[svn] GnuPG - r4170 - in trunk: . doc g10 m4 po util

Sun Jun 25 14:03:41 CEST 2006

Author: wk
Date: 2006-06-25 14:03:38 +0200 (Sun, 25 Jun 2006)
New Revision: 4170

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/THANKS
   trunk/configure.ac
   trunk/doc/gpg.texi
   trunk/g10/ChangeLog
   trunk/g10/encr-data.c
   trunk/m4/ChangeLog
   trunk/m4/Makefile.am
   trunk/po/de.po
   trunk/util/ChangeLog
   trunk/util/miscutil.c
Log:
About to do a new release


Modified: trunk/ChangeLog
===================================================================

--- trunk/ChangeLog	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/ChangeLog	2006-06-25 12:03:38 UTC (rev 4170)
@@ -1,3 +1,7 @@
+2006-06-25  Werner Koch  <wk at g10code.com>
+
+	Released 1.4.4.
+
 2006-05-23  David Shaw  <dshaw at jabberwocky.com>
 
 	* configure.ac: Add --disable-optimization.  This is handy for

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/NEWS	2006-06-25 12:03:38 UTC (rev 4170)
@@ -1,6 +1,9 @@
-Noteworthy changes in version 1.4.4
+Noteworthy changes in version 1.4.4 (2006-06-25)
 ------------------------------------------------
 
+    * User IDs are now capped 2048 byte.  This avoids a memory
+      allocation attack (see CVE-2006-3082).
+
     * Added support for the SHA-224 hash.  Like the SHA-384 hash, it
       is mainly useful when DSS (the US Digital Signature Standard)
       compatibility is desired.

Modified: trunk/THANKS
===================================================================
--- trunk/THANKS	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/THANKS	2006-06-25 12:03:38 UTC (rev 4170)
@@ -58,6 +58,7 @@
 Edwin Woudt                edwin at woudt.nl
 Enzo Michelangeli	   em at MailAndNews.com
 Ernst Molitor		   ernst.molitor at uni-bonn.de
+Evgeny Legerov
 Fabio Coatti		   cova at ferrara.linux.it
 Felix von Leitner	   leitner at amdiv.de
 fish stiqz                 fish at analog.org
@@ -103,6 +104,7 @@
 Jim Small                  cavenewt at my-deja.com
 Joachim Backes		   backes at rhrk.uni-kl.de
 Joe Rhett                  jrhett at isite.net
+Joerg Honegger             Joerg.Honegger at hp.com
 John A. Martin		   jam at jamux.com
 John Clizbe                JPClizbe at comcast.net
 John R. Shannon            john at johnrshannon.com

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/configure.ac	2006-06-25 12:03:38 UTC (rev 4170)
@@ -28,7 +28,7 @@
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
 m4_define([my_version], [1.4.4])
-m4_define([my_issvn], [yes])
+m4_define([my_issvn], [no])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
           || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/doc/gpg.texi	2006-06-25 12:03:38 UTC (rev 4170)
@@ -51,7 +51,11 @@
 or a passphrase).
 
 @item --clearsign 
-Make a clear text signature.
+Make a clear text signature. The content in a clear text signature is
+readable without any special software. OpenPGP software is only
+needed to verify the signature. Clear text signatures may modify
+end-of-line whitespace for platform independence and are not intended
+to be reversible.
 
 @item -b, --detach-sign 
 Make a detached signature.
@@ -355,7 +359,7 @@
 that is no longer usable (e.g. revoked, or expired). Then, remove any
 signatures that are not usable by the trust calculations.
 Specifically, this removes any signature that does not validate, any
-signature that is superceded by a later signature, revoked signatures,
+signature that is superseded by a later signature, revoked signatures,
 and signatures issued by keys that are not present on the keyring.
 
 @item minimize
@@ -1140,6 +1144,13 @@
 validation. This option is only meaningful if pka-lookups is set.
 @end table
 
+ at item --enable-dsa2
+ at itemx --disable-dsa2
+Enables new-style DSA keys which (unlike the old style) may be larger
+than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
+that very few programs currently support these keys and signatures
+from them.
+
 @item --show-photos
 @itemx --no-show-photos
 Causes --list-keys, --list-sigs, --list-public-keys,
@@ -1434,14 +1445,20 @@
 Maximum depth of a certification chain (default is 5).
 
 @item --cipher-algo @code{name}
-Use @code{name} as cipher algorithm. Running the program
-with the command --version yields a list of supported
-algorithms. If this is not used the cipher algorithm is
-selected from the preferences stored with the key.
+Use @code{name} as cipher algorithm. Running the program with the
+command --version yields a list of supported algorithms. If this is
+not used the cipher algorithm is selected from the preferences stored
+with the key. In general, you do not want to use this option as it
+allows you to violate the OpenPGP standard.
+--personal-cipher-preferences is the safe way to accomplish the same
+thing.
 
 @item --digest-algo @code{name}
 Use @code{name} as the message digest algorithm. Running the program
-with the command --version yields a list of supported algorithms.
+with the command --version yields a list of supported algorithms. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. --personal-digest-preferences is the
+safe way to accomplish the same thing.
 
 @item --compress-algo @code{name}
 Use compression algorithm @code{name}. "zlib" is RFC-1950 ZLIB
@@ -1460,7 +1477,10 @@
 amount of memory while compressing and decompressing. This may be
 significant in low memory situations. Note, however, that PGP (all
 versions) only supports ZIP compression. Using any algorithm other
-than ZIP or "none" will make the message unreadable with PGP.
+than ZIP or "none" will make the message unreadable with PGP. In
+general, you do not want to use this option as it allows you to
+violate the OpenPGP standard. --personal-compress-preferences is the
+safe way to accomplish the same thing.
 
 @item --cert-digest-algo @code{name}
 Use @code{name} as the message digest algorithm used when signing a
@@ -1558,15 +1578,17 @@
 Enabled by default. --no-escape-from-lines disables this option.
 
 @item --passphrase-fd @code{n}
-Read the passphrase from file descriptor @code{n}. If you use 0 for
- at code{n}, the passphrase will be read from stdin. This can only be
-used if only one passphrase is supplied.
+Read the passphrase from file descriptor @code{n}. Only the first line
+will be read from file descriptor @code{n}. If you use 0 for @code{n},
+the passphrase will be read from stdin. This can only be used if only
+one passphrase is supplied.
 
 @item --passphrase-file @code{file}
-Read the passphrase from file @code{file}. This can only be used if
-only one passphrase is supplied. Obviously, a passphrase stored in a
-file is of questionable security if other users can read this file.
-Don't use this option if you can avoid it.
+Read the passphrase from file @code{file}. Only the first line will
+be read from file @code{file}. This can only be used if only one 
+passphrase is supplied. Obviously, a passphrase stored in a file is
+of questionable security if other users can read this file. Don't use
+this option if you can avoid it.
 
 @item --passphrase @code{string}
 Use @code{string} as the passphrase. This can only be used if only one
@@ -1660,7 +1682,8 @@
 Set up all options to be as PGP 8 compliant as possible. PGP 8 is a
 lot closer to the OpenPGP standard than previous versions of PGP, so
 all this does is disable --throw-keyids and set --escape-from-lines.
-All algorithms are allowed except for the SHA384 and SHA512 digests.
+All algorithms are allowed except for the SHA224, SHA384, and SHA512
+digests.
 @end table
 
 @item --force-v3-sigs
@@ -1785,10 +1808,10 @@
 warning means that your system is secure.
 
 Note that the warning for unsafe --homedir permissions cannot be
-supressed in the gpg.conf file, as this would allow an attacker to
-place an unsafe gpg.conf file in place, and use this file to supress
+suppressed in the gpg.conf file, as this would allow an attacker to
+place an unsafe gpg.conf file in place, and use this file to suppress
 warnings about itself. The --homedir permissions warning may only be
-supressed on the command line.
+suppressed on the command line.
 
 @item --no-mdc-warning
 Suppress the warning about missing MDC integrity protection.
@@ -1929,8 +1952,8 @@
 @item --allow-multisig-verification
 Allow verification of concatenated signed messages. This will run a
 signature verification for each data+signature block. There are some
-security issues with this option thus it is off by default. Note that
-versions of gpg rpior to version 1.4.3 implicityly allowed for this.
+security issues with this option and thus it is off by default. Note
+that versions of GPG prior to version 1.4.3 implicitly allowed this.
 
 @item --enable-special-filenames
 This options enables a mode in which filenames of the form
@@ -1994,6 +2017,11 @@
 list is used for new keys and becomes the default for "setpref" in the
 edit menu.
 
+ at item --default-keyserver-url @code{name}
+Set the default keyserver URL to @code{name}. This keyserver will be
+used as the keyserver URL when writing a new self-signature on a key,
+which includes key generation and changing preferences.
+
 @item --list-config 
 Display various internal configuration parameters of GnuPG. This
 option is intended for external programs that call GnuPG to perform

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/g10/ChangeLog	2006-06-25 12:03:38 UTC (rev 4170)
@@ -582,8 +582,8 @@
 
 2005-12-08  David Shaw  <dshaw at jabberwocky.com>
 
-	* options.h, keyserver.c (curl_cant_handle, keyserver_spawn,
-	keyserver_fetch): Set a flag to indicate that we're doing a direct
+	* options.h, keyserver.c (curl_cant_handle, keyserver_spawn)
+	(keyserver_fetch): Set a flag to indicate that we're doing a direct
 	URI fetch so we can differentiate between a keyserver operation
 	and a URI fetch for protocols like LDAP that can do either.
 

Modified: trunk/g10/encr-data.c
===================================================================
--- trunk/g10/encr-data.c	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/g10/encr-data.c	2006-06-25 12:03:38 UTC (rev 4170)
@@ -99,7 +99,7 @@
 	log_error("key setup failed: %s\n", g10_errstr(rc) );
 	goto leave;
       
-}
+      }
     if (!ed->buf) {
         log_error(_("problem handling encrypted packet\n"));
         goto leave;

Modified: trunk/m4/ChangeLog
===================================================================
--- trunk/m4/ChangeLog	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/m4/ChangeLog	2006-06-25 12:03:38 UTC (rev 4170)
@@ -1,3 +1,7 @@
+2006-06-25  Werner Koch  <wk at g10code.com>
+
+	* Makefile.am: Added noexecstack.m4 and ldap.m4
+
 2006-05-22  Marcus Brinkmann  <marcus at g10code.de>
 
 	* noexecstack.m4: New file.

Modified: trunk/m4/Makefile.am
===================================================================
--- trunk/m4/Makefile.am	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/m4/Makefile.am	2006-06-25 12:03:38 UTC (rev 4170)
@@ -1 +1,10 @@
-EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4  codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 nls.m4 po.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 readline.m4 libcurl.m4 libusb.m4 tar-ustar.m4
+EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 \
+             signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4 \
+             codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 \
+             inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 \
+             lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 nls.m4 \
+             po.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 \
+             readline.m4 libcurl.m4 libusb.m4 tar-ustar.m4 \
+	     ldap.m4 \
+	     noexecstack.m4
+

Modified: trunk/po/de.po
===================================================================
--- trunk/po/de.po	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/po/de.po	2006-06-25 12:03:38 UTC (rev 4170)
@@ -8,7 +8,7 @@
 "Project-Id-Version: gnupg-1.4.1\n"
 "Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n"
 "POT-Creation-Date: 2006-04-03 11:40+0200\n"
-"PO-Revision-Date: 2006-04-03 11:40+0200\n"
+"PO-Revision-Date: 2006-05-12 12:13+0200\n"
 "Last-Translator: Walter Koch <koch at u32.de>\n"
 "Language-Team: German <de at li.org>\n"
 "MIME-Version: 1.0\n"
@@ -6113,7 +6113,7 @@
 #: g10/trustdb.c:2197
 #, c-format
 msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
-msgstr "%d marignal-needed, %d complete-needed, %s Trust-Modell\n"
+msgstr "%d marginal-needed, %d complete-needed, %s Vertrauensmodell\n"
 
 #: g10/trustdb.c:2283
 #, c-format

Modified: trunk/util/ChangeLog
===================================================================
--- trunk/util/ChangeLog	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/util/ChangeLog	2006-06-25 12:03:38 UTC (rev 4170)
@@ -10,7 +10,7 @@
 
 2006-04-11  Werner Koch  <wk at g10code.com>
 
-	* iobuf.c (IOBUF_BUFFER_SIZE): New to repalce hardwired 8192.
+	* iobuf.c (IOBUF_BUFFER_SIZE): New to replace hardwired 8192.
 
 2006-04-06  David Shaw  <dshaw at jabberwocky.com>
 

Modified: trunk/util/miscutil.c
===================================================================
--- trunk/util/miscutil.c	2006-06-23 04:27:57 UTC (rev 4169)
+++ trunk/util/miscutil.c	2006-06-25 12:03:38 UTC (rev 4170)
@@ -326,10 +326,10 @@
 int
 answer_is_yes_no_default( const char *s, int def_answer )
 {
-    /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+    /* TRANSLATORS: See doc/TRANSLATE about this string. */
     const char *long_yes = _("yes");
     const char *short_yes = _("yY");
-    /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+    /* TRANSLATORS: See doc/TRANSLATE about this string. */
     const char *long_no = _("no");
     const char *short_no = _("nN");
 
@@ -363,11 +363,11 @@
 int
 answer_is_yes_no_quit( const char *s )
 {
-    /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+    /* TRANSLATORS: See doc/TRANSLATE about this string. */
     const char *long_yes = _("yes");
-    /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+    /* TRANSLATORS: See doc/TRANSLATE about this string. */
     const char *long_no = _("no");
-    /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+    /* TRANSLATORS: See doc/TRANSLATE about this string. */
     const char *long_quit = _("quit");
     const char *short_yes = _("yY");
     const char *short_no = _("nN");
@@ -403,9 +403,9 @@
 int
 answer_is_okay_cancel (const char *s, int def_answer)
 {
-  /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+  /* TRANSLATORS: See doc/TRANSLATE about this string. */
   const char *long_okay = _("okay|okay");
-  /* NOTE TO TRANSLATOR: See doc/TRANSLATE about this string. */
+  /* TRANSLATORS: See doc/TRANSLATE about this string. */
   const char *long_cancel = _("cancel|cancel");
   const char *short_okay = _("oO");
   const char *short_cancel = _("cC");


