From cvs at cvs.gnupg.org  Mon Aug  3 19:47:19 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon, 03 Aug 2009 19:47:19 +0200
Subject: [svn] GnuPG -  r5106 - in branches/STABLE-BRANCH-1-4: . g10
Message-ID: <E1MY0KS-0005Rc-BJ@lists.gnupg.com>

Author: wk
Date: 2009-08-03 19:47:18 +0200 (Mon, 03 Aug 2009)
New Revision: 5106

Modified:
   branches/STABLE-BRANCH-1-4/NEWS
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/card-util.c
   branches/STABLE-BRANCH-1-4/g10/cardglue.c
   branches/STABLE-BRANCH-1-4/g10/cardglue.h
   branches/STABLE-BRANCH-1-4/g10/main.h
   branches/STABLE-BRANCH-1-4/g10/misc.c
   branches/STABLE-BRANCH-1-4/g10/sig-check.c
Log:



Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-03 17:47:18 UTC (rev 5106)
@@ -1,3 +1,19 @@
+2009-08-03  Werner Koch  <wk at g10code.com>
+
+	* card-util.c (generate_card_keys): Ask for off-card keys only if
+	the card supports it.
+	(get_info_for_key_operation): Read EXTCAP.
+	(card_store_subkey): Check for non matching sizes.
+
+	* cardglue.c (agent_scd_writecert, agent_scd_readcert): New stubs.
+	* misc.c (not_in_gpg1_notice): New.
+
+2009-07-30  Werner Koch  <wk at g10code.com>
+
+	* misc.c (md5_digest_warn): New.
+	(print_digest_algo_note): Divert to new function.
+	* sig-check.c (do_check): Print MD5 warning.
+
 2009-07-31  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.c (main): --pgp6 includes --disable-mdc.

Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/NEWS	2009-08-03 17:47:18 UTC (rev 5106)
@@ -1,6 +1,13 @@
 Noteworthy changes in version 1.4.10 (unreleased)
 -------------------------------------------------
 
+    * 2048 bit RSA keys are now generated by default.  The default
+      hash algorithm preferences has changed to prefer SHA-256 over
+      SHA-1.  2048 bit DSA keys are now generated to use a 256 bit
+      hash algorithm
+
+    * Support v2 OpenPGP cards.
+
     * The algorithm to compute the SIG_ID status has been changed to
       match the one from 2.0.10.
 
@@ -8,11 +15,9 @@
 
     * Fixed a memory leak which made imports of many keys very slow.
 
-    * Support v2 OpenPGP cards.
+    * Many smaller bug fixes.
 
-    * FIXME:  Anything else?
 
-
 Noteworthy changes in version 1.4.9 (2008-03-26)
 ------------------------------------------------
 

Modified: branches/STABLE-BRANCH-1-4/g10/card-util.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/card-util.c	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/card-util.c	2009-08-03 17:47:18 UTC (rev 5106)
@@ -952,8 +952,7 @@
       return -1;
     }
 
-#warning need to implement this fucntion
-  rc = -1; /*agent_scd_writecert ("OPENPGP.3", data, n);*/
+  rc = agent_scd_writecert ("OPENPGP.3", data, n);
   if (rc)
     log_error ("error writing certificate to card: %s\n", gpg_strerror (rc));
   xfree (data);
@@ -982,8 +981,7 @@
       return -1;
     }
 
-#warning need to implement this fucntion
-  rc = -1; /*agent_scd_readcert ("OPENPGP.3", &buffer, &length);*/
+  rc = agent_scd_readcert ("OPENPGP.3", &buffer, &length);
   if (rc)
     log_error ("error reading certificate from card: %s\n", gpg_strerror (rc));
   else
@@ -1158,6 +1156,8 @@
     rc = agent_scd_getattr ("CHV-STATUS", info);
   if (!rc)
     rc = agent_scd_getattr ("DISP-NAME", info);
+  if (!rc)
+    rc = agent_scd_getattr ("EXTCAP", info);
   if (rc)
     log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
   return rc;
@@ -1263,21 +1263,27 @@
   if (get_info_for_key_operation (&info))
     return;
 
+  if (info.extcap.ki)
+    {
 #if GNUPG_MAJOR_VERSION == 1
-  {
-    char *answer=cpr_get("cardedit.genkeys.backup_enc",
-			 _("Make off-card backup of encryption key? (Y/n) "));
+      char *answer;
 
-    want_backup=answer_is_yes_no_default(answer,1);
-    cpr_kill_prompt();
-    xfree(answer);
-  }
+
+      answer = cpr_get ("cardedit.genkeys.backup_enc",
+                        _("Make off-card backup of encryption key? (Y/n) "));
+
+      want_backup=answer_is_yes_no_default(answer,1);
+      cpr_kill_prompt();
+      xfree(answer);
 #else
-  want_backup = cpr_get_answer_is_yes 
-                  ( "cardedit.genkeys.backup_enc",
+      want_backup = cpr_get_answer_is_yes 
+          ( "cardedit.genkeys.backup_enc",
                     _("Make off-card backup of encryption key? (Y/n) "));
   /*FIXME: we need answer_is_yes_no_default()*/
 #endif
+    }
+  else
+    want_backup = 0;
 
   if ( (info.fpr1valid && !fpr_is_zero (info.fpr1))
        || (info.fpr2valid && !fpr_is_zero (info.fpr2))
@@ -1385,7 +1391,9 @@
   size_t n;
   const char *s;
   int allow_keyno[3];
+  unsigned int nbits;
 
+
   assert (node->pkt->pkttype == PKT_SECRET_KEY
           || node->pkt->pkttype == PKT_SECRET_SUBKEY);
   sk = node->pkt->pkt.secret_key;
@@ -1393,10 +1401,18 @@
   if (get_info_for_key_operation (&info))
     return 0;
 
+  if (!info.extcap.ki)
+    {
+      tty_printf ("The card does not support the import of keys\n");
+      tty_printf ("\n");
+      goto leave;
+    }
+
   show_card_key_info (&info);
 
-  if (!is_RSA (sk->pubkey_algo) 
-      || (!info.is_v2 && nbits_from_sk (sk) != 1024) )
+  nbits = nbits_from_sk (sk);
+
+  if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) )
     {
       tty_printf ("You may only store a 1024 bit RSA key on the card\n");
       tty_printf ("\n");
@@ -1429,8 +1445,17 @@
       keyno = *answer? atoi(answer): 0;
       xfree(answer);
       if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
-        break; /* Okay. */
-      tty_printf(_("Invalid selection.\n"));
+        {
+          if (info.is_v2 && !info.extcap.aac 
+              && info.key_attr[keyno-1].nbits != nbits)
+            {
+              tty_printf ("Key does not match the card's capability.\n");
+            }
+          else
+            break; /* Okay. */
+        }
+      else
+        tty_printf(_("Invalid selection.\n"));
     }
 
   if (replace_existing_key_p (&info, keyno))

Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/cardglue.c	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/cardglue.c	2009-08-03 17:47:18 UTC (rev 5106)
@@ -1527,3 +1527,26 @@
       xfree (cacheid);
     }
 }
+
+
+int 
+agent_scd_writecert (const char *certidstr,
+                     const unsigned char *certdata, size_t certdatalen)
+{
+  /* It does not make sense to implement this rarely used and mainly
+     interactive command in GPG-1.  GPG-2 is better suited for this.  */ 
+  not_in_gpg1_notice ();
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}
+
+
+int 
+agent_scd_readcert (const char *certidstr,
+                    void **r_buf, size_t *r_buflen)
+{
+  /* It does not make sense to implement this rarely used and mainly
+     interactive command in GPG-1.  GPG-2 is better suited for this.  */ 
+  *r_buf = NULL;
+  not_in_gpg1_notice ();
+  return gpg_error (GPG_ERR_NOT_SUPPORTED);
+}

Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.h
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/cardglue.h	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/cardglue.h	2009-08-03 17:47:18 UTC (rev 5106)
@@ -230,6 +230,13 @@
 void agent_clear_pin_cache (const char *sn);
 
 
+/* Dummy functions.  */
+int agent_scd_writecert (const char *certidstr,
+                         const unsigned char *certdata, size_t certdatalen);
+int agent_scd_readcert (const char *certidstr,
+                        void **r_buf, size_t *r_buflen);
+
+
 #endif /*ENABLE_CARD_SUPPORT*/
 #endif /*GNUPG_G10_CARDGLUE_H*/
 

Modified: branches/STABLE-BRANCH-1-4/g10/main.h
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/main.h	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/main.h	2009-08-03 17:47:18 UTC (rev 5106)
@@ -91,6 +91,10 @@
 #define idea_cipher_warn(a)
 #endif
 
+void md5_digest_warn (int show);
+
+void not_in_gpg1_notice (void);
+
 struct expando_args
 {
   PKT_public_key *pk;

Modified: branches/STABLE-BRANCH-1-4/g10/misc.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/misc.c	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/misc.c	2009-08-03 17:47:18 UTC (rev 5106)
@@ -350,8 +350,7 @@
 	}
     }
   else if(algo==DIGEST_ALGO_MD5)
-    log_info(_("WARNING: digest algorithm %s is deprecated\n"),
-	     digest_algo_to_string(algo));
+    md5_digest_warn (1);
 }
 
 /* Return a string which is used as a kind of process ID */
@@ -464,8 +463,42 @@
 }
 #endif
 
-static unsigned long get_signature_count(PKT_secret_key *sk)
+/* Print a warning if the md5 digest algorithm has been used.  This
+   warning is printed only once unless SHOW is used. */
+void
+md5_digest_warn (int show)
 {
+  static int warned = 0;
+
+  if (!warned || show)
+    {
+      log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+                digest_algo_to_string (DIGEST_ALGO_MD5));
+      log_info (_("please see %s for more information\n"),
+                "http://www.gnupg.org/faq/weak-digest-algos.html");
+      warned = 1;
+    }
+}
+
+
+void
+not_in_gpg1_notice (void)
+{
+  static int warned = 0;
+
+  if (!warned)
+    {
+      log_info (_("NOTE: This feature is not available in %s\n"), "GnuPG 1.x");
+      log_info (_("please see %s for more information\n"),
+                "http://www.gnupg.org/faq/features-not-in-gnupg-1.html");
+      warned = 1;
+    }
+}
+
+
+static unsigned long 
+get_signature_count(PKT_secret_key *sk)
+{
 #ifdef ENABLE_CARD_SUPPORT
   if(sk && sk->is_protected && sk->protect.s2k.mode==1002)
     {

Modified: branches/STABLE-BRANCH-1-4/g10/sig-check.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/sig-check.c	2009-07-31 14:36:59 UTC (rev 5105)
+++ branches/STABLE-BRANCH-1-4/g10/sig-check.c	2009-08-03 17:47:18 UTC (rev 5106)
@@ -318,6 +318,12 @@
 	mpi_free(result);
       }
 
+    /* Print the MD5 warning if not yet done.  Thus at most we get one
+       warning during signature checking.  Note that while validating
+       a key we might have already checked MD5 key signatures.  */
+    if (sig->digest_algo == DIGEST_ALGO_MD5)
+      md5_digest_warn (0);  
+
     if( !rc && sig->flags.unknown_critical )
       {
 	log_info(_("assuming bad signature from key %s"



From cvs at cvs.gnupg.org  Tue Aug  4 13:18:29 2009
From: cvs at cvs.gnupg.org (svn author marcus)
Date: Tue, 04 Aug 2009 13:18:29 +0200
Subject: [svn] GpgEX - r70 - in trunk: . doc
Message-ID: <E1MYGja-0001AJ-IP@lists.gnupg.com>

Author: marcus
Date: 2009-08-04 13:18:29 +0200 (Tue, 04 Aug 2009)
New Revision: 70

Modified:
   trunk/ChangeLog
   trunk/doc/gpgex-de.html
   trunk/doc/gpgex-en.html
Log:
2009-07-31  Emanuel Sch?\195?\188tze <emanuel at intevation.de>

	* doc/gpgex-de.html, doc/gpgex-en.html: Remove checksum text,
	improve documentation for debug message.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-07-17 17:28:14 UTC (rev 69)
+++ trunk/ChangeLog	2009-08-04 11:18:29 UTC (rev 70)
@@ -1,3 +1,8 @@
+2009-07-31  Emanuel Sch?tze <emanuel at intevation.de>
+
+	* doc/gpgex-de.html, doc/gpgex-en.html: Remove checksum text,
+	improve documentation for debug message.
+
 2009-03-24  Werner Koch  <wk at g10code.com>
 
 	Release 0.9.3.

Modified: trunk/doc/gpgex-de.html
===================================================================
--- trunk/doc/gpgex-de.html	2009-07-17 17:28:14 UTC (rev 69)
+++ trunk/doc/gpgex-de.html	2009-08-04 11:18:29 UTC (rev 70)
@@ -15,15 +15,15 @@
       Kleopatra ?ber die Kontext-Men?s von Dateien aufzurufen.
     </p>
     <h2>Befehle</h2>
-    <h3>Entschl?sseln und verifizieren, Entschl?sseln, Verifizieren</h3>
+    <h3>Entschl?sseln und ?berpr?fen, Entschl?sseln, ?berpr?fen</h3>
     <p>
-      Entschl?sselt und/oder verifiziert die ausgew?hlten Dateien.
+      Entschl?sselt und/oder ?berpr?ft die ausgew?hlten Dateien.
       FIXME: Hier wird ein Link zur Kleopatra-Dokumentation f?r die
       Entschl?ssel- und Verifizier-Funktionen eingestellt.
     </p>
-    <h3>Verschl?sseln und signieren, Verschl?sseln, Signieren</h3>
+    <h3>Signieren und verschl?sseln, Signieren, Verschl?sseln</h3>
     <p>
-      Verschl?sselt und/oder signiert die ausgew?hlten Dateien.
+      Signiert und/oder verschl?sselt die ausgew?hlten Dateien.
       FIXME: Hier wird ein Link zur Kleopatra-Dokumentation f?r die
       Verschl?ssel- und Signier-Funktionen eingestellt.
     </p>
@@ -33,18 +33,6 @@
       wird ein Link zur Kleopatra-Dokumentation f?r die
       Import-Funktion eingestellt.
     <p>
-    <h3>Pr?fsummen erstellen</h3>
-    <p>
-      Erstellt Pr?fsummen f?r die ausgew?hlten Dateien.  FIXME: Hier
-      wird ein Link zur Kleopatra-Dokumentation f?r die Funktionen zur
-      Erstellung von Pr?fsummen eingestellt.
-    </p>
-    <h3>Pr?fsummen verifizieren</h3>
-    <p>
-      Verifiziert die Pr?fsummen f?r die ausgew?hlten Dateien.  FIXME:
-      Hier wird ein Link zur Kleopatra-Dokumentation f?r die Funktion
-      zur Verifikation von Pr?fsummen eingestellt.
-    </p>
     <h3>Hilfe zu GpgEX</h3>
     <p>
       Stellt diese Hilfe dar.
@@ -54,16 +42,19 @@
       Falls nicht auf Kleopatra zugegriffen werden kann, wird ein
       Nachrichtenfenster mit einer Fehlermeldung angezeigt.  Um mehr
       Informationen zu erhalten, kann der Fehlerbericht von Kleopatra
-      eingesehen werden, oder es kann eine Debug Datei im Registry Eintrag
-      <code>GpgEX Debug File</code> zum Schl?ssel
-      <code>HKLM\Software\GNU\GnuPG</code> angegeben werden.
-      Informationen zum Protokoll werden dann ggf. nach einem Neustart
-      an diese Datei angehangen.
+      eingesehen werden (Anleitung siehe Gpg4win-Kompendium), 
+      oder es kann eine GpgEX-Diagnosedatei angegeben werden. Dazu
+      im Registrierungs-Editor den Schl?ssel
+      <code><acronym title="HKEY_LOCAL_MACHINE">HKLM</acronym>\Software\GNU\GnuPG</code>
+      ausw?hlen, eine neue "Zeichenfolge" mit dem Namen <code>GpgEX Debug File</code> 
+      anlegen und als Wert einen Dateinamen (z.B. <code>c:\temp\gpgex-debug-file.log</code>)
+      angeben. Informationen zum Protokoll werden dann nach
+      einem Neustart von Windows an diese Datei angehangen.
     </p>
-    <h2>Verweise</h2>
+    <h2>Hinweis</h2>
     <p>
-      Mehr Informationen und aktuelle Versionen sind auf der 
-      <a href="http://www.gpg4win.org/">Gpg4win Webpr?senz</a>
+      Mehr Informationen und aktuelle Programmversionen sind auf der 
+      <a href="http://www.gpg4win.de">Gpg4win Webpr?senz</a>
       verf?gbar.
     </p>
   </body>

Modified: trunk/doc/gpgex-en.html
===================================================================
--- trunk/doc/gpgex-en.html	2009-07-17 17:28:14 UTC (rev 69)
+++ trunk/doc/gpgex-en.html	2009-08-04 11:18:29 UTC (rev 70)
@@ -32,18 +32,6 @@
       Import certificates in the selected files.  FIXME: Here will be
       a link to the Kleopatra documentation for the import function.
     <p>
-    <h3>Create checksums</h3>
-    <p>
-      Create checksums for the selected files.  FIXME: Here will be a
-      link to the Kleopatra documentation for the create checksum
-      function.
-    </p>
-    <h3>Verify checksums</h3>
-    <p>
-      Verify the checksums for the selected files.  FIXME: Here will
-      be a link to the Kleopatra documentation for the verify checksum
-      function.
-    </p>
     <h3>Help on GpgEX</h3>
     <p>
       Display this help.
@@ -52,15 +40,17 @@
     <p>
       If Kleopatra can not be accessed, a message box with an error
       message will be displayed.  To get more information, you can
-      either check the error log of Kleopatra, or specify a debug file
-      with the registry value <code>GpgEX Debug File</code> in the key
-      <code>HKLM\Software\GNU\GnuPG</code>.  To this file logging
-      information is appended, after a restart if necessary.
+      either check the error log of Kleopatra, or specify a debug
+      file: Select the key <code><acronym title="HKEY_LOCAL_MACHINE">HKLM</acronym>\Software\GNU\GnuPG</code>
+      in the registry editor, create a new string value with the name
+      <code>GpgEX Debug File</code> and the value of the debug filename
+      (e.g. <code>c:\temp\gpgex-debug-file.log</code>).  To this file
+      logging information is appended, after a restart if necessary.
     </p>
-    <h2>References</h2>
+    <h2>Reference</h2>
     <p>
-      Please find more information and new versions at
-      the <a href="http://www.gpg4win.org/">Gpg4win web-site</a>.
+      Please find more information and new software versions at
+      the <a href="http://www.gpg4win.org/">Gpg4win website</a>.
     </p>
   </body>
 </html>



From cvs at cvs.gnupg.org  Tue Aug  4 15:49:18 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 04 Aug 2009 15:49:18 +0200
Subject: [svn] dirmngr - r322 - trunk/src
Message-ID: <E1MYJ5U-0003Pi-9N@lists.gnupg.com>

Author: wk
Date: 2009-08-04 15:49:17 +0200 (Tue, 04 Aug 2009)
New Revision: 322

Modified:
   trunk/src/ChangeLog
   trunk/src/ldap.c
Log:
Improved logging from the ldap wrapper.


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-07-31 13:36:49 UTC (rev 321)
+++ trunk/src/ChangeLog	2009-08-04 13:49:17 UTC (rev 322)
@@ -1,3 +1,10 @@
+2009-08-04  Werner Koch  <wk at g10code.com>
+
+	* ldap.c (ldap_wrapper_thread): Factor some code out to ...
+	(read_log_data): ... new.  Close the log fd on error.
+	(ldap_wrapper_thread): Delay cleanup until the log fd is closed.
+	(SAFE_PTH_CLOSE): New.  Use it instead of pth_close.
+
 2009-07-31  Werner Koch  <wk at g10code.com>
 
 	* server.c (cmd_loadcrl): Add option --url.

Modified: trunk/src/ldap.c
===================================================================
--- trunk/src/ldap.c	2009-07-31 13:36:49 UTC (rev 321)
+++ trunk/src/ldap.c	2009-08-04 13:49:17 UTC (rev 322)
@@ -107,14 +107,17 @@
 /* We need to know whether we are shutting down the process */
 static int shutting_down;
 
+/* Close the pth file descriptor FD and set it to -1.  */
+#define SAFE_PTH_CLOSE(fd) \
+  do { int _fd = fd; if (_fd != -1) { pth_close (_fd); fd = -1;} } while (0)
 
+
 /* Prototypes.  */
 static gpg_error_t read_buffer (ksba_reader_t reader,
                                 unsigned char *buffer, size_t count);
 
 
 
-
 
 /* Add HOST and PORT to our list of LDAP servers.  Fixme: We should
    better use an extra list of servers. */
@@ -173,10 +176,8 @@
       dirmngr_release_process (ctx->pid);
     }
   ksba_reader_release (ctx->reader);
-  if (ctx->fd != -1)
-    pth_close (ctx->fd);
-  if (ctx->log_fd != -1)
-    pth_close (ctx->log_fd);
+  SAFE_PTH_CLOSE (ctx->fd);
+  SAFE_PTH_CLOSE (ctx->log_fd);
   if (ctx->log_ev)
     pth_event_free (ctx->log_ev, PTH_FREE_THIS);
   xfree (ctx->line);
@@ -243,17 +244,47 @@
 }
 
 
+/* Read data from the log stream.  Returns true if the log stream
+   indicated EOF or error.  */
+static int
+read_log_data (struct wrapper_context_s *ctx)
+{
+  int n;
+  char line[256];
 
+  /* We must use the pth_read function for pipes, always.  */
+  do 
+    n = pth_read (ctx->log_fd, line, sizeof line - 1);
+  while (n < 0 && errno == EINTR);
+
+  if (n <= 0) /* EOF or error. */
+    {
+      if (n < 0)
+        log_error (_("error reading log from ldap wrapper %d: %s\n"),
+                   ctx->pid, strerror (errno));
+      print_log_line (ctx, NULL);
+      SAFE_PTH_CLOSE (ctx->log_fd);
+      pth_event_free (ctx->log_ev, PTH_FREE_THIS);
+      ctx->log_ev = NULL;
+      return 1;
+    }
+
+  line[n] = 0;
+  print_log_line (ctx, line);
+  if (ctx->stamp != (time_t)(-1))
+    ctx->stamp = time (NULL);
+  return 0;
+}
+
+
 /* This function is run by a separate thread to maintain the list of
    wrappers and to log error messages from these wrappers. */
 void *
 ldap_wrapper_thread (void *dummy)
 {
   int nfds;
-  int n;
   struct wrapper_context_s *ctx;
   struct wrapper_context_s *ctx_prev;
-  char line[256];
   time_t current_time;
 
   (void)dummy;
@@ -310,33 +341,8 @@
           if (nfds && ctx->log_fd != -1
 	      && pth_event_status (ctx->log_ev) == PTH_STATUS_OCCURRED)
             {
-              /* We must use the pth_read function for pipes, always.  */
-              do 
-                n = pth_read (ctx->log_fd, line, sizeof line - 1);
-              while (n < 0 && errno == EINTR);
-              if (n < 0)
-                {
-                  print_log_line (ctx, NULL);
-                  log_error (_("error reading log from ldap wrapper %d: %s\n"),
-                             ctx->pid, strerror (errno));
-                  any_action = 1;
-                }
-              else if (!n) /* EOF */
-                {
-                  print_log_line (ctx, NULL);
-                  pth_close (ctx->log_fd);
-                  ctx->log_fd = -1;
-                  pth_event_free (ctx->log_ev, PTH_FREE_THIS);
-                  ctx->log_ev = NULL;
-                  any_action = 1;
-                }
-              else 
-                {
-                  line[n] = 0;
-                  print_log_line (ctx, line);
-                  if (ctx->stamp != (time_t)(-1))
-                    ctx->stamp = time (NULL);
-                }
+              if (read_log_data (ctx))
+                any_action = 1;
             }
 
           /* Check whether the process is still running.  */
@@ -372,6 +378,9 @@
                 ctx->stamp = (time_t)(-1);
               log_info (_("ldap wrapper %d stalled - killing\n"),
                         (int)ctx->pid);
+              /* We need to close the log fd because the cleanup loop
+                 waits for it.  */
+              SAFE_PTH_CLOSE (ctx->log_fd);
               any_action = 1;
             }
         }
@@ -397,7 +406,8 @@
          is not anymore in use or we are in shutdown state.  */
      again:
       for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
-        if (ctx->ready && (!ctx->reader || shutting_down))
+        if (ctx->ready 
+            && ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
           {
             if (ctx_prev)
               ctx_prev->next = ctx->next;
@@ -431,7 +441,6 @@
 ldap_wrapper_release_context (ksba_reader_t reader)
 {
   struct wrapper_context_s *ctx;
-  int fd;
 
   if (!reader )
     return;
@@ -445,14 +454,9 @@
                     (int)ctx->pid, (int)ctx->printable_pid,
                     ctx->reader,
                     ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
-        
+
         ctx->reader = NULL;
-        if (ctx->fd != -1)
-          {
-            fd = ctx->fd;
-            ctx->fd = -1;
-            pth_close (fd);
-          }
+        SAFE_PTH_CLOSE (ctx->fd);
         if (ctx->ctrl)
           {
             ctx->ctrl->refcount--;
@@ -527,8 +531,7 @@
           if (err)
             {
               ctx->fd_error = err;
-              pth_close (ctx->fd);
-              ctx->fd = -1;
+              SAFE_PTH_CLOSE (ctx->fd);
               if (evt)
                 pth_event_free (evt, PTH_FREE_THIS);
               return -1;
@@ -538,8 +541,7 @@
       else if (n < 0)
         {
           ctx->fd_error = gpg_error_from_errno (errno);
-          pth_close (ctx->fd);
-          ctx->fd = -1;
+          SAFE_PTH_CLOSE (ctx->fd);
           if (evt)
             pth_event_free (evt, PTH_FREE_THIS);
           return -1;



From cvs at cvs.gnupg.org  Tue Aug  4 18:13:54 2009
From: cvs at cvs.gnupg.org (svn author marcus)
Date: Tue, 04 Aug 2009 18:13:54 +0200
Subject: [svn] GpgEX - r71 - in trunk: . doc
Message-ID: <E1MYLLP-0005So-8e@lists.gnupg.com>

Author: marcus
Date: 2009-08-04 18:13:54 +0200 (Tue, 04 Aug 2009)
New Revision: 71

Modified:
   trunk/ChangeLog
   trunk/doc/gpgex-de.html
   trunk/doc/gpgex-en.html
Log:
2009-08-04  Marcus Brinkmann  <marcus at g10code.de>

	* doc/gpgex-en.html, doc/gpgex-de.html: Add link to Kleo manual.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-08-04 11:18:29 UTC (rev 70)
+++ trunk/ChangeLog	2009-08-04 16:13:54 UTC (rev 71)
@@ -1,3 +1,7 @@
+2009-08-04  Marcus Brinkmann  <marcus at g10code.de>
+
+	* doc/gpgex-en.html, doc/gpgex-de.html: Add link to Kleo manual.
+
 2009-07-31  Emanuel Sch?tze <emanuel at intevation.de>
 
 	* doc/gpgex-de.html, doc/gpgex-en.html: Remove checksum text,

Modified: trunk/doc/gpgex-de.html
===================================================================
--- trunk/doc/gpgex-de.html	2009-08-04 11:18:29 UTC (rev 70)
+++ trunk/doc/gpgex-de.html	2009-08-04 16:13:54 UTC (rev 71)
@@ -53,6 +53,11 @@
     </p>
     <h2>Hinweis</h2>
     <p>
+      Mehr Informationen ?ber die Krypto-Operationen befinden sich im
+      <a href="../HTML/en/kleopatra/index.html">Kleopatra Handbuch</a>
+      (Englisch).
+    </p>
+    <p>
       Mehr Informationen und aktuelle Programmversionen sind auf der 
       <a href="http://www.gpg4win.de">Gpg4win Webpr?senz</a>
       verf?gbar.

Modified: trunk/doc/gpgex-en.html
===================================================================
--- trunk/doc/gpgex-en.html	2009-08-04 11:18:29 UTC (rev 70)
+++ trunk/doc/gpgex-en.html	2009-08-04 16:13:54 UTC (rev 71)
@@ -49,6 +49,10 @@
     </p>
     <h2>Reference</h2>
     <p>
+      More information about these crypto operations can be found in
+      the <a href="../HTML/en/kleopatra/index.html">Kleopatra
+      manual</a>.
+
       Please find more information and new software versions at
       the <a href="http://www.gpg4win.org/">Gpg4win website</a>.
     </p>



From cvs at cvs.gnupg.org  Wed Aug  5 13:24:44 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 05 Aug 2009 13:24:44 +0200
Subject: [svn] GnuPG -  r5107 - in trunk: common g10 scd
Message-ID: <E1MYdIx-0002CA-Um@lists.gnupg.com>

Author: wk
Date: 2009-08-05 13:24:43 +0200 (Wed, 05 Aug 2009)
New Revision: 5107

Modified:
   trunk/common/yesno.c
   trunk/g10/ChangeLog
   trunk/g10/call-agent.c
   trunk/g10/card-util.c
   trunk/g10/gpg.c
   trunk/scd/ChangeLog
   trunk/scd/app-openpgp.c
Log:
Ask for the keysize when generating a new card key.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/g10/ChangeLog	2009-08-05 11:24:43 UTC (rev 5107)
@@ -1,3 +1,16 @@
+2009-08-05  Werner Koch  <wk at g10code.com>
+
+	* gpg.c: Add --key-edit alias.
+
+	* call-agent.c (scd_genkey_cb): Forward progress status lines.
+
+	* card-util.c (generate_card_keys): Remove special case for
+	GnuPG-2.  Ask for the keysize and change it.
+	(card_generate_subkey): Ask for the keysize and change it.
+	(get_info_for_key_operation): Read KEY-ATTR.
+	(show_keysize_warning, ask_card_keysize): New.
+	(do_change_keysize): New.
+
 2009-07-31  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.c (main): --pgp6 includes --disable-mdc.

Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/scd/ChangeLog	2009-08-05 11:24:43 UTC (rev 5107)
@@ -1,3 +1,8 @@
+2009-08-05  Werner Koch  <wk at g10code.com>
+
+	* app-openpgp.c (change_keyattr_from_string): New.
+	(do_setattr): Support KEY-ATTR.
+
 2009-07-29  Marcus Brinkmann  <marcus at g10code.com>
 
 	* ccid-driver.c (print_pr_data): Fix 64 bit compat problem.

Modified: trunk/common/yesno.c
===================================================================
--- trunk/common/yesno.c	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/common/yesno.c	2009-08-05 11:24:43 UTC (rev 5107)
@@ -24,8 +24,12 @@
 #include "i18n.h"
 #include "util.h"
 
+
+/* Check the string S for a YES or NO answer and take care of
+   localization.  If no valid string is given the value of DEF_ANSWER
+   is returned.  Returns 1 for yes and 0 for no.  */
 int
-answer_is_yes_no_default( const char *s, int def_answer )
+answer_is_yes_no_default (const char *s, int def_answer)
 {
   /* TRANSLATORS: See doc/TRANSLATE about this string. */
   const char *long_yes = _("yes");

Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/g10/call-agent.c	2009-08-05 11:24:43 UTC (rev 5107)
@@ -667,7 +667,7 @@
     {
       parm->fprvalid = unhexify_fpr (line, parm->fpr);
     }
-  if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
+  else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen))
     {
       gcry_mpi_t a;
       const char *name = line;
@@ -694,6 +694,10 @@
     {
       parm->created_at = (u32)strtoul (line, NULL, 10);
     }
+  else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen))
+    {
+      write_status_text (STATUS_PROGRESS, line);
+    }
 
   return 0;
 }

Modified: trunk/g10/card-util.c
===================================================================
--- trunk/g10/card-util.c	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/g10/card-util.c	2009-08-05 11:24:43 UTC (rev 5107)
@@ -1158,6 +1158,8 @@
     rc = agent_scd_getattr ("DISP-NAME", info);
   if (!rc)
     rc = agent_scd_getattr ("EXTCAP", info);
+  if (!rc)
+    rc = agent_scd_getattr ("KEY-ATTR", info);
   if (rc)
     log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
   return rc;
@@ -1254,33 +1256,113 @@
 
 
 static void
+show_keysize_warning (void)
+{
+  static int shown;
+
+  if (shown)
+    return;
+  shown = 1;
+  tty_printf
+    (_("NOTE: There is no guarantee that the card "
+       "supports the requested size.\n"
+       "      If the key generation does not succeed, "
+       "please check the\n"
+       "      documentation of your card to see what "
+       "sizes are allowed.\n"));
+}
+
+
+/* Ask for the size of a card key.  NBITS is the current size
+   configured for the card.  KEYNO is the number of the key used to
+   select the prompt.  Returns 0 to use the default size (i.e. NBITS)
+   or the selected size.  */
+static unsigned int
+ask_card_keysize (int keyno, unsigned int nbits)
+{
+  unsigned int min_nbits = 1024;
+  unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan.  */
+  char *prompt, *answer;
+  unsigned int req_nbits;
+
+  for (;;)
+    {
+      prompt = xasprintf 
+        (keyno == 0?
+         _("What keysize do you want for the Signature key? (%u) "):
+         keyno == 1?
+         _("What keysize do you want for the Encryption key? (%u) "):
+         _("What keysize do you want for the Authentication key? (%u) "),
+         nbits);
+      answer = cpr_get ("cardedit.genkeys.size", prompt);
+      cpr_kill_prompt ();
+      req_nbits = *answer? atoi (answer): nbits;
+      xfree (prompt);
+      xfree (answer);
+      
+      if (req_nbits != nbits && (req_nbits % 32) )
+        {
+          req_nbits = ((req_nbits + 31) / 32) * 32;
+          tty_printf (_("rounded up to %u bits\n"), req_nbits);
+        }
+  
+      if (req_nbits == nbits)
+        return 0;  /* Use default.  */
+      
+      if (req_nbits < min_nbits || req_nbits > max_nbits)
+        {
+          tty_printf (_("%s keysizes must be in the range %u-%u\n"),
+                      "RSA", min_nbits, max_nbits);
+        }
+      else
+        {
+          tty_printf (_("The card will now be re-configured "
+                        "to generate a key of %u bits\n"), req_nbits);
+          show_keysize_warning ();
+          return req_nbits;
+        }
+    }
+}
+
+
+/* Change the size of key KEYNO (0..2) to NBITS and show an error
+   message if that fails.  */
+static gpg_error_t
+do_change_keysize (int keyno, unsigned int nbits) 
+{
+  gpg_error_t err;
+  char args[100];
+  
+  snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
+  err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
+  if (err)
+    log_error (_("error changing size of key %d to %u bits: %s\n"), 
+               keyno+1, nbits, gpg_strerror (err));
+  return err;
+}
+ 
+
+static void
 generate_card_keys (void)
 {
   struct agent_card_info_s info;
   int forced_chv1;
   int want_backup;
+  int keyno;
 
   if (get_info_for_key_operation (&info))
     return;
 
   if (info.extcap.ki)
     {
-#if GNUPG_MAJOR_VERSION == 1
       char *answer;
 
-
       answer = cpr_get ("cardedit.genkeys.backup_enc",
                         _("Make off-card backup of encryption key? (Y/n) "));
 
-      want_backup=answer_is_yes_no_default(answer,1);
-      cpr_kill_prompt();
-      xfree(answer);
-#else
-      want_backup = cpr_get_answer_is_yes 
-          ( "cardedit.genkeys.backup_enc",
-                    _("Make off-card backup of encryption key? (Y/n) "));
-  /*FIXME: we need answer_is_yes_no_default()*/
-#endif
+      want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
+      cpr_kill_prompt ();
+      xfree (answer);
     }
   else
     want_backup = 0;
@@ -1290,16 +1372,19 @@
        || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
     {
       tty_printf ("\n");
-      log_info ("NOTE: keys are already stored on the card!\n");
+      log_info (_("NOTE: keys are already stored on the card!\n"));
       tty_printf ("\n");
-      if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
-                                  _("Replace existing keys? (y/N) ")))
+      if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
+                                   _("Replace existing keys? (y/N) ")))
         {
           agent_release_card_info (&info);
           return;
         }
     }
-  else if (!info.disp_name || !*info.disp_name)
+
+  /* If no displayed name has been set, we assume that this is a fresh
+     card and print a hint about the default PINs.  */
+  if (!info.disp_name || !*info.disp_name)
     {
       tty_printf ("\n");
       tty_printf (_("Please note that the factory settings of the PINs are\n"
@@ -1311,10 +1396,32 @@
 
   if (check_pin_for_key_operation (&info, &forced_chv1))
     goto leave;
-  
-  generate_keypair (NULL, info.serialno,
-                    want_backup? opt.homedir:NULL);
 
+  /* If the cards features changeable key attributes, we ask for the
+     key size.  */
+  if (info.is_v2 && info.extcap.aac)
+    {
+      unsigned int nbits;
+
+      for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
+        {
+          nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
+          if (nbits && do_change_keysize (keyno, nbits))
+            {
+              /* Error: Better read the default key size again.  */
+              agent_release_card_info (&info);
+              if (get_info_for_key_operation (&info))
+                goto leave;
+              /* Ask again for this key size. */
+              keyno--;
+            }
+        }
+      /* Note that INFO has not be synced.  However we will only use
+         the serialnumber and thus it won't harm.  */
+    }
+     
+  generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
+
  leave:
   agent_release_card_info (&info);
   restore_forced_chv1 (&forced_chv1);
@@ -1365,6 +1472,26 @@
   if (check_pin_for_key_operation (&info, &forced_chv1))
     goto leave;
 
+  /* If the cards features changeable key attributes, we ask for the
+     key size.  */
+  if (info.is_v2 && info.extcap.aac)
+    {
+      unsigned int nbits;
+
+    ask_again:
+      nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
+      if (nbits && do_change_keysize (keyno-1, nbits))
+        {
+          /* Error: Better read the default key size again.  */
+          agent_release_card_info (&info);
+          if (get_info_for_key_operation (&info))
+            goto leave;
+          goto ask_again;
+        }
+      /* Note that INFO has not be synced.  However we will only use
+         the serialnumber and thus it won't harm.  */
+    }
+
   okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
                                    keyno, info.serialno);
 

Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/g10/gpg.c	2009-08-05 11:24:43 UTC (rev 5107)
@@ -394,6 +394,7 @@
   ARGPARSE_c (aSignKey,  "sign-key"   ,N_("sign a key")),
   ARGPARSE_c (aLSignKey, "lsign-key"  ,N_("sign a key locally")),
   ARGPARSE_c (aEditKey,  "edit-key"   ,N_("sign or edit a key")),
+  ARGPARSE_c (aEditKey,  "key-edit"   ,"@"),
   ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
   ARGPARSE_c (aDesigRevoke, "desig-revoke","@" ),
   ARGPARSE_c (aExport, "export"           , N_("export keys") ),

Modified: trunk/scd/app-openpgp.c
===================================================================
--- trunk/scd/app-openpgp.c	2009-08-03 17:47:18 UTC (rev 5106)
+++ trunk/scd/app-openpgp.c	2009-08-05 11:24:43 UTC (rev 5107)
@@ -214,6 +214,11 @@
                             const void *indata, size_t indatalen,
                             unsigned char **outdata, size_t *outdatalen);
 static void parse_algorithm_attribute (app_t app, int keyno);
+static gpg_error_t change_keyattr_from_string
+                           (app_t app, 
+                            gpg_error_t (*pincb)(void*, const char *, char **),
+                            void *pincb_arg,
+                            const void *value, size_t valuelen);
 
 
 
@@ -1793,6 +1798,7 @@
     { "CERT-3",       0x7F21, 3, 0, 1 },
     { "SM-KEY-ENC",   0x00D1, 3, 0, 1 },
     { "SM-KEY-MAC",   0x00D2, 3, 0, 1 },
+    { "KEY-ATTR",     0,      0, 3, 1 },
     { NULL, 0 }
   };
   int exmode;
@@ -1804,6 +1810,9 @@
   if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
     return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported.  */
 
+  if (table[idx].special == 3)
+    return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
+
   switch (table[idx].need_chv)
     {
     case 2:
@@ -2404,7 +2413,46 @@
 }
 
 
+/* Helper to process an setattr command for name KEY-ATTR.  It expects
+   a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN).  */
+static gpg_error_t 
+change_keyattr_from_string (app_t app, 
+                            gpg_error_t (*pincb)(void*, const char *, char **),
+                            void *pincb_arg,
+                            const void *value, size_t valuelen)
+{
+  gpg_error_t err;
+  char *string;
+  int keyno, algo;
+  unsigned int nbits;
 
+  /* VALUE is expected to be a string but not guaranteed to be
+     terminated.  Thus copy it to an allocated buffer first. */
+  string = xtrymalloc (valuelen+1);
+  if (!string)
+    return gpg_error_from_syserror ();
+  memcpy (string, value, valuelen);
+  string[valuelen] = 0;
+
+  /* Because this function deletes the key we require the string
+     "--force" in the data to make clear that something serious might
+     happen.  */
+  if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
+    err = gpg_error (GPG_ERR_INV_DATA);
+  else if (keyno < 1 || keyno > 3)
+    err = gpg_error (GPG_ERR_INV_ID);
+  else if (algo != 1)
+    err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA.  */
+  else if (nbits < 1024)
+    err = gpg_error (GPG_ERR_TOO_SHORT);
+  else
+    err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
+
+  xfree (string);
+  return err;
+}
+
+
 /* Handle the WRITEKEY command for OpenPGP.  This function expects a
    canonical encoded S-expression with the secret key in KEYDATA and
    its length (for assertions) in KEYDATALEN.  KEYID needs to be the



From cvs at cvs.gnupg.org  Wed Aug  5 15:48:24 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 05 Aug 2009 15:48:24 +0200
Subject: [svn] GnuPG -  r5108 - trunk/g10
Message-ID: <E1MYfXx-0004Z8-KJ@lists.gnupg.com>

Author: wk
Date: 2009-08-05 15:48:23 +0200 (Wed, 05 Aug 2009)
New Revision: 5108

Modified:
   trunk/g10/ChangeLog
   trunk/g10/call-agent.c
   trunk/g10/card-util.c
Log:
Enable readline support in --card-edit.
better cope with re-inserted cards.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-05 11:24:43 UTC (rev 5107)
+++ trunk/g10/ChangeLog	2009-08-05 13:48:23 UTC (rev 5108)
@@ -1,5 +1,9 @@
 2009-08-05  Werner Koch  <wk at g10code.com>
 
+	* card-util.c: Enable readline support also in GnuPG-2.
+	
+	* call-agent.c (agent_learn): Always select the card first.
+
 	* gpg.c: Add --key-edit alias.
 
 	* call-agent.c (scd_genkey_cb): Forward progress status lines.

Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c	2009-08-05 11:24:43 UTC (rev 5107)
+++ trunk/g10/call-agent.c	2009-08-05 13:48:23 UTC (rev 5108)
@@ -458,6 +458,19 @@
   if (rc)
     return rc;
 
+  /* Send the serialno command to initialize the connection.  We don't
+     care about the data returned.  If the card has already been
+     initialized, this is a very fast command.  The main reason we
+     need to do this here is to handle a card removed case so that an
+     "l" command in --card-edit can be used to show ta newly inserted
+     card.  We request the openpgp card because that is what we
+     expect. */
+  rc = assuan_transact (agent_ctx, "SCD SERIALNO openpgp",
+                        NULL, NULL, NULL, NULL, NULL, NULL);
+  if (rc)
+    return rc;
+
+
   memset (info, 0, sizeof *info);
   rc = assuan_transact (agent_ctx, "SCD LEARN --force",
                         dummy_data_cb, NULL, default_inq_cb, NULL,

Modified: trunk/g10/card-util.c
===================================================================
--- trunk/g10/card-util.c	2009-08-05 11:24:43 UTC (rev 5107)
+++ trunk/g10/card-util.c	2009-08-05 13:48:23 UTC (rev 5108)
@@ -23,6 +23,10 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
+#ifdef HAVE_LIBREADLINE
+# define GNUPG_LIBREADLINE_H_INCLUDED
+# include <readline/readline.h>
+#endif /*HAVE_LIBREADLINE*/
 
 #if GNUPG_MAJOR_VERSION != 1
 # include "gpg.h"
@@ -34,12 +38,8 @@
 #include "options.h"
 #include "main.h"
 #include "keyserver-internal.h"
+
 #if GNUPG_MAJOR_VERSION == 1
-# ifdef HAVE_LIBREADLINE
-# define GNUPG_LIBREADLINE_H_INCLUDED
-# include <stdio.h>
-# include <readline/readline.h>
-# endif /*HAVE_LIBREADLINE*/
 # include "cardglue.h"
 #else /*GNUPG_MAJOR_VERSION!=1*/
 # include "call-agent.h"
@@ -1704,7 +1704,7 @@
   };
 
 
-#if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
+#ifdef HAVE_LIBREADLINE
 
 /* These two functions are used by readline for command completion. */
 
@@ -1737,6 +1737,7 @@
 static char **
 card_edit_completion(const char *text, int start, int end)
 {
+  (void)end;
   /* If we are at the start of a line, we try and command-complete.
      If not, just do nothing for now. */
 
@@ -1747,7 +1748,7 @@
 
   return NULL;
 }
-#endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
+#endif /*HAVE_LIBREADLINE*/
 
 /* Menu to edit all user changeable values on an OpenPGP card.  Only
    Key creation is not handled here. */
@@ -1815,15 +1816,11 @@
 
 	    if (!have_commands)
               {
-#if GNUPG_MAJOR_VERSION == 1
 		tty_enable_completion (card_edit_completion);
-#endif
 		answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
 		cpr_kill_prompt();
-#if GNUPG_MAJOR_VERSION == 1
 		tty_disable_completion ();
-#endif
-	    }
+              }
 	    trim_spaces(answer);
 	}
       while ( *answer == '#' );



From cvs at cvs.gnupg.org  Wed Aug  5 17:02:24 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 05 Aug 2009 17:02:24 +0200
Subject: [svn] gcry - r1403 - in trunk: . src
Message-ID: <E1MYghZ-0005n5-Nn@lists.gnupg.com>

Author: wk
Date: 2009-08-05 17:02:24 +0200 (Wed, 05 Aug 2009)
New Revision: 1403

Modified:
   trunk/ChangeLog
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/ath.h
Log:
Include sys/msg.h if needed.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-07-09 12:34:46 UTC (rev 1402)
+++ trunk/ChangeLog	2009-08-05 15:02:24 UTC (rev 1403)
@@ -1,3 +1,7 @@
+2009-08-05  Werner Koch  <wk at g10code.com>
+
+	* configure.ac: Test for sys/msg.h.
+
 2009-04-23  Werner Koch  <wk at g10code.com>
 
 	* README: Add a section on build problems.

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-07-09 12:34:46 UTC (rev 1402)
+++ trunk/src/ChangeLog	2009-08-05 15:02:24 UTC (rev 1403)
@@ -1,3 +1,7 @@
+2009-08-05  Werner Koch  <wk at g10code.com>
+
+	* ath.h: Include sys/msg.h.
+
 2009-07-02  Werner Koch  <wk at g10code.com>
 
 	* fips.c (_gcry_initialize_fips_mode): Do not use FIPS mode if

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-07-09 12:34:46 UTC (rev 1402)
+++ trunk/configure.ac	2009-08-05 15:02:24 UTC (rev 1403)
@@ -571,7 +571,7 @@
 ##################################
 
 AC_HEADER_STDC
-AC_CHECK_HEADERS(unistd.h sys/select.h)
+AC_CHECK_HEADERS(unistd.h sys/select.h sys/msg.h)
 
 ##########################################
 #### Checks for typedefs, structures, ####

Modified: trunk/src/ath.h
===================================================================
--- trunk/src/ath.h	2009-07-09 12:34:46 UTC (rev 1402)
+++ trunk/src/ath.h	2009-08-05 15:02:24 UTC (rev 1403)
@@ -32,6 +32,9 @@
 #  include <sys/time.h>
 # endif
 # include <sys/types.h>
+# ifdef HAVE_SYS_MSG_H
+#  include <sys/msg.h>  /* (e.g. for zOS) */
+# endif
 # include <sys/socket.h>
 #endif /* !_WIN32 */
 #include <gpg-error.h>



From cvs at cvs.gnupg.org  Thu Aug  6 19:17:19 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 06 Aug 2009 19:17:19 +0200
Subject: [svn] gpgme - r1394 - in trunk: . doc src tests tests/gpg
Message-ID: <E1MZ5HT-0003S1-69@lists.gnupg.com>

Author: wk
Date: 2009-08-06 19:17:18 +0200 (Thu, 06 Aug 2009)
New Revision: 1394

Added:
   trunk/tests/run-sign.c
Modified:
   trunk/NEWS
   trunk/doc/ChangeLog
   trunk/doc/gpgme.texi
   trunk/doc/uiserver.texi
   trunk/src/ChangeLog
   trunk/src/engine-gpgsm.c
   trunk/src/gpgme.h.in
   trunk/src/op-support.c
   trunk/src/sign.c
   trunk/tests/ChangeLog
   trunk/tests/Makefile.am
   trunk/tests/gpg/t-sign.c
Log:
Fix detection of invalid signer keys.
Support the new INV_SGNR status code.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/doc/ChangeLog	2009-08-06 17:17:18 UTC (rev 1394)
@@ -1,3 +1,8 @@
+2009-07-21  Werner Koch  <wk at g10code.com>
+
+	* uiserver.texi (UI Server Encrypt): Add --expect-sign option to
+	PREP_ENCRYPT.
+
 2009-06-16  Marcus Brinkmann  <marcus at g10code.de>
 
 	* gpgme.texi (Result Management): New section.

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/src/ChangeLog	2009-08-06 17:17:18 UTC (rev 1394)
@@ -1,3 +1,16 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* op-support.c (_gpgme_parse_inv_recp): Allow for no fingerprint.
+
+	* engine-gpgsm.c (gpgsm_sign): Hook up the status func for the
+	SIGNER command.
+	* gpgme.h.in (GPGME_STATUS_INV_SGNR, GPGME_STATUS_NO_SGNR): New.
+	* sign.c (op_data_t): Add fields IGNORE_INV_RECP and INV_SGNR_SEEN.
+	(_gpgme_op_sign_init_result): Factor code out to ...
+	(sign_init_result): .. new.  Init new fields.
+	(sign_start): Use sign_init_result.
+	(_gpgme_sign_status_handler): Take care of the new INV_SGNR.
+
 2009-07-07  Werner Koch  <wk at g10code.com>
 
 	* engine-gpgsm.c (struct engine_gpgsm): Add fields

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/tests/ChangeLog	2009-08-06 17:17:18 UTC (rev 1394)
@@ -1,3 +1,7 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* run-sign.c: New.
+
 2009-07-07  Werner Koch  <wk at g10code.com>
 
 	* run-keylist.c (main):  Add options --cms and --openpgp.  

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/NEWS	2009-08-06 17:17:18 UTC (rev 1394)
@@ -3,6 +3,12 @@
 
  * (none yet)
 
+ * Interface changes relative to the 1.1.7 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_STATUS_INV_SGNR    NEW.
+ GPGME_STATUS_NO_SGNR     NEW.
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 Noteworthy changes in version 1.2.0 (2009-06-18)
 ------------------------------------------------
 

Modified: trunk/doc/gpgme.texi
===================================================================
--- trunk/doc/gpgme.texi	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/doc/gpgme.texi	2009-08-06 17:17:18 UTC (rev 1394)
@@ -4777,7 +4777,7 @@
 last operation on the context was a @code{gpgme_op_sign},
 @code{gpgme_op_sign_start}, @code{gpgme_op_encrypt_sign} or
 @code{gpgme_op_encrypt_sign_start} operation.  If that operation
-failed, the function might return a @code{NULL} pointer, The returned
+failed, the function might return a @code{NULL} pointer. The returned
 pointer is only valid until the next operation is started on the
 context.
 @end deftypefun

Modified: trunk/doc/uiserver.texi
===================================================================
--- trunk/doc/uiserver.texi	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/doc/uiserver.texi	2009-08-06 17:17:18 UTC (rev 1394)
@@ -118,7 +118,7 @@
 To support automagically selection of the protocol depending on the
 selected keys, the server MAY implement the command:
 
- at deffn Command PREP_ENCRYPT [- at w{}-protocol=@var{name}]
+ at deffn Command PREP_ENCRYPT [- at w{}-protocol=@var{name}] [- at w{}-expect-sign]
 
 This commands considers all recipients set so far and decides whether it
 is able to take input and start the actual decryption.  This is kind of
@@ -129,8 +129,15 @@
 not given, the server should allow the user to select the protocol to be
 used based on the recipients given or by any other means.
 
+If @option{--expect-sign} is given the server should expect that the
+message will also be signed and use this hint to present a unified
+recipient and signer selection dialog if possible and desired.  A
+selected signer should then be cached for the expected SIGN command
+(which is expected in the same session but possible on another
+connection).
+
 If this command is given again before a successful @command{ENCRYPT}
-command, the second one takes effect. 
+command, the second one takes effect.
 
 Before sending the OK response the server shall tell the client the
 protocol to be used (either the one given by the argument or the one

Modified: trunk/src/engine-gpgsm.c
===================================================================
--- trunk/src/engine-gpgsm.c	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/src/engine-gpgsm.c	2009-08-06 17:17:18 UTC (rev 1394)
@@ -1870,7 +1870,7 @@
       if (asprintf (&assuan_cmd, "OPTION include-certs %i", include_certs) < 0)
 	return gpg_error_from_errno (errno);
       err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, assuan_cmd,
-					 NULL, NULL);
+                                         NULL, NULL);
       free (assuan_cmd);
       if (err)
 	return err;
@@ -1885,7 +1885,8 @@
 
           strcpy (stpcpy (buf, "SIGNER "), s);
           err = gpgsm_assuan_simple_command (gpgsm->assuan_ctx, buf,
-                                             NULL, NULL);
+                                             gpgsm->status.fnc,
+                                             gpgsm->status.fnc_value);
 	}
       else
         err = gpg_error (GPG_ERR_INV_VALUE);

Modified: trunk/src/gpgme.h.in
===================================================================
--- trunk/src/gpgme.h.in	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/src/gpgme.h.in	2009-08-06 17:17:18 UTC (rev 1394)
@@ -485,7 +485,9 @@
     GPGME_STATUS_PKA_TRUST_BAD = 79,
     GPGME_STATUS_PKA_TRUST_GOOD = 80,
 
-    GPGME_STATUS_PLAINTEXT = 81
+    GPGME_STATUS_PLAINTEXT = 81,
+    GPGME_STATUS_INV_SGNR = 82,
+    GPGME_STATUS_NO_SGNR = 83
   }
 gpgme_status_code_t;
 

Modified: trunk/src/op-support.c
===================================================================
--- trunk/src/op-support.c	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/src/op-support.c	2009-08-06 17:17:18 UTC (rev 1394)
@@ -162,8 +162,8 @@
 }
 
 
-/* Parse the INV_RECP status line in ARGS and return the result in
-   KEY.  */
+/* Parse the INV_RECP or INV-SNDR status line in ARGS and return the
+   result in KEY.  */
 gpgme_error_t
 _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key)
 {
@@ -177,7 +177,7 @@
   inv_key->next = NULL;
   errno = 0;
   reason = strtol (args, &tail, 0);
-  if (errno || args == tail || *tail != ' ')
+  if (errno || args == tail || (*tail && *tail != ' '))
     {
       /* The crypto backend does not behave.  */
       free (inv_key);
@@ -236,7 +236,7 @@
       break;
     }
 
-  while (*tail == ' ')
+  while (*tail && *tail == ' ')
     tail++;
   if (*tail)
     {

Modified: trunk/src/sign.c
===================================================================
--- trunk/src/sign.c	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/src/sign.c	2009-08-06 17:17:18 UTC (rev 1394)
@@ -46,6 +46,10 @@
 
   /* Likewise for signature information.  */
   gpgme_new_signature_t *last_sig_p;
+
+  /* Flags used while processing the status lines.  */
+  unsigned int ignore_inv_recp:1;
+  unsigned int inv_sgnr_seen:1;
 } *op_data_t;
 
 
@@ -266,6 +270,12 @@
       break;
 
     case GPGME_STATUS_INV_RECP:
+      if (opd->inv_sgnr_seen && opd->ignore_inv_recp)
+        break; 
+      /* FALLTROUGH */
+    case GPGME_STATUS_INV_SGNR:
+      if (code == GPGME_STATUS_INV_SGNR)
+        opd->inv_sgnr_seen = 1;
       err = _gpgme_parse_inv_recp (args, opd->last_signer_p);
       if (err)
 	return err;
@@ -297,8 +307,8 @@
 }
 
 
-gpgme_error_t
-_gpgme_op_sign_init_result (gpgme_ctx_t ctx)
+static gpgme_error_t
+sign_init_result (gpgme_ctx_t ctx, int ignore_inv_recp)
 {
   gpgme_error_t err;
   void *hook;
@@ -311,10 +321,18 @@
     return err;
   opd->last_signer_p = &opd->result.invalid_signers;
   opd->last_sig_p = &opd->result.signatures;
+  opd->ignore_inv_recp = !!ignore_inv_recp;
+  opd->inv_sgnr_seen = 0;
   return 0;
 }
 
+gpgme_error_t
+_gpgme_op_sign_init_result (gpgme_ctx_t ctx)
+{
+  return sign_init_result (ctx, 0);
+}
 
+
 static gpgme_error_t
 sign_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t plain,
 	    gpgme_data_t sig, gpgme_sig_mode_t mode)
@@ -325,7 +343,10 @@
   if (err)
     return err;
 
-  err = _gpgme_op_sign_init_result (ctx);
+  /* If we are using the CMS protocol, we ignore the INV_RECP status
+     code if a newer GPGSM is in use.  GPGMS does not support combined
+     sign+encrypt and thus this can't harm.  */
+  err = sign_init_result (ctx, (ctx->protocol == GPGME_PROTOCOL_CMS));
   if (err)
     return err;
 

Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/tests/Makefile.am	2009-08-06 17:17:18 UTC (rev 1394)
@@ -32,7 +32,7 @@
 
 noinst_HEADERS = run-support.h
 
-noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import
+noinst_PROGRAMS = $(TESTS) run-keylist run-export run-import run-sign
 
 
 if RUN_GPG_TESTS

Modified: trunk/tests/gpg/t-sign.c
===================================================================
--- trunk/tests/gpg/t-sign.c	2009-07-08 11:49:18 UTC (rev 1393)
+++ trunk/tests/gpg/t-sign.c	2009-08-06 17:17:18 UTC (rev 1394)
@@ -102,6 +102,17 @@
 
   gpgme_set_textmode (ctx, 1);
   gpgme_set_armor (ctx, 1);
+  
+#if 0
+  {
+    gpgme_key_t akey;
+    err = gpgme_get_key (ctx, "0x68697734", &akey, 0);
+    fail_if_err (err);
+    err = gpgme_signers_add (ctx, akey);
+    fail_if_err (err);
+    gpgme_key_unref (akey);
+  }
+#endif
 
   err = gpgme_data_new_from_mem (&in, "Hallo Leute\n", 12, 0);
   fail_if_err (err);

Added: trunk/tests/run-sign.c
===================================================================
--- trunk/tests/run-sign.c	                        (rev 0)
+++ trunk/tests/run-sign.c	2009-08-06 17:17:18 UTC (rev 1394)
@@ -0,0 +1,187 @@
+/* run-sign.c  - Helper to perform a sign operation
+   Copyright (C) 2009 g10 Code GmbH
+
+   This file is part of GPGME.
+ 
+   GPGME is free software; you can redistribute it and/or modify it
+   under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of
+   the License, or (at your option) any later version.
+   
+   GPGME is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+   
+   You should have received a copy of the GNU Lesser General Public
+   License along with this program; if not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* We need to include config.h so that we know whether we are building
+   with large file system (LFS) support. */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gpgme.h>
+
+#define PGM "run-sign"
+
+#include "run-support.h"
+
+
+static int verbose;
+
+
+static void
+print_result (gpgme_sign_result_t result, gpgme_sig_mode_t type)
+{
+  gpgme_invalid_key_t invkey;
+  gpgme_new_signature_t sig;
+
+  for (invkey = result->invalid_signers; invkey; invkey = invkey->next)
+    printf ("Signing key `%s' not used: %s <%s>\n", 
+            nonnull (invkey->fpr), 
+            gpg_strerror (invkey->reason), gpg_strsource (invkey->reason));
+  
+  for (sig = result->signatures; sig; sig = sig->next)
+    {
+      printf ("Key fingerprint: %s\n", nonnull (sig->fpr));
+      printf ("Signature type : %d\n", sig->type);
+      printf ("Public key algo: %d\n", sig->pubkey_algo);
+      printf ("Hash algo .....: %d\n", sig->hash_algo);
+      printf ("Creation time .: %ld\n", sig->timestamp);
+      printf ("Sig class .....: 0x%u\n", sig->sig_class);
+    }
+}
+
+
+
+static int
+show_usage (int ex)
+{
+  fputs ("usage: " PGM " [options] FILE\n\n"
+         "Options:\n"
+         "  --verbose        run in verbose mode\n"
+         "  --openpgp        use the OpenPGP protocol (default)\n"
+         "  --cms            use the CMS protocol\n"
+         "  --key NAME       use key NAME for signing\n"
+         , stderr);
+  exit (ex);
+}
+
+
+int 
+main (int argc, char **argv)
+{
+  int last_argc = -1;
+  gpgme_error_t err;
+  gpgme_ctx_t ctx;
+  const char *key_string = NULL;
+  gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
+  gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_NORMAL;
+  gpgme_data_t in, out;
+  gpgme_sign_result_t result;
+
+  if (argc)
+    { argc--; argv++; }
+
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        show_usage (0);
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--openpgp"))
+        {
+          protocol = GPGME_PROTOCOL_OpenPGP;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--cms"))
+        {
+          protocol = GPGME_PROTOCOL_CMS;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--key"))
+        {
+          argc--; argv++;
+          if (!argc)
+            show_usage (1);
+          key_string = *argv;
+          argc--; argv++;
+        }
+      else if (!strncmp (*argv, "--", 2))
+        show_usage (1);
+      
+    }          
+ 
+  if (argc != 1)
+    show_usage (1);
+
+  init_gpgme (protocol);
+
+  err = gpgme_new (&ctx);
+  fail_if_err (err);
+  gpgme_set_protocol (ctx, protocol);
+  gpgme_set_armor (ctx, 1);
+
+  if (key_string)
+    {
+      gpgme_key_t akey;
+
+      err = gpgme_get_key (ctx, key_string, &akey, 1);
+      if (err)
+        {
+          fprintf (stderr, PGM ": error getting key `%s': %s\n",
+                   key_string, gpg_strerror (err));
+          exit (1);
+        }
+      err = gpgme_signers_add (ctx, akey);
+      fail_if_err (err);
+      gpgme_key_unref (akey);
+    }
+
+  err = gpgme_data_new_from_file (&in, *argv, 1);
+  if (err)
+    {
+      fprintf (stderr, PGM ": error reading `%s': %s\n",
+               *argv, gpg_strerror (err));
+      exit (1);
+    }
+
+  err = gpgme_data_new (&out);
+  fail_if_err (err);
+
+  err = gpgme_op_sign (ctx, in, out, sigmode);
+  result = gpgme_op_sign_result (ctx);
+  if (result)
+    print_result (result, sigmode);
+  if (err)
+    {
+      fprintf (stderr, PGM ": signing failed: %s\n", gpg_strerror (err));
+      exit (1);
+    }
+
+  fputs ("Begin Output:\n", stdout);
+  print_data (out);
+  fputs ("End Output.\n", stdout);
+  gpgme_data_release (out);
+
+  gpgme_data_release (in);
+
+  gpgme_release (ctx);
+  return 0;
+}



From cvs at cvs.gnupg.org  Thu Aug  6 21:09:11 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 06 Aug 2009 21:09:11 +0200
Subject: [svn] gpgme - r1395 - trunk/src
Message-ID: <E1MZ71h-0005n4-5A@lists.gnupg.com>

Author: wk
Date: 2009-08-06 21:09:10 +0200 (Thu, 06 Aug 2009)
New Revision: 1395

Modified:
   trunk/src/ChangeLog
   trunk/src/sign.c
Log:
Better detection for signature creation failure.


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-08-06 17:17:18 UTC (rev 1394)
+++ trunk/src/ChangeLog	2009-08-06 19:09:10 UTC (rev 1395)
@@ -10,6 +10,7 @@
 	(sign_init_result): .. new.  Init new fields.
 	(sign_start): Use sign_init_result.
 	(_gpgme_sign_status_handler): Take care of the new INV_SGNR.
+	Return an error if no signature has been created.
 
 2009-07-07  Werner Koch  <wk at g10code.com>
 

Modified: trunk/src/sign.c
===================================================================
--- trunk/src/sign.c	2009-08-06 17:17:18 UTC (rev 1394)
+++ trunk/src/sign.c	2009-08-06 19:09:10 UTC (rev 1395)
@@ -50,6 +50,7 @@
   /* Flags used while processing the status lines.  */
   unsigned int ignore_inv_recp:1;
   unsigned int inv_sgnr_seen:1;
+  unsigned int sig_created_seen:1;
 } *op_data_t;
 
 
@@ -262,6 +263,7 @@
   switch (code)
     {
     case GPGME_STATUS_SIG_CREATED:
+      opd->sig_created_seen = 1;
       err = parse_sig_created (args, opd->last_sig_p);
       if (err)
 	return err;
@@ -285,7 +287,9 @@
 
     case GPGME_STATUS_EOF:
       if (opd->result.invalid_signers)
-	return gpg_error (GPG_ERR_UNUSABLE_SECKEY);
+	err = gpg_error (GPG_ERR_UNUSABLE_SECKEY);
+      else if (!opd->sig_created_seen)
+	err = gpg_error (GPG_ERR_GENERAL);
       break;
 
     default:
@@ -323,6 +327,7 @@
   opd->last_sig_p = &opd->result.signatures;
   opd->ignore_inv_recp = !!ignore_inv_recp;
   opd->inv_sgnr_seen = 0;
+  opd->sig_created_seen = 0;
   return 0;
 }
 



From cvs at cvs.gnupg.org  Thu Aug  6 22:12:01 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 06 Aug 2009 22:12:01 +0200
Subject: [svn] GnuPG -  r5109 - in trunk: common doc g10 sm
Message-ID: <E1MZ80V-000773-9u@lists.gnupg.com>

Author: wk
Date: 2009-08-06 22:12:00 +0200 (Thu, 06 Aug 2009)
New Revision: 5109

Modified:
   trunk/common/ChangeLog
   trunk/common/status.c
   trunk/common/status.h
   trunk/doc/ChangeLog
   trunk/doc/DETAILS
   trunk/g10/ChangeLog
   trunk/g10/cpr.c
   trunk/g10/seckey-cert.c
   trunk/g10/skclist.c
   trunk/sm/ChangeLog
   trunk/sm/gpgsm.c
   trunk/sm/server.c
   trunk/sm/sign.c
Log:
Improved detection of bad/invalid signer keys.


Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/common/ChangeLog	2009-08-06 20:12:00 UTC (rev 5109)
@@ -1,3 +1,8 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.
+	* status.c (get_inv_recpsgnr_code): New.
+
 2009-07-23  David Shaw  <dshaw at jabberwocky.com>
 
 	* srv.c (getsrv): Fix type-punning warning.

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/doc/ChangeLog	2009-08-06 20:12:00 UTC (rev 5109)
@@ -1,3 +1,7 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* DETAILS: Describe the new INV_SNDR and NO_SNDR..
+
 2009-07-31  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.texi (OpenPGP Options): Don't mention

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/g10/ChangeLog	2009-08-06 20:12:00 UTC (rev 5109)
@@ -1,3 +1,9 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* skclist.c (build_sk_list): Print INV_SGNR status line.
+	* seckey-cert.c (do_check): Return G10ERR_UNU_SECKEY instead of
+	general error.
+
 2009-08-05  Werner Koch  <wk at g10code.com>
 
 	* card-util.c: Enable readline support also in GnuPG-2.

Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/sm/ChangeLog	2009-08-06 20:12:00 UTC (rev 5109)
@@ -1,3 +1,13 @@
+2009-08-06  Werner Koch  <wk at g10code.com>
+
+	* sign.c (gpgsm_sign): Print INV_SNDR for a bad default key.
+
+	* server.c (cmd_signer): Remove unneeded case for -1.  Send
+	INV_SGNR.  Use new map function.
+	(cmd_recipient): Use new map function.
+	* gpgsm.c (do_add_recipient): Use new map function for INV_RECP.
+	(main): Ditto.  Also send INV_SGNR.
+
 2009-07-30  Werner Koch  <wk at g10code.com>
 
 	* call-agent.c (learn_cb): Do not store as ephemeral.

Modified: trunk/common/status.c
===================================================================
--- trunk/common/status.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/common/status.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -36,3 +36,30 @@
     return statusstr_msgstr + statusstr_msgidx[idx];
 }
 
+
+const char *
+get_inv_recpsgnr_code (gpg_error_t err)
+{
+  const char *errstr;
+  
+  switch (gpg_err_code (err))
+    {
+    case GPG_ERR_NO_PUBKEY:       errstr = "1"; break;
+    case GPG_ERR_AMBIGUOUS_NAME:  errstr = "2"; break;
+    case GPG_ERR_WRONG_KEY_USAGE: errstr = "3"; break;
+    case GPG_ERR_CERT_REVOKED:    errstr = "4"; break;
+    case GPG_ERR_CERT_EXPIRED:    errstr = "5"; break;
+    case GPG_ERR_NO_CRL_KNOWN:    errstr = "6"; break;
+    case GPG_ERR_CRL_TOO_OLD:     errstr = "7"; break;
+    case GPG_ERR_NO_POLICY_MATCH: errstr = "8"; break;
+
+    case GPG_ERR_UNUSABLE_SECKEY:
+    case GPG_ERR_NO_SECKEY:       errstr = "9"; break;
+
+    case GPG_ERR_NOT_TRUSTED:     errstr = "10"; break;
+    case GPG_ERR_MISSING_CERT:    errstr = "11"; break;
+    default:                      errstr = "0"; break;
+    }
+
+  return errstr;
+}

Modified: trunk/common/status.h
===================================================================
--- trunk/common/status.h	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/common/status.h	2009-08-06 20:12:00 UTC (rev 5109)
@@ -91,7 +91,9 @@
     STATUS_USERID_HINT,
     STATUS_UNEXPECTED,
     STATUS_INV_RECP,
+    STATUS_INV_SGNR,
     STATUS_NO_RECP,
+    STATUS_NO_SGNR,
 
     STATUS_ALREADY_SIGNED,
     STATUS_KEYEXPIRED,
@@ -127,6 +129,7 @@
 
 
 const char *get_status_string (int code);
+const char *get_inv_recpsgnr_code (gpg_error_t err);
 
 
 #endif /*GNUPG_COMMON_STATUS_H*/

Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/doc/DETAILS	2009-08-06 20:12:00 UTC (rev 5109)
@@ -361,7 +361,7 @@
 
     KEYEXPIRED <expire-timestamp>
 	The key has expired.  expire-timestamp is the expiration time
-	in seconds sice Epoch.  This status line is not very useful
+	in seconds since Epoch.  This status line is not very useful
 	because it will also be emitted for expired subkeys even if
 	this subkey is not used.  To check whether a key used to sign
 	a message has expired, the EXPKEYSIG status line is to be
@@ -571,7 +571,8 @@
         Issued by pipemode.
 
     INV_RECP <reason> <requested_recipient>
-        Issued for each unusable recipient. The reasons codes
+    INV_SGNR <reason> <requested_sender>
+        Issued for each unusable recipient/sender. The reasons codes
         currently in use are:
           0 := "No specific reason given".
           1 := "Not Found"
@@ -584,13 +585,20 @@
           8 := "Policy mismatch"
           9 := "Not a secret key"
 	 10 := "Key not trusted"
-         11 := "Missing certifciate"  (e.g. intermediate or root cert.)
+         11 := "Missing certificate"  (e.g. intermediate or root cert.)
 
-        Note that this status is also used for gpgsm's SIGNER command
-        where it relates to signer's of course.
+        Note that for historical reasons the INV_RECP status is also
+        used for gpgsm's SIGNER command where it relates to signer's
+        of course.  Newer GnuPG versions are using INV_SGNR;
+        applications should ignore the INV_RECP during the sender's
+        command processing once they have seen an INV_SGNR.  We use
+        different code so that we can distinguish them while doing an
+        encrypt+sign.
 
+
     NO_RECP <reserved>
-        Issued when no recipients are usable.
+    NO_SGNR <reserved>
+        Issued when no recipients/senders are usable.
 
     ALREADY_SIGNED <long-keyid>
         Warning: This is experimental and might be removed at any time.

Modified: trunk/g10/cpr.c
===================================================================
--- trunk/g10/cpr.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/g10/cpr.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -202,6 +202,12 @@
             if (first && string) {
                 fputs (string, statusfp);
                 count += strlen (string);
+                /* Make sure that there is space after the string.  */
+                if (*string && string[strlen (string)-1] != ' ')
+                  {
+                    putc (' ', statusfp);
+                    count++;
+                  }
             }
             first = 0;
         }

Modified: trunk/g10/seckey-cert.c
===================================================================
--- trunk/g10/seckey-cert.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/g10/seckey-cert.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -53,7 +53,7 @@
 
 	if( sk->protect.s2k.mode == 1001 ) {
 	    log_info(_("secret key parts are not available\n"));
-	    return G10ERR_GENERAL;
+	    return G10ERR_UNU_SECKEY;
 	}
 	if( sk->protect.algo == CIPHER_ALGO_NONE )
 	    BUG();

Modified: trunk/g10/skclist.c
===================================================================
--- trunk/g10/skclist.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/g10/skclist.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -128,6 +128,8 @@
 	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
 	  free_secret_key( sk ); sk = NULL;
 	  log_error("no default secret key: %s\n", g10_errstr(rc) );
+          write_status_text (STATUS_INV_SGNR,
+                             get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY));
 	}
 	else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) )
 	  {
@@ -138,6 +140,8 @@
 		log_info(_("key is not flagged as insecure - "
 			   "can't use it with the faked RNG!\n"));
 		free_secret_key( sk ); sk = NULL;
+                write_status_text (STATUS_INV_SGNR, 
+                                   get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED));
 	      }
 	    else
 	      {
@@ -152,6 +156,7 @@
 	  {
 	    free_secret_key( sk ); sk = NULL;
 	    log_error("invalid default secret key: %s\n", g10_errstr(rc) );
+            write_status_text (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc));
 	  }
       }
     else {
@@ -176,6 +181,9 @@
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped \"%s\": %s\n"),
 			  locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	      }
             else if ( key_present_in_sk_list(sk_list, sk) == 0) {
                 free_secret_key(sk); sk = NULL;
@@ -186,6 +194,9 @@
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped \"%s\": %s\n"),
 			  locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	      }
 	    else if( !(rc=openpgp_pk_test_algo2 (sk->pubkey_algo, use)) ) {
 		SK_LIST r;
@@ -197,11 +208,19 @@
 			     _("this is a PGP generated Elgamal key which"
 			       " is not secure for signatures!"));
 		    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_WRONG_KEY_USAGE), 
+                       locusr->d, strlen (locusr->d), -1);
 		  }
 		else if( random_is_faked() && !is_insecure( sk ) ) {
 		    log_info(_("key is not flagged as insecure - "
 			       "can't use it with the faked RNG!\n"));
 		    free_secret_key( sk ); sk = NULL;
+                    write_status_text_and_buffer 
+                      (STATUS_INV_SGNR, 
+                       get_inv_recpsgnr_code (GPG_ERR_NOT_TRUSTED), 
+                       locusr->d, strlen (locusr->d), -1);
 		}
 		else {
 		    r = xmalloc( sizeof *r );
@@ -214,6 +233,9 @@
 	    else {
 		free_secret_key( sk ); sk = NULL;
 		log_error("skipped \"%s\": %s\n", locusr->d, g10_errstr(rc) );
+                write_status_text_and_buffer 
+                  (STATUS_INV_SGNR, get_inv_recpsgnr_code (rc), 
+                   locusr->d, strlen (locusr->d), -1);
 	    }
 	}
     }
@@ -221,6 +243,7 @@
 
     if( !rc && !sk_list ) {
 	log_error("no valid signators\n");
+        write_status_text (STATUS_NO_SGNR, "0");
 	rc = G10ERR_NO_USER_ID;
     }
 

Modified: trunk/sm/gpgsm.c
===================================================================
--- trunk/sm/gpgsm.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/sm/gpgsm.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -704,17 +704,7 @@
         {
           log_error ("can't encrypt to `%s': %s\n", name, gpg_strerror (rc));
           gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                     gpg_err_code (rc) == -1?                         "1":
-                     gpg_err_code (rc) == GPG_ERR_NO_PUBKEY?          "1":
-                     gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME?     "2":
-                     gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE?    "3":
-                     gpg_err_code (rc) == GPG_ERR_CERT_REVOKED?       "4":
-                     gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED?       "5":
-                     gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN?       "6":
-                     gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD?        "7":
-                     gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH?    "8":
-                     "0",
-                     name, NULL);
+                         get_inv_recpsgnr_code (rc), name, NULL);
         }
       else
         log_info (_("NOTE: won't be able to encrypt to `%s': %s\n"),
@@ -1570,19 +1560,10 @@
             {
               log_error (_("can't sign using `%s': %s\n"),
                          sl->d, gpg_strerror (rc));
+              gpgsm_status2 (&ctrl, STATUS_INV_SGNR,
+                             get_inv_recpsgnr_code (rc), sl->d, NULL);
               gpgsm_status2 (&ctrl, STATUS_INV_RECP,
-                         gpg_err_code (rc) == -1?                      "1":
-                         gpg_err_code (rc) == GPG_ERR_NO_PUBKEY?       "1":
-                         gpg_err_code (rc) == GPG_ERR_AMBIGUOUS_NAME?  "2":
-                         gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE? "3":
-                         gpg_err_code (rc) == GPG_ERR_CERT_REVOKED?    "4":
-                         gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED?    "5":
-                         gpg_err_code (rc) == GPG_ERR_NO_CRL_KNOWN?    "6":
-                         gpg_err_code (rc) == GPG_ERR_CRL_TOO_OLD?     "7":
-                         gpg_err_code (rc) == GPG_ERR_NO_POLICY_MATCH? "8":
-                         gpg_err_code (rc) == GPG_ERR_NO_SECKEY?       "9":
-                         "0",
-                         sl->d, NULL);
+                             get_inv_recpsgnr_code (rc), sl->d, NULL);
             }
         }
       

Modified: trunk/sm/server.c
===================================================================
--- trunk/sm/server.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/sm/server.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -384,20 +384,8 @@
                                 &ctrl->server_local->recplist, 0);
   if (rc)
     {
-      gpg_err_code_t r = gpg_err_code (rc);
       gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                   r == -1? "1":
-                   r == GPG_ERR_NO_PUBKEY?       "1":
-                   r == GPG_ERR_AMBIGUOUS_NAME?  "2":
-                   r == GPG_ERR_WRONG_KEY_USAGE? "3":
-                   r == GPG_ERR_CERT_REVOKED?    "4":
-                   r == GPG_ERR_CERT_EXPIRED?    "5":
-                   r == GPG_ERR_NO_CRL_KNOWN?    "6":
-                   r == GPG_ERR_CRL_TOO_OLD?     "7":
-                   r == GPG_ERR_NO_POLICY_MATCH? "8":
-                   r == GPG_ERR_MISSING_CERT?   "11":
-                   "0",
-                   line, NULL);
+                     get_inv_recpsgnr_code (rc), line, NULL);
     }
 
   return rc;
@@ -415,10 +403,7 @@
   has to take care of this.  All SIGNER commands are cumulative until
   a RESET but they are *not* reset by an SIGN command becuase it can
   be expected that set of signers are used for more than one sign
-  operation.  
-
-  Note that this command returns an INV_RECP status which is a bit
-  strange, but they are very similar.  */
+  operation.  */
 static int 
 cmd_signer (assuan_context_t ctx, char *line)
 {
@@ -429,21 +414,12 @@
                               &ctrl->server_local->signerlist, 0);
   if (rc)
     {
-      gpg_err_code_t r = gpg_err_code (rc);
-      gpgsm_status2 (ctrl, STATUS_INV_RECP,
-                   r == -1?                          "1":
-                   r == GPG_ERR_NO_PUBKEY?           "1":
-                   r == GPG_ERR_AMBIGUOUS_NAME?      "2":
-                   r == GPG_ERR_WRONG_KEY_USAGE?     "3":
-                   r == GPG_ERR_CERT_REVOKED?        "4":
-                   r == GPG_ERR_CERT_EXPIRED?        "5":
-                   r == GPG_ERR_NO_CRL_KNOWN?        "6":
-                   r == GPG_ERR_CRL_TOO_OLD?         "7":
-                   r == GPG_ERR_NO_POLICY_MATCH?     "8":
-                   r == GPG_ERR_NO_SECKEY?           "9":
-                   r == GPG_ERR_MISSING_CERT?       "11":
-                   "0",
-                  line, NULL);
+      gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                     get_inv_recpsgnr_code (rc), line, NULL);
+      /* For compatibiliy reasons we also issue the old code after the
+         new one.  */
+      gpgsm_status2 (ctrl, STATUS_INV_RECP, 
+                     get_inv_recpsgnr_code (rc), line, NULL);
     }
   return rc;
 }

Modified: trunk/sm/sign.c
===================================================================
--- trunk/sm/sign.c	2009-08-05 13:48:23 UTC (rev 5108)
+++ trunk/sm/sign.c	2009-08-06 20:12:00 UTC (rev 5109)
@@ -372,6 +372,8 @@
       if (!cert)
         {
           log_error ("no default signer found\n");
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
           rc = gpg_error (GPG_ERR_GENERAL);
           goto leave;
         }
@@ -382,8 +384,16 @@
       if (!rc)
         rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
       if (rc)
-        goto leave;
+        {
+          char *tmpfpr;
 
+          tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (rc), tmpfpr, NULL);
+          xfree (tmpfpr);
+          goto leave;
+        }
+
       /* That one is fine - create signerlist. */
       signerlist = xtrycalloc (1, sizeof *signerlist);
       if (!signerlist)



From cvs at cvs.gnupg.org  Fri Aug  7 17:40:49 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 07 Aug 2009 17:40:49 +0200
Subject: [svn] dirmngr - r323 - in trunk: . src
Message-ID: <E1MZQFR-0005Q3-P5@lists.gnupg.com>

Author: wk
Date: 2009-08-07 17:40:49 +0200 (Fri, 07 Aug 2009)
New Revision: 323

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/crlfetch.c
   trunk/src/http.c
   trunk/src/http.h
Log:
Hanging HTTP CRL downloads are now fixed.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/ChangeLog	2009-08-07 15:40:49 UTC (rev 323)
@@ -1,3 +1,7 @@
+2009-08-07  Werner Koch  <wk at g10code.com>
+
+	* configure.ac: Check for strtoull.
+
 2009-06-18  Werner Koch  <wk at g10code.com>
 
 	* configure.ac: Fix some URL hints.

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/src/ChangeLog	2009-08-07 15:40:49 UTC (rev 323)
@@ -1,3 +1,16 @@
+2009-08-07  Werner Koch  <wk at g10code.com>
+
+	* crlfetch.c (my_es_read): Add explicit check for EOF.
+
+	* http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to
+	bit fields.
+	(struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH.
+	(parse_response): Parse the Content-Length header.
+	(cookie_read): Handle content length. 
+	(http_open): Make NEED_HEADER the semi-default.
+
+	* http.h (HTTP_FLAG_IGNORE_CL): New.
+
 2009-08-04  Werner Koch  <wk at g10code.com>
 
 	* ldap.c (ldap_wrapper_thread): Factor some code out to ...
@@ -1175,7 +1188,7 @@
 	ChangeLog.
 	
 	
- Copyright 2004, 2005, 2006, 2007, 2008 g10 Code GmbH
+ Copyright 2004, 2005, 2006, 2007, 2008, 2009 g10 Code GmbH
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/NEWS	2009-08-07 15:40:49 UTC (rev 323)
@@ -3,6 +3,8 @@
 
  * Fixed a resource problem with LDAP CRLs.
 
+ * Fixed a bad EOF detection with HTTP CRLs.
+
  * Made "dirmngr-client --url --load-crl URL" work.
 
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/configure.ac	2009-08-07 15:40:49 UTC (rev 323)
@@ -348,10 +348,8 @@
 AC_CHECK_FUNCS([funopen fopencookie])
 # end jnlib checks
 
-AC_CHECK_FUNCS([gmtime_r])
+AC_CHECK_FUNCS([gmtime_r getaddrinfo strtoull])
 
-AC_CHECK_FUNCS([getaddrinfo])
-
 AC_CHECK_FUNCS([mmap])
 if test $ac_cv_func_mmap != yes -a $mmap_needed = yes; then
   AC_MSG_ERROR([[Sorry, the current implemenation requires mmap.]])

