BAD_KEY, instead of GPG_ERR_NO_SECKEY, when
- it's encrypted only by symmetric key.
-
-2019-07-11 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Relax the handling of pinentry error for keyboard grab.
- + commit 02d8b383833bac0382e910a2058b11b127acfd4d
- * agent/call-pinentry.c (start_pinentry): It's not fatal when
- pinentry doesn't support no-grab/grab option.
-
- scd: Fix internal CCID driver, so that -DTEST works.
- + commit b31060425226b45deb21915bf5cd8b6ba62bd098
- * scd/ccid-driver.c: Support a test program by ccid-driver.
-
- scd: Fix debug logging of the internal CCID driver.
- + commit 2536bf276189a474a3a1ca9716368cf5d991b0d6
- * scd/ccid-driver.c [GNUPG_MAJOR_VERSION] (DEBUGOUT): Use log_debug.
-
- gpg: Fix getting User ID.
- + commit 29c7fb4053d207c163802642babbdbb6f885727e
- * g10/getkey.c (user_id_db): Remove, as no use anymore.
- (get_user_id_string): Use cache_get_uid_bykid.
- (get_user_id_byfpr): Use cache_get_uid_byfpr.
- * g10/objcache.c (cache_get_uid_byfpr): New.
- * g10/objcache.h (cache_get_uid_byfpr): New.
-
-2019-07-10 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Improve import slowness.
- + commit 33c17a8008c3ba3bb740069f9f97c7467f156b54
- * g10/import.c (read_block): Avoid O(N^2) append.
- (sec_to_pub_keyblock): Likewise.
-
- gpg: Fix keyring retrieval.
- + commit a7a043e82555a9da984c6fb01bfec4990d904690
- * g10/keyring.c (keyring_get_keyblock): Avoid O(N^2) append.
-
-2019-07-09 Werner Koch <wk@gnupg.org>
-
- gpg: Do not try the import fallback if the options are already used.
- + commit a29156d5a650702ad79fe11f45782bc4bc159c13
- * g10/import.c (import_one): Check options.
-
- gpg: Fix regression in option "self-sigs-only".
- + commit eec150eca78a053193a0994a96482791b5da36be
- * g10/import.c (read_block): Make sure KEYID is availabale also on a
- pending packet.
-
-2019-07-09 NIIBE Yutaka <gniibe@fsij.org>
-
- sm: Fix card access.
- + commit 37d758e5f2b5d07dc937098cf48096cf35ea61e4
- * sm/call-agent.c (gpgsm_scd_pksign): Cast to integer for %b.
-
- scd: ccid-driver: Initial getting ATR more robustly.
- + commit c51a5685554a06e00ae1e99070b44613b2f8d417
- * scd/ccid-driver.c (send_power_off): New.
- (do_close_reader): Use send_power_off.
- (ccid_get_atr): Add error recovery.
-
-2019-07-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix keygrip search.
- + commit 39c40e572c5632f836d089dce49224f947244bf2
- * scd/app.c (app_do_with_keygrip): Break the entire loop.
-
-2019-07-05 Werner Koch <wk@gnupg.org>
-
- gpg: With --auto-key-retrieve prefer WKD over keyservers.
- + commit 96bf8f477805bae58cfb77af8ceba418ff8aaad9
- * g10/mainproc.c (check_sig_and_print): Print a hint on how to make
- use of the preferred keyserver. Remove keyserver lookup just by the
- keyid. Try a WKD lookup before a keyserver lookup.
-
- wkd: Change client/server limit back to 64 KiB.
- + commit b0e8724b102535c27a8c973ec038d340858a8eb8
- * tools/wks-receive.c (decrypt_data): Change limit.
-
-2019-07-05 NIIBE Yutaka <gniibe@fsij.org>
-
- sm: Return the last error for pubkey decryption.
- + commit 38b9da7de3350b1e56b85a058cdb1fdded78cf6d
- * sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
- and return the last error when no key is available.
- Fix the error report with TMP_RC for second call of
- ksba_cms_get_issuer_serial.
-
- gpg: Return the last error for pubkey decryption.
- + commit 6cc4119ec03be61c78189a0bec99372035289b91
- * g10/mainproc.c (proc_encrypted): Check ->result against -1.
- When c->dek == NULL, put GPG_ERR_NO_SECKEY only when not set.
- * g10/pubkey-enc.c (get_session_key): Set k->result by the result of
- get_it.
- When no secret key is available for some reasons, return the last
- specific error, if any.
-
-2019-07-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: fix handling of HTTPS redirections during HKP.
- + commit 064aeb14c9b869e114e9ec789526fad8da657230
- * dirmngr/ks-engine-hkp.c (send_request): Reinitialize HTTP session when
- following a HTTP redirection.
-
-2019-07-04 Werner Koch <wk@gnupg.org>
-
- gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
- + commit 23c978640812d123eaffd4108744bdfcf48f7c93
- * g10/gpg.c (main): Change default.
-
- gpg: Avoid printing false AKL error message.
- + commit 91a6ba32347a21c9029728eec96b8ff80f944629
- * g10/getkey.c (get_pubkey_byname): Add special traeatment for default
- and skipped-local.
-
- gpg: New command --locate-external-key.
- + commit d00c8024e58822e0623b3fad99248ce68a8b7725
- * g10/gpg.c (aLocateExtKeys): New.
- (opts): Add --locate-external-keys.
- (main): Implement that.
- * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
- (get_best_pubkey_byname): Add arg 'mode' and pass on to
- get_pubkey_byname. Change callers.
- * g10/keylist.c (public_key_list): Add arg 'no_local'.
- (locate_one): Ditto. Pass on to get_best_pubkey_byname.
-
- gpg: Make the get_pubkey_byname interface easier to understand.
- + commit 9980f81da765f88a65604ab083563bf15ccdb425
- * g10/keydb.h (enum get_pubkey_modes): New.
- * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and
- change all callers.
-
-2019-07-03 Werner Koch <wk@gnupg.org>
-
- dirmngr: Avoid endless loop in case of HTTP error 503.
- + commit 8b113bb148f273524682252233b3c65954e1419e
- * dirmngr/ks-engine-hkp.c (SEND_REQUEST_EXTRA_RETRIES): New.
- (handle_send_request_error): Use it for 503 and 504.
- (ks_hkp_search, ks_hkp_get, ks_hkp_put): Pass a new var for
- extra_tries.
-
- dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain.
- + commit 37f0c55c7be3fc4912237f2bc72466aef6f8aa36
- * dirmngr/http.c (same_host_p): Consider certain subdomains to be the
- same.
-
-2019-07-02 Peter Lebbing <peter@digitalbrains.com>
-
- Mention --sender in documentation.
- + commit cf92f7d96f83e5af7d2c232c8450c2c7d900ade8
-
-
-2019-07-01 Werner Koch <wk@gnupg.org>
-
- gpg: Fallback to import with self-sigs-only on too large keyblocks.
- + commit 3a403ab04eeb45f12b34f9d9c421dac93eaf2160
- * g10/import.c (import_one): Rename to ...
- (import_one_real): this. Do not print and update stats on keyring
- write errors.
- (import_one): New. Add fallback code.
-
- gpg: New import and keyserver option "self-sigs-only"
- + commit 2e349bb6173789e0e9e42c32873d89c7bc36cea4
- * g10/options.h (IMPORT_SELF_SIGS_ONLY): New.
- * g10/import.c (parse_import_options): Add option "self-sigs-only".
- (read_block): Handle that option.
-
- gpg: Make read_block in import.c more flexible.
- + commit 894b72d796c826b1c7e1df788e16874cd051e672
- * g10/import.c: Change arg 'with_meta' to 'options'. Change callers.
-
-2019-07-01 NIIBE Yutaka <gniibe@fsij.org>
-
- tools: gpgconf: Killing order is children-first.
- + commit 7c877f942a344e7778005840ed7f3e20ace12f4a
- * tools/gpgconf-comp.c (gc_component_kill): Reverse the order.
-
-2019-06-28 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Close a dialog cleanly when gpg/ssh is killed for CONFIRM.
- + commit 374a0775546b6241ca2dd10836202c50300d8e91
- * agent/call-pinentry.c (watch_sock_start): Factor out
- from do_getpin.
- (watch_sock_end): Likewise.
- (do_getpin): Use those functions.
- (agent_get_confirmation): Likewise.
- (popup_message_thread): Likewise.
-
-2019-06-25 Werner Koch <wk@gnupg.org>
-
- scd: Do not conflict if a card with another serialno is demanded.
- + commit 92ba831758cff0262504ac51e5df7a439844327c
- * scd/app.c (check_application_conflict): Add args to pass a serialno.
- * scd/command.c (open_card_with_request): Pass the serialno to
- check_application_conflict.
-
- scd: Return a stable list with "getinfo card_list".
- + commit c8e62965bc90eabff5c4b7cb349bd8e41584c01b
- * scd/app.c (compare_card_list_items): New.
- (app_send_card_list): Sort the card objects by slot.
-
- scd: Add an re-select mechanism to switch apps.
- + commit d803b3bb3c084b6bce4d2bd161db50dc45442e5b
- * scd/app-common.h (struct app_ctx_s): Add func ptr 'reselect'.
- * scd/app-piv.c (do_reselect): New.
- (app_select_piv): Move AID constant to file scope.
- * scd/app-openpgp.c (do_reselect): New.
- (app_select_openpgp): Move AID constant to file scope.
- * scd/app.c (apptype_from_name): New.
- (check_application_conflict): Check against all apps of the card.
- Always set current_apptype.
- (select_additional_application): New.
- (maybe_switch_app): New.
- (app_write_learn_status, app_readcert, app_readkey, app_getattr)
- (app_setattr, app_sign, app_auth, app_decipher, app_writecert)
- (app_writekey, app_genkey, app_change_pin, app_check_pin): Use it here.
- (app_do_with_keygrip): Force reselect on success.
- (app_new_register): Move setting of CURRENT_APPTYPE to ...
- (select_application): here so that it will be set to the requested
- card.
- * scd/command.c (open_card_with_request): Select additional
- application if possible.
-
-2019-06-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- spelling: Fix "synchronize"
- + commit d7d1ff45574ed935d07642964a529a358b11a1a7
-
-
-2019-06-21 Werner Koch <wk@gnupg.org>
-
- scd: Take the card look while running app->with_keygrip.
- + commit b304c006a3c9ba186fb2510859df7f02a0acad25
- * scd/app.c (app_do_with_keygrip): Lock the card.
-
- scd: Take the lock earlier in the function dispatchers.
- + commit 0400a4eb1782e7a4aea5b04492c93939c6b9799a
- * scd/app.c: Chnage all function dispatcher.
-
- scd: Add code to check whether app switching is possible.
- + commit 1b78e4951ed7a66ec71ca036e7680148a63143be
- * scd/app.c (check_conflict): Fold into ...
- (check_application_conflict): this and adjust callers. Return a
- different error code if it is possible to switch apps.
-
- scd: Track the currently selected app.
- + commit 91e2931caac9b914efa0a4524effaaa5948ebd00
- * scd/scdaemon.h (struct server_control_s): Add 'current_apptype'.
- * scd/command.c (scd_clear_current_app): New.
- * scd/app.c (app_new_register): Set it.
- (deallocate_card): Clear it.
-
- scd: Simplify inclusion of app-common.h.
- + commit 43dcf93407d6d2b87b6e7db74fd05fd237495bfe
- * scd/scdaemon.h: Include app-common.h. Remove inclusion of that
- header from all other files.
- (card_t, app_t): Move typedef to ...
- * scd/app-common.h: here. Use them in the defs.
-
- gpg: Very minor code cleanup.
- + commit 4256e9f0f1bf27ed2e93ca3890003ead208ef6df
- * g10/decrypt-data.c (decrypt_data): Remove superfluous test.
-
- scd: Use enums for cardtype and apptype.
- + commit 9551275857c1f9a75fee5736fa6c3cf361364f22
- * scd/app-common.h (cardtype_t): New.
- (apptype_t): New.
- (struct card_ctx_s): Change type of cardtype.
- (struct app_ctx_s): Change type of apptype. Adjust all users.
- * scd/app.c (struct app_priority_list_s): Add field apptype.
- (strcardtype): New. Use as needed.
- (strapptype): New. Use as needed.
-
-2019-06-20 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese Translation.
- + commit 0ccb5ddef18f04b86855530838af4cbb9b8aa30b
-
-
- tools: Fix error handling for gpg-pair-tool.
- + commit d5287f43fd4def68901519a4c1d471b81ee86ed0
- * tools/gpg-pair-tool.c (read_message): Initialize ERR.
-
-2019-06-19 Werner Koch <wk@gnupg.org>
-
- scd: Split data structures into app and card related objects.
- + commit 5a5288d051a551a1a8f169225e62572f6ee8cb10
- * scd/app-common.h (struct card_ctx_s): New.
- (struct app_ctx_s): Factor card specific fields out to card_ctx_s.
- (app_get_slot): New.
- * scd/scdaemon.h (card_t): New.
- (struct server_control_s): Rename field app_ctx to card_ctx and change
- all users.
- * scd/app-dinsig.c: Use app_get_slot and adjust for chang in card
- related fields.
- * scd/app-geldkarte.c: Ditto.
- * scd/app-nks.c: Ditto.
- * scd/app-openpgp.c: Ditto.
- * scd/app-p15.c: Ditto.
- * scd/app-sc-hsm.c: Ditto.
- * scd/app.c: Lost of changes to adjust for the changed data
- structures. Change all callers.
- (app_list_lock): Rename to card_list_lock.
- (app_top): Remove.
- (card_top): New.
- (lock_app): Rename to lock_card and change arg type.
- (unlock_app): Rename to unlock_card.
- (app_dump_state): Print card and app info.
- (app_reset): Rename to card_reset.
- (app_new_register): Change for the new data structure.
- (deallocate_card): Dealloc card and all apps.
- (app_ref): Rename to card_ref.
- (app_unref): Rename to card_unref.
- (app_unref_locked): Rename to card_unref_locked.
- (card_get_serialno): New.
- * scd/command.c (cmd_pkdecrypt): Actually use the looked up card and
- former app object and not the standard one from the context.
-
-2019-06-18 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: KEYINFO: Send LF for --data.
- + commit c3dd53a65dc9ea2c4814e24079f0270c2fef14c6
- * scd/command.c (send_keyinfo): Send LF for --data.
-
-2019-06-17 Werner Koch <wk@gnupg.org>
-
- scd:piv: Add the do_with_keygrip feature.
- + commit e900bf29737b3f7a09f749a271f2c5d7b59c49eb
- * scd/app-piv.c (do_with_keygrip): New.
- (app_select_piv): Register function.
-
- scd: Add explict functions for 'app' reference counting.
- + commit c594dcfc93486cd26e193aa5c82bb8a8f30ab57b
- * scd/app.c (app_ref): New.
- (app_unref): New.
- (release_application): Renamed to ...
- (app_unref_locked): this and remove arg locked_already. Change
- callers to use this or app_ref.
- * scd/command.c (open_card_with_request):
- (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): Use app_ref and app_unref
- instead of accessing the counter directly.
-
- scd: Slight change to app->fnc.do_with_keygrip.
- + commit 70f7b262877b1e751d8557dc04a09a420e9d8a8f
- * scd/app-openpgp.c (do_with_keygrip): Return a real error code to
- avoid misinterpretation of the result. Also fix the case for a too
- small buffer.
-
- scd: Use the correct gpg for the v1.0 OpenPGP card hack.
- + commit 479c2775d5df64432c1bf64faae7f9abd3042850
- * scd/app-openpgp.c (get_public_key): Use gnupg_module_name instead of
- just "gpg".
-
-2019-06-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- fix up 6562de7475b21cd03c7b1a83a591fa563c589f5b.
- + commit 6e46862abd2c2e82f245e381c3f08c5829fb61e6
-
-
-2019-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc/gpgsm: explain what "policy-file" refers to.
- + commit 6562de7475b21cd03c7b1a83a591fa563c589f5b
- A new user who sees "policy-file" and searches naively through the
- documentation to find it again won't be able to tell what this refers
- to, since "policies.txt" doesn't otherwise match the search string
- "policy". This gives them a fighting chance at finding the
- documentation.
-
-2019-06-07 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgparsemail: Die on parse error, printing errno thing.
- + commit 1e9d61fb95e4813225a40f720231196abdb83992
- * tools/gpgparsemail.c (parse_message): Revert the change.
- * tools/rfc822parse.c (transition_to_body): Set ERRNO.
- (transition_to_header, insert_header): Likewise.
-
-2019-06-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Bring back --card-timeout option as deprecated.
- + commit 72fe8d652fce6cb9104bb07ef0fb811cbab3303a
- * doc/scdaemon.texi (card-timeout): Add.
- * scd/scdaemon.c (main): Revert the change.
-
- gpgparsemail: Die on parse error (not abort).
- + commit c13e459ffeffb8c5387c44b3c04bb92b7111a75b
- * tools/gpgparsemail.c (parse_message): Don't use ERRNO.
- * tools/rfc822parse.c (transition_to_body): Return -1.
- (transition_to_header, insert_header): Likewise.
-
-2019-06-04 Werner Koch <wk@gnupg.org>
-
- sm: Print a better diagnostic for encryption certificate selection.
- + commit 9bf650db022b6b65bbfa74c311cdc3e6b73d3b44
- * sm/certlist.c (gpgsm_add_to_certlist): Add diagnostic and fold two
- similar branches.
-
-2019-06-04 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Block signals in g10_exit.
- + commit 537fbe13af6a70e105982c4b69c1bcc3908ffb08
- * g10/gpg.c (g10_exit): Block all signals before calling
- emergency_cleanup.
-
- agent: Allow TERM="".
- + commit 0076bef2026a87c4c0e05bad7d322638b1de3f37
- * agent/call-pinentry.c (start_pinentry): When TERM is none,
- don't send OPTION ttytype to pinentry.
-
- agent: Add pinentry_loopback_confirm declaration.
- + commit 3a1bb0081087c0604ed681642114934ffe607fa1
- * agent/agent.h (pinentry_loopback_confirm): New.
-
- scd: Remove unsupported --card-timeout option.
- + commit 4262933ef6f7530b4ad55646250a6763de9bf103
- * doc/scdaemon.texi (card-timeout): Remove.
- * scd/scdaemon.c (main): Remove oCardTimeout handling.
-
- g10,agent: Support CONFIRM for --delete-key.
- + commit 20acc7c0226550530085a674ef1bb41ebfa39408
- * agent/call-pinentry.c (agent_get_confirmation): Add call of
- pinentry_loopback_confirm.
- (agent_popup_message_start): Likewise.
- (agent_popup_message_stop): Return if it's loopback mode.
- * agent/command.c (pinentry_loopback_confirm): New.
-
- * g10/call-agent.c (default_inq_cb): Support "CONFIRM" inquery
- when PINENTRY_MODE_LOOPBACK mode.
- (confirm_status_cb): New.
- (agent_delete_key): Supply confirm_status_cb to set the description
- string for confirmation.
-
- doc: Add a section for gpg-check-pattern.
- + commit eaf3b89d11156cc055644fc50761e1692e791e84
- * doc/Makefile.am: Add gpg-check-pattern.1.
- * doc/tools.texi (GPG-CHECK-PATTERN): New.
-
-2019-06-03 Werner Koch <wk@gnupg.org>
-
- Return better error code for some getinfo IPC commands.
- + commit f2ac6742d403a5a95d84ac7cdcf8913c39297bcb
- * agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
- * g13/server.c (cmd_getinfo): Ditto.
- * sm/server.c (cmd_getinfo): Ditto.
-
-2019-05-29 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Add A-flag for KEYINFO output for card.
- + commit 6790eaf9529209e36099d9520821a3b8ad02ccef
- * agent/command.c (do_one_keyinfo): Add ON_CARD argument to put
- A-flag.
- (cmd_keyinfo): Call agent_card_keyinfo to offer additional information
- if it's on card.
-
-2019-05-28 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
- + commit 405f41007c35ef52bf85c7c2686dab01fdf2c950
- * dirmngr/ocsp.c (do_ocsp_request): Remove arg md. Add args r_sigval,
- r_produced_at, and r_md. Get the hash algo from the signature and
- create the context here.
- (check_signature): Allow any hash algo. Print a diagnostic if the
- signature does not verify.
-
- dirmngr: Improve finding OCSP cert.
- + commit 4699e294cc9e59f35262adca26ca291927acca9e
- * dirmngr/certcache.c (find_cert_bysubject): Add better debug output
- and try to locate by keyid.
-
- agent: Make an MD encoding function more robust.
- + commit a2a90717466a88756bbdc6b11577cfee061fc1a8
- * agent/pksign.c (do_encode_md): Use ascii_tolower and avoid
- uninitalized TMP in the error case.
-
-2019-05-28 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Remove unused agent_show_message.
- + commit 19415a265253a5ab72e79493d2f40c7e4441d81e
- * agent/call-pinentry.c (agent_show_message): Remove.
- * agent/genkey.c (take_this_one_anyway): Rename from
- take_this_one_anyway2. Remove a dead path calling agent_show_message.
- (check_passphrase_constraints): Use take_this_one_anyway.
-
-2019-05-27 Werner Koch <wk@gnupg.org>
-
- sm: Avoid confusing diagnostic for the default key.
- + commit 521e7d4644ed365ab2de3dfaa6c3728ca10ba79b
- * sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
- callers.
- (gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
- Change all callers.
- * sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
- gpgsm_cert_use_sign_p
-
- gpg: Fixed i18n markup of some strings.
- + commit b6289af9738ddbc533defba0aefd950a9ca21ff1
- * g10/tofu.c: Removed some translation markups which either make no
- sense or are not possble.
-
- gpg: Allow deletion of subkeys with --delete-[secret-]key.
- + commit cc6069ac6ecd57dcbb808f28d54fd9f89dc55014
- * common/userids.c (classify_user_id): Do not set the EXACT flag in
- the default case.
- * g10/export.c (exact_subkey_match_p): Make static,
- * g10/delkey.c (do_delete_key): Implement subkey only deleting.
-
-2019-05-23 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Stop scdaemon after reload when disable_scdaemon.
- + commit 7158a5696dc84e1ebd2b523ab83a43a32423181d
- * agent/call-scd.c (agent_card_killscd): New.
- * agent/gpg-agent.c (agent_sighup_action): Call agent_card_killscd.
-
- g10: Copy expiredate from primary key when marked expired.
- + commit 265e6d670682e661cec89657c3330b0b388ca0a7
- * g10/getkey.c (merge_selfsigs): Update ->expiredate of subkey.
-
-2019-05-21 Werner Koch <wk@gnupg.org>
-
- gpg: Do not bail on an invalid packet in the local keyring.
- + commit 4c7d63cd5b02ebfd09933bebd1312e01958b3e20
- * g10/keydb.c (parse_keyblock_image): Treat invalid packet special.
-
- gpg: Do not allow creation of user ids larger than our parser allows.
- + commit 156788a43c20e38cd52f4f725395aff2c72142ff
- * g10/parse-packet.c: Move max packet lengths constants to ...
- * g10/packet.h: ... here.
- * g10/build-packet.c (do_user_id): Return an error if too data is too
- large.
- * g10/keygen.c (write_uid): Return an error for too large data.
-
- gpg: Unify the the use of the print_pubkey_info functions.
- + commit 126caa34bbdb36f40514643b9d6f5ead3240c735
- * g10/keylist.c (format_seckey_info): Remove.
- (print_pubkey_info, print_seckey_info): Remove.
- (format_key_info): New.
- (print_key_info): New.
- (print_key_info_log): New.
- * g10/card-util.c (current_card_status): Use print_key_info and remove
- the useless condition on KEYBLOCK.
- * g10/delkey.c (do_delete_key): Replace print_pubkey_info and
- print_seckey_info by print_key_info.
- * g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
- print_key_info.
- * g10/pkclist.c (do_we_trust_pre): Ditto.
- * g10/revoke.c (gen_desig_revoke): Ditto.
- (gen_revoke): Ditto. Also use print_key_info_log instead of separate
- functions.
-
-2019-05-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for SCARD_IO_REQUEST structure.
- + commit 1eb93d9229c54baa5f1b7ccf7d105d3692c51a4d
- * scd/apdu.c (struct pcsc_io_request_s): Use pcsc_dword_t for Windows.
-
- agent: For SSH key, don't put NUL-byte at the end.
- + commit 479f7bf31ce405e558d844c3eb576b463a8697e5
- * agent/command-ssh.c (ssh_key_to_protected_buffer): Update
- the length by the second call of gcry_sexp_sprint.
-
-2019-05-20 Werner Koch <wk@gnupg.org>
- Matheus Afonso Martins Moreira
-
- gpg: Do not delete any keys if --dry-run is passed.
- + commit 110a4550179fd1faeee8d2f17a33ed7807a397ae
- * g10/delkey.c (do_delete_key): Don't delete the keyblock on dry runs.
- Do not clear the ownertrust. Do not let the agent delete the key.
-
-2019-05-17 Werner Koch <wk@gnupg.org>
-
- gpg: Fix using --decrypt along with --use-embedded-filename.
- + commit 386bacd9741639d7f5e83c81628d3cad78407197
- * g10/options.h (opt): Add flags.dummy_outfile.
- * g10/decrypt.c (decrypt_message): Set this global flag instead of the
- fucntion local flag.
- * g10/plaintext.c (get_output_file): Ignore opt.output if that was
- used as a dummy option aslong with --use-embedded-filename.
-
- gpg: Improve the photo image viewer selection.
- + commit 7e5847da0f3d715cb59d05adcd9107b460b6411b
- * g10/exec.c (w32_system): Add "!ShellExecute" special.
- * g10/photoid.c (get_default_photo_command): Use the new ShellExecute
- under Windows and fallbac to 'display' and 'xdg-open' in the Unix
- case.
- (show_photos): Flush stdout so that the output is shown before the
- image pops up.
-
-2019-05-16 Werner Koch <wk@gnupg.org>
-
- kbx: Fix an endless loop under Windows due to an incomplete fix.
- + commit 6fc5df1e10129f3171d80cf731f310b9e8d97c26
- * kbx/keybox-search.c (keybox_search): We need to seek to the last
- position in all cases not just when doing a NEXT.
-
- gpgconf: Before --launch check that the config file is fine.
- + commit 50c2f76ae65d4ee793876865011fa97c85f38ac2
- * tools/gpgconf-comp.c (gc_component_launch): Check the conf file.
- * tools/gpgconf.c (gpgconf_failure): Call log_flush.
-
- scd: Remove unused cruft from GnuPG 1.x.
- + commit 79c99921e35921140c83d7c101829d95f038f3da
- * scd/apdu.c: Remove code used only by GnuPG 1.
- * scd/app-openpgp.c: Ditto.
- * scd/ccid-driver.c: Ditto.
- * scd/iso7816.c: Ditto.
-
-2019-05-16 NIIBE Yutaka <gniibe@fsij.org>
-
- agent,scd: Scan and load all public keys for availability.
- + commit dc35b25195e564affdea7969a7c4ea4e200ab45f
- * agent/divert-scd.c (ask_for_card): Scan by SERIALNO command.
- * scd/app-openpgp.c (do_with_keygrip): Make sure to load pubkey.
-
-2019-05-15 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support scdaemon operation using KEYGRIP.
- + commit 1091f22511e1a8259eb5c998f5c207ee95723a4a
- * agent/agent.h (struct card_key_info_s): New.
- (divert_pksign, divert_pkdecrypt): New API.
- * agent/call-scd.c (card_keyinfo_cb): New.
- (agent_card_free_keyinfo, agent_card_keyinfo): New.
- * agent/divert-scd.c (ask_for_card): Having GRIP argument,
- ask scdaemon with agent_card_keyinfo.
- (divert_pksign, divert_pkdecrypt): Ditto.
- * agent/pkdecrypt.c (agent_pkdecrypt): Supply GRIP.
- * agent/pksign.c (agent_pksign_do): Ditto.
-
- scd: Don't put newline at the end of status.
- + commit 01730529f20882cd98882a61408e9bee960c86f1
- * scd/command.c (send_keyinfo): Remove newline.
-
-2019-05-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: enable OpenPGP export of cleartext keys with comments.
- + commit 392e59a3d487e174edcea570e69a0f946c55a19a
- * g10/export.c (cleartext_secret_key_to_openpgp): ignore trailing
- sublists in private-key S-expression.
-
-2019-05-15 Werner Koch <wk@gnupg.org>
-
- gpgconf: Support --homedir for --launch.
- + commit a4be077abdbf286e3dcdeb0553ba0e74b7e2df5f
- * tools/gpgconf-comp.c (gpg_agent_runtime_change): Simplify because
- gnupg_homedir already returns abd absolute name.
- (scdaemon_runtime_change): Ditto.
- (dirmngr_runtime_change): Ditto.
- (gc_component_launch): Support --homedir.
-
- sm: Add a couple of debug calls to the keydb module.
- + commit 6e041b7b356c3adba714e98f4ecf0dd007375390
- * sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
- (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
- * sm/gpgsm.c: new debug flags "lookup" and "clock"
- * sm/keydb.c: Add log_clock calls to most functions.
- (keydb_search_desc_dump): New.
- (keydb_search) [DBG_LOOKUP]: Print descrh decription.
- * sm/keylist.c (list_cert_std): Flush FP in debug mode to better
- syncronize the output with the debug output
-
-2019-05-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix return value for KEYINFO command.
- + commit 62c29af63203400947569c5965a8cf05a22fcd4c
- * scd/command.c (cmd_keyinfo): Return GPG_ERR_NOT_FOUND if none.
-
-2019-05-14 Werner Koch <wk@gnupg.org>
-
- kbx: Fix deadlock in gpgsm on Windows due to a sharing violation.
- + commit 49b236af0ecbb6df67513feb4b63851f2e159ea2
- * kbx/keybox-init.c (keybox_lock) [W32]: Use _keybox_close_file
- instead of fclose so that a close is done if the file is opened by
- another handle.
- * kbx/keybox-search.c (keybox_search): Remember the last offset and
- use that in NEXT search mode if we had to re-open the file.
-
- sm: Change keydb code to use the keybox locking.
- + commit 22e274f839f9a6c9a511648f29cae497f6492c97
- * kbx/keybox-init.c (keybox_lock): New arg TIMEOUT. Change all
- callers to pass -1 when locking.
- * sm/keydb.c (struct resource_item): Remove LOCKANDLE.
- (struct keydb_handle): Add KEEP_LOCK.
- (keydb_add_resource): Use keybox locking instead of a separate dotlock
- for testing whether we can run a compress.
- (keydb_release): Reset KEEP_LOCK.
- (keydb_lock): Set KEEP_LOCK.
- (unlock_all): Take care of KEEP_LOCK.
- (lock_all): Use keybox_lock instead of dotlock fucntions.
- (keydb_delete): Remove arg UNLOCK.
- * sm/delete.c (delete_one): Adjust keydb_delete. Due to the KEEP_LOCK
- the keydb_release takes care of unlocking.
-
-2019-05-14 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: correct length for uri and comment on 64-bit big-endian platforms
- + commit 5651b2c460a7898027c1765c2063c302606b5f85
- * agent/findkey.c (agent_public_key_from_file): pass size_t as int to
- gcry_sexp_build_array's %b.
-
-2019-05-14 Werner Koch <wk@gnupg.org>
-
- gpg: Do not print a hint to use the deprecated --keyserver option.
- + commit 7102d9b798b0985412007d3bf8b954959e4adec7
- * g10/keyserver.c (keyserver_search): Remove a specialized error
- message.
-
-2019-05-14 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix possible null dereference.
- + commit 802a2aa300bad3d4385d17a2deeb0966da4e737d
- * g10/armor.c (armor_filter): Access ->d in the internal loop.
-
-2019-05-13 Werner Koch <wk@gnupg.org>
-
- gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
- + commit 484d6ba5896acfa3dcf73d9536bcf5e006579b5f
- * g10/sign.c (update_keysig_packet): Convert digest algo when needed.
-
- gpg: Cleanup use of make_keysig_packet.
- + commit d07666412d4317460c6f03b3ffd03edf4a715ef7
- * g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo
- which was always passed as 0. Change all callers.
-
- * g10/gpgcompose.c (signature): Warn when trying to set a digest algo.
-
-2019-05-13 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update m4/iconv.m4.
- + commit 1cd2aca03b8807c6f8e4929ace462bb606dcd53f
- * m4/iconv.m4: Update from gettext 0.20.1.
-
-2019-05-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: correct documentation for gpgconf --kill.
- + commit 9662538be6afc8beee0f2654f9a8f234c5dac016
- * doc/tools.texi(gpgconf): Correct documentation for gpgconf --kill.
-
-2019-05-07 Werner Koch <wk@gnupg.org>
-
- agent: If a Label is make sure that label is part of the prompt.
- + commit 69e0b080f06b66eee96327617c6fbffe8a88d586
- * agent/findkey.c (has_comment_expando): New.
- (agent_key_from_file): Modify DESC_TEXT.
-
- agent: Allow the use of "Label:" in a key file.
- + commit 5388537806411c19ea84db8c4419f410be9ac616
- * agent/findkey.c (linefeed_to_percent0A): New.
- (read_key_file): Add optional arg 'keymeta' and change all callers.
- (agent_key_from_file): Prefer "Label:" over the comment for protected
- keys.
-
- common: New functions nvc_delete_named and nvc_get_string.
- + commit b5985d0ca21ca376f22c050857bfda05592cebef
- * common/name-value.c (nvc_delete_named): New.
- (nvc_get_string): New.
-
-2019-05-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support direct use of app with PKSIGN/PKAUTH/PKDECRYPT.
- + commit c856ee7312c9eeb7d79a30189a49f70986420364
- * scd/command.c (cmd_pksign, cmd_pkauth, cmd_pkdecrypt): When length
- of keyidstr is 40, it is considered as a keygrip for direct use.
-
-2019-05-03 Werner Koch <wk@gnupg.org>
-
- agent: Put Token lines into the key files.
- + commit bdf252e76ada0056bec2ee7940255f32552328c5
- * agent/findkey.c (write_extended_private_key): Add args serialno and
- keyref. Write a Token line if that does not yet exist.
- (agent_write_private_key): Add args serialno and keyref and change all
- callers.
- (agent_write_shadow_key): Skip leading spaces.
- * agent/keyformat.txt: Improve extended key format docs.
-
- common: In private key mode write "Key:" always last in name-value.
- + commit c9fa28bfad297b17e76341ffb40383ce92da5d44
- * common/name-value.c (nvc_write): Take care of Key. Factor some code
- out to ...
- (write_one_entry): new.
-
- gpg: Use just the addrspec from the Signer's UID.
- + commit bd6ecbb8f8e92fe4a7fed40fcf470eb83bda0927
- * g10/parse-packet.c (parse_signature): Take only rthe addrspec from a
- Signer's UID subpacket.
-
-2019-04-30 Werner Koch <wk@gnupg.org>
-
- sm: Add yet inactive options to support authenticode.
- + commit 5f3864fb647237f862bbe7e26763dffa0e945202
- * sm/gpgsm.c (opts): New options --authenticode and --attribute.
- * sm/gpgsm.h (opt): Add vars authenticode and attribute_list.
- * sm/sign.c (add_signed_attribute): New but inactive.
- (gpgsm_sign): Use new options.
-
-2019-04-29 Andre Heinecke <aheinecke@gnupg.org>
-
- common,w32: Breakaway detached childs when in job.
- + commit 03df28b18b92b3fd3d2ba1000903c088dc5b0fcf
- * common/exechelp-w32.c (gnupg_spawn_process_detached): Add
- CREATE_BREAKAWAY_FROM_JOB creation flag if required.
-
-2019-04-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add new command: KEYINFO.
- + commit 874bc970ba6ec243ff474ef090242e0f7be6a7bc
- * scd/app-common.h (struct app_ctx_s): Add with_keygrip function.
- * scd/app-openpgp.c (do_with_keygrip): New.
- * scd/app.c (app_do_with_keygrip): New.
- * scd/command.c (cmd_keyinfo): New.
- (send_keyinfo): New.
-
-2019-04-23 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese Translation.
- + commit d5443b918dd3b8ccb3c4fdd8fe9d70d84aa312ff
-
-
- scd: Allow KEYGRIP as KEYIDSTR.
- + commit e769609cd3c12d2e26955538399172016f78d2d4
- * scd/app-openpgp.c (struct app_local_s): Add keygrip_str.
- (store_keygrip): New.
- (read_public_key): Call store_keygrip to hold keygrip.
- (get_public_key): Likewise.
- (send_keypair_info): Use stored keygrip_str.
- (check_keyidstr): Allow use of KEYGRIP.
- (do_check_pin): Allow use of KEYGRIP of signing slot.
-
-2019-04-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Factor out a function to check keyidstr.
- + commit b0f0791e4ade845b2a0e2a94dbda4f3bf1ceb039
- * scd/app-openpgp.c (check_keyidstr): New.
- (do_sign, do_auth, do_decipher, do_check_pin): Use check_keyidstr.
-
-2019-04-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpgconf: correct capitalization of "Tor"
- + commit ea7d85ff658c000f5f469e0a869af0e512e8c59f
- * tools/gpgconf-comp.cb (gc_options_dirmngr): correct capitalization
- of Tor.
-
-2019-04-18 Andre Heinecke <aheinecke@intevation.de>
-
- g10: Fix double free when locating by mbox.
- + commit e57954ed278cb5e6e725005b1ecaf7ce70006ce0
- * g10/getkey.c (get_best_pubkey_byname): Set new.uid always
- to NULL after use.
-
-2019-04-17 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix a memory leak.
- + commit a861f9343d6e6d18064e4e54aeb914c5a10b2095
- * g10/import.c (import): Care PNDING_PKT on error.
-
-2019-04-16 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix AWK portability.
- + commit b6f0b0efa19e0434024bc16e246032b613fd448a
- * common/Makefile.am: Use pkg_namespace.
- * common/mkstrtable.awk: Use pkg_namespace. Regexp fix.
-
-2019-04-13 Werner Koch <wk@gnupg.org>
-
- gpg: New caching functions.
- + commit 64a5fd37271a3e454c0d59ac3500e1a1b232e4f7
- * g10/objcache.c: New.
- * g10/objcache.h: New.
- * g10/Makefile.am (common_source): Add them.
- * g10/gpg.c: Include objcache.h.
- (g10_exit): Call objcache_dump_stats.
- * g10/getkey.c: Include objcache.h.
- (get_primary_uid, release_keyid_list): Remove.
- (cache_user_id): Remove.
- (finish_lookup): Call the new cache_put_keyblock instead of
- cache_user_id.
- (get_user_id_string): Remove code for mode 2.
- (get_user_id): Implement using cache_get_uid_bykid.
-
-2019-04-12 Werner Koch <wk@gnupg.org>
-
- gpg: Cache a once computed fingerprint in PKT_public_key.
- + commit 60f384592144de53c9a5f5e11d7f73ce863aa94f
- * g10/packet.h (PKT_public_key): Add fields fpr and fprlen.
- * g10/keyid.c (do_fingerprint_md): Remove.
- (compute_fingerprint): New.
- (keyid_from_pk): Simplify.
- (fingerprint_from_pk): Simplify.
- (hexfingerprint): Avoid using extra array.
-
-2019-04-11 Werner Koch <wk@gnupg.org>
-
- gpg: Accept also armored data from the WKD.
- + commit 1b1f649deaeba963ed7240b27f848004db0b051f
- * g10/keyserver.c (keyserver_import_wkd): Clear NO_ARMOR.
-
- gpg: Set a limit of 5 to the number of keys imported from the WKD.
- + commit 40595b57936e39ee2a4d58b1dd19edea7537a471
- * g10/import.c (import): Limit the number of considered keys to 5.
- (import_one): Return the first fingerprint in case of WKD.
-
-2019-04-11 Andre Heinecke <aheinecke@gnupg.org>
-
- speedo,w32: Install gpg-card.exe.
- + commit b30351496dd3056462c8db25c03fed6d2aa00e9b
- * build-aux/speedo/w32/inst.nsi: Install gpg-card.exe
-
-2019-04-05 Werner Koch <wk@gnupg.org>
-
- gpg: Fix printing of the user id during import.
- + commit ea32842d5c2e2d262d32791130d7eae5c8c3edcf
- * g10/getkey.c (struct keyid_list): Add field fprlen.
- (cache_user_id): Set and test it.
- (get_user_id_byfpr): Make static, add arg fprlen and use it.
- (get_user_id_byfpr_native): Add arg fprlen and change all callers.
-
-2019-04-04 Werner Koch <wk@gnupg.org>
-
- scd:piv: Fix RSA decryption.
- + commit 958172cc3acb7172bc5e1fa76efafe26695ed402
- * scd/app-piv.c (do_decipher): Fixup leading zero byte.
-
-2019-04-04 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Better handling of timeout and time extension.
- + commit f1cf799a37f320d33cae445c74f3fc1936dd9995
- * scd/ccid-driver.c (CCID_CMD_TIMEOUT_LONGER): Remove.
- (ccid_transceive): Don't use x4 blindly for bBWI, but use dynamically
- determined value. Use value from variable wait_more for bulk_in.
- Set wait_more by the value of time extension request.
-
-2019-04-03 Werner Koch <wk@gnupg.org>
-
- gpg: Improve the code to decrypt using PIV cards.
- + commit 2c9b68f28de1ce9a6a18d091caba01ddd4707774
- * g10/call-agent.c (agent_scd_keypairinfo): Add arg 'keyref'.
- * g10/keygen.c (ask_algo): Adjust.
- * g10/skclist.c (enum_secret_keys): Request the keyref directly.
-
- scd: New options --info and --info-only for READKEY.
- + commit 679b8f1c045476bd6e0a1f1565379263143994ee
- * scd/command.c (cmd_readkey): New options --info and --info-only.
- * scd/app.c (app_readkey): New arg 'flags'.
- * scd/app-common.h (APP_READKEY_FLAG_INFO): New.
- (struct app_ctx_s): New args 'ctrl' and 'flags' for member readkey.
- Change all implementers.
- * scd/app-nks.c (do_readkey): Stub implementation of
- APP_READKEY_FLAG_INFO.
- * scd/app-openpgp.c (do_readkey): Implement APP_READKEY_FLAG_INFO.
- * scd/app-piv.c (do_readkey): Ditto.
-
- gpg: Allow decryption using PIV cards.
- + commit ec6a6779236a89d4784a6bb7de0def9cc0f9e8a4
- * g10/call-agent.c (struct getattr_one_parm_s): New.
- (getattr_one_status_cb): New.
- (agent_scd_getattr_one): New.
- * g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
- pkcs#1.
- * g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards.
-
- scd: New standard attributes $ENCRKEYID and $SIGNKEYID.
- + commit 2b1135cf920cf3d863813d60f032d476dcccfb58
- * g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
- * sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
- * scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
- "$SIGNKEYID".
- * scd/app-piv.c (do_getattr): Ditto.
-
- gpg: Avoid endless loop if a card's serial number can't be read.
- + commit 1f688e0d1dba4dd7a311d416d06d654ed7b4290d
- * g10/skclist.c (enum_secret_keys): Move list forward on error.
-
- card: Allow card selection with LIST.
- + commit bcca3acb87c36213fef9311236ea949d006f759c
- * tools/card-call-scd.c (start_agent): Request serialno only whean
- started.
- (scd_serialno): Allow NULL for r_serialno.
- * tools/gpg-card.c (cmd_factoryreset): Use changed scd_serialno.
- (cmd_list): New.
- (dispatch_command): Use cmd_list for cmdLIST.
- (interactive_loop): Ditto.
-
- gpg: Print modern style key info for non-decryptable keys.
- + commit 2d3392c147a24e49ee4658d4a50fafd68599fba3
- * g10/mainproc.c (print_pkenc_list): Simplify.
-
-2019-04-02 Werner Koch <wk@gnupg.org>
-
- gpg: Allow direct key generation from card with --full-gen-key.
- + commit a480182f9d7ec316648cb64248f7a0cc8f681bc3
- * g10/call-agent.c (agent_scd_readkey): New.
- * g10/keygen.c (ask_key_flags): Factor code out to ..
- (ask_key_flags_with_mask): new.
- (ask_algo): New mode 14.
-
- common: Extend function pubkey_algo_string.
- + commit f952226043824cbbeb8517126b5266926121c4e8
- * common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.
- * tools/gpg-card.c (list_one_kinfo): Ditto.
-
- dirmngr: Improve domaininfo cache update algorithm.
- + commit e100ace7f8a729bbe30d9f4ed157a7a229a04eb0
- * dirmngr/domaininfo.c (struct domaininfo_s): Add field keepmark.
- (insert_or_update): Implement new update algorithm.
-
-2019-04-01 Werner Koch <wk@gnupg.org>
-
- sm: Show the usage flags when generating a key from a card.
- + commit 9ed1aa56c4bbf44e00b731d6807ada9e95c91bd7
- * g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
- flags.
- * sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
-
- gpg: Prepare card code to allow other than OpenPGP cards.
- + commit e47524c34a2a9f53c2507f67a0b41b460cee78b7
- * g10/call-agent.c (start_agent): Use card app auto selection.
- * g10/card-util.c (current_card_status): Print the Application type.
- (card_status): Put empty line between card listings.
-
- gpg: New card function agent_scd_keypairinfo.
- + commit 0fad61de159acf39e38a04f28f162f0beb0e77d6
- * g10/call-agent.c (scd_keypairinfo_status_cb)
- (agent_scd_keypairinfo): New. Taken from gpgsm.
-
- gpg: Remove two unused card related functions.
- + commit 334b16b868e771b983263ed20c200869e7e51198
- * g10/call-agent.c (inq_writekey_parms): Remove.
- (agent_scd_writekey): Remove.
- (agent_clear_pin_cache): Remove this stub.
-
- gpg: Remove unused arg in a card related function.
- + commit 3a4534d82682f69788da3cf4a445e38fbaf6b98e
- * g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
-
-2019-03-29 Werner Koch <wk@gnupg.org>
-
- dirmngr: Better for error code for http status 413.
- + commit 21b674097442a54ae889a90d708639b257ba43db
- * dirmngr/ks-engine-hkp.c (send_request): New case for 413.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/ocsp.c (do_ocsp_request): Ditto.
-
-2019-03-28 Werner Koch <wk@gnupg.org>
-
- scd: New option --application-priority.
- + commit 97feef8ee94a5e1cb9daba82f108eb62122c7910
- * scd/scdaemon.c (oApplicationPriority): New.
- (opts): Add "application_priority".
- (main): Process option.
- * scd/app.c (app_update_priority_list): New.
- (get_supported_applications): Take apps from global list.
-
- * tools/gpgconf-comp.c (gc_options_scdaemon): Add option.
-
- card: For passwd add a PIV menu and make the OpenPGP menu optional.
- + commit 80c069b5e1ad6fbd547de59f332eb3fabb68c572
- * tools/gpg-card.c (get_selection): New.
- (cmd_passwd): Reworked.
-
- card: Allow "yubikey disable" only for Yubikey-5 and later.
- + commit 2f761251c5730a9ad113fa58466addc9c2372da8
- * tools/card-yubikey.c (yubikey_commands): Add new arg INFO and test
- for Yubikey-5.
- * tools/gpg-card.c (cmd_yubikey): Pass info to yubikey_commands.
-
-2019-03-27 Werner Koch <wk@gnupg.org>
-
- scd: Support reading the Yubikey 4 firmware version.
- + commit 5a3055eb722e61126748e83564e1bba42807d722
- * scd/app.c (app_new_register): Detect yk4 version numbers.
-
-2019-03-27 Trevor Bentley <trevor@yubico.com>
-
- gpg: Don't use EdDSA algo ID for ECDSA curves.
- + commit 4324560b2c0bb76a1769535c383424a042e505ae
- * g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
- an EdDSA curve.
-
-2019-03-26 Werner Koch <wk@gnupg.org>
-
- sm: Allow decryption even if expired other keys are configured.
- + commit aa58d2a49b3d416d9d6a0691a89f2bc8bc8649ad
- * sm/gpgsm.c (main): Add special handling for bad keys in decrypt
- mode.
-
- agent: Allow other ssh fingerprint algos in KEYINFO.
- + commit 3c7a1f3aea7f6e8137a93ef2166ff329688f5445
- * agent/command.c (cmd_keyinfo): Allow for --ssh-fpr=ALGO. Default to
- the standard algo.
-
-2019-03-25 Werner Koch <wk@gnupg.org>
-
- wkd: New command --print-wkd-url for gpg-wks-client.
- + commit 70c97a862aa586c314a64190d1e489a272e552ea
- * tools/gpg-wks-client.c (aPrintWKDURL): New.
- (opts): Add option.
- (main): Implement.
- * tools/wks-util.c (wks_cmd_print_wkd_url): New.
-
-2019-03-25 Andre Heinecke <aheinecke@gnupg.org>
-
- sm, w32: Translate logger and status fd to handles.
- + commit e4e0804ed123516fa00f8a876a862b2c6d34ba5c
- * sm/gpgsm.c (main): Call translate_sys2libc_fd_int to
- convert the FDs.
-
-2019-03-25 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Don't use _[A-Z] which are reserved names.
- + commit 8d1b5982138c104f3c50663738892fa110193059
- * dirmngr/dns.c: Use the identifiers of "*_instance" instead of
- reserved "_[A-Z]".
-
-2019-03-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: fix formatting error.
- + commit b30528f48780c9917ec8ba3b3d163fba5c740d92
-
-
-2019-03-22 Werner Koch <wk@gnupg.org>
-
- wkd: New command --print-wkd-hash for gpg-wks-client.
- + commit e847cf1df7aa55ac2af7efd39ca05882258acbfe
- * tools/gpg-wks-client.c (aPrintWKDHash): New.
- (opts) : Add "--print-wkd-hash".
- (main): Implement that command.
- (proc_userid_from_stdin): New.
- * tools/wks-util.c (wks_fname_from_userid): Add option HASH_ONLY.
- (wks_cmd_print_wkd_hash): New.
-
- scd: Refactor the app selection code.
- + commit 393269948c883afb770bb536f03045254d13b911
- * scd/app.c (app_priority_list): New.
-
-2019-03-18 Andre Heinecke <aheinecke@gnupg.org>
-
- speedo: Fix installer build with NSIS-3.
- + commit b98799ce964df1743478dc3d0cc503f51c4b6733
- * build-aux/speedo.mk: Add charset for nsis 3.
-
-2019-03-18 Werner Koch <wk@gnupg.org>
-
- gpg: Allow import of PGP desktop exported secret keys.
- + commit 5205512fc092c53c0a52c8379ef2a129ce6e58a9
- * g10/import.c (NODE_TRANSFER_SECKEY): New.
- (import): Add attic kludge.
- (transfer_secret_keys): Add arg only_marked.
- (resync_sec_with_pub_keyblock): Return removed seckeys via new arg
- r_removedsecs.
- (import_secret_one): New arg r_secattic. Change to take ownership of
- arg keyblock. Implement extra secret key import logic. Factor some
- code out to ...
- (do_transfer): New.
- (import_matching_seckeys): New.
-
-2019-03-15 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid importing secret keys if the keyblock is not valid.
- + commit f799e9728bcadb3d4148a47848c78c5647860ea4
- * g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
- new field TAG.
- * g10/kbnode.c (alloc_node): Change accordingly.
- * g10/import.c (import_one): Add arg r_valid.
- (sec_to_pub_keyblock): Set tags.
- (resync_sec_with_pub_keyblock): New.
- (import_secret_one): Change return code to gpg_error_t. Return an
- error code if sec_to_pub_keyblock failed. Resync secret keyblock.
-
- gpg: During secret key import print "sec" instead of "pub".
- + commit f64477db86568bdc28c313bfeb8b95d8edf05a3c
- * g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove
- useless code for "sub" and "ssb".
- * g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do
- not print the first keyinfo in FROM_SK mode.
- printing.
-
- gpg: Simplify an interactive import status line.
- + commit f06b6fe47f56a15ac426665c3d9661d4b104696f
- * g10/cpr.c (write_status_printf): Escape CR and LF.
- * g10/import.c (print_import_check): Simplify by using
- write_status_printf and hexfingerprint.
-
- gpg: Fix recently introduced use after free.
- + commit 3e1f3df6183b2ed2cadf2af2383063891e2c53bd
- * g10/mainproc.c (proc_plaintext): Do not use freed memory.
-
-2019-03-14 Werner Koch <wk@gnupg.org>
-
- kbx: Unify the fingerprint search modes.
- + commit bdda31a26bc69b6ee72e964510db113645de76ef
- * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
- (KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
- all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
-
- gpg: Make rfc4880bis the default.
- + commit caf4b3fc16e97eb175c46f45f5770d02becb862d
- * g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
- rfc4880bis features.
- (main): Change rfc4880bis warning to a note.
-
- gpg: Implement v5 keys and v5 signatures.
- + commit 01c87d4ce23bc9fc44ec5301c2c6bf2ce615c375
- * g10/build-packet.c (gpg_mpi_write): New optional arg
- R_NWRITTEN. Allow NULL for OUT. Change all callers.
- (do_key): Support v5 keys.
- (build_sig_subpkt_from_sig): Support 32 byte fingerprints.
- * g10/parse-packet.c (parse_signature): First try to set the keyid
- from the issuer fingerprint.
- (parse_key): Support v5 keys.
- (create_gpg_control): Better make sure to always allocate the static
- size of the struct in case future compilers print warnings.
- * g10/keyid.c (hash_public_key): Add v5 support.
- (keyid_from_pk): Ditto.
- (keyid_from_fingerprint): Ditto.
- (fingerprint_from_pk): Ditto.
- * g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
- (pVERSION, pSUBVERSION): New.
- (add_feature_v5): New.
- (keygen_upd_std_prefs): Call it.
- (do_create_from_keygrip): Add arg keygen_flags and support the v5
- flag.
- (common_gen): Support the v5 flag.
- (parse_key_parameter_part): New flags v4 and v5.
- (parse_key_parameter_string): Add args for version and subversion.
- (read_parameter_file): New keywords "Key-Version" and
- "Subkey-Version".
- (quickgen_set_para): Add arg 'version'.
- (quick_generate_keypair, generate_keypair): Support version parms.
- (do_generate_keypair): Support v5 key flag.
- (generate_subkeypair): Ditto.
- (generate_card_subkeypair): Preparse for keyflags.
- (gen_card_key): Ditto.
- * g10/sig-check.c (check_signature2): Add args extrahash and
- extrahashlen.
- (check_signature_end): Ditto.
- (check_signature_end_simple): Ditto. Use them.
- * g10/mainproc.c (proc_plaintext): Put extra hash infor into the
- control packet.
- (do_check_sig): Add args extrahas and extrahashlen and pass them on.
- (issuer_fpr_raw): Support 32 byte fingerprint.
- (check_sig_and_print): get extra hash data and pass it on.
-
- kbx: Add support for 32 byte fingerprints.
- + commit f40e9d6a528521d12795e1a6cc15c849b216be92
- * common/userids.c (classify_user_id): Support 32 byte fingerprints.
- * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
- (struct keydb_search_desc): Add field fprlen.
- * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
- version and increase size of fpr to 32.
- * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
- (struct keyboxblob_key): Add field fprlen and increase size of fpr.
- (pgp_create_key_part_single): Allow larger fingerprints.
- (create_blob_header): Implement blob version 2 and add arg want_fpr32.
- (_keybox_create_openpgp_blob): Detect the need for blob version 2.
- * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
- fingerprints.
- (blob_cmp_fpr): Ditto.
- (blob_cmp_fpr_part): Ditto.
- (has_fingerprint): Add arg fprlen and pass on.
- (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
- changed has_fingerprint.
- * kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
- * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.
-
- * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
- * g10/export.c (exact_subkey_match_p): Ditto.
- * g10/gpg.c (main): Ditto.
- * g10/getkey.c (get_pubkey_byfprint): Adjust for changed
- KEYDB_SEARCH_MODE_FPR.
- * g10/keydb.c (keydb_search_desc_dump): Support
- KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
- (keydb_search): Add new arg fprlen and change all callers.
- * g10/keyedit.c (find_by_primary_fpr): Ditto.
- * g10/keyid.c (keystr_from_desc): Ditto.
- * g10/keyring.c (keyring_search): Ditto.
- * g10/keyserver.c (print_keyrec): Ditto.
- (parse_keyrec): Ditto.
- (keyserver_export): Ditto.
- (keyserver_retrieval_screener): Ditto.
- (keyserver_import): Ditto.
- (keyserver_import_fprint): Ditto.
- (keyidlist): Ditto.
- (keyserver_get_chunk): Ditto.
-
- * g10/keydb.c (keydb_search): Add new arg fprlen and change all
- callers.
-
- * sm/keydb.c (keydb_search_fpr): Adjust for changed
- KEYDB_SEARCH_MODE_FPR.
-
- gpg: Implemented latest rfc4880bis version 5 packet hashing.
- + commit a21ca3a1eff4722dea778cca4abe14a873ccebdf
- * configure.ac (AC_CHECK_SIZEOF): Test size_t.
- * g10/sig-check.c (check_signature_end_simple): Support v5 signatures
- as per current rfc4880bis. For correctness also allow for N > 2^32.
- * g10/sign.c (pt_extra_hash_data_t): New.
- (hash_sigversion_to_magic): New arg EXTRAHASH.
- (write_plaintext_packet): New arg R_EXTRAHASH.
- (write_signature_packets): Pass EXTRAHASH.
- (sign_file): Ditto.
- (sign_symencrypt_file): Ditto.
-
-2019-03-14 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix the previous commit.
- + commit f199b627ce512c8495af5c9bd1c81127ccde3ca0
- * g10/ecdh.c (kek_params_table): Revert the change.
- * scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
- for 384-bit key.
-
-2019-03-13 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix symmetric cipher algo constant for ECDH.
- + commit af3efd149f555d36a455cb2ea311ff81caf5124c
- * g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
- ECC strength 384, according to RFC-6637.
-
-2019-03-11 Werner Koch <wk@gnupg.org>
-
- dirmngr: Avoid testing for Tor with --gpgconf-list.
- + commit 9f37e93dd741a5436ff412955628806ae84725ca
- * dirmngr/dirmngr.c (post_option_parsing): Do not call set_tor_mode.
- (dirmngr_sighup_action): Call it here.
- (main): Call it here unless in --gpgconf-list mode.
-
-2019-03-07 Werner Koch <wk@gnupg.org>
-
- common: Minor rework of tty_get.
- + commit b7de105e0a836bd4d7bd558f8e699d88ab0cafec
- * common/ttyio.c (do_get): Re-indent and remove the checking for char
- values larger than 0xa0. Use explicy control character checking.
-
- dirmngr: Add CSRF protection exception for protonmail.
- + commit 134c3c16523b1a267ebdd2df6339240fd9e1e3b3
- * dirmngr/http.c (same_host_p): Add exception table.
-
-2019-03-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpgv: Improve documentation for keyring choices.
- + commit 096c2aa705f85289ff8b610da1dd9181e4c904fd
- * doc/gpgv.texi: Improve documentation for keyring choices
-
-2019-03-06 Werner Koch <wk@gnupg.org>
-
- gpgtar: Make option -C work for archive creation.
- + commit b3a7a5140784b5a015107b5c5c73b15ae44e71dc
- * tools/gpgtar-create.c (gpgtar_create): Switch to the -C directory.
-
- agent: Re-introduce --enable-extended-key-format.
- + commit 91ae3e7fb66271691f6fe507262a62fc7e2663a3
- * agent/gpg-agent.c (oEnableExtendedKeyFormat): Re-introduce.
- (parse_rereadable_options): Handle it in a special way.
- * agent/protect.c (agent_protect): Be safe and set use_ocb only to 1
- or 0.
- * tools/gpgconf-comp.c: Add --enable-extended-key-format again.
-
- gpgtar: Improve error messages.
- + commit 72feb8fa8280aba674573a1afc955a92e8065242
- * tools/gpgtar.h (struct tarinfo_s): New.
- * tools/gpgtar.c (cmd, skip_crypto, files_from, null_names): Move
- global vars more to the top.
- (set_cmd): Rename 'cmd' to 'c'.
- * tools/gpgtar-list.c (parse_header): Add arg 'info' and improve error
- messages.
- (read_header): Add arg 'info' and update counter.
- (skip_data): Ditto.
- (gpgtar_list): Pass info object to read functions.
- (gpgtar_read_header): Add arg 'info'.
- * tools/gpgtar-extract.c (gpgtar_extract): add arg 'info' and pass on.
- (extract_regular): Add arg 'info' and update counter.
-
- agent: Default to extended key format.
- + commit 05eff1f6623c272fcabd4e238842afc832710324
- * agent/gpg-agent.c (oDisableExtendedKeyFormat, oNoop): New.
- (oEnableExtendedKeyFormat): Remove.
- (opts): Make --enable-extended-key-format a dummy option. Add
- disable-extended-key-format.
- (parse_rereadable_options): Implement oDisableExtendedKeyFormat.
-
- card: Allow PEM encoded certificates in "writecert".
- + commit 4e1f04a4cd30859507218395e630e886801ae2b7
- * tools/gpg-card.c (cmd_writecert): Convert from base64.
-
- card: Print the keyref also for non-initialized slots.
- + commit 772bba34ea089b3a00f0b1ea5138ba7422c95180
- * tools/gpg-card.c (list_one_kinfo): Add arg label_keyref and change
- callers.
-
-2019-03-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix detection of exit of scdaemon.
- + commit 2abad7585a004586e27ead6ab8c9c57ce5ed1326
- * agent/call-scd.c (start_scd): Acquire START_SCD_LOCK for
- SCD_LOCAL_LIST. Move common case code to fast path.
- Release START_SCD_LOCK before calling unlock_scd.
- When new CTX is allocated, clear INVALID flag.
- (agent_reset_scd): Serialize the access to SCD_LOCAL_LIST by
- START_SCD_LOCK.
-
-2019-03-05 Werner Koch <wk@gnupg.org>
-
- card: Print card version. Check for bad Yubikeys.
- + commit 8d4af54ddd039d47e9c4803559193fcca97f0a46
- * scd/app.c (app_new_register): Set card version for Yubikeys.
- (app_write_learn_status): Print CARDVERSION and APPVERSION.
- * tools/card-call-scd.c (learn_status_cb): Detect them.
- * tools/gpg-card.h (struct card_info_s): Add appversion and
- cardversion.
- * tools/gpg-card.c (list_openpgp): Remove version printing from serial
- number.
- (print_a_version): New.
- (list_card): Print card and app version.
- (cmd_generate): Do not allow broken Yubikeys.
-
- scd: Rename a shared info field name.
- + commit 64caa6a08298119b10dc36ddd27b357cb47825b5
- * scd/app-piv.c (app_select_piv):
- * scd/app-common.h (struct app_ctx_s): Rename 'card_version' to
- 'cardversion'. Rename all users. Add 'appversion'.
-
- scd:piv: Implement import of private keys for Yubikeys.
- + commit e897e1e255ef9870dfd1639d6f4e97bdf4e83b34
- * scd/app-piv.c (concat_tlv_list): Add arg 'secure' and adjust
- callers.
- (writekey_rsa, writekey_ecc): New.
- (do_writekey): New.
- (do_writecert): Provide a better error message for an empty cert.
- (app_select_piv): Register do_writekey.
- * scd/iso7816.c (iso7816_send_apdu): New.
- * scd/app-common.h (APP_WRITEKEY_FLAG_FORCE): New.
- * agent/command.c (cmd_keytocard): Make the timestamp optional.
- * tools/card-call-scd.c (inq_writekey_parms): Remove.
- (scd_writekey): Rewrite.
- * tools/gpg-card.c (cmd_writekey): New.
- (enum cmdids): Add cmdWRITEKEY.
- (dispatch_command, interactive_loop): Call cmd_writekey.
-
- gpg: Make invalid primary key algos obvious in key listings.
- + commit db87132b10664718b7db6ec1dad584b54d1fb265
- * g10/keylist.c (print_key_line): Print a warning for invalid algos.
-
- agent: Minor change to the KEYTOCARD command.
- + commit bcc89a6df24c79690436340f65c7ab13c65c2c45
- * agent/command.c (cmd_keytocard): Make timestamp optional. Use
- modern parser function.
- * agent/call-scd.c (agent_card_writekey): Rename an arg and for
- clarity return gpg_error_t instead of int.
- * agent/divert-scd.c (divert_writekey): Ditto.
-
-2019-03-01 Werner Koch <wk@gnupg.org>
-
- sm: Print Yubikey attestation extensions with --dump-cert.
- + commit 86c241a8c9a952ea8007066b70b04f435e2e483e
- * sm/keylist.c (oidtranstbl): Add Yubikey OIDs.
- (OID_FLAG_HEX): New.
- (print_hex_extn): New.
- (list_cert_raw): Make use of that flag.
-
- scd:piv: Add feature to read Yubikey attestation certificates.
- + commit 51df13d9ec8e89c4236e2f4a9ae3647963c30783
- * scd/app-piv.c (do_readcert): Add hack to read Yubikey attestaions.
-
- scd:piv: Allow writecert to only write matching certs.
- + commit 696d4c290dd4945b693263721f606b5049b9569d
- * scd/app-piv.c (do_readkey): Read the key from the cert here instead
- of letting the upper layer do this.
- (do_writecert): Check that the cert matches the key and that a key has
- already been generated.
-
- card: Remove the "admin" command.
- + commit 280baee72dcb0ca54ce99b524bc2125cbc38e0e4
- * tools/gpg-card.c (cmd_passwd): Remove arg allow_admin.
- (enum cmdids): Rename cmdAUTHENTICATE to cmdAUTH and cmdFACTORYRESET
- to cmdFACTRST.
- (cmds): Remove column 'admin_only'.
- (interactive_loop): Remove admin_only stuff.
-
-2019-02-28 Werner Koch <wk@gnupg.org>
-
- sm: Don't mark a cert as de-vs compliant if it leads to SHA-1 sigs.
- + commit 2c75af9f65d15653ed1bc191f1098ae316607041
- * sm/keylist.c (print_compliance_flags): Also check the diges_also.
-
-2019-02-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: PKSIGN should return signature in same format for card.
- + commit 0173b249cfb7f02f94911ec759630d81f312e0bd
- * agent/pksign.c (agent_pksign_do):
-
-2019-02-26 Werner Koch <wk@gnupg.org>
-
- scd: Simplify the app_readkey parameters.
- + commit c2235d994dbb1d7ddba20f89a7c02f4a27b0610c
- * scd/app-help.c (app_help_pubkey_from_cert): New.
- * scd/command.c (cmd_readkey): Refactor to use that new function and
- handle the --advanced flag only here.
- * scd/app.c (app_readkey): Remove parm advanced.
- * scd/app-common.h (struct app_ctx_s): Remove parm advanced from the
- readkey member.
- * scd/app-nks.c (do_readkey): Adjust for removed parm.
- * scd/app-piv.c (do_readkey): Ditto.
- * scd/app-openpgp.c (do_readkey): Ditto.
-
- conf: New option --show-socket.
- + commit ac485b4f253ad6bbd2bc648650b56d60fc82f89d
- * tools/gpgconf-comp.c (gc_component_t): Move this enum to ...
- * tools/gpgconf.h: here.
- * tools/gpgconf.c (oShowSocket): New.
- (opts): Add new option.
- (main): Implement new option.
-
-2019-02-26 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Avoid using compound literals (8).
- + commit 371ae25f8f6f2d1ac030bf984bca479393a5ed43
- * dirmngr/dns.h (dns_quietinit): Remove.
- (dns_hints_i_new): Remove.
-
- libdns: Avoid using compound literals (7).
- + commit d661acd483236d34720a4959fc816d05f89c2cb7
- * dirmngr/dns.h (DNS_OPTS_INIT, dns_opts): Remove.
- * dirmngr/dns-stuff.c (libdns_res_open): Use zero-ed, and initialized
- automatic variable for opts.
- * dirmngr/dns.c (send_query, resolve_query, resolve_addrinfo):
- Likewise.
-
- libdns: Avoid using compound literals (6).
- + commit 6501e59d3685bb58753c9caea729a4b0eca3942a
- * dirmngr/dns.h (dns_rr_i_new): Remove.
- (dns_rr_i_init): Remove unused second argument.
- * dirmngr/dns.c (dns_p_dump, dns_hints_query, print_packet)
- (parse_packet): Use automatic variable for struct dns_rr_i.
- (dns_d_cname): No need to call dns_rr_i_init after memset 0.
- (dns_rr_i_init): Remove unused second argument. Return nothing.
- * dirmngr/dns-stuff.c (resolve_addr_libdns, get_dns_cert_libdns)
- (getsrv_libdns): Follow the change of dns_rr_i_init.
-
- libdns: Avoid using compound literals (5).
- + commit a1ccfe2b37847cce0db2fb94a7365c9fa501eda4
- * dirmngr/dns.h (dns_rr_foreach): Don't use dns_rr_i_new.
- Call dns_rr_grep with NULL.
- * dirmngr/dns.c (dns_rr_grep): Support NULL for error_.
-
- libdns: Avoid using compound literals (4).
- + commit 7313a112f9c7ada61d24285313d2e2d069a672e8
- * dirmngr/dns.h (dns_d_new*): Remove.
- * dirmngr/dns.c (parse_packet): Use dns_d_init with automatic
- variable.
- (parse_domain): Likewise.
-
- libdns: Avoid using compound literals (3).
- + commit 72efb7840258808cd892b90d871ea1cc1c31d7f5
- * dirmngr/dns.h (dns_p_new): Remove.
- * dirmngr/dns.c (dns_hosts_query): Use dns_p_init with automatic
- variable.
- (dns_hints_query, dns_res_glue, parse_packet, query_hosts)
- (send_query, show_hints, echo_port): Likewise.
-
- libdns: Avoid using compound literals (2).
- + commit 455ef62d29a112de05897139716265d07e4c6ae3
- * dirmngr/dns.h (dns_strsection1, dns_strsection3): Remove.
- (dns_strclass1, dns_strclass3): Remove.
- (dns_strtype1, dns_strtype3): Remove.
- (dns_strsection, dns_strclass, dns_strtype): Directly use the
- function.
- * dirmngr/dns.c (dns_strsection): Use automatic variable.
- (dns_strclass, dns_strtype): Likewise.
-
- libdns: Avoid using compound literals.
- + commit 1c405499388fd5bed0968ab5c6c5d1b3373537b9
- * dirmngr/dns.c (dns_inet_pton, dns_so_tcp_keep): Use automatic
- variables.
- (dns_poll, dns_send_nopipe): Likewise, adding const qualifier.
-
-2019-02-25 Werner Koch <wk@gnupg.org>
-
- scd: PIV: Always require a PIN for signing with 9C.
- + commit a481d17432bf7cca19ca71b6aa5ccd9aee2b3baa
- * scd/app-piv.c (verify_chv): Add arg 'force'.
- (do_sign): Use force for 0x9c.
-
- card: Rename gpg-card-tool to gpg-card.
- + commit 28de5c0ea53373c56a4405fe6b08d194682dd1de
- * tools/card-tool-keys.c: Rename to card-keys.c.
- * tools/card-tool-misc.c: Rename to card-misc.c.
- * tools/card-tool-yubikey.c: Rename to card-yubikey.c.
- * tools/card-tool.h: Rename to gpg-card.h.
- * tools/gpg-card-tool-w32info.rc: Rename to gpg-card-w32info.rc
- * doc/card-tool.texi: Rename top gpg-card.texi
-
- agent: Fix for suggested Libgcrypt use.
- + commit a12c3a566e2e4b10bc02976a2819070877ee895c
- * agent/divert-scd.c (divert_pkdecrypt): Skip a flags parameter.
-
-2019-02-25 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgscm: Build well even if NDEBUG defined.
- + commit e140c6d4f581be1a60a34b67b16430452f3987e8
- * gpgscm/scheme.c (gc_reservation_failure): Fix adding ";".
- [!NDEBUG] (scheme_init_custom_alloc): Don't init seserved_lineno.
-
-2019-02-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: internal driver: Submit SET_INTERFACE control transfer.
- + commit 611faf1579a56925994d53eb08e1290a4b3958cf
- * scd/ccid-driver.c (ccid_open_usb_reader): Alway submit SET_INTERFACE
- control transfer.
-
-2019-02-21 Werner Koch <wk@gnupg.org>
-
- sm: Fix certificate creation with key on card.
- + commit c1000c673814e552923cf1361346d7dfeee55608
- * sm/certreqgen.c (create_request): Fix for certmode.
-
- card: Print usage info for each key.
- + commit 7317aeb3f448c98dcfa9c04f49b9a69d81c26776
- * tools/card-call-scd.c (learn_status_cb): Handle extended
- KEYPARIRINFO.
- * tools/card-tool.h (struct key_info_s): Add field 'usage'.
- * tools/gpg-card-tool.c (list_one_kinfo): Show usage flags.
-
- scd: Extend KEYPAIRINFO by key usage info.
- + commit 5e21ef2d556ca65b7869bf16ab465f3511601e1e
- * scd/app-openpgp.c (send_keypair_info): Append usage string.
- * scd/app-piv.c (struct data_object_s): Remove column 'binary'. Add
- column 'usage'.
- (dump_all_do): Adjust for removed 'binary'.
- (send_keypair_and_cert_info): Append usage string.
-
- card: Print the keyref in the listing.
- + commit 3384ba6c1c421cfa674dbd8294dc655d7320534e
- * tools/gpg-card-tool.c (list_one_kinfo): Print the keyref.
-
- scd: Don't let the "undefined" app cause a conflict error.
- + commit 5ecc7a02609dde65096ddb12e0ff8f6bce3b774a
- * scd/app.c (check_conflict): Ignore "undefined".
-
- sm: Prepare algo mapping to handle values > 255.
- + commit d7a54ca461ad75e4fab77a2f1b25986c7637762a
- * sm/misc.c (transform_sigval): Allow for larger values of MDALGO and
- PKALGO.
-
-2019-02-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Clear CHV status on timeout error.
- + commit 2013cb5ee667610de35f8b92c2f979f5caa09d4c
- * scd/app-openpgp.c (clear_chv_status): New.
- (do_change_pin): Use clear_chv_status.
- (do_sign): Call clear_chv_status on GPG_ERR_TIMEOUT.
- (do_auth, do_decipher): Likewise.
-
- scd: Handle ack button timeout as GPG_ERR_TIMEOUT.
- + commit bd15aa34ab8ad10adbb7540a8845b4a2600437b6
- * scd/apdu.h (SW_ACK_TIMEOUT): New.
- * scd/iso7816.c (map_sw): Return GPG_ERR_TIMEOUT for SW_ACK_TIMEOUT.
-
- tests: Add "disable-scdaemon" in gpg-agent.conf.
- + commit 64b7c6fd1945bc206cf56979633dfca8a7494374
- * tests/openpgp/defs.scm: Add "disable-scdaemon". Remove
- "scdaemon-program".
- * tests/gpgme/gpgme-defs.scm, tests/gpgsm/gpgsm-defs.scm: Likewise.
- * tests/inittests, tests/pkits/inittests: Add "disable-scdaemon"
-
-2019-02-19 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Terminate pinentry process gracefully, by watching socket.
- + commit c395f8315362793409be54aca630ce6e903ea984
- * agent/call-pinentry.c (watch_sock): New.
- (do_getpin): Spawn the watching thread.
-
- agent: Minor change for pinentry status handling.
- + commit 99aa54323f97937613e02d8c2da91544e1fe7bcf
- * agent/call-pinentry.c (struct entry_parm_s): Add status.
- (do_getpin): Use param->status.
- (agent_askpin): Copy param->status. to pininfo.
-
- agent: Factor out the getpin interaction.
- + commit ada797f477f923bee36d67c8e49f728ae7adb9e9
- * agent/call-pinentry.c (do_getpin): New.
- (agent_askpin, agent_get_passphrase): Use do_getpin.
-
-2019-02-18 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
-
- sm: Support generation of card-based ed25519 CSR.
- + commit 3cbdf896e6919333b5423001ab58c01a04363386
- * sm/call-agent.c (gpgsm_scd_pksign): Allow SHA512. Create proper
- S-expression for EdDSA signature.
- * sm/certreqgen.c (create_request): Force use of SHA512 when
- using a ed25519 key.
- * sm/misc.c (transform_sigval): Insert OID for ed25519.
-
-2019-02-15 Damien Goutte-Gattat via Gnupg-devel <gnupg-devel@gnupg.org>
-
- sm: Support generation of card-based ECDSA CSR.
- + commit 74e9b579ca273fc07be090bb5fb7800a97b1b452
- * sm/call-agent.c (gpgsm_scd_pksign): Identify type of signing key
- and format resulting S-expression accordingly.
- * sm/misc.c (transform_sigval): Support ECDSA signatures.
-
-2019-02-14 Ingvar Hagelund <ingvar@redpill-linpro.com>
-
- po: Correct a simple typo in the Norwegian translation.
- + commit b89f1790e0b9f3196a2382a9b9ff5f461c58a449
-
-
-2019-02-13 Werner Koch <wk@gnupg.org>
-
- card: New command "yubikey".
- + commit 7e1cd2cd416f852fc039af310e3df1ce395d89a9
- * tools/card-tool-yubikey.c: New.
- * tools/Makefile.am (gpg_card_tool_SOURCES): Add it.
- * tools/card-call-scd.c (scd_apdu): Allow returning data.
- * tools/card-tool-misc.c (send_apdu): New. Move from gpg-card-tool.c
- and let it return data. Change all callers.
-
- * tools/gpg-card-tool.c (cmd_writecert): Prepend the certref with the
- current application type.
- (cmd_yubikey): New.
-
-2019-02-11 Werner Koch <wk@gnupg.org>
-
- scd: Implement decryption for PIV cards.
- + commit 43b14b4cc227311aa77b1fc1d9577c5f7d3eda86
- * scd/app-piv.c (do_decipher): New.
-
- scd: For PIV cards used NO_AUTH instead of BAD_PIN.
- + commit b2838694402ce0cfc2ef70451bf0e6677b875ca9
- * common/util.h (GPG_ERR_NO_AUTH, GPG_ERR_BAD_AUTH): Add replacement
- codes for gpgrt < 1.36.
- * scd/app-piv.c (auth_adm_key):
- (do_genkey, do_writecert): Use better error codes.
-
-2019-02-08 Werner Koch <wk@gnupg.org>
-
- scd: Implement RSA signing for PIV cards.
- + commit 53beea56afecde76f0f4ca93fc50ca59298a093e
- * scd/app-piv.c (concat_tlv_list): New.
- (get_key_algorithm_by_dobj): Rename args for clarity.
- (do_auth): factor all code out to ...
- (do_sign): new. Implement RSA signing.
-
- sm: In --gen-key with "key from card" show also the algorithm.
- + commit 0328976c94adc2c518c7a7763a35319a0000c5e2
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Get and show algo.
-
- common: Provide function to get public key algo names in our format.
- + commit 03bf8e967adb2dd13329ba1089deb419d49e55c0
- * tools/card-tool-misc.c (pubkey_algo_string): Move to ...
- * common/sexputil.c (pubkey_algo_string): here.
-
- card: Make "generate" work for PIV cards.
- + commit a1cb4a940f308ba21ecc002b044efccf0c547784
- * tools/card-call-scd.c (scd_genkey_cb): Make createtime optional.
- (scd_genkey_cb): Ditto. Add arg algo.
- * tools/gpg-card-tool.c (cmd_generate): Add options and factor card
- specific code out to ...
- (generate_openpgp, generate_generic): new functions.
-
- scd: Allow generating ECC curves on PIV cards.
- + commit b349adc5c0d00d2fc405a45bd078f1580b5610cc
- * scd/app-piv.c (genkey_parse_ecc): New.
- (get_keygrip_by_tag): Call that one.
- (do_readkey): Call that one.
- * scd/command.c (cmd_genkey): Add option --algo.
-
- common: New functions get_option_value and ascii_strupr.
- + commit e2f18023b3b3b7e55b35218f65e37448d1011172
- * common/server-help.c (get_option_value): New.
- * common/stringhelp.c (ascii_strupr): New.
-
-2019-02-07 Werner Koch <wk@gnupg.org>
-
- card: Print the used algorithm of all keys.
- + commit b79bc877f2ad4d08e7de377cf4bf616b981b3c5f
- * tools/card-call-scd.c (scd_readkey): New.
- * tools/card-tool-misc.c (pubkey_algo_string): New.
- * tools/gpg-card-tool.c (list_one_kinfo): Print the algo.
-
- card: Fix a NULL-ptr deref in key listings.
- + commit df6ba6dfd235fddb7645bc16573da1a6a7e6b49d
- * tools/card-tool-keys.c (get_matching_keys): Fix segv.
- * tools/gpg-card-tool.c (main): Init info.
-
- scd: Store a new PIV public key in the certificate DO.
- + commit 5bf1212000f48243642ace0f708fd27446879b9e
- * scd/app-piv.c (struct genkey_result_s): Remove type and all users.
- (send_keypair_and_cert_info): Print certinfo only if we got a cert..
- (readcert_by_tag): Add arg r_mechanism and implement reading of public
- keys.
- (get_keygrip_by_tag): Use a public key to compute the keygrip.
- (do_readcert): Make sure to only return a certificate.
- (do_readkey): Read public key from the DO if a certificate is missing.
- (get_key_algorithm_by_dobj): Get the algorithm also from a public key.
- (does_key_exist): String changes.
- (do_genkey): Remove result caching and store public key in the DO.
-
- card: Support reading and writing PIV certificates.
- + commit fcec5b40e589b2ef201efb89f22a952feb4a9069
- * scd/app-piv.c (add_tlv): New.
- (put_data): New.
- (do_writecert): New.
- (do_setattr): Remove usused special mode 0.
- * tools/gpg-card-tool.c (cmd_writecert): Allow other cards than
- OPENPGP.
- (cmd_readcert): Ditto.
-
-2019-02-06 Werner Koch <wk@gnupg.org>
-
- scd: Add genkey command to app-piv (rsa-only)
- + commit b5b1f721582df9d0379cb68b4faeceed32a56e49
- * scd/app-piv.c (struct genkey_result_s): new.
- (struct app_local_s): add member genkey_results.
- (do_deinit): Free that one.
- (flush_cached_data): Extend to delete all items.
- (keyref_from_dobj): New.
- (do_readkey): New.
- (do_auth): Use keyref_from_dobj.
- (does_key_exist): New.
- (genkey_parse_rsa): New.
- (do_genkey): New.
-
- scd: Make app_genkey and supporting ISO function more flexible.
- + commit 9a9cb0257aebb1480b999fdf9d90904083eb8e3c
- * scd/app.c (app_genkey): Add arg keytype.
- * scd/app-common.h (struct app_ctx_s): Fitto for the genkey member.
- * scd/command.c (cmd_genkey): Adjust for change.
- * scd/iso7816.c (do_generate_keypair): Replace arg read_only by new
- args p1 and p2.
- (iso7816_read_public_key): Adjust for this.
- (iso7816_generate_keypair): Add new args p1 and p2.
- * scd/app-openpgp.c (do_genkey): Adjust for changes.
-
- scd: Fix parameter name of app_change_key.
- + commit c26af8ac263ea006ed32e110a09271e4bfbf1f37
- * scd/app-common.h (APP_GENKEY_FLAG_FORCE): New.
- * scd/app.c (app_change_pin): Rename arg reset_mode to flags and
- change from int to unsigned int.
-
- scd: Implement PIN changing and unblocking for PIV cards.
- + commit e9e876cb5572670322aa1d3462d64c75c03974d9
- * scd/app-piv.c: Some refactoring
- (do_change_chv): Implement.
-
-2019-02-05 Werner Koch <wk@gnupg.org>
-
- scd: Allow standard keyref scheme for app-openpgp.
- + commit 3231ecdafd71ac47b734469b07170756979ede72
- * scd/app-openpgp.c (do_change_pin): Allow prefixing the CHVNO with
- "OPENPGP."
- * tools/card-call-scd.c (scd_change_pin): Change API to use strings.
- * tools/gpg-card-tool.c (cmd_passwd): Adjust for change.
- (cmd_unblock): Ditto.
-
-2019-01-31 Werner Koch <wk@gnupg.org>
-
- card: Implement non-interactive mode.
- + commit 1c0fa3e6f74692d5e9b5f08cda523f0fcec305eb
- * tools/card-tool.h (opt): Add field 'initialized'.
- * tools/card-call-scd.c (scd_learn): Set it.
- * tools/gpg-card-tool.c (main): Reworked.
- (dispatch_command): New.
-
- card: New command 'authenticate'.
- + commit da383257404cde9689bc58259ef3f46e9903bf34
- * tools/card-tool-misc.c (hex_to_buffer): New.
- * tools/gpg-card-tool.c (get_data_from_file): Change to allow returning
- a string.
- (cmd_authenticate): New.
- (cmds): Add command "authenticate".
-
- scd: Add DES authentication for PIV card.
- + commit 1d57450f3e71b198e66e155a8ebbfab452f58ffc
- * scd/app-piv.c (flush_cached_data): New.
- (auth_adm_key): New.
- (set_adm_key): New.
- (do_setattr): New.
- * scd/command.c (MAXLEN_SETATTRDATA): New.
- (cmd_setattr): Add an inquire option.
-
-2019-01-30 Werner Koch <wk@gnupg.org>
-
- card: Cache the results from gpg and gpgsm.
- + commit 0107984f9f55f84e4842642bceefd2181ec09dab
- * tools/card-tool-keys.c (keyblock_cache): New var.
- (release_keyblock): Factor code out to a new do_release_keyblock. Add
- a cache.
- (flush_keyblock_cache): New.
- (get_matching_keys): Use the cache.
- * tools/gpg-card-tool.c (cmds): Add command "reset".
- (interactive_loop): Implement reset.
-
- card: Print matching OpenPGP and X.509 data.
- + commit 833f27a6a7e059e38bccaf360f05e72e4403545a
- * tools/card-tool-keys.c: New.
- * tools/Makefile.am (gpg_card_tool_SOURCES): Add file.
- * tools/card-tool.h (struct pubkey_s, pubkey_t): New.
- (struct userid_s, userid_t): New.
- (struct keyblock_s, keyblock_t): New.
- * common/util.h (GNUPG_PROTOCOL_): New const
- * tools/gpg-card-tool.c (aTest): Add temporary command.
- (list_one_kinfo): Print info from gpg and gpgsm.
-
- gpg: Emit an ERROR status if no key was found with --list-keys.
- + commit 140fda8c61422ec055c3f7e214cc35706c4320dd
- * g10/keylist.c (list_one): Emit status line.
-
- common: Add kludge to allow silencing gnupg_exec_tool_stream.
- + commit 1fd3d864b4eceaf45b33e754e5d832b7ccc0d17f
- * common/exectool.c (read_and_log_buffer_t): Take care of a --quiet
- argument.
- (gnupg_exec_tool_stream): Ditto.
-
- gpg: Allow generating Ed25519 key from an existing key.
- + commit 346a98fabe03adf2e202e36fc2aa24b1c2571154
- * g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
-
- common: New function decode_c_string.
- + commit 6ecedd0b25b6b1a33be63b99f2a8256370000521
- * common/miscellaneous.c (decode_c_string): New.
-
-2019-01-29 Werner Koch <wk@gnupg.org>
-
- gpg: Implement searching keys via keygrip.
- + commit c128667b3cba749dd14262e032d4c260a2b0acd3
- * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field grip.
- * kbx/keybox-openpgp.c (struct keyparm_s): New.
- (keygrip_from_keyparm): New.
- (parse_key): Compute keygrip.
- * kbx/keybox-search.c (blob_openpgp_has_grip): New.
- (has_keygrip): Call it.
-
- common: Provide some convenient OpenPGP related constants.
- + commit f382984966a31a4cbe572bce5370590c5490ed1e
- * common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
- (OPENPGP_MAX_NSKEY): New.
- (OPENPGP_MAX_NSIG): New.
- (OPENPGP_MAX_NENC): New.
- * g10/packet.h: Define PUBKEY_MAX using the new consts.
-
- common: New helper functions for OpenPGP curve OIDs.
- + commit 4a1558d0c7190cf13d35385e47291a7aa121be3e
- * common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
- to ...
- (openpgp_oidbuf_to_str): new.
- (openpgp_oidbuf_is_ed25519): New.
- (openpgp_oidbuf_is_cv25519): New.
-
- card: Support factory reset for Yubikey PIV application.
- + commit 79bed504e51034d960fcb858fb643901cad85913
- * scd/app-common.h (struct app_ctx_s): Add field cardtype.
- * scd/app.c (app_new_register): Set cardtype for yubikey.
- (app_getattr): Add CARDTYPE.
- (app_write_learn_status): Emit new attribute.
- * scd/app-piv.c (do_getattr): Add CHV-USAGE.
- (do_learn_status): Emit it.
- * tools/card-tool.h (struct card_info_s): Add field cardtype.
- * tools/card-call-scd.c (learn_status_cb): Parse "CARDTYPE".
-
- * tools/gpg-card-tool.c (list_piv): Print PIN usage policy.
- (list_card): Print card type.
- (cmd_factoryreset): Implement for Yubikey with PIV.
-
- card: Print keyinfo for PIV cards.
- + commit 9325c92284bb346d11c3591bb2ea88095989361a
- * scd/app-piv.c (do_learn_status): Print CHV-STATUS.
- * tools/card-tool.h (struct card_info_s): Rename chvretry to chvinfo.
- * tools/card-call-scd.c (learn_status_cb): Depend CHV-STATUS on app
- type.
- * tools/gpg-card-tool.c (list_piv): New.
-
- card: Make printing of key information more flexible.
- + commit 237880175f59d372011cd2e20bb49726eeccf058
- * tools/card-tool-misc.c: New.
- * tools/card-tool.h: Rewored data structures for key infos.
- * tools/gpg-card-tool.c: Ditto.
- * tools/card-call-scd.c: Ditto.
-
-2019-01-28 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Clear bogus pinentry cache, when it causes an error.
- + commit 02a2633a7f0b7d91aa48ea615fb3a0edfd6ed6bb
- * agent/agent.h (PINENTRY_STATUS_*): Expose to public.
- (struct pin_entry_info_s): Add status.
- * agent/call-pinentry.c (agent_askpin): Clearing the ->status
- before the loop, let the assuan_transact set ->status. When
- failure with PINENTRY_STATUS_PASSWORD_FROM_CACHE, it returns
- soon.
- * agent/findkey.c (unprotect): Clear the pinentry cache,
- when it causes an error.
-
-2019-01-27 Werner Koch <wk@gnupg.org>
-
- card: Implement the bulk of OpenPGP stuff into gpg-card-tool.
- + commit 1c9251004592415b27988064ae20504dd1c37f57
- * tools/card-call-scd.c: New.
- * tools/card-tool.h: new.
- * tools/gpg-card-tool.c: Largely extended.
-
-2019-01-26 Werner Koch <wk@gnupg.org>
-
- gpg: Fix just changed agent_get_s2k_count.
- + commit 54f88afba4564e62e51fe6e22beabbdee75f91ac
- * g10/call-agent.c (agent_get_s2k_count): Actually return the count.
-
- gpg: Move S2K encoding function to a shared file.
- + commit ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1
- * g10/passphrase.c (encode_s2k_iterations): Move function to ...
- * common/openpgp-s2k.c: new file. Remove default intialization code.
- * common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
- * g10/call-agent.c (agent_get_s2k_count): Change to return the count
- and print an error.
- * agent/protect.c: Include openpgpdefs.h
- * g10/card-util.c (gen_kdf_data): Adjust for changes
- * g10/gpgcompose.c: Include call-agent.h.
- (sk_esk): Adjust for changes.
- * g10/passphrase (passphrase_to_dek): Adjust for changes.
- * g10/main.h (S2K_DECODE_COUNT): Remove macro.
-
-2019-01-25 Werner Koch <wk@gnupg.org>
-
- scd: Improve app selection for app "undefined".
- + commit 0415b80227c52620bece3ae7502f38f24a23e59d
- * scd/app.c (app_new_register): Don't bail out early in undefined
- mode.
-
- scd: Fix flushing of CA-FPR data objects.
- + commit c9f4c1f0de06672c6ae2b793d86cc001d131f9a6
- * scd/app-openpgp.c (do_setattr): Add new table item to flush a
- different tag.
-
-2019-01-25 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support --mode=ssh option for CLEAR_PASSPHRASE.
- + commit ae966bbe9b16ed68a51391afdde615339755e22d
- * agent/command.c (cmd_clear_passphrase): Add support for SSH.
-
- dirmngr: Fix initialization of assuan's nPth hook.
- + commit 1f8817475f59ede3f28f57edc10ba56bbdd08b49
- * dirmngr/dirmngr.c (main): Move assuan_set_system_hooks to...
- (thread_init): ... here.
-
-2019-01-24 Werner Koch <wk@gnupg.org>
-
- common: Extend function percent_data_escape.
- + commit 055f8854d3f49b8d06105d20f344f5ac10e4f6a6
- * common/percent.c (percent_data_escape): Add new args prefix and
- plus_escape.
- * agent/command.c (cmd_put_secret): Adjust for changed function
-
- * common/t-percent.c (test_percent_data_escape): Extend test for the
- prefix.
- (test_percent_data_escape_plus): new test for the plus escaping.
-
-2019-01-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support PASSWD --clear for OpenPGP card.
- + commit fec75a3868da72196f76aca95c7ab07debb7dc04
- * scd/app-openpgp.c (do_change_pin): Implement handling
- APP_CHANGE_FLAG_CLEAR.
-
-2019-01-22 Werner Koch <wk@gnupg.org>
-
- gpg: Stop early when trying to create a primary Elgamal key.
- + commit f97dc55ff1b041071bc3cbe98aa761bf77bb7ac8
- * g10/misc.c (openpgp_pk_test_algo2): Add extra check.
-
- card-tool: Add skeleton for new tool.
- + commit e6d613711a327d63511601dd42aeff34e09ec95a
- * tools/gpg-card-tool.c: New.
- * tools/gpg-card-tool-w32info.rc: New.
- * tools/Makefile.am: Add new tool.
-
- common: Add generic status print function.
- + commit 03cf23b43ec5fea8a355d3ba2200e86a8efc589b
- * common/status.c (gnupg_set_status_fd): New.
- (gnupg_status_printf): New.
- * po/Makevars (XGETTEXT_OPTIONS): Add gnupg-status_printf.
-
-2019-01-21 Werner Koch <wk@gnupg.org>
-
- scd: Support CHV-STATUS and CHECKPIN for PIV.
- + commit fa9d703de5c70ae925e8ca6604073506f24d641a
- * scd/app-piv.c (parse_pin_keyref): New.
- (get_chv_status): New.
- (do_getattr): Add name CHV-STATUS.
- (verify_pin): Add arg keyref to support other PINs.
- (do_change_pin): New. Right now limited to --clear.
- (do_check_pin): New.
- (app_select_piv): Register new commands.
-
- scd: Add option --clear to PASSWD.
- + commit 29929e65521279eabc98a67c766fe485057405a9
- * scd/command.c (cmd_passwd): Add option --clear.
- (send_status_printf): New.
- * scd/app-common.h (APP_CHANGE_FLAG_CLEAR): New.
- * scd/app-nks.c (do_change_pin): Return an error if that option is
- used.
- * scd/app-openpgp.c (do_change_pin): Ditto.
-
-2019-01-20 Werner Koch <wk@gnupg.org>
-
- scd: Add very basic support for PIV cards.
- + commit ec56996029d95d4bd26e1badfe207232270c6247
- * scd/app-piv.c: New.
- * scd/Makefile.am (card_apps): Add app-piv.c
- * scd/app.c (app_new_register): Try to get a Yubikey serial number.
- Detect the PIV application.
- (get_supported_applications): Add "piv".
-
- scd: One new and one improved 7816 function.
- + commit 70bb5c7931598590b1acfae90bf4657f5911d2d3
- * scd/apdu.c (apdu_send_direct): New arg R_SW.
- * scd/command.c (cmd_apdu): Ditto.
- * scd/iso7816.c (iso7816_apdu_direct): New arg R_SW.
- (iso7816_general_authenticate): New.
- * scd/app-nks.c (get_chv_status, get_nks_version): Pass NULL for new
- arg.
-
-2019-01-17 Werner Koch <wk@gnupg.org>
-
- ssh: Simplify the curve name lookup.
- + commit d93797c8a7892fe26672c551017468e9f8099ef6
- * agent/command-ssh.c (struct ssh_key_type_spec): Add field
- alt_curve_name.
- (ssh_key_types): Add some alternate curve names.
- (ssh_identifier_from_curve_name): Lookup also bey alternative names
- and return the canonical name.
- (ssh_key_to_blob): Simplify the ECDSA case by using gcry_pk_get_curve
- instead of the explicit mapping.
- (ssh_receive_key): Likewise. Use ssh_identifier_from_curve_name to
- validate the curve name. Remove the reverse mapping because since
- GnuPG-2.2 Libgcrypt 1.7 is required.
- (ssh_handler_request_identities): Log an error message.
-
-2019-01-16 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Report STATUS_NO_SECKEY when it is examined.
- + commit dafffa95b2317bcb80fff1fd6d2bc7b4e6b1e206
- * g10/packet.h (struct pubkey_enc_list): Add result.
- * g10/mainproc.c (proc_pubkey_enc): Initialize ->result.
- (proc_encrypted): Report STATUS_NO_SECKEY status.
- * g10/pubkey-enc.c (get_session_key): Set ->result.
-
-2019-01-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for USB INTERRUPT transfer.
- + commit 5ab3bc422a5cc1a646c168b547f2b6538b3a4ffa
- * scd/ccid-driver.c (intr_cb): When LIBUSB_TRANSFER_NO_DEVICE,
- just handle this event as failure.
-
-2019-01-03 Werner Koch <wk@gnupg.org>
-
- scd: Add two variants to the set of ISO7816 functions.
- + commit 405feca2bdeeb620dc406667a702035a123ae848
- * scd/iso7816.c (iso7816_select_application_ext): New.
- (iso7816_get_data_odd): New.
-
- scd: Support "READKEY --advanced" for all cards.
- + commit cca2b87e79cda212a33c13efdd2b2830295d2efe
- * scd/command.c (cmd_readkey): Reformat for advanced mode.
-
-2018-12-18 Werner Koch <wk@gnupg.org>
-
- wks: Do not use compression for the encrypted data.
- + commit 70a8db0333e3c22403b3647f8b5f924f6dace719
- * tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
- * tools/gpg-wks-server.c (encrypt_stream): Ditto.
-
-2018-12-18 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix description string.
- + commit e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe
- * scd/app-openpgp.c (data_objects): Capitalize the word for usage.
-
-2018-12-17 Werner Koch <wk@gnupg.org>
-
- Silence a few compiler warnings new with gcc 8.
- + commit 40c307fa8d0e813f2aa57806f25b8b0063cc2be3
- * dirmngr/dns.c: Include gpgrt.h. Silence -Warray-bounds also gcc.
- * tools/gpg-pair-tool.c (command_respond): Init two vars to silence
- gcc.
-
-2018-12-12 NIIBE Yutaka <gniibe@fsij.org>
-
- card: Suppress error message by agent_scd_cardlist.
- + commit ebf775eb16fef27bd1f27319a5483d04dcf95a9a
- * g10/call-agent.c (agent_scd_cardlist): Add
- FLAG_FOR_CARD_SUPPRESS_ERRORS.
-
-2018-12-11 Werner Koch <wk@gnupg.org>
-
- agent: Make the S2K calibration time runtime configurabe.
- + commit cbcc8c19541fe8407f3b6588fce1535c64cf6b25
- * agent/protect.c (s2k_calibration_time): New file global var.
- (calibrate_s2k_count): Use it here.
- (get_calibrated_s2k_count): Replace function static var by ...
- (s2k_calibrated_count): new file global var.
- (set_s2k_calibration_time): New function.
- * agent/gpg-agent.c (oS2KCalibration): New const.
- (opts): New option --s2k-calibration.
- (parse_rereadable_options): Parse that option.
-
- dirmngr: Retry another server from the pool on 502, 503, 504.
- + commit 05ef6282784495a77f4faf76c0de5bc85dfecf06
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
- http_status and handle it.
- (ks_hkp_search): Get http_status froms end_request and pass on to
- handle_send_request_error.
- (ks_hkp_get): Ditto.
- (ks_hkp_put): Ditto.
-
- dirmngr: New function http_status2string.
- + commit dc61f4ecea5c9815cb00aeb25439978337c1fd64
- * dirmngr/http.c (http_status2string): New.
-
- gpg: In search-keys return "Not found" instead of "No Data".
- + commit e7252ae57f3c9da557f23295268f74dd25fee3a1
- * g10/keyserver.c (keyserver_search): Check for NO_DATA.
-
-2018-12-11 Tomi Leppänen <tomi.leppanen@jolla.com>
-
- tools: Use POSIX compatible arguments for find.
- + commit 2c35e67e3475ec38ff49953d79bd0f734d6db542
- * tools/addgnupghome (filelist): Remove bashism.
-
-2018-12-05 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix print_pubkey_info new line output.
- + commit e154fba30ba0d5f29040a33f5c1b5c25b441b69f
- * g10/keylist.c (print_pubkey_info): Reverse the condition.
-
-2018-12-04 Werner Koch <wk@gnupg.org>
-
- wks: Fix filter expression syntax flaw.
- + commit 0c36ec241d285545f286069843de4f663cd274a3
- * tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
- expression needs a space before the value.
- (install_key_from_spec_file): Replace es_getline by es_read_line and
- remove debug output.
-
- gpg: Prepare revocation keys for use with v5 keys.
- + commit c6e2ee020784de63edfa83c76095e086eae49eef
- * g10/packet.h (struct revocation_key): Add field 'fprlen'.
- * g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
- keys. Also fix reading of unitialized data at place where
- MAX_FINGERPRINT_LEN is used.
- * g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
- Do an explicit compare to avoid reading unitialized data.
- * g10/sig-check.c (check_revocation_keys): Use the fprlen.
- * g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
- reading unitialized data.
- * g10/import.c (revocation_present): Use fprlen.
- * g10/keyedit.c (show_key_with_all_names): Use fprlen.
- (menu_addrevoker): Use fprlen. Allow for v5 keys.
- * g10/keygen.c (keygen_add_revkey): Use fprlen.
- (parse_revocation_key): Allow for v5 keys.
- * g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a
- better error message in case of bogus fingerprints.
- * g10/keylist.c (print_revokers): Use fprlen.
-
- wks: Allow reading of --install-key arguments from stdin.
- + commit ba46a359b9d6549b74ec8401ea39bad434d87564
- * tools/wks-util.c (install_key_from_spec_file): New.
- (wks_cmd_install_key): Call it.
- * tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
- * tools/gpg-wks-server.c (main): Ditto.
-
- gpg: New list-option "show-only-fpr-mbox".
- + commit 0e8bf204791ebfd0c9a8e4b49fbadf998ec62e49
- * g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
- * g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
- * g10/keylist.c (list_keyblock_simple): New.
- (list_keyblock): Call it.
- (list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
- mode.
-
- wks: Create sub-directories.
- + commit 73e5b0ec9b9ba5e04e55f8c42d81e23df7c3afe0
- * tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
- if needed.
-
- wks: Add new commands --install-key and --remove-key to the client.
- + commit 602b1909632925d5a2e0778c102d66109795c627
- * tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
- (opts): Add "--install-key", "--remove-key" and "-C".
- (parse_arguments): Parse them.
- (main): Check that the given directory exists. Implement the new
- commands.
-
- wks: Move a few server functions to wks-util.
- + commit 99094c992c20dd22971beb3527cfda109cd1df89
- * tools/gpg-wks-server.c (write_to_file): Move to ...
- * tools/wks-util.c: here.
- * tools/gpg-wks-server.c (compute_hu_fname): Move to ...
- * tools/wks-util.c (wks_compute_hu_fname): here.
- * tools/gpg-wks-server.c (fname_from_userid): Move to ...
- * tools/wks-util.c (wks_fname_from_userid): here.
- * tools/gpg-wks-server.c (command_install_key): Move to ...
- * tools/wks-util.c (wks_cmd_install_key): here and change caller.
- * tools/gpg-wks-server.c (command_remove_key): Move to ...
- * tools/wks-util.c (wks_cmd_remove_key): here and change callers.
-
-2018-12-04 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Remove --with-*-prefix from configure_opts.
- + commit 802b23289cc9b43a56e5032c2681eb21d4014784
- * autogen.rc (configure_opts): Remove --with-*-prefix.
-
-2018-12-01 Jussi Kivilinna <jussi.kivilinna@iki.fi>
-
- g10/mainproc: disable hash contexts when --skip-verify is used.
- + commit 73e74de0e33bbb76300f96a4174024779047df06
- * g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
- opt.skip_verify is set.
-
- common/iobuf: fix memory wiping in iobuf_copy.
- + commit 654e353d9b20f10fa275e7ae10cc50480654f079
- * common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
- first sizeof(char*) bytes.
-
- common/mischelp: use platform memory zeroing function for wipememory.
- + commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c
- * common/mischelp.h (wipememory): Replace macro with function
- prototype.
- (wipememory2): Remove.
- * common/mischelp.c (wipememory): New.
- * configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
-
-2018-11-30 Werner Koch <wk@gnupg.org>
-
- scd: Add strerror to new error message.
- + commit 3a90efb7cf13532cc82b45c11a7abdadfe0c81f1
- * agent/call-scd.c (wait_child_thread): Add %s.
-
- gpg: Improve error message about failed keygrip computation.
- + commit cd64af003d4b6b46b69dbd575f73d53359ae0bcc
- * g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
-
-2018-11-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Serialize opening device by select_application.
- + commit 47106ac435e891ced67f0ad9bb6b2ee12098c880
- * scd/app.c (app_new_register): Don't lock APP_LIST_LOCK here.
- (select_application): Lock with APP_LIST_LOCK earlier.
-
-2018-11-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Better serialization for scdaemon access.
- + commit 483e63f9b5faead819ddd28308902ef43bf298ab
- * agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
- (wait_child_thread): Add log_info for Windows, and fixed log_error
- message.
-
-2018-11-26 Andre Heinecke <aheinecke@intevation.de>
-
- w32: Fix linkage of gpg-pair-tool.
- + commit f12fcd907903742bde3ebb7ffef244c92d6d1611
- * tools/Makefile.am (gpg_pair_tool_LDADD): Add W32SOCKLIBS.
-
-2018-11-26 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Have a thread to wait for the child process of scdaemon.
- + commit 40c7923ea881881a48de8f303b0870ec5910e13d
- * agent/call-scd.c (wait_child_thread): New.
- (start_scd): Create a thread for wait_child_thread.
- (agent_scd_check_aliveness): Remove.
-
- agent: Defer calling assuan_release when it's still in use.
- + commit 9fb3f0f3f79e74166cce8e0781e97043f25890cc
- * agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
- and INVALID flags.
- (unlock_scd): Call assuan_release when CTX is invalid.
- (start_scd): Set IN_USE.
- (agent_scd_check_aliveness): Don't call assuan_release when it's in use.
-
- agent: Clean up SCDaemon management.
- + commit f45d6124696cc92ccdec09841b8182679c377997
- * agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
- (start_scd): Don't assign to the field.
- (agent_scd_check_aliveness): Fix typo in comment.
-
-2018-11-22 Werner Koch <wk@gnupg.org>
-
- dirmngr: Avoid possible CSRF attacks via http redirects.
- + commit fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144
- * dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
- (http_redir_info_t): New.
- * dirmngr/http.c (do_parse_uri): Set new fields.
- (same_host_p): New.
- (http_prepare_redirect): New.
- * dirmngr/t-http-basic.c: New test.
- * dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
- instead of the open code.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
-
-2018-11-16 Werner Koch <wk@gnupg.org>
-
- gpg: Start using OCB mode by default with Libgcrypt 1.9.
- + commit 1e700961ddf4c54ec5a03a697fe00d7eb606fdff
- * g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
-
-2018-11-15 NIIBE Yutaka <gniibe@fsij.org>
-
- card: Display UIF setting.
- + commit e955ca245ea08e68ae2397f1583c8728d72acbd8
- * g10/call-agent.h (agent_card_info_s): Add UIF fields.
- * g10/call-agent.c (learn_status_cb): Put UIF DOs info.
- * g10/card-util.c (current_card_status): Output for UIF.
-
- scd: Make "learn" report about KDF data object.
- + commit 05d163aebc04db109ec5e004eb04a4b3796f6421
- * scd/app-openpgp.c (do_learn_status): Report KDF attr.
- * g10/card-util.c (current_card_status): Output KDF for with_colons.
-
- card: Display if KDF is enabled or not.
- + commit a5542a4a702c2210facf58a98bc8d3d16089b6ab
- * g10/call-agent.h (kdf_do_enabled): New field.
- * g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
- * g10/card-util.c (current_card_status): Inform the availability.
-
-2018-11-14 Werner Koch <wk@gnupg.org>
-
- Remove the gpg-zip script.
- + commit 8b8ea802ca071c911158cab0203245a16a69125c
- * tools/gpg-zip.in: Remove.
- * m4/tar-ustar.m4: Remove.
-
-2018-11-14 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Simplify agent_popup_message_stop.
- + commit 804a77edd9472d44606641b7772550521e1ba271
- * agent/call-pinentry.c (agent_popup_message_stop): Just kill it.
-
-2018-11-13 Werner Koch <wk@gnupg.org>
-
- dirmngr: Support the new WKD draft with the openpgpkey subdomain.
- + commit 914fa3be22bf8848a97a7dd405a040d6ef31e2fd
- * dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
- method.
-
-2018-11-13 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update libgcrypt.m4 and ntbtls.m4.
- + commit d58fe697acefd435ec01503dae574d6c99dfedae
- * m4/libgcrypt.m4: Update from master.
- * m4/ntbtls.m4: Update from master.
-
-2018-11-12 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Add FLUSHCRLs command.
- + commit 678e4706ee614a6b7e543e2a80072d75405dd4db
- Summary:
- * dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
- * dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
- (register_commands): Add FLUSHCRLS.
-
-2018-11-12 Werner Koch <wk@gnupg.org>
-
- common: Prepare for parsing mail sub-addresses.
- + commit 6b9f772914624cc673ba26d49b6e3adc32dd7e0a
- * common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
- implement. Change all callers to pass false for it.
-
- * common/t-mbox-util.c (run_mbox_no_sub_test): New.
- (run_filter): Add arg no_sub.
- (main): Call new test and add option --no-sub.
-
-2018-11-11 Werner Koch <wk@gnupg.org>
-
- common: Add --filter option to t-mbox-util.
- + commit b3095c95ef9d2d76b49a6ad1b946fca590380dc9
- * common/t-mbox-util.c (run_filter): New.
- (main): Add option parser.
-
-2018-11-09 Jussi Kivilinna <jussi.kivilinna@iki.fi>
-
- g10/mainproc: avoid extra hash contexts when decrypting AEAD input.
- + commit b46382dd47731231ff49b59c486110a25e08e985
- * g10/mainproc.c (mainproc_context): New member
- 'seen_pkt_encrypted_aead'.
- (release_list): Clear 'seen_pkt_encrypted_aead'.
- (proc_encrypted): Set 'seen_pkt_encrypted_aead'.
- (have_seen_pkt_encrypted_aead): New.
- (proc_plaintext): Do not enable extra hash contexts when decryption
- AEAD input.
-
-2018-11-08 Jussi Kivilinna <jussi.kivilinna@iki.fi>
-
- g10/armor: optimize radix64 to binary conversion.
- + commit 643ec7c642dc75191e712963d2bb460ac247e09b
- * g10/armor.c (asctobin): Larger look-up table for fast path.
- (initialize): Update 'asctobin' initialization.
- (radix64_read): Add fast path for radix64 to binary conversion.
-
- g10/armor: optimize binary to radix64 conversion.
- + commit e8142cc69a2ae5a5d0a238bc9f88841067359af8
- * g10/armor.c (bintoasc): Change to read-only.
- (initialize): Use const pointer for 'bintoasc'.
- (armor_output_buf_as_radix64): New function for faster binary to
- radix64 conversion.
- (armor_filter): Use new conversion function.
-
- g10/armor: use libgcrypt's CRC24 implementation.
- + commit e486d4f0259f27906d2c2869cc01b3aa31aaa0a6
- * g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
- (new_armor_context): Open libgcrypt CRC24 context.
- (release_armor_context): Close CRC24 context.
- (initialize): Remove CRC table generation.
- (get_afx_crc): New.
- (check_input, fake_packet, radix64_read, armor_filter): Update to use
- CRC24 context.
- * g10/filter.h (armor_filter_context_t): Replace crc intermediate value
- with libgcrypt md context pointer.
-
- common/iobuf: optimize iobuf_read_line.
- + commit 2b5718c1f76851160115f455c3a9383b04521347
- * common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
- character in buffer.
-
- g10/armor: remove unused unarmor_pump code.
- + commit 47424881b27d4b3bae2925265b2008cda0c2933f
- * g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
- (unarmor_pump_release, unarmor_pump): Remove.
- * g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
- (unarmor_pump): Remove.
-
- g10/armor: fix eof checks in radix64_read.
- + commit a571bb8df52d6f2727876e086790dd037c9948ad
- * g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
- of 'c == -1', as 'c' is never set to this value.
-
- g10/decrypt-data: use iobuf_read for higher performance.
- + commit 5d6c080522e1666943b75c99124fb69b985b6941
- * g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
- for reading data.
-
- g10/decrypt-data: use fill_buffer in more places.
- + commit e2b9095de35ac4d402b077d5484b4131700a9925
- * g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
- fill_buffer.
-
-2018-11-08 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgcompose: Fix --sk-esk.
- + commit 69930f6884a934207f7aa523cf6d2b8e22dfe666
- * g10/gpgcompose.c (sk_esk): Copy the result content correctly.
- Don't forget to free the result.
-
- g10: Fix log_debug formatting.
- + commit 7fc3decc2e038be905d47701c7ce196ed86a725b
- * g10/cipher-aead.c (do_flush): No cast is correct.
- * g10/decrypt-data.c (aead_underflow): No cast needed.
- Use "%j" for uint64_t for chunklen.
-
-2018-11-06 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix print_keygrip for smartcard.
- + commit 01b77ebbb71d47ba276d3a1af9595fdcd9b48f5f
- * g10/card-util.c (print_keygrip): Use tty_fprintf.
-
-2018-11-05 Werner Koch <wk@gnupg.org>
-
- wks: New option --with-colons for gpg-wks-client.
- + commit e3a1e80d13487c9336640a99b2f6d385d7d6f55c
- * tools/gpg-wks.h (opt): Add field with_colons.
- * tools/gpg-wks-client.c (oWithColons): New const.
- (opts, parse_arguments): Add option --with-colons.
- (main): Change aSupported to take several domains in --with-colons
- mode.
- (command_send): Factor policy getting code out to ...
- (get_policy_and_sa): New function.
- (command_supported): Make use of new function.
-
- speedo: Remove obsolete configure option of gpgme.
- + commit d7323bb2d957fbeb8192c0ecbd99b1d14d302912
- * build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
- --disable-w32-qt option.
-
- dirmngr: Fix LDAP port parsing.
- + commit a3a5a2451924640588e5ecc03a1d4ba6a6ba94a5
- * dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
- segv for a missing slash after the host name.
-
-2018-11-02 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update *.m4 from libraries.
- + commit 8e84efbe35633275e260712ba38a505e3f9d0898
- * m4/gpg-error.m4: Update from master.
- * m4/ksba.m4: Ditto.
- * m4/libassuan.m4: Ditto.
- * m4/libgcrypt.m4: Ditto.
- * m4/npth.m4: Ditto.
- * m4/ntbtls.m4: Ditto.
-
-2018-10-31 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Update *.m4 from libraries.
- + commit fd7aee6a97134fdf48a496841241f8ae25736e61
- * m4/gpg-error.m4: Update from master.
- * m4/ksba.m4: Ditto.
- * m4/libassuan.m4: Ditto.
- * m4/libgcrypt.m4: Ditto.
- * m4/npth.m4: Ditto.
- * m4/ntbtls.m4: Ditto.
-
-2018-10-26 Werner Koch <wk@gnupg.org>
-
- build: By default build wks-tools on all Unix platforms.
- + commit b83fed64f8051279a8f36e024c1f12f7f13c4716
-
-
- wkd: Add option --directory to the server.
- + commit f248416bc9792e80bb0785302058131de49d7639
- * tools/gpg-wks-server.c (opts): Add '--directory',
- (main): Explain how to set correct permissions.
- (command_list_domains): Create an empty policy file and remove the
- warning for an empty policy file.
-
-2018-10-26 NIIBE Yutaka <gniibe@fsij.org>
-
- kbx: Increase size of field for fingerprint.
- + commit 4249e9a2bf028f007d1ddaac730f636e5c6da20f
- * kbx/keybox-search-desc.h (fpr): Increase the size.
-
-2018-10-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- all: fix more spelling errors.
- + commit a7c5d65eb50355274c1b5b047c02c653f518900a
-
-
- headers: fix spelling.
- + commit b39ece7d35401302879062d9d4bec25b1249ae7e
-
-
-2018-10-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix out of scope use of a var in the keyserver LDAP code.
- + commit 2b57a8159cdc3b212a4efc68787b40cafcd91ebe
- * dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
- out of scope and cleanup the entire pgpKeySize block.
-
-2018-10-25 NIIBE Yutaka <gniibe@fsij.org>
-
- g10,scd: Improve UIF support.
- + commit 0240345728a84d8f235ce05889e83963e52742eb
- * g10/call-agent.c (learn_status_cb): Parse "bt" flag.
- * g10/call-agent.h: New member field "bt".
- * g10/card-util.c (uif): Limit its access only when it is supported.
- * scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
- when there is a button.
-
-2018-10-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- all: fix spelling and typos.
- + commit 54eb375ff14e2a93cea70eab35719be4d25f51ca
-
-
- doc: fix spelling mistakes.
- + commit ef540d1af0649ebf1add190d0ab095e957658b7e
-
-
-2018-10-24 Werner Koch <wk@gnupg.org>
-
- agent: Fix possible uninitalized use of CTX in simple_pwquery.
- + commit bafcf7095159493a656382997f8b0d0bb11a20e8
- * common/simple-pwquery.c (agent_open): Clear CTX even on early error.
-
- agent: Fix possible release of unitialize var in a genkey error case.
- + commit 2bdc4b6ed97770ed15ec6c5afa02c2e44568a3bc
- * agent/command.c (cmd_genkey): Initialize 'value'.
-
- ssh: Fix possible infinite loop in case of an read error.
- + commit 7385e1babf6eef586c79ad23f8e541aaf608c4e5
- * agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
- than EOF.
-
- tools: Fix FILE memory leak in gpg-connect-agent.
- + commit 378719f25fe00d46393541f4a4f79e04484c3000
- * tools/gpg-connect-agent.c (do_open): dup the fileno and close the
- stream.
-
- sm: Use the correct string in an error message.
- + commit 793fd8d876777c24c4d5072301fa530333d6e1d9
- * sm/gpgsm.c (main): Fix error message.
-
- gpg: Unfinished support for v5 signatures.
- + commit 64a1e86fc06d89c980a196c61d2b6d77d167565e
- * g10/parse-packet.c (parse_signature): Allow for v5 signatures.
- * g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
- byte count.
- * g10/sign.c (hash_sigversion_to_magic): Ditto.
- (write_signature_packets): Request v5 sig for v5 keys. Remove useless
- condition.
- (make_keysig_packet): Request v5 sig for v5 keys.
-
-2018-10-22 Werner Koch <wk@gnupg.org>
-
- dirmngr: Prepare for updated WKD specs with ?l= param.
- + commit 256a280c51f9ea862e4bfb0bb530c2a96f9088f9
- * dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
- request.
-
- agent: Fix build regression for Windows.
- + commit 68b8096b6617cdad09c99d7eda2035176807e78f
- * agent/command-ssh.c (get_client_info): Turn client_uid into an int.
- Fix setting of it in case of a failed getsocketopt.
- * agent/command.c (start_command_handler): Fix setting of the pid and
- uid for Windows.
-
- dirmngr: In verbose mode print the OCSP responder id.
- + commit 0a7f446c189201ca6e527af08b44da756b343209
- * dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.
-
-2018-10-15 Werner Koch <wk@gnupg.org>
-
- tools: Replace duplicated code in mime-maker.
- + commit f03928b16c4fb00077d22d8ec141575ef6d26913
- * tools/rfc822parse.c (HEADER_NAME_CHARS): New. Taken from
- mime-maker.c.
- (rfc822_valid_header_name_p): New. Based on code from mime-maker.c.
- (rfc822_capitalize_header_name): New. Copied from mime-maker.c.
- (capitalize_header_name): Remove. Replace calls by new func.
- (my_toupper, my_strcasecmp): New.
- * tools/mime-maker.c: Include rfc822parse.h.
- (HEADER_NAME_CHARS, capitalize_header_name): Remove.
- (add_header): Replace check and capitalization by new functions.
-
-2018-10-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix signing authentication status.
- + commit 78f542e1f4495195db2e668f9cd41657fb1afc77
- * scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.
-
-2018-10-12 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix message for ACK button.
- + commit 4ed941ff26783c4fabfe2079029f8e436eb7e340
- * agent/divert-scd.c (getpin_cb): Display correct message.
-
-2018-10-11 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support "acknowledge button" feature.
- + commit 7a5a4c4cac8709f7c413e94cd0b40f4123baa1e5
- * scd/apdu.c (set_prompt_cb): New member function.
- (set_prompt_cb_ccid_reader): New function.
- (open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
- (apdu_set_prompt_cb): New.
- * scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
- * ccid-driver.c (ccid_set_prompt_cb): New.
- (bulk_in): Call ->prompt_cb when timer extension.
- * scd/command.c (popup_prompt): New.
-
- agent: Support --ack option for POPUPPINPADPROMPT.
- + commit 827529339a4854886dbb5625238e7e01013efdcd
- * agent/divert-scd.c (getpin_cb): Support --ack option.
-
-2018-10-10 Werner Koch <wk@gnupg.org>
-
- gpg: Don't take the a TOFU trust model from the trustdb,
- + commit 150a33df41944d764621f037038683f3d605aa3f
- * g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
- (create_version_record): Don't init as TOFU.
- (tdbio_db_matches_options): Don't indicate a change in case TOFU is
- stored in an old trustdb file.
-
-2018-10-08 Werner Koch <wk@gnupg.org>
-
- gpg: Fix extra check for sign usage of a data signature.
- + commit b6275f3bda8edff34274c5b921508567f491ab9c
- * g10/sig-check.c (check_signature_end_simple):
-
- gpg: Make --skip-hidden-recipients work again.
- + commit 79f165d7a8bcc26972712bb0f0cc554d5c3d4e42
- * g10/pubkey-enc.c (get_session_key): Take care of
- opt.skip_hidden_recipients.
-
-2018-10-02 Werner Koch <wk@gnupg.org>
-
- gpg: New options import-drop-uids and export-drop-uids.
- + commit 8e83493dae426fe36a0e0081198b10db1e103ff1
- * g10/options.h (IMPORT_DROP_UIDS): New.
- (EXPORT_DROP_UIDS): New.
- * g10/import.c (parse_import_options): Add option "import-drop-uids".
- (import_one): Don't bail out with that options and no uids found.
- Also remove all uids.
- (remove_all_uids): New.
- * g10/export.c (parse_export_options): Add option "export-drop-uids".
- (do_export_one_keyblock): Implement option.
-
-2018-10-02 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix gnupg_reopen_std.
- + commit 50b02dba2060a8969da47b18d9c0ecdccbd30db4
- * common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.
-
-2018-09-27 NIIBE Yutaka <gniibe@fsij.org>
-
- g10,scd: Support UIF changing command.
- + commit 0cb65564e022fface5ada4de8e0c2c4c3d0ac8ad
- * g10/card-util.c (uif, cmdUIF): New.
- (card_edit): Add call to uif by cmdUIF.
- * scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
- (do_setattr): Likewise.
- (do_learn_status): Learn UIF-1, UIF-2, and UIF-3.
-
-2018-09-18 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak for --card-status.
- + commit fe8b6339542f3b1228b5fd56fc710ea3b07a3a2b
- * g10/card-util.c (card_status): Release memory of serial number.
-
-2018-09-14 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix another memory leak.
- + commit 60c880bda5c9b821fd2968cf89c38c37be3c1a7b
- * g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.
-
- g10: Fix memory leak (more).
- + commit 2eb481e8cc1c37378cf68a06557c4a7a625d315c
- * g10/skclist.c (enum_secret_keys): Free SERIALNO on update.
-
- g10: Fix memory leak in enum_secret_keys.
- + commit 64c5c45e2aa4a12d939680b9d51c8b26d61c5e9d
- * g10/skclist.c (enum_secret_keys): Don't forget to call
- free_public_key in the error return paths.
-
-2018-09-11 NIIBE Yutaka <gniibe@fsij.org>
-
- Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."
- + commit 69bab1cba07a8259b85a7911c2824724667803a4
- This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.
-
- dirmngr: Serialize access to hosttable.
- + commit 995aded58724a1a07704493b311be5222b3f82a2
- * dirmngr/dirmngr.h (ks_hkp_init): New.
- * dirmngr/dirmngr.c (main): Call ks_hkp_init.
- * dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
- (ks_hkp_mark_host): Serialize access to hosttable.
- (ks_hkp_print_hosttable, make_host_part): Likewise.
- (ks_hkp_housekeeping, ks_hkp_reload): Likewise.
-
-2018-09-10 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Use iobuf_get_noeof to avoid undefined behaviors.
- + commit f80346f42df4bdc7d0a9741c3922129aceae4f81
- * common/iobuf.c (block_filter): Use iobuf_get_noeof.
-
- agent: Fix error code check from npth_mutex_init.
- + commit adce73b86fd49d5bbb8884231a26cc7533d400e2
- * agent/call-pinentry.c (initialize_module_call_pinentry): It's an
- error when npth_mutex_init returns non-zero.
-
-2018-09-07 Werner Koch <wk@gnupg.org>
-
- dirmngr: Emit SOURCE status also on NO_DATA.
- + commit bee65edfbc8cc2c369e5941cc9d1a01a0519b388
- * dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
- NO DATA error.
- (ks_hkp_get): Ditto.
- * g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
- also on error.
- (gpg_dirmngr_ks_get): Ditto.
-
-2018-09-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: hkp: Avoid potential race condition when some hosts die.
- + commit 04b56eff118ec34432c368b87e724bce1ac683f9
- * dirmngr/ks-engine-hkp.c (select_random_host): Use atomic pass
- through the host table instead of risking out-of-bounds write.
-
-2018-09-07 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak.
- + commit 7c96cc67e108f3a9514a4222ffac2f9f9a2ab19e
- * g10/import.c (read_block): Call free_packet to skip the packet.
-
-2018-09-06 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgscm: Suppress warnings for GCC > 6.
- + commit 99c17b970bc0ca7e0cff7fe031c6f9feb05af3ff
- * tests/gpgscm/scheme.c (CASE): Use unused attribute for GCC > 6.
- (FALLTHROUGH): New for fallthrough.
- (Eval_Cycle): Use FALLTHROUGH. Remove not-needed comment of
- fallthrough.
-
- Fix use of strncpy, which is actually good to use memcpy.
- + commit 625ced6e672daa892d334323cce6b3d42a6f929f
- * common/ssh-utils.c (get_fingerprint): Use memcpy.
- * g10/build-packet.c (string_to_notation): Use memcpy.
-
-2018-09-05 Werner Koch <wk@gnupg.org>
-
- kbx: Add framework for a public key daemon.
- + commit 512be1d04b98a9d6a9067bd34c16513089a0db9f
- * kbx/keyboxd.c: New.
- * kbx/keyboxd.h: New.
- * kbx/kbxserver.c: New.
- * kbx/keyboxd-w32info.rc: New.
- * kbx/Makefile.am (EXTRA_DIST): Add new rc file.
- (resource_objs): Ditto.
- (libexec_PROGRAMS): New.
- (common_libs, commonpth_libs): New.
- (kbxutil_LDADD): Use here.
- (keyboxd_SOURCES): New.
- (keyboxd_CFLAGS): New.
- (keyboxd_LDADD): New.
- (keyboxd_LDFLAGS): New.
- (keyboxd_DEPENDENCIES): new.
- ($(PROGRAMS)): Extend.
-
- common: New function status_printf.
- + commit d4489be467e7229e17fb17a0489bf711d6ce66d6
- * common/asshelp2.c (set_assuan_context_func): New.
- (status_printf): New.
- * po/Makevars (XGETTEXT_OPTIONS): Add status_printf
-
-2018-08-29 Werner Koch <wk@gnupg.org>
-
- gpg: Explain error message in key generation with --batch.
- + commit 1bfe766bcf3959135333900934f1a15c9b96c3cf
- * g10/keygen.c (generate_keypair): Show more info.
-
- gpg: Remove unused function get_pubkeys.
- + commit ed8fe21e6612401846fc4af8631f0136dc633c67
- * g10/getkey.c (get_pubkeys): Remove.
- (pubkey_free): Remove and use code directly ...
- (pubkeys_free): ... here.
-
- gpg: New option --known-notation.
- + commit 3da835713fb6220112d988e1953f3d84beabbf6a
- * g10/gpg.c (oKnownNotation): New const.
- (opts): Add option --known-notation.
- (main): Set option.
- * g10/parse-packet.c (known_notations_list): New local var.
- (register_known_notation): New.
- (can_handle_critical_notation): Rewrite to handle the new feature.
- Also print the name of unknown notations in verbose mode.
-
-2018-08-28 Werner Koch <wk@gnupg.org>
-
- gpg: Refresh expired keys originating from the WKD.
- + commit 7f172404bfcf719b9b1af4a182d4803525ebff7c
- * g10/getkey.c (getkey_ctx_s): New field found_via_akl.
- (get_pubkey_byname): Set it.
- (only_expired_enc_subkeys): New.
- (get_best_pubkey_byname): Add support to refresh expired keys from the
- WKD.
-
- gpg: Remove unused arg from a function.
- + commit db67ccb759426c1173761574b14bdfe6a76394c2
- * g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
- Change both callers.
-
-2018-08-27 Werner Koch <wk@gnupg.org>
-
- gpg: Prepare for longer card fingerprints.
- + commit 108702ccae8ff1e5fec3b8e710f06a03637244c7
- * g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
- "*len".
- * g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
- return the actual length.
- (agent_release_card_info): Adjust for these changes.
- * g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
- arg FPRLEN. Change all callers to pass the length.
- (print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
- FPRLEN. Change all callers to pass the length.
- (fpr_is_zero): Add arg FPRLEN.
- (fpr_is_ff): Ditto.
- (show_card_key_info): Use the new functions.
- * g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
-
-2018-08-27 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix enum_secret_keys for card keys.
- + commit b823788d200902f34c632026934cf0e43152b73e
- * g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
- fingerprint in binary, change it to hex string.
-
- g10: Prefer to available card keys for decryption.
- + commit 84cc55880a5815155328229beb309326472bfd82
- * g10/skclist.c (enum_secret_keys): Add logic to prefer
- decryption keys on cards.
-
- g10: Move enum_secret_keys to skclist.c.
- + commit 03a8de7def4195b9accde47c1dcb84279361936d
- * g10/getkey.c (enum_secret_keys): Move to...
- * g10/skclist.c (enum_secret_keys): ... here.
-
- g10: Fix comment of enum_secret_keys.
- + commit 6bb93fc295e712ddf9b461dfe650211caf16a844
- * g10/getkey.c (enum_secret_keys): Fix comment for usage of
- enum_secret_keys, following the previous change.
-
- g10: Enumerated keys for decryption should be unique.
- + commit 30153c65f0875f9a62838f6347bcdcedd6114d35
- * g10/getkey.c (enum_secret_keys): Collecting keys in the context,
- check duplicate to make sure returning only unique keys.
- * g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
- enum_secret_keys to free keys.
-
- g10: Change decryption key selection for public key encryption.
- + commit ce2f71760155b71a71418fe145a557c99bd52290
- * g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list.
- (do_proc_packets): Remove the first arg CTRL. Fix call of
- proc_pubkey_enc.
- (release_list): Handle pubkey_enc_list.
- (proc_pubkey_enc): Remove the first arg CTRL. Simply put the packet
- to pubkey_enc_list.
- (print_pkenc_list): Remove the last arg FAILED.
- (proc_encrypted): Only call print_pkenc_list once.
- Handle DEK here.
- (proc_packets, proc_signature_packets, proc_signature_packets_by_fd)
- (proc_encryption_packets): Fix call of do_proc_packets.
- * g10/packet.h (struct pubkey_enc_list): Define.
- * g10/pubkey-enc.c (get_it): Change the second argument K.
- (get_session_key): Select session key by LIST, using enum_secret_keys.
- * g10/gpgv.c (get_session_key): Change the second argument K.
- * g10/test-stubs.c (get_session_key): Likewise.
-
-2018-08-10 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix undefined behavior when EOF in parsing packet for S2K.
- + commit 1b309d9f6199a91caa0ca0b97b92d599e00b736e
- * g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
- (parse_key): Likewise.
-
-2018-07-27 Werner Koch <wk@gnupg.org>
-
- gpg: Set a limit for a WKD import of 256 KiB.
- + commit e88f56f1937ac92f6a3b94e50b6db2649ec0be41
- * g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
- (gpg_dirmngr_wkd_get): Use it.
-
- dirmngr: Validate SRV records in WKD queries.
- + commit ebe727ef596eefebb5eff7d03a98649ffc7ae3ee
- * dirmngr/server.c (proc_wkd_get): Check the returned SRV record names
- to mitigate rogue DNS servers.
-
- common: New function to validate domain names.
- + commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72
- * common/mbox-util.c (is_valid_domain_name): New.
- * common/t-mbox-util.c (run_dns_test): New test.
-
-2018-07-26 Jiří Keresteš <jiri.kerestes@trustica.cz>
-
- scd: Add support for Trustica Cryptoucan.
- + commit 967d3649d24aba623133808e8d01675dff389fbb
-
-
-2018-07-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Print a WARNING status for DNS config problems.
- + commit bd4048c533165fd82340354d7229fcc2220db5a5
- * dirmngr/dirmngr-status.h: New.
- * dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
- to that file.
- * dirmngr/t-support.c: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
- (t_common_src): Add t-support.c.
- * dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
- * dirmngr/dns-stuff.c: Include dirmngr-status.h.
- (libdns_init): Print WARNING status line. Change call callers to take
- and pass a CTRL argument.
- * g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
- status.
-
-2018-07-24 Werner Koch <wk@gnupg.org>
-
- gpg: Use 128 MiB as default AEAD chunk size.
- + commit 9aa1b368efd4edf51b6d056339bffb726de5162b
- * g10/gpg.c (oDebugAllowLargeChunks): New.
- (opts): New option --debug-allow-large-chunks.
- (main): Implement that option.
-
-2018-07-09 Werner Koch <wk@gnupg.org>
-
- gpg: Remove multiple subkey bindings during export-clean.
- + commit 76989d5bd89ed11f5b3656dc4748fcfc939a46dc
- * g10/key-clean.c (clean_one_subkey_dupsigs): New.
- (clean_all_subkeys): Call it.
-
- gpg: Let export-clean remove expired subkeys.
- + commit c2fd65ec8498a08ee36ca52d99b6b014f6db8d93
- * g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
- (KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
- * g10/key-clean.c (clean_one_subkey): New.
- (clean_all_subkeys): Add arg CLEAN_LEVEL.
- * g10/import.c (import_one): Call clean_all_subkeys with
- KEY_CLEAN_NONE.
- * g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
- the export clean options.
-
- gpg: Split key cleaning function for clarity.
- + commit 6c3567196f7e72552f326ce07dccbcce31926e5d
- * g10/key-clean.c (clean_key): Rename to clean_all_uids and split
- subkey cleaning into ...
- (clean_all_subkeys): new. Call that always after the former clean_key
- invocations.
-
-2018-07-06 Werner Koch <wk@gnupg.org>
-
- gpg: Move key cleaning functions to a separate file.
- + commit 135e46ea480d749b8a9692f71d4d0bfdadd8ee2f
- * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
- (clean_uid_from_key, clean_one_uid, clean_key): Move to ...
- * g10/key-clean.c: new file.
- * g10/key-clean.h: New.
- * g10/Makefile.am (gpg_sources): Add new files.
- * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
- new header.
- * g10/trustdb.h (struct key_item, is_in_klist): Move to ...
- * g10/keydb.h: here.
-
-2018-07-05 Werner Koch <wk@gnupg.org>
-
- po: Add flag options for xgettext.
- + commit cb71573f376235036c98143155e964a15cfcb250
- * po/Makevars (XGETTEXT_OPTIONS): Add --flag options.
-
- gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
- + commit f7526c7bc754acf68bde0b79c785e875a9365d60
- * g10/getkey.c (get_pubkey_for_sig): New.
- (get_pubkeyblock_for_sig): New.
- * g10/mainproc.c (issuer_fpr_raw): Give global scope.
- (check_sig_and_print): Use get_pubkeyblock_for_sig.
- * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
- * g10/sig-check.c (check_signature2): Ditto.
- (check_signature_over_key_or_uid): Ditto.
-
- tools: Add experimental code for a pairing protocol.
- + commit faf3c70c7715ba86eb56fdccc6cf831bf87b2ee0
- * configure.ac (GNUPG_CACHE_DIR): New const.
- * tools/Makefile.am (libexec_PROGRAMS): Add gpg-pair-tool.
- (gpg_pair_tool_SOURCES, gpg_pair_tool_CFLAGS)
- (gpg_pair_tool_LDADD): New.
- * tools/gpg-pair-tool.c: New.
-
-2018-07-04 Werner Koch <wk@gnupg.org>
-
- gpg: Ignore too large user ids during import.
- + commit 01cd66f9faf1623833e6afac84164de5a136ecff
- * g10/import.c (read_block): Add special treatment for bad user ids
- and comment packets.
-
- gpg: Extra check for sign usage when verifying a data signature.
- + commit 214b0077264e35c079e854a8b6374704aea45cd5
- * g10/sig-check.c (check_signature_end_simple): Check sign usage.
-
-2018-07-03 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak for PKT_signature.
- + commit 996febbab21eb9283b0634e51303a36b318734a6
- * g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
- * g10/gpgcompose.c (signature): Likewise.
- * g10/sign.c (write_signature_packets): Likewise.
-
-2018-07-02 Werner Koch <wk@gnupg.org>
-
- agent: New commands PUT_SECRET and GET_SECRET.
- + commit 8a915cd9faf052b4faa3c415f2ac5aa8d6ea1efe
- * agent/agent.h (CACHE_MODE_DATA): New const.
- * agent/cache.c (DEF_CACHE_TTL_DATA): new.
- (housekeeping): Tweak for CACHE_MODE_DATA.
- (cache_mode_equal): Ditto.
- (agent_get_cache): Ditto.
- (agent_put_cache): Implement CACHE_MODE_DATA.
- * agent/command.c (MAXLEN_PUT_SECRET): New.
- (parse_ttl): New.
- (cmd_get_secret): New.
- (cmd_put_secret): New.
- (register_commands): Register new commands.
-
- common: New function percent_data_escape.
- + commit 58baf40af641f8cbf597e508a292e85ae94688f1
- * common/percent.c (percent_data_escape): New.
- * common/t-percent.c (test_percent_data_escape): New.
-
- agent: Fix segv running in --server mode.
- + commit 3978df943dc7a4781a23382be2d3b4a96a04f71f
- * agent/command.c (start_command_handler): Do not write to
- CLIENT_CREDS after an error.
-
-2018-07-02 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: For SOCKS connection, just fails.
- + commit 1aacd12471935a354cfd85ee1805edc7eb16e6c5
- * dirmngr/dns.c (dns_res_exec): If it's DNS_SO_SOCKS_CONN, don't
- iterate to other server, but return the error immediately.
-
-2018-06-21 Werner Koch <wk@gnupg.org>
-
- gpg: Print revocation reason for "rev" records.
- + commit 592deeddb9bf4ae9b3e236b439e2f39644eb6d46
- * g10/main.h: Add prototype.
- * g10/keylist.c (list_keyblock_print): Print revocation info.
- (list_keyblock_colon): Ditto.
-
- * g10/test-stubs.c (get_revocation_reason): New stub.
- * g10/gpgv.c (get_revocation_reason): New stub.
-
- gpg: Print revocation reason for "rvs" records.
- + commit b7cd2c2093ae1b47645be50fa1d431a028187cad
- * g10/import.c (get_revocation_reason): New.
- (list_standalone_revocation): Extend function.
-
- gpg: Let --show-keys print revocation certificates.
- + commit 386b9c4f25b28fd769d7563f2d86ac3a19cc3011
- * g10/import.c (list_standalone_revocation): New.
- (import_revoke_cert): Call new function.
-
- build: Remove duplicates from AC_CHECK_FUNCS.
- + commit 7e9aa307f76cdf2f624d43a35a8266e8b4e473f9
- * configure.ac (AC_CHECK_FUNCS): Fold most calls into one.
-
-2018-06-20 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Let kernel to decide the local port.
- + commit 861f1da0731bf29dcb9221c4f22c76b40ec15a78
- * dirmngr/dns.c (LEAVE_SELECTION_OF_PORT_TO_KERNEL): New.
- (dns_socket): Don't select ephemeral port in user space.
-
-2018-06-19 Werner Koch <wk@gnupg.org>
-
- wks: Take name of sendmail from configure.
- + commit 08147f8bbdca40c98c2a094fa48fab15b8339c80
- * configure.ac (NAME_OF_SENDMAIL): New ac_define.
- * tools/send-mail.c (run_sendmail): Use it.
-
-2018-06-18 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Fix for non-FQDN hostname.
- + commit a4a054bf14fa855715faee01a152755c4e2a74f7
- * dirmngr/dns.c (dns_resconf_open): Clear search[0] for non-FQDN
- hostname.
-
-2018-06-15 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Fix connect and try next nameserver when ECONNREFUSED.
- + commit bcdbf8b8ebe9d61160e0b007dabe1b6462ffbc93
- * dirmngr/dns.c (dns_so_check): When EINVAL, release the association
- by connect with AF_UNSPEC and try again. Also try again for
- ECONNREFUSED.
- (dns_res_exec): Try next nameserver when ECONNREFUSED.
-
- libdns: Clear struct sockaddr_storage by zero.
- + commit 1c0b6681e4f322b88ac35d1f21c03d3cfc35fc23
- * dirmngr/dns.c (dns_resconf_pton): Clear SS.
- (dns_resconf_setiface): Clear ->IFACE.
- (dns_hints_root, send_query): Clear SS.
-
-2018-06-14 NIIBE Yutaka <gniibe@fsij.org>
-
- libdns: Sync to upstream.
- + commit 3e6ad302eaf3a4a9f3e60379133b3dfdbe0e1b2d
- * dirmngr/dns.c (dns_nssconf_loadfile): Handle exclamation mark.
-
- dirmngr: Fix recursive resolver mode.
- + commit 5b40338f12762cd74238c2d2b3101c33dd2d0ed3
- * dirmngr/dns-stuff.c (libdns_init): Initialize options.recurse.
-
-2018-06-12 Werner Koch <wk@gnupg.org>
-
- Some preparations to eventuallt use gpgrt_argparse.
- + commit cb52eb76b3ba0269742c5322e10a2b5151dafaf2
- * configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
- * tools/watchgnupg.c (print_version): USe this macro.
- * common/init.c (_init_common_subsystems): Register argparse
- functions.
-
- Require libgpg-error 1.29 and remove internal logging functions.
- + commit 440472663d608660343c54f09172c851f5127c9c
- * configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.29
- * common/util.h: Remove replacement error codes.
- * common/logging.h: Remove fallback to internal logging functions.
- * common/logging.c: Remove.
- * common/Makefile.am (common_sources): Remove logging.c
-
- gpg: Do not import revocations with --show-keys.
- + commit fe621cc64b13b00914633630f28b4b417892d629
- * g10/import.c (import_revoke_cert): Add arg 'options'. Take care of
- IMPORT_DRY_RUN.
-
-2018-06-12 NIIBE Yutaka <gniibe@fsij.org>
-
- card: Fix memory leak for fetch-url sub command.
- + commit 8f99299a54a0ac09f9c90c1085b704db78973fda
- * g10/card-util.c (fetch_url): Release INFO.
-
-2018-06-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Add new usage option for drop-subkey filters.
- + commit 2ddfb5bef920919443309ece9fa2930282bbce85
- * g10/import.c (impex_filter_getval): Add new "usage" property for
- drop-subkey filter.
-
-2018-06-11 Werner Koch <wk@gnupg.org>
-
- gpg: Set some list options with --show-keys.
- + commit d2bc66f241a66cc95140cbb3a07555f6301290ed
- * g10/gpg.c (main): Set some list options.
-
-2018-06-08 Werner Koch <wk@gnupg.org>
-
- gpg: Sanitize diagnostic with the original file name.
- + commit 13f135c7a252cc46cff96e75968d92b6dc8dce1b
- * g10/mainproc.c (proc_plaintext): Sanitize verbose output.
-
-2018-06-07 Werner Koch <wk@gnupg.org>
-
- gpg: Improve import's repair-key duplicate signature detection.
- + commit 26746fe65d14a00773473c2d0d271406a5105bca
- * g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
- (remove_duplicate_sigs): new.
- (key_check_all_keysigs): Call remove_duplicate_sigs again after
- reordering.
-
- gpg: Fix import's repair-key duplicate signature detection.
- + commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
- * g10/packet.h (PKG_siganture): Add field 'help_counter'.
- * g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
- (key_check_all_keysigs): De-duplicate on a per-block base.
-
- gpg: Improve verbose output during import.
- + commit 1bc6b5174248ba4d83d648ef6d6f4550540d1f20
- * g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
- keyid.
- (delete_inv_parts): Ditto.
-
-2018-06-06 Werner Koch <wk@gnupg.org>
-
- agent: Add DBUS_SESSION_BUS_ADDRESS et al. to the startup list.
- + commit 7ffc1ac7dd95d4cc1897a4c36d5cd628741c12f2
- * agent/gpg-agent.c (agent_copy_startup_env): Replace explicit list
- with the standard list.
-
- gpg: Also detect a plaintext packet before an encrypted packet.
- + commit 344b548dc71657d0285d93f78f17a2663b5e586f
- * g10/mainproc.c (proc_encrypted): Print warning and later force an
- error.
-
- gpg: New command --show-keys.
- + commit 257661d6ae0ca376df758c38fabab2316d10e3a9
- * g10/gpg.c (aShowKeys): New const.
- (opts): New command --show-keys.
- (main): Implement command.
- * g10/import.c (import_keys_internal): Don't print stats in show-only
- mode.
- (import_one): Be silent in show-only mode.
-
-2018-06-05 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Remove bogus comment.
- + commit d2e6b3ea1d70db1039a828fb3a978a4504f8f0c5
- * g10/mainproc.c (proc_pubkey_enc): Remove a comment.
-
-2018-05-31 Werner Koch <wk@gnupg.org>
-
- gpg: Print a hint on how to decrypt a non-mdc message anyway.
- + commit 874e391665405fc413a69f2ffacdb94bb08da7ff
- * g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
- MDC. Also print a dedicated status error code
-
-2018-05-30 Werner Koch <wk@gnupg.org>
-
- gpg: Ignore the multiple message override options.
- + commit d3d41146b33040eb65eaaaffcfc7b4211e60bd95
- * g10/gpg.c (oAllowMultisigVerification)
- (oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
- (opts): Turn --allow-multisig-verification, --allow-multiple-messages
- and --no-allow-multiple-messages into NOPs
- * g10/options.h (struct opt): Remove flags.allow_multiple_messages.
- * g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
- false.
-
- gpg: Detect multiple literal plaintext packets more reliable.
- + commit 97183b5c0fae05fcda942caa7df14ee6a133d846
- * g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
-
-2018-05-29 Werner Koch <wk@gnupg.org>
-
- gpg: Remove PGP6 compliance mode.
- + commit b2c05d691247a79fb46f75b653cbc4bf518c1c2a
- * g10/gpg.c: Make --pgp6 an alias for --pgp7.
- * common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
- * g10/options.h (PGP6): Remove. Adjust all users.
-
- gpg: Remove MDC options.
- + commit 253e8bdd9014cbe6dc06adce9d9dd2f8f4b31709
- * g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
- and --no-disable-mdc into NOPs.
- * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
- (use_aead): Ignore MDC options. Print warning for missing MDC feature
- flags.
- * g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
- (warn_missing_aead_from_pklist): this and adjust.
-
- gpg: Fix detection of the AEAD feature flag.
- + commit af4a5dbe575f304838db358aaeb45741f149d0a7
- * g10/getkey.c (fixup_uidnode): Use bitmask 0x02.
-
-2018-05-15 Werner Koch <wk@gnupg.org>
-
- gpg: Hard fail on a missing MDC even for legacy algorithms.
- + commit d1431901f0143cdc7af8d1a23387e0c6b5bb613f
- * g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
- * tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
- allow testing with the current files.
-
- gpg: Turn --no-mdc-warn into a NOP.
- + commit 96350c5d5afcbc7f66c535e38b9fcc7355622855
- * g10/gpg.c (oNoMDCWarn): Remove.
- (opts): Make --no-mdc-warn a NOP.
- (main): Don't set var.
- * g10/options.h (struct opt): Remove 'no_mdc_var'.
- * g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
- * g10/mainproc.c (proc_encrypted): Ditto.
-
-2018-05-07 Ineiev <ineiev@gnu.org>
-
- doc: Update description of displayed trust values.
- + commit ed12a1dabaf928e8620fc26ca426c935e1a8a880
- * doc/trust-values.texi: New file.
- * doc/Makefile.am (EXTRA_DIST): Add trust-values.texi.
- * doc/gnupg.texi (Trust Values): New chapter.
- * doc/gpg.texi (OpenPGP Key Management): Update the description
- of how trust values are displayed, replace table with a reference
- to Trust Values.
- * doc/gpg.texi (GPG Examples): Add @mansect trust values.
-
-2018-05-02 Werner Koch <wk@gnupg.org>
-
- Release 2.2.7.
- + commit d31d149196832ed6b8849017d8bcd0852c6ca96c
-
-
- gpg: Fix minor memory leak in the compress filter.
- + commit d26363e4f1933781c86cbe87077fbf1b9a2b64d8
- * g10/compress.c (push_compress_filter2): Return an error if no filter
- was pushed.
- (push_compress_filter): Ditto.
- (handle_compressed): Free CFX if no filter was pushed.
- * g10/import.c (read_block): Ditto.
-
- gpg: Fix "Too many open files" when using --multifile.
- + commit f7f3043653abe699602f910ddd09c1405675c7f6
- * common/miscellaneous.c (is_file_compressed): Don't cache the file.
-
- dirmngr: Implement timeout for dirmngr_ldap under Windows.
- + commit 007dde93cc3971cb51d08e8c082e172506ae7f80
- * dirmngr/dirmngr_ldap.c (alarm_thread) [W32]: New.
- (set_timeout): Implement for W32.
-
- build: New configure option to help with nPth debugging.
- + commit ddfd39e91a532fd31cd0c20c5d4cf9643acc58bd
- * configure.ac: Add option --enable-npth-debug
-
-2018-05-02 Andre Heinecke <aheinecke@intevation.de>
-
- common,w32: Hide spawned processes by default.
- + commit 3bd793256e2e4be52075d50ccf2df70c4a2e1a0f
- * common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
- instead of SW_MINIMIZE.
-
-2018-04-30 Werner Koch <wk@gnupg.org>
-
- dirmngr: Sleep in the ldap wrapper thread.
- + commit a598bbeeafa30f7854230eed212b76d5c5c77f86
- * dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
- (ldap_reaper_thread): Protect all list modification with a mutex. Use
- a condition var to wake up the reaper thread.
-
-2018-04-27 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use the LDAP wrapper process also for Windows.
- + commit f9fbfc64e402bd41815a68426f55565fa6d5c726
- * dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
- portability.
- * configure.ac: Always use the ldap wrapper.
-
- dirmngr: Silence log output from dirmngr_ldap.
- + commit d22506a343cec61b7d1a48c970b63a8458b267ab
- * dirmngr/dirmngr_ldap.c: Remove assert.h.
- (main): Replace assert by log_assert.
- * dirmngr/ldap.c (run_ldap_wrapper): Use debug options to pass
- verbose options to dirmngr_ldap.
- (start_cert_fetch_ldap): Ditto.
-
-2018-04-26 Werner Koch <wk@gnupg.org>
-
- dirmngr: Lower the dead host resurrection time to 1.5h.
- + commit 5789afc840cf79ba2a8cebd9d772ef9c3868c5e9
- * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): Decrease.
- (INITIAL_HOSTTABLE_SIZE): Increase because the old values was likely
- for development.
-
- dirmngr: Fix handling of CNAMEed keyserver pools.
- + commit cc66108253c58583d6bad3d1e2da2b004701d0f0
- * dirmngr/ks-engine-hkp.c (map_host): Don't use the cname for HTTPHOST.
- * dirmngr/server.c (make_keyserver_item): Map keys.gnupg.net.
-
-2018-04-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add the used TLS library to the debug output.
- + commit bb8894760fe87cf46a42599f11eab7e7c7a8eb71
- * dirmngr/http.c (send_request): Print the used TLS library in debug
- mode.
-
- dirmngr: Allow redirection from https to http for CRLs.
- + commit 1de4462974113ac18cf98f903e97cd1127fa842f
- * dirmngr/ks-engine.h (KS_HTTP_FETCH_NOCACHE): New flag.
- (KS_HTTP_FETCH_TRUST_CFG): Ditto.
- (KS_HTTP_FETCH_NO_CRL): Ditto.
- (KS_HTTP_FETCH_ALLOW_DOWNGRADE): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Replace args send_no_cache
- and extra_http_trust_flags by a new flags arg. Allow redirectiong
- from https to http it KS_HTTP_FETCH_ALLOW_DOWNGRADE is set.
- * dirmngr/loadswdb.c (fetch_file): Call with KS_HTTP_FETCH_NOCACHE.
- * dirmngr/ks-action.c (ks_action_get): Ditto.
- (ks_action_fetch): Ditto.
- * dirmngr/crlfetch.c (crl_fetch): Call with the appropriate flags.
-
- dirmngr: Implement CRL fetching via https.
- + commit 705d8e9cf0d109005b3441766270c0e584f7847d
- * dirmngr/http.h (HTTP_FLAG_TRUST_CFG): New flag.
- * dirmngr/http.c (http_register_cfg_ca): New.
- (http_session_new) [HTTP_USE_GNUTLS]: Implement new trust flag.
- * dirmngr/certcache.c (load_certs_from_dir): Call new function.
- (cert_cache_deinit): Ditto.
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Add new args
- 'send_no_cache' and 'extra_http_trust_flags'. Change all callers to
- provide the default value.
- * dirmngr/crlfetch.c (crl_fetch): Rewrite to make use of
- ks_http_fetch.
-
-2018-04-25 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix printing the keygrip with --card-status.
- + commit 71903eee89496e3f1d0a24536bced6ff16df6783
- * g10/card-util.c (current_card_status): Keygrip for Auth is 3.
-
-2018-04-24 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fallback to CRL if no default OCSP responder is configured.
- + commit 460e3812be711bd18195053d74aa736215f21eee
- * dirmngr/server.c (cmd_isvalid): Use option second arg to trigger
- OCSP checkibng. Fallback to CRL if no default OCSP responder has been
- configured.
- * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Adjust accordingly.
-
-2018-04-20 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: More binary I/O on Windows for CRLs.
- + commit 64c1fddb253061a9773c6c4ed2a9c5a54702d21b
- * dirmngr/crlcache.c (lock_db_file, crl_cache_insert): Open cache
- file in binary mode.
-
- doc: Remove unneccesary empty flags in vsndf.prf.
- + commit a44ed3d9a1ad5bd96694f10ea5523c517982017e
- * doc/examples/vsnfd.prf (max-cache-ttl): Remove empty flags.
-
-2018-04-16 emma peel <emma.peel@aktivix.org>
-
- po: more updates to Spanish translation.
- + commit acd6d5ff7436bb7fba171ced3294046a14fb777d
-
-
- po: correct attribution for Spanish translation.
- + commit 21b2e88a7e6c3d7313773c9ffb3e0d1fb2af45df
-
-
- po: correct label tags in Polish translation.
- + commit a5290dace7f85d66272af3e14f9f2bc43d2a4af8
-
-
- po: correct label tags in Finnish translation.
- + commit e12475429578add12a53fb2232cb45dc9e2aae1b
-
-
-2018-04-15 Werner Koch <wk@gnupg.org>
-
- build: New target "release" to automate the release process.
- + commit 3b1ee413a65bf566aa8e5f29a5a2cd5a94e66faa
- * Makefile.am (RELEASE_ARCHIVE_DIR): New.
- (RELEASE_SIGNING_KEY): New.
- (AM_DISTCHECK_CONFIGURE_FLAGS): Remove removed --enable-gpg2-is-gpg,
- (RELEASE_NAME, RELEASE_W32_STEM_NAME): New.
- (release, sign-release): New.
-
-2018-04-13 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak in check_sig_and_print.
- + commit f747b8f0734338baa1e608b193b213aca2c577e8
- * g10/mainproc.c (check_sig_and_print): Free the public key.
-
- g10: Push compress filter only if compressed.
- + commit c31abf84659dbda5503dd9f3aa3449520bcd1b84
- * g10/compress.c (handle_compressed): Fix memory leak.
-
-2018-04-12 Werner Koch <wk@gnupg.org>
-
- gpg: Extend the "sig" record in --list-mode.
- + commit 69c3e7acb744e1e5606a4d946e3b948704cfbbae
- * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
- callers.
- (get_user_id): Add arg R_NOUID. Change call callers.
- * g10/mainproc.c (issuer_fpr_string): Make global.
- * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
- also in --list-mode. Print the "issuer fpr" field also if there is an
- issuer fingerprint subpacket.
-
- gpg: Extend the ERRSIG status line with a fingerprint.
- + commit 23a714598c247d78cfda46a6dc338b17e17cc194
- * g10/mainproc.c (issuer_fpr_raw): New.
- (issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
- (check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
- Use write_status_printf. Extend ERRSIG status.
-
- gpg: Relax printing of STATUS_FAILURE.
- + commit e2bd152a928d79ddfb95fd2f7911c80a1a8d5a21
- * g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
- return code and not on the presence of any call to log_error.
-
- agent,dirmngr: Add "getenv" to the getinfo command.
- + commit bbb5bfacc0d1f179cfec94fd32fee01a09df0f1d
- * agent/command.c (cmd_getinfo): Add sub-command getenv.
- * dirmngr/server.c (cmd_getinfo): Ditto.
-
-2018-04-12 Andre Heinecke <aheinecke@intevation.de>
-
- build: Update getswdb version check to 2.2.
- + commit 327fece0aed2c9974659c72304f9fd1f461d460c
- * build-aux/getswdb.sh: Check for gnupg22_ver gnupg21_ver no
- longer exists.
-
-2018-04-11 Werner Koch <wk@gnupg.org>
-
- gpg: New option --no-symkey-cache.
- + commit 789d240cb40ab36406a7c57ad49897e0bafbb41e
- * g10/gpg.c (oNoSymkeyCache): New.
- (opts): Add that option.
- (main): Set var.
- * g10/options.h (struct opt): New field no_symkey_cache.
- * g10/passphrase.c (passphrase_to_dek): Implement that feature.
-
-2018-04-10 Werner Koch <wk@gnupg.org>
-
- agent: Improve the unknown ssh flag detection.
- + commit 9f69dbeb902ac447adbc92937cd451c4e909f234
- * agent/command-ssh.c (ssh_handler_sign_request): Simplify detection
- of flags.
-
-2018-04-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: unknown flags on ssh signing requests cause an error.
- + commit 381c46818ffa4605d0ca39818fe317de445eb6de
- * agent/command-ssh.c (ssh_handler_sign_request): if a flag is passed
- during an signature request that we do not know how to apply, return
- GPG_ERR_UNKNOWN_OPTION.
-
- agent: change documentation reference for ssh-agent protocol.
- + commit 55435cdd4fe4fbfbcba1098bb715ecd6171ba2d8
- * agent/command-ssh.c: repoint documentation reference.
-
-2018-04-09 Werner Koch <wk@gnupg.org>
-
- Release 2.2.6.
- + commit 6fbe2ddbaf5123ae444c95fdf8da67840f794c76
-
-
- gpg,w32: Fix empty homedir when only a drive letter is used.
