From wk at gnupg.org Tue May 1 17:29:34 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 01 May 2007 17:29:34 +0200 Subject: small patches for libksba-1.0.1 and libassuan-1.0.1 In-Reply-To: <20070430214730.GO8893@localhost.localdomain> (Peter O'Gorman's message of "Mon\, 30 Apr 2007 16\:47\:30 -0500") References: <20070430214730.GO8893@localhost.localdomain> Message-ID: <87ejm0r28x.fsf@wheatstone.g10code.de> On Mon, 30 Apr 2007 23:47, gnupg-devel at mlists.thewrittenword.com said: > ksba > On AIX-4.3, xlc complains if enums end in a comma. HPUX does not like > doing pointer math with void* pointers. Well, the usual GCC-isms. Fixed. > assuan > We need to define _XOPEN_SOURCE etc for irix and Tru64. There was I try to avoid these hardwired things. We need to check whether there an autoconf tests for this already exists. > another pointer math issue, and Tru64 4.0D does not have snprintf, Applied. > rather than using trio or another replacement, I just used sprintf > and made sure that the result would be small enough. Using sprintf is not an option in this case. I consider sprintf only okay for things like numeric conversions. It should not be used in new code. We need to use a replacement function. I will care about it. Thanks, Werner From JPClizbe at tx.rr.com Tue May 1 22:39:51 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Tue, 01 May 2007 15:39:51 -0500 Subject: Build error on Windows with OpenLDAP Message-ID: <4637A597.80905@tx.rr.com> If building GnuPG for Win32 with OpenLDAP instead of Win32's wlpda32, the wrong header file is being included. From configure: configure: creating cache config.cache checking build system type... i686-pc-mingw32 checking host system type... i686-pc-mingw32 checking whether LDAP via "-lldap" is present and sane... no checking whether I can make LDAP be sane with lber.h... yes checking for ldap_get_option... yes checking for ldap_set_option... yes checking for ldap_start_tls_s... yes $ make gcc -O3 -s -mms-bitfields -march=pentium3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat-nonliteral -o gpgkeys_ldap.exe gpgkeys_ldap-gpgkeys_ldap.o gpgkeys_ldap-ksutil.o ../util/libcompat.a -lldap -lwsock32 gpgkeys_ldap-gpgkeys_ldap.o:gpgkeys_ldap.c:(.text+0xe25): undefined reference to `_imp__ldap_modify_sA' gpgkeys_ldap-gpgkeys_ldap.o:gpgkeys_ldap.c:(.text+0xe4f): undefined reference to `_imp__ldap_add_sA' gpgkeys_ldap-gpgkeys_ldap.o:gpgkeys_ldap.c:(.text+0xe6f): undefined reference to `_imp__ldap_err2stringA' The 'A' suffixed names are supplied by winldap.h, but that should only be included if also linking with wldap32.dll. I couldn't think of a non-fugly way to fix the source. The section of keyserver/gpgkeys_ldap.c is #ifdef _WIN32 #include #include #else #ifdef NEED_LBER_H #include #endif /* For OpenLDAP, to enable the API that we're using. */ #define LDAP_DEPRECATED 1 #include #endif Also, if including winsock2.h, shouldn't the linking be with -lws2_32 instead of -lwsock32? -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070501/1bd5611b/attachment.pgp From wk at gnupg.org Wed May 2 15:36:27 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 May 2007 15:36:27 +0200 Subject: Build error on Windows with OpenLDAP In-Reply-To: <4637A597.80905@tx.rr.com> (John Clizbe's message of "Tue\, 01 May 2007 15\:39\:51 -0500") References: <4637A597.80905@tx.rr.com> Message-ID: <87ejlzl544.fsf@wheatstone.g10code.de> On Tue, 1 May 2007 22:39, JPClizbe at tx.rr.com said: > If building GnuPG for Win32 with OpenLDAP instead of Win32's wlpda32, the wrong > header file is being included. That is simply not supported. Salam-Shalom, Werner From dshaw at jabberwocky.com Wed May 2 15:46:40 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 2 May 2007 09:46:40 -0400 Subject: Build error on Windows with OpenLDAP In-Reply-To: <4637A597.80905@tx.rr.com> References: <4637A597.80905@tx.rr.com> Message-ID: <20070502134640.GE7101@jabberwocky.com> On Tue, May 01, 2007 at 03:39:51PM -0500, John Clizbe wrote: > The 'A' suffixed names are supplied by winldap.h, but that should only be > included if also linking with wldap32.dll. > > I couldn't think of a non-fugly way to fix the source. Yeah, that is pretty fugly. The source doesn't allow for OpenLDAP on Win32 - if it's Win32, it must be winldap. I'll take a look at it. David From wk at gnupg.org Wed May 2 16:17:37 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 02 May 2007 16:17:37 +0200 Subject: Build error on Windows with OpenLDAP In-Reply-To: <87ejlzl544.fsf@wheatstone.g10code.de> (Werner Koch's message of "Wed\, 02 May 2007 15\:36\:27 +0200") References: <4637A597.80905@tx.rr.com> <87ejlzl544.fsf@wheatstone.g10code.de> Message-ID: <87odl3jon2.fsf@wheatstone.g10code.de> On Wed, 2 May 2007 15:36, wk at gnupg.org said: > That is simply not supported. BTW, why do you want to use OpenLDAP under Windows? I can see no reason for it. Shalom-Salam, Werner From JPClizbe at tx.rr.com Wed May 2 21:34:42 2007 From: JPClizbe at tx.rr.com (John Clizbe) Date: Wed, 02 May 2007 14:34:42 -0500 Subject: Build error on Windows with OpenLDAP In-Reply-To: <87odl3jon2.fsf@wheatstone.g10code.de> References: <4637A597.80905@tx.rr.com> <87ejlzl544.fsf@wheatstone.g10code.de> <87odl3jon2.fsf@wheatstone.g10code.de> Message-ID: <4638E7D2.8050401@tx.rr.com> Werner Koch wrote: > On Wed, 2 May 2007 15:36, wk at gnupg.org said: > >> That is simply not supported. > > BTW, why do you want to use OpenLDAP under Windows? I can see no reason > for it. LDAPS support doesn't work on Windows with wldap32. OpenLDAP is the standard in OSS LDAP implementations and is supported by GnuPG on all other operating systems. So why not use OpenLDAP when looking for a LDAP implementation that works. With wldap32: C:\WINDOWS>gpg --refresh-keys 0x600fa001 gpg: requesting key 600FA001 from ldaps server keys.pgp.com gpgkeys: unable to make SSL connection: not built with LDAPS support LDAPS works on other platforms. Why not Win32? If the TLS/SSL code in gpgkeys_ldap linked with wldap32 would made a LDAPS connection, there wouldn't be a need for OpenLDAP. -- John P. Clizbe Inet: John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A "what's the key to success?" / "two words: good decisions." "what's the key to good decisions?" / "one word: experience." "how do i get experience?" / "two words: bad decisions." "Just how do the residents of Haiku, Hawai'i hold conversations?" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 662 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070502/d0968722/attachment.pgp From buanzo at buanzo.com.ar Thu May 3 00:24:54 2007 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Wed, 02 May 2007 19:24:54 -0300 Subject: roadmap for gpgme key exchange Message-ID: <46390FB6.2050609@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I see in the TODO file for gpgme the following item: *** Exchanging keys with key servers. What is the implementation priority of this? Any plans already? Can I help implement it? Why I need this? For mod_auth_openpgp. If this funcitonality is not prioritary, I might start adding other functionality to m_a_o. Sincerely, Buanzo - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica OpenPGP for HTTP: New Web-Auth Scheme: http://freshmeat.net/articles/view/2599 Consulting and Secure Mail Hosting: http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGOQ+2AlpOsGhXcE0RCmHnAJ9IM+90fKomtLeyWgvUIYJn+9MxvgCfawj8 Pg0TNcA4c6QV3ixGoYPO1qE= =TMs3 -----END PGP SIGNATURE----- From hawke at hawkesnest.net Thu May 3 08:01:01 2007 From: hawke at hawkesnest.net (Alex Mauer) Date: Thu, 03 May 2007 01:01:01 -0500 Subject: UID ordering In-Reply-To: <20070216200042.GC32368@jabberwocky.com> References: <20070216141055.GC27943@jabberwocky.com> <6osbt2tjgnp6mt6jpoklsa40b0442cdm2t@domain.is.invalid> <20070216190020.GB32368@jabberwocky.com> <20070216200042.GC32368@jabberwocky.com> Message-ID: David Shaw wrote: > > No. Like I said, there is a signature subpacket that tags the UID as > the primary one. If you don't tag any UID, then GnuPG will sort the > most recent one first, but that doesn't make it primary. > >> Also, if it's just a flag that says "this one is >> primary", what happens if different UIDs are set as primary on different >> keyrings, and then they're merged? > > The most recent of the UIDs tagged as primary will be treated as the > "true" primary. Hate to revive this old thread, but: So does gpg create UIDs marked as primary by default? It seems that it does, since if I generate a new key, and then add a UID, the new UID is marked as primary. Or is it that no key is marked as primary by default, and if no key is marked as primary then the most recent self-sig is considered primary? -Alex Mauer "hawke" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20070503/b13feab0/attachment.pgp From wk at gnupg.org Thu May 3 09:03:39 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 03 May 2007 09:03:39 +0200 Subject: roadmap for gpgme key exchange In-Reply-To: <46390FB6.2050609@buanzo.com.ar> (Arturo Busleiman's message of "Wed\, 02 May 2007 19\:24\:54 -0300") References: <46390FB6.2050609@buanzo.com.ar> Message-ID: <877irqgzhw.fsf@wheatstone.g10code.de> On Thu, 3 May 2007 00:24, buanzo at buanzo.com.ar said: > *** Exchanging keys with key servers. > > What is the implementation priority of this? Any plans already? Can I help implement it? We have not defined any priority. We are thinking about enhancing GPA, this might be an opportunity to move the keyserver sending stuff to gpgme. However it is not yet clear whether this makes sense You might want to look at GPA's code (src/server-access.c) to see how to employ gpg's keyserver helper programs. Salam-Shalom, Werner From dshaw at jabberwocky.com Thu May 3 13:57:28 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Thu, 3 May 2007 07:57:28 -0400 Subject: UID ordering In-Reply-To: References: <20070216141055.GC27943@jabberwocky.com> <6osbt2tjgnp6mt6jpoklsa40b0442cdm2t@domain.is.invalid> <20070216190020.GB32368@jabberwocky.com> <20070216200042.GC32368@jabberwocky.com> Message-ID: <20070503115728.GB25662@jabberwocky.com> On Thu, May 03, 2007 at 01:01:01AM -0500, Alex Mauer wrote: > David Shaw wrote: > > > > No. Like I said, there is a signature subpacket that tags the UID as > > the primary one. If you don't tag any UID, then GnuPG will sort the > > most recent one first, but that doesn't make it primary. > > > >> Also, if it's just a flag that says "this one is > >> primary", what happens if different UIDs are set as primary on different > >> keyrings, and then they're merged? > > > > The most recent of the UIDs tagged as primary will be treated as the > > "true" primary. > > Hate to revive this old thread, but: > So does gpg create UIDs marked as primary by default? It seems that it > does, since if I generate a new key, and then add a UID, the new UID is > marked as primary. It doesn't mark a UID as primary by default. However, if there is no UID marked as primary, then the most recently added UID is treated as primary. David From nsushkin at sushkins.net Thu May 3 22:34:15 2007 From: nsushkin at sushkins.net (Nicholas Sushkin) Date: Thu, 3 May 2007 16:34:15 -0400 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? Message-ID: <200705031634.20528.nsushkin@sushkins.net> Werner, others, There has been a bug filed today in Mozilla bugzilla, https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can vote, track, or help troubleshoot the issue, the affected users (including me) will greatly appreciate. (Original gnupg-devel thread archived at http://lists.gnupg.org/pipermail/gnupg-devel/2007-April/thread.html#23761) Many thanks, -- Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1388 bytes Desc: not available Url : /pipermail/attachments/20070503/231a764d/attachment.bin From nsushkin at sushkins.net Fri May 4 03:19:28 2007 From: nsushkin at sushkins.net (Nicholas Sushkin) Date: Thu, 3 May 2007 21:19:28 -0400 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? Message-ID: <200705032119.35320.nsushkin@sushkins.net> Werner, others, There has been a bug filed today in Mozilla bugzilla, https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can vote, track, or help troubleshoot the issue, the affected users (including me) will greatly appreciate. (Original gnupg-devel thread archived at http://lists.gnupg.org/pipermail/gnupg-devel/2007-April/thread.html#23761) Many thanks, -- Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1388 bytes Desc: not available Url : /pipermail/attachments/20070503/1058dfc5/attachment.bin From thisisnotapipe at hotmail.com Fri May 4 03:22:04 2007 From: thisisnotapipe at hotmail.com (Bernard Leak) Date: Fri, 04 May 2007 01:22:04 +0000 Subject: Inconsistent naming of gpg{,2}keys_mailto Message-ID: Dear List, I've been trying to build the 2.0.3 release of GnuPG with --enable-mailto, and it's broken. The Makefile assumes the existence of keyserver/gpg2keys_mailto, but 'configure' actually constructs keyserver/gpgkeys_mailto from the corresponding .in file. Presumably this was carried forward on autopilot from GnuPG 1.4.x . The other (executable) keyservers do seem to have been given gpg2keys_* names, but this script has not. It's not clear whether th appropriate correction is to rename the script (internally and in configure.ac) or to change the name (back) in the build dependencies in keyserver/Makefile.am . I haven't checked the live sources for changes. I'm trying to get other things done, I'm lazy, and the Web interface to the CVS server seems to be stuck. Bernard Leak. _________________________________________________________________ Solve the Conspiracy and win fantastic prizes. http://www.theconspiracygame.co.uk/ From wk at gnupg.org Fri May 4 10:07:46 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 May 2007 10:07:46 +0200 Subject: Inconsistent naming of gpg{,2}keys_mailto In-Reply-To: (Bernard Leak's message of "Fri\, 04 May 2007 01\:22\:04 +0000") References: Message-ID: <87d51hau5p.fsf@wheatstone.g10code.de> On Fri, 4 May 2007 03:22, thisisnotapipe at hotmail.com said: > I've been trying to build the 2.0.3 release of GnuPG with > --enable-mailto, and it's broken. The Makefile assumes the existence of > keyserver/gpg2keys_mailto, but 'configure' actually constructs Thanks for reporting. I have just fixed it by renaming them to gpg2keys* Shalom-Salam, Werner From wk at gnupg.org Fri May 4 10:17:18 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 May 2007 10:17:18 +0200 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <200705031634.20528.nsushkin@sushkins.net> (Nicholas Sushkin's message of "Thu\, 3 May 2007 16\:34\:15 -0400") References: <200705031634.20528.nsushkin@sushkins.net> Message-ID: <878xc5atpt.fsf@wheatstone.g10code.de> On Thu, 3 May 2007 22:34, nsushkin at sushkins.net said: > There has been a bug filed today in Mozilla bugzilla, > https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can > vote, track, or help troubleshoot the issue, the affected users (including > me) will greatly appreciate. The issue is simply that Mozilla allows (and even worse, sometimes forces) the use of RC2. This should be fixed asap in Mozilla. I consider any application using RC2 for encryption not only broken but playing a false game with its users by telling them: Your mail has been encrypted. They are not telling them that it is the "NSA approved" 40 bit cipher used in the dark ages for US-exportable software. Go and drop RC2! Salam-Shalom, Werner p.s. I am aware that it is possible to use other key lengths with RC2 but due to trade secrets, FUD and a wealth of proven and free cipher algorithms, RC2 has no reasons to exist (maybe except for its needless use in pkcs#11). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070504/9e7112c3/attachment.pgp From thisisnotapipe at hotmail.com Fri May 4 12:00:17 2007 From: thisisnotapipe at hotmail.com (Bernard Leak) Date: Fri, 04 May 2007 10:00:17 +0000 Subject: GnuPG documentation Message-ID: Dear List, now for the documentation: not always the Cinderella of development (2.0.3 8? that looks busy!), but almost always the Cinderella of clean building... make gnupg.html fails because gnupg.dvi is missing (!) make gnupg.dvi "works", but produces gnupg.pdf That last sounded suspiciously like something I'd seen before, but it turned out not to be a previous gnupg build. After much tedious grovelling with ad hoc patched versions of texi2dvi, I found my notes on the similar bug (in gdb, which ought to get a message from me too). It's the local copy of texinfo.tex, in the scripts/ directory. This is old (though not nearly as old as the one in gdb-6.6!). Deleting it and using the copy installed with tetex-3.0 doesn't work either (in fact, it seems even worse). Installing the latest version, as suggested in texinfo.tex itself, works like a charm. Well, like one of those charms that work, anyway. Charmingly. My latest download from http://www.gnu.org/software/texinfo/ is brand, spankingly new - with version "2007-05-03.09" . I suggest (a) (i) shipping with a more recent texinfo.tex as a matter of routine (something to do with each release?). (ii) Issuing a warning in the README about the use of the local copy or (b) (i) remove texinfo.tex from GnuPG (ii) tell the reader to have a working TeX installation, including a recent texinfo.tex. . So much for gnupg.dvi . Now back to gnupg.html... gnupg-badge-openpgp.gif is missing (and the document generation stops at once when this is discovered). Simply adding in a random *.gif file named gnupg-badge-openpgp.gif into the doc/ directory (source OR build tree) seems to solve the problem. But let's have the proper *.gif file, please! Oh, another thing which caught my eye: The "glossary" is briefly described as "Short descrition of used terms". I suppose "description" was meant. Also, it's better English to say "terms used", not "used terms". This is one of the (few) English adjectives whose meaning varies with position. A "used term" is like a used car. I wouldn't want to use one of those in my nice clean expressions. Bernard Leak. -- GnuPG - now protecting your English as well as your privacy! Soon to replace the Acad?mie Fran?aise too! _________________________________________________________________ MSN Hotmail is evolving - check out the new Windows Live Hotmail http://get.live.com/betas/mail_betas From wk at gnupg.org Fri May 4 13:11:23 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 May 2007 13:11:23 +0200 Subject: GnuPG documentation In-Reply-To: (Bernard Leak's message of "Fri\, 04 May 2007 10\:00\:17 +0000") References: Message-ID: <87bqh0alno.fsf@wheatstone.g10code.de> On Fri, 4 May 2007 12:00, thisisnotapipe at hotmail.com said: > seems even worse). Installing the latest version, as suggested > in texinfo.tex itself, works like a charm. Well, like one of those > charms that work, anyway. Charmingly. > My latest download from http://www.gnu.org/software/texinfo/ > is brand, spankingly new - with version "2007-05-03.09" . Okay, I will use this one. > (i) shipping with a more recent texinfo.tex as a > matter of routine (something to do with each release?). >From time to time I update the standard files (e.g. config.guess). This is usually done with automake --add-missing --force. I have just upgraded to automake 1.10 and that one installs a relatively fresh copy of texinfo.tex - however I'll keep the one mentioned above. > gnupg-badge-openpgp.gif is missing (and the document Hmm, the GNU project does not use GUIF files (well the patent recently expied, so it might be okay now). Anyway, we have a new logo and the manual uses that one now. But it is still missing. I added the PNG to the Makefile.am > The "glossary" is briefly described as "Short descrition of used terms". > I suppose "description" was meant. Also, it's better English to say > "terms used", not "used terms". This is one of the (few) English > adjectives whose meaning varies with position. A "used term" is > like a used car. I wouldn't want to use one of those in my nice > clean expressions. Fixed. I will remember this in future. Thanks, Werner From wk at gnupg.org Fri May 4 13:48:43 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 04 May 2007 13:48:43 +0200 Subject: [Announce] Libgcrypt 1.3.0 (development) released Message-ID: <87r6pw95d0.