From cvs at cvs.gnupg.org Mon Mar 5 11:41:04 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 11:41:04 +0100 Subject: [svn] GnuPG - r4442 - tags Message-ID: Author: wk Date: 2007-03-05 11:41:03 +0100 (Mon, 05 Mar 2007) New Revision: 4442 Added: tags/gnupg-1.4.7/ Log: Tagged release Copied: tags/gnupg-1.4.7 (from rev 4441, branches/STABLE-BRANCH-1-4) From cvs at cvs.gnupg.org Mon Mar 5 11:56:35 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 11:56:35 +0100 Subject: [svn] gpgme - r1211 - trunk Message-ID: Author: wk Date: 2007-03-05 11:56:31 +0100 (Mon, 05 Mar 2007) New Revision: 1211 Modified: trunk/ChangeLog trunk/NEWS trunk/autogen.sh trunk/configure.ac Log: Preparing a new release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-02-26 10:44:57 UTC (rev 1210) +++ trunk/ChangeLog 2007-03-05 10:56:31 UTC (rev 1211) @@ -1,6 +1,14 @@ +2007-03-05 Werner Koch + + Released 1.1.4. + + * configure.ac (LIBGPGME_LT_REVISION): Bump for release. + + * autogen.sh: New option --force. + 2007-01-29 Marcus Brinkmann - * Released 1.1.3. + Released 1.1.3. * configure.ac (LIBGPGME_LT_REVISION): Bump for release. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-02-26 10:44:57 UTC (rev 1210) +++ trunk/NEWS 2007-03-05 10:56:31 UTC (rev 1211) @@ -1,7 +1,10 @@ -Noteworthy changes in version 1.1.4 +Noteworthy changes in version 1.1.4 (2007-03-05) ------------------------------------------------ - * Detect and bail out on double plaintext messages. + * Detect and bail out on double plaintext messages. This is required + so that applications can properly detect the signed parts of a + message. Actual there is now a double protection as GnuPG 1.4.7 + will detect this case too. Noteworthy changes in version 1.1.3 (2007-01-29) Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2007-02-26 10:44:57 UTC (rev 1210) +++ trunk/autogen.sh 2007-03-05 10:56:31 UTC (rev 1211) @@ -30,6 +30,11 @@ DIE=no +FORCE= +if test "$1" == "--force"; then + FORCE=" --force" + shift +fi # Used to cross-compile for Windows. if test "$1" = "--build-w32"; then @@ -151,7 +156,7 @@ $AUTOHEADER echo "Running automake --gnu ..." $AUTOMAKE --gnu; -echo "Running autoconf..." -$AUTOCONF +echo "Running autoconf${FORCE} ..." +$AUTOCONF${FORCE} echo "You may now run \"./configure --enable-maintainer-mode && make\"." Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-02-26 10:44:57 UTC (rev 1210) +++ trunk/configure.ac 2007-03-05 10:56:31 UTC (rev 1211) @@ -36,7 +36,7 @@ # for snapshot releases please do an "svn up" right before recreating # the configure script, so that a proper revision number for all files # is available when running a "make distcheck". -m4_define(my_version, [1.1.3]) +m4_define(my_version, [1.1.4]) #m4_define(my_iscvs, yes) AC_INIT([gpgme], my_version[]m4_ifdef([my_iscvs], [-cvs[]m4_translit( [$Revision$],[Ra-z $:])]), @@ -52,7 +52,7 @@ # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] LIBGPGME_LT_AGE=6 -LIBGPGME_LT_REVISION=2 +LIBGPGME_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 From cvs at cvs.gnupg.org Mon Mar 5 12:15:57 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 12:15:57 +0100 Subject: [svn] gpgme - r1212 - tags Message-ID: Author: wk Date: 2007-03-05 12:15:57 +0100 (Mon, 05 Mar 2007) New Revision: 1212 Added: tags/gpgme-1.1.4/ Log: Tagged release Copied: tags/gpgme-1.1.4 (from rev 1211, trunk) From cvs at cvs.gnupg.org Mon Mar 5 12:18:48 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 12:18:48 +0100 Subject: [svn] gpgme - r1213 - in trunk: . gpgme Message-ID: Author: wk Date: 2007-03-05 12:18:47 +0100 (Mon, 05 Mar 2007) New Revision: 1213 Modified: trunk/NEWS trunk/configure.ac trunk/gpgme/gpgme.h