- + commit 6da7aa1e7c80d214bd9dccb21744919ae191f2c8
- * common/homedir.c (copy_dir_with_fixup): New.
- (default_homedir): Use here.
- (gnupg_set_homedir): And here .
-
- doc: Document --key-edit:change-usage.
- + commit a4e26f2ee852003707857ab0635b783acb89a2f8
- * g10/keyedit.c (menu_changeusage): Make strings translatable.
-
-2018-04-06 Werner Koch <wk@gnupg.org>
-
- gpg: Check that a key may do certifications.
- + commit 1a5d95e7319e7e6f0dd11064a26cbbc371b05214
- * g10/sig-check.c (check_signature_end_simple): Check key usage for
- certifications.
- (check_signature_over_key_or_uid): Request usage certification.
-
- gpg: Emit FAILURE stati now in almost all cases.
- + commit 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
- * g10/cpr.c (write_status_failure): Make it print only once.
- * g10/gpg.c (wrong_args): Bump error counter.
- (g10_exit): Print a FAILURE status if we ever did a log_error etc.
- (main): Use log_error instead of log_fatal at one place. Print a
- FAILURE status for a bad option. Ditto for certain exit points so
- that we can see different error locations.
-
- gpg: Re-indent sig-check.c and use signature class macros.
- + commit 5ba74a134db431530884f03eea5410a68dbfe0f5
- * g10/keydb.h (IS_BACK_SIG): New.
- * g10/sig-check.c: Re-indent and use macros.
-
-2018-04-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support SSH signature flags.
- + commit 80b775bdbb852aa4a80292c9357e5b1876110c00
- * agent/command-ssh.c (SSH_AGENT_RSA_SHA2_256): New.
- (SSH_AGENT_RSA_SHA2_512): New.
- (ssh_handler_sign_request): Override SPEC when FLAGS
- is specified.
-
-2018-04-05 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Let card-edit/key-attr show message when change.
- + commit 870527df0dd704c994928348c8c2910030776680
- * g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
- (ask_card_keyattr): Show message when change, also for ECC.
-
-2018-04-04 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Fix no gpg-agent upon removal of GNUPGHOME.
- + commit 83529e1bd14a6d39f2a8ecab9fb6aa4c1f344c73
- * tests/gpgscm/gnupg.scm (with-ephemeral-home-directory): Add
- teadown-fn.
- * tests/gpgsm/export.scm: Use -no-atexit version and stop-agent.
- * tests/openpgp/decrypt-session-key.scm: Likewise.
- * tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
- * tests/openpgp/defs.scm (have-opt-always-trust): Likewise.
- (setup-environment-no-atexit): New.
- (start-agent): Support no use of atexit.
- * tests/gpgsm/gpgsm-defs.scm (setup-gpgsm-environment-no-atexit): New.
- * tests/migrations/common.scm (untar-armored): Follow the change
- of with-ephemeral-home-directory.
-
-2018-04-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Writing KDF resets auth state.
- + commit cb1731c23cddfa524d3f51cfd82029bff853a073
- * scd/app-openpgp.c (do_setattr): Clear auth state.
-
-2018-04-02 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix filtering by PK->REQ_USAGE.
- + commit a17d2d1f690ebe5d005b4589a5fe378b6487c657
- * g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.
-
-2018-03-30 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix card-edit/kdf-setup for single salt.
- + commit 130ad98240c066383fa0a99bcf5e0ec72bc0dff9
- * g10/card-util.c (gen_kdf_data): Use SALT_USER.
-
- g10,scd: Support single salt for KDF data object.
- + commit 0c097575a9cd923f648fb5bb695893d46400c3ad
- * g10/card-util.c (gen_kdf_data): Support single salt.
- (kdf_setup): Can have argument for single salt.
- * scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
-
- g10: Add "key-attr" command for --card-edit.
- + commit 820380335a20391e0998fb1ba32ebfb9accedc5b
- * g10/card-util.c (key_attr): New explicit command.
- (generate_card_keys, card_generate_subkey): Don't ask key attr change.
- (card_edit): Add for cmdKEYATTR.
-
- scd: Support changing key attribute back to RSA.
- + commit 29692718768c28c524be6306081ab1852e75fe07
- * scd/app-openpgp.c (change_rsa_keyattr): Try usual RSA.
-
-2018-03-29 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Support key attribute change at --card-edit/generate.
- + commit a1515b3bbc10a210040dda3b482bcdb933fa8d7c
- * g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
- number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
- (ask_card_keyattr): Support ECC, as well as RSA.
- (do_change_keyattr): Support ECC dropping magical number 25519.
- * g10/keygen.c (ask_curve): Allow call from outside, adding last arg
- of CURRENT.
- (generate_keypair): Follow the change of ask_curve.
- (generate_subkeypair): Likewise.
-
- g10: check_pin_for_key_operation should be just before genkey.
- + commit 02d7bb819ff44cc90212568dd6ce24ae1dc5d17f
- * g10/card-util.c (generate_card_keys): Check PIN later.
- (card_generate_subkey): Likewise.
-
-2018-03-28 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Change ask_curve so that it can be used outside.
- + commit e610d51f0de11154050915b951bcc5c53c940f5e
- * g10/call-agent.h (struct key_attr): New.
- * g10/keygen.c (ask_curve): Return const char *. No allocation.
- (quick_generate_keypair): Follow the change.
- (generate_keypair, generate_subkeypair): Likewise.
- (parse_algo_usage_expire): Return const char *.
-
-2018-03-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent,scd: Use pointer to represent HANDLE.
- + commit 96918346beeca7a46de9f03f19502373994c21bc
- * agent/call-scd.c [HAVE_W32_SYSTEM] (start_scd): Format with %p.
- * scd/command.c [HAVE_W32_SYSTEM] (option_handler): Use void *.
-
-2018-03-27 Werner Koch <wk@gnupg.org>
-
- agent: Make the request origin a part of the cache items.
- + commit 02dce8c0cc57deb2095a9b06aeb8f4dea34eef7e
- * agent/cache.c (agent_put_cache): Add arg 'ctrl' and change all
- callers to pass it.
- (agent_get_cache): Ditto.
-
- * agent/cache.c (struct cache_items_s): Add field 'restricted'.
- (housekeeping): Adjust debug output.
- (agent_flush_cache): Ditto.
- (agent_put_cache): Ditto. Take RESTRICTED into account.
- (agent_get_cache): Ditto.
-
-2018-03-26 Werner Koch <wk@gnupg.org>
-
- gpg: Auto-fix a broken trustdb with just the version record.
- + commit eb68c2d3d1b03a18cd24406fa46d4c30cb13d9f7
- * g10/tdbio.c (get_trusthashrec): Create hashtable on error.
-
- gpg: Pass CTRL arg to get_trusthashrec.
- + commit a750ebebf35a392f1c72d6aee5618df0d9f25ff7
- * g10/tdbio.c (get_trusthashrec): Add arg CTRL.
- (tdbio_search_trust_byfpr): Ditto.
- (tdbio_search_trust_bypk): Ditto.
-
- gpg: Return better error codes in case of a too short trustdb.
- + commit 403aa70c52e56614d65490dea9344113f9cf3d29
- * g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
- (tdbio_new_recnum): Never return on error.
- (lookup_hashtable): Print a more descriptive error in case of !TABLE.
-
- gpg: Fix trustdb updates without lock held.
- + commit 456a3a8e93ea14f821e0e98fb515f284ece98685
- * g10/tdbio.c (is_locked): Turn into a counter.
- (take_write_lock, release_write_lock): Implement recursive locks.
-
- gpg: Disable unused code parts in tdbio.c.
- + commit 5f00531463ebc0e606c502696962426007545bb7
- * g10/tdbio.c (in_transaction): Comment this var.
- (put_record_into_cache): Comment the transaction code.
- (tdbio_sync): Ditto
-
-2018-03-23 Werner Koch <wk@gnupg.org>
-
- sm: Add OPTION request-origin.
- + commit 137644c9cb58deaaba6850f2763d9c5f9241cb0b
- * sm/server.c: Include shareddefs.h.
- (option_handler): Add option.
-
- gpg,sm: New option --request-origin.
- + commit 2cd35df5db3c4dfe37616dcfb1fcc644959449ef
- * g10/gpg.c (oRequestOrigin): New const.
- (opts): New option --request-origin.
- (main): Parse that option.
- * g10/options.h (struct opt): Add field request_origin.
- * g10/call-agent.c (start_agent): Send option to the agent.
- * sm/gpgsm.c (oRequestOrigin): New const.
- (opts): New option --request-origin.
- (main): Parse that option.
- * sm/gpgsm.h (struct opt): Add field request_origin.
- * sm/call-agent.c (start_agent): Send option to the agent.
-
- agent: New OPTION pretend-request-origin.
- + commit 05c55ee260edc07cd19da56dfd00347bfe3f529c
- * common/shareddefs.h (request_origin_t): New.
- * common/agent-opt.c (parse_request_origin): New.
- (str_request_origin): New.
- * agent/command.c (option_handler): Implement new option.
-
-2018-03-23 NIIBE Yutaka <gniibe@fsij.org>
-
- build: Fix the manual source field.
- + commit 5400a5bb77bddcb14c94d9405312d6181322b090
-
-
-2018-03-22 Werner Koch <wk@gnupg.org>
-
- gpg: Implement --dry-run for --passwd.
- + commit 165bc38cefbc03515403b60b704cabf4dc0b71f4
- * g10/keyedit.c (change_passphrase): Take care of --dry-run.
-
-2018-03-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support KDF DO setup.
- + commit 0152ba7c987443d641ce1091c79f90ef2cc46498
- * g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
- * g10/card-util.c (gen_kdf_data, kdf_setup): New.
- (card_edit): New admin command cmdKDFSETUP to call kdf_setup.
- * scd/app-openpgp.c (do_getattr): Emit KDF capability.
-
-2018-03-21 Werner Koch <wk@gnupg.org>
-
- gpg: Fix out-of-bound read in subpacket enumeration.
- + commit 983f7b2acbd1e7580652bbeb0c3d64f9dd19d9e4
- * g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
- the type octet. Print diagnostic.
-
- Change license of argparse.c back to LGPLv2.1.
- + commit fa0ed1c7e2eee7c559026696e6b21acc882a97aa
- * common/argparse.c, common/argparse.h: Change license
-
-2018-03-19 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: signal mask should be set just after npth_init.
- + commit 11bbd99477ef5ba5b7db0c17607b10af03c68afb
- * scd/scdaemon.c (setup_signal_mask): New.
- (main): Call setup_signal_mask.
- (handle_connections): Remove signal mask setup.
-
-2018-03-16 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Better user interaction for factory-reset.
- + commit 2c85e202bc30231b9555100dec0c490c60d7b88c
- * g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
- Connect the card again at the last step.
-
-2018-03-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix suspend/resume handling for CCID driver.
- + commit fd23a0524d8060ed12d87c679b7823686614aaee
- * scd/ccid-driver.c (intr_cb): Try submitting INTERRUPT urb
- to see if it's suspend/resume.
-
-2018-03-13 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: After fatal error, shutdown a reader.
- + commit c84bae69e9e02923f7180e09d161cb0b13257436
- * scd/apdu.c (pcsc_send_apdu): Notify main loop after
- fatal errors.
-
- scd: Fix for GNU/Linux suspend/resume.
- + commit 71e5282c25ba812c7091e587edd721839bc4c2ac
- * configure.ac (require_pipe_to_unblock_pselect): Default is "yes".
- * scd/scdaemon.c (scd_kick_the_loop): Minor clean up.
-
-2018-03-12 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix typo in previous commit.
- + commit 655f0b9ad0138e6f960bf4befaf0eea569256614
-
-
-2018-03-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: More fix with PC/SC for Windows.
- + commit 1e27c0e04cd3280d498dc8b72d2e410f6287f656
- * scd/apdu.c (pcsc_get_status): Return status based on CURRENT_STATUS.
- Add debug log.
-
-2018-03-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix status check when using PC/SC.
- + commit f8b8b6aac2ca1cb34d7a346aee1d874e7650557b
- * scd/apdu.c (struct reader_table_s): Add field of current_state.
- (new_reader_slot): Initialize current_state.
- (pcsc_get_status): Keep the status in READER_TABLE array.
- Return SW_HOST_NO_READER when PCSC_STATE_CHANGED.
- * scd/scdaemon.c (handle_connections): Silence a warning.
-
-2018-03-06 Werner Koch <wk@gnupg.org>
-
- agent: Also evict cached items via a timer.
- + commit f060cb5c63923d6caec784f65f3bb0aadf52f795
- * agent/cache.c (agent_cache_housekeeping): New func.
- * agent/gpg-agent.c (handle_tick): Call it.
-
-2018-03-01 Werner Koch <wk@gnupg.org>
-
- gpg: Print the keygrip with --card-status.
- + commit fd595c9d3642dba437fbe0f6e25d7aaaae095f94
- * g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
- grp3.
- * g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
- (learn_status_cb): Parse KEYPARIINFO int the grpX fields.
- * g10/card-util.c (print_keygrip): New.
- (current_card_status): Print "grp:" records or with --with-keygrip a
- human readable keygrip.
-
-2018-02-28 Andre Heinecke <aheinecke@intevation.de>
-
- gpgconf, w32: Allow UNC paths.
- + commit e43844c3b0b9ec93b7f2a88752bcd6b6244aacfb
- * tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.
-
-2018-02-28 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid writing a zero length last chunk in AEAD mode.
- + commit f2c09203b98b83669a460dc8161283de96022536
- * g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
- (write_final_chunk): Do not increase chunkindex.
- (do_flush): Call set_nonce_and_ad immediately before the first
- encryption of a chunk. Bump up the chunkindex after writing the tag.
- (do_free): Do not insert a zero length last chunk.
- * g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
-
- gpg: Merge two functions in cipher-aead.c.
- + commit 047506a03d21739b5b922f6b3fd9f059b0b137c5
- * g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
- (set_nonce_and_ad): new function.
- (write_auth_tag): Print error message here.
- (do_flush): Rename var newchunk to finalize.
-
-2018-02-27 Werner Koch <wk@gnupg.org>
-
- gpg: Simplify the AEAD decryption function.
- + commit 618b86325f776f7250ad2bb09680e4bb427d7e50
- * g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
- (aead_set_nonce_and_ad): new single function. Change callers.
- (decrypt_data): Do not set the nonce and ad here.
- (aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
-
- gpg: Factor common code out of the AEAD decryption function.
- + commit ad989373f1a46139ed0fbc4d4a91069b78617ad9
- * g10/decrypt-data.c (aead_underflow): Factor reading and checking
- code code out to ...
- (fill_buffer, aead_checktag): new functions.
-
- gpg: Rename cipher.c to cipher-cfb.c.
- + commit b703ba725dadca8298a0c69365225f9a7ff60ae2
- * g10/cipher.c: Rename to ...
- * g10/cipher-cfb.c: this.
-
- gpg: Fix corner cases in AEAD encryption.
- + commit ebb0fcf6e0bd6997eff4097ddda94955134212af
- * g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
- index if the previous chunk was empty.
- * g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
- corner cases. Add more debug output.
-
-2018-02-23 Werner Koch <wk@gnupg.org>
-
- gpg: Try to mitigate the problem of wrong CFB symkey passphrases.
- + commit cbc7bacf2ff95aebb427bb244c719143a9001f3c
- * g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
-
-2018-02-22 Michał Górny <mgorny@gentoo.org>
-
- dirmngr: Handle failures related to missing IPv6 gracefully.
- + commit ecfc4db3a2f8bc2652ba4ac4de5ca1cd13bfcbec
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
- error codes.
-
-2018-02-22 Werner Koch <wk@gnupg.org>
-
- build: Update swdb tags and include release info from 2.2.5.
- + commit 7853190cfe2953fdac066b4f3256edc206896144
-
-
- Release 2.2.5.
- + commit 9581a65ccc10daededc05c55391a04022f794a4a
-
-
- gpg: Don't let gpg return failure on an invalid packet in a keyblock.
- + commit b375d50ee4ce52c9b0f0855ec155be027642fb05
- * g10/keydb.c (parse_keyblock_image): Use log_info instead of
- log_error for skipped packets.
- * g10/keyring.c (keyring_get_keyblock): Ditto.
-
-2018-02-22 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Select a secret key by checking availability under gpg-agent.
- + commit 88e766d3915c2919e9968148ebb30463d4a673e4
- * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
- by agent_probe_secret_key.
- (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
-
-2018-02-20 Werner Koch <wk@gnupg.org>
-
- wks: Add special mode to --install-key.
- + commit 685a5e1558b2252ac895637fb857f6f7bb85ea7b
- * tools/gpg-wks-client.c (get_key_status_parm_s)
- (get_key_status_cb, get_key): Move to ...
- * tools/wks-util.c: ...here.
- (get_key): Rename to wks_get_key.
- * tools/gpg-wks-server.c: Include userids.h.
- (command_install_key): Allow use of a fingerprint.
-
- wks: Implement server command --install-key.
- + commit ee474856ec16ff11d922d8503fb3ede77129c4aa
- * tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
- * tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
- (write_to_file): New.
- (check_and_publish): Factor some code out to ...
- (compute_hu_fname): ... new.
- (command_install_key): Implement.
-
- wks: Support alternative submission address.
- + commit 1877603761911ea5b1c15f4aef11a2cf86a8682c
- * tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
- * tools/wks-util.c (wks_parse_policy): Parse that field.
- (wks_free_policy): New.
- * tools/gpg-wks-client.c (command_send): Also try to take the
- submission-address from the policy file. Free POLICY.
- * tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
- (command_list_domains): Free POLICY.
-
-2018-02-15 Werner Koch <wk@gnupg.org>
-
- kbx: Fix detection of corrupted keyblocks on 32 bit systems.
- + commit 5e3679ae395e7a7e44f218f07bbe487429f1b279
- * kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
- checking.
- (blob_cmp_fpr_part): Ditto.
- (blob_cmp_name): Ditto.
- (blob_cmp_mail): Ditto.
- (blob_x509_has_grip): Ditto.
- (keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
- (keybox_get_cert): Ditto.
-
-2018-02-15 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Fix reversed messages for --only-sign-text-ids.
- + commit ca138d5bf36accde2fd755249b470a8dc8743c95
- * g10/keyedit.c (keyedit_menu): Fix messages.
-
-2018-02-14 Katsuhiro Ueno <uenobk@gmail.com>
-
- agent: Avoid appending a '\0' byte to the response of READKEY.
- + commit df97fe24807826ddc2af0e45e416fb81c5666f88
- * agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
- without an extra '\0' byte.
-
-2018-02-14 Werner Koch <wk@gnupg.org>
-
- sm: Fix minor memory leak in --export-p12.
- + commit 80719612b7e92aff5887f2a68d550a24f350722c
- * sm/export.c (gpgsm_p12_export): Free KEYGRIP.
-
-2018-02-14 Katsuhiro Ueno <uenobk@gmail.com>
-
- sm: Fix a wrong key parameter in an exported private key file.
- + commit 29aac7798085ee38da5107698618890ae7593c96
- * sm/export.c (sexp_to_kparms): Fix the computation of array[6],
- which must be 'd mod (q-1)' but was 'p mod (q-1)'.
-
-2018-02-14 Werner Koch <wk@gnupg.org>
-
- common: Use new function to print status strings.
- + commit f19ff78f0fbfc2793d8a9ab0173486bf712871ac
- * common/asshelp2.c (vprint_assuan_status_strings): New.
- (print_assuan_status_strings): New.
- * agent/command.c (agent_write_status): Replace by call to new
- function.
- * dirmngr/server.c (dirmngr_status): Ditto.
- * g13/server.c (g13_status): Ditto.
- * g13/sh-cmd.c (g13_status): Ditto.
- * sm/server.c (gpgsm_status2): Ditto.
- * scd/command.c (send_status_info): Bump up N.
-
-2018-02-13 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
-
- scd: Improve KDF-DO support.
- + commit 25f3b69129015c54392636818c8846e236f5cb2c
- * scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.
-
-2018-02-12 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix handling for Data Object with no data.
- + commit 0a3bec2c2525935362f87dce93d7df2c8d498498
- * scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
- with no data.
-
-2018-02-09 Andre Heinecke <aheinecke@intevation.de>
-
- doc: Add compliance de-vs to gpgsm in vsnfd.prf.
- + commit e0658b19d93b38ed9ebd07734c4678acdde1607d
- * doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
-
-2018-02-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Use pipe to kick the loop on NetBSD.
- + commit 015fe1c47b91da340e9df6bed908e0747ae8c60b
- * configure.ac (HAVE_PSELECT_NO_EINTR): New.
- * scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
- (handle_connections): Use pipe.
-
-2018-02-06 Werner Koch <wk@gnupg.org>
-
- gpg: Fix packet length checking in symkeyenc parser.
- + commit 8305739fe857ed3378f885bb43777fd518dd1060
- * g10/parse-packet.c (parse_symkeyenc): Move error printing to the
- end. Add additional check to cope for the 0je extra bytes needed for
- AEAD.
-
-2018-01-29 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Fix for NetBSD with __func__.
- + commit 64aa98c8a05513d9c00f53a2b880d80f9035333e
- * tests/asschk.c: Don't define __func__ if available.
-
-2018-01-28 Werner Koch <wk@gnupg.org>
-
- gpg: Rename a misnomed arg in open_outfile.
- + commit 303310d05e708dd58dcf7b7d8e8634cd5085bc7e
- * g10/openfile.c (open_outfile): Rename inp_fd to out_fd.
-
-2018-01-27 Werner Koch <wk@gnupg.org>
-
- dirmngr: Improve assuan error comment for cmd keyserver.
- + commit f8e868d9dfb6fc1390e421e7993a1d076309ed83
- * dirmngr/server.c: Add error comment in case --resolve fails in
- ensure_keyserver.
-
-2018-01-26 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix sending connecting process uid to pinentry.
- + commit 660eafa3a9f68e116e9b0597edc317d8ff90f9b2
- * agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.
-
- agent: Fix last commit.
- + commit d7207b39b71d1b07c4cddac602f29ec583f6d1ad
- * configure.ac: Check ucred.h as well as sys/ucred.h.
- * agent/command-ssh.c: Add inclusion of ucred.h.
-
- agent: More fix for get_client_pid for portability.
- + commit 08e686a6a6d5bcb5410228b388745d09686b260c
- * configure.ac: Check sys/ucred.h instead of ucred.h.
- * agent/command-ssh.c: Include sys/ucred.h.
-
-2018-01-24 Werner Koch <wk@gnupg.org>
-
- gpg: New maintainer option --debug-set-iobuf-size.
- + commit db7661b5a297a58c95fa9873d43f31d697b8feb3
- * g10/gpg.c (opts): Add new option.
- (opt_set_iobuf_size): New var.
- (set_debug): Set the option.
- * tests/openpgp/armor.scm: Use this option to revert the buffer size
- to the one which used to exhibit the tested bugs.
-
- iobuf: Increase the size of the buffer. Add iobuf_set_buffer_size.
- + commit bfc11816444512b4ebcc6617d3c3b5988e753de3
- * common/iobuf.c (IOBUF_BUFFER_SIZE): Rename to
- DEFAULT_IOBUF_BUFFER_SIZE and increase to 64k.
- (iobuf_buffer_size): New var. Always use this instead of the macro.
- (iobuf_set_buffer_size): New.
- (struct file_filter_ctx_t): Add field delayed_rc.
- (file_filter) [!W32]: Try to fill the supplied buffer.
-
- gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
- + commit ff1bdc23d9f1693c1add7c1fe8d218b7bf743e31
- * g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen
- computation.
- (do_free): Add dummy encryption. Close the cipher handle.
- * g10/decrypt-data.c (aead_underflow): Rewrite.
-
- gpg: Rename a variable in decrypt-data for clarity.
- + commit 83a15fa88e91d277811b6d030c4aa40c4fb3e6ad
- * g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
- to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
- Change all users.
-
-2018-01-23 Werner Koch <wk@gnupg.org>
-
- gpg: New option --chunk-size.
- + commit f3ef8b0dcaede1c85da0dff8eeceda6a994f0b28
- * g10/gpg.c (opts): New option --chunk-size.
- (oChunkSize): New const.
- (build_list_aead_test_algo, build_list_aead_algo_name): New.
- (my_strusage): List AEAD algos.
- (main): Implement --chunk-size..
- * g10/options.h (struct opt): Add field 'chunk_size'.
- (DBG_IPC): Remove duplicated macro.
- * g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
- * g10/misc.c (openpgp_aead_test_algo): Ditto.
-
- * g10/cipher-aead.c: Silence if not in debug mode.
- * g10/decrypt-data.c: Ditto.
-
- gpg: Copy the AEAD prefs to the user ID struct.
- + commit 112e02ee89b78369c1c50e672873e726cbfeb994
- * g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
-
- gpg: Clear the symmetric passphrase cache for encrypted session keys.
- + commit 278d87465685e0aa415e0333de1d27e79d1608f0
- * g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
- error.
- (proc_encrypted): Need to take are of the checksum error.
-
- gpg: Implement AEAD for SKESK packets.
- + commit 9aab9167bca38323973e853845ca95ae8e9b6871
- * g10/packet.h (PKT_symkey_enc): Add field aead_algo.
- * g10/build-packet.c (do_symkey_enc): Support version 5 packets.
- * g10/parse-packet.c (parse_symkeyenc): Ditto.
- * g10/encrypt.c (encrypt_symmetric): Force using a random session
- key in AEAD mode.
- (encrypt_seskey): Add and support arg aead_algo.
- (write_symkey_enc): Ditto.
- (encrypt_simple): Adjust accordingly.
- (encrypt_filter): Ditto.
- * g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
- support.
- * g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
- but return an error.
- (proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
-
- * g10/import.c (check_prefs): Check AEAD preferences.
- * g10/keyedit.c (show_prefs): Print AEAD preferences.
-
-2018-01-22 Werner Koch <wk@gnupg.org>
-
- gpg: Unify AEAD parameter retrieval.
- + commit da3015e3c05030fe709c8f922486e73d06d1d16a
- * g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
- * g10/encrypt.c (use_aead): Return the AEAD algo.
- (encrypt_simple): Adjust for this change.
- (encrypt_crypt): Ditto.
- (encrypt_filter): Ditto.
- * g10/sign.c (sign_symencrypt_file): Ditto.
-
- * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
- (openpgp_aead_algo_info): New.
- * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
- (write_header): Use new fucntion.
- * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
- (decrypt_data): Use new function. Also allow for chunkbytes other
- than 10.
-
- gpg: Refactor function encrypt_seskey.
- + commit 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
- * g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
- encrypted key and returns that buffer and its length.
- (encrypt_simple): Adjust for above change.
- (write_symkey_enc): Ditto.
-
-2018-01-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support KDF Data Object of OpenPGPcard V3.3.
- + commit 91303b7df9c3e810cfcd4920f78bac6f8b7df2b2
- * scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
- (pin2hash_if_kdf): New.
- (verify_a_chv): Add PINLEN arg. Use pin2hash_if_kdf.
- (verify_chv2, do_sign): Follow the change of verify_a_chv.
- (verify_chv3, do_change_pin): Use pin2hash_if_kdf.
-
-2018-01-21 Werner Koch <wk@gnupg.org>
-
- gpg: Support EAX if for latest Libgcrypt.
- + commit 7356d6ec50ea24bc9449187e1c2b3ecd717b789f
- * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
- (write_header): Use it.
- * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
- (decrypt_data): Use it.
- * g10/misc.c (openpgp_aead_test_algo): Allow EAX.
-
- gpg: First take on PKT_ENCRYPTED_AEAD.
- + commit 3f4ca85cb0cf58006417f4f7faafaa9a1f1bdf22
- * common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
- * g10/dek.h (DEK): Increase size of use_aead to 4 bits.
- * g10/filter.h (cipher_filter_context_t): Add new fields for AEAD.
- * g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
- chunkbyte.
- * g10/build-packet.c (do_encrypted_aead): New.
- (build_packet): Call it.
- * g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
- (parse_one_sig_subpkt, can_handle_critical): Ditto.
- (parse_encrypted): Clear new PKT_ENCRYPTED fields.
- (parse_encrypted_aead): New.
- (parse): Call it.
- * g10/gpg.c (main): Take care of --rfc4880bis option when checking
- compliance.
- * g10/cipher-aead.c: Replace the stub by real code.
- * g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
- AEAD.
- (aead_set_nonce): New.
- (aead_set_ad): New.
- (decrypt_data): Support AEAD.
- (aead_underflow): New.
- (aead_decode_filter): New.
- * g10/encrypt.c (use_aead): Make that new fucntion work.
- (encrypt_simple): Use default_aead_algo() instead of EAX.
- * g10/mainproc.c (proc_encrypted): Support AEAD.
- (do_proc_packets): Support PKT_ENCRYPTED_AEAD.
-
-2018-01-18 Werner Koch <wk@gnupg.org>
-
- gpg: Fix the use of future-default with --quick-add-key.
- + commit e1e35db510c9222e7a7dc208c2e49df556954170
- * g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
- (parse_key_parameter_string): Add arg suggested_use and implement
- fallback. Change callers to pass 0 for new arg.
- (parse_algo_usage_expire): Pass the parsed USAGESTR to
- parse_key_parameter_string so that it can use it in case a subkey is
- to be created.
-
-2018-01-10 Werner Koch <wk@gnupg.org>
-
- gpg: Add stub function for encrypting AEAD.
- + commit 81d71818d054a5faa9153fd52a4b79bbbb71e9d5
- * g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
- * g10/cipher-aead.c: New. Right now only with a stub function.
- * g10/Makefile.am (gpg_sources): Add file.
- * g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
- cipher_filter_aead.
- (encrypt_crypt): Ditto.
- (encrypt_filter): Ditto.
- * g10/sign.c (sign_symencrypt_file): Ditto.
-
- gpg: New option --force-aead.
- + commit 4e2ba546cdccbbc6d3e29867ee5671fd44d74e67
- * g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
- into single bit vars. Make sure they are always set to 1 or 0.
- (DEK): New field use_aead.
- * g10/options.h (struct opt): New field force_aead.
- * g10/pkclist.c (select_aead_from_pklist): New.
- * g10/gpg.c (oForceAEAD): New const.
- (opts): New options "--force-aead".
- (main): Set new option.
- * g10/encrypt.c (use_aead): New.
- (encrypt_simple): Implement new flags DEK.use_aead.
- (encrypt_crypt): Ditto.
- (encrypt_filter): Ditto.
- * g10/sign.c (sign_symencrypt_file): Ditto.
-
- gpg: Add option and preference framework for AEAD.
- + commit 8217cd49364b9f81b390f7ca6a608dd946f93efc
- * common/openpgpdefs.h (aead_algo_t): New.
- (SIGSUBPKT_PREF_AEAD): New.
- * g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
- (opts): New options --aead-algo and --personal-aead-preferences.
- (set_compliance_option): Clar aead algo.
- (main): Parse and check the new options
- * g10/options.h (struct opt): Add fields def_aead_algo and
- personal_aead_prefs.
- * g10/packet.h (PREFTYPE_AEAD): New enum value.
- (PKT_user_id): Add field flags.aead.
- (PKT_public_key): Add field flags.aead.
- * g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
- * g10/getkey.c (fixup_uidnode): Set AEAD flag.
- (merge_selfsigs): Ditto.
- * g10/kbnode.c (dump_kbnode): Show aead flag.
- * g10/keyedit.c (show_prefs): Ditto.
- (show_key_with_all_names_colon): Ditto.
- * g10/keygen.c (aead_presf, n_aead_prefs): New vars.
- (set_one_pref): Suppport PREFTYPE_AEAD.
- (keygen_set_std_prefs): Parse AEAD preferences.
- (keygen_get_std_prefs): Ditto.
- (add_feature_aead): New.
- (keygen_upd_std_prefs): Call that and build AEAD pref packet.
- * g10/main.h (DEFAULT_AEAD_ALGO): New const.
- * g10/misc.c (openpgp_aead_test_algo): New.
- (openpgp_aead_algo_name): New.
- (string_to_aead_algo): New.
- (default_aead_algo): New.
-
-2018-01-09 Andre Heinecke <aheinecke@intevation.de>
-
- doc: Note pinentry-mode for passphrase opts.
- + commit 6fb5713f4a6976900cc70c140e61043b6ef688d1
- * doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
- Note that pinentry-mode needs to be loopback.
-
-2018-01-08 Werner Koch <wk@gnupg.org>
-
- gpg: Print all keys with --decrypt --list-only.
- + commit 339b3301ee8410fe3bbdebb66a6e83801d79d40d
- * g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
- list-only and put the key into PKENC_LIST.
- (print_pkenc_list): Take care of the new error code.
-
-2018-01-01 Werner Koch <wk@gnupg.org>
-
- gpg: Allow "futuredefault" as alias for "future-default".
- + commit 4d3c500f4793eb263940ff5ef87ec4ead63c9b4b
- * g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
- use case-insensitive matching
- (quick_generate_keypair): Ditto.
- (parse_algo_usage_expire): Ditto.
-
-2017-12-29 Werner Koch <wk@gnupg.org>
-
- gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
- + commit 412bb7a801f242d47a82712080cce6ddbb843166
- * g10/keygen.c (gen_ecc): Map curve names.
-
-2017-12-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for inactive card at start by internal CCID driver.
- + commit 4f88b0f56134af2ce56d434b7acd47fcf9b6f7cf
- * scd/ccid-driver.c (do_close_reader): Set NULL on close.
- (bulk_in): Move DEBUGOUT and check by EP_INTR.
- (ccid_get_atr): Clear powered_off flag after initial status check.
-
-2017-12-22 Werner Koch <wk@gnupg.org>
-
- kbx: Simplify by removing custom memory functions.
- + commit f3ba66781a07af2e32f5887e6e15acdd4822a431
- * kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
- (_keybox_malloc, _keybox_calloc, keybox_realloc)
- (_keybox_free): Remove.
- (keybox_file_rename): Remove. Was not used.
- * sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
- * kbx/kbxutil.c (main): Ditto.
- * kbx/keybox-defs.h: Remove all separate includes. Include util.h.
- remove convenience macros.
- * common/logging.h (return_if_fail): New. Originally from
- keybox-defs.h but now using log_debug.
- (return_null_if_fail): Ditto.
- (return_val_if_fail): Ditto.
- (never_reached): Ditto.
-
-2017-12-20 Werner Koch <wk@gnupg.org>
-
- common: Use larger buffer for homedir in case of 64 bit UIDs.
- + commit 290348e349e8d56a856f187a08e913f2ed525b3c
- * common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
- bytes for "/gnupg".
-
- Release 2.2.4.
- + commit 558b17593ae97b8a07d06bf0d6af1a626b304501
-
-
-2017-12-19 Petr Pisar <petr.pisar@atlas.cz>
-
- po: Update Czech translation.
- + commit 43aaf60449036e870cc25b77fbb7312cf3fb534c
-
-
-2017-12-19 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit c7b8ec6c8e57797f0b77dbf7fca85fb600323328
-
-
-2017-12-19 Werner Koch <wk@gnupg.org>
-
- wks: New server options --check, --with-dir, with-file.
- + commit 7449063b1af2eef73d621a69cdb2fb713ab1ae6c
- * tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
- (opts): New options --check, --with-dir, and --with-file.
- (main): Call command_check_key.
- (command_list_domains): Implement option --with-dir.
- (fname_from_userid): New.
- (command_check_key): New.
- (command_remove_key): Implement existsing command.
- (command_revoke_key): Call command_remove_key as a simple
- implementation.
-
-2017-12-18 Werner Koch <wk@gnupg.org>
-
- conf: New option --status-fd.
- + commit 482e000b8a7e336f342a7fac3b7379257e944b6e
- * tools/gpgconf.c (oStatusFD): New const.
- (opts): New option --status-fd.
- (statusfp): New var.
- (set_status_fd): New.
- (gpgconf_write_status): New.
- (gpgconf_failure): New.
- (main): Set status fd and replace exit by gpgconf_failure.
- * tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
- (gc_process_gpgconf_conf): Print a few warning status messages.
-
- gpgconf: Show --compliance in expert mode.
- + commit d74c40cef0a97cd98aa05f13b1541a94eda502a6
- * tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
- (gc_options_gpgsm): Ditto.
-
- sm: Allow explicit setting of the default --compliance=gnupg.
- + commit 8c878ae4c9dfa9fe26aa15f4f9db3e86833575e9
- * sm/gpgsm.c (main): Allow setting of the default compliance.
- * tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
-
-2017-12-18 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit e3ddeff66e8c08a37ddf8b6510d69579c245e192
- * po/ja.po: Fix message with no "%s".
-
- po: Update Japanese translation.
- + commit 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8
- * po/ja.po: Fix message with no "%s".
-
-2017-12-13 Werner Koch <wk@gnupg.org>
-
- gpg: Print a warning for too much data encrypted with 3DES et al.
- + commit 416cf9e9be5d2daf0ef629208031989699b3653f
- * g10/filter.h (cipher_filter_context_t): Remove unused filed
- 'create_mdc'. Turn field 'header' into a bit field. Add new fields
- 'short_blklen_warn' and 'short_blklen_count'.
- * g10/cipher.c (write_header): Print a warning if MDC is not used.
- (cipher_filter): Print a warning for long messages encrypted with a
- short block length algorithm.
-
- gpg: Simplify cipher:write_header.
- + commit b5333e13cbc9db354ed90762190bf70605a02d1f
- * g10/cipher.c (write_header): Use write_status_printf.
-
- gpg: Simplify default_recipient().
- + commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d
- * g10/pkclist.c (default_recipient): Use hexfingerprint.
-
- gpg: Return an error from hexfingerprint on malloc error.
- + commit cd26c5482b10bee7658959ae913f2ddb83190587
- * g10/keyid.c (hexfingerprint): Return NULL on malloc failure. Chnage
- all callers.
-
- gpg: Remove some xmallocs.
- + commit 29119a6492eda5dd7920e45e7f2faa043d436591
- * g10/getkey.c (get_pubkeys): Do not use xmalloc.
-
-2017-12-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: default-preference-list: prefer SHA512.
- + commit 8ede3ae29a39641a2f98ad9a4cf61ea99085a892
- * g10/keygen.c (keygen_set_std_prefs): when producing default internal
- personal-digest-preferences, keep the same order. When publishing
- external preferences, state preference for SHA512 first.
-
-2017-12-12 Werner Koch <wk@gnupg.org>
-
- Change backlog from 5 to 64 and provide option --listen-backlog.
- + commit c81a447190d2763ac4c64b2e74e22e824da8aba3
- * agent/gpg-agent.c (oListenBacklog): New const.
- (opts): New option --listen-backlog.
- (listen_backlog): New var.
- (main): Parse new options.
- (create_server_socket): Use var instead of 5.
- * dirmngr/dirmngr.c: Likewise.
- * scd/scdaemon.c: Likewise.
-
- build: New configure option --enable-run-gnupg-user-socket.
- + commit 17efcd2a2acdc3b7f00711272aa51e5be2476921
- * configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
- * common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
-
-2017-12-11 Werner Koch <wk@gnupg.org>
-
- dirmngr: Check for WKD support at session end.
- + commit 20b52be9ca29b0bc843fc68a279cb72728ede72f
- * dirmngr/domaininfo.c (insert_or_update): Copy the name.
- * dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
- * dirmngr/server.c (set_error): Protect CTX.
- (dirmngr_status): Protect against missing ASSUAN_CTX.
- (dirmngr_status_help): Ditto.
- (dirmngr_status_printf): Ditto.
- (cmd_wkd_get): Factor code out to ...
- (proc_wkd_get): new func. Support silent operation with no CTX.
- (task_check_wkd_support): New.
-
- dirmngr: Add a background task framework.
- + commit f2997adee0455c8c0fa391a853ec1b0c9fc43342
- * dirmngr/workqueue.c: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
- * dirmngr/server.c (server_local_s): New field session_id.
- (cmd_wkd_get): Add a task.
- (task_check_wkd_support): New stub function.
- (cmd_getinfo): New sub-commands "session_id" and "workqueue".
- (start_command_handler): Add arg session_id and store it in
- SERVER_LOCAL.
- (dirmngr_status_helpf): New.
- * dirmngr/dirmngr.h (wqtask_t): New type.
- * dirmngr/dirmngr.c (main): Pass 0 as session_id to
- start_command_handler.
- (start_connection_thread): Introduce a session_id and pass it to
- start_command_handler. Run post session tasks.
- (housekeeping_thread): Run global workqueue tasks.
-
- dirmngr: Limit the number of cached domains for WKD.
- + commit 7a663c296e687f12ccd9a21d414de780feb4dfcf
- * dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
- (insert_or_update): Limit the length of a bucket chain.
- (domaininfo_print_stats): Print just one summary line.
-
- (cherry picked from commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d)
-
- dirmngr: Keep track of domains used for WKD queries.
- + commit 6c1dcd79cf0977844179d9a7b189c10af5e42a7e
- * dirmngr/domaininfo.c: New file.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
- * dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
- known and tell domaininfo about the results.
-
- Adjust for changed macro names in libgpg-error master.
- + commit 34defc9bce91d66fa8c9481ebe6e78b612e570dc
- * common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
- libgpg-error versions.
-
-2017-12-08 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix description of shadow format.
- + commit 5c121d44443b0a96ec6ea82b90717e3dbafd2cc5
- * agent/keyformat.txt, agent/protect.c, agent/t-protect.c: Fix.
-
-2017-12-07 Werner Koch <wk@gnupg.org>
-
- build: Do not define logging.h constants for libgpg-error dev versions.
- + commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10
- * common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
- constants.
-
-2017-12-07 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Change intialization of assuan socket system hooks.
- + commit b9677ba16f6b386896781a751e4b2fc839e3ec81
- * agent/gpg-agent.c (initialize_modules): Add hook again.
- (main): Remove setting of the system houk but add scoket system hook
- setting after assuan initialization.
-
-2017-12-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Set assuan system hooks before call of assuan_sock_init.
- + commit 1524ba9656f0205d8c6ef504f773b832a7a12ab9
- * agent/gpg-agent.c (initialize_modules): Move assuan_set_system_hooks.
- (main): ... here, just before assuan_sock_init.
-
-2017-12-04 NIIBE Yutaka <gniibe@fsij.org>
- Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- g10: Fix regexp sanitization.
- + commit 0d0b9eb0d4f99e8d293a4ce4b90921a879905115
- * g10/trustdb.c (sanitize_regexp): Only escape operators.
-
-2017-11-27 Werner Koch <wk@gnupg.org>
-
- Use the gpgrt log functions if possible.
- + commit b56dfdfc1865ceb7c3c025d79996e049faee7fdf
- * common/logging.c: Do not build any code if we can use the gpgrt_log
- functions.
- (log_logv_with_prefix): Rename to log_logv_prefix and change order of
- args so that this function matches its printf like counterpart
- gpgrt_logv_prefix. Change all callers.
- (log_debug_with_string): Rename to log_debug_string. Change all
- callers.
- (log_printhex): Move first arg to end so that this function matches
- its printf like counterpart gpgrt_log_printhex. Change all callers.
- * common/logging.h: Divert to gpgrt/libgpg-error if we can use the
- gpgrt_log functions.
- (bug_at): Add inline versions if we can use the gpgrt_log functions.
- * configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
- (mycflags): Add -Wno-format-zero-length.
-
-2017-11-26 Werner Koch <wk@gnupg.org>
-
- gpg: Do not read from uninitialized memory with --list-packets.
- + commit 4cf3cc6e3d48c8400466ca29c3f1c22ed2da6c2c
- * g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
-
-2017-11-24 Werner Koch <wk@gnupg.org>
-
- agent: New option --auto-expand-secmem.
- + commit 18af15249de5f826c3fa8d1d40e876734adcd0cf
- * agent/gpg-agent.c (oAutoExpandSecmem): New enum value.
- (opts): New option --auto-expand-secmem.
- (main): Implement that option.
-
-2017-11-22 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leaking for long inputs via --command-fd.
- + commit ea28ea18f3ee6c9f5e69986f39848398b58e242e
- * g10/cpr.c (do_get_from_fd): Free the old buffer.
-
-2017-11-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Enable card removal check after select_application.
- + commit 0bb7fd0cab2d53cd0d44b21301b23edfe817e66b
- * scd/apdu.c (open_ccid_reader): Fix error handling of ccid_get_atr.
- * scd/app.c (select_application): Always kick the loop if new APP.
- * scd/ccid-driver.c (ccid_open_usb_reader): Don't setup at open.
- (ccid_slot_status): Setup interrupt transfer when !ON_WIRE.
-
-2017-11-20 Werner Koch <wk@gnupg.org>
-
- Release 2.2.3.
- + commit 97f4feaaca8da4dcf1ca09a2016693155016f06b
-
-
- build: Use -Werror only for the check.
- + commit 04d9833e71cc9d0c087faec091c29b0b6cf69488
- * configure.ac: Do not add -Werror to mycflags.
-
- gpg-agent: Avoid getting stuck in shutdown pending state.
- + commit 7ffedfab8909a45a4b0347a5f7b52222e8439f1d
- * agent/gpg-agent.c (handle_connections): Always check inotify fds.
-
-2017-11-20 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Use clock or clock_gettime for calibration.
- + commit 760aa8aadafb747f33a1461ab0c2570b5ae43716
- * agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
-
- build: Check -Wlogical-op flag availability with -Werror.
- + commit 3ecd1a41be7c880976987d13e88342c98f37e064
- * configure.ac: Use -Werror.
-
- build: BSD make support for yat2m.
- + commit e1984969cac06a88c7e6f5e49e5c3104d10a847d
- * configure.ac (YAT2M): Only define when found.
- * doc/Makefile.am: Portability fix.
-
-2017-11-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix double free of a hash context in the error case.
- + commit 2aa106d6a4e2b09c257e8d769895d93ebb7f7edf
- * dirmngr/crlcache.c: Clearly document that this fucntions takes
- ownership of MD.
- (abort_sig_check): Allow NULL for MD.
- (crl_parse_insert): Immediately set MD to NULL. Remove check for md
- before a calling abort_sig_check.
-
-2017-11-15 Werner Koch <wk@gnupg.org>
-
- assuan: Fix exponential decay for first second.
- + commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798
- * common/asshelp.c (wait_for_sock): Round SECSLEFT.
- * dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
- mode.
- * common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
-
- common: Change log_clock to printf style.
- + commit 8704304699bcbc1c10d0315ec7d25a1ae05c9905
- * common/logging.c (log_clock): Use do_logv.
-
- common: Tweak new code to keep already translated strings.
- + commit 4a7fe9a596b639a0edb08502f20cb293129e5a33
- * common/asshelp.c (wait_for_sock): Replace NAME by WHICH and adjust
- caller. Revert to use the former strings.
-
-2017-11-15 Andre Heinecke <aheinecke@intevation.de>
-
- w32: Fix default registry path.
- + commit 4f5afaf1fdb5cb13859aca390ccb5a1ba1dba00c
- * configure.ac (GNUPG_REGISTRY_DIR): Remove leading backslash.
-
-2017-11-15 Werner Koch <wk@gnupg.org>
-
- gpg: Repurpose the ISO defined DO "sex" to "salutation".
- + commit 166f3f9ec40888e10cb0c51017944bfc57503fc1
- * g10/card-util.c (current_card_status): String changes.
- (change_sex): Description change.
- (cmds): Add "salutation"; keep "sex" as an alias.
-
-2017-11-15 Andre Heinecke <aheinecke@intevation.de>
-
- gpgtar: Prefer --set-filename over implicit name.
- + commit 878b8bfdcc3a8becfc46b9287a2d14cd3c875f28
- * tools/gpgtar-extract.c: Prefer opt.filename over filename
- for the directory prefix.
-
-2017-11-15 Werner Koch <wk@gnupg.org>
-
- gpg: Print AKL info only in verbose mode.
- + commit b062ea5bc25157c942047b3fe7f5182a06106340
- * g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
-
-2017-11-14 Werner Koch <wk@gnupg.org>
-
- dirmngr: Check for WKD support at session end.
- + commit d4e2302d8f4a1ff52d56da4f8e3a5d1c6303822d
- * dirmngr/domaininfo.c (insert_or_update): Copy the name.
- * dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
- * dirmngr/server.c (set_error): Protect CTX.
- (dirmngr_status): Protect against missing ASSUAN_CTX.
- (dirmngr_status_help): Ditto.
- (dirmngr_status_printf): Ditto.
- (cmd_wkd_get): Factor code out to ...
- (proc_wkd_get): new func. Support silent operation with no CTX.
- (task_check_wkd_support): New.
-
- dirmngr: Add a background task framework.
- + commit 96a4fbecd1acf946dcde20bef4752c539dae196b
- * dirmngr/workqueue.c: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add new file.
- * dirmngr/server.c (server_local_s): New field session_id.
- (cmd_wkd_get): Add a task.
- (task_check_wkd_support): New stub function.
- (cmd_getinfo): New sub-commands "session_id" and "workqueue".
- (start_command_handler): Add arg session_id and store it in
- SERVER_LOCAL.
- (dirmngr_status_helpf): New.
- * dirmngr/dirmngr.h (wqtask_t): New type.
- * dirmngr/dirmngr.c (main): Pass 0 as session_id to
- start_command_handler.
- (start_connection_thread): Introduce a session_id and pass it to
- start_command_handler. Run post session tasks.
- (housekeeping_thread): Run global workqueue tasks.
-
-2017-11-14 Andre Heinecke <aheinecke@intevation.de>
-
- sm, w32: Fix initial keybox creation.
- + commit 5ecef193bc2144e6d51a6bd5727bfd08a0d28b66
- * sm/keydb.c (maybe_create_keybox): Open new keybox in bin mode.
-
-2017-11-14 Werner Koch <wk@gnupg.org>
-
- dirmngr: Limit the number of cached domains for WKD.
- + commit 26f08343fbccdbaa177c3507a3c5e24a5cf94a2d
- * dirmngr/domaininfo.c (MAX_DOMAINBUCKET_LEN): New.
- (insert_or_update): Limit the length of a bucket chain.
- (domaininfo_print_stats): Print just one summary line.
-
-2017-11-13 Werner Koch <wk@gnupg.org>
-
- dirmngr: Keep track of domains used for WKD queries.
- + commit 65038e6852185c20413d8f6602218ee636413b77
- * dirmngr/domaininfo.c: New file.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
- * dirmngr/server.c (cmd_wkd_get): Check whether the domain is already
- known and tell domaininfo about the results.
-
- gpg-agent: Avoid getting stuck in shutdown pending state.
- + commit 5d83eb9226c0ce608ec284d8c9bc22ce84a00c25
- * agent/gpg-agent.c (handle_connections): Always check inotify fds.
-
-2017-11-13 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Handle the case with DISABLE_REGEX.
- + commit 80b904543486a2f12087bc34a6049ede4eb75940
- * tests/openpgp/Makefile.am [DISABLE_REGEX] (EXTRA_DIST, XTESTS):
- Conditionalize.
- * tests/openpgp/all-tests.scm (all-tests): Input file is Makefile.
-
-2017-11-13 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- tests: Run the trust-pgp-4 test again.
- + commit a1fe3708d0894c138f6dd75d2a6bd22c64359172
- * tests/openpgp/Makefile.am (XTESTS): Add trust-pgp-4.scm.
- (EXTRA_DIST): Remove the test file from EXTRA_DIST.
-
-2017-11-09 NIIBE Yutaka <gniibe@fsij.org>
- Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- g10: Fix regexp sanitization.
- + commit ccf3ba92087e79abdeaa0208795829b431c6f201
- * g10/trustdb.c (sanitize_regexp): Only escape operators.
-
-2017-11-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- assuan: Use exponential decay for first 1s of spinlock.
- + commit 149041b0b917f4298239fe18b5ebd5ead71584a6
- * common/asshelp.c (wait_for_sock): instead of checking the socket
- every second, we check 10 times in the first second (with exponential
- decay).
-
- assuan: Reorganize waiting for socket.
- + commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907
- * common/asshelp.c (wait_for_sock): New function, collecting
- codepaths from...
- (start_new_gpg_agent) here and...
- (start_new_dirmngr) here.
-
-2017-11-07 Werner Koch <wk@gnupg.org>
-
- Release 2.2.2.
- + commit 5bd515005032f9340bd73e4346bbd0aef8518074
-
-
- dirmngr: Reduce default LDAP timeout to 15 seconds.
- + commit 30f21f8b0fa6844a9bba3f24dc41b3ac32170109
- * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
- * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
-
- (cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f)
-
- dirmngr: Reduce default LDAP timeout to 15 seconds.
- + commit ab7ac827041b5cd97bbca7a75b0930072dd6611f
- * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15.
- * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto.
-
- speedo: Include software versions in the W32 README.
- + commit 23bfac6d1a8bd2d0af5a6fac3ba3a6e986d6c9e8
- (cherry picked from commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407)
-
-2017-11-07 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 1941287c9d2c9e666bad1bd330db169f0e3d6b6c
-
-
-2017-11-07 Werner Koch <wk@gnupg.org>
-
- speedo: Include software versions in the W32 README.
- + commit f9f72ffbfa9fd7d1a7a1823697d116d76155b407
-
-
-2017-11-07 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 96d441b315ec5c9f329596cfda28ac13a8bfa21a
-
-
- agent: Use clock or clock_gettime for calibration.
- + commit 380bce13d94ff03c96e39ac1d834f382c5c730a1
- * agent/protect.c (calibrate_get_time): Use clock or clock_gettime.
-
-2017-11-06 Werner Koch <wk@gnupg.org>
-
- tests: Minor imporvement in agent invocation.
- + commit 42308224d1fce64c666aed2be5eb4ef42e8aced4
- * tests/openpgp/defs.scm (create-gpghome): Add s2k-count.
-
- agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
- + commit 3607ab2cf382296cb398a92d5ec792239960bf7b
- * agent/command.c (cmd_getinfo): New sub-commands.
- * agent/protect.c (get_standard_s2k_count): Factor some code out to ...
- (get_calibrated_s2k_count): new.
- (get_standard_s2k_time): New.
-
- (cherry picked from commit 52d41c8b0f4af6278d18d8935399ddad16a26856)
-
- agent: New option --s2k-count.
- + commit 78a6d0ce88ae14d8324fbab3aee3286b17e49259
- * agent/agent.h (opt): New field 's2k_count'.
- * agent/gpg-agent.c (oS2KCount): New enum value.
- (opts): New option --s2k-count.
- (parse_rereadable_options): Set opt.s2k_count.
-
- agent: New GETINFO sub-commands "s2k_count_cal" and "s2k_time".
- + commit 52d41c8b0f4af6278d18d8935399ddad16a26856
- * agent/command.c (cmd_getinfo): New sub-commands.
- * agent/protect.c (get_standard_s2k_count): Factor some code out to ...
- (get_calibrated_s2k_count): new.
- (get_standard_s2k_time): New.
-
- agent: New option --s2k-count.
- + commit f7212f1d11aad5d910d2c77b2e5c6ab31a0e786e
- * agent/agent.h (opt): New field 's2k_count'.
- * agent/gpg-agent.c (oS2KCount): New enum value.
- (opts): New option --s2k-count.
- (parse_rereadable_options): Set opt.s2k_count.
-
-2017-11-06 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
- + commit 680161647ad56d1ca92988f80bcc4d6fcb20b1eb
- * g10/keygen.c (pSUBKEYGRIP): New.
- (read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
- (do_generate_keypair): Support pSUBKEYGRIP.
-
- g10: Simplify "factory-reset" procedure.
- + commit f183b9768b42a6792c55a6129488bd8fbf5e8e6d
- * g10/card-util.c (factory_reset): Simplify.
-
-2017-11-02 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 6070f5a61d4d17ff437c69e1b708d49d107c22dc
-
-
-2017-11-02 Werner Koch <wk@gnupg.org>
-
- gpg: Introduce magic value 25519 to switch a card to ECC.
- + commit acb300543422c660c87ac2f0211a42f792a65cc4
- * g10/card-util.c (ask_card_keyattr): Handle special value 25519.
- (do_change_keyattr): Allow changing to cv25519/ed25519.
- (generate_card_keys): Ditto.
- (card_generate_subkey): Ditto.
-
- gpg: Rename two card related functions in card-util.
- + commit de3a740c2e1156e58d2f94faa85c051740c8988e
- * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
- (do_change_rsa_keysize): Rename to do_change_keyattr.
-
- gpg: Unifiy the message for re-configuring cards.
- + commit 922bae8082f2f8d696ea0e7d7e9e4d986789bdfc
- * g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
-
- gpg: Introduce magic value 25519 to switch a card to ECC.
- + commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
- * g10/card-util.c (show_keysize_warning): Slightly change the text.
- (ask_card_keyattr): Handle special value 25519.
- (do_change_keyattr): Allow changing to cv25519/ed25519.
- (generate_card_keys): Ditto.
- (card_generate_subkey): Ditto.
-
-2017-11-02 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
- + commit 3da47d19df89d302c0ea25921f4bd8ce55705afe
- * agent/learncard.c (agent_handle_learn): Find SERIALNO.
-
- agent: Fix returning GPG_ERR_NOT_FOUND wrongly.
- + commit 5e96fe72e477d09e35ccee48af0fd9ab2b3ae409
- * agent/learncard.c (agent_handle_learn): Find SERIALNO.
-
-2017-11-01 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Accept the Z-suffix for yymmddThhmmssZ format.
- + commit 0e5bd473a07f188615c4fce26b73bb452d689d68
- * common/gettime.c (isotime_p): Accept the Z suffix.
-
-2017-11-01 Werner Koch <wk@gnupg.org>
-
- gpg: Rename two card related functions in card-util.
- + commit f795f4529d8ab5a05db1cc1960abd34390bfae1b
- * g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
- (do_change_rsa_keysize): Rename to do_change_keyattr.
-
-2017-11-01 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
- + commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc
- * g10/keygen.c (pSUBKEYGRIP): New.
- (read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
- (do_generate_keypair): Support pSUBKEYGRIP.
-
-2017-10-30 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Simplify "factory-reset" procedure.
- + commit d63b7966cdd72548c60466c620de5cd6104a779e
- * g10/card-util.c (factory_reset): Simplify.
-
-2017-10-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Clean up pinentry access locking.
- + commit 3924e1442c6625a2b57573a1a634a5ec56b09a29
- * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
- * agent/call-pinentry.c (entry_owner): Remove.
- (agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
- (unlock_pinentry): Add CTRL to arguments to access thread private.
- Check and decrement PINENTRY_ACTIVE for recursive use.
- (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
- (agent_askpin): Follow the change of unlock_pinentry API.
- (agent_get_passphrase, agent_get_confirmation): Likewise.
- (agent_show_message, agent_popup_message_start): Likewise.
- (agent_popup_message_stop, agent_clear_passphrase): Likewise.
-
- agent: Allow recursive use of pinentry.
- + commit 4738256f2e0d22302377c9ec7b2ae3999338e6c6
- * agent/agent.h (struct server_control_s): Add pinentry_level.
- * agent/call-pinentry.c (agent_popup_message_stop): Not clear
- ENTRY_CTX here.
- (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here.
- (start_pinentry): Allow recursive use.
-
- agent: Clean up pinentry access locking.
- + commit fb7828676cc2c01047498898378711e049f73fee
- * agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
- * agent/call-pinentry.c (entry_owner): Remove.
- (agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
- (unlock_pinentry): Add CTRL to arguments to access thread private.
- Check and decrement PINENTRY_ACTIVE for recursive use.
- (start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
- (agent_askpin): Follow the change of unlock_pinentry API.
- (agent_get_passphrase, agent_get_confirmation): Likewise.
- (agent_show_message, agent_popup_message_start): Likewise.
- (agent_popup_message_stop, agent_clear_passphrase): Likewise.
-
-2017-10-26 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Allow recursive use of pinentry.
- + commit 3b66a256e3760e88066ca11b7b49d924e42aa46b
- * agent/agent.h (struct server_control_s): Add pinentry_level.
- * agent/call-pinentry.c (agent_popup_message_stop): Not clear
- ENTRY_CTX here.
- (unlock_pinentry): Handle recursion. Clear ENTRY_CTX here.
- (start_pinentry): Allow recursive use.
-
- agent, tests: Support --disable-scdaemon build case.
- + commit 05cb87276c21c3a47226c75026fa46a955553dd9
- * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
- * tests/openpgp/defs.scm (create-gpghome): Likewise.
- * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
-
- Fix comment of configure.
- + commit b13972dfbf7224478652038725ab0d2cb41b7303
- * configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
-
- agent, tests: Support --disable-scdaemon build case.
- + commit bf26c08b95389718ba07f12789d372c6f438134f
- * agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
- * tests/openpgp/defs.scm (create-gpghome): Likewise.
- * tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.
-
- Fix comment of configure.
- + commit 3549dce4f5a726f5350ac2f20d83ba9f84cc23b4
- * configure.ac (BUILD_WITH_DIRMNGR): Comment fix.
-
-2017-10-24 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid superfluous sig check info during import.
- + commit 84af859e391a757877c9a1d78e35face983e6d23
- * g10/key-check.c (print_info): New.
- (key_check_all_keysigs): Print sig checking results only in debug
- mode. Prettify the stats info and suppress them in quiet mode.
-
- build: New configure option --enable-werror.
- + commit 812fe29bff42cf7dbd07e0becc55b2ada340dd97
- * configure.ac: Implement that option.
-
- build: Do not mess with CFLAGS in configure.
- + commit e417aaf69817fcb4a73c38077853dc940a2deabc
- * configure.ac: Do not mess with the user provided CFLAGS.
-
-2017-10-24 Rainer Perske <rainer.perske@uni-muenster.de>
-
- sm: Do not expect X.509 keyids to be unique.
- + commit 1067403c8a7fb51decf30059e46901b5ee9f5b37
- * sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
- * sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
- (run_command_inq_cb): Ditto.
- * sm/gpgsm.c (main): Pass false.
- * sm/server.c (cmd_passwd): Pass false.
-
-2017-10-24 Werner Koch <wk@gnupg.org>
-
- gpgconf: Ignore non-installed components with --apply-profile.
- + commit 6e808ae4700dc5e95bf4cc2d5c063df582c234d0
- * tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
- only_installed.
- (gc_component_retrieve_options): Use this if we want to process all
- components.
-
- gpg: Improve the "secret key available" notice in keyedit.c.
- + commit 560d85ecff4246133d185dc29395f07c918b5556
- * g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
- (cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
- (keyedit_menu): Check whether only subkeys are available and take care
- of that in the command check and in the HELP listing. Also print a
- different notice if only subkeys are available.
-
- gpg: Remove unused flags from keyedit.c.
- + commit 016538d82867c40a21bc7cbf44ec386f4699077f
- * g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
- (cmds): Remove them.
-
-2017-10-19 Werner Koch <wk@gnupg.org>
-
- gpg: Fix creating on-disk subkey with on-card primary key.
- + commit 44fb3fbc85b32552c91f32f099b6b246c12ce0cc
- * g10/keygen.c (generate_subkeypair): Ignore error code issued for
- trying to verify a card based key.
-
- gpg: Print sec/sbb with --import-option import-show or show-only.
- + commit 2c7dccca9b617780a3ea760adf460bb3b77f90f3
- * g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
-
- gpg: Make --dry-run and show-only work for secret keys.
- + commit 68c8619114fd5f24cb6bfb9e0f25c428a8805323
- * g10/import.c (import_secret_one): Check for dry-run before
- transferring keys.
-
-2017-10-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- dirmngr: Do not follow https-to-http redirects.
- + commit 1ba308aa0356a57c21c4c8c2dac75b4d62b8aac3
- * dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
- a https URI to a http URI.
-
-2017-10-19 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix find_and_check_key for multiple keyrings.
- + commit d07de3862710d88bc80d6f6c5ca8da5cf38ff0eb
- * g10/pkclist.c (find_and_check_key): Call get_validity on a specific
- keyblock.
-
-2017-10-19 Werner Koch <wk@gnupg.org>
-
- gpg: Keep a lock during the read-update/insert cycle in import.
- + commit 7c73db3d31c6457dfbdc82a8dc89951c023f0603
- * g10/keydb.c (keydb_handle): New field 'keep_lock'.
- (keydb_release): Clear that flag.
- (keydb_lock): New function.
- (unlock_all): Skip if KEEP_LOCK is set.
- * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
- requested.
-
- gpg: Improve keydb handling in the main import function.
- + commit 8448347b5bdee56e6f9938a93ea92fe4d3c8800c
- * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
- (get_keyblock_byfprint_fast): .. new function.
- * g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
- (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
- handle. Remove the now surplus keyblock fetch in the merge branch.
-
- gpg: Simplify keydb handling of the main import function.
- + commit 752cae6dd2ee8982a34c796a3f168ae538f7938c
- * g10/import.c (import_keys_internal): Return gpg_error_t instead of
- int. Change var names.
- (import_keys_es_stream): Ditto.
- (import_one): Ditto. Use a single keydb_new and simplify the use of
- of keydb_release.
-
- sm: Fix colon listing of fields > 12 in crt records.
- + commit 1bf5cbd3ef01b7f5fdcfa30c882047b924dcf3f0
- * sm/keylist.c (print_capabilities): Move colon printing ...
- (list_cert_colon): to here.
-
-2017-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: Send pinentry the uid of connecting process where possible.
- + commit 28aa6890588cc108639951bb4bef03ac17743046
- * agent/agent.h (server_control_s): Add field 'client_uid'.
- * agent/call-pinentry.c (start_pinentry): Add uid field to assuan
- option "owner" sent to pinentry.
- * agent/command-ssh.c (peer_info_s): New static struct.
- (get_client_pid): Rename to...
- (get_client_info): Here, and extract uid in addition to pid.
- (start_command_handler_ssh): Use get_client_info() instead of
- get_client_pid().
- * agent/command.c (start_command_handler): Try assuan_get_peercred,
- and only fall back to assuan_get_pid when assuan_get_peercred fails.
-
-2017-10-19 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix find_and_check_key for multiple keyrings.
- + commit 995c46ea77cff5b99b2fca17b547d6525a4f227e
- * g10/pkclist.c (find_and_check_key): Call get_validity on a specific
- keyblock.
-
-2017-10-18 Werner Koch <wk@gnupg.org>
-
- gpg: Keep a lock during the read-update/insert cycle in import.
- + commit 645f30ad310a518a863eb7bd3e11251a7e7f2eca
- * g10/keydb.c (keydb_handle): New field 'keep_lock'.
- (keydb_release): Clear that flag.
- (keydb_lock): New function.
- (unlock_all): Skip if KEEP_LOCK is set.
- * g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
- requested.
-
- gpg: Improve keydb handling in the main import function.
- + commit 3bb06531d38b85be295308e826a50a1a7ba935ec
- * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
- (get_keyblock_byfprint_fast): .. new function.
- * g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
- (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
- handle. Remove the now surplus keyblock fetch in the merge branch.
-
- gpg: Simplify keydb handling of the main import function.
- + commit d353287f721ffb56627d55bef04cc770ff0a8681
- * g10/import.c (import_keys_internal): Return gpg_error_t instead of
- int. Change var names.
- (import_keys_es_stream): Ditto.
- (import_one): Ditto. Use a single keydb_new and simplify the use of
- of keydb_release.
-
- gpg: Fix wrong Tofu DB consistency check.
- + commit 18e5946aef458cd95fdce4a04e144747b52b0472
- * g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
- is the size of the fingerprint.
-
-2017-10-17 Werner Koch <wk@gnupg.org>
-
- gpg,sm: New option --with-key-screening.
- + commit 825abec0e7f38667a34dce3025fc2f3a05001dde
- * common/pkscreening.c: New.
- * common/pkscreening.h: New.
- * common/Makefile.am (common_sources): Add them.
- * g10/gpg.c (opts): New option --with-key-screening.
- * g10/options.h (struct opt): New field with_key_screening.
- * g10/keylist.c: Include pkscreening.h.
- (print_pk_screening): New.
- (list_keyblock_print): Call it.
- (print_compliance_flags): Call it.
- * sm/gpgsm.c (opts): New option --with-key-screening.
- * sm/gpgsm.h (scruct opt): New field with_key_screening.
- * sm/keylist.c: Include pkscreening.h.
- (print_pk_screening): New.
- (print_compliance_flags): Call it. Add new arg cert.
- (list_cert_colon): Pass arg cert
- (list_cert_std): Call print_pk_screening.
- * sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
-
- sm: Fix colon listing of fields > 12 in crt records.
- + commit 69e579d78545aee5096a5d170e1cb9e511a09a90
- * sm/keylist.c (print_capabilities): Move colon printing ...
- (list_cert_colon): to here.
-
-2017-10-06 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix comparison.
- + commit 1ed21eee79749b976b4a935f2279b162634e9c5e
- * g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
- not one or fewer.
-
-2017-09-28 Werner Koch <wk@gnupg.org>
-
- gpg: Workaround for junk after --trusted-key.
- + commit b509d81cab030cca6abf0d878e1fc884eda344e6
- * g10/trust.c (register_trusted_key): Cut off everthing starting as a
- hash sign.
-
-2017-09-27 Werner Koch <wk@gnupg.org>
-
- gpg: Prepare for a longer fingerprint.
- + commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
- * g10/card-util.c (change_cafpr): Use MAX_FINGERPRINT_LEN.
- * g10/cipher.c (write_header): Use snprintf.
- * g10/gpg.h (MAX_FINGERPRINT_LEN): Change to 32.
- (MAX_FORMATTED_FINGERPRINT_LEN): Change to 59
- * g10/keyid.c (format_hexfingerprint): Add v5 fingerprint format.
- * g10/tofu.c (get_policy): Use MAX_FINGERPRINT_LEN for the buffer but
- keep the raw length for now.
-
- common: Add constant KEYGRIP_LEN.
- + commit 76c80021d4da0755dbb04bd5d42f32015cba0b9a
- * common/util.h (KEYGRIP_LEN): New.
- * g10/call-agent.c (agent_probe_any_secret_key): Use that constant.
- * g10/keyid.c (keygrip_from_pk): Ditto.
-
- gpg: Let --debug clock time sign and verify.
- + commit 6aa4478c78cb34cf3d0ae5c752525110947bd247
- * configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
- * common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
- timestamp printing.
- * g10/call-agent.c (agent_pksign): Time signing.
- * g10/sig-check.c (check_signature_end_simple): Time verification.
-
-2017-09-26 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Select a secret key by checking availability under gpg-agent.
- + commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6
- * g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
- by agent_probe_secret_key.
- (get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.
-
-2017-09-20 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix cancellation handling for scdaemon.
- + commit 9f5e50e7c85aa8b847d38010241ed570ac114fc3
- * agent/call-scd.c (cancel_inquire): Remove.
- (agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
- (agent_card_scd): Don't call cancel_inquire.
-
- scd: Distinguish cancel by user and protocol error.
- + commit 2396055c096884d521c26b76f26263a146207c24
- * scd/apdu.h (SW_HOST_CANCELLED): New.
- * scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
- (pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
- * scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
- SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.
-
-2017-09-19 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Accept the Z-suffix for yymmddThhmmssZ format.
- + commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b
- * common/gettime.c (isotime_p): Accept the Z suffix.
-
-2017-09-19 Werner Koch <wk@gnupg.org>
-
- Release 2.2.1.
- + commit 355ca9e9498740fb6294eec451507b4891ae01ec
-
-
-2017-09-19 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix gnupg_wait_processes.
- + commit eeb3da6eb717ed6a1a1069a7611eb37503e8672d
- * common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
- even if we already see an error.
-
-2017-09-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use system certs if --hkp-cacert is not used.
- + commit df692a6167be5486f9a29da003a00292fd895176
- * dirmngr/certcache.c (any_cert_of_class): New var.
- (put_cert): Set it.
- (cert_cache_deinit): Clear it.
- (cert_cache_any_in_class): New func.
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
- override empty list of HKP certs.
-
- wks: Create a new user id if provider wants mailbox-only.
- + commit 50c8b6c88f5d9f4b6c4e9c03aee31fe29afa94b8
- * tools/gpg-wks-client.c (get_key): Add arg 'exact'.
- (add_user_id): New.
- (command_send): Create new user id.
-
- wks: Send only the newest UID to the server.
- + commit 7f7f5d06fa5aa3a3c5ab8d2e59ee76207bfdeaa0
- * tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
- (wks_filter_uid): New.
- (wks_list_key): Allow FPR to be NULL. Return an error if no
- fingerprint was found.
- * tools/gpg-wks-server.c (process_new_key)
- (check_and_publish): Remove now useless extra check for FPR.
- * tools/gpg-wks-client.c (command_check): Ditto.
- (command_send): Filter out the newest uid.
-
- wks: Print the UID creation time with gpg-wks-client --check.
- + commit a0035986a8615df056182bb9af775b8b7b22003d
- * tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
- * tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
- (wks_list_key): Pass timestamp to append_to_uidinfo_list.
- * tools/gpg-wks-client.c (command_check): Print UID creation time.
-
- wks: Use dedicated type to convey user ids.
- + commit 4e0696de897cac6a34d55a69d8889faf26f1a923
- * tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
- * tools/wks-util.c (append_to_uidinfo_list): New.
- (free_uidinfo_list): New.
- (wks_list_key): Change arg r_mboxes to uidinfo_list_t. Use
- append_to_uidinfo_list.
- * tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
- uidinfo_list_t.
- (process_new_key): Ditto.
- (check_and_publish): Ditto.
- (command_receive_cb): Replace free_strlist by free_uidinfo_list.
- * tools/gpg-wks-client.c (command_check): Replace strlist_t by
- uidinfo_list_t. Also print user id in verbose mode.
-
-2017-09-13 Werner Koch <wk@gnupg.org>
-
- gpgv: Initialize compliance checker.
- + commit 006ca124ed95845d43af8c14d7ab2bc085b47b4c
- * g10/gpgv.c (main): Call gnupg_initialize_compliance.
-
-2017-09-12 Werner Koch <wk@gnupg.org>
-
- wks: Add hack for the broken posteo system.
- + commit a821b4f5567d02c3329c2b94a73dcbe12e6699a2
- * tools/gpg-wks-client.c (command_send): Additional hack for posteo.
- Check the protocol-version flag.
-
- wks: Add new policy flag protocol-version.
- + commit 332c9eaa2a3c7cae90b389cdaa2c149c5595fb4d
- * tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
- * tools/wks-util.c (wks_parse_policy): Add new policy flag.
-
- gpg: Fix "Fix key generation with only an email part".
- + commit 8b5a2474f21dd4f1aa2a283e2f57d75e42742af5
- * g10/keygen.c (proc_parameter_file): Don't check the result of
- stpcpy.
-
- wks: Use unencrypted draft-1 mode for posteo.de.
- + commit c65a7bba7331975d20910f90cf648b6ecc5410f0
- * tools/gpg-wks-client.c (command_send): Allow sending in draft-1
- mode.
-
- tools: New function mime_maker_add_body_data.
- + commit 7d15ee88980f88ca62fc7de9492dd08e54d0f0f1
- * tools/mime-maker.c (mime_maker_add_body_data): New.
-
-2017-09-11 Alon Bar-Lev <alon.barlev@gmail.com>
-
- sm: Move qualified.txt from datadir into sysconfdir.
- + commit 384a3748d9022b7ae3f629c13f92e204565fea3d
- * doc/Makefile.am: Move qualified.txt into examples.
- * doc/qualified.txt: Move into examples, remove trailing spaces.
- * doc/examples/README: Document qualified.txt.
- * doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
- * sm/qualified.c (read_list): Move qualified.txt from datadir into
- sysconfdir.
-
-2017-09-11 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Fix a test which specifies expiration date.
- + commit a172759b5088ae086c0caa2e7d4d0ea346b28a90
- * tests/openpgp/quick-key-manipulation.scm: Fix expiration time
- comparison.
-
- scd: Fix for large ECC keys.
- + commit 827abe01a72a50eab1cdcde78985b42a4a8480fb
- * scd/app-openpgp.c (do_decipher): Support larger length.
-
-2017-09-11 Werner Koch <wk@gnupg.org>
-
- gpg: Fix key generation with only an email part.
- + commit 7089dcc54099a4909ce7d386c07ab87e1398e2eb
- * g10/keygen.c (proc_parameter_file): Special case the email only
- case.
-
-2017-09-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: compile-time configuration of s2k calibration.
- + commit 926d07c5fa05de05caef3a72b6fe156606ac0549
- * configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
- AGENT_S2K_CALIBRATION (measured in milliseconds)
- * agent/protect.c (calibrate_s2k_count): Calibrate based on
- AGENT_S2K_CALIBRATION.
-
- gpg: default to AES-256.
- + commit 73ff075204df09db5248170a049f06498cdbb7aa
- * g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.
-
- gpg: default to 3072-bit RSA keys.
- + commit 909fbca19678e6e36968607e8a2348381da39d8c
- * agent/command.c (hlp_genkey): update help text to suggest the use of
- 3072 bits.
- * doc/wks.texi: Make example match default generation.
- * g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
- rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
- (gen_rsa, get_keysize_range): update default from 2048 to 3072).
- * g10/keyid.c (pubkey_string): update comment so that first example
- is the default 3072-bit RSA.
-
- gpgsm: default to 3072-bit keys.
- + commit 7955262151a5c755814dd23414e6804f79125355
- * doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
- default to 3072 bits.
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
- 3072 bits.
- * sm/certreqgen.c (proc_parameters): update default to 3072 bits.
- * sm/gpgsm.c (main): print correct default_pubkey_algo.
-
-2017-09-08 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Fix a test which specifies expiration date.
- + commit 17f764dd4972a063fe09c4b9d2846e8efcb25c7a
- * tests/openpgp/quick-key-manipulation.scm: Fix expiration time
- comparison.
-
-2017-08-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for large ECC keys.
- + commit ff7ccd284c327a5b1c89603f157089177dac9d13
- * scd/app-openpgp.c (do_decipher): Support larger length.
-
-2017-08-28 Werner Koch <wk@gnupg.org>
-
- Release 2.2.0.
- + commit 9d80fb8e000189e61c173c39f1e1ca417566a7fc
-
-
-2017-08-27 Werner Koch <wk@gnupg.org>
- Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
-
- scd: Convey the correct length for Le.
- + commit 45d5f5800afe6613f338a26f361cb5e03e861129
- * scd/app-openpgp.c (determine_rsa_response): Round bits up.
-
-2017-08-24 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leak while running --check-trustdb.
- + commit 13821e15fb9bdddfce79d88731c0f151724b2371
- * g10/trustdb.c (update_min_ownertrust): Free PK.
-
- gpg: Fix memory leak in sig-check.
- + commit b065a696344eac3007dbd5642143ecaaeebab43a
- * g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
- condition. Actually free when SIGNER was allocated by us.
-
- build: Remove obsolete option from autogen.rc.
- + commit 02a5df614a369519ad7781f95dc977e24a0d4277
- * autogen.rc: Remove --enable-gpg2-is-gpg.
-
-2017-08-23 Werner Koch <wk@gnupg.org>
-
- gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
- + commit 565e486b8028f9e3cc51ebc5202666b598042175
- * g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
- (main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
- * tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible. Make
- "auto-key-retrieve" an expert option.
-
- tests: Do not run trust-pgp-4.scm.
- + commit b917cb66b79597520788cd9264889942247a3377
- * tests/openpgp/Makefile.am (XTESTS): Remove test.
- (EXTRA_DIST): Add test file.
-
- build: Change SWDB tag "gnupg21" to "gnupg22".
- + commit 008ae0bd868cb49ad4d67fc8c71707cd2a162137
- * configure.ac (GNUPG_SWDB_TAG): New ac_define. Set it to "gnupg22".
- * tools/gpgconf.c (query_swdb): Use it.
- * build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
- * Makefile.am (distcheck-hook): Ditto.
-
-2017-08-23 Åka Sikrom <a4@hush.com>
-
- po: Update Norwegian translation.
- + commit fd0e5b60bed1cfc2aed7b2e13cc449f355eac051
-
-
-2017-08-23 Andre Heinecke <aheinecke@intevation.de>
-
- agent: Fix string translation for Windows.
- + commit 6158811304937b592601ef30c29c5a5cdbaa88ea
- * agent/agent.h (L_): Define agent_Lunderscore when simple
- gettext is used.
-
-2017-08-22 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit e6fa6b0ce823effd721c807b2b292287af91c642
-
-
-2017-08-21 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- tests: Add tests for the PGP trust model.
- + commit c23a69970ba38edae9d3b2603825d18fbb732423
- * tests/openpgp/trust-pgp-1.scm: New file.
- * tests/openpgp/trust-pgp-2.scm: New file.
- * tests/openpgp/trust-pgp-3.scm: New file.
- * tests/openpgp/trust-pgp-4.scm: New file.
- * tests/openpgp/trust-pgp/common.scm: New file.
- * tests/openpgp/trust-pgp/scenario1.asc: New file.
- * tests/openpgp/trust-pgp/scenario2.asc: New file.
- * tests/openpgp/trust-pgp/scenario3.asc: New file.
- * tests/openpgp/trust-pgp/scenario4.asc: New file.
- * tests/openpgp/trust-pgp/alice.sec.asc: New file.
- * tests/openpgp/trust-pgp/bobby.sec.asc: New file.
- * tests/openpgp/trust-pgp/carol.sec.asc: New file.
- * tests/openpgp/trust-pgp/david.sec.asc: New file.
- * tests/openpgp/trust-pgp/frank.sec.asc: New file.
- * tests/openpgp/trust-pgp/grace.sec.asc: New file.
- * tests/openpgp/trust-pgp/heidi.sec.asc: New file.
- * tests/openpgp/Makefile.am (XTESTS): Add new tests.
- (TEST_FILES): Add new files.
- (EXTRA_DIST): Add new common file.
-
- tests: Move some functions into a common module.
- + commit cbe54b28bf3610204e12c50c0606df37337a1156
- * tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
- module.
- (checktrust): Likewise.
- * tests/openpgp/defs.scm (gettrust): New function.
- (checktrust): Likewise.
-
- gpgconf: Make WoT settings configurable by gpgconf.
- + commit 0161225457e0609509d0d5f4b80a60a1071b4b48
- * tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
- completes-needed, and marginals-needed options.
- * g10/gpg.c (gpgconf_list): Likewise.
-
-2017-08-21 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix -Wimplicit-fallthrough warnings.
- + commit 6e596b2a745ae7a75a69038cf00ab4bbae1cebaa
- * tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
- is at the front.
- (Eval_Cycle): Improve fallthrough annotations.
-
-2017-08-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: default to --no-auto-key-retrieve.
- + commit e6f84116abca2ed49bf14b2e28c3c811a3717227
- * g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
- default keyserver options.
- * doc/gpg.texi: document this change.
-
-2017-08-10 Justus Winter <justus@g10code.com>
-
- tests: Improve documentation.
- + commit 23107ba20f8b4eb5482b480ad6a8af6b39d2bfeb
- * tests/openpgp/README: Add quickstart instructions, how to use
- shell.scm, remove no longer used MKDATA.
-
-2017-08-09 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Write status error on error of --quick-revoke-uid.
- + commit 977fc5f0eb9fdee19e66bea8cd2eb5414789b485
- * g10/keyedit.c (keyedit_quick_revuid): Write status error on error.
-
-2017-08-09 Werner Koch <wk@gnupg.org>
-
- Release 2.1.23.
- + commit e8ffa9a6ca5d76660b67207cd1157068e48483de
-
-
- po: Update German translation.
- + commit 2059dbf201963c6f229698ae80c6c774b1f686c8
-
-
-2017-08-08 Werner Koch <wk@gnupg.org>
-
- build: New configure option --enable-all-tests.
- + commit fb21aa8b50367e2afa13bad73fc21d6f01a97e18
- * configure.ac: New option --enable-all-tests.
- * tests/gpgscm/ffi.c (ffi_init): New gloabl var *run-all-tests*.
- * tests/openpgp/all-tests.scm (all-tests): Use that var instead
- of *maintainer-mode*.
- * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Add --enable-all-tests.
-
- gpgscm: Make the test summary stand out.
- + commit 0bd19dae1161a71053d794e4f75e66f70445f9f0
- * tests/gpgscm/tests.scm (test-pool): Add delimiter lines.
-
- sm: Always print the keygrip in colon mode.
- + commit 0a8e20c4c639f0c491e2af5ac5fb97005196422b
- * sm/keylist.c (list_cert_colon): Always print the keygrip as
- described in the manual.
-
-2017-08-08 Justus Winter <justus@g10code.com>
-
- gpg: Add option '--disable-dirmngr'.
- + commit c4506f624ed6854aa0ba1629aa2d1d43eb26900d
- * doc/gpg.texi: Document new option.
- * g10/call-dirmngr.c (create_context): Fail if option is given.
- * g10/gpg.c (cmd_and_opt_values): New value.
- (opts): New option.
- (gpgconf_list): Add new option.
- (main): Handle new option.
- * g10/options.h (struct opt): New field 'disable_dirmngr'.
- * tools/gpgconf-comp.c (gc_options_gpg): New option.
-
-2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- systemd-user: Drop redundant After=*.socket.
- + commit 81074c3b0211854a2dc94600dc892224201536f5
- * doc/examples/systemd-user/*.service: Drop redundant After=*.socket
- directive.
-
- systemd-user: Drop RefuseManualStart=true.
- + commit 407da18254dfebcacfaee16952ef0b617b1626ea
- * doc/examples/systemd-user/*.service: drop RefuseManualStart=true
-
-2017-08-07 Justus Winter <justus@g10code.com>
-
- tests: Do not run all tests unless in maintainer mode.
- + commit b0112dbca91e720a4ff622ad0e88d99eba56203a
- * configure.ac: Leak the maintainer mode flag into 'config.h'.
- * tests/gpgscm/ffi.c: Pass it into the scheme environment.
- * tests/openpgp/all-tests.scm: Only run tests against non-default
- configurations (keyring, extended-key-format) in maintainer mode.
-
-2017-08-07 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Fix spelling.
- + commit a611cba142470c52f3303c512f77ae7d195cc41f
- * doc/gpg.texi: s/occured/occurred/
-
- Simple typo fix.
- + commit f011d8763a009612c858a287cf7cc6a1f1a6d32a
- * agent/gpg-agent.c: Correct spelling in comment.
-
-2017-08-05 Werner Koch <wk@gnupg.org>
-
- gpg: Install gpg by default under the name gpg.
- + commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
- * configure.ac: Remove option --enable-gpg2-is-gpg. Add option
- --enable-gpg-is-gpg2.
- * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Remove
- --enable-gpg2-is-gpg.
-
- gpg: gpgconf needs to support the now default --auto-key-retrieve.
- + commit 69e97d909d586160cc0631c9a6f4d3f24bb0c682
- * tools/gpgconf-comp.c (gc_options_gpg): Re-add "auto-key_retrieve".
-
-2017-08-04 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leak in parse_auto_key_locate.
- + commit b70e86fd1050fc6da07a177ed142ae9882b4dd0d
- * g10/getkey.c (parse_auto_key_locate): Fix freeing of OPTIONS.
-
- tests: Adjust tests for changed --auto-key-locate default.
- + commit 0767eada1479c0fa9d4b75781a8c2afb67bdbf90
- * tests/openpgp/defs.scm (create-gpghome): Disable new defaults.
-
- gpg: Make --no-auto-key-retrieve gpgconf-igurable.
- + commit 9bb13a0e819334681caca38c9074bd7bfc04e45e
- * g10/gpg.c (gpgconf_list): Print no-auto-key-retrieve instead of
- auto-key-retrieve.
- * tools/gpgconf-comp.c (gc_options_gpg): Replace auto-key-retrieve by
- no-auto-key-retrieve and chnage level from invisible to advanced.
-
- gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve.
- + commit 7e1fe791d188b078398bf83c9af992cb1bd2a4b3
- * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default
- keyserver options. Set the default for --auto-key-locate to
- "local,wkd". Reset that default iff --auto-key-locate has been given
- in the option file or in the commandline.
- * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg.
-
- agent: Make --no-grab the default.
- + commit 3d78ae4d3de08398fabae5821045a3a1da6dadbe
- * agent/gpg-agent.c (oGrab): New const.
- (opts): New option --grab. Remove description for --no-grab.
- (parse_rereadable_options): Make --no-grab the default.
- (finalize_rereadable_options): Allow --grab to override --no-grab.
- (main) <gpgconflist>: Add "grab".
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Add "grab".
-
- gpg: Avoid double fingerprint printing with import-show.
- + commit b54d75fb1dcfa2cebb3a2497b81ffb49acac2056
- * g10/import.c (import_one) <IMPORT_SHOW>: Take care of fingerprint
- options.
-
- gpg: New import option show-only.
- + commit d9fabcc1989d7235ea0294874803295a30f8711b
- * g10/options.h (IMPORT_DRY_RUN): New.
- * g10/import.c (parse_import_options): Add "show-only".
- (import_one): use that as alternative to opt.dry_run.
-
-2017-08-03 Werner Koch <wk@gnupg.org>
-
- wks: Allow gpg-wks-client --supported with just the domain name.
- + commit 6cba56d436b56ea5e60042144a8a75a2e80007c8
- * tools/gpg-wks-client.c (command_supported): Hack for missing local
- part.
-
-2017-08-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Always save standard revocation certificate in file.
- + commit dcfb01959802b27869528dda1d9a4f5e79574bb5
- * g10/revoke.c (gen_standard_revocation): Set opt.outfile to NULL
- temporarily to create certificate in right place.
-
-2017-08-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- Revert "g10: Always save standard revocation certificate in file."
- + commit 624cd2d0bf6cc6dd1b79654295dc76f5b2d6d70b
- This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
-
- g10: Always save standard revocation certificate in file.
- + commit ebc65ff459e6c228fb7406e375819a9fe5637abe
- * g10/main.h (open_outfile): New parameter NO_OUTFILE.
- * g10/openfile.c (open_outfile): New parameter NO_OUTFILE. If given,
- never use opt.outfile.
- * g10/revoke.c (create_revocation): If FILENAME is true, also set
- NO_OUTFILE to true (for standard revocation certificates).
- * g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
- g10/sign.c: Adjust all other callers.
-
- artwork: Add icons.
- + commit a8d0b8d2333ddab703d1e346e06c106eeeedfd53
- * artwork/icons/index.css: New file.
- * artwork/icons/index.html: New file.
- * artwork/icons/lock-12.png: New file.
- * artwork/icons/lock-128.png: New file.
- * artwork/icons/lock-16.png: New file.
- * artwork/icons/lock-24.png: New file.
- * artwork/icons/lock-256.png: New file.
- * artwork/icons/lock-32.png: New file.
- * artwork/icons/lock-48.png: New file.
- * artwork/icons/lock-64.png: New file.
- * artwork/icons/lock-wing-12.png: New file.
- * artwork/icons/lock-wing-128.png: New file.
- * artwork/icons/lock-wing-16.png: New file.
- * artwork/icons/lock-wing-24.png: New file.
- * artwork/icons/lock-wing-256.png: New file.
- * artwork/icons/lock-wing-32.png: New file.
- * artwork/icons/lock-wing-48.png: New file.
- * artwork/icons/lock-wing-64.png: New file.
- * artwork/icons/lock-wing.svg: New file.
- * artwork/icons/lock.svg: New file.
- * artwork/icons/wing-12.png: New file.
- * artwork/icons/wing-128.png: New file.
- * artwork/icons/wing-16.png: New file.
- * artwork/icons/wing-24.png: New file.
- * artwork/icons/wing-256.png: New file.
- * artwork/icons/wing-32.png: New file.
- * artwork/icons/wing-48.png: New file.
- * artwork/icons/wing-64.png: New file.
- * artwork/icons/wing.svg: New file.
-
-2017-08-01 Werner Koch <wk@gnupg.org>
-
- gpg,sm: Error out on compliance mismatch while decrypting.
- + commit 4e117f206beb38287ddcd3251fb7baabadfbddbb
- * g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
- allowed in the current compliance mode.
- * sm/decrypt.c (gpgsm_decrypt): Ditto.
-
-2017-08-01 NIIBE Yutaka <gniibe@fsij.org>
-
- Simple typo fix.
- + commit fde9a8cc6c849fb21f3e6782dbd5c6bc863357eb
- * tools/rfc822parse.c: Fix.
-
- po: Update Japanese translation.
- + commit 02b571947b9442604faa7509478cd8577c2c0b9c
-
-
-2017-07-31 Werner Koch <wk@gnupg.org>
-
- dirmngr,w32: Fix http connection timeout problem.
- + commit 482fd5758c1b7e1b33c4cb50656e586a3ae16815
- * dirmngr/http.c (connect_with_timeout) [W32]: Take care of EAGAIN.
-
- Explain the "server is older than xxx warning".
- + commit 4ad5bc1b6d72483123963c894ee1412b2ceb99b4
- * g10/call-agent.c (warn_version_mismatch): Print a note on how to
- restart the servers.
- * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
- * sm/call-agent.c (warn_version_mismatch): Ditto.
- * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
-
-2017-07-28 Werner Koch <wk@gnupg.org>
-
- Release 2.1.22.
- + commit 7d335ff496b129ee6f33c4ca25bd7a6631a4b590
-
-
- po: Update German translation.
- + commit 339f672dad94b4e0000fd2d3a1f272a4861c91c3
-
-
- agent: Make --ssh-fingerprint-digest re-readable.
- + commit 6c9899bede6ecb2ccf7336d12724090f36a6aa3d
- * agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
- (parse_rereadable_options): here.
- (opts): Change its description.
- (main) <aGPGConfList>: Include this option.
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
- level.
-
- gpg,sm: String changes for compliance diagnostics.
- + commit efe187e8a2b583defdcd9d4b96e3dc83f95bef0d
-
-
- agent: For OCB key files return Bad Passprase instead of Checksum Error.
- + commit 5cf95157c5db88dd599ac4d48f619782179b1438
- * agent/protect.c (do_decryption): Map error checksum to bad
- passpharse protection
-
- * agent/call-pinentry.c (unlock_pinentry): Don't munge the error
- source for corrupted protection.
-
- gpg: Minor rework for better readibility of get_best_pubkey_byname.
- + commit 1c35e29af95c46475f297d2bd70a5f3bd49d45b1
- * g10/getkey.c (get_best_pubkey_byname): Change return type to
- gpg_error_t. Use var name err instead of rc. Move a
- gpg_error_from_syserror closer to the call.
-
- gpg: Fix segv in get_best_pubkey_byname.
- + commit 6496dc1f9d2aef3bf8cf950da2434c96f7a0145c
- * g10/getkey.c (get_best_pubkey_byname): Init NEW.
-
- agent: Minor cleanup (mostly for documentation).
- + commit 5516ef47a22dfdf9cdf56107f34d2bda9e46deec
- * agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
- * agent/findkey.c (read_key_file): Ditto. Change return type to
- gpg_error_t. On es_fessk failure return a correct error code.
- (agent_key_from_file): Change var name 'rc' to 'err'.
- * agent/pksign.c (agent_pksign_do): Ditto. Change return type to
- gpg_error_t. Return a valid erro code on malloc failure.
- (agent_pksign): Ditto. Change return type to gpg_error_t. replace
- xmalloc by xtrymalloc.
- * agent/protect.c (calculate_mic): Change return type to gpg_error_t.
- (do_decryption): Ditto. Do not init RC.
- (merge_lists): Change return type to gpg_error_t.
- (agent_unprotect): Ditto.
- (agent_get_shadow_info): Ditto.
-
-2017-07-27 Werner Koch <wk@gnupg.org>
-
- gpg: Tweak compliance checking for verification.
- + commit 6502bb0d2af5784918ebb74242fff6f0a72844bf
- * common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
- verification.
- * g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
- * g10/sig-check.c (check_signature2): Use log_error instead of
- log_info.
-
- gpg,sm: Allow encryption (with warning) to any key in de-vs mode.
- + commit 1bd22a85b4f06324037b3500d2fa8af62733c926
- * g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
- * sm/encrypt.c (gpgsm_encrypt): Ditto.
-
- gpg,sm: Fix compliance checking for decryption.
- + commit a0d0cbee7654ad7582400efaa92d493cd8e669e9
- * common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
- signing check. We don't support Elgamal signing at all.
- (gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
- Check the curvenames for ECDH.
- * g10/pubkey-enc.c (get_session_key): Print only a warning if the key
- is not compliant.
- * sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
- so that we have only one translation.
-
- gpg: Avoid output to the tty during import.
- + commit fcb62fe20f45290bf95703ec3bf4d0b361fa4339
- * g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
- output calls to use it.
- * g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
- output calls to use it.
- (keyedit_menu): Adjust for changes.
- * g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
- * g10/import.c (import_one): Call key_check_all_keysigs with output to
- the log stream.
-
-2017-07-26 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Make sure exactly one fingerprint is output with --quick-gen-key.
- + commit 94eea0ed2c8b47cb0fe02b22cbe668705a5fe0d0
- * g10/keygen.c (do_generate_keypair): Only set fpr in
- list_keyblock_direct invocation if neither --fingerprint nor
- --with-fingerprints are given.
-
-2017-07-26 Werner Koch <wk@gnupg.org>
-
- doc: Add man pages form gpg-wks-server and gpg-wks-client.
- + commit be636c3cfca178927b09ef4154c3e555d6f5b1c4
- * doc/wks.texi: New.
- * doc/gnupg.texi: Include wks.texi.
- * doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
- (myman_pages): Add new man pages.
-
- wks: Fix program names in the usage diagnostics.
- + commit c76398da5b15df2086f68bc26b7fde75219976c7
- * tools/gpg-wks-client.c (my_strusage): Add case 12.
- * tools/gpg-wks-server.c (my_strusage): Add case 12:
-
-2017-07-26 Andre Heinecke <aheinecke@intevation.de>
-
- doc: Update vsnfd profile example.
- + commit 4f569c69075fddbaea588544a6625c28cb4cb8f4
- * doc/examples/vsnfd.prf: Use rsa3072
-
-2017-07-26 Werner Koch <wk@gnupg.org>
-
- dirmngr: Do not use a blocking connect in Tor mode.
- + commit c5e5748480952e5bcedb16f6ce6ef7e435acb3c7
- * dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
- (send_request): Ditto.
-
- dirmngr: Auto-enable Tor on startup or reload.
- + commit fd68bdb61ec4f8441da6d3023a8da4315df54cec
- * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
-
- agent,dirmngr: Check for homedir removal also using stat(2).
- + commit d50c2eff8d6931586c527edb3dea98dbc6facdec
- * agent/gpg-agent.c (have_homedir_inotify): New var.
- (reliable_homedir_inotify): New var.
- (main): Set reliable_homedir_inotify.
- (handle_tick): Call stat on the homedir.
- (handle_connections): Mark availibility of the inotify watch.
- * dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
- (TIMERTICK_INTERVAL_SHUTDOWN): New.
- (handle_connections): Depend tick interval on the shutdown state.
-
- agent: Lengthen timertick interval on Unix to 4 seconds.
- + commit f4ec7697a9c2d7587794d3bd75efbb0b51d6562f
- * agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
- Unix.
-
-2017-07-25 Werner Koch <wk@gnupg.org>
-
- common: Strip trailing slashes from the homedir.
- + commit 24c7aa0d58e3768690dd8ebef0e8e01af7e80f83
- * common/homedir.c (default_homedir): Strip trailing slashes.
- (gnupg_set_homedir): Ditto.
-
- w32: Also change the directory on daemon startup.
- + commit 0ef50340ef68b2541d9a1aafa71f5400aef4dc7e
- * agent/gpg-agent.c (main): Always to the chdir.
- * dirmngr/dirmngr.c (main): Ditto.
- * scd/scdaemon.c (main): Ditto.
-
- common: New functions gnupg_daemon_rootdir and gnupg_chdir.
- + commit 226f143ca01cf335c7c4e3e94c96fb9d271eccc9
- * common/sysutils.c (gnupg_chdir): New.
- * common/homedir.c (gnupg_daemon_rootdir): New.
- * agent/gpg-agent.c (main): Use these functions instead chdir("/").
- * dirmngr/dirmngr.c (main): Ditto.
- * scd/scdaemon.c (main): Ditto.
-
- gpg: Update key origin info during import merge.
- + commit 166d0d7a2439f30c0a250faadc16ce3453447d71
- * g10/import.c (update_key_origin): New.
- (merge_blocks): Add arg curtime.
- (import_one): Pass curtime to merge_blocks. Call update_key_origin.
-
- gpg: Store key origin for new userids during import merge.
- + commit 84c993d9325fc000acac7950b2dfeefa5976df3b
- * g10/import.c (apply_meta_data): Rename to ...
- (insert_key_origin): this. Factor code out to ...
- (insert_key_origin_pk, insert_key_origin_uid): new funcs.
- (import_one): Move insert_key_origin behind clean_key.
- (merge_blocks): Add args options, origin, and url.
- (append_uid): Rename to ...
- (append_new_uid): this. Add args options, curtime, origin, and url.
- Call insert_key_origin_uid for new UIDs.
-
-2017-07-25 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Add annotation for fallthrough.
- + commit d40b4a41a8d60292fd4b5b951a19883e31090179
- * dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.
-
-2017-07-24 Werner Koch <wk@gnupg.org>
-
- gpg: Extend --key-origin to take an optional URL arg.
- + commit 87b5421ca84bbea68217c9ed771ee8c0a98a4d0c
- * g10/getkey.c (parse_key_origin): Parse appended URL.
- * g10/options.h (struct opt): Add field 'key_origin_url'.
- * g10/gpg.c (main) <aImport>: Pass that option to import_keys.
- * g10/import.c (apply_meta_data): Extend for file and url.
- * g10/keyserver.c (keyserver_fetch): Pass the url to
- import_keys_es_stream.
-
- gpg: Store key origin info for new keys from a keyserver.
- + commit 2ca0381d077d766593db26f4215b8eddee8d7963
- * g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
- done by fingerprint.
- * g10/import.c (apply_meta_data): Implement that.
-
- gpg: Store key origin info for new DANE and WKD retrieved keys.
- + commit e7068bf92ec5ca5d440346d43a382c1f625b924d
- * g10/import.c (apply_meta_data): Remove arg 'merge'. Add arg 'url'.
- Implement WKD and DANE key origin.
- (import_keys_internal): Add arg 'url' and change all callers.
- (import_keys_es_stream): Ditto.
- (import): Ditto.
- (import_one): Ditto.
- * g10/keylist.c (list_keyblock_print): Fix update URL printing.
- * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
- the SOURCE. Pass ks_status_cb to assuan_transact.
- * g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
- the import function.
-
- gpg: Filter keys received via DANE.
- + commit f6f0dd4d5ea85e0b16e96d7678b1d508182049a8
- * g10/keyserver.c (keyserver_import_cert): Use an import filter in
- DANE mode.
-
- dirmngr: Print a SOURCE status for WKD requests.
- + commit e97548223948222a5c22acdf3775c7f93c1e17a9
- * dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
-
- dirmngr: New function dirmngr_status_printf.
- + commit 9b88cfa0962f28894658cff8777fe7a217c6f700
- * dirmngr/server.c (dirmngr_status_printf): New.
-
-2017-07-24 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
- + commit 872137b5921dd297e7d2c1def6e3868b7595feb5
- * call-agent.h (agent_import_key): Add keyid parameters.
- * call-agent.c (agent_import_key): Set keyid parameters.
- * import.c (transfer_secret_keys): Pass keyid parameters.
-
- w32: Change directory on daemon startup.
- + commit 78ebc62604d77600b9865950610717d28c6027a2
- * agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
- (main) [HAVE_W32_SYSTEM]: Change working directory to \.
- * dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
- (main) [HAVE_W32_SYSTEM]: Change working directory to \.
- * scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
- (main) [HAVE_W32_SYSTEM]: Change working directory to \.
-
- g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
- + commit d8e46f10698da0bee4cd58d95f1f9832bdda0c5f
- * call-agent.h (agent_export_key): Add keyid parameters.
- * call-agent.c (agent_export_key): Set keyid parameters.
- * export.c (receive_seckey_from_agent): Pass keyid parameters.
-
-2017-07-24 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Use unsigned int for fields.
- + commit 45e40487fb7bb51228c96c8966e38c643a9b9ba5
- * scd/app-openpgp.c (data_objects): Use unsigned ints.
-
- dirmngr: More minor fix.
- + commit ade4b2744c848e07b87afa4f186256c2a2ef1d13
- * dirmngr/http.c (send_request): Care the case of !USE_TLS.
-
- dirmngr: More minor fixes.
- + commit 789401e9557db13422f47a8c09e693f3cee0132b
- * dirmngr/http.c (http_verify_server_credentials): Duplicated const.
- * dirmngr/ldap.c (parse_one_pattern): Add comment.
-
- dirmngr: Minor fix for Windows.
- + commit 274602820cfbb15c7cdb4525acd9793bdb472e78
- * dirmngr/http.c (connect_with_timeout): Use FD2INT.
-
- agent: Minor fix for Windows.
- + commit 328fca187253c069e3630bd387a71f6d16e9820a
- * agent/command-ssh.c (serve_mmapped_ssh_request): Add const
- qualifier.
-
-2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Avoid caching passphrase for failed symmetric encryption.
- + commit e4c720fa3b31ebd3e9d764c6eab02729cf06124c
- * g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
- assume the symmetric passphrase was wrong and invalidate the cache.
-
-2017-07-21 Werner Koch <wk@gnupg.org>
-
- gpg: Extend --quick-set-expire to allow subkey expiration setting.
- + commit b55b72bb815ad5870456b89c3a011fa00991b4a8
- * g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
- (menu_expire): Rename arg force_mainkey to unattended and allow
- unattended changing of subkey expiration.
- * g10/gpg.c (main): Extend --quick-set-expire.
-
- gpg: Fix possible double free of the card serialno.
- + commit e888f7af6571ecd3994fd55cc18c9e2df7fd0c60
- * g10/free-packet.c (copy_public_key): Copy fields serialno and
- updateurl.
-
- gpg: Use macros to check the signature class.
- + commit 5818ff0ae314af08548fcc23df2b807736144a00
- * g10/import.c: Use the extistin macros for better readability.
-
-2017-07-21 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Clean keyblock on initial commit.
- + commit 609bbdf3614fbadeba7a6cbdfdf5004b23516a64
- * g10/import.c (import_one): If option import-clean is set,
- also clean on initial import, not only for merge.
-
-2017-07-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix SEGV in CCID driver.
- + commit d8a55da715ce8447b0686f321fa43d00be34a467
- * scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
- (bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.
-
- g10: Don't limit at the frontend side for card capability.
- + commit a76b6cf9709c0a2a89fa2887075491b80f3d9608
- * g10/card-util.c (MAX_GET_DATA_FROM_FILE): New.
- (get_data_from_file): Use MAX_GET_DATA_FROM_FILE.
- (change_url, change_login, change_private_do): Don't limit.
-
- scd: Add debug message for v3 card.
- + commit 892e86b0dc69193ddff018bf9b3938509dd72cb3
- * scd/app-openpgp.c (show_caps): Output more messages.
-
-2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- doc: Clarify wording of export-attributes.
- + commit cea4313644b531ef87b8c8e4bfddde4388cbbe0d
- * doc/gpg.texi: Clarify wording of export-attributes.
-
-2017-07-20 Werner Koch <wk@gnupg.org>
-
- gpg: New option --with-key-origin.
- + commit 165cdd8121bbf80bfe2da071539d3578630f198f
- * g10/getkey.c (parse_key_origin): Factor list out as ...
- (key_origin_list): new struct.
- (key_origin_string): New.
- * g10/gpg.c (oWithKeyOrigin): New const.
- (opts): New option --with-key-origin.
- (main): Implement option.
- * g10/options.h (struct opt): New flag with_key_origin.
- * g10/keylist.c (list_keyblock_print): Print key origin info.
- (list_keyblock_colon): Ditto.
-
- common: New function print_utf9_string.
- + commit bddc2e04f1ddc18be20efc0f0508be401b345f42
- * common/miscellaneous.c (print_utf8_string): New.
-
- gpg: Make function mk_datestr public.
- + commit 3ee314dde16d1d69ddf840cdb8b5aa186c592262
- * g10/keydb.h (MK_DATESTR_SIZE): New.
- * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use
- snprintf. Change arg atime to u32.
- (datestr_from_pk): Simplify.
- (datestr_from_sig): Ditto.
- (expirestr_from_pk): Ditto.
- (expirestr_from_sig): Ditto.
- (revokestr_from_pk): Ditto.
-
-2017-07-20 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- g10: Return proper error when gpg-agent fails to start during probe.
- + commit 9998b162b47931fb8a8ed961d53418d505358888
- * g10/getkey.c (lookup): Return immediately on any other error than
- GPG_ERR_NO_SECKEY from agent_probe_any_secret_key.
-
-2017-07-20 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support longer data length for special DOs for v3 card.
- + commit 69614d55018ddb8678d8904a52e648931f480d72
- * scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
- "URL", "Private DO N" can be longer size >= 256.
- (struct app_local_s): Define bits for v3 card.
- (get_cached_data): Use extcap.max_special_do for special DOs.
- (app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.
-
- common: logstream fix.
- + commit 84146b3ec44943f06c66a603de19094b930ad446
- * common/logging.c (set_file_fd): Don't close es_stderr.
-
- dnsmngr: Fix use of CPP.
- + commit cc12cf386b620e658fa93a0bd40477bc16d85d98
- * dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
- (DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
- to be expanded for expression evaluation.
-
-2017-07-19 Justus Winter <justus@g10code.com>
-
- dirmngr: Forbid redirects from .onion to clearnet URIs.
- + commit e7fc6e3bf0eb6ffe53e1f099d28ce45cef4a8a87
- * dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
- to clearnet URIs.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
-
-2017-07-19 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
- + commit 2e5459457473eb4b3e7b2b14815cb94faa66e8bb
- * g10/mainproc.c (check_sig_and_print): Track key server request via
- fingerprint.
-
-2017-07-19 Justus Winter <justus@g10code.com>
-
- dirmngr: Implement TLS over http proxies.
- + commit da91d2106a17c796ddb066a34db92d33b21c81f7
- * dirmngr/http.c (send_request): If a http proxy is to be used, and we
- want to use TLS, try to use the CONNECT method to get a connection to
- the target server.
-
- dirmngr: Log http response in debug mode.
- + commit e7eabe66b6409c1f5225b751ea5c2d456a3856e6
- * dirmngr/http.c (parse_response): Log http response in debug mode.
-
- dirmngr: Amend TLS handling.
- + commit 1ba220e68149fdb197accf4a15b0a11126c8b431
- * dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
- write cookie, not from the URI.
-
- dirmngr: Fix connecting to http proxies.
- + commit 46a4a0c0e77e19f9589088bb87357c33142c3f04
- * dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
- the target host to connect to the http proxy.
-
- dirmngr: Fix handling of proxy URIs.
- + commit 73d4781e4595634548269bafe46aeb7674c5b219
- * dirmngr/http.c (send_request): We do not support socks4.
-
-2017-07-19 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgconf: Make vars read-only explicitly.
- + commit 99791184ac4c7486ccdefc150b9921cd923428b9
- * tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag)
- (gc_component): Add const qualifier.
-
- Fix usage of ARGPARSE_OPTS.
- + commit fa63db89f9581186ed758c502d4e69914b774157
- * agent/gpg-agent.c, agent/preset-passphrase.c,
- dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
- tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
- tools/symcryptrun.c: Use ARGPARSE_end.
-
-2017-07-18 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- common: Allow abbreviations of standard options.
- + commit f17862d47d184d7f6ef883778cf63801365599a0
- * argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
- ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
- macros.
- (ARGPARSE_end): Add some placeholders for standard options.
- * argparse.c (arg_parse): Fill in missing standard options so
- default machinery works. Check for standard options in new way.
- Do not write out standard options for --dump-options.
-
-2017-07-18 Justus Winter <justus@g10code.com>
-
- gpgscm,w32: Fix testing for absolute paths.
- + commit 2e1342b78b020f5b28359b08a4f63cf11479602f
- * tests/gpgscm/main.c (path_absolute_p): New function.
- (load): Use new function.
-
- dirmngr: Honor http keyserver URLs.
- + commit b231959728a0056094134e0fca8cc916c24ef37e
- * dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
- * dirmngr/http.h (struct parsed_uri_s): New field 'original'.
- * dirmngr/ks-action.c (ks_action_get): Properly handle http and https
- URLs.
-
- dirmngr: Fix memory leak.
- + commit ebb35ed7110d1a29061dfb4ccb9038645b20d7f4
- * dirmngr/http.c (parse_uri): Properly free partial results.
-
- dirmngr: Fix memory leak.
- + commit 3d670fa973a03ea88b5f9459b3222a951136dd7a
- * dirmngr/http.c (http_release_parsed_uri): Free 'params'.
-
-2017-07-17 Werner Koch <wk@gnupg.org>
-
- gpg,sm: Check compliance of the RNG.
- + commit a149afe338d61d86985c533cde5e7dbcd31e8698
- * common/compliance.c (gnupg_rng_is_compliant): New.
- * g10/call-agent.c (start_agent) [W32]: Check rng compliance.
- * sm/call-agent.c (start_agent) [W32]: Ditto.
- * g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
- compliant.
- * sm/encrypt.c (gpgsm_encrypt): Ditto.
- * g10/sign.c (do_sign): Ditto.
- * sm/sign.c (gpgsm_sign): Ditto.
-
- agent: New GETINFO sub-command jent_active.
- + commit bbbd0db34b4e387f8dc089fb7d69fdcf2ed91a01
- * agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
-
- common: New function split_fields_colon.
- + commit 849467870ee1c10e0a7b1e89cfc9e8214e4963fe
- * common/stringhelp.c (split_fields_colon): New.
- * common/t-stringhelp.c (test_split_fields_colon): New test.
- (main): Call that test.
-
-2017-07-14 Justus Winter <justus@g10code.com>
-
- tests: Improve 'shell.scm' script.
- + commit 58eafd11ed5501c0b72fcb553eb3e097ad29b3c6
- * tests/openpgp/defs.scm (create-file): Unlink file first.
- * tests/openpgp/shell.scm: Ask whether to import legacy test keys or
- not, and whether to drop 'batch' from the configuration. Add paths to
- all the programs to 'PATH'.
-
- gpgscm: Library improvements.
- + commit b4d25082fd4502ec01d511c22fecd60d513b81f4
- * tests/gpgscm/repl.scm (prompt-yes-no?): New function.
- * tests/gpgscm/tests.scm (pathsep-split): Likewise.
- (pathsep-join): Likewise.
- (with-path): Use the new function.
-
- gpgscm: Fail early if the test setup fails.
- + commit 7a6e6ad2880bbff54a75ff608d0ec97d6c405733
- * tests/gpgscm/tests.scm (make-environment-cache): Check status code
- of setup script.
-
- gpg: Fix importing keys.
- + commit 956da89193370d5aa970cff5b77f605534481a02
- * g10/import.c (import_one): Fix error handling.
-
-2017-07-13 Werner Koch <wk@gnupg.org>
-
- gpg: Pass key origin values to import functions.
- + commit 330212efb927c119bb5135856f8582c0e4e2e6b7
- * g10/import.c (import_keys_stream): Remove this unused function.
- (import_keys_internal): Add arg origin.
- (import_keys): Ditto.
- (import_keys_es_stream): Ditto.
- (import): Ditto.
- (import_one): Ditto.
- (apply_meta_data): New stub.
- (import_secret_one): Pass 0 for ORIGIN.
- * g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN.
- (keyserver_fetch): Add arg origin.
- (keyserver_import_cert): Pass KEYORG_DANE for ORIGIN.
- (keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN.
- * g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and
- keyserver_fetch.
- * g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN.
-
- gpg: New option --key-origin.
- + commit fa1155e89ebb4b16ee95549b8ab72672df3a0c54
- * g10/keydb.h (KEYORG_): Rename to KEYORG_.
- * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust
- users.
- (PKT_public_key): Ditto.
- (PKT_ring_trust): Ditto.
- * g10/options.h (struct opt): Add field key_origin.
- * g10/getkey.c (parse_key_origin): New.
- * g10/gpg.c (oKeyOrigin): New.
- (opts): Add "keys-origin".
- (main): Set option.
-
-2017-07-13 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- doc: Document gnupg version requirement for gpg-preset-passphrase.
- + commit 877a321d011deb3e8501aa9cc5e9f9cd0b19dddf
-
-
-2017-07-13 Justus Winter <justus@g10code.com>
-
- gpgscm: Make loading of modules less verbose.
- + commit f78fe1a4ec9d343199e1f424dd09e2937c913412
- * tests/gpgscm/main.c (load): Increase logging threshold.
-
- gpgscm: Make it impossible to catch '*interpreter-exit*'.
- + commit bce02a8b0f0e51775a4ee5536ccf35efc1f15ca6
- * tests/gpgscm/init.scm (throw'): Make it impossible to catch
- '*interpreter-exit*'. This fixes 'exit' (and with it 'fail') inside
- 'catch' statements.
-
-2017-07-10 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- tofu: Compare squares instead of square roots.
- + commit d24594976686983c7186cbe4e78153888a13b6e4
- * g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
- sqrtu32.c.
- * g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
- * g10/tofu.c: Compare squares instead of square roots.
-
- speedo: Provide a vagrantfile to test speedo in an isolated VM.
- + commit 1455b406e63dd262938e49da5f83c05c17c60a8d
- * build-aux/Vagrantfile: New file.
-
-2017-07-06 Neal H. Walfield <neal@g10code.com>
-
- doc: Improve TOFU documentation.
- + commit 243b2a570c30586e19b8c88e43b282d62d8eb77c
- * doc/gpg.texi: Improve TOFU documentation.
-
-2017-07-05 Werner Koch <wk@gnupg.org>
-
- agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
- + commit 3681ee7dc1e9d8c94fdb046d7be0bbcfeba1cfe9
- * agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
- passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
- * agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
- passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
-
- doc: Update yat2m to take care of SOURCE_DATE_EPOCH.
- + commit 139de02b93773615bdd95e04a7f0c1ad73b4f6fb
- * doc/yat2m.c (main): Set a default for OPT_DATE.
-
- doc: Prefer an installed version of yat2m.
- + commit f6faa058749846de18cb34f1cc79867bb0029922
- * configure.ac (YAT2M): Check for tool.
- * doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
-
-2017-07-01 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- doc: Document obsolete option in gpgsm. Closes T2231.
- + commit 7fb724c61655c6f75c61572d65a46e21ae112574
- * doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.
-
-2017-06-28 Werner Koch <wk@gnupg.org>
-
- agent: Fix option --debug-wait.
- + commit ecd6c0160f49ae83001dfd150df6b1238fc479d5
- * agent/gpg-agent.c (opts): Typo fix.
-
-2017-06-26 Justus Winter <justus@g10code.com>
-
- agent: Support unprotected ssh keys.
- + commit 273964798592cd479c111f47e8ce46d5b1999d6a
- * agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
- passphrase is supplied, do not protect the key.
-
- tests: Improve test.
- + commit b49b1a87ac2695e3892fb001878da59fbc92fa37
- * tests/openpgp/ssh-export.scm: Split output at any whitespace.
-
-2017-06-23 Werner Koch <wk@gnupg.org>
-
- agent: Shutdown on removal of the home directory.
- + commit 1ead1ca818bddabc3bca22c195be667993eb3e2e
- * common/sysutils.c (gnupg_inotify_watch_delete_self): New.
- * agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
- sock_inotify_fd.
- (handle_connections): Add home_inotify_fd to watch the home directory.
-
- build: Add missing LIBASSUAN_CFLAGS to dirmngr/.
- + commit 815ecdf08a4285c75892cf9ab72feb13f3bcf590
- * dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
- (t_ldap_parse_uri_CFLAGS): Ditto.
- (t_dns_stuff_CFLAGS): Ditto.
-
- gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
- + commit f31dc2540acf7cd7f09fd94658e815822222bfcb
- * common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
- * g10/encrypt.c (encrypt_crypt): Emit new status code.
- * sm/encrypt.c (gpgsm_encrypt): Ditto.
-
-2017-06-21 Justus Winter <justus@g10code.com>
-
- gpg: Close cached keydb handle in gpgv.
- + commit a68a98233ab83f0c7b90e6e588b882085fe59d91
- * g10/gpgv.c (main): Close cached handle.
-
- tests: Add test for gpgv.
- + commit 62274d3c309d8948405c2f966bef507638b4d5c6
- * tests/openpgp/Makefile.am (XTESTS): Add the new test.
- * tests/openpgp/gpgv.scm: New file.
- * tests/openpgp/signed-messages.scm: Likewise.
- * tests/openpgp/verify.scm: Move the signed messages to the new file
- and load it.
-
- gpg: Fix printing keyserver URLs and notation data.
- + commit 890a3a70f2e1340d90c7f499358467979b182719
- * g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'.
- (show_notation): Likewise.
-
-2017-06-20 Justus Winter <justus@g10code.com>
-
- dirmngr: Properly handle SRV records.
- + commit 48aae8167dcae80d43b08167a88d9eb170781a04
- * dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
- (struct hostinfo_s): New flags indicating whether we already did a
- A lookup, or a SRV lookup per protocol. Turn 'port' into an array.
- (create_new_hostinfo): Initialize new fields.
- (add_host): Update the port for the given protocol.
- (map_host): Simplify hosttable lookup misses. Check the SRV records
- for both protocols on demand, do the A lookup just once. Return the
- correct port.
-
- dirmngr: Refactor variable-sized array code.
- + commit fc4834d213af031b456c49c1ba5b5ef8873d1f18
- * dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
- size fields.
- (MAX_POOL_SIZE): New macro.
- (create_new_hostinfo): Initialize new fields.
- (host_in_pool_p): Adapt.
- (select_random_host): Likewise.
- (add_host): Likewise. Move the resizing logic here.
- (hostinfo_sort_pool): New function.
- (map_host): Simplify. Move the resizing logic away from here.
- (ks_hkp_mark_host): Adapt.
- (ks_hkp_print_hosttable): Likewise.
-
- gpg: Fix error handling.
- + commit badc1cdae52bd434e5fac2e4275575afeccc2837
- * g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
-
-2017-06-19 Werner Koch <wk@gnupg.org>
-
- gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
- + commit 3621dbe52584bc8b417f61b5370ebaa5598db956
- * common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
- check. Explicitly check for allowed ECC algos.
- (gnupg_pk_is_allowed): Swap P and Q for DSA check.
- * g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
- assert by debug message.
-
-2017-06-19 Justus Winter <justus@g10code.com>
-
- gpgscm: Limit the number of parallel jobs.
- + commit 61ef43546ba9f0209692a1569d2f033436566a02
- * ffi.c (do_wait_processes): Suppress the timeout error.
- * tests.scm (semaphore): New definition.
- (test-pool): Only run a bounded number of tests in parallel.
- (test::started?): New function.
- (run-tests-parallel): Do not report results, do not start the tests.
- (run-tests-sequential): Adapt.
- (run-tests): Parse the number of parallel jobs.
-
- gpgscm: Improve option parsing.
- + commit e555e7ed7de20fbbb1e3b005c32e292f29cc4a58
- * tests/gpgscm/tests.scm (flag): Accept arguments of the form
- '--foo=bar'.
-
- gpgscm: Improve error handling of foreign functions.
- + commit 6639aedaee051e8104d7f63b9a5812abf79440ed
- * tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
- message.
-
- gpgscm: Improve error reporting.
- + commit 4c8be58fd46bb16332e84ab8ce978087dc5c68a3
- * tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
- * tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
- error messages.
-
- tests: Run the OpenPGP tests using the new extended key format.
- + commit b766d3d1034e6068a91755ada68f7f7dbe2943b6
- * tests/openpgp/all-tests.scm: Generalize a bit, and also add a
- variant that uses the new extended key format.
- * tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
- new extended key format.
-
-2017-06-19 Werner Koch <wk@gnupg.org>
-
- Change license of some files to LGPLv2.1.
- + commit 3419a339d9c4e800bf30e9021e05982d8c1021c1
- * COPYING.LIB: Rename to COPYING.LGPL3.
- * COPYING.LGPL21: New.
- * COPYING.GPL2: New.
- * Makefile.am: Distribute them.
- * AUTHORS: Update license pointers. Add BSI as copyright holder.
- * common/compliance.c, common/compliance.h: Add BSI copyright notice.
- Break overlong lines.
- * dirmngr/loadswdb.c: Add BSI copyright notices.
- * dirmngr/server.c: Ditto.
- * tools/call-dirmngr.c: Change license to LGPLv2.1. Add BSI
- copyright notice.
- * tools/call-dirmngr.h: Ditto.
- * tools/gpg-wks-client.c: Ditto.
- * tools/gpg-wks-server.c: Ditto.
- * tools/gpg-wks.h: Ditto.
- * tools/mime-maker.c: Ditto.
- * tools/mime-maker.h: Ditto.
- * tools/mime-parser.c: Ditto.
- * tools/mime-parser.h: Ditto.
- * tools/send-mail.c: Ditto.
- * tools/send-mail.h: Ditto.
- * tools/wks-receive.c: Ditto.
- * tools/wks-util.c: Ditto.
- * tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
-
-2017-06-19 Justus Winter <justus@g10code.com>
-
- gpg: Disable compliance module for other GnuPG components.
- + commit 6e23416fe61d4130918f2d1bf6e1f98d102c4610
- * common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
- false if the module is not initialized.
- (gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
- not initialized.
- (gnupg_status_compliance_flag): Do not assert that the module is
- initialized.
- (gnupg_parse_compliance_option): Likewise.
- (gnupg_compliance_option_string): Likewise.
-
-2017-06-14 Justus Winter <justus@g10code.com>
-
- gpg: Check and fix keys on import.
- + commit 9b12b45aa5e67d4d422bf75a3879df1d52dbe67f
- * doc/gpg.texi: Document the new import option.
- * g10/gpg.c (main): Make the new option default to yes.
- * g10/import.c (parse_import_options): Parse the new option.
- (import_one): Act on the new option.
- * g10/options.h (IMPORT_REPAIR_KEYS): New macro.
-
- gpg: Refactor key checking and fixing.
- + commit 404fa8211b6188a0abe83ef43a4b44d528c0b035
- * g10/Makefile.am (gpg_sources): Add new files.
- * g10/gpgcompose.c (keyedit_print_one_sig): New stub.
- * g10/keyedit.c (sig_comparison): Move to new module.
- (check_all_keysigs): Likewise.
- (fix_keyblock): Adapt callsite.
- (keyedit_menu): Likewise.
- * g10/key-check.c: New file.
- * g10/key-check.h: Likewise.
-
-2017-06-13 Justus Winter <justus@g10code.com>
-
- gpg: Refactor keyedit module.
- + commit 8095d16b3ef6b5f01ec351824855708149f1c1c3
- * g10/Makefile.am (gpg_SOURCES): Add new file.
- * g10/keyedit.c (NODFLG_*): Move flags to the new header file.
- (print_one_sig): Export symbol and rename accordingly.
- (print_and_check_one_sig): Adapt accordingly.
- (check_all_keysigs): Likewise.
- * g10/keyedit.h: New file.
- * g10/main.h: Drop declarations, include new header.
-
- dirmngr: Implement querying nameservers over IPv6.
- + commit 15d2a009931f44a60b9df6325f837add208459d6
- * dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
- mismatch.
- (enum dns_res_state): New states for querying over IPv6.
- (dns_res_exec): Implement the new states by copying and modifying the
- IPv4 variants. Branch to their respective counterparts if the current
- list of resolvers using the current address family is exhausted.
-
-2017-06-13 Werner Koch <wk@gnupg.org>
-
- gpg: Disable keydb handle caching only for W32.
- + commit e80925171ddb20c7e76c1db88c15ce2d9b09db86
- * g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
-
- common: Fix -Wswitch warning.
- + commit 7c91b48f0e80266cf7491c2bb7d8aabc12362643
- * common/compliance.c (gnupg_digest_is_allowed): Don't include
- GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
-
-2017-06-11 Neal H. Walfield <neal@g10code.com>
-
- gpg: Send gpgcompose --help output to stdout, not stderr.
- + commit 7aeac20f12ed257d3d159b304afeeac7f406c9d2
- * g10/gpgcompose.c (show_help): Send gpgcompose --help output to
- stdout, not stderr.
-
- gpg: Improve some output of gpgcompose.
- + commit cb0484e0762a1ce05d00d949f4b70162e2f7b82c
-
-
- gpg: Support 'gpgcompose --encrypted-pop --help'
- + commit 4ddf4e114c8df06d89144e857b7601de0b7e5a7c
- * g10/gpgcompose.c (encrypted_pop_options): New variable.
- (encrypted_pop): Support the --help option.
-
- gpg: Remove dead code.
- + commit 8a9066865688cf17594b2bdde4b260b0ef36d68e
- * g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
- PKT_ENCRYPTED_MDC.
- (encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.
-
-2017-06-08 Marcus Brinkmann <mb@g10code.com>
-
- artwork: Add new banner.
- + commit bc5503b2bf273b51d5dc59617e596f1cfb742fbc
- * artwork/banner/banner-full.png: New file.
- * artwork/banner/banner-rectangle.png: New file.
- * artwork/banner/banner.svg: New file.
- * artwork/banner/Bungee-Regular.ttf: New file.
- * artwork/banner/Raleway-license.txt: New file.
- * artwork/banner/banner-half.png: New file.
- * artwork/banner/banner-skyscraper.png: New file.
- * artwork/banner/Bungee-license.txt: New file.
- * artwork/banner/Raleway-ExtraBold.ttf: New file.
- * artwork/banner/Raleway-SemiBold.ttf: New file.
-
-2017-06-08 Justus Winter <justus@g10code.com>
-
- common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
- + commit a64a55e10420cf11e00062b590dffe5d0c3e8192
- * common/compliance.c (gnupg_pk_is_allowed): New function.
- (gnupg_cipher_is_allowed): Likewise.
- (gnupg_digest_is_allowed): Likewise.
- * common/compliance.h (enum pk_use_case): New definition.
- (gnupg_pk_is_allowed): New prototype.
- (gnupg_cipher_is_allowed): Likewise.
- (gnupg_digest_is_allowed): Likewise.
- * g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
- the new predicates.
- * g10/encrypt.c (encrypt_crypt): Likewise.
- * g10/gpg.c (main): Likewise.
- * g10/pubkey-enc.c (get_session_key): Likewise.
- * g10/sig-check.c (check_signature2): Likewise.
- * g10/sign.c (do_sign): Likewise.
- * sm/decrypt.c (gpgsm_decrypt): Likewise.
- * sm/encrypt.c (gpgsm_encrypt): Likewise.
- * sm/gpgsm.c (main): Likewise.
- * sm/sign.c (gpgsm_sign): Likewise.
- * sm/verify.c (gpgsm_verify): Likewise.
-
- gpg: Fix computation of compliance with CO_DE_VS.
- + commit b03fab09e188f7bb10237d4f20455e4026737e4e
- * g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
- compliance with CO_DE_VS.
-
-2017-06-08 Werner Koch <wk@gnupg.org>
-
- dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
- + commit 9b43220b8ad1a5c1cd51de3bbfff7ccbcc3fa877
- * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
- enums.
- (opts): New options --connect-timeout and --connect-quick-timeout.
- (DEFAULT_CONNECT_TIMEOUT): New.
- (DEFAULT_CONNECT_QUICK_TIMEOUT): New.
- (parse_rereadable_options): Handle new options.
- (post_option_parsing): New. Use instead of direct calls to
- set_debug() and set_tor_mode ().
- (main): Setup default timeouts.
- (dirmngr_init_default_ctrl): Set standard connect timeout.
- * dirmngr/dirmngr.h (opt): New fields connect_timeout and
- connect_quick_timeout.
- (server_control_s): New field timeout.
- * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
- http_raw_connect.
- * dirmngr/ks-engine-hkp.c (send_request): Call
- http_session_set_timeout.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
- (cmd_ks_fetch): Implement --quick option.
-
- dirmngr: Allow a timeout for HTTP and other TCP connects.
- + commit 5b9025cfa1f9b1c67ddf2f6bf87d863e780cf157
- * dirmngr/http.c: Include fcntl.h.
- (http_session_s): Add field 'connect_timeout'.
- (http_session_new): Clear that.
- (http_session_set_timeout): New function.
- (my_wsagetlasterror) [W32]: New.
- (connect_with_timeout): New function.
- (connect_server): Add arg 'timeout' and call connect_with_timeout.
- (send_request): Add arg 'timeout' and pass it to connect_server.
- (http_raw_connect): Add arg 'timeout'.
- (http_open): Pass TIMEOUT from the session to connect_server.
-
- gpg: Avoid failure exit when scdaemon is disabled but not needed.
- + commit 17e5afd80f247c356f03c71e8b61da424ffedabb
- * g10/call-agent.c (warn_version_mismatch): Use log_info if error is
- "not supported".
-
-2017-06-07 Justus Winter <justus@g10code.com>
-
- common: Add cipher mode to compliance predicate.
- + commit e051e396156211449568afa0ca7505dc13eaa3b4
- * common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
- * common/compliance.h (gnupg_cipher_is_compliant): Likewise.
- * g10/mainproc.c (proc_encrypted): Adapt callsite.
- * sm/decrypt.c (gpgsm_decrypt): Likewise.
-
- common,gpg,sm: Initialize compliance module.
- + commit 21fc2508c979a8202dd8ca7fa7b801e0d62a5ceb
- * common/compliance.c (gnupg_initialize_compliance): New function.
- * common/compliance.h (gnupg_initialize_compliance): New prototype.
- * g10/gpg.c (main): Use the new function.
- * sm/gpgsm.c (main): Likewise.
-
- common,gpg: Move the compliance option printer.
- + commit f440cf73eab0b0e75e3cb2e8c9e70a77f20ef1dc
- * common/compliance.c (gnupg_compliance_option_string): New function.
- * common/compliance.h (gnupg_compliance_option_string): New prototype.
- * g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
- * g10/gpg.c (main): Likewise.
- * g10/keyedit.c (keyedit_menu): Likewise.
- * g10/pkclist.c (build_pk_list): Likewise.
- * g10/main.h (compliance_option_string): Remove prototype.
- * g10/misc.c (compliance_option_string): Remove function.
-
- common,gpg,sm: Move the compliance option parser.
- + commit 842d233d408457cfa9a8473a6748472956f44e84
- * common/compliance.c (gnupg_parse_compliance_option): New function.
- * common/compliance.h (struct gnupg_compliance_option): New type.
- (gnupg_parse_compliance_option): New prototype.
- * g10/gpg.c (parse_compliance_option): Remove function.
- (compliance_options): New variable.
- (main): Adapt callsite.
- * sm/gpgsm.c (main): Use the new common function.
- * sm/gpgsm.h (opt): New field 'compliance'.
-
- gpg: Improve compliance with CO_DE_VS.
- + commit 027ce4ba37be1d052bca2f6109fe810ef57f4038
- * g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
- forbids the use of encryption without integrity protection.
-
-2017-06-07 Andre Heinecke <aheinecke@intevation.de>
-
- speedo: Fix a minor memleak in the installer.
- + commit 13dc75a4e7cc2959003c08940fc53c6ece7b77e4
- * build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on
- early return.
-
-2017-06-06 Andre Heinecke <aheinecke@intevation.de>
-
- speedo: Fix source tar call ambiguity.
- + commit 96acbdd7265f504d06783adfd6322a6675c41c0a
- * build-aux/speedo.mk (dist-source): Expand exclude-vc to
- exclude-vcs.
-
-2017-06-01 Justus Winter <justus@g10code.com>
-
- gpg: Report compliance with CO_DE_VS.
- + commit be8ca8852629786266db4d3d69b2c2fb03bd6365
- * common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
- parameters.
- (gnupg_cipher_is_compliant): New function.
- (gnupg_digest_is_compliant): Likewise.
- * common/compliance.h (gnupg_cipher_is_compliant): New prototype.
- (gnupg_digest_is_compliant): Likewise.
- * common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
- (STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
- * doc/DETAILS: Document the new status lines.
- * g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
- and report that using the new status line.
- (check_sig_and_print): Likewise.
- * sm/decrypt.c (gpgsm_decrypt): Likewise.
- * sm/verify.c (gpgsm_verify): Likewise.
-
- common: Improve checking for compliance with CO_DE_VS.
- + commit 3b70f62423041e614332b90d782576ee6868a030
- * common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
- sizes are compliant.
-
- gpg,common: Move the compliance framework.
- + commit 8a012280e0f0a462c094d106355aa436fceb1b76
- * common/Makefile.am (common_sources): Add new files.
- * common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here,
- and tweak it to not rely on types private to gpg.
- * common/compliance.h: New file. Move the compliance enum here.
- * g10/keylist.c (print_compliance_flags): Adapt callsite.
- * g10/main.h (gnupg_pk_is_compliant): Remove prototype.
- * g10/misc.c (gnupg_pk_is_compliant): Remove function.
- * g10/options.h (opt): Use the new compliance enum.
- * sm/keylist.c (print_compliance_flags): Use the common functions.
-
-2017-05-31 Justus Winter <justus@g10code.com>
-
- gpg: Fix compliance computation.
- + commit 02af509dfc2b893720aa0c7b380fd7736b2bafd0
- * g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
- RFC2440 which is actually a predicate.
-
- sm: Simplify code.
- + commit f9cb15b385f64f7c9403670f03632f81a874f213
- * sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
- interface.
-
- doc: Improve documentation.
- + commit 485b5a6e6dfe7aa545afa926e060d516ae911e42
- * doc/gpgsm.texi: Mention that '--with-key-data' implies
- '--with-colons'.
-
-2017-05-31 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix error from do_encryption.
- + commit c03e0eb01dc4632432d0472a6f8051142082bea4
- * agent/protect.c (do_encryption): Don't mask failure of OUTBUF
- allocation.
-
- scd: Fix error code on failure at usb_init.
- + commit 8defb21d34410d000c8b776e0e3a1edd04762638
- * scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.
-
- scd: Handle a failure of libusb_init.
- + commit 5c33649782bf255af5a55f16eac5e85f059b00bf
- * scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
- failure.
-
-2017-05-30 Andre Heinecke <aheinecke@intevation.de>
-
- gpg: Disable keydb handle caching.
- + commit d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29
- * g10/getkey.c (getkey_end): Disable caching of the open keydb
- handle.
-
-2017-05-30 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix memory leaks.
- + commit 996544626ea416c173a940db47f47f9e5cbd844c
- * agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
- * agent/gpg-agent.c (create_server_socket): Free UNADDR.
-
-2017-05-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: This towel should better detect a changed resolv.conf.
- + commit de3a0988ef9addccd6b5c7950fb8797afbc3978d
- * dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
- issue.
-
- dirmngr: Re-init libdns resolver on towel change of resolv.conf.
- + commit b5f356e9fba2d99909f8f54d7b7e6836bed87b68
- * dirmngr/dns-stuff.c: Include sys/stat.h.
- (RESOLV_CONF_NAME): New macro to replace a string.
- (resolv_conf_changed_p): New.
- (libdns_init): Call new function
- (libdns_res_open): Ditto.
-
-2017-05-24 Justus Winter <justus@g10code.com>
-
- agent: Make digest algorithms for ssh fingerprints configurable.
- + commit 525f2c482abb6bc2002eb878b03558fb43e6b004
- * agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
- * agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
- option for strings used to communicate with the user.
- * agent/findkey.c (agent_modify_description): Likewise.
- * agent/gpg-agent.c (cmd_and_opt_values): New value.
- (opts): New option '--ssh-fingerprint-digest'.
- (parse_rereadable_options): Set the default to MD5 for now.
- (main): Handle the new option.
- * doc/gpg-agent.texi: Document the new option.
-
- agent: Write both ssh fingerprints to 'sshcontrol' file.
- + commit a5f046d99a084b6a95268f03c1b588e8b78083cb
- * agent/command-ssh.c (add_control_entry): Hand in the key, write both
- the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
- when adding ssh keys.
- (ssh_identity_register): Adapt callsite.
-
- common: Correctly render SHA256-based ssh fingerprints.
- + commit 3a07a69dfc87b4fff610740d3dde8e23f0d2f8bc
- * common/ssh-utils.c (dummy_realloc): New function.
- (dummy_free): Likewise.
- (get_fingerprint): Prepend the fingerprint with the name of the digest
- algorithm. Correctly render SHA256-based ssh fingerprints.
- * common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
- (main): Add an option to dump the keys to gather fingerprints, also
- print the SHA256 fingerprint for keys given as arguments, and check
- the SHA256 fingerprints of the test keys.
-
- common: Support different digest algorithms for ssh fingerprints.
- + commit 3ac1a9d3a018816233a855faff059b4e0657a0f1
- * common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
- (ssh_get_fingerprint{,_string}): Likewise.
- * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
- * common/t-ssh-utils.c (main): Adapt accordingly.
- * agent/command-ssh.c (agent_raw_key_from_file): Likewise.
- (ssh_identity_register): Likewise.
- * agent/command.c (do_one_keyinfo): Likewise.
- * agent/findkey.c (modify_description): Likewise.
-
-2017-05-22 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Add const qualifier for read-only table.
- + commit 509e4a4d7491daf496b21e5892f4f63ab90e8e21
- * agent/call-pinentry.c (start_pinentry): Add const to tbl.
- * agent/command-ssh.c (request_specs): Add const.
- (ssh_key_types): Likewise.
- (request_spec_lookup): Add const to the return value and SPEC.
- (ssh_request_process): Likewise.
- * agent/protect.c (protect_info): Add const.
- (agent_unprotect): Add const to algotable.
-
- g10: Fix default-key selection for signing, possibly by card.
- + commit fbb2259d22e6c6eadc2af722bdc52922da348677
- * g10/call-agent.c (warn_version_mismatch): Revert.
- (start_agent): Suppress version mismatch if relevant.
- * g10/getkey.c (get_seckey_default_or_card): New.
- * g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
-
-2017-05-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: Fix spellings.
- + commit 3713f67026467f63f80649c92ac4cc7973589855
-
-
- docs: Point to https://dev.gnupg.org/ .
- + commit 705da1eb23aef92c42d6d657b20a0984b104f72f
- Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
- the project has transitioned to a better workflow for supporting
- contributions, we should ensure that our documentation points to the
- right place.
-
-2017-05-17 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix checking for opcode arguments.
- + commit aae50e0b6a61549e226e0c7785260ad517f0ffff
- * tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching
- an instruction.
-
- tests: Fix agent teardown in release builds.
- + commit 0e1729bb993648deca84a2664ae78edc848d7003
- * tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
- will properly use the '--build-prefix' argument to make gpgconf use
- tools from the build directory.
-
-2017-05-17 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix gpgcompose.c.
- + commit ae95a7f5335e605fcd71fbe4a18ed384c88d590a
- * g10/gpgcompose.c (show_help): Check return value.
-
- g10: Suppress error for card availability check.
- + commit a8dd96826f8484c0ae93c954035b95c2a75c80f2
- * g10/call-agent.c (start_agent): Add semantics for card; Suppress
- error for card check.
- (warn_version_mismatch): Ignore an error for scdaemon.
- (agent_scd_serialno): Call start_agent with
- FLAG_FOR_CARD_SUPPRESS_ERRORS.
-
-2017-05-16 Justus Winter <justus@g10code.com>
-
- tests: Configure the environments to use scdaemon from build tree.
- + commit 386a7bbb245dd3ab7c4156a554adbe75d82bdf49
- * tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
- when writing a 'gpg-agent.conf'.
- * tests/gpgsm/gpgsm-defs.scm: Likewise.
- * tests/openpgp/defs.scm: Likewise.
-
-2017-05-15 Werner Koch <wk@gnupg.org>
-
- Release 2.1.21.
- + commit 9574820329128f0ea8a98f9bfc0e77c73c3e0ec0
-
-
- po: Update German translation.
- + commit 4bd079dbdb44067688377156413dd32a82a89d22
-
-
- gpg: Do not mark ", " translatable.
- + commit 2d381b0f0ba97657e9fb2971eca6648bb77dd2cc
- * g10/tofu.c (ask_about_binding): Remove useless translation markers.
-
-2017-05-15 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr,w32: Fix ldap crl read on windows.
- + commit abe3a9043f86b48b92ddcec47197e032e35a6f4f
- Summary:
- * dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
- (buffer_get_data): Use seperate read pos.
-
-2017-05-15 Werner Koch <wk@gnupg.org>
-
- common: Let format_text return an error.
- + commit 00b7767bc6fe309aa20375c859ebf708cfc7b9ea
- * common/stringhelp.c (format_text): Return NULL on error.
- * common/t-stringhelp.c (test_format_text): Adjust for change.
- * g10/gpgcompose.c (show_help): Abort on out of core.
- * g10/tofu.c (ask_about_binding): Abort on format_text error.
- (show_statistics): Ditto.
- (show_warning): Ditto.
-
-2017-05-11 Justus Winter <justus@g10code.com>
-
- tests: Also run all OpenPGP tests using keyrings.
- + commit bc01d62dc5d520e138499df5d80fb50f9e87e3e8
- * tests/openpgp/all-tests.scm: Run each test twice, once with public
- keys stored in a keybox, once with a keyring.
- * tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
- make GnuPG use that instead of creating a keybox if '--use-keyring' is
- given.
- * tests/openpgp/setup.scm: Fix flag handling and usage.
-
- tests: Make it possible to run all tests using our infrastructure.
- + commit f4365790daa1d1400c7f0fe73ac9a6d25f0c6d0a
- * Makefile.am (TESTS_ENVIRONMENT): New variable.
- (check-all): New phony target to run all tests.
- * tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
- whether the GPGME test suite is available instead of exiting the
- process.
- * tests/gpgscm/init.scm (export): New macro.
- * tests/gpgscm/tests.scm (run-tests): New function.
- (load-tests): Likewise.
- * tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
- of tests to 'all-tests.scm'.
- * tests/gpgsm/run-tests.scm: Likewise.
- * tests/migrations/run-tests.scm: Likewise.
- * tests/openpgp/run-tests.scm: Likewise.
- * tests/gpgme/Makefile.am: To select the tests to run, use the
- variable 'TESTS'. This harmonizes the interface with the automake
- test suite.
- * tests/gpgsm/Makefile.am: Likewise.
- * tests/migrations/Makefile.am: Likewise.
- * tests/openpgp/Makefile.am: Likewise.
- * tests/openpgp/README: Likewise.
- * agent/all-tests.scm: New file.
- * common/all-tests.scm: Likewise.
- * g10/all-tests.scm: Likewise.
- * g13/all-tests.scm: Likewise.
- * tests/gpgme/all-tests.scm: Likewise.
- * tests/gpgsm/all-tests.scm: Likewise.
- * tests/migrations/all-tests.scm: Likewise.
- * tests/openpgp/all-tests.scm: Likewise.
- * tests/run-tests.scm: Likewise.
-
- tests: Move the makefile parser.
- + commit 78d6a25a2db22ad2ae30d57ca980c0400cfef726
- * tests/gpgme/gpgme-defs.scm (parse-makefile, parse-makefile-expand):
- Move...
- * tests/gpgscm/makefile.scm: ... here.
- * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
-
- gpgscm: Make it possible to set the logfile name.
- + commit 29ef34cc4cb23e7b743dbf4cc8e5761f06076b9a
- * tests/gpgscm/tests.scm (test): Only set the default log filename
- when it has not been set before.
-
-2017-05-10 NIIBE Yutaka <gniibe@fsij.org>
-
- g10, sm, dirmngr, common: Add comment for fall through.
- + commit 0ce94a9698104d9bfc73d5a37478189564c96eb4
- * common/b64dec.c (b64dec_proc): Comment to clarify.
- * dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
- * dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
- * dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
- * g10/armor.c (unarmor_pump): Likewise.
- * g10/gpg.c (main): Likewise.
- * g10/import.c (read_block): Likewise.
- * g10/keygen.c (make_backsig): Likewise.
- * g10/pkclist.c (check_signatures_trust): Likewise.
- * sm/gpgsm.c (main): Likewise.
-
- g10: Stop compiler warning for t-stutter.
- + commit 98b759119c81c5b39f34f8a9a7b6a57e91ad6470
- * g10/t-stutter.c (do_test): Refer current_test_group_failed.
-
-2017-05-08 Justus Winter <justus@g10code.com>
-
- gpg: Properly account for ring trust packets.
- + commit 22739433e98be80e46fe7d01d52a9627c1aebaae
- * g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
- instead of counting ourself.
- * g10/packet.h (struct parse_packet_ctx_s): New field
- 'n_parsed_packets'.
- (init_parse_packet): Initialize new field.
- * g10/parse-packet.c (parse): Count packets.
-
-2017-05-04 Justus Winter <justus@g10code.com>
-
- tests: Support tests that are expected to fail.
- + commit d6b46462f8c5c705ffb7cf8af03465a926aa11d3
- * tests/gpgscm/tests.scm (test-pool): Rework reporting. Filter using
- the computed test status instead of the return value. Also print the
- new categories 'failed expectedly' and 'passed unexpectedly'.
- (test): If a test ends with a bang (!), it is expected to fail. Adapt
- status, status-string, and xml accordingly.
-
- tests: Add function to dump packets.
- + commit eab0138e3179f247180a639a91570e5ee2c6ad0e
- * tests/openpgp/defs.scm (gpg-dump-packets): New function.
-
-2017-05-03 Andre Heinecke <aheinecke@intevation.de>
-
- speedo,w32: Fix silent user mode installation.
- + commit d378cc34a8d3d5053cf0c5ac7aa731c1bcefee22
- * build-aux/speedo/w32/inst.nsi (AddToPath): Move account
- check here.
- (PrintNonAdminWarning): Remove is_user_install variable.
-
-2017-05-03 Justus Winter <justus@g10code.com>
-
- gpgscm: Create and re-use frame objects.
- + commit 8a168a6d4052ec31fed77c79bb96ffdd32bf9646
- * tests/gpgscm/scheme-private.h (struct scheme): New field
- 'frame_freelist'.
- * tests/gpgscm/scheme.c (enum scheme_types): New type 'T_FRAME'.
- (type_to_string): Handle new type.
- (settype): New macro.
- (gc_disable): Make sure there is at least one frame in the free list.
- (mark): Handle frame objects.
- (finalize_cell): Likewise.
- (dump_stack_initialize): Initialize free list.
- (dump_stack_free): Simplify.
- (frame_length): New variable.
- (dump_stack_make_frame): New function.
- (frame_slots): Likewise.
- (frame_payload): New macro.
- (dump_stack_allocate_frame): New function.
- (dump_stack_deallocate_frame): Likewise.
- (dump_stack_preallocate_frame): Likewise.
- (_s_return): Unpack frame object and deallocate it.
- (s_save): Wrap state in an frame object.
- (dump_stack_mark): Mark the free list.
-
- gpgscm: Merge opexe_0.
- + commit 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d
- * tests/gpgscm/scheme-private.h (struct scheme): Remove field 'op'.
- * tests/gpgscm/scheme.c (opexe_0): Inline into 'Eval_Cycle'.
- (_Error_1): Return the opcode to evaluate next.
- (Error_1): Do not return, but set the opcode and goto dispatch.
- (Error_0): Likewise.
- (s_goto): Likewise.
- (s_return): Likewise.
- (s_return_enable_gc): Likewise.
- (s_thread_to): Remove superfluous cast.
- (_s_return): Return the opcode to evaluate next.
- (scheme_init_custom_alloc): Adapt to removal of field 'op'.
-
-2017-05-03 Andre Heinecke <aheinecke@intevation.de>
-
- speedo,w32: Allow installation as normal user.
- + commit cacfd4bce94704b531f68ee76fb40789e44fde67
- * build-aux/speedo/w32/g4wihelp.c (ENV_HK_USER, ENV_REG_USER):
- New defines.
- (path_add): Handle is_user_install variable. Don't abort
- if Path reg key does not exist. Fix crash if Path reg key
- does not contain a semicolon.
- (path_remove): Handle is_user_install variable. Fix crash
- if Path reg key does not exist.
- * build-aux/speedo/w32/inst.nsi: Remove obsolete HAVE_STARTMENU
- this was double guarded with WITH_GUI. Add Multiuser plugin and
- defines for this. Use SHCTX instead of HKLM / HKCU.
- (PrintNonAdminWarning): Only Warn and don't abort.
-
-2017-05-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- g10: Remove skeleton options files.
- + commit 201f86803017c1db373023f7b506d4a0dc644bbc
- * build-aux/speed/w32/inst.nsi: stop installing skeleton files.
- * doc/gpg.texi: stop documenting skeleton files.
- * g10/Makefile.am: stop installing skeleton files.
- * g10/openfile.c (copy_options_file): Remove.
- (try_make_homedir): do not call copy_options_file.
-
-2017-04-27 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: For signing, prefer available card key when no -u option.
- + commit 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
- * g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
- Then, use the card key if any.
-
-2017-04-26 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Minor clean up.
- + commit 2262a80c5f44433a08bc0e21b77d9efe51596f21
- * g10/main.h (complete_sig): Remove declaration.
- * g10/sign.c (complete_sig): Make it static.
-
-2017-04-25 NIIBE Yutaka <gniibe@fsij.org>
- Tomas Mraz
-
- dirmngr: Fix aliasing problem in dns.c.
- + commit 247932f367f856e7ce91528e14f0aaf838150857
- * dirmngr/dns.c (dns_ai_setent): Care about aliasing.
-
-2017-04-25 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: Remove *.conf.tmpl from Makefile.
- + commit 7851d73fd7f424f9a649690e1cb3055feb792c51
- * tests/openpgp/Makefile.am (TEST_FILES): Remove gpg.conf.tmpl
- and gpg-agent.conf.tmpl.
-
- g10: invalidate the fd cache for keyring.
- + commit 116cfd60779fbb3540da629db54dc2e148f4a3a2
- * g10/keyring.c (keyring_search_reset): Don't keep the FD cache.
-
-2017-04-24 Andre Heinecke <aheinecke@intevation.de>
-
- w32: Enable wildcard expansion with mingw-w64.
- + commit 2e71bf30f038ca0e142acbb6f650ce029105f8a2
- * g10/gpg.c: Define _dowildcard = -1;
-
-2017-04-24 Justus Winter <justus@g10code.com>
-
- tests: Fix Python detection.
- + commit ef1922b3b19df0aa7f8c15d503c603f76fc13f82
- * tests/gpgme/gpgme-defs.scm (python): Fix Python detection.
-
- gpgscm: Refactor cell finalization.
- + commit d2f6798621d751cd6ae6f091c4a2af4569c5b8aa
- * tests/gpgscm/scheme.c (finalize_cell): Use switch, return whether
- the cell may be freed.
- (gc): Update callsite.
-
- gpgscm: Tweak error message display.
- + commit 78547bfe8a885579438a17abadca02b62cce2844
- * tests/gpgscm/init.scm (throw'): If the first argument to the error
- is a string, display it as such.
-
- tests: Deduplicate and simplify code.
- + commit 06a177ceea529269a7404740c60416bd6a4567b1
- * tests/gpgme/gpgme-defs.scm (create-file): Move...
- * tests/gpgsm/gpgsm-defs.scm (create-file): ... likewise...
- * tests/openpgp/defs.scm (create-file): Here.
- (create-gpghome): Use 'create-file'.
- * tests/openpgp/gpg-agent.conf.tmpl: Delete file.
- * tests/openpgp/gpg.conf.tmpl: Likewise.
-
- gpgscm: Fix test.
- + commit 9ae63b9caefdf3e925c5928667fcd9227132d27f
- * tests/gpgscm/t-child.scm: Use 'string-length' on the string.
-
- gpgscm: Improve syntax checking.
- + commit 4aab0e6ac7f2887a6f38f0cb95365dd7c30b4b18
- * tests/gpgscm/scheme.c (opexe_0): Make sure closure arguments are
- symbols.
-
- gpgscm: Emit JUnit-style XML reports.
- + commit ee715201ae784e840b6136393289e6dbd6f4c540
- * tests/gpgscm/Makefile.am (EXTRA_DIST): Add new file.
- * tests/gpgscm/lib.scm (string-translate): New function.
- * tests/gpgscm/main.c (main): Load new file.
- * tests/gpgscm/tests.scm (dirname): New function.
- (test-pool): Record execution times, emit XML report.
- (test): Record execution times, record log file name, emit XML report.
- (run-tests-parallel): Write XML report.
- (run-tests-sequential): Likewise.
- * tests/gpgscm/xml.scm: New file.
- * tests/gpgme/Makefile.am (CLEANFILES): Add 'report.xml'.
- * tests/gpgsm/Makefile.am: Likewise.
- * tests/migrations/Makefile.am: Likewise.
- * tests/openpgp/Makefile.am: Likewise.
-
- gpgscm: Make logging less verbose and more useful.
- + commit 679920781a25ae5c0e49d4bd78e6926fd661778f
- * tests/gpgscm/tests.scm (call-with-io): When being verbose, include
- the pid in the output, and avoid duplicating the command arguments.
-
- gpgscm: Make test framework less functional.
- + commit a71f4142e13e2cc26ef0cd62f56a1ccb7ce678ee
- * tests/gpgscm/tests.scm (test-pool, tests): Previously, these methods
- updated objects by creating new updated copies of the object being
- manipulated. This made the code awkward without any benefit,
- therefore I change it to just update the object.
-
- gpgscm: Move 'trace' and 'stringify'.
- + commit f03d6897be904da58cad76b4bd07729922b47616
- * tests/gpgscm/tests.scm (trace, stringify): Move...
- * tests/gpgscm/lib.scm: ... here.
-
- gpgscm: Avoid fruitless garbage collection cycles.
- + commit 245860ecaf8b9e82ca577385abd453ac92ffcd26
- * tests/gpgscm/scheme-private.h (CELL_MINRECOVER): New macro.
- * tests/gpgscm/scheme.c (_get_cell): Move the heuristic to get more
- cells...
- (gc): ... here where every caller benefits from the optimization.
-
-2017-04-20 NIIBE Yutaka <gniibe@fsij.org>
-
- g13: Fix for Solaris.
- + commit 10519270d36586c536bfb6c4cda8ac17c01f4976
- * configure.ac: Check sys/mkdev.h.
- * g13/sh-dmcrypt.c: Include sys/mkdev.h.
-
-2017-04-18 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix final close of LISTEN_FD.
- + commit 4b2581dc0ea1d03e70023bb0748aa0c21c0a2173
- * dirmngr/dirmngr.c (handle_connections): Close LISTEN_FD.
-
- dirmngr: Fix API difference for Windows.
- + commit 0d0a7efa8fa0accc1da851917376e2328ef33c96
- * dirmngr/http.c (read_server, write_server): Use assuan_fd_t.
- (http_wait_response): Use FD2INT to get unsigned integer fd.
- (read_server, write_server): Likewise.
- (simple_cookie_read, simple_cookie_write): Use assuan_fd_t.
-
-2017-04-17 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: More minor change.
- + commit 9296aed4bd2ad09d23339e658264e557c5312585
- * agent/command.c (cmd_pksign): Remove redundant assignment.
-
- agent: Minor cleanup.
- + commit 45c52cca1401b930878a8f901b63cfbb22e9e327
- * agent/command-ssh.c (ssh_key_to_protected_buffer): Not touch ERR.
- * agent/command.c (cmd_genkey, cmd_import_key): Clean up.
-
- tests: Minor memory fix.
- + commit b9440aa3693a4bb91e1ba8ff09e2d93ff22dd70a
- * tests/openpgp/fake-pinentry.c (get_passphrase): Free the memory.
-
- g10: Fix parse_ring_trust.
- + commit 256e861bce3dc9aba8fab4df47a40cae3bede175
- * g10/parse-packet.c (parse_ring_trust): Fix condition.
-
- g10: Minor fixes.
- + commit 0dec0cc281dfa26db89f8cc5ee002dea5c2b2e81
- * g10/export.c (cleartext_secret_key_to_openpgp): No initialization.
- (do_export_one_keyblock): Initialize with GPG_ERR_NOT_FOUND.
- * g10/getkey.c (get_best_pubkey_byname): Add non-null check.
- * g10/tofu.c (tofu_set_policy): ERR initialize to 0.
-
- g10: Fix import/export filter property match.
- + commit af5f8ecf51f5e1f33e832d4946d02313b78a0536
- * g10/import.c (impex_filter_getval): Fix to "else if".
-
-2017-04-14 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Clean up error initialize/return.
- + commit 36c4e540f1a4992675ee6e0acca1231325457079
- * agent/call-pinentry.c (start_pinentry): Return RC.
- * agent/command-ssh.c (ssh_handler_request_identities): Don't set ERR.
- * agent/findkey.c (try_unprotect_cb): Return ERR.
- (unprotect): Don't set RC.
- * agent/gpg-agent.c (handle_connections): Don't set fd.
