From marcus.brinkmann at ruhr-uni-bochum.de Thu Nov 1 13:38:36 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu, 01 Nov 2007 13:38:36 +0100 Subject: Development problem with passphrase-fd In-Reply-To: <13514234.post@talk.nabble.com> References: <13514234.post@talk.nabble.com> Message-ID: <87ejfam983.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 31 Oct 2007 10:15:57 -0700 (PDT), Brian Lee wrote: > I am working on an application that works by spawning GPG command line, using > the passphrase-fd feature. The problem is that these commands worked fine > when I tested them in DOS command prompt, but did not work in my program > using CreateProcess. See below. > I tried both the "echo passphrase" and the "redirect > from passphrase file" approaches, but none of them worked. I wonder if I > could use CreateProcess, or there is a better way. Any suggestions would be > appreciated. I would suggest to use the GPGME (GPG Made Easy) library, if you can. It abstracts all this mess away for you. > Here is the code of my test program on Windows XP: > ================================================= > if (CreateProcess( (LPCTSTR)program, > (LPTSTR)sCommand, > NULL, NULL, FALSE, 0, NULL, NULL, > &startupInfo, > &processInfo)) Not sure how this works, but shouldn't you use TRUE instead of FALSE to inherit the handles? Also, don't you need to create pipes and put them into startup information (STARTF_USESTDHANDLES)? At least this is how we do it, but I admit that my knowledge of the W32 interface is incomplete. > sCommand = _tcsdup(TEXT("gpg --batch --passphrase-fd 0 --output > testfile.txt --decrypt testfile.txt.txt.gpg < mypass.txt")); I believe you need to pass a system handle rather than a file descriptor value. I do not understand why it works for you at the command prompt, though. Also, I did not check your usage of CreateProcess Thanks, Marcus From marcus.brinkmann at ruhr-uni-bochum.de Thu Nov 1 13:41:00 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Thu, 01 Nov 2007 13:41:00 +0100 Subject: Possible GPGME bug In-Reply-To: <8298be230710311237k337cb490j9426eb96d7324623@mail.gmail.com> References: <8298be230710311237k337cb490j9426eb96d7324623@mail.gmail.com> Message-ID: <87d4uum943.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 31 Oct 2007 15:37:52 -0400, "Adam Schreiber" wrote: > > In fixing a bug in Seahorse, I found that our feature to revoke a sub > key was no longer working. It uses the gpgme_op_edit API. I checked > the challenge and responses of gpg --edit-key manually and found that > they matched those our state machine expected. Did you check using the same arguments to gpg for invocation? GPGME adds a whole bunch of arguments to the command line (check with ps). Thanks, Marcus From sadam at clemson.edu Thu Nov 1 14:25:05 2007 From: sadam at clemson.edu (Adam Schreiber) Date: Thu, 1 Nov 2007 09:25:05 -0400 Subject: Possible GPGME bug In-Reply-To: <87d4uum943.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <8298be230710311237k337cb490j9426eb96d7324623@mail.gmail.com> <87d4uum943.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <8298be230711010625g4ddc1eaw48406e9167017f17@mail.gmail.com> On 11/1/07, Marcus Brinkmann wrote: > At Wed, 31 Oct 2007 15:37:52 -0400, > "Adam Schreiber" wrote: > > > > In fixing a bug in Seahorse, I found that our feature to revoke a sub > > key was no longer working. It uses the gpgme_op_edit API. I checked > > the challenge and responses of gpg --edit-key manually and found that > > they matched those our state machine expected. > > Did you check using the same arguments to gpg for invocation? GPGME > adds a whole bunch of arguments to the command line (check with ps). Using the same arguments to gpg except for changing the status-fd and command-fd arguments, I get what's pasted below. This is the expected order of statements. DO you have any other suggestions of what I could check? Cheers, Adam gpg --use-agent --no-sk-comment --lc-messages C --lc-ctype C --status-fd 2 --no-tty --charset utf8 --enable-progress-filter --display :0.0 --ttyname /dev/pts/1 --command-fd 0 --with-colons --edit-key -- 9B6A8AABE2EB80683AE418730116FD16FA676606 gpg (GnuPG) 1.4.7; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details. pub:u:1024:17:0116FD16FA676606:1181933414:0::u: fpr:::::::::9B6A8AABE2EB80683AE418730116FD16FA676606: sub:u:2048:16:312839264174BB1E:1181933414:0::: fpr:::::::::0BE8689516056C34C7B19768312839264174BB1E: sub:u:1024:17:E9AAAE226AE18AAF:1193753469:0::: fpr:::::::::E4E21D34B594F9448B591278E9AAAE226AE18AAF: uid:u::::::::fake1:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:1,p: uat:u::::::::1 3892:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:2,p: uat:u::::::::1 4846:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:3,: [GNUPG:] GET_LINE keyedit.prompt key 2 [GNUPG:] GOT_IT pub:u:1024:17:0116FD16FA676606:1181933414:0::u: fpr:::::::::9B6A8AABE2EB80683AE418730116FD16FA676606: sub:u:2048:16:312839264174BB1E:1181933414:0::: fpr:::::::::0BE8689516056C34C7B19768312839264174BB1E: sub:u:1024:17:E9AAAE226AE18AAF:1193753469:0::: fpr:::::::::E4E21D34B594F9448B591278E9AAAE226AE18AAF: uid:u::::::::fake1:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:1,p: uat:u::::::::1 3892:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:2,p: uat:u::::::::1 4846:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:3,: [GNUPG:] GET_LINE keyedit.prompt revkey [GNUPG:] GOT_IT [GNUPG:] GET_BOOL keyedit.revoke.subkey.okay yes [GNUPG:] GOT_IT [GNUPG:] GET_LINE ask_revocation_reason.code 3 [GNUPG:] GOT_IT [GNUPG:] GET_LINE ask_revocation_reason.text test key [GNUPG:] GOT_IT [GNUPG:] GET_LINE ask_revocation_reason.text [GNUPG:] GOT_IT [GNUPG:] GET_BOOL ask_revocation_reason.okay yes [GNUPG:] GOT_IT [GNUPG:] USERID_HINT 0116FD16FA676606 fake1 [GNUPG:] NEED_PASSPHRASE 0116FD16FA676606 0116FD16FA676606 17 0 [GNUPG:] GOOD_PASSPHRASE pub:u:1024:17:0116FD16FA676606:1181933414:0::u: fpr:::::::::9B6A8AABE2EB80683AE418730116FD16FA676606: sub:u:2048:16:312839264174BB1E:1181933414:0::: fpr:::::::::0BE8689516056C34C7B19768312839264174BB1E: sub:r:1024:17:E9AAAE226AE18AAF:1193753469:0::: fpr:::::::::E4E21D34B594F9448B591278E9AAAE226AE18AAF: uid:u::::::::fake1:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:1,p: uat:u::::::::1 3892:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:2,p: uat:u::::::::1 4846:::S9 S8 S7 S3 S2 H2 H8 H3 Z2 Z3 Z1,mdc,no-ks-modify:3,: [GNUPG:] GET_LINE keyedit.prompt From malayter at gmail.com Fri Nov 9 14:43:15 2007 From: malayter at gmail.com (Ryan Malayter) Date: Fri, 9 Nov 2007 07:43:15 -0600 Subject: Locking memory on Windows Message-ID: <5d7f07420711090543o5c070135x556c0a65f7fe9fa4@mail.gmail.com> There's been a lot of talk about locking memory on Windows platforms, with VirtualLock supposedly the solution. Apperently, it isn't - MSDN is misleading. See this post from a Microsoft old-timer: http://blogs.msdn.com/oldnewthing/archive/2007/11/06/5924058.aspx -- RPM From wk at gnupg.org Fri Nov 9 16:57:06 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 09 Nov 2007 16:57:06 +0100 Subject: Locking memory on Windows In-Reply-To: <5d7f07420711090543o5c070135x556c0a65f7fe9fa4@mail.gmail.com> (Ryan Malayter's message of "Fri, 9 Nov 2007 07:43:15 -0600") References: <5d7f07420711090543o5c070135x556c0a65f7fe9fa4@mail.gmail.com> Message-ID: <87r6iztnsd.fsf@wheatstone.g10code.de> On Fri, 9 Nov 2007 14:43, malayter at gmail.com said: > with VirtualLock supposedly the solution. Apperently, it isn't - MSDN It is known for a long time that VirtualLock is not a solution. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From psicus78 at gmail.com Sat Nov 10 12:16:52 2007 From: psicus78 at gmail.com (Gabriele Monti) Date: Sat, 10 Nov 2007 12:16:52 +0100 Subject: strange definition in gcrypt.h, bug? Message-ID: <47359324.6070905@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I was having a look at libgcrypt source code. I found what could be a bug, or maybe something meant to. I'd just like to report it: #if _GCRY_GCC_VERSION >= 300200 #define _GCRY_GCC_ATTR_MALLOC __attribute__ ((__malloc__)) #endif since _GCRY_GCC_VERSION is computed using: #define _GCRY_GCC_VERSION (__GNUC__ * 10000 \ + __GNUC_MINOR__ * 100 \ + __GNUC_PATCHLEVEL__) It will never be greater than 300200, maybe you meant 30200, or maybe the code is there but attribute __malloc__ is not used yet? Bye! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHNZMhXxCyXyOPfh4RApwcAJ0dbtK97ardhd0Kwn863og0f80kbACeJM9Q uRRQ1G4Iwj/DmXgxe9gdhHQ= =bJI0 -----END PGP SIGNATURE----- From bjk at luxsci.net Sun Nov 11 17:38:01 2007 From: bjk at luxsci.net (Ben Kibbey) Date: Sun, 11 Nov 2007 11:38:01 -0500 Subject: assuan_inquire_ext() Message-ID: <200711111642.lABGg2Ep031062@rs41.luxsci.com> I'm having problems with assuan_inquire_ext() from version 1.0.3. The After reading the inquire from the client I call assuan_process_done(). When a new inquire is needed using the same ctx, assuan_inquire_ext() returns ASSUAN_Nested_Commands because ctx->in_inquire isn't reset after assuan_process_done(). Also after closing a ctx with assuan_deinit_server() after a assuan_inquire_ext(), a segfault occurs because _assuan_inquire_release() tries to free ctx->inquire_membuf which was already freed from _assuan_inquire_ext_cb(). Maybe I'm doing something wrong? Or are these bugs? Thanks, -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From marcus.brinkmann at ruhr-uni-bochum.de Mon Nov 12 15:27:23 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Mon, 12 Nov 2007 15:27:23 +0100 Subject: assuan_inquire_ext() In-Reply-To: <200711111642.lABGg2Ep031062@rs41.luxsci.com> References: <200711111642.lABGg2Ep031062@rs41.luxsci.com> Message-ID: <877iknmtdg.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Sun, 11 Nov 2007 11:38:01 -0500, Ben Kibbey wrote: > > I'm having problems with assuan_inquire_ext() from version 1.0.3. The > After reading the inquire from the client I call assuan_process_done(). What do you mean by reading? After assuan_inquire_ext, you should loop over assuan_process_next until the callback handler you registered is invoked. At that point, the internal variable in_inquire will be set to 0 and you can call assuan_process_done and continue normally. > When a new inquire is needed using the same ctx, assuan_inquire_ext() > returns ASSUAN_Nested_Commands because ctx->in_inquire isn't reset after > assuan_process_done(). The documentation in the manual says this: It is not possible to use @code{assuan_inquire} in a command handler, as this function blocks on receiving the inquired data from the client. Instead, the asynchronous version @code{assuan_inquire_ext} needs to be used (see below), which invokes a callback when the client provided the inquired data. A typical usage would be for the command handler to register a continuation with @code{assuan_inquire_ext} and return 0. Eventually, the continuation would be invoked by @code{assuan_process_next} when the client data arrived. The continuation could complete the command and eventually call @code{assuan_process_done}. > Also after closing a ctx with assuan_deinit_server() after a > assuan_inquire_ext(), a segfault occurs because > _assuan_inquire_release() tries to free ctx->inquire_membuf which was > already freed from _assuan_inquire_ext_cb(). Thanks, I committed the following fix (untested): Index: assuan-inquire.c =================================================================== --- assuan-inquire.c (revision 276) +++ assuan-inquire.c (working copy) @@ -321,6 +321,7 @@ rc = _assuan_error (ASSUAN_Out_Of_Core); free_membuf (mb); free (mb); + ctx->inquire_membuf = NULL; } ctx->in_inquire = 0; (ctx->inquire_cb) (ctx->inquire_cb_data, rc, buf, buf_len); Thanks, Marcus From enricosorichetti at mac.com Mon Nov 12 14:17:10 2007 From: enricosorichetti at mac.com (Enrico Sorichetti) Date: Mon, 12 Nov 2007 14:17:10 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 Message-ID: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> This is my first post, let me know if I unknowingly infringed any rule I am trying to build gnupg 2.0.7 on leopard and I am getting the following errors ******************************************************** Making all in g10 gcc -DHAVE_CONFIG_H -I. -I.. -I../gl -I../common -I../include -I../ intl -DLOCALEDIR=\"/usr/local/share/locale\" -DGNUPG_BINDIR="\"/usr/ local/bin\"" -DGNUPG_LIBEXECDIR="\"/usr/local/libexec\"" - DGNUPG_LIBDIR="\"/usr/local/lib/gnupg\"" -DGNUPG_DATADIR="\"/usr/local/ share/gnupg\"" -DGNUPG_SYSCONFDIR="\"/usr/local/etc/gnupg\"" -I/ usr/local/include -I/usr/local/include -I/usr/local/include -I/usr/ local/include -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -MT status.o -MD -MP -MF .deps/status.Tpo -c -o status.o status.c status.c:391: error: two or more data types in declaration specifiers status.c: In function 'do_get_from_fd': status.c:391: error: parameter name omitted status.c:399: error: syntax error before '_Bool' status.c:426: error: syntax error before '_Bool' make[2]: *** [status.o] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 ******************************************************** the function involved in g10/status.c is : do_get_from_fd( const char *keyword, int hidden, int bool ) I am not an expert, but ... changing the variable "bool" to ( I choosed ) flag lets the compilation succeed before starting I had installed all the prerequisite packages in "/usr/ local" as per my habit I used ./configure --disable-nls for all of them and it seemed that everything was ok, But after fixing issue 1 I got : ******************************************************** Making all in openpgp ../../g10/gpg2 --homedir . --quiet --yes --no-permission-warning -- import ./pubdemo.asc dyld: lazy symbol binding failed: Symbol not found: __gcry_mpih_sub_n Referenced from: /usr/local/lib/libgcrypt.11.dylib Expected in: flat namespace dyld: Symbol not found: __gcry_mpih_sub_n Referenced from: /usr/local/lib/libgcrypt.11.dylib Expected in: flat namespace make[3]: *** [prepared.stamp] Trace/BPT trap make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2 ******************************************************** I wonder if I have done something wrong, and where can I start to try to debug the problem.. I ran the make a second time after export DYLD_LIBRARY_PATH=/usr/local/lib but with same result regards enrico sorichetti From wk at gnupg.org Mon Nov 12 16:29:34 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 Nov 2007 16:29:34 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> (Enrico Sorichetti's message of "Mon, 12 Nov 2007 14:17:10 +0100") References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> Message-ID: <87mytjpjmp.fsf@wheatstone.g10code.de> On Mon, 12 Nov 2007 14:17, enricosorichetti at mac.com said: > status.c: In function 'do_get_from_fd': > status.c:391: error: parameter name omitted > status.c:399: error: syntax error before '_Bool' > status.c:426: error: syntax error before '_Bool' It seems that one of the system include files includes stdbool.h and thus provides the bool type. This is a bug in Leopard. Nevertheless I will change that. > dyld: lazy symbol binding failed: Symbol not found: __gcry_mpih_sub_n > Referenced from: /usr/local/lib/libgcrypt.11.dylib > Expected in: flat namespace I don't know. That symbol is only used internally by libgcrypt; thus it is a problem with your libgcrypt installation. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From enricosorichetti at mac.com Mon Nov 12 17:03:42 2007 From: enricosorichetti at mac.com (Enrico Sorichetti) Date: Mon, 12 Nov 2007 17:03:42 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <87mytjpjmp.fsf@wheatstone.g10code.de> References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> Message-ID: <9CDEC8B5-64D7-4B26-B0F5-9E35ADE14AC0@mac.com> On Nov 12, 2007, at 4:29 PM, Werner Koch wrote: > .... snipped a few lines >> dyld: lazy symbol binding failed: Symbol not found: __gcry_mpih_sub_n >> Referenced from: /usr/local/lib/libgcrypt.11.dylib >> Expected in: flat namespace > > I don't know. That symbol is only used internally by libgcrypt; > thus it > is a problem with your libgcrypt installation. > > > Shalom-Salam, > > Werner > ... snipped a few lines Thank You Werner for Your attention I kept investigating, and found out that libgcrypt by default is using some assembler modules. configuring libgcrypt with "--disable-asm" solved the problem ( at least in my case ) sorry for posting to the wrong list, Maybe pointing this out in the gnupg README might help others avoid this issue The gnupg README says,for the required packages, to run "./configure; make; make install" Bye for now enrico sorichetti From rjh at sixdemonbag.org Mon Nov 12 17:36:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 12 Nov 2007 16:36:55 +0000 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <9CDEC8B5-64D7-4B26-B0F5-9E35ADE14AC0@mac.com> References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> <9CDEC8B5-64D7-4B26-B0F5-9E35ADE14AC0@mac.com> Message-ID: <47388127.9070100@sixdemonbag.org> Enrico Sorichetti wrote: > I kept investigating, and found out that libgcrypt by default is using > some assembler modules. Ah, the good old (and by 'old' I mean 'dating back to the dinosaurs') Apple version of binutils. The Apple version of GNU Assembler is badly out of date for any modern GNU program that needs asm code. While I'm glad --disable-asm fixed things for you, please keep this problem in mind for any future adventures you may have with asm on OS X. From rjh at sixdemonbag.org Mon Nov 12 17:29:55 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 12 Nov 2007 16:29:55 +0000 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <87mytjpjmp.fsf@wheatstone.g10code.de> References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> Message-ID: <47387F83.8050806@sixdemonbag.org> Werner Koch wrote: > This is a bug in Leopard. By this do you mean it's a violation of the POSIX specification for UNIX, or do you mean it's an unpleasant but POSIXly-correct behavior? From info at danielnylander.se Mon Nov 12 16:10:07 2007 From: info at danielnylander.se (Daniel Nylander) Date: Mon, 12 Nov 2007 16:10:07 +0100 Subject: Swedish translation updated Message-ID: <1194880207.30218.3.camel@fatbastard> I have updated the Swedish translation for gnupg 2.x (trunk). Please commit. http://home.danielnylander.se/translations/gnupg/gnupg-2.sv.po -- Daniel Nylander (CISSP, GCUX, GCFA) Stockholm, Sweden http://www.DanielNylander.se -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel Url : /pipermail/attachments/20071112/1ad21ad8/attachment.pgp From wk at gnupg.org Mon Nov 12 19:58:49 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 Nov 2007 19:58:49 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <9CDEC8B5-64D7-4B26-B0F5-9E35ADE14AC0@mac.com> (Enrico Sorichetti's message of "Mon, 12 Nov 2007 17:03:42 +0100") References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> <9CDEC8B5-64D7-4B26-B0F5-9E35ADE14AC0@mac.com> Message-ID: <87fxzbnvdi.fsf@wheatstone.g10code.de> On Mon, 12 Nov 2007 17:03, enricosorichetti at mac.com said: > Maybe pointing this out in the gnupg README might help others avoid > this issue Already done in the SVN of gnupg 1.4: 2007-10-27 David Shaw * README: Update notes about OSX Leopard. Building Universal Binaries on Apple OS X ----------------------------------------- You can build a universal ("fat") binary that will work on both PPC and Intel Macs with something like: ./configure CFLAGS="-arch ppc -arch i386" --disable-endian-check \ --disable-dependency-tracking --disable-asm If you are doing the build on a OS X 10.4 (Tiger) PPC machine you may need to add "-isysroot /Developer/SDKs/MacOSX10.4u.sdk" to those CFLAGS. This additional isysroot is not necessary on Intel Tiger boxes, or any OS X 10.5 (Leopard) or later boxes. Note that when building a universal binary, any third-party libraries you may link with need to be universal as well. All Apple-supplied libraries (even libraries not originally written by Apple like curl, zip, and BZ2) are universal. GnuPG is harder to build thus problems on OS X are to be expected. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Nov 12 19:56:48 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 12 Nov 2007 19:56:48 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <47387F83.8050806@sixdemonbag.org> (Robert J. Hansen's message of "Mon, 12 Nov 2007 16:29:55 +0000") References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> <47387F83.8050806@sixdemonbag.org> Message-ID: <87k5onnvgv.fsf@wheatstone.g10code.de> On Mon, 12 Nov 2007 17:29, rjh at sixdemonbag.org said: > By this do you mean it's a violation of the POSIX specification for > UNIX, or do you mean it's an unpleasant but POSIXly-correct behavior? Th C standard is part of POSIX. My reading of C-99 is that you need to include stdbool.h to make use of the new bool keyword (which is actually a macro expanding to _Bool). Such a requirement makes sense because C-99 is designed to be upward compatible to C-89 and thus it can't introduce new keywords without explicit action by the user. However, I am not a C-99 expert thus I might be wrong. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From rjh at sixdemonbag.org Mon Nov 12 20:32:38 2007 From: rjh at sixdemonbag.org (Robert J. Hansen) Date: Mon, 12 Nov 2007 13:32:38 -0600 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <87k5onnvgv.fsf@wheatstone.g10code.de> References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> <47387F83.8050806@sixdemonbag.org> <87k5onnvgv.fsf@wheatstone.g10code.de> Message-ID: <4738AA56.6060900@sixdemonbag.org> Werner Koch wrote: > Th C standard is part of POSIX. Well, the reason why I ask is because OS X 10.5 is a true UNIX. As in, it's officially passed the certification process and the appropriate agencies have given their seal of approval to it. So if this is a violation of the UNIX standard, then this is big news to a lot of people. From wk at gnupg.org Tue Nov 13 16:57:53 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 Nov 2007 16:57:53 +0100 Subject: strange definition in gcrypt.h, bug? In-Reply-To: <47359324.6070905@gmail.com> (Gabriele Monti's message of "Sat, 10 Nov 2007 12:16:52 +0100") References: <47359324.6070905@gmail.com> Message-ID: <87sl3ai1dq.fsf@wheatstone.g10code.de> On Sat, 10 Nov 2007 12:16, psicus78 at gmail.com said: > It will never be greater than 300200, maybe you meant 30200, or maybe > the code is there but attribute __malloc__ is not used yet? Fixed in SVN. Thanks, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Tue Nov 13 16:57:11 2007 From: wk at gnupg.org (Werner Koch) Date: Tue, 13 Nov 2007 16:57:11 +0100 Subject: Possible errors building gnupg 2.07 under leopard mac os x 10.5 In-Reply-To: <4738AA56.6060900@sixdemonbag.org> (Robert J. Hansen's message of "Mon, 12 Nov 2007 13:32:38 -0600") References: <8FD6E028-5B52-4E33-AACD-158EDE3C5CAE@mac.com> <87mytjpjmp.fsf@wheatstone.g10code.de> <47387F83.8050806@sixdemonbag.org> <87k5onnvgv.fsf@wheatstone.g10code.de> <4738AA56.6060900@sixdemonbag.org> Message-ID: <871waujfzc.fsf@wheatstone.g10code.de> On Mon, 12 Nov 2007 20:32, rjh at sixdemonbag.org said: > Well, the reason why I ask is because OS X 10.5 is a true UNIX. As in, > it's officially passed the certification process and the appropriate > agencies have given their seal of approval to it. So if this is a > violation of the UNIX standard, then this is big news to a lot of people. POSIX 2001 refers to C standard for stdbool.h. stdbool.h is responsible for mapping the new type _Bool to bool. C-99: 7.16 Boolean type and values [#1] The header defines four macros. [#2] The macro bool expands to _Bool. [#3] The remaining three macros are suitable for use in #if preprocessing directives. They are true which expands to the decimal constant 1, false which expands to the decimal constant 0, and __bool_true_false_are_defined which expands to the decimal constant 1. [#4] Notwithstanding the provisions of 7.1.3, a program is permitted to undefine and perhaps then redefine the macros bool, true, and false.199) The C-99 rationale says: 6.4.1 Keywords Several keywords were added in C89: const, enum, signed, void and volatile. New in C99 are the keywords inline, restrict, _Bool, _Complex and _Imaginary. Where possible, however, new features have been added by overloading existing keywords, as, for example, long double instead of extended. It is recognized that each added keyword will require some existing code that used it as an identifier to be rewritten. No meaningful programs are known to be quietly changed by adding the new keywords. The keywords entry, fortran, and asm have not been included since they were either never used, or are not portable. Uses of fortran and asm as keywords are noted as common extensions. _Complex and _Imaginary, not complex and imaginary, are keywords in order that freestanding implementations are not required to support complex. Old code using the names complex or imaginary will still work (assuming is not included), and combined C/C++ implementations will not have to finesse C-only public keywords. Thus the use of bool is not explictly mentioned but the introduction of _Bool and stdbool.h instead of just defining bool is a good indication that bool shall only be defined if stdbool.h is included. _Bool was already a reserved identifier in C-89. The last paragraph about complex.h is also an indication of why stdbool.h should be included. To test what Leoprad really does, a short test program would make sense. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Fri Nov 16 15:38:52 2007 From: wk at gnupg.org (Werner Koch) Date: Fri, 16 Nov 2007 15:38:52 +0100 Subject: [Announce] GnuPG release candidate 1.4.8 Message-ID: <87d4uaxnk3.fsf@wheatstone.g10code.de> Hi, I just uploaded a release candidate for GnuPG 1.4.8: ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2 ftp://ftp.gnupg.org/gcrypt/alpha/gnupg/gnupg-1.4.8rc1.tar.bz2.sig If you have problems with 1.4.7, you may want to give it a try. Those who reported build problems should also try to build that one and report if the problems persist (to the gnupg-users ML). Note that the language files are not all updated and our translators may want to check whether they find time to send an update in. There are certainly a couple of bugs not yet fixed as we had not the time to work through all bug reports, please complain if there are important things still not resolved. The actual release of 1.4.8 is planned for December 20. Noteworthy changes in version 1.4.8 (unreleased) ------------------------------------------------ * Changed the license to GPLv3. * Improved detection of keyrings specified multiple times. * Changes to better cope with broken keyservers. * Minor bug fixes. * New option --rfc4880 which is currently identical to --openpgp. Happy hacking, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 1557 bytes Desc: not available Url : /pipermail/attachments/20071116/44d2b766/attachment-0001.bin -------------- next part -------------- _______________________________________________ Gnupg-announce mailing list Gnupg-announce at gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-announce From bernhard.herzog at intevation.de Fri Nov 16 19:13:27 2007 From: bernhard.herzog at intevation.de (Bernhard Herzog) Date: Fri, 16 Nov 2007 19:13:27 +0100 Subject: Patch to improve the pinentry quality bar Message-ID: <200711161913.30800.bernhard.herzog@intevation.de> Hello, here's a patch that improves the layout of the pinentry dialogs when the quality bar is shown. The patch includes the following changes: - The gtk2 and qt based pinentries now have the quality bar below the text entry for the passphrase and both are aligned and have the same size. - Both pinentry show a tooltip for the quality bar that briefly explains its purpose. - The quality bar in the gtk2 pinentry used to change its height when the user began to type because the text shown in the bar changed. This is now fixed. TODO: - Translate the texts introduced by the patch. Possible further improvements: The tooltip of the quality bar is a very generic hint that tells the user to ask the administrator for details about the quality criteria. It would be better if the tooltip were set by the administrator so that it explains the the actual rules for the quality. Regards, Bernhard -- Bernhard Herzog Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: pinentry-qualitybar-improvements-20071116.diff Type: text/x-diff Size: 6199 bytes Desc: not available Url : /pipermail/attachments/20071116/1733ef2b/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071116/1733ef2b/attachment.pgp From siretart at ubuntu.com Fri Nov 16 21:05:39 2007 From: siretart at ubuntu.com (Reinhard Tartler) Date: Fri, 16 Nov 2007 21:05:39 +0100 Subject: [Bug 135238] Re: "an user" should be "a user" In-Reply-To: <20071115093517.13215.11948.malone@gangotri.ubuntu.com> (Malcolm Parsons's message of "Thu, 15 Nov 2007 09:35:17 -0000") References: <20070828092905.31090.24825.malonedeb@potassium.ubuntu.com> <20071115093517.13215.11948.malone@gangotri.ubuntu.com> Message-ID: <873av6vtv0.fsf@faui44a.informatik.uni-erlangen.de> Sorry, I'm rejecting this bug because it would break all 29 translations included in the source package. I'm CC'ing upstream with this email so that they know about this trivial patch. Dear gnupg developers, we received a trivial patch for a typo in a (translated) message. You can read at http://launchpad.net/bugs/135238 the full context. Please consider it for inclusion. status wontfix -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 213 bytes Desc: not available Url : /pipermail/attachments/20071116/6f4559db/attachment.pgp From bjk at luxsci.net Sat Nov 17 17:20:14 2007 From: bjk at luxsci.net (Ben Kibbey) Date: Sat, 17 Nov 2007 11:20:14 -0500 Subject: assuan_inquire_ext() In-Reply-To: <877iknmtdg.wl%marcus.brinkmann@ruhr-uni-bochum.de> References: <200711111642.lABGg2Ep031062@rs41.luxsci.com> <877iknmtdg.wl%marcus.brinkmann@ruhr-uni-bochum.de> Message-ID: <200711171621.lAHGL2sF018587@rs41.luxsci.com> On Mon, Nov 12, 2007 at 03:27:23PM +0100, Marcus Brinkmann wrote: > At Sun, 11 Nov 2007 11:38:01 -0500, > Ben Kibbey wrote: > > > > I'm having problems with assuan_inquire_ext() from version 1.0.3. The > > After reading the inquire from the client I call assuan_process_done(). > > What do you mean by reading? After assuan_inquire_ext, you should > loop over assuan_process_next until the callback handler you > registered is invoked. At that point, the internal variable > in_inquire will be set to 0 and you can call assuan_process_done and > continue normally. This was broken in 1.0.3 but it's fixed in SVN. assuan_inquire() did reset ctx->in_inquire but assuan_inquire_ext() did not. Thanks for the fix. I'll look at SVN before posting next time. -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From bjk at luxsci.net Sat Nov 17 17:37:56 2007 From: bjk at luxsci.net (Ben Kibbey) Date: Sat, 17 Nov 2007 11:37:56 -0500 Subject: assuan_inquire_ext_cb() and return value Message-ID: <200711171639.lAHGd2OY013720@rs41.luxsci.com> Would it be better to set the return value of _assuan_inquire_ext_cb() to the return value of the callback? If the callback fails for some reason, the inquire still succeeds. Index: assuan-inquire.c =================================================================== --- assuan-inquire.c (revision 277) +++ assuan-inquire.c (working copy) @@ -324,7 +324,7 @@ ctx->inquire_membuf = NULL; } ctx->in_inquire = 0; - (ctx->inquire_cb) (ctx->inquire_cb_data, rc, buf, buf_len); + rc = (ctx->inquire_cb) (ctx->inquire_cb_data, rc, buf, buf_len); } return rc; } -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From michal at prihoda.net Mon Nov 19 08:54:41 2007 From: michal at prihoda.net (=?ISO-8859-2?Q?Michal_P=F8=EDhoda?=) Date: Mon, 19 Nov 2007 08:54:41 +0100 Subject: Root certificate bad signature - bug? Message-ID: <45FD5D32-B24D-4E32-97BA-85B79188D6B4@prihoda.net> Hi, I tried to send this email last week, but it didn't come through to the list and I got no response from moderator, so I'm trying it again and if this is not the right place to post this question, just let me know, please. I'm having a problem importing root certificate of ACA eIdentity. The certificate seems to work just fine with OpenSSL, Mozilla, Windows and Java tools. > mph at tuxik ~ % openssl verify -CAfile rca.pem rca.pem > rca.pem: OK > mph at tuxik ~ % openssl x509 -in rca.pem -inform PEM -out rca.der - outform DER > mph at tuxik ~ % gpgsm --import rca.der > gpgsm: self-signed certificate has a BAD signature: Bad signature > gpgsm: basic certificate checks failed - not imported > gpgsm: total number processed: 1 > gpgsm: not imported: 1 > mph at tuxik ~ % gpgsm --version > gpgsm (GnuPG) 2.0.7 > Copyright (C) 2007 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Home: ~/.gnupg > Supported algorithms: > Cipher: 3DES, AES, AES192, AES256, SERPENT128, SERPENT192, SERPENT256 > Pubkey: RSA > Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512 I tried to debug it and tracked it all the way to mpi-pow.c gcry_mpi_powm, but there my ability to work efficiently ends, as I'm not skilled in big number algorithms. All the inputs till this point seemed to be right, as far as I'm able to tell - I compared the exponent, modulus, signature and hash byte to byte with what my Java code is using. But part of the result differs from the original hash: (gdb) p /x *result->d at 32 $3 = {0x8ba7566f0fd4adb8, 0xed2c6d4c0f2fdb2, 0x21a0414cf08577d, 0x1f300706052b0e03, 0xffffffffffff0030, 0xffffffffffffffff , 0x1ffffffffffff} (gdb) p /x *hash->d at 32 $5 = {0x8ba7566f0fd4adb8, 0xed2c6d4c0f2fdb2, 0x5000414cf08577d, 0x906052b0e03021a, 0xffffffff00302130, 0xffffffffffffffff , 0x1ffffffffffff} I would really appreciate if anyone could look into it and will gladly help in any way possible. The certificate is available at http://www.acaeid.cz/root/rca.pem. Thanks in advance for any response. -- Michal Prihoda From jan-oliver.wagner at intevation.de Mon Nov 19 09:48:06 2007 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 19 Nov 2007 09:48:06 +0100 Subject: Patch to improve the pinentry quality bar In-Reply-To: <200711161913.30800.bernhard.herzog@intevation.de> References: <200711161913.30800.bernhard.herzog@intevation.de> Message-ID: <200711190948.08321.jan-oliver.wagner@intevation.de> On Freitag, 16. November 2007, Bernhard Herzog wrote: > The tooltip of the quality bar is a very generic hint that tells the user to > ask the administrator for details about the quality criteria. ?It would be > better if the tooltip were set by the administrator so that it explains the > the actual rules for the quality. this is a nice idea. A simple configuation entry like "passphrase-quality-description" would do it, right? The text is then simply taken as the tooltip string. BTW: The signature was broken over here. Do others experience the same? -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From wk at gnupg.org Mon Nov 19 10:52:25 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 10:52:25 +0100 Subject: [Bug 135238] Re: "an user" should be "a user" In-Reply-To: <873av6vtv0.fsf@faui44a.informatik.uni-erlangen.de> (Reinhard Tartler's message of "Fri, 16 Nov 2007 21:05:39 +0100") References: <20070828092905.31090.24825.malonedeb@potassium.ubuntu.com> <20071115093517.13215.11948.malone@gangotri.ubuntu.com> <873av6vtv0.fsf@faui44a.informatik.uni-erlangen.de> Message-ID: <87hcjiv9ye.fsf@wheatstone.g10code.de> On Fri, 16 Nov 2007 21:05, siretart at ubuntu.com said: > Sorry, I'm rejecting this bug because it would break all 29 translations > included in the source package. I'm CC'ing upstream with this email so Well there are far less than 29 complete translations, so I see no reason not to fix it. A new version of gnupg2 will be released this month. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Nov 19 11:01:42 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 11:01:42 +0100 Subject: Patch to improve the pinentry quality bar In-Reply-To: <200711161913.30800.bernhard.herzog@intevation.de> (Bernhard Herzog's message of "Fri, 16 Nov 2007 19:13:27 +0100") References: <200711161913.30800.bernhard.herzog@intevation.de> Message-ID: <87d4u6v9ix.fsf@wheatstone.g10code.de> On Fri, 16 Nov 2007 19:13, bernhard.herzog at intevation.de said: > - Translate the texts introduced by the patch. Well, we can't use gettext because all user visible strings are set by the caller or default to GTK+ defaults. However this requirement does nicely along with your other suggestion. I'll take care of it. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From siretart at ubuntu.com Mon Nov 19 11:06:24 2007 From: siretart at ubuntu.com (Reinhard Tartler) Date: Mon, 19 Nov 2007 11:06:24 +0100 Subject: [Bug 135238] Re: "an user" should be "a user" In-Reply-To: <87hcjiv9ye.fsf@wheatstone.g10code.de> (Werner Koch's message of "Mon, 19 Nov 2007 10:52:25 +0100") References: <20070828092905.31090.24825.malonedeb@potassium.ubuntu.com> <20071115093517.13215.11948.malone@gangotri.ubuntu.com> <873av6vtv0.fsf@faui44a.informatik.uni-erlangen.de> <87hcjiv9ye.fsf@wheatstone.g10code.de> Message-ID: <87tzniczxb.fsf@faui44a.informatik.uni-erlangen.de> Werner Koch writes: > On Fri, 16 Nov 2007 21:05, siretart at ubuntu.com said: >> Sorry, I'm rejecting this bug because it would break all 29 translations >> included in the source package. I'm CC'ing upstream with this email so > > Well there are far less than 29 complete translations, so I see no > reason not to fix it. A new version of gnupg2 will be released this > month. Thank you very much! I've counted 29 files in po/*.po in the package, but I have to admit that I haven't worked on the package yet, so I don't know about the status of these translations. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 From bh at intevation.de Mon Nov 19 15:00:22 2007 From: bh at intevation.de (Bernhard Herzog) Date: Mon, 19 Nov 2007 15:00:22 +0100 Subject: Patch to improve the pinentry quality bar In-Reply-To: <87d4u6v9ix.fsf@wheatstone.g10code.de> References: <200711161913.30800.bernhard.herzog@intevation.de> <87d4u6v9ix.fsf@wheatstone.g10code.de> Message-ID: <200711191500.26482.bh@intevation.de> On Monday 19 November 2007 11:01, Werner Koch wrote: > On Fri, 16 Nov 2007 19:13, bernhard.herzog at intevation.de said: > > - Translate the texts introduced by the patch. > > Well, we can't use gettext because all user visible strings are set by > the caller or default to GTK+ defaults. However this requirement does > nicely along with your other suggestion. I'll take care of it. I tested the new SVN version (rev. 171) briefly. As you noted in the commit message, the Qt pinentry crashes. The patch below fixes that. With the patch the qt version works fine and setting the quality bar label and tooltip also works in both the gtk2 and qt pinentries. Here's the patch: Index: qt/pinentrydialog.cpp =================================================================== --- qt/pinentrydialog.cpp (revision 171) +++ qt/pinentrydialog.cpp (working copy) @@ -62,7 +62,7 @@ if (enable_quality_bar) { - QLabel* _quality_bar_label = new QLabel( this ); + _quality_bar_label = new QLabel( this ); _quality_bar_label->setAlignment( Qt::AlignRight | Qt::AlignVCenter ); grid->addWidget ( _quality_bar_label, 1, 0 ); _quality_bar = new QProgressBar( this ); I noticed a few typos in rev. 171: --- trunk/doc/pinentry.texi 2007-09-18 17:52:39 UTC (rev 170) +++ trunk/doc/pinentry.texi 2007-11-19 12:36:53 UTC (rev 171) @@ -288,6 +288,11 @@ S: OK @end example +If a custom laber for the auality bar is required, just add that label +as an argument as precent escaped string. You will need this feature to This should read as follows, I think: If a custom label for the quality bar is required, just add that label as an argument as percent escaped string. You will need this feature to Regards, Bernhard -- Bernhard Herzog Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20071119/e124d7d5/attachment.pgp From wk at gnupg.org Mon Nov 19 20:10:15 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 20:10:15 +0100 Subject: Root certificate bad signature - bug? In-Reply-To: <45FD5D32-B24D-4E32-97BA-85B79188D6B4@prihoda.net> ("Michal =?utf-8?B?UMWZw61ob2RhIidz?= message of "Mon, 19 Nov 2007 08:54:41 +0100") References: <45FD5D32-B24D-4E32-97BA-85B79188D6B4@prihoda.net> Message-ID: <87pry6njag.fsf@wheatstone.g10code.de> On Mon, 19 Nov 2007 08:54, michal at prihoda.net said: > I would really appreciate if anyone could look into it and will > gladly help in any way possible. The certificate is available at > http://www.acaeid.cz/root/rca.pem. Thanks in advance for any response. There are two problems: One is that gpgsm does not import a certifciate if the trailing line feed after the "-----END CERTIFICATE----" is missing. The other is due to the certificate itself as you correcly identified. That certificate uses a low public exponent of 3 which might trigger the bug. I need to debug that further. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From wk at gnupg.org Mon Nov 19 20:18:19 2007 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Nov 2007 20:18:19 +0100 Subject: Patch to improve the pinentry quality bar In-Reply-To: <200711191500.26482.bh@intevation.de> (Bernhard Herzog's message of "Mon, 19 Nov 2007 15:00:22 +0100") References: <200711161913.30800.bernhard.herzog@intevation.de> <87d4u6v9ix.fsf@wheatstone.g10code.de> <200711191500.26482.bh@intevation.de> Message-ID: <87lk8unix0.fsf@wheatstone.g10code.de> On Mon, 19 Nov 2007 15:00, bh at intevation.de said: > message, the Qt pinentry crashes. The patch below fixes that. With the > patch the qt version works fine and setting the quality bar label and tooltip > also works in both the gtk2 and qt pinentries. Here's the patch: Commited. Thanks. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From buanzo at buanzo.com.ar Wed Nov 21 13:11:20 2007 From: buanzo at buanzo.com.ar (Arturo 'Buanzo' Busleiman) Date: Wed, 21 Nov 2007 09:11:20 -0300 Subject: non \n terminated armored output Message-ID: <47442068.2090405@buanzo.com.ar> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there any way to ask GPGME not to split the result of op_encrypt in multiple lines, but just one, when using armor? - -- Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica Apoye la Musica Libre - Vote Futurabanda desde: (ver sgte. linea) http://www.frecuenciazero.com.ar/realityrock/votar.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHRCBoAlpOsGhXcE0RCntNAJ9yU+7jwBx85Sttjx8sjbNsqDry/ACeNuZ/ sXITyjh4aLtFwf2Zxspb2KA= =IPOI -----END PGP SIGNATURE----- From marcus.brinkmann at ruhr-uni-bochum.de Fri Nov 23 18:49:58 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 23 Nov 2007 18:49:58 +0100 Subject: assuan_inquire_ext_cb() and return value In-Reply-To: <200711171639.lAHGd2OY013720@rs41.luxsci.com> References: <200711171639.lAHGd2OY013720@rs41.luxsci.com> Message-ID: <873auw4zsp.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Sat, 17 Nov 2007 11:37:56 -0500, Ben Kibbey wrote: > > Would it be better to set the return value of _assuan_inquire_ext_cb() > to the return value of the callback? If the callback fails for some > reason, the inquire still succeeds. Seems like a good idea to me, I applied the patch. Hopefully it doesn't break any existing user. 2007-11-23 Marcus Brinkmann * assuan-inquire.c (_assuan_inquire_ext_cb): Pass through return value from callback function. Suggested by Ben Kibbey . Thanks, Marcus From marcus.brinkmann at ruhr-uni-bochum.de Fri Nov 23 18:51:54 2007 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Fri, 23 Nov 2007 18:51:54 +0100 Subject: non \n terminated armored output In-Reply-To: <47442068.2090405@buanzo.com.ar> References: <47442068.2090405@buanzo.com.ar> Message-ID: <871wag4zph.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Wed, 21 Nov 2007 09:11:20 -0300, Arturo 'Buanzo' Busleiman wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Is there any way to ask GPGME not to split the result of op_encrypt in multiple lines, but just one, > when using armor? No, sorry. If you need this, you need to post-process the output. Thanks, Marcus From bjk at luxsci.net Fri Nov 23 20:01:04 2007 From: bjk at luxsci.net (Ben Kibbey) Date: Fri, 23 Nov 2007 14:01:04 -0500 Subject: assuan_read_from_server() and return value Message-ID: <200711231902.lANJ22OU007693@rs41.luxsci.com> I'm using assuan_transact() to process an inquire command. After the command is finished, assuan_transact() sends "END" then reads the next line from the server via assuan_read_from_server(). assuan_read_from_server() will parse an ERR line, but won't do anything with the error code. Attached is a patch that'll return the server error code. Doesn't seem to break anything. Index: assuan-client.c =================================================================== --- assuan-client.c (revision 278) +++ assuan-client.c (working copy) @@ -86,6 +86,7 @@ *off = 3; while (line[*off] == ' ') ++*off; + rc = atoi(line+ (*off)); } else if (linelen >= 7 && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q' -- Benjamin J. Kibbey bjk at luxsci.net/jabber/freenode 3019 F5FC AA33 5BC7 BE9F 09D2 393E DBD2 40D5 FA7E From m_pupil at yahoo.com.cn Tue Nov 27 16:17:46 2007 From: m_pupil at yahoo.com.cn (FKtPp) Date: Tue, 27 Nov 2007 23:17:46 +0800 (CST) Subject: gnupg 1.4.7 build system bug: gpgkeys_ldap compile error while libcurl in non-standard path Message-ID: <684194.27183.qm@web15008.mail.cnb.yahoo.com> Dear developers, I find this bug while compiling gnupg 1.4.7 on solaris 10/8 x86 edition on my machine. PRE-REQUIREMENTS: 1) if you have curl/libcurl installed in non-standard place(which was true for solaris in /opt/sfw subdirectory) 2) you chose to compile in curl support. 3) your configure decide to compile in ldap support. RESULT: Compile error while compile gpgkeys_ldap things. gpgkeys_ldap_* need libcurl header/libs path to be correct compiled/linked. MY OPNION: The file keyserver/Makefile.am: gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ gpgkeys_ldap_LDADD = ../util/libcompat.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS at should be look like this: gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@ $(gpgkeys_curl_CPPFLAGS) gpgkeys_ldap_LDADD = ../util/libcompat.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ $(gpgkeys_curl_LDADD) and then regenerate Makefile.in. Best Regards FKtPp ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs From funman at videolan.org Wed Nov 28 01:01:54 2007 From: funman at videolan.org (=?UTF-8?B?UmFmYcOrbCBDYXJyw6k=?=) Date: Wed, 28 Nov 2007 01:01:54 +0100 Subject: --check-sig doesn't verify the signatures Message-ID: <20071128010154.7ad9769f@zod.zod> Hello, I noticed that when I modify signatures on my key (example: I change the 8 bytes long id in the unhashed subpacket of a signature to make gpg think it was issued by someone else), gpg won't warn me it is invalid. ~ # gpg --check-sigs DE230742 pub 1024D/DE230742 2007-11-27 uid rafael sig!3 DE230742 2007-11-27 rafael sig! C0AFF10F 2007-11-27 Rafa?l Carr? sub 2048g/BC44AD60 2007-11-27 sig! DE230742 2007-11-27 rafael I really signed that key with my key (ID C0AFF10F) Now I change the long ID (6160 9E18 C0AF F10F) to another one (FD21 BC3B AC3E 0879) ~ # gpg --check-sigs DE230742 pub 1024D/DE230742 2007-11-27 uid rafael sig!3 DE230742 2007-11-27 rafael sig! AC3E0879 2007-11-27 Christophe Mutricy (Xtophe) sub 2048g/BC44AD60 2007-11-27 sig! DE230742 2007-11-27 rafael gpg now makes me think it has been signed by someone else, and that the signature is valid, but it is not the case. No more luck with gpg --edit-key Commande> check uid rafael sig!3 DE230742 2007-11-27 [auto-signature] sig! AC3E0879 2007-11-27 Christophe Mutricy (Xtophe) You would say if my pubring has been modified, then it's too late, so I think that isn't a real problem. However I guess --check-sig should be explicit that it doesn't verify the key signatures (but use a cached value?). I discussed about that on IRC with Peter Palfrader and he thought that would be worth an e-mail Thanks ;) -- Rafa?l Carr? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: not available Url : /pipermail/attachments/20071128/142a5edb/attachment-0001.pgp From wk at gnupg.org Wed Nov 28 10:55:19 2007 From: wk at gnupg.org (Werner Koch) Date: Wed, 28 Nov 2007 10:55:19 +0100 Subject: --check-sig doesn't verify the signatures In-Reply-To: <20071128010154.7ad9769f@zod.zod> (=?utf-8?Q?=22Rafa=C3=ABl?= =?utf-8?Q?_Carr=C3=A9=22's?= message of "Wed, 28 Nov 2007 01:01:54 +0100") References: <20071128010154.7ad9769f@zod.zod> Message-ID: <877ik27kzc.fsf@wheatstone.g10code.de> On Wed, 28 Nov 2007 01:01, funman at videolan.org said: > You would say if my pubring has been modified, then it's too late, so I > think that isn't a real problem. > > However I guess --check-sig should be explicit that it doesn't verify > the key signatures (but use a cached value?). Well, it might not be prominent enough in the documentation. Signature status caching and the --no-sig-cache option is done sicne 1.0.5 (April 2001): @item --no-sig-cache Do not cache the verification status of key signatures. Caching gives a much better performance in key listings. However, if you suspect that your public keyring is not save against write modifications, you can use this option to disable the caching. It probably does not make sense to disable it because all kind of damage can be done if someone else has write access to your public keyring. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. From dshaw at jabberwocky.com Thu Nov 29 01:39:39 2007 From: dshaw at jabberwocky.com (David Shaw) Date: Wed, 28 Nov 2007 19:39:39 -0500 Subject: gnupg 1.4.7 build system bug: gpgkeys_ldap compile error while libcurl in non-standard path In-Reply-To: <684194.27183.qm@web15008.mail.cnb.yahoo.com> References: <684194.27183.qm@web15008.mail.cnb.yahoo.com> Message-ID: <20071129003939.GA6508@jabberwocky.com> On Tue, Nov 27, 2007 at 11:17:46PM +0800, FKtPp wrote: > Dear developers, > > I find this bug while compiling gnupg 1.4.7 on solaris 10/8 x86 edition on my machine. > > PRE-REQUIREMENTS: > > 1) if you have curl/libcurl installed in non-standard place(which was true for solaris in /opt/sfw subdirectory) > > 2) you chose to compile in curl support. > > 3) your configure decide to compile in ldap support. > > RESULT: > > Compile error while compile gpgkeys_ldap things. gpgkeys_ldap_* need libcurl header/libs path to be correct compiled/linked. Can you show me the error you get? It would be helpful. David From henkdebruijn at gswot.org Thu Nov 29 08:28:32 2007 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Thu, 29 Nov 2007 08:28:32 +0100 Subject: [svn] GnuPG - r4632 - branches/STABLE-BRANCH-1-4/g10 Message-ID: <474E6A20.4020100@gswot.org> No problems compiling with Msys nor with Cygwin. -- Henk M. de Bruijn Timestamp: Thursday 29 November 2007, 08:19 AM +0100 (CET) ________________________________________________________________________ Mozilla Thunderbird 2.0.0.9 (20071031) on Windows XP SP2 Enigmail 0.95.5 OpenPGP message encryption and authentication Thawte notary, CAcert assurer, GSWoT introducer Gossamer Spider Web of Trust http://www.gswot.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 578 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071129/4b688f68/attachment.pgp From henkdebruijn at gswot.org Fri Nov 30 12:15:36 2007 From: henkdebruijn at gswot.org (Henk M. de Bruijn) Date: Fri, 30 Nov 2007 12:15:36 +0100 Subject: [svn] GnuPG - r4633 - in branches/STABLE-BRANCH-1-4: cipher include Message-ID: <474FF0D8.1090805@gswot.org> Compiling under Windows XP SP2 went fine with Cygwin and Msys. -- Henk M. de Bruijn Timestamp: Friday 30 November 2007, 12:15 PM +0100 (CET) ________________________________________________________________________ Mozilla Thunderbird 2.0.0.9 (20071031) Enigmail 0.95.5 OpenPGP message encryption and authentication Thawte notary, CAcert assurer, GSWoT introducer Gossamer Spider Web of Trust http://www.gswot.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 578 bytes Desc: OpenPGP digital signature Url : /pipermail/attachments/20071130/df94bd8b/attachment.pgp