Modified: trunk/src/crlfetch.c
===================================================================
--- trunk/src/crlfetch.c	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/src/crlfetch.c	2009-08-07 15:40:49 UTC (rev 323)
@@ -105,6 +105,12 @@
   result = es_read (cb_ctx->fp, buffer, nbytes, nread);
   if (result)
     return result;
+  /* Fixme we should check whether the semantics of es_read are okay
+     and well defined.  I have some doubts.  */
+  if (nbytes && !*nread && es_feof (cb_ctx->fp))
+    return gpg_error (GPG_ERR_EOF);
+  if (!nread && es_ferror (cb_ctx->fp))
+    return gpg_error (GPG_ERR_EIO);
 
   if (!cb_ctx->checked && *nread)
     {
@@ -177,7 +183,7 @@
   if (!err) /* Yes, our HTTP code groks that. */
     {
       http_t hd;
-      
+
       if (opt.disable_http)
         {
           log_error (_("CRL access not possible due to disabled %s\n"),

Modified: trunk/src/http.c
===================================================================
--- trunk/src/http.c	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/src/http.c	2009-08-07 15:40:49 UTC (rev 323)
@@ -116,6 +116,15 @@
                         "01234567890@"                 \
                         "!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
 
+/* A long counter type.  */
+#ifdef HAVE_STRTOULL
+typedef unsigned long long longcounter_t;
+#define counter_strtoul(a) strtoull ((a), NULL, 10)
+#else
+typedef unsigned long longcounter_t;
+#define counter_strtoul(a) strtoul ((a), NULL, 10)
+#endif
+
 #ifndef HTTP_USE_GNUTLS
 typedef void * gnutls_session_t;
 #endif
@@ -149,7 +158,14 @@
 {
   int fd;  /* File descriptor or -1 if already closed. */
   gnutls_session_t tls_session;  /* TLS session context or NULL if not used. */
-  int keep_socket; /* Flag to communicate with the close handler. */
+
+  /* The remaining content length and a flag telling whether to use
+     the content length.  */
+  longcounter_t content_length;  
+  unsigned int content_length_valid:1;
+
+  /* Flag to communicate with the close handler. */
+  unsigned int keep_socket:1;
 };
 typedef struct cookie_s *cookie_t;
 
@@ -174,13 +190,13 @@
 {
   unsigned int status_code;
   int sock;
-  int in_data;
+  unsigned int in_data:1;
+  unsigned int is_http_0_9:1;
   estream_t fp_read;
   estream_t fp_write;
   void *write_cookie;
   void *read_cookie;
   void *tls_context;
-  int is_http_0_9;
   parsed_uri_t uri;
   http_req_t req_type;
   char *buffer;          /* Line buffer. */
@@ -317,6 +333,11 @@
   if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
     return gpg_error (GPG_ERR_INV_ARG);
 
+  /* Make need_header default unless ignore_cl is set.  We might want
+     to drop the need_header entirely.  */
+  if (!(flags & HTTP_FLAG_IGNORE_CL))
+    flags |= HTTP_FLAG_NEED_HEADER;
+
   /* Create the handle. */
   hd = xtrycalloc (1, sizeof *hd);
   if (!hd)
@@ -1173,6 +1194,8 @@
 {
   char *line, *p, *p2;
   size_t maxlen, len;
+  cookie_t cookie = hd->read_cookie;
+  const char *s;
 
   /* Delete old header lines.  */
   while (hd->headers)
@@ -1253,6 +1276,17 @@
     }
   while (len && *line);
 
+  cookie->content_length_valid = 0;
+  if (!(hd->flags & HTTP_FLAG_IGNORE_CL))
+    {
+      s = http_get_header (hd, "Content-Length");
+      if (s)
+        {
+          cookie->content_length_valid = 1;
+          cookie->content_length = counter_strtoul (s);
+        }
+    }
+
   return 0;
 }
 
@@ -1537,6 +1571,14 @@
   cookie_t c = cookie;
   int nread;
 
+  if (c->content_length_valid)
+    {
+      if (!c->content_length)
+        return 0; /* EOF */
+      if (c->content_length < size)
+        size = c->content_length;
+    }
+
 #ifdef HTTP_USE_GNUTLS
   if (c->tls_session)
     {
@@ -1572,6 +1614,14 @@
       while (nread == -1 && errno == EINTR);
     }
 
+  if (c->content_length_valid && nread > 0)
+    {
+      if (nread < c->content_length)
+        c->content_length -= nread;
+      else
+        c->content_length = 0;          
+    }
+
   return nread;
 }
 

Modified: trunk/src/http.h
===================================================================
--- trunk/src/http.h	2009-08-04 13:49:17 UTC (rev 322)
+++ trunk/src/http.h	2009-08-07 15:40:49 UTC (rev 323)
@@ -65,7 +65,8 @@
     HTTP_FLAG_SHUTDOWN = 2,
     HTTP_FLAG_TRY_SRV = 4,
     HTTP_FLAG_LOG_RESP = 8,
-    HTTP_FLAG_NEED_HEADER = 16
+    HTTP_FLAG_NEED_HEADER = 16,
+    HTTP_FLAG_IGNORE_CL = 32
   };
 
 struct http_context_s;



From cvs at cvs.gnupg.org  Tue Aug 11 20:34:17 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Tue, 11 Aug 2009 20:34:17 +0200
Subject: [svn] GnuPG -  r5111 - trunk/common
Message-ID: <E1Mauqe-0002xP-A1@lists.gnupg.com>

Author: dshaw
Date: 2009-08-11 20:34:16 +0200 (Tue, 11 Aug 2009)
New Revision: 5111

Modified:
   trunk/common/ChangeLog
   trunk/common/ttyio.c
   trunk/common/ttyio.h
Log:
* ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around
HAVE_LIBREADLINE to allow building when readline isn't available.


Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2009-08-11 10:56:44 UTC (rev 5110)
+++ trunk/common/ChangeLog	2009-08-11 18:34:16 UTC (rev 5111)
@@ -1,3 +1,8 @@
+2009-08-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* ttyio.h, ttyio.c (tty_enable_completion): Some ifdefs around
+	HAVE_LIBREADLINE to allow building when readline isn't available.
+
 2009-08-06  Werner Koch  <wk at g10code.com>
 
 	* status.h (STATUS_INV_SGNR, STATUS_NO_SGNR): New.

Modified: trunk/common/ttyio.c
===================================================================
--- trunk/common/ttyio.c	2009-08-11 10:56:44 UTC (rev 5110)
+++ trunk/common/ttyio.c	2009-08-11 18:34:16 UTC (rev 5111)
@@ -1,6 +1,6 @@
 /* ttyio.c -  tty i/O functions
- * Copyright (C) 1998,1999,2000,2001,2002,2003,
- *               2004, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 1998,1999,2000,2001,2002,2003,2004,2006,2007,
+ *               2009 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -648,6 +648,7 @@
 }
 
 
+#ifdef HAVE_LIBREADLINE
 void
 tty_enable_completion (rl_completion_func_t *completer)
 {
@@ -671,8 +672,8 @@
 
   my_rl_inhibit_completion (1);
 }
+#endif
 
-
 void
 tty_cleanup_after_signal (void)
 {

Modified: trunk/common/ttyio.h
===================================================================
--- trunk/common/ttyio.h	2009-08-11 10:56:44 UTC (rev 5110)
+++ trunk/common/ttyio.h	2009-08-11 18:34:16 UTC (rev 5111)
@@ -1,5 +1,6 @@
 /* ttyio.h
- * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2006,
+ *               2009 Free Software Foundation, Inc.
  *
  * This file is part of GNUPG.
  *
@@ -45,8 +46,16 @@
 int tty_get_answer_is_yes (const char *prompt);
 int tty_no_terminal (int onoff);
 
+#ifdef HAVE_LIBREADLINE
 void tty_enable_completion (rl_completion_func_t *completer);
 void tty_disable_completion (void);
+#else
+/* Use a macro to stub out these functions since a macro has no need
+   to typedef a "rl_completion_func_t" which would be undefined
+   without readline. */
+#define tty_enable_completion(x)
+#define tty_disable_completion()
+#endif
 void tty_cleanup_after_signal (void);
 void tty_cleanup_rl_after_signal (void);
 



From cvs at cvs.gnupg.org  Wed Aug 12 07:01:12 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Wed, 12 Aug 2009 07:01:12 +0200
Subject: [svn] GnuPG - r5112 - in branches/STABLE-BRANCH-1-4: g10 include util
Message-ID: <E1Mb4dI-0008Ql-Lv@lists.gnupg.com>

Author: dshaw
Date: 2009-08-12 07:01:08 +0200 (Wed, 12 Aug 2009)
New Revision: 5112

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/keyserver.c
   branches/STABLE-BRANCH-1-4/include/ChangeLog
   branches/STABLE-BRANCH-1-4/include/util.h
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/strgutil.c
Log:
Try and detect mis-coded Latin1 and convert it to UTF8.  Whether the
heuristics succeed or not, the resulting string must be valid UTF8 as
LDAP requires that.  This is bug 1055.


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
@@ -1,3 +1,10 @@
+2009-08-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1
+	and convert it to UTF8.  Whether the heuristics succeed or not,
+	the resulting string must be valid UTF8 as LDAP requires that.
+	This is bug 1055.
+
 2009-08-03  Werner Koch  <wk at g10code.com>
 
 	* card-util.c (generate_card_keys): Ask for off-card keys only if

Modified: branches/STABLE-BRANCH-1-4/include/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/include/ChangeLog	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/include/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
@@ -1,3 +1,7 @@
+2009-08-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* util.h: Add string_to_utf8() from GPA.
+
 2009-07-21  Werner Koch  <wk at g10code.com>
 
 	* estream-printf.h: New.  Taken from libestream.x

Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
@@ -1,3 +1,8 @@
+2009-08-11  David Shaw  <dshaw at jabberwocky.com>
+
+	* strgutil.c (string_to_utf8): New function to convert a Latin-1
+	string to UTF8.  From GPA.
+
 2009-07-23  David Shaw  <dshaw at jabberwocky.com>
 
 	* srv.c (getsrv): Fix type-punning warning.

Modified: branches/STABLE-BRANCH-1-4/g10/keyserver.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/keyserver.c	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/g10/keyserver.c	2009-08-12 05:01:08 UTC (rev 5112)
@@ -1270,24 +1270,49 @@
 			{
 			  PKT_user_id *uid=node->pkt->pkt.user_id;
 			  int r;
+			  char *uidstr1,*uidstr2,*uidstr3;
+			  size_t uidstrlen;
 
 			  if(uid->attrib_data)
 			    continue;
 
 			  fprintf(spawn->tochild,"uid:");
 
-			  /* Quote ':', '%', and any 8-bit
-			     characters */
-			  for(r=0;r<uid->len;r++)
+			  /* Make sure it's real UTF8.  What happens
+			     here is that first we heuristically try
+			     and convert the string (which may be
+			     mis-coded) into UTF8.  We then bring it
+			     to native and then back to UTF8.  For
+			     true UTF8, this whole process should be
+			     lossless.  For the common Latin-1
+			     mis-encoding, it will become UTF8.  For
+			     other encodings, it will become UTF8 but
+			     with unknown characters quoted.  This
+			     preserves the notion that anything in the
+			     stream to the keyserver handler program
+			     is UTF8. */
+			  uidstr1=string_to_utf8(uid->name);
+			  uidstr2=utf8_to_native(uidstr1,strlen(uidstr1),-1);
+			  uidstr3=native_to_utf8(uidstr2);
+
+			  uidstrlen=strlen(uidstr3);
+
+			  /* Quote ':', '%', and anything not
+			     printable ASCII */
+			  for(r=0;r<uidstrlen;r++)
 			    {
-			      if(uid->name[r]==':' || uid->name[r]=='%'
-				 || uid->name[r]&0x80)
+			      if(uidstr3[r]==':' || uidstr3[r]=='%'
+				 || uidstr3[r]<' ' || uidstr3[r]>'~')
 				fprintf(spawn->tochild,"%%%02X",
-					(byte)uid->name[r]);
+					(byte)uidstr3[r]);
 			      else
-				fprintf(spawn->tochild,"%c",uid->name[r]);
+				fprintf(spawn->tochild,"%c",uidstr3[r]);
 			    }
 
+			  xfree(uidstr1);
+			  xfree(uidstr2);
+			  xfree(uidstr3);
+
 			  fprintf(spawn->tochild,":%u:%u:",
 				  uid->created,uid->expiredate);
 

Modified: branches/STABLE-BRANCH-1-4/include/util.h
===================================================================
--- branches/STABLE-BRANCH-1-4/include/util.h	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/include/util.h	2009-08-12 05:01:08 UTC (rev 5112)
@@ -190,7 +190,7 @@
 const char* get_native_charset(void);
 char *native_to_utf8( const char *string );
 char *utf8_to_native( const char *string, size_t length, int delim);
-int  check_utf8_string( const char *string );
+char *string_to_utf8 (const char *string);
 
 int ascii_isupper (int c);
 int ascii_islower (int c);

Modified: branches/STABLE-BRANCH-1-4/util/strgutil.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/strgutil.c	2009-08-11 18:34:16 UTC (rev 5111)
+++ branches/STABLE-BRANCH-1-4/util/strgutil.c	2009-08-12 05:01:08 UTC (rev 5112)
@@ -1048,7 +1048,78 @@
     }
 }
 
+/* This is similar to native_to_utf8, except it can take any input
+   (which may or may not be UTF8 encoded) and return something that is
+   (almost) definitely UTF8.  This code is mostly borrowed from
+   GPA. */
 
+char *
+string_to_utf8 (const char *string)
+{
+  const char *s;
+  
+  if (!string)
+    return NULL;
+  
+  /* Due to a bug in old and not so old PGP versions user IDs have
+     been copied verbatim into the key.  Thus many users with Umlauts
+     et al. in their name will see their names garbled.  Although this
+     is not an issue for me (;-)), I have a couple of friends with
+     Umlauts in their name, so let's try to make their life easier by
+     detecting invalid encodings and convert that to Latin-1.  We use
+     this even for X.509 because it may make things even better given
+     all the invalid encodings often found in X.509 certificates.  */
+  for (s = string; *s && !(*s & 0x80); s++)
+    ;
+  if (*s && ((s[1] & 0xc0) == 0x80) && ( ((*s & 0xe0) == 0xc0)
+                                         || ((*s & 0xf0) == 0xe0)
+                                         || ((*s & 0xf8) == 0xf0)
+                                         || ((*s & 0xfc) == 0xf8)
+                                         || ((*s & 0xfe) == 0xfc)) )
+    {  
+      /* Possible utf-8 character followed by continuation byte.
+         Although this might still be Latin-1 we better assume that it
+         is valid utf-8. */
+      return xstrdup (string);
+     }
+  else if (*s && !strchr (string, 0xc3))
+    {
+      size_t length=0;
+      char *buffer,*p;
+
+      /* No 0xC3 character in the string; assume that it is Latin-1.  */
+
+      for(s=string; *s; s++ ) 
+        {
+          length++;
+          if( *s & 0x80 )
+            length++;
+	}
+      buffer = xmalloc( length + 1 );
+      for(p=buffer, s=string; *s; s++ )
+        {
+          if( *s & 0x80 )
+            {
+              *p++ = 0xc0 | ((*s >> 6) & 3);
+              *p++ = 0x80 | ( *s & 0x3f );
+            }
+          else
+            *p++ = *s;
+        }
+      *p = 0;
+
+      return buffer;
+    }
+  else
+    {
+      /* Everything else is assumed to be UTF-8.  We do this even that
+         we know the encoding is not valid.  However as we only test
+         the first non-ascii character, valid encodings might
+         follow.  */
+      return xstrdup (string);
+    }
+}
+
 /* Same as asprintf but return an allocated buffer suitable to be
    freed using xfree.  This function simply dies on memory failure,
    thus no extra check is required. */



From cvs at cvs.gnupg.org  Wed Aug 12 21:29:31 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 12 Aug 2009 21:29:31 +0200
Subject: [svn] dirmngr - r324 - trunk/src
Message-ID: <E1MbIBS-0004Kr-6T@lists.gnupg.com>

Author: wk
Date: 2009-08-12 21:29:31 +0200 (Wed, 12 Aug 2009)
New Revision: 324

Modified:
   trunk/src/ChangeLog
   trunk/src/dirmngr-client.c
Log:
flush stdout in squid mode.


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-08-07 15:40:49 UTC (rev 323)
+++ trunk/src/ChangeLog	2009-08-12 19:29:31 UTC (rev 324)
@@ -1,3 +1,8 @@
+2009-08-12  Werner Koch  <wk at g10code.com>
+
+	* dirmngr-client.c (squid_loop_body): Flush stdout.  Suggested by
+	Philip Shin.
+
 2009-08-07  Werner Koch  <wk at g10code.com>
 
 	* crlfetch.c (my_es_read): Add explicit check for EOF.

Modified: trunk/src/dirmngr-client.c
===================================================================
--- trunk/src/dirmngr-client.c	2009-08-07 15:40:49 UTC (rev 323)
+++ trunk/src/dirmngr-client.c	2009-08-12 19:29:31 UTC (rev 324)
@@ -1028,5 +1028,7 @@
       puts ("ERROR");
     }
   
+  fflush (stdout);
+
   return 0;
 }



From cvs at cvs.gnupg.org  Thu Aug 13 10:45:30 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 13 Aug 2009 10:45:30 +0200
Subject: [svn] GnuPG - r5113 - in branches/STABLE-BRANCH-1-4: checks doc g10 po
Message-ID: <E1MbUbd-0007aG-IV@lists.gnupg.com>

Author: wk
Date: 2009-08-13 10:45:23 +0200 (Thu, 13 Aug 2009)
New Revision: 5113

Modified:
   branches/STABLE-BRANCH-1-4/checks/conventional-mdc.test
   branches/STABLE-BRANCH-1-4/checks/defs.inc
   branches/STABLE-BRANCH-1-4/doc/ChangeLog
   branches/STABLE-BRANCH-1-4/doc/gpg.texi
   branches/STABLE-BRANCH-1-4/doc/gpgv.texi
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/app-openpgp.c
   branches/STABLE-BRANCH-1-4/g10/card-util.c
   branches/STABLE-BRANCH-1-4/g10/cardglue.h
   branches/STABLE-BRANCH-1-4/g10/ccid-driver.c
   branches/STABLE-BRANCH-1-4/po/ChangeLog
   branches/STABLE-BRANCH-1-4/po/be.po
   branches/STABLE-BRANCH-1-4/po/ca.po
   branches/STABLE-BRANCH-1-4/po/cs.po
   branches/STABLE-BRANCH-1-4/po/da.po
   branches/STABLE-BRANCH-1-4/po/de.po
   branches/STABLE-BRANCH-1-4/po/el.po
   branches/STABLE-BRANCH-1-4/po/eo.po
   branches/STABLE-BRANCH-1-4/po/es.po
   branches/STABLE-BRANCH-1-4/po/et.po
   branches/STABLE-BRANCH-1-4/po/fi.po
   branches/STABLE-BRANCH-1-4/po/fr.po
   branches/STABLE-BRANCH-1-4/po/gl.po
   branches/STABLE-BRANCH-1-4/po/hu.po
   branches/STABLE-BRANCH-1-4/po/id.po
   branches/STABLE-BRANCH-1-4/po/it.po
   branches/STABLE-BRANCH-1-4/po/ja.po
   branches/STABLE-BRANCH-1-4/po/nb.po
   branches/STABLE-BRANCH-1-4/po/nl.po
   branches/STABLE-BRANCH-1-4/po/pl.po
   branches/STABLE-BRANCH-1-4/po/pt.po
   branches/STABLE-BRANCH-1-4/po/pt_BR.po
   branches/STABLE-BRANCH-1-4/po/ro.po
   branches/STABLE-BRANCH-1-4/po/ru.po
   branches/STABLE-BRANCH-1-4/po/sk.po
   branches/STABLE-BRANCH-1-4/po/sv.po
   branches/STABLE-BRANCH-1-4/po/tr.po
   branches/STABLE-BRANCH-1-4/po/zh_CN.po
   branches/STABLE-BRANCH-1-4/po/zh_TW.po
Log:
Preparing for a release candidate


Modified: branches/STABLE-BRANCH-1-4/doc/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/doc/ChangeLog	2009-08-13 08:45:23 UTC (rev 5113)
@@ -1,3 +1,7 @@
+2009-08-13  Werner Koch  <wk at g10code.com>
+
+	* gpgv.texi, gpg.texi: Udpate from GnuPG-2.
+
 2008-04-30  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg-zip.1: Add man page thanks to Colin Tuckley and Daniel

Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-13 08:45:23 UTC (rev 5113)
@@ -1,3 +1,19 @@
+2009-08-13  Werner Koch  <wk at g10code.com>
+
+	* cardglue.h: Add new error code mappings.
+
+	From GnuPG-2:
+	* app-openpgp.c (change_keyattr_from_string): New.
+	(do_setattr): Support KEY-ATTR.
+	* ccid-driver.c (print_pr_data): Fix 64 bit compat problem.
+	* ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320.
+	* card-util.c (generate_card_keys): Remove special case for
+	GnuPG-2.  Ask for the keysize and change it.
+	(card_generate_subkey): Ask for the keysize and change it.
+	(get_info_for_key_operation): Read KEY-ATTR.
+	(show_keysize_warning, ask_card_keysize): New.
+	(do_change_keysize): New.
+
 2009-08-11  David Shaw  <dshaw at jabberwocky.com>
 
 	* keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1

Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-13 08:45:23 UTC (rev 5113)
@@ -1,3 +1,8 @@
+2009-07-14  Werner Koch  <wk at g10code.com>
+
+	* de.po: s/nicht-exportf?hig/unwiderrufbar/.  Reported by Simon
+	Richter.
+
 2009-07-13  Werner Koch  <wk at g10code.com>
 
 	* nl.po: Applied a small fix by Jeroen Leeuwestein.  Fixes bug#1085.

Modified: branches/STABLE-BRANCH-1-4/checks/conventional-mdc.test
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/conventional-mdc.test	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/checks/conventional-mdc.test	2009-08-13 08:45:23 UTC (rev 5113)
@@ -9,6 +9,7 @@
     # *BSD's dd can't cope with a count of 0
     if test "$i" = "0"; then
         : >z
+        my_chtag z
     else
         dd if=data-80000 of=z bs=1 count=$i 2>/dev/null
     fi

Modified: branches/STABLE-BRANCH-1-4/checks/defs.inc
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/defs.inc	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/checks/defs.inc	2009-08-13 08:45:23 UTC (rev 5113)
@@ -112,6 +112,17 @@
 #    cleanup_files="$cleanup_files $*"
 #}
 
+
+# Special function for zOS.
+my_chtag () {
+  #FIXME: Is there an envvar to test for the OS or do we 
+  #       need to resort to a configure test
+  #if test "$FOO" = "bar"; then
+  #   chtag -tc ISO8859-1 $1
+  #fi
+  :
+}
+
 have_pubkey_algo () {
   if  ../g10/gpg --homedir .  --version | grep "Pubkey:.*$1" >/dev/null
   then

Modified: branches/STABLE-BRANCH-1-4/doc/gpg.texi
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/gpg.texi	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/doc/gpg.texi	2009-08-13 08:45:23 UTC (rev 5113)
@@ -1,5 +1,5 @@
- at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- at c               2007 Free Software Foundation, Inc.
+ at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ at c               2008, 2009 Free Software Foundation, Inc.
 @c This is part of the GnuPG manual.
 @c For copying conditions, see the file gnupg.texi.
 
@@ -149,7 +149,7 @@
 @itemx -h
 @opindex help
 Print a usage message summarizing the most useful command line options.
-Not that you cannot abbreviate this command.
+Note that you cannot abbreviate this command.
 
 @item --warranty
 @opindex warranty
@@ -175,19 +175,24 @@
 @itemx -s
 @opindex sign
 Make a signature. This command may be combined with @option{--encrypt}
-(for a signed and encrypted message), @option{--symmetric} (for a signed
-and symmetrically encrypted message), or @option{--encrypt} and
+(for a signed and encrypted message), @option{--symmetric} (for a
+signed and symmetrically encrypted message), or @option{--encrypt} and
 @option{--symmetric} together (for a signed message that may be
-decrypted via a secret key or a passphrase).
+decrypted via a secret key or a passphrase).  The key to be used for
+signing is chosen by default or can be set with the
+ at option{--local-user} and @option{--default-key} options.
 
 @item --clearsign
 @opindex clearsign
-Make a clear text signature. The content in a clear text signature is
-readable without any special software. OpenPGP software is only
-needed to verify the signature. Clear text signatures may modify
-end-of-line whitespace for platform independence and are not intended
-to be reversible.
+Make a clear text signature.  The content in a clear text signature is
+readable without any special software. OpenPGP software is only needed
+to verify the signature.  Clear text signatures may modify end-of-line
+whitespace for platform independence and are not intended to be
+reversible.  The key to be used for signing is chosen by default or
+can be set with the @option{--local-user} and @option{--default-key}
+options.
 
+
 @item --detach-sign
 @itemx -b
 @opindex detach-sign
@@ -221,8 +226,8 @@
 @item --decrypt
 @itemx -d
 @opindex decrypt
-Decrypt the file given on the command line (or @code{stdin} if no file
-is specified) and write it to stdout (or the file specified with
+Decrypt the file given on the command line (or STDIN if no file
+is specified) and write it to STDOUT (or the file specified with
 @option{--output}). If the decrypted file is signed, the signature is also
 verified. This command differs from the default operation, as it never
 writes to the filename which is included in the file and it rejects
@@ -232,19 +237,19 @@
 @opindex verify
 Assume that the first argument is a signed file or a detached signature
 and verify it without generating any output. With no arguments, the
-signature packet is read from stdin. If only a sigfile is given, it may
+signature packet is read from STDIN. If only a sigfile is given, it may
 be a complete signature or a detached signature, in which case the
 signed stuff is expected in a file without the ".sig" or ".asc"
 extension.  With more than 1 argument, the first should be a detached
 signature and the remaining files are the signed stuff. To read the
-signed stuff from stdin, use @samp{-} as the second filename.  For
+signed stuff from STDIN, use @samp{-} as the second filename.  For
 security reasons a detached signature cannot read the signed material
-from stdin without denoting it in the above way.
+from STDIN without denoting it in the above way.
 
 @item --multifile
 @opindex multifile
 This modifies certain other commands to accept multiple files for
-processing on the command line or read from stdin with each filename on
+processing on the command line or read from STDIN with each filename on
 a separate line. This allows for many files to be processed at
 once. @option{--multifile} may currently be used along with
 @option{--verify}, @option{--encrypt}, and @option{--decrypt}. Note that
@@ -291,6 +296,10 @@
 @item --list-sigs
 @opindex list-sigs
 Same as @option{--list-keys}, but the signatures are listed too.
+ at ifclear gpgone
+This command has the same effect as 
+using @option{--list-keys} with @option{--with-sig-list}.
+ at end ifclear
 
 For each signature listed, there are several flags in between the "sig"
 tag and keyid. These flags give additional information about each
@@ -307,16 +316,32 @@
 
 @item --check-sigs
 @opindex check-sigs
-Same as @option{--list-sigs}, but the signatures are verified.
+Same as @option{--list-sigs}, but the signatures are verified.  Note
+that for performance reasons the revocation status of a signing key is
+not shown.
+ at ifclear gpgone
+This command has the same effect as 
+using @option{--list-keys} with @option{--with-sig-check}.
+ at end ifclear
 
 The status of the verification is indicated by a flag directly following
 the "sig" tag (and thus before the flags described above for
 @option{--list-sigs}).  A "!" indicates that the signature has been
 successfully verified, a "-" denotes a bad signature and a "%" is used
-if an error occured while checking the signature (e.g. a non supported
+if an error occurred while checking the signature (e.g. a non supported
 algorithm).
 
+ at ifclear gpgone
+ at item --locate-keys
+ at opindex locate-keys
+Locate the keys given as arguments.  This command basically uses the
+same algorithm as used when locating keys for encryption or signing and
+may thus be used to see what keys @command{@gpgname} might use.  In
+particular external methods as defined by @option{--auto-key-locate} may
+be used to locate a key.  Only public keys are listed.
+ at end ifclear
 
+
 @item --fingerprint
 @opindex fingerprint
 List all keys (or the specified ones) along with their
@@ -369,7 +394,7 @@
 @opindex export
 Either export all keys from all keyrings (default keyrings and those
 registered via option @option{--keyring}), or if at least one name is given,
-those of the given name. The new keyring is written to stdout or to the
+those of the given name. The new keyring is written to STDOUT or to the
 file given with option @option{--output}. Use together with
 @option{--armor} to mail those keys.
 
@@ -379,7 +404,7 @@
 Fingerprints may be used instead of key IDs. Option @option{--keyserver}
 must be used to give the name of this keyserver. Don't send your
 complete keyring to a keyserver --- select only those keys which are new
-or changed by you.
+or changed by you.  If no key IDs are given, @command{gpg} does nothing.
 
 @item --export-secret-keys
 @itemx --export-secret-subkeys
@@ -400,7 +425,7 @@
 keyring. The fast version is currently just a synonym.
 
 There are a few other options which control how this command works.
-Most notable here is the @option{--keyserver-options merge-only} option
+Most notable here is the @option{--import-options merge-only} option
 which does not insert new keys but does only the merging of new
 signatures, user-IDs and subkeys.
 
@@ -460,17 +485,35 @@
 a check is needed. To force a run even in batch mode add the option
 @option{--yes}.
 
+ at anchor{option --export-ownertrust}
 @item --export-ownertrust
 @opindex export-ownertrust
-Send the ownertrust values to stdout. This is useful for backup purposes
+Send the ownertrust values to STDOUT. This is useful for backup purposes
 as these values are the only ones which can't be re-created from a
-corrupted trust DB.
+corrupted trustdb.  Example:
+ at c man:.RS
+ at example
+  @gpgname{} --export-ownertrust > otrust.txt
+ at end example
+ at c man:.RE
 
+
 @item --import-ownertrust
 @opindex import-ownertrust
 Update the trustdb with the ownertrust values stored in @code{files} (or
-stdin if not given); existing values will be overwritten.
+STDIN if not given); existing values will be overwritten.  In case of a
+severely damaged trustdb and if you have a recent backup of the
+ownertrust values (e.g. in the file @file{otrust.txt}, you may re-create
+the trustdb using these commands:
+ at c man:.RS
+ at example
+  cd ~/.gnupg
+  rm trustdb.gpg
+  @gpgname{} --import-ownertrust < otrust.txt
+ at end example
+ at c man:.RE
 
+
 @item --rebuild-keydb-caches
 @opindex rebuild-keydb-caches
 When updating from version 1.0.6 to 1.0.7 this command should be used
@@ -480,7 +523,7 @@
 @item --print-md @code{algo}
 @itemx --print-mds
 @opindex print-md
-Print message digest of algorithm ALGO for all given files or stdin.
+Print message digest of algorithm ALGO for all given files or STDIN.
 With the second form (or a deprecated "*" as algo) digests for all
 available algorithms are printed.
 
@@ -729,13 +772,24 @@
 Set the list of user ID preferences to @code{string} for all (or just
 the selected) user IDs. Calling setpref with no arguments sets the
 preference list to the default (either built-in or set via
- at option{--default-preference-list}), and calling setpref with "none" as
-the argument sets an empty preference list. Use @command{@gpgname
+ at option{--default-preference-list}), and calling setpref with "none"
+as the argument sets an empty preference list. Use @command{@gpgname
 --version} to get a list of available algorithms. Note that while you
 can change the preferences on an attribute user ID (aka "photo ID"),
 GnuPG does not select keys via attribute user IDs so these preferences
 will not be used by GnuPG.
 