-
- dirmngr: More fix for test program.
- + commit adb77d095b3958482863a17c83746f33945638dc
- * dirmngr/t-http.c (main): Care about no TLS.
-
- dirmngr: More fix for Windows.
- + commit 4771bad610eb59e701fe8e53468e2af22d45eeb0
- * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only
- valid with HTTP_USE_NTBTLS.
- (_my_socket_new): Simply cast to int since it's for debug.
- (_my_socket_ref, _my_socket_unref): Likewise.
-
-2017-04-13 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix http.c for sockaddr_storage.
- + commit 86dcb03134fd4957d51ebaa06b7991239f9ee56a
- dirmngr/http.c (use_socks): Use sockaddr_storage.
- (my_sock_new_for_addr, connect_server): Likewise.
-
- dirmngr: Fix alignment of ADDR.
- + commit 892b33bb2c57785927ea6652091191da2deed464
- * dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage
- for size and alignment.
- * dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change.
- (resolve_dns_name): Use struct sockaddr_storage.
- (resolve_addr_standard, resolve_dns_addr): Likewise.
- (resolve_dns_addr): Likewise.
-
- dirmngr: Fix thread key type.
- + commit 37018adce6ea4920b34d59afcfe4f55f716b3086
- * dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t.
-
- common, g10: Fix enumeration types.
- + commit 74258278efacd7069e8c1df8ff6fc3f4675d713e
- * common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
- (DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
- * g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
- (map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
- (openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
- (pubkey_get_npkey): Add default handling.
-
- dirmngr: More fix for Windows.
- + commit 5af104b541ed430a54eb0163a1d29e1d043f9377
- * dirmngr/dns.c (socket_fd_t, STDCALL): New.
- (dns_te_initname): Use.
-
-2017-04-12 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix type of sock.
- + commit 6755b3b505f79a5a233b18e85f57a0d3a455e664
- * dirmngr/http.c (send_request): Use assuan_fd_t for SOCK.
-
- tools: Fix condition for gpg-connect-agent.
- + commit f52f6af834cc488d11612e349e4af023d69a45f4
- * tools/gpg-connect-agent.c (start_agent): Add paren.
-
- dirmngr: Fix possible null reference.
- + commit 7ae1857c90ab43ad9e31f0fb6dbd37f25cc37278
- * dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL.
-
- common: Simplify format_text.
- + commit 7b4edf14bb16fbe786e55b829a208960396ce8df
- * common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
- * common/stringhelp.h: Change the API with no IN_PLACE.
- * common/t-stringhelp.c (test_format_text): Follow the change.
- * g10/gpgcompose.c (show_help): Likewise.
- * g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
- (show_statistics, show_warning): Likewise.
-
- gpgscm: Fix test program.
- + commit 7f9032d4a8ce53ce1a972bd3c1f8d20b3776756b
- * tests/gpgscm/t-child.c (main): Fix for setmode.
-
- dirmngr: Fix plus1_ns.
- + commit 60d9a9e6b4ae3af029596d14732c02f49203326d
- * dirmngr/dns.c (plus1_ns): Fix the initial implementation.
-
- scd: Handle unexpected suspend/resume by CCID driver.
- + commit f053f99ed0b0c6de7b7c4a07cbd7f7d213ddf0db
- * scd/ccid-driver.c (bulk_in): Handle unexpected failure.
-
- dirmngr: Fix dns-stuff.c in another way.
- + commit bd0c94939faf8ccfc117fb595e9bc0105edcafa4
- * dirmngr/dns-stuff.c (T_CERT): Define our own.
-
- Revert "dirmngr: Fix dns-stuff.c."
- + commit 0b904ddea8bddaa2fd7893a9dce1df1cb5e36b00
- This reverts commit 1538523156be568046f632d1775eae30ea8bd556.
-
- dirmngr: Fix dns-stuff.c.
- + commit 1538523156be568046f632d1775eae30ea8bd556
- * dirmngr/dns-stuff.c: Don't include arpa/nameser.h.
-
- agent: Simplify stream_read_cstring.
- + commit c64763c3a74ecc61c2f6c5edb679a2a3879d79e7
- * agent/command-ssh.c (stream_read_cstring): Just call
- stream_read_string.
-
- dirmngr: Use a function to increment network short.
- + commit 64904ce627b6b0661acf15b5b70103c4842bb0f3
- * dirmngr/dns.c (plus1_ns): New.
- (dns_p_push): Use it.
-
- g10: Minor clean up for export.c.
- + commit 05218829589f6d4b09933fa19f568c2019367d5c
- * g10/export.c (export_ssh_key): Check IDENTIFIER for error.
- Release base64 thing on error of get_membuf.
-
-2017-04-11 NIIBE Yutaka <gniibe@fsij.org>
-
- g13: Include sys/sysmacros.h if available.
- + commit c3cc9551dcc89cc25c0a0ec16d8eb12c1c221638
- * configure.ac: Add test for sys/sysmacros.h.
- * g13/sh-dmcrypt.c: Include sys/sysmacros.h.
-
-2017-04-11 Justus Winter <justus@g10code.com>
-
- tests: Fix distcheck.
- + commit 00be2a92625e832e8dd621f2a8f72b124c6d50ca
- * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'gnupg.scm'.
-
- tests: Avoid relying on implicit gpg commands.
- + commit cde626e7f7349a73d58ec3236ab3b43dec852bb5
- * tests/openpgp/armdetach.scm: Always use an explicit command instead
- of relying on gpg to guess what we want.
- * tests/openpgp/armdetachm.scm: Likewise.
- * tests/openpgp/armencrypt.scm: Likewise.
- * tests/openpgp/armencryptp.scm: Likewise.
- * tests/openpgp/armor.scm: Likewise.
- * tests/openpgp/armsignencrypt.scm: Likewise.
- * tests/openpgp/armsigs.scm: Likewise.
- * tests/openpgp/clearsig.scm: Likewise.
- * tests/openpgp/compression.scm: Likewise.
- * tests/openpgp/conventional-mdc.scm: Likewise.
- * tests/openpgp/conventional.scm: Likewise.
- * tests/openpgp/decrypt-dsa.scm: Likewise.
- * tests/openpgp/decrypt.scm: Likewise.
- * tests/openpgp/detach.scm: Likewise.
- * tests/openpgp/detachm.scm: Likewise.
- * tests/openpgp/ecc.scm: Likewise.
- * tests/openpgp/encrypt-dsa.scm: Likewise.
- * tests/openpgp/encrypt-multifile.scm: Likewise.
- * tests/openpgp/encrypt.scm: Likewise.
- * tests/openpgp/encryptp.scm: Likewise.
- * tests/openpgp/seat.scm: Likewise.
- * tests/openpgp/signencrypt-dsa.scm: Likewise.
- * tests/openpgp/signencrypt.scm: Likewise.
- * tests/openpgp/sigs-dsa.scm: Likewise.
- * tests/openpgp/sigs.scm: Likewise.
-
- tests: Make tests more robust.
- + commit 1b28d9dbe0260b2a4645c4b5caae11d9f375c942
- * tests/openpgp/defs.scm (have-opt-always-trust): Execute in empty
- ephemeral home directory. This prevents gpg from picking up the
- configuration from the current gnupghome (if any).
- * tests/migrations/common.scm (untar-armored): Likewise.
-
- tests: Move common functionality.
- + commit ccd2187212c12b84c86a10fd4417a16536243179
- * tests/openpgp/defs.scm (with-home-directory,
- with-ephemeral-home-directory): Move...
- * tests/gpgscm/gnupg.scm: ... to this new file.
- * tests/gpgscm/main.c (main): Load the new file.
-
-2017-04-11 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix build for Windows.
- + commit 3133402241167ccad70fa888a47ffcbe04e7b4c5
- * dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use
- gpgrt_ssize_t.
-
- g10,tools: Fix bzlib.h include order.
- + commit 03d77b60befa4e2f8437a80ac429cca3e54688f8
- * g10/compress-bz2.c: Include bzlib.h after gcrypt.h.
- * tools/gpgsplit.c: Likewise.
-
- g10: Minor clean up for TOFU.
- + commit f079822b2ce06c18b7ea45efed2d29b54e38f04d
- * g10/tofu.c (ask_about_binding): Fix for qualifier.
-
- common: Portability fix for logging.c.
- + commit 456c5cdb2d72bba77e2a30c8fdb1c1cebbe9b1d2
- * common/logging.c (S_IRGRP, S_IWGRP, S_IROTH, S_IWOTH): Avoid
- duplicated definition.
-
- tools: Portability fix for gpgparsemail.
- + commit a1446163d584cdc3003c7d5b5fc6d74737c1732d
- * tools/rfc822parse.c (my_stpcpy): Rename from stpcpy.
-
-2017-04-10 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix opcode dispatch.
- + commit 1b6adab41d386b587f65e5c6f14a63859ac1226b
- * tests/gpgscm/scheme.c (opexe_0): Consider 'op', not 'sc->op'. The
- former is the opcode we are currently executing.
-
- gpgscm: Mmap script files.
- + commit c7f0d90592fd0348a3818ac897f91e6859584146
- * tests/gpgscm/main.c (load): Try to mmap the script.
- * tests/gpgscm/scheme.c (scheme_load_memory): New function, a
- generalization of 'scheme_load_string'.
- * tests/gpgscm/scheme.h (scheme_load_memory): New prototype.
-
- gpgscm: Refactor checking for opcode arguments.
- + commit f3d1f6867792deeb9a2a63744ee9b076c41c58f3
- * tests/gpgscm/scheme.c (op_code_info): Fix type, add forward
- declaration.
- (check_arguments): New function.
- (Eval_cycle): Use the new function.
-
- gpgscm: Improve syntax dispatch.
- + commit b628e62b5b9f7ed5cbb1bfe34727b5ee8129f7d4
- * tests/gpgscm/scheme.c (assign_syntax): Add opcode parameter, store
- opcode in the tag.
- (syntaxnum): Add sc parameter, retrieve opcode from tag.
- (opexe_0): Adapt callsite.
- (scheme_init_custom_alloc): Likewise.
-
- gpgscm: Make tags mandatory.
- + commit a1ad5d6a30cf72d9b7e7bb449985dc69d5e01c4b
- * tests/gpgscm/opdefines.h: Make tags mandatory.
- * tests/gpgscm/scheme.c: Likewise.
- * tests/gpgscm/scheme.h: Likewise.
-
- gpgscm: Add and use opcode for reversing a list in place.
- + commit e1bb9326dc381ae2711a81ab621e21a66388bcbd
- * tests/gpgscm/lib.scm (string-split-pln): Use 'reverse!'.
- (string-rtrim): Likewise.
- * tests/gpgscm/opdefines.h (reverse!): New opcode.
- * tests/gpgscm/scheme.c (opexe_0): Handle new opcode.
-
- gpgscm: Deduplicate code.
- + commit 3e91019a92b9bb3bb5a8cd62336b4cf65964e45b
- * tests/gpgscm/scheme.c (oblist_add_by_name): Deduplicate.
- (new_slot_spec_in_env): Likewise.
-
- gpgscm: Move dispatch table into rodata.
- + commit 7dff6248bddd5583988ac562318cf0d76a409d0e
- * tests/gpgscm/opdefines.h: Use 0 instead of NULL.
- * tests/gpgscm/scheme.c (op_code_info): Use char arrays instead of
- pointers, make arity parameters smaller.
- (INF_ARG): Adapt.
- (_OP_DEF): Likewise.
- (dispatch_table): Likewise.
- (procname): Likewise.
- (Eval_cycle): Likewise.
- (scheme_init_custom_alloc): Likewise.
-
- gpgscm: Use more threaded code.
- + commit 6f217d116d1a12c6093bb253dbfa349bc81bc90b
- * tests/gpgscm/scheme.c (opexe_0): Use 's_thread_to' instead of
- 's_goto' wherever possible.
-
- gpgscm: Remove now obsolete dispatcher function from the opcodes.
- + commit e7ed9822e20ee4bbb4cdd9eca8121b4ade87e5ce
- * tests/gpgscm/opdefines.h: Remove now obsolete dispatcher function
- from the opcodes.
- * tests/gpgscm/scheme-private.h (_OP_DEF): Adapt.
- * tests/gpgscm/scheme.c (dispatch_func): Remove type declaration.
- (op_code_info): Remove 'func'.
- (_OP_DEF): Adapt.
- (Eval_Cycle): Always call 'opexe_0'.
-
- gpgscm: Merge 'opexe_6'.
- + commit ddf444828b9b3f75d964473a2c0e77f75f094cf4
- * tests/gpgscm/scheme.c (opexe_6): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
- gpgscm: Merge 'opexe_5'.
- + commit 1379df44537b67b7c2fbc0fb5bc6f7945a5d7ebb
- * tests/gpgscm/scheme.c (opexe_5): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
- gpgscm: Merge 'opexe_4'.
- + commit 4f835104b9475e7d585d859b85e7d0d4cfe9aab3
- * tests/gpgscm/scheme.c (opexe_4): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
- gpgscm: Merge 'opexe_3'.
- + commit d591ab65d37ee467ca91ad851ab236f2985c1ee2
- * tests/gpgscm/scheme.c (opexe_3): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
- gpgscm: Merge 'opexe_2'.
- + commit 6cad38228f6ebfdc8e52960223b492597aff26a0
- * tests/gpgscm/scheme.c (opexe_2): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
- gpgscm: Merge 'opexe_1'.
- + commit 154af876f05b773bf3a860fcb4cc41066da27beb
- * tests/gpgscm/scheme.c (opexe_1): Merge into 'opexe_0'.
- * tests/gpgscm/opdefines.h: Adapt.
-
-2017-04-10 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Use "ll" length specifier when time_t is larger.
- + commit 170660ed11b56145dea4865e751ae5aff1681fe2
- * agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.
-
- scd: Relax a condition for p15 driver.
- + commit 7501f2e9c4e6fd94a191b381d52ec2fe1d103e29
- * scd/app-p15.c (read_ef_aodf): Fix.
-
- scd: Relax a condition for p15 driver.
- + commit 3c1ad96f1ce838daf2d861b33e6611f6d3043d25
- * scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition.
-
- scd: Remove "special transport" support.
- + commit 34199ef677bb40eadf0da696a111f7036bc3187e
- * scd/ccid-driver.c (transports, my_sleep, prepare_special_transport)
- (writen): Remove.
- (ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB.
- (ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd)
- (ccid_poll, ccid_transceive): Likewise.
-
-2017-04-07 Justus Winter <justus@g10code.com>
-
- gpgscm: Allocate small integers in the rodata section.
- + commit 8640fa880d7050917f4729f2c0cb506e165ee446
- * tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file.
- * tests/gpgscm/scheme-private.h (struct cell): Move number to the top
- of the union so that we can initialize it.
- (struct scheme): Remove 'integer_segment'.
- * tests/gpgscm/scheme.c (initialize_small_integers): Remove function.
- (small_integers): New variable.
- (MAX_SMALL_INTEGER): Compute.
- (mk_small_integer): Adapt.
- (mark): Avoid marking objects already marked. This allows us to run
- the algorithm over objects in the rodata section if they are already
- marked.
- (scheme_init_custom_alloc): Remove initialization.
- (scheme_deinit): Remove deallocation.
- * tests/gpgscm/small-integers.h: New file.
-
- gpgscm: Make global data constant when possible.
- + commit c9c3fe883271868d3b2dd287d295cf6a8f8ffc05
- * tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const.
- * tests/gpgscm/scheme.c (num_zero): Statically initialize and turn
- into constant.
- (num_one): Likewise.
- (charnames): Change type so that it can be stored in rodata.
- (is_ascii_name): Adapt slightly.
- (assign_proc): Make argument const char *.
- (op_code_info): Make some fields const char *.
- (tests): Make const.
- (dispatch_table): Make const. At least it can be made read-only after
- relocation.
- (Eval_Cycle): Adapt slightly.
- (vtbl): Make const.
-
- gpgscm: Remove arbitrary limit on number of cell segments.
- + commit 56638c28adc1bbe9fc052b92549a50935c0fe99c
- * tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size
- arrays for cell segments, replace them with a pointer to the new
- 'struct cell_segment' instead.
- * tests/gpgscm/scheme.c (struct cell_segment): New definition.
- (_alloc_cellseg): Allocate the header within the segment, return a
- pointer to the header.
- (_dealloc_cellseg): New function.
- (alloc_cellseg): Insert the segments into a list.
- (_get_cell): Allocate a new segment if less than a quarter of
- CELL_SIGSIZE is recovered during garbage collection.
- (initialize_small_integers): Adapt callsite.
- (gc): Walk the list of segments.
- (scheme_init_custom_alloc): Remove initialization of removed field.
- (scheme_deinit): Adapt deallocation.
-
- gpgscm: Fix compact vector encoding.
- + commit bf8b5e9042b3d86d419b2ac1987a9298c9d21500
- * tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for
- '_flags'. This way, '_flags' has the size of a machine word.
-
-2017-04-07 Werner Koch <wk@gnupg.org>
-
- gpg: Fix printing of offline taken subkey.
- + commit 547bc01d57528ecc27b3b5e16797967a7f88fecf
- * g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
-
-2017-04-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Internal CCID reader cleanup.
- + commit cc420d34880e2a050b39f969873974cfc35fa5c3
- * scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
- from scan_or_find_usb_device.
- (scan_devices): Likewise. Remove support of special transport types.
- (ccid_get_reader_list): Simplify.
- (abort_cmd): Fix error return.
- (send_escape_cmd): Fix for RESULTLEN == NULL.
- (ccid_transceive_secure): Remove unnecessary var updates.
-
- scd: Don't keep CCID reader open when card is not available.
- + commit 3c93595d701c59cbc9b67a7fd0bcde7ee0fada1a
- * scd/apdu.c (open_ccid_reader): Fail if no ATR.
-
- agent: Serialize access to passphrase cache.
- + commit ebe12be034f052cdec871f0d8ad1bfab85d7b943
- * agent/cache.c (encryption_lock): Remove.
- (cache_lock): New. Now, we have coarse grain lock to serialize
- entire cache access.
- (initialize_module_cache): Use CACHE_LOCK.
- (init_encryption, new_data): Remove ENCRYPTION_LOCK.
- (agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.
-
-2017-04-06 Justus Winter <justus@g10code.com>
-
- gpgscm: Avoid mutating integer.
- + commit f1dc34f502a68673e7a29f3fcf57b8dc6a4fac89
- * tests/gpgscm/scheme.c (opexe_5): Do not modify the integer in-place
- while printing an vector. Integer objects may be shared, so they must
- not be mutated.
-
- gpgscm: Initialize unused slots in vectors.
- + commit b83903f59ec5d49ac579f263da70ebc8dc3645b5
- * tests/gpgscm/scheme.c (get_vector_object): Initialize unused slots
- at the end of vectors.
-
- tests: Fix distcheck.
- + commit 23f00f109ddba595db4f73a6182750177c7dd75d
- * tests/Makefile.am (SUBDIRS): Add 'pkits' again. Simply dropping it
- makes 'make distcheck' unhappy.
- * tests/pkits/Makefile.am (TESTS): Remove all tests.
-
- tests: Disable 'pkits' test suite.
- + commit af1c1a57e46a00a32d83c1a58c5f3ef6f4a1c1d1
- * tests/Makefile.am (SUBDIRS): Drop 'pkits'.
- * tests/pkits/common.sh: Fix locating 'PKITS_data.tar.bz2'.
- * tests/pkits/inittests: Likewise.
-
- tests: Make test more robust.
- + commit 94645311f8a3e9ae33643512f87fbef41bf0556f
- * tests/openpgp/4gb-packet.scm: Skip if we do not have BZIP2.
- * tests/openpgp/defs.scm (have-compression-algo?): New function.
-
-2017-04-05 Justus Winter <justus@g10code.com>
-
- tests: Fix setup of ephemeral home directories.
- + commit 01e84d429aeeb1450012ff0576a6a24de50693c6
- * tests/openpgp/defs.scm (with-ephemeral-home-directory): Set
- GNUPGHOME and cwd to the ephemeral directory before calling the setup
- function.
-
-2017-04-04 Justus Winter <justus@g10code.com>
-
- tests: Fix setup of ephemeral home directories.
- + commit 32b75fb7743f35936d7014fce33c90ba97dfa374
- * tests/openpgp/defs.scm (with-ephemeral-home-directory): Create
- configuration files when we enter the context.
- * tests/openpgp/setup.scm: Do not use an ephemeral home directory.
- Tests should always use the cwd.
- * tests/gpgsm/setup.scm: Likewise.
- * tests/gpgsm/export.scm: Add explicit constructor function.
- * tests/openpgp/decrypt-session-key.scm: Likewise.
- * tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
-
- gpgscm: Fix copying values.
- + commit 6261611d3786f19fd84ccc79f45a89cadac518e8
- * tests/gpgscm/scheme.c (copy_value): New function.
- (mk_tagged_value): Use new function.
- (opexe_4): Likewise for OP_SAVE_FORCED.
-
- gpgscm: Simplify get-output-string operation.
- + commit a80d4a9b50ad47eae1f8c740dd73804311e38783
- * tests/gpgscm/scheme.c (opexe_4): Simplify 'get-output-string'.
-
- gpgscm: Simplify substring operation.
- + commit d858096c99705ccf2e115475f81c4cf88edbeebf
- * tests/gpgscm/scheme.c (opexe_2): Simplify 'substring'.
-
-2017-04-04 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Minor fix for get_client_pid.
- + commit 5744d2038bd17b8b1be4e73d0ad3bc41772efe96
- * agent/command-ssh.c (get_client_pid): Use 0 to initialize.
-
-2017-04-03 Werner Koch <wk@gnupg.org>
-
- Release 2.1.20.
- + commit e7eb9b12deaf7ebe26967bfb56e980b7efeebdc3
-
-
- dirmngr: New option --disable-ipv6.
- + commit 3533b854408fa93734742b2ee12b62aa0d55ff28
- * dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
- * dirmngr/dirmngr.c (oDisableIPv6): New const.
- (opts): New option --disable-ipv6.
- (parse_rereadable_options): Set that option.
- * dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
- (set_dns_disable_ipv6): New.
- (resolve_name_standard): Make use of it.
- * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
- OPT.DISABLE_IPV6.
- * dirmngr/ks-engine-hkp.c (map_host): Ditto.
- (send_request): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/ocsp.c (do_ocsp_request): Ditto.
-
- dirmngr,w32: Silence the 'certificate already cached' message.
- + commit fce36d7ec87be14b874813db277781c87a64ea87
- * dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
- message.
-
- dirmngr: Handle EIO which is sometimes returned by cookie functions.
- + commit cc32ddbcba8c53d3e2cad952d72f62dc73911042
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
-
- dirmngr: Always print a warning for a missing /etc/hosts.
- + commit 35c843c815306f36d1efbc52f5e2f6bac3f67aec
- * dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
- missing /etc/hosts.
-
- dirmngr: Do not assume that /etc/hosts exists.
- + commit 5d873f288e86edfb684f4dd57ac36466b06494a4
- * dirmngr/dns-stuff.c (libdns_init): Do not bail out.
-
- po: Update the German translation.
- + commit c7be01dae914c183dd99bd531a388c794d858c61
-
-
- gpgconf: Add --enable-extended-key-format for the agent.
- + commit d23052b04ebb0ac731aa351650c4084f080c640b
- * tools/gpgconf-conf.c: Add option.
- * agent/gpg-agent.c (main) <aGPGConfList>: Add option.
-
-2017-04-03 Justus Winter <justus@g10code.com>
-
- gpgscm: Slightly improve the procedure dispatch.
- + commit 90932bdad607d06f4f040e3457caddba79ba8b7e
- * tests/gpgscm/scheme.c (procnum): Procedures always have an integer
- number, so we can safely use the cheaper 'ivalue_unchecked'.
-
-2017-04-03 Werner Koch <wk@gnupg.org>
-
- gpg: Handle critical marked 'Reason for Revocation'.
- + commit 3f6d949011f485613bb4bd3e06a2643be79cce40
- * g10/parse-packet.c (can_handle_critical): Add
- SIGSUBPKT_REVOC_REASON.
-
-2017-04-02 Werner Koch <wk@gnupg.org>
-
- agent: Use OCB for key protection with --enable-extended-key-format.
- + commit d24375271b97e45deaeb1ef0a8434c64066ba2e8
- * agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
- (agent_protect): Make the default protection mode depend on the extend
- key format option.
-
-2017-04-01 Werner Koch <wk@gnupg.org>
-
- kbx: Unify blob reading functions.
- + commit 0039d7107bcdfce6f3b02b46ff0495cfba07882a
- * kbx/keybox-file.c (_keybox_read_blob): Remove.
- (_keybox_read_blob2): Rename to ....
- (_keybox_read_blob): this. Make arg options. Change all callers.
- * kbx/keybox-search.c (keybox_search): Factor fopen call out to ...
- (open_file): new.
- (keybox_seek): Als use open_file.
-
-2017-03-31 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid multiple open calls to the keybox file.
- + commit 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
- * g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
- * g10/gpg.h: here.
- (struct server_control_s): Add field 'cached_getkey_kdb'.
- * g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
- * g10/getkey.c (getkey_end): Cache keydb handle.
- (get_pubkey): Use cached keydb handle.
- * kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
- closing the file.
-
- gpg: Pass CTRL also to getkey_end.
- + commit aca5f494a88776d4974bfa9b0b65cb60c1b42040
- * g10/getkey.c (getkey_end): Add arg CTRL. Change all callers.
-
- gpg: Print more stats for the keydb and the signature cache.
- + commit 3a10de3bfd785aefb0150e82b6dbbc7cb9f208c8
- * g10/sig-check.c (sig_check_dump_stats): New.
- (cache_stats): New struct.
- (check_key_signature2): Update stats.
- * g10/gpg.c (g10_exit): Call new function.
- * g10/keydb.c (kid_not_found_cache_count): Replace by ...
- (kid_not_found_stats): ... new struct. Change users.
- (keydb_stats): New struct. Update the counters.
- (keydb_dump_stats): Print all stats.
-
- gpg: Assert that an opaque parameter is really what we expect.
- + commit 52ba5e67cad4311d0ddbc4f2979e20afd0161d1f
- * g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
- (server_control_s): Add field 'magic'.
- * g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
- * g10/import.c (impex_filter_getval): Assert MAGIC.
-
-2017-03-30 Justus Winter <justus@g10code.com>
-
- gpg: Consistent use of preprocessor conditionals.
- + commit 5e89144cbca36c1e7eb814b3aad4b7c46cd4efbf
- * g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
- DEBUG_PARSE_PACKET. This fixes the build with '#define
- DEBUG_PARSE_PACKET 0'.
-
- common: Avoid undefined behavior.
- + commit 214fa9012296d796b78f1a3106d656639cf50aef
- * common/iobuf.c (iobuf_read_line): Do not consider 'length' if
- 'buffer' is NULL.
-
-2017-03-30 Werner Koch <wk@gnupg.org>
-
- gpg: Remove the use of the signature information from a KBX.
- + commit a6142dbdbc5783043deb847dc64998c421860941
- * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
- (keyblock_cache_clear): Adjust for that removal.
- (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature
- cache setting; this is now done in the parser.
- (keydb_get_keyblock): Do not set SIGSTATUS.
- (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change
- caller.
- * kbx/keybox-blob.c: Explain that the signature information is not
- anymore used.
- (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
- callers.
- * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
- and change callers.
- * kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
-
- gpg: Fix actual leak and possible leaks in the packet parser.
- + commit 7bf24e8146116a30c4c9d7b6dbf8bbb27fc35971
- * g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
- pointer to its struct.
- (init_parse_packet): Adjust for LAST_PKT not being a pointer.
- * g10/parse-packet.c (parse): Ditto. Free the last packet before
- storing a new one in case of a deep link.
- (parse_ring_trust): Adjust for LAST_PKT not being a pointer.
- * g10/free-packet.c (free_packet): Ditto.
- * g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
-
- gpg: Fix export porting of zero length user ID packets.
- + commit 64665404e43051fa50ee030766347e24b7d1e4d5
- * g10/build-packet.c (do_user_id): Avoid indeterminate length header.
-
- gpg: Revamp reading and writing of ring trust packets.
- + commit a8895c99a7d0750132477d80cd66caaf3a709113
- * g10/parse-packet.c (parse_trust): Rename to ...
- (parse_ring_trust): this. Change args and implement new ring trust
- packet format.
- (parse): Add special ring trust packet handling.
- * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
- KEYSRC.
- (PKT_public_key): Ditto.
- (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
- (PKT_ring_trust): New.
- (struct packet_struct): Remove member RING_TRUST.
- (strcu parse_packet_ctx_s): Add field SKIP_META.
- (init_parse_packet): Init SKIPT_META.
- * g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
- (free_user_id): Ditto.
- * g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
- lines.
- * g10/build-packet.c (build_packet_and_meta): New.
- (do_ring_trust): New.
- * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
- in backup mode.
- (do_export_one_keyblock): Ditto.
- * g10/import.c (read_block): Add arg WITH_META. Skip ring trust
- packets if that ism not set.
- (import): Call read_block WITH_META in restore mode.
- * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
- (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
- yet used, though.
- * g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
- (build_keyblock_image): Ditto. Use build_packet_and_meta.
- * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
- ring trust packets.
- (write_keyblock): Use build_packet_and_meta. Remove special treatment
- of ring trust packets and initialization of the signature caches.
-
-2017-03-29 Werner Koch <wk@gnupg.org>
-
- gpg: Extend free_packet to handle a packet parser context.
- + commit afa86809087909a8ba2f9356588bf90cc923529c
- * g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
- FREE_LAST_PKT.
- (init_parse_packet): Clear them.
- (deinit_parse_packet): New macro. Change all users if
- init_parse_packet to also call this macro.
- * g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
- packet copies in the context. Change all callers.
- * g10/parse-packet.c (parse): Store certain packets in the parse
- context.
-
- gpg: Change parse_packet to take a context.
- + commit 0526c99164d3531b5ec763ffc672407eb24b2296
- * g10/packet.h (struct parse_packet_ctx_s): New.
- (parse_packet_ctx_t): New type.
- (init_parse_packet): New macro.
- * g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
- a parse context. Change all callers to provide a context instead of
- directly supplying the input stream.
- (search_packet, dbg_search_packet): Ditto.
- (copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
- (copy_some_packets, dbg_copy_some_packets): Ditto.
- (skip_some_packets, dbg_skip_some_packets): Ditto.
-
- gpg: Export ring trust packets in backup mode.
- + commit f5b565a5b8de3f2a3d98bc1a655e18333aee223b
- * g10/export.c (write_keyblock_to_output): Export ring trust packets.
-
-2017-03-28 Justus Winter <justus@g10code.com>
-
- tests,w32: Fix importing the extra key for GPGME's keylist test.
- + commit b20780658ebb1e1245db18c04db3e815399cf706
- * tests/gpgme/wrap.scm: Qualify the tests name with the extension for
- executables (if any).
-
-2017-03-28 Werner Koch <wk@gnupg.org>
-
- gpg: Prepare for listing last_update and key origin data.
- + commit 4af389c9721fa534ed06a64b80705b631575c775
- * g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.
-
-2017-03-28 Justus Winter <justus@g10code.com>
-
- tests: Fix distcheck.
- + commit 5128cd74c029d57491a79ca9e918c81facdf1b76
- * tests/openpgp/Makefile.am (sample_msgs): Add all missing sample
- messages.
-
- tests: Add test for '--decrypt --unwrap'.
- + commit 211d71f19c24da94f4c58014606125c1a29d86a2
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/decrypt-unwrap-verify.scm: New file.
-
- g10: Fix memory leak.
- + commit 6d3edfd972c1114f43f6b35773dc25e0256f48f4
- * g10/decrypt-data.c (decrypt_data): Free 'filename'.
-
-2017-03-27 Justus Winter <justus@g10code.com>
-
- common: Fix connecting to the agent.
- + commit caf00915532e6e8e509738962964edcd14fb0654
- * common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
-
-2017-03-27 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Support specifying SERIALNO for --card-status.
- + commit c1e6302b347caf852a056b9c721469ccb51f44da
- * g10/gpg.c (main): Allow an argument for --card-status.
- * g10/card-util.c (current_card_status): Rename from card_status.
- (card_status): New, which supports multiple cards.
- (get_one_name): Use current_card_status.
-
- scd: Change the order of applications when accessed.
- + commit d58275703f035e8cfd58cd1c2d0d5ac7dc59e110
- * scd/app.c (select_application): Move the app to top.
-
- scd: Fix timeout handling for key generation.
- + commit 0848cfcce738150b53bfb65b78efc1e6dc9f3d26
- * scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
- (CCID_CMD_TIMEOUT_LONGER): New.
- (ccid_transceive): Add kludge for key generation.
-
-2017-03-24 Werner Koch <wk@gnupg.org>
-
- gpg: Improve check for already compressed packets.
- + commit 0b3770c421a35b64823a805fa8d49ddd5c653d50
- * common/miscellaneous.c (is_openpgp_compressed_packet): New.
- (is_file_compressed): Rerad 2 more bytes and call new function.
-
- agent: New option --enable-extended-key-format.
- + commit 2c237c13628a88ba23742da34ea18d3e205d7c53
- * agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
- (opts): New option --enable-extended-key-format.
- (parse_rereadable_options): Set option
- * agent/findkey.c (write_extended_private_key): Add arg 'update'.
- (agent_write_private_key): Implement new option.
-
- agent: New option --stub-only for DELETE_KEY.
- + commit 6fab7bba879d7794e32112cf3eddd8d87130a5d7
- * agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
- * agent/command.c (cmd_delete_key): Add option --stub-only.
-
-2017-03-23 Werner Koch <wk@gnupg.org>
-
- common: Implicitly do a gpgconf --create-socketdir.
- + commit 26086b362ff47d21b1abefaf674a6464bf0a8921
- * common/homedir.c (_gnupg_socketdir_internal): Create the
- sub-directory.
-
- tests: Use gpgconf to stop the agent.
- + commit 2c9d9ac55ea455a5ec26428989dced0311ed46cc
- * tests/openpgp/defs.scm (stop-agent): Swap order of actions. Kill
- all daemons using gpgconf.
- * tools/gpgconf.c (main) <aRemoveSocketDir>: Try to remove known
- socketfails on rmdir failure. Do no fail for ENONET.
-
-2017-03-23 Justus Winter <justus@g10code.com>
-
- gpgscm: Make test cleanup more robust.
- + commit 178b6314ab2d2268873067314744c8af74dc331e
- * tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that
- cleans up at interpreter shutdown.
- (run-tests-parallel): Use the new function.
- (run-tests-sequential): Likewise.
- (make-environment-cache): Execute setup with an temporary working
- directory.
-
-2017-03-21 Justus Winter <justus@g10code.com>
-
- tests: Test '--quick-set-primary-uid'.
- + commit fde885bbc47a4bf14a8570ac62e68adc8cf47a6e
- * tests/openpgp/quick-key-manipulation.scm: Test
- '--quick-set-primary-uid'.
-
- tests,w32: Use GetTempPath to get the path for temporary files.
- + commit d17840c3f40111beaf97d96ad3ca52047976e221
- * tests/gpgscm/ffi.c (do_get_temp_path): New function.
- (ffi_init): Make function available.
- * tests/gpgscm/tests.scm (mkdtemp): Use the new function.
-
-2017-03-21 Werner Koch <wk@gnupg.org>
-
- gpg: New command --quick-set-primary-uid.
- + commit 74c1f30ad6616186f0ab9dbaf34db6c17b1e40c4
- * g10/gpg.c (aQuickSetPrimaryUid): New const.
- (opts): New command --quick-set-primary-uid.
- (main): Implement it.
- * g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
- (quick_find_keyblock): new func.
- (keyedit_quick_revuid): Use quick_find_keyblock.
- (keyedit_quick_set_primary): New.
-
-2017-03-21 Justus Winter <justus@g10code.com>
-
- dirmngr: Fix error handling.
- + commit 483c1288a8f86dc6bf93d0d3f2865ecc246aecba
- * dirmngr/dns-stuff.c (libdns_init): Convert error before printing it.
-
- dirmngr: Load the hosts file into libdns.
- + commit 88f1505f0613894d5544290a170119eb538921e5
- * dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
- libdns.
-
- tests: Create temporary directories in '/tmp'.
- + commit 06f1f163e96f1039304fd3cf565cf9de1ca45849
- * tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in
- '/tmp' on UNIX, or in '%Temp' on Windows.
- * tests/migrations/common.scm (run-test): Turn error into a warning.
- * tests/openpgp/defs.scm (start-agent): Likewise.
-
-2017-03-20 Justus Winter <justus@g10code.com>
-
- tests: Remove debugging remnants.
- + commit ceb4b245752bb1fb43fde7e99f8d904ab8a9b5e2
- * tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's.
-
- tests: Fail if we cannot create the socket directory.
- + commit d75d20909d9f60d33ffd210def92278c0f383aad
- * tests/migrations/common.scm (run-test): Turn warning into an error.
- * tests/openpgp/defs.scm (start-agent): Likewise.
-
-2017-03-20 Werner Koch <wk@gnupg.org>
-
- gpg: Add new field no 18 to the colon listing.
- + commit fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e
- * g10/misc.c (gnupg_pk_is_compliant): New.
- * g10/keylist.c (print_compliance_flags): New.
- (list_keyblock_colon): Call it here.
- * sm/keylist.c (print_compliance_flags): New.
- (list_cert_colon): Call it here.
-
- gpg: Remove unused stuff.
- + commit e2c63a13e2fa4ce39af8471a34c06d73ff3ee6f6
- * g10/OPTIONS: Remove.
- * g10/options.h (struct opt): Remove 'shm_coprocess'.
-
-2017-03-17 Neal H. Walfield <neal@g10code.com>
-
- tests: Add test for issue 2959.
- + commit fb9d68d636490ca88925051f48b08963c324aed1
- * tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask.
-
- gpg: Make sure the conflict set includes the current key.
- + commit b1106b4d640325c60a7212a4a44e4f67c0e3312d
- * g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
- get_policy. If POLICY is 'auto' and the default policy is 'ask', make
- sure CONFLICT_SET includes the current key.
-
-2017-03-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Ignore warning alerts in the GNUTLS handshake.
- + commit 69c521df422a6c9a6b0a93e45c9373a8b6ceb28e
- * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
- alerts.
-
-2017-03-17 Justus Winter <justus@g10code.com>
-
- gpgscm: Simplify hash tables.
- + commit 6a3f857224eab108ae38e6259194b01b0ffdad8b
- * tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a
- slot. Simplify accordingly.
- (oblist_find_by_name): Always return the slot.
- (vector_elem_slot): New function.
- (new_slot_spec_in_env): We now always get a slot. Remove parameter
- 'env'. Simplify accordingly.
- (find_slot_spec_in_env): Always return a slot.
- (new_slot_in_env): Adapt callsite.
- (opexe_0): Likewise.
- (opexe_1): Likewise.
- (scheme_define): Likewise.
-
- gpgscm: Remove framework for immediate values.
- + commit 38c955599f7c6c20faeec57d8e1df7d2c0eeba18
- * tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro.
- (is_immediate): Likewise.
- (set_immediate): Likewise.
- (clr_immediate): Likewise.
- (enum scheme_types): Set the LSB in every value.
- (fill_vector): Adapt.
- (vector_elem): Likewise.
- (set_vector_elem): Likewise.
- (mark): Likewise.
- (gc): Test for the LSB to tell typeflags apart from pointers stored in
- the same memory location.
-
-2017-03-16 NIIBE Yutaka <gniibe@fsij.org>
-
- agent,g10: Remove redundant SERIALNO request.
- + commit 8c8ce8711d9c938fcb982b0341e6b052742cb887
- * agent/learncard.c (agent_handle_learn): Don't call
- agent_card_serialno. Get the serialno in status response.
- * g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
- (agent_scd_serialno): New.
- (card_cardlist_cb, agent_scd_cardlist): New.
-
-2017-03-15 Justus Winter <justus@g10code.com>
-
- tests: Fix using tools from the build directory.
- + commit a98459d3f4ec3d196fb0adb0e90dadf40abc8c81
- * tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix
- to gpgconf here...
- (gpg-components): ... instead of only here.
-
- tests: Dump the tools that the tests are going to use.
- + commit c7833eca38fdb8d9ba7b59438ea87d651b8bf7ba
- * tests/openpgp/setup.scm: Dump the tools that the tests are going to
- use. This will help us diagnose problems with the tests picking the
- wrong paths in the future.
-
- build: Remove '--disable-tools' configuration option.
- + commit 6993e42088c191f18468317ba2b5b8fbc8c3edff
- * Makefile.am (SUBDIRS): Unconditionally include 'tools'.
- * configure.ac: Remove '--disable-tools' configuration option.
-
-2017-03-15 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix check of serialno.
- + commit 61785b679c542bbd789395fa632eb8b5133b01ad
- * g10/card-util.c (card_status): Fix.
-
- g10: Remove unused function.
- + commit ed3248219e921ee24f6f1b2985abb7e0945d70e9
- * g10/call-agent.c (select_openpgp): Remove.
-
- tests: Fix running python condition.
- + commit a672ddec03f96475866d712b28be18b3fab43aef
- * tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python.
-
-2017-03-14 Justus Winter <justus@g10code.com>
-
- tests: Skip Python tests if the bindings are not built.
- + commit d82abbb1b6e80d5980e6259ddcfc770e65a6b1b3
- * tests/gpgme/wrap.scm (python): Move variable...
- * tests/gpgme/gpgme-defs.scm (python): ... here.
- (run-python-tests?): New function.
- * tests/gpgme/run-tests.scm: Only run Python tests if the bindings can
- be located in GPGME's build directory.
-
-2017-03-13 Werner Koch <wk@gnupg.org>
-
- gpg: Flush stdout before printing stats with --check-sigs.
- + commit 9a77b3b6e41f97b1209ad61c04b3dd33242ecae8
- * g10/keylist.c (print_signature_stats): Flush stdout.
- (list_keyblock_colon): Use es_flush instead of fflush.
-
-2017-03-09 Justus Winter <justus@g10code.com>
-
- tests: Run the tests for the Python bindings of GPGME.
- + commit 046a15a88c83b40a753b4ad7ecc1456efa5b527f
- * tests/gpgme/gpgme-defs.scm (create-file): Write lines.
- (create-gpgmehome): Extend function to create the right environment
- for the Python tests.
- * tests/gpgme/run-tests.scm: Make an environment cache for the Python
- tests and enable them.
- * tests/gpgme/wrap.scm: Do not hardcode the path of the Python
- interpreter.
-
- tests: Rework environment setup.
- + commit cca91a3f8f7e3e36b7149fc93f7b6df11d21eb1d
- * tests/gpgscm/tests.scm (test::scm): Add a setup argument.
- (test::binary): Likewise.
- (run-tests-parallel): Remove setup parameter.
- (run-tests-sequential): Likewise.
- (make-environment-cache): New function that handles the cache
- protocol.
- * tests/gpgme/run-tests.scm: Adapt accordingly.
- * tests/gpgsm/run-tests.scm: Likewise.
- * tests/migrations/run-tests.scm: Likewise.
- * tests/openpgp/run-tests.scm: Likewise.
-
-2017-03-08 Werner Koch <wk@gnupg.org>
-
- wks: Put stdout into binary mode for Windows at another place.
- + commit ed5575ec550ff16b0b901a23c6aa3eb3d47b0575
- * tools/wks-util.c (wks_send_mime): Set stdout to binary.
-
- wks: Put stdout into binary mode for Windows.
- + commit 5c83759364272b19ceafbef46d057f0430a12698
- * tools/send-mail.c (send_mail_to_file): Call es_set_binary.
-
-2017-03-08 Justus Winter <justus@g10code.com>
-
- build: Use macOS' compatibility macros to enable all features.
- + commit dd60e868d2bf649a33dc96e207ffd3b8ae4d35af
- * configure.ac: On macOS, use the compatibility macros to expose every
- feature of the libc. This is the equivalent of _GNU_SOURCE on GNU
- libc.
-
- g10: Move more flags into the flag bitfield.
- + commit 2649fdfff5d9e227025956e015b67502fd4962c4
- * g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
- 'is_expired' into the flags bitfield, and drop the prefix.
- * g10/call-dirmngr.c: Adapt accordingly.
- * g10/export.c: Likewise.
- * g10/getkey.c: Likewise.
- * g10/import.c: Likewise.
- * g10/kbnode.c: Likewise.
- * g10/keyedit.c: Likewise.
- * g10/keylist.c: Likewise.
- * g10/keyserver.c: Likewise.
- * g10/mainproc.c: Likewise.
- * g10/pkclist.c: Likewise.
- * g10/pubkey-enc.c: Likewise.
- * g10/tofu.c: Likewise.
- * g10/trust.c: Likewise.
- * g10/trustdb.c: Likewise.
-
-2017-03-08 Werner Koch <wk@gnupg.org>
-
- dirmngr: Do not put a keyserver into a new dirmngr.conf.
- + commit 8f028642239fa992c6c059e3c1b4421a1813c827
- * g10/dirmngr-conf.skel: Do not define keyservers.
-
- doc: Add a note to the trust model direct.
- + commit f0257b4a86b73f5b956028e68590b6d2a23ea4da
- * doc/gpg.texi (GPG Configuration Options): Add note. Chnage Index
- from trust-mode:foo to trust-model:foo.
-
-2017-03-07 Justus Winter <justus@g10code.com>
-
- Revert "build: Improve CFLAGS handling."
- + commit b71384c8054ce2f245ccfae02b8ee81e1adfc512
- This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4.
-
- build: Improve CFLAGS handling.
- + commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4
- * configure.ac: Strip any flags matching '-Werror' from CFLAGS before
- running the tests, and add them back later on.
-
-2017-03-07 Michael Haubenwallner <michael.haubenwallner@ssi-schaefer.com>
-
- gpgscm: Use system strlwr if available.
- + commit c22a2a89d3bd3d08b3abb8e4e33df32b480338ec
- * tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
- not defined in config.h.
- * tests/gpgscm/scheme-config.h: Remove hack.
-
-2017-03-07 Justus Winter <justus@g10code.com>
-
- gpg: Do not allow the user to revoke the last valid UID.
- + commit 591b6a9d879cbcabb089d89a26d3c3e0306054e1
- * g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
- make sure that we do not revoke the last valid UID.
- (menu_revuid): Make sure that we do not revoke the last valid UID.
- * tests/openpgp/quick-key-manipulation.scm: Demonstrate that
- '--quick-revoke-uid' can not be used to revoke the last valid UID.
-
-2017-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- tools: Removal of -Icommon.
- + commit 80fb1a8a05b2194af16027555b09bbd5d48ec9ac
- * tools/gpg-wks-server.c: Follow the change.
-
- More change for common.
- + commit d6c7bf1f8ab8899faba2fb81a35b096921c38f3c
- * g10, scd, test, tools: Follow the change of removal of -Icommon.
-
- Remove -I option to common.
- + commit 70aca95d6816082b289fceca8eabfcf718a6b701
- * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
- * g10/Makefile.am (AM_CPPFLAGS): Ditto.
- * g13/Makefile.am (AM_CPPFLAGS): Ditto.
- * kbx/Makefile.am (AM_CPPFLAGS): Ditto.
- * scd/Makefile.am (AM_CPPFLAGS): Ditto.
- * sm/Makefile.am (AM_CPPFLAGS): Ditto.
- * tools/Makefile.am (AM_CPPFLAGS): Ditto.
- * Throughout: Follow the change.
-
-2017-03-07 Justus Winter <justus@g10code.com>
-
- tests: Avoid overflowing signed 32 bit time_t.
- + commit de3838372ae3cdecbd83eea2c53c8e2656d93052
- * tests/openpgp/quick-key-manipulation.scm: Use expiration times in
- the year 2038 instead of 2105 to avoid overflowing 32 bit time_t.
- time_t is used internally to parse the expiraton time from the iso
- timestamp.
-
-2017-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Resolve conflict of util.h.
- + commit 176e07ce10d892fa7c7b96725b38b2fec9a1f916
- * agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
- * agent/call-pinentry.c, agent/call-scd.c: Follow the change.
- * agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
- * agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
- * agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
- * agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
- * agent/w32main.c: Ditto.
-
- agent: Add include files.
- + commit bf03925751abb739f2fd9d631694d3dd33decf92
- * agent/command-ssh.c: Add sys/socket.h and sys/un.h.
-
- agent: Fix get_client_pid for portability.
- + commit f7f806afa5083617f4aba02fc3b285b06a7d73d4
- * configure.ac: Simply check getpeerucred and ucred.h, and structure
- members.
- * agent/command-ssh.c: Include ucred.h.
- (get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
- structure for OpenBSD.
- [LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
- [LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
- [HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.
-
- common: Fix warning for portability.
- + commit b9ab733fc0dd2ca2a7eaac0bde3a817c07af36c5
- * common/localename.c (do_nl_locale_name): We don't use CATEGORY.
-
- tools: More portable for openpty use.
- + commit ce37ada87139ef418401f9f35439007a8c04a856
- * configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h.
- * tools/symcryptrun.c: Include those headers.
-
- scd: Close THE_EVENT handle.
- + commit cc933a96f8e83bc66fb69ed33d9593acdd60c929
- * scd/scdaemon.c (handle_connections): Close the handle.
-
-2017-03-06 Justus Winter <justus@g10code.com>
-
- tests: Harmonize temporary and socket directory handling.
- + commit 7e19786a5ddef637d1d9d21593fecf5a36b6f372
- * tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the
- environment variable 'TMP', make sure to always return an absolute
- path.
- * tests/gpgme/Makefile.am (TMP): Drop variable.
- (TESTS_ENVIRONMENT): Drop 'TMP'.
- * tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent. Do
- not create private key store, the agent does that for us.
- * tests/gpgsm/Makefile.am (TMP): Drop variable.
- (TESTS_ENVIRONMENT): Drop 'TMP'.
- * tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent. Do
- not create private key store, the agent does that for us.
- * tests/migrations/Makefile.am (TMP): Drop variable.
- (TESTS_ENVIRONMENT): Drop 'TMP'.
- * tests/migrations/common.scm (gpgconf): New variable.
- (run-test): Create and remove socket directory.
- * tests/migrations/extended-pkf.scm (src-tarball): Remove variable.
- (setup): Remove function.
- (trigger-migration): Likewise.
- Use 'run-test' to execute the test.
- * tests/migrations/from-classic.scm (src-tarball): Remove variable.
- (setup): Remove function.
- Use 'run-test' to execute the tests.
- * tests/openpgp/Makefile.am (TMP): Drop variable.
- (TESTS_ENVIRONMENT): Drop 'TMP'.
- * tests/openpgp/README: Do not mention 'TMP'.
- * tests/openpgp/defs.scm (with-home-directory): New macro.
- (create-legacy-gpghome): Do not create private key store, the agent
- does that for us.
- (start-agent): Make sure to terminate the right agent with 'atexit'.
-
- gpgscm: Fix creation of temporary directories.
- + commit 171e4314ebd3ff74af3dcdc8bd68e1100e8910ea
- * tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the
- template.
-
-2017-03-06 Werner Koch <wk@gnupg.org>
-
- wks: Set published keys world-readable.
- + commit e3589110e01dc6ad04463351ec2ce17201556d09
- * tools/gpg-wks-server.c (check_and_publish): Set the permissions.
-
- gpg: Fix attempt to double free an UID structure.
- + commit 4a130bbc2c2f4be6e8c6357512a943f435ade28f
- * g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
-
-2017-03-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix compiler warnings for app-openpgp.c.
- + commit e6ca015ae182a6dbb0466441efc17c99683e9375
- * scd/app-openpgp.c (retrieve_key_material): Remove touching I.
- (do_change_pin): Make sure going to leave if PINVALUE == 0.
- (rsa_writekey): Emit simpler log.
-
- scd: More cleanup of old code.
- + commit 9bf39ed75ddbd35908bcd0996f55325ff801619a
- * scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
- * scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
- (read_ef_aodf): Likewise.
- (read_ef_cdf): Change the control to parse_error.
- * scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
- (read_ef_prkd): Remove assign to S.
- (read_ef_prkd): Check if PRKDF is not null.
- (read_ef_cd): Likewise for CDF.
-
- scd: Clean up old code.
- + commit cb6337329d3c858c695a7e56e2fc31d9d50ca3fe
- * scd/apdu.c (CT_init, CT_data, CT_close): Remove.
- (ct_error_string, ct_activate_card, close_ct_reader, reset_ct_reader)
- (ct_get_status, ct_send_apdu, open_ct_reader): Remove.
- (new_reader_slot) [NEED_PCSC_WRAPPER]: Remove fd and pid handling.
- (writen, readn): Remove.
- (pcsc_get_status, pcsc_send_apdu, control_pcsc, close_pcsc_reader)
- (reset_pcsc_reader, open_pcsc_reader): Only DIRECT version.
- (apdu_open_one_reader): Remove CT_api handling.
- (apdu_get_status_internal, send_le): Fix to stop warnings.
-
- scd: Fix API of select_file/_path.
- + commit 0703de01c8fbc417a99ecf8e950fc306b8c8ac9c
- * scd/iso7816.c (iso7816_select_file, iso7816_select_path): Remove
- unused arguments.
- * scd/app-dinsig.c (do_readcert): Follow the change.
- * scd/app-help.c (app_help_read_length_of_cert): Likewise.
- * scd/app-nks.c (keygripstr_from_pk_file, do_readcert, do_readkey)
- (switch_application): Likewise.
- * scd/app-p15.c (select_and_read_binary, select_ef_by_path)
- (micardo_mse, app_select_p15): Likewise.
- * scd/app.c (app_new_register): Likewise.
-
- agent: For SSH, robustly handling scdaemon's errors.
- + commit 4ce4f2f683a17be3ddb93729f3f25014a97934ad
- * agent/command-ssh.c (card_key_list): Return 0 when
- agent_card_serialno returns an error.
- (ssh_handler_request_identities): Handle errors for card listing
- and proceed to other cases.
-
-2017-03-03 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix commit de6d8313.
- + commit 67c203b6bf8d6dd489ceef3391f609986e7b7a49
- * dirmngr/http-common.c (get_default_keyserver): Fix assert.
-
-2017-03-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix scd_kick_the_loop.
- + commit f9acc7d18bb90f47dafe7e32ae92f567756d6b12
- * scd/scdaemon.c (notify_fd): Remove.
- (the_event) [W32]: New.
- (main_thread_pid) [!W32]: New.
- (handle_signal): Handle SIGCONT.
- (scd_kick_the_loop): Use signal on UNIX and event on Windows.
- (handle_connections): Likewise.
-
-2017-03-03 Werner Koch <wk@gnupg.org>
-
- gpg: Fix possible segv when attribute packets are filtered.
- + commit 5f6f3f5cae8a95ed469129f9677782c17951dab3
- * g10/import.c (impex_filter_getval): Handle PKT_ATTRIBUTE the same as
- PKT_USER_ID
- (apply_drop_sig_filter): Ditto.
-
- gpg: Add new variables to the import and export filters.
- + commit 1813f3be23bdab5a42070424c47cb8daa9d9e6b7
- * g10/import.c (impex_filter_getval): Add new variables "expired",
- "revoked", and "disabled".
-
-2017-03-02 Werner Koch <wk@gnupg.org>
-
- tools: Fix compile error with older gcc versions.
- + commit b1f48da02b474e985161aa2778d7b602a13c4292
- * tools/mime-parser.h: Include rfc822parse.h.
- (struct rfc822parse_context): Remove duplicate definition.
-
- dirmngr: Rearrange files to fix de6d831.
- + commit 1890896fe698c55d15160a53aa6c5c22dc424031
- * dirmngr/http-common.c: New.
- * dirmngr/http-common.h: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add them.
- (t_http_SOURCES): Add them.
- (t_ldap_parse_uri_SOURCES): Add them.
- * dirmngr/misc.c (get_default_keyserver): Move to ...
- * dirmngr/http-common.c: here.
- * dirmngr/http.c: Include http-common.h instead of misc.h.
- * dirmngr/http-ntbtls.c: Ditto.
-
- dirmngr: Let --gpgconf-list return the default keyserver.
- + commit de6d8313f6df32aaa151bee74e1db269ac1e0fed
- * dirmngr/misc.c (get_default_keyserver): New.
- * dirmngr/http.c: Include misc.h
- (http_session_new): Use get_default_keyserver instead of hardwired
- "hkps.pool.sks-keyservers.net".
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
- * dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver.
-
-2017-03-02 Justus Winter <justus@g10code.com>
-
- gpg: Always initialize the trust db when generating keys.
- + commit 0c4d0620d327e8a2069532a5519afefe867a47d6
- * g10/gpg.c (main): Always initialize the trust db when generating
- keys.
- * g10/keygen.c (do_generate_keypair): We can now assume that there is
- a trust db.
-
- gpg: Fix (quick) key generation with --always-trust.
- + commit 4735ab96aa5577d40ba7b3f72d863057198cc6a7
- * g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
- do have a trust database.
- * g10/trustdb.c (have_trustdb): New function.
- * g10/trustdb.h (have_trustdb): New prototype.
- * tests/openpgp/quick-key-manipulation.scm: Remove workaround.
-
-2017-03-02 Werner Koch <wk@gnupg.org>
-
- agent: Improve error message for the KEYTOCARD command.
- + commit d6f0f368763006abf08818bfefcd32ecedb5c20a
- * agent/command.c (cmd_keytocard): Always use leave_cmd. Simplify
- timestamp checking and do an early test with an appropriate error
- message.
-
-2017-03-02 Justus Winter <justus@g10code.com>
-
- g10: Signal an error when trying to revoke non-existant UID.
- + commit 62d21a4ab4029b32ea129f1cf3a0e1f22e2fb7b0
- * g10/keyedit.c (keyedit_quick_revuid): Signal an error when trying to
- revoke non-existant UID.
- * tests/openpgp/quick-key-manipulation.scm: Test that.
-
- tests: Log information about ssh, add comments to test.
- + commit 74cb3b230c1f99afc5fd09bccc24186a63b154b0
- * tests/openpgp/ssh-import.scm (ssh-version-string): New variable, and
- log the binary and version used in the test.
- (ssh-supports?): Document how we test what algorithms are supported by
- ssh, and log ssh-keygen's replies.
-
- common,tools: Always escape newlines when escaping data.
- + commit e064c75b08a523f738108428fe0c417a46e66238
- * common/stringhelp.c (do_percent_escape): Always escape newlines.
- * tools/gpgconf-comp.c (gc_percent_escape): Likewise.
-
-2017-03-01 Werner Koch <wk@gnupg.org>
-
- Release 2.1.19.
- + commit 4a28c212b35739ce951bd41cfc6ef1a215846b2e
-
-
- build: Add kludge for "make distcheck" in a release build.
- + commit 246b27921b5dc34f367d879402725784aaee2494
- * configure.ac: New option --enable-gnupg-builddir-envvar.
- (ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
- * common/homedir.c (gnupg_set_builddir_from_env): Consider
- ENABLE_GNUPG_BUILDDIR_ENVVAR.
- * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
- (AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option
- --enable-gnupg-builddir-envvar.
-
-2017-03-01 Yuri Chornoivan <yurchor@ukr.net>
-
- po: Update Ukrainian translation.
- + commit c7f2a59833728e99e00449da2ddb10cf66693e7e
-
-
-2017-03-01 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 280c724fe26bfd861ac74abc71e221795d8947f0
-
-
-2017-03-01 Werner Koch <wk@gnupg.org>
-
- gpg: Make --export-options work with --export-secret-keys.
- + commit 891ab23411b7f20ef37d8bde81d9857b083235df
- * g10/export.c (export_seckeys): Add arg OPTIONS and pass it to
- do_export.
- (export_secsubkeys): Ditto.
- * g10/gpg.c (main): Pass opt.export_options to export_seckeys and
- export_secsubkeys
-
- gpg: Allow creating keys using an existing ECC key.
- + commit 2bbdeb8ee87a6c7ec211be16391a11b7c6030bed
- * common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
- Change to return the algo id. Reimplement using get_pk_algo_from_key.
- * g10/keygen.c (check_keygrip): Adjust for change.
- * sm/certreqgen-ui.c (check_keygrip): Ditto.
-
-2017-02-28 Werner Koch <wk@gnupg.org>
-
- gpg: Do not require a trustdb for decryption.
- + commit e182542e90cbeff4f2ac6c8d71061356d7cdcdea
- * g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
- Change to return an error code. Change all callers to to pass False
- for NO_CREATE.
- (tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
- for a non-existing trustdb. Change all callers to to pass False for
- NO_CREATE.
- (tdb_get_min_ownertrust): Ditto.
- * g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
- init_trustdb for a quick check.
- (get_ownertrust_info): Add arg NO_CREATE.
- (get_ownertrust_string): Ditto.
- * g10/gpgv.c (get_ownertrust_info): Adjust stub.
- * g10/test-stubs.c (get_ownertrust_info): Ditto.
- * g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
- set.
- * g10/pubkey-enc.c (get_it): Ditto.
-
-2017-02-28 Justus Winter <justus@g10code.com>
-
- gpgscm: Improve parsing.
- + commit e4583ae14e52482ab390c102d071755f91ab211d
- * tests/gpgscm/scheme.c (port_increment_current_line): Avoid creating
- the same integer if the delta is zero. This happens a lot during
- parsing, and puts pressure on the memory allocator.
-
- gpgscm: Fix calculating the line number.
- + commit 058c97f9fc485405246b1adfcc905c1891550652
- * tests/gpgscm/scheme.c (opexe_5): Only increment the line number on
- newlines.
-
- gpg,tools: Make auto-key-retrieve configurable via gpgconf.
- + commit d379a0174cca595204b32da9a66c513a1304e6d0
- * g10/gpg.c (gpgconf_list): Add 'auto-key-retrieve'.
- * tools/gpgconf-comp.c (gc_options_gpg): Likewise.
-
- tests: Improve support for gpgconf.
- + commit 41900175cf046dd9abe3d7a6805f6a403d68df15
- * tests/openpgp/defs.scm: Improve high-level inteface to gpgconf.
- * tests/openpgp/gpgconf.scm: Adapt.
- * tests/openpgp/tofu.scm: Use it to select the trust model.
-
- gpg,tools: Make trust-model configurable via gpgconf.
- + commit ebeccd73eb85f9027f0985d77dfe901266c6ddef
- * g10/gpg.c (gpgconf_list): Add 'trust-model'.
- * tools/gpgconf-comp.c (gc_options_gpg): Likewise.
-
- gpgscm: Track source locations in every kind of ports.
- + commit 7cc57e2c63d0fa97569736419db5c76117e7685b
- * tests/gpgscm/scheme-private.h (struct port): Move location
- information out of the union.
- * tests/gpgscm/scheme.c (mark): All ports need marking now.
- (gc): Likewise all ports on the load stack.
- (port_clear_location): Adapt accordingly. Also, add an empty function
- for !SHOW_ERROR_LINE.
- (port_increment_current_line): Likewise.
- (port_reset_current_line): Drop function in favor of...
- (port_init_location): ... this new function.
- (file_push): Simplify.
- (file_pop): Likewise.
- (port_rep_from_filename): Likewise.
- (port_rep_from_file): Likewise.
- (port_rep_from_string): Also initialize the location.
- (port_rep_from_scratch): Likewise.
- (port_close): Simplify and generalize.
- (skipspace): Likewise.
- (token): Likewise.
- (_Error_1): Generalize.
- (opexe_5): Likewise.
- (scheme_deinit): Simplify and generalize.
- (scheme_load_named_file): Likewise.
- (scheme_load_string): Also initialize the location.
-
-2017-02-28 Werner Koch <wk@gnupg.org>
-
- gpgv,w32: Fix --status-fd.
- + commit 8a67dc4c4324b617b5a3fea51c59c674488544d6
- * g10/gpgv.c (main): Use translate_sys2libc_fd_int for --status-fd.
-
- w32: Make pipes really pollable.
- + commit 1192449207f41b26be8950b04df84a52c8a2a886
- * common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle
- to print the fd for the command line.
- * common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so
- that the streams are actually pollable.
-
-2017-02-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: Avoid warnings during non-ntbtls build.
- + commit f5782e11a560fd590221042391254c810a42e45f
- * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not
- using ntbtls.
-
- trustdb: Respect --quiet during --import-ownertrust.
- + commit ddf01a67d6388d988f1db50a06facb21c14d9426
- * g10/tdbdump.c (import_ownertrust): If opt.quiet is set, do not send
- log_info messages.
-
-2017-02-26 Manish Goregaokar <manish@mozilla.com>
-
- g10: fix typo.
- + commit 64ec21bebd3f136722e608649906b59c6add6947
- I already have copyright assignment with the FSF for GDB. I don't
- think I'll need to do the DCO thing.
-
-2017-02-24 Werner Koch <wk@gnupg.org>
-
- gpgv: New options --log-file and --debug.
- + commit 7af5d61c6e210210c777be9e6e87720dd4a055d9
- * g10/gpgv.c (oLoggerFile, oDebug): New consts.
- (opts): Add options --log-file and --debug.
- (main): Implement options.
-
-2017-02-24 Andre Heinecke <aheinecke@intevation.de>
-
- speedo,w32: Fix gpg-wks-client installation.
- + commit 49b4a676148523b51beca3ae929e9d78ed7ba110
- * build-aux/speedo/w32/inst.nsi: gpg-wks-client is an exe.
-
-2017-02-23 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add new debug flag "extprog"
- + commit 22b69b9edfdf6e6172239cbd1075ffe29077d339
- * dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros.
- * dirmngr/dirmngr.c (debug_flags): Add flag "extprog".
- (handle_connections): Use a macro instead of -1 for an invalid socket.
- * dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call.
-
- wks: Make sure that the draft 2 request is correctly detected.
- + commit d30e17ac62dea8913b7f353971d546b6b1a09bd5
- * tools/gpg-wks.h (WKS_DRAFT_VERSION): New.
- * tools/wks-receive.c (new_part): Move test wks draft version to ...
- (t2body): new callback.
- (wks_receive): Register this callback.
- * tools/gpg-wks-server.c (send_confirmation_request): Emit draft
- version header.
- (send_congratulation_message): Ditto.
- * tools/gpg-wks-client.c (decrypt_stream_parm_s): New.
- (decrypt_stream_status_cb): Check DECRYTPION_KEY status.
- (decrypt_stream): Get infor from new callback.
- (process_confirmation_request): New arg 'mainfpr'. Check that it
- matches the decryption key.
- (read_confirmation_request): Check that the decryption key has been
- generated by us.
- (command_send): Use macro from draft version header.
- (send_confirmation_response): Emit draft version header.
-
- wks: New callback for the mime parser.
- + commit a2090250829fe8989be2afc8cf41ba2a022072fc
- * tools/mime-parser.c (mime_parser_context_s): New field 't2body'.
- (parse_message_cb): Call that callback.
- (mime_parser_set_t2body): New.
-
- gpg: Emit new status DECRYPTION_KEY.
- + commit effa80e0b5fd8cf9e31a984afe391c2406edee8b
- * common/status.h (STATUS_DECRYPTION_KEY): New.
- * g10/pubkey-enc.c (get_it): Emit that status.
-
- dirmngr,w32: Make https with ntbtls work.
- + commit a42bf00b4edce789999aa3bdfce235cf726463ae
- * dirmngr/http.c (simple_cookie_functions): New.
- (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie.
- (cookie_read): Factor some code out to ...
- (read_server): new.
- (simple_cookie_read, simple_cookie_write) [W32]: New.
-
-2017-02-22 Werner Koch <wk@gnupg.org>
-
- scd,agent: Improve the OpenPGP PIN prompt texts.
- + commit f98c8cb013033c08e98ebedcc0e084fbd2a85b0c
- * scd/app-openpgp.c (get_prompt_info): Change texts.
- * agent/call-pinentry.c (struct entry_features): New.
- (getinfo_features_cb): New.
- (start_pinentry): Set new fucntion as status callback.
- (build_cmd_setdesc): New. Replace all snprintf for SETDESC by this
- one.
-
-2017-02-22 Andre Heinecke <aheinecke@intevation.de>
-
- scd: Nitpicks on the improved card prompts.
- + commit 143ca039e1e81140ae520cc1025f8e25c01acc80
- * src/app-openpgp.c (get_prompt_info): Change wording and order
- slightly.
-
-2017-02-22 Werner Koch <wk@gnupg.org>
-
- scd: Improve the prompts for OpenPGP cards.
- + commit e3944f34e3220f96fb1be449eb6f3d7360bc2d0b
- * scd/app-openpgp.c (get_disp_name): New.
- (get_disp_serialno): New.
- (get_prompt_info): New.
- (build_enter_admin_pin_prompt): Rework the prompt texts. Factor some
- code out to ...
- (get_remaining_tries): New.
- (verify_a_chv): Print a remaining counter also for the standard PIN.
- Rework the prompt texts.
-
- * agent/divert-scd.c (ask_for_card): Pretty format an OpenPGP serial
- no.
-
- agent: Prepend the description to a PIN prompt.
- + commit 6488ffb767733a2cf92ca5ba3e61fc0c53e0f673
- * agent/divert-scd.c (has_percent0A_suffix): New.
- (getpin_cb): Prepend DESC_TEXT to the prompt.
- * agent/findkey.c (modify_description): Rename to ...
- (agent_modify_description): this. MAke global. Add kludge to remove
- empty parentheses from the end.
- (agent_key_from_file, agent_delete_key): Adjust for above change.
- * agent/pksign.c (agent_pksign_do): Modify DESC_TEXT also when
- diverting to a card.
-
- agent: Prepare to pass an additional parameter to the getpin callback.
- + commit 78d875a0f83bc046279b951aea76cd74f3c44fd8
- * agent/call-scd.c (writekey_parm_s, inq_needpin_s): Merge into ...
- (inq_needpin_parm_s): new struct. Add new field 'getpin_cb_desc'.
- Change users to set all fields.
- (inq_needpin): Pass GETPIN_CB_DESC to the GETPIN_CB.
- (agent_card_pksign): Add arg 'desc_text' and change arg 'getpin_cb' to
- take an additional arg 'desc_text'.
- (agent_card_pkdecrypt): Ditto.
- (agent_card_writekey): Change arg 'getpin_cb' to take an additional
- arg 'desc_text'.
- (agent_card_scd): Ditto.
- * agent/divert-scd.c (getpin_cb): Add new arg 'desc_text'.
- (divert_pksign): Add new arg 'desc_text' and pass is to
- agent_card_pksign.
- (divert_pkdecrypt): Add new arg 'desc_text' and pass is to
- agent_card_pkdecrypt.
- * agent/pkdecrypt.c (agent_pkdecrypt): Pass DESC_TEXT to
- divert_pkdecrypt.
- * agent/pksign.c (agent_pksign_do): Pass DESC_TEXT to
- divert_pksign.
-
-2017-02-22 NIIBE Yutaka <gniibe@fsij.org>
-
- tests: No spelling fix for test text.
- + commit ef424353f342f80ca6d18ede8b63c1b02215d105
- * tests/openpgp/verify.scm (msg_ed25519_rshort): Revert the spelling
- fix.
-
-2017-02-21 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add special treatment for the standard hkps pool to ntbtls.
- + commit 831d014550863026dfefa774c961a21bd20c1e48
- * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
- (VALIDATE_FLAG_EXTRATRUST): Remove
- (VALIDATE_FLAG_TRUST_SYSTEM): New.
- (VALIDATE_FLAG_TRUST_CONFIG): New.
- (VALIDATE_FLAG_TRUST_HKP): New.
- (VALIDATE_FLAG_TRUST_HKPSPOOL): New.
- (VALIDATE_FLAG_MASK_TRUST): New.
- * dirmngr/validate.c (check_header_constants): New.
- (validate_cert_chain): Call new function. Simplify call to
- is_trusted_cert.
- * dirmngr/crlcache.c (crl_parse_insert): Pass
- VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
- * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
- VALIDATE_FLAG_TRUST_CONFIG.
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
- context. Set trustclass flags using the new VALIDATE_FLAG_TRUST
- values.
-
- * dirmngr/certcache.c (cert_cache_init): Load the standard pool
- certificate prior to the --hkp-cacerts.
-
- dirmngr: Load --hkp-cacert values into the certificate cache.
- + commit d1625a9a82b1e5d96bbbf2132c49c53108565ae1
- * dirmngr/dirmngr.c (hkp_cacert_filenames): New var.
- (parse_rereadable_options): Store filenames from --hkp-cacert in the
- new var.
- (main, dirmngr_sighup_action): Pass that var to cert_cache_init.
- * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load
- those certs.
- (load_certs_from_file): Use autodetect so that PEM and DER encodings
- are possible.
-
- dirmngr: Load "sks-keyservers.netCA.pem" into the cache.
- + commit 9741aa24d9056b56cd5366ff5379bd8a3e6118df
- * dirmngr/certcache.c (load_certs_from_file): Always build this
- function. Add args 'trustclasses' and 'no_error'. Pass TRUSTCLASSES
- to put_cert.
- (load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to
- load_certs_from_file.
- (cert_cache_init): Try to load "sks-keyservers.netCA.pem". Don't make
- function fail in an out-of-core condition.
-
- dirmngr: Implement trust classes for the cert cache.
- + commit 50b9828eacc39c1ca75cb8313db896e4bdc8b270
- * dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New.
- (CERTTRUST_CLASS_CONFIG): New.
- (CERTTRUST_CLASS_HKP): New.
- (CERTTRUST_CLASS_HKPSPOOL): New.
- * dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ...
- (MAX_NONPERM_CACHED_CERTS): this.
- (total_extra_certificates): Rename to ...
- (total_nonperm_certificates): this.
- (total_config_certificates): Remove.
- (total_trusted_certificates): Remove.
- (total_system_trusted_certificates): Remove.
- (cert_item_s): Remove field 'flags'. Add fields 'permanent' and
- 'trustclasses'.
- (clean_cache_slot): Clear new fields.
- (put_cert): Change for new cert_item_t structure.
- (load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass'
- (load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert.
- (load_certs_from_w32_store): Ditto.
- (cert_cache_init): Ditto.
- (cert_cache_print_stats): Rewrite.
- (is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'.
- Chnage the test.
- * dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to
- is_trusted_cert.
- (validate_cert_chain): Pass CERTTRUST_CLASS_ values to
- is_trusted_cert.
-
- dirmngr: New Assuan option "http-crl".
- + commit 493c142e582ff5ef1b5fdfcb9653715ef43e83e9
- * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
- * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
- * dirmngr/server.c (option_handler): New option "http-crl"
- * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
- * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
- * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
-
- * dirmngr/t-http.c (main): New option --no-crl.
-
- dirmngr: Add a magic field to the http structs.
- + commit 39c745038181edd097e188434b3f9c971ed3987f
- * dirmngr/http.c (HTTP_SESSION_MAGIC): New.
- (http_session_s): New field 'magic'.
- (HTTP_CONTEXT_MAGIC): New.
- (http_context_s): New field 'magic'.
- (my_ntbtls_verify_cb): Assert MAGIC.
- (fp_onclose_notification): Ditto.
- (session_unref): Ditto. Reset MAGIC.
- (http_session_new): Set MAGIC.
- (http_open): Ditto.
- (http_raw_connect): Ditto.
- (http_close): Assert MAGIC. Reset MAGIC.
-
- * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused.
-
-2017-02-21 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Support primary key generation by keygrip.
- + commit 3fc69224b7b22ad1df1395ebcb21549384839cd1
- * g10/keygen.c (para_name): Add pKEYGRIP.
- (generate_keypair): Use pKEYGRIP for key generation.
- (do_generate_keypair): Call do_create_from_keygrip with pKEYGRIP.
-
-2017-02-20 Werner Koch <wk@gnupg.org>
-
- dirmngr: Setup a log handler for ntbtls.
- + commit a022baa4a487eec769411255a64088450c4c8a49
- * dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New.
- (main) [HTTP_USE_NTBTLS]: Register log handler.
-
- common: New function log_logv_with_prefix.
- + commit 3e9512e557d95c7dc36835365b127b25f6a5cdd9
- * common/logging.c (do_logv): Add arg 'prefmt' and print it. Chnage
- call callers to pass NULL.
- (log_logv_with_prefix): New.
-
- dirmngr.c: Make http.c build without any TLS support.
- + commit e174893262d8de0f52faa8abe4fc0402719a35d8
- * dirmngr/http.c (http_session_new): Remove used of tls_prority.
-
- dirmngr: Make t-http.c work again with gnutls - second try.
- + commit 81ea24b8637ac08e44e9e44816689413c2ae7e08
- * dirmngr/t-http.c: Always include ksba.h.
-
- dirmngr: Make t-http.c work again with gnutls.
- + commit f923873863fd863d71349f20f5568f80aecc020b
- * dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags
- and libs.
-
-2017-02-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: First take on ntbtls cert verification.
- + commit 64fffd0ce2a4fd9cba152cf07497b585410cc652
- * dirmngr/http-ntbtls.c: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
- * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
- (server_conrol_s): Add field 'magic',
- * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
- (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
- * dirmngr/http.c (my_ntbtls_verify_cb): New.
- (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
- (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call
- the verify callback after the handshake.
- * dirmngr/ks-engine-hkp.c (send_request): Pass
- gnupg_http_tls_verify_cb to http_session_new.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
-
- * dirmngr/t-http.c (my_http_tls_verify_cb): New.
- (main): Rename option --gnutls-debug to --tls-debug.
- (main) [HTTP_USE_NTBTLS]: Create a session.
-
-2017-02-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add per-session verify callback to http.c.
- + commit a74902cccde539ee2bd216caec0da6eb54b67c1b
- * dirmngr/http.h (http_verify_cb_t): New type.
- * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
- verify_cb_value.
- (http_session_new): Remove arg tls_priority. Add args verify_cb and
- verify-cb_value. Store them in the session object.
- (send_request): Use per-session verify callback.
- (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
- GPG_ERR_NOT_IMPLEMENTED.
- * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
- http_session_new.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/t-http.c (main): Ditto.
-
- * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.
-
-2017-02-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Strip the default https port from the Host: header.
- + commit cd32ebd152a522e362469ab969d91f8d49f28a60
- * dirmngr/http.c (send_request): Strip the default https port.
-
- dirmngr: Add option --no-crl to the VALIDATE cmd.
- + commit f07811ee2c0a8044551e2ec063eda61cff7f6e39
- * dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
- (VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
- (VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
- (VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
- (VALIDATE_FLAG_NOCRLCHECK): New constants.
- * dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
- 'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge.
- * dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
- the validate_cert_chain call.
- * dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl.
-
- dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
- + commit 070211eb990f5ea41271eba432b6a6b485cef7c7
- * dirmngr/certcache.h (certlist_s, certlist_t): New.
- * dirmngr/certcache.c (read_certlist_from_stream): New.
- (release_certlist): New.
- * dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
- (cmd_validate): Add options --tls and --systrust. Implement them
- using a kludge for now.
- * dirmngr/validate.c (validate_cert_chain): Support systrust
- checking. Add kludge to disable the CRL checking for tls mode.
-
- dirmngr: Remove use of hardcoded numbers in validate.
- + commit ed99af030d19305dd7cd41c41ac581306cb91fd5
- * dirmngr/validate.c (enum cert_usage_modes): New.
- (cert_usage_p): Change type of arg MODE. Use enums instead of
- hardwired values. Use a switch instead of tricky bit tests.
- (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
-
- * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
- (cert_use_cert_p): Rename to check_cert_use_cert.
- (cert_use_ocsp_p): Rename to check_cert_use_ocsp.
- (cert_use_crl_p): Rename to check_cert_use_crl.
-
- * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
- (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
-
-2017-02-17 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: No cards is not an error.
- + commit dea4b3c742acbd195d6ab12b279b4dda315f2582
- * agent/command-ssh.c (card_key_list): Care the case of no cards.
-
- agent: Send back all public keys for available cards.
- + commit 3f4f64b6ac0d7160fd9e1301f95820894b219c3f
- * agent/call-scd.c (card_cardlist_cb, agent_card_cardlist): New.
- * agent/command-ssh.c (card_key_list): New.
- (ssh_handler_request_identities): Call card_key_list and loop for the
- list to send public keys for all available cards.
-
-2017-02-17 Justus Winter <justus@g10code.com>
-
- gpgscm: Guard use of tagged expressions.
- + commit aab6ba0bb60528b9e816e430be51170cf39611b0
- * tests/gpgscm/init.scm (vm-history-print): Check that the tag added
- to expressions when parsing source files matches the expected format.
- * tests/gpgscm/lib.scm (assert): Likewise.
-
-2017-02-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix RESET command handling (more).
- + commit 99d4dfe83661d05ef3a20ed04e6cec5647536738
- * scd/app-common.h (struct app_ctx_s): Add reset_requested.
- * scd/app.c (app_reset): Locking APP, set reset_requested.
- (deallocate_app): Release the lock.
- (release_application): Add LOCKED_ALREADY argument.
- (scd_update_reader_status_file): Hold the lock when accessing APP.
- When reset_requested is set, close the reader and deallocate APP.
- * scd/command.c (open_card_with_request, cmd_restart): Follow the
- change of release_application.
- (send_client_notifications): Here it calls release_application holding
- the lock.
-
-2017-02-16 Werner Koch <wk@gnupg.org>
-
- dirmngr,w32: Load all system provided certificates.
- + commit 7006352da773d82c47797bbf11e570ecafac6501
- * dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
- (CERTENUMCERTIFICATESINSTORE) [W32]: New type.
- (CERTCLOSESTORE) [W32]: New type.
- (load_certs_from_file) [W32]: Do not build.
- (load_certs_from_w32_store) [W32]: New.
- (load_certs_from_system) [W32]: Call new function.
-
- dirmngr: Load all system provided certificates.
- + commit 9a1a5ca0bc2cfb17ccf632de3e134b6d789c6855
- * configure.ac: Add option --default-trust-store.
- (DEFAULT_TRUST_STORE_FILE): New ac_define.
- * dirmngr/certcache.c: Include ksba-io-support.h.
- (total_trusted_certificates, total_system_trusted_certificates): New.
- (put_cert): Manage the new counters.
- (cert_cache_deinit): Reset them.
- (cert_cache_print_stats): Print them.
- (is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass
- false.
- (load_certs_from_file): New.
- (load_certs_from_system): New.
- (cert_cache_init): Load system certificates.
-
- common: Rename remaining symbols in ksba-io-support.
- + commit e1dfd862367cf91b66abe86bd73664409354bb14
- * common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ...
- (gnupg_ksba_reader_eof_seen): this. Change all callers.
- (gpgsm_destroy_reader): Rename to ...
- (gnupg_ksba_destroy_reader): this. Change all callers.
- (gpgsm_finish_writer): Rename to ...
- (gnupg_ksba_finish_writer): this. Change all callers.
- (gpgsm_destroy_writer): Rename to ...
- (gnupg_ksba_destroy_writer): this. Change all callers.
- * common/ksba-io-support.c (struct base64_context_s): Rename to ...
- (gnupg_ksba_io_s): this.
- * common/ksba-io-support.h (base64_context_s): Ditto.
- (Base64Context): Rename this typedef to ...
- (gnupg_ksba_io_t): this. Change all users.
-
- common: Remove gpgsm dependencies from ksba-io-support.
- + commit 28c31524be84f20b34573c78bd3a94a81e4b1d61
- * common/ksba-io-support.c: Include ksba-io-support.h instead of
- ../sm/gpgsm.h. Include util.h.
- (writer_cb_parm_s): Remove const from 'pem_name'.
- (gpgsm_destroy_writer): Free 'pem_name'.
- (gpgsm_create_reader): Rename to ...
- (gnupg_ksba_create_reader): this. Replace args CTRL and
- ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate
- FLAGS. Change all callers to pass the FLAGS.
- (gpgsm_create_writer): Rename to ...
- (gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS.
- Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change
- all callers to pass the FLAGS and PEM_NAME.
-
- common: Change license of ksba-io-support.c.
- + commit 919e76b407ac557b0f518ec03f3cc59e9e5740c9
- * common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+.
-
- sm,common: Move ksba reader and writer support to common/.
- + commit 04bfa6fe6597b8ffcec61cbcacdc7eb137444e80
- * sm/base64.c: Rename to ...
- * common/ksba-io-support.c: this.
- * common/ksba-io-support.h: New.
- * common/Makefile.am (common_sources): Add new files.
- * sm/Makefile.am (gpgsm_SOURCES): Remove base64.c
-
- dirmngr: Prepare certcache for forthcoming changes.
- + commit 5c4e67afd6385b48065de6a0f2dd0bfd936ab90b
- * dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
- 'flags.config'. Add 'flags.systrust'.
- (total_loaded_certificates): Rename to total_config_certificates.
- (put_cert): Rename args for clarity. Set SYSTRUST flag.
- (load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
- flag.
-
- dirmngr: Replace stpcpy chains by strconcat.
- + commit aef60abe6a1772e18634984a94bd70f57d57ccdd
- * dirmngr/certcache.c (find_cert_bysn): Use strconcat.
- (find_cert_bysubject): Ditto.
- * dirmngr/http.c (store_header): Ditto.
- * dirmngr/ldap.c (make_url): Ditto.
- * dirmngr/server.c (get_cert_local_ski): Ditto.
- (do_get_cert_local): Use xstrconcat.
-
-2017-02-16 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Minor fixes to silence compiler warnings.
- + commit 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d
- * scd/app.c (app_reset): Initialize ERR.
- * scd/scdaemon.c (scd_kick_the_loop, handle_connections): Catch the
- return value.
-
-2017-02-15 Werner Koch <wk@gnupg.org>
-
- libdns: Workaround for bracketed numerical addresses.
- + commit a3509e12b6626a585ce7da6ceed8cfddcba2460f
- * dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
- incompatibility between the glibc resolver and libdns.
-
- dirmngr: Do PTR lookups only for 'keyserver --hosttable'.
- + commit a75325faf163275674a91971e75f1018035ca348
- * dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
- v5addr and add fields iporname and iporname_valid.
- (create_new_hostinfo): Clear them.
- (add_host): Remove the code to set the v4addr and v6addr fields.
- (ks_hkp_print_hosttable): Remove printing of the fields. Compute the
- iporname field and display it.
- (ks_hkp_reload): Force re-computing of the iporname field in
- ks_hkp_print_hosttable.
-
- dirmngr: Avoid PTR lookup for hosts in a pool.
- + commit da2ba20868093e3054d18adc2b1bc56cb23e4ba7
- * dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts
- in a pool.
-
-2017-02-15 Justus Winter <justus@g10code.com>
-
- tests,build: Fix distcheck.
- + commit 2f7b6cb279ea0ee27364fbb2b12df47e76166a39
- * tests/gpgscm/Makefile.am (EXTRA_DIST): Add 'time.scm'.
-
- tests: Test and document other ways to create keys.
- + commit 90d383f1eb07fc823518dea10eb15ca390f5cf8e
- * doc/gpg.texi: Clarify usage and expiration arguments for key
- generation.
- * tests/openpgp/quick-key-manipulation.scm: Test all variants.
-
- tests: Check expiration times of created keys.
- + commit 127e1e532da4083ccd3c307555b6177fab16f408
- * tests/gpgscm/ffi.c (do_get_time): New function.
- (ffi_init): Expose new function.
- * tests/gpgscm/ffi.scm (get-time): Document new function.
- * tests/gpgscm/time.scm: New file.
- * tests/openpgp/quick-key-manipulation.scm: Use the new facilities to
- check the expiration times of created keys.
- * tests/openpgp/tofu.scm: Use the new module.
-
-2017-02-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix RESET command handling.
- + commit e2792813a55e091c51be7b1b089a71beb6466f1d
- * scd/app.c (release_application_internal): Remove.
- (release_application): Merge release_application_internal.
- (app_reset): Kick the loop and let close the reader. Sleep is
- required here to wait closing.
- (scd_update_reader_status_file): When APP is no use, close it.
-
-2017-02-14 Werner Koch <wk@gnupg.org>
-
- gpg: Make --export-ssh-key work for the primary key.
- + commit b456e5be91dc064fc9509ea86edab113721ed299
- * g10/export.c (export_ssh_key): Also check the primary key.
-
-2017-02-13 Werner Koch <wk@gnupg.org>
-
- dirmngr: Do a DNS lookup even if it is missing from nsswitch.conf.
- + commit dee026d761ae3d7594c3dbc5b3fa842df53cc189
- * dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
- missing nsswitch.conf. Make sure that tehre is a DNS entry.
-
- gpgconf: No ENOENT warning with --change-options et al.
- + commit 30dac0486b6357e84fbe79c612eea940b654e4d1
- * tools/gpgconf-comp.c (retrieve_options_from_program): Check ERRNO
- before printing a warning.
-
- gpg: Print a warning if no command has been given.
- + commit 810adfd47801fc01e45fb71af9f05c91f7890cdb
- * g10/gpg.c (main): Print in the default case.
-
-2017-02-13 Justus Winter <justus@g10code.com>
-
- g13: Fix build on macOS.
- + commit f8ce31a7bf1ee85e5010b628a66e6f69486e5213
- * g13/Makefile.am (t_common_ldadd): Add iconv.
-
-2017-02-13 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix use case of PC/SC.
- + commit da4c132cca2c6df81243c9660b7348268a848f88
- * scd/apdu.c (apdu_open_reader): Add an argument APP_EMPTY.
- When CCID driver fails to open, try PC/SC if APP is nothing.
- * scd/app.c (select_application): Supply arg if APP is nothing.
-
-2017-02-10 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leak in the error case of signature creation.
- + commit 5996c7bf99f3a681393fd9589276399ebc956cff
- * g10/sign.c (write_signature_packets): Free SIG. Also replace
- xcalloc by xtrycalloc.
-
-2017-02-08 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- common: Avoid warning about implicit declaration of gnupg_fd_valid.
- + commit 8810314e377a9cb6612150a57cf99260ed0bb9f6
- * common/logging.c: Add #include "sysutils.h".
-
-2017-02-08 Justus Winter <justus@g10code.com>
-
- gpg,common: Make sure that all fd given are valid.
- + commit 6823ed46584e753de3aba48a00ab738ab009a860
- * common/sysutils.c (gnupg_fd_valid): New function.
- * common/sysutils.h (gnupg_fd_valid): New declaration.
- * common/logging.c (log_set_file): Use the new function.
- * g10/cpr.c (set_status_fd): Likewise.
- * g10/gpg.c (main): Likewise.
- * g10/keylist.c (read_sessionkey_from_fd): Likewise.
- * g10/passphrase.c (set_attrib_fd): Likewise.
- * tests/openpgp/Makefile.am (XTESTS): Add the new test.
- * tests/openpgp/issue2941.scm: New file.
-
-2017-02-07 Justus Winter <justus@g10code.com>
-
- tests: Skip key types not supported by OpenSSH.
- + commit 56aa85f88f6b35fb03a2dc1a95882d49a74290e3
- * tests/openpgp/ssh-import.scm (path): New variable.
- (ssh,ssh-keygen,ssh-version,ssh-supports?): Likewise.
-
-2017-02-07 Werner Koch <wk@gnupg.org>
-
- wks: Add WKS-Phase headers to the server messages.
- + commit b30ac663cec82c89ca9a3e87e65b36d2552f1533
- * tools/gpg-wks-server.c (send_confirmation_request): Add custom
- header.
- (send_congratulation_message): Ditto.
-
-2017-02-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- po: Manual updates of nl translation.
- + commit aa3f08794bfc809821e2fc30a09a5ae23925c645
- * po/nl.po: Apply several minor manual cleanups to nl.po that were
- previously applied to all the other localizations.
-
- po: Copied missing nl.po translation from the 2.0 branch.
- + commit 8a9d4b55b09d04482b46055f0a60f01b86738df3
- * po/nl.po: Copy from 2.0 branch.
-
- gpg: Fix aliases --list-key, --list-sig, and --check-sig.
- + commit f31120a5aa40b6e4e89d41d1d5d34e0f7da173b4
- * g10/gpg.c (opts): Define commands with ARGPARSE_c
- instead of ARGPARSE_s_n.
-
-2017-02-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: Clarify abbreviation of --help.
- + commit f2b276dffbe2435b17abf2b3c51684d3636f3f11
- * doc/gpg.texi: clarify abbreviation of --help.
-
-2017-02-03 Werner Koch <wk@gnupg.org>
-
- agent: Tell pinentry the hostname the agent is running on.
- + commit 042fe711c76f6377cedb8f83a73ba386cee34bb7
- * agent/call-pinentry.c [!W32]: Incluse utsname.h
- (start_pinentry): Pass nodename to OPTION/owner.
-
- agent: Tell the Pinentry the client's pid.
- + commit 309f464a5952c7d7504b875bf4853914b1242346
- * configure.ac: Check for SO_PEERCRED et al.
- * agent/agent.h (server_control_s): Add field 'client_pid'.
- * agent/command.c (start_command_handler): Set CLIENT_PID.
- * agent/command-ssh.c (get_client_pid): New.
- (start_command_handler_ssh): Set CLIENT_PID.
- * agent/call-pinentry.c (start_pinentry): Tell Pinentry the client-pid.
-
- gpg: More diagnostics for a launched pinentry.
- + commit 7052a0d77cf8f3a445b252a809d29be445788625
- * agent/call-pinentry.c (start_pinentry): Call getinfo/ttyinfo.
- * g10/server.c (gpg_proxy_pinentry_notify): Simplify the output so
- that we do not change the code when adding new fields to
- PINENTRY_LAUNCHED.
-
-2017-02-02 Neal H. Walfield <neal@g10code.com>
-
- gpg: Don't assume that strtoul interprets "" as 0.
- + commit 407f5f9baea5591f148974240a87dfb43e5efef3
- * g10/tofu.c (show_statistics): If there are not records, return 0
- instead of NULL.
-
- tests: Improve description of test.
- + commit 64be8e1e8607944687f3ae45ec64aa30bf4fdf6f
- * tests/openpgp/issue2929.scm: Improve description of test.
-
- Revert "Revert "tests: Add test demonstrating issue2929.""
- + commit e596b21f4b78dd27489e677699cc4ba648051b3f
- This reverts commit 59048b0f1aa77313573a1004cd3a9f02692a7521.
-
- gpg: Ensure TOFU bindings associated with UTKs are registered as usual.
- + commit 769272ba87f282a69e8d5f9bb27c86e6bec4496b
- * g10/tofu.c (get_trust): Call get_policy before short-circuiting the
- policy lookup for ultimately trusted keys to make sure the binding is
- added to the bindings table, if necessary.
-
- gpg: If there is a TOFU conflict, elide the too few message warning.
- + commit a08c781739e7561093f32b732c4991f2bd817ec2
- * g10/tofu.c (tofu_get_validity): If there was a conflict, don't also
- print out a warning about too few messages.
-
- gpg: Only print out TOFU statistics for conflicts in interactive mode.
- + commit 027b81b35fe36692005b8dba22d9eb2db05e8c80
- * g10/tofu.c (get_trust): Add arguments POLICYP and CONFLICT_SETP. If
- they are not NULL, return the policy and conflict set (if there is
- one), respectively. Update callers. If MAY_ASK is FALSE, don't print
- out the statistics.
- (tofu_register_encryption): If there is a conflict and we haven't yet
- printed the statistics about the conflicting bindings, do so now.
- (tofu_get_validity): Likewise.
-
- gpg: Add newline to output.
- + commit 74268180e5a3acc827f3a369f1fe5971f3bbe285
- * g10/tofu.c (ask_about_binding): Add newline to output.
-
- gpg: Remove period at end of warning.
- + commit 6f9d8a956b2ca0f5a0eb7acc656fc17af2f2de47
- * g10/tofu.c (tofu_register_encryption): Remove period at end of
- warning.
-
-2017-02-01 Werner Koch <wk@gnupg.org>
-
- dirmngr: New option --no-use-tor and internal changes.
- + commit 7440119e729d3fdedda8a9b44b70f8959beea8d7
- * dirmngr/dns-stuff.c (disable_dns_tormode): New.
- * dirmngr/dirmngr.c (oNoUseTor): New const.
- (opts): New option --no-use-tor.
- (tor_mode): New var.
- (parse_rereadable_options): Change to use TOR_MODE.
- (dirmngr_use_tor): New.
- (set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
- * dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
- references by a call to dirmngr_use_tor().
- * dirmngr/server.c (cmd_getinfo): Distinguish between default and
- enforced TOR_MODE.
-
-2017-02-01 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix regression tracking the connection count.
- + commit 8ddc9268f6aedef0e178b174b89245c33d8189dd
- * scd/scdaemon.c (get_active_connection_count): New.
- (start_connection_thread): Bump ACTIVE_CONNECTIONS up and down.
- * scd/command.c (cmd_getinfo): Add subcommand "connections".
-
-2017-01-31 Justus Winter <justus@g10code.com>
-
- gpgscm: Tune the hash tables.
- + commit 2e78aa6ff770849415f8eb71ca70c8886e9564c8
- * tests/gpgscm/scheme.c (oblist_initial_value): Increase the size of
- the hash table based on the number of symbols used after initializing
- the interpreter.
- (new_frame_in_env): Increase the size of the hash table based on the
- number of variables in the global environement.
-
- gpgscm: Optimize environment lookups and insertions.
- + commit b85d509a8f5c2e6200b8051ca1593c019abce90b
- * tests/gpgscm/scheme.c (pointercmp): New function.
- (new_slot_spec_in_env): Add and use slot for insertions.
- (find_slot_spec_in_env): New variant of 'find_slot_in_env' that
- returns the slot on failures.
- (find_slot_in_env): Express using the new function.
- (new_slot_in_env): Update callsite.
- (opexe_0): Optimize lookup-or-insert.
- (opexe_1): Likewise.
- (scheme_define): Likewise.
-
- gpgscm: Fix build with list environments.
- + commit 874424ee3cc795eae9972b6259a2cc4dcdbb868e
- * tests/gpgscm/scheme.c (new_slot_spec_in_env): Provide preallocation
- inforomation if USE_ALIST_ENV.
-
- gpgscm: Optimize symbol lookups and insertions.
- + commit cea6d114b60deaecfbc2eb1aedbdfb7e6700922f
- * tests/gpgscm/scheme.c (oblist_find_by_name): Keep the list of
- symbols sorted, return the slot where a new symbol must be inserted on
- lookup failures.
- (oblist_add_by_name): Add the new symbol at the given slot.
- (mk_symbol): Adjust callsite.
- (gensym): Likewise.
- (assign_syntax): Likewise.
-
- gpgscm: Fix build with object list.
- + commit 8f0ecb16cbb3798ad18be5f05b826db2aa1aaa00
- * tests/gpgscm/scheme.c (oblist_add_by_name): Provide preallocation
- information if USE_OBJECT_LIST.
-
- gpgscm: Remove unused functions.
- + commit 2076cdaf6b93bc73223819895cc7a67323d8cee7
- * tests/gpgscm/scheme.c (check_cell_alloced): Remove function.
- (check_range_alloced): Likewise.
-
-2017-01-31 Werner Koch <wk@gnupg.org>
-
- dirmngr: Require --allow-version-check even if --use-tor is used.
- + commit b0e8376e19072ec3c590273c69ab3e8e5edfdaca
- * dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
- option is set.
-
-2017-01-31 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Remove --debug-disable-ticker option.
- + commit e17fa5c75d76af4d4684ee810cb446ecd5110560
- * scd/scdaemon.c (ticker_disabled): Remove.
- (handle_tick, need_tick): Remove.
- (handle_connections): Don't check ticker_disabled.
-
- scd: Fix SERIALNO for multiple devices.
- + commit f08d37af049bf1718b301644020658dd2bb07638
- * scd/app.c (select_application): Fix the logic if periodical check is
- needed. If it is needed for newly found device(s), kick the loop.
- (scd_update_reader_status_file): Return value if select(2) should be
- called with timeout.
- * scd/ccid-driver.c (ccid_require_get_status): Don't return 0 for
- token with no interrupt transfer for now.
- * scd/command.c (open_card_with_request): Fix scan by SERIALNO.
- * scd/scdaemon.c (update_usb): Remove.
- (handle_connections): Evaluate need_tick after handle_tick.
-
-2017-01-30 Justus Winter <justus@g10code.com>
-
- gpgscm: Use a compact vector representation.
- + commit 49e2ae65e892f93be7f87cfaae3392b50a99e4b1
- * tests/gpgscm/scheme-private.h (struct cell): Add a compact vector
- representation.
- * tests/gpgscm/scheme.c (vector_length): Use new representation.
- (vector_size): New macro.
- (get_vector_object): Use the new representation.
- (fill_vector): Likewise.
- (vector_elem): Likewise.
- (set_vector_elem): Likewise.
- (mark): Likewise.
- (gc): Likewise. Be careful not to confuse immediate values for type
- flags.
- (finalize_cell): Vectors now require finalization.
-
- gpgscm: Provide framework for immediate values.
- + commit e343984fc50e87830905614dc87f83f810551ad1
- * tests/gpgscm/scheme.c (IMMEDIATE_TAG): New macro.
- ({is,set,clr}_immediate): Likewise.
- (enum scheme_types): Make type tags disjoint from immediate values.
- (TYPE_BITS): We need one more bit now.
- (ADJ,T_MASKTYPE): Compute values.
-
- gpgscm: Fix setting the line of the first gc reservation.
- + commit d27a4435bd8c0f0971d51ddf454422fc77d48271
- * tests/gpgscm/scheme.c (_gc_disable): Negate guard.
-
- gpgscm: Introduce macro for the vector length.
- + commit 489edf84c9a9c2122cef1b4e678154521525b54a
- * tests/gpgscm/scheme.c (vector_length): New macro.
- (get_vector_object): Use the new macro.
- (oblist_add_by_name): Likewise.
- (oblist_find_by_name): Likewise.
- (oblist_all_symbols): Likewise.
- (mk_vector): Likewise.
- (mark): Likewise.
- (new_slot_spec_in_env): Likewise.
- (find_slot_spec_in_env): Likewise.
- (opexe_2): Likewise.
- (opexe_5): Likewise.
-
- Revert "tests: Add test demonstrating issue2929."
- + commit 59048b0f1aa77313573a1004cd3a9f02692a7521
- This reverts commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072.
-
-2017-01-30 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix GetSlotStatus.
- + commit 2a025039c1817c7f75c35a898884849a8e5dc926
- * scd/apdu.c (get_status_reader): Add ON_WIRE arg, here.
- (ct_get_status, pcsc_get_status_direct, pcsc_get_status_wrapped)
- (pcsc_get_status, get_status_ccid, my_rapdu_get_status): Likewise.
- (reset_pcsc_reader_wrapped, open_pcsc_reader_wrapped): Follow the
- change.
- (apdu_get_status_internal): It's lower-level driver which judge
- it's not needed. Otherwise, it can't detect the removal.
- * scd/ccid-driver.c (ccid_slot_status): After the POWERED_OFF check,
- we can skip sending GetSlotStatus packet on wire, when no need.
-
- scd: Don't send GET_STATUS packet if not needed.
- + commit 7c8eee4d396a751d41fd1ee1e1b87b851fca172a
- * scd/apdu.c (apdu_get_status_internal): Add ON_WIRE arg.
- (apdu_connect): Call apdu_get_status_internal with ON_WIRE enabled.
- (apdu_get_status): For periodical check, call apdu_get_status_internal
- with ON_WIRE disabled.
-
- scd: Fix cancel INTERRUPT transfer.
- + commit 216afba0d99582d0fbae1d6e925f4ddb349d9de3
- * scd/ccid-driver.c (do_close_reader): Don't lock events, but check the
- return value of libusb_cancel_transfer.
-
-2017-01-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: More changes on watching removal of card/reader.
- + commit f3d9b2582bcaa1936b4fed5ec42a889b02df2f42
- * scd/app-common.h (struct app_ctx_s): Rename field to
- periodical_check_needed.
- * scd/scdaemon.c (update_usb): Rename from update_fdset_for_usb.
- Don't use libusb_get_pollfds any more.
- (scd_kick_the_loop): New.
- (need_tick): Follow the rename.
- (handle_connections): No libusb event handling here.
- * scd/app.c (app_new_register): Follow the change of rename.
- (select_application, scd_update_reader_status_file): Likewise.
- * scd/ccid-driver.c (ccid_usb_thread_is_alive): New.
- (intr_cb): Call scd_kick_the_loop.
- (ccid_usb_thread): New. Thread to invoke INTERRUPT callback.
- (ccid_open_usb_reader): Add thread invocation.
- (ccid_require_get_status): Remove
- LIBUSB_WORKS_EXPECTED_FOR_INTERRUPT_ENDP.
- (do_close_reader): Carefully handle handle->transfer.
- (get_escaped_usb_string): Insert npth_unprotect/npth_protect.
- (do_close_reader, bulk_out, bulk_in, abort_cmd, ccid_slot_status)
- (ccid_transceive, ccid_transceive_secure): Likewise.
-
- scd: Fix release of transfer object.
- + commit f92fe33f11c44f14fd31682259fcd231e8fa9e75
- * scd/ccid-driver.c (intr_cb): Handle LIBUSB_TRANSFER_CANCELLED.
- (do_close_reader): When callback is active, call
- libusb_cancel_transfer and wait callback is fired off.
-
- scd: Improve watching USB device removal.
- + commit 25cc8575da9a9b8bf60c64c8059cb5f73cc52e1d
- * scd/apdu.c(struct reader_table_s): Add require_get_status.
- (apdu_connect): Change return value meaning. Call apdu_reset here.
- * scd/app.c (app_new_register): Add require_get_status.
- (select_application): Use the return value of apdu_connect.
- (scd_update_reader_status_file): Call update_fdset_for_usb with
- checking all_have_intr_endp.
- (app_list_start, app_list_finish): Remove.
- * scd/ccid-driver.c (struct ccid_driver_s): Add transfer.
- (intr_cb): Don't call libusb_transfer in this callback.
- (ccid_require_get_status): New.
- (do_close_reader): Call libusb_transfer here.
- * scd/scdaemon.c (update_fdset_for_usb): Remove the first argument.
-
- scd: Wake up the select when new USB scan.
- + commit 031e3fa7b9a6770a4de1a184555250feeba0d26f
- * scd/scdaemon.c (update_fdset_for_usb): Wake up the select(2).
- (handle_connections): Use a kind of "self-pipe" technique.
-
-2017-01-26 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Only submit apdu_get_status when needed.
- + commit 881dcdfd84ebad36bff20c895e629025bed9d94e
- * scd/apdu.c (apdu_dev_list_finish): Return Boolean value if
- all device support INTERRUPT transfer.
- * scd/ccid-driver.c (ccid_dev_scan_finish): Likewise.
- * scd/app.c (app_new_register): Fix initial value of card_status.
- (select_application): Call update_fdset_for_usb.
- (scd_update_reader_status_file): Ditto.
- * scd/scdaemon.c (update_fdset_for_usb, need_tick): New.
- (handle_connections): Call handle_tick when select returns.
- Let select watch USB file descriptors, too.
- Call libusb_handle_events_timeout_completed for INTERRUPT transfer.
-
- scd: Fix APP reference counting.
- + commit 9b06633c811e8815c07d744f20b45405cb082367
- * scd/app.c (scd_update_reader_status_file): Don't call another
- release_application_internal.
- * scd/command.c (open_card_with_request): Don't require APPTYPE !=
- NULL.
-
- scd: Add INTERRUPT endp support to CCID driver.
- + commit bb5ceb78c333129a44c0144f2cf49b17ede898f1
- * scd/app.c (scd_update_reader_status_file): Fix releas of APP.
- * scd/ccid-driver.c (struct ccid_driver_s): Add INTR_BUF.
- (intr_cb, ccid_setup_intr): New.
- (ccid_open_usb_reader): Call ccid_setup_intr.
- (ccid_slot_status): Return CCID_DRIVER_ERR_NO_READER when removed.
-
-2017-01-25 Justus Winter <justus@g10code.com>
-
- gpg: Fix searching for mail addresses in keyrings.
- + commit 3f4f20ee6eff052c88647b820d9ecfdbd8df0f40
- * g10/keyring.c (compare_name): Fix KEYDB_SEARCH_MODE_MAIL* searches
- in keyrings when the UID is a plain addr-spec.
-
- tests,w32: Fix GPGME tests requiring a pinentry.
- + commit 02a39f0d1ed717f6fc33392e6ce4ab421c3bcbba
- * tests/gpgme/gpgme-defs.scm: Use our fake pinentry, and configure it
- to supply the correct passphrase.
-
- tests,w32: Fix gpgsm signature verification test.
- + commit 7d5a0ed792133d875fcedb6e23a9a3682f1a23f9
- * tests/gpgsm/verify.scm: Use 'call-with-binary-output-file' to avoid
- automatic line-ending conversion.
-
- agent: Fix double free.
- + commit e175152ef7515921635bf1e00383e812668d13fc
- * agent/cache.c (agent_store_cache_hit): Make sure the update is
- atomic.
-
- tests: Skip GPGME tests that are not built.
- + commit 5f2da5d439debf44615a97de788d8f720b517972
- * tests/gpgme/wrap.scm: Skip tests that are not built.
-
- tests,w32: Fix locating GPGME's tests on Windows.
- + commit 6ecd8b3e71632bbcca524ad735c83bdc2a4c4a4a
- * tests/gpgme/run-tests.scm: Qualify the test with the executable
- extension.
-
-2017-01-24 Werner Koch <wk@gnupg.org>
-
- gpg: Print a warning on Tor problems.
- + commit 770b75a746836773909af25ccb9b480e61cea677
- * dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
- (map_host): Call that to print a warning.
- (handle_send_request_error): Ditto and avoid marking the host dead.
- Also print a tor_config_problem warning. Add arg CTRL; adjust callers
- to pass that new arg.
- * g10/call-dirmngr.c (ks_status_cb): Detect and print the new
- warnings.
-
- dirmngr: Simplify error returning inside http.c.
- + commit 51e5a5e5a46279809848b4ab4419f35045336010
- * dirmngr/http.c (connect_server): Change to return an gpg_error_t
- and to store socket at the passed address.
- (http_raw_connect, send_request): Adjust accordingly.
-
- dirmngr: New option --disable-ipv4.
- + commit 72736af86a501592d974d46ff754a63959e183bd
- * dirmngr/dirmngr.c (oDisableIPv4): New const.
- (opts): New option --disable-ipv4.
- (parse_rereadable_options): Set that option.
- * dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
- * dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
- (set_dns_disable_ipv4): New.
- (resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
- set.
- * dirmngr/ks-engine-hkp.c (map_host): Ditto.
- (send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
- * dirmngr/crlfetch.c (crl_fetch): Ditto.
- * dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/ocsp.c (do_ocsp_request): Ditto.
-
-2017-01-24 Justus Winter <justus@g10code.com>
-
- tools: Use platform abstraction for I/O.
- + commit 73d6572bd0f260c5aa1e191a1ba4859ec6fa262c
- * tools/gpg-connect-agent.c (main): Use a gpgrt_stream_t for
- 'script_fp'. Adapt accordingly.
-
- tools: Use platform abstraction for I/O.
- + commit 77b8aff4e1bb641f497e63230a5006ab70e6c3a8
- * tools/gpgconf-comp.c (retrieve_options_from_file): Use a
- gpgrt_stream_t for 'list_file'. Adapt accordingly.
- (copy_file): Likewise for 'src' and 'dst'.
- (change_options_file): Likewise for 'src_file' and 'dest_file'.
- (change_options_program): Likewise for 'src_file' and 'dest_file'.
- (gc_process_gpgconf_conf): Likewise for 'config'.
-
- tools: Use platform abstraction for renaming files.
- + commit bfd75e9492fc4edd86f4049a62304943a7b2a29a
- * tools/gpgconf-comp.c (gc_component_change_options): Use
- 'gnupg_rename_file'. Also, block signals across all renames in an
- attempt to make the whole process atomic.
-
- tools: Add comments explaining the functions parameters.
- + commit 82e309ad06884e54693f4856412984331febdda0
- * tools/gpgconf-comp.c (change_options_file): Add comments explaining
- the functions parameters.
- (change_options_program): Likewise.
-
- tools: Improve error handling.
- + commit b0348fdb26637b0bcbd68a96c1746a1613b309af
- * tools/gpgconf-comp.c (gp_component_change_options): Improve error
- handling when reading from stdin.
-
- tools: Fix memory leak.
- + commit 5b28f025085b386e0ec49535d4cd3f875a414eb0
- * tools/gpgconf-comp.c (change_options_file): Fix leak.
-
- tests: Add test demonstrating issue2929.
- + commit 5aafa56dffefe3fac55b9d0555c7c86e8a07f072
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/issue2929.scm: New file.
-
- tests: Enable gpgconf test.
- + commit 628ff843466b42309f850b8d65b13cf5f586b81f
- * tests/openpgp/Makefile.am (XTESTS): Re-add gpgconf.scm.
-
-2017-01-23 Werner Koch <wk@gnupg.org>
-
- Release 2.1.18.
- + commit f8289b1d28f501d2f37bf9ccb5e42f7fb27b4688
-
-
- build: Change make distcheck configure and temp. remove gpgconf.scm.
- + commit 25e029823813e190a18b601af60efcb1fb3b84af
- * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Also test gpgtar and
- wks-tools. Disable ntbtls.
- * tests/openpgp/Makefile.am (XTESTS): Temporary remove gpgconf.scm.
-
- Fix format string errors and some missing error case initialization.
- + commit af5979a42b9468ffe0f3ac6de5a77d982c5cf8a0
- * common/logging.c (do_logv): Remove extra parentheses in comparison.
-
- * dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
- dns_res_close is given a defined value in the error case.
-
- * dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
- format string char.
-
- * dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
- * dirmngr/ks-engine-http.c (ks_http_help): Ditto.
- * dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
- * dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.
-
- * scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
- char.
- * tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
- error case.
- (scdaemon_runtime_change): Ditto.
- (dirmngr_runtime_change): Ditto.
-
- * tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.
-
- dirmngr: On SIGHUP mark all keyservers alive.
- + commit 3ca3da8fc4ef802b8cceec5fde398a07b4888848
- * dirmngr/ks-engine-hkp.c (ks_hkp_reload): New.
- * dirmngr/dirmngr.c (dirmngr_sighup_action): Call it.
-
-2017-01-23 Gaetan Bisson <bisson@archlinux.org>
-
- libdns: Hack to skip negation term.
- + commit d4c0187dd93163f12e9f953366adef81ecf526a6
- * dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
- nsswitch.conf parser.
-
-2017-01-23 Werner Koch <wk@gnupg.org>
-
- dirmngr: Print debug message only with --debug.
- + commit 9ae0b81e4ff08712da642456d0164f81924a91e4
- * dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug
- is set.
-
-2017-01-23 Phil Pennock <gnupg-devel@spodhuis.org>
-
- dirmngr: Handle missing nsswitch.conf.
- + commit 88ade475c56ac3712d6bd6d41ae38e1421dcb320
- * dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.
-
-2017-01-23 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- gpg: Fix misleading log message when checking regexp.
- + commit a85731ada2d361eacddc5ae92f80d34792dd4b5e
- * src/trustdb.c (check_regexp): Correctly print whether the
- regexp matched or not.
-
-2017-01-23 Werner Koch <wk@gnupg.org>
-
- gpg: New export and import options "backup" and "restore".
- + commit 953d4ec6afd1b42feb7465ee57e48d72f033019a
- * g10/export.c (parse_export_options): Add "backup" and its alias
- "export-backup".
- (do_export_one_keyblock): Export ring trust packets in backup mode.
- * g10/import.c (parse_import_options): Add "restore" and its alias
- "import-restore".
- (read_block): Import ring trust packets.
-
-2017-01-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix INTERRUPT transfer.
- + commit 21c9ebb908c2ad2e322e7a13e59e5880494c4d67
- * scd/ccid-driver.c (find_endpoint): Don't return Bulk endpoint as
- Interrupt endpoint.
- (ccid_poll): Call libusb_interrupt_transfer.
-
-2017-01-19 Werner Koch <wk@gnupg.org>
-
- build: Print a commit id in the generated ChangeLog.
- + commit e926f30a1cda75f6334b79c303b5134f0441a3dc
- * build-aux/gitlog-to-changelog: Print an extra line with the commit
- id.
-
- common: Fix buffer copy code again.
- + commit e031b3c16cfec583c4322c84d299b355f0849c77
- * common/exectool.c (my_error_from_errno): Remove.
- (copy_buffer_do_copy): Do without var RC.
- (copy_buffer_flush): Ditto. Use ERRNO instead of es_write return
- code.
- (gnupg_exec_tool): Correctly return errors from es_read.
-
-2017-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- gpg: Allow to freeze faked system time.
- + commit 3daeef702b2e6a42f0f396b828f86ffc3f33fc88
- * g10/gpg.c (main): If the parameter for --faked-system-time
- ends with a '!', freeze time at the specified point.
- * common/gettime.c (gnupg_set_time): Allow to freeze the time
- at an arbitrary time instead of only the current time.
- * doc/gpg.texi: Update documentation for --faked-system-time.
-
-2017-01-19 Werner Koch <wk@gnupg.org>
-
- common: Clarify use of vars in buffer copy code.
- + commit 55c9212a2338bf0b07c8cf3a69bcedaa28d48d43
- * common/exectool.c (my_error_from_errno): New.
- (copy_buffer_do_copy): Use separate vars for errno values and
- gpg-error values for clarity. s/assert/log_assert/.
- (copy_buffer_flush): Ditto.
- (gnupg_exec_tool_stream): Use gpg_err_code when testing.
-
-2017-01-19 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Add setup of CA for NTBTLS.
- + commit 367349b4dcc97718f8ae1163d1389d2a46fc3453
- * dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
- ntbtls_set_ca_chain.
-
-2017-01-18 Justus Winter <justus@g10code.com>
-
- common: Fix flushing copy buffers.
- + commit 34fa2d79a07a079be472c3ff486debfdac8c6070
- * common/exectool.c (copy_buffer_flush): Write and flush the data, but
- do not hide EAGAIN from the caller.
- (gnupg_exec_tool_stream): Retry on EAGAIN.
-
-2017-01-18 Werner Koch <wk@gnupg.org>
-
- agent: Reduce sleep time in the progress callback.
- + commit 3d356d165aed7d76a3ea811b1d24ed0a05ac90d4
- * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
- from 100ms to 1ms or use gpgrt_yield when build against a recent
- libgpg-error.
-
- gpgconf: Allow "all" for --launch, --kill, and --reload.
- + commit 2312248b2e3adffa52d8a3ac4f24fe2c88f0f569
- * tools/gpgconf-comp.c (gc_component_launch): Allow -1 for COMPONENT.
- (gc_component_kill): Ditto.
- (gc_component_reload): For robustness change the condition to < 0.
- * tools/gpgconf.c (main) <aLaunch, aKill, aReload>: Support argument
- "all".
-
- gpg: Remove unused definitions.
- + commit 701f54eccf3da3319dd6d74f46b852c64d90bc52
- * g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants.
- (keyblock_pos_struct, KBPOS): Remove struct and type.
-
-2017-01-18 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Cleanup SERIALNO protocol.
- + commit 79cea89774e6327b6785e22b7057f9e3e188ac2b
- * scd/app.c (app_get_serial_and_stamp): Remove.
- (app_get_serialno): New.
- (app_write_learn_status): Use send_status_direct.
- (app_getattr): Use app_get_serialno for SERIALNO and
- send with send_status_direct.
- * scd/app-openpgp.c (do_getattr): Likewise.
- * scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
- (cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
-
- scd: Add "card_list" sub command for GETINFO.
- + commit 8b1f24a29ebc7651437c01990215a55b1136dae0
- * scd/app.c (app_send_card_list): New.
- * scd/command.c (cmd_getinfo): Fix "status" sub command.
- Add "card_list" sub command.
-
-2017-01-17 Werner Koch <wk@gnupg.org>
-
- build: Handle packages with dashes in --find-version.
- + commit a09f258b1412209763222e2e81bab79663e4d685
- * autogen.sh (--find-version): Improve version extraction.
- * (--help): Extend.
-
- gpg: Clean bogus subkey binding when cleaning a key.
- + commit 356323768a1a29138581d0aceed0336ab8be0d5c
- * g10/trust.c (clean_key): Also clean bogus subkey bindings.
-
- gpg: Sync print of additional sig data in --edit-key.
- + commit 766c25018b288a7185c6da6adac0dec01a64e94a
- * g10/keylist.c (show_policy_url): Implement MODE -1.
- (show_keyserver_url): Ditto.
- (show_notation): Ditto.
- * g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
- notation data to the tty.
-
- common: Remove unused function tty_print_string.
- + commit bae42e543799a428e59bad870aed9719dd6e6e45
- * common/ttyio.c (tty_print_string): Rename to ...
- (do_print_string): this. Make local. Simplify FP case by using
- print_utf8_buffer. Change caller.
-
- gpg: Prepare some key cleaning function for use with secret key packets.
- + commit adbfbf608e75cdd72ae7b3a538b91bc0e236a18f
- * g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
- (clean_sigs_from_uid): Ditto.
- (clean_uid_from_key): Ditto.
- (clean_one_uid): Ditto.
- (clean_key): Ditto.
-
-2017-01-16 Werner Koch <wk@gnupg.org>
-
- dirmngr: Implement hkps lookups using literal addresses.
- + commit e6aebfe3d0f16c483296fd125b66a44017fe15f4
- * dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
- reverse lookup.
-
- dirmngr: Allow reverse DNS lookups in Tor-mode.
- + commit 9850124c7bdf0a0e7c1866abc85f3437257d7095
- * dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
- (resolve_addr_libdns): New.
- (resolve_dns_addr): Divert to resolve_dns_addr.
-
- dirmngr: Avoid network queries for literal IP addresses.
- + commit daae97bc14742c75408c4eb05808a2102cfe2bcf
- * dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
- for literal IP addresses.
- (resolve_name_standard): Ditto.
-
- dirmngr: Fix URL creation for literal IPv6 addresses in HKP.
- + commit 82646bbf1a5a7d745da81b239a12667a51703dc1
- * dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
- the address family.
- * dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
- R_HTTPHOST because that is its purpose. Note that the former
- behaviour of storing a NULL to indicate that it is not a pool has not
- been used.
- (make_host_part): Ditto.
- (make_host_part): Make sure that literal v6 addresses are correclty
- marked in the constructed URL.
-
-2017-01-16 Justus Winter <justus@g10code.com>
-
- tests: Improve GPGHOME handling.
- + commit 8b1611a9605b636db3e07a9d81016a11b318724c
- * tests/openpgp/defs.scm (GPGHOME): New variable.
- * tests/openpgp/ssh-import.scm: Remove redundant code, use 'path-join'.
- * tests/openpgp/tofu.scm: Likewise.
-
-2017-01-16 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Ask specific SERIALNO for pksign/pkdecrypt.
- + commit 0801f49b0dc7102943f0e9fa51061f50f5708ca6
- * agent/call-scd.c (agent_card_serialno): Add DEMAND argument.
- * agent/command-ssh.c (card_key_available): Follow the change.
- * agent/learncard.c (agent_handle_learn): Likewise.
- * agent/divert-scd.c (ask_for_card): Use DEMAND argument.
-
- scd: Add --demand option for SERIALNO.
- + commit 2e6f1c99d4f66a23a752092397e20a84964edf48
- * scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
- arguments. Return matched APP with a serial number when specified.
- * scd/command.c (open_card): Modify for the implicit open only.
- (open_card_with_request): New for explicit open and support match with a
- serial number.
- (cmd_serialno): Support --demand option.
- (cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
- (cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
- (cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
- the change of open_card.
-
-2017-01-12 Werner Koch <wk@gnupg.org>
-
- build: Make autogen.sh more POSIX friendly (next try)
- + commit 3db76c9277d918dec9721a6439f4db3b3c06aba3
- * autogen.sh: Fix dd count to 5.
-
- gpg: Rename a var to avoid a shadowing warning.
- + commit c99a09f111c5980ae034faaea61a00d9ad60463c
- * g10/keygen.c (keygen_set_std_prefs): Rename variable.
-
- tests: Fix t-gettime for a time_t of 64 and a long of 32 bit.
- + commit 5c0777e1ca02ff1767755c417b64d6f78e02f475
- * configure.ac (AC_CHECK_HEADERS): Add stdint.h.
- * common/t-gettime.c: Include stdint.h.
- (UINTMAX_C): Define replacement.
- (test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
-
- build: Make autogen.sh more POSIX friendly.
- + commit 3c00b52f7cb0fbd756c0bbe5134b8f2d69c60dd1
- * autogen.sh: Replace non POSIX "cp -a" and "head -c".
-
- libdns: Silence -Wstrict-prototypes on some function ptrs.
- + commit 97372b39cd9b4c84a083eadbf072fff77799617f
- * dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
-
- libdns: Provide replacement for EPROTO.
- + commit 0fadff9cdde47e42f7e428bc903b3626c67ba9c0
- * dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
-
-2017-01-11 Werner Koch <wk@gnupg.org>
-
- dirmngr: After a connection failure log a hint if Tor is not running.
- + commit 20dfcfe08c618d23134d5d6efef7676b090f30d3
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
- Tor is running.
-
- dirmngr: Mark hosts dead on ENETDOWN.
- + commit 76fb2febde10da8237bbe7613830b51af2a45139
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
- ENETDOWN.
-
- dirmngr: Fix Tor access for v6 addresses.
- + commit 09aeac41c97bc8ecb44a09886c7fdbd9a6ec5c7f
- * dirmngr/http.c (use_socks): New.
- (my_sock_new_for_addr): New.
- (connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
-
- dirmngr: Remove warnings about unused global variables.
- + commit 915864e7f0315b0c96315d0bcd48b1b93592353a
- * dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
- * dirmngr/ocsp.c (oidstr_certHash): Comment.
-
- dirmngr: Implement debug option "network" for http.
- + commit da894c48ec3393e7c815f575daa5a52ab37cc102
- * dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
-
- dirmngr: Add debug code to http.c.
- + commit 02ab4b0085f8b4cdfe163d25ddd0fc80753d7f4a
- * dirmngr/http.c (opt_verbose, opt_debug): New vars.
- (http_set_verbose): New function.
- (_my_socket_new): Add debug output.
- (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
- OPT_DEBUG has ben set to 2 in a debugger.
- (http_session_new, http_session_ref): Ditto.
- (send_request, http_start_data): Print debug output for the request.
- (parse_response): Change to use log_debug_string for the response.
-
- common: New function log_debug_with_string.
- + commit 088d71d3671e74eb088386026f0e439a7e3b5543
- * common/logging.c (do_logv): Factor some code out to ...
- (print_prefix): new.
- (log_logv): Add arg EXTRASTRING and print it. Change all callers to
- pass NULL for it.
- (log_debug_with_string): New. Uses EXTRASTRING.
-
-2017-01-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- common: Avoid unnecessary ambiguity in argparse.
- + commit 7249ab0f95d1f6cb8ee61eefedc79801bb56398f
- * common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
-
-2017-01-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- systemd-user: Enable "systemctl --user reload {dirmngr,gpg-agent}"
- + commit a20a450ac4ef10847fd59a5fd3acbbd2bfcaa6a2
- * doc/examples/systemd-user/*.service: Add ExecReload directives to
- indicate the canonical way to reload the services.
-
- GnuPG recommends reloading the agent and dirmngr with "gpgconf
- --reload". if anyone is running them as systemd user services, they
- might ask them to reload in the systemd way, so teach systemd the
- right thing to do.
-
-2017-01-10 Justus Winter <justus@g10code.com>
-
- tests: Improve gpgconf test.
- + commit 88e42ef08d65d4d1bc29c6cea48df19ca0d5e2bd
- * tests/openpgp/defs.scm (valgrind): New variable.
- (gpg-config): Fix clearing an option.
- * tests/openpgp/gpgconf.scm: Also toggle 'quiet'.
-
- tools: Fix memory leaks and improve error handling.
- + commit 1f5caf90bfaaaf7b9d8c06c12087aeeae3748032
- * tools/gpgconf-comp.c (gc_option_free): New function.
- (gc_components_free): Likewise.
- (gc_components_init): Likewise.
- (retrieve_options_from_program): Use 'xfree', fix memory leak.
- (change_options_program): Improve error handling.
- (gc_component_change_options): Fix memory leaks.
- * tools/gpgconf.c (main): Initialize components.
- * tools/gpgconf.h (gc_components_init): New prototype.
-
- tests: Add test for gpgconf.
- + commit c8cfc62125aceee0ca48aab5c8a9fea1ec1ef652
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/defs.scm (percent-encode): New function.
- (gpg-conf): Generalize so that we can feed stdin.
- (gpg-config): New function.
- * tests/openpgp/gpgconf.scm: New file.
-
- common: Fix fallback code.
- + commit bfd6a490129ffc7c7ac8776bf5a5da3b1ddf6d42
- * common/logging.c (_log_assert): Fix the variant for compilers that
- do not support __FUNCTION__.
- * common/logging.h (_log_assert): Likewise.
-
-2017-01-09 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use "pgpkey-hkps" and "pgpkey-hkp" for SRV record lookups.
- + commit 0cc975d8a1cd54115938202432e43263b8893ea4
- * dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
- (make_host_part): Rewrite.
-
- dirmngr: Do not use a SRV record for HKP if a port was specified.
- + commit c2cbe2f87c480c62239dc4c2cbb352acd98cd267
- * dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
- * dirmngr/http.c (do_parse_uri): That it.
- * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
- (make_host_part): Ditto.
- (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
- (ks_hkp_search): Ditto.
- (ks_hkp_get): Ditto.
- (ks_hkp_put): Ditto.
-
-2017-01-08 Werner Koch <wk@gnupg.org>
-
- dirmngr: Implement experimental SRV record lookup for WKD.
- + commit 88dc3af3d4ae1afe1d5e136bc4c38bc4e7d4cd10
- * dirmngr/server.c (cmd_wkd_get): Support SRV records.
-
- dirmngr: Improve debug output for TLS.
- + commit 714faea4fa7f30d42e9986358214a99aa8fa57b3
- * dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
-
- dirmngr: Change internal SRV lookup API.
- + commit 16078f3deea5b82ea26e2f01dbd3ef3a5ce25410
- * dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
- * dirmngr/http.c (connect_server): Simplify SRV lookup.
- * dirmngr/ks-engine-hkp.c (map_host): Ditto.
- * dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
-
- dirmngr: Strip root zone suffix from libdns SRV results.
- + commit 9fa94aa10778bbd680315e93b23175423e338c40
- * dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
- target.
-
-2017-01-06 Werner Koch <wk@gnupg.org>
-
- agent,w32: Fix annoying output to DebugView.
- + commit 8d774904c8066d8c0f19cfffe2d568979bb8c470
- * agent/gpg-agent.c (startup_fd_list): Do not define for W32.
- (main) [W32]: Do not call get_all_open_fds.
-
-2017-01-06 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for --disable-ccid for scdaemon.
- + commit 858e14cd794e2a6125d51e652a754bbe26def997
- * scd/apdu.c (apdu_dev_list_finish): Don't call ccid_dev_scan_finish
- with no table.
- (apdu_open_reader): Only increment when it's zero.
-
- scd: Fix for --disable-ccid-driver.
- + commit 62268a2732dddca7a05ca4cf45d0e4338c7dc3c4
- * scd/apdu.c [HAVE_LIBUSB] (apdu_dev_list_start): Conditionalize.
- [HAVE_LIBUSB] (apdu_dev_list_finish, apdu_open_reader): Likewise.
-
- scd: Support multiple readers by CCID driver.
- + commit 8a41e73c31adb86d4a7dca4da695e5ad1347811f
- * scd/apdu.c (new_reader_slot): Lock is now in apdu_dev_list_start.
- (close_pcsc_reader_direct, close_ccid_reader): RDRNAME is handled...
- (apdu_close_reader): ... by this function now.
- (apdu_prepare_exit): Likewise.
- (open_ccid_reader): Open with dev_list.
- (apdu_dev_list_start, apdu_dev_list_finish): New.
- (apdu_open_one_reader): New.
- (apdu_open_reader): Support multiple readers.
- * scd/app.c (select_application): With SCAN, opening all readers
- available, and register as new APP.
- (app_write_learn_status): app->ref_count == 0 is valid for APP which is
- not yet used.
- (app_list_start, app_list_finish): New.
- * scd/ccid-driver.c (struct ccid_driver_s): Remove RID and BCD_DEVICE.
- Add BAI.
- (parse_ccid_descriptor): BCD_DEVICE is now on the arguments.
- (ccid_dev_scan, ccid_dev_scan_finish): New.
- (ccid_get_BAI, ccid_compare_BAI, ccid_open_usb_reader): New.
- (ccid_open_reader): Support multiple readers.
- (ccid_set_progress_cb, ccid_close_reader): No RID any more.
-
-2017-01-05 Werner Koch <wk@gnupg.org>
-
- Silence two -Wlogical-op warnings.
- + commit 6170eb809033c9d144abf3b1f31f8b936878cdd4
- * common/tlv.c (parse_ber_header): Avoid compiler warning about a
- duplicate condition.
- * tools/gpgtar-create.c (pattern_valid_p): Likewise.
-
-2017-01-05 Justus Winter <justus@g10code.com>
-
- tests: New test for --{show,override}-session-key.
- + commit 168c8c9d79a817c1f08a9ef976dab377f8c4c69e
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/decrypt-session-key.scm: New file.
-
- tests: Fix macro.
- + commit 4ded213698123a425393b89a800fda2a4ec5229d
- * tests/openpgp/defs.scm (with-ephemeral-home-directory): Make
- hygienic, use define-macro, do not change to the ephemeral home
- directory.
- * tests/gpgsm/setup.scm: Change to the ephemeral home directory.
- * tests/openpgp/setup.scm: Likewise.
-
-2017-01-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- g10: avoid warning when --disable-tofu.
- + commit 38671cfe5a2a40bb991619f4cb992c42b5f1e8cd
- If configured with --disable-tofu, we see compiler warnings about an
- unused variable. This should remove those warnings.
-
-2017-01-04 Justus Winter <justus@g10code.com>
-
- tests,w32: Fix locating the components.
- + commit 28e149609da44fab600f6a11b385d1c8ca8e7eb9
- * tests/openpgp/defs.scm (percent-decode): New function.
- (bin-prefix): New variable.
- (installed?): Likewise.
- (tool-hardcoded): Use the new variables.
- (gpg-conf): Use the new function to decode the values.
- (gpg-components): Do not use '--build-prefix' when 'installed?'.
-
-2017-01-03 Werner Koch <wk@gnupg.org>
-
- dirmngr: Make sure Tor mode is also set for DNS on SIGHUP.
- + commit 969512401603639e4467ede7d892f1b02582c2c9
- * dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
- (reload_dns_stuff): Reset tor port.
- * dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
- (main): Remove warning that Tor mode may not fully work.
- * dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
- initialization.
- * dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
- checking for enable_dns_tormode.
-
- dirmngr: New debug message on correctly initialized libdns.
- + commit 0004d52ba2f1245c84f95a151342ad99fd72ca3d
- * dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
- success.
-
-2017-01-02 Justus Winter <justus@g10code.com>
-
- common: Turn assertions into expressions.
- + commit a1e0d4a1e75fc6e6c3392a4e1d1d27005b38d6cc
- * common/logging.h (log_assert): Turn this into an expression so it
- can be used in expressions.
-
- tests: Fix faked time in the TOFU test.
- + commit 6d065198337b5242889723481bfa9ce81aa108bb
- * tests/openpgp/tofu.scm (GPG): Fix time delta.
-
-2017-01-02 Werner Koch <wk@gnupg.org>
-
- g13: Improve printing of debug infos.
- + commit 5b6ebfb9244602d9de31d61c7eceb0c45ac8aa49
- * g13/g13tuple.c (all_printable): Make it work.
-
- Replace use of variable-length-arrays.
- + commit 6b84ecbf312d98ac8cce9fe5facdc815bc742fa1
- * common/t-iobuf.c (main): Replace variable-length-array.
- * g10/gpgcompose.c (mksubpkt_callback): Ditto.
- (encrypted): Ditto.
- * g10/t-stutter.c (log_hexdump): Ditto.
- (oracle_test): Ditto.
- * g10/tofu.c (get_policy): Ditto. Use "%zu" for size_t.
- * scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
- Check for zero length OID_LEN.
-
-2017-01-02 Justus Winter <justus@g10code.com>
-
- gpgscm: Fail if too many arguments are given.
- + commit b0e14bd6ff8401b12b2b39f75aef94d3ad28017f
- * tests/gpgscm/scheme.c (opexe_0): Enable check.
- * tests/gpgscm/tests.scm (test::report): Remove superfluous argument.
-
- gpgscm: Add 'finally', rework all macros.
- + commit b79274a3b7e58f88e9a8c1dc1fb24dd3e983543c
- * tests/gpgscm/init.scm (finally): New macro.
- * tests/gpgscm/tests.scm (letfd): Rewrite.
- (with-working-directory): Likewise.
- (with-temporary-working-directory): Likewise.
- (lettmp): Likewise.
-
- gpgscm: Use boxed values for source locations.
- + commit e8b843508dac96e9d0a3140954dd5a3618669cec
- * tests/gpgscm/scheme-private.h (struct port): Use boxed values for
- filename and current line. This allows us to use the same Scheme
- object for labeling all expressions in a file.
- * tests/gpgscm/scheme.c (file_push): Use boxed type for filename.
- (mark): Mark location objects of port objects.
- (gc): Mark location objects in the load stack.
- (port_clear_location): New function.
- (port_reset_current_line): Likewise.
- (port_increment_current_line): Likewise.
- (file_pop): Adapt accordingly.
- (port_rep_from_filename): Likewise.
- (port_rep_from_file): Likewise.
- (port_close): Likewise.
- (skipspace): Likewise.
- (token): Likewise.
- (_Error_1): Likewise.
- (opexe_0): Likewise.
- (opexe_5): Likewise.
- (scheme_deinit): Likewise.
- (scheme_load_file): Likewise.
- (scheme_load_named_file): Likewise.
-
-2017-01-02 Werner Koch <wk@gnupg.org>
-
- dirmngr: Strip root zone suffix from libdns cname results.
- + commit b200e636ab20d2aa93d9f71f3789db5a04af0a56
- * dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
- (get_dns_cname_libdns): Ditto.
-
-2016-12-30 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix select_application.
- + commit 337690441fcb19343fe56b139f5649bed7d25c83
- * scd/app.c (select_application): Fix the condition for open.
-
- scd: Fix card removal monitor.
- + commit f300e12a793d59deb1a369713384eaabfa39b3e6
- * scd/app.c (app_reset): Call send_client_notification with REMOVAL.
- (scd_update_reader_status_file): Likewise.
- * scd/command.c (send_client_notifications): Distinguish removal.
-
-2016-12-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Improve internal CCID driver.
- + commit cdc8d0bd933b958db878861587322bc541b580b3
- * scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
- configuration but use active configuration. Support alt_setting.
- (scan_or_find_devices): Support alt_setting.
- (ccid_open_reader): Support alt_setting.
-
- scd: Fix a race condition for new_reader_slot.
- + commit c48cf7e32ffa02ebdf00265543344c611bef0431
- * scd/apdu.c (reader_table_lock, apdu_init): New.
- (new_reader_slot): Serialize by reader_table_lock.
- * scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
- usage.
- (initialize_module_command): Call apdu_init.
- * scd/scdaemon.c (main): Handle error for initialize_module_command.
-
-2016-12-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: APP centric approach for device management.
- + commit 4cc9fc5eb9bd91d943c185d59da4a2b4cb885ee6
- * scd/app.c (lock_app): Rename from lock_reader and use internal field
- of APP.
- (unlock_app): Likewise.
- (app_dump_state): Use APP.
- (application_notify_card_reset): Remove.
- (check_conflict): Change API for APP, instead of SLOT.
- (check_application_conflict): Likewise.
- (release_application_internal): New.
- (app_reset): New.
- (app_new_register): New.
- (select_application): Change API for APP, instead of SLOT.
- (deallocate_app, release_application): Modify for manage link.
- (report_change): New.
- (scd_update_reader_status_file): Moved from command.c and
- use APP list, instead of VREADER.
- (initialize_module_command): Moved from command.c.
-
- * scd/command.c (TEST_CARD_REMOVAL): Remove.
- (IS_LOCKED): Simplify.
- (vreader_table): Remove.
- (vreader_slot, update_card_removed): Remove.
- (do_reset): Call app_reset.
- (get_current_reader): Remove.
- (open_card): Add SCAN arg.
- (cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
- No do_reset, since it is done in lower layer.
- Add clearing card_removed flag.
- (cmd_disconnect): Call apdu_disconnect.
- (send_client_notifications): Modify for APP.
- (update_reader_status_file): Remove.
-
- scd: Simplify monitoring card removal.
- + commit f9882d8336feea96e3b5e250e9093f8cca01e08b
- * scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
- status, and change_counter field.
- (new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
- (connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
- (open_ccid_reader, apdu_reset): Follow the change.
- (ct_dump_reader_status): Remove.
- (apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
- (apdu_connect): Follow the change.
- * scd/command.c (struct vreader_s): Remove reset_failed, any, and
- changed field.
- (cmd_getinfo, update_reader_status_file): Follow the change.
-
-2016-12-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Improve internal CCID driver.
- + commit c7ec9c42246033e14ebad679d11f3b1fbeed23b7
- * scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
- Support device with multiple CCID interfaces. Fix the case with
- READERNO. Support partial string match of "reader-port" like PC/SC
- driver.
-
-2016-12-23 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix for --disable-libdns usage.
- + commit d26c51825e2255fe58305cbc1cd74fa43f80d93e
- * dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
- (reload_dns_stuff): Conditionalize with USE_LIBDNS.
- (get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.
-
-2016-12-22 Neal H. Walfield <neal@g10code.com>
-
- tools: Show a clearer error message if a server doesn't support WKS.
- + commit 1909e994cb87d6c6866a465f0c20a456d4df46cc
- * tools/gpg-wks-client.c (command_send): If we fail to lookup the
- submission address, print a better error message. If it is because
- the corresponding file doesn't exist, provide the hint that the server
- probably doesn't support WKS.
-
-2016-12-22 Werner Koch <wk@gnupg.org>
-
- wks: Let the client ignore missing policy flags.
- + commit e917dfcd973a3ebbf5eb584e819ffa89f932bfef
- * tools/gpg-wks-client.c (command_send): Ignore missing policy flags.
-
-2016-12-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Clean up internal API for APP.
- + commit 8431f5a7e88e1f42d75c4a4b61f4aa9b35457204
- * scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
- app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
- the second argument.
- * scd/app.c: Supply CTRL to lock_reader calls.
- * scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
- cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
- change.
-
-2016-12-21 Justus Winter <justus@g10code.com>
-
- gpgscm: Guard use of union member.
- + commit 6e96cdd41a0e55b672309431062f37c4a4a9f485
- * tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
- before accessing filename. Fixes a crash on 32-bit architectures.
-
-2016-12-20 Werner Koch <wk@gnupg.org>
-
- tests: Avoid skipping exectool tests.
- + commit 6204f8104fea42d706a68e77e2dc0bca4704bddc
- * common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
- (test_executing_false): Try also /usr/bin/false.
-
-2016-12-20 Justus Winter <justus@g10code.com>
-
- tests: Add test suite for gpgsm.
- + commit 36c14139285982def6ad942d4b2d8bef7ed4ea76
- * configure.ac (AC_CONFIG_FILES): Add new file.
- * tests/Makefile.am (SUBDIRS): Add new directory.
- * tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file.
- * tests/gpgsm/Makefile.am: Likewise.
- * tests/gpgsm/cert_dfn_pca01.der: Likewise.
- * tests/gpgsm/cert_dfn_pca15.der: Likewise.
- * tests/gpgsm/cert_g10code_test1.der: Likewise.
- * tests/gpgsm/decrypt.scm: Likewise.
- * tests/gpgsm/encrypt.scm: Likewise.
- * tests/gpgsm/export.scm: Likewise.
- * tests/gpgsm/gpgsm-defs.scm: Likewise.
- * tests/gpgsm/import.scm: Likewise.
- * tests/gpgsm/plain-1.cms.asc: Likewise.
- * tests/gpgsm/plain-2.cms.asc: Likewise.
- * tests/gpgsm/plain-3.cms.asc: Likewise.
- * tests/gpgsm/plain-large.cms.asc: Likewise.
- * tests/gpgsm/run-tests.scm: Likewise.
- * tests/gpgsm/setup.scm: Likewise.
- * tests/gpgsm/shell.scm: Likewise.
- * tests/gpgsm/sign.scm: Likewise.
- * tests/gpgsm/verify.scm: Likewise.
-
- tests: Add macro managing ephemeral home directories.
- + commit c067a012c764218b94ce8de2914615a895a75f3e
- * tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro.
- * tests/openpgp/setup.scm: Use the new macro.
-
- tests: Move argument parser.
- + commit a30c0a6972cabde3858108e9020e900696094843
- * tests/gpgme/gpgme-defs.scm (flag): Move...
- * tests/gpgscm/tests.scm: ... over here.
-
- tests: Add missing encrypted sample, cleanup samples handling.
- + commit e2ed3c1597daf3188ddce049cc3c50113d56f1b9
- * tests/openpgp/Makefile.am (TEST_FILES): Add new file.
- * tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
- (all-files): New variable.
- (create-sample-files): New function.
- (create-legacy-gpghome): Use new function.
- * tests/openpgp/plain-large.asc: New file.
-
-2016-12-20 Werner Koch <wk@gnupg.org>
-
- Release 2.1.17.
- + commit ade32464a25fdb35cc0f39e46d303ceba68ea8f6
-
-
- sm: Remove wrong example from gpgsm --help.
- + commit 13465e708bb67e816e4fb3a37c117ad91dc6383f
- * sm/gpgsm.c (opts): Remove group 303.
-
- dirmngr: New option --resolver-timeout.
- + commit 81c012787fabf734d9c952c6f18ecac21929d4d8
- * dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
- (opt_timeout): New var.
- (set_dns_timeout): New.
- (libdns_res_open): Set the default timeout.
- (libdns_res_wait): Use configurable timeout.
- (resolve_name_libdns): Ditto.
-
- * dirmngr/dirmngr.c (oResolverTimeout): New const.
- (opts): New option --resolver-timeout.
- (parse_rereadable_options): Set that option.
- (main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
- * tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
- and --nameserver.
-
- * dirmngr/http.c (connect_server): Fix yesterday introduced bug in
- error diagnostic.
-
-2016-12-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix problems with the getsrv function.
- + commit af8b68fae39b1378c769e0de6ba6437ea1aac7e3
- * dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
- (set_dns_verbose): New func.
- (libdns_switch_port_p): Add debug output.
- (resolve_dns_name): Ditto.
- (get_dns_cert): Ditto.
- (get_dns_cname): Ditto.
- (getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
- (getsrv): Rename to ...
- ((get_dns_srv): this. Add arg R_COUNT and return an error. Add debug
- output.
- * dirmngr/http.c: Adjust for chnaged getsrv().
- * dirmngr/ks-engine-hkp.c (map_host): Ditto.
- * dirmngr/t-dns-stuff.c (main): Ditto. Call set_dns_verbose.
- * dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
-
- build: Add target to sign the windows installer.
- + commit 284ec54495dddc9eb0232e959cf994234097578a
- * build-aux/speedo.mk (w32-sign-installer): New.
- (AUTHENTICODE_KEY): New.
- (installer-from-source): Use cp instead of mv. Factor code out to ...
- (MKSWDB_commands): new macro.
- (sign-installer): New.
-
-2016-12-19 Justus Winter <justus@g10code.com>
-
- tests: Use the common test framework for the migration tests.
- + commit 65a0d6a24e6299682793f213a9d2bae17c5b12d9
- * tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
- (TESTS_ENVIRONMENT): Populate.
- (TESTS): Rename to 'XTESTS'.
- (xcheck): New target.
- (EXTRA_DIST): Add new files.
- (CLEANFILES): Remove log files.
- * tests/migrations/common.scm: Honor 'verbose', fix paths.
- * tests/migrations/run-tests.scm: New file.
- * tests/migrations/setup.scm: Likewise.
-
- tests: Use sequential test runner if only one test is given.
- + commit 0bf16d702665a269ce5ef724c927fbbd8f7f1ce9
- * tests/openpgp/run-tests.scm: Use sequential test runner if only one
- test is given.
-
-2016-12-19 Werner Koch <wk@gnupg.org>
-
- dirmngr,w32: Hack around a select problem.
- + commit d51499fdc522a696f23c6776c3ab248742f4e06a
- * dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
- (dns_poll): Return an error instead of hitting an assertion failure.
-
-2016-12-19 Neal H. Walfield <neal@g10code.com>
-
- test: Extend TOFU tests to also check the days with signatures.
- + commit aec89a7297bae30f79a63fdc830530e82bab6170
- * tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
- (faketime): New function.
- (days->seconds): Likewise.
- (GPG): Use faketime.
- (check-counts): Also check the number of expected days with signatures
- and encryptions. Update callers. Extend tests.
-
-2016-12-19 Justus Winter <justus@g10code.com>
-
- tests: New test for --delete-[secret-]keys.
- + commit a1afc450e182af02ad5e6f6ba79e9dc4332ca2bc
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/defs.scm (keys): New variable.
- (have-public-key?): New function.
- (have-secret-key?): Likewise.
- (have-secret-key-file?): Likewise.
- * tests/openpgp/delete-keys.scm: New file.
- * tests/openpgp/quick-key-manipulation.scm: Move the accessors to
- 'defs.scm'.
-
- gpgscm: Change associativity of ::.
- + commit a45dc0849da0d944ec8c759bc8e3e733b1eb0079
- * tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
- infix-operator. This makes it possible to naturally express accessing
- nested structures (e.g. a::b::c).
-
- gpgscm: Display location when assertions fail.
- + commit 3949cbd1128585c9b810713aeffaa1455fb5aed9
- * tests/gpgscm/lib.scm (assert): Use location information if
- available.
-
- gpgscm: Make exception handling more robust.
- + commit df00745d6eed7034b218a0c482a46d975425798a
- * tests/gpgscm/init.scm (throw'): Check that args is a list.
-
-2016-12-19 Andre Heinecke <aheinecke@intevation.de>
-
- speedo,w32: Use nsExec::ExecToLog to avoid popups.
- + commit 026bbf0d5ee4510967e5f1dd3db2dee4687b0612
- * build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
- ExecWait.
-
-2016-12-19 Werner Koch <wk@gnupg.org>
-
- Remove unused debug flags and add "dns" and "network".
- + commit e384405b6e251629fb36bcbba4f5f9ac15a39d10
- * g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
- * g10/gpg.c (debug_flags): Remove "cardio".
- * agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
- * agent/gpg-agent.c (debug_flags): Remove "command".
- * scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
- * scd/scdaemon.c (debug_flags): Remove "command".
- * dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
- (DBG_NETWORK_VALUE, DNG_NETWORK): New.
- * dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
-
-2016-12-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix setup of libdns for W32.
- + commit e77b924fec1082faae48cdd2ff8474874a22bdf7
- * configure.ac (DNSLIB) {W32]: Add -liphlpapi.
- * dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
- WIN32_LEAN_AND_MEAN.
- (libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
- * dirmngr/t-dns-stuff.c (init_sockets): New.
- (main): Call it.
-
-2016-12-16 Werner Koch <wk@gnupg.org>
-
- dirmngr: Auto-switch from Tor port to Torbrowser port.
- + commit 024dbd7162fc1a7694176ebad3c21ee3ea67c024
- * dirmngr/dns-stuff.c (libdns_tor_port): New var.
- (set_dns_nameserver): Clear that var.
- (libdns_init): Init var to the default port.
- (libdns_switch_port_p): New func.
- (resolve_dns_name): Use function to switch the port
- (get_dns_cert): Ditto.
- (getsrv): Ditto.
- (get_dns_cname): Ditto.
-
- dirmngr: Use one context for all libdns queries.
- + commit c4e8a3194d6b92f596a6483e486c645de7d2ddd1
- * dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
- (enable_recursive_resolver): Set var.
- (set_dns_nameserver): Ditto.
- (libdns_init): Avoid double initialization.
- (libdns_deinit): New.
- (reload_dns_stuff): New.
- (libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
- * dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
- memory.
- * dirmngr/dirmngr.c (cleanup): Ditto.
- (dirmngr_sighup_action): Call reload_dns_stuff to set
- LIBDNS_REINIT_PENDING.
-
- dirmngr: Pass Tor credentials to libdns.
- + commit ddb48086833f8b86f0f0d69b21a23f245090ea7a
- * dirmngr/dns-stuff.c (tor_credentials): Replace by ...
- (tor_socks_user, tor_socks_password): new vars.
- (enable_dns_tormode): Set these new vars.
- (libdns_res_open): Tell libdns the socks credentials.
-
- dirmngr: Factor common libdns code out.
- + commit 59d3c3e4baffff52548fb5d1766ebf02dd8e1bec
- * dirmngr/dns-stuff.c (libdns_res_open): New. Replace all libdns_init
- and dns-res_open by a call to this func.
- (libdns_res_submit): New wrapper. Replace all dns_res_sumbit calls.
- (libdns_res_wait): New function.
- (resolve_name_libdns): Replace loop by libdns_res_wait.
- (get_dns_cert_libdns): Ditto.
- (getsrv_libdns): Ditto.
-
- gpg,sm: A few more option for --gpgconf-list.
- + commit 48671f295ff233765689b6a73021f83ab845a28f
- * g10/gpg.c (gpgconf_list): Add --compliance and
- --default-new-key-algo.
- (parse_compliance_option):
- * sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.
-
- gpgconf: New command --apply-profile.
- + commit 76cd64a5baf6057b199c01f7999b327f1f4a87bc
- * tools/gpgconf.c (aApplyProfile): New.
- (opts): New command --apply-profile.
- (main): Implement that command.
- * tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
- (change_options_program): Ditto.
- (change_one_value): Ditto.
- (gc_component_change_options): Ditto.
- (gc_apply_profile): New.
-
- gpgconf: Fix --apply-defaults.
- + commit 6ca3c28da46873416822bf6ab7893db6c56a49d6
- * tools/gpgconf-comp.c: Skip pinentry also in process_all mode.
-
-2016-12-16 Justus Winter <justus@g10code.com>
-
- doc: Mention extra information in pinentry status lines.
- + commit 12a5265afa7f87ad92fb571e0882e57b07a3c267
- * doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
- information.
-
- sm: Fix agent communication.
- + commit 3c7d6a1769ed6cc90d86247a814a0dce341512a3
- * sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle
- to the callback.
- (gpgsm_scd_pksign): Likewise.
- (gpgsm_agent_reaedkey): Likewise.
-
-2016-12-16 Neal H. Walfield <neal@g10code.com>
-
- doc: Fix manual.
- + commit a165fa09be4bfbeb97ebe25d551a9045255e5028
- * doc/gpg.texi: Remove comment about options being parsed in-order.
- They aren't.
-
- g10: Use total days, not total messages to compute TOFU validity.
- + commit 4a2c210b75d4266e289712e73a42c286aabb07f0
- * g10/tofu.c (write_stats_status): Use the number of days with
- signatures / encryptions to compute the validity, not the total number
- of signatures / encryptions.
- (BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
- (FULL_TRUST_THRESHOLD): Likewise.
-
- g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
- + commit 94f6b9010d2e80a75ccbb21426faf0b30195f1ab
- * doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
- line.
- * g10/tofu.c (write_stats_status): Take additional parameters
- signature_days and encryption_days. Update callers. Include them in
- the tfs record and TOFU status lines.
- (show_statistics): Compute the number of days on which we saw a
- message signed by FINGERPRINT, and the number of days on which we
- encrypted a message to it.
-
-2016-12-16 Justus Winter <justus@g10code.com>
-
- doc: Improve section on unattended key generation.
- + commit ca02a8b78fca8815388a859962584d75169ae3ee
- * doc/gpg.texi: Improve the subsection on unattended key generation by
- suggesting the quick key manipulation interface as an alternative, and
- by suggesting alternatives to '%pubring' and '%secring'. Simplify
- examples accordingly.
-
- doc: Add documentation for programmatic use of GnuPG.
- + commit 116a78eb869c4c589228bd0d6deff7c7a9f92dfb
- * doc/gpg.texi: New subsections on programmatic use of GnuPG,
- ephemeral home directories, and the quick key manipulation interface.
-
-2016-12-16 Neal H. Walfield <neal@g10code.com>
-
- g10: On a TOFU conflict, write the conflicting keys to the status fd.
- + commit fea9da4a8afab6f3a49cdbbcc4a7a21f27a6d3e8
- * g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
- their statistics on the status fd.
- (get_trust): Likewise, if we don't call ask_about_binding.
- (show_statistics): Have the caller pass the policy as returned by
- get_policy. Add argument only_status_fd and don't emit any output on
- stdout if it is set. Update callers.
-
- g10: Add missing space.
- + commit 6caa2d0ba2bfc0ae93878738b0169483f6b6b462
- * g10/tofu.c (tofu_register_encryption): Add missing space.
-
-2016-12-15 Justus Winter <justus@g10code.com>
-
- g10: Avoid translating simple error messages.
- + commit 6b16b02109f4bb5b934e456667ff4c0ba7bc85fd
- * g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
-
- g10: Rework the --quick-* interface.
- + commit 41ad04d403de05abe54280d2a84aa51a603194e4
- * g10/gpg.c (opts): Rename options.
- (main): Update errors.
- * doc/gpg.texi: Update accordingly.
-
- g10: Rename 'card-edit' to 'edit-card'.
- + commit 6e4396723e9e5865015ebf7033628fa3919cf7d1
- * g10/gpg.c (opts): Rename option.
- * g10/call-agent.c (agent_scd_learn): Update comment.
- * doc/gpg.texi: Update accordingly.
-
- g10: Spell out --desig-revoke.
- + commit 3c691097ca144e9a1d4c9185636c59a848bec85c
- * g10/gpg.c (opts): Rename option.
- * doc/gpg.texi: Update accordingly.
-
- g10: Shorten unreasonably long option.
- + commit c252627c6fd93bc305c5a5a2f013c3de2d45c6b0
- * g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
- 'generate-revocation'.
- * doc/gpg.texi: Update accordingly.
- * po: Update translations.
-
- doc: Add aliases of all changed options.
- + commit bc6b76ef26f31c54ae1c29c761b8ecc437fcf565
- * doc/gpg.texi: Add the old version of every option that was updated
- with the last change set.
- * doc/gpgsm.texi: Likewise.
-
-2016-12-15 Werner Koch <wk@gnupg.org>
-
- dirmngr: First patch to re-enable Tor support.
- + commit 2d1760ffe2ff46b77bd0f38db8b781d9564ae999
- * dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
- constants.
- (libdns_init): Start adding tor support.
- (resolve_name_libdns): Pass socks hosts to dns_res_open.
- (get_dns_cert_libdns): Ditto.
- (getsrv_libdns): Ditto.
- (get_dns_cname_libdns): Ditto.
-
-2016-12-15 Justus Winter <justus@g10code.com>
-
- build: Fix distcheck.
- + commit 0e2055c7d30d987a7a74923a7080b80cce470601
- * tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs.
-
-2016-12-14 Justus Winter <justus@g10code.com>
-
- tests: Reuse GPGME's tests.
- + commit 948cca9c99e701a1668bb5fd6e25f07e35381b4d
- * configure.ac (AC_CONFIG_FILES): Add new Makefile.
- * tests/Makefile.am (SUBDIRS): Add new directory.
- * tests/gpgme/Makefile.am: New file.
- * tests/gpgme/gpgme-defs.scm: Likewise.
- * tests/gpgme/run-tests.scm: Likewise.
- * tests/gpgme/setup.scm: Likewise.
- * tests/gpgme/wrap.scm: Likewise.
-
- common: Support locating components in the build tree.
- + commit ca1e9749bfb069d90aa44efbf6f3d611b6104c1b
- * common/homedir.c (gnupg_build_directory): New variable.
- (gnupg_module_name_called): Likewise.
- (gnupg_set_builddir): New function.
- (gnupg_set_builddir_from_env): Likewise.
- (gnupg_module_name): Support locating components in the build tree.
- * common/util.h (gnupg_set_builddir): New prototype.
- * tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
- (tool): Rename to 'tool-hardcoded.
- (gpg-conf): New function, with accessors for the results.
- (gpg-components): New variable.
- (tool): New function.
- * tools/gpgconf.c (enum cmd_and_opt_values): New key.
- (opts): New option '--build-prefix'.
- (main): Handle new option.
-
- tests: Rework check for trust models.
- + commit 55dc81125abc43cd3cc8db951fc3b8a81767942d
- * tests/openpgp/defs.scm (gpg-has-option?): New function.
- (have-opt-always-trust): Use a simpler test for that option. This way
- that is less distracting when we run the tests with verbose=3.
-
-2016-12-14 Werner Koch <wk@gnupg.org>
-
- dirmngr: New configure option --disable-libdns.
- + commit d34a2bb410c7c770d26430d69ff77bd83fc407f1
- * configure.ac: Add option --disable-libdns
- (USE_LIBDNS): New ac_subst and am_conditional.
- (USE_C99_CFLAGS): Set only if libdns is used.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
- (dirmngr_SOURCES) [USE_LIBDNS0: here.
- (t_common_src): Ditto.
- * dirmngr/dirmngr.c (oRecursiveResolver): New constant.
- (opts): New option "--recursive-resolver".
- (parse_rereadable_options): Set option.
- * dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
- * dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
- new variables.
- * dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
- Also build and call dnslib functions only if USE_DNSLIB is defined.
- (recursive_resolver): New var.
- (enable_recursive_resolver): New func.
- (recursive_resolver_p): New func.
-
- dirmngr: Implement CERT record lookup via libdns.
- + commit 3c2a7918eac024b5e1258ea9b272b4e8a1f1af43
- * dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
- (get_dns_cert_standard): Fix URL malloc checking.
-
- dirmngr: Implement CNAME and SRV record lookup via libdns.
- + commit 4c13e4e3debe0e55e86ae29c095f2d86eb0a6f11
- * dirmngr/dns-stuff.c (dns_free): New macro.
- (libdns): Move var to the top.
- (libdns_error_to_gpg_error): Map error codes to the new gpg-error
- codes.
- (resolve_name_libdns): Restructure code.
- (getsrv_libdns): New.
- (get_dns_cname_libdns): New.
-
- dirmngr: Fix bugs in the standard resolver code.
- + commit 4a030f682ef48542ed324b28207f2c2b4847dbef
- * dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
- source.
- (get_h_errno_as_gpg_error): New.
- (get_dns_cert_libdns): Fix error code.
- (getsrv_libdns): Add arg R_COUNT and return an error code.
- (getsrv_standard): Ditto. Fix handling of res_query errors and
- provide the correct size for the return buffer.
- (getsrv): Adjust for changed worker functions.
- (get_dns_cname_standard): Fix handling of res_query errors and provide
- the correct size for the return buffer.
-
- dirmngr: Require a c99 compiler.
- + commit 392966aed9b2a5e1456c671e5d13b561a27e4bb2
- * configure.ac (USE_C99_CFLAGS): New ac_subst. Set to -std=gnu99 for
- gcc.
- * dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
- (t_http_CFLAGS): Ditto.
- (t_ldap_parse_uri_CFLAGS): Ditto.
- (t_dns_stuff_CFLAGS): Ditto.
-
- doc: Add license notes for libdns.
- + commit d84f5a88233c073a82fd47728574b001343784ee
- * COPYING.other: New.
- * Makefile.am (EXTRA_DIST): Add it.
- * AUTHORS: Add info on libdns.
- * build-aux/speedo/w32/pkg-copyright.txt: Add license terms.
-
- common: Add replacements for error codes from gpg-error 1.26.
- + commit aae68a3ccd3d9870162b3ffd49eae08d5bf1b1e1
-
-
-2016-12-14 Justus Winter <justus@g10code.com>
-
- dirmngr: New libdns snapshot.
- + commit f8ab2c4c70ad15c4b2e45492606fb94ddaccdac7
-
-
- dirmngr: Add basic libdns support.
- + commit f6acd0426453d3a18536ca69d63baa0d971082ef
- * dirmngr/dns.c: New file.
- * dirmngr/dns.h: New file.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
- * dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
- (libdns): New global var for the libdns state.
- (libdns_error_to_gpg_error): New.
- (libdns_init): New.
- (resolve_name_libdns): New.
- (get_dns_cert_libdns): New stub.
- (getsrv_libdns): New stub.
- (get_dns_cname_libdns): New stub.
-
- dirmngr,build: Remove support for ADNS.
- + commit 2e734a3ce159de8fb60df2bd5d454f98ca710717
- * autogen.rc: Remove '--with-adns' argument.
- * configure.ac: Remove check for ADNS.
- * dirmngr/dns-stuff.c: Remove all code that uses ADNS.
- * dirmngr/server.c (cmd_getinfo): Update status line.
- * doc/dirmngr.texi: Do not mention ADNS.
-
-2016-12-14 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Improve ntbtls support.
- + commit 57aa42ce9b28bc17ac24491d595766fbf80762af
- * dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
- (send_request): Call ntbtls_set_transport.
- (cookie_read, cookie_write): Implement.
- (cookie_close): Add initial implementation for ntbtls.
-
-2016-12-13 Justus Winter <justus@g10code.com>
-
- g10,sm: Spell out --passwd.
- + commit c1c35fb887061de05661f3411eda97546e1a52d7
- * g10/gpg.c (opts): Spell out option.
- * sm/gpgsm.c (opts): Likewise.
- * doc/gpg.texi: Update accordingly.
- * doc/gpgsm.texi: Likewise.
-
- g10: Spell out --gen-revoke.
- + commit ec1bd3ae685e95563e38077ab3c1655fd55dea07
- * g10/gpg.c (opts): Spell out option.
- * doc/gpg.texi: Update accordingly.
- * po: Update translations.
-
- g10: Spell out --full-gen-key.
- + commit 09163a6390bd9713f3a7946de739765b30ef6f64
- * g10/gpg.c (opts): Spell out option.
- (main): Likewise.
- * g10/keygen.c (generate_keypair): Likewise.
- * doc/gpg.texi: Update accordingly.
-
- g10,sm: Spell out --gen-key.
- + commit 892c827e72b1396e3b58e2f8869cc48328a2b59c
- * g10/gpg.c (opts): Spell out option.
- * sm/gpgsm.c (opts): Likewise.
- * doc/gpg.texi: Update accordingly.
-
- g10,sm: Spell out --check-sigs.
- + commit 9147737f1c6894f38b855f3cf38cd33122a1ae2a
- * g10/gpg.c (opts): Spell out option.
- * sm/gpgsm.c (opts): Likewise.
- * doc/gpg.texi: Update accordingly.
-
- g10,sm: Spell out --list-sigs.
- + commit a6d6e4afe488bc05ee730e85da6a9505c6cd245a
- * g10/gpg.c (opts): Spell out option.
- * sm/gpgsm.c (opts): Likewise.
- * doc/gpg.texi: Update accordingly.
-
- g10: Hyphenate --clearsign.
- + commit 04754ce3a704b1e6d38cb9a28dacf2821dc3f15f
- * g10/gpg.c (opts): Hyphenate option.
- * doc/gpg.texi: Update accordingly.
- * po: Update translations.
- * tests/openpgp: Update tests.
-
- g10: Spell out --recv-keys.
- + commit ca598152345b40f3a236227dfc63ae04ddf777d7
- * g10/gpg.c (opts): Spell out option.
- * doc/gpg.texi: Update accordingly.
-
- g10: Create expiring keys in quick key generation mode.
- + commit dd3dde07a9a46130ac01d849f8edf0566e44f11f
- * doc/gpg.texi: Document that fact.
- * g10/keygen.c (quick_generate_keypair): Use a default value.
- * tests/openpgp/quick-key-manipulation.scm: Test that fact.
-
- gpgscm: Print failed and skipped tests.
- + commit 429891a704057437517cb0b45d11392b40fa1ee8
- * tests/gpgscm/tests.scm (test-pool::report): Print failed and skipped
- tests at the end.
-
- gpgscm: Generalize the test runner.
- + commit d43dabf4607d3bcfc217eb9aea34d093f5aa698f
- * tests/gpgscm/tests.scm (test::scm) Add explicit name argument.
- (test::binary): Likewise. Also, add missing unquote.
- * tests/openpgp/run-tests.scm: Adapt accordingly.
-
- gpgscm: Move the test runner to the Scheme library.
- + commit 1a176b92a8aad42056ed2c4e1f49a5feb40770cf
- * tests/openpgp/run-tests.scm: Move most of the code...
- * tests/gpgscm/tests.scm: ... here.
-
- tests: Refactor test runner.
- + commit fe36e63763c9c595bb057ac50160d2aff7c7a63f
- * tests/openpgp/run-tests.scm (locate-test): New function.
- (test): Factor-out the code starting the child process.
- (test::binary): New function.
-
- gpgscm: Improve library functions.
- + commit e3876f16eb237bdeb9f79aca2e7db5e9e2d86686
- * tests/gpgscm/tests.scm (absolute-path?): New function.
- (canonical-path): Use the new function.
- * tests/gpgscm/lib.scm (string-split-pln): New function.
- (string-indexp, string-splitp): Likewise.
- (string-splitn): Express using the above function.
- (string-ltrim, string-rtrim): Fix corner case.
- (list->string-reversed): New function.
- (read-line): Fix performance.
-
-2016-12-12 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leak in ecc key generation.
- + commit 98433c70431dfbde99b0e89416856d1eef9ebc88
- * g10/keygen.c (ecckey_from_sexp): Release curve.
-
- gpg: Do not use a fixed string for --gpgconf-list:default_pubkey_algo.
- + commit f1304ee9b21e6ceac6c13d04ceddd23fadb5c7f1
- * g10/keygen.c (get_default_pubkey_algo): New.
- (parse_key_parameter_string): Use it.
- * g10/gpg.c (gpgconf_list): Take value from new function.
-
- gpg: Fix algo string parsing of --quick-addkey.
- + commit 522e6f798db9f3f3a9e0123fdc389a86ac69dedf
- * g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
- (parse_key_parameter_part): Use default key size if only "rsa", "dsa",
- or "elg" is given.
-
-2016-12-09 Justus Winter <justus@g10code.com>
-
- g10: Create keys that expire in simple key generation mode.
- + commit d568a1561642ed9b7b7b6282b86c56786d10a956
- * g10/keygen.c (default_expiration_interval): New variable.
- (generate_keypair): Use the new default.
-
- tests: Add a test for '--quick-addkey'.
- + commit b778d8deedf344c8116362633925b8153c7f1bf1
- * tests/openpgp/quick-key-manipulation.scm: Test '--quick-addkey'.
-
- tests: New test using all available compression algorithms.
- + commit 59f1562c25119a4fe27411e6350f2149d6147148
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/compression.scm: New file.
- * tests/openpgp/defs.scm (all-compression-algos): New variable.
-
- g10: List compression algorithms using human-readable names.
- + commit c8100fc0faadf8ba35e4df32b4760cc975e3a83d
- * g10/gpg.c (list_config): List all enabled compression algorithms
- under the key 'compressname'.
-
- g10: Fix memory leak.
- + commit 3de9bad359e28ced4a2539e411d222ffd82a4a62
- * g10/sign.c (do_sign): Release old signature data.
-
-2016-12-08 Werner Koch <wk@gnupg.org>
-
- common: Skip the Byte Order Mark in conf files.
- + commit 5c7d58222834793629a30248e72b6ea96e832dc4
- * common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM.
-
- Fix 2 compiler warnings.
- + commit cb4c7abb774e2d95806d8b0ec6ea5cd130c1b5b8
- * dirmngr/loadswdb.c: Set ERR on malloc failure.
- * g10/passphrase.c (passphrase_to_dek): Initialize all fields of
- HELP_S2K.
-
- wks: New option --status-fd for gpg-wks-client.
- + commit 4a04277ad112e0966296133795f93cf6a3daa48e
- * tools/wks-util.c: Include status.h.
- (statusfp): New global var.
- (wks_set_status_fd): New func.
- (wks_write_status): New func.
- * tools/gpg-wks-client.c: Include status.h.
- (oStatusFD): New constant.
- (opts): New option --status-fd.
- (parse_arguments): Handle that option.
- (main): Return STATUS_SUCCESS or STATUS_FAILURE.
-
-2016-12-08 Justus Winter <justus@g10code.com>
-
- gpgscm: Better error reporting.
- + commit e7429b1ced0c69fa7901f888f8dc25f00fc346a4
- * tests/gpgscm/ffi.scm: Move the customized exception handling and
- atexit logic...
- * tests/gpgscm/init.scm: ... here.
- (throw): Record the current history.
- (throw'): New function that is history-aware.
- (rethrow): New function.
- (*error-hook*): Use the new throw'.
- * tests/gpgscm/main.c (load): Fix error handling.
- (main): Save and use the 'sc->retcode' as exit code.
- * tests/gpgscm/repl.scm (repl): Print call history.
- * tests/gpgscm/scheme.c (_Error_1): Make a snapshot of the history,
- use it to provide a accurate location of the expression causing the
- error at runtime, and hand the history trace to the '*error-hook*'.
- (opexe_5): Tag all lists at parse time with the current location.
- * tests/gpgscm/tests.scm: Update calls to 'throw', use 'rethrow'.
-
- gpgscm: Keep a history of calls for error messages.
- + commit 404e8a4136bbbab39df7dd5119841e131998cc15
- * tests/gpgscm/init.scm (vm-history-print): New function.
- * tests/gpgscm/opdefines.h: New opcodes 'CALLSTACK_POP', 'APPLY_CODE',
- and 'VM_HISTORY'.
- * tests/gpgscm/scheme-private.h (struct history): New definition.
- (struct scheme): New field 'history'.
- * tests/gpgscm/scheme.c (gc): Mark objects in the history.
- (history_free): New function.
- (history_init): Likewise.
- (history_mark): Likewise.
- (add_mod): New macro.
- (sub_mod): Likewise.
- (tailstack_clear): New function.
- (callstack_pop): Likewise.
- (callstack_push): Likewise.
- (tailstack_push): Likewise.
- (tailstack_flatten): Likewise.
- (callstack_flatten): Likewise.
- (history_flatten): Likewise.
- (opexe_0): New variable 'callsite', keep track of the expression if it
- is a call, implement the new opcodes, record function applications in
- the history.
- (opexe_6): Implement new opcode.
- (scheme_init_custom_alloc): Initialize history.
- (scheme_deinit): Free history.
- * tests/gpgscm/scheme.h (USE_HISTORY): New macro.
-
- gpgscm: Add flag TAIL_CONTEXT.
- + commit 01256694f006405c54bc2adef63ef0c8f07da9ee
- * tests/gpgscm/scheme.c (S_FLAG_TAIL_CONTEXT): New macro. This flag
- indicates that the interpreter is evaluating an expression in a tail
- context (see R5RS, section 3.5).
- (opexe_0): Clear and set the flag according to the rules layed out in
- R5RS, section 3.5.
- (opexe_1): Likewise.
-
- gpgscm: Add flags to the interpreter.
- + commit a4a69163d9d7e4d9f3339eb5cda0afb947180b26
- * tests/gpgscm/scheme-private.h (struct scheme): Add field 'flags'.
- * tests/gpgscm/scheme.c (S_OP_MASK): New macro.
- (S_FLAG_MASK, s_set_flag, s_clear_flag, s_get_flag): Likewise.
- (_s_return): Unpack the encoded opcode and flags.
- (s_save): Encode the flags along with the opcode. Use normal
- integers to encode the result.
- (scheme_init_custom_alloc): Initialize 'op' and 'flags'.
-
- gpgscm: Implement tags.
- + commit fcf5aea44627def43425d03881e20902e7c0331e
- * tests/gpgscm/opdefines.h: Add opcodes to create and retrieve tags.
- * tests/gpgscm/scheme.c (T_TAGGED): New macro.
- (mk_tagged_value): New function.
- (has_tag): Likewise.
- (get_tag): Likewise.
- (mark): Mark tag.
- (opexe_4): Implement new opcodes.
- * tests/gpgscm/scheme.h (USE_TAGS): New macro.
-
-2016-12-08 Werner Koch <wk@gnupg.org>
-
- gpg: Fix the fix out-of-bounds access.
- + commit a75790b74095828f967c012eff7033f570d93077
- * g10/tofu.c (build_conflict_set): Revert to int* and fix calloc.
-
- wks: New option --check for gpg-wks-client.
- + commit d8c5e8ccfdb53cc327f7520fc7badc31d0c9c666
- * tools/call-dirmngr.c (wkd_get_key): New.
- * tools/gpg-wks-client.c (aCheck): New constant.
- (opts): New option "--check".
- (main): Call command_check.
- (command_check): New.
-
- tools: Move a function from gpg-wks-server to wks-util.c.
- + commit c3138decd77d788906885b638b344d0d1faf32c0
- * tools/gpg-wks-server.c (list_key_status_cb): Remove.
- (list_key): Move to ...
- * tools/wks-util.c (wks_list_key): here and rename. Add new args
- R_FPR and R_MBOXES and remove the CTX.
- (list_key_status_cb): New.
- * tools/wks-util.c: Include ccparray.h, exectool.h, and mbox-util.h.
- * tools/gpg-wks-server.c (process_new_key): Replace list_key by
- wks_list_key.
- (check_and_publish): Ditto.
-
-2016-12-08 Justus Winter <justus@g10code.com>
-
- gpgscm: Generalize 'for-each-p'.
- + commit a2bedc8ac6fcdcd1de0a9fa3d540006481387dff
- * tests/gpgscm/tests.scm (for-each-p): Generalize to N lists like
- for-each.
- (for-each-p'): Likewise.
-
- g10: Fix out-of-bounds access.
- + commit 3b5b94ceab7c0ed9501c5cf54b4efa17fcd7300a
- * g10/tofu.c (build_conflict_set): Use 'char'.
-
-2016-12-08 Werner Koch <wk@gnupg.org>
-
- tools: Fix use of uninitialized var in mime-maker.
- + commit dd03667ab1062bba3b9413c3f8007d63302d1b31
- * tools/mime-maker.c (ensure_part): Make sure to set R_PARENT on
- error.
- (add_missing_headers): Ensure that ERR is set on success.
-
- * tools/wks-util.c (wks_parse_policy): Fix indentation.
-
- tools: Fix memleak in gpgconf.
- + commit b265969154741bf9f93167699fe7ddda1d485265
- * tools/gpgconf.c (main): Free SOCKETDIR.
-
- gpg: Fix portability problem.
- + commit c3008bffac68b6f31e9ae9bad837cdce5de7c0db
- * g10/tofu.c (build_conflict_set): Replace variable dynamic array.
-
-2016-12-07 Justus Winter <justus@g10code.com>
-
- tests: Add test for '--quick-set-expire'.
- + commit dec2ae31a46a0f41886c7ad228865cc573f2dea9
- * tests/openpgp/quick-key-manipulation.scm: Test '--quick-set-expire'.
-
- tests: Improve quick key manipulation test.
- + commit 92df40a3a2ae471fbba00d6d7040230404931fd4
- * tests/openpgp/quick-key-manipulation.scm: Do not update the trust
- database, rather be more specific when filtering the user ids.
-
-2016-12-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: Respect --enable-large-secmem.
- + commit 8636ad5023a1bdc527add40a5508f8c5b7c35221
- * agent/gpg-agent.c (main): Initialize secmem to the configured buffer
- size.
-
-2016-12-06 Justus Winter <justus@g10code.com>
-
- tests: Add test importing a revocation certificate.
- + commit e352ead43fbb0180e1f1c71bf1a000d1954eb777
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/import-revocation-certificate.scm: New file.
- * tests/openpgp/samplemsgs/revoke-2D727CC768697734.asc: Likewise.
-
- tests: Rename 'error' to 'fail'.
- + commit 5b5d881f47c82f320abf440c20b7a1bac078a987
- * tests/gpgscm/tests.scm (error): Rename to 'fail'. 'error' is a
- primitive function (an opcode) of the TinySCHEME vm, and 'error' is
- also defined by R6RS. Better avoid redefining that. Fix all call
- sites.
- * tests/openpgp/4gb-packet.scm: Adapt.
- * tests/openpgp/decrypt-multifile.scm: Likewise.
- * tests/openpgp/ecc.scm: Likewise.
- * tests/openpgp/export.scm: Likewise.
- * tests/openpgp/gpgtar.scm: Likewise.
- * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
- * tests/openpgp/import.scm: Likewise.
- * tests/openpgp/issue2015.scm: Likewise.
- * tests/openpgp/issue2346.scm: Likewise.
- * tests/openpgp/issue2419.scm: Likewise.
- * tests/openpgp/key-selection.scm: Likewise.
- * tests/openpgp/mds.scm: Likewise.
- * tests/openpgp/multisig.scm: Likewise.
- * tests/openpgp/setup.scm: Likewise.
- * tests/openpgp/signencrypt.scm: Likewise.
- * tests/openpgp/ssh-import.scm: Likewise.
- * tests/openpgp/tofu.scm: Likewise.
- * tests/openpgp/verify.scm: Likewise.
-
- tests: Remove debugging display.
- + commit 89ac071eb4c7539e98c7dc17e11f57c620b54e90
- * tests/openpgp/tofu.scm: Remove debugging display.
-
-2016-12-06 Neal H. Walfield <neal@g10code.com>
-
- tests: Update distributed files.
- + commit 87972fdef2cd853fb97624d0765686674a19e3c4
- * tests/openpgp/Makefile.am (TEST_FILES): Remove tofu-keys.asc,
- tofu-keys-secret.asc, tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and
- tofu-EE37CF96-1.txt. Add tofu/conflicting/1C005AF3.gpg,
- tofu/conflicting/1C005AF3-secret.gpg, tofu/conflicting/1C005AF3-1.txt,
- tofu/conflicting/1C005AF3-2.txt, tofu/conflicting/1C005AF3-3.txt,
- tofu/conflicting/1C005AF3-4.txt, tofu/conflicting/1C005AF3-5.txt,
- tofu/conflicting/B662E42F.gpg, tofu/conflicting/B662E42F-secret.gpg,
- tofu/conflicting/B662E42F-1.txt, tofu/conflicting/B662E42F-2.txt,
- tofu/conflicting/B662E42F-3.txt, tofu/conflicting/B662E42F-4.txt,
- tofu/conflicting/B662E42F-5.txt, tofu/conflicting/BE04EB2B.gpg,
- tofu/conflicting/BE04EB2B-secret.gpg, tofu/conflicting/BE04EB2B-1.txt,
- tofu/conflicting/BE04EB2B-2.txt, tofu/conflicting/BE04EB2B-3.txt,
- tofu/conflicting/BE04EB2B-4.txt, tofu/conflicting/BE04EB2B-5.txt and
- tofu/conflicting/README.
-
- doc: Improve the text in the gpg manual.
- + commit 7572d270fcda1614648c6f08d711d5096ffebbe6
- * doc/gpg.texi: Improve the text.
-
- g10: Avoid a memory leak.
- + commit 6102099985c1b82b6c0bba0464c1f913cc673e96
- * g10/gpg.c (main): Free KB when we're done with it.
-
- tests: Change (interactive-shell) to start an interactive shell.
- + commit db6d8cfdc118131f497596ef1ffc121949377754
- * tests/gpgscm/tests.scm (interactive-shell): Start an interactive
- shell.
-
- tests: Check the signature count in the TOFU TFS record.
- + commit 17c717d7c92d9a52101fea7e396fc133322a8786
- * tests/openpgp/tofu.scm: Check the signature count in the TOFU TFS
- record.
-
- tests: Replace data used by the TOFU conflict test.
- + commit d5b18d6c55d65e8df2dd112651e3b9b3d9e6e27a
- * tests/openpgp/tofu-2183839A-1.txt: Remove file.
- * tests/openpgp/tofu-BC15C85A-1.txt: Remove file.
- * tests/openpgp/tofu-EE37CF96-1.txt: Remove file.
- * tests/openpgp/tofu-keys-secret.asc: Remove file.
- * tests/openpgp/tofu-keys.asc: Remove file.
- * tests/openpgp/tofu/conflicting/1C005AF3.gpg: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-secret.gpg: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-1.txt: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-2.txt: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-3.txt: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-4.txt: New file.
- * tests/openpgp/tofu/conflicting/1C005AF3-5.txt: New file.
- * tests/openpgp/tofu/conflicting/B662E42F.gpg: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-secret.gpg: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-1.txt: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-2.txt: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-3.txt: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-4.txt: New file.
- * tests/openpgp/tofu/conflicting/B662E42F-5.txt: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B.gpg: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-secret.gpg: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-1.txt: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-2.txt: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-3.txt: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-4.txt: New file.
- * tests/openpgp/tofu/conflicting/BE04EB2B-5.txt: New file.
- * tests/openpgp/tofu/conflicting/README: New file.
- * tests/openpgp/tofu.scm: Update accordingly.
-
- g10: Remove dead code.
- + commit bd9ebe1404c1395edd0e029023a9e780c90f6d73
- * g10/tofu.c (tofu_set_policy_by_keyid): Remove function.
-
-2016-12-05 Werner Koch <wk@gnupg.org>
-
- gpg: New option --quick-set-expire.
- + commit 41b3d0975de65d1654f5e37c626d7c9b7c9a7a4d
- * g10/gpg.c (aQuickSetExpire): New.
- (opts): New option --quick-set-expire.
- (main): Implement option.
- * g10/keyedit.c (menu_expire): Add args FORCE_MAINKEY and
- NEWEXPIRATION. Change semantics of the return value. Change caller.
- (keyedit_quick_set_expire): New.
-
-2016-12-05 Justus Winter <justus@g10code.com>
-
- tests: New test for '--enarmor' and '--dearmor'.
- + commit fae4d06b0ccaa9803e0c0da56c327b0bcfffcac5
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/enarmor.scm: New file.
-
-2016-12-03 Werner Koch <wk@gnupg.org>
-
- gpg: Fix error code arg in ERRSIG status line.
- + commit ef10c348bffc7dad19e1832bebc453755d209420
- * g10/mainproc.c (check_sig_and_print): Use gpg_err_code to return an
- error code in ERRSIG.
-
-2016-12-02 Werner Koch <wk@gnupg.org>
-
- gpg: New option --default-new-key-algo.
- + commit ce29272e24e7b718b8fca9b84bc728e65f3dea24
- * common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
- R_ALGO and change all callers.
- * common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
- * g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
- * g10/gpg.c (oDefaultNewKeyAlgo): New enum.
- (opts): New option "--default-new-key-algo".
- (main): Set the option.
- * g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
- them by ...
- (DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
- (get_keysize_range): Remove arg R_DEF and return that value instead.
- Change all callers.
- (gen_rsa): Use get_keysize_range instead of the removed
- DEFAULT_STD_KEYSIZE.
- (parse_key_parameter_part): New function.
- (parse_key_parameter_string): New function.
- (quick_generate_keypair): Refactor using parse_key_parameter_string.
- (generate_keypair): Ditto.
- (parse_algo_usage_expire): Ditto.
-
-2016-12-02 Neal H. Walfield <neal@g10code.com>
-
- g10: Improve debugging output.
- + commit cd532bb7b866e104304e2443cc942799c385daa5
- * g10/tofu.c (string_to_long): Improve debugging output.
- (string_to_ulong): Likewise.
-
-2016-12-01 Neal H. Walfield <neal@g10code.com>
-
- g10: In the TOFU module, make strings easier to translate.
- + commit bd1a1d8582abcfd7f29812942fa70f88d0aec7cf
- * g10/tofu.c: Remove dead code.
- (time_ago_str): Simplify implementation since we only want the most
- significant unit.
- (format_conflict_msg_part1): Use ngettext.
- (ask_about_binding): Likewise and only emit full sentences.
- (show_statistics): Likewise.
-
-2016-12-01 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add option --standard-resolver.
- + commit 304566d3327ef0a85188cce3109d46d5ff47177a
- * dirmngr/dirmngr.c (oStandardResolver): New constant.
- (opts): New option --standard-resolver.
- (parse_rereadable_options): Set option.
- * dirmngr/dns-stuff.c: Refactor all code to support the new option.
- (standard_resolver): New var.
- (enable_standard_resolver, standard_resolver_p): New func.
- * dirmngr/http.c (connect_server): Remove USE_DNS_SRV build
- conditional.
- * dirmngr/ks-engine-hkp.c (map_host): Ditto.
- * dirmngr/server.c (cmd_getinfo) <dnsinfo>: Take care of new option
- * configure.ac (HAVE_ADNS_IF_TORMODE): Remove var ADNSLIB. ac_define
- USE_ADNS in the adns checking code. Remove options --disable-dns-srv
- and --disable-dns-cert. Always look for the system resolver. Print
- warning if no system resolver was found.
- (USE_DNS_CERT, USE_DNS_SRV): Remove ac_defines.
- (HAVE_SYSTEM_RESOLVER): New ac_define.
- (USE_DNS_SRV): Remove am_conditional; not used anyway.
-
- gpg: Let only Dirmngr decide whether CERT is supported.
- + commit 86efc3ee53abaf1e22b53c1b360c51829e476115
- * g10/getkey.c (parse_auto_key_locate): Do not build parts depending
- on USE_DNS_CERT.
-
-2016-12-01 Justus Winter <justus@g10code.com>
-
- tests,build: Fix distcheck.
- + commit fbdfe6a514a95fb46f2b811a13709024e2baf252
- * tests/openpgp/Makefile.am (sample_msgs): Add messages required for
- the new test 'verify-multifile.scm'.
-
- tests: Add test for '--verify --multifile'.
- + commit 12af8e84a32df728462da09a00a8bec24a487720
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/verify-multifile.scm: New file.
-
-2016-11-30 Justus Winter <justus@g10code.com>
-
- tests: Add test for '--encrypt --multifile'.
- + commit 3c0569e99498c7470ebdb639b4c5ae829af92761
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/encrypt-multifile.scm: New file.
-
-2016-11-29 Werner Koch <wk@gnupg.org>
-
- agent,dirmngr: Tiny restructuring.
- + commit aa6ab9e0bc67fe9ce5601047e84ea4a875e8eb64
- * agent/gpg-agent.c (handle_connections): Add a comment.
- * dirmngr/dirmngr.c (main): Move assuan_sock_close of the listening
- socket to ...
- (handle_connections): here. Add a comment why we keep the
- listening socket open during a shutdown.
-
- agent,dirmngr: Handle corner case in shutdown mode.
- + commit 854adc8ae19749e44cb79dfa0c5401f48012b13a
- * agent/gpg-agent.c (handle_connections): Keep on selecting on the
- inotify fd even when a shutdown is pending.
- * dirmngr/dirmngr.c (handle_connections): Ditto. Also simplifyy the
- use of the HAVE_INOTIFY_INIT cpp conditional.
-
- gpgsm: Allow decryption with a card returning a PKCS#1 stripped key.
- + commit 8489b12211098ad58c008cfb74b5cb91849cf68d
- * sm/decrypt.c (prepare_decryption): Handle a 16 byte session key.
-
- agent,w32: Initialize nPth in server mode.
- + commit 81d6e98cdf4caa3aa92398fc3b8bed397b40f58d
- * agent/gpg-agent.c (main) [W32]: Call initialize_modules in server
- mode.
-
- gpg: Make --decrypt with output '-&nnnn' work.
- + commit a5910e00ace882b8a17169faf4607163ab454af9
- * g10/plaintext.c (get_output_file): Check and open special filename
- before falling back to stdout.
-
- gpg,sm: Merge the two versions of check_special_filename.
- + commit 60b4982836a00ef6b2a97d16f735b3f6b74dce62
- * sm/gpgsm.c (check_special_filename): Move to ..
- * common/sysutils.c (check_special_filename): here. Add arg
- NOTRANSLATE.
- (allow_special_filenames): New local var.
- (enable_special_filenames): New public functions.
- * sm/gpgsm.c (allow_special_filenames): Remove var.
- (main): Call enable_special_filenames instead of setting the var.
- (open_read, open_es_fread, open_es_fwrite): Call
- check_special_filename with 0 for NOTRANSLATE.
- * common/iobuf.c (special_names_enabled): Remove var.
- (iobuf_enable_special_filenames): Remove func.
- (check_special_filename): Remove func.
- (iobuf_is_pipe_filename): Call new version of the function with
- NOTRANSLATE set.
- (do_open): Ditto.
- * g10/gpg.c (main): Call enable_special_filenames instead of
- iobuf_enable_special_filenames.
- * g10/gpgv.c (main): Ditto.
-
-2016-11-29 Justus Winter <justus@g10code.com>
-
- g10: Fix memory leak.
- + commit 52385a2ba1bf7e53f500ffde5fd34f28e69cf76b
- * g10/decrypt.c (decrypt_messages): Properly decrease the reference
- count of the armor filters after pushing them.
-
- tools,build: Build WKS tools against libintl.
- + commit 9fb5e9c14557f7567cbc7c50b9881b7d7bfa2f12
- * tools/Makefile.am (gpg_wks_server_LDADD): Link against libintl.
- (gpg_wks_client_LDADD): Likewise.
-
-2016-11-29 Neal H. Walfield <neal@g10code.com>
-
- Improve some comments.
- + commit 522f74f7e377135cf098b6b0b9b35284c1dfc963
-
-
- g10: Extend TOFU_STATS to always show the validity.
- + commit 2f27cb12e30c9f6e780354eecc3ff0039ed52c63
- * doc/DETAILS (TOFU_STATS): Rename the VALIDITY field to SUMMARY. Add
- a new field called VALIDITY.
- * g10/tofu.c (write_stats_status): Update output accordingly.
-
-2016-11-29 Justus Winter <justus@g10code.com>
-
- tests: Add test for '--decrypt --multifile'.
- + commit bde4fddadc75ad6071e3fc6c0980905de14c03cb
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/decrypt-multifile.scm: New file.
-
- gpgscm: Avoid truncating pointers.
- + commit e062bc4da8062b822ee85096d9adfcbca8dcb56a
- * tests/gpgscm/scheme.c (_alloc_cellseg): Avoid truncating pointers on
- systems where sizeof(unsigned long) < sizeof(void *).
-
-2016-11-29 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: Lazily launch ldap reaper thread.
- + commit f6728d13e8e544dbd4b9351ed981613e5504293f
- * dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
- Before we need it.
- * dirmngr/ldap-wrapper.c (ldap_wrapper): Call
- ldap_wrapper_launch_thread() just in time (before any attempt to use
- an ldap subprocess).
-
-2016-11-29 Werner Koch <wk@gnupg.org>
-
- build: Remove more keywords from the generated ChangeLog.
- + commit ecc126a7cef371e3b88e65715ba37fb77e92ea0f
- * build-aux/gitlog-to-changelog (parse_amend_file): Generalize keyword
- removal.
-
-2016-11-28 Justus Winter <justus@g10code.com>
-
- tests: Add test for the ssh key export.
- + commit 47b8b9e2ce5af7fba117ae0b00e10bec414dcfb0
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- (sample_keys): Add new files.
- * tests/openpgp/samplekeys/authenticate-only.pub.asc: New file.
- * tests/openpgp/samplekeys/authenticate-only.sec.asc: Likewise.
- * tests/openpgp/ssh-export.scm: Likewise.
-
- g10: Fix iteration over getkey results.
- + commit 4db9a425644dccaf81b51ebc97b32a9cc21941a4
- * g10/getkey.c (getkey_next): Only ask 'lookup' for the exact match if
- our caller requested the key. Fixes a crash in 'lookup'.
-
- tests: Rename ssh test.
- + commit cc1d21342659a7def5d662d0547579f9e0d3b109
- * tests/openpgp/ssh.scm: Rename to 'ssh-import.scm'.
- * tests/openpgp/Makefile (XTESTS): Likewise.
-
-2016-11-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support OpenPGP card V3 for RSA.
- + commit b89e63e5c326af71470124b410e6429cbd2b5c43
- * scd/app-openpgp.c (struct app_local_s): Remove max_cmd_data and
- max_rsp_data fields as Extended Capabilities bits are different.
- (get_cached_data) Use extcap.max_certlen_3.
- (get_one_do): Don't use exmode=1.
- (determine_rsa_response): New.
- (get_public_key, do_genkey): Call determine_rsa_response.
- (do_sign): Use keyattr[0].rsa.n_bits / 8, instead of max_rsp_data.
- (do_auth): Use keyattr[2].rsa.n_bits / 8, instead of max_rsp_data.
- (do_decipher): Likewise with Use keyattr[1].rsa.n_bits / 8.
- (show_caps): Remove max_cmd_data and max_rsp_data.
- (app_select_openpgp): Likewise.
-
-2016-11-23 Justus Winter <justus@g10code.com>
-
- gpgscm: Make 'reverse' compatible with 'reverse_in_place'.
- + commit 005d326d19ba28005182205f25edc4f7499ec0b5
- * tests/gpgscm/scheme.c (reverse): Update prototype, add terminator
- argument.
- (opexe_4): Update callsite.
-
- gpgscm: Clean sweeped cells.
- + commit 3fb9954c43425775a517060959dad01fa00238f7
- * tests/gpgscm/scheme.c (gc): Zero typeflag and car of free cells.
-
- gpgscm: Fix initialization of 'sink'.
- + commit 7856e3efaad7614979bc0b91379a0a4dcbc739d5
- * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Also initialize
- cdr.
-
-2016-11-23 Neal H. Walfield <neal@g10code.com>
-
- g10: Avoid gratuitously loading a keyblock when it is already available.
- + commit 03a65a53231cc3132a50a1871e81a512c44da169
- * g10/trust.c (get_validity): Add new, optional parameter KB. Only
- load the keyblock if KB is NULL. Update callers.
- (get_validity): Likewise.
- * g10/trustdb.c (tdb_get_validity_core): Likewise.
-
-2016-11-22 Neal H. Walfield <neal@g10code.com>
-
- g10: Use es_fopen instead of open.
- + commit bfeafe2d3f9bbaa7f11f3ad870a446141c038b0d
- * g10/tofu.c: Don't include <utime.h>, <fcntl.h> or <unistd.h>.
- (busy_handler): Replace use of open with es_fopen.
-
- g10: If the set of UTKs changes, invalidate any changed policies.
- + commit 44c17bcb003a3330f595a6ab144e8439b7b630cb
- * g10/trustdb.c (tdb_utks): New function.
- * g10/tofu.c (check_utks): New function.
- (initdb): Call it.
- * tests/openpgp/tofu.scm: Modify test to check the effective policy of
- keys whose effective policy changes when we change the set of UTKs.
-
-2016-11-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix receive buffer size.
- + commit 5c2db9dedfe9dbb14ffec24751ca23a69cead94e
- * scd/apdu.c (send_le): Fix the size, adding two for status
- bytes to Le.
-
-2016-11-22 Justus Winter <justus@g10code.com>
-
- gpgscm: Refactor.
- + commit a3b258d1d15953816e0567511ecc527a4ccdd626
- * tests/gpgscm/scheme.c (opexe_0): Reduce code duplication.
-
- gpgscm: Fix property lists.
- + commit d8df80427238cdbb9ae0f6dae8bc7e9c24f6e265
- * tests/gpgscm/opdefines.h (put, get): Check arguments. Also rename
- to 'set-symbol-property' and 'symbol-property', the names used by
- Guile, because put and get are too unspecific.
- * tests/gpgscm/scheme.c (hasprop): Only symbols have property lists.
- (get_property): New function.
- (set_property): Likewise.
- (opexe_4): Use the new functions.
-
- gpgscm: Fix installation of error handler.
- + commit 7b4e2ea274ace22245264f1759279390d0300a62
- * tests/gpgscm/ffi.scm: Set '*error-hook*' again so that the
- interpreter will use our function.
-
- gpgscm: Use a static pool of cells for small integers.
- + commit 66834eb838a8892d088f6b7332084a64d9f15008
- * tests/gpgscm/scheme-private.h (struct scheme): New fields for the
- static integer cells.
- * tests/gpgscm/scheme.c (_alloc_cellseg): New function.
- (alloc_cellseg): Use the new function.
- (MAX_SMALL_INTEGER): New macro.
- (initialize_small_integers): New function.
- (mk_small_integer): Likewise.
- (mk_integer): Return a small integer if possible.
- (_s_return): Do not free 'op' if it is a small integer.
- (s_save): Use a small integer to box the opcode.
- (scheme_init_custom_alloc): Initialize small integers.
- (scheme_deinit): Free chunk of small integers.
- * tests/gpgscm/scheme.h (USE_SMALL_INTEGERS): New macro.
-
- tests: Delay querying the avaliable algorithms.
- + commit 893a3f7fb46021961914a8acdf1292a80e3eba93
- * tests/openpgp/defs.scm: Set verbosity earlier, turn 'all-*-algos'
- into promises.
- * tests/openpgp/conventional-mdc.scm: Force the promises.
- * tests/openpgp/conventional.scm: Likewise.
- * tests/openpgp/encrypt-dsa.scm: Likewise.
- * tests/openpgp/encrypt.scm: Likewise.
- * tests/openpgp/gpgtar.scm: Likewise.
- * tests/openpgp/sigs.scm: Likewise.
-
- g10: Fix memory leak.
- + commit 6ce14a805f1da687dfb8535db57730d5c7403db7
- * g10/tofu.c (tofu_notice_key_changed): Remove spurious duplicate call
- to 'hexfingerprint'.
-
-2016-11-21 Neal H. Walfield <neal@g10code.com>
-
- g10: Cache the effective policy. Recompute it when required.
- + commit 037f9de09298a31026ea2ab5fbd4a599b11cc34f
- * g10/tofu.c (initdb): Add column effective_policy to the bindings
- table.
- (record_binding): New parameters effective_policy and set_conflict.
- Save the effective policy. If SET_CONFLICT is set, then set conflict
- according to CONFLICT. Otherwise, preserve the current value of
- conflict. Update callers.
- (get_trust): Don't compute the effective policy here...
- (get_policy): ... do it here, if it was not cached. Take new
- parameters, PK, the public key, and NOW, the time that the operation
- started. Update callers.
- (show_statistics): New parameter PK. Pass it to get_policy. Update
- callers.
- (tofu_notice_key_changed): New function.
- * g10/gpgv.c (tofu_notice_key_changed): New stub.
- * g10/import.c (import_revoke_cert): Take additional argument CTRL.
- Pass it to keydb_update_keyblock.
- * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL.
- Update callers.
- [USE_TOFU]: Call tofu_notice_key_changed.
- * g10/test-stubs.c (tofu_notice_key_changed): New stub.
- * tests/openpgp/tofu.scm: Assume that manually setting a binding's
- policy to auto does not cause the tofu engine to forget about any
- conflict.
-
- g10: Correctly parameterize ngettext.
- + commit 182efc5b5d20ac0d43501a22f349a23dc06a27a4
- * g10/tofu.c (ask_about_binding): Correctly parameterize ngettext.
-
- g10: Don't use the same variable for multiple SQL compiled statements.
- + commit 7142b293c870d73ce0146bfb90e6a556e0079650
- * g10/tofu.c (struct tofu_dbs_s): Remove unused field
- record_binding_update2. Replace register_insert with
- register_signature and register_encryption.
- (tofu_register_signature): Don't use dbs->s.register_insert, but
- dbs->s.register_signature.
- (tofu_register_encryption): Don't use dbs->s.register_insert, but
- dbs->s.register_encryption.
-
- g10: Add a convenience function for checking if a key is a primary key.
- + commit 91a0483c5db8ee4510981448a705981ee1cce199
- * g10/keydb.h (pk_is_primary): New function.
- * g10/tofu.c (get_trust): Use it.
- (tofu_register_signature): Likewise.
- (tofu_register_encryption): Likewise.
- (tofu_set_policy): Likewise.
- (tofu_get_policy): Likewise.
-
-2016-11-21 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: Ship example gpg-agent-browser.socket in examples/systemd-user/.
- + commit 0540cfbee455b197edd89b602a4b47ebf0be8588
- * doc/Makefile.am: Ship gpg-agent-browser.socket alongside the other
- systemd user service example files.
-
-2016-11-21 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix npth + daemon mode problem.
- + commit 9a707a223a3d45ccf245dee7989ca144e4e6bb49
- * agent/gpg-agent.c (main): Remove duplicated initialization in daemon
- mode.
-
-2016-11-18 Werner Koch <wk@gnupg.org>
-
- Release 2.1.16.
- + commit 0a641ad25d8c3b91dc32bb9f3f1ae49ae539a4f7
-
-
-2016-11-18 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 11aaa9c6d4ed3e47de45b4aee925ab1065120988
-
-
-2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix flags to open for lock of ToFU.
- + commit 1c0b140cccfb884c6d07785c3284b9df06dccd3c
- * g10/tofu.c (busy_handler): Fix the flags and utime is not needed.
-
-2016-11-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use a longer timer tick interval.
- + commit 833eef974ad4721b9b3e247bae9c890476a936ce
- * dirmngr/dirmngr.c (TIMERTICK_INTERVAL): Always use 60 seconds like
- we did for WindowsCE.
-
-2016-11-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: More w32 system daemon cleanup.
- + commit b3a917201207898059c048dd101344765201b03c
- * dirmngr/dirmngr.c (handle_tick): Remove w32 tests for
- shutdown_pending; no longer needed.
-
-2016-11-18 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix creating a lock for ToFU.
- + commit b2e1b17efa952afcf7aeec8b15e9d0088dba587a
- * g10/tofu.c (busy_handler): Add third argument which is mandatory for
- O_CREATE flag.
-
- scd: Don't limit to ST-2xxx for PC/SC.
- + commit b6066ab18a67195817babaf9eccf896c2b3c7b0e
- * scd/apdu.c (pcsc_vendor_specific_init): Only check vender ID.
-
-2016-11-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: Use a default keyserver if none is explicitly set.
- + commit 8fb482252436b3b4b0b33663d95d1d17188ad1d9
- * configure.ac: Define DIRMNGR_DEFAULT_KEYSERVER.
- * dirmngr/server.c (ensure_keyserver): Use it if no keyservers are set.
- * doc/dirmngr.texi: Document this behavior.
-
- dirmngr: Add system CAs if no hkp-cacert is given.
- + commit 7c1613d41566f7d8db116790087de323621205fe
- * dirmngr/dirmngr.c (http_session_new): If the user isn't talking to
- the HKPS pool, and they have not specified any hkp-cacert, then we
- should default to the system CAs, rather than nothing.
- * doc/dirmngr.texi: Document choice of CAs.
-
- dirmngr: Register hkp-cacert even if the file doesn't exist yet.
- + commit c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c
- * dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
- an argument for hkp-cacert into an absolute filename, terminate
- completely.
- * dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
- immediately accessible, but register it anyway.
-
-2016-11-17 Justus Winter <justus@g10code.com>
-
- gpgscm: Re-enable the garbage collector in case of errors.
- + commit 4f189325a409bb08f7a8eabfac3f4579288cf5c5
- * tests/gpgscm/scheme.c (opexe_0): Enable gc before calling 'Error_1'.
-
- gpgscm: Fix string.
- + commit fc53a4d06eaf891143ab4efec9caffe31ebc2bc0
- * tests/gpgscm/scheme.c (type_to_string): Fix string.
-
-2016-11-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Auto-sownload the swdb.lst.
- + commit bd91f92ace09263e3a91177f2a1644379baeb08a
- * dirmngr/dirmngr.h (struct opt): Add field allow_version_check.
- * dirmngr/dirmngr.c (oAllowVersionCheck): New.
- (opts): Add --allow-version-check.
- (network_activity_seen): New variable.
- (parse_rereadable_options): Set opt.allow_version_check.
- (main) <aGPGConfList>: Do not anymore set the no change flag for
- Windows. Add allow-version-check.
- (netactivity_action): Set network_activity_seen.
- (housekeeping_thread): Call dirmngr_load_swdb.
- * tools/gpgconf-comp.c (gc_options_dirmngr): Add allow-version-check.
- Make "use-tor" available at Basic level.
-
- dirmngr: Improve downloading of swdb.lst.
- + commit c45ca316a54665915ae08399484db271566db7c0
- * dirmngr/loadswdb.c (time_of_saved_swdb): Aslo return the "verified"
- timestamp.
- (dirmngr_load_swdb): Avoid unnecessary disk or network access witout
- FORCE. Do not update swdb.lst if it did not change.
-
- gpgconf: Change the displayed names of the components.
- + commit d8da5bc50b856db3445435780311c9f8e52a5144
-
-
-2016-11-16 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add command to only load the swdb.
- + commit 52c10a280af6ce06eb1732ff35b095f2b8d24b9f
- * dirmngr/loadswdb.c: New.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add that file.
- * dirmngr/server.c: Remove includes cpparray.h and exectool.h.
- (cmd_loadswdb): New.
- (parse_version_number,parse_version_string): Remove.
- (my_mktmpdir, cmp_version): Remove.
- (fetch_into_tmpdir): Remove.
- (struct verify_swdb_parm_s): Remove.
- (verify_swdb_status_cb): Remove.
- (cmd_versioncheck): Remove.
- (register_commands): Register LOADSWDB. Remove VERSIONCHECK.
-
- scd,dirmngr: Keep the standard fds when daemonizing.
- + commit 4839e6d002a8ad1f7d3260792c3c9641e258f342
- * dirmngr/dirmngr.c (main): Before calling setsid do not close the
- standard fds but connect them to /dev/null.
- * scd/scdaemon.c (main): Ditto. Noet that the old test for a log
- stream was even reverted.
-
- common: Rename keybox_file_rename to gnupg_rename_file.
- + commit c4506a3f15bba5d257cb4c6738800c5e00ecc9a2
- * kbx/keybox-util.c (keybox_file_rename): Rename to ...
- * common/sysutils.c (gnupg_rename_file): this. Change all callers.
-
- wks: Always build gpg-wks-client.
- + commit c564790df723beef031d83802bd7830737bd330a
- * tools/Makefile.am (gpg_wks_client): Remove macro.
- (libexec_PROGRAMS): Add gpg-wks-client.
-
- gpg: New option --override-session-key-fd.
- + commit 43bfaf2c5417ede621c0a07721952ea549a7a139
- * g10/gpg.c (oOverrideSessionKeyFD): New.
- (opts): Add option --override-session-key-fd.
- (main): Handle that option.
- (read_sessionkey_from_fd): New.
-
-2016-11-15 Werner Koch <wk@gnupg.org>
-
- gpgv: New option --enable-special-filenames.
- + commit 500e594c2da530e69a63fc1a40d173458682fa0e
- * g10/gpgv.c (oEnableSpecialFilenames): New.
- (opts): Add option --enable-special-filenames.
- (main): Implement that option.
-
- gpg: Add new compliance mode "de-vs".
- + commit b47603a0ac24902c5bb000f8ef27cfb99aceeb81
- * g10/options.h (CO_DE_VS): New.
- (GNUPG): Also allow CO_DE_VS.
- * g10/gpg.c (oDE_VS): New.
- (parse_compliance_option): Add "de-vs".
- (set_compliance_option): Set "de-vs".
- * g10/misc.c (compliance_option_string): Return a description string.
- (compliance_failure): Ditto.
- * g10/keygen.c (ask_algo): Take care of CO_DE_VS.
- (get_keysize_range): Ditto.
- (ask_curve): Add new field to CURVES and trun flags into bit flags.
- Allow only Brainpool curves in CO_DE_VS mode.
-
- gpg: Use usual free semantics for packet structure free functions.
- + commit 8ea3b4c4102dc67ed83d4419b7171e422fc01047
- * g10/free-packet.c (free_attributes): Turn function into a nop for a
- NULL arg.
- (free_user_id): Ditto.
- (free_compressed): Ditto.
- (free_encrypted): Ditto.
- (free_plaintext): Ditto.
- (release_public_key_parts): Avoid extra check for NULL.
- * g10/getkey.c (get_best_pubkey_byname): Ditto.
-
-2016-11-15 Justus Winter <justus@g10code.com>
-
- g10: Optimize key iteration.
- + commit 12834e84aca9d74800245f0f2f2e6b5123e76173
- * g10/getkey.c (get_best_pubkey_byname): Use the node returned by
- 'getkey_next' instead of doing another lookup.
-
- g10: Fix memory leak.
- + commit d20107f6da094edd782947abb357abae5129a12c
- * g10/getkey.c (finish_lookup): Clarify that we do not return a
- reference.
- (lookup): Clarify the relation between RET_KEYBLOCK and RET_FOUND_KEY.
- Check arguments. Actually release the node if it is not returned.
-
- g10: Fix iteration over getkey results.
- + commit 1d03cc77e1706f7da653153ad4b58c61e4fd2573
- * g10/getkey.c (getkey_next): Fix invocation of 'lookup'. If we want
- to use RET_FOUND_KEY, RET_KEYBLOCK must be valid.
-
- g10: Fix use-after-free.
- + commit bd60742925414e0ef2a497df827c1913ea211a44
- * g10/getkey.c (pubkey_cmp): Make a copy of the user id.
- (get_best_pubkey_byname): Free the user ids.
-
-2016-11-15 Werner Koch <wk@gnupg.org>
-
- sm: New stub option --compliance.
- + commit 26c7c1d72c5f2acb3edb58d610c09a635c87bdbf
- * sm/gpgsm.c (oCompliance): New.
- (opts): Add "--compliance".
- (main): Implement as stub.
-
-2016-11-15 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix memory leak.
- + commit 1f7639ebbe58af1b581b0be7809da9ee55482992
- * g10/keyedit.c (menu_adduid): Don't copy 'sig'.
-
-2016-11-15 Werner Koch <wk@gnupg.org>
-
- gpg: New option --compliance.
- + commit f86b1a15ad4bb7bcc1e9f7d209aabcb23641f7df
- * g10/gpg.c (oCompliance): New.
- (opts): Add "--compliance".
- (parse_tofu_policy): Use a generic description string for "help".
- (parse_compliance_option): New.
- (main): Add option oCompliance. Factor out code for compliance
- setting to ...
- (set_compliance_option): new.
-
-2016-11-15 Justus Winter <justus@g10code.com>
-
- g10: Fix memory leak.
- + commit 809d67e74014cb563efd965744fd11f87bbae743
- * g10/keyedit.c (menu_adduid): Deallocate 'sig'.
-
- gpgscm: Mark cells requiring finalization.
- + commit 64a58e23c38db8658423bbe26fcd650330e24a88
- * tests/gpgscm/scheme.c (T_FINALIZE): New macro.
- (mk_port): Use the new macro.
- (mk_foreign_object): Likewise.
- (mk_counted_string): Likewise.
- (mk_empty_string): Likewise.
- (gc): Only call 'finalize_cell' for cells with the new flag.
-
- gpgscm: Recover more cells.
- + commit 93cc322ac06d3045a24aece90091f7f80f3dacb8
- * tests/gpgscm/scheme.c (_s_return): Recover the cell holding the
- opcode.
-
-2016-11-14 Justus Winter <justus@g10code.com>
-
- g10: Fix memory leak.
- + commit 2cd281c4def1ea881b92b9aba18c1892f89c1870
- * g10/mainproc.c (check_sig_and_print): Free 'pk'.
-
- gpgscm: Avoid cell allocation overhead.
- + commit 83c184a66b73f312425b01008f0495610e5329a4
- * tests/gpgscm/scheme-private.h (struct scheme): New fields
- 'inhibit_gc', 'reserved_cells', and 'reserved_lineno'.
- * tests/gpgscm/scheme.c (GC_ENABLED): New macro.
- (USE_GC_LOCKING): Likewise.
- (gc_reservations): Likewise.
- (gc_reservation_failure): New function.
- (_gc_disable): Likewise.
- (gc_disable): New macro.
- (gc_enable): Likewise.
- (gc_enabled): Likewise.
- (gc_consume): Likewise.
- (get_cell_x): Consume reserved cell if garbage collection is disabled.
- (_get_cell): Assert that gc is enabled.
- (get_cell): Only record cell in the list of recently allocated cells
- if gc is enabled.
- (get_vector_object): Likewise.
- (gc): Assert that gc is enabled.
- (s_return): Add comment, adjust call to '_s_return'.
- (s_return_enable_gc): New macro.
- (_s_return): Add flag 'enable_gc' and re-enable gc if set.
- (oblist_add_by_name): Use the new facilities to protect the
- allocations.
- (new_frame_in_env): Likewise.
- (new_slot_spec_in_env): Likewise.
- (s_save): Likewise.
- (opexe_0): Likewise.
- (opexe_1): Likewise.
- (opexe_2): Likewise.
- (opexe_5): Likewise.
- (opexe_6): Likewise.
- (scheme_init_custom_alloc): Initialize the new fields.
-
-2016-11-14 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix status info encoding.
- + commit 4ee4d0b02172cf56d9582bb99e32a65c75315b25
- * scd/command.c (send_status_info): Do percent plus encoding correctly.
-
-2016-11-12 Werner Koch <wk@gnupg.org>
-
- agent: Improve concurrency when Libgcrypt 1.8 is used.
- + commit 6bf698197222bf6081c249c815aebb075e8ec820
- * agent/gpg-agent.c (thread_init_once): Tell Libgcrypt to reinit the
- system call clamp.
- (agent_libgcrypt_progress_cb): Do not sleep if Libgcrypt is recent
- enough.
-
-2016-11-11 Werner Koch <wk@gnupg.org>
-
- agent: Kludge to mitigate blocking calls in Libgcrypt.
- + commit 4473db1ef24031ff4e26c9a9de95dbe898ed2b97
- * agent/gpg-agent.c (agent_libgcrypt_progress_cb): Sleep for 100ms on
- "need_entropy".
-
- dirmngr: Prepare to trigger jobs by network activity.
- + commit 7b04a43c05834b937b32a596f1941e9728add5fa
- * dirmngr/http.c (netactivity_cb): New.
- (http_register_netactivity_cb): New.
- (notify_netactivity): New.
- (connect_server): Call that function.
- * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb.
- (netactivity_action): New stub handler.
-
-2016-11-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: Clean up comments.
- + commit e51912f467fda963c7abcfcd4082d6eb084ba5be
- * agent/agent.h: Clean up comments.
-
-2016-11-10 Werner Koch <wk@gnupg.org>
-
- gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
- + commit 5d13581f4737c18430f6572dd4ef486d1ad80dd1
- * g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
- file-global. Write a STATUS_ERROR.
- (maybe_create_keyring_or_box): Check for non-accessible but existant
- file.
- (keydb_search): Write a STATUS_ERROR if no keyring has been registered
- but continue to return NOT_FOUND.
- * sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
- and make file-global. Write a STATUS_ERROR.
- (keydb_search): Write a STATUS_ERROR if no keyring has been registered
- but continue to return NOT_FOUND. Also add new arg CTRL and change
- all callers to pass it down.
-
- sm: Remove unused arg SECRET from keydb functions.
- + commit c8044c6e335f044d7386b9e8869bc4a0d3adff70
- * sm/keydb.c (struct resource_item): Remove field 'secret'.
- (keydb_add_resource): Remove arg 'secret' and change all callers.
- (keydb_new): Ditto.
-
-2016-11-10 Justus Winter <justus@g10code.com>
-
- gpgscm: Recover cells from the list of recently allocated cells.
- + commit ee08677d63a900cea85228024861a4f5c5a87c69
- * tests/gpgscm/scheme.c (ok_to_freely_gc): Recover cells.
-
- gpgscm: Recover cells used to maintain interpreter state.
- + commit e0cbd3389e2dd6ec19ee3a4c7bad81fa0f1907f5
- * tests/gpgscm/scheme.c (free_cell): New function.
- (free_cons): Likewise.
- (_s_return): Use the new function to recover cells used to save the
- state of the interpreter in 's_save'. This reduces the need to do a
- garbage collection considerably.
-
- gpgscm: Reduce opcode dispatch overhead.
- + commit d3a98ff5bc972a4c9b01b9e5338a4a59b5b4ac48
- * tests/gpgscm/scheme.c (s_thread_to): New macro.
- (CASE): Likewise.
- (opexe_[0-6]): Use 'CASE' instead of 'case' statements, replace
- 's_goto' with 's_thread_to' where applicable.
-
- gpgscm: Make the compile-hook configurable.
- + commit 568cfcde45a0d6c456d8f8be1ea0e408416badad
- * tests/gpgscm/scheme-private.h (struct scheme): Make field
- 'COMPILE_HOOK' optional.
- * tests/gpgscm/scheme.c (opexe_0): Fix guard.
- (scheme_init_custom_alloc): Conditionally initialize 'COMPILE_HOOK'.
- * tests/gpgscm/scheme.h (USE_COMPILE_HOOK): Define to 1 by default.
-
- gpgscm: Drop obsolete commented-out code.
- + commit 9ee184bc0afaea06785d836ed175b851b9ae532f
- * tests/gpgscm/scheme.c (opexe_5): Drop obsolete code.
-
- gpgscm: Remove dubious stack implementation.
- + commit d7c5799c282a03dcce0e3d327075233353cb76cc
- * tests/gpgscm/scheme-private.h (struct scheme): Remove related fields.
- * tests/gpgscm/scheme.c: Drop all !USE_SCHEME_STACK code.
- * tests/gpgscm/scheme.h (USE_SCHEME_STACK): Remove macro.
-
-2016-11-10 Werner Koch <wk@gnupg.org>
-
- gpg: Improve error message for --quick-gen-key.
- + commit 088d955bd8a6ec8bbf76c8a4c01eb08499d1d9fa
- * g10/keygen.c (parse_algo_usage_expire): Use a different error
- message for an unknown algorithm name.
-
- dirmngr: Improve concurrency in the non-adns case.
- + commit c7ea98cd3d44abf00e32c081e5049ad1d0b1f12c
- * dirmngr/dns-stuff.c (map_adns_status_to_gpg_error): New.
- (resolve_name_adns, get_dns_cert, get_dns_cname): Use that function.
- (getsrv) [!USE_ADNS]: Call res_query outside of nPth.
-
-2016-11-08 Justus Winter <justus@g10code.com>
-
- tests: Fix environment setup.
- + commit 1062953d5132af674aacfc6372e3e9f066c5d145
- * tests/openpgp/defs.scm (setup-legacy-environment): Do not call
- 'setup-environment' because that will start the agent, and hence
- register the atexit function twice.
-
- Fixes: a55393cb5f4b331cb3a715c7d9a8b91f7606f337
-
- tests: Log and display output from tests when run in parallel.
- + commit 2a7615c48ed79e6b28710cc293ce30c812b2e5b0
- * tests/openpgp/run-tests.scm (test): Add field 'logfd'.
- (test::new, test::set-*): Adapt accordingly.
- (test::set-logfd): New function.
- (test::open-log-file): Likewise.
- (test::run-sync): Use the new function.
- (test::run-async): Likewise.
- (test::report): Replay the log.
- (run-tests-parallel): Reverse the results to restore the original
- order.
-
- tests: Simplify test.
- + commit 4dd4801bfa4c3f7ba279b3d171a8ed299dbffaaa
- * tests/openpgp/issue2417.scm: Simplify.
-
- gpgscm: Expose seek and associated constants.
- + commit 591d61d80f4f81176f7e236df794922df9e001a1
- * tests/gpgscm/ffi.c (do_seek): New function.
- (ffi_init): Expose 'seek' and 'SEEK_{SET,CUR,END}'.
- * tests/gpgscm/lib.scm: Document the new function.
-
- gpgscm: Fix error message.
- + commit d4454837cd60981c2863955b11c9e1cc8f9e3833
- * tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
- messages.
-
- tests,w32: Make cleanup more robust.
- + commit dd13b2a561e31045fd3d3576bab99543cd4eb6cc
- * tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
- removing the working directory. On Windows this can fail if there is
- still a process using one of the files there.
- (run-tests-sequential): Likewise.
-
- common,w32: Simplify locking.
- + commit 7cbb0803847b8db618d39ff50ae6015e409ab1ae
- * common/asshelp.c (lock_spawning): Use the same code on Windows that
- we use on all other platforms.
- (unlock_spawning): Likewise.
-
-2016-11-07 Justus Winter <justus@g10code.com>
-
- tests: Write a log file for each test.
- + commit 26df829fa22f027ca4a5eaf155cdaa2123afbdd5
- * tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
- * tests/openpgp/run-tests.scm (test::run-sync): Write logs.
-
- gpgscm: Generalize splice to write to multiple sinks.
- + commit abe0cc7a21d2b0b5c77cc525b999d1ede2d29185
- * tests/gpgscm/ffi.c (ordinal_suffix): New function.
- (do_splice): Generalize splice to write to multiple sinks.
- * tests/gpgscm/lib.scm (splice): Document this fact.
-
- gpgscm: Drop 'len' argument from splice.
- + commit 4d98a72b88cf167295e1ecd6125b9c7a11b6239f
- * tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
- * tests/gpgscm/lib.scm (splice): Document foreign function.
-
- tests: Move environment creation and teardown into each test.
- + commit a55393cb5f4b331cb3a715c7d9a8b91f7606f337
- * tests/gpgscm/tests.scm (log): New function.
- * tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
- startup and teardown scripts.
- (run-tests-sequential): Likewise.
- * tests/openpgp/setup.scm: Move all functions...
- * tests/openpgp/defs.scm: ... here and make them less verbose.
- (setup-environment): New function.
- (setup-legacy-environment): Likewise.
- (start-agent): Make less verbose, run 'stop-agent' at interpreter
- exit.
- (stop-agent): Make less verbose.
- * tests/openpgp/finish.scm: Drop file.
- * tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
- * tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
- 'setup-legacy-environment' as appropriate.
- * tests/openpgp/armdetach.scm: Likewise.
- * tests/openpgp/armdetachm.scm: Likewise.
- * tests/openpgp/armencrypt.scm: Likewise.
- * tests/openpgp/armencryptp.scm: Likewise.
- * tests/openpgp/armor.scm: Likewise.
- * tests/openpgp/armsignencrypt.scm: Likewise.
- * tests/openpgp/armsigs.scm: Likewise.
- * tests/openpgp/clearsig.scm: Likewise.
- * tests/openpgp/conventional-mdc.scm: Likewise.
- * tests/openpgp/conventional.scm: Likewise.
- * tests/openpgp/decrypt-dsa.scm: Likewise.
- * tests/openpgp/decrypt.scm: Likewise.
- * tests/openpgp/default-key.scm: Likewise.
- * tests/openpgp/detach.scm: Likewise.
- * tests/openpgp/detachm.scm: Likewise.
- * tests/openpgp/ecc.scm: Likewise.
- * tests/openpgp/encrypt-dsa.scm: Likewise.
- * tests/openpgp/encrypt.scm: Likewise.
- * tests/openpgp/encryptp.scm: Likewise.
- * tests/openpgp/export.scm: Likewise.
- * tests/openpgp/finish.scm: Likewise.
- * tests/openpgp/genkey1024.scm: Likewise.
- * tests/openpgp/gpgtar.scm: Likewise.
- * tests/openpgp/gpgv-forged-keyring.scm: Likewise.
- * tests/openpgp/import.scm: Likewise.
- * tests/openpgp/issue2015.scm: Likewise.
- * tests/openpgp/issue2417.scm: Likewise.
- * tests/openpgp/issue2419.scm: Likewise.
- * tests/openpgp/key-selection.scm: Likewise.
- * tests/openpgp/mds.scm: Likewise.
- * tests/openpgp/multisig.scm: Likewise.
- * tests/openpgp/quick-key-manipulation.scm: Likewise.
- * tests/openpgp/seat.scm: Likewise.
- * tests/openpgp/shell.scm: Likewise.
- * tests/openpgp/signencrypt-dsa.scm: Likewise.
- * tests/openpgp/signencrypt.scm: Likewise.
- * tests/openpgp/sigs-dsa.scm: Likewise.
- * tests/openpgp/sigs.scm: Likewise.
- * tests/openpgp/ssh.scm: Likewise.
- * tests/openpgp/tofu.scm: Likewise.
- * tests/openpgp/use-exact-key.scm: Likewise.
- * tests/openpgp/verify.scm: Likewise.
- * tests/openpgp/version.scm: Likewise.
- * tests/openpgp/issue2346.scm: Likewise and simplify.
-
- tests: Do not allow tests to be run in a shared environment.
- + commit ac078469cbafe85cf771fca84f376740850d10b0
- * tests/openpgp/README: Update.
- * tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
- function.
- (run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
- (run-tests-sequential-shared): Drop function.
- (run-tests-sequential-isolated): Rename to 'run-tests-sequential'.
-
- tests: Fix build.
- + commit 37751d2b194bc33539f5b9ea0e02e9f209d2bcf6
- * tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.
-
- Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
-
-2016-11-07 Werner Koch <wk@gnupg.org>
-
- wks: Encrypt all client mails also the target key,
- + commit 56e1864aa337f36317534db521fd4434d70e0784
- * tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
- (send_confirmation_response): Ditto.
- (process_confirmation_request): Parse out fingerprint and pass
- send_confirmation_response.
-
-2016-11-07 Justus Winter <justus@g10code.com>
-
- tests,tools: Reimplement 'mk-tdata' in Scheme.
- + commit 70215ff470c82d144e872057dfa5a478cc9195f2
- * tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
- * tests/openpgp/setup.scm (make-test-data): New function.
- * tests/openpgp/verify.scm: Avoid 'mk-tdata'.
- * tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
- * tools/mk-tdata.c: Drop file.
-
- gpgscm,w32: Provide schemish file handling for binary files.
- + commit 413cc50345557e0a516f33b98e8aab19bbc8b4fe
- * tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
- (call-with-binary-output-file): Likewise.
-
- gpgscm: Add support for pseudo-random numbers.
- + commit 6e677f9b55fdb610e93134042ee41ee5c641cbdf
- * tests/gpgscm/ffi.c (do_getpid): New function.
- (do_srandom): Likewise.
- (random_scaled): Likewise.
- (do_random): Likewise.
- (do_make_random_string): Likewise.
- (ffi_init): Expose the new functions.
- * tests/gpgscm/lib.scm: Document the new functions.
-
- g10: Fix crash.
- + commit 5840353d8bbcd9e75374f3bdb2547ffa7bbea897
- * g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
- not return a getkey context, then it can return at most one key,
- therefore there is nothing to rank. Also, always initialize '*retctx'
- to be on the safe side.
-
- Fixes: ab89164be02012f1bf159c971853b8610e966301
-
-2016-11-04 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix printing strings containing zero bytes.
- + commit 1f45878a72f23d4bae08d73b614096b485f35274
- * tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
- strings. Scheme strings can contain zero bytes.
-
- gpgscm: Implement 'atexit'.
- + commit 43f8006f5c75e3d15fe200e2fa41587a73bfb07b
- * tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
- terminating the interpreter.
- (*atexit-handlers*): New variable.
- (*run-atexit-handlers*): New function.
- (atexit): Likewise.
- * tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
- interpreter shutdown.
-
-2016-11-04 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix length error for READKEY.
- + commit cd00b07ec26c3408e6aee66957b08c6fd319b700
- * scd/app-openpgp.c (do_readkey): Decrement the length.
-
- scd: Add --advanced option for READKEY.
- + commit f9da935c3eb302e75a80def51128fb6f669661d7
- * scd/command.c (cmd_readkey) : Support ADVANCED arg.
- * scd/app.c (app_readcert): Add ADVANCED arg.
- * scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
- * scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.
-
-2016-11-03 Werner Koch <wk@gnupg.org>
-
- agent: Extend the PINENTRY_LAUNCHED inquiry and status.
- + commit c1ea0b577a468030d2b006317ba27fc1746c4b14
- * agent/call-pinentry.c (start_pinentry): Get flavor and version and
- pass it to agent_inq_pinentry_launched.
- * agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
- * g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.
-
-2016-11-03 Justus Winter <justus@g10code.com>
-
- g10: Improve and unify key selection for -r and --locate-keys.
- + commit ab89164be02012f1bf159c971853b8610e966301
- * g10/getkey.c (struct pubkey_cmp_cookie): New type.
- (key_is_ok, uid_is_ok, subkey_is_ok): New functions.
- (pubkey_cmp): Likewise.
- (get_best_pubkey_byname): Likewise.
- * g10/keydb.h (get_best_pubkey_byname): New prototype.
- * g10/keylist.c (locate_one): Use the new function.
- * g10/pkclist.c (find_and_check_key): Likewise.
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- (TEST_FILES): Add new files.
- * tests/openpgp/key-selection.scm: New file.
- * tests/openpgp/key-selection/0.asc: Likewise.
- * tests/openpgp/key-selection/1.asc: Likewise.
- * tests/openpgp/key-selection/2.asc: Likewise.
- * tests/openpgp/key-selection/3.asc: Likewise.
- * tests/openpgp/key-selection/4.asc: Likewise.
-
- gpgscm,tests: Add new functions to the test environment.
- + commit 1ec07cbc209f247fd85704f5701564e31aa56d0b
- * tests/gpgscm/lib.scm (first, last, powerset): New functions.
- * tests/gpgscm/tests.scm (interactive-shell): New function.
- * tests/openpgp/Makefile.am (EXTRA_DIST): Add new file.
- * tests/openpgp/README: Document 'interactive-shell'.
- * tests/openpgp/shell.scm: New file.
-
-2016-11-03 Werner Koch <wk@gnupg.org>
-
- gpgconf: Add a new field to the --query-swdb output.
- + commit d10b67b9bc32e8feff1be86e6646fc23e58fe45d
- * tools/gpgconf.c (query_swdb): Insert new field with the installed
- version. Check that the supplied version does not contain a colon.
-
-2016-11-02 Werner Koch <wk@gnupg.org>
-
- gpgconf: Add command --query-swdb.
- + commit 0ed6a6df5aa421a9c5cdb1e63867f0deee79af9e
- * tools/gpgconf.c (aQuerySWDB): New.
- (opts): Add --query-swdb.
- (valid_swdb_name_p): New.
- (query_swdb): New.
- (main): Implement command --query-swdb.
-
- common: Improve compare_string_versions.
- + commit 488b183811fc25c1ae49b4730491accf1adf518e
- * common/stringhelp.c: Include limits.h.
- (compare_version_strings): Change semantics to behave like strcmp.
- Include the patch lebel in the comparison. Allow checking a single
- version string.
- * common/t-stringhelp.c (test_compare_version_strings): Adjust test
- vectors and a few new vectors.
- * g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
- * g10/call-dirmngr.c (warn_version_mismatch): Ditto.
- * sm/call-agent.c (warn_version_mismatch): Ditto.
- * sm/call-dirmngr.c (warn_version_mismatch): Ditto.
-
-2016-11-02 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix inclusion of readline header.
- + commit 60ad1a7f37ffc10e601e69a3e2d2bb14af510257
- * tests/gpgscm/ffi.c: Define magic macro to prevent the completion
- function from redefined.
-
-2016-11-02 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- build: Fix misspelled dirmngr.
- + commit 5e693ddfbe44d149ce0d9393d699c613ad5ea706
-
-
- Spelling: correct spelling of "passphrase".
- + commit 68b59bbc42ba9ec69496758743924d54a95742f0
- There were several different variant spellings of "passphrase". This
- should fix them all for all English text.
-
- I did notice that po/it.po contains multiple instances of
- "passhprase", which also looks suspect to me, but i do not know
- Italian, so i did not try to correct it.
-
-2016-11-02 Justus Winter <justus@g10code.com>
-
- g10,w32: Fix build on Windows.
- + commit 5d4f1408d0dd055d412ae44bb4a0f28f74617f05
- * g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.
-
-2016-10-31 Werner Koch <wk@gnupg.org>
-
- common: New function gnupg_usleep.
- + commit ad491ceec6145b3781a05dc7b4a36052abeeb4b4
- * configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
- * common/sysutils.c: Always include time.h.
- (gnupg_usleep): New.
-
-2016-10-31 Andre Heinecke <aheinecke@intevation.de>
-
- w32: Fix PKG_CONFIG_LIBDIR in --build-w32.
- + commit 3b6b8fe32af7568ff51066d4c2e3679df6dea86f
- * autogen.sh: Point pkg-config to the right location.
-
-2016-10-31 Neal H. Walfield <neal@g10code.com>
-
- g10: Avoid gratuitious SQLite aborts and starving writers.
- + commit 7a634e48b13c5d5d295b8fed9b429e1b2109a333
- * g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
- (tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
- (begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
- changed since we took the lock. Don't use gpgrt_yield to yield, but
- sleep for 100ms. After taking the batch lock, update
- DBS->WANT_LOCK_FILE_CTIME. Also take the batch lock the first time we
- take the real lock. When taking the real lock, use immediate not
- deferred mode to avoid gratuitious aborts.
- (end_transaction): When dropping the outermost real lock, drop the
- batch lock.
- (busy_handler): New function.
- (opendbs): Set the busy handler to it when opening the DB. Initialize
- CTRL->TOFU.DBS->WANT_LOCK_FILE.
- (tofu_closedbs): Free DBS->WANT_LOCK_FILE.
-
-2016-10-30 Neal H. Walfield <neal@g10code.com>
-
- g10: Avoid reading in keys when possible.
- + commit eec365a02bd35d2d5c9e4d2c8d18bcd9180cf859
- * g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
- element, don't bother to check for cross sigs. Add parameter PK.
- Update callers.
-
- g10: Fix bit setting.
- + commit 614ca00676bb8ca12b5107fec0e4ef8818445254
- * g10/tofu.c (build_conflict_set): Fix bit setting.
-
-2016-10-28 Werner Koch <wk@gnupg.org>
-
- gpg: Enable the Issuer Fingerprint from rfc4880bis.
- + commit b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc
- * g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
- Issuer Fingerprint sub-packet.
- * g10/mainproc.c (check_sig_and_print): Always consider that
- sub-packet.
-
-2016-10-27 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix signature checking.
- + commit 5a1f6a0062488aaf345b1c73ba98a540e673d619
- * dirmngr/server.c: Include cpparray.h.
- (verify_swdb_parm_s): New.
- (verify_swdb_status_cb): New.
- (cmd_versioncheck): Use gpgv to correclty verify the signature.
- Rename some variable to comply with GNU standards.
-
- gpg: Verify multiple detached signatures with different hash algos.
- + commit 8fced66be35db5ac2a6bfdb9bccb2c0e582d8256
- * g10/mainproc.c (proc_tree): Loose check. Enable all algos.
-
- common: Add GNUPG_MODULE_NAME_GPGV.
- + commit ece9ade4b44fb3d5d120cfd32b23632e5efd2134
- * common/util.h (GNUPG_MODULE_NAME_GPGV): New.
- * common/homedir.c (gnupg_module_name): Implement.
-
-2016-10-27 Justus Winter <justus@g10code.com>
-
- g10: Fix iteration over getkey results.
- + commit 8ea72a776a88f3c851e812d258355be80caa1bc1
- * g10/getkey.c (getkey_next): Return the public key in PK even if
- RET_KEYBLOCK is NULL.
-
- g10: Assert preconditions.
- + commit 66a0091d74768ab3a4a5342d3645e1834c59045a
- * g10/getkey.c (get_pubkey_byname): Assert preconditions.
-
-2016-10-27 Werner Koch <wk@gnupg.org>
-
- dirmngr: Do not implement --supervised in Windows.
- + commit cf20b23c146c9e499263654644035796475de097
- * dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
- (main) [W32]: Ditto.
-
- common: Remove debug output from gnupg_get_socket_name.
- + commit a9c8b5fbe7ae241bf45bdee15884abc7891aedf9
- * common/sysutils.c (gnupg_get_socket_name): Remove debug message and
- use my_error_from_syserror.
-
-2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: ADNS error handling fix.
- + commit 45dfc02b47f798f5a3b9973ca6a9f5a907d7e665
- * dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
- Use gpg_error and gpg_err_code_from_errno to compose the error value.
-
-2016-10-27 Werner Koch <wk@gnupg.org>
-
- gpg: Convey --quick option to dirmngr for --auto-key-retrieve.
- + commit a15ed5a1fd5307b3ec1822daf3b138b187db0b5e
- * g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
- (gpg_dirmngr_wkd_get): Ditto.
- * g10/keyserver.c (keyserver_get): Add arg 'quick'.
- (keyserver_get_chunk): Add arg 'quick'.
- (keyserver_import_fprint): Ditto. Change callers to pass 0 for it.
- (keyserver_import_keyid): Ditto.
- (keyserver_import_wkd): Ditto.
- * g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
- QUICK set.
-
-2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix gnupg_inotify_has_name, differently.
- + commit 8b3d0d1a36cab83dafb98ccb7895144edb95e298
- * common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
- warning.
-
- dirmngr: More ADNS error fix.
- + commit 6f1d8123d61b3efac94b4c61ee75bd947790ba42
- * dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
- value.
-
- dirmngr: Fix error return for ADNS.
- + commit 8a9341b42cd1891090d45cc068bff84b2b3edb50
- * dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.
-
- g10: Fix ECDH, clarifying the format.
- + commit ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
- it's short. Clarify the format. Handle other prefixes correctly.
-
- scd: Add 0x41 prefix for x-coordinate only result.
- + commit 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443
- * scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
- prefix 0x41.
-
-2016-10-27 Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
-
- g10: ECDH shared point format.
- + commit b648f28f9f8b889f1217a649ded1d45f261bb2bf
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
- ECDH shared point format.
-
-2016-10-27 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- dirmngr: Implement --supervised command (for systemd, etc).
- + commit 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9
- * dirmngr/dirmngr.c (main): Add new --supervised command, which is a
- mode designed for running under a process supervision system like
- systemd or runit.
- * doc/dirmngr.texi: document --supervised option.
-
- agent,common: move get_socket_name() into common.
- + commit 6316b28e896957adb76a61a41d2e1c2a08d9f716
- * agent/gpg-agent.c (get_socket_name): move to ...
- * common/sysutils.c (gnupg_get_socket_name): ... here.
-
- dirmngr: report actual socket name.
- + commit 6bb6ac56cca8135666387a0b9d88dd6b50311418
- * dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
- to report known socket name.
- * dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
- to report correct socket name.
-
-2016-10-27 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix gnupg_inotify_has_name.
- + commit bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5
- * common/sysutils.c (gnupg_inotify_has_name): Take care of the
- alignment.
-
- dirmngr: Fix help string and argument.
- + commit 96414baf36b8e6385b71847c789d489ebe176a93
- * dirmngr/server.c (hlp_versioncheck): Add a newline.
- (cmd_versioncheck): Fix argument.
-
-2016-10-26 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix hang due to deferred thread initialization.
- + commit d1ccab5176d7719328b287544b54b85e0277b146
- * dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
- thread_init.
-
- agent: Avoid double error message.
- + commit b77f95a4a675fd20f6eeb611f4e7b519eceb4ad3
- * agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
- Remove unneeded diagnostic.
-
- common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
- + commit ece13f177d948013b6f3df926406c0cd947abc25
- * common/sysutils.c (gnupg_inotify_watch_socket): Return
- GPG_ERR_INV_VALUE for a missing socket name and set proper error
- source.
-
- tests: Improve portability of fake-pinentry.
- + commit 21b318452abbfe21c45c2a67dae0e3a81cff1090
- * tests/openpgp/fake-pinentry.c: Make all functions static.
- (get_passphrase): s/unlink/remove/ because that is standard C.
- (spacep): Rename to whitespace and change all callers.
- (main): Move macro out of if-then chain.
-
-2016-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: --supervised mode improvements.
- + commit 27f6d5b9f4b6057ddeb9ace87a1e7e61ebac63e6
- * agent/gpg-agent.c (map_supervised_socket): if the agent is running
- in --supervised mode and is not actually given LISTEN_FDNAMES
- directives, require at least fd 3 to be open for listening.
-
- common: avoid segfault.
- + commit 3b5f5e0eb02ecbdcf59722755f22a9d2f88de6e6
- * common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
- socket_name is NULL, rather than segfaulting
-
-2016-10-25 Justus Winter <justus@g10code.com>
-
- agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
- + commit 852b8f0b89d447536dfdf6cd4ea91615c75491ce
- * agent/call-pinentry.c (start_pinentry): Also send the user data
- using an Assuan 'OPTION' command.
- * tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
- passphrase file.
- (spacep): Include newline characters.
- (rstrip): New function.
- (main): Handle Windows line endings. Handle the userdata option, and
- restart with the new options.
-
- tests: Do not autostart gpg-agents on teardown.
- + commit f88f11a25665dca7490a09088aa24edf396e4c40
- * tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling
- gpg-connect-agent.
-
-2016-10-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.
- + commit b120f358c25cc846ca9d841d47e71ca1a7fe02e4
- * dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
- (cmp_version): Extend to handle the MICRO part.
- (confucius_mktmpdir): Rename to my_mktmpdir.
- (my_mktmpdir): xstrconcat does not fail; use strconcat.
- (fetch_into_tmpdir): Improve error checking.
-
- common: Use strconcat in gnupg_setenv.
- + commit 7983f8758703071710c11bf2a255efcd71836b65
- * common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
- strconcat. Indent cpp conditionals.
- (gnupg_unsetenv): Indent cpp conditionals.
-
-2016-10-24 Werner Koch <wk@gnupg.org>
-
- gpg: Replace two sprintf calls.
- + commit 9d6146d6f9870fbfcec15cdc4becaf094d5a90e0
- * g10/keygen.c (print_status_key_created): Use snprintf for now.
- (ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
-
- agent: Minor cleanup for recent change in findkey.c.
- + commit 8c40b3b98d3ddeda79fde981e6539c5b3b09d9a2
- * agent/findkey.c (agent_write_private_key): Avoid label name error.
-
- agent: Slightly change structure of cmd_readkey.
- + commit fdb653a33ea1a24d1159880624dbbcc0867865b5
- * agent/command.c (cmd_readkey): Avoid a leave label in the middle of
- the code. Remove the special return.
-
-2016-10-24 Kai Michaelis <kai@gnupg.org>
-
- dirmngr: Fix segfault in VERSIONCHECK.
- + commit 5e7dfd979d2d91800d90c3ce9a66755df3217682
- * dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes
- when called without program version.
-
-2016-10-24 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Use canonical curve name of libgcrypt.
- + commit b1828c17fc475def1ee9e06f083f513f568c241b
- * scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
- (ecdh_params): New.
- (ecc_read_pubkey): Use ecdh_params. Use curve name.
- (ecc_writekey): Likewise.
- (ecc_curve): Rename from ecc_oid.
- (parse_algorithm_attribute): Use ecc_curve.
- * g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
- intern the curve name string.
- * g10/card-util.c (card_status): Conver curve name to alias for print.
-
- common: Fix openpgp_is_curve_supported.
- + commit 945e7ab0ddedf5f58afd97d81e101939de5b5d89
- * common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
- canonical name of the curve and alias.
-
- g10: Fix card keygen for decryption.
- + commit acef0951646b47c87ccc1c616f0105a068e7ed86
- * g10/keygen.c (do_generate_keypair): Fix arguments.
-
-2016-10-22 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: More card key generation change.
- + commit 987bbb2276aeb6bee2793e8406e223717b605009
- * g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
- Don't get ALGO by KEY-ATTR by this function. It's caller to provide
- ALGO. Don't do that by both of caller and callee.
- (generate_keypair): Only put paramerters needed. Use parameters
- for ALGO to call gen_card_key.
- (generate_card_subkeypair): Get ALGO and call gen_card_key with it.
-
-2016-10-21 Andre Heinecke <aheinecke@intevation.de>
-
- g10: Write first keybox record in binary mode.
- + commit f7e50634be71ce3028726f23edf14454109a04a8
- * g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.
-
-2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
-
- g10,scd: Fix ECC keygen.
- + commit d2653b1a6db90aed073194a51fd61023d69773ec
- * g10/keygen.c (generate_keypair): For card key generation, fill
- parameters by KEY-ATTR.
-
- * scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
- after its reference by OIDBUF is finished.
- (ecc_writekey): Likewise.
-
- scd: Fix segfault changing key attr.
- + commit 693e657ff04756737dce025203c0deba480ea8de
- * asc/app-openpgp.c (change_keyattr_from_string): Release after
- allocated.
-
-2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
- Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
-
- g10: Don't ask keysize for for non-RSA card.
- + commit dafce6f698bec6e9d4c0125b90754d0687294e86
- * g10/card-util.c (card_status): Bug fix for keyno.
- (ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
- (generate_card_keys): Only ask keysize when RSA.
- (card_generate_subkey): Likewise.
-
- g10: Support ECC for gen_card_key.
- + commit 161cb22f13bcd8cbdb08558d9926b2168a8297ac
- * g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
- (do_generate_keypair, generate_card_subkeypair): Follow the change.
-
-2016-10-21 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix use cases of snprintf.
- + commit 6e85ac77af594035137950d801d8a1bacce548a3
- * agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
- build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
- dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
- g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
- sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.
-
- agent: Fix saving with FORCE=1.
- + commit 1ffd475f99eaff4e40950eda88702f8db9288eb5
- * agent/findkey.c (agent_write_private_key): Recover from an error of
- GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".
-
-2016-10-20 Justus Winter <justus@g10code.com>
-
- tests: Simplify test.
- + commit 71158d8d5f823888abc8588caa6497860ce59c06
- * tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
- home directory, just make the uids unique.
-
- tests: Flush stdout in the fake pinentry.
- + commit ca9597f080f70a8435daaeb5449bef0462a1402a
- * tests/openpgp/fake-pinentry.c (reply): Flush stdout.
-
- common,w32: Fix setting environment variables on Windows.
- + commit 8c7c4faf3de28ca70a60e6b15f51c1b206e0ddd9
- * common/sysutils.c (gnupg_setenv): Also update the environment block
- maintained by the C runtime.
- (gnupg_unsetenv): Likewise.
- * tests/gpgscm/ffi.c (do_setenv): Fix error handling.
-
- tests,w32: Cope with Windows line endings.
- + commit bf37916a23bd0929fc4a5f28c9a41f43c5a473f6
- * tests/openpgp/issue2015.scm: Rstrip line before comparison.
-
- tests: Create and remove socket directories.
- + commit 2d794779e0fd9d9a1efc98e7bd77a296a25f4293
- * tests/openpgp/defs.scm (start-agent): Move function here and create
- the socket directory prior to starting the agent.
- (stop-agent): Move function here and remove the socket directory.
- * tests/openpgp/finish.scm: Adapt.
- * tests/openpgp/setup.scm: Likewise.
-
-2016-10-20 NIIBE Yutaka <gniibe@fsij.org>
-
- agent, g10: Fix keygen.
- + commit 9a34e2142b426b98c73fd888102ea1596bbce62a
- * agent/command.c (cmd_readkey): Get length after card_readkey.
- * g10/keygen.c (gen_card_key): Fix off-by-one error.
-
- scd: GENKEY updates the public key in APP.
- + commit b680f79cc112c4831293e259d7db2921bcd783a4
- * scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
- (read_public_key): New.
- (get_public_key, do_genkey): Use read_public_key.
-
- g10: smartcard keygen change.
- + commit 980c037bedb968ddf155dd334c0a70b918a17759
- * g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
- (scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
- (agent_scd_genkey): Remove INFO argument. CREATETIME is now in/out
- argument.
- (agent_readkey): Use READKEY --card instead of SCD READKEY.
- * g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
- to retrieve public key information from card and let the agent make
- a file for private key with shadow info.
-
- agent: Add --card option for READKEY.
- + commit 82cbab906a3e72a98fdc16096f2f0451465969a2
- * agent/findkey.c (agent_write_shadow_key): New.
- * agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
- * agent/learncard.c (agent_handle_learn): Likewise.
- * agent/command.c (cmd_readkey): Add --card option.
-
-2016-10-19 Kai Michaelis <kai@gnupg.org>
-
- dirmngr: improve VERSIONCHECK.
- + commit 72a99f582dad4cb4c3b05b97c7ebb8d537f10b79
- Replace strtok_r() and code formatting. Use code from libgpg-error for
- version comparison.
-
-2016-10-18 Justus Winter <justus@g10code.com>
-
- common: Fix copying data to estreams.
- + commit 8dce5ee55a0268d196023224dcf3020306922490
- * common/exectool.c (copy_buffer_do_copy): Correctly account for
- partially written data in the event of errors.
-
- common,w32: Communicate with child in non-blocking mode.
- + commit 05a1e412332dd980353a4e3e59bc75ba40bae7fc
- * common/exechelp-w32.c (gnupg_spawn_process): Open streams in
- non-blocking mode if requested.
-
- common,w32: Extend gnupg_create_inbound_pipe et al.
- + commit f2d39a6d051413289c717b9cd2dc387a270b8e7c
- * common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
- create a stream if reqested.
- (gnupg_create_inbound_pipe): Use the extended function to open the
- stream if requested.
- (gnupg_create_outbound_pipe): Likewise.
- (gnupg_create_pipe): Update call site.
-
- common,w32: Make use of default_errsource in exechelp.
- + commit 727ca74bb942464217e678012cccbfc347ae08a5
- * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
- Use them instead of gpg_error and gpg_error_from_syserror.
-
-2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
- Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
-
- scd: Support ECC key generation.
- + commit 34439da2d62b964a914ace66bae7e38f619582a4
- * scd/app-openpgp.c (get_public_key): Fix a message.
- (change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
- (do_genkey): Add ECC support.
-
-2016-10-18 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: minor cleanup to merge other works.
- + commit f1845f25dbea79c191427710fa56ed01e63a045b
- * scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
- (iso7816_generate_keypair, iso7816_read_public_key): Likewise.
- * scd/app-openpgp.c (get_public_key): Follow the change.
- (do_genkey): Ditto. Use ERR instead of RC. Use u32 for CREATED_AT.
-
-2016-10-17 Justus Winter <justus@g10code.com>
-
- gpgscm: Initialize nesting stack.
- + commit c2e713d9e25ef8b61e8eeb3c01ee1e31cb70b794
- * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting
- stack.
-
-2016-10-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: Document how to manually shut down gpg-agent.
- + commit 869c06efa791bbc8330becdb3f13f7cf9506257e
- * doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
- agent termination.
-
- This was requested in a side-comment in https://bugs.debian.org/840669
-
- doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
- + commit c53ce53ab1fa6a328c368f2a15e3ccd803f03ee2
- * doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
- hard-coding "gpg2".
-
-2016-10-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix keytocard for ECC.
- + commit 25428be52168fa9c581b7f11c95a5c63b25343b7
- * scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
- than 128 when it comes with public key for curve of larger field.
-
- gpgconf: Fix for --homedir.
- + commit 70a8584ec4389209762eb65bb77f20f7881577be
- * tools/gpgconf-comp.c (gpg_agent_runtime_change,
- scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
- arguments by --homedir when it's not default.
-
-2016-10-16 Werner Koch <wk@gnupg.org>
-
- agent: Use straightforward names for the default socket names.
- + commit 0b0f9a3788cb5d3c26cec16cd24acc973069d280
- * configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
- (GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
-
-2016-10-15 Werner Koch <wk@gnupg.org>
-
- agent: Move inotify code to common and improve it.
- + commit 2f7d4c38c9e7bcc14e6e0bf219d688c40a4afecb
- * common/sysutils.c: Include sys/inotify.h.
- (my_error_from_syserror, my_error): New.
- (gnupg_inotify_watch_socket): New.
- (gnupg_inotify_has_name): New.
- * agent/gpg-agent.c: Do not include sys/inotify.h.
- (my_inotify_is_name): Remove.
- (handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
- the new functions.
-
-2016-10-14 Kai Michaelis <kai@gnupg.org>
-
- dirmngr: use gnupg_mkdtemp instead of mkstemp.
- + commit c318561ef4c97f0c2767aef377531d58174060a1
- MinGW on debian does not support mkstemp.
-
- dirmngr: add VERSIONCHECK command.
- + commit f99c5fa1c970dc1122ac62371eb8d758f380ed57
- Given an application name and version VERSIONCHECK fetches the software
- version list from version.gnupg.org, verifies the signature and returns
- whenever the given version is older (UPDATE), current (CURRENT) or newer
- (ROLLBACK).
-
-2016-10-13 Neal H. Walfield <neal@g10code.com>
-
- tests: Use shorter filenames.
- + commit 0c56ad5a8d89d69a9ed00571720b3b105f955214
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from
- this...
- * tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this...
- * tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from
- this...
- * tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this.
- * tests/openpgp/Makefile.am (TEST_FILES): Update accordingly.
-
- g10: Be more careful when checking if a binding is signed by a UTK.
- + commit 95d0f3e5eebd85dcf226dca14891a1215bfe93ae
- * g10/tofu.c (signed_by_utk): When checking if a key is signed by an
- ultimately trusted key, only consider the signatures on the specified
- user id.
- * tests/openpgp/tofu.scm: Add test for the above.
-
- tests: Add test data to TEST_FILES.
- + commit d2d936fbe86d61b89cead95df633b2b575690e05
- * tests/openpgp/Makefile.am (TEST_FILES): Add new test data.
-
- g10: Be more careful when checking cross signatures.
- + commit 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c
- * g10/tofu.c (cross_sigs): When checking cross signatures, only
- consider the signatures on the specified user id.
- * tests/openpgp/tofu.scm: Add test for the above.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
- New file.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- 1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/
- DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
- * tests/openpgp/tofu/cross-sigs/README: New file.
-
- g10: Still check if the key is an UTK or cross signed in batch mode.
- + commit e09166c77273f459c8f87cab9224f85808af2cba
- * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
- bail immediately. Instead, check if the key in question is an
- ultimately trusted key or cross signed.
-
- g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
- + commit 5bf92e51dfdfb4f4746ecd817d8d2240ed27ea74
- * g10/tofu.c (get_policy): If an sqlite operation fails, map the error
- code to GPG_ERR_GENERAL.
- (ask_about_binding): Likewise.
- (build_conflict_set): Likewise.
- (get_trust): Likewise.
- (show_statistics): Likewise.
- (tofu_register_signature): Likewise.
- (tofu_register_encryption): Likewise.
-
- tests: Remove support for deprecated functionality.
- + commit 2282c3b761413dfa894300e70084bbd58908c0b1
- * tests/openpgp/tofu.scm: Don't remove tofu.d. It's deprecated.
-
-2016-10-12 Neal H. Walfield <neal@g10code.com>
-
- g10: When changing a TOFU binding's policy, update the conflict info.
- + commit 3ad17e72fa81d18c95732ddcd4def244f52bb5b1
- * g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
- Set the binding's conflict accordingly. Update callers.
-
- g10: Make a singular string singular.
- + commit ca84f65c7cf2c6a08a01018519965a82e6c52cac
- * g10/tofu.c (ask_about_binding): Make the singular string singular.
-
- g10: Correctly determine whether a binding has a conflict.
- + commit 6fdf37f0831949cb279de6dc6b247ab2ed53fe5a
- * g10/tofu.c (build_conflict_set): A binding has a conflict is
- conflict is *not* NULL, not if it is NULL.
-
- g10: Fix a column's type in TOFU DB.
- + commit 78eda335fd1c29038b74b9cc912b6a4515fccd9f
- * g10/tofu.c (initdb): Change policy from a boolean to an integer.
-
-2016-10-07 Justus Winter <justus@g10code.com>
-
- tests: Rework test environment setup.
- + commit cbbf0a7a8da1757fea29cff0daaa42a6bbb95b26
- * tests/openpgp/setup.scm: Import one keyring at a time. This works
- around a yet to be investigated hang on Windows. It is also much
- prettier.
-
- tests: Improve handling of Windows newlines.
- + commit 1f76f8d8bc65fad98927c977baf4d5e36dafe52b
- * tests/gpgscm/lib.scm (string-split-newlines): New function.
- * tests/openpgp/default-key.scm: Use new function.
- * tests/openpgp/defs.scm: Likewise.
- * tests/openpgp/export.scm: Likewise.
- * tests/openpgp/import.scm: Likewise.
-
- gpgscm: Improve test of low-level functions.
- + commit 11eac7eb2fa3392a9aa052f8f5bb9875129ab84b
- * tests/gpgscm/t-child.c: Print large amounts of data.
- * tests/gpgscm/t-child.scm: Test that this works.
-
- gpgscm: Improve path handling.
- + commit dff266059813d22d1e2ba7e77279999cd41ceb75
- * tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'.
- * tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with
- drive letter on Windows. Use 'path-join'.
- (path-expand): Use 'path-join'.
-
- tools: Fix error handling.
- + commit 5afbfdfd59540cb882d891ff1f4afa73fe48f99a
- * tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
- tarball failed.
-
-2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix get_socket_name.
- + commit fb3b3e1e7a4219f61a834fd07809898918611c2f
- * agent/gpg-agent.c (get_socket_name): Fix the size of copying.
-
-2016-10-07 Werner Koch <wk@gnupg.org>
-
- gpg: Put extra parens around bit tests.
- + commit 5d43d28aa3c44c3a27fde823f467b0c4be1a58c2
- * g10/options.h (DBG_MPI): New.
- * g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
- * g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
-
-2016-10-07 NIIBE Yutaka <gniibe@fsij.org>
-
- agent, dirmngr, scd: Fix init_common_subsystems.
- + commit fc0b392e766af8127094e8b529d25abb84ad1d65
- * common/init.c (_init_common_subsystems): Don't call
- gpgrt_set_syscall_clamp in this function.
- * agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
- gpgrt_set_syscall_clamp after npth_init.
-
-2016-10-06 Justus Winter <justus@g10code.com>
-
- common: Avoid pointer arithmetic on string literals.
- + commit 4aadc751f201f8f97c9c1f454e3a29803cce3edb
- * common/gettime.c (rfctimestamp): Use indexing instead.
- * common/signal.c (got_fatal_signal): Likewise.
-
- g10: Fix singular term.
- + commit b0d2526bc4e5c663eeffe04500420c70cee98712
- * g10/tofu.c (ask_about_binding): Fix singular message.
-
- g10: Use appropriate variant of 'abs'.
- + commit 73000d1ce0317210f5a9e5262404cc90258041ff
- * g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.
-
- sm: Remove statement without effect.
- + commit 2d446759bd43ae38fbce9a18c955285ca535bc08
- * sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
- effect.
-
- g10: Fix testing for debug flag.
- + commit 6b626824c8e30b41c47724b5ccbf761937499512
- * g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
- flag.
-
- tools: Improve error handling.
- + commit 32f81f56a8be6d13dea0a64d24f52343c7e72c84
- * tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.
-
- gpgscm: Update callsite of 'gnupg_spawn_process'.
- + commit 07cfb3b27a77491eae818d57f6eb660e75fa013f
- * tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to
- 'gnupg_spawn_process'.
-
-2016-10-05 Werner Koch <wk@gnupg.org>
-
- wks: Send key encrypted as required by draft -02.
- + commit 8ce800d21919eaaba7ed4f04f712292be310fd66
- * tools/gpg-wks-client.c (get_key): Encrypt.
- (encrypt_response): Take care of --fake-submission-addr.
-
- wks: Add option --fake-submission-addr to gpg-wks-client.
- + commit e514a5b725f0c997cef4362808b2778a3faa9cf8
- * tools/gpg-wks-client.c (oFakeSubmissionAddr): New.
- (opts): Add option --fake-submission-addr.
- (fake_submission_addr): New variable.
- (parse_arguments): Set it.
- (command_send): Use --fake-submission-addr.
-
- agent: Another minor fix to map_supervised_sockets.
- + commit 1cedc32c95c2e3c3ab98af23ddc2845d51e596c1
- * agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
- Provide correct fd in the second error case.
-
- agent: Fix npth + supervised mode problem.
- + commit f57dc2b1e6f28d164f882373535dbcb0d632ca17
- * agent/gpg-agent.c (main): Initialize modules in supervised mode.
-
-2016-10-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: Fix error handling in map_supervised_sockets.
- + commit a2127c71dbf87c1710b43d91a733dd4c9b2953bc
- * agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
- close on error is fd, not i.
-
-2016-10-04 Werner Koch <wk@gnupg.org>
-
- agent: Streamline the supervised mode code.
- + commit 1a9c8d78ece2f31fdb1a8e2be049aa71053061fa
- * agent/gpg-agent.c (get_socket_path): Rename to ...
- (get_socket_name): this. This is to comply with the GNU coding guide.
- Use xtrymalloc instead of malloc. Do not build for W32.
- (map_supervised_sockets): Use strtokenize and set the the socket names
- here.
- (main): Adjust for above change. Do not close the socket.
-
- agent: Adjust cleanup for supervised mode. Fix for W32.
- + commit afcfae7959f39e7d85309b9496e1f1cf9acd5cc2
- * agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
- (is_supervised): Move from main() to global.
- (inhibit_socket_removal): New.
- (cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
- (check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
- seting the socket names to empty.
-
- agent: Adjust supervised mode for the new default socket names.
- + commit dc059af1ff007842e2633e686c87d05daf1d45e3
- * agent/gpg-agent.c (main): In supervised mode do not provide default
- socket names. Unset DISPLAY and INSIDE_EMACS. Use log_error and
- agent_exit.
-
-2016-10-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- agent: Implement --supervised command (for systemd, etc).
- + commit 9f92b62a51d2d60f038fdbe01602865c5933fa95
- * agent/gpg-agent.c (get_socket_path): New function for POSIX systems
- to return the path for a provided unix-domain socket.
- (map_supervised_sockets): New function to inspect $LISTEN_FDS and
- $LISTEN_FDNAMES and map them to the specific functionality offered by
- the agent.
- (main): Add --supervised command. When used, listen on already-open
- file descriptors instead of opening our own.
- * doc/gpg-agent.texi: Document --supervised option.
-
-2016-10-04 Justus Winter <justus@g10code.com>
-
- build,w32: Unconditionally build tests.
- + commit 4a232d23a8f51bebf9ee382e480248b4bde30f28
- * configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
- variables. They are misleadingly named, as they inhibit building the
- tests. There is no reason not to build the tests even when
- cross-compiling, as they are only run if one does 'make check'.
- * Makefile: Adapt accordingly.
- * tests/Makefile.am: Adapt accordingly. Avoid building 'asschk' on
- Windows as it uses non-portable functions.
-
- tests,w32: Do not expose 'glob' to gpgscm.
- + commit 41b510f9c510f8fd1b59eb0c5dd2e2b2deaf0a1b
- * tests/gpgscm/ffi.c (do_glob): Remove function.
- (ffi_init): Likewise.
-
- tests,w32: Avoid using 'glob'.
- + commit 949e70115eb2c04bd09da6477f6c433e6fd9a366
- * tests/openpgp/setup.scm: Avoid 'glob' which is not available on
- mingw.
-
- tools: Ignore existing directories in gpgtar.
- + commit fbc83c0cdd390473c044953fb774571ffc636c6d
- * tools/gpgtar-extract.c (extract_directory): Ignore existing
- directories now that we have '--directory'.
-
-2016-10-04 NIIBE Yutaka <gniibe@fsij.org>
-
- agent, dirmngr, scd: npth_init must be after fork.
- + commit eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d
- * agent/gpg-agent.c (thread_init_once, initialize_modules): New.
- (main): Make sure no daemonizing-fork call after npth_init, and no npth
- calls before npth_init, with care of npth calls by assuan hooks.
- * dirmngr/dirmngr.c (thread_init): New.
- (main): Make sure npth_init must not be called before daemonizing fork.
- * scd/scdaemon.c (main): Likewise.
-
-2016-09-30 Werner Koch <wk@gnupg.org>
-
- agent: Remove the warning for the GKR hijacking.
- + commit a43739a2456a38c01704d8a52dca441055e29bc6
- * g10/call-agent.c (check_hijacking): Remove.
- (start_agent): Remove call.
-
- agent: Create the extra sockets in the standard socket dir.
- + commit 80cc16e0728256f6b07a12980e1f3512cf2324fa
- * agent/gpg-agent.c (main): Take the socketdir in account for the
- default sockets.
- * tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
- "agent-browser-socket".
-
- agent: Kludge to allow disabling of the extra sockets.
- + commit 95cf7afff074613825f4442fa131145a2c0d3cf7
- * agent/gpg-agent.c (main): Check for special socket names.
-
- wks: Avoid long trustdb checks.
- + commit de67055aff916455cec89fab1d95177d3b383008
- * tools/wks-receive.c (verify_signature): Use --always-trust.
-
-2016-09-30 Justus Winter <justus@g10code.com>
-
- build: Fix build against libiconv.
- + commit 6054e8aaecbd355bb7559697eecaadf2225189b8
- * agent/Makefile.am: Add INCICONV and LIBICONV.
- * common/Makefile.am: Likewise.
- * tools/Makefile.am: Likewise.
-
- agent: Enable restricted, browser, and ssh socket by default.
- + commit e11686f973b35869d7b299ce4726003ac22e2e3a
- * agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
- 'browser-socket', enable ssh socket by default, but do not emit the
- 'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
- * configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
- * doc/gpg-agent.texi: Update documentation.
-
- w32: Fix STARTTLS on LDAP connections.
- + commit 8d37018050373a47566bf8ea0d894da20ed292c7
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
- <winldap.h>.
-
-2016-09-29 Werner Koch <wk@gnupg.org>
-
- wks: Partly implement draft-koch-openpgp-webkey-service-02.
- + commit 33800280da55a859e08dfa57f29144c89dd1bead
- * tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
- * tools/wks-receive.c: Include rfc822parse.h.
- (struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
- MULTIPART_MIXED_SEEN.
- (decrypt_data): Add --no-options.
- (verify_signature): Ditto.
- (new_part): Check for Wks-Draft-Version header. Take care of text
- parts.
- (wks_receive): Set Parser and pass a flag value to RESULT_CB.
- * tools/gpg-wks-client.c (read_confirmation_request): New.
- (main) <aRead>: Call read_confirmation_request instead of
- process_confirmation_request.
- (command_receive_cb): Ditto. Add arg FLAGS..
- (decrypt_stream_status_cb, decrypt_stream): New.
- (command_send): Set header Wks-Draft-Version.
- * tools/gpg-wks-server.c (struct server_ctx_s): Add field
- DRAFT_VERSION_2.
- (sign_stream_status_cb, sign_stream): New.
- (command_receive_cb): Set draft flag.
- (send_confirmation_request): Rework to implement protocol draft
- version 2.
-
- * tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
- (DBG_MIME, DBG_PARSER, DBG_CRYPTO): New. Use instead of a plain
- opt.debug where useful.
- * tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
- * tools/gpg-wks-server.c (debug_flags): Ditto.
-
- tools: Convey signeddata also to the part_data callback in mime-parser.
- + commit c738f92c195d91662ddc7848cc3c92c7f091f1f8
- * tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
- (process_part_data): new.
- ((mime_parser_parse): Also call process_part_data for signed data.
-
- tools: Allow retrieval of signed data from mime-maker.
- + commit f776757ea94542e2f425840dddaf3e65b0ff7757
- * tools/mime-maker.c (find_part): New.
- (mime_maker_get_part): New.
-
- tools: Change mime-maker to write out CR,LF.
- + commit 29db3be6e8dbc9b4dd52cd1781106fa9fa3954a5
- * tools/mime-maker.c (struct part_s): Add field PARTID.
- (struct mime_maker_context_s): Add field PARTID_COUNTER.
- (dump_parts): Print part ids.
- (mime_maker_add_header): Assign PARTID.
- (mime_maker_add_container): Ditto.
- (mime_maker_get_partid): New.
- (write_ct_with_boundary): Remove.
- (add_header): Strip trailing white spaces.
- (write_header): Remove trailing spaces trimming. Add arg BOUNDARY.
- Handle emdedded LFs.
- (write_gap, write_boundary, write_body): New.
- (write_tree): Use new functions.
-
- tools: Simplify the mime-maker container creation.
- + commit 95d60c6ce9e8a7a7741553af957978c1f91547c5
- * tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
- (release_parts): Ditto.
- (dump_parts): Print a body line only if tehre is a body.
- (mime_maker_add_header): Check for body or container.
- (mime_maker_add_container): Remove arg MEDIATYPE. Change all callers.
- (mime_maker_end_container): New.
-
- tools: Give mime parser callbacks access to the rfc822 parser.
- + commit 4ac138c84d0f344ca9442f90c96f0e1f76062a4a
- * tools/mime-parser.c (mime_parser_context_s): Add field MSG.
- (parse_message_cb): Set it.
- (mime_parser_rfc822parser): New.
- * tools/mime-parser.h: Declare rfc822parse_t for the new prototype.
-
-2016-09-29 Justus Winter <justus@g10code.com>
-
- dirmngr: Fix STARTTLS on LDAP connections.
- + commit 9e6f8a55ed04f876635792125858ee76a948802a
- * dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
-
-2016-09-28 Werner Koch <wk@gnupg.org>
-
- gpg: Improve WKD by importing only the requested UID.
- + commit cbf2ac66692daa7a324108724698d60d6c7e473f
- * g10/keyserver.c: Include mbox-util.h.
- (keyserver_import_wkd): Do not use the global import options but
- employ an import filter.
-
- gpg: Reject import if an import filter removed all user ids.
- + commit 80393661bdfa7ae0288644513575e8a5d708b084
- * g10/import.c (any_uid_left): New.
- (import_one): Check that a UID is left.
-
- gpg: Make import filter data object more flexible.
- + commit c9237bf2ba2c49588576dcece756ebf5fe89aada
- * g10/main.h (import_filter_t): New.
- * g10/import.c (struct import_filter_s): Declare struct.
- (import_keep_uid, import_drop_sig): Replace by ...
- (import_filter): new. Adjust all users.
- (cleanup_import_globals): Move code to ...
- (release_import_filter): new.
- (save_and_clear_import_filter): New.
- (restore_import_filter): New.
-
- gpg: Make sure that internal key import is done with a binary stream.
- + commit 829949f3823c2306022928ce782f9c9d9c5f1cc8
- * g10/import.c (import_keys_internal): Open stream in binary mode.
-
-2016-09-27 Justus Winter <justus@g10code.com>
-
- build: Do not link gpg-connect-agent against npth.
- + commit 20a16833ee2bb05f735377f705899302bcf2b4d3
- * tools/Makefile.am: Do not link gpg-connect-agent against npth.
-
- build: Fix check for resolver library on macOS.
- + commit 2e64ccb0f96d615b1eb87e37f230a5d761aa9c36
- * configure.ac: Check for the mangled name of 'dn_skipname' first.
-
- common: Correctly handle modules relying on npth.
- + commit 2b23a321ac0b07beeac1dfa8d71f223e66c49b71
- * common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
- (with_npth_sources): New variable.
- (libcommonpth_a_SOURCES): Use the new variable.
-
-2016-09-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent, sm: Set CTX after start_agent.
- + commit 4e4843e735f32b5e79a51d8062da55bfaab6ad77
- * g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
- * sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
- (gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
- (gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
- (gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
- (gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
- (gpgsm_agent_export_key): Likewise.
-
- dirmngr: Removal of no-libgcrypt.o.
- + commit 836b72363168cbb0051fc2356f61788468db211c
- * dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.
-
- agent: Allow only specific digest size for ECDSA.
- + commit 98bc6f480ac973dccce90378dc021a2e24e58704
- * agent/pksign.c (do_encode_dsa): Fix validation of digest size.
-
-2016-09-22 Neal H. Walfield <neal@g10code.com>
-
- g10: When adding a user id, make sure the keyblock has been prepared.
- + commit df5353b95eefc13135e7df50a7c197f270d6080d
- * g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
- KEYBLOCK before adding the user id.
- * tests/openpgp/quick-key-manipulation.scm: Make sure that the key
- capabilities don't change when adding a user id.
- (key-data): New function.
-
-2016-09-20 Justus Winter <justus@g10code.com>
-
- tests: Add documentation, make interactive debugging possible.
- + commit 7e0379a75475abfd15e0623913795779ff0f40d7
- * tests/openpgp/README: Add documentation about debugging and
- interfacing with GnuPG.
- * tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the
- child so that we can use a repl in the tests.
-
- tests: Port the quick key manipulation test to Scheme.
- + commit 6c4c0e3ac2aeafba7a2b7c2dd92a18be8aec92b1
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/quick-key-manipulation.scm: New file.
-
- tests: Remove list of tests from the test runner.
- + commit 49fae88fd170f2bdc12a1794a2637260e3c73a73
- * tests/openpgp/run-tests.scm: Drop hardcoded list.
-
- tests: Reduce runtime of excessive test.
- + commit 988a04b98d42ff9cc9e62007ebcc0e4c03f4047d
- * tests/openpgp/conventional-mdc.scm: Use only two plaintexts when
- iterating over all cipher algorithms.
-
- dirmngr: Fix type.
- + commit 285d193f1e1464495bce57bd0f323468515b4513
- * dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.
-
-2016-09-20 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Open file CRL's in binary mode.
- + commit 4644c27514f34f5efc555d43672a25088a611a72
- * dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.
-
-2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
-
- doc: Fix a xref usage.
- + commit b9b4ff857034df51e055ceddce567ca97e94e075
-
-
-2016-09-20 Ineiev <ineiev@gnu.org>
-
- doc: Do not end section names with "."
- + commit 8078d8246fa38c3e478fc9a542117468780ace00
-
-
-2016-09-20 NIIBE Yutaka <gniibe@fsij.org>
-
- doc: minor fix for @xref.
- + commit 9c1b3bc25a1b38c4eda31bf12ccc10d94bb05212
- * doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref.
-
-2016-09-20 Justus Winter <justus@g10code.com>
-
- doc: Implement simple '@ref'erences.
- + commit 91d5e6f805aaf24a3f1f03a95998f757dce04cb2
- * doc/yat2m.c (proc_texi_cmd): Handle '@ref'.
-
-2016-09-20 Ineiev <ineiev@gnu.org>
-
- doc: Fix full stops.
- + commit 0eaab1af48f600b636183321e4a4e9c6bc361610
- * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
- doc/tools.texi: Fix.
-
- doc: Fix spacings.
- + commit 32bcf8b73ede9c8f1469821a54dedc6be75241d2
- * doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi,
- doc/gpg.texi, doc/tools.texi: Fix.
-
- doc: Improve markup.
- + commit 377624207e9b2895ce00dfc4d1163d72f349841f
- * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
- doc/specify-user-id.texi, doc/tools.texi: Fix.
-
- doc: Replace rfc0123 with RFC-0123.
- + commit 9d2b7bff12b268638465da222ca7cc9042bba072
- * doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.
-
- doc: Add missing description of datafile.
- + commit 789916281c25e737d8fb44add5ca61f8fd25de2f
- * doc/gpg.texi: Fix.
-
- doc: Replace UTF8 with UTF-8.
- + commit 00d6d8bc8772e48b6f200d359e11eb93ab65f51f
- * doc/gpg.texi: Fix.
-
- doc: Fix mistakes.
- + commit f25e04005af5831053ba194a09e3afa48d1e162b
- * doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/howto-create-a-server-cert.texi,
- doc/scdaemon.texi, doc/tools.texi: Fix.
-
- doc: Eliminate inconsistent UK English.
- + commit 825c1dfb3ee4c1704f42eaf064161b9731c20134
- * doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi,
- doc/tools.texi: Fix.
-
- doc: Use the right reference commands.
- + commit f32689f833838a742243e94c900e98f5b59a5811
- * doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/tools.texi: Fix.
-
- doc: Fix "Not(e) that you can(not) abbreviate".
- + commit 20a27d8a57c4c990fcada4278a1ce2e6fc9043e9
- * doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/scdaemon.texi, doc/tools.texi: Fix.
-
- doc: Fix typos.
- + commit fa346508fe323e61cf157ee30c13301e1d2117c0
- * doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
- * doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
- * doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
- * doc/specify-user-id.texi, doc/tools.texi: Fix.
-
- doc: Fix Martin Hellman's name.
- + commit 858af2b3473e436af53470d53cdac334edce9f09
- * doc/contrib.texi: Fix.
-
-2016-09-19 Justus Winter <justus@g10code.com>
-
- tests: Refine the repl function.
- + commit 884e78efe1f3ba50513bf81c8b4804d22b25eac4
- * tests/gpgscm/repl.scm (repl): Add an argument 'environment'.
- (interactive-repl): Add an optional argument 'environment'.
-
- tests: Implement interpreter shutdown using exceptions.
- + commit 9a0659a65c52378de1c4736a0eddf8518eb20948
- * tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'.
- * tests/gpgscm/ffi.scm (*interpreter-exit*): New variable.
- (throw): New function.
- (exit): New function.
-
- tests: Correctly handle exceptions in resource handling macros.
- + commit 58007e52593e6b0f838de2e464ceeacf22757018
- * tests/gpgscm/tests.scm (letfd): Correctly release resources when an
- exception is thrown.
- (with-working-directory): Likewise.
- (with-temporary-working-directory): Likewise.
- (lettmp): Likewise.
-
- tests: Refine exception handling.
- + commit ab483eff9a8254adf127cdee178e14ba74f0a2b3
- * tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in
- the error handler, update and fix comment.
- (*error-hook*): Revert to original definition.
- * tests/gpgscm/tests.scm (tr:do): Adapt accordingly.
- * tests/openpgp/issue2419.scm: Likewise.
-
- tests: Use descriptive temporary file names.
- + commit 83a406b38a21d0eeb4963db824a27783c212d2fb
- * tests/gpgscm/ffi.c (do_get_isotime): New function.
- (ffi_init): Add parameter 'scriptname', bind new function and
- scriptname.
- * tests/gpgscm/ffi.h (ffi_init): Update prototype.
- * tests/gpgscm/main.c (main): Hand in the script name.
- * tests/gpgscm/tests.scm (mkdtemp): Use current time and script name
- for the names of temporary directories.
-
-2016-09-19 Werner Koch <wk@gnupg.org>
-
- gpg: Fix regression in fingerprint printing.
- + commit 998643666c016dbacf10f813c22efc97deadec65
- * g10/keylist.c (list_keyblock_print): Do not depend calling
- print_fingerprint on opt.keyid_format.
-
- dirmngr: Silence diagnostics about starting housekeeping.
- + commit 5bf1facc973eb6e0bfab0f8f17129534dec56e04
- * dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
- verbose mode.
-
-2016-09-19 Justus Winter <justus@g10code.com>
-
- g10: Fix memory leak.
- + commit 086d219d96caa3501048aff82a282481e07c195b
- * g10/tofu.c (build_conflict_set): Free 'kb_all'.
-
-2016-09-19 Werner Koch <wk@gnupg.org>
-
- doc: Update license information.
- + commit 3899041cd2877ce9584c7bd149f232f35a07c399
- * tests/fake-pinentries/COPYING: Rename to ...
- * COPYING.CC0: this. Add a note on the scope of this license.
- * COPYING.LIB: Add a note on the scope of this license.
- * AUTHORS (License): Mention CC) license.
-
- gpgscm: Fix gcrypt version check.
- + commit 47baeac50ccaaf06dc8b0cebece50f47754de6ca
- * tests/gpgscm/main.c (main): Check against required and not installed
- version.
-
- gpg: Avoid malloc failure due to no key signatures.
- + commit 18bbefa27f9e47e1062ee4d7af09487632795ba7
- * g10/keyedit.c (check_all_keysigs): Check early for no key
- signatures. Use xtrycalloc.
-
-2016-09-17 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix comment and format.
- + commit 7305d27f36148a7fb8c2f4ef5b94774cbd21b18e
- * agent/protect-tool.c (main): Fix comment.
- * doc/DETAILS (colon listings): Fix list.
- * tests/openpgp/multisig.test: Fix comment.
-
-2016-09-17 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Fix more spelling.
- + commit 0d67241e317b172a258a910c02d90639e2b08fce
- * NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
- agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
- common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
- doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
- doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
- doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
- g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
- g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
- sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
- tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
- tests/openpgp/multisig.test, tests/openpgp/verify.scm,
- tests/pkits/README, tools/applygnupgdefaults,
- tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
- minor spelling cleanup.
-
- move some file encodings to UTF-8.
- + commit 215180d1ce6c93e2b4969d746c83ac4c055d25ef
- * dirmgnr/cdblib.c: comment used unnecesary hyphenation
- * dirmngr/crlcache.h: comment was iso-8859-1
- * doc/contrib.text: list contributors using UTF-8 (now we can
- acknowledge many more people using their preferred orthography)
-
- At least one other files remains in a non-UTF-8 encoding, which i'm
- not sure what to do with:
-
- - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
- it that way?
-
-2016-09-16 Neal H. Walfield <neal@g10code.com>
-
- g10: On failure, propagate the return code.
- + commit 6e930f0e4077bc7aa3d28b1ba649a82d62427d87
- * g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.
-
- g10: Don't ignore failure. On failure, rollback.
- + commit 221b0bd0e5946edaea7135bc3b6f3c5c0fc6dbca
- * g10/tofu.c (tofu_set_policy): If record_binding fails, fail. If the
- function fails, rollback the transaction.
-
- g10: Load the key block if the supplied user id list is NULL.
- + commit c2e563421e4fd4f0910642aa7b171bcf0b374b01
- * g10/tofu.c (tofu_register_encryption): Load the key block if
- USER_ID_LIST is NULL.
-
- g10: Use the accessor functions for accessing and comparing key ids.
- + commit af196342bf44ce6dc42111d37539dec7ee3b3d82
- * g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
- (tofu_register_signature): Likewise.
- (tofu_register_encryption): Likewise.
- (tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.
-
-2016-09-16 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- po: convert localizations to UTF-8.
- + commit 4ab8107063b641ed74fc4c9bf98304bcea573178
- * po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8
-
- This was an automated conversion process, using:
-
- for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
- cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
- iconv -f $cs -t UTF-8 < $x >$x.tmp
- sed "s/$cs/UTF-8/" < $x.tmp > $x
- rm -f $x.tmp
- done
-
-2016-09-16 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add support of ECC pubkey attribute.
- + commit dd06d33655bc872a6310edac8e448419479d3312
- * scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
- (send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
- (parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
- (build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
- Support offering public key when ECC_FLAG_PUBKEY sets.
- (ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
- (parse_algorithm_attribute): Parse pubkey-required byte.
-
-2016-09-15 Justus Winter <justus@g10code.com>
-
- g10: Add missing header.
- + commit c0e620cee86b5dacc941964bd187bba0dfa90eea
- * g10/trustdb.c: Include 'mbox-util.h'.
-
-2016-09-15 Neal H. Walfield <neal@g10code.com>
-
- g10: Only consider bindings matching the signer's user id.
- + commit 3f7f7447316f57d002d683af4ad30ac5730b9ebe
- * g10/trustdb.c (tdb_get_validity_core): If the signer's user id
- subpacket is present, only consider matching user ids.
-
- g10: Don't include the signature when printing a binding's validity.
- + commit dcc64663051f8af82abc11e2699649c3b35936db
- * g10/mainproc.c (check_sig_and_print): When printing information
- about a binding don't include the current signature.
-
-2016-09-15 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- tests/fake-pinentries: fake pinentries for downstream developers.
- + commit 3248182d1b5a03098ee797c980fa0f0ec06e716f
- * tests/fake-pinentries/README.txt and
- tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
- domain (CC0) files to encourage better test suite practices from
- downstream developers.
- * tests/fake-pinentries/COPYING (new): a copy of
- https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
-
- spelling: conenction should be connection.
- + commit 167273ee9d3c04f29835aa2d12fde52eebf61efb
- * dirmngr/server.c, sm/server.c: s/conenction/connection/
-
- spelling: correct achived to achieved.
- + commit 7fafc3c49901c118b47d4d13a41fb3575c1f9e4b
-
-
-2016-09-15 NIIBE Yutaka <gniibe@fsij.org>
-
- tests/gpgscm: Fix use of pointer.
- + commit 68eb5fbd37c31ed7c0c916656131eea7bb58d13d
- * tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
- alloc_seg.
- * tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp. Use
- (void *) for coercion of address calculation.
-
-2016-09-14 Neal H. Walfield <neal@g10code.com>
-
- g10: Fix whitespace.
- + commit 9799b5d18f8fd29872b75c4d70d370af2b4e9a89
- * g10/tofu.c (show_statistics): Fix whitespace.
-
- g10: Correctly compute the euclidean distance.
- + commit 05b2b13efd8ecea86d31af863cbf82c8b38dc94f
- * g10/tofu.c (write_stats_status): Correctly compute the euclidean
- distance.
- (show_statistics): Likewise.
-
- g10: Change the default TOFU policy for UTKs to good.
- + commit ca91caabb5798f67c69ee96657c7cb402e7db0df
- * g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
- good.
-
- g10: Add missing static qualifier.
- + commit 9d62b79e62ef2690e6522fe1621140fbfc10695c
- * g10/tofu.c (cross_sigs): Add missing static qualifier.
-
- g10: Default to the "good" TOFU policy for keys signed by a UTK.
- + commit 8df8aa13c795e400324a782fbaea578c8f2a1398
- * g10/tofu.c (signed_by_utk): New function.
- (get_trust): If a key is signed by an ultimately trusted key, then
- set any bindings to good.
-
-2016-09-14 Werner Koch <wk@gnupg.org>
-
- gpg: Emit a new error status line in --quick-adduid.
- + commit f4e11f2e9e8f58fd5f0df3148e6d7ccef0f84232
- * g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
- user id.
-
- gpg: Allow use of "default" algo for--quick-addkey.
- + commit 0fd332bc1f6f1f10c96da0cc91203925d3ac81eb
- * g10/keygen.c (quick_generate_keypair): Write a status error.
- (parse_algo_usage_expire): Set a default curve.
-
-2016-09-13 Werner Koch <wk@gnupg.org>
-
- gpg: Improve usability of --quick-gen-key.
- + commit 30a011cfd6ec172cc460e59f0904a26fe2d68632
- * g10/keygen.c (FUTURE_STD_): New constants.
- (parse_expire_string): Handle special keywords.
- (parse_algo_usage_expire): Allow "future-default". Simplify call to
- parse_expire_string.
- (quick_generate_keypair): Always allow an expiration date. Replace
- former "test-default" by "future-default".
-
-2016-09-12 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid mixing up status and colon line output.
- + commit 31fc420727f45dd081f8ad5d056da6675dad29f2
- * g10/keylist.c (list_keyblock_colon): Avoid calling functions which
- trigger a status line output before having printed a LF.
-
-2016-09-12 Justus Winter <justus@g10code.com>
-
- tests: Simplify tofu test.
- + commit aa81e32df7189c3eb44d4c602fd63f5b3f6a9e49
- * tests/openpgp/tofu.scm: Simplify now that we only have one db
- format.
-
-2016-09-10 Ben Kibbey <bjk@luxsci.net>
-
- Portability build fix.
- + commit eddcba038025cdbd58aaf67cafd6d83f0ea042d5
- * kbx/Makefile.am: Add NETLIBS.
- * dirmngr/Makefile.am: Ditto for dirmngr_ldap.
-
- Fix symbol conflict.
- + commit 937ec53eff290c3d916faebc23218c9272671c02
- * g10/gpgcompose.c: Rename struct siginfo to signinfo.
-
-2016-09-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: print fingerprint regardless of keyid-format.
- + commit d757009a24eb856770fc3a3729e2f21f54d2a618
- * g10/keylist.c (print_fingerprint): use compact format independent of
- keyid-format; (print_key_line): always print the fingerprint
-
-2016-09-08 Werner Koch <wk@gnupg.org>
-
- gpg: Remove option --yes from gpgv.
- + commit 30a9f53a0f2af6b98c26b8ddc0b4b87c38416f2a
- * g10/gpgv.c (opts): Remove --yes.
- (main): Always set opt.ANSWER_YES.
-
- gpg: Add options --output and --yes to gpgv.
- + commit a8363b7d0bcc77b55226d5fe8f972214c968ddc3
- * g10/gpgv.c (oOutput, oAnswerYes): New.
- (opts): Add --output and --yes.
- (main): Implement options.
-
- gpg: Make --output work with --verify.
- + commit bbe940c095f2bca7a1ca5f8e68ca1af98350a885
- * g10/mainproc.c (proc_plaintext): Handle opt.output.
-
-2016-09-07 Werner Koch <wk@gnupg.org>
-
- dirmngr: Terminate on deletion of the socket file (Linux only).
- + commit 6308c300196ae85fd82ed383217219e0206640a4
- * dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
- (oDisableCheckOwnSocket): New.
- (opts): Add --disable-check-own-socket.
- (disable_check_own_socket): New var.
- (parse_rereadable_options): Set that var.
- (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
- (handle_connections) [HAVE_INOTIFY_INIT]: New.
-
-2016-09-07 Neal H. Walfield <neal@g10code.com>
-
- g10: Use the time a signature was seen, not the embedded time, for stats
- + commit bde29a46cedbbd2a5dfe7c91a6277c0a4ff50825
- * g10/tofu.c (ask_about_binding): Use the time that a signature was
- seen, not allegedly generated, when generating statistics.
-
- tests: Don't use --tofu-db-format.
- + commit a937eef2d4e80cd43095802176d3db5e7fd94008
- * tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
- deprecated.
-
- g10: Check for a new binding a bit later.
- + commit ee06b3f7889bd99c28ac68f4781bda77d67eed00
- * g10/tofu.c (build_conflict_set): Check for the current key after
- looking for conflicts and removing any '!'.
-
- g10: Change TOFU code to respect --faked-system-time.
- + commit 7b3e8572e3bb8a65d20577a48009251fdc7b1910
- * g10/tofu.c (record_binding): New parameter now. Update callers.
- Don't use SQLite's strftime('%s','now') to get the current time, use
- NOW.
- (ask_about_binding): Likewise.
- (get_trust): New parameter now. Update callers.
- (show_statistics): Likewise.
- (tofu_register_signature): Don't use SQLite's strftime('%s','now') to
- get the current time, use gnupg_get_time().
- (tofu_register_encryption): Likewise.
-
- g10: Use the correct conversion function.
- + commit 56c18408d4955713d9c4e634367c7912d6564651
- * g10/tofu.c (show_statistics): Use string_to_ulong, not
- string_to_long.
-
-2016-09-07 Werner Koch <wk@gnupg.org>
-
- gpg: Fix format string issues in tofu.
- + commit 97a67d42dc946b2d6ed81723d86e37002b5931b3
- * g10/tofu.c (write_stats_status): Use ulong for MESSSAGES. Fix
- format strings. Simplify by using the new write_status_printf.
-
-2016-09-06 Neal H. Walfield <neal@g10code.com>
-
- g10: Make sure some functions are passed a primary key.
- + commit 13ddc17ddb266d74033d5739fec932034fa85c72
- * g10/tofu.c (get_trust): Make sure the caller provides a primary key.
- (tofu_register_signature): Likewise.
-
- g10: Tweak TOFU's verbosity.
- + commit ee19eacd1d688d3a98cd66e5ef2f42079eb829f1
- * g10/tofu.c (time_ago_str): Only show the most significant unit.
- * g10/tofu.c (show_statistics): Tweak the output.
-
- g10: Only show the TOFU warning once per key.
- + commit 67cef405cbfad2e53fc388dd6591ee4f7cb0d973
- * g10/tofu.c (show_statistics): Return whether to call show_warning.
- Move the warning from here...
- (show_warning): ... to this new function.
- (tofu_get_validity): If show_statistics returns a non-zero value, call
- show_warning.
-
- g10: Record and show statistics for encrypted messages when using TOFU.
- + commit 875ac9216f1383851a82bd240cadb17c7112f6a8
- * g10/tofu.c: Include "sqrtu32.h".
- (struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
- get_trust_gather_signature_stats. Add new field
- get_trust_gather_encryption_stats.
- (initdb): Create the encryptions table.
- (ask_about_binding): Show the encryption statistics too.
- (tofu_register): Rename from this...
- (tofu_register_signature): ... to this and update callers.
- (tofu_register_encryption): New function.
- (write_stats_status): Add parameters encryption_count,
- encryption_first_done and encryption_most_recent. Update callers.
- Compute the trust using the euclidean distance of the signature and
- signature count. Compare with twice the threshold. Include
- encryption count information in the TFS and TOFU_STATS lines.
- (show_statistics): Also get information about the encrypted messages.
- * g10/trustdb.c (tdb_get_validity_core): Use it.
-
- g10: Simplify the binding statistics shown for a TOFU conflict.
- + commit a9e6db6c7e23d9f4b8de59f5cabbf9eb6a59e626
- * g10/tofu.c (ask_about_binding): Simplify binding statistics.
-
-2016-09-06 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix detection of unbalanced parenthesis.
- + commit f2249b737055f84842778285bbeff5e61fa55225
- * tests/gpgscm/main.c (load): Print error message.
- * tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
- loading files.
-
- tests: Fix test.
- + commit 213b3cf465fb091dc0a205d1a08b88b950ffb85f
- * tests/openpgp/multisig.scm: Add missing parenthesis.
-
-2016-09-06 Werner Koch <wk@gnupg.org>
-
- agent: Terminate on deletion of the socket file (Linux only).
- + commit 650356148af43ea619bec12e599a4981b147d5f8
- * configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
- * agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
- (my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
- (handle_connections) [HAVE_INOTIFY_INIT]: New.
-
-2016-09-05 Justus Winter <justus@g10code.com>
-
- tests: Speed up the test suite.
- + commit 46c4333c372f0e1ad2aadc411490c2a330b4c5a6
- * tests/openpgp/run-tests.scm (test::run-sync): Pass additional
- arguments to the test.
- (test::run-sync-quiet): Likewise.
- (test::run-async): Likewise.
- (run-tests-{parallel,sequential}-isolated): Create a tarball of the
- gnupghome, then extract it for each test.
- * tests/openpgp/setup.scm: Refactor into functions, add an interface
- to tar-up the created environment, and untar it multiple times.
-
- common: Restore a simpler variant of 'gnupg_wait_process'.
- + commit c97bde2dfeab23a84b4788d998934ac49ff5b797
- * common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
- 5ba4f604.
-
- common: Fix error handling.
- + commit 845e2cc201d6a2cdb151e39e29516d26cb49311c
- * common/exechelp-posix.c (store_result): Use xtrymalloc.
- (gnupg_wait_processes): Likewise, and check result.
-
-2016-09-05 Neal H. Walfield <neal@g10code.com>
-
- g10: Don't add user attributes to the TOFU DB.
- + commit 9082bde01cc18e32504ce39d55ea6dd3c05dddec
- * g10/trustdb.c (tdb_get_validity_core): Skip user attributes.
-
-2016-09-05 Werner Koch <wk@gnupg.org>
-
- agent: Silence --debug IPC output for connections from self.
- + commit 0b99d1fd2a80b8efaacc731027d2b2ecd9eca699
- * agent/command.c (server_local_s): Add fields 'greeting_seen' and
- 'connect_from_self'.
- (io_monitor): Do not log connections from self.
- (start_command_handler): Set flag 'connect_from_self'.
- * agent/gpg-agent.c (check_own_socket_thread): Disable logging.
- (do_start_connection_thread): Do not log conection start and
- termination if IPC debugging is enabled.
-
- agent: Small improvement of the server's local state.
- + commit 2eeb5551c37659fdd59e8537fc77a9e7fb6a9204
- * agent/command.c (sserver_local_s): Change flags to use only one bit.
- (option_handler): Make an atoi return 1 or 0.
-
-2016-09-05 Neal H. Walfield <neal@g10code.com>
-
- g10: Refactor cross sig check code.
- + commit 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de
- * g10/tofu.c (BINDING_NEW): New enum value.
- (BINDING_CONFLICT): Likewise.
- (BINDING_EXPIRED): Likewise.
- (BINDING_REVOKED): Likewise.
- (ask_about_binding): Move cross sig check from here...
- (get_trust): ... and the conflict set building from here...
- (build_conflict_set): ... to this new function.
- (format_conflict_msg_part1): Replace parameter conflict with
- conflict_set. Drop parameter fingerprint. Update callers.
- (ask_about_binding): Drop unused parameter conflict and redundant
- parameter bindings_with_this_email_count. Rename parameter
- bindings_with_this_email to conflict_set. Update callers.
-
-2016-09-05 Justus Winter <justus@g10code.com>
-
- tests: Update README.
- + commit 65a7563edbbab8f93fe901f932065687508788de
- * tests/openpgp/README: Update.
-
- tests: Pass flags to test driver.
- + commit 059c79d8b447a3baa9ad0b4d3367bdb64dd2ef3b
- * tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.
-
- common: Improve waiting for processes on POSIX.
- + commit e33111fcdac08ed2ddfbdf59b1f790569b42f695
- * common/exechelp-posix.c (struct terminated_child): New definition.
- (terminated_children): New variable.
- (store_result): New function.
- (get_result): Likewise.
- (gnupg_wait_process): Store results that were not requested and
- consider previously stored results.
-
- waitpid(2) may return information about terminated children that we
- did not yet request, and there is no portable way to wait for a
- specific set of children. As a workaround, we store the results of
- children for later use.
-
-2016-09-05 Werner Koch <wk@gnupg.org>
-
- dirmngr: Exclude D lines from the IPC debug output.
- + commit de623474db3ba402c9bbd872ab6f932f46cbdde9
- * dirmngr/dirmngr.h: Include asshelp.h.
- * dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
- (data_line_write): Implement logging inhibit.
- (data_line_cookie_close): Print non-logged D lines.
- (cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
- (dirmngr_assuan_log_monitor): New.
- * dirmngr/dirmngr.c (main): Register monitor function.
-
- common: Add an assuan logging monitor.
- + commit 0ac671f8a2b65a4b339f615c6420287a549779fa
- * common/asshelp.c (my_log_monitor): New var.
- (my_libassuan_log_handler): Run that monitor.
- (setup_libassuan_logging): Add arg to set a log monitor and change all
- callers.
-
- gpg: New export filter drop-subkey.
- + commit 0a4a03e5310946b0866a0f6a34031eda7a240162
- * g10/import.c (impex_filter_getval): Add properties for key packets.
- * g10/export.c (export_drop_subkey): New var.
- (cleanup_export_globals): Release that var.
- (parse_and_set_export_filter): Add filter "drop-subkey".
- (apply_drop_subkey_filter): New.
- (do_export_stream): Run that filter.
-
- common: Add string operator gt,ge,le,lt to recsel.
- + commit 959cd8903fd012e63dbb156db56708dd3934b5df
- * common/recsel.c (recsel_parse_expr): Add them.
- (recsel_dump): Print them.
- (recsel_select): Evaluate them.
-
- gpg: Use a common filter_getval for import and export.
- + commit c8e0d37f4152d1341ef562a190fce93a0386a759
- * g10/import.c (filter_getval): Rename to ...
- (impex_filter_getval): this. Make global.
- (apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
- * g10/export.c (filter_getval): Remove.
- (apply_drop_sig_filter): Use impex_filter_getval.
-
-2016-09-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix an action after card removal.
- + commit f9e49c80e706a27d5e30d4b3237ff26367a67130
- * scd/command.c (update_card_removed): Call apdu_close_reader here.
-
-2016-09-02 Werner Koch <wk@gnupg.org>
-
- wks: Add framework for policy flags.
- + commit 46362cbc0e2260e989820795a6e4245c72335172
- * tools/call-dirmngr.c (wkd_get_policy_flags): New.
- * tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
- * tools/wks-util.c (wks_parse_policy): New.
- * tools/gpg-wks-client.c (command_send): Get the policy flags to show
- a new info line.
- * tools/gpg-wks-server.c (get_policy_flags): New.
- (process_new_key): get policy flag and add a stub for "auth-submit".
- (command_list_domains): Check policy flags.
-
- dirmngr: Add --policy-flags option to WKD_GET.
- + commit 505ee45106d6aa2902bbdd6326f8eb7527c273c4
- * dirmngr/server.c (cmd_wkd_get): Add new option.
-
- common: Check read errors in name-value.c.
- + commit fc445b36fafc8a4cc3ce5a675ac42df7a9d9a02a
- * common/name-value.c: Check for read errors.
-
-2016-09-02 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Release the card reader after card removal.
- + commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
- * scd/command.c (update_reader_status_file): Call apdu_close_reader.
-
- scd: Clean up unused shutdown method.
- + commit d1ae7103352fbda2a05f098379cd3043a0ab5566
- * scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
- (reset_ccid_reader): Don't set shutdown_reader.
- * scd/ccid-driver.c (ccid_shutdown_reader): Remove.
-
- agent: invoke scdaemon with --homedir.
- + commit 8b6c0bae33bdc36892f4595806665ce61f77dfd2
- * agent/call-scd.c (start_scd): Supply --homedir option when it's not
- default homedir.
-
- po: Update Japanese translation.
- + commit afdfc954b35370fbf03aaf8dc0e496410923aa4e
-
-
-2016-09-01 Neal H. Walfield <neal@g10code.com>
-
- g10: End transaction earlier.
- + commit 85fad6c34c08b2850580e0644faba62d3a501b84
- * g10/tofu.c (ask_about_binding): End the transaction earlier.
-
- g10: Don't consider cross-signed keys to be in conflict.
- + commit b410a3cb7683fc7c2a253e23130c44df42a6203c
- * g10/tofu.c (cross_sigs): New function.
- (ask_about_binding): If apparently conflicting keys are cross signed,
- then don't mark them as conflicting.
-
-2016-09-01 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid homedir creation by --list-config.
- + commit 38d369de13acb95208a0ed8d1cf82ac19173688f
- * g10/gpg.c (main): Do not register a key for the list config
- commands.
-
- gpg: Simplify code to print VALIDSIG.
- + commit fde9fa81d3d3b25a929b532cc1960d9d9f454a0c
- * g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
- write_status_printf.
-
- gpg: Add new function write_status_printf.
- + commit 6bdadae00512b4907826f6754cdb220d06e1ac6d
- * g10/cpr.c (write_status_printf): New.
-
- gpg: Fix printing of pubkey algo in --verbose signature verify.
- + commit 37e3c897252babc203447be9d2f286a4507875ad
- * g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
- change the semantics. Also clear the other R_ args on function entry,
- use gpg_error() and change retturn type to gpg_error_t.
- * g10/mainproc.c (do_check_sig): Add arg R_PK.
- (list_node): Pass NULL for new arg.
- (check_sig_and_print): Rework to make use of the returned PK.
-
-2016-09-01 Neal H. Walfield <neal@g10code.com>
-
- g10: When asking about a TOFU binding conflict, default to unknown.
- + commit 3d44e5e8a8d1d8bf6cf5d387f50d75f84d804412
- * g10/tofu.c (ask_about_binding): Default to unknown.
-
- g10: Add support for TRUST_NEVER.
- + commit f2e5cb6ffb55e49a05d452cd85e45f6f67c20abb
- * g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
- returned by the TOFU trust model.
- (do_we_trust_pre): Print a different message if TRUSTLEVEL is
- TRUST_NEVER.
- (check_signatures_trust): Improve comment.
-
- g10: Improve text.
- + commit 0cb0ea1633955fb7acd33fe993a4ae4e96e83ae3
- * g10/tofu.c (show_statistics): Improve the text (key and user id, not
- just key).
-
- g10: Remove unused parameter.
- + commit 00c2850393ecc320f591f511c3534286964780c2
- * g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
- Update callers.
-
-2016-09-01 Werner Koch <wk@gnupg.org>
-
- gpg: Copy the correct digest for use by TOFU.
- + commit 3e67b50490aef087b5769bb35145d23f6657780f
- * g10/mainproc.c (do_check_sig): Use the current digest algo.
-
-2016-09-01 Neal H. Walfield <neal@g10code.com>
-
- g10: Be careful to not be in a transaction during long operations.
- + commit 4cbd2a690c5e5ed2dff49c1f4fc867b31fca689a
- * g10/tofu.c (begin_transaction): New parameter only_batch. If set,
- only start a batch transaction if there is none and one has been
- requested. Update callers.
- (tofu_suspend_batch_transaction): New function.
- (tofu_resume_batch_transaction): Likewise.
- (ask_about_binding): Take a ctrl_t, not a tofu_dbs_t. Update
- callers. Gather statistics within a transaction. Suspend any batch
- transaction when getting user input.
- (get_trust): Take a ctrl_t, not a tofu_dbs_t. Update callers.
- Enclose in a transaction.
- (tofu_get_validity): Use a batch transaction, not a normal
- transaction.
-
-2016-09-01 Werner Koch <wk@gnupg.org>
-
- tests: Run test requiring the network only in maintainer-mode.
- + commit babeb6f8a9b1f8341652145bad58be6cd49e0712
- * dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
- (module_tests): Move t-dns-test to ...
- (module_net_tests): here.
-
-2016-08-31 Werner Koch <wk@gnupg.org>
-
- wks: Send a final message to the user.
- + commit 04c042f3f2a631bc6e772c33f8da5e7aa7b1902a
- * tools/gpg-wks-server.c (send_congratulation_message): New.
- (check_and_publish): Call it.
-
- wks: Relax permission check for the top directory.
- + commit e4eac16330449f3893c11820c15e07d58fb807ff
- * tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.
-
-2016-08-31 Neal H. Walfield <neal@g10code.com>
-
- g10: On a TOFU conflict, show whether the uids are expired or revoked.
- + commit edfb6934caf16c6afcfd82d684d8ae9c79674d10
- * g10/tofu.c (struct signature_stats): Add fields is_expired and
- is_revoked.
- (signature_stats_prepend): Clear *stats when allocating it.
- (ask_about_binding): Also show whether the user ids are expired or
- revoked.
-
- doc: Add a help text for tofu.conflict.
- + commit b69b2cb082e39a7eb56082fa80219f6f14fbd2b4
- * doc/help.txt (.gpg.tofu.conflict): New help text.
-
- g10: Always trust ultimately trusted keys.
- + commit 28c235ae757e9036b0b96efc28931fa5cc74f7ee
- * g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
- trusted keys.
-
- g10: Fix error detection.
- + commit 5b48960a8a2555db7bf992261de9e922838c9913
- * g10/tofu.c: first_seen == 0 is not an error.
-
- g10: Update a key's TOFU policy in a transaction.
- + commit e4d5e3cb0d10e8f77c7100d42cfdb32051de1c18
- * g10/tofu.c (tofu_set_policy): Do the update in a transaction.
- * g10/gpg.c (main): Do a TOFU policy update in a batch transaction.
-
- g10: Fix the show old policy functionality when changing a TOFU policy.
- + commit 247eef005cf4c34e9a82227e4ab7823e04911be4
- * g10/tofu.c (record_binding): Fix the show old policy functionality.
-
- g10: Drop unused argument.
- + commit 70df5a8fd781d8774d835384ca28c4d8518bb9d0
- * g10/tofu.c (begin_transaction): Remove unused option only_batch.
-
- gpg: Move state local to tofu.c to a private structure.
- + commit 268f6b7a3403d036882b4af384ba7ab2f8c8355f
- * g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
- and batch_update_started from here...
- * g10/tofu.c (struct tofu_dbs_s): ... to here.
-
- gpg: Avoid name spaces clash with future sqlite versions (2).
- + commit b8184d2d74e5ddd5eb68836b53fe5568110e14dd
- * g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
- GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
- to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
- SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.
-
-2016-08-31 Werner Koch <wk@gnupg.org>
-
- gpg: Fix regression in gpgv's printing of the keyid.
- + commit 76304a971fe507ea659b952932ea899463ab7166
- * g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
-
-2016-08-30 Neal H. Walfield <neal@g10code.com>
-
- g10: Improve TOFU batch update code.
- + commit 371ae66e9d5c7524431773c4a479fcae1ea3b652
- * g10/gpg.h (tofu): Rename field batch_update_ref to
- batch_updated_wanted.
- * g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
- in_batch_transaction.
- (begin_transaction): Only end an extant batch transaction if we are
- not in a normal transaction. When ending a batch transaction, really
- end it. Update ctrl->tofu.batch_update_started when starting a batch
- transaction.
- (end_transaction): Only release a batch transaction if ONLY_BATCH is
- true. When releasing a batch transaction, assert that there is no
- open normal transaction. Only allow DBS to be NULL if ONLY_BATCH is
- true.
- (tofu_begin_batch_update): Don't update
- ctrl->tofu.batch_update_started.
- (opendbs): Call end_transaction unconditionally.
-
- g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
- + commit d0451440c036106895a291f9ca1c53c2d5159f8f
- * g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
- user ids, change TOFU to return TRUST_NEVER.
-
- g10: Change tofu_register & tofu_get_validity to process multiple uids.
- + commit 6052c147091935fc0321ba24f4a44146df70ef01
- * g10/tofu.c (tofu_register): Take a list of user ids, not a single
- user id. Only register the bindings, don't compute the trust. Thus,
- change return type to an int and remove the may_ask parameter. Update
- callers.
- (tofu_get_validity): Take a list of user ids, not a single user id.
- Update callers. Observe signatures made by expired user ids, but
- don't include them in the trust calculation.
-
- g10: Support nested transactions on the TOFU DB.
- + commit 33e97813d72996d22a295773c64261f5588ce9dd
- * g10/gpg.h (struct server_control_s): New field in_transaction.
- * g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
- savepoint_inner_commit.
- (begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION. Name the
- savepoint according to the nesting level.
- (end_transaction): Name the savepoint according to the nesting level.
- Decrement CTRL->TOFU.IN_TRANSACTION.
- (rollback_transaction): Likewise. Only ever rollback a non-batch
- transaction.
- (opendbs): Assert that there are no outstanding transactions.
-
- g10: Print the info text in more situations.
- + commit 4c2abb221b29c9e8e0876fe986472b562ee1c99f
- * g10/tofu.c (ask_about_binding): Print the info text when the policy
- is ask and there are multiple bindings with the email address.
-
- g10: Print the formatted text.
- + commit 0858f141a8b8d0c098a0c6097176b7225c4a9db8
- * g10/tofu.c (ask_about_binding): Print the formatted text, not the
- unformatted text.
-
- g10: When showing a user id's trust, pass the current signature.
- + commit 8dda861ad80228da76cd5c97467008c87b8b6eee
- * g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
- get_validity.
-
-2016-08-29 Werner Koch <wk@gnupg.org>
-
- w32: Fix build regression due to 2aa0701.
- + commit 8b3e691ffbaaa218d309d5aaf8f37532308558ff
- * common/logging.c (fun_writer): Always declare 'name_for_err'.
-
- gpgconf: Print the plain socket directory with --list-dirs.
- + commit 8e3fa5a4b205c534de2142e5d071712f957cf06a
- * tools/gpgconf.c (list_dirs): Add plain socketdir out.
-
- common: Add a default socket name feature.
- + commit 2aa0701013f703ad93e17da3345c493c08aa04ee
- * common/logging.c (log_set_socket_dir_cb): New.
- (socket_dir_cb): New.
- (set_file_fd): Allow "socket://".
- (fun_writer): Implement default socket name.
- * common/init.c (_init_common_subsystems): Register default socket.
-
- gpg: Make decryption of -R work w/o --try-secret-key or --default-key.
- + commit bdbd03608b6f508ac4732f9986a046de8a85a311
- * g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
- cases not just when --try-all-secrets is used.
-
-2016-08-25 Werner Koch <wk@gnupg.org>
-
- gpg: Fix false negatives in Ed25519 signature verification.
- + commit 0a5a854510fda6e6990938a3fca424df868fe676
- * g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
- * tests/openpgp/verify.scm (msg_ed25519_rshort): New
- (msg_ed25519_sshort): New.
- ("Checking that a valid Ed25519 signature is verified as such"): New.
-
- common: Rename an odd named function.
- + commit 74a082bc10960b2d65d4d1e31152f988a40a2225
- * common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
- (openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change
- callers.
-
- gpg: New option --with-tofu-info.
- + commit 19d12be3cea5b4ee8153287a2f2442913a5e07a1
- * g10/gpg.c (oWithTofuInfo): New.
- (opts): Add --with-tofu-info.
- (main): Set opt.with_tofu_info.
- * g10/options.h (struct opt): Add field WITH_TOFU_INFO.
- * g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
- special mode if not NULL. Change all callers.
- (tofu_write_tfs_record): New.
- * g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
- part of the "uid" record. Print a new "tfs" record if the new option
- is set.
- * tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
-
-2016-08-24 Werner Koch <wk@gnupg.org>
-
- gpg: Change TOFU_STATS to return timestamps.
- + commit 0f1f02acc1cdcc2cf74a97b05507bb1f062f8af2
- * g10/tofu.c (write_stats_status): Add arg FP to print a colon
- formated line. Adjust for changed TOFU_STATS interface.
- (show_statistics): Let the query return timestamps and use
- gnupg_get-time to compute the "time ago" values.
-
- common: Guarantee that gnupg_get_time does not return an error.
- + commit 5eb2682686b32bd82096924eeabd0c5bd347adfd
- * common/gettime.c (gnupg_get_time): Abor if time() failed.
- (gnupg_get_isotime): Remove now useless check.
- (make_timestamp): Remove check becuase we already checked this modulo
- the faked time thing.
-
- wks: Add command --supported to gpg-wks-client.
- + commit 460568d341851ac79dd100e00e4eafcac1318148
- * tools/gpg-wks-client.c (aSupported): New.
- (opts): Add --supported.
- (parse_arguments): Ditto.
- (main): Call command_supported.
- (command_supported): New.
-
-2016-08-22 Werner Koch <wk@gnupg.org>
-
- wks: Install gpg-wks-client under libexec.
- + commit c47386a11a32c5ed3b5a31fad5c3e9a9a020ca7b
- * tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ...
- (libexec_PROGRAMS): ...here.
-
- common: Remove unused vars in simple-pwquery.
- + commit 62f3e0027724b23c0de5be6d1e66cfdeef7e7bc9
- * common/simple-pwquery.c (agent_send_option): Remove unused vars.
- (simple_query): Ditto.
- (agent_open): Ditto. Return RC on error.
- (simple_pwquery): Remove unused vars. Remove shadowing of 'p'.
-
-2016-08-18 Werner Koch <wk@gnupg.org>
-
- Release 2.1.15.
- + commit 6bee88dd067e03e7767ceacf6a849d9ba38cc11d
-
-
- po: Update German translation.
- + commit 0a32153316855224acda268edb60b80d4e64b12f
-
-
-2016-08-18 Åka Sikrom <a4@hush.com>
-
- po: Update Norwegian translation.
- + commit ec88d7c8a9af864fad8ab5e0b9c4eb90ddcdd630
-
-
-2016-08-18 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 6f6bfbf175653faa5cf560a7174e81a599247e80
-
-
-2016-08-18 Werner Koch <wk@gnupg.org>
-
- gpg: Add import filter "drop-sig".
- + commit 1b55e864421f88b8c8088639682767076abbeab0
- * g10/import.c (import_drop_sig): New variable.
- (cleanup_import_globals): Release that.
- (parse_and_set_import_filter): Add filter "drop-sig".
- (filter_getval): Implement properties for drop-sig.
- (apply_drop_sig_filter): New.
- (import_one): Apply that filter.
-
- dirmngr: Remove all system daemon features.
- + commit d83ba4897bf217d1045c58d1b99e52bd31c58812
- * dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
- 'system_daemon'.
- * common/homedir.c (dirmngr_sys_socket_name): Remove.
- (dirmngr_user_socket_name): Rename to ...
- (dirmngr_socket_name): this. Change call callers.
- * common/asshelp.c (start_new_dirmngr): Remove the system socket
- feature.
- * tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
- * sm/server.c (gpgsm_server): Adjust for removed system socket feature.
- * dirmngr/server.c (cmd_getinfo): Ditto.
- (cmd_killdirmngr): Remove check for system daemon.
- (cmd_reloaddirmngr): Ditto.
- * dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
- (aService): Remove.
- (opts): Remove --service.
- (w32_service_control): Remove.
- (real_main, call_real_main) [W32]: Remove wrapper.
- (main): Remove Windows system service feature. Remove system dameon
- feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
- * dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
- system dameon case.
- * dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
- * dirmngr/ocsp.c (validate_responder_cert): Do not call
- validate_cert_chain which was used only in system daemon mode.
- * dirmngr/validate.c (validate_cert_chain): Always use the code.
-
- gpg: New option --sender.
- + commit de6e3217cde81df370926571e0fd65e468619803
- * g10/options.h (struct opt): Add field 'sender_list'.
- * g10/gpg.c: Include mbox-util.h.
- (oSender): New.
- (opts): Add option "--sender".
- (main): Parse option.
-
-2016-08-16 Werner Koch <wk@gnupg.org>
-
- agent: Allow import of overly large keys.
- + commit b5d63e81d5c472647decc7687cef91fee0378eb8
- * agent/command.c (MAXLEN_KEYDATA): Double the size.
-
-2016-08-14 Werner Koch <wk@gnupg.org>
-
- g13: Allow the use of a g13tab label for --mount.
- + commit f02ceb6c6e94c6fbfaeeafe728397be38107de4d
- * g13/mount.c (g13_mount_container): Do not run the first access check
- if syshelp is required.
-
- g13: Implement --umount for dm-crypt.
- + commit b781113cf1391926dedf8dc943624d3bb9726318
- * g13/g13.c (main): Implement command --umount.
- * g13/mount.c (g13_umount_container): use the syshelper if needed.
- * g13/backend.c (be_umount_container): New.
- * g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
- * g13/call-syshelp.c (call_syshelp_run_umount): New.
- * g13/sh-cmd.c (cmd_umount): New.
- (register_commands): Register UMOUNT.
- * g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.
-
-2016-08-13 Werner Koch <wk@gnupg.org>
-
- g13: Fix double free bug.
- + commit c9a0bccc77c93c08d6980a1718dfaf238a559eb9
- * g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.
-
- g13: Consider g13tab for a mount command.
- + commit 700920640211168ae1c97d0adef74ba8615d90bb
- * g13/sh-cmd.c (cmd_getkeyblob): New.
- (register_commands): Register it.
- * g13/call-syshelp.c (getkeyblob_data_cb): New.
- (call_syshelp_get_keyblob): New.
- * g13/mount.c: Include callsyshelp.h.
- (g13_mount_container): Ask syshelp whether the filename is managed by
- g13tab. Call syshelp to get the encrypted keyblob in this case.
-
- g13: Move some function around.
- + commit 37e932658cbd873ac96ff7e2067a97dffc2e0507
- * g13/keyblob.c (g13_keyblob_decrypt): Move to ...
- * g13/server.c: to here.
- * g13/suspend.c, g13/mount.c: Include server.h.
- * g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
-
- g13: New command --find-device.
- + commit b57f55321295846d47144bd6b39fbbcac0127421
- * common/status.h (STATUS_BLOCKDEV: New.
- * g13/call-syshelp.c: Include "call-syshelp.h".
- (finddevice_status_cb, call_syshelp_find_device): New.
- * g13/g13.c (aFindDevice): New.
- (opts): Add "--find-device".
- (main): Implement --find-device.
- * g13/sh-cmd.c (cmd_finddevice): New.
- (register_commands): Register new command.
-
-2016-08-12 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Avoid leading ": " in the log output when there are no prefixes.
- + commit 3a75ff65fba24ea2d024bd8fef633ab7d8f7d520
- * common/logging.c (do_logv): When no prefixes have been requested,
- omit the ": " separator, since there is nothing on the left-hand
- side of it.
-
- Call log_set_prefix() with human-readable labels.
- + commit 61c2a1fa6d6cb345f9d81f4bdd3f8f8ddac1ea3e
- * agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
- * dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
- * g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
- * tests/gpgscm/main.c, tools/gpg-check-pattern.c
- * tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
- * tools/symcryptrun.c: Invoke log_set_prefix() with
- human-readable labels.
-
-2016-08-11 Werner Koch <wk@gnupg.org>
-
- gpg: New option --input-size-hint.
- + commit 70b5d7c43a57a44dad60c2c700a263610748d8f4
- * g10/options.h: Include stdint.h.
- (struct opt): Add field 'input_size_hint'.
- * g10/gpg.c (oInputSizeHint): New.
- (opts): Add --input-size-hint.
- (main): Set opt.input_size_hint.
- * g10/progress.c (write_status_progress): Use the hint.
-
- common: New function string_to_u64.
- + commit 0698324cde3e0cef7eeb6cfd1640c5eefdf13698
- * common/stringhelp.c (string_to_u64): New.
- * dirmngr/http.c (longcounter_t): Remove.
- (struct cookie_s): Change content_length to uint64_t.
- (parse_response): Use string_to_u64.
-
-2016-08-11 Justus Winter <justus@g10code.com>
-
- common: Remove compatibility code.
- + commit 72fa314b71e4ce8780f59b16d32cabf5d4bd5451
- * common/Makefile.am: Drop deleted files.
- * common/w32-afunix.c: Delete file.
- * common/w32-afunix.h: Likewise.
-
- common: Rework the simple password query module.
- + commit 14479e2515439c73e385f37e8c2b3fc517b038b9
- * common/simple-pwquery.c (writen, readline): Drop.
- (agent_send_option, agent_send_all_options, agent_open): Just use
- libassuan.
- (simple_pw_set_socket): Simplify.
- (default_inq_cb): New function.
- (simple_pwquery, simple_query): Just use libassuan.
- * agent/Makefile.am (gpg_preset_passphrase_LDADD): Add libassuan.
- * tools/Makefile.am (symcryptrun_LDADD): Likewise.
-
- common: Remove simple password query error codes.
- + commit 9e6503b7ce019aa417099ded1dda87b68c33f912
- * common/simple-pwquery.h: Remove mapping function. Move all
- definitions of status codes...
- * common/simple-pwquery.c: ... here, and define them to meaningful gpg
- error values.
- * agent/preset-passphrase.c (preset_passphrase): Use error code as-is.
- (forget_passphrase): Likewise.
- * tools/symcryptrun.c (confucius_get_pass): Likewise.
-
-2016-08-10 Werner Koch <wk@gnupg.org>
-
- gpg: Print the signer's UID during verification.
- + commit ed5c1b0b8a4790c4fb36a3129387f7c2ef5db302
- * g10/parse-packet.c (parse_signature): Sanitize the value stored in
- SIGNERS_UID.
- * g10/mainproc.c (issuer_fpr_string): New.
- (check_sig_and_print): Print the signers' UID. Print the issuer
- fingerprint in --rfc4880bis mode.
-
- common: New function try_make_printable_string.
- + commit f2ea7e539c9a22081e3159dcbca84f57f30724ca
- * common/stringhelp.c (sanitize_buffer): Remove. Move code to ...
- * common/miscellaneous.c (try_make_printable_string): new.
- (make_printable_string): Call try_make_printable_string.
-
-2016-08-10 Justus Winter <justus@g10code.com>
-
- tests: Fix distcheck.
- + commit a6acf1f6b39c5a607f61f643a5d21309ba58685d
- * tests/openpgp/issue2417.scm: Copy configuration.
-
-2016-08-10 Werner Koch <wk@gnupg.org>
-
- gpg: Remove tofu database format "split".
- + commit 5b59999ce0dd1650ebe47a74a30ded6af00eeed3
- * g10/options.h (struct opt): Remove field tofu_db_format.
- * g10/gpg.h (server_control_s): Add fields tofu.batch_update_ref and
- tofu.batch_update_started.
- * g10/gpg.c (parse_tofu_db_format): Remove.
- (main): Make option --tofu-db-format obsolete.
- * g10/tofu.c: Major rework. Remove the pretty complicated and slower
- split format and with that all the caching. Use the dbs struct
- directly. Move global vars for batch update into CTRL. Change
- calling conventions of some function to take CTRL or DBS pointers
- instead of the former low-level database pointer.
-
-2016-08-10 Justus Winter <justus@g10code.com>
-
- g10: Fix opening of trust database.
- + commit a27410a251cd25ca96cd6743969c4db0a0fd553f
- * g10/tdbio.c (tdbio_set_dbname): This function explicitly checks for
- the file size, but handled the case of a zero-sized file incorrectly
- by returning success. Fix this by initializing the database in that
- case.
- * tests/openpgp/Makefile.am (XTESTS): Add new test.
- * tests/openpgp/issue2417.scm: New file.
-
- tests: Fix distcheck.
- + commit 194b1e979c7c547afd0dfea5b2496bdfa34b20f1
- * tests/openpgp/Makefile.am (EXTRA_DIST): Explicitly add setup and
- teardown scripts now that they no longer are included in the list of
- tests.
-
- tests: Improve temporary directory handling.
- + commit d9240a3a4688c263632b4168ae2e04363bc91a3a
- * tests/gpgscm/ffi.c (ffi_init): Rename 'mkdtemp'.
- * tests/gpgscm/tests.scm (mkdtemp): New function that uses a sensible
- location and template if no arguments are given.
- (with-temporary-working-directory): Simplify accordingly.
- (make-temporary-file): Likewise.
- * tests/openpgp/run-tests.scm (run-tests-parallel-isolated): Likewise.
- (run-tests-sequential-isolated): Likewise.
-
- gpgscm: Make the name of foreign functions more unique.
- + commit efe973dab7f69e2b1309446b2fbcd47ce0305399
- * tests/gpgscm/ffi-private.h (ffi_define_function_name): Add another
- underscore.
-
- tests: Run each test in a clean environment.
- + commit e13f1ea8fff3964dc3008432f5c0f26aaa2eaa35
- * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Drop obsolete
- variables, add 'srcdir', use absolute paths.
- (TESTS): Rename to 'XTESTS' to avoid emitting the automake test
- runner. Drop 'setup.scm' and 'finish.scm'.
- (xcheck): New target that runs 'run-tests.scm', our Scheme test suite
- runner. It will run each test in a clean environment, isolated from
- the other tests.
- (EXTRA_DIST): Adapt accordingly.
- * tests/openpgp/README: Likewise.
-
- tests: Make ssh test more robust.
- + commit b2b21580b68f3a9069562f99675b389a0d044713
- * tests/openpgp/ssh.scm: Drop the 'MD5:' which was not printed by
- previous ssh versions.
-
-2016-08-10 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: SSH support fix.
- + commit f14795d57f6c81709e9225dd3c5dfd3495cf1b2b
- * agent/command-ssh.c (ssh_handler_request_identities): Keep error
- message same.
-
-2016-08-09 Werner Koch <wk@gnupg.org>
-
- agent: Fix regression in recent ssh changes.
- + commit e630f904993725c54ec63be00369589b7b7234d2
- * agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
-
- gpg: Extend the PROGRESS line to give the used unit.
- + commit 16feb1e0ea9b5d3966f22f4ae047335b9d1b60e1
- * g10/progress.c (write_status_progress): Print the units parameter.
-
-2016-08-09 Ben Kibbey <bjk@luxsci.net>
-
- Cleanup initialization of libgcrypt.
- + commit 49829c29e541546084950b8a153067db371d101a
- * common/init.c (init_common_subsystems): Initialize libgcrypt.
- * dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
-
-2016-08-09 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: SSH support improvement.
- + commit ebf24e3b29766595204355d82f435a3e675bfbbc
- * agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
- error, not giving up to handle the request itself.
- * agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.
-
-2016-08-08 Werner Koch <wk@gnupg.org>
-
- gpg: Cleanup of dek_to_passphrase function (part 2).
- + commit 491d6fdabb3d95905cd96d905e1f965ce8ff07e1
- * g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg
- MODE to NOCACHE.
- (passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg
- MODE into CREATE and NOCACHE. Change all callers and adjust stubs.
- (passphrase_clear_cache): Remove args KEYID and ALGO. They are not
- used. Change caller.
-
- gpg: Cleanup of dek_to_passphrase function (part 1).
- + commit 5b614973fe2d4b5ef402a3057c31c3ef3042a483
- * g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
- CUSTPROMPT. Merge into the passphrase_to_dek wrapper.
- (passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
-
-2016-08-08 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: More clean up of SSH support.
- + commit 591a8373a5d9567db9b1a1a48205e8a206c7b669
- * common/util.h (get_pk_algo_from_key): New.
- * common/sexputil.c (get_pk_algo_from_key): The implementation.
- * agent/gpg-agent.c: Remove include of openpgpdefs.h.
- * agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
- (ssh_key_types): Update with GCRY_PK_*.
- (make_cstring, sexp_extract_identifier): Remove.
- (sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
- (ssh_key_to_blob): Use cadr to get value list.
- (ssh_key_type_lookup): Lookup with integer ALGO.
- (ssh_receive_key): Follow the change of ssh_key_type_lookup.
- (ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
-
- tests: Add openpgp/gpgv-forged-keyring.scm.
- + commit 7dcad0d3503ac0d75e09efb16246dd78518986fc
- * tests/openpgp/gpgv-forged-keyring.scm: New.
- * tests/openpgp/forged-keyring.gpg: New.
- * tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
- * tests/openpgp/defs.scm (tools): Add GPGV.
- (GPGV): New.
-
-2016-08-06 Werner Koch <wk@gnupg.org>
-
- agent: Fix long standing regression tracking the connection count.
- + commit 40d16029ed8b334c371fa7f24ac762d47302826e
- * agent/gpg-agent.c (get_agent_active_connection_count): New.
- (do_start_connection_thread, start_connection_thread_ssh): Bump
- ACTIVE_CONNECTIONS up and down.
- * agent/command.c (cmd_getinfo): Add subcommand "connections".
-
-2016-08-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Clean up SSH support.
- + commit 894789c3299dc47a8c1ccaaa7070382f0fae0262
- * agent/command-ssh.c (file_to_buffer): Remove.
- (ssh_handler_request_identities): Use agent_public_key_from_file.
-
-2016-08-05 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Avoid publishing the GnuPG version by default.
- + commit c9387e41db7520d176edd3d6613b85875bdeb32c
- * g10/gpg.c (main): initialize opt.emit_version to 0
- * doc/gpg.texi: document different default for --emit-version
-
-2016-08-04 Werner Koch <wk@gnupg.org>
-
- gpg: Make sure that keygrips are printed for each subkey.
- + commit c8cc804f56bfefba46641f2c7078fcd67b494bae
- * g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of
- an error.
-
- gpg: Always print the fingerprint in colons mode.
- + commit 54a1ed20e203dcafeacbe21eb147efa08255dbf5
- * g10/keylist.c (list_keyblock_colon): Remove arg FPR. Always print
- fingerprint records. For secret keys always print keygrip records.
-
- tests: Use gpgconf to set the ssh socket envvar.
- + commit 0c2a745a2bc21e8f439930f7c0e5d1521c2fd44c
- * tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf.
-
- gpgconf: Add limited support for -0.
- + commit db6f3eb926619dfe6ed2a9be197c51f9a1b6198c
- * tools/gpgconf.h (opt): Add field 'null'.
- * tools/gpgconf.c: Add option --null/-0.
- (list_dirs): Use it here.
-
-2016-08-04 Justus Winter <justus@g10code.com>
-
- tests: Update list of tests in Scheme test runner.
- + commit 05cb30052cdf1d308ff7da901cfa5a809cd49479
- * tests/openpgp/run-tests.scm: Add missing tests.
-
- tests: Fix path to fake-pinentry.
- + commit 3566544d04a4b81e5dd8a2883304673b2cc2f108
- * tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry.
-
-2016-08-04 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 89234f7f3643bad2daddc94569f1d651ec5c835e
-
-
- po: update Japanese translation.
- + commit 573e0f36190346e0263bea3ae12a389f4f598d55
-
-
- g10: Fix checking key for signature validation.
- + commit 6f284e6ed63f514b15fe610f490ffcefc87a2164
- * g10/sig-check.c (check_signature2): Not only subkey, but also primary
- key should have flags.valid=1.
-
-2016-08-03 Justus Winter <justus@g10code.com>
-
- kbx: Add missing header file.
- + commit e3358b246d9380008a4ba7c8f2fe03659901adaf
- * kbx/keybox-update.c: Add missing header file.
-
-2016-08-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- More cleanup of "allow to".
- + commit dc107b78509807db375d3a382eb3376cd2183357
- * README, agent/command.c, agent/keyformat.txt, common/i18n.c,
- common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
- dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
- doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
- doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
- g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
- m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
- po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
- po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
- po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
- po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
- scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
- sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
- with clearer text.
-
- In standard English, the normal construction is "${XXX} allows ${YYY}
- to" -- that is, the subject (${XXX}) of the sentence is allowing the
- object (${YYY}) to do something. When the object is missing, the
- phrasing sounds awkward, even if the object is implied by context.
- There's almost always a better construction that isn't as awkward.
-
- These changes should make the language a bit clearer.
-
- dirmngr: Emit correct spelling of "superseded".
- + commit 436b28c23194fa77919967338d5a61a82d242153
- * dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly.
- * dirmngr/ocsp.c (ocsp_invalid): Likewise.
-
- This might break some tools which parse the existing output and expect
- misspellings, but i'm not sure there are many such tools, and we
- should use standardized orthography going forward.
-
- Fix spelling and grammar.
- + commit cd45cf782b91ff0f6b023913963e5258ffcbf464
- * agent/learncard.c: s/coccured/occurred/
- * doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
- s/reponses/responses/i
- * doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
- to" to more conventional english usage.
- * doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
- tests/openpgp/armor.test: s/occured/occurred/
- * tools/gpgsplit.c: s/calcualting/calculating/
- * sm/server.c: s/formated/formatted/
-
-2016-08-03 Werner Koch <wk@gnupg.org>
-
- gpg,gpgsm: Block signals during keyring/keybox update.
- + commit 48a2c93a1886589d1a0e2a4a2173e0e81311200b
- * kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS.
- * kbx/keybox-update.c (rename_tmp_file): Block all signals when doing
- a double rename.
- * g10/keyring.c (rename_tmp_file): Block all signals during the double
- rename.
-
- common: New file utilproto.c.
- + commit 3a2421c94015432caa49e166bc5bf5c4f80ab7c7
- * common/util.h: Factor prototypes from signal.c out to ...
- * common/utilproto.h: new.
- * common/Makefile.am (common_sources): Add new file.
-
-2016-08-01 Justus Winter <justus@g10code.com>
-
- gpgsm: Fix machine-readable key listing.
- + commit 40365b28c3fdf087fd58401f5a6f42f9d7d29d20
- * sm/keylist.c (list_cert_colon): Drop superfluous colon.
-
- tests: Distribute standalone test runner.
- + commit c971ff0823d9a649b32fd9f169a12abc3095246e
- * tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file
- 'run-tests.scm'.
-
-2016-07-28 Justus Winter <justus@g10code.com>
-
- tests: Fix distcheck.
- + commit 9e799b0e4f131126b80a5d3272c36d52b8ba1720
- * tests/openpgp/Makefile.am (sample_msgs): New variable.
- (EXTRA_DIST): Also ship the sample msgs.
-
-2016-07-27 Fredrik Fornwall <fredrik@fornwall.net>
-
- build: Fix check for Android.
- + commit 583a464c62ce8f7d70f5fdab2c7ea73ec3348d69
- * configure.ac: Match other Android targets as well.
-
-2016-07-26 Justus Winter <justus@g10code.com>
-
- common: Fix iobuf_peek corner case.
- + commit b2572b0c386fd12ac6581fcce72f8d48cbfd27c7
- Previously, iobuf_peek on a file smaller than 'buflen' would hang.
-
- * common/iobuf.c (underflow): Generalize by adding a target parameter.
- (iobuf_peek): Use this to prevent looping here.
- * tests/openpgp/Makefile.am (TESTS): Add new test.
- * tests/openpgp/setup.scm (dearmor): Move function...
- * tests/openpgp/defs.scm (dearmor): ... here.
- * tests/openpgp/issue2419.scm: New file.
- * tests/openpgp/samplemsgs/issue2419.asc: Likewise.
-
- gpgscm: Do not shadow common function name in catch macro.
- + commit 046338b8494c036a5e717130d3eadce0291126fc
- * tests/gpgscm/init.scm (catch): Do not shadow 'exit'.
-
- tests: Fix distcheck.
- + commit 66c0dab3c722c2766828515120775b106286334e
- * tests/openpgp/Makefile.am (samplekeys): Add missing key.
-
- gpgscm: Make the verbose setting more useful.
- + commit f17aecbcd98103fcd2ece537be96930f354de656
- * tests/gpgscm/ffi.c (do_get_verbose): New function.
- (do_set_verbose): Likewise.
- (ffi_init): Turn *verbose* into a function, add *set-verbose!*.
- * tests/gpgscm/tests.scm (call): Adapt accordingly.
- (call-with-io): Dump output if *verbose* is high.
- (pipe-do): Adapt accordingly.
- * tests/openpgp/defs.scm: Set verbosity according to environment.
- * tests/openpgp/run-tests.scm (test): Adapt accordingly.
-
- common: Avoid excessive stack use.
- + commit b3610badf691178bbbf0831af9aa6b6658c1948a
- * common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
- (gnupg_exec_tool_stream): Allocate copy buffers from the heap.
-
- common: Rework resource cleanup when handling errors.
- + commit 35132a8b119dbc3393ceb0d0874917905d1a6354
- * common/exectool.c (gnupg_exec_tool_stream): Rework error handling.
-
- common: Add unit test for exectool.
- + commit fe40e9c53dc0710ff73e72d05ba8040874465b55
- * common/Makefile.am: Build new test.
- * common/t-exectool.c: New file.
-
-2016-07-25 Justus Winter <justus@g10code.com>
-
- g10: Fix key import statistics.
- + commit 4ba11251aff578394000bf480f47160f0879c763
- 'transfer_secret_keys' collects statistics on a subkey-basis, while
- the other code does not. This leads to inflated numbers when
- importing secret keys. E.g. 'count' is incremented by the main
- parsing loop in 'import', and again in 'transfer_secret_keys', leading
- to a total of 3 if one key with two secret subkeys is imported.
-
- * g10/import.c (import_secret_one): Adjust to the fact that
- 'transfer_secret_keys' collects subkey statistics.
- * tests/openpgp/Makefile.am (TESTS): Add new test.
- * tests/openpgp/issue2346.scm: New file.
- * tests/openpgp/samplekeys/issue2346.gpg: Likewise.
-
-2016-07-22 Justus Winter <justus@g10code.com>
-
- gpgscm: Make function more general.
- + commit 9ee23a715d5dad6bf568a2deb1c55bf15601cf51
- * tests/gpgscm/tests.scm (in-srcdir): Accept more path fragments.
-
- g10: Properly ignore legacy keys in the keyring cache.
- + commit d9839c9d303a01dc1032a6de311e034fe14e81da
- * g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys
- in the keyring cache.
- * tests/migrations/Makefile.am (TESTS): Add new test.
- * tests/migrations/common.scm (GPG-no-batch): New variable.
- (run-test): New function.
- * tests/migrations/issue2276.scm: New file.
- * tests/migrations/issue2276.tar.asc: Likewise.
-
-2016-07-21 Justus Winter <justus@g10code.com>
-
- g10: Fix error handling.
- + commit 45bb9a2a46e11bc13c6b39e7b4748b7de199018e
- * g10/tofu.c (show_statistics): Fix error handling, 0 is a valid
- duration.
-
- g10: Drop superfluous begin transaction.
- + commit 8a6f8e1e397a2d676b211f2dbc6df4a80b67442d
- * g10/tofu.c (record_binding): We only need a transaction for the
- split format.
-
- gpgscm: Make assert macro more accurate.
- + commit 699c6c9f4b44441ab3db7f942df5b81f4cd88b06
- * tests/gpgscm/lib.scm (assert): Print the representation of the
- failed expression.
-
- gpgscm: Make error message more useful.
- + commit 7207b2fe45bcf884e029366a2677a570234bed2e
- * tests/gpgscm/scheme.c (opexe_0): Include names of missing function
- parameters in the error message.
-
- g10: Fix crash.
- + commit 1af2fd44f0a66fd0d94c224319db0b128d42a288
- * g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
- cache limit. Previously, this would crash if db_cache_count == count.
-
-2016-07-20 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix card removal/reset on multiple contexts.
- + commit 1598a4476466822e7e9c757ac471089d3db4b545
- * scd/app.c (application_notify_card_reset): Add message for debug.
- *scd/command.c (update_card_removed): Call release_application and set
- SLOT -1 here.
- (struct server_local_s): Remove app_ctx_marked_for_release.
- (do_reset): Don't mark release but call release_application here.
- (open_card): Remove app_ctx_marked_for_release handling.
- (update_reader_status_file): Don't set SLOT here, so that it can be
- released the APP by application_notify_card_reset in
- update_card_removed.
-
-2016-07-19 Justus Winter <justus@g10code.com>
-
- agent: Add known keys to sshcontrol.
- + commit 270f7f7b8b235cc93516566702e2a1d256605cca
- * agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
- even if it is already in the private key store.
- * tests/openpgp/ssh.scm: Test this.
-
- tests: Add test for ssh support.
- + commit d7a405de8325aa945ab791dcd3bc48272af33b86
- * tests/gpgscm/tests.scm (path-expand): New function.
- * tests/openpgp/Makefile.am (TESTS): Add new test.
- (sample_keys): Add new keys.
- (CLEANFILES): Clean ssh socket and control file.
- * tests/openpgp/fake-pinentry.c (main): Add a default passphrase.
- * tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support.
- * tests/openpgp/samplekeys/ssh-dsa.key: New file.
- * tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise.
- * tests/openpgp/samplekeys/ssh-ed25519.key: Likewise.
- * tests/openpgp/samplekeys/ssh-rsa.key: Likewise.
- * tests/openpgp/ssh.scm: Likewise.
-
-2016-07-19 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix race conditions for release_application.
- + commit 0c1fd4e9884ed7c1edd1819762b9e8a77f606ed3
- * scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
- release_application.
-
-2016-07-18 Justus Winter <justus@g10code.com>
-
- agent: Fix passphrase cache lookups.
- + commit f474249366e8e143c8e6eb7f7b1a74056e46fa1f
- CACHE_MODE_ANY is supposed to match any cache mode except
- CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.
-
- * agent/cache.c (cache_mode_equal): New function.
- (agent_set_cache): Use the new function to compare cache modes.
- (agent_get_cache): Likewise.
- * tests/openpgp/Makefile.am (TESTS): Add new test.
- * tests/openpgp/issue2015.scm: New file.
-
-2016-07-15 Justus Winter <justus@g10code.com>
-
- build: Always build gpgtar.
- + commit 7f4dd24b880323a5b772719dafae829c288303a8
- We use gpgtar to unpack test data, hence we always build it. If the
- user opts out, we simply don't install it.
-
- * configure.ac: Add comment.
- * tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is
- built.
- * tools/Makefile.am: Always build gpgtar, but do not install it if the
- user used '--disable-gpgtar'.
-
-2016-07-15 Werner Koch <wk@gnupg.org>
-
- wks: Publish as binary file.
- + commit b7b37716b9d2cd1b71b5f7f0e4fb2c1a43eee90a
- * tools/gpg-wks-server.c (copy_key_as_binary): New.
- (check_and_publish): Use new function instead of rename.
-
-2016-07-15 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix linking.
- + commit c49c43d7e4229fd9f1bc55e17fa32fdc334dbef6
- * tests/gpgscm/Makefile.am: Add -lintl.
-
- g10: Fix building without trust models.
- + commit d21efa398874be4a15e8283c5fc382fb90f562fd
- * g10/pkclist.c (write_trust_status): Fall back to the previous
- behavior.
-
- tests: Check for gpgtar.
- + commit 12a887050a560c4cacaf95e4cdb0cc42d8b87aa1
- * tests/migrations/extended-pkf.scm: Skip test if gpgtar is not built.
- * tests/migrations/from-classic.scm: Likewise.
- * tests/openpgp/gpgtar.scm: Fix check for gpgtar.
-
-2016-07-14 Werner Koch <wk@gnupg.org>
-
- Release 2.1.14.
- + commit 09c448202ffb4c26d7ec2028351a78e2d3680396
-
-
- po: Update the German translation.
- + commit 23c2491f94b94fa231bde8187eb958432555eff1
-
-
-2016-07-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- dirmngr: fix handling of HTTP redirections.
- + commit 60428c24fb29cb633c9392abb777bc4da88dbfba
- * dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session
- when following a HTTP redirection.
-
-2016-07-14 Werner Koch <wk@gnupg.org>
-
- gpg: Remove options --print-dane-records and --print-pka-records.
- + commit 1e9bc66a9a60de668890452d504eea3c3c614f7e
- * g10/gpg.c (main): Remove options but print a dedicated warning.
- * g10/options.h (struct opt): Remove fields 'print_dane_records' and
- 'print_pka_records'.
- * g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
- (list_keyblock_pka): Remove.
-
-2016-07-14 Åka Sikrom <a4@hush.com>
-
- po: Complete update of the Norwegian translation.
- + commit d6d7e4d218a1e2e2a88bc893b00967b032d194f8
-
-
-2016-07-14 Yuri Chornoivan <yurchor@ukr.net>
-
- Update Ukrainian translation.
- + commit 9427288ebb32141c196996315f93535fd7744901
-
-
-2016-07-14 Ineiev <ineiev@gnu.org>
-
- Update Russian translation.
- + commit 39c88870359bc75e9f72e08a7466fcff01bdc655
-
-
-2016-07-14 Werner Koch <wk@gnupg.org>
-
- gpg: Fix regression since 2.1 in --search-key with a fingerprint.
- + commit 0342369ce001b9dba04dc79e7a4eb66fbda278e7
- * dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
-
- gpgscm: Use kludge to avoid improper use of ffi_schemify_name.
- + commit fb14bf0a95e361b0991067e3aea2902d54be811d
- * tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of
- strdup for now.
-
- build: Require latest released libraries.
- + commit c98995efefbdebea8f53d54ba2df4217dfd31ad4
- * agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
- (do_encryption): Always support OCB.
- (do_decryption): Ditto.
- (agent_unprotect): Ditto.
- * dirmngr/server.c (is_tor_running): Unconditionally build this.
-
-2016-07-13 Werner Koch <wk@gnupg.org>
-
- build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
- + commit 66b634f27f10e4c0cb21c3f201998497d0bb24ca
- * build-aux/config.guess: Update.
- * build-aux/config.sub: Update.
-
- gpg: Fix regression due to the new --mimemode options.
- + commit 3b8ed7650d2d63b01ec80ecf9e493b80e3ac7ef8
- * g10/gpg.c (opts): Re-add oTextmodeShort.
-
-2016-07-13 Daiki Ueno <ueno@gnu.org>
-
- gpg: Make --try-all-secrets work for hidden recipients.
- + commit 82b90eee100cf1c9680517059b2d35e295dd992a
- * g10/getkey.c (enum_secret_keys): Really enumerate all secret
- keys if --try-all-secrets is specified.
-
-2016-07-13 Werner Koch <wk@gnupg.org>
-
- gpg: Do not print a the short keyid if the high word is zero.
- + commit 7b96a8d736934e65bb2adbc17059f84dfeaf95fb
- * g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.
-
- gpg: New option --mimemode.
- + commit e148c3caa90fbadba32bdbfea9513392e3aea598
- * g10/gpg.c (oMimemode): New.
- (opts): Add --mimemode.
- (main): Use --mimemode only in rfc4880bis compliance mode.
- * g10/options.h (struct opt): Add field "mimemode".
- * g10/build-packet.c (do_plaintext): Allow for mode 'm'.
- * g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
- * g10/plaintext.c (handle_plaintext): Handle 'm' mode.
- * g10/sign.c (write_plaintext_packet): Handle 'm' mode.
- (sign_file, sign_symencrypt_file): Use 'm' if requested.
-
- wks: Use correct key for the confirmation.
- + commit 95810929f75bd718dbdf2cd1c0181137a45e2456
- * tools/gpg-wks-client.c (send_confirmation_response): Actually
- encrypt to the recipient.
-
- wks: New server command --list-domains.
- + commit 44ecc33b4a7147d9c112a72f55a42b65cef4fe67
- * tools/gpg-wks-server.c (aListDomains): New.
- (opts): Add --list-domains.
- (parse_arguments): Implement.
- (main): Ditto. Use only one final diagnostic message.
- (command_list_domains): New.
- (check_and_publish): Remove directory creation.
- (get_domain_list): New.
- (expire_pending_confirmations): Rewrite using a list of directories.
- (command_cron): Get domain list and pass to
- expire_pending_confirmations.
-
-2016-07-13 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix envvars for UPDATESTARTUPTTY.
- + commit 7be218177701af316db75057c99ca674d53cf585
- agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
- to get the list.
-
-2016-07-12 Werner Koch <wk@gnupg.org>
-
- g13: Fix memleak.
- + commit acb27915f8646a875b6bb507ff46cd1bc330c02b
- * g13/g13tuple.c (create_tupledesc): Init refcount to 1.
-
- wks: Add --cron command to gpg-wks-server.
- + commit 38eb5f81d223616e3ee34bdfb41c387ce4e7df22
- * tools/gpg-wks-server.c (PENDING_TTL): New.
- (expire_one_domain, expire_pending_confirmations): New.
- (command_cron): New.
- (main): Implement --cron.
-
- wks: Try to send an encrypted confirmation back.
- + commit 5de41c4ecef32add89044b8a550a47cce8c6d61e
- * tools/gpg-wks-client.c (encrypt_response_status_cb): New.
- (encrypt_response): New.
- (send_confirmation_response): Encrypt the response.
-
- * tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
- BODY and BODYENC.
-
- wks: Also create DANE record.
- + commit d3837e0435921bfa5587a50738f5924a5fdf976a
- * tools/gpg-wks-server.c (copy_key_as_dane): New.
- (check_and_publish): Also publish as DANE record.
-
- gpg: Extend import-option import-export to print PKA or DANE.
- + commit 9b075575cdc5851b019aed5ca5d5e18416beec8e
- * g10/export.c (do_export_stream): Move PKA and DANE printing helper
- code to ...
- (print_pka_or_dane_records): this fucntion.
- (write_keyblock_to_output): Add arg OPTIOSN and call
- print_pka_or_dane_records if requested.
-
- gpg: Move a function from import.c to export.c.
- + commit 0f5b105d96780a29cc58893285e6c38482e0cc2d
- * g10/import.c (write_keyblock_to_output): Move to ...
- * g10/export.c (write_keyblock_to_output): here. Add arg WITH_ARMOR.
- Also make sure never to export ring trust packets.
-
-2016-07-11 Werner Koch <wk@gnupg.org>
-
- gpgconf: Enhance --list-dirs.
- + commit 7732b332886792b2bbf47ecf7430e953f1c55a2c
- * tools/gpgconf.c (main) <aListDir>: Factor code out to ...
- (list_dirs): new. Rewrite to use a table. Allow selection of a
- items. Add "agent-ssh-socket".
-
-2016-07-09 NIIBE Yutaka <gniibe@fsij.org>
-
- gpgv: Tweak default options for extra security.
- + commit e32c575e0f3704e7563048eea6d26844bdfc494b
- * g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
- cached status. Similarly, set opt.flags.require_cross_cert for backsig
- validation for subkey signature.
-
-2016-07-07 Werner Koch <wk@gnupg.org>
-
- gpg: Add export options "export-pka" and "export-dane".
- + commit cbe467e794f3be81b8da2bcb1732b5514b13b71d
- * g10/options.h (EXPORT_PKA_FORMAT): New.
- * g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
- * g10/export.c: Include zb32.h.
- (parse_export_options): Add options "export-pka" and "export-dane".
- (do_export): Do not armor if either of these option is set.
- (print_pka_or_dane_records): New.
- (do_export_stream): Implement new options.
-
- gpg: Split a too large export function.
- + commit b05878f32aa507aa9087d7c992b630840b5ad71c
- * g10/export.c (do_export_stream): Factor some code out to ...
- (do_export_one_keyblock): new.
-
-2016-07-07 Justus Winter <justus@g10code.com>
-
- gpgscm: Capture output of spawned processes.
- + commit 2f61aa0ff11b194d20307751ab686c87cd47dd56
- * tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
- return stdout if the child exited successfully, or include stderr in
- the error.
- * tests/openpgp/version.scm: Demonstrate this by checking the stdout.
-
-2016-07-06 Werner Koch <wk@gnupg.org>
-
- doc: Escape file names in generated macros.
- + commit 511c2522b95333226a5e45e538fed29dd44c9be3
- * doc/mkdefsinc.c (print_filename): New.
- (main): Use it here.
-
- wks: Let the server take the encrytion key from the file.
- + commit e5896da666551da5322b2ae5458d429b9e60241e
- * tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
- 'keyfile'.
- (store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
- (send_confirmation_request): Add arg 'keyfile'.
- (process_new_key): Pass on the name of the keyfile.
-
- gpg: New options --recipient-file and --hidden-recipient-file.
- + commit a479804c86bc24bfab101f39464db3ecfbaedf6d
- * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
- (opts): Add options --recipient-file and --hidden-recipient-file.
- (main): Implement them. Also remove duplicate code from similar
- options.
- * g10/keydb.h (PK_LIST_FROM_FILE): New.
- (PK_LIST_SHIFT): Bump up.
- * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
- (find_and_check_key): Add and implement arg FROM_FILE.
- (build_pk_list): Pass new value for new arg.
- * g10/getkey.c (get_pubkey_fromfile): New.
- * g10/gpgv.c (read_key_from_file): New stub.
- * g10/test-stubs.c (read_key_from_file): New stub.
- * g10/server.c (cmd_recipient): Add flag --file.
- * g10/import.c (read_key_from_file): New.
-
- * tests/openpgp/defs.scm (key-file1): New.
- (key-file2): New.
- * tests/openpgp/setup.scm: Add their private keys and import the
- key-file1.
- * tests/openpgp/encrypt.scm: Add new test.
-
- gpg: New option --no-keyring.
- + commit 073be51a866cb5600479c504a44ae5ac94a449a2
- * g10/gpg.c (oNoKeyring): New.
- (opts): Add "--no-keyring".
- (main): Do not register any keyring if the option is used.
-
- gpg: Document use of node flags in import.c and remove unused args.
- + commit fdfde91595109e51a5b8fafd292244ad41dfb83d
- * g10/import.c (NODE_GOOD_SELFSIG): New. Use instead of 1.
- (NODE_BAD_SELFSIG): New. Use instead of 2.
- (NODE_DELETION_MARK): New. Use instead of 4.
- (NODE_FLAG_A): New. Use to mark new nodes in merge_blocks.
- (chk_self_sigs): Remove unused args FNAME and PK.
- (import_one): Adjust call. Simplify error return because
- chk_self_sigs does not return an error code.
- (append_uid, append_key, merge_sigs, merge_keysigs): Remove unsued
- args FNAME and KEYID.
- (merge_blocks, import_one, import_secret_one)
- (import_revoke_cert): Remove unused arg FNAME.
-
- gpg: Get rid of an unused arg in a function in getkey.c.
- + commit 7e0c48eb6f18a80142ca2a0f76fe8d270a4e5b33
- * g10/getkey.c (pk_from_block): Remove unused arg CTX. Change all
- callers.
-
- gpg: Change calling convention for a function in getkey.c.
- + commit 9385dfeb9dd6d83608a10c7896c341f585a25a2b
- * g10/getkey.c (merge_selfsigs): Remove arg CTX. Add args REQ_USAGE
- and WANT_EXACT.
- (finish_lookup): Adjust caller. Set LOOKUP_NOT_SELECTED here...
- (lookup): and not here.
-
-2016-07-05 Werner Koch <wk@gnupg.org>
-
- gpg: Fix possible out-of-bounds read in is_armored.
- + commit 5d1a9c4dc823b418db6c4686da55ee3abdf023b0
- * g10/armor.c (check_input): Call is_armored only if LEN >= 2.
- (unarmor_pump): Use a 2 byte buffer for is_armored.
-
-2016-07-05 Justus Winter <justus@g10code.com>
-
- tests: Honor environment variable 'TMP'.
- + commit 8270580a5a70874beeffcdd16221937db4bcdc93
- This fixes problems with long socket names, e.g. when doing distcheck.
-
- * tests/gpgscm/tests.scm (path-join): New function.
- (with-temporary-working-directory): Honor 'TMP'.
- (make-temporary-file): Likewise.
- * tests/migrations/Makefile.am (TMP): Default to '/tmp'.
- (TESTS_ENVIRONMENT): Set 'TMP'.
- * tests/openpgp/Makefile.am (TMP): Default to '/tmp'.
- (TESTS_ENVIRONMENT): Set 'TMP'.
-
- gpgscm: Improve robustness and compatibility.
- + commit f26fe4f73e8430d93c03d95a8a24fdabd078bb20
- * tests/gpgscm/ffi.c (do_getenv): Avoid gccism.
- (do_mkdtemp): Handle errors.
-
- tests/migrations: Fix distcheck.
- + commit b70d08827ddb56423ad610b4ebaaaf9cc763512f
- * tests/migrations/Makefile.am (TESTS): Rename test.
- (TEST_FILES): Update list.
- (EXTRA_DIST): Add common.scm.
- * tests/migrations/common.scm (GPGTAR): New variable.
- (dearmor): Rename and untar archive.
- * tests/migrations/extended-private-key-format.scm: Rename.
- (setup): Update.
- * tests/migrations/extended-pkf.tar.asc: New file.
- * tests/migrations/extended-private-key-format.gpghome: Delete.
- * tests/migrations/from-classic.gpghome: Likewise.
- * tests/migrations/from-classic.scm (setup): Update.
- * tests/migrations/from-classic.tar.asc: New file.
-
- tools/gpgtar: Provide --create and --extract.
- + commit 0b8a3358798b7028be872a923da2e275da67d592
- * tools/gpgtar.c (cmd_and_opt_values): New values.
- (opts): New actions.
- (parse_arguments): Handle new actions.
- * tests/openpgp/gpgtar.scm: Test new interface.
-
- g10: Fix out-of-bounds read.
- + commit a6b87981f7ddef42b25703723162c647e312b125
- * g10/armor.c (use_armor_filter): We need two bytes for 'is_armored'.
-
-2016-07-04 Werner Koch <wk@gnupg.org>
-
- wks: Add command --read to gpg-wks-client.
- + commit 8c8ae043b8d65cb79e0e99c5bdbdcbf34714bd0c
- * tools/gpg-wks-client.c (aRead): New.
- (opts): Add command "--read".
- (main): Implement that.
-
- tests: Add a gettime test for sizeof (time_t) > 4.
- + commit 27d158ead4a2b9c52269ef28d050a49c786c7d13
- * common/t-gettime.c (test_isotime2epoch): Add 4 more tests.
-
-2016-07-03 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid spurious failures on keyblocks with no or only deleted nodes.
- + commit 9177a897732b3cebf3f15c97c1f613f71b6318fe
- * g10/import.c (write_keyblock_to_output): Clear ERR on success.
-
- wks: Let the client only export the requested UID.
- + commit 1bfed0bbc5ec9d60d4fb3a0f5c865923ed3563e7
- * tools/gpg-wks-client.c (get_key): Export only the requested uid.
-
- tools: Call sendmail directly from the wks tools.
- + commit 7705f310f1406fe49b45e16c371b09863313f24f
- * tools/send-mail.c, tools/send-mail.h: New.
- * tools/wks-util.c: New.
- * tools/Makefile.am (gpg_wks_server_SOURCES): Add them.
- (gpg_wks_client_SOURCES): Ditto.
- * tools/gpg-wks.h (opt): Add fields use_sendmail and output.
- * tools/gpg-wks-client.c: Add options --send and --output. Rename
- command --send to --create.
- (command_send, send_confirmation_response): Output via wks_send_mime.
- * tools/gpg-wks-server.c: Add options --send and --output.
- (send_confirmation_request): Output via wks_send_mime.
- (check_and_publish): Add hack for name-value bug.
-
-2016-07-02 Werner Koch <wk@gnupg.org>
-
- tools: Add options to gpg-wks-server.
- + commit c619035d9cd0c9cef62facf5365321289051f9a0
- * tools/gpg-wks.h (opt): Add 'default_from' and 'extra_headers'.
- * tools/gpg-wks-server.c (oFrom, oHeader): New.
- (parse_arguments): Set them and check args.
- (get_submission_address): New.
- (send_confirmation_request): Set correct From address. Add extra
- headers.
- (process_new_key): Return an error code.
-
- tools: Extend mime-maker.c:mime_maker_add_header.
- + commit 0e36a1d1fb79c2b75c081616eed00075190b38aa
- * tools/mime-maker.c (add_header): Check header name and allow
- name-value syntax.
- (mime_maker_add_header): Add mode for a syntax check.
-
- doc: Describe filter expressions.
- + commit 442efa9b3ff211c692b6967a944b3d9371ad1bb7
- * doc/gpg.texi: Remove some superfluous .E.
- (FILTER EXPRESSIONS): New.
-
- yat2m: Fix table formatting.
- + commit aae3cdb61555db4efb26f522030c8303a731d4a9
- * doc/yat2m.c (proc_texi_cmd): Use .TQ for @itemx. Print a .P at the
- end of a level 0 table.
-
-2016-07-01 Werner Koch <wk@gnupg.org>
-
- gpg: New option --export-filter.
- + commit 7bfc86c938d11c14ea78b196c82ceba2a2f5317d
- * g10/gpg.c (oExportFilter): New.
- (opts): Add --export-filter.
- (main): Handle option.
- * g10/export.c: Include recsel.h, init.h, and mbox-util.h.
- (export_keep_uid): New global var.
- (cleanup_export_globals): New.
- (parse_and_set_export_filter): New.
- (filter_getval): New.
- (apply_keep_uid_filter): New.
- (do_export_stream): Apply filter if set.
-
- gpg: New option --import-filter.
- + commit 5137bf73ccc98a72c2eeac148e4d4b5d58f0a854
- * g10/gpg.c (oImportFilter): New.
- (opts): Add --import-filter.
- (main): Handle option.
- * g10/import.c: Include recsel.h, init.h, and mbox-util.h.
- (import_keep_uid): New global var.
- (cleanup_import_globals): New.
- (parse_and_set_import_filter): New.
- (filter_getval): New.
- (apply_keep_uid_filter): New.
- (import_one): Apply filter if set.
-
- gpg: Allow to cache the mbox in a user id struct.
- + commit f015552374d69e28292a12f2b91ab34d65c9b457
- * g10/packet.h (PKT_user_id): Add field 'mbox'.
- * g10/free-packet.c (free_user_id): Free that.
-
- gpg: Make sure a user ID packet has always a terminating Nul in memory.
- + commit d8bce478be3ae9e401841a77d189ef3c81ccb757
- * g10/keygen.c (write_uid): Avoid overflow.
-
- common: Add function to select records etc.
- + commit 681c6ef757a73fc1a63a552186e038db179494aa
- * common/recsel.c, common/recsel.h: New.
- * common/t-recsel.c: New.
-
- common: Smart up register_mem_cleanup_func.
- + commit 6446a6b3dfd3b2e68b4285870f902ed1f86b0866
- * common/init.c (register_mem_cleanup_func): Avoid double registration.
-
-2016-07-01 Justus Winter <justus@g10code.com>
-
- common: Annotate semi-static allocation.
- + commit 49fdd0887c84ed7f7b858b9e7ffa146fcb7f1e87
- * common/argparse.c (optfile_parse): Allow string arguments to leak.
-
- g10: Fix memory leak.
- + commit 78aeb236fe4ff3a6d51b3095148e7086f2a6e9a8
- * g10/keyserver.c (parse_keyserver_uri): Free URI.
-
- tools/gpgtar: Annotate semi-static allocation.
- + commit cff63da930b6b3f0253668911e0931713b2b584a
- * tools/gpgtar.c (shell_parse_argv): Annotate argument vector as
- leaked.
-
- g10: Fix memory leak.
- + commit c454922ffa71929c810c6ff048d902498575302f
- * g10/import.c (transfer_secret_keys): Release curve from the previous
- iteration.
-
- g10: Fix build with disabled kbnode cache.
- + commit ff77b92aae9c8e20cbc7fa7c294adcc6a8c2f614
- * g10/kbnode.c (release_unused_nodes): Fix build with disabled kbnode
- cache.
-
- g10: Fix memory leak.
- + commit 44d4c695722d96b3bbef16f2843f62413b9670cd
- * g10/trustdb.c (tdb_get_validity_core): Fix kbnode leak.
-
- g10: Fix memory leak.
- + commit 5fafd18d474da7b763f5b82c73b6ca4288e136d7
- * g10/keygen.c (keygen_set_std_prefs): Fix memory leak.
-
- Fix trivial memory leaks in tests.
- + commit 6bfbc368f90b274192d3751274816091675f5109
- * dirmngr/t-ldap-parse-uri.c (check_ldap_escape_filter): Free result.
- * g10/t-stutter.c (main): Free file name.
-
-2016-06-30 Justus Winter <justus@g10code.com>
-
- tools: Fix trivial memory leak.
- + commit 8f39185d7bfa0bc749f9ccf4a041d2da4eba24ff
- * tools/gpg-connect-agent.c (main): Fix trivial memory leak.
-
- g10: Fix memory leak.
- + commit 401db0eebbcd28dca8f4059706bfbd18d8cc7528
- * g10/export.c (do_export_stream): Free secret parameters.
-
- g10: Fix memory leak.
- + commit eb4cdbefb05795b77a8a72189eff246b84442caf
- * g10/keygen.c (read_parameter_file): Free 'line'.
-
- g10: Fix memory leak.
- + commit 1de362af9094e0a1a0be60f77fbea7c5190a4dcc
- * g10/sign.c (mk_notation_policy_etc): Free 'mbox'.
-
- common: Fix memory leak.
- + commit 6b9a89e4c7d6f19de62e0a908a8d80c98bf99819
- * g10/textfilter.c (copy_clearsig_text): Free buffer.
-
- common: Fix memory leak.
- + commit d2d19063d3adf29340aeb39f14e1b1e9aacf41e7
- * common/iobuf.c (iobuf_set_partial_body_length_mode): Only create
- context if necessary.
-
- common: Fix memory leak.
- + commit 9037c23979866e6e085b3e32f973bcba590a2635
- * common/simple-pwquery.c (agent_open): Free socket path.
-
- g10: Fix keybox-related memory leaks.
- + commit 29beea6462cca32d3278b0f7f9364ff4342327b8
- * g10/keydb.c (keydb_release): Clear keyblock cache.
- (keydb_get_keyblock): Revert previous change.
- * kbx/keybox-blob.c (create_blob_finish): Free previous buffer, free
- fixups after applying them.
- (_keybox_release_blob): Free buffer. Currently, the buffer has been
- extracted before the keybox is released, but this is the right thing
- to do here.
-
- g10: Fix memory leak.
- + commit 5869f518cbd8b41b4c9880fc593216b9efeea430
- * g10/compress.c (release_context): Free buffers.
-
- g10: Fix memory leak.
- + commit 84f262102be19334534cccc66ed7eceea2714527
- * g10/sign.c (write_plaintext_packet): Free packet.
-
- g10: Fix memory leak.
- + commit abae8a9dc8a00cf46291ccb40644b3a7aa477307
- * g10/mainproc.c (release_list): Do not exit early if list is NULL,
- there are other resources that must be released.
-
- gpgscm: Fix reallocating string ports.
- + commit 5003caa8fdc80afd5748835c06621014f83e6ec4
- * tests/gpgscm/scheme.c (realloc_port_string): Use memcpy because
- Scheme strings may contain 0s.
-
- gpgscm: Free memory backing string ports.
- + commit 599ad21104e622acbd1230d90d6a23abf9145499
- * tests/gpgscm/scheme.c (finalize_cell): Free memory backing string
- ports.
-
- gpgscm: Use the allocator from libgcrypt.
- + commit d4ede89981c769b0626ab2b37615da1d12a3b078
- * tests/gpgscm/main.c (main): Use the allocator from libgcrypt.
-
- w32: Fix build.
- + commit dbcb342eaf1738798a5378d9ecd83c7946140d54
- * g10/keyedit.c (keyedit_quick_revuid): Fix call to
- 'check_trustdb_stale'.
-
-2016-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- g10: Implement gpg --quick-revuid.
- + commit 55d112eeb0743e90be46d15dbae67368ee7d4b50
- * g10/revoke.c (get_default_uid_revocation_reason): New.
- * g10/keyedit.c (menu_revuid): Break out creation of uid revocation
- into new function core_revuid.
- * g10/keyedit.c (keyedit_quick_revuid): New. Selects key and
- uid, invokes core_revuid.
- * g10/gpg.c (main): Handle --quick-revuid argument.
- * doc/gpg.texi: Document --quick-revuid.
-
-2016-06-29 Werner Koch <wk@gnupg.org>
-
- tools: Add gpg-wks-client and gpg-wks-server.
- + commit 5d6c83deaa11327366b0038928200b9f9f85b426
- * configure.ac: Add option --enable-wks-tools
- * tools/gpg-wks-client.c: New.
- * tools/gpg-wks-server.c: New.
- * tools/gpg-wks.h: new.
- * tools/wks-receive.c: New.
- * tools/call-dirmngr.c, tools/call-dirmngr.h: New.
-
- build: Improve GNUPG_BUILD_PROGRAM macro.
- + commit d8ee0d79a702c92a257884bab86183d32d16ff0e
- * acinclude.m4 (GNUPG_BUILD_PROGRAM): Allow for dash in options.
-
- tools: Add modules for MIME parsing and creating.
- + commit c334fa8df0e3901857e1a277d3277a873ae4af74
- * tools/mime-maker.c: New.
- * tools/mime-maker.h: New.
- * tools/mime-parser.c: New.
- * tools/mime-parser.h: New.
-
-2016-06-28 Justus Winter <justus@g10code.com>
-
- gpgscm: Fix memory leaks.
- + commit 9c67958c4737b34c60ef2076f57234eec155eb36
- * tests/gpgscm/ffi-private.h (ffi_schemify_name): Fix prototype.
- (ffi_define_function_name): Free schemified name.
- (ffi_define_function): Likewise.
- (ffi_define_constant): Likewise.
- (ffi_define_variable_pointer): Likewise.
- * tests/gpgscm/ffi.c (do_wait_processes): Free arrays.
- (ffi_schemify_name): Fix type.
- * tests/gpgscm/main.c (main): Free 'sc'.
-
- gpgscm: Free file names.
- + commit 6cb2be91a7cc8a9b8ec42f3956adbb19347318e3
- * tests/gpgscm/scheme.c (scheme_load_named_file): Free file name.
-
- gpgscm: Fix buffer overflow.
- + commit 56cebdc30c10eaec179a6911e308074264d876ae
- * tests/gpgscm/scheme.c (store_string): Avoid writing past allocated
- buffer.
-
- g10: Fix memory leaks.
- + commit c57501cc5fa84dbaf560c0fc18853c9540e918af
- * g10/keydb.c (keydb_get_keyblock): Free 'sigstatus' and 'iobuf'.
- * g10/t-keydb-get-keyblock.c: Fix trivial memory leaks.
- * g10/t-keydb.c: Likewise.
-
- common: Fix memory leaks.
- + commit c14ef10fc347d966a1efcb5c2000cbf3aaafa905
- * common/ccparray.c (ccparray_put): Free old array.
- * common/stringhelp.c (do_make_filename): Free 'home'.
- * common/t-convert.c: Fix trivial memory leaks.
- * common/t-iobuf.c: Likewise.
- * common/t-mbox-util.c: Likewise.
- * common/t-name-value.c: Likewise.
- * common/t-stringhelp.c: Likewise.
- * common/t-strlist.c: Likewise.
-
-2016-06-28 Werner Koch <wk@gnupg.org>
-
- dirmngr: add option to retrieve extra WKS info.
- + commit b1e8e0d4b945e077966fb98175191aed056bd957
- * dirmngr/server.c (cmd_wkd_get): Add option --submission-address.
-
- gpg: Add hack to --quick-gen-key to create Curve25519 keys.
- + commit 20ca075d9605e27e25a780bcc465c7371400ca61
- * g10/keygen.c (quick_generate_keypair): Add special algo string
- "test-default".
-
- common: New function rfctimestamp.
- + commit 1ddf5b846fc058171af5f2784dad866b73eb0205
- * common/gettime.c (rfctimestamp): New.
-
- common: Add missing header file for clarity.
- + commit 781e614e3b4586da27e54caca39b6a7ed42fc7c7
- * common/zb32.c: Include zb32.h.
-
-2016-06-28 Justus Winter <justus@g10code.com>
-
- tools/gpgtar: Fix handling of '-'.
- + commit 4819f687c48c7972c39ae29c7af1e891a4d57360
- * tools/gpgtar-extract.c (gpgtar_extract): Use stdin if file is '-'.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
-
- common: Close input stream.
- + commit d36f664bfdc39c05927cb6e14fe1b3ecb7b64bfa
- * common/exechelp-posix.c (gnupg_spawn_process): Also close the input
- stream in the child.
-
- common: Fix copying data from the spawned child.
- + commit 8f79c31b4d465eeaf81c8046c35bb8c34512dd8d
- Fixes intermittent gpgtar failures.
-
- * common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'.
- (gnupg_exec_tool_stream): Loop until all data is copied.
-
-2016-06-28 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix --list-packets.
- + commit 52f65281f9743c42a48bf5a3354c9ab0ecdb681a
- * g10/gpg.c (main): Call set_packet_list_mode after assignment of
- opt.list_packets.
- * g10/mainproc.c (do_proc_packets): Don't stop processing with
- --list-packets as the comment says.
- * g10/options.h (list_packets): Fix the comment.
- * g10/parse-packet.c: Fix the condition for opt.list_packets.
-
-2016-06-25 Werner Koch <wk@gnupg.org>
-
- build: Add aclocal macro from pkg-config.
- + commit b6872353bae778d11730f5d0afd2192750777647
- * m4/pkg.m4: New.
-
- yat2m: Silence lint warnings and fix a printf format bug.
- + commit 22b9bea1c3d0e944aa539a87d79e47d92ca5309f
- * doc/yat2m.c (ATTR_PRINTF, ATTR_NR_PRINTF, ATTR_MALLOC): New.
- (die, err, inf, xmalloc, xcalloc): New prototypes with attributes.
- (get_section_buffer): Take care of !N_SECTIONS.
- (proc_texi_cmd): Cast precision format arg.
- (proc_texi_buffer): Do not set IN_CMD when not used afterwards.
-
-2016-06-24 Werner Koch <wk@gnupg.org>
-
- gpg: New import option "import-export".
- + commit 7bca3be65e510eda40572327b87922834ebe07eb
- * g10/import.c (parse_import_options): Add option "import-export".
- (write_keyblock_to_output): New.
- (import_one): Implement option.
-
-2016-06-23 Werner Koch <wk@gnupg.org>
-
- gpg: New import option "import-show".
- + commit 1e5959ec059ba41f4de1e2f953300bc040efc16f
- * g10/options.h (IMPORT_SHOW): New.
- * g10/import.c (parse_import_options): Add "import-show".
- (import_one): Implement that.
-
- gpg: Do not print the validity after key generation.
- + commit 09c6f7135150efbbeb459d4ae0189a81e9d180f8
- * g10/keylist.c (struct keylist_context): Add field NO_VALIDITY.
- (list_keyblock_print): Take care of it.
- (list_keyblock_direct): Add arg NO_VALIDITY.
- * g10/keygen.c (do_generate_keypair): Merge keyblock and print w/o
- validity.
-
- common: Fix possible small memory leak in b64dec.c.
- + commit c229ba4d8b9b16052ee0b9573bed7905be602cdf
- * common/b64dec.c (b64dec_finish): Always release TITLE.
-
-2016-06-23 Justus Winter <justus@g10code.com>
-
- tests/openpgp: Fake the system time for the tofu test.
- + commit e584d6468a2e72cd01e55f46104f9f96b56c0b66
- The keys in the tofu test are set to expire on 2016-09-17. Fake the
- system time for this test.
-
- This commit includes changes to the old test as well, for those who
- need to backport it.
-
- * tests/openpgp/gpg-agent.conf.tmpl: Drop trailing newlines.
- * tests/openpgp/tofu.scm: Fake system time.
- * tests/openpgp/tofu.test: Likewise.
-
- gpgscm: Handle exceptions in the transformation monad.
- + commit 145910afc077e7a5df6cc8b10e180dfa6ce38cc3
- * tests/gpgscm/tests.scm (pipe:do): Raise errors.
- (tr:spawn): Catch and return errors.
- (tr:call-with-content): Likewise.
- (tr:{open,write-to,pipe-do,assert-identity,assert-weak-identity}):
- Adapt.
-
- tests/openpgp: Improve tests.
- + commit 1e822654c1dcfc23a9ef689f4e18c0ebba18baca
- * tests/openpgp/multisig.scm: Simplify test.
- * tests/openpgp/setup.scm (dearmor): Use pipe.
-
- gpgscm: Add types for special objects.
- + commit 332fa86982dc811640ac8643332d8375816e5b81
- * tests/gpgscm/scheme.c (enum scheme_types): Add types for boolean,
- nil, eof, and the sink object.
- (type_to_string): Handle new types.
- (scheme_init_custom_alloc): Give special objects a type.
-
- gpgscm: Fix Scheme initialization.
- + commit e6e56adf208f194ecafda29bb1c1c06655348432
- This potentially causes a crash if the garbage collector marks an eof
- object.
-
- * tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize
- 'EOF_OBJ'.
-
-2016-06-23 Werner Koch <wk@gnupg.org>
-
- common: Add dedicated private key functions to name-value.c.
- + commit 3ead21da80da4570e77036cc05303914c9b1f364
- * common/name-value.c (struct name_value_container): Add field
- 'private_key_mode'.
- (my_error): New. Use instead of gpg_error.
- (nvc_new_private_key): New.
- (nve_release): Add arg 'private_key_mode'.
- (nvc_release): Call nve_release with private_key_mode flag.
- (nvc_delete): Ditto.
- (_nvc_add): Do no special case "Key:" in non-private_key_mode.
- (nvc_get_private_key): Return error in non-private_key_mode.
- (nvc_set_private_key): Ditto.
- (nvc_parse): Factor all code out to ...
- (do_nvc_parse): new. Add arg 'for_private_key'.
- (nvc_parse_private_key): New.
- * agent/findkey.c (write_extended_private_key): Replace nvc_parse by
- nvc_parse_private_key.
- (read_key_file): Ditto.
-
- * common/t-name-value.c (private_key_mode): New variable.
- (my_nvc_new): New. Replace all callers.
- (test_key_extraction): Take mode in account.
- (run_tests): Ditto.
- (run_modification_tests): Ditto.
- (parse): Ditto.
- (main): Add option --parse and rename --parse to --parse-key.
-
- common: Rename external symbols in name-value.c.
- + commit d74d23d860c1e5039bd595c31c846782c5cb8025
- * common/name-value.c, common/name-value.h: Rename symbol prefixes
- from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers.
-
- common: Rename private-keys.c to name-value.c.
- + commit b841a883a2a66807aa427e65d49067584bedfbe2
- * common/private-keys.c: Rename to name-value.c.
- * common/private-keys.h: Rename to name-value.h. Chage all users.
- * common/t-private-keys.c: Rename to t-name-value.c.
- * common/Makefile.am: Adjust accordingly.
-
- common: Add PGP armor decoding to b64dec.
- + commit 3694579bc4eef27ed53e1845bf03be38c299ce76
- * common/b64dec.c (decoder_states): Add new states.
- (b64dec_proc): Handle PGP armored format.
-
-2016-06-23 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix regression of card-edit/fetch.
- + commit 6f5ff1cfe449cf1f4cb7287bc57570eb794216b2
- * g10/card-util.c (fetch_url): Call keyserver_fetch instead of
- keyserver_import_fprint.
-
-2016-06-21 Justus Winter <justus@g10code.com>
-
- tests/migrations: Convert to Scheme and re-enable.
- + commit f548383d9af912bf93217068cc8aa99a9a6eda93
- * configure.ac: Re-enable.
- * tests/Makefile.am: Likewise.
- * tests/migrations/Makefile.am (TESTS): Use Scheme tests.
- * tests/migrations/common.scm: New file.
- * tests/migrations/extended-private-key-format.scm: Likewise.
- * tests/migrations/from-classic.scm: Likewise.
- * tests/migrations/extended-private-key-format.test: Drop file.
- * tests/migrations/from-classic.test: Drop file.
-
- gpgscm: Add more file handling functions.
- + commit c5e0ca5a59ebd91b67944ca125cc8cd73a9d243e
- * tests/gpgscm/ffi.c (do_glob): New function.
- (ffi_init): Define new function.
- * tests/gpgscm/tests.scm (basename-suffix): New function.x
-
- tests/openpgp: Port the remaining tests to Scheme.
- + commit 0340fcdac864109e3dd6edee759efc96e4d3f84e
- * tests/openpgp/Makefile.am (TESTS): Add new tests.
- * tests/openpgp/defs.scm (gpg-with-colons): New function.
- (get-config): Use new function.
- * tests/openpgp/export.scm: New file.
- * tests/openpgp/tofu.scm: Likewise.
-
- gpgscm: Improve test framework.
- + commit 65081c31e7536d8fb5effcc2c9aeeffc120c9a69
- * tests/gpgscm/lib.scm (echo): Move...
- * tests/gpgscm/tests.scm (echo): ... here.
- (info, error, skip): And use echo here.
- (file-exists?): New function.
- (tr:spawn): Check that source exists and if the sink has been created.
- (tr:call-with-content): Hand in optional arguments.
-
- gpgscm: Use native string searching functions.
- + commit 5fbbc4b334a73150e709a4802cac99abd8ada61d
- * tests/gpgscm/ffi-private.h: Handle character arguments.
- * tests/gpgscm/ffi.c (do_string_index): New function.
- (do_string_rindex): Likewise.
- (do_string_contains): Likewise.
- (ffi_init): Define new functions.
- * tests/gpgscm/ffi.scm (ffi-define): New macro.
- * tests/gpgscm/lib.scm (string-index): Use native function,
- demonstrate behavior.
- (string-rindex): Likewise.
- (string-contains?): Likewise.
- Demonstrate behavior of various other functions.
- (read-all): Rework so that it can handle large files.
-
- gpgscm: Improve error reporting.
- + commit d99949fc8cf541018267964629992d55c97ca9ab
- * tests/gpgscm/scheme.c (type_to_string): New function.
- (Eval_Cycle): Include actual type in error message.
-
- gpgscm: Make memory allocation failures fatal.
- + commit 616582071a2c76c4fb529d4da549aa95ee5d78d6
- * tests/gpgscm/scheme.c (Eval_Cycle): Exit if we run out of memory.
-
-2016-06-21 Werner Koch <wk@gnupg.org>
-
- sm: Do not install cacert and other root certificates.
- + commit c19b2061274cd50838e62a2acbdc7e7d24888e7e
- * doc/Makefile.am (dist_pkgdata_DATA): Move qualified.txt and
- com-certs.pem to ...
- (EXTRA_DIST): here.
-
-2016-06-20 Werner Koch <wk@gnupg.org>
-
- gpg: Add experimental support for an issuer fpr.
- + commit 955baf04364721457cd99aad21942523cd50498c
- * common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
- * g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
- insert the issuer fpr if needed.
- * g10/sign.c (write_signature_packets): Pass signing key.
- (make_keysig_packet): Ditto.
- (update_keysig_packet): Ditto.
- * g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
- (parse_one_sig_subpkt): Detect issuer fpr.
- (can_handle_critical): Add issuer fpr.
- * g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
- * g10/gpgv.c (keyserver_import_fprint): New stub.
- * g10/test-stubs.c (keyserver_import_fprint): New stub.
-
- gpg: New option --rfc4880bis.
- + commit ee2d9061d7abc36b857165a8395203a97380baa2
- * g10/options.h (struct opt): Add field flags.rfc4880bis.
- * g10/gpg.c (oRFC4880bis): new.
- (opts): add --rfc4880bis.
- (main): Implement that and print a warning.
-
-2016-06-19 Niibe Yutaka <gniibe@fsij.org>
-
- scd: Reset nonnull_nad to zero for VENDOR_GEMPC.
- + commit 971064f8b7ad676326b2a468f688037a303717df
- * (parse_ccid_descriptor): nonnull_nad = 0 for all GEMPC device.
-
-2016-06-17 Werner Koch <wk@gnupg.org>
-
- tests: Make make distcheck work again.
- + commit ce1689ea0720552ac900d7b2c4139caf24452018
- * Makefile.am (tests): Remove test code which would led to doubling
- calls to for e.g. "make distclean".
- * tests/Makefile.am: Typo fixes.
- * tests/gpgscm/Makefile.am (EXTRA_DIST): Fix name of License file.
- Add repl.scm.
- (check): Replace by check-local because check is a standard automake
- target.
- * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Replace gmake0sim by
- automake generated macro.
- (EXTRA_DIST): Add defs.scm
-
- gpgscm: Silence compiler warnings.
- + commit dfe5282e5859409849a17d68b2b3a046370f65bd
- * tests/gpgscm/scheme.c (mk_integer): Rename arg NUM to N.
- (fill_vector): Ditto.
- (mark): Rename var NUM to N.
- (set_slot_in_env): Mark SC as unused.
- (is_any): Mark P as unused.
-
- Add license notices for TinySCHEME.
- + commit dc1db12d2c4f9f12bc3f7de37f76293b316c3f35
- * tests/gpgscm/COPYING: Rename to ...
- * tests/gpgscm/LICENSE.TinySCHEME: this.
- * AUTHORS: Add a note about TinySCHEME.
- * build-aux/speedo/w32/pkg-copyright.txt: Add TinySCHEME notice.
-
-2016-06-17 Justus Winter <justus@g10code.com>
-
- tests/openpgp: Reimplement tests in Scheme.
- + commit 9609cb20e4caee739b9fc4fd36797029d2970041
- * Makefile.am: Build the test infrastructure on Windows.
- * tests/openpgp/Makefile.am (required_pgms): Add gpgscm.
- (TESTS_ENVIRONMENT): Make sure gpgscm and the libraries are found.
- (TESTS): Replace tests with the new Scheme implementations.
- * tests/openpgp/4gb-packet.scm: New file.
- * tests/openpgp/README: Likewise.
- * tests/openpgp/armdetach.scm: Likewise.
- * tests/openpgp/armdetachm.scm: Likewise.
- * tests/openpgp/armencrypt.scm: Likewise.
- * tests/openpgp/armencryptp.scm: Likewise.
- * tests/openpgp/armor.scm: Likewise.
- * tests/openpgp/armsignencrypt.scm: Likewise.
- * tests/openpgp/armsigs.scm: Likewise.
- * tests/openpgp/clearsig.scm: Likewise.
- * tests/openpgp/conventional-mdc.scm: Likewise.
- * tests/openpgp/conventional.scm: Likewise.
- * tests/openpgp/decrypt-dsa.scm: Likewise.
- * tests/openpgp/decrypt.scm: Likewise.
- * tests/openpgp/default-key.scm: Likewise.
- * tests/openpgp/defs.scm: Likewise.
- * tests/openpgp/detach.scm: Likewise.
- * tests/openpgp/detachm.scm: Likewise.
- * tests/openpgp/ecc.scm: Likewise.
- * tests/openpgp/encrypt-dsa.scm: Likewise.
- * tests/openpgp/encrypt.scm: Likewise.
- * tests/openpgp/encryptp.scm: Likewise.
- * tests/openpgp/finish.scm: Likewise.
- * tests/openpgp/genkey1024.scm: Likewise.
- * tests/openpgp/gpgtar.scm: Likewise.
- * tests/openpgp/import.scm: Likewise.
- * tests/openpgp/mds.scm: Likewise.
- * tests/openpgp/multisig.scm: Likewise.
- * tests/openpgp/run-tests.scm: Likewise.
- * tests/openpgp/seat.scm: Likewise.
- * tests/openpgp/setup.scm: Likewise.
- * tests/openpgp/signencrypt-dsa.scm: Likewise.
- * tests/openpgp/signencrypt.scm: Likewise.
- * tests/openpgp/sigs-dsa.scm: Likewise.
- * tests/openpgp/sigs.scm: Likewise.
- * tests/openpgp/use-exact-key.scm: Likewise.
- * tests/openpgp/verify.scm: Likewise.
- * tests/openpgp/version.scm: Likewise.
-
- tests/gpgscm: Add a TinySCHEME-based test driver.
- + commit d2ce3f9eee34e380536049c0c9d26ed66273f094
- * configure.ac: Add new component.
- * tests/Makefile.am: Likewise.
- * tests/gpgscm/Makefile.am: New file.
- * tests/gpgscm/ffi-private.h: Likewise.
- * tests/gpgscm/ffi.c: Likewise.
- * tests/gpgscm/ffi.h: Likewise.
- * tests/gpgscm/ffi.scm: Likewise.
- * tests/gpgscm/lib.scm: Likewise.
- * tests/gpgscm/main.c: Likewise.
- * tests/gpgscm/private.h: Likewise.
- * tests/gpgscm/repl.scm: Likewise.
- * tests/gpgscm/scheme-config.h: Likewise.
- * tests/gpgscm/t-child.c: Likewise.
- * tests/gpgscm/t-child.scm: Likewise.
- * tests/gpgscm/tests.scm: Likewise.
-
- tests/gpgscm: Foreign objects support for TinySCHEME.
- + commit 56c36f2932fe2baf8e46efdea4315cf33f3c0338
- * tests/gpgscm/scheme-private.h (struct cell): Add 'foreign_object'.
- (is_foreign_object): New prototype.
- (get_foreign_object_{vtable,data}): Likewise.
- * tests/gpgscm/scheme.c (enum scheme_types): New type.
- (is_foreign_object): New function.
- (get_foreign_object_{vtable,data}): Likewise.
- (mk_foreign_object): Likewise.
- (finalize_cell): Free foreign objects.
- (atom2str): Pretty-print foreign objects.
- (vtbl): Add new functions.
- * tests/gpgscm/scheme.h (struct foreign_object_vtable): New type.
- (mk_foreign_object): New prototype.
- (struct scheme_interface): Add new functions.
-
- Patch from Thomas Munro,
- https://sourceforge.net/p/tinyscheme/patches/13/
-
- tests/gpgscm: Dynamically allocate string buffer.
- + commit 8e5ad9aabdd57457f76078924d33acb94b75a877
- * tests/gpgscm/scheme-config.h (strbuff{,_size}): Make buffer dynamic.
- * tests/gpgscm/scheme.c (expand_strbuff): New function.
- (putcharacter): Adapt length test.
- (readstrexp): Expand buffer if necessary.
- (scheme_init_custom_alloc): Initialize buffer.
- (scheme_deinit): Free buffer.
-
- Patch from Thomas Munro,
- https://sourceforge.net/p/tinyscheme/patches/11/
-
- tests/gpgscm: Make exception value available.
- + commit 3b100da9ada9171d873a796eaf3351d4fceed394
- * tests/gpgscm/init.scm (throw): Hand exception value to the handler.
- (catch): And bind it to *error*.
-
- tests/gpgscm: Add package macro.
- + commit 2907381f4a7b422823b2304ebe550acbb2f66480
- * tests/gpgscm/init.scm: Add package macro from manual.
-
- tests/gpgscm: Expose function to open streams as Scheme ports.
- + commit 55275b8e2b43a3420d85a1a931e02febaa1113e7
- * tests/gpgscm/scheme.c (vtbl): Add 'port_from_file' to the vtable.
- * tests/gpgscm/scheme.h (struct scheme_interface): New field
- 'mk_port_from_file'.
-
- tests/gpgscm: Nicer error message.
- + commit 13bba1357478815a85f5c0db3607ebb6cd574f56
- * tests/gpgscm/scheme.c (opexe_0): Include the value that we tried to
- evaluate as function-like in the error message.
-
- tests/gpgscm: Fix error hook.
- + commit e02c1ccae13e4eb55afef8de4f29022c709404eb
- * tests/gpgscm/init.scm (*error-hook*): Fix error hook so that the
- whole error message is displayed.
-
- tests/gpgscm: Handle unhandled enumeration values.
- + commit 133f25703a47e9bbc28c4532934f405ecdeb2de0
- * tests/gpgscm/scheme.c (opexe_{3,4}): Handle unhandled enumeration
- values in the opcode dispatching code.
-
- tests/gpgscm: Verbatim import of latest TinySCHEME.
- + commit cb989504cdd4f0ff902d31af871dc3ee0d9419ac
- Revision 110 from svn://svn.code.sf.net/p/tinyscheme/code/trunk
-
- * tests/gpgscm/COPYING: New file.
- * tests/gpgscm/Manual.txt: Likewise.
- * tests/gpgscm/init.scm: Likewise.
- * tests/gpgscm/opdefines.h: Likewise.
- * tests/gpgscm/scheme-private.h: Likewise.
- * tests/gpgscm/scheme.c: Likewise.
- * tests/gpgscm/scheme.h: Likewise.
-
-2016-06-17 Werner Koch <wk@gnupg.org>
-
- scd: Make option --homedir work.
- + commit 4e41745b3ea3bb8ffc50af6bafeb1de9c928812f
- * scd/scdaemon.c (opts): Add --homedir.
-
-2016-06-16 Werner Koch <wk@gnupg.org>
-
- Release 2.1.13.
- + commit b3df4e2ac6aa9b4154e923f71b4221533043e5ac
-
-
-2016-06-16 Yuri Chornoivan <yurchor@ukr.net>
-
- po: Update Ukrainian translation.
- + commit d4ce1b04431cf02ebc1bdc7150ad587d599f2a95
-
-
-2016-06-16 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 2273e4f999325cdc9d275507cd07c7e95d62a377
-
-
-2016-06-16 Werner Koch <wk@gnupg.org>
-
- po: Update German translation.
- + commit 69f1b0b041c251abb66f000db173a602693bb18f
-
-
- Add missing files so that make distcheck works again,
- + commit 4d7d292cd5b616b209dfd4302a1deffe11b7be0e
- * tests/openpgp/Makefile.am (CLEANFILES): Add created file
- "passphrases".
- * tools/Makefile.am (EXTRA_DIST): Add no-libgcrypt.c.
-
- tools: Fix typo in function name of symcryptrun.
- + commit e44dd878df58dab27c9cd411d80c4c81501e649a
- * tools/symcryptrun.c (main): Fix typo.
-
-2016-06-15 Niibe Yutaka <gniibe@fsij.org>
-
- g10: Fix another race condition for trustdb access.
- + commit 35a3ce2acf78a95fecbccfd8db0560cca24232df
- * g10/tdbio.c (create_version_record): Call create_hashtable to always
- make hashtable, together with the version record.
- (get_trusthashrec): Remove call to create_hashtable.
-
-2016-06-14 Werner Koch <wk@gnupg.org>
-
- gpg: Print the subkey's curve and not the primary key curve.
- + commit b56aebe76657ce6efa9c6819d5a8c2a31c2bbbba
- * g10/keylist.c (list_keyblock_colon): Use PK2 for the subkey's curve.
-
- ldap: Improve info output for v3 fallback.
- + commit b7e3dfcf139284d30921cf44e7bab43d4244cc37
- * dirmngr/dirmngr_ldap.c (fetch_ldap): Do not use log_debug in an
- unprotected section. Replace log_debug by log_info in verbose mode.
-
-2016-06-14 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Try ldap protocol V3 as fallback.
- + commit f989b6ee0db96c36f13f093cbbcfd1d5b472d03c
- * dirmngr/dirmngr_ldap.c (fetch_ldap): Try V3 Protocol in case
- default Protocol gives error.
-
- dirmngr: Print ldap error if bind fails.
- + commit 5faddcb2927a997e05fb34eb270982096d1fe3a4
- * dirmngr/dirmngr_ldap.c (fetch_ldap): Use ldap_err2string on bind
- return.
-
-2016-06-14 Werner Koch <wk@gnupg.org>
-
- gpgsm: Allow ciphers AES192 and SERPENT256.
- + commit 5f9bd7a9e1ed4edcbb6c4e908d4bea5cd7dc9e68
- * sm/gpgsm.c (main): Add AES192 cipher. Allow SERPENT256.
-
- doc: Add files and envvars to a new index.
- + commit 2423238ee4c8a8c531dfe9e45c95f2760b638faa
- * doc/gnupg.texi: Define new index "ef".
- (Environment Index): New.
-
- gpg: Avoid endless loop in a tofu error case.
- + commit f980cd2e0e4694a38038f518f290017087d4ce33
- * g10/tofu.c (get_trust): Do not jump to out.
-
- gpg: Split tofu's get_trust function into several smaller ones.
- + commit 1affdf1efc42ed22dc023c92ca5134d5bcbf2686
- * g10/tofu.c (get_trust): Factor code out to ...
- (format_conflict_msg_part1): new and to ...
- (ask_about_binding): new.
-
-2016-06-13 Werner Koch <wk@gnupg.org>
-
- gpg: Un-deprecate option --auto-key-retrieve.
- + commit 9e126af215143fddbdc3949681abb9ffdb9153bb
- * g10/gpg.c (main): Remove deprecation warning.
-
- gpg: New option --disable-signer-uid, create Signer's UID sub-packet.
- + commit 61e7fd68c05ed185728e9da45f7a44a2323065ad
- * g10/gpg.c (oDisableSignerUID): New.
- (opts): New option '--disable-signer-uid'.
- (main): Set option.
- * g10/options.h (opt): Add field flags.disable_signer_uid.
- * g10/sign.c: Include mbox-util.h.
- (mk_notation_policy_etc): Embed the signer's uid.
- * g10/mainproc.c (check_sig_and_print): Do not use WKD for auto key
- retrieval if --disable-signer-uid is used.
-
- gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
- + commit 08c82b1b55d28ffd09b859205b7686bcefae5011
- * g10/packet.h (PKT_signature): Add field 'signers_uid'.
- * g10/parse-packet.c (parse_signature): Set this field.
- * g10/free-packet.c (free_seckey_enc): Free field.
- (copy_signature): Copy field.
- * g10/mainproc.c (akl_has_wkd_method): New.
- (check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
- locate a missing key via the signature's Signer's User ID sub-packet.
- Do this right before trying a keyserver lookup.
-
-2016-06-11 Werner Koch <wk@gnupg.org>
-
- gpg: Remove C-99ism, re-indent, and simplify one function.
- + commit 334e993a71d3abb7d30cb5ee05d578cecf0c3f67
- * g10/call-agent.c (struct keyinfo_data): Rename to
- keyinfo_data_parm_s.
- (agent_get_keyinfo): Replace C-99 style init.
- (keyinfo_status_cb): Use new fucntion split_fields.
- * g10/export.c (match_curve_skey_pk): Add missings returns error
- cases.
- (cleartext_secret_key_to_openpgp): Better clear PK->PKEY first.
-
- common: New function split_fields.
- + commit 5ba99d9302cd86aee99958b71075d5288bb430aa
- * common/stringhelp.c (split_fields): New.
- * common/t-stringhelp.c: Include assert.h.
- (test_split_fields): New.
- (main): Call test.
-
-2016-06-11 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- g10: Export cleartext keys as cleartext.
- + commit c41c46fa84cabbed74a13ded51fc3a817a919367
- * g10/export.c (do_export_stream): If a key is stored by the agent in
- cleartext, then try to export it as cleartext.
- * tests/openpgp/export.test: For secret keys that are stored in
- cleartext, test should try to export without pinentry interaction.
-
- g10: Allow receiving cleartext secret keys from agent.
- + commit a3cb72af79ee645eda212f31ab0b266f2c3d9f29
- * g10/export.c (match_curve_skey_pk): New function, testing whether an
- OpenPGP public key and an S-expression use the same curve.
- * g10/export.c (cleartext_secret_key_to_openpgp): New function,
- filling in the secret key parameters of a PKT_public_key object from
- a corresponding cleartext S-expression.
- * g10/export.c, g10/main.h (receive_seckey_from_agent): Add cleartext
- parameter, enabling retrieval of the secret key, unlocked.
- * g10/export.c (do_export_stream): Send cleartext as 0, keeping current
- behavior.
- * g10/keygen.c (card_store_key_with_backup): Use cleartext=0 to ensure
- that smartcard backups are all passphrase-locked.
-
- g10: Add openpgp_protected flag to agent secret key export functions.
- + commit 7de74320767d15d915942a98ff47c00175a078ed
- * g10/call-agent.c, g10/call-agent.h (agent_export_key): Add
- openpgp_protected flag.
- * g10/export.c (receive_seckey_from_agent): Request openpgp_protected
- secret keys from agent.
- * agent/command.c (hlp_export_key): EXPORT_KEY help text: add a
- brief description of the effect of --openpgp.
-
- g10: report whether key in agent is passphrase-protected or not.
- + commit 00f30cc01c79bbdff5cdc3be795f009f15d3845e
- * g10/call-agent.c, g10/call-agent.h (agent_get_keyinfo): add
- r_cleartext parameter to report whether a key is stored without
- passphrase protection.
- * g10/gpgv.c, g10/test-stubs.c: augment dummy agent_get_keyinfo to
- match new API.
- * g10/export.c, g10/keyedit.c, g10/keygen.c, g10/keylist.c,
- g10/sign.c: pass NULL to agent_get_keyinfo since we do not yet
- need to know whether agent is passphrase-protected.
-
-2016-06-08 Werner Koch <wk@gnupg.org>
-
- Explicitly restrict socket permissions.
- + commit 8127043d549a5843ea1ba2dc6da4906fc2258d53
- * agent/gpg-agent.c (create_server_socket): Call chmod before listen.
- * scd/scdaemon.c (create_server_socket): Ditto.
- * dirmngr/dirmngr.c (main): Ditto.
-
- w32: Fix recent build regression.
- + commit 6790115fd9059e066b4e6feb6b1e3876a1c1d522
- * common/homedir.c (_gnupg_socketdir_internal) [W32]: Add definition
- for NAME.
- * g10/gpg.c (main) [W32]: Fix use og gnupg_homedir.
-
- * agent/gpg-agent.c (remove_socket): Remove unused var P.
- * scd/scdaemon.c (cleanup): Ditto.
-
- gpgconf: New commands --create-socketdir and --remove-socketdir.
- + commit cf4910419e09daf414f76ca2c8ab685c3d488ec1
- * tools/gpgconf.c: Include unistd.h.
- (aCreateSocketDir, aRemoveSocketDir): New.
- (opts): Add --create-socketdir and --remove-socketdir.
- (main): Implement them.
-
- Implement /run/user/UID/gnupg based sockets.
- + commit aab8a0b05292b0d06e3001a0b289224cb7156dbd
- * common/homedir.c: Include sys/stat.h and zb32.h.
- (w32_portable_app, w32_bin_is_bin): Change type from int to byte.
- (non_default_homedir): New.
- (is_gnupg_default_homedir): New.
- (default_homedir): Set non_default_homedir.
- (gnupg_set_homedir): Set non_default_homedir and make
- the_gnupg_homedir and absolute directory name.
- (gnupg_homedir): Return an absolute directory name.
- (_gnupg_socketdir_internal): New.
- (gnupg_socketdir): Implement /run/user/ based sockets.
- * tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
- make_filename by xstrdup.
- * tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
-
- gpgconf: Add option --homedir.
- + commit def512eb67c8a380f3b873cee0f156deef0b6dda
- * tools/gpgconf.c (opts): Add --homedir.
- (main): Set homedir.
-
- Do not use no-libgcrypt dummy for tools.
- + commit 173fa97102fec68670a46ae1b460231e2a183c81
- * tools/Makefile.am (gpgconf_SOURCES): Remove no-libgcrypt.c.
- (gpgconf_LDADD): Add LIBGCRYPT_LIBS.
- (gpg_connect_agent_LDADD): Ditto.
- (gpgtar_LDADD): Ditto.
- * dirmngr/Makefile.am (dirmngr_client_LDADD): Ditto.
- (t_common_ldadd): Ditto. Remove no-libgcrypt.o.
-
- Do not try to remove the enclosing directory of sockets.
- + commit 0faf8951544f43790c412777a926c969540174bd
- * agent/gpg-agent.c (remove_socket): Do not remove the enclosing
- directory.
- * scd/scdaemon.c (cleanup): Ditto.
-
-2016-06-07 Werner Koch <wk@gnupg.org>
-
- common: New function gnupg_socketdir.
- + commit 36550dde998fa1d497098050ca2d4e1a952ed6b6
- * common/homedir.c (gnupg_socketdir): New.
- * agent/gpg-agent.c (create_socket_name): Use new function instead of
- gnupg_homedir.
- (check_own_socket): Ditto.
- (check_for_running_agent): Ditto.
- * agent/preset-passphrase.c (main): Ditto.
- * common/asshelp.c (start_new_gpg_agent): Ditto.
- * scd/scdaemon.c (create_socket_name): Ditto.
- * tools/gpgconf.c (main): Ditto.
- * tools/symcryptrun.c (main): Ditto.
-
- common: Remove homedir arg from start_new_{dirmngr,gpg_agent}.
- + commit fb88f37c40dc156fa0b5bfba4ac85f1e553fd7e9
- * common/asshelp.c (start_new_gpg_agent): Remove arg 'homedir' in
- favor of gnupg_homedir (). Change all callers.
- (start_new_dirmngr): Ditto.
- * common/get-passphrase.c (gnupg_prepare_get_passphrase): Remove arg
- 'homedir'.
-
- Replace use of opt.homedir by accessor functions.
- + commit 22a7ef01aa2c0eb77bcc40174d09104acc35cab1
- * common/homedir.c (the_gnupg_homedir): New var.
- (gnupg_set_homedir): New.
- (gnupg_homedir): New.
- * g10/options.h (struct opt): Remove 'homedir' and replace all users
- by the new accessor functions.
- * g13/g13-common.h (struct opt): Ditto.
- * scd/scdaemon.h (struct opt): Ditto.
- * sm/gpgsm.h (struct opt): Ditto.
- * dirmngr/dirmngr.h (struct opt): Ditto.
- * agent/preset-passphrase.c (opt_homedir): Ditto.
- * agent/protect-tool.c (opt_homedir): Ditto.
-
-2016-06-07 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 650abbab716750d6087a457a25fa2efaaa3567cd
-
-
- gpg: Fix command line parsing of --quick-addkey and --quick-gen-key.
- + commit abeeb84a94be815a16e678b319cb5c8bffde2811
- * g10/gpg.c (main): Compose a block by curly braces.
-
-2016-06-06 Werner Koch <wk@gnupg.org>
-
- gpg: Use --keyid-format=none by default.
- + commit 7257ea2d450238afa4d162fab8001f74782fe43f
- * g10/gpg.c (main): Init keyid_format to KF_NONE.
- * g10/keyid.c (format_keyid): Ditto.
- (keystrlen): Ditto.
-
- gpg: Add option --with-subkey-fingerprint.
- + commit 1d1cb86694fb2223de1da0b3bfffb5c62f505847
- * g10/gpg.c (oWithSubkeyFingerprint): New.
- (opts): Add --with-subkey-fingerprint[s].
- (main): Set that option.
- * g10/options.h (struct opt): Add 'with_subkey_fingerprint'.
- * g10/keylist.c (list_keyblock_print): Print subkey fingerprint.
- (print_fingerprint): Tweak printing to use compact format if
- desirable.
-
- gpg: Implement --keyid-format=none.
- + commit b047388d57443f584f1c1d6333aac5218b685042
- * g10/gpg.c (main): Add option "none" to --keyid-format.
- * g10/options.h (KF_NONE): New.
- * g10/keyid.c (format_keyid): Implement that.
- (keystr): Use format "long" is KF_NONE is in use.
- (keystr_with_sub): Ditto.
- * g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
- Factor some code out to ...
- (print_key_line): new.
- (print_fingerprint): Add mode 20.
- * g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
- flags.primary in the PK. Fix putting a " revoked..." string into the
- colons format.
- * g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
- slightly changes the putput format.
- * g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
- also put "expires: " into the output.
-
-2016-06-04 Werner Koch <wk@gnupg.org>
-
- w32: Require --enable-build-timestamp for the BUILD_HOSTNAME.
- + commit 79b7a8a9e0d41b743ceaee20dc47294359fe0d44
- * configure.ac (BUILD_HOSTNAME): Set to "<anon>" bey default.
- * build-aux/speedo.mk (speedo_pkg_gnupg_configure): Add
- --enable-build-timestamp.
-
-2016-06-02 Werner Koch <wk@gnupg.org>
-
- gpg: Add the fingerprint to KEY_CREATED for subkeys.
- + commit 8d976a6b07c5a356631791b46b590328c1451f31
- * g10/keygen.c (print_status_key_created): Make more robust by
- allowing a NULL for PK.
- (generate_subkeypair): Use print_status_key_created.
- (generate_card_subkeypair): Ditto.
-
- gpg: Try to use the passphrase from the primary for --quick-addkey.
- + commit 1b460f049e5c1c102d8b55ad28781688252c5a6b
- * agent/command.c (cmd_genkey): Add option --passwd-nonce.
- (cmd_passwd): Return a PASSWD_NONCE in verify mode.
- * g10/call-agent.c (agent_genkey): Add arg 'passwd_nonce_addr' and do
- not send a RESET if given.
- (agent_passwd): Add arg 'verify'.
- * g10/keygen.c (common_gen): Add optional arg 'passwd_nonce_addr'.
- (gen_elg, gen_dsa, gen_ecc, gen_rsa, do_create): Ditto.
- (generate_subkeypair): Use sepeare hexgrip var for the to be created
- for hexgrip feature. Verify primary key first. Make use of the
- passwd nonce. Allow for a static passphrase.
-
- gpg: Extend the --quick-gen-key command.
- + commit 01285f909e43e8d6a48fbcc77bb5af53d567d8a2
- * g10/keygen.c (quickgen_set_para): Add arg 'use'.
- (quick_generate_keypair): Add args 'algostr', 'usagestr', and
- 'expirestr'. Implement primary only key mode.
- (parse_algo_usage_expire): Set NBITS for the default algo.
- * g10/gpg.c (main): Extend --quick-gen-key command.
-
- gpg: Improve the new parse_subkey_algostr_usagestr fucntion.
- + commit dcc4cd83821667be22e502af86139bb4bd41bdf7
- * g10/keygen.c (parse_usagestr): Allow "cert".
- (generate_subkeypair): Factor expire parsing out to ...
- (parse_subkey_algostr_usagestr): here. Rename to ...
- (parse_algo_usage_expire): this. Add arg 'for_subkey'. Set CERT for
- primary key and check that it is not set for subkeys.
-
- gpg: New command --quick-addkey.
- + commit 8f2a053a0ffa0430d01a53b4d491a3f0fff683eb
- * g10/keygen.c (DEFAULT_STD_SUBKEYUSE): New.
- (ask_keysize): Factor code out to ...
- (get_keysize_range, fixup_keysize): new.
- (parse_parameter_usage): Factor parsing out to ...
- (parse_usagestr): new. Allow use of "encr" as alias for "encrypt".
- (parse_subkey_algostr_usagestr): New.
- (generate_subkeypair): Add new args. Implement unattended mode.
-
- * g10/keyedit.c (keyedit_quick_sign): Factor some code out to ...
- (find_by_primary_fpr): new.
- (keyedit_quick_addkey): New.
- * g10/gpg.c (aQuickAddKey): New.
- (opts): Add --quick-addkey.
- (main): Implement.
-
- gpg: Do not abort on certain invalid packets.
- + commit d837f6b0eadb14ea08c1c6030b4d6adaaee8778e
- * g10/build-packet.c (write_fake_data): Check for non-opaque data.
- * g10/seskey.c (do_encode_md): Return NULL instead of abort.
-
- common: New function openpgp_is_curve_supported.
- + commit 072acb69be55e366e2da921e3953404765fa3928
- * common/openpgp-oid.c: Include openpgpdefs.h.
- (oidtable): Add field pubkey_algo.
- (openpgp_is_curve_supported): New.
-
-2016-06-01 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Allow User ID length >= 256.
- + commit db1ecc8212defdd183abbb6b1407fcc8d2dc9552
- * build-packet.c (do_user_id): Call write_header2 with HDRLEN not set.
-
-2016-05-31 Werner Koch <wk@gnupg.org>
-
- gpg: New status code NOTATION_FLAGS.
- + commit 67a4bc8d536f6997f14daff4c039abd48a172100
- * common/status.h (STATUS_NOTATION_FLAGS: New.
- * g10/packet.h (struct notation): Add flags.human.
- (notation_t): New typedef.
- * g10/build-packet.c (sig_to_notation): Set flags.human.
- * g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
-
-2016-05-28 Werner Koch <wk@gnupg.org>
-
- common: Add a status callback to gnupg_exec_tool_stream.
- + commit 239a4d53916b47b5b0f0167a9b2c7a8915bb9c52
- * common/exectool.h (exec_tool_status_cb_t): New.
- * common/exectool.c: Include missing exectool.h.
- (read_and_log_buffer_t): Replace array by pointer.
- (gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'.
- Change all callers to pass NULL for them. Malloc buffer for
- FDERRSTATE.
- (read_and_log_stderr): Implement status_fd feature.
-
-2016-05-27 Werner Koch <wk@gnupg.org>
-
- common: Allow a second input stream for gnupg_exec_tool_stream.
- + commit 44a32455c8e41400ea96db4507c8a42bdb65b3b6
- * common/exechelp-posix.c (do_exec): Add arg 'except' and pass to
- close_all_fds.
- (gnupg_spawn_process): Add arg 'except'. Change callers to pass NULL
- for it.
- * common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'.
- * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
- * common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK.
- (gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass
- NULL for it. Allow NULL for OUTPUT.
-
- common: Simplify the fd closing patch 512c56a.
- + commit e6d9a2d07ed7aeac3944d8a7d1317c4a117356b4
- * common/exechelp-posix.c (get_max_fds): Use /proc/self.
-
- common: Speedup closing fds before an exec.
- + commit 512c56af43027149e8beacf259746b8d7bf9b1a2
- * common/exechelp-posix.c [__linux__]: Include dirent.h.
- (get_max_fds) [__linux__]: Return the actual used highest fd.
-
- tools: Improve debug output of rfc822parse.
- + commit ad75ca9c963bebbe02aae8d73e199a705764ae82
- * tools/rfc822parse.c (show_event): Add missing events.
-
- build: Remove obsolete tests for funopen and fopencookie.
- + commit d755bcb89dbeaf6c7c1eca73ccabdf89b536c535
- * configure.ac (AC_CHECK_FUNCS): Remove tests for funopen.
-
- common: Extend gnupg_create_inbound_pipe et al.
- + commit 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
- * common/exechelp-posix.c (gnupg_create_inbound_pipe): Add args 'r_fp'
- and 'nonblock'.
- (gnupg_create_outbound_pipe): Ditto.
- * common/exechelp-w32.c (gnupg_create_inbound_pipe): Add non yet
- functional args 'r_fp' and 'nonblock'.
- (gnupg_create_outbound_pipe): Ditto.
- * common/exechelp-w32ce.c (gnupg_create_inbound_pipe): Ditto.
- (gnupg_create_outbound_pipe): Ditto.
-
- common: Make use of default_errsource in exechelp.
- + commit 96c7901ec1c79be732570811223d3ea54875abfe
- * common/exechelp-posix.c (my_error_from_syserror, my_error): New.
- Use them instead of gpg_error and gpg_error_from_syserror.
- (create_pipe_and_estream): Remove arg ERRSOURCE and fix use of
- OUTBOUND which has a wrong name. Adjust callers.
- (gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of
- DEFAULT_ERRSOURCE.
- * common/exechelp-w32.c (gnupg_spawn_process): Ditto.
- * common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
- * common/exectool.c (gnupg_exec_tool_stream): Do not pass
- GPG_ERROR_FROM_SYSERROR.
- * tools/gpgconf-comp.c (gc_component_check_options): Ditto.
- (retrieve_options_from_program): Ditto.
-
- gpg: Keep current and total of PROGESS status lines small enough.
- + commit 6c957c3d880c069bb843cc58fdcebb9fc344727e
- * g10/progress.c (progress_filter): Factor status wrote out to...
- (write_status_progress): New. Scale values down.
-
-2016-05-27 NIIBE Yutaka <gniibe@fsij.org>
-
- configure: Detection of libusb on FreeBSD.
- + commit b3e043ba905fdf2efcdadbd7022ac53f4408b748
- * configure.ac (LIBUSB_LIBS): Use LIBUSB_NAME for AC_CHECK_LIB.
-
-2016-05-25 Werner Koch <wk@gnupg.org>
-
- build: Switch to new URL for swdb.lst.
- + commit 74028096e06d2904f77b74b373750264e5b7b1ea
-
-
-2016-05-24 Werner Koch <wk@gnupg.org>
-
- gpgtar: Simplify code by using ccparray.
- + commit 91bc7833836f19256d56984c94cacf44853ff5c8
- * tools/gpgtar-create.c (gpgtar_create): Use ccparray functions.
- * tools/gpgtar-extract.c (gpgtar_extract): Ditto.
- * tools/gpgtar-list.c (gpgtar_list): Ditto.
-
- common: Add simple dynamic array function.
- + commit 2421f7f7ed74ed20372efd63a2efd58d3b55005c
- * common/ccparray.c: New.
- * common/ccparray.h: New.
- * common/t-ccparray.c: New.
- * common/Makefile.am (common_sources): Add files.
- (module_tests): Add test file.
- (t_ccparray_LDADD): New.
-
-2016-05-23 Justus Winter <justus@g10code.com>
-
- tests: Test the pinentry interactions when exporting keys.
- + commit b9d1e099c3ec3163c86afe627ecbe028db1facf6
- * tests/openpgp/export.test: Test pinentry interactions.
-
- tests: Add support for a passphrase queue to fake pinentry.
- + commit 4994153924e0948a657edddaef54a39a6001beff
- * tests/openpgp/fake-pinentry.c (get_passphrase): New function.
- (main): Add option --passphrasefile and read passphrases from it.
-
- tests: Add logging to fake pinentry.
- + commit 41b10c66ec1dd33633386f4fc8013ddeab7737ca
- * tests/openpgp/fake-pinentry.c (log_stream): New variable.
- (reply): New function.
- (spacep,skip_options,option_value): Copy from common.
- (main): Parse arguments, add --logfile option, write logfile.
-
- tests: Add export test.
- + commit a54e89a58576108fcae10ceeb4fc65822aecc170
- * tests/openpgp/Makefile.am (TESTS): Add new file.
- * tests/openpgp/export.test: New file.
-
-2016-05-21 Werner Koch <wk@gnupg.org>
-
- gpg: Speed up key listing in Tofu mode.
- + commit 78bb08425af5b1edb7f3ef0119013529b3a9e4ba
- * g10/tofu.c (get_trust): Add arg PK. Uses this instead of a an extra
- lookup of the public key by fingerrpint.
- (tofu_register): Pass PK to get_trust.
- (tofu_get_validity): Ditto.
-
- *g10/tofu.c (tofu_register): Remove unused FINGERPRINT_PP.
-
- gpg: Avoid name spaces clash with future sqlite versions.
- + commit b1ba460d8f3358342c2ee2927114d36e767a439f
- * g10/sqlite.c: Rename to gpgsql.c. Change function prefixes to
- gpgsql_.
- * g10/sqlite.h: Rename to gpgsql.h.
- * g10/tofu.c: Adjust for changes.
-
- gpg: Explicitly close a combined Tofu DB.
- + commit 006a6126131ffd59d9a47889ac031f932ecc5d0b
- * g10/tofu.c (tofu_closedbs): Close combined DB.
-
- gpg: Store the Tofu meta handle for databases in CTRL.
- + commit 754b1c463034a634a678d8efc76c27fd46aad9b9
- * g10/gpg.h (struct tofu_dbs_s, tofu_dbs_t): New declarations.
- (struct server_control_s): Add field tofu.dbs.
- * g10/tofu.c (struct dbs): Rename to tofu_dbs_s. Replace all users by
- by tofu_dbs_t.
- (opendbs): Add arg CTRL. Cache the DBS in CTRL.
- (closedbs): Rename to tofu_closedbs and make global. Add arg CTRL.
- (tofu_register): Add arg CTRL. Change all callers. Do not call
- closedbs.
- (tofu_get_validity): Ditto.
- (tofu_set_policy): Ditto.
- (tofu_get_policy): Ditto.
- (tofu_set_policy_by_keyid): Add arg CTRL.
- * g10/gpg.c (gpg_deinit_default_ctrl): Call tofu_closedbs.
-
- gpg: Pass CTRL object down to the trust functions.
- + commit 027c4e55522b8e18711a3331932a9869ab89ca26
-
-
- gpg: Fix the TOFU_STATS_LONG status.
- + commit fd973ee1c18aa8fe764e09ba4dff589309b2d78d
- * g10/tofu.c (show_statistics): Print TOFU STATS with formatting
- characters.
-
-2016-05-19 Werner Koch <wk@gnupg.org>
-
- gpg: Print "[ never ]" instead of err for validity.
- + commit 437c97ab6a34ff1936001dd05209193b4466a81d
- * g10/trust.c (uid_trust_string_fixed): Handle NEVER.
-
-2016-05-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Adjust the WKD lookup to specs version -01.
- + commit cf97769906337d65289ad58225a5ecc53c715550
- * dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
- domain part.
-
-2016-05-17 Werner Koch <wk@gnupg.org>
-
- gpg: Emit new status line KEY_CONSIDERED.
- + commit ff71521d9698c7c5df94831a1398e948213af433
- * common/status.h (STATUS_KEY_CONSIDERED): New.
- * g10/getkey.c: Include status.h.
- (LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
- (finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
- set flag. Check a requested usage before checking for expiraion or
- revocation.
- (print_status_key_considered): New.
- (lookup): Print new status.
-
-2016-05-11 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix signature checking.
- + commit 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb
- * g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
- walk_kbnode.
-
-2016-05-10 Werner Koch <wk@gnupg.org>
-
- gpg: Allow unattended deletion of secret keys.
- + commit ac9ff644b12c4dfa55d466af8ae6af54d1646893
- * agent/command.c (cmd_delete_key): Make the --force option depend on
- --disallow-loopback-passphrase.
- * g10/call-agent.c (agent_delete_key): Add arg FORCE.
- * g10/delkey.c (do_delete_key): Pass opt.answer_yes to
- agent_delete_key.
-
-2016-05-09 Werner Koch <wk@gnupg.org>
-
- gpg: Fix buglet in the check_all_keysigs function.
- + commit 693838f0125d5d0c963fa3771b1bd117702af697
- * g10/keyedit.c (sig_comparison): Actually compare the pubkey
- algorithms.
-
- gpg: Request a "save" after cmd "check" fixed something.
- + commit d33b35f7481caa0dcb25f9fa7d6c5bb27895297a
- * g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
-
-2016-05-09 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit ff870d59f067d3c5415e231c02a50d5dceac7e48
-
-
-2016-05-04 Werner Koch <wk@gnupg.org>
-
- Release 2.1.12.
- + commit 00df5b1236cac5c7a48638a4613278c5aab486f8
-
-
- speedo,w32: Remove the installation directory page.
- + commit fb1e9df48465c2f77a65dddd257572fdc79d9450
- * build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove.
-
- gpg: Fix const char pointer mismatch with gettext.
- + commit 920b1421b35d1404b8360bd8feac0be659840543
- * g10/tofu.c (get_trust): Use const char *.
-
- speedo: Build sqlite with static-libgcc.
- + commit edce430b039b313cc2d79402a7bd21347490c3be
- * build-aux/speedo/patches/sqlite.patch: New.
- * Makefile.am (EXTRA_DIST): Add file.
-
- speedo: Also try patch files w/o version number.
- + commit 9ea258fa5b45bb5454ee3f5906df5d5eebdec0dd
- * build-aux/speedo.mk (SPKG_template): Try such a patch file.
-
-2016-05-04 Andre Heinecke <aheinecke@intevation.de>
-
- speedo,w32: Install sqlite.
- + commit 2b78223d7587c68e2e27a3d7b365219228da7947
- * build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New.
-
- speedo,w32: Fix uninstallation.
- + commit 5ec76fd0c300b52366cf8d1407fe1c8de3a8a9d4
- * build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and
- dirmngr-conf.skel
-
- speedo,w32: Install localisation.
- + commit 3f58fc64666101e160e9b13fedb6cdaebeb91a7a
- * build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n.
- (-un.libgpg-error, -un.gnupg): Uninstall l10n files.
-
-2016-05-04 Werner Koch <wk@gnupg.org>
-
- tests: Disable the migrations tests.
- + commit d696eb396a9c88319358da4333feb653994d5408
- * tests/Makefile.am (SUBDIRS): Remove migrations.
- * configure.ac (AC_CONFIG_FILES): Remove migrations Makefile.
-
-2016-05-04 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 4fd13ab78dd228d8ff85659cddc2076af8728ebe
-
-
-2016-05-04 Werner Koch <wk@gnupg.org>
-
- po: Update German translation.
- + commit 75f31cdd42eed3555952ac478055d52af841f702
-
-
- Some minor string changes and fixed a printf format.
- + commit d00625dae60f26617d2e1bd4f22c6b35a4e92c91
- * g10/build-packet.c (notation_value_to_human_readable_string): Use
- %zu for size_t.
-
- build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
- + commit 04cc7c3786d91881f83a72799dab058476602a31
- * build-aux/config.guess: Update.
- * build-aux/config.sub: Update.
-
- agent: Make --allow-loopback-pinentry the default.
- + commit 3ef0938cfd8637e9801369f142eb8dd564f2ca61
- * agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
- (opts): Add --no-allow-loopback-pinentry. Hide
- description of --allow-loopback-pinentry.
- (parse_rereadable_options): Set opt.allow_loopback_pinentry by
- default.
- (main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
- in the gpgconf list.
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
-
-2016-05-03 Werner Koch <wk@gnupg.org>
-
- common: Print https URLs in help messages.
- + commit 9e28617e260261de3972c20698b5a01561330e1c
- * common/argparse.c (strusage): Print https URLS.
-
- tests: Silence output of some tests.
- + commit 33aacc3d4bbd6a82d7e7ceca058970879741b7da
- * common/t-exechelp.c (print_open_fds): Silence non-verbose output.
- (test_close_all_fds): Ditto.
- * common/t-session-env.c (show_stdnames): Indent output.
- * g10/test.c (TEST): Silence non-verbose okay output.
- (exit_tests): Ditto.
- * tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
- * tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
- * tests/openpgp/mds.test: Indent MD5 notice.
- * tests/openpgp/version.test: Indent --version output.
-
- gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
- + commit 83865be35cff5355a5c4575cc3b50609819b0baa
- * g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
- (FULL_TRUST_THRESHOLD): New.
- (write_stats_status): New.
- (show_statistics): Call new function. Print TOFU_STATS_LONG.
-
-2016-05-02 Werner Koch <wk@gnupg.org>
-
- gpg: Extend TRUST_foo status lines with the trust model.
- + commit ae1889320b822d48f7118a29391605e9ac992701
- * g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
- * g10/trustdb.c (trust_model_string): Lowercase the strings. Add arg
- "model" and change callers to call with OPT.TRUST_MODEL.
- * g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
- * g10/pkclist.c (write_trust_status): New.
- (check_signatures_trust): Call new function.
-
- gpg: Improve line wrapping for a tofu message.
- + commit 5cef6118580fe658a27d32e85696d88775ad417a
- * g10/tofu.c (time_ago_str): Mark non-breakable spaces.
- (show_statistics): Remove marks.
-
- gpg: Re-format some tofu messages.
- + commit d73e83c3b678add11a5754e199e528aeb39ec8ce
- * common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
- (STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
- * g10/tofu.c (NO_WARNING_THRESHOLD): New.
- (record_binding, tofu_register): Take care of --dry-run.
- (show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
- Fix the ngettext/strcmp thing. Use log_string instead of log_info.
- Use NO_WARNING_THRESHOLD constant.
- (get_trust): Use format_text and print a compact fingerprint.
-
-2016-05-02 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: More fix of error return path.
- + commit 6677d8b61446eb5760a30a2488c992d6e895a9ed
- * scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
- apdu_connect.
-
-2016-04-29 Werner Koch <wk@gnupg.org>
-
- common: Extend log_string to indent lines.
- + commit 35f4b6aafdf1889ed1ae569af5852f47738fe993
- * common/logging.c (do_logv): Add indentation when called via
- log_string.
-
- gpg: Factor some code code out of tofu.c.
- + commit dcad99c98616a6031ddfde313c920339e4012378
- * g10/tofu.c (string_to_long): New.
- (string_to_ulong): New.
- (get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
- (get_single_long_cb): Ditto.
- (signature_stats_collect_cb): Ditto.
- (get_policy): Ditto.
- (show_statistics): Ditto. Uese es_free instead of free.
-
- gpg: Remove all assert.h and s/assert/log_assert/.
- + commit 64bfeafa52a5ed3fa82bdc0ce7ef0edddeef188c
-
-
- common: Improve log_assert.
- + commit 9740dff9f4d18ba764dc7173d4902e94e3f0c2e8
- * common/logging.c (bug_at): Do not i18n the string.
- (_log_assert): New.
- * common/logging.h (log_assert): Use new function and pass line
- information.
-
-2016-04-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix error return path.
- + commit cb4fee8bb645745ff199f7428e19226d5bc63dab
- * scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
- Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.
-
-2016-04-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix memory leaks.
- + commit 508b0deb70d39d388149be9a63fab24cc956a239
- * scd/ccid-driver.c (scan_or_find_usb_device): Return on
- LIBUSB_ERROR_NO_MEM. Free CONFIG before return except on error.
- (scan_or_find_devices): Free device list.
-
-2016-04-27 Werner Koch <wk@gnupg.org>
-
- gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
- + commit 87de9e19edf0311ca0342e15ef44ebe40e32861e
- * g10/getkey.c (parse_auto_key_locate): Add method "wkd".
- (get_pubkey_byname): Implement that method. Also rename a variable.
- * g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
- * g10/keyserver.c (keyserver_import_wkd): New.
- * g10/test-stubs.c (keyserver_import_wkd): Add stub.
- * g10/gpgv.c (keyserver_import_wkd): Ditto.
- * g10/options.h (opt): Add field 'with_wkd_hash'.
- (AKL_WKD): New.
-
- * g10/gpg.c (oWithWKDHash): New.
- (opts): Add option --with-wkd-hash.
- (main): Set that option.
- * g10/keylist.c (list_keyblock_print): Implement that option.
-
- dirmngr: Add experimental command WKD_GET.
- + commit c83c6f212e9bc98a9ea8dd8102bc16edd1a03050
- * dirmngr/server.c (cmd_wkd_get): New.
- (register_commands): Add command WKD_GET.
-
- dirmngr: Use system provided root CAs with KS_FETCH.
- + commit c3aeda82b8d00b87a5af72b4075c487c10dfdf6b
- * dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.
-
-2016-04-26 Werner Koch <wk@gnupg.org>
-
- http: Allow to request system defined CAs for TLS.
- + commit fd765df6a7883c3d841abeb657330a1aab4b7756
- * dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
- * dirmngr/http.c (http_session_new): Add arg "flags".
- * dirmngr/ks-engine-hkp.c (send_request): Use new flag
- HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/t-http.c (main): Ditto.
-
-2016-04-25 Werner Koch <wk@gnupg.org>
-
- common: Minor fixes for the new private-keys.c.
- + commit b7fa4960c292ef1a290d32b7f46bb741bbfc0923
- * common/private-keys.c (my_error_from_syserror): New. Use it in
- place of gpg_error_from_syserror.
- (_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
- (pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
-
- (_pkc_add): Add braces around if-statement.
-
- common: Use new function to print a failure of xtrymalloc.
- + commit 8776abbe02935e720018f3ef6ffd48f21435ff8b
- * common/miscellaneous.c (xoutofcore): New.
- * common/strlist.c (append_to_strlist): Use instead of abort.
- (append_to_strlist_try): Use xtrymalloc instead of xmalloc.
-
-2016-04-21 Justus Winter <justus@g10code.com>
-
- common: Add support for the new extended private key format.
- + commit 12af2630cf4d1a39179179925fac8f2cce7504ff
- * agent/findkey.c (write_extended_private_key): New function.
- (agent_write_private_key): Detect if an existing file is in extended
- format and update the key within if it is.
- (read_key_file): Handle the new format.
- * agent/keyformat.txt: Document the new format.
- * common/Makefile.am: Add the new files.
- * common/private-keys.c: New file.
- * common/private-keys.h: Likewise.
- * common/t-private-keys.c: Likewise.
- * common/util.h (alphap, alnump): New macros.
- * tests/migrations: Add test demonstrating that we can cope with the
- new format.
-
- common: Add 'free_strlist_wipe' which wipes memory.
- + commit c6d1f2f08c68efe7e80887219064a8ce6365128f
- * common/strlist.c (free_strlist_wipe): New function.
- * common/strlist.h (free_strlist_wipe): New prototype.
-
- common: Add 'append_to_strlist_try' which can fail.
- + commit 95303ee11df12f284e98d02dba993eda9e425383
- * common/strlist.c (append_to_strlist): Use the new function.
- (append_to_strlist_try): New function.
- * common/strlist.h (append_to_strlist_try): New prototype.
-
- agent: Convert key format document to org.
- + commit 342cc488890241b41e49f50886617115342721d6
- * agent/keyformat.txt: Convert to org mode.
-
- tests: Make migration test more robust and silent.
- + commit 0c35e09278514f1e3377a4b0a9b1f44dd39b1bf4
- * tests/migrations/from-classic.test: Fix in-tree build, silence test.
-
-2016-04-21 Werner Koch <wk@gnupg.org>
-
- w32: Use --enable-gpg2-is-gpg by default.
- + commit d81de224ecd542922dda649a492dd9550509d7bc
- * autogen.rc: Add option also for plain Windows.
-
- w32: Replace libiconv DLL by iconv feature of libgpg-error.
- + commit bd4d65615b3a5360d455b99e77bd113ad90f1539
- * configure.ac: Do nor require libiconv for W32.
- * common/utf8conv.c [W32]: Do not incluce iconv.h. Request
- libgpg-error iconv macros.
- (jnlib_iconv): Use ICONV_CONST macro.
- * build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
- * build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
-
-2016-04-20 Justus Winter <justus@g10code.com>
-
- agent: Sanitize permissions of the private key directory.
- + commit f8adf1a3234655877a4f985d627d98567507002c
- * agent/gpg-agent.c (create_private_keys_directory): Set permissions.
- * common/sysutils.c (modestr_to_mode): New function.
- (gnupg_mkdir): Use new function.
- (gnupg_chmod): New function.
- * common/sysutils.h (gnupg_chmod): New prototype.
- * tests/migrations/from-classic.test: Test migration with existing
- directory.
-
- tests: Test the migration from a classic GnuPG home directory.
- + commit defbc70b4a16264e067daf76678ecfb9d030dee4
- * configure.ac: Add new directory.
- * tests/Makefile.am (SUBDIRS): Likewise.
- * tests/migrations/Makefile.am: New file.
- * tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise.
- * tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise.
- * tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise.
- * tests/migrations/from-classic.test: Likewise.
-
-2016-04-20 Werner Koch <wk@gnupg.org>
-
- speedo: Use swdb.lst to define the SQLite version.
- + commit 2385b9f1ddc4938e45c01a12a804f4b77d253305
- * build-aux/speedo.mk: Change sqlite to use our mirror and the
- swdb.lst file.
- * build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
- gpg.
-
-2016-04-19 Werner Koch <wk@gnupg.org>
-
- gpg: Improve UID selction of --quick-sign-key.
- + commit d02de6c0a4a55a2720cfa5caddcbfc4ce988a2ec
- * g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
- error for non-found userids.
-
- gpg: Avoid debug like output at start of --edit-key.
- + commit 085b19fc9aa7f2f9b82a97824b117e71390964ec
- * g10/keyedit.c (check_all_keysigs): Print info only after something
- has been modified.
-
-2016-04-15 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Fix https never reported in general help.
- + commit 6272f24312f2efe8707a7712858c85cd5a42e6fa
- * dirmngr/ks-engine-http.c (ks_hkp_help): Also print https
- when supported and no uri provided.
-
- dirmngr: Fix https incorrectly reported in help.
- + commit a0642856b25622c81d3464979c47ff2a30af58fa
- * dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
- is supported.
-
-2016-04-14 Werner Koch <wk@gnupg.org>
-
- agent: Fix regression due to recent commit 4159567.
- + commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2
- * agent/protect.c (do_encryption): Fix CBC hashing.
-
- agent: Allow gpg-protect-tool to handle openpgp-native protection.
- + commit 6df75ec70afeb1a5ad9a00557e1245e1514c37b5
- * agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
- agent_unprotect.
- (main): Allocate a simple CTRL object and pass it to
- read_and_unprotect.
- (convert_from_openpgp_native): Remove stub.
- (agent_key_available, agent_get_cache): New stubs.
- (agent_askpin): New emulation for the one in call-pinentry.c.
- (agent_write_private_key): New to dump key.
- * agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
-
- tests: Set fake-pinentry's stdout and stdin to _IOLBF.
- + commit 94504b3d5af126abb591dedda1ca0f0970822f55
- * tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase
- at startup. Increase buffer.
-
-2016-04-12 Werner Koch <wk@gnupg.org>
-
- agent: Implement new protection mode openpgp-s2k3-ocb-aes.
- + commit 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
- * agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
- to pass -1 for default.
- * agent/protect-tool.c: New option --debug-use-ocb.
- (oDebugUseOCB): New.
- (opt_debug_use_ocb): New.
- (main): Set option.
- (read_and_protect): Implement option.
-
- * agent/protect.c (OCB_MODE_SUPPORTED): New macro.
- (PROT_DEFAULT_TO_OCB): New macro.
- (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
- and timestamp_exp_len. Implement OCB.
- (agent_protect): Change to support OCB.
- (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
- Implement OCB.
- (merge_lists): Allow NULL for sha1hash.
- (agent_unprotect): Change to support OCB.
- (agent_private_key_type): Remove debug output.
-
- indent: Help Emacs not to get confused by conditional compilation.
- + commit 7faf131c8b8710419df3dc13a1228d1977c55f53
- * agent/protect.c (calibrate_get_time) [W32]: Use separate function
- calls for W32 and W32CE.
-
-2016-04-07 Justus Winter <justus@g10code.com>
-
- g10: Fix exporting secret keys of certain sizes.
- + commit 02cf1357dd5ee34a57371f55b9d312b8b9e3a7e8
- * g10/build-packet.c (do_key): Do not use the header length specified
- by the public key packet from the keyring, but let 'write_header2'
- compute the required length.
-
-2016-04-06 Justus Winter <justus@g10code.com>
-
- Revert "g10: Support armored keyrings in gpgv."
- + commit 76ca869197e304daa5a8dd96ea43113ec7b28354
- This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.
-
-2016-04-05 Justus Winter <justus@g10code.com>
-
- dirmngr: Autodetect PEM format in dirmngr-client.
- + commit 9354293b8c9f234939bc04182f15e2fe512e914e
- * dirmngr/dirmngr-client.c (init_asctobin): New function.
- (main): Move the initialization code to the new function.
- (read_pem_certificate): Initialize base64 table.
- (read_certificate): Try to decode certificates given in files as PEM
- first.
-
-2016-04-05 Werner Koch <wk@gnupg.org>
-
- build: Fix for: Build gpgcompose only in maintainer mode.
- + commit f45ed07a0fffa3adbc75b9d5726108a066927599
- * g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
-
- doc: Install gpg and gpgv man pages under the correct name.
- + commit 4dc4fb1c14b3096bb1cdc5923c0d1eb419036805
- * doc/mkdefsinc.c (main): Add double include guard. Set variable
- gpgtwohack. Define macros gpgname and gpgvname.
- * doc/gpg.texi: Remove macro definition for gpgname. Use Texinfo var
- gpgtwohack to prepare the man pages. Use @gpgname everywhere.
- * doc/gpgv.texi: Likewise.
- * doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
- them depending on USE_GPG2_HACK.
-
- build: Build gpgcompose only in maintainer mode.
- + commit 4b5341dc333983a15f649601fdddc42ba9161433
- * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
- mode.
-
- gpg: Replace use of "gpg2" by GPG_NAME.
- + commit 7b58a1118d98543ed6854447d7b403877638ba54
-
-
-2016-04-04 Werner Koch <wk@gnupg.org>
-
- Now build "gpg" binary but install as "gpg2"
- + commit 96bcd4220f1f1313afe12097d8dc62342ac8de0d
- * configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
- * common/homedir.c (gnupg_module_name): Replace use of macro
- NAME_OF_INSTALLED_GPG.
- * g10/keygen.c (generate_keypair): Ditto.
- * g10/Makefile.am (bin_PROGRAMS): Remove.
- (noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
- (gpg2_hack_list): New.
- (use_gpg2_hack): New.
- (gpg2_SOURCES): Rename to gpg_SOURCES.
- (gpgv2_SOURCES): Rename to gpgv_SOURCES.
- (gpg2_LDADD): Rename to gpg_LDADD.
- (gpgv2_LDADD): Rename to gpgv_LDADD.
- (gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
- (gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
- (install-exec-hook): Remove WinCE specific rules and add new rules.
- (uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
- * tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
- * tests/openpgp/defs.inc: Ditto.
- * tests/openpgp/gpgtar.test: Ditto.
- * tests/openpgp/mkdemodirs: Ditto.
- * tests/openpgp/signdemokey: Ditto.
-
- * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
- --enable-mailto, add --enable-gpg2-is-gpg.
-
- tests: Add missing file.
- + commit c6ed863491ec3a1e0fcf9cbe2c93c87468306c29
- * tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
-
-2016-04-04 Justus Winter <justus@g10code.com>
-
- g10: Support armored keyrings in gpgv.
- + commit abb352de51bc964c06007fce43ed6f6caea87c15
- * doc/gpgv.texi: Document the feature.
- * g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
- * g10/dearmor.c (dearmor_file): Add sink argument.
- * g10/gpg.c (main): Adapt accordingly.
- * g10/gpgv.c (make_temp_dir): New function.
- (main): De-armor keyrings.
- * g10/main.h (dearmor_file): Adapt prototype.
-
- tests: Fix default key test.
- + commit dd5902cc45bae7582f8a0bc91a0a7f4d8ae45d8c
- * tests/openpgp/default-key.test: Avoid using the option
- '--trust-model' unconditionally.
-
-2016-04-01 Justus Winter <justus@g10code.com>
-
- build: Check for conflicting trust model options.
- + commit 6060ea898fda499211c9d5030fff41d58f899fb0
- * configure.ac: Disable TOFU if configured without trust models, and
- check for conflicting options.
-
- g10: Remove option --always-trust if compiled without trust models.
- + commit b74185b6eaeaae4754726ff203e11977777f568c
- * g10/gpg.c (opts): Remove option --always-trust if compiled without
- trust models.
-
-2016-03-31 Justus Winter <justus@g10code.com>
-
- speedo,w32: Build libsqlite3.
- + commit e7171f559590422cc52dbcb8d78d94569b31012f
- * build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
- (libsqlite3_ver): New variable.
- (speedo_pkg_libsqlite3_tar): Likewise.
-
- g10: Use gpg-error abstraction of sched_yield.
- + commit 8be9dab2dd2f83ca922c01542c63b404e34bdfd9
- * g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.
-
-2016-03-29 Werner Koch <wk@gnupg.org>
-
- gpg: Fix NULL-segv for missing tofu DB.
- + commit e2c5781788f765815532410a77077ddbb72513e9
- * g10/tofu.c (opendb): Guard call to timeout function.
-
-2016-03-22 Werner Koch <wk@gnupg.org>
-
- gpg: Improve message when asking for key capabilities.
- + commit fc30c079a348436868968850dabf653b91f82419
- * g10/keygen.c (ask_key_flags): Improve message.
-
- gpg: Remove the extra prompt for Curve25519.
- + commit 7f919063d3e426104fe58ae779a9a066140014c1
- * g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
- (ask_curve): Use a fixed table of curve names and reserve a slot for
- Curve448. Simplify CurveNNNN/EdNNNN switching.
- (ask_curve): Remove the Curve25519 is non-standard prompt.
-
-2016-03-19 Werner Koch <wk@gnupg.org>
-
- gpg: Silence trustdb computation with --quiet.
- + commit af9a4afbf0b518c8acff98e50135b2beb6c722c3
- * g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
- mode.
-
-2016-03-17 Werner Koch <wk@gnupg.org>
-
- sm: Always create a keybox header when creating a new keybox.
- + commit 1aad5c6277ea3852ff57bbf680f61c9136ce4d5c
- * sm/keydb.c (maybe_create_keybox): Create the header blob.
-
-2016-03-17 Neal H. Walfield <neal@g10code.com>
-
- doc: Improve documentation of --enable-large-rsa.
- + commit 1dc7f55a4095ee42ce2d8c3eb41b7162edf2ca2e
- * doc/gpg.texi (--enable-large-rsa): Improve text.
-
-2016-03-17 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: allow removal of the shadowed key.
- + commit 8588c2dbc4c4d1b53796f3dbe8489b932dca7a60
- * agent/findkey.c (agent_delete_key): Remove the key when asked.
-
-2016-03-16 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Add const qualifier.
- + commit b752d2c93778e6a1c1de3eddf8fc725b0ddd354e
- * g10/gpgcompose.c (show_help): Those are strings not to be modified.
-
-2016-03-15 Werner Koch <wk@gnupg.org>
-
- gpg: Do not rely on a certain evaluation order.
- + commit 60b34f96f4f390670462d719c0d797e622cee4d4
- * g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
- before derefing IS_SELFSIG.
-
-2016-03-14 Werner Koch <wk@gnupg.org>
-
- scd: Add manufacturer id 0x000a.
- + commit 834b84c0ee4990393daa5e44afbab5b0aaed0758
- * g10/card-util.c (get_manufacturer): Add it.
-
-2016-03-10 Kevin J. McCarthy <kevin@8t8.us>
-
- g10: Silence message if --quiet is given.
- + commit 4f578cb2fc192f44070bb0d18dffaa3863ed0d92
- * g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
- given.
-
-2016-03-08 Neal H. Walfield <neal@g10code.com>
-
- gpg: Add a new test.
- + commit b17577eac6b7599a4bab6fd3ecb04715aa01367c
- * g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
- (module_tests): Add t-stutter.
- (t_stutter_SOURCES): New variable.
- (t_stutter_LDADD): New variable.
-
-2016-03-07 Justus Winter <justus@g10code.com>
-
- sm: Implement pinentry loopback and reading passphrases from fd.
- + commit eea139c56ef55081d8cd8df2a35ce507386e0f17
- * doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
- * sm/Makefile.am (gpgsm_SOURCES): Add new files
- * sm/call-agent.c (struct default_inq_parm_s): New definition.
- (start_agent): Pass in the pinentry mode.
- (default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
- Adapt all call sites to the new callback cookie.
- * sm/gpgsm.c (cmd_and_opt_values): Add new values.
- (opts): Add new options.
- (main): Handle new options.
- * sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
- * sm/passphrase.c: New file.
- * sm/passphrase.h: Likewise.
-
- sm: Remove unused argument '--fixed-passphrase'.
- + commit 53ed98eda77ff2dcf390cebd0cec9f2665661863
- * doc/gpgsm.texi: Drop description.
- * sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
- (opts): Drop argument.
- (main): Drop argument handling.
- * sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.
-
- kbx: Avoid undefined behavior.
- + commit a68ca5a90457ac97eee4efd7fdea596d27c54697
- * kbx/keybox-file.c (_keybox_read_blob2): Cast to unsigned int before
- shifting.
-
-2016-03-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Bug fix for a device with multiple interfaces.
- + commit 7a32f87cccddb40521bfdd4eb2d0dc9c88fb3fe5
- * scd/ccid-driver.c (scan_or_find_usb_device): Use IFC_NO when
- accessing interface information.
-
-2016-03-04 Justus Winter <justus@g10code.com>
-
- build: Make libusb a hard requirement if the ccid driver is requested.
- + commit e997552161b2dd8aabf350adee14e208e1545aef
- * configure.ac: Print an error message and die if the internal ccid
- driver is requested but no suitable libusb is found.
-
- g10: Drop superfluous declaration.
- + commit 1e4b7823008daea1a22a6f0f9b379fdec37a4cd4
- * g10/main.h (disable_core_dumps): Drop declaration.
-
- g10: Guard code against errors.
- + commit 40f6529ceeea806fc011135a9fa3a3590a9534ac
- * g10/keygen.c (do_generate_keypair): Check for errors, in which case
- 'pri_psk' is NULL.
-
-2016-03-03 Justus Winter <justus@g10code.com>
-
- dirmngr: Add more missing CFLAGS.
- + commit 9f0ba5089e664447c36cee3d9249f95e4ea39957
- * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
- 'GCRYPT_CFLAGS'.
- (t_dns_stuff_CFLAGS): Likewise.
-
- tests/openpgp: Skip gpgtar test if it has not been built.
- + commit a883d4c0f8125e809c144ec69e76c9f522102d8f
- * tests/openpgp/gpgtar.test: Check if executable exists.
-
-2016-03-02 Neal H. Walfield <neal@g10code.com>
-
- gpg: Add new program gpgcompose.
- + commit d040628ddf2c09ddc9581ff365680a568ad24278
- * g10/packet.h: Include "util.h".
- * g10/encrypt.c (encrypt_seskey): Don't mark as static.
- * g10/gpgcompose.c: New file.
- * g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
- (gpg2_SOURCES): Split everything but gpg.c into...
- (gpg_sources): ... this new variable.
- (gpgcompose_SOURCES): New variable.
- (gpgcompose_LDADD): Likewise.
- (gpgcompose_LDFLAGS): Likewise.
-
- gpg: More robustly detect valid non-armored OpenPGP messages.
- + commit 605276ef8cd449bfd574ae6c498fa5d7d265c5c7
- * g10/armor.c (is_armored): More robustly detect valid non-armored
- OpenPGP messages.
-
- common: Provide a function for mapping packet types to strings.
- + commit 24e0f1d56e6f56e7fb52b5c6bdb100131e12dfe3
- * common/openpgpdefs.h (pkttype_str): New function.
-
- gpg: Rename pop_filter to iobuf_pop_filter and export it.
- + commit 1463f9b9624fae97cc89df3aa4546655ee893f7c
- * common/iobuf.c (pop_filter): Rename from this...
- (iobuf_pop_filter): ... to this. Don't mark it as static.
-
- gpg: Split write_pubkey_enc_from_list.
- + commit 7eac4942b537c4b3710d34e6adb9c5d36338f38b
- * g10/encrypt.c (write_pubkey_enc_from_list): Split the body of this
- function out into...
- (write_pubkey_enc): ... this new function.
-
- gpg: Allow the caller to write the contents of a plaintext packet.
- + commit 2fdb950471bd36f046672254ff26ca94797cc9f1
- * g10/build-packet.c (do_plaintext): Change the semantics such that if
- PT->BUF is NULL, it is the caller's responsibility to write the
- content (and disable partial body length mode, if appropriate).
-
- gpg: Add a new function for creating binary notations.
- + commit 1a624586149f9e34206e5d5e1ba0b7d2b7004c80
- * g10/build-packet.c (blob_to_notation): New function.
-
- gpg: Refactor the printing of binary notations.
- + commit fd2d00ccf558b1ac1184967d8702ef01cd60bf60
- * g10/build-packet.c (sig_to_notation): Break printing of binary
- notations into...
- (notation_value_to_human_readable_string): ... this new function.
- Provide a small preview of the binary data substituting non-printable
- characters with '?'.
-
-2016-03-02 Uldis Anšmits <uldis.ansmits@tieto.com>
-
- tests/openpgp: Make tests more portable.
- + commit 1cdb744d91ab33563fc0b3156fb05694caa55278
- * tests/openpgp/default-key.test: Avoid 'grep -q'.
- * tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'.
- * tests/openpgp/use-exact-key.test: Avoid 'grep -q'.
-
-2016-03-02 Justus Winter <justus@g10code.com>
-
- common: Consolidate Assuan server argument handling.
- + commit e77c85577d1bdd77ad3b81907145fd68f2653c01
- * common/Makefile.am (common_sources): Add new files.
- * common/server-help.c: New file.
- * common/server-help.h: Likewise.
- * agent/command.c: Drop argument handling primitives in favor of using
- the consolidated ones.
- * dirmngr/server.c: Likewise.
- * g10/server.c: Likewise.
- * g13/server.c: Likewise.
- * scd/command.c: Likewise.
- * sm/server.c: Likewise.
-
-2016-03-01 Justus Winter <justus@g10code.com>
-
- dirmngr: Add missing CFLAGS.
- + commit 9a1778abcae0a7afe33be8e02b6d9a909463cd54
- * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add
- 'GPG_ERROR_CFLAGS'.
- (t_dns_stuff_CFLAGS): Likewise.
-
- tools: Drop superfluous include.
- + commit 3a1d142f9b71721a631cf2037665e9def60aa384
- * tools/gpgtar.c: Do not include unused 'npth.h'.
-
-2016-02-26 Werner Koch <wk@gnupg.org>
-
- gpg: Prettify a 2 octet hex output.
- + commit 2de0d41219a522e01f050d475b3ddecb9173fc7d
- * g10/sig-check.c (check_key_signature2): Wrap line and use %02x.
-
-2016-02-25 Neal H. Walfield <neal@g10code.com>
-
- gpg: Show debugging info if a sig with an unsupported sig class is used.
- + commit 87515e39295e4b7eaec1641c38e1ac32e8d39a91
- * g10/sig-check.c (check_key_signature2): If SIG->CLASS is
- unsupported, show some debugging information. Don't use BUG to fail.
- Just return GPG_ERR_BAD_SIGNATURE.
-
- gpg: More carefully encode a packet's length.
- + commit 960f5e26f2cda3ac6e6b30548fa808a690c39ffc
- * g10/build-packet.c (write_header2): Make sure the length bits are
- cleared. Fail if HDRLEN is set and the specified length can't be
- encoded in the available space.
-
- gpg: Avoid directly twiddling bits.
- + commit 105a5629c7e938ec7b3c9c338ebe7bdfee4cfdad
- * g10/build-packet.c (do_plaintext): Use ctb_new_format_p to check the
- packet's format.
- (write_header2): Likewise.
-
- gpg: Add some asserts.
- + commit c9636a1acc952eb8e1355089bc2e229dece98165
- * g10/build-packet.c (ctb_new_format_p): New function.
- (ctb_pkttype): New function.
- (do_user_id): Add some asserts.
- (do_key): Likewise.
- (do_symkey_enc): Likewise.
- (do_pubkey_enc): Likewise.
- (do_plaintext): Likewise.
- (do_encrypted): Likewise.
- (do_encrypted_mdc): Likewise.
- (do_compressed): Likewise.
- (do_signature): Likewise.
- (do_signature): Likewise.
- (write_header2): Likewise.
-
- gpg: Avoid an unnecessary copy.
- + commit 512bc72e1f8544341529174142273d857f45540c
- * g10/build-packet.c (sig_to_notation): Avoid an unnecessary copy of
- the data: the size of the packet is fixed.
-
-2016-02-23 Neal H. Walfield <neal@g10code.com>
-
- common: Reduce buffer size.
- + commit 75861b663bbb37214143c2ff7b1b4d1d10ba2657
- * common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB.
-
- common: Improve a function's documentation and comments.
- + commit 14d27b2cadf9b0bb413f2b8bad2d81c1d370c2e7
- * common/iobuf.c (iobuf_set_partial_body_length_mode): Fix
- documentation and comment. Add an assert.
-
- common: Add log_assert.
- + commit f57a91afb69c58f9d8d9632801650f28c7dc1e0d
- * common/logging.h (log_assert): New macro.
-
- gpg: Use higher-level functions.
- + commit 33ac735a781325c4d47cdf6216813866ab93562e
- * g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
- iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
- iobuf_write in a loop. Move the memory wiping from here...
- * common/iobuf.c (iobuf_copy): ... to here.
-
- common: Check for an error before reading.
- + commit 8066f8a3470f9d2f3682a28641a7b09eca29a105
- * common/iobuf.c (iobuf_copy): If DEST has a pending error, don't
- start copying.
-
- common: More accurately name function.
- + commit 903466e124841cb29f518afa6b7706d490737ac3
- * common/iobuf.c (iobuf_set_partial_block_mode): Rename from this...
- (iobuf_set_partial_body_length_mode): ... to this. Update callers.
-
-2016-02-23 Werner Koch <wk@gnupg.org>
-
- g13: Add commands --suspend and --remove.
- + commit f7968db30b0e0ccae038e354568accb0a05d877c
- * g13/g13.c (aSuspend, aResume): New.
- (opts): Add commands --suspend and --resume.
- (main): Implement dummy command aUmount. Implement commands aResume
- and aSuspend.
- * g13/sh-cmd.c (cmd_suspend): New.
- (cmd_resume): New.
- (register_commands): Add commands RESUME and SUSPEND.
- * g13/server.c (cmd_suspend): New.
- (cmd_resume): New.
- (register_commands): Add commands RESUME and SUSPEND.
- * g13/be-dmcrypt.c (be_dmcrypt_suspend_container): New.
- (be_dmcrypt_resume_container): New.
- * g13/backend.c (be_suspend_container): New.
- (be_resume_container): New.
- * g13/suspend.c, g13/suspend.h: New.
- * g13/mount.c (parse_header, read_keyblob_prefix, read_keyblob)
- (decrypt_keyblob, g13_is_container): Move to ...
- * g13/keyblob.c: new file.
- (keyblob_read): Rename to g13_keyblob_read and make global.
- (keyblob_decrypt): Rename to g13_keyblob_decrypt and make global.
- * g13/sh-dmcrypt.c (check_blockdev): Add arg expect_busy.
- (sh_dmcrypt_suspend_container): New.
- (sh_dmcrypt_resume_container): New.
- * g13/call-syshelp.c (call_syshelp_run_suspend): New.
- (call_syshelp_run_resume): New.
-
- g13: Run mount after dmsetup.
- + commit f26867928c451443769fecc41c3283e077e8c49f
- * g13/g13-syshelp.c (main): Reject userids with a slash.
- * g13/sh-dmcrypt.c (sh_dmcrypt_mount_container): Run mount if a
- mountpoint is known.
-
-2016-02-23 Justus Winter <justus@g10code.com>
-
- tests/openpgp: Qualify executables with extension.
- + commit ede0061febe5b2edde6a1a79d599e3c7c0faed5a
- * tests/openpgp/Makefile.am (required_pgms): Qualify executables with
- '$EXEEXT'.
-
- tests/openpgp: Reimplement 'pinentry.sh' in c.
- + commit 01dcc2cf2f2f00235ffa7d0718ecb468370980cc
- * tests/openpgp/Makefile.am: Build new program.
- * tests/openpgp/defs.inc: Use the new program.
- * tests/openpgp/fake-pinentry.c: New file.
-
- tests/openpgp: Avoid dependency on source files.
- + commit 785a7f463ec4e937304ce1263c5e6a46e8079137
- * tests/openpgp/plain-largeo.asc: New file.
- * tests/openpgp/version.test: Dearmor the new file instead of relying
- on the source being present.
-
- tests/openpgp: Fix file removal.
- + commit 629284120ff359b98a178b6cddf0e005e5f4db1a
- * tests/openpgp/version.test: Fix file removal.
-
- common/exechelp: Provide a way to wait for multiple processes.
- + commit 5ba4f6047b84e4cfdb3e6bc88e574ca7a455da81
- * common/exechelp-posix.c (gnupg_wait_process): Generalize to
- 'gnupg_wait_processes'.
- * common/exechelp-w32.c (gnupg_wait_process): Likewise.
- * common/exechelp-w32ce.c (gnupg_wait_process): New function stub.
- * common/exechelp.h (gnupg_wait_process): New prototype.
-
- common/exechelp: Add general pipe function.
- + commit 9f4a8d4ea173b4b4cb4d4f06b4004d43e2f4b97a
- * common/exechelp-posix.c (gnupg_create_pipe): New function.
- * common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros.
- (create_inheritable_pipe): Generalize so that both ends can be
- inherited.
- (do_create_pipe): Rename argument accordingly.
- (gnupg_create_{in,out}bound_pipe): Use new flags.
- (gnupg_create_pipe): New function.
- (gnupg_spawn_process): Use new flags.
- * common/exechelp-w32ce.c (gnupg_create_pipe): New stub.
- * common/exechelp.h (gnupg_create_pipe): New prototype.
-
- common/exechelp: Mute the Windows version.
- + commit 54acc87c1e0b100accbfd02cfce59a897f2f0ce1
- * common/exechelp-w32.c (gnupg_wait_process): Do not print an error if
- the exit code can be returned. This makes the Windows version behave
- like the POSIX version.
-
- common/exechelp: Avoid magic numbers.
- + commit 709e2a7e9a3197e8ded4be0b05c138e8d5adbca6
- * common/exechelp-w32.c (do_create_pipe): Use symbolic names.
-
- common/exechelp: Disable debugging by default.
- + commit 5d8f7b16c8490d6951772fa98c1f075a952cc571
- * common/exechelp-w32.c (DEBUG_W32_SPAWN): Set to 0.
-
- common/exechelp: Fix handle leak.
- + commit dd670366d7aedb07e9420d1f8575197acfae1914
- * common/exechelp-w32.c (gnupg_spawn_process_detached): Close process
- handle.
-
- common/exechelp: Fix opening the 'nul' device.
- + commit 8857590006266da200427f2d4f9e8c27fbc89ed9
- * common/exechelp-w32.c (gnupg_spawn_process): Fix opening the 'nul'
- device.
-
- common/exechelp: Fix error handling.
- + commit f5a4b6a3a39a2b78d33769184d6133d5e256e02c
- * common/exechelp-w32.c (gnupg_spawn_process): Close the right handle.
-
- common/exechelp: Fix pipe creation.
- + commit b0125ae9850973b89010517b1dbce04125a51d51
- * common/exechelp-w32.c (gnupg_spawn_process): Fix the creation of the
- input pipe.
-
- tools/mk-tdata: Fix data generation on Windows.
- + commit 661ba477e01b796db161fa612b46c353393c6b10
- * tools/mk-tdata.c (main): Set stdout to binary mode to avoid newline
- conversion.
-
-2016-02-19 Neal H. Walfield <neal@g10code.com>
-
- gpg: Systematically detect and fix signatures that are out of order.
- + commit 2d1d795481bc011447284f8ce0a3ae96a08daf17
- * g10/keyedit.c (sig_comparison): New function.
- (fix_key_signature_order): Merge functionality into...
- (check_all_keysigs): ... this function. Rewrite to eliminate
- duplicates and use a systematic approach to detecting and moving
- signatures that are out of order instead of a heuristic.
- (fix_keyblock): Don't call fix_key_signature_order. Call
- check_all_keysigs instead after collapsing the uids.
-
- gpg: Split check_key_signature2.
- + commit 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec
- * g10/sig-check.c (hash_uid_node): Rename from this...
- (hash_uid_packet): ... to this. Take a PKT_user_id instead of a
- KBNODE.
- (check_key_signature2): Split the basic signature checking
- functionality into...
- (check_signature_over_key_or_uid): ... this new function.
-
- gpg: Split print_and_check_one_sig.
- + commit 5fbd80579aea0f75ca1d2700515c5b8747a75c7d
- * g10/keyedit.c (print_and_check_one_sig): Split the print
- functionality into...
- (print_one_sig): ... this new function.
-
- gpg: Split the function check_signature_end.
- + commit ac5aea95455372145f3f06df2b4c1584d759d660
- * g10/sig-check.c (check_signature_end): Break the basic signature
- check into...
- (check_signature_end_simple): ... this new function.
-
- gpg: Use format_keyid rather than manually formatting the keyid.
- + commit 10671c3a4c18ea26035a5819a9f2b8fd6c7e41ea
- * g10/keyedit.c (menu_addrevoker): Use format_keyid rather than
- manually formatting the keyid.
- * g10/keygen.c (card_write_key_to_backup_file): Likewise.
-
- gpg: Initialize the primary key when generating a key.
- + commit bf9d1248c80205795e26156f67aff0b3f796cfce
- * g10/keygen.c (do_generate_keypair): Initialize
- pri_psk->flags.primary, pri_psk->keyid and pri_psk->main_keyid.
-
- gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
- + commit c45633a571bf663bc7f3610fc481acded6acfc19
- * g10/keydb.h (keyid_cmp): New function.
- * g10/keyid.c (pk_keyid): New function.
- (pk_main_keyid): New function.
- (keyid_copy): New function.
- (pk_keyid_str): New function.
- * g10/packet.h (PKT_public_key): Update comments for main_keyid and
- keyid.
-
-2016-02-18 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpgparsemail: Allow weirdly-mixed pkcs7 signatures.
- + commit 7e7f35a2d7d40267a4dd30791df77420efeebfa7
- * tools/gpgparsemail.c: Add and check info->signing_protocol_2.
-
- gpg: Clean up dangling agent_open and agent_closed declarations.
- + commit 813df2fe6656e55bea4d0be07cc964a140218412
- * g10/keydb.h: Remove agent_open, agent_close declarations/
- * g10/migrate.c: #include <unistd.h> for access()
-
-2016-02-16 Werner Koch <wk@gnupg.org>
-
- w32: Make scdaemon build again due to libusb problem.
- + commit e1ceff16765b0342531709cf97d03ef0158c29d5
- * configure.ac: Add hack to disable libusb for Windows. Also use
- $host instead of $target in the switch
- --
-
- The new test for libusb does not support cross-compiling. As a quick
- workaround we disable libusb for Windows because we can't use it anyway.
-
- w32: Do not error out if gpgconf is not installed.
- + commit 44b02e1beb4f38f26551d932827d5317fddd27c2
- * common/homedir.c (check_portable_app): Remove error message.
-
-2016-02-16 Neal H. Walfield <neal@g10code.com>
-
- gpg: Make ASCII armor decoding more robust to encoding errors.
- + commit 2f02ed75a9671a7aae36968d5a1618f71b491325
- * g10/armor.c (radix64_read): If the = is followed by the string "3D",
- check if the following four characters are valid radix 64 and are
- followed by a new line. If so, warn and ignore the '3D'.
-
-2016-02-16 Werner Koch <wk@gnupg.org>
-
- doc: Add a gnupg-module-overview picture.
- + commit a1c11283af759c1045a8bb75815db325f415ded4
- * doc/gnupg-module-overview.svg: New.
- * doc/debugging.texi (Component interaction): New.
- * doc/Makefile.am (EXTRA_DIST): Add PNG and PDF versions of
- gnupg-module-overview.svg. Remove two eps files.
- (BUILT_SOURCES): Add gnupg-module-overview.pdf and .png. Remove
- gnupg-card-architecture.epsl
- (gnupg_TEXINFOS): Add gnupg-module-overview.svg
- (gnupg.dvi): New.
- (DISTCLEANFILES): Remove build eps files.
-
-2016-02-15 NIIBE Yutaka <gniibe@fsij.org>
-
- common, g10: Fix indentation to silence GCC-6.
- + commit ea9cfcfbf76de232221f31787c53d5f46361a9f0
- * common/iobuf.c (iobuf_ioctl): Fix.
- * g10/encrypt.c (encrypt_filter): Likewise.
- * g10/keyring.c (prepare_search): Likewise.
-
- dirmngr: fix for memory alignment.
- + commit 6fbe12a51e8fe2649ffe5a8a02aa93026a8f02cd
- * dirmngr/dns-stuff.c (get_dns_cert): Cast through void *.
- (getsrv, get_dns_cname): Make sure it's aligned for HEADER.
-
-2016-02-14 Werner Koch <wk@gnupg.org>
-
- gpg: Add hidden key-edit subcommand "change-usage".
- + commit 9b28b82e7c40d1eacc446d5932cd613c56378ed8
- * g10/keyedit.c (cmdCHANGEUSAGE): New.
- (cmds): Add command "change-usage".
- (keyedit_menu): Handle that command.
- (menu_changeusage): New.
- * g10/keygen.c (keygen_add_key_flags): New.
- (ask_key_flags): Add optional arg current.
-
-2016-02-14 Neal H. Walfield <neal@g10code.com>
-
- gpg: Improve API documentation.
- + commit 9663b088480cef6734a3c5892d5ddbbd60ecc1a4
- * g10/seskey.c (make_session_key): Improve documentation.
- (encode_session_key): Improve documentation.
- * g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
- * g10/dek.h (DEK): Improve documenation.
-
- gpg: Fix calc_header_length when LEN is 0 and improve documentation.
- + commit 5cdde08ea869ef02111f618ad782d392a296eb7f
- * g10/build-packet.c (calc_header_length): Return the correct haeder
- size when LEN is 0. Fix documentation.
-
- gpg: Fix format_keyid when dynamically allocating the buffer.
- + commit c0268c449d0f3d23be5ec7b92fe92e7e078166cf
- * g10/keyid.c (format_keyid): Return a char *, not a const char *. If
- BUFFER is NULL, then set LEN to the static buffer's size.
-
- common: Fix comment.
- + commit ad43dc6cfc2b610a4e34fe55811bd937f9c3238b
- * common/iobuf.c (iobuf_flush_temp): Fix comment.
-
-2016-02-13 Werner Koch <wk@gnupg.org>
-
- g13: Require a confirmation before g13 is used for DM-Crypt.
- + commit 86f3bb144ad75461eb9b7ac1e59046ac75efccac
- * g13/g13-syshelp.c (g13_syshelp_i_know_what_i_am_doing):
- * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Call it.
- (sh_dmcrypt_mount_container): Call it.
-
- g13: Second chunk of code to support dm-crypt.
- + commit b0e6ab1109d05fc664f46e17d721fe9b01d38115
- * g13/be-dmcrypt.c, g13/be-dmcrypt.h: New.
- * g13/Makefile.am (g13_SOURCES): Add them.
- * g13/backend.c: Include be-dmcrypt.h and call-syshelp.h.
- (no_such_backend): Rename to _no_such_backend and provide replacement
- macro.
- (be_is_supported_conttype): Support DM-Crypt.
- (be_take_lock_for_create): Call set_segvice for DM-Crypt.
- (be_create_new_keys): Make it a dummy for DM-Crypt.
- (be_create_container): Call be_dmcrypt_create_container.
- (be_mount_container): call be_dmcrypt_mount_container.
- * g13/g13-syshelp.c (main): Enable verbose mode.
- * g13/g13tuple.c (get_tupledesc_data): New.
- * g13/g13tuple.h (unref_tupledesc): New.
- * g13/g13.h (server_control_): Add field "recipients".
- * g13/g13.c (main): Fix setting of recipients via cmdline.
- (g13_deinit_default_ctrl): Release recipients list.
- (g13_request_shutdown): New. Replace all direct update of
- shutdown_pending by calls this function.
- * g13/server.c (server_local_s): Remove field recipients which is now
- part of CTRL.
- (reset_notify, cmd_recipient, cmd_create): Adjust for this change.
- * g13/create.c (encrypt_keyblob): Rename to g13_encrypt_keyblob.
- (g13_create_container): Support DM-Crypt.
- * g13/mount.c (parse_header): Allow for meta data copies.
- (g13_mount_container): Support DM-Crypt.
- * g13/sh-cmd.c (cmd_create): Make it work.
- (cmd_mount): New.
- * g13/sh-dmcrypt.c (sh_dmcrypt_create_container): Make it work.
- (sh_dmcrypt_mount_container): New.
-
- g13: Improve dump_keyblob.
- + commit 13f745b50dc7031755faadb2d3476a6b6aafc739
- * g13/g13tuple.c: Include keyblob.h.
- (find_tuple_uint): Factor code out to ...
- (convert_uint): new.
- (all_printable): New.
- * g13/mount.c (dump_keyblob: Move and rename to ...
- * g13/g13tuple.c (dump_tupledesc): here. Revamp and pretyy print uint
- values.
-
- g13: Define 3 new tags.
- + commit 59fc3507d18072833559f227ecab8aa00cad9466
- * g13/keyblob.h (KEYBLOB_TAG_CONT_NSEC): New.
- (KEYBLOB_TAG_ENC_NSEC): New.
- (KEYBLOB_TAG_ENC_OFF): New.
-
- g13: Rename utils.c to g13tuple.c.
- + commit 82d12156ef5f948d44934ed44d79d24cc9e94366
- * g13/utils.c: Rename to g13tuple.c.
- * g13/utils.h: Rename to g13tuple.h. Change all users.
- * g13/Makefile.am: Adjust accordingly
-
- g13: Add functions to handle uint in a keyblob.
- + commit 4f152f3276b6d40d2568a27e74903dd18b41d752
- * g13/utils.c (append_tuple_uint): New.
- (find_tuple_uint): New.
- * g13/t-utils.c: New.
- * g13/Makefile.am (noinst_PROGRAMS, TESTS): New.
- (module_tests, t_common_ldadd): New.
- (t_utils_SOURCES, t_utils_LDADD): New.
-
- g13: Re-factor high level create code.
- + commit dc1dbc43a6bfb2f3e6a1cc2ca089e0318b3af0ed
- * g13/create.c (g13_create_container): Factor some code out to ...
- * g13/backend.c (be_take_lock_for_create): new.
-
- g13: Return an error for non-existing device.
- + commit 3087197008d2b12bf9f0d7d1f2aca500db816e7c
- * g13/sh-cmd.c (cmd_device): Set ERR.
-
- g13: Fix releasing of a syshelp context.
- + commit 6390beca54f55e8d36ff767b99ae9ff68b15f10e
- * g13/call-syshelp.c (call_syshelp_release): Allow a NULL arg.
-
- g13: Switch over to common/exectool.c.
- + commit c5d7045dafcfb569c11c90c04ea7a75328c80084
- * g13/sh-exectool.c: Remove. It has been replaced by common/exectool.c.
- * g13/Makefile.am (g13_syshelp_SOURCES): Remove sh-exectool.c
- * g13/sh-blockdev.c: Include exectool.h. Change sh_exec_tool to
- gnupg_exec-tool.
- * g13/sh-dmcrypt.c: Ditto.
-
- common: Make gnupg_exec_tool conform to spec.
- + commit d19d6e1856c9a1acbf48e8b2e39b3d9171aa9f7f
- * common/exectool.c (gnupg_exec_tool): Allocate extra byte. Allow
- zero length read. Append hidden byte. Release memory on error.
-
- g13: First chunk of code to support dm-crypt.
- + commit 81494fd30d3815502247a721f50d9eadf86a73fa
- * g13/call-syshelp.c, g13/call-syshelp.h: New.
- * g13/g13-syshelp.c, g13/g13-syshelp.h: New.
- * g13/sh-cmd.c: New.
- * g13/sh-blockdev.c: New.
- * g13/sh-exectool.c: New.
- * g13/sh-dmcrypt.c: New.
- * g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c
- (g13_syshelp_SOURCES): New.
- (g13_syshelp_LDADD): New.
-
- * g13/g13.c (opts): Add option --type.
- (g13_deinit_default_ctrl): New.
- (main): Implement that option. Call g13_deinit_default_ctrl.
- * g13/g13.h (struct call_syshelp_s): New declaration.
- (server_control_s): Add field syshelp_local.
- * g13/keyblob.h (KEYBLOB_TAG_CREATED): New.
- (KEYBLOB_TAG_ALGOSTR): New.
- (KEYBLOB_TAG_HDRCOPY): New.
- * g13/backend.c (be_parse_conttype_name): New.
- (be_get_detached_name): Add CONTTYPE_DM_CRYPT.
-
- tests: Remove some harmless warnings in regression tests.
- + commit d711f5c7697cd4bc5dc6d9fd01706cabc771dad2
- * tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket.
-
-2016-02-12 Neal H. Walfield <neal@g10code.com>
-
- common: Change simple_query to ignore status messages.
- + commit acac103ba5772ae738ce5409d17feab80596cde6
- * common/simple-pwquery.c (simple_query): Ignore status messages.
-
-2016-02-12 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Make sure to have the directory for trustdb.
- + commit d9f9b3be036747c9f55060aed47896f951bfb853
- * g10/tdbio.c (tdbio_set_dbname): Return earlier if !CREATE. Check
- the directory and create it if none before calling take_write_lock.
-
-2016-02-02 Neal H. Walfield <neal@g10code.com>
-
- doc: Note that rngd can also be used to quickly generate insecure keys.
- + commit 75311cfe18071b94c66121a9785b133b6df345a3
- * doc/gpg-agent.texi (Agent Options): Add comment to the description
- of --debug-quick-random that rngd can also be used to quickly generate
- key.
-
-2016-01-27 Werner Koch <wk@gnupg.org>
-
- scd: Fix size_t/int mismatch in libusb.
- + commit 3d952a2fe5da9d84c20d3debdcc1e425b08781c6
- * scd/ccid-driver.c (bulk_in, abort_cmd, ccid_poll): Change msglen to
- int.
-
- scd: Fix detection of libusb.
- + commit 1b90b52a56b4f808ad29a7ef79aeafc03c7424b4
- * configure.ac (HAVE_LIBUSB): Clear if no header file was found.
- (LIBUSB_LIBS): Ditto.
-
- dirmngr: Build fix for FreeBSD (EAI macros)
- + commit 4d67144142f04184b835e50314eb21b882b9e00a
- * dirmngr/dns-stuff.c (map_eai_to_gpg_error): Map EAI_NODATA and
- EAI_ADDRFAMILY only if defined.
-
-2016-01-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Migrate to new API of libusb 1.0.
- + commit d0d97089706286fafd3c8ff56f3b5bf7ac07c6e0
- * configure.ac (LIBUSB_CPPFLAGS): New.
- * scd/Makefile.am (AM_CPPFLAGS): Add LIBUSB_CPPFLAGS.
- * scd/ccid-driver.c: Use libusb 1.0 API.
-
-2016-01-26 Werner Koch <wk@gnupg.org>
-
- Release 2.1.11.
- + commit e9e5e83ec14459c2fc9060c54fc8e7381b541acd
-
-
-2016-01-26 Andre Heinecke <aheinecke@intevation.de>
-
- gpgtar,w32: Fix gpgtar 8 bit encoding handling on W32.
- + commit 3e50236d4ecc3601b2641bf4273a0ff64bb5fdc4
- * common/utf8conv.c (wchar_to_utf8): Factor code out to ...
- (wchar_to_cp): new.
- (utf8_to_wchar): Factor code out to ...
- (cp_to_wchar): new.
- (wchar_to_native): New.
- (native_to_wchar): New.
- * tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar.
- (scan_directory): Use wchar_to_native.
-
-2016-01-26 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix segfault on unsupported curve.
- + commit b8bb16c6c08d3c2947f1ff67419b36eb203c5c1a
- * g10/call-agent.c (learn_status_cb): Don't use NULL for strcmp.
-
- sm: small fix for GCC 6.