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of Libgcrypt 1.3.0. This is the first release of a series of development versions ebentually leading to a new stable 1.4 series. Libgcrypt is a general purpose library of cryptographic building blocks. It is originally based on code used by GnuPG. It does not provide any implementaion of OpenPGP or other protocols. Thorough understanding of applied cryptography is required to use libgcrypt. Changes relative to 1.2.4 are: * Reading and writing the random seed file is now protected by a fcntl style file lock on systems that provide this function. * Support for SHA-224 and HMAC using SHA-384 and SHA-512. * Support for the SEED cipher. * Support for the Camellia cipher. Note that Camellia is disabled by default, and that enabling it changes the license of libgcrypt from LGPL to GPL. * Support for OFB encryption mode. * gcry_mpi_rshift does not anymore truncate the shift count. * Reserved algorithm ranges for use by applications. * Support for DSA2. * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * New configure option --enable-random-daemon to support a system wide random daemon. The daemon code is experimental and not yet very well working. It will eventually allow to keep a global random pool for the sake of short living processes. * Non executable stack support is now used by default on systems supporting it. * Support for Microsoft Windows. * Assembler support for the AMD64 architecture. * New configure option --enable-mpi-path for optimized builds. * Experimental support for ECDSA; should only be used for testing. * New control code GCRYCTL_PRINT_CONFIG to print the build configuration. Source code is hosted at the GnuPG FTP server and its mirrors as listed at http://www.gnupg.org/download/mirrors.html . On the primary server the source file and its digital signatures is: ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.0.tar.bz2 (922k) ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/libgcrypt-1.3.0.tar.bz2.sig This file is bzip2 compressed. The SHA-1 checksum is: 38361925fef99715eccb8a1f73110ce2f3c3896a libgcrypt-1.3.0.tar.bz2 For help on developing with Libgcrypt you should send mail to the grcypt-devel mailing list [1]. Improving Libgcrypt is costly, but you can help! We are looking for organizations that find Libgcrypt useful and wish to contribute back. You can contribute by reporting bugs, improve the software [2], or by donating money. Commercial support contracts for Libgcrypt are available [3], and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company, is currently funding Libgcrypt development. We are always looking for interesting development projects. Happy hacking, Werner [1] See http://www.gnupg.org/documentation/mailing-lists.html . [2] Note that copyright assignments to the FSF are required. [3] See the service directory at http://www.gnupg.org/service.html . -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 204 bytes Desc: not available Url : /pipermail/attachments/20070504/84497c9e/attachment.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From nsushkin at sushkins.net Fri May 4 15:07:20 2007 From: nsushkin at sushkins.net (Nicholas Sushkin) Date: Fri, 4 May 2007 09:07:20 -0400 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <878xc5atpt.fsf@wheatstone.g10code.de> References: <200705031634.20528.nsushkin@sushkins.net> <878xc5atpt.fsf@wheatstone.g10code.de> Message-ID: <200705040907.30836.nsushkin@sushkins.net> On Friday 04 May 2007 04:17, Werner Koch wrote: > On Thu, 3 May 2007 22:34, nsushkin at sushkins.net said: > > There has been a bug filed today in Mozilla bugzilla, > > https://bugzilla.mozilla.org/show_bug.cgi?id=379625. If any of you can > > vote, track, or help troubleshoot the issue, the affected users > > (including me) will greatly appreciate. > > The issue is simply that Mozilla allows (and even worse, sometimes > forces) the use of RC2. This should be fixed asap in Mozilla. > > I consider any application using RC2 for encryption not only broken but > playing a false game with its users by telling them: Your mail has been > encrypted. They are not telling them that it is the "NSA approved" 40 > bit cipher used in the dark ages for US-exportable software. > > Go and drop RC2! Werner, Did you read the bug report? There may be another problem with the encryption protocol negotiation between gpgsm and Thunderbird. Dropping RC2 has also been requested via a different Thunderbird bug, https://bugzilla.mozilla.org/show_bug.cgi?id=84213 The bug status indicates that it has been assigned to a developer on May 1st. I think it's pretty clear to many that the weak algorithm shouldn't be supported and they are working on it. But I think that Thunderbird developers may use help of gpgsm developers if you have anything to say about the protocol negotiation. See Nelson Bolyard's analysis at https://bugzilla.mozilla.org/show_bug.cgi?id=379625#c2 Thank you. -- Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1388 bytes Desc: not available Url : /pipermail/attachments/20070504/3d0e6014/attachment.bin From nsushkin at sushkins.net Fri May 4 18:16:26 2007 From: nsushkin at sushkins.net (Nicholas Sushkin) Date: Fri, 4 May 2007 12:16:26 -0400 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <200705040907.30836.nsushkin@sushkins.net> References: <200705031634.20528.nsushkin@sushkins.net> <878xc5atpt.fsf@wheatstone.g10code.de> <200705040907.30836.nsushkin@sushkins.net> Message-ID: <200705041216.31772.nsushkin@sushkins.net> Werner, I searched the internet for clarifications on how SMimeCapabilities should be used. I found that S/MIME Version 3.1 specifically says that NULLs should not be used to encode parameters. Quoting http://www.apps.ietf.org/rfc/rfc3851.html#sec-2.5.2 "The registered SMIMECapabilities list specifies the parameters for OIDs that need them, most notably key lengths in the case of variable-length symmetric ciphers. In the event that there are no differentiating parameters for a particular OID, the parameters MUST be omitted, and MUST NOT be encoded as NULL." However, as seen in https://bugzilla.mozilla.org/show_bug.cgi?id=379625#c2, gpgsm (at least in 1.9.92) generates NULLs. On Friday 04 May 2007 09:07, Nicholas Sushkin wrote: > But I think that Thunderbird > developers may use help of gpgsm developers if you have anything to say > about the protocol negotiation. See Nelson Bolyard's analysis at > https://bugzilla.mozilla.org/show_bug.cgi?id=379625#c2 -- Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1388 bytes Desc: not available Url : /pipermail/attachments/20070504/808482b0/attachment.bin From thisisnotapipe at hotmail.com Sat May 5 16:18:55 2007 From: thisisnotapipe at hotmail.com (Bernard Leak) Date: Sat, 05 May 2007 14:18:55 +0000 Subject: gnupg: a(nother) documentation patch, and configure.ac Message-ID: Dear List, thanks to all responsible for the shiny new release of libgcrypt. The version of libgcrypt required for the current live gnupg should be found and set in configure.ac (the latest stable release is too old, and this wasn't detected until the build failed). A check-out from the live tree made in small hours of this morning, and it builds (so, not too old, then!). Should configure.ac still say it's for the '1.9' release, as it does at the top? I think it would be useful if configure.ac noted (as it does for libgcrypt) the latest svn revision number. Then I could refer to it unambiguously. I attach a patch which should make building the docs. in a separate build tree cleaner (and work). It has UN*X (LF) -style line-breaks. A bzipped version should be available for the foreseeable future in http://www.brenda-arkle.demon.co.uk/patches/gnupg/ Several of the rules merely add to dependency lists. The only "magic" is that fake.html (a pseudo-target for putting the images in the gnupg.html output tree) is added AFTER the automatically-generated dependency list, so it acts as a sort of "do me last". Thus, the gnupg.html directory is assumed to exist already. If you like, make it squeaky-clean by giving fake.html dependencies on the copies of the files: A VERY Gnu Make - dependent version might look like this HTMLIMAGES = gnupg-logo.png gnupg-card-architecture.png INSTALLEDHTMLIMAGES = $(foreach i,$(HTMLIMAGES),gnupg.html/$i) fake.html : gnupg.html $(INSTALLEDHTMLIMAGES) echo $(INSTALLEDHTMLIMAGES) $(INSTALLEDHTMLIMAGES): gnupg.html/%.png : %.png cp $< $@ Here HTMLIMAGES and INSTALLEDHTMLIMAGES should be used as appropriate in the OTHER lists of distribution files, targets, sources, &c. Once again (see patch...) an alternative is to invoke 'make' recursively to provide a 'wrapper' around default rules. Preconditions are easy: postactions are tiresome. Bernard Leak.< _________________________________________________________________ Could you be the guest MSN Movies presenter? Click Here to Audition http://www.lightscameraaudition.co.uk -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-2007-05-05-sepbuild-1.patch.bz2 Type: application/x-bzip Size: 0 bytes Desc: not available Url : /pipermail/attachments/20070505/75996cc7/attachment.bin From thisisnotapipe at hotmail.com Sat May 5 16:19:54 2007 From: thisisnotapipe at hotmail.com (Bernard Leak) Date: Sat, 05 May 2007 14:19:54 +0000 Subject: gnupg: a(nother) documentation patch, and configure.ac Message-ID: Dear List, thanks to all responsible for the shiny new release of libgcrypt. The version of libgcrypt required for the current live gnupg should be found and set in configure.ac (the latest stable release is too old, and this wasn't detected until the build failed). A check-out from the live tree made in small hours of this morning, and it builds (so, not too old, then!). Should configure.ac still say it's for the '1.9' release, as it does at the top? I think it would be useful if configure.ac noted (as it does for libgcrypt) the latest svn revision number. Then I could refer to it unambiguously. I attach a patch which should make building the docs. in a separate build tree cleaner (and work). It has UN*X (LF) -style line-breaks. A bzipped version should be available for the foreseeable future in http://www.brenda-arkle.demon.co.uk/patches/gnupg/ Several of the rules merely add to dependency lists. The only "magic" is that fake.html (a pseudo-target for putting the images in the gnupg.html output tree) is added AFTER the automatically-generated dependency list, so it acts as a sort of "do me last". Thus, the gnupg.html directory is assumed to exist already. If you like, make it squeaky-clean by giving fake.html dependencies on the copies of the files: A VERY Gnu Make - dependent version might look like this HTMLIMAGES = gnupg-logo.png gnupg-card-architecture.png INSTALLEDHTMLIMAGES = $(foreach i,$(HTMLIMAGES),gnupg.html/$i) fake.html : gnupg.html $(INSTALLEDHTMLIMAGES) echo $(INSTALLEDHTMLIMAGES) $(INSTALLEDHTMLIMAGES): gnupg.html/%.png : %.png cp $< $@ Here HTMLIMAGES and INSTALLEDHTMLIMAGES should be used as appropriate in the OTHER lists of distribution files, targets, sources, &c. Once again (see patch...) an alternative is to invoke 'make' recursively to provide a 'wrapper' around default rules. Preconditions are easy: postactions are tiresome. Bernard Leak.< _________________________________________________________________ Txt a lot? Get Messenger FREE on your mobile. https://livemessenger.mobile.uk.msn.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: gnupg-2007-05-05-sepbuild-1.patch.bz2 Type: application/x-bzip Size: 0 bytes Desc: not available Url : /pipermail/attachments/20070505/94f06c15/attachment-0001.bin From thisisnotapipe at hotmail.com Sat May 5 16:27:31 2007 From: thisisnotapipe at hotmail.com (Bernard Leak) Date: Sat, 05 May 2007 14:27:31 +0000 Subject: gnupg: a(nother) documentation patch, and configure.ac In-Reply-To: Message-ID: Dear List, sorry - here are a few notes which didn't make it into my last posting. Should gnupg-badge-openpgp.* still be in there? The string 'gnupg-badge' currently only occurs inside these files themselves, their shadows in .svn, and in .svn/entries, and the Changelog. Unless there's an encrypted build script or something in there, these files now seem to be entirely useless. An odditiy: gnupg.ps reports failing to find the subordinate *.eps sources, but carries on anyway, without an error. This, in addition to having no way (outside TEXINPUTS) of adding search paths... By the way, as usual, makeinfo --plaintext -o gnupg.txt /doc/gnupg.texi works fine. Bernard Leak _________________________________________________________________ Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ From ametzler at downhill.at.eu.org Sat May 5 18:49:07 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 5 May 2007 18:49:07 +0200 Subject: shlib-with-non-pic-code (was: [Announce] Libgcrypt 1.3.0 (development) released) References: <87r6pw95d0.fsf__22945.5061410137$1178281125$gmane$org@wheatstone.g10code.de> Message-ID: <35pug4-ajn.ln1@argenau.downhill.at.eu.org> Werner Koch wrote: [...] Hello, if built on i386, (./configure --build=i486-linux-gnu) I end up with non-PIC code in the shared library, which is a regression compared to 1.2.4. SID)ametzler at argenau:/tmp/GCR/libgcrypt11-1.3.0$ objdump --private-headers \ src/.libs/libgcrypt.so.11.4.0 | grep TEXTREL TEXTREL 0x0 (SID)ametzler at argenau:/tmp/GCR/libgcrypt11-1.3.0$ scanelf -qT src/.libs/libgcryp t.so.11.4.0 libgcrypt.so.11.4.0: (memory/fake?) [0x476D6] in _gcry_mpih_add_n [0x476A8] libgcrypt.so.11.4.0: (memory/fake?) [0x47766] in _gcry_mpih_sub_n [0x47738] src/.libs/libgcrypt.so.11.4.0 I do not know how to go on from that, but I will happily try to provide further information. thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From wk at gnupg.org Mon May 7 16:09:15 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 07 May 2007 16:09:15 +0200 Subject: shlib-with-non-pic-code In-Reply-To: <35pug4-ajn.ln1@argenau.downhill.at.eu.org> (Andreas Metzler's message of "Sat\, 5 May 2007 18\:49\:07 +0200") References: <87r6pw95d0.fsf__22945.5061410137$1178281125$gmane$org@wheatstone.g10code.de> <35pug4-ajn.ln1@argenau.downhill.at.eu.org> Message-ID: <87wszk7mk4.fsf@wheatstone.g10code.de> On Sat, 5 May 2007 18:49, ametzler at downhill.at.eu.org said: > I do not know how to go on from that, but I will happily try to provide further information. Marcus found the problem and we will change the build system. Automake 1.10 should make all the old build hacks obsolete. Shalom-Salam, Werner From ametzler at downhill.at.eu.org Mon May 7 19:40:03 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Mon, 7 May 2007 19:40:03 +0200 Subject: shlib-with-non-pic-code In-Reply-To: <87wszk7mk4.fsf@wheatstone.g10code.de> References: <87r6pw95d0.fsf__22945.5061410137$1178281125$gmane$org@wheatstone.g10code.de> <35pug4-ajn.ln1@argenau.downhill.at.eu.org> <87wszk7mk4.fsf@wheatstone.g10code.de> Message-ID: <20070507174002.GA3706@downhill.g.la> On 2007-05-07 Werner Koch wrote: > On Sat, 5 May 2007 18:49, ametzler at downhill.at.eu.org said: >> I do not know how to go on from that, but I will happily try to >> provide further information. > Marcus found the problem and we will change the build system. > Automake 1.10 should make all the old build hacks obsolete. Splendid. Thanks for the thumbs up. cu andreas From wk at gnupg.org Tue May 8 09:34:09 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 08 May 2007 09:34:09 +0200 Subject: gnupg: a(nother) documentation patch, and configure.ac In-Reply-To: (Bernard Leak's message of "Sat\, 05 May 2007 14\:18\:55 +0000") References: Message-ID: <87bqgvwyz2.fsf@wheatstone.g10code.de> On Sat, 5 May 2007 16:18, thisisnotapipe at hotmail.com said: > The version of libgcrypt required for the current live gnupg should be > found and set in configure.ac (the latest stable release is too old, > and this wasn't detected until the build failed). A check-out from the live That was actually a regression in the SVN. I have fixed it and tested with libgcrypt 1.2.2. > Should configure.ac still say it's for the '1.9' release, as it does at > the top? I think it would be useful if configure.ac noted (as it does Changed. > for libgcrypt) the latest svn revision number. Then I could refer to > it unambiguously. You mean the AC_REVISION? This is a bit problematic as it does not indicate whether the whole tree has been updated to this revision. It might only be this file. There is no simple way to check for it. You need to manually do an svn up ./autogen.sh --force to get the correct svn revision into the version string. > I attach a patch which should make building the docs. in a separate > build tree cleaner (and work). It has UN*X (LF) -style line-breaks. > A bzipped version should be available for the foreseeable future in Thanks. I fixed it in another way using the install-html-local target. The postscript building has also been fixed by changing the DVIPS command (this is less intrusive that changing default rules). Shalom-Salam, Werner From wk at gnupg.org Tue May 8 09:59:26 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 08 May 2007 09:59:26 +0200 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <200705041216.31772.nsushkin@sushkins.net> (Nicholas Sushkin's message of "Fri\, 4 May 2007 12\:16\:26 -0400") References: <200705031634.20528.nsushkin@sushkins.net> <878xc5atpt.fsf@wheatstone.g10code.de> <200705040907.30836.nsushkin@sushkins.net> <200705041216.31772.nsushkin@sushkins.net> Message-ID: <873b27wxsx.fsf@wheatstone.g10code.de> On Fri, 4 May 2007 18:16, nsushkin at sushkins.net said: > I searched the internet for clarifications on how SMimeCapabilities should > be used. I found that S/MIME Version 3.1 specifically says that NULLs > should not be used to encode parameters. That is what the RFC says but not what everone else is doing. The capabilities are basically algorithm identifiers and thus we should apply the same rules to them. To quote Peter Gutmann's X.509 guide: | Another pitfall to be aware of is that algorithms which have no | parameters have this specified as a NULL value rather than omitting | the parameters field entirely. The reason for this is that when the | 1988 syntax for AlgorithmIdentifier was translated into the 1997 | syntax, the OPTIONAL associated with the AlgorithmIdentifier | parameters got lost. Later it was recovered via a defect report, but | by then everyone thought that algorithm parameters were mandatory. | Because of this the algorithm parameters should be specified as NULL, | regardless of what you read elsewhere. Thus we do it this way. Given that gpgsm passed a lot of compatibility tests [1], I don't see a reason to change it. IIRC, the test lab once also did some unoffcial tests with Mozilla and they had a few problems with it. Shalom-Salam, Werner [1] http://www.bsi.de/fachthem/verwpki/interoptests/testberichte.htm (German) From wk at gnupg.org Tue May 8 10:03:21 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 08 May 2007 10:03:21 +0200 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <200705040907.30836.nsushkin@sushkins.net> (Nicholas Sushkin's message of "Fri\, 4 