Log: Post release updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-03-05 11:15:57 UTC (rev 1212) +++ trunk/NEWS 2007-03-05 11:18:47 UTC (rev 1213) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.1.5 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.1.4 (2007-03-05) ------------------------------------------------ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-03-05 11:15:57 UTC (rev 1212) +++ trunk/configure.ac 2007-03-05 11:18:47 UTC (rev 1213) @@ -36,8 +36,8 @@ # for snapshot releases please do an "svn up" right before recreating # the configure script, so that a proper revision number for all files # is available when running a "make distcheck". -m4_define(my_version, [1.1.4]) -#m4_define(my_iscvs, yes) +m4_define(my_version, [1.1.5]) +m4_define(my_iscvs, yes) AC_INIT([gpgme], my_version[]m4_ifdef([my_iscvs], [-cvs[]m4_translit( [$Revision$],[Ra-z $:])]), [bug-gpgme at gnupg.org]) Modified: trunk/gpgme/gpgme.h =================================================================== --- trunk/gpgme/gpgme.h 2007-03-05 11:15:57 UTC (rev 1212) +++ trunk/gpgme/gpgme.h 2007-03-05 11:18:47 UTC (rev 1213) @@ -72,7 +72,7 @@ AM_PATH_GPGME macro) check that this header matches the installed library. Warning: Do not edit the next line. configure will do that for you! */ -#define GPGME_VERSION "1.1.3" +#define GPGME_VERSION "1.1.4" From cvs at cvs.gnupg.org Mon Mar 5 11:46:34 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 11:46:34 +0100 Subject: [svn] GnuPG - r4443 - branches/STABLE-BRANCH-1-4 Message-ID: Author: wk Date: 2007-03-05 11:46:33 +0100 (Mon, 05 Mar 2007) New Revision: 4443 Modified: branches/STABLE-BRANCH-1-4/NEWS branches/STABLE-BRANCH-1-4/configure.ac Log: Post release update Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2007-03-05 10:41:03 UTC (rev 4442) +++ branches/STABLE-BRANCH-1-4/NEWS 2007-03-05 10:46:33 UTC (rev 4443) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4.8 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 1.4.7 (2007-03-05) ------------------------------------------------ Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2007-03-05 10:41:03 UTC (rev 4442) +++ branches/STABLE-BRANCH-1-4/configure.ac 2007-03-05 10:46:33 UTC (rev 4443) @@ -27,8 +27,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.7]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.8]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) From cvs at cvs.gnupg.org Mon Mar 5 15:56:34 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 05 Mar 2007 15:56:34 +0100 Subject: [svn] GnuPG - r4444 - in trunk: . doc g10 tests/openpgp Message-ID: Author: wk Date: 2007-03-05 15:56:31 +0100 (Mon, 05 Mar 2007) New Revision: 4444 Modified: trunk/NEWS trunk/doc/ChangeLog trunk/doc/gpg.texi trunk/g10/ChangeLog trunk/g10/gpg.c trunk/g10/mainproc.c trunk/g10/options.h trunk/g10/status.c trunk/g10/status.h trunk/tests/openpgp/ChangeLog trunk/tests/openpgp/verify.test Log: Ported multiple-messages protection. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/NEWS 2007-03-05 14:56:31 UTC (rev 4444) @@ -1,6 +1,13 @@ Noteworthy changes in version 2.0.3 ------------------------------------------------ + * By default, do not allow processing multiple plaintexts in a single + stream. Many programs that called GnuPG were assuming that GnuPG + did not permit this, and were thus not using the plaintext boundary + status tags that GnuPG provides. This change makes GnuPG reject + such messages by default which makes those programs safe again. + --allow-multiple-messages returns to the old behavior. + * New --verify-option show-primary-uid-only. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/doc/ChangeLog 2007-03-05 14:56:31 UTC (rev 4444) @@ -1,3 +1,8 @@ +2007-03-04 David Shaw + + * gpg.texi (GPG Esoteric Options): Document + --allow-multiple-messages. + 2007-02-26 Werner Koch * gpg.texi (GPG Configuration): Document envvar LANGUAGE. Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/doc/gpg.texi 2007-03-05 14:56:31 UTC (rev 4444) @@ -1985,7 +1985,7 @@ @c ******** ESOTERIC OPTIONS *************** @c ******************************************* @node GPG Esoteric Options - at subsection Doing things one usually don't want to do. + at subsection Doing things one usually doesn't want to do. @table @gnupgtabopt @@ -2380,11 +2380,13 @@ @item --allow-secret-key-import This is an obsolete option and is not used anywhere. - at item --allow-multisig-verification -Allow verification of concatenated signed messages. This will run a -signature verification for each data+signature block. There are some -security issues with this option and thus it is off by default. Note -that versions of GPG prior to version 1.4.3 implicitly allowed this. + at item --allow-multiple-messages + at item --no-allow-multiple-messages +Allow processing of multiple OpenPGP messages contained in a single +file or stream. Some programs that call GPG are not prepared to deal +with multiple messages being processed together, so this option +defaults to no. Note that versions of GPG prior to 1.4.7 always +allowed multiple messages. @item --enable-special-filenames This options enables a mode in which filenames of the form Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/ChangeLog 2007-03-05 14:56:31 UTC (rev 4444) @@ -1,3 +1,20 @@ +2007-03-05 Werner Koch + + Converted this file to UTF-8. + + Ported David and my multiple messages changes from 1.4.7. + + * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow + multiple sig verification again as this is protected via the + multiple-messages code. New option --allow-multiple-messages and + --no variant. + * status.h (STATUS_ERROR): New status code. + * status.c (get_status_string): Ditto. + * mainproc.c (proc_plaintext): Emit it if multiple messages are + detected. Error out if more than one plaintext packet is + encountered. + * mainproc.c (literals_seen): New. + 2007-02-26 Werner Koch * gpg.c (main): Add verify option show-primary-uid-only. @@ -1756,7 +1773,7 @@ 2003-04-10 Werner Koch * passphrase.c (read_passphrase_from_fd): Do a dummy read if the - agent is to be used. Noted by Ingo Kl?cker. + agent is to be used. Noted by Ingo Kl??cker. (agent_get_passphrase): Inhibit caching when we have no fingerprint. This is required for key generation as well as for symmetric only encryption. @@ -2699,7 +2716,7 @@ warning. * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char - problem in %-escaping. Noted by Ingo Kl?cker. + problem in %-escaping. Noted by Ingo Kl??cker. 2002-10-03 David Shaw @@ -7027,12 +7044,12 @@ Thu Feb 10 17:39:44 CET 2000 Werner Koch * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. - By R?mi. + By R??mi. Thu Feb 10 11:39:41 CET 2000 Werner Koch * keylist.c (list_keyblock): Don't print warnings in the middle of - regulat output lines. By R?mi. + regulat output lines. By R??mi. * sig-check.c: Include options.h @@ -7622,7 +7639,7 @@ * g10.c (main): Fix for SHM init (Michael). * compress.c, encr-data.c, mdfilter.c, - plaintext.c, free-packet.c: Speed patches (R?mi). + plaintext.c, free-packet.c: Speed patches (R??mi). Thu May 27 09:40:55 CEST 1999 Werner Koch @@ -7647,7 +7664,7 @@ Tue May 25 19:50:32 CEST 1999 Werner Koch * sign.c (sign_file): Always use compression algo 1 for signed - onyl file becuase we can? be sure the the verifier supports other + onyl file becuase we can?? be sure the the verifier supports other algorithms. * build-packet.c (build_sig_subpkt): Support for notation data. @@ -7837,7 +7854,7 @@ (protect_secret_key). Ditto. * misc.c (print_cipher_algo_note): Twofish is now a standard algo. - * keygen.c (do_create): Fixed spelling (Ga?l Qu?ri) + * keygen.c (do_create): Fixed spelling (Ga??l Qu??ri) (ask_keysize): Only allow keysizes up to 4096 * ringedit.c (add_keyblock_resource): chmod newly created secrings. @@ -7880,7 +7897,7 @@ * trustdb.c (insert_trust_record): Always use the primary key. - * encode.c (encode_simple): Added text_mode filter (R?mi Guyomarch) + * encode.c (encode_simple): Added text_mode filter (R??mi Guyomarch) (encode_crypt): Ditto. * mainproc.c (proc_pubkey_enc): Added status ENC_TO. @@ -9261,7 +9278,7 @@ Wed Apr 8 09:47:21 1998 Werner Koch (wk at isil.d.shuttle.de) - * sig-check.c (do_check): Applied small fix from Ulf M?ller. + * sig-check.c (do_check): Applied small fix from Ulf M??ller. Tue Apr 7 19:28:07 1998 Werner Koch (wk at isil.d.shuttle.de) @@ -9640,7 +9657,7 @@ Copyright 1998,1999,2000,2001,2002,2003,2004,2005, - 2006 Free Software Foundation, Inc. + 2006,2007 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/gpg.c 2007-03-05 14:56:31 UTC (rev 4444) @@ -357,6 +357,8 @@ oAllowMultisigVerification, oEnableDSA2, oDisableDSA2, + oAllowMultipleMessages, + oNoAllowMultipleMessages, oNoop }; @@ -692,6 +694,8 @@ { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, { oEnableDSA2, "enable-dsa2", 0, "@"}, { oDisableDSA2, "disable-dsa2", 0, "@"}, + { oAllowMultipleMessages, "allow-multiple-messages", 0, "@"}, + { oNoAllowMultipleMessages, "no-allow-multiple-messages", 0, "@"}, /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common @@ -2807,13 +2811,18 @@ release_akl(); break; - case oAllowMultisigVerification: - opt.allow_multisig_verification = 1; - break; - case oEnableDSA2: opt.flags.dsa2=1; break; case oDisableDSA2: opt.flags.dsa2=0; break; + case oAllowMultisigVerification: + case oAllowMultipleMessages: + opt.flags.allow_multiple_messages=1; + break; + + case oNoAllowMultipleMessages: + opt.flags.allow_multiple_messages=0; + break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; Modified: trunk/g10/mainproc.c =================================================================== --- trunk/g10/mainproc.c 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/mainproc.c 2007-03-05 14:56:31 UTC (rev 4444) @@ -98,11 +98,10 @@ static int do_proc_packets( CTX c, IOBUF a ); - static void list_node( CTX c, KBNODE node ); static void proc_tree( CTX c, KBNODE node ); +static int literals_seen; - static void release_list( CTX c ) { @@ -596,6 +595,8 @@ int any, clearsig, only_md5, rc; KBNODE n; + literals_seen++; + if( pt->namelen == 8 && !memcmp( pt->name, "_CONSOLE", 8 ) ) log_info(_("NOTE: sender requested \"for-your-eyes-only\"\n")); else if( opt.verbose ) @@ -683,13 +684,30 @@ gcry_md_start_debug ( c->mfx.md2, "verify2" ); } - rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); - if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) + rc=0; + + if (literals_seen>1) { - /* Can't write output but we hash it anyway to check the - signature. */ - rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); + log_info (_("WARNING: multiple plaintexts seen\n")); + + if (!opt.flags.allow_multiple_messages) + { + write_status_text (STATUS_ERROR, "proc_pkt.plaintext 89_BAD_DATA"); + log_inc_errorcount (); + rc = gpg_error (GPG_ERR_UNEXPECTED); + } } + + if(!rc) + { + rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); + if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) + { + /* Can't write output but we hash it anyway