- + commit d33a34004bef028068538f099c32a0e292a004c3
- * sm/export.c (insert_duptable): Use unsigned 0.
-
-2016-01-25 Werner Koch <wk@gnupg.org>
- Daiki Ueno <ueno@gnu.org>
-
- gpg: Print PROGRESS status lines during key generation.
- + commit fbe1cf67aadc5a33cf815ddbcfc9669e43caa123
- * g10/call-agent.c (cache_nonce_status_cb): Rewrite by using
- has_leading_keyword. Handle PROGRESS lines.
-
-2016-01-25 Werner Koch <wk@gnupg.org>
-
- agent: Send PROGRESS status lines to the client.
- + commit ee87c653bf4b495714e8e6b024d0a8ace3a33452
- * agent/gpg-agent.c (struct progress_dispatch_s): New.
- (progress_dispatch_list): New.
- (main): Register libgcrypt pogress handler.
- (agent_libgcrypt_progress_cb): New.
- (agent_set_progress_cb): New.
- (unregister_progress_cb): New.
- (agent_deinit_default_ctrl): Call unregister.
- * agent/command.c (progress_cb): New.
- (start_command_handler): Register progress callback.
-
- speedo: Allow use of SHA-256 checksums.
- + commit 039a55716b8abd22ce23a96dce34cf2dc4be1862
- * build-aux/getswdb.sh: Add option --find-sha256sum.
- * build-aux/speedo.mk (libgpg_error_sha2): New var. Also for all
- other packages.
- (SHA2SUM): New.
- (SETVARS, SETVARS_W64): Prefer sha256sum over sha1sum.
- (installer-from-source): Create swdb fragment.
-
-2016-01-22 Werner Koch <wk@gnupg.org>
-
- dirmngr: Indicate that serial numbers are hexadecimal.
- + commit 12c665b36cdc4b7189549698fc4cc1b3523b18f5
- * dirmngr/misc.c (hexify_data): Add arg with_prefix. Adjust all
- callers.
- * dirmngr/crlcache.c (cache_isvalid): Print "0x" in front of the S/N.
-
- dirmngr: Provide the keyserver pool name even if there is no CNAME.
- + commit 77bceb2902dd489443073d91836ea54376c60bf6
- * dirmngr/ks-engine-hkp.c (map_host): Fix setting of r_poolname.
-
-2016-01-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- wk@gnupg.org
-
- dirmngr: Use sks-keyservers CA by default for the hkps pool.
- + commit afb8696126ff0babaab23e884ff5da008281e3b7
- * dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem.
- * dirmngr/http.c (http_session_new): Add optional arg
- intended_hostname and set a default cert.
- * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to
- http_session_new.
-
-2016-01-22 Werner Koch <wk@gnupg.org>
-
- gpg: Allow new user ids with only the mail address.
- + commit fc0c71dfe5ea8f1c683101948c23f5d2064ee4cd
- * g10/keygen.c (ask_user_id): Allow empty name.
-
-2016-01-21 Werner Koch <wk@gnupg.org>
-
- gpg: Improve header text of the auto-created revocations.
- + commit bb99b40bd1e624f58ca806ca16dc73d4d594a30a
- * g10/revoke.c (gen_standard_revoke): Improve header text for the
- file. Add info output.
-
- gpg: Make --auto-key-retrieve work with dirmngr configured server.
- + commit 09117e769a093467cb47154f36d7dda613313e33
- * g10/call-dirmngr.c (gpg_dirmngr_ks_list): Make R_KEYSERVER optional.
- * g10/keyserver.c (keyserver_any_configured): New.
- (keyserver_put): Remove arg keyserver because this will always receive
- opt.keyserver which is anyway used when connecting dirmngr. Do not
- check opt.keyserver.
- (keyserver_import_cert): Replace opt.keyserver by
- keyserver_any_configured.
- * g10/mainproc.c (check_sig_and_print): Ditto.
- * g10/import.c (revocation_present): Ditto.
- * g10/getkey.c (get_pubkey_byname): Ditto.
- * g10/gpgv.c (keyserver_any_configured): Add stub.
- * g10/test-stubs.c (keyserver_any_configured): Add stub.
-
-2016-01-20 Werner Koch <wk@gnupg.org>
-
- gpg: Silence message about ignoring revoked user ids.
- + commit bdb61351776c038d668310d9b5e5c32588ef6519
- * g10/trustdb.c (tdb_get_validity_core): Print message only in debug
- mode.
-
- agent: New option --pinentry-timeout.
- + commit 499743387f4d07847a2842358bc54f9237e0c2a7
- * agent/gpg-agent.c (oPinentryTimeout): New.
- (opts): Add new option.
- (parse_rereadable_options): PArse that option.
- (main): Tell gpgconf about this option.
- * agent/call-pinentry.c (start_pinentry): Send option to Pinentry.
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Add Option.
-
-2016-01-19 Werner Koch <wk@gnupg.org>
-
- gpg: Streamline use of error messages in tofu.c.
- + commit cfa41890bb5ff306c07dad295136601fe47566a7
- * g10/tofu.c: Make use of print_further_info to reduce the number of
- different error messages to be translated. Also streamline some
- messages.
-
- common: Add substitute code for libgpg-error < 1.22.
- + commit 8b7f64f9dfc80b2a0ad235996b47369c2ba9b48f
- * common/util.h (GPG_ERR_DB_CORRUPTED): New.
-
- gpg: Add function print_further_info.
- + commit d96e76d15f61812b950b64a60bc47117785a9dac
- * g10/misc.c (print_further_info): New.
-
-2016-01-18 Werner Koch <wk@gnupg.org>
-
- g10: Improve strings printed by tofu.c.
- + commit 79778a8dd5f61a6b7abeeb44b75d82932db788b7
- * g10/tofu.c: Include ttyio.h. Change many strings to help
- translating. Make use of ngettext wehere needed.
- (CONTROL_L): New.
- (TIME_AGO_UNIT_SMALL_NAME): Remove this and all similar *_NAME macros.
- (time_ago_unit): Remove.
- (get_trust): Use tty_prints and cpr_get only for the actual prompt.
- Add Ctrl-L hack.
- (show_statistics): Use two English strings for singular and plural.
-
- * po/POTFILES.in: Add tofu.c.
-
- gpg: Use "days" in "...newer than..." diagnostics.
- + commit 9309bda9581715d304305c8c5116f2cbb31aec77
- * g10/sig-check.c (check_signature_metadata_validity): Use days if
- useful.
-
- Use ngettext for some strings.
- + commit 437965e5622612941ed0fa55584811c65069242e
- * scd/app-openpgp.c (build_enter_admin_pin_prompt): Use ngettext for
- some diagnostics.
- (do_genkey): Ditto.
- * g10/keyedit.c (check_all_keysigs, menu_delsig, menu_clean): Ditto.
- * g10/keylist.c (print_signature_stats): Ditto.
- * g10/keyserver.c (keyserver_refresh): Ditto.
- * g10/sig-check.c (check_signature_metadata_validity): Ditto.
- * g10/sign.c (do_sign): Ditto.
- * g10/trustdb.c (reset_trust_records): Ditto.
- (validate_keys): Use a table like diagnostic output.
-
-2016-01-15 Werner Koch <wk@gnupg.org>
-
- kbx,w32: Use shorter retry intervals for keybox_file_rename.
- + commit 3cccd5a83b96e4558642dcdf5d974f64ebdb9817
- * kbx/keybox-util.c (keybox_file_rename): Restart retry intervals
- after 800ms.
-
-2016-01-14 Werner Koch <wk@gnupg.org>
-
- w32: Fix deadlock introduced by keybox_file_rename.
- + commit 663c5d129a8f400cc6eb8ab7b91772d6e578152d
- * g10/keyring.c (keyring_lock) [W32]: Flush the close cache before
- locking.
- * kbx/keybox-init.c (keybox_lock) [W32]: Close the file before
- locking.
-
- gpg: Detect race between pubring.gpg and pubring.kbx use.
- + commit 3b1248e007a6bf830a3230ee2d9cc548205ec31a
- * g10/keydb.c (maybe_create_keyring_or_box): Detect race condition.
-
- kbx: New function keybox_file_rename to replace rename.
- + commit 8241ed59d05e06252647b26477ed5c2f84895a26
- * kbx/keybox-util.c: Include windows.h.
- (keybox_file_rename): New.
- * kbx/keybox-update.c (rename_tmp_file): Replace remove+rename by
- keybox_file_rename.
- * g10/keyring.c (rename_tmp_file): Ditto.
-
- kbx: Add function keybox_tmp_names to avoid code duplication.
- + commit f5cceef115f0307664956d01c48b1b397fdad4b3
- * kbx/keybox-update.c (create_tmp_file): Move some code to...
- * kbx/keybox-util.c (keybox_tmp_names): new.
- * g10/keyring.c: Include keybox.h.
- (create_tmp_file): Replace parts by keybox_tmp_names.
-
- gpg: Make --list-options show-usage the default.
- + commit 360534bde770f4845669de223154216d249b954b
- * g10/gpg.c (main): Add LIST_SHOW_USAGE.
-
-2016-01-13 Werner Koch <wk@gnupg.org>
-
- kbx: Change return type of search functions to gpg_error_t.
- + commit c7ca0f73dbe7c080b79f93f90f00ba2396fc4bd0
- * kbx/keybox-search.c (keybox_search_reset): Change return type to
- gpg_error_t.
- (keybox_search): Ditto. Also handle GPG_ERR_EOF.
- * sm/keydb.c (keydb_search_reset): Ditto.
-
- gpg: Improve error code from lock_all.
- + commit 9b6c91469a804c60289a2ed21334dfd856c294bb
- * g10/keydb.c (lock_all): Do not clobber RC during failur cleanup.
-
- kbx: Improve and fix keybox_lock.
- + commit 8f1368d5e3f7654ad9cb100053535f728dff2344
- * kbx/keybox-init.c (keybox_lock): Make sure ERR is initialized. Get
- error codes from dotlock functions.
-
- common: Make sure dotlock functions set a proper ERRNO.
- + commit 4aceebf36f103eb380e21d12a1f08b7d6ea7cc8e
- * common/dotlock.c (map_w32_to_errno): New.
- (read_lockfile): Return a proper ERRNO.
- (dotlock_create_unix): Do not let log functions clobber ERRNO.
- (dotlock_take_unix): Ditto.
- (dotlock_release_unix): Ditto.
- (dotlock_create_w32): Set proper ERRNO.
- (dotlock_take_w32): Ditto.
- (dotlock_release_w32): Ditto.
-
- kbx: Implement keybox_lock for use by gpg.
- + commit 160862978628b07ed5150ec2c8abad6af1656bc3
- * kbx/keybox-defs.h: Include dotlock.h and logging.h.
- (CONST_KB_NAME): Remove. Replace usage by KB_NAME.
- (struct keybox_name): Add field "lockhd".
- * kbx/keybox-init.c (keybox_register_file): Init LOCKHD.
- (keybox_lock): Chnage to return gpg_error_t. Implement locking.
-
- gpg: Make sure to mark a duplicate registered keybox as primary.
- + commit 9dc355ad3ae0026ab04c424dc984d748b8fad393
- * kbx/keybox-init.c (keybox_register_file): Change interface to return
- the token even if the file has already been registered.
- * g10/keydb.c (primary_keyring): Rename to primary_keydb.
- (maybe_create_keyring_or_box): Change return type to gpg_error_t.
- (keydb_add_resource): Ditto. s/rc/err/.
- (keydb_add_resource): Mark an already registered as primary.
- * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t.
- (keydb_add_resource): Ditto. s/rc/err/.
- (keydb_add_resource): Adjust for changed keybox_register_file.
-
-2016-01-13 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix to support git worktree.
- + commit 96237b9a63a50aed1884cb06f84279b977d6a8fa
- * autogen.sh, Makefile.am, doc/Makefile.am: Use -e for testing .git.
-
-2016-01-12 Werner Koch <wk@gnupg.org>
-
- ssh: Accept OpenSSH *cert-v01 key variants.
- + commit e2f984b4afffaa89bdeba2f5d447b5681237177e
- * agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
- (ssh_key_types): Add OpenSSH cert types.
- (stream_read_string): Allow a dummy read.
- (ssh_receive_mpint_list): Pass SPEC by reference.
- (ssh_receive_mpint_list): New arg CERT and use it.
- (ssh_receive_key): Read certificate into an estream object and modify
- parser to make use of that object.
-
-2016-01-12 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix iobuf API of filter function for alignment.
- + commit 4b4639b0b04dc82c550fa711dd7193e13fc4a428
- * common/iobuf.h: Fix comment.
-
- common: Fix iobuf API of filter function for alignment.
- + commit 3f52c7da3940ec06572270d511000dc7fe9c27d2
- * common/iobuf.h (IOBUFCTRL_DESC): Change the call semantics.
- * common/iobuf.c (iobuf_desc): Add the second argument DESC.
- (print_chain, iobuf_close, do_open, iobuf_sockopen, iobuf_ioctl)
- (iobuf_push_filter2, pop_filter, iobuf_write_temp): Change calls
- of iobuf_desc.
- (file_filter, file_es_filter, sock_filter, block_filter): Fill the
- description.
- * common/t-iobuf.c (every_other_filter, double_filter): Likewise.
- * g10/armor.c, g10/cipher.c, g10/compress-bz2.c, g10/compress.c,
- g10/decrypt-data.c, g10/encrypt.c, g10/mdfilter.c, g10/progress.c,
- g10/textfilter.c: Likewise.
-
-2016-01-11 Werner Koch <wk@gnupg.org>
-
- gpg: Fix NULL de-ref for ambiguous key check in --export-ssh-keys.
- + commit b280aa6423c9492e8c5a9afa57339d06d957996d
- * g10/getkey.c: Allow arg RET_KEYBLOCK to be NULL.
-
-2016-01-09 Werner Koch <wk@gnupg.org>
-
- tools: Remove gpgkey2ssh.
- + commit eb9c021631174fde4c1c444bbc533a7a46d570cd
- * tools/gpgkey2ssh.c: Remove.
- * tools/Makefile.am (bin_PROGRAMS): Ditto.
-
-2016-01-08 Werner Koch <wk@gnupg.org>
-
- gpg: Support ECDSA keys with --export-ssh-key.
- + commit b2da3951a395366bf1644bc4c4eb42d657effe17
- * g10/export.c (key_to_sshblob): Add hack for ECDSA.
-
- gpg: New command --export-ssh-key.
- + commit 4970868d8d84d3a64b067e5aafc9f097621758d3
- * g10/export.c: Include membuf.h and host2net.h.
- (key_to_sshblob): New.
- (export_ssh_key): New.
- * g10/gpg.c (aExportSshKey): New.
- (opts): Add command.
- (main): Implement that command.
-
- gpg: Add an exact search flag to the PK struct.
- + commit 34bca9cd4b8517795833cb754b0d5b1dd33b08ed
- * g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
- (finish_lookup): Set exact flag.
- * g10/packet.h (PKT_public_key): Add field flags.exact.
-
- Print warnings if old daemon versions are used.
- + commit 2aa42baaf3dd7c3ae613ae0c61760a17c8adfcd0
- * common/status.h (STATUS_WARNING): New.
- * g10/call-agent.c (warn_version_mismatch): New.
- (start_agent): Call warn function.
- * g10/call-dirmngr.c: Include status.h.
- (warn_version_mismatch): New.
- (create_context): Call warn function.
- * sm/call-agent.c (warn_version_mismatch): New.
- (start_agent): Call warn function.
- (gpgsm_agent_learn): Call warn function.
- * sm/call-dirmngr.c (warn_version_mismatch): New.
- (prepare_dirmngr): Call warn function.
-
- common: New function compare_version_strings.
- + commit 4d7ac43ff71fdadfd2e04621f74840a82fbe788a
- * common/stringhelp.c (parse_version_number): New.
- (parse_version_string): New.
- (compare_version_strings): New.
- * common/t-stringhelp.c (test_compare_version_strings): New.
- (main): Call test. Return ERRCOUNT instead of 0.
-
- common: New function get_assuan_server_version.
- + commit 496643291e1e346434e9c98405c5a370957eb7d3
- * common/asshelp.c: Include membuf.h.
- (get_assuan_server_version): New.
- * g10/call-agent.c (agent_get_version): Use new function.
-
- common: New put_membuf_cb to replace static membuf_data_cb.
- + commit 833ba5faa1340aff80a205acbb701d4ae1d594d0
- * common/membuf.c (put_membuf_cb): New.
- * agent/call-scd.c (membuf_data_cb): Remove. Change callers to use
- put_membuf_cb.
- * common/get-passphrase.c (membuf_data_cb): Ditto.
- * g10/call-agent.c (membuf_data_cb): Ditto.
- * sm/call-agent.c (membuf_data_cb): Ditto.
-
-2016-01-07 Werner Koch <wk@gnupg.org>
-
- gpg: Return an error code from keygrip_from_pk.
- + commit 8fd406c317ad7c2e375ae4f7d20656dadf6d7fcc
- * g10/keyid.c (keygrip_from_pk): Return an error code.
-
- gpg: Avoid warnings about possible NULL deref.
- + commit 8a56a38387c10c02ba0790c655dd5c1d08e4a724
- * g10/getkey.c (cache_public_key): Protect deref of CE which actually
- can't happen.
- * g10/keygen.c (quickgen_set_para): s/sprintf/snprintf/.
- * g10/tofu.c (end_transaction, rollback_transaction): Allow NULL for
- DB.
- * g10/trustdb.c (update_min_ownertrust): Remove useless clearling of
- ERR.
-
- gpg: Fix warnings about useless assignments.
- + commit 008aa6e6d4b213c3a0d15509eb46cf168b6f2c94
- * g10/armor.c (parse_hash_header): Remove duplicate var assignment.
- * g10/getkey.c (cache_user_id): Ditto.
- * g10/keygen.c (ask_curve): Ditto. This also fixes a small memory
- leak.
-
- * g10/keygen.c (proc_parameter_file): Remove useless assignment or
- pointer increment.
- (generate_keypair): Ditto.
- * g10/getkey.c (finish_lookup, lookup): Ditto.
- * g10/card-util.c (change_pin): Ditto.
- * g10/gpg.c (main) <aVerify>: Ditto.
- * g10/import.c (import): Ditto.
- (print_import_check): Ditto
- * g10/keyring.c (do_copy): Ditto.
- * g10/tdbio.c (tdbio_read_record): Ditto.
- * g10/trustdb.c (tdb_update_ownertrust): Ditto.
- (update_validity): Ditto.
-
- * g10/server.c (cmd_passwd): Remove useless call to skip_options.
-
- sm: Avoid warnings about useless assignments.
- + commit 126aebbb82667d160c8c4435898efeb3b43c4ec8
- * sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR.
- (unhexify_fpr): Remove useless computation on N.
- * sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove
- useless setting of RC.
- * sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC.
- * sm/gpgsm.c (build_list): Replace final stpcpy by strcpy.
- * sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC.
- * sm/server.c (cmd_getauditlog): Comment unused skip_options.
-
- kbx: Avoid warnings about useless assignments.
- + commit 0de7d61437bd0bfbe645d5eed7a62df03129fb32
- * kbx/keybox-dump.c (_keybox_dump_blob): Remove setting of IN_RANGE
- and the last increment of P.
-
- gpg: Fix DNS cert lookup returning an URL.
- + commit a41638acf4808caa619f4f3f4c0dcd12be00d6f8
- * g10/call-dirmngr.c (dns_cert_status_cb): Store URL status in the URL
- param. The old code was entirely buggy (c+p error).
-
-2016-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Fix keystrlen to work when OPT.KEYID_FORMAT is KF_DEFAULT.
- + commit 2c3e67430d9b523c85c81ae562223fd51e3608cc
- * g10/keyid.c (keystrlen): If opt.keyid_format is KF_DEFAULT unset,
- default to KF_SHORT.
- (format_keyid): Default to KF_SHORT, not KF_0xLONG.
-
-2016-01-06 Werner Koch <wk@gnupg.org>
-
- gpg: Silence some regression tests.
- + commit c7389ae90fa4a70766400cc241ff6a45aa750324
- * g10/test.c (TEST): Print diagnostics only in verbose mode.
-
- gpg: Avoid using an uninitialized SALT on premature EOF.
- + commit 85cc7449fb00ac85b0c2eecd22bd38b23f33edf5
- * g10/parse-packet.c (parse_key): Check for premature end of salt.
-
- gpg: Silence warnings found by static analyzer.
- + commit 09accc0e3d74e6289bed40b5bfc6479981cabfe4
- * g10/keyedit.c (change_passphrase): Remove useless init of ANY.
- (keyedit_quick_adduid): Remove useless setting of ERR.
- * g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
- it has been checked before the loop.
- (parse_plaintext): Remove useless init of PKTLEN.
-
- kbx: Avoid faulty fclose in an error case.
- + commit db82b6131d437bf6ba34db0e08b7dfa9edb11e45
- * kbx/keybox-update.c (blob_filecopy): Do not close an uninitialized
- file pointer after a failure to create a temp file.
- * kbx/keybox-openpgp.c (next_packet): Remove duplicate assignment of
- PKTLEN.
-
- dirmngr: Silence one regression test.
- + commit 6deafb92abe100ff67e3a0a230a39e8c0ad41900
- * dirmngr/t-dns-stuff.c (main): Do not print info during standard
- "make check".
-
- common: Avoid warnings about useless assignments.
- + commit e64317c15e9960f3173d374e589f7c3565a4ad08
- * common/b64enc.c (b64enc_finish): Remove var assignment which is not
- used later.
- * common/iobuf.c (file_filter): Ditto.
- * common/tlv.c (do_find_tlv): Ditto.
- * common/userids.c (classify_user_id): Ditto.
-
- tests: Use info and error instead of a plain echo.
- + commit 1fbfa1bf0a6ad0dc7ed67d12252643c2c6c7370a
- * tests/openpgp/4gb-packet.test: Use error and info.
-
- common: Do not deref vars in tests after a fail().
- + commit 0a00115ee2049ab2357b7a14a51c7da185ffcabd
- * common/t-convert.c (test_bin2hex): Turn if conditions into if-else
- chains to avoid accessing unchecked data.
- (test_bin2hexcolon): Ditto.
- * common/t-mapstrings.c (test_map_static_macro_string): Ditto.
- * common/t-stringhelp.c (test_percent_escape): Ditto.
- (test_make_filename_try): Ditto.
- (test_make_absfilename_try): Ditto.
- * common/t-timestuff.c (test_timegm): Ditto.
-
-2016-01-05 Werner Koch <wk@gnupg.org>
-
- gpg: Align notes about minimal keysize with actual checks.
- + commit e70f7a54f29d727def2cfe9ea5ab9d461b4ce842
- * g10/keygen.c (ask_keysize): Use 768 for the minimal value for DSA in
- export mode. Improve readability.
-
-2016-01-05 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix RSA verification for card.
- + commit ff3b607fc879b70665c187500022cc63e2a0cd86
- * agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
- of shadowed key.
-
-2016-01-04 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix double free.
- + commit 575c15a090913d86cf8d75b2bc4471e371f234b9
- * g10/getkey.c (get_pubkeys): Fix double free.
-
-2015-12-24 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: IMPORT_KEY with --force option fix.
- + commit 79b51bb8727bd3485229ac8ff5987558156d5d83
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
- to check existing key.
- (convert_from_openpgp): Ditto.
- (convert_from_openpgp_native): Call convert_from_openpgp_main with
- dontcare_exist=0.
- * agent/command.c (cmd_import_key): Call with dontcare_exist=force.
-
- g10: Use --force when importing key for bkuptocard.
- + commit 5ca57f1a697e875bae5a5c73f1a580c42ca75343
- * g10/call-agent.c (agent_import_key): Add an argument FORCE.
- * g10/import.c (transfer_secret_keys): Likewise.
- (import_secret_one): Call transfer_secret_keys with FORCE=0.
- * g10/keyedit.c (keyedit_menu): Call with FORCE=1.
-
- g10: Remove subcommand checkbkupkey for --key-edit.
- + commit 44aee35e69540510617aea4b886ef845590960fe
- * g10/keyedit.c (keyedit_menu): Remove cmdCHECKBKUPKEY support.
-
- g10: Allow relative path for specifying the file for bkuptocard.
- + commit ee433d2b00c93b5a4e4ed54b9fb5806361df1b71
- * g10/keyedit.c (keyedit_menu): Assume the file is under GNUPGHOME.
- Also support tilda expansion.
-
- g10: fix regression of bkuptocard subcommand in --edit-key.
- + commit 40959add1ba0efc1f4aa87fa075fa42423eff73c
- * g10/keyedit.c (keyedit_menu): Call transfer_secret_keys.
- * g10/import.c (transfer_secret_keys): Make it global function.
- Allow stats==NULL.
-
- agent: Support --force option for IMPORT_KEY.
- + commit e684c634df814b12d399dcdc375c35d3e9a137af
- * agent/command.c (cmd_keywrap_key): New option --force.
-
-2015-12-23 Werner Koch <wk@gnupg.org>
-
- gpg: Rename struct pubkey to pukey_s and add pubkey_t.
- + commit a9cbdcfd9c364557787f4a173cc59f14c067946e
- * g10/keydb.h (struct pubkey): Rename to pubkey_s.
- (pubkey_t): New. Change all struct pubkey_s to use this type.
- * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys.
-
- gpg: Simplify status message code from commit b30c15bf.
- + commit 363ed2e892adc97fae97111bb56b64f9f809e8d5
- * g10/keygen.c (card_write_key_to_backup_file): Simplify by using
- hexfingerprint.
-
- gpg: Add standard free() semantic to pubkey_free.
- + commit 04c9cddda95f2a8ca5c0cf10bb3dd6accf56cf45
- * g10/getkey.c (pubkey_free): Check for NULL arg.
-
- gpg: Fix use of assert from commit dc417bf0.
- + commit ef7b7e91600f35b4d682a6267001a8d30f0fa49f
- * g10/keydb.c (keydb_update_keyblock): De-ref after the assert. Use
- %zu for size_t.
-
- gpg: Do not translate debug output.
- + commit b0c9867fb74d5a00335e6606d5bdcc5342ce26cd
- * g10/getkey.c (parse_def_secret_key): Do not make strings passed to
- log_debug translatable.
-
-2015-12-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix commit b30c15bf (again).
- + commit aecf1a3c57ca8bf8050a3743b62fe142ccf9eb22
- * g10/keygen.c (do_generate_keypair): Clear the variable S.
-
-2015-12-22 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix type.
- + commit 5c759924fb92b6de7ab3baed7871e5114ebd2505
- * g10/keygen.c (card_write_key_to_backup_file): Change n to a size_t.
-
- gpg: Fix error message.
- + commit 4654384fe7a4dcee113dacf27c398b13dea5d0be
- * g10/getkey.c (parse_def_secret_key): Fix error message.
-
- gpg: Don't check for ambiguous keys.
- + commit 7195b94345b0bb937477dc47fc5ec27fb108a099
- * g10/gpg.c (struct result): Move from here...
- * g10/keydb.h (struct pubkey): ... to here. Update users.
- * g10/gpg.c (check_user_ids): Move from here...
- * g10/getkey.c (get_pubkeys): ... to here. Update users. Use
- get_pubkey_byname to look up the keys (this also prunes invalid keys).
- (pubkey_free): New function.
- (pubkeys_free): New function.
- * g10/gpg.c (main): Don't check for ambiguous key specifications.
-
- gpg: Lazily evaluate --default-key.
- + commit dc52995d85048ed12ae8b9f330e9ca41a4030aae
- * g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
- add --default-key's value to REMUSR here...
- * g10/pkclist.c (build_pk_list): ... do it here.
- * tests/openpgp/Makefile.am (TESTS): Add default-key.test.
- * tests/openpgp/default-key.test: New file.
-
- gpg: Remove unused parameter.
- + commit ffe0b7a6dd6bfaec62f81f511b3caf08978bb269
- * g10/pkclist.c (build_pk_list): Remove parameter use, which is always
- called set to PUBKEY_USAGE_ENC. Update callers.
-
- gpg: Improve check for ambiguous keys.
- + commit 4103850c2e51274984f69443dee34295cbb8c282
- * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
- encryption-only keys when a signing key is needed and vice-versa.
-
- gpg: Fix TOCTTOU when updating keyblocks.
- + commit dc417bf0c555a7416d0aedde6645fd1087660f92
- * g10/keydb.c (keydb_update_keyblock): Don't replace the record at the
- current offset. After taking the lock, extract the fingerprint from
- the keyblock, find it and then replace it.
-
- Only add the user supplied CFLAGS after running any autoconf tests.
- + commit 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8
- * configure.ac: Only add the user supplied CFLAGS after running any
- autoconf tests.
-
- gpg: Suppress a warning.
- + commit 1cceba163b17b5e9fd7c89e5b40e3d7e1cffc885
- * dirmngr/dns-stuff.c (enable_dns_tormode): Reference new_circuit to
- avoid a warning when ADNS is not available.
-
- gpg: Remove dead code.
- + commit 4143cc1c3783c54a6f733f08a4739e4e5fb0c8b3
- * kbx/keybox-defs.h (struct keybox_found_s): Remove unused fields
- offset and n_packets.
-
- gpg: Display the key that is invalid, not the search description.
- + commit 7fe4be0416cdc9269011bc4213b8a22d6ced295c
- * g10/getkey.c (parse_def_secret_key): Display the key that is
- invalid, not the search description.
-
- gpg: Mark more options as coming from the config file (when this holds)
- + commit 478ca6c75bbf529f95974224dfb7d71bd5860a96
- * g10/gpg.c (main): When --default-key or --encrypt-to-default-key is
- taken from the config file, note this.
-
- gpg: Use enums instead of defines.
- + commit ee8a8ec1cf4605e5af427f9c8b01b3609c82cbe7
- * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum.
- (PK_LIST_HIDDEN): Likewise.
- (PK_LIST_CONFIG): Likewise.
- (PK_LIST_SHIFT): Likewise.n
-
-2015-12-21 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit d8392299f311f8cfcf8bc02679dd3ae7ef8cc6d7
-
-
- g10: clean up of headers for card.
- + commit ab9a9bce77d014159c68460f5a7c263fb72f3c1c
- * g10/main.h (save_unprotected_key_to_card): Remove.
- * g10/options.h (ctapi_driver, pcsc_driver, disable_ccid): Remove.
-
-2015-12-21 Werner Koch <wk@gnupg.org>
-
- common: New file fwddecl.h.
- + commit 98f9e14323bf806f674b3cc259e19ef6219b4378
- * common/util.h (server_control_s, ctrl_t): Move to ...
- * common/fwddecl.h: New file.
- * common/call-gpg.h: Replace typedef by fwddecl.h. Change include
- protection macro name.
- * common/Makefile.am (common_sources): Add fwddecl.h.
-
-2015-12-18 Werner Koch <wk@gnupg.org>
-
- build: Add required macro for pkg-config.
- + commit af142854a73567836a0ca44ad62900469c23d531
- * configure.ac (PKG_PROG_PKG_CONFIG): New.
-
-2015-12-18 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Remove deprecated internal functions.
- + commit 72eaff1aa610f3c89a755f212760157e1932d847
- * g10/keygen.c (do_ask_passphrase, generate_raw_key)
- (gen_card_key_with_backup, save_unprotected_key_to_card): Remove.
-
- g10: Fix a regression for generating card key with backup.
- + commit b30c15bf7c5336c4abb1f9dcd974cd77ba6c61a7
- * g10/main.h (receive_seckey_from_agent): Declare.
- * g10/keygen.c (card_write_key_to_backup_file): New.
- (card_store_key_with_backup): New.
- (do_generate_keypair): Create a key on host for encryption key when
- backup is requested. Then, call card_store_key_with_backup.
-
-2015-12-17 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: factor out a function for secret key retrieval.
- + commit e644aa7f5943174e3f7ba9408af71531fd125a0b
- * g10/export.c (receive_seckey_from_agent): New.
- (do_export_stream): Use it.
-
-2015-12-16 Neal H. Walfield <neal@g10code.com>
-
- gpg: When checking for ambiguous keys, ignore invalid keys.
- + commit fc010b6c7fe14e609734e448775fa384421bdef1
- * g10/gpg.c (check_user_ids): When checking for ambiguous keys, ignore
- disabled, revoked and expired keys (if appropriate for the provided
- option).
-
-2015-12-15 Werner Koch <wk@gnupg.org>
-
- common: Use default_errsource for call-gpg and exectool.
- + commit 4ffe44c5874ed655d82adfa7a85439fab91cde03
- * common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
- Use these wrappers.
- * common/exectool.c (my_error_from_syserror): New. Use these
- wrappers.
-
- gpg: Reduce number of strings to translate.
- + commit 345ec7323d643528d2f904765708b5ecfe51f57b
- * g10/getkey.c (parse_def_secret_key): Do not make debug messages
- translatable. Make use of print_reported_error.
-
- gpg: New function to printed a detailed error code.
- + commit 2ea1aebc924c3f0b2269f83cb1b80c75d9fa069c
- * g10/misc.c (print_reported_error): New.
-
-2015-12-15 Neal H. Walfield <neal@g10code.com>
-
- gpg: Improve the keyblock cache's transparency.
- + commit f369efd6712148dc7ed40dba6d1ff5b0e169431a
- * kbx/keybox-search.c (keybox_seek): New function.
- * g10/keydb.c (keydb_search): When reading from the cache, seek to
- just after the cached record.
-
- gpg: Improve the keyblock cache's transparency.
- + commit 2e4e10c1dcd8dfeafec51f44ebf26acfeb770c41
- * kbx/keybox-search.c (keybox_offset): New function.
- * g10/keydb.c (struct keyblock_cache): Add fields resource and offset.
- (keyblock_cache_clear): Reset HD->KEYBLOCK_CACHE.RESOURCE and
- HD->KEYBLOCK_CACHE.OFFSET.
- (keydb_search): Don't use the cached result if it comes before the
- current file position. When caching an entry, also record the
- position at which it was found.
-
- gpg: Use more descriptive names.
- + commit 0ea186db645da2b51a7e71f46793d447f2de5e3d
- * g10/keyring.c (KR_NAME): Rename this...
- (KR_RESOURCE): ... to this. Update users.
- (struct keyring_name): Rename this...
- (struct keyring_resource): ... to this. Update users.
- (struct off_item): Rename this...
- (struct key_present): ... to this. Update users.
- (OffsetHashTable): Rename this...
- (key_present_hash_t): ... to this. Update users.
- (kr_offtbl): Rename this...
- (key_present_hash): ... to this. Update users.
- (kr_offtbl_ready): Rename this...
- (key_present_hash_ready): ... to this. Update users.
- (KEY_PRESENT_HASH_BUCKETS): New define. Replace use of literals
- with this.
- (new_offset_item): Rename this...
- (key_present_value_new): ... to this. Update users.
- (release_offset_items): Drop dead code.
- (new_offset_hash_table): Rename this...
- (key_present_hash_new): ... to this. Update users.
- (release_offset_hash_table): Drop dead code.
- (lookup_offset_hash_table): Rename this...
- (key_present_hash_lookup): ... to this. Update users.
- (update_offset_hash_table): Rename this...
- (key_present_hash_update): ... to this. Drop unused parameter off.
- Update users.
- (update_offset_hash_table_from_kb): Rename this...
- (key_present_hash_update_from_kb): ... to this. Drop unused parameter
- off. Update users.
-
-2015-12-15 NIIBE Yutaka <gniibe@fsij.org>
-
- sm: Handle gcry_pk_encrypt return value.
- + commit 4ee881bff4c8fdfa4b3b7a4b7afab611471e97f1
- * sm/encrypt.c (encrypt_dek): Don't ignore failure of gcry_pk_encrypt.
-
-2015-12-14 Werner Koch <wk@gnupg.org>
-
- common: Change license of isascii.c to all-premissive,
- + commit 7baca033070e7811f75e2021100adf8e6a48907f
- * common/isascii.c: Change.
-
- common: Change license of some modules to LGPLv3+/GPLv2+.
- + commit 7d129a7391115ff1d6a3541078a37a630ab7819f
- * common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
- * common/status.h: Ditto.
- * common/yesno.c: Ditto.
- * common/common-defs.h: Ditto.
- * common/gettime.h: Ditto.
- * common/keyserver.h: Ditto.
-
- common: Change license for exectool to LGPLv3+/GPLv2+.
- + commit 467e18b74b4790dcbdf3c816206d2fbaf170a12a
- * common/exectool.c, common/exectool.h: Change license.
-
- common: Rename sh-exectool to exectool.
- + commit d80e1bc430bf64debdb6b08f0b7e5c42836781fa
- * common/sh-exectool.c: Rename to exectool.c.
- * common/sh-exectool.h: Rename to exectool.h.
- * common/Makefile.am (common_sources): Adjust for rename.
- * common/exectool.c (sh_exec_tool_stream): Rename to
- gnupg_exec-tool-stream.
- (sh_exec_tool): Rename to gnupg_exec_tool.
- * tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
- * tools/gpgtar-extract.c: Adjust for changes.
- * tools/gpgtar-list.c: Adjust for changes.
-
-2015-12-14 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- gpg: Print ownertrust in TOFU+PGP trust model.
- + commit f5aa51aaacfe13ab9528aa9b88d8ce8eb61362fc
- * g10/keyedit.c: Print ownertrust in TOFU+PGP trust model.
-
-2015-12-14 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix --default-key checks.
- + commit e573e6188dada4d70f6897aa2fda3c3af8c50441
- * g10/getkey.c (parse_def_secret_key): Don't just check if a secret
- key is available for the public key, also consider subkeys. Also
- check that the key has the signing capability, is not revoked, is not
- expired and is not disabled. Print a warning if there was a least one
- value passed to --default-key and all were ignored.
-
-2015-12-14 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix regression for generating RSA keys on card.
- + commit d40975cbe8ff86fcc4a1b4963fdffc66ddee85ce
- * scd/app-openpgp.c (do_genkey): Strip leading zeros for fingerprint
- computation.
-
-2015-12-12 Werner Koch <wk@gnupg.org>
-
- gpg: Use a regular type instead of a void* for import stats.
- + commit 4d3395ef1fcde0b8c454c09956863959d590ede6
- * g10/import.c (struct stats_s): Rename to import_stats_s. Change all
- users.
- * g10/main.h (import_stats_t): New. Change fucntions to use this
- instead of a void pointer.
-
- Remove replacements for libgpg-error < 1.21.
- + commit f0ae40b0c901e5f5c04c6ed5b2ab96ab7340b2bd
- * common/util.h: Remove replacement macros for libgpg-error<1.21.
- * common/types.h: Ditto.
- * common/mischelp.h: Ditto.
- * common/t-mapstrings.c: Include t-support.h before stringhelp.h
- * common/t-stringhelp.c: Ditto.
- * common/t-support.h: Always include gpg-error.h.
- * kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
- comes first.
-
-2015-12-11 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix buffer overflow.
- + commit 1605e34fc365edd473aac15c9b4e5aadc1d95cf5
- * g10/keydb.c (keydb_search_desc_dump): Fix buffer overflow.
-
-2015-12-11 Justus Winter <justus@g10code.com>
-
- agent: Improve error handling.
- + commit 25f0f053cd306200a6211b5cf397838a59835ee7
- * agent/pksign.c (agent_pksign_do): Improve error handling.
-
- Fix required libgpg-error version.
- + commit d6e01493cad6ff32f356185c7a2d2b5c2b86a937
- * configure.ac (NEED_GPG_ERROR_VERSION): We need version 1.21 for the
- poll interface.
-
-2015-12-11 Neal H. Walfield <neal@g10code.com>
-
- gpg: Don't error out if a key occurs multiple times in the keyring.
- + commit 6dc37c5fb60acbfd5ba2ab979852383eac8944e0
- * g10/gpg.c (check_user_ids): Don't error out if a key occurs multiple
- times in the keyring. Instead, print a warning. When printing out
- fingerprint prints, use format_hexfingerprint to format them.
-
-2015-12-10 Daniel Hoffend <dh@dotlan.net>
-
- scd: Fix removal of unplugged usb readers on Windows.
- + commit d1a97585c5e73fbc7d4cf90e38f76ffc5aea305f
- * scd/apdu.c (pcsc_error_to_sw): map PCSC_E_NO_SERVICE and
- PCSC_E_SERVICE_STOPPED to the internal SW_HOST_NO_READER error code.
-
-2015-12-07 Justus Winter <justus@g10code.com>
-
- tests: Add some more gpgtar tests.
- + commit 1c8eae95a8b3b89bc0f49cb5f4938101634583dc
- * tests/openpgp/gpgtar.test: Add more tests.
-
- dirmngr: Initialize http status code.
- + commit 71726b627dcff015dc12568021b31d8ccede788a
- * dirmngr/ks-action.c (ks_action_search): Initialize 'http_status' as
- it is unused if LDAP is used to search for keys.
-
-2015-12-04 Daiki Ueno <ueno@gnu.org>
-
- gpg: Write ERROR status on delete-key cancellation.
- + commit b5cd68852d0e3485c9e13a8ddb70f05f36a65cb9
- * g10/delkey.c (do_delete_key): Write ERROR status code with the error
- location "delete_key.secret", when the user cancelled the operation on
- Pinentry.
-
-2015-12-04 Justus Winter <justus@g10code.com>
-
- dirmngr: Stricter handling of http error codes.
- + commit 6d64ef869dfbcb7aaa802b80ed648393147e40d8
- * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver
- responded with a '404 Not Found'.
- * dirmngr/ks-engine-hkp.c (send_request): Return http status code.
- (ks_hkp_search): Likewise.
- (ks_hkp_{get,put}): Adapt call to 'send_request'.
- * dirmngr/ks-engine.h (ks_hkp_search): Update prototype.
-
- dirmngr: Really search all keyservers for patterns.
- + commit 6ac57a482f7ae02db1bee4e4b861288fc6905adc
- * dirmngr/ks-action.c (ks_action_search): Search all configured
- keyservers for the given patterns.
-
- dirmngr: Handle http status '501 Not Implemented'.
- + commit a8308ba5231682ce7c7d591a17e7e940fbd63189
- * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return
- GPG_ERR_NOT_IMPLEMENTED.
-
- tools/gpgtar: Implement symmetric encryption.
- + commit 582e684a48eb4f3716cecf7dc73eb93046efcfad
- * tests/openpgp/gpgtar.test: Add test case.
- * tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
- gpg.
- * tools/gpgtar.c (parse_arguments): We do handle the argument now.
-
- tools/gpgtar: Implement signing.
- + commit 45c814f348c89acd8d21d0607ffcf68e5c5c399e
- * tests/openpgp/gpgtar.test: Test signing.
- * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
- appropriate gpg arguments to implement signing and selecting the local
- user.
- * tools/gpgtar.c (parse_options): We do handle '--local-user' now.
- (main): Handle signing, encrypting, and doing both when creating an
- archive.
- * tools/gpgtar.h (gpgtar_create): Update prototype.
-
- tools/gpgtar: Use the new exectool helper.
- + commit 0c0dafd8e89bb702e856c661c1561e10cdcaf37f
- * tools/Makefile.am: gpgtar now requires neither npth nor libassuan.
- * tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool'
- helper.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
- * tools/gpgtar.c (main): Set default gpg program. Drop the
- initialization of npth and libassuan.
-
- common: Add a stream interface to 'sh-exectool'.
- + commit a81aca6e1c2a4529d416d1989f15d7338d2ee81e
- * common/sh-exectool.c (struct copy_buffer): Add infrastructure for
- copying between streams.
- (copy_buffer_{init,shred,do_copy,flush}): New functions.
- (sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
- (nop_free): New function.
- (sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
- * common/sh-exectool.h (sh_exec_tool_stream): New prototype.
-
- common: Add header file and build the new code.
- + commit d955cb5e0700c6d2b6b26cb210b5a176d22d4235
- * common/Makefile.am (common_sources): Add new files.
- * common/sh-exectool.h: New file.
-
-2015-12-04 Werner Koch <wk@gnupg.org>
-
- common: Add code to execute a helper.
- + commit 2ae07f826aa551db8adf714158fce962790a6b54
- * common/sh-exectool.c: New file.
-
- Release 2.1.10.
- + commit 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233
-
-
-2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Japanese translation.
- + commit 762fcc027b0b4cc88c1f633804de619273d6a8b9
-
-
-2015-12-04 Werner Koch <wk@gnupg.org>
-
- speedo,w32: Improve installer.
- + commit 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc
- * build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and
- distsigkey.gpg.
- (un.gnupglast): Stop dirmngr.
-
- gpg: Do not pre-check keys given on the command line.
- + commit 28311d1fa56bfbd801103a8475597459132874f4
- * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
- (PK_LIST_SHIFT): New.
- * g10/pkclist.c (build_pk_list): Use them here.
- * g10/gpg.c (check_user_ids, main): Ditto.
-
- * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
- (check_user_ids): Skip check for command line specified options.
-
- dirmngr: Add command to print the resolver version.
- + commit 4ff2cae7dee36ffee854c5f05c3e8ee9eb0308dd
- * dirmngr/server.c (cmd_getinfo): Add sub-command "dnsinfo".
-
- gpg: Allow "help" as value for --tofu-policy.
- + commit 59f6192cb766612ad215bc6a3af13d5b137139e4
- * g10/gpg.c (parse_tofu_policy): Add keyword "help".
- (parse_tofu_db_format): Ditto.
-
- Do not translate messages printed with log_debug.
- + commit 218a52787a87be6b7481a39f87d212d6ef594e97
- * common/asshelp.c (start_new_gpg_agent): Do not i18n string.
- (start_new_dirmngr): Ditto.
- * g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
- enabled.
-
-2015-12-04 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for removing the prefix.
- + commit f03976f1101f539a2782cd9e87d640fc32a022db
- * scd/app-openopg.c (do_decipher): Fix the condition.
-
- scd: Simplify saving application context.
- + commit 9639af5f16a7ed908cbce2415330b9fcd88edc90
- * scd/app.c (lock_table): Remove LAST_APP field.
- (lock_reader, app_dump_state, application_notify_card_reset)
- (release_application): Follow the change.
- (check_conflict): New.
- (check_application_conflict): Lock the slot and call check_conflict.
- (select_application): Call check_conflict and not use LAST_APP.
-
- scd: More fix for Curve25519 prefix handling.
- + commit f747adfa21551e083bc947540c64c94a96dcc059
- * scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
- Also fix xfree bug introduced.
-
-2015-12-03 Werner Koch <wk@gnupg.org>
-
- scd: Another fix for Curve25519 prefix handling.
- + commit e28f2e7a2f265af8bbdb4979e9679b4396dccdd5
- * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long
- INDATA.
- (do_decipher): Fix integer arithmetic in void pointer.
- (do_decipher): Add missing memcpy.
-
- build: Avoid dependecy problems in "make distcheck".
- + commit 0f61599ed0bd1cc6842067d040bb58ec0a451715
- * doc/Makefile.am (gnupg.texi): Depend on defs.inc.
-
- build: Change how caller provided CFLAGS are used by configure.
- + commit 4e9957250eee3521dc979912a4818e58ffddc5b8
- * configure.ac: Append instead of prepend caller provided CFLAGS.
-
- gpg: Add variant of 'key "%s" not found: %s' error message.
- + commit 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827
- * g10/gpg.c (check_user_ids): Change error message.
- * g10/delkey.c (do_delete_key): Ditto.
-
- gpg: Make keyidlist more robust in case of errors.
- + commit 50a568e7380752454c029eac2b57d8803b1cb287
- * g10/keyserver.c (keyidlist): Clear *KLIST on error.
-
- gpg: Take care of keydb_new returning NULL.
- + commit a28ac99efead8be73ea1704abe1611ccc4811c54
- * g10/keydb.c (keydb_new): Print an error message if needed. Also use
- xtrycalloc because we return an error anyway.
- * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new.
- * g10/export.c (do_export_stream): Ditto.
- * g10/getkey.c (get_pubkey): Ditto.
- (get_pubkey_fast): Ditto.
- (get_pubkeyblock): Ditto.
- (get_seckey): Ditto.
- (key_byname): Ditto.
- (get_pubkey_byfprint): Ditto.
- (get_pubkey_byfprint_fast): Ditto.
- (parse_def_secret_key): Ditto.
- (have_secret_key_with_kid): Ditto.
- * g10/import.c (import_one): Ditto.
- (import_revoke_cert): Ditto.
- * g10/keyedit.c (keyedit_quick_adduid): Ditto.
- * g10/keygen.c (quick_generate_keypair): Ditto.
- (do_generate_keypair): Ditto.
- * g10/trustdb.c (validate_keys): Ditto.
- * g10/keyserver.c (keyidlist): Ditto.
- * g10/revoke.c (gen_desig_revoke): Ditto.
- (gen_revoke): Ditto.
- * g10/gpg.c (check_user_ids): Ditto.
- (main): Do not print an error message for keydb_new error.
- * g10/keylist.c (list_all): Use actual error code returned by
- keydb_new.
-
- * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error.
- * g10/t-keydb.c (do_test): Ditto.
-
- * g10/keyring.c (keyring_new): Actually return an error so that the
- existing keydb_new error checking makes sense for a keyring resource.
- (keyring_rebuild_cache): Take care of keyring_new returning an error.
-
- gpg: Change some error messages.
- + commit 9fcc047d921bde95b6807325b7fd2b697e89907f
- * g10/getkey.c (parse_def_secret_key): Change error message. Replace
- log_debug by log_info.
- * g10/gpg.c (check_user_ids): Make function static. Change error
- messages.
- (main): Change error messages.
- * g10/revoke.c (gen_revoke): Ditto.
-
-2015-12-03 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix "Conflicting usage" bug.
- + commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3
- * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we
- got an error from apdu_disconnect.
- * scd/app-common.h (no_reuse): Remove.
- * scd/app.c (application_notify_card_reset): Deallocate APP here.
- (select_application, release_application): Don't use NO_REUSE.
-
- scd: Fix for Curve25519 prefix handling.
- + commit 11b2691eddc42e91651e4f95dd2731255a3e9211
- * scd/app-openpgp.c (do_decipher): More condition for AES decipher.
- Handle the prefix in cipher text. Always add the prefix in result.
-
-2015-12-03 Neal H. Walfield <neal@g10code.com>
-
- gpg: Use the matching key if the search description is exact.
- + commit cedbd4709eed6fead9d1b271f96860c00547c77c
- * g10/gpg.c (check_user_ids): If the search description is for an
- exact match (a keyid or fingerprint that ends in '!'), then use the
- matching key, not the primary key.
- * tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
- (priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
- privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
- privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
- privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
- privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
- (sample_keys): Add
- samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
- * tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
- New file.
- * tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
- New file.
- * tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
- New file.
- * tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
- New file.
- * tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
- New file.
- * tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
- New file.
- * tests/openpgp/use-exact-key.test: New file.
- * tests/openpgp/version.test: Install the new private keys.
-
-2015-12-02 Werner Koch <wk@gnupg.org>
-
- build: Require at least Libassuan 2.4.1.
- + commit 69db3285e4612ad24462149a4d64cc32c090a491
- * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1.
- * agent/gpg-agent.c (create_server_socket): Remove check for
- libassuan >= 2.3.0 and >= 2.1.4.
- (main): Remove check for libassuan >= 2.1.4.
- * scd/scdaemon.c (create_server_socket): Remove check for
- libassuan >= 2.1.4.
- * dirmngr/dirmngr.c (set_tor_mode): Remove check for
- libassuan >= 2.3.0.
- * dirmngr/http.c (http_raw_connect, send_request): Remove checks for
- libassuan >= 2.3.0.
-
-2015-12-02 Neal H. Walfield <neal@g10code.com>
-
- gpg: Improve documentation.
- + commit 28195f8d27aa0fc9daf5b74fb24de87c36e04739
- * g10/tofu.c (initdb): Improve documentation.
-
- gpg: Fix type mismatch resulting in a buffer overflow.
- + commit c73d75103cbd34975e2bd28e9924caee05eaf829
- * g10/tofu.c (record_binding): Change policy_old's type from an enum
- tofu_policy to a long: this variable is passed by reference and a long
- is expected.
-
-2015-12-02 Werner Koch <wk@gnupg.org>
-
- dirmngr: Switch to an onion address if Tor is running.
- + commit 28e2513721ff0cec920564d4087f3600cce8672e
- * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist.
- * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple
- --keyserver options.
- * dirmngr/server.c (server_local_s): Add field 'tor_state'.
- (release_uri_item_list): New.
- (release_ctrl_keyservers): Use it.
- (start_command_handler): Release list of keyservers.
- (is_tor_running): New.
- (cmd_getinfo): Re-implement "tor" subcommand using new fucntion.
- (ensure_keyserver): Rewrite.
- * g10/dirmngr-conf.skel: Add two keyserver options.
-
- http: Enhance parser to detect .onion addresses.
- + commit 17ac843871d5f350f26edff0187f94ced923f534
- * dirmngr/http.h (parsed_uri_s): Add flag 'onion'.
- * dirmngr/http.c (do_parse_uri): Set that flag.
- * dirmngr/t-http.c (main): Print flags.
-
-2015-12-02 Neal H. Walfield <neal@g10code.com>
-
- common,gpg: Fix processing of search descriptions ending in '!'.
- + commit 10cca02c4c70eee993d4df0a1d20ae841992efe9
- * g10/gpg.c (check_user_ids): If the search description describes a
- keyid or fingerprint and ends in a '!', include the '!' in the
- rewritten description.
- * common/userids.c (classify_user_id): Accept keyids and fingerprints
- ending in '!'.
-
-2015-12-01 Justus Winter <justus@g10code.com>
-
- dirmngr: Improve error handling.
- + commit 9c34711539fc2c34aea8da0fd49ae6aa28991518
- * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before
- checking for errors, but silently ignore errors when looking up SRV
- records.
-
-2015-12-01 Werner Koch <wk@gnupg.org>
-
- build: Let configure show the the status of Tor support.
- + commit 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d
- * configure.ac (show_tor_support): New
-
-2015-11-30 Werner Koch <wk@gnupg.org>
-
- doc: Make make distcheck work again.
- + commit 4ecb5db804003c10c57bdc0dc7f1d9649c5ba6f8
- * doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1
-
- yat2m: Add keyword @url.
- + commit b4756a54a55fcd51717c149e19191a2eeaa6a919
- * doc/yat2m.c (proc_texi_cmd): Add keyword @url.
-
- doc: Build man pages with the same date as the info files.
- + commit 081c902f16a2f251df4593f090b3978dfa473a26
- * doc/Makefile.am (yat2m-stamp): Use option --date.
-
- yat2m: New option --date.
- + commit 75eb071354d1f862bac09c56c8ab81dae8883270
- * doc/yat2m.c (opt_date): new.
- (isodatestring): Use it if set.
- (main): New option --date.
-
-2015-11-27 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid extra translation strings.
- + commit 686f31c3d5aee0d2825265869ae92ca95cdcabae
- * g10/keyedit.c (menu_expire): Use only one prompt.
-
- kbx: Include gpg-error prior to mischelp.h.
- + commit 436a154ea85e4dffbde7c3b316fbfca1b066aa2a
- * kbx/keybox-init.c: Change order of includes.
-
- gpg,w32: Fix a format string error.
- + commit 7c856f99144b84ac30e0c9a192f09dc36d93190a
- * g10/keyring.c (keyring_search): Fix format string for off_t.
-
- Silence compiler warnings related to not using assuan_fd_t.
- + commit 501436ab0f9d8e7d56b2f5e344006be5f5a3c653
- * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
- declaration was already fixed by a previous change.
- * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
-
- Avoid incompatible pointer assignment warnings on Windows.
- + commit 64e87083394d38998feab359caac917bcc6139d3
- * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
- * dirmngr/server.c (data_line_cookie_write): Ditto.
- * sm/certdump.c (format_name_writer): Ditto.
- * sm/server.c (data_line_cookie_write): Ditto.
- * dirmngr/http.c (cookie_read, cookie_write): Ditto.
-
- dirmngr: Avoid a declarations after statements.
- + commit 100f34e869df899a695f5e5ef1b8e092baf91751
- * tools/gpgtar.c (parse_arguments): Use a block for a local varibale
- definition.
-
- dirmngr: Avoid casting away a const from an char**.
- + commit 6501741d2c1beb8060198a39a1aa950cb11b386f
- * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from
- global variables.
-
- dirmngr: Allow testing for a running Tor via "getinfo tor".
- + commit da5a232199ef93be219e933a7eaf4ccfc6d24d61
- * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not
- running.
-
-2015-11-26 Werner Koch <wk@gnupg.org>
-
- g13: Fix commit 1a045b13.
- + commit 82f6abb4807c89388052ab442368d9e09fb84aea
- * g13/g13.c (main): Use existsing function.
-
- common: Fix off-by-one access in the new format_text.
- + commit 61941a984964308b09c7fc1b3438fb99d0b3c917
- * common/stringhelp.c (format_text): Use existsing fucntion to trim
- trailing spaces. Fix off-by-one access.
-
- dirmngr: Improve output of "getinfo tor".
- + commit d226e67856e7197c581dcd2cef0f1e687bee0ac9
- * dirmngr/server.c (cmd_getinfo): Print a message along with OK.
-
- dirmngr: Let Libassuan employ nPth wrappers for connect.
- + commit f95cff1cc9e7a4d9f6b7c45188ec47e70f9874dc
- * dirmngr/http.c (my_unprotect, my_protect): Remove.
- (connect_server): Do not use these wrappers.
-
-2015-11-26 Justus Winter <justus@g10code.com>
-
- tools/gpgtar: Add '--dry-run'.
- + commit 676b2d7081291f7e47a66755ab07af259fea130b
- * tools/gpgtar-extract.c (extract_{regular,directory}): Honor
- '--dry-run'.
- * tools/gpgtar.c (enum cmd_and_opt_values): New value.
- (opts): Add '--dry-run'.
- (parse_arguments): Handle '--dry-run'.
- * tools/gpgtar.h (opt): Add field 'dry_run'.
-
- tools/gpgtar: Handle '--gpg-args'.
- + commit 69a8440f44fa025e33a4cc32d17695c9ac385043
- * tools/gpgtar-create.c (gpgtar_create): Use given arguments.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
- * tools/gpgtar.c (enum cmd_and_opt_values): New value.
- (opts): Add 'gpg-args'.
- (parse_arguments): Handle arguments.
- * tools/gpgtar.h (opt): Add field 'gpg_arguments'.
- * tests/openpgp/gpgtar.test: Simplify accordingly.
-
- common: Make the GPG arguments configurable in call-gpg.
- + commit 1a045b1324efabe7423a8d00245f01718ed72556
- * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'.
- (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise.
- (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise.
- * common/call-gpg.h: Adapt prototypes.
- * g13/create.c (encrypt_keyblob): Adapt callsite.
- * g13/g13-common.h (opt): Add field 'gpg_arguments'.
- * g13/g13.c (main): Construct default arguments.
- * g13/mount.c (decrypt_keyblob): Adapt callsite.
- * tools/gpgtar-create.c (gpgtar_create): Likewise.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
-
- tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip.
- + commit 2eb3248058330dd5c37560d9887db5b5266c54fe
- * tools/gpgtar.c (enum cmd_and_opt_values): New value.
- (opts): Add new group for tar options, rearrange a little, add
- '--tar-args'.
- (tar_opts): New variable.
- (shell_parse_stringlist): New function.
- (shell_parse_argv): Likewise.
- (parse_arguments): Add option argument, handle '--tar-args'.
- (main): Fix invokation of 'parse_arguments'.
- * tests/openpgp/gpgtar.test: Simplify decryption.
-
- tools/gpgtar: Rework argument parsing.
- + commit 35c0c8b211bc891335e822379b33ea34fbc1f84f
- * tools/gpgtar.c (main): Move argument parsing into its own function.
-
-2015-11-25 Justus Winter <justus@g10code.com>
-
- tests: Add tests for gpgtar and gpg-zip.
- + commit 556e8c44267fe3b829ca06286e9b5637ca1a6a73
- * tests/openpgp/Makefile.am (TESTS): Add new file.
- * tests/openpgp/gpgtar.test: New file.
-
- tools/gpgtar: Handle '--directory' argument.
- + commit 127aba9a4d6c1aabb4a18a74b16d3bddc6eb5c54
- * tools/gpgtar-extract.c (gpgtar_extract): Only generate a directory
- name if none is given via arguments.
- * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
- (opts): Add argument.
- (main): Parse argument.
- * tools/gpgtar.h (opt): New field 'directory'.
-
- tools/gpgtar: Handle '--gpg' argument.
- + commit 89e104eb38c3a6896892ff09db11cb1bae2bb0d3
- * tools/gpgtar-create.c (gpgtar_create): Use given gpg program.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
- * tools/gpgtar.c (enum cmd_and_opt_values): New constant.
- (opts): Add argument.
- (main): Handle argument.
- * tools/gpgtar.h (opt): Add field 'gpg_program'.
-
- tools/gpgtar: Improve error handling.
- + commit f76fb047c15914ba44dc9423d235484758bcd721
- * tools/gpgtar-create.c (gpgtar_create): Return an error code, fix
- error handling.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise.
- * tools/gpgtar-list.c (read_header): Return an error code.
- (gpgtar_list): Return an error code, fix error handling.
- (gpgtar_read_header): Return an error code.
- * tools/gpgtar.c: Add missing include.
- (main): Print an generic error message if a command failed and no
- error has been printed yet.
- * tools/gpgtar.h (gpgtar_{create,extract,list,read_header}): Fix the
- prototypes accordingly.
-
- tools: Add encryption and decryption support to gpgtar.
- + commit 40dbee86f3043aff8a8c2055521e270318e33068
- * tools/Makefile.am: Amend CFLAGS and LDADD.
- * tools/gpgtar-create.c (gpgtar_create): Add encrypt flag and encrypt
- stream if requested.
- * tools/gpgtar-extract.c (gpgtar_extract): Likewise for decryption.
- * tools/gpgtar-list.c (gpgtar_list): Likewise.
- * tools/gpgtar.c (main): Initialize npth and assuan. Parse recipient
- and local user, and note which flags are currently ignored. Adapt
- calls to gpgtar_list and friends.
- (tar_and_encrypt): Drop stub function and prototype.
- (decrypt_and_untar): Likewise.
- (decrypt_and_list): Likewise.
- * tools/gpgtar.h (gpgtar_{create,extract,list}): Add encryption or
- decryption argument.
-
- common: Add stream interface to call-pgp.
- + commit 03bf88f32c8d203d5b3bfbbc48cc45e6c08cc187
- * common/call-gpg.c (struct writer_thread_parms): Add field 'stream'.
- (writer_thread_main): Support reading from a stream.
- (start_writer): Add stream argument.
- (struct reader_thread_parms): Add field 'stream'.
- (reader_thread_main): Support writing to a stream.
- (start_reader): Add stream argument.
- (_gpg_encrypt): Add stream api.
- (gpg_encrypt_blob): Adapt accordingly.
- (gpg_encrypt_stream): New function.
- (_gpg_decrypt): Add stream api.
- (gpg_decrypt_blob): Adapt accordingly.
- (gpg_decrypt_stream): New function.
- * common/call-gpg.h (gpg_encrypt_stream): New prototype.
- (gpg_decrypt_stream): Likewise.
-
- common: Refactor the call-gpg code.
- + commit cb18d802308bde4e28219417bb4d107a4c0001b4
- * common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code
- into two new functions, _gpg_encrypt and _gpg_decrypt.
-
- g13: Move 'call-gpg.c' to common.
- + commit ba1a5cc17d43d9cba32447876f06a8ab8f97e5ae
- * common/Makefile.am (common_sources): Add files.
- * g13/call-gpg.c: Move to 'common' and adapt slightly. Add a
- parameter to let callees override the gpg program to execute.
- * g13/call-gpg.h: Likewise.
- * g13/Makefile.am (g13_SOURCES): Drop files.
- * g13/create.c (encrypt_keyblob): Hand in the gpg program to execute.
- * g13/mount.c (decrypt_keyblob): Likewise.
-
-2015-11-24 Neal H. Walfield <neal@g10code.com>
-
- gpg: When comparing keyids, use the keyid, not the fingerprint's suffix.
- + commit e9c16fee2576c772de9d4fb5d53fee28e4b84202
- * g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of
- inline tests. Don't compare P to the suffix of the fingerprint. If P
- appears to be a keyid, do an exact compare against the keyid. If it
- appears to be a fingerprint, do an exact compare against the
- fingerprint.
-
-2015-11-23 Neal H. Walfield <neal@g10code.com>
-
- gpg: Reflow long texts.
- + commit 19362a8dd7ee986c082a5afc5a446f939991ec0f
- * common/stringhelp.c (format_text): New function.
- * common/t-stringhelp.c (stresc): New function.
- (test_format_text): New function. Test format_text.
- * g10/tofu.c (get_trust): Use format_text to reflow long texts.
- (show_statistics): Likewise.
-
- common: Extend utf8_charcount to include the string's length.
- + commit 5b84b0d660c8329e184d98682665aaea7e1703d2
- * common/stringhelp.c (utf8_charcount): Take additional parameter,
- len. Process at most LEN bytes.
-
-2015-11-23 Justus Winter <justus@g10code.com>
-
- dirmngr: Fix http lookups when libadns is used.
- + commit b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3
- * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port.
-
- dirmngr: Fix SRV record lookups when using the system resolver.
- + commit 946faaff04f3340ed6db9e89c5036dc5f9beca6a
- * dirmngr/dns-stuff.c (getsrv): Fix error handling.
-
- dirmngr: Honor ports specified in SRV records.
- + commit 73c1a86ad937d7be027eece991c69aaeb6a1f092
- * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'.
- (create_new_hostinfo): Initialize 'port'.
- (add_host): Add host parameter and update the hosttable entry.
- (map_host): Return port if known, adjust calls to 'add_host'.
- (make_host_part): Let 'map_host' specify the port if known.
-
- dirmngr: Support hkp server pools using SRV records.
- + commit c9f5aa15793b3c05c1b92af401b23ab34d3e6196
- * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records.
-
- dirmngr: Refactor 'map_host'.
- + commit 3f52f6bcacfe3877d30a21464e93e9240bc75085
- * dirmngr/ks-engine-hkp.c (add_host): New function.
- (map_host): Use the new function.
-
- dirmngr: Fix pool detection.
- + commit 23ea641ba2a063cc99c82869061703d48bc674b2
- * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses.
-
- dirmngr: Refactor 'map_host'.
- + commit 2b43a0515868b8720009e48d7a1f32d571767f14
- * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function.
- (map_host): Use the new function.
-
- dirmngr: Start dirmngr on demand.
- + commit a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584
- * common/asshelp.h: Include 'util.h'.
- * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
- to the dirmngr.
- (start_dirmngr): Drop now unused declaration and function.
-
-2015-11-23 Neal H. Walfield <neal@g10code.com>
-
- gpg: If sqlite is not available, don't build things depending on it.
- + commit 770c06ed4e6c1097d6e305a0a9427c3c783b787c
- * configure.ac: Define the automake conditional SQLITE3.
- * tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
- to...
- (sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not
- defined, then clear this variable.
-
- gpg: Allow updating the expiration time of multiple subkeys at once.
- + commit b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1
- * g10/keyedit.c (menu_expire): Allow updating the expiration time of
- multiple subkeys at once.
-
- gpg: Don't crash if key is not passed an argument.
- + commit 19f099463c82c119288a05eaefc42bf09d617377
- * g10/keyedit.c (menu_select_key): Don't crash if P is NULL.
-
-2015-11-20 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fail if the search description passed to --gen-revoke is ambiguous.
- + commit 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e
- * g10/revoke.c (gen_revoke): Error out if the search description is
- ambiguous.
-
- gpg: Refactor print_seckey_info.
- + commit f8a65ac96b27a0963892892ce6e93b37b8df1ad7
- * g10/keylist.c (print_seckey_info): Break formatting functionality
- into...
- (format_seckey_info): ... this new function.
-
- gpg: Improve an error message.
- + commit 46e128d44a0456dc603bc9e25a4c5d8da903b078
- * g10/revoke.c (gen_revoke): Provide a more descriptive error message
- if searching for a key fails.
-
-2015-11-19 Justus Winter <justus@g10code.com>
-
- dirmngr: Improve error handling.
- + commit 6b14df5525777ee0330a34a7b335359f562616a4
- * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break.
-
- dirmngr: Fix memory leak.
- + commit b223cde311e4e02f7983e33fe3d7214287dfb678
- * dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed
- arguments.
-
- agent: Improve error handling.
- + commit a1650b1edf80c2526c0576547b3a574e8d30f1fa
- * agent/trustlist.c (istrusted_internal): Initialize 'err'.
-
- common: Avoid undefined behavior.
- + commit eb957ffc4797fb019c505510295af244baf5be38
- * common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter'
- will make use of it.
-
- g10: Avoid undefined behavior.
- + commit 52f7f195b119dc01bdf3ae200fdc8e04a0bb9bcb
- * g10/trust.c (clean_one_uid): Avoid a computation involving an
- uninitialized value.
-
- scd: Improve error handling.
- + commit 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d
- * scd/app-openpgp.c (get_public_key): Improve error handling.
-
-2015-11-18 Justus Winter <justus@g10code.com>
-
- dirmngr: Gracefully handle premature termination of TLS streams.
- + commit eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e
- * dirmngr/http.c (close_tls_session): New function.
- (session_unref): Use the new function to close the TLS stream.
- (cookie_read): If the stream terminated prematurely, close it and
- return a short read.
-
-2015-11-17 Neal H. Walfield <neal@g10code.com>
- Michael Mönch <michael.moench@marktjagd.de>
-
- tools: Fix option parsing for gpg-zip.
- + commit 84ebf15b06e435453b2f58775f97a3a1c61a7e55
- * tools/gpg-zip.in: Correctly set GPG when --gpg is specified.
- Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar.
-
-2015-11-17 Neal H. Walfield <neal@g10code.com>
-
- gpg: Allow selecting subkeys using a keyid.
- + commit 0b86c7463c8c057496b38e06c00f0ae4288dad49
- * g10/keyedit.c (menu_select_key): Take an additional argument, p.
- Update callers. If P is a hex string, then assume that P is a key id
- or fingerprint and select subkeys with matching key ids or
- fingerprints.
- * doc/gpg.texi: Update documentation for the key subcommand.
-
-2015-11-17 Justus Winter <justus@g10code.com>
-
- dirmngr: Fix specifying keyservers by IP address.
- + commit 1e3dbb15affd6d75a477aa17715d8e5470988c08
- * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable'
- entry instead of creating another one.
-
-2015-11-17 Neal H. Walfield <neal@g10code.com>
-
- gpg: Change keydb_search to not return legacy keys.
- + commit 58e4a492e2c8e908d16135486ed601f602f1e38d
- * g10/keyring.c (keyring_search): Take new argument, ignore_legacy.
- If set, skip any legacy keys. Update callers.
- * g10/keydb.c (keydb_search): Skip any legacy keys.
- (keydb_search_first): Don't skip legacy keys. Treat them
- as an error.
- (keydb_search_next): Likewise.
- (keydb_search_fpr): Likewise.
- * g10/export.c (do_export_stream): Likewise.
- * g10/getkey.c (lookup): Likewise.
- (have_secret_key_with_kid): Likewise.
- * g10/keylist.c (list_all): Likewise.
- (keyring_rebuild_cache): Likewise.
- * g10/keyserver.c (keyidlist): Likewise.
- * g10/trustdb.c (validate_key_list): Likewise.
-
- gpg: Correctly handle an error.
- + commit 848726f5c02faddb0b0fd24ce1a66893f5325675
- * g10/keyring.c (keyring_search): If a compare function returns an
- error, treat it as an error.
-
- gpg: Correctly handle keyblocks followed by legacy keys.
- + commit ad9befab12376b3a49cde410996ac9f0013d0871
- * g10/keyring.c (keyring_get_keyblock): If we encounter a legacy
- packet after already having some non-legacy packets, then treat the
- legacy packet as a keyblock boundary, not as part of the keyblock.
- * g10/t-keydb-get-keyblock.c: New file.
- * g10/t-keydb-get-keyblock.gpg: New file.
- * g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg.
- (module_tests): Add t-keydb-get-keyblock.
- (t_keydb_get_keyblock_SOURCES): New variable.
- (t_keydb_get_keyblock_LDADD): Likewise.
-
- gpg: Make debugging search descriptors easier.
- + commit 11ec4785df1646643966d872b1b53ef675092c98
- * g10/keydb.c (dump_search_desc): Rename from this...
- (keydb_search_desc_dump): ... to this. Only process a single search
- descriptor. Improve output. Don't mark as static. Update callers.
-
- gpg: Add function format_keyid.
- + commit a052c30d31c0f6b532fea081f4a9bee083f5440f
- * g10/options.h (opt.keyid_format): Add new value KF_DEFAULT.
- * g10/keyid.c (format_keyid): New function.
- (keystr): Use it.
-
- gpg: Use a more appropriate error code.
- + commit eae982ed6d69644258afe9c4ad1be553853d8403
- * g10/gpg.c (check_user_ids): Return a more appropriate error code if
- a user id is ambiguous.
-
-2015-11-17 Justus Winter <justus@g10code.com>
-
- Fix typos found using codespell.
- + commit a9e0905342e847e8961ec4fe9b3aaedf05e33423
- * agent/cache.c: Fix typos.
- * agent/call-pinentry.c: Likewise.
- * agent/call-scd.c: Likewise.
- * agent/command-ssh.c: Likewise.
- * agent/command.c: Likewise.
- * agent/divert-scd.c: Likewise.
- * agent/findkey.c: Likewise.
- * agent/gpg-agent.c: Likewise.
- * agent/w32main.c: Likewise.
- * common/argparse.c: Likewise.
- * common/audit.c: Likewise.
- * common/audit.h: Likewise.
- * common/convert.c: Likewise.
- * common/dotlock.c: Likewise.
- * common/exechelp-posix.c: Likewise.
- * common/exechelp-w32.c: Likewise.
- * common/exechelp-w32ce.c: Likewise.
- * common/exechelp.h: Likewise.
- * common/helpfile.c: Likewise.
- * common/i18n.h: Likewise.
- * common/iobuf.c: Likewise.
- * common/iobuf.h: Likewise.
- * common/localename.c: Likewise.
- * common/logging.c: Likewise.
- * common/openpgp-oid.c: Likewise.
- * common/session-env.c: Likewise.
- * common/sexputil.c: Likewise.
- * common/sysutils.c: Likewise.
- * common/t-sexputil.c: Likewise.
- * common/ttyio.c: Likewise.
- * common/util.h: Likewise.
- * dirmngr/cdblib.c: Likewise.
- * dirmngr/certcache.c: Likewise.
- * dirmngr/crlcache.c: Likewise.
- * dirmngr/dirmngr-client.c: Likewise.
- * dirmngr/dirmngr.c: Likewise.
- * dirmngr/dirmngr_ldap.c: Likewise.
- * dirmngr/dns-stuff.c: Likewise.
- * dirmngr/http.c: Likewise.
- * dirmngr/ks-engine-hkp.c: Likewise.
- * dirmngr/ks-engine-ldap.c: Likewise.
- * dirmngr/ldap-wrapper.c: Likewise.
- * dirmngr/ldap.c: Likewise.
- * dirmngr/misc.c: Likewise.
- * dirmngr/ocsp.c: Likewise.
- * dirmngr/validate.c: Likewise.
- * g10/encrypt.c: Likewise.
- * g10/getkey.c: Likewise.
- * g10/gpg.c: Likewise.
- * g10/gpgv.c: Likewise.
- * g10/import.c: Likewise.
- * g10/keydb.c: Likewise.
- * g10/keydb.h: Likewise.
- * g10/keygen.c: Likewise.
- * g10/keyid.c: Likewise.
- * g10/keylist.c: Likewise.
- * g10/keyring.c: Likewise.
- * g10/mainproc.c: Likewise.
- * g10/misc.c: Likewise.
- * g10/options.h: Likewise.
- * g10/packet.h: Likewise.
- * g10/parse-packet.c: Likewise.
- * g10/pkclist.c: Likewise.
- * g10/pkglue.c: Likewise.
- * g10/plaintext.c: Likewise.
- * g10/server.c: Likewise.
- * g10/sig-check.c: Likewise.
- * g10/sqlite.c: Likewise.
- * g10/tdbio.c: Likewise.
- * g10/test-stubs.c: Likewise.
- * g10/tofu.c: Likewise.
- * g10/trust.c: Likewise.
- * g10/trustdb.c: Likewise.
- * g13/create.c: Likewise.
- * g13/mountinfo.c: Likewise.
- * kbx/keybox-blob.c: Likewise.
- * kbx/keybox-file.c: Likewise.
- * kbx/keybox-init.c: Likewise.
- * kbx/keybox-search-desc.h: Likewise.
- * kbx/keybox-search.c: Likewise.
- * kbx/keybox-update.c: Likewise.
- * scd/apdu.c: Likewise.
- * scd/app-openpgp.c: Likewise.
- * scd/app-p15.c: Likewise.
- * scd/app.c: Likewise.
- * scd/ccid-driver.c: Likewise.
- * scd/command.c: Likewise.
- * scd/iso7816.c: Likewise.
- * sm/base64.c: Likewise.
- * sm/call-agent.c: Likewise.
- * sm/call-dirmngr.c: Likewise.
- * sm/certchain.c: Likewise.
- * sm/gpgsm.c: Likewise.
- * sm/import.c: Likewise.
- * sm/keydb.c: Likewise.
- * sm/minip12.c: Likewise.
- * sm/qualified.c: Likewise.
- * sm/server.c: Likewise.
- * tools/gpg-check-pattern.c: Likewise.
- * tools/gpgconf-comp.c: Likewise.
- * tools/gpgkey2ssh.c: Likewise.
- * tools/gpgparsemail.c: Likewise.
- * tools/gpgtar.c: Likewise.
- * tools/rfc822parse.c: Likewise.
- * tools/symcryptrun.c: Likewise.
-
-2015-11-16 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix error checking and improve error reporting.
- + commit 8e2bea22b0927f4f95a248cc7517f407a705d8a8
- * g10/gpg.c (check_user_ids): Differentiate between a second result
- and an error. If the key specification is ambiguous or an error
- occurs, set RC appropriately.
-
-2015-11-14 Werner Koch <wk@gnupg.org>
-
- gpg: Use only one fingerprint formatting function.
- + commit 3689c2105aab6a4304e9464c5b20207d69b9a133
- * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New.
- * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN.
- Change all callers.
- (format_hexfingerprint): New.
- * g10/keylist.c (print_fingerprint): Change to use hexfingerprint.
- * g10/tofu.c (fingerprint_format): Remove. Replace calls by
- format_hexfingerprint.
-
-2015-11-13 Werner Koch <wk@gnupg.org>
-
- gpg: Simplify the tofu interface by using the public key packet.
- + commit e7d7160ab7cd4e6b460bfe36fd3a7275adadb4e2
- * g10/tofu.c (fingerprint_str): Remove.
- (tofu_register): Take a public key instead of a fingerprint as arg.
- Use hexfingerprint() to get a fpr from the PK.
- (tofu_get_validity): Ditto.
- (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint.
- * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to
- instead of the fingerprint to the tofu functions.
-
- gpg: Make trusted-key override for Tofu robust against swapped tofu.db.
- + commit 7de8376430625c1f6f3a58ae16276deca8ff6a82
- * g10/tofu.c (get_trust): For the UTK check lookup the key by
- fingerprint.
-
- gpg: Fix regression in --locate-keys (in 2.1.9).
- + commit 7e59fb21f728b5f54468cd35b1415a2f86003d4f
- * g10/getkey.c (getkey_ctx_s): Add field "extra_list".
- (get_pubkey_byname): Store strings in the context.
- (getkey_end): Free EXTRA_LIST.
-
-2015-11-12 Werner Koch <wk@gnupg.org>
-
- gpg: Print a new EXPORTED status line.
- + commit 2038adf16d0e7eeb614043aae17b16a867de6b70
- * common/status.h (STATUS_EXPORTED): New.
- * g10/export.c (print_status_exported): New.
- (do_export_stream): Call that function.
-
- gpg: Print export statistics to the status-fd.
- + commit e3c48335f9c5081c6080bceafa7a04140403427a
- * common/status.h (STATUS_EXPORT_RES): New.
- * g10/main.h (export_stats_t): New.
- * g10/export.c (export_stats_s): New.
- (export_new_stats, export_release_stats): New.
- (export_print_stats): New.
- (export_pubkeys, export_seckeys, export_secsubkeys)
- (export_pubkey_buffer, do_export): Add arg "stats".
- (do_export_stream): Add arg stats and update it.
- * g10/gpg.c (main) <aExport, aExportSecret, aExportSecretSub>: Create,
- pass, and print a stats object to the export function calls.
-
- * g10/export.c (export_pubkeys_stream): Remove unused function.
-
- dirmngr: Do not block during ADNS calls.
- + commit a3b26d6c0839ec18d1dc226bb537d5067c86d574
- * dirmngr/dns-stuff.c: Include npth.h
- (my_unprotect, my_protect): New wrapper.
- (resolve_name_adns): Put unprotect/protect around adns calls.
- (get_dns_cert): Ditto.
- (getsrv): Ditto.
- (get_dns_cname): Ditto.
-
- dirmngr: New option --nameserver.
- + commit a2cc1d57552ccac7b2f9a0c6423b171b2a168b2a
- * dirmngr/dirmngr.c (oNameServer): New.
- (opts): Add --nameserver.
- (parse_rereadable_options): Act upon oNameServer.
- * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New.
- (tor_nameserver): New.
- (set_dns_nameserver): New.
- (my_adns_init): Make name server configurable.
-
-2015-11-11 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix cache consistency problem.
- + commit 7546e818791988c00b8635dab5b899265d8d9f42
- g10/keyring.c (keyring_search): Only mark the cache as completely
- filled if we start the scan from the beginning of the keyring.
-
-2015-11-10 Neal H. Walfield <neal@g10code.com>
-
- gpg: Default to the the PGP trust model.
- + commit 67c701d1e53f56305e3b8771c683c45bb9672305
- * g10/trustdb.c (init_trustdb): If we can't read the trust model from
- the trust DB, default to TM_PGP, not TM_TOFU_PGP.
-
- gpg: Default to the flat TOFU DB format.
- + commit 951f277b6bf8178560105538d38e2a07a96865bd
- * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there
- is no TOFU DB, default to the flat format.
-
-2015-11-09 Werner Koch <wk@gnupg.org>
-
- dirmngr: Change to new ADNS Tor mode init scheme.
- + commit 288c9919dc45496b2380eeac487a8539692d6842
- * dirmngr/dns-stuff.c (tor_credentials): New.
- (enable_dns_tormode): Add arg new_circuit and update tor_credentials.
- (my_adns_init): Rework to set Tor mode using a config file options and
- always use credentials.
- * dirmngr/server.c (cmd_dns_cert): Improve error message.
- * dirmngr/t-dns-stuff.c (main): Add option --new-circuit.
-
- dirmngr: Improve detection of ADNS.
- + commit f92e95175e90120362a7d6376fb32307e11267b5
- * configure.ac (HAVE_ADNS_FREE): New ac_define.
-
-2015-11-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add reder information to --card-status.
- + commit bce0e3f71df0709a7d323a688ddf2690c1727a6c
- * g10/call-agent.h, g10/call-agent.c (agent_release_card_info)
- g10/card-util.c (card_status): Add READER.
- * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME.
- (apdu_get_reader_name): New.
- * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P.
- * scd/command.c (cmd_learn): Return READER information.
-
-2015-11-06 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid new strings.
- + commit 2242658efe0c975a46c3316bc9171ddbce085e2c
- * g10/decrypt-data.c (decrypt_data): Use already translated strings.
-
- common: Fix commit f99830b.
- + commit 20125333e7b822e8c70ac8cef986649f0654eb56
- * common/userids.c (classify_user_id): Avoid underflow. Use spacep to
- also trim tabs.
-
-2015-11-06 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix formatting string.
- + commit 28e198201e580b39bceb9c151df07fc0e936a91d
- * g10/decrypt-data.c (decrypt_data): Fix formatting string.
-
- gpg: Add new option --only-sign-text-ids.
- + commit a74aeb5dae1f673fcd98b39a6a0496f3c622709a
- * g10/options.h (opt): Add field only_sign_text_ids.
- * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs.
- (opts): Handle oOnlySignTextIDs.
- (main): Likewise.
- * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't
- select non-text based IDs automatically.
- (keyedit_menu): Adapt the prompt asking to sign all user ids according
- to OPT.ONLY_SIGN_TEXT_IDS.
- * doc/gpg.texi: Document the new option --only-sign-text-ids.
-
- common: When classifying keyids and fingerprints, reject trailing junk.
- + commit f99830b72812395da5451152bdd2f2d90a7cb7fb
- * common/userids.c (classify_user_id): Trim any trailing whitespace.
- Before assuming that a hexstring corresponds to a key id or
- fingerprint, make sure that it is NUL terminated.
-
- gpg: Check for ambiguous or non-matching key specs.
- + commit e8c53fca954d33366e3494a6d4eecc3868282bcc
- * g10/gpg.c (check_user_ids): New function.
- (main): Check that any user id specifications passed to --local-user
- and --remote-user correspond to exactly 1 user. Check that any user
- id specifications passed to --default-key correspond to at most 1
- user. Warn if any user id specifications passed to --local-user or
- --default-user are possible ambiguous (are not specified by long keyid
- or fingerprint).
- * g10/getkey.c (parse_def_secret_key): Don't warn about possible
- ambiguous key descriptions here.
-
- common: Add new function strlist_rev.
- + commit f38bac8883ea2e9ed8e2836f97a953efb85e774c
- * common/strlist.c (strlist_rev): New function.
- * common/t-strlist.c: New file.
- * common/Makefile.am (common_sources): Add strlist.c and strlist.h.
- (module_tests): Add t-strlist.
- (t_strlist_LDADD): New variable.
-
- common: Include required, but not included headers in t-support.h.
- + commit 23e163473f050d1f2c08f589beb9dab283b7d624
- * common/t-support.h: Include <stdlib.h> and <stdio.h>.
-
-2015-11-05 Neal H. Walfield <neal@g10code.com>
-
- gpg: Indicate which characters are invalid.
- + commit a958ffd148a46f3757d1c309bb13555638044640
- * g10/keygen.c (ask_user_id): Indicate which characters are invalid.
-
- gpg: Add support for unwrapping the outer level of encryption.
- + commit ec409e62aea6cc829299be794f9d035d033cb51b
- * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
- copy the data to the output file instead of continuing to process it.
- * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
- (opts): Handle oUnwrap.
- (main): Likewise.
- * g10/options.h (opt): Add field unwrap_encryption.
- * g10/plaintext.c (handle_plaintext): Break the output file selection
- functionality into ...
- (get_output_file): ... this new function.
-
- common: Add a function for copying data from one iobuf to another.
- + commit fd4b9e232805b2e30b29903568c95cc0aad8bbec
- * common/iobuf.c (iobuf_copy): New function.
-
- doc: Note that gpgkey2ssh is deprecated.
- + commit 2b0e0a53b4db8c44e299f57a9f4f9fc1b825e707
- * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated.
-
- tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg.
- + commit cd2d685230ecafb7df504ef2b16cf1ec9a014300
- * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most
- gratuitous asserts with error messages. Invoke gpg2, not gpg.
-
-2015-11-05 Neal H. Walfield <neal@g10code.com>
- Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- doc: Add documentation for gpgkey2ssh.
- + commit 2b27acc3435e73fad7460b551a36b4064cdd58be
- * doc/tools.texi: Add documentation for gpgkey2ssh.
-
-2015-11-04 Neal H. Walfield <neal@g10code.com>
-
- gpg: Print a better error message for --multifile --sign --encrypt.
- + commit 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e
- * g10/gpg.c (main): Print a better error message for --multifile
- --sign --encrypt.
-
- gpg: Add --encrypt-to-default-key.
- + commit de9b2340153d70b083494d1a277a384dcf43bff0
- * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
- export the function.
- * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
- (opts): Handle oEncryptToDefaultKey.
- (main): Likewise.
- * g10/options.h (opt): Add field encrypt_to_default_key.
-
- gpg: Allow multiple --default-key options. Take the last available key.
- + commit e16d7168c54e5f7bc2f0037806ee4f730930eaf0
- * g10/getkey.c (parse_def_secret_key): New function.
- (get_seckey_default): Add parameter ctrl. Update callers. Use
- parse_def_secret_key to get the default secret key, if any.
- (getkey_byname): Likewise.
- (enum_secret_keys): Likewise.
- * g10/options.h (opt): Change def_secret_key's type from a char * to a
- strlist_t.
- * g10/gpg.c (main): When processing --default-key, add the key to
- OPT.DEF_SECRET_KEY.
- * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers.
- * g10/mainproc.c (proc_pubkey_enc): Likewise.
- (do_proc_packets): Likewise.
- * g10/pkclist.c (default_recipient): Likewise.
- * g10/pubkey-enc.c (get_session_key): Likewise.
- * g10/sign.c (clearsign_file): Likewise.
- (sign_symencrypt_file): Likewise.
- * g10/skclist.c (build_sk_list): Likewise.
- * g10/test-stubs.c (get_session_key): Likewise.
-
-2015-11-04 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix error handling with libusb-compat library.
- + commit 1e94a672efb8bf66f416bc63bf6670e509a21fe5
- * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.
-
- scd: fix change_keyattr.
- + commit c5a9fedba66361ddd9f596528882750068543298
- * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.
-
-2015-11-03 Werner Koch <wk@gnupg.org>
-
- gpg: Change out of core error message.
- + commit 44ad9f29d43f40bbc1840454880f4af3df1c5295
- * g10/tofu.c (fingerprint_str): Die with the error code returned by
- the failed function.
- (time_ago_str): Ditto. Do not make a comma translatable.
- (fingerprint_format): Use "%zu" for a size_t.
-
- gpg: Make translation easier.
- + commit 62b8cd5495dcac9a0f8a3d88c7bd4cd80997fd3f
- * g10/import.c (import_secret_one): Split info string for easier
- translation.
-
-2015-11-03 Neal H. Walfield <neal@g10code.com>
-
- gpg: Also show when the most recently signed message was observed.
- + commit 621afac37e5555fd68054531e611ead444b62928
- * g10/tofu.c (show_statistics): Also show when the most recently
- signed message was observed.
-
- gpg: Split a utility function out of a large function.
- + commit 36326112290b6eef47c9dada30dddbdf408680e4
- * g10/tofu.c (show_statistics): Break the time delta to string code
- into...
- (time_ago_str): ... this new function.
-
- gpg: Fix message formatting.
- + commit c8ef9f9a64d13ea8b9b4ade62525243abe2976ba
- * g10/tofu.c (get_trust): Fix message formatting.
-
- gpg: Don't store formatting fingerprints in the TOFU DB.
- + commit 8ae3946d28c43e30ef692ba6cf1a7fa4ed65ecc5
- * g10/tofu.c (fingerprint_pp): Split this function into...
- (fingerprint_str): ... this function...
- (fingerprint_format): ... and this function.
- (record_binding): Store the unformatted fingerprint in the DB. Only
- use the formatting fingerprint when displaying a message to the user.
- (get_trust): Likewise.
- (show_statistics): Likewise.
- (tofu_register): Likewise.
- (tofu_get_validity): Likewise.
- (tofu_set_policy): Likewise.
- (tofu_get_policy): Likewise.
-
-2015-11-02 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: notify a user when importing stub is skipped.
- + commit 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4
- * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
- when stub_key_skipped.
- (import_secret_one): Notify a user, suggesting --card-status.
-
-2015-10-31 Neal H. Walfield <neal@g10code.com>
-
- gpg: Consider newlines to be whitespace in an SQL statement.
- + commit 18cd09246f5dcddcafb8662afd84fa046e36de3f
- * g10/sqlite.c (sqlite3_stepx): When making sure that there is no
- second SQL statement, ignore newlines.
-
-2015-10-30 Werner Koch <wk@gnupg.org>
-
- common: Improve t-zb32 to be used for manual encoding.
- + commit d89a9fca46d9bba497dde0793b57217c800b0e8d
- * common/t-support.h (no_exit_on_fail, errcount): New.
- (fail): Bump errcount.
- * common/t-zb32.c (main): Add options to allow manual use.
-
- common: Add separate header for zb32.c.
- + commit 5aadb4b62d26e1bfb40a1ce444a81c2a5a56159c
- * common/util.h (zb32_encode): Move prototype to ...
- * common/zb32.h: new. Include this for all callers of zb32_encode.
-
-2015-10-29 Neal H. Walfield <neal@g10code.com>
-
- gpg: Display the correct error message.
- + commit 641df615da4937b0073c420a0503c5810c237972
- * g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
- RC does not contain the error code. Save the error code in rc2 and
- use that.
-
- gpg: Eliminate a memory leak.
- + commit d68bdc553a206e54234d5d53ad35c4ba34133118
- * g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
- failure.
-
- gpg: Remove unused prototype.
- + commit ef052591ba51ee16bafc3c5b79d837ed8f01b520
- g10/keyring.h (keyring_locate_writable): Remove unused prototype.
-
- gpg: Eliminate a memory leak.
- + commit 89eee5f6b7ca3da7ebdcc3e5d069701d0834b39e
- * g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.
-
- gpg: Fix keyring support.
- + commit 99c84b49b787dab8da26cf61eed24dd4a2b77fd9
- * g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
- if it is actually prepared, which it only is if the resource is a
- keybox.
-
- gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
- + commit 421827424fe87855307fe3e803b42ffa02738600
- * g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
- (sqlite3_stepx_callback): New declaration.
- (sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
- which passes an additional parameter, the sqlite3_stmt *. Update
- users.
-
- gpg: Move sqlite helper functions into their own file.
- + commit 351f4213e192aa11500c0c590d11183edbe326c5
- * g10/tofu.c (sqlite3_exec_printf): Move from here...
- * g10/sqlite.c (sqlite3_exec_printf): ... to this new file. Don't
- mark as static.
- * g10/tofu.c (sqlite3_stepx): Move from here...
- * g10/sqlite.c (sqlite3_stepx): ... to this new file. Don't
- mark as static.
- * g10/tofu.c (enum sqlite_arg_type): Move from here...
- * g10/sqlite.h (enum sqlite_arg_type): ... to this new file.
-
-2015-10-29 NIIBE Yutaka <gniibe@fsij.org>
-
- doc: Don't install gpg-zip.1.
- + commit d25e29ad9374da1c11ccfc38f392dbab2d707042
- * doc/Makefile.am (myman_pages): Remove gpg-zip.1.
- (DISTCLEANFILES): Add gpg-zip.1.
-
-2015-10-28 Werner Koch <wk@gnupg.org>
-
- sm: Allow combination of usage flags --gen-key.
- + commit 8b6c83dcb086ef09b2676e4d5b0111c88b7b8bf8
- * sm/certreqgen.c (create_request): Re-implement building of the
- key-usage extension.
-
-2015-10-28 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- doc: Document some changed default options.
- + commit e095a3fcf2ccc6cc4e258111dc395558069a1164
- * doc/gpg.texi: Update the description of some options which are
- now enabled by default.
-
-2015-10-28 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix NULL-deref while loading a CRL.
- + commit fa15a71daff8414bf4112bc2826dc495ff2fb01f
- * dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
- failure.
-
- dirmngr: Minor cleanup of the SRV RR code.
- + commit 949a5cfdabcafab93c1ac092c0459b59318805b9
- * dirmngr/dns-stuff.c: Include unistd.h.
- (getsrv): Run srand only once.
- * dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
- and change output format.
-
- dirmngr: Add a getaddrinfo wrapper backend using ADNS.
- + commit e026efb4363bc6e3c41ed533daf06f103ebd2e32
- * dirmngr/dns-stuff.c: Replace all use of default_errsource.
- (my_adns_init): Move to top.
- (resolve_name_adns): New.
- (resolve_dns_name) [USE_ADNS]: Divert to new func.
-
-2015-10-26 Werner Koch <wk@gnupg.org>
-
- gpg: Do not call an extra get_validity if no-show-uid-validity is used.
- + commit a6c2c098435a703ca02abf651ff4fa45e5a4db9a
- * g10/mainproc.c (check_sig_and_print): Do not call the informational
- get_validity if we are not going to use it.
-
-2015-10-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Ensure all weak digest rejection notices are shown.
- + commit 91015d021b3dcbe21ad0e580a4f34c523abf9e72
- * g10/main.h: Add rejection_shown flag to each weakhash struct
- * g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
- treat MD5 separately; (print_digest_rejected_note): Use
- weakhash.rejection_shown instead of static shown.
- * g10/options.h (opt): Change from additional_weak_digests to
- weak_digests.
- * g10/sig-check.c: Do not treat MD5 separately.
- * g10/gpg.c (main): Explicitly set MD5 as weak.
- * g10/gpgv.c (main): Explicitly set MD5 as weak.
-
-2015-10-26 Werner Koch <wk@gnupg.org>
-
- w32: Make it build again if Tofu support is not available.
- + commit 0d37a40fc34519e93af3ceffff2cd726d29576d3
- * g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
- functions.
-
- dirmngr: Support Tor hidden services.
- + commit 4524a2a3714f263d56bb7db349c169b456994fd9
- * dirmngr/dns-stuff.c (is_onion_address): New.
- * dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
- (map_host): Special case onion addresses.
- (ks_hkp_print_hosttable): Print an 'O' for an onion address.
- * dirmngr/http.c (connect_server): Special case onion addresses.
-
- dirmngr,w32: Remove gethostbyname hack and make it build again.
- + commit 7735bbe539af35ce16e270946d5ae798c5989d6e
- * dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
- we require getaddrinfo anyway.
- * dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
- (map_eai_to_gpg_error) [W32]: Take care of unsupported codes.
-
-2015-10-26 Neal H. Walfield <neal@g10code.com>
-
- gpg: Make sure we only have a single SQL statement.
- + commit c18fb0d99b633bb267dead6e7c46229f4b780bc3
- * g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
- statement.
-
- gpg: When the TOFU DB is in batch mode, periodically drop the locks.
- + commit 5b0ed7674dc718ee98e0c80aa93ce014f2b51411
- * g10/tofu.c: Include <sched.h>.
- (batch_update_started): New variable.
- (begin_transaction): If we've been in batch mode for a while, then
- commit any extant batch transactions.
- (tofu_begin_batch_update): If we are not in batch mode, initialize
- batch_update_started.
-
-2015-10-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add workaround for broken getaddrinfo.
- + commit 5e7ac031f513ad3b60e4f092fa72b3bec0676515
- * dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
- first resolving the CNAME.
- (get_dns_cname): New.
-
- * dirmngr/t-dns-stuff.c (main): Add option --cname.
-
- dirmngr: Better handle systems without IPv6 or IPv4.
- + commit 0e3c9f184a5fb3e41277700d690febc2eee9600a
- * dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.
-
- dirmngr: Replace use of getnameinfo by resolve_dns_addr.
- + commit 927f34603d942868af6a7bd0f347681bbad76a94
- * dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
- (map_host): Use resolve_dns_addr.
-
- dirmngr: Implement a getnameinfo wrapper.
- + commit 816505958ac4308ee0dfe787d1b706982428b6cc
- * dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
- (DNS_WITHBRACKET): New.
- * dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
- (map_eai_to_gpg_error): new.
- (resolve_addr_standard): New.
- (resolve_dns_addr): New.
-
- * dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
- * dirmngr/dns-stuff.c (is_ip_address): here. Add support for non
- bracketed v6 addresses.
-
- * dirmngr/t-dns-stuff.c: Remove header netdb.h.
- (main): Add option --bracket. Use resolve_dns_name instead of
- getnameinfo.
-
-2015-10-23 Neal H. Walfield <neal@g10code.com>
-
- gpg: Provide an interface to patch TOFU updates.
- + commit 7f65e84ac035e8f7a25639a6b09eb6000115e337
- * g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
- Rename end_transaction to savepoint_batch_commit. Update users.
- Remove field rollback. Add fields savepoint_inner and
- savepoint_inner_commit. Add field batch_update.
- (dump_cache): New function.
- (batch_update): New variable.
- (begin_transaction). New function.
- (end_transaction): New function.
- (rollback_transaction): New function.
- (tofu_begin_batch_update): New function.
- (tofu_end_batch_update): New function.
- (closedb): End any pending batch transaction.
- (closedbs): Assert that none of the DBs have a started batch
- transaction if we not in batch mode.
- (record_binding): Use the begin_transaction, end_transaction and
- rollback_transaction functions instead of including the SQL inline.
- Also start a batch mode transaction if we are using the flat format.
- (tofu_register): Use the begin_transaction, end_transaction and
- rollback_transaction functions instead of including the SQL inline.
- * g10/gpgv.c (tofu_begin_batch_update): New function.
- (tofu_end_batch_update): New function.
- * g10/test-stubs.c (tofu_begin_batch_update): New function.
- (tofu_end_batch_update): New function.
-
- gpg: Cache prepared SQL queries and open DB connections.
- + commit 297cf8660ce346638e42934d84d746768f8bb10a
- * g10/tofu.c: Include <stdarg.h>.
- (prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
- (queries) [DEBUG_TOFU_CACHE]: New variable.
- (struct db): Add fields prevp, begin_transaction, end_transaction,
- rollback, record_binding_get_old_policy, record_binding_update,
- record_binding_update2, get_policy_select_policy_and_conflict,
- get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
- get_trust_gather_other_keys, register_already_seen, and
- register_insert.
- [DEBUG_TOFU_CACHE]: Add field hits.
- (STRINGIFY): New macro.
- (STRINGIFY2): New macro.
- (enum sqlite_arg_type): New enum.
- (sqlite3_stepx): New function.
- (combined_db): Remove variable.
- (opendb): Don't cache the combined db.
- (struct dbs): New struct. Update users to use this as the head of the
- local DB list rather than overloading struct db.
- (unlink_db): New function.
- (link_db): New function.
- (db_cache): New variable.
- (db_cache_count): New variable.
- (DB_CACHE_ENTRIES): Define.
- (getdb): If the dbs specific cache doesn't include the DB, look at
- DB_CACHE. Only if that also doesn't include the DB open the
- corresponding DB.
- (closedb): New function.
- (opendbs): Don't open the combined DB. Just return an initialized
- struct dbs.
- (closedbs): Don't close the dbs specific dbs. Attach them to the
- front of DB_CACHE. If DB_CACHE contains more than DB_CACHE_ENTRIES,
- close enough dbs from the end of the DB_CACHE list such that DB_CACHE
- only contains DB_CACHE_ENTRIES. Don't directly close the dbs, instead
- use the new closedb function.
- [DEBUG_TOFU_CACHE]: Print out some statistics.
- (record_binding): Use sqlite3_stepx instead of sqlite3_exec or
- sqlite3_exec_printf.
- (get_policy): Likewise.
- (get_trust): Likewise.
- (tofu_register): Likewise.
-
- gpg: Return the DBs meta-handle rather than the sqlite3 handle.
- + commit cd879d4bd69a578be5a1ff96497f8c1181885563
- * g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
- Update users.
-
- gpg: Use the proper type.
- + commit 3c4c89cc35280164b509977c5288b0a06d6f530e
- * g10/options.h: Include "tofu.h".
- (opt.tofu_default_policy): Change type to enum tofu_policy.
- * g10/gpgv.c (enum tofu_policy): Don't redeclare.
- * g10/test-stubs.c (enum tofu_policy): Likewise.
-
-2015-10-22 Werner Koch <wk@gnupg.org>
-
- dirmngr: Implement Tor mode for SRV RRs.
- + commit 8b06d7f41aec6cb993445935dba7c60e033d026a
- * dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
- (my_adns_init): new.
- (getsrv)[USE_ADNS]: Use my_adns_init.
- (getsrv)[!USE_ADNS]: Return an error if Tor mode is active.
-
- * dirmngr/t-dns-stuff.c: Add option --use-tor.
-
- dirmngr: Do not use MAXDNAME.
- + commit e03a4a94bb67d4a6c958b37671f83456e203f325
- * dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
- * dirmngr/dns-stuff.h (MAXDNAME): Remove.
- (struct srventry): Use a fixed value instead of MAXDNAME.
- * dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
- Malloc a helper array.
-
- Move SRV RR code from common/ to dirmngr/.
- + commit 41bb01ae792af78edd28bf1b735cacc0b3ac428a
- * common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file.
- * common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file.
- * common/Makefile.am (common_sources): Remove srv.c and srv.h.
- * g10/keyserver.c: Do not include srv.h. The code using it is anyway
- disabled.
- * dirmngr/http.c: Remove header srv.h and stubs.
- * dirmngr/t-dns-stuff.c: Add option --srv.
-
-2015-10-21 Werner Koch <wk@gnupg.org>
-
- dirmngr: Use the new DNS wrapper for the HTTP module.
- + commit 1e34007c972c1d7730cfcacd88f6bbebba7dec1d
- * dirmngr/t-http.c (main): Init assuan sockets.
- * dirmngr/http.c: Include dns-stuff.h.
- (connect_server)[!HAVE_GETADDRINFO]: Remove all code.
- (connect_server): Change to use resolve_dns_name.
-
- dirmngr: Allow use of http.c if USE_NPTH is not defined.
- + commit b6af3377e14fad35b9c6041b11888cabce6e8a56
- * dirmngr/http.c (send_request): Always set the gnutls pull/push
- functions.
- (my_npth_read): Rename to ...
- (my_gnutls_read) .. this. Use system read if !USE_NPTH.
- (my_npth_write): Rename to ...
- (my_gnutls_write) .. this. Use system write if !USE_NPTH.
-
- dirmngr: Check that getaddrinfo is available.
- + commit 6fafda979df8e7e117f8e6929bcce89513a6e746
- * dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
- (t_ldap_parse_uri_SOURCES): Ditto.
- * dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
- available.
-
- dirmngr: Use the new DNS wrapper for the HKP engine.
- + commit afbe87fa2d259b665b2d67a038a8535cfcfee094
- * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
- dns_addrinfo_t.
- (map_host): Replace getaddrinfo by resolve_dns_name.
-
- dirmngr: Implement a getaddrinfo wrapper.
- + commit 8bccbf477878fd99baa96e11db9db99aaf1e8d91
- * dirmngr/dns-stuff.h: Include some header files.
- (dns_addinfo_t, dns_addrinfo_s): New.
- * dirmngr/dns-stuff.c: Always include DNS related headers.
- (free_dns_addrinfo): New.
- (resolve_name_standard): New.
- (resolve_dns_name): New.
-
- * dirmngr/t-dns-stuff.c: Include netdb.h.
- (main): Keep old default mode with no args but else print outout of
- resolve_dns_name. Revamp option parser.
-
- common: Add more replacement error codes.
- + commit ffe60eb3d2b8f7d6c506804ce4645d695c91f237
- * common/util.h (GPG_ERR_SERVER_FAILED): New.
- (GPG_ERR_NO_KEY): New.
- (GPG_ERR_NO_NAME): New.
-
-2015-10-21 Neal H. Walfield <neal@g10code.com>
-
- gpg: If the saved trust model is unknown, default to tofu+pgp.
- + commit 9afeb4cca10c3632495fe71b23df99a4878bd3a5
- * g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
- default to tofu+pgp instead of pgp.
-
- gpg: Don't accidentally free UTK_LIST.
- + commit 8c3b7915d675ca5346c17244654d5c6ab583ac44
- * g10/trustdb.c (validate_keys): Don't free UTK_LIST.
-
- gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
- + commit cbaca254ac818c49c18d4480d3c7bd246cc57ae8
- * g10/trustdb.c (validate_one_keyblock): When checking trust regular
- expressions, treat the tofu+pgp trust model the same as the pgp trust
- model.
-
- gpg: If a key is ultimate trusted, return that in the tofu model.
- + commit df57390d68482c5b3fa5ff3a42a29ae1b6cbb23c
- * g10/tofu.c (get_trust): If the policy is auto or none, check if the
- key is ultimately trusted. If so, return that.
- (tofu_register): If the key is ultimately trusted, don't show any
- statistics.
- (tofu_get_validity): Likewise.
-
- gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
- + commit d05ff81732e20e6f9d6d7a6281a96a312b001abb
- * g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
- possibly saved trust models. Also register the ultimately trusted
- keys if the trust model is tofu or tofu+pgp.
- (check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
- (update_trustdb): Likewise.
- (tdb_check_trustdb_stale): Likewise.
- (validate_keys): If the trust model is TOFU, just write out the
- ultimately trusted keys.
-
- gpg: Factor out code into a standalone function.
- + commit 243f90afba87e99ca42e2451ac5cc59d00a044ac
- * g10/trustdb.c (tdb_keyid_is_utk): New function.
- (add_utk): Use it.
-
- dirmngr: Allow building with libassuan < 2.3.
- + commit a79045e38d239a7f6e787cf7c1132772c737cc0e
- * dirmngr/http.c (send_request): Use newer assuan function only if
- available.
-
-2015-10-21 Neal H. Walfield <neal@g10code.com>
- Andre Heinecke <aheinecke@intevation.de>
-
- gpg: Make the tofu DB check and initialization atomic.
- + commit 85bd7d9491f8cc13c2b03f19b4f70ea13b45c704
- * g10/tofu.c (initdb): Make the version check and the database
- initialization atomic.
-
-2015-10-21 Werner Koch <wk@gnupg.org>
-
- build: Make --disable-g13 the default.
- + commit 485e0a221deb5c68f29b6a7a110b349dbe41c027
- * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13. Remove
- --enable-gpgtar because that is enabled anyway.
- * configure.ac: Do not build g13 by default.
-
- dirmngr: Rename file dns-cert.c.
- + commit 5055b617a94587580bc16a56bb82333077b05693
- * dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
- * dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
- includers.
- * dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
- * dirmngr/Makefile.am: Adjust.
-
- common: Add status code for use by g13.
- + commit 42571a38344e39f747315f754700a8181b8744fe
- * common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.
-
-2015-10-20 Werner Koch <wk@gnupg.org>
-
- dirmngr: Prefer ADNS over system resolver.
- + commit 58ebe50bdf4837e9ab2d3f8c6e5fcf28c66f26e9
- * configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
- (USE_DNS_CERT): Prefer ADNS over the system resolver.
- * dirmngr/dns-cert.c (tor_mode): New global var.
- (enable_dns_tormode): New func.
- (get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
- * dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.
-
- w32: Allow building again.
- + commit c83b627174f46e841f1ccc018322fe499969c267
- * dirmngr/http.c (connect_server): Fix called function name.
-
- build: Allow building without SQLlite support.
- + commit 734c61dc9d4915605816803182c9adcc1594e008
- * configure.ac: Add option --dsiable-tofu and --disable-sqlite.
- (NEED_SQLITE_VERSION): New var.
- (USE_TOFU): New ac_define and am_conditional.
- * autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
- pkg-config find the correct .pc file.
-
- * g10/Makefile.am (tofu_source): New. Build only if enabled.
- * g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
- (parse_tofu_policy)[!USE_TOFU]: Disable all.
- (parse_tofu_db_format)[!USE_TOFU]: Disable all.
- (main) <aTOFUPolicy>[!USE_TOFU]: Skip.
- * g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
- call tofu functions.
- * g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
- * g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
- processing.
-
-2015-10-20 Neal H. Walfield <neal@g10code.com>
-
- gpg: Don't die immediately if the TOFU DB is locked.
- + commit 26d457c218c2e93b2e2cf316f0c1074c70894d0f
- * g10/tofu.c (opendb): Don't die immediately if the DB is locked.
-
- gpg: Improve output.
- + commit bc9ff6c85e2d89be4ee873b8a72a214759a66157
- * g10/tofu.c (get_trust): Also show the binding when indicating a
- conflict occurred.
-
- gpg: Synchronize translation template.
- + commit 251c070f91e2c65baa3f1195f14a176440a8aafa
- * g10/tofu.c (show_statistics): Synchronize translation template.
-
- gpg: When showing conflicts, also show bindings with no recorded sigs.
- + commit d3eca517745a862432fcfeaa729e5333b15ffa6a
- * g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
- NULL, then both time_ago and count should be 0.
- (get_trust): Reverse the direction of the join so that we also get
- statistics about bindings without any signatures.
-
- gpg: Improve text.
- + commit 445f94bc81b20959a667a4ad80ea6c73059540bf
- * g10/tofu.c (show_statistics): Improve text.
-
- gpg: Use the right variable to display the information.
- + commit 4957e3236796979b58f35628351505ea5f4e936a
- * g10/tofu.c (get_trust): Use the right variable to display the
- conflicting key.
-
- gpg: Make failing to create a directory a soft error.
- + commit eb8a0b051faa03584b3820200e10301936e82f51
- * g10/tofu.c (getdb): Don't exit if we can't create the directory.
- Just return an error.
-
- common: Make sure tilde expansion works for the mkdir functions.
- + commit c3bb9fccb7963a0918b9ec6a4f10d568fac7c125
- * common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
- first directory component as well.
-
- gpg: Remove unused prototype digest_algo_from_sig.
- + commit d1a0b520b15bb941cdbf66c2e832c617af778ac8
- * g10/packet.h (digest_algo_from_sig): Remove prototype without a
- corresponding implementation.
-
-2015-10-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow building with libassuan < 2.3.
- + commit 4e42ad300b3de9fab25095a9e82431b1ea2740e7
- * dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
- available.
- * dirmngr/http.c (http_raw_connect): Ditto.
-
-2015-10-19 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix --desig-revoke.
- + commit c37621166e9cc2a818de73bc99287a393dbb5744
- * g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
- Check that the secret key is available. If not, display an error
- message.
-
- gpg: Improve function documentation and some comments.
- + commit a608ee750dd83bf77a5fb4f0ab5bcf812436ba4d
- * g10/main.h: Improve function documentation.
- * g10/packet.h.h: Improve function documentation.
- * g10/sig-check.c: Improve function documentation and some comments.
-
- gpg: Improve and regularize naming of signature checking functions.
- + commit 0433e667029508d6933e8798d3d95bcdde70a7aa
- * g10/packet.h (signature_check): Rename from this...
- (check_signature): ... to this. Update users.
- (signature_check2): Rename from this...
- (check_signature2): ... to this. Update users.
- * g10/sig-check.c (do_check): Rename from this...
- (check_signature_end): ... to this. Update users.
- (do_check_messages): Rename from this...
- (check_signature_metadata_validity): ... to this. Update users.
-
- gpg: Mark local function as static.
- + commit 547a1b3fb881bb8581d03dbf4eacf49163eaa4b5
- * g10/tdbio.c (put_record_into_cache): Mark as static.
-
-2015-10-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Print warning when rejecting weak digests.
- + commit b98939812abf6c643c752ce7c325f98039a1a9e2
- * g10/misc.c (print_md5_rejected_note): Rename to ..
- (print_digest_rejected_note): this. Parameterize function to take an
- enum gcry_md_algos.
- * g10/sig-check.c: Use print_digest_rejected_note() when rejecting
- signatures.
-
- gpg: Add option --weak-digest to gpg and gpgv.
- + commit 76afaed65e3b0ddfa4923cb577ada43217dd4b18
- * g10/options.h: Add additional_weak_digests linked list to opts.
- * g10/main.h: Declare weakhash linked list struct and
- additional_weak_digest() function to insert newly-declared weak
- digests into opts.
- * g10/misc.c: (additional_weak_digest): New function.
- (print_digest_algo_note): Check for deprecated digests; use proper
- gcry_md_algos type.
- * g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
- * g10/gpg.c: Add --weak-digest option to gpg.
- * doc/gpg.texi: Document gpg --weak-digest option.
- * g10/gpgv.c: Add --weak-digest option to gpgv.
- * doc/gpgv.texi: Document gpgv --weak-digest option.
-
-2015-10-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: Make --use-tor work - still leaks DNS.
- + commit 6983fd131f648ba4acd57b266de9868911874d14
- * dirmngr/dirmngr.c (set_tor_mode): New.
- (main, reread_configuration): Call it.
- * dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
- mode is enabled if the FORCE_TOR flag is given.
-
- dirmngr: Use Assuan socket wrappers for http.c.
- + commit 8c609eaf35b547f02979ef0b206520dd0853b294
- * dirmngr/http.c: Include assuan.h. Changed all code taking a socket
- descriptor from int to assuan_fd_t.
- (my_unprotect, my_protect): New.
- (my_connect): Remove.
- (_my_socket_new, _my_socket_unref): use assuan_sock_close.
- (connect_server): Use assuan_sock_connect, assuan_sock_new, and
- assuan_sock_close.
- * dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
-
-2015-10-19 Neal H. Walfield <neal@g10code.com>
-
- gpg: Fix formatting.
- + commit 253afa244487dd8129816615ac2865c9fe812aaf
- * g10/tofu.c (get_trust): Fix formatting.
-
- gpg: Don't forget to free some memory.
- + commit e56a116f9a1171ccf8b3293887a217953a46fc20
- * g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.
-
- gpg: If a conflict occurs in batch mode, record that.
- + commit 55d88454652543c98d74376977d855e394df6c92
- * g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
- set conflict to the key. When prompting the user, don't show the
- conflicting key if the conflicting key is the current key.
-
-2015-10-18 Werner Koch <wk@gnupg.org>
-
- gpg: Silence two more warnings.
- + commit c2c400714854d5a127a6966200d345d0d6cfc7d4
- * g10/trustdb.c (tdb_get_validity_core): Silence a warning.
- * g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
- so that it is not uninitialized in case of an early error.
-
- gpg: Fix harmless compiler warnings.
- + commit 558bcd43ae0a841cf1e58e06f5d72a19d5bc70cd
- * g10/tofu.h (_tofu_GET_POLICY_ERROR): New. This avoids warnings
- about undefined enum values in a switch.
- * g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
- * g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
- (opendbs): Avoid compiler warning (use braces).
- (GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
- (get_policy): Remove assert.
- (GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
- (show_statistics): Undef MIN_SECS et al. after use.
-
- common: Avoid warning about const char ** assignment.
- + commit e64c805b0c270d859ddf2c35d573110cf25e8d48
- * common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item. Return
- an error on malloc failure.
- (gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
-
- Move http module from common/ to dirmngr/.
- + commit 5aa1b392b1bf6fcf4cd380862c5affac39a4f34d
- * common/http.c: Move to ../dirmngr/.
- * common/http.h: Move to ../dirmngr/.
- * common/t-http.c: Move to ../dirmngr/.
- * common/tls-ca.pem: Move to ../dirmngr/.
- * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
- Remove http.c related stuff.
- * po/POTFILES.in: Move http.c to dirmngr/.
- * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
- (module_maint_tests): New.
- (noinst_PROGRAMS): Add module_maint_tests.
- (dirmngr_SOURCES): Add http.c and http.h.
- (dirmngr_LDADD): Remove libcommontlsnpth.
- (t_common_ldadd): Ditto.
- (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
- (t_ldap_parse_uri_SOURCES): Add http.c.
- (t_ldap_parse_uri_CFLAGS): Build without npth.
- ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
- * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
-
-2015-10-18 Neal H. Walfield <neal@g10code.com>
-
- g10: Fix assert.
- + commit 128a456e775edf393d47e40bb9ae8b62434e2978
- * g10/tofu.c (get_trust): Fix assert.
-
- g10: Add TOFU support.
- + commit f77913e0ff7be4cd9c6337a70ac715e6f4a43572
- * configure.ac: Check for sqlite3.
- (SQLITE3_CFLAGS): AC_SUBST it.
- (SQLITE3_LIBS): Likewise.
- * g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
- (gpg2_SOURCES): Add tofu.h and tofu.c.
- (gpg2_LDADD): Add $(SQLITE3_LIBS).
- * g10/tofu.c: New file.
- * g10/tofu.h: New file.
- * g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
- (tofu_db_format): Define.
- * g10/packet.h (PKT_signature): Add fields digest and digest_len.
- * g10/gpg.c: Include "tofu.h".
- (cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
- oTOFUDBFormat.
- (opts): Add them.
- (parse_trust_model): Recognize the tofu and tofu+pgp trust models.
- (parse_tofu_policy): New function.
- (parse_tofu_db_format): New function.
- (main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
- Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
- * g10/mainproc.c (do_check_sig): If the signature is good, copy the
- hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
- * g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
- callers.
- (tdb_get_validity_core): Add arguments sig and may_ask. Update
- callers.
- * g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
- to tdb_get_validity_core.
- * g10/trustdb.c: Include "tofu.h".
- (trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
- (tdb_get_validity_core): Add arguments sig and may_ask. If
- OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
- level. Combine it with the computed PGP trust level, if appropriate.
- * g10/keyedit.c: Include "tofu.h".
- (show_key_with_all_names_colon): If the trust mode is tofu or
- tofu+pgp, then show the trust policy.
- * g10/keylist.c: Include "tofu.h".
- (public_key_list): Also show the PGP stats if the trust model is
- TM_TOFU_PGP.
- (list_keyblock_colon): If the trust mode is tofu or
- tofu+pgp, then show the trust policy.
- * g10/pkclist.c: Include "tofu.h".
- * g10/gpgv.c (get_validity): Add arguments sig and may_ask.
- (enum tofu_policy): Define.
- (tofu_get_policy): New stub.
- (tofu_policy_str): Likewise.
- * g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
- (enum tofu_policy): Define.
- (tofu_get_policy): New stub.
- (tofu_policy_str): Likewise.
- * doc/DETAILS: Describe the TOFU Policy field.
- * doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
- --trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
- * tests/openpgp/Makefile.am (TESTS): Add tofu.test.
- (TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
- tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
- (CLEANFILES): Add tofu.db.
- (clean-local): Add tofu.d.
- * tests/openpgp/tofu.test: New file.
- * tests/openpgp/tofu-2183839A-1.txt: New file.
- * tests/openpgp/tofu-BC15C85A-1.txt: New file.
- * tests/openpgp/tofu-EE37CF96-1.txt: New file.
- * tests/openpgp/tofu-keys.asc: New file.
- * tests/openpgp/tofu-keys-secret.asc: New file.
-
-2015-10-16 Neal H. Walfield <neal@g10code.com>
-
- common: Prefix the mkdir functions with gnupg_. Make args const.
- + commit 93e855553eba03f5c31682e0aaf39f18f29860b7
- * common/mkdir_p.h (mkdir_p): Rename from this...
- (gnupg_mkdir_p): ... to this. Change directory_component's type from
- char * to const char *.
- (amkdir_p): Rename from this...
- (gnupg_amkdir_p): ... to this. Change directory_component's type from
- char * to const char *.
- * common/mkdir_p.c (mkdir_p): Rename from this...
- (gnupg_mkdir_p): ... to this. Change directory_component's type from
- char * to const char *.
- (amkdir_p): Rename from this...
- (gnupg_amkdir_p): ... to this. Change directory_component's type from
- char * to const char *.
-
-2015-10-14 NIIBE Yutaka <gniibe@fsij.org>
-
- cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
- + commit 3de5ef759895837fe499cff7fb1fa7798e6d5754
- * dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
- * kbx/keybox-update.c (keybox_set_flags): Call
- gpg_err_code_from_syserror.
-
-2015-10-13 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 0b4ebc398cc8aad3f25f84034cd6b129e55f1368
-
-
-2015-10-12 Werner Koch <wk@gnupg.org>
-
- gpg: Try hard to use MDC also for sign+symenc.
- + commit 4584125802be11833a5b289e864b45eedc2b45fd
- * g10/encrypt.c (use_mdc): Make it a global func.
- * g10/sign.c (sign_symencrypt_file): Use that function to decide
- whether to use an MDC.
- * tests/openpgp/conventional-mdc.test: Add a simple test case.
-
-2015-10-09 Werner Koch <wk@gnupg.org>
-
- Release 2.1.9.
- + commit 086b8738f71ba26d36287db81f6d78116053ba66
-
-
-2015-10-09 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: simplify agent_get_passphrase.
- + commit 5a12c45666cd16bc750d7f0e63620c295feb77ea
- * agent/call-pinentry.c (agent_get_passphrase): Simplify.
-
- agent: fix agent_askpin.
- + commit 818fa4f71e1056831b35d0f8aff715c0e1d537e6
- * agent/call-pinentry.c (agent_askpin): Fix off-by-one error.
-
- agent: Fix function return type for check_cb and agent_askpin.
- + commit f70f6695368444d8058305ab696e5e5a1bace18c
- * agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
- (start_pinentry, setup_qualitybar): Likewise.
- (agent_askpin): Fix return value check of check_cb.
- * agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
- (ssh_identity_register): Fix return value check of agent_askpin.
- * agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
- * agent/findkey.c (try_unprotect_cb): Likewise.
- * agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
- (agent_ask_new_passphrase): Fix return value check of agent_askpin.
-
-2015-10-08 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Default to http protocol for http-proxy.
- + commit ea079d283de6bf4ac70d7530fac70938e7c5e8f5
- * common/http.c (send_request): Fix handling for hostname:port string.
-
-2015-10-08 Werner Koch <wk@gnupg.org>
-
- common: Allow building of mkdir_p.c for Windows.
- + commit 4c298525903f844eee95ecbcdc45f5ac034fa148
- * common/mkdir_p.c: Change license and comment debug statements.
- (amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
- build an error code. Change return value to gpg_error_t.
- (amkdir_p): Use gnupg_mkdir.
-
- * common/membuf.c: Include util.h first to avoid redefined macro
- warnings.
-
- gpg: Add option --print-dane-records.
- + commit d7b8e76f9930750d669405dee3108c9bc8e87b91
- * g10/options.h (opt): Add field "print_dane_records".
- * g10/gpg.c (oPrintDANERecords): new.
- (opts): Add --print-dane-records.
- (main): Set that option.
- * g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
- (do_export_stream): Add EXPORT_DANE_FORMAT handling.
- * g10/keylist.c (list_keyblock_pka): Implement DANE record printing.
-
- * g10/gpgv.c (export_pubkey_buffer): New stub.
- * g10/test-stubs.c (export_pubkey_buffer): New stub.
-
- gpg: Pass CTRL parameter to all key listing functions.
- + commit b6d621583fc9cbda6f9376a24f2f4cf11499a4fd
- * g10/keylist.c (public_key_list): Add arg CTRL.
- (secret_key_list): Ditto.
- (list_all, list_one): Ditto.
- (locate_one): Ditto.
- (list_keyblock_pka): Ditto.
- (list_keyblock): Ditto.
- (list_keyblock_direct): Ditto.
- * g10/keygen.c (proc_parameter_file): Add arg CTRL.
- (read_parameter_file): Ditto.
- (quick_generate_keypair): Ditto.
- (do_generate_keypair): Ditto.
- (generate_keypair): Pass arg CTRL.
- * g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
-
-2015-10-07 Werner Koch <wk@gnupg.org>
-
- gpg: Remove unfinished experimental code to export as S-expressions.
- + commit a400958323d93036dca9c63135b167012ea64f8b
- * g10/options.h (EXPORT_SEXP_FORMAT): Remove.
- (EXPORT_DANE_FORMAT): New.
- * g10/export.c (parse_export_options): Remove "export-sexp-format".
- (export_seckeys): Adjust for removed option.
- (export_secsubkeys): Ditto.
- (do_export): Prepare for DANE format.
- (build_sexp, build_sexp_seckey): Remove.
- (do_export_stream): Remove use of removed functions.
-
-2015-10-06 Werner Koch <wk@gnupg.org>
-
- gpg: Add new --auto-key-locate mechanism "dane".
- + commit 9ac31f91b10059474da1c9580fb99e94278d4c11
- * g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
- * g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
- * g10/options.h (AKL_DANE): New.
- * g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
- (parse_auto_key_locate): Ditto.
-
- dirmngr: Addlow fetching keys using OpenPGP DANE.
- + commit 264a81d82737369ee8beef771cf2bd2cd874320a
- * dirmngr/server.c (cmd_dns_cert): Add option --dane.
-
- dirmngr: Improve DNS code to retrieve arbitrary records.
- + commit 211b8084ee4391baec35e8c5bd75a9ecbcb889a7
- * dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
- resource records.
- * dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
- (DNS_CERTTYPE_RR61): New.
-
- dirmngr: Change DNS code to make additions easier.
- + commit 6cf80dc77ec5df3722924301ff4be2475966937b
- * dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
- adding more resource types.
-
- dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
- + commit 7faf45effcd47d2d04d35090a1e01a1dbb99ec70
- * dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
- (cmd_reloaddirmngr): Use check_owner_permission.
-
- dirmngr: Do tilde expansion for --hkp-cacert.
- + commit 9db6547a00cded92c00c8f8382b1b605be1027d2
- * dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
- check for cert file existance in option --hkp-cacert.
-
- gpg: Fail decryption for AES etc message w/o MDC.
- + commit 625e292108cc0fd9077769587a8c22abe7805e33
- * g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
-
-2015-10-06 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix verification of signature for smartcard.
- + commit 4a5bd1720f5a3dbb26f5daeb03725cae29be7e24
- * agent/pksign.c (agent_pksign_do): Use public key smartcard.
-
- agent: Fix non-allocation for pinentry_loopback.
- + commit ce2a84b58833fd308d5fe11756721f39c953280a
- * agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
- be allocated by pinentry_loopback.
-
-2015-10-05 Werner Koch <wk@gnupg.org>
-
- gpg: Install a dirmngr.conf file.
- + commit f3959f14b6c496c726bbca5230becb7b6844a234
- * g10/dirmngr-conf.skel: New.
- * g10/Makefile.am (EXTRA_DIST): Add file.
- (install-data-local, uninstall-local): Install that file.
- * g10/openfile.c (copy_options_file): Add arg "name", return a value,
- simplify with xstrconcat, and factor warning message out to:
- (try_make_homedir): here. Also install dirmngr.conf.
- * g10/options.skel: Remove --keyserver entry.
-
- gpg: Deprecate the --keyserver option.
- + commit ae471fa978589fb61ecb0f89bbfe4d43cf2d5eac
- * g10/keyserver.c (keyserver_refresh): Change return type to
- gpg_error_t. Use gpg_dirmngr_ks_list to print the name of the
- keyserver to use.
- (keyserver_search): Do not print the "no keyserver" error
- message. The same error is anyway returned from dirmngr.
- * g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
- (ks_status_cb): Handle other status keywords.
- (gpg_dirmngr_ks_list): New.
- * tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
- (gc_options_dirmngr): Add "Keyserver" group and "keyserver".
-
- dirmngr: Add option --keyserver.
- + commit a48e6de603c3a312f02b1b5fdb813032eeae9074
- * dirmngr/dirmngr.c (oKeyServer): New.
- (opts): Add "keyserver".
- (parse_rereadable_options): Parse that options
- (main): Add option to the gpgconf list.
- * dirmngr/dirmngr.h (opt): Add field "keyserver".
- * dirmngr/server.c (ensure_keyserver): New.
- (make_keyserver_item): New. Factored out from
- (cmd_keyserver): here. Call ensure_keyserver.
- (cmd_ks_search): Call ensure_keyserver.
- (cmd_ks_get): Ditto.
- (cmd_ks_fetch): Ditto.
- (cmd_ks_put): Ditto.
-
- dirmngr: Make clear that --use-tor is not yet ready for use.
- + commit 438730323a5d9bbf8dd5cd60d479b6c03f8721d0
- * dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
- given.
- * tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.
-
- gpgconf: Change displayed name of Dirmngr to "Key Acquirer".
- + commit c6400c1aa82239f1c154ca27596600cae964515d
- * tools/gpgconf-comp.c (gc_component): Change printed name.
-
-2015-10-02 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix use-after-free due to a realloc shrinking.
- + commit 75c64c2b6d77856b90903cc3b7c6a2f62ff8eb7b
- * dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
- after realloc.
-
- agent: Fix alignment problem with the second passphrase struct.
- + commit ddf9dd135acd2b3635bb986f6dfc0e4e446d5fad
- * agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
- PI2. Check return value of the malloc function.
- * agent/command-ssh.c (ssh_identity_register): Use a separate malloc
- for PI2. Wipe PI2.
-
-2015-10-01 Werner Koch <wk@gnupg.org>
-
- gpg: Fix a practical hang after use of --faked-system-time.
- + commit 2acceba5cc299796c7b5b1851a9baeb75d9f32a1
- * g10/sign.c (update_keysig_packet): Bail out if we would need to long
- for a new timestamp.
-
- gpg: Print more info with "check selfsig".
- + commit 2c60663a72f090573c4869e305b098b4b1fb23bd
- * g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
- packets.
-
- gpg: Add debug helper to --edit-keys's check sub-command.
- + commit 13a3f65968f4a8205ca664cc46b1a53de4dc489b
- * g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
- print an asterisk for the chosen selfsig.
- (check_all_keysigs): Add arg "only_selfsig"
- (keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
-
-2015-10-01 NIIBE Yutaka <gniibe@fsij.org>
-
- common: Fix strsplit.
- + commit a9895a5a72a851c5fcc70f16d5f8f588cc885751
- * common/stringhelp.c (strsplit): Fix arguments order.
-
-2015-09-30 Neal H. Walfield <neal@g10code.com>
-
- common: Add mkdir_p.
- + commit c8584a1e559bc720412e1a2fc546a54ff4517205
- * common/mkdir_p.c: New file.
- * common/mkdir_p.h: New file.
- * common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.
-
- common: Remove unused files.
- + commit 5576146ede40b42bc632fd9697dd429a4d1409cf
- * common/xmalloc.c: Remove file.
- * common/xmalloc.h: Remove file.
-
- common: Include <gpg-error.h>.
- + commit 270d3f55f9193ebda5e1b642d58daf905019914d
- * common/logging.h: Include <gpg-error.h>.
-
-2015-09-29 Neal H. Walfield <neal@g10code.com>
-
- g10: Remove unused struct cmp_help_context_s.
- + commit 8ab63e4b5018044ecfb0b9910412487066886826
- * g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.
-
- g10: Avoid an unnecessary copy.
- + commit 12443eafa6e19b94a8b554126423e2a5ccc2dd7e
- * g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
- Instead, directly use the provided storage. If none is provided
- allocate some.
-
-2015-09-29 NIIBE Yutaka <gniibe@fsij.org>
-
- ssh: Fix fingerprint computation for EdDSA key.
- + commit 5c067d54d349fdfb3243634789c8841515d2c28f
- * common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
- * common/t-ssh-utils.c (sample_keys): Add a new key.
-
- agent: RSA signature verification by gpg-agent.
- + commit cfbe6ba9cf1414e9aa4977e2bbaecaa43154b2ae
- * g10/sign.c (do_sign): Let verify signature by gpg-agent.
- * agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.
-
-2015-09-28 Werner Koch <wk@gnupg.org>
-
- common: Provide two new error code replacements.
- + commit f1effdc5ecd0cc52a28db7ae28a5c28f33486542
- * common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.
-
- common: Change calling convention for gnupg_spawn_process.
- + commit 83811e3f1f0c615b2b63bafdb49a35a0fc198088
- * common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
- (GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
- numbers.
- * common/exechelp.h (gnupg_spawn_process): Change function to not take
- an optional stream for stdin but to return one.
- * common/exechelp-posix.c (gnupg_spawn_process): Implement change.
- (create_pipe_and_estream): Add args outbound and nonblock.
- * common/exechelp-w32.c (gnupg_spawn_process): Implement change.
-
-2015-09-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Handle error correctly.
- + commit 6bb7206e357acfd7276a8f1334c0f0c9cc6ed100
- * scd/apdu.c (apdu_connect): Initialize variables and check an error
- of apdu_get_status_internal.
-
-2015-09-22 Werner Koch <wk@gnupg.org>
-
- ssh: Add 256, 384 and 521 bit test keys for the fingerprint.
- + commit 12ff806d1b63d08cb43d131065d51353495d9346
- * common/t-ssh-utils.c (sample_keys): Add 3 new keys.
-
- ssh: Fix fingerprint computation for 384 bit ECDSA keys.
- + commit 2167951b275bae51cf669c02547e2e7ea8fbe2ee
- * common/ssh-utils.c (get_fingerprint): Fix hashed string.
-
-2015-09-19 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix importing ECC key.
- + commit 1542dc604b9c3e6a6a99750c48f7800e72584a89
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
- parameters are stored as opaque.
- (apply_protection): ARRAY members are all normal, non-opaque MPI.
- (extract_private_key): Get public key as normal, non-opaque MPI.
- Remove support of ECC key with '(flags param)'.
- Remove support of "ecdsa" and "ecdh" keys of our experiment.
-
- scd: Fix KEYTOCARD handling for ECC key.
- + commit 708b7eccdef8d274bd5578b9a5fd908e9685c795
- * scd/app-openpgp.c (ecc_writekey): Only public key can be native
- format.
-
-2015-09-19 Neal H. Walfield <neal@g10code.com>
-
- common: Add new function strlist_length.
- + commit 8499c4f84a664bedbdf5a5689cb02420909f1968
- * common/strlist.c (strlist_length): New function.
-
-2015-09-18 Werner Koch <wk@gnupg.org>
-
- gpgconf: Change displayed name of Dirmngr to "Network Manager".
- + commit 819bba75aaed11ecef2e274add173718358212b9
- * tools/gpgconf-comp.c (gc_component): Change printed name.
-
- dirmngr: Add option --use-tor as a stub.
- + commit c091816b4a90d7eea6f8601ec1522a0a006794e8
- * dirmngr/dirmngr.h (opt): Add field "use_tor".
- * dirmngr/dirmngr.c (oUseTor): New.
- (opts): Add --use-tor.
- (parse_rereadable_options): Set option.
- (main): Tell gpgconf about that option.
-
- * dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
- return an error if LDAP is used in TOR mode.
- (ca_cert_fetch): Return an error in TOR mode.
- (start_cert_fetch): Ditto.
- * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
- http module.
- * dirmngr/ks-engine-hkp.c (send_request): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
- (ks_ldap_search): Ditto.
- (ks_ldap_put): Ditto.
- * dirmngr/ocsp.c (do_ocsp_request): Ditto. Also pass TOR flag to the
- http module.
-
- * dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
- (cmd_dns_cert): Return an error in TOR mode.
- (cmd_getinfo): Add subcommand "tor"
- * tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
-
- gpg: Report a conflict between honor-keyserver-url and TOR.
- + commit d5a3142b8f2e5603357182f34f0b081b47eda23c
- * g10/call-dirmngr.c (create_context): Send option and print a verbose
- error.
-
- http: Add flag to force use of TOR (part 1)
- + commit b4bc1c8b10c7a794fa108678b80f76366a65c47d
- * common/http.h (HTTP_FLAG_FORCE_TOR): New.
- * common/http.c (http_raw_connect, send_request): Detect flag and
- return an error for now.
-
-2015-09-17 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit f986b23e13eaa2d7705733b4bf6b5210311f181a
-
-
- scd: Fix ccid-driver timeout for OpenPGPcard v2.1.
- + commit 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
- * scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
- (ccid_transceive_apdu_level, ccid_transceive): Use.
-
-2015-09-16 Werner Koch <wk@gnupg.org>
-
- agent: New option --pinentry-invisible-char.
- + commit 93d257c81952cbb08a744a9cea6749639aa32cd7
- * agent/gpg-agent.c (oPinentryInvisibleChar): New.
- (opts): Add option.
- (parse_rereadable_options): Set option.
- * agent/agent.h (opt): Add field pinentry_invisible_char.
- * agent/call-pinentry.c (start_pinentry): Pass option to pinentry.
-
- g13: Move some code to a separate module.
- + commit 9e65bbd255c43f0e59f35b0003052234d69042be
- * g13/g13-common.c, g13/g13-common.h: New.
- * g13/Makefile.am (g13_SOURCES): Add new files.
- * g13/g13.c (g13_errors_seen): Move to g13-common.c.
- (cmdline_conttype): New.
- (main): Use g13_init_signals and g13_install_emergency_cleanup.
- (emergency_cleanup, g13_exit): Move to g13-common.c.
- * g13/g13.h: Move OPT and some other code to g13-common.h.
-
- gpg: Fix skip function dummy parameter.
- + commit 8eb3a1797a1e7cb59a8342a8aa917756fe67949f
- * g10/trustdb.c (search_skipfnc): Fix dummy argument
-
- gpg: Change last commit to avoid extra translations.
- + commit f71ed902def81f9408d9094289d8a97abaa0f609
- * g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
- mode.
-
-2015-09-16 Neal H. Walfield <neal@g10code.com>
-
- g10: Improve error message.
- + commit 172af881a1cfe82dfec1c43102d6c464e67ef230
- * g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
- must be selected, indicate what command to use to do this.
-
- g10: Be more careful when merging self-signed data.
- + commit 6845737736d3264d7ee8b7364d908951010084c9
- * g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
- data belonging to the public key when we encounter an attribute packet
- or a subkey packet, not just a user id packet. When looking for
- self-signed data belonging to a user id packet, stop when we see a
- user attribute packet.
-
- g10: Simplify some complicated boolean expressions.
- + commit c31e089129c0102c1710522d71fbe1880e84d68e
- * g10/getkey.c (finish_lookup): Simplify logic.
-
- g10: Also mark revoked and expired keys as unusable.
- + commit 77c2ad4a817c129b899708399ed2078a52b452b8
- * g10/getkey.c (skip_unusable): Also mark the key as unusable if it
- has been revoked or has expired.
-
- g10: Release resources when returning an error in get_seckey.
- + commit 1b601de06a57c78537a336093d2531d8c58bc0d2
- * g10/getkey.c (get_seckey): If the key doesn't have a secret key,
- release *PK.
-
- g10: Improve documentation and comments for getkey.c.
- + commit cab581c486e1987445092b1afdf2cba1f62d017d
- * g10/getkey.c: Improve documentation and comments for most
- functions. Move documentation for public functions from here...
- * g10/keydb.h: ... to here.
-
- g10: Remove unused function have_any_secret_key.
- + commit 7333e704efde6923d4b914b37e9a92c4a5bab156
- * g10/getkey.c (have_any_secret_key): Remove function.
-
- g10: Bring cache semantics closer to non-cache semantics.
- + commit 5e233e12f55be00f5659c63bc32fbdca2ec93136
- * g10/getkey.c (get_pubkey_fast): When reading from the cache, only
- consider primary keys.
-
- g10: Break out of the loop earlier.
- + commit 3940f10af7915b080bf4ed25ceb7e20b52e3cd3e
- * g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
- key or subkey, stop searching.
-
- g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
- + commit 50affffe93a07643f2610c7a5f3d6f61988855e8
- * g10/getkey.c (lookup): Also don't skip legacy keys if the search
- mode is KEYDB_SEARCH_MODE_NEXT.
-
- g10: Remove unused function get_seckeyblock_byfprint.
- + commit efbaa8f891812e13ae9e689299aa2cd51781ccb3
- * g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
- * g10/getkey.c (get_seckeyblock_byfprint): Remove function.
-
- g10: Remove unused function get_seckey_byfprint.
- + commit e2b300801ed7143fa924df5442ec2b61079c0bbb
- * g10/keydb.h (get_seckey_byfprint): Remove prototype.
- * g10/getkey.c (get_seckey_byfprint): Remove function.
-
- g10: Simplify get_seckey_byname: it was never called with NAME not NULL.
- + commit 80dbf8006ffe52e77930b0a6dca9d8caba8c3fd5
- * g10/keydb.h (get_seckey_byname): Rename from this...
- (get_seckey_default): ... to this. Drop the parameter name. Update
- users.
- * g10/getkey.c (get_seckey_byname): Rename from this...
- (get_seckey_default): ... to this. Drop the parameter name. Drop the
- code which assumed that NAME is not NULL.
-
- g10: Eliminate the redundant function get_keyblock_byfprint.
- + commit dc69804ab0576fbc87297215d63b37a680d74d4d
- * g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
- of this function with get_pubkey_byfprint.
- * g10/getkey.c (get_pubkey_byname): Remove function.
-
- g10: Simplify semantics of get_pubkey_byname.
- + commit 911fcca36d61afd061e9e6dc0584bb069353db89
- * g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
- the keyblock in R_KEYBLOCK independent of whether PK is set or not.
-
- g10: Eliminate the redundant function get_pubkey_byname.
- + commit b4672e4d48fb1e1e4d17551c4c828763d1dfbb57
- * g10/getkey.c (get_pubkey_byname): Remove function.
- (lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.
-
- g10: Eliminate the redundant function get_pubkey_end.
- + commit 65e58ae6748c280c8633d2ca5f227ebe1220805d
- * g10/keydb.h (get_pubkey_end): Remove declaration. Replace use of
- function with getkey_end.
- * g10/getkey.c (get_pubkey_byname): Remove function.
-
- g10: Eliminate the redundant function get_pubkey_next.
- + commit be6743b2e19241f66148bf89c3442d8e2ebcd63e
- * g10/keydb.h (get_pubkey_next): Remove prototype.
- * g10/getkey.c (get_pubkey_next): Remove function.
- * g10/keylist.c (locate_one): Use getkey_next instead of
- get_pubkey_next.
-
- kbx: Change skipfnc's prototype so that we can provide all information.
- + commit 9acbeac23668a1d0dabca27d7825430d76e095c2
- * kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
- third parameter to be the index of the user id packet in the keyblock
- rather than the packet itself. Update users.
-
- g10: Remove unused prototype (get_pubkey_byfpr).
- + commit 83e17ab1b4cf4420f2abaf9e1f4017a9473fb281
- * g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.
-
- g10: Remove unused function (get_pubkey_bynames).
- + commit b06f96ba4f57f55194efcd37a0e3a2aa5450b974
- * g10/keydb.h (get_pubkey_bynames): Remove prototype.
- * g10/getkey.c (get_pubkey_bynames): Remove function.
-
- g10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
- + commit d47e84946ee010917cfc3501062721b74afbb771
- * g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
- (lookup): Add argument ret_found_key. If not NULL, set it to the
- found key. Update callers.
- (pk_from_block): Add argument found_key. Use it instead of
- CTX->FOUND_KEY. Update callers.
- (finish_lookup): Return a KBNODE (the found key) instead of an int.
- Don't set CTX->FOUND_KEY. Return the found key instead.
-
- g10: Remove unused field struct getkey_ctx_s.kbpos.
- + commit c110e186e07fb1035dc757d322274f939df1c86d
- * g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
- (getkey_end): Don't clear CTX->KBPOS.
-
- g10: Simplify code: remove field struct getkey_ctx_s.keyblock.
- + commit 3798f73c07f33576bd02ba4a3256c626bd80752f
- * g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
- (finish_lookup): Add parameter keyblock. Update caller to pass this.
- (lookup): Add new local variable keyblock. Use this instead of
- ctx->keyblock for referencing the keyblock.
-
-2015-09-16 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix registering SSH Key of Ed25519.
- + commit 7d5999f0964c9412c0e18eb1adefdb729be68cd4
- * agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.
-
-2015-09-15 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit faee25e670cfeb0d0166d7c59cc6a0b3842ee34d
-
-
-2015-09-10 Werner Koch <wk@gnupg.org>
-
- Release 2.1.8.
- + commit 311816f6cf9d411dba060603e3c5d01c72824645
-
-
- tests: Silence the 5gb-packet test.
- + commit 7a0c3cc760367024305d23e2124ea4cbc7e802df
- * tests/openpgp/4gb-packet.test: Send output to /dev/null.
-
- g10: Fix make distcheck problem.
- + commit e92a8ab021672b19e5cd397fa555fcc8a3401e8b
- * g10/test.c: Include string.h.
- (prepend_srcdir): New. Taken from Libgcrypt.
- (test_free): New.
- * g10/t-keydb.c (do_test): Malloc the filename.
- * g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
- (EXTRA_DIST): Add t-keydb-keyring.kbx.
-
- g10: Improve portability of the new test driver.
- + commit fbf24cd09abcdc3dec21db4114ab2db99ce21e4c
- * g10/test.c: Include stdio.h and stdlib.h.
- (verbose): New.
- (print_results): Rename to exit_tests.
- (main): Remove atexit and call exit_tests. Set verbose.
- (ASSERT, ABORT): Call exit_tests instead of exit.
-
-2015-09-09 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow sending much larger keyblocks.
- + commit 19545e3a2d2990cba6d62f98cdb1f665b38ba4f1
- * dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
- (MAX_KEYBLOCK_LENGTH): Increase to 20M.
-
-2015-09-07 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Force key attribute change for writekey.
- + commit f10b427d0e2be333776fee2df8150145da36e587
- * scd/app-openpgp.c (change_rsa_keyattr): New.
- (change_keyattr_from_string): Use change_rsa_keyattr.
- (rsa_writekey): Call change_rsa_keyattr when different size.
- (ecc_writekey): Try to change key attribute.
-
- scd: KEYNO cleanup.
- + commit fd689e85423d0d80d725f0315c52d94f0e9766f8
- * scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
- (change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
- (compare_fingerprint, check_against_given_fingerprint): KEYNO starts
- from 0.
-
-2015-09-02 Neal H. Walfield <neal@g10code.com>
-
- g10: Remove unused field req_algo.
- + commit bd0c902f1de46eda03a065da41487e7e01ab4c50
- * g10/packet.h (PKT_public_key): Remove unused field req_algo. Remove
- users.
- * g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
- Remove users.
-
- g10: Use a symbolic constant instead of a literal.
- + commit 1f03d4cd940fed26fc3ffa1742728d68c55ee5d1
- * g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
- (new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
- (release_key_hash_table): Likewise.
- (test_key_hash_table): Likewise.
- (add_key_hash_table): Likewise.
-
- g10: Add test for keydb as well as new testing infrastructure.
- + commit ee7ec1256b24dc340656c331ef92fc59cad817b6
- * g10/Makefile.am (EXTRA_DIST): Add test.c.
- (AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
- (module_tests): Add t-keydb.
- (t_keydb_SOURCES): New variable.
- (t_keydb_LDADD): Likewise.
- * g10/t-keydb.c: New file.
- * g10/t-keydb-keyring.kbx: New file.
- * g10/test-stubs.c: New file.
- * g10/test.c: New file.
-
- g10: Make the keyblock cache per-handle rather than global.
- + commit 60bc518645d3acfd4dcb79e61a2be6ce001e93aa
- * g10/keydb.c (keyblock_cache): Don't declare this variable. Instead...
- (struct keyblock_cache): ... turn its type into this first class
- object...
- (struct keydb_handle): ... and instantiate it once per database
- handle. Update all users.
- (keydb_rebuild_caches): Don't invalidate the keyblock cache.
-
- g10: If iobuf_seek fails when reading from the cache, do a hard read.
- + commit f076fa190e09eab5c586650d81e241e0bb85ce25
- * g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
- reading from the cache, then simply clear the cache and try reading
- from the database.
-
- iobuf: Reduce verbosity of test.
- + commit 219de84df9a8408fffedbb2600f5eb4c441950b6
- * common/t-iobuf.c (main): Reduce verbosity.
-
- iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
- + commit f2d75ac7dc58f5ea59b231be6b83fea939b43ab8
- * common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
- * common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
- IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer. Assert that LENGTH ==
- A->D.SIZE.
- (iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
- filter an IOBUF_INPUT filter and set its buffer size to
- IOBUF_BUFFER_SIZE.
- (underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
- remove already read data.
- (iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
- data.
- (iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
- (pop_filter): Allow USE == IOBUF_INPUT_TEMP.
- (iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
- (iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
- (iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
- (iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
- (iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.
-
- iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
- + commit 5ff5e72b9c275fbd978136b1028bbf251af26e57
- * common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
- IOBUF_OUTPUT_TEMP. Update users.
-
- iobuf: Use a first-class enum.
- + commit 24259d856b6cbdd679035512a8fb7c042de8f02e
- * common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
- (struct iobuf_struct): Change the field use's type to it.
-
- iobuf: Fix test.
- + commit 8522cdc2264804d0677b7c0a447a0b45cf4195e3
- * common/t-iobuf.c (content_filter): If there is nothing to read,
- don't forget to set *LEN to 0.
- (main): Fix checks.
-
-2015-09-01 Werner Koch <wk@gnupg.org>
-
- agent: Protect commit 135b1e3 against misbehaving Libgcrypt.
- + commit 9ba4ccdaf5e128fbea51ff142c63d4b359c7264d
- * agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.
-
- gpg: Remove option --no-sig-create-check.
- + commit f9c83d84e7d33df76898975f5ac852efa9c4882a
- * g10/gpg.c (opts): Remove --no-sig-create-check.
- * g10/options.h (struct opt): Remove field no_sig_create_check.
- * g10/sign.c (do_sign): Always check unless it is RSA and we are using
- Libgcrypt 1.7.
-
- common: Assume an utf-8 locale on iconv errors.
- + commit 99c9bf7defd6c1ac9cc49c84e6c78eeb886a6952
- * common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.
-
- common: Fix regression in building argpase.c standalone.
- + commit bc23e69b70191f887dcb937007833d0187af181f
- * common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.
-
-2015-08-31 Neal H. Walfield <neal@g10code.com>
-
- g10: Don't leak memory if we fail to initialize a new database handle.
- + commit 04a6b903d0354be2c69c7f2c98987de17d68416e
- * g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
- correctly release all resources.
-
- g10: Improve interface documentation of the keydb API.
- + commit 360b699e9b4b8f99bd790b3cd158cd6f0fd7c131
- * g10/keydb.c: Improve code comments and documentation of internal
- interfaces. Improve documentation of public APIs and move that to...
- * g10/keydb.h: ... this file.
-
- g10: Don't cache search results if the search didn't scan the whole DB.
- + commit efd1ead9e779eb3bd37384258e08ad921a934612
- * g10/keydb.c (struct keydb_handle): Add new field is_reset.
- (keydb_new): Initialize hd->is_reset to 1.
- (keydb_locate_writable): Set hd->is_reset to 1.
- (keydb_search): Set hd->is_reset to 0. Don't cache a key not found if
- the search started from the beginning of the database.
-
- g10: Have keydb_search_first call keydb_search_reset before searching.
- + commit 11d8ffc939a4d20cfb0082b2d966b1e1a7d61f8d
- * g10/keydb.c (keydb_search_first): Reset the handle before starting
- the search.
-
- g10: Remove unused parameter.
- + commit 0377db4b3581561b1ffc5bb7c3b4d698e8993b3a
- * g10/keydb.h (keydb_locate_writable): Remove unused parameter
- reserved. Update users.
-
-2015-08-31 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix SSH public key for EdDSA.
- + commit 135b1e32f01beaceba8a4ecc774e23b56aca1d24
- * agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.
-
-2015-08-26 Neal H. Walfield <neal@g10code.com>
-
- g10: Simplify cache. Only include data that is actually used.
- + commit fad91071cadff43d77ce2e524dfb03999ba6678e
- * g10/keydb.c (struct kid_list_s): Rename from this...
- (struct kid_not_found_cache_bucket): ... to this. Update users.
- Remove field state.
- (kid_list_t): Remove type.
- (KID_NOT_FOUND_CACHE_BUCKETS): Define. Use this instead of a literal.
- (kid_found_table): Rename from this...
- (kid_not_found_cache_bucket): ... to this. Update users.
- (kid_found_table_count): Rename from this...
- (kid_not_found_cache_count): ... to this. Update users.
- (kid_not_found_p): Only return whether a key with the specified key id
- is definitely not in the database.
- (kid_not_found_insert): Remove parameter found. Update callers.
- (keydb_search): Only insert a key id in the not found cache if it is
- not found. Rename local variable once_found to already_in_cache.
-
-2015-08-25 Werner Koch <wk@gnupg.org>
-
- Add configure option --enable-build-timestamp.
- + commit 9d07f6930aaa40dce92104e8c99241713d92eed2
- * configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
-
- gpg: Emit ERROR status for key signing failures.
- + commit 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7
- * g10/keyedit.c (sign_uids): Write an ERROR status for a signing
- failure.
- (menu_adduid, menu_addrevoker, menu_revsig): Ditto.
- (menu_revuid, menu_revkey, menu_revsubkey): Ditto.
-
- gpg: Print a new FAILURE status after most commands.
- + commit 9cdff09743c473a12359bfdb914578ede0e4e3e2
- * common/status.h (STATUS_FAILURE): New.
- * g10/cpr.c (write_status_failure): New.
- * g10/gpg.c (main): Call write_status_failure for all commands which
- print an error message here.
- * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
- set the pinentry mode.
-
-2015-08-24 Neal H. Walfield <neal@g10code.com>
-
- agent: Raise the maximum password length. Don't hard code it.
- + commit 348a6ebb63523305ce9f47d0f3e8a9086c338fed
- * agent/agent.h (MAX_PASSPHRASE_LEN): Define.
- * agent/command-ssh.c (ssh_identity_register): Use it instead of a
- hard-coded literal.
- * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
- * agent/findkey.c (unprotect): Likewise.
- * agent/genkey.c (agent_ask_new_passphrase): Likewise.
-
-2015-08-24 Werner Koch <wk@gnupg.org>
-
- sm: Support secret key export via the Assuan interface.
- + commit 3cf02192a890d04f8f558cb72d46f9bd7a378322
- * sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.
-
-2015-08-23 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow sending of Zack's key.
- + commit 84f4c8811fc5bdd78693c4dc289389a8337cc257
- * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.
-
- gpg: Fix regression in packet parser from Aug 19.
- + commit 88317ae8c829bfeb1689415efbd32b7a232d7bd0
- * g10/parse-packet.c (parse): Use an int to compare to -1. Use
- buf32_to_ulong.
-
- gpg: Show not found keys with --locate-key --verbose.
- + commit 00def10d365a88ce2d034ea9a5d6be4b03285fa4
- * g10/keylist.c (locate_one): Print a diagnostic for a not-found key.
-
-2015-08-21 Neal H. Walfield <neal@g10code.com>
-
- common: Don't incorrectly reject 4 GB - 1 sized packets.
- + commit 09f2a7bca624d0492e1d7ab29ce19542249c13ff
- * g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
- Add the constraint that the type must be 63.
- * kbx/keybox-openpgp.c (next_packet): Likewise.
- * tests/openpgp/4gb-packet.asc: New file.
- * tests/openpgp/4gb-packet.test: New file.
- * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
- (TEST_FILES): Add 4gb-packet.asc.
-
- common: Don't assume on-disk layout matches in-memory layout.
- + commit 4f37820334fadd8c5036ea6c42f3dc242665c4a9
- * g10/packet.h (PKT_signature): Change revkey's type from a struct
- revocation_key ** to a struct revocation_key *. Update users.
-
- common: Don't incorrectly copy packets with partial lengths.
- + commit b3226cadf9bbef4a367072396e5b0abf37afff2d
- * g10/parse-packet.c (parse): We don't handle copying packets with a
- partial body length to an output stream. If this occurs, log an error
- and abort.
-
- common: Check parameters more rigorously.
- + commit 0143d5c1ca4d12ac252c14f01931f48131591065
- * g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
- NULL.
- (copy_all_packets): Likewise.
-
- common: Don't continuing processing on error.
- + commit 48e792cc951a9d00fad0691ef7411c9e22cf675a
- * g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
- an error.
- (parse_packet): Likewise.
- (dbg_search_packet): Likewise.
- (search_packet): Likewise.
-
- common: Better respect the packet's length when reading it.
- + commit 73af66a0aada8f30d8f400fdc4f69e233fb53089
- * g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
- underflow. Be more careful that a read doesn't read more data than
- PKTLEN says is available.
-
-2015-08-20 Werner Koch <wk@gnupg.org>
-
- po: Add lost translation of validity strings.
- + commit 0d5a4138f27187e7828ef8216758edc9b48b2c64
- * po/POTFILES.in (trust.c): Add missing file.
- * po/de.po: Changed German validity strings.
- * doc/help.de.txt: Ditto.
-
-2015-08-20 Neal H. Walfield <neal@g10code.com>
-
- g10/parse-packet.c:parse: Try harder to not ignore an EOF.
- + commit 0add91ae1ca3718e8140af09294c595f47c958d3
- * g10/parse-packet.c (parse): Be more robust: make sure to process any
- EOF.
-
- g10/parse-packet.c: Replace literal with symbolic expression.
- + commit 24a72dffa75a04611c98343140c4eb0fbfe2a59f
- * g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
- buffer's size.
-
- Add documentation for g10/parse-packet.c.
- + commit 026feff4a8e3090fb152af72c73aaa80c78e4551
- * g10/packet.h: Add documentation for functions defined in
- parse-packet.c.
- * g10/parse-packet.c: Improve comments for many functions.
-
- g10/packet.h: Remove unused argument from enum_sig_subpkt.
- + commit c46e8bfe9a1ae3f1e5327d0451cffd6e4567b449
- * g10/packet.h (enum_sig_subpkt): Remove argument RET_N. Update
- callers.
- * g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.
-
- g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
- + commit c271feb53664dbf2b4ccbae90a31b8e726481e2d
- * g10/parse-packet.c (mpi_read): Improve documentation. Correctly
- handle an EOF. On overflow, correctly return the number of bytes read
- from the pipeline.
-
- common/iobuf.c: Make control flow more obvious.
- + commit 49f922286fa8adb2d2ca730eb7bbe67e684b20de
- * common/iobuf.c (iobuf_read): Make control flow more obvious.
- (iobuf_get_filelength): Likewise.
- (iobuf_get_fd): Likewise.
- (iobuf_seek): Likewise.
-
- common/iobuf.c: Add some sanity checks to catch programmer bugs.
- + commit c5da750cf3d53277fe6d86776bfe0d2304b05151
- * common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
- (iobuf_readbyte): Check that A is an input filter. Check that the
- amount of read data is at most the amount of buffered data.
- (iobuf_read): Check that A is an input filter.
- (iobuf_writebyte): Check that A is not an input filter.
- (iobuf_writestr): Check that A is not an input filter.
- (iobuf_flush_temp): Check that A is not an input filter.
-
- common/iobuf.c:iobuf_write_temp: Elide redundant code.
- + commit e291b631c3b1aedf529078190cd51e2acfcd1d92
- * common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp.
- Use it directly.
-
- common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte
- + commit a6d4bca3b576c3c5dba1aa6e8c1039089e14147b
- * common/iobuf.c (iobuf_write): Don't write a byte at a time. Use
- iobuf_write.
-
- common/iobuf: Improve documentation and code comments.
- + commit 1bfd1e43246c16e20f819bf5381ca21abde54458
- common/iobuf.h: Improve documentation and code comments.
- common/iobuf.c: Likewise.
-
- common/iobuf.c: Adjust buffer size of filters in front of temp filters.
- + commit 0d40c4e83f6fbfea2f494f1f88412d3132ff98bd
- * common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
- filter, use IOBUF_BUFFER_SIZE for the new filter.
-
- common/iobuf.c: Buffered data should not be processed by new filters.
- + commit 827cc922d84d8113d4f13ebbed1314e03da5f7d2
- * common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
- temp pipeline, the new filter shouldn't assume ownership of the old
- head's internal buffer: the data was written before the filter was
- added.
- * common/t-iobuf.c (double_filter): New function.
- (main): Add test cases for the above bug.
-
- common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
- + commit 616181f3c757160af8539869a6d929faca4962c4
- * common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
- pipeline and copy the data from the last (not the first) filter's
- internal buffer.
-
- common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
- + commit 15ae99f887f4694de8468625d455d487d283f719
- * common/iobuf.c (do_open): New function, which is a generalization of
- iobuf_open, iobuf_Create, iobuf_openrw.
- (iobuf_open): Call do_open.
- (iobuf_create): Likewise.
- (iobuf_openrw): Likewise.
-
- common/iobuf.h: Remove iobuf_open_fd_or_name.
- + commit 8402815d8e0e04a44362968f88b3d484d2395402
- * common/iobuf.h (iobuf_open_fd_or_name): Remove prototype. Replace
- use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
- * common/iobuf.c (iobuf_open): Remove function.
-
- common/iobuf.c: Rename iobuf_flush and make it a static function.
- + commit 6d49a2b6691f2dd0d8ac34a15f18cc2a0c3ba5d3
- * common/iobuf.h (iobuf_flush): Remove prototype.
- * common/iobuf.c (filter_flush): New static prototype.
- (iobuf_flush): Rename...
- (filter_flush): ... to this. Make static. Simplify code. Update
- callers.
-
- common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
- + commit 1f94646a86348128f585301fcd605e5e703fd77d
- * common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
- freeing a filter fails. This needs to a memory leak. Instead, keep
- freeing and return the error code of the first filter that fails.
-
- common/iobuf.c: Improve iobuf_peek.
- + commit a250f73783c06d7789ac65a395d9247f4ab44c26
- * common/iobuf.c (underflow): Take additional parameter
- clear_pending_eof. If not set, don't clear a pending eof when
- returning EOF. Update callers.
- (iobuf_peek): Fill the internal buffer, if needed, to be able to
- better satisfy any request.
-
- common/iobuf.c: When requested, fill the buffer even if it is not empty.
- + commit c7ad36eb0d7f872fc15e793aa1d0b6b89bc471d6
- * common/iobuf.c (underflow): Don't require that the buffer be empty.
- When called, fill any available space.
-
- common/t-iobuf.c: Add a test case for multiple EOFs.
- + commit e76c75d8726558dc9084710253f0f6780e06fad3
- common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
- pipeline.
-
- common/iobuf.c: Better respect boundary conditions in iobuf_read_line.
- + commit 4e32c602f5c40cca5f8f40e642ccb10d3f8c5614
- * common/iobuf.c (iobuf_read_line): Be more careful with boundary
- conditions.
- * common/iobuf.h: Include <gpg-error.h>.
- * common/t-iobuf.c: New file.
- * common/Makefile.am (module_tests): Add t-iobuf.
- (t_mbox_util_LDADD): New variable.
-
- common/iobuf.c: Fix filter type for iobuf_temp_with_content.
- + commit fa9fda23c2c8cf6982b7263f6882ed8687d98c16
- * common/iobuf.c (iobuf_temp_with_content): Set the filter type to
- IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
- write into a dynamic buffer.
-
- common/iobuf.h: Remove unimplemented prototypes.
- + commit 75fd86bbd175e085a93c1ad62f50ae936494b307
- * common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
- (iobuf_clear_eof): Likewise.
- (iobuf_append): Likewise.
-
- common/iobuf.c: Refactor code to not need the desc field.
- + commit 679acc671e621847f50d6b4dca10a22c62500b9a
- * common/iobuf.h (struct iobuf_struct): Remove field desc.
- * common/iobuf.c (iobuf_desc): New function. When a filter's
- description is needed, use this instead of the filter's desc field.
-
- common/iobuf.h: Clarify semantics of nofast. Simplify implementation.
- + commit 12fc56bcb51d984a6e86fc1eb7952f9976c67043
- * common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
- Simplify use of nofast to implement just these semantics.
-
- common/iobuf.c: Remove dead code (directfp).
- + commit e8c0b6abf88309c23a70df0abbd38d42fa22a786
- * common/iobuf.h (struct iobuf_struct): Remove field directfp. Remove
- all uses of it.
-
- common/iobuf.c: Remove dead code (opaque).
- + commit f05d60b3813a97e316a067680d7598b74621a522
- * common/iobuf.h (struct iobuf_struct): Remove field opaque. Remove
- all uses of it.
-
- common/iobuf.h: Replace further use of literals with symbolic constants.
- + commit c06eabac8e85f7f79414363836f093415e8da62e
- * common/iobuf.c: Move BLOCK_FILTER_INPUT,
- BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
- * common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
- and IOBUF_TEMP, respectively. Where appropriate, use these macros
- instead of a literal.
-
-2015-08-17 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid linking to Libksba.
- + commit 91357b7722f2bf0d3765ec72855bdc96732df9d6
- * kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
- * sm/Makefile.am (AM_CPPFLAGS): Define it here.
- (common_libs): Change to libkeybox509.a
- * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
- (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
- * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
- (libkeybox509_a_SOURCES): New.
- (libkeybox_a_CFLAGS): New.
- (libkeybox509_a_CFLAGS): New.
- (kbxutil_CFLAGS): New.
- * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
- as unused.
-
-2015-08-16 Ben Kibbey <bjk@luxsci.net>
-
- Fix pinentry loopback and passphrase contraints.
- + commit bba74cdd95ea98b5a7c3a12823b229341e91504e
- * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
- pinentry loopback mode.
- * agent/genkey.c (check_passphrase_constraints): Immediately return when
- pinentry mode is loopback.
-
- Fix sending INQUIRE_MAXLEN for symmetric data.
- + commit 93f5295df512269dd8fecbd649b11cbacf78e864
- * g10/passphrase.c (passphrase_to_dek_ext): Write the status message.
-
-2015-08-15 Ben Kibbey <bjk@luxsci.net>
-
- Inform a user about inquire length limit.
- + commit f126ca61565922b3b938c3486614b9bd7e6e454c
- * common/status.h (INQUIRE_MAXLEN): New.
- * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
- client when inquiring a passphrase over pinentry-loopback.
-
- Allow --gen-key to inquire a passphrase.
- + commit 233b5fedabd80a34452e748132e65b5944310428
- * g10/gpg.c (main): test for --command-fd during --gen-key parse.
-
- When --command-fd is set then imply --batch to let gpg inquire a
- passphrase rather than requiring a pinentry.
-
-2015-08-11 Werner Koch <wk@gnupg.org>
-
- Release 2.1.7.
- + commit b5e081973b56b21214fc0c65ba9015dd026328b4
-
-
-2015-08-10 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: fix ECC key handling.
- + commit 8704c70108218a60f8fb2ee0e558ca8ed125600d
- * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
- (convert_transfer_key): CURVE is the name of curve.
-
-2015-08-08 Neal H. Walfield <neal@g10code.com>
-
- common/iobuf.c: Replace use of literals with symbolic constants.
- + commit c80643c5ecbee89f343ef087313870cee1334fe4
- * common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use
- this instead of a literal.
- (BLOCK_FILTER_OUTPUT): Likewise.
- (BLOCK_FILTER_TEMP): Likewise.
-
-2015-08-07 Werner Koch <wk@gnupg.org>
-
- gpg: Allow gpgv to work with a trustedkeys.kbx file.
- + commit 5b7a80b1ab91d2f199065e5dd14e85f42918975d
- * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
- * g10/keydb.c (keydb_add_resource): Take care of new flag.
- * g10/gpgv.c (main): Use new flag.
-
- agent: Add option --force to the DELETE_KEY command.
- + commit a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd
- * agent/findkey.c (agent_delete_key): Add arg "force".
- * agent/command.c (cmd_delete_key): Add option --force.
-
- common: Change alias for Curve25519 to "cv25519".
- + commit 9f31ab3d216ed74d6f392a62e3f95e0591174119
- * common/openpgp-oid.c (oidtable): Change alias.
-
-2015-08-06 Werner Koch <wk@gnupg.org>
-
- gpg: Remove duplicated printing of the curve name in "sub" lines.
- + commit fb754dc6170d12edf3d35c48340b8d7b1ded20f7
- * g10/keylist.c (list_keyblock_print): Do not print extra curve name.
-
- gpg: Add commands "fpr *" and "grip" to --edit-key.
- + commit fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9
- * g10/keyedit.c (cmdGRIP): New.
- (cmds): Add command "grip".
- (keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
- (keyedit_menu) <cmdGRIP>: Print keygrip.
- (show_key_and_fingerprint): Add arg "with_subkeys".
- (show_key_and_grip): New.
- * g10/keylist.c (print_fingerprint): Add mode 4.
-
- gpg: Adjust UID line indentation for common key algos.
- + commit 969542c8c2f48a60c1d68b7bf70b0c00374bacba
- * g10/keylist.c (list_keyblock_print): Change UID line indentation
- * g10/mainproc.c (list_node): Ditto.
-
-2015-08-06 NIIBE Yutaka <gniibe@fsij.org>
-
- Curve25519 support.
- + commit e5891a82c39997b65ce9ff90eb6120db7bedd399
- * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
- (convert_secret_key, convert_transfer_key): Ditto.
- * common/openpgp-oid.c (oidtable): Add Curve25519.
- (oid_crv25519, openpgp_oid_is_crv25519): New.
- * common/util.h (openpgp_oid_is_crv25519): New.
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
- with Montgomery curve which uses x-only coordinate.
- * g10/keygen.c (gen_ecc): Handle Curve25519.
- (ask_curve): Change the API and second arg is to return subkey algo.
- (generate_keypair, generate_subkeypair): Follow chage of ask_curve.
- * g10/keyid.c (keygrip_from_pk): Handle Curve25519.
- * g10/pkglue.c (pk_encrypt): Handle Curve25519.
- * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
- * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
- (send_key_attr): Work with general ECC, Ed25519, and Curve25519.
- (get_public_key): Likewise.
- (ecc_writekey): Handle flag_djb_tweak.
-
- common: extend API of openpgp_oid_to_curve for canonical name.
- + commit a6e40530898622fbc5d76557a7da5e69368ecaa4
- * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
- * common/util.h: Update.
- * g10/import.c (transfer_secret_keys): Follow the change.
- * g10/keyid.c (pubkey_string): Likewise.
- * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
- * parse-packet.c (parse_key): Likewise.
- * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
-
-2015-08-05 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix ecc_oid.
- + commit d088d2c81690a89051349ddc8a82fe222625f4e0
- * scd/app-openpgp.c (ecc_oid): Call with OIDBUF.
-
- scd: Fix ECC support.
- + commit 0751571cac0f5aef2862c34a184f7f09ad9cb203
- * scd/app-openpgp.c (send_key_attr): Send KEYNO.
- (get_public_key): Fix SEXP composing.
- (ecc_writekey): Fix OID length calculation.
- (ecc_oid): Prepend the length before query.
- (parse_algorithm_attribute): Handle the case the curve is not available.
-
-2015-08-04 Werner Koch <wk@gnupg.org>
-
- gpg: Fix duplicate key import due to legacy key in keyring.
- + commit 4a326d7c9a3b09efcccf4de00d6c003829ad89e8
- * g10/keydb.c (keydb_search_fpr): Skip legacy keys.
-
- gpg: Properly handle legacy keys while looking for a secret key.
- + commit f05a63b10428df2878b1bb6fde57a2fc2aa99105
- * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
-
-2015-07-31 Werner Koch <wk@gnupg.org>
-
- gpg: Fix endless loop for expired keys given by fpr.
- + commit 328a6b6459a5ce4a70b374262f221ada20c40878
- * g10/getkey.c (lookup): Disable keydb caching when continuing a
- search.
-
-2015-07-29 Werner Koch <wk@gnupg.org>
-
- gpg: Do not return "Legacy Key" from lookup if a key is expired.
- + commit 23d8609f4b5ec3432323a676fd7ef225c0ef71a1
- * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
-
- gpg: Indicate secret keys and cards in a key-edit listing.
- + commit 8b2b988309cbc5af339beb0a55ff71d7464eb646
- * g10/keyedit.c (sign_uids): Add arg "ctrl".
- (show_key_with_all_names_colon): Ditto.
- (show_key_with_all_names): Ditto.
-
- * g10/keyedit.c (show_key_with_all_names): Print key record
- indicators by checking with gpg-agent.
- (show_key_with_all_names): Ditto. May now also print sec/sbb.
-
-2015-07-28 Werner Koch <wk@gnupg.org>
-
- gpg: Remove the edit-key toggle command.
- + commit 7ef09afd1a6a37c7f22e7c3d898f0c917b08f940
- * g10/keyedit.c (cmds): Remove helptext from "toggle".
- (keyedit_menu): Remove "toggle" var and remove the sub/pub check
- against toggle.
-
- common,w32: Avoid unused var warning about msgcache.
- + commit 4bc75337f31374b7424d7bdebf839dd91ec80c0a
- * common/i18n.c (USE_MSGCACHE): New.
- (msgcache) [!USE_MSGCACHE]: Do not define.
- (i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.
-
- w32: Try more places to find an installed Pinentry.
- + commit 18f1e627c697d75175b79fe095305fa775f20841
- * common/homedir.c (get_default_pinentry_name): Re-implement to
- support several choices for Windows.
-
-2015-07-26 Werner Koch <wk@gnupg.org>
-
- scd: Fix size_t/unsigned int mismatch.
- + commit 55e64f47a52d76e097a01eb4044a88a4e10d6a87
- * scd/app-openpgp.c (ecc_writekey): Use extra var n.
-
- Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
- + commit d382242fb6789973ce8d246ec154a4a1468c24c0
- * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
- libgpg-error < 1.20.
- * common/mischelp.h: Ditto.
- * common/types.h: Ditto.
-
-2015-07-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: support any curves defined by libgcrypt.
- + commit ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9
- * g10/call-agent.h (struct agent_card_info_s): Add curve field.
- * g10/call-agent.c (learn_status_cb): Use curve name.
- * g10/card-util.c (card_status): Show pubkey name.
- * scd/app-openpgp.c (struct app_local_s): Record OID and flags.
- (store_fpr): Use ALGO instead of key type.
- (send_key_attr): Use curve name instead of OID.
- (get_public_key): Clean up by OID to curve name.
- (ecc_writekey): Support any curves in libgcrypt.
- (do_genkey, do_auth, ): Follow the change.
- (ecc_oid): New.
- (parse_algorithm_attribute): Show OID here.
-
-2015-07-23 Peter Wu <peter@lekensteyn.nl>
-
- build: ignore scissor line for the commit-msg hook.
- + commit d24165bce2823c2f5dcb39b7b84c9aa00802a8ee
- * build-aux/git-hooks/commit-msg: Stop processing more lines when the
- scissor line is encountered.
-
-2015-07-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Format change to specify "rsa2048" for KEY-ATTR.
- + commit dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789
- * g10/card-util.c (do_change_keysize): Put "rsa".
- * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
- Change the command format.
- (rsa_writekey): Check key type.
- (do_writekey): Remove "ecdh" and "ecdsa" support which was available
- in experimental libgcrypt before 1.6.0.
-
-2015-07-22 Werner Koch <wk@gnupg.org>
-
- Avoid a leading double slash in make_filename.
- + commit 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0
- * common/stringhelp.c (do_make_filename): Special case leading '/'.
-
-2015-07-21 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: change_keyattr_from_string for ECC.
- + commit 9901be395684dd1b35d83685a719291347684ab1
- * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
- Support ECC.
- (rsa_writekey): Don't change key attribute.
-
-2015-07-17 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Use openpgpdefs.h for constants.
- + commit f5d356fb5bbbd0e05a753612455253e4bc335266
- * scd/app-openpgp.c: Include openpgpdefs.h.
-
-2015-07-16 Neal H. Walfield <neal@g10code.com>
-
- Don't segfault if the first 'auto-key-locate' option is 'clear'.
- + commit f2ee673c99825d5189631031ddec2dbf54dbd482
- * g10/getkey.c (free_akl): If AKL is NULL, just return.
-
-2015-07-10 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support non-NLS build.
- + commit b3286af36d452fc801be573a057b0838d53a2edd
- * agent/agent.h: Use ENABLE_NLS and define L_() macro.
-
-2015-07-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Remove unused files.
- + commit 67b2dc7636e47baefd5aafe0eb45b4730f974481
- * scd/Makefile.am (sc_copykeys_*): Remove.
- * scd/sc-copykeys.c: Remove.
- * scd/pcsc-wrapper.c: Remove.
- * scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.
-
-2015-07-08 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Use canonical name for curve.
- + commit 5b46726931049e060d8fbfa879db7907078a9aed
- * g10/import.c (transfer_secret_keys): Use canonical name.
- * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
- * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
- * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
- * g10/parse-packet.c (parse_key): Ditto.
-
-2015-07-03 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- drop long-deprecated gpgsm-gencert.sh.
- + commit 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc
- * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is
- fully replaced by gpgsm --gen-key
- * doc/tools.texi: remove gpgsm-gencert.sh documentation
- * .gitignore: no longer ignore gpgsm-gencert.sh manpage
- * doc/Makefile.am: quit making the manpage
- * tools/Makefile.am: quit distributing the script
- * doc/howto-create-a-server-cert.texi: overhaul documentation to use
- gpgsm --gen-key and tweak explanations
-
-2015-07-02 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737
-
-
- scd: Support AES decryption for OpenPGPcard v3.0.
- + commit 45c49a0030c7a01ec011ce810ddb3aaef734e9bf
- * scd/app-openpgp.c (do_decipher): Support AES decryption.
-
-2015-07-01 Werner Koch <wk@gnupg.org>
-
- Release 2.1.6.
- + commit a499eeb6a6545d87ac9f1b64e32017bfdb4f67e6
-
-
-2015-07-01 Daiki Ueno <ueno@gnu.org>
-
- agent: Unset INSIDE_EMACS on gpg-agent startup.
- + commit f1490a3a0ecf4a5a03373c9563f7709630232ee3
- * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.
-
-2015-07-01 Werner Koch <wk@gnupg.org>
-
- common: Implement i18n_localegettext.
- + commit a65447f0d64d0c53ddbdcfc988f26ecc9a8a6f08
- * common/i18n.c (msg_cache_s, msg_cache_head_s): New.
- (msgcache): New.
- (i18n_localegettext): Implement locale dependent lookup.
-
-2015-06-30 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Pass DBUS_SESSION_BUS_ADDRESS for gnome3.
- + commit 816824953c91959c23a57c047bdba6a902ffdde6
- * common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
-
-2015-06-30 Werner Koch <wk@gnupg.org>
-
- Flag the L_() function with attribute format_arg.
- + commit 232af382e563fcbe15589a3ccae7d6908a17c44d
- * agent/agent.h (LunderscorePROTO): New.
- * common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
- * common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
- i18n_localegettext. Expand LunderscorePROTO.
- * agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
- again to keep the old translations.
-
- agent: Use different translation func for Pinentry strings.
- + commit e76d4c05b24211f3981ab69cddb3fccc17d21e0e
- * po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
- * common/i18n.c (i18n_localegettext): New stub.
- * common/i18n.h: Expand the LunderscoreIMPL macro.
- * agent/agent.h (L_): New.
- (LunderscoreIMPL): New.
- * agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
- caller.
- * agent/findkey.c (try_unprotect_cb): Add local var ctrl.
- * agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
- by xtrystrdup to avoid gcc warning. Unfortinately this changes the
- string.
- (agent_ask_new_passphrase): Cleanup the use of initial_errtext.
-
- gpg: Make show-sig-subpackets work again.
- + commit 010e4281c3e15e2f86589dd1da419531ead519ef
- * g10/gpg.c (parse_list_options): Fix offset for subpackets.
-
-2015-06-29 Werner Koch <wk@gnupg.org>
-
- agent: Prepare for Libassuan with Cygwin support.
- + commit b6076579311029aa76c00377d9a804b1578bf58f
- * agent/gpg-agent.c (create_server_socket): Add arg "cygwin". Call
- assuan_sock_set_flag if Assuan version is recent enough.
- (main): Create ssh server socket with Cygwin flag set.
-
-2015-06-29 Neal H. Walfield <neal@gnu.org>
-
- Show passphrase constraints errors as password prompt errors.
- + commit 2778c6f8f40d73272075ce04c07097f65c94054e
- * agent/agent.h (check_passphrase_constraints): Add parameter
- failed_constraint and remove parameter silent. Update callers.
- * agent/genkey.c (check_passphrase_constraints): Add parameter
- failed_constraint and remove parameter silent. If FAILED_CONSTRAINT
- is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
- error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
- or take_this_one_anyway2. If FAILED_CONSTRAINT is NULL, act as if
- SILENT was set.
- (agent_ask_new_passphrase): Change initial_errtext's type from a const
- char * to a char *. Pass it to check_passphrase_constraints. If it
- contains malloc's memory, free it.
-
-2015-06-29 Neal H. Walfield <neal@g10code.com>
-
- Improve documentation for default-cache-ttl and default-cache-ttl-ssh.
- + commit 0416aed4abf6cea94458d2e38eb4a5e6bfea2d8b
- * doc/gpg-agent.texi (Agent Options): Improve documentation for
- default-cache-ttl and default-cache-ttl-ssh.
-
- Don't raise max-cache-ttl to default-cache-ttl.
- + commit 60cf69ff9d61a2cd37fc4468f232fd41aa70a651
- * agent/gpg-agent.c (finalize_rereadable_options): Don't raise
- max-cache-ttl to default-cache-ttl. Likewise for max-cache-ttl-ssh
- and default-cache-ttl-ssh.
-
- Improve the description of old packets with an indeterminate length.
- + commit 68c217f457a772984d0afbdd341f18de7c867505
- * g10/parse-packet.c (parse): Make the description more accurate when
- listing packets: old format packets don't support partial lengths,
- only indeterminate lengths (RFC 4880, Section 4.2).
-
-2015-06-29 Werner Koch <wk@gnupg.org>
-
- agent: Add --verify to the PASSWD command.
- + commit 9bca96dbc5c32bdd00196462fde8c9ab94aeb28d
- * agent/command.c (cmd_passwd): Add option --verify.
-
- agent,w32: Do not create a useless socket with --enable-putty-support.
- + commit 7a387331645736eaeaaef57770beef5fa741bc22
- * agent/agent.h (opt): Remove field ssh_support.
- * agent/gpg-agent.c (ssh_support): New. Replace all opt.ssh_support
- by this.
- (main): Do not set ssh_support along with setting putty_support.
-
- gpgsm: Add command option "offline".
- + commit 2c9c46e2a2b8f9a1bdc1ef46a135b5fc7d1a8073
- * sm/server.c (option_handler): Add "offline".
- (cmd_getinfo): Ditto.
- * sm/certchain.c (is_cert_still_valid):
- (do_validate_chain):
- * sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
- of --disable-dirmngr.
- * sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
- ctrl->offline.
-
-2015-06-26 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Support button flag and AES key data for OpenPGPcard v3.0.
- + commit d2fdf2e1b6cd447bb1c36df0ac7d8e669802fa22
- * scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
- Support button and symmetric decryption.
- (do_setattr): Support setting AESKEY.
-
-2015-06-25 Andre Heinecke <aheinecke@intevation.de>
-
- sm: Fix cert storage for ephemeral certs.
- + commit 5e1a844ae9b6730b4b8a2c9178ea9bc121560c28
- * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
- existing certs if store should not be ephemeral.
-
-2015-06-23 Werner Koch <wk@gnupg.org>
-
- Allow use of debug flag names for all tools.
- + commit 54a0ed3d9b10a3c6dfb3d6a4d20b693a3183f8f6
- * g13/g13.c: Make use of debug_parse_flag.
- * scd/scdaemon.c: Ditto.
- * sm/gpgsm.c: Ditto
- * agent/gpg-agent.c: Ditto. But do not terminate on "help"
- * dirmngr/dirmngr.c: Ditto.
-
- common: Improve fucntion parse_debug_flag.
- + commit 8195e55d0c134a45f7c9bd95c8b5741781841c18
- * common/miscellaneous.c (parse_debug_flag): Add hack not to call
- exit. Add "none" and "all" flags.
-
-2015-06-23 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: pinpad workaround for PC/SC implementations.
- + commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5
- * scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
- for TPDU card reader.
-
-2015-06-22 Werner Koch <wk@gnupg.org>
-
- gpg: Allow debug flag names for --debug.
- + commit 4698e5b203bd983503b5fd784fcd09dd3bc3a15e
- * g10/gpg.c (opts): Change arg for oDebug to a string.
- (debug_flags): New; factored out from set_debug.
- (set_debug): Remove "--debug-level help". Use parse_debug_flag to
- print the used flags.
- (main): Use parse_debug_flag for oDebug.
-
- common: Add function parse_debug_flag.
- + commit 22147952b744958ec46d356e942540356ff7d93e
- * common/miscellaneous.c (parse_debug_flag): New.
- * common/util.h (struct debug_flags_s): New.
-
- common: Add function strtokenize.
- + commit d37f47081d41584efc0c397432811f9cfa5d5867
- * common/stringhelp.c: Include assert.h.
- (strtokenize): New.
- * common/t-stringhelp.c (test_strtokenize): New.
-
- gpg: Fix regression due to recent commit 6500f33.
- + commit e0873a3372800d51c90ca656450f937dbae9c169
- * g10/keydb.c (kid_list_s): Keep a state in the table.
- (kid_not_found_table): Rename to kid_found_table.
- (n_kid_not_found_table): Rename to kid_found_table_count.
- (kid_not_found_p): Return found state.
- (kid_not_found_insert): Add arg found.
- (keydb_search): Store found state in the table.
-
-2015-06-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix Cherry ST-2000 support for pinpad input.
- + commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe
- * scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
- * scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
- template of APDU.
-
-2015-06-20 Werner Koch <wk@gnupg.org>
-
- gpg: Print number of good signatures with --check-sigs.
- + commit 0948c4f217308ffa0ec61ce189d387fd61b02bbd
- * g10/keylist.c (keylist_context): Add field good_sigs.
- (list_keyblock_print): Updated good_sigs.
- (print_signature_stats): Print number of good signatures and use
- log_info instead of tty_printf.
-
- gpg: Improve speed of --check-sigs and --lish-sigs.
- + commit 6500f338a35f4148606480c79f3a0c1b0d15f13a
- * g10/keydb.c (kid_list_t): New.
- (kid_not_found_table, n_kid_not_found_table): New.
- (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
- (keydb_insert_keyblock): Flush the new cache.
- (keydb_delete_keyblock): Ditto.
- (keydb_update_keyblock): Ditto.
- (keydb_search): Use the new cache.
- (keydb_dump_stats): New.
- * g10/gpg.c (g10_exit): Dump keydb stats.
-
-2015-06-19 Werner Koch <wk@gnupg.org>
-
- gpg: Add more log_clock calls to keydb.c.
- + commit 53e9b86085ac70ede8a0b1de9018ccbfe55b0932
- * g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
-
- gpg: Print available debug flags using "--debug-level help".
- + commit 663a31f1ea2fc5a43c822e916cf20fece5243851
- * g10/gpg.c (set_debug): Add "help" option and use a table for the
- flags.
-
- gpg: Fix export problem in case an old keyring has PGP-2 keys.
- + commit c5604eeee4b64a44a1ca1d517ace14fc1cbda298
- * g10/export.c (do_export_stream): Skip legacy keys.
-
-2015-06-18 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix the cleanup zombies fix (685b782).
- + commit c97198371b7307e64afdd323231977b2247f64ec
- * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
- stdout reader after EOF from read_log_data.
- * dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
- the next iteration.
-
-2015-06-17 Werner Koch <wk@gnupg.org>
-
- agent: Print a warning for obsolete options.
- + commit 010d26a85bfe15c4aa12eefeab851dbde0609c26
- * g10/misc.c (obsolete_scdaemon_option): Move to
- * common/miscellaneous.c (obsolete_option): ... here.
- * agent/gpg-agent.c (main): Use obsolete_option for the 3 obsolete
- options.
-
-2015-06-16 Werner Koch <wk@gnupg.org>
-
- dirmngr: Cleanup zombies and fix hang on shutdown.
- + commit 685b782a18adb90bbf78956682e4e7f89fed678c
- * dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
- into the loop. Check the queue also on timeout. Close log_fd and
- reader context on EOF or error.
-
- dirmngr: Avoid accessing uninitialized memory in log callback.
- + commit 82c72e2db7bc5b633768d59822f2e2a353fa6e32
- * dirmngr/dirmngr.c (pid_suffix_callback): Clear int_and_ptr_u before
- use.
- (start_connection_thread): Ditto.
- (handle_connections): Ditto.
-
-2015-06-16 Neal H. Walfield <neal@g10code.com>
-
- Don't prompt for the password multiple times in pinentry loopback mode.
- + commit eac081ba1278855fa223b031b527498fec558bc7
- * g10/gpg.c (main): If OPT.PINENTRY_MODE is PINENTRY_MODE_LOOPBACK,
- clear OPT.PASSPHRASE_REPEAT.
-
-2015-06-16 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese Translation.
- + commit 15540f6233bd041b06708862a6d9535cbcabe330
-
-
-2015-06-15 Werner Koch <wk@gnupg.org>
-
- doc: Add defs.inc to BUILT_SOURCES.
- + commit ef273a9afc7840b75cfb9b8af78d117b7d672c6a
-
-
-2015-06-11 Werner Koch <wk@gnupg.org>
-
- Release 2.1.5.
- + commit 9b7bdfae82f74a147a5dbf0fac0f78cde77a207b
-
-
- agent: Fix --extra-socket on Windows.
- + commit 985918aab025cf0ac9db411b88a47c4b985e5e95
- * agent/gpg-agent.c (start_connection_thread): Rename to ...
- (do_start_connection_thread): this. Factor nonce checking out to ...
- (start_connection_thread_std): this,
- (start_connection_thread_extra): this,
- (start_connection_thread_browser): and this.
-
- agent: Add experimental option --browser-socket.
- + commit 008435b95cbca19adc217178dc9d793eca584345
- * agent/agent.h (opt): Add field "browser_socket".
- * agent/command.c (cmd_setkeydesc): Use a different message for
- restricted==2.
- * agent/gpg-agent.c (oBrowserSocket): New.
- (opts): Add --browser-socket.
- (socket_name_browser, redir_socket_name_browser): New.
- (socket_nonce_browser): New.
- (cleanup): Cleanup browser socket.
- (main): Implement option.
- (start_connection_thread_browser): New.
- (handle_connections): Add arg listen_fd_browser and use it.
-
-2015-06-10 Daiki Ueno <ueno@gnu.org>
-
- agent: Add option --allow-emacs-pinentry.
- + commit 691dae270b3b741178912599724d69adabdb48b9
- * agent/agent.h (opt): Add field allow_emacs_pinentry.
- * agent/call-pinentry.c (start_pinentry): Act upon new var.
- * agent/gpg-agent.c (oAllowEmacsPinentry): New.
- (opts): Add option --allow-emacs-pinentry.
- (parse_rereadable_options): Set this option.
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Add new option.
-
-2015-06-09 Werner Koch <wk@gnupg.org>
-
- doc: Do not used fixed file names in the manuals.
- + commit 25331bba5554a39d226d32433add7784b2e170b8
- * doc/mkdefsinc.c: New.
- * doc/Makefile.am: Include cmacros.am.
- (EXTRA_DIST): Add mkdefsinc.c defsincdate.
- (BUILT_SOURCES): Add defsincdate
- (CLEANFILES): Add mkdefsinc and defs.inc.
- (mkdefsinc): New rule.
- (yat2m-stamp): Depend on defs.inc.
- ($(myman_pages) gnupg.7): Ditto.
- (gnupg.texi): Remove rule to touch itself.
- (dist-hook): New.
- (defsincdate): New.
- (defs.inc): New.
- * doc/gnupg.texi: Remove inclusion of version.texi. Include defs.inc.
- Also include defs.inc in all files used to build man files. Change
- fixed directory names to those from defs.inc.
-
- dirmngr: Avoid crash due to an empty crls.d/DIR.txt.
- + commit 255dadd76d5a2101d2c5450741326b67253fa9ea
- * dirmngr/crlcache.c (check_dir_version): Avoid segv.
-
-2015-06-08 Werner Koch <wk@gnupg.org>
-
- doc: Change the manual source to be only for GnuPG 2.1.
- + commit abbefdd04d7ee30218506caeae1fd858569c9f0a
-
-
- Convey envvar INSIDE_EMACS to the pinentry.
- + commit c672572bd50966187cc823585efed673b66ff942
- * common/session-env.c (stdenvnames): Add it.
-
- agent: Add command "getinfo std_env_names".
- + commit 8425db6a26bf66dad16dfbc26be9af7d272f31d3
- * agent/command.c (cmd_getinfo): Add new sub-command.
-
-2015-06-05 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: do_decipher change for OpenPGPcard v3.0.
- + commit cf508a1f7f4c8926dc554be68a2d46f5ce272ac0
- * scd/app-openpgp.c (do_decipher): Add a header for ECDH.
-
-2015-06-04 Werner Koch <wk@gnupg.org>
-
- gpg: Replace -1 by GPG_ERR_NOT_FOUND in tdbio.c.
- + commit a4a15195c2a3729025a3ba3439ac8860083fceeb
- * g10/tdbio.c (lookup_hashtable): Return GPG_ERR_NOT_FOUND.
- * g10/tdbdump.c (import_ownertrust): Test for GPG_ERR_NOT_FOUND.
- * g10/trustdb.c (read_trust_record): Ditto.
- (tdb_get_ownertrust, tdb_get_min_ownertrust): Ditto.
- (tdb_update_ownertrust, update_min_ownertrust): Ditto.
- (tdb_clear_ownertrusts, update_validity): Ditto.
- (tdb_cache_disabled_value): Ditto.
-
- gpg: Cleanup error code path in case of a bad trustdb.
- + commit f170240ef735edc481f60e51527cbb5ee1acfd55
- * g10/tdbio.c (tdbio_read_record): Fix returning of the error.
-
- gpg: Fix output in case of a corrupted trustdb.
- + commit bf06d04f53296f4b4b73b9360cf1571559bb2295
- * g10/tdbdump.c (list_trustdb): Add arg FP and change callers to pass
- es_stdout.
- * g10/tdbio.c (upd_hashtable): On a corrupted trustdb call
- list_trustdb only in verbose > 1 mode and let it dump to stderr.
-
-2015-05-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix key template of ECC.
- + commit e5c69e87beebe99d362ac721ce4ea6b057a30a99
- * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value.
-
-2015-05-28 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix a race condition initially creating trustdb.
- + commit fe5c6edaed78839303d67e01e141cfc6b5de9aec
- * g10/tdbio.c (take_write_lock, release_write_lock): New.
- (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use
- new lock functions.
- (tdbio_set_dbname): Fix the race.
- (open_db): Don't call dotlock_create.
-
-2015-05-27 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Remove g10/signal.c.
- + commit 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb
- * g10/signal.c: Remove.
- * g10/main.h: Remove old function API.
- * g10/tdbio.c: Use new API, even in the dead code.
-
-2015-05-20 Werner Koch <wk@gnupg.org>
-
- agent: Cleanup caching code for command GET_PASSPHRASE.
- + commit 23d2ef83cda644c6a83499f9327350d3371e8a17
- * agent/command.c (cmd_get_passphrase): Read from the user cache.
-
-2015-05-19 Neal H. Walfield <neal@g10code.com>
-
- agent: When the password cache is cleared, also clear the ext. cache.
- + commit 3a9305439b75ccd4446378d4fd87da087fd9c892
- * agent/agent.h (agent_clear_passphrase): New declaration.
- * agent/call-pinentry.c (agent_clear_passphrase): New function.
- * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase.
-
- agent: Modify agent_clear_passphrase to support an ext. password cache.
- + commit e201c20f25e7bed29088186c5f717d43047a0f4b
- * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and
- cache_mode. Update callers.
- * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo
- and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key,
- then send SETKEYINFO to the pinentry.
-
-2015-05-19 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: detects public key encryption packet error properly.
- + commit c771963140cad7c1c25349bcde27e427effc0058
- g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for
- encryption.
-
-2015-05-15 Werner Koch <wk@gnupg.org>
-
- build: Make --disable-gpgsm work.
- + commit 43ea8f5d884dd108bb27d8e1610fa28802295a06
- * Makefile.am: Always build kbx/
- * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS.
-
-2015-05-12 Werner Koch <wk@gnupg.org>
-
- Release 2.1.4.
- + commit a67ead6525d7597a9e0b152c5971f6290f7912f3
-
-
- speedo: Add make option SELFCHECK=0 to build a new release.
- + commit 21b0701e2e044894c53ff59d22c5c6a172780c25
- * build-aux/getswdb.sh: Add option --skip-selfcheck.
- * build-aux/speedo.mk: Add option SELFCHECK.
-
-2015-05-11 Werner Koch <wk@gnupg.org>
-
- common: Cope with AIX problem on number of open files.
- + commit 987532b038a2d9b9e76c0de425ee036ca2bffa1b
- * common/exechelp-posix.c: Limit returned value for too hight values.
-
- gpg-connect-agent: Fix quoting of internal percent+ function.
- + commit 26e2eb98d3d8405b335b43c8e86deacf622cd957
- * tools/gpg-connect-agent.c (get_var_ext) <percent, percent+): Also
- escape '+'.
-
- agent: Add option --no-allow-external-cache.
- + commit d7293cb317acc40cc9e5189cef33fe9d8b47e62a
- * agent/agent.h (opt): Add field allow_external_cache.
- * agent/call-pinentry.c (start_pinentry): Act upon new var.
- * agent/gpg-agent.c (oNoAllowExternalCache): New.
- (opts): Add option --no-allow-external-cache.
- (parse_rereadable_options): Set this option.
-
- agent: Add strings for use by future Pinentry versions.
- + commit 02d5e1205489aa5027a87a64552eaf15984dc22d
- * agent/call-pinentry.c (start_pinentry): Add more strings.
-
- agent: Add option --debug-pinentry.
- + commit 14232c3870c5ef5d2fa15e8ed3f302b1ba29d25c
- * agent/gpg-agent.c (oDebugPinentry): New.
- (opts): Add --debug-pinentry.
- (parse_rereadable_options): Set that option.
- * agent/call-pinentry.c (start_pinentry): Pass option to
- assuan_set_flag.
-
-2015-05-08 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid cluttering stdout with trustdb info in verbose mode.
- + commit b03a2647299a6c8764a2574590cbaccdff9e497d
- * g10/trustdb.c (validate_keys): Call dump_key_array only in debug
- mode.
-
- gpg: Fix wrong output in list mode.
- + commit 7039f87375b3c89d6e63837b811ed2be71c8d9db
- * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
- LISTFP.
-
- gpg: New command --quick-adduid.
- + commit 64e809b791645f343feb69112baba8e2700e454b
- * g10/keygen.c (ask_user_id): Factor some code out to ...
- (uid_already_in_keyblock): new.
- (generate_user_id): Add arg UIDSTR. Fix leaked P.
- * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller.
- (keyedit_quick_adduid): New.
- * g10/gpg.c (aQuickAddUid): New.
- (opts): Add command --quick-adduid.
- (main): Implement that.
-
- gpg: Add push/pop found state feature to keydb.
- + commit 3c439c0447f8a7468a61bbdc4c9a101ef2451dcb
- * g10/keydb.c (keydb_handle): Add field saved_found.
- (keydb_new): Init new field.
- (keydb_push_found_state, keydb_pop_found_state): New.
- * g10/keyring.c (kyring_handle): Add field saved_found.
- (keyring_push_found_state, keyring_pop_found_state): New.
-
- gpg: Minor code merging in keyedit.
- + commit b772e459fa91cdc7facd95227ebc0faba20a7003
- * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order.
- (fix_keyblock): New. Call fix_key_signature_order and other fix
- functions.
- (keyedit_menu): Factor code out to new fix_keyblock.
- (keyedit_quick_sign): Ditto. Check for primary fpr before calling
- fix_keyblock.
-
-2015-05-07 Werner Koch <wk@gnupg.org>
-
- agent: Minor change for 56b5c9f.
- + commit 436f2060721e997479a9dd5be8dfc73627dd49c9
- * agent/call-pinentry.c (agent_askpin): Move option setting to ...
- (start_pinentry): here. Fix error code check.
-
-2015-05-07 Kristian Fiskerstrand <kf@sumptuouscapital.com>
-
- dirmngr: Fix segfault in ldap engine.
- + commit d0d4984cfec54dee727b9e9d33d09e33c6f2e182
- (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
- initialized
-
-2015-05-07 Neal H. Walfield <neal@g10code.com>
-
- agent: Improve support for externally cached passwords.
- + commit 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6
- * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New
- constant.
- (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was
- provided.
- (agent_askpin): Pass "OPTION allow-external-password-cache" to the
- pinentry. Always pass SETKEYINFO to the pinentry. If there is no
- stable identifier, then use "--clear". If the password is incorrect
- and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS,
- then decrement PININFO->FAILED_TRIES.
-
- agent: Or in the value; don't overwrite the variable.
- + commit 74944330ba7229ed0cbe23cc0f573962a444bd07
- * agent/call-pinentry.c (pinentry_status_cb): Or in
- PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG.
-
- agent: Avoid magic numbers. Use more accurate names.
- + commit d3b5cad2346bd5747789dc62d7804fa5c15f4f3b
- * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant.
- (PINENTRY_STATUS_PIN_REPEATED): Likewise.
- (close_button_status_cb): Rename from this...
- (pinentry_status_cb): ... to this. Use the constants.
- (agent_askpin): Rename local variable from close_button to
- pinentry_status. Use symbolic constants rather than magic numbers.
-
-2015-05-07 Werner Koch <wk@gnupg.org>
-
- gpg: Improve 'General key info' line of --card-status.
- + commit 874ef16e70ab750db7b153f17a7e859a0db6a2f1
- * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub".
-
- * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK.
- * g10/keyid.c (keyid_from_fingerprint): Adjust for change.
- * g10/revoke.c (gen_desig_revoke): Adjust for change.
- * g10/card-util.c (card_status): Simplify by using new arg. Align
- card-no string.
-
- * g10/card-util.c (card_status): Remove not used GnuPG-1 code.
-
- gpg: Fix regression not displaying the card serial number.
- + commit 173b26c8f83a3c623165a96c315bf9ed4b90edcc
- * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO.
-
-2015-05-06 Werner Koch <wk@gnupg.org>
-
- speedo,w32: Install a native pinentry.
- + commit 154abaf3c97dae43ba972e4482680a287f3e5c39
- * build-aux/speedo.mk: Always build pinentry for w32.
- (speedo_pkg_pinentry_configure): Adjust to modern pinentry.
- * build-aux/speedo/w32/inst.nsi: Install native pinentry under the
- name pinentry-basic.exe.
-
-2015-05-01 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: fix cmp_public_key.
- + commit f77fd572db658959fa40aa8c181be919e688b707
- * g10/free-packet.c (cmp_public_keys): Compare opaque
- data at the first entry of the array when it's unknown algo.
-
-2015-04-30 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: PC/SC reader selection by partial string match.
- + commit 01a2a61bc4b34817c4216888265f65d59a33dad3
- * scd/apdu.c (open_pcsc_reader_direct): Partial string match.
-
-2015-04-24 Werner Koch <wk@gnupg.org>
-
- common: Remove JNLIB from boiler plate (jnlib merge).
- + commit 172b6193488f433a206fd88f85d8c4a5d1eb7fdf
- * common/README.jnlib: Remove.
-
- common: Rename log and gcc attribute macros (jnlib merge).
- + commit 26d7e0d7accf269c15fb4bc23e5e80580bfb7fe3
- * common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
- * common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
-
- common: Remove two JNLIB_ macros (jnlib merge).
- + commit 575230d91bba95697518da418ea0e8712f889a0f
- * configure.ac: Merge seperate jnlib checks.
- (HAVE_JNLIB_LOGGING): Remove.
- * common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
- Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests.
-
- common: Remove libjnlib-config.h (jnlib merge).
- + commit 17bcd087082d01c48c60ff20d7f9a40f34c6969f
- * common/libjnlib-config.h: Remove.
- * common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed
- header.
- (getpid) [HAVE_W32CE_SYSTEM]: New. From removed header.
- * common/argparse.c: Include util.h and common-defs.h. Replace
- jnlib_ macro names for non-GNUPG builds by x* names.
- * common/dotlock.c: Ditto.
- * common/logging.c: Include util.h and common-defs.h. Replace jnlib_
- symbol names by x* names.
- * common/strlist.c: Ditto.
- * common/utf8conv.c: Ditto.
- * common/w32-reg.c: Ditto.
- * common/mischelp.c: Ditto. Also remove _jnlib_free.
- * common/stringhelp.c: Ditto.
- (JNLIB_LOG_WITH_PREFIX): Do not depend on this macro.
- * common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this
- macro.
-
-2015-04-23 Werner Koch <wk@gnupg.org>
-
- gpg: Move all DNS access to Dirmngr.
- + commit 154f3ed2bf64de801ae0f9796338a2767ec6357b
- * common/dns-cert.h: Move to ../dirmngr/.
- * common/dns-cert.c: Move to ../dirmngr/. Change args to return the
- key as a buffer.
- * common/t-dns-cert.c: Move to ../dirmngr/.
- * common/pka.c, common/pka.h, common/t-pka.c: Remove.
-
- * dirmngr/server.c (data_line_cookie_write): Factor code out to
- data_line_write and make it a wrapper for that.
- (data_line_write): New.
- (cmd_dns_cert): New.
- (register_commands): Register new command.
-
- * g10/Makefile.am (LDADD): Remove DNSLIBS.
- * g10/call-dirmngr.c (dns_cert_parm_s): New.
- (dns_cert_data_cb, dns_cert_status_cb): New.
- (gpg_dirmngr_dns_cert): New.
- (gpg_dirmngr_get_pka): New.
- * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
- * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
- gpg_dirmngr_dns_cert.
- (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
- * g10/mainproc.c: Include call-dirmngr.h.
- (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
- gpg_dirmngr_get_pka.
-
- common: Minor change of hex2str to allow for embedded nul.
- + commit ce11cc39ea7e011040debc9339a2310a714efe7e
- * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT.
-
-2015-04-23 NIIBE Yutaka <gniibe@fsij.org>
-
- common: removal of t-support.c from t_jnlib_src.
- + commit a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab
- * common/Makefile.am (t_jnlib_src): Remove t-support.c.
-
-2015-04-21 Werner Koch <wk@gnupg.org>
-
- gpg: Make keyserver-option http_proxy work.
- + commit c4d98734c5df39f57a71f0ec1c0c80e82ff08508
- * g10/options.h (opt): Add field keyserver_options.http_proxy.
- * g10/keyserver.c (warn_kshelper_option): Add arg noisy.
- (parse_keyserver_options): Parse into new http_proxy field.
- * g10/call-dirmngr.c (create_context): Send the http-proxy option.
-
- common: Make proper use of http proxy parameter.
- + commit 54e55149f2af96eff08bfd6f70ef13d007fb58c7
- * common/http.c (is_hostname_port): New.
- (send_request): Fix proxy name parsing.
-
- dirmngr: Add http proxy support for keyservers.
- + commit a0dead5edce07838cf5ff3ec7205a3bff2a6ef70
- * dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
- * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
- from OPT.
- (dirmngr_deinit_default_ctrl): New.
- (main): Call dirmngr_deinit_default_ctrl.
- * dirmngr/server.c (start_command_handler): Ditto.
- (option_handler): Add option "http-proxy".
- * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
- * dirmngr/ocsp.c (do_ocsp_request): Ditto.
- * dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
-
- gpg: Do not use honor-keyserver-url sub-option by default.
- + commit 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc
-
-
- gpg: Make preferred keyservers work.
- + commit ae0d65f86413a82a40cf68e08aaeca405eee8c78
- * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done.
- (create_context): Move keyserver setting to ...
- (open_context): here.
- (clear_context_flags): New.
- (gpg_dirmngr_ks_get): Add arg override_keyserver.
- * g10/keyserver.c (keyserver_refresh): Improve diagnostics.
- (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get.
-
- gpg: Update sub-options of --keyserver-options.
- + commit da1990bac71f6447d8ebd169c3b3b186e9f287d9
- * g10/options.h (KEYSERVER_HTTP_PROXY): New.
- (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
- (KEYSERVER_TIMEOUT): New.
- * common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
- * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
- and "keep-temp-files". Add "http-proxy" and "timeout".
- (parse_keyserver_options): Remove 1.2 compatibility option
- "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files"
- code.
-
-2015-04-14 Werner Koch <wk@gnupg.org>
-
- agent: Send the new SETKEYINFO command to the Pinentry.
- + commit 2180845959839705200e3172dbafc94b70b9007f
- * agent/call-pinentry.c (agent_askpin): Add args keyinfo and
- cache_mode. Change all callers to pass (NULL,0) for them. Send
- SETKEYINFO command.
- * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for
- the new args.
-
-2015-04-14 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: better handling of extended APDU.
- + commit 971d558e862db878a7310e06ed7116dbe36886ab
- * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0.
- * scd/app-common.h (struct app_ctx_s): Use bit fields for flags.
- * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard.
- (struct ccid_driver_s): New field of max_ccid_msglen.
- Remove ifsd field.
- (parse_ccid_descriptor): Initialize max_ccid_msglen.
- (ccid_transceive_apdu_level): Implement sending extended APDU in
- chain of CCID message.
-
-2015-04-13 Werner Koch <wk@gnupg.org>
-
- gpg: Fix NULL-segv due to invalid imported data.
- + commit 25fce93ba19d997e234a674d5cc98df82c5b5496
- * g10/free-packet.c (my_mpi_copy): New.
- (copy_public_key, copy_signature): Use instead of mpi_copy.
-
-2015-04-13 Neal H. Walfield <neal@g10code.com>
-
- dirmngr: If LDAP is not enable, don't build the LDAP bits.
- + commit 5cde5bf37339cdeb0bd0a33d39477382eafebede
- * dirmngr/Makefile.am (dirmngr_SOURCES): Only include
- ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
- is TRUE.
- (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
- * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
- TRUE.
- (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
- TRUE.
- (ks_action_search): Likewise.
- (ks_action_get): Likewise.
- (ks_action_put): Likewise.
- * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
- TRUE.
- (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
- TRUE.
-
-2015-04-13 Werner Koch <wk@gnupg.org>
-
- common: Do without nested fucntions to support non-gcc.
- + commit 454f60399c7318fffd3de2afadd58c7a490178bd
- * common/t-stringhelp.c (test_strsplit): Remove nested function.
-
-2015-04-11 Werner Koch <wk@gnupg.org>
-
- Release 2.1.3.
- + commit b1e1959d59a12b53c016ca9c95aee3a62c0bfc00
-
-
-2015-04-11 Yuri Chornoivan <yurchor@ukr.net>
-
- po: Update Ukrainian translation.
- + commit 896f438967b66b4836419aa737c706ced6b6454a
-
-
-2015-04-11 Ineiev <ineiev@gnu.org>
-
- po: Update and review Russian translation.
- + commit b69d7064f30c38ffe18e71de6a0fc14b5da0452f
-
-
-2015-04-10 Werner Koch <wk@gnupg.org>
-
- dirmngr,w32: Make it build for Windows.
- + commit c8bb5000d4c86a055348dc08352f573c599743a7
- * dirmngr/Makefile.am (t_common_ldadd): Add missing libs.
-
- Remove obsolete directories from AM_CPPFLAGS.
- + commit 67158ff155ef52fd54a6bbe680551c0e12b31e69
-
-
- dirmngr,w32: Replace functions not available under Windows.
- + commit 0fb224c2c5e0c6770d4a6044d62d84f6bbc1b26b
- * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and
- gmtime_r.
-
- common: Add new function gnupg_gmtime.
- + commit 5d60c7f7e05a06e46e23bafe61cef09ad32aa998
- * common/gettime.c (gnupg_gmtime): New.
- (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning
- an error.
-
- common: Add new function isodate_human_to_tm.
- + commit f6670100b7a15b2071c2e4062f5c5a678f2a30f6
- * common/gettime.c (isotime_human_p): Add arg date_only.
- (isodate_human_to_tm): New.
- * common/t-gettime.c (test_isodate_human_to_tm): New.
- (main): Call new test.
-
- dirmngr,w32: Avoid name clash with existing function.
- + commit 6ad95fe6f1f130c8f6d139a9bd57fc4a0d38292b
- * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect.
-
- gpgparsemail: Fix last commit (3f2bdac)
- + commit 9433661419043431a6cfc7d84c8450e0b2f6c353
- * tools/rfc822parse.c (parse_field): Replace break by goto.
-
-2015-04-09 Werner Koch <wk@gnupg.org>
-
- gpgparsemail: Fix case of zero length continuation lines.
- + commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f
- * tools/rfc822parse.c (parse_field): Loop after continuation line.
-
-2015-04-08 Werner Koch <wk@gnupg.org>
-
- sm: Fix certificate lookup in dirmngr cache.
- + commit 6619ead2cfd2abcb95b66dc70622fdeef624fb8a
- * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command.
-
-2015-04-06 Werner Koch <wk@gnupg.org>
-
- gpg: Print the user id in --fast-list-mode.
- + commit c2383407bba5eefea486464a31e02846124c9da5
- * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change.
-
- gpg: Prepare to pass additional context to the list functions.
- + commit 67a58118ab6171c0cf28b65a39973062690d1313
- * g10/keylist.c (struct sig_stats): Rename to keylist_context and add
- field check_sigs.
- (keylist_context_release): New.
- (list_all): Set listctx.check_sigs and call release func.
- (list_one): Ditto.
- (locate_one): Ditto.
- (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by
- listctx.
- (list_keyblock): Ditto. Make static.
- (list_keyblock_direct): New.
- * g10/keygen.c (do_generate_keypair): Replace list_keyblock by
- list_keyblock_direct.
-
- gpg: Merge duplicated code for get_user_id et al.
- + commit f577d5c1a747d673fa1d5c012ce3e3b78b699c6a
- * g10/getkey.c (get_user_id_string): Add args mode and r_LEN.
- (get_user_id_string_native): Add new args.
- (get_long_user_id_string, get_user_id): Rewrite using
- get_user_id_string.
-
- gpg: Add new option --debug-iolbf.
- + commit c581ed717ad2cc4be90c46253baa44a0d3ba5b80
- * g10/gpg.c (oDebugIOLBF): new.
- (opts): Add --debug-iolbf.
- (main): Set option.
-
- Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
- + commit 24a75201da6be72edf85b96dbc0c01c747d02c6a
- * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
-
- Fix use of DBG_CACHE and DBG_LOOKUP.
- + commit 2f099eb62ac6491675bbcccaca4e076b2d8e7ea0
- * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
- * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
- * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
-
- gpg: Rename a debug macro.
- + commit 4de8a58e44262a25564e2acef8c8865d1755982e
- * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE.
- (DBG_CIPHER): Rename to DBG_CRYPTO.
-
-2015-04-05 Werner Koch <wk@gnupg.org>
-
- gpg: Fix DoS while parsing mangled secret key packets.
- + commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a
- * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
- et al.
-
-2015-04-03 NIIBE Yutaka <gniibe@fsij.org>
-
- g10: Fix keytocard.
- + commit f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0
- g10/call-agent.h (agent_scd_learn): Add FORCE option.
- g10/call-agent.c (agent_scd_learn): Implement FORCE option.
- g10/keygen.c (gen_card_key): Follow the change of option.
- g10/card-util.c (change_pin, card_status, factory_reset): Likewise.
- g10/keyedit.c (keyedit_menu): Update private key storage by
- agent_scd_learn.
-
- agent: Add --force option for LEARN.
- + commit 4ffadb74b3ada8a5d69ef8d87f4326df9bd97e97
- * agent/command.c (cmd_learn): Handle --force option.
- (cmd_keytocard): Don't update key storage file.
- * agent/agent.h (agent_handle_learn): Add FORCE.
- * agent/learncard.c (agent_handle_learn): Implement FORCE to update
- key stroage file.
-
-2015-03-31 Neal H. Walfield <neal@g10code.com>
-
- dirmngr: Don't use alloca.
- + commit d0ff2ee04187fbedacbe4d3884ee75d957a0b8c6
- * dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
- xmalloc and xfree.
-
- dirmngr: Simplify truncation of long strings in debug code.
- + commit 802eec0ca49b92104c92f18c9a6a04c34de74168
- * dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
- strings.
-
- dirmngr: Use a better error code.
- + commit 7f6d7948c1e56e09c1bdaa5143e1b5558c4376dd
- * dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
- GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
-
- dirmngr: Better encapsulate the keyservers variable.
- + commit 348c520040a31f5c322183c0654a34978e2baf6f
- * dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
- from here...
- * dirmngr/server.c (struct server_local_s): ... to here. Update
- users.
- * dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
- (ks_action_search): Likewise.
- (ks_action_get): Likewise.
- (ks_action_put): Likewise.
- * dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
- Use it instead of ctrl->keyservers.
- (ks_action_search): Likewise.
- (ks_action_get): Likewise.
- (ks_action_put): Likewise.
-
-2015-03-28 Neal H. Walfield <neal@g10code.de>
-
- gpg: Only use the last specified keyserver.
- + commit f26ba14028d34845ae10aae552b90681907e377d
- * g10/gpg.c (main): Only use the last specified keyserver.
-
-2015-03-25 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix resource leaks and check rare errors.
- + commit bec10ae4b5a870303c800cdf3cd906044613fc2d
- * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
- leak.
- (ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
- required.
- (modlist_dump): Check error from es_fopenmem.
- (uncescape): s/int/size_t/. Use existing macros.
- (extract_attributes): Use existing trim function.
- (ks_ldap_put): Do not segv on error from modlist_dump.
-
- dirmngr: Minor cleanups.
- + commit 6c701af121782c2feb4ee51e559a7420df00471f
- * dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
- (ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
- (tm2ldaptime): Use snprintf.
- (ldap_connect): Get error code prior to log_error and and use modern
- function. Use xfree, xtrustrdup etc.
- (modlist_lookup): Use GNUPG_GCC_A_USED.
- (modlist_free): Use xfree.
-
- common: Add macro GNUPG_GCC_A_USED.
- + commit 99ef9cd7f589b51921bfbe8d52735c104ef260e3
- * common/util.h (GNUPG_GCC_A_USED): New.
-
- sm: Change default algos to SHA256 (CSR) and AES128 (bulk encryption).
- + commit 1e4d8ddbe3ad7ee8f1c1d1798694d91f792776c0
- * sm/certreqgen.c (create_request): Change default hash algo.
- * sm/gpgsm.c (DEFAULT_CIPHER_ALGO): Change default bulk cipher algo.
-
-2015-03-24 Werner Koch <wk@gnupg.org>
-
- gpg,w32: Handle forward slash in --keyring option.
- + commit bdd22e3a0846d38a0b6cdb822476ad2f15d03455
- * g10/keydb.c (keydb_add_resource): Allow forward slash under Windows.
-
-2015-03-23 Neal H. Walfield <neal@g10code.de>
-
- Improve documentation for ks_hkp_get.
- + commit 7a56b6b3aa8b7a07bd80a3fcd5114bd1af359fa3
- * dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation.
-
- Improve documenation of http_parse_uri.
- + commit 00a16cf49336ee0b4ce21eb05a79db955af053e0
- * common/http.c (http_parse_uri): Improve documentation.
-
- Add support to talking to LDAP key servers.
- + commit 51341badb623927f2a358588c725a356fc77dbe7
- * g10/call-dirmngr.c (record_output): New function.
- (ks_put_inq_cb): Use it here to generate a --with-colons like output
- instead of a custom format.
- * dirmngr/ks-action.c: Include "ldap-parse-uri.h".
- (ks_action_help): If the provided URI is an LDAP URI, then use
- ldap_parse_uri to parse. Call ks_ldap_help.
- (ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
- (ks_action_get): Likewise.
- (ks_action_put): Likewise. Also, change data from a 'const void *' to
- a 'void *' and add info and infolen parameters. Add note that
- function may modify DATA.
- * dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
- * dirmngr/server.c: Include "ldap-parse-uri.h".
- (cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
- ldap_parse_uri.
- (hlp_ks_put): Improve documentation.
- (cmd_ks_put): Also pass info and infolen to ks_action_put. Improve
- documentation.
- * dirmngr/ks-engine.h (ks_ldap_help): New declaration.
- (ks_ldap_search): Likewise.
- (ks_ldap_get): Likewise.
- (ks_ldap_put): Likewise.
- * dirmngr/ks-engine-ldap.c: New file.
- * dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
- ldap-parse-uri.c and ldap-parse-uri.h.
- (dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).
-
- Import _gpgme_parse_timestamp from gpgme as parse_timestamp.
- + commit 81e83060856f02f6cfc7b48f8032e0cf14fc6c68
- * common/gettime.h (parse_timestamp): New declaration.
- * common/gettime.c (_win32_timegm): New function imported from
- gpgme/src/conversion.c:_gpgme_timegm.
- (parse_timestamp): New function imported from
- gpgme/src/conversion.c:_gpgme_parse_timestamp.
-
- Move copy_stream function to misc.c.
- + commit 9e79a15f74c428624b0049a3f6a077c1bc7c731d
- * dirmngr/ks-action.c (copy_stream): Move function from here...
- * dirmngr/misc.c (copy_stream): ... to here and drop the static
- qualifier.
- * dirmngr/misc.h (copy_stream): Add declaration.
-
- Move armor_data to misc.c.
- + commit 63552852bf191985b4b55aa524bc397c5b1d1515
- * dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
- * dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
- * dirmngr/misc.h: New declaration.
-
- Add new LDAP utility functions.
- + commit 1a75b7c39f0a84f518711438565645a34fb2673f
- * dirmngr/Makefile.am (module_tests): New variable.
- (noinst_PROGRAMS): New primary. Set it to $(module_tests).
- (TESTS): New variable. Set it to $(module_tests).
- (t_common_src): New variable.
- (t_common_ldadd): Likewise.
- (t_ldap_parse_uri_SOURCES): New primary.
- (t_ldap_parse_uri_LDADD): Likewise.
- * dirmngr/ldap-parse-uri.c: New file.
- * dirmngr/ldap-parse-uri.h: Likewise.
- * dirmngr/t-ldap-parse-uri.c: Likewise.
- * dirmngr/t-support.h: Likewise.
-
- Add new function uri_query_lookup.
- + commit e23b3ba5ffd3134a72da176a039e4d6c4f3ff595
- * common/http.h (uri_query_lookup): New declaration.
- * common/http.c (uri_query_lookup): The corresponding implementation.
-
- Add new function strlist_find.
- + commit 79907ad256f5b84f36cbebdc92e5a05d9e266557
- * common/strlist.h (strlist_find): New declaration.
- * common/strlist.c (strlist_find): New function.
-
- common: Add new helper function, strsplit.
- + commit b18ffcb81a3839dbf09603d70ebb8b80f65892d3
- * common/stringhelp.h (strsplit): New declaration.
- * common/stringhelp.c (strsplit): New function.
- * common/t-stringhelp.c (test_strsplit): New function.
- (main): Call it here.
-
-2015-03-20 Werner Koch <wk@gnupg.org>
-
- gpg: Consider a mailbox only userid in mail search mode.
- + commit bebab54027d8c63574a2680c60481cfe9b88c240
- * kbx/keybox-search.c: Include mbox-util.h.
- (blob_cmp_mail): Improve OpenPGP uid parsing.
-
- common: Add function is_valid_mailbox_mem.
- + commit a0eb2e4e8cef9ca6a5dfbae6440fa6cd583d0805
- * common/mbox-util.c (mem_count_chr): New.
- (my_memstr): New.
- (has_invalid_email_chars): Change args to work on a buffer.
- (is_valid_mailbox_mem): New.
- (is_valid_mailbox): Rewrite to use is_valid_mailbox_mem.
-
- gpg: Find keys using mail addresses with garbage after the '>'
- + commit 783a4a98378fa1aa222d5cb7427dd37151feb08b
- * kbx/keybox-search.c (blob_cmp_mail): Stop comparing at the '>'.
-
- common: Fix syntax error when building with gnutls.
- + commit 5136e39c6466de90697153ea253c4b540c1f7d1a
- * common/http.c (send_request): Add missing comma.
-
-2015-03-19 Werner Koch <wk@gnupg.org>
-
- gpg: Emit status line NEWSIG before signature verification starts.
- + commit e7ddaad0fd2c8774a1d3367adfaa68014eaf65de
- * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG.
-
- agent: Compute correct MPI length header for protected ECC keys.
- + commit cf83ff01fce3ddcbde6d97dffa0db6f277588e25
- * agent/cvt-openpgp.c (apply_protection): Strip leading zeroes from
- opaque MPIs to comply with the OpenPGP spec.
-
- hkps: Fix host name verification when using pools.
- + commit dc10d466bff53821f23d2cb4814c259d40c5d9c5
- * common/http.c (send_request): Set the requested for SNI.
- * dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
- the selecting a host.
-
- Define replacement error codes from libgpg-error 1.19.
- + commit 28bb3ab686c1c994f67a92b6846b3726c58a0bc3
- * common/util.h: Add GPG_ERR_LDAP codes for libgpg-error < 1.19.
-
-2015-03-17 Andre Heinecke <aheinecke@intevation.de>
-
- gpgtar: Fix extracting files with !(size % 512)
- + commit 6cbbb0bec98e1acefc4c7163cc41a507469db920
- * tools/gpgtar-extract.c (extract_regular): Handle size multiples
- of RECORDSIZE.
-
-2015-03-17 Werner Koch <wk@gnupg.org>
-
- common: Add feature to ease using argparse's usage().
- + commit 9078b75a73600fc6b7b5502ceee8de032bb9c446
- * common/argparse.c (show_help): Take care of flag value
- (usage): Ditto.
-
- common: Allow standalone build of argparse.c.
- + commit eb5f2c0af6691229300ac120ee44815cb27ed38e
- * common/argparse.h: Remove types.h - not required.
- * common/argparse.c: Change to allow standalone use.
-
-2015-03-16 Werner Koch <wk@gnupg.org>
-
- gpg: Create all MPIs with RFC-4880 correct length headers.
- + commit ab17f7b6c392782718f57eaea94fc18a0ff49389
- * g10/build-packet.c (gpg_mpi_write): Strip leading zeroes.
-
- gpg: Allow printing of MPI values in --list-mode.
- + commit bcc8250bc5b9a357c6d1444f03e334edec573ede
- * g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
- * g10/misc.c (mpi_print): Do not print an extra leading zero.
-
- gpg: Fix broken write of opaque MPI length header.
- + commit 8bc1debfefb7cd4b0be724317793d59dea37d677
- * g10/build-packet.c (gpg_mpi_write): Use a char array for the length.
-
-2015-03-15 Werner Koch <wk@gnupg.org>
-
- gpg: Fix possible dead code elimination.
- + commit 1a9f13bc663daa75c5009f6a0bf7d7483f12cce0
- * g10/encrypt.c: Change condition for detecting a real file.
-
- g13: Fix pointer wrap check.
- + commit 4bc3a2e954afc2ba7dbe79ba5f740184b7d4cd73
- * g13/utils.c (find_tuple, next_tuple): Cast pointer to size_t before
- doing an overflow check.
-
- agent: Remove useless conditions in command.c.
- + commit 3a35c9740ab792068ec4b3732ecfaa17bf4fc7f0
- * agent/command.c (cmd_setkeydesc): Remove NULL check.
- (cmd_get_passphrase): Ditto.
- (cmd_clear_passphrase): Ditto.
- (cmd_get_confirmation): Ditto.
- (cmd_getval): Ditto.
- (cmd_putval): Ditto.
-
- agent: Fix length test in sshcontrol parser.
- + commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37
- * agent/command-ssh.c (ssh_search_control_file): Check S before
- upcasing it.
-
- agent: Remove useless conditions.
- + commit 95415bdec77a608e6052ba3e2a5d857a8e8f7689
- * agent/genkey.c (agent_ask_new_passphrase): Remove useless condition.
- * agent/command-ssh.c (ssh_identity_register): Ditto.
-
- gpg: Remove useless condition.
- + commit c59b410cf1d5676de7061e5a183c01227aa8e760
- * g10/keylist.c (list_keyblock_colon): Remove useless condition (PK).
- (list_keyblock_print): Likewise.
-
- scd: Fix possible NULL deref in apdu.c.
- + commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa
- * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL.
- (control_pcsc_wrapped): Ditto.
-
- common: Make openpgp_oid_to_str more robust.
- + commit 35db798c2df7f31b52a9dd9d55ea60ae1f325be9
- * common/openpgp-oid.c (openpgp_oid_to_str): Take care of
- gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF.
-
-2015-03-11 Werner Koch <wk@gnupg.org>
-
- agent: Improve error reporting from Pinentry.
- + commit efde50f92af241d8357db83e280a6ece62f6397f
- * agent/call-pinentry.c (unlock_pinentry): Add error logging. Map
- error source of uncommon errors to Pinentry.
-
-2015-03-10 Werner Koch <wk@gnupg.org>
-
- gpg: Change --print-pka-records into an option.
- + commit 7b5b52f3268b093eebbac3f199fb69bf246d9cd1
- * g10/gpg.c (aPrintPKARecords): Rename to oPrintPKARecords and do not
- use it as a command.
- * g10/keylist.c (list_keyblock): List PKA rceords also for secret
- keys.
-
- gpg: Add --list-gcrypt-config and "curve" item for --list-config.
- + commit 14af2be022ccaf826db048fc16959d0222ff1134
- * common/openpgp-oid.c (curve_supported_p): New.
- (openpgp_enum_curves): New.
- * common/t-openpgp-oid.c (test_openpgp_enum_curves): New.
- (main): Add option --verbose.
- * g10/gpg.c (opts): Add --list-gcrypt-config.
- (list_config): Add items "curve" and "curveoid". Remove unused code.
-
-2015-03-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: fix for 64-bit arch.
- + commit bb5a1b7c738d74d5b46340ec7b50000a2d343ca9
- * agent/pksign.c (agent_pksign_do): Use int.
- * scd/app-openpgp.c (get_public_key): Likewise.
-
-2015-03-04 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: avoid chatter about trustdb when --quiet.
- + commit 82146af85b65498a69b28913593dc1ffeb6b6fed
- * g10/trustdb.c (tdb_check_trustdb_stale): avoid log_info() when
- opt.quiet
-
-2015-02-26 Werner Koch <wk@gnupg.org>
-
- gpg: Lowercase mailbox for PKA lookups.
- + commit c071be698efadef1ad01fd3d329d1b486a372927
- * common/stringhelp.c (ascii_strlwr): New.
- * common/mbox-util.c (mailbox_from_userid): Downcase result.
-
- gpg: Fix memory leak due to PKA lookup.
- + commit 91baea2dcde6c1e5ca9e8fa7020d9ab4551d1bca
- * g10/keyserver.c (keyserver_import_pka): Move the xfree.
-
-2015-02-25 Werner Koch <wk@gnupg.org>
-
- gpg: Switch to a hash and CERT record based PKA system.
- + commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b
- * common/dns-cert.c (get_dns_cert): Make r_key optional.
- * common/pka.c: Rewrite for the new hash based lookup.
- * common/t-pka.c: New.
- * configure.ac: Remove option --disable-dns-pka.
- (USE_DNS_PKA): Remove ac_define.
- * g10/getkey.c (parse_auto_key_locate): Always include PKA.
-
- common: Allow requesting a specific certtype with get_dns_cert()
- + commit af60152a4632ef26ca950a424429b15b6c69038d
- * common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all
- callers.
- (CERTTYPE_): Move constants to ...
- * common/dns-cert.h: here as DNS_CERTTYPE_.
-
- Move new mailbox.c source file to common/.
- + commit 9913253610bac69e9503800e85696491e018e327
- * g10/mailbox.c: Move to ...
- * common/mbox-util.c: new file.
- * common/mbox-util.h: New. Include where needed.
- * g10/t-mailbox.c: Move to ...
- * common/t-mbox-util.c: new file.
-
-2015-02-24 Werner Koch <wk@gnupg.org>
-
- gpg: Add command --print-pka-records.
- + commit e2d93402801a2cb822c723e891fd98233fdb3fd5
- * g10/gpg.c (main): Add command --print-pka-records.
- * g10/options.h (struct opt): Add field "print_pka_records".
- * g10/keylist.c (list_keyblock_pka): New.
- (list_keyblock): Call it if new option is set.
- (print_fingerprint): Add mode 10.
-
- gpg: Add function to extract the mailbox.
- + commit 93fa3d5c1760f3fee5412fb29d58fbd60db16ea9
- * g10/misc.c (has_invalid_email_chars, is_valid_mailbox)
- (is_valid_user_id): Move to ...
- * g10/mailbox.c: new file.
- (string_has_ctrl_or_space, has_dotdot_after_at): New.
- (has_invalid_email_chars): New.
-
- * g10/t-mailbox.c: New.
- * g10/Makefile.am (module_tests): Add t-mailbox.
- (t_mailbox_SOURCES, t_mailbox_LDADD): New.
-
-2015-02-23 Werner Koch <wk@gnupg.org>
-
- gpg: Add option to print fingerprints in ICAO spelling.
- + commit ae09515b9d3aae653b62a32ea5b4a9b9e557fc52
- * g10/gpg.c: Add option --with-icao-spelling.
- * g10/options.h (struct opt): Add with_icao_spelling.
- * g10/keylist.c (print_icao_hexdigit): New.
- (print_fingerprint): Print ICAO spelling.
-
- gpg: Skip legacy keys while searching keyrings.
- + commit a8116aacd91b7e775762a62c268fab6cc3c77438
- * g10/getkey.c (search_modes_are_fingerprint): New.
- (lookup): Skip over legacy keys.
-
- common: Fix regression due to commit 2183683b.
- + commit d9f6eea6115df7959564123eb99d633ce5bba42e
- * common/dns-cert.c (get_dns_cert): Remove cruft.
-
-2015-02-19 Werner Koch <wk@gnupg.org>
-
- gpg: Replace remaining uses of stdio by estream.
- + commit d2a70fd8348d6c11d1960caf2afe0701833dad6a
- * g10/sign.c (sign_file): Use log_printf instead of stderr.
- * g10/tdbdump.c (export_ownertrust): Use estream fucntions.
- (import_ownertrust): Ditto.
- * g10/tdbio.c (tdbio_dump_record): Ditto. Change arg to estream_t.
-
- gpg: Fix segv due to NULL value stored as opaque MPI.
- + commit 76c8122adfed0f0f443cce7bda702ba2b39661b3
- * g10/build-packet.c (gpg_mpi_write): Check for NULL return from
- gcry_mpi_get_opaque.
- (gpg_mpi_write_nohdr, do_key): Ditto.
- * g10/keyid.c (hash_public_key): Ditto.
-
-2015-02-12 Werner Koch <wk@gnupg.org>
-
- scd: Fix regression in 2.1.2 (due to commit 2183683)
- + commit 07a71da479daaac43b8c5b1034a1e66f96bdbc48
- * scd/apdu.c (pcsc_vendor_specific_init): Replace use of
- bufNN_to_uint by direct code.
-
-2015-02-12 Andre Heinecke <aheinecke@intevation.de>
-
- dirmngr: Initialize cache from sysconfig dir.
- + commit 070d7bf940efa60db2b0734273b9b3736d18338a
- * dirmngr/certcache.c (cert_cache_init): Load certificates
- from sysconfig dir instead of the homeidr.
- * dirmngr/dirmngr.c (main): Removed parsing of obsolete
- homedir_data option.
- * dirmngr/dirmngr.h (opt): Removed homedir_data.
- * doc/dirmngr.texi: Update and clarify certs directory doc.
-
-2015-02-11 Werner Koch <wk@gnupg.org>
-
- Release 2.1.2.
- + commit fc17562cc4f8d531ae7f0887cf2a96dcc224b021
-
-
- dirmngr: Avoid warning about unused function.
- + commit 8219c87c301ec669f07528e8d8108655f7b705be
- * dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used.
-
- build: Update standard build-aux files.
- + commit 81e93e251e52e427a29556de75640c7933bb5aad
-
-
- Use inline functions to convert buffer data to scalars.
- + commit 2183683bd633818dd031b090b5530951de76f392
- * common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
- (buf16_to_ushort, buf16_to_u16): New.
- (buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
-
-2015-02-09 Werner Koch <wk@gnupg.org>
-
- gpg: Prevent an invalid memory read using a garbled keyring.
- + commit f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
- * g10/keyring.c (keyring_get_keyblock): Whitelist allowed packet
- types.
- * g10/keydb.c (parse_keyblock_image): Ditto.
-
- gpg: Fix a NULL-deref in export due to invalid packet lengths.
- + commit 0835d2f44ef62eab51fce6a927908f544e01cf8f
- * g10/build-packet.c (write_fake_data): Take care of a NULL stored as
- opaque MPI.
-
- gpg: Fix a NULL-deref due to empty ring trust packets.
- + commit 39978487863066e59bb657f5fe4e8baab510da7e
- * g10/parse-packet.c (parse_trust): Always allocate a packet.
-
-2015-02-04 Werner Koch <wk@gnupg.org>
-
- gpg-agent: Use "pinentry-basic" as fallback.
- + commit 0de5c6a9a783ed9dc69cecbf34eadcaace4be243
- * common/homedir.c (get_default_pinentry_name): New.
- (gnupg_module_name): Use that for the default pinentry.
- (gnupg_module_name_flush_some): New.
- * agent/gpg-agent.c (agent_sighup_action): Flush some module names.
- * agent/call-pinentry.c (start_pinentry): Do not modify
- opt.pinentry_program.
-
- w32: Add manifest to gpg.
- + commit 05428d12561bc7eb872a81444918dfe706477a41
- * g10/gpg.w32-manifest.in: New.
- * g10/gpg-w32info.rc: Add manifest.
- * g10/Makefile.am (EXTRA_DIST): Add manifest.
- (gpg-w32info.o): Depend on manifest.
- * configure.ac (BUILD_VERSION): New.
- (AC_CONFIG_FILES): Add manifest.
-
-2015-02-03 Werner Koch <wk@gnupg.org>
-
- Update copyright years.
- + commit 3f67426a89bf4b37e1d2662fddc3eb4fa474c4ad
- * common/w32info-rc.h.in (W32INFO_COMPANYNAME): Change to "The GnuPG
- Project".
-
-2015-02-02 Werner Koch <wk@gnupg.org>
-
- w32: Change default Windows install dir and add bin to PATH.
- + commit 8872657b2a52dd9698224b80e5672e23c5405eda
- * build-aux/speedo.mk (WITH_GUI): New macro. The Windows installer is
- now build by default without any GUI stuff.
- * build-aux/speedo/w32/inst.nsi: Change standard installation
- directory.
- (AddToPath, un.RemoveFromPath): New.
- (gnupginst): Add bin directory to the PATH.
-
-2015-02-01 Werner Koch <wk@gnupg.org>
-
- w32: Allow for Unicocde installation directory.
- + commit 616633b7713081ecc39419494879947cc7f163d0
- * common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
- WinCE.
-
-2015-01-30 Joshua Rogers <git@internot.info>
-
- kbx: Fix resource leak.
- + commit 7db6c82cec49b7c56c403a8ea98364086baf75f3
- * kbx/keybox-update.c (blob_filecopy): Fix resource leak. On error
- return, 'fp' and 'newfp' was never closed.
-
-2015-01-29 Werner Koch <wk@gnupg.org>
-
- agent: Fix use of imported but unprotected openpgp keys.
- + commit 6ab0fac575a8b04152a199cb300a08436b096753
- * agent/agent.h (PRIVATE_KEY_OPENPGP_NONE): New.
- * agent/command.c (do_one_keyinfo): Implement it.
- * agent/findkey.c (agent_key_from_file): Ditto.
- (agent_key_info_from_file): Ditto.
- (agent_delete_key): Ditto.
- * agent/protect.c (agent_private_key_type): Add detection for openpgp
- "none" method.
-
-2015-01-29 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese Translation.
- + commit 6c368533f5211bed62e8638f522cef65c7ba4b87
-
-
-2015-01-28 Werner Koch <wk@gnupg.org>
-
- gpg: Limit the size of key packets to a sensible value.
- + commit 382ba4b137b42d5f25a7e256bb7c053ee5ac7b64
- * g10/parse-packet.c (MAX_KEY_PACKET_LENGTH): New.
- (MAX_UID_PACKET_LENGTH): New.
- (MAX_COMMENT_PACKET_LENGTH): New.
- (MAX_ATTR_PACKET_LENGTH): New.
- (parse_key): Limit the size of a key packet to 256k.
- (parse_user_id): Use macro for the packet size limit.
- (parse_attribute): Ditto.
- (parse_comment): Ditto.
-
- gpg: Fix buffering problem in --list-config.
- + commit d8eea25b8b7becbfa3f059be6f5966a2f1aa7112
- * g10/gpg.c (list_config): Replace print_sanitized_string2 by
- es_write_sanitized.
-
- * common/stringhelp.c (print_sanitized_buffer2): Remove.
- (print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
- (print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
- (print_sanitized_string): Remove.
-
- * sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
- (pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
-
- Add a hook to be called right after main.
- + commit 0c2bfd9d5a49a6134188f8f7820f6ccdebd9f181
- * common/init.c (early_system_init): New stub function.
-
- gpg: Allow predefined names as answer to the keygen.algo prompt.
- + commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7
- * g10/keygen.c (ask_algo): Add list of strings.
-
- agent: Add some extra robustness to extract_private_key.
- + commit 795965437732e50f6216d7f5db0e6174e90548a9
- * agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
- Make sure that R_FLAGS and R_CURVE are set to NULL.
-
-2015-01-28 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix varargs call for 64-bit arch on ECC keys.
- + commit f6d3c6e5263d84b94ebe13df9ff39b02109a2acb
- * scd/app-openpgp.c (store_fpr): Remove CARD_VERSION from the
- arguments.
- (rsa_writekey): Follow the change.
- (do_genkey): Likewise.
- (ecc_writekey): Likewise. Cast to size_t.
-
-2015-01-27 Werner Koch <wk@gnupg.org>
-
- gpg: Fix segv introduced to commit 4d7c9b0.
- + commit 6eebc56687935f3e993eac374b9f4cc5ad3bcf2b
- * g10/keygen.c (get_parameter_passphrase): Take care of R == NULL.
-
-2015-01-27 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix agent_public_key_from_file for ECC.
- + commit 9453d645d4a489f038829c80343c124fff62d635
- * agent/cvt-openpgp.c (extract_private_key): New.
- (convert_to_openpgp): Use extract_private_key.
- * agent/findkey.c (agent_public_key_from_file): Use
- extract_private_key.
-
-2015-01-26 Werner Koch <wk@gnupg.org>
-
- sm: Simplify fix ed8383c6.
- + commit 6c87d1ce66d8e93e6c0f16c06116e9179f6158ba
- * sm/minip12.c (p12_build): Release PWBUF only at the end.
-
-2015-01-25 Joshua Rogers <git@internot.info>
-
- ccid: Remove incorrect expression leading to errors.
- + commit 274d7b17a90908a90ba6ad295c08a79b287fc231
- * scd/ccid-driver.c (send_escape_cmd): Fix setting of 'rc'.
-
-2015-01-23 Werner Koch <wk@gnupg.org>
-
- gpgconf: Fix validity check for UINT32 values.
- + commit 3f6abb57a7b5e54b593c5775c8f7a07d61119705
- * tools/gpgconf-comp.c (option_check_validity): Enable check for
- UINT32.
-
-2015-01-22 Werner Koch <wk@gnupg.org>
-
- gpg: Improve skipping of PGP-2 keys.
- + commit 09e8f35d3808d6e49f891360c341aae3869e8650
- * g10/keydb.c (keydb_search_first, keydb_search_next): Skip legacy
- keys.
- * g10/keyring.c (keyring_get_keyblock): Handle GPG_ERR_LEGACY_KEY.
- (prepare_search): Ditto.
- (keyring_rebuild_cache): Skip legacy keys.
- * g10/keyserver.c (keyidlist): Ditto.
- * g10/trustdb.c (validate_key_list): Ditto.
-
- gpg: Add dedicated error code for PGP-2 keys.
- + commit 6f3d11d8837b00e3a1c4fa881066855c0321d6b2
- * g10/parse-packet.c (parse_key): Return GPG_ERR_LEGACY_KEY for PGP2
- keys.
- * g10/import.c (read_block): Simplify by checking GPG_ERR_LEGACY_KEY.
- * g10/getkey.c (lookup): Silence error message for PGP-2 keys.
-
- * common/util.h (GPG_ERR_LEGACY_KEY): Add replacement for older
- libgpg-error.
-
- gpg: Replace remaining old error code macros by GPG_ERR_.
- + commit 11142e0ad7bc9a9e3c3dccf958d8dbd3312cb993
- * g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
- gpg_strerror.
- (G10ERR_): Remove all macros and change all occurrences by their
- GPG_ERR_ counterparts.
-
- gpg: Remove an unused variable.
- + commit a23c30fb59c0a216763a7972028995d3be42a844
- * g10/getkey.c (getkey_ctx_s): Remove last_rc.
-
-2015-01-21 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix TLS build problems.
- + commit 091c35ec726a4fa4691c2665b13adee6a34b5b66
- * dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
-
- gpg: Support --passphrase with --quick-gen-key.
- + commit 4d7c9b0e9aceedd924d600978bc1b6cae7d5c456
- * g10/keygen.c: Include shareddefs.h.
- (quick_generate_keypair): Support static passphrase.
- (get_parameter_passphrase): New.
- (do_generate_keypair): Use it.
-
- gpg: Re-enable the "Passphrase" parameter for batch key generation.
- + commit aa99ebde778b7b563f35025f1b48954757f840be
- * agent/command.c (cmd_genkey): Add option --inq-passwd.
- * agent/genkey.c (agent_genkey): Add new arg override_passphrase.
- * g10/call-agent.c (inq_genkey_parms): Handle NEWPASSWD keyword.
- (agent_genkey): Add arg optional arg "passphrase".
- * g10/keygen.c (common_gen, gen_elg, gen_dsa, gen_ecc)
- (gen_rsa, do_create): Add arg "passphrase" and pass it through.
- (do_generate_keypair): Make use of pPASSPHRASE.
- (release_parameter_list): Wipe out a passphrase parameter.
-
-2015-01-19 Werner Koch <wk@gnupg.org>
-
- kbx: Minor cleanup for the previous fix.
- + commit 7be1b7d8017cb7ebf1a3855edec0ef5e342cc9c5
- * kbx/keybox-search.c (blob_get_keyid): Rename to
- blob_get_first_keyid. Check number of keys and remove blob type check.
-
-2015-01-19 Damien Goutte-Gattat <dgouttegattat@incenp.org>
-
- kbx: Call skipfnc callback to filter out keys.
- + commit c5956592c171e6fe988e74161aa99636b7f12e4b
- * kbx/keybox-search.c (blob_get_keyid): New.
- (keybox-search): Call skipfnc callback function.
-
-2015-01-13 Andreas Schwier <andreas.schwier@cardcontact.de>
-
- scd: Allow for certificates > 1024 with PC/SC.
- + commit 16a1330fa16f6b23e2661c0175c431ab40da45ff
- * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
- allow for larger certificates.
-
-2015-01-08 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: Fix error code path of map_host.
- + commit 657a26f3af1b3f817d6cde2d091273d332571247
- * dirmngr/ks-engine-hkp.c (map_host): Fix error return.
-
-2015-01-08 Joshua Rogers <git@internot.info>
-
- scd: fix get_public_key for OpenPGPcard v1.0.
- + commit 100b322f5da3066bab5a2b0eb234c631c581c0e4
- * scd/app-openpgp.c (get_public_key): correctly close 'fp' upon use.
-
-2015-01-07 NIIBE Yutaka <gniibe@fsij.org>
-
- dirmngr: fix LDAP query PATTERNS limit check.
- + commit 22b15fccffe613f455f9748c048c8e451724a842
- * dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.
-
- scd: fix merge failure.
- + commit 602f17b5a775f02e0e33a54d3155929dc00e4f53
- * scd/apdu.c (pcsc_pinpad_verify): Remove wrong lines inserted by
- merge.
-
-2015-01-05 Werner Koch <wk@gnupg.org>
-
- sm,g13: Init local vars to avoid compiler warnings.
- + commit 9bf40849a9f86204e113712c4cc285f1ac16127a
- * sm/misc.c (transform_sigval): Init RSA_S_LEN.
- * g13/mount.c (read_keyblob): Init HEADERLEN.
-
- gpg: Remove unused args from a function.
- + commit 616e511f278bf9af04dc66bbb8b05b37bf541f37
- * g10/keyserver.c (parse_keyserver_uri): Remove args configname and
- configlineno. Change all callers.
-
- gpg: Clear a possible rest of the KDF secret buffer.
- + commit 56e688823345bbcfef220b13eb418854f8798b16
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Fix order of args.
-
- build: Require automake 1.14.
- + commit 445bb17d5fe6b53db078082fb033dbc67eea8307
- * configure.ac (AM_INIT_AUTOMAKE): Add serial-tests.
-
-2015-01-04 Werner Koch <wk@gnupg.org>
-
- agent: Make --allow-loopback-pinentry gpgconf changeable.
- + commit ac2cb47fc5c0be539aaa07fd141acdbc0934800f
-
-
-2014-12-22 Joshua Rogers <git@internot.info>
-
- tools: Free variable before return.
- + commit cf88337f8a4f8c98aca4b1da5921d18567b4f474
- * tools/gpgconf-comp.c: Free 'dest_filename' before it is returned
- upon error.
-
-2014-12-22 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- sm: Avoid double-free on iconv failure.
- + commit ed8383c618e124cfa708c9ee87563fcdf2f4649c
- * sm/minip12.c: (p12_build) if jnlib_iconv_open fails, avoid
- double-free of pwbuf.
-
- scd: Avoid double-free on error condition in scd.
- + commit b0b3803e8c2959dd67ca96debc54b5c6464f0d41
- * scd/command.c (cmd_readkey): avoid double-free of cert
-
- avoid future chance of using uninitialized memory.
- + commit 367b073ab5f439ccf0750461d10c69f36998bd62
- * common/iobuf.c: (iobuf_open): initialize len
-
- avoid double-close in unusual dotlock situations.
- + commit 628b111fa679612e23c0d46505b1ecbbf091897d
- * common/dotlock.c: (dotlock_create_unix) avoid double-close()
- in unusual situations.
-
- gpgkey2ssh: clean up varargs.
- + commit 351bca9047d748c3c4f7e9a3cdc476af127b1da3
- * tools/gpgkey2ssh.c (key_to_blob) : ensure that va_end is called.
-
-2014-12-22 Werner Koch <wk@gnupg.org>
-
- doc: Fix memory leak in yat2m.
- + commit 6056d2467310260ddc0db2fe65b737ace6febcaa
- * doc/yat2m.c (write_th): Free NAME.
-
- dirmngr: Fix memory leak.
- + commit 5a556e4e88bcbc926c0922070acaf5f7b25d18fb
- * dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.
-
- * dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
-
- dirmngr: Remove un-needed check.
- + commit 0d5cb55402c44fb5f731ecf85705f845f3091aa7
- * dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
-
- dirmngr,gpgsm: Return NULL on fail.
- + commit abd5f6752d693b7f313c19604f0723ecec4d39a6
- * dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
- * sm/gpgsm.c (parse_keyserver_line): Ditto.
-
-2014-12-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: ECDH Support.
- + commit bdc8efbdd124d836c36cf482216e375421f72891
- * agent/divert-scd.c (divert_pkdecrypt): Support ECDH.
- * scd/app-openpgp.c (get_algo_byte, store_fpr): Support ECDH.
- (send_key_attr): Support ECDH. Fix EdDSA algorithm value.
- (retrieve_key_material): Initialize fields.
- (get_public_key, ecc_writekey, do_writekey): Support ECDH.
- (ecdh_writekey): Remove.
- (do_decipher): Support ECDH.
- (parse_algorithm_attribute): Support ECDH. Fix EdDSA.
-
-2014-12-19 Werner Koch <wk@gnupg.org>
-
- agent: Make sure --max-cache-ttl is >= --default-cache-ttl.
- + commit 76140141699b545f7a988bf5fc101063917e8ce3
- * agent/gpg-agent.c (finalize_rereadable_options): New.
- (main, reread_configuration): Call it.
-
- agent: Keep the session environment for restricted connections.
- + commit 14601eacb51f6c8a60d3d57aee1be11debd94c68
- * agent/command-ssh.c (setup_ssh_env): Move code to ...
- * agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
- calllers.
- * agent/command.c (start_command_handler): Call that fucntion for
- restricted connections.
-
- agent: Fix string prepended to remotely initiated prompts.
- + commit aad8963f7b9d13b319abd413db8f42ec467db913
- * agent/command.c (cmd_setkeydesc): Use %0A and not \n. Make
- translatable.
-
-2014-12-18 Werner Koch <wk@gnupg.org>
-
- build: Remove option to build without agent.
- + commit abec64f3cb04e49ca48cc476a5830a920e2ebf8f
- * configure.ac (build-agent): Set to yes.
-
-2014-12-17 Werner Koch <wk@gnupg.org>
-
- gpgconf: Exit with failure if --launch fails.
- + commit 5cb6df8996623c00eaa2a39e3037101585442f7e
- * tools/gpgconf-comp.c (gc_component_launch): Return an error code.
- * tools/gpgconf.c (main): Exit if launch failed.
-
-2014-12-16 Werner Koch <wk@gnupg.org>
-
- Release 2.1.1.
- + commit 08c00cd4fe432d6852ad1d5c34a234c56aa3617c
-
-
- po: Update the German translation.
- + commit 4ba740bd4734c43e7876f6f6380cc5963789d510
-
-
-2014-12-16 Petr Pisar <petr.pisar@atlas.cz>
-
- po: Update Czech translation.
- + commit 30560491fe42562f4bbdb17d3213f7210f549a0f
-
-
-2014-12-16 Werner Koch <wk@gnupg.org>
-
- gpg: Show private DO information in the card status.
- + commit ce9212924039fba4e479760bba86c61b0d91c469
- * g10/call-agent.c (agent_release_card_info): Free private_do.
- (learn_status_cb): Parse PRIVATE-DO-n stati.
-
-2014-12-16 Ineiev <ineiev@gnu.org>
-
- po: Update Russian translation.
- + commit 5ab5b3fa6921f08dd0a498fe0381735e803d01e3
-
-
-2014-12-16 Jedi <jedi@jedi.org>
-
- po: Update zh_TW translation.
- + commit 668dc6b32cb97608ef65b85d917c86f5aec896ce
-
-
-2014-12-15 Werner Koch <wk@gnupg.org>
-
- gpg: Add sub-command "factory-reset" to --card-edit.
- + commit dd65e21cb4934b40e6f2f7a8095f39fd6d9971bc
- * common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
- * scd/iso7816.c (map_sw): Add this error code.
- * scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
- * scd/app.c (select_application): Allow a return value of
- GPG_ERR_OBJ_TERM_STATE.
- * scd/scdaemon.c (set_debug): Print the DBG_READER value.
- * g10/call-agent.c (start_agent): Print a status line for the
- termination state.
- (agent_scd_learn): Make arg "info" optional.
- (agent_scd_apdu): New.
- * g10/card-util.c (send_apdu): New.
- (factory_reset): New.
- (card_edit): Add command factory-reset.
-
- gpg: Fix regression in notation data regression.
- + commit fc9a35d2dec2f838abac831fd88dca494773e082
- * g10/misc.c (pct_expando): Reorder conditions for clarity.
- * g10/sign.c (write_signature_packets): Fix notation data creation.
-
- gpg: Avoid extra LF in notaion data listing.
- + commit b4e402cb5c6d7fc507e8d5131969145b49640e50
- * g10/keylist.c (show_notation): Use log_printf.
-
-2014-12-12 Werner Koch <wk@gnupg.org>
-
- scd: Fix possibly inhibited checkpin of the admin pin.
- + commit 68b4e7c9e4de0dc3580ca5af3cfd0f20a2691b5e
- * scd/app-openpgp.c (do_check_pin): Do not check a byte of a released
- buffer.
-
- gpg: Let --card--status create a shadow key (card key stub).
- + commit f3f9f9b2844c35f7942ee904d5222523615cdad4
- * agent/command.c (cmd_learn): Add option --sendinfo.
- * agent/learncard.c (agent_handle_learn): Add arg "send" andsend
- certifciate only if that is set.
- * g10/call-agent.c (agent_scd_learn): Use --sendinfo. Make INFO
- optional.
- (agent_learn): Remove.
- * g10/keygen.c (gen_card_key): Replace agent_learn by agent_scd_learn.
-
- gpg: Fix possible read of unallocated memory.
- + commit 193815030d20716d9a97850013ac3cc8749022c9
- * g10/parse-packet.c (can_handle_critical): Check content length
- before calling can_handle_critical_notation.
-
-2014-12-11 Werner Koch <wk@gnupg.org>
-
- build: Replace deprecated autconf macro.
- + commit 1d8ebe4d54eef37da65e7bd5d7386bc04f344447
- * m4/intl.m4: s/AM_PROG_MKDIR_P/AC_PROG_MKDIR_P/
- * m4/po.m4: Ditto.
-
-2014-12-08 Werner Koch <wk@gnupg.org>
-
- dirmngr: Improve dead host detection.
- + commit e8c0ed779579293b3f4592d9337bc15ee0fc3fdd
- * dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
- also for 2 other error messages.
-
- http: Improve diagnostic messages.
- + commit 6d5f12834124ba5ee0e54261531abf95c36c116c
- * common/http.c (send_request): Print TLS alert info
- (connect_server): Detect bogus DNS entry.
-
- gpg: Obsolete some keyserver helper options.
- + commit 5bf93f4ea7a11381dd256b5fd4e5913366828265
- * g10/options.h (opt): Remove keyserver_options.other.
- * g10/gpg.c (main): Obsolete option --honor-http-proxt.
- * g10/keyserver.c (add_canonical_option): Replace by ...
- (warn_kshelper_option): New.
- (parse_keyserver_uri): Obsolete "x-broken-http".
-
- dirmngr: Return a proper error for all dead hosts.
- + commit b72ece6d74d3e385e818ead748eba0cb111b95b3
- * dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
- Return an error code for all dead hosts.
- (make_host_part): Change to return an gpg_error_t. Change all
- callers.
-
- gpg: Write a status line for a failed --send-keys.
- + commit 66ab8f807c96b778f2a2c82b58d3e15ac295e1b2
- * g10/keyserver.c (keyserver_put): Write an status error.
-
-2014-12-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for EdDSA.
- + commit c50c11d5751f46ddb38244a5a07d8274e1e10922
- * scd/app-openpgp.c (get_algo_byte): It catches 22.
- (store_fpr): It's MPI usually, but it's opaque bytes for EdDSA.
-
-2014-12-05 Andre Heinecke <aheinecke@intevation.de>
-
- Document no-allow-mark-trusted option.
- + commit f4ed04fca8885301b567ec004ffff0d6e24f4611
- doc: Document no-allow-mark-trusted for gpg-agent
-
- * doc/gpg-agent.texi: Change allow-mark-trusted doc to
- no-allow-mark-trusted.
-
- --
- Since rev. 78a56b14 allow-mark-trusted is the default option
- and was replaced by no-allow-mark-trusted to disable the
- interactive prompt.
-
-2014-12-05 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix for NIST P-256.
- + commit 8720125f5a283ede34e52c2493b8a9b0226ae62c
- * g10/card-util.c (card_store_subkey): Error check.
- * scd/app-opengpg.c (ecc_writekey): Support NIST P-256.
- (do_writekey): Error check.
-
-2014-12-04 Werner Koch <wk@gnupg.org>
-
- gpg: Allow import of large keys.
- + commit 63e7891f0f9f0228d93c6cd979fbf2797da2b67d
- * g10/import.c (import): Skip too large keys.
- * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 2MB to 5MB.
-
-2014-12-03 Werner Koch <wk@gnupg.org>
-
- gpg: Remove option aliases --[no-]throw-keyid and --notation-data.
- + commit 17b4662984b4669d8dcbbd6705ccfbe6c263319c
- * g10/gpg.c (opts): Remove them.
- * g10/options.h (opt): s/throw_keyid/throw_keyids/ and change users.
-
-2014-12-02 Werner Koch <wk@gnupg.org>
-
- agent: Replace some sprintf.
- + commit fabcf1440a6900b9471f11e4f2a015e9f2d1a74c
- * agent/call-scd.c (agent_card_pksign): Replace sprintf by bin2hex.
- * agent/command-ssh.c (ssh_identity_register): Ditto.
- * agent/pkdecrypt.c (agent_pkdecrypt): Replace sprintf by
- put_membuf_printf.
-
-2014-12-01 Werner Koch <wk@gnupg.org>
-
- tools: Improve watchgnupg portability.
- + commit 0367a4b8cfbf1f197e093ca2b83b27e0a409c3c7
- * configure.ac (AC_CHECK_HEADERS): Check for sys.select.h
- * tools/watchgnupg.c: Include it.
-
- gpg: Fix export bug using exact search with only one key in the keybox.
- + commit f1c3eb4b16ca43b5d3712a3b54c22d17ce85af47
- * g10/export.c (do_export_stream): Disable caching.
- * g10/keyserver.c (keyidlist): Ditto.
-
- scd: Implement socket redirection.
- + commit 2f90b7c21b2f84ca2bf5f4555da9233e84606b4e
- * scd/scdaemon.c (ENAMETOOLONG): New.
- (redir_socket_name): New.
- (cleanup): Take care of a redirected socket.
- (main): Pass redir_socket_name to create_server_socket.
- (create_socket_name): Remove superfluous length check.
- (create_server_socket): Add arg r_redir_name and implement
- redirection. Replace assert for older Assuan by an error message.
-
- dirmngr: Implement socket redirection.
- + commit eede0e59bf6281777da7391752ae4191f3e51204
- * dirmngr/dirmngr.c (ENAMETOOLONG): new.
- (redir_socket_name): New.
- (main): Add Assuan socket redirection.
- (cleanup): Adjust cleanup for redirection.
-
-2014-11-28 Werner Koch <wk@gnupg.org>
-
- agent: Implement socket redirection.
- + commit e1f515b19c7f63b6d0b0253319b9fc41dabed657
- * agent/gpg-agent.c (ENAMETOOLONG): New.
- (redir_socket_name, redir_socket_name_extra)
- (redir_socket_name_ssh): New.
- (remove_socket): Take care of the redir names.
- (main): Pass the redir names to create_server_socket.
- (create_socket_name): Remove length check - that is anyway done later.
- (create_server_socket): Add arg r_redir_name and implement redirection
- if Libassuan is at least 2.14.
-
- gpg: Change another BUG() call to a regular error message.
- + commit e59b1cc7471dd161a627b290c645ef7bd0d9d42c
- * g10/mainproc.c (proc_tree): Replace BUG by a proper error messages.
-
- Add option --no-autostart.
- + commit 7aee3579be6e24a1aa280e75615fc3a11ceef960
- * g10/gpg.c: Add option --no-autostart.
- * sm/gpgsm.c: Ditto.
- * g10/options.h (opt): Add field autostart.
- * sm/gpgsm.h (opt): Ditto.
- * g10/call-agent.c (start_agent): Print note if agent was not
- autostarted.
- * sm/call-agent.c (start_agent): Ditto.
- * g10/call-dirmngr.c (create_context): Likewise.
- * sm/call-dirmngr.c (start_dirmngr_ext): Ditto.
-
-2014-11-27 Мирослав Николић <wk@gnupg.org>
-
- gpg-agent: Add restricted connection feature.
- + commit f173cdcdfbfd083b035516a406c2c754f38a0ace
- * agent/agent.h (opt): Add field extra_socket.
- (server_control_s): Add field restricted.
- * agent/command.c: Check restricted flag on many commands.
- * agent/gpg-agent.c (oExtraSocket): New.
- (opts): Add option --extra-socket.
- (socket_name_extra): New.
- (cleanup): Cleanup that socket name.
- (main): Implement oExtraSocket.
- (create_socket_name): Add arg homedir and change all callers.
- (create_server_socket): Rename arg is_ssh to primary and change
- callers.
- (start_connection_thread): Take ctrl as arg.
- (start_connection_thread_std): New.
- (start_connection_thread_extra): New.
- (handle_connections): Add arg listen_fd_extra and replace the
- connection starting code by parameterized loop.
- * common/asshelp.c (start_new_gpg_agent): Detect the use of the
- restricted mode and don't fail on sending the pinentry environment.
-
- * common/util.h (GPG_ERR_FORBIDDEN): New.
-
- agent: Make auditing of the option list easier.
- + commit ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff
- * agent/gpg-agent.c (opts): Use ARGPARSE_ macros.
-
-2014-11-26 Kristian Fiskerstrand <kf@sumptuouscapital.com>
-
- dirmngr: Only report hkps scheme when available.
- + commit 68a7ccc0c870cce6ab9fefb1aa6fd100e1de129b
- * dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
-
-2014-11-26 Werner Koch <wk@gnupg.org>
-
- gpg: Change a bug() call to a regular error message.
- + commit 1c2140346d6ef9c35e303099d2d15be57869b4d5
- * g10/decrypt-data.c (decrypt_data): Return an error code instead of
- calling BUG().
-
-2014-11-25 Werner Koch <wk@gnupg.org>
-
- Fix buffer overflow in openpgp_oid_to_str.
- + commit 8445ef24fc31e1fe0291e17f90f9f06b536e34da
- * common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
-
- * common/t-openpgp-oid.c (BADOID): New.
- (test_openpgp_oid_to_str): Add test cases.
-
-2014-11-24 Werner Koch <wk@gnupg.org>
-
- gpg: Fix use of uninit.value in listing sig subpkts.
- + commit 596ae9f5433ca3b0e01f7acbe06fd2e424c42ae8
- * g10/parse-packet.c (dump_sig_subpkt): Print regex subpacket
- sanitized.
-
- gpg: Fix off-by-one read in the attribute subpacket parser.
- + commit 0988764397f99db4efef1eabcdb8072d6159af76
- * g10/parse-packet.c (parse_attribute_subpkts): Check that the
- attribute packet is large enough for the subpacket type.
-
- gpg: Fix batch generation of ECC keys.
- + commit b716e6a69919b89c7887d6c7c9b97e58d18fdf95
- * g10/keygen.c (get_parameter_algo): Map ECC algorithm strings
- directly.
-
-2014-11-24 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Distinguish between ARGPARSE_AMBIGUOUS_{OPTION,COMMAND}
- + commit eed16ccebf8fd1fdf9709affbd5c831f6957b8ae
- * common/argparse.c (initialize): Use correct value.
-
- gpg: Refer to --throw-keyids instead of --throw-keyid.
- + commit a3cf781e3bc144aff60e007b9ba59bff7b1b2c9e
- * g10/encrypt.c: adjust error message
-
-2014-11-21 Werner Koch <wk@gnupg.org>
-
- gpg: Track number of skipped v3 keys on import.
- + commit 44c9cc18968b3e1d7568ec41ebf28a07285c61bb
- * g10/import.c (stats_s): Add field v3keys.
- (import): Update this field.
- (import_print_stats): Print v3 key count.
- (read_block): Skip v3 keys and return a count for them.
-
- gpg: Fix regression in parse_key.
- + commit 94a54425144e412bc83e44b7c6323282f49f650f
- * g10/parse-packet.c (parse): Better return just the gpg_err_code.
- (parse_key): Return the error code.
-
- speedo: Add simple logos to the installer.
- + commit 9a85b91e925ac0798d56820353bf5858b212277f
- * build-aux/speedo/w32/README.txt: Include GnuPG Readme.
- * build-aux/speedo/w32/gnupg-logo-150x57.bmp: New.
- * build-aux/speedo/w32/gnupg-logo-164x314.bmp: New.
- * build-aux/speedo/w32/inst.nsi: Add logos.
- * build-aux/speedo.mk ($(bdir)/NEWS.tmp): Extract news items.
-
-2014-11-20 Werner Koch <wk@gnupg.org>
-
- gpg: Fix hash detection for ECDSA.
- + commit f80c2dd78d522f12b2c7afbd5c0763a97d87d2bd
- * g10/sign.c (sign_file): Use DSA or ECDSA and not DSA|EdDSA.
-
- Fix linker problem on OS X.
- + commit cd2c6f36fe5d1d1d45546f5168aead5cbe6487e0
- * common/init.c (default_errsource): Move to the .data segmemt.
-
-2014-11-19 Werner Koch <wk@gnupg.org>
-
- gpg-connect-agent: Add convenience option --uiserver.
- + commit 164a6a9dd4af26668dd0d01061688bf1ceff44bf
-
-
- Add "gpgconf --kill dirmngr" and avoid useless launch before a kill.
- + commit 0e7dd40342bd56810c27db1c38c1928f56f43bfd
- * common/asshelp.c (start_new_gpg_agent): Add arg autostart. Change
- all callers to use 1 for it.
- (start_new_dirmngr): Ditto.
- * tools/gpg-connect-agent.c: Add option --no-autostart.
- (main): Default autostart to 1.
- (start_agent): Implement no-autostart.
- * tools/gpgconf-comp.c (gpg_agent_runtime_change): Use --no-autostart.
- (scdaemon_runtime_change): Ditto.
- (dirmngr_runtime_change): New.
-
- po: Copied missing translations from the 2.0 branch.
- + commit 329ece46bf83871f01eb833d5ebec6da36bfcce0
- * po/LINGUAS: Add new translations.
-
-2014-11-17 Werner Koch <wk@gnupg.org>
-
- gpg: Fix a NULL-deref for invalid input data.
- + commit 32e85668b82f6fbcb824eea9548970804fb41d9e
- * g10/mainproc.c (proc_encrypted): Take care of canceled passpharse
- entry.
-
-2014-11-13 Werner Koch <wk@gnupg.org>
-
- gpg: Make the use of "--verify FILE" for detached sigs harder.
- + commit 69384568f66a48eff3968bb1714aa13925580e9f
- * g10/openfile.c (open_sigfile): Factor some code out to ...
- (get_matching_datafile): new function.
- * g10/plaintext.c (hash_datafiles): Do not try to find matching file
- in batch mode.
- * g10/mainproc.c (check_sig_and_print): Print a warning if a possibly
- matching data file is not used by a standard signatures.
-
- gpg: Fix a missing LF in debug output.
- + commit 22748338da9a78d20aefe3656ba40b0f9d34a681
- * g10/kbnode.c (dump_kbnode): Print a LF.
-
- gpg: Remove PGP-2 related cruft.
- + commit e30cb8f61792e3808f7c8f343fc8545e6c81fe74
- * g10/armor.c (parse_hash_header,carmor_filter): Ignore MD5 in hash
- header.
- (fake_packet): Remove pgp-2 workaround for white space stripping.
- * g10/filter.h (armor_filter_context_t): Remove field pgp2mode.
- * g10/options.h (opt): Remove field pgp2_workarounds.
- * g10/gpg.c (main): Do not set this field.
- * g10/gpgv.c (main): Ditto.
- * g10/mainproc.c (proc_encrypted): Use SHA-1 as fallback s2k hash
- algo. Using MD5 here is useless.
- (proc_plaintext): Remove PGP-2 related woraround
- (proc_tree): Remove another workaround but keep the one for PGP-5.
-
-2014-11-12 Werner Koch <wk@gnupg.org>
-
- gpg: Improve perceived speed of secret key listings.
- + commit 81e177be10273885573f5d1fd88a1ee23479f4ab
- * g10/keylist.c (list_keyblock): Flush stdout for secret keys.
-
- gpg: Fix regression in --refresh-keys.
- + commit eecbed004ca1e9ca23c3892c3a5e6dd174ddf93b
- * g10/keyserver.c (keyserver_get): Factor all code out to ...
- (keyserver_get_chunk): new. Extimate line length.
- (keyserver_get): Split up requests into chunks.
-
- gpg: Add import options "keep-ownertrust".
- + commit ffc2307843ce6c4ac3c8d99ba8c70ffa1ae28e39
- * g10/options.h (IMPORT_KEEP_OWNERTTRUST): New.
- * g10/import.c (parse_import_options): Add "keep-ownertrust".
- (import_one): Act upon new option.
-
-2014-11-11 Werner Koch <wk@gnupg.org>
-
- Remove use of gnulib (part 2)
- + commit b8cdfac353ad96d4ef025c066c16dbde34805661
- * configure.ac (strpbrk): Add to AC_CHECK_FUNCS.
- (gl_EARLY): Remove.
- * common/stringhelp.c (strpbrk) [!HAVE_STRPBRK]: New.
- * common/sysutils.c (gnupg_mkdtemp): New. Based on code from
- glibc-2.6.
- (gnupg_setenv): Rewrite.
- (gnupg_unsetenv): Rewrite.
- * g10/exec.c: Include sysutils.h and replace mkdtemp by gnupg_mkdtemp.
- * g13/be-encfs.c: Ditto.
- * g13/mount.c: Ditto.
- * tools/symcryptrun.c (confucius_mktmpdir): Ditto.
-
- Remove use of gnulib (part 1)
- + commit 1adf719b2d8e2d5b912bf6655731e7e586402654
- * gl/: Remove entire tree.
- * configure.ac: Remove gnulib tests and the gl/ Makefile.
- (setenv): Add to AC_CHECK_FUNCS.
- * autogen.rc (extra_aclocal_flags): Set to empty.
- * Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
- (SUBDIRS): Remove gl/.
- * agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
- * common/Makefile.am (t_common_ldadd): Ditto.
- * dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
- (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
- * g10/Makefile.am (needed_libs): Ditto.
- * g13/Makefile.am (g13_LDADD): Ditto.
- * kbx/Makefile.am (kbxutil_LDADD): Ditto.
- ($(PROGRAMS)): Ditto.
- * scd/Makefile.am (scdaemon_LDADD): Ditto.
- * sm/Makefile.am (common_libs): Ditto.
- * tools/Makefile.am (common_libs, commonpth_libs): Ditto.
-
- * agent/gpg-agent.c: Remove "mkdtemp.h"
- * g10/exec.c: Ditto.
- * scd/scdaemon.c: Ditto.
- * tools/symcryptrun.c: Ditto.
- * common/sysutils.c: Remove "setenv.h"
-
- * common/t-timestuff.c: Use putenv if setenv is not available.
-
-2014-11-07 Werner Koch <wk@gnupg.org>
-
- gpg: Remove warning message for non-implemented search modes.
- + commit 7362c8c6e60939588e817384ae2e29195cb3f518
- * kbx/keybox-search.c (keybox_search): Silently ignore.
- * doc/specify-user-id.texi: Docuement '@", '+', and '.' search
- prefixes.
-
- w32: Fix http access module.
- + commit f0f5cb6b3e525f696b8820c517190e1d84f3b885
- * common/http.c (write_server) [W32]: Rework to use send() instead of
- write even when build with npth.
- (cookie_read) [W32]: Rework to use recv() instead of read even when
- build with npth.
-
- build: Add method to use a custom swdb.lst and use adns with Windows.
- + commit c7c79e31937e2d2fdb4042641786c229e31fbfae
- * build-aux/getswdb.sh: Add option --skip-verify.
- * build-aux/speedo.mk: Add config var CUSTOM_SWDB. Tage adns version
- from swdb and build for Windows with adns.
-
- build: Improve test for ADNS.
- + commit f7e1be24c8fcf588d4e48aa53a85b22bd035e3b0
- * configure.ac <adns>: Use adns_free as probe function for libadns.
- (HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
- (ADNSLIBS): Do not ac_subst - it is only used within configure.
-
-2014-11-05 Werner Koch <wk@gnupg.org>
-
- speedo: Append the date to the Windows installer.
- + commit 8ec0b384a86bd7f67a60ab43ff1540e80c3f729d
- * build-aux/speedo.mk (BUILD_DATESTR): New.
- (dist-source, installer): Use it.
-
- Release 2.1.0.
- + commit e22b459b910762f77245283746de34c67ebc72da
-
-
- Avoid sign extension when shifting the MSB.
- + commit 91b826a38880fd8a989318585eb502582636ddd8
- * sm/fingerprint.c (gpgsm_get_short_fingerprint): Cast MSB before
- shifting.
- * g10/build-packet.c (delete_sig_subpkt): Ditto.
-
-2014-11-04 Werner Koch <wk@gnupg.org>
-
- Remove all expired common CA certificates.
- + commit 46fa1e0fe9f7407f12aa854e5cdb54624af3e89b
- * doc/com-certs.pem: Remove certifciates.
-
-2014-11-02 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid extra pinentries for each subkey in --export-secret-keys.
- + commit f8c993fbe28bf02f1d7aadec823a9dfc935398fa
- * agent/command.c (cmd_export_key): Actually implement the cache_nonce
- feature.
- * g10/export.c (do_export_stream): Make use of a cache_nonce.
-
- gpg: Fix endless loop in keylisting with fingerprint.
- + commit d95f05c314adfecbe0af9073f964030010442f9b
- * g10/getkey.c (getkey_next): Disable cache.
-
- gpg: Minor cleanup for key listing related code.
- + commit 440e8f517008107a9fe1b72cb659b97b7d840de6
- * g10/getkey.c (get_pubkey_next): Divert to getkey_next.
- (get_pubkey_end): Move code to getkey_end.
- * g10/keydb.c (keydb_search_reset): Add a debug statement.
- (dump_search_desc): Add arg HD and print the handle.
-
- gpg: Do not show an useless passphrase prompt in batch mode.
- + commit a929f36693567e57eca89fb48f23cada8ce7291a
- * g10/keygen.c: Remove unused PASSPHRASE related code.
- (proc_parameter_file): Remove useless asking for a passphrase in batch
- mode.
-
-2014-10-31 Werner Koch <wk@gnupg.org>
-
- gpg: Remove superfluous check for Libgcrypt >= 1.4.0.
- + commit f4df71aa2d544ec46a2ded3055ffb21b9842129e
- * g10/gpg.c (main): Remove check.
-
- kbx: Let keydb_search skip unwanted blobs.
- + commit 935edf88ab29b2f63afc2a0e3af1b33c92033ab7
- * kbx/keybox.h (keybox_blobtype_t): New.
- * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
- * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
- non-matching blobs.
- * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
- * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
-
- gpg: Fix --rebuild-keydb-caches.
- + commit 28ae8ad70b3b802e67344468a4765eee6e291c68
- * g10/parse-packet.c (parse_key): Store even unsupported packet
- versions.
- * g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
- versions less than 4.
-
- gpg: Fix testing for secret key availability.
- + commit 433208a5536608c2b40525eebadbbdeb7780d7f2
- * g10/getkey.c (have_secret_key_with_kid): Do not change the search
- mode.
-
- build: Avoid distributing backup files etc.
- + commit b47fe2b14e2a610706bdeff9dbd9a5f7bd6f6b3a
- * Makefile.am (EXTRA_DIST): Do not include directories.
-
-2014-10-30 Werner Koch <wk@gnupg.org>
-
- tests: Speed up the genkey1024.test by using not so strong random.
- + commit 9546aa3cc87fc83a40768a12fbbceb19496ce129
- * agent/gpg-agent.c (oDebugQuickRandom): New.
- (opts): New option --debug-quick-random.
- (main): Use new option.
- * common/asshelp.c (start_new_gpg_agent): Add hack to pass an
- additional argument for the agent name.
- * tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
- starting parameters.
- * tests/openpgp/version.test: Ditto.
-
-2014-10-29 Werner Koch <wk@gnupg.org>
-
- common: Check option arguments for a valid range.
- + commit 0d73a242cb53522669cf712b5ece7d1ed05d003a
- * common/argparse.h (ARGPARSE_INVALID_ARG): New.
- * common/argparse.c: Include limits h and errno.h.
- (initialize): Add error strings for new error constant.
- (set_opt_arg): Add range checking.
-
- Fix stdint.h problem for Apple.
- + commit f5592fcff308007322a201c970a6d5e8763c9fe3
- * gl/stdint_.h [__APPLE__]: Include hack.
-
-2014-10-27 Werner Koch <wk@gnupg.org>
-
- speedo: Fixes for native build.
- + commit 158fe900183daf745821dea7a70cf1c673cd8de0
- * build-aux/speedo.mk (TARGETOS): Init with empty string.
- (speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
- (INST_VERSION, INST_PROD_VERSION): Create only for w32.
-
-2014-10-24 Werner Koch <wk@gnupg.org>
-
- agent: Support pinentries with integrated repeat passphrase feature.
- + commit c9aadcb3a248632c07391ff3d829bece9320a901
- * agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
- with_repeat.
- * agent/call-pinentry.c (close_button_status_cb): Rewrite and check
- for PIN_REPEAT. Change users to check only the relevant bit.
- (agent_askpin): Support repeat logic of new Pinentries.
-
- * agent/command-ssh.c (ssh_identity_register): Use the new repeat
- feature.
- * agent/genkey.c (agent_ask_new_passphrase): Ditto.
-
-2014-10-19 Werner Koch <wk@gnupg.org>
-
- gpg: Silence "packet with obsolete versoin" warnings.
- + commit 472a4a0d82add2d17154fa38e0074eaea56c28c1
- * g10/parse-packet.c (parse_key): Print warning only in very verbose
- mode.
-
- gpg: Make card key generation work again.
- + commit 1b8decc4767f0c55867327bdf3113204efcd19a7
- * g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
- (agent_learn): New.
- * g10/keygen.c (gen_card_key): Call new agent-learn.
-
-2014-10-17 Werner Koch <wk@gnupg.org>
-
- dirmngr: Allow building without LDAP support.
- + commit 6d9491842d5da597980eaa59e1e3e2137965fe09
- * configure.ac: Add option --disable-ldap.
- (USE_LDAP): New ac_define and am_conditional.
- * dirmngr/Makefile.am: Take care of USE_LDAP.
- * dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
- and do not call any ldap function.
- * dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
- * dirmngr/crlfetch.c (!USE_LDAP): Ditto.
-
- w32: Set SYSROOT to help finding config scripts.
- + commit a13705f4c18db56765f4af31376e81241dbabebe
- * autogen.sh <build-w32>: Set SYSROOT.
-
- gpg: Remove all support for v3 keys and always create v4-signatures.
- + commit 8fd150b05b744fe9465057c12529d5e6b6b02785
- * g10/build-packet.c (do_key): Remove support for building v3 keys.
- * g10/parse-packet.c (read_protected_v3_mpi): Remove.
- (parse_key): Remove support for v3-keys. Add dedicated warnings for
- v3-key packets.
- * g10/keyid.c (hash_public_key): Remove v3-key support.
- (keyid_from_pk): Ditto.
- (fingerprint_from_pk): Ditto.
-
- * g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
- * g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
- oForceV4Certs, oNoForceV4Certs.
- (opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
- --no-force-v4-certs int dummy options.
- (main): Remove setting of the force_v3_sigs force_v4_certs flags.
- * g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
- * g10/sign.c (hash_uid): Remove support for v3-signatures
- (hash_sigversion_to_magic): Ditto.
- (only_old_style): Remove this v3-key function.
- (write_signature_packets): Remove support for creating v3-signatures.
- (sign_file): Ditto.
- (sign_symencrypt_file): Ditto.
- (clearsign_file): Ditto. Remove code to emit no Hash armor line if
- only v3-keys are used.
- (make_keysig_packet): Remove arg SIGVERSION and force using
- v4-signatures. Change all callers to not pass a value for this arg.
- Remove all v3-key related code.
- (update_keysig_packet): Remove v3-signature support.
- * g10/keyedit.c (sign_uids): Always create v4-signatures.
-
- * g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
- change caller.
-
-2014-10-13 Werner Koch <wk@gnupg.org>
-
- gpg: Remove extra RSA import status line.
- + commit fab89f159bcb36ea7285af661d5756eefa981822
- * g10/import.c (stats_s): Remove field "imported_rsa".
- (import_print_stats): Do not print separate value for RSA.
- (import_one): Remove the RSA counter.
-
- gpg: Fix informative printing of user ids.
- + commit 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0
- * g10/getkey.c (keyid_list): Add field "fpr".
- (cache_user_id): Store fpr and check for dups only by fpr.
- (get_pubkey_byfpr): New.
- (get_user_id_string): Make static and use xasprintf.
- (get_long_user_id_string): Use xasprintf.
- (get_user_id_byfpr): New.
- (get_user_id_byfpr_native): New.
- * g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
- * g10/import.c (import_one): Use get_user_id_byfpr_native.
-
- gpg: Allow importing keys with duplicated long key ids.
- + commit c60814a5ce13932d933b363abc0c60c12783ae2f
- * g10/keydb.c (keydb_handle): Add field no_caching.
- (keyblock_cache): Repalce field kid by fpr.
- (keydb_disable_caching): New.
- (keydb_search): Use the fingerprint as cache index.
-
- * g10/import.c (import_one): Use the fingerprint and not the kid to
- lookup the key. Call keydb_disable_caching beofre re-searching for
- update.
-
- * tests/openpgp/import.test: Add a test case.
-
- tests: Speed up conventional encryption tests for gpg.
- + commit 2543f0ab9c7b4247347688863f898667bae31984
- * tests/openpgp/conventional-mdc.test: Add an s2k-count option.
- * tests/openpgp/conventional.test: Ditto.
-
-2014-10-12 Werner Koch <wk@gnupg.org>
-
- gpg: Minor change for better readability.
- + commit 2d68dc437e7de92619abe3a019b0a7606487b6bf
- * g10/build-packet.c (write_version): Remove.
- (do_pubkey_enc, do_onepass_sig): Write version directly.
-
-2014-10-10 Werner Koch <wk@gnupg.org>
-
- doc: Fix a man page rendering problem.
- + commit 5b5e5a6027ae1743719e112aa4e9055f1b8133a7
- * doc/gpg-agent.texi (Agent Configuration): Fix rendering of the
- sshcontrol example.
-
-2014-10-10 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Add build and runtime support for larger RSA keys.
- + commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af
- * configure.ac: Added --enable-large-secmem option.
- * g10/options.h: Add opt.flags.large_rsa.
- * g10/gpg.c: Contingent on configure option: adjust secmem size,
- add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
- * g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
- * doc/gpg.texi: Document --enable-large-rsa.
-
-2014-10-09 Werner Koch <wk@gnupg.org>
-
- gpg: Skip overlong keys and a print a warning.
- + commit 2ca90f78cee91c43b8d538d1cb92728f8e1452d5
- * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
- long blobs.
- * sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
- * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
- (keydb_search_reset): Reset that field.
- (keydb_search): Update that field.
- (keydb_get_skipped_counter): New.
- * g10/keylist.c (list_all): Print count of skipped keys.
-
- gpg: Sync keylist output and warning messages.
- + commit 60e21d8b85888b8c9ea15c70268f98d780fdf5fb
- * g10/keylist.c (list_all): Flush stdout before logging.
- * g10/misc.c (print_pubkey_algo_note): Ditto.
- (print_cipher_algo_note): Ditto.
- (print_digest_algo_note): Ditto.
- (print_md5_rejected_note): Ditto.
-
- kbx: Fix handling of overlong keys.
- + commit b6507bb80e4e4aa5c85a918fdcf5c28cccb75081
- * kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB.
- (_keybox_read_blob2): Skip too long record records.
- (_keybox_write_blob): Do not accept too long record.
- * kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs.
- (_keybox_dump_file): Print new counter.
- (_keybox_dump_file): Skip too long records.
- ----
-
- To test this feature you may set the limit back to 1MiB and use key
- F7F0E70F307D56ED which is in my local copy close to 2MiB. Without
- this patch it was possible to import the key but access to that key
- and all keys stored after it was not possible.
-
- gpg: Take care to use pubring.kbx if it has ever been used.
- + commit ec332d58efc50f6508b87fc9f51db68c39cee044
- * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
- * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
- flag.
- * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
- and set header flag.
- * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
- and add arg for_openpgp.
- (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
- former keybox_new.
- * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
- openpgp header flags.
-
- * g10/keydb.c (rt_from_file): New. Factored out and extended from
- keydb_add_resource.
- (keydb_add_resource): Switch to the kbx file if it has the openpgp
- flag set.
-
- * kbx/keybox-dump.c (dump_header_blob): Print header flags.
-
-2014-10-09 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- Avoid unnecessary library linkage.
- + commit 27fe067efea883629354450a042ad09e47d90ff8
- * dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
- * g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
- need $(LIBASSUAN_LIBS)
- * sm/Makefile.am: gpgsm does not need $(ZLIBS)
- * tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
-
-2014-10-08 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid error exit if keygrip computations fails in a key listing.
- + commit 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97
- * g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error.
-
-2014-10-03 Werner Koch <wk@gnupg.org>
-
- Release 2.1.0-beta864.
- + commit 0943c7cc23371943e9670a2f35c318d847cbac6a
-
-
- gpg: Allow creating a cert-only primary key.
- + commit bc8583f247898a1fa45f6de834d34b335ab1952c
- * g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
-
- build: Add configure options --disable-{ntb,gnu}tls.
- + commit 6522a68d8d11e15ee77102e6830f251c2d9f440d
- * configure.ac: Add --disable-ntbtls and --disable-gnutls.
-
-2014-10-03 Andre Heinecke <aheinecke@intevation.de>
-
- gpg: Check gpg-agent version before 2.1 migration.
- + commit a6fcdbc9e0fc0e45a3badc23813e689e83059b61
- * g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
- * g10/migrate.c (migrate_secring): Abort migration if
- agent_get_version returns not at least 2.1.0
-
-2014-10-03 Werner Koch <wk@gnupg.org>
-
- po: Update German translation.
- + commit b15d5d42adf31c0797797ebe19c471ab6f52c668
-
-
- Remove support for the GPG_AGENT_INFO envvar.
- + commit 9c380384dafb213334f8834178c5ceb0bf33db6e
- * agent/agent.h (opt): Remove field use_standard_socket.
- * agent/command.c (cmd_killagent): Always allow killing.
- * agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
- --write-env-file into dummy options. Always return true for
- --use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
- setting or set that envvar.
- (create_socket_name): Simplify by removing non standard socket
- support.
- (check_for_running_agent): Ditto.
- * common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
- * common/simple-pwquery.c (agent_open): Ditto.
- * configure.ac (GPG_AGENT_INFO_NAME): Remove.
- * g10/server.c (gpg_server): Do not print the AgentInfo comment.
- * g13/server.c (g13_server): Ditto.
- * sm/server.c (gpgsm_server): Ditto.
- * tools/gpgconf.c (main): Simplify by removing non standard socket
- support.
-
-2014-10-02 Werner Koch <wk@gnupg.org>
-
- gpg: Fix regression removing SHA256.
- + commit 688a903b4b3ad348c0d09e9d3fab8a12f4f94311
- * g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
-
- First changes for future use of NTBTLS.
- + commit f2361e6d582d4343d71d294ed1da654afe7750ee
- * configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
- (HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
- * m4/ntbtls.m4: New.
- * m4/Makefile.am (EXTRA_DIST): Add new file.
- * common/http.c: Add conditionals to eventually use NTBTLS.
-
- build: Update m4 scripts.
- + commit 6bc0cd6202033be113999dbf27be4014bdf2c784
- * m4/gpg-error.m4: Update from Libgpg-error git master.
- * m4/libgcrypt.m4: Update from Libgcrypt git master.
- * configure.ac: Declare SYSROOT a precious variable. Add extra error
- message for library configuration mismatches.
-
-2014-09-29 Werner Koch <wk@gnupg.org>
-
- doc: Remove GnuPG-1 related parts from gpg.texi.
- + commit edd191e5b006dc6ace1d41672e7201cbe58c41c9
- * doc/Makefile.am (YAT2M_OPTIONS): Add 2.1 to the source info.
- * doc/gpg.texi: Remove gpg1 related texts.
-
-2014-09-27 Werner Koch <wk@gnupg.org>
-
- gpg: Default to SHA-256 for all signature types on RSA keys.
- + commit d33246700578cddd1cb8ed8164cfbba50aba4ef3
- * g10/main.h (DEFAULT_DIGEST_ALGO): Use SHA256 in --gnupg and SHA1 in
- strict RFC or PGP modes.
- * g10/sign.c (make_keysig_packet): Use DEFAULT_DIGEST_ALGO also for
- RSA key signatures.
- * configure.ac: Do not allow to disable sha256.
-
- gpg: Simplify command --gen-key and add --full-gen-key.
- + commit f3625bb018fa8d5bc754f982996f8788386f0a9d
- * g10/gpg.c (aFullKeygen): New.
- (opts): Add command --full-key-gen.
- (main): Implement it.
- * g10/keygen.c (DEFAULT_STD_ALGO): Replace wrong GCRY_PK_RSA although
- the value is identical.
- (DEFAULT_STD_CURVE): New.
- (DEFAULT_STD_SUBALGO): New.
- (DEFAULT_STD_SUBKEYSIZE): New.
- (DEFAULT_STD_SUBCURVE): New.
- (quick_generate_keypair): Use new macros here.
- (generate_keypair): Add arg "full" and fix call callers. Do not ask
- for keysize in non-full node.
- (ask_user_id): Add arg "full" and simplify for non-full mode.
-
-2014-09-26 Werner Koch <wk@gnupg.org>
-
- gpg: Add shortcut for setting key capabilities.
- + commit 7ff4ea2160e87a16bf701552d3b9c7ab1c42f9ec
- * g10/keygen.c (ask_key_flags): Add shortcut '='.
- * doc/help.txt (gpg.keygen.flags): New.
-
-2014-09-25 Werner Koch <wk@gnupg.org>
-
- gpg: Do not always print dashes in obsolete_option.
- + commit 20c6da50d4f6264d26d113d7de606971f719a0ca
- * g10/gpg.c (main): Pass option names to obsolete_option without
- double dash.
- * g10/misc.c (obsolete_option, obsolete_scdaemon_option): Print double
- dash only for command line options.
-
-2014-09-25 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Warn about (but don't fail) on scdaemon options in gpg.conf.
- + commit 371c2b14b0347209efd23b4e54e1981a12d7aeab
- * g10/gpg.c: Add config options that should belong in scdaemon.conf
- * g10/main.h, g10/misc.c (obsolete_scdaemon_option): New.
-
-2014-09-22 Werner Koch <wk@gnupg.org>
-
- speedo: Check that wget and gpgv are installed.
- + commit 59b6f6f16e095162358ac2001aeb2c058de2fd1e
- * build-aux/getswdb.sh: Check for required tools.
-
- speedo: Autodetect sha1sum tools.
- + commit 2427bc5bc76b00cfe790e1f370113f5b4199e8fa
- * build-aux/getswdb.sh: Add option --find-sha1sum.
- * build-aux/speedo.mk (check-tools): New phony target. Not yet used.
- (SHA1SUM): New var. Use it instead of sha1sum.
-
- gpg: Create default keyring with .kbx suffix.
- + commit bc2f5c1d1afbe8ba413e594639fd05f19df32f75
- * g10/keydb.c (maybe_create_keyring_or_box): Rename arg for clarity.
- (keydb_add_resource): Fix order of args to maybe_create_keyring_or_box
- and check and create .kbx.
-
-2014-09-20 Werner Koch <wk@gnupg.org>
-
- gpg: --delete-secret-key - check that a secret key exists.
- + commit 1d33d03f0bb576601f5eef1a548cbc519f251b17
- * g10/delkey.c (do_delete_key): Check availibility of a secret key.
-
- gpg: Make algorithm selection prompt for ECC more clear.
- + commit cf648fc5c8cb20bfea4fd303631ba311bbaf3659
- * g10/keygen.c (ask_algo): Change 9 to "ECC and ECC".
-
-2014-09-18 Werner Koch <wk@gnupg.org>
-
- Release 2.1.0-beta834.
- + commit 93f158df381af86036332c4314c2d4a64eab3e62
-
-
- speedo: Distribute needed files.
- + commit 72a16d80d4505aa0ff509aae41f848bbe42ed129
- * Makefile.am (EXTRA_DIST): Add speedo stuff.
-
- build: Enable gpgtar by default.
- + commit 345a8374f31e637a99e6438e527670cf6845ca05
-
-
- common: Do not build maintainer modules in non-maintainer mode.
- + commit 927db789c19cbe5656ff980841ee37dd3a8989e7
- * common/Makefile.am (module_maint_tests): Use only in maintainer
- mode.
- (t_common_cflags): New.
-
- common: Remove superfluous statements.
- + commit cad181b5ece3ab6910575c82c731ce2b47271a09
- * common/exechelp-posix.c: Remove weak pragmas.
- * common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
- const.
-
- g13: Avoid segv after pipe creation failure.
- + commit 6e7bcabd781a3ca9ad7dd90d962fb2a239feab4a
- * g13/call-gpg.c (gpg_encrypt_blob): Init some vars in case of an
- early error.
- (gpg_decrypt_blob): Ditto.
-
- scd: Fix int/short mismatch in format string of app-p15.c.
- + commit b17e8bbf20239e840763f98d3e62f16efdc82ba3
- * scd/app-p15.c (parse_certid): Use snprintf and cast value.
- (send_certinfo): Ditto.
- (send_keypairinfo): Ditto.
- (do_getattr): Ditto.
-
- agent: Init a local variable in the error case.
- + commit f82a6e0f08725008c5bbf702a5f4c175ea09f01c
- * agent/pksign.c (do_encode_md): Init HASH on error.
-
- agent: Remove left over debug output.
- + commit 4f35ef499ac913036b7b69296a62afe8159b90b8
- * agent/command-ssh.c (ssh_signature_encoder_eddsa): Remove debug
- output.
-
- agent: Silence compiler warning for a debug message.
- + commit ba6f8b3d9ec83b35c4f3839853567491fee2f99c
- * agent/call-pinentry.c (agent_query_dump_state): Use %p for
- POPUP_TID.
-
- sm: Silence compiler warnings.
- + commit 34b2e8c7dcb0edb28f99edbd788d73491334e3c0
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Remove unused var I.
- * sm/certreqgen.c (proc_parameters): Init PUBLIC to avoid compiler
- warning.
-
- gpg: Silence a compiler warning.
- + commit 6a0c3fa19cfcdd590b96691e8a8ffb48fb5e0ec4
- * g10/parse-packet.c (enum_sig_subpkt): Replace hack.
-
- gpg: Replace a hash algo test function.
- + commit 327134934d79d141d92170ad3b4a6ef3cb718ee0
- * g10/gpg.c (print_mds): Replace openpgp_md_test_algo.
-
- speedo: Various fixes.
- + commit 2f065d7ab6c514013eb8504281f50284764c26ec
- * build-aux/speedo.mk: Take zlib and bzip2 from ftp.gnupg.org. Minor
- other fixes.
-
-2014-09-17 Werner Koch <wk@gnupg.org>
-
- gpg: Print a warning if the subkey expiration may not be what you want.
- + commit ae3d1bbb65b65cf3c57bb14886be120f5e31635d
- * g10/keyedit.c (subkey_expire_warning): New.
- (keyedit_menu): Call it when needed.
-
- gpg: Improve passphrase caching.
- + commit 457bce5cd39146df047e4740162125c32c738789
- * agent/cache.c (last_stored_cache_key): New.
- (agent_get_cache): Allow NULL for KEY.
- (agent_store_cache_hit): New.
- * agent/findkey.c (unprotect): Call new function and try to use the
- last stored key.
-
- * g10/revoke.c (create_revocation): Add arg CACHE_NONCE and pass to
- make_keysig_packet.
- (gen_standard_revoke): Add arg CACHE_NONCE and pass to
- create_revocation.
- * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke with
- cache nonce.
-
-2014-09-12 Werner Koch <wk@gnupg.org>
-
- gpg: Use algorithm id 22 for EdDSA.
- + commit 83c2d2396cc9fa6bdd887a560830fc0f48b01b08
- * common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
- * g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
-
-2014-09-11 Werner Koch <wk@gnupg.org>
-
- gpg: Stop early on bogus old style comment packets.
- + commit 3d250d21d36e8a0935b645f1ed5134ef9083530e
- * g10/parse-packet.c (parse_key): Take care of too short packets for
- old style commet packets.
-
-2014-09-10 Werner Koch <wk@gnupg.org>
-
- dirmngr: Support https for KS_FETCH.
- + commit 84419f42da0fd436a9e0e669730157e74ce38b77
- * dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
- * dirmngr/misc.c (cert_log_cb): here.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
- and https.
-
- dirmngr: Fix the ks_fetch command for the http scheme.
- + commit 3b20cc21de86ac8a475bdefd3aebb02a12fb8d0b
- * common/http.c (http_session_ref): Allow for NULL arg.
-
-2014-09-08 Werner Koch <wk@gnupg.org>
-
- gpg: Fix memory leak in ECC encryption.
- + commit 98f65291d7abecc1e4d618125f33b6ce759e0892
- * g10/pkglue.c (pk_encrypt): Fix memory leak and streamline error
- handling.
-
-2014-09-02 Werner Koch <wk@gnupg.org>
-
- gpg: Fix export of NIST ECC keys.
- + commit bf2fc12b83b45953f7afa403b8d91c36d0b50ec9
- * common/openpgp-oid.c (struct oidtable): New.
- (openpgp_curve_to_oid): Rewrite and allow OID as input.
- (openpgp_oid_to_curve): Make use of the new table.
-
- agent: Fix import of OpenPGP EdDSA keys.
- + commit afe85582ddc2ebc285728bf6417f8929fd0b3281
- * agent/cvt-openpgp.c (get_keygrip): Special case EdDSA.
- (convert_secret_key): Ditto.
- (convert_transfer_key): Ditto.
- (apply_protection): Handle opaque MPIs.
-
- (do_unprotect): Check FLAG_OPAQUE instead of FLAG_USER1 before
- unpacking an opaque mpi.
-
-2014-09-01 Kyle Butt <kylebutt@gmail.com>
-
- gpg: Fix export of ecc secret keys by adjusting check ordering.
- + commit 4054d86abcb7ad953ed9e988b1765cb9266faefd
- * g10/export.c (transfer_format_to_openpgp): Move the check against
- PUBKEY_MAX_NSKEY to after the ECC code adjusts the number of
- parameters.
-
-2014-09-01 Werner Koch <wk@gnupg.org>
-
- agent: Allow key unprotection using AES-256.
- + commit c913e09ebdbb1a1e9838a0a5897448841f5e9bc3
- * agent/protect.c (PROT_CIPHER): Rename to GCRY_CIPHER_AES128 for
- clarity.
- (do_decryption): Add args prot_cipher and prot_cipher_keylen. USe
- them instead of the hardwired values.
- (agent_unprotect): Change to use a table of protection algorithms.
- Add AES-256 variant.
-
-2014-08-28 Werner Koch <wk@gnupg.org>
-
- gpg: Do not show "MD5" and triplicated "RSA" in --version.
- + commit be98b5960ebd48929c399b0b91c95bfc0cb9749b
- * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
- (build_list_md_test_algo): Ignore MD5.
-
- gpg: Do not show "MD5" and triplicated "RSA" in --version.
- + commit 40ad42dbe3c67d8103aedb6b584f4bedc5f93307
- * g10/gpg.c (build_list_pk_test_algo): Ignore RSA aliases
- (build_list_md_test_algo): Ignore MD5.
-
-2014-08-26 Werner Koch <wk@gnupg.org>
-
- gpg: Remove CAST5 from the default prefs and order SHA-1 last.
- + commit 15cfd9a3bcdd561091a28c8f989c616b87348463
- * g10/keygen.c (keygen_set_std_prefs): Update prefs.
-
- Switch to the libgpg-error provided estream.
- + commit 519305feb888b529c005b40445d041a088a2f8fc
- * configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
- (GPGRT_ENABLE_ES_MACROS): Define.
- (estream_INIT): Remove.
- * m4/estream.m4: Remove.
- * common/estream-printf.c, common/estream-printf.h: Remove.
- * common/estream.c, common/estream.h: Remove.
- * common/init.c (_init_common_subsystems): Call gpgrt initialization.
-
- gpg: Allow for positional parameters in the passphrase prompt.
- + commit a731c22952278c12c601b73d7581fda3a15a4b5b
- * g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
-
-2014-08-20 Werner Koch <wk@gnupg.org>
-
- gpg: Fix "can't handle public key algorithm" warning.
- + commit cb680c5ea540738692a5c74951802b0fdc658e85
- * g10/parse-packet.c (unknown_pubkey_warning): Check for encr/sign
- capabilities.
-
-2014-08-19 Werner Koch <wk@gnupg.org>
-
- speedo: Get version numbers from online database.
- + commit 31649e72fd106a990614ce3cf720640a841ba722
- * build-aux/getswdb.sh: New.
- * build-aux/speedo.mk: Get release version numbers from swdb.lst.
-
- build: Create VERSION file via autoconf.
- + commit 4fc1c712e986f280057b1bce7ca4696ba6d95dfc
- * Makefile.am (dist-hook): Remove creation of VERSION.
- (EXTRA_DIST): Add VERSION.
- * configure.ac: Let autoconf create VERSION.
-
-2014-08-18 Werner Koch <wk@gnupg.org>
-
- gpg: Install the current release signing pubkey.
- + commit e5da80bc1888bf8801e69c9ff99f7f47550f7a09
- * g10/distsigkey.gpg: New.
-
- agent: Return NO_SECKEY instead of ENONET for PKSIGN and others.
- + commit 3981ff15f3c0829ba22cd37794353502d996683c
- * agent/pksign.c (agent_pksign_do): Replace ENONET by NO_SECKEY.
- * agent/findkey.c (agent_key_from_file): No diagnostic for NO_SECKEY.
- * agent/pkdecrypt.c (agent_pkdecrypt): Replace checking for ENOENT.
-
- kbx: Make user id and signature data optional for OpenPGP.
- + commit e4aa006e4807285ffdd881e4e05af3bc47c5c964
- * kbx/keybox-blob.c (_keybox_create_openpgp_blob): Remove restriction.
-
- gpg: Change default cipher for --symmetric from CAST5 to AES-128.
- + commit 57df1121c18b004dd763b35eabf7b51fc9e8ec38
- * g10/main.h (DEFAULT_CIPHER_ALGO): Chhange to AES or CAST5 or 3DES
- depending on configure option.
- * g10/gpg.c (main): Set opt.s2k_cipher_algo to DEFAULT_CIPHER_ALGO.
-
- yat2m: Support @set and @value.
- + commit 425d0750168f6b66a5d78a857cf21375a8f129eb
- * doc/yat2m.c (variablelist): New.
- (set_variable): New.
- (macro_set_p): Also check the variables.
- (proc_texi_cmd): Support the @value command.
- (parse_file): Support the @set command.
- (top_parse_file): Release variablelist.
-
- yat2m: Support the $* command for man page rendering.
- + commit 7e51ef0f77962f5fb215da53817caf28899ca190
-
-
-2014-08-17 Werner Koch <wk@gnupg.org>
-
- estream: Change license from GPL to LPGL.
- + commit af1196512f505e8a3a338f9b72394fa3585a5234
- * common/estream-printf.c, common/estream-printf.h: Change license.
- * common/estream.c, common/estream.h: Ditto.
-
-2014-08-14 Werner Koch <wk@gnupg.org>
-
- Release 2.1.0-beta783.
- + commit a13198d9bcee368a8de7a401feb017efc83ff795
-
-
- po: Update the German (de) translation.
- + commit fe9ff33b9dc8793957998341cf4bcf5e50827b41
-
-
- sm: Create homedir and lock empty keybox creation.
- + commit c4b60cdae8dbf68206fd105fd09adeb61a9dafe4
- * sm/gpgsm.h (opt): Add field "no_homedir_creation".
- * sm/gpgsm.c (main): Set it if --no-options is used.
- * sm/keydb.c (try_make_homedir): New. Similar to the one from
- g10/openfile.c.
- (maybe_create_keybox): New. Similar to the one from g10/keydb.c.
- (keydb_add_resource): Replace some code by maybe_create_keybox.
-
- gpg: Screen keyserver responses.
- + commit c23c18c1543d1ff58f0f78baaa6a8e319c659ecb
- * g10/main.h (import_screener_t): New.
- * g10/import.c (import): Add screener callbacks to param list.
- (import_one): Ditto.
- (import_secret_one): Ditto.
- (import_keys_internal): Ditto.
- (import_keys_stream): Ditto.
- * g10/keyserver.c (struct ks_retrieval_screener_arg_s): New.
- (keyserver_retrieval_screener): New.
- (keyserver_get): Pass screener to import_keys_es_stream().
-
- scd: Minor changes to app-sc-hsm.
- + commit a61b28df1f29b1e306115282ec1ce580fa54945a
- * scd/app-sc-hsm.c: Re-indendet some parts and set some vars to NULL
- after xfree for improbed robustness.
- (read_ef_prkd): Replace serial operator by blocks for better
- readability.
- (apply_PKCS_padding): Rewrite for easier auditing.
- (strip_PKCS15_padding): Ditto. Add stricter check on SRCLEN.
-
- gpg: Disable an MD5 workaround for pgp2 by default.
- + commit ae29b52119aa419989b773b2d6abb6e287dfc81b
- * g10/sig-check.c (do_check): Move some code to ...
- * g10/misc.c (print_md5_rejected_note): new function.
- * g10/mainproc.c (proc_tree, proc_plaintext): Enable MD5 workaround
- only if option --allow-weak-digest-algos is used.
-
- gpg: Remove options --pgp2 and --rfc1991.
- + commit 2b8d8369d59249b89526c18c5ac276e6445dc35e
- * g10/gpg.c (oRFC1991, oPGP2): Remove
- (opts): Remove --pgp2 and --rfc1991.
- * g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
- (RFC2440, PGP2): Remove. Remove all code only enabled by these
- conditions.
- * tests/openpgp/clearsig.test: Remove --rfc1991 test.
-
- build: Fix autogen.sh base version hack.
- + commit 49c9a958e0b786850309bca555d4465c97d337e1
- * autogen.sh <find-version>: Fix.
-
- gpg: Remove --compress-keys and --compress-sigs feature.
- + commit 71b55e91f02cdb65a8884892f71c4c7bf8a75247
- * g10/gpg.c (oCompressKeys, oCompressSigs): Remove.
- (opts): Turn --compress-keys and --compress-signs in NOPs.
- * g10/options.h (opt): Remove fields compress_keys and compress_sigs.
- * g10/export.c (do_export): Remove compress_keys feature.
- * g10/sign.c (sign_file): Remove compress_sigs feature.
-
-2014-08-13 Werner Koch <wk@gnupg.org>
-
- gpg: Add list-option "show-usage".
- + commit 7d0492075ea638607309b3ea6a792b0e95ea7d98
- * g10/gpg.c (parse_list_options): Add "show-usage".
- * g10/options.h (LIST_SHOW_USAGE): New.
- * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller.
- * g10/keylist.c (list_keyblock_print): Print usage info.
-
-2014-08-12 Werner Koch <wk@gnupg.org>
-
- gpg: Make --with-colons work again for --search-keys.
- + commit a57c33c855c6757c8770529ee71f0f90744cd7a6
- * g10/keyserver.c (search_line_handler): Replace log_debug by
- es_printf.
-
-2014-08-08 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit 2d9f76e07082fc231303ac2c6ae1aea3c98fa2e4
-
-
-2014-07-25 Werner Koch <wk@gnupg.org>
-
- scd: Minor and editorial changes to app-sc-hsm.c.
- + commit 2e936915cf2f830e60d974d607b08822645f5753
- * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
- (parse_certid): Remove useless test.
- (send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
- (do_getattr): Ditto.
- (verify_pin): Use SW_ macro.
- (do_decipher): Replace OFS variable and extend comment.
-
- scd: Add a new status word code.
- + commit e49c851ff54d5ecf856411bf6cdee721695ea172
- * scd/apdu.h (SW_REF_DATA_INV): New.
- * scd/apdu.c (apdu_strerror): Add string.
-
-2014-07-25 Andreas Schwier <andreas.schwier@cardcontact.de>
-
- scd: Support for SmartCard-HSM.
- + commit 8eb9224f32ddf1c9e1490c4d9688a177f8b6ae64
- * scd/app-sc-hsm.c: New.
- * scd/app.c (select_application, get_supported_applications): Register
- new app.
-
-2014-07-25 Werner Koch <wk@gnupg.org>
-
- gpg: Switch to an EdDSA format with prefix byte.
- + commit 557cc11a605dd280d03c52d8b546deed8c4c714d
- * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.
-
-2014-07-23 Werner Koch <wk@gnupg.org>
-
- agent: Show just one warning with all failed passphrase constraints.
- + commit b3378b3a56fc90ba8ae38e6298b23a378305af32
- * agent/genkey.c (check_passphrase_constraints): Build a final warning
- after all checks.
-
- agent: Only one confirmation prompt for an empty passphrase.
- + commit a24510d53bb23e3a680ed2c306e576268c07060d
- * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
- check to the front.
-
- gpg: Add command --quick-gen-key.
- + commit ea186540db5b418bc6f6e5ca90337672c9981c88
- * g10/gpg.c (aQuickKeygen): New.
- * g10/misc.c (is_valid_user_id): New stub.
- * g10/keygen.c (quickgen_set_para): New.
- (quick_generate_keypair): New.
-
- common: Add cpr_get_answer_is_yes_def()
- + commit 75127bc4561787aa9bc1cf976658e20192446d7f
- * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
- (cpr_get_answer_is_yes_def): ...new.
-
- gpg: Make --quick-sign-key promote local key signatures.
- + commit 17404b2fccbc74c4f0b2364cc08e9dcc64175cf8
- * g10/keyedit.c (sign_uids): Promote local sigs in quick mode.
-
-2014-07-22 Werner Koch <wk@gnupg.org>
-
- scd: Do not use the pcsc-wrapper.
- + commit bc6b452129178658da7241903ca2174c79281752
- * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
- * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
- (gnupg_pcsc_wrapper_SOURCES): Remove.
- (gnupg_pcsc_wrapper_LDADD): Remove.
- (gnupg_pcsc_wrapper_CFLAGS): Remove.
-
-2014-07-21 Werner Koch <wk@gnupg.org>
-
- gpg: Improve --list-packets output for faulty packets.
- + commit 5b34e347b612765f31061d077b7c343e08662ba9
- * g10/parse-packet.c: Add list_mode output for certain failures.
-
- gpg: Cap size of attribute packets at 16MB.
- + commit bab9cdd971f35ff47e153c00034c95e7ffeaa09a
- * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
- size of packet.
-
-2014-07-03 Werner Koch <wk@gnupg.org>
-
- Release 2.1.0-beta751.
- + commit 5ae34f574baca2b98a09fd982c941855558408e1
-
-
- gpg: Make show-uid-validity the default.
- + commit 5214d8f02bf65fb0a4af15ff80cf1369ccd4c167
-
-
- tests: Fix end-of-all-ticks test for Western locales.
- + commit 3533860ee316918dd47501c53e910bfd0032b39d
- * common/t-timestuff.c (test_timegm): Use timegm if available.
- (main): Set TX to UTC if timegm is not available.
-
-2014-07-03 Kristian Fiskerstrand <kf@sumptuouscapital.com>
-
- gpg: Spelling error.
- + commit b51af333bdf77c042c9fe748616e80d1f5e4d3f9
-
-
-2014-06-30 Werner Koch <wk@gnupg.org>
-
- gpg: Auto-create revocation certificates.
- + commit 03018ef9eec75e4d91ea53c95547a77dedef8f80
- * configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
- * g10/revoke.c (create_revocation): Add arg "leadin".
- (gen_standard_revoke): New.
- * g10/openfile.c (get_openpgp_revocdir): New.
- (open_outfile): Add MODE value 3.
- * g10/keyid.c (hexfingerprint): New.
- * g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
-
- estream: Fix minor glitch in "%.*s" format.
- + commit aa5b4392aac99382d96be94782ae745e0a42484a
- * common/estream-printf.c (pr_string): Take care of non-nul terminated
- strings.
-
- gpg: Rearrange code in gen_revoke.
- + commit 3a01b220715b3d1a90d94353e4980ab5a1ea8f26
- * g10/revoke.c (gen_revoke): Factor some code out to ...
- (create_revocation): new.
-
- gpg: Create exported secret files and revocs with mode 700.
- + commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18
- * common/iobuf.c (direct_open): Add arg MODE700.
- (iobuf_create): Ditto.
- * g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
- callers to pass 0 for it.
- * g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
- arg.
- * g10/export.c (do_export): Pass true for new arg if SECRET is true.
-
- common: Minor code cleanup for a legacy OS.
- + commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f
- * common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
-
-2014-06-27 Werner Koch <wk@gnupg.org>
-
- speedo: Fix the w32 installer name.
- + commit adad1872b448593275d8cae06dffe376bee067b5
-
-
- po: Update some strings of the French (fr) translation.
- + commit 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd
-
-
- po: Update the German (de) translation.
- + commit c2e3eb98884785e6794dc79c1a53d75945f4c1ab
-
-
- agent: Adjust for changed npth_eselect under W32.
- + commit a1dff86da8ebaab6e154360f538ca9d43a6c4934
- * agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
- unsigned int to match the changed prototype.
-
- dirmngr: Use the homedir based socket also under W32.
- + commit 5e1f9b5e1427688ac340f0829e02bece7f0caf9c
- * common/homedir.c (dirmngr_user_socket_name): Use same code for all
- platforms.
-
-2014-06-27 Yuri Chornoivan <yurchor@ukr.net>
-
- po: Update and enable Ukrainian (uk) translation.
- + commit 2c4025576105a9deb78e1cfb22c11af4af09c4fa
-
-
- Fix typos in messages.
- + commit e56a2d6a56d95c0f169506a8dc74a845c22b699d
-
-
-2014-06-27 Werner Koch <wk@gnupg.org>
-
- build: Remove unused options.
- + commit 2540a4b674a17b45ec33f43f26e830e74ff0afed
- * configure.ac: Remove option --build-agent-only.
- (FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
- (GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
- SENDMAIL check.
- (GPGKEYS_KDNS): Remove ac_subst.
- * autogen.rc (final_info): Remove suggestion to use the removed option
- --enable-mailto.
-
-2014-06-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Add pinpad support for REINER SCT cyberJack go.
- + commit 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8
- * scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
- * scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
- VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
-
-2014-06-27 Werner Koch <wk@gnupg.org>
-
- scd: Support reader Gemalto IDBridge CT30.
- + commit 24be0f24d3a9325a04de10ae0e5e277bf28a74fe
- * scd/ccid-driver.h (GEMPC_CT30): New product id.
- * scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
- reader.
-
-2014-06-26 Werner Koch <wk@gnupg.org>
-
- gpg: Limit keysize for unattended key generation to useful values.
- + commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380
- * g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
- (gen_rsa): Enforce keysize 1024 to 4096.
- (gen_dsa): Enforce keysize 768 to 3072.
-
- Enable DNS SRV records again.