May 2007 09\:07\:20 -0400") References: <200705031634.20528.nsushkin@sushkins.net> <878xc5atpt.fsf@wheatstone.g10code.de> <200705040907.30836.nsushkin@sushkins.net> Message-ID: <87y7jzvj1y.fsf@wheatstone.g10code.de> On Fri, 4 May 2007 15:07, nsushkin at sushkins.net said: > Did you read the bug report? There may be another problem with the > encryption protocol negotiation between gpgsm and Thunderbird. I browsed it. The important point is that Mozilla should never ever use RC2 for encryption. Plainly implementing something from one of the standards is not a viable solution. See also my other reply. Salam-Shalom, Werner From nsushkin at sushkins.net Tue May 8 17:09:48 2007 From: nsushkin at sushkins.net (Nicholas Sushkin) Date: Tue, 8 May 2007 11:09:48 -0400 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <873b27wxsx.fsf@wheatstone.g10code.de> References: <200705031634.20528.nsushkin@sushkins.net> <200705041216.31772.nsushkin@sushkins.net> <873b27wxsx.fsf@wheatstone.g10code.de> Message-ID: <200705081109.53240.nsushkin@sushkins.net> Werner, Thanks for looking into this. Thunderbird will be generating RFC syntax, but accepting NULLs, so I guess it will work out for now. Hope all the clients will be trying to get into compliance with the RFC. Also, I noticed that the last interop test was done in 2005 and Thunderbird was not included. Was that a German government requirement to do the test or industry initiative? Hopefully we will see more tests in the future. On Tuesday 08 May 2007 03:59, Werner Koch wrote: > On Fri, 4 May 2007 18:16, nsushkin at sushkins.net said: > > I searched the internet for clarifications on how SMimeCapabilities > > should be used. I found that S/MIME Version 3.1 specifically says that > > NULLs should not be used to encode parameters. > > That is what the RFC says but not what everone else is doing. The > capabilities are basically algorithm identifiers and thus we should > > apply the same rules to them. To quote Peter Gutmann's X.509 guide: > | Another pitfall to be aware of is that algorithms which have no > | parameters have this specified as a NULL value rather than omitting > | the parameters field entirely. The reason for this is that when the > | 1988 syntax for AlgorithmIdentifier was translated into the 1997 > | syntax, the OPTIONAL associated with the AlgorithmIdentifier > | parameters got lost. Later it was recovered via a defect report, but > | by then everyone thought that algorithm parameters were mandatory. > | Because of this the algorithm parameters should be specified as NULL, > | regardless of what you read elsewhere. > > Thus we do it this way. Given that gpgsm passed a lot of compatibility > tests [1], I don't see a reason to change it. IIRC, the test lab once > also did some unoffcial tests with Mozilla and they had a few problems > with it. > > > Shalom-Salam, > > Werner > > > [1] http://www.bsi.de/fachthem/verwpki/interoptests/testberichte.htm > (German) -- Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1388 bytes Desc: not available Url : /pipermail/attachments/20070508/03e078b7/attachment.bin From wk at gnupg.org Wed May 9 12:58:43 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 09 May 2007 12:58:43 +0200 Subject: [Announce] GnuPG 2.0.4 released Message-ID: <87lkfyb6vw.fsf@wheatstone.g10code.de> Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.4 This is maintenance release with a few minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.7) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Getting the Software ==================== Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.4 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and ist mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.4.tar.bz2 (3491k) gnupg-2.0.4.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.3-2.0.4.diff.bz2 (237k) A patch file to upgrade a 2.0.3 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs. Checking the Integrity ====================== In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.4.tar.bz2 you would use this command: gpg --verify gnupg-2.0.4.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.4.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.4.tar.bz2 and check that the output matches the first line from the following list: cc230636bb4226f6d7ac2db9b259d8e7f5529f84 gnupg-2.0.4.tar.bz2 9f1ad40f88ef567498b07dab718defc2ac319c35 gnupg-2.0.3-2.0.4.diff.bz2 What's New =========== * The server mode key listing commands are now also working for systems without the funopen/fopencookie API. * PKCS#12 import now tries several encodings in case the passphrase was not utf-8 encoded. New option --p12-charset for gpgsm. * Improved the libgcrypt logging support in all modules. Internationalization ==================== GnuPG comes with support for 27 languages. Due to a lot of new and changed strings most translations are not entirely complete. The Swedish, Turkish, German and Russian translations close to be complete. Documentation ============= We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists for advise on how to solve problems. Many of the new features are around for several years and thus enough public knowledge is already available. KDE's KMail is the most prominent user of GnuPG. In fact it has been developed along with the Kmail folks. Mutt users might want to use the configure option "--enable-gpgme" and "set use_crypt_gpgme" in ~/.muttrc to make use of GnuPG-2 to enable S/MIME in addition to a reworked OpenPGP support. The manual is also available online in HTML format at http://www.gnupg.org/documentation/manuals/gnupg/ and as an PDF at http://www.gnupg.org/documentation/manuals/gnupg.pdf . Support ======= Improving GnuPG is costly, but you can help! We are looking for organizations that find GnuPG useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or by donating money. Commercial support contracts for GnuPG are available, and they help finance continued maintenance. g10 Code GmbH, a Duesseldorf based company owned and headed by GnuPG's principal author, is currently funding GnuPG development. We are always looking for interesting development projects. The GnuPG service directory is available at: http://www.gnupg.org/service.html Thanks ====== We have to thank all the people who helped with this release, be it testing, coding, translating, suggesting, auditing, administering the servers, spreading the word or answering questions on the mailing lists. Happy Hacking, The GnuPG Team (David, Marcus, Werner and all other contributors) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : /pipermail/attachments/20070509/6d957c08/attachment-0001.pgp -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From wk at gnupg.org Wed May 9 13:54:52 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 09 May 2007 13:54:52 +0200 Subject: gpgsm 1.9.22 supports no RC2 Algorithm ? In-Reply-To: <200705081109.53240.nsushkin@sushkins.net> (Nicholas Sushkin's message of "Tue\, 8 May 2007 11\:09\:48 -0400") References: <200705031634.20528.nsushkin@sushkins.net> <200705041216.31772.nsushkin@sushkins.net> <873b27wxsx.fsf@wheatstone.g10code.de> <200705081109.53240.nsushkin@sushkins.net> Message-ID: <876472b4ab.fsf@wheatstone.g10code.de> On Tue, 8 May 2007 17:09, nsushkin at sushkins.net said: > accepting NULLs, so I guess it will work out for now. Hope all the clients > will be trying to get into compliance with the RFC. Recall that X.509 is not defined by an RFC. PKIX is just one profile of X.509. There are myriads of other profiles. If you want something better defined than X.509 you should use OpenPGP ;-) > Also, I noticed that the last interop test was done in 2005 and Thunderbird > was not included. Was that a German government requirement to do the test > or industry initiative? Hopefully we will see more tests in the future. These tests are due to a governement initiative to help making different implementations work together. Salam-Shalom, Werner From marcus.brinkmann at ruhr-uni-bochum.de Wed May 9 20:20:23 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Wed, 09 May 2007 20:20:23 +0200 Subject: shlib-with-non-pic-code In-Reply-To: <20070507174002.GA3706@downhill.g.la> References: <87r6pw95d0.fsf__22945.5061410137$1178281125$gmane$org@wheatstone.g10code.de> <35pug4-ajn.ln1@argenau.downhill.at.eu.org> <87wszk7mk4.fsf@wheatstone.g10code.de> <20070507174002.GA3706@downhill.g.la> Message-ID: <87wszhzwns.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Mon, 7 May 2007 19:40:03 +0200, Andreas Metzler wrote: > > On 2007-05-07 Werner Koch wrote: > > On Sat, 5 May 2007 18:49, ametzler at downhill.at.eu.org said: > > >> I do not know how to go on from that, but I will happily try to > >> provide further information. > > > Marcus found the problem and we will change the build system. > > Automake 1.10 should make all the old build hacks obsolete. > > Splendid. Thanks for the thumbs up. Hi, I applied the below change, which removes the relocations for me. Thanks for the report! 2007-05-09 Marcus Brinkmann * configure.ac (ac_cv_mpi_config_done): Unused variable removed. (ac_cv_mpi_mod_list, MPI_MOD_LIST_LO, MPI_MOD_LIST_O): Removed. (MPI_MOD_ASM_MPIH_ADD1, MPI_MOD_ASM_MPIH_SUB1, MPI_MOD_ASM_MPIH_MUL1, MPI_MOD_ASM_MPIH_MUL2, MPI_MOD_ASM_MPIH_MUL3, MPI_MOD_ASM_MPIH_LSHIFT, MPI_MOD_ASM_MPIH_RSHIFT, MPI_MOD_ASM_MPIH_UDIV, MPI_MOD_ASM_MPIH_UDIV_QRNND, MPI_MOD_C_MPIH_ADD1, MPI_MOD_C_MPIH_SUB1, MPI_MOD_C_MPIH_MUL1, MPI_MOD_C_MPIH_MUL2, MPI_MOD_C_MPIH_MUL3, MPI_MOD_C_MPIH_LSHIFT, MPI_MOD_C_MPIH_RSHIFT, MPI_MOD_C_MPIH_UDIV, MPI_MOD_C_MPIH_UDIV_QRNND): New automake variables. mpi/ 2007-05-09 Marcus Brinkmann * config.links: Rename assembler file links by suffixing "-asm". * Makefile.am (CCASCOMPILE, LTCCASCOMPILE, CLEANFILES, libmpi_la_LIBADD, libmpi_la_DEPENDENCIES, SUFFIXES, .S.o, .S.obj, .S.lo): Removed variables and targets. (mpih_add1, mpih_sub1, mpih_mul1, mpih_mul2, mpih_mul3, mpih_lshift, mpih_rshift, mpih_udiv, mpih_udiv_qrnnd, nodist_libmpi_la_SOURCES): New variables. (DISTCLEANFILES): Rename assembler file links by suffixing "-asm". Add variants for C file links. From gnupg-devel at mlists.thewrittenword.com Fri May 11 04:01:14 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Thu, 10 May 2007 21:01:14 -0500 Subject: a few patches for gnupg-2.0.4 Message-ID: <20070511020114.GA4300@acer.localdomain> Hi, We just built gnupg-2.0.4, thanks. We did make some changes though. HP-UX 10.20 does not have dlopen() and its gmtime_r returns 0 on success. Added a configure test to see if #pragma weak works, and another test for socklen_t (we could have used to socklen_t test from gnulib, but this one seemed somehow better at the time). Tru64-4.0 does not have snprintf and IRIX6.5 does not have strsep, we added these gnulib modules (patches not attached, do you want them?). AIX-4.3.3 compiler does not like ',' at the end of enum. Some older compilers did not like the key_rsa_valid.string construct, replaced with #define. HP-UX compilers bailed when they saw 'static const char const *charsets[]', so we removed a const. IRIX and other compilers refuse to do pointer math on void* pointers. 'The expression must be a pointer to a complete object type.' Some compilers bailed with the extra semi-colon in 'int error;;' We wanted to do a configure check for __func__, but it seems as though the file asschk.c does not #include and may be meant as a standalone? So we used preprocessor defines to get it compiling. SUNPRO_C on solaris2.6 did not like the #define die. We built with curl support everywhere and found that some libraries were not added in this case. Thank you, Peter -------------- next part -------------- Index: configure.ac =================================================================== --- configure.ac.orig 2007-05-10 22:09:34.587106000 +0000 +++ configure.ac 2007-05-10 22:09:38.765314000 +0000 @@ -459,8 +459,14 @@ AC_SYS_LARGEFILE GNUPG_CHECK_FAQPROG GNUPG_CHECK_USTAR - - +GPG_TYPE_SOCKLEN_T +AC_CACHE_CHECK([for pragma weak],[gpg_cv_pragma_weak],[ +AC_TRY_COMPILE([ +#pragma weak pth_fork +],[],[gpg_cv_pragma_weak=yes],[gpg_cv_pragma_weak=no])]) +if test "x$gpg_cv_pragma_weak" = "xyes"; then +AC_DEFINE([HAVE_PRAGMA_WEAK],[1],[define if pragma weak works]) +fi try_gettext=yes have_dosish_system=no have_w32_system=no @@ -625,7 +611,7 @@ # gnupg_dlopen_save_libs="$LIBS" LIBS="" -AC_SEARCH_LIBS(dlopen, c dl,,,) +AC_SEARCH_LIBS(dlopen, c dl,,[AC_SEARCH_LIBS(shl_load, dld,,,)],) DL_LIBS=$LIBS AC_SUBST(DL_LIBS) LIBS="$gnupg_dlopen_save_libs" @@ -890,7 +876,7 @@ # AC_HEADER_STDC AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h]) -AC_CHECK_HEADERS([pty.h pwd.h inttypes.h]) +AC_CHECK_HEADERS([pty.h pwd.h inttypes.h dlfcn.h dl.h]) AC_HEADER_TIME @@ -986,7 +972,7 @@ # gl_SOURCE_BASE([gl]) gl_M4_BASE([gl/m4]) -gl_MODULES([setenv mkdtemp vasprintf xsize]) +gl_MODULES([setenv mkdtemp vasprintf xsize snprintf strsep]) gl_INIT Index: keyserver/Makefile.am =================================================================== --- keyserver/Makefile.am.orig 2007-05-10 22:09:34.828908000 +0000 +++ keyserver/Makefile.am 2007-05-11 00:25:45.228451000 +0000 @@ -45,7 +45,6 @@ $(NETLIBS) $(other_libs) gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c -gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS) gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \ $(NETLIBS) $(other_libs) @@ -61,11 +60,15 @@ gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS) gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \ $(other_libs) +gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS) else gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS) -gpg2keys_curl_LDADD = $(LIBCURL) $(GETOPT) +gpg2keys_curl_LDADD = $(common_libs) $(LIBCURL) $(GPG_ERROR_LIBS) $(GETOPT) \ + $(NETLIBS) $(DNSLIBS) $(other_libs) gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS) -gpg2keys_hkp_LDADD = $(LIBCURL) $(GETOPT) +gpg2keys_hkp_LDADD = $(common_libs) $(LIBCURL) $(GPG_ERROR_LIBS) $(GETOPT) \ + $(NETLIBS) $(DNSLIBS) $(other_libs) +gpg2keys_finger_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS) endif # Make sure that all libs are build before we use them. This is Index: tests/asschk.c =================================================================== --- tests/asschk.c.orig 2007-05-10 22:09:34.865014000 +0000 +++ tests/asschk.c 2007-05-10 22:09:38.944579000 +0000 @@ -121,13 +121,13 @@ # if __GNUC__ >= 2 # define __func__ __FUNCTION__ # else -/* Let's try our luck here. Some systems may provide __func__ without - providing __STDC_VERSION__ 199901L. */ -# if 0 # define __func__ "" -# endif +# define _NO_REDEF_DIE_ # endif #endif +#if __SUNPRO_C<=0x530 +# define _NO_REDEF_DIE_ +#endif #define spacep(p) (*(p) == ' ' || *(p) == '\t') @@ -138,7 +138,7 @@ LINE_ERR, LINE_STAT, LINE_DATA, - LINE_END, + LINE_END } LINETYPE; typedef enum { @@ -200,9 +200,9 @@ exit (1); } - +#ifndef _NO_REDEF_DIE_ #define die(format, args...) (die) ("%s: " format, __func__ , ##args) - +#endif static void err (const char *format, ...) { @@ -310,7 +310,7 @@ { int i; - printf ("%s: read \"", __FUNCTION__); + printf ("%s: read \"",__func__); for (i = 0; i < n; i ++) putc (buf[i], stdout); printf ("\"\n"); Index: agent/learncard.c =================================================================== --- agent/learncard.c.orig 2007-05-10 22:09:34.901120000 +0000 +++ agent/learncard.c 2007-05-10 22:09:38.985453000 +0000 @@ -78,7 +78,7 @@ typedef struct sinfo_s *SINFO; struct sinfo_cb_parm_s { - int error;; + int error; SINFO info; }; Index: scd/app-openpgp.c =================================================================== --- scd/app-openpgp.c.orig 2007-05-10 22:09:34.997628000 +0000 +++ scd/app-openpgp.c 2007-05-10 22:09:39.034018000 +0000 @@ -2223,13 +2223,13 @@ else if (indatalen == (15 + 20) && hashalgo == GCRY_MD_SHA1 && !memcmp (indata, sha1_prefix, 15)) { - indata += 15; + indata = (char *)indata + 15; indatalen -= 15; } else if (indatalen == (15 + 20) && hashalgo == GCRY_MD_RMD160 && !memcmp (indata, rmd160_prefix, 15)) { - indata += 15; + indata = (char *)indata + 15; indatalen -= 15; } else Index: m4/socklen.m4 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ m4/socklen.m4 2007-05-10 22:09:39.225443000 +0000 @@ -0,0 +1,42 @@ +dnl Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl From Albert Chin, Windows fixes from Simon Josefsson. + +dnl Check for socklen_t: historically on BSD it is an int, and in +dnl POSIX 1g it is a type of its own, but some platforms use different +dnl types for the argument to getsockopt, getpeername, etc. So we +dnl have to test to find something that will work. + +dnl Windows fixes removed for db. Functions renamed, basic check +dnl remains the same though. + +AC_DEFUN([GPG_TYPE_SOCKLEN_T],[ + AC_CHECK_HEADERS_ONCE(sys/socket.h) + AC_MSG_CHECKING([for socklen_t or equivalent]) + AC_CACHE_VAL([gpg_cv_socklen_t_equiv],[ + gpg_cv_socklen_t_equiv= + for t in socklen_t int size_t "unsigned int" "long int" "unsigned long int"; do + AC_TRY_COMPILE( + [#include + #if HAVE_SYS_SOCKET_H + # include + #elif HAVE_WS2TCPIP_H + # include + #endif], + [$t len; + getpeername (0, 0, &len);], + [gpg_cv_socklen_t_equiv="$t"]) + test "$gpg_cv_socklen_t_equiv" != "" && break + done + ]) + if test "$gpg_cv_socklen_t_equiv" = ""; then + AC_MSG_ERROR([Cannot find a type to use in place of socklen_t]) + fi + AC_MSG_RESULT([$gpg_cv_socklen_t_equiv]) + if test "$gpg_cv_socklen_t_equiv" != "socklen_t"; then + AC_DEFINE_UNQUOTED([socklen_t], [$gpg_cv_socklen_t_equiv], + [type to use in place of socklen_t if not defined]) + fi]) Index: common/exechelp.c =================================================================== --- common/exechelp.c.orig 2007-05-10 22:09:35.045872000 +0000 +++ common/exechelp.c 2007-05-10 22:09:39.251034000 +0000 @@ -61,7 +61,7 @@ here. Using a weak symbol works but is not portable - we should provide a an explicit dummy pth module instead of using the pragma. */ -#ifndef _WIN32 +#ifdef HAVE_PRAGMA_WEAK #pragma weak pth_fork #pragma weak pth_waitpid #endif Index: jnlib/Makefile.am =================================================================== --- jnlib/Makefile.am.orig 2007-05-10 22:09:36.314332000 +0000 +++ jnlib/Makefile.am 2007-05-10 22:09:41.405833000 +0000 @@ -24,7 +24,7 @@ EXTRA_DIST = README -AM_CPPFLAGS = -I$(top_srcdir)/intl +AM_CPPFLAGS = -I$(top_srcdir)/gl -I../gl -I$(top_srcdir)/intl # We need libgcrypt because libjnlib-config includes gcrypt.h AM_CFLAGS = $(LIBGCRYPT_CFLAGS) Index: agent/t-protect.c =================================================================== --- agent/t-protect.c.orig 2007-05-10 22:09:34.949440000 +0000 +++ agent/t-protect.c 2007-05-10 22:09:41.443167000 +0000 @@ -48,97 +48,93 @@ const char *string; }; /* Valid RSA key. */ - struct key_spec key_rsa_valid = - { - "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" - "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92" - "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04" - "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D" - "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49" - "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F" - "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77" - "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28" - "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3" - "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A" - "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9" - "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77" - "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7" - "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD" - "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34" - "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B" - "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A" - "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85" - "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28" - "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F" - "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2" - "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21" - "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33" - "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72" - "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B" - "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17" +#define key_rsa_valid \ + "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" \ + "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92" \ + "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04" \ + "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D" \ + "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49" \ + "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F" \ + "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77" \ + "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28" \ + "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3" \ + "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A" \ + "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9" \ + "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77" \ + "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7" \ + "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD" \ + "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34" \ + "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B" \ + "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A" \ + "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85" \ + "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28" \ + "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F" \ + "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2" \ + "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21" \ + "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33" \ + "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72" \ + "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B" \ + "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17" \ "\xD0\x68\x0B\x29\x29\x29\x00" - }; + /* This RSA key is missing the last closing brace. */ - struct key_spec key_rsa_bogus_0 = - { - "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" - "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92" - "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04" - "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D" - "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49" - "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F" - "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77" - "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28" - "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3" - "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A" - "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9" - "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77" - "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7" - "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD" - "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34" - "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B" - "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A" - "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85" - "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28" - "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F" - "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2" - "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21" - "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33" - "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72" - "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B" - "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17" +#define key_rsa_bogus_0 \ + "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" \ + "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xB6\xB5\x09\x59\x6A\x9E\xCA\xBC\x93\x92" \ + "\x12\xF8\x91\xE6\x56\xA6\x26\xBA\x07\xDA\x85\x21\xA9\xCA\xD4\xC0\x8E\x64\x0C\x04" \ + "\x05\x2F\xBB\x87\xF4\x24\xEF\x1A\x02\x75\xA4\x8A\x92\x99\xAC\x9D\xB6\x9A\xBE\x3D" \ + "\x01\x24\xE6\xC7\x56\xB1\xF7\xDF\xB9\xB8\x42\xD6\x25\x1A\xEA\x6E\xE8\x53\x90\x49" \ + "\x5C\xAD\xA7\x3D\x67\x15\x37\xFC\xE5\x85\x0A\x93\x2F\x32\xBA\xB6\x0A\xB1\xAC\x1F" \ + "\x85\x2C\x1F\x83\xC6\x25\xE7\xA7\xD7\x0C\xDA\x9E\xF1\x6D\x5C\x8E\x47\x73\x9D\x77" \ + "\xDF\x59\x26\x1A\xBE\x84\x54\x80\x7F\xF4\x41\xE1\x43\xFB\xD3\x7F\x85\x45\x29\x28" \ + "\x31\x3A\x65\x33\x3A\x01\x00\x01\x29\x28\x31\x3A\x64\x31\x32\x38\x3A\x07\x7A\xD3" \ + "\xDE\x28\x42\x45\xF4\x80\x6A\x1B\x82\xB7\x9E\x61\x6F\xBD\xE8\x21\xC8\x2D\x69\x1A" \ + "\x65\x66\x5E\x57\xB5\xFA\xD3\xF3\x4E\x67\xF4\x01\xE7\xBD\x2E\x28\x69\x9E\x89\xD9" \ + "\xC4\x96\xCF\x82\x19\x45\xAE\x83\xAC\x7A\x12\x31\x17\x6A\x19\x6B\xA6\x02\x7E\x77" \ + "\xD8\x57\x89\x05\x5D\x50\x40\x4A\x7A\x2A\x95\xB1\x51\x2F\x91\xF1\x90\xBB\xAE\xF7" \ + "\x30\xED\x55\x0D\x22\x7D\x51\x2F\x89\xC0\xCD\xB3\x1A\xC0\x6F\xA9\xA1\x95\x03\xDD" \ + "\xF6\xB6\x6D\x0B\x42\xB9\x69\x1B\xFD\x61\x40\xEC\x17\x20\xFF\xC4\x8A\xE0\x0C\x34" \ + "\x79\x6D\xC8\x99\xE5\x29\x28\x31\x3A\x70\x36\x35\x3A\x00\xD5\x86\xC7\x8E\x5F\x1B" \ + "\x4B\xF2\xE7\xCD\x7A\x04\xCA\x09\x19\x11\x70\x6F\x19\x78\x8B\x93\xE4\x4E\xE2\x0A" \ + "\xAF\x46\x2E\x83\x63\xE9\x8A\x72\x25\x3E\xD8\x45\xCC\xBF\x24\x81\xBB\x35\x1E\x85" \ + "\x57\xC8\x5B\xCF\xFF\x0D\xAB\xDB\xFF\x8E\x26\xA7\x9A\x09\x38\x09\x6F\x27\x29\x28" \ + "\x31\x3A\x71\x36\x35\x3A\x00\xDB\x0C\xDF\x60\xF2\x6F\x2A\x29\x6C\x88\xD6\xBF\x9F" \ + "\x8E\x5B\xE4\x5C\x0D\xDD\x71\x3C\x96\xCC\x73\xEB\xCB\x48\xB0\x61\x74\x09\x43\xF2" \ + "\x1D\x2A\x93\xD6\xE4\x2A\x72\x11\xE7\xF0\x2A\x95\xDC\xED\x6C\x39\x0A\x67\xAD\x21" \ + "\xEC\xF7\x39\xAE\x8A\x0C\xA4\x6F\xF2\xEB\xB3\x29\x28\x31\x3A\x75\x36\x34\x3A\x33" \ + "\x14\x91\x95\xF1\x69\x12\xDB\x20\xA4\x8D\x02\x0D\xBC\x3B\x9E\x38\x81\xB3\x9D\x72" \ + "\x2B\xF7\x93\x78\xF6\x34\x0F\x43\x14\x8A\x6E\x9F\xC5\xF5\x3E\x28\x53\xB7\x38\x7B" \ + "\xA4\x44\x3B\xA5\x3A\x52\xFC\xA8\x17\x3D\xE6\xE8\x5B\x42\xF9\x78\x3D\x4A\x78\x17" \ "\xD0\x68\x0B\x29\x29\x00" - }; + /* This RSA key is the `e' value. */ - struct key_spec key_rsa_bogus_1 = - { - "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" - "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xA8\x80\xB6\x71\xF4\x95\x9F\x49\x84\xED" - "\xC1\x1D\x5F\xFF\xED\x14\x7B\x9C\x6A\x62\x0B\x7B\xE2\x3E\x41\x48\x49\x85\xF5\x64" - "\x50\x04\x9D\x30\xFC\x84\x1F\x01\xC3\xC3\x15\x03\x48\x6D\xFE\x59\x0B\xB0\xD0\x3E" - "\x68\x8A\x05\x7A\x62\xB0\xB9\x6E\xC5\xD2\xA8\xEE\x0C\x6B\xDE\x5E\x3D\x8E\xE8\x8F" - "\xB3\xAE\x86\x99\x7E\xDE\x2B\xC2\x4D\x60\x51\xDB\xB1\x2C\xD0\x38\xEC\x88\x62\x3E" - "\xA9\xDD\x11\x53\x04\x17\xE4\xF2\x07\x50\xDC\x44\xED\x14\xF5\x0B\xAB\x9C\xBC\x24" - "\xC6\xCB\xAD\x0F\x05\x25\x94\xE2\x73\xEB\x14\xD5\xEE\x5E\x18\xF0\x40\x31\x29\x28" - "\x31\x3A\x64\x31\x32\x38\x3A\x40\xD0\x55\x9D\x2A\xA7\xBC\xBF\xE2\x3E\x33\x98\x71" - "\x7B\x37\x3D\xB8\x38\x57\xA1\x43\xEA\x90\x81\x42\xCA\x23\xE1\xBF\x9C\xA8\xBC\xC5" - "\x9B\xF8\x9D\x77\x71\xCD\xD3\x85\x8B\x20\x3A\x92\xE9\xBC\x79\xF3\xF7\xF5\x6D\x15" - "\xA3\x58\x3F\xC2\xEB\xED\x72\xD4\xE0\xCF\xEC\xB3\xEC\xEB\x09\xEA\x1E\x72\x6A\xBA" - "\x95\x82\x2C\x7E\x30\x95\x66\x3F\xA8\x2D\x40\x0F\x7A\x12\x4E\xF0\x71\x0F\x97\xDB" - "\x81\xE4\x39\x6D\x24\x58\xFA\xAB\x3A\x36\x73\x63\x01\x77\x42\xC7\x9A\xEA\x87\xDA" - "\x93\x8F\x6C\x64\xAD\x9E\xF0\xCA\xA2\x89\xA4\x0E\xB3\x25\x73\x29\x28\x31\x3A\x70" - "\x36\x35\x3A\x00\xC3\xF7\x37\x3F\x9D\x93\xEC\xC7\x5E\x4C\xB5\x73\x29\x62\x35\x80" - "\xC6\x7C\x1B\x1E\x68\x5F\x92\x56\x77\x0A\xE2\x8E\x95\x74\x87\xA5\x2F\x83\x2D\xF7" - "\xA1\xC2\x78\x54\x18\x6E\xDE\x35\xF0\x9F\x7A\xCA\x80\x5C\x83\x5C\x44\xAD\x8B\xE7" - "\x5B\xE2\x63\x7D\x6A\xC7\x98\x97\x29\x28\x31\x3A\x71\x36\x35\x3A\x00\xDC\x1F\xB1" - "\xB3\xD8\x13\xE0\x09\x19\xFD\x1C\x58\xA1\x2B\x02\xB4\xC8\xF2\x1C\xE7\xF9\xC6\x3B" - "\x68\xB9\x72\x43\x86\xEF\xA9\x94\x68\x02\xEF\x7D\x77\xE0\x0A\xD1\xD7\x48\xFD\xCD" - "\x98\xDA\x13\x8A\x76\x48\xD4\x0F\x63\x28\xFA\x01\x1B\xF3\xC7\x15\xB8\x53\x22\x7E" - "\x77\x29\x28\x31\x3A\x75\x36\x35\x3A\x00\xB3\xBB\x4D\xEE\x5A\xAF\xD0\xF2\x56\x8A" - "\x10\x2D\x6F\x4B\x2D\x76\x49\x9B\xE9\xA8\x60\x5D\x9E\x7E\x50\x86\xF1\xA1\x0F\x28" - "\x9B\x7B\xE8\xDD\x1F\x87\x4E\x79\x7B\x50\x12\xA7\xB4\x8B\x52\x38\xEC\x7C\xBB\xB9" +#define key_rsa_bogus_1 \ + "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28\x33\x3A\x72\x73" \ + "\x61\x28\x31\x3A\x6E\x31\x32\x39\x3A\x00\xA8\x80\xB6\x71\xF4\x95\x9F\x49\x84\xED" \ + "\xC1\x1D\x5F\xFF\xED\x14\x7B\x9C\x6A\x62\x0B\x7B\xE2\x3E\x41\x48\x49\x85\xF5\x64" \ + "\x50\x04\x9D\x30\xFC\x84\x1F\x01\xC3\xC3\x15\x03\x48\x6D\xFE\x59\x0B\xB0\xD0\x3E" \ + "\x68\x8A\x05\x7A\x62\xB0\xB9\x6E\xC5\xD2\xA8\xEE\x0C\x6B\xDE\x5E\x3D\x8E\xE8\x8F" \ + "\xB3\xAE\x86\x99\x7E\xDE\x2B\xC2\x4D\x60\x51\xDB\xB1\x2C\xD0\x38\xEC\x88\x62\x3E" \ + "\xA9\xDD\x11\x53\x04\x17\xE4\xF2\x07\x50\xDC\x44\xED\x14\xF5\x0B\xAB\x9C\xBC\x24" \ + "\xC6\xCB\xAD\x0F\x05\x25\x94\xE2\x73\xEB\x14\xD5\xEE\x5E\x18\xF0\x40\x31\x29\x28" \ + "\x31\x3A\x64\x31\x32\x38\x3A\x40\xD0\x55\x9D\x2A\xA7\xBC\xBF\xE2\x3E\x33\x98\x71" \ + "\x7B\x37\x3D\xB8\x38\x57\xA1\x43\xEA\x90\x81\x42\xCA\x23\xE1\xBF\x9C\xA8\xBC\xC5" \ + "\x9B\xF8\x9D\x77\x71\xCD\xD3\x85\x8B\x20\x3A\x92\xE9\xBC\x79\xF3\xF7\xF5\x6D\x15" \ + "\xA3\x58\x3F\xC2\xEB\xED\x72\xD4\xE0\xCF\xEC\xB3\xEC\xEB\x09\xEA\x1E\x72\x6A\xBA" \ + "\x95\x82\x2C\x7E\x30\x95\x66\x3F\xA8\x2D\x40\x0F\x7A\x12\x4E\xF0\x71\x0F\x97\xDB" \ + "\x81\xE4\x39\x6D\x24\x58\xFA\xAB\x3A\x36\x73\x63\x01\x77\x42\xC7\x9A\xEA\x87\xDA" \ + "\x93\x8F\x6C\x64\xAD\x9E\xF0\xCA\xA2\x89\xA4\x0E\xB3\x25\x73\x29\x28\x31\x3A\x70" \ + "\x36\x35\x3A\x00\xC3\xF7\x37\x3F\x9D\x93\xEC\xC7\x5E\x4C\xB5\x73\x29\x62\x35\x80" \ + "\xC6\x7C\x1B\x1E\x68\x5F\x92\x56\x77\x0A\xE2\x8E\x95\x74\x87\xA5\x2F\x83\x2D\xF7" \ + "\xA1\xC2\x78\x54\x18\x6E\xDE\x35\xF0\x9F\x7A\xCA\x80\x5C\x83\x5C\x44\xAD\x8B\xE7" \ + "\x5B\xE2\x63\x7D\x6A\xC7\x98\x97\x29\x28\x31\x3A\x71\x36\x35\x3A\x00\xDC\x1F\xB1" \ + "\xB3\xD8\x13\xE0\x09\x19\xFD\x1C\x58\xA1\x2B\x02\xB4\xC8\xF2\x1C\xE7\xF9\xC6\x3B" \ + "\x68\xB9\x72\x43\x86\xEF\xA9\x94\x68\x02\xEF\x7D\x77\xE0\x0A\xD1\xD7\x48\xFD\xCD" \ + "\x98\xDA\x13\x8A\x76\x48\xD4\x0F\x63\x28\xFA\x01\x1B\xF3\xC7\x15\xB8\x53\x22\x7E" \ + "\x77\x29\x28\x31\x3A\x75\x36\x35\x3A\x00\xB3\xBB\x4D\xEE\x5A\xAF\xD0\xF2\x56\x8A" \ + "\x10\x2D\x6F\x4B\x2D\x76\x49\x9B\xE9\xA8\x60\x5D\x9E\x7E\x50\x86\xF1\xA1\x0F\x28" \ + "\x9B\x7B\xE8\xDD\x1F\x87\x4E\x79\x7B\x50\x12\xA7\xB4\x8B\x52\x38\xEC\x7C\xBB\xB9" \ "\x55\x87\x11\x1C\x74\xE7\x7F\xA0\xBA\xE3\x34\x5D\x61\xBF\x29\x29\x29\x00" - }; struct { @@ -158,15 +154,15 @@ { "", "passphrase", 1, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 }, /* - NULL; disabled, this segfaults */ - //{ NULL, - // "passphrase", 1, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 }, + /*{ NULL, + "passphrase", 1, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 }, */ /* Valid and invalid keys. */ - { key_rsa_valid.string, + { key_rsa_valid, "passphrase", 0, 0, NULL, 0, 0, NULL, 0 }, - { key_rsa_bogus_0.string, + { key_rsa_bogus_0, "passphrase", 0, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 }, - { key_rsa_bogus_1.string, + { key_rsa_bogus_1, "passphrase", 0, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 }, /* FIXME: add more test data. */ Index: agent/minip12.c =================================================================== --- agent/minip12.c.orig 2007-05-10 22:09:34.973491000 +0000 +++ agent/minip12.c 2007-05-10 22:09:41.484108000 +0000 @@ -505,7 +505,7 @@ int iter, const char *pw, int cipher_algo, int (*check_fnc) (const void *, size_t)) { - static const char const *charsets[] = { + static const char *charsets[] = { "", /* No conversion - use the UTF-8 passphrase direct. */ "ISO-8859-1", "ISO-8859-15", Index: g10/Makefile.am =================================================================== --- g10/Makefile.am.orig 2007-05-10 22:09:36.362440000 +0000 +++ g10/Makefile.am 2007-05-10 22:09:41.556503000 +0000 @@ -119,9 +119,9 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \ $(LIBINTL) $(CAPLIBS) $(NETLIBS) -gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ +gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) -gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ +gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a Index: common/dynload.h =================================================================== --- common/dynload.h.orig 2007-05-10 22:09:35.070028000 +0000 +++ common/dynload.h 2007-05-10 22:09:41.586637000 +0000 @@ -21,8 +21,67 @@ #ifndef GNUPG_DYNLOAD_H #define GNUPG_DYNLOAD_H + #ifndef __MINGW32__ +#include +#if HAVE_DLFCN_H #include +#elif HAVE_DL_H +#include +#if !defined(DYNAMIC_PATH) +# define DYNAMIC_PATH 0 +#endif +#if !defined(BIND_RESTRICTED) +# define BIND_RESTRICTED 0 +#endif + +#define RTLD_LAZY 0 + +#define BIND_FLAGS (BIND_IMMEDIATE | BIND_NONFATAL | DYNAMIC_PATH) + + + +static inline void * +dlopen (const char * name, int flag) +{ + void * hd = shl_load (name,BIND_FLAGS,0L); + return hd; +} + +static inline void * +dlsym (void *hd, const char *sym) +{ + if (hd && sym) + { + void * fnc; + if (shl_findsym((shl_t*)&hd,sym,TYPE_UNDEFINED,&fnc)) { + return NULL; + } + return fnc; + } + return NULL; +} + + +static inline const char * +dlerror (void) +{ + return "Error"; +} + + +static inline int +dlclose (void * hd) +{ + if (hd) + { + shl_unload(hd); + return 0; + } + return -1; +} +#endif + #else #include Index: scd/pcsc-wrapper.c =================================================================== --- scd/pcsc-wrapper.c.orig 2007-05-10 22:09:35.021757000 +0000 +++ scd/pcsc-wrapper.c 2007-05-10 22:09:41.625112000 +0000 @@ -48,8 +48,11 @@ #include #include #include +#if HAVE_DLFCN_H #include - +#else +#include +#endif #define PGM "pcsc-wrapper" Index: common/gettime.c =================================================================== --- common/gettime.c.orig 2007-05-10 22:09:35.094130000 +0000 +++ common/gettime.c 2007-05-10 22:09:41.671454000 +0000 @@ -63,6 +63,12 @@ struct tm tmbuf; tp = gmtime_r (&atime, &tmbuf); + +/* The man page for gm_time_r on HP-UX 10.20 says: */ +/* For asctime_r(), ctime_r(), gmtime_r(), and localtime_r(), if the */ +/* operation is successful, 0 is returned. */ + + if (!tp) tp = &tmbuf; #else tp = gmtime (&atime); #endif From gnupg-devel at mlists.thewrittenword.com Sat May 12 05:09:48 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Fri, 11 May 2007 22:09:48 -0500 Subject: test failures with gnupg-2.0.4 on solaris, Tru64 and IRIX Message-ID: <20070512030948.GB4300@acer.localdomain> Hi, The sm-sign+verify test is the only test we have failing, here is a sample of the output on Tru64-5.1 (other platforms have the same error, root certificate not trusted- gpg-agent[13640]: command marktrusted failed: Not supported) Any ideas? gpgsm: WARNING: running with faked system time: 2002-12-02 13:29:59 read_assuan: read "OK GNU Privacy Guard's S/M server 2.0.4 ready " sending `INPUT FD=3' expecting OK read_assuan: read "OK " sending `OUTPUT FD=4' expecting OK read_assuan: read "OK " sending `SIGN' expecting OK gpgsm[325479]: can't connect to `/opt/build/gnupg-2.0.4/tests/S.gpg-agent': No such file or directory gpgsm: CRLs not checked due to --disable-crl-checks option gpgsm: DBG: adding certificates at level 1 gpgsm: signature created read_assuan: read "S PROGRESS starting_agent ? 0 0 " read_assuan: read "S SIG_CREATED S 1 2 00 20021202T132959 3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E OK " read_assuan: read "OK " sending `RESET' expecting OK read_assuan: read "OK " sending `INPUT FD=5' expecting OK read_assuan: read "OK " sending `OUTPUT FD=6' expecting OK read_assuan: read "OK " sending `VERIFY' gpgsm: Signature made 2002-12-02 13:29:59 using certificate ID 33BDB76E expecting OK gpgsm: root certificate is not marked trusted gpgsm: fingerprint=3C:F4:05:46:4F:66:ED:4A:7D:F4:5B:BD:D1:E4:28:2E:33:BD:B7:6E gpg-agent[325468]: command marktrusted failed: Not supported gpgsm: DBG: BEGIN Certificate `issuer': gpgsm: DBG: serial: 00 gpgsm: DBG: notBefore: 2001-12-03 09:36:38 gpgsm: DBG: notAfter: 2002-12-03 09:36:38 gpgsm: DBG: issuer: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=D?sseldorf,C=DE gpgsm: DBG: subject: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=D?sseldorf,C=DE gpgsm: DBG: hash algo: 1.2.840.113549.1.1.4 gpgsm: DBG: SHA1 Fingerprint: 3C:F4:05:46:4F:66:ED:4A:7D:F4:5B:BD:D1:E4:28:2E:33:BD:B7:6E gpgsm: DBG: END Certificate gpgsm: after checking the fingerprint, you may want to add it manually to the list of trusted certificates. gpgsm: interactive marking as trusted not enabled in gpg-agent gpgsm: invalid certification chain: Not trusted read_assuan: read "S NEWSIG " read_assuan: read "S GOODSIG 3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=D?sseldorf,C=DE S VALIDSIG 3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E 2002-12-02 20021202T132959 20021203T093638 S TRUST_UNDEFINED 98 OK " read_assuan: read "S VALIDSIG 3CF405464F66ED4A7DF45BBDD1E4282E33BDB76E 2002-12-02 20021202T132959 20021203T093638 S TRUST_UNDEFINED 98 OK " read_assuan: read "S TRUST_UNDEFINED 98 OK " read_assuan: read "OK " goodsig=1 trusted=0 From marcus.brinkmann at ruhr-uni-bochum.de Mon May 14 14:08:38 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 14 May 2007 14:08:38 +0200 Subject: Scute: feature request: Support CKA_TRUSTED attribute on X.509 certs In-Reply-To: <87hcr6azie.fsf@wheatstone.g10code.de> References: <87r6qc63a7.fsf@mocca.josefsson.org> <87wt04f673.fsf@wheatstone.g10code.de> <87ps5v1lir.fsf@mocca.josefsson.org> <87hcr6azie.fsf@wheatstone.g10code.de> Message-ID: <87veev620p.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi, sorry this didn't get sent out earlier, it was stuck in my drafts box. At Tue, 24 Apr 2007 11:32:41 +0200, 'Werner Koch' wrote: > > On Mon, 23 Apr 2007 11:35, simon at josefsson.org said: > > > Thanks. Btw, do you know what the best way to find out which > > certificate correspond to a private key? Using the key id seems > > somewhat fragile, but it is what I'll use unless I learn of a better > > way. > > GnuPG uses a thing called keygrip > > unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) We only export the fingerprint in the PKCS #11 token data (via CKA_ID). I don't think there is a good space to export the grip as well. Shouldn't the fingerprint be good enough? Thanks, Marcus From simon at josefsson.org Mon May 14 14:21:59 2007 From: simon at josefsson.org (Simon Josefsson) Date: Mon, 14 May 2007 14:21:59 +0200 Subject: Scute: feature request: Support CKA_TRUSTED attribute on X.509 certs In-Reply-To: <87veev620p.wl%marcus.brinkmann@ruhr-uni-bochum.de> (Marcus Brinkmann's message of "Mon\, 14 May 2007 14\:08\:38 +0200") References: <87r6qc63a7.fsf@mocca.josefsson.org> <87wt04f673.fsf@wheatstone.g10code.de> <87ps5v1lir.fsf@mocca.josefsson.org> <87hcr6azie.fsf@wheatstone.g10code.de> <87veev620p.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <877irbfvdk.fsf@mocca.josefsson.org> Marcus Brinkmann writes: > Hi, > > sorry this didn't get sent out earlier, it was stuck in my drafts box. > > At Tue, 24 Apr 2007 11:32:41 +0200, > 'Werner Koch' wrote: >> >> On Mon, 23 Apr 2007 11:35, simon at josefsson.org said: >> >> > Thanks. Btw, do you know what the best way to find out which >> > certificate correspond to a private key? Using the key id seems >> > somewhat fragile, but it is what I'll use unless I learn of a better >> > way. >> >> GnuPG uses a thing called keygrip >> >> unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) > > We only export the fingerprint in the PKCS #11 token data (via > CKA_ID). I don't think there is a good space to export the grip as > well. Shouldn't the fingerprint be good enough? Yes it has worked fine. My logic is to search for the CKA_ID's of certificates and keys, and if they match, I assume the certificate is the user certificate. I don't really care about whether the data is a fingerprint or keygrip, just that it is persistant and memcmp properly. /Simon From cam at mathematica.scientia.net Tue May 15 20:35:16 2007 From: cam at mathematica.scientia.net (Christoph Anton Mitterer) Date: Tue, 15 May 2007 20:35:16 +0200 Subject: gpgme: documentation error Message-ID: <4649FD64.4010204@mathematica.scientia.net> Hi. The info page of gpgme describes the function gpgme_strerror_r as follows: -- Funktion: char * gpgme_strerror_r (gpgme_error_t ERR) The function `gpgme_strerror_r' returns a pointer to a dynamically allocated string containing a description of the error code contained in the error value ERR. This string can be used to output a diagnostic message to the user. When it is not needed anymore, the user must deallocate it with `free'. But this is different from what's actually in gpgme.h. Which one of the two is correct? Chris. From gnupg-devel at mlists.thewrittenword.com Wed May 16 09:45:48 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Wed, 16 May 2007 02:45:48 -0500 Subject: gpgme make check pinentry dialogs Message-ID: <20070516074548.GA6721@acer.localdomain> Hi, We have gnupg-2.0.4, and are building gpgme-1.1.4 with --with-gpg=/path/to/gpg2, during make check (in the tests/gpg subdir) a lot of pinentry dialogs ask for passphrases. If I type 'abc' a lot then the tests will pass, but it does not seem normal to have to do so. Is the presentation of these dialogs expected behavior? Thanks, Peter From wk at gnupg.org Wed May 16 14:18:38 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 16 May 2007 14:18:38 +0200 Subject: gpgme make check pinentry dialogs Message-ID: <87lkfpufkx.fsf@wheatstone.g10code.de> An embedded message was scrubbed... From: Werner Koch Subject: Re: gpgme make check pinentry dialogs Date: Wed, 16 May 2007 14:17:50 +0200 Size: 1375 Url: /pipermail/attachments/20070516/a18c800e/attachment.mht From gnupg-devel at mlists.thewrittenword.com Wed May 16 17:21:21 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Wed, 16 May 2007 10:21:21 -0500 Subject: gpgme make check pinentry dialogs In-Reply-To: <87lkfpufkx.fsf@wheatstone.g10code.de> References: <87lkfpufkx.fsf@wheatstone.g10code.de> Message-ID: <20070516152121.GA2195@acer.localdomain> On Wed, May 16, 2007 at 02:18:38PM +0200, Werner Koch wrote: > On Wed, 16 May 2007 09:45, gnupg-devel at mlists.thewrittenword.com said: > > > We have gnupg-2.0.4, and are building gpgme-1.1.4 with > > --with-gpg=/path/to/gpg2, during make check (in the tests/gpg subdir) > > a lot of pinentry dialogs ask for passphrases. If I type 'abc' > > a lot then the tests will pass, but it does not seem normal to have to > > do so. > > > > Is the presentation of these dialogs expected behavior? > > With the corrent code: yes. We need to enhance the tests to overcomethe > problem. This can either be done using gpg-preset-passphrase, by > writing a loopback pinentry or having keys without a passphrase. Okay, good to know. Until thiese changes are made, a README in the tests subdir mentioning that pinentry dialogs might be shown to the user (and that the passphrase is 'abc') is, I think, a good idea. Thanks for the prompt reply, Peter From ametzler at downhill.at.eu.org Thu May 17 10:08:40 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Thu, 17 May 2007 10:08:40 +0200 Subject: Libgcrypt svn trunk build failure on HPPA Message-ID: <85fth4-51o.ln1@argenau.downhill.at.eu.org> Hello, libgcrypt SVN HEAD (Revision 1251) fails to build from source on hppa, the source of trouble seems to be the asm/mpi build-system: |config.status: linking ./mpi/pa7100/mpih-lshift.S to mpi/mpih-lshift-asm.S |config.status: linking ./mpi/pa7100/mpih-rshift.S to mpi/mpih-rshift-asm.S |config.status: linking ./mpi/hppa1.1/udiv-qrnnd.S to mpi/udiv-qrnnd-asm.S |config.status: linking ./mpi/generic/mpi-asm-defs.h to mpi/mpi-asm-defs.h |config.status: executing depfiles commands ... [However udiv-qrnnd.lo is not generated and not linked into libmpi.la and therefore..] |make[3]: Entering directory `/build/buildd/libgcrypt11-1.3.0/tests' |cc -DHAVE_CONFIG_H -I. -I.. -I../src -I../src -g -Wall -O2 -Wall -c version.c |/bin/bash ../libtool --tag=CC --mode=link cc -g -Wall -O2 -Wall -o version version.o ../src/libgcrypt.la |mkdir .libs |cc -g -Wall -O2 -Wall -o .libs/version version.o ../src/.libs/libgcrypt.so |../src/.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd' |collect2: ld returned 1 exit status |make[3]: *** [version] Error 1 ametzler at paer:~/GCR/libgcrypt11-1.3.0.buildtree/src/.libs$ ldd -r libgcrypt.so.11.4.0 libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0x40138000) libc.so.6 => /lib/libc.so.6 (0x403ce000) /lib/ld.so.1 (0x41215000) undefined symbol: __udiv_qrnnd (./libgcrypt.so.11.4.0) FWIW 1.3.0 vanilla seems to build fine. If there is more information needed (complete buildlog, config.status et, ...) I will happily provide it. thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From marcus.brinkmann at ruhr-uni-bochum.de Fri May 18 23:29:44 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 18 May 2007 23:29:44 +0200 Subject: Libgcrypt svn trunk build failure on HPPA In-Reply-To: <85fth4-51o.ln1@argenau.downhill.at.eu.org> References: <85fth4-51o.ln1@argenau.downhill.at.eu.org> Message-ID: <87abw14y7r.wl%marcus.brinkmann@ruhr-uni-bochum.de> Hi Andreas, At Thu, 17 May 2007 10:08:40 +0200, Andreas Metzler wrote: > > Hello, > > libgcrypt SVN HEAD (Revision 1251) fails to build from source on hppa, > the source of trouble seems to be the asm/mpi build-system: I redid the Automake magic because the old way caused assembler files to be compiled without PIC. > |config.status: linking ./mpi/pa7100/mpih-lshift.S to mpi/mpih-lshift-asm.S > |config.status: linking ./mpi/pa7100/mpih-rshift.S to mpi/mpih-rshift-asm.S > |config.status: linking ./mpi/hppa1.1/udiv-qrnnd.S to mpi/udiv-qrnnd-asm.S > |config.status: linking ./mpi/generic/mpi-asm-defs.h to mpi/mpi-asm-defs.h > |config.status: executing depfiles commands > ... > [However udiv-qrnnd.lo is not generated and not linked into libmpi.la and therefore..] You mean udiv-qrnnd-asm.lo. The name changed necessarily. > FWIW 1.3.0 vanilla seems to build fine. If there is more information > needed (complete buildlog, config.status et, ...) I will happily > provide it. Can you please send me the files config.log and mpi/Makefile ? This might be enough (but to be honest, I don't yet know what I am looking for). Thanks, Marcus From marcus.brinkmann at ruhr-uni-bochum.de Fri May 18 23:41:51 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 18 May 2007 23:41:51 +0200 Subject: gpgme: documentation error In-Reply-To: <4649FD64.4010204@mathematica.scientia.net> References: <4649FD64.4010204@mathematica.scientia.net> Message-ID: <878xbl4xnk.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Tue, 15 May 2007 20:35:16 +0200, Christoph Anton Mitterer wrote: > > Hi. > > The info page of gpgme describes the function gpgme_strerror_r as follows: > -- Funktion: char * gpgme_strerror_r (gpgme_error_t ERR) [...] > But this is different from what's actually in gpgme.h. > Which one of the two is correct? The header file. I updated the manual, thanks a lot. Marcus From ametzler at downhill.at.eu.org Sat May 19 09:48:28 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sat, 19 May 2007 09:48:28 +0200 Subject: Libgcrypt svn trunk build failure on HPPA In-Reply-To: <87abw14y7r.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <85fth4-51o.ln1@argenau.downhill.at.eu.org> <87abw14y7r.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <20070519074828.GA3779@downhill.g.la> On 2007-05-18 Marcus Brinkmann wrote: > At Thu, 17 May 2007 10:08:40 +0200, > Andreas Metzler wrote: ...] >> FWIW 1.3.0 vanilla seems to build fine. If there is more information >> needed (complete buildlog, config.status et, ...) I will happily >> provide it. > Can you please send me the files config.log and mpi/Makefile ? This > might be enough (but to be honest, I don't yet know what I am looking > for). Hello, I have uploaded the whole thing as browseable tree to the web. http://www.bebt.de/debian/libgcrypt/libgcrypt11-1.3.0/config.log http://www.bebt.de/debian/libgcrypt/libgcrypt11-1.3.0/mpi/Makefile Additionally the whole build-tree (libgcrypt11-1.3.0/*) is in http://www.bebt.de/debian/libgcrypt/buildtree.tar.gz the complete ditrectory structure with additionally buildlog and libgcrypt11_1.3.0.orig.tar.gz and libgcrypt11_1.3.0-1.diff.gz libgcrypt11_1.3.0-1.dsc is in http://www.bebt.de/debian/libgcrypt/everything.tgz I am starting with vanilla source, then apply svn diff -r1249:1251 (stored in debian/patches/13_fixPIC.diff) and then apply the patch containing the changes from re-running auto-* (debian/patches/14_re_autofoo.diff). thanks, cu andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' From marcus.brinkmann at ruhr-uni-bochum.de Sat May 19 22:44:04 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sat, 19 May 2007 22:44:04 +0200 Subject: Libgcrypt svn trunk build failure on HPPA In-Reply-To: <20070519074828.GA3779@downhill.g.la> References: <85fth4-51o.ln1@argenau.downhill.at.eu.org> <87abw14y7r.wl%marcus.brinkmann@ruhr-uni-bochum.de> <20070519074828.GA3779@downhill.g.la> Message-ID: <87y7jk8rxn.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Sat, 19 May 2007 09:48:28 +0200, Andreas Metzler wrote: > > On 2007-05-18 Marcus Brinkmann wrote: > > At Thu, 17 May 2007 10:08:40 +0200, > > Andreas Metzler wrote: > ...] > >> FWIW 1.3.0 vanilla seems to build fine. If there is more information > >> needed (complete buildlog, config.status et, ...) I will happily > >> provide it. > > > Can you please send me the files config.log and mpi/Makefile ? This > > might be enough (but to be honest, I don't yet know what I am looking > > for). > > Hello, > I have uploaded the whole thing as browseable tree to the web. > http://www.bebt.de/debian/libgcrypt/libgcrypt11-1.3.0/config.log > http://www.bebt.de/debian/libgcrypt/libgcrypt11-1.3.0/mpi/Makefile Thanks. config.log confirmed that the automake conditionals were not set correctly, and I noticed then that I had the wrong function names in the configure.ac test (the udiv functions were prefixed by mpih, but actually they shouldn't be). I put in a fix, which I hope will fix this for you. Please let me know if there are any further problems. 2007-05-19 Marcus Brinkmann * configure.ac: Fix test for optional UDIV and UDIV_QRNND MPI modules. Thanks, Marcus From ametzler at downhill.at.eu.org Sun May 20 09:25:25 2007 From: ametzler at downhill.at.eu.org (Andreas Metzler) Date: Sun, 20 May 2007 09:25:25 +0200 Subject: Libgcrypt svn trunk build failure on HPPA In-Reply-To: <87y7jk8rxn.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <85fth4-51o.ln1@argenau.downhill.at.eu.org> <87abw14y7r.wl%marcus.brinkmann@ruhr-uni-bochum.de> <20070519074828.GA3779@downhill.g.la> <87y7jk8rxn.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <20070520072525.GA3774@downhill.g.la> On 2007-05-19 Marcus Brinkmann wrote: [build failure on hppa] > Thanks. config.log confirmed that the automake conditionals were not > set correctly, and I noticed then that I had the wrong function names > in the configure.ac test (the udiv functions were prefixed by mpih, > but actually they shouldn't be). I put in a fix, which I hope will > fix this for you. Please let me know if there are any further problems. > 2007-05-19 Marcus Brinkmann > * configure.ac: Fix test for optional UDIV and UDIV_QRNND MPI > modules. Hello, thanks for the quick fix. I have just run a successfull testbuild on hppa. cu andreas From gnupg-devel at mlists.thewrittenword.com Fri May 25 17:24:15 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Fri, 25 May 2007 10:24:15 -0500 Subject: pinentry patches Message-ID: <20070525152415.GB5895@acer.localdomain> [sent before, but message was too long, resending with shorter patch] Hi, We built pinentry-0.7.2, it required getopt (which required gettext and iconv), so we added gnulib getopt. The IRIX compiler, for some reason, did not like this: { "version", no_argument, &opt_version, 1 } so, we changed it. Most compilers don't understand '\e', so replaced with its hex equivalent. Now for the big problem though. In the normal situation when running pinentry it does not have a terminal, so it does fopen(tty_name,"r") etc to get a terminal to ask for the passphrase on. On hpux and tru64 ncurses is unable to properly initialize this device, it remains in line buffered mode and echoes the passphrase as it is typed, changing it to *** after the user presses return. It also does not change the keymappings, so I had to case '\r': case '\n': so the user could get out of the dialog. We "fixed" the echo to the screen issue using tcsetattr, but I hope that there is some more knowledgeable person here who knows a proper fix. With this "fix" the device stays in line buffered mode, but does not echo the chars as they are typed. It does still change them to '***' after the user presses . Anyway, patches, bad as they are, attached. Peter [patch does not include added files getopt.m4, pinentry/getopt.c, pinentry/getopt1.c, pinentry/getopt_.h, pinentry/getopt_int.h, pinentry/gettext.h which can be found in gnulib] -------------- next part -------------- Index: configure.ac =================================================================== --- configure.ac.orig 2005-01-27 08:04:19.000000000 +0000 +++ configure.ac 2007-05-14 21:06:06.665999000 +0000 @@ -108,14 +98,10 @@ AC_CHECK_FUNCS(seteuid stpcpy mmap) GNUPG_CHECK_MLOCK -dnl Checks for libassuan. -dnl -> None required becuase we use a stripped down version of libassuan. - - dnl Checks for libsecmem. GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) - +gl_GETOPT AC_PATH_PROG(SETCAP, setcap, :, "$PATH:/sbin:/usr/sbin") AC_CHECK_LIB(cap, cap_set_proc, [ AC_DEFINE(USE_CAPABILITIES,1,[The capabilities support library is installed]) @@ -274,6 +260,9 @@ AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") +AM_GNU_GETTEXT_VERSION([0.15.0]) +AM_GNU_GETTEXT([external]) +AM_ICONV dnl dnl Check for Qt pinentry program. dnl Index: secmem/util.c =================================================================== --- secmem/util.c.orig 2004-12-22 11:38:10.000000000 +0000 +++ secmem/util.c 2007-05-14 19:47:07.015863000 +0000 @@ -32,15 +32,6 @@ #include "util.h" -#ifndef TEMP_FAILURE_RETRY -#define TEMP_FAILURE_RETRY(expression) \ - (__extension__ \ - ({ long int __result; \ - do __result = (long int) (expression); \ - while (__result == -1L && errno == EINTR); \ - __result; })) -#endif - #ifndef HAVE_DOSISH_SYSTEM static int uid_set = 0; static uid_t real_uid, file_uid; @@ -54,8 +45,13 @@ ssize_t written = 0; for (ptr = (char *)data, todo = bytes; todo; ptr += written, todo -= written) - if ((written = TEMP_FAILURE_RETRY(write(fd, ptr, todo))) < 0) - break; + { + long int __result; + do { + __result = write(fd, ptr, todo); } + while (__result == -1L && errno == EINTR); + if ((written = __result) < 0) + break; } return written; } Index: pinentry/Makefile.am =================================================================== --- pinentry/Makefile.am.orig 2003-12-23 08:41:40.000000000 +0000 +++ pinentry/Makefile.am 2007-05-14 20:03:43.702584000 +0000 @@ -31,5 +31,18 @@ AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem -libpinentry_a_SOURCES = pinentry.h pinentry.c +libpinentry_a_SOURCES = pinentry.h pinentry.c +libpinentry_a_LIBADD = $(LIBOBJS) + libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c + +BUILT_SOURCES = $(GETOPT_H) + +# We need the following in order to create when the system +# doesn't have one that works with the given compiler. +getopt.h: getopt_.h + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + cat $(srcdir)/getopt_.h; \ + } > $@-t + mv -f $@-t $@ +MOSTLYCLEANFILES = getopt.h getopt.h-t Index: pinentry/pinentry.c =================================================================== --- pinentry/pinentry.c.orig 2004-12-22 11:37:50.000000000 +0000 +++ pinentry/pinentry.c 2007-05-14 21:26:31.039167000 +0000 @@ -281,7 +281,7 @@ " --parent-wid Parent window ID (for positioning)\n" " -d, --debug Turn on debugging output\n" " -h, --help Display this help and exit\n" -" --version Output version information and exit\n", this_pgmname); +" -V, --version Output version information and exit\n", this_pgmname); } @@ -305,7 +305,7 @@ { "no-global-grab", no_argument, 0, 'g' }, { "parent-wid", required_argument, 0, 'W' }, { "help", no_argument, 0, 'h' }, - { "version", no_argument, &opt_version, 1 }, + { "version", no_argument, 0, 'V' }, { NULL, 0, NULL, 0 }}; while ((opt = getopt_long (argc, argv, "degh", opts, NULL)) != -1) @@ -327,7 +327,9 @@ case 'h': opt_help = 1; break; - + case 'V': + opt_version =1; + break; case 'D': /* Note, this is currently not used because the GUI engine has already been initialized when parsing these options. */ Index: pinentry/pinentry-curses.c =================================================================== --- pinentry/pinentry-curses.c.orig 2007-05-21 20:43:17.466427000 +0000 +++ pinentry/pinentry-curses.c 2007-05-22 01:49:57.845437000 +0000 @@ -34,6 +34,9 @@ #include #include +#if defined(__hpux) || defined (__osf__) +#include +#endif #include #include "pinentry.h" @@ -561,6 +564,18 @@ errno = err; return -1; } +#if defined(__hpux) || defined (__osf__) +{ +/* HP-UX and Tru64 echo the passphrase on input */ +/* lets set noecho. I don't know why ncurses is unable to properly + * initialize the terminal device. */ + struct termios tios; + tcgetattr(fileno(ttyfi),&tios); + tios.c_lflag = (ICANON|ISIG); + tios.c_iflag = (INLCR|ICRNL|BRKINT); + tcsetattr(fileno(ttyfi),0,&tios); +} +#endif screen = newterm (tty_type, ttyfo, ttyfi); set_term (screen); } @@ -653,11 +666,12 @@ } break; - case '\e': + case 0x1b: done = -2; break; case '\r': + case '\n': switch (diag.pos) { case DIALOG_POS_PIN: From german at piraos.com Tue May 15 14:26:07 2007 From: german at piraos.com (German Gomez Garcia) Date: Tue, 15 May 2007 12:26:07 -0000 Subject: Pam Poldi development status Message-ID: <20070515112304.GA4053@piraos.com> Hello, I would like to know what is the current status of development for pam_poldi, latest version is from December 2005, I would like to know if there is an ongoing effort to make it use scdaemon when available so it can coexist with gpg-agent for sudoing, xscreensaver, etc. Regards, - german PS: Please CC to me as I am not subscribed to the list. From calestyo at scientia.net Tue May 15 20:25:22 2007 From: calestyo at scientia.net (Christoph Anton Mitterer) Date: Tue, 15 May 2007 18:25:22 -0000 Subject: gpgme: documentation error Message-ID: <4649E0C4.9020906@scientia.net> Hi. The info page of gpgme describes the function gpgme_strerror_r as follows: -- Funktion: char * gpgme_strerror_r (gpgme_error_t ERR) The function `gpgme_strerror_r' returns a pointer to a dynamically allocated string containing a description of the error code contained in the error value ERR. This string can be used to output a diagnostic message to the user. When it is not needed anymore, the user must deallocate it with `free'. But this is different from what's actually in gpgme.h. Which one of the two is correct? Chris. -------------- next part -------------- A non-text attachment was scrubbed... Name: calestyo.vcf Type: text/x-vcard Size: 155 bytes Desc: not available Url : /pipermail/attachments/20070515/48c38f39/attachment-0001.vcf From gnupg-devel at mlists.thewrittenword.com Tue May 22 17:37:23 2007 From: gnupg-devel at mlists.thewrittenword.com (Peter O'Gorman) Date: Tue, 22 May 2007 10:37:23 -0500 Subject: pinentry patches Message-ID: <20070522153723.GB3911@acer.localdomain> Hi, We built pinentry-0.7.2, it required getopt (which required gettext and iconv), so we added gnulib getopt. In the normal situation when running pinentry it does not have a terminal, so it does fopen(tty_name,"r") etc to get a terminal to ask for the passphrase on. On hpux and tru64 ncurses is unable to properly initialize this device, it remains in line buffered mode and echoes the passphrase as it is typed, changing it to *** after the user presses return. It also does not change the keymappings, so I had to case '\r': case '\n': so the user could get out of the dialog. We "fixed" the echo to the screen issue using tcsetattr, but I hope that there is some more knowledgeable person here who knows a proper fix. Anyway, patches, bad as they are, attached. Peter -------------- next part -------------- Index: configure.ac =================================================================== --- configure.ac.orig 2005-01-27 08:04:19.000000000 +0000 +++ configure.ac 2007-05-14 21:06:06.665999000 +0000 @@ -108,14 +98,10 @@ AC_CHECK_FUNCS(seteuid stpcpy mmap) GNUPG_CHECK_MLOCK -dnl Checks for libassuan. -dnl -> None required becuase we use a stripped down version of libassuan. - - dnl Checks for libsecmem. GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF) GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF) - +gl_GETOPT AC_PATH_PROG(SETCAP, setcap, :, "$PATH:/sbin:/usr/sbin") AC_CHECK_LIB(cap, cap_set_proc, [ AC_DEFINE(USE_CAPABILITIES,1,[The capabilities support library is installed]) @@ -274,6 +260,9 @@ AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") +AM_GNU_GETTEXT_VERSION([0.15.0]) +AM_GNU_GETTEXT([external]) +AM_ICONV dnl dnl Check for Qt pinentry program. dnl Index: secmem/util.c =================================================================== --- secmem/util.c.orig 2004-12-22 11:38:10.000000000 +0000 +++ secmem/util.c 2007-05-14 19:47:07.015863000 +0000 @@ -32,15 +32,6 @@ #include "util.h" -#ifndef TEMP_FAILURE_RETRY -#define TEMP_FAILURE_RETRY(expression) \ - (__extension__ \ - ({ long int __result; \ - do __result = (long int) (expression); \ - while (__result == -1L && errno == EINTR); \ - __result; })) -#endif - #ifndef HAVE_DOSISH_SYSTEM static int uid_set = 0; static uid_t real_uid, file_uid; @@ -54,8 +45,13 @@ ssize_t written = 0; for (ptr = (char *)data, todo = bytes; todo; ptr += written, todo -= written) - if ((written = TEMP_FAILURE_RETRY(write(fd, ptr, todo))) < 0) - break; + { + long int __result; + do { + __result = write(fd, ptr, todo); } + while (__result == -1L && errno == EINTR); + if ((written = __result) < 0) + break; } return written; } Index: getopt.m4 =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ getopt.m4 2007-05-14 19:51:03.579064000 +0000 @@ -0,0 +1,83 @@ +# getopt.m4 serial 13 +dnl Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +# The getopt module assume you want GNU getopt, with getopt_long etc, +# rather than vanilla POSIX getopt. This means your code should +# always include for the getopt prototypes. + +AC_DEFUN([gl_GETOPT_SUBSTITUTE], +[ + AC_LIBOBJ([getopt]) + AC_LIBOBJ([getopt1]) + gl_GETOPT_SUBSTITUTE_HEADER + gl_PREREQ_GETOPT +]) + +AC_DEFUN([gl_GETOPT_SUBSTITUTE_HEADER], +[ + GETOPT_H=getopt.h + AC_DEFINE([__GETOPT_PREFIX], [[rpl_]], + [Define to rpl_ if the getopt replacement functions and variables + should be used.]) + AC_SUBST([GETOPT_H]) +]) + +AC_DEFUN([gl_GETOPT_CHECK_HEADERS], +[ + if test -z "$GETOPT_H"; then + AC_CHECK_HEADERS([getopt.h], [], [GETOPT_H=getopt.h]) + fi + + if test -z "$GETOPT_H"; then + AC_CHECK_FUNCS([getopt_long_only], [], [GETOPT_H=getopt.h]) + fi + + dnl BSD getopt_long uses an incompatible method to reset option processing, + dnl and (as of 2004-10-15) mishandles optional option-arguments. + if test -z "$GETOPT_H"; then + AC_CHECK_DECL([optreset], [GETOPT_H=getopt.h], [], [#include ]) + fi + + dnl Solaris 10 getopt doesn't handle `+' as a leading character in an + dnl option string (as of 2005-05-05). + if test -z "$GETOPT_H"; then + AC_CACHE_CHECK([for working GNU getopt function], [gl_cv_func_gnu_getopt], + [AC_RUN_IFELSE( + [AC_LANG_PROGRAM([#include ], + [[ + char *myargv[3]; + myargv[0] = "conftest"; + myargv[1] = "-+"; + myargv[2] = 0; + return getopt (2, myargv, "+a") != '?'; + ]])], + [gl_cv_func_gnu_getopt=yes], + [gl_cv_func_gnu_getopt=no], + [dnl cross compiling - pessimistically guess based on decls + dnl Solaris 10 getopt doesn't handle `+' as a leading character in an + dnl option string (as of 2005-05-05). + AC_CHECK_DECL([getopt_clip], + [gl_cv_func_gnu_getopt=no], [gl_cv_func_gnu_getopt=yes], + [#include ])])]) + if test "$gl_cv_func_gnu_getopt" = "no"; then + GETOPT_H=getopt.h + fi + fi +]) + +AC_DEFUN([gl_GETOPT_IFELSE], +[ + AC_REQUIRE([gl_GETOPT_CHECK_HEADERS]) + AS_IF([test -n "$GETOPT_H"], [$1], [$2]) +]) + +AC_DEFUN([gl_GETOPT], [gl_GETOPT_IFELSE([gl_GETOPT_SUBSTITUTE])]) + +# Prerequisites of lib/getopt*. +AC_DEFUN([gl_PREREQ_GETOPT], +[ + AC_CHECK_DECLS_ONCE([getenv]) +]) Index: pinentry/getopt.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ pinentry/getopt.c 2007-05-14 19:54:31.732285000 +0000 @@ -0,0 +1,1191 @@ +/* Getopt for GNU. + NOTE: getopt is now part of the C library, so if you don't know what + "Keep this file name-space clean" means, talk to drepper at gnu.org + before changing it! + Copyright (C) 1987,88,89,90,91,92,93,94,95,96,98,99,2000,2001,2002,2003,2004,2006 + Free Software Foundation, Inc. + This file is part of the GNU C Library. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +#ifndef _LIBC +# include +#endif + +#include "getopt.h" + +#include +#include +#include +#include + +#ifdef __VMS +# include +#endif + +#ifdef _LIBC +# include +#else +# include "gettext.h" +# define _(msgid) gettext (msgid) +#endif + +#if defined _LIBC && defined USE_IN_LIBIO +# include +#endif + +#ifndef attribute_hidden +# define attribute_hidden +#endif + +/* Unlike standard Unix `getopt', functions like `getopt_long' + let the user intersperse the options with the other arguments. + + As `getopt_long' works, it permutes the elements of ARGV so that, + when it is done, all the options precede everything else. Thus + all application programs are extended to handle flexible argument order. + + Using `getopt' or setting the environment variable POSIXLY_CORRECT + disables permutation. + Then the application's behavior is completely standard. + + GNU application programs can use a third alternative mode in which + they can distinguish the relative order of options and other arguments. */ + +#include "getopt_int.h" + +/* For communication from `getopt' to the caller. + When `getopt' finds an option that takes an argument, + the argument value is returned here. + Also, when `ordering' is RETURN_IN_ORDER, + each non-option ARGV-element is returned here. */ + +char *optarg; + +/* Index in ARGV of the next element to be scanned. + This is used for communication to and from the caller + and for communication between successive calls to `getopt'. + + On entry to `getopt', zero means this is the first call; initialize. + + When `getopt' returns -1, this is the index of the first of the + non-option elements that the caller should itself scan. + + Otherwise, `optind' communicates from one call to the next + how much of ARGV has been scanned so far. */ + +/* 1003.2 says this must be 1 before any call. */ +int optind = 1; + +/* Callers store zero here to inhibit the error message + for unrecognized options. */ + +int opterr = 1; + +/* Set to an option character which was unrecognized. + This must be initialized on some systems to avoid linking in the + system's own getopt implementation. */ + +int optopt = '?'; + +/* Keep a global copy of all internal members of getopt_data. */ + +static struct _getopt_data getopt_data; + + +#if defined HAVE_DECL_GETENV && !HAVE_DECL_GETENV +extern char *getenv (); +#endif + +#ifdef _LIBC +/* Stored original parameters. + XXX This is no good solution. We should rather copy the args so + that we can compare them later. But we must not use malloc(3). */ +extern int __libc_argc; +extern char **__libc_argv; + +/* Bash 2.0 gives us an environment variable containing flags + indicating ARGV elements that should not be considered arguments. */ + +# ifdef USE_NONOPTION_FLAGS +/* Defined in getopt_init.c */ +extern char *__getopt_nonoption_flags; +# endif + +# ifdef USE_NONOPTION_FLAGS +# define SWAP_FLAGS(ch1, ch2) \ + if (d->__nonoption_flags_len > 0) \ + { \ + char __tmp = __getopt_nonoption_flags[ch1]; \ + __getopt_nonoption_flags[ch1] = __getopt_nonoption_flags[ch2]; \ + __getopt_nonoption_flags[ch2] = __tmp; \ + } +# else +# define SWAP_FLAGS(ch1, ch2) +# endif +#else /* !_LIBC */ +# define SWAP_FLAGS(ch1, ch2) +#endif /* _LIBC */ + +/* Exchange two adjacent subsequences of ARGV. + One subsequence is elements [first_nonopt,last_nonopt) + which contains all the non-options that have been skipped so far. + The other is elements [last_nonopt,optind), which contains all + the options processed since those non-options were skipped. + + `first_nonopt' and `last_nonopt' are relocated so that they describe + the new indices of the non-options in ARGV after they are moved. */ + +static void +exchange (char **argv, struct _getopt_data *d) +{ + int bottom = d->__first_nonopt; + int middle = d->__last_nonopt; + int top = d->optind; + char *tem; + + /* Exchange the shorter segment with the far end of the longer segment. + That puts the shorter segment into the right place. + It leaves the longer segment in the right place overall, + but it consists of two parts that need to be swapped next. */ + +#if defined _LIBC && defined USE_NONOPTION_FLAGS + /* First make sure the handling of the `__getopt_nonoption_flags' + string can work normally. Our top argument must be in the range + of the string. */ + if (d->__nonoption_flags_len > 0 && top >= d->__nonoption_flags_max_len) + { + /* We must extend the array. The user plays games with us and + presents new arguments. */ + char *new_str = malloc (top + 1); + if (new_str == NULL) + d->__nonoption_flags_len = d->__nonoption_flags_max_len = 0; + else + { + memset (__mempcpy (new_str, __getopt_nonoption_flags, + d->__nonoption_flags_max_len), + '\0', top + 1 - d->__nonoption_flags_max_len); + d->__nonoption_flags_max_len = top + 1; + __getopt_nonoption_flags = new_str; + } + } +#endif + + while (top > middle && middle > bottom) + { + if (top - middle > middle - bottom) + { + /* Bottom segment is the short one. */ + int len = middle - bottom; + register int i; + + /* Swap it with the top part of the top segment. */ + for (i = 0; i < len; i++) + { + tem = argv[bottom + i]; + argv[bottom + i] = argv[top - (middle - bottom) + i]; + argv[top - (middle - bottom) + i] = tem; + SWAP_FLAGS (bottom + i, top - (middle - bottom) + i); + } + /* Exclude the moved bottom segment from further swapping. */ + top -= len; + } + else + { + /* Top segment is the short one. */ + int len = top - middle; + register int i; + + /* Swap it with the bottom part of the bottom segment. */ + for (i = 0; i < len; i++) + { + tem = argv[bottom + i]; + argv[bottom + i] = argv[middle + i]; + argv[middle + i] = tem; + SWAP_FLAGS (bottom + i, middle + i); + } + /* Exclude the moved top segment from further swapping. */ + bottom += len; + } + } + + /* Update records for the slots the non-options now occupy. */ + + d->__first_nonopt += (d->optind - d->__last_nonopt); + d->__last_nonopt = d->optind; +} + +/* Initialize the internal data when the first call is made. */ + +static const char * +_getopt_initialize (int argc, char **argv, const char *optstring, + int posixly_correct, struct _getopt_data *d) +{ + /* Start processing options with ARGV-element 1 (since ARGV-element 0 + is the program name); the sequence of previously skipped + non-option ARGV-elements is empty. */ + + d->__first_nonopt = d->__last_nonopt = d->optind; + + d->__nextchar = NULL; + + d->__posixly_correct = posixly_correct || !!getenv ("POSIXLY_CORRECT"); + + /* Determine how to handle the ordering of options and nonoptions. */ + + if (optstring[0] == '-') + { + d->__ordering = RETURN_IN_ORDER; + ++optstring; + } + else if (optstring[0] == '+') + { + d->__ordering = REQUIRE_ORDER; + ++optstring; + } + else if (d->__posixly_correct) + d->__ordering = REQUIRE_ORDER; + else + d->__ordering = PERMUTE; + +#if defined _LIBC && defined USE_NONOPTION_FLAGS + if (!d->__posixly_correct + && argc == __libc_argc && argv == __libc_argv) + { + if (d->__nonoption_flags_max_len == 0) + { + if (__getopt_nonoption_flags == NULL + || __getopt_nonoption_flags[0] == '\0') + d->__nonoption_flags_max_len = -1; + else + { + const char *orig_str = __getopt_nonoption_flags; + int len = d->__nonoption_flags_max_len = strlen (orig_str); + if (d->__nonoption_flags_max_len < argc) + d->__nonoption_flags_max_len = argc; + __getopt_nonoption_flags = + (char *) malloc (d->__nonoption_flags_max_len); + if (__getopt_nonoption_flags == NULL) + d->__nonoption_flags_max_len = -1; + else + memset (__mempcpy (__getopt_nonoption_flags, orig_str, len), + '\0', d->__nonoption_flags_max_len - len); + } + } + d->__nonoption_flags_len = d->__nonoption_flags_max_len; + } + else + d->__nonoption_flags_len = 0; +#endif + + return optstring; +} + +/* Scan elements of ARGV (whose length is ARGC) for option characters + given in OPTSTRING. + + If an element of ARGV starts with '-', and is not exactly "-" or "--", + then it is an option element. The characters of this element + (aside from the initial '-') are option characters. If `getopt' + is called repeatedly, it returns successively each of the option characters + from each of the option elements. + + If `getopt' finds another option character, it returns that character, + updating `optind' and `nextchar' so that the next call to `getopt' can + resume the scan with the following option character or ARGV-element. + + If there are no more option characters, `getopt' returns -1. + Then `optind' is the index in ARGV of the first ARGV-element + that is not an option. (The ARGV-elements have been permuted + so that those that are not options now come last.) + + OPTSTRING is a string containing the legitimate option characters. + If an option character is seen that is not listed in OPTSTRING, + return '?' after printing an error message. If you set `opterr' to + zero, the error message is suppressed but we still return '?'. + + If a char in OPTSTRING is followed by a colon, that means it wants an arg, + so the following text in the same ARGV-element, or the text of the following + ARGV-element, is returned in `optarg'. Two colons mean an option that + wants an optional arg; if there is text in the current ARGV-element, + it is returned in `optarg', otherwise `optarg' is set to zero. + + If OPTSTRING starts with `-' or `+', it requests different methods of + handling the non-option ARGV-elements. + See the comments about RETURN_IN_ORDER and REQUIRE_ORDER, above. + + Long-named options begin with `--' instead of `-'. + Their names may be abbreviated as long as the abbreviation is unique + or is an exact match for some defined option. If they have an + argument, it follows the option name in the same ARGV-element, separated + from the option name by a `=', or else the in next ARGV-element. + When `getopt' finds a long-named option, it returns 0 if that option's + `flag' field is nonzero, the value of the option's `val' field + if the `flag' field is zero. + + LONGOPTS is a vector of `struct option' terminated by an + element containing a name which is zero. + + LONGIND returns the index in LONGOPT of the long-named option found. + It is only valid when a long-named option has been found by the most + recent call. + + If LONG_ONLY is nonzero, '-' as well as '--' can introduce + long-named options. + + If POSIXLY_CORRECT is nonzero, behave as if the POSIXLY_CORRECT + environment variable were set. */ + +int +_getopt_internal_r (int argc, char **argv, const char *optstring, + const struct option *longopts, int *longind, + int long_only, int posixly_correct, struct _getopt_data *d) +{ + int print_errors = d->opterr; + if (optstring[0] == ':') + print_errors = 0; + + if (argc < 1) + return -1; + + d->optarg = NULL; + + if (d->optind == 0 || !d->__initialized) + { + if (d->optind == 0) + d->optind = 1; /* Don't scan ARGV[0], the program name. */ + optstring = _getopt_initialize (argc, argv, optstring, + posixly_correct, d); + d->__initialized = 1; + } + + /* Test whether ARGV[optind] points to a non-option argument. + Either it does not have option syntax, or there is an environment flag + from the shell indicating it is not an option. The later information + is only used when the used in the GNU libc. */ +#if defined _LIBC && defined USE_NONOPTION_FLAGS +# define NONOPTION_P (argv[d->optind][0] != '-' || argv[d->optind][1] == '\0' \ + || (d->optind < d->__nonoption_flags_len \ + && __getopt_nonoption_flags[d->optind] == '1')) +#else +# define NONOPTION_P (argv[d->optind][0] != '-' || argv[d->optind][1] == '\0') +#endif + + if (d->__nextchar == NULL || *d->__nextchar == '\0') + { + /* Advance to the next ARGV-element. */ + + /* Give FIRST_NONOPT & LAST_NONOPT rational values if OPTIND has been + moved back by the user (who may also have changed the arguments). */ + if (d->__last_nonopt > d->optind) + d->__last_nonopt = d->optind; + if (d->__first_nonopt > d->optind) + d->__first_nonopt = d->optind; + + if (d->__ordering == PERMUTE) + { + /* If we have just processed some options following some non-options, + exchange them so that the options come first. */ + + if (d->__first_nonopt != d->__last_nonopt + && d->__last_nonopt != d->optind) + exchange ((char **) argv, d); + else if (d->__last_nonopt != d->optind) + d->__first_nonopt = d->optind; + + /* Skip any additional non-options + and extend the range of non-options previously skipped. */ + + while (d->optind < argc && NONOPTION_P) + d->optind++; + d->__last_nonopt = d->optind; + } + + /* The special ARGV-element `--' means premature end of options. + Skip it like a null option, + then exchange with previous non-options as if it were an option, + then skip everything else like a non-option. */ + + if (d->optind != argc && !strcmp (argv[d->optind], "--")) + { + d->optind++; + + if (d->__first_nonopt != d->__last_nonopt + && d->__last_nonopt != d->optind) + exchange ((char **) argv, d); + else if (d->__first_nonopt == d->__last_nonopt) + d->__first_nonopt = d->optind; + d->__last_nonopt = argc; + + d->optind = argc; + } + + /* If we have done all the ARGV-elements, stop the scan + and back over any non-options that we skipped and permuted. */ + + if (d->optind == argc) + { + /* Set the next-arg-index to point at the non-options + that we previously skipped, so the caller will digest them. */ + if (d->__first_nonopt != d->__last_nonopt) + d->optind = d->__first_nonopt; + return -1; + } + + /* If we have come to a non-option and did not permute it, + either stop the scan or describe it to the caller and pass it by. */ + + if (NONOPTION_P) + { + if (d->__ordering == REQUIRE_ORDER) + return -1; + d->optarg = argv[d->optind++]; + return 1; + } + + /* We have found another option-ARGV-element. + Skip the initial punctuation. */ + + d->__nextchar = (argv[d->optind] + 1 + + (longopts != NULL && argv[d->optind][1] == '-')); + } + + /* Decode the current option-ARGV-element. */ + + /* Check whether the ARGV-element is a long option. + + If long_only and the ARGV-element has the form "-f", where f is + a valid short option, don't consider it an abbreviated form of + a long option that starts with f. Otherwise there would be no + way to give the -f short option. + + On the other hand, if there's a long option "fubar" and + the ARGV-element is "-fu", do consider that an abbreviation of + the long option, just like "--fu", and not "-f" with arg "u". + + This distinction seems to be the most useful approach. */ + + if (longopts != NULL + && (argv[d->optind][1] == '-' + || (long_only && (argv[d->optind][2] + || !strchr (optstring, argv[d->optind][1]))))) + { + char *nameend; + const struct option *p; + const struct option *pfound = NULL; + int exact = 0; + int ambig = 0; + int indfound = -1; + int option_index; + + for (nameend = d->__nextchar; *nameend && *nameend != '='; nameend++) + /* Do nothing. */ ; + + /* Test all long options for either exact match + or abbreviated matches. */ + for (p = longopts, option_index = 0; p->name; p++, option_index++) + if (!strncmp (p->name, d->__nextchar, nameend - d->__nextchar)) + { + if ((unsigned int) (nameend - d->__nextchar) + == (unsigned int) strlen (p->name)) + { + /* Exact match found. */ + pfound = p; + indfound = option_index; + exact = 1; + break; + } + else if (pfound == NULL) + { + /* First nonexact match found. */ + pfound = p; + indfound = option_index; + } + else if (long_only + || pfound->has_arg != p->has_arg + || pfound->flag != p->flag + || pfound->val != p->val) + /* Second or later nonexact match found. */ + ambig = 1; + } + + if (ambig && !exact) + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("%s: option `%s' is ambiguous\n"), + argv[0], argv[d->optind]) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, _("%s: option `%s' is ambiguous\n"), + argv[0], argv[d->optind]); +#endif + } + d->__nextchar += strlen (d->__nextchar); + d->optind++; + d->optopt = 0; + return '?'; + } + + if (pfound != NULL) + { + option_index = indfound; + d->optind++; + if (*nameend) + { + /* Don't test has_arg with >, because some C compilers don't + allow it to be used on enums. */ + if (pfound->has_arg) + d->optarg = nameend + 1; + else + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + int n; +#endif + + if (argv[d->optind - 1][1] == '-') + { + /* --option */ +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("\ +%s: option `--%s' doesn't allow an argument\n"), + argv[0], pfound->name); +#else + fprintf (stderr, _("\ +%s: option `--%s' doesn't allow an argument\n"), + argv[0], pfound->name); +#endif + } + else + { + /* +option or -option */ +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("\ +%s: option `%c%s' doesn't allow an argument\n"), + argv[0], argv[d->optind - 1][0], + pfound->name); +#else + fprintf (stderr, _("\ +%s: option `%c%s' doesn't allow an argument\n"), + argv[0], argv[d->optind - 1][0], + pfound->name); +#endif + } + +#if defined _LIBC && defined USE_IN_LIBIO + if (n >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 + |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#endif + } + + d->__nextchar += strlen (d->__nextchar); + + d->optopt = pfound->val; + return '?'; + } + } + else if (pfound->has_arg == 1) + { + if (d->optind < argc) + d->optarg = argv[d->optind++]; + else + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("\ +%s: option `%s' requires an argument\n"), + argv[0], argv[d->optind - 1]) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 + |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, + _("%s: option `%s' requires an argument\n"), + argv[0], argv[d->optind - 1]); +#endif + } + d->__nextchar += strlen (d->__nextchar); + d->optopt = pfound->val; + return optstring[0] == ':' ? ':' : '?'; + } + } + d->__nextchar += strlen (d->__nextchar); + if (longind != NULL) + *longind = option_index; + if (pfound->flag) + { + *(pfound->flag) = pfound->val; + return 0; + } + return pfound->val; + } + + /* Can't find it as a long option. If this is not getopt_long_only, + or the option starts with '--' or is not a valid short + option, then it's an error. + Otherwise interpret it as a short option. */ + if (!long_only || argv[d->optind][1] == '-' + || strchr (optstring, *d->__nextchar) == NULL) + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + int n; +#endif + + if (argv[d->optind][1] == '-') + { + /* --option */ +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("%s: unrecognized option `--%s'\n"), + argv[0], d->__nextchar); +#else + fprintf (stderr, _("%s: unrecognized option `--%s'\n"), + argv[0], d->__nextchar); +#endif + } + else + { + /* +option or -option */ +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("%s: unrecognized option `%c%s'\n"), + argv[0], argv[d->optind][0], d->__nextchar); +#else + fprintf (stderr, _("%s: unrecognized option `%c%s'\n"), + argv[0], argv[d->optind][0], d->__nextchar); +#endif + } + +#if defined _LIBC && defined USE_IN_LIBIO + if (n >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#endif + } + d->__nextchar = (char *) ""; + d->optind++; + d->optopt = 0; + return '?'; + } + } + + /* Look at and handle the next short option-character. */ + + { + char c = *d->__nextchar++; + char *temp = strchr (optstring, c); + + /* Increment `optind' when we start to process its last character. */ + if (*d->__nextchar == '\0') + ++d->optind; + + if (temp == NULL || c == ':') + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + int n; +#endif + + if (d->__posixly_correct) + { + /* 1003.2 specifies the format of this message. */ +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("%s: illegal option -- %c\n"), + argv[0], c); +#else + fprintf (stderr, _("%s: illegal option -- %c\n"), argv[0], c); +#endif + } + else + { +#if defined _LIBC && defined USE_IN_LIBIO + n = __asprintf (&buf, _("%s: invalid option -- %c\n"), + argv[0], c); +#else + fprintf (stderr, _("%s: invalid option -- %c\n"), argv[0], c); +#endif + } + +#if defined _LIBC && defined USE_IN_LIBIO + if (n >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#endif + } + d->optopt = c; + return '?'; + } + /* Convenience. Treat POSIX -W foo same as long option --foo */ + if (temp[0] == 'W' && temp[1] == ';') + { + char *nameend; + const struct option *p; + const struct option *pfound = NULL; + int exact = 0; + int ambig = 0; + int indfound = 0; + int option_index; + + /* This is an option that requires an argument. */ + if (*d->__nextchar != '\0') + { + d->optarg = d->__nextchar; + /* If we end this ARGV-element by taking the rest as an arg, + we must advance to the next element now. */ + d->optind++; + } + else if (d->optind == argc) + { + if (print_errors) + { + /* 1003.2 specifies the format of this message. */ +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, + _("%s: option requires an argument -- %c\n"), + argv[0], c) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, _("%s: option requires an argument -- %c\n"), + argv[0], c); +#endif + } + d->optopt = c; + if (optstring[0] == ':') + c = ':'; + else + c = '?'; + return c; + } + else + /* We already incremented `d->optind' once; + increment it again when taking next ARGV-elt as argument. */ + d->optarg = argv[d->optind++]; + + /* optarg is now the argument, see if it's in the + table of longopts. */ + + for (d->__nextchar = nameend = d->optarg; *nameend && *nameend != '='; + nameend++) + /* Do nothing. */ ; + + /* Test all long options for either exact match + or abbreviated matches. */ + for (p = longopts, option_index = 0; p->name; p++, option_index++) + if (!strncmp (p->name, d->__nextchar, nameend - d->__nextchar)) + { + if ((unsigned int) (nameend - d->__nextchar) == strlen (p->name)) + { + /* Exact match found. */ + pfound = p; + indfound = option_index; + exact = 1; + break; + } + else if (pfound == NULL) + { + /* First nonexact match found. */ + pfound = p; + indfound = option_index; + } + else + /* Second or later nonexact match found. */ + ambig = 1; + } + if (ambig && !exact) + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("%s: option `-W %s' is ambiguous\n"), + argv[0], argv[d->optind]) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, _("%s: option `-W %s' is ambiguous\n"), + argv[0], argv[d->optind]); +#endif + } + d->__nextchar += strlen (d->__nextchar); + d->optind++; + return '?'; + } + if (pfound != NULL) + { + option_index = indfound; + if (*nameend) + { + /* Don't test has_arg with >, because some C compilers don't + allow it to be used on enums. */ + if (pfound->has_arg) + d->optarg = nameend + 1; + else + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("\ +%s: option `-W %s' doesn't allow an argument\n"), + argv[0], pfound->name) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 + |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, _("\ +%s: option `-W %s' doesn't allow an argument\n"), + argv[0], pfound->name); +#endif + } + + d->__nextchar += strlen (d->__nextchar); + return '?'; + } + } + else if (pfound->has_arg == 1) + { + if (d->optind < argc) + d->optarg = argv[d->optind++]; + else + { + if (print_errors) + { +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("\ +%s: option `%s' requires an argument\n"), + argv[0], argv[d->optind - 1]) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 + |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, + _("%s: option `%s' requires an argument\n"), + argv[0], argv[d->optind - 1]); +#endif + } + d->__nextchar += strlen (d->__nextchar); + return optstring[0] == ':' ? ':' : '?'; + } + } + d->__nextchar += strlen (d->__nextchar); + if (longind != NULL) + *longind = option_index; + if (pfound->flag) + { + *(pfound->flag) = pfound->val; + return 0; + } + return pfound->val; + } + d->__nextchar = NULL; + return 'W'; /* Let the application handle it. */ + } + if (temp[1] == ':') + { + if (temp[2] == ':') + { + /* This is an option that accepts an argument optionally. */ + if (*d->__nextchar != '\0') + { + d->optarg = d->__nextchar; + d->optind++; + } + else + d->optarg = NULL; + d->__nextchar = NULL; + } + else + { + /* This is an option that requires an argument. */ + if (*d->__nextchar != '\0') + { + d->optarg = d->__nextchar; + /* If we end this ARGV-element by taking the rest as an arg, + we must advance to the next element now. */ + d->optind++; + } + else if (d->optind == argc) + { + if (print_errors) + { + /* 1003.2 specifies the format of this message. */ +#if defined _LIBC && defined USE_IN_LIBIO + char *buf; + + if (__asprintf (&buf, _("\ +%s: option requires an argument -- %c\n"), + argv[0], c) >= 0) + { + _IO_flockfile (stderr); + + int old_flags2 = ((_IO_FILE *) stderr)->_flags2; + ((_IO_FILE *) stderr)->_flags2 |= _IO_FLAGS2_NOTCANCEL; + + __fxprintf (NULL, "%s", buf); + + ((_IO_FILE *) stderr)->_flags2 = old_flags2; + _IO_funlockfile (stderr); + + free (buf); + } +#else + fprintf (stderr, + _("%s: option requires an argument -- %c\n"), + argv[0], c); +#endif + } + d->optopt = c; + if (optstring[0] == ':') + c = ':'; + else + c = '?'; + } + else + /* We already incremented `optind' once; + increment it again when taking next ARGV-elt as argument. */ + d->optarg = argv[d->optind++]; + d->__nextchar = NULL; + } + } + return c; + } +} + +int +_getopt_internal (int argc, char **argv, const char *optstring, + const struct option *longopts, int *longind, + int long_only, int posixly_correct) +{ + int result; + + getopt_data.optind = optind; + getopt_data.opterr = opterr; + + result = _getopt_internal_r (argc, argv, optstring, longopts, longind, + long_only, posixly_correct, &getopt_data); + + optind = getopt_data.optind; + optarg = getopt_data.optarg; + optopt = getopt_data.optopt; + + return result; +} + +/* glibc gets a LSB-compliant getopt. + Standalone applications get a POSIX-compliant getopt. */ +#if _LIBC +enum { POSIXLY_CORRECT = 0 }; +#else +enum { POSIXLY_CORRECT = 1 }; +#endif + +int +getopt (int argc, char *const *argv, const char *optstring) +{ + return _getopt_internal (argc, (char **) argv, optstring, NULL, NULL, 0, + POSIXLY_CORRECT); +} + + +#ifdef TEST + +/* Compile with -DTEST to make an executable for use in testing + the above definition of `getopt'. */ + +int +main (int argc, char **argv) +{ + int c; + int digit_optind = 0; + + while (1) + { + int this_option_optind = optind ? optind : 1; + + c = getopt (argc, argv, "abc:d:0123456789"); + if (c == -1) + break; + + switch (c) + { + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + if (digit_optind != 0 && digit_optind != this_option_optind) + printf ("digits occur in two different argv-elements.\n"); + digit_optind = this_option_optind; + printf ("option %c\n", c); + break; + + case 'a': + printf ("option a\n"); + break; + + case 'b': + printf ("option b\n"); + break; + + case 'c': + printf ("option c with value `%s'\n", optarg); + break; + + case '?': + break; + + default: + printf ("?? getopt returned character code 0%o ??\n", c); + } + } + + if (optind < argc) + { + printf ("non-option ARGV-elements: "); + while (optind < argc) + printf ("%s ", argv[optind++]); + printf ("\n"); + } + + exit (0); +} + +#endif /* TEST */ Index: pinentry/getopt1.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ pinentry/getopt1.c 2007-05-14 19:54:31.785574000 +0000 @@ -0,0 +1,171 @@ +/* getopt_long and getopt_long_only entry points for GNU getopt. + Copyright (C) 1987,88,89,90,91,92,93,94,96,97,98,2004,2006 + Free Software Foundation, Inc. + This file is part of the GNU C Library. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +#ifdef _LIBC +# include +#else +# include +# include "getopt.h" +#endif +#include "getopt_int.h" + +#include + +/* This needs to come after some library #include + to get __GNU_LIBRARY__ defined. */ +#ifdef __GNU_LIBRARY__ +#include +#endif + +#ifndef NULL +#define NULL 0 +#endif + +int +getopt_long (int argc, char *__getopt_argv_const *argv, const char *options, + const struct option *long_options, int *opt_index) +{ + return _getopt_internal (argc, (char **) argv, options, long_options, + opt_index, 0, 0); +} + +int +_getopt_long_r (int argc, char **argv, const char *options, + const struct option *long_options, int *opt_index, + struct _getopt_data *d) +{ + return _getopt_internal_r (argc, argv, options, long_options, opt_index, + 0, 0, d); +} + +/* Like getopt_long, but '-' as well as '--' can indicate a long option. + If an option that starts with '-' (not '--') doesn't match a long option, + but does match a short option, it is parsed as a short option + instead. */ + +int +getopt_long_only (int argc, char *__getopt_argv_const *argv, + const char *options, + const struct option *long_options, int *opt_index) +{ + return _getopt_internal (argc, (char **) argv, options, long_options, + opt_index, 1, 0); +} + +int +_getopt_long_only_r (int argc, char **argv, const char *options, + const struct option *long_options, int *opt_index, + struct _getopt_data *d) +{ + return _getopt_internal_r (argc, argv, options, long_options, opt_index, + 1, 0, d); +} + + +#ifdef TEST + +#include + +int +main (int argc, char **argv) +{ + int c; + int digit_optind = 0; + + while (1) + { + int this_option_optind = optind ? optind : 1; + int option_index = 0; + static struct option long_options[] = + { + {"add", 1, 0, 0}, + {"append", 0, 0, 0}, + {"delete", 1, 0, 0}, + {"verbose", 0, 0, 0}, + {"create", 0, 0, 0}, + {"file", 1, 0, 0}, + {0, 0, 0, 0} + }; + + c = getopt_long (argc, argv, "abc:d:0123456789", + long_options, &option_index); + if (c == -1) + break; + + switch (c) + { + case 0: + printf ("option %s", long_options[option_index].name); + if (optarg) + printf (" with arg %s", optarg); + printf ("\n"); + break; + + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + if (digit_optind != 0 && digit_optind != this_option_optind) + printf ("digits occur in two different argv-elements.\n"); + digit_optind = this_option_optind; + printf ("option %c\n", c); + break; + + case 'a': + printf ("option a\n"); + break; + + case 'b': + printf ("option b\n"); + break; + + case 'c': + printf ("option c with value `%s'\n", optarg); + break; + + case 'd': + printf ("option d with value `%s'\n", optarg); + break; + + case '?': + break; + + default: + printf ("?? getopt returned character code 0%o ??\n", c); + } + } + + if (optind < argc) + { + printf ("non-option ARGV-elements: "); + while (optind < argc) + printf ("%s ", argv[optind++]); + printf ("\n"); + } + + exit (0); +} + +#endif /* TEST */ Index: pinentry/getopt_.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ pinentry/getopt_.h 2007-05-14 19:54:31.816388000 +0000 @@ -0,0 +1,226 @@ +/* Declarations for getopt. + Copyright (C) 1989-1994,1996-1999,2001,2003,2004,2005,2006,2007 + Free Software Foundation, Inc. + This file is part of the GNU C Library. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +#ifndef _GETOPT_H + +#ifndef __need_getopt +# define _GETOPT_H 1 +#endif + +/* Standalone applications should #define __GETOPT_PREFIX to an + identifier that prefixes the external functions and variables + defined in this header. When this happens, include the + headers that might declare getopt so that they will not cause + confusion if included after this file. Then systematically rename + identifiers so that they do not collide with the system functions + and variables. Renaming avoids problems with some compilers and + linkers. */ +#if defined __GETOPT_PREFIX && !defined __need_getopt +# include +# include +# include +# undef __need_getopt +# undef getopt +# undef getopt_long +# undef getopt_long_only +# undef optarg +# undef opterr +# undef optind +# undef optopt +# define __GETOPT_CONCAT(x, y) x ## y +# define __GETOPT_XCONCAT(x, y) __GETOPT_CONCAT (x, y) +# define __GETOPT_ID(y) __GETOPT_XCONCAT (__GETOPT_PREFIX, y) +# define getopt __GETOPT_ID (getopt) +# define getopt_long __GETOPT_ID (getopt_long) +# define getopt_long_only __GETOPT_ID (getopt_long_only) +# define optarg __GETOPT_ID (optarg) +# define opterr __GETOPT_ID (opterr) +# define optind __GETOPT_ID (optind) +# define optopt __GETOPT_ID (optopt) +#endif + +/* Standalone applications get correct prototypes for getopt_long and + getopt_long_only; they declare "char **argv". libc uses prototypes + with "char *const *argv" that are incorrect because getopt_long and + getopt_long_only can permute argv; this is required for backward + compatibility (e.g., for LSB 2.0.1). + + This used to be `#if defined __GETOPT_PREFIX && !defined __need_getopt', + but it caused redefinition warnings if both unistd.h and getopt.h were + included, since unistd.h includes getopt.h having previously defined + __need_getopt. + + The only place where __getopt_argv_const is used is in definitions + of getopt_long and getopt_long_only below, but these are visible + only if __need_getopt is not defined, so it is quite safe to rewrite + the conditional as follows: +*/ +#if !defined __need_getopt +# if defined __GETOPT_PREFIX +# define __getopt_argv_const /* empty */ +# else +# define __getopt_argv_const const +# endif +#endif + +/* If __GNU_LIBRARY__ is not already defined, either we are being used + standalone, or this is the first header included in the source file. + If we are being used with glibc, we need to include , but + that does not exist if we are standalone. So: if __GNU_LIBRARY__ is + not defined, include , which will pull in for us + if it's from glibc. (Why ctype.h? It's guaranteed to exist and it + doesn't flood the namespace with stuff the way some other headers do.) */ +#if !defined __GNU_LIBRARY__ +# include +#endif + +#ifndef __THROW +# ifndef __GNUC_PREREQ +# define __GNUC_PREREQ(maj, min) (0) +# endif +# if defined __cplusplus && __GNUC_PREREQ (2,8) +# define __THROW throw () +# else +# define __THROW +# endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* For communication from `getopt' to the caller. + When `getopt' finds an option that takes an argument, + the argument value is returned here. + Also, when `ordering' is RETURN_IN_ORDER, + each non-option ARGV-element is returned here. */ + +extern char *optarg; + +/* Index in ARGV of the next element to be scanned. + This is used for communication to and from the caller + and for communication between successive calls to `getopt'. + + On entry to `getopt', zero means this is the first call; initialize. + + When `getopt' returns -1, this is the index of the first of the + non-option elements that the caller should itself scan. + + Otherwise, `optind' communicates from one call to the next + how much of ARGV has been scanned so far. */ + +extern int optind; + +/* Callers store zero here to inhibit the error message `getopt' prints + for unrecognized options. */ + +extern int opterr; + +/* Set to an option character which was unrecognized. */ + +extern int optopt; + +#ifndef __need_getopt +/* Describe the long-named options requested by the application. + The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector + of `struct option' terminated by an element containing a name which is + zero. + + The field `has_arg' is: + no_argument (or 0) if the option does not take an argument, + required_argument (or 1) if the option requires an argument, + optional_argument (or 2) if the option takes an optional argument. + + If the field `flag' is not NULL, it points to a variable that is set + to the value given in the field `val' when the option is found, but + left unchanged if the option is not found. + + To have a long-named option do something other than set an `int' to + a compiled-in constant, such as set a value from `optarg', set the + option's `flag' field to zero and its `val' field to a nonzero + value (the equivalent single-letter option character, if there is + one). For long options that have a zero `flag' field, `getopt' + returns the contents of the `val' field. */ + +struct option +{ + const char *name; + /* has_arg can't be an enum because some compilers complain about + type mismatches in all the code that assumes it is an int. */ + int has_arg; + int *flag; + int val; +}; + +/* Names for the values of the `has_arg' field of `struct option'. */ + +# define no_argument 0 +# define required_argument 1 +# define optional_argument 2 +#endif /* need getopt */ + + +/* Get definitions and prototypes for functions to process the + arguments in ARGV (ARGC of them, minus the program name) for + options given in OPTS. + + Return the option character from OPTS just read. Return -1 when + there are no more options. For unrecognized options, or options + missing arguments, `optopt' is set to the option letter, and '?' is + returned. + + The OPTS string is a list of characters which are recognized option + letters, optionally followed by colons, specifying that that letter + takes an argument, to be placed in `optarg'. + + If a letter in OPTS is followed by two colons, its argument is + optional. This behavior is specific to the GNU `getopt'. + + The argument `--' causes premature termination of argument + scanning, explicitly telling `getopt' that there are no more + options. + + If OPTS begins with `-', then non-option arguments are treated as + arguments to the option '\1'. This behavior is specific to the GNU + `getopt'. If OPTS begins with `+', or POSIXLY_CORRECT is set in + the environment, then do not permute arguments. */ + +extern int getopt (int ___argc, char *const *___argv, const char *__shortopts) + __THROW; + +#ifndef __need_getopt +extern int getopt_long (int ___argc, char *__getopt_argv_const *___argv, + const char *__shortopts, + const struct option *__longopts, int *__longind) + __THROW; +extern int getopt_long_only (int ___argc, char *__getopt_argv_const *___argv, + const char *__shortopts, + const struct option *__longopts, int *__longind) + __THROW; + +#endif + +#ifdef __cplusplus +} +#endif + +/* Make sure we later can get all the definitions and declarations. */ +#undef __need_getopt + +#endif /* getopt.h */ Index: pinentry/getopt_int.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ pinentry/getopt_int.h 2007-05-14 19:54:31.845149000 +0000 @@ -0,0 +1,131 @@ +/* Internal declarations for getopt. + Copyright (C) 1989-1994,1996-1999,2001,2003,2004 + Free Software Foundation, Inc. + This file is part of the GNU C Library. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +#ifndef _GETOPT_INT_H +#define _GETOPT_INT_H 1 + +extern int _getopt_internal (int ___argc, char **___argv, + const char *__shortopts, + const struct option *__longopts, int *__longind, + int __long_only, int __posixly_correct); + + +/* Reentrant versions which can handle parsing multiple argument + vectors at the same time. */ + +/* Data type for reentrant functions. */ +struct _getopt_data +{ + /* These have exactly the same meaning as the corresponding global + variables, except that they are used for the reentrant + versions of getopt. */ + int optind; + int opterr; + int optopt; + char *optarg; + + /* Internal members. */ + + /* True if the internal members have been initialized. */ + int __initialized; + + /* The next char to be scanned in the option-element + in which the last option character we returned was found. + This allows us to pick up the scan where we left off. + + If this is zero, or a null string, it means resume the scan + by advancing to the next ARGV-element. */ + char *__nextchar; + + /* Describe how to deal with options that follow non-option ARGV-elements. + + If the caller did not specify anything, + the default is REQUIRE_ORDER if the environment variable + POSIXLY_CORRECT is defined, PERMUTE otherwise. + + REQUIRE_ORDER means don't recognize them as options; + stop option processing when the first non-option is seen. + This is what Unix does. + This mode of operation is selected by either setting the environment + variable POSIXLY_CORRECT, or using `+' as the first character + of the list of option characters, or by calling getopt. + + PERMUTE is the default. We permute the contents of ARGV as we + scan, so that eventually all the non-options are at the end. + This allows options to be given in any order, even with programs + that were not written to expect this. + + RETURN_IN_ORDER is an option available to programs that were + written to expect options and other ARGV-elements in any order + and that care about the ordering of the two. We describe each + non-option ARGV-element as if it were the argument of an option + with character code 1. Using `-' as the first character of the + list of option characters selects this mode of operation. + + The special argument `--' forces an end of option-scanning regardless + of the value of `ordering'. In the case of RETURN_IN_ORDER, only + `--' can cause `getopt' to return -1 with `optind' != ARGC. */ + + enum + { + REQUIRE_ORDER, PERMUTE, RETURN_IN_ORDER + } __ordering; + + /* If the POSIXLY_CORRECT environment variable is set + or getopt was called. */ + int __posixly_correct; + + + /* Handle permutation of arguments. */ + + /* Describe the part of ARGV that contains non-options that have + been skipped. `first_nonopt' is the index in ARGV of the first + of them; `last_nonopt' is the index after the last of them. */ + + int __first_nonopt; + int __last_nonopt; + +#if defined _LIBC && defined USE_NONOPTION_FLAGS + int __nonoption_flags_max_len; + int __nonoption_flags_len; +# endif +}; + +/* The initializer is necessary to set OPTIND and OPTERR to their + default values and to clear the initialization flag. */ +#define _GETOPT_DATA_INITIALIZER { 1, 1 } + +extern int _getopt_internal_r (int ___argc, char **___argv, + const char *__shortopts, + const struct option *__longopts, int *__longind, + int __long_only, int __posixly_correct, + struct _getopt_data *__data); + +extern int _getopt_long_r (int ___argc, char **___argv, + const char *__shortopts, + const struct option *__longopts, int *__longind, + struct _getopt_data *__data); + +extern int _getopt_long_only_r (int ___argc, char **___argv, + const char *__shortopts, + const struct option *__longopts, + int *__longind, + struct _getopt_data *__data); + +#endif /* getopt_int.h */ Index: pinentry/Makefile.am =================================================================== --- pinentry/Makefile.am.orig 2003-12-23 08:41:40.000000000 +0000 +++ pinentry/Makefile.am 2007-05-14 20:03:43.702584000 +0000 @@ -31,5 +31,18 @@ AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem -libpinentry_a_SOURCES = pinentry.h pinentry.c +libpinentry_a_SOURCES = pinentry.h pinentry.c +libpinentry_a_LIBADD = $(LIBOBJS) + libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c + +BUILT_SOURCES = $(GETOPT_H) + +# We need the following in order to create when the system +# doesn't have one that works with the given compiler. +getopt.h: getopt_.h + { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ + cat $(srcdir)/getopt_.h; \ + } > $@-t + mv -f $@-t $@ +MOSTLYCLEANFILES = getopt.h getopt.h-t Index: pinentry/gettext.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ pinentry/gettext.h 2007-05-14 20:34:50.886728000 +0000 @@ -0,0 +1,270 @@ +/* Convenience header for conditional use of GNU . + Copyright (C) 1995-1998, 2000-2002, 2004-2006 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +#ifndef _LIBGETTEXT_H +#define _LIBGETTEXT_H 1 + +/* NLS can be disabled through the configure --disable-nls option. */ +#if ENABLE_NLS + +/* Get declarations of GNU message catalog functions. */ +# include + +/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by + the gettext() and ngettext() macros. This is an alternative to calling + textdomain(), and is useful for libraries. */ +# ifdef DEFAULT_TEXT_DOMAIN +# undef gettext +# define gettext(Msgid) \ + dgettext (DEFAULT_TEXT_DOMAIN, Msgid) +# undef ngettext +# define ngettext(Msgid1, Msgid2, N) \ + dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N) +# endif + +#else + +/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which + chokes if dcgettext is defined as a macro. So include it now, to make + later inclusions of a NOP. We don't include + as well because people using "gettext.h" will not include , + and also including would fail on SunOS 4, whereas + is OK. */ +#if defined(__sun) +# include +#endif + +/* Many header files from the libstdc++ coming with g++ 3.3 or newer include + , which chokes if dcgettext is defined as a macro. So include + it now, to make later inclusions of a NOP. */ +#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3) +# include +# if (__GLIBC__ >= 2) || _GLIBCXX_HAVE_LIBINTL_H +# include +# endif +#endif + +/* Disabled NLS. + The casts to 'const char *' serve the purpose of producing warnings + for invalid uses of the value returned from these functions. + On pre-ANSI systems without 'const', the config.h file is supposed to + contain "#define const". */ +# define gettext(Msgid) ((const char *) (Msgid)) +# define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid)) +# define dcgettext(Domainname, Msgid, Category) \ + ((void) (Category), dgettext (Domainname, Msgid)) +# define ngettext(Msgid1, Msgid2, N) \ + ((N) == 1 \ + ? ((void) (Msgid2), (const char *) (Msgid1)) \ + : ((void) (Msgid1), (const char *) (Msgid2))) +# define dngettext(Domainname, Msgid1, Msgid2, N) \ + ((void) (Domainname), ngettext (Msgid1, Msgid2, N)) +# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ + ((void) (Category), dngettext(Domainname, Msgid1, Msgid2, N)) +# define textdomain(Domainname) ((const char *) (Domainname)) +# define bindtextdomain(Domainname, Dirname) \ + ((void) (Domainname), (const char *) (Dirname)) +# define bind_textdomain_codeset(Domainname, Codeset) \ + ((void) (Domainname), (const char *) (Codeset)) + +#endif + +/* A pseudo function call that serves as a marker for the automated + extraction of messages, but does not call gettext(). The run-time + translation is done at a different place in the code. + The argument, String, should be a literal string. Concatenated strings + and other string expressions won't work. + The macro's expansion is not parenthesized, so that it is suitable as + initializer for static 'char[]' or 'const char[]' variables. */ +#define gettext_noop(String) String + +/* The separator between msgctxt and msgid in a .mo file. */ +#define GETTEXT_CONTEXT_GLUE "\004" + +/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a + MSGID. MSGCTXT and MSGID must be string literals. MSGCTXT should be + short and rarely need to change. + The letter 'p' stands for 'particular' or 'special'. */ +#ifdef DEFAULT_TEXT_DOMAIN +# define pgettext(Msgctxt, Msgid) \ + pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#else +# define pgettext(Msgctxt, Msgid) \ + pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#endif +#define dpgettext(Domainname, Msgctxt, Msgid) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES) +#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \ + pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category) +#ifdef DEFAULT_TEXT_DOMAIN +# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#else +# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#endif +#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \ + npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +pgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, + int category) +{ + const char *translation = dcgettext (domain, msg_ctxt_id, category); + if (translation == msg_ctxt_id) + return msgid; + else + return translation; +} + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +npgettext_aux (const char *domain, + const char *msg_ctxt_id, const char *msgid, + const char *msgid_plural, unsigned long int n, + int category) +{ + const char *translation = + dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); + if (translation == msg_ctxt_id || translation == msgid_plural) + return (n == 1 ? msgid : msgid_plural); + else + return translation; +} + +/* The same thing extended for non-constant arguments. Here MSGCTXT and MSGID + can be arbitrary expressions. But for string literals these macros are + less efficient than those above. */ + +#include + +#define _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS \ + (((__GNUC__ >= 3 || __GNUG__ >= 2) && !__STRICT_ANSI__) \ + /* || __STDC_VERSION__ >= 199901L */ ) + +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS +#include +#endif + +#define pgettext_expr(Msgctxt, Msgid) \ + dcpgettext_expr (NULL, Msgctxt, Msgid, LC_MESSAGES) +#define dpgettext_expr(Domainname, Msgctxt, Msgid) \ + dcpgettext_expr (Domainname, Msgctxt, Msgid, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, + int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf + : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = dcgettext (domain, msg_ctxt_id, category); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (translation != msg_ctxt_id) + return translation; + } + return msgid; +} + +#define npgettext_expr(Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (NULL, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) +#define dnpgettext_expr(Domainname, Msgctxt, Msgid, MsgidPlural, N) \ + dcnpgettext_expr (Domainname, Msgctxt, Msgid, MsgidPlural, N, LC_MESSAGES) + +#ifdef __GNUC__ +__inline +#else +#ifdef __cplusplus +inline +#endif +#endif +static const char * +dcnpgettext_expr (const char *domain, + const char *msgctxt, const char *msgid, + const char *msgid_plural, unsigned long int n, + int category) +{ + size_t msgctxt_len = strlen (msgctxt) + 1; + size_t msgid_len = strlen (msgid) + 1; + const char *translation; +#if _LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + char msg_ctxt_id[msgctxt_len + msgid_len]; +#else + char buf[1024]; + char *msg_ctxt_id = + (msgctxt_len + msgid_len <= sizeof (buf) + ? buf + : (char *) malloc (msgctxt_len + msgid_len)); + if (msg_ctxt_id != NULL) +#endif + { + memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); + msg_ctxt_id[msgctxt_len - 1] = '\004'; + memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); + translation = dcngettext (domain, msg_ctxt_id, msgid_plural, n, category); +#if !_LIBGETTEXT_HAVE_VARIABLE_SIZE_ARRAYS + if (msg_ctxt_id != buf) + free (msg_ctxt_id); +#endif + if (!(translation == msg_ctxt_id || translation == msgid_plural)) + return translation; + } + return (n == 1 ? msgid : msgid_plural); +} + +#endif /* _LIBGETTEXT_H */ Index: pinentry/pinentry.c =================================================================== --- pinentry/pinentry.c.orig 2004-12-22 11:37:50.000000000 +0000 +++ pinentry/pinentry.c 2007-05-14 21:26:31.039167000 +0000 @@ -281,7 +281,7 @@ " --parent-wid Parent window ID (for positioning)\n" " -d, --debug Turn on debugging output\n" " -h, --help Display this help and exit\n" -" --version Output version information and exit\n", this_pgmname); +" -V, --version Output version information and exit\n", this_pgmname); } @@ -305,7 +305,7 @@ { "no-global-grab", no_argument, 0, 'g' }, { "parent-wid", required_argument, 0, 'W' }, { "help", no_argument, 0, 'h' }, - { "version", no_argument, &opt_version, 1 }, + { "version", no_argument, 0, 'V' }, { NULL, 0, NULL, 0 }}; while ((opt = getopt_long (argc, argv, "degh", opts, NULL)) != -1) @@ -327,7 +327,9 @@ case 'h': opt_help = 1; break; - + case 'V': + opt_version =1; + break; case 'D': /* Note, this is currently not used because the GUI engine has already been initialized when parsing these options. */ Index: pinentry/pinentry-curses.c =================================================================== --- pinentry/pinentry-curses.c.orig 2007-05-21 20:43:17.466427000 +0000 +++ pinentry/pinentry-curses.c 2007-05-22 01:49:57.845437000 +0000 @@ -34,6 +34,9 @@ #include #include +#if defined(__hpux) || defined (__osf__) +#include +#endif #include #include "pinentry.h" @@ -561,6 +564,18 @@ errno = err; return -1; } +#if defined(__hpux) || defined (__osf__) +{ +/* HP-UX and Tru64 echo the passphrase on input */ +/* lets set noecho. I don't know why ncurses is unable to properly + * initialize the terminal device. */ + struct termios tios; + tcgetattr(fileno(ttyfi),&tios); + tios.c_lflag = (ICANON|ISIG); + tios.c_iflag = (INLCR|ICRNL|BRKINT); + tcsetattr(fileno(ttyfi),0,&tios); +} +#endif screen = newterm (tty_type, ttyfo, ttyfi); set_term (screen); } @@ -653,11 +666,12 @@ } break; - case '\e': + case 0x1b: done = -2; break; case '\r': + case '\n': switch (diag.pos) { case DIALOG_POS_PIN: From hjthring at lavabit.com Thu May 31 07:40:39 2007 From: hjthring at lavabit.com (Hayden Thring) Date: Thu, 31 May 2007 15:10:39 +0930 Subject: gpa-0.7.3 segfault when openig a file Message-ID: <20070531151039.be33128d.hjthring@lavabit.com> Fred, i too had the segfault when opening a file in filemanager of gpa, i got around this just now, by installing latest gtk2, glib, pango, cairo and atk in /usr (not /usr/local) to overwrite and supplement "old" version that must have been lacking something... then recompile gnupg2 gpgme and gpa it affected al versions after 0.6.1, but running 0.7.6 no probs ok now Hayden. From wk at gnupg.org Thu May 31 16:47:30 2007 From: wk at gnupg.org (Werner Koch) Date: Thu, 31 May 2007 16:47:30 +0200 Subject: pinentry patches In-Reply-To: <20070522153723.GB3911@acer.localdomain> (Peter O'Gorman's message of "Tue, 22 May 2007 10:37:23 -0500") References: <20070522153723.GB3911@acer.localdomain> Message-ID: <87r6oxkq2l.fsf@wheatstone.g10code.de> Hi Peter, sorry for not replying earlier; I am quite busy and actually at the LinuxTag. Marcus will look at your pinentry patches and get back to you. I have not looked closely at your patcches, however there is one design goal which you should keep in mind: pinentry shall be as small and simple as possible for security reasons. (I have not said that your patches are too large, though). Shalom-Salam, Werner