From cvs at cvs.gnupg.org Thu Oct 2 13:18:13 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 13:18:13 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.16-11-g3ecdcb6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 3ecdcb6ac814e3b63aebbf66729ae6cb67c9f6d2 (commit)
via 74abfcf0c3ba7cd6ce36540c70699fc1719248b3 (commit)
from d2757001c5719ca8c8bd6aa2e2e2d9a299fb76c6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ecdcb6ac814e3b63aebbf66729ae6cb67c9f6d2
Author: Werner Koch
Date: Thu Oct 2 13:14:53 2014 +0200
build: Support SYSROOT based config script finding.
* src/gpg-error.m4: Add support for SYSROOT and set
gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL
because the config script is not expected to be installed with a
prefix for its name.
diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
index 053eceb..1661204 100644
--- a/src/gpg-error.m4
+++ b/src/gpg-error.m4
@@ -9,7 +9,7 @@
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
-# Last-changed: 2014-01-24
+# Last-changed: 2014-10-02
dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION,
@@ -17,7 +17,12 @@ dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl
dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS,
dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are
-dnl used for programs requireding real multi thread support.
+dnl used for programs requireing real multi thread support.
+dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
[ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -36,13 +41,26 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
AC_ARG_WITH(gpg-error-prefix,,
[gpg_error_config_prefix="$withval"])
- if test x$gpg_error_config_prefix != x ; then
- if test x${GPG_ERROR_CONFIG+set} != xset ; then
- GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config
+ if test x"${GPG_ERROR_CONFIG}" = x ; then
+ if test x"${gpg_error_config_prefix}" != x ; then
+ GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/gpg-error-config" ; then
+ GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no)
+ AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no)
min_gpg_error_version=ifelse([$1], ,0.0,$1)
AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
ok=no
@@ -83,8 +101,9 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
commit 74abfcf0c3ba7cd6ce36540c70699fc1719248b3
Author: Werner Koch
Date: Thu Oct 2 10:50:57 2014 +0200
Add GPG_ERR_BOGUS_STRING and an experimental gpgrt_pending.
* src/visibility.c (gpgrt_pending, gpgrt_pending_unlocked): New.
* src/estream.c (_gpgrt_pending, _gpgrt_pending_unlocked): New.
(check_pending): new.
(check_pending_fbf, check_pending_nbf): New.
(es_func_mem_read, es_func_fd_read, es_func_w32_read)
(es_func_fp_read, es_fill): Take care of the special 0 value for SIZE.
diff --git a/NEWS b/NEWS
index 2e49b0c..4330408 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,9 @@ Noteworthy changes in version 1.17 (unreleased) [C12/A12/R_]
GPG_ERR_BAD_HS_FINISHED NEW.
GPG_ERR_BAD_HS_SERVER_KEX NEW.
GPG_ERR_BAD_HS_CLIENT_KEX NEW.
+ GPG_ERR_BOGUS_STRING NEW.
+ gpgrt_pending NEW.
+ gpgrt_pending_unlocked NEW.
Noteworthy changes in version 1.16 (2014-09-18) [C12/A12/R2]
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 666dca6..07b7cd4 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -219,7 +219,12 @@ GPG_ERR_INV_ARG Invalid argument
52 GPG_ERR_NOT_PROCESSED Data not processed
53 GPG_ERR_UNUSABLE_PUBKEY Unusable public key
54 GPG_ERR_UNUSABLE_SECKEY Unusable secret key
-55 GPG_ERR_INV_VALUE Invalid value
+
+GPG_ERR_INV_VALUE Invalid value
+
+ NTBTLS: - A DH parameter is out of range
+
+
56 GPG_ERR_BAD_CERT_CHAIN Bad certificate chain
GPG_ERR_MISSING_CERT Missing certificate
@@ -516,7 +521,13 @@ GPG_ERR_LIMIT_REACHED Limit reached
GnuPG: gpgtar: Extract directory can't be created because too
many of directories with a similar name are already existing.
-184 GPG_ERR_NOT_INITIALIZED Not initialized
+GPG_ERR_NOT_INITIALIZED Not initialized
+
+ An operation can't be performed because something has not been
+ initialized. This might be a missing initialization of an entire
+ subsystems or a prerequisite for using a function is not
+ fulfilled.
+
185 GPG_ERR_MISSING_ISSUER_CERT Missing issuer certificate
186 GPG_ERR_NO_KEYSERVER No keyserver available
@@ -699,6 +710,13 @@ GPG_ERR_BAD_HS_CLIENT_KEX Bad client key exchange message in handshake
NTBTLS: - As the description says.
+GPG_ERR_BOGUS_STRING Bogus string
+
+ Used if a protocol sends length prefixed strings which contain a
+ Nul byte and further processing would discard the rest of the
+ string. May also be used if a string contains unexpected and
+ possible dangerous characters (e.g. control characters in a domain
+ name).
GPG_ERR_KEY_DISABLED Key disabled
diff --git a/src/err-codes.h.in b/src/err-codes.h.in
index 9274530..704049c 100644
--- a/src/err-codes.h.in
+++ b/src/err-codes.h.in
@@ -273,8 +273,8 @@
247 GPG_ERR_BAD_HS_FINISHED Bad finished message in handshake
248 GPG_ERR_BAD_HS_SERVER_KEX Bad server key exchange message in handshake
249 GPG_ERR_BAD_HS_CLIENT_KEX Bad client key exchange message in handshake
-
-# 250 and 251 are free to be used.
+250 GPG_ERR_BOGUS_STRING Bogus string
+# 251 is free to be used.
252 GPG_ERR_KEY_DISABLED Key disabled
253 GPG_ERR_KEY_ON_CARD Not possible with a card based key
diff --git a/src/estream.c b/src/estream.c
index 46be363..2537141 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -625,6 +625,9 @@ es_func_mem_read (void *cookie, void *buffer, size_t size)
estream_cookie_mem_t mem_cookie = cookie;
gpgrt_ssize_t ret;
+ if (!size) /* Just the pending data check. */
+ return (mem_cookie->data_len - mem_cookie->offset)? 0 : -1;
+
if (size > mem_cookie->data_len - mem_cookie->offset)
size = mem_cookie->data_len - mem_cookie->offset;
@@ -898,7 +901,9 @@ es_func_fd_read (void *cookie, void *buffer, size_t size)
estream_cookie_fd_t file_cookie = cookie;
gpgrt_ssize_t bytes_read;
- if (IS_INVALID_FD (file_cookie->fd))
+ if (!size)
+ bytes_read = -1; /* We don't know whether anything is pending. */
+ else if (IS_INVALID_FD (file_cookie->fd))
{
_gpgrt_yield ();
bytes_read = 0;
@@ -1057,7 +1062,9 @@ es_func_w32_read (void *cookie, void *buffer, size_t size)
estream_cookie_w32_t w32_cookie = cookie;
gpgrt_ssize_t bytes_read;
- if (w32_cookie->hd == INVALID_HANDLE_VALUE)
+ if (!size)
+ bytes_to_read = -1; /* We don't know whether anything is pending. */
+ else if (w32_cookie->hd == INVALID_HANDLE_VALUE)
{
_gpgrt_yield ();
bytes_read = 0;
@@ -1273,6 +1280,9 @@ es_func_fp_read (void *cookie, void *buffer, size_t size)
estream_cookie_fp_t file_cookie = cookie;
gpgrt_ssize_t bytes_read;
+ if (!size)
+ return -1; /* We don't know whether anything is pending. */
+
if (file_cookie->fp)
{
if (pre_syscall_func)
@@ -1602,6 +1612,8 @@ es_fill (estream_t stream)
_set_errno (EOPNOTSUPP);
err = -1;
}
+ else if (!stream->buffer_size)
+ err = 0;
else
{
gpgrt_cookie_read_function_t func_read = stream->intern->func_read;
@@ -1937,6 +1949,18 @@ es_read_nbf (estream_t _GPGRT__RESTRICT stream,
return err;
}
+static int
+check_pending_nbf (estream_t _GPGRT__RESTRICT stream)
+{
+ gpgrt_cookie_read_function_t func_read = stream->intern->func_read;
+ char buffer[1];
+
+ if (!(*func_read) (stream->intern->cookie, buffer, 0))
+ return 1; /* Pending bytes. */
+ return 0; /* No pending bytes or error. */
+}
+
+
/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
fully-buffered-mode, storing the amount of bytes read in
*BYTES_READ. */
@@ -1987,6 +2011,26 @@ es_read_fbf (estream_t _GPGRT__RESTRICT stream,
return err;
}
+
+static int
+check_pending_fbf (estream_t _GPGRT__RESTRICT stream)
+{
+ gpgrt_cookie_read_function_t func_read = stream->intern->func_read;
+ char buffer[1];
+
+ if (stream->data_offset == stream->data_len)
+ {
+ /* Nothing more to read in current container, check whetehr it
+ would be possible to fill the container with new data. */
+ if (!(*func_read) (stream->intern->cookie, buffer, 0))
+ return 1; /* Pending bytes. */
+ }
+ else
+ return 1;
+ return 0;
+}
+
+
/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER in
line-buffered-mode, storing the amount of bytes read in
*BYTES_READ. */
@@ -2003,7 +2047,7 @@ es_read_lbf (estream_t _GPGRT__RESTRICT stream,
}
/* Try to read BYTES_TO_READ bytes FROM STREAM into BUFFER, storing
- *the amount of bytes read in BYTES_READ. */
+ the amount of bytes read in BYTES_READ. */
static int
es_readn (estream_t _GPGRT__RESTRICT stream,
void *_GPGRT__RESTRICT buffer_arg,
@@ -2062,6 +2106,39 @@ es_readn (estream_t _GPGRT__RESTRICT stream,
return err;
}
+
+/* Return true if at least one byte is pending for read. This is a
+ best effort check and it it possible that bytes are still pending
+ even if false is returned. If the stream is in writing mode it is
+ switched to read mode. */
+static int
+check_pending (estream_t _GPGRT__RESTRICT stream)
+{
+ if (stream->flags.writing)
+ {
+ /* Switching to reading mode -> flush output. */
+ if (es_flush (stream))
+ return 0; /* Better return 0 on error. */
+ stream->flags.writing = 0;
+ }
+
+ /* Check unread data first. */
+ if (stream->unread_data_len)
+ return 1;
+
+ switch (stream->intern->strategy)
+ {
+ case _IONBF:
+ return check_pending_nbf (stream);
+ case _IOLBF:
+ case _IOFBF:
+ return check_pending_fbf (stream);
+ }
+
+ return 0;
+}
+
+
/* Try to unread DATA_N bytes from DATA into STREAM, storing the
amount of bytes successfully unread in *BYTES_UNREAD. */
static void
@@ -3394,6 +3471,34 @@ _gpgrt_syshd (estream_t stream, es_syshd_t *syshd)
int
+_gpgrt_pending_unlocked (estream_t stream)
+{
+ return check_pending (stream);
+}
+
+
+/* Return true if there is at least one byte pending for read on
+ STREAM. This does only work if the backend supports checking for
+ pending bytes and is thus mostly useful with cookie based backends.
+
+ Note that if this function is used with cookie based functions, the
+ read cookie may be called with 0 for the SIZE argument. If bytes
+ are pending the function is expected to return -1 in this case and
+ thus deviates from the standard behavior of read(2). */
+int
+_gpgrt_pending (estream_t stream)
+{
+ int ret;
+
+ lock_stream (stream);
+ ret = _gpgrt_pending_unlocked (stream);
+ unlock_stream (stream);
+
+ return ret;
+}
+
+
+int
_gpgrt_feof_unlocked (estream_t stream)
{
return es_get_indicator (stream, 0, 1);
diff --git a/src/gpg-error.def.in b/src/gpg-error.def.in
index ac20a69..f17522e 100644
--- a/src/gpg-error.def.in
+++ b/src/gpg-error.def.in
@@ -137,4 +137,7 @@ EXPORTS
gpg_err_deinit @102
gpgrt_set_alloc_func @103
+ gpgrt_pending @104
+ gpgrt_pending_unlocked @105
+
;; end of file with public symbols for Windows.
diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in
index 80ce391..6ac6e0a 100644
--- a/src/gpg-error.h.in
+++ b/src/gpg-error.h.in
@@ -496,6 +496,8 @@ int gpgrt_ferror (gpgrt_stream_t stream);
int gpgrt_ferror_unlocked (gpgrt_stream_t stream);
void gpgrt_clearerr (gpgrt_stream_t stream);
void gpgrt_clearerr_unlocked (gpgrt_stream_t stream);
+int gpgrt_pending (gpgrt_stream_t stream);
+int gpgrt_pending_unlocked (gpgrt_stream_t stream);
int gpgrt_fflush (gpgrt_stream_t stream);
int gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence);
@@ -648,6 +650,8 @@ int gpgrt_vsnprintf (char *buf,size_t bufsize,
# define es_ferror_unlocked gpgrt_ferror_unlocked
# define es_clearerr gpgrt_clearerr
# define es_clearerr_unlocked gpgrt_clearerr_unlocked
+# define es_pending gpgrt_pending
+# define es_pending_unlocked gpgrt_pending_unlocked
# define es_fflush gpgrt_fflush
# define es_fseek gpgrt_fseek
# define es_fseeko gpgrt_fseeko
diff --git a/src/gpg-error.vers b/src/gpg-error.vers
index 43becea..c0e599a 100644
--- a/src/gpg-error.vers
+++ b/src/gpg-error.vers
@@ -64,6 +64,8 @@ GPG_ERROR_1.0 {
gpgrt_flockfile;
gpgrt_ftrylockfile;
gpgrt_funlockfile;
+ gpgrt_pending;
+ gpgrt_pending_unlocked;
gpgrt_feof;
gpgrt_feof_unlocked;
gpgrt_ferror;
diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h
index f97166f..8907835 100644
--- a/src/gpgrt-int.h
+++ b/src/gpgrt-int.h
@@ -102,6 +102,8 @@ int _gpgrt_ferror (gpgrt_stream_t stream);
int _gpgrt_ferror_unlocked (gpgrt_stream_t stream);
void _gpgrt_clearerr (gpgrt_stream_t stream);
void _gpgrt_clearerr_unlocked (gpgrt_stream_t stream);
+int _gpgrt_pending (gpgrt_stream_t stream);
+int _gpgrt_pending_unlocked (gpgrt_stream_t stream);
int _gpgrt_fflush (gpgrt_stream_t stream);
int _gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence);
diff --git a/src/visibility.c b/src/visibility.c
index f0d7fd1..f26f58c 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -298,6 +298,18 @@ gpgrt_funlockfile (estream_t stream)
}
int
+gpgrt_pending (estream_t stream)
+{
+ return _gpgrt_pending (stream);
+}
+
+int
+gpgrt_pending_unlocked (estream_t stream)
+{
+ return _gpgrt_pending_unlocked (stream);
+}
+
+int
gpgrt_feof (estream_t stream)
{
return _gpgrt_feof (stream);
diff --git a/src/visibility.h b/src/visibility.h
index feeb8d1..35878d7 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -87,6 +87,8 @@ MARK_VISIBLE (_gpgrt_get_std_stream)
MARK_VISIBLE (gpgrt_flockfile)
MARK_VISIBLE (gpgrt_ftrylockfile)
MARK_VISIBLE (gpgrt_funlockfile)
+MARK_VISIBLE (gpgrt_pending)
+MARK_VISIBLE (gpgrt_pending_unlocked)
MARK_VISIBLE (gpgrt_feof)
MARK_VISIBLE (gpgrt_feof_unlocked)
MARK_VISIBLE (gpgrt_ferror)
@@ -190,6 +192,8 @@ MARK_VISIBLE (gpgrt_set_alloc_func)
#define gpgrt_flockfile _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_ftrylockfile _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_funlockfile _gpgrt_USE_UNDERSCORED_FUNCTION
+#define gpgrt_pending _gpgrt_USE_UNDERSCORED_FUNCTION
+#define gpgrt_pending_unlocked _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_feof _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_feof_unlocked _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_ferror _gpgrt_USE_UNDERSCORED_FUNCTION
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
doc/errorref.txt | 22 +++++++++-
src/err-codes.h.in | 4 +-
src/estream.c | 111 ++++++++++++++++++++++++++++++++++++++++++++++++--
src/gpg-error.def.in | 3 ++
src/gpg-error.h.in | 4 ++
src/gpg-error.m4 | 33 +++++++++++----
src/gpg-error.vers | 2 +
src/gpgrt-int.h | 2 +
src/visibility.c | 12 ++++++
src/visibility.h | 4 ++
11 files changed, 186 insertions(+), 14 deletions(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 13:22:50 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 13:22:50 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-115-g1e8b864
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 1e8b86494cf8fa045696bd447b16267ffd1797f0 (commit)
from 51dae8c8c4b63bb5e1685cbd8722e35342524737 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e8b86494cf8fa045696bd447b16267ffd1797f0
Author: Werner Koch
Date: Thu Oct 2 12:51:49 2014 +0200
build: Support SYSROOT based config script finding.
* src/libgcrypt.m4: Add support for SYSROOT and set
gpg_config_script_warn. Use AC_PATH_PROG instead of AC_PATH_TOOL
because the config script is not expected to be installed with a
prefix for its name
* configure.ac: Print a library mismatch warning.
* m4/gpg-error.m4: Update from git master.
--
Also fixed the false copyright notice in libgcrypt.m4.
diff --git a/configure.ac b/configure.ac
index c5952c7..baed3ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2123,9 +2123,17 @@ GCRY_MSG_SHOW([Try using Intel AVX2: ],[$avx2support])
GCRY_MSG_SHOW([Try using ARM NEON: ],[$neonsupport])
GCRY_MSG_SHOW([],[])
-if test "$print_egd_notice" = "yes"; then
+if test "x${gpg_config_script_warn}" != x; then
cat <= $min_gpg_error_version)
ok=no
@@ -83,8 +101,9 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4
index 6cf482f..c67cfec 100644
--- a/src/libgcrypt.m4
+++ b/src/libgcrypt.m4
@@ -1,13 +1,15 @@
-dnl Autoconf macros for libgcrypt
-dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x$libgcrypt_config_prefix != x ; then
- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
fi
fi
else
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 12 ++++++++++--
doc/gcrypt.texi | 2 +-
m4/gpg-error.m4 | 33 ++++++++++++++++++++++++++-------
src/libgcrypt.m4 | 51 ++++++++++++++++++++++++++++++++++++---------------
4 files changed, 73 insertions(+), 25 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 14:47:42 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 14:47:42 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.16-12-ge8b04be
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via e8b04bed1093a9f1d87c150326e79adfeb02e2b4 (commit)
from 3ecdcb6ac814e3b63aebbf66729ae6cb67c9f6d2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e8b04bed1093a9f1d87c150326e79adfeb02e2b4
Author: Werner Koch
Date: Thu Oct 2 14:46:34 2014 +0200
w32: Make it build again.
* src/estream.c (es_func_w32_read): Fix var name.
diff --git a/src/estream.c b/src/estream.c
index 2537141..a17950e 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -1063,7 +1063,7 @@ es_func_w32_read (void *cookie, void *buffer, size_t size)
gpgrt_ssize_t bytes_read;
if (!size)
- bytes_to_read = -1; /* We don't know whether anything is pending. */
+ bytes_read = -1; /* We don't know whether anything is pending. */
else if (w32_cookie->hd == INVALID_HANDLE_VALUE)
{
_gpgrt_yield ();
-----------------------------------------------------------------------
Summary of changes:
src/estream.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 15:03:54 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 15:03:54 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-116-g0ecd136
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 0ecd136a6ca02252f63ad229fa5240897bfe6544 (commit)
from 1e8b86494cf8fa045696bd447b16267ffd1797f0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0ecd136a6ca02252f63ad229fa5240897bfe6544
Author: Werner Koch
Date: Thu Oct 2 14:49:31 2014 +0200
build: Document SYSROOT.
* configure.ac: Mark SYSROOT as arg var.
diff --git a/configure.ac b/configure.ac
index baed3ec..18db662 100644
--- a/configure.ac
+++ b/configure.ac
@@ -83,6 +83,8 @@ AC_CANONICAL_HOST
AM_MAINTAINER_MODE
AM_SILENT_RULES
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
+
AH_TOP([
#ifndef _GCRYPT_CONFIG_H_INCLUDED
#define _GCRYPT_CONFIG_H_INCLUDED
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index ecd4d7f..58671df 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -267,9 +267,9 @@ example shows how it can be used at the command line:
gcc -c foo.c `libgcrypt-config --cflags`
@end example
-Adding the output of @samp{libgcrypt-config --cflags} to the compilers
-command line will ensure that the compiler can find the Libgcrypt header
-file.
+Adding the output of @samp{libgcrypt-config --cflags} to the
+compiler?s command line will ensure that the compiler can find the
+Libgcrypt header file.
A similar problem occurs when linking the program with the library.
Again, the compiler has to find the library files. For this to work,
@@ -314,7 +314,20 @@ found, execute @var{action-if-found}, otherwise do
Additionally, the function defines @code{LIBGCRYPT_CFLAGS} to the
flags needed for compilation of the program to find the
@file{gcrypt.h} header file, and @code{LIBGCRYPT_LIBS} to the linker
-flags needed to link the program to the Libgcrypt library.
+flags needed to link the program to the Libgcrypt library. If the
+used helper script does not match the target type you are building for
+a warning is printed and the string @code{libgcrypt} is appended to the
+variable @code{gpg_config_script_warn}.
+
+This macro searches for @command{libgcrypt-config} along the PATH. If
+you are cross-compiling, it is useful to set the environment variable
+ at code{SYSROOT} to the top directory of your target. The macro will
+then first look for the helper program in the @file{bin} directory
+below that top directory. An absolute directory name must be used for
+ at code{SYSROOT}. Finally, if the configure command line option
+ at code{--libgcrypt-prefix} is used, only its value is used for the top
+directory below which the helper script is expected.
+
@end defmac
You can use the defined Autoconf variables like this in your
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 ++
doc/gcrypt.texi | 21 +++++++++++++++++----
2 files changed, 19 insertions(+), 4 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 15:59:38 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 15:59:38 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.5.1-11-g4027a0a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 4027a0a89724df3aeef8a964c529548d724b6a5a (commit)
via b3309f997c541d7150827a659bffc38bc9f685fe (commit)
from 7273ab387a7b4c44cae8d94711c4991e7754bc95 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4027a0a89724df3aeef8a964c529548d724b6a5a
Author: Werner Koch
Date: Thu Oct 2 15:48:53 2014 +0200
build: Implement SYSROOT feature.
* configure.ac: Document SYSROOT.
* m4/gpg-error.m4: Update from libgpg-error master.
* src/gpgme.m4: Implement SYSROOT stuff.
diff --git a/configure.ac b/configure.ac
index efc60c7..5cf46f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -83,6 +83,7 @@ AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_CANONICAL_HOST
AM_SILENT_RULES
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Enable GNU extensions on systems that have them.
AC_GNU_SOURCE
@@ -636,3 +637,12 @@ echo "
FD Passing: $use_descriptor_passing
GPGME Pthread: $have_pthread
"
+if test "x${gpg_config_script_warn}" != x; then
+cat <= $min_gpg_error_version)
ok=no
@@ -64,6 +88,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
if test $ok = yes; then
GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null`
+ GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null`
AC_MSG_RESULT([yes ($gpg_error_config_version)])
ifelse([$2], , :, [$2])
gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none`
@@ -75,16 +101,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
GPG_ERROR_CFLAGS=""
GPG_ERROR_LIBS=""
+ GPG_ERROR_MT_CFLAGS=""
+ GPG_ERROR_MT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
AC_SUBST(GPG_ERROR_LIBS)
+ AC_SUBST(GPG_ERROR_MT_CFLAGS)
+ AC_SUBST(GPG_ERROR_MT_LIBS)
])
diff --git a/src/gpgme.m4 b/src/gpgme.m4
index fe17f21..6c2be44 100644
--- a/src/gpgme.m4
+++ b/src/gpgme.m4
@@ -1,5 +1,5 @@
# gpgme.m4 - autoconf macro to detect GPGME.
-# Copyright (C) 2002, 2003, 2004 g10 Code GmbH
+# Copyright (C) 2002, 2003, 2004, 2014 g10 Code GmbH
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
@@ -8,6 +8,8 @@
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
AC_DEFUN([_AM_PATH_GPGME_CONFIG],
@@ -15,9 +17,25 @@ AC_DEFUN([_AM_PATH_GPGME_CONFIG],
AC_HELP_STRING([--with-gpgme-prefix=PFX],
[prefix where GPGME is installed (optional)]),
gpgme_config_prefix="$withval", gpgme_config_prefix="")
- if test "x$gpgme_config_prefix" != x ; then
- GPGME_CONFIG="$gpgme_config_prefix/bin/gpgme-config"
+ if test x"${GPGME_CONFIG}" = x ; then
+ if test x"${gpgme_config_prefix}" != x ; then
+ GPGME_CONFIG="${gpgme_config_prefix}/bin/gpgme-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/gpgme-config" ; then
+ GPGME_CONFIG="${SYSROOT}/bin/gpgme-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
+ fi
fi
+
AC_PATH_PROG(GPGME_CONFIG, gpgme-config, no)
if test "$GPGME_CONFIG" != "no" ; then
@@ -31,10 +49,35 @@ AC_DEFUN([_AM_PATH_GPGME_CONFIG],
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
])
+
+AC_DEFUN([_AM_PATH_GPGME_CONFIG_HOST_CHECK],
+[
+ gpgme_config_host=`$GPGME_CONFIG --host 2>/dev/null || echo none`
+ if test x"$gpgme_config_host" != xnone ; then
+ if test x"$gpgme_config_host" != x"$host" ; then
+ AC_MSG_WARN([[
+***
+*** The config script $GPGME_CONFIG was
+*** built for $gpgme_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-gpgme-prefix
+*** to specify a matching config script or use \$SYSROOT.
+***]])
+ gpg_config_script_warn="$gpg_config_script_warn gpgme"
+ fi
+ fi
+])
+
+
dnl AM_PATH_GPGME([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl Test for libgpgme and define GPGME_CFLAGS and GPGME_LIBS.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_GPGME],
[ AC_REQUIRE([_AM_PATH_GPGME_CONFIG])dnl
tmp=ifelse([$1], ,1:0.4.2,$1)
@@ -57,7 +100,7 @@ AC_DEFUN([AM_PATH_GPGME],
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
if test "$gpgme_version_major" -gt "$req_major"; then
ok=yes
- else
+ else
if test "$gpgme_version_major" -eq "$req_major"; then
if test "$gpgme_version_minor" -gt "$req_minor"; then
ok=yes
@@ -88,6 +131,7 @@ AC_DEFUN([AM_PATH_GPGME],
GPGME_LIBS=`$GPGME_CONFIG --libs`
AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
GPGME_CFLAGS=""
GPGME_LIBS=""
@@ -126,7 +170,7 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
if test "$gpgme_version_major" -gt "$req_major"; then
ok=yes
- else
+ else
if test "$gpgme_version_major" -eq "$req_major"; then
if test "$gpgme_version_minor" -gt "$req_minor"; then
ok=yes
@@ -158,6 +202,7 @@ AC_DEFUN([AM_PATH_GPGME_PTHREAD],
GPGME_PTHREAD_LIBS=`$GPGME_CONFIG --thread=pthread --libs`
AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
GPGME_PTHREAD_CFLAGS=""
GPGME_PTHREAD_LIBS=""
@@ -195,7 +240,7 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
if test "$gpgme_version_major" -gt "$req_major"; then
ok=yes
- else
+ else
if test "$gpgme_version_major" -eq "$req_major"; then
if test "$gpgme_version_minor" -gt "$req_minor"; then
ok=yes
@@ -226,6 +271,7 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
GPGME_GLIB_LIBS=`$GPGME_CONFIG --glib --libs`
AC_MSG_RESULT(yes)
ifelse([$2], , :, [$2])
+ _AM_PATH_GPGME_CONFIG_HOST_CHECK
else
GPGME_GLIB_CFLAGS=""
GPGME_GLIB_LIBS=""
@@ -235,4 +281,3 @@ AC_DEFUN([AM_PATH_GPGME_GLIB],
AC_SUBST(GPGME_GLIB_CFLAGS)
AC_SUBST(GPGME_GLIB_LIBS)
])
-
commit b3309f997c541d7150827a659bffc38bc9f685fe
Author: Daniel Kahn Gillmor
Date: Mon Sep 29 17:48:39 2014 -0400
Use --no-sk-comments, not --no-sk-comment.
--
The --no-sk-comments flag is (or should be) a no-op in modern versions
of gnupg, but gpgme should still use its full form rather than the
(slightly) abbreviated --no-sk-comment
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 8e18253..30c3bfb 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -779,7 +779,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
argc++;
if (!gpg->cmd.used)
argc++; /* --batch */
- argc += 1; /* --no-sk-comment */
+ argc += 1; /* --no-sk-comments */
argv = calloc (argc + 1, sizeof *argv);
if (!argv)
@@ -864,7 +864,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname)
}
argc++;
}
- argv[argc] = strdup ("--no-sk-comment");
+ argv[argc] = strdup ("--no-sk-comments");
if (!argv[argc])
{
int saved_err = gpg_error_from_syserror ();
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 10 +++++++++
doc/gpgme.texi | 19 +++++++++++++++---
m4/gpg-error.m4 | 45 ++++++++++++++++++++++++++++++++++-------
src/engine-gpg.c | 4 ++--
src/gpgme.m4 | 59 +++++++++++++++++++++++++++++++++++++++++++++++-------
5 files changed, 118 insertions(+), 19 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 16:24:16 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 16:24:16 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-11-g39c5d99
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 39c5d991a8fe9187bfbe71d0ff06630fea36fae0 (commit)
via dcb5fa8747e8fc9f35285f168ee3ae8e6d422293 (commit)
via 3e14da863a668fb0ec1a075722bd0f7b47ae4c1b (commit)
from 36179da032fa43d82042b3d31ed175d17b8e9bc4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 39c5d991a8fe9187bfbe71d0ff06630fea36fae0
Author: Werner Koch
Date: Thu Oct 2 16:17:45 2014 +0200
build: Update m4 scripts
* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable. Add extra error
message for library configuration mismatches.
diff --git a/configure.ac b/configure.ac
index 5da6ea5..7137e3f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -460,6 +460,7 @@ AH_BOTTOM([
AM_MAINTAINER_MODE
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Checks for programs.
AC_MSG_NOTICE([checking for programs])
@@ -1613,3 +1614,12 @@ echo "
gpg-check-pattern will not be build.
"
fi
+if test "x${gpg_config_script_warn}" != x; then
+cat <= $min_gpg_error_version)
ok=no
@@ -64,6 +88,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
if test $ok = yes; then
GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null`
+ GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null`
AC_MSG_RESULT([yes ($gpg_error_config_version)])
ifelse([$2], , :, [$2])
gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none`
@@ -75,16 +101,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
GPG_ERROR_CFLAGS=""
GPG_ERROR_LIBS=""
+ GPG_ERROR_MT_CFLAGS=""
+ GPG_ERROR_MT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
AC_SUBST(GPG_ERROR_LIBS)
+ AC_SUBST(GPG_ERROR_MT_CFLAGS)
+ AC_SUBST(GPG_ERROR_MT_LIBS)
])
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
index 6cf482f..c67cfec 100644
--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
@@ -1,13 +1,15 @@
-dnl Autoconf macros for libgcrypt
-dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x$libgcrypt_config_prefix != x ; then
- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
fi
fi
else
commit dcb5fa8747e8fc9f35285f168ee3ae8e6d422293
Author: Daniel Kahn Gillmor
Date: Mon Sep 29 17:49:53 2014 -0400
gpg: --compress-sigs and --compress-keys are not no-ops in 2.0
* g10/gpg.c: Cleanup argument parsing.
--
c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab mistakenly marked
compress-sigs and compress-keys as no-ops on the 2.0.x branch.
These options still have an effect on the 2.0.x branch, and the
duplicate declaration also causes the gpg argument parser to fail when
shortened versions of the option are present, like:
gpg: option "--compress-k" is ambiguous
diff --git a/g10/gpg.c b/g10/gpg.c
index eefd4ae..a995796 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -770,8 +770,6 @@ static ARGPARSE_OPTS opts[] = {
/* Dummy options. */
ARGPARSE_s_n (oNoop, "sk-comments", "@"),
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
- ARGPARSE_s_n (oNoop, "compress-keys", "@"),
- ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
ARGPARSE_end ()
};
commit 3e14da863a668fb0ec1a075722bd0f7b47ae4c1b
Author: Daniel Kahn Gillmor
Date: Mon Sep 29 17:49:52 2014 -0400
gpg: Avoid duplicate declaration of {no-,}sk-comments noops.
* g10/gpg.c: Cleanup argument parsing.
--
With c76117f8b0165fe5cec5e7f234f55f5a4cd7f0ab, the GnuPG 2.0.x branch
accidentally introduced a second (identical) argument parser for both
--sk-comments, and for --no-sk-comments.
This caused short versions (e.g. omitting the trailing "s", as gpgme
does) of either command to fail with:
gpg: option "--sk-comment" is ambiguous
diff --git a/g10/gpg.c b/g10/gpg.c
index 12d4295..eefd4ae 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -538,9 +538,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"),
ARGPARSE_s_s (oAttributeFile, "attribute-file", "@"),
- ARGPARSE_s_n (oNoop, "sk-comments", "@"),
- ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
-
ARGPARSE_s_i (oCompletesNeeded, "completes-needed", "@"),
ARGPARSE_s_i (oMarginalsNeeded, "marginals-needed", "@"),
ARGPARSE_s_i (oMaxCertDepth, "max-cert-depth", "@" ),
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 10 ++++++++++
g10/gpg.c | 5 -----
m4/gpg-error.m4 | 45 ++++++++++++++++++++++++++++++++++++++-------
m4/libgcrypt.m4 | 51 ++++++++++++++++++++++++++++++++++++---------------
4 files changed, 84 insertions(+), 27 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 17:34:34 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 17:34:34 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-20-gf2361e6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f2361e6d582d4343d71d294ed1da654afe7750ee (commit)
via 6bc0cd6202033be113999dbf27be4014bdf2c784 (commit)
from edd191e5b006dc6ace1d41672e7201cbe58c41c9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f2361e6d582d4343d71d294ed1da654afe7750ee
Author: Werner Koch
Date: Thu Oct 2 17:33:57 2014 +0200
First changes for future use of NTBTLS.
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
diff --git a/common/Makefile.am b/common/Makefile.am
index 03bc5eb..87d6820 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -226,8 +226,9 @@ t_zb32_LDADD = $(t_common_ldadd)
# http tests
t_http_SOURCES = t-http.c
-t_http_CFLAGS = $(t_common_cflags) $(LIBGNUTLS_CFLAGS)
-t_http_LDADD = libcommontls.a $(t_common_ldadd) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
+t_http_LDADD = libcommontls.a $(t_common_ldadd) \
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
# All programs should depend on the created libs.
$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
diff --git a/common/http.c b/common/http.c
index 7e3bb57..413efd8 100644
--- a/common/http.c
+++ b/common/http.c
@@ -39,7 +39,7 @@
- fixme: list other requirements.
- - With HTTP_USE_GNUTLS or HTTP_USE_POLARSSL support for https is
+ - With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
provided (this also requires estream).
- With HTTP_NO_WSASTARTUP the socket initialization is not done
@@ -82,17 +82,16 @@
# include
#endif
-#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_POLARSSL)
-# error Both, HTTP_USE_GNUTLS and HTTP_USE_POLARSSL, are defined.
+#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
+# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
#endif
-#ifdef HTTP_USE_GNUTLS
+#ifdef HTTP_USE_NTBTLS
+# include
+#elif HTTP_USE_GNUTLS
# include
# include
#endif /*HTTP_USE_GNUTLS*/
-#ifdef HTTP_USE_POLARSSL
-# error Support for PolarSSL has not yet been added
-#endif
#include "util.h"
@@ -156,8 +155,15 @@ typedef unsigned long longcounter_t;
# define counter_strtoul(a) strtoul ((a), NULL, 10)
#endif
-#ifndef HTTP_USE_GNUTLS
-typedef void * gnutls_session_t;
+#if HTTP_USE_NTBTLS
+typedef ntbtls_t tls_session_t;
+# define USE_TLS 1
+#elif HTTP_USE_GNUTLS
+typedef gnutls_session_t tls_session_t;
+# define USE_TLS 1
+#else
+typedef void *tls_session_t;
+# undef USE_TLS
#endif
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
@@ -226,14 +232,16 @@ struct http_session_s
int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
- gnutls_session_t tls_session;
+#endif /*HTTP_USE_GNUTLS*/
+#ifdef USE_TLS
+ tls_session_t tls_session;
struct {
int done; /* Verifciation has been done. */
- int rc; /* GnuTLS verification return code. */
+ int rc; /* TLS verification return code. */
unsigned int status; /* Verification status. */
} verify;
char *servername; /* Malloced server name. */
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
@@ -522,7 +530,8 @@ session_unref (int lnr, http_session_t sess)
if (sess->refcount)
return;
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
+# ifdef HTTP_USE_GNUTLS
if (sess->tls_session)
{
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
@@ -531,8 +540,9 @@ session_unref (int lnr, http_session_t sess)
}
if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred);
+# endif /*HTTP_USE_GNUTLS*/
xfree (sess->servername);
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
xfree (sess);
}
@@ -560,7 +570,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
return gpg_error_from_syserror ();
sess->refcount = 1;
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ {
+ (void)tls_priority;
+
+ err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
+ if (err)
+ {
+ log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ }
+#elif HTTP_USE_GNUTLS
{
const char *errpos;
int rc;
@@ -616,17 +637,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
goto leave;
}
}
-
#else /*!HTTP_USE_GNUTLS*/
- (void)tls_priority;
+ {
+ (void)tls_priority;
+ }
#endif /*!HTTP_USE_GNUTLS*/
/* log_debug ("http.c:session_new: sess %p created\n", sess); */
err = 0;
-#ifdef HTTP_USE_GNUTLS
+#if USE_TLS
leave:
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
if (err)
http_session_unref (sess);
else
@@ -1067,7 +1089,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->port = 11371;
uri->is_http = 1;
}
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp"))))
@@ -1076,7 +1098,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->is_http = 1;
uri->use_tls = 1;
}
-#endif
+#endif /*USE_TLS*/
else if (!no_scheme_check)
return GPG_ERR_INV_URI; /* Unsupported scheme */
@@ -1393,22 +1415,24 @@ send_request (http_t hd, const char *httphost, const char *auth,
log_error ("TLS requested but no session object provided\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
if (hd->uri->use_tls && !hd->session->tls_session)
{
log_error ("TLS requested but no GNUTLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
/* Try to use SNI. */
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
if (hd->uri->use_tls)
{
+# if HTTP_USE_GNUTLS
int rc;
+# endif
xfree (hd->session->servername);
hd->session->servername = xtrystrdup (httphost? httphost : server);
@@ -1418,13 +1442,22 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err;
}
+# if HTTP_USE_NTBTLS
+ err = ntbtls_set_hostname (hd->session->tls_session, server);
+ if (err)
+ {
+ log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
server, strlen (server));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
+# endif /*HTTP_USE_GNUTLS*/
}
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY)
@@ -1490,7 +1523,37 @@ send_request (http_t hd, const char *httphost, const char *auth,
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ if (hd->uri->use_tls)
+ {
+ my_socket_ref (hd->sock);
+
+ while ((err = ntbtls_handshake (hd->session->tls_session)))
+ {
+ switch (err)
+ {
+ default:
+ log_info ("TLS handshake failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+
+ hd->session->verify.done = 0;
+ if (tls_callback)
+ err = tls_callback (hd, hd->session, 0);
+ else
+ err = http_verify_server_credentials (hd->session);
+ if (err)
+ {
+ log_info ("TLS connection authentication failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
{
int rc;
@@ -2423,7 +2486,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
static void
send_gnutls_bye (void *opaque)
{
- gnutls_session_t tls_session = opaque;
+ tls_session_t tls_session = opaque;
int ret;
again:
@@ -2473,7 +2536,10 @@ cookie_close (void *cookie)
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ (void)sess;
+ return 0; /* FIXME!! */
+#elif HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;
diff --git a/common/t-http.c b/common/t-http.c
index 9872f9a..e031ef9 100644
--- a/common/t-http.c
+++ b/common/t-http.c
@@ -42,7 +42,9 @@
#include "http.h"
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+# include
+#elif HTTP_USE_GNUTLS
# include /* For init, logging, and deinit. */
#endif /*HTTP_USE_GNUTLS*/
@@ -97,6 +99,7 @@ static int no_verify;
+#if HTTP_USE_GNUTLS
static gpg_error_t
verify_callback (http_t hd, http_session_t session, int reserved)
{
@@ -104,14 +107,15 @@ verify_callback (http_t hd, http_session_t session, int reserved)
(void)reserved;
return no_verify? 0 : http_verify_server_credentials (session);
}
+#endif
-
+#if HTTP_USE_GNUTLS
static void
my_gnutls_log (int level, const char *text)
{
fprintf (stderr, "gnutls:L%d: %s", level, text);
}
-
+#endif
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
@@ -233,7 +237,14 @@ main (int argc, char **argv)
if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem");
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+
+ (void)err;
+
+ ntbtls_set_debug (tls_dbg, NULL, NULL);
+
+#elif HTTP_USE_GNUTLS
+
rc = gnutls_global_init ();
if (rc)
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
diff --git a/configure.ac b/configure.ac
index daca838..46a0aad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,9 +61,13 @@ NEED_LIBASSUAN_VERSION=2.1.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.2.0
+NEED_NTBTLS_API=1
+NEED_NTBTLS_VERSION=0.1.0
+
NEED_NPTH_API=1
NEED_NPTH_VERSION=0.91
+
NEED_GNUTLS_VERSION=3.0
@@ -88,6 +92,7 @@ have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
+have_ntbtls=no
have_npth=no
have_libusb=no
have_adns=no
@@ -101,6 +106,7 @@ card_support=yes
use_ccid_driver=yes
use_standard_socket=yes
dirmngr_auto_start=yes
+use_tls_library=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
@@ -126,6 +132,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba])
+AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
+ [Required version of NTBTLS])
@@ -841,27 +849,37 @@ else
***]])
fi
+
#
-# Check whether GNUTLS is available
+# NTBTLS is our TLS library. If it is not available fallback to
+# GNUTLS.
#
-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
- [have_gnutls=yes],
- [have_gnutls=no])
-if test "$have_gnutls" = "yes"; then
- AC_SUBST([LIBGNUTLS_CFLAGS])
- AC_SUBST([LIBGNUTLS_LIBS])
- AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
+ [have_ntbtls=yes],[have_ntbtls=no])
+
+if test "$have_ntbtls" = yes ; then
+ use_tls_library=ntbtls
+ AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
else
- tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
- AC_MSG_WARN([[
+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
+ [have_gnutls=yes],
+ [have_gnutls=no])
+ if test "$have_gnutls" = "yes"; then
+ AC_SUBST([LIBGNUTLS_CFLAGS])
+ AC_SUBST([LIBGNUTLS_LIBS])
+ use_tls_library=gnutls
+ AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+ else
+ tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+ AC_MSG_WARN([[
***
-*** Building without GNUTLS - no TLS access to keyservers.
+*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
***
*** $tmp]])
+ fi
fi
-
AC_MSG_NOTICE([checking for networking options])
#
@@ -1788,7 +1806,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
DNS SRV support: $use_dns_srv
- TLS support: $have_gnutls
+ TLS support: $use_tls_library
"
if test x"$use_regex" != xyes ; then
echo "
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 7e2449f..d0226a3 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -63,7 +63,7 @@ endif
dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
- $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER
dirmngr_LDADD += $(LDAPLIBS)
endif
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 48fa80b..8110df2 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -40,7 +40,12 @@
# include
#endif
#include
-#ifdef HTTP_USE_GNUTLS
+
+#include "dirmngr-err.h"
+
+#if HTTP_USE_NTBTLS
+# include
+#elif HTTP_USE_GNUTLS
# include
#endif /*HTTP_USE_GNUTLS*/
@@ -210,6 +215,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_p_u (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
+ ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
@@ -244,7 +250,7 @@ static char *current_logfile;
/* Helper to implement --debug-level. */
static const char *debug_level;
-/* Helper to set the GNUTLS log level. */
+/* Helper to set the NTBTLS or GNUTLS log level. */
static int opt_gnutls_debug = -1;
/* Flag indicating that a shutdown has been requested. */
@@ -410,7 +416,12 @@ set_debug (void)
if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ if (opt_gnutls_debug >= 0)
+ {
+ ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
+ }
+#elif HTTP_USE_GNUTLS
if (opt_gnutls_debug >= 0)
{
gnutls_global_set_log_function (my_gnutls_log);
@@ -669,8 +680,12 @@ main (int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
- /* Init GNUTLS. */
-#ifdef HTTP_USE_GNUTLS
+ /* Init TLS library. */
+#if HTTP_USE_NTBTLS
+ if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
+ log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
+ NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
+#elif HTTP_USE_GNUTLS
rc = gnutls_global_init ();
if (rc)
log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
diff --git a/m4/Makefile.am b/m4/Makefile.am
index 05a2be3..f1b8df9 100644
--- a/m4/Makefile.am
+++ b/m4/Makefile.am
@@ -4,7 +4,7 @@ EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gnupg-pth.m4
-EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
+EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4
EXTRA_DIST += autobuild.m4
diff --git a/m4/ntbtls.m4 b/m4/ntbtls.m4
new file mode 100644
index 0000000..85c8ee9
--- /dev/null
+++ b/m4/ntbtls.m4
@@ -0,0 +1,137 @@
+dnl Autoconf macros for NTBTLS
+dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl AM_PATH_NTBTLS([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl
+dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS.
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+AC_DEFUN([AM_PATH_NTBTLS],
+[ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_ARG_WITH(ntbtls-prefix,
+ AC_HELP_STRING([--with-ntbtls-prefix=PFX],
+ [prefix where NTBTLS is installed (optional)]),
+ ntbtls_config_prefix="$withval", ntbtls_config_prefix="")
+ if test x"${NTBTLS_CONFIG}" = x ; then
+ if test x"${ntbtls_config_prefix}" != x ; then
+ NTBTLS_CONFIG="${ntbtls_config_prefix}/bin/ntbtls-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/ntbtls-config" ; then
+ NTBTLS_CONFIG="${SYSROOT}/bin/ntbtls-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
+ fi
+ fi
+
+ AC_PATH_PROG(NTBTLS_CONFIG, ntbtls-config, no)
+ tmp=ifelse([$1], ,1:1.0.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_ntbtls_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_ntbtls_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_ntbtls_api=0
+ min_ntbtls_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for NTBTLS - version >= $min_ntbtls_version)
+ ok=no
+ if test "$NTBTLS_CONFIG" != "no" ; then
+ req_major=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ ntbtls_config_version=`$NTBTLS_CONFIG --version`
+ major=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($ntbtls_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # If we have a recent ntbtls, we should also check that the
+ # API is compatible
+ if test "$req_ntbtls_api" -gt 0 ; then
+ tmp=`$NTBTLS_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([NTBTLS API version])
+ if test "$req_ntbtls_api" -eq "$tmp" ; then
+ AC_MSG_RESULT([okay])
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_ntbtls_api got=$tmp])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ NTBTLS_CFLAGS=`$NTBTLS_CONFIG --cflags`
+ NTBTLS_LIBS=`$NTBTLS_CONFIG --libs`
+ ifelse([$2], , :, [$2])
+ ntbtls_config_host=`$NTBTLS_CONFIG --host 2>/dev/null || echo none`
+ if test x"$ntbtls_config_host" != xnone ; then
+ if test x"$ntbtls_config_host" != x"$host" ; then
+ AC_MSG_WARN([[
+***
+*** The config script $NTBTLS_CONFIG was
+*** built for $ntbtls_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-ntbtls-prefix
+*** to specify a matching config script or use \$SYSROOT.
+***]])
+ gpg_config_script_warn="$gpg_config_script_warn ntbtls"
+ fi
+ fi
+ else
+ NTBTLS_CFLAGS=""
+ NTBTLS_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(NTBTLS_CFLAGS)
+ AC_SUBST(NTBTLS_LIBS)
+])
commit 6bc0cd6202033be113999dbf27be4014bdf2c784
Author: Werner Koch
Date: Thu Oct 2 16:17:45 2014 +0200
build: Update m4 scripts
* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable. Add extra error
message for library configuration mismatches.
diff --git a/configure.ac b/configure.ac
index c627c27..daca838 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,6 +528,7 @@ AH_BOTTOM([
AM_MAINTAINER_MODE
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Checks for programs.
AC_MSG_NOTICE([checking for programs])
@@ -1796,3 +1797,12 @@ echo "
gpg-check-pattern will not be build.
"
fi
+if test "x${gpg_config_script_warn}" != x; then
+cat <= $min_gpg_error_version)
ok=no
@@ -62,6 +86,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
if test $ok = yes; then
GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null`
+ GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null`
AC_MSG_RESULT([yes ($gpg_error_config_version)])
ifelse([$2], , :, [$2])
gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none`
@@ -73,16 +99,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
GPG_ERROR_CFLAGS=""
GPG_ERROR_LIBS=""
+ GPG_ERROR_MT_CFLAGS=""
+ GPG_ERROR_MT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
AC_SUBST(GPG_ERROR_LIBS)
+ AC_SUBST(GPG_ERROR_MT_CFLAGS)
+ AC_SUBST(GPG_ERROR_MT_LIBS)
])
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
index 6cf482f..c67cfec 100644
--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
@@ -1,13 +1,15 @@
-dnl Autoconf macros for libgcrypt
-dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x$libgcrypt_config_prefix != x ; then
- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
fi
fi
else
-----------------------------------------------------------------------
Summary of changes:
common/Makefile.am | 5 +-
common/http.c | 122 ++++++++++++++++++++++++++++++++++-----------
common/t-http.c | 19 +++++--
configure.ac | 54 +++++++++++++++-----
dirmngr/Makefile.am | 2 +-
dirmngr/dirmngr.c | 25 ++++++++--
m4/Makefile.am | 2 +-
m4/gpg-error.m4 | 45 ++++++++++++++---
m4/libgcrypt.m4 | 51 +++++++++++++------
m4/ntbtls.m4 | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++
10 files changed, 386 insertions(+), 76 deletions(-)
create mode 100644 m4/ntbtls.m4
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 2 19:18:12 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 02 Oct 2014 19:18:12 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-21-g688a903
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 688a903b4b3ad348c0d09e9d3fab8a12f4f94311 (commit)
from f2361e6d582d4343d71d294ed1da654afe7750ee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 688a903b4b3ad348c0d09e9d3fab8a12f4f94311
Author: Werner Koch
Date: Thu Oct 2 19:17:34 2014 +0200
gpg: Fix regression removing SHA256.
* g10/misc.c (map_md_openpgp_to_gcry): Always use SHA256.
--
Regression due to commit d33246700578cddd1cb8ed8164cfbba50aba4ef3
GnuPG-bug-id: 1733.
diff --git a/configure.ac b/configure.ac
index 46a0aad..be10791 100644
--- a/configure.ac
+++ b/configure.ac
@@ -259,7 +259,7 @@ GNUPG_GPG_DISABLE_ALGO([camellia192],[CAMELLIA192 cipher])
GNUPG_GPG_DISABLE_ALGO([camellia256],[CAMELLIA256 cipher])
GNUPG_GPG_DISABLE_ALGO([md5],[MD5 hash])
-# SHA1 is a MUSt algorithm
+# SHA1 is a MUST algorithm
GNUPG_GPG_DISABLE_ALGO([rmd160],[RIPE-MD160 hash])
GNUPG_GPG_DISABLE_ALGO([sha224],[SHA-224 hash])
# SHA256 is a MUST algorithm for GnuPG.
diff --git a/g10/misc.c b/g10/misc.c
index 76faa49..320e8af 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -686,11 +686,7 @@ map_md_openpgp_to_gcry (digest_algo_t algo)
case DIGEST_ALGO_SHA224: return 0;
#endif
-#ifdef GPG_USE_SHA256
case DIGEST_ALGO_SHA256: return GCRY_MD_SHA256;
-#else
- case DIGEST_ALGO_SHA256: return 0;
-#endif
#ifdef GPG_USE_SHA384
case DIGEST_ALGO_SHA384: return GCRY_MD_SHA384;
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 2 +-
g10/misc.c | 4 ----
2 files changed, 1 insertion(+), 5 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 08:25:14 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 08:25:14 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.16-13-g12b5188
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 12b5188bd495e45775c34c8e6263e6be177c03da (commit)
from e8b04bed1093a9f1d87c150326e79adfeb02e2b4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 12b5188bd495e45775c34c8e6263e6be177c03da
Author: Werner Koch
Date: Fri Oct 3 08:22:53 2014 +0200
Change gpgrt_pending{,_unlocked} to macros.
* src/gpg-error.h.in (gpgrt_pending): Change to a macro.
(gpgrt_pending_unlocked): Change to a macro.
(_gpgrt_pending, _gpgrt_pending_unlocked): New private functions.
* src/visibility.c, src/visibility.h: Change accordingly.
* src/gpg-error.vers, src/gpg-error.def.in: Ditto.
* src/estream.c (_gpgrt_pending_unlocked): Rename to
_gpgrt__pending_unlocked.
(_gpgrt_pending): Rename to _gpgrt__pending.
--
The function are supposed to be used with gprt_getc and thus we need
to avoid the function call overhead. We may want to change them to
inline functions, though.
gpgrt_pending is changed to a macro with the idea that we eventually
can export the samestream flags and thus avoid the function call
overhead in the samethread case too.
diff --git a/src/estream.c b/src/estream.c
index a17950e..42609ee 100644
--- a/src/estream.c
+++ b/src/estream.c
@@ -3471,7 +3471,7 @@ _gpgrt_syshd (estream_t stream, es_syshd_t *syshd)
int
-_gpgrt_pending_unlocked (estream_t stream)
+_gpgrt__pending_unlocked (estream_t stream)
{
return check_pending (stream);
}
@@ -3486,12 +3486,12 @@ _gpgrt_pending_unlocked (estream_t stream)
are pending the function is expected to return -1 in this case and
thus deviates from the standard behavior of read(2). */
int
-_gpgrt_pending (estream_t stream)
+_gpgrt__pending (estream_t stream)
{
int ret;
lock_stream (stream);
- ret = _gpgrt_pending_unlocked (stream);
+ ret = _gpgrt__pending_unlocked (stream);
unlock_stream (stream);
return ret;
diff --git a/src/gpg-error.def.in b/src/gpg-error.def.in
index f17522e..cba973d 100644
--- a/src/gpg-error.def.in
+++ b/src/gpg-error.def.in
@@ -137,7 +137,7 @@ EXPORTS
gpg_err_deinit @102
gpgrt_set_alloc_func @103
- gpgrt_pending @104
- gpgrt_pending_unlocked @105
+ _gpgrt_pending @104
+ _gpgrt_pending_unlocked @105
;; end of file with public symbols for Windows.
diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in
index 6ac6e0a..7099b43 100644
--- a/src/gpg-error.h.in
+++ b/src/gpg-error.h.in
@@ -496,8 +496,17 @@ int gpgrt_ferror (gpgrt_stream_t stream);
int gpgrt_ferror_unlocked (gpgrt_stream_t stream);
void gpgrt_clearerr (gpgrt_stream_t stream);
void gpgrt_clearerr_unlocked (gpgrt_stream_t stream);
-int gpgrt_pending (gpgrt_stream_t stream);
-int gpgrt_pending_unlocked (gpgrt_stream_t stream);
+
+int _gpgrt_pending (gpgrt_stream_t stream); /* (private) */
+int _gpgrt_pending_unlocked (gpgrt_stream_t stream); /* (private) */
+
+#define gpgrt_pending(stream) _gpgrt_pending (stream)
+
+#define gpgrt_pending_unlocked(stream) \
+ (((!(stream)->flags.writing) \
+ && (((stream)->data_offset < (stream)->data_len) \
+ || ((stream)->unread_data_len))) \
+ ? 1 : _gpgrt_pending_unlocked ((stream)))
int gpgrt_fflush (gpgrt_stream_t stream);
int gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence);
@@ -509,8 +518,8 @@ void gpgrt_rewind (gpgrt_stream_t stream);
int gpgrt_fgetc (gpgrt_stream_t stream);
int gpgrt_fputc (int c, gpgrt_stream_t stream);
-int _gpgrt_getc_underflow (gpgrt_stream_t stream);
-int _gpgrt_putc_overflow (int c, gpgrt_stream_t stream);
+int _gpgrt_getc_underflow (gpgrt_stream_t stream); /* (private) */
+int _gpgrt_putc_overflow (int c, gpgrt_stream_t stream); /* (private) */
#define gpgrt_getc_unlocked(stream) \
(((!(stream)->flags.writing) \
diff --git a/src/gpg-error.vers b/src/gpg-error.vers
index c0e599a..758e549 100644
--- a/src/gpg-error.vers
+++ b/src/gpg-error.vers
@@ -64,8 +64,8 @@ GPG_ERROR_1.0 {
gpgrt_flockfile;
gpgrt_ftrylockfile;
gpgrt_funlockfile;
- gpgrt_pending;
- gpgrt_pending_unlocked;
+ _gpgrt_pending;
+ _gpgrt_pending_unlocked;
gpgrt_feof;
gpgrt_feof_unlocked;
gpgrt_ferror;
diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h
index 8907835..bc2db8b 100644
--- a/src/gpgrt-int.h
+++ b/src/gpgrt-int.h
@@ -102,8 +102,8 @@ int _gpgrt_ferror (gpgrt_stream_t stream);
int _gpgrt_ferror_unlocked (gpgrt_stream_t stream);
void _gpgrt_clearerr (gpgrt_stream_t stream);
void _gpgrt_clearerr_unlocked (gpgrt_stream_t stream);
-int _gpgrt_pending (gpgrt_stream_t stream);
-int _gpgrt_pending_unlocked (gpgrt_stream_t stream);
+int _gpgrt__pending (gpgrt_stream_t stream);
+int _gpgrt__pending_unlocked (gpgrt_stream_t stream);
int _gpgrt_fflush (gpgrt_stream_t stream);
int _gpgrt_fseek (gpgrt_stream_t stream, long int offset, int whence);
diff --git a/src/visibility.c b/src/visibility.c
index f26f58c..9213ce9 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -298,15 +298,15 @@ gpgrt_funlockfile (estream_t stream)
}
int
-gpgrt_pending (estream_t stream)
+_gpgrt_pending (estream_t stream)
{
- return _gpgrt_pending (stream);
+ return _gpgrt__pending (stream);
}
int
-gpgrt_pending_unlocked (estream_t stream)
+_gpgrt_pending_unlocked (estream_t stream)
{
- return _gpgrt_pending_unlocked (stream);
+ return _gpgrt__pending_unlocked (stream);
}
int
diff --git a/src/visibility.h b/src/visibility.h
index 35878d7..6f7de84 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -87,8 +87,8 @@ MARK_VISIBLE (_gpgrt_get_std_stream)
MARK_VISIBLE (gpgrt_flockfile)
MARK_VISIBLE (gpgrt_ftrylockfile)
MARK_VISIBLE (gpgrt_funlockfile)
-MARK_VISIBLE (gpgrt_pending)
-MARK_VISIBLE (gpgrt_pending_unlocked)
+MARK_VISIBLE (_gpgrt_pending)
+MARK_VISIBLE (_gpgrt_pending_unlocked)
MARK_VISIBLE (gpgrt_feof)
MARK_VISIBLE (gpgrt_feof_unlocked)
MARK_VISIBLE (gpgrt_ferror)
@@ -192,8 +192,8 @@ MARK_VISIBLE (gpgrt_set_alloc_func)
#define gpgrt_flockfile _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_ftrylockfile _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_funlockfile _gpgrt_USE_UNDERSCORED_FUNCTION
-#define gpgrt_pending _gpgrt_USE_UNDERSCORED_FUNCTION
-#define gpgrt_pending_unlocked _gpgrt_USE_UNDERSCORED_FUNCTION
+#define _gpgrt_pending _gpgrt_USE_UNDERSCORED_FUNCTION
+#define _gpgrt_pending_unlocked _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_feof _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_feof_unlocked _gpgrt_USE_UNDERSCORED_FUNCTION
#define gpgrt_ferror _gpgrt_USE_UNDERSCORED_FUNCTION
-----------------------------------------------------------------------
Summary of changes:
src/estream.c | 6 +++---
src/gpg-error.def.in | 4 ++--
src/gpg-error.h.in | 17 +++++++++++++----
src/gpg-error.vers | 4 ++--
src/gpgrt-int.h | 4 ++--
src/visibility.c | 8 ++++----
src/visibility.h | 8 ++++----
7 files changed, 30 insertions(+), 21 deletions(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 13:06:20 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 13:06:20 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-27-gade531a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ade531acac5041b8346581fe323f36b9dcfee502 (commit)
via 6522a68d8d11e15ee77102e6830f251c2d9f440d (commit)
via a6fcdbc9e0fc0e45a3badc23813e689e83059b61 (commit)
via 09a8f75f303388ebc77fc9b4f8b70431af2f6902 (commit)
via b15d5d42adf31c0797797ebe19c471ab6f52c668 (commit)
via 9c380384dafb213334f8834178c5ceb0bf33db6e (commit)
from 688a903b4b3ad348c0d09e9d3fab8a12f4f94311 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ade531acac5041b8346581fe323f36b9dcfee502
Author: Werner Koch
Date: Fri Oct 3 13:02:06 2014 +0200
Some doc fixes and a fix for "make distcheck".
--
diff --git a/README b/README
index 94c0756..ad52077 100644
--- a/README
+++ b/README
@@ -2,28 +2,39 @@
=========================
Version 2.1
- THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE.
-
Copyright 1997-1998, 2013-2014 Werner Koch
Copyright 1998-2013 Free Software Foundation, Inc.
* INTRODUCTION
- GnuPG is a tool for secure communication and data storage. It can
- be used to encrypt data and to create digital signatures. It
- includes an advanced key management facility and is compliant with
- the proposed OpenPGP Internet standard as described in RFC4880 and
- the S/MIME standard as described by several RFCs.
+ GnuPG is a complete and free implementation of the OpenPGP standard
+ as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt
+ and sign data and communication, features a versatile key management
+ system as well as access modules for public key directories.
+
+ GnuPG, also known as GPG, is a command line tool with features for
+ easy integration with other applications. A wealth of frontend
+ applications and libraries making use of GnuPG are available. Since
+ version 2 GnuPG provides support for S/MIME and Secure Shell in
+ addition to OpenPGP.
+
+ GnuPG is Free Software (meaning that it respects your freedom). It
+ can be freely used, modified and distributed under the terms of the
+ GNU General Public License.
+
+ We are currently maintaining three branches of GnuPG:
+
+ - 2.1 (i.e. this release) is the latest development with a lot of
+ new features.
- GnuPG is distributed under the terms of the GNU General Public
- License. See the file COPYING for details. GnuPG works best on
- GNU/Linux or *BSD systems. Most other Unices are also supported but
- are not as well tested as the Free Unices.
+ - 2.0 is the current stable version for general use.
- GnuPG-2 is the stable version of GnuPG integrating support for
- OpenPGP and S/MIME. It does not conflict with an installed 1.4
- OpenPGP-only version.
+ - 1.4 is the old standalone version which is most suitable for older
+ or embedded platforms.
+
+ You may not install 2.1 and 2.0 at the same time. However, it is
+ possible to install 1.4 along with any of the 2.x versions.
* BUILD INSTRUCTIONS
@@ -115,22 +126,15 @@
exists and copies them to the new store. The old secring.gpg is
kept for use by older versions of gpg.
- GPG's smartcard commands --card-edit and --card-status as well as some
- of the card related sub-commands of --edit-key are not yet fully
- supported. However, signing and decryption with a smartcard does
- work.
-
- Note that gpg-agent now uses a fixed socket by default. All tools
- will start the gpg-agent as needed. In general there is no more
- need to set the GPG_AGENT_INFO environment variable. The
- SSH_AUTH_SOCK environment variable should be set to a fixed value.
+ Note that gpg-agent now uses a fixed socket. All tools will start
+ the gpg-agent as needed. The formerly used environment variable
+ GPG_AGENT_INFO is ignored by 2.1. The SSH_AUTH_SOCK environment
+ variable should be set to a fixed value.
The Dirmngr is now part of GnuPG proper and also used to access
- OpenPGP keyservers. The directroy layout of Dirmngr changed to make
+ OpenPGP keyservers. The directory layout of Dirmngr changed to make
use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
- needed needed. There is no more need to install a separate dirmngr
- package.
-
+ needed. There is no more need to install a separate Dirmngr package.
* DOCUMENTATION
@@ -203,10 +207,12 @@
Commercial grade support for GnuPG is available; for a listing of
offers see https://www.gnupg.org/service.html . Maintaining and
- improving GnuPG is costly. Since 2001, g10 Code GmbH, a German
- company owned and headed by GnuPG's principal author Werner Koch, is
- bearing the majority of these costs. To help them carry on this
- work, they need your support. See https://gnupg.org/donate/ .
+ improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
+ a German company owned and headed by GnuPG's principal author Werner
+ Koch, is bearing the majority of these costs. To keep GnuPG in a
+ healthy state, they need your support.
+
+ Please consider to donate at https://gnupg.org/donate/ .
# This file is Free Software; as a special exception the authors gives
diff --git a/po/de.po b/po/de.po
index d5db5df..d3bd5ff 100644
--- a/po/de.po
+++ b/po/de.po
@@ -4342,7 +4342,8 @@ msgstr "WARNUNG: \"%s%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
#, c-format
msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
-msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat eine Wirkung nur in %s.\n"
+msgstr ""
+"%s:%u: Die Option \"%s\" is veraltet - sie hat eine Wirkung nur in %s.\n"
#, c-format
msgid ""
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 17d1911..cc28027 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -76,8 +76,9 @@ EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \
CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
- pubring.gpg secring.gpg pubring.pkr secring.skr \
- gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log
+ pubring.gpg pubring.gpg~ pubring.kbx pubring.kbx~ \
+ secring.gpg pubring.pkr secring.skr \
+ gnupg-test.stop random_seed gpg-agent.log
clean-local:
-rm -rf private-keys-v1.d openpgp-revocs.d
commit 6522a68d8d11e15ee77102e6830f251c2d9f440d
Author: Werner Koch
Date: Fri Oct 3 12:35:22 2014 +0200
build: Add configure options --disable-{ntb,gnu}tls.
* configure.ac: Add --disable-ntbtls and --disable-gnutls.
diff --git a/configure.ac b/configure.ac
index 9e1dd89..28268f1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -93,6 +93,7 @@ have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_ntbtls=no
+have_gnutls=no
have_npth=no
have_libusb=no
have_adns=no
@@ -829,16 +830,27 @@ fi
# NTBTLS is our TLS library. If it is not available fallback to
# GNUTLS.
#
-AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
- [have_ntbtls=yes],[have_ntbtls=no])
-
+AC_ARG_ENABLE(ntbtls,
+ AC_HELP_STRING([--disable-ntbtls],
+ [disable the use of NTBTLS as TLS library]),
+ try_ntbtls=$enableval, try_ntbtls=yes)
+if test x"$try_ntbtls" = xyes ; then
+ AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
+ [have_ntbtls=yes],[have_ntbtls=no])
+fi
if test "$have_ntbtls" = yes ; then
use_tls_library=ntbtls
AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
else
- PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
- [have_gnutls=yes],
- [have_gnutls=no])
+ AC_ARG_ENABLE(gnutls,
+ AC_HELP_STRING([--disable-gnutls],
+ [disable GNUTLS as fallback TLS library]),
+ try_gnutls=$enableval, try_gnutls=yes)
+ if test x"$try_gnutls" = xyes ; then
+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
+ [have_gnutls=yes],
+ [have_gnutls=no])
+ fi
if test "$have_gnutls" = "yes"; then
AC_SUBST([LIBGNUTLS_CFLAGS])
AC_SUBST([LIBGNUTLS_LIBS])
commit a6fcdbc9e0fc0e45a3badc23813e689e83059b61
Author: Andre Heinecke
Date: Fri Sep 19 19:38:13 2014 +0200
gpg: Check gpg-agent version before 2.1 migration.
* g10/call-agent.c, g10/call-agent.h (agent_get_version): New.
* g10/migrate.c (migrate_secring): Abort migration if
agent_get_version returns not at least 2.1.0
--
GnuPG-bug-id: 1718
On the first installation of GnuPG 2.1 it is likely that an
old gpg-agent is still running in the environment. In that
case the migration would fail.
Signed-off-by: Andre Heinecke
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 58f4a92..080df18 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -2277,3 +2277,33 @@ agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
cache_nonce_status_cb, &cn_parm);
return err;
}
+
+/* Return the version reported by gpg-agent. */
+gpg_error_t
+agent_get_version (ctrl_t ctrl, char **r_version)
+{
+ gpg_error_t err;
+ membuf_t data;
+
+ err = start_agent (ctrl, 0);
+ if (err)
+ return err;
+
+ init_membuf (&data, 64);
+ err = assuan_transact (agent_ctx, "GETINFO version",
+ membuf_data_cb, &data,
+ NULL, NULL, NULL, NULL);
+ if (err)
+ {
+ xfree (get_membuf (&data, NULL));
+ *r_version = NULL;
+ }
+ else
+ {
+ put_membuf (&data, "", 1);
+ *r_version = get_membuf (&data, NULL);
+ if (!*r_version)
+ err = gpg_error_from_syserror ();
+ }
+ return err;
+}
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 1deb854..5b4cd09 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -192,6 +192,8 @@ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *hexkeygrip,
/* Change the passphrase of a key. */
gpg_error_t agent_passwd (ctrl_t ctrl, const char *hexkeygrip, const char *desc,
char **cache_nonce_addr, char **passwd_nonce_addr);
+/* Get the version reported by gpg-agent. */
+gpg_error_t agent_get_version (ctrl_t ctrl, char **r_version);
#endif /*GNUPG_G10_CALL_AGENT_H*/
diff --git a/g10/migrate.c b/g10/migrate.c
index 9a21cfe..5cb3512 100644
--- a/g10/migrate.c
+++ b/g10/migrate.c
@@ -29,6 +29,7 @@
#include "keydb.h"
#include "util.h"
#include "main.h"
+#include "call-agent.h"
#ifdef HAVE_DOSISH_SYSTEM
@@ -46,6 +47,7 @@ migrate_secring (ctrl_t ctrl)
dotlock_t lockhd = NULL;
char *secring = NULL;
char *flagfile = NULL;
+ char *agent_version = NULL;
secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL);
if (access (secring, F_OK))
@@ -72,6 +74,27 @@ migrate_secring (ctrl_t ctrl)
goto leave;
}
+ if (!agent_get_version (ctrl, &agent_version))
+ {
+ if (!gnupg_compare_version (agent_version, "2.1.0"))
+ {
+ log_error ("error: GnuPG agent version \"%s\" is too old. ",
+ agent_version);
+ log_error ("Please install an updated GnuPG agent.\n");
+ log_error ("migration aborted\n");
+ xfree (agent_version);
+ goto leave;
+ }
+ xfree (agent_version);
+ }
+ else
+ {
+ log_error ("error: GnuPG agent unusable. "
+ "Please check that a GnuPG agent can be started.\n");
+ log_error ("migration aborted\n");
+ goto leave;
+ }
+
log_info ("porting secret keys from '%s' to gpg-agent\n", secring);
if (!import_old_secring (ctrl, secring))
{
commit 09a8f75f303388ebc77fc9b4f8b70431af2f6902
Author: Werner Koch
Date: Fri Oct 3 12:13:25 2014 +0200
po: Auto update translations.
--
diff --git a/po/fr.po b/po/fr.po
index 11f724a..2ba5e46 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -333,9 +333,6 @@ msgstr "ne pas capturer le clavier et la souris"
msgid "use a log file for the server"
msgstr "utiliser un fichier journal pour le serveur"
-msgid "use a standard location for the socket"
-msgstr "utiliser un emplacement de socket standard"
-
msgid "|PGM|use PGM as the PIN-Entry program"
msgstr "|PROG|utiliser PROG pour entrer le code personnel"
@@ -373,9 +370,6 @@ msgstr ""
msgid "enable putty support"
msgstr "non pris en charge"
-msgid "|FILE|write environment settings also to FILE"
-msgstr "|FICHIER|?crire aussi les r?glages d'env. dans FICHIER"
-
# @EMAIL@ is currently an URL
#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
#. reporting address. This is so that we can change the
@@ -419,14 +413,6 @@ msgstr "lecture des options de ??%s??\n"
msgid "NOTE: '%s' is not considered an option\n"
msgstr "Remarque?: ??%s?? n'est pas consid?r? comme une option\n"
-#, c-format
-msgid "error creating '%s': %s\n"
-msgstr "erreur de cr?ation de ??%s???: %s\n"
-
-#, c-format
-msgid "can't create directory '%s': %s\n"
-msgstr "impossible de cr?er le r?pertoire ??%s???: %s\n"
-
msgid "name of socket too long\n"
msgstr "nom de socket trop long\n"
@@ -459,6 +445,10 @@ msgid "listening on socket '%s'\n"
msgstr "?coute sur la socket ??%s??\n"
#, c-format
+msgid "can't create directory '%s': %s\n"
+msgstr "impossible de cr?er le r?pertoire ??%s???: %s\n"
+
+#, c-format
msgid "directory '%s' created\n"
msgstr "r?pertoire ??%s?? cr??\n"
@@ -502,15 +492,6 @@ msgid "no gpg-agent running in this session\n"
msgstr ""
"aucune instance de gpg-agent n'est en cours d'ex?cution dans cette session\n"
-#, fuzzy, c-format
-#| msgid "malformed DIRMNGR_INFO environment variable\n"
-msgid "malformed %s environment variable\n"
-msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n"
-
-#, c-format
-msgid "gpg-agent protocol version %d is not supported\n"
-msgstr "le protocole gpg-agent version?%d n'est pas pris en charge\n"
-
msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
msgstr ""
"Utilisation?: gpg-preset-passphrase [options] KEYGRIP (-h pour l'aide)\n"
@@ -833,10 +814,6 @@ msgstr "attente pour permettre ? l'agent d'arriver? (%d?s)\n"
msgid "connection to agent established\n"
msgstr "connexion ? l'agent ?tablie\n"
-msgid "can't connect to the agent - trying fall back\n"
-msgstr ""
-"impossible de se connecter ? l'agent ? essai avec la solution de repli\n"
-
#, c-format
msgid "no running Dirmngr - starting '%s'\n"
msgstr "pas d'instance de Dirmngr en cours d'ex?cution ? d?marrage de ??%s??\n"
@@ -1726,13 +1703,16 @@ msgstr "afficher les clefs et les empreintes"
msgid "list secret keys"
msgstr "afficher les clefs secr?tes"
+msgid "generate a new key pair"
+msgstr "g?n?rer une nouvelle paire de clefs"
+
#, fuzzy
#| msgid "generate a new key pair"
msgid "quickly generate a new key pair"
msgstr "g?n?rer une nouvelle paire de clefs"
-msgid "generate a new key pair"
-msgstr "g?n?rer une nouvelle paire de clefs"
+msgid "full featured key pair generation"
+msgstr ""
msgid "generate a revocation certificate"
msgstr "g?n?rer un certificat de r?vocation"
@@ -3667,9 +3647,9 @@ msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (indiquez vous-m?me les capacit?s)\n"
#, fuzzy, c-format
-#| msgid " (%d) RSA\n"
-msgid " (%d) ECC\n"
-msgstr " (%d) RSA\n"
+#| msgid " (%d) ECDSA and ECDH\n"
+msgid " (%d) ECC and ECC\n"
+msgstr " (%d) ECDSA et ECDH\n"
#, fuzzy, c-format
#| msgid " (%d) ECDSA (sign only)\n"
@@ -3886,6 +3866,19 @@ msgstr ""
"Changer le (N)om, le (C)ommentaire, l'(A)dresse ?lectronique\n"
"ou (O)ui/(Q)uitter?? "
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgid "Change (N)ame, (E)mail, or (Q)uit? "
+msgstr ""
+"Changer le (N)om, le (C)ommentaire, l'(A)dresse ?lectronique ou (Q)uitter?? "
+
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
+msgstr ""
+"Changer le (N)om, le (C)ommentaire, l'(A)dresse ?lectronique\n"
+"ou (O)ui/(Q)uitter?? "
+
msgid "Please correct the error first\n"
msgstr "Veuillez d'abord corriger l'erreur\n"
@@ -3962,6 +3955,10 @@ msgstr "Faut-il quand m?me utiliser cette clef?? (o/N) "
msgid "creating anyway\n"
msgstr "g?n?ration d'une nouvelle clef\n"
+#, c-format
+msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
+msgstr ""
+
msgid "Key generation canceled.\n"
msgstr "La g?n?ration de clef a ?t? annul?e.\n"
@@ -4420,8 +4417,20 @@ msgstr "Attention?: ??%s?? est une commande d?conseill?e ? ne l'utilise
msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
msgstr "%s?: %u?: option ??%s?? obsol?te ? non prise en compte\n"
-#, c-format
-msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+msgstr "Attention?: ??%s?? est une option obsol?te ? non prise en compte\n"
+
+#, fuzzy, c-format
+#| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr "%s?: %u?: option ??%s?? obsol?te ? non prise en compte\n"
+
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
msgstr "Attention?: ??%s?? est une option obsol?te ? non prise en compte\n"
msgid "Uncompressed"
@@ -4879,6 +4888,10 @@ msgstr ""
"les donn?es ne sont pas enregistr?es?; utilisez l'option ??--output?? pour\n"
"les enregistrer\n"
+#, c-format
+msgid "error creating '%s': %s\n"
+msgstr "erreur de cr?ation de ??%s???: %s\n"
+
msgid "Detached signature.\n"
msgstr "Signature d?tach?e.\n"
@@ -7167,6 +7180,11 @@ msgstr ""
"pas d'instance de dirmngr en cours d'ex?cution ?\n"
"d?marrage d'une nouvelle instance\n"
+#, fuzzy, c-format
+#| msgid "malformed DIRMNGR_INFO environment variable\n"
+msgid "malformed %s environment variable\n"
+msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n"
+
#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "le protocole dirmngr version?%d n'est pas pris en charge\n"
@@ -8186,6 +8204,24 @@ msgstr ""
"V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? "
"ficmotif\n"
+#~ msgid "use a standard location for the socket"
+#~ msgstr "utiliser un emplacement de socket standard"
+
+#~ msgid "|FILE|write environment settings also to FILE"
+#~ msgstr "|FICHIER|?crire aussi les r?glages d'env. dans FICHIER"
+
+#~ msgid "gpg-agent protocol version %d is not supported\n"
+#~ msgstr "le protocole gpg-agent version?%d n'est pas pris en charge\n"
+
+#~ msgid "can't connect to the agent - trying fall back\n"
+#~ msgstr ""
+#~ "impossible de se connecter ? l'agent ? essai avec la solution de repli\n"
+
+#, fuzzy
+#~| msgid " (%d) RSA\n"
+#~ msgid " (%d) ECC\n"
+#~ msgstr " (%d) RSA\n"
+
#, fuzzy
#~| msgid "can't create directory '%s': %s\n"
#~ msgid "can't create directory `%s': %s\n"
@@ -8305,9 +8341,6 @@ msgstr ""
#~ msgid "deleting secret key not implemented\n"
#~ msgstr "la suppression de clef secr?te n'est pas impl?ment?e\n"
-#~ msgid " (%d) ECDSA and ECDH\n"
-#~ msgstr " (%d) ECDSA et ECDH\n"
-
#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
#~ msgstr "11 le traducteur a bien lu ce qu'il fallait :)"
diff --git a/po/ja.po b/po/ja.po
index 73de77a..365365a 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -323,9 +323,6 @@ msgstr "???????????????"
msgid "use a log file for the server"
msgstr "??????????????"
-msgid "use a standard location for the socket"
-msgstr "?????????????"
-
msgid "|PGM|use PGM as the PIN-Entry program"
msgstr "|PGM|PGM?PIN????????????"
@@ -359,9 +356,6 @@ msgstr "ssh??????????"
msgid "enable putty support"
msgstr "putty??????????"
-msgid "|FILE|write environment settings also to FILE"
-msgstr "|FILE|FILE?????????????"
-
#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
#. reporting address. This is so that we can change the
#. reporting address without breaking the translations.
@@ -402,14 +396,6 @@ msgstr "'%s' ??????????????\n"
msgid "NOTE: '%s' is not considered an option\n"
msgstr "*??*: '%s'???????????????\n"
-#, c-format
-msgid "error creating '%s': %s\n"
-msgstr "'%s'??????: %s\n"
-
-#, c-format
-msgid "can't create directory '%s': %s\n"
-msgstr "??????'%s'????????: %s\n"
-
msgid "name of socket too long\n"
msgstr "???????????\n"
@@ -440,6 +426,10 @@ msgid "listening on socket '%s'\n"
msgstr "????'%s'?listen\n"
#, c-format
+msgid "can't create directory '%s': %s\n"
+msgstr "??????'%s'????????: %s\n"
+
+#, c-format
msgid "directory '%s' created\n"
msgstr "??????'%s'????????\n"
@@ -482,14 +472,6 @@ msgstr "%s %s ??????\n"
msgid "no gpg-agent running in this session\n"
msgstr "????????gpg-agent??????????\n"
-#, c-format
-msgid "malformed %s environment variable\n"
-msgstr "????%s?????????\n"
-
-#, c-format
-msgid "gpg-agent protocol version %d is not supported\n"
-msgstr "gpg-agent???????????%d????????????\n"
-
msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
msgstr "???: gpg-preset-passphrase [?????] KEYGRIP (???? -h)\n"
@@ -804,9 +786,6 @@ msgstr "agent???????%d?????\n"
msgid "connection to agent established\n"
msgstr "??????????????????\n"
-msgid "can't connect to the agent - trying fall back\n"
-msgstr "agent???????? - ????????????\n"
-
#, c-format
msgid "no running Dirmngr - starting '%s'\n"
msgstr "dirmngr???????? - ?????'%s'\n"
@@ -1664,13 +1643,16 @@ msgstr "??????????????"
msgid "list secret keys"
msgstr "??????"
+msgid "generate a new key pair"
+msgstr "????????"
+
#, fuzzy
#| msgid "generate a new key pair"
msgid "quickly generate a new key pair"
msgstr "????????"
-msgid "generate a new key pair"
-msgstr "????????"
+msgid "full featured key pair generation"
+msgstr ""
msgid "generate a revocation certificate"
msgstr "????????"
@@ -3522,8 +3504,9 @@ msgstr " (%d) DSA (???????????)\n"
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (???????????)\n"
-#, c-format
-msgid " (%d) ECC\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECC\n"
+msgid " (%d) ECC and ECC\n"
msgstr " (%d) ECC\n"
#, c-format
@@ -3730,6 +3713,16 @@ msgstr "??(N)?????(C)??????(E)????????
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "??(N)?????(C)??????(E)???????OK(O)???(Q)? "
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgid "Change (N)ame, (E)mail, or (Q)uit? "
+msgstr "??(N)?????(C)??????(E)?????????(Q)? "
+
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
+msgstr "??(N)?????(C)??????(E)???????OK(O)???(Q)? "
+
msgid "Please correct the error first\n"
msgstr "??????????????\n"
@@ -3806,6 +3799,10 @@ msgstr "?????????????? (y/N) "
msgid "creating anyway\n"
msgstr "???????\n"
+#, c-format
+msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
+msgstr ""
+
msgid "Key generation canceled.\n"
msgstr "??????????????\n"
@@ -4236,8 +4233,22 @@ msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
msgstr ""
"%s:%u: \"%s\"????????????????? - ???????????\n"
-#, c-format
-msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+msgstr ""
+"*??*: \"%s\"????????????????? - ???????????\n"
+
+#, fuzzy, c-format
+#| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr ""
+"%s:%u: \"%s\"????????????????? - ???????????\n"
+
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
msgstr ""
"*??*: \"%s\"????????????????? - ???????????\n"
@@ -4639,6 +4650,10 @@ msgid "data not saved; use option \"--output\" to save it\n"
msgstr ""
"??????????????????\"--output\"?????????????\n"
+#, c-format
+msgid "error creating '%s': %s\n"
+msgstr "'%s'??????: %s\n"
+
msgid "Detached signature.\n"
msgstr "?????\n"
@@ -6764,6 +6779,10 @@ msgid "no running dirmngr - starting one\n"
msgstr "dirmngr???????? - ?????\n"
#, c-format
+msgid "malformed %s environment variable\n"
+msgstr "????%s?????????\n"
+
+#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "dirmngr???????????%d????????????\n"
@@ -7744,6 +7763,18 @@ msgstr ""
"??: gpg-check-pattern [?????] ????????\n"
"????????????????????????????\n"
+#~ msgid "use a standard location for the socket"
+#~ msgstr "?????????????"
+
+#~ msgid "|FILE|write environment settings also to FILE"
+#~ msgstr "|FILE|FILE?????????????"
+
+#~ msgid "gpg-agent protocol version %d is not supported\n"
+#~ msgstr "gpg-agent???????????%d????????????\n"
+
+#~ msgid "can't connect to the agent - trying fall back\n"
+#~ msgstr "agent???????? - ????????????\n"
+
#, fuzzy
#~| msgid "can't create directory '%s': %s\n"
#~ msgid "can't create directory `%s': %s\n"
diff --git a/po/uk.po b/po/uk.po
index 9a7090e..785fae5 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -333,9 +333,6 @@ msgstr "?? ??????????? ????????? ??????????? ?
msgid "use a log file for the server"
msgstr "??????????????? ???? ??????? ??? ???????"
-msgid "use a standard location for the socket"
-msgstr "??????????????? ??? ?????? ?????????? ????????????"
-
msgid "|PGM|use PGM as the PIN-Entry program"
msgstr "??????????????? ??????? ???????? ??????????"
@@ -369,9 +366,6 @@ msgstr "????????? ????????? ssh"
msgid "enable putty support"
msgstr "????????? ????????? putty"
-msgid "|FILE|write environment settings also to FILE"
-msgstr "???????? ????????? ?????????? ? ?? ?????"
-
#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
#. reporting address. This is so that we can change the
#. reporting address without breaking the translations.
@@ -412,14 +406,6 @@ msgstr "????????? ????????? ? ?%s?\n"
msgid "NOTE: '%s' is not considered an option\n"
msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n"
-#, c-format
-msgid "error creating '%s': %s\n"
-msgstr "??????? ????????? ?%s?: %s.\n"
-
-#, c-format
-msgid "can't create directory '%s': %s\n"
-msgstr "?? ??????? ???????? ??????? ?%s?: %s\n"
-
msgid "name of socket too long\n"
msgstr "????? ?????? ? ????? ??????\n"
@@ -450,6 +436,10 @@ msgid "listening on socket '%s'\n"
msgstr "?????????? ????? ?? ?????? ?%s?\n"
#, c-format
+msgid "can't create directory '%s': %s\n"
+msgstr "?? ??????? ???????? ??????? ?%s?: %s\n"
+
+#, c-format
msgid "directory '%s' created\n"
msgstr "???????? ??????? ?%s?\n"
@@ -494,14 +484,6 @@ msgstr "%s %s ????????\n"
msgid "no gpg-agent running in this session\n"
msgstr "? ????? ?????? ?? ???????? gpg-agent\n"
-#, c-format
-msgid "malformed %s environment variable\n"
-msgstr "????????? ???????????? ??????? ?????????? %s\n"
-
-#, c-format
-msgid "gpg-agent protocol version %d is not supported\n"
-msgstr "????????? ?????? ????????? gpg-agent %d ?? ???????????\n"
-
msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
msgstr ""
"????????????: gpg-preset-passphrase [?????????] KEYGRIP (-h ? ???????)\n"
@@ -826,10 +808,6 @@ msgstr "?????????? ?? ?????????????? ??????? (
msgid "connection to agent established\n"
msgstr "??????????? ????????? ? ???????\n"
-msgid "can't connect to the agent - trying fall back\n"
-msgstr ""
-"?? ??????? ?????????? ????????? ? ???????, ?????????????? ????????? ???????\n"
-
#, c-format
msgid "no running Dirmngr - starting '%s'\n"
msgstr "Dirmngr ?? ???????? ? ?????????? ?%s?\n"
@@ -1705,13 +1683,16 @@ msgstr "???????? ?????? ?????? ? ?????????"
msgid "list secret keys"
msgstr "???????? ?????? ???????? ??????"