+When setting preferences, you should list the algorithms in the order
+which you'd like to see them used by someone else when encrypting a
+message to your key.  If you don't include 3DES, it will be
+automatically added at the end.  Note that there are many factors that
+go into choosing an algorithm (for example, your key may not be the
+only recipient), and so the remote OpenPGP application being used to
+send to you may or may not follow your exact chosen order for a given
+message.  It will, however, only choose an algorithm that is present
+on the preference list of every recipient key.  See also the
+INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
+
 @item keyserver
 @opindex keyedit:keyserver
 Set a preferred keyserver for the specified user ID(s). This allows
@@ -921,7 +975,12 @@
 @opindex batch
 @opindex no-batch
 Use batch mode.  Never ask, do not allow interactive commands.
- at option{--no-batch} disables this option.
+ at option{--no-batch} disables this option.  Note that even with a
+filename given on the command line, gpg might still need to read from
+STDIN (in particular if gpg figures that the input is a
+detached signature and no data file has been specified).  Thus if you
+do not want to feed data via STDIN, you should connect STDIN to
+ at file{/dev/null}.
 
 @item --no-tty
 @opindex no-tty
@@ -1052,10 +1111,10 @@
 
 @item --enable-dsa2
 @itemx --disable-dsa2
-Enables new-style DSA keys which (unlike the old style) may be larger
-than 1024 bit and use hashes other than SHA-1 and RIPEMD/160. Note
-that very few programs currently support these keys and signatures
-from them.
+Enable hash truncation for all DSA keys even for old DSA Keys up to
+1024 bit.  This is also the default with @option{--openpgp}.  Note
+that older versions of GnuPG also required this flag to allow the
+generation of DSA larger than 1024 bit.
 
 @item --photo-viewer @code{string}
 This is the command line that should be run to view a photo ID. "%i"
@@ -1068,7 +1127,7 @@
 then the photo will be supplied to the viewer on standard input.
 
 The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
-stdin". Note that if your image viewer program is not secure, then
+STDIN". Note that if your image viewer program is not secure, then
 executing it from GnuPG does not make it secure.
 
 @item --exec-path @code{string}
@@ -1305,29 +1364,42 @@
 GnuPG can automatically locate and retrieve keys as needed using this
 option. This happens when encrypting to an email address (in the
 "user@@example.com" form), and there are no user@@example.com keys on
-the local keyring. This option takes any number of the following
-arguments, in the order they are to be tried:
+the local keyring.  This option takes any number of the following
+mechanisms, in the order they are to be tried:
 
 @table @asis
 
 @item cert
-locate a key using DNS CERT, as specified in 2538bis (currently in
-draft): http://www.josefsson.org/rfc2538bis/
+Locate a key using DNS CERT, as specified in rfc4398.
 
 @item pka
-locate a key using DNS PKA.
+Locate a key using DNS PKA.
 
 @item ldap
-locate a key using the PGP Universal method of checking
-"ldap://keys.(thedomain)".
+Using DNS Service Discovery, check the domain in question for any LDAP
+keyservers to use.  If this fails, attempt to locate the key using the
+PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
 
 @item keyserver
-locate a key using whatever keyserver is defined using the
+Locate a key using whatever keyserver is defined using the
 @option{--keyserver} option.
 
- at item (keyserver URL)
-In addition, a keyserver URL as used in the @option{--keyserver} option may be
-used here to query that particular keyserver.
+ at item keyserver-URL
+In addition, a keyserver URL as used in the @option{--keyserver} option
+may be used here to query that particular keyserver.
+
+ at item local
+Locate the key using the local keyrings.  This mechanism allows to
+select the order a local key lookup is done.  Thus using
+ at samp{--auto-key-locate local} is identical to
+ at option{--no-auto-key-locate}.
+
+ at item nodefault
+This flag disables the standard local key lookup, done before any of the
+mechanisms defined by the @option{--auto-key-locate} are tried.  The
+position of this mechanism in the list does not matter.  It is not
+required if @code{local} is also used.
+
 @end table
 
 @item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1352,7 +1424,7 @@
 
 Most keyservers synchronize with each other, so there is generally no
 need to send keys to more than one server. The keyserver
- at code{hkp://subkeys.pgp.net} uses round robin DNS to give a different
+ at code{hkp://keys.gnupg.net} uses round robin DNS to give a different
 keyserver each time you use it.
 
 @item --keyserver-options @code{name=value1 }
@@ -1437,6 +1509,12 @@
 @item max-cert-size
 When retrieving a key via DNS CERT, only accept keys up to this size.
 Defaults to 16384 bytes.
+
+ at item debug
+Turn on debug output in the keyserver helper program.  Note that the
+details of debug output depends on which keyserver helper program is
+being used, and in turn, on any libraries that the keyserver helper
+program uses internally (libcurl, openldap, etc).
 @end table
 
 @item --completes-needed @code{n}
@@ -1809,6 +1887,10 @@
 @opindex fixed-list-mode
 Do not merge primary user ID and primary key in @option{--with-colon}
 listing mode and print all timestamps as seconds since 1970-01-01.
+ at ifclear gpgone
+Since GnuPG 2.0.10, this mode is always used and thus this option is
+obsolete; it does not harm to use it though.
+ at end ifclear
 
 @item --with-fingerprint
 @opindex with-fingerprint
@@ -1886,7 +1968,7 @@
 and use @code{none} to set no preference at all.  This allows the user
 to factor in their own preferred algorithms when algorithms are chosen
 via recipient key preferences.  The most highly ranked digest
-algorithm in this list is algo used when signing without encryption
+algorithm in this list is also used when signing without encryption
 (e.g. @option{--clearsign} or @option{--sign}). The default value is
 SHA-1.
 
@@ -1896,7 +1978,7 @@
 algorithms, and use @code{none} to set no preference at all.  This
 allows the user to factor in their own preferred algorithms when
 algorithms are chosen via recipient key preferences.  The most highly
-ranked compression algorithm in this list is algo used when there are
+ranked compression algorithm in this list is also used when there are
 no recipient keys to consider (e.g. @option{--symmetric}).
 
 @item --s2k-cipher-algo @code{name}
@@ -1980,9 +2062,9 @@
 available, but the MIT release is a good common baseline.
 
 This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --no-sk-comment --escape-from-lines
---force-v3-sigs --cipher-algo IDEA --digest-algo MD5 --compress-algo
-ZIP}. It also disables @option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
+IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
+ at option{--textmode} when encrypting.
 
 @item --pgp6
 @opindex pgp6
@@ -1993,8 +2075,8 @@
 --throw-keyids, and making signatures with signing subkeys as PGP 6
 does not understand signatures made by signing subkeys.
 
-This option implies @option{--disable-mdc --no-sk-comment
---escape-from-lines --force-v3-sigs}.
+This option implies @option{--disable-mdc --escape-from-lines
+--force-v3-sigs}.
 
 @item --pgp7
 @opindex pgp7
@@ -2066,11 +2148,13 @@
 @code{file}.
 
 @item --logger-fd @code{n}
-Write log output to file descriptor @code{n} and not to stderr.
+Write log output to file descriptor @code{n} and not to STDERR.
 
- at item --logger-file @code{file}
+ at item --log-file @code{file}
+ at itemx --logger-file @code{file}
 Same as @option{--logger-fd}, except the logger data is written to file
- at code{file}.
+ at code{file}.  Note that @option{--log-file} is only implemented for
+GnuPG-2.
 
 @item --attribute-fd @code{n}
 Write attribute subpackets to the file descriptor @code{n}. This is most
@@ -2152,10 +2236,10 @@
 
 @item --for-your-eyes-only
 @itemx --no-for-your-eyes-only
-Set the `for your eyes only' flag in the message. This causes GnuPG
-to refuse to save the file unless the @option{--output} option is given, and
-PGP to use the "secure viewer" with a Tempest-resistant font to
-display the message. This option overrides @option{--set-filename}.
+Set the `for your eyes only' flag in the message. This causes GnuPG to
+refuse to save the file unless the @option{--output} option is given,
+and PGP to use a "secure viewer" with a claimed Tempest-resistant font
+to display the message. This option overrides @option{--set-filename}.
 @option{--no-for-your-eyes-only} disables this option.
 
 @item --use-embedded-filename
@@ -2221,12 +2305,15 @@
 
 @item --throw-keyids
 @itemx --no-throw-keyids
-Do not put the recipient key IDs into encrypted messages. This helps
-to hide the receivers of the message and is a limited countermeasure
-against traffic analysis. On the receiving side, it may slow down the
-decryption process because all available secret keys must be tried.
- at option{--no-throw-keyids} disables this option. This option is essentially
-the same as using @option{--hidden-recipient} for all recipients.
+Do not put the recipient key IDs into encrypted messages. This helps to
+hide the receivers of the message and is a limited countermeasure
+against traffic analysis. at footnote{Using a little social engineering
+anyone who is able to decrypt the message can check whether one of the
+other recipients is the one he suspects.}  On the receiving side, it may
+slow down the decryption process because all available secret keys must
+be tried.  @option{--no-throw-keyids} disables this option. This option
+is essentially the same as using @option{--hidden-recipient} for all
+recipients.
 
 @item --not-dash-escaped
 This option changes the behavior of cleartext signatures
@@ -2253,7 +2340,7 @@
 @item --passphrase-fd @code{n}
 Read the passphrase from file descriptor @code{n}. Only the first line
 will be read from file descriptor @code{n}. If you use 0 for @code{n},
-the passphrase will be read from stdin. This can only be used if only
+the passphrase will be read from STDIN. This can only be used if only
 one passphrase is supplied.
 @ifclear gpgone
 Note that this passphrase is only used if the option @option{--batch}
@@ -2415,12 +2502,16 @@
 
 @item --allow-multiple-messages
 @item --no-allow-multiple-messages
-Allow processing of multiple OpenPGP messages contained in a single
-file or stream.  Some programs that call GPG are not prepared to deal
-with multiple messages being processed together, so this option
-defaults to no.  Note that versions of GPG prior to 1.4.7 always
-allowed multiple messages.
+Allow processing of multiple OpenPGP messages contained in a single file
+or stream.  Some programs that call GPG are not prepared to deal with
+multiple messages being processed together, so this option defaults to
+no.  Note that versions of GPG prior to 1.4.7 always allowed multiple
+messages.  
 
+Warning: Do not use this option unless you need it as a temporary
+workaround!
+
+
 @item --enable-special-filenames
 This options enables a mode in which filenames of the form
 @file{-&n}, where n is a non-negative decimal number,
@@ -2542,12 +2633,12 @@
 @table @file
 
 @item gpg.conf
- at cindex gpgsm.conf
+ at cindex gpg.conf
 This is the standard configuration file read by @command{@gpgname} on
 startup.  It may contain any valid long option; the leading two dashes
 may not be entered and the option may not be abbreviated.  This default
-name may be changed on the command line (@pxref{option
-  --options}).
+name may be changed on the command line (@pxref{option --options}).
+You should backup this file.
 
 @end table
 
@@ -2567,31 +2658,32 @@
 
 @table @file
 @item ~/.gnupg/secring.gpg
-The secret keyring.
+The secret keyring.  You should backup this file.
 
 @item ~/.gnupg/secring.gpg.lock
-and the lock file
+The lock file for the secret keyring.
 
 @item ~/.gnupg/pubring.gpg
-The public keyring
+The public keyring.  You should backup this file.
 
 @item ~/.gnupg/pubring.gpg.lock
-and the lock file
+The lock file for the public keyring.
 
 @item ~/.gnupg/trustdb.gpg
-The trust database
+The trust database.  There is no need to backup this file; it is better
+to backup the ownertrust values (@pxref{option --export-ownertrust}).
 
 @item ~/.gnupg/trustdb.gpg.lock
-and the lock file
+The lock file for the trust database.
 
 @item ~/.gnupg/random_seed
-used to preserve the internal random pool
+A file used to preserve the state of the internal random pool.
 
 @item /usr[/local]/share/gnupg/options.skel
-Skeleton options file
+The skeleton options file.
 
 @item /usr[/local]/lib/gnupg/
-Default location for extensions
+Default location for extensions.
 
 @end table
 
@@ -2619,7 +2711,7 @@
 
 @item PINENTRY_USER_DATA
 This value is passed via gpg-agent to pinentry.  It is useful to convey
-extra information to a custom pinentry
+extra information to a custom pinentry.
 
 @item COLUMNS
 @itemx LINES
@@ -2628,12 +2720,13 @@
 
 @item LANGUAGE
 Apart from its use by GNU, it is used in the W32 version to override the
-language selection done through the Registry.  If used and set to a a
+language selection done through the Registry.  If used and set to a
 valid and available language name (@var{langid}), the file with the
 translation is loaded from
 @code{@var{gpgdir}/gnupg.nls/@var{langid}.mo}.  Here @var{gpgdir} is the
-directory out of which the gpg binary has been laoded.  If it can't be
-loaded the Registry is tried as a fallback.
+directory out of which the gpg binary has been loaded.  If it can't be
+loaded the Registry is tried and as last resort the native Windows
+locale system is used.  
 
 @end table
 
@@ -2658,6 +2751,9 @@
 @item gpg -sb @code{file}
 make a detached signature
 
+ at item gpg -u 0x12345678 -sb @code{file}
+make a detached signature with the key 0x12345678
+
 @item gpg --list-keys @code{user_ID}
 show keys
 
@@ -2706,7 +2802,7 @@
 
 If you are going to verify detached signatures, make sure that the
 program knows about it; either give both filenames on the command line
-or use @samp{-} to specify stdin.
+or use @samp{-} to specify STDIN.
 
 @mansect interoperability
 @chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS

Modified: branches/STABLE-BRANCH-1-4/doc/gpgv.texi
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/gpgv.texi	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/doc/gpgv.texi	2009-08-13 08:45:23 UTC (rev 5113)
@@ -123,13 +123,14 @@
 @table @asis
 
 @item @gpgvname @code{pgpfile}
- at itemx @gpgvname @code{sigfile} 
-Verify the signature of the file. The second form
-is used for detached signatures, where @code{sigfile} is the detached
-signature (either ASCII-armored or binary) and are the signed
-data; if this is not given the name of the file holding the signed data is
-constructed by cutting off the extension (".asc", ".sig" or ".sign") from
- at code{sigfile}.
+ at itemx @gpgvname @code{sigfile} [@code{datafile}]
+Verify the signature of the file. The second form is used for detached
+signatures, where @code{sigfile} is the detached signature (either
+ASCII-armored or binary) and @code{datafile} contains the signed data;
+if @code{datafile} is "-" the signed data is expected on
+ at code{stdin}; if @code{datafile} is not given the name of the file
+holding the signed data is constructed by cutting off the extension
+(".asc", ".sig" or ".sign") from @code{sigfile}.
 
 @end table
 

Modified: branches/STABLE-BRANCH-1-4/g10/app-openpgp.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/app-openpgp.c	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/g10/app-openpgp.c	2009-08-13 08:45:23 UTC (rev 5113)
@@ -214,6 +214,11 @@
                             const void *indata, size_t indatalen,
                             unsigned char **outdata, size_t *outdatalen);
 static void parse_algorithm_attribute (app_t app, int keyno);
+static gpg_error_t change_keyattr_from_string
+                           (app_t app, 
+                            gpg_error_t (*pincb)(void*, const char *, char **),
+                            void *pincb_arg,
+                            const void *value, size_t valuelen);
 
 
 
@@ -1793,6 +1798,7 @@
     { "CERT-3",       0x7F21, 3, 0, 1 },
     { "SM-KEY-ENC",   0x00D1, 3, 0, 1 },
     { "SM-KEY-MAC",   0x00D2, 3, 0, 1 },
+    { "KEY-ATTR",     0,      0, 3, 1 },
     { NULL, 0 }
   };
   int exmode;
@@ -1804,6 +1810,9 @@
   if (table[idx].need_v2 && !app->app_local->extcap.is_v2)
     return gpg_error (GPG_ERR_NOT_SUPPORTED); /* Not yet supported.  */
 
+  if (table[idx].special == 3)
+    return change_keyattr_from_string (app, pincb, pincb_arg, value, valuelen);
+
   switch (table[idx].need_chv)
     {
     case 2:
@@ -2404,7 +2413,46 @@
 }
 
 
+/* Helper to process an setattr command for name KEY-ATTR.  It expects
+   a string "--force <keyno> <algo> <nbits>" in (VALUE,VALUELEN).  */
+static gpg_error_t 
+change_keyattr_from_string (app_t app, 
+                            gpg_error_t (*pincb)(void*, const char *, char **),
+                            void *pincb_arg,
+                            const void *value, size_t valuelen)
+{
+  gpg_error_t err;
+  char *string;
+  int keyno, algo;
+  unsigned int nbits;
 
+  /* VALUE is expected to be a string but not guaranteed to be
+     terminated.  Thus copy it to an allocated buffer first. */
+  string = xtrymalloc (valuelen+1);
+  if (!string)
+    return gpg_error_from_syserror ();
+  memcpy (string, value, valuelen);
+  string[valuelen] = 0;
+
+  /* Because this function deletes the key we require the string
+     "--force" in the data to make clear that something serious might
+     happen.  */
+  if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3)
+    err = gpg_error (GPG_ERR_INV_DATA);
+  else if (keyno < 1 || keyno > 3)
+    err = gpg_error (GPG_ERR_INV_ID);
+  else if (algo != 1)
+    err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA.  */
+  else if (nbits < 1024)
+    err = gpg_error (GPG_ERR_TOO_SHORT);
+  else
+    err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg);
+
+  xfree (string);
+  return err;
+}
+
+
 /* Handle the WRITEKEY command for OpenPGP.  This function expects a
    canonical encoded S-expression with the secret key in KEYDATA and
    its length (for assertions) in KEYDATALEN.  KEYID needs to be the

Modified: branches/STABLE-BRANCH-1-4/g10/card-util.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/card-util.c	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/g10/card-util.c	2009-08-13 08:45:23 UTC (rev 5113)
@@ -23,6 +23,10 @@
 #include <string.h>
 #include <errno.h>
 #include <assert.h>
+#ifdef HAVE_LIBREADLINE
+# define GNUPG_LIBREADLINE_H_INCLUDED
+# include <readline/readline.h>
+#endif /*HAVE_LIBREADLINE*/
 
 #if GNUPG_MAJOR_VERSION != 1
 # include "gpg.h"
@@ -34,12 +38,8 @@
 #include "options.h"
 #include "main.h"
 #include "keyserver-internal.h"
+
 #if GNUPG_MAJOR_VERSION == 1
-# ifdef HAVE_LIBREADLINE
-# define GNUPG_LIBREADLINE_H_INCLUDED
-# include <stdio.h>
-# include <readline/readline.h>
-# endif /*HAVE_LIBREADLINE*/
 # include "cardglue.h"
 #else /*GNUPG_MAJOR_VERSION!=1*/
 # include "call-agent.h"
@@ -1158,6 +1158,8 @@
     rc = agent_scd_getattr ("DISP-NAME", info);
   if (!rc)
     rc = agent_scd_getattr ("EXTCAP", info);
+  if (!rc)
+    rc = agent_scd_getattr ("KEY-ATTR", info);
   if (rc)
     log_error (_("error getting current key info: %s\n"), gpg_strerror (rc));
   return rc;
@@ -1254,33 +1256,113 @@
 
 
 static void
+show_keysize_warning (void)
+{
+  static int shown;
+
+  if (shown)
+    return;
+  shown = 1;
+  tty_printf
+    (_("NOTE: There is no guarantee that the card "
+       "supports the requested size.\n"
+       "      If the key generation does not succeed, "
+       "please check the\n"
+       "      documentation of your card to see what "
+       "sizes are allowed.\n"));
+}
+
+
+/* Ask for the size of a card key.  NBITS is the current size
+   configured for the card.  KEYNO is the number of the key used to
+   select the prompt.  Returns 0 to use the default size (i.e. NBITS)
+   or the selected size.  */
+static unsigned int
+ask_card_keysize (int keyno, unsigned int nbits)
+{
+  unsigned int min_nbits = 1024;
+  unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan.  */
+  char *prompt, *answer;
+  unsigned int req_nbits;
+
+  for (;;)
+    {
+      prompt = xasprintf 
+        (keyno == 0?
+         _("What keysize do you want for the Signature key? (%u) "):
+         keyno == 1?
+         _("What keysize do you want for the Encryption key? (%u) "):
+         _("What keysize do you want for the Authentication key? (%u) "),
+         nbits);
+      answer = cpr_get ("cardedit.genkeys.size", prompt);
+      cpr_kill_prompt ();
+      req_nbits = *answer? atoi (answer): nbits;
+      xfree (prompt);
+      xfree (answer);
+      
+      if (req_nbits != nbits && (req_nbits % 32) )
+        {
+          req_nbits = ((req_nbits + 31) / 32) * 32;
+          tty_printf (_("rounded up to %u bits\n"), req_nbits);
+        }
+  
+      if (req_nbits == nbits)
+        return 0;  /* Use default.  */
+      
+      if (req_nbits < min_nbits || req_nbits > max_nbits)
+        {
+          tty_printf (_("%s keysizes must be in the range %u-%u\n"),
+                      "RSA", min_nbits, max_nbits);
+        }
+      else
+        {
+          tty_printf (_("The card will now be re-configured "
+                        "to generate a key of %u bits\n"), req_nbits);
+          show_keysize_warning ();
+          return req_nbits;
+        }
+    }
+}
+
+
+/* Change the size of key KEYNO (0..2) to NBITS and show an error
+   message if that fails.  */
+static gpg_error_t
+do_change_keysize (int keyno, unsigned int nbits) 
+{
+  gpg_error_t err;
+  char args[100];
+  
+  snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
+  err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
+  if (err)
+    log_error (_("error changing size of key %d to %u bits: %s\n"), 
+               keyno+1, nbits, gpg_strerror (err));
+  return err;
+}
+ 
+
+static void
 generate_card_keys (void)
 {
   struct agent_card_info_s info;
   int forced_chv1;
   int want_backup;
+  int keyno;
 
   if (get_info_for_key_operation (&info))
     return;
 
   if (info.extcap.ki)
     {
-#if GNUPG_MAJOR_VERSION == 1
       char *answer;
 
-
       answer = cpr_get ("cardedit.genkeys.backup_enc",
                         _("Make off-card backup of encryption key? (Y/n) "));
 
-      want_backup=answer_is_yes_no_default(answer,1);
-      cpr_kill_prompt();
-      xfree(answer);
-#else
-      want_backup = cpr_get_answer_is_yes 
-          ( "cardedit.genkeys.backup_enc",
-                    _("Make off-card backup of encryption key? (Y/n) "));
-  /*FIXME: we need answer_is_yes_no_default()*/
-#endif
+      want_backup = answer_is_yes_no_default (answer, 1/*(default to Yes)*/);
+      cpr_kill_prompt ();
+      xfree (answer);
     }
   else
     want_backup = 0;
@@ -1290,16 +1372,19 @@
        || (info.fpr3valid && !fpr_is_zero (info.fpr3)))
     {
       tty_printf ("\n");
-      log_info ("NOTE: keys are already stored on the card!\n");
+      log_info (_("NOTE: keys are already stored on the card!\n"));
       tty_printf ("\n");
-      if ( !cpr_get_answer_is_yes( "cardedit.genkeys.replace_keys",
-                                  _("Replace existing keys? (y/N) ")))
+      if ( !cpr_get_answer_is_yes ("cardedit.genkeys.replace_keys",
+                                   _("Replace existing keys? (y/N) ")))
         {
           agent_release_card_info (&info);
           return;
         }
     }
-  else if (!info.disp_name || !*info.disp_name)
+
+  /* If no displayed name has been set, we assume that this is a fresh
+     card and print a hint about the default PINs.  */
+  if (!info.disp_name || !*info.disp_name)
     {
       tty_printf ("\n");
       tty_printf (_("Please note that the factory settings of the PINs are\n"
@@ -1311,10 +1396,32 @@
 
   if (check_pin_for_key_operation (&info, &forced_chv1))
     goto leave;
-  
-  generate_keypair (NULL, info.serialno,
-                    want_backup? opt.homedir:NULL);
 
+  /* If the cards features changeable key attributes, we ask for the
+     key size.  */
+  if (info.is_v2 && info.extcap.aac)
+    {
+      unsigned int nbits;
+
+      for (keyno = 0; keyno < DIM (info.key_attr); keyno++)
+        {
+          nbits = ask_card_keysize (keyno, info.key_attr[keyno].nbits);
+          if (nbits && do_change_keysize (keyno, nbits))
+            {
+              /* Error: Better read the default key size again.  */
+              agent_release_card_info (&info);
+              if (get_info_for_key_operation (&info))
+                goto leave;
+              /* Ask again for this key size. */
+              keyno--;
+            }
+        }
+      /* Note that INFO has not be synced.  However we will only use
+         the serialnumber and thus it won't harm.  */
+    }
+     
+  generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
+
  leave:
   agent_release_card_info (&info);
   restore_forced_chv1 (&forced_chv1);
@@ -1365,6 +1472,26 @@
   if (check_pin_for_key_operation (&info, &forced_chv1))
     goto leave;
 
+  /* If the cards features changeable key attributes, we ask for the
+     key size.  */
+  if (info.is_v2 && info.extcap.aac)
+    {
+      unsigned int nbits;
+
+    ask_again:
+      nbits = ask_card_keysize (keyno-1, info.key_attr[keyno-1].nbits);
+      if (nbits && do_change_keysize (keyno-1, nbits))
+        {
+          /* Error: Better read the default key size again.  */
+          agent_release_card_info (&info);
+          if (get_info_for_key_operation (&info))
+            goto leave;
+          goto ask_again;
+        }
+      /* Note that INFO has not be synced.  However we will only use
+         the serialnumber and thus it won't harm.  */
+    }
+
   okay = generate_card_subkeypair (pub_keyblock, sec_keyblock,
                                    keyno, info.serialno);
 
@@ -1577,7 +1704,7 @@
   };
 
 
-#if GNUPG_MAJOR_VERSION == 1 && defined (HAVE_LIBREADLINE)
+#ifdef HAVE_LIBREADLINE
 
 /* These two functions are used by readline for command completion. */
 
@@ -1610,6 +1737,7 @@
 static char **
 card_edit_completion(const char *text, int start, int end)
 {
+  (void)end;
   /* If we are at the start of a line, we try and command-complete.
      If not, just do nothing for now. */
 
@@ -1620,7 +1748,7 @@
 
   return NULL;
 }
-#endif /* GNUPG_MAJOR_VERSION == 1 && HAVE_LIBREADLINE */
+#endif /*HAVE_LIBREADLINE*/
 
 /* Menu to edit all user changeable values on an OpenPGP card.  Only
    Key creation is not handled here. */
@@ -1688,15 +1816,11 @@
 
 	    if (!have_commands)
               {
-#if GNUPG_MAJOR_VERSION == 1
 		tty_enable_completion (card_edit_completion);
-#endif
 		answer = cpr_get_no_help("cardedit.prompt", _("Command> "));
 		cpr_kill_prompt();
-#if GNUPG_MAJOR_VERSION == 1
 		tty_disable_completion ();
-#endif
-	    }
+              }
 	    trim_spaces(answer);
 	}
       while ( *answer == '#' );

Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.h
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/cardglue.h	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/g10/cardglue.h	2009-08-13 08:45:23 UTC (rev 5113)
@@ -134,6 +134,11 @@
 #define GPG_ERR_ENODEV            G10ERR_GENERAL
 #define GPG_ERR_CANCELED          G10ERR_CANCELED
 
+#define GPG_ERR_INV_DATA          G10ERR_GENERAL
+#define GPG_ERR_PUBKEY_ALGO       G10ERR_PUBKEY_ALGO
+#define GPG_ERR_TOO_SHORT         G10ERR_INV_ARG
+
+
 typedef int gpg_error_t;
 typedef int gpg_err_code_t;
 

Modified: branches/STABLE-BRANCH-1-4/g10/ccid-driver.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ccid-driver.c	2009-08-12 05:01:08 UTC (rev 5112)
+++ branches/STABLE-BRANCH-1-4/g10/ccid-driver.c	2009-08-13 08:45:23 UTC (rev 5113)
@@ -413,7 +413,7 @@
         {
           if (any)
             DEBUGOUT_LF ();
-          DEBUGOUT_1 ("  [%04d] ", off);
+          DEBUGOUT_1 ("  [%04lu] ", (unsigned long) off);
         }
       DEBUGOUT_CONT_1 (" %02X", data[off]);
       any = 1;
@@ -944,6 +944,11 @@
 	 0x5111 - SCR 331-DI 
 	 0x5115 - SCR 335 
 	 0xe003 - SPR 532 
+     The     
+         0x5117 - SCR 3320 USB ID-000 reader
+     seems to be very slow but enabling this workaround boosts the
+     performance to a a more or less acceptable level (tested by David). 
+         
   */
   if (handle->id_vendor == VENDOR_SCM
       && handle->max_ifsd > 48      
@@ -951,6 +956,7 @@
           ||(handle->id_product == 0x5111 && handle->bcd_device < 0x0620)
           ||(handle->id_product == 0x5115 && handle->bcd_device < 0x0514)
           ||(handle->id_product == 0xe003 && handle->bcd_device < 0x0504)
+          ||(handle->id_product == 0x5117 && handle->bcd_device < 0x0522)
           ))
     {
       DEBUGOUT ("enabling workaround for buggy SCM readers\n");

Modified: branches/STABLE-BRANCH-1-4/po/be.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/ca.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/cs.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/da.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/de.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/el.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/eo.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/es.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/et.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/fi.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/fr.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/gl.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/hu.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/id.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/it.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/ja.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/nb.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/nl.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/pl.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/pt.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/pt_BR.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/ro.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/ru.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/sk.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/sv.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/tr.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/zh_CN.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/zh_TW.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 13 17:09:02 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Thu, 13 Aug 2009 17:09:02 +0200
Subject: [svn] GnuPG -  r5114 - branches/STABLE-BRANCH-1-4
Message-ID: <E1Mbaaj-00070M-U2@lists.gnupg.com>

Author: dshaw
Date: 2009-08-13 17:09:02 +0200 (Thu, 13 Aug 2009)
New Revision: 5114

Modified:
   branches/STABLE-BRANCH-1-4/ChangeLog
   branches/STABLE-BRANCH-1-4/NEWS
Log:
* NEWS: Note Camellia and hkps.


Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 08:45:23 UTC (rev 5113)
+++ branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 15:09:02 UTC (rev 5114)
@@ -1,3 +1,7 @@
+2009-08-13  David Shaw  <dshaw at jabberwocky.com>
+
+	* NEWS: Note Camellia and hkps.
+
 2009-07-21  Werner Koch  <wk at g10code.com>
 
 	* configure.ac (AH_BOTTOM): Add macros for estream-printf.

Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS	2009-08-13 08:45:23 UTC (rev 5113)
+++ branches/STABLE-BRANCH-1-4/NEWS	2009-08-13 15:09:02 UTC (rev 5114)
@@ -17,7 +17,11 @@
 
     * Many smaller bug fixes.
 
+    * Support for the Camellia cipher (RFC-5581).
 
+    * Support for HKP keyservers over SSL ("HKPS").
+
+
 Noteworthy changes in version 1.4.9 (2008-03-26)
 ------------------------------------------------
 



From cvs at cvs.gnupg.org  Thu Aug 13 17:31:24 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 13 Aug 2009 17:31:24 +0200
Subject: [svn] GnuPG -  r5115 - in branches/STABLE-BRANCH-1-4: . po
Message-ID: <E1MbawN-0007Yk-UX@lists.gnupg.com>

Author: wk
Date: 2009-08-13 17:31:24 +0200 (Thu, 13 Aug 2009)
New Revision: 5115

Modified:
   branches/STABLE-BRANCH-1-4/ChangeLog
   branches/STABLE-BRANCH-1-4/README
   branches/STABLE-BRANCH-1-4/configure.ac
   branches/STABLE-BRANCH-1-4/po/ChangeLog
   branches/STABLE-BRANCH-1-4/po/de.po
Log:
Updated the German translation.  Minor doc changes.


Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 15:09:02 UTC (rev 5114)
+++ branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 15:31:24 UTC (rev 5115)
@@ -1,3 +1,7 @@
+2009-08-13  Werner Koch  <wk at g10code.com>
+
+	Release 1.4.10rc1.
+
 2009-08-13  David Shaw  <dshaw at jabberwocky.com>
 
 	* NEWS: Note Camellia and hkps.

Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-13 15:09:02 UTC (rev 5114)
+++ branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-13 15:31:24 UTC (rev 5115)
@@ -1,3 +1,7 @@
+2009-08-13  Werner Koch  <wk at g10code.com>
+
+	* de.po: Update.
+
 2009-07-14  Werner Koch  <wk at g10code.com>
 
 	* de.po: s/nicht-exportf?hig/unwiderrufbar/.  Reported by Simon

Modified: branches/STABLE-BRANCH-1-4/README
===================================================================
--- branches/STABLE-BRANCH-1-4/README	2009-08-13 15:09:02 UTC (rev 5114)
+++ branches/STABLE-BRANCH-1-4/README	2009-08-13 15:31:24 UTC (rev 5115)
@@ -1,10 +1,11 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-			    Version 1.4.9
+                            Version 1.4.10
 
-	 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
-	   2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+	 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 
+                   2004, 2005, 2006, 2007, 2008,
+                   2009  Free Software Foundation, Inc.
 
     This file is free software; as a special exception the author
     gives unlimited permission to copy and/or distribute it, with or
@@ -29,7 +30,9 @@
     See http://www.gnupg.org/download/supported_systems.html for a
     list of systems which are known to work.
 
-    See the file COPYING for copyright and warranty information.
+    GnuPG is distributed under the terms of the GNU General Public
+    License.  See the file COPYING for copyright and warranty
+    information.
 
     Because GnuPG does not use use any patented algorithms it is not
     by default fully compatible with PGP 2.x, which uses the patented

Modified: branches/STABLE-BRANCH-1-4/configure.ac
===================================================================
--- branches/STABLE-BRANCH-1-4/configure.ac	2009-08-13 15:09:02 UTC (rev 5114)
+++ branches/STABLE-BRANCH-1-4/configure.ac	2009-08-13 15:31:24 UTC (rev 5115)
@@ -25,8 +25,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh --force" right before creating a distribution.
-m4_define([my_version], [1.4.10])
-m4_define([my_issvn], [yes])
+m4_define([my_version], [1.4.10rc1])
+m4_define([my_issvn], [no])
 m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
           | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
 AC_INIT([gnupg], 

Modified: branches/STABLE-BRANCH-1-4/po/de.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 13 17:35:14 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 13 Aug 2009 17:35:14 +0200
Subject: [svn] GnuPG -  r5116 - in branches/STABLE-BRANCH-1-4: . po
Message-ID: <E1Mbb05-0007i7-Pt@lists.gnupg.com>

Author: wk
Date: 2009-08-13 17:35:14 +0200 (Thu, 13 Aug 2009)
New Revision: 5116

Modified:
   branches/STABLE-BRANCH-1-4/ChangeLog
   branches/STABLE-BRANCH-1-4/Makefile.am
   branches/STABLE-BRANCH-1-4/po/de.po
Log:
Makefile tweak and de.po line number update


Modified: branches/STABLE-BRANCH-1-4/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 15:31:24 UTC (rev 5115)
+++ branches/STABLE-BRANCH-1-4/ChangeLog	2009-08-13 15:35:14 UTC (rev 5116)
@@ -2,6 +2,9 @@
 
 	Release 1.4.10rc1.
 
+	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove now obsolete
+	--enable-camellia
+
 2009-08-13  David Shaw  <dshaw at jabberwocky.com>
 
 	* NEWS: Note Camellia and hkps.

Modified: branches/STABLE-BRANCH-1-4/Makefile.am
===================================================================
--- branches/STABLE-BRANCH-1-4/Makefile.am	2009-08-13 15:31:24 UTC (rev 5115)
+++ branches/STABLE-BRANCH-1-4/Makefile.am	2009-08-13 15:35:14 UTC (rev 5116)
@@ -17,8 +17,7 @@
 ## Process this file with automake to produce Makefile.in
 
 ACLOCAL_AMFLAGS = -I m4
-DISTCHECK_CONFIGURE_FLAGS = --enable-selinux-support \
-                            --enable-camellia --enable-mailto
+DISTCHECK_CONFIGURE_FLAGS = --enable-selinux-support --enable-mailto
 AUTOMAKE_OPTIONS = dist-bzip2 filename-length-max=99
 
 if CROSS_COMPILING

Modified: branches/STABLE-BRANCH-1-4/po/de.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 13 17:41:33 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 13 Aug 2009 17:41:33 +0200
Subject: [svn] GnuPG -  r5117 - tags
Message-ID: <E1Mbb6C-0007zy-91@lists.gnupg.com>

Author: wk
Date: 2009-08-13 17:41:32 +0200 (Thu, 13 Aug 2009)
New Revision: 5117

Added:
   tags/gnupg-1.4.10rc1/
Log:
Release tag




From cvs at cvs.gnupg.org  Fri Aug 14 21:43:26 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Fri, 14 Aug 2009 21:43:26 +0200
Subject: [svn] GnuPG -  r5118 - trunk/doc
Message-ID: <E1Mc1Lc-0006yq-54@lists.gnupg.com>

Author: dshaw
Date: 2009-08-14 21:43:26 +0200 (Fri, 14 Aug 2009)
New Revision: 5118

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gpg.texi
Log:
* gpg.texi (GPG Configuration Options): Document keyserver options
check-cert and ca-cert-file.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-08-13 15:41:32 UTC (rev 5117)
+++ trunk/doc/ChangeLog	2009-08-14 19:43:26 UTC (rev 5118)
@@ -1,3 +1,8 @@
+2009-08-14  David Shaw  <dshaw at jabberwocky.com>
+
+	* gpg.texi (GPG Configuration Options): Document keyserver options
+	check-cert and ca-cert-file.
+
 2009-08-06  Werner Koch  <wk at g10code.com>
 
 	* DETAILS: Describe the new INV_SNDR and NO_SNDR..

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2009-08-13 15:41:32 UTC (rev 5117)
+++ trunk/doc/gpg.texi	2009-08-14 19:43:26 UTC (rev 5118)
@@ -1429,11 +1429,11 @@
 
 @item --keyserver-options @code{name=value1 }
 This is a space or comma delimited string that gives options for the
-keyserver. Options can be prepended with a `no-' to give the opposite
-meaning. Valid import-options or export-options may be used here as well
-to apply to importing (@option{--recv-key}) or exporting
-(@option{--send-key}) a key from a keyserver. While not all options are
-available for all keyserver types, some common options are:
+keyserver. Options can be prefixed with a `no-' to give the opposite
+meaning. Valid import-options or export-options may be used here as
+well to apply to importing (@option{--recv-key}) or exporting
+(@option{--send-key}) a key from a keyserver. While not all options
+are available for all keyserver types, some common options are:
 
 @table @asis
 
@@ -1515,6 +1515,16 @@
 details of debug output depends on which keyserver helper program is
 being used, and in turn, on any libraries that the keyserver helper
 program uses internally (libcurl, openldap, etc).
+
+ at item check-cert
+Enable certificate checking if the keyserver presents one (for hkps or
+ldaps).  Defaults to on.
+
+ at item ca-cert-file
+Provide a certificate file to override the system default.  Only
+necessary if check-cert is enabled, and the keyserver is using a
+certificate that is not present in a system default certificate list.
+
 @end table
 
 @item --completes-needed @code{n}



From cvs at cvs.gnupg.org  Mon Aug 17 18:48:49 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Mon, 17 Aug 2009 18:48:49 +0200
Subject: [svn] GnuPG -  r5119 - trunk/doc
Message-ID: <E1Md42g-00018M-Ps@lists.gnupg.com>

Author: dshaw
Date: 2009-08-17 18:48:49 +0200 (Mon, 17 Aug 2009)
New Revision: 5119

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gpg.texi
Log:
* gpg.texi (OpenPGP Options): Clarify that personal-foo-preferences
overrides recipient preferences (safely).


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-08-14 19:43:26 UTC (rev 5118)
+++ trunk/doc/ChangeLog	2009-08-17 16:48:49 UTC (rev 5119)
@@ -1,3 +1,8 @@
+2009-08-17  David Shaw  <dshaw at jabberwocky.com>
+
+	* gpg.texi (OpenPGP Options): Clarify that
+	personal-foo-preferences overrides recipient preferences (safely).
+
 2009-08-14  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.texi (GPG Configuration Options): Document keyserver options

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2009-08-14 19:43:26 UTC (rev 5118)
+++ trunk/doc/gpg.texi	2009-08-17 16:48:49 UTC (rev 5119)
@@ -1968,17 +1968,19 @@
 Set the list of personal cipher preferences to @code{string}.  Use
 @command{@gpgname --version} to get a list of available algorithms,
 and use @code{none} to set no preference at all.  This allows the user
-to factor in their own preferred algorithms when algorithms are chosen
-via recipient key preferences.  The most highly ranked cipher in this
-list is also used for the @option{--symmetric} encryption command.
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients.  The most highly ranked cipher in this list is also
+used for the @option{--symmetric} encryption command.
 
 @item --personal-digest-preferences @code{string}
 Set the list of personal digest preferences to @code{string}.  Use
 @command{@gpgname --version} to get a list of available algorithms,
 and use @code{none} to set no preference at all.  This allows the user
-to factor in their own preferred algorithms when algorithms are chosen
-via recipient key preferences.  The most highly ranked digest
-algorithm in this list is also used when signing without encryption
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients.  The most highly ranked digest algorithm in this list
+is also used when signing without encryption
 (e.g. @option{--clearsign} or @option{--sign}). The default value is
 SHA-1.
 
@@ -1986,10 +1988,11 @@
 Set the list of personal compression preferences to @code{string}.
 Use @command{@gpgname --version} to get a list of available
 algorithms, and use @code{none} to set no preference at all.  This
-allows the user to factor in their own preferred algorithms when
-algorithms are chosen via recipient key preferences.  The most highly
-ranked compression algorithm in this list is also used when there are
-no recipient keys to consider (e.g. @option{--symmetric}).
+allows the user to safely override the algorithm chosen by the
+recipient key preferences, as GPG will only select an algorithm that
+is usable by all recipients.  The most highly ranked compression
+algorithm in this list is also used when there are no recipient keys
+to consider (e.g. @option{--symmetric}).
 
 @item --s2k-cipher-algo @code{name}
 Use @code{name} as the cipher algorithm used to protect secret keys.



From cvs at cvs.gnupg.org  Tue Aug 18 11:25:44 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 18 Aug 2009 11:25:44 +0200
Subject: [svn] GnuPG -  r5120 - branches/STABLE-BRANCH-1-4/doc
Message-ID: <E1MdJbJ-0000JZ-3I@lists.gnupg.com>

Author: wk
Date: 2009-08-18 11:25:43 +0200 (Tue, 18 Aug 2009)
New Revision: 5120

Modified:
   branches/STABLE-BRANCH-1-4/doc/ChangeLog
   branches/STABLE-BRANCH-1-4/doc/Makefile.am
   branches/STABLE-BRANCH-1-4/doc/gpg.texi
   branches/STABLE-BRANCH-1-4/doc/opt-homedir.texi
   branches/STABLE-BRANCH-1-4/doc/see-also-note.texi
Log:
Update doc.  This time also the included files.


Modified: branches/STABLE-BRANCH-1-4/doc/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/ChangeLog	2009-08-17 16:48:49 UTC (rev 5119)
+++ branches/STABLE-BRANCH-1-4/doc/ChangeLog	2009-08-18 09:25:43 UTC (rev 5120)
@@ -1,6 +1,11 @@
+2009-08-18  Werner Koch  <wk at g10code.com>
+
+	* Makefile.am (sources_from_trunk): New.
+	(update-source-from-gnupg-2): New.  Run it.  Fixes bug#917
+
 2009-08-13  Werner Koch  <wk at g10code.com>
 
-	* gpgv.texi, gpg.texi: Udpate from GnuPG-2.
+	* gpgv.texi, gpg.texi: Update from GnuPG-2.
 
 2008-04-30  David Shaw  <dshaw at jabberwocky.com>
 

Modified: branches/STABLE-BRANCH-1-4/doc/Makefile.am
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/Makefile.am	2009-08-17 16:48:49 UTC (rev 5119)
+++ branches/STABLE-BRANCH-1-4/doc/Makefile.am	2009-08-18 09:25:43 UTC (rev 5120)
@@ -22,9 +22,14 @@
              gpg.texi gpgv.texi specify-user-id.texi see-also-note.texi \
 	     opt-homedir.texi texi.css yat2m.c gpl.texi gpg-zip.1
 
+
 myman_sources = gpg.texi gpgv.texi
 myman_pages   = gpg.1 gpgv.1
 
+
+sources_from_trunk = $(myman_sources) \
+                     opt-homedir.texi specify-user-id.texi see-also-note.texi
+
 info_TEXINFOS = gnupg1.texi
 
 man_MANS = $(myman_pages) gnupg.7 gpg.ru.1 gpg-zip.1
@@ -105,3 +110,14 @@
 dist-hook:
 	@if test "`wc -c < gpg.1`" -lt 200; then \
 	    echo 'ERROR: dummy man page'; false; fi
+
+# Helper to update some source files.
+update-source-from-gnupg-2:
+	@set -e; \
+	 if test -d ../../gnupg/scd; then dir="../../gnupg"; \
+	 else exit 1; \
+	 fi; \
+	 for i in $(sources_from_trunk); do \
+           cp $$dir/doc/$$i $$i; echo $$i; \
+	 done ;\
+	 echo "Please remember to update the ChangeLog!"

Modified: branches/STABLE-BRANCH-1-4/doc/gpg.texi
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/gpg.texi	2009-08-17 16:48:49 UTC (rev 5119)
+++ branches/STABLE-BRANCH-1-4/doc/gpg.texi	2009-08-18 09:25:43 UTC (rev 5120)
@@ -1429,11 +1429,11 @@
 
 @item --keyserver-options @code{name=value1 }
 This is a space or comma delimited string that gives options for the
-keyserver. Options can be prepended with a `no-' to give the opposite
-meaning. Valid import-options or export-options may be used here as well
-to apply to importing (@option{--recv-key}) or exporting
-(@option{--send-key}) a key from a keyserver. While not all options are
-available for all keyserver types, some common options are:
+keyserver. Options can be prefixed with a `no-' to give the opposite
+meaning. Valid import-options or export-options may be used here as
+well to apply to importing (@option{--recv-key}) or exporting
+(@option{--send-key}) a key from a keyserver. While not all options
+are available for all keyserver types, some common options are:
 
 @table @asis
 
@@ -1515,6 +1515,16 @@
 details of debug output depends on which keyserver helper program is
 being used, and in turn, on any libraries that the keyserver helper
 program uses internally (libcurl, openldap, etc).
+
+ at item check-cert
+Enable certificate checking if the keyserver presents one (for hkps or
+ldaps).  Defaults to on.
+
+ at item ca-cert-file
+Provide a certificate file to override the system default.  Only
+necessary if check-cert is enabled, and the keyserver is using a
+certificate that is not present in a system default certificate list.
+
 @end table
 
 @item --completes-needed @code{n}
@@ -1958,17 +1968,19 @@
 Set the list of personal cipher preferences to @code{string}.  Use
 @command{@gpgname --version} to get a list of available algorithms,
 and use @code{none} to set no preference at all.  This allows the user
-to factor in their own preferred algorithms when algorithms are chosen
-via recipient key preferences.  The most highly ranked cipher in this
-list is also used for the @option{--symmetric} encryption command.
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients.  The most highly ranked cipher in this list is also
+used for the @option{--symmetric} encryption command.
 
 @item --personal-digest-preferences @code{string}
 Set the list of personal digest preferences to @code{string}.  Use
 @command{@gpgname --version} to get a list of available algorithms,
 and use @code{none} to set no preference at all.  This allows the user
-to factor in their own preferred algorithms when algorithms are chosen
-via recipient key preferences.  The most highly ranked digest
-algorithm in this list is also used when signing without encryption
+to safely override the algorithm chosen by the recipient key
+preferences, as GPG will only select an algorithm that is usable by
+all recipients.  The most highly ranked digest algorithm in this list
+is also used when signing without encryption
 (e.g. @option{--clearsign} or @option{--sign}). The default value is
 SHA-1.
 
@@ -1976,10 +1988,11 @@
 Set the list of personal compression preferences to @code{string}.
 Use @command{@gpgname --version} to get a list of available
 algorithms, and use @code{none} to set no preference at all.  This
-allows the user to factor in their own preferred algorithms when
-algorithms are chosen via recipient key preferences.  The most highly
-ranked compression algorithm in this list is also used when there are
-no recipient keys to consider (e.g. @option{--symmetric}).
+allows the user to safely override the algorithm chosen by the
+recipient key preferences, as GPG will only select an algorithm that
+is usable by all recipients.  The most highly ranked compression
+algorithm in this list is also used when there are no recipient keys
+to consider (e.g. @option{--symmetric}).
 
 @item --s2k-cipher-algo @code{name}
 Use @code{name} as the cipher algorithm used to protect secret keys.

Modified: branches/STABLE-BRANCH-1-4/doc/opt-homedir.texi
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/opt-homedir.texi	2009-08-17 16:48:49 UTC (rev 5119)
+++ branches/STABLE-BRANCH-1-4/doc/opt-homedir.texi	2009-08-18 09:25:43 UTC (rev 5120)
@@ -1,10 +1,10 @@
 @c This option is included at several places.
 @item --homedir @var{dir}
 @opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
+Set the name of the home directory to @var{dir}. If this option is not
 used, the home directory defaults to @file{~/.gnupg}.  It is only
 recognized when given on the command line.  It also overrides any home
 directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
+(on W32 systems) by means of the Registry entry
 @var{HKCU\Software\GNU\GnuPG:HomeDir}.
 

Modified: branches/STABLE-BRANCH-1-4/doc/see-also-note.texi
===================================================================
--- branches/STABLE-BRANCH-1-4/doc/see-also-note.texi	2009-08-17 16:48:49 UTC (rev 5119)
+++ branches/STABLE-BRANCH-1-4/doc/see-also-note.texi	2009-08-18 09:25:43 UTC (rev 5120)
@@ -6,7 +6,7 @@
 command
 
 @example
-info gnupg1
+info gnupg
 @end example
 
 should give you access to the complete manual including a menu structure



From cvs at cvs.gnupg.org  Tue Aug 18 11:32:01 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 18 Aug 2009 11:32:01 +0200
Subject: [svn] GnuPG -  r5121 - trunk/po
Message-ID: <E1MdJhM-0000PO-3S@lists.gnupg.com>

Author: wk
Date: 2009-08-18 11:32:00 +0200 (Tue, 18 Aug 2009)
New Revision: 5121

Modified:
   trunk/po/ChangeLog
   trunk/po/it.po
Log:
Fixed bug#920


Modified: trunk/po/ChangeLog
===================================================================
--- trunk/po/ChangeLog	2009-08-18 09:25:43 UTC (rev 5120)
+++ trunk/po/ChangeLog	2009-08-18 09:32:00 UTC (rev 5121)
@@ -1,3 +1,8 @@
+2009-07-14  Werner Koch  <wk at g10code.com>
+
+	* de.po: s/nicht-exportf?hig/unwiderrufbar/.  Reported by Simon
+	Richter.
+
 2009-07-09  Werner Koch  <wk at g10code.com>
 
 	* zh_CN.po <g10/keyedit.c:1905>: Marked fuzzy.  See bug#1078.

Modified: trunk/po/it.po  [not shown]



From cvs at cvs.gnupg.org  Tue Aug 18 11:54:01 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 18 Aug 2009 11:54:01 +0200
Subject: [svn] GnuPG -  r5122 - branches/STABLE-BRANCH-1-4/po
Message-ID: <E1MdK2e-0000sT-5L@lists.gnupg.com>

Author: wk
Date: 2009-08-18 11:54:00 +0200 (Tue, 18 Aug 2009)
New Revision: 5122

Modified:
   branches/STABLE-BRANCH-1-4/po/ChangeLog
   branches/STABLE-BRANCH-1-4/po/fr.po
   branches/STABLE-BRANCH-1-4/po/it.po
Log:
Fix two bugs


Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-18 09:32:00 UTC (rev 5121)
+++ branches/STABLE-BRANCH-1-4/po/ChangeLog	2009-08-18 09:54:00 UTC (rev 5122)
@@ -1,3 +1,9 @@
+2009-08-18  Werner Koch  <wk at g10code.com>
+
+	* fr.po: Fix regression.  See bug#922.
+
+	* it.po: Translation fix by Sythos.  Fixes bug#920.
+
 2009-08-13  Werner Koch  <wk at g10code.com>
 
 	* de.po: Update.

Modified: branches/STABLE-BRANCH-1-4/po/fr.po  [not shown]
Modified: branches/STABLE-BRANCH-1-4/po/it.po  [not shown]



From cvs at cvs.gnupg.org  Tue Aug 18 12:16:08 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 18 Aug 2009 12:16:08 +0200
Subject: [svn] GnuPG -  r5123 - branches/STABLE-BRANCH-1-4/util
Message-ID: <E1MdKO2-0001Ko-JE@lists.gnupg.com>

Author: wk
Date: 2009-08-18 12:16:07 +0200 (Tue, 18 Aug 2009)
New Revision: 5123

Modified:
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/miscutil.c
Log:
* miscutil.c (print_string2): Loose check for control characters
  to better cope with utf-8.  The range 0x80..0x9f is nowadays not
  anymore accidently used for control charaters.  Fixes bug#1103.


Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-18 09:54:00 UTC (rev 5122)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-18 10:16:07 UTC (rev 5123)
@@ -1,3 +1,9 @@
+2009-08-18  Werner Koch  <wk at g10code.com>
+
+	* miscutil.c (print_string2): Loose check for control characters
+	to better cope with utf-8.  The range 0x80..0x9f is nowadays not
+	anymore accidently used for control charaters.  Fixes bug#1103.
+
 2009-08-11  David Shaw  <dshaw at jabberwocky.com>
 
 	* strgutil.c (string_to_utf8): New function to convert a Latin-1

Modified: branches/STABLE-BRANCH-1-4/util/miscutil.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/miscutil.c	2009-08-18 09:54:00 UTC (rev 5122)
+++ branches/STABLE-BRANCH-1-4/util/miscutil.c	2009-08-18 10:16:07 UTC (rev 5123)
@@ -256,7 +256,8 @@
 print_string2( FILE *fp, const byte *p, size_t n, int delim, int delim2 )
 {
     for( ; n; n--, p++ )
-	if( *p < 0x20 || (*p >= 0x7f && *p < 0xa0)
+	if (*p < 0x20 
+            || *p == 0x7f
 	    || *p == delim || *p == delim2
 	    || ((delim || delim2) && *p=='\\'))
 	  {



From cvs at cvs.gnupg.org  Tue Aug 18 12:46:34 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 18 Aug 2009 12:46:34 +0200
Subject: [svn] GnuPG -  r5124 - branches/STABLE-BRANCH-1-4/util
Message-ID: <E1MdKrU-0001xD-Lx@lists.gnupg.com>

Author: wk
Date: 2009-08-18 12:46:34 +0200 (Tue, 18 Aug 2009)
New Revision: 5124

Modified:
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/iobuf.c
Log:
Fix compiler size warning for debug output


Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-18 10:16:07 UTC (rev 5123)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-18 10:46:34 UTC (rev 5124)
@@ -1,5 +1,8 @@
 2009-08-18  Werner Koch  <wk at g10code.com>
 
+	* iobuf.c (fd_cache_close): Change debug printf format assuming
+	that FILEP_OR_FD is today always an int.
+
 	* miscutil.c (print_string2): Loose check for control characters
 	to better cope with utf-8.  The range 0x80..0x9f is nowadays not
 	anymore accidently used for control charaters.  Fixes bug#1103.

Modified: branches/STABLE-BRANCH-1-4/util/iobuf.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/iobuf.c	2009-08-18 10:16:07 UTC (rev 5123)
+++ branches/STABLE-BRANCH-1-4/util/iobuf.c	2009-08-18 10:46:34 UTC (rev 5124)
@@ -319,7 +319,7 @@
         close(fp);
 #endif
         if( DBG_IOBUF )
-            log_debug ("fd_cache_close (%p) real\n", (void*)fp);
+          log_debug ("fd_cache_close (%d) real\n", (int)fp);
         return;
     }
     /* try to reuse a slot */



From cvs at cvs.gnupg.org  Thu Aug 20 10:02:33 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 20 Aug 2009 10:02:33 +0200
Subject: [svn] gpg-error - r218 - trunk/po
Message-ID: <E1Me1FV-0007Lv-3J@lists.gnupg.com>

Author: wk
Date: 2009-08-20 10:02:33 +0200 (Thu, 20 Aug 2009)
New Revision: 218

Added:
   trunk/po/zh_CN.po
Modified:
   trunk/po/ChangeLog
   trunk/po/de.po
Log:
Add Chinese translation.  Minor fix to de.po


Modified: trunk/po/ChangeLog
===================================================================
--- trunk/po/ChangeLog	2009-07-23 15:02:00 UTC (rev 217)
+++ trunk/po/ChangeLog	2009-08-20 08:02:33 UTC (rev 218)
@@ -1,3 +1,9 @@
+2009-08-20  Werner Koch  <wk at g10code.com>
+
+	* LINGUAS: Add zh_CN.
+
+	* zh_CN.po: New.
+
 2009-03-29  Moritz  <moritz at gnu.org>
 
 	* de.po: Fixed typo.

Modified: trunk/po/de.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 20 10:06:01 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 20 Aug 2009 10:06:01 +0200
Subject: [svn] gpg-error - r219 - trunk/po
Message-ID: <E1Me1Ip-0007Oo-Bh@lists.gnupg.com>

Author: wk
Date: 2009-08-20 10:06:00 +0200 (Thu, 20 Aug 2009)
New Revision: 219

Modified:
   trunk/po/ChangeLog
   trunk/po/sv.po
Log:
Update sv.po


Modified: trunk/po/ChangeLog
===================================================================
--- trunk/po/ChangeLog	2009-08-20 08:02:33 UTC (rev 218)
+++ trunk/po/ChangeLog	2009-08-20 08:06:00 UTC (rev 219)
@@ -2,6 +2,12 @@
 
 	* LINGUAS: Add zh_CN.
 
+2009-08-20  Daniel Nylander <po at danielnylander.se>  (wk)
+
+	* sv.po: Update
+
+2009-08-20  Aron Xu  <happyaron.xu at gmail.com>  (wk)
+	
 	* zh_CN.po: New.
 