to check the + signature. */ + rc = handle_plaintext( pt, &c->mfx, 1, clearsig ); + } + } if( rc ) log_error( "handle plaintext failed: %s\n", g10_errstr(rc)); @@ -1512,8 +1530,17 @@ n_sig++; if (!n_sig) goto ambiguous; - if (n && !opt.allow_multisig_verification) - goto ambiguous; + + /* If we wanted to disallow multiple sig verification, we'd do + something like this: + + if (n && !opt.allow_multisig_verification) + goto ambiguous; + + However, now that we have --allow-multiple-messages, this + can stay allowable as we can't get here unless multiple + messages (i.e. multiple literals) are allowed. */ + if (n_onepass != n_sig) { log_info ("number of one-pass packets does not match " Modified: trunk/g10/options.h =================================================================== --- trunk/g10/options.h 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/options.h 2007-03-05 14:56:31 UTC (rev 4444) @@ -227,6 +227,7 @@ unsigned int use_embedded_filename:1; unsigned int utf8_filename:1; unsigned int dsa2:1; + unsigned int allow_multiple_messages:1; } flags; /* Linked list of ways to find a key if the key isn't on the local @@ -238,8 +239,6 @@ struct akl *next; } *auto_key_locate; - /* True if multiple concatenated signatures may be verified. */ - int allow_multisig_verification; int passwd_repeat; } opt; Modified: trunk/g10/status.c =================================================================== --- trunk/g10/status.c 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/status.c 2007-03-05 14:56:31 UTC (rev 4444) @@ -148,6 +148,7 @@ case STATUS_PKA_TRUST_BAD : s = "PKA_TRUST_BAD"; break; case STATUS_PKA_TRUST_GOOD : s = "PKA_TRUST_GOOD"; break; case STATUS_BEGIN_SIGNING : s = "BEGIN_SIGNING"; break; + case STATUS_ERROR : s = "ERROR"; break; default: s = "?"; break; } return s; Modified: trunk/g10/status.h =================================================================== --- trunk/g10/status.h 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/g10/status.h 2007-03-05 14:56:31 UTC (rev 4444) @@ -120,7 +120,9 @@ #define STATUS_BEGIN_SIGNING 84 +#define STATUS_ERROR 85 + /*-- status.c --*/ void set_status_fd ( int fd ); int is_status_enabled ( void ); Modified: trunk/tests/openpgp/ChangeLog =================================================================== --- trunk/tests/openpgp/ChangeLog 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/tests/openpgp/ChangeLog 2007-03-05 14:56:31 UTC (rev 4444) @@ -1,3 +1,9 @@ +2007-03-04 David Shaw (wk) + + * verify.test: Use --allow-multiple-messages instead of + --allow-multisig-verification. Two clearsigs in a row counds as a + multiple-message test. + 2006-11-16 Werner Koch * Makefile.am (plain-large): Use gpg.texi instead of FAQ which Modified: trunk/tests/openpgp/verify.test =================================================================== --- trunk/tests/openpgp/verify.test 2007-03-05 10:46:33 UTC (rev 4443) +++ trunk/tests/openpgp/verify.test 2007-03-05 14:56:31 UTC (rev 4444) @@ -121,8 +121,8 @@ # Two standard signed messages in a row -tests="$tests msg_olsols_asc_multisig" -msg_olsols_asc_multisig='-----BEGIN PGP MESSAGE----- +tests="$tests msg_olsols_asc_multiple" +msg_olsols_asc_multiple='-----BEGIN PGP MESSAGE----- kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0 @@ -215,8 +215,8 @@ ` # Two clear text signatures in a row -tests="$tests msg_clsclss_asc" -msg_clsclss_asc="${msg_cls_asc} +tests="$tests msg_clsclss_asc_multiple" +msg_clsclss_asc_multiple="${msg_cls_asc} ${msg_clss_asc}" @@ -233,8 +233,8 @@ msg_*_asc) $GPG --verify x || error "verify of $i failed" ;; - msg_*_asc_multisig) - $GPG --verify --allow-multisig-verification x \ + msg_*_asc_multiple) + $GPG --verify --allow-multiple-messages x \ || error "verify of $i failed" $GPG --verify x && error "verify of $i succeeded but should not" ;; From cvs at cvs.gnupg.org Tue Mar 6 07:39:40 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 06 Mar 2007 07:39:40 +0100 Subject: [svn] GnuPG - r4445 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2007-03-06 07:39:38 +0100 (Tue, 06 Mar 2007) New Revision: 4445 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/getkey.c branches/STABLE-BRANCH-1-4/g10/keyedit.c Log: * keyedit.c (keyedit_menu): If we modify the keyblock (via fix_keyblock() or collapse_uids()) make sure we reprocess the keyblock so the flags are correct. Noted by Robin H. Johnson. * getkey.c (fixup_uidnode): Properly clear flags that don't apply to us (revoked, expired) so that we can reprocess a uid. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-03-05 14:56:31 UTC (rev 4444) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-03-06 06:39:38 UTC (rev 4445) @@ -1,3 +1,12 @@ +2007-03-06 David Shaw + + * keyedit.c (keyedit_menu): If we modify the keyblock (via + fix_keyblock() or collapse_uids()) make sure we reprocess the + keyblock so the flags are correct. Noted by Robin H. Johnson. + + * getkey.c (fixup_uidnode): Properly clear flags that don't apply + to us (revoked, expired) so that we can reprocess a uid. + 2007-03-01 David Shaw * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow Modified: branches/STABLE-BRANCH-1-4/g10/getkey.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/getkey.c 2007-03-05 14:56:31 UTC (rev 4444) +++ branches/STABLE-BRANCH-1-4/g10/getkey.c 2007-03-06 06:39:38 UTC (rev 4445) @@ -1485,10 +1485,13 @@ sig->flags.chosen_selfsig = 1; /* we chose this one */ uid->created = 0; /* not created == invalid */ - if ( IS_UID_REV ( sig ) ) { + if ( IS_UID_REV ( sig ) ) + { uid->is_revoked = 1; return; /* has been revoked */ - } + } + else + uid->is_revoked=0; uid->expiredate = sig->expiredate; @@ -1497,6 +1500,8 @@ uid->is_expired = 1; return; /* has expired */ } + else + uid->is_expired=0; uid->created = sig->timestamp; /* this one is okay */ uid->selfsigversion = sig->version; Modified: branches/STABLE-BRANCH-1-4/g10/keyedit.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyedit.c 2007-03-05 14:56:31 UTC (rev 4444) +++ branches/STABLE-BRANCH-1-4/g10/keyedit.c 2007-03-06 06:39:38 UTC (rev 4445) @@ -1541,6 +1541,10 @@ if( collapse_uids( &keyblock ) ) modified++; reorder_keyblock(keyblock); + /* We modified the keyblock, so let's make sure the flags are + right. */ + if(modified) + merge_keys_and_selfsig( keyblock ); if(seckey_check) {/* see whether we have a matching secret key */ From cvs at cvs.gnupg.org Tue Mar 6 21:44:43 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 06 Mar 2007 21:44:43 +0100 Subject: [svn] GnuPG - r4446 - in trunk: . agent doc doc/examples tools Message-ID: Author: wk Date: 2007-03-06 21:44:41 +0100 (Tue, 06 Mar 2007) New Revision: 4446 Added: trunk/doc/examples/gpgconf.conf trunk/doc/vuln-announce-2007-multiple-message.txt Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/doc/ChangeLog trunk/doc/Makefile.am trunk/doc/gpg-agent.texi trunk/doc/tools.texi trunk/tools/ChangeLog trunk/tools/gpgconf-comp.c trunk/tools/gpgconf.c trunk/tools/gpgconf.h Log: Support for a global gpgconf configuration file. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/NEWS 2007-03-06 20:44:41 UTC (rev 4446) @@ -10,7 +10,10 @@ * New --verify-option show-primary-uid-only. + * gpgconf may now read a global configuration file to select which + options are changeable by a frontend. + Noteworthy changes in version 2.0.2 (2007-01-31) ------------------------------------------------ Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/agent/ChangeLog 2007-03-06 20:44:41 UTC (rev 4446) @@ -1,3 +1,7 @@ +2007-03-06 Werner Koch + + * gpg-agent.c (main) : Add entries for all ttl options. + 2007-02-20 Werner Koch * call-pinentry.c (start_pinentry): Fix for OS X to allow loading Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/agent/gpg-agent.c 2007-03-06 20:44:41 UTC (rev 4446) @@ -168,6 +168,7 @@ #define DEFAULT_CACHE_TTL (10*60) /* 10 minutes */ #define DEFAULT_CACHE_TTL_SSH (30*60) /* 30 minutes */ #define MAX_CACHE_TTL (120*60) /* 2 hours */ +#define MAX_CACHE_TTL_SSH (120*60) /* 2 hours */ #define MIN_PASSPHRASE_LEN (8) @@ -408,7 +409,7 @@ opt.def_cache_ttl = DEFAULT_CACHE_TTL; opt.def_cache_ttl_ssh = DEFAULT_CACHE_TTL_SSH; opt.max_cache_ttl = MAX_CACHE_TTL; - opt.max_cache_ttl_ssh = MAX_CACHE_TTL; + opt.max_cache_ttl_ssh = MAX_CACHE_TTL_SSH; opt.min_passphrase_len = MIN_PASSPHRASE_LEN; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 0; @@ -775,6 +776,14 @@ GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME ); printf ("default-cache-ttl:%lu:%d:\n", GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL ); + printf ("default-cache-ttl-ssh:%lu:%d:\n", + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, DEFAULT_CACHE_TTL_SSH ); + printf ("max-cache-ttl:%lu:%d:\n", + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL ); + printf ("max-cache-ttl-ssh:%lu:%d:\n", + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MAX_CACHE_TTL_SSH ); + printf ("min-passphrase-len:%lu:%d:\n", + GC_OPT_FLAG_DEFAULT|GC_OPT_FLAG_RUNTIME, MIN_PASSPHRASE_LEN ); printf ("no-grab:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); printf ("ignore-cache-for-signing:%lu:\n", Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/doc/ChangeLog 2007-03-06 20:44:41 UTC (rev 4446) @@ -1,3 +1,7 @@ +2007-03-06 Werner Koch + + * examples/gpgconf.conf: New. + 2007-03-04 David Shaw * gpg.texi (GPG Esoteric Options): Document Modified: trunk/doc/Makefile.am =================================================================== --- trunk/doc/Makefile.am 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/doc/Makefile.am 2007-03-06 20:44:41 UTC (rev 4446) @@ -19,7 +19,8 @@ ## Process this file with automake to produce Makefile.in -examples = examples/README examples/scd-event examples/trustlist.txt +examples = examples/README examples/scd-event examples/trustlist.txt \ + examples/gpgconf.conf EXTRA_DIST = DETAILS HACKING TRANSLATE OpenPGP KEYSERVER samplekeys.asc \ gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \ Added: trunk/doc/examples/gpgconf.conf =================================================================== --- trunk/doc/examples/gpgconf.conf 2007-03-06 06:39:38 UTC (rev 4445) +++ trunk/doc/examples/gpgconf.conf 2007-03-06 20:44:41 UTC (rev 4446) @@ -0,0 +1,59 @@ +# gpgconf.conf - configuration for gpgconf +#---------------------------------------------------------------------- +# This file is read by gpgconf(1) to setup defaults for all or +# specified users and groups. It may be used to change the hardwired +# defaults in gpgconf and to enforce certain values for the various +# GnuPG related configuration files. +# +# Empty lines and comment lines, indicated by a hash mark as first non +# white space character, are ignored. The line is separated by white +# space into fields. The first field is used to match the user or +# group and must start at the first column, the file is processes +# sequential until a matching rle is found. A rule may contain +# several lines, continuation lines are indicated by a indenting them. +# +# Syntax of a line: +# |WS