+msgid "generate a new key pair"
+msgstr "???????? ???? ??????"
+
#, fuzzy
#| msgid "generate a new key pair"
msgid "quickly generate a new key pair"
msgstr "???????? ???? ??????"
-msgid "generate a new key pair"
-msgstr "???????? ???? ??????"
+msgid "full featured key pair generation"
+msgstr ""
msgid "generate a revocation certificate"
msgstr "???????? ?????????? ???????????"
@@ -3636,9 +3617,10 @@ msgstr " (%d) DSA (?? ??????????? ??????????? ????
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (?? ??????????? ??????????? ?????????)\n"
-#, c-format
-msgid " (%d) ECC\n"
-msgstr " (%d) ECC\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA and ECDH\n"
+msgid " (%d) ECC and ECC\n"
+msgstr " (%d) ECDSA ? ECDH\n"
#, c-format
msgid " (%d) ECC (sign only)\n"
@@ -3849,6 +3831,17 @@ msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr ""
"??????? ????? (N), ???????? (C), ??. ????? (E) ??? ?????? (O) ?? ????? (Q)? "
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (Q)uit? "
+msgid "Change (N)ame, (E)mail, or (Q)uit? "
+msgstr "??????? ????? (N), ???????? (C), ??. ????? (E) ??? ????? (Q)? "
+
+#, fuzzy
+#| msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
+msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
+msgstr ""
+"??????? ????? (N), ???????? (C), ??. ????? (E) ??? ?????? (O) ?? ????? (Q)? "
+
msgid "Please correct the error first\n"
msgstr "???????? ???????? ???????\n"
@@ -3924,6 +3917,10 @@ msgstr "????? ??? ??????????????? ??? ????? (y/N
msgid "creating anyway\n"
msgstr "????????? ?????? ?????\n"
+#, c-format
+msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
+msgstr ""
+
msgid "Key generation canceled.\n"
msgstr "????????? ????? ?????????.\n"
@@ -4373,8 +4370,20 @@ msgstr "?????: ?%s? ?????????? ?????????? ?????
msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
msgstr "%s:%u: ?????????? ???????? ?%s? ? ??? ?? ???????????\n"
-#, c-format
-msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+msgstr "?????: ?%s? ? ?????????? ?????????? ? ??? ?? ???????????\n"
+
+#, fuzzy, c-format
+#| msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
+msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr "%s:%u: ?????????? ???????? ?%s? ? ??? ?? ???????????\n"
+
+#, fuzzy, c-format
+#| msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
msgstr "?????: ?%s? ? ?????????? ?????????? ? ??? ?? ???????????\n"
msgid "Uncompressed"
@@ -4788,6 +4797,10 @@ msgstr ""
"???? ?? ?????????; ????????????? ??? ??????? ?????????? ?????????? ?--"
"output?\n"
+#, c-format
+msgid "error creating '%s': %s\n"
+msgstr "??????? ????????? ?%s?: %s.\n"
+
msgid "Detached signature.\n"
msgstr "??????????? ??????.\n"
@@ -6971,6 +6984,10 @@ msgid "no running dirmngr - starting one\n"
msgstr "dirmngr ?? ???????? ? ??????????\n"
#, c-format
+msgid "malformed %s environment variable\n"
+msgstr "????????? ???????????? ??????? ?????????? %s\n"
+
+#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "????????? ????????? dirmngr ?????? %d ?? ???????????\n"
@@ -7961,6 +7978,23 @@ msgstr ""
"?????????: gpg-check-pattern [?????????] ????_????????\n"
"?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n"
+#~ msgid "use a standard location for the socket"
+#~ msgstr "??????????????? ??? ?????? ?????????? ????????????"
+
+#~ msgid "|FILE|write environment settings also to FILE"
+#~ msgstr "???????? ????????? ?????????? ? ?? ?????"
+
+#~ msgid "gpg-agent protocol version %d is not supported\n"
+#~ msgstr "????????? ?????? ????????? gpg-agent %d ?? ???????????\n"
+
+#~ msgid "can't connect to the agent - trying fall back\n"
+#~ msgstr ""
+#~ "?? ??????? ?????????? ????????? ? ???????, ?????????????? ????????? "
+#~ "???????\n"
+
+#~ msgid " (%d) ECC\n"
+#~ msgstr " (%d) ECC\n"
+
#, fuzzy
#~| msgid "can't create directory '%s': %s\n"
#~ msgid "can't create directory `%s': %s\n"
@@ -8073,9 +8107,6 @@ msgstr ""
#~ msgid "too many entries in pk cache - disabled\n"
#~ msgstr "??????? ?????? ??????? ? ???? pk ? ????????\n"
-#~ msgid " (%d) ECDSA and ECDH\n"
-#~ msgstr " (%d) ECDSA ? ECDH\n"
-
#~ msgid "the IDEA cipher plugin is not present\n"
#~ msgstr "?? ???????? ??????? ?????????? IDEA\n"
commit b15d5d42adf31c0797797ebe19c471ab6f52c668
Author: Werner Koch
Date: Fri Oct 3 12:13:05 2014 +0200
po: Update German translation.
diff --git a/po/de.po b/po/de.po
index 8804b24..d5db5df 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-08-14 17:12+0200\n"
+"PO-Revision-Date: 2014-10-03 12:12+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -318,9 +318,6 @@ msgstr "Tastatur und Maus nicht \"grabben\""
msgid "use a log file for the server"
msgstr "Logausgaben in eine Datei umlenken"
-msgid "use a standard location for the socket"
-msgstr "Benutze einen Standardnamen f?r den Socket"
-
msgid "|PGM|use PGM as the PIN-Entry program"
msgstr "|PGM|benutze PGM as PIN-Entry"
@@ -354,9 +351,6 @@ msgstr "SSH Unterst?tzung einschalten"
msgid "enable putty support"
msgstr "PuTTY Unterst?tzung einschalten"
-msgid "|FILE|write environment settings also to FILE"
-msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
-
#. TRANSLATORS: @EMAIL@ will get replaced by the actual bug
#. reporting address. This is so that we can change the
#. reporting address without breaking the translations.
@@ -399,14 +393,6 @@ msgstr "Optionen werden aus '%s' gelesen\n"
msgid "NOTE: '%s' is not considered an option\n"
msgstr "Hinweis: `%s' wird nicht als Option betrachtet\n"
-#, c-format
-msgid "error creating '%s': %s\n"
-msgstr "Fehler beim Erstellen von `%s': %s\n"
-
-#, c-format
-msgid "can't create directory '%s': %s\n"
-msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
-
msgid "name of socket too long\n"
msgstr "Der Name des Sockets ist zu lang\n"
@@ -437,6 +423,10 @@ msgid "listening on socket '%s'\n"
msgstr "Es wird auf Socket `%s' geh?rt\n"
#, c-format
+msgid "can't create directory '%s': %s\n"
+msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
+
+#, c-format
msgid "directory '%s' created\n"
msgstr "Verzeichnis `%s' erzeugt\n"
@@ -479,14 +469,6 @@ msgstr "%s %s angehalten\n"
msgid "no gpg-agent running in this session\n"
msgstr "Der gpg-agent l?uft nicht f?r diese Session\n"
-#, c-format
-msgid "malformed %s environment variable\n"
-msgstr "Fehlerhafte %s Variable\n"
-
-#, c-format
-msgid "gpg-agent protocol version %d is not supported\n"
-msgstr "GPG-Agent-Protokoll-Version %d wird nicht unterst?tzt\n"
-
msgid "Usage: gpg-preset-passphrase [options] KEYGRIP (-h for help)\n"
msgstr "Aufruf: gpg-preset-passphrase [Optionen] KEYGRIP (-h f?r Hilfe)\n"
@@ -812,9 +794,6 @@ msgstr "Warte bis der gpg-agent bereit ist ... (%ds)\n"
msgid "connection to agent established\n"
msgstr "Verbindung zum gpg-agent aufgebaut\n"
-msgid "can't connect to the agent - trying fall back\n"
-msgstr "Verbindung zum gpg-agent nicht m?glich - Ersatzmethode wird versucht\n"
-
#, c-format
msgid "no running Dirmngr - starting '%s'\n"
msgstr "Kein aktiver Dirmngr - `%s' wird gestartet\n"
@@ -1694,11 +1673,14 @@ msgstr "Liste der Schl?ssel und ihrer \"Fingerabdr?cke\""
msgid "list secret keys"
msgstr "Liste der geheimen Schl?ssel"
+msgid "generate a new key pair"
+msgstr "Ein neues Schl?sselpaar erzeugen"
+
msgid "quickly generate a new key pair"
msgstr "Schnell ein neues Schl?sselpaar erzeugen"
-msgid "generate a new key pair"
-msgstr "Ein neues Schl?sselpaar erzeugen"
+msgid "full featured key pair generation"
+msgstr "Ein neues Schl?sselpaar erzeugen (alle Optionen)"
msgid "generate a revocation certificate"
msgstr "Ein Schl?sselwiderruf-Zertifikat erzeugen"
@@ -3266,12 +3248,10 @@ msgstr ""
"dazu f?hren, da? eine andere User-ID als prim?r angesehen wird.\n"
msgid "WARNING: Your encryption subkey expires soon.\n"
-msgstr ""
+msgstr "WARNUNG: Ihr Unterschl?ssel zum Verschl?sseln wird bald verfallen.\n"
-#, fuzzy
-#| msgid "You can't change the expiration date of a v3 key\n"
msgid "You may want to change its expiration date too.\n"
-msgstr "Sie k?nnen das Verfallsdatum eines v3-Schl?ssels nicht ?ndern\n"
+msgstr "Bitte erw?gen Sie, dessen Verfallsdatum auch zu ?ndern.\n"
msgid ""
"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
@@ -3618,8 +3598,8 @@ msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n"
#, c-format
-msgid " (%d) ECC\n"
-msgstr " (%d) ECC\n"
+msgid " (%d) ECC and ECC\n"
+msgstr " (%d) ECC und ECC\n"
#, c-format
msgid " (%d) ECC (sign only)\n"
@@ -3825,6 +3805,12 @@ msgstr "?ndern: (N)ame, (K)ommentar, (E)-Mail oder (A)bbrechen? "
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "?ndern: (N)ame, (K)ommentar, (E)-Mail oder (F)ertig/(A)bbrechen? "
+msgid "Change (N)ame, (E)mail, or (Q)uit? "
+msgstr "?ndern: (N)ame, (E)-Mail oder (A)bbrechen? "
+
+msgid "Change (N)ame, (E)mail, or (O)kay/(Q)uit? "
+msgstr "?ndern: (N)ame, (E)-Mail oder (F)ertig/(A)bbrechen? "
+
msgid "Please correct the error first\n"
msgstr "Bitte beseitigen Sie zuerst den Fehler\n"
@@ -3898,6 +3884,10 @@ msgstr "Trotzdem erzeugen? (j/N) "
msgid "creating anyway\n"
msgstr "wird trotzdem erzeugt\n"
+#, c-format
+msgid "Note: Use \"%s %s\" for a full featured key generation dialog.\n"
+msgstr "Hinweis: \"%s %s\" ruft den erweiterten Dialog auf.\n"
+
msgid "Key generation canceled.\n"
msgstr "Schl?sselerzeugung abgebrochen.\n"
@@ -4347,8 +4337,19 @@ msgid "%s:%u: obsolete option \"%s\" - it has no effect\n"
msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat keine Wirkung\n"
#, c-format
-msgid "WARNING: \"%s\" is an obsolete option - it has no effect\n"
-msgstr "WARNUNG: \"%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
+msgid "WARNING: \"%s%s\" is an obsolete option - it has no effect\n"
+msgstr "WARNUNG: \"%s%s\" ist eine veraltete Option - sie hat keine Wirkung.\n"
+
+#, c-format
+msgid "%s:%u: \"%s\" is obsolete in this file - it only has effect in %s\n"
+msgstr "%s:%u: Die Option \"%s\" is veraltet - sie hat eine Wirkung nur in %s.\n"
+
+#, c-format
+msgid ""
+"WARNING: \"%s%s\" is an obsolete option - it has no effect except on %s\n"
+msgstr ""
+"WARNUNG: \"%s%s\" ist eine veraltete Option - sie hat eine Wirkung nur\n"
+"in %s.\n"
msgid "Uncompressed"
msgstr "nicht komprimiert"
@@ -4784,6 +4785,10 @@ msgid "data not saved; use option \"--output\" to save it\n"
msgstr ""
"Daten wurden nicht gespeichert; verwenden Sie daf?r die Option \"--output\"\n"
+#, c-format
+msgid "error creating '%s': %s\n"
+msgstr "Fehler beim Erstellen von `%s': %s\n"
+
msgid "Detached signature.\n"
msgstr "Abgetrennte Beglaubigungen.\n"
@@ -7007,6 +7012,10 @@ msgid "no running dirmngr - starting one\n"
msgstr "Dirmngr l?uft nicht - ein neuer wird gestartet\n"
#, c-format
+msgid "malformed %s environment variable\n"
+msgstr "Fehlerhafte %s Variable\n"
+
+#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "Dirmngr Protocol Version %d wird nicht unterst?tzt\n"
@@ -7995,6 +8004,22 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n"
+#~ msgid "use a standard location for the socket"
+#~ msgstr "Benutze einen Standardnamen f?r den Socket"
+
+#~ msgid "|FILE|write environment settings also to FILE"
+#~ msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
+
+#~ msgid "gpg-agent protocol version %d is not supported\n"
+#~ msgstr "GPG-Agent-Protokoll-Version %d wird nicht unterst?tzt\n"
+
+#~ msgid "can't connect to the agent - trying fall back\n"
+#~ msgstr ""
+#~ "Verbindung zum gpg-agent nicht m?glich - Ersatzmethode wird versucht\n"
+
+#~ msgid " (%d) ECC\n"
+#~ msgstr " (%d) ECC\n"
+
#~ msgid "can't create directory `%s': %s\n"
#~ msgstr " git describe --match gnupg-2.1.*[0-9] --long"
@@ -8077,9 +8102,6 @@ msgstr ""
#~ msgid "deleting secret key not implemented\n"
#~ msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n"
-#~ msgid " (%d) ECDSA and ECDH\n"
-#~ msgstr " (%d) ECDSA und ECDH\n"
-
#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
#~ msgstr "10"
commit 9c380384dafb213334f8834178c5ceb0bf33db6e
Author: Werner Koch
Date: Fri Oct 3 11:58:58 2014 +0200
Remove support for the GPG_AGENT_INFO envvar.
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
diff --git a/agent/agent.h b/agent/agent.h
index a420bae..7342475 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -58,9 +58,6 @@ struct
int batch; /* Batch mode */
const char *homedir; /* Configuration directory name */
- /* True if we are listening on the standard socket. */
- int use_standard_socket;
-
/* True if we handle sigusr2. */
int sigusr2_enabled;
diff --git a/agent/command.c b/agent/command.c
index e17232e..8c68498 100644
--- a/agent/command.c
+++ b/agent/command.c
@@ -2605,8 +2605,7 @@ cmd_updatestartuptty (assuan_context_t ctx, char *line)
static const char hlp_killagent[] =
"KILLAGENT\n"
"\n"
- "If the agent has been started using a standard socket\n"
- "we allow a client to stop the agent.";
+ "Stop the agent.";
static gpg_error_t
cmd_killagent (assuan_context_t ctx, char *line)
{
@@ -2614,9 +2613,6 @@ cmd_killagent (assuan_context_t ctx, char *line)
(void)line;
- if (!opt.use_standard_socket)
- return set_error (GPG_ERR_NOT_SUPPORTED, "no --use-standard-socket");
-
ctrl->server_local->stopme = 1;
assuan_set_flag (ctx, ASSUAN_FORCE_CLOSE, 1);
return 0;
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 3febaf8..0c163e1 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1,7 +1,7 @@
/* gpg-agent.c - The GnuPG Agent
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2009,
* 2010 Free Software Foundation, Inc.
- * Copyright (C) 2013 Werner Koch
+ * Copyright (C) 2013, 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -152,9 +152,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
- { oUseStandardSocket, "use-standard-socket", 0,
- N_("use a standard location for the socket")},
- { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"},
+ { oUseStandardSocket, "use-standard-socket", 0, "@"}, /* dummy */
+ { oNoUseStandardSocket, "no-use-standard-socket", 0, "@"}, /* dummy */
{ oPinentryProgram, "pinentry-program", 2 ,
N_("|PGM|use PGM as the PIN-Entry program") },
{ oPinentryTouchFile, "pinentry-touch-file", 2 , "@" },
@@ -207,8 +206,7 @@ static ARGPARSE_OPTS opts[] = {
"@"
#endif
},
- { oWriteEnvFile, "write-env-file", 2|8,
- N_("|FILE|write environment settings also to FILE")},
+ { oWriteEnvFile, "write-env-file", 2|8, "@" }, /* dummy */
{0}
};
@@ -314,7 +312,7 @@ static int active_connections;
Local prototypes.
*/
-static char *create_socket_name (char *standard_name, char *template);
+static char *create_socket_name (char *standard_name);
static gnupg_fd_t create_server_socket (char *name, int is_ssh,
assuan_sock_nonce_t *nonce);
static void create_directories (void);
@@ -325,7 +323,7 @@ static void agent_deinit_default_ctrl (ctrl_t ctrl);
static void handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_ssh);
static void check_own_socket (void);
-static int check_for_running_agent (int silent, int mode);
+static int check_for_running_agent (int silent);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_NPTH_IMPL;
@@ -620,7 +618,6 @@ main (int argc, char **argv )
int debug_wait = 0;
int gpgconf_list = 0;
gpg_error_t err;
- const char *env_file_name = NULL;
struct assuan_malloc_hooks malloc_hooks;
/* Before we do anything else we save the list of currently open
@@ -670,9 +667,6 @@ main (int argc, char **argv )
/* Set default options. */
parse_rereadable_options (NULL, 0); /* Reset them to default values. */
-#ifdef USE_STANDARD_SOCKET
- opt.use_standard_socket = 1;
-#endif
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
@@ -830,8 +824,8 @@ main (int argc, char **argv )
case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str);
break;
- case oUseStandardSocket: opt.use_standard_socket = 1; break;
- case oNoUseStandardSocket: opt.use_standard_socket = 0; break;
+ case oUseStandardSocket: /* dummy */ break;
+ case oNoUseStandardSocket: /* dummy */ break;
case oFakedSystemTime:
{
@@ -853,12 +847,7 @@ main (int argc, char **argv )
# endif
break;
- case oWriteEnvFile:
- if (pargs.r_type)
- env_file_name = pargs.r.ret_str;
- else
- env_file_name = make_filename ("~/.gpg-agent-info", NULL);
- break;
+ case oWriteEnvFile: /* dummy */ break;
default : pargs.err = configfp? 1:2; break;
}
@@ -914,7 +903,7 @@ main (int argc, char **argv )
print the status directly to stderr. */
opt.debug = 0;
set_debug ();
- check_for_running_agent (0, 0);
+ check_for_running_agent (0);
agent_exit (0);
}
@@ -945,9 +934,9 @@ main (int argc, char **argv )
if (gpgconf_list == 3)
{
- if (opt.use_standard_socket && !opt.quiet)
- log_info ("configured to use the standard socket\n");
- agent_exit (!opt.use_standard_socket);
+ /* We now use the standard socket always - return true for
+ backward compatibility. */
+ agent_exit (0);
}
else if (gpgconf_list == 2)
agent_exit (0);
@@ -1077,14 +1066,11 @@ main (int argc, char **argv )
/* Create the sockets. */
- socket_name = create_socket_name
- (GPG_AGENT_SOCK_NAME, "gpg-XXXXXX/"GPG_AGENT_SOCK_NAME);
-
+ socket_name = create_socket_name (GPG_AGENT_SOCK_NAME);
fd = create_server_socket (socket_name, 0, &socket_nonce);
if (opt.ssh_support)
{
- socket_name_ssh = create_socket_name
- (GPG_AGENT_SSH_SOCK_NAME, "gpg-XXXXXX/"GPG_AGENT_SSH_SOCK_NAME);
+ socket_name_ssh = create_socket_name (GPG_AGENT_SSH_SOCK_NAME);
fd_ssh = create_server_socket (socket_name_ssh, 1, &socket_nonce_ssh);
}
else
@@ -1100,10 +1086,7 @@ main (int argc, char **argv )
#ifdef HAVE_W32_SYSTEM
(void)csh_style;
(void)nodetach;
- (void)env_file_name;
pid = getpid ();
- es_printf ("set %s=%s;%lu;1\n",
- GPG_AGENT_INFO_NAME, socket_name, (ulong)pid);
#else /*!HAVE_W32_SYSTEM*/
pid = fork ();
if (pid == (pid_t)-1)
@@ -1113,7 +1096,7 @@ main (int argc, char **argv )
}
else if (pid)
{ /* We are the parent */
- char *infostr, *infostr_ssh_sock, *infostr_ssh_valid;
+ char *infostr_ssh_sock, *infostr_ssh_valid;
/* Close the socket FD. */
close (fd);
@@ -1133,14 +1116,7 @@ main (int argc, char **argv )
log_info ("no saved signal mask\n");
#endif /*HAVE_SIGPROCMASK*/
- /* Create the info string: :: */
- if (asprintf (&infostr, "%s=%s:%lu:1",
- GPG_AGENT_INFO_NAME, socket_name, (ulong)pid ) < 0)
- {
- log_error ("out of core\n");
- kill (pid, SIGTERM);
- exit (1);
- }
+ /* Create the SSH info string if enabled. */
if (opt.ssh_support)
{
if (asprintf (&infostr_ssh_sock, "SSH_AUTH_SOCK=%s",
@@ -1164,37 +1140,8 @@ main (int argc, char **argv )
if (opt.ssh_support)
*socket_name_ssh = 0;
- if (env_file_name)
- {
- estream_t fp;
-
- fp = es_fopen (env_file_name, "w,mode=-rw");
- if (!fp)
- log_error (_("error creating '%s': %s\n"),
- env_file_name, strerror (errno));
- else
- {
- es_fputs (infostr, fp);
- es_putc ('\n', fp);
- if (opt.ssh_support)
- {
- es_fputs (infostr_ssh_sock, fp);
- es_putc ('\n', fp);
- }
- es_fclose (fp);
- }
- }
-
-
if (argc)
{ /* Run the program given on the commandline. */
- if (putenv (infostr))
- {
- log_error ("failed to set environment: %s\n",
- strerror (errno) );
- kill (pid, SIGTERM );
- exit (1);
- }
if (opt.ssh_support && (putenv (infostr_ssh_sock)
|| putenv (infostr_ssh_valid)))
{
@@ -1222,8 +1169,6 @@ main (int argc, char **argv )
shell's eval to set it */
if (csh_style)
{
- *strchr (infostr, '=') = ' ';
- es_printf ("setenv %s;\n", infostr);
if (opt.ssh_support)
{
*strchr (infostr_ssh_sock, '=') = ' ';
@@ -1232,14 +1177,12 @@ main (int argc, char **argv )
}
else
{
- es_printf ( "%s; export %s;\n", infostr, GPG_AGENT_INFO_NAME);
if (opt.ssh_support)
{
es_printf ("%s; export SSH_AUTH_SOCK;\n",
infostr_ssh_sock);
}
}
- xfree (infostr);
if (opt.ssh_support)
{
xfree (infostr_ssh_sock);
@@ -1496,45 +1439,18 @@ get_agent_scd_notify_event (void)
-/* Create a name for the socket. With USE_STANDARD_SOCKET given as
- true using STANDARD_NAME in the home directory or if given as
- false from the mkdir type name TEMPLATE. In the latter case a
- unique name in a unique new directory will be created. In both
- cases check for valid characters as well as against a maximum
- allowed length for a unix domain socket is done. The function
- terminates the process in case of an error. Returns: Pointer to an
- allocated string with the absolute name of the socket used. */
+/* Create a name for the socket in the home directory as using
+ STANDARD_NAME. We also check for valid characters as well as
+ against a maximum allowed length for a unix domain socket is done.
+ The function terminates the process in case of an error. Returns:
+ Pointer to an allocated string with the absolute name of the socket
+ used. */
static char *
-create_socket_name (char *standard_name, char *template)
+create_socket_name (char *standard_name)
{
- char *name, *p;
-
- if (opt.use_standard_socket)
- name = make_filename (opt.homedir, standard_name, NULL);
- else
- {
- /* Prepend the tmp directory to the template. */
- p = getenv ("TMPDIR");
- if (!p || !*p)
- p = "/tmp";
- if (p[strlen (p) - 1] == '/')
- name = xstrconcat (p, template, NULL);
- else
- name = xstrconcat (p, "/", template, NULL);
-
- p = strrchr (name, '/');
- if (!p)
- BUG ();
- *p = 0;
- if (!mkdtemp (name))
- {
- log_error (_("can't create directory '%s': %s\n"),
- name, strerror (errno));
- agent_exit (2);
- }
- *p = '/';
- }
+ char *name;
+ name = make_filename (opt.homedir, standard_name, NULL);
if (strchr (name, PATHSEP_C))
{
log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
@@ -1583,22 +1499,22 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce)
/* Our error code mapping on W32CE returns EEXIST thus we also test
for this. */
- if (opt.use_standard_socket && rc == -1
+ if (rc == -1
&& (errno == EADDRINUSE
#ifdef HAVE_W32_SYSTEM
|| errno == EEXIST
#endif
))
{
- /* Check whether a gpg-agent is already running on the standard
- socket. We do this test only if this is not the ssh socket.
+ /* Check whether a gpg-agent is already running.
+ We do this test only if this is not the ssh socket.
For ssh we assume that a test for gpg-agent has already been
done and reuse the requested ssh socket. Testing the
ssh-socket is not possible because at this point, though we
know the new Assuan socket, the Assuan server and thus the
ssh-agent server is not yet operational. This would lead to
a hang. */
- if (!is_ssh && !check_for_running_agent (1, 1))
+ if (!is_ssh && !check_for_running_agent (1))
{
log_set_prefix (NULL, JNLIB_LOG_WITH_PREFIX);
log_set_file (NULL);
@@ -1623,8 +1539,7 @@ create_server_socket (char *name, int is_ssh, assuan_sock_nonce_t *nonce)
gpg_strerror (gpg_error_from_errno (errno)));
assuan_sock_close (fd);
- if (opt.use_standard_socket)
- *name = 0; /* Inhibit removal of the socket by cleanup(). */
+ *name = 0; /* Inhibit removal of the socket by cleanup(). */
agent_exit (2);
}
@@ -2429,9 +2344,6 @@ check_own_socket (void)
if (disable_check_own_socket)
return;
- if (!opt.use_standard_socket)
- return; /* This check makes only sense in standard socket mode. */
-
if (check_own_socket_running || shutdown_pending)
return; /* Still running or already shutting down. */
@@ -2452,73 +2364,25 @@ check_own_socket (void)
/* Figure out whether an agent is available and running. Prints an
- error if not. If SILENT is true, no messages are printed. Usually
- started with MODE 0. Returns 0 if the agent is running. */
+ error if not. If SILENT is true, no messages are printed.
+ Returns 0 if the agent is running. */
static int
-check_for_running_agent (int silent, int mode)
+check_for_running_agent (int silent)
{
- int rc;
- char *infostr, *p;
+ gpg_error_t err;
+ char *sockname;
assuan_context_t ctx = NULL;
- int prot, pid;
-
- if (!mode)
- {
- infostr = getenv (GPG_AGENT_INFO_NAME);
- if (!infostr || !*infostr)
- {
- if (!check_for_running_agent (silent, 1))
- return 0; /* Okay, its running on the standard socket. */
- if (!silent)
- log_error (_("no gpg-agent running in this session\n"));
- return -1;
- }
- infostr = xstrdup (infostr);
- if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
- {
- xfree (infostr);
- if (!check_for_running_agent (silent, 1))
- return 0; /* Okay, its running on the standard socket. */
- if (!silent)
- log_error (_("malformed %s environment variable\n"),
- GPG_AGENT_INFO_NAME);
- return -1;
- }
-
- *p++ = 0;
- pid = atoi (p);
- while (*p && *p != PATHSEP_C)
- p++;
- prot = *p? atoi (p+1) : 0;
- if (prot != 1)
- {
- xfree (infostr);
- if (!silent)
- log_error (_("gpg-agent protocol version %d is not supported\n"),
- prot);
- if (!check_for_running_agent (silent, 1))
- return 0; /* Okay, its running on the standard socket. */
- return -1;
- }
- }
- else /* MODE != 0 */
- {
- infostr = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL);
- pid = (pid_t)(-1);
- }
+ sockname = make_filename (opt.homedir, GPG_AGENT_SOCK_NAME, NULL);
- rc = assuan_new (&ctx);
- if (! rc)
- rc = assuan_socket_connect (ctx, infostr, pid, 0);
- xfree (infostr);
- if (rc)
+ err = assuan_new (&ctx);
+ if (!err)
+ err = assuan_socket_connect (ctx, sockname, (pid_t)(-1), 0);
+ xfree (sockname);
+ if (err)
{
- if (!mode && !check_for_running_agent (silent, 1))
- return 0; /* Okay, its running on the standard socket. */
-
- if (!mode && !silent)
- log_error ("can't connect to the agent: %s\n", gpg_strerror (rc));
+ if (!silent)
+ log_error (_("no gpg-agent running in this session\n"));
if (ctx)
assuan_release (ctx);
diff --git a/common/asshelp.c b/common/asshelp.c
index 5e3f663..e97d396 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -359,14 +359,11 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
gpg_error_t (*status_cb)(ctrl_t, int, ...),
ctrl_t status_cb_arg)
{
- /* If we ever failed to connect via a socket we will force the use
- of the pipe based server for the lifetime of the process. */
- static int force_pipe_server = 0;
-
- gpg_error_t err = 0;
- char *infostr, *p;
+ gpg_error_t err;
assuan_context_t ctx;
int did_success_msg = 0;
+ char *sockname;
+ const char *argv[5];
*r_ctx = NULL;
@@ -377,200 +374,96 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
return err;
}
- restart:
- infostr = force_pipe_server? NULL : getenv (GPG_AGENT_INFO_NAME);
- if (!infostr || !*infostr)
+ sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL);
+ err = assuan_socket_connect (ctx, sockname, 0, 0);
+ if (err)
{
- char *sockname;
- const char *argv[5];
- pid_t pid;
- int excode;
-
- /* First check whether we can connect at the standard
- socket. */
- sockname = make_absfilename (homedir, GPG_AGENT_SOCK_NAME, NULL);
- err = assuan_socket_connect (ctx, sockname, 0, 0);
+ char *abs_homedir;
+ lock_spawn_t lock;
- if (err)
- {
- char *abs_homedir;
+ /* With no success start a new server. */
+ if (!agent_program || !*agent_program)
+ agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
- /* With no success start a new server. */
- if (!agent_program || !*agent_program)
- agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+ if (verbose)
+ log_info (_("no running gpg-agent - starting '%s'\n"),
+ agent_program);
- if (verbose)
- log_info (_("no running gpg-agent - starting '%s'\n"),
- agent_program);
+ if (status_cb)
+ status_cb (status_cb_arg, STATUS_PROGRESS,
+ "starting_agent ? 0 0", NULL);
- if (status_cb)
- status_cb (status_cb_arg, STATUS_PROGRESS,
- "starting_agent ? 0 0", NULL);
+ /* We better pass an absolute home directory to the agent just
+ in case gpg-agent does not convert the passed name to an
+ absolute one (which it should do). */
+ abs_homedir = make_absfilename_try (homedir, NULL);
+ if (!abs_homedir)
+ {
+ gpg_error_t tmperr = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ log_error ("error building filename: %s\n",gpg_strerror (tmperr));
+ xfree (sockname);
+ assuan_release (ctx);
+ return tmperr;
+ }
- /* We better pass an absolute home directory to the agent
- just in casee gpg-agent does not convert the passed name
- to an absolute one (which it should do). */
- abs_homedir = make_absfilename_try (homedir, NULL);
- if (!abs_homedir)
- {
- gpg_error_t tmperr = gpg_err_make (errsource,
- gpg_err_code_from_syserror ());
- log_error ("error building filename: %s\n",gpg_strerror (tmperr));
- xfree (sockname);
- assuan_release (ctx);
- return tmperr;
- }
+ if (fflush (NULL))
+ {
+ gpg_error_t tmperr = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ log_error ("error flushing pending output: %s\n",
+ strerror (errno));
+ xfree (sockname);
+ assuan_release (ctx);
+ xfree (abs_homedir);
+ return tmperr;
+ }
- if (fflush (NULL))
- {
- gpg_error_t tmperr = gpg_err_make (errsource,
- gpg_err_code_from_syserror ());
- log_error ("error flushing pending output: %s\n",
- strerror (errno));
- xfree (sockname);
- assuan_release (ctx);
- xfree (abs_homedir);
- return tmperr;
- }
+ /* If the agent has been configured for use with a standard
+ socket, an environment variable is not required and thus
+ we we can savely start the agent here. */
- argv[0] = "--homedir";
- argv[1] = abs_homedir;
- argv[2] = "--use-standard-socket-p";
- argv[3] = NULL;
- err = gnupg_spawn_process_fd (agent_program, argv, -1, -1, -1, &pid);
+ argv[0] = "--homedir";
+ argv[1] = abs_homedir;
+ argv[2] = "--use-standard-socket";
+ argv[3] = "--daemon";
+ argv[4] = NULL;
+
+ if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
+ && assuan_socket_connect (ctx, sockname, 0, 0))
+ {
+ err = gnupg_spawn_process_detached (agent_program, argv,NULL);
if (err)
- log_debug ("starting '%s' for testing failed: %s\n",
+ log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
- else if ((err = gnupg_wait_process (agent_program, pid, 1, &excode)))
+ else
{
- if (excode == -1)
- log_debug ("running '%s' for testing failed (wait): %s\n",
- agent_program, gpg_strerror (err));
- }
- gnupg_release_process (pid);
+ int i;
- if (!err && !excode)
- {
- /* If the agent has been configured for use with a
- standard socket, an environment variable is not
- required and thus we we can savely start the agent
- here. */
- lock_spawn_t lock;
-
- argv[0] = "--homedir";
- argv[1] = abs_homedir;
- argv[2] = "--use-standard-socket";
- argv[3] = "--daemon";
- argv[4] = NULL;
-
- if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
- && assuan_socket_connect (ctx, sockname, 0, 0))
+ for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
{
- err = gnupg_spawn_process_detached (agent_program, argv,NULL);
- if (err)
- log_error ("failed to start agent '%s': %s\n",
- agent_program, gpg_strerror (err));
- else
+ if (verbose)
+ log_info (_("waiting for the agent to come up ... (%ds)\n"),
+ SECS_TO_WAIT_FOR_AGENT - i);
+ gnupg_sleep (1);
+ err = assuan_socket_connect (ctx, sockname, 0, 0);
+ if (!err)
{
- int i;
-
- for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
+ if (verbose)
{
- if (verbose)
- log_info (_("waiting for the agent "
- "to come up ... (%ds)\n"),
- SECS_TO_WAIT_FOR_AGENT - i);
- gnupg_sleep (1);
- err = assuan_socket_connect (ctx, sockname, 0, 0);
- if (!err)
- {
- if (verbose)
- {
- log_info (_("connection to agent "
- "established\n"));
- did_success_msg = 1;
- }
- break;
- }
+ log_info (_("connection to agent established\n"));
+ did_success_msg = 1;
}
+ break;
}
}
-
- unlock_spawning (&lock, "agent");
}
- else
- {
- /* If using the standard socket is not the default we
- start the agent as a pipe server which gives us most
- of the required features except for passphrase
- caching etc. */
- const char *pgmname;
- assuan_fd_t no_close_list[3];
- int i;
-
- if ( !(pgmname = strrchr (agent_program, '/')))
- pgmname = agent_program;
- else
- pgmname++;
-
- argv[0] = pgmname; /* (Assuan expects a standard argv.) */
- argv[1] = "--homedir";
- argv[2] = abs_homedir;
- argv[3] = "--server";
- argv[4] = NULL;
-
- i=0;
- if (log_get_fd () != -1)
- no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ());
- no_close_list[i++] = assuan_fd_from_posix_fd (fileno (stderr));
- no_close_list[i] = ASSUAN_INVALID_FD;
-
- /* Connect to the agent and perform initial handshaking. */
- err = assuan_pipe_connect (ctx, agent_program, argv,
- no_close_list, NULL, NULL, 0);
- }
- xfree (abs_homedir);
}
- xfree (sockname);
- }
- else
- {
- int prot;
- int pid;
- infostr = xstrdup (infostr);
- if ( !(p = strchr (infostr, PATHSEP_C)) || p == infostr)
- {
- log_error (_("malformed %s environment variable\n"),
- GPG_AGENT_INFO_NAME);
- xfree (infostr);
- force_pipe_server = 1;
- goto restart;
- }
- *p++ = 0;
- pid = atoi (p);
- while (*p && *p != PATHSEP_C)
- p++;
- prot = *p? atoi (p+1) : 0;
- if (prot != 1)
- {
- log_error (_("gpg-agent protocol version %d is not supported\n"),
- prot);
- xfree (infostr);
- force_pipe_server = 1;
- goto restart;
- }
-
- err = assuan_socket_connect (ctx, infostr, pid, 0);
- xfree (infostr);
- if (gpg_err_code (err) == GPG_ERR_ASS_CONNECT_FAILED)
- {
- log_info (_("can't connect to the agent - trying fall back\n"));
- force_pipe_server = 1;
- goto restart;
- }
+ unlock_spawning (&lock, "agent");
+ xfree (abs_homedir);
}
-
+ xfree (sockname);
if (err)
{
log_error ("can't connect to the agent: %s\n", gpg_strerror (err));
@@ -582,11 +475,11 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_debug (_("connection to agent established\n"));
err = assuan_transact (ctx, "RESET",
- NULL, NULL, NULL, NULL, NULL, NULL);
+ NULL, NULL, NULL, NULL, NULL, NULL);
if (!err)
err = send_pinentry_environment (ctx, errsource,
- opt_lc_ctype, opt_lc_messages,
- session_env);
+ opt_lc_ctype, opt_lc_messages,
+ session_env);
if (err)
{
assuan_release (ctx);
diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c
index 7bcd79b..05e9e10 100644
--- a/common/exechelp-w32.c
+++ b/common/exechelp-w32.c
@@ -754,10 +754,7 @@ gnupg_spawn_process_detached (const char *pgmname, const char *argv[],
char *cmdline;
- /* FIXME: We don't make use of ENVP yet. It is currently only used
- to pass the GPG_AGENT_INFO variable to gpg-agent. As the default
- on windows is to use a standard socket, this does not really
- matter. */
+ /* We don't use ENVP. */
(void)envp;
if (access (pgmname, X_OK))
diff --git a/common/simple-pwquery.c b/common/simple-pwquery.c
index 7dcc057..0eff5c5 100644
--- a/common/simple-pwquery.c
+++ b/common/simple-pwquery.c
@@ -69,13 +69,12 @@
#endif
-/* Name of the socket to be used if GPG_AGENT_INFO has not been
- set. No default socket is used if this is NULL. */
+/* Name of the socket to be used. This is a kludge to keep on using
+ the existsing code despite that we only support a standard socket. */
static char *default_gpg_agent_info;
-
#ifndef HAVE_STPCPY
@@ -324,14 +323,11 @@ agent_open (int *rfd)
char *infostr, *p;
struct sockaddr_un client_addr;
size_t len;
- int prot;
char line[200];
int nread;
*rfd = -1;
- infostr = getenv (GPG_AGENT_INFO_NAME);
- if ( !infostr || !*infostr )
- infostr = default_gpg_agent_info;
+ infostr = default_gpg_agent_info;
if ( !infostr || !*infostr )
{
#ifdef SPWQ_USE_LOGGING
@@ -348,23 +344,12 @@ agent_open (int *rfd)
if ( !(p = strchr ( infostr, PATHSEP_C)) || p == infostr
|| (p-infostr)+1 >= sizeof client_addr.sun_path )
{
-#ifdef SPWQ_USE_LOGGING
- log_error (_("malformed %s environment variable\n"), GPG_AGENT_INFO_NAME);
-#endif
return SPWQ_NO_AGENT;
}
*p++ = 0;
while (*p && *p != PATHSEP_C)
p++;
- prot = *p? atoi (p+1) : 0;
- if ( prot != 1)
- {
-#ifdef SPWQ_USE_LOGGING
- log_error (_("gpg-agent protocol version %d is not supported\n"),prot);
-#endif
- return SPWQ_PROTOCOL_ERROR;
- }
#ifdef HAVE_W32_SYSTEM
fd = _w32_sock_new (AF_UNIX, SOCK_STREAM, 0);
diff --git a/configure.ac b/configure.ac
index be10791..9e1dd89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -104,7 +104,6 @@ use_exec=yes
use_trust_models=yes
card_support=yes
use_ccid_driver=yes
-use_standard_socket=yes
dirmngr_auto_start=yes
use_tls_library=no
@@ -707,30 +706,6 @@ fi
AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-#
-# Allows enabling the use of a standard socket by default This is
-# gpg-agent's option --[no-]use-standard-socket. For Windows we force
-# the use of this.
-#
-AC_MSG_CHECKING([whether to use a standard socket by default])
-AC_ARG_ENABLE(standard-socket,
- AC_HELP_STRING([--disable-standard-socket],
- [don't use a standard socket by default]),
- use_standard_socket=$enableval)
-tmp=""
-if test "$use_standard_socket" != yes; then
- if test "$have_w32_system" = yes; then
- use_standard_socket=yes
- tmp=" (forced)"
- fi
-fi
-AC_MSG_RESULT($use_standard_socket$tmp)
-if test "$use_standard_socket" = yes; then
- AC_DEFINE(USE_STANDARD_SOCKET,1,
- [Use the standard socket for the agent by default])
-fi
-
-
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
@@ -1615,8 +1590,6 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
-AC_DEFINE_UNQUOTED(GPG_AGENT_INFO_NAME, "GPG_AGENT_INFO",
- [The name of the agent info envvar])
AC_DEFINE_UNQUOTED(GPG_AGENT_SOCK_NAME, "S.gpg-agent",
[The name of the agent socket])
AC_DEFINE_UNQUOTED(GPG_AGENT_SSH_SOCK_NAME, "S.gpg-agent.ssh",
@@ -1802,7 +1775,6 @@ echo "
Default scdaemon: $show_gnupg_scdaemon_pgm
Default dirmngr: $show_gnupg_dirmngr_pgm
- Use standard socket: $use_standard_socket
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
DNS SRV support: $use_dns_srv
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index b42d353..7c21889 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -53,10 +53,10 @@ independently from any protocol. It is used as a backend for
utilities.
@ifset gpgtwoone
-The agent is usualy started on demand by @command{gpg}, @command{gpgsm},
- at command{gpgconf} or @command{gpg-connect-agent}. Thus there is no
-reason to start it manually. In case you want to use the included
-Secure Shell Agent you may start the agent using:
+The agent is automatically started on demand by @command{gpg},
+ at command{gpgsm}, @command{gpgconf}, or @command{gpg-connect-agent}.
+Thus there is no reason to start it manually. In case you want to use
+the included Secure Shell Agent you may start the agent using:
@example
gpg-connect-agent /bye
@@ -174,11 +174,15 @@ default mode is to create a socket and listen for commands there.
@item --daemon [@var{command line}]
@opindex daemon
Start the gpg-agent as a daemon; that is, detach it from the console
-and run it in the background. Because @command{gpg-agent} prints out
+and run it in the background.
+ at ifclear gpgtwoone
+Because @command{gpg-agent} prints out
important information required for further use, a common way of
invoking gpg-agent is: @code{eval $(gpg-agent --daemon)} to setup the
environment variables. The option @option{--write-env-file} is
-another way commonly used to do this. Yet another way is creating
+another way commonly used to do this.
+ at end ifclear
+Yet another way is creating
a new process as a child of gpg-agent: @code{gpg-agent --daemon
/bin/sh}. This way you get a new shell with the environment setup
properly; if you exit from this shell, gpg-agent terminates as well.
@@ -305,6 +309,7 @@ shell or the C-shell respectively. The default is to guess it based on
the environment variable @code{SHELL} which is correct in almost all
cases.
+ at ifclear gpgtwoone
@item --write-env-file @var{file}
@opindex write-env-file
Often it is required to connect to the agent from a process not being an
@@ -319,7 +324,7 @@ to be evaluated by a Bourne shell like in this simple example:
eval $(cat @var{file})
eval $(cut -d= -f 1 < @var{file} | xargs echo export)
@end example
-
+ at end ifclear
@item --no-grab
@@ -466,6 +471,11 @@ debugging purposes.
@itemx --no-use-standard-socket
@opindex use-standard-socket
@opindex no-use-standard-socket
+ at ifset gpgtwoone
+Since GnuPG 2.1 the standard socket is always used. These options
+have no more effect.
+ at end ifset
+ at ifclear gpgtwoone
By enabling this option @command{gpg-agent} will listen on the socket
named @file{S.gpg-agent}, located in the home directory, and not create
a random socket below a temporary directory. Tools connecting to
@@ -474,19 +484,16 @@ environment variable @var{GPG_AGENT_INFO} and then fall back to this
socket. This option may not be used if the home directory is mounted on
a remote file system which does not support special files like fifos or
sockets.
- at ifset gpgtwoone
-Note, that @option{--use-standard-socket} is the default on all
-systems since GnuPG 2.1.
- at end ifset
- at ifclear gpgtwoone
+
Note, that @option{--use-standard-socket} is the default on
Windows systems.
- at end ifclear
+
The default may be changed at build time. It is
possible to test at runtime whether the agent has been configured for
use with the standard socket by issuing the command @command{gpg-agent
--use-standard-socket-p} which returns success if the standard socket
option has been enabled.
+ at end ifclear
@item --display @var{string}
@itemx --ttyname @var{string}
@@ -751,6 +758,30 @@ This signal is used for internal purposes.
@node Agent Examples
@section Examples
+ at ifset gpgtwoone
+It is important to set the GPG_TTY environment variable in
+your login shell, for example in the @file{~/.bashrc} init script:
+
+ at cartouche
+ at example
+ export GPG_TTY=$(tty)
+ at end example
+ at end cartouche
+
+If you enabled the Ssh Agent Support, you also need to tell ssh about
+it by adding this to your init script:
+
+ at cartouche
+ at example
+unset SSH_AGENT_PID
+if [ "$@{gnupg_SSH_AUTH_SOCK_by:-0@}" -ne $$ ]; then
+ export SSH_AUTH_SOCK="$@{HOME@}/.gnupg/S.gpg-agent.ssh"
+fi
+ at end example
+ at end cartouche
+ at end ifset
+
+ at ifclear gpgtwoone
The usual way to invoke @command{gpg-agent} is
@example
@@ -786,6 +817,7 @@ and add something like (for Bourne shells)
@noindent
to your shell initialization file (e.g. @file{~/.bashrc}).
+ at end ifclear
@c
@c Assuan Protocol
@@ -797,15 +829,21 @@ to your shell initialization file (e.g. @file{~/.bashrc}).
Note: this section does only document the protocol, which is used by
GnuPG components; it does not deal with the ssh-agent protocol.
+ at ifset gpgtwoone
+The @command{gpg-agent} daemon is started on demand by the GnuPG
+components.
+ at end ifset
+ at ifclear gpgtwoone
The @command{gpg-agent} should be started by the login shell and set an
environment variable to tell clients about the socket to be used.
Clients should deny to access an agent with a socket name which does
not match its own configuration. An application may choose to start
-an instance of the gpgagent if it does not figure that any has been
-started; it should not do this if a gpgagent is running but not
+an instance of the gpg-agent if it does not figure that any has been
+started; it should not do this if a gpg-agent is running but not
usable. Because @command{gpg-agent} can only be used in background mode, no
special command line option is required to activate the use of the
protocol.
+ at end ifclear
To identify a key we use a thing called keygrip which is the SHA-1 hash
of an canonical encoded S-Expression of the public key as used in
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 31bdda0..33329a1 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1701,9 +1701,12 @@ This is dummy option. It has no effect when used with @command{gpg2}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/bin/gpg-agent}. This is only used
+default value is the @file{/usr/bin/gpg-agent}.
+ at ifclear gpgtwoone
+This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
set or a running agent cannot be connected.
+ at end ifclear
@ifset gpgtwoone
@item --dirmngr-program @var{file}
@@ -3040,6 +3043,10 @@ Operation is further controlled by a few environment variables:
If set directory used instead of "~/.gnupg".
@item GPG_AGENT_INFO
+ at ifset gpgtwoone
+ This variable was used by GnuPG versions before 2.1
+ at end ifset
+ at ifclear gpgtwoone
Used to locate the gpg-agent.
The value consists of 3 colon delimited fields: The first is the path
@@ -3047,6 +3054,7 @@ Operation is further controlled by a few environment variables:
protocol version which should be set to 1. When starting the gpg-agent
as described in its documentation, this variable is set to the correct
value. The option @option{--gpg-agent-info} can be used to override it.
+ at end ifclear
@item PINENTRY_USER_DATA
This value is passed via gpg-agent to pinentry. It is useful to convey
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 078d2ad..bc6326c 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -358,9 +358,12 @@ Change the default name of the policy file to @var{filename}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/local/bin/gpg-agent}. This is only used
+default value is the @file{/usr/local/bin/gpg-agent}.
+ at ifclear gpgtwoone
+This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
set or a running agent cannot be connected.
+ at end ifclear
@item --dirmngr-program @var{file}
@opindex dirmngr-program
@@ -892,8 +895,12 @@ other programs of this software too.
@item S.gpg-agent
@cindex S.gpg-agent
-If this file exists and the environment variable @env{GPG_AGENT_INFO} is
-not set, @command{gpgsm} will first try to connect to this socket for
+If this file exists
+ at ifclear gpgtwoone
+and the environment variable @env{GPG_AGENT_INFO} is
+not set,
+ at end ifclear
+ at command{gpgsm} will first try to connect to this socket for
accessing @command{gpg-agent} before starting a new @command{gpg-agent}
instance. Under Windows this socket (which in reality be a plain file
describing a regular TCP listening port) is the standard way of
diff --git a/g10/server.c b/g10/server.c
index b019d1a..d02f20e 100644
--- a/g10/server.c
+++ b/g10/server.c
@@ -728,15 +728,12 @@ gpg_server (ctrl_t ctrl)
if (opt.verbose || opt.debug)
{
char *tmp = NULL;
- const char *s1 = getenv (GPG_AGENT_INFO_NAME);
tmp = xtryasprintf ("Home: %s\n"
"Config: %s\n"
- "AgentInfo: %s\n"
"%s",
opt.homedir,
"fixme: need config filename",
- s1?s1:"[not set]",
hello);
if (tmp)
{
diff --git a/g13/server.c b/g13/server.c
index 573f670..07b74f8 100644
--- a/g13/server.c
+++ b/g13/server.c
@@ -612,15 +612,12 @@ g13_server (ctrl_t ctrl)
if (opt.verbose || opt.debug)
{
char *tmp = NULL;
- const char *s1 = getenv (GPG_AGENT_INFO_NAME);
tmp = xtryasprintf ("Home: %s\n"
"Config: %s\n"
- "AgentInfo: %s\n"
"%s",
opt.homedir,
opt.config_filename,
- s1?s1:"[not set]",
hello);
if (tmp)
{
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 9cc4d11..be99b00 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -206,9 +206,8 @@ static int ticker_disabled;
-static char *create_socket_name (int use_standard_socket,
- char *standard_name, char *template);
-static gnupg_fd_t create_server_socket (int is_standard_name, const char *name,
+static char *create_socket_name (char *standard_name);
+static gnupg_fd_t create_server_socket (const char *name,
assuan_sock_nonce_t *nonce);
static void *start_connection_thread (void *arg);
@@ -399,7 +398,6 @@ main (int argc, char **argv )
int gpgconf_list = 0;
const char *config_filename = NULL;
int allow_coredump = 0;
- int standard_socket = 0;
struct assuan_malloc_hooks malloc_hooks;
int res;
npth_t pipecon_handler;
@@ -445,12 +443,6 @@ main (int argc, char **argv )
opt.allow_admin = 1;
opt.pcsc_driver = DEFAULT_PCSC_DRIVER;
-#ifdef HAVE_W32_SYSTEM
- standard_socket = 1; /* Under Windows we always use a standard
- socket. */
-#endif
-
-
shell = getenv ("SHELL");
if (shell && strlen (shell) >= 3 && !strcmp (shell+strlen (shell)-3, "csh") )
csh_style = 1;
@@ -744,12 +736,8 @@ main (int argc, char **argv )
back the name of that socket. */
if (multi_server)
{
- socket_name = create_socket_name (standard_socket,
- SCDAEMON_SOCK_NAME,
- "gpg-XXXXXX/" SCDAEMON_SOCK_NAME);
-
- fd = FD2INT(create_server_socket (standard_socket,
- socket_name, &socket_nonce));
+ socket_name = create_socket_name (SCDAEMON_SOCK_NAME);
+ fd = FD2INT(create_server_socket (socket_name, &socket_nonce));
}
res = npth_attr_init (&tattr);
@@ -800,12 +788,8 @@ main (int argc, char **argv )
#endif
/* Create the socket. */
- socket_name = create_socket_name (standard_socket,
- SCDAEMON_SOCK_NAME,
- "gpg-XXXXXX/" SCDAEMON_SOCK_NAME);
-
- fd = FD2INT (create_server_socket (standard_socket,
- socket_name, &socket_nonce));
+ socket_name = create_socket_name (SCDAEMON_SOCK_NAME);
+ fd = FD2INT (create_server_socket (socket_name, &socket_nonce));
fflush (NULL);
@@ -1026,46 +1010,17 @@ handle_tick (void)
}
-/* Create a name for the socket. With USE_STANDARD_SOCKET given as
- true using STANDARD_NAME in the home directory or if given has
- false from the mkdir type name TEMPLATE. In the latter case a
- unique name in a unique new directory will be created. In both
- cases check for valid characters as well as against a maximum
- allowed length for a unix domain socket is done. The function
- terminates the process in case of an error. Retunrs: Pointer to an
- allcoated string with the absolute name of the socket used. */
+/* Create a name for the socket. We check for valid characters as
+ well as against a maximum allowed length for a unix domain socket
+ is done. The function terminates the process in case of an error.
+ Retunrs: Pointer to an allcoated string with the absolute name of
+ the socket used. */
static char *
-create_socket_name (int use_standard_socket,
- char *standard_name, char *template)
+create_socket_name (char *standard_name)
{
- char *name, *p;
-
- if (use_standard_socket)
- name = make_filename (opt.homedir, standard_name, NULL);
- else
- {
- /* Prepend the tmp directory to the template. */
- p = getenv ("TMPDIR");
- if (!p || !*p)
- p = "/tmp";
- if (p[strlen (p) - 1] == '/')
- name = xstrconcat (p, template, NULL);
- else
- name = xstrconcat (p, "/", template, NULL);
-
- p = strrchr (name, '/');
- if (!p)
- BUG ();
- *p = 0;
- if (!mkdtemp (name))
- {
- log_error (_("can't create directory '%s': %s\n"),
- name, strerror (errno));
- scd_exit (2);
- }
- *p = '/';
- }
+ char *name;
+ name = make_filename (opt.homedir, standard_name, NULL);
if (strchr (name, PATHSEP_C))
{
log_error (("'%s' are not allowed in the socket name\n"), PATHSEP_S);
@@ -1081,12 +1036,10 @@ create_socket_name (int use_standard_socket,
-/* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates
- whether a non-random socket is used. Returns the file descriptor
+/* Create a Unix domain socket with NAME. Returns the file descriptor
or terminates the process in case of an error. */
static gnupg_fd_t
-create_server_socket (int is_standard_name, const char *name,
- assuan_sock_nonce_t *nonce)
+create_server_socket (const char *name, assuan_sock_nonce_t *nonce)
{
struct sockaddr_un *serv_addr;
socklen_t len;
@@ -1108,7 +1061,7 @@ create_server_socket (int is_standard_name, const char *name,
len = SUN_LEN (serv_addr);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
- if (is_standard_name && rc == -1 && errno == EADDRINUSE)
+ if (rc == -1 && errno == EADDRINUSE)
{
remove (name);
rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len);
diff --git a/sm/server.c b/sm/server.c
index 978e70a..0bee5b2 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -1299,18 +1299,15 @@ gpgsm_server (certlist_t default_recplist)
if (opt.verbose || opt.debug)
{
char *tmp = NULL;
- const char *s1 = getenv (GPG_AGENT_INFO_NAME);
/* Fixme: Use the really used socket name. */
if (asprintf (&tmp,
"Home: %s\n"
"Config: %s\n"
- "AgentInfo: %s\n"
"DirmngrInfo: %s\n"
"%s",
opt.homedir,
opt.config_filename,
- s1?s1:"[not set]",
(dirmngr_user_socket_name ()
? dirmngr_user_socket_name ()
: dirmngr_sys_socket_name ()),
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index cb37a25..f63c05e 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -366,28 +366,10 @@ main (int argc, char **argv)
}
{
- char *infostr = getenv (GPG_AGENT_INFO_NAME);
-
- if (!infostr || !*infostr)
- infostr = make_filename (default_homedir (),
+ char *tmp = make_filename (default_homedir (),
GPG_AGENT_SOCK_NAME, NULL);
- else
- {
- char *tmp;
-
- infostr = xstrdup (infostr);
- tmp = strchr (infostr, PATHSEP_C);
- if (!tmp || tmp == infostr)
- {
- xfree (infostr);
- infostr = NULL;
- }
- else
- *tmp = 0;
- }
- es_fprintf (outfp, "agent-socket:%s\n",
- infostr? gc_percent_escape (infostr) : "");
- xfree (infostr);
+ es_fprintf (outfp, "agent-socket:%s\n", gc_percent_escape (tmp));
+ xfree (tmp);
}
{
/* We need to use make_filename to expand a possible "~/". */
-----------------------------------------------------------------------
Summary of changes:
README | 68 ++++++------
agent/agent.h | 3 -
agent/command.c | 6 +-
agent/gpg-agent.c | 224 ++++++++-------------------------------
common/asshelp.c | 255 +++++++++++++--------------------------------
common/exechelp-w32.c | 5 +-
common/simple-pwquery.c | 21 +---
configure.ac | 52 ++++-----
doc/gpg-agent.texi | 68 +++++++++---
doc/gpg.texi | 10 +-
doc/gpgsm.texi | 13 ++-
g10/call-agent.c | 30 ++++++
g10/call-agent.h | 2 +
g10/migrate.c | 23 ++++
g10/server.c | 3 -
g13/server.c | 3 -
po/de.po | 101 +++++++++++-------
po/fr.po | 107 ++++++++++++-------
po/ja.po | 93 +++++++++++------
po/uk.po | 103 +++++++++++-------
scd/scdaemon.c | 81 +++-----------
sm/server.c | 3 -
tests/openpgp/Makefile.am | 5 +-
tools/gpgconf.c | 24 +----
24 files changed, 589 insertions(+), 714 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 15:07:37 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 15:07:37 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-28-gbc8583f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via bc8583f247898a1fa45f6de834d34b335ab1952c (commit)
from ade531acac5041b8346581fe323f36b9dcfee502 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bc8583f247898a1fa45f6de834d34b335ab1952c
Author: Werner Koch
Date: Fri Oct 3 15:05:47 2014 +0200
gpg: Allow creating a cert-only primary key.
* g10/keygen.c (ask_key_flags): Allow a 'c' in direct entry.
--
GnuPG-bug-id: 1726
diff --git a/g10/keygen.c b/g10/keygen.c
index 17d7ce1..229f2bf 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1718,6 +1718,13 @@ ask_key_flags(int algo,int subkey)
current |= PUBKEY_USAGE_ENC;
else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH))
current |= PUBKEY_USAGE_AUTH;
+ else if (!subkey && *s == 'c')
+ {
+ /* Accept 'c' for the primary key because USAGE_CERT
+ will will be set anyway. This is for folks who
+ want to experiment with a cert-only primary key. */
+ current |= PUBKEY_USAGE_CERT;
+ }
}
break;
}
-----------------------------------------------------------------------
Summary of changes:
g10/keygen.c | 7 +++++++
1 file changed, 7 insertions(+)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 16:05:52 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 16:05:52 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0943c7cc23371943e9670a2f35c318d847cbac6a (commit)
via 841a797f6d45065aa77128fdfd43bd4769efefa4 (commit)
from bc8583f247898a1fa45f6de834d34b335ab1952c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0943c7cc23371943e9670a2f35c318d847cbac6a
Author: Werner Koch
Date: Fri Oct 3 15:45:32 2014 +0200
Release 2.1.0-beta864.
diff --git a/NEWS b/NEWS
index a700313..4d533ce 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,23 @@
-Noteworthy changes in version 2.1.0-betaNNN (unreleased)
+Noteworthy changes in version 2.1.0-beta864 (2014-10-03)
--------------------------------------------------------
+ * gpg: Removed the GPG_AGENT_INFO related code. GnuPG does now only
+ use a fixed socket name in its home directory.
+
+ * gpg: Renamed --gen-key to --full-gen-key and re-added a --gen-key
+ command using less prompts.
+
+ * gpg: Use SHA-256 for all signature types also on RSA keys.
+
+ * gpg: Default keyring is now created with a .kbx suffix.
+
+ * gpg: Add a shortcut to key capabilies menu (e.g. "=e" sets the
+ encryption capabilities).
+
+ * gpg: Fixed obsolete options parsing.
+
+ * speedo: Improved the quick build system.
+
Noteworthy changes in version 2.1.0-beta834 (2014-09-18)
--------------------------------------------------------
commit 841a797f6d45065aa77128fdfd43bd4769efefa4
Author: Werner Koch
Date: Fri Oct 3 15:30:38 2014 +0200
speedo: Add INSTALL_PREFIX feature.
--
With this it is now possible build and install gnupg 2.1 properly
below /usr/local:
make -f TOPSRC/build-aux/speed.ml native INSTALL_PREFIX=/usr/local
Of course you need installation priviliges for the /usr/local tree.
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index a9ba6d4..6d344f1 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -58,8 +58,10 @@ help:
@echo ' w32-installer Build a Windows installer'
@echo ' w32-source Pack a source archive'
@echo
- @echo 'Prepend TARGET with "git-" to build from GIT repos'
- @echo 'Prepend TARGET with "this-" to build from the source tarball'
+ @echo 'You may append INSTALL_REFIX= for native builds.'
+ @echo 'Prepend TARGET with "git-" to build from GIT repos.'
+ @echo 'Prepend TARGET with "this-" to build from the source tarball.'
+
SPEEDOMAKE := $(MAKE) -f $(SPEEDO_MK) UPD_SWDB=1
@@ -124,6 +126,9 @@ MAKE_J=3
# Name to use for the w32 installer and sources
INST_NAME=gnupg-w32
+# Use this to override the installaion directory for native builds.
+INSTALL_PREFIX=none
+
# Directory names.
# They must be absolute, as we switch directories pretty often.
@@ -131,7 +136,11 @@ root := $(shell pwd)/PLAY
sdir := $(root)/src
bdir := $(root)/build
bdir6:= $(root)/build-w64
+ifeq ($(INSTALL_PREFIX),none)
idir := $(root)/inst
+else
+idir := $(abspath $(INSTALL_PREFIX))
+endif
idir6:= $(root)/inst-w64
stampdir := $(root)/stamps
topsrc := $(shell cd $(dir $(SPEEDO_MK)).. && pwd)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 19 ++++++++++++++++++-
build-aux/speedo.mk | 13 +++++++++++--
2 files changed, 29 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 17:07:29 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 17:07:29 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 5c72ed8b0c55d9da39b05dcfb8e3dd103b6e883e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 5c72ed8b0c55d9da39b05dcfb8e3dd103b6e883e (commit)
from a2b4c989e971b3a7af19cd3feaef76c2a5003cee (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5c72ed8b0c55d9da39b05dcfb8e3dd103b6e883e
Author: Werner Koch
Date: Fri Oct 3 16:52:25 2014 +0200
web: Update news.
--
diff --git a/web/index.org b/web/index.org
index b42a7d8..ba5462b 100644
--- a/web/index.org
+++ b/web/index.org
@@ -56,6 +56,11 @@ all [[file:news.org][news of previous years]] is also available.
# point or paste the [[news.en.rss][RSS file]] into your aggregator.
+** A beta for GnuPG 2.1.0 released (2014-10-03)
+
+A beta beta release for the forthcoming GnuPG 2.1 version is now
+available. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]]
+
** GPA 0.95 released
GPA is the GNU Privacy Assistant, a frontend to GnuPG. This new
-----------------------------------------------------------------------
Summary of changes:
web/index.org | 5 +++++
1 file changed, 5 insertions(+)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 18:28:55 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 18:28:55 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-12-gf681235
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via f68123551f4d5b286309006da67c57878f6cc619 (commit)
via 534e2876acc05f9f8d9b54c18511fe768d77dfb5 (commit)
from 2889a70c102271a1b6ff529bafb6748c4e773014 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f68123551f4d5b286309006da67c57878f6cc619
Author: Werner Koch
Date: Fri Oct 3 18:28:58 2014 +0200
mpi: Fix compiler warning.
* mpi/mpi-inv.c (mpi_invm): Do not return a value.
diff --git a/mpi/mpi-inv.c b/mpi/mpi-inv.c
index 361c57e..43e97d8 100644
--- a/mpi/mpi-inv.c
+++ b/mpi/mpi-inv.c
@@ -166,9 +166,9 @@ mpi_invm( MPI x, MPI a, MPI n )
int odd ;
if (!mpi_cmp_ui (a, 0))
- return 0; /* Inverse does not exists. */
+ return; /* Inverse does not exists. */
if (!mpi_cmp_ui (n, 1))
- return 0; /* Inverse does not exists. */
+ return; /* Inverse does not exists. */
u = mpi_copy(a);
v = mpi_copy(n);
commit 534e2876acc05f9f8d9b54c18511fe768d77dfb5
Author: Daniel Kahn Gillmor
Date: Fri Oct 3 12:01:11 2014 -0400
gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
diff --git a/configure.ac b/configure.ac
index ae63a4a..1fd6253 100644
--- a/configure.ac
+++ b/configure.ac
@@ -158,6 +158,7 @@ use_exec=yes
card_support=yes
agent_support=yes
disable_keyserver_path=no
+large_secmem=no
AC_ARG_ENABLE(minimal,
AC_HELP_STRING([--enable-minimal],[build the smallest gpg binary possible]),
@@ -177,6 +178,21 @@ AC_ARG_ENABLE(minimal,
agent_support=no)
+AC_MSG_CHECKING([whether to allocate extra secure memory])
+AC_ARG_ENABLE(large-secmem,
+ AC_HELP_STRING([--enable-large-secmem],
+ [allocate extra secure memory]),
+ large_secmem=$enableval, large_secmem=no)
+AC_MSG_RESULT($large_secmem)
+if test "$large_secmem" = yes ; then
+ SECMEM_BUFFER_SIZE=65536
+else
+ SECMEM_BUFFER_SIZE=32768
+fi
+AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
+ [Size of secure memory buffer])
+
+
AC_MSG_CHECKING([whether OpenPGP card support is requested])
AC_ARG_ENABLE(card-support,
AC_HELP_STRING([--disable-card-support],
diff --git a/doc/gpg.texi b/doc/gpg.texi
index ded69ce..ae86809 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1104,6 +1104,15 @@ the opposite meaning. The options are:
validation. This option is only meaningful if pka-lookups is set.
@end table
+ at item --enable-large-rsa
+ at itemx --disable-large-rsa
+ at opindex enable-large-rsa
+ at opindex disable-large-rsa
+With --gen-key and --batch, enable the creation of larger RSA secret
+keys than is generally recommended (up to 8192 bits). These large
+keys are more expensive to use, and their signatures and
+certifications are also larger.
+
@item --enable-dsa2
@itemx --disable-dsa2
@opindex enable-dsa2
diff --git a/g10/gpg.c b/g10/gpg.c
index 1b0a364..6dc15fa 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -372,6 +372,8 @@ enum cmd_and_opt_values
oAutoKeyLocate,
oNoAutoKeyLocate,
oAllowMultisigVerification,
+ oEnableLargeRSA,
+ oDisableLargeRSA,
oEnableDSA2,
oDisableDSA2,
oAllowMultipleMessages,
@@ -719,6 +721,8 @@ static ARGPARSE_OPTS opts[] = {
{ oDebugCCIDDriver, "debug-ccid-driver", 0, "@"},
#endif
{ oAllowMultisigVerification, "allow-multisig-verification", 0, "@"},
+ { oEnableLargeRSA, "enable-large-rsa", 0, "@"},
+ { oDisableLargeRSA, "disable-large-rsa", 0, "@"},
{ oEnableDSA2, "enable-dsa2", 0, "@"},
{ oDisableDSA2, "disable-dsa2", 0, "@"},
{ oAllowMultipleMessages, "allow-multiple-messages", 0, "@"},
@@ -1995,7 +1999,7 @@ main (int argc, char **argv )
}
#endif
/* initialize the secure memory. */
- got_secmem=secmem_init( 32768 );
+ got_secmem=secmem_init( SECMEM_BUFFER_SIZE );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
@@ -2851,6 +2855,22 @@ main (int argc, char **argv )
release_akl();
break;
+ case oEnableLargeRSA:
+#if SECMEM_BUFFER_SIZE >= 65536
+ opt.flags.large_rsa=1;
+#else
+ if (configname)
+ log_info("%s:%d: WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring enable-large-rsa\n",
+ configname,configlineno);
+ else
+ log_info("WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring --enable-large-rsa\n");
+#endif /* SECMEM_BUFFER_SIZE >= 65536 */
+ break;
+ case oDisableLargeRSA: opt.flags.large_rsa=0;
+ break;
+
case oEnableDSA2: opt.flags.dsa2=1; break;
case oDisableDSA2: opt.flags.dsa2=0; break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 84f852f..9020908 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1253,6 +1253,7 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
PKT_public_key *pk;
MPI skey[6];
MPI *factors;
+ const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
assert( is_RSA(algo) );
@@ -1260,8 +1261,8 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096) {
- nbits = 4096;
+ else if (nbits > maxsize) {
+ nbits = maxsize;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
diff --git a/g10/options.h b/g10/options.h
index d6326d8..670cf64 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -231,6 +231,7 @@ struct
unsigned int utf8_filename:1;
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
+ unsigned int large_rsa:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 16 ++++++++++++++++
doc/gpg.texi | 9 +++++++++
g10/gpg.c | 22 +++++++++++++++++++++-
g10/keygen.c | 5 +++--
g10/options.h | 1 +
mpi/mpi-inv.c | 4 ++--
6 files changed, 52 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 20:19:36 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 20:19:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-1-g0c52bfa
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0c52bfa3955b629038a6ac42c48356b88fce181e (commit)
from 0943c7cc23371943e9670a2f35c318d847cbac6a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0c52bfa3955b629038a6ac42c48356b88fce181e
Author: Werner Koch
Date: Fri Oct 3 20:19:08 2014 +0200
doc: Minor fix.
--
Due to todays reminder:
On Tue 2014-04-22 18:46:15 -0400, Daniel Kahn Gillmor wrote:
> With --trust-model=always, all keys and user IDs are considered
> automatically valid; they are not automatically trusted (setting
> universal ownertrust to anything other than "ultimate" would be
> insufficient to acheive the effect of --trust-model=always, due to
> --max-cert-depth and certificate path reachability).
>
> Thanks to Nicolai Josuttis for pointing out this documentation
error.
diff --git a/NEWS b/NEWS
index 4d533ce..fe80aab 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,10 @@
+Noteworthy changes in version 2.1.0 (unreleased)
+------------------------------------------------
+
+ * For a complete list of changes see the lists of changes for the
+ 2.1.0 beta versions below.
+
+
Noteworthy changes in version 2.1.0-beta864 (2014-10-03)
--------------------------------------------------------
@@ -11,7 +18,7 @@ Noteworthy changes in version 2.1.0-beta864 (2014-10-03)
* gpg: Default keyring is now created with a .kbx suffix.
- * gpg: Add a shortcut to key capabilies menu (e.g. "=e" sets the
+ * gpg: Add a shortcut to the key capabilies menu (e.g. "=e" sets the
encryption capabilities).
* gpg: Fixed obsolete options parsing.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 33329a1..002e888 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1425,7 +1425,7 @@ Set what trust model GnuPG should follow. The models are:
@item always
@opindex trust-mode:always
Skip key validation and assume that used keys are always fully
- trusted. You generally won't use this unless you are using some
+ valid. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
evidence that the user ID is bound to the key. Note that this
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 ++++++++-
doc/gpg.texi | 2 +-
2 files changed, 9 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 20:21:23 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 03 Oct 2014 20:21:23 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.18-13-g65c05f5
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 65c05f5c18d4331d6f1a5de98b4c6af27bc1aed8 (commit)
from f68123551f4d5b286309006da67c57878f6cc619 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 65c05f5c18d4331d6f1a5de98b4c6af27bc1aed8
Author: Werner Koch
Date: Fri Oct 3 20:21:28 2014 +0200
doc: Minor fix
--
Thanks to dkg for the reminder.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index ae86809..b1a27fb 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1375,7 +1375,7 @@ Set what trust model GnuPG should follow. The models are:
@item always
@opindex trust-mode:always
Skip key validation and assume that used keys are always fully
- trusted. You generally won't use this unless you are using some
+ valid. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
evidence that the user ID is bound to the key. Note that this
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 3 20:24:28 2014
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Fri, 03 Oct 2014 20:24:28 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-12-gf952fe8
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via f952fe8c6ddf13ecca14ca72a27d1f8da6adc901 (commit)
from 39c5d991a8fe9187bfbe71d0ff06630fea36fae0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f952fe8c6ddf13ecca14ca72a27d1f8da6adc901
Author: Daniel Kahn Gillmor
Date: Fri Oct 3 13:59:34 2014 -0400
gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against STABLE-BRANCH-2-0
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
diff --git a/configure.ac b/configure.ac
index 7137e3f..3f83bdc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -83,6 +83,7 @@ use_exec=yes
disable_keyserver_path=no
use_ccid_driver=yes
use_standard_socket=no
+large_secmem=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
@@ -174,6 +175,22 @@ AC_ARG_ENABLE(selinux-support,
selinux_support=$enableval, selinux_support=no)
AC_MSG_RESULT($selinux_support)
+
+AC_MSG_CHECKING([whether to allocate extra secure memory])
+AC_ARG_ENABLE(large-secmem,
+ AC_HELP_STRING([--enable-large-secmem],
+ [allocate extra secure memory]),
+ large_secmem=$enableval, large_secmem=no)
+AC_MSG_RESULT($large_secmem)
+if test "$large_secmem" = yes ; then
+ SECMEM_BUFFER_SIZE=65536
+else
+ SECMEM_BUFFER_SIZE=32768
+fi
+AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
+ [Size of secure memory buffer])
+
+
# Allow disabling of bzib2 support.
# It is defined only after we confirm the library is available later
AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d66259e..b2c956e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1192,6 +1192,15 @@ the opposite meaning. The options are:
validation. This option is only meaningful if pka-lookups is set.
@end table
+ at item --enable-large-rsa
+ at itemx --disable-large-rsa
+ at opindex enable-large-rsa
+ at opindex disable-large-rsa
+With --gen-key and --batch, enable the creation of larger RSA secret
+keys than is generally recommended (up to 8192 bits). These large
+keys are more expensive to use, and their signatures and
+certifications are also larger.
+
@item --enable-dsa2
@itemx --disable-dsa2
@opindex enable-dsa2
diff --git a/g10/gpg.c b/g10/gpg.c
index a995796..576b88e 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -367,6 +367,8 @@ enum cmd_and_opt_values
oAutoKeyLocate,
oNoAutoKeyLocate,
oAllowMultisigVerification,
+ oEnableLargeRSA,
+ oDisableLargeRSA,
oEnableDSA2,
oDisableDSA2,
oAllowMultipleMessages,
@@ -736,6 +738,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultisigVerification,
"allow-multisig-verification", "@"),
+ ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
+ ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
@@ -2069,7 +2073,7 @@ main (int argc, char **argv)
#endif
/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
@@ -2964,6 +2968,22 @@ main (int argc, char **argv)
release_akl();
break;
+ case oEnableLargeRSA:
+#if SECMEM_BUFFER_SIZE >= 65536
+ opt.flags.large_rsa=1;
+#else
+ if (configname)
+ log_info("%s:%d: WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring enable-large-rsa\n",
+ configname,configlineno);
+ else
+ log_info("WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring --enable-large-rsa\n");
+#endif /* SECMEM_BUFFER_SIZE >= 65536 */
+ break;
+ case oDisableLargeRSA: opt.flags.large_rsa=0;
+ break;
+
case oEnableDSA2: opt.flags.dsa2=1; break;
case oDisableDSA2: opt.flags.dsa2=0; break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 5841ad8..17fde7f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1431,6 +1431,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
PKT_secret_key *sk;
PKT_public_key *pk;
gcry_sexp_t s_parms, s_key;
+ const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
assert (is_RSA(algo));
@@ -1442,9 +1443,9 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096)
+ else if (nbits > maxsize)
{
- nbits = 4096;
+ nbits = maxsize;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
diff --git a/g10/options.h b/g10/options.h
index 1a13841..e9c540d 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -232,6 +232,7 @@ struct
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
unsigned int allow_weak_digest_algos:1;
+ unsigned int large_rsa:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 17 +++++++++++++++++
doc/gpg.texi | 9 +++++++++
g10/gpg.c | 22 +++++++++++++++++++++-
g10/keygen.c | 5 +++--
g10/options.h | 1 +
5 files changed, 51 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sat Oct 4 14:37:34 2014
From: cvs at cvs.gnupg.org (by Andrei Scherer)
Date: Sat, 04 Oct 2014 14:37:34 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-117-g30bd759
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 30bd759f398f45b04d0a783b875f59ce9bd1e51d (commit)
from 0ecd136a6ca02252f63ad229fa5240897bfe6544 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 30bd759f398f45b04d0a783b875f59ce9bd1e51d
Author: Andrei Scherer
Date: Thu Aug 28 09:45:35 2014 -0800
Improved ripemd160 performance
* cipher/rmd160.c (transform): Interleave the left and right lane
rounds to introduce more instruction level parallelism.
--
The benchmarks on different systems:
Intel(R) Atom(TM) CPU N570 @ 1.66GHz
before:
Hash:
| nanosecs/byte mebibytes/sec cycles/byte
RIPEMD160 | 13.07 ns/B 72.97 MiB/s - c/B
after:
Hash:
| nanosecs/byte mebibytes/sec cycles/byte
RIPEMD160 | 11.37 ns/B 83.84 MiB/s - c/B
Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
before:
Hash:
| nanosecs/byte mebibytes/sec cycles/byte
RIPEMD160 | 3.31 ns/B 288.0 MiB/s - c/B
after:
Hash:
| nanosecs/byte mebibytes/sec cycles/byte
RIPEMD160 | 2.08 ns/B 458.5 MiB/s - c/B
Signed-off-by: Andrei Scherer
diff --git a/cipher/rmd160.c b/cipher/rmd160.c
index 2aba0fe..e6d02f5 100644
--- a/cipher/rmd160.c
+++ b/cipher/rmd160.c
@@ -178,8 +178,7 @@ static unsigned int
transform_blk ( void *ctx, const unsigned char *data )
{
RMD160_CONTEXT *hd = ctx;
- register u32 a,b,c,d,e;
- u32 aa,bb,cc,dd,ee,t;
+ register u32 al, ar, bl, br, cl, cr, dl, dr, el, er;
u32 x[16];
int i;
@@ -201,196 +200,186 @@ transform_blk ( void *ctx, const unsigned char *data )
#define F2(x,y,z) ( ((x) | ~(y)) ^ (z) )
#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
-#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
- a = rol(t,s) + e; \
+#define R(a,b,c,d,e,f,k,r,s) do { a += f(b,c,d) + k + x[r]; \
+ a = rol(a,s) + e; \
c = rol(c,10); \
} while(0)
- /* left lane */
- a = hd->h0;
- b = hd->h1;
- c = hd->h2;
- d = hd->h3;
- e = hd->h4;
- R( a, b, c, d, e, F0, K0, 0, 11 );
- R( e, a, b, c, d, F0, K0, 1, 14 );
- R( d, e, a, b, c, F0, K0, 2, 15 );
- R( c, d, e, a, b, F0, K0, 3, 12 );
- R( b, c, d, e, a, F0, K0, 4, 5 );
- R( a, b, c, d, e, F0, K0, 5, 8 );
- R( e, a, b, c, d, F0, K0, 6, 7 );
- R( d, e, a, b, c, F0, K0, 7, 9 );
- R( c, d, e, a, b, F0, K0, 8, 11 );
- R( b, c, d, e, a, F0, K0, 9, 13 );
- R( a, b, c, d, e, F0, K0, 10, 14 );
- R( e, a, b, c, d, F0, K0, 11, 15 );
- R( d, e, a, b, c, F0, K0, 12, 6 );
- R( c, d, e, a, b, F0, K0, 13, 7 );
- R( b, c, d, e, a, F0, K0, 14, 9 );
- R( a, b, c, d, e, F0, K0, 15, 8 );
- R( e, a, b, c, d, F1, K1, 7, 7 );
- R( d, e, a, b, c, F1, K1, 4, 6 );
- R( c, d, e, a, b, F1, K1, 13, 8 );
- R( b, c, d, e, a, F1, K1, 1, 13 );
- R( a, b, c, d, e, F1, K1, 10, 11 );
- R( e, a, b, c, d, F1, K1, 6, 9 );
- R( d, e, a, b, c, F1, K1, 15, 7 );
- R( c, d, e, a, b, F1, K1, 3, 15 );
- R( b, c, d, e, a, F1, K1, 12, 7 );
- R( a, b, c, d, e, F1, K1, 0, 12 );
- R( e, a, b, c, d, F1, K1, 9, 15 );
- R( d, e, a, b, c, F1, K1, 5, 9 );
- R( c, d, e, a, b, F1, K1, 2, 11 );
- R( b, c, d, e, a, F1, K1, 14, 7 );
- R( a, b, c, d, e, F1, K1, 11, 13 );
- R( e, a, b, c, d, F1, K1, 8, 12 );
- R( d, e, a, b, c, F2, K2, 3, 11 );
- R( c, d, e, a, b, F2, K2, 10, 13 );
- R( b, c, d, e, a, F2, K2, 14, 6 );
- R( a, b, c, d, e, F2, K2, 4, 7 );
- R( e, a, b, c, d, F2, K2, 9, 14 );
- R( d, e, a, b, c, F2, K2, 15, 9 );
- R( c, d, e, a, b, F2, K2, 8, 13 );
- R( b, c, d, e, a, F2, K2, 1, 15 );
- R( a, b, c, d, e, F2, K2, 2, 14 );
- R( e, a, b, c, d, F2, K2, 7, 8 );
- R( d, e, a, b, c, F2, K2, 0, 13 );
- R( c, d, e, a, b, F2, K2, 6, 6 );
- R( b, c, d, e, a, F2, K2, 13, 5 );
- R( a, b, c, d, e, F2, K2, 11, 12 );
- R( e, a, b, c, d, F2, K2, 5, 7 );
- R( d, e, a, b, c, F2, K2, 12, 5 );
- R( c, d, e, a, b, F3, K3, 1, 11 );
- R( b, c, d, e, a, F3, K3, 9, 12 );
- R( a, b, c, d, e, F3, K3, 11, 14 );
- R( e, a, b, c, d, F3, K3, 10, 15 );
- R( d, e, a, b, c, F3, K3, 0, 14 );
- R( c, d, e, a, b, F3, K3, 8, 15 );
- R( b, c, d, e, a, F3, K3, 12, 9 );
- R( a, b, c, d, e, F3, K3, 4, 8 );
- R( e, a, b, c, d, F3, K3, 13, 9 );
- R( d, e, a, b, c, F3, K3, 3, 14 );
- R( c, d, e, a, b, F3, K3, 7, 5 );
- R( b, c, d, e, a, F3, K3, 15, 6 );
- R( a, b, c, d, e, F3, K3, 14, 8 );
- R( e, a, b, c, d, F3, K3, 5, 6 );
- R( d, e, a, b, c, F3, K3, 6, 5 );
- R( c, d, e, a, b, F3, K3, 2, 12 );
- R( b, c, d, e, a, F4, K4, 4, 9 );
- R( a, b, c, d, e, F4, K4, 0, 15 );
- R( e, a, b, c, d, F4, K4, 5, 5 );
- R( d, e, a, b, c, F4, K4, 9, 11 );
- R( c, d, e, a, b, F4, K4, 7, 6 );
- R( b, c, d, e, a, F4, K4, 12, 8 );
- R( a, b, c, d, e, F4, K4, 2, 13 );
- R( e, a, b, c, d, F4, K4, 10, 12 );
- R( d, e, a, b, c, F4, K4, 14, 5 );
- R( c, d, e, a, b, F4, K4, 1, 12 );
- R( b, c, d, e, a, F4, K4, 3, 13 );
- R( a, b, c, d, e, F4, K4, 8, 14 );
- R( e, a, b, c, d, F4, K4, 11, 11 );
- R( d, e, a, b, c, F4, K4, 6, 8 );
- R( c, d, e, a, b, F4, K4, 15, 5 );
- R( b, c, d, e, a, F4, K4, 13, 6 );
-
- aa = a; bb = b; cc = c; dd = d; ee = e;
-
- /* right lane */
- a = hd->h0;
- b = hd->h1;
- c = hd->h2;
- d = hd->h3;
- e = hd->h4;
- R( a, b, c, d, e, F4, KK0, 5, 8);
- R( e, a, b, c, d, F4, KK0, 14, 9);
- R( d, e, a, b, c, F4, KK0, 7, 9);
- R( c, d, e, a, b, F4, KK0, 0, 11);
- R( b, c, d, e, a, F4, KK0, 9, 13);
- R( a, b, c, d, e, F4, KK0, 2, 15);
- R( e, a, b, c, d, F4, KK0, 11, 15);
- R( d, e, a, b, c, F4, KK0, 4, 5);
- R( c, d, e, a, b, F4, KK0, 13, 7);
- R( b, c, d, e, a, F4, KK0, 6, 7);
- R( a, b, c, d, e, F4, KK0, 15, 8);
- R( e, a, b, c, d, F4, KK0, 8, 11);
- R( d, e, a, b, c, F4, KK0, 1, 14);
- R( c, d, e, a, b, F4, KK0, 10, 14);
- R( b, c, d, e, a, F4, KK0, 3, 12);
- R( a, b, c, d, e, F4, KK0, 12, 6);
- R( e, a, b, c, d, F3, KK1, 6, 9);
- R( d, e, a, b, c, F3, KK1, 11, 13);
- R( c, d, e, a, b, F3, KK1, 3, 15);
- R( b, c, d, e, a, F3, KK1, 7, 7);
- R( a, b, c, d, e, F3, KK1, 0, 12);
- R( e, a, b, c, d, F3, KK1, 13, 8);
- R( d, e, a, b, c, F3, KK1, 5, 9);
- R( c, d, e, a, b, F3, KK1, 10, 11);
- R( b, c, d, e, a, F3, KK1, 14, 7);
- R( a, b, c, d, e, F3, KK1, 15, 7);
- R( e, a, b, c, d, F3, KK1, 8, 12);
- R( d, e, a, b, c, F3, KK1, 12, 7);
- R( c, d, e, a, b, F3, KK1, 4, 6);
- R( b, c, d, e, a, F3, KK1, 9, 15);
- R( a, b, c, d, e, F3, KK1, 1, 13);
- R( e, a, b, c, d, F3, KK1, 2, 11);
- R( d, e, a, b, c, F2, KK2, 15, 9);
- R( c, d, e, a, b, F2, KK2, 5, 7);
- R( b, c, d, e, a, F2, KK2, 1, 15);
- R( a, b, c, d, e, F2, KK2, 3, 11);
- R( e, a, b, c, d, F2, KK2, 7, 8);
- R( d, e, a, b, c, F2, KK2, 14, 6);
- R( c, d, e, a, b, F2, KK2, 6, 6);
- R( b, c, d, e, a, F2, KK2, 9, 14);
- R( a, b, c, d, e, F2, KK2, 11, 12);
- R( e, a, b, c, d, F2, KK2, 8, 13);
- R( d, e, a, b, c, F2, KK2, 12, 5);
- R( c, d, e, a, b, F2, KK2, 2, 14);
- R( b, c, d, e, a, F2, KK2, 10, 13);
- R( a, b, c, d, e, F2, KK2, 0, 13);
- R( e, a, b, c, d, F2, KK2, 4, 7);
- R( d, e, a, b, c, F2, KK2, 13, 5);
- R( c, d, e, a, b, F1, KK3, 8, 15);
- R( b, c, d, e, a, F1, KK3, 6, 5);
- R( a, b, c, d, e, F1, KK3, 4, 8);
- R( e, a, b, c, d, F1, KK3, 1, 11);
- R( d, e, a, b, c, F1, KK3, 3, 14);
- R( c, d, e, a, b, F1, KK3, 11, 14);
- R( b, c, d, e, a, F1, KK3, 15, 6);
- R( a, b, c, d, e, F1, KK3, 0, 14);
- R( e, a, b, c, d, F1, KK3, 5, 6);
- R( d, e, a, b, c, F1, KK3, 12, 9);
- R( c, d, e, a, b, F1, KK3, 2, 12);
- R( b, c, d, e, a, F1, KK3, 13, 9);
- R( a, b, c, d, e, F1, KK3, 9, 12);
- R( e, a, b, c, d, F1, KK3, 7, 5);
- R( d, e, a, b, c, F1, KK3, 10, 15);
- R( c, d, e, a, b, F1, KK3, 14, 8);
- R( b, c, d, e, a, F0, KK4, 12, 8);
- R( a, b, c, d, e, F0, KK4, 15, 5);
- R( e, a, b, c, d, F0, KK4, 10, 12);
- R( d, e, a, b, c, F0, KK4, 4, 9);
- R( c, d, e, a, b, F0, KK4, 1, 12);
- R( b, c, d, e, a, F0, KK4, 5, 5);
- R( a, b, c, d, e, F0, KK4, 8, 14);
- R( e, a, b, c, d, F0, KK4, 7, 6);
- R( d, e, a, b, c, F0, KK4, 6, 8);
- R( c, d, e, a, b, F0, KK4, 2, 13);
- R( b, c, d, e, a, F0, KK4, 13, 6);
- R( a, b, c, d, e, F0, KK4, 14, 5);
- R( e, a, b, c, d, F0, KK4, 0, 15);
- R( d, e, a, b, c, F0, KK4, 3, 13);
- R( c, d, e, a, b, F0, KK4, 9, 11);
- R( b, c, d, e, a, F0, KK4, 11, 11);
-
-
- t = hd->h1 + d + cc;
- hd->h1 = hd->h2 + e + dd;
- hd->h2 = hd->h3 + a + ee;
- hd->h3 = hd->h4 + b + aa;
- hd->h4 = hd->h0 + c + bb;
- hd->h0 = t;
-
- return /*burn_stack*/ 108+5*sizeof(void*);
+ /* left lane and right lanes interleaved */
+ al = ar = hd->h0;
+ bl = br = hd->h1;
+ cl = cr = hd->h2;
+ dl = dr = hd->h3;
+ el = er = hd->h4;
+ R( al, bl, cl, dl, el, F0, K0, 0, 11 );
+ R( ar, br, cr, dr, er, F4, KK0, 5, 8);
+ R( el, al, bl, cl, dl, F0, K0, 1, 14 );
+ R( er, ar, br, cr, dr, F4, KK0, 14, 9);
+ R( dl, el, al, bl, cl, F0, K0, 2, 15 );
+ R( dr, er, ar, br, cr, F4, KK0, 7, 9);
+ R( cl, dl, el, al, bl, F0, K0, 3, 12 );
+ R( cr, dr, er, ar, br, F4, KK0, 0, 11);
+ R( bl, cl, dl, el, al, F0, K0, 4, 5 );
+ R( br, cr, dr, er, ar, F4, KK0, 9, 13);
+ R( al, bl, cl, dl, el, F0, K0, 5, 8 );
+ R( ar, br, cr, dr, er, F4, KK0, 2, 15);
+ R( el, al, bl, cl, dl, F0, K0, 6, 7 );
+ R( er, ar, br, cr, dr, F4, KK0, 11, 15);
+ R( dl, el, al, bl, cl, F0, K0, 7, 9 );
+ R( dr, er, ar, br, cr, F4, KK0, 4, 5);
+ R( cl, dl, el, al, bl, F0, K0, 8, 11 );
+ R( cr, dr, er, ar, br, F4, KK0, 13, 7);
+ R( bl, cl, dl, el, al, F0, K0, 9, 13 );
+ R( br, cr, dr, er, ar, F4, KK0, 6, 7);
+ R( al, bl, cl, dl, el, F0, K0, 10, 14 );
+ R( ar, br, cr, dr, er, F4, KK0, 15, 8);
+ R( el, al, bl, cl, dl, F0, K0, 11, 15 );
+ R( er, ar, br, cr, dr, F4, KK0, 8, 11);
+ R( dl, el, al, bl, cl, F0, K0, 12, 6 );
+ R( dr, er, ar, br, cr, F4, KK0, 1, 14);
+ R( cl, dl, el, al, bl, F0, K0, 13, 7 );
+ R( cr, dr, er, ar, br, F4, KK0, 10, 14);
+ R( bl, cl, dl, el, al, F0, K0, 14, 9 );
+ R( br, cr, dr, er, ar, F4, KK0, 3, 12);
+ R( al, bl, cl, dl, el, F0, K0, 15, 8 );
+ R( ar, br, cr, dr, er, F4, KK0, 12, 6);
+ R( el, al, bl, cl, dl, F1, K1, 7, 7 );
+ R( er, ar, br, cr, dr, F3, KK1, 6, 9);
+ R( dl, el, al, bl, cl, F1, K1, 4, 6 );
+ R( dr, er, ar, br, cr, F3, KK1, 11, 13);
+ R( cl, dl, el, al, bl, F1, K1, 13, 8 );
+ R( cr, dr, er, ar, br, F3, KK1, 3, 15);
+ R( bl, cl, dl, el, al, F1, K1, 1, 13 );
+ R( br, cr, dr, er, ar, F3, KK1, 7, 7);
+ R( al, bl, cl, dl, el, F1, K1, 10, 11 );
+ R( ar, br, cr, dr, er, F3, KK1, 0, 12);
+ R( el, al, bl, cl, dl, F1, K1, 6, 9 );
+ R( er, ar, br, cr, dr, F3, KK1, 13, 8);
+ R( dl, el, al, bl, cl, F1, K1, 15, 7 );
+ R( dr, er, ar, br, cr, F3, KK1, 5, 9);
+ R( cl, dl, el, al, bl, F1, K1, 3, 15 );
+ R( cr, dr, er, ar, br, F3, KK1, 10, 11);
+ R( bl, cl, dl, el, al, F1, K1, 12, 7 );
+ R( br, cr, dr, er, ar, F3, KK1, 14, 7);
+ R( al, bl, cl, dl, el, F1, K1, 0, 12 );
+ R( ar, br, cr, dr, er, F3, KK1, 15, 7);
+ R( el, al, bl, cl, dl, F1, K1, 9, 15 );
+ R( er, ar, br, cr, dr, F3, KK1, 8, 12);
+ R( dl, el, al, bl, cl, F1, K1, 5, 9 );
+ R( dr, er, ar, br, cr, F3, KK1, 12, 7);
+ R( cl, dl, el, al, bl, F1, K1, 2, 11 );
+ R( cr, dr, er, ar, br, F3, KK1, 4, 6);
+ R( bl, cl, dl, el, al, F1, K1, 14, 7 );
+ R( br, cr, dr, er, ar, F3, KK1, 9, 15);
+ R( al, bl, cl, dl, el, F1, K1, 11, 13 );
+ R( ar, br, cr, dr, er, F3, KK1, 1, 13);
+ R( el, al, bl, cl, dl, F1, K1, 8, 12 );
+ R( er, ar, br, cr, dr, F3, KK1, 2, 11);
+ R( dl, el, al, bl, cl, F2, K2, 3, 11 );
+ R( dr, er, ar, br, cr, F2, KK2, 15, 9);
+ R( cl, dl, el, al, bl, F2, K2, 10, 13 );
+ R( cr, dr, er, ar, br, F2, KK2, 5, 7);
+ R( bl, cl, dl, el, al, F2, K2, 14, 6 );
+ R( br, cr, dr, er, ar, F2, KK2, 1, 15);
+ R( al, bl, cl, dl, el, F2, K2, 4, 7 );
+ R( ar, br, cr, dr, er, F2, KK2, 3, 11);
+ R( el, al, bl, cl, dl, F2, K2, 9, 14 );
+ R( er, ar, br, cr, dr, F2, KK2, 7, 8);
+ R( dl, el, al, bl, cl, F2, K2, 15, 9 );
+ R( dr, er, ar, br, cr, F2, KK2, 14, 6);
+ R( cl, dl, el, al, bl, F2, K2, 8, 13 );
+ R( cr, dr, er, ar, br, F2, KK2, 6, 6);
+ R( bl, cl, dl, el, al, F2, K2, 1, 15 );
+ R( br, cr, dr, er, ar, F2, KK2, 9, 14);
+ R( al, bl, cl, dl, el, F2, K2, 2, 14 );
+ R( ar, br, cr, dr, er, F2, KK2, 11, 12);
+ R( el, al, bl, cl, dl, F2, K2, 7, 8 );
+ R( er, ar, br, cr, dr, F2, KK2, 8, 13);
+ R( dl, el, al, bl, cl, F2, K2, 0, 13 );
+ R( dr, er, ar, br, cr, F2, KK2, 12, 5);
+ R( cl, dl, el, al, bl, F2, K2, 6, 6 );
+ R( cr, dr, er, ar, br, F2, KK2, 2, 14);
+ R( bl, cl, dl, el, al, F2, K2, 13, 5 );
+ R( br, cr, dr, er, ar, F2, KK2, 10, 13);
+ R( al, bl, cl, dl, el, F2, K2, 11, 12 );
+ R( ar, br, cr, dr, er, F2, KK2, 0, 13);
+ R( el, al, bl, cl, dl, F2, K2, 5, 7 );
+ R( er, ar, br, cr, dr, F2, KK2, 4, 7);
+ R( dl, el, al, bl, cl, F2, K2, 12, 5 );
+ R( dr, er, ar, br, cr, F2, KK2, 13, 5);
+ R( cl, dl, el, al, bl, F3, K3, 1, 11 );
+ R( cr, dr, er, ar, br, F1, KK3, 8, 15);
+ R( bl, cl, dl, el, al, F3, K3, 9, 12 );
+ R( br, cr, dr, er, ar, F1, KK3, 6, 5);
+ R( al, bl, cl, dl, el, F3, K3, 11, 14 );
+ R( ar, br, cr, dr, er, F1, KK3, 4, 8);
+ R( el, al, bl, cl, dl, F3, K3, 10, 15 );
+ R( er, ar, br, cr, dr, F1, KK3, 1, 11);
+ R( dl, el, al, bl, cl, F3, K3, 0, 14 );
+ R( dr, er, ar, br, cr, F1, KK3, 3, 14);
+ R( cl, dl, el, al, bl, F3, K3, 8, 15 );
+ R( cr, dr, er, ar, br, F1, KK3, 11, 14);
+ R( bl, cl, dl, el, al, F3, K3, 12, 9 );
+ R( br, cr, dr, er, ar, F1, KK3, 15, 6);
+ R( al, bl, cl, dl, el, F3, K3, 4, 8 );
+ R( ar, br, cr, dr, er, F1, KK3, 0, 14);
+ R( el, al, bl, cl, dl, F3, K3, 13, 9 );
+ R( er, ar, br, cr, dr, F1, KK3, 5, 6);
+ R( dl, el, al, bl, cl, F3, K3, 3, 14 );
+ R( dr, er, ar, br, cr, F1, KK3, 12, 9);
+ R( cl, dl, el, al, bl, F3, K3, 7, 5 );
+ R( cr, dr, er, ar, br, F1, KK3, 2, 12);
+ R( bl, cl, dl, el, al, F3, K3, 15, 6 );
+ R( br, cr, dr, er, ar, F1, KK3, 13, 9);
+ R( al, bl, cl, dl, el, F3, K3, 14, 8 );
+ R( ar, br, cr, dr, er, F1, KK3, 9, 12);
+ R( el, al, bl, cl, dl, F3, K3, 5, 6 );
+ R( er, ar, br, cr, dr, F1, KK3, 7, 5);
+ R( dl, el, al, bl, cl, F3, K3, 6, 5 );
+ R( dr, er, ar, br, cr, F1, KK3, 10, 15);
+ R( cl, dl, el, al, bl, F3, K3, 2, 12 );
+ R( cr, dr, er, ar, br, F1, KK3, 14, 8);
+ R( bl, cl, dl, el, al, F4, K4, 4, 9 );
+ R( br, cr, dr, er, ar, F0, KK4, 12, 8);
+ R( al, bl, cl, dl, el, F4, K4, 0, 15 );
+ R( ar, br, cr, dr, er, F0, KK4, 15, 5);
+ R( el, al, bl, cl, dl, F4, K4, 5, 5 );
+ R( er, ar, br, cr, dr, F0, KK4, 10, 12);
+ R( dl, el, al, bl, cl, F4, K4, 9, 11 );
+ R( dr, er, ar, br, cr, F0, KK4, 4, 9);
+ R( cl, dl, el, al, bl, F4, K4, 7, 6 );
+ R( cr, dr, er, ar, br, F0, KK4, 1, 12);
+ R( bl, cl, dl, el, al, F4, K4, 12, 8 );
+ R( br, cr, dr, er, ar, F0, KK4, 5, 5);
+ R( al, bl, cl, dl, el, F4, K4, 2, 13 );
+ R( ar, br, cr, dr, er, F0, KK4, 8, 14);
+ R( el, al, bl, cl, dl, F4, K4, 10, 12 );
+ R( er, ar, br, cr, dr, F0, KK4, 7, 6);
+ R( dl, el, al, bl, cl, F4, K4, 14, 5 );
+ R( dr, er, ar, br, cr, F0, KK4, 6, 8);
+ R( cl, dl, el, al, bl, F4, K4, 1, 12 );
+ R( cr, dr, er, ar, br, F0, KK4, 2, 13);
+ R( bl, cl, dl, el, al, F4, K4, 3, 13 );
+ R( br, cr, dr, er, ar, F0, KK4, 13, 6);
+ R( al, bl, cl, dl, el, F4, K4, 8, 14 );
+ R( ar, br, cr, dr, er, F0, KK4, 14, 5);
+ R( el, al, bl, cl, dl, F4, K4, 11, 11 );
+ R( er, ar, br, cr, dr, F0, KK4, 0, 15);
+ R( dl, el, al, bl, cl, F4, K4, 6, 8 );
+ R( dr, er, ar, br, cr, F0, KK4, 3, 13);
+ R( cl, dl, el, al, bl, F4, K4, 15, 5 );
+ R( cr, dr, er, ar, br, F0, KK4, 9, 11);
+ R( bl, cl, dl, el, al, F4, K4, 13, 6 );
+ R( br, cr, dr, er, ar, F0, KK4, 11, 11);
+
+ dr += cl + hd->h1;
+ hd->h1 = hd->h2 + dl + er;
+ hd->h2 = hd->h3 + el + ar;
+ hd->h3 = hd->h4 + al + br;
+ hd->h4 = hd->h0 + bl + cr;
+ hd->h0 = dr;
+
+ return /*burn_stack*/ 104+5*sizeof(void*);
}
-----------------------------------------------------------------------
Summary of changes:
cipher/rmd160.c | 367 +++++++++++++++++++++++++++----------------------------
1 file changed, 178 insertions(+), 189 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Sat Oct 4 14:48:14 2014
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Sat, 04 Oct 2014 14:48:14 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-118-gde0ccd4
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via de0ccd4dce7ec185a678d78878d4538dd609ca0f (commit)
from 30bd759f398f45b04d0a783b875f59ce9bd1e51d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit de0ccd4dce7ec185a678d78878d4538dd609ca0f
Author: Jussi Kivilinna
Date: Sun Aug 31 13:17:24 2014 +0300
Add Whirlpool AMD64/SSE2 assembly implementation
* cipher/Makefile.am: Add 'whirlpool-sse2-amd64.S'.
* cipher/whirlpool-sse2-amd64.S: New.
* cipher/whirlpool.c (USE_AMD64_ASM): New.
(whirlpool_tables_s): New.
(rc, C0, C1, C2, C3, C4, C5, C6, C7): Combine these tables into single
structure and replace old tables with macros of same name.
(tab): New structure containing above tables.
[USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64)
(whirlpool_transform): New.
* configure.ac [host=x86_64]: Add 'whirlpool-sse2-amd64.lo'.
--
Benchmark results:
On Intel Core i5-4570 (3.2 Ghz):
After:
WHIRLPOOL | 4.82 ns/B 197.8 MiB/s 15.43 c/B
Before:
WHIRLPOOL | 9.10 ns/B 104.8 MiB/s 29.13 c/B
On Intel Core i5-2450M (2.5 Ghz):
After:
WHIRLPOOL | 8.43 ns/B 113.1 MiB/s 21.09 c/B
Before:
WHIRLPOOL | 13.45 ns/B 70.92 MiB/s 33.62 c/B
On Intel Core2 T8100 (2.1 Ghz):
After:
WHIRLPOOL | 10.22 ns/B 93.30 MiB/s 21.47 c/B
Before:
WHIRLPOOL | 19.87 ns/B 48.00 MiB/s 41.72 c/B
Summary, old vs new ratio:
Intel Core i5-4570: 1.88x
Intel Core i5-2450M: 1.59x
Intel Core2 T8100: 1.94x
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index c165356..7f45cbb 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -87,7 +87,7 @@ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \
sha512-armv7-neon.S \
stribog.c \
tiger.c \
-whirlpool.c \
+whirlpool.c whirlpool-sse2-amd64.S \
twofish.c twofish-amd64.S twofish-arm.S \
rfc2268.c \
camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \
diff --git a/cipher/whirlpool-sse2-amd64.S b/cipher/whirlpool-sse2-amd64.S
new file mode 100644
index 0000000..d0bcf2d
--- /dev/null
+++ b/cipher/whirlpool-sse2-amd64.S
@@ -0,0 +1,335 @@
+/* whirlpool-sse2-amd64.S - AMD64 assembly implementation of Whirlpool
+ *
+ * Copyright (C) 2014 Jussi Kivilinna
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see .
+ */
+
+#ifdef __x86_64
+#include
+#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_WHIRLPOOL)
+
+#ifdef __PIC__
+# define RIP %rip
+#else
+# define RIP
+#endif
+
+.text
+
+/* look-up table offsets on RTAB */
+#define RC (0)
+#define C0 (RC + (8 * 10))
+#define C1 (C0 + (8 * 256))
+#define C2 (C1 + (8 * 256))
+#define C3 (C2 + (8 * 256))
+#define C4 (C3 + (8 * 256))
+#define C5 (C4 + (8 * 256))
+#define C6 (C5 + (8 * 256))
+#define C7 (C6 + (8 * 256))
+
+/* stack variables */
+#define STACK_DATAP (0)
+#define STACK_STATEP (STACK_DATAP + 8)
+#define STACK_ROUNDS (STACK_STATEP + 8)
+#define STACK_NBLKS (STACK_ROUNDS + 8)
+#define STACK_RBP (STACK_NBLKS + 8)
+#define STACK_RBX (STACK_RBP + 8)
+#define STACK_R12 (STACK_RBX + 8)
+#define STACK_R13 (STACK_R12 + 8)
+#define STACK_R14 (STACK_R13 + 8)
+#define STACK_R15 (STACK_R14 + 8)
+#define STACK_MAX (STACK_R15 + 8)
+
+/* register macros */
+#define RTAB %rbp
+
+#define RI1 %rax
+#define RI2 %rbx
+#define RI3 %rcx
+#define RI4 %rdx
+
+#define RI1d %eax
+#define RI2d %ebx
+#define RI3d %ecx
+#define RI4d %edx
+
+#define RI1bl %al
+#define RI2bl %bl
+#define RI3bl %cl
+#define RI4bl %dl
+
+#define RI1bh %ah
+#define RI2bh %bh
+#define RI3bh %ch
+#define RI4bh %dh
+
+#define RB0 %r8
+#define RB1 %r9
+#define RB2 %r10
+#define RB3 %r11
+#define RB4 %r12
+#define RB5 %r13
+#define RB6 %r14
+#define RB7 %r15
+
+#define RT0 %rsi
+#define RT1 %rdi
+
+#define RT0d %esi
+#define RT1d %edi
+
+#define XKEY0 %xmm0
+#define XKEY1 %xmm1
+#define XKEY2 %xmm2
+#define XKEY3 %xmm3
+#define XKEY4 %xmm4
+#define XKEY5 %xmm5
+#define XKEY6 %xmm6
+#define XKEY7 %xmm7
+
+#define XSTATE0 %xmm8
+#define XSTATE1 %xmm9
+#define XSTATE2 %xmm10
+#define XSTATE3 %xmm11
+#define XSTATE4 %xmm12
+#define XSTATE5 %xmm13
+#define XSTATE6 %xmm14
+#define XSTATE7 %xmm15
+
+/***********************************************************************
+ * AMD64 assembly implementation of Whirlpool.
+ * - Using table-lookups
+ * - Store state in XMM registers
+ ***********************************************************************/
+#define __do_whirl(op, ri, \
+ b0, b1, b2, b3, b4, b5, b6, b7, \
+ load_ri, load_arg) \
+ movzbl ri ## bl, RT0d; \
+ movzbl ri ## bh, RT1d; \
+ shrq $16, ri; \
+ op ## q C7(RTAB,RT0,8), b7; \
+ op ## q C6(RTAB,RT1,8), b6; \
+ movzbl ri ## bl, RT0d; \
+ movzbl ri ## bh, RT1d; \
+ shrq $16, ri; \
+ op ## q C5(RTAB,RT0,8), b5; \
+ op ## q C4(RTAB,RT1,8), b4; \
+ movzbl ri ## bl, RT0d; \
+ movzbl ri ## bh, RT1d; \
+ shrl $16, ri ## d; \
+ op ## q C3(RTAB,RT0,8), b3; \
+ op ## q C2(RTAB,RT1,8), b2; \
+ movzbl ri ## bl, RT0d; \
+ movzbl ri ## bh, RT1d; \
+ load_ri( load_arg, ri); \
+ op ## q C1(RTAB,RT0,8), b1; \
+ op ## q C0(RTAB,RT1,8), b0;
+
+#define do_whirl(op, ri, rb_add, load_ri, load_arg) \
+ __do_whirl(op, ##ri, rb_add, load_ri, load_arg)
+
+#define dummy(...) /*_*/
+
+#define do_movq(src, dst) movq src, dst;
+
+#define RB_ADD0 RB0, RB1, RB2, RB3, RB4, RB5, RB6, RB7
+#define RB_ADD1 RB1, RB2, RB3, RB4, RB5, RB6, RB7, RB0
+#define RB_ADD2 RB2, RB3, RB4, RB5, RB6, RB7, RB0, RB1
+#define RB_ADD3 RB3, RB4, RB5, RB6, RB7, RB0, RB1, RB2
+#define RB_ADD4 RB4, RB5, RB6, RB7, RB0, RB1, RB2, RB3
+#define RB_ADD5 RB5, RB6, RB7, RB0, RB1, RB2, RB3, RB4
+#define RB_ADD6 RB6, RB7, RB0, RB1, RB2, RB3, RB4, RB5
+#define RB_ADD7 RB7, RB0, RB1, RB2, RB3, RB4, RB5, RB6
+
+.align 8
+.globl _gcry_whirlpool_transform_amd64
+.type _gcry_whirlpool_transform_amd64, at function;
+
+_gcry_whirlpool_transform_amd64:
+ /* input:
+ * %rdi: state
+ * %rsi: inblk
+ * %rdx: nblks
+ * %rcx: look-up tables
+ */
+ cmp $0, %rdx;
+ je .Lskip;
+
+ subq $STACK_MAX, %rsp;
+ movq %rbp, STACK_RBP(%rsp);
+ movq %rbx, STACK_RBX(%rsp);
+ movq %r12, STACK_R12(%rsp);
+ movq %r13, STACK_R13(%rsp);
+ movq %r14, STACK_R14(%rsp);
+ movq %r15, STACK_R15(%rsp);
+
+ movq %rdx, STACK_NBLKS(%rsp);
+ movq %rdi, STACK_STATEP(%rsp);
+ movq %rsi, STACK_DATAP(%rsp);
+
+ movq %rcx, RTAB;
+
+ jmp .Lfirst_block;
+
+.align 8
+.Lblock_loop:
+ movq STACK_DATAP(%rsp), %rsi;
+ movq RI1, %rdi;
+
+.Lfirst_block:
+ /* load data_block */
+ movq 0*8(%rsi), RB0;
+ movq 1*8(%rsi), RB1;
+ bswapq RB0;
+ movq 2*8(%rsi), RB2;
+ bswapq RB1;
+ movq 3*8(%rsi), RB3;
+ bswapq RB2;
+ movq 4*8(%rsi), RB4;
+ bswapq RB3;
+ movq 5*8(%rsi), RB5;
+ bswapq RB4;
+ movq RB0, XSTATE0;
+ movq 6*8(%rsi), RB6;
+ bswapq RB5;
+ movq RB1, XSTATE1;
+ movq 7*8(%rsi), RB7;
+ bswapq RB6;
+ movq RB2, XSTATE2;
+ bswapq RB7;
+ movq RB3, XSTATE3;
+ movq RB4, XSTATE4;
+ movq RB5, XSTATE5;
+ movq RB6, XSTATE6;
+ movq RB7, XSTATE7;
+
+ /* load key */
+ movq 0*8(%rdi), XKEY0;
+ movq 1*8(%rdi), XKEY1;
+ movq 2*8(%rdi), XKEY2;
+ movq 3*8(%rdi), XKEY3;
+ movq 4*8(%rdi), XKEY4;
+ movq 5*8(%rdi), XKEY5;
+ movq 6*8(%rdi), XKEY6;
+ movq 7*8(%rdi), XKEY7;
+
+ movq XKEY0, RI1;
+ movq XKEY1, RI2;
+ movq XKEY2, RI3;
+ movq XKEY3, RI4;
+
+ /* prepare and store state */
+ pxor XKEY0, XSTATE0;
+ pxor XKEY1, XSTATE1;
+ pxor XKEY2, XSTATE2;
+ pxor XKEY3, XSTATE3;
+ pxor XKEY4, XSTATE4;
+ pxor XKEY5, XSTATE5;
+ pxor XKEY6, XSTATE6;
+ pxor XKEY7, XSTATE7;
+
+ movq XSTATE0, 0*8(%rdi);
+ movq XSTATE1, 1*8(%rdi);
+ movq XSTATE2, 2*8(%rdi);
+ movq XSTATE3, 3*8(%rdi);
+ movq XSTATE4, 4*8(%rdi);
+ movq XSTATE5, 5*8(%rdi);
+ movq XSTATE6, 6*8(%rdi);
+ movq XSTATE7, 7*8(%rdi);
+
+ addq $64, STACK_DATAP(%rsp);
+ movl $(0), STACK_ROUNDS(%rsp);
+.align 8
+.Lround_loop:
+ do_whirl(mov, RI1 /*XKEY0*/, RB_ADD0, do_movq, XKEY4);
+ do_whirl(xor, RI2 /*XKEY1*/, RB_ADD1, do_movq, XKEY5);
+ do_whirl(xor, RI3 /*XKEY2*/, RB_ADD2, do_movq, XKEY6);
+ do_whirl(xor, RI4 /*XKEY3*/, RB_ADD3, do_movq, XKEY7);
+ do_whirl(xor, RI1 /*XKEY0*/, RB_ADD4, do_movq, XSTATE0);
+ do_whirl(xor, RI2 /*XKEY1*/, RB_ADD5, do_movq, XSTATE1);
+ do_whirl(xor, RI3 /*XKEY2*/, RB_ADD6, do_movq, XSTATE2);
+ do_whirl(xor, RI4 /*XKEY3*/, RB_ADD7, do_movq, XSTATE3);
+
+ movl STACK_ROUNDS(%rsp), RT0d;
+ movq RB1, XKEY1;
+ addl $1, STACK_ROUNDS(%rsp);
+ movq RB2, XKEY2;
+ movq RB3, XKEY3;
+ xorq RC(RTAB,RT0,8), RB0; /* Add round constant */
+ movq RB4, XKEY4;
+ movq RB5, XKEY5;
+ movq RB0, XKEY0;
+ movq RB6, XKEY6;
+ movq RB7, XKEY7;
+
+ do_whirl(xor, RI1 /*XSTATE0*/, RB_ADD0, do_movq, XSTATE4);
+ do_whirl(xor, RI2 /*XSTATE1*/, RB_ADD1, do_movq, XSTATE5);
+ do_whirl(xor, RI3 /*XSTATE2*/, RB_ADD2, do_movq, XSTATE6);
+ do_whirl(xor, RI4 /*XSTATE3*/, RB_ADD3, do_movq, XSTATE7);
+
+ cmpl $10, STACK_ROUNDS(%rsp);
+ je .Lis_last_round;
+
+ do_whirl(xor, RI1 /*XSTATE4*/, RB_ADD4, do_movq, XKEY0);
+ do_whirl(xor, RI2 /*XSTATE5*/, RB_ADD5, do_movq, XKEY1);
+ do_whirl(xor, RI3 /*XSTATE6*/, RB_ADD6, do_movq, XKEY2);
+ do_whirl(xor, RI4 /*XSTATE7*/, RB_ADD7, do_movq, XKEY3);
+ movq RB0, XSTATE0;
+ movq RB1, XSTATE1;
+ movq RB2, XSTATE2;
+ movq RB3, XSTATE3;
+ movq RB4, XSTATE4;
+ movq RB5, XSTATE5;
+ movq RB6, XSTATE6;
+ movq RB7, XSTATE7;
+
+ jmp .Lround_loop;
+.align 8
+.Lis_last_round:
+ do_whirl(xor, RI1 /*XSTATE4*/, RB_ADD4, dummy, _);
+ movq STACK_STATEP(%rsp), RI1;
+ do_whirl(xor, RI2 /*XSTATE5*/, RB_ADD5, dummy, _);
+ do_whirl(xor, RI3 /*XSTATE6*/, RB_ADD6, dummy, _);
+ do_whirl(xor, RI4 /*XSTATE7*/, RB_ADD7, dummy, _);
+
+ /* store state */
+ xorq RB0, 0*8(RI1);
+ xorq RB1, 1*8(RI1);
+ xorq RB2, 2*8(RI1);
+ xorq RB3, 3*8(RI1);
+ xorq RB4, 4*8(RI1);
+ xorq RB5, 5*8(RI1);
+ xorq RB6, 6*8(RI1);
+ xorq RB7, 7*8(RI1);
+
+ subq $1, STACK_NBLKS(%rsp);
+ jnz .Lblock_loop;
+
+ movq STACK_RBP(%rsp), %rbp;
+ movq STACK_RBX(%rsp), %rbx;
+ movq STACK_R12(%rsp), %r12;
+ movq STACK_R13(%rsp), %r13;
+ movq STACK_R14(%rsp), %r14;
+ movq STACK_R15(%rsp), %r15;
+ addq $STACK_MAX, %rsp;
+.Lskip:
+ movl $(STACK_MAX + 8), %eax;
+ ret;
+.size _gcry_whirlpool_transform_amd64,.-_gcry_whirlpool_transform_amd64;
+
+#endif
+#endif
diff --git a/cipher/whirlpool.c b/cipher/whirlpool.c
index ffc6662..2732f63 100644
--- a/cipher/whirlpool.c
+++ b/cipher/whirlpool.c
@@ -40,6 +40,14 @@
#include "bufhelp.h"
#include "hash-common.h"
+/* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */
+#undef USE_AMD64_ASM
+#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS)
+# define USE_AMD64_ASM 1
+#endif
+
+
+
/* Size of a whirlpool block (in bytes). */
#define BLOCK_SIZE 64
@@ -89,8 +97,15 @@ typedef struct {
+
+struct whirlpool_tables_s {
+ u64 RC[R];
+ u64 C[8][256];
+};
+
+static const struct whirlpool_tables_s tab =
+{
/* Round constants. */
-static const u64 rc[R] =
{
U64_C (0x1823c6e887b8014f),
U64_C (0x36a6d2f5796f9152),
@@ -102,13 +117,9 @@ static const u64 rc[R] =
U64_C (0xe427418ba77d95d8),
U64_C (0xfbee7c66dd17479e),
U64_C (0xca2dbf07ad5a8333),
- };
-
-
-
+ },
/* Main lookup boxes. */
-static const u64 C0[256] =
- {
+ { {
U64_C (0x18186018c07830d8), U64_C (0x23238c2305af4626),
U64_C (0xc6c63fc67ef991b8), U64_C (0xe8e887e8136fcdfb),
U64_C (0x878726874ca113cb), U64_C (0xb8b8dab8a9626d11),
@@ -237,10 +248,7 @@ static const u64 C0[256] =
U64_C (0x98985a98b4c22d2c), U64_C (0xa4a4aaa4490e55ed),
U64_C (0x2828a0285d885075), U64_C (0x5c5c6d5cda31b886),
U64_C (0xf8f8c7f8933fed6b), U64_C (0x8686228644a411c2),
- };
-
-static const u64 C1[256] =
- {
+ }, {
U64_C (0xd818186018c07830), U64_C (0x2623238c2305af46),
U64_C (0xb8c6c63fc67ef991), U64_C (0xfbe8e887e8136fcd),
U64_C (0xcb878726874ca113), U64_C (0x11b8b8dab8a9626d),
@@ -369,10 +377,7 @@ static const u64 C1[256] =
U64_C (0x2c98985a98b4c22d), U64_C (0xeda4a4aaa4490e55),
U64_C (0x752828a0285d8850), U64_C (0x865c5c6d5cda31b8),
U64_C (0x6bf8f8c7f8933fed), U64_C (0xc28686228644a411),
- };
-
-static const u64 C2[256] =
- {
+ }, {
U64_C (0x30d818186018c078), U64_C (0x462623238c2305af),
U64_C (0x91b8c6c63fc67ef9), U64_C (0xcdfbe8e887e8136f),
U64_C (0x13cb878726874ca1), U64_C (0x6d11b8b8dab8a962),
@@ -501,10 +506,7 @@ static const u64 C2[256] =
U64_C (0x2d2c98985a98b4c2), U64_C (0x55eda4a4aaa4490e),
U64_C (0x50752828a0285d88), U64_C (0xb8865c5c6d5cda31),
U64_C (0xed6bf8f8c7f8933f), U64_C (0x11c28686228644a4),
- };
-
-static const u64 C3[256] =
- {
+ }, {
U64_C (0x7830d818186018c0), U64_C (0xaf462623238c2305),
U64_C (0xf991b8c6c63fc67e), U64_C (0x6fcdfbe8e887e813),
U64_C (0xa113cb878726874c), U64_C (0x626d11b8b8dab8a9),
@@ -633,10 +635,7 @@ static const u64 C3[256] =
U64_C (0xc22d2c98985a98b4), U64_C (0x0e55eda4a4aaa449),
U64_C (0x8850752828a0285d), U64_C (0x31b8865c5c6d5cda),
U64_C (0x3fed6bf8f8c7f893), U64_C (0xa411c28686228644),
- };
-
-static const u64 C4[256] =
- {
+ }, {
U64_C (0xc07830d818186018), U64_C (0x05af462623238c23),
U64_C (0x7ef991b8c6c63fc6), U64_C (0x136fcdfbe8e887e8),
U64_C (0x4ca113cb87872687), U64_C (0xa9626d11b8b8dab8),
@@ -765,10 +764,7 @@ static const u64 C4[256] =
U64_C (0xb4c22d2c98985a98), U64_C (0x490e55eda4a4aaa4),
U64_C (0x5d8850752828a028), U64_C (0xda31b8865c5c6d5c),
U64_C (0x933fed6bf8f8c7f8), U64_C (0x44a411c286862286),
- };
-
-static const u64 C5[256] =
- {
+ }, {
U64_C (0x18c07830d8181860), U64_C (0x2305af462623238c),
U64_C (0xc67ef991b8c6c63f), U64_C (0xe8136fcdfbe8e887),
U64_C (0x874ca113cb878726), U64_C (0xb8a9626d11b8b8da),
@@ -897,10 +893,7 @@ static const u64 C5[256] =
U64_C (0x98b4c22d2c98985a), U64_C (0xa4490e55eda4a4aa),
U64_C (0x285d8850752828a0), U64_C (0x5cda31b8865c5c6d),
U64_C (0xf8933fed6bf8f8c7), U64_C (0x8644a411c2868622),
- };
-
-static const u64 C6[256] =
- {
+ }, {
U64_C (0x6018c07830d81818), U64_C (0x8c2305af46262323),
U64_C (0x3fc67ef991b8c6c6), U64_C (0x87e8136fcdfbe8e8),
U64_C (0x26874ca113cb8787), U64_C (0xdab8a9626d11b8b8),
@@ -1029,10 +1022,7 @@ static const u64 C6[256] =
U64_C (0x5a98b4c22d2c9898), U64_C (0xaaa4490e55eda4a4),
U64_C (0xa0285d8850752828), U64_C (0x6d5cda31b8865c5c),
U64_C (0xc7f8933fed6bf8f8), U64_C (0x228644a411c28686),
- };
-
-static const u64 C7[256] =
- {
+ }, {
U64_C (0x186018c07830d818), U64_C (0x238c2305af462623),
U64_C (0xc63fc67ef991b8c6), U64_C (0xe887e8136fcdfbe8),
U64_C (0x8726874ca113cb87), U64_C (0xb8dab8a9626d11b8),
@@ -1161,7 +1151,18 @@ static const u64 C7[256] =
U64_C (0x985a98b4c22d2c98), U64_C (0xa4aaa4490e55eda4),
U64_C (0x28a0285d88507528), U64_C (0x5c6d5cda31b8865c),
U64_C (0xf8c7f8933fed6bf8), U64_C (0x86228644a411c286),
- };
+ } }
+};
+#define C tab.C
+#define C0 C[0]
+#define C1 C[1]
+#define C2 C[2]
+#define C3 C[3]
+#define C4 C[4]
+#define C5 C[5]
+#define C6 C[6]
+#define C7 C[7]
+#define rc tab.RC
@@ -1189,6 +1190,22 @@ whirlpool_init (void *ctx, unsigned int flags)
}
+#ifdef USE_AMD64_ASM
+
+extern unsigned int
+_gcry_whirlpool_transform_amd64(u64 *state, const unsigned char *data,
+ size_t nblks, const struct whirlpool_tables_s *tables);
+
+static unsigned int
+whirlpool_transform (void *ctx, const unsigned char *data, size_t nblks)
+{
+ whirlpool_context_t *context = ctx;
+
+ return _gcry_whirlpool_transform_amd64(
+ context->hash_state, data, nblks, &tab);
+}
+
+#else /* USE_AMD64_ASM */
/*
* Transform block.
@@ -1308,6 +1325,8 @@ whirlpool_transform ( void *c, const unsigned char *data, size_t nblks )
return burn;
}
+#endif /* !USE_AMD64_ASM */
+
/* Bug compatibility Whirlpool version. */
static void
diff --git a/configure.ac b/configure.ac
index 18db662..d14b7f6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1943,6 +1943,13 @@ LIST_MEMBER(whirlpool, $enabled_digests)
if test "$found" = "1" ; then
GCRYPT_DIGESTS="$GCRYPT_DIGESTS whirlpool.lo"
AC_DEFINE(USE_WHIRLPOOL, 1, [Defined if this module should be included])
+
+ case "${host}" in
+ x86_64-*-*)
+ # Build with the assembly implementation
+ GCRYPT_DIGESTS="$GCRYPT_DIGESTS whirlpool-sse2-amd64.lo"
+ ;;
+ esac
fi
# rmd160 and sha1 should be included always.
-----------------------------------------------------------------------
Summary of changes:
cipher/Makefile.am | 2 +-
cipher/whirlpool-sse2-amd64.S | 335 +++++++++++++++++++++++++++++++++++++++++
cipher/whirlpool.c | 91 ++++++-----
configure.ac | 7 +
4 files changed, 398 insertions(+), 37 deletions(-)
create mode 100644 cipher/whirlpool-sse2-amd64.S
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Oct 7 22:20:48 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 07 Oct 2014 22:20:48 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 1e43180ee23ec011709494f906b19125cc39538f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 1e43180ee23ec011709494f906b19125cc39538f (commit)
from 5c72ed8b0c55d9da39b05dcfb8e3dd103b6e883e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e43180ee23ec011709494f906b19125cc39538f
Author: Werner Koch
Date: Tue Oct 7 22:20:55 2014 +0200
web: Enforce a minimum donation of 4 Euro.
diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index 3293b3c..a61c75c 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -331,7 +331,17 @@ sub check_donation ()
$stripeamount = $data{"_amount"};
$amount = $data{"Amount"};
$currency = $data{"Currency"};
- $euroamount = $data{"Euro"}
+ $euroamount = $data{"Euro"};
+
+ # Check that at least some Euros are given. Due to Stripe
+ # processing fees and our own costs for bookkeeping we need to ask
+ # for a minimum amount.
+ if ( (not $anyerr) and ($euroamount < 4.00) ) {
+ $errdict{"amount"} = 'Sorry, due to overhead costs we do' .
+ ' not accept donations of less than 4 Euro.';
+ $anyerr = 1;
+ }
+
# Check the mail address
if ($mail ne '' and $mail !~ /\S+@\S+\.\S+/ ) {
diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index e86483e..e3c4a46 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -31,14 +31,17 @@
| 2011 | 21 | 553 | 465 |
| 2012 | 53 | 5991 | 4963 |
| 2013 | 148 | 5041 | 4145 |
-| 2014 | 66 | 4059 | |
+| 2014 | 102 | 4742 | 3985 |
|------+-----+-------+----------|
-| | 272 | 14829 | 9573 |
-#+TBLFM: $LR2=vsum(@I.. at II)::$LR3=vsum(@I.. at II)::$LR4=vsum(@I.. at II)
+| | | 16327 | 13558 |
+#+TBLFM: $LR3=vsum(@I.. at II)::$LR4=vsum(@I.. at II)
+
+# In 2014 without the 32641.27 (27429.64) from the Goteo campaign
#+HTML:
-The "net" column gives the actual value without VAT and PayPal fees.\\
-Last update: 2014-06-25
+The "net" column gives the actual value without VAT and credit card
+fees.\\
+Last update: 2014-10-07
#+HTML:
* Hardware and service donations
-----------------------------------------------------------------------
Summary of changes:
cgi/procdonate.cgi | 12 +++++++++++-
web/donate/kudos.org | 13 ++++++++-----
2 files changed, 19 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 8 14:51:37 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 08 Oct 2014 14:51:37 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-120-ga078436
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via a078436be5b656e4a2acfaeb5f054b9991f617e5 (commit)
via 5c906e2cdb14e93fb4915fdc69c7353a5fa35709 (commit)
from de0ccd4dce7ec185a678d78878d4538dd609ca0f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a078436be5b656e4a2acfaeb5f054b9991f617e5
Author: Werner Koch
Date: Wed Oct 8 14:42:36 2014 +0200
doc: Fix a configure option name.
--
diff --git a/AUTHORS b/AUTHORS
index 860dea2..f72a421 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -137,7 +137,7 @@ Authors with a DCO
==================
Andrei Scherer
-2014-0822:BF7CEF794F9.000003F0andsch at inbox.com:
+2014-08-22:BF7CEF794F9.000003F0andsch at inbox.com:
Christian Aistleitner
2013-02-26:20130226110144.GA12678 at quelltextlich.at:
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 58671df..63edf06 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -325,7 +325,7 @@ you are cross-compiling, it is useful to set the environment variable
then first look for the helper program in the @file{bin} directory
below that top directory. An absolute directory name must be used for
@code{SYSROOT}. Finally, if the configure command line option
- at code{--libgcrypt-prefix} is used, only its value is used for the top
+ at code{--with-libgcrypt-prefix} is used, only its value is used for the top
directory below which the helper script is expected.
@end defmac
commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709
Author: Werner Koch
Date: Wed Oct 8 14:41:21 2014 +0200
Fix prime test for 2 and lower and add check command to mpicalc.
* cipher/primegen.c (check_prime): Return true for the small primes.
(_gcry_prime_check): Return correct values for 2 and lower numbers.
* src/mpicalc.c (do_primecheck): New.
(main): Add command 'P'.
(main): Allow for larger input data.
diff --git a/cipher/primegen.c b/cipher/primegen.c
index 14a5ccf..ce6db8d 100644
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@@ -868,7 +868,7 @@ check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
for (i=0; (x = small_prime_numbers[i]); i++ )
{
if ( mpi_divisible_ui( prime, x ) )
- return 0;
+ return !mpi_cmp_ui (prime, x);
}
/* A quick Fermat test. */
@@ -1169,19 +1169,20 @@ _gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
gcry_err_code_t
_gcry_prime_check (gcry_mpi_t x, unsigned int flags)
{
- gcry_err_code_t rc = 0;
- gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
-
(void)flags;
+ switch (mpi_cmp_ui (x, 2))
+ {
+ case 0: return 0; /* 2 is a prime */
+ case -1: return GPG_ERR_NO_PRIME; /* Only numbers > 1 are primes. */
+ }
+
/* We use 64 rounds because the prime we are going to test is not
guaranteed to be a random one. */
- if (! check_prime (x, val_2, 64, NULL, NULL))
- rc = GPG_ERR_NO_PRIME;
-
- mpi_free (val_2);
+ if (check_prime (x, mpi_const (MPI_C_TWO), 64, NULL, NULL))
+ return 0;
- return rc;
+ return GPG_ERR_NO_PRIME;
}
/* Find a generator for PRIME where the factorization of (prime-1) is
diff --git a/src/mpicalc.c b/src/mpicalc.c
index b2b4335..f1fbbef 100644
--- a/src/mpicalc.c
+++ b/src/mpicalc.c
@@ -254,6 +254,23 @@ do_nbits (void)
}
+static void
+do_primecheck (void)
+{
+ gpg_error_t err;
+
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ err = gcry_prime_check (stack[stackidx - 1], 0);
+ mpi_set_ui (stack[stackidx - 1], !err);
+ if (err && gpg_err_code (err) != GPG_ERR_NO_PRIME)
+ fprintf (stderr, "checking prime failed: %s\n", gpg_strerror (err));
+}
+
+
static int
my_getc (void)
{
@@ -295,6 +312,7 @@ print_help (void)
"d dup item [-1] := [0] {+1}\n"
"r reverse [0] := [1], [1] := [0] {0}\n"
"b # of bits [0] := nbits([0]) {0}\n"
+ "P prime check [0] := is_prime([0])?1:0 {0}\n"
"c clear stack\n"
"p print top item\n"
"f print the stack\n"
@@ -313,7 +331,7 @@ main (int argc, char **argv)
int print_config = 0;
int i, c;
int state = 0;
- char strbuf[1000];
+ char strbuf[4096];
int stridx = 0;
if (argc)
@@ -508,6 +526,9 @@ main (int argc, char **argv)
case 'b':
do_nbits ();
break;
+ case 'P':
+ do_primecheck ();
+ break;
case 'c':
for (i = 0; i < stackidx; i++)
{
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 2 +-
cipher/primegen.c | 19 ++++++++++---------
doc/gcrypt.texi | 2 +-
src/mpicalc.c | 23 ++++++++++++++++++++++-
4 files changed, 34 insertions(+), 12 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 8 14:54:48 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 08 Oct 2014 14:54:48 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH,
updated. libgcrypt-1.6.2-4-g0c2d144
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, LIBGCRYPT-1-6-BRANCH has been updated
via 0c2d1443124dc6e65bd7f980f79aa2a6e33a82da (commit)
from d4b86782debb93773ed1ccb9f8c1a230ff6e84f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0c2d1443124dc6e65bd7f980f79aa2a6e33a82da
Author: Werner Koch
Date: Wed Oct 8 14:41:21 2014 +0200
Fix prime test for 2 and lower and add check command to mpicalc.
* cipher/primegen.c (check_prime): Return true for the small primes.
(_gcry_prime_check): Return correct values for 2 and lower numbers.
* src/mpicalc.c (do_primecheck): New.
(main): Add command 'P'.
(main): Allow for larger input data.
--
(cherry picked from commit 5c906e2cdb14e93fb4915fdc69c7353a5fa35709)
diff --git a/cipher/primegen.c b/cipher/primegen.c
index dd1f2ea..e46bf18 100644
--- a/cipher/primegen.c
+++ b/cipher/primegen.c
@@ -882,7 +882,7 @@ check_prime( gcry_mpi_t prime, gcry_mpi_t val_2, int rm_rounds,
for (i=0; (x = small_prime_numbers[i]); i++ )
{
if ( mpi_divisible_ui( prime, x ) )
- return 0;
+ return !mpi_cmp_ui (prime, x);
}
/* A quick Fermat test. */
@@ -1183,19 +1183,20 @@ _gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits,
gcry_err_code_t
_gcry_prime_check (gcry_mpi_t x, unsigned int flags)
{
- gcry_err_code_t rc = 0;
- gcry_mpi_t val_2 = mpi_alloc_set_ui (2); /* Used by the Fermat test. */
-
(void)flags;
+ switch (mpi_cmp_ui (x, 2))
+ {
+ case 0: return 0; /* 2 is a prime */
+ case -1: return GPG_ERR_NO_PRIME; /* Only numbers > 1 are primes. */
+ }
+
/* We use 64 rounds because the prime we are going to test is not
guaranteed to be a random one. */
- if (! check_prime (x, val_2, 64, NULL, NULL))
- rc = GPG_ERR_NO_PRIME;
-
- mpi_free (val_2);
+ if (check_prime (x, mpi_const (MPI_C_TWO), 64, NULL, NULL))
+ return 0;
- return rc;
+ return GPG_ERR_NO_PRIME;
}
/* Find a generator for PRIME where the factorization of (prime-1) is
diff --git a/src/mpicalc.c b/src/mpicalc.c
index b2b4335..f1fbbef 100644
--- a/src/mpicalc.c
+++ b/src/mpicalc.c
@@ -254,6 +254,23 @@ do_nbits (void)
}
+static void
+do_primecheck (void)
+{
+ gpg_error_t err;
+
+ if (stackidx < 1)
+ {
+ fputs ("stack underflow\n", stderr);
+ return;
+ }
+ err = gcry_prime_check (stack[stackidx - 1], 0);
+ mpi_set_ui (stack[stackidx - 1], !err);
+ if (err && gpg_err_code (err) != GPG_ERR_NO_PRIME)
+ fprintf (stderr, "checking prime failed: %s\n", gpg_strerror (err));
+}
+
+
static int
my_getc (void)
{
@@ -295,6 +312,7 @@ print_help (void)
"d dup item [-1] := [0] {+1}\n"
"r reverse [0] := [1], [1] := [0] {0}\n"
"b # of bits [0] := nbits([0]) {0}\n"
+ "P prime check [0] := is_prime([0])?1:0 {0}\n"
"c clear stack\n"
"p print top item\n"
"f print the stack\n"
@@ -313,7 +331,7 @@ main (int argc, char **argv)
int print_config = 0;
int i, c;
int state = 0;
- char strbuf[1000];
+ char strbuf[4096];
int stridx = 0;
if (argc)
@@ -508,6 +526,9 @@ main (int argc, char **argv)
case 'b':
do_nbits ();
break;
+ case 'P':
+ do_primecheck ();
+ break;
case 'c':
for (i = 0; i < stackidx; i++)
{
-----------------------------------------------------------------------
Summary of changes:
cipher/primegen.c | 19 ++++++++++---------
src/mpicalc.c | 23 ++++++++++++++++++++++-
2 files changed, 32 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 8 15:01:15 2014
From: cvs at cvs.gnupg.org (by Markus Teich)
Date: Wed, 08 Oct 2014 15:01:15 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-121-g23ecadf
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 23ecadf309f8056c35cc092e58df801ac0eab862 (commit)
from a078436be5b656e4a2acfaeb5f054b9991f617e5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 23ecadf309f8056c35cc092e58df801ac0eab862
Author: Markus Teich
Date: Tue Oct 7 18:24:27 2014 +0200
mpi: Add gcry_mpi_ec_sub.
* NEWS (gcry_mpi_ec_sub): New.
* doc/gcrypt.texi (gcry_mpi_ec_sub): New.
* mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New.
(sub_points_montgomery, sub_points_weierstrass): New stubs.
* src/gcrypt-int.h (_gcry_mpi_ec_sub): New.
* src/gcrypt.h.in (gcry_mpi_ec_sub): New.
* src/libgcrypt.def (gcry_mpi_ec_sub): New.
* src/libgcrypt.vers (gcry_mpi_ec_sub): New.
* src/mpi.h (_gcry_mpi_ec_sub_points): New.
* src/visibility.c (gcry_mpi_ec_sub): New.
* src/visibility.h (gcry_mpi_ec_sub): New.
--
This function subtracts two points on the curve. Only Twisted Edwards
curves are supported with this change.
Signed-off-by: Markus Teich
diff --git a/NEWS b/NEWS
index 214c676..0150fdd 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,7 @@ Noteworthy changes in version 1.7.0 (unreleased)
GCRYCTL_SET_SBOX NEW.
gcry_cipher_set_sbox NEW macro.
GCRY_MD_GOSTR3411_CP NEW.
+ gcry_mpi_ec_sub NEW.
Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 63edf06..108d53a 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -4806,6 +4806,15 @@ Add the points @var{u} and @var{v} of the elliptic curve described by
@var{ctx} and store the result into @var{w}.
@end deftypefun
+ at deftypefun void gcry_mpi_ec_sub ( @
+ @w{gcry_mpi_point_t @var{w}}, @w{gcry_mpi_point_t @var{u}}, @
+ @w{gcry_mpi_point_t @var{v}}, @w{gcry_ctx_t @var{ctx}})
+
+Subtracts the point @var{v} from the point @var{u} of the elliptic
+curve described by @var{ctx} and store the result into @var{w}. Only
+Twisted Edwards curves are supported for now.
+ at end deftypefun
+
@deftypefun void gcry_mpi_ec_mul ( @
@w{gcry_mpi_point_t @var{w}}, @w{gcry_mpi_t @var{n}}, @
@w{gcry_mpi_point_t @var{u}}, @w{gcry_ctx_t @var{ctx}})
diff --git a/mpi/ec.c b/mpi/ec.c
index a55291a..80f3b22 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1131,6 +1131,71 @@ _gcry_mpi_ec_add_points (mpi_point_t result,
}
+/* RESULT = P1 - P2 (Weierstrass version).*/
+static void
+sub_points_weierstrass (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ (void)result;
+ (void)p1;
+ (void)p2;
+ (void)ctx;
+ log_fatal ("%s: %s not yet supported\n",
+ "_gcry_mpi_ec_sub_points", "Weierstrass");
+}
+
+
+/* RESULT = P1 - P2 (Montgomery version).*/
+static void
+sub_points_montgomery (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ (void)result;
+ (void)p1;
+ (void)p2;
+ (void)ctx;
+ log_fatal ("%s: %s not yet supported\n",
+ "_gcry_mpi_ec_sub_points", "Montgomery");
+}
+
+
+/* RESULT = P1 - P2 (Twisted Edwards version).*/
+static void
+sub_points_edwards (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ mpi_point_t p2i = _gcry_mpi_point_new (0);
+ point_set (p2i, p2);
+ _gcry_mpi_neg (p2i->x, p2i->x);
+ add_points_edwards (result, p1, p2i, ctx);
+ _gcry_mpi_point_release (p2i);
+}
+
+
+/* RESULT = P1 - P2 */
+void
+_gcry_mpi_ec_sub_points (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ switch (ctx->model)
+ {
+ case MPI_EC_WEIERSTRASS:
+ sub_points_weierstrass (result, p1, p2, ctx);
+ break;
+ case MPI_EC_MONTGOMERY:
+ sub_points_montgomery (result, p1, p2, ctx);
+ break;
+ case MPI_EC_EDWARDS:
+ sub_points_edwards (result, p1, p2, ctx);
+ break;
+ }
+}
+
+
/* Scalar point multiplication - the main function for ECC. If takes
an integer SCALAR and a POINT as well as the usual context CTX.
RESULT will be set to the resulting point. */
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 8a6df84..918937b 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -430,6 +430,8 @@ int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
void _gcry_mpi_ec_add (gcry_mpi_point_t w,
gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
+void _gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
void _gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
mpi_ec_t ctx);
int _gcry_mpi_ec_curve_point (gcry_mpi_point_t w, mpi_ec_t ctx);
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 65d9ef6..f3207c9 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -704,6 +704,10 @@ void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
void gcry_mpi_ec_add (gcry_mpi_point_t w,
gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+/* W = U - V. */
+void gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
/* W = N * U. */
void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
gcry_ctx_t ctx);
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 57ed490..924f17f 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -276,5 +276,7 @@ EXPORTS
gcry_mac_ctl @242
gcry_mac_get_algo @243
+ gcry_mpi_ec_sub @244
+
;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 7ee0541..7e8df3f 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -105,7 +105,7 @@ GCRYPT_1.6 {
gcry_mpi_ec_get_mpi; gcry_mpi_ec_get_point;
gcry_mpi_ec_set_mpi; gcry_mpi_ec_set_point;
gcry_mpi_ec_get_affine;
- gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_mul;
+ gcry_mpi_ec_dup; gcry_mpi_ec_add; gcry_mpi_ec_sub; gcry_mpi_ec_mul;
gcry_mpi_ec_curve_point;
gcry_log_debug;
diff --git a/src/mpi.h b/src/mpi.h
index 7407b7f..13b5117 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -286,6 +286,9 @@ void _gcry_mpi_ec_dup_point (mpi_point_t result,
void _gcry_mpi_ec_add_points (mpi_point_t result,
mpi_point_t p1, mpi_point_t p2,
mpi_ec_t ctx);
+void _gcry_mpi_ec_sub_points (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx);
void _gcry_mpi_ec_mul_point (mpi_point_t result,
gcry_mpi_t scalar, mpi_point_t point,
mpi_ec_t ctx);
diff --git a/src/visibility.c b/src/visibility.c
index 6ed57ca..fa23e53 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -567,6 +567,14 @@ gcry_mpi_ec_add (gcry_mpi_point_t w,
}
void
+gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_sub_points (w, u, v,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
gcry_ctx_t ctx)
{
diff --git a/src/visibility.h b/src/visibility.h
index 96b5235..fa3c763 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -218,6 +218,7 @@ MARK_VISIBLEX (gcry_mpi_copy)
MARK_VISIBLEX (gcry_mpi_div)
MARK_VISIBLEX (gcry_mpi_dump)
MARK_VISIBLEX (gcry_mpi_ec_add)
+MARK_VISIBLEX (gcry_mpi_ec_sub)
MARK_VISIBLEX (gcry_mpi_ec_curve_point)
MARK_VISIBLEX (gcry_mpi_ec_dup)
MARK_VISIBLEX (gcry_mpi_ec_get_affine)
@@ -486,6 +487,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
#define gcry_mpi_abs _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_add _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_sub _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_curve_point _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_dup _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_get_affine _gcry_USE_THE_UNDERSCORED_FUNCTION
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
doc/gcrypt.texi | 9 ++++++++
mpi/ec.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/gcrypt-int.h | 2 ++
src/gcrypt.h.in | 4 ++++
src/libgcrypt.def | 2 ++
src/libgcrypt.vers | 2 +-
src/mpi.h | 3 +++
src/visibility.c | 8 +++++++
src/visibility.h | 2 ++
10 files changed, 97 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 8 21:45:02 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 08 Oct 2014 21:45:02 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-2-g3ae6afc
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97 (commit)
from 0c52bfa3955b629038a6ac42c48356b88fce181e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97
Author: Werner Koch
Date: Wed Oct 8 21:40:34 2014 +0200
gpg: Avoid error exit if keygrip computations fails in a key listing.
* g10/keyid.c (keygrip_from_pk): Use log_info and clear array on error.
--
This may happen due to algorithms or curves not supported by
Libgcrypt. We should only print a warning and not have gpg return
with failure for a secret key listing.
Signed-off-by: Werner Koch
diff --git a/g10/keyid.c b/g10/keyid.c
index 94900bd..3b4c10c 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -854,7 +854,8 @@ keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
if (!gcry_pk_get_keygrip (s_pkey, array))
{
- log_error ("error computing keygrip\n");
+ log_info ("error computing keygrip\n");
+ memset (array, 0, 20);
err = gpg_error (GPG_ERR_GENERAL);
}
else
-----------------------------------------------------------------------
Summary of changes:
g10/keyid.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 9 08:31:40 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 09 Oct 2014 08:31:40 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-122-g669a83b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 669a83ba86c38b271d85ed4bf1cabc7cc8160583 (commit)
from 23ecadf309f8056c35cc092e58df801ac0eab862 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 669a83ba86c38b271d85ed4bf1cabc7cc8160583
Author: Werner Koch
Date: Thu Oct 9 08:31:35 2014 +0200
Register DCO for Markus Teich
--
diff --git a/AUTHORS b/AUTHORS
index f72a421..e186a48 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -157,6 +157,9 @@ Jussi Kivilinna
Jussi Kivilinna
2013-05-06:5186720A.4090101 at iki.fi:
+Markus Teich
+2014-10-08:20141008180509.GA2770 at trolle:
+
Milan Broz
2014-01-13:52D44CC6.4050707 at gmail.com:
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +++
1 file changed, 3 insertions(+)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 9 21:04:49 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 09 Oct 2014 21:04:49 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-9-g2ca90f7
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 2ca90f78cee91c43b8d538d1cb92728f8e1452d5 (commit)
via 60e21d8b85888b8c9ea15c70268f98d780fdf5fb (commit)
via b6507bb80e4e4aa5c85a918fdcf5c28cccb75081 (commit)
via ec332d58efc50f6508b87fc9f51db68c39cee044 (commit)
via d8c01d826f919dd2faa73fe5692e0d3da235846d (commit)
via 6be5c4febc2ec484f049ed743bca08fa9da44590 (commit)
via 27fe067efea883629354450a042ad09e47d90ff8 (commit)
from 3ae6afc1336d42bd95fa0b7f5f83bd299ae26b97 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2ca90f78cee91c43b8d538d1cb92728f8e1452d5
Author: Werner Koch
Date: Thu Oct 9 21:01:49 2014 +0200
gpg: Skip overlong keys and a print a warning.
* kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too
long blobs.
* sm/keydb.c (keydb_search): Call keybox_search with a dummy param.
* g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs.
(keydb_search_reset): Reset that field.
(keydb_search): Update that field.
(keydb_get_skipped_counter): New.
* g10/keylist.c (list_all): Print count of skipped keys.
Signed-off-by: Werner Koch
diff --git a/g10/keydb.c b/g10/keydb.c
index a387951..a9a9753 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -67,6 +67,7 @@ struct keydb_handle
{
int locked;
int found;
+ unsigned long skipped_long_blobs;
int current;
int used; /* Number of items in ACTIVE. */
struct resource_item active[MAX_KEYDB_RESOURCES];
@@ -1289,6 +1290,13 @@ keydb_rebuild_caches (int noisy)
}
+/* Return the number of skipped blocks since the last search reset. */
+unsigned long
+keydb_get_skipped_counter (KEYDB_HANDLE hd)
+{
+ return hd ? hd->skipped_long_blobs : 0;
+}
+
/*
* Start the next search on this handle right at the beginning
@@ -1307,6 +1315,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
if (DBG_CLOCK)
log_clock ("keydb_search_reset");
+ hd->skipped_long_blobs = 0;
hd->current = 0;
hd->found = -1;
/* Now reset all resources. */
@@ -1424,7 +1433,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_search (hd->active[hd->current].u.kb, desc,
- ndesc, descindex);
+ ndesc, descindex, &hd->skipped_long_blobs);
break;
}
if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
diff --git a/g10/keydb.h b/g10/keydb.h
index 23d0bcc..78d151a 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -142,6 +142,7 @@ gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved);
void keydb_rebuild_caches (int noisy);
+unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex);
diff --git a/g10/keylist.c b/g10/keylist.c
index 4a02820..b5ea84d 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -499,6 +499,9 @@ list_all (int secret, int mark_secret)
es_fflush (es_stdout);
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("keydb_search_next failed: %s\n", g10_errstr (rc));
+ if (keydb_get_skipped_counter (hd))
+ log_info (_("Warning: %lu key(s) skipped due to their large size\n"),
+ keydb_get_skipped_counter (hd));
if (opt.check_sigs && !opt.with_colons)
print_signature_stats (&stats);
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index ba284f9..bf47042 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -718,10 +718,12 @@ keybox_search_reset (KEYBOX_HANDLE hd)
/* Note: When in ephemeral mode the search function does visit all
- blobs but in standard mode, blobs flagged as ephemeral are ignored. */
+ blobs but in standard mode, blobs flagged as ephemeral are ignored.
+ The value at R_SKIPPED is updated by the number of skipped long
+ records (counts PGP and X.509). */
int
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
- size_t *r_descindex)
+ size_t *r_descindex, unsigned long *r_skipped)
{
int rc;
size_t n;
@@ -852,6 +854,13 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
_keybox_release_blob (blob); blob = NULL;
rc = _keybox_read_blob (&blob, hd->fp);
+ if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
+ && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
+ {
+ ++*r_skipped;
+ continue; /* Skip too large records. */
+ }
+
if (rc)
break;
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 9067fb8..b44f1b2 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -87,7 +87,7 @@ int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
int keybox_search_reset (KEYBOX_HANDLE hd);
int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
- size_t *r_descindex);
+ size_t *r_descindex, unsigned long *r_skipped);
/*-- keybox-update.c --*/
diff --git a/sm/keydb.c b/sm/keydb.c
index fb0947a..83e573f 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -958,6 +958,7 @@ int
keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
{
int rc = -1;
+ unsigned long skipped;
if (!hd)
return gpg_error (GPG_ERR_INV_VALUE);
@@ -970,7 +971,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
BUG(); /* we should never see it here */
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
- rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc, NULL);
+ rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
+ NULL, &skipped);
break;
}
if (rc == -1) /* EOF -> switch to next resource */
commit 60e21d8b85888b8c9ea15c70268f98d780fdf5fb
Author: Werner Koch
Date: Thu Oct 9 20:57:02 2014 +0200
gpg: Sync keylist output and warning messages.
* g10/keylist.c (list_all): Flush stdout before logging.
* g10/misc.c (print_pubkey_algo_note): Ditto.
(print_cipher_algo_note): Ditto.
(print_digest_algo_note): Ditto.
(print_md5_rejected_note): Ditto.
Signed-off-by: Werner Koch
diff --git a/g10/keylist.c b/g10/keylist.c
index 3649475..4a02820 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -496,6 +496,7 @@ list_all (int secret, int mark_secret)
keyblock = NULL;
}
while (!(rc = keydb_search_next (hd)));
+ es_fflush (es_stdout);
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("keydb_search_next failed: %s\n", g10_errstr (rc));
diff --git a/g10/misc.c b/g10/misc.c
index 320e8af..c47d6dc 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -298,12 +298,14 @@ print_pubkey_algo_note (pubkey_algo_t algo)
if(!warn)
{
warn=1;
+ es_fflush (es_stdout);
log_info (_("WARNING: using experimental public key algorithm %s\n"),
openpgp_pk_algo_name (algo));
}
}
else if (algo == PUBKEY_ALGO_ELGAMAL)
{
+ es_fflush (es_stdout);
log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
}
}
@@ -317,6 +319,7 @@ print_cipher_algo_note (cipher_algo_t algo)
if(!warn)
{
warn=1;
+ es_fflush (es_stdout);
log_info (_("WARNING: using experimental cipher algorithm %s\n"),
openpgp_cipher_algo_name (algo));
}
@@ -332,13 +335,17 @@ print_digest_algo_note (digest_algo_t algo)
if(!warn)
{
warn=1;
+ es_fflush (es_stdout);
log_info (_("WARNING: using experimental digest algorithm %s\n"),
gcry_md_algo_name (algo));
}
}
else if(algo==DIGEST_ALGO_MD5)
- log_info (_("WARNING: digest algorithm %s is deprecated\n"),
- gcry_md_algo_name (algo));
+ {
+ es_fflush (es_stdout);
+ log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+ gcry_md_algo_name (algo));
+ }
}
@@ -349,6 +356,7 @@ print_md5_rejected_note (void)
if (!shown)
{
+ es_fflush (es_stdout);
log_info
(_("Note: signatures using the %s algorithm are rejected\n"),
"MD5");
commit b6507bb80e4e4aa5c85a918fdcf5c28cccb75081
Author: Werner Koch
Date: Thu Oct 9 20:19:05 2014 +0200
kbx: Fix handling of overlong keys.
* kbx/keybox-file.c (IMAGELEN_LIMIT): Change limit from 10^6 to 2MiB.
(_keybox_read_blob2): Skip too long record records.
(_keybox_write_blob): Do not accept too long record.
* kbx/keybox-dump.c (file_stats_s): Add field skipped_long_blobs.
(_keybox_dump_file): Print new counter.
(_keybox_dump_file): Skip too long records.
----
To test this feature you may set the limit back to 1MiB and use key
F7F0E70F307D56ED which is in my local copy close to 2MiB. Without
this patch it was possible to import the key but access to that key
and all keys stored after it was not possible.
Signed-off-by: Werner Koch
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index bfe7b48..dfa8200 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -491,6 +491,7 @@ struct file_stats_s
unsigned long non_flagged;
unsigned long secret_flagged;
unsigned long ephemeral_flagged;
+ unsigned long skipped_long_blobs;
};
static int
@@ -594,8 +595,25 @@ _keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
if (!(fp = open_file (&filename, outfp)))
return gpg_error_from_syserror ();
- while ( !(rc = _keybox_read_blob (&blob, fp)) )
+ for (;;)
{
+ rc = _keybox_read_blob (&blob, fp);
+ if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
+ && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
+ {
+ if (stats_only)
+ stats.skipped_long_blobs++;
+ else
+ {
+ fprintf (outfp, "BEGIN-RECORD: %lu\n", count );
+ fprintf (outfp, "# Record too large\nEND-RECORD\n");
+ }
+ count++;
+ continue;
+ }
+ if (rc)
+ break;
+
if (stats_only)
{
update_stats (blob, &stats);
@@ -612,7 +630,7 @@ _keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
if (rc == -1)
rc = 0;
if (rc)
- fprintf (outfp, "error reading '%s': %s\n", filename, gpg_strerror (rc));
+ fprintf (outfp, "# error reading '%s': %s\n", filename, gpg_strerror (rc));
if (fp != stdin)
fclose (fp);
@@ -636,14 +654,17 @@ _keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
stats.non_flagged,
stats.secret_flagged,
stats.ephemeral_flagged);
+ if (stats.skipped_long_blobs)
+ fprintf (outfp, " skipped long blobs: %8lu\n",
+ stats.skipped_long_blobs);
if (stats.unknown_blob_count)
fprintf (outfp, " unknown blob types: %8lu\n",
stats.unknown_blob_count);
if (stats.too_short_blobs)
- fprintf (outfp, " too short blobs: %8lu\n",
+ fprintf (outfp, " too short blobs: %8lu (error)\n",
stats.too_short_blobs);
if (stats.too_large_blobs)
- fprintf (outfp, " too large blobs: %8lu\n",
+ fprintf (outfp, " too large blobs: %8lu (error)\n",
stats.too_large_blobs);
}
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index def896b..1ed5169 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -27,6 +27,9 @@
#include "keybox-defs.h"
+#define IMAGELEN_LIMIT (2*1024*1024)
+
+
#if !defined(HAVE_FTELLO) && !defined(ftello)
static off_t
ftello (FILE *stream)
@@ -75,9 +78,6 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
}
imagelen = (c1 << 24) | (c2 << 16) | (c3 << 8 ) | c4;
- if (imagelen > 1000000) /* Sanity check. */
- return gpg_error (GPG_ERR_TOO_LARGE);
-
if (imagelen < 5)
return gpg_error (GPG_ERR_TOO_SHORT);
@@ -90,6 +90,15 @@ _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted)
goto again;
}
+ if (imagelen > IMAGELEN_LIMIT) /* Sanity check. */
+ {
+ /* Seek forward so that the caller may choose to ignore this
+ record. */
+ if (fseek (fp, imagelen-5, SEEK_CUR))
+ return gpg_error_from_syserror ();
+ return gpg_error (GPG_ERR_TOO_LARGE);
+ }
+
image = xtrymalloc (imagelen);
if (!image)
return gpg_error_from_syserror ();
@@ -124,6 +133,10 @@ _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
size_t length;
image = _keybox_get_blob_image (blob, &length);
+
+ if (length > IMAGELEN_LIMIT)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
if (fwrite (image, length, 1, fp) != 1)
return gpg_error_from_syserror ();
return 0;
commit ec332d58efc50f6508b87fc9f51db68c39cee044
Author: Werner Koch
Date: Thu Oct 9 19:10:32 2014 +0200
gpg: Take care to use pubring.kbx if it has ever been used.
* kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp.
* kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header
flag.
* kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp
and set header flag.
* kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static
and add arg for_openpgp.
(keybox_new_openpgp, keybox_new_x509): New. Use them instead of the
former keybox_new.
* kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the
openpgp header flags.
* g10/keydb.c (rt_from_file): New. Factored out and extended from
keydb_add_resource.
(keydb_add_resource): Switch to the kbx file if it has the openpgp
flag set.
* kbx/keybox-dump.c (dump_header_blob): Print header flags.
--
The problem was reported by dkg on gnupg-devel (2014-10-07):
I just discovered a new problem, though, which will affect people on
systems that have gpg and gpg2 coinstalled:
0) create a new keyring with gpg2, and use it exclusively with gpg2
for a while.
1) somehow (accidentally?) use gpg (1.4.x) again -- this creates
~/.gnupg/pubring.gpg
2) future runs of gpg2 now only look at pubring.gpg and ignore
pubring.kbx -- the keys you had accumulated in the keybox are no
longer listed in the output of gpg2 --list-keys
Note that gpgsm has always used pubring.kbx and thus this file might
already be there but without gpg ever inserted a key. The new flag in
the KBX header gives us an indication whether a KBX file has ever been
written by gpg >= 2.1. If that is the case we will use it instead of
the default pubring.gpg.
Signed-off-by: Werner Koch
diff --git a/g10/keydb.c b/g10/keydb.c
index 178456a..a387951 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -242,7 +242,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
rc = gpg_error_from_syserror ();
else
{
- rc = _keybox_write_header_blob (fp);
+ rc = _keybox_write_header_blob (fp, 1);
fclose (fp);
}
if (rc)
@@ -277,6 +277,50 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create)
}
+/* Helper for keydb_add_resource. Opens FILENAME to figures out the
+ resource type. Returns the resource type and a flag at R_NOTFOUND
+ indicating whether FILENAME could be opened at all. If the openpgp
+ flag is set in a keybox header, R_OPENPGP will be set to true. */
+static KeydbResourceType
+rt_from_file (const char *filename, int *r_found, int *r_openpgp)
+{
+ u32 magic;
+ unsigned char verbuf[4];
+ FILE *fp;
+ KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
+
+ *r_found = *r_openpgp = 0;
+ fp = fopen (filename, "rb");
+ if (fp)
+ {
+ *r_found = 1;
+
+ if (fread (&magic, 4, 1, fp) == 1 )
+ {
+ if (magic == 0x13579ace || magic == 0xce9a5713)
+ ; /* GDBM magic - not anymore supported. */
+ else if (fread (&verbuf, 4, 1, fp) == 1
+ && verbuf[0] == 1
+ && fread (&magic, 4, 1, fp) == 1
+ && !memcmp (&magic, "KBXf", 4))
+ {
+ if ((verbuf[3] & 0x02))
+ *r_openpgp = 1;
+ rt = KEYDB_RESOURCE_TYPE_KEYBOX;
+ }
+ else
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+ }
+ else /* Maybe empty: assume keyring. */
+ rt = KEYDB_RESOURCE_TYPE_KEYRING;
+
+ fclose (fp);
+ }
+
+ return rt;
+}
+
+
/*
* Register a resource (keyring or aeybox). The first keyring or
* keybox which is added by this function is created if it does not
@@ -337,33 +381,34 @@ keydb_add_resource (const char *url, unsigned int flags)
/* See whether we can determine the filetype. */
if (rt == KEYDB_RESOURCE_TYPE_NONE)
{
- FILE *fp;
+ int found, openpgp_flag;
int pass = 0;
size_t filenamelen;
check_again:
filenamelen = strlen (filename);
- fp = fopen (filename, "rb");
- if (fp)
+ rt = rt_from_file (filename, &found, &openpgp_flag);
+ if (found)
{
- u32 magic;
-
- if (fread (&magic, 4, 1, fp) == 1 )
+ /* The file exists and we have the resource type in RT.
+
+ Now let us check whether in addition to the "pubring.gpg"
+ a "pubring.kbx with openpgp keys exists. This is so that
+ GPG 2.1 will use an existing "pubring.kbx" by default iff
+ that file has been created or used by 2.1. This check is
+ needed because after creation or use of the kbx file with
+ 2.1 an older version of gpg may have created a new
+ pubring.gpg for its own use. */
+ if (!pass && is_default && rt == KEYDB_RESOURCE_TYPE_KEYRING
+ && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".gpg"))
{
- if (magic == 0x13579ace || magic == 0xce9a5713)
- ; /* GDBM magic - not anymore supported. */
- else if (fread (&magic, 4, 1, fp) == 1
- && !memcmp (&magic, "\x01", 1)
- && fread (&magic, 4, 1, fp) == 1
- && !memcmp (&magic, "KBXf", 4))
+ strcpy (filename+filenamelen-4, ".kbx");
+ if ((rt_from_file (filename, &found, &openpgp_flag)
+ == KEYDB_RESOURCE_TYPE_KEYBOX) && found && openpgp_flag)
rt = KEYDB_RESOURCE_TYPE_KEYBOX;
- else
- rt = KEYDB_RESOURCE_TYPE_KEYRING;
- }
- else /* Maybe empty: assume keyring. */
- rt = KEYDB_RESOURCE_TYPE_KEYRING;
-
- fclose (fp);
+ else /* Restore filename */
+ strcpy (filename+filenamelen-4, ".gpg");
+ }
}
else if (!pass
&& is_default && create
@@ -508,7 +553,7 @@ keydb_new (void)
case KEYDB_RESOURCE_TYPE_KEYBOX:
hd->active[j].type = all_resources[i].type;
hd->active[j].token = all_resources[i].token;
- hd->active[j].u.kb = keybox_new (all_resources[i].token, 0);
+ hd->active[j].u.kb = keybox_new_openpgp (all_resources[i].token, 0);
if (!hd->active[j].u.kb)
{
xfree (hd);
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index f7abb6c..35ce3e3 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -42,8 +42,9 @@
- u32 Length of this blob
- byte Blob type (1)
- byte Version number (1)
- - byte RFU
- - byte RFU
+ - u16 Header flags
+ bit 0 - RFU
+ bit 1 - Is being or has been used for OpenPGP blobs
- b4 Magic 'KBXf'
- u32 RFU
- u32 file_created_at
@@ -1028,7 +1029,7 @@ _keybox_get_blob_fileoffset (KEYBOXBLOB blob)
void
-_keybox_update_header_blob (KEYBOXBLOB blob)
+_keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp)
{
if (blob->bloblen >= 32 && blob->blob[4] == BLOBTYPE_HEADER)
{
@@ -1039,5 +1040,8 @@ _keybox_update_header_blob (KEYBOXBLOB blob)
blob->blob[20+1] = (val >> 16);
blob->blob[20+2] = (val >> 8);
blob->blob[20+3] = (val );
+
+ if (for_openpgp)
+ blob->blob[7] |= 0x02; /* OpenPGP data may be available. */
}
}
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 7bbcf83..415a3ef 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -101,6 +101,7 @@ struct keybox_handle {
int eof;
int error;
int ephemeral;
+ int for_openpgp; /* Used by gpg. */
struct keybox_found_s found;
struct keybox_found_s saved_found;
struct {
@@ -176,7 +177,7 @@ int _keybox_new_blob (KEYBOXBLOB *r_blob,
void _keybox_release_blob (KEYBOXBLOB blob);
const unsigned char *_keybox_get_blob_image (KEYBOXBLOB blob, size_t *n);
off_t _keybox_get_blob_fileoffset (KEYBOXBLOB blob);
-void _keybox_update_header_blob (KEYBOXBLOB blob);
+void _keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp);
/*-- keybox-openpgp.c --*/
gpg_error_t _keybox_parse_openpgp (const unsigned char *image, size_t imagelen,
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index af9052d..bfe7b48 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -141,6 +141,25 @@ dump_header_blob (const byte *buffer, size_t length, FILE *fp)
return -1;
}
fprintf (fp, "Version: %d\n", buffer[5]);
+
+ n = get16 (buffer + 6);
+ fprintf( fp, "Flags: %04lX", n);
+ if (n)
+ {
+ int any = 0;
+
+ fputs (" (", fp);
+ if ((n & 2))
+ {
+ if (any)
+ putc (',', fp);
+ fputs ("openpgp", fp);
+ any++;
+ }
+ putc (')', fp);
+ }
+ putc ('\n', fp);
+
if ( memcmp (buffer+8, "KBXf", 4))
fprintf (fp, "[Error: invalid magic number]\n");
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index f720993..def896b 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -132,7 +132,7 @@ _keybox_write_blob (KEYBOXBLOB blob, FILE *fp)
/* Write a fresh header type blob. */
int
-_keybox_write_header_blob (FILE *fp)
+_keybox_write_header_blob (FILE *fp, int for_openpgp)
{
unsigned char image[32];
u32 val;
@@ -143,6 +143,8 @@ _keybox_write_header_blob (FILE *fp)
image[4] = BLOBTYPE_HEADER;
image[5] = 1; /* Version */
+ if (for_openpgp)
+ image[7] = 0x02; /* OpenPGP data may be available. */
memcpy (image+8, "KBXf", 4);
val = time (NULL);
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index 8ae3ec3..0d4800e 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -77,15 +77,10 @@ keybox_is_writable (void *token)
-/* Create a new handle for the resource associated with TOKEN. SECRET
- is just a cross-check.
-
- The returned handle must be released using keybox_release (). */
-KEYBOX_HANDLE
-keybox_new (void *token, int secret)
+static KEYBOX_HANDLE
+do_keybox_new (KB_NAME resource, int secret, int for_openpgp)
{
KEYBOX_HANDLE hd;
- KB_NAME resource = token;
int idx;
assert (resource && !resource->secret == !secret);
@@ -94,6 +89,7 @@ keybox_new (void *token, int secret)
{
hd->kb = resource;
hd->secret = !!secret;
+ hd->for_openpgp = for_openpgp;
if (!resource->handle_table)
{
resource->handle_table_size = 3;
@@ -135,6 +131,30 @@ keybox_new (void *token, int secret)
return hd;
}
+
+/* Create a new handle for the resource associated with TOKEN. SECRET
+ is just a cross-check. This is the OpenPGP version. The returned
+ handle must be released using keybox_release. */
+KEYBOX_HANDLE
+keybox_new_openpgp (void *token, int secret)
+{
+ KB_NAME resource = token;
+
+ return do_keybox_new (resource, secret, 1);
+}
+
+/* Create a new handle for the resource associated with TOKEN. SECRET
+ is just a cross-check. This is the X.509 version. The returned
+ handle must be released using keybox_release. */
+KEYBOX_HANDLE
+keybox_new_x509 (void *token, int secret)
+{
+ KB_NAME resource = token;
+
+ return do_keybox_new (resource, secret, 0);
+}
+
+
void
keybox_release (KEYBOX_HANDLE hd)
{
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 6ade9e7..693b732 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -211,18 +211,18 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
-/* Perform insert/delete/update operation.
- MODE is one of FILECOPY_INSERT, FILECOPY_DELETE, FILECOPY_UPDATE.
-*/
+/* Perform insert/delete/update operation. MODE is one of
+ FILECOPY_INSERT, FILECOPY_DELETE, FILECOPY_UPDATE. FOR_OPENPGP
+ indicates that this is called due to an OpenPGP keyblock change. */
static int
blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
- int secret, off_t start_offset)
+ int secret, int for_openpgp, off_t start_offset)
{
FILE *fp, *newfp;
int rc=0;
char *bakfname = NULL;
char *tmpfname = NULL;
- char buffer[4096];
+ char buffer[4096]; /* (Must be at least 32 bytes) */
int nread, nbytes;
/* Open the source file. Because we do a rename, we have to check the
@@ -239,7 +239,7 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
if (!newfp )
return gpg_error_from_syserror ();
- rc = _keybox_write_header_blob (newfp);
+ rc = _keybox_write_header_blob (newfp, for_openpgp);
if (rc)
return rc;
@@ -275,9 +275,19 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
/* prepare for insert */
if (mode == FILECOPY_INSERT)
{
- /* Copy everything to the new file. */
+ int first_record = 1;
+
+ /* Copy everything to the new file. If this is for OpenPGP, we
+ make sure that the openpgp flag is set in the header. (We
+ failsafe the blob type.) */
while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
{
+ if (first_record && for_openpgp && buffer[4] == BLOBTYPE_HEADER)
+ {
+ first_record = 0;
+ buffer[7] |= 0x02; /* OpenPGP data may be available. */
+ }
+
if (fwrite (buffer, nread, 1, newfp) != 1)
{
rc = gpg_error_from_syserror ();
@@ -409,7 +419,7 @@ keybox_insert_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen,
_keybox_destroy_openpgp_info (&info);
if (!err)
{
- err = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0);
+ err = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 1, 0);
_keybox_release_blob (blob);
/* if (!rc && !hd->secret && kb_offtbl) */
/* { */
@@ -462,7 +472,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
/* Update the keyblock. */
if (!err)
{
- err = blob_filecopy (FILECOPY_UPDATE, fname, blob, hd->secret, off);
+ err = blob_filecopy (FILECOPY_UPDATE, fname, blob, hd->secret, 1, off);
_keybox_release_blob (blob);
}
return err;
@@ -495,7 +505,7 @@ keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
if (!rc)
{
- rc = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0);
+ rc = blob_filecopy (FILECOPY_INSERT, fname, blob, hd->secret, 0, 0);
_keybox_release_blob (blob);
/* if (!rc && !hd->secret && kb_offtbl) */
/* { */
@@ -743,8 +753,10 @@ keybox_compress (KEYBOX_HANDLE hd)
first_blob = 0;
if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
{
- /* Write out the blob with an updated maintenance time stamp. */
- _keybox_update_header_blob (blob);
+ /* Write out the blob with an updated maintenance time
+ stamp and if needed (ie. used by gpg) set the openpgp
+ flag. */
+ _keybox_update_header_blob (blob, hd->for_openpgp);
rc = _keybox_write_blob (blob, newfp);
if (rc)
break;
@@ -752,7 +764,7 @@ keybox_compress (KEYBOX_HANDLE hd)
}
/* The header blob is missing. Insert it. */
- rc = _keybox_write_header_blob (newfp);
+ rc = _keybox_write_header_blob (newfp, hd->for_openpgp);
if (rc)
break;
any_changes = 1;
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 96c6db5..9067fb8 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -62,7 +62,8 @@ typedef enum
void *keybox_register_file (const char *fname, int secret);
int keybox_is_writable (void *token);
-KEYBOX_HANDLE keybox_new (void *token, int secret);
+KEYBOX_HANDLE keybox_new_openpgp (void *token, int secret);
+KEYBOX_HANDLE keybox_new_x509 (void *token, int secret);
void keybox_release (KEYBOX_HANDLE hd);
void keybox_push_found_state (KEYBOX_HANDLE hd);
void keybox_pop_found_state (KEYBOX_HANDLE hd);
@@ -74,7 +75,7 @@ int keybox_lock (KEYBOX_HANDLE hd, int yes);
/*-- keybox-file.c --*/
/* Fixme: This function does not belong here: Provide a better
interface to create a new keybox file. */
-int _keybox_write_header_blob (FILE *fp);
+int _keybox_write_header_blob (FILE *fp, int openpgp_flag);
/*-- keybox-search.c --*/
gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
diff --git a/sm/keydb.c b/sm/keydb.c
index 5a250b0..fb0947a 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -341,7 +341,7 @@ keydb_add_resource (const char *url, int force, int secret, int *auto_created)
/* Do a compress run if needed and the file is not locked. */
if (!dotlock_take (all_resources[used_resources].lockhandle, 0))
{
- KEYBOX_HANDLE kbxhd = keybox_new (token, secret);
+ KEYBOX_HANDLE kbxhd = keybox_new_x509 (token, secret);
if (kbxhd)
{
@@ -400,7 +400,7 @@ keydb_new (int secret)
hd->active[j].token = all_resources[i].token;
hd->active[j].secret = all_resources[i].secret;
hd->active[j].lockhandle = all_resources[i].lockhandle;
- hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
+ hd->active[j].u.kr = keybox_new_x509 (all_resources[i].token, secret);
if (!hd->active[j].u.kr)
{
xfree (hd);
commit d8c01d826f919dd2faa73fe5692e0d3da235846d
Author: Werner Koch
Date: Thu Oct 9 10:56:25 2014 +0200
gpg: Change wording of a migration error message.
--
diff --git a/g10/migrate.c b/g10/migrate.c
index 5cb3512..96ca5c2 100644
--- a/g10/migrate.c
+++ b/g10/migrate.c
@@ -80,8 +80,9 @@ migrate_secring (ctrl_t ctrl)
{
log_error ("error: GnuPG agent version \"%s\" is too old. ",
agent_version);
- log_error ("Please install an updated GnuPG agent.\n");
- log_error ("migration aborted\n");
+ log_info ("Please make sure that a recent gpg-agent is running.\n");
+ log_info ("(restarting the user session may achieve this.)\n");
+ log_info ("migration aborted\n");
xfree (agent_version);
goto leave;
}
commit 6be5c4febc2ec484f049ed743bca08fa9da44590
Author: Kristian Fiskerstrand
Date: Tue Oct 7 20:37:16 2014 +0200
doc: Add missing entry for allow-preset-passphase
--
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 7c21889..36f0ed1 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -349,6 +349,12 @@ Allow clients to mark keys as trusted, i.e. put them into the
@file{trustlist.txt} file. This is by default not allowed to make it
harder for users to inadvertently accept Root-CA keys.
+ at anchor{option --allow-preset-passphrase}
+ at item --allow-preset-passphrase
+ at opindex allow-preset-passphrase
+This option allows the use of @command{gpg-preset-passphrase} to seed the
+internal cache of @command{gpg-agent} with passphrases.
+
@ifset gpgtwoone
@anchor{option --allow-loopback-pinentry}
@item --allow-loopback-pinentry
commit 27fe067efea883629354450a042ad09e47d90ff8
Author: Daniel Kahn Gillmor
Date: Wed Oct 8 03:12:51 2014 -0400
Avoid unnecessary library linkage
* dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
* g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
need $(LIBASSUAN_LIBS)
* sm/Makefile.am: gpgsm does not need $(ZLIBS)
* tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
--
In the course of building GnuPG 2.1.0 beta864 on debian, i found that
several of the installed executables were linked to libraries that
they did not need to be linked to, which would cause unnecessary
package dependencies at runtime.
The changeset here removes these unnecessary libraries from linking.
Something similar could possibly also be done by passing --as-needed
to the linker, but trimming the depenencies seems more parsimonious.
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index d0226a3..632e525 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -73,7 +73,7 @@ if USE_LDAPWRAPPER
dirmngr_ldap_SOURCES = dirmngr_ldap.c $(ldap_url)
dirmngr_ldap_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
dirmngr_ldap_LDFLAGS =
-dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o ../gl/libgnu.a $(DNSLIBS) \
+dirmngr_ldap_LDADD = $(libcommon) no-libgcrypt.o ../gl/libgnu.a \
$(GPG_ERROR_LIBS) $(LDAPLIBS) $(LBER_LIBS) $(LIBINTL) \
$(LIBICONV)
endif
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 6fa7a5c..d0343fa 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -138,14 +138,14 @@ gpgv2_SOURCES = gpgv.c \
# here, even that it is not used by gpg. A proper solution would
# either to split up libkeybox.a or to use a separate keybox daemon.
LDADD = $(needed_libs) ../common/libgpgrl.a \
- $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
+ $(ZLIBS) $(DNSLIBS) \
$(LIBINTL) $(CAPLIBS) $(NETLIBS)
-gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
+gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \
$(KSBA_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs) $(extra_sys_libs)
gpg2_LDFLAGS = $(extra_bin_ldflags)
gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \
- $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+ $(KSBA_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs) $(extra_sys_libs)
gpgv2_LDFLAGS = $(extra_bin_ldflags)
diff --git a/sm/Makefile.am b/sm/Makefile.am
index 7fff752..12b85ab 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -61,7 +61,7 @@ common_libs = ../kbx/libkeybox.a $(libcommon) ../gl/libgnu.a
gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \
- $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) $(ZLIBS) \
+ $(GPG_ERROR_LIBS) $(LIBREADLINE) $(LIBINTL) \
$(LIBICONV) $(resource_objs) $(extra_sys_libs)
gpgsm_LDFLAGS = $(extra_bin_ldflags)
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 946ae4a..340901a 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -98,7 +98,7 @@ gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c
# common sucks in gpg-error, will they, nil they (some compilers
# do not eliminate the supposed-to-be-unused-inline-functions).
gpgconf_LDADD = $(maybe_commonpth_libs) $(opt_libassuan_libs) \
- $(LIBINTL) $(GPG_ERROR_LIBS) $(NPTH_LIBS) $(NETLIBS) \
+ $(LIBINTL) $(GPG_ERROR_LIBS) $(NETLIBS) \
$(LIBICONV) $(W32SOCKLIBS)
gpgconf_LDFLAGS = $(extra_bin_ldflags)
-----------------------------------------------------------------------
Summary of changes:
dirmngr/Makefile.am | 2 +-
doc/gpg-agent.texi | 6 ++++
g10/Makefile.am | 6 ++--
g10/keydb.c | 98 +++++++++++++++++++++++++++++++++++++++------------
g10/keydb.h | 1 +
g10/keylist.c | 4 +++
g10/migrate.c | 5 +--
g10/misc.c | 12 +++++--
kbx/keybox-blob.c | 10 ++++--
kbx/keybox-defs.h | 3 +-
kbx/keybox-dump.c | 48 ++++++++++++++++++++++---
kbx/keybox-file.c | 23 +++++++++---
kbx/keybox-init.c | 34 ++++++++++++++----
kbx/keybox-search.c | 13 +++++--
kbx/keybox-update.c | 38 +++++++++++++-------
kbx/keybox.h | 7 ++--
sm/Makefile.am | 2 +-
sm/keydb.c | 8 +++--
tools/Makefile.am | 2 +-
19 files changed, 250 insertions(+), 72 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 10 13:51:35 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 10 Oct 2014 13:51:35 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-11-g5b5e5a6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 5b5e5a6027ae1743719e112aa4e9055f1b8133a7 (commit)
via 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af (commit)
from 2ca90f78cee91c43b8d538d1cb92728f8e1452d5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5b5e5a6027ae1743719e112aa4e9055f1b8133a7
Author: Werner Koch
Date: Fri Oct 10 13:51:19 2014 +0200
doc: Fix a man page rendering problem.
* doc/gpg-agent.texi (Agent Configuration): Fix rendering of the
sshcontrol example.
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 36f0ed1..7eadf59 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -684,13 +684,13 @@ The following example lists exactly one key. Note that keys available
through a OpenPGP smartcard in the active smartcard reader are
implicitly added to this list; i.e. there is no need to list them.
- @cartouche
- @smallexample
- # Key added on: 2011-07-20 20:38:46
- # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
- 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
- @end smallexample
- @end cartouche
+ at cartouche
+ at smallexample
+ # Key added on: 2011-07-20 20:38:46
+ # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
+ 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
+ at end smallexample
+ at end cartouche
@item private-keys-v1.d/
commit 6cabb7a2a18f871b8c3d5de58bcdc5aaa5b201af
Author: Daniel Kahn Gillmor
Date: Thu Oct 9 16:54:15 2014 -0400
gpg: Add build and runtime support for larger RSA keys
* configure.ac: Added --enable-large-secmem option.
* g10/options.h: Add opt.flags.large_rsa.
* g10/gpg.c: Contingent on configure option: adjust secmem size,
add gpg --enable-large-rsa, bound to opt.flags.large_rsa.
* g10/keygen.c: Adjust max RSA size based on opt.flags.large_rsa
* doc/gpg.texi: Document --enable-large-rsa.
--
This is a cherry-pick of 534e2876acc05f9f8d9b54c18511fe768d77dfb5 from
STABLE-BRANCH-1-4 against master
Some older implementations built and used RSA keys up to 16Kib, but
the larger secret keys now fail when used by more recent GnuPG, due to
secure memory limitations.
Building with ./configure --enable-large-secmem will make gpg
capable of working with those secret keys, as well as permitting the
use of a new gpg option --enable-large-rsa, which let gpg generate RSA
keys up to 8Kib when used with --batch --gen-key.
Debian-bug-id: 739424
Minor edits by wk.
GnuPG-bug-id: 1732
diff --git a/configure.ac b/configure.ac
index 28268f1..7ce8c09 100644
--- a/configure.ac
+++ b/configure.ac
@@ -107,6 +107,7 @@ card_support=yes
use_ccid_driver=yes
dirmngr_auto_start=yes
use_tls_library=no
+large_secmem=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
@@ -223,6 +224,20 @@ AC_ARG_ENABLE(selinux-support,
AC_MSG_RESULT($selinux_support)
+AC_MSG_CHECKING([whether to allocate extra secure memory])
+AC_ARG_ENABLE(large-secmem,
+ AC_HELP_STRING([--enable-large-secmem],
+ [allocate extra secure memory]),
+ large_secmem=$enableval, large_secmem=no)
+AC_MSG_RESULT($large_secmem)
+if test "$large_secmem" = yes ; then
+ SECMEM_BUFFER_SIZE=65536
+else
+ SECMEM_BUFFER_SIZE=32768
+fi
+AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE,
+ [Size of secure memory buffer])
+
AC_MSG_CHECKING([whether to enable trust models])
AC_ARG_ENABLE(trust-models,
AC_HELP_STRING([--disable-trust-models],
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 002e888..e7360e9 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1181,6 +1181,15 @@ the opposite meaning. The options are:
validation. This option is only meaningful if pka-lookups is set.
@end table
+ at item --enable-large-rsa
+ at itemx --disable-large-rsa
+ at opindex enable-large-rsa
+ at opindex disable-large-rsa
+With --gen-key and --batch, enable the creation of larger RSA secret
+keys than is generally recommended (up to 8192 bits). These large
+keys are more expensive to use, and their signatures and
+certifications are also larger.
+
@item --enable-dsa2
@itemx --disable-dsa2
@opindex enable-dsa2
diff --git a/g10/gpg.c b/g10/gpg.c
index f586042..e7d6d00 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -376,6 +376,8 @@ enum cmd_and_opt_values
oAutoKeyLocate,
oNoAutoKeyLocate,
oAllowMultisigVerification,
+ oEnableLargeRSA,
+ oDisableLargeRSA,
oEnableDSA2,
oDisableDSA2,
oAllowMultipleMessages,
@@ -770,6 +772,8 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oAllowMultisigVerification,
"allow-multisig-verification", "@"),
+ ARGPARSE_s_n (oEnableLargeRSA, "enable-large-rsa", "@"),
+ ARGPARSE_s_n (oDisableLargeRSA, "disable-large-rsa", "@"),
ARGPARSE_s_n (oEnableDSA2, "enable-dsa2", "@"),
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
@@ -2181,7 +2185,7 @@ main (int argc, char **argv)
#endif
/* Initialize the secure memory. */
- if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+ if (!gcry_control (GCRYCTL_INIT_SECMEM, SECMEM_BUFFER_SIZE, 0))
got_secmem = 1;
#if defined(HAVE_GETUID) && defined(HAVE_GETEUID)
/* There should be no way to get to this spot while still carrying
@@ -3099,6 +3103,22 @@ main (int argc, char **argv)
release_akl();
break;
+ case oEnableLargeRSA:
+#if SECMEM_BUFFER_SIZE >= 65536
+ opt.flags.large_rsa=1;
+#else
+ if (configname)
+ log_info("%s:%d: WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring enable-large-rsa\n",
+ configname,configlineno);
+ else
+ log_info("WARNING: gpg not built with large secure "
+ "memory buffer. Ignoring --enable-large-rsa\n");
+#endif /* SECMEM_BUFFER_SIZE >= 65536 */
+ break;
+ case oDisableLargeRSA: opt.flags.large_rsa=0;
+ break;
+
case oEnableDSA2: opt.flags.dsa2=1; break;
case oDisableDSA2: opt.flags.dsa2=0; break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 229f2bf..1c8d70e 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1555,6 +1555,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
int err;
char *keyparms;
char nbitsstr[35];
+ const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
assert (is_RSA(algo));
@@ -1566,9 +1567,9 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
- else if (nbits > 4096)
+ else if (nbits > maxsize)
{
- nbits = 4096;
+ nbits = maxsize;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
diff --git a/g10/options.h b/g10/options.h
index 7efb3d6..edd31a9 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -229,6 +229,7 @@ struct
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
unsigned int allow_weak_digest_algos:1;
+ unsigned int large_rsa:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
-----------------------------------------------------------------------
Summary of changes:
configure.ac | 15 +++++++++++++++
doc/gpg-agent.texi | 14 +++++++-------
doc/gpg.texi | 9 +++++++++
g10/gpg.c | 22 +++++++++++++++++++++-
g10/keygen.c | 5 +++--
g10/options.h | 1 +
6 files changed, 56 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 10 15:30:25 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 10 Oct 2014 15:30:25 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-13-g54ffe20
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 54ffe2045aa4d3157f0919744210c9463594799c (commit)
via 36679f33aa0bf8bc6a03bcbd5b283cb541686434 (commit)
from 5b5e5a6027ae1743719e112aa4e9055f1b8133a7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 54ffe2045aa4d3157f0919744210c9463594799c
Author: Werner Koch
Date: Fri Oct 10 15:29:42 2014 +0200
Use a unique capitalization for "Note:".
--
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 0c163e1..af91506 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -759,7 +759,7 @@ main (int argc, char **argv )
if (default_config)
{
if( parse_debug )
- log_info (_("NOTE: no default option file '%s'\n"),
+ log_info (_("Note: no default option file '%s'\n"),
configname );
/* Save the default conf file name so that
reread_configuration is able to test whether the
@@ -881,7 +881,7 @@ main (int argc, char **argv )
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
#ifdef ENABLE_NLS
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 8110df2..b6892bf 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -807,7 +807,7 @@ main (int argc, char **argv)
if (default_config)
{
if( parse_debug )
- log_info (_("NOTE: no default option file '%s'\n"),
+ log_info (_("Note: no default option file '%s'\n"),
configname );
}
else
@@ -925,7 +925,7 @@ main (int argc, char **argv)
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
if (!access ("/etc/"DIRMNGR_NAME, F_OK) && !strncmp (opt.homedir, "/etc/", 5))
diff --git a/dirmngr/validate.c b/dirmngr/validate.c
index 024708b..574eca6 100644
--- a/dirmngr/validate.c
+++ b/dirmngr/validate.c
@@ -164,7 +164,7 @@ check_cert_policy (ksba_cert_t cert)
if (!any_critical)
{
- log_info (_("note: non-critical certificate policy not allowed"));
+ log_info (_("Note: non-critical certificate policy not allowed"));
err = 0;
}
else
diff --git a/g10/card-util.c b/g10/card-util.c
index abf234f..b5be80a 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1282,7 +1282,7 @@ show_keysize_warning (void)
return;
shown = 1;
tty_printf
- (_("NOTE: There is no guarantee that the card "
+ (_("Note: There is no guarantee that the card "
"supports the requested size.\n"
" If the key generation does not succeed, "
"please check the\n"
@@ -1392,7 +1392,7 @@ generate_card_keys (ctrl_t ctrl)
|| (info.fpr3valid && !fpr_is_zero (info.fpr3)))
{
tty_printf ("\n");
- log_info (_("NOTE: keys are already stored on the card!\n"));
+ log_info (_("Note: keys are already stored on the card!\n"));
tty_printf ("\n");
if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
_("Replace existing keys? (y/N) ")))
diff --git a/g10/gpg.c b/g10/gpg.c
index e7d6d00..57deb8d 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1976,7 +1976,7 @@ get_default_configname (void)
/* Print a warning when both config files are present. */
char *p = make_filename (opt.homedir, "options", NULL);
if (! access (p, R_OK))
- log_info (_("NOTE: old default options file '%s' ignored\n"), p);
+ log_info (_("Note: old default options file '%s' ignored\n"), p);
xfree (p);
}
else
@@ -2243,7 +2243,7 @@ main (int argc, char **argv)
if( !configfp ) {
if( default_config ) {
if( parse_debug )
- log_info(_("NOTE: no default option file '%s'\n"),
+ log_info(_("Note: no default option file '%s'\n"),
configname );
}
else {
@@ -2509,7 +2509,7 @@ main (int argc, char **argv)
#endif /*!NO_TRUST_MODELS*/
case oForceOwnertrust:
- log_info(_("NOTE: %s is not for normal use!\n"),
+ log_info(_("Note: %s is not for normal use!\n"),
"--force-ownertrust");
opt.force_ownertrust=string_to_trust_value(pargs.r.ret_str);
if(opt.force_ownertrust==-1)
@@ -3235,7 +3235,7 @@ main (int argc, char **argv)
}
if (opt.no_literal) {
- log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal");
+ log_info(_("Note: %s is not for normal use!\n"), "--no-literal");
if (opt.textmode)
log_error(_("%s not allowed with %s!\n"),
"--textmode", "--no-literal" );
@@ -3247,7 +3247,7 @@ main (int argc, char **argv)
if (opt.set_filesize)
- log_info(_("NOTE: %s is not for normal use!\n"), "--set-filesize");
+ log_info(_("Note: %s is not for normal use!\n"), "--set-filesize");
if( opt.batch )
tty_batchmode( 1 );
@@ -3268,7 +3268,7 @@ main (int argc, char **argv)
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
@@ -3353,7 +3353,7 @@ main (int argc, char **argv)
log_error(_("invalid min-cert-level; must be 1, 2, or 3\n"));
switch( opt.s2k_mode ) {
case 0:
- log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
+ log_info(_("Note: simple S2K mode (0) is strongly discouraged\n"));
break;
case 1: case 3: break;
default:
diff --git a/g10/keygen.c b/g10/keygen.c
index 1c8d70e..6079ff0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4263,7 +4263,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
if (pri_psk->version < 4)
{
- log_info (_("NOTE: creating subkeys for v3 keys "
+ log_info (_("Note: creating subkeys for v3 keys "
"is not OpenPGP compliant\n"));
err = gpg_error (GPG_ERR_CONFLICT);
goto leave;
@@ -4386,7 +4386,7 @@ generate_card_subkeypair (kbnode_t pub_keyblock,
if (pri_pk->version < 4)
{
- log_info (_("NOTE: creating subkeys for v3 keys "
+ log_info (_("Note: creating subkeys for v3 keys "
"is not OpenPGP compliant\n"));
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
@@ -4657,7 +4657,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
iobuf_close (fp);
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
- log_info (_("NOTE: backup of card key saved to '%s'\n"), fname);
+ log_info (_("Note: backup of card key saved to '%s'\n"), fname);
fingerprint_from_sk (sk, array, &n);
p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 7c699b3..50d1d27 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -623,7 +623,7 @@ proc_plaintext( CTX c, PACKET *pkt )
literals_seen++;
if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) )
- log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n"));
+ log_info(_("Note: sender requested \"for-your-eyes-only\"\n"));
else if( opt.verbose )
log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
free_md_filter_context( &c->mfx );
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 60f7611..e79199e 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -375,14 +375,14 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
BUG ();
if (pk->expiredate && pk->expiredate <= make_timestamp ())
{
- log_info (_("NOTE: secret key %s expired at %s\n"),
+ log_info (_("Note: secret key %s expired at %s\n"),
keystr (keyid), asctimestamp (pk->expiredate));
}
}
if (pk && pk->flags.revoked)
{
- log_info (_("NOTE: key has been revoked"));
+ log_info (_("Note: key has been revoked"));
log_printf ("\n");
show_revocation_reason (pk, 1);
}
diff --git a/g10/revoke.c b/g10/revoke.c
index 019c62c..81b5d6d 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -113,7 +113,7 @@ export_minimal_pk(IOBUF out,KBNODE keyblock,
rc=build_packet(out,&pkt);
if(rc)
{
- log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
+ log_error("build_packet failed: %s\n", g10_errstr(rc) );
return rc;
}
}
diff --git a/g10/sig-check.c b/g10/sig-check.c
index ad2ab5c..f563862 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -235,7 +235,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig,
if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
char buf[11];
if (opt.verbose)
- log_info(_("NOTE: signature key %s expired %s\n"),
+ log_info(_("Note: signature key %s expired %s\n"),
keystr_from_pk(pk), asctimestamp( pk->expiredate ) );
sprintf(buf,"%lu",(ulong)pk->expiredate);
write_status_text(STATUS_KEYEXPIRED,buf);
@@ -246,7 +246,7 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig,
if (pk->flags.revoked)
{
if (opt.verbose)
- log_info (_("NOTE: signature key %s has been revoked\n"),
+ log_info (_("Note: signature key %s has been revoked\n"),
keystr_from_pk(pk));
if (r_revoked)
*r_revoked=1;
diff --git a/g10/tdbio.c b/g10/tdbio.c
index 2b9d4ff..aff565c 100644
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@@ -647,7 +647,7 @@ open_db()
/* Take care of read-only trustdbs. */
db_fd = open (db_name, O_RDONLY | MY_O_BINARY );
if (db_fd != -1 && !opt.quiet)
- log_info (_("NOTE: trustdb not writable\n"));
+ log_info (_("Note: trustdb not writable\n"));
}
if ( db_fd == -1 )
log_fatal( _("can't open '%s': %s\n"), db_name, strerror(errno) );
diff --git a/po/de.po b/po/de.po
index 7c4dab7..fa56dd5 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-10-10 14:57+0200\n"
+"PO-Revision-Date: 2014-10-10 15:27+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -378,7 +378,7 @@ msgid "%s is too old (need %s, have %s)\n"
msgstr "Die Bibliothek %s ist nicht aktuell (ben?tige %s, habe %s)\n"
#, c-format
-msgid "NOTE: no default option file '%s'\n"
+msgid "Note: no default option file '%s'\n"
msgstr "Hinweis: Keine voreingestellte Optionendatei '%s' vorhanden\n"
#, c-format
@@ -390,7 +390,7 @@ msgid "reading options from '%s'\n"
msgstr "Optionen werden aus '%s' gelesen\n"
#, c-format
-msgid "NOTE: '%s' is not considered an option\n"
+msgid "Note: '%s' is not considered an option\n"
msgstr "Hinweis: `%s' wird nicht als Option betrachtet\n"
msgid "name of socket too long\n"
@@ -1259,7 +1259,7 @@ msgid "Replace existing key? (y/N) "
msgstr "Vorhandenen Schl?ssel ersetzen? (j/N) "
msgid ""
-"NOTE: There is no guarantee that the card supports the requested size.\n"
+"Note: There is no guarantee that the card supports the requested size.\n"
" If the key generation does not succeed, please check the\n"
" documentation of your card to see what sizes are allowed.\n"
msgstr ""
@@ -1305,8 +1305,8 @@ msgid "Make off-card backup of encryption key? (Y/n) "
msgstr ""
"Sicherung des Verschl?sselungsschl?ssel au?erhalb der Karte erstellen? (J/n) "
-msgid "NOTE: keys are already stored on the card!\n"
-msgstr "ACHTUNG: Auf der Karte sind bereits Schl?ssel gespeichert!\n"
+msgid "Note: keys are already stored on the card!\n"
+msgstr "Hinweis: Auf der Karte sind bereits Schl?ssel gespeichert!\n"
msgid "Replace existing keys? (y/N) "
msgstr "Vorhandene Schl?ssel ersetzen? (j/N) "
@@ -1524,7 +1524,8 @@ msgstr "Mit unbekanntem Verfahren verschl?sselt %d\n"
msgid ""
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
-msgstr "WARNUNG: Botschaft wurde mit einem unsicheren Schl?ssel verschl?sselt.\n"
+msgstr ""
+"WARNUNG: Botschaft wurde mit einem unsicheren Schl?ssel verschl?sselt.\n"
msgid "problem handling encrypted packet\n"
msgstr "Problem beim Bearbeiten des verschl?sselten Pakets\n"
@@ -1943,7 +1944,7 @@ msgid "show expiration dates during signature listings"
msgstr "Das Ablaufdatum mit den Signaturen anlisten"
#, c-format
-msgid "NOTE: old default options file '%s' ignored\n"
+msgid "Note: old default options file '%s' ignored\n"
msgstr "Hinweis: Alte voreingestellte Optionendatei '%s' wurde ignoriert\n"
#, c-format
@@ -1953,7 +1954,7 @@ msgstr ""
"%s)\n"
#, c-format
-msgid "NOTE: %s is not for normal use!\n"
+msgid "Note: %s is not for normal use!\n"
msgstr "Hinweis: %s ist nicht f?r den ?blichen Gebrauch gedacht!\n"
#, c-format
@@ -2061,7 +2062,7 @@ msgstr "WARNUNG: %s ersetzt %s\n"
#, c-format
msgid "%s not allowed with %s!\n"
-msgstr "%s kann nicht zusammen mit %s verwendet werden!\n"
+msgstr "%s zusammen mit %s ist nicht erlaubt!\n"
#, c-format
msgid "%s makes no sense with %s!\n"
@@ -2101,7 +2102,7 @@ msgstr "ung?ltiger \"default-cert-level\"; Wert mu? 0, 1, 2 oder 3 sein\n"
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "ung?ltiger \"min-cert-level\"; Wert mu? 0, 1, 2 oder 3 sein\n"
-msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgid "Note: simple S2K mode (0) is strongly discouraged\n"
msgstr "Hinweis: Vom \"simple S2K\"-Modus (0) ist strikt abzuraten\n"
msgid "invalid S2K mode; must be 0, 1 or 3\n"
@@ -3928,7 +3929,7 @@ msgstr ""
"Der Schl?ssel wurde %lu Sekunden in der Zukunft erzeugt (Zeitreise oder "
"Uhren stimmen nicht ?berein)\n"
-msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr "Hinweis: Unterschl?ssel f?r v3-Schl?ssel sind nicht OpenPGP-konform\n"
msgid "Secret parts of primary key are not available.\n"
@@ -3949,7 +3950,7 @@ msgid "can't create backup file '%s': %s\n"
msgstr "Sicherungsdatei '%s' kann nicht erzeugt werden: %s\n"
#, c-format
-msgid "NOTE: backup of card key saved to '%s'\n"
+msgid "Note: backup of card key saved to '%s'\n"
msgstr "Hinweis: Sicherung des Kartenschl?ssels wurde auf `%s' gespeichert\n"
msgid "never "
@@ -4181,7 +4182,7 @@ msgstr "Passphrase aus dem Cache gel?scht. Cache ID: %s\n"
msgid "decryption failed: %s\n"
msgstr "Entschl?sselung fehlgeschlagen: %s\n"
-msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgid "Note: sender requested \"for-your-eyes-only\"\n"
msgstr ""
"Hinweis: Der Absender verlangte Vertraulichkeit(\"for-your-eyes-only\")\n"
@@ -4834,10 +4835,10 @@ msgstr ""
"Empf?ngereinstellungen gefunden\n"
#, c-format
-msgid "NOTE: secret key %s expired at %s\n"
+msgid "Note: secret key %s expired at %s\n"
msgstr "Hinweis: geheimer Schl?ssel %s verf?llt am %s\n"
-msgid "NOTE: key has been revoked"
+msgid "Note: key has been revoked"
msgstr "Hinweis: Schl?ssel wurde widerrufen"
#, c-format
@@ -5004,11 +5005,11 @@ msgstr ""
"Uhrenproblem)\n"
#, c-format
-msgid "NOTE: signature key %s expired %s\n"
+msgid "Note: signature key %s expired %s\n"
msgstr "Hinweis: Signaturschl?ssel %s ist am %s verfallen\n"
#, c-format
-msgid "NOTE: signature key %s has been revoked\n"
+msgid "Note: signature key %s has been revoked\n"
msgstr "Hinweis: Signaturschl?ssel %s wurde widerrufen\n"
#, c-format
@@ -5168,7 +5169,7 @@ msgstr "%s: ung?ltige trust-db erzeugt\n"
msgid "%s: trustdb created\n"
msgstr "%s: trust-db erzeugt\n"
-msgid "NOTE: trustdb not writable\n"
+msgid "Note: trustdb not writable\n"
msgstr "Hinweis: Die \"trustdb\" ist nicht schreibbar\n"
#, c-format
@@ -5684,7 +5685,7 @@ msgstr "entscheidende Richtlinie ohne konfigurierte Richtlinien"
msgid "failed to open '%s': %s\n"
msgstr "Datei `%s' kann nicht ge?ffnet werden: %s\n"
-msgid "note: non-critical certificate policy not allowed"
+msgid "Note: non-critical certificate policy not allowed"
msgstr "Hinweis: Die unkritische Zertifikatsrichtlinie ist nicht erlaubt"
msgid "certificate policy not allowed"
@@ -6217,7 +6218,7 @@ msgstr ""
"Signieren, pr?fen, ver- und entschl?sseln mittels S/MIME Protokoll\n"
#, c-format
-msgid "NOTE: won't be able to encrypt to '%s': %s\n"
+msgid "Note: won't be able to encrypt to '%s': %s\n"
msgstr "Hinweis: Verschl?sselung f?r `%s' wird nicht m?glich sein: %s\n"
#, c-format
@@ -8355,15 +8356,15 @@ msgstr ""
#~ msgid "key %s: secret key not found: %s\n"
#~ msgstr "Schl?ssel %s: geheimer Schl?ssel nicht gefunden: %s\n"
-#~ msgid "NOTE: a key's S/N does not match the card's one\n"
+#~ msgid "Note: a key's S/N does not match the card's one\n"
#~ msgstr ""
#~ "Hinweis: Eine Schl?sselseriennr stimmt nicht mit derjenigen der Karte "
#~ "?berein\n"
-#~ msgid "NOTE: primary key is online and stored on card\n"
+#~ msgid "Note: primary key is online and stored on card\n"
#~ msgstr "Hinweis: Hauptschl?ssel ist online und auf der Karte gespeichert\n"
-#~ msgid "NOTE: secondary key is online and stored on card\n"
+#~ msgid "Note: secondary key is online and stored on card\n"
#~ msgstr "Hinweis: Zweitschl?ssel ist online und auf der Karte gespeichert\n"
#~ msgid "Key is protected.\n"
@@ -8411,7 +8412,7 @@ msgstr ""
#~ msgid "unknown protection algorithm\n"
#~ msgstr "Unbekanntes Schutzverfahren\n"
-#~ msgid "NOTE: This key is not protected!\n"
+#~ msgid "Note: This key is not protected!\n"
#~ msgstr "Dieser Schl?ssel ist nicht gesch?tzt.\n"
#~ msgid "Invalid passphrase; please try again"
diff --git a/po/fr.po b/po/fr.po
index 2ba5e46..aad9a1f 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -398,7 +398,7 @@ msgid "%s is too old (need %s, have %s)\n"
msgstr "%s est trop ancien (n?cessaire?: %s, utilis??: %s)\n"
#, c-format
-msgid "NOTE: no default option file '%s'\n"
+msgid "Note: no default option file '%s'\n"
msgstr "Remarque?: pas de fichier d'options par d?faut ??%s??\n"
#, c-format
@@ -410,7 +410,7 @@ msgid "reading options from '%s'\n"
msgstr "lecture des options de ??%s??\n"
#, c-format
-msgid "NOTE: '%s' is not considered an option\n"
+msgid "Note: '%s' is not considered an option\n"
msgstr "Remarque?: ??%s?? n'est pas consid?r? comme une option\n"
msgid "name of socket too long\n"
@@ -1282,7 +1282,7 @@ msgid "Replace existing key? (y/N) "
msgstr "Faut-il remplacer la clef existante?? (o/N) "
msgid ""
-"NOTE: There is no guarantee that the card supports the requested size.\n"
+"Note: There is no guarantee that the card supports the requested size.\n"
" If the key generation does not succeed, please check the\n"
" documentation of your card to see what sizes are allowed.\n"
msgstr ""
@@ -1324,7 +1324,7 @@ msgid "Make off-card backup of encryption key? (Y/n) "
msgstr ""
"Faut-il faire une sauvegarde hors carte de la clef de chiffrement?? (O/n) "
-msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: keys are already stored on the card!\n"
msgstr "Remarque?: les clefs sont d?j? stock?es sur la carte.\n"
msgid "Replace existing keys? (y/N) "
@@ -1996,7 +1996,7 @@ msgid "show expiration dates during signature listings"
msgstr "montrer les dates d'expiration en affichant les signatures"
#, c-format
-msgid "NOTE: old default options file '%s' ignored\n"
+msgid "Note: old default options file '%s' ignored\n"
msgstr "Remarque?: l'ancien fichier d'options par d?faut ??%s?? a ?t? ignor?\n"
#, c-format
@@ -2004,7 +2004,7 @@ msgid "libgcrypt is too old (need %s, have %s)\n"
msgstr "libgcrypt est trop ancienne (n?cessaire?: %s, utilis??: %s)\n"
#, c-format
-msgid "NOTE: %s is not for normal use!\n"
+msgid "Note: %s is not for normal use!\n"
msgstr "Remarque?: %s n'est pas pour une utilisation normale.\n"
#, c-format
@@ -2154,7 +2154,7 @@ msgstr "??default-cert-level?? incorrect?; doit ?tre 0, 1, 2 ou 3\n"
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "??min-cert-level?? incorrect?; doit ?tre , 1, 2 ou 3\n"
-msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgid "Note: simple S2K mode (0) is strongly discouraged\n"
msgstr "Remarque?: le mode S2K simple (0) est fortement d?conseill?\n"
msgid "invalid S2K mode; must be 0, 1 or 3\n"
@@ -3999,7 +3999,7 @@ msgstr ""
"la clef a ?t? cr??e %lu?secondes dans le futur (faille temporelle ou\n"
"probl?me d'horloge)\n"
-msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr ""
"Remarque?: la cr?ation de sous-clefs pour des clefs?v3 n'est pas compatible\n"
" avec OpenPGP\n"
@@ -4023,7 +4023,7 @@ msgid "can't create backup file '%s': %s\n"
msgstr "impossible de cr?er le fichier de sauvegarde ??%s???: %s\n"
#, c-format
-msgid "NOTE: backup of card key saved to '%s'\n"
+msgid "Note: backup of card key saved to '%s'\n"
msgstr "Remarque?: sauvegarde de la clef de la carte dans ??%s??\n"
msgid "never "
@@ -4044,6 +4044,10 @@ msgstr "Notation de signature critique?: "
msgid "Signature notation: "
msgstr "Notation de signature?: "
+#, c-format
+msgid "Warning: %lu key(s) skipped due to their large size\n"
+msgstr ""
+
msgid "Keyring"
msgstr "Porte-clefs"
@@ -4255,7 +4259,7 @@ msgstr "phrase de passe effac?e mise en cache avec l'identifiant?: %s\n"
msgid "decryption failed: %s\n"
msgstr "?chec du d?chiffrement?: %s\n"
-msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgid "Note: sender requested \"for-your-eyes-only\"\n"
msgstr "Remarque?: l'exp?diteur a demand? ??? votre seule attention??\n"
#, c-format
@@ -4934,10 +4938,10 @@ msgstr ""
" dans les pr?f?rences du destinataire\n"
#, c-format
-msgid "NOTE: secret key %s expired at %s\n"
+msgid "Note: secret key %s expired at %s\n"
msgstr "Remarque?: la clef secr?te %s a expir? le %s\n"
-msgid "NOTE: key has been revoked"
+msgid "Note: key has been revoked"
msgstr "Remarque?: la clef a ?t? r?voqu?e"
#, c-format
@@ -5101,11 +5105,11 @@ msgstr ""
"(faille temporelle ou probl?me d'horloge)\n"
#, c-format
-msgid "NOTE: signature key %s expired %s\n"
+msgid "Note: signature key %s expired %s\n"
msgstr "Remarque?: la clef de signature %s a expir? le %s\n"
#, c-format
-msgid "NOTE: signature key %s has been revoked\n"
+msgid "Note: signature key %s has been revoked\n"
msgstr "Remarque?: la clef de signature %s a ?t? r?voqu?e\n"
#, c-format
@@ -5266,7 +5270,7 @@ msgstr "%s?: base de confiance incorrecte cr??e\n"
msgid "%s: trustdb created\n"
msgstr "%s?: base de confiance cr??e\n"
-msgid "NOTE: trustdb not writable\n"
+msgid "Note: trustdb not writable\n"
msgstr "Remarque?: la base de confiance n'est pas accessible en ?criture\n"
#, c-format
@@ -5816,7 +5820,9 @@ msgstr "politique de signature marqu?e critique sans politiques configur?es"
msgid "failed to open '%s': %s\n"
msgstr "?chec d'ouverture de ??%s???: %s\n"
-msgid "note: non-critical certificate policy not allowed"
+#, fuzzy
+#| msgid "note: non-critical certificate policy not allowed"
+msgid "Note: non-critical certificate policy not allowed"
msgstr "remarque?: politique de certificat non critique non autoris?e"
msgid "certificate policy not allowed"
@@ -6357,7 +6363,7 @@ msgstr ""
"L'op?ration par d?faut d?pend des donn?es entr?es\n"
#, c-format
-msgid "NOTE: won't be able to encrypt to '%s': %s\n"
+msgid "Note: won't be able to encrypt to '%s': %s\n"
msgstr "Remarque?: ne sera pas capable de chiffrer ? ??%s???: %s\n"
#, c-format
@@ -8204,6 +8210,27 @@ msgstr ""
"V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? "
"ficmotif\n"
+#, fuzzy
+#~| msgid "Note: no default option file '%s'\n"
+#~ msgid "NOTE: no default option file '%s'\n"
+#~ msgstr "Remarque?: pas de fichier d'options par d?faut ??%s??\n"
+
+#, fuzzy
+#~| msgid "Note: %s is not for normal use!\n"
+#~ msgid "NOTE: %s is not for normal use!\n"
+#~ msgstr "Remarque?: %s n'est pas pour une utilisation normale.\n"
+
+#, fuzzy
+#~| msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgstr ""
+#~ "Remarque?: la cr?ation de sous-clefs pour des clefs?v3 n'est pas "
+#~ "compatible\n"
+#~ " avec OpenPGP\n"
+
+#~ msgid "note: non-critical certificate policy not allowed"
+#~ msgstr "remarque?: politique de certificat non critique non autoris?e"
+
#~ msgid "use a standard location for the socket"
#~ msgstr "utiliser un emplacement de socket standard"
@@ -8444,16 +8471,16 @@ msgstr ""
#~ msgid "key %s: secret key not found: %s\n"
#~ msgstr "clef %s?: clef secr?te introuvable?: %s\n"
-#~ msgid "NOTE: a key's S/N does not match the card's one\n"
+#~ msgid "Note: a key's S/N does not match the card's one\n"
#~ msgstr ""
#~ "Remarque?: le num?ro de s?rie d'une clef ne correspond pas ? celui de la "
#~ "carte\n"
-#~ msgid "NOTE: primary key is online and stored on card\n"
+#~ msgid "Note: primary key is online and stored on card\n"
#~ msgstr ""
#~ "Remarque?: la clef principale est en ligne et stock?e sur la carte\n"
-#~ msgid "NOTE: secondary key is online and stored on card\n"
+#~ msgid "Note: secondary key is online and stored on card\n"
#~ msgstr ""
#~ "Remarque?: la clef secondaire est en ligne et stock?e sur la carte\n"
@@ -8580,7 +8607,7 @@ msgstr ""
#~ msgid "unknown protection algorithm\n"
#~ msgstr "algorithme de protection inconnu\n"
-#~ msgid "NOTE: This key is not protected!\n"
+#~ msgid "Note: This key is not protected!\n"
#~ msgstr "Remarque?: cette clef n'est pas prot?g?e.\n"
#~ msgid "protection digest %d is not supported\n"
@@ -9030,7 +9057,7 @@ msgstr ""
#~ msgid " algorithms on these user IDs:\n"
#~ msgstr " algorithmes indisponibles pour ces identit?s?:\n"
-#~ msgid "NOTE: This feature is not available in %s\n"
+#~ msgid "Note: This feature is not available in %s\n"
#~ msgstr "Remarque?: cette fonctionnalit? n'est pas disponible dans %s\n"
#~ msgid "Repeat passphrase\n"
diff --git a/po/ja.po b/po/ja.po
index 365365a..975c2ec 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -381,7 +381,7 @@ msgid "%s is too old (need %s, have %s)\n"
msgstr "%s ?????? (%s ?????? %s)\n"
#, c-format
-msgid "NOTE: no default option file '%s'\n"
+msgid "Note: no default option file '%s'\n"
msgstr "*??*: ???????????????? '%s' ??????\n"
#, c-format
@@ -393,7 +393,7 @@ msgid "reading options from '%s'\n"
msgstr "'%s' ??????????????\n"
#, c-format
-msgid "NOTE: '%s' is not considered an option\n"
+msgid "Note: '%s' is not considered an option\n"
msgstr "*??*: '%s'???????????????\n"
msgid "name of socket too long\n"
@@ -1249,7 +1249,7 @@ msgid "Replace existing key? (y/N) "
msgstr "???????????? (y/N) "
msgid ""
-"NOTE: There is no guarantee that the card supports the requested size.\n"
+"Note: There is no guarantee that the card supports the requested size.\n"
" If the key generation does not succeed, please check the\n"
" documentation of your card to see what sizes are allowed.\n"
msgstr ""
@@ -1288,7 +1288,7 @@ msgstr "?%d????%u bit ??????????: %s\n"
msgid "Make off-card backup of encryption key? (Y/n) "
msgstr "?????????????????????? (Y/n) "
-msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: keys are already stored on the card!\n"
msgstr "*??*: ??????????????????!\n"
msgid "Replace existing keys? (y/N) "
@@ -1908,7 +1908,7 @@ msgid "show expiration dates during signature listings"
msgstr "??????????????????"
#, c-format
-msgid "NOTE: old default options file '%s' ignored\n"
+msgid "Note: old default options file '%s' ignored\n"
msgstr "*??*: ????????????????????'%s'????????\n"
#, c-format
@@ -1916,7 +1916,7 @@ msgid "libgcrypt is too old (need %s, have %s)\n"
msgstr "libgcrypt ?????? (?? %s, ?? %s)\n"
#, c-format
-msgid "NOTE: %s is not for normal use!\n"
+msgid "Note: %s is not for normal use!\n"
msgstr "*??*: ??%s??????!\n"
#, c-format
@@ -2062,7 +2062,7 @@ msgstr "???default-cert-level?0?1?2?3?????????
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "???min-cert-level?0?1?2?3??????????\n"
-msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgid "Note: simple S2K mode (0) is strongly discouraged\n"
msgstr "*??*: ???S2K???(0)????????????\n"
msgid "invalid S2K mode; must be 0, 1 or 3\n"
@@ -3838,7 +3838,7 @@ msgid ""
"key has been created %lu seconds in future (time warp or clock problem)\n"
msgstr "??%lu????????? (??????????????)\n"
-msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr "*??*: v3????????????OpenPGP???????\n"
msgid "Secret parts of primary key are not available.\n"
@@ -3859,7 +3859,7 @@ msgid "can't create backup file '%s': %s\n"
msgstr "???????????'%s'????????: %s\n"
#, c-format
-msgid "NOTE: backup of card key saved to '%s'\n"
+msgid "Note: backup of card key saved to '%s'\n"
msgstr "*??*: ????????????'%s'???????\n"
msgid "never "
@@ -3880,6 +3880,10 @@ msgstr "???????????: "
msgid "Signature notation: "
msgstr "????: "
+#, c-format
+msgid "Warning: %lu key(s) skipped due to their large size\n"
+msgstr ""
+
msgid "Keyring"
msgstr "????"
@@ -4080,7 +4084,7 @@ msgstr "?????????????????? ID: %s\n"
msgid "decryption failed: %s\n"
msgstr "?????????: %s\n"
-msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgid "Note: sender requested \"for-your-eyes-only\"\n"
msgstr "*??*: ????\"?????\"?????????\n"
#, c-format
@@ -4693,10 +4697,10 @@ msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
msgstr "*??*: ????????%s?????????????????\n"
#, c-format
-msgid "NOTE: secret key %s expired at %s\n"
+msgid "Note: secret key %s expired at %s\n"
msgstr "*??*: ???%s?%s??????????\n"
-msgid "NOTE: key has been revoked"
+msgid "Note: key has been revoked"
msgstr "*??*: ????????"
#, c-format
@@ -4852,11 +4856,11 @@ msgid ""
msgstr "?%s?%lu????????? (??????????????)\n"
#, c-format
-msgid "NOTE: signature key %s expired %s\n"
+msgid "Note: signature key %s expired %s\n"
msgstr "*??*: ???%s?%s??????????\n"
#, c-format
-msgid "NOTE: signature key %s has been revoked\n"
+msgid "Note: signature key %s has been revoked\n"
msgstr "*??*: ? %s ???????\n"
#, c-format
@@ -5002,7 +5006,7 @@ msgstr "%s: ??????????????\n"
msgid "%s: trustdb created\n"
msgstr "%s: ??????????????\n"
-msgid "NOTE: trustdb not writable\n"
+msgid "Note: trustdb not writable\n"
msgstr "*??*: ??????????????????\n"
#, c-format
@@ -5497,7 +5501,9 @@ msgstr "????????????????????????
msgid "failed to open '%s': %s\n"
msgstr "'%s'??????: %s\n"
-msgid "note: non-critical certificate policy not allowed"
+#, fuzzy
+#| msgid "note: non-critical certificate policy not allowed"
+msgid "Note: non-critical certificate policy not allowed"
msgstr "??: ???????????????????????"
msgid "certificate policy not allowed"
@@ -6017,7 +6023,7 @@ msgstr ""
"?????????????????????\n"
#, c-format
-msgid "NOTE: won't be able to encrypt to '%s': %s\n"
+msgid "Note: won't be able to encrypt to '%s': %s\n"
msgstr "*??*:'%s'????????????: %s\n"
#, c-format
@@ -7763,6 +7769,24 @@ msgstr ""
"??: gpg-check-pattern [?????] ????????\n"
"????????????????????????????\n"
+#, fuzzy
+#~| msgid "Note: no default option file '%s'\n"
+#~ msgid "NOTE: no default option file '%s'\n"
+#~ msgstr "*??*: ???????????????? '%s' ??????\n"
+
+#, fuzzy
+#~| msgid "Note: %s is not for normal use!\n"
+#~ msgid "NOTE: %s is not for normal use!\n"
+#~ msgstr "*??*: ??%s??????!\n"
+
+#, fuzzy
+#~| msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgstr "*??*: v3????????????OpenPGP???????\n"
+
+#~ msgid "note: non-critical certificate policy not allowed"
+#~ msgstr "??: ???????????????????????"
+
#~ msgid "use a standard location for the socket"
#~ msgstr "?????????????"
diff --git a/po/uk.po b/po/uk.po
index 785fae5..f5f3d91 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -391,7 +391,7 @@ msgid "%s is too old (need %s, have %s)\n"
msgstr "%s ? ??????? ?????????? (???????? %s, ????? %s)\n"
#, c-format
-msgid "NOTE: no default option file '%s'\n"
+msgid "Note: no default option file '%s'\n"
msgstr "??????????: ?? ???????? ????? ??????? ?????????? ?%s?\n"
#, c-format
@@ -403,7 +403,7 @@ msgid "reading options from '%s'\n"
msgstr "????????? ????????? ? ?%s?\n"
#, c-format
-msgid "NOTE: '%s' is not considered an option\n"
+msgid "Note: '%s' is not considered an option\n"
msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n"
msgid "name of socket too long\n"
@@ -1275,7 +1275,7 @@ msgid "Replace existing key? (y/N) "
msgstr "???????? ??? ????????? ????? (y/N ??? ?/?) "
msgid ""
-"NOTE: There is no guarantee that the card supports the requested size.\n"
+"Note: There is no guarantee that the card supports the requested size.\n"
" If the key generation does not succeed, please check the\n"
" documentation of your card to see what sizes are allowed.\n"
msgstr ""
@@ -1316,7 +1316,7 @@ msgstr "??????? ??? ??? ?????? ????? ??????? ??
msgid "Make off-card backup of encryption key? (Y/n) "
msgstr "???????? ???????? ????? ????? ?????????? ???? ???????? (Y/n ??? ?/?) "
-msgid "NOTE: keys are already stored on the card!\n"
+msgid "Note: keys are already stored on the card!\n"
msgstr "??????????: ????? ??? ????????? ?? ??????!\n"
msgid "Replace existing keys? (y/N) "
@@ -1966,7 +1966,7 @@ msgid "show expiration dates during signature listings"
msgstr "?????????? ???? ?????????? ??????? ??? ? ?????? ????????"
#, c-format
-msgid "NOTE: old default options file '%s' ignored\n"
+msgid "Note: old default options file '%s' ignored\n"
msgstr "??????????: ?????????? ???? ??????? ?????????? ?%s? ?????????????\n"
#, c-format
@@ -1974,7 +1974,7 @@ msgid "libgcrypt is too old (need %s, have %s)\n"
msgstr "libgcrypt ??????? ????? (???????? ? %s, ????? %s)\n"
#, c-format
-msgid "NOTE: %s is not for normal use!\n"
+msgid "Note: %s is not for normal use!\n"
msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n"
#, c-format
@@ -2126,7 +2126,7 @@ msgstr "?????????? ???????? default-cert-level; ??? ???
msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "?????????? ???????? min-cert-level; ??? ???? 1, 2 ??? 3\n"
-msgid "NOTE: simple S2K mode (0) is strongly discouraged\n"
+msgid "Note: simple S2K mode (0) is strongly discouraged\n"
msgstr ""
"??????????: ??????????? ?? ???????????? ??? ????????????? ??????? ??????? "
"S2K (0)\n"
@@ -3960,7 +3960,7 @@ msgstr ""
"???? ???? ???????? ? ????????? ?? %lu ??????? ? ??????????? (?????? ????? "
"??? ???????? ? ??????????)\n"
-msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr "??????????: ????????? ????????? ??? ?????? v3 ????????? ? OpenPGP\n"
msgid "Secret parts of primary key are not available.\n"
@@ -3981,7 +3981,7 @@ msgid "can't create backup file '%s': %s\n"
msgstr "?? ??????? ???????? ???? ????????? ????? ?%s?: %s\n"
#, c-format
-msgid "NOTE: backup of card key saved to '%s'\n"
+msgid "Note: backup of card key saved to '%s'\n"
msgstr "??????????: ???????? ????? ????? ?? ?????? ????????? ?? ?%s?\n"
msgid "never "
@@ -4002,6 +4002,10 @@ msgstr "???????? ???????? ???????: "
msgid "Signature notation: "
msgstr "???????? ???????: "
+#, c-format
+msgid "Warning: %lu key(s) skipped due to their large size\n"
+msgstr ""
+
msgid "Keyring"
msgstr "??????? ??????"
@@ -4210,7 +4214,7 @@ msgstr "????????? ?????? ???????? ? ??????????
msgid "decryption failed: %s\n"
msgstr "??????? ?????? ?????????????: %s\n"
-msgid "NOTE: sender requested \"for-your-eyes-only\"\n"
+msgid "Note: sender requested \"for-your-eyes-only\"\n"
msgstr "??????????: ?????? ???????????: ????? ??? ????\n"
#, c-format
@@ -4840,10 +4844,10 @@ msgid "WARNING: cipher algorithm %s not found in recipient preferences\n"
msgstr "?????: ?? ???????? ????????? ?????????? %s ? ????????? ??????????\n"
#, c-format
-msgid "NOTE: secret key %s expired at %s\n"
+msgid "Note: secret key %s expired at %s\n"
msgstr "??????????: ????? ??? ????????? ????? %s ?????????? %s\n"
-msgid "NOTE: key has been revoked"
+msgid "Note: key has been revoked"
msgstr "??????????: ???? ???? ??????????"
#, c-format
@@ -5003,11 +5007,11 @@ msgstr ""
"??? ???????? ? ??????????)\n"
#, c-format
-msgid "NOTE: signature key %s expired %s\n"
+msgid "Note: signature key %s expired %s\n"
msgstr "??????????: ????? ??? ????? ??????? %s ?????????? %s\n"
#, c-format
-msgid "NOTE: signature key %s has been revoked\n"
+msgid "Note: signature key %s has been revoked\n"
msgstr "??????????: ???? ??????? %s ???? ??????????\n"
#, c-format
@@ -5162,7 +5166,7 @@ msgstr "%s: ???????? ?????????? trustdb\n"
msgid "%s: trustdb created\n"
msgstr "%s: ???????? trustdb\n"
-msgid "NOTE: trustdb not writable\n"
+msgid "Note: trustdb not writable\n"
msgstr "??????????: ????? ?? trustdb ??????????\n"
#, c-format
@@ -5679,7 +5683,9 @@ msgstr "???????, ????????? ?? ????????, ??? ???
msgid "failed to open '%s': %s\n"
msgstr "?? ??????? ???????? ?%s?: %s\n"
-msgid "note: non-critical certificate policy not allowed"
+#, fuzzy
+#| msgid "note: non-critical certificate policy not allowed"
+msgid "Note: non-critical certificate policy not allowed"
msgstr "??????????: ?????????? ?????????? ??????? ????????????"
msgid "certificate policy not allowed"
@@ -6208,7 +6214,7 @@ msgstr ""
"?????? ??? ?????????? ??? ??????? ?????\n"
#, c-format
-msgid "NOTE: won't be able to encrypt to '%s': %s\n"
+msgid "Note: won't be able to encrypt to '%s': %s\n"
msgstr "??????????: ?? ???????? ??????????? ?? ?%s?: %s\n"
#, c-format
@@ -7978,6 +7984,24 @@ msgstr ""
"?????????: gpg-check-pattern [?????????] ????_????????\n"
"?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n"
+#, fuzzy
+#~| msgid "Note: no default option file '%s'\n"
+#~ msgid "NOTE: no default option file '%s'\n"
+#~ msgstr "??????????: ?? ???????? ????? ??????? ?????????? ?%s?\n"
+
+#, fuzzy
+#~| msgid "Note: %s is not for normal use!\n"
+#~ msgid "NOTE: %s is not for normal use!\n"
+#~ msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n"
+
+#, fuzzy
+#~| msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
+#~ msgstr "??????????: ????????? ????????? ??? ?????? v3 ????????? ? OpenPGP\n"
+
+#~ msgid "note: non-critical certificate policy not allowed"
+#~ msgstr "??????????: ?????????? ?????????? ??????? ????????????"
+
#~ msgid "use a standard location for the socket"
#~ msgstr "??????????????? ??? ?????? ?????????? ????????????"
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index be99b00..9c55297 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -500,7 +500,7 @@ main (int argc, char **argv )
if (default_config)
{
if( parse_debug )
- log_info (_("NOTE: no default option file '%s'\n"),
+ log_info (_("Note: no default option file '%s'\n"),
configname );
}
else
@@ -627,7 +627,7 @@ main (int argc, char **argv )
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
if (atexit (cleanup))
diff --git a/sm/certchain.c b/sm/certchain.c
index 5f5fd80..5e632f7 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -350,7 +350,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
{
if (!opt.quiet)
do_list (0, listmode, fplist,
- _("note: non-critical certificate policy not allowed"));
+ _("Note: non-critical certificate policy not allowed"));
return 0;
}
do_list (1, listmode, fplist,
@@ -379,7 +379,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
if (!any_critical)
{
do_list (0, listmode, fplist,
- _("note: non-critical certificate policy not allowed"));
+ _("Note: non-critical certificate policy not allowed"));
return 0;
}
do_list (1, listmode, fplist,
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 2faf203..cc8039c 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -756,7 +756,7 @@ do_add_recipient (ctrl_t ctrl, const char *name,
get_inv_recpsgnr_code (rc), name, NULL);
}
else
- log_info (_("NOTE: won't be able to encrypt to '%s': %s\n"),
+ log_info (_("Note: won't be able to encrypt to '%s': %s\n"),
name, gpg_strerror (rc));
}
}
@@ -1028,7 +1028,7 @@ main ( int argc, char **argv)
if (default_config)
{
if (parse_debug)
- log_info (_("NOTE: no default option file '%s'\n"), configname);
+ log_info (_("Note: no default option file '%s'\n"), configname);
}
else
{
@@ -1496,7 +1496,7 @@ main ( int argc, char **argv)
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
/*FIXME if (opt.batch) */
diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c
index 07c3391..78dea2a 100644
--- a/tools/gpg-connect-agent.c
+++ b/tools/gpg-connect-agent.c
@@ -1219,7 +1219,7 @@ main (int argc, char **argv)
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
diff --git a/tools/gpgconf.c b/tools/gpgconf.c
index f63c05e..31804f5 100644
--- a/tools/gpgconf.c
+++ b/tools/gpgconf.c
@@ -205,7 +205,7 @@ main (int argc, char **argv)
for (i=0; i < argc; i++)
if (argv[i][0] == '-' && argv[i][1] == '-')
- log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]);
+ log_info (_("Note: '%s' is not considered an option\n"), argv[i]);
}
fname = argc ? *argv : NULL;
commit 36679f33aa0bf8bc6a03bcbd5b283cb541686434
Author: Werner Koch
Date: Fri Oct 10 15:02:02 2014 +0200
po: Fix some grammar buglets in the German translation.
--
Reported-by: Thomas Gries
1)
"GnuPG erstellt eine User-ID,[Komma fehlt] um Ihren Schl?ssel ?"
2)
"Die Karte wird nun konfiguriert,[<<< Komma fehlt] um einen ?"
in gpg-agent
3)
"verbite" ? "verbiete"
4)
in gpg-agent --help
ich f?nde eine einheitliche Gro?- bzw. Kleinschreibung der Befehle
besser, derzeit gibt es einen Mix aus Gro?- und Kleinschreibung
"Benutze... ", "benutze..." usw:
Item 3 was already fixed. Also fixed some capitalization
inconsistencies.
Signed-off-by: Werner Koch
diff --git a/po/de.po b/po/de.po
index d3bd5ff..7c4dab7 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-10-03 12:12+0200\n"
+"PO-Revision-Date: 2014-10-10 14:57+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -319,13 +319,13 @@ msgid "use a log file for the server"
msgstr "Logausgaben in eine Datei umlenken"
msgid "|PGM|use PGM as the PIN-Entry program"
-msgstr "|PGM|benutze PGM as PIN-Entry"
+msgstr "|PGM|Benutze PGM as PIN-Entry"
msgid "|PGM|use PGM as the SCdaemon program"
-msgstr "|PGM|benutze PGM als SCdaemon"
+msgstr "|PGM|Benutze PGM als SCdaemon"
msgid "do not use the SCdaemon"
-msgstr "Den Scdaemon-basierten Kartenzugriff nicht nutzen"
+msgstr "Den SCdaemon-basierten Kartenzugriff nicht nutzen"
msgid "ignore requests to change the TTY"
msgstr "Ignoriere Anfragen, das TTY zu wechseln"
@@ -334,16 +334,16 @@ msgid "ignore requests to change the X display"
msgstr "Ignoriere Anfragen, das X-Display zu wechseln"
msgid "|N|expire cached PINs after N seconds"
-msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
+msgstr "|N|Lasse PINs im Cache nach N Sekunden verfallen"
msgid "do not use the PIN cache when signing"
-msgstr "benutze PINs im Cache nicht beim Signieren"
+msgstr "Benutze PINs im Cache nicht beim Signieren"
msgid "disallow clients to mark keys as \"trusted\""
-msgstr "verbiete Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
+msgstr "Verbiete Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
msgid "allow presetting passphrase"
-msgstr "erlaube ein \"preset\" von Passphrases"
+msgstr "Erlaube ein \"preset\" von Passphrases"
msgid "enable ssh support"
msgstr "SSH Unterst?tzung einschalten"
@@ -1294,7 +1294,8 @@ msgstr "%s-Schl?ssell?ngen m?ssen im Bereich %u-%u sein\n"
#, c-format
msgid "The card will now be re-configured to generate a key of %u bits\n"
msgstr ""
-"Die Karte wird nun rekonfiguriert um einen Schl?ssel von %u Bit zu erzeugen\n"
+"Die Karte wird nun rekonfiguriert, um einen Schl?ssel von %u Bit zu "
+"erzeugen\n"
#, c-format
msgid "error changing size of key %d to %u bits: %s\n"
@@ -1523,8 +1524,7 @@ msgstr "Mit unbekanntem Verfahren verschl?sselt %d\n"
msgid ""
"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
-msgstr ""
-"Warnung: Botschaft wurde mit einem unsicheren Schl?ssel verschl?sselt.\n"
+msgstr "WARNUNG: Botschaft wurde mit einem unsicheren Schl?ssel verschl?sselt.\n"
msgid "problem handling encrypted packet\n"
msgstr "Problem beim Bearbeiten des verschl?sselten Pakets\n"
@@ -3719,7 +3719,7 @@ msgid ""
"\n"
msgstr ""
"\n"
-"GnuPG erstellt eine User-ID um Ihren Schl?ssel identifizierbar zu machen.\n"
+"GnuPG erstellt eine User-ID, um Ihren Schl?ssel identifizierbar zu machen.\n"
"\n"
#. TRANSLATORS: This string is in general not anymore used
@@ -3929,7 +3929,7 @@ msgstr ""
"Uhren stimmen nicht ?berein)\n"
msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
-msgstr "HINWEIS: Unterschl?ssel f?r v3-Schl?ssel sind nicht OpenPGP-konform\n"
+msgstr "Hinweis: Unterschl?ssel f?r v3-Schl?ssel sind nicht OpenPGP-konform\n"
msgid "Secret parts of primary key are not available.\n"
msgstr "Geheime Teile des Hauptschl?ssels sind nicht vorhanden.\n"
@@ -3970,6 +3970,10 @@ msgstr "Entscheidender Beglaubigungs-\"Notation\": "
msgid "Signature notation: "
msgstr "Beglaubigungs-\"Notation\": "
+#, c-format
+msgid "Warning: %lu key(s) skipped due to their large size\n"
+msgstr "WARNUNG: %lu Schl?ssel ?bersprungen, da sie zu gro? sind\n"
+
msgid "Keyring"
msgstr "Schl?sselbund"
@@ -4167,7 +4171,7 @@ msgstr ""
"WARNUNG: Botschaft wurde nicht integrit?tsgesch?tzt (integrity protected)\n"
msgid "WARNING: encrypted message has been manipulated!\n"
-msgstr "Warnung: Verschl?sselte Botschaft ist manipuliert worden!\n"
+msgstr "WARNUNG: Verschl?sselte Botschaft ist manipuliert worden!\n"
#, c-format
msgid "cleared passphrase cached with ID: %s\n"
@@ -4690,8 +4694,7 @@ msgstr "Hinweis: ?berpr?fte Adresse des Unterzeichners ist `%s'\n"
#, c-format
msgid "Note: Signer's address '%s' does not match DNS entry\n"
-msgstr ""
-"Hinweise: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
+msgstr "Hinweis: Adresse des Unterzeichners `%s' passt nicht zum DNS-Eintrag\n"
msgid "trustlevel adjusted to FULL due to valid PKA info\n"
msgstr "\"Trust\"-Ebene auf VOLLST?NDIG ge?ndert (wg. g?ltiger PKA-Info)\n"
@@ -5166,7 +5169,7 @@ msgid "%s: trustdb created\n"
msgstr "%s: trust-db erzeugt\n"
msgid "NOTE: trustdb not writable\n"
-msgstr "Notiz: Die \"trustdb\" ist nicht schreibbar\n"
+msgstr "Hinweis: Die \"trustdb\" ist nicht schreibbar\n"
#, c-format
msgid "%s: invalid trustdb\n"
@@ -5682,7 +5685,7 @@ msgid "failed to open '%s': %s\n"
msgstr "Datei `%s' kann nicht ge?ffnet werden: %s\n"
msgid "note: non-critical certificate policy not allowed"
-msgstr "Notiz: Die unkritische Zertifikatsrichtlinie ist nicht erlaubt"
+msgstr "Hinweis: Die unkritische Zertifikatsrichtlinie ist nicht erlaubt"
msgid "certificate policy not allowed"
msgstr "Die Zertifikatsrichtlinie ist nicht erlaubt"
@@ -8388,7 +8391,7 @@ msgstr ""
#~ msgstr "Fehler beim Schreiben des geheimen Schl?sselbundes `%s': %s\n"
#~ msgid "WARNING: 2 files with confidential information exists.\n"
-#~ msgstr "Warnung: Zwei Dateien mit vertraulichem Inhalt vorhanden.\n"
+#~ msgstr "WARNUNG: Zwei Dateien mit vertraulichem Inhalt vorhanden.\n"
#~ msgid "%s is the unchanged one\n"
#~ msgstr "%s ist der Unver?nderte\n"
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 4 +--
dirmngr/dirmngr.c | 4 +--
dirmngr/validate.c | 2 +-
g10/card-util.c | 4 +--
g10/gpg.c | 14 ++++----
g10/keygen.c | 6 ++--
g10/mainproc.c | 2 +-
g10/pubkey-enc.c | 4 +--
g10/revoke.c | 2 +-
g10/sig-check.c | 4 +--
g10/tdbio.c | 2 +-
po/de.po | 86 ++++++++++++++++++++++++---------------------
po/fr.po | 71 +++++++++++++++++++++++++------------
po/ja.po | 58 +++++++++++++++++++++---------
po/uk.po | 58 +++++++++++++++++++++---------
scd/scdaemon.c | 4 +--
sm/certchain.c | 4 +--
sm/gpgsm.c | 6 ++--
tools/gpg-connect-agent.c | 2 +-
tools/gpgconf.c | 2 +-
20 files changed, 209 insertions(+), 130 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sat Oct 11 19:44:52 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sat, 11 Oct 2014 19:44:52 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.26-14-geb756e2
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via eb756e2510bfcae3339e0907a7e4cacdea59b175 (commit)
via 9112fed78b33faae32d21ab581721758ae2e95f2 (commit)
from f952fe8c6ddf13ecca14ca72a27d1f8da6adc901 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit eb756e2510bfcae3339e0907a7e4cacdea59b175
Author: Werner Koch
Date: Sat Oct 11 19:44:13 2014 +0200
gpg: Show v3 key fingerprints as all zero.
* g10/keyid.c (fingerprint_from_pk): Show v3 fingerprints as all zero.
--
MD5 is considered broken for a long time now. To make it easier for
users to notice that a listing shows a v3 key, the fingerprint is now
displayed as 16 zero bytes unless --allow-weak-digest-algos is active.
Signed-off-by: Werner Koch
diff --git a/g10/keyid.c b/g10/keyid.c
index d7a877b..10eadef 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -672,7 +672,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
if ( pk->version < 4 )
{
- if ( is_RSA(pk->pubkey_algo) )
+ if ( is_RSA(pk->pubkey_algo) && opt.flags.allow_weak_digest_algos)
{
/* RSA in version 3 packets is special. */
gcry_md_hd_t md;
commit 9112fed78b33faae32d21ab581721758ae2e95f2
Author: Werner Koch
Date: Sat Oct 11 19:41:51 2014 +0200
gpg: Avoid using cached MD5 signature status.
* g10/sig-check.c (check_key_signature2): Avoid using a cached MD5
signature status.
* g10/keyring.c (keyring_get_keyblock): Ditto.
(write_keyblock): Ditto.
* g10/sig-check.c (do_check): Move reject warning to ...
* g10/misc.c (print_md5_rejected_note): new.
--
Signed-off-by: Werner Koch
diff --git a/g10/keyring.c b/g10/keyring.c
index 7482724..837df5e 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -31,7 +31,7 @@
#include "util.h"
#include "keyring.h"
#include "packet.h"
-#include "keydb.h"
+#include "keydb.h"
#include "options.h"
#include "main.h" /*for check_key_signature()*/
#include "i18n.h"
@@ -46,11 +46,11 @@ struct off_item {
/*off_t off;*/
};
-typedef struct off_item **OffsetHashTable;
+typedef struct off_item **OffsetHashTable;
typedef struct keyring_name *KR_NAME;
-struct keyring_name
+struct keyring_name
{
struct keyring_name *next;
int secret;
@@ -79,7 +79,7 @@ struct keyring_handle {
int error;
} current;
struct {
- CONST_KR_NAME kr;
+ CONST_KR_NAME kr;
off_t offset;
size_t pk_no;
size_t uid_no;
@@ -102,7 +102,7 @@ static struct off_item *
new_offset_item (void)
{
struct off_item *k;
-
+
k = xmalloc_clear (sizeof *k);
return k;
}
@@ -121,7 +121,7 @@ release_offset_items (struct off_item *k)
}
#endif
-static OffsetHashTable
+static OffsetHashTable
new_offset_hash_table (void)
{
struct off_item **tbl;
@@ -164,7 +164,7 @@ update_offset_hash_table (OffsetHashTable tbl, u32 *kid, off_t off)
for (k = tbl[(kid[1] & 0x07ff)]; k; k = k->next)
{
- if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
{
/*k->off = off;*/
return;
@@ -194,14 +194,14 @@ update_offset_hash_table_from_kb (OffsetHashTable tbl, KBNODE node, off_t off)
}
}
-/*
+/*
* Register a filename for plain keyring files. ptr is set to a
* pointer to be used to create a handles etc, or the already-issued
* pointer if it has already been registered. The function returns 1
* if a new keyring was registered.
*/
int
-keyring_register_filename (const char *fname, int secret, int readonly,
+keyring_register_filename (const char *fname, int secret, int readonly,
void **ptr)
{
KR_NAME kr;
@@ -217,7 +217,7 @@ keyring_register_filename (const char *fname, int secret, int readonly,
if (readonly)
kr->readonly = 1;
*ptr=kr;
- return 0;
+ return 0;
}
}
@@ -251,12 +251,12 @@ keyring_is_writable (void *token)
return r? (r->readonly || !access (r->fname, W_OK)) : 0;
}
-
+
/* Create a new handle for the resource associated with TOKEN. SECRET
is just just as a cross-check.
-
+
The returned handle must be released using keyring_release (). */
KEYRING_HANDLE
keyring_new (void *token, int secret)
@@ -265,7 +265,7 @@ keyring_new (void *token, int secret)
KR_NAME resource = token;
assert (resource && !resource->secret == !secret);
-
+
hd = xmalloc_clear (sizeof *hd);
hd->resource = resource;
hd->secret = !!secret;
@@ -273,7 +273,7 @@ keyring_new (void *token, int secret)
return hd;
}
-void
+void
keyring_release (KEYRING_HANDLE hd)
{
if (!hd)
@@ -300,7 +300,7 @@ keyring_get_resource_name (KEYRING_HANDLE hd)
* Lock the keyring with the given handle, or unlock if YES is false.
* We ignore the handle and lock all registered files.
*/
-int
+int
keyring_lock (KEYRING_HANDLE hd, int yes)
{
KR_NAME kr;
@@ -323,7 +323,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
}
if (rc)
return rc;
-
+
/* and now set the locks */
for (kr=kr_names; kr; kr = kr->next) {
if (!keyring_is_writable(kr))
@@ -334,7 +334,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
log_info ("can't lock `%s'\n", kr->fname );
rc = G10ERR_GENERAL;
}
- else
+ else
kr->is_locked = 1;
}
}
@@ -347,10 +347,10 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
;
else if (release_dotlock (kr->lockhd))
log_info ("can't unlock `%s'\n", kr->fname );
- else
+ else
kr->is_locked = 0;
}
- }
+ }
return rc;
}
@@ -360,7 +360,7 @@ keyring_lock (KEYRING_HANDLE hd, int yes)
/*
* Return the last found keyring. Caller must free it.
* The returned keyblock has the kbode flag bit 0 set for the node with
- * the public key used to locate the keyblock or flag bit 1 set for
+ * the public key used to locate the keyblock or flag bit 1 set for
* the user ID node.
*/
int
@@ -406,7 +406,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
init_packet (pkt);
continue;
}
- if (rc) {
+ if (rc) {
log_error ("keyring_get_keyblock: read error: %s\n",
g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
@@ -426,19 +426,26 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
}
in_cert = 1;
- if (pkt->pkttype == PKT_RING_TRUST)
+ if (pkt->pkttype == PKT_RING_TRUST)
{
/*(this code is duplicated after the loop)*/
- if ( lastnode
+ if ( lastnode
&& lastnode->pkt->pkttype == PKT_SIGNATURE
&& (pkt->pkt.ring_trust->sigcache & 1) ) {
- /* This is a ring trust packet with a checked signature
+ /* This is a ring trust packet with a checked signature
* status cache following directly a signature paket.
- * Set the cache status into that signature packet. */
+ * Set the cache status into that signature packet.
+ *
+ * We do not use cached signatures made with MD5 to
+ * avoid using a cached status created with an older
+ * version of gpg. */
PKT_signature *sig = lastnode->pkt->pkt.signature;
-
- sig->flags.checked = 1;
- sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+
+ if (sig->digest_algo != DIGEST_ALGO_MD5)
+ {
+ sig->flags.checked = 1;
+ sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+ }
}
/* Reset LASTNODE, so that we set the cache status only from
* the ring trust packet immediately following a signature. */
@@ -468,7 +475,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
if (++uid_no == hd->found.uid_no)
node->flag |= 2;
break;
-
+
default:
break;
}
@@ -478,7 +485,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
}
set_packet_list_mode(save_mode);
- if (rc == -1 && keyblock)
+ if (rc == -1 && keyblock)
rc = 0; /* got the entire keyblock */
if (rc || !ret_kb)
@@ -486,12 +493,15 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
else {
/*(duplicated form the loop body)*/
if ( pkt && pkt->pkttype == PKT_RING_TRUST
- && lastnode
+ && lastnode
&& lastnode->pkt->pkttype == PKT_SIGNATURE
&& (pkt->pkt.ring_trust->sigcache & 1) ) {
PKT_signature *sig = lastnode->pkt->pkt.signature;
- sig->flags.checked = 1;
- sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+ if (sig->digest_algo != DIGEST_ALGO_MD5)
+ {
+ sig->flags.checked = 1;
+ sig->flags.valid = !!(pkt->pkt.ring_trust->sigcache & 2);
+ }
}
*ret_kb = keyblock;
}
@@ -500,7 +510,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
iobuf_close(a);
/* Make sure that future search operations fail immediately when
- * we know that we are working on a invalid keyring
+ * we know that we are working on a invalid keyring
*/
if (rc == G10ERR_INV_KEYRING)
hd->current.error = rc;
@@ -571,11 +581,11 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
if (hd->current.kr->readonly)
return gpg_error (GPG_ERR_EACCES);
}
- else
+ else
fname = hd->resource? hd->resource->fname:NULL;
if (!fname)
- return G10ERR_GENERAL;
+ return G10ERR_GENERAL;
/* Close this one otherwise we will lose the position for
* a next search. Fixme: it would be better to adjust the position
@@ -590,7 +600,7 @@ keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb)
{
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
}
-
+
return rc;
}
@@ -639,10 +649,10 @@ keyring_delete_keyblock (KEYRING_HANDLE hd)
-/*
+/*
* Start the next search on this handle right at the beginning
*/
-int
+int
keyring_search_reset (KEYRING_HANDLE hd)
{
assert (hd);
@@ -652,17 +662,17 @@ keyring_search_reset (KEYRING_HANDLE hd)
hd->current.iobuf = NULL;
hd->current.eof = 0;
hd->current.error = 0;
-
+
hd->found.kr = NULL;
hd->found.offset = 0;
- return 0;
+ return 0;
}
static int
prepare_search (KEYRING_HANDLE hd)
{
- if (hd->current.error)
+ if (hd->current.error)
return hd->current.error; /* still in error state */
if (hd->current.kr && !hd->current.eof) {
@@ -671,7 +681,7 @@ prepare_search (KEYRING_HANDLE hd)
return 0; /* okay */
}
- if (!hd->current.kr && hd->current.eof)
+ if (!hd->current.kr && hd->current.eof)
return -1; /* still EOF */
if (!hd->current.kr) { /* start search with first keyring */
@@ -683,7 +693,7 @@ prepare_search (KEYRING_HANDLE hd)
assert (!hd->current.iobuf);
}
else { /* EOF */
- iobuf_close (hd->current.iobuf);
+ iobuf_close (hd->current.iobuf);
hd->current.iobuf = NULL;
hd->current.kr = NULL;
hd->current.eof = 1;
@@ -841,7 +851,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
int i;
const char *s, *se;
- if (mode == KEYDB_SEARCH_MODE_EXACT) {
+ if (mode == KEYDB_SEARCH_MODE_EXACT) {
for (i=0; name[i] && uidlen; i++, uidlen--)
if (uid[i] != name[i])
break;
@@ -852,7 +862,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
if (ascii_memistr( uid, uidlen, name ))
return 0;
}
- else if ( mode == KEYDB_SEARCH_MODE_MAIL
+ else if ( mode == KEYDB_SEARCH_MODE_MAIL
|| mode == KEYDB_SEARCH_MODE_MAILSUB
|| mode == KEYDB_SEARCH_MODE_MAILEND) {
for (i=0, s= uid; i < uidlen && *s != '<'; s++, i++)
@@ -864,7 +874,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
;
if (i < uidlen) {
i = se - s;
- if (mode == KEYDB_SEARCH_MODE_MAIL) {
+ if (mode == KEYDB_SEARCH_MODE_MAIL) {
if( strlen(name)-2 == i
&& !ascii_memcasecmp( s, name+1, i) )
return 0;
@@ -888,11 +898,11 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen)
}
-/*
+/*
* Search through the keyring(s), starting at the current position,
* for a keyblock which contains one of the keys described in the DESC array.
*/
-int
+int
keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex)
{
@@ -912,28 +922,28 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
/* figure out what information we need */
need_uid = need_words = need_keyid = need_fpr = any_skip = 0;
- for (n=0; n < ndesc; n++)
+ for (n=0; n < ndesc; n++)
{
- switch (desc[n].mode)
+ switch (desc[n].mode)
{
- case KEYDB_SEARCH_MODE_EXACT:
+ case KEYDB_SEARCH_MODE_EXACT:
case KEYDB_SEARCH_MODE_SUBSTR:
case KEYDB_SEARCH_MODE_MAIL:
case KEYDB_SEARCH_MODE_MAILSUB:
case KEYDB_SEARCH_MODE_MAILEND:
need_uid = 1;
break;
- case KEYDB_SEARCH_MODE_WORDS:
+ case KEYDB_SEARCH_MODE_WORDS:
need_uid = 1;
need_words = 1;
break;
- case KEYDB_SEARCH_MODE_SHORT_KID:
+ case KEYDB_SEARCH_MODE_SHORT_KID:
case KEYDB_SEARCH_MODE_LONG_KID:
need_keyid = 1;
break;
- case KEYDB_SEARCH_MODE_FPR16:
+ case KEYDB_SEARCH_MODE_FPR16:
case KEYDB_SEARCH_MODE_FPR20:
- case KEYDB_SEARCH_MODE_FPR:
+ case KEYDB_SEARCH_MODE_FPR:
need_fpr = 1;
break;
case KEYDB_SEARCH_MODE_FIRST:
@@ -942,7 +952,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
break;
default: break;
}
- if (desc[n].skipfnc)
+ if (desc[n].skipfnc)
{
any_skip = 1;
need_keyid = 1;
@@ -961,7 +971,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
{
struct off_item *oi;
-
+
oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid);
if (!oi)
{ /* We know that we don't have this key */
@@ -970,9 +980,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
return -1;
}
/* We could now create a positive search status and return.
- * However the problem is that another instance of gpg may
+ * However the problem is that another instance of gpg may
* have changed the keyring so that the offsets are not valid
- * anymore - therefore we don't do it
+ * anymore - therefore we don't do it
*/
}
@@ -983,13 +993,13 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
log_debug ("word search mode does not yet work\n");
/* FIXME: here is a long standing bug in our function and in addition we
just use the first search description */
- for (n=0; n < ndesc && !name; n++)
+ for (n=0; n < ndesc && !name; n++)
{
- if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
+ if (desc[n].mode == KEYDB_SEARCH_MODE_WORDS)
name = desc[n].u.name;
}
assert (name);
- if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
+ if ( !hd->word_match.name || strcmp (hd->word_match.name, name) )
{
/* name changed */
xfree (hd->word_match.name);
@@ -1007,23 +1017,23 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
main_offset = 0;
pk_no = uid_no = 0;
initial_skip = 1; /* skip until we see the start of a keyblock */
- while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
+ while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid)))
{
byte afp[MAX_FINGERPRINT_LEN];
size_t an;
- if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
+ if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY)
{
main_offset = offset;
pk_no = uid_no = 0;
initial_skip = 0;
}
- if (initial_skip)
+ if (initial_skip)
{
free_packet (&pkt);
continue;
}
-
+
pk = NULL;
sk = NULL;
uid = NULL;
@@ -1044,13 +1054,13 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (use_offtbl && !kr_offtbl_ready)
update_offset_hash_table (kr_offtbl, aki, main_offset);
}
- else if (pkt.pkttype == PKT_USER_ID)
+ else if (pkt.pkttype == PKT_USER_ID)
{
uid = pkt.pkt.user_id;
++uid_no;
}
else if ( pkt.pkttype == PKT_SECRET_KEY
- || pkt.pkttype == PKT_SECRET_SUBKEY)
+ || pkt.pkttype == PKT_SECRET_SUBKEY)
{
sk = pkt.pkt.secret_key;
++pk_no;
@@ -1062,28 +1072,28 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
}
if (need_keyid)
keyid_from_sk (sk, aki);
-
+
}
- for (n=0; n < ndesc; n++)
+ for (n=0; n < ndesc; n++)
{
switch (desc[n].mode) {
- case KEYDB_SEARCH_MODE_NONE:
+ case KEYDB_SEARCH_MODE_NONE:
BUG ();
break;
- case KEYDB_SEARCH_MODE_EXACT:
+ case KEYDB_SEARCH_MODE_EXACT:
case KEYDB_SEARCH_MODE_SUBSTR:
case KEYDB_SEARCH_MODE_MAIL:
case KEYDB_SEARCH_MODE_MAILSUB:
case KEYDB_SEARCH_MODE_MAILEND:
- case KEYDB_SEARCH_MODE_WORDS:
+ case KEYDB_SEARCH_MODE_WORDS:
if ( uid && !compare_name (desc[n].mode,
desc[n].u.name,
- uid->name, uid->len))
+ uid->name, uid->len))
goto found;
break;
-
- case KEYDB_SEARCH_MODE_SHORT_KID:
+
+ case KEYDB_SEARCH_MODE_SHORT_KID:
if ((pk||sk) && desc[n].u.kid[1] == aki[1])
goto found;
break;
@@ -1097,19 +1107,19 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
goto found;
break;
case KEYDB_SEARCH_MODE_FPR20:
- case KEYDB_SEARCH_MODE_FPR:
+ case KEYDB_SEARCH_MODE_FPR:
if ((pk||sk) && !memcmp (desc[n].u.fpr, afp, 20))
goto found;
break;
- case KEYDB_SEARCH_MODE_FIRST:
+ case KEYDB_SEARCH_MODE_FIRST:
if (pk||sk)
goto found;
break;
- case KEYDB_SEARCH_MODE_NEXT:
+ case KEYDB_SEARCH_MODE_NEXT:
if (pk||sk)
goto found;
break;
- default:
+ default:
rc = G10ERR_INV_ARG;
goto found;
}
@@ -1121,7 +1131,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
meaningful if this function returns with no errors. */
if(descindex)
*descindex=n;
- for (n=any_skip?0:ndesc; n < ndesc; n++)
+ for (n=any_skip?0:ndesc; n < ndesc; n++)
{
if (desc[n].skipfnc
&& desc[n].skipfnc (desc[n].skipfncvalue, aki, uid))
@@ -1147,12 +1157,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (use_offtbl && !kr_offtbl_ready)
{
KR_NAME kr;
-
+
/* First set the did_full_scan flag for this keyring (ignore
secret keyrings) */
for (kr=kr_names; kr; kr = kr->next)
{
- if (!kr->secret && hd->resource == kr)
+ if (!kr->secret && hd->resource == kr)
{
kr->did_full_scan = 1;
break;
@@ -1162,14 +1172,14 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
offtbl ready */
for (kr=kr_names; kr; kr = kr->next)
{
- if (!kr->secret && !kr->did_full_scan)
+ if (!kr->secret && !kr->did_full_scan)
break;
}
if (!kr)
kr_offtbl_ready = 1;
}
}
- else
+ else
hd->current.error = rc;
free_packet(&pkt);
@@ -1181,7 +1191,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc,
static int
create_tmp_file (const char *template,
char **r_bakfname, char **r_tmpfname, IOBUF *r_fp)
-{
+{
char *bakfname, *tmpfname;
mode_t oldmask;
@@ -1205,7 +1215,7 @@ create_tmp_file (const char *template,
strcpy (tmpfname,template);
strcpy (tmpfname+strlen(template)-4, EXTSEP_S "tmp");
}
- else
+ else
{ /* file does not end with gpg; hmmm */
bakfname = xmalloc (strlen( template ) + 5);
strcpy (stpcpy(bakfname, template), EXTSEP_S "bak");
@@ -1239,7 +1249,7 @@ create_tmp_file (const char *template,
xfree (bakfname);
return rc;
}
-
+
*r_bakfname = bakfname;
*r_tmpfname = tmpfname;
return 0;
@@ -1272,7 +1282,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
/* first make a backup file except for secret keyrings */
if (!secret)
- {
+ {
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
remove (bakfname);
#endif
@@ -1284,7 +1294,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
return rc;
}
}
-
+
/* then rename the file */
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
remove( fname );
@@ -1309,7 +1319,7 @@ rename_tmp_file (const char *bakfname, const char *tmpfname,
statbuf.st_mode=S_IRUSR | S_IWUSR;
if (((secret && !opt.preserve_permissions)
- || !stat (bakfname,&statbuf))
+ || !stat (bakfname,&statbuf))
&& !chmod (fname,statbuf.st_mode))
;
else
@@ -1337,10 +1347,10 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
{
KBNODE kbctx = NULL, node;
int rc;
-
- while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
+
+ while ( (node = walk_kbnode (keyblock, &kbctx, 0)) )
{
- if (node->pkt->pkttype == PKT_RING_TRUST)
+ if (node->pkt->pkttype == PKT_RING_TRUST)
continue; /* we write it later on our own */
if ( (rc = build_packet (fp, node->pkt) ))
@@ -1349,12 +1359,12 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
node->pkt->pkttype, g10_errstr(rc) );
return rc;
}
- if (node->pkt->pkttype == PKT_SIGNATURE)
+ if (node->pkt->pkttype == PKT_SIGNATURE)
{ /* always write a signature cache packet */
PKT_signature *sig = node->pkt->pkt.signature;
unsigned int cacheval = 0;
-
- if (sig->flags.checked)
+
+ if (sig->flags.checked && sig->digest_algo != DIGEST_ALGO_MD5)
{
cacheval |= 1;
if (sig->flags.valid)
@@ -1363,7 +1373,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
iobuf_put (fp, 0xb0); /* old style packet 12, 1 byte len*/
iobuf_put (fp, 2); /* 2 bytes */
iobuf_put (fp, 0); /* unused */
- if (iobuf_put (fp, cacheval))
+ if (iobuf_put (fp, cacheval))
{
rc = gpg_error_from_syserror ();
log_error ("writing sigcache packet failed\n");
@@ -1374,7 +1384,7 @@ write_keyblock (IOBUF fp, KBNODE keyblock)
return 0;
}
-/*
+/*
* Walk over all public keyrings, check the signatures and replace the
* keyring with a new one where the signature cache is then updated.
* This is only done for the public keyrings.
@@ -1419,7 +1429,7 @@ keyring_rebuild_cache (void *token,int noisy)
* the original file is closed */
tmpfp = NULL;
}
- rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
+ rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
lastresname, 0) : 0;
xfree (tmpfilename); tmpfilename = NULL;
xfree (bakfilename); bakfilename = NULL;
@@ -1432,10 +1442,10 @@ keyring_rebuild_cache (void *token,int noisy)
if (rc)
goto leave;
}
-
+
release_kbnode (keyblock);
rc = keyring_get_keyblock (hd, &keyblock);
- if (rc)
+ if (rc)
{
log_error ("keyring_get_keyblock failed: %s\n", g10_errstr(rc));
goto leave;
@@ -1479,7 +1489,7 @@ keyring_rebuild_cache (void *token,int noisy)
sigcount++;
}
}
-
+
/* write the keyblock to the temporary file */
rc = write_keyblock (tmpfp, keyblock);
if (rc)
@@ -1489,10 +1499,10 @@ keyring_rebuild_cache (void *token,int noisy)
log_info(_("%lu keys cached so far (%lu signatures)\n"),
count, sigcount );
- } /* end main loop */
+ } /* end main loop */
if (rc == -1)
rc = 0;
- if (rc)
+ if (rc)
{
log_error ("keyring_search failed: %s\n", g10_errstr(rc));
goto leave;
@@ -1520,8 +1530,8 @@ keyring_rebuild_cache (void *token,int noisy)
leave:
if (tmpfp)
iobuf_cancel (tmpfp);
- xfree (tmpfilename);
- xfree (bakfilename);
+ xfree (tmpfilename);
+ xfree (bakfilename);
release_kbnode (keyblock);
keyring_lock (hd, 0);
keyring_release (hd);
@@ -1544,13 +1554,13 @@ do_copy (int mode, const char *fname, KBNODE root, int secret,
char *bakfname = NULL;
char *tmpfname = NULL;
- /* Open the source file. Because we do a rename, we have to check the
+ /* Open the source file. Because we do a rename, we have to check the
permissions of the file */
if (access (fname, W_OK))
return gpg_error_from_syserror ();
fp = iobuf_open (fname);
- if (mode == 1 && !fp && errno == ENOENT) {
+ if (mode == 1 && !fp && errno == ENOENT) {
/* insert mode but file does not exist: create a new file */
KBNODE kbctx, node;
mode_t oldmask;
diff --git a/g10/main.h b/g10/main.h
index 4cf2cc7..e97b936 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -63,9 +63,6 @@ extern int g10_errors_seen;
#else
void g10_exit(int rc);
#endif
-void print_pubkey_algo_note( int algo );
-void print_cipher_algo_note( int algo );
-void print_digest_algo_note( int algo );
/*-- armor.c --*/
char *make_radix64_string( const byte *data, size_t len );
@@ -82,6 +79,10 @@ u16 checksum( byte *p, unsigned n );
u16 checksum_mpi( gcry_mpi_t a );
u32 buffer_to_u32( const byte *buffer );
const byte *get_session_marker( size_t *rlen );
+void print_pubkey_algo_note( int algo );
+void print_cipher_algo_note( int algo );
+void print_digest_algo_note( int algo );
+void print_md5_rejected_note (void);
int map_cipher_openpgp_to_gcry (int algo);
#define openpgp_cipher_open(_a,_b,_c,_d) gcry_cipher_open((_a),map_cipher_openpgp_to_gcry((_b)),(_c),(_d))
#define openpgp_cipher_get_algo_keylen(_a) gcry_cipher_get_algo_keylen(map_cipher_openpgp_to_gcry((_a)))
diff --git a/g10/misc.c b/g10/misc.c
index ef03776..17494ac 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -340,6 +340,22 @@ print_digest_algo_note( int algo )
}
+void
+print_md5_rejected_note (void)
+{
+ static int shown;
+
+ if (!shown)
+ {
+ fflush (stdout);
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ "MD5");
+ shown = 1;
+ }
+}
+
+
/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
this for algorithms we implemented in Libgcrypt after they become
part of OpenPGP. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index ed4fa89..2999693 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -272,16 +272,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if (sig->digest_algo == GCRY_MD_MD5
&& !opt.flags.allow_weak_digest_algos)
{
- static int shown;
-
- if (!shown)
- {
- log_info
- (_("Note: signatures using the %s algorithm are rejected\n"),
- "MD5");
- shown = 1;
- }
-
+ print_md5_rejected_note ();
return GPG_ERR_DIGEST_ALGO;
}
@@ -549,9 +540,11 @@ check_key_signature2( KBNODE root, KBNODE node, PKT_public_key *check_pk,
/* Check whether we have cached the result of a previous signature
check. Note that we may no longer have the pubkey or hash
needed to verify a sig, but can still use the cached value. A
- cache refresh detects and clears these cases. */
+ cache refresh detects and clears these cases.
+ For safety reasons we ignore cache entries from MD5 signatures. */
if ( !opt.no_sig_cache ) {
- if (sig->flags.checked) { /*cached status available*/
+ if (sig->flags.checked && sig->digest_algo != DIGEST_ALGO_MD5) {
+ /*cached status available*/
if( is_selfsig ) {
u32 keyid[2];
-----------------------------------------------------------------------
Summary of changes:
g10/keyid.c | 2 +-
g10/keyring.c | 230 +++++++++++++++++++++++++++++--------------------------
g10/main.h | 7 +-
g10/misc.c | 16 ++++
g10/sig-check.c | 17 ++--
5 files changed, 146 insertions(+), 126 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Oct 12 20:19:18 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 12 Oct 2014 20:19:18 +0200
Subject: [git] GnuPG - branch, wk/test-master,
created. gnupg-2.1.0-beta864-15-gbb961e0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, wk/test-master has been created
at bb961e062bbf1011ef3430afdf2075561ba400ab (commit)
- Log -----------------------------------------------------------------
commit bb961e062bbf1011ef3430afdf2075561ba400ab
Author: Werner Koch
Date: Sun Oct 12 20:07:12 2014 +0200
gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys. Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.
* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto. Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures. Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.
* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--
v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys. Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.
We have also kept support for v3 signatures until now. With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures. What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages. These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.
Signed-off-by: Werner Koch
diff --git a/doc/OpenPGP b/doc/OpenPGP
index 96223d7..794f669 100644
--- a/doc/OpenPGP
+++ b/doc/OpenPGP
@@ -9,6 +9,15 @@
===================
GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions:
+ * With GnuPG >= 2.1.0 all support for version 3 keys has been
+ removed. Thus there is no more compatibility with PGP-2. Users
+ who need to be able to decrypt old PGP 2 messages should use
+ GnuPG 1.4.x along with the option --allow-weak-digest-algos.
+
+ * With GnuPG >= 2.1.0 all signatures (on messages and keys) are
+ created using version 4 signatures. Support for verifying
+ version 3 signature is still available.
+
* (9.2) states that IDEA SHOULD be implemented. This is not done
due to patent problems.
UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index e7360e9..54ca1b2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2129,6 +2129,7 @@ platforms that have different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default.
+ at ifclear gpgtwoone
@item --force-v3-sigs
@itemx --no-force-v3-sigs
@opindex force-v3-sigs
@@ -2147,6 +2148,15 @@ Defaults to no.
Always use v4 key signatures even on v3 keys. This option also
changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
@option{--no-force-v4-certs} disables this option.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --force-v3-sigs
+ at itemx --no-force-v3-sigs
+ at item --force-v4-certs
+ at itemx --no-force-v4-certs
+These options are obsolete and have no effect since GnuPG 2.1.
+ at end ifset
@item --force-mdc
@opindex force-mdc
@@ -2301,8 +2311,12 @@ compression algorithms none and ZIP. This also disables
--throw-keyids, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
-This option implies @option{--disable-mdc --escape-from-lines
---force-v3-sigs}.
+ at ifclear gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines --force-v3-sigs}.
+ at end ifclear
+ at ifset gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines}.
+ at end ifset
@item --pgp7
@opindex pgp7
diff --git a/g10/build-packet.c b/g10/build-packet.c
index af0de3b..c04abab 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -291,24 +291,13 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
int i, nskey, npkey;
iobuf_t a = iobuf_temp(); /* Build in a self-enlarging buffer. */
- /* Write the version number - if none is specified, use 3 */
+ /* Write the version number - if none is specified, use 4 */
if ( !pk->version )
- iobuf_put ( a, 3 );
+ iobuf_put ( a, 4 );
else
iobuf_put ( a, pk->version );
write_32 (a, pk->timestamp );
- /* v3 needs the expiration time. */
- if ( pk->version < 4 )
- {
- u16 ndays;
- if ( pk->expiredate )
- ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
- else
- ndays = 0;
- write_16(a, ndays);
- }
-
iobuf_put (a, pk->pubkey_algo );
/* Get number of secret and public parameters. They are held in one
@@ -347,45 +336,37 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
/* Build the header for protected (encrypted) secret parameters. */
if (ski->is_protected)
{
- if ( is_RSA (pk->pubkey_algo) && pk->version < 4 && !ski->s2k.mode )
+ /* OpenPGP protection according to rfc2440. */
+ iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
+ iobuf_put (a, ski->algo);
+ if (ski->s2k.mode >= 1000)
{
- /* The simple rfc1991 (v3) way. */
- iobuf_put (a, ski->algo );
- iobuf_write (a, ski->iv, ski->ivlen);
+ /* These modes are not possible in OpenPGP, we use them
+ to implement our extensions, 101 can be viewed as a
+ private/experimental extension (this is not specified
+ in rfc2440 but the same scheme is used for all other
+ algorithm identifiers). */
+ iobuf_put (a, 101);
+ iobuf_put (a, ski->s2k.hash_algo);
+ iobuf_write (a, "GNU", 3 );
+ iobuf_put (a, ski->s2k.mode - 1000);
}
else
{
- /* OpenPGP protection according to rfc2440. */
- iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
- iobuf_put (a, ski->algo);
- if (ski->s2k.mode >= 1000)
- {
- /* These modes are not possible in OpenPGP, we use
- them to implement our extensions, 101 can be
- viewed as a private/experimental extension (this
- is not specified in rfc2440 but the same scheme
- is used for all other algorithm identifiers). */
- iobuf_put (a, 101);
- iobuf_put (a, ski->s2k.hash_algo);
- iobuf_write (a, "GNU", 3 );
- iobuf_put (a, ski->s2k.mode - 1000);
- }
- else
- {
- iobuf_put (a, ski->s2k.mode);
- iobuf_put (a, ski->s2k.hash_algo);
- }
-
- if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
- iobuf_write (a, ski->s2k.salt, 8);
-
- if (ski->s2k.mode == 3)
- iobuf_put (a, ski->s2k.count);
-
- /* For our special modes 1001, 1002 we do not need an IV. */
- if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
- iobuf_write (a, ski->iv, ski->ivlen);
+ iobuf_put (a, ski->s2k.mode);
+ iobuf_put (a, ski->s2k.hash_algo);
}
+
+ if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
+ iobuf_write (a, ski->s2k.salt, 8);
+
+ if (ski->s2k.mode == 3)
+ iobuf_put (a, ski->s2k.count);
+
+ /* For our special modes 1001, 1002 we do not need an IV. */
+ if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
+ iobuf_write (a, ski->iv, ski->ivlen);
+
}
else /* Not protected. */
iobuf_put (a, 0 );
@@ -400,7 +381,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
/* The serial number gets stored in the IV field. */
iobuf_write (a, ski->iv, ski->ivlen);
}
- else if (ski->is_protected && pk->version >= 4)
+ else if (ski->is_protected)
{
/* The secret key is protected - write it out as it is. */
byte *p;
@@ -410,20 +391,6 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
iobuf_write (a, p, (ndatabits+7)/8 );
}
- else if (ski->is_protected)
- {
- /* The secret key is protected the old v4 way. */
- for ( ; i < nskey; i++ )
- {
- byte *p;
- unsigned int ndatabits;
-
- assert (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE));
- p = gcry_mpi_get_opaque (pk->pkey[i], &ndatabits);
- iobuf_write (a, p, (ndatabits+7)/8);
- }
- write_16 (a, ski->csum );
- }
else
{
/* Non-protected key. */
diff --git a/g10/filter.h b/g10/filter.h
index 40c5134..731ad0f 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -152,7 +152,7 @@ int cipher_filter( void *opaque, int control,
int text_filter( void *opaque, int control,
iobuf_t chain, byte *buf, size_t *ret_len);
int copy_clearsig_text (iobuf_t out, iobuf_t inp, gcry_md_hd_t md,
- int escape_dash, int escape_from, int pgp2mode);
+ int escape_dash, int escape_from);
/*-- progress.c --*/
progress_filter_context_t *new_progress_context (void);
diff --git a/g10/gpg.c b/g10/gpg.c
index 57deb8d..1df44fe 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -272,10 +272,6 @@ enum cmd_and_opt_values
oShowPhotos,
oNoShowPhotos,
oPhotoViewer,
- oForceV3Sigs,
- oNoForceV3Sigs,
- oForceV4Certs,
- oNoForceV4Certs,
oForceMDC,
oNoForceMDC,
oDisableMDC,
@@ -525,10 +521,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
- ARGPARSE_s_n (oForceV3Sigs, "force-v3-sigs", "@"),
- ARGPARSE_s_n (oNoForceV3Sigs, "no-force-v3-sigs", "@"),
- ARGPARSE_s_n (oForceV4Certs, "force-v4-certs", "@"),
- ARGPARSE_s_n (oNoForceV4Certs, "no-force-v4-certs", "@"),
ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
@@ -810,6 +802,10 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
ARGPARSE_s_n (oNoop, "compress-keys", "@"),
ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
ARGPARSE_end ()
};
@@ -2535,7 +2531,6 @@ main (int argc, char **argv)
opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 1;
- opt.force_v3_sigs = 0;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2553,7 +2548,6 @@ main (int argc, char **argv)
opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 0;
- opt.force_v3_sigs = 0;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2637,10 +2631,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
- case oForceV3Sigs: opt.force_v3_sigs = 1; break;
- case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
- case oForceV4Certs: opt.force_v4_certs = 1; break;
- case oNoForceV4Certs: opt.force_v4_certs = 0; break;
+
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
@@ -3288,15 +3279,17 @@ main (int argc, char **argv)
/* Do these after the switch(), so they can override settings. */
if(PGP6)
{
+ /* That does not anymore work becuase we have no more support
+ for v3 signatures. */
opt.disable_mdc=1;
opt.escape_from=1;
- opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if(PGP7)
{
+ /* That does not anymore work because we have no more support
+ for v3 signatures. */
opt.escape_from=1;
- opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if(PGP8)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 308576d..a8e6f5d 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -536,14 +536,10 @@ sign_uids (estream_t fp,
{
u32 sk_keyid[2], pk_keyid[2];
char *p, *trust_regexp = NULL;
- int force_v4 = 0, class = 0, selfsig = 0;
+ int class = 0, selfsig = 0;
u32 duration = 0, timestamp = 0;
byte trust_depth = 0, trust_value = 0;
- if (local || nonrevocable || trust
- || opt.cert_policy_url || opt.cert_notations)
- force_v4 = 1;
-
pk = sk_rover->pk;
keyid_from_pk (pk, sk_keyid);
@@ -567,14 +563,7 @@ sign_uids (estream_t fp,
/* Is this a self-sig? */
if (pk_keyid[0] == sk_keyid[0] && pk_keyid[1] == sk_keyid[1])
- {
- selfsig = 1;
- /* Do not force a v4 sig here, otherwise it would
- be difficult to remake a v3 selfsig. If this
- is a v3->v4 promotion case, then we set
- force_v4 later anyway. */
- force_v4 = 0;
- }
+ selfsig = 1;
}
else if (node->pkt->pkttype == PKT_USER_ID)
{
@@ -716,7 +705,6 @@ sign_uids (estream_t fp,
"it to an OpenPGP self-"
"signature? (y/N) ")))
{
- force_v4 = 1;
node->flag |= NODFLG_DELSIG;
xfree (user);
continue;
@@ -860,7 +848,6 @@ sign_uids (estream_t fp,
passphrase, etc). */
timestamp = now;
duration = primary_pk->expiredate - now;
- force_v4 = 1;
}
cpr_kill_prompt ();
@@ -879,9 +866,6 @@ sign_uids (estream_t fp,
duration = parse_expire_string (opt.def_cert_expire);
}
- if (duration)
- force_v4 = 1;
-
if (selfsig)
;
else
@@ -1041,7 +1025,7 @@ sign_uids (estream_t fp,
node->pkt->pkt.user_id,
NULL,
pk,
- 0x13, 0, force_v4 ? 4 : 0, 0, 0,
+ 0x13, 0, 0, 0,
keygen_add_std_prefs, primary_pk,
NULL);
else
@@ -1049,7 +1033,7 @@ sign_uids (estream_t fp,
node->pkt->pkt.user_id,
NULL,
pk,
- class, 0, force_v4 ? 4 : 0,
+ class, 0,
timestamp, duration,
sign_mk_attrib, &attrib,
NULL);
@@ -3290,7 +3274,7 @@ menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name)
if (!uid)
return 0;
- err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0,
+ err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk, NULL);
if (err)
{
@@ -3674,9 +3658,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
break;
}
- /* The 1F signature must be at least v4 to carry the revocation key
- subpacket. */
- rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0,
+ rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
keygen_add_revkey, &revkey, NULL);
if (rc)
{
@@ -4966,7 +4948,7 @@ reloop: /* (must use this, because we are modifing the list) */
}
rc = make_keysig_packet (&sig, primary_pk,
unode->pkt->pkt.user_id,
- NULL, signerkey, 0x30, 0, 0, 0, 0,
+ NULL, signerkey, 0x30, 0, 0, 0,
sign_mk_attrib, &attrib, NULL);
free_public_key (signerkey);
if (rc)
@@ -5058,7 +5040,7 @@ menu_revuid (KBNODE pub_keyblock)
node->flag &= ~NODFLG_SELUID;
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
- (reason == NULL) ? 3 : 0, timestamp, 0,
+ timestamp, 0,
sign_mk_attrib, &attrib, NULL);
if (rc)
{
@@ -5122,7 +5104,7 @@ menu_revkey (KBNODE pub_keyblock)
return 0;
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
- 0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0,
+ 0x20, 0, 0, 0,
revocation_reason_build_cb, reason, NULL);
if (rc)
{
@@ -5183,7 +5165,7 @@ menu_revsubkey (KBNODE pub_keyblock)
node->flag &= ~NODFLG_SELKEY;
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
- 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib,
+ 0x28, 0, 0, 0, sign_mk_attrib, &attrib,
NULL);
if (rc)
{
diff --git a/g10/keygen.c b/g10/keygen.c
index 6079ff0..8095452 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -812,7 +812,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
cache_public_key (sub_pk);
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
- 0, 0, timestamp, 0, NULL, NULL, cache_nonce);
+ 0, timestamp, 0, NULL, NULL, cache_nonce);
if (err)
log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err));
else
@@ -922,7 +922,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
/* Make the signature. */
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_revkey, revkey, cache_nonce);
if (err)
{
@@ -977,7 +977,7 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
/* Make the signature. */
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_std_prefs, pk, cache_nonce);
if (err)
{
@@ -1036,12 +1036,12 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
oduap.usage = use;
oduap.pk = sub_pk;
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_key_flags_and_expire, &oduap,
cache_nonce);
if (err)
{
- log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
+ log_error ("make_keysig_packeto failed: %s\n", g10_errstr (err));
return err;
}
diff --git a/g10/keyid.c b/g10/keyid.c
index 3b4c10c..f1fbec2 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -147,10 +147,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
size_t nbytes;
int npkey = pubkey_get_npkey (pk->pubkey_algo);
- /* Two extra bytes for the expiration date in v3 */
- if(pk->version<4)
- n+=2;
-
/* FIXME: We can avoid the extra malloc by calling only the first
mpi_print here which computes the required length and calling the
real mpi_print only at the end. The speed advantage would only be
@@ -211,16 +207,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
gcry_md_putc ( md, pk->timestamp >> 8 );
gcry_md_putc ( md, pk->timestamp );
- if(pk->version<4)
- {
- u16 days=0;
- if(pk->expiredate)
- days=(u16)((pk->expiredate - pk->timestamp) / 86400L);
-
- gcry_md_putc ( md, days >> 8 );
- gcry_md_putc ( md, days );
- }
-
gcry_md_putc ( md, pk->pubkey_algo );
if(npkey==0 && pk->pkey[0]
@@ -432,18 +418,6 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid)
keyid[1] = pk->keyid[1];
lowbits = keyid[1];
}
- else if( pk->version < 4 )
- {
- if( is_RSA(pk->pubkey_algo) )
- {
- lowbits = (pubkey_get_npkey (pk->pubkey_algo) ?
- v3_keyid ( pk->pkey[0], keyid ) : 0); /* From n. */
- pk->keyid[0] = keyid[0];
- pk->keyid[1] = keyid[1];
- }
- else
- pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
- }
else
{
const byte *dp;
@@ -706,66 +680,20 @@ colon_expirestr_from_sig (PKT_signature *sig)
byte *
fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
{
- byte *buf;
const byte *dp;
- size_t len, nbytes;
- int i;
-
- if ( pk->version < 4 )
- {
- if ( is_RSA(pk->pubkey_algo) )
- {
- /* RSA in version 3 packets is special. */
- gcry_md_hd_t md;
-
- if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
- BUG ();
- if ( pubkey_get_npkey (pk->pubkey_algo) > 1 )
- {
- for (i=0; i < 2; i++)
- {
- if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
- &nbytes, pk->pkey[i]))
- BUG ();
- /* fixme: Better allocate BUF on the stack */
- buf = xmalloc (nbytes);
- if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
- NULL, pk->pkey[i]))
- BUG ();
- gcry_md_write (md, buf, nbytes);
- xfree (buf);
- }
- }
- gcry_md_final (md);
- if (!array)
- array = xmalloc (16);
- len = 16;
- memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
- gcry_md_close(md);
- }
- else
- {
- if (!array)
- array = xmalloc(16);
- len = 16;
- memset (array,0,16);
- }
- }
- else
- {
- gcry_md_hd_t md;
+ size_t len;
+ gcry_md_hd_t md;
- md = do_fingerprint_md(pk);
- dp = gcry_md_read( md, 0 );
- len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
- assert( len <= MAX_FINGERPRINT_LEN );
- if (!array)
- array = xmalloc ( len );
- memcpy (array, dp, len );
- pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
- pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
- gcry_md_close( md);
- }
+ md = do_fingerprint_md(pk);
+ dp = gcry_md_read( md, 0 );
+ len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+ assert( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc ( len );
+ memcpy (array, dp, len );
+ pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ gcry_md_close( md);
*ret_len = len;
return array;
diff --git a/g10/options.h b/g10/options.h
index edd31a9..0875eb5 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -74,8 +74,6 @@ struct
int no_armor;
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo;
- int force_v3_sigs;
- int force_v4_certs;
int force_mdc;
int disable_mdc;
int def_digest_algo;
diff --git a/g10/packet.h b/g10/packet.h
index b1b82d7..ba43638 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -530,7 +530,7 @@ int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, int sigclass, int digest_algo,
- int sigversion, u32 timestamp, u32 duration,
+ u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque,
const char *cache_nonce);
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f7b2079..50da17c 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1901,53 +1901,6 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
}
-static gcry_mpi_t
-read_protected_v3_mpi (IOBUF inp, unsigned long *length)
-{
- int c;
- unsigned int nbits, nbytes;
- unsigned char *buf, *p;
- gcry_mpi_t val;
-
- if (*length < 2)
- {
- log_error ("mpi too small\n");
- return NULL;
- }
-
- if ((c = iobuf_get (inp)) == -1)
- return NULL;
- --*length;
- nbits = c << 8;
- if ((c = iobuf_get (inp)) == -1)
- return NULL;
- --*length;
- nbits |= c;
-
- if (nbits > 16384)
- {
- log_error ("mpi too large (%u bits)\n", nbits);
- return NULL;
- }
- nbytes = (nbits + 7) / 8;
- buf = p = xmalloc (2 + nbytes);
- *p++ = nbits >> 8;
- *p++ = nbits;
- for (; nbytes && *length; nbytes--, --*length)
- *p++ = iobuf_get (inp);
- if (nbytes)
- {
- log_error ("packet shorter than mpi\n");
- xfree (buf);
- return NULL;
- }
-
- /* Convert buffer into an opaque MPI. */
- val = gcry_mpi_set_opaque (NULL, buf, (p - buf) * 8);
- return val;
-}
-
-
static int
parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
byte * hdr, int hdrlen, PACKET * pkt)
@@ -1956,7 +1909,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
int i, version, algorithm;
unsigned long timestamp, expiredate, max_expiredate;
int npkey, nskey;
- int is_v4 = 0;
int rc = 0;
u32 keyid[2];
PKT_public_key *pk;
@@ -1991,8 +1943,19 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
return 0;
}
else if (version == 4)
- is_v4 = 1;
- else if (version != 2 && version != 3)
+ {
+ /* The only supported version. Use an older gpg
+ versions (i.e. gpg 1.4 to parse v3 packets). */
+ }
+ else if (version == 2 || version == 3)
+ {
+ log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
+ if (list_mode)
+ es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
+ err = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ else
{
log_error ("packet(%d) with unknown version %d\n", pkttype, version);
if (list_mode)
@@ -2012,23 +1975,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
timestamp = read_32 (inp);
pktlen -= 4;
- if (is_v4)
- {
- expiredate = 0; /* have to get it from the selfsignature */
- max_expiredate = 0;
- }
- else
- {
- unsigned short ndays;
- ndays = read_16 (inp);
- pktlen -= 2;
- if (ndays)
- expiredate = timestamp + ndays * 86400L;
- else
- expiredate = 0;
-
- max_expiredate = expiredate;
- }
+ expiredate = 0; /* have to get it from the selfsignature */
+ max_expiredate = 0;
algorithm = iobuf_get_noeof (inp);
pktlen--;
if (list_mode)
@@ -2145,7 +2093,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
ski->s2k.hash_algo = iobuf_get_noeof (inp);
pktlen--;
/* Check for the special GNU extension. */
- if (is_v4 && ski->s2k.mode == 101)
+ if (ski->s2k.mode == 101)
{
for (i = 0; i < 4 && pktlen; i++, pktlen--)
temp[i] = iobuf_get_noeof (inp);
@@ -2312,7 +2260,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
10 * 8);
pktlen = 0;
}
- else if (is_v4 && ski->is_protected)
+ else if (ski->is_protected)
{
/* Ugly: The length is encrypted too, so we read all stuff
* up to the end of the packet into the first SKEY
@@ -2331,29 +2279,18 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
}
else
{
- /* The v3 method: The mpi length is not encrypted. */
+ /* Not encrypted. */
for (i = npkey; i < nskey; i++)
{
- if (ski->is_protected)
- {
- pk->pkey[i] = read_protected_v3_mpi (inp, &pktlen);
- if (pk->pkey[i])
- gcry_mpi_set_flag (pk->pkey[i], GCRYMPI_FLAG_USER1);
- if (list_mode)
- es_fprintf (listfp, "\tskey[%d]: [v3 protected]\n", i);
- }
- else
- {
- unsigned int n = pktlen;
- pk->pkey[i] = mpi_read (inp, &n, 0);
- pktlen -= n;
- if (list_mode)
- {
- es_fprintf (listfp, "\tskey[%d]: ", i);
- mpi_print (listfp, pk->pkey[i], mpi_print_mode);
- es_putc ('\n', listfp);
- }
- }
+ unsigned int n = pktlen;
+ pk->pkey[i] = mpi_read (inp, &n, 0);
+ pktlen -= n;
+ if (list_mode)
+ {
+ es_fprintf (listfp, "\tskey[%d]: ", i);
+ mpi_print (listfp, pk->pkey[i], mpi_print_mode);
+ es_putc ('\n', listfp);
+ }
if (!pk->pkey[i])
err = gpg_error (GPG_ERR_INV_PACKET);
diff --git a/g10/revoke.c b/g10/revoke.c
index 81b5d6d..6b9e709 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -338,7 +338,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
/* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
- 0, 0, 0,
+ 0, 0,
revocation_reason_build_cb, reason,
NULL);
if( rc ) {
@@ -465,7 +465,6 @@ create_revocation (const char *filename,
push_armor_filter (afx, out);
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
- opt.force_v4_certs? 4:0,
0, 0,
revocation_reason_build_cb, reason, cache_nonce);
if (rc)
@@ -649,16 +648,13 @@ gen_revoke (const char *uname)
goto leave;
}
- if (psk->version >= 4 || opt.force_v4_certs)
+ /* Get the reason for the revocation. */
+ reason = ask_revocation_reason (1, 0, 1);
+ if (!reason)
{
- /* Get the reason for the revocation. */
- reason = ask_revocation_reason (1, 0, 1);
- if (!reason)
- {
- /* user decided to cancel */
- rc = 0;
- goto leave;
- }
+ /* User decided to cancel. */
+ rc = 0;
+ goto leave;
}
if (!opt.armor)
diff --git a/g10/sign.c b/g10/sign.c
index bd78c17..e7d4a68 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -155,30 +155,32 @@ mk_notation_policy_etc (PKT_signature *sig,
static void
hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
{
- if ( sigversion >= 4 ) {
- byte buf[5];
-
- if(uid->attrib_data) {
- buf[0] = 0xd1; /* indicates an attribute packet */
- buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
- buf[2] = uid->attrib_len >> 16;
- buf[3] = uid->attrib_len >> 8;
- buf[4] = uid->attrib_len;
- }
- else {
- buf[0] = 0xb4; /* indicates a userid packet */
- buf[1] = uid->len >> 24; /* always use 4 length bytes */
- buf[2] = uid->len >> 16;
- buf[3] = uid->len >> 8;
- buf[4] = uid->len;
- }
- gcry_md_write( md, buf, 5 );
+ byte buf[5];
+
+ (void)sigversion;
+
+ if (uid->attrib_data)
+ {
+ buf[0] = 0xd1; /* Indicates an attribute packet. */
+ buf[1] = uid->attrib_len >> 24; /* Always use 4 length bytes. */
+ buf[2] = uid->attrib_len >> 16;
+ buf[3] = uid->attrib_len >> 8;
+ buf[4] = uid->attrib_len;
+ }
+ else
+ {
+ buf[0] = 0xb4; /* Indicates a userid packet. */
+ buf[1] = uid->len >> 24; /* Always use 4 length bytes. */
+ buf[2] = uid->len >> 16;
+ buf[3] = uid->len >> 8;
+ buf[4] = uid->len;
}
+ gcry_md_write( md, buf, 5 );
- if(uid->attrib_data)
- gcry_md_write (md, uid->attrib_data, uid->attrib_len );
- else
- gcry_md_write (md, uid->name, uid->len );
+ if (uid->attrib_data)
+ gcry_md_write (md, uid->attrib_data, uid->attrib_len );
+ else
+ gcry_md_write (md, uid->name, uid->len );
}
@@ -188,45 +190,38 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
static void
hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
{
- if (sig->version >= 4)
- gcry_md_putc (md, sig->version);
- gcry_md_putc (md, sig->sig_class);
- if (sig->version < 4) {
- u32 a = sig->timestamp;
- gcry_md_putc (md, (a >> 24) & 0xff );
- gcry_md_putc (md, (a >> 16) & 0xff );
- gcry_md_putc (md, (a >> 8) & 0xff );
- gcry_md_putc (md, a & 0xff );
+ byte buf[6];
+ size_t n;
+
+ gcry_md_putc (md, sig->version);
+ gcry_md_putc (md, sig->sig_class);
+ gcry_md_putc (md, sig->pubkey_algo);
+ gcry_md_putc (md, sig->digest_algo);
+ if (sig->hashed)
+ {
+ n = sig->hashed->len;
+ gcry_md_putc (md, (n >> 8) );
+ gcry_md_putc (md, n );
+ gcry_md_write (md, sig->hashed->data, n );
+ n += 6;
}
- else {
- byte buf[6];
- size_t n;
-
- gcry_md_putc (md, sig->pubkey_algo);
- gcry_md_putc (md, sig->digest_algo);
- if (sig->hashed) {
- n = sig->hashed->len;
- gcry_md_putc (md, (n >> 8) );
- gcry_md_putc (md, n );
- gcry_md_write (md, sig->hashed->data, n );
- n += 6;
- }
- else {
- gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
- gcry_md_putc (md, 0);
- n = 6;
- }
- /* add some magic */
- buf[0] = sig->version;
- buf[1] = 0xff;
- buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
- buf[3] = n >> 16;
- buf[4] = n >> 8;
- buf[5] = n;
- gcry_md_write (md, buf, 6);
+ else
+ {
+ gcry_md_putc (md, 0); /* Always hash the length of the subpacket. */
+ gcry_md_putc (md, 0);
+ n = 6;
}
+ /* Add some magic. */
+ buf[0] = sig->version;
+ buf[1] = 0xff;
+ buf[2] = n >> 24; /* (n is only 16 bit, so this is always 0) */
+ buf[3] = n >> 16;
+ buf[4] = n >> 8;
+ buf[5] = n;
+ gcry_md_write (md, buf, 6);
}
+
/* Perform the sign operation. If CACHE_NONCE is given the agent is
advised to use that cached passphrase fro the key. */
static int
@@ -520,26 +515,6 @@ hash_for (PKT_public_key *pk)
}
-/* Return true iff all keys in SK_LIST are old style (v3 RSA). */
-static int
-only_old_style (SK_LIST sk_list)
-{
- SK_LIST sk_rover = NULL;
- int old_style = 0;
-
- for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
- {
- PKT_public_key *pk = sk_rover->pk;
-
- if (pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4)
- old_style = 1;
- else
- return 0;
- }
- return old_style;
-}
-
-
static void
print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what)
{
@@ -705,10 +680,8 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
/* Build the signature packet. */
sig = xmalloc_clear (sizeof *sig);
- if (opt.force_v3_sigs)
- sig->version = 3;
- else if (duration || opt.sig_policy_url
- || opt.sig_notations || opt.sig_keyserver_url)
+ if (duration || opt.sig_policy_url
+ || opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
else
sig->version = pk->version;
@@ -727,11 +700,8 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
if (gcry_md_copy (&md, hash))
BUG ();
- if (sig->version >= 4)
- {
- build_sig_subpkt_from_sig (sig);
- mk_notation_policy_etc (sig, pk, NULL);
- }
+ build_sig_subpkt_from_sig (sig);
+ mk_notation_policy_etc (sig, pk, NULL);
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
@@ -814,13 +784,10 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave;
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval(1,opt.def_sig_expire);
+ else
+ duration = parse_expire_string(opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
@@ -1123,30 +1090,22 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
- int old_style = 0;
- int only_md5 = 0;
u32 duration=0;
pfx = new_progress_context ();
afx = new_armor_context ();
init_packet( &pkt );
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval (1,opt.def_sig_expire);
+ else
+ duration = parse_expire_string (opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
- if(!duration )
- old_style = only_old_style( sk_list );
-
/* prepare iobufs */
inp = iobuf_open(fname);
if (inp && is_secured_file (iobuf_get_fd (inp)))
@@ -1184,18 +1143,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
- for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
- {
- if (hash_for (sk_rover->pk) == DIGEST_ALGO_MD5)
- only_md5 = 1;
- else
- {
- only_md5 = 0;
- break;
- }
- }
-
- if( !(old_style && only_md5) ) {
+ {
const char *s;
int any = 0;
byte hashs_seen[256];
@@ -1234,8 +1182,8 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
if ( DBG_HASHING )
gcry_md_debug ( textmd, "clearsign" );
- copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
- opt.escape_from, (old_style && only_md5) );
+ copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped,
+ opt.escape_from);
/* fixme: check for read errors */
/* now write the armor */
@@ -1292,13 +1240,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval (1, opt.def_sig_expire);
+ else
+ duration = parse_expire_string (opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
@@ -1441,52 +1386,39 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
* applied (actually: dropped) when a v3 key is used. TIMESTAMP is
* the timestamp to use for the signature. 0 means "now" */
int
-make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk,
int sigclass, int digest_algo,
- int sigversion, u32 timestamp, u32 duration,
+ u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *), void *opaque,
const char *cache_nonce)
{
PKT_signature *sig;
int rc=0;
+ int sigversion;
gcry_md_hd_t md;
assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
|| sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
|| sigclass == 0x30 || sigclass == 0x28 );
- if (opt.force_v4_certs)
- sigversion = 4;
-
+ sigversion = 4;
if (sigversion < pksk->version)
sigversion = pksk->version;
- /* If you are making a signature on a v4 key using your v3 key, it
- doesn't make sense to generate a v3 sig. After all, no v3-only
- PGP implementation could understand the v4 key in the first
- place. Note that this implies that a signature on an attribute
- uid is usually going to be v4 as well, since they are not
- generally found on v3 keys. */
- if (sigversion < pk->version)
- sigversion = pk->version;
-
if( !digest_algo )
{
- /* Basically, this means use SHA1 always unless it's a v3 RSA
- key making a v3 cert (use MD5), or the user specified
- something (use whatever they said), or it's DSA (use the
- best match). They still can't pick an inappropriate hash
- for DSA or the signature will fail. Note that this still
- allows the caller of make_keysig_packet to override the
- user setting if it must. */
+ /* Basically, this means use SHA1 always unless the user
+ specified something (use whatever they said), or it's DSA
+ (use the best match). They still can't pick an
+ inappropriate hash for DSA or the signature will fail.
+ Note that this still allows the caller of
+ make_keysig_packet to override the user setting if it
+ must. */
if(opt.cert_digest_algo)
digest_algo=opt.cert_digest_algo;
- else if(pksk->pubkey_algo == PUBKEY_ALGO_RSA
- && pk->version<4 && sigversion<4)
- digest_algo = DIGEST_ALGO_MD5;
else if(pksk->pubkey_algo == PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
@@ -1533,16 +1465,14 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
if(duration)
sig->expiredate=sig->timestamp+duration;
sig->sig_class = sigclass;
- if( sig->version >= 4 )
- {
- build_sig_subpkt_from_sig( sig );
- mk_notation_policy_etc (sig, pk, pksk);
- }
+
+ build_sig_subpkt_from_sig( sig );
+ mk_notation_policy_etc (sig, pk, pksk);
/* Crucial that the call to mksubpkt comes LAST before the calls
to finalize the sig as that makes it possible for the mksubpkt
function to get a reliable pointer to the subpacket area. */
- if( sig->version >= 4 && mksubpkt )
+ if (mksubpkt)
rc = (*mksubpkt)( sig, opaque );
if( !rc ) {
@@ -1627,17 +1557,14 @@ update_keysig_packet( PKT_signature **ret_sig,
duration of 1) since build-packet.c:build_sig_subpkt_from_sig
detects this case. */
- if( sig->version >= 4 )
- {
- /* Put the updated timestamp into the sig. Note that this
- will automagically lower any sig expiration dates to
- correctly correspond to the differences in the timestamps
- (i.e. the duration will shrink). */
- build_sig_subpkt_from_sig( sig );
-
- if (mksubpkt)
- rc = (*mksubpkt)(sig, opaque);
- }
+ /* Put the updated timestamp into the sig. Note that this will
+ automagically lower any sig expiration dates to correctly
+ correspond to the differences in the timestamps (i.e. the
+ duration will shrink). */
+ build_sig_subpkt_from_sig( sig );
+
+ if (mksubpkt)
+ rc = (*mksubpkt)(sig, opaque);
if (!rc) {
hash_sigversion_to_magic (md, sig);
diff --git a/g10/textfilter.c b/g10/textfilter.c
index 14bf699..394d9c3 100644
--- a/g10/textfilter.c
+++ b/g10/textfilter.c
@@ -161,7 +161,7 @@ text_filter( void *opaque, int control,
*/
int
copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
- int escape_dash, int escape_from, int pgp2mode )
+ int escape_dash, int escape_from)
{
unsigned int maxlen;
byte *buffer = NULL; /* malloced buffer */
@@ -170,10 +170,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
int truncated = 0;
int pending_lf = 0;
- if( !opt.pgp2_workarounds )
- pgp2mode = 0;
-
- if( !escape_dash )
+ if( !escape_dash )
escape_from = 0;
write_status_begin_signing (md);
@@ -194,9 +191,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
gcry_md_putc ( md, '\n' );
}
gcry_md_write ( md, buffer,
- len_without_trailing_chars (buffer, n,
- pgp2mode?
- " \r\n":" \t\r\n"));
+ len_without_trailing_chars (buffer, n, " \t\r\n"));
}
else
gcry_md_write ( md, buffer, n );
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index 2faa4c2..b7320d5 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -24,7 +24,7 @@ dsa_usrname1="pgp5"
# we use the sub key because we do not yet have the logic to to derive
# the first encryption key from a keyblock (I guess) (Well of course
# we have this by now and the notation below will lookup the primary
-# first and the search for the encryption subkey.)
+# first and then search for the encryption subkey.)
dsa_usrname2="0xCB879DE9"
commit 2d68dc437e7de92619abe3a019b0a7606487b6bf
Author: Werner Koch
Date: Sun Oct 12 19:15:20 2014 +0200
gpg: Minor change for better readability.
* g10/build-packet.c (write_version): Remove.
(do_pubkey_enc, do_onepass_sig): Write version directly.
Signed-off-by: Werner Koch
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 7464979..af0de3b 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -52,7 +52,6 @@ static int write_header( IOBUF out, int ctb, u32 len );
static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen );
static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
-static int write_version( IOBUF out, int ctb );
/****************
* Build a packet and write it to INP
@@ -488,7 +487,8 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
int n, i;
IOBUF a = iobuf_temp();
- write_version( a, ctb );
+ iobuf_put (a, 3); /* Version. */
+
if ( enc->throw_keyid )
{
write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
@@ -1190,7 +1190,7 @@ do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
int rc = 0;
IOBUF a = iobuf_temp();
- write_version( a, ctb );
+ iobuf_put (a, 3); /* Version. */
iobuf_put(a, ops->sig_class );
iobuf_put(a, ops->digest_algo );
iobuf_put(a, ops->pubkey_algo );
@@ -1370,13 +1370,3 @@ write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
}
return 0;
}
-
-static int
-write_version (IOBUF out, int ctb)
-{
- (void)ctb;
-
- if (iobuf_put (out, 3))
- return -1;
- return 0;
-}
-----------------------------------------------------------------------
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Oct 13 15:12:58 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 13 Oct 2014 15:12:58 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-19-gfab89f1
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via fab89f159bcb36ea7285af661d5756eefa981822 (commit)
via 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0 (commit)
via c60814a5ce13932d933b363abc0c60c12783ae2f (commit)
via a2567225373a7e4e4a6eb0cba1d9ab6ff2d1330a (commit)
via 2543f0ab9c7b4247347688863f898667bae31984 (commit)
via 2d68dc437e7de92619abe3a019b0a7606487b6bf (commit)
from 54ffe2045aa4d3157f0919744210c9463594799c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fab89f159bcb36ea7285af661d5756eefa981822
Author: Werner Koch
Date: Mon Oct 13 15:00:39 2014 +0200
gpg: Remove extra RSA import status line.
* g10/import.c (stats_s): Remove field "imported_rsa".
(import_print_stats): Do not print separate value for RSA.
(import_one): Remove the RSA counter.
--
RSA is the standard key format and thus there is no more need to have
a separate counter. This is a remain from the RSA patent times.
Signed-off-by: Werner Koch
diff --git a/doc/DETAILS b/doc/DETAILS
index 311dfe3..eafd312 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -739,7 +739,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
-
-
-
- -
+ - always 0 (formerly used for the number of RSA keys)
-
-
-
diff --git a/g10/import.c b/g10/import.c
index 8f7595c..16e2b0b 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -45,7 +45,6 @@ struct stats_s {
ulong count;
ulong no_user_id;
ulong imported;
- ulong imported_rsa;
ulong n_uids;
ulong n_sigs;
ulong n_subk;
@@ -399,10 +398,8 @@ import_print_stats (void *hd)
stats->skipped_new_keys );
if( stats->no_user_id )
log_info(_(" w/o user IDs: %lu\n"), stats->no_user_id );
- if( stats->imported || stats->imported_rsa ) {
+ if( stats->imported) {
log_info(_(" imported: %lu"), stats->imported );
- if (stats->imported_rsa)
- log_printf (" (RSA: %lu)", stats->imported_rsa );
log_printf ("\n");
}
if( stats->unchanged )
@@ -431,11 +428,10 @@ import_print_stats (void *hd)
if( is_status_enabled() ) {
char buf[14*20];
- sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
+ sprintf(buf, "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
stats->count,
stats->no_user_id,
stats->imported,
- stats->imported_rsa,
stats->unchanged,
stats->n_uids,
stats->n_subk,
@@ -1022,8 +1018,6 @@ import_one (ctrl_t ctrl,
print_import_ok (pk, 1);
}
stats->imported++;
- if( is_RSA( pk->pubkey_algo ) )
- stats->imported_rsa++;
new_key = 1;
}
else { /* merge */
diff --git a/tests/openpgp/import.test b/tests/openpgp/import.test
index a58db40..783d059 100755
--- a/tests/openpgp/import.test
+++ b/tests/openpgp/import.test
@@ -43,4 +43,6 @@ $GPG --import $key1 || true
$GPG --import $key2 || true
n=$($GPG --list-keys --with-colons $fpr1 $fpr2 2>/dev/null \
| grep '^pub:.:4096:1:DDA252EBB8EBE1AF:' | wc -l)
-[ $n -ne 2 ] && error "Importing keys with long id collision failed"
+if [ $n -ne 2 ] ; then
+ error "Importing keys with long id collision failed"
+fi
commit 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0
Author: Werner Koch
Date: Mon Oct 13 14:54:26 2014 +0200
gpg: Fix informative printing of user ids.
* g10/getkey.c (keyid_list): Add field "fpr".
(cache_user_id): Store fpr and check for dups only by fpr.
(get_pubkey_byfpr): New.
(get_user_id_string): Make static and use xasprintf.
(get_long_user_id_string): Use xasprintf.
(get_user_id_byfpr): New.
(get_user_id_byfpr_native): New.
* g10/keyid.c (fingerprint_from_pk): Make arg RET_LEN optional.
* g10/import.c (import_one): Use get_user_id_byfpr_native.
--
We now cache the userids using the fingerprint. This allows to print
the correct user id for keys with a duplicated key id. We should
eventually start to retire the use of all the old keyid based
functions. However, at some places we only have the keyid and thus
some of them will need to be kept (maybe changed with an indication to
show that more than several user ids are matching).
Signed-off-by: Werner Koch
diff --git a/g10/getkey.c b/g10/getkey.c
index 707a106..4f10c18 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -74,6 +74,7 @@ static struct
typedef struct keyid_list
{
struct keyid_list *next;
+ char fpr[MAX_FINGERPRINT_LEN];
u32 keyid[2];
} *keyid_list_t;
@@ -263,6 +264,7 @@ cache_user_id (KBNODE keyblock)
keyid_list_t a = xmalloc_clear (sizeof *a);
/* Hmmm: For a long list of keyids it might be an advantage
* to append the keys. */
+ fingerprint_from_pk (k->pkt->pkt.public_key, a->fpr, NULL);
keyid_from_pk (k->pkt->pkt.public_key, a->keyid);
/* First check for duplicates. */
for (r = user_id_db; r; r = r->next)
@@ -270,8 +272,7 @@ cache_user_id (KBNODE keyblock)
keyid_list_t b = r->keyids;
for (b = r->keyids; b; b = b->next)
{
- if (b->keyid[0] == a->keyid[0]
- && b->keyid[1] == a->keyid[1])
+ if (!memcmp (b->fpr, a->fpr, MAX_FINGERPRINT_LEN))
{
if (DBG_CACHE)
log_debug ("cache_user_id: already in cache\n");
@@ -950,6 +951,34 @@ get_pubkey_end (GETKEY_CTX ctx)
}
+/* Search for a key with the given standard fingerprint. In contrast
+ * to get_pubkey_byfprint we assume a right padded fingerprint of the
+ * standard length. PK may be NULL to only put the result into the
+ * internal caches. */
+gpg_error_t
+get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr)
+{
+ gpg_error_t err;
+ struct getkey_ctx_s ctx;
+ kbnode_t kb = NULL;
+
+ memset (&ctx, 0, sizeof ctx);
+ ctx.exact = 1;
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new ();
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_FPR;
+ memcpy (ctx.items[0].u.fpr, fpr, MAX_FINGERPRINT_LEN);
+ err = lookup (&ctx, &kb, 0);
+ if (!err && pk)
+ pk_from_block (&ctx, pk, kb);
+ release_kbnode (kb);
+ get_pubkey_end (&ctx);
+
+ return err;
+}
+
+
/* Search for a key with the given fingerprint.
* FIXME:
* We should replace this with the _byname function. This can be done
@@ -2687,11 +2716,10 @@ enum_secret_keys (void **context, PKT_public_key *sk)
/* Return a string with a printable representation of the user_id.
* this string must be freed by xfree. */
-char *
+static char *
get_user_id_string (u32 * keyid)
{
user_id_db_t r;
- char *p;
int pass = 0;
/* Try it two times; second pass reads from key resources. */
do
@@ -2703,17 +2731,13 @@ get_user_id_string (u32 * keyid)
{
if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
{
- p = xmalloc (keystrlen () + 1 + r->len + 1);
- sprintf (p, "%s %.*s", keystr (keyid), r->len, r->name);
- return p;
+ return xasprintf ("%s %.*s", keystr (keyid), r->len, r->name);
}
}
}
}
while (++pass < 2 && !get_pubkey (NULL, keyid));
- p = xmalloc (keystrlen () + 5);
- sprintf (p, "%s [?]", keystr (keyid));
- return p;
+ return xasprintf ("%s [?]", keystr (keyid));
}
@@ -2731,33 +2755,30 @@ char *
get_long_user_id_string (u32 * keyid)
{
user_id_db_t r;
- char *p;
+ keyid_list_t a;
int pass = 0;
/* Try it two times; second pass reads from key resources. */
do
{
for (r = user_id_db; r; r = r->next)
{
- keyid_list_t a;
for (a = r->keyids; a; a = a->next)
{
if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
{
- p = xmalloc (r->len + 20);
- sprintf (p, "%08lX%08lX %.*s",
- (ulong) keyid[0], (ulong) keyid[1],
- r->len, r->name);
- return p;
+ return xasprintf ("%08lX%08lX %.*s",
+ (ulong) keyid[0], (ulong) keyid[1],
+ r->len, r->name);
}
}
}
}
while (++pass < 2 && !get_pubkey (NULL, keyid));
- p = xmalloc (25);
- sprintf (p, "%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
- return p;
+ return xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
}
+
+/* Please try to use get_user_id_native instead of this one. */
char *
get_user_id (u32 * keyid, size_t * rn)
{
@@ -2792,6 +2813,7 @@ get_user_id (u32 * keyid, size_t * rn)
return p;
}
+/* Please try to use get_user_id_byfpr_native instead of this one. */
char *
get_user_id_native (u32 * keyid)
{
@@ -2802,6 +2824,55 @@ get_user_id_native (u32 * keyid)
return p2;
}
+
+/* Return a user id from the caching by looking it up using the FPR
+ which mustbe of size MAX_FINGERPRINT_LEN. */
+char *
+get_user_id_byfpr (const byte *fpr, size_t *rn)
+{
+ user_id_db_t r;
+ char *p;
+ int pass = 0;
+
+ /* Try it two times; second pass reads from key resources. */
+ do
+ {
+ for (r = user_id_db; r; r = r->next)
+ {
+ keyid_list_t a;
+ for (a = r->keyids; a; a = a->next)
+ {
+ if (!memcmp (a->fpr, fpr, MAX_FINGERPRINT_LEN))
+ {
+ /* An empty string as user id is possible. Make
+ sure that the malloc allocates one byte and does
+ not bail out. */
+ p = xmalloc (r->len? r->len : 1);
+ memcpy (p, r->name, r->len);
+ *rn = r->len;
+ return p;
+ }
+ }
+ }
+ }
+ while (++pass < 2 && !get_pubkey_byfpr (NULL, fpr));
+ p = xstrdup (user_id_not_found_utf8 ());
+ *rn = strlen (p);
+ return p;
+}
+
+char *
+get_user_id_byfpr_native (const byte *fpr)
+{
+ size_t rn;
+ char *p = get_user_id_byfpr (fpr, &rn);
+ char *p2 = utf8_to_native (p, rn, 0);
+ xfree (p);
+ return p2;
+}
+
+
+
KEYDB_HANDLE
get_ctx_handle (GETKEY_CTX ctx)
{
diff --git a/g10/gpg.h b/g10/gpg.h
index 3251dd0..ce4d253 100644
--- a/g10/gpg.h
+++ b/g10/gpg.h
@@ -37,7 +37,8 @@
/* Number of bits we accept when reading or writing MPIs. */
#define MAX_EXTERN_MPI_BITS 16384
-/* The maximum length of a binary fingerprints. */
+/* The maximum length of a binary fingerprints.
+ Warning: At some places we still use 20 instead of this macro. */
#define MAX_FINGERPRINT_LEN 20
diff --git a/g10/import.c b/g10/import.c
index be2fd63..8f7595c 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1009,9 +1009,9 @@ import_one (ctrl_t ctrl,
/* we are ready */
if( !opt.quiet && !silent)
{
- char *p=get_user_id_native (keyid);
- log_info( _("key %s: public key \"%s\" imported\n"),
- keystr(keyid),p);
+ char *p = get_user_id_byfpr_native (fpr2);
+ log_info (_("key %s: public key \"%s\" imported\n"),
+ keystr(keyid), p);
xfree(p);
}
if( is_status_enabled() )
@@ -1094,7 +1094,7 @@ import_one (ctrl_t ctrl,
/* we are ready */
if( !opt.quiet && !silent)
{
- char *p=get_user_id_native(keyid);
+ char *p = get_user_id_byfpr_native (fpr2);
if( n_uids == 1 )
log_info( _("key %s: \"%s\" 1 new user ID\n"),
keystr(keyid),p);
@@ -1145,7 +1145,7 @@ import_one (ctrl_t ctrl,
if( !opt.quiet && !silent)
{
- char *p=get_user_id_native(keyid);
+ char *p = get_user_id_byfpr_native (fpr2);
log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
xfree(p);
}
diff --git a/g10/keydb.h b/g10/keydb.h
index 55f8fc2..c61e0ae 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -222,6 +222,7 @@ int get_pubkey_bynames( GETKEY_CTX *rx, PKT_public_key *pk,
int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock );
void get_pubkey_end( GETKEY_CTX ctx );
gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid);
+gpg_error_t get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr);
int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint,
size_t fprint_len );
int get_pubkey_byfprint_fast (PKT_public_key *pk,
@@ -252,11 +253,12 @@ gpg_error_t enum_secret_keys (void **context, PKT_public_key *pk);
void setup_main_keyids (kbnode_t keyblock);
void merge_keys_and_selfsig( KBNODE keyblock );
-char*get_user_id_string( u32 *keyid );
char*get_user_id_string_native( u32 *keyid );
char*get_long_user_id_string( u32 *keyid );
char*get_user_id( u32 *keyid, size_t *rn );
char*get_user_id_native( u32 *keyid );
+char *get_user_id_byfpr (const byte *fpr, size_t *rn);
+char *get_user_id_byfpr_native (const byte *fpr);
KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
void release_akl(void);
int parse_auto_key_locate(char *options);
diff --git a/g10/keyid.c b/g10/keyid.c
index 3b4c10c..8b4eeb1 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -767,7 +767,8 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
gcry_md_close( md);
}
- *ret_len = len;
+ if (ret_len)
+ *ret_len = len;
return array;
}
commit c60814a5ce13932d933b363abc0c60c12783ae2f
Author: Werner Koch
Date: Mon Oct 13 14:01:29 2014 +0200
gpg: Allow importing keys with duplicated long key ids.
* g10/keydb.c (keydb_handle): Add field no_caching.
(keyblock_cache): Repalce field kid by fpr.
(keydb_disable_caching): New.
(keydb_search): Use the fingerprint as cache index.
* g10/import.c (import_one): Use the fingerprint and not the kid to
lookup the key. Call keydb_disable_caching beofre re-searching for
update.
* tests/openpgp/import.test: Add a test case.
Signed-off-by: Werner Koch
diff --git a/g10/import.c b/g10/import.c
index ca35ce1..be2fd63 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -855,12 +855,15 @@ import_one (ctrl_t ctrl,
PKT_public_key *pk_orig;
KBNODE node, uidnode;
KBNODE keyblock_orig = NULL;
+ byte fpr2[MAX_FINGERPRINT_LEN];
+ size_t fpr2len;
u32 keyid[2];
int rc = 0;
int new_key = 0;
int mod_key = 0;
int same_key = 0;
int non_self = 0;
+ size_t an;
char pkstrbuf[PUBKEY_STRING_SIZE];
/* get the key and print some info about it */
@@ -870,6 +873,9 @@ import_one (ctrl_t ctrl,
pk = node->pkt->pkt.public_key;
+ fingerprint_from_pk (pk, fpr2, &fpr2len);
+ for (an = fpr2len; an < MAX_FINGERPRINT_LEN; an++)
+ fpr2[an] = 0;
keyid_from_pk( pk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
@@ -957,7 +963,7 @@ import_one (ctrl_t ctrl,
/* do we have this key already in one of our pubrings ? */
pk_orig = xmalloc_clear( sizeof *pk_orig );
- rc = get_pubkey_fast ( pk_orig, keyid );
+ rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len);
if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY )
{
if (!silent)
@@ -1033,17 +1039,11 @@ import_one (ctrl_t ctrl,
goto leave;
}
- /* now read the original keyblock */
+ /* Now read the original keyblock again so that we can use
+ that handle for updating the keyblock. */
hd = keydb_new ();
- {
- byte afp[MAX_FINGERPRINT_LEN];
- size_t an;
-
- fingerprint_from_pk (pk_orig, afp, &an);
- while (an < MAX_FINGERPRINT_LEN)
- afp[an++] = 0;
- rc = keydb_search_fpr (hd, afp);
- }
+ keydb_disable_caching (hd);
+ rc = keydb_search_fpr (hd, fpr2);
if( rc )
{
log_error (_("key %s: can't locate original keyblock: %s\n"),
@@ -1051,7 +1051,7 @@ import_one (ctrl_t ctrl,
keydb_release (hd);
goto leave;
}
- rc = keydb_get_keyblock (hd, &keyblock_orig );
+ rc = keydb_get_keyblock (hd, &keyblock_orig);
if (rc)
{
log_error (_("key %s: can't read original keyblock: %s\n"),
diff --git a/g10/keydb.c b/g10/keydb.c
index a9a9753..c192e06 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -68,6 +68,7 @@ struct keydb_handle
int locked;
int found;
unsigned long skipped_long_blobs;
+ int no_caching;
int current;
int used; /* Number of items in ACTIVE. */
struct resource_item active[MAX_KEYDB_RESOURCES];
@@ -75,7 +76,7 @@ struct keydb_handle
/* This is a simple cache used to return the last result of a
- successful long kid search. This works only for keybox resources
+ successful fingerprint search. This works only for keybox resources
because (due to lack of a copy_keyblock function) we need to store
an image of the keyblock which is fortunately instantly available
for keyboxes. */
@@ -87,7 +88,7 @@ enum keyblock_cache_states {
struct {
enum keyblock_cache_states state;
- u32 kid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
iobuf_t iobuf; /* Image of the keyblock. */
u32 *sigstatus;
int pk_no;
@@ -570,6 +571,7 @@ keydb_new (void)
return hd;
}
+
void
keydb_release (KEYDB_HANDLE hd)
{
@@ -600,6 +602,17 @@ keydb_release (KEYDB_HANDLE hd)
}
+/* Set a flag on handle to not use cached results. This is required
+ for updating a keyring. Fixme: Using a new parameter for keydb_new
+ might be a better solution. */
+void
+keydb_disable_caching (KEYDB_HANDLE hd)
+{
+ if (hd)
+ hd->no_caching = 1;
+}
+
+
/*
* Return the name of the current resource. This is function first
* looks for the last found found, then for the current search
@@ -1407,10 +1420,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (DBG_CACHE)
dump_search_desc ("keydb_search", desc, ndesc);
- if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
+ if (!hd->no_caching
+ && ndesc == 1
+ && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[0].mode == KEYDB_SEARCH_MODE_FPR)
&& keyblock_cache.state == KEYBLOCK_CACHE_FILLED
- && keyblock_cache.kid[0] == desc[0].u.kid[0]
- && keyblock_cache.kid[1] == desc[0].u.kid[1])
+ && !memcmp (keyblock_cache.fpr, desc[0].u.fpr, 20))
{
/* (DESCINDEX is already set). */
if (DBG_CLOCK)
@@ -1450,11 +1465,13 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
: rc);
keyblock_cache_clear ();
- if (!rc && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ if (!hd->no_caching
+ && !rc
+ && ndesc == 1 && (desc[0].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[0].mode == KEYDB_SEARCH_MODE_FPR))
{
keyblock_cache.state = KEYBLOCK_CACHE_PREPARED;
- keyblock_cache.kid[0] = desc[0].u.kid[0];
- keyblock_cache.kid[1] = desc[0].u.kid[1];
+ memcpy (keyblock_cache.fpr, desc[0].u.fpr, 20);
}
if (DBG_CLOCK)
diff --git a/g10/keydb.h b/g10/keydb.h
index 78d151a..55f8fc2 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -135,6 +135,7 @@ gpg_error_t keydb_add_resource (const char *url, unsigned int flags);
KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
+void keydb_disable_caching (KEYDB_HANDLE hd);
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
diff --git a/tests/openpgp/import.test b/tests/openpgp/import.test
index eb6860e..a58db40 100755
--- a/tests/openpgp/import.test
+++ b/tests/openpgp/import.test
@@ -31,3 +31,16 @@ if $GPG --list-keys --with-colons $keyid \
else
error "$goodkey: import failed (bug 1223)"
fi
+
+
+key1=$srcdir/samplekeys/dda252ebb8ebe1af-1.asc
+key2=$srcdir/samplekeys/dda252ebb8ebe1af-2.asc
+fpr1=9E669861368BCA0BE42DAF7DDDA252EBB8EBE1AF
+fpr2=A55120427374F3F7AA5F1166DDA252EBB8EBE1AF
+info "Checking import of two keys with colliding long key ids."
+$GPG --delete-key --batch --yes $fpr1 $fpr2 2>/dev/null || true
+$GPG --import $key1 || true
+$GPG --import $key2 || true
+n=$($GPG --list-keys --with-colons $fpr1 $fpr2 2>/dev/null \
+ | grep '^pub:.:4096:1:DDA252EBB8EBE1AF:' | wc -l)
+[ $n -ne 2 ] && error "Importing keys with long id collision failed"
commit a2567225373a7e4e4a6eb0cba1d9ab6ff2d1330a
Author: Werner Koch
Date: Mon Oct 13 13:56:47 2014 +0200
tests: Add sample keys with colliding long keu ids.
--
Thanks to David Leon Gil who posted these keys to
openpgp at ietf.org on Fri, 13 Dec 2013 07:09:54 -0800 (PST).
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index cc28027..a6eda61 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -68,7 +68,9 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \
samplekeys/ecc-sample-2-sec.asc \
samplekeys/ecc-sample-3-sec.asc \
samplekeys/eddsa-sample-1-pub.asc \
- samplekeys/eddsa-sample-1-sec.asc
+ samplekeys/eddsa-sample-1-sec.asc \
+ samplekeys/dda252ebb8ebe1af-1.asc \
+ samplekeys/dda252ebb8ebe1af-2.asc
EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \
mkdemodirs signdemokey $(priv_keys) $(sample_keys)
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index c30345f..6f8f916 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -8,3 +8,5 @@ ecc-sample-3-pub.asc A NIST P-521 ECC sample key.
ecc-sample-3-sec.asc Ditto, but the secret keyblock.
eddsa-sample-1-pub.asc An Ed25519 sample key.
eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock.
+dda252ebb8ebe1af-1.asc rsa4096 key 1
+dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision.
diff --git a/tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc b/tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc
new file mode 100644
index 0000000..ddae954
--- /dev/null
+++ b/tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+
+mQINBFJtd/UBEACpw/psXoGNM8RHczviD7FnGdjMQPEJQ+nuWQ2AEGYouulg5hFv
+0ChuSQVLiqQht2k5K2liyW1MeXoJ8tr9nSn/Zi9nttc0Wo6K7pvrDD40r2HNg305
+qLCzItr5st3x8cq2cIXvN4LOm2rqpBLZ/sqMmNiW2Y7/aAQqV1xtR35joHqamWHD
+UPOmzBMs07YSUjXgC1EMx8kWQSV6cuARj93kxWj8R6eoYHHfrWCEGR313wov6QST
+zIfVU7FqQqOmdLW3LaPHxcrI/TjsnkUN99qdlpjJH/YW925LDPJHAkliqPP5AvhU
+F9KbY2F8mcIZBCDd8TH+xXynuN3BbIU4kCwVbdx/tcpO1npuJcKB1Go/udyow/Ei
+Z3nHzJsCVkezvopek77wnwPaP0nAb7f4iIY3gJCoGirOx6N075TgF6MBe00q9oFE
+y4rvnUnU9/QzOOes95eUMhM+9eK1cuLFEV5t47DfxRdq+fQip3FJ2l6v19sZvQ0G
+j06pjYqg0of273rG8oXcDrFjb1Zqhj8x1mLl6u7d/ide5wTm9HylBWcYKQjIJJAi
+WIScxEPIOINDJKgsKTuKtoyNvISJ3xUeS1yzxiIb3YGLIyPgFFx0vFyqJfbkXq70
+m1n2xnJlkTidfzbZvc6EA7vRGSDYK6FqqhlGhc7UypUEVW8FM/jZNAOS6QARAUGt
+tCg5RTY2OTg2MTM2OEJDQTBCRTQyREFGN0REREEyNTJFQkI4RUJFMUFGiQI3BBMB
+CgAhBQJSg/uTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEN2iUuu46+Gv
++Z0P+wQhkLwm+WGcEsS98Lei9O7hit/k4g/VkLUUQV7BOR3n8uRZIFkdOtpvrFU3
+aKf246uCy6GM48Oh+1U2cv5InX/WEuKaFo5uF6t79wyt18BUn1weDcU+DQdOSG4f
+fSnNa55wkN0l0svW4fGIthjmDTz6HZFntYD+9A20wZAqpPIs+vyG9Jp+e9E9Y/W/
+EFQbNlxHHb9+BMT2+DtNP+HSl3MPFlQPKOLZxyLAU5uzT0Sa0LxhrQy5FgkW6Jog
+sbAJVM9z0pZw+grzGPciM66ZW1rxeICvbYsdWLytRjqxpY8GS8XudyseUGd+dZim
+ptarsrE5yfSMg2gW5Z1PTc0tEMXJLUwtpyzQjpFpbb7dPuo2TUp09LgZKX63WCbS
+Nb1RTaGfkeYudOTo2rh4Jfg+Tb/JRpO6clo0rxAq8nPH2WmG+9TB8Zbb7YRzGWuV
+/e5SeVNR+zY8tXZKnmUIH1HIprc+BtT6Bupdvd0CT14Mg9MmsFvUXofwHLa4gahr
+8/iG9y3uHSA6Rhz++yOpyOmNvO1LDxsYNaRCIXQJbqgNwF5YNYlMPsEeY/CG7FOb
+Afv7rHiYtRRQfz2P4OF900DJO7QL9gdNXJ1+Hajy/5Lvvl7qwqMG4GvVQEsgFc5O
+jjFCUhE2i20j2kEMxvA5RLBH/fOoGARn87tiKSfb+pqLNZQb
+=fDJ8
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc b/tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc
new file mode 100644
index 0000000..8547463
--- /dev/null
+++ b/tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+
+mQINBFKD+38BEADSv5l4xOx9hCRJVcybq6yK5hTpGSFf3xo1bkhoMvyC62ehb4jD
+MDLwwNRyzCBEWQJLbq/LLizPFN2qXFJpXJcsuqsHNYRtDqDBEjtriRQwSqHnqTXt
+c0K46FYHldCJQ4/tBXxPI+WwtXjcNRWaV7n2BvR/Jk+B5e4Zz3LPnN0C4w5vORHs
+hN1jil8A3Hs/F+OmlQYrU8ZtNwTpSo2EXxe2fVgSDCsKRyNsPZj++OyujPzW+yaN
+lJ9I/q6s9gvX9o9o7nwZbqBETipWsdRK6RfBdTKpnyLNordbWwWTk6GxN8T5Ppit
+P6a3UlQ71VuflcswCTmEQ1pEfZrlRFKa9psBOW+cZLNxT9h0jGFMh6/B3w48Sag+
+cFcPBFWParC+cAXBIURDxT9G6bzNLogg7YKoaPsyiXnLDH2VJUCXs27D2wPJL24Q
+S7npvsg63MPPssWgG5cauLznmNR4y5pQi6oH/C10v0zrUJy6FPJzQhYRhWOvhtz6
+j88RGMrFNNCdB2VACtn699D+ixu3nRlXHIKCT+xLSfgslVYifmJOCNljBLGHOQ1e
+FJxQuNVpmmxjvk/8kqK+pHLB9Qn6M1ZYzip7OyUL3OAWabCabgEw2bQmUhiBWD3u
+buv0WAVOJEAFvBCAeYNQzrQMY+Rc3RnvynG4pI6Tbo8wC6/IJcDOw516JwARASB3
+tChBNTUxMjA0MjczNzRGM0Y3QUE1RjExNjZEREEyNTJFQkI4RUJFMUFGiQI3BBMB
+CgAhBQJSg/uTAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEN2iUuu46+Gv
+9L0P/3tFu0LOZ/dAPjUNfKJCZqcIuVnD5xShMTsUbVx+QoXMy7rt4iRLD7ofGi/I
+vTAZehxk3sk/Slx5nbews+3NItyw6mcaP9HlmwKNr6k7BC2kJHcCxH4DNzhmIx1H
+3T/CggtHX42JBYKlGf22y+M8jAbvsPOUfTznx96mYNrOY6s1dJyn0kRleqJ8+tGj
+/5+0y90iZnGCa0FtacQkKUPkXwVodeZVxk8z5OEipShYKc+8dl+5WsvOzHqLC/KY
+xCGRb4JaqEMwouLNg8dTNAXXUvFGqJNDX4+andggogmI1hdD9xExfSU9cAGegg2t
+vvveC4S+CCHd+zt88iK5ze6F61RxwYhhNbkuFGjdgNGCpHtG/BQhKnYJuKEbq3oi
+mgNyxJERlfgaWXveiMG0AmACXN+jCkTtqZjQnsg2N2QDL3tjY7usmuiwRL1aVOFG
+Kw5/Cc+2nDeANS3Xi1403Ni269b1c6kNSoLe4zd0WsbO3Kouds8F8EQfeheXQe97
+ZxuvBOMsR9wHC3f0sl/vfxCGdUC+khmKk5taKnUeUFJmVmh5ghlVy8FySHGB0QHO
+zd8GUl59rFpQJNpNFQW2YKDhrcjxIr2AeJrdoDI6NsQ02+Qtep/bbq53hqtAD4jF
+t3S8vBbTXtRk6g2qn4ojF4SOIc8SAiZcURgVFuSJX8ngFbO4
+=OEw/
+-----END PGP PUBLIC KEY BLOCK-----
commit 2543f0ab9c7b4247347688863f898667bae31984
Author: Werner Koch
Date: Mon Oct 13 11:45:34 2014 +0200
tests: Speed up conventional encryption tests for gpg.
* tests/openpgp/conventional-mdc.test: Add an s2k-count option.
* tests/openpgp/conventional.test: Ditto.
--
Due to measuring the iteration count for the passphrase hashing, the
conventional encryption tests are running quite slow. This patch
fixes it by using a fixed and lower value for the iteration count.
Signed-off-by: Werner Koch
diff --git a/tests/openpgp/conventional-mdc.test b/tests/openpgp/conventional-mdc.test
index 15b525f..744e11e 100755
--- a/tests/openpgp/conventional-mdc.test
+++ b/tests/openpgp/conventional-mdc.test
@@ -10,6 +10,10 @@
. $srcdir/defs.inc || exit 3
+# We use use a lower than default value for the S2K count to run the
+# tests faster. We used a fixed value of 65536 already the past.
+s2k="--s2k-count=65536"
+
#info Checking conventional encryption
for ciph in `all_cipher_algos`; do
progress "$ciph"
@@ -20,9 +24,9 @@ for ciph in `all_cipher_algos`; do
else
dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
fi
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k \
--force-mdc --cipher $ciph -c -o x --yes z
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k \
-o y --yes x
cmp z y || error "$ciph/$i: mismatch"
done
diff --git a/tests/openpgp/conventional.test b/tests/openpgp/conventional.test
index 5028b29..30c9ba0 100755
--- a/tests/openpgp/conventional.test
+++ b/tests/openpgp/conventional.test
@@ -10,19 +10,23 @@
. $srcdir/defs.inc || exit 3
+# We use use a lower than default value for the S2K count to run the
+# tests faster. We used a fixed value of 65536 already the past.
+s2k="--s2k-count=65536"
+
#info Checking conventional encryption
for i in plain-2 data-32000 ; do
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -c -o x --yes $i
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -c -o x --yes $i
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -o y --yes x
cmp $i y || error "$i: mismatch"
done
for a in `all_cipher_algos`; do
progress "$a"
for i in plain-1 data-80000 ; do
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 \
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k \
--cipher-algo $a -c -o x --yes $i
- echo "Hier spricht HAL" | $GPG --passphrase-fd 0 -o y --yes x
+ echo "Hier spricht HAL" | $GPG --passphrase-fd 0 $s2k -o y --yes x
cmp $i y || error "$i: ($a) mismatch"
done
done
-----------------------------------------------------------------------
Summary of changes:
doc/DETAILS | 2 +-
g10/build-packet.c | 16 +---
g10/getkey.c | 111 +++++++++++++++++++----
g10/gpg.h | 3 +-
g10/import.c | 44 ++++-----
g10/keydb.c | 33 +++++--
g10/keydb.h | 5 +-
g10/keyid.c | 3 +-
tests/openpgp/Makefile.am | 4 +-
tests/openpgp/conventional-mdc.test | 8 +-
tests/openpgp/conventional.test | 12 ++-
tests/openpgp/import.test | 15 +++
tests/openpgp/samplekeys/README | 2 +
tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc | 29 ++++++
tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc | 29 ++++++
15 files changed, 239 insertions(+), 77 deletions(-)
create mode 100644 tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc
create mode 100644 tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Oct 13 15:16:46 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 13 Oct 2014 15:16:46 +0200
Subject: [git] GnuPG - branch, wk/test-master,
updated. gnupg-2.1.0-beta864-21-gbf91c4c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, wk/test-master has been updated
via bf91c4c8d50ba6fc9ab06f79b02c01389e337c5e (commit)
via fab89f159bcb36ea7285af661d5756eefa981822 (commit)
via 21c0ea6bafafbcc4a2e07f0ac76275cc0229e9a0 (commit)
via c60814a5ce13932d933b363abc0c60c12783ae2f (commit)
via a2567225373a7e4e4a6eb0cba1d9ab6ff2d1330a (commit)
via 2543f0ab9c7b4247347688863f898667bae31984 (commit)
from bb961e062bbf1011ef3430afdf2075561ba400ab (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bf91c4c8d50ba6fc9ab06f79b02c01389e337c5e
Merge: bb961e0 fab89f1
Author: Werner Koch
Date: Mon Oct 13 15:13:44 2014 +0200
Merge branch 'master' into wk/test-master
diff --cc g10/keyid.c
index f1fbec2,8b4eeb1..662806b
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@@ -680,22 -706,69 +680,23 @@@ colon_expirestr_from_sig (PKT_signatur
byte *
fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
{
- byte *buf;
const byte *dp;
- size_t len, nbytes;
- int i;
-
- if ( pk->version < 4 )
- {
- if ( is_RSA(pk->pubkey_algo) )
- {
- /* RSA in version 3 packets is special. */
- gcry_md_hd_t md;
-
- if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
- BUG ();
- if ( pubkey_get_npkey (pk->pubkey_algo) > 1 )
- {
- for (i=0; i < 2; i++)
- {
- if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
- &nbytes, pk->pkey[i]))
- BUG ();
- /* fixme: Better allocate BUF on the stack */
- buf = xmalloc (nbytes);
- if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
- NULL, pk->pkey[i]))
- BUG ();
- gcry_md_write (md, buf, nbytes);
- xfree (buf);
- }
- }
- gcry_md_final (md);
- if (!array)
- array = xmalloc (16);
- len = 16;
- memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
- gcry_md_close(md);
- }
- else
- {
- if (!array)
- array = xmalloc(16);
- len = 16;
- memset (array,0,16);
- }
- }
- else
- {
- gcry_md_hd_t md;
+ size_t len;
+ gcry_md_hd_t md;
- md = do_fingerprint_md(pk);
- dp = gcry_md_read( md, 0 );
- len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
- assert( len <= MAX_FINGERPRINT_LEN );
- if (!array)
- array = xmalloc ( len );
- memcpy (array, dp, len );
- pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
- pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
- gcry_md_close( md);
- }
+ md = do_fingerprint_md(pk);
+ dp = gcry_md_read( md, 0 );
+ len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+ assert( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc ( len );
+ memcpy (array, dp, len );
+ pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ gcry_md_close( md);
- *ret_len = len;
+ if (ret_len)
+ *ret_len = len;
return array;
}
-----------------------------------------------------------------------
Summary of changes:
doc/DETAILS | 2 +-
g10/getkey.c | 111 +++++++++++++++++++----
g10/gpg.h | 3 +-
g10/import.c | 44 ++++-----
g10/keydb.c | 33 +++++--
g10/keydb.h | 5 +-
g10/keyid.c | 3 +-
tests/openpgp/Makefile.am | 4 +-
tests/openpgp/conventional-mdc.test | 8 +-
tests/openpgp/conventional.test | 12 ++-
tests/openpgp/import.test | 15 +++
tests/openpgp/samplekeys/README | 2 +
tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc | 29 ++++++
tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc | 29 ++++++
14 files changed, 236 insertions(+), 64 deletions(-)
create mode 100644 tests/openpgp/samplekeys/dda252ebb8ebe1af-1.asc
create mode 100644 tests/openpgp/samplekeys/dda252ebb8ebe1af-2.asc
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Oct 13 19:30:10 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 13 Oct 2014 19:30:10 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 0862f792100b1e7d73466592b6922e12aba0cb28
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 0862f792100b1e7d73466592b6922e12aba0cb28 (commit)
from 1e43180ee23ec011709494f906b19125cc39538f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0862f792100b1e7d73466592b6922e12aba0cb28
Author: Werner Koch
Date: Mon Oct 13 19:30:18 2014 +0200
tools: Send a thank you mail for payproc received donations.
diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh
index 86697ad..f1156c5 100755
--- a/tools/append-to-donors.sh
+++ b/tools/append-to-donors.sh
@@ -1,11 +1,17 @@
#!/bin/sh
# append-to-donors.sh
-# Append new names from the payproc journal tothe donros file.
+# Append new names from the payproc journal to the donors file
+# and send a Thank You mail.
pgm="append-to-donors.sh"
set -e
PATH=/usr/local/bin:$PATH
+SENDMAIL="/usr/sbin/sendmail"
+LC_ALL=C
+LC_CTYPE=C
+RFCDATE="$(date -R)"
+SIGDELIM="-- "
htdocs="/var/www/www/www.gnupg.org/htdocs"
@@ -25,6 +31,76 @@ fi
trap "rm -f $LOCKFILE" 0
+# Send a thank you mail
+# Uses these variables:
+# amount - The amount of the donation
+# currency - The currency for the amount
+# euro - The amount cinvertet to Euro
+# xmail - The mailbox
+# name - The name or empty for an anonymous donation
+# message - The message to us or empty
+# Used scratch variables:
+# upcurrency
+# ineuro
+#
+# FIXME: Clean message and name and use an appropriate encoding.
+# The second mail should actually be encrypted. In fact
+# we would better try to encrypt also the first mail. Add a
+# pubkey field to the donation page?
+#
+send_thanks () {
+ upcurrency=$(echo $currency | tr [a-z] [A-Z])
+ if [ "$upcurrency" = EUR ]; then
+ ineuro=
+ else
+ ineuro=" (about $euro EUR)"
+ fi
+ ( cat < $lastline" -Stype=C -Saccount==1 \
--html --print "$journal_dir/journal-$jdate.log" \
- | while IFS=: read lnr datestr name rest; do
+ | while IFS=: read lnr datestr name message \
+ xmail amount currency euro rest; do
+ name=$(echo "$name" | tr \`\$: ...)
+ message=$(echo "$message" | tr \`\$ ..)
+ xmail=$(echo "$xmail" | tr \`\$ ..)
if [ -n "$name" ]; then
+ # Note that we removed colons from $name
echo "$jyear:$datestr:$name::$lnr:" >> "$donors.tmp"
fi
+ send_thanks
done
fi
done
-----------------------------------------------------------------------
Summary of changes:
tools/append-to-donors.sh | 89 +++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 86 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 15 12:48:07 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 15 Oct 2014 12:48:07 +0200
Subject: [git] GPGME - branch, bjk/master, created. gpgme-1.5.1-11-g4027a0a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, bjk/master has been created
at 4027a0a89724df3aeef8a964c529548d724b6a5a (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 15 15:25:35 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 15 Oct 2014 15:25:35 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.17-1-g99c8336
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 99c8336aa6ee571c6305d121c55e987fa37e3882 (commit)
from 1d9e4c29fc23da64f964ed3337cd18429e1a2964 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 99c8336aa6ee571c6305d121c55e987fa37e3882
Author: Werner Koch
Date: Wed Oct 15 15:25:41 2014 +0200
Post release updates.
--
diff --git a/NEWS b/NEWS
index 255509b..3404f7d 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.18 (unreleased) [C13/A13/R_]
+-----------------------------------------------
+
+
Noteworthy changes in version 1.17 (2014-10-15) [C13/A13/R0]
-----------------------------------------------
diff --git a/configure.ac b/configure.ac
index bb1071a..9683c81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.11"
# another commit, and a push so that the git magic is able to work.
# See below for the LT versions.
m4_define([mym4_version_major], [1])
-m4_define([mym4_version_minor], [17])
+m4_define([mym4_version_minor], [18])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
configure.ac | 2 +-
2 files changed, 5 insertions(+), 1 deletion(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 16 21:34:16 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 16 Oct 2014 21:34:16 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 971c62e094e2145f5bba47812229246f478edc23
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 971c62e094e2145f5bba47812229246f478edc23 (commit)
via 3090737ffb231261c9aa02352756e4b88edee2e2 (commit)
from 0862f792100b1e7d73466592b6922e12aba0cb28 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 971c62e094e2145f5bba47812229246f478edc23
Author: Werner Koch
Date: Thu Oct 16 21:34:26 2014 +0200
swdb: Update libgpg-error to 1.17.
diff --git a/web/swdb.mac b/web/swdb.mac
index 3392047..e441330 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -92,9 +92,9 @@
#
# LIBGPG-ERROR
#
-#+macro: libgpg_error_ver 1.16
-#+macro: libgpg_error_size 534k
-#+macro: libgpg_error_sha1 059c40a2b78c3ac2b4cbec0e0481faba5af332fe
+#+macro: libgpg_error_ver 1.17
+#+macro: libgpg_error_size 654k
+#+macro: libgpg_error_sha1 ba5858b2947e7272dd197c87bac9f32caf29b256
#
commit 3090737ffb231261c9aa02352756e4b88edee2e2
Author: Werner Koch
Date: Thu Oct 16 21:33:32 2014 +0200
web: Allow publishing of donation stats.
* tools/append-to-donors.sh: Create donations summaray file.
* tools/mkkudos.sh: Add new template for this months donations.
* web/donate/kudos.org: Add a line wit the current donations.
--
This requires the latest payproc version.
diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh
index f1156c5..492ab32 100755
--- a/tools/append-to-donors.sh
+++ b/tools/append-to-donors.sh
@@ -16,6 +16,8 @@ SIGDELIM="-- "
htdocs="/var/www/www/www.gnupg.org/htdocs"
donors="$htdocs/donate/donors.dat"
+donations="$htdocs/donate/donations.dat"
+
journal_dir="/var/log/payproc"
LOCKFILE="$donors.lock"
@@ -28,7 +30,7 @@ if ! lockfile -l 7200 -r 2 $LOCKFILE; then
echo "$pgm: another instance is still running"
exit 0
fi
-trap "rm -f $LOCKFILE" 0
+trap "rm -f $LOCKFILE $donors.tmp $donors.stamp" 0
# Send a thank you mail
@@ -42,6 +44,7 @@ trap "rm -f $LOCKFILE" 0
# Used scratch variables:
# upcurrency
# ineuro
+# xamount
#
# FIXME: Clean message and name and use an appropriate encoding.
# The second mail should actually be encrypted. In fact
@@ -53,8 +56,9 @@ send_thanks () {
if [ "$upcurrency" = EUR ]; then
ineuro=
else
- ineuro=" (about $euro EUR)"
+ ineuro=" (about $(echo $euro| awk '{print int($0 + 0.5)}') EUR)"
fi
+ xamount="$(echo $amount| awk '{print int($0 + 0.5)}')"
( cat < "$donors.tmp"
find $journal_dir -type f -name 'journal-????????.log' -print \
| sort | while read fname; do
@@ -131,15 +137,31 @@ find $journal_dir -type f -name 'journal-????????.log' -print \
name=$(echo "$name" | tr \`\$: ...)
message=$(echo "$message" | tr \`\$ ..)
xmail=$(echo "$xmail" | tr \`\$ ..)
- if [ -n "$name" ]; then
- # Note that we removed colons from $name
- echo "$jyear:$datestr:$name::$lnr:" >> "$donors.tmp"
- fi
+ # Note that we removed colons from $name
+ echo "$jyear:$datestr:$name::$lnr:" >> "$donors.tmp"
+ touch "$donors".stamp
send_thanks
done
fi
done
-if ! mv "$donors.tmp" "$donors"; then
- echo "$pgm: error updating $donors" >&2
- exit 1
+
+# If we have any new records update the files.
+if [ -f "$donors".stamp ]; then
+
+ if ! mv "$donors.tmp" "$donors"; then
+ echo "$pgm: error updating $donors" >&2
+ exit 1
+ fi
+
+ if [ -f "$donations" ]; then
+ payproc-stat -u "$donations" -- > "$donations".tmp \
+ $(find /var/log/payproc -type f -name 'journal-????????.log' -print|sort)
+ if ! mv "$donations".tmp "$donations"; then
+ echo "$pgm: error updating $donations" >&2
+ exit 1
+ fi
+ else
+ payproc-stat -u "$donations" -- > "$donations" \
+ $(find /var/log/payproc -type f -name 'journal-????????.log' -print|sort)
+ fi
fi
diff --git a/tools/mkkudos.sh b/tools/mkkudos.sh
index f3625e0..3c42a8a 100755
--- a/tools/mkkudos.sh
+++ b/tools/mkkudos.sh
@@ -6,11 +6,25 @@ htdocs="/var/www/www/www.gnupg.org/htdocs"
#htdocs="/home/wk/s/gnupg-doc/web"
donors="$htdocs/donate/donors.dat"
+donations="$htdocs/donate/donations.dat"
if [ ! -f "$donors" ]; then
echo "mkkudos.sh: '$donors' not found" >&2;
exit 1
fi
+if [ ! -f "$donations" ]; then
+ echo "mkkudos.sh: '$donations' not found" >&2;
+ exit 1
+fi
+
+tmp=$(head -1 "$donations")
+monyear=$(echo "$tmp" | awk -F: 'BEGIN { m[1] = "January";
+ m[2] = "February"; m[3] = "March"; m[4] = "April"; m[5] = "May";
+ m[6] = "June"; m[7] = "July"; m[8] = "August"; m[9] = "September";
+ m[10] = "October"; m[11] = "November"; m[12] = "December"; }
+ {printf "%s %d", m[$2] , $1}')
+euro=$(echo "$tmp" | awk -F: '{printf "%d Euro", int($8 + 0.5)}')
+
for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html; do
[ "$file" -ot "$donors" ] || continue
@@ -22,17 +36,28 @@ for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html; do
fi
echo "processing $file" >&2
[ -f "$file.tmp" ] && rm "$file.tmp"
- awk -F: -v year=$year -v donors="$donors" <"$file" >"$file.tmp" '
+ awk -F: -v year=$year -v donors="$donors" \
+ -v monyear="$monyear" -v euro="$euro" <"$file" >"$file.tmp" '
// {indon=1; print; insert("") }
// {indon=0}
// {indon=1; print; insert("goteo13") }
// {indon=0}
+ // {
+ printf " %s\n", monyear;
+ next
+ }
+ // {
+ printf " %s\n", euro;
+ next
+ }
!indon { print }
function insert (tag) {
while (getline < donors) {
if ( $0 ~ /^(#.*)?$/ )
continue;
+ if ( $3 == "" )
+ continue;
if ($1==year && $4==tag) {
printf "
In
+#+HTML:
+#+HTML: we received
+#+HTML:
+#+HTML: of donations by credit card plus some more donations via Paypal.
+#+HTML:
+
+
| Year | # | \EUR | net \EUR |
| | | | |
|------+-----+-------+----------|
-----------------------------------------------------------------------
Summary of changes:
tools/append-to-donors.sh | 42 ++++++++++++++++++++++++++++++++----------
tools/mkkudos.sh | 27 ++++++++++++++++++++++++++-
web/donate/kudos.org | 8 ++++++++
web/swdb.mac | 6 +++---
4 files changed, 69 insertions(+), 14 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 17 01:37:07 2014
From: cvs at cvs.gnupg.org (by Ben Kibbey)
Date: Fri, 17 Oct 2014 01:37:07 +0200
Subject: [git] GPGME - branch, bjk/master, updated. gpgme-1.5.1-13-gfff2049
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, bjk/master has been updated
via fff2049c1bc7c627e11df8062ef1f96a7697954f (commit)
from aea2c168fc9c12148181dbcc33d7085aad8e6d90 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fff2049c1bc7c627e11df8062ef1f96a7697954f
Author: Ben Kibbey
Date: Thu Oct 16 19:26:41 2014 -0400
Fix crash with built-in [v]asprintf().
* src/vasprintf.c (__gpgme_vasprintf): Copy the va_list.
--
Not sure why it needs to be done. Maybe because of dereferencing the
pointer while doing va_copy() int_vasprintf()? If we remove the
_BSD_VA_LIST stuff and pass a regular va_list all is fine.
diff --git a/src/vasprintf.c b/src/vasprintf.c
index 326a2c3..18b1ef1 100644
--- a/src/vasprintf.c
+++ b/src/vasprintf.c
@@ -26,8 +26,6 @@ Boston, MA 02111-1307, USA. */
#include
#include
-#include "mem.h"
-
#ifndef va_copy /* According to POSIX, va_copy is a macro. */
#if defined (__GNUC__) && defined (__PPC__) \
@@ -42,7 +40,14 @@ Boston, MA 02111-1307, USA. */
#ifdef TEST
+#define _gpgme_malloc malloc
+#define _gpgme_calloc calloc
+#define _gpgme_realloc realloc
+#define _gpgme_strdup strdup
+#define _gpgme_free free
int global_total_width;
+#else
+#include "mem.h"
#endif
static int int_vasprintf (char **, const char *, va_list *);
@@ -161,7 +166,17 @@ _gpgme_vasprintf (result, format, args)
va_list args;
#endif
{
- return int_vasprintf (result, format, &args);
+#if defined (_BSD_VA_LIST_) && defined (__FreeBSD__)
+ _BSD_VA_LIST_ cp;
+#else
+ va_list cp;
+#endif
+ int ret;
+
+ va_copy(cp, args);
+ ret = int_vasprintf (result, format, &cp);
+ va_end(cp);
+ return ret;
}
-----------------------------------------------------------------------
Summary of changes:
src/vasprintf.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 17 13:12:06 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 17 Oct 2014 13:12:06 +0200
Subject: [git] gnupg-doc - branch, master,
updated. f5e7a838cc7d6b84e818f014e7132d84a12927d9
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via f5e7a838cc7d6b84e818f014e7132d84a12927d9 (commit)
from 971c62e094e2145f5bba47812229246f478edc23 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f5e7a838cc7d6b84e818f014e7132d84a12927d9
Author: Werner Koch
Date: Fri Oct 17 13:12:16 2014 +0200
tools: Add yearly stats to mkkudos.sh.
diff --git a/tools/mkkudos.sh b/tools/mkkudos.sh
index 3c42a8a..8e5ed96 100755
--- a/tools/mkkudos.sh
+++ b/tools/mkkudos.sh
@@ -8,6 +8,45 @@ htdocs="/var/www/www/www.gnupg.org/htdocs"
donors="$htdocs/donate/donors.dat"
donations="$htdocs/donate/donations.dat"
+
+usage()
+{
+ cat <&2
+ ;;
+ esac
+ shift
+done
+
+
if [ ! -f "$donors" ]; then
echo "mkkudos.sh: '$donors' not found" >&2;
exit 1
@@ -24,10 +63,14 @@ monyear=$(echo "$tmp" | awk -F: 'BEGIN { m[1] = "January";
m[10] = "October"; m[11] = "November"; m[12] = "December"; }
{printf "%s %d", m[$2] , $1}')
euro=$(echo "$tmp" | awk -F: '{printf "%d Euro", int($8 + 0.5)}')
-
+euroyr=$(echo "$tmp" | awk -F: '{printf "%d Euro", int($10 + 0.5)}')
+n=$(echo "$tmp" | awk -F: '{printf "%d", $7}')
+nyr=$(echo "$tmp" | awk -F: '{printf "%d", $9}')
for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html; do
- [ "$file" -ot "$donors" ] || continue
+ if [ $force = no ]; then
+ [ "$file" -ot "$donors" ] || continue
+ fi
if [ "$file" = "$htdocs/donate/"kudos.html ]; then
year=$(date +%Y)
else
@@ -37,7 +80,9 @@ for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html; do
echo "processing $file" >&2
[ -f "$file.tmp" ] && rm "$file.tmp"
awk -F: -v year=$year -v donors="$donors" \
- -v monyear="$monyear" -v euro="$euro" <"$file" >"$file.tmp" '
+ -v monyear="$monyear" -v euro="$euro" -v euroyr="$euroyr" \
+ -v n="$n" -v nyr="$nyr" \
+ <"$file" >"$file.tmp" '
// {indon=1; print; insert("") }
// {indon=0}
// {indon=1; print; insert("goteo13") }
@@ -50,6 +95,18 @@ for file in "$htdocs/donate/"kudos-????.html "$htdocs/donate/"kudos.html; do
printf " %s\n", euro;
next
}
+ // {
+ printf " %s\n", n;
+ next
+ }
+ // {
+ printf " %s\n", euroyr;
+ next
+ }
+ // {
+ printf " %s\n", nyr;
+ next
+ }
!indon { print }
function insert (tag) {
diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index fbee1a5..2e6e151 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -25,12 +25,20 @@
** Donation summary
-#+HTML:
In
-#+HTML:
-#+HTML: we received
-#+HTML:
-#+HTML: of donations by credit card plus some more donations via Paypal.
-#+HTML:
+#+HTML:
In
+#+HTML: October 2014
+#+HTML:we received
+#+HTML: 2
+#+HTML:donations of
+#+HTML: 28 Euro
+#+HTML:. For the entire year we
+#+HTML:received a total of
+#+HTML: 52 Euro
+#+HTML:from
+#+HTML: 28
+#+HTML:donations. Note that these numbers are only for donations via Stripe
+#+HTML:(credit card) and do not yet account for those received via Paypal.
+#+HTML:
| Year | # | \EUR | net \EUR |
-----------------------------------------------------------------------
Summary of changes:
tools/mkkudos.sh | 63 +++++++++++++++++++++++++++++++++++++++++++++++---
web/donate/kudos.org | 20 +++++++++++-----
2 files changed, 74 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 17 13:40:35 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 17 Oct 2014 13:40:35 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-22-g8fd150b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 8fd150b05b744fe9465057c12529d5e6b6b02785 (commit)
via 60d22d54a50f63b4026aa8bbc97efa8d3c76e614 (commit)
via 0df36db63e29dd755266d06c55d9c434eef5e084 (commit)
from fab89f159bcb36ea7285af661d5756eefa981822 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8fd150b05b744fe9465057c12529d5e6b6b02785
Author: Werner Koch
Date: Sun Oct 12 20:07:12 2014 +0200
gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys. Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.
* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto. Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures. Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.
* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--
v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys. Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.
We have also kept support for v3 signatures until now. With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures. What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures. The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages. These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.
Signed-off-by: Werner Koch
diff --git a/doc/OpenPGP b/doc/OpenPGP
index 96223d7..794f669 100644
--- a/doc/OpenPGP
+++ b/doc/OpenPGP
@@ -9,6 +9,15 @@
===================
GnuPG (>=1.0.3) is in compliance with RFC2440 despite these exceptions:
+ * With GnuPG >= 2.1.0 all support for version 3 keys has been
+ removed. Thus there is no more compatibility with PGP-2. Users
+ who need to be able to decrypt old PGP 2 messages should use
+ GnuPG 1.4.x along with the option --allow-weak-digest-algos.
+
+ * With GnuPG >= 2.1.0 all signatures (on messages and keys) are
+ created using version 4 signatures. Support for verifying
+ version 3 signature is still available.
+
* (9.2) states that IDEA SHOULD be implemented. This is not done
due to patent problems.
UPDATE: Since version 1.4.13 (or GnuPG 2.x with Libgcrypt 1.6)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 2997b64..cddf462 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2129,6 +2129,7 @@ platforms that have different line ending conventions (UNIX-like to Mac,
Mac to Windows, etc). @option{--no-textmode} disables this option, and
is the default.
+ at ifclear gpgtwoone
@item --force-v3-sigs
@itemx --no-force-v3-sigs
@opindex force-v3-sigs
@@ -2147,6 +2148,15 @@ Defaults to no.
Always use v4 key signatures even on v3 keys. This option also
changes the default hash algorithm for v3 RSA keys from MD5 to SHA-1.
@option{--no-force-v4-certs} disables this option.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --force-v3-sigs
+ at itemx --no-force-v3-sigs
+ at item --force-v4-certs
+ at itemx --no-force-v4-certs
+These options are obsolete and have no effect since GnuPG 2.1.
+ at end ifset
@item --force-mdc
@opindex force-mdc
@@ -2301,8 +2311,12 @@ compression algorithms none and ZIP. This also disables
--throw-keyids, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
-This option implies @option{--disable-mdc --escape-from-lines
---force-v3-sigs}.
+ at ifclear gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines --force-v3-sigs}.
+ at end ifclear
+ at ifset gpgtwoone
+This option implies @option{--disable-mdc --escape-from-lines}.
+ at end ifset
@item --pgp7
@opindex pgp7
diff --git a/g10/build-packet.c b/g10/build-packet.c
index af0de3b..c04abab 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -291,24 +291,13 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
int i, nskey, npkey;
iobuf_t a = iobuf_temp(); /* Build in a self-enlarging buffer. */
- /* Write the version number - if none is specified, use 3 */
+ /* Write the version number - if none is specified, use 4 */
if ( !pk->version )
- iobuf_put ( a, 3 );
+ iobuf_put ( a, 4 );
else
iobuf_put ( a, pk->version );
write_32 (a, pk->timestamp );
- /* v3 needs the expiration time. */
- if ( pk->version < 4 )
- {
- u16 ndays;
- if ( pk->expiredate )
- ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
- else
- ndays = 0;
- write_16(a, ndays);
- }
-
iobuf_put (a, pk->pubkey_algo );
/* Get number of secret and public parameters. They are held in one
@@ -347,45 +336,37 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
/* Build the header for protected (encrypted) secret parameters. */
if (ski->is_protected)
{
- if ( is_RSA (pk->pubkey_algo) && pk->version < 4 && !ski->s2k.mode )
+ /* OpenPGP protection according to rfc2440. */
+ iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
+ iobuf_put (a, ski->algo);
+ if (ski->s2k.mode >= 1000)
{
- /* The simple rfc1991 (v3) way. */
- iobuf_put (a, ski->algo );
- iobuf_write (a, ski->iv, ski->ivlen);
+ /* These modes are not possible in OpenPGP, we use them
+ to implement our extensions, 101 can be viewed as a
+ private/experimental extension (this is not specified
+ in rfc2440 but the same scheme is used for all other
+ algorithm identifiers). */
+ iobuf_put (a, 101);
+ iobuf_put (a, ski->s2k.hash_algo);
+ iobuf_write (a, "GNU", 3 );
+ iobuf_put (a, ski->s2k.mode - 1000);
}
else
{
- /* OpenPGP protection according to rfc2440. */
- iobuf_put (a, ski->sha1chk? 0xfe : 0xff);
- iobuf_put (a, ski->algo);
- if (ski->s2k.mode >= 1000)
- {
- /* These modes are not possible in OpenPGP, we use
- them to implement our extensions, 101 can be
- viewed as a private/experimental extension (this
- is not specified in rfc2440 but the same scheme
- is used for all other algorithm identifiers). */
- iobuf_put (a, 101);
- iobuf_put (a, ski->s2k.hash_algo);
- iobuf_write (a, "GNU", 3 );
- iobuf_put (a, ski->s2k.mode - 1000);
- }
- else
- {
- iobuf_put (a, ski->s2k.mode);
- iobuf_put (a, ski->s2k.hash_algo);
- }
-
- if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
- iobuf_write (a, ski->s2k.salt, 8);
-
- if (ski->s2k.mode == 3)
- iobuf_put (a, ski->s2k.count);
-
- /* For our special modes 1001, 1002 we do not need an IV. */
- if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
- iobuf_write (a, ski->iv, ski->ivlen);
+ iobuf_put (a, ski->s2k.mode);
+ iobuf_put (a, ski->s2k.hash_algo);
}
+
+ if (ski->s2k.mode == 1 || ski->s2k.mode == 3)
+ iobuf_write (a, ski->s2k.salt, 8);
+
+ if (ski->s2k.mode == 3)
+ iobuf_put (a, ski->s2k.count);
+
+ /* For our special modes 1001, 1002 we do not need an IV. */
+ if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002)
+ iobuf_write (a, ski->iv, ski->ivlen);
+
}
else /* Not protected. */
iobuf_put (a, 0 );
@@ -400,7 +381,7 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
/* The serial number gets stored in the IV field. */
iobuf_write (a, ski->iv, ski->ivlen);
}
- else if (ski->is_protected && pk->version >= 4)
+ else if (ski->is_protected)
{
/* The secret key is protected - write it out as it is. */
byte *p;
@@ -410,20 +391,6 @@ do_key (iobuf_t out, int ctb, PKT_public_key *pk)
p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits);
iobuf_write (a, p, (ndatabits+7)/8 );
}
- else if (ski->is_protected)
- {
- /* The secret key is protected the old v4 way. */
- for ( ; i < nskey; i++ )
- {
- byte *p;
- unsigned int ndatabits;
-
- assert (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE));
- p = gcry_mpi_get_opaque (pk->pkey[i], &ndatabits);
- iobuf_write (a, p, (ndatabits+7)/8);
- }
- write_16 (a, ski->csum );
- }
else
{
/* Non-protected key. */
diff --git a/g10/filter.h b/g10/filter.h
index 40c5134..731ad0f 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -152,7 +152,7 @@ int cipher_filter( void *opaque, int control,
int text_filter( void *opaque, int control,
iobuf_t chain, byte *buf, size_t *ret_len);
int copy_clearsig_text (iobuf_t out, iobuf_t inp, gcry_md_hd_t md,
- int escape_dash, int escape_from, int pgp2mode);
+ int escape_dash, int escape_from);
/*-- progress.c --*/
progress_filter_context_t *new_progress_context (void);
diff --git a/g10/gpg.c b/g10/gpg.c
index 57deb8d..1df44fe 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -272,10 +272,6 @@ enum cmd_and_opt_values
oShowPhotos,
oNoShowPhotos,
oPhotoViewer,
- oForceV3Sigs,
- oNoForceV3Sigs,
- oForceV4Certs,
- oNoForceV4Certs,
oForceMDC,
oNoForceMDC,
oDisableMDC,
@@ -525,10 +521,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
- ARGPARSE_s_n (oForceV3Sigs, "force-v3-sigs", "@"),
- ARGPARSE_s_n (oNoForceV3Sigs, "no-force-v3-sigs", "@"),
- ARGPARSE_s_n (oForceV4Certs, "force-v4-certs", "@"),
- ARGPARSE_s_n (oNoForceV4Certs, "no-force-v4-certs", "@"),
ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
@@ -810,6 +802,10 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "no-sk-comments", "@"),
ARGPARSE_s_n (oNoop, "compress-keys", "@"),
ARGPARSE_s_n (oNoop, "compress-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "force-v3-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-v3-sigs", "@"),
+ ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
+ ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
ARGPARSE_end ()
};
@@ -2535,7 +2531,6 @@ main (int argc, char **argv)
opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 1;
- opt.force_v3_sigs = 0;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2553,7 +2548,6 @@ main (int argc, char **argv)
opt.allow_freeform_uid = 1;
opt.pgp2_workarounds = 0;
opt.escape_from = 0;
- opt.force_v3_sigs = 0;
opt.not_dash_escaped = 0;
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
@@ -2637,10 +2631,7 @@ main (int argc, char **argv)
opt.verify_options&=~VERIFY_SHOW_PHOTOS;
break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
- case oForceV3Sigs: opt.force_v3_sigs = 1; break;
- case oNoForceV3Sigs: opt.force_v3_sigs = 0; break;
- case oForceV4Certs: opt.force_v4_certs = 1; break;
- case oNoForceV4Certs: opt.force_v4_certs = 0; break;
+
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
@@ -3288,15 +3279,17 @@ main (int argc, char **argv)
/* Do these after the switch(), so they can override settings. */
if(PGP6)
{
+ /* That does not anymore work becuase we have no more support
+ for v3 signatures. */
opt.disable_mdc=1;
opt.escape_from=1;
- opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if(PGP7)
{
+ /* That does not anymore work because we have no more support
+ for v3 signatures. */
opt.escape_from=1;
- opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
}
else if(PGP8)
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 308576d..a8e6f5d 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -536,14 +536,10 @@ sign_uids (estream_t fp,
{
u32 sk_keyid[2], pk_keyid[2];
char *p, *trust_regexp = NULL;
- int force_v4 = 0, class = 0, selfsig = 0;
+ int class = 0, selfsig = 0;
u32 duration = 0, timestamp = 0;
byte trust_depth = 0, trust_value = 0;
- if (local || nonrevocable || trust
- || opt.cert_policy_url || opt.cert_notations)
- force_v4 = 1;
-
pk = sk_rover->pk;
keyid_from_pk (pk, sk_keyid);
@@ -567,14 +563,7 @@ sign_uids (estream_t fp,
/* Is this a self-sig? */
if (pk_keyid[0] == sk_keyid[0] && pk_keyid[1] == sk_keyid[1])
- {
- selfsig = 1;
- /* Do not force a v4 sig here, otherwise it would
- be difficult to remake a v3 selfsig. If this
- is a v3->v4 promotion case, then we set
- force_v4 later anyway. */
- force_v4 = 0;
- }
+ selfsig = 1;
}
else if (node->pkt->pkttype == PKT_USER_ID)
{
@@ -716,7 +705,6 @@ sign_uids (estream_t fp,
"it to an OpenPGP self-"
"signature? (y/N) ")))
{
- force_v4 = 1;
node->flag |= NODFLG_DELSIG;
xfree (user);
continue;
@@ -860,7 +848,6 @@ sign_uids (estream_t fp,
passphrase, etc). */
timestamp = now;
duration = primary_pk->expiredate - now;
- force_v4 = 1;
}
cpr_kill_prompt ();
@@ -879,9 +866,6 @@ sign_uids (estream_t fp,
duration = parse_expire_string (opt.def_cert_expire);
}
- if (duration)
- force_v4 = 1;
-
if (selfsig)
;
else
@@ -1041,7 +1025,7 @@ sign_uids (estream_t fp,
node->pkt->pkt.user_id,
NULL,
pk,
- 0x13, 0, force_v4 ? 4 : 0, 0, 0,
+ 0x13, 0, 0, 0,
keygen_add_std_prefs, primary_pk,
NULL);
else
@@ -1049,7 +1033,7 @@ sign_uids (estream_t fp,
node->pkt->pkt.user_id,
NULL,
pk,
- class, 0, force_v4 ? 4 : 0,
+ class, 0,
timestamp, duration,
sign_mk_attrib, &attrib,
NULL);
@@ -3290,7 +3274,7 @@ menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name)
if (!uid)
return 0;
- err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0,
+ err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0,
keygen_add_std_prefs, pk, NULL);
if (err)
{
@@ -3674,9 +3658,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive)
break;
}
- /* The 1F signature must be at least v4 to carry the revocation key
- subpacket. */
- rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0,
+ rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 0, 0,
keygen_add_revkey, &revkey, NULL);
if (rc)
{
@@ -4966,7 +4948,7 @@ reloop: /* (must use this, because we are modifing the list) */
}
rc = make_keysig_packet (&sig, primary_pk,
unode->pkt->pkt.user_id,
- NULL, signerkey, 0x30, 0, 0, 0, 0,
+ NULL, signerkey, 0x30, 0, 0, 0,
sign_mk_attrib, &attrib, NULL);
free_public_key (signerkey);
if (rc)
@@ -5058,7 +5040,7 @@ menu_revuid (KBNODE pub_keyblock)
node->flag &= ~NODFLG_SELUID;
rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0,
- (reason == NULL) ? 3 : 0, timestamp, 0,
+ timestamp, 0,
sign_mk_attrib, &attrib, NULL);
if (rc)
{
@@ -5122,7 +5104,7 @@ menu_revkey (KBNODE pub_keyblock)
return 0;
rc = make_keysig_packet (&sig, pk, NULL, NULL, pk,
- 0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0,
+ 0x20, 0, 0, 0,
revocation_reason_build_cb, reason, NULL);
if (rc)
{
@@ -5183,7 +5165,7 @@ menu_revsubkey (KBNODE pub_keyblock)
node->flag &= ~NODFLG_SELKEY;
rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk,
- 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib,
+ 0x28, 0, 0, 0, sign_mk_attrib, &attrib,
NULL);
if (rc)
{
diff --git a/g10/keygen.c b/g10/keygen.c
index 6079ff0..8095452 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -812,7 +812,7 @@ make_backsig (PKT_signature *sig, PKT_public_key *pk,
cache_public_key (sub_pk);
err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
- 0, 0, timestamp, 0, NULL, NULL, cache_nonce);
+ 0, timestamp, 0, NULL, NULL, cache_nonce);
if (err)
log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err));
else
@@ -922,7 +922,7 @@ write_direct_sig (KBNODE root, PKT_public_key *psk,
/* Make the signature. */
err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_revkey, revkey, cache_nonce);
if (err)
{
@@ -977,7 +977,7 @@ write_selfsigs (KBNODE root, PKT_public_key *psk,
/* Make the signature. */
err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_std_prefs, pk, cache_nonce);
if (err)
{
@@ -1036,12 +1036,12 @@ write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
oduap.usage = use;
oduap.pk = sub_pk;
err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
- 0, 0, timestamp, 0,
+ 0, timestamp, 0,
keygen_add_key_flags_and_expire, &oduap,
cache_nonce);
if (err)
{
- log_error ("make_keysig_packet failed: %s\n", g10_errstr (err));
+ log_error ("make_keysig_packeto failed: %s\n", g10_errstr (err));
return err;
}
diff --git a/g10/keyid.c b/g10/keyid.c
index 8b4eeb1..662806b 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -147,10 +147,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
size_t nbytes;
int npkey = pubkey_get_npkey (pk->pubkey_algo);
- /* Two extra bytes for the expiration date in v3 */
- if(pk->version<4)
- n+=2;
-
/* FIXME: We can avoid the extra malloc by calling only the first
mpi_print here which computes the required length and calling the
real mpi_print only at the end. The speed advantage would only be
@@ -211,16 +207,6 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
gcry_md_putc ( md, pk->timestamp >> 8 );
gcry_md_putc ( md, pk->timestamp );
- if(pk->version<4)
- {
- u16 days=0;
- if(pk->expiredate)
- days=(u16)((pk->expiredate - pk->timestamp) / 86400L);
-
- gcry_md_putc ( md, days >> 8 );
- gcry_md_putc ( md, days );
- }
-
gcry_md_putc ( md, pk->pubkey_algo );
if(npkey==0 && pk->pkey[0]
@@ -432,18 +418,6 @@ keyid_from_pk (PKT_public_key *pk, u32 *keyid)
keyid[1] = pk->keyid[1];
lowbits = keyid[1];
}
- else if( pk->version < 4 )
- {
- if( is_RSA(pk->pubkey_algo) )
- {
- lowbits = (pubkey_get_npkey (pk->pubkey_algo) ?
- v3_keyid ( pk->pkey[0], keyid ) : 0); /* From n. */
- pk->keyid[0] = keyid[0];
- pk->keyid[1] = keyid[1];
- }
- else
- pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
- }
else
{
const byte *dp;
@@ -706,66 +680,20 @@ colon_expirestr_from_sig (PKT_signature *sig)
byte *
fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
{
- byte *buf;
const byte *dp;
- size_t len, nbytes;
- int i;
-
- if ( pk->version < 4 )
- {
- if ( is_RSA(pk->pubkey_algo) )
- {
- /* RSA in version 3 packets is special. */
- gcry_md_hd_t md;
-
- if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0))
- BUG ();
- if ( pubkey_get_npkey (pk->pubkey_algo) > 1 )
- {
- for (i=0; i < 2; i++)
- {
- if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
- &nbytes, pk->pkey[i]))
- BUG ();
- /* fixme: Better allocate BUF on the stack */
- buf = xmalloc (nbytes);
- if (gcry_mpi_print (GCRYMPI_FMT_USG, buf, nbytes,
- NULL, pk->pkey[i]))
- BUG ();
- gcry_md_write (md, buf, nbytes);
- xfree (buf);
- }
- }
- gcry_md_final (md);
- if (!array)
- array = xmalloc (16);
- len = 16;
- memcpy (array, gcry_md_read (md, DIGEST_ALGO_MD5), 16);
- gcry_md_close(md);
- }
- else
- {
- if (!array)
- array = xmalloc(16);
- len = 16;
- memset (array,0,16);
- }
- }
- else
- {
- gcry_md_hd_t md;
+ size_t len;
+ gcry_md_hd_t md;
- md = do_fingerprint_md(pk);
- dp = gcry_md_read( md, 0 );
- len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
- assert( len <= MAX_FINGERPRINT_LEN );
- if (!array)
- array = xmalloc ( len );
- memcpy (array, dp, len );
- pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
- pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
- gcry_md_close( md);
- }
+ md = do_fingerprint_md(pk);
+ dp = gcry_md_read( md, 0 );
+ len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
+ assert( len <= MAX_FINGERPRINT_LEN );
+ if (!array)
+ array = xmalloc ( len );
+ memcpy (array, dp, len );
+ pk->keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
+ pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
+ gcry_md_close( md);
if (ret_len)
*ret_len = len;
diff --git a/g10/options.h b/g10/options.h
index edd31a9..0875eb5 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -74,8 +74,6 @@ struct
int no_armor;
int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/
int def_cipher_algo;
- int force_v3_sigs;
- int force_v4_certs;
int force_mdc;
int disable_mdc;
int def_digest_algo;
diff --git a/g10/packet.h b/g10/packet.h
index b1b82d7..ba43638 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -530,7 +530,7 @@ int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2,
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk, int sigclass, int digest_algo,
- int sigversion, u32 timestamp, u32 duration,
+ u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque,
const char *cache_nonce);
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index f7b2079..50da17c 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1901,53 +1901,6 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
}
-static gcry_mpi_t
-read_protected_v3_mpi (IOBUF inp, unsigned long *length)
-{
- int c;
- unsigned int nbits, nbytes;
- unsigned char *buf, *p;
- gcry_mpi_t val;
-
- if (*length < 2)
- {
- log_error ("mpi too small\n");
- return NULL;
- }
-
- if ((c = iobuf_get (inp)) == -1)
- return NULL;
- --*length;
- nbits = c << 8;
- if ((c = iobuf_get (inp)) == -1)
- return NULL;
- --*length;
- nbits |= c;
-
- if (nbits > 16384)
- {
- log_error ("mpi too large (%u bits)\n", nbits);
- return NULL;
- }
- nbytes = (nbits + 7) / 8;
- buf = p = xmalloc (2 + nbytes);
- *p++ = nbits >> 8;
- *p++ = nbits;
- for (; nbytes && *length; nbytes--, --*length)
- *p++ = iobuf_get (inp);
- if (nbytes)
- {
- log_error ("packet shorter than mpi\n");
- xfree (buf);
- return NULL;
- }
-
- /* Convert buffer into an opaque MPI. */
- val = gcry_mpi_set_opaque (NULL, buf, (p - buf) * 8);
- return val;
-}
-
-
static int
parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
byte * hdr, int hdrlen, PACKET * pkt)
@@ -1956,7 +1909,6 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
int i, version, algorithm;
unsigned long timestamp, expiredate, max_expiredate;
int npkey, nskey;
- int is_v4 = 0;
int rc = 0;
u32 keyid[2];
PKT_public_key *pk;
@@ -1991,8 +1943,19 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
return 0;
}
else if (version == 4)
- is_v4 = 1;
- else if (version != 2 && version != 3)
+ {
+ /* The only supported version. Use an older gpg
+ versions (i.e. gpg 1.4 to parse v3 packets). */
+ }
+ else if (version == 2 || version == 3)
+ {
+ log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
+ if (list_mode)
+ es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
+ err = gpg_error (GPG_ERR_INV_PACKET);
+ goto leave;
+ }
+ else
{
log_error ("packet(%d) with unknown version %d\n", pkttype, version);
if (list_mode)
@@ -2012,23 +1975,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
timestamp = read_32 (inp);
pktlen -= 4;
- if (is_v4)
- {
- expiredate = 0; /* have to get it from the selfsignature */
- max_expiredate = 0;
- }
- else
- {
- unsigned short ndays;
- ndays = read_16 (inp);
- pktlen -= 2;
- if (ndays)
- expiredate = timestamp + ndays * 86400L;
- else
- expiredate = 0;
-
- max_expiredate = expiredate;
- }
+ expiredate = 0; /* have to get it from the selfsignature */
+ max_expiredate = 0;
algorithm = iobuf_get_noeof (inp);
pktlen--;
if (list_mode)
@@ -2145,7 +2093,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
ski->s2k.hash_algo = iobuf_get_noeof (inp);
pktlen--;
/* Check for the special GNU extension. */
- if (is_v4 && ski->s2k.mode == 101)
+ if (ski->s2k.mode == 101)
{
for (i = 0; i < 4 && pktlen; i++, pktlen--)
temp[i] = iobuf_get_noeof (inp);
@@ -2312,7 +2260,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
10 * 8);
pktlen = 0;
}
- else if (is_v4 && ski->is_protected)
+ else if (ski->is_protected)
{
/* Ugly: The length is encrypted too, so we read all stuff
* up to the end of the packet into the first SKEY
@@ -2331,29 +2279,18 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
}
else
{
- /* The v3 method: The mpi length is not encrypted. */
+ /* Not encrypted. */
for (i = npkey; i < nskey; i++)
{
- if (ski->is_protected)
- {
- pk->pkey[i] = read_protected_v3_mpi (inp, &pktlen);
- if (pk->pkey[i])
- gcry_mpi_set_flag (pk->pkey[i], GCRYMPI_FLAG_USER1);
- if (list_mode)
- es_fprintf (listfp, "\tskey[%d]: [v3 protected]\n", i);
- }
- else
- {
- unsigned int n = pktlen;
- pk->pkey[i] = mpi_read (inp, &n, 0);
- pktlen -= n;
- if (list_mode)
- {
- es_fprintf (listfp, "\tskey[%d]: ", i);
- mpi_print (listfp, pk->pkey[i], mpi_print_mode);
- es_putc ('\n', listfp);
- }
- }
+ unsigned int n = pktlen;
+ pk->pkey[i] = mpi_read (inp, &n, 0);
+ pktlen -= n;
+ if (list_mode)
+ {
+ es_fprintf (listfp, "\tskey[%d]: ", i);
+ mpi_print (listfp, pk->pkey[i], mpi_print_mode);
+ es_putc ('\n', listfp);
+ }
if (!pk->pkey[i])
err = gpg_error (GPG_ERR_INV_PACKET);
diff --git a/g10/revoke.c b/g10/revoke.c
index 81b5d6d..6b9e709 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -338,7 +338,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
/* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0,
- 0, 0, 0,
+ 0, 0,
revocation_reason_build_cb, reason,
NULL);
if( rc ) {
@@ -465,7 +465,6 @@ create_revocation (const char *filename,
push_armor_filter (afx, out);
rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
- opt.force_v4_certs? 4:0,
0, 0,
revocation_reason_build_cb, reason, cache_nonce);
if (rc)
@@ -649,16 +648,13 @@ gen_revoke (const char *uname)
goto leave;
}
- if (psk->version >= 4 || opt.force_v4_certs)
+ /* Get the reason for the revocation. */
+ reason = ask_revocation_reason (1, 0, 1);
+ if (!reason)
{
- /* Get the reason for the revocation. */
- reason = ask_revocation_reason (1, 0, 1);
- if (!reason)
- {
- /* user decided to cancel */
- rc = 0;
- goto leave;
- }
+ /* User decided to cancel. */
+ rc = 0;
+ goto leave;
}
if (!opt.armor)
diff --git a/g10/sign.c b/g10/sign.c
index bd78c17..e7d4a68 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -155,30 +155,32 @@ mk_notation_policy_etc (PKT_signature *sig,
static void
hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
{
- if ( sigversion >= 4 ) {
- byte buf[5];
-
- if(uid->attrib_data) {
- buf[0] = 0xd1; /* indicates an attribute packet */
- buf[1] = uid->attrib_len >> 24; /* always use 4 length bytes */
- buf[2] = uid->attrib_len >> 16;
- buf[3] = uid->attrib_len >> 8;
- buf[4] = uid->attrib_len;
- }
- else {
- buf[0] = 0xb4; /* indicates a userid packet */
- buf[1] = uid->len >> 24; /* always use 4 length bytes */
- buf[2] = uid->len >> 16;
- buf[3] = uid->len >> 8;
- buf[4] = uid->len;
- }
- gcry_md_write( md, buf, 5 );
+ byte buf[5];
+
+ (void)sigversion;
+
+ if (uid->attrib_data)
+ {
+ buf[0] = 0xd1; /* Indicates an attribute packet. */
+ buf[1] = uid->attrib_len >> 24; /* Always use 4 length bytes. */
+ buf[2] = uid->attrib_len >> 16;
+ buf[3] = uid->attrib_len >> 8;
+ buf[4] = uid->attrib_len;
+ }
+ else
+ {
+ buf[0] = 0xb4; /* Indicates a userid packet. */
+ buf[1] = uid->len >> 24; /* Always use 4 length bytes. */
+ buf[2] = uid->len >> 16;
+ buf[3] = uid->len >> 8;
+ buf[4] = uid->len;
}
+ gcry_md_write( md, buf, 5 );
- if(uid->attrib_data)
- gcry_md_write (md, uid->attrib_data, uid->attrib_len );
- else
- gcry_md_write (md, uid->name, uid->len );
+ if (uid->attrib_data)
+ gcry_md_write (md, uid->attrib_data, uid->attrib_len );
+ else
+ gcry_md_write (md, uid->name, uid->len );
}
@@ -188,45 +190,38 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid)
static void
hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig)
{
- if (sig->version >= 4)
- gcry_md_putc (md, sig->version);
- gcry_md_putc (md, sig->sig_class);
- if (sig->version < 4) {
- u32 a = sig->timestamp;
- gcry_md_putc (md, (a >> 24) & 0xff );
- gcry_md_putc (md, (a >> 16) & 0xff );
- gcry_md_putc (md, (a >> 8) & 0xff );
- gcry_md_putc (md, a & 0xff );
+ byte buf[6];
+ size_t n;
+
+ gcry_md_putc (md, sig->version);
+ gcry_md_putc (md, sig->sig_class);
+ gcry_md_putc (md, sig->pubkey_algo);
+ gcry_md_putc (md, sig->digest_algo);
+ if (sig->hashed)
+ {
+ n = sig->hashed->len;
+ gcry_md_putc (md, (n >> 8) );
+ gcry_md_putc (md, n );
+ gcry_md_write (md, sig->hashed->data, n );
+ n += 6;
}
- else {
- byte buf[6];
- size_t n;
-
- gcry_md_putc (md, sig->pubkey_algo);
- gcry_md_putc (md, sig->digest_algo);
- if (sig->hashed) {
- n = sig->hashed->len;
- gcry_md_putc (md, (n >> 8) );
- gcry_md_putc (md, n );
- gcry_md_write (md, sig->hashed->data, n );
- n += 6;
- }
- else {
- gcry_md_putc (md, 0); /* always hash the length of the subpacket*/
- gcry_md_putc (md, 0);
- n = 6;
- }
- /* add some magic */
- buf[0] = sig->version;
- buf[1] = 0xff;
- buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
- buf[3] = n >> 16;
- buf[4] = n >> 8;
- buf[5] = n;
- gcry_md_write (md, buf, 6);
+ else
+ {
+ gcry_md_putc (md, 0); /* Always hash the length of the subpacket. */
+ gcry_md_putc (md, 0);
+ n = 6;
}
+ /* Add some magic. */
+ buf[0] = sig->version;
+ buf[1] = 0xff;
+ buf[2] = n >> 24; /* (n is only 16 bit, so this is always 0) */
+ buf[3] = n >> 16;
+ buf[4] = n >> 8;
+ buf[5] = n;
+ gcry_md_write (md, buf, 6);
}
+
/* Perform the sign operation. If CACHE_NONCE is given the agent is
advised to use that cached passphrase fro the key. */
static int
@@ -520,26 +515,6 @@ hash_for (PKT_public_key *pk)
}
-/* Return true iff all keys in SK_LIST are old style (v3 RSA). */
-static int
-only_old_style (SK_LIST sk_list)
-{
- SK_LIST sk_rover = NULL;
- int old_style = 0;
-
- for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
- {
- PKT_public_key *pk = sk_rover->pk;
-
- if (pk->pubkey_algo == PUBKEY_ALGO_RSA && pk->version < 4)
- old_style = 1;
- else
- return 0;
- }
- return old_style;
-}
-
-
static void
print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what)
{
@@ -705,10 +680,8 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
/* Build the signature packet. */
sig = xmalloc_clear (sizeof *sig);
- if (opt.force_v3_sigs)
- sig->version = 3;
- else if (duration || opt.sig_policy_url
- || opt.sig_notations || opt.sig_keyserver_url)
+ if (duration || opt.sig_policy_url
+ || opt.sig_notations || opt.sig_keyserver_url)
sig->version = 4;
else
sig->version = pk->version;
@@ -727,11 +700,8 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
if (gcry_md_copy (&md, hash))
BUG ();
- if (sig->version >= 4)
- {
- build_sig_subpkt_from_sig (sig);
- mk_notation_policy_etc (sig, pk, NULL);
- }
+ build_sig_subpkt_from_sig (sig);
+ mk_notation_policy_etc (sig, pk, NULL);
hash_sigversion_to_magic (md, sig);
gcry_md_final (md);
@@ -814,13 +784,10 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
&& (rc=setup_symkey(&efx.symkey_s2k,&efx.symkey_dek)))
goto leave;
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval(1,opt.def_sig_expire);
+ else
+ duration = parse_expire_string(opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
@@ -1123,30 +1090,22 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
int rc = 0;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
- int old_style = 0;
- int only_md5 = 0;
u32 duration=0;
pfx = new_progress_context ();
afx = new_armor_context ();
init_packet( &pkt );
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval (1,opt.def_sig_expire);
+ else
+ duration = parse_expire_string (opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) )
goto leave;
- if(!duration )
- old_style = only_old_style( sk_list );
-
/* prepare iobufs */
inp = iobuf_open(fname);
if (inp && is_secured_file (iobuf_get_fd (inp)))
@@ -1184,18 +1143,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
- for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next)
- {
- if (hash_for (sk_rover->pk) == DIGEST_ALGO_MD5)
- only_md5 = 1;
- else
- {
- only_md5 = 0;
- break;
- }
- }
-
- if( !(old_style && only_md5) ) {
+ {
const char *s;
int any = 0;
byte hashs_seen[256];
@@ -1234,8 +1182,8 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
if ( DBG_HASHING )
gcry_md_debug ( textmd, "clearsign" );
- copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped,
- opt.escape_from, (old_style && only_md5) );
+ copy_clearsig_text (out, inp, textmd, !opt.not_dash_escaped,
+ opt.escape_from);
/* fixme: check for read errors */
/* now write the armor */
@@ -1292,13 +1240,10 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
memset( &cfx, 0, sizeof cfx);
init_packet( &pkt );
- if(!opt.force_v3_sigs)
- {
- if(opt.ask_sig_expire && !opt.batch)
- duration=ask_expire_interval(1,opt.def_sig_expire);
- else
- duration=parse_expire_string(opt.def_sig_expire);
- }
+ if (opt.ask_sig_expire && !opt.batch)
+ duration = ask_expire_interval (1, opt.def_sig_expire);
+ else
+ duration = parse_expire_string (opt.def_sig_expire);
/* Note: In the old non-agent version the following call used to
unprotect the secret key. This is now done on demand by the agent. */
@@ -1441,52 +1386,39 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
* applied (actually: dropped) when a v3 key is used. TIMESTAMP is
* the timestamp to use for the signature. 0 means "now" */
int
-make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+make_keysig_packet (PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_public_key *pksk,
int sigclass, int digest_algo,
- int sigversion, u32 timestamp, u32 duration,
+ u32 timestamp, u32 duration,
int (*mksubpkt)(PKT_signature *, void *), void *opaque,
const char *cache_nonce)
{
PKT_signature *sig;
int rc=0;
+ int sigversion;
gcry_md_hd_t md;
assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F
|| sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19
|| sigclass == 0x30 || sigclass == 0x28 );
- if (opt.force_v4_certs)
- sigversion = 4;
-
+ sigversion = 4;
if (sigversion < pksk->version)
sigversion = pksk->version;
- /* If you are making a signature on a v4 key using your v3 key, it
- doesn't make sense to generate a v3 sig. After all, no v3-only
- PGP implementation could understand the v4 key in the first
- place. Note that this implies that a signature on an attribute
- uid is usually going to be v4 as well, since they are not
- generally found on v3 keys. */
- if (sigversion < pk->version)
- sigversion = pk->version;
-
if( !digest_algo )
{
- /* Basically, this means use SHA1 always unless it's a v3 RSA
- key making a v3 cert (use MD5), or the user specified
- something (use whatever they said), or it's DSA (use the
- best match). They still can't pick an inappropriate hash
- for DSA or the signature will fail. Note that this still
- allows the caller of make_keysig_packet to override the
- user setting if it must. */
+ /* Basically, this means use SHA1 always unless the user
+ specified something (use whatever they said), or it's DSA
+ (use the best match). They still can't pick an
+ inappropriate hash for DSA or the signature will fail.
+ Note that this still allows the caller of
+ make_keysig_packet to override the user setting if it
+ must. */
if(opt.cert_digest_algo)
digest_algo=opt.cert_digest_algo;
- else if(pksk->pubkey_algo == PUBKEY_ALGO_RSA
- && pk->version<4 && sigversion<4)
- digest_algo = DIGEST_ALGO_MD5;
else if(pksk->pubkey_algo == PUBKEY_ALGO_DSA)
digest_algo = match_dsa_hash (gcry_mpi_get_nbits (pksk->pkey[1])/8);
else if (pksk->pubkey_algo == PUBKEY_ALGO_ECDSA
@@ -1533,16 +1465,14 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
if(duration)
sig->expiredate=sig->timestamp+duration;
sig->sig_class = sigclass;
- if( sig->version >= 4 )
- {
- build_sig_subpkt_from_sig( sig );
- mk_notation_policy_etc (sig, pk, pksk);
- }
+
+ build_sig_subpkt_from_sig( sig );
+ mk_notation_policy_etc (sig, pk, pksk);
/* Crucial that the call to mksubpkt comes LAST before the calls
to finalize the sig as that makes it possible for the mksubpkt
function to get a reliable pointer to the subpacket area. */
- if( sig->version >= 4 && mksubpkt )
+ if (mksubpkt)
rc = (*mksubpkt)( sig, opaque );
if( !rc ) {
@@ -1627,17 +1557,14 @@ update_keysig_packet( PKT_signature **ret_sig,
duration of 1) since build-packet.c:build_sig_subpkt_from_sig
detects this case. */
- if( sig->version >= 4 )
- {
- /* Put the updated timestamp into the sig. Note that this
- will automagically lower any sig expiration dates to
- correctly correspond to the differences in the timestamps
- (i.e. the duration will shrink). */
- build_sig_subpkt_from_sig( sig );
-
- if (mksubpkt)
- rc = (*mksubpkt)(sig, opaque);
- }
+ /* Put the updated timestamp into the sig. Note that this will
+ automagically lower any sig expiration dates to correctly
+ correspond to the differences in the timestamps (i.e. the
+ duration will shrink). */
+ build_sig_subpkt_from_sig( sig );
+
+ if (mksubpkt)
+ rc = (*mksubpkt)(sig, opaque);
if (!rc) {
hash_sigversion_to_magic (md, sig);
diff --git a/g10/textfilter.c b/g10/textfilter.c
index 14bf699..394d9c3 100644
--- a/g10/textfilter.c
+++ b/g10/textfilter.c
@@ -161,7 +161,7 @@ text_filter( void *opaque, int control,
*/
int
copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
- int escape_dash, int escape_from, int pgp2mode )
+ int escape_dash, int escape_from)
{
unsigned int maxlen;
byte *buffer = NULL; /* malloced buffer */
@@ -170,10 +170,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
int truncated = 0;
int pending_lf = 0;
- if( !opt.pgp2_workarounds )
- pgp2mode = 0;
-
- if( !escape_dash )
+ if( !escape_dash )
escape_from = 0;
write_status_begin_signing (md);
@@ -194,9 +191,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, gcry_md_hd_t md,
gcry_md_putc ( md, '\n' );
}
gcry_md_write ( md, buffer,
- len_without_trailing_chars (buffer, n,
- pgp2mode?
- " \r\n":" \t\r\n"));
+ len_without_trailing_chars (buffer, n, " \t\r\n"));
}
else
gcry_md_write ( md, buffer, n );
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index 2faa4c2..b7320d5 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -24,7 +24,7 @@ dsa_usrname1="pgp5"
# we use the sub key because we do not yet have the logic to to derive
# the first encryption key from a keyblock (I guess) (Well of course
# we have this by now and the notation below will lookup the primary
-# first and the search for the encryption subkey.)
+# first and then search for the encryption subkey.)
dsa_usrname2="0xCB879DE9"
commit 60d22d54a50f63b4026aa8bbc97efa8d3c76e614
Author: Werner Koch
Date: Fri Oct 17 13:31:07 2014 +0200
dirmngr: Minor usage output fix.
--
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index b6892bf..f629cfd 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -1,4 +1,4 @@
-/* dirmngr.c - LDAP access
+/* dirmngr.c - Keyserver and X.509 LDAP access
* Copyright (C) 2002 Klar?lvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2006, 2007, 2008, 2010, 2011 g10 Code GmbH
* Copyright (C) 2014 Werner Koch
@@ -320,7 +320,7 @@ my_strusage( int level )
case 40: p = _("Usage: @DIRMNGR@ [options] (-h for help)");
break;
case 41: p = _("Syntax: @DIRMNGR@ [options] [command [args]]\n"
- "LDAP and OCSP access for @GNUPG@\n");
+ "Keyserver, CRL, and OCSP access for @GNUPG@\n");
break;
default: p = NULL;
commit 0df36db63e29dd755266d06c55d9c434eef5e084
Author: Werner Koch
Date: Wed Oct 15 16:22:03 2014 +0200
doc: Minor doc fix for --quick-lsign-key.
--
diff --git a/doc/gpg.texi b/doc/gpg.texi
index e7360e9..2997b64 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,7 +906,7 @@ from @option{--edit-key}.
@ifset gpgtwoone
@item --quick-sign-key @code{fpr} [@code{names}]
- at itemx --quick-lsign-key @code{name}
+ at itemx --quick-lsign-key @code{fpr} [@code{names}]
@opindex quick-sign-key
@opindex quick-lsign-key
Directly sign a key from the passphrase without any further user
-----------------------------------------------------------------------
Summary of changes:
dirmngr/dirmngr.c | 4 +-
doc/OpenPGP | 9 ++
doc/gpg.texi | 20 +++-
g10/build-packet.c | 91 ++++++-----------
g10/filter.h | 2 +-
g10/gpg.c | 25 ++---
g10/keyedit.c | 38 ++-----
g10/keygen.c | 10 +-
g10/keyid.c | 96 +++---------------
g10/options.h | 2 -
g10/packet.h | 2 +-
g10/parse-packet.c | 117 +++++-----------------
g10/revoke.c | 18 ++--
g10/sign.c | 261 +++++++++++++++++-------------------------------
g10/textfilter.c | 11 +-
tests/openpgp/defs.inc | 2 +-
16 files changed, 227 insertions(+), 481 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 17 16:02:11 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 17 Oct 2014 16:02:11 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-24-g6d94918
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 6d9491842d5da597980eaa59e1e3e2137965fe09 (commit)
via a13705f4c18db56765f4af31376e81241dbabebe (commit)
from 8fd150b05b744fe9465057c12529d5e6b6b02785 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6d9491842d5da597980eaa59e1e3e2137965fe09
Author: Werner Koch
Date: Fri Oct 17 15:59:45 2014 +0200
dirmngr: Allow building without LDAP support.
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index fe80aab..ffe7733 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
Noteworthy changes in version 2.1.0 (unreleased)
------------------------------------------------
+ * Dirmngr may now be build without support for LDAP.
+
* For a complete list of changes see the lists of changes for the
2.1.0 beta versions below.
diff --git a/configure.ac b/configure.ac
index 7ce8c09..ce328e6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -716,11 +716,6 @@ if test "$run_tests" = yes; then
fi
AM_CONDITIONAL(RUN_TESTS, test "$run_tests" = yes)
-if test "$use_ldapwrapper" = yes; then
- AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
-fi
-AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
@@ -1049,16 +1044,45 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
#
# Note that running the check changes the variable
# gnupg_have_ldap from "n/a" to "no" or "yes".
-if test "$build_dirmngr" = "yes" ; then
- GNUPG_CHECK_LDAP($NETLIBS)
- AC_CHECK_LIB(lber, ber_free,
- [ LBER_LIBS="$LBER_LIBS -llber"
- AC_DEFINE(HAVE_LBER,1,
- [defined if liblber is available])
- have_lber=yes
- ])
+
+AC_ARG_ENABLE(ldap,
+ AC_HELP_STRING([--disable-ldap],[disable LDAP support]),
+ [if test "$enableval" = "no"; then gnupg_have_ldap=no; fi])
+
+if test "$gnupg_have_ldap" != "no" ; then
+ if test "$build_dirmngr" = "yes" ; then
+ GNUPG_CHECK_LDAP($NETLIBS)
+ AC_CHECK_LIB(lber, ber_free,
+ [ LBER_LIBS="$LBER_LIBS -llber"
+ AC_DEFINE(HAVE_LBER,1,
+ [defined if liblber is available])
+ have_lber=yes
+ ])
+ fi
fi
AC_SUBST(LBER_LIBS)
+if test "$gnupg_have_ldap" = "no"; then
+ AC_MSG_WARN([[
+***
+*** Building without LDAP support.
+*** No CRL access or X.509 certificate search available.
+***]])
+fi
+
+AM_CONDITIONAL(USE_LDAP, [test "$gnupg_have_ldap" = yes])
+if test "$gnupg_have_ldap" = yes ; then
+ AC_DEFINE(USE_LDAP,1,[Defined if LDAP is support])
+else
+ use_ldapwrapper=no
+fi
+
+if test "$use_ldapwrapper" = yes; then
+ AC_DEFINE(USE_LDAPWRAPPER,1, [Build dirmngr with LDAP wrapper process])
+fi
+AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
+
+
+
#
# Check for sendmail
@@ -1703,16 +1727,8 @@ if test "$have_ksba" = "no"; then
*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
***]])
fi
-if test "$gnupg_have_ldap" = "no"; then
- die=yes
- AC_MSG_NOTICE([[
-***
-*** The Dirmngr part requires an LDAP library
-*** Check out
-*** http://www.openldap.org
-*** for a suitable implementation.
-***]])
- if test "$have_w32ce_system" = yes; then
+if test "$gnupg_have_ldap" = yes; then
+ if test "$have_w32ce_system" = yes; then
AC_MSG_NOTICE([[
*** Note that CeGCC might be broken, a package fixing this is:
*** http://files.kolab.org/local/windows-ce/
@@ -1804,6 +1820,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
+ LDAP support: $gnupg_have_ldap
DNS SRV support: $use_dns_srv
TLS support: $use_tls_library
"
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 632e525..0e9a7c7 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -44,19 +44,27 @@ else
ldap_url =
endif
+if USE_LDAPWRAPPER
+extraldap_src = ldap-wrapper.c
+else
+extraldap_src = ldap-wrapper-ce.c dirmngr_ldap.c
+endif
+
noinst_HEADERS = dirmngr.h crlcache.h crlfetch.h misc.h
dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
- ldapserver.h ldapserver.c certcache.c certcache.h \
- cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \
- ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \
+ certcache.c certcache.h \
+ cdb.h cdblib.c misc.c dirmngr-err.h \
+ ocsp.c ocsp.h validate.c validate.h \
ks-action.c ks-action.h ks-engine.h \
ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
-if USE_LDAPWRAPPER
-dirmngr_SOURCES += ldap-wrapper.c
+if USE_LDAP
+dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \
+ ldap-wrapper.h $(ldap_url) $(extraldap_src)
+ldaplibs = $(LDAPLIBS)
else
-dirmngr_SOURCES += ldap-wrapper-ce.c dirmngr_ldap.c
+ldaplibs =
endif
@@ -65,7 +73,7 @@ dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER
-dirmngr_LDADD += $(LDAPLIBS)
+dirmngr_LDADD += $(ldaplibs)
endif
dirmngr_LDFLAGS = $(extra_bin_ldflags)
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index f335de8..2471ca2 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -29,8 +29,9 @@
#include "misc.h"
#include "http.h"
-#include "ldap-wrapper.h"
-
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
/* For detecting armored CRLs received via HTTP (yes, such CRLS really
exits, e.g. http://grid.fzk.de/ca/gridka-crl.pem at least in June
@@ -156,6 +157,10 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */
+#ifndef USE_LDAP
+ (void)ctrl;
+#endif
+
*reader = NULL;
once_more:
@@ -286,7 +291,13 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
else
- err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+ {
+# if USE_LDAP
+ err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
+# else /*!USE_LDAP*/
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+# endif /*!USE_LDAP*/
+ }
}
xfree (free_this);
@@ -305,8 +316,15 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return attr_fetch_ldap (ctrl, issuer, "certificateRevocationList",
reader);
+#else
+ (void)ctrl;
+ (void)issuer;
+ (void)reader;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -323,7 +341,14 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return start_default_fetch_ldap (ctrl, context, dn, "cACertificate");
+#else
+ (void)ctrl;
+ (void)context;
+ (void)dn;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -337,7 +362,15 @@ start_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context,
"LDAP");
return gpg_error (GPG_ERR_NOT_SUPPORTED);
}
+#if USE_LDAP
return start_cert_fetch_ldap (ctrl, context, patterns, server);
+#else
+ (void)ctrl;
+ (void)context;
+ (void)patterns;
+ (void)server;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -345,7 +378,14 @@ gpg_error_t
fetch_next_cert (cert_fetch_context_t context,
unsigned char **value, size_t * valuelen)
{
+#if USE_LDAP
return fetch_next_cert_ldap (context, value, valuelen);
+#else
+ (void)context;
+ (void)value;
+ (void)valuelen;
+ return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
}
@@ -361,9 +401,14 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
*r_cert = NULL;
+#if USE_LDAP
err = fetch_next_cert_ldap (context, &value, &valuelen);
if (!err && !value)
err = gpg_error (GPG_ERR_BUG);
+#else
+ (void)context;
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif
if (err)
return err;
@@ -389,7 +434,11 @@ fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
void
end_cert_fetch (cert_fetch_context_t context)
{
- return end_cert_fetch_ldap (context);
+#if USE_LDAP
+ end_cert_fetch_ldap (context);
+#else
+ (void)context;
+#endif
}
@@ -410,7 +459,13 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
reader = NULL;
cert = NULL;
+#if USE_LDAP
err = url_fetch_ldap (ctrl, url, NULL, 0, &reader);
+#else
+ (void)ctrl;
+ (void)url;
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+#endif /*USE_LDAP*/
if (err)
goto leave;
@@ -442,7 +497,9 @@ fetch_cert_by_url (ctrl_t ctrl, const char *url,
leave:
ksba_cert_release (cert);
+#if USE_LDAP
ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
return err;
}
@@ -472,7 +529,11 @@ crl_close_reader (ksba_reader_t reader)
xfree (cb_ctx);
}
else /* This is an ldap wrapper context (Currently not used). */
- ldap_wrapper_release_context (reader);
+ {
+#if USE_LDAP
+ ldap_wrapper_release_context (reader);
+#endif /*USE_LDAP*/
+ }
/* Now get rid of the reader object. */
ksba_reader_release (reader);
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index f629cfd..95f9058 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -60,9 +60,13 @@
#include "crlcache.h"
#include "crlfetch.h"
#include "misc.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
#include "asshelp.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
#include "../common/init.h"
#include "gc-opt-flags.h"
@@ -294,7 +298,9 @@ static int my_tlskey_current_fd;
/* Prototypes. */
static void cleanup (void);
+#if USE_LDAP
static ldap_server_t parse_ldapserver_file (const char* filename);
+#endif /*USE_LDAP*/
static fingerprint_list_t parse_ocsp_signer (const char *string);
static void handle_connections (assuan_fd_t listen_fd);
@@ -445,7 +451,9 @@ wrong_args (const char *text)
static void
shutdown_reaper (void)
{
+#if USE_LDAP
ldap_wrapper_wait_connections ();
+#endif
}
@@ -627,7 +635,9 @@ main (int argc, char **argv)
int nodetach = 0;
int csh_style = 0;
char *logfile = NULL;
+#if USE_LDAP
char *ldapfile = NULL;
+#endif /*USE_LDAP*/
int debug_wait = 0;
int rc;
int homedir_seen = 0;
@@ -869,7 +879,11 @@ main (int argc, char **argv)
case oLogFile: logfile = pargs.r.ret_str; break;
case oCsh: csh_style = 1; break;
case oSh: csh_style = 0; break;
- case oLDAPFile: ldapfile = pargs.r.ret_str; break;
+ case oLDAPFile:
+# if USE_LDAP
+ ldapfile = pargs.r.ret_str;
+# endif /*USE_LDAP*/
+ break;
case oLDAPAddServers: opt.add_new_ldapservers = 1; break;
case oLDAPTimeout:
opt.ldaptimeout = pargs.r.ret_int;
@@ -948,6 +962,7 @@ main (int argc, char **argv)
set_debug ();
/* Get LDAP server list from file. */
+#if USE_LDAP
if (!ldapfile)
{
ldapfile = make_filename (opt.homedir,
@@ -959,6 +974,7 @@ main (int argc, char **argv)
}
else
opt.ldapservers = parse_ldapserver_file (ldapfile);
+#endif /*USE_LDAP*/
#ifndef HAVE_W32_SYSTEM
/* We need to ignore the PIPE signal because the we might log to a
@@ -995,7 +1011,10 @@ main (int argc, char **argv)
log_debug ("... okay\n");
}
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
cert_cache_init ();
crl_cache_init ();
start_command_handler (ASSUAN_INVALID_FD);
@@ -1170,7 +1189,10 @@ main (int argc, char **argv)
}
#endif
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
+
cert_cache_init ();
crl_cache_init ();
#ifdef USE_W32_SERVICE
@@ -1196,7 +1218,9 @@ main (int argc, char **argv)
/* Just list the CRL cache and exit. */
if (argc)
wrong_args ("--list-crls");
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
crl_cache_init ();
crl_cache_list (es_stdout);
}
@@ -1207,7 +1231,9 @@ main (int argc, char **argv)
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
cert_cache_init ();
crl_cache_init ();
if (!argc)
@@ -1229,7 +1255,9 @@ main (int argc, char **argv)
memset (&ctrlbuf, 0, sizeof ctrlbuf);
dirmngr_init_default_ctrl (&ctrlbuf);
+#if USE_LDAP
ldap_wrapper_launch_thread ();
+#endif /*USE_LDAP*/
cert_cache_init ();
crl_cache_init ();
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
@@ -1376,7 +1404,9 @@ cleanup (void)
crl_cache_deinit ();
cert_cache_deinit (1);
+#if USE_LDAP
ldapserver_list_free (opt.ldapservers);
+#endif /*USE_LDAP*/
opt.ldapservers = NULL;
if (cleanup_socket)
@@ -1419,6 +1449,7 @@ dirmngr_init_default_ctrl (ctrl_t ctrl)
5. field: Base DN
*/
+#if USE_LDAP
static ldap_server_t
parse_ldapserver_file (const char* filename)
{
@@ -1475,7 +1506,7 @@ parse_ldapserver_file (const char* filename)
return serverstart;
}
-
+#endif /*USE_LDAP*/
static fingerprint_list_t
parse_ocsp_signer (const char *string)
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 6cf4dd6..9b4cdb2 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -36,12 +36,16 @@
#include "crlcache.h"
#include "crlfetch.h"
-#include "ldapserver.h"
+#if USE_LDAP
+# include "ldapserver.h"
+#endif
#include "ocsp.h"
#include "certcache.h"
#include "validate.h"
#include "misc.h"
-#include "ldap-wrapper.h"
+#if USE_LDAP
+# include "ldap-wrapper.h"
+#endif
#include "ks-action.h"
#include "ks-engine.h" /* (ks_hkp_print_hosttable) */
@@ -595,6 +599,7 @@ static const char hlp_ldapserver[] =
static gpg_error_t
cmd_ldapserver (assuan_context_t ctx, char *line)
{
+#if USE_LDAP
ctrl_t ctrl = assuan_get_pointer (ctx);
ldap_server_t server;
ldap_server_t *last_next_p;
@@ -613,6 +618,10 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
last_next_p = &(*last_next_p)->next;
*last_next_p = server;
return leave_cmd (ctx, 0);
+#else
+ (void)line;
+ return leave_cmd (ctx, gpg_error (GPG_ERR_NOT_IMPLEMENTED));
+#endif
}
@@ -991,17 +1000,19 @@ static int
lookup_cert_by_pattern (assuan_context_t ctx, char *line,
int single, int cache_only)
{
- ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
char *p;
strlist_t sl, list = NULL;
int truncated = 0, truncation_forced = 0;
int count = 0;
int local_count = 0;
+#if USE_LDAP
+ ctrl_t ctrl = assuan_get_pointer (ctx);
unsigned char *value = NULL;
size_t valuelen;
struct ldapserver_iter ldapserver_iter;
cert_fetch_context_t fetch_context;
+#endif /*USE_LDAP*/
int any_no_data = 0;
/* Break the line down into an STRLIST */
@@ -1060,6 +1071,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
/* Loop over all configured servers unless we want only the
certificates from the cache. */
+#if USE_LDAP
for (ldapserver_iter_begin (&ldapserver_iter, ctrl);
!cache_only && !ldapserver_iter_end_p (&ldapserver_iter)
&& ldapserver_iter.server->host && !truncation_forced;
@@ -1152,6 +1164,7 @@ lookup_cert_by_pattern (assuan_context_t ctx, char *line,
end_cert_fetch (fetch_context);
}
+#endif /*USE_LDAP*/
ready:
if (truncated || truncation_forced)
@@ -1916,7 +1929,9 @@ reset_notify (assuan_context_t ctx, char *line)
ctrl_t ctrl = assuan_get_pointer (ctx);
(void)line;
+#if USE_LDAP
ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
return 0;
}
@@ -2042,9 +2057,11 @@ start_command_handler (assuan_fd_t fd)
}
}
+#if USE_LDAP
ldap_wrapper_connection_cleanup (ctrl);
ldapserver_list_free (ctrl->server_local->ldapservers);
+#endif /*USE_LDAP*/
ctrl->server_local->ldapservers = NULL;
ctrl->server_local->assuan_ctx = NULL;
commit a13705f4c18db56765f4af31376e81241dbabebe
Author: Werner Koch
Date: Fri Oct 17 15:55:08 2014 +0200
w32: Set SYSROOT to help finding config scripts.
* autogen.sh : Set SYSROOT.
diff --git a/autogen.sh b/autogen.sh
index 31cfeeb..112d2ee 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -310,7 +310,7 @@ if [ "$myhost" = "w32" ]; then
$tsdir/configure --enable-maintainer-mode ${SILENT} \
--prefix=${w32root} \
- --host=${host} --build=${build} \
+ --host=${host} --build=${build} SYSROOT=${w32root} \
${configure_opts} ${extraoptions} "$@"
rc=$?
exit $rc
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 ++
autogen.sh | 2 +-
configure.ac | 63 ++++++++++++++++++++++++++++-----------------
dirmngr/Makefile.am | 22 +++++++++++-----
dirmngr/crlfetch.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++----
dirmngr/dirmngr.c | 39 +++++++++++++++++++++++++---
dirmngr/server.c | 23 ++++++++++++++---
7 files changed, 179 insertions(+), 43 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Oct 19 14:25:06 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 19 Oct 2014 14:25:06 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-26-g472a4a0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 472a4a0d82add2d17154fa38e0074eaea56c28c1 (commit)
via 1b8decc4767f0c55867327bdf3113204efcd19a7 (commit)
from 6d9491842d5da597980eaa59e1e3e2137965fe09 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 472a4a0d82add2d17154fa38e0074eaea56c28c1
Author: Werner Koch
Date: Sun Oct 19 14:17:23 2014 +0200
gpg: Silence "packet with obsolete versoin" warnings.
* g10/parse-packet.c (parse_key): Print warning only in very verbose
mode.
Signed-off-by: Werner Koch
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 50da17c..7787825 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1949,7 +1949,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
}
else if (version == 2 || version == 3)
{
- log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
+ if (opt.verbose > 1)
+ log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
if (list_mode)
es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
err = gpg_error (GPG_ERR_INV_PACKET);
commit 1b8decc4767f0c55867327bdf3113204efcd19a7
Author: Werner Koch
Date: Sun Oct 19 14:09:04 2014 +0200
gpg: Make card key generation work again.
* g10/call-agent.c (agent_scd_learn): Rename from agent_learn.
(agent_learn): New.
* g10/keygen.c (gen_card_key): Call new agent-learn.
--
Without a shadow key we can't create the self-signatures. Thus we
need to issue the learn command after each key generation.
Signed-off-by: Werner Koch
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 080df18..cadc02c 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -639,9 +639,9 @@ learn_status_cb (void *opaque, const char *line)
return 0;
}
-/* Call the agent to learn about a smartcard */
+/* Call the scdaemon to learn about a smartcard */
int
-agent_learn (struct agent_card_info_s *info)
+agent_scd_learn (struct agent_card_info_s *info)
{
int rc;
struct default_inq_parm_s parm;
@@ -677,6 +677,29 @@ agent_learn (struct agent_card_info_s *info)
}
+/* Call the agent to learn about the current smartcard. This is
+ currently only used to have the agent create the shadow key. */
+gpg_error_t
+agent_learn (void)
+{
+ gpg_error_t err;
+ struct default_inq_parm_s parm;
+
+ memset (&parm, 0, sizeof parm);
+
+ err = start_agent (NULL, 1);
+ if (err)
+ return err;
+
+ parm.ctx = agent_ctx;
+ err = assuan_transact (agent_ctx, "LEARN",
+ dummy_data_cb, NULL, default_inq_cb, &parm,
+ NULL, NULL);
+
+ return err;
+}
+
+
int
agent_keytocard (const char *hexgrip, int keyno, int force,
const char *serialno, const char *timestamp)
diff --git a/g10/call-agent.h b/g10/call-agent.h
index 5b4cd09..a99cac9 100644
--- a/g10/call-agent.h
+++ b/g10/call-agent.h
@@ -76,7 +76,10 @@ struct agent_card_genkey_s {
void agent_release_card_info (struct agent_card_info_s *info);
/* Return card info. */
-int agent_learn (struct agent_card_info_s *info);
+int agent_scd_learn (struct agent_card_info_s *info);
+
+/* Let the agent learn about the current card. */
+gpg_error_t agent_learn (void);
/* Update INFO with the attribute NAME. */
int agent_scd_getattr (const char *name, struct agent_card_info_s *info);
diff --git a/g10/card-util.c b/g10/card-util.c
index b5be80a..d7a6754 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -80,7 +80,7 @@ change_pin (int unblock_v2, int allow_admin)
struct agent_card_info_s info;
int rc;
- rc = agent_learn (&info);
+ rc = agent_scd_learn (&info);
if (rc)
{
log_error (_("OpenPGP card not available: %s\n"),
@@ -370,7 +370,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen)
if (serialno && serialnobuflen)
*serialno = 0;
- rc = agent_learn (&info);
+ rc = agent_scd_learn (&info);
if (rc)
{
if (opt.with_colons)
diff --git a/g10/keygen.c b/g10/keygen.c
index 8095452..e25ecc3 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4510,6 +4510,19 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root,
return err;
}
+ /* Send the learn command so that the agent creates a shadow key for
+ card key. We need to do that now so that we are able to create
+ the self-signatures. */
+ err = agent_learn ();
+ if (err)
+ {
+ /* Oops: Card removed during generation. */
+ log_error (_("OpenPGP card not available: %s\n"), gpg_strerror (err));
+ xfree (pkt);
+ xfree (pk);
+ return err;
+ }
+
if (*timestamp != info.created_at)
log_info ("NOTE: the key does not use the suggested creation date\n");
*timestamp = info.created_at;
-----------------------------------------------------------------------
Summary of changes:
g10/call-agent.c | 27 +++++++++++++++++++++++++--
g10/call-agent.h | 5 ++++-
g10/card-util.c | 4 ++--
g10/keygen.c | 13 +++++++++++++
g10/parse-packet.c | 3 ++-
5 files changed, 46 insertions(+), 6 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Oct 21 21:52:26 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 21 Oct 2014 21:52:26 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 963c8c078713bdbd1abc8174fff6075031152943
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 963c8c078713bdbd1abc8174fff6075031152943 (commit)
from f5e7a838cc7d6b84e818f014e7132d84a12927d9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 963c8c078713bdbd1abc8174fff6075031152943
Author: Werner Koch
Date: Tue Oct 21 20:54:13 2014 +0200
Reworked the donation work flow.
* web/donate/checkout-pp.org: New.
* web/donate/index.org: Add paytype radio buttons and some label tags.
* web/share/gnupg-logo-180x59tr.png: New.
* web/donate/checkout-cc.org: Improve buttons.
* web/share/site.css: Add hacks for the donation buttons.
* web/donate/donate-thanks.org: Fix a link.
* web/donate/checkout.org: Remove.
* web/donate/paypal-thx.org: Remove.
* cgi/config.rc (baseurl): New.
* cgi/procdonate.cgi: Rewrite to support Paypal.
diff --git a/cgi/config.rc b/cgi/config.rc
index 64290f2..f139b53 100644
--- a/cgi/config.rc
+++ b/cgi/config.rc
@@ -1,5 +1,6 @@
# config.rc - Configuration variables for all CGIs -*- perl -*-
+baseurl => 'https://gnupg.org'
htdocs => '/var/www/www/www.gnupg.org/htdocs/',
payprocd_socket => '/var/run/payproc/daemon',
diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index a61c75c..3b2ecf4 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -20,6 +20,7 @@ use IO::Socket::UNIX;
realpath($0) =~ /^(.*)\/.*$/;
my %config = do $1 . '/config.rc';
+my $baseurl = $config{baseurl};
my $htdocs = $config{htdocs};
my $socket_name = $config{payprocd_socket};
my $error_marker = '* error';
@@ -33,6 +34,7 @@ my $sessid = $q->param("sessid");
# Variables used in the template pages.
my $amount = "";
+my $paytype = "";
my $stripeamount = "";
my $euroamount = "";
my $currency = "";
@@ -47,6 +49,7 @@ my %errdict = ();
# Prototypes
sub fail ($);
+sub get_paypal_approval ();
# Write a template file. A template is a proper HTML file with
@@ -65,13 +68,15 @@ sub write_template ($) {
my $err_amount = '';
my $err_name = '';
my $err_mail = '';
- my $checkother = ' checked="checked"';
+ my $err_paytype = '';
+ my $check_checked = ' checked="checked"';
my $sel_eur = '';
my $sel_usd = '';
my $sel_gbp = '';
my $sel_jpy = '';
my $message_fmt;
my $publishname;
+ my $check_paytype = 'none';
# Avoid broken HTML attributes.
$amount =~ s/\x22/\x27/g;
@@ -106,6 +111,12 @@ sub write_template ($) {
$sel_jpy = ' selected="selected"';
}
+ if ( $paytype eq "cc" ) {
+ $check_paytype = "CC";
+ } elsif ( $paytype eq "pp" ) {
+ $check_paytype = "PP";
+ }
+
# Set var for the paypal button
if ( $name eq 'Anonymous' or $name eq '') {
$publishname = 'No';
@@ -119,6 +130,7 @@ sub write_template ($) {
if (/amount/) { $err_amount = $error_marker; }
elsif (/name/) { $err_name = $error_marker; }
elsif (/mail/) { $err_mail = $error_marker; }
+ elsif (/paytype/){ $err_paytype = $error_marker; }
$errorpanel = $errorpanel . "Field $_: " . $errdict{$_} . " \n"
}
@@ -128,6 +140,7 @@ sub write_template ($) {
"
\n" . $errorpanel . "
\n";
}
+
open TEMPLATE, $htdocs . $fname;
while () {
if ( //$currency\1/
|| s/(\x22\x2f>)?/$name\1/
|| s/(\x22\x2f>)?/$mail\1/
- || s/\x2f>/$checkother\x2f>/
+ || s/\x2f>/$check_checked\x2f>/
+ || s/\x2f>/$check_checked\x2f>/
|| s/(<\x2ftextarea>)?/$message\1/
|| s//$message_fmt/
|| s/(/$sel_eur>/
@@ -154,6 +168,7 @@ sub write_template ($) {
|| s//$err_amount/
|| s//$err_name/
|| s//$err_mail/
+ || s//$err_paytype/
|| s//$errorpanel/;
}
print;
@@ -179,7 +194,7 @@ sub payproc ($$)
# print STDERR "calling payproc: ", $cmd, "<-\n";
$sock = IO::Socket::UNIX->new($socket_name)
- or fail "socket: $!";
+ or fail "Error connecting to payprocd: $!";
$sock->print ($cmd, "\n");
while (($key,$value) = each %$data) {
@@ -231,7 +246,7 @@ sub payproc ($$)
}
-# Write a page with all the data inserted.
+# Write a dummy page
sub write_overload_page ()
{
print $q->header(-type=>'text/html', -charset=>'utf-8');
@@ -243,6 +258,13 @@ sub write_overload_page ()
&write_template("donate/error.html");
}
+sub write_cancel_page ()
+{
+ print $q->header(-type=>'text/html', -charset=>'utf-8');
+ print "\n";
+ &write_template("donate/paypal-can.html");
+}
+
# Write an internal error page
sub fail ($)
@@ -276,15 +298,12 @@ sub write_checkout_page ()
{
print $q->header(-type=>'text/html', -charset=>'utf-8');
print "\n";
- write_template("donate/checkout.html");
-}
-
-# Write a page with all the data inserted specific for cards.
-sub write_checkout_cc_page ()
-{
- print $q->header(-type=>'text/html', -charset=>'utf-8');
- print "\n";
- write_template("donate/checkout-cc.html");
+ if ( $paytype eq "cc" ) {
+ write_template("donate/checkout-cc.html");
+ }
+ else {
+ write_template("donate/checkout-pp.html");
+ }
}
@@ -315,6 +334,7 @@ sub check_donation ()
} else {
$currency = 'EUR';
}
+
$name = $q->param("name");
$name = 'Anonymous' if $name eq '';
$mail = $q->param("mail");
@@ -342,6 +362,13 @@ sub check_donation ()
$anyerr = 1;
}
+ # Check the payment type
+ $paytype = $q->param("paytype");
+ if ( $paytype ne "cc" and $paytype ne "pp" ) {
+ $errdict{"paytype"} = 'No payment type selected.' .
+ ' Use "Credit Card" or "PayPal".';
+ $anyerr = 1;
+ }
# Check the mail address
if ($mail ne '' and $mail !~ /\S+@\S+\.\S+/ ) {
@@ -355,18 +382,23 @@ sub check_donation ()
return;
}
-
# Now create a session.
$data{"Stripeamount"} = $stripeamount;
$data{"Euroamount"} = $euroamount;
$data{"Name"} = $name;
$data{"Mail"} = $mail;
$data{"Message"} = $message;
+ $data{"Paytype"} = $paytype;
payproc ('SESSION create', \%data ) or fail $data{"ERR_Description"};
$sessid = $data{"_SESSID"};
- # Send the checkout page.
- write_checkout_page();
+ # Send the checkout page and redirect to paypal
+ if ( $paytype eq "pp" ) {
+ get_paypal_approval ();
+ }
+ else {
+ write_checkout_page();
+ }
}
# This simply resends the main page again.
@@ -377,6 +409,7 @@ sub resend_main_page ()
payproc ('SESSION get ' . $sessid, \%data) or fail $data{"ERR_Description"};
$amount = $data{"Amount"};
$currency = $data{"Currency"};
+ $paytype = $data{"Paytype"};
$stripeamount = $data{"Stripeamount"};
$euroamount = $data{"Euroamount"};
$name = $data{"Name"};
@@ -387,41 +420,6 @@ sub resend_main_page ()
}
-# This simply resends the checkout options page.
-sub resend_card_checkout ()
-{
- my %data;
-
- payproc ('SESSION get ' . $sessid, \%data) or fail $data{"ERR_Description"};
- $amount = $data{"Amount"};
- $currency = $data{"Currency"};
- $stripeamount = $data{"Stripeamount"};
- $euroamount = $data{"Euroamount"};
- $name = $data{"Name"};
- $mail = $data{"Mail"};
- $message = $data{"Message"};
-
- write_checkout_page();
-}
-
-
-
-# This simply sends the card specific checkout page.
-sub prepare_card_checkout ()
-{
- my %data;
-
- payproc ('SESSION get ' . $sessid, \%data) or fail $data{"ERR_Description"};
- $amount = $data{"Amount"};
- $currency = $data{"Currency"};
- $stripeamount = $data{"Stripeamount"};
- $euroamount = $data{"Euroamount"};
- $mail = $data{"Mail"};
-
- write_checkout_cc_page();
-}
-
-
# This is called by FIXME
sub complete_stripe_checkout ()
{
@@ -452,7 +450,7 @@ sub complete_stripe_checkout ()
'
-#+END_HTML
-# Note: We do not want to send a
-# data-email=""
-# line to Stripe so to enable the user to use a
-# a different nail address for use with them.
-
-#+BEGIN_HTML
+
#+END_HTML
+# Note: We do not want to send a
+# data-email=""
+# line to Stripe so to enable the user to use a
+# a different mail address for use with them.
diff --git a/web/donate/checkout-pp.org b/web/donate/checkout-pp.org
new file mode 100644
index 0000000..fc8b2c9
--- /dev/null
+++ b/web/donate/checkout-pp.org
@@ -0,0 +1,50 @@
+#+TITLE: GnuPG - Donate - Checkout with PayPal
+#+STARTUP: showall
+#+SETUPFILE: "../share/setup.inc"
+
+* Donate - Checkout with PayPal
+
+ Information on your intended donation:
+
+#+BEGIN_HTML
+
+
+
Amount:
+
+
+
+
+
Name:
+
+
+
+
Mail:
+
+
+
+
Message:
+
+
+
+#+END_HTML
+
+If something is wrong, please use the /back/ button to change it. If
+the data is correct, you may complete the payment by clicking on the
+/Pay now/ button.
+
+
+#+BEGIN_HTML
+
-#+END_HTML
-
- If something is wrong, please use the back button below to change
- it. If the data is correct, you may proceed by choosing one of the
- payment options below.
-
-
- - Donate with a credit card
-
-#+BEGIN_HTML
-
- For privacy reasons a click on the button below will take you to a
- dedicated page for the credit card based checkout.
-
-
-
-
-#+END_HTML
-
- - Donate with Bitcoins
-
-#+HTML:
Coming soon
-
-
- - Donate using a Paypal account
-
-#+BEGIN_HTML
-
Use this only if you have a Paypal account.
-
(Until we have finished the restructuring
- of this payment option, you are unfortunately required to
- re-enter some of the already given data.)
-
-
-
-#+END_HTML
-
-
- - Donate using a SEPA bank transfer
-
-#+HTML:
Coming soon
-
-# #+BEGIN_HTML
-#
-# A SEPA bank transfer is possible in most European countries. We
-# will send you an account number and you simply wire the money to
-# that account.
-#
-#
-# #+END_HTML
-
-
-
-#+BEGIN_HTML
-
-#+END_HTML
diff --git a/web/donate/donate-thanks.org b/web/donate/donate-thanks.org
index 988ae21..4edf62e 100644
--- a/web/donate/donate-thanks.org
+++ b/web/donate/donate-thanks.org
@@ -6,11 +6,11 @@
*Thank you very much for your donation to our work on GnuPG.*
- Note that the [[file:kudos.org][list of donors]] is only updated every 30 minutes, thus
+ Note that the [[file:/donate/kudos.org][list of donors]] is only updated every 30 minutes, thus
have some patience until you see your name. If you did not give a
name you won?t be listed at all.
- Here is our transaction data of your payment:
+ Here are the details of your donation:
#+BEGIN_HTML
If you want to be listed on the
@@ -83,9 +98,10 @@
-
Name:
+
- (optional)
@@ -98,10 +114,11 @@
-
Mail:
+
- (optional)
+ (optional)
@@ -121,7 +138,10 @@
-
+
+
+
diff --git a/web/donate/paypal-thx.org b/web/donate/paypal-thx.org
deleted file mode 100644
index 4dcbab6..0000000
--- a/web/donate/paypal-thx.org
+++ /dev/null
@@ -1,15 +0,0 @@
-#+TITLE: GnuPG - Donate - Thank you
-#+STARTUP: showall
-#+SETUPFILE: "../share/setup.inc"
-
-* Donate - Thank you
-
- *Thank you very much for your donation to our work on GnuPG.*
-
- We will update the [[file:kudos.org][list of donors]] about once a week, thus you won?t see
- your name immediately. If you did not give a name you won?t be
- listed at all.
-
-#+BEGIN_HTML
-
\n")
+ (gpgweb--insert-submenu m selected-file)
+ (insert "
\n\n")))
+ (insert "
")))
+
(defun gpgweb-insert-footer ()
(goto-char (point-max))
(insert "
diff --git a/web/share/site.css b/web/share/site.css
index 5402f3d..9a90447 100644
--- a/web/share/site.css
+++ b/web/share/site.css
@@ -51,7 +51,6 @@ h3:first-letter {
Links
*/
-
a:link {
color: #784c6c;
font-weight: bold;
@@ -170,48 +169,152 @@ div.entry-qotd
padding-right: 2%;
}
-#leftColumn {
- float: left;
- text-align: right;
- width: 18%;
-}
-
/*
Navigation
*/
+
+/* Reset the link attributes for nav except for hover */
+nav * a:visited, a:link {
+ color: #757575;
+ font-weight: bold;
+ text-decoration: none;
+}
+
+
+/* The menu bar is centered. */
+nav {
+ text-align: left;
+ line-height: 0.4em;
+ margin-left: 5%;
+ margin-right: 5%;
+}
+
+/* Main menu list. */
nav ul {
+ display: inline-table;
list-style: none;
- font-size: 100%;
- font-family: verdana,helvetica;
- margin-bottom: 1em;
+ position: relative;
+ box-shadow: 0px 0px 9px rgba(0,0,0,0.15);
+ padding: 0 20px;
+ border-radius: 10px;
+ background: #efefef;
+}
+
+nav ul:after {
+ display: block;
+ clear: both;
+ content: "";
+}
+
+/* Main menu items. */
+nav ul li {
+ float: left;
+}
+
+nav ul li:hover {
+ background: #4b545f;
+}
+
+nav ul li:hover a {
+ color: #fff;
+}
+
+nav ul li a {
+ display: block;
+ color: #757575;
+ font-weight: bold;
+ text-decoration: none;
+ padding: 20px 30px;
}
+/* Sub-menu lists.
+ Hide unless we over hover them. */
nav ul ul {
- font-size: 80%;
+ display: none;
+ background: #5f6975;
+ border-radius: 0px;
+ padding: 0;
+ position: absolute;
+ z-index: 5;
+ top: 100%;
}
-nav * li a {
- color: #784c6c;
+nav ul li:hover > ul {
+ display: block;
}
-nav * li a:after {
- content: " \21d0";
- /* FIXME: Hide the arrow using the background color. We should use
- width or something similar to get it aligned. */
- color: #f0f0fc;
+/* Sub-menu items. */
+nav ul ul li {
+ float: none;
+ border-top: 1px solid #6b727c;
+ border-bottom: 1px solid #575f6a;
+ position: relative;
}
-nav * li a.selected:after {
- content: " \21d0";
- color: #784c6c;
+nav ul ul li a {
+ font-weight: bold;
+ color: #fff;
+ padding: 20px 30px;
}
-nav img {
- border-width: 0;
+nav ul ul li a:hover {
+ background: #4b545f;
+}
+
+
+
+/* Sub-sub-menu lists.
+ Put right to the sub-menus. */
+nav ul ul ul {
+ position: absolute;
+ z-index: 10;
+ left: 100%;
+ top: 0;
+}
+
+
+
+/* The second menu line for stop menu with sub-menus.
+ This is a non-nested list. */
+nav.subnav {
+ margin-top: -1.5em;
}
+nav.subnav ul {
+ display: inline-table;
+ list-style: none;
+ color: #757575;
+ position: relative;
+ box-shadow: 0px 0px 5px rgba(0,0,0,0.15);
+ border-radius: 6px;
+ background-color: #efefef;
+}
+
+nav.subnav ul li a {
+ display: block;
+ font-weight: normal;
+ text-decoration: none;
+ padding: 10px 20px;
+}
+
+
+/* Put selection markers arount a selected items.
+ \2009 is a \21d2 and \21d0 are arrows. */
+nav * li a.selected:before {
+ content: "\21d2\2009";
+}
+
+nav * li a.selected:after {
+ content: "\2009\21d0";
+}
+
+
+
+/*
+ The bottom menu
+ */
#nav_bottom ul {
list-style: none;
@@ -244,7 +347,6 @@ main {
float: left;
margin-left: 5%;
margin-right: 5%;
- width: 72%;
}
main ul {
@@ -269,6 +371,7 @@ div.outline-text-3 {
}
+/* Not anymore used:
#rightColumn {
float: right;
width: 18%;
@@ -282,6 +385,8 @@ div.outline-text-3 {
padding-left: 0;
margin-left: 1em;
}
+*/
+
#cpyright {
padding-top: 4em;
commit c40840527a04f7e42b2fe1df5d5780ab99e6dd6b
Author: Werner Koch
Date: Wed Oct 22 17:53:08 2014 +0200
web: Minor fixes.
diff --git a/web/donate/donate-thanks.org b/web/donate/donate-thanks.org
index 4edf62e..b53e3a0 100644
--- a/web/donate/donate-thanks.org
+++ b/web/donate/donate-thanks.org
@@ -6,7 +6,7 @@
*Thank you very much for your donation to our work on GnuPG.*
- Note that the [[file:/donate/kudos.org][list of donors]] is only updated every 30 minutes, thus
+ Note that the [[/donate/kudos.html][list of donors]] is updated every 30 minutes, thus
have some patience until you see your name. If you did not give a
name you won?t be listed at all.
diff --git a/web/download/index.org b/web/download/index.org
index 7ed4df1..b67d72f 100644
--- a/web/download/index.org
+++ b/web/download/index.org
@@ -14,7 +14,14 @@
the *gnupg* directory; to locate a /binary package/ (indicated by a
`B') follow the link to the *binary*.
- [[../donate/index.org][file:../share/btn-donate.png]]
+#+BEGIN_HTML
+
+
+
+
+#+END_HTML
The table below provides links to the location of the files on the
primary server only.
-----------------------------------------------------------------------
Summary of changes:
web/donate/donate-thanks.org | 2 +-
web/download/index.org | 9 ++-
web/share/gpgweb.el | 62 ++++++++++++-----
web/share/site.css | 153 +++++++++++++++++++++++++++++++++++-------
4 files changed, 183 insertions(+), 43 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 23 14:43:46 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 23 Oct 2014 14:43:46 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.17-4-g57f94a9
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 57f94a95bfd54bf331c66280a51abd5feeca2799 (commit)
via c143fa81462584ad39ea780908266bce3fb9a49e (commit)
via d85af2fbac956eb2a8630d1c17b53a7a8760d7a4 (commit)
from 99c8336aa6ee571c6305d121c55e987fa37e3882 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 57f94a95bfd54bf331c66280a51abd5feeca2799
Author: Werner Koch
Date: Thu Oct 23 14:42:47 2014 +0200
po: Update pl.po.
--
diff --git a/po/pl.po b/po/pl.po
index d78b928..72b4e21 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -1,13 +1,13 @@
# Polish translation for libgpg-error.
# Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc.
# This file is distributed under the same license as the libgpg-error package.
-# Jakub Bogusz , 2004-2013.
+# Jakub Bogusz , 2004-2014.
#
msgid ""
msgstr ""
-"Project-Id-Version: libgpg-error 1.12\n"
+"Project-Id-Version: libgpg-error 1.17\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-06-25 18:22+0200\n"
+"PO-Revision-Date: 2014-10-16 21:15+0200\n"
"Last-Translator: Jakub Bogusz \n"
"Language-Team: Polish \n"
"Language: pl\n"
@@ -64,7 +64,7 @@ msgid "Assuan"
msgstr "Assuan"
msgid "TLS"
-msgstr ""
+msgstr "TLS"
msgid "Any source"
msgstr "Dowolne ?r?d?o"
@@ -675,10 +675,8 @@ msgstr "Uszkodzony klucz publiczny"
msgid "Broken secret key"
msgstr "Uszkodzony klucz tajny"
-#, fuzzy
-#| msgid "Invalid digest algorithm"
msgid "Invalid MAC algorithm"
-msgstr "Niepoprawny algorytm skr?tu"
+msgstr "Niepoprawny algorytm MAC"
msgid "Operation fully cancelled"
msgstr "Operacja ca?kowicie anulowana"
@@ -728,115 +726,89 @@ msgstr "Nieparzysta liczba cyfr szesnastkowych w S-wyra?eniu"
msgid "Bad octal character in S-expression"
msgstr "B??dny znak ?semkowy w S-wyra?eniu"
-#, fuzzy
-#| msgid "Bad certificate chain"
msgid "No certificate chain"
-msgstr "B??dny ?a?cuch certyfikat?w"
+msgstr "Brak ?a?cucha certyfikat?w"
-#, fuzzy
-#| msgid "Certificate too young"
msgid "Certificate is too large"
-msgstr "Certyfikat zbyt m?ody"
+msgstr "Certyfikat jest zbyt du?y"
-#, fuzzy
-#| msgid "Invalid card"
msgid "Invalid record"
-msgstr "Niepoprawna karta"
+msgstr "Niepoprawny rekord"
msgid "The MAC does not verify"
-msgstr ""
+msgstr "Niepomy?lna weryfikacja MAC"
-#, fuzzy
-#| msgid "Unexpected tag"
msgid "Unexpected message"
-msgstr "Nieoczekiwany znacznik"
+msgstr "Nieoczekiwany komunikat"
msgid "Compression or decompression failed"
-msgstr ""
+msgstr "Kompresja lub dekompresja nie powiod?a si?"
msgid "A counter would wrap"
-msgstr ""
+msgstr "Licznik by si? przekr?ci?"
msgid "Fatal alert message received"
-msgstr ""
+msgstr "Otrzymano komunikat alarmu krytycznego"
-#, fuzzy
-#| msgid "Invalid cipher algorithm"
msgid "No cipher algorithm"
-msgstr "Niepoprawny algorytm szyfru"
+msgstr "Brak algorytmu szyfru"
-#, fuzzy
-#| msgid "Missing issuer certificate"
msgid "Missing client certificate"
-msgstr "Brak certyfikatu wystawcy"
+msgstr "Brak certyfikatu klienta"
-#, fuzzy
-#| msgid "Certificate revoked"
msgid "Close notification received"
-msgstr "Certyfikat anulowany"
+msgstr "Otrzymano powiadomienie o zamkni?ciu"
-#, fuzzy
-#| msgid "Key expired"
msgid "Ticket expired"
-msgstr "Klucz wygas?"
+msgstr "Bilet wygas?"
-#, fuzzy
-#| msgid "Bad public key"
msgid "Bad ticket"
-msgstr "B??dny klucz publiczny"
+msgstr "B??dny bilet"
-#, fuzzy
-#| msgid "Unknown packet"
msgid "Unknown identity"
-msgstr "Nieznany pakiet"
+msgstr "Nieznana to?samo??"
-#, fuzzy
-#| msgid "Bad certificate chain"
msgid "Bad certificate message in handshake"
-msgstr "B??dny ?a?cuch certyfikat?w"
+msgstr "B??dny komunikat certyfikatu przy powitaniu"
msgid "Bad certificate request message in handshake"
-msgstr ""
+msgstr "B??dny komunikat ??dania certyfikatu przy powitaniu"
msgid "Bad certificate verify message in handshake"
-msgstr ""
+msgstr "B??dny komunikat weryfikacji certyfikatu przy powitaniu"
msgid "Bad change cipher messsage in handshake"
-msgstr ""
+msgstr "B??dny komunikat zmiany szyfru przy powitaniu"
msgid "Bad client hello message in handshake"
-msgstr ""
+msgstr "B??dny komunikat przywitania klienta w powitaniu"
msgid "Bad server hello message in handshake"
-msgstr ""
+msgstr "B??dny komunikat przywitania serwera w powitaniu"
msgid "Bad server hello done message in hanshake"
-msgstr ""
+msgstr "B??dny komunikat zako?czenia przywitania serwera w powitaniu"
msgid "Bad finished message in handshake"
-msgstr ""
+msgstr "B??dny komunikat zako?czenia w powitaniu"
msgid "Bad server key exchange message in handshake"
-msgstr ""
+msgstr "B??dny komunikat wymiany klucza serwera w powitaniu"
msgid "Bad client key exchange message in handshake"
-msgstr ""
+msgstr "B??dny komunikat wymiany klucza klienta w powitaniu"
msgid "Bogus string"
-msgstr ""
+msgstr "Fa?szywy ?a?cuch"
-#, fuzzy
-#| msgid "Key expired"
msgid "Key disabled"
-msgstr "Klucz wygas?"
+msgstr "Klucz dezaktywowany"
msgid "Not possible with a card based key"
-msgstr ""
+msgstr "Niemo?liwe przy u?yciu klucza opartego na karcie"
-#, fuzzy
-#| msgid "Invalid object"
msgid "Invalid lock object"
-msgstr "Niepoprawny obiekt"
+msgstr "Niepoprawny obiekt blokady"
msgid "General IPC error"
msgstr "B??d og?lny IPC"
commit c143fa81462584ad39ea780908266bce3fb9a49e
Author: Daniel Kahn Gillmor
Date: Sun Oct 19 07:39:58 2014 -0400
add lock-obj header for or1k-unknown-linux-gnu
* src/syscfg/lock-obj-pub.or1k-unknown-linux-gnu.h: new
--
This architecture-specific header information was sourced from
* Add to Makefile. -wk
diff --git a/src/Makefile.am b/src/Makefile.am
index efc5970..903feae 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -52,9 +52,11 @@ lock_obj_pub = \
syscfg/lock-obj-pub.i486-pc-gnu.h \
syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h \
syscfg/lock-obj-pub.i486-pc-linux-gnu.h \
+ syscfg/lock-obj-pub.i586-pc-linux-gnu.h \
syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h \
syscfg/lock-obj-pub.mips-unknown-linux-gnu.h \
syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h \
+ syscfg/lock-obj-pub.or1k-unknown-linux-gnu.h \
syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h \
syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h \
syscfg/lock-obj-pub.powerpc64le-unknown-linux-gnu.h \
@@ -68,7 +70,6 @@ lock_obj_pub = \
syscfg/lock-obj-pub.mingw32.h
-
lib_LTLIBRARIES = libgpg-error.la
nodist_include_HEADERS = gpg-error.h
bin_SCRIPTS = gpg-error-config
diff --git a/src/syscfg/lock-obj-pub.or1k-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.or1k-unknown-linux-gnu.h
new file mode 100644
index 0000000..60eadab
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.or1k-unknown-linux-gnu.h
@@ -0,0 +1,24 @@
+## lock-obj-pub.or1k-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+ long _vers;
+ union {
+ volatile char _priv[32];
+ long _x_align;
+ long *_xp_align;
+ } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+ 0,0,0,0,0,0,0,0, \
+ 0,0,0,0,0,0,0,0, \
+ 0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
commit d85af2fbac956eb2a8630d1c17b53a7a8760d7a4
Author: Daniel Kahn Gillmor
Date: Sun Oct 19 07:39:57 2014 -0400
add lock-obj for new arch triplet for x86
* src/sysconfig/lock-obj-pub.i586-pc-linux-gnu.h: New.
--
Helmut Grohne writes:
Observe that the detected GNU triplet is now i586-pc-linux-gnu (gcc
bumped it from i486-pc-linux-gnu recently), so the corresponding lock
obj header in the syscfg folder needs to be moved or linked.
Debian-Bug-Id: 764881
diff --git a/src/syscfg/lock-obj-pub.i586-pc-linux-gnu.h b/src/syscfg/lock-obj-pub.i586-pc-linux-gnu.h
new file mode 100644
index 0000000..fc2d132
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.i586-pc-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.i586-pc-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+ long _vers;
+ union {
+ volatile char _priv[24];
+ long _x_align;
+ long *_xp_align;
+ } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+ 0,0,0,0,0,0,0,0, \
+ 0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
-----------------------------------------------------------------------
Summary of changes:
po/pl.po | 94 +++++++-------------
src/Makefile.am | 3 +-
...inux-gnu.h => lock-obj-pub.i586-pc-linux-gnu.h} | 2 +-
...x32.h => lock-obj-pub.or1k-unknown-linux-gnu.h} | 2 +-
4 files changed, 37 insertions(+), 64 deletions(-)
copy src/syscfg/{lock-obj-pub.i486-pc-linux-gnu.h => lock-obj-pub.i586-pc-linux-gnu.h} (92%)
copy src/syscfg/{lock-obj-pub.x86_64-pc-linux-gnux32.h => lock-obj-pub.or1k-unknown-linux-gnu.h} (92%)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 23 16:17:59 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 23 Oct 2014 16:17:59 +0200
Subject: [git] gnupg-doc - branch, master,
updated. a7039ec0e421612774be6c187009ab1996b564b3
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via a7039ec0e421612774be6c187009ab1996b564b3 (commit)
from 4d041c746de894c15ecdf728dd9d8bb9b7f716b2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a7039ec0e421612774be6c187009ab1996b564b3
Author: Werner Koch
Date: Thu Oct 23 13:56:22 2014 +0200
web: Minor cleanups.
diff --git a/web/donate/donate-thanks.org b/web/donate/donate-thanks.org
index b53e3a0..d370aa2 100644
--- a/web/donate/donate-thanks.org
+++ b/web/donate/donate-thanks.org
@@ -6,7 +6,7 @@
*Thank you very much for your donation to our work on GnuPG.*
- Note that the [[/donate/kudos.html][list of donors]] is updated every 30 minutes, thus
+ Note that the [[https://www.gnupg.org/donate/kudos.html][list of donors]] is updated every 30 minutes, thus
have some patience until you see your name. If you did not give a
name you won?t be listed at all.
diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index 2e6e151..df875e4 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -25,31 +25,33 @@
** Donation summary
-#+HTML:
In
-#+HTML: October 2014
-#+HTML:we received
-#+HTML: 2
-#+HTML:donations of
-#+HTML: 28 Euro
-#+HTML:. For the entire year we
-#+HTML:received a total of
-#+HTML: 52 Euro
-#+HTML:from
-#+HTML: 28
-#+HTML:donations. Note that these numbers are only for donations via Stripe
-#+HTML:(credit card) and do not yet account for those received via Paypal.
-#+HTML:
+#+BEGIN_HTML
+
In
+ this month
+we received
+ N
+donations of
+ X Euro
+.
+In this year we received
+ M
+donations of
+ Y Euro
+.
+
+#+END_HTML
+Donations for the previous years:
+
| Year | # | \EUR | net \EUR |
| | | | |
|------+-----+-------+----------|
| 2011 | 21 | 553 | 465 |
| 2012 | 53 | 5991 | 4963 |
| 2013 | 148 | 5041 | 4145 |
-| 2014 | 102 | 4742 | 3985 |
|------+-----+-------+----------|
-| | | 16327 | 13558 |
+| | | 11585 | 9573 |
#+TBLFM: $LR3=vsum(@I.. at II)::$LR4=vsum(@I.. at II)
# In 2014 without the 32641.27 (27429.64) from the Goteo campaign
@@ -57,7 +59,6 @@
#+HTML:
The "net" column gives the actual value without VAT and credit card
fees.\\
-Last update: 2014-10-07
#+HTML:
* Hardware and service donations
diff --git a/web/download/index.org b/web/download/index.org
index b67d72f..09483d2 100644
--- a/web/download/index.org
+++ b/web/download/index.org
@@ -9,7 +9,7 @@
* Download
We suggest that you download the GNU Privacy Guard from a mirror
- site close to you. See our [[mirrors.org][list of mirrors]] . To locate a /source
+ site close to you. See our [[file:mirrors.org][list of mirrors]] . To locate a /source
package/ (indicated by an `S') on a mirror, follow the link to
the *gnupg* directory; to locate a /binary package/ (indicated by a
`B') follow the link to the *binary*.
diff --git a/web/download/mirrors.org b/web/download/mirrors.org
index 36f275a..bd24488 100644
--- a/web/download/mirrors.org
+++ b/web/download/mirrors.org
@@ -1,129 +1,48 @@
#+TITLE: GnuPG - FTP Mirrors
#+STARTUP: showall
#+SETUPFILE: "../share/setup.inc"
+#+macro: rsync @@html:rsync@@
* FTP Mirrors
The primary FTP site [[ftp://ftp.gnupg.org/gcrypt/][ftp.gnupg.org]] is mirrored at several
sites. Please choose the nearest mirror to you. If you are seeking for
-web site mirrors, please consult the [[../mirrors.en.html][WWW mirror page]] .
-
-
-** Africa
-
-
-** The Americas
-
-*** Canada
-
- - [[http://www.gnupg.ca/][GnuPG.ca]] (2/day) ::
- [[ftp://ftp.gnupg.ca/][ftp://ftp.gnupg.ca/]]
-
-** Australia
-
-
-** Asia
-
-*** Japan
-
- - [[http://www.ring.gr.jp/][Ring]] ::
- [[ftp://ftp.ring.gr.jp/pub/net/gnupg/]] \\
- [[http://www.ring.gr.jp/pub/net/gnupg/][http://www.ring.gr.jp/pub/net/gnupg/]]
-
-
-** Europe
-
-*** Austria
-
- - [[http://gd.tuwien.ac.at/][TU Wien]] ::
- [[ftp://gd.tuwien.ac.at/privacy/gnupg/][ftp://gd.tuwien.ac.at/privacy/gnupg/]] \\
- [[http://gd.tuwien.ac.at/privacy/gnupg/][http://gd.tuwien.ac.at/privacy/gnupg/]]
-
-*** Denmark
-
- - [[http://dotsrc.org/][dotsrc.org]] (daily) ::
- [[ftp://mirrors.dotsrc.org/gcrypt/][ftp://mirrors.dotsrc.org/gcrypt/]] \\
- [[http://mirrors.dotsrc.org/gcrypt/][http://mirrors.dotsrc.org/gcrypt/]]
-
-*** Finland
-
- - [[http://www.jyu.fi/][JYU]] ::
- [[ftp://ftp.jyu.fi/pub/crypt/gcrypt/][ftp://ftp.jyu.fi/pub/crypt/gcrypt/]]
-
-*** France
-
- - [[http://mirror.cict.fr/][CICT Mirror (Universite Paul Sabatier), TOULOUSE]] (1/day) ::
- [[ftp://mirror.cict.fr/gnupg/][ftp://mirror.cict.fr/gnupg/]]
-
-*** Germany
-
- - [[http://www.artfiles.de][Artfiles New Media GmbH]] (daily) ::
- [[http://artfiles.org/gnupg.org][http://artfiles.org/gnupg.org]]
-
- - [[http://www.franken.de/][Franken]] (daily) ::
- [[ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/][ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/]]
-
- - [[http://www.freenet.de/][Freenet.de]] ::
- [[ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/][ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/]]
-
-*** Hungary
-
- - [[http://www.crysys.hu/][CrySyS Lab., BUTE]] (daily) ::
- [[ftp://ftp.crysys.hu/pub/gnupg/][ftp://ftp.crysys.hu/pub/gnupg/]]
-
-*** Iceland
-
- - [[http://www.hi.is/][HI]] ::
- [[ftp://ftp.hi.is/pub/mirrors/gnupg/][ftp://ftp.hi.is/pub/mirrors/gnupg/]]
-
-*** Ireland
-
- - [[http://ftp.heanet.ie/about/][HEAnet]] (4/day) ::
- [[ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/]] \\
- [[http://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][http://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/]] \\
- [[rsync://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/]]
-
-*** Netherlands
-
- - [[http://www.bit.nl/][BIT]] ::
- [[ftp://ftp.bit.nl/mirror/gnupg/][ftp://ftp.bit.nl/mirror/gnupg/]]
-
- - [[http://www.demon.nl/][Demon]] ::
- [[ftp://ftp.demon.nl/pub/mirrors/gnupg/][ftp://ftp.demon.nl/pub/mirrors/gnupg/]]
-
- - [[http://www.surfnet.nl/][SurfNet]] ::
- [[ftp://ftp.surfnet.nl/pub/security/gnupg/][ftp://ftp.surfnet.nl/pub/security/gnupg/]]
-
-*** Portugal
-
- - [[http://5coluna.com][5? Coluna]] (2/day) ::
- [[http://dist.gnupg.pt/][http://dist.gnupg.pt/]]
-
-*** Romania
-
- - [[http://www.iasi.roedu.net/][Romanian Education Network, Iasi Branch]] ::
- [[ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/][ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/]]
-
-*** Sweden
-
- - [[http://archive.sunet.se/][Sunet]] ::
- [[ftp://ftp.sunet.se/pub/security/gnupg/][ftp://ftp.sunet.se/pub/security/gnupg/]]
-
-*** Switzerland
-
- - [[http://mirror.switch.ch/][SWITCHmirror]] ::
- [[ftp://mirror.switch.ch/mirror/gnupg/][ftp://mirror.switch.ch/mirror/gnupg/]]
-
-*** United Kingdom
-
- - [[http://gnupg.org.favoritelinks.net/][favoritelinks]] (daily) ::
- [[http://gnupg.org.favoritelinks.net/]]
-
- - [[http://mirror.tje.me.uk/][mirror.tje.me.uk]] (4/day) ::
- [[ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org][ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org]]
- [[http://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/][http://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/]]
-
- - [[http://www.mirrorservice.org/][UK Mirror Service]] ::
- [[ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt][ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt]] \\
- [[http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt][http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt]] \\
- [[rsync://rsync.mirrorservice.org/ftp.gnupg.org/gcrypt/]]
+web site mirrors, please consult the [[../mirrors.html][WWW mirror page]] .
+
+ | Country | Organisation | Links | Sync |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | The Americas | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | Canada | [[http://www.gnupg.ca/][GnuPG.ca]] | [[ftp://ftp.gnupg.ca/][ftp]] | 2/day |
+ | | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | Asia | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | Japan | [[http://www.ring.gr.jp/][Ring]] | [[ftp://ftp.ring.gr.jp/pub/net/gnupg/][ftp]] [[http://www.ring.gr.jp/pub/net/gnupg/][http]] | |
+ | | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | Europe | | | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
+ | Austria | [[http://gd.tuwien.ac.at/][TU Wien]] | [[ftp://gd.tuwien.ac.at/privacy/gnupg/][ftp]] [[http://gd.tuwien.ac.at/privacy/gnupg/][http]] | |
+ | Denmark | [[http://dotsrc.org/][dotsrc.org]] | [[ftp://mirrors.dotsrc.org/gcrypt/][ftp]] [[http://mirrors.dotsrc.org/gcrypt/][http]] | daily |
+ | Finland | [[http://www.jyu.fi/][JYU]] | [[ftp://ftp.jyu.fi/pub/crypt/gcrypt/][ftp]] | |
+ | France | [[http://mirror.cict.fr/][CICT Mirror, Toulouse]] | [[ftp://mirror.cict.fr/gnupg/][ftp]] | daily |
+ | Germany | [[http://www.artfiles.de][Artfiles New Media GmbH]] | [[http://artfiles.org/gnupg.org][http]] | daily |
+ | | [[http://www.franken.de/][Franken]] | [[ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/][ftp]] | daily |
+ | | [[http://www.freenet.de/][Freenet.de]] | [[ftp://ftp.freenet.de/pub/ftp.gnupg.org/gcrypt/][ftp]] | |
+ | Hungary | [[http://www.crysys.hu/][CrySyS Lab., Bute]] | [[ftp://ftp.crysys.hu/pub/gnupg/][ftp]] | daily |
+ | Iceland | [[http://www.hi.is/][HI]] | [[ftp://ftp.hi.is/pub/mirrors/gnupg/][ftp]] | |
+ | Ireland | [[http://ftp.heanet.ie/about/][HEAnet]] | [[ftp://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][ftp]] [[http://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/][http]] {{{rsync(rsync://ftp.heanet.ie/mirrors/ftp.gnupg.org/gcrypt/)}}} | 4/day |
+ | Netherlands | [[http://www.bit.nl/][BIT]] | [[ftp://ftp.bit.nl/mirror/gnupg/][ftp]] | |
+ | | [[http://www.demon.nl/][Demon]] | [[ftp://ftp.demon.nl/pub/mirrors/gnupg/][ftp]] | |
+ | | [[http://www.surfnet.nl/][SurfNet]] | [[ftp://ftp.surfnet.nl/pub/security/gnupg/][ftp]] | |
+ | Portugal | [[http://5coluna.com][5? Coluna]] | [[http://dist.gnupg.pt/][http]] | 2/day |
+ | Romania | [[http://www.iasi.roedu.net/][Romanian Edu., Iasi Branch]] | [[ftp://ftp.iasi.roedu.net/pub/mirrors/ftp.gnupg.org/][ftp]] | |
+ | Sweden | [[http://archive.sunet.se/][Sunet]] | [[ftp://ftp.sunet.se/pub/security/gnupg/][ftp]] | |
+ | Switzerland | [[http://mirror.switch.ch/][SWITCHmirror]] | [[ftp://mirror.switch.ch/mirror/gnupg/][ftp]] | |
+ | United Kingdom | [[http://gnupg.org.favoritelinks.net/][favoritelinks]] | [[http://gnupg.org.favoritelinks.net/][http]] | daily |
+ | | [[http://mirror.tje.me.uk/][mirror.tje.me.uk]] | [[ftp://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org][ftp]] [[http://mirror.tje.me.uk/pub/mirrors/ftp.gnupg.org/][http]] | 4/day |
+ | | [[http://www.mirrorservice.org/][UK Mirror Service]] | [[ftp://ftp.mirrorservice.org/sites/ftp.gnupg.org/gcrypt][ftp]] [[http://www.mirrorservice.org/sites/ftp.gnupg.org/gcrypt][http]] {{{rsync(rsync://rsync.mirrorservice.org/ftp.gnupg.org/gcrypt/)}}} | |
+ |----------------+----------------------------+-------------------------------------------------------------------------------+-------|
diff --git a/web/index.org b/web/index.org
index ba5462b..b9eb450 100644
--- a/web/index.org
+++ b/web/index.org
@@ -58,7 +58,7 @@ all [[file:news.org][news of previous years]] is also available.
** A beta for GnuPG 2.1.0 released (2014-10-03)
-A beta beta release for the forthcoming GnuPG 2.1 version is now
+A beta release for the forthcoming GnuPG 2.1 version is now
available. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000357.html][{more}]]
** GPA 0.95 released
diff --git a/web/mirrors.org b/web/mirrors.org
index ee9d0a2..87633c5 100644
--- a/web/mirrors.org
+++ b/web/mirrors.org
@@ -4,79 +4,38 @@
* WWW Mirrors
-The primary HTTP site [[https://www.gnupg.org/][GnuPG.org]] is mirrored at several sites. Please
-choose the nearest mirror to you. If you are seeking for sources and
-binaries, please consult the [[download/mirrors.en.html][FTP mirror page]] under the [[download][Download]]
-section.
-
-** Africa
-
-** The Americas
-
-*** Canada
-
- - [[http://www.gnupg.ca/][GnuPG.ca]] (2/day) ::
- [[http://www.gnupg.ca/][http://www.gnupg.ca/]]
-
- - [[http://www.raffsoftware.com/][RaffSoftware]] (1/day) ::
- [[http://gnupg.raffsoftware.com/][http://gnupg.raffsoftware.com/]]
-
- - [[http://www.parentinginformed.com/][www.parentinginformed.com]] (2/day) ::
- [[http://gnupg.parentinginformed.com/][http://gnupg.parentinginformed.com/]]
-
-** Australia
-
-
-** Asia
-
-*** Korea
-
- - [[http://www.snu.ac.kr/][SNU]] (weekly) ::
- [[http://musicone.snu.ac.kr/webmirror/gnupg/][http://musicone.snu.ac.kr/webmirror/gnupg/]]
-
-
-** Europe
-
-*** Austria
-
- - [[http://gd.tuwien.ac.at/][TU Wien]] ::
- [[http://gd.tuwien.ac.at/www.gnupg.org/]]
-
-*** Czechia
-
- - [[http://www.gnupg.cz/][GnuPG.cz]] ::
- [[http://www.gnupg.cz/][http://www.gnupg.cz/]]
-
-*** Denmark
-
- - [[http://www.gnupg.dk/][GnuPG.dk]] ::
- [[http://www.gnupg.dk/][http://www.gnupg.dk/]]
-
-*** France
-
- - [[http://mirror.cict.fr/][CICT Mirror (Universite Paul Sabatier),TOULOUSE]] (1/day) ::
- [[http://gnupg.cict.fr/][http://gnupg.cict.fr/]]
-
-*** Hungary
-
- - [[http://www.crysys.hu/][CrySyS Lab., BUTE]] (daily) ::
- [[http://gnupg.mirrors.crysys.hu/][http://gnupg.mirrors.crysys.hu/]]
-
-*** Portugal
-
- - [[http://5coluna.com][5? Coluna]] (2/day) ::
- [[http://mirror.gnupg.pt/][http://mirror.gnupg.pt/]]
-
-*** Sweden
-
- - [[http://archive.sunet.se/][Sunet]] ::
- [[http://gnupg.archive.sunet.se/][http://gnupg.archive.sunet.se/]]
-
-*** United Kingdom
-
- - [[http://mirror.tje.me.uk/][mirror.tje.me.uk]] (4/day) ::
- [[ftp://mirror.tje.me.uk/pub/mirrors/www.gnupg.org][ftp://mirror.tje.me.uk/pub/mirrors/www.gnupg.org]] \\
- [[http://mirror.tje.me.uk/pub/mirrors/www.gnupg.org/][http://mirror.tje.me.uk/pub/mirrors/www.gnupg.org/]]
-
- - [[http://www.mirrorservice.org/][UK Mirror Service]] ::
- [[http://www.mirrorservice.org/sites/www.gnupg.org/][http://www.mirrorservice.org/sites/www.gnupg.org/]]
+The primary HTTP site [[https://www.gnupg.org/][GnuPG.org]] is mirrored at several sites. Note
+that some features of this site will not work on the mirrors. If you
+are seeking mirrors for source or binary packages, please consult the
+[[https://www.gnupg.org/download/mirrors.html][FTP mirror page]] under the [[download/index.html][Download]] section.
+
+
+ | Country | Organisation | Links | Sync |
+ |----------------+-----------------------+-----------+--------|
+ | | | | |
+ |----------------+-----------------------+-----------+--------|
+ | The Americas | | | |
+ |----------------+-----------------------+-----------+--------|
+ | Canada | [[http://www.gnupg.ca/][GnuPG.ca]] | [[http://www.gnupg.ca/][http]] | 2/day |
+ | | [[http://www.raffsoftware.com/][RaffSoftware]] | [[http://gnupg.raffsoftware.com/][http]] | daily |
+ | | [[http://www.parentinginformed.com/][parentinginformed]] | [[http://gnupg.parentinginformed.com/][http]] | 2/day |
+ | | | | |
+ |----------------+-----------------------+-----------+--------|
+ | Asia | | | |
+ |----------------+-----------------------+-----------+--------|
+ | Korea | [[http://www.snu.ac.kr/][SNU]] | [[http://musicone.snu.ac.kr/webmirror/gnupg/][http]] | weekly |
+ | | | | |
+ |----------------+-----------------------+-----------+--------|
+ | Europe | | | |
+ |----------------+-----------------------+-----------+--------|
+ | Austria | [[http://gd.tuwien.ac.at/][TU Wien]] | [[http://gd.tuwien.ac.at/www.gnupg.org/][http]] | |
+ | Czechia | [[http://www.gnupg.cz/][GnuPG.cz]] | [[http://www.gnupg.cz/][http]] | |
+ | Denmark | [[http://www.gnupg.dk/][GnuPG.dk]] | [[http://www.gnupg.dk/][http]] | |
+ | France | [[http://mirror.cict.fr/][CICT Mirror, Toulouse]] | [[http://gnupg.cict.fr/][http]] | daily |
+ | Hungary | [[http://www.crysys.hu/][CrySyS Lab., Bute]] | [[http://gnupg.mirrors.crysys.hu/][http]] | daily |
+ | Portugal | [[http://5coluna.com][5? Coluna]] | [[http://mirror.gnupg.pt/][http]] | 2/day |
+ | Sweden | [[http://archive.sunet.se/][Sunet]] | [[http://gnupg.archive.sunet.se/][http]] | |
+ | United Kingdom | [[http://mirror.tje.me.uk/][mirror.tje.me.uk]] | [[http://mirror.tje.me.uk/pub/mirrors/www.gnupg.org/][http]] [[ftp://mirror.tje.me.uk/pub/mirrors/www.gnupg.org][ftp]] | 4/day |
+ | | [[http://www.mirrorservice.org/][UK Mirror Service]] | [[http://www.mirrorservice.org/sites/www.gnupg.org/][http]] | |
+ | | | | |
+ |----------------+-----------------------+-----------+--------|
diff --git a/web/share/ox-gpgweb.el b/web/share/ox-gpgweb.el
index e1dfded..a48985c 100644
--- a/web/share/ox-gpgweb.el
+++ b/web/share/ox-gpgweb.el
@@ -1618,9 +1618,9 @@ INFO is a plist holding contextual information. See
(funcall link-org-files-as-html-maybe raw-path info))
;; If file path is absolute, prepend it with protocol
;; component - "file:".
- (cond
- ((file-name-absolute-p raw-path)
- (setq raw-path (concat "file:" raw-path))))
+ ;(cond
+ ; ((file-name-absolute-p raw-path)
+ ; (setq raw-path (concat "file:" raw-path))))
;; Add search option, if any. A search option can be
;; relative to a custom-id or a headline title. Append
;; a hash sign to any unresolved option, as it might point
-----------------------------------------------------------------------
Summary of changes:
web/donate/donate-thanks.org | 2 +-
web/donate/kudos.org | 35 ++++-----
web/download/index.org | 2 +-
web/download/mirrors.org | 161 +++++++++++-------------------------------
web/index.org | 2 +-
web/mirrors.org | 111 +++++++++--------------------
web/share/ox-gpgweb.el | 6 +-
7 files changed, 99 insertions(+), 220 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 23 21:28:03 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 23 Oct 2014 21:28:03 +0200
Subject: [git] gnupg-doc - branch, master,
updated. d2b7b4faa1d7ffb1e3db1c3d82c4f00c21223cf8
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via d2b7b4faa1d7ffb1e3db1c3d82c4f00c21223cf8 (commit)
via cd08871286c7802ea010d179d7b54cc0197cda53 (commit)
from a7039ec0e421612774be6c187009ab1996b564b3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d2b7b4faa1d7ffb1e3db1c3d82c4f00c21223cf8
Author: Werner Koch
Date: Thu Oct 23 21:28:15 2014 +0200
faq: Use tables for the MUA capabilities.
diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org
index e442dcd..db0c7fa 100644
--- a/web/faq/gnupg-faq.org
+++ b/web/faq/gnupg-faq.org
@@ -642,75 +642,57 @@ although in a different way than the EFF.
Many email clients offer strong GnuPG integration.
+The column ?Active? in the tables below indicate whether the software
+os actively developed.
** ? Microsoft Windows?
:PROPERTIES:
:CUSTOM_ID: email_clients_win32
:END:
+| Name | Plugins | GnuPG | PGP/MIME | Active | see |
+|-------------+----------------+----------+----------+--------+-----|
+| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) |
+| Kontact | native | 1.4, 2.0 | yes | yes | (2) |
+| Claws-Mail | yes (internal) | 1.4, 2.0 | yes | yes | (3) |
-- Thunderbird
- - Plugin? :: Yes, via [[http://enigmail.net][Enigmail]]
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- With the Enigmail plugin, Thunderbird becomes one of the most
- popular GnuPG-aware email clients. it?s under active development
- and is compatible with the latest Thunderbird releases, with a
- friendly and welcoming user community.
+(1) With the Enigmail plugin, Thunderbird becomes one of the most
+ popular GnuPG-aware email clients. it?s under active development
+ and is compatible with the latest Thunderbird releases, with a
+ friendly and welcoming user community.
-- Kontact
- - Plugin? :: No (natively supported)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- Kontact is KDE?s integrated personal information manager of KDE. It runs anywhere that KDE does, and even on some mobile devices as Kontact Touch.
+(2) Kontact is KDE?s integrated personal information manager of KDE.
+ It runs anywhere that KDE does, and even on some mobile devices as
+ Kontact Touch.
+
+(3) Claws-Mail for Windows is included in the [[http://www.gpg4win.org][Gpg4win]] installer.
-- Claws-Mail
- - Plugin? :: Yes (internal plugin)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- Claws-Mail for Windows is included in the [[http://www.gpg4win.org][Gpg4win]] installer.
** ? Mac OS X?
:PROPERTIES:
:CUSTOM_ID: email_clients_osx
:END:
-- Thunderbird
- - Plugin? :: Yes, via [[http://enigmail.net][Enigmail]]
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- With the Enigmail plugin, Thunderbird becomes one of the most
- popular GnuPG-aware email clients. it?s under active development
- and is compatible with the latest Thunderbird releases, with a
- friendly and welcoming user community.
-
-- Gnus
- - Plugin? :: Yes, via [[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- EasyPG is part of Emacs 23, proper. Thus there is no more need
- to install the plugin. See the Gnus manual for configuration hints.
-
-- Mutt
- - Plugin? :: No (natively supported)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- For best experience make sure to put ~set crypt_use_gpgme~ in your
- =~/.muttrc= file.
-
-- Apple Mail
- - Plugin? :: Yes, via [[http://www.gpgtools.org][GPGtools]]
- - Supports GnuPG versions :: 2.0
- - Supports PGP/MIME :: No
- - Actively developed :: Yes
- PGP/MIME support in Apple Mail+GPGtools is not absent, just
- temporarily broken.
+| Name | Plugins | GnuPG | PGP/MIME | Active | see |
+|-------------+----------------+----------+----------+--------+-----|
+| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) |
+| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | 1.4, 2.0 | yes | yes | (2) |
+| Mutt | native | 1.4, 2.0 | yes | yes | (3) |
+| Apple Mail | yes ([[http://www.gpgtools.org][GPGtools]]) | 2.0 | no | yes | (4) |
+
+(1) With the Enigmail plugin, Thunderbird becomes one of the most
+ popular GnuPG-aware email clients. it?s under active development
+ and is compatible with the latest Thunderbird releases, with a
+ friendly and welcoming user community.
+
+(2) EasyPG is part of Emacs 23, proper. Thus there is no more need to
+ install the plugin. See the Gnus manual for configuration hints.
+
+(3) For best experience make sure to put ~set crypt_use_gpgme~ in your
+ =~/.muttrc= file.
+
+(4) PGP/MIME support in Apple Mail+GPGtools is not absent, just
+ temporarily broken.
** ? Linux or FreeBSD?
@@ -718,52 +700,29 @@ Many email clients offer strong GnuPG integration.
:CUSTOM_ID: email_clients_linux
:END:
-- Thunderbird
- - Plugin? :: Yes, via [[http://enigmail.net][Enigmail]]
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- With the Enigmail plugin, Thunderbird becomes one of the most
- popular GnuPG-aware email clients. it?s under active development
- and is compatible with the latest Thunderbird releases, with a
- friendly and welcoming user community.
-
-- Gnus
- - Plugin? :: Yes, via [[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- EasyPG is part of Emacs 23, proper. Thus there is no more need
- to install the plugin. See the Gnus manual for configuration hints.
-
-- Mutt
- - Plugin? :: No (natively supported)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- For best experience make sure to put ~set crypt_use_gpgme~ in your
- =~/.muttrc= file.
-
-- Kontact
- - Plugin? :: No (natively supported)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
- Kontact is KDE?s integrated personal information manager of KDE. It
- runs anywhere that KDE does, and even on some mobile devices as
- Kontact Touch.
-
-- Evolution
- - Plugin? :: No (natively supported)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
-
-- Claws-Mail
- - Plugin? :: Yes (internal plugin)
- - Supports GnuPG versions :: 1.4, 2.0
- - Supports PGP/MIME :: Yes
- - Actively developed :: Yes
+| Name | Plugins | GnuPG | PGP/MIME | Active | see |
+|-------------+----------------+----------+----------+--------+-----|
+| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) |
+| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | 1.4, 2.0 | yes | yes | (2) |
+| Mutt | native | 1.4, 2.0 | yes | yes | (3) |
+| Kontact | native | 1.4, 2.0 | yes | yes | (4) |
+| Evolution | native | 1.4, 2.0 | yes | yes | |
+| Claws-Mail | yes (internal) | 1.4, 2.0 | yes | yes | |
+
+(1) With the Enigmail plugin, Thunderbird becomes one of the most
+ popular GnuPG-aware email clients. it?s under active development
+ and is compatible with the latest Thunderbird releases, with a
+ friendly and welcoming user community.
+
+(2) EasyPG is part of Emacs 23, proper. Thus there is no more need to
+ install the plugin. See the Gnus manual for configuration hints.
+
+(3) For best experience make sure to put ~set crypt_use_gpgme~ in your
+ =~/.muttrc= file.
+
+(4) Kontact is KDE?s integrated personal information manager of KDE.
+ It runs anywhere that KDE does, and even on some mobile devices as
+ Kontact Touch.
* Is GnuPG available as a ?portable app??
:PROPERTIES:
commit cd08871286c7802ea010d179d7b54cc0197cda53
Author: Werner Koch
Date: Thu Oct 23 20:37:06 2014 +0200
web: Re-format the mailing list page and fix the FAQ URLs.
diff --git a/web/documentation/faqs.org b/web/documentation/faqs.org
index 38a1c38..3209562 100644
--- a/web/documentation/faqs.org
+++ b/web/documentation/faqs.org
@@ -4,13 +4,12 @@
* GnuPG Frequently Asked Questions
- The GnuPG FAQ is available in 3 formats:
+ The GnuPG FAQ is available in 2 formats:
- - [[../faq/gnupg-faq.html][HTML]]
- - [[ftp://ftp.gnupg.org/gcrypt/gnupg/GnuPG-FAQ.txt][Text]]
- - [[http://git.gnupg.org/cgi-bin/gitweb.cgi?p%3Dgnupg-doc.git%3Ba%3Dblob_plain%3Bf%3Dweb/faq/gnupg-faq.org][Org-mode]]
+ - [[https://www.gnupg.org/faq/gnupg-faq.html][HTML]]
+ - [[https://www.gnupg.org/faq/gnupg-faq.txt][Plain text]]
-
- (If you are looking for the old and outdated FAQ, please go to [[http://www-old.gnupg.org/faq/GnuPG-FAQ.html][here]].)
+ The FAQ is generated using this [[http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git;a=blob_plain;f=web/faq/gnupg-faq.org][source code]]. If you are looking for
+ the old and outdated FAQ, please go to [[http://www-old.gnupg.org/faq/GnuPG-FAQ.html][here]].
# eof
diff --git a/web/documentation/mailing-lists.org b/web/documentation/mailing-lists.org
index 781b0a7..0568542 100644
--- a/web/documentation/mailing-lists.org
+++ b/web/documentation/mailing-lists.org
@@ -1,76 +1,72 @@
#+TITLE: GnuPG - Mailing lists
-#+STARTUP: showall
+#+STARTUP: showall indent
#+SETUPFILE: "../share/setup.inc"
+#+OPTIONS: ^:{}
* Mailing lists
- The contents of all messages sent to these mailing lists are assumed
- to be in the public domain. Archives of these mailing lists are
- also available; please click on the mailing list name below.
+The contents of all messages sent to these mailing lists are assumed
+to be in the public domain. Archives of these mailing lists are also
+available; please click on the mailing list name below.
- Please check the [[file:faqs.org][FAQ]] before you ask on one of the lists. If you
- want to search these mailing lists (as well as other archives)
- please use the service provided at [[http://marc.info/]].
+Please check the [[file:faqs.org][FAQ]] before you ask on one of the lists. If you want
+to search these mailing lists (as well as other archives) please use
+the service provided at [[http://marc.info/]].
- - [[http://lists.gnupg.org/pipermail/gnupg-announce/][gnupg-announce at gnupg.org]] :: It is used to announce new releases
- and for other important messages.
- - [[http://lists.gnupg.org/pipermail/gnupg-users/][gnupg-users at gnupg.org]] :: It is used as a general discussion and
- help forum.
- - [[http://lists.gnupg.org/pipermail/gnupg-devel/][gnupg-devel at gnupg.org]] :: It is used for development and bug
- tracking.
- - [[http://lists.gnupg.org/pipermail/gnupg-i18n/][gnupg-i18n at gnupg.org]] :: It is used for discussion of translations
- and related things.
- - [[http://lists.gnupg.org/pipermail/gnupg-doc/][gnupg-doc at gnupg.org]] :: is used for the development of
- the [[guides.org::gph][GNU Privacy Handbook]].
- - [[http://lists.gnupg.org/pipermail/gcrypt-devel/][gcrypt-devel at gnupg.org]] :: It is used to discuss the development
- of the GNU crypto library which will be used by a future GnuPG
- version and is also used by a couple of other projects.
- - [[http://lists.gnupg.org/pipermail/gpa-dev/][gpa-dev at gnupg.org]] :: It is used to discuss the development of the
- GNU Privacy Assistant (a graphical frontend for GnuPG).
- - [[http://lists.gnupg.org/pipermail/gnupg-br/][gnupg-br at gnupg.org]] :: Help and discussion among Portuguese
- (Brazil) speaking users of GnuPG.
- - [[http://lists.gnupg.org/pipermail/gnupg-de/][gnupg-de at gnupg.org]] :: Help and discussion among German speaking
- users of GnuPG.
- - [[http://lists.gnupg.org/pipermail/gnupg-pt/][gnupg-pt at gnupg.org]] :: Help
- and discussion among Portuguese speaking users of GnuPG.
- - [[http://lists.gnupg.org/pipermail/gnupg-es/][gnupg-es at gnupg.org]] :: Help and discussion among Spanish speaking
- users of GnuPG.
- - [[http://lists.gnupg.org/pipermail/gnupg-ru/][gnupg-ru at gnupg.org]] :: Help and discussion among Russian speaking
- users of GnuPG.
+| Name | Purpose | Lang |
+|----------------+---------------------------------------------+------|
+| | | |
+| [[http://lists.gnupg.org/pipermail/gnupg-announce/][gnupg-announce]] | Release announcements (low-traffic) | en |
+| | | |
+| [[http://lists.gnupg.org/pipermail/gnupg-users/][gnupg-users]] | General discussion and help | en |
+| [[http://lists.gnupg.org/pipermail/gnupg-br/][gnupg-br]] | Help among Portuguese/Brazil speaking users | br |
+| [[http://lists.gnupg.org/pipermail/gnupg-de/][gnupg-de]] | Help among German speaking users | de |
+| [[http://lists.gnupg.org/pipermail/gnupg-pt/][gnupg-pt]] | Help among Portuguese speaking users | pt |
+| [[http://lists.gnupg.org/pipermail/gnupg-es/][gnupg-es]] | Help among Spanish speaking users | es |
+| [[http://lists.gnupg.org/pipermail/gnupg-ru/][gnupg-ru]] | Help among Russian speaking users | ru |
+| | | |
+| [[http://lists.gnupg.org/pipermail/gnupg-devel/][gnupg-devel]] | Development discussion and bug tracking | en |
+| [[http://lists.gnupg.org/pipermail/gpa-dev/][gpa-dev]] | Development of the GNU Privacy Assistant | en |
+| [[http://lists.gnupg.org/pipermail/gcrypt-devel/][gcrypt-devel]] | Development of Libgcrypt | en |
+| [[http://lists.gnupg.org/pipermail/gnupg-doc/][gnupg-doc]] | Development of documentation | en |
+| [[http://lists.gnupg.org/pipermail/gnupg-commits/][gnupg-commits]] | Commit messages (read-only) | en |
+| | | |
+|----------------+---------------------------------------------+------|
- There are also a few mailing lists which receive log information for
- CVS commits; you will find them under the [[http://lists.gnupg.org/mailman/listinfo/][mailing list manager]].
-** How to subscribe
+A complete list of all mailing lists can also be found at our
+[[http://lists.gnupg.org/mailman/listinfo/][mailing list manager]].
- You can subscribe to these lists [[http://lists.gnupg.org/][via web]] or by sending an e-mail:
+You may subscribe to these lists [[http://lists.gnupg.org/][via web]] or by sending an e-mail:
#+begin_example
- To: -request at gnupg.org
- Subject: subscribe
+ To: -request at gnupg.org
+ Subject: subscribe
#+end_example
- where // is the name of the mailing list as described
- above.
+where // is the name of the mailing list as described
+above.
- Posting to these mailing lists is only allowed for subscribers;
- postings from non-subcribers are held for approval but there is no
- guarantee that the moderator can approve them in time; they may
- even be dropped.
+Posting to these mailing lists is only allowed for subscribers;
+postings from non-subscribers are held for approval but there is no
+guarantee that the moderator can approve them in time; they may even
+be dropped.
- Some kinds of postings will not be accepted: e.g. large ones, mails
- without the list name in the =To:= or =CC:= header and HTML mails.
- All mail clients have an option to send plain text only messages;
- try this if you don't get a response.
+Some kinds of postings will not be accepted: e.g. large ones, mails
+without the list name in the =To:= or =CC:= header and HTML mails.
+All mail clients have an option to send plain text only messages; try
+this if you don?t get a response.
- Please write to the mailing lists in English only.
+Please write to the mailing lists in English unless it is language
+specific list.
** Other discussion groups
- There are also several country-specific mailing-lists to subscribe
- to. It is important to note that these mailing-lists are not
- hosted on GnuPG's servers, but are of great help for all of those
- who feel more confortable when speaking their own native language.
+There are also several other country-specific mailing-lists to
+subscribe to. It is important to note that these mailing-lists are
+not hosted on the GnuPG servers, but are of great help for all of
+those who feel more confortable when speaking their own native
+language.
- - [[http://www.egroups.co.jp/group/gnupgnewsjapan/][GnuPG News Japan]] :: Discussion group for Japanese users.
- - [[http://itlists.org/mailman/listinfo/gnupg-it/][gnupg-it]] :: Mailing dedicated to GnuPG users who speak Italian.
+- [[http://www.egroups.co.jp/group/gnupgnewsjapan/][GnuPG News Japan]] :: Discussion group for Japanese users.
+- [[http://itlists.org/mailman/listinfo/gnupg-it/][gnupg-it]] :: Mailing dedicated to GnuPG users who speak Italian.
-----------------------------------------------------------------------
Summary of changes:
web/documentation/faqs.org | 11 ++-
web/documentation/mailing-lists.org | 106 +++++++++++------------
web/faq/gnupg-faq.org | 159 +++++++++++++----------------------
3 files changed, 115 insertions(+), 161 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 24 09:39:24 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 24 Oct 2014 09:39:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-27-g7c2668b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 7c2668b70e0eaf3660216855c17290af8ddc04a9 (commit)
from 472a4a0d82add2d17154fa38e0074eaea56c28c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7c2668b70e0eaf3660216855c17290af8ddc04a9
Author: Werner Koch
Date: Fri Oct 24 09:39:22 2014 +0200
misc: Add logo as used with PayPal.
--
diff --git a/artwork/gnupg-logo-180x59tr.png b/artwork/gnupg-logo-180x59tr.png
new file mode 100644
index 0000000..1bb1111
Binary files /dev/null and b/artwork/gnupg-logo-180x59tr.png differ
-----------------------------------------------------------------------
Summary of changes:
artwork/gnupg-logo-180x59tr.png | Bin 0 -> 5434 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 artwork/gnupg-logo-180x59tr.png
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 24 20:40:21 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 24 Oct 2014 20:40:21 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-28-gc9aadcb
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c9aadcb3a248632c07391ff3d829bece9320a901 (commit)
from 7c2668b70e0eaf3660216855c17290af8ddc04a9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c9aadcb3a248632c07391ff3d829bece9320a901
Author: Werner Koch
Date: Fri Oct 24 16:20:20 2014 +0200
agent: Support pinentries with integrated repeat passphrase feature.
* agent/agent.h (struct pin_entry_info_s): Add fields repeat_okay and
with_repeat.
* agent/call-pinentry.c (close_button_status_cb): Rewrite and check
for PIN_REPEAT. Change users to check only the relevant bit.
(agent_askpin): Support repeat logic of new Pinentries.
* agent/command-ssh.c (ssh_identity_register): Use the new repeat
feature.
* agent/genkey.c (agent_ask_new_passphrase): Ditto.
--
If we need to confirm a passphrase entry (e.g. for new passphrase) we
set a flag into the pinentry info block. The we try to use the new
pinentry command SETREPEATERROR; if that fails, we continue as usual.
If that succeeds we ask the pinentry to show the repeat (confirmation)
prompt and on successful return we set another flag in the pinentry
info block so that the caller can skip its own confirmation check. A
new status line from the pinentry indicates that the feature is
actually supported (it may not be supported on certain systems for
example when using the ncurses backend).
Signed-off-by: Werner Koch
diff --git a/agent/agent.h b/agent/agent.h
index 7342475..b80c6a0 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -220,6 +220,8 @@ struct pin_entry_info_s
int max_tries; /* max. number of allowed tries. */
int failed_tries; /* Number of tries so far failed. */
int with_qualitybar; /* Set if the quality bar should be displayed. */
+ int with_repeat; /* Request repetition of the passphrase. */
+ int repeat_okay; /* Repetition worked. */
int (*check_cb)(struct pin_entry_info_s *); /* CB used to check the PIN */
void *check_cb_arg; /* optional argument which might be of use in the CB */
const char *cb_errtext; /* used by the cb to display a specific error */
diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c
index 126d696..e5977ad 100644
--- a/agent/call-pinentry.c
+++ b/agent/call-pinentry.c
@@ -682,23 +682,23 @@ setup_qualitybar (void)
}
-/* Check the button_info line for a close action. */
+/* Check the button_info line for a close action. Also check for the
+ PIN_REPEATED flag. */
static gpg_error_t
close_button_status_cb (void *opaque, const char *line)
{
- int *flag = opaque;
- const char *keyword = line;
- int keywordlen;
+ unsigned int *flag = opaque;
+ const char *args;
- for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
- ;
- while (spacep (line))
- line++;
- if (keywordlen == 11 && !memcmp (keyword, "BUTTON_INFO", keywordlen))
+ if ((args = has_leading_keyword (line, "BUTTON_INFO")))
{
- if ( !strcmp (line, "close") )
+ if (!strcmp (args, "close"))
*flag = 1;
}
+ else if (has_leading_keyword (line, "PIN_REPEATED"))
+ {
+ *flag |= 256;
+ }
return 0;
}
@@ -721,7 +721,7 @@ agent_askpin (ctrl_t ctrl,
const char *errtext = NULL;
int is_pin = 0;
int saveflag;
- int close_button;
+ unsigned int close_button;
if (opt.batch)
return 0; /* fixme: we should return BAD PIN */
@@ -806,6 +806,18 @@ agent_askpin (ctrl_t ctrl,
return unlock_pinentry (rc);
}
+ if (pininfo->with_repeat)
+ {
+ snprintf (line, DIM(line)-1, "SETREPEATERROR %s",
+ _("does not match - try again"));
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ pininfo->with_repeat = 0; /* Pinentry does not support it. */
+ }
+ pininfo->repeat_okay = 0;
+
for (;pininfo->failed_tries < pininfo->max_tries; pininfo->failed_tries++)
{
memset (&parm, 0, sizeof parm);
@@ -828,6 +840,16 @@ agent_askpin (ctrl_t ctrl,
errtext = NULL;
}
+ if (pininfo->with_repeat)
+ {
+ snprintf (line, DIM(line)-1, "SETREPEAT %s", _("Repeat:"));
+ line[DIM(line)-1] = 0;
+ rc = assuan_transact (entry_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (rc)
+ return unlock_pinentry (rc);
+ }
+
saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
assuan_begin_confidential (entry_ctx);
close_button = 0;
@@ -842,9 +864,10 @@ agent_askpin (ctrl_t ctrl,
&& gpg_err_code (rc) == GPG_ERR_ASS_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
+
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if (close_button && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA)
@@ -881,7 +904,11 @@ agent_askpin (ctrl_t ctrl,
}
if (!errtext)
- return unlock_pinentry (0); /* okay, got a PIN or passphrase */
+ {
+ if (pininfo->with_repeat && (close_button & 256))
+ pininfo->repeat_okay = 1;
+ return unlock_pinentry (0); /* okay, got a PIN or passphrase */
+ }
}
return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN
@@ -902,7 +929,7 @@ agent_get_passphrase (ctrl_t ctrl,
char line[ASSUAN_LINELENGTH];
struct entry_parm_s parm;
int saveflag;
- int close_button;
+ unsigned int close_button;
*retpass = NULL;
if (opt.batch)
@@ -991,7 +1018,7 @@ agent_get_passphrase (ctrl_t ctrl,
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED);
/* Change error code in case the window close button was clicked
to cancel the operation. */
- if (close_button && gpg_err_code (rc) == GPG_ERR_CANCELED)
+ if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED)
rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED);
if (rc)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5427323..f3ef30c 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3104,6 +3104,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
pi2 = pi + (sizeof *pi + 100 + 1);
pi->max_length = 100;
pi->max_tries = 1;
+ pi->with_repeat = 1;
pi2->max_length = 100;
pi2->max_tries = 1;
pi2->check_cb = reenter_compare_cb;
@@ -3115,8 +3116,9 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
if (err)
goto out;
- /* Unless the passphrase is empty, ask to confirm it. */
- if (pi->pin && *pi->pin)
+ /* Unless the passphrase is empty or the pinentry told us that
+ it already did the repetition check, ask to confirm it. */
+ if (pi->pin && *pi->pin && !pi->repeat_okay)
{
err = agent_askpin (ctrl, description2, NULL, NULL, pi2);
if (err == -1)
diff --git a/agent/genkey.c b/agent/genkey.c
index 9918c12..91917f7 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -363,6 +363,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
pi->max_length = 100;
pi->max_tries = 3;
pi->with_qualitybar = 1;
+ pi->with_repeat = 1;
pi2->max_length = 100;
pi2->max_tries = 3;
pi2->check_cb = reenter_compare_cb;
@@ -379,8 +380,9 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt,
pi2->failed_tries = 0;
goto next_try;
}
- /* Unless the passphrase is empty, ask to confirm it. */
- if (pi->pin && *pi->pin)
+ /* Unless the passphrase is empty or the pinentry told us that
+ it already did the repetition check, ask to confirm it. */
+ if (pi->pin && *pi->pin && !pi->repeat_okay)
{
err = agent_askpin (ctrl, text2, NULL, NULL, pi2);
if (err == -1)
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 2 ++
agent/call-pinentry.c | 57 ++++++++++++++++++++++++++++++++++++-------------
agent/command-ssh.c | 6 ++++--
agent/genkey.c | 6 ++++--
4 files changed, 52 insertions(+), 19 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 24 20:41:53 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 24 Oct 2014 20:41:53 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.4-4-g2ef788f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 2ef788fb5dce2e49fa925264802388f4c002cd31 (commit)
via e483abb883f65719ce8008a211f49b8d207ee4af (commit)
via 9f78f0709d9ba60677129c179f7f0ef835c51c1d (commit)
from b3ecb6497373119a67794aae44633d7b1ed4b962 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2ef788fb5dce2e49fa925264802388f4c002cd31
Author: Werner Koch
Date: Fri Oct 24 16:10:15 2014 +0200
gtk+-2: Make current focus visible again.
* gtk+-2/pinentry-gtk-2.c (grab_keyboard): Return false
(ungrab_keyboard): Ditto.
--
Probably due to a change in GTK+ the grab handler now need to return a
flag wether to call the other event handler. Without that the focus
was not visible.
diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index 10298d6..8322530 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -132,11 +132,11 @@ make_transient (GtkWidget *win, GdkEvent *event, gpointer data)
/* Grab the keyboard for maximum security */
-static void
+static int
grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
{
if (! pinentry->grab)
- return;
+ return FALSE;
if (gdk_keyboard_grab (win->window, FALSE, gdk_event_get_time (event)))
{
@@ -144,11 +144,12 @@ grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
grab_failed = 1;
gtk_main_quit ();
}
+ return FALSE;
}
/* Remove grab. */
-static void
+static int
ungrab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
{
gdk_keyboard_ungrab (gdk_event_get_time (event));
@@ -158,6 +159,7 @@ ungrab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data)
code is taken from gtk_window_transient_parent_unrealized. */
gdk_property_delete (win->window,
gdk_atom_intern_static_string ("WM_TRANSIENT_FOR"));
+ return FALSE;
}
commit e483abb883f65719ce8008a211f49b8d207ee4af
Author: Werner Koch
Date: Fri Oct 24 16:11:59 2014 +0200
gtk+-2: Implement the SETREPEAT command.
* gtk+-2/pinentry-gtk-2.c (repeat_entry, error_label): New.
(button_clicked): Implement repeat check.
(changed_text_handler): Clear repeat field.
(create_window): Add repeat entry.
diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index 421bc02..10298d6 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -58,6 +58,8 @@ typedef enum { CONFIRM_CANCEL, CONFIRM_OK, CONFIRM_NOTOK } confirm_value_t;
static confirm_value_t confirm_value;
static GtkWidget *entry;
+static GtkWidget *repeat_entry;
+static GtkWidget *error_label;
static GtkWidget *qualitybar;
#ifdef ENABLE_ENHANCED
static GtkWidget *insure;
@@ -173,22 +175,40 @@ button_clicked (GtkWidget *widget, gpointer data)
{
if (data)
{
- const char *s;
+ const char *s, *s2;
/* Okay button or enter used in text field. */
#ifdef ENABLE_ENHANCED
/* FIXME: This is not compatible with assuan. We can't just
print stuff on stdout. */
- if (pinentry->enhanced)
- printf ("Options: %s\nTimeout: %d\n\n",
- gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (insure))
- ? "insure" : "",
- gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (time_out)));
+ /* if (pinentry->enhanced) */
+ /* printf ("Options: %s\nTimeout: %d\n\n", */
+ /* gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (insure)) */
+ /* ? "insure" : "", */
+ /* gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (time_out))); */
#endif
s = gtk_secure_entry_get_text (GTK_SECURE_ENTRY (entry));
if (!s)
s = "";
+
+ if (pinentry->repeat_passphrase && repeat_entry)
+ {
+ s2 = gtk_secure_entry_get_text (GTK_SECURE_ENTRY (repeat_entry));
+ if (!s2)
+ s2 = "";
+ if (strcmp (s, s2))
+ {
+ gtk_label_set_text (GTK_LABEL (error_label),
+ pinentry->repeat_error_string?
+ pinentry->repeat_error_string:
+ "not correctly repeated");
+ gtk_widget_grab_focus (entry);
+ return; /* again */
+ }
+ pinentry->repeat_okay = 1;
+ }
+
passphrase_ok = 1;
pinentry_setbufferlen (pinentry, strlen (s) + 1);
if (pinentry->pin)
@@ -252,6 +272,12 @@ changed_text_handler (GtkWidget *widget)
got_input = TRUE;
+ if (pinentry->repeat_passphrase && repeat_entry)
+ {
+ gtk_secure_entry_set_text (GTK_SECURE_ENTRY (repeat_entry), "");
+ gtk_label_set_text (GTK_LABEL (error_label), "");
+ }
+
if (!qualitybar || !pinentry->quality_bar)
return;
@@ -369,25 +395,41 @@ create_window (int confirm_mode)
gtk_label_set_line_wrap (GTK_LABEL (w), TRUE);
gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0);
}
- if (pinentry->error && !confirm_mode)
+ if (!confirm_mode && (pinentry->error || pinentry->repeat_passphrase))
{
+ /* With the repeat passphrase option we need to create the label
+ in any case so that it may later be updated by the error
+ message. */
GdkColor color = { 0, 0xffff, 0, 0 };
- msg = pinentry_utf8_validate (pinentry->error);
- w = gtk_label_new (msg);
- g_free (msg);
- gtk_misc_set_alignment (GTK_MISC (w), 0.0, 0.5);
- gtk_label_set_line_wrap (GTK_LABEL (w), TRUE);
- gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0);
- gtk_widget_modify_fg (w, GTK_STATE_NORMAL, &color);
+ if (pinentry->error)
+ msg = pinentry_utf8_validate (pinentry->error);
+ else
+ msg = "";
+ error_label = gtk_label_new (msg);
+ if (pinentry->error)
+ g_free (msg);
+ gtk_misc_set_alignment (GTK_MISC (error_label), 0.0, 0.5);
+ gtk_label_set_line_wrap (GTK_LABEL (error_label), TRUE);
+ gtk_box_pack_start (GTK_BOX (box), error_label, TRUE, FALSE, 0);
+ gtk_widget_modify_fg (error_label, GTK_STATE_NORMAL, &color);
}
qualitybar = NULL;
if (!confirm_mode)
{
- GtkWidget* table = gtk_table_new (pinentry->quality_bar ? 2 : 1, 2,
- FALSE);
+ int nrow;
+ GtkWidget* table;
+
+ nrow = 1;
+ if (pinentry->quality_bar)
+ nrow++;
+ if (pinentry->repeat_passphrase)
+ nrow++;
+
+ table = gtk_table_new (nrow, 2, FALSE);
+ nrow = 0;
gtk_box_pack_start (GTK_BOX (box), table, FALSE, FALSE, 0);
if (pinentry->prompt)
@@ -396,7 +438,7 @@ create_window (int confirm_mode)
w = gtk_label_new_with_mnemonic (msg);
g_free (msg);
gtk_misc_set_alignment (GTK_MISC (w), 1.0, 0.5);
- gtk_table_attach (GTK_TABLE (table), w, 0, 1, 0, 1,
+ gtk_table_attach (GTK_TABLE (table), w, 0, 1, nrow, nrow+1,
GTK_FILL, GTK_FILL, 4, 0);
}
@@ -406,10 +448,11 @@ create_window (int confirm_mode)
G_CALLBACK (enter_callback), entry);
g_signal_connect (G_OBJECT (entry), "changed",
G_CALLBACK (changed_text_handler), entry);
- gtk_table_attach (GTK_TABLE (table), entry, 1, 2, 0, 1,
+ gtk_table_attach (GTK_TABLE (table), entry, 1, 2, nrow, nrow+1,
GTK_EXPAND|GTK_FILL, GTK_EXPAND|GTK_FILL, 0, 0);
gtk_widget_grab_focus (entry);
gtk_widget_show (entry);
+ nrow++;
if (pinentry->quality_bar)
{
@@ -417,7 +460,7 @@ create_window (int confirm_mode)
w = gtk_label_new (msg);
g_free (msg);
gtk_misc_set_alignment (GTK_MISC (w), 1.0, 0.5);
- gtk_table_attach (GTK_TABLE (table), w, 0, 1, 1, 2,
+ gtk_table_attach (GTK_TABLE (table), w, 0, 1, nrow, nrow+1,
GTK_FILL, GTK_FILL, 4, 0);
qualitybar = gtk_progress_bar_new();
gtk_widget_add_events (qualitybar,
@@ -428,10 +471,33 @@ create_window (int confirm_mode)
if (pinentry->quality_bar_tt)
gtk_tooltips_set_tip (GTK_TOOLTIPS (tooltips), qualitybar,
pinentry->quality_bar_tt, "");
- gtk_table_attach (GTK_TABLE (table), qualitybar, 1, 2, 1, 2,
+ gtk_table_attach (GTK_TABLE (table), qualitybar, 1, 2, nrow, nrow+1,
GTK_EXPAND|GTK_FILL, GTK_EXPAND|GTK_FILL, 0, 0);
+ nrow++;
}
+
+ if (pinentry->repeat_passphrase)
+ {
+ msg = pinentry_utf8_validate (pinentry->repeat_passphrase);
+ w = gtk_label_new (msg);
+ g_free (msg);
+ gtk_misc_set_alignment (GTK_MISC (w), 1.0, 0.5);
+ gtk_table_attach (GTK_TABLE (table), w, 0, 1, nrow, nrow+1,
+ GTK_FILL, GTK_FILL, 4, 0);
+
+ repeat_entry = gtk_secure_entry_new ();
+ gtk_widget_set_size_request (repeat_entry, 200, -1);
+ g_signal_connect (G_OBJECT (entry), "activate",
+ G_CALLBACK (enter_callback), repeat_entry);
+ gtk_table_attach (GTK_TABLE (table), repeat_entry, 1, 2, nrow, nrow+1,
+ GTK_EXPAND|GTK_FILL, GTK_EXPAND|GTK_FILL, 0, 0);
+ gtk_widget_grab_focus (entry);
+ gtk_widget_show (entry);
+ nrow++;
+ }
+
+
#ifdef ENABLE_ENHANCED
if (pinentry->enhanced)
{
commit 9f78f0709d9ba60677129c179f7f0ef835c51c1d
Author: Werner Koch
Date: Fri Oct 24 16:20:20 2014 +0200
Add commands to allow implementing a "repeat passphrase" field.
* pinentry/pinentry.c (cmd_setrepeat): New.
(cmd_setrepeaterror): New.
(register_commands): Add new commands.
(cmd_getpin): Print "PIN_REPEATED" status.
diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c
index 4f7958a..0030754 100644
--- a/pinentry/pinentry.c
+++ b/pinentry/pinentry.c
@@ -85,6 +85,9 @@ struct pinentry pinentry =
0, /* Close button flag. */
0, /* Locale error flag. */
0, /* One-button flag. */
+ NULL, /* Repeat passphrase flag. */
+ NULL, /* Repeat error string. */
+ 0, /* Correctly repeated flag. */
NULL, /* Quality-Bar flag and description. */
NULL, /* Quality-Bar tooltip. */
PINENTRY_COLOR_DEFAULT,
@@ -759,6 +762,38 @@ cmd_setprompt (ASSUAN_CONTEXT ctx, char *line)
static int
+cmd_setrepeat (ASSUAN_CONTEXT ctx, char *line)
+{
+ char *p;
+
+ p = malloc (strlen (line) + 1);
+ if (!p)
+ return ASSUAN_Out_Of_Core;
+
+ strcpy_escaped (p, line);
+ free (pinentry.repeat_passphrase);
+ pinentry.repeat_passphrase = p;
+ return 0;
+}
+
+
+static int
+cmd_setrepeaterror (ASSUAN_CONTEXT ctx, char *line)
+{
+ char *p;
+
+ p = malloc (strlen (line) + 1);
+ if (!p)
+ return ASSUAN_Out_Of_Core;
+
+ strcpy_escaped (p, line);
+ free (pinentry.repeat_error_string);
+ pinentry.repeat_error_string = p;
+ return 0;
+}
+
+
+static int
cmd_seterror (ASSUAN_CONTEXT ctx, char *line)
{
char *newe;
@@ -909,6 +944,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line)
}
pinentry.locale_err = 0;
pinentry.close_button = 0;
+ pinentry.repeat_okay = 0;
pinentry.one_button = 0;
pinentry.ctx_assuan = ctx;
result = (*pinentry_cmd_handler) (&pinentry);
@@ -918,6 +954,11 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line)
free (pinentry.error);
pinentry.error = NULL;
}
+ if (pinentry.repeat_passphrase)
+ {
+ free (pinentry.repeat_passphrase);
+ pinentry.repeat_passphrase = NULL;
+ }
if (set_prompt)
pinentry.prompt = NULL;
@@ -938,6 +979,8 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line)
if (result)
{
+ if (pinentry.repeat_okay)
+ assuan_write_status (ctx, "PIN_REPEATED", "");
result = assuan_send_data (ctx, pinentry.pin, result);
if (!result)
result = assuan_send_data (ctx, NULL, 0);
@@ -1058,6 +1101,8 @@ register_commands (ASSUAN_CONTEXT ctx)
{
{ "SETDESC", 0, cmd_setdesc },
{ "SETPROMPT", 0, cmd_setprompt },
+ { "SETREPEAT", 0, cmd_setrepeat },
+ { "SETREPEATERROR",0, cmd_setrepeaterror },
{ "SETERROR", 0, cmd_seterror },
{ "SETOK", 0, cmd_setok },
{ "SETNOTOK", 0, cmd_setnotok },
diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h
index d4f86f9..d419550 100644
--- a/pinentry/pinentry.h
+++ b/pinentry/pinentry.h
@@ -1,20 +1,20 @@
/* pinentry.h - The interface for the PIN entry support library.
Copyright (C) 2002, 2003, 2010 g10 Code GmbH
-
+
This file is part of PINENTRY.
-
+
PINENTRY is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
-
+
PINENTRY is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, see .
+ along with this program; if not, see .
*/
#ifndef PINENTRY_H
@@ -22,7 +22,7 @@
#ifdef __cplusplus
extern "C" {
-#if 0
+#if 0
}
#endif
#endif
@@ -111,6 +111,18 @@ struct pinentry
dismiss button is required. */
int one_button;
+ /* If true a second prompt for the passphrase is show and the user
+ is expected to enter the same passphrase again. Pinentry checks
+ that both match. */
+ char *repeat_passphrase;
+
+ /* The string to show if a repeated passphrase does not match. */
+ char *repeat_error_string;
+
+ /* Set to true if the passphrase has been entered a second time and
+ matches the first passphrase. */
+ int repeat_okay;
+
/* If this is not NULL, a passphrase quality indicator is shown.
There will also be an inquiry back to the caller to get an
indication of the quality for the passphrase entered so far. The
@@ -170,7 +182,7 @@ char *pinentry_local_to_utf8 (char *lc_ctype, char *text, int secure);
/* Run a quality inquiry for PASSPHRASE of LENGTH. */
-int pinentry_inq_quality (pinentry_t pin,
+int pinentry_inq_quality (pinentry_t pin,
const char *passphrase, size_t length);
/* Try to make room for at least LEN bytes for the pin in the pinentry
@@ -206,7 +218,7 @@ extern pinentry_cmd_handler_t pinentry_cmd_handler;
-#if 0
+#if 0
{
#endif
#ifdef __cplusplus
-----------------------------------------------------------------------
Summary of changes:
gtk+-2/pinentry-gtk-2.c | 114 +++++++++++++++++++++++++++++++++++++----------
pinentry/pinentry.c | 45 +++++++++++++++++++
pinentry/pinentry.h | 28 ++++++++----
3 files changed, 156 insertions(+), 31 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Oct 26 12:26:10 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 26 Oct 2014 12:26:10 +0100
Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.4-10-g0fbc949
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 0fbc949f998fa84380b66bc0f589c7fca6232d3c (commit)
via 8943bc86d6cf8295d0ec4382480d886b1f2ec062 (commit)
via 821dc21a241a27cc381c7d65be690e3858e2ddc6 (commit)
via f2ed42297528f2a126d189c6181d3105ceecca22 (commit)
via 3803fd15942f2f25108e400be6cd6faef791c8f7 (commit)
via 4f4af9056d1c100aa53363f019253160cd8d9ff0 (commit)
from 2ef788fb5dce2e49fa925264802388f4c002cd31 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0fbc949f998fa84380b66bc0f589c7fca6232d3c
Author: Werner Koch
Date: Sun Oct 26 12:26:17 2014 +0100
Post release updates.
--
diff --git a/NEWS b/NEWS
index 2a2c2c8..a69faec 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 0.9.1 (unreleased)
+------------------------------------------------
+
+
Noteworthy changes in version 0.9.0 (2014-10-26)
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 3edcc7e..c2644c9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please
# bump the version number immediately after the release, do another
# commit, and a push so that the git magic is able to work.
-m4_define(mym4_version, [0.9.0])
+m4_define(mym4_version, [0.9.1])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 8943bc86d6cf8295d0ec4382480d886b1f2ec062
Author: Werner Koch
Date: Sun Oct 26 12:19:05 2014 +0100
Release 0.9.0
diff --git a/NEWS b/NEWS
index 393af88..2a2c2c8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Noteworthy changes in version 0.9.0 (unreleased)
+Noteworthy changes in version 0.9.0 (2014-10-26)
------------------------------------------------
* New command SETREPEAT. Currently only supported for Gtk+-2.
diff --git a/configure.ac b/configure.ac
index b930b84..3edcc7e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please
# bump the version number immediately after the release, do another
# commit, and a push so that the git magic is able to work.
-m4_define(mym4_version, [0.8.5])
+m4_define(mym4_version, [0.9.0])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 821dc21a241a27cc381c7d65be690e3858e2ddc6
Author: Werner Koch
Date: Sun Oct 26 12:18:45 2014 +0100
gtk: Aboid segv for opaste keys.
* gtk+-2/gtksecentry.c (gtk_secure_entry_class_init): Disable paste
key bindings.
diff --git a/gtk+-2/gtksecentry.c b/gtk+-2/gtksecentry.c
index 0f10a12..824d45a 100644
--- a/gtk+-2/gtksecentry.c
+++ b/gtk+-2/gtksecentry.c
@@ -676,10 +676,12 @@ gtk_secure_entry_class_init(GtkSecureEntryClass * class)
G_TYPE_INT, -1);
/* Clipboard - only pasting of course. */
- gtk_binding_entry_add_signal (binding_set, GDK_v, GDK_CONTROL_MASK,
- "paste-clipboard", 0);
- gtk_binding_entry_add_signal (binding_set, GDK_Insert, GDK_SHIFT_MASK,
- "paste-clipboard", 0);
+ /* Ist does not work right now. Depending on the GTK version we
+ see segv due to "property added after class was intialized". */
+ /* gtk_binding_entry_add_signal (binding_set, GDK_v, GDK_CONTROL_MASK, */
+ /* "paste-clipboard", 0); */
+ /* gtk_binding_entry_add_signal (binding_set, GDK_Insert, GDK_SHIFT_MASK, */
+ /* "paste-clipboard", 0); */
}
commit f2ed42297528f2a126d189c6181d3105ceecca22
Author: Werner Koch
Date: Fri Oct 24 16:20:20 2014 +0200
Remove support form QT3 and GTK+-1.
* configure.ac: Remove old qt and gtk+-1 support.
* Makefile.am: Ditto.
diff --git a/Makefile.am b/Makefile.am
index abc7b73..61c98e1 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -41,24 +41,12 @@ else
pinentry_tty =
endif
-if BUILD_PINENTRY_GTK
-pinentry_gtk = gtk
-else
-pinentry_gtk =
-endif
-
if BUILD_PINENTRY_GTK_2
pinentry_gtk_2 = gtk+-2
else
pinentry_gtk_2 =
endif
-if BUILD_PINENTRY_QT
-pinentry_qt = qt
-else
-pinentry_qt =
-endif
-
if BUILD_PINENTRY_QT4
pinentry_qt4 = qt4
else
@@ -72,8 +60,7 @@ pinentry_w32 =
endif
SUBDIRS = assuan secmem pinentry ${pinentry_curses} ${pinentry_tty} \
- ${pinentry_gtk} ${pinentry_gtk_2} ${pinentry_qt} ${pinentry_qt4} \
- ${pinentry_w32} doc
+ ${pinentry_gtk_2} ${pinentry_qt4} ${pinentry_w32} doc
install-exec-local:
diff --git a/NEWS b/NEWS
index 6a63d58..393af88 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,14 @@
-Noteworthy changes in version 0.8.5 (unreleased)
+Noteworthy changes in version 0.9.0 (unreleased)
------------------------------------------------
+ * New command SETREPEAT. Currently only supported for Gtk+-2.
+
+ * Gtk+-2: Pasting using the mouse is now supported.
+
+ * curses: Check that it is actually connected to a tty.
+
+ * Removed the old qt-3 and gtk+-1 pinentries.
+
Noteworthy changes in version 0.8.4 (2014-09-18)
------------------------------------------------
diff --git a/README b/README
index 6bb0d85..47d0a04 100644
--- a/README
+++ b/README
@@ -11,11 +11,8 @@ be requested explicitely.
GUI OPTION DEPENDENCIES
Curses --enable-pinentry-curses Curses library, for example ncurses
-GTK+ V1.2 --enable-pinentry-gtk Gimp Toolkit Library Version 1.2
- eg. libgtk-1.2 and libglib-1.2
GTK+ V2.0 --enable-pinentry-gtk2 Gimp Toolkit Library, Version 2.0
eg. libgtk-x11-2.0 and libglib-2.0
-Qt --enable-pinentry-qt Qt, eg. libqt or libqt-mt
Qt4 --enable-pinentry-qt4 Qt4
TTY --enable-pinentry-tty Simple TTY version, no dependencies
@@ -27,13 +24,13 @@ specified. So to disable linking to curses completely you have to
pass --disable-fallback-curses to the configure script as well.
Examples:
-* To only build the GTK+ 1.2 pinentry with curses support:
-./configure --enable-pinentry-gtk --enable-fallback-curses \
- --disable-pinentry-curses --disable-pinentry-qt
+* To only build the GTK+ pinentry with curses support:
+./configure --enable-pinentry-gtk2 --enable-fallback-curses \
+ --disable-pinentry-curses --disable-pinentry-qt4
* To build the Qt pinentry, and the other pinentries if they are
supported:
-./configure --enable-pinentry-qt
+./configure --enable-pinentry-qt4
* To build everything that is supported (complete auto-detection):
./configure
diff --git a/configure.ac b/configure.ac
index 0b00217..b930b84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -251,55 +251,10 @@ fi
dnl
-dnl Check for GTK+ pinentry program.
+dnl Additional checks pinentry Curses.
dnl
-AC_ARG_ENABLE(pinentry-gtk,
- AC_HELP_STRING([--enable-pinentry-gtk], [build GTK+ pinentry]),
- pinentry_gtk=$enableval, pinentry_gtk=maybe)
-
-dnl
-dnl Checks for GTK+ libraries. Deal correctly with $pinentry_gtk = maybe.
-dnl
-if test "$pinentry_gtk" != "no"; then
-AM_PATH_GLIB(1.2.0,,
-if test "$pinentry_gtk" = "yes"; then
- AC_MSG_ERROR([[
-***
-*** GLIB 1.2.0 or newer is required. The latest version of GLIB
-*** is always available from ftp://ftp.gtk.org/.
-***]])
-else
- pinentry_gtk=no
-fi)
-fi
-
-if test "$pinentry_gtk" != "no"; then
-AM_PATH_GTK(1.2.0,
- AC_DEFINE(HAVE_GTK, 1, [Defined if GTK is available]),
-if test "$pinentry_gtk" = "yes"; then
- AC_MSG_ERROR([[
-***
-*** GTK+ 1.2.0 or newer is required. The latest version of GTK+
-*** is always available form ftp://ftp.gtk.org/.
-***]])
-else
- pinentry_gtk=no
-fi)
-fi
-
-dnl If we have come so far, GTK+ pinentry can be build.
-if test "$pinentry_gtk" != "no"; then
- pinentry_gtk=yes
-fi
-AM_CONDITIONAL(BUILD_PINENTRY_GTK, test "$pinentry_gtk" = "yes")
-if test "$pinentry_gtk" = "yes"; then
- AC_DEFINE(PINENTRY_GTK, 1, [The GTK+ version of Pinentry is to be build])
-fi
-
if test "$pinentry_curses" = "yes" \
- -o "$fallback_curses" = "yes" \
- -o "$pinentry_gtk" = "yes"; then
- dnl Additional checks pinentry Curses/GTK+.
+ -o "$fallback_curses" = "yes" ; then
AM_ICONV
if test "$am_cv_func_iconv" != "yes"; then
AC_MSG_ERROR([[
@@ -310,10 +265,6 @@ if test "$pinentry_curses" = "yes" \
fi
fi
-dnl if test "$pinentry_gtk" = "yes"; then
-dnl Additional checks for GTK+ pinentry.
-dnl End of additional checks for GTK+ pinentry.
-dnl fi
dnl
@@ -361,64 +312,6 @@ AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes")
dnl
-dnl Check for Qt pinentry program.
-dnl
-AC_ARG_ENABLE(pinentry-qt,
- AC_HELP_STRING([--enable-pinentry-qt], [build Qt pinentry]),
- pinentry_qt=$enableval, pinentry_qt=maybe)
-dnl
-dnl Checks for Qt libraries. Deal correctly with $pinentry_qt = maybe.
-dnl
-if test "$pinentry_qt" != "no"; then
-QT_CHECK_COMPILERS
-QT_PATH
-if test $have_qt = "no"; then
- if test $pinentry_qt = "yes"; then
- AC_MSG_ERROR([[
-***
-*** Qt ($qt_minversion) $ac_qt_notfound not found. Please check your
-*** installation! For more details about this problem, look at the
-*** end of config.log.$missing_qt_mt
-***]])
- else
- pinentry_qt="no"
- fi
-fi
-if test $have_moc = "no"; then
- if test $pinentry_qt = "yes"; then
- AC_MSG_ERROR([[
-***
-*** No Qt meta object compiler (moc) found!
-*** Please check whether you installed Qt correctly.
-*** You need to have a running moc binary.
-*** configure tried to run $ac_cv_path_moc and the test didn't
-*** succeed. If configure shouldn't have tried this one, set
-*** the environment variable MOC to the right one before running
-*** configure.
-***]])
- else
- pinentry_qt="no"
- fi
-fi
-fi
-
-dnl If we have come so far, Qt pinentry can probably be build.
-if test "$pinentry_qt" != "no"; then
- pinentry_qt=yes
-fi
-AM_CONDITIONAL(BUILD_PINENTRY_QT, test "$pinentry_qt" = "yes")
-
-if test "$pinentry_qt" = "yes"; then
- AC_DEFINE(PINENTRY_QT, 1, [The Qt version of Pinentry is to be build])
-fi
-
-dnl if test "$pinentry_qt" = "yes"; then
-dnl dnl Additional checks for Qt pinentry.
-dnl dnl End of checks for Qt pinentry.
-dnl fi
-
-
-dnl
dnl Check for Qt4 pinentry program.
dnl
AC_ARG_ENABLE(pinentry-qt4,
@@ -495,29 +388,21 @@ AM_CONDITIONAL(BUILD_PINENTRY_W32, test "$pinentry_w32" = "yes")
# pinentry really is better (more feature-complete and more secure).
if test "$pinentry_gtk_2" = "yes"; then
- PINENTRY_DEFAULT=pinentry-gtk-2
+ PINENTRY_DEFAULT=pinentry-gtk-2
else
- if test "$pinentry_gtk" = "yes"; then
- PINENTRY_DEFAULT=pinentry-gtk
+ if test "$pinentry_qt4" = "yes"; then
+ PINENTRY_DEFAULT=pinentry-qt4
else
- if test "$pinentry_qt" = "yes"; then
- PINENTRY_DEFAULT=pinentry-qt
+ if test "$pinentry_curses" = "yes"; then
+ PINENTRY_DEFAULT=pinentry-curses
else
- if test "$pinentry_qt4" = "yes"; then
- PINENTRY_DEFAULT=pinentry-qt4
+ if test "$pinentry_tty" = "yes"; then
+ PINENTRY_DEFAULT=pinentry-tty
else
- if test "$pinentry_curses" = "yes"; then
- PINENTRY_DEFAULT=pinentry-curses
+ if test "$pinentry_w32" = "yes"; then
+ PINENTRY_DEFAULT=pinentry-w32
else
- if test "$pinentry_tty" = "yes"; then
- PINENTRY_DEFAULT=pinentry-tty
- else
- if test "$pinentry_w32" = "yes"; then
- PINENTRY_DEFAULT=pinentry-w32
- else
- AC_MSG_ERROR([[No pinentry enabled.]])
- fi
- fi
+ AC_MSG_ERROR([[No pinentry enabled.]])
fi
fi
fi
@@ -532,9 +417,7 @@ secmem/Makefile
pinentry/Makefile
curses/Makefile
tty/Makefile
-gtk/Makefile
gtk+-2/Makefile
-qt/Makefile
qt4/Makefile
w32/Makefile
doc/Makefile
@@ -552,9 +435,7 @@ AC_MSG_NOTICE([
Curses Pinentry ..: $pinentry_curses
TTY Pinentry .....: $pinentry_tty
- GTK+ Pinentry ....: $pinentry_gtk
GTK+-2 Pinentry ..: $pinentry_gtk_2
- Qt Pinentry ......: $pinentry_qt
Qt4 Pinentry .....: $pinentry_qt4 $pinentry_qt4_clip_msg
W32 Pinentry .....: $pinentry_w32
commit 3803fd15942f2f25108e400be6cd6faef791c8f7
Author: Stanislav Ochotnicky
Date: Fri Feb 14 12:58:38 2014 +0100
Check if we are on tty before initializing curses.
* pinentry/pinentry-curses.c (dialog_run): Check stant stdin and stout
are connected to ttys.
--
When we did not have a ttyname we just used stdin/out without checking
if it's a proper TTY or a pipe. In some cases this can cause endless
loop or escape seqeunces on the terminal.
This commit changes behaviour so that if stdin/out is not tty and no
ttyname is specified we error-out with errno set to ENOTTY
diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c
index 58da255..4fc8bc4 100644
--- a/pinentry/pinentry-curses.c
+++ b/pinentry/pinentry-curses.c
@@ -752,6 +752,11 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type)
{
if (!init_screen)
{
+ if (!(isatty(fileno(stdin)) && isatty(fileno(stdout))))
+ {
+ errno = ENOTTY;
+ return -1;
+ }
init_screen = 1;
initscr ();
}
commit 4f4af9056d1c100aa53363f019253160cd8d9ff0
Author: Werner Koch
Date: Fri Oct 24 16:20:20 2014 +0200
gtk: Allow pasting using the mouse.
* gtk+-2/gtksecentry.h (_GtkSecureEntry): Add fields insert_pos,
real_changed, cand change_count.
(_GtkSecureEntryClass): Add field paste_clipboard.
* gtk+-2/gtksecentry.c (PASTE_CLIPBOARD): New.
(gtk_secure_entry_class_init): Set paste_clipboard and create
paste-clipboard signal.
(gtk_secure_entry_button_press): Call gtk_secure_entry_pase.
(begin_change, end_change, emit_changed): New.
(gtk_secure_entry_real_insert_text): Use emit_changed.
(gtk_secure_entry_real_delete_text): Ditto.
(paste_received, gtk_secure_entry_paste)
(gtk_secure_entry_paste_clipboard): New.
--
The new code as been taken from gtk 2.20.1.
I have not figured out why the keybindings for C-v and s-Insert do not
work.
diff --git a/gtk+-2/gtksecentry.c b/gtk+-2/gtksecentry.c
index cfe6aea..0f10a12 100644
--- a/gtk+-2/gtksecentry.c
+++ b/gtk+-2/gtksecentry.c
@@ -31,7 +31,7 @@
*
* The entry is now always invisible, uses secure memory methods to
* allocate the text memory, and all potentially dangerous methods
- * (copy & paste, popup, etc.) have been removed.
+ * (copy, popup, etc.) have been removed.
*/
#include
@@ -57,6 +57,7 @@ enum {
MOVE_CURSOR,
INSERT_AT_CURSOR,
DELETE_FROM_CURSOR,
+ PASTE_CLIPBOARD,
LAST_SIGNAL
};
@@ -175,6 +176,7 @@ static void gtk_secure_entry_real_activate(GtkSecureEntry * entry);
static void gtk_secure_entry_keymap_direction_changed(GdkKeymap * keymap,
GtkSecureEntry *
entry);
+
/* IM Context Callbacks
*/
static void gtk_secure_entry_commit_cb(GtkIMContext * context,
@@ -195,6 +197,13 @@ static gboolean gtk_secure_entry_delete_surrounding_cb(GtkIMContext *
/* Internal routines
*/
+
+static void begin_change (GtkSecureEntry *entry);
+static void end_change (GtkSecureEntry *entry);
+static void emit_changed (GtkSecureEntry *entry);
+static void gtk_secure_entry_paste (GtkSecureEntry *entry, GdkAtom selection);
+static void gtk_secure_entry_paste_clipboard (GtkSecureEntry *entry);
+
static void gtk_secure_entry_enter_text(GtkSecureEntry * entry,
const gchar * str);
static void gtk_secure_entry_set_positions(GtkSecureEntry * entry,
@@ -424,6 +433,7 @@ gtk_secure_entry_class_init(GtkSecureEntryClass * class)
class->move_cursor = gtk_secure_entry_move_cursor;
class->insert_at_cursor = gtk_secure_entry_insert_at_cursor;
class->delete_from_cursor = gtk_secure_entry_delete_from_cursor;
+ class->paste_clipboard = gtk_secure_entry_paste_clipboard;
class->activate = gtk_secure_entry_real_activate;
g_object_class_override_property (gobject_class,
@@ -544,6 +554,15 @@ gtk_secure_entry_class_init(GtkSecureEntryClass * class)
_gtk_marshal_VOID__ENUM_INT, G_TYPE_NONE, 2,
GTK_TYPE_DELETE_TYPE, G_TYPE_INT);
+ signals[PASTE_CLIPBOARD] =
+ g_signal_new ("paste-clipboard",
+ G_OBJECT_CLASS_TYPE (gobject_class),
+ G_SIGNAL_RUN_LAST | G_SIGNAL_ACTION,
+ G_STRUCT_OFFSET (GtkEntryClass, paste_clipboard),
+ NULL, NULL,
+ _gtk_marshal_VOID__VOID,
+ G_TYPE_NONE, 0);
+
/*
* Key bindings
*/
@@ -655,6 +674,13 @@ gtk_secure_entry_class_init(GtkSecureEntryClass * class)
GDK_CONTROL_MASK, "delete_from_cursor", 2,
G_TYPE_ENUM, GTK_DELETE_WORD_ENDS,
G_TYPE_INT, -1);
+
+ /* Clipboard - only pasting of course. */
+ gtk_binding_entry_add_signal (binding_set, GDK_v, GDK_CONTROL_MASK,
+ "paste-clipboard", 0);
+ gtk_binding_entry_add_signal (binding_set, GDK_Insert, GDK_SHIFT_MASK,
+ "paste-clipboard", 0);
+
}
static void
@@ -833,13 +859,11 @@ static void
gtk_secure_entry_realize(GtkWidget * widget)
{
GtkSecureEntry *entry;
- GtkEditable *editable;
GdkWindowAttr attributes;
gint attributes_mask;
GTK_WIDGET_SET_FLAGS(widget, GTK_REALIZED);
entry = GTK_SECURE_ENTRY(widget);
- editable = GTK_EDITABLE(widget);
attributes.window_type = GDK_WINDOW_CHILD;
@@ -1167,6 +1191,18 @@ gtk_secure_entry_button_press(GtkWidget * widget, GdkEventButton * event)
return TRUE;
}
+ else if (event->button == 2) {
+ switch (event->type) {
+ case GDK_BUTTON_PRESS:
+ entry->insert_pos = tmp_pos;
+ gtk_secure_entry_paste (entry, GDK_SELECTION_PRIMARY);
+ return TRUE;
+
+ default:
+ break;
+ }
+
+ }
return FALSE;
}
@@ -1647,7 +1683,7 @@ gtk_secure_entry_real_insert_text(GtkEditable * editable,
gtk_secure_entry_recompute(entry);
- g_signal_emit_by_name(editable, "changed");
+ emit_changed (entry);
g_object_notify(G_OBJECT(editable), "text");
}
@@ -1688,7 +1724,7 @@ gtk_secure_entry_real_delete_text(GtkEditable * editable,
gtk_secure_entry_recompute(entry);
- g_signal_emit_by_name(editable, "changed");
+ emit_changed (entry);
g_object_notify(G_OBJECT(editable), "text");
}
}
@@ -1860,6 +1896,100 @@ gtk_secure_entry_delete_from_cursor(GtkSecureEntry * entry,
gtk_secure_entry_pend_cursor_blink(entry);
}
+static void
+begin_change (GtkSecureEntry *entry)
+{
+ entry->change_count++;
+}
+
+static void
+end_change (GtkSecureEntry *entry)
+{
+ GtkEditable *editable = GTK_EDITABLE (entry);
+
+ g_return_if_fail (entry->change_count > 0);
+
+ entry->change_count--;
+
+ if (entry->change_count == 0)
+ {
+ if (entry->real_changed)
+ {
+ g_signal_emit_by_name (editable, "changed");
+ entry->real_changed = FALSE;
+ }
+ }
+}
+
+static void
+emit_changed (GtkSecureEntry *entry)
+{
+ GtkEditable *editable = GTK_EDITABLE (entry);
+
+ if (entry->change_count == 0)
+ g_signal_emit_by_name (editable, "changed");
+ else
+ entry->real_changed = TRUE;
+}
+
+
+static void
+paste_received (GtkClipboard *clipboard,
+ const gchar *text,
+ gpointer data)
+{
+ GtkSecureEntry *entry = GTK_SECURE_ENTRY (data);
+ GtkEditable *editable = GTK_EDITABLE (entry);
+
+ if (entry->button == 2)
+ {
+ gint pos, start, end;
+
+ pos = entry->insert_pos;
+ gtk_editable_get_selection_bounds (editable, &start, &end);
+ if (!((start <= pos && pos <= end) || (end <= pos && pos <= start)))
+ gtk_editable_select_region (editable, pos, pos);
+ }
+
+ if (text)
+ {
+ gint pos, start, end;
+ gint length = -1;
+
+ begin_change (entry);
+ g_object_freeze_notify (G_OBJECT (entry));
+ if (gtk_editable_get_selection_bounds (editable, &start, &end))
+ gtk_editable_delete_text (editable, start, end);
+
+ pos = entry->current_pos;
+ gtk_editable_insert_text (editable, text, length, &pos);
+ gtk_editable_set_position (editable, pos);
+ g_object_thaw_notify (G_OBJECT (entry));
+ end_change (entry);
+ }
+
+ g_object_unref (entry);
+}
+
+
+static void
+gtk_secure_entry_paste (GtkSecureEntry *entry, GdkAtom selection)
+{
+ g_object_ref (entry);
+ gtk_clipboard_request_text (gtk_widget_get_clipboard (GTK_WIDGET (entry),
+ selection),
+ paste_received, entry);
+}
+
+
+static void
+gtk_secure_entry_paste_clipboard (GtkSecureEntry *entry)
+{
+ gtk_secure_entry_paste (entry, GDK_SELECTION_CLIPBOARD);
+}
+
+
+
/* static void */
/* gtk_secure_entry_delete_cb(GtkSecureEntry * entry) */
/* { */
diff --git a/gtk+-2/gtksecentry.h b/gtk+-2/gtksecentry.h
index c0f2e5a..30cec89 100644
--- a/gtk+-2/gtksecentry.h
+++ b/gtk+-2/gtksecentry.h
@@ -72,6 +72,7 @@ struct _GtkSecureEntry {
GtkIMContext *im_context;
gint current_pos;
+ gint insert_pos; /* Used to temporary save a position. */
gint selection_bound;
PangoLayout *cached_layout;
@@ -94,6 +95,9 @@ struct _GtkSecureEntry {
guint resolved_dir : 4; /* PangoDirection */
+ guint real_changed : 1;
+ guint change_count : 8;
+
guint button;
guint blink_timeout;
guint recompute_idle;
@@ -124,9 +128,9 @@ struct _GtkSecureEntryClass {
void (*insert_at_cursor) (GtkSecureEntry * entry, const gchar * str);
void (*delete_from_cursor) (GtkSecureEntry * entry,
GtkDeleteType type, gint count);
+ void (*paste_clipboard) (GtkSecureEntry *entry);
/* Padding for future expansion */
- void (*_gtk_reserved1) (void);
void (*_gtk_reserved2) (void);
void (*_gtk_reserved3) (void);
void (*_gtk_reserved4) (void);
diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c
index 8322530..1a8c083 100644
--- a/gtk+-2/pinentry-gtk-2.c
+++ b/gtk+-2/pinentry-gtk-2.c
@@ -230,7 +230,7 @@ enter_callback (GtkWidget *widget, GtkWidget *anentry)
static void
confirm_button_clicked (GtkWidget *widget, gpointer data)
{
- confirm_value = (int) data;
+ confirm_value = (int)(long) data;
gtk_main_quit ();
}
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 15 +----
NEWS | 14 ++++-
README | 11 ++--
configure.ac | 145 ++++----------------------------------------
gtk+-2/gtksecentry.c | 142 +++++++++++++++++++++++++++++++++++++++++--
gtk+-2/gtksecentry.h | 6 +-
gtk+-2/pinentry-gtk-2.c | 2 +-
pinentry/pinentry-curses.c | 5 ++
8 files changed, 179 insertions(+), 161 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Oct 26 12:53:29 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 26 Oct 2014 12:53:29 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta864-31-gcdd899e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via cdd899e160e03f6ed845b59381ce89c2de0b936a (commit)
via 4a22711e254cad59caf452c9e18d2527d9d06cf2 (commit)
via af1ff08bb9ff060d4589044fcca32cc9d66efa58 (commit)
from c9aadcb3a248632c07391ff3d829bece9320a901 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cdd899e160e03f6ed845b59381ce89c2de0b936a
Author: Werner Koch
Date: Sun Oct 26 12:48:34 2014 +0100
Update NEWS.
--
diff --git a/NEWS b/NEWS
index ffe7733..b01c7c8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,14 @@
Noteworthy changes in version 2.1.0 (unreleased)
------------------------------------------------
+ * gpg: All support for v3 (PGP 2) keys has been dropped. All
+ signatures are now creates as v4 signatures.
+
+ * gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows
+ up in the same window as the "new passphrase" prompt.
+
+ * gpg: Allow importing keys with duplicated long key ids.
+
* Dirmngr may now be build without support for LDAP.
* For a complete list of changes see the lists of changes for the
commit 4a22711e254cad59caf452c9e18d2527d9d06cf2
Author: Werner Koch
Date: Sun Oct 26 12:40:30 2014 +0100
po: Auto update
--
diff --git a/po/fr.po b/po/fr.po
index aad9a1f..29e3e9d 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -65,6 +65,9 @@ msgstr ""
"Veuillez entrer votre phrase de passe, pour pouvoir d?bloquer la clef "
"secr?te pendant cette session"
+msgid "does not match - try again"
+msgstr "ne correspond pas ? veuillez r?essayer"
+
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
#. two %d give the current and maximum number of tries.
@@ -72,6 +75,9 @@ msgstr ""
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (essai?%d sur %d)"
+msgid "Repeat:"
+msgstr ""
+
msgid "PIN too long"
msgstr "Code personnel trop long"
@@ -158,9 +164,6 @@ msgstr ""
"Veuillez entrer une phrase de passe pour prot?ger la clef secr?te%%0A %s"
"%%0A %s%%0Are?ue dans l'espace de stockage de clefs de gpg-agent"
-msgid "does not match - try again"
-msgstr "ne correspond pas ? veuillez r?essayer"
-
#, c-format
msgid "failed to create stream from socket: %s\n"
msgstr "?chec de cr?ation du flux ? partir de cette socket?: %s\n"
@@ -7310,9 +7313,13 @@ msgstr ""
msgid "Usage: @DIRMNGR@ [options] (-h for help)"
msgstr "Utilisation?: @DIRMNGR@ [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: @DIRMNGR@ [options] [command [args]]\n"
+#| "LDAP and OCSP access for @GNUPG@\n"
msgid ""
"Syntax: @DIRMNGR@ [options] [command [args]]\n"
-"LDAP and OCSP access for @GNUPG@\n"
+"Keyserver, CRL, and OCSP access for @GNUPG@\n"
msgstr ""
"Syntaxe?: @DIRMNGR@ [options] [commande [arguments]]\n"
"Acc?s LDAP et OCSP pour @GNUPG@\n"
diff --git a/po/ja.po b/po/ja.po
index 975c2ec..0faf222 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -64,6 +64,9 @@ msgstr ""
"???????????????????(???????????????????"
"?????????)"
+msgid "does not match - try again"
+msgstr "?????? - ????"
+
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
#. two %d give the current and maximum number of tries.
@@ -71,6 +74,9 @@ msgstr ""
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (?? %d / ?? %d)"
+msgid "Repeat:"
+msgstr ""
+
msgid "PIN too long"
msgstr "PIN??????"
@@ -157,9 +163,6 @@ msgstr ""
"????????????????gpg-agent?????????????%%0A %s"
"%%0A %s%%0A???????"
-msgid "does not match - try again"
-msgstr "?????? - ????"
-
#, c-format
msgid "failed to create stream from socket: %s\n"
msgstr "????????????????????????: %s\n"
@@ -6896,9 +6899,13 @@ msgstr ""
msgid "Usage: @DIRMNGR@ [options] (-h for help)"
msgstr "???: @DIRMNGR@ [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: @DIRMNGR@ [options] [command [args]]\n"
+#| "LDAP and OCSP access for @GNUPG@\n"
msgid ""
"Syntax: @DIRMNGR@ [options] [command [args]]\n"
-"LDAP and OCSP access for @GNUPG@\n"
+"Keyserver, CRL, and OCSP access for @GNUPG@\n"
msgstr ""
"??: @DIRMNGR@ [?????] [???? [??]]\n"
"@GnuPG@?LDAP?OCSP????\n"
diff --git a/po/uk.po b/po/uk.po
index f5f3d91..2fc151c 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -66,6 +66,9 @@ msgstr ""
"???? ?????, ??????? ??? ??????, ??? ???? ????? ???? ???????????? ??? ????? "
"??????"
+msgid "does not match - try again"
+msgstr "?????? ?? ??????????, ????????? ??????"
+
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
#. two %d give the current and maximum number of tries.
@@ -73,6 +76,9 @@ msgstr ""
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (?????? %d ? %d)"
+msgid "Repeat:"
+msgstr ""
+
msgid "PIN too long"
msgstr "??????? ?????? ??????"
@@ -160,9 +166,6 @@ msgstr ""
"???? ?????, ??????? ?????? ??? ??????? ?????????? ????????? ?????%%0A %s"
"%%0A %s%%0A? ??????? ?????? gpg-agent"
-msgid "does not match - try again"
-msgstr "?????? ?? ??????????, ????????? ??????"
-
#, c-format
msgid "failed to create stream from socket: %s\n"
msgstr "?? ??????? ???????? ????? ????? ? ??????: %s\n"
@@ -7104,9 +7107,13 @@ msgstr ""
msgid "Usage: @DIRMNGR@ [options] (-h for help)"
msgstr "????????????: @DIRMNGR@ [?????????] (-h ? ???????)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: @DIRMNGR@ [options] [command [args]]\n"
+#| "LDAP and OCSP access for @GNUPG@\n"
msgid ""
"Syntax: @DIRMNGR@ [options] [command [args]]\n"
-"LDAP and OCSP access for @GNUPG@\n"
+"Keyserver, CRL, and OCSP access for @GNUPG@\n"
msgstr ""
"?????????: @DIRMNGR@ [?????????] [??????? [?????????]]\n"
"?????? ?? LDAP ? OCSP ??? @GNUPG@\n"
commit af1ff08bb9ff060d4589044fcca32cc9d66efa58
Author: Werner Koch
Date: Sun Oct 26 12:40:11 2014 +0100
po: Translate new string to German.
--
diff --git a/po/de.po b/po/de.po
index fa56dd5..799291e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-10-10 15:27+0200\n"
+"PO-Revision-Date: 2014-10-26 12:38+0100\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -67,6 +67,9 @@ msgstr ""
"Bitte geben Sie Ihre Passphrase ein, so da? der geheime Schl?ssel benutzt "
"werden kann."
+msgid "does not match - try again"
+msgstr "Keine ?bereinstimmung - bitte nochmal versuchen."
+
#. TRANSLATORS: The string is appended to an error message in
#. the pinentry. The %s is the actual error message, the
#. two %d give the current and maximum number of tries.
@@ -74,6 +77,9 @@ msgstr ""
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (Versuch %d von %d)"
+msgid "Repeat:"
+msgstr "Nochmal:"
+
msgid "PIN too long"
msgstr "Die PIN ist zu lang"
@@ -163,9 +169,6 @@ msgstr ""
"Schl?ssel%%0A %s%%0A %s%%0Aim Schl?sselspeicher des Gpg-Agenten zu "
"sch?tzen."
-msgid "does not match - try again"
-msgstr "Keine ?bereinstimmung - bitte nochmal versuchen."
-
#, c-format
msgid "failed to create stream from socket: %s\n"
msgstr "Das Erzeugen eines Datenstroms aus dem Socket schlug fehl: %s\n"
@@ -7131,10 +7134,10 @@ msgstr "Gebrauch: @DIRMNGR@ [Optionen]"
msgid ""
"Syntax: @DIRMNGR@ [options] [command [args]]\n"
-"LDAP and OCSP access for @GNUPG@\n"
+"Keyserver, CRL, and OCSP access for @GNUPG@\n"
msgstr ""
"Syntax: @DIRMNGR@ [Optionen] [Kommando [Argumente]]\n"
-"LDAP und OCSP Zugriff f?r @GNUPG@\n"
+"Keyserver, CRL und OCSP Zugriff f?r @GNUPG@\n"
#, c-format
msgid "valid debug levels are: %s\n"
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 ++++++++
po/de.po | 15 +++++++++------
po/fr.po | 15 +++++++++++----
po/ja.po | 15 +++++++++++----
po/uk.po | 15 +++++++++++----
5 files changed, 50 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Oct 26 20:07:12 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Sun, 26 Oct 2014 20:07:12 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-1-g436aa90
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 436aa90be753b59bfb82684ae9ed8ff40b8c14ae (commit)
from cdd899e160e03f6ed845b59381ce89c2de0b936a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 436aa90be753b59bfb82684ae9ed8ff40b8c14ae
Author: Werner Koch
Date: Sun Oct 26 20:07:16 2014 +0100
doc: Re-formated some NEWS entries and added update notes to some.
--
diff --git a/NEWS b/NEWS
index b01c7c8..d371b80 100644
--- a/NEWS
+++ b/NEWS
@@ -1,28 +1,34 @@
Noteworthy changes in version 2.1.0 (unreleased)
------------------------------------------------
+ * This release introduces a lot of changes. Most of them are
+ internal and thus not user visible. However, some long standing
+ behavior has slightly changed and it is strongly suggested that an
+ existing "~/.gnupg" directory is backed up before this version is
+ used.
+
* gpg: All support for v3 (PGP 2) keys has been dropped. All
- signatures are now creates as v4 signatures.
+ signatures are now created as v4 signatures.
* gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows
up in the same window as the "new passphrase" prompt.
* gpg: Allow importing keys with duplicated long key ids.
- * Dirmngr may now be build without support for LDAP.
+ * dirmngr: May now be build without support for LDAP.
* For a complete list of changes see the lists of changes for the
- 2.1.0 beta versions below.
+ 2.1.0 beta versions below. Note that all relevant fixes from
+ versions 2.0.14 to 2.0.26 are also applied to this version.
-Noteworthy changes in version 2.1.0-beta864 (2014-10-03)
---------------------------------------------------------
+ [Noteworthy changes in version 2.1.0-beta864 (2014-10-03)]
- * gpg: Removed the GPG_AGENT_INFO related code. GnuPG does now only
- use a fixed socket name in its home directory.
+ * gpg: Removed the GPG_AGENT_INFO related code. GnuPG does now
+ always use a fixed socket name in its home directory.
* gpg: Renamed --gen-key to --full-gen-key and re-added a --gen-key
- command using less prompts.
+ command with less choices.
* gpg: Use SHA-256 for all signature types also on RSA keys.
@@ -33,11 +39,10 @@ Noteworthy changes in version 2.1.0-beta864 (2014-10-03)
* gpg: Fixed obsolete options parsing.
- * speedo: Improved the quick build system.
+ * Further improvements for the alternative speedo build system.
-Noteworthy changes in version 2.1.0-beta834 (2014-09-18)
---------------------------------------------------------
+ [Noteworthy changes in version 2.1.0-beta834 (2014-09-18)]
* gpg: Improved passphrase caching.
@@ -53,11 +58,11 @@ Noteworthy changes in version 2.1.0-beta834 (2014-09-18)
* dirmngr: Fixed the KS_FETCH command.
- * speedo: Downloads related packages and works for non-Windows.
+ * The speedo build system now downloads related packages and works
+ for non-Windows platforms.
-Noteworthy changes in version 2.1.0-beta783 (2014-08-14)
---------------------------------------------------------
+ [Noteworthy changes in version 2.1.0-beta783 (2014-08-14)]
* gpg: Add command --quick-gen-key.
@@ -88,24 +93,23 @@ Noteworthy changes in version 2.1.0-beta783 (2014-08-14)
* scdaemon: Remove the use of the pcsc-wrapper.
-Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
---------------------------------------------------------
-
- * gpg: Make export of secret keys work again.
+ [Noteworthy changes in version 2.1.0-beta751 (2014-07-03)]
* gpg: Create revocation certificates during key generation.
* gpg: Create exported secret keys and revocation certifciates with
mode 0700
+ * gpg: The validity of user ids is now shown by default. To revert
+ this add "list-options no-show-uid-validity" to gpg.conf.
+
+ * gpg: Make export of secret keys work again.
+
* gpg: The output of --list-packets does now print the offset of the
packet and information about the packet header.
* gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]
- * gpg: The validity of user ids is now shown by default. To revert
- this add "list-options no-show-uid-validity" to gpg.conf.
-
* gpg: Print more specific reason codes with the INV_RECP status.
* gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
@@ -118,11 +122,15 @@ Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
to build a partly working installer for Windows.
-Noteworthy changes in version 2.1.0-beta442 (2014-06-05)
---------------------------------------------------------
+ [Noteworthy changes in version 2.1.0-beta442 (2014-06-05)]
+
+ * gpg: Changed the format of key listings. To revert to the old
+ format the option --legacy-list-mode is available.
* gpg: Add experimental signature support using curve Ed25519 and
with a patched Libgcrypt also encryption support with Curve25519.
+ [Update: this encryption support has been removed from 2.1.0 until
+ we have agreed on a suitable format.]
* gpg: Allow use of Brainpool curves.
@@ -138,9 +146,6 @@ Noteworthy changes in version 2.1.0-beta442 (2014-06-05)
* gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
communication with the gpg-agent.
- * gpg: Changed the format of key listings. To revert to the old
- format the option --legacy-list-mode is available.
-
* gpg: New option --pinentry-mode.
* gpg: Fixed decryption using an OpenPGP card.
@@ -201,111 +206,110 @@ Noteworthy changes in version 2.1.0-beta442 (2014-06-05)
* All kind of other improvements - see the git log.
-Noteworthy changes in version 2.1.0beta3 (2011-12-20)
------------------------------------------------------
+ [Noteworthy changes in version 2.1.0beta3 (2011-12-20)]
- * Fixed regression in GPG's secret key export function.
+ * gpg: Fixed regression in the secret key export function.
- * Allowj generation of card keys up to 4096 bit.
+ * gpg: Allow generation of card keys up to 4096 bit.
- * Support the SSH confirm flag.
+ * gpgsm: Preliminary support for the validation model "steed".
- * The Assuan commands KILLAGENT and KILLSCD are working again.
+ * gpgsm: Improved certificate creation.
- * SCdaemon does not anymore block after changing a card (regression
- fix).
+ * agent: Support the SSH confirm flag.
- * gpg-connect-agent does now proberly display the help output for
- "SCD HELP" commands.
+ * agent: New option to select a passphrase mode. The loopback
+ mode may be used to bypass Pinentry.
- * Preliminary support for the GPGSM validation model "steed".
+ * agent: The Assuan commands KILLAGENT and KILLSCD are working again.
- * Improved certificate creation in GPGSM.
+ * scdaemon: Does not anymore block after changing a card (regression
+ fix).
- * New option for GPG_AGENT to select a passphrase mode. The loopback
- mode may be used to bypass Pinentry.
+ * tools: gpg-connect-agent does now proberly display the help output
+ for "SCD HELP" commands.
-Noteworthy changes in version 2.1.0beta2 (2011-03-08)
------------------------------------------------------
+ [Noteworthy changes in version 2.1.0beta2 (2011-03-08)]
- * TMPDIR is now also honored when creating a socket using
- --no-standard-socket and with symcryptrun's temp files.
+ * gpg: ECC support as described by draft-jivsov-openpgp-ecc-06.txt
+ [Update: now known as RFC-6637].
- * Fixed a bug where SCdaemon sends a signal to Gpg-agent running in
- non-daemon mode.
+ * gpg: Print "AES128" instead of "AES". This change introduces a
+ little incompatibility for tools using "gpg --list-config". We
+ hope that these tools are written robust enough to accept this new
+ algorithm name as well.
- * Print "AES128" instead of "AES". This change introduces a little
- incompatibility for tools using "gpg --list-config". We hope that
- these tools are written robust enough to accept this new algorithm
- name as well.
+ * gpgsm: New feature to create certificates from a parameter file.
+ Add prompt to the --gen-key UI to create self-signed certificates.
- * Fixed CRL loading under W32 (bug#1010).
+ * agent: TMPDIR is now also honored when creating a socket using
+ the --no-standard-socket option and with symcryptrun's temp files.
- * Fixed TTY management for pinentries and session variable update
- problem.
+ * scdaemon: Fixed a bug where scdaemon sends a signal to gpg-agent
+ running in non-daemon mode.
+
+ * dirmngr: Fixed CRL loading under W32 (bug#1010).
* Dirmngr has taken over the function of the keyserver helpers. Thus
we now have a specified direct interface to keyservers via Dirmngr.
LDAP, DNS and mail backends are not yet implemented.
- * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt.
-
- * New GPGSM feature to create certificates from a parameter file.
- Add prompt to the --gen-key UI to create self-signed certificates.
+ * Fixed TTY management for pinentries and session variable update
+ problem.
-Noteworthy changes in version 2.1.0beta1 (2010-10-26)
------------------------------------------------------
+ [Noteworthy changes in version 2.1.0beta1 (2010-10-26)]
- * Encrypted OpenPGP messages with trailing data (e.g. other OpenPGP
- packets) are now correctly parsed.
+ * gpg: secring.gpg is not anymore used but all secret key operations
+ are delegated to gpg-agent. The import command moves secret keys
+ to the agent.
- * The GPGSM --audit-log feature is now more complete.
+ * gpg: The OpenPGP import command is now able to merge secret keys.
- * The G13 tool for disk encryption key management has been added.
+ * gpg: Encrypted OpenPGP messages with trailing data (e.g. other
+ OpenPGP packets) are now correctly parsed.
- * The default for --include-cert is now to include all certificates
- in the chain except for the root certificate.
+ * gpg: Given sufficient permissions Dirmngr is started automagically.
- * Numerical values may now be used as an alternative to the
- debug-level keywords.
+ * gpg: Fixed output of "gpgconf --check-options".
- * Support DNS lookups for SRV, PKA and CERT on W32.
+ * gpg: Removed options --export-options(export-secret-subkey-passwd)
+ and --simple-sk-checksum.
- * New GPGSM option --ignore-cert-extension.
+ * gpg: New options --try-secret-key.
- * New and changed passphrases are now created with an iteration count
- requiring about 100ms of CPU work.
+ * gpg: Support DNS lookups for SRV, PKA and CERT on W32.
- * Support for Windows CE.
+ * gpgsm: The --audit-log feature is now more complete.
- * If the agent's --use-standard-socket option is active, all tools
- try to start and daemonize the agent on the fly. In the past this
- was only supported on W32; on non-W32 systems the new configure
- option --disable-standard-socket may now be used to disable this
- new default.
+ * gpgsm: The default for --include-cert is now to include all
+ certificates in the chain except for the root certificate.
- * Dirmngr is now a part of this package. Dirmngr is now also
- expected to run as a system service and the configuration
- directories are changed to the GnuPG name space.
+ * gpgsm: New option --ignore-cert-extension.
- * Given sufficient permissions Dirmngr is started automagically.
+ * g13: The G13 tool for disk encryption key management has been
+ added.
- * Fixed output of "gpgconf --check-options".
+ * agent: If the agent's --use-standard-socket option is active, all
+ tools try to start and daemonize the agent on the fly. In the past
+ this was only supported on W32; on non-W32 systems the new
+ configure option --disable-standard-socket may now be used to
+ disable this new default.
- * GPG does not anymore use secring.gpg but delegates all secret key
- operations to gpg-agent. The import command moves secret keys to
- the agent.
+ * agent: New and changed passphrases are now created with an
+ iteration count requiring about 100ms of CPU work.
- * The OpenPGP import command is now able to merge secret keys.
+ * dirmngr: Dirmngr is now a part of this package. It is now also
+ expected to run as a system service and the configuration
+ directories are changed to the GnuPG name space. [Update: 2.1.0
+ starts dirmngr on demand as user daemon.]
- * Removed GPG options:
- --export-options: export-secret-subkey-passwd
- --simple-sk-checksum
+ * Support for Windows CE. [Update: This has not been tested for the
+ 2.1.0 release]
- * New GPG options:
- --try-secret-key
+ * Numerical values may now be used as an alternative to the
+ debug-level keywords.
Noteworthy changes in version 2.0.13 (2009-09-04)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 186 ++++++++++++++++++++++++++++++++++--------------------------------
1 file changed, 95 insertions(+), 91 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Oct 27 18:09:49 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 27 Oct 2014 18:09:49 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-3-g158fe90
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 158fe900183daf745821dea7a70cf1c673cd8de0 (commit)
via a59a8664592e7b66a31bbf0b79e1d2f5b45027ff (commit)
from 436aa90be753b59bfb82684ae9ed8ff40b8c14ae (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 158fe900183daf745821dea7a70cf1c673cd8de0
Author: Werner Koch
Date: Mon Oct 27 18:02:46 2014 +0100
speedo: Fixes for native build.
* build-aux/speedo.mk (TARGETOS): Init with empty string.
(speedo_pkg_gnupg_configure): Use --enable-gpg2-is-gpg only for w32.
(INST_VERSION, INST_PROD_VERSION): Create only for w32.
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 6d344f1..4f716d4 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -108,7 +108,7 @@ this-w32-source: check-tools
WHAT=git
# Set target to "native" or "w32"
-TARGETOS=w32
+TARGETOS=
# Set to 1 to build the GUI tools
WITH_GUI=0
@@ -382,16 +382,23 @@ speedo_pkg_libgcrypt_configure = --disable-static
speedo_pkg_libksba_configure = --disable-static
+ifeq ($(TARGETOS),w32)
speedo_pkg_gnupg_configure = --enable-gpg2-is-gpg --disable-g13
+else
+speedo_pkg_gnupg_configure = --disable-g13
+endif
speedo_pkg_gnupg_extracflags = -g
+# Create the version info files only for W32 so that they won't get
+# installed if for example INSTALL_PREFIX=/usr/local is used.
+ifeq ($(TARGETOS),w32)
define speedo_pkg_gnupg_post_install
(set -e; \
sed -n 's/.*PACKAGE_VERSION "\(.*\)"/\1/p' config.h >$(idir)/INST_VERSION; \
sed -n 's/.*W32INFO_VI_PRODUCTVERSION \(.*\)/\1/p' common/w32info-rc.h \
|sed 's/,/./g' >$(idir)/INST_PROD_VERSION )
endef
-
+endif
# The LDFLAGS is needed for -lintl for glib.
speedo_pkg_gpgme_configure = \
@@ -566,13 +573,19 @@ endif
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
# The next two macros will work only after gnupg has been build.
+ifeq ($(TARGETOS),w32)
INST_VERSION=$(shell head -1 $(idir)/INST_VERSION)
INST_PROD_VERSION=$(shell head -1 $(idir)/INST_PROD_VERSION)
+endif
# List with packages
speedo_build_list = $(speedo_spkgs)
speedo_w64_build_list = $(speedo_w64_spkgs)
+# To avoid running external commands during the read phase (":=" style
+# assignments), we check that the targetos has been given
+ifneq ($(TARGETOS),)
+
# Determine build and host system
build := $(shell $(topsrc)/autogen.sh --silent --print-build)
ifeq ($(TARGETOS),w32)
@@ -596,6 +609,9 @@ else
speedo_makeopt=-j$(MAKE_J)
endif
+# End non-empty TARGETOS
+endif
+
# The playground area is our scratch area, where we unpack, build and
@@ -975,6 +991,8 @@ clean-speedo:
#
# Windows installer
#
+# {{{
+ifeq ($(TARGETOS),w32)
dist-source: all
for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
@@ -1028,6 +1046,10 @@ installer: all w32_insthelpers $(w32src)/inst-options.ini $(bdir)/README.txt
$(w32src)/inst.nsi
@echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)"
+endif
+# }}} W32
+
+
#
# Check availibility of standard tools
#
commit a59a8664592e7b66a31bbf0b79e1d2f5b45027ff
Author: Werner Koch
Date: Mon Oct 27 14:12:51 2014 +0100
po: Fixed one wrong German string.
--
diff --git a/po/de.po b/po/de.po
index 799291e..ec1ea50 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-10-26 12:38+0100\n"
+"PO-Revision-Date: 2014-10-27 14:12+0100\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -7795,7 +7795,7 @@ msgid "Directory Manager"
msgstr "Directory Manager"
msgid "PIN and Passphrase Entry"
-msgstr "Falsche PIN oder Passphrase!"
+msgstr "PIN und Passphrase Eingabe"
msgid "Component not suitable for launching"
msgstr "Komponente unterst?tzt kein direktes starten"
-----------------------------------------------------------------------
Summary of changes:
build-aux/speedo.mk | 26 ++++++++++++++++++++++++--
po/de.po | 4 ++--
2 files changed, 26 insertions(+), 4 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Oct 29 17:29:39 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 29 Oct 2014 17:29:39 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-6-g982a6e6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 982a6e6e55aa0adde2ca0f21216cc31a730c5817 (commit)
via 0d73a242cb53522669cf712b5ece7d1ed05d003a (commit)
via f5592fcff308007322a201c970a6d5e8763c9fe3 (commit)
from 158fe900183daf745821dea7a70cf1c673cd8de0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 982a6e6e55aa0adde2ca0f21216cc31a730c5817
Author: Werner Koch
Date: Wed Oct 29 17:10:03 2014 +0100
po: Add a new German translation
--
Also fixed a typo in the docs.
diff --git a/doc/tools.texi b/doc/tools.texi
index 030f269..d9ce81e 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1062,7 +1062,7 @@ machine startup.
Passphrases set with this utility don't expire unless the
@option{--forget} option is used to explicitly clear them from the
cache --- or @command{gpg-agent} is either restarted or reloaded (by
-sending a SIGHUP to it). Nite that the maximum cache time as set with
+sending a SIGHUP to it). Note that the maximum cache time as set with
@option{--max-cache-ttl} is still honored. It is necessary to allow
this passphrase presetting by starting @command{gpg-agent} with the
@option{--allow-preset-passphrase}.
diff --git a/po/de.po b/po/de.po
index ec1ea50..f15de3c 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-10-27 14:12+0100\n"
+"PO-Revision-Date: 2014-10-29 17:05+0100\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -963,6 +963,9 @@ msgstr "Schl?sselwort ist zu lang"
msgid "missing argument"
msgstr "Fehlendes Argument"
+msgid "invalid argument"
+msgstr "Ung?ltiges Argument"
+
msgid "invalid command"
msgstr "Ung?ltiger Befehl"
@@ -980,6 +983,10 @@ msgid "missing argument for option \"%.50s\"\n"
msgstr "Fehlendes Argument f?r Option \"%.50s\"\n"
#, c-format
+msgid "invalid argument for option \"%.50s\"\n"
+msgstr "Ung?ltiges Argument f?r Option \"%.50s\"\n"
+
+#, c-format
msgid "option \"%.50s\" does not expect an argument\n"
msgstr "Option \"%.50s\" erwartet kein Argument\n"
commit 0d73a242cb53522669cf712b5ece7d1ed05d003a
Author: Werner Koch
Date: Wed Oct 29 17:07:51 2014 +0100
common: Check option arguments for a valid range.
* common/argparse.h (ARGPARSE_INVALID_ARG): New.
* common/argparse.c: Include limits h and errno.h.
(initialize): Add error strings for new error constant.
(set_opt_arg): Add range checking.
Signed-off-by: Werner Koch
diff --git a/common/argparse.c b/common/argparse.c
index c713bf6..844c170 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -39,6 +39,8 @@
#include
#include
#include
+#include
+#include
#include "libjnlib-config.h"
#include "mischelp.h"
@@ -262,6 +264,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
s = _("keyword too long");
else if ( arg->r_opt == ARGPARSE_MISSING_ARG )
s = _("missing argument");
+ else if ( arg->r_opt == ARGPARSE_INVALID_ARG )
+ s = _("invalid argument");
else if ( arg->r_opt == ARGPARSE_INVALID_COMMAND )
s = _("invalid command");
else if ( arg->r_opt == ARGPARSE_INVALID_ALIAS )
@@ -278,6 +282,8 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno )
if ( arg->r_opt == ARGPARSE_MISSING_ARG )
jnlib_log_error (_("missing argument for option \"%.50s\"\n"), s);
+ else if ( arg->r_opt == ARGPARSE_INVALID_ARG )
+ jnlib_log_error (_("invalid argument for option \"%.50s\"\n"), s);
else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG )
jnlib_log_error (_("option \"%.50s\" does not expect an "
"argument\n"), s );
@@ -588,7 +594,7 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno,
p[strlen(p)-1] = 0;
}
if (!set_opt_arg (arg, opts[idx].flags, p))
- jnlib_free(buffer);
+ jnlib_free(buffer);
}
}
break;
@@ -1032,23 +1038,54 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts)
}
-
+/* Returns: -1 on error, 0 for an integer type and 1 for a non integer
+ type argument. */
static int
-set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s)
+set_opt_arg (ARGPARSE_ARGS *arg, unsigned flags, char *s)
{
int base = (flags & ARGPARSE_OPT_PREFIX)? 0 : 10;
+ long l;
switch ( (arg->r_type = (flags & ARGPARSE_TYPE_MASK)) )
{
- case ARGPARSE_TYPE_INT:
- arg->r.ret_int = (int)strtol(s,NULL,base);
- return 0;
case ARGPARSE_TYPE_LONG:
- arg->r.ret_long= strtol(s,NULL,base);
+ case ARGPARSE_TYPE_INT:
+ errno = 0;
+ l = strtol (s, NULL, base);
+ if ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE)
+ {
+ arg->r_opt = ARGPARSE_INVALID_ARG;
+ return -1;
+ }
+ if (arg->r_type == ARGPARSE_TYPE_LONG)
+ arg->r.ret_long = l;
+ else if ( (l < 0 && l < INT_MIN) || l > INT_MAX )
+ {
+ arg->r_opt = ARGPARSE_INVALID_ARG;
+ return -1;
+ }
+ else
+ arg->r.ret_int = (int)l;
return 0;
+
case ARGPARSE_TYPE_ULONG:
- arg->r.ret_ulong= strtoul(s,NULL,base);
+ while (isascii (*s) && isspace(*s))
+ s++;
+ if (*s == '-')
+ {
+ arg->r.ret_ulong = 0;
+ arg->r_opt = ARGPARSE_INVALID_ARG;
+ return -1;
+ }
+ errno = 0;
+ arg->r.ret_ulong = strtoul (s, NULL, base);
+ if (arg->r.ret_ulong == ULONG_MAX && errno == ERANGE)
+ {
+ arg->r_opt = ARGPARSE_INVALID_ARG;
+ return -1;
+ }
return 0;
+
case ARGPARSE_TYPE_STRING:
default:
arg->r.ret_str = s;
diff --git a/common/argparse.h b/common/argparse.h
index 29c7b62..471cf74 100644
--- a/common/argparse.h
+++ b/common/argparse.h
@@ -190,6 +190,7 @@ typedef struct
#define ARGPARSE_AMBIGUOUS_COMMAND (-9)
#define ARGPARSE_INVALID_ALIAS (-10)
#define ARGPARSE_OUT_OF_CORE (-11)
+#define ARGPARSE_INVALID_ARG (-12)
int arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts);
commit f5592fcff308007322a201c970a6d5e8763c9fe3
Author: Werner Koch
Date: Wed Oct 29 15:41:28 2014 +0100
Fix stdint.h problem for Apple.
* gl/stdint_.h [__APPLE__]: Include hack.
--
Patch suggested by Patrick Brunschwig.
diff --git a/gl/stdint_.h b/gl/stdint_.h
index 19577e7..1118e8d 100644
--- a/gl/stdint_.h
+++ b/gl/stdint_.h
@@ -55,6 +55,13 @@
# include @ABSOLUTE_STDINT_H@
#endif
+#ifdef __APPLE__
+ /* Apple's implementation of is bugy; we therefore use
+ the source definitions. */
+# include <_types/_intmax_t.h>
+# include <_types/_uintmax_t.h>
+#endif
+
/* defines some of the stdint.h types as well, on glibc,
IRIX 6.5, and OpenBSD 3.8 (via ).
MacOS X 10.4.6 includes (which is us), but
-----------------------------------------------------------------------
Summary of changes:
common/argparse.c | 53 +++++++++++++++++++++++++++++++++++++++++++++--------
common/argparse.h | 1 +
doc/tools.texi | 2 +-
gl/stdint_.h | 7 +++++++
po/de.po | 9 ++++++++-
5 files changed, 62 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Oct 30 09:58:37 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 30 Oct 2014 09:58:37 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-7-g9546aa3
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9546aa3cc87fc83a40768a12fbbceb19496ce129 (commit)
from 982a6e6e55aa0adde2ca0f21216cc31a730c5817 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9546aa3cc87fc83a40768a12fbbceb19496ce129
Author: Werner Koch
Date: Thu Oct 30 09:55:51 2014 +0100
tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.
Signed-off-by: Werner Koch
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index af91506..3f03ff4 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -81,6 +81,7 @@ enum cmd_and_opt_values
oDebugAll,
oDebugLevel,
oDebugWait,
+ oDebugQuickRandom,
oNoGreeting,
oNoOptions,
oHomedir,
@@ -149,6 +150,7 @@ static ARGPARSE_OPTS opts[] = {
{ oDebugAll, "debug-all" ,0, "@"},
{ oDebugLevel, "debug-level" ,2, "@"},
{ oDebugWait,"debug-wait",1, "@"},
+ ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"),
{ oNoDetach, "no-detach" ,0, N_("do not detach from the console")},
{ oNoGrab, "no-grab" ,0, N_("do not grab keyboard and mouse")},
{ oLogFile, "log-file" ,2, N_("use a log file for the server")},
@@ -730,6 +732,11 @@ main (int argc, char **argv )
default_config = 0; /* --no-options */
else if (pargs.r_opt == oHomedir)
opt.homedir = pargs.r.ret_str;
+ else if (pargs.r_opt == oDebugQuickRandom)
+ {
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ }
+
}
/* Initialize the secure memory. */
@@ -847,6 +854,10 @@ main (int argc, char **argv )
# endif
break;
+ case oDebugQuickRandom:
+ /* Only used by the first stage command line parser. */
+ break;
+
case oWriteEnvFile: /* dummy */ break;
default : pargs.err = configfp? 1:2; break;
diff --git a/common/asshelp.c b/common/asshelp.c
index e97d396..3fc28a1 100644
--- a/common/asshelp.c
+++ b/common/asshelp.c
@@ -363,7 +363,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
assuan_context_t ctx;
int did_success_msg = 0;
char *sockname;
- const char *argv[5];
+ const char *argv[6];
*r_ctx = NULL;
@@ -380,10 +380,31 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
{
char *abs_homedir;
lock_spawn_t lock;
+ char *program = NULL;
+ const char *program_arg = NULL;
+ char *p;
+ const char *s;
+ int i;
/* With no success start a new server. */
if (!agent_program || !*agent_program)
agent_program = gnupg_module_name (GNUPG_MODULE_NAME_AGENT);
+ else if ((s=strchr (agent_program, '|')) && s[1] == '-' && s[2]=='-')
+ {
+ /* Hack to insert an additional option on the command line. */
+ program = xtrystrdup (agent_program);
+ if (!program)
+ {
+ gpg_error_t tmperr = gpg_err_make (errsource,
+ gpg_err_code_from_syserror ());
+ xfree (sockname);
+ assuan_release (ctx);
+ return tmperr;
+ }
+ p = strchr (program, '|');
+ *p++ = 0;
+ program_arg = p;
+ }
if (verbose)
log_info (_("no running gpg-agent - starting '%s'\n"),
@@ -404,6 +425,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
log_error ("error building filename: %s\n",gpg_strerror (tmperr));
xfree (sockname);
assuan_release (ctx);
+ xfree (program);
return tmperr;
}
@@ -416,30 +438,32 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
xfree (sockname);
assuan_release (ctx);
xfree (abs_homedir);
+ xfree (program);
return tmperr;
}
/* If the agent has been configured for use with a standard
socket, an environment variable is not required and thus
we we can savely start the agent here. */
-
- argv[0] = "--homedir";
- argv[1] = abs_homedir;
- argv[2] = "--use-standard-socket";
- argv[3] = "--daemon";
- argv[4] = NULL;
+ i = 0;
+ argv[i++] = "--homedir";
+ argv[i++] = abs_homedir;
+ argv[i++] = "--use-standard-socket";
+ if (program_arg)
+ argv[i++] = program_arg;
+ argv[i++] = "--daemon";
+ argv[i++] = NULL;
if (!(err = lock_spawning (&lock, homedir, "agent", verbose))
&& assuan_socket_connect (ctx, sockname, 0, 0))
{
- err = gnupg_spawn_process_detached (agent_program, argv,NULL);
+ err = gnupg_spawn_process_detached (program? program : agent_program,
+ argv, NULL);
if (err)
log_error ("failed to start agent '%s': %s\n",
agent_program, gpg_strerror (err));
else
{
- int i;
-
for (i=0; i < SECS_TO_WAIT_FOR_AGENT; i++)
{
if (verbose)
@@ -462,6 +486,7 @@ start_new_gpg_agent (assuan_context_t *r_ctx,
unlock_spawning (&lock, "agent");
xfree (abs_homedir);
+ xfree (program);
}
xfree (sockname);
if (err)
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index 7eadf59..a4079d7 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -293,6 +293,14 @@ When running in server mode, wait @var{n} seconds before entering the
actual processing loop and print the pid. This gives time to attach a
debugger.
+ at item --debug-quick-random
+ at opindex debug-quick-random
+This option inhibits the use the very secure random quality level
+(Libgcrypt?s @code{GCRY_VERY_STRONG_RANDOM}) and degrades all request
+down to standard random quality. It is only used for testing and
+shall not be used for any production quality keys. This option is
+only effective when given on the command line.
+
@item --no-detach
@opindex no-detach
Don't detach the process from the console. This is mainly useful for
diff --git a/doc/gpg.texi b/doc/gpg.texi
index cddf462..e894f5c 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1710,7 +1710,10 @@ This is dummy option. It has no effect when used with @command{gpg2}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/bin/gpg-agent}.
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
@ifclear gpgtwoone
This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index bc6326c..34b6024 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -358,7 +358,9 @@ Change the default name of the policy file to @var{filename}.
@item --agent-program @var{file}
@opindex agent-program
Specify an agent program to be used for secret key operations. The
-default value is the @file{/usr/local/bin/gpg-agent}.
+default value is determined by running the command @command{gpgconf}.
+Note that the pipe symbol (@code{|}) is used for a regression test
+suite hack and may thus not be used in the file name.
@ifclear gpgtwoone
This is only used
as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
diff --git a/doc/tools.texi b/doc/tools.texi
index d9ce81e..d556b6d 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1199,7 +1199,11 @@ Try to be as quiet as possible.
@item --agent-program @var{file}
@opindex agent-program
-Specify the agent program to be started if none is running.
+Specify the agent program to be started if none is running. The
+default value is determined by running @command{gpgconf} with the
+option @option{--list-dirs}. Note that the pipe symbol (@code{|}) is
+used for a regression test suite hack and may thus not be used in the
+file name.
@ifset gpgtwoone
@item --dirmngr-program @var{file}
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index b7320d5..941f786 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -244,10 +244,9 @@ for f in gpg.conf gpg-agent.conf ; do
case "$f" in
gpg.conf)
[ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
- echo "agent-program $GPG_AGENT" >>"$f"
+ echo "agent-program ${GPG_AGENT}|--debug-quick-random" >>"$f"
echo "allow-weak-digest-algos" >>"$f"
-
- ;;
+ ;;
gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f"
;;
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index cae8b68..057bcf0 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -39,9 +39,12 @@ done
# create a faked random seed file. Note that we need to set the
# agent-program so that gpg-connect-agent is able to start the agent
# we are currently testing and not an already installed one.
+# The "|--debug-quick-random" is a hack to start gpg-agent with
+# that option on the command line.
info "Starting the agent"
$MKTDATA 600 >random_seed
-if $GPG_CONNECT_AGENT -v --agent-program="$GPG_AGENT" /bye; then
+if $GPG_CONNECT_AGENT -v \
+ --agent-program="${GPG_AGENT}|--debug-quick-random" /bye; then
:
else
error "starting the gpg-agent failed"
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 11 +++++++++++
common/asshelp.c | 45 ++++++++++++++++++++++++++++++++++----------
doc/gpg-agent.texi | 8 ++++++++
doc/gpg.texi | 5 ++++-
doc/gpgsm.texi | 4 +++-
doc/tools.texi | 6 +++++-
tests/openpgp/defs.inc | 5 ++---
tests/openpgp/version.test | 5 ++++-
8 files changed, 72 insertions(+), 17 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 31 09:24:17 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 31 Oct 2014 09:24:17 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-10-g433208a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 433208a5536608c2b40525eebadbbdeb7780d7f2 (commit)
via cb46e32628de9c2a764b19ef092d4f504c948bd0 (commit)
via b47fe2b14e2a610706bdeff9dbd9a5f7bd6f6b3a (commit)
from 9546aa3cc87fc83a40768a12fbbceb19496ce129 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 433208a5536608c2b40525eebadbbdeb7780d7f2
Author: Werner Koch
Date: Fri Oct 31 09:22:47 2014 +0100
gpg: Fix testing for secret key availability.
* g10/getkey.c (have_secret_key_with_kid): Do not change the search
mode.
--
The search mode was accidentally changed to search-next after finding
the first keyblock. The intention was to look for a duplicate keyid
in the keydb which works by not doing a keydb_search_reset.
Signed-off-by: Werner Koch
diff --git a/g10/getkey.c b/g10/getkey.c
index 2ddd589..279b3d9 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3012,7 +3012,6 @@ have_secret_key_with_kid (u32 *keyid)
desc.u.kid[1] = keyid[1];
while (!result && !(err = keydb_search (kdbhd, &desc, 1, NULL)))
{
- desc.mode = KEYDB_SEARCH_MODE_NEXT;
err = keydb_get_keyblock (kdbhd, &keyblock);
if (err)
{
commit cb46e32628de9c2a764b19ef092d4f504c948bd0
Author: Werner Koch
Date: Fri Oct 31 09:14:03 2014 +0100
gpg: Remove commented code.
--
diff --git a/g10/getkey.c b/g10/getkey.c
index 4f10c18..2ddd589 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3041,146 +3041,3 @@ have_secret_key_with_kid (u32 *keyid)
keydb_release (kdbhd);
return result;
}
-
-
-
-#if 0
-/*
- * Merge the secret keys from secblock into the pubblock thereby
- * replacing the public (sub)keys with their secret counterparts Hmmm:
- * It might be better to get away from the concept of entire secret
- * keys at all and have a way to store just the real secret parts
- * from the key.
- *
- * FIXME: this is not anymore needed but we keep it as example code for the
- * new code we need to write for the import/export feature.
- */
-static void
-merge_public_with_secret (KBNODE pubblock, KBNODE secblock)
-{
- KBNODE pub;
-
- assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
- assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
-
- for (pub = pubblock; pub; pub = pub->next)
- {
- if (pub->pkt->pkttype == PKT_PUBLIC_KEY)
- {
- PKT_public_key *pk = pub->pkt->pkt.public_key;
- PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
- assert (pub == pubblock); /* Only in the first node. */
- /* There is nothing to compare in this case, so just replace
- * some information. */
- copy_public_parts_to_secret_key (pk, sk);
- free_public_key (pk);
- pub->pkt->pkttype = PKT_SECRET_KEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- }
- else if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- /* This is more complicated: It may happen that the sequence
- * of the subkeys dosn't match, so we have to find the
- * appropriate secret key. */
- for (sec = secblock->next; sec; sec = sec->next)
- {
- if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if (!cmp_public_secret_key (pk, sk))
- {
- copy_public_parts_to_secret_key (pk, sk);
- free_public_key (pk);
- pub->pkt->pkttype = PKT_SECRET_SUBKEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- break;
- }
- }
- }
- if (!sec)
- BUG (); /* Already checked in premerge. */
- }
- }
-}
-
-
-/* This function checks that for every public subkey a corresponding
- * secret subkey is available and deletes the public subkey otherwise.
- * We need this function because we can't delete it later when we
- * actually merge the secret parts into the pubring.
- * The function also plays some games with the node flags.
- *
- * FIXME: this is not anymore needed but we keep it as example code for the
- * new code we need to write for the import/export feature.
- */
-static void
-premerge_public_with_secret (KBNODE pubblock, KBNODE secblock)
-{
- KBNODE last, pub;
-
- assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
- assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
-
- for (pub = pubblock, last = NULL; pub; last = pub, pub = pub->next)
- {
- pub->flag &= ~3; /* Reset bits 0 and 1. */
- if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
- {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- for (sec = secblock->next; sec; sec = sec->next)
- {
- if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
- {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if (!cmp_public_secret_key (pk, sk))
- {
- if (sk->protect.s2k.mode == 1001)
- {
- /* The secret parts are not available so
- we can't use that key for signing etc.
- Fix the pubkey usage */
- pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
- | PUBKEY_USAGE_AUTH);
- }
- /* Transfer flag bits 0 and 1 to the pubblock. */
- pub->flag |= (sec->flag & 3);
- break;
- }
- }
- }
- if (!sec)
- {
- KBNODE next, ll;
-
- if (opt.verbose)
- log_info (_("no secret subkey"
- " for public subkey %s - ignoring\n"),
- keystr_from_pk (pk));
- /* We have to remove the subkey in this case. */
- assert (last);
- /* Find the next subkey. */
- for (next = pub->next, ll = pub;
- next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- ll = next, next = next->next)
- ;
- /* Make new link. */
- last->next = next;
- /* Release this public subkey with all sigs. */
- ll->next = NULL;
- release_kbnode (pub);
- /* Let the loop continue. */
- pub = last;
- }
- }
- }
- /* We need to copy the found bits (0 and 1) from the secret key to
- the public key. This has already been done for the subkeys but
- got lost on the primary key - fix it here. */
- pubblock->flag |= (secblock->flag & 3);
-}
-#endif /*0*/
commit b47fe2b14e2a610706bdeff9dbd9a5f7bd6f6b3a
Author: Werner Koch
Date: Fri Oct 31 08:04:38 2014 +0100
build: Avoid distributing backup files etc.
* Makefile.am (EXTRA_DIST): Do not include directories.
--
The make dist rules uses "cp -R" for each listed file. Thus all cruft
from a directory is also put into the tarball. Obviously we do not
want this.
Signed-off-by: Werner Koch
diff --git a/Makefile.am b/Makefile.am
index 286038e..466c011 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,7 +30,6 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
build-aux/getswdb.sh \
build-aux/speedo.mk \
build-aux/speedo/zlib.pc \
- build-aux/speedo/w32 \
build-aux/speedo/w32/inst-options.ini \
build-aux/speedo/w32/inst.nsi \
build-aux/speedo/w32/pkg-copyright.txt \
@@ -39,7 +38,6 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \
build-aux/speedo/w32/gdk-pixbuf-loaders.cache \
build-aux/speedo/w32/exdll.h \
build-aux/speedo/w32/README.txt \
- build-aux/speedo/patches \
build-aux/speedo/patches/atk-1.32.0.patch \
build-aux/speedo/patches/libiconv-1.14.patch \
build-aux/speedo/patches/pango-1.29.4.patch
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 2 -
g10/getkey.c | 144 ----------------------------------------------------------
2 files changed, 146 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 31 10:37:03 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 31 Oct 2014 10:37:03 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-11-g28ae8ad
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 28ae8ad70b3b802e67344468a4765eee6e291c68 (commit)
from 433208a5536608c2b40525eebadbbdeb7780d7f2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 28ae8ad70b3b802e67344468a4765eee6e291c68
Author: Werner Koch
Date: Fri Oct 31 10:29:02 2014 +0100
gpg: Fix --rebuild-keydb-caches.
* g10/parse-packet.c (parse_key): Store even unsupported packet
versions.
* g10/keyring.c (keyring_rebuild_cache): Do not copy keys with
versions less than 4.
--
That function, which is implicitly called while checking the keydb, led
to corruption of v3 key packets in the keyring which would later spit
out "packet(6)too short" messages.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index d371b80..908a12b 100644
--- a/NEWS
+++ b/NEWS
@@ -8,7 +8,8 @@ Noteworthy changes in version 2.1.0 (unreleased)
used.
* gpg: All support for v3 (PGP 2) keys has been dropped. All
- signatures are now created as v4 signatures.
+ signatures are now created as v4 signatures. v3 keys will be
+ removed from the keyring.
* gpg: With pinentry-0.9.0 the passphrase "enter again" prompt shows
up in the same window as the "new passphrase" prompt.
diff --git a/g10/keyring.c b/g10/keyring.c
index 6f75b6a..a1936b3 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1409,40 +1409,51 @@ keyring_rebuild_cache (void *token,int noisy)
goto leave;
}
- /* check all signature to set the signature's cache flags */
- for (node=keyblock; node; node=node->next)
+ if (keyblock->pkt->pkt.public_key->version < 4)
{
- /* Note that this doesn't cache the result of a revocation
- issued by a designated revoker. This is because the pk
- in question does not carry the revkeys as we haven't
- merged the key and selfsigs. It is questionable whether
- this matters very much since there are very very few
- designated revoker revocation packets out there. */
-
- if (node->pkt->pkttype == PKT_SIGNATURE)
+ /* We do not copy/cache v3 keys or any other unknown
+ packets. It is better to remove them from the keyring.
+ The code required to keep them in the keyring would be
+ too complicated. Given that we do not touch the old
+ secring.gpg a suitable backup for decryption of v3 stuff
+ using an older gpg version will always be available. */
+ }
+ else
+ {
+ /* Check all signature to set the signature's cache flags. */
+ for (node=keyblock; node; node=node->next)
{
- PKT_signature *sig=node->pkt->pkt.signature;
+ /* Note that this doesn't cache the result of a
+ revocation issued by a designated revoker. This is
+ because the pk in question does not carry the revkeys
+ as we haven't merged the key and selfsigs. It is
+ questionable whether this matters very much since
+ there are very very few designated revoker revocation
+ packets out there. */
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig=node->pkt->pkt.signature;
- if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
- && (openpgp_md_test_algo(sig->digest_algo)
- || openpgp_pk_test_algo(sig->pubkey_algo)))
- sig->flags.checked=sig->flags.valid=0;
- else
- check_key_signature (keyblock, node, NULL);
+ if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
+ && (openpgp_md_test_algo(sig->digest_algo)
+ || openpgp_pk_test_algo(sig->pubkey_algo)))
+ sig->flags.checked=sig->flags.valid=0;
+ else
+ check_key_signature (keyblock, node, NULL);
- sigcount++;
+ sigcount++;
+ }
}
- }
- /* write the keyblock to the temporary file */
- rc = write_keyblock (tmpfp, keyblock);
- if (rc)
- goto leave;
-
- if ( !(++count % 50) && noisy && !opt.quiet)
- log_info(_("%lu keys cached so far (%lu signatures)\n"),
- count, sigcount );
+ /* Write the keyblock to the temporary file. */
+ rc = write_keyblock (tmpfp, keyblock);
+ if (rc)
+ goto leave;
+ if ( !(++count % 50) && noisy && !opt.quiet)
+ log_info(_("%lu keys cached so far (%lu signatures)\n"),
+ count, sigcount );
+ }
} /* end main loop */
if (rc == -1)
rc = 0;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 7787825..039f085 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1953,6 +1953,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
log_info ("packet(%d) with obsolete version %d\n", pkttype, version);
if (list_mode)
es_fprintf (listfp, ":key packet: [obsolete version %d]\n", version);
+ pk->version = version;
err = gpg_error (GPG_ERR_INV_PACKET);
goto leave;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++-
g10/keyring.c | 65 ++++++++++++++++++++++++++++++----------------------
g10/parse-packet.c | 1 +
3 files changed, 41 insertions(+), 28 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 31 14:23:58 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 31 Oct 2014 14:23:58 +0100
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-13-gf74ca87
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f74ca872dfc5841025302e8b01ae8e52f73ca5ce (commit)
via 935edf88ab29b2f63afc2a0e3af1b33c92033ab7 (commit)
from 28ae8ad70b3b802e67344468a4765eee6e291c68 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f74ca872dfc5841025302e8b01ae8e52f73ca5ce
Author: Werner Koch
Date: Fri Oct 31 14:21:34 2014 +0100
Add more signing keys.
--
The keys which may be used to sign GnuPG packages are:
rsa2048/4F25E3B6 2011-01-12 [expires: 2019-12-31]
D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
Werner Koch (dist sig)
rsa2048/E0856959 2014-10-29 [expires: 2019-12-31]
46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959
David Shaw (GnuPG Release Signing Key)
rsa2048/33BD3F06 2014-10-29 [expires: 2016-10-28]
031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06
NIIBE Yutaka (GnuPG Release Key)
rsa2048/7EFD60D9 2014-10-19 [expires: 2020-12-31]
D238 EA65 D64C 67ED 4C30 73F2 8A86 1B1C 7EFD 60D9
Werner Koch (Release Signing Key)
These keys are all created and used on tokens. 7EFD60D9 is currently
not used but ready to replace 4F25E3B6 in case the former token break.
diff --git a/g10/distsigkey.gpg b/g10/distsigkey.gpg
index ccef8db..8ad154a 100644
Binary files a/g10/distsigkey.gpg and b/g10/distsigkey.gpg differ
commit 935edf88ab29b2f63afc2a0e3af1b33c92033ab7
Author: Werner Koch
Date: Fri Oct 31 12:15:34 2014 +0100
kbx: Let keydb_search skip unwanted blobs.
* kbx/keybox.h (keybox_blobtype_t): New.
* kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*.
* kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip
non-matching blobs.
* sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search.
* g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search.
--
Without this fix a listing of all keys would fail because the wrong
blob type would be returned for the gpg or gpgsm.
Signed-off-by: Werner Koch
diff --git a/g10/keydb.c b/g10/keydb.c
index c192e06..a2cab18 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -1448,7 +1448,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_search (hd->active[hd->current].u.kb, desc,
- ndesc, descindex, &hd->skipped_long_blobs);
+ ndesc, KEYBOX_BLOBTYPE_PGP,
+ descindex, &hd->skipped_long_blobs);
break;
}
if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF)
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index 35ce3e3..ef72148 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -591,7 +591,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
/* space where we write keyIDs and and other stuff so that the
pointers can actually point to somewhere */
- if (blobtype == BLOBTYPE_PGP)
+ if (blobtype == KEYBOX_BLOBTYPE_PGP)
{
/* We need to store the keyids for all pgp v3 keys because those key
IDs are not part of the fingerprint. While we are doing that, we
@@ -611,7 +611,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
}
}
- if (blobtype == BLOBTYPE_X509)
+ if (blobtype == KEYBOX_BLOBTYPE_X509)
{
/* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
the utf-8 string represenation of them */
@@ -750,7 +750,7 @@ _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
init_membuf (&blob->bufbuf, 1024);
blob->buf = &blob->bufbuf;
- err = create_blob_header (blob, BLOBTYPE_PGP, as_ephemeral);
+ err = create_blob_header (blob, KEYBOX_BLOBTYPE_PGP, as_ephemeral);
if (err)
goto leave;
err = pgp_create_blob_keyblock (blob, image, imagelen);
@@ -937,7 +937,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
init_membuf (&blob->bufbuf, 1024);
blob->buf = &blob->bufbuf;
/* write out what we already have */
- rc = create_blob_header (blob, BLOBTYPE_X509, as_ephemeral);
+ rc = create_blob_header (blob, KEYBOX_BLOBTYPE_X509, as_ephemeral);
if (rc)
goto leave;
rc = x509_create_blob_cert (blob, cert);
@@ -1031,7 +1031,7 @@ _keybox_get_blob_fileoffset (KEYBOXBLOB blob)
void
_keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp)
{
- if (blob->bloblen >= 32 && blob->blob[4] == BLOBTYPE_HEADER)
+ if (blob->bloblen >= 32 && blob->blob[4] == KEYBOX_BLOBTYPE_HEADER)
{
u32 val = make_timestamp ();
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 415a3ef..8d795ab 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -44,14 +44,6 @@
#include "keybox.h"
-enum {
- BLOBTYPE_EMPTY = 0,
- BLOBTYPE_HEADER = 1,
- BLOBTYPE_PGP = 2,
- BLOBTYPE_X509 = 3
-};
-
-
typedef struct keyboxblob *KEYBOXBLOB;
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index dfa8200..5315e84 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -205,17 +205,17 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
type = buffer[4];
switch (type)
{
- case BLOBTYPE_EMPTY:
+ case KEYBOX_BLOBTYPE_EMPTY:
fprintf (fp, "Type: Empty\n");
return 0;
- case BLOBTYPE_HEADER:
+ case KEYBOX_BLOBTYPE_HEADER:
fprintf (fp, "Type: Header\n");
return dump_header_blob (buffer, length, fp);
- case BLOBTYPE_PGP:
+ case KEYBOX_BLOBTYPE_PGP:
fprintf (fp, "Type: OpenPGP\n");
break;
- case BLOBTYPE_X509:
+ case KEYBOX_BLOBTYPE_X509:
fprintf (fp, "Type: X.509\n");
break;
default:
@@ -271,7 +271,7 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
fprintf (fp, "Key-Count: %lu\n", nkeys );
if (!nkeys)
fprintf (fp, "[Error: no keys]\n");
- if (nkeys > 1 && type == BLOBTYPE_X509)
+ if (nkeys > 1 && type == KEYBOX_BLOBTYPE_X509)
fprintf (fp, "[Error: only one key allowed for X509]\n");
keyinfolen = get16 (buffer + 18 );
@@ -321,13 +321,13 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
uidoff = get32( p );
uidlen = get32( p+4 );
- if (type == BLOBTYPE_X509 && !n)
+ if (type == KEYBOX_BLOBTYPE_X509 && !n)
{
fprintf (fp, "Issuer-Off: %lu\n", uidoff );
fprintf (fp, "Issuer-Len: %lu\n", uidlen );
fprintf (fp, "Issuer: \"");
}
- else if (type == BLOBTYPE_X509 && n == 1)
+ else if (type == KEYBOX_BLOBTYPE_X509 && n == 1)
{
fprintf (fp, "Subject-Off: %lu\n", uidoff );
fprintf (fp, "Subject-Len: %lu\n", uidlen );
@@ -342,12 +342,12 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
print_string (fp, buffer+uidoff, uidlen, '\"');
fputs ("\"\n", fp);
uflags = get16 (p + 8);
- if (type == BLOBTYPE_X509 && !n)
+ if (type == KEYBOX_BLOBTYPE_X509 && !n)
{
fprintf (fp, "Issuer-Flags: %04lX\n", uflags );
fprintf (fp, "Issuer-Validity: %d\n", p[10] );
}
- else if (type == BLOBTYPE_X509 && n == 1)
+ else if (type == KEYBOX_BLOBTYPE_X509 && n == 1)
{
fprintf (fp, "Subject-Flags: %04lX\n", uflags );
fprintf (fp, "Subject-Validity: %d\n", p[10] );
@@ -452,12 +452,12 @@ hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
type = buffer[4];
switch (type)
{
- case BLOBTYPE_PGP:
- case BLOBTYPE_X509:
+ case KEYBOX_BLOBTYPE_PGP:
+ case KEYBOX_BLOBTYPE_X509:
break;
- case BLOBTYPE_EMPTY:
- case BLOBTYPE_HEADER:
+ case KEYBOX_BLOBTYPE_EMPTY:
+ case KEYBOX_BLOBTYPE_HEADER:
default:
memset (digest, 0, 20);
return 0;
@@ -519,16 +519,16 @@ update_stats (KEYBOXBLOB blob, struct file_stats_s *s)
type = buffer[4];
switch (type)
{
- case BLOBTYPE_EMPTY:
+ case KEYBOX_BLOBTYPE_EMPTY:
s->empty_blob_count++;
return 0;
- case BLOBTYPE_HEADER:
+ case KEYBOX_BLOBTYPE_HEADER:
s->header_blob_count++;
return 0;
- case BLOBTYPE_PGP:
+ case KEYBOX_BLOBTYPE_PGP:
s->pgp_blob_count++;
break;
- case BLOBTYPE_X509:
+ case KEYBOX_BLOBTYPE_X509:
s->x509_blob_count++;
break;
default:
diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c
index 1ed5169..98808ed 100644
--- a/kbx/keybox-file.c
+++ b/kbx/keybox-file.c
@@ -154,7 +154,7 @@ _keybox_write_header_blob (FILE *fp, int for_openpgp)
/* Length of this blob. */
image[3] = 32;
- image[4] = BLOBTYPE_HEADER;
+ image[4] = KEYBOX_BLOBTYPE_HEADER;
image[5] = 1; /* Version */
if (for_openpgp)
image[7] = 0x02; /* OpenPGP data may be available. */
diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c
index bf47042..10a71c4 100644
--- a/kbx/keybox-search.c
+++ b/kbx/keybox-search.c
@@ -573,7 +573,7 @@ static inline int
has_keygrip (KEYBOXBLOB blob, const unsigned char *grip)
{
#ifdef KEYBOX_WITH_X509
- if (blob_get_type (blob) == BLOBTYPE_X509)
+ if (blob_get_type (blob) == KEYBOX_BLOBTYPE_X509)
return blob_x509_has_grip (blob, grip);
#endif
return 0;
@@ -587,7 +587,7 @@ has_issuer (KEYBOXBLOB blob, const char *name)
return_val_if_fail (name, 0);
- if (blob_get_type (blob) != BLOBTYPE_X509)
+ if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
return 0;
namelen = strlen (name);
@@ -603,7 +603,7 @@ has_issuer_sn (KEYBOXBLOB blob, const char *name,
return_val_if_fail (name, 0);
return_val_if_fail (sn, 0);
- if (blob_get_type (blob) != BLOBTYPE_X509)
+ if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
return 0;
namelen = strlen (name);
@@ -617,7 +617,7 @@ has_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
{
return_val_if_fail (sn, 0);
- if (blob_get_type (blob) != BLOBTYPE_X509)
+ if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
return 0;
return blob_cmp_sn (blob, sn, snlen);
}
@@ -629,7 +629,7 @@ has_subject (KEYBOXBLOB blob, const char *name)
return_val_if_fail (name, 0);
- if (blob_get_type (blob) != BLOBTYPE_X509)
+ if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
return 0;
namelen = strlen (name);
@@ -646,12 +646,12 @@ has_username (KEYBOXBLOB blob, const char *name, int substr)
return_val_if_fail (name, 0);
btype = blob_get_type (blob);
- if (btype != BLOBTYPE_PGP && btype != BLOBTYPE_X509)
+ if (btype != KEYBOX_BLOBTYPE_PGP && btype != KEYBOX_BLOBTYPE_X509)
return 0;
namelen = strlen (name);
return blob_cmp_name (blob, -1 /* all subject/user names */, name,
- namelen, substr, (btype == BLOBTYPE_X509));
+ namelen, substr, (btype == KEYBOX_BLOBTYPE_X509));
}
@@ -664,16 +664,17 @@ has_mail (KEYBOXBLOB blob, const char *name, int substr)
return_val_if_fail (name, 0);
btype = blob_get_type (blob);
- if (btype != BLOBTYPE_PGP && btype != BLOBTYPE_X509)
+ if (btype != KEYBOX_BLOBTYPE_PGP && btype != KEYBOX_BLOBTYPE_X509)
return 0;
- if (btype == BLOBTYPE_PGP && *name == '<')
+ if (btype == KEYBOX_BLOBTYPE_PGP && *name == '<')
name++; /* Hack to remove the leading '<' for gpg. */
namelen = strlen (name);
if (namelen && name[namelen-1] == '>')
namelen--;
- return blob_cmp_mail (blob, name, namelen, substr, (btype == BLOBTYPE_X509));
+ return blob_cmp_mail (blob, name, namelen, substr,
+ (btype == KEYBOX_BLOBTYPE_X509));
}
@@ -719,10 +720,12 @@ keybox_search_reset (KEYBOX_HANDLE hd)
/* Note: When in ephemeral mode the search function does visit all
blobs but in standard mode, blobs flagged as ephemeral are ignored.
+ If WANT_BLOBTYPE is not 0 only blobs of this type are considered.
The value at R_SKIPPED is updated by the number of skipped long
records (counts PGP and X.509). */
int
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
+ keybox_blobtype_t want_blobtype,
size_t *r_descindex, unsigned long *r_skipped)
{
int rc;
@@ -851,6 +854,7 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
for (;;)
{
unsigned int blobflags;
+ int blobtype;
_keybox_release_blob (blob); blob = NULL;
rc = _keybox_read_blob (&blob, hd->fp);
@@ -864,9 +868,11 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
if (rc)
break;
- if (blob_get_type (blob) == BLOBTYPE_HEADER)
+ blobtype = blob_get_type (blob);
+ if (blobtype == KEYBOX_BLOBTYPE_HEADER)
+ continue;
+ if (want_blobtype && blobtype != want_blobtype)
continue;
-
blobflags = blob_get_blob_flags (blob);
if (!hd->ephemeral && (blobflags & 2))
@@ -1025,7 +1031,7 @@ keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
if (!hd->found.blob)
return gpg_error (GPG_ERR_NOTHING_FOUND);
- if (blob_get_type (hd->found.blob) != BLOBTYPE_PGP)
+ if (blob_get_type (hd->found.blob) != KEYBOX_BLOBTYPE_PGP)
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
buffer = _keybox_get_blob_image (hd->found.blob, &length);
@@ -1077,7 +1083,7 @@ keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
if (!hd->found.blob)
return gpg_error (GPG_ERR_NOTHING_FOUND);
- if (blob_get_type (hd->found.blob) != BLOBTYPE_X509)
+ if (blob_get_type (hd->found.blob) != KEYBOX_BLOBTYPE_X509)
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
buffer = _keybox_get_blob_image (hd->found.blob, &length);
diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c
index 693b732..11861ac 100644
--- a/kbx/keybox-update.c
+++ b/kbx/keybox-update.c
@@ -282,7 +282,8 @@ blob_filecopy (int mode, const char *fname, KEYBOXBLOB blob,
failsafe the blob type.) */
while ( (nread = fread (buffer, 1, DIM(buffer), fp)) > 0 )
{
- if (first_record && for_openpgp && buffer[4] == BLOBTYPE_HEADER)
+ if (first_record && for_openpgp
+ && buffer[4] == KEYBOX_BLOBTYPE_HEADER)
{
first_record = 0;
buffer[7] |= 0x02; /* OpenPGP data may be available. */
@@ -446,7 +447,7 @@ keybox_update_keyblock (KEYBOX_HANDLE hd, const void *image, size_t imagelen)
return gpg_error (GPG_ERR_INV_VALUE);
if (!hd->found.blob)
return gpg_error (GPG_ERR_NOTHING_FOUND);
- if (blob_get_type (hd->found.blob) != BLOBTYPE_PGP)
+ if (blob_get_type (hd->found.blob) != KEYBOX_BLOBTYPE_PGP)
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
fname = hd->kb->fname;
if (!fname)
@@ -704,7 +705,7 @@ keybox_compress (KEYBOX_HANDLE hd)
size_t length;
buffer = _keybox_get_blob_image (blob, &length);
- if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ if (length > 4 && buffer[4] == KEYBOX_BLOBTYPE_HEADER)
{
u32 last_maint = ((buffer[20] << 24) | (buffer[20+1] << 16)
| (buffer[20+2] << 8) | (buffer[20+3]));
@@ -751,7 +752,7 @@ keybox_compress (KEYBOX_HANDLE hd)
if (first_blob)
{
first_blob = 0;
- if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ if (length > 4 && buffer[4] == KEYBOX_BLOBTYPE_HEADER)
{
/* Write out the blob with an updated maintenance time
stamp and if needed (ie. used by gpg) set the openpgp
@@ -769,7 +770,7 @@ keybox_compress (KEYBOX_HANDLE hd)
break;
any_changes = 1;
}
- else if (length > 4 && buffer[4] == BLOBTYPE_HEADER)
+ else if (length > 4 && buffer[4] == KEYBOX_BLOBTYPE_HEADER)
{
/* Oops: There is another header record - remove it. */
any_changes = 1;
diff --git a/kbx/keybox.h b/kbx/keybox.h
index b44f1b2..386fff1 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -56,6 +56,14 @@ typedef enum
#define KEYBOX_FLAG_BLOB_SECRET 1
#define KEYBOX_FLAG_BLOB_EPHEMERAL 2
+/* The keybox blob types. */
+typedef enum
+ {
+ KEYBOX_BLOBTYPE_EMPTY = 0,
+ KEYBOX_BLOBTYPE_HEADER = 1,
+ KEYBOX_BLOBTYPE_PGP = 2,
+ KEYBOX_BLOBTYPE_X509 = 3
+ } keybox_blobtype_t;
/*-- keybox-init.c --*/
@@ -87,6 +95,7 @@ int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
int keybox_search_reset (KEYBOX_HANDLE hd);
int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
+ keybox_blobtype_t want_blobtype,
size_t *r_descindex, unsigned long *r_skipped);
diff --git a/sm/keydb.c b/sm/keydb.c
index 83e573f..974625d 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -972,6 +972,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
break;
case KEYDB_RESOURCE_TYPE_KEYBOX:
rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc,
+ KEYBOX_BLOBTYPE_X509,
NULL, &skipped);
break;
}
-----------------------------------------------------------------------
Summary of changes:
g10/distsigkey.gpg | Bin 863 -> 4114 bytes
g10/keydb.c | 3 ++-
kbx/keybox-blob.c | 10 +++++-----
kbx/keybox-defs.h | 8 --------
kbx/keybox-dump.c | 34 +++++++++++++++++-----------------
kbx/keybox-file.c | 2 +-
kbx/keybox-search.c | 34 ++++++++++++++++++++--------------
kbx/keybox-update.c | 11 ++++++-----
kbx/keybox.h | 9 +++++++++
sm/keydb.c | 1 +
10 files changed, 61 insertions(+), 51 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 31 15:49:58 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 31 Oct 2014 15:49:58 +0100
Subject: [git] gnupg-doc - branch, master,
updated. 9ce1cdeadd95a74ffdfaee17c05099ce685bb879
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 9ce1cdeadd95a74ffdfaee17c05099ce685bb879 (commit)
from d2b7b4faa1d7ffb1e3db1c3d82c4f00c21223cf8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9ce1cdeadd95a74ffdfaee17c05099ce685bb879
Author: Werner Koch
Date: Fri Oct 31 15:49:42 2014 +0100
swdb: Update pinentry and npth.
diff --git a/web/swdb.mac b/web/swdb.mac
index e441330..5911436 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -51,9 +51,9 @@
#
# PINENTRY
#
-#+macro: pinentry_ver 0.8.4
-#+macro: pinentry_size 505k
-#+macro: pinentry_sha1 36c94980ceab5c15e188de121f7ab4c7ee6b3521
+#+macro: pinentry_ver 0.9.0
+#+macro: pinentry_size 453k
+#+macro: pinentry_sha1 f8e5c774c35fbb91d84e82559baf76f6b4513236
#
@@ -108,8 +108,8 @@
#
# nPth
#
-#+macro: npth_ver 1.0
-#+macro: npth_sha1 3c0673144f8baffda3a3aaab3f6853acc58146c7
+#+macro: npth_ver 1.1
+#+macro: npth_sha1 597ce74402e5790553a6273130b214d7ddd0b05d
#
-----------------------------------------------------------------------
Summary of changes:
web/swdb.mac | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Oct 31 21:27:22 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 31 Oct 2014 21:27:22 +0100
Subject: [git] gnupg-doc - branch, master,
updated. 6e73ccd2155c60dee73b166c741ad8fd6f98a7b0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 6e73ccd2155c60dee73b166c741ad8fd6f98a7b0 (commit)
from 9ce1cdeadd95a74ffdfaee17c05099ce685bb879 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6e73ccd2155c60dee73b166c741ad8fd6f98a7b0
Author: Werner Koch
Date: Fri Oct 31 21:27:29 2014 +0100
faq: Started a page with an overview of 2.1.
--
diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org
new file mode 100644
index 0000000..4fc28bb
--- /dev/null
+++ b/web/faq/whats-new-in-2.1.org
@@ -0,0 +1,95 @@
+#+TITLE: GnuPG - What?s new in 2.1
+#+STARTUP: showall indent
+#+SETUPFILE: "share/setup.inc"
+
+* What?s new in GnuPG 2.1
+
+GnuPG version 2.1 comes with a bag of new features which changes some
+things old-timers are used to. This page explains the more important
+ones. It expects that the user is somewhat familiar with GnuPG
+version 2.0 and is aware that GnuPG consists of /gpg/, /gpgsm/, and
+/gpg-agent/ as its main components.
+
+- The file /secring.gpg/ is not anymore used to store the secret keys.
+ Merging of secret keys is now supported.
+
+- All support for /PGP-2 keys/ has been removed for security reasons.
+
+- Support for /Elliptic Curve Cryptography/ (ECC) is now available
+
+- The standard key generation interface is much leaner now to help the
+ new user creating a suitable key.
+
+- Commands to create and sign keys from the command line without any
+ extra prompts are now available.
+
+- The Pinentry dialog may now show two fields to enter a new
+ passphrase and a confirmation of it.
+
+- There is no more need to manually start the gpg-agent. It is now
+ started by any part of GnuPG as needed.
+
+- Problems with importing keys with the same long key id have been
+ addressed.
+
+- The /dirmngr/ is now part of GnuPG proper and also takes care of
+ accessing keyserver.
+
+- Keyserver pools are now handled in a smarter way.
+
+- A new format for locally storing the public keys is now used. This
+ considerable speeds up operations on large keyrings.
+
+- /Revocation certificates/ are now created by default.
+
+- Card support has been updated, new readers and token types are
+ supported.
+
+- The format of the key listing has been changed to better identify
+ the properties of a key.
+
+- The gpg-agent may now be used on Windows as /pageant/ replacement
+ for /putty/ in the same way it is used for years on Unix as
+ /ssh-agent/ replacement.
+
+- Creation of X.509 certificates has been improved. It is now also
+ possible to export them directly in PKCS#8 and PEM format for use on
+ TLS servers.
+
+- The scripts to create a Windows installer is now part of GnuPG.
+
+** Removal of the secret keyring.
+
+Explain...
+
+** Removal of PGP-2 support
+
+** Support for ECC
+
+** Leaner key generation interface
+
+** Quick generate and sign commands
+
+** Improved Pinentry support
+
+** Auto-start of the gpg-agent
+
+** Duplicate long key id fixes
+
+** Enhanced Dirmngr
+
+** Better keyserver pool support
+
+** Faster keyring format
+
+** Auto-generated revocation certificates
+
+** Imporved card support
+
+** New format for key listings
+
+** Support for Putty
+
+** Improved X.509 certificate creation
+
+** Included code for a Windows installer
-----------------------------------------------------------------------
Summary of changes:
web/faq/whats-new-in-2.1.org | 95 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 95 insertions(+)
create mode 100644 web/faq/whats-new-in-2.1.org
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
[git] gnupg-doc - branch master updated by Werner Koch:
6e73ccd faq: Started a page with an overview of 2.1.