- + commit c0d1e7fca95629e1cddd7d129fa51b9a6556cb70
- * configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
- (use_dns_srv): Make test work.
-
- agent: Fix export of RSA keys to OpenPGP.
- + commit 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a
- * agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format
- string.
-
- gpg,gpgsm: Simplify wrong_args function.
- + commit 572502bd2c0637429bca547ba882629640477495
-
-
- speedo: "make clean-gnupg" may not remove the source.
- + commit c029a184d6a1a96c6de234835fff97d4e946b19c
- * build-aux/speedo.mk (clean-$(1)): Take care of gnupg.
-
- gpgsm: Fix default config name.
- + commit 2480b0253166712a2f20b92f34c8e4c2db0fc26f
-
-
-2014-06-25 Werner Koch <wk@gnupg.org>
-
- doc: Improve the rendering of the manual.
- + commit b5f95c1b566f9530127f3f34e10d120a951cf428
-
-
- doc: Update for modern makeinfo.
- + commit f149e05427a370f5985bc3fb142370b043f19924
- * doc/texi.css: Remove.
- * doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
-
- gpg: Allow key-to-card upload for cert-only keys.
- + commit f171fd226e84311f92545ca0494771db07ba777d
- * g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
-
-2014-06-24 Werner Koch <wk@gnupg.org>
-
- doc: Add conditionals for GnuPG-1.
- + commit 2c8e00137a340d04f0836f75e138dd85f8c9eff7
-
-
-2014-06-20 Werner Koch <wk@gnupg.org>
-
- gpg: Make export of ECC keys work again.
- + commit f4fcaa29367daacfe0ca209fa83dfa8640ace276
- * agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
- of the curve parameters.
- * g10/export.c (canon_pubkey_algo): Rename to ...
- (canon_pk_algo): this. Support ECC.
- (transfer_format_to_openpgp): Expect curve name.
-
- gpg: Avoid infinite loop in uncompressing garbled packets.
- + commit d6ca407a27877174c10adfae9dc601bea996cf27
- * g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
-
-2014-06-17 Kristian Fiskerstrand <kf@sumptuouscapital.com>
-
- gpg: Fix a couple of spelling errors.
- + commit 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb
-
-
-2014-06-17 Werner Koch <wk@gnupg.org>
-
- speedo: Support building from dist-source generated tarball.
- + commit 47e63dc00169030b6ff01ab67e73e52aec1395db
-
-
-2014-06-13 Werner Koch <wk@gnupg.org>
-
- http: Print human readable GNUTLS status.
- + commit 5bf04522e353675e4c3eda118fee2580756704a2
- * common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
- (http_verify_server_credentials): Print a human readable status.
-
-2014-06-12 Werner Koch <wk@gnupg.org>
-
- gpg: Improve the output of --list-packets.
- + commit d8314e31c58ea0827d0e2361dabcdf869ab08fce
- * g10/parse-packet.c (parse): Print packet meta info in list mode.
-
-2014-06-11 Werner Koch <wk@gnupg.org>
-
- speedo: Improve building of the w32 installer.
- + commit 6eeb31abee82cb2016bf054cd302af64f6dfdc2e
- * build-aux/speedo.mk: Change name of build directory to PLAY.
- Improve the dist-source target.
- * build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
- line (plus comment).
- * build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
- Install more tools.
-
-2014-06-10 Werner Koch <wk@gnupg.org>
-
- speedo: Revamped speedo and include a w32 installer.
- + commit e06d5d1a3b4a5c446a27d64cd2da0e48ccec5601
- * build-aux/speedo/: New.
- * build-aux/speedo/w32/: New.
-
- build: Add more options to autogen.sh.
- + commit 0399d87f7aaf2f2126a63899004c5c7bffd4346b
- * autogen.sh: Add options --print-host and --print-build.
-
- w32: Fix build problem with dirmngr.
- + commit 141d69cb2a94a752244e89f49611923a2f184dfd
- * dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement
- constant.
-
- gpg: Use more specific reason codes for INV_RECP.
- + commit 45ed901c466bd72118c2844069f566e190d847d6
- * g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
- reasons codes for INV_RECP.
-
-2014-06-06 Werner Koch <wk@gnupg.org>
-
- Improve the beta number generation.
- + commit b67e4e523e6d19d384e23c5bb03010caebd150e7
- * autogen.sh: Add option --find-version
- * configure.ac: Rework the setting of the mym4_ variables.
-
-2014-06-05 Werner Koch <wk@gnupg.org>
-
- Remove keyserver helper code.
- + commit 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4
- * configure.ac: Remove keyserver helper related stuff.
- * Makefile.am (SUBDIRS): Remove keyserver.
- * keyserver/Makefile.am: Remove.
-
- gpg: Require confirmation for --gen-key with experimental curves.
- + commit 9c9e26d41e7d65711da8dbf1afa452254749621c
- * g10/keygen.c (ask_curve): Add arg both. Require confirmation for
- Curve25519.
-
- gpg: Auto-migrate existing secring.gpg.
- + commit 4f0625889b768eabdec52696bf15059a9e8d9c02
- * g10/migrate.c: New.
- * g10/import.c (import_old_secring): New.
- (import_one): Add arg silent.
- (transfer_secret_keys): Add arg batch.
- (import_secret_one): Add args batch and for_migration.
- * g10/gpg.c (main): Call migration function.
-
-2014-06-04 Werner Koch <wk@gnupg.org>
-
- gpgsm: Fix commit be07ed65.
- + commit 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37
- * sm/server.c (option_handler): Use "with-secret".
-
-2014-06-03 Werner Koch <wk@gnupg.org>
-
- Add new option --with-secret.
- + commit be07ed65e169a7ec3fbecdb1abf988fc0245d9ff
- * g10/gpg.c: Add option --with-secret.
- * g10/options.h (struct opt): Add field with_secret.
- * g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
- and list_one.
- (list_all, list_one): Add arg mark_secret.
- (list_keyblock_colon): Add arg has_secret.
- * sm/gpgsm.c: Add option --with-secret.
- * sm/server.c (option_handler): Add option "with-secret".
- * sm/gpgsm.h (server_control_s): Add field with_secret.
- * sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
- the token string from the wrong field 14 to 15.
-
- gpgsm: New commands --export-secret-key-{p8,raw}
- + commit 0beec2f0f255a71f9d5a4a0729d0259f673e8838
- * sm/gpgsm.c: Add new commands.
- * sm/minip12.c (build_key_sequence): Add arg mode.
- (p12_raw_build): New.
- * sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
- (gpgsm_p12_export): Ditto.
- (print_short_info): Print the keygrip.
-
-2014-06-02 Werner Koch <wk@gnupg.org>
-
- gpg: Avoid NULL-deref in default key listing.
- + commit 958e5f292fa3f8e127f54bc088c56780c564dcae
- * g10/keyid.c (hash_public_key): Take care of NULL keys.
- * g10/misc.c (pubkey_nbits): Ditto.
-
- gpg: Simplify default key listing.
- + commit f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0
- * g10/mainproc.c (list_node): Rework.
-
- gpg: Graceful skip reading of corrupt MPIs.
- + commit d9cde7ba7d4556b216f062d0cf92d60cbb204b00
- * g10/parse-packet.c (mpi_read): Change error message on overflow.
-
- gpgsm: Handle re-issued CA certificates in a better way.
- + commit 715285bcbc12c024dbd9b633805189c09173e317
- * sm/certchain.c (find_up_search_by_keyid): Consider all matching
- certificates.
- (find_up): Add some debug messages.
-
- gpgsm: Add a way to save a found state.
- + commit 42c043a8ad542c131917879c9b458f234b4bb645
- * kbx/keybox-defs.h (keybox_found_s): New.
- (keybox_handle): Factor FOUND out to above. Add saved_found.
- * kbx/keybox-init.c (keybox_release): Release saved_found.
- (keybox_push_found_state, keybox_pop_found_state): New.
-
- * sm/keydb.c (keydb_handle): Add field saved_found.
- (keydb_new): Init it.
- (keydb_push_found_state, keydb_pop_found_state): New.
-
- gpg: Fix bug parsing a zero length user id.
- + commit 99972bd6e9abea71f270284f49997de5f00208af
- * g10/getkey.c (get_user_id): Do not call xmalloc with 0.
-
- * common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
- pass 0 to the arguments.
-
-2014-05-19 Werner Koch <wk@gnupg.org>
-
- dirmngr: Print certificates on failed TLS verification.
- + commit 9e1c99f8009f056c39a7465b91912c136b248e8f
- * dirmngr/ks-engine-hkp.c (cert_log_cb): New.
- (send_request): Set callback.
-
- http: Add callback to help logging of server certificates.
- + commit 45f15b2d767d4068f79fd5b123e9eeae08a0616d
- * common/http.c (http_session_s): Add field cert_log_cb.
- (http_session_set_log_cb): New.
- (http_verify_server_credentials): Call callback.
-
-2014-05-16 Werner Koch <wk@gnupg.org>
-
- keyserver: Improve support for hkps pools.
- + commit d2d9d4fb60e3f2160af6252335364d3aac4b7d17
- * dirmngr/ks-engine-hkp.c (hostinfo_s): Add fields cname, v4addr, and
- v6addr.
- (create_new_hostinfo): Clear them.
- (my_getnameinfo): Add args numeric and r_isnumeric.
- (is_ip_address): New.
- (map_host): Add arg r_host. Rewrite the code to handle pools in a
- special way.
- (ks_hkp_print_hosttable): Change format of help info output.
- (make_host_part): Add arg optional r_httphost.
- (send_request): Add arg httphost.
- (ks_hkp_search, ks_hkp_get, ks_hkp_put): Get httphost and pass it to
- send_request.
-
- http: Allow overriding of the Host header.
- + commit 8b90d79818355b81ce223e1cb96cd0c939096fe2
- * common/http.c (http_open): Add arg httphost.
- (http_open_document): Pass NULL for httphost.
- (send_request): Add arg httphost. If given, use HTTPHOST instead of
- SERVER. Use https with a proxy if requested.
- (http_verify_server_credentials): Do not stop at the first error
- message.
- * dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
- * keyserver/curl-shim.c (curl_easy_perform): Ditto.
- * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
- * dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
-
-2014-05-14 Werner Koch <wk@gnupg.org>
-
- gpg: Fix uninitialized access to search descindex with gpg keyboxes.
- + commit 25036ec6abbc0c9d0003dcfe227724038c35a304
- * kbx/keybox-search.c (keybox_search): Add arg R_DESCINDEX. Chnage
- both callers.
- * g10/keydb.c (keydb_search): Always set DESCINDEX.
-
- w32: Make make_absfilename work with drive letters.
- + commit 71fa6a35107d4d4547eb9155d7c2612b6a6a16fb
- * common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.
-
- gpg: Remove useless diagnostic in MDC verification.
- + commit 455a4a2212302c05095e736b127f647e95714fe7
- * g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
- MDC packer header and a bad MDC.
-
- gpg: Fix glitch entering a full expiration time.
- + commit b2945c451d3d3f25ba11a9fe88c6cbf3f88c2fb5
- * g10/keygen.c (ask_expire_interval): Get the current time after the
- prompt.
-
-2014-05-08 Werner Koch <wk@gnupg.org>
-
- agent: Fix import of non-protected gpg keys.
- + commit 4aeb02562c9db4b96366220b781e2b4fa2d6fd3b
- * agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
- non-protected keys.
- (convert_from_openpgp_main): Do not call agent_askpin for a
- non-protected key.
-
- Make more use of *_NAME macros.
- + commit cb2aeb4e1157fc0d7dc25d94115973422dc1a800
- * configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
- (GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
- (DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
- (GPGCONF_DISP_NAME): New.
- (SCDAEMON_SOCK_NAME): New.
- * common/argparse.c (show_help): Map description string.
-
-2014-05-08 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix auth key comment handling.
- + commit fb24808db9af9dfe36f9f6d7fc24e0b903ecc12c
- * agent/command-ssh.c (ssh_send_key_public): Handle the case with no
- comment.
-
-2014-05-07 Werner Koch <wk@gnupg.org>
-
- Make -jN work again.
- + commit 57011da53e43f9c8a6c7e7314166c3e17ff8627a
- * common/Makefile.am ($(PROGRAMS)): New rule
- (t_http_LDADD): Use libcommontls.a without directory prefix.
- * dirmngr/Makefile.am ($(PROGRAMS)): New rule.
-
- gpg: Print the key algorithm/curve with signature info.
- + commit 359c643d747c890f73f68b42e0aeb896016f05fd
- * g10/mainproc.c (check_sig_and_print): Print the name and curve.
-
- gpg: Fix memleak in signature verification of bogus keys.
- + commit e73edfb1759d05121ea66f67c775e763bf47d737
- * g10/mainproc.c (check_sig_and_print): Factor common code out to ...
- (print_good_bad_signature): here.
-
- gpg: Mark experimental algorithms in the key listing.
- + commit 09055aa0f7993aaf4dcffdd80d8192945ae6080a
- * g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
- Print a note for experimental algorithms.
- * g10/misc.c (print_pubkey_algo_note): Fix warning message.
-
- gpg: Finish experimental support for Ed25519.
- + commit 8fee6c1ce6d116fe7909dbe1184d95bc91305484
- * agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
- (get_keygrip): Add and use arg CURVE.
- (convert_secret_key): Ditto.
- (convert_transfer_key): Ditto.
- (get_npkey_nskey): New.
- (prepare_unprotect): Replace gcrypt functions by
- get_npkey_nskey. Allow opaque MPIs.
- (do_unprotect): Use CURVE instead of parameters.
- (convert_from_openpgp_main): Ditto.
- (convert_to_openpgp): Simplify.
- * g10/import.c (one_mpi_from_pkey): Remove.
- (transfer_secret_keys): Rewrite to use the curve instead of the
- parameters.
- * g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
-
- * common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
- "NIST P-256" et al.
- * g10/keygen.c (ask_curve): Add arg ALGO.
- (generate_keypair): Rewrite the ECC key logic.
-
- * tests/openpgp/ecc.test: Provide the "ecc" passphrase.
-
- kbx: Add experimental support for EDDSA.
- + commit bdb9c2b314400da9155b8a924e22e486793dda89
- * kbx/keybox-openpgp.c (parse_key): Use algo constants and add
- experimental support for EdDSA.
-
- agent: Remove greeting message.
- + commit a63ed9875830e5b3b4d48b7d97d24c18de36b326
- * agent/gpg-agent.c (main): Remove greeting. Make --no-greeting a
- dummy.
-
-2014-05-06 Werner Koch <wk@gnupg.org>
-
- Use "samethread" mode keyword for some es_fopenmem.
- + commit 6477e51919ef97f0f9cc05d10cdc7aa2b89faafe
- * dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
- * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
- * scd/atr.c (atr_dump): Ditto.
-
-2014-05-05 Werner Koch <wk@gnupg.org>
-
- dirmngr: Add support for hkps keyservers.
- + commit 60e2fc7d38d8b37d1de944cf230e410c2ce37d5e
- * dirmngr/dirmngr.c: Include gnutls.h.
- (opts): Add --gnutls-debug and --hkp-cacert.
- (opt_gnutls_debug, my_gnutls_log): New.
- (set_debug): Set gnutls log level.
- (parse_rereadable_options): Register a CA file.
- (main): Init GNUTLS.
- * dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
- (send_request): Ditto.
-
- http: Add reference counting to the session object.
- + commit ea0f5481f01eacedff264bf08144164aa989ec4d
- * common/http.c (http_session_t): Add field "refcount".
- (_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
- (send_request, my_npth_read, my_npth_write): Use SOCK object for the
- transport ptr.
- (http_session_release): Factor all code out to ...
- (session_unref): here. Deref SOCK.
- (http_session_new): Init refcount and transport ptr.
- (http_session_ref): New. Ref and unref all assignments.
-
-2014-05-02 Werner Koch <wk@gnupg.org>
-
- http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
- + commit 0e59195642eb26263b8e0b9200290538631d35cd
- * common/http.c (http_parse_uri): Factor code out to ...
- (parse_uri): here. Add arg FORCE_TLS.
- (do_parse_uri): Ditto. Implement flag.
- (http_get_tls_info): New.
- (http_register_tls_ca): Allow clearing of the list.
- (send_request): Use a default verification function.
- * common/http.h (HTTP_FLAG_FORCE_TLS): New.
- * common/t-http.c (main): Add several command line options.
-
- common: Fix test for openpgp_oid_is_ed25519.
- + commit 2def230231abd34f6012df284ab468321ffedc10
- * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct
- value.
-
- http: Revamp TLS API.
- + commit 8412a5825c225c8ff14de3ffaad2e55e040b2eca
- * configure.ac (NEED_GNUTLS_VERSION): New.
- (HTTP_USE_GNUTLS, LIBGNUTLS_CFLAGS, LIBGNUTLS_LIBS): New ac_subst.
-
- * common/http.h (http_session_t): New.
- * common/http.c: Remove compatibility for gnutls < 3.0.
- (http_session_s): New.
- (cookie_s): Replace gnutls_session_t by http_session_t.
- (tls_callback, tls_ca_certlist): New variables.
- (my_socket_unref): Add preclose args.
- (my_npth_read, my_npth_write): New.
- (make_header_line): Fix bug using int* instead of char*.
- (http_register_tls_callback): New.
- (http_register_tls_ca): New.
- (http_session_new): New.
- (http_session_release): New.
- (http_get_header_names): New.
- (escape_data): Add hack to escape in forms mode.
- (send_request) [HTTP_USE_GNUTLS]: Support SNI.
- (send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
- (send_gnutls_bye): New.
- (cookie_close): Make use of preclose feature.
- (http_verify_server_credentials): New.
- (main) [TEST]: Remove test code.
- * common/t-http.c: New.
- * common/tls-ca.pem: New.
- * common/Makefile.am (tls_sources): New. Move http code to here.
- (libcommontls_a_SOURCES): New.
- (libcommontlsnpth_a_SOURCES): New.
- (EXTRA_DIST): Add tls-ca.pem
- (module_maint_tests): Add t-http.
- (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
-
- * dirmngr/Makefile.am (dirmngr_LDADD): Add libcommontlsnpth.
-
- common: Cleanup the use of USE_NPTH and HAVE_NPTH macros.
- + commit 84289e85c72ae58c321dfdb96816700a6b7f7122
- * configure.ac (HAVE_NPTH): New ac_define.
- * common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
- * common/http.c: Ditto. Replace remaining calls to pth by npth calls.
- (connect_server): Remove useless _().
- * common/exechelp-posix.c, common/exechelp-w32.c
- * common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
- * common/init.c (_init_common_subsystems): Remove call to pth_init.
- * common/sysutils.c (gnupg_sleep): Use npth_sleep.
- * scd/ccid-driver.c (my_sleep): Ditto.
-
-2014-04-30 Werner Koch <wk@gnupg.org>
-
- estream: Implement "samethread" mode keyword.
- + commit 8416c875a729426eae05ed1ca9f1ebcb933c246a
- * src/estream.c (estream_internal): Add field SAMETHREAD.
- (init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
- (parse_mode): Add arg SAMETHREAD and parse that keyword.
- (es_initialize): Rename to ...
- (init_stream_obj): this. Add arg SAMETHREAD.
- (es_create): Add arg SAMETHREAD. Call init_stream_lock after
- init_stream_obj.
- (doreadline): Call es_create with samethread flag.
- (es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
- (do_fpopen, do_w32open): Implement "samethread" keyword.
- (es_freopen): Take samthread flag from old stream.
- (es_tmpfile): Call es)_create w/o samethread.
-
- estream: Fix deadlock in es_fileno.
- + commit ecea94461ed40f3f6ef662c2501e1d56ec284022
- * src/estream.c (es_fileno_unlocked): Call the unlocked functions.
-
- estream: Add debug code to the lock functions.
- + commit aeb81727c77dfea3bf5d2d689ffbdc897f2938a7
- * common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.
-
- estream: Replace locking macros by functions.
- + commit 39e91a5f0a666aad2fef7a840b2cd03949bb1be4
- * common/estream.c: Replace most macros.
-
-2014-04-28 NIIBE Yutaka <gniibe@fsij.org>
-
- ECC Fixes.
- + commit 21dab64030c95a909767bf6d8f99e8476f9df8a2
- * agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
- (convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
- does not distinguish the detail.
- (do_unprotect, convert_from_openpgp_main): Don't call
- map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
- not the value defined by OpenPGP.
- (convert_to_openpgp): It's "ecc".
- * agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
- * g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
- * g10/pubkey-enc.c (get_it): Fix swapping the fields error.
-
-2014-04-22 Werner Koch <wk@gnupg.org>
-
- gpg: Pass --homedir to gpg-agent.
- + commit fdd938a5bbecb5b70f564ae3afb4e17905404bb2
- * agent/gpg-agent.c (main): Make sure homedir is absolute.
- * common/asshelp.c (lock_spawning): Create lock file with an absolute
- name.
- (start_new_gpg_agent): Use an absolute name for the socket and pass
- option --homedir to the agent.
- (start_new_dirmngr): Use an absolute name for the --homedir.
-
- common: Add functions make_absfilename and make_absfilename_try.
- + commit 71a54313adf7b57b7b27bb9ad07b142a34306260
- * common/stringhelp.c (do_make_filename): Add modes 2 and 3.
- (make_absfilename): New.
- (make_absfilename_try): New.
-
- common: Add function gnupg_getcwd.
- + commit 1a87edab6657a257876ab2f8790f2937feba7066
- * tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
- * common/sysutils.c (gnupg_getcwd): .. here.
- * tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.
-
- gpg: Print a warning if GKR has hijacked gpg-agent.
- + commit ffa39be5ebfc1059a737905ee317c9b6f3d2a77e
- * g10/call-agent.c (check_hijacking): New.
- (start_agent): Call it.
- (membuf_data_cb, default_inq_cb): Move more to the top.
-
-2014-04-17 Werner Koch <wk@gnupg.org>
-
- gpg: New %U expando for the photo viewer.
- + commit e184a11f94e2d41cd9266484542631bec23628b5
- * g10/photoid.c (show_photos): Set namehash.
- * g10/misc.c (pct_expando): Add "%U" expando.
-
- common: Add z-base-32 encoder.
- + commit b8a91ebf46a927801866e99bb5a66ab00651424e
- * common/zb32.c: New.
- * common/t-zb32.c: New.
- * common/Makefile.am (common_sources): Add zb82.c
- (module_tests): Add t-zb32.
-
-2014-04-16 Werner Koch <wk@gnupg.org>
-
- Two minor code cleanups and one NULL deref on error fix.
- + commit a34afa8f2053d75f276d6d28dbf1a43db0fd9768
- * common/estream.c (es_freopen): Remove useless check for STREAM.
- * kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
- for BLOB.
- * tools/sockprox.c (run_proxy): Do not fclose(NULL).
-
-2014-04-15 Werner Koch <wk@gnupg.org>
-
- gpg: Re-enable secret key deletion.
- + commit db3b528239c9d56bc71fd2283e07a3f1d91e4fd0
- * g10/call-agent.c (agent_delete_key): New.
- * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
- * g10/passphrase.c (gpg_format_keydesc): Support new format.
- * g10/delkey.c (do_delete_key): Add secret key deletion.
-
- gpg: Re-indent a file.
- + commit d25d00b89efed461d344028d0e2e2be38cc77628
- * g10/delkey.c: Re-indent.
- (do_delete_key, delete_keys): Change return type top gpg_error_t.
-
- gpg: Fix regression in secret key export.
- + commit c4d983239a3f0a18c77f0a5aeba520a81a1b86e8
- * agent/cvt-openpgp.c (convert_to_openpgp): Fix use
- gcry_sexp_extract_param.
- * g10/export.c (do_export_stream): Provide a proper prompt to the
- agent.
-
- gpg: Change pinentry prompt to talk about "secret key".
- + commit e549799db66be30cdd68a3e6cdca9c6a050466d1
- * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
- * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
- (FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
-
- agent: Add command DELETE_KEY.
- + commit e3a4ff89a0b106e678bf9d0a4d47917123071140
- * agent/command.c (cmd_delete_key): New.
- * agent/findkey.c (modify_description): Add '%C' feature.
- (remove_key_file): New.
- (agent_delete_key): New.
- * agent/command-ssh.c (search_control_file): Make arg R_DISABLE
- optional.
-
- * configure.ac: Require libgpg-error 1.13.
-
-2014-04-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: EdDSA support.
- + commit 3132bd90dc8db9c7fd19ba201918e95891306dc5
- * scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
- (struct app_local_s): Add eddsa.
- (get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
- (get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
- (send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
- (build_ecc_privkey_template): Rename as it supports both of
- ECDSA and EdDSA.
- (ecc_writekey): Rename. Support CURVE_ED25519, too.
- (do_writekey): Follow the change of ecc_writekey.
- (do_auth): Support KEY_TYPE_EDDSA.
- (parse_ecc_curve): Support CURVE_ED25519. Bug fix for other curves.
- (parse_algorithm_attribute): Bug fix for ECDH. Support EdDSA.
-
-2014-04-08 Werner Koch <wk@gnupg.org>
-
- dirmngr: Fix compiler warning.
- + commit db85feceaf43ebd6d44421bb14fcb60495804ae0
- * common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
- * dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
- (time_for_housekeeping_p): new.
-
- gpgconf: Add command --launch.
- + commit b4cf4686f7349be9558217f20e51157398cd88a0
- * tools/gpgconf.c: Add command --launch.
- * tools/gpgconf-comp.c (gc_component_launch): New.
-
- scd: Silent compiler warnings about unused variables.
- + commit 36dfc37e438660632d3a2bf5d5526be9005fa8c5
- * scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
- (ecdh_writekey): Mark unused args.
-
-2014-04-08 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Support EdDSA.
- + commit 5ff6d0c25e6d0f422b17809b954e9e87cb137347
- * agent/pksign.c (agent_pksign_do): Handle EdDSA signature.
-
- g10: EdDSA support.
- + commit 40c3b0741e593d0658dda0c707c4f32e80648dd1
- * g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
- * g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
- * common/openpgp-oid.c (oid_ed25519): Update.
-
-2014-04-04 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: EdDSA support for SSH.
- + commit 513c67b7461a2451247ef2b2fc64e0470a16edf1
- * agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
- two 32-byte opaque data which should not be interpreted as number.
-
-2014-03-27 Werner Koch <wk@gnupg.org>
-
- gpg: Add commands --quick-sign-key and --quick-lsign-key.
- + commit b6786cc3ec0bb582323adf94c2ee624bcfbeb466
- * g10/gpg.c (main): Add commands --quick-sign-key and
- --quick-lsign-key.
- * g10/keyedit.c (sign_uids): Add args FP and QUICK.
- (keyedit_quick_sign): New.
- (show_key_with_all_names): Add arg NOWARN.
-
- Change some keyedit functions to allow printing to arbitrary streams.
- + commit 4f50ec98ddd57253cae66e2321f0cc98ee189a09
- * common/ttyio.c (tty_print_string): Add optional arg FP. Change all
- callers.
- (tty_print_utf8_string2): Ditto.
- * g10/keyedit.c (show_prefs): Ditto.
- (show_key_with_all_names_colon): Ditto.
- (show_names): Ditto.
- * g10/keylist.c (print_revokers): Ditto.
- (print_fingerprint): Ditto.
-
-2014-03-23 Werner Koch <wk@gnupg.org>
-
- agent: Replace es_mopen by es_fopenmem for ssh.
- + commit 5c2a50cdc90e85b1fc380851ccfbe9186969b658
- * agent/command-ssh.c (ssh_read_key_public_from_blob): Use
- es_fopenmem.
- (ssh_handler_request_identities): Ditto.
- (ssh_request_process): Ditto.
-
-2014-03-22 Werner Koch <wk@gnupg.org>
-
- agent: Put ssh key type as comment into sshcontrol.
- + commit fc3e70c11342267c1062e4244955d19ecd72e0f6
- * agent/command-ssh.c (ssh_key_type_spec): Add field name.
- (ssh_key_types): Add human readable names.
- (add_control_entry): Add arg SPEC and print key type as comment.
- (ssh_identity_register): Add arg SPEC.
- (ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.
-
- agent: Support the Ed25519 signature algorithm for ssh.
- + commit 072432883ededa15bf35f80102e0572746ba4af1
- * agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
- (ssh_key_types): Add entry for ssh-ed25519.
- (ssh_identifier_from_curve_name): Move to the top.
- (stream_read_skip): New.
- (stream_read_blob): New.
- (ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
- the s-exp parsing to here.
- (ssh_signature_encoder_dsa): Ditto.
- (ssh_signature_encoder_ecdsa): Ditto.
- (ssh_signature_encoder_eddsa): New.
- (sexp_key_construct): Rewrite.
- (ssh_key_extract): Rename to ...
- (ssh_key_to_blob): .. this and rewrite most of it.
- (ssh_receive_key): Add case for EdDSA.
- (ssh_convert_key_to_blob, key_secret_to_public): Remove.
- (ssh_send_key_public): Rewrite.
- (ssh_handler_request_identities): Simplify.
- (data_sign): Add rename args. Add new args HASH and HASHLEN. Make
- use of es_fopenmen and es_fclose_snatch. Remove parsing into MPIs
- which is now doe in the sgnature encoder functions.
- (ssh_handler_sign_request): Take care of Ed25519.
- (ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.
-
- agent: Cleanups to prepare implementation of Ed25519.
- + commit a77ed0f266d03e234027dda4de5a7f3dd6787b1e
- * agent/cvt-openpgp.c: Remove.
- (convert_to_openpgp): Use gcry_sexp_extract_param.
- * agent/findkey.c (is_eddsa): New.
- (agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
- * agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and
- OVERRIDEDATALEN.
-
- * common/ssh-utils.c (is_eddsa): New.
- (get_fingerprint): Take care or EdDSA.
-
-2014-03-18 Werner Koch <wk@gnupg.org>
-
- tools: Fix NULL deref in gpg-connect-agent.
- + commit 6376227a31b3076321ce16ad626b333057bda53d
- * tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to
- strlen.
-
- dirmngr: Resurrect hosts in the HKP hosttable.
- + commit 6c058fac65c7e9d1ffb72686f0f02644f172da22
- * dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
- (housekeeping_thread): New.
- (handle_tick): Call new function.
- * dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
- (struct hostinfo_s): Add field died_at and set it along with the dead
- flag.
- (ks_hkp_print_hosttable): Print that info.
- (ks_hkp_housekeeping): New.
-
- common: New function elapsed_time_string.
- + commit 04e304278c9302831bc81e7fe9049c588ead029a
- * common/gettime.c (elapsed_time_string): New.
-
-2014-03-17 Werner Koch <wk@gnupg.org>
-
- gpg: Reject signatures made with MD5.
- + commit f90cfe6b66269de0154d810c5cee1fe9a5af475c
- * g10/gpg.c: Add option --allow-weak-digest-algos.
- (main): Set option also in PGP2 mode.
- * g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
- * g10/sig-check.c (do_check): Reject MD5 signatures.
- * tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
-
- gpg: Make --auto-key-locate work again with keyservers.
- + commit 1e2e39c5758ffaf62f8bb85b4a86dc49c41f3a68
- * dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
- * g10/keyserver.c (keyserver_import_name): Implement.
- (keyserver_get): Use exact mode for name based import.
- (keyserver_get): Add args R_FPR and R_FPRLEN. Change all callers.
-
- gpg: New mechanism "clear" for --auto-key-locate.
- + commit 1d642d3ca890daa65ee5dd949a00747da6b49015
- * g10/getkey.c (parse_auto_key_locate): Implement "clear".
-
-2014-03-14 Werner Koch <wk@gnupg.org>
-
- gpg-connect-agent: Make it easier to connect to the dirmngr.
- + commit 2223eaefaf53aa7217ac593b83e4294148a4db5d
- * tools/gpg-connect-agent.c: Add options --dirmngr and
- --dirmngr-program.
-
- dirmngr: Make use of IPv4 and IPV6 more explicit.
- + commit 59b4fb5f4927908af06bb80ecd86adbf6e54ba14
- * common/http.c (connect_server): Handle the new flags.
- * common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
- * dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
- (make_host_part): Ditto.
- (send_request): Add arg httpflags.
- (ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.
-
- dirmngr: Do not use brackets around legacy IP addresses.
- + commit d7fbefeb82833db9eea8b15dc7889ecf0b7ffab4
- * dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
- complete addrinfo. Bracket only v6 addresses. Change caller.
-
- gpg: Print the actual used keyserver address.
- + commit a401f768ca8e218eef7a5c87a8f99cb1d6b4aaeb
- * dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
- status lines.
- * g10/call-dirmngr.c (ks_status_parm_s): New.
- (ks_search_parm_s): Add field stparm.
- (ks_status_cb): New.
- (ks_search_data_cb): Send source to the data callback.
- (gpg_dirmngr_ks_search): Change callback prototope to include the
- SPECIAL arg. Adjust all users. Use ks_status_cb.
- (gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
- * g10/keyserver.c (search_line_handler): Adjust callback and print
- "data source" disgnostic.
- (keyserver_get): Print data source diagnostic.
-
- dirmngr: Default to a user socket name and enable autostart.
- + commit 5d321eb00be0774418de1a05678ac0ec44d7193b
- * common/homedir.c (dirmngr_socket_name): Rename to
- dirmngr_sys_socket_name.
- (dirmngr_user_socket_name): New.
- * common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
- socket.
- * dirmngr/dirmngr.c (main): Ditto.
- * dirmngr/server.c (cmd_getinfo): Ditto.
- * sm/server.c (gpgsm_server): Ditto.
- * dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
- * tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.
-
- * configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
-
-2014-03-12 Werner Koch <wk@gnupg.org>
-
- gpg: Add option --dirmngr-program.
- + commit 6dd5d99a61f24aff862ccba9f7410d7f1af87c05
- * g10/gpg.c: Add option --dirmngr-program.
- * g10/options.h (struct opt): Add field dirmngr_program.
- * g10/call-dirmngr.c (create_context): Use new var.
-
- * dirmngr/dirmngr.c: Include gc-opt-flags.h.
- (main): Remove GC_OPT_FLAG_*.
- * tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
- * common/gc-opt-flags.h: here.
-
- dirmngr: Detect dead keyservers and try another one.
- + commit fb56a273b1f2b3a99dc1d1a0850378ab7625e6b9
- * dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
- (ks_action_search, ks_action_put): Ditto.
- (ks_action_get): Consult only the first server which retruned some
- data.
-
- * dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
- (map_host): Add arg CTRL and call dirmngr_tick.
- (make_host_part): Add arg CTRL.
- (mark_host_dead): Allow the use of an URL.
- (handle_send_request_error): New.
- (ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on
- error.
-
- http: Add a flag to the URL parser indicating a literal v6 address.
- + commit 3d9e0eb02ce2b2e153e25deb0fc4b27b45f5026a
- * common/http.h (struct parsed_uri_t): Add field v6lit.
- * common/http.c (do_parse_uri): Set v6lit.
-
-2014-03-12 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: writekey support of ECC.
- + commit 781b94174310dceffa075719420b74b29fe41764
- * scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
- (store_fpr): Support ECC keys with varargs.
- (get_ecc_key_parameters, get_curve_name): Support secp256k1.
- (parse_ecc_curve): Likewise.
- (build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
- (ecdh_writekey): New. Not implemented yet.
- (do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
- (do_genkey): Follow the change of store_fpr.
-
-2014-03-11 Werner Koch <wk@gnupg.org>
-
- dirmngr: Put brackets around IP addresses in the hosttable.
- + commit 0b2cca807d5a4a3664145032271141da853e7bac
- * dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
- (my_getnameinfo): New.
- (map_host): Use it.
-
- dirmngr: Add command option to mark hosts as dead or alive.
- + commit a3dee2889106fcab112c1c96b32e04d8154875e7
- * dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
- (check_owner_permission): here.
- (cmd_keyserver): Add options --dead and --alive.
- * dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
- (ks_hkp_mark_host): New.
-
- dirmngr: Make Assuan output of keyblocks easier readable.
- + commit 71b55c945542e695161ddbd783f87c5f534012a5
- * dirmngr/server.c (data_line_cookie_write): Print shorter data lines
- in verbose mode.
-
- dirmngr: Fix HKP host selection code.
- + commit 3c35b46a32ac7584f3807b611cde78b199c527d6
- * dirmngr/server.c (cmd_keyserver): Add option --resolve and change
- --print-hosttable to --hosttable.
- * dirmngr/ks-action.c (ks_printf_help): New.
- (ks_action_resolve): New.
- * dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
- (ks_hkp_print_hosttable): Print to assuan stream.
- (map_host): Remove debug code. Add arg FORCE_SELECT. Return numeric
- IP addr if it can't be resolved.
- (make_host_part): Add arg FORCE_SELECT; change callers to pass false.
- (ks_hkp_resolve): New.
-
- List readline support in configure summary.
- + commit f30d8b018871495327cbf711b73b04278a34f3e1
- * m4/readline.m4: Set gnupg_cv_have_readline.
- * configure.ac: Add readline support to summary output.
-
-2014-03-11 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: API change of agent_key_from_file.
- + commit ac5a1a3ccb7c3e6393bc83d73b545dec9b70e7d1
- * agent/findkey.c (agent_key_from_file): Always return S-expression.
- * agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
- (cmd_export_key): Likewise. Free SHADOW_INFO.
- (cmd_keytocard): Likewise. Release S_SKEY.
- * agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
- * agent/pksign.c (agent_pksign_do): Likewise. Use the S-expression to
- know the key type.
-
-2014-03-10 Werner Koch <wk@gnupg.org>
-
- Backport useful code from fixes for bug 1447.
- + commit 57d26f39afb3c75e24a8d240d7af32b9d2b9775a
- * configure.ac: Cehck for inet_ntop.
- * m4/libcurl.m4: Provide a #define for the version of the curl
- library.
-
- scd: acquire lock in new_reader_slot.
- + commit 9ab9f414fb919f0bc87c301c3e36180715d0aa4e
- * scd/apdu.c (new_reader_slot): Acquire lock.
- (open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
- (open_ccid_reader, open_rapdu_reader): Release lock.
- (lock_slot, trylock_slot, unlock_slot): Move more to the top.
-
- Do not require libiconv for Android.
- + commit b278043a8f38e2706ccf617d2ac5661b33791d6b
- * configure.ac (require_iconv): New. Set to false for android.
- (AM_ICONV): Run only if required.
-
-2014-03-07 Werner Koch <wk@gnupg.org>
-
- dirmmgr: Use a portability wrapper for struct timeval.
- + commit feda379595e06583bc5b3610dec74890de29cb8e
- * dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
- (my_ldap_timeval_t): New.
-
- Silence more warnings about unused vars and args.
- + commit 4387ecb11cdb2addf738eb922c1b9f14c6c76efc
- * dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
- * dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
- * dirmngr/dirmngr.c (w32_service_control): Mark unused args.
- (call_real_main): New.
- (main) [W32]: Use new function to match prototype.
- (real_main) [W32]: Mark unused vars.
- (handle_signal) [W32]: Do not build the function at all.
- (handle_connections) [W32]: Do not define signo.
- * dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
- * g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
-
- dirmngr: Simplify strtok macro.
- + commit 35266076e3452590931e58f188815859dff6de3c
- * dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
- (ldap_str2charray): Remove lasts.
-
- Use attribute __gnu_printf__ also in estream header files.
- + commit 72133b54de89e593d8193b106e9369cf90d2e1c0
- * common/estream-printf.h: Use attribute gnu_printf.
- * common/estream.h: Ditto.
-
- Use attribute __gnu_printf__ with our estream-printf functions.
- + commit 36372dcb2f75a659b7ace0e9c46f07bb431d009c
- * common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
- (JNLIB_GCC_A_NR_PRINTF): Ditto.
-
- w32: Silence warnings about unused vars.
- + commit 094aa2589e3920d400be93ae2823a6c4b23db623
- * agent/gpg-agent.c (main) [W32]: Mark unused vars.
- * sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
- * g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
- * scd/scdaemon.c (main) [W32]: Ditto.
- (handle_connections) [W32]: Ditto.
- (handle_signal) [W32]: Do not build the function at all.
- * scd/apdu.c (pcsc_send_apdu_direct): Ditto.
- (connect_pcsc_card): s/long/pcsc_dword_t/.
- (open_pcsc_reader_direct): Remove var listlen.
-
- w32: Fix a potential problem in gpgconf's gettext.
- + commit a0fc42598f51ef4a958fc3c2fed7f4b8df2da3fd
- * tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure
- to return something even DOMAIN is not given.
-
- Silence several warnings when building under Windows.
- + commit 3032fc3ad78ac9ed857570844547afed520d635a
- * agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
- (start_pinentry): Ditto.
- * common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
- * common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
- prototypes on Windows and some other platforms.
- * common/logging.c (fun_writer): Declare addrbuf only if needed.
- * g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
- * g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
- mode.
- * g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
- by -1 as temporary hack for Windows.
- * g10/export.c (do_export): Ditto.
- * g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
- * g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
- * g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
-
- w32: Include winsock2.h to silence warnings.
- + commit cb0dcc340836a64e2d33b27f1be7bc888c084f12
-
-
- gl: Avoid warning about shadowing an arg.
- + commit 84fd36f8baa2b800ea47ff74935f5aaf0e55c299
- * gl/setenv.c (KNOWN_VALUE): s/value/_v/.
-
- common: Fix build problem with Sun Studio compiler.
- + commit 0fc71f7277c6f833f838bbd384f1a22d0c333e8e
- * common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
- functions.
- (ESTREAM_MUTEX_INITIALIZE): Ditto.
-
- gpg: Do not require a trustdb with --always-trust.
- + commit d8f0b83e4f04641e5e9adbdd8abada15380f981c
- * g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
- * g10/trustdb.c (trustdb_args): Add field no_trustdb.
- (init_trustdb): Set that field.
- (revalidation_mark): Take care of a nonexistent trustdb file.
- (read_trust_options): Ditto.
- (tdb_get_ownertrust): Ditto.
- (tdb_get_min_ownertrust): Ditto.
- (tdb_update_ownertrust): Ditto.
- (update_min_ownertrust): Ditto.
- (tdb_clear_ownertrusts): Ditto.
- (tdb_cache_disabled_value): Ditto.
- (tdb_check_trustdb_stale): Ditto.
- (tdb_get_validity_core): Ditto.
- * g10/gpg.c (main): Do not create a trustdb with most commands for
- trust-model always.
-
- gpg: Print a "not found" message for an unknown key in --key-edit.
- + commit dfb25d47a9fcfd7c7c084ea58744724cd5315086
- * g10/keyedit.c (keyedit_menu): Print message.
-
- gpg: Protect against rogue keyservers sending secret keys.
- + commit db1f74ba5338f624f146a3cb41a346e46b15c8f9
- * g10/options.h (IMPORT_NO_SECKEY): New.
- * g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
- flag.
- * g10/import.c (import_secret_one): Deny import if flag is set.
-
- agent: Fix UPDATESTARTUPTTY for ssh.
- + commit 90688b29f3701f4d3e2a5a49c5544fe8d2a84b2d
- * agent/command-ssh.c (setup_ssh_env): Fix env setting.
-
- gpgv: Init Libgcrypt to avoid syslog warning.
- + commit 7c4bfa599fa69c3a942c8deea83737a4c5a0806e
- * g10/gpgv.c (main): Check libgcrypt version and disable secure
- memory.
-
- Improve libcurl detection.
- + commit 5ca482d5f949444ffd453de158ee186ab07fc9b6
- * m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
- given. Suggested by John Marshall.
-
- gpg: Remove legacy keyserver examples from the template conf file.
- + commit 0ab752cc2d46bbd0077bed889676169b7aeb1eb6
- * g10/options.skel: Update.
-
- (cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)
-
- w32: Define WINVER only if needed.
- + commit 76b1940ad6f5f058c4a6bec35902da9f6d4e27b0
- * common/sysutils.c (WINVER): Define only if less that 5.0.
-
- w32: Remove unused code.
- + commit 63b7658a29809249d7aeb0423bf8c5a693eee0c7
- * jnlib/w32-reg.c (write_w32_registry_string): Remove.
-
- agent: Make --allow-mark-trusted the default.
- + commit 9942a149ff2ab919c1b2916c7bc347e578a56b14
- * agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
- Put this option into the gpgconf-list.
- (main): Enable opt.allow_mark_trusted by default.
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
- allow-mark-trusted by no-allow-mark-trusted.
-
- * agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.
-
- ssh: Add support for Putty.
- + commit 5105c8d2d344fd7301d456d8c13c7e90a54f7e98
- * agent/gpg-agent.c [W32]: Include Several Windows header.
- (opts): Change help text for enable-ssh-support.
- (opts, main): Add option --enable-putty-support
- (putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
- (agent_init_default_ctrl): Add and asssert call.
- (putty_message_proc, putty_message_thread): New.
- (handle_connections) [W32]: Start putty message thread.
- * common/sysutils.c (w32_get_user_sid): New for W32 only
- * tools/gpgconf-comp.c (gc_options_gpg_agent): Add
- --enable-ssh-support and --enable-putty-support. Make the
- configuration group visible at basic level.
- * agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
-
- agent: Fix binary vs. text mode problem in ssh.
- + commit 179012ddd48e63ca83e8f5c24537a2db45c3e122
- * agent/command-ssh.c (file_to_buffer)
- (ssh_handler_request_identities): Open streams in binary mode.
- (start_command_handler_ssh): Factor some code out to ..
- (setup_ssh_env): new function.
-
- Fix syntax error for building on APPLE.
- + commit 4ad123d6fe341da7768e43360375e17fa89e8e0d
- * scd/pcsc-wrapper.c [__APPLE__]: Fix syntax error.
-
- Ignore obsolete option --disable-keypad.
- + commit d2a6be24af0bf220bb448fdd50c0196faddee0f4
- * scd/scdaemon.c (opts): Ignore --disable-keypad.
-
- Allow marking options as ignored.
- + commit 8fc9de8d6bf663f7c8419b42dab01f590a694d59
- * jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
- (ARGPARSE_TYPE_MASK): New, for internal use.
- (ARGPARSE_ignore): New.
- * jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
- constants by macros.
- (optfile_parse): Implement ARGPARSE_OPT_IGNORE.
- (arg_parse): Exclide ignore options from --dump-options.
-
-2014-03-06 Werner Koch <wk@gnupg.org>
-
- common: Fix recent commit 55656208.
- + commit 191e32026f02054b1edb4f02536875462fd0b6b3
- * common/membuf.c (get_membuf_shrink): Fix use of LEN.
-
-2014-03-06 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix g10/trust.c.
- + commit 5ed8e9335fb886d7ddc86728d8481e5e47485531
- * g10/trust.c (register_trusted_keyid, register_trusted_key)
- (update_ownertrust): Call functions with tdb_.
-
-2014-02-26 Werner Koch <wk@gnupg.org>
-
- common: Replace all macros in strusage() returned strings.
- + commit 0f38c87f427a155ab5684e18e3b73956f81edfab
- * common/argparse.c (writechar): Remove.
- (writestrings): Simplify.
- (strusage): Use map_static_macro_string.
-
- common: New function map_static_macro_string.
- + commit c72762f9acf3eef5c466ba76e895d7654df12ff7
- * common/mapstrings.c: New.
- * common/t-mapstrings.c: New.
- * common/t-support.h (DIM, DIMof): Define if not defined.
- * common/Makefile.am: Add new files.
-
- common: New function get_membuf_shrink.
- + commit 556562086acd2bc2f8e3aa3126ebf155715e042b
- * common/membuf.c (get_membuf_shrink): New.
-
- agent: Fixed unresolved symbol under Windows.
- + commit 55c3e5f448c26360eda31e05b1f62249119f73d9
- * agent/gpg-agent.c (main): s/ttyname/gnupg_ttyname/.
-
- common: Require an installed libiconv.
- + commit 380a2aa18e0c048cfefa1cb4102dfbf902a1962b
- * common/utf8conv.c: Remove dynload.h.
- (load_libiconv): Remove. Remove all calls to it.
-
-2014-02-10 Werner Koch <wk@gnupg.org>
-
- gpg: Silent more compiler warnings due to some configure options.
- + commit 47e6b6bad1dff493f4102a5549a7bb54466684c2
- * g10/keygen.c (generate_keypair, gen_card_key)
- (gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
-
- tests: Avoid segv if dns cert lookup is not configured.
- + commit 672f4aeba8bf55839911e1fe805af6b2873853f7
- * common/dns-cert.c (get_dns_cert) [!USE_DNS_CERT]: Reset return args.
-
- gpg: Cleanup compiler warnings due to some configure options.
- + commit 7901c5c2a3b7b24e9a4eaab590b0a54e9695c3e4
- * g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
- unused.
- * tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
- not configured.
-
- gpg: Allow building without any trust model support.
- + commit 62fb86c6589f7f74dad4741db31b3aefa0848420
- * configure.ac: Add option --disable-trust-models
- (NO_TRUST_MODELS): New ac_define and am_conditional.
- * g10/Makefile.am (trust_source): New.
- (gpg2_SOURCES): Factor some files out to above. Add trust.c.
- * g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
- --import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
- --list-trustdb, --trustdb-name, --auto-check-trustdb,
- --no-auto-check-trustdb, and --force-ownertrust.
- (parse_trust_model) [NO_TRUST_MODELS]: Do not build.
- (main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
- trustdb related option code.
- * g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
- "enable", and "disable".
- * g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
- "tru" record.
-
- * g10/trust.c: New.
- * g10/trustdb.c (struct key_item): Move to trustdb.h.
- (register_trusted_keyid): Rename to tdb_register_trusted_keyid.
- (register_trusted_key): Rename to tdb_register_trusted_key.
- (trust_letter, uid_trust_string_fixed, trust_value_to_string)
- (string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
- (get_ownertrust_string, get_validity_info, get_validity_string)
- (clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
- (mark_usable_uid_certs): Move to trust.c and make global.
- (is_in_klist): Move as inline to trustdb.h.
- (trustdb_check_or_update): Rename to tdb_check_or_update
- (revalidation_mark): Rename to tdb_revalidation_mark.
- (get_ownertrust): Rename to tdb_get_ownertrust.
- (get_min_ownertrust): Rename to tdb_get_min_ownertrust.
- (update_ownertrust): Rename to tdb_update_ownertrust.
- (clear_ownertrusts): Rename to tdb_clear_ownertrusts.
- (cache_disabled_value): Rename to tdb_cache_disabled_value.
- (check_trustdb_stale): Rename to tdb_check_trustdb_stale.
- (get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
- factor some code out to ...
- * trust.c (get_validity): ...new.
- (check_or_update_trustdb): New wrapper.
- (revalidation_mark): New wrapper.
- (get_ownertrust): New wrapper.
- (get_ownertrust_with_min): New wrapper.
- (update_ownertrust): New wrapper.
- (clear_ownertrusts): New wrapper.
- (cache_disabled_value): New wrapper.
- (check_trustdb_stale): New wrapper.
-
- * tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
- of --always-trust.
-
- tests: Handle disabled algorithms.
- + commit ea7f895319e89150e5613b6d20f21410f99d6f22
- * tests/openpgp/mds.test: Skip disabled algorithms.
- * tests/openpgp/signencrypt-dsa.test: Ditto.
- * tests/openpgp/sigs-dsa.test: Ditto.
-
-2014-02-07 Werner Koch <wk@gnupg.org>
-
- Silence annoying ABI change warning.
- + commit 111f082487dc7a2a50375e24203de31b000e0dea
- * configure.ac [GCC]: Pass -Wno-psabi for gcc >= 4.6. Avoid some gcc
- option tests for gcc >= 4.6
-
- Allow disabling of card support.
- + commit 8e0ba4ecd3897c748ac2f06028406604ae7baced
- * configure.ac: Add option --disable-card-support. Also add
- am_conditional and do not build scd if card support is enabled.
-
- gpg: List only available algos in --gen-key.
- + commit 357b142e7225e5c7f1e0f9768f48e833d5804b6a
- * g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.
-
- gpg: Change --print-mds to output enabled OpenPGP algos.
- + commit 54a11729fb71ba06e318fe229d0a230686ed4dc8
- * g10/gpg.c (print_mds): Use opengpg_md_test_algo. Test also for MD5
- availibility.
-
- gpg: Avoid compiler warnings for disabled algos.
- + commit aa76a1660613ece3fc0d774856abcbe0bb158300
- * g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo.
- (openpgp_pk_test_algo2): Ditto.
- (map_md_openpgp_to_gcry): Ditto.
-
-2014-02-05 Werner Koch <wk@gnupg.org>
-
- gpg: Change format for the key size in --list-key and --edit-key.
- + commit 2c814806d759e5cf611200e8210137cf8502a672
- * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
- * g10/options.h (struct opt): Add field legacy_list_mode.
- * g10/keydb.h (PUBKEY_STRING_SIZE): New.
- * g10/keyid.c (pubkey_string): New.
- * g10/import.c (import_one, import_secret_one): Use pubkey_string.
- * g10/keylist.c (print_seckey_info): Ditto.
- (print_pubkey_info, print_card_key_info): Ditto.
- (list_keyblock_print): Ditto.
- * g10/mainproc.c (list_node): Ditto.
- * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
- * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
- format.
- (show_basic_key_info): Ditto.
- * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
- (openpgp_oid_to_curve): Downcase "ed25519"
-
-2014-01-31 Werner Koch <wk@gnupg.org>
-
- gpg: Add configure options to disable algorithms.
- + commit 2ba818de1aa311ba8eb27012d69e93dd16e7d4ed
- * acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
- * configure.ac: Add --enable-gpg-* options to disable non MUS
- algorithms.
- * g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
- (openpgp_pk_test_algo2): Ditto.
- (map_md_openpgp_to_gcry): Ditto.
- (openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
-
- gpg: Improve --version algo info output.
- + commit 71540d40414dc8b304b45dc476e5e5650a2db20a
- * g10/misc.c (openpgp_pk_algo_name): Return a different string for
- each ECC algorithm.
- * g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the
- different algo type enums.
- (build_list_pk_algo_name): Ditto.
- (build_list_cipher_test_algo): Ditto.
- (build_list_cipher_algo_name): Ditto.
- (build_list_md_test_algo): Ditto.
- (build_list_md_algo_name): Ditto.
- (my_strusage): Use them.
- (list_config): Ditto. Add "pubkeyname".
- (build_list): Add letter==1 hack.
-
- gpg: Start using OpenPGP digest algo ids.
- + commit bf50604a0d50b974c1d4b8ccf5d774489f996cae
- * g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg.
- (print_cipher_algo_note): Ditto.
- (print_digest_algo_note): Ditto.
- (map_md_openpgp_to_gcry): New.
- (openpgp_md_test_algo): Rewrite.
- (openpgp_md_algo_name): Rewrite to do without Libgcrypt.
- * g10/cpr.c (write_status_begin_signing): Remove hardwired list of
- algo ranges.
-
- gpg: Use only OpenPGP cipher algo ids.
- + commit 16a6311adefff0139056714521214f845315b7f8
- * g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
- use enums for the arg and return value.
- (map_cipher_gcry_to_openpgp): Ditto.
- (openpgp_cipher_blocklen): Use constant macros.
- (openpgp_cipher_test_algo): Use mapping function and prepare to
- disable algorithms.
- (openpgp_cipher_algo_name): Do not use Libgcrypt.
-
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
- CGRY_CIPHER_* by CIPHER_ALGO_*.
-
- * common/openpgpdefs.h (cipher_algo_t): Remove unused
- CIPHER_ALGO_DUMMY.
-
-2014-01-30 Werner Koch <wk@gnupg.org>
-
- gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
- + commit b7f8dec6325f1c80640f878ed3080bbc194fbc78
- * common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
- string.
- * g10/keygen.c (check_keygrip): Adjust for change.
- * sm/certreqgen-ui.c (check_keygrip): Likewise.
-
- * agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
-
- * g10/misc.c (map_pk_openpgp_to_gcry): Remove.
- (openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
- (openpgp_pk_test_algo2): Rewrite.
- (openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
- (openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
- (pubkey_get_npkey, pubkey_get_nskey): Ditto.
- (pubkey_get_nsig, pubkey_get_nenc): Ditto.
- * g10/keygen.c(do_create_from_keygrip): Support EdDSA.
- (common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
- * g10/build-packet.c (do_key): Ditto.
- * g10/export.c (transfer_format_to_openpgp): Ditto.
- * g10/getkey.c (cache_public_key): Ditto.
- * g10/import.c (transfer_secret_keys): Ditto.
- * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
- * g10/mainproc.c (proc_pubkey_enc): Ditto.
- * g10/parse-packet.c (parse_key): Ditto,
- * g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
- * g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
- * g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
- OpenPGP algo ids and support EdDSA.
- * g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
- * g10/seskey.c (encode_md_value): Ditto.
-
-2014-01-29 Werner Koch <wk@gnupg.org>
-
- gpg: Remove cipher.h and put algo ids into a common file.
- + commit ea8a1685f75d27f5277d42ea7390ad5aeaf51b1f
- * common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
- (compress_algo_t): New.
- * agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
- * g10/cipher.h (DEK): Move to ...
- * g10/dek.h: new file.
- * g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
- (PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
- (PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
- (PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
- * g10/packet.h: here.
- * g10/cipher.h: Remove. Remove from all files.
- * g10/filter.h, g10/packet.h: Include dek.h.
- * g10/Makefile.am (common_source): Remove cipher.h. Add dek.h.
-
- include: Remove this directory.
- + commit 25b4c2acbd01f9b4c2c364f44c53b73498ed8469
- * include/cipher.h: Move to ...
- * g10/cipher.h: here.
- * agent/gpg-agent.c: Adjust header file name.
-
- * include/host2net.h: Move to ...
- * common/host2net.h: here. Change license to LGPLv3/GPLv2. Adjust
- notices to reflect that only me worked on that file.
-
- * include/types.h: Remove.
- * common/types.h: Include inttypes.h. Add byte typedef and comments
- for __riscos__.
- * common/iobuf.h: Adjust header file name.
-
- * include/_regex.h: Remove this unused file.
-
- * include/Makefile.am: Remove.
- * Makefile.am (SUBDIRS): Remove "include".
- * configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
- * include/ChangeLog-2011: Move to ...
- * common/ChangeLog-2011.include: here.
- * common/Makefile.am (EXTRA_DIST): Add file.
-
- * include/zlib-riscos.h: Move this repo only file to ...
- * g10/zlib-riscos.h: here.
-
- * include/: Remove.
-
-2014-01-17 Werner Koch <wk@gnupg.org>
-
- Remove unused u64 type definitions.
- + commit 362a30d8c2f529cd44687066f9c33cab7b43bedc
- * configure.ac: Remove check for uint64 and UINT64_C.
- * include/types.h: Remove u64 stuff.
- * common/types.h: Ditto.
-
-2014-01-16 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Not remove SSH socket when already running.
- + commit 0ee66a6f66d7389e381fffa5f9eedbc8de9add10
- * agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
- removal of the socket when it will die in create_server_socket for
- socket_name.
-
- agent: Fix agent_is_eddsa_key.
- + commit 9c731bbedfd8bded5efd886304c5ca6655768c45
- * agent/findkey.c (agent_is_eddsa_key): Implemented.
-
-2014-01-15 NIIBE Yutaka <gniibe@fsij.org>
-
- Add secp256k1.
- + commit c5e41f539b9a21cbad10c7dae95572a4445d31c3
- * common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
- (openpgp_oid_to_curve): Likewise.
-
- * g10/keygen.c (ask_curve): Add secp256k1.
-
-2014-01-10 Werner Koch <wk@gnupg.org>
-
- autogen.sh: Add rule for 64 bit windows.
- + commit aedfa95bcc49156f2bc6ae5d0f385705d4fbdd32
-
-
- Turn autogen.sh into a generic script.
- + commit e7973d36d88178b4b0a977e3fcc0d62600777618
- * autogen.sh: Revamp.
- * autogen.rc: New.
- * Makefile.am (EXTRA_DIST): Add autogen.rc.
-
- Rename scripts/ to build-aux/
- + commit 99a48b2fcdf7c33fe553511c12f2ebb8eea5c634
- * scripts/: Rename to build-aux/
- * Makefile.am: Adjust accordingly.
- * configure.ac (AC_CONFIG_AUX_DIR): Change to build-aux.
-
-2014-01-09 Werner Koch <wk@gnupg.org>
-
- Improve the speedo make script.
- + commit a55ffb9da9a844bd2bd73a4a2ea65bf18b21c57f
- * scripts/gpg-w32-dev/README: Remove
- * scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
- Merge into ..
- * scripts/speedo.mk: this.
-
- gpgsplit: Allow building without zlib support.
- + commit 00d5d2204cefb0f4b953e0c00448f16aab2d39c7
- * tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
- (handle_zlib): Build only if HAVE_ZLIB is defined.
- (write_part): Support zlib and zip only if HAVE_ZLIB is defined.
-
- w32: Fix backslash quoting in registry name.
- + commit fa318406c9bdb60aee1e1b410e4c9e0b3eb1392e
- * configure.ac (GNUPG_REGISTRY_DIR): Double backslashes.
-
- Fix test for zlib.
- + commit 477aabaf753f987987f7a2e1f999a499ea3bd103
- * configure.ac (HAVE_ZLIB): Define only if found.
-
- Add --enable-silent-rules stuff.
- + commit aba53e9f96d0c9b270edef0806976a56326249c4
- * configure.ac: Add AM_SILENT_RULES.
-
-2014-01-08 Werner Koch <wk@gnupg.org>
-
- w32: Add macro for the registry key.
- + commit 75ba215ebd8be7e14b26bb53ef3c7d41e4ce1e02
- * configure.ac (GNUPG_REGISTRY_DIR) [W32]: New ac-define.
- * common/homedir.c (default_homedir): Use it.
- * common/logging.c (do_logv): Use it.
-
-2013-12-11 Werner Koch <wk@gnupg.org>
-
- gpg: Change --show-session-key to print the session key earlier.
- + commit 101a54add351ff62793cbfbf3877787c4791f833
- * g10/cpr.c (write_status_strings): New.
- (write_status_text): Replace code by a call to write_status_strings.
- * g10/mainproc.c (proc_encrypted): Remove show_session_key code.
- * g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
-
-2013-12-05 Werner Koch <wk@gnupg.org>
-
- gpg: Change OID of Ed25519 and add Brainpool oids.
- + commit 59207a86e5f40c77fed296b642bf76692e8eef65
- * common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
- Ed25519. Add brainpool OIDs.
- (openpgp_oid_to_curve): Ditto.
-
-2013-11-29 Werner Koch <wk@gnupg.org>
-
- common: Add put_membuf_printf.
- + commit 159d42ee6ab21d97f40ee129445f37209b875739
- * common/membuf.c (put_membuf_printf): New.
-
-2013-11-27 Werner Koch <wk@gnupg.org>
-
- gpg: Change armor Version header to emit only the major version.
- + commit e951782e937ce290be0d89d83e84b3daea997587
- * g10/options.h (opt): Rename field no_version to emit_version.
- * g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version
- to bump up opt.emit_version.
- * g10/armor.c (armor_filter): Implement different --emit-version
- values.
-
-2013-11-18 Werner Koch <wk@gnupg.org>
-
- Make use of the *_NAME etc macros.
- + commit cc9a0b69b698ba436eaf777e5020532845b56236
- Replace hardwired strings at many places with new macros from config.h
- and use the new strusage macro replacement feature.
-
- * common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
- sentinels.
- * agent/command.c (cmd_import_key): Use asprintf to create the prompt.
-
- Add strusage macro replacement feature.
- + commit 798daaa1ddf73f64cf840fbdc1f4c5b9c4b4ec13
- * common/argparse.c (writechar): New.
- (writestrings): Add macro replacement feature.
- (show_help): Remove specialized @EMAIL@ replacement.
- * configure.ac (GNUPG_NAME, GPG_NAME, GPGSM_NAME): Define.
- (GPG_AGENT_NAME, DIRMNGR_NAME, G13_NAME, GPGCONF_NAME): Define.
- (GPGTAR_NAME, GPG_AGENT_INFO_NAME, GPG_AGENT_SOCK_NAME): Define.
- (GPG_AGENT_SSH_SOCK_NAME, DIRMNGR_INFO_NAME): Define.
- (DIRMNGR_SOCK_NAME): Define.
-
-2013-11-15 Werner Koch <wk@gnupg.org>
-
- kbx: Implement update operation for OpenPGP keyblocks.
- + commit 5499942571a88a1223a7318992605c6d29858866
- * kbx/keybox-update.c (keybox_update_keyblock): Implement.
- * kbx/keybox-search.c (get_blob_flags): Move to ...
- * kbx/keybox-defs.h (blob_get_type): here.
- * kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
- * g10/keydb.c (build_keyblock_image): Allow calling without
- R_SIGSTATUS.
- (keydb_update_keyblock): Implement for keybox.
-
- * kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
- size. Print "does not expire" also on 64 bit platforms.
-
- gpg: Rework ECC support and add experimental support for Ed25519.
- + commit 402aa0f94854bb00475c934be5ca6043a4632126
- * agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
- (agent_is_dsa_key): Ditto.
- (agent_is_eddsa_key): New. Not finished, though.
- * agent/pksign.c (do_encode_eddsa): New.
- (agent_pksign_do): Use gcry_log_debug functions.
- * agent/protect.c (agent_protect): Parse a flags parameter.
- * g10/keygen.c (gpg_curve_to_oid): Move to ...
- * common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
- (oid_ed25519): New.
- (openpgp_oid_is_ed25519): New.
- (openpgp_oid_to_curve): New.
- * common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
- * g10/build-packet.c (gpg_mpi_write): Write the length header also for
- opaque MPIs.
- (gpg_mpi_write_nohdr): New.
- (do_key): Use gpg_mpi_write_nohdr depending on algorithm.
- (do_pubkey_enc): Ditto.
- * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
- gpg_mpi_write_nohdr.
- * g10/export.c (transfer_format_to_openpgp):
- * g10/keygen.c (ecckey_from_sexp): Return the error.
- (gen_ecc): Repalce arg NBITS by CURVE.
- (read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
- (ask_curve): New.
- (generate_keypair, generate_subkeypair): Use ask_curve.
- (do_generate_keypair): Also pass curve name.
- * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
- curve name.
- * g10/parse-packet.c (mpi_read): Remove workaround for
- Libcgrypt < 1.5.
- (parse_key): Fix ECC case. Print the curve name.
- * g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
- (pk_verify, pk_check_secret_key): Add special case for Ed25519.
- * g10/seskey.c (encode_md_value): Ditto.
- * g10/sign.c (do_sign, hash_for, sign_file): Ditto.
-
- kbx: Fix possible segv in kbxdump.
- + commit 9ae48b173c93f4747a9826beb1fbd023c4362c22
- * kbx/keybox-dump.c (_keybox_dump_blob): Check length before get32.
-
- Require Libgcrypt 1.6.
- + commit b27161cd0c76ae6e2381f60c3a502cde3a2aaa21
- * agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
-
-2013-11-13 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: more pinpad input fix for PC/SC.
- + commit abd922e79b2ff63a5a763a30d4a06a91f93d0b12
- * scd/apdu.c (check_pcsc_pinpad): Set default values here.
- (pcsc_pinpad_verify, pcsc_pinpad_modify): Remove setting default
- values, as it's too late.
-
-2013-11-11 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: more pinpad fix.
- + commit 037dea9dd5eac7a74df0e12cb437e71fb0732afa
- * scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
- those are specified.
- (pcsc_pinpad_modify): Remove old check code.
-
-2013-10-29 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: pinpad fix for PC/SC on Windows.
- + commit 32989ad2b152d18198d718bc2c7232ce3e79c72f
- * scd/apdu.c (SCARD_CTL_CODE): Fix for Windows.
-
-2013-10-28 Werner Koch <wk@gnupg.org>
-
- doc: Change yat2m to allow arbitrary condition names.
- + commit a15c35f37ed2b58805adc213029998aa3e52f038
- * doc/yat2m.c (MAX_CONDITION_NESTING): New.
- (gpgone_defined): Remove.
- (condition_s, condition_stack, condition_stack_idx): New.
- (cond_is_active, cond_in_verbatim): New.
- (add_predefined_macro, set_macro, macro_set_p): New.
- (evaluate_conditions, push_condition, pop_condition): New.
- (parse_file): Rewrite to use the condition stack.
- (top_parse_file): Set prefined macros.
- (main): Change -D to define arbitrary macros.
-
-2013-10-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: fix pinpad input on Windows.
- + commit de7e15c6b80164a351586e9087aad86420c8b89e
- * scd/apdu.c (open_pcsc_reader_direct): Don't call
- pcsc_vendor_specific_init here, but...
- (connect_pcsc_card): Call it here.
-
-2013-10-23 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Update Japanese translation.
- + commit b66158cac7347e4c56c79ab7b5416ae5b3f4a0a2
-
-
-2013-10-16 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: add pinpad readers information for PC/SC service.
- + commit 5efcc2b8fee8de31d255d09037f0a1e6209eab32
- * scd/apdu.c (pcsc_vendor_specific_init): Add information for Cherry
- ST-2xxx, Reiner cyberJack, Vasco DIGIPASS, FSIJ Gnuk Token, and KAAN
- Advance.
-
-2013-10-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: remove pin length check.
- + commit e0ab665a792ada6470cb8885b8427acc3c960998
- * scd/apdu.c (pcsc_pinpad_verify): Remove old check code for pin
- length.
-
-2013-10-04 Werner Koch <wk@gnupg.org>
-
- gpg: Limit the nesting level of I/O filters.
- + commit e6175055fbca958b7fa43aaf84359574ca7f3ebb
- * common/iobuf.c (MAX_NESTING_FILTER): New.
- (iobuf_push_filter2): Limit the nesting level.
-
- * g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
- and ANY_SIG_SIGN to bit fields of ANY. Add bit field
- UNCOMPRESS_FAILED.
- (proc_compressed): Avoid printing multiple Bad Data messages.
- (check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
-
-2013-10-02 Werner Koch <wk@gnupg.org>
-
- gpg: Fix bug with deeply nested compressed packets.
- + commit 0899f6d4be0406c9efbf9c3f342825804f359b5a
- * g10/mainproc.c (MAX_NESTING_DEPTH): New.
- (proc_compressed): Return an error code.
- (check_nesting): New.
- (do_proc_packets): Check packet nesting depth. Handle errors from
- check_compressed.
-
-2013-09-08 Werner Koch <wk@gnupg.org>
-
- Switch to deterministic DSA.
- + commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd
- * agent/pksign.c (rfc6979_hash_algo_string): New.
- (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
-
-2013-08-30 Werner Koch <wk@gnupg.org>
-
- scd: Suppress gcc warning about possible uninitialized use.
- + commit 244587ea41d4c75cb5570356f09a6705864a7e8d
- * scd/app-nks.c (parse_pwidstr): Always init r_pwid.
-
- gpg: Use 2048 as the default keysize in batch mode.
- + commit 4c3b35b067a4e7002bb6473b879b551014bb7857
- * g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
- 2048.
-
- gpgtar: Fix building for systems with a separate libintl.
- + commit 12990efb45ee7c425167aad19fe759d5609c5182
- * tools/Makefile.am (gpgtar_LDADD): Add LIBINTL and LIBICONV.
-
- scd: Use vendor and product id macros also in apdu.c.
- + commit fc31d730d8506b069de1d3529ed26660856bf07f
- * scd/ccid-driver.c: Move vendor and product ids to ...
- * scd/ccid-driver.h: here.
- * scd/apdu.c (CCID_DRIVER_INCLUDE_USB_IDS): Define to include ids.
- (pcsc_vendor_specific_init): Use vendor and product id macros.
-
-2013-08-30 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: PC/SC pinpad input improvement.
- + commit 95a3bffeaf07e8bf9487d4b165c336d166236fc1
- * scd/apdu.c (struct reader_table_s): Add members: PINMIN, PINMAX, and
- PINPAD_VERLEN_SUPPORTED.
- (CM_IOCTL_VENDOR_IFD_EXCHANGE, FEATURE_GET_TLV_PROPERTIES,
- PCSCv2_PART10_PROPERTY_*): New.
- (new_reader_slot): Initialize pinpad_varlen_supported, pinmin, pinmax.
- (pcsc_vendor_specific_init): New.
- (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Call
- pcsc_vendor_specific_init.
- (check_pcsc_pinpad): Not detect here but use the result of
- pcsc_vendor_specific_init.
- (pcsc_pinpad_verify, pcsc_pinpad_modify): Specify bNumberMessage.
-
-2013-08-29 Jonas Borgström <jonas@borgstrom.se>
-
- scd: add support for RSA_CRT and RSA_CRT_N key import.
- + commit cc67918c088e90c1d9a507af5f6288e8faa93d87
- * scd/app-openpgp.c (do_writekey): Added RSA_CRT and RSA_CRT_N support.
-
-2013-08-29 Werner Koch <wk@gnupg.org>
-
- kbx: Add a few macros for easier readability.
- + commit 3adfaa9beee4502479b5673c7dfd386680a920c5
- * kbx/keybox-update.c (FILECOPY_INSERT)
- (FILECOPY_DELETE, FILECOPY_UPDATE): New macros. Replace numbers by
- them.
-
-2013-08-28 Werner Koch <wk@gnupg.org>
-
- Fix commit 04e2c83f.
- + commit fdbf76eee6a4e81b040d423926b71af7b491fb4a
- * agent/command-ssh.c (stream_read_string): Do not assign to a NULL
- ptr.
-
- gpg: Make decryption with the OpenPGP card work.
- + commit 780ba3233618393835970bac4cf8aab713f4d7fa
- * scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
- * scd/app-openpgp.c (do_decipher): Add arg R_INFO.
- * scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
- * scd/app.c (app_decipher): Add arg R_INFO.
- * scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
- * agent/call-scd.c (padding_info_cb): New.
- (agent_card_pkdecrypt): Add arg R_PADDING.
- * agent/divert-scd.c (divert_pkdecrypt): Ditto.
- * agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
- * agent/command.c (cmd_pkdecrypt): Print status line "PADDING".
- * g10/call-agent.c (padding_info_cb): New.
- (agent_pkdecrypt): Add arg R_PADDING.
- * g10/pubkey-enc.c (get_it): Use padding info.
-
- agent: Fix two compiler warnings.
- + commit 04e2c83f189cc56342e1be784bdc63761ccdb5bb
- * agent/command.c (cmd_preset_passphrase, pinentry_loopback): Use %zu
- in format string.
- * scd/ccid-driver.c (ccid_get_atr): Ditto.
- * agent/command-ssh.c (stream_read_string): Init arg STRING_SIZE to
- avoid maybe_unitialized warning.
-
-2013-08-27 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: fix parsing login-data DO.
- + commit b6d54f1196d5f110fd94dfd661e74dbc60ca9811
- * scd/app-openpgp.c (parse_login_data): Release RELPTR. Fix parsing.
-
- scd: fix Vega for Alpha reader.
- + commit 54cbab29c700db2df74e808f16db49170e6c42f1
- * scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
- and size of command.
-
-2013-08-21 Werner Koch <wk@gnupg.org>
-
- scd: Make SPRx32 pinpad work with PC/SC on Windows.
- + commit 5c5e52df4b92e23045ac87abac09357de58920d4
- * scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
- (SCARD_CTL_CODE): Define if not defined.
- (reader_table_s): Add is_spr532.
- (new_reader_slot): Clear it.
- (check_pcsc_pinpad): Set it.
- (pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.
-
- scd: Improve --enable-pinpad-varlen.
- + commit 7bde2bf3b0ddb5d3515a44879e1a7ddb581a5c0b
- * tools/gpgconf-comp.c (gc_options_scdaemon): Add
- enable-pinpad-varlen.
- * scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.
-
-2013-08-08 Werner Koch <wk@gnupg.org>
-
- agent: Extend cmd KEYINFO to return data from sshcontrol.
- + commit 50c98c7ed6b542857ee2f902eca36cda37407737
- * agent/command-ssh.c (struct control_file_s): Rename to
- ssh_control_file_s.
- (ssh_open_control_file, ssh_close_control_file)
- (ssh_read_control_file, ssh_search_control_file): New.
- (control_file_t): Rename and move to ...
- * agent/agent.h (ssh_control_file_t): here.
- * agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
- and confirm. Rename unknown keytype indicator from '-' to 'X'. Extend
- output.
- (cmd_keyinfo): Add options --ssh-list and --with-ssh.
-
-2013-08-02 Werner Koch <wk@gnupg.org>
-
- gpg: No need to create a trustdb when encrypting with --always-trust.
- + commit 498b9a95dc65c43240835d64cc92d8fb43014d53
- * g10/gpg.c (main): Special case setup_trustdb for --encrypt.
-
-2013-08-01 Werner Koch <wk@gnupg.org>
-
- w32: Fix recent patch 9ff72e4.
- + commit ca6fe88c0068f8d45ef39df0fc7b161998a91fe9
- * common/homedir.c (check_portable_app): Fix the name of the control
- file.
-
- agent: Include missing prototype.
- + commit ef6a6d973c2bcc54006c04dc41f978ff01005c97
- * agent/protect.c: Include cvt-openpgp.h.
-
- w32: Add code to support a portable use of GnuPG.
- + commit 9ff72e4e7e4f56c241a525479a94ed4c95efc23f
- * common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
- (check_portable_app) [W32]: New.
- (standard_homedir, default_homedir) [W32]: Support the portable flag.
- (w32_rootdir, w32_commondir) [W32]: Ditto.
- (gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
- * common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
- * common/logging.c (no_registry): New variable.
- (log_set_prefix, log_get_prefix): Set/get that variable.
- (do_logv): Do not check the registry if that variable is set.
-
- Silence compiler warning about deprecated Libgcrypt symbols.
- + commit db4651734fe91935b17876dc9194329b00066eff
- * configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
-
- dirmngr: Define missing LDAP constant.
- + commit ef2e2e54020c3475bf2129c3ec8360c7bad3a6c9
- * dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.
-
- scd: Fix a syntax error for Apple and Windows.
- + commit 25b0357bf0a4861a751cfbc3e0335ae05c8b2b1b
- * scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.
-
- common: Fix a build error when using adns.
- + commit ffa7472db551f12f66b9789c31fabb5fc80cc13a
- * common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
-
-2013-07-31 Werner Koch <wk@gnupg.org>
-
- common: Comment out unused code.
- + commit f101f34fffee4a02e7a5f62b59667e45e50e8325
- * common/w32-reg.c (write_w32_registry_string): Comment out.
-
- dirmngr: Remove unused file.
- + commit 2830fcb83c99289a49da0e111766daf2d9a1fa3b
- * dirmngr/get-path.c: Remove.
-
-2013-06-27 Werner Koch <wk@gnupg.org>
-
- sm: Remove cruft from source files.
- + commit f254497e09fa4e0e24e63d14f7316fc31c938844
- * sm/keydb.c, sm/keydb.h: Remove disabled code parts.
-
- Prepare for newer automake versions.
- + commit 043e2728c813299fafcf62cd125ecf872b26179e
- * configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
- option form. Add options from the top Makefile.
- (AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
- * Makefile.am (AUTOMAKE_OPTIONS): Remove.
-
- * kbx/Makefile.am: Remove INCLUDES. Include cmacros.am. FActor some
- AM_CPPFLAGS options to AM_CFLAGS.
-
-2013-06-26 Werner Koch <wk@gnupg.org>
-
- Fix Makefile regression.
- + commit 136f190a2f20c6ec4d5c3ca3ac7f0440c14e4dc2
- * agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
- resolve conflict 2013-04-25.
- (gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
- (gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
-
-2013-05-22 Werner Koch <wk@gnupg.org>
-
- Implement unattended OpenPGP secret key import.
- + commit 7777e68d0482c942f527e91c04adbcfb40bc8bef
- * agent/command.c (cmd_import_key): Add option --unattended.
- * agent/cvt-openpgp.c (convert_transfer_key): New.
- (do_unprotect): Factor some code out to ...
- (prepare_unprotect): new function.
- (convert_from_openpgp): Factor all code out to ...
- (convert_from_openpgp_main): this. Add arg 'passphrase'. Implement
- openpgp-native protection modes.
- (convert_from_openpgp_native): New.
- * agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
- * agent/protect-tool.c (convert_from_openpgp_native): Ditto.
- * agent/protect.c (agent_unprotect): Add arg CTRL. Adjust all
- callers. Support openpgp-native protection.
- * g10/call-agent.c (agent_import_key): Add arg 'unattended'.
- * g10/import.c (transfer_secret_keys): Use unattended in batch mode.
-
- New debug functions log_printcanon and log_printsexp.
- + commit cb6a64bb78296c8e9f72df0c482ff847e89a1541
- * common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
- (log_printcanon, log_printsexp): New.
-
- agent: Fix length detection of canonical formatted openpgp keys.
- + commit 0f0e0559f9b160824f10dc17b389268cdb53aea4
- * agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
- gcry_sexp_canon_len.
-
- agent: New option --disable-check-own-socket.
- + commit f2d8a14e1b12534eba69d595a62c78f92331e11b
- * agent/gpg-agent.c (oDisableCheckOwnSocket): New.
- (disable_check_own_socket): New.
- (parse_rereadable_options): Set new option.
- (check_own_socket): Implement new option.
-
-2013-05-07 Werner Koch <wk@gnupg.org>
-
- w32: Add icons and version information.
- + commit 88e24341e57c96e31a25e92e09d67989e64cc1c1
- * common/gnupg.ico: New. Take from artwork/gnupg-favicon-1.ico.
- * agent/gpg-agent-w32info.rc: New.
- * g10/gpg-w32info.rc: New.
- * scd/scdaemon-w32info.rc: New.
- * sm/gpgsm-w32info.rc: New.
- * tools/gpg-connect-agent-w32info.rc: New.
- * common/w32info-rc.h.in: New.
- * configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
- (BUILD_HOSTNAME): New.
- (AC_CONFIG_FILES): Add w32info-rc.h.
- * am/cmacros.am (.rc.o): New rule.
- * agent/Makefile.am, common/Makefile.am, g10/Makefile.am
- * scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
- build resource files.
-
-2013-05-07 Ian Abbott <abbotti@mev.co.uk>
-
- doc: fix some Texinfo warnings.
- + commit 2c3fc4719b92d9e3ac32efd134a930e1cc126032
- * doc/gpg.texi: Fix syntax and add missing menu entries.
- * doc/gpgsm.texi: Fix subsectioning.
-
-2013-04-22 Werner Koch <wk@gnupg.org>
-
- Fix potential heap corruption in "gpg -v --version".
- + commit 151b78cc26d728e9eb42620e0caf8c6f4bd7f839
- * g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
- certain locales.
-
-2013-04-19 Werner Koch <wk@gnupg.org>
-
- gpgsm: Remove non-implemented commands from --help.
- + commit d6798d261cbe6519ef5b3ebb474e2ad348442c0c
- * sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
- --send-keys, and --recv-keys.
-
-2013-04-19 Daiki Ueno <ueno@gnu.org>
-
- Make sure to call fflush if estream_t is backed with stdio.
- + commit e498180d5647d3427a7d7e6c82a9f09cf1ba439d
- * common/estream.c (es_func_fp_write): Call fflush after fwrite.
-
-2013-04-19 Werner Koch <wk@gnupg.org>
-
- doc: Formatting fixes.
- + commit ff6115227a1ced14e2fb3d160a12181b9dfbc502
- * doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
- * doc/gpg.texi: Fix cross reference for --options.
- * doc/gpgsm.texi: Likewise.
- * doc/gpl.texi: Fix enumerate and re-indent examples.
-
-2013-04-01 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: move SCDaemon to libexecdir.
- + commit 021767d8aa11aac8ac87dc3a31969ee6cfa65966
- * common/homedir.c (gnupg_module_name): It's now libexecdir.
- * scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
- (bin_PROGRAMS): Remove scdaemon.
-
-2013-03-29 Werner Koch <wk@gnupg.org>
-
- copyright assignments are not anymore required.
- + commit 07227279c44e3af0939f90025a0d22b782d0f185
-
-
-2013-03-26 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: PC/SC status fix.
- + commit 64b1a2cf6f18348544a2d2cd4d49fd27bf01c150
- * scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
- PCSC_STATE_PRESENT.
-
- * scd/pcsc-wrapper.c (handle_status): Ditto.
-
- scd: PC/SC cleanup (more).
- + commit b9aceaa442914beb4f5359283053b43ba5a46b4c
- * scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
- (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
- pcsc_dword_t.
-
- scd: call update_card_removed only when detecting removal.
- + commit 1062893832bb15eaac853f52e1cb673e5e03790a
- * scd/command.c (update_reader_status_file): Add condition
- vr->status == 0.
-
-2013-03-22 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: PC/SC cleanup.
- + commit ee95c23fcdc6673db0fc7287ab2197915d9b55b3
- * scd/apdu.c (pcsc_dword_t): New. It was named as DWORD (double-word)
- when a word was 16-bit.
- (struct reader_table_s): Fixes for types.
- (struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
- Throughout: Fixes for types.
-
- * scd/pcsc-wrapper.c: Likewise.
-
-2013-03-21 NIIBE Yutaka <gniibe@fsij.org>
-
- po: Enable ja.po.
- + commit a75a08d6e30e93e1793aa78a15d473a3ea7623cb
- * po/LINGUAS: Enable ja.po.
-
- scd: change default value of pinpad maxlen.
- + commit ca66f5c779af74d0eb7221afd7a9707201931e50
- * scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
- of maxlen for pinpad input is now 15 (was: 25).
-
- * scd/ccid-driver.c (ccid_transceive_secure): Likewise.
-
-2013-03-20 Werner Koch <wk@gnupg.org>
-
- Add code to allow for late memory cleanup.
- + commit 2739834206f23833161898a73427b8a9c6d5d26d
- * common/init.c (mem_cleanup_item_t): New.
- (run_mem_cleanup): New.
- (_init_common_subsystems): Add an atexit for it.
- (register_mem_cleanup_func): New.
-
- * g10/kbnode.c (cleanup_registered): New.
- (release_unused_nodes): New.
- (alloc_node): Call register_mem_cleanup_func.
-
- kbx: Remove unused macro.
- + commit 44159b681f8f09000fabfc3ee294d5821578d3a6
- * kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro.
-
-2013-03-19 Werner Koch <wk@gnupg.org>
-
- gpg: Print indicator for unknown key capability.
- + commit c4dbd1b2de8ae3847a040444e86500848868bcf4
- * g10/keylist.c (print_capabilities): Print '?' for unknown usage.
-
-2013-03-19 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-
- gpg: Allow setting of all zero key flags.
- + commit b693ec02c467696bf9d7324dd081e279f9965151
- * g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
-
-2013-03-19 Werner Koch <wk@gnupg.org>
-
- gpg: Distinguish between missing and cleared key flags.
- + commit 4bde12206c5bf199dc6e12a74af8da4558ba41bf
- * include/cipher.h (PUBKEY_USAGE_NONE): New.
- * g10/getkey.c (parse_key_usage): Set new flag.
-
-2013-03-15 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: ccid-driver supporting larger APDU.
- + commit 76dc5c08dc2686eef32e1bd221c60fe91201246f
- * scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
- APDU.
-
- scd: fix missing close paren.
- + commit 006782068e4d2a9413770400494421a2e9726ee7
- * scd/app-openpgp.c (du_auth): Fix.
-
-2013-03-09 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: support ECDSA signing.
- + commit 73ad742deacfe2bf7d6efc7cc30f9ced2d83521a
- * scd/app-openpgp.c (do_sign): Only prepend message digest block
- for RSA or do_auth.
- (do_auth): Remove message digest block for ECDSA.
-
-2013-03-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: support ECDSA public key.
- + commit 010bc7f4f06d8affb98950e1adc76c68bfcc9abb
- * scd/app-openpgp.c (key_type_t): New.
- (CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
- (struct app_local_s): Change keyattr to have key_type and union.
- (get_ecc_key_parameters, get_curve_name): New.
- (send_key_attr, get_public_key): Support ECDSA.
- (build_privkey_template, do_writekey, do_genkey): Follow the change
- of the member KEY_ATTR.
- (parse_historical): New.
- (parse_algorithm_attribute): Support ECDSA.
-
-2013-03-05 Werner Koch <wk@gnupg.org>
-
- Require libgpg-error 1.11.
- + commit 5bac5040dc93343e1e89916b263390b0e52040bf
- * configure.ac: Require libgpg-error 1.11.
- * common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
- (GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.
-
-2013-02-28 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: pksign result conversion to sexp to upper layer.
- + commit ef1983d58b913306e9bf02a7189e530123839c59
- * agent/agent.h (divert_pksign): Add R_SIGLEN argument.
- * agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
- * agent/call-scd.c (agent_card_pksign): Move composition of
- S-expression to...
- * agent/pksign.c (agent_pksign_do): ... here.
-
-2013-02-22 Werner Koch <wk@gnupg.org>
-
- Use has_leading_keyword in the assuan callbacks.
- + commit 585d5c62eece23911a768d97d11f159be138b13d
- * agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
- * agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
- * g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
- (inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
- * g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
- * sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
- (inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
- (keyinfo_status_cb, inq_import_key_parms): Ditto.
- * sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
- (lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
-
- Remove some unused variables.
- + commit c6b8f05517228c6aeab28d2bf5da7724c059bb1a
- * tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
- used_components.
- * agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
- * g13/g13.c (main): Comment variable of yet unimplemented options.
-
- gpg: Fix a memory leak in batch key generation.
- + commit 161674118d568025896026ede5e03d26bdfdfa68
- * g10/keygen.c (append_to_parameter): New.
- (proc_parameter_file): Use new func to extend the parameter list.
-
- * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
- gcry_kdf_derive failed.
- * g10/keygen.c (proc_parameter_file): Print a diagnostic if
- passphrase_to_dek failed.
-
- gpg: Handle the agent's NEW_PASSPHRASE inquiry.
- + commit baee681d2406530c45fd6d4bde77193ba23ac263
- * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
-
- common: Add func has_leading_keyword.
- + commit 2838385e76c8c7108bc949d5a1d1c947051bd5be
- * common/stringhelp.c (has_leading_keyword): New.
-
- Remove build hacks for FreeBSD.
- + commit 21f5a9ec27c0794141a835a5bb3c69495ee554a6
- * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
- LDFLAGS.
-
-2013-02-22 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: fix two bugs.
- + commit 3c3648e720b8014828573bd708c88ba4775014e3
- * agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
- * agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.
-
- gpg: fix keytocard and support ECC card for key attribute.
- + commit 7d376ffa321d4af6e62a2bc64ef2b8574b122b1a
- * g10/call-agent.c (agent_keytocard): Supply PARM arg.
- * g10/card-util.c (card_status): Support ECC.
- (card_store_subkey): Don't assume RSA.
-
-2013-02-21 Werner Koch <wk@gnupg.org>
-
- gpg: Fix a memory leak in batch key generation.
- + commit 273bb38cd7b517460cb3de67662e96e910104675
- * g10/keygen.c (append_to_parameter): New.
- (proc_parameter_file): Use new func to extend the parameter list.
-
- * g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
- gcry_kdf_derive failed.
- * g10/keygen.c (proc_parameter_file): Print a diagnostic if
- passphrase_to_dek failed.
-
- gpg: Handle the agent's NEW_PASSPHRASE inquiry.
- + commit 18a261b65fd77a9e434b13483ceaaaf2176f1197
- * g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
-
- common: Add func has_leading_keyword.
- + commit 4af0c62b15c51056dc293c8e3b907e7c41fbf08c
- * common/stringhelp.c (has_leading_keyword): New.
-
-2013-02-20 Werner Koch <wk@gnupg.org>
-
- Remove build hacks for FreeBSD.
- + commit 8e5766c38f3ac376fb8e7c7f2b0f65de23d84cbe
- * configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
- LDFLAGS.
-
-2013-02-12 NIIBE Yutaka <gniibe@fsij.org>
-
- gpg: Implement card_store_subkey again.
- + commit b90506ea220860c89128f002bd593d0462a08d73
- * g10/call-agent.h (agent_keytocard): New.
- * g10/call-agent.c (agent_keytocard): New.
- * g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
- (card_generate_subkey): Check return value of replace_existing_key_p.
- (card_store_subkey): Implement again using agent_keytocard.
-
- agent: Add KEYTOCARD command.
- + commit 30f8a3c8736451d8c06ef72521a8da5eabf23016
- * agent/agent.h (divert_writekey, agent_card_writekey): New.
- * agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
- * agent/command.c (cmd_keytocard, hlp_keytocard): New.
- (register_commands): Add cmd_keytocard.
- * agent/divert-scd.c (divert_writekey): New.
-
- Japanese: update po and doc.
- + commit 595ab0da666c43a1315a72a1346ee149998d8771
- * doc/help.ja.txt, po/ja.po: Updated.
-
-2013-02-08 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Rename 'keypad' to 'pinpad'.
- + commit 7253093addfd82a8dd25cd80e3ba820a85e3c9a7
- * NEWS: Mention scd changes.
-
- * agent/divert-scd.c (getpin_cb): Change message.
-
- * agent/call-scd.c (inq_needpin): Change the protocol to
- POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
- * scd/command.c (pin_cb): Likewise.
-
- * scd/apdu.c (struct reader_table_s): Rename member functions.
- (check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
- check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
- apdu_pinpad_verify, apdu_pinpad_modify): Rename.
-
- * scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
- (apdu_pinpad_verify, apdu_pinpad_modify): Rename.
-
- * scd/iso7816.h (iso7816_check_pinpad): Rename.
-
- * scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
- (iso7816_check_pinpad): Rename.
- (iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
- the change.
-
- * scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
- * scd/ccid-driver.c (ccid_transceive_secure): Use it.
-
- * scd/app-dinsig.c (verify_pin): Follow the change.
- * scd/app-nks.c (verify_pin): Follow the change.
-
- * scd/app-openpgp.c (check_pinpad_request): Rename.
- (parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
- the change.
-
- * scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.
-
- * scd/scdaemon.h (opt): Rename to disable_pinpad,
- enable_pinpad_varlen.
-
- * tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
- disable-pinpad.
-
-2013-02-07 Werner Koch <wk@gnupg.org>
-
- gpg: Add pinentry-mode feature.
- + commit 21feecd48f990b2569cb4b385dea3e57b9501525
- * g10/gpg.c: Include shareddefs.h.
- (main): Add option --pinentry-mode.
- * g10/options.h (struct opt): Add field pinentry_mode.
- * g10/passphrase.c: Include shareddefs.h.
- (have_static_passphrase): Take care of loopback pinentry_mode.
- (read_passphrase_from_fd): Ditto.
- (get_static_passphrase): New.
- (passphrase_to_dek_ext): Factor some code out to ...
- (emit_status_need_passphrase): new.
- * g10/call-agent.c (start_agent): Send the pinentry mode.
- (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
- proper error code.
- (agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
- (agent_pkdecrypt): Ditto.
- * g10/pubkey-enc.c (get_it): Pass new args.
- * g10/sign.c (do_sign): Pass new args.
-
- * g10/call-agent.c (struct default_inq_parm_s): New. Change all
- similar structs to reference this one. Change all users and inquire
- callback to use this struct, instead of NULL or some undefined but not
- used structs. This change will help to eventually get rid of global
- variables.
-
-2013-02-06 Werner Koch <wk@gnupg.org>
-
- agent: Move a typedef to common and provide parse_pinentry_mode.
- + commit 8b2b8dfe5c4cd346bbea2c228e75737bbeeca4c4
- * common/agent-opt.c: New.
- * common/shareddefs.h: New.
- * common/Makefile.am: Add new files.
- * agent/agent.h: Include shareddefs.h.
- (pinentry_mode_t): Factor out to shareddefs.h.
- * agent/command.c (option_handler): Use parse_pinentry_mode.
-
- agent: Return a better error code if no passphrase was given.
- + commit 4483a4f0ea030046137ba04905eb5220c14a2161
- * agent/protect.c (hash_passphrase): Handle an empty passphrase.
-
-2013-02-05 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: Fix check_keypad_request.
- + commit c27315fc6466cceb862c9e67755a8e044e9b7688
- * scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.
-
- SCD: Add vendor specific initalization.
- + commit e791ac6683bfb90d5e40c0103324784bd58535c9
- * scd/ccid-driver.c (ccid_vendor_specific_init): New.
- (ccid_open_reader): Call ccid_vendor_specific_init.
-
- SCD: Support P=N format for login data.
- + commit 0407e642f796fb2780a77b7a1a86731d0de27e5d
- * scd/app-openpgp.c (parse_login_data): Support P=N format.
-
- SCD: Better interoperability.
- + commit bd5eded73a1268afdf81482f8408e5f640abf9c4
- * scd/apdu.c: Fill bTeoPrologue[2] field.
-
- SCD: Defaults to use pinpad if the reader has the capability.
- + commit a9ff97a10f7ae5a703ed1bccba294473ecc88d5d
- * scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
- (parse_login_data): "P=0" means to disable pinpad.
- (check_keypad_request): Default is to use pinpad if available.
-
- SCD: handle keypad request on the card.
- + commit 334ba6efa5a05d8849fae213128a0505e7615e13
- * scd/app-openpgp.c: Add 2013.
- (struct app_local_s): Add keypad structure.
- (parse_login_data): Add parsing keypad request on the card.
- (check_keypad_request): New.
- (verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
- to determine use of keypad.
-
- SCD: Minor fix of ccid-driver.
- + commit d5bf83a24cf3871b7d8cfe61049f70e1e206d09a
- * scd/ccid-driver.c (VENDOR_VEGA): Fix typo.
-
- SCD: Add support of Covadis VEGA_ALPHA reader.
- + commit 82e1e837c29225cd55642b193cc04ce6191d19bb
- * scd/ccid-driver.c: Add 2013.
- (VENDER_VEGA, VEGA_ALPHA):New.
- (ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
- Change bNumberMessage to 0x01, as it works better (was: 0xff).
-
- SCD: Support fixed length PIN input for keypad (PC/SC).
- + commit 3aae780f9debaeb3560ff866b7e09d0923481c57
- * scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
- keypad.
- (pcsc_keypad_modify): Likewise.
- * scd/ccid-driver.c (ccid_transceive_secure): Clean up.
-
- SCD: Support fixed length PIN input for keypad.
- + commit 40a914a2e3052847b49c4b5e8ac8538e97efd18a
- * scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
- * scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
- * scd/app-nks.c (verify_pin): Likewise.
- * scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
- Likewise.
- * scd/apdu.c (check_pcsc_keypad): Add comment.
- (pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
- readers with the feature of variable length input (yet).
- (apdu_check_keypad): Set FIXEDLEN.
- * scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
- specific settings.
- Support fixed length PIN input for keypad.
-
- SCD: API cleanup for keypad handling.
- + commit b526f6e223604b7c1852ef2aab9fc1ea691b1181
- * scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
- Change meaning of MODE.
- (pininfo_t): Rename from iso7816_pininfo_t.
- * scd/sc-copykeys.c: Include "iso7816.h".
- * scd/scdaemon.c, scd/command.c: Likewise.
- * scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
- (ccid_transceive_secure): Follow the change of PININFO_T.
- * scd/app.c: Include "apdu.h" after "iso7816.h".
- * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
- (iso7816_change_reference_data_kp): Follow the change of API.
- * scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
- KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
- (check_pcsc_keypad, check_ccid_keypad): Likewise.
- (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
- (pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
- (pcsc_send_apdu_direct, pcsc_send_apdu_wrapped, pcsc_send_apdu)
- (send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
- (send_le): Follow the change of API.
- * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
- (apdu_keypad_modify): Change the API.
- * scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
- change.
-
- SCD: Clean up. Remove PADLEN for keypad input.
- + commit ca89277cb4cb9558da97a71a4cb070cb77c9b536
- * scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
- (struct reader_table_s): Remove last arg from check_keypad method.
- (check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
- (pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
- (send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
- (apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
- Likewise.
-
- * scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
- (apdu_keypad_modify): Remove PIN_PADLEN.
-
- * scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.
-
- * scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.
-
- * scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
- (iso7816_change_reference_data_kp): Remove PADLEN.
-
- * scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
-
- SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
- + commit d9f6cc7502793ed41928042cc2f968c8c7effc22
- * scd/scdaemon.h (opt): Add enable_keypad_varlen.
- * scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
- (opts, main): Add oEnableKeypadVarlen.
- * scd/ccid-driver.c (GEMPC_PINPAD): New.
- (ccid_transceive_secure): Add enable_varlen handling.
- Enable GEMPC_PINPAD.
-
-2013-01-30 Werner Koch <wk@gnupg.org>
-
- Remove unused status codes.
- + commit 50a7badbdacac8ba472b35090c1aab4568434d04
- * common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
- (STATUS_SIEXPIRED): Remove unused codes.
-
- gpg: Add status line PINENTRY_LAUNCHED.
- + commit 1cd6445eec4c3642ad92afb02f3563a01cc10c10
- * common/status.h (STATUS_PINENTRY_LAUNCHED): New.
- * g10/server.c (server_local_s): Add field allow_pinentry_notify.
- (option_handler): Add option "allow-pinentry-notify".
- (gpg_proxy_pinentry_notify): New.
- * g10/call-agent.c (default_inq_cb): Factor code out to the new
- function.
-
-2013-01-25 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix a bug of handling return code from npth_join.
- + commit 19994466449a93704d38d429ca1ea36f63da0bf0
- * agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
- return code.
-
-2013-01-11 Christian Aistleitner <christian@quelltextlich.at>
-
- gpg: Fix honoring --cert-digest-algo when recreating a cert.
- + commit 60c58766aeb847b769372fa981f79abac6014500
- * g10/sign.c (update_keysig_packet): Override original signature's
- digest algo in hashed data and for hash computation.
-
-2013-01-11 Werner Koch <wk@gnupg.org>
-
- Fix spurious cruft from configure summary output.
- + commit 7a638c094fa1aa7ed1d9caf085af9980a2664d64
- * configure.ac (build_scdaemon_extra): Remove $tmp cruft.
-
-2013-01-11 NIIBE Yutaka <gniibe@fsij.org>
-
- SCD: Hold lock for pinpad input.
- + commit 4dddf32c83f52483d95d7770232e9e808558e702
- * scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
- (apdu_keypad_modify): Hold lock to serialize communication.
-
-2013-01-08 Werner Koch <wk@gnupg.org>
-
- kbx: Switch from MD5 to SHA-1 for the checksum.
- + commit b11f84b858bad867f1062977a7aba30299157e90
- * kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
- (create_blob_finish): Write just the needed space.
- (create_blob_finish): Switch to SHA-1.
- * kbx/keybox-dump.c (print_checksum): New.
- (_keybox_dump_blob): Print the checksum and the verification status.
-
- gpg: Cache keybox searches.
- + commit 492792378dc7a79316ef742b2ffaa46c6cda282a
- * common/iobuf.c (iobuf_seek): Fix for temp streams.
- * g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
- * g10/keydb.c (dump_search_desc): New.
- (enum_keyblock_states, struct keyblock_cache): New.
- (keyblock_cache_clear): New.
- (keydb_get_keyblock, keydb_search): Implement a keyblock cache.
- (keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
- (keydb_rebuild_caches, keydb_search_reset): Clear the cache.
-
- Make log_clock easier to read.
- + commit 5c565512b8af73bee2a176530663154b9277ef1c
- * common/logging.c (log_clock): Print in microseconds.
-
- gpg: Remove a function wrapper.
- + commit f3f5721e6843a08d1011875400f385b8cd5fe226
- * g10/keydb.h (keydb_search): Remove macro.
- * g10/keydb.c (keydb_search2): Rename to keydb_search. Change all
- callers.
-
-2013-01-08 NIIBE Yutaka <gniibe@fsij.org>
-
- SCD: Support not-so-smart card readers.
- + commit a776f660363d20b6cc023609c4547e0aa8825d97
- * scd/ccid-driver.c (struct ccid_driver_s): Add auto_voltage,
- auto_param, and auto_pps.
- (parse_ccid_descriptor): Set auto_voltage, auto_param, and auto_pps.
- Support non-autoconf readers.
- (update_param_by_atr): New.
- (ccid_get_atr): Use 5V for PowerOn when auto_voltage is not supported.
- Use 0x10 when nonnull_nad for SetParameters.
- Call update_param_by_atr for parsing ATR, and use param for
- SetParameters.
- Send PPS if reader requires it and card is negotiable.
- When bNadValue in the return values of SetParameters == 0,
- clear handle->nonnull_nad flag.
-
-2013-01-07 Werner Koch <wk@gnupg.org>
-
- gpg: Set the node flags while retrieving a keyblock.
- + commit f6d7b3f1ee5eed32bc3257c99cb878091d26c482
- * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and
- set the note flags accordingly.
- (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image.
- * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part)
- (blob_cmp_name, blob_cmp_mail): Return the key/user number.
- (keybox_search): Set the key and user number into the found struct.
- (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from
- the found struct.
-
- New function log_clock.
- + commit 0baedfd25a4bdc6c8e7aefbd67006b063e2dc33f
- * common/logging.c (log_clock): New.
- * g10/gpg.c (set_debug): Print clock debug flag.
- * g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
-
- gpg: Allow searching for user ids in a keybox.
- + commit fb31462e7e92d4b19256e6fd40b1b6ffcef2676c
- * kbx/keybox-search.c (blob_cmp_name): Add arg X509 and adjust for PGP
- use. Change callers.
- (blob_cmp_mail): Add arg X509 and find the mailbox offset for PGP.
- Chnage callers.
- (has_subject_or_alt): Rename to has_username.
- (has_username): Allow blobtype PGP.
- (has_mail): Ditto.
-
- gpg: Allow generation of more than 4096 keys in one run.
- + commit 7d00e52bd58d9e40c18dcc0122b2c236ef3318f5
- * g10/getkey.c (cache_public_key): Make room in the cache if needed.
-
-2013-01-07 NIIBE Yutaka <gniibe@fsij.org>
-
- Update Japanese Translation.
- + commit bb51edc31e6595e38fcbd91d470de57d3a1a7150
- * po/ja.po: Fix wrong translations for designated revocation.
- Reported by Hideki Saito.
-
- Conflicts:
- po/ja.po
-
-2013-01-05 NIIBE Yutaka <gniibe@fsij.org>
-
- Update Japanese Translation.
- + commit 05a4458e5721a0afd600f0ec908e739fa83d58f2
- * po/ja.po: Fix fuzzy translations.
-
-2013-01-03 NIIBE Yutaka <gniibe@fsij.org>
-
- Update Japanese Translation.
- + commit 709a8f8125b9ba5e1ad1e6268cca5ac96d478f63
- * po/ja.po: Update with POT.
-
- Update Japanese Translation.
- + commit 0fae789c4125dd8492ed25bd6728b5ac98f19729
- * po/ja.po: Start from the new one of 2.0.
-
-2012-12-28 Werner Koch <wk@gnupg.org>
-
- gpg: Add signature cache support to the keybox.
- + commit 79f08fb0699f4a065e3a29bc7676a90534d7ba60
- * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS.
- (keydb_get_keyblock): Handle it.
- (build_keyblock_image): Add arg SIGSTATUS.
- (keydb_insert_keyblock): Handle it.
- * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS.
- (_keybox_create_openpgp_blob): Ditto.
- * kbx/kbxutil.c (import_openpgp): Adjust for above change.
- * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New.
- * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag.
- (keybox_get_keyblock): Add arg R_SIGSTATUS.
- * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS.
-
- kbxutil: Improve format of the Sig-Expire lines.
- + commit 564d10ea5cd29685a00a4096d69ae2476b60506f
- * kbx/keybox-dump.c (_keybox_dump_blob): Print the expirate timestamp.
-
- gpg: First working support for keyboxes.
- + commit a9863834244fc2a58d8950977243702d12e420a1
- * g10/getkey.c (get_pubkey_fast): Improve the assertion.
- * kbx/keybox.h: Include iobuf.h.
- * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF.
- (KEYBOX_WITH_OPENPGP): Remove use of this macro.
- (pgp_create_key_part_single): New.
- (pgp_temp_store_kid): Change to use the keybox-openpgp parser.
- (pgp_create_key_part): Ditto.
- (pgp_create_uid_part): Ditto.
- (pgp_create_sig_part): Ditto.
- (pgp_create_blob_keyblock): Ditto.
- (_keybox_create_openpgp_blob): Ditto.
- * kbx/keybox-search.c (keybox_get_keyblock): New.
- * kbx/keybox-update.c (keybox_insert_keyblock): New.
- * g10/keydb.c (parse_keyblock_image):
- (keydb_get_keyblock): Support keybox.
- (build_keyblock_image): New.
- (keydb_insert_keyblock): Support keybox.
-
- * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print
- a kbx file to stdout.
-
- * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6
- bytes.
-
- kbxutil: Print algo number and fold similar lines.
- + commit f7495f1004071a0ceac394007bb37f88d7a3467f
- * kbx/keybox-defs.h (_keybox_openpgp_key_info): Add field ALGO.
- * kbx/keybox-openpgp.c (parse_key): Store algo.
- * kbx/kbxutil.c (dump_openpgp_key): Print algo number.
- * kbx/keybox-dump.c (_keybox_dump_blob): Print identical Sig-Expire
- value lines with a range of indices.
-
-2012-12-27 Werner Koch <wk@gnupg.org>
-
- gpg: First patches to support a keybox storage backend.
- + commit 91e61d52539b1808e209c43e51465c76cebb06f9
- * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to ..
- * kbx/keybox.h: here.
- * kbx/keybox-init.c (keybox_lock): Add dummy function
- * g10/keydb.c: Include keybox.h.
- (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX.
- (struct resource_item): Add field kb.
- (maybe_create_keyring_or_box): Add error descriptions to diagnostics.
- Add arg IS_BOX. Write a header for a new keybox file.
- (keydb_add_resource): No more need for the force flag. Rename the
- local variable "force" to "create". Add URL scheme "gnupg-kbx". Add
- magic test to detect a keybox file. Add basic support for keybox.
- (keydb_new, keydb_get_resource_name, keydb_delete_keyblock)
- (keydb_locate_writable, keydb_search_reset, keydb_search2): Add
- support for keybox.
- (lock_all, unlock_all): Ditto.
- * g10/Makefile.am (needed_libs): Add libkeybox.a.
- (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround.
-
- * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY)
- KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New.
- * g10/gpg.c, g10/gpgv.c (main): Use new constants.
-
-2012-12-20 Werner Koch <wk@gnupg.org>
-
- gpg: Import only packets which are allowed in a keyblock.
- + commit f0b33b6fb8e0586e9584a7a409dcc31263776a67
- * g10/import.c (valid_keyblock_packet): New.
- (read_block): Store only valid packets.
-
-2012-12-19 Werner Koch <wk@gnupg.org>
-
- gpg: Make commit 2b3cb2ee actually work.
- + commit d61f7402f2b0f6dd288e403ed9408fd65e617f85
- * g10/sign.c (update_keysig_packet): Use digest_algo.
-
- (cherry-picked from commit d23ec86095714d388acac14b515445fe69f019e9)
-
- gpg: Suppress "public key already present" in quiet mode.
- + commit 8325d616593187ff227853de0295e3269b96edcb
- * g10/pkclist.c (find_and_check_key, build_pk_list): Print a
- diagnostic only in non-quiet mode.
-
-2012-12-18 Werner Koch <wk@gnupg.org>
-
- common: Add meta option ignore-invalid-option.
- + commit 41d564333d35c923f473aa90625d91f8fe18cd0b
- * common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
- (initialize): Init field IIO_LIST.
- (ignore_invalid_option_p): New.
- (ignore_invalid_option_add): New.
- (ignore_invalid_option_clear): New.
- (optfile_parse): Implement meta option.
-
-2012-12-13 Werner Koch <wk@gnupg.org>
- Hans of Guardian <hans@guardianproject.info>
-
- utf8conv.c: Add hacks for Android.
- + commit 6177fb3c87f485fb654bbba492d04508755718b3
- * common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h.
- (iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New
- dummy functions.
- (set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8".
- (jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32.
- (jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto.
- (jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto.
-
-2012-12-13 NIIBE Yutaka <gniibe@fsij.org>
-
- SCD: Fix the process of writing key or generating key.
- + commit e7dca3e83ebd6df0a7ea55e97c3cd6e91be90af5
- * scd/app-openpgp.c (store_fpr): Flush KEY-FPR and KEY-TIME.
-
-2012-12-12 Werner Koch <wk@gnupg.org>
-
- ssh: Support ECDSA keys.
- + commit 649b31c663b8674bc874b4ef283d714a13dc8cfe
- * agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
- (struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
- (ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
- (ssh_signature_encoder_t): Add arg spec and adjust all callers.
- (ssh_signature_encoder_ecdsa): New.
- (sexp_key_construct, sexp_key_extract, ssh_receive_key)
- (ssh_convert_key_to_blob): Support ecdsa.
- (ssh_identifier_from_curve_name): New.
- (ssh_send_key_public): Retrieve and pass the curve_name.
- (key_secret_to_public): Ditto.
- (data_sign): Add arg SPEC and change callers to pass it.
- (ssh_handler_sign_request): Get the hash algo from SPEC.
- * common/ssh-utils.c (get_fingerprint): Support ecdsa.
-
- * agent/protect.c (protect_info): Add flag ECC_HACK.
- (agent_protect): Allow the use of the "curve" parameter.
- * agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
-
- * agent/command-ssh.c (ssh_key_grip): Print a better error code.
-
-2012-12-11 Werner Koch <wk@gnupg.org>
-
- ssh: Rewrite a function for better maintainability.
- + commit f76a0312c3794afd81fe1e172df15eb0612deae0
- * agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
-
-2012-12-10 Werner Koch <wk@gnupg.org>
-
- ssh: Improve key lookup for many keys.
- + commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f
- * agent/command-ssh.c: Remove dirent.h.
- (control_file_s): Add struct item.
- (rewind_control_file): New.
- (search_control_file): Factor code out to ...
- (read_control_file_item): New.
- (ssh_handler_request_identities): Change to iterate over entries in
- sshcontrol.
-
- ssh: Cleanup sshcontrol file access code.
- + commit 25fb53ab4ae7e1c098500229c776d29b82713a20
- * agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
- the direct use of the string.
- (struct control_file_s, control_file_t): New.
- (open_control_file, close_control_file): New. Use them instead of
- using fopen/fclose directly.
-
- agent: Add envvar "gnupg_SSH_AUTH_SOCK_by"
- + commit 36ba7845995dd3caf8faeec3e09b3ffb879fc29b
- * agent/gpg-agent.c (main): Pass new envar gnupg_SSH_AUTH_SOCK_by to
- an invoked process.
-
- config: Update npth.m4.
- + commit ceab60b59d907354d323ace09d7b3f2d36d330fb
- * m4/npth.m4: Take from current npth master.
-
-2012-12-04 NIIBE Yutaka <gniibe@fsij.org>
-
- Revert SCD changes of 2010-05-03.
- + commit 1e1326aeb8923782138e133f091afec41d969c40
- * scd/apdu.c (pcsc_no_service): Remove.
- (open_pcsc_reader_direct, open_pcsc_reader_wrapped): Remove
- pcsc_no_service support.
- (apdu_open_reader): Remove R_NO_SERVICE.
- * scd/apdu.h (apdu_open_reader): Remove R_NO_SERVICE.
- * scd/command.c (reader_disabled): Remove.
- (get_current_reader): Follow the change of R_NO_SERVICE.
- (open_card, cmd_serialno, scd_command_handler): Remove reader_disabled
- support.
- * scd/sc-copykeys.c (main): Follow the change of R_NO_SERVICE.
-
- Don't keep opening unavailable card reader.
- + commit baf7b09e124f9eb4ca4b8ee02474ee7710a95a40
- * scd/command.c (update_reader_status_file): Don't call
- get_current_reader.
-
-2012-11-30 David Shaw <dshaw@jabberwocky.com>
-
- Refresh sample keys.
- + commit b8eb2ab56971a309353ae2682bc6ef1357e9ac53
-
-
- Adjust awk to not add trailing whitespace.
- + commit 3f8ad564674431b4c0c6cff259f02248c80a6ef9
- * mksamplekeys: Tweak awk script to not add trailing whitespace to
- blank lines (makes git pre-commit hook unhappy)
-
-2012-11-29 David Shaw <dshaw@jabberwocky.com>
-
- The keyserver search menu should honor --keyid-format.
- + commit 7602d9e3edda99b0b65ba928eef435dab04ecd09
- * keyserver.c (print_keyrec): Honor --keyid-format when getting back
- full fingerprints from the keyserver (the comment in the code was
- correct, the code was not).
-
-2012-11-27 Werner Koch <wk@gnupg.org>
-
- Fix printing of ECC algo names in hkp keyserver listings.
- + commit 3d2da6c82163ffbc2e827abc4144dc3197ed53db
- * g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
-
-2012-11-26 Ben Kibbey <bjk@luxsci.net>
-
- Check for inet_addr() in -lnsl.
- + commit 66331e138ec17e176cc3f45bb095820866d5358c
- * configure.ac: Check for inet_addr() in libnsl.
-
-2012-11-20 Werner Koch <wk@gnupg.org>
-
- Do not use a broken ttyname.
- + commit 835698b72bc509565aad52b0753f1c56c1a8f062
- * configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
- systems.
- * common/util.h (gnupg_ttyname): New macro. Change all callers of
- ttyname to use this macro instead.
- (ttyname) [W32]: Rename to _gnupg_ttyname and use also if
- HAVE_BROKEN_TTYNAME is defined.
- * common/simple-pwquery.c (agent_send_all_options): Keep on using
- ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file
- may be used standalone.
-
-2012-11-16 Werner Koch <wk@gnupg.org>
-
- Fix non-portable use of chmod in autogen.sh.
- + commit e7bc5012c568da9ceb0a80a8f3fe3edf3dac9564
- * autogen.sh: Remove option -c from chmod.
-
- Improve parsing of the GIT revision number.
- + commit 011faa0c68cf0c628ef581193166e9ac9bf22b71
- * configure.ac (mmm4_revision): Use git rev-parse.
-
- Add an OpenPGP card vendor.
- + commit ac775780fef3ef63f896e822add9ff6ea7e5119c
- * g10/card-util.c (get_manufacturer): Add Yubico.
-
-2012-11-06 Werner Koch <wk@gnupg.org>
-
- agent: Use wipememory instead of memset in one place.
- + commit 9f0e9ea80ca30269770eb955e33b54401bff917f
- * agent/command.c (clear_outbuf): Use wipememory. Suggested by Ben
- Kibbey.
-
- Allow decryption with card keys > 3072 bits.
- + commit 905b6a36d3ca21b2f619721e1de892398e5eb759
- * scd/command.c (MAXLEN_SETDATA): New.
- (cmd_setdata): Add option --append.
- * agent/call-scd.c (agent_card_pkdecrypt): Use new option for long
- data.
-
- * scd/app-openpgp.c (struct app_local_s): Add field manufacturer.
- (app_select_openpgp): Store manufacturer.
- (do_decipher): Print a note for broken cards.
-
-2012-11-02 NIIBE Yutaka <gniibe@fsij.org>
-
- agent: Fix wrong use of gcry_sexp_build_array.
- + commit 8f8c29d24ca13f987e6c118702b428a2051b7072
- * findkey.c (agent_public_key_from_file): Fix use of
- gcry_sexp_build_array.
-
-2012-10-31 NIIBE Yutaka <gniibe@fsij.org>
-
- SCD: Upon error, open_pcsc_reader_wrapped does same as _direct.
- + commit 8df89f3e9cf0255f11011c2f1df0d419a5c23a8c
- * scd/apdu.c (PCSC_E_NO_SERVICE): New.
- (open_pcsc_reader_direct): Use PCSC_E_NO_SERVICE.
- (open_pcsc_reader_wrapped): Set pcsc_no_service.
-
-2012-08-24 Werner Koch <wk@gnupg.org>
-
- Update and enable French translation.
- + commit 76055d49d1c8b8e4f6245e6729cae81b1eaecbf6
- * po/fr.po: Update.
- * po/LINGUAS: Enable fr.
-
-2012-08-24 David Prévot <taffit@debian.org>
-
- Fix typos spotted during translations.
- + commit ba591e2f14c0d85ba15346ffd04b9e7d72ec89dc
- * agent/genkey.c: s/to to/to/
- * sm/*.c: s/failed to allocated/failed to allocate/
- * sm/certlist.c, ./dirmngr/validate.c: s/should have not/should not have/
- * g10/seskey.c: missing closing parenthesis
- * dirmngr/crlcache.c: s/may has/may have/
-
- Consistency fix:
-
- * g10/gpg.c, kbx/kbxutil.c, sm/gpgsm.c: uppercase after Syntax
- * dirmngr/dirmngr_ldap: no period in Syntax
- * dirmngr/dirmngr-client.c: infinitive for option description:
- s/certificates are expected/expect certificates/
-
- Keep previous msgids of translated messages.
- + commit bf95408fc33709d154cd41566d33af3ec3c48886
- * po/Makefile.in.in: Use --previous with msgmerge.
-
-2012-08-24 Hans-Christoph Steiner <hans@eds.org>
-
- Fix build system for Android by disabling tests since its x-compiled.
- + commit 1da04bfb3f5714a0fa6d0b779d0d2ae4e9544b8f
- * configure.ac (HAVE_ANDROID_SYSTEM, RUN_TESTS): New.
- (AH_BOTTOM) [__ANDROID__]: Do not re-define ttyname.
- * Makefile.am: Depend tests on new RUN_TESTS conditional.
-
-2012-08-24 Werner Koch <wk@gnupg.org>
-
- Fix left over use of jnlib on some platforms.
- + commit 8156a38674421deef6c2eb3e91e0186fe7fe4b26
- * tools/watchgnupg.c: Take mischelp.h from common/ and not jnlib/.
-
-2012-06-25 NIIBE Yutaka <gniibe@fsij.org>
-
- scd: handle reader/token removal.
- + commit ca8eec8e28abb8473d02dbaf8d61cfb1094c5c50
- * scd/apdu.c (pcsc_error_to_sw): PCSC_E_UNKNOWN_READER means
- SW_HOST_NO_READER.
-
-2012-06-05 Werner Koch <wk@gnupg.org>
-
- Change all quotes in strings and comments to the new GNU standard.
- + commit 096e7457ec636bcfcf128678660eb2f2e19f113a
- The asymmetric quotes used by GNU in the past (`...') don't render
- nicely on modern systems. We now use two \x27 characters ('...').
-
- The proper solution would be to use the correct Unicode symmetric
- quotes here. However this has the disadvantage that the system
- requires Unicode support. We don't want that today. If Unicode is
- available a generated po file can be used to output proper quotes. A
- simple sed script like the one used for en@quote is sufficient to
- change them.
-
- The changes have been done by applying
-
- sed -i "s/\`\([^'\`]*\)'/'\1'/g"
-
- to most files and fixing obvious problems by hand. The msgid strings in
- the po files were fixed with a similar command.
-
-2012-05-24 Werner Koch <wk@gnupg.org>
-
- Print the hash algorithm in colon mode key listing.
- + commit fc00d3fcb201476b3495f47138fa35b71c52f403
- * g10/keylist.c (list_keyblock_colon): Print digest_algo.
-
- Fix type conflict warning.
- + commit f8a8c71c41bc1893df8af6ce522876ccbf6240a9
- * g10/keylist.c: Change min_cert_level to a byte.
-
-2012-05-11 Werner Koch <wk@gnupg.org>
-
- Switch to the new automagic beta numbering scheme.
- + commit 68777b40dcf215305a325185f6bd9cfd6dcc0542
- * configure.ac: Add all the require m4 magic.
-
-2012-05-08 Werner Koch <wk@gnupg.org>
-
- Add tweaks for the not anymore patented IDEA algorithm.
- + commit b4d9f8dbc8e074cd91bbd3e2e54e2b77c9268d1a
- * g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
- compatibility mode.
- * g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
- * common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this
- status anymore.
-
- po: Update de.po.
- + commit 59b77f9ea7dfa4d5c74573d2186c9a3e129ab3bf
- * po/de.po: Update.
-
- common: Remove generated files only during maintainer-clean.
- + commit d800fa5ce6102e069305f8e1a5d55d18ac3a1993
- * common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
-
-2012-04-30 Werner Koch <wk@gnupg.org>
-
- agent: Fix deadlock in trustlist due to the switch to npth.
- + commit 0f02fba19df16c82ca1ad44a8cb09f952d755598
- * agent/trustlist.c (clear_trusttable): New.
- (agent_reload_trustlist): Use new function.
- (read_trustfiles): Require to be called with lock held.
- (agent_istrusted): Factor all code out to ...
- (istrusted_internal): new. Add ALREADY_LOCKED arg. Make sure the
- table islocked. Do not print TRUSTLISTFLAG stati if called internally.
- (agent_marktrusted): Replace calls to agent_reload_trustlist by
- explicit code.
-
-2012-04-26 NIIBE Yutaka <gniibe@fsij.org>
-
- make DNS and URI fields work in gpgsm --gen-key.
- + commit 8d7522837c6dba3065d24594bcdbe7b99a702cde
- * sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Actually set mb_uri and
- mb_dns.avoid buffer strncpy-induced buffer overrun
-
-2012-04-26 Jim Meyering <jim@meyering.net>
-
- avoid buffer strncpy-induced buffer overrun.
- + commit 20c9ac4df34e25f7085bb4e4ab5ea7223932f5c4
- * dirmngr/crlcache.c (open_dir): Ensure that both this_update
- and next_update member strings are NUL-terminated.
-
- remove doubled words in a comment.
- + commit 6e3882785a629b361c57c8b9d5cad51fb234ac23
-
-
-2012-04-20 Werner Koch <wk@gnupg.org>
-
- Change license for some files in common to LGPLv3+/GPLv2+.
- + commit 37df3d5f593f76ddbf1b9dc6de0173b7bb85c0ad
- Having the LGPL on the common GnuPG code helps to share code
- between GnuPG and related projects (like GPGME and Libassuan). This
- is good for interoperability and to reduces bugs.
-
- * common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
- * common/b64enc.c, common/convert.c, common/dns-cert.c
- * common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
- * common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
- * common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
- * common/helpfile.c, common/homedir.c, common/http.c, common/http.h
- * common/i18n.c, common/init.c, common/init.h, common/iobuf.c
- * common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
- * common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
- * common/percent.c, common/pka.c, common/pka.h, common/session-env.c
- * common/session-env.h, common/sexp-parse.h, common/sexputil.c
- * common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
- * common/ssh-utils.h, common/sysutils.c, common/sysutils.h
- * common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
- * common/userids.c, common/userids.h, common/xasprintf.c: Change
- license to LGPLv3+/GPLv2+/
-
-2012-04-10 Ben Kibbey <bjk@luxsci.net>
-
- Fix killing PID -1.
- + commit bee0ac28c9c8027540ae56900b9f85e0bd555f1d
- When the KILLSCD command had been sent a race condition would occur
- causing PID -1 getting killed, which on Linux seems to terminate all
- applications for the current user.
-
-2012-04-05 Werner Koch <wk@gnupg.org>
-
- Do not mix test result with progress lines.
- + commit f1e1387bee286c7434f0462185048872bcdb4484
- This makes parsing of the results easier. Fixes bug#1400.
-
- * tests/openpgp/defs.inc (progress_cancel, progress_end)
- (progress_new): New.
- * tests/openpgp/conventional-mdc.test: Use progress functions
- * tests/openpgp/conventional.test: Ditto.
- * tests/openpgp/encrypt-dsa.test: Ditto.
- * tests/openpgp/encrypt.test: Ditto.
- * tests/openpgp/sigs.test: Ditto.
-
-2012-04-04 Ben Kibbey <bjk@luxsci.net>
-
- Mention status messages in the documentation.
- + commit 99fc61f1cf09c7f72a9037d91d3cf0cd2e035ae6
- Note INQUIRE_MAXLEN.
-
- Document PASSWD --preset.
- + commit a577f06c4aecc0af5b492e15812e9150c747cbe4
-
-
- Document GENKEY options.
- + commit 108e8f622ef9cfa256707debec1d379ce3cf21ca
-
-
- Document PRESET_PASSPHRASE.
- + commit 96e107fc29db625b247022ae1bf2cbe90b939c5d
-
-
- Document CLEAR_PASSPHRASE.
- + commit 26b59d78c43d72fa28609fb2c0d80fb377393127
- And describe the --mode=normal option.
-
-2012-03-27 Werner Koch <wk@gnupg.org>
-
- Fix timegm regression test.
- + commit 17499e761e8cd0fe867b5b5f3e42a71b6d45f954
- * common/t-timestuff.c (test_timegm): Change test to use January and
- not February or December+1. Bug spotted by Daniel Kahn Gillmor.
-
- Print warning for arguments not considered an option.
- + commit de01c51ecb3918f427aa76281351749c8ad07ed6
- GnuPG requires that options are given before other arguments. This
- can sometimes be confusing. We now print a warning if we found an
- argument looking alike a long option without being preceded by the
- stop option. This is bug#1343.
-
- * common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
- * common/argparse.c (arg_parse): Set new flag.
- * g10/gpg.c (main): Print the warning.
- * agent/gpg-agent.c (main): Ditto.
- * dirmngr/dirmngr.c (main): Ditto.
- * g13/g13.c (main): Ditto.
- * scd/scdaemon.c (main): Ditto.
- * sm/gpgsm.c (main): Ditto.
- * tools/gpg-connect-agent.c (main): Ditto.
- * tools/gpgconf.c (main): Ditto.
-
-2012-03-26 Werner Koch <wk@gnupg.org>
-
- Allow compress algorithm 0.
- + commit 7ddbcb6b6ab8b26c8e609fcd95c2c8a89bc20a7d
- * g10/mainproc.c (proc_compressed): Remove superfluous check for
- compress algorithm 0. Reported by pfandrade. This is bug#1326.
-
- Add mksamplekeys script.
- + commit 7441e622ffb3296686bd0d7f04b4051466aaad38
- * doc/mksamplekeys: New.
-
-2012-02-28 Marcus Brinkmann <mb@g10code.com>
-
- Replace npth_yield in busy wait by npth_usleep.
- + commit 8f8c6594147608b1021c16fc3561feb96da5d55a
- * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): Call
- npth_usleep instead of npth_yield.
-
-2012-02-16 Marcus Brinkmann <mb@g10code.com>
-
- Check for lber and link dirmngr_ldap to it.
- + commit 76ff42ef8d1232dd36bf48c1020b0b9b2afb1c7d
- * configure.ac (LBER_LIBS, HAVE_LBER): New variables, check for lber.
- * dirmngr/Makefile.am (dirmngr_lda_LDADD): Add $(LBER_LIBS).
-
-2012-02-07 Werner Koch <wk@gnupg.org>
-
- agent: Add pin length field to the shadowed private key format.
- + commit b817ae7df947093384a25797999a9aa187e20f9c
- This is not yet fully implemented. It will eventually allow to
- support pinpad equipped readers which do not support variable length
- pin lengths.
- * agent/protect.c (parse_shadow_info): Add optional arg R_PINLEN and
- parse pinlen info. Change all callers to pass NULL for it.
-
- Use new status printing functions.
- + commit 12ea5c904c0008a2adec2e8bbe45dac629548e7d
- * agent/command.c (cmd_geteventcounter): Get rid of static buffers.
- * scd/command.c (cmd_serialno, cmd_learn): Simplify by using
- print_assuan_status.
-
- agent: New function agent_print_status.
- + commit e78585cd0f553d92f332e33810ab636758bc88a2
- * common/asshelp2.c (vprint_assuan_status): New.
- (print_assuan_status): Re-implement using above func.
- * agent/command.c (agent_print_status): New.
-
- po: Add Ukrainian translation.
- + commit 8d8d740bfd73d8764a03220c0b0c949e03fea351
- * po/uk.po: New.
-
- common: Replace macro based function calls by using DEFAULT_ERRSOURCE.
- + commit 13ec74481ce0137f7a60b3256cc4840073c77efa
- * common/dns-cert.h (get_dns_cert): Remove macro.
- * common/dns-cert.c (_get_dns_cert): Rename to get_dns_cert. Replace
- arg ERRSOURCE by global DEFAULT_ERRSOURCE.
- * common/http.h (http_parse_uri, http_raw_connect, http_open)
- (http_open_document, http_wait_response): Remove macros.
- * common/http.c (_http_parse_uri, _http_raw_connect, _http_open)
- (_http_open_document, _http_wait_response): Remove underscore from
- symbols. Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
- * common/ssh-utils.h (ssh_get_fingerprint)
- (ssh_get_fingerprint_string): Remove macros.
- * common/ssh-utils.h (_ssh_get_fingerprint)
- (_ssh_get_fingerprint_string): Remove underscore from symbols.
- Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
- * common/tlv.h (parse_ber_header, parse_sexp): Remove macros.
- * common/tlv.c: Include util.h.
- (_parse_ber_header, _parse_sexp): Remove underscore from symbols.
- Replace args ERRSOURCE by global DEFAULT_ERRSOURCE.
-
-2012-02-06 Werner Koch <wk@gnupg.org>
-
- Add replacement hack for Android's broken ttyname.
- + commit 115a6ed55d1f6be33f66de6734359fa590ca3749
- * configure.ac (HAVE_TTYNAME) [__ANDROID__]: Add hack.
-
- agent: Simplify printing of INQUIRE_MAXLEN.
- + commit 7981cdd1345d51fd917b2375691ead60c24db2cd
- * agent/command.c: Include asshelp.h.
- (cmd_pkdecrypt, cmd_genkey, cmd_preset_passphrase)
- (pinentry_loopback): Use print_assuan_status for INQUIRE_MAXLEN.
-
- common: Add function print_assuan_status.
- + commit 1a0df8506050448f16c63666850e3ae6d94a971b
- * common/asshelp2.c: New.
- (print_assuan_status): New function.
- * common/Makefile.am (common_sources): Add asshelp2.c.
-
- common: Add a global variable to for the default error source.
- + commit eb0faef81dae2cba1f62056fdc4dc2a7d58ac86a
- For the shared code parts it is cumbersome to pass an error sourse
- variable to each function. Its value is always a constant for a given
- binary and thus a global variable makes things a lot easier than the
- former macro stuff.
- * common/init.c (default_errsource): New global var.
- (init_common_subsystems): Rename to _init_common_subsystems. Set
- DEFAULT_ERRSOURCE.
- * common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
- (init_common_subsystems): New macro.
- * common/util.h (default_errsource): Add declaration.
- * kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
-
-2012-02-03 Ben Kibbey <bjk@luxsci.net>
-
- Also let GENKEY and PKDECRYPT send the INQUIRE_MAXLEN status message.
- + commit ecda65498ac60dfde50fbbc71cd0cc321d7175a9
- * agent/command.c (cmd_pkdecrypt): Send the INQUIRE_MAXLEN status
- message before doing the inquire.
- (cmd_genkey): Ditto.
-
-2012-02-02 Ben Kibbey <bjk@luxsci.net>
-
- Inform the client of the preset passphrase length.
- + commit 3f7788f2e035eb939abb27b3a53854ec0fc6178c
- * agent/command.c (cmd_preset_passphrase): Send the INQUIRE_MAXLEN
- status message before inquiring the passphrase.
-
-2012-02-01 David Shaw <dshaw@jabberwocky.com>
-
- Honor --cert-digest-algo when recreating a cert.
- + commit 2b3cb2ee94625498e7a7f939216c9bcddef6ec20
- * g10/sign.c (update_keysig_packet): Honor --cert-digest-algo when
- recreating a cert.
-
- This is used by various things in --edit-key like setpref, primary,
- etc. Suggested by Christian Aistleitner.
-
-2012-01-27 Werner Koch <wk@gnupg.org>
-
- gl: Add support for Android to stdint.h replacement.
- + commit bdde44ae8d4709e33c09781c3d37a5da2c7a5e0d
- * gl/stdint_.h: When included from Bionic <sys/types.h>, just include
- the system's <stdint.h>.
-
- gpg-connect-tool: Take the string "true" as a true condition.
- + commit 2871422d9a889cb632f59efda4d9cd170fc9fca7
- * tools/gpg-connect-agent.c (main): Handle strings "true" and "yes" in
- conditions as expected.
-
-2012-01-26 Ben Kibbey <bjk@luxsci.net>
-
- Return GPG_ERR_CARD_NOT_PRESENT when pinentry-mode=loopback.
- + commit cf748e8736b984194345bfd74887b35d3d23fa37
- Since there isn't a way to prompt the user to insert the smartcard when
- pinentry-mode=loopback, return GPG_ERR_CARD_NOT_PRESENT instead of
- GPG_ERR_NO_PIN_ENTRY.
-
- * agent/divert-scd.c (ask_for_card): Return GPG_ERR_CARD_NOT_PRESENT
- when pinentry-mode=loopback.
-
- Also check for GPG_ERR_ASS_CANCELED during an inquire.
- + commit 3da10eefcb09a520f11e4fae7f59a33f80ffba69
- Fix pinentry-mode=loopback when cancelling an inquire from scdaemon.
- This is similar to commit 4f21f8d but for both protocol command
- cancellation and pinentry cancellation.
-
- * agent/call-scd.c (agent_card_pkdecrypt): Check for
- GPG_ERR_ASS_CANCELED.
- (agent_card_pksign): Ditto.
-
-2012-01-25 Werner Koch <wk@gnupg.org>
-
- nPth is now a hard requirement for GnuPG.
- + commit 001352077cdc7e402421c77328bea1a052005673
- * configure.ac: Remove cruft to allow building without npth.
-
- Require libassuan 2.1.0.
- + commit c254d0f0d13a54777a62dad8f78a8f287d6ae565
- * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.1.0. This is due to
- the npth changes.
-
- Fix strerror vs. gpg_strerror usage.
- + commit 2be7818c6d916a69ffdf88cce32960949a56e893
- This bug was introduced by the migration to npth.
- * agent/gpg-agent.c (handle_connections): Use strerror.
-
- Add missing variable.
- + commit a55d2e16f1090264338dc3ad0b2afca28db27c09
- * agent/gpg-agent.c (handle_connections) [!W32]: Add missing variable.
-
-2012-01-25 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- Port LDAP wrapper to NPTH.
- + commit 4074f966276be10a794fd63a7f443b9d974d3982
- * agent/gpg-agent.c (handle_connections): Handle error.
- * dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c: Port to NPTH.
-
- Port Windows code to NPTH.
- + commit ccbb4c3652ee72386b8889358b829e256e1ebcda
- * agent/gpg-agent.c (get_agent_ssh_socket_name): Use
- INVALID_HANDLE_VALUE instead of 0.
- (handle_signal) [!HAVE_W32_SYSTEM]: Don't define.
- (handle_connections): Port Windows code to NPTH.
- * dirmngr/dirmngr.c (handle_connections): Port Windows code to NPTH.
- * g13/g13.c (handle_connections): Port Windows code to NPTH.
- * scd/scdaemon.c (handle_connections): Port Windows code to NPTH.
-
- Port to npth.
- + commit 7a7a59782766a8bde0c3e7156d14bb2b0e4a3951
- * configure.ac: Don't check for PTH but for NPTH.
- (AH_BOTTOM): Remove PTH_SYSCALL_SOFT.
- (have_pth): Rename to ...
- (have_npth): ... this.
- (USE_GNU_NPTH): Rename to ...
- (USE_GNU_PTH): ... this.
- * m4/npth.m4: New file.
- * agent/Makefile.am, agent/cache.c, agent/call-pinentry.c,
- agent/call-scd.c, agent/findkey.c, agent/gpg-agent.c,
- agent/trustlist.c, common/Makefile.am, common/estream.c,
- common/exechelp-posix.c, common/exechelp-w32.c,
- common/exechelp-w32ce.c, common/http.c, common/init.c,
- common/sysutils.c, dirmngr/Makefile.am, dirmngr/crlfetch.c,
- dirmngr/dirmngr.c, dirmngr/dirmngr_ldap.c, dirmngr/ldap-wrapper-ce.c,
- dirmngr/ldap-wrapper.c, dirmngr/ldap.c, g13/Makefile.am,
- g13/call-gpg.c, g13/g13.c, g13/runner.c, scd/Makefile.am,
- scd/apdu.c, scd/app.c, scd/ccid-driver.c, scd/command.c,
- scd/scdaemon.c, tools/Makefile.am: Port to npth.
-
-2012-01-25 Werner Koch <wk@gnupg.org>
-
- Require gitlog-to-changelog to be installed.
- + commit 495dc68586356891b82a2d2b6367c4131fd17f08
- * Makefile.am (GITLOG_TO_CHANGELOG): New.
- (gen-ChangeLog): Use installed version of gitlog-to-changelog.
-
-2012-01-20 David Shaw <dshaw@jabberwocky.com>
-
- Changes to --min-cert-level should cause a trustdb rebuild (issue 1366)
- + commit deee8147aab086161c91e6aa6fb41d7148a630f6
- * g10/gpgv.c, g10/trustdb.c (read_trust_options): Add min_cert_level
-
- * g10/trustdb.c (check_trustdb_stale): Request a rebuild if
- pending_check_trustdb is true (set when we detect a trustdb
- parameter has changed).
-
- * g10/keylist.c (public_key_list): Use 'l' in the "tru" with-colons
- listing for min_cert_level not matching.
-
- * g10/tdbio.c (tdbio_update_version_record, create_version_record,
- tdbio_db_matches_options, tdbio_dump_record, tdbio_read_record,
- tdbio_write_record): Add a byte for min_cert_level in the tdbio
- version record.
-
-2012-01-20 Werner Koch <wk@gnupg.org>
-
- estream: Fix unclean usage of realloc.
- + commit e97e2ced6cf3ee295a3cc9f8968969a1910380ea
- * common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove.
- (_ESTREAM_PRINTF_FREE): Remove.
- (_ESTREAM_PRINTF_REALLOC): New.
- (fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New.
- (estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc
- and my_printf_free.
- (dynamic_buffer_out): Use my_printf_realloc instead of realloc.
-
- Do not copy default merge commit log entries into the ChangeLog.
- + commit 7589e43b21c8d80c5a57ecb6eb78dfcd0b5dac46
- * scripts/gitlog-to-changelog: Skip merge commits.
-
-2012-01-18 Ben Kibbey <bjk@luxsci.net>
-
- Add the INQUIRE_MAXLEN status message.
- + commit ae981dd8f454e2a8bbc6429bed5abc5e87cc83d5
- This status message is used to inform the client of the maximum length
- of an inquired passphrase and is used in pinentry-mode=loopback.
-
- * agent/command.c (pinentry_loopback): Send the INQUIRE_MAXLEN status
- message before doing the inquire.
-
-2012-01-16 Jim Meyering <meyering@redhat.com>
-
- yat2m: don't dereference pointer to freed memory.
- + commit 4402dc3f0a5c5d0f26ed2ae97f9cda9cf4e695fa
- * doc/yat2m.c (top_parse_file): Correct macrolist-freeing loop.
-
- gpg-agent: fix lc-messages handling not to change Xauthority setting.
- + commit 37801918cb916ae8c641e003f204dcc70cccb29c
- * agent/gpg-agent.c (main): Supply omitted "break" statement for
- lc-messages option. Otherwise, control would fall through to the
- following oXauthority case and use the same value there.
-
-2012-01-15 Werner Koch <wk@gnupg.org>
-
- Fix indentation.
- + commit 75a402fc25e4ec9659723dd58306aff3415736f4
-
-
-2012-01-14 Ben Kibbey <bjk@luxsci.net>
-
- Fix scdaemon pinentry inquire cancelation.
- + commit 4f21f8d6e109eae111d2da91f4c946afda4174e4
- Similar to commit 29af488 but also fixes PKDECRYPT and PKSIGN.
-
- * agent/call-scd.c (agent_card_pkdecrypt): Check for GPG_ERR_CANCELED
- when returning from the PKDECRYPT operation of scdaemon and cancel the
- inquire.
- (agent_card_pksign): Ditto.
- (cancel_inquire): New.
-
-2012-01-11 Werner Koch <wk@gnupg.org>
-
- gpg: Fix segv with RSA_S keys.
- + commit 30ec869b8c63f1edcc58110ed20b83b0e77248f8
- * g10/misc.c (pubkey_get_npkey, pubkey_get_nskey)
- (pubkey_get_nsig, pubkey_get_nenc): Map all RSA algo ids to
- GCRY_PK_RSA.
-
- estream: Avoid printing leading zeroes by %p on 32 bit systems.
- + commit b42bc48dfb4b6d4f745eb02d8de4f4dcffdacf48
- * common/estream-printf.c (pr_pointer): Synchronize definition of
- AULONG with its use.
-
-2012-01-11 David Shaw <dshaw@jabberwocky.com>
-
- Refresh sample keys.
- + commit 860861279bc17dd80eecc9631c4ae5d161a335fd
-
-
-2012-01-10 David Shaw <dshaw@jabberwocky.com>
-
- Adapt HKP fix for fingerprint/long keyid retrievals for dirmngr.
- + commit 3f59561cee635c6801e0a59d3abff1c064fcbdbe
- * dirmngr/ks-engine-hkp.c (ks_hkp_get): Use the longest valid keyid form
-
-2012-01-06 Werner Koch <wk@gnupg.org>
-
- gpg: Make the double space in the middle of a fingerprint optional.
- + commit 957fe728466893bc63f5ccad197d3e245dca4bf3
- This change might help to c+p a fingerprint from an HTML page without
- being enclosed in a "pre" tag.
- * common/userids.c (classify_user_id): Skip a second blank in the
- middle of a fingerprint.
-
- gpg: Allow use of a standard space separated fingerprint.
- + commit 372fb4fc0661014ccd9275c89e6da2208f87155f
- * common/userids.c (classify_user_id): Check for space separated GPG
- fingerprint.
-
-2012-01-06 NIIBE Yutaka <gniibe@fsij.org>
-
- Merge ccid_driver_improvement branch.
- + commit 5988c8bfb7eafaca53c8abeb793f189acd3177c6
- * scd/apdu.c (ccid_keypad_operation): Rename from ccid_keypad_verify.
- (open_ccid_reader): Use ccid_keypad_operation for verify and modify.
-
- * scd/ccid-driver.c (VENDOR_VASCO, VASCO_920): New.
- (ccid_transceive_apdu_level): Permit sending packet where
- apdulen <= 289. Support receiving packets in a chain.
- (ccid_transceive_secure): Maximum is 15 for VASCO DIGIPASS 920.
- Support keypad_modify method such as CHANGE_REFERENCE_DATA: 0x24.
-
-2012-01-03 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- Silence gcc warning.
- + commit ed432f030e604f7b2fd4a79c2110d92b9cde7501
- * sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized.
-
- Revert last change, add comment about link() return values.
- + commit ff2095ad7b4be7eaf9468b6ef39fd979527ecc4f
- * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Do not check
- return value of link().
-
- Fix compiler warnings.
- + commit 0dce26778ef8abd4fc40de689d7ec9b720d26430
- * common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return
- value of link().
- * g13/g13.c: Make sure err is initialized.
- * scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR.
-
- Fix last change: Only set gcrypt thread callback for older versions.
- + commit 61ccd8d92d9d3b8ba0eca3c2969d7f6f37e16405
- * dirmngr/dirmngr.c, g13/g13.c: Rename FIX_GCRY_PTH_INIT to
- USE_GCRY_THREAD_CBS.
-
-2012-01-03 Werner Koch <wk@gnupg.org>
-
- Terminate csh commands with a semicolon also for dirmngr.
- + commit 682df45d15661ed3544e2ed34bcb636200cc40f9
- * dirmngr/dirmngr.c (main): Terminate csh style output with a semicolon.
-
- Terminate csh commands with a semicolon.
- + commit d01d9ff11f46cbd61b7b8c0e04431e4f0c4a8580
- Fixes bug#1386.
-
- * agent/gpg-agent.c (main): Terminate csh style output with a semicolon.
- * scd/scdaemon.c: Ditto.
-
-2012-01-02 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
-
- Only set gcrypt thread callback for older version of gcrypt.
- + commit a2d9e48fcca6cfc2dfadef6dbd3579a30314676b
- * agent/gpg-agent.c, dirmngr/dirmngr.c, g13/g13.c, scd/scdaemon.c
- (USE_GCRY_THREAD_CBS): New macro, defined if
- GCRY_THREAD_OPTION_VERSION is 0.
- (fixed_gcry_pth_init) [!USE_GCRY_THREAD_CBS]: Don't define.
- (main) [!USE_GCRY_THREAD_CBS]: Do not install thread callbacks.
-
-2011-12-28 David Shaw <dshaw@jabberwocky.com>
-
- Use the longest key ID available when talking to a HKP server.
- + commit c6aaf024651c7d55ac9fb77a53c084efb3adc1a9
- This is issue 1340. Now that PKSD is dead, and SKS supports long key
- IDs, this is safe to do. Patch from Daniel Kahn Gillmor
- <dkg@fifthhorseman.net>.
-
-2011-12-20 Werner Koch <wk@gnupg.org>
-
- Post-release version number update.
- + commit 97d1c884e62bba94e42bb5b2bb13cd3880334c31
-
-
- Release 2.1.0beta3.
- + commit 604c130a85d4203b9d84137a42673aeaff1c0bd1
-
-
- Prepare for the beta3 release.
- + commit 8e47f1e576f70d4dbe966523057fe3078006ae8b
-
-
- po: Update the German translation.
- + commit 6f02c143440865781b4e3c1753e24e55a0de40e4
-
-
- Add the STEED Self-Signing Nonthority certificate.
- + commit fe2f1826991e8130f727ee15df1a4651f679752f
- * doc/com-certs.pem: Install it when creating a keybox.
-
- faq: Add section on US export restrictions.
- + commit 779611494dbd187d09b05d2eb10faabd31a70156
-
-
- Require Libassuan 2.0.3.
- + commit 366512abe44d9e71bb2c699c29477afa6ac71cdd
- * configure.ac: Require Libassuan 2.0.3.
- * agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
- * agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
- dependency.
- (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
- * scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
-
-2011-12-20 NIIBE Yutaka <gniibe@fsij.org>
-
- Add error log and debug log for pcsc_keypad_verify and pcsc_keypad_modify.
- + commit 07f20f313a0b13e5c93168a8a62ff1cbb94a4514
- * scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
- (pcsc_keypad_modify): Likewise.
-
-2011-12-19 Werner Koch <wk@gnupg.org>
- Ben Kibbey <bjk@luxsci.net>
-
- scd: Fix for card change returning GPG_ERR_CARD_RESET.
- + commit f4b7f7146349c388a2f3ce224ff2006606c66232
- * scd/apdu.c (apdu_connect): Do not test for zero atrlen.
-
-2011-12-16 NIIBE Yutaka <gniibe@fsij.org>
-
- Don't kill pinentry by SIGKILL but let it quit by SIGINT.
- + commit f6251c0d0af92331388f5e9bcd1750cbadcaca8f
- * agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send
- SIGINT (was: SIGKILL).
-
-2011-12-15 David Shaw <dshaw@jabberwocky.com>
-
- Merge fix for issue 1331 from 1.4.
- + commit a98260c39f1c0ccdad004784cbc9440376766082
- * photoid.c (generate_photo_id): Check for the JPEG magic numbers
- instead of JFIF since some programs generate an EXIF header first.
-
-2011-12-15 Werner Koch <wk@gnupg.org>
-
- scd: Prefer application Geldkarte over DINSIG.
- + commit 27089564b6453deaf7b4ffe7cc5f5f290b6d892b
- * scd/app.c (select_application): Reorder application tests.
-
- scd: Add option --dump-atr to command APDU.
- + commit b22d62bd1481dfe13d60a6d16b09b9297944f063
- * scd/atr.c: Rewrite.
- * scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h.
- * scd/command.c (cmd_apdu): Add option --dump-atr.
-
- estream: New function es_fclose_snatch.
- + commit 7737a2c269657189a583cde7f214f20871d264f8
- * common/estream.c (cookie_ioctl_function_t): New type.
- (es_fclose_snatch): New function.
- (COOKIE_IOCTL_SNATCH_BUFFER): New constant.
- (struct estream_internal): Add field FUNC_IOCTL.
- (es_initialize): Clear FUNC_IOCTL.
- (es_func_mem_ioctl): New function.
- (es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL.
-
-2011-12-14 Werner Koch <wk@gnupg.org>
-
- scd: Skip S/N reading for the "undefined" application.
- + commit 792e137ec7997a0ff5c54ff970611238d28d4ba8
- * scd/app.c (select_application): Skip serial number reading.
-
- scd: Add more status word values for documentation.
- + commit 0bac31ee9f74a25d76b08c3e0355a338908f083a
-
-
- scd: Add the "undefined" stub application.
- + commit dcd64131c60efd0189aa05d5dbce6b93547b04e3
- * scd/app.c (select_application): Implement the "undefined"
- application.
-
- agent: Pass comment lines from scd verbatim thru gpg-agent.
- + commit 45cf9de341405a228e331bd3893cbcd6b72306be
- * agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
- * tools/gpg-connect-agent.c (help_cmd_p): New.
- (main): Treat an "SCD HELP" the same as "HELP".
-
- scd: Fix resetting and closing of the reader.
- + commit 2d91febbd8d30beb7eb33f7aa80ffd5691d1d3cc
- * scd/command.c (update_card_removed): Do no act on an invalid VRDR.
- (do_reset): Ignore apdu_reset error codes for no and inactive card.
- Close the reader before setting the slot to -1.
- (update_reader_status_file): Notify the application before closing the
- reader.
-
- scd: Add debug option for reader function calls.
- + commit 07ea8c56b507b06d4bd70e94fa51914659afac4b
- * scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New.
- * scd/apdu.c (apdu_open_reader, apdu_close_reader)
- (apdu_shutdown_reader, apdu_connect, apdu_disconnect)
- (apdu_reset, apdu_get_atr, apdu_get_status): Add debug code.
- (apdu_activate): Remove this unused function.
-
-2011-12-13 Werner Koch <wk@gnupg.org>
-
- scd: New option --debug-assuan-log-cats.
- + commit 00c760f628f4cf0fc11e79d305c172f98123f815
- * scd/scdaemon.c (oDebugAssuanLogCats): New.
- (opts): Add option --debug-assuan-log-cats.
- (main): Implement option.
- * common/asshelp.c (set_libassuan_log_cats): New.
-
- scd: Introduce a virtual reader table.
- + commit 24e121ef261731069868ca403b818f1168237f53
- The vreader table makes the code more clear by explicitly talking
- about APDU slots and reader indices. It also accommodates for future
- extensions.
-
- * scd/scdaemon.h (server_control_s): Remove READER_SLOT.
- * scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
- * scd/app.c (check_application_conflict): Add arg SLOT.
- * scd/command.c (slot_status_s): Rename to vreader_s.
- (server_local_s): Add field VREADER_IDX as replacement for
- the READER_SLOT in server_control_s. Change all users.
- (slot_table): Rename to vreader_table. Change all users.
- (vreader_slot): New.
- (do_reset, cmd_apdu): Map vreader to apdu slot.
- (get_reader_slot): Rename to get_current_reader. Return -1 on error.
- (open_card): Map vreader toapdu slot. Pass slot to
- check_application_conflict.
- (scd_command_handler): Init VREADER_IDX.
- (update_reader_status_file): Reset SLOT field on error.
-
-2011-12-12 Werner Koch <wk@gnupg.org>
-
- scd: Retry command SERIALNO for an inactive card.
- + commit 11164662788036c4b15d30555ea33ec0b6f5a670
- * scd/command.c (cmd_serialno): Retry once for an inactive card.
-
- Fix detection of card removal and insertion.
- + commit cd29dc0f1cf7f3bd7938ffa65bf13f9a75d8c156
- * scd/apdu.c (apdu_connect): Return status codes for no card available
- and inactive card.
- * scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
- (open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
-
- gitlog-to-changelog: New option --tear-off.
- + commit ea0a21410b8fa460882c0f8de90b9291345fd4fc
- * scripts/gitlog-to-changelog: Add option --tear-off.
- * Makefile.am (gen-ChangeLog): Use that option.
-
-2011-12-07 Werner Koch <wk@gnupg.org>
-
- gpgsm: Add new validation model "steed".
- + commit 8a12a2000d82acfa881e8c18d028290100bf5e43
- * sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
- * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
- * sm/server.c (option_handler): Allow validation model "steed".
- * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
- * sm/certchain.c (do_validate_chain): Handle the
- well-known-private-key attribute. Support the "steed" model.
- (gpgsm_validate_chain): Ditto.
- * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
- * sm/keylist.c (list_cert_colon): Print the new 'w' flag.
-
- Correct punctuation in the ChangeLog summary line.
- + commit 14e4fdc9f97d6f12bf563adfff1e3157305d7795
- * Makefile.am (gen-ChangeLog): Supply --append-dot.
-
- Allow comments which will not show up in the ChangeLog.
- + commit cd3732841de32ce5c7841e6e158df3a5f1102f86
- * scripts/gitlog-to-changelog: Ignore lines after a "--" line.
-
-2011-12-06 Werner Koch <wk@gnupg.org>
-
- gpgsm: Allow specification of an AuthorityKeyIdentifier.
- + commit 596b84a4de58def2155d3fe56462f6607f135b69
- * sm/certreqgen.c (pAUTHKEYID): New.
- (read_parameters): Add keyword Authority-Key-Id.
- (proc_parameters): Check its value.
- (create_request): Insert an Authority-Key-Id.
-
- gpgsm: Allow arbitrary extensions for cert creation.
- + commit 5cdad8ff000152b4bd01953646bb87fe8703c70d
- * sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
- (read_parameters): Add new keywords.
- (proc_parameters): Check values of new keywords.
- (create_request): Add SubjectKeyId and extensions.
- (parse_parameter_usage): Support "cert" and the encrypt alias "encr".
-
- gpgsm: Fix storing of the serial number.
- + commit 3f284e40502d8181b0b3ea66c77cd7c1252ea781
- * sm/certreqgen.c (create_request): Fix hex-bin conversion.
-
-2011-12-05 Werner Koch <wk@gnupg.org>
-
- Fix last change.
- + commit 9274d4d18281b3364fa8abaa821dddf124b105d7
- * agent/command.c (start_command_handler): Remove use of removed var.
-
- Amend the agent code with more comments.
- + commit 477360e8cdc458b0a36e9c7fb52a35f27766255d
- * agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
-
-2011-12-02 Werner Koch <wk@gnupg.org>
-
- Support the Cherry ST-2000 card reader.
- + commit 239659d3a0b8c0c378734ca3d1e9210a02e24da7
- * scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
- (SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
- (parse_ccid_descriptor): Use them.
- (scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
- ST-2000. Suggested by Matthias-Christian Ott.
-
- Avoid possible double free in export.c.
- + commit 96dc146fa17a7853277dbf3dc771c585a815c247
- * g10/export.c (transfer_format_to_openpgp): Avoid possible double
- free of LIST. Reported by NIIBE Yutaka.
-
-2011-12-02 NIIBE Yutaka <gniibe@fsij.org>
-
- Fix pinpad input support for passphrase modification.
- + commit bf37c32367ba149559385ee90b6435cef8bd6412
- * apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
- (pcsc_keypad_modify): Likewise.
- (pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
- bConfirmPIN value is determined by the parameter p0.
-
- * app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
- reset_mode is on, or resetcode is on. use_keypad only makes sense for
- iso7816_change_reference_data_kp.
-
- * iso7816.h (iso7816_put_data_kp): Remove.
- (iso7816_reset_retry_counter_kp): Remove.
- (iso7816_reset_retry_counter_with_rc_kp): Remove.
- (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
-
- * iso7816.c (iso7816_put_data_kp): Remove.
- (iso7816_reset_retry_counter_kp): Remove.
- (iso7816_reset_retry_counter_with_rc_kp): Remove.
- (iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
-
-2011-12-01 Werner Koch <wk@gnupg.org>
-
- Add hook to check the commit log syntax.
- + commit 29e96e6b9a8e68e6554dd48bc2ce68ae9525d29f
- * autogen.sh: Install commit-msg hook for git.
-
- Generate the ChangeLog from commit logs.
- + commit 2336b09779d313c1594acf6df3bd8a8486e90458
- * scripts/gitlog-to-changelog: New script. Taken from gnulib.
- * scripts/git-log-fix: New file.
- * scripts/git-log-footer: New file.
- * doc/HACKING: Describe the ChangeLog policy
- * ChangeLog: New file.
- * Makefile.am (EXTRA_DIST): Add new files.
- (gen-ChangeLog): New.
- (dist-hook): Run gen-ChangeLog.
-
- Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 Werner Koch <wk@gnupg.org>