 2009-03-29  Moritz  <moritz at gnu.org>

Modified: trunk/po/sv.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 20 10:17:45 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 20 Aug 2009 10:17:45 +0200
Subject: [svn] gpg-error - r220 - trunk/po
Message-ID: <E1Me1UB-0007fR-CR@lists.gnupg.com>

Author: wk
Date: 2009-08-20 10:17:44 +0200 (Thu, 20 Aug 2009)
New Revision: 220

Modified:
   trunk/po/LINGUAS
   trunk/po/de.po
   trunk/po/fr.po
   trunk/po/libgpg-error.pot
   trunk/po/pl.po
   trunk/po/ro.po
   trunk/po/sv.po
   trunk/po/vi.po
   trunk/po/zh_CN.po
Log:
Fix octadecimal/octal where in some languages.


Modified: trunk/po/LINGUAS
===================================================================
--- trunk/po/LINGUAS	2009-08-20 08:06:00 UTC (rev 219)
+++ trunk/po/LINGUAS	2009-08-20 08:17:44 UTC (rev 220)
@@ -5,3 +5,4 @@
 fr
 sv
 vi
+zh_CN

Modified: trunk/po/de.po  [not shown]
Modified: trunk/po/fr.po  [not shown]
Modified: trunk/po/libgpg-error.pot
===================================================================
--- trunk/po/libgpg-error.pot	2009-08-20 08:06:00 UTC (rev 219)
+++ trunk/po/libgpg-error.pot	2009-08-20 08:17:44 UTC (rev 220)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"POT-Creation-Date: 2008-11-12 14:44+0100\n"
+"POT-Creation-Date: 2009-08-20 08:57+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
 "Language-Team: LANGUAGE <LL at li.org>\n"
@@ -813,238 +813,242 @@
 msgstr ""
 
 #: src/err-codes.h:207
-msgid "Operation not yet finished"
+msgid "Not enabled"
 msgstr ""
 
 #: src/err-codes.h:208
-msgid "Buffer too short"
+msgid "Operation not yet finished"
 msgstr ""
 
 #: src/err-codes.h:209
-msgid "Invalid length specifier in S-expression"
+msgid "Buffer too short"
 msgstr ""
 
 #: src/err-codes.h:210
-msgid "String too long in S-expression"
+msgid "Invalid length specifier in S-expression"
 msgstr ""
 
 #: src/err-codes.h:211
-msgid "Unmatched parentheses in S-expression"
+msgid "String too long in S-expression"
 msgstr ""
 
 #: src/err-codes.h:212
-msgid "S-expression not canonical"
+msgid "Unmatched parentheses in S-expression"
 msgstr ""
 
 #: src/err-codes.h:213
-msgid "Bad character in S-expression"
+msgid "S-expression not canonical"
 msgstr ""
 
 #: src/err-codes.h:214
-msgid "Bad quotation in S-expression"
+msgid "Bad character in S-expression"
 msgstr ""
 
 #: src/err-codes.h:215
-msgid "Zero prefix in S-expression"
+msgid "Bad quotation in S-expression"
 msgstr ""
 
 #: src/err-codes.h:216
-msgid "Nested display hints in S-expression"
+msgid "Zero prefix in S-expression"
 msgstr ""
 
 #: src/err-codes.h:217
-msgid "Unmatched display hints"
+msgid "Nested display hints in S-expression"
 msgstr ""
 
 #: src/err-codes.h:218
-msgid "Unexpected reserved punctuation in S-expression"
+msgid "Unmatched display hints"
 msgstr ""
 
 #: src/err-codes.h:219
-msgid "Bad hexadecimal character in S-expression"
+msgid "Unexpected reserved punctuation in S-expression"
 msgstr ""
 
 #: src/err-codes.h:220
-msgid "Odd hexadecimal numbers in S-expression"
+msgid "Bad hexadecimal character in S-expression"
 msgstr ""
 
 #: src/err-codes.h:221
-msgid "Bad octadecimal character in S-expression"
+msgid "Odd hexadecimal numbers in S-expression"
 msgstr ""
 
 #: src/err-codes.h:222
+msgid "Bad octal character in S-expression"
+msgstr ""
+
+#: src/err-codes.h:223
 msgid "General IPC error"
 msgstr ""
 
-#: src/err-codes.h:223
+#: src/err-codes.h:224
 msgid "IPC accept call failed"
 msgstr ""
 
-#: src/err-codes.h:224
+#: src/err-codes.h:225
 msgid "IPC connect call failed"
 msgstr ""
 
-#: src/err-codes.h:225
+#: src/err-codes.h:226
 msgid "Invalid IPC response"
 msgstr ""
 
-#: src/err-codes.h:226
+#: src/err-codes.h:227
 msgid "Invalid value passed to IPC"
 msgstr ""
 
-#: src/err-codes.h:227
+#: src/err-codes.h:228
 msgid "Incomplete line passed to IPC"
 msgstr ""
 
-#: src/err-codes.h:228
+#: src/err-codes.h:229
 msgid "Line passed to IPC too long"
 msgstr ""
 
-#: src/err-codes.h:229
+#: src/err-codes.h:230
 msgid "Nested IPC commands"
 msgstr ""
 
-#: src/err-codes.h:230
+#: src/err-codes.h:231
 msgid "No data callback in IPC"
 msgstr ""
 
-#: src/err-codes.h:231
+#: src/err-codes.h:232
 msgid "No inquire callback in IPC"
 msgstr ""
 
-#: src/err-codes.h:232
+#: src/err-codes.h:233
 msgid "Not an IPC server"
 msgstr ""
 
-#: src/err-codes.h:233
+#: src/err-codes.h:234
 msgid "Not an IPC client"
 msgstr ""
 
-#: src/err-codes.h:234
+#: src/err-codes.h:235
 msgid "Problem starting IPC server"
 msgstr ""
 
-#: src/err-codes.h:235
+#: src/err-codes.h:236
 msgid "IPC read error"
 msgstr ""
 
-#: src/err-codes.h:236
+#: src/err-codes.h:237
 msgid "IPC write error"
 msgstr ""
 
-#: src/err-codes.h:237
+#: src/err-codes.h:238
 msgid "Too much data for IPC layer"
 msgstr ""
 
-#: src/err-codes.h:238
+#: src/err-codes.h:239
 msgid "Unexpected IPC command"
 msgstr ""
 
-#: src/err-codes.h:239
+#: src/err-codes.h:240
 msgid "Unknown IPC command"
 msgstr ""
 
-#: src/err-codes.h:240
+#: src/err-codes.h:241
 msgid "IPC syntax error"
 msgstr ""
 
-#: src/err-codes.h:241
+#: src/err-codes.h:242
 msgid "IPC call has been cancelled"
 msgstr ""
 
-#: src/err-codes.h:242
+#: src/err-codes.h:243
 msgid "No input source for IPC"
 msgstr ""
 
-#: src/err-codes.h:243
+#: src/err-codes.h:244
 msgid "No output source for IPC"
 msgstr ""
 
-#: src/err-codes.h:244
+#: src/err-codes.h:245
 msgid "IPC parameter error"
 msgstr ""
 
-#: src/err-codes.h:245
+#: src/err-codes.h:246
 msgid "Unknown IPC inquire"
 msgstr ""
 
-#: src/err-codes.h:246
+#: src/err-codes.h:247
 msgid "User defined error code 1"
 msgstr ""
 
-#: src/err-codes.h:247
+#: src/err-codes.h:248
 msgid "User defined error code 2"
 msgstr ""
 
-#: src/err-codes.h:248
+#: src/err-codes.h:249
 msgid "User defined error code 3"
 msgstr ""
 
-#: src/err-codes.h:249
+#: src/err-codes.h:250
 msgid "User defined error code 4"
 msgstr ""
 
-#: src/err-codes.h:250
+#: src/err-codes.h:251
 msgid "User defined error code 5"
 msgstr ""
 
-#: src/err-codes.h:251
+#: src/err-codes.h:252
 msgid "User defined error code 6"
 msgstr ""
 
-#: src/err-codes.h:252
+#: src/err-codes.h:253
 msgid "User defined error code 7"
 msgstr ""
 
-#: src/err-codes.h:253
+#: src/err-codes.h:254
 msgid "User defined error code 8"
 msgstr ""
 
-#: src/err-codes.h:254
+#: src/err-codes.h:255
 msgid "User defined error code 9"
 msgstr ""
 
-#: src/err-codes.h:255
+#: src/err-codes.h:256
 msgid "User defined error code 10"
 msgstr ""
 
-#: src/err-codes.h:256
+#: src/err-codes.h:257
 msgid "User defined error code 11"
 msgstr ""
 
-#: src/err-codes.h:257
+#: src/err-codes.h:258
 msgid "User defined error code 12"
 msgstr ""
 
-#: src/err-codes.h:258
+#: src/err-codes.h:259
 msgid "User defined error code 13"
 msgstr ""
 
-#: src/err-codes.h:259
+#: src/err-codes.h:260
 msgid "User defined error code 14"
 msgstr ""
 
-#: src/err-codes.h:260
+#: src/err-codes.h:261
 msgid "User defined error code 15"
 msgstr ""
 
-#: src/err-codes.h:261
+#: src/err-codes.h:262
 msgid "User defined error code 16"
 msgstr ""
 
-#: src/err-codes.h:262
+#: src/err-codes.h:263
 msgid "System error w/o errno"
 msgstr ""
 
-#: src/err-codes.h:263
+#: src/err-codes.h:264
 msgid "Unknown system error"
 msgstr ""
 
-#: src/err-codes.h:264
+#: src/err-codes.h:265
 msgid "End of file"
 msgstr ""
 
-#: src/err-codes.h:265
+#: src/err-codes.h:266
 msgid "Unknown error code"
 msgstr ""
 

Modified: trunk/po/pl.po  [not shown]
Modified: trunk/po/ro.po  [not shown]
Modified: trunk/po/sv.po  [not shown]
Modified: trunk/po/vi.po  [not shown]
Modified: trunk/po/zh_CN.po  [not shown]



From cvs at cvs.gnupg.org  Thu Aug 20 10:27:41 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 20 Aug 2009 10:27:41 +0200
Subject: [svn] gpg-error - r221 - in trunk: . po src
Message-ID: <E1Me1dn-0007tp-9K@lists.gnupg.com>

Author: wk
Date: 2009-08-20 10:27:40 +0200 (Thu, 20 Aug 2009)
New Revision: 221

Added:
   trunk/po/cs.po
   trunk/po/it.po
Modified:
   trunk/AUTHORS
   trunk/ChangeLog
   trunk/THANKS
   trunk/po/ChangeLog
   trunk/po/LINGUAS
   trunk/src/err-codes.h.in
Log:
Add new translations.


[The diff below has been truncated]

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-08-20 08:17:44 UTC (rev 220)
+++ trunk/ChangeLog	2009-08-20 08:27:40 UTC (rev 221)
@@ -1,3 +1,7 @@
+2009-08-20  Werner Koch  <wk at g10code.com>
+
+	* src/err-codes.h.in: s/octadecimal/octal/.  Reported by Petr Pisar.
+
 2009-07-23  Werner Koch  <wk at g10code.com>
 
 	* src/err-codes.h.in: Add GPG_ERR_NOT_ENABLED.

Modified: trunk/po/ChangeLog
===================================================================
--- trunk/po/ChangeLog	2009-08-20 08:17:44 UTC (rev 220)
+++ trunk/po/ChangeLog	2009-08-20 08:27:40 UTC (rev 221)
@@ -1,7 +1,9 @@
 2009-08-20  Werner Koch  <wk at g10code.com>
 
-	* LINGUAS: Add zh_CN.
-
+	* LINGUAS: Add zh_CN, cs and it.
+	* cs.po: New.
+	* it.po: New.
+	
 2009-08-20  Daniel Nylander <po at danielnylander.se>  (wk)
 
 	* sv.po: Update

Modified: trunk/AUTHORS
===================================================================
--- trunk/AUTHORS	2009-08-20 08:17:44 UTC (rev 220)
+++ trunk/AUTHORS	2009-08-20 08:27:40 UTC (rev 221)
@@ -6,22 +6,31 @@
 License (tools): GPLv2+ with exception
 
 
-g10 Code GmbH <code at g10code.com>
- - Design and implementation.
+Aron Xu <happyaron.xu at gmail.com>
+ - TRANSLATION [zh_CN]
 
-Laurentiu Buzdugan <lbuz at rolix.org> 
- - TRANSLATION [ro]
-
 Clytie Siddall <clytie at riverland.net.au>
  - TRANSLATION [vi]
 
 Daniel Nylander <po at danielnylander.se>
  - TRANSLATION [sv]
 
+Francesco Groccia <fgr at anche.no>
+ - TRANSLATION [it]
+
+g10 Code GmbH <code at g10code.com>
+ - Design and implementation.
+
 Jakub Bogusz <qboosh at pld-linux.org>
  - TRANSLATION [pl]
 
+Laurentiu Buzdugan <lbuz at rolix.org> 
+ - TRANSLATION [ro]
 
+Petr Pisar <petr.pisar at atlas.cz>
+ - TRANSLATION [cs]
+
+
 The RPM specs file libgpg-error.spec has been contributed by
 Robert Schiele <rschiele at uni-mannheim.de>
 

Modified: trunk/THANKS
===================================================================
--- trunk/THANKS	2009-08-20 08:17:44 UTC (rev 220)
+++ trunk/THANKS	2009-08-20 08:27:40 UTC (rev 221)
@@ -1,7 +1,8 @@
 
-Albrecht Dre?		<albrecht.dress at arcor.de>
-Guillaume Libersat      <glibersat at hurdfr.org>.
-Jakub Bogusz            <qboosh at pld-linux.org>
+Albrecht Dre?		albrecht.dress at arcor de
+Guillaume Libersat      glibersat at hurdfr org
+Jakub Bogusz            qboosh at pld-linux org
+Petr Pisar              petr.pisar at atlas cz
 
 
  Copyright 2004, 2005 g10 Code GmbH

Modified: trunk/po/LINGUAS
===================================================================
--- trunk/po/LINGUAS	2009-08-20 08:17:44 UTC (rev 220)
+++ trunk/po/LINGUAS	2009-08-20 08:27:40 UTC (rev 221)
@@ -1,8 +1,10 @@
 # Set of available languages.
+cs
 de
+fr
+it
 pl
 ro
-fr
 sv
 vi
 zh_CN

Added: trunk/po/cs.po
===================================================================
--- trunk/po/cs.po	                        (rev 0)
+++ trunk/po/cs.po	2009-08-20 08:27:40 UTC (rev 221)
@@ -0,0 +1,1073 @@
+# Czech translation of libgpg-error.
+# Copyright (C) 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgpg-error package.
+# Petr Pisar <petr.pisar at atlas.cz>, 2009.
+#
+# certificate chain ??? ??etezec (posloupnost) certifik??t??
+# keybox ??? Schr??nka (na kl????e)
+# keyring ??? kl????enka (jen na PGP kl????e)
+# armor ??? ASCII (podoba)
+# encoding ??? k??dov??n??
+# encryption ??? ??ifrov??n??
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgpg-error 1.7\n"
+"Report-Msgid-Bugs-To: translations at gnupg.org\n"
+"POT-Creation-Date: 2009-08-20 08:57+0200\n"
+"PO-Revision-Date: 2009-06-23 14:10+0200\n"
+"Last-Translator: Petr Pisar <petr.pisar at atlas.cz>\n"
+"Language-Team: Czech <translation-team-cs at lists.sourceforge.net>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: src/err-sources.h:28
+msgid "Unspecified source"
+msgstr "Zdroj nezad??n"
+
+#: src/err-sources.h:29
+msgid "gcrypt"
+msgstr "gcrypt"
+
+#: src/err-sources.h:30
+msgid "GnuPG"
+msgstr "GnuPG"
+
+#: src/err-sources.h:31
+msgid "GpgSM"
+msgstr "GpgSM"
+
+#: src/err-sources.h:32
+msgid "GPG Agent"
+msgstr "GPG agent"
+
+#: src/err-sources.h:33
+msgid "Pinentry"
+msgstr "Pinentry"
+
+#: src/err-sources.h:34
+msgid "SCD"
+msgstr "SCD"
+
+#: src/err-sources.h:35
+msgid "GPGME"
+msgstr "GPGME"
+
+# XXX: Konzistentn?? s??gnupg2
+#: src/err-sources.h:36
+msgid "Keybox"
+msgstr "Schr??nka"
+
+#: src/err-sources.h:37
+msgid "KSBA"
+msgstr "KSBA"
+
+#: src/err-sources.h:38
+msgid "Dirmngr"
+msgstr "Dirmngr"
+
+#: src/err-sources.h:39
+msgid "GSTI"
+msgstr "GSTI"
+
+#: src/err-sources.h:40
+msgid "GPA"
+msgstr "GPA"
+
+#: src/err-sources.h:41
+msgid "Kleopatra"
+msgstr "Kleopatra"
+
+#: src/err-sources.h:42
+msgid "Any source"
+msgstr "Nespecifikovan?? zdroj"
+
+#: src/err-sources.h:43
+msgid "User defined source 1"
+msgstr "U??ivatelem definovan?? zdroj 1"
+
+#: src/err-sources.h:44
+msgid "User defined source 2"
+msgstr "U??ivatelem definovan?? zdroj 2"
+
+#: src/err-sources.h:45
+msgid "User defined source 3"
+msgstr "U??ivatelem definovan?? zdroj 3"
+
+#: src/err-sources.h:46
+msgid "User defined source 4"
+msgstr "U??ivatelem definovan?? zdroj 4"
+
+#: src/err-sources.h:47
+msgid "Unknown source"
+msgstr "Nezn??m?? zdroj"
+
+#: src/err-codes.h:28
+msgid "Success"
+msgstr "??sp??ch"
+
+#: src/err-codes.h:29
+msgid "General error"
+msgstr "Obecn?? chyba"
+
+#: src/err-codes.h:30
+msgid "Unknown packet"
+msgstr "Nezn??m?? packet"
+
+#: src/err-codes.h:31
+msgid "Unknown version in packet"
+msgstr "Nezn??m?? verze v??packetu"
+
+#: src/err-codes.h:32
+msgid "Invalid public key algorithm"
+msgstr "Neplatn?? algoritmus ve??ejn??ho kl????e"
+
+#: src/err-codes.h:33
+msgid "Invalid digest algorithm"
+msgstr "Neplatn?? hashovac?? algoritmus"
+
+#: src/err-codes.h:34
+msgid "Bad public key"
+msgstr "Chybn?? ve??ejn?? kl????"
+
+#: src/err-codes.h:35
+msgid "Bad secret key"
+msgstr "Chybn?? tajn?? kl????"
+
+#: src/err-codes.h:36
+msgid "Bad signature"
+msgstr "Chybn?? podpis"
+
+#: src/err-codes.h:37
+msgid "No public key"
+msgstr "????dn?? ve??ejn?? kl????"
+
+#: src/err-codes.h:38
+msgid "Checksum error"
+msgstr "Chyba kontroln??ho sou??tu"
+
+#: src/err-codes.h:39
+msgid "Bad passphrase"
+msgstr "Chybn?? heslo"
+
+#: src/err-codes.h:40
+msgid "Invalid cipher algorithm"
+msgstr "Neplatn?? ??ifrovac?? algoritmus"
+
+#: src/err-codes.h:41
+msgid "Keyring open"
+msgstr "Kl????enka otev??ena"
+
+#: src/err-codes.h:42
+msgid "Invalid packet"
+msgstr "Neplatn?? packet"
+
+#: src/err-codes.h:43
+msgid "Invalid armor"
+msgstr "Neplatn?? ASCII z??pis"
+
+#: src/err-codes.h:44
+msgid "No user ID"
+msgstr "????dn?? identifik??tor u??ivatele"
+
+#: src/err-codes.h:45
+msgid "No secret key"
+msgstr "????dn?? tajn?? kl????"
+
+#: src/err-codes.h:46
+msgid "Wrong secret key used"
+msgstr "Pou??it ??patn?? tajn?? kl????"
+
+#: src/err-codes.h:47
+msgid "Bad session key"
+msgstr "Chybn?? kl???? relace"
+
+#: src/err-codes.h:48
+msgid "Unknown compression algorithm"
+msgstr "Nezn??m?? kompresn?? algoritmus"
+
+#: src/err-codes.h:49
+msgid "Number is not prime"
+msgstr "????slo nen?? prvo????slo"
+
+#: src/err-codes.h:50
+msgid "Invalid encoding method"
+msgstr "Neplatn?? k??dovac?? metoda"
+
+#: src/err-codes.h:51
+msgid "Invalid encryption scheme"
+msgstr "Neplatn?? ??ifrovac?? sch??ma"
+
+#: src/err-codes.h:52
+msgid "Invalid signature scheme"
+msgstr "Neplatn?? podpisov?? sch??ma"
+
+#: src/err-codes.h:53
+msgid "Invalid attribute"
+msgstr "Neplatn?? atribut"
+
+#: src/err-codes.h:54
+msgid "No value"
+msgstr "????dn?? hodnota"
+
+#: src/err-codes.h:55
+msgid "Not found"
+msgstr "Nenalezeno"
+
+#: src/err-codes.h:56
+msgid "Value not found"
+msgstr "Hodnota nenalezena"
+
+#: src/err-codes.h:57
+msgid "Syntax error"
+msgstr "Chyba syntaxe"
+
+#: src/err-codes.h:58
+msgid "Bad MPI value"
+msgstr "Chybn?? hodnota MPI"
+
+#: src/err-codes.h:59
+msgid "Invalid passphrase"
+msgstr "Neplatn?? heslo"
+
+#: src/err-codes.h:60
+msgid "Invalid signature class"
+msgstr "Neplatn?? podpisov?? t????da"
+
+#: src/err-codes.h:61
+msgid "Resources exhausted"
+msgstr "Zdroje vy??erp??ny"
+
+#: src/err-codes.h:62
+msgid "Invalid keyring"
+msgstr "Neplatn?? kl????enka"
+
+#: src/err-codes.h:63
+msgid "Trust DB error"
+msgstr "Chyba datab??ze d??v??ry"
+
+#: src/err-codes.h:64
+msgid "Bad certificate"
+msgstr "Chybn?? certifik??t"
+
+#: src/err-codes.h:65
+msgid "Invalid user ID"
+msgstr "Neplatn?? ID u??ivatele"
+
+#: src/err-codes.h:66
+msgid "Unexpected error"
+msgstr "Neo??ek??van?? chyba"
+
+#: src/err-codes.h:67
+msgid "Time conflict"
+msgstr "Rozpor v????asu"
+
+#: src/err-codes.h:68
+msgid "Keyserver error"
+msgstr "Chyba serveru s??kl????i"
+
+#: src/err-codes.h:69
+msgid "Wrong public key algorithm"
+msgstr "??patn?? algoritmus ve??ejn??ho kl????e"
+
+# This is errror nuber 42 :)
+#: src/err-codes.h:70
+msgid "Tribute to D. A."
+msgstr "Pocta D.???A."
+
+#: src/err-codes.h:71
+msgid "Weak encryption key"
+msgstr "Slab?? ??ifrovac?? kl????"
+
+#: src/err-codes.h:72
+msgid "Invalid key length"
+msgstr "Neplatn?? d??lka kl????e"
+
+#: src/err-codes.h:73
+msgid "Invalid argument"
+msgstr "Neplatn?? argument"
+
+#: src/err-codes.h:74
+msgid "Syntax error in URI"
+msgstr "Chyba syntaxe v??URI"
+
+#: src/err-codes.h:75
+msgid "Invalid URI"
+msgstr "Neplatn?? URI"
+
+#: src/err-codes.h:76
+msgid "Network error"
+msgstr "Chyba s??t??"
+
+#: src/err-codes.h:77
+msgid "Unknown host"
+msgstr "Nezn??m?? stroj"
+
+#: src/err-codes.h:78
+msgid "Selftest failed"
+msgstr "Sebetestov??n?? selhalo"
+
+#: src/err-codes.h:79
+msgid "Data not encrypted"
+msgstr "Data ne??ifrov??na"
+
+#: src/err-codes.h:80
+msgid "Data not processed"
+msgstr "Data nezpracov??na"
+
+#: src/err-codes.h:81
+msgid "Unusable public key"
+msgstr "Nepou??iteln?? ve??ejn?? kl????"
+
+#: src/err-codes.h:82
+msgid "Unusable secret key"
+msgstr "Nepou??iteln?? tajn?? kl????"
+
+#: src/err-codes.h:83
+msgid "Invalid value"
+msgstr "Neplatn?? hodnota"
+
+#: src/err-codes.h:84
+msgid "Bad certificate chain"
+msgstr "Chybn?? ??et??zec certifik??t??"
+
+#: src/err-codes.h:85
+msgid "Missing certificate"
+msgstr "Chyb?? certifik??t"
+
+#: src/err-codes.h:86
+msgid "No data"
+msgstr "????dn?? data"
+
+#: src/err-codes.h:87
+msgid "Bug"
+msgstr "Chyba"
+
+#: src/err-codes.h:88
+msgid "Not supported"
+msgstr "Nepodporov??no"
+
+#: src/err-codes.h:89
+msgid "Invalid operation code"
+msgstr "Neplatn?? k??d operace"
+
+#: src/err-codes.h:90
+msgid "Timeout"
+msgstr "??as vypr??el"
+
+#: src/err-codes.h:91
+msgid "Internal error"
+msgstr "Vnit??n?? chyba"
+
+#: src/err-codes.h:92
+msgid "EOF (gcrypt)"
+msgstr "EOF (gcrypt)"
+
+#: src/err-codes.h:93
+msgid "Invalid object"
+msgstr "Neplatn?? objekt"
+
+#: src/err-codes.h:94
+msgid "Provided object is too short"
+msgstr "Dodan?? objekt je p????li?? kr??tk??"
+
+#: src/err-codes.h:95
+msgid "Provided object is too large"
+msgstr "Dodan?? objekt je p????li?? dlouh??"
+
+#: src/err-codes.h:96
+msgid "Missing item in object"
+msgstr "V??objektu chyb?? polo??ka"
+
+#: src/err-codes.h:97
+msgid "Not implemented"
+msgstr "Neimplementov??no"
+
+#: src/err-codes.h:98
+msgid "Conflicting use"
+msgstr "Neslu??iteln?? pou??it??"
+
+#: src/err-codes.h:99
+msgid "Invalid cipher mode"
+msgstr "Neplatn?? re??im ??ifry"
+
+#: src/err-codes.h:100
+msgid "Invalid flag"
+msgstr "Neplatn?? p????znak"
+
+#: src/err-codes.h:101
+msgid "Invalid handle"
+msgstr "Neplatn?? deskriptor"
+
+#: src/err-codes.h:102
+msgid "Result truncated"
+msgstr "V??sledek zkr??cen"
+
+#: src/err-codes.h:103
+msgid "Incomplete line"
+msgstr "Ne??pln?? ????dek"
+
+#: src/err-codes.h:104
+msgid "Invalid response"
+msgstr "Neplatn?? odpov????"
+
+#: src/err-codes.h:105
+msgid "No agent running"
+msgstr "Agent neb??????"
+
+#: src/err-codes.h:106
+msgid "agent error"
+msgstr "chyba agenta"
+
+#: src/err-codes.h:107
+msgid "Invalid data"
+msgstr "Neplatn?? data"
+
+#: src/err-codes.h:108
+msgid "Unspecific Assuan server fault"
+msgstr "Neur??en?? porucha serveru Assuan"
+
+#: src/err-codes.h:109
+msgid "General Assuan error"
+msgstr "Obecn?? chyba Assuanu"
+
+#: src/err-codes.h:110
+msgid "Invalid session key"
+msgstr "Neplatn?? kl???? relace"
+
+#: src/err-codes.h:111
+msgid "Invalid S-expression"
+msgstr "Neplatn?? S-v??raz"
+
+#: src/err-codes.h:112
+msgid "Unsupported algorithm"
+msgstr "Nepodporovan?? algoritmus"
+
+#: src/err-codes.h:113
+msgid "No pinentry"
+msgstr "????dn?? pinentry"
+
+#: src/err-codes.h:114
+msgid "pinentry error"
+msgstr "chyba pinentry"
+
+#: src/err-codes.h:115
+msgid "Bad PIN"
+msgstr "??patn?? PIN"
+
+#: src/err-codes.h:116
+msgid "Invalid name"
+msgstr "Neplatn?? jm??no"
+
+#: src/err-codes.h:117
+msgid "Bad data"
+msgstr "Chybn?? data"
+
+#: src/err-codes.h:118
+msgid "Invalid parameter"
+msgstr "Neplatn?? parametr"
+
+#: src/err-codes.h:119
+msgid "Wrong card"
+msgstr "??patn?? karta"
+
+#: src/err-codes.h:120
+msgid "No dirmngr"
+msgstr "????dn?? dirmngr"
+
+#: src/err-codes.h:121
+msgid "dirmngr error"
+msgstr "chyba dirmngr"
+
+#: src/err-codes.h:122
+msgid "Certificate revoked"
+msgstr "Certifik??t odvol??n"
+
+#: src/err-codes.h:123
+msgid "No CRL known"
+msgstr "Nen?? zn??m ????dn?? CRL"
+
+#: src/err-codes.h:124
+msgid "CRL too old"
+msgstr "P????li?? star?? CRL"
+
+#: src/err-codes.h:125
+msgid "Line too long"
+msgstr "P????li?? dlouh?? ????dek"
+
+#: src/err-codes.h:126
+msgid "Not trusted"
+msgstr "Ned??v????uje se"
+
+#: src/err-codes.h:127
+msgid "Operation cancelled"
+msgstr "Operace zru??ena"
+
+#: src/err-codes.h:128
+msgid "Bad CA certificate"
+msgstr "Chybn?? certifik??t autority"
+
+#: src/err-codes.h:129
+msgid "Certificate expired"
+msgstr "Certifik??tu vypr??ela platnost"
+
+#: src/err-codes.h:130
+msgid "Certificate too young"
+msgstr "Certifik??t je p????li?? mlad??"
+
+#: src/err-codes.h:131
+msgid "Unsupported certificate"
+msgstr "Nepodporovan?? certifik??t"
+
+#: src/err-codes.h:132
+msgid "Unknown S-expression"
+msgstr "Nezn??m?? S-v??raz"
+
+#: src/err-codes.h:133
+msgid "Unsupported protection"
+msgstr "Nepodporovan?? ochrana"
+
+#: src/err-codes.h:134
+msgid "Corrupted protection"
+msgstr "Po??kozen?? ochrana"
+
+#: src/err-codes.h:135
+msgid "Ambiguous name"
+msgstr "Nejednozna??n?? jm??no"
+
+#: src/err-codes.h:136
+msgid "Card error"
+msgstr "Chyba karty"
+
+#: src/err-codes.h:137
+msgid "Card reset required"
+msgstr "Vy??adov??n reset karty"
+
+#: src/err-codes.h:138
+msgid "Card removed"
+msgstr "Karta odstran??na"
+
+#: src/err-codes.h:139
+msgid "Invalid card"
+msgstr "Neplatn?? karta"
+
+#: src/err-codes.h:140
+msgid "Card not present"
+msgstr "Karta nen?? p????tomna"
+
+#: src/err-codes.h:141
+msgid "No PKCS15 application"
+msgstr "????dn?? aplikace PKCS15"
+
+#: src/err-codes.h:142
+msgid "Not confirmed"
+msgstr "Nepotvrzeno"
+
+# Nastaven?? nebo nastavov??n???
+#: src/err-codes.h:143
+msgid "Configuration error"
+msgstr "Chyba konfigurace"
+
+#: src/err-codes.h:144
+msgid "No policy match"
+msgstr "Politika se neshoduje"
+
+#: src/err-codes.h:145
+msgid "Invalid index"
+msgstr "Neplatn?? index"
+
+#: src/err-codes.h:146
+msgid "Invalid ID"
+msgstr "Neplatn?? ID"
+
+#: src/err-codes.h:147
+msgid "No SmartCard daemon"
+msgstr "????dn?? d??mon pro ??ipov?? karty"
+
+#: src/err-codes.h:148
+msgid "SmartCard daemon error"
+msgstr "Chyba d??mona pro ??ipov?? karty"
+
+#: src/err-codes.h:149
+msgid "Unsupported protocol"
+msgstr "Nepodporovan?? protokol"
+
+#: src/err-codes.h:150
+msgid "Bad PIN method"
+msgstr "Chybn?? metoda PINu"
+
+#: src/err-codes.h:151
+msgid "Card not initialized"
+msgstr "Karta neinicializovan??"
+
+#: src/err-codes.h:152
+msgid "Unsupported operation"
+msgstr "Nepodporovan?? operace"
+
+#: src/err-codes.h:153
+msgid "Wrong key usage"
+msgstr "??patn?? pou??it?? karty"
+
+#: src/err-codes.h:154
+msgid "Nothing found"
+msgstr "Nic nenalezeno"
+
+#: src/err-codes.h:155
+msgid "Wrong blob type"
+msgstr "??patn?? typ blobu"
+
+#: src/err-codes.h:156
+msgid "Missing value"
+msgstr "Chyb?? hodnota"
+
+#: src/err-codes.h:157
+msgid "Hardware problem"
+msgstr "Hardwarov?? probl??m"
+
+#: src/err-codes.h:158
+msgid "PIN blocked"
+msgstr "PIN???blokov??n"
+
+#: src/err-codes.h:159
+msgid "Conditions of use not satisfied"
+msgstr "Podm??nky pou??it?? nespln??ny"
+
+#: src/err-codes.h:160
+msgid "PINs are not synced"
+msgstr "PINy nejsou synchronizov??ny"
+
+#: src/err-codes.h:161
+msgid "Invalid CRL"
+msgstr "Neplatn?? CRL"
+
+#: src/err-codes.h:162
+msgid "BER error"
+msgstr "Chyba BER"
+
+#: src/err-codes.h:163
+msgid "Invalid BER"
+msgstr "Neplatn?? BER"
+
+#: src/err-codes.h:164
+msgid "Element not found"
+msgstr "Prvek nenalezen"
+
+#: src/err-codes.h:165
+msgid "Identifier not found"
+msgstr "Identifik??tor nenalezen"
+
+#: src/err-codes.h:166
+msgid "Invalid tag"
+msgstr "Neplatn?? zna??ka"
+
+#: src/err-codes.h:167
+msgid "Invalid length"
+msgstr "Neplatn?? d??lka"
+
+#: src/err-codes.h:168
+msgid "Invalid key info"
+msgstr "Neplatn?? informace o??kl????i"
+
+#: src/err-codes.h:169
+msgid "Unexpected tag"
+msgstr "Neo??ek??van?? zna??ka"
+
+#: src/err-codes.h:170
+msgid "Not DER encoded"
+msgstr "Nek??dov??no v??DER"
+
+#: src/err-codes.h:171
+msgid "No CMS object"
+msgstr "????dn?? objekt CMS"
+
+#: src/err-codes.h:172
+msgid "Invalid CMS object"
+msgstr "Neplatn?? objekt CMS"
+
+#: src/err-codes.h:173
+msgid "Unknown CMS object"
+msgstr "Nezn??m?? objekt CMS"
+
+#: src/err-codes.h:174
+msgid "Unsupported CMS object"
+msgstr "Nepodporovan?? objekty???CMS"
+
+#: src/err-codes.h:175
+msgid "Unsupported encoding"
+msgstr "Nepodporovan?? k??dov??n??"
+
+#: src/err-codes.h:176
+msgid "Unsupported CMS version"
+msgstr "Nepodporovan?? verze CMS"
+
+#: src/err-codes.h:177
+msgid "Unknown algorithm"
+msgstr "Nezn??m?? algoritmus"
+
+#: src/err-codes.h:178
+msgid "Invalid crypto engine"
+msgstr "Neplatn?? kryptografick?? jednotka"
+
+#: src/err-codes.h:179
+msgid "Public key not trusted"
+msgstr "Ve??ejn??mu kl????i se ned??v????uje"
+
+#: src/err-codes.h:180
+msgid "Decryption failed"
+msgstr "De??ifrov??n?? selhalo"
+
+#: src/err-codes.h:181
+msgid "Key expired"
+msgstr "Kl????i vypr??ela platnost"
+
+#: src/err-codes.h:182
+msgid "Signature expired"
+msgstr "Podpisu vypr??ela platnost"
+
+#: src/err-codes.h:183
+msgid "Encoding problem"
+msgstr "Chyba k??dov??n??"
+
+#: src/err-codes.h:184
+msgid "Invalid state"
+msgstr "Neplatn?? stav"
+
+#: src/err-codes.h:185
+msgid "Duplicated value"
+msgstr "Zdvojen?? hodnota"
+
+#: src/err-codes.h:186
+msgid "Missing action"
+msgstr "Chyb?? akce"
+
+#: src/err-codes.h:187
+msgid "ASN.1 module not found"
+msgstr "Modul ASN.1 nenalezen"
+
+#: src/err-codes.h:188
+msgid "Invalid OID string"
+msgstr "Neplatn?? ??et??zec OID"
+
+#: src/err-codes.h:189
+msgid "Invalid time"
+msgstr "Neplatn?? ??as"
+
+#: src/err-codes.h:190
+msgid "Invalid CRL object"
+msgstr "Neplatn?? objekt CRL"
+
+#: src/err-codes.h:191
+msgid "Unsupported CRL version"
+msgstr "Nepodporovan?? verze CRL"
+
+#: src/err-codes.h:192
+msgid "Invalid certificate object"
+msgstr "Neplatn?? objekt certifik??tu"
+
+#: src/err-codes.h:193
+msgid "Unknown name"
+msgstr "Nezn??m?? jm??no"
+
+#: src/err-codes.h:194
+msgid "A locale function failed"
+msgstr "Funkce locale selhala"
+
+#: src/err-codes.h:195
+msgid "Not locked"
+msgstr "Neuzam??eno"
+
+#: src/err-codes.h:196
+msgid "Protocol violation"
+msgstr "Naru??en?? protokolu"
+
+#: src/err-codes.h:197
+msgid "Invalid MAC"
+msgstr "Neplatn?? MAC"
+
+#: src/err-codes.h:198
+msgid "Invalid request"
+msgstr "Neplatn?? po??adavek"
+
+#: src/err-codes.h:199
+msgid "Unknown extension"
+msgstr "Nezn??m?? roz??????en??"
+
+#: src/err-codes.h:200
+msgid "Unknown critical extension"
+msgstr "Nezn??m?? kritick?? roz??????en??"
+
+#: src/err-codes.h:201
+msgid "Locked"
+msgstr "Zam??eno"
+
+#: src/err-codes.h:202
+msgid "Unknown option"
+msgstr "Nezn??m?? parametr"
+
+#: src/err-codes.h:203
+msgid "Unknown command"
+msgstr "Nezn??m?? p????kaz"
+
+#: src/err-codes.h:204
+msgid "Not operational"
+msgstr "Nefunk??n??"
+
+#: src/err-codes.h:205
+msgid "No passphrase given"
+msgstr "Heslo nezad??no"
+
+#: src/err-codes.h:206
+msgid "No PIN given"
+msgstr "PIN???nezad??n"
+
+#: src/err-codes.h:207
+#, fuzzy
+msgid "Not enabled"
+msgstr "Neuzam??eno"
+
+#: src/err-codes.h:208
+msgid "Operation not yet finished"
+msgstr "Operace je??t?? neskon??ila"
+
+#: src/err-codes.h:209
+msgid "Buffer too short"
+msgstr "Vyrovn??vac?? pam???? je p????li?? mal??"
+
+#: src/err-codes.h:210
+msgid "Invalid length specifier in S-expression"
+msgstr "Neplatn?? ur??en?? d??lky v??S-v??razu"
+
+#: src/err-codes.h:211
+msgid "String too long in S-expression"
+msgstr "??et??zec v??S-v??razu je p????li?? dlouh??"
+
+#: src/err-codes.h:212
+msgid "Unmatched parentheses in S-expression"
+msgstr "Nep??rov?? z??vorky v??S-v??razu"
+
+#: src/err-codes.h:213
+msgid "S-expression not canonical"
+msgstr "S-v??raz nen?? kanonick??"
+
+#: src/err-codes.h:214
+msgid "Bad character in S-expression"
+msgstr "Chybn?? znak v??S-v??razu"
+
+#: src/err-codes.h:215
+msgid "Bad quotation in S-expression"
+msgstr "Chybn?? uzav??en?? do??uvozovek v??S-v??razu"
+
+#: src/err-codes.h:216
+msgid "Zero prefix in S-expression"
+msgstr "Nulov?? p??edpona v??S-v??razu"
+
+#: src/err-codes.h:217
+msgid "Nested display hints in S-expression"
+msgstr "Vno??en?? pokyny pro zobrazen?? v??S-v??razu"
+
+#: src/err-codes.h:218
+msgid "Unmatched display hints"
+msgstr "Neodpov??daj??c?? pokyny pro zobrazen??"
+
+#: src/err-codes.h:219
+msgid "Unexpected reserved punctuation in S-expression"
+msgstr "Neo??ek??van?? vyhrazen?? interpunkce v??S-v??razu"
+
+#: src/err-codes.h:220
+msgid "Bad hexadecimal character in S-expression"
+msgstr "Chybn?? ??estn??ctkov?? znak v??S-v??razu"
+
+#: src/err-codes.h:221
+msgid "Odd hexadecimal numbers in S-expression"
+msgstr "Lich?? ??estn??ctkov?? ????sla v S-v??razu"
+
+#: src/err-codes.h:222
+msgid "Bad octal character in S-expression"
+msgstr "Chybn?? osmn??ctkov?? znak v??S-v??razu"
+
+#: src/err-codes.h:223
+msgid "General IPC error"
+msgstr "Obecn?? chyba IPC"
+
+#: src/err-codes.h:224
+msgid "IPC accept call failed"
+msgstr "IPC vol??n?? accept (p??ijmout) selhalo"
+
+#: src/err-codes.h:225
+msgid "IPC connect call failed"
+msgstr "IPC vol??n?? connect (p??ipojit) selhalo"
+
+#: src/err-codes.h:226
+msgid "Invalid IPC response"
+msgstr "Neplatn?? odpov???? IPC"
+
+#: src/err-codes.h:227
+msgid "Invalid value passed to IPC"
+msgstr "Neplatn?? hodnota p??edan?? do IPC"
+
+#: src/err-codes.h:228
+msgid "Incomplete line passed to IPC"
+msgstr "Ne??pln?? ????dek p??ed??n do IPC"
+
+#: src/err-codes.h:229
+msgid "Line passed to IPC too long"
+msgstr "????dek p??edan?? do IPC je p????li?? dlouh??"
+
+#: src/err-codes.h:230
+msgid "Nested IPC commands"
+msgstr "Vno??en?? p????kazy IPC"
+
+#: src/err-codes.h:231
+msgid "No data callback in IPC"
+msgstr "????dn?? data zp??tn??ho vol??n?? v??IPC"
+
+#: src/err-codes.h:232
+msgid "No inquire callback in IPC"
+msgstr "????dn?? dotazovac?? zp??tn?? vol??n?? v??IPC"
+
+#: src/err-codes.h:233
+msgid "Not an IPC server"
+msgstr "Nen?? serverem IPC"
+
+#: src/err-codes.h:234
+msgid "Not an IPC client"
+msgstr "Nen?? klientem IPC"
+
+#: src/err-codes.h:235
+msgid "Problem starting IPC server"
+msgstr "Probl??m se spu??t??n??m serveru IPC"
+
+#: src/err-codes.h:236
+msgid "IPC read error"
+msgstr "Chyba ??ten?? IPC"
+
+#: src/err-codes.h:237
+msgid "IPC write error"
+msgstr "Chyba z??pisu IPC"
+
+#: src/err-codes.h:238
+msgid "Too much data for IPC layer"
+msgstr "P????li?? mnoho data pro vrstvu IPC"
+
+#: src/err-codes.h:239
+msgid "Unexpected IPC command"
+msgstr "Neo??ek??van?? p????kaz IPC"
+
+#: src/err-codes.h:240
+msgid "Unknown IPC command"
+msgstr "Nezn??m?? p????kaz IPC"
+
+#: src/err-codes.h:241
+msgid "IPC syntax error"
+msgstr "Chyba syntaxe IPC"
+
+#: src/err-codes.h:242
+msgid "IPC call has been cancelled"
+msgstr "Vol??n?? IPC bylo zru??eno"
+
+#: src/err-codes.h:243
+msgid "No input source for IPC"
+msgstr "????dn?? zdroj vstupu pro IPC"
+
+#: src/err-codes.h:244
+msgid "No output source for IPC"
+msgstr "????dn?? zdroj v??stupu pro IPC"
+
+#: src/err-codes.h:245
+msgid "IPC parameter error"
+msgstr "Chyba parametru IPC"
+
+#: src/err-codes.h:246
+msgid "Unknown IPC inquire"
+msgstr "Nezn??m?? dotaz IPC"
+
+#: src/err-codes.h:247
+msgid "User defined error code 1"
+msgstr "U??ivatelem definovan?? chybov?? k??d 1"
+
+#: src/err-codes.h:248
+msgid "User defined error code 2"
+msgstr "U??ivatelem definovan?? chybov?? k??d 2"
+
+#: src/err-codes.h:249
+msgid "User defined error code 3"
+msgstr "U??ivatelem definovan?? chybov?? k??d 3"
+
+#: src/err-codes.h:250
+msgid "User defined error code 4"
+msgstr "U??ivatelem definovan?? chybov?? k??d 4"
+
+#: src/err-codes.h:251
+msgid "User defined error code 5"
+msgstr "U??ivatelem definovan?? chybov?? k??d 5"
+
+#: src/err-codes.h:252
+msgid "User defined error code 6"
+msgstr "U??ivatelem definovan?? chybov?? k??d 6"
+
+#: src/err-codes.h:253
+msgid "User defined error code 7"
+msgstr "U??ivatelem definovan?? chybov?? k??d 7"
+
+#: src/err-codes.h:254
+msgid "User defined error code 8"
+msgstr "U??ivatelem definovan?? chybov?? k??d 8"
+
+#: src/err-codes.h:255
+msgid "User defined error code 9"
+msgstr "U??ivatelem definovan?? chybov?? k??d 9"
+
+#: src/err-codes.h:256
+msgid "User defined error code 10"
+msgstr "U??ivatelem definovan?? chybov?? k??d 10"
+
+#: src/err-codes.h:257
+msgid "User defined error code 11"
+msgstr "U??ivatelem definovan?? chybov?? k??d 11"
+
+#: src/err-codes.h:258
+msgid "User defined error code 12"
+msgstr "U??ivatelem definovan?? chybov?? k??d 12"
+
+#: src/err-codes.h:259
+msgid "User defined error code 13"
+msgstr "U??ivatelem definovan?? chybov?? k??d 13"
+
+#: src/err-codes.h:260
+msgid "User defined error code 14"
+msgstr "U??ivatelem definovan?? chybov?? k??d 14"
+
+#: src/err-codes.h:261
+msgid "User defined error code 15"
+msgstr "U??ivatelem definovan?? chybov?? k??d 15"
+
+#: src/err-codes.h:262
+msgid "User defined error code 16"
+msgstr "U??ivatelem definovan?? chybov?? k??d 16"
+
+#: src/err-codes.h:263
+msgid "System error w/o errno"
+msgstr "Chyba syst??mu bez ????sla chyby (errno)"
+
+#: src/err-codes.h:264
+msgid "Unknown system error"
+msgstr "Nezn??m?? chyba syst??mu"
+
+#: src/err-codes.h:265
+msgid "End of file"
+msgstr "Konec souboru"
+
+#: src/err-codes.h:266
+msgid "Unknown error code"
+msgstr "Nezn??m?? k??d chyby"
+
+#: src/gpg-error.c:469
+#, c-format
+msgid "Usage: %s GPG-ERROR [...]\n"
+msgstr "Pou??it??: %s CHYBA_GPG [???]\n"
+
+#: src/gpg-error.c:497
+#, c-format
+msgid "%s: warning: could not recognize %s\n"
+msgstr "%s: pozor: %s nebylo mo??n?? rozpoznat\n"

Added: trunk/po/it.po
===================================================================
--- trunk/po/it.po	                        (rev 0)
+++ trunk/po/it.po	2009-08-20 08:27:40 UTC (rev 221)
@@ -0,0 +1,1063 @@
+# Italian translation of libgpg-error.
+# Copyright (C) 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgpg-error package.
+# Francesco Groccia <fgr at anche.no>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgpg-error 1.7\n"
+"Report-Msgid-Bugs-To: translations at gnupg.org\n"
+"POT-Creation-Date: 2009-08-20 08:57+0200\n"
+"PO-Revision-Date: 2009-08-20 09:14+0200\n"
+"Last-Translator: Francesco Groccia <fgr at anche.no>\n"
+"Language-Team: Italian <tp at lists.linux.it>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: src/err-sources.h:28
+msgid "Unspecified source"
+msgstr "Sorgente non specificata"
+
+#: src/err-sources.h:29
+msgid "gcrypt"
+msgstr "gcrypt"
+
+#: src/err-sources.h:30
+msgid "GnuPG"
+msgstr "GPG"
+
+#: src/err-sources.h:31
+msgid "GpgSM"
+msgstr "GpgSM"
+
+#: src/err-sources.h:32
+msgid "GPG Agent"
+msgstr "GPG Agent"
+
+#: src/err-sources.h:33
+msgid "Pinentry"
+msgstr "Pinentry"
+
+#: src/err-sources.h:34
+msgid "SCD"
+msgstr "SCD"
+
+#: src/err-sources.h:35
+msgid "GPGME"
+msgstr "GPGME"
+
+#: src/err-sources.h:36
+msgid "Keybox"
+msgstr "Keybox"
+
+#: src/err-sources.h:37
+msgid "KSBA"
+msgstr "KSBA"
+
+#: src/err-sources.h:38
+msgid "Dirmngr"
+msgstr "Dirmngr"
+
+#: src/err-sources.h:39
+msgid "GSTI"
+msgstr "GSTI"
+
+#: src/err-sources.h:40
+msgid "GPA"
+msgstr "GPA"
+
+#: src/err-sources.h:41
+msgid "Kleopatra"
+msgstr "Kleopatra"
+
+#: src/err-sources.h:42
+msgid "Any source"
+msgstr "Qualsiasi fonte"
+
+#: src/err-sources.h:43
+msgid "User defined source 1"
+msgstr "Fonte 1 definita dall'utente"
+
+#: src/err-sources.h:44
+msgid "User defined source 2"
+msgstr "Fonte 2 definita dall'utente"
+
+#: src/err-sources.h:45
+msgid "User defined source 3"
+msgstr "Fonte 3 definita dall'utente"
+
+#: src/err-sources.h:46
+msgid "User defined source 4"
+msgstr "Fonte 4 definita dall'utente"
+
+#: src/err-sources.h:47
+msgid "Unknown source"
+msgstr "Fonte sconosciuta"
+
+#: src/err-codes.h:28
+msgid "Success"
+msgstr "Eseguito"
+
+#: src/err-codes.h:29
+msgid "General error"
+msgstr "Errore generale"
+
+#: src/err-codes.h:30
+msgid "Unknown packet"
+msgstr "Pacchetto sconosciuto"
+
+#: src/err-codes.h:31
+msgid "Unknown version in packet"
+msgstr "Versione sconosciuta nel pacchetto"
+
+#: src/err-codes.h:32
+msgid "Invalid public key algorithm"
+msgstr "Algoritmo a chiave pubblica non valido"
+
+#: src/err-codes.h:33
+msgid "Invalid digest algorithm"
+msgstr "Algoritmo di digest non valido"
+
+#: src/err-codes.h:34
+msgid "Bad public key"
+msgstr "Chiave pubblica errata"
+
+#: src/err-codes.h:35
+msgid "Bad secret key"
+msgstr "Chiave segreta errata"
+
+#: src/err-codes.h:36
+msgid "Bad signature"
+msgstr "Firma digitale errata"
+
+#: src/err-codes.h:37
+msgid "No public key"
+msgstr "Nessuna chiave pubblica"
+
+#: src/err-codes.h:38
+msgid "Checksum error"
+msgstr "Errore nel codice di controllo"
+
+#: src/err-codes.h:39
+msgid "Bad passphrase"
+msgstr "Passphrase errata"
+
+#: src/err-codes.h:40
+msgid "Invalid cipher algorithm"
+msgstr "Algoritmo di cifratura non valido"
+
+#: src/err-codes.h:41
+msgid "Keyring open"
+msgstr "Apertura del portachiavi"
+
+#: src/err-codes.h:42
+msgid "Invalid packet"
+msgstr "Pacchetto non valido"
+
+#: src/err-codes.h:43
+msgid "Invalid armor"
+msgstr "Armatura non valida"
+
+#: src/err-codes.h:44
+msgid "No user ID"
+msgstr "Nessun identificativo utente"
+
+#: src/err-codes.h:45
+msgid "No secret key"
+msgstr "Nessuna chiave segreta"
+
+#: src/err-codes.h:46
+msgid "Wrong secret key used"
+msgstr "?? stata usata una chiave segreta errata"
+
+#: src/err-codes.h:47
+msgid "Bad session key"
+msgstr "Chiave di sessione errata"
+
+#: src/err-codes.h:48
+msgid "Unknown compression algorithm"
+msgstr "Algoritmo di compressione sconosciuto"
+
+#: src/err-codes.h:49
+msgid "Number is not prime"
+msgstr "Non ?? un numero primo"
+
+#: src/err-codes.h:50
+msgid "Invalid encoding method"
+msgstr "Metodo di codifica non valido"
+
+#: src/err-codes.h:51
+msgid "Invalid encryption scheme"
+msgstr "Schema di cifratura non valido"
+
+#: src/err-codes.h:52
+msgid "Invalid signature scheme"
+msgstr "Schema di firma digitale non valido"
+
+#: src/err-codes.h:53
+msgid "Invalid attribute"
+msgstr "Attributo non valido"
+
+#: src/err-codes.h:54
+msgid "No value"
+msgstr "Nessun valore"
+
+#: src/err-codes.h:55
+msgid "Not found"
+msgstr "Non trovato"
+
+#: src/err-codes.h:56
+msgid "Value not found"
+msgstr "Valore non trovato"
+
+#: src/err-codes.h:57
+msgid "Syntax error"
+msgstr "Errore di sintassi"
+
+#: src/err-codes.h:58
+msgid "Bad MPI value"
+msgstr "Valore MPI errato"
+
+#: src/err-codes.h:59
+msgid "Invalid passphrase"
+msgstr "Passphrase non valida"
+
+#: src/err-codes.h:60
+msgid "Invalid signature class"
+msgstr "Classe di firma non valida"
+
+#: src/err-codes.h:61
+msgid "Resources exhausted"
+msgstr "Risorse esaurite"
+
+#: src/err-codes.h:62
+msgid "Invalid keyring"
+msgstr "Portachiavi non valido"
+
+#: src/err-codes.h:63
+msgid "Trust DB error"
+msgstr "Errore nel database della fiducia"
+
+#: src/err-codes.h:64
+msgid "Bad certificate"
+msgstr "Certificato errato"
+
+#: src/err-codes.h:65
+msgid "Invalid user ID"
+msgstr "Identificativo utente non valido"
+
+#: src/err-codes.h:66
+msgid "Unexpected error"
+msgstr "Errore inaspettato"
+
+#: src/err-codes.h:67
+msgid "Time conflict"
+msgstr "Data e ora in conflitto"
+
+#: src/err-codes.h:68
+msgid "Keyserver error"
+msgstr "Errore del server delle chiavi"
+
+#: src/err-codes.h:69
+msgid "Wrong public key algorithm"
+msgstr "Algoritmo a chiave pubblica errato"
+
+#: src/err-codes.h:70
+msgid "Tribute to D. A."
+msgstr "Tributo a D. A."
+
+#: src/err-codes.h:71
+msgid "Weak encryption key"
+msgstr "Chiave di cifratura debole"
+
+#: src/err-codes.h:72
+msgid "Invalid key length"
+msgstr "Lunghezza chiave non valida"
+
+#: src/err-codes.h:73
+msgid "Invalid argument"
+msgstr "Argomento non valido"
+
+#: src/err-codes.h:74
+msgid "Syntax error in URI"
+msgstr "Errore di sintassi nell'URI"
+
+#: src/err-codes.h:75
+msgid "Invalid URI"
+msgstr "URI non valido"
+
+#: src/err-codes.h:76
+msgid "Network error"
+msgstr "Errore di rete"
+
+#: src/err-codes.h:77
+msgid "Unknown host"
+msgstr "Host sconosciuto"
+
+#: src/err-codes.h:78
+msgid "Selftest failed"
+msgstr "Autodiagnosi non riuscito"
+
+#: src/err-codes.h:79
+msgid "Data not encrypted"
+msgstr "Dati non cifrati"
+
+#: src/err-codes.h:80
+msgid "Data not processed"
+msgstr "Dati non elaborati"
+
+#: src/err-codes.h:81
+msgid "Unusable public key"
+msgstr "Chiave pubblica non utilizzabile"
+
+#: src/err-codes.h:82
+msgid "Unusable secret key"
+msgstr "Chiave segreta non utilizzabile"
+
+#: src/err-codes.h:83
+msgid "Invalid value"
+msgstr "Valore non valido"
+
+#: src/err-codes.h:84
+msgid "Bad certificate chain"
+msgstr "Catena del certificato errata"
+
+#: src/err-codes.h:85
+msgid "Missing certificate"
+msgstr "Certificato mancante"
+
+#: src/err-codes.h:86
+msgid "No data"
+msgstr "Dati assenti"
+
+#: src/err-codes.h:87
+msgid "Bug"
+msgstr "Bug"
+
+#: src/err-codes.h:88
+msgid "Not supported"
+msgstr "Non supportato"



From cvs at cvs.gnupg.org  Thu Aug 20 10:41:16 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu, 20 Aug 2009 10:41:16 +0200
Subject: [svn] GnuPG -  r5125 - in trunk: . g10 include
Message-ID: <E1Me1qw-00085b-7u@lists.gnupg.com>

Author: wk
Date: 2009-08-20 10:41:15 +0200 (Thu, 20 Aug 2009)
New Revision: 5125

Modified:
   trunk/README.maint
   trunk/g10/ChangeLog
   trunk/g10/gpgv.c
   trunk/g10/mainproc.c
   trunk/g10/passphrase.c
   trunk/include/ChangeLog
   trunk/include/cipher.h
Log:
2009-08-20  Daiki Ueno  <ueno at unixuser.org>

    * mainproc.c (proc_encