From wk at gnupg.org Mon Feb 3 14:18:25 2025 From: wk at gnupg.org (Werner Koch) Date: Mon, 03 Feb 2025 14:18:25 +0100 Subject: [gnupg] Update to po/pt.po In-Reply-To: <874j1btkr7.fsf@lispclub.com> (Daniel Cerqueira's message of "Mon, 03 Feb 2025 09:55:56 +0000") References: <874j1btkr7.fsf@lispclub.com> Message-ID: <87seovkvz2.fsf@jacob.g10code.de> Hi! Thanks for the update. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From dkg at fifthhorseman.net Tue Feb 4 04:56:21 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 3 Feb 2025 22:56:21 -0500 Subject: [PATCH GnuPG] options: drop opt.flags.rfc4880bis (no longer in use) Message-ID: <20250204035621.896845-1-dkg@fifthhorseman.net> g10/options.h (opt): remove unused flags member rfc4880bis (not used). -- Signed-off-by: Daniel Kahn Gillmor --- g10/options.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/g10/options.h b/g10/options.h index 6f5017196..2f73a9cf4 100644 --- a/g10/options.h +++ b/g10/options.h @@ -285,8 +285,6 @@ struct unsigned int disable_signer_uid:1; unsigned int include_key_block:1; unsigned int auto_key_import:1; - /* Flag to enable experimental features from RFC4880bis. */ - unsigned int rfc4880bis:1; /* Hack: --output is not given but OUTFILE was temporary set to "-". */ unsigned int dummy_outfile:1; /* Force the use of the OpenPGP card and do not allow the use of -- 2.47.2 From dkg at fifthhorseman.net Tue Feb 4 05:52:59 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 3 Feb 2025 23:52:59 -0500 Subject: [PATCH GnuPG STABLE-BRANCH-2-4] gpg: Sync compliance mode cleanup with master Message-ID: <20250204045259.950267-1-dkg@fifthhorseman.net> * g10/gpg.c (set_compliance_option): Clean up option settings for compliance modes. * doc/gpg.texi: note that --allow-old-cipher-algos must come after any compliance setting. -- This makes it possible to reset all options affected by any non-gnupg compliance mode to their default values by using --compliance=gnupg. This synchronizes the compliance mode behaviors with the master branch, including commits: - 54a8770aeb20eb9e18b5e95e51c376ec7820f8f6 - 0bdf5859935e3db15baaf5d0d96b723ddbd2acd5 - 04d58ff8475575f22a5ee1fb8c4f2c2dca0b5522 - aa46ba28ba75fc479b407c572c723b51b22d4a73 - 4b2729b983bf3c6c1186ebdf1962f64d8cb1b3a1 - c2ff47d5bcd2953fc2095ef2242af2c7e9cd4420 GnuPG-Bug-id: 7501 Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 4 +++- g10/gpg.c | 51 +++++++++++++++++++++++++++++---------------------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 7e80a293a..474ed66ac 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3691,7 +3691,9 @@ blocks of 64 bits; modern algorithms use blocks of 128 bit instead. To avoid certain attack on these old algorithms it is suggested not to encrypt more than 150 MiByte using the same key. For this reason gpg does not allow the use of 64 bit block size algorithms for encryption -unless this option is specified. +unless this option is specified. Some compliance modes already set or +clear this flag and thus this flag should be used after a compliance +mode setting. @item --allow-weak-digest-algos @opindex allow-weak-digest-algos diff --git a/g10/gpg.c b/g10/gpg.c index 1a96db989..d9daade72 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2265,17 +2265,14 @@ set_compliance_option (enum cmd_and_opt_values option) { switch (option) { - case oOpenPGP: - case oRFC4880: - /* This is effectively the same as RFC2440, but with - "--enable-dsa2 --no-rfc2440-text --escape-from-lines - --require-cross-certification". */ - opt.compliance = CO_RFC4880; - opt.flags.dsa2 = 1; + case oGnuPG: + /* set up default options affected by policy compliance: */ + opt.compliance = CO_GNUPG; + opt.flags.dsa2 = 0; opt.flags.require_cross_cert = 1; opt.rfc2440_text = 0; - opt.allow_non_selfsigned_uid = 1; - opt.allow_freeform_uid = 1; + opt.allow_non_selfsigned_uid = 0; + opt.allow_freeform_uid = 0; opt.escape_from = 1; opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; @@ -2283,35 +2280,45 @@ set_compliance_option (enum cmd_and_opt_values option) opt.cert_digest_algo = 0; opt.compress_algo = -1; opt.s2k_mode = 3; /* iterated+salted */ + opt.s2k_digest_algo = 0; + opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; + break; + case oOpenPGP: + case oRFC4880: + set_compliance_option (oGnuPG); + /* This is effectively the same as RFC2440, but with + "--enable-dsa2 --no-rfc2440-text --escape-from-lines + --require-cross-certification". */ + opt.compliance = CO_RFC4880; + opt.flags.dsa2 = 1; + opt.allow_non_selfsigned_uid = 1; + opt.allow_freeform_uid = 1; opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; break; case oRFC2440: + set_compliance_option (oGnuPG); opt.compliance = CO_RFC2440; - opt.flags.dsa2 = 0; + opt.flags.require_cross_cert = 0; opt.rfc2440_text = 1; opt.allow_non_selfsigned_uid = 1; opt.allow_freeform_uid = 1; opt.escape_from = 0; - opt.not_dash_escaped = 0; - opt.def_cipher_algo = 0; - opt.def_digest_algo = 0; - opt.cert_digest_algo = 0; - opt.compress_algo = -1; - opt.s2k_mode = 3; /* iterated+salted */ opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; break; - case oPGP7: opt.compliance = CO_PGP7; break; - case oPGP8: opt.compliance = CO_PGP8; break; - case oGnuPG: - opt.compliance = CO_GNUPG; + case oPGP7: + set_compliance_option (oGnuPG); + opt.compliance = CO_PGP7; + break; + case oPGP8: + set_compliance_option (oGnuPG); + opt.compliance = CO_PGP8; break; - case oDE_VS: - set_compliance_option (oOpenPGP); + set_compliance_option (oGnuPG); opt.compliance = CO_DE_VS; /* We divert here from the backward compatible rfc4880 algos. */ opt.s2k_digest_algo = DIGEST_ALGO_SHA256; -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 00:46:07 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:07 -0500 Subject: [PATCH GnuPG 4/5] compliance: add gnupg_compliance_label In-Reply-To: <20250204234906.1713904-1-dkg@fifthhorseman.net> References: <20250204234906.1713904-1-dkg@fifthhorseman.net> Message-ID: <20250204234906.1713904-5-dkg@fifthhorseman.net> * common/compliance.c (gnupg_compliance_label) new function, prototyped... * common/compliance.h: ...here. --- This will be useful when we need to display the current compliance mode to the user. Signed-off-by: Daniel Kahn Gillmor --- common/compliance.c | 7 +++++++ common/compliance.h | 2 ++ 2 files changed, 9 insertions(+) diff --git a/common/compliance.c b/common/compliance.c index 6c271c199..9707f3a20 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -782,6 +782,13 @@ gnupg_parse_compliance_option (const char *string, return -1; } +/* Return label for the given COMPLIANCE mode. */ +const char * +gnupg_compliance_label (enum gnupg_compliance_mode compliance) +{ + /* just offset by strlen("--compliance=") */ + return gnupg_compliance_option_string (compliance) + 13; +} /* Return the command line option for the given COMPLIANCE mode. */ const char * diff --git a/common/compliance.h b/common/compliance.h index 111fdc74b..2ddf38f83 100644 --- a/common/compliance.h +++ b/common/compliance.h @@ -91,6 +91,8 @@ int gnupg_parse_compliance_option (const char *string, int quiet); const char *gnupg_compliance_option_string (enum gnupg_compliance_mode compliance); +const char *gnupg_compliance_label (enum gnupg_compliance_mode + compliance); void gnupg_set_compliance_extra_info (unsigned int min_rsa); -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 00:46:06 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:06 -0500 Subject: [PATCH GnuPG 3/5] gpg: use rsa3072 for legacy compliance modes In-Reply-To: <20250204234906.1713904-1-dkg@fifthhorseman.net> References: <20250204234906.1713904-1-dkg@fifthhorseman.net> Message-ID: <20250204234906.1713904-4-dkg@fifthhorseman.net> * doc/gpg.texi (default-new-key-algo): Remind the user that this should come after any compliance modes, like --allow-old-cipher-algos. -- GnuPG-bug-id: 7511 Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 3 ++- g10/gpg.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 7a709d170..5572cba7d 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3848,7 +3848,8 @@ generation. The @var{string} is similar to the arguments required for the command @option{--quick-add-key} but slightly different. You need to consult the source code to learn the details. Note that the advanced key generation commands can always be used to specify a key -algorithm directly. +algorithm directly. Setting a compliance mode will set or clear this +flag, so it should only be used after a compliance mode setting. @item --no-auto-trust-new-key @opindex no-auto-trust-new-key diff --git a/g10/gpg.c b/g10/gpg.c index 994b83b94..e16c92373 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2295,6 +2295,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = 0; opt.s2k_cipher_algo = DEFAULT_CIPHER_ALGO; opt.flags.allow_old_cipher_algos = 0; + opt.def_new_key_algo = NULL; break; case oOpenPGP: @@ -2310,6 +2311,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; + opt.def_new_key_algo = "rsa3072/cert,sign+rsa3072/encr"; break; case oRFC2440: @@ -2323,6 +2325,7 @@ set_compliance_option (enum cmd_and_opt_values option) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_3DES; opt.flags.allow_old_cipher_algos = 1; + opt.def_new_key_algo = "rsa3072/cert,sign+rsa3072/encr"; break; case oPGP7: -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 00:46:08 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:08 -0500 Subject: [PATCH GnuPG 5/5] gpg: Emit only RSA, DSA, and ElGamal with legacy compliance modes In-Reply-To: <20250204234906.1713904-1-dkg@fifthhorseman.net> References: <20250204234906.1713904-1-dkg@fifthhorseman.net> Message-ID: <20250204234906.1713904-6-dkg@fifthhorseman.net> * g10/keygen.c (parse_key_parameter_part): when using a legacy compliance mode, ensure that new keys are only algorithms known by the corresponding tools. -- GnuPG-bug-id: 7511 Signed-off-by: Daniel Kahn Gillmor --- g10/keygen.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/g10/keygen.c b/g10/keygen.c index 185585e3f..10a2eb9a1 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3998,6 +3998,15 @@ parse_key_parameter_part (ctrl_t ctrl, else return gpg_error (GPG_ERR_UNKNOWN_CURVE); + if ((RFC4880||RFC2440||PGP8||PGP7) && + (algo != PUBKEY_ALGO_RSA) && + (algo != PUBKEY_ALGO_DSA) && + (algo != PUBKEY_ALGO_ELGAMAL_E)) { + log_error (_("Cannot generate pubkey algorithm \"%s\" in compliance mode: %s\n"), + string, gnupg_compliance_label (opt.compliance)); + return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + } + /* Parse the flags. */ keyuse = 0; if (flags) -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 00:46:03 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:03 -0500 Subject: Generate compatible keys in legacy compliance modes (T7511) Message-ID: <20250204234906.1713904-1-dkg@fifthhorseman.net> The following series of 5 patches attempt to ensure that using gpg with --compliance=rfc4880 (or earlier compliance modes), the OpenPGP keys produced will be readable by clients that only implement the particular legacy standard. This is intended to address https://dev.gnupg.org/T7511 Happy to hear feedback on it! Regards, --dkg From dkg at fifthhorseman.net Wed Feb 5 00:46:04 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:04 -0500 Subject: [PATCH GnuPG 1/5] doc: Update documentation of compliance modes In-Reply-To: <20250204234906.1713904-1-dkg@fifthhorseman.net> References: <20250204234906.1713904-1-dkg@fifthhorseman.net> Message-ID: <20250204234906.1713904-2-dkg@fifthhorseman.net> * doc/gpg.texi (Compliance Options): --gnupg offers LibrePGP behavior, and prefers LibrePGP where it diverges from OpenPGP; --rfc4880bis is an alias for --gnupg; Explain that --rfc2440 is ancient; correct punctuation. -- Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 9a621c89b..ab475c085 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3078,12 +3078,11 @@ options. @item --gnupg @opindex gnupg -Use standard GnuPG behavior. This is essentially OpenPGP behavior (see - at option{--openpgp}), but with extension from the proposed update to -OpenPGP and with some additional workarounds for common compatibility -problems in different versions of PGP. This is the default option, so -it is not generally needed, but it may be useful to override a -different compliance option in the gpg.conf file. +Use standard GnuPG behavior. This is now LibrePGP behavior, which is a +different draft protocol that overlaps in some cases with +OpenPGP. This is the default option, so it is not generally needed, +but it may be useful to override a different compliance option in the +gpg.conf file. @item --openpgp @opindex openpgp @@ -3102,21 +3101,20 @@ Note that this is currently the same thing as @option{--openpgp}. @item --rfc4880bis @opindex rfc4880bis -Reset all packet, cipher and digest options to strict according to the -proposed updates of RFC-4880. +This option is obsolete; it is handled as an alias for @option{--gnupg}. @item --rfc2440 @opindex rfc2440 -Reset all packet, cipher and digest options to strict RFC-2440 -behavior. Note that by using this option encryption packets are -created in a legacy mode without MDC protection. This is dangerous -and should thus only be used for experiments. This option implies - at option{--allow-old-cipher-algos}. See also option - at option{--ignore-mdc-error}. +Set all packet, cipher and digest options to strict RFC-2440 behavior. +RFC-2440 is a very old version of OpenPGP. Note that by using this +option encryption packets are created in a legacy mode without MDC +protection. This is dangerous and should thus only be used for +experiments. This option implies @option{--allow-old-cipher-algos}. +See also option @option{--ignore-mdc-error}. @item --pgp6 @opindex pgp6 -This option is obsolete; it is handled as an alias for @option{--pgp7} +This option is obsolete; it is handled as an alias for @option{--pgp7}. @item --pgp7 @opindex pgp7 -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 00:46:05 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Tue, 4 Feb 2025 18:46:05 -0500 Subject: [PATCH GnuPG 2/5] doc: drop incorrect information about --default-new-key-algo In-Reply-To: <20250204234906.1713904-1-dkg@fifthhorseman.net> References: <20250204234906.1713904-1-dkg@fifthhorseman.net> Message-ID: <20250204234906.1713904-3-dkg@fifthhorseman.net> * doc/gpg.texi (default-new-key-algo): drop incorrect information about defaults. -- The claimed default (rsa2048) is not set in the codebase at all. Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index ab475c085..7a709d170 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3845,13 +3845,10 @@ absolute date in the form YYYY-MM-DD. Defaults to "0". @opindex default-new-key-algo @var{string} This option can be used to change the default algorithms for key generation. The @var{string} is similar to the arguments required for -the command @option{--quick-add-key} but slightly different. For -example the current default of @code{"rsa2048/cert,sign+rsa2048/encr"} -(or @code{"rsa3072"}) can be changed to the value of what we currently -call future default, which is @code{"ed25519/cert,sign+cv25519/encr"}. -You need to consult the source code to learn the details. Note that -the advanced key generation commands can always be used to specify a -key algorithm directly. +the command @option{--quick-add-key} but slightly different. You need +to consult the source code to learn the details. Note that the +advanced key generation commands can always be used to specify a key +algorithm directly. @item --no-auto-trust-new-key @opindex no-auto-trust-new-key -- 2.47.2 From dkg at fifthhorseman.net Wed Feb 5 20:53:38 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 5 Feb 2025 14:53:38 -0500 Subject: [PATCH GnuPG] gpg: default digest should be SHA1 only in --rfc2440 or --pgp7 Message-ID: <20250205195338.2472273-1-dkg@fifthhorseman.net> * g10/main.h (DEFAULT_DIGEST_ALGO): default to SHA256 except for archaic compliance modes. -- RFC 4880 specifies the 256-bit variant of SHA2, and any compatible client in the last 10 years. According to doc/gpg.texi, PGP 8 also supports SHA 256. There's no clear reason to default to SHA1 for compatibility with those clients. (RFC 2440 and PGP7 don't support SHA256, so leave that alone. GnuPG-bug-id: 7516 Signed-off-by: Daniel Kahn Gillmor --- g10/main.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/g10/main.h b/g10/main.h index 546a0b5b8..ffed41613 100644 --- a/g10/main.h +++ b/g10/main.h @@ -41,7 +41,7 @@ # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_3DES #endif -#define DEFAULT_DIGEST_ALGO ((GNUPG)? DIGEST_ALGO_SHA256:DIGEST_ALGO_SHA1) +#define DEFAULT_DIGEST_ALGO ((PGP7||RFC2440)? DIGEST_ALGO_SHA1:DIGEST_ALGO_SHA256) #define DEFAULT_S2K_DIGEST_ALGO DEFAULT_DIGEST_ALGO #ifdef HAVE_ZIP # define DEFAULT_COMPRESS_ALGO COMPRESS_ALGO_ZIP -- 2.47.2 From ametzler at bebt.de Thu Feb 6 18:01:58 2025 From: ametzler at bebt.de (Andreas Metzler) Date: Thu, 6 Feb 2025 18:01:58 +0100 Subject: split-off gpgmepp - testsuite Message-ID: Hello, I have taken a first look at https://dev.gnupg.org/source/gpgmepp.git (Thanks, BTW for splitting bindingigs from the library.) Some test binaries are built ... (sid)ametzler at argenau:/tmp/GPGMEPP/gpgmepp$ ls build/tests/ CMakeFiles Makefile run-getkey run-verify CTestTestfile.cmake cmake_install.cmake run-keylist run-wkdlookup .. however "make test" is no-op. - Is there something non-obvious I missing here? cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From gpg at samoverton.dev Sun Feb 9 03:09:16 2025 From: gpg at samoverton.dev (Sam Overton) Date: Sun, 9 Feb 2025 03:09:16 +0100 Subject: [PATCH GnuPG] agent: add pinentry-ignored-env configuration parameter In-Reply-To: <> References: <> Message-ID: <62a5164a-ef76-4a12-8232-f24f71799e6c@samoverton.dev> * The pinentry-ignored-env parameter takes a CSV of environment variables that should not be passed from the client to the pinentry environment. * This allows users running Flatpak applications to resolve the issue where an invalid DBUS_SESSION_BUS_ADDRESS is unavoidably passed from gpg (running inside the Flatpak) to pinentry (running on the host system). Addresses T7522 Signed-off-by: Sam Overton --- agent/agent.h | 4 ++++ agent/call-pinentry.c | 39 +++++++++++++++++++++++++++++++++++++-- agent/gpg-agent.c | 8 ++++++++ 3 files changed, 49 insertions(+), 2 deletions(-) diff --git a/agent/agent.h b/agent/agent.h index 42b167726..ff9a79269 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -175,6 +175,10 @@ struct allow-emacs-prompt is allowed. */ int allow_emacs_pinentry; + /* Comma separated list of environment variables which must not be + passed from the client to pinentry */ + const char *pinentry_ignored_env; + int keep_tty; /* Don't switch the TTY (for pinentry) on request */ int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */ diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index ba37a775e..86897ce29 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -203,6 +203,40 @@ unlock_pinentry (ctrl_t ctrl, gpg_error_t rc) return rc; } +/* Allow configuration of which environment variables from the client to ignore + * when passing to pinentry. This helps to solve problems where the client has + * incorrect settings relative to the environment that the agent is running in, + * in particular DBUS_SESSION_BUS_ADDRESS passed from inside a container. */ +static int +is_ignored_env_var(const char* name) +{ + const char* p = opt.pinentry_ignored_env; + const char* q = NULL; + size_t csv_len = 0; + size_t name_len = 0; + + if (!name || !*name) + return 1; + + if (!opt.pinentry_ignored_env || !*opt.pinentry_ignored_env) + return 0; + + csv_len = strlen(opt.pinentry_ignored_env); + name_len = strlen(name); + + while (p - opt.pinentry_ignored_env < csv_len) + { + /* q points at the NULL terminator if the separator is not found */ + q = strchrnul(p, ','); + + if ((q - p) == name_len && (0 == strncmp(name, p, q - p))) + return 1; + + p = q + 1; + } + + return 0; +} /* Helper for at_fork_cb which can also be called by the parent to * show which envvars will be set. */ @@ -224,10 +258,11 @@ atfork_core (ctrl_t ctrl, int debug_mode) * envvar like "QT_QPA_PLATFORMTHEME=qt5ct" which for example is * useful when using the Qt pinentry under GNOME or XFCE. */ - if (!assname + if ( !is_ignored_env_var(name) && + (!assname || (!opt.keep_display && !strcmp (name, "DISPLAY")) || !strcmp (name, "XAUTHORITY") - || !strcmp (name, "PINENTRY_USER_DATA")) + || !strcmp (name, "PINENTRY_USER_DATA"))) { value = session_env_getenv (ctrl->session_env, name); if (value) diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 758824144..58b2b452b 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -133,6 +133,7 @@ enum cmd_and_opt_values oNoAllowLoopbackPinentry, oNoAllowExternalCache, oAllowEmacsPinentry, + oPinentryIgnoredEnv, oKeepTTY, oKeepDISPLAY, oSSHSupport, @@ -303,6 +304,8 @@ static gpgrt_opt_t opts[] = { "@"), ARGPARSE_s_n (oAllowEmacsPinentry, "allow-emacs-pinentry", N_("allow passphrase to be prompted through Emacs")), + ARGPARSE_s_s (oPinentryIgnoredEnv, "pinentry-ignored-env", + N_("Comma-separated list of environment variables to ignore")), /* Dummy options for backward compatibility. */ @@ -904,6 +907,7 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) opt.allow_external_cache = 1; opt.allow_loopback_pinentry = 1; opt.allow_emacs_pinentry = 0; + opt.pinentry_ignored_env = NULL; memset (opt.disable_daemon, 0, sizeof opt.disable_daemon); disable_check_own_socket = 0; /* Note: When changing the next line, change also gpgconf_list. */ @@ -1007,6 +1011,10 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) case oAllowEmacsPinentry: opt.allow_emacs_pinentry = 1; break; + case oPinentryIgnoredEnv: + opt.pinentry_ignored_env = pargs->r.ret_str; + break; + case oSSHFingerprintDigest: i = gcry_md_map_name (pargs->r.ret_str); if (!i) -- 2.47.2 From ramon.garcia.f at gmail.com Mon Feb 10 00:40:28 2025 From: ramon.garcia.f at gmail.com (ramon.garcia.f at gmail.com) Date: Sun, 9 Feb 2025 15:40:28 -0800 Subject: Submission of GnuPG Developer's Certificate of Origin Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, In order to contribute to GnuPG I am sending this signed Developer's Certificate of Origin GnuPG Developer's Certificate of Origin. Version 1.0 ===================================================== By making a contribution to the GnuPG project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the free software license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate free software license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same free software license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the free software license(s) involved. Signed-off-by: Ram?n Garc?a Fern?ndez ramon.garcia.f at gmail.com -----BEGIN PGP SIGNATURE----- Version: Mailvelope v6.0.1 Comment: https://mailvelope.com wnUEARYKACcFgmepPOwJkG0O0IW8i48PFiEEZrJ8+nOavSn3AweWbQ7QhbyL jw8AACo0AQDq0+HbmlF/AovDJsm0U+5MAL0VbxhmRgntltzitixX7gD/YfFR fy1r7tRYfwBzt9O8ViThxBUzac3GpXtN7fUY3w4= =jYLl -----END PGP SIGNATURE----- From kloecker at kde.org Tue Feb 11 11:16:44 2025 From: kloecker at kde.org (Ingo =?UTF-8?B?S2zDtmNrZXI=?=) Date: Tue, 11 Feb 2025 11:16:44 +0100 Subject: split-off gpgmepp - testsuite Message-ID: <2727377.lGaqSPkdTl@daneel> Andreas Metzler wrote: > I have taken a first look at https://dev.gnupg.org/source/gpgmepp.git > (Thanks, BTW for splitting bindingigs from the library.) > Some test binaries are built ... > (sid)ametzler at argenau:/tmp/GPGMEPP/gpgmepp$ ls build/tests/ > CMakeFiles Makefile run-getkey run-verify > CTestTestfile.cmake cmake_install.cmake run-keylist run-wkdlookup > .. however "make test" is no-op. - Is there something non-obvious I > missing here? The run-* programs need to be run manually (with suitable arguments). They are not automatic tests, but simple example apps that double as apps for manually testing some of the API provided by gpgmepp. Regards, Ingo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part. URL: From wk at gnupg.org Wed Feb 12 15:53:03 2025 From: wk at gnupg.org (Werner Koch) Date: Wed, 12 Feb 2025 15:53:03 +0100 Subject: [Announce] GnuPG 2.5.4 released Message-ID: <87pljndxkg.fsf@jacob.g10code.de> Hello! We are pleased to announce the availability of a new GnuPG release: version 2.5.4. This release is another one in a series of public testing releases eventually leading to a new stable version 2.6. The main features in the 2.6 series are improvements for 64 bit Windows and the introduction of Kyber (FIPS-203) as PQC encryption algorithm. Other than PQC support the 2.6 series will not differ a lot from 2.4 because the majority of changes are internal to make use of newer features from the supporting libraries. What is GnuPG ============= The GNU Privacy Guard (GnuPG, GPG) is a complete and free implementation of the OpenPGP and S/MIME standards. GnuPG allows to encrypt and sign data and communication, features a versatile key management system as well as access modules for public key directories. GnuPG itself is a command line tool with features for easy integration with other applications. The separate library GPGME provides a uniform API to use the GnuPG engine by software written in common programming languages. A wealth of frontend applications and libraries making use of GnuPG are available. As an universal crypto engine GnuPG provides support for S/MIME and Secure Shell in addition to OpenPGP. GnuPG is Free Software (meaning that it respects your freedom). It can be freely used, modified and distributed under the terms of the GNU General Public License. Noteworthy changes in version 2.5.4 (2025-02-12) ================================================ [compared to version 2.5.3] * gpg: New option --disable-pqc-encryption. [rG00c31f8b04] * gpg: Fix --quick-add-key for Weierstrass ECC with usage given. [T7506] * gpg: Fix handling with no CRC armor. [T7071] * gpg: New private Kyber keys are now cross-referenced using a new Link attribute. [T6638] * gpg: Fix an import problem with keys having another primary key as a subkey. [T7527] * gpgsm: Allow unattended PKCS#12 export without passphrase. [rG159e801043] * gpgsm: Allow CSR generation with an unprotected key. [rG89055f24f4] * agent: New option --change-std-env-name. [T7522] * agent: Fix ssh-agent's request_identities for skipped Brainpool keys. [rG2469dc5aae] * Do not package zlib and bzip2 object files in a Speedo release build. [T7442] Release-info: https://dev.gnupg.org/T7480 Getting the Software ==================== Please follow the instructions found at or read on: GnuPG may be downloaded from one of the GnuPG mirror sites or direct from its primary file server. The list of mirrors can be found at . Note that GnuPG is not available at ftp.gnu.org. The GnuPG source code compressed using BZIP2 and its OpenPGP signature are available here: https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.5.4.tar.bz2 (7983k) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.5.4.tar.bz2.sig An installer for Windows without any graphical frontend except for a very minimal Pinentry tool is available here: https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.5.4_20250212.exe (5661k) https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.5.4_20250212.exe.sig The source used to build this installer for 64-bit Windows is available at https://gnupg.org/ftp/gcrypt/gnupg/gnupg-w32-2.5.4_20250212.tar.xz (16M) https://gnupg.org/ftp/gcrypt/gnupg/gnupg-w32-2.5.4_20250212.tar.xz.sig This source tarball may also be used to download all required libraries at once to build a Unix version on any modern system. See the included README. A new Beta version of Gpg4win, our full featured installer for Windows including this version of GnuPG as well as Kleopatra GUI and a PDF editor will soon be available at https://www.gpg4win.org/version5.html Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a version of GnuPG installed, you can simply verify the supplied signature. For example to verify the signature of the file gnupg-2.5.4.tar.bz2 you would use this command: gpg --verify gnupg-2.5.4.tar.bz2.sig gnupg-2.5.4.tar.bz2 This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by one or more of the release signing keys. Make sure that this is a valid key, either by matching the shown fingerprint against a trustworthy list of valid release signing keys or by checking that the key has been signed by trustworthy other keys. See the end of this mail for information on the signing keys. * If you are not able to use an existing version of GnuPG, you have to verify the SHA-1 checksum. On Unix systems the command to do this is either "sha1sum" or "shasum". Assuming you downloaded the file gnupg-2.5.4.tar.bz2, you run the command like this: sha1sum gnupg-2.5.4.tar.bz2 and check that the output matches the next line: 98b3f7161c62882c9cf2efc023bdb9caaf23111a gnupg-2.5.4.tar.bz2 c69f25538a7738a8b9f79310ec99cfb77e2fa497 gnupg-w32-2.5.4_20250212.tar.xz 6febc0963df51c69b5c1752be66fd6b8f4c4b82d gnupg-w32-2.5.4_20250212.exe Internationalization ==================== This version of GnuPG has support for 26 languages with Chinese (traditional and simplified), Czech, French, German, Italian, Japanese, Norwegian, Polish, Portuguese, Russian, Turkish, and Ukrainian being almost completely translated. Documentation and Support ========================= The file gnupg.info has the complete reference manual of the system. Separate man pages are included as well but they miss some of the details available only in the manual. The manual is also available online at https://gnupg.org/documentation/manuals/gnupg/ or can be downloaded as PDF at https://gnupg.org/documentation/manuals/gnupg.pdf You may also want to search the GnuPG mailing list archives or ask on the gnupg-users mailing list for advise on how to solve problems. Most of the new features are around for several years and thus enough public experience is available. https://wiki.gnupg.org has user contributed information around GnuPG and relate software. In case of build problems specific to this release please first check https://dev.gnupg.org/T7480 for updated information. Please consult the archive of the gnupg-users mailing list before reporting a bug: https://gnupg.org/documentation/mailing-lists.html. We suggest to send bug reports for a new release to this list in favor of filing a bug at https://bugs.gnupg.org. If you need commercial support go to https://gnupg.com or https://gnupg.org/service.html. If you are a developer and you need a certain feature for your project, please do not hesitate to bring it to the gnupg-devel mailing list for discussion. Thanks ====== Since 2001 maintenance and development of GnuPG is done by g10 Code GmbH and has mostly been financed by donations. Several full-time employed developers and contractors are working exclusively on GnuPG and closely related software like Libgcrypt, GPGME, Kleopatra and Gpg4win. Fortunately, and this is still not common with free software, we have established a way of financing the development while keeping all our software free and freely available for everyone. Our model is similar to the way RedHat manages RHEL and Fedora: Except for the actual binary of the MSI installer for Windows and client specific configuration files, all the software is available under the GNU GPL and other Open Source licenses. Thus customers may even build and distribute their own version of the software as long as they do not use our trademarks GnuPG Desktop? or GnuPG VS-Desktop?. We like to thank all the nice people who are helping the GnuPG project, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word, answering questions on the mailing lists, or helped with donations. *Thank you all* Your GnuPG hackers p.s. This is an announcement only mailing list. Please send replies only to the gnupg-users at gnupg.org mailing list. List of Release Signing Keys: To guarantee that a downloaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa3072 2017-03-17 [expires: 2027-03-15] 5B80 C575 4298 F0CB 55D8 ED6A BCEF 7E29 4B09 2E28 Andre Heinecke (Release Signing Key) ed25519 2020-08-24 [expires: 2030-06-30] 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA Werner Koch (dist signing 2020) ed25519 2021-05-19 [expires: 2027-04-04] AC8E 115B F73E 2D8D 47FA 9908 E98E 9B2D 19C6 C8BD Niibe Yutaka (GnuPG Release Key) brainpoolP256r1 2021-10-15 [expires: 2029-12-31] 02F3 8DFF 731F F97C B039 A1DA 549E 695E 905B A208 GnuPG.com (Release Signing Key 2021) The keys are available at https://gnupg.org/signature_key.html and in any recently released GnuPG tarball in the file g10/distsigkey.gpg . Note that this mail has been signed by a different key. -- Arguing that you don't care about the right to privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say. - Edward Snowden -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From marco.atzeri at gmail.com Thu Feb 13 15:14:56 2025 From: marco.atzeri at gmail.com (Marco Atzeri) Date: Thu, 13 Feb 2025 15:14:56 +0100 Subject: GnuPG 2.5.4 build failure on Cygwin In-Reply-To: <87pljndxkg.fsf@jacob.g10code.de> References: <87pljndxkg.fsf@jacob.g10code.de> Message-ID: <7f251516-3612-4e06-8134-6daf31484799@gmail.com> Building on Cygwin 64 bit /pub/devel/gnupg2/gnupg2-2.5.4-1.x86_64/src/gnupg-2.5.4/agent/command-ssh.c: In function ?start_command_handler_ssh?: /pub/devel/gnupg2/gnupg2-2.5.4-1.x86_64/src/gnupg-2.5.4/agent/command-ssh.c:3962:19: error: ?SOCKET? undeclared (first use in this function) 3962 | syshd.u.sock = (SOCKET)sock_client; What is supposed to be SOCKET ? For what I see on the 2.4.x series there is only the syshd.u.sock = sock_client assignment. Posix does not define "SOCKET" in sys/socket.h https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/sys_socket.h.html From wk at gnupg.org Fri Feb 14 17:54:47 2025 From: wk at gnupg.org (Werner Koch) Date: Fri, 14 Feb 2025 17:54:47 +0100 Subject: GnuPG 2.5.4 build failure on Cygwin In-Reply-To: <7f251516-3612-4e06-8134-6daf31484799@gmail.com> (Marco Atzeri via Gnupg-devel's message of "Thu, 13 Feb 2025 15:14:56 +0100") References: <87pljndxkg.fsf@jacob.g10code.de> <7f251516-3612-4e06-8134-6daf31484799@gmail.com> Message-ID: <87tt8wcvqg.fsf@jacob.g10code.de> On Thu, 13 Feb 2025 15:14, Marco Atzeri said: > Building on Cygwin 64 bit > What is supposed to be SOCKET ? This is used by Windows; configure.ac has this test: # Check SOCKET type for Windows. AC_CHECK_TYPES([SOCKET], [], [], [[#include "winsock2.h"]]) > Posix does not define "SOCKET" in sys/socket.h Cygwin is a mix of WIndows and Posix and thus you will run into such problems. Cygwin is not supported by GnuPG because you can build it native for Windows or use it with WSL. I would suggest to run configure this way ./configure ac_cv_type_SOCKET=no to tell the test that there is no SOCKET type on your system. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From jp9zs1y8 at anonaddy.me Sun Feb 16 02:10:50 2025 From: jp9zs1y8 at anonaddy.me (jp9zs1y8 at anonaddy.me) Date: Sun, 16 Feb 2025 01:10:50 +0000 Subject: warn users that --export-secret-ssh-key option doesn't work Message-ID: <873554c4448a3149295b8c7b4ecf3297@anonaddy.me> users can't export ed25519 gpg keys to ssh format right now:?https://lists.gnupg.org/pipermail/gnupg-users/2017-May/058172.html? --export-secret-ssh-key implies this functionality, but it was confirmed that option doesn't work: https://dev.gnupg.org/T5840 yet as of gpg --version gpg (GnuPG) 2.4.7 when you try to use this option it doesn't tell you that it doesn't work: gpg --export-secret-ssh-key gpg: key "" not found: Not a Keygrip i think we should add warning to avoid confusion: --export-secret-ssh-key not implemented yet best, jp9zs1y8 From ramon.garcia.f at gmail.com Sun Feb 16 22:54:30 2025 From: ramon.garcia.f at gmail.com (=?UTF-8?B?UmFtw7NuIEdhcmPDrWE=?=) Date: Sun, 16 Feb 2025 22:54:30 +0100 Subject: Gpgsm should skip expired certificates when there is a valid one Message-ID: Hello, I found that gpgsm cannot cope correctly with the situation of renewing an expired certificate, but wanting to keep it in case one has to decrypt an old file. Gpgsm gives an error saying that a certificate is expired, if it is the first one that it finds given the user arguments. It looks like this is not the desired behaviour (see, for instance, https://gnupg-users.gnupg.narkive.com/fLeWRzw7/gpgsm-and-expired-certificates ). So I wrote a patch to correct this behaviour. I am going to post it here. By the way, it would be much easier to contribute with an interface based on pull requests like Github/Bitbucket/Gitlab/... Preparing a patch by email is complicated and discourages contributions. From ramon.garcia.f at gmail.com Sun Feb 16 23:00:04 2025 From: ramon.garcia.f at gmail.com (=?UTF-8?B?UmFtw7NuIEdhcmPDrWE=?=) Date: Sun, 16 Feb 2025 23:00:04 +0100 Subject: =?UTF-8?Q?=5BPATCH_gnupg_1=2F4=5D_sm=3A_select_unexpired_certificates_?= =?UTF-8?Q?skipping_exipired_=C2=A0ones?= In-Reply-To: References: Message-ID: This enables the user to select a certificate by subject, and keep old expired certificates in the store in case he wishes to decrypt or verify an old file. This makes renewal of certificate smoother. * sm/certchain.c sm/gpgsm.h: publish the function check_validity_period_cm * sm/certlist.h: if a expired certificate is found, continue looking for another one --- sm/certchain.c | 2 +- sm/certlist.c | 47 +++++++++++++++++++++++++++++++++++++++-------- sm/gpgsm.h | 5 +++++ 3 files changed, 45 insertions(+), 9 deletions(-) diff --git a/sm/certchain.c b/sm/certchain.c index 16449fb02..01ccac907 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -1433,7 +1433,7 @@ check_validity_period (ksba_isotime_t current_time, model. The extra constraint here is that notBefore and notAfter must exists and if the additional argument CHECK_TIME is given this time is used to check the validity period of SUBJECT_CERT. */ -static gpg_error_t +gpg_error_t check_validity_period_cm (ksba_isotime_t current_time, ksba_isotime_t check_time, ksba_cert_t subject_cert, diff --git a/sm/certlist.c b/sm/certlist.c index 53d90ac30..6c5080a69 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -337,6 +337,9 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, KEYDB_SEARCH_DESC desc; KEYDB_HANDLE kh = NULL; ksba_cert_t cert = NULL; + ksba_isotime_t current_time = {0, }; + ksba_isotime_t exp_time = {0, }; + int current_time_loaded = 0; rc = classify_user_id (name, &desc, 0); if (!rc) @@ -364,7 +367,18 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, first_issuer = ksba_cert_get_issuer (cert, 0); } rc = secret? gpgsm_cert_use_sign_p (cert, 0) - : gpgsm_cert_use_encrypt_p (cert); + : + gpgsm_cert_use_encrypt_p (cert); + if (!rc) + { + if (!current_time_loaded) + { + gnupg_get_isotime (current_time); + current_time_loaded = 1; + } + rc = check_validity_period_cm (current_time, current_time, + cert, exp_time, 0, NULL, 0); + } if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE) { /* There might be another certificate with the @@ -383,6 +397,13 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, wrong_usage = rc; } + else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED) + { + ksba_cert_release (cert); + cert = NULL; + log_info (_("looking for another certificate\n")); + goto get_next; + } } /* We want the error code from the first match in this case. */ if (rc && wrong_usage) @@ -416,17 +437,27 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, keybox). */ if (!keydb_get_cert (kh, &cert2)) { + if (!current_time_loaded) + { + gnupg_get_isotime (current_time); + current_time_loaded = 1; + } int tmp = (same_subject_issuer (first_subject, first_issuer, cert2) - && ((gpg_err_code ( - secret? gpgsm_cert_use_sign_p (cert2,0) - : gpgsm_cert_use_encrypt_p (cert2) - ) - ) == GPG_ERR_WRONG_KEY_USAGE)); + && (((gpg_err_code ( + secret ? + gpgsm_cert_use_sign_p (cert2, 0) : + gpgsm_cert_use_encrypt_p (cert2))) + == GPG_ERR_WRONG_KEY_USAGE) + || gpg_err_code ( + check_validity_period_cm (current_time, + current_time, cert, + exp_time, 0, NULL, + 0)) + == GPG_ERR_CERT_EXPIRED)); if (tmp) - gpgsm_add_cert_to_certlist (ctrl, cert2, - &dup_certs, 0); + gpgsm_add_cert_to_certlist (ctrl, cert2, &dup_certs, 0); else { if (is_cert_in_certlist (cert2, dup_certs)) diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 78efe2379..36d5b99e7 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -441,6 +441,11 @@ int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, int listmode, estream_t listfp, unsigned int flags, unsigned int *retflags); +gpg_error_t check_validity_period_cm (ksba_isotime_t current_time, + ksba_isotime_t check_time, + ksba_cert_t subject_cert, + ksba_isotime_t exptime, + int listmode, estream_t listfp, int depth); int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert); /*-- certlist.c --*/ -- 2.43.0 From ramon.garcia.f at gmail.com Sun Feb 16 23:02:24 2025 From: ramon.garcia.f at gmail.com (=?UTF-8?B?UmFtw7NuIEdhcmPDrWE=?=) Date: Sun, 16 Feb 2025 23:02:24 +0100 Subject: [PATCH gnupg 2/4] sm: Also skip certificates too young In-Reply-To: References:

Message-ID: * sm/certlist.c: Skip certificates not yet valid --- sm/certlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sm/certlist.c b/sm/certlist.c index 6c5080a69..a343efe64 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -397,7 +397,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, wrong_usage = rc; } - else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED) + else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED || gpg_err_code (rc) == GPG_ERR_CERT_TOO_YOUNG) { ksba_cert_release (cert); cert = NULL; -- 2.43.0 From ramon.garcia.f at gmail.com Sun Feb 16 23:07:48 2025 From: ramon.garcia.f at gmail.com (=?UTF-8?B?UmFtw7NuIEdhcmPDrWE=?=) Date: Sun, 16 Feb 2025 23:07:48 +0100 Subject: [PATCH gnupg 3/4] Avoid increasing error count when enumerating an expired certificate. In-Reply-To: References:

Message-ID: * sm/gpgsh.h sm/certchain.c: Add a parameter to check_validity_period_cm to prevent generation of errors that cause the program to abort later. * sm/certlist.c: Request check_validity_period_cm not to generate an error when a certificate expiration is checked. --- sm/certchain.c | 96 ++++++++++++++++++++++++++++---------------------- sm/certlist.c | 4 +-- sm/gpgsm.h | 2 +- 3 files changed, 57 insertions(+), 45 deletions(-) diff --git a/sm/certchain.c b/sm/certchain.c index 01ccac907..f755b9997 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -1438,7 +1438,7 @@ check_validity_period_cm (ksba_isotime_t current_time, ksba_isotime_t check_time, ksba_cert_t subject_cert, ksba_isotime_t exptime, - int listmode, estream_t listfp, int depth) + int listmode, estream_t listfp, int depth, int dont_log_expired) { gpg_error_t err; ksba_isotime_t not_before, not_after; @@ -1454,22 +1454,28 @@ check_validity_period_cm (ksba_isotime_t current_time, } if (!*not_before || !*not_after) { - do_list (1, listmode, listfp, - _("required certificate attributes missing: %s%s%s"), - !*not_before? "notBefore":"", - (!*not_before && !*not_after)? ", ":"", - !*not_before? "notAfter":""); + if (!dont_log_expired) + { + do_list (1, listmode, listfp, + _("required certificate attributes missing: %s%s%s"), + !*not_before? "notBefore":"", + (!*not_before && !*not_after)? ", ":"", + !*not_before? "notAfter":""); + } return gpg_error (GPG_ERR_BAD_CERT); } if (strcmp (not_before, not_after) > 0 ) { - do_list (1, listmode, listfp, - _("certificate with invalid validity")); - log_info (" (valid from "); - dump_isotime (not_before); - log_printf (" expired at "); - dump_isotime (not_after); - log_printf (")\n"); + if (!dont_log_expired) + { + do_list (1, listmode, listfp, + _("certificate with invalid validity")); + log_info (" (valid from "); + dump_isotime (not_before); + log_printf (" expired at "); + dump_isotime (not_after); + log_printf (")\n"); + } return gpg_error (GPG_ERR_BAD_CERT); } @@ -1480,15 +1486,18 @@ check_validity_period_cm (ksba_isotime_t current_time, if (strcmp (current_time, not_before) < 0 ) { - do_list (1, listmode, listfp, - depth == 0 ? _("certificate not yet valid") : - depth == -1 ? _("root certificate not yet valid") : - /* other */ _("intermediate certificate not yet valid")); - if (!listmode) + if (!dont_log_expired) { - log_info (" (valid from "); - dump_isotime (not_before); - log_printf (")\n"); + do_list (1, listmode, listfp, + depth == 0 ? _("certificate not yet valid") : + depth == -1 ? _("root certificate not yet valid") : + /* other */ _("intermediate certificate not yet valid")); + if (!listmode) + { + log_info (" (valid from "); + dump_isotime (not_before); + log_printf (")\n"); + } } return gpg_error (GPG_ERR_CERT_TOO_YOUNG); } @@ -1497,27 +1506,30 @@ check_validity_period_cm (ksba_isotime_t current_time, && (strcmp (check_time, not_before) < 0 || strcmp (check_time, not_after) > 0)) { - /* Note that we don't need a case for the root certificate - because its own consistency has already been checked. */ - do_list(opt.ignore_expiration?0:1, listmode, listfp, - depth == 0 ? - _("signature not created during lifetime of certificate") : - depth == 1 ? - _("certificate not created during lifetime of issuer") : - _("intermediate certificate not created during lifetime " - "of issuer")); - if (!listmode) + if (!dont_log_expired) { - log_info (depth== 0? _(" ( signature created at ") : - /* */ _(" (certificate created at ") ); - dump_isotime (check_time); - log_printf (")\n"); - log_info (depth==0? _(" (certificate valid from ") : - /* */ _(" ( issuer valid from ") ); - dump_isotime (not_before); - log_info (" to "); - dump_isotime (not_after); - log_printf (")\n"); + /* Note that we don't need a case for the root certificate + because its own consistency has already been checked. */ + do_list(opt.ignore_expiration?0:1, listmode, listfp, + depth == 0 ? + _("signature not created during lifetime of certificate") : + depth == 1 ? + _("certificate not created during lifetime of issuer") : + _("intermediate certificate not created during lifetime " + "of issuer")); + if (!listmode) + { + log_info (depth== 0? _(" ( signature created at ") : + /* */ _(" (certificate created at ") ); + dump_isotime (check_time); + log_printf (")\n"); + log_info (depth==0? _(" (certificate valid from ") : + /* */ _(" ( issuer valid from ") ); + dump_isotime (not_before); + log_info (" to "); + dump_isotime (not_after); + log_printf (")\n"); + } } if (opt.ignore_expiration) log_info ("WARNING: ignoring expiration\n"); @@ -1737,7 +1749,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) ) rc = check_validity_period_cm (current_time, check_time, subject_cert, exptime, listmode, listfp, - (depth && is_root)? -1: depth); + (depth && is_root)? -1: depth, 0); else rc = check_validity_period (current_time, subject_cert, exptime, listmode, listfp, diff --git a/sm/certlist.c b/sm/certlist.c index a343efe64..c868d378b 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -377,7 +377,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, current_time_loaded = 1; } rc = check_validity_period_cm (current_time, current_time, - cert, exp_time, 0, NULL, 0); + cert, exp_time, 0, NULL, 0, 1); } if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE) { @@ -454,7 +454,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, check_validity_period_cm (current_time, current_time, cert, exp_time, 0, NULL, - 0)) + 0, 1)) == GPG_ERR_CERT_EXPIRED)); if (tmp) gpgsm_add_cert_to_certlist (ctrl, cert2, &dup_certs, 0); diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 36d5b99e7..cb5269c74 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -445,7 +445,7 @@ gpg_error_t check_validity_period_cm (ksba_isotime_t current_time, ksba_isotime_t check_time, ksba_cert_t subject_cert, ksba_isotime_t exptime, - int listmode, estream_t listfp, int depth); + int listmode, estream_t listfp, int depth, int dont_log_expired); int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert); /*-- certlist.c --*/ -- 2.43.0 From ramon.garcia.f at gmail.com Sun Feb 16 23:09:24 2025 From: ramon.garcia.f at gmail.com (=?UTF-8?B?UmFtw7NuIEdhcmPDrWE=?=) Date: Sun, 16 Feb 2025 23:09:24 +0100 Subject: [PATCH gnupg 4/4] Fix error message if all selected certificates are expired. In-Reply-To: References:

Message-ID: If all selected certificates are expired, don't mislead the user saying that no certificate was found. Instead, return the error of the first certificate selected. * sm/certlist.c: if one expired certificate was found, don't return no certificate found, return instead the expiration error --- sm/certlist.c | 40 ++++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 14 deletions(-) diff --git a/sm/certlist.c b/sm/certlist.c index c868d378b..a82ad442c 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -352,6 +352,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, int wrong_usage = 0; char *first_subject = NULL; char *first_issuer = NULL; + int expired = 0; get_next: rc = keydb_search (ctrl, kh, &desc, 1); @@ -399,6 +400,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, } else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED || gpg_err_code (rc) == GPG_ERR_CERT_TOO_YOUNG) { + if (!expired) + expired = rc; ksba_cert_release (cert); cert = NULL; log_info (_("looking for another certificate\n")); @@ -408,6 +411,9 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, /* We want the error code from the first match in this case. */ if (rc && wrong_usage) rc = wrong_usage; + else if (rc && expired) { + rc = expired; + } if (!rc) { @@ -442,20 +448,26 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, gnupg_get_isotime (current_time); current_time_loaded = 1; } - int tmp = (same_subject_issuer (first_subject, - first_issuer, - cert2) - && (((gpg_err_code ( - secret ? - gpgsm_cert_use_sign_p (cert2, 0) : - gpgsm_cert_use_encrypt_p (cert2))) - == GPG_ERR_WRONG_KEY_USAGE) - || gpg_err_code ( - check_validity_period_cm (current_time, - current_time, cert, - exp_time, 0, NULL, - 0, 1)) - == GPG_ERR_CERT_EXPIRED)); + int tmp; + if (same_subject_issuer (first_subject, + first_issuer, + cert2)) + { + tmp = ((gpg_err_code ( + secret ? + gpgsm_cert_use_sign_p (cert2, 0) : + gpgsm_cert_use_encrypt_p (cert2))) + == GPG_ERR_WRONG_KEY_USAGE); + if (!tmp) { + int err_validity_period = gpg_err_code(check_validity_period_cm (current_time, + current_time, cert, + exp_time, 0, NULL, + 0, 1)); + tmp = err_validity_period == GPG_ERR_CERT_EXPIRED || err_validity_period == GPG_ERR_CERT_TOO_YOUNG; + } + } + else + tmp = 0; if (tmp) gpgsm_add_cert_to_certlist (ctrl, cert2, &dup_certs, 0); else -- 2.43.0 From marco.atzeri at gmail.com Mon Feb 17 09:38:17 2025 From: marco.atzeri at gmail.com (marco atzeri) Date: Mon, 17 Feb 2025 09:38:17 +0100 Subject: GnuPG 2.5.4 build failure on Cygwin In-Reply-To: <87tt8wcvqg.fsf@jacob.g10code.de> References: <87pljndxkg.fsf@jacob.g10code.de> <7f251516-3612-4e06-8134-6daf31484799@gmail.com> <87tt8wcvqg.fsf@jacob.g10code.de> Message-ID: On Fri, Feb 14, 2025 at 5:53?PM Werner Koch wrote: > > On Thu, 13 Feb 2025 15:14, Marco Atzeri said: > > Building on Cygwin 64 bit > > > What is supposed to be SOCKET ? > > This is used by Windows; configure.ac has this test: > > # Check SOCKET type for Windows. > AC_CHECK_TYPES([SOCKET], [], [], [[#include "winsock2.h"]]) > > > Posix does not define "SOCKET" in sys/socket.h > > Cygwin is a mix of WIndows and Posix and thus you will run into such > problems. Cygwin is not supported by GnuPG because you can build it > native for Windows or use it with WSL. Cygwin Users disagree ;-) > I would suggest to run configure this way > > ./configure ac_cv_type_SOCKET=no It works as expected Thanks Marco Cygwin package maintainer for gnupg packages From wk at gnupg.org Wed Feb 19 09:26:20 2025 From: wk at gnupg.org (Werner Koch) Date: Wed, 19 Feb 2025 09:26:20 +0100 Subject: Gpgsm should skip expired certificates when there is a valid one In-Reply-To: (=?utf-8?Q?=22Ram=C3=B3n_Garc=C3=ADa?= via Gnupg-devel"'s message of "Sun, 16 Feb 2025 22:54:30 +0100") References: Message-ID: <874j0qcpcj.fsf@jacob.g10code.de> Hi! thanks for your patches. PLease give me some more time to check and integrate them. > By the way, it would be much easier to contribute with an interface > based on pull requests like Github/Bitbucket/Gitlab/... Preparing a Git is designed as a decentralized system and thus it works best with email. "git format-patch" et al. are not really complicated to use and you can stay in your editor. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 247 bytes Desc: not available URL: From fg.gnupg at shimps.de Thu Feb 20 13:32:45 2025 From: fg.gnupg at shimps.de (Frank Guthausen) Date: Thu, 20 Feb 2025 13:32:45 +0100 Subject: Account BTS dev.gnupg.org Message-ID: <20250220133245.4a059199@incubator.example.net> Hello. Can someone provide me with an account to file a bug according to the the disabled registration[1]? I'll follow the instructions[2] for usage. "fmg", "Frank Guthausen", "fg.gnupg at shimps.de" [1] https://dev.gnupg.org/maniphest/task/edit/form/3/ [2] https://gnupg.org/documentation/bts.html -- kind regards Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: OpenPGP digital signature URL: From lists at sapience.com Sun Feb 23 15:52:32 2025 From: lists at sapience.com (Genes Lists) Date: Sun, 23 Feb 2025 09:52:32 -0500 Subject: missing declaration ks_ldap_del Message-ID: Latest git head, ?src/gnupg/dirmngr/ks-action.c ?references: ks_ldap_del() defined in ks_action_engine.c.? It looks like this should probably be declared in dirmngr/ks-engine.h. ?Something like: gpg_error_t ks_ldap_del (ctrl_t ctrl, parsed_uri_t uri, strlist_t keyspec); ? ? Otherwise I get build error : ks-action.c:570:17: error: implicit declaration of function ?ks_ldap_del?; did you mean ?ks_ldap_get?? [-Wimplicit-function- declaration] 570 | err = ks_ldap_del (ctrl, uri->parsed_uri, patterns); ? -- Gene -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: This is a digitally signed message part URL: From ametzler at bebt.de Sun Feb 23 18:15:31 2025 From: ametzler at bebt.de (Andreas Metzler) Date: Sun, 23 Feb 2025 18:15:31 +0100 Subject: gpgme library/bindings split - timeline? Message-ID: Hello, could you perhaps give me a rough timeline for releasing the split gpgme as stable? I am wondering since Debian transition freeze is pending. TIA, cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From dkg at fifthhorseman.net Wed Feb 26 23:45:51 2025 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Wed, 26 Feb 2025 17:45:51 -0500 Subject: [GnuPG PATCH STABLE-BRANCH-2-4] Correct documentation for only-pubkeys Message-ID: <20250226224551.449818-1-dkg@fifthhorseman.net> * doc/gpg.texi: Fix documentation for only-pubkeys * g10/import.c: Provide help_text for only-pubkeys -- Signed-off-by: Daniel Kahn Gillmor --- doc/gpg.texi | 2 +- g10/import.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 7e80a293a..22eed595a 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2175,7 +2175,7 @@ are available for all keyserver types, some common options are: retrieving keys by subkey id. @item only-pubkeys - Do now allow to import secret keys. + Do not import secret keys. @item timeout @itemx http-proxy=@var{value} diff --git a/g10/import.c b/g10/import.c index 9adda3e8c..d653eda5c 100644 --- a/g10/import.c +++ b/g10/import.c @@ -212,7 +212,8 @@ parse_import_options(char *str,unsigned int *options,int noisy) /* New options. Right now, without description string. */ {"ignore-attributes", IMPORT_IGNORE_ATTRIBUTES, NULL, NULL}, - {"only-pubkeys", IMPORT_ONLY_PUBKEYS, NULL, NULL}, + {"only-pubkeys", IMPORT_ONLY_PUBKEYS, NULL, + N_("do not import secret keys")}, /* Hidden options which are enabled by default and are provided * in case of problems with the respective implementation. */ -- 2.47.2 From ametzler at bebt.de Thu Feb 27 18:29:02 2025 From: ametzler at bebt.de (Andreas Metzler) Date: Thu, 27 Feb 2025 18:29:02 +0100 Subject: gpgme library/bindings split - timeline? In-Reply-To: References: Message-ID: On 2025-02-23 Andreas Metzler wrote: > could you perhaps give me a rough timeline for releasing the split gpgme > as stable? I am wondering since Debian transition freeze is pending. Nevermind. Looking at the respective repos I saw that the original plan (making basically a no-change release from the newly split sources) was scrapped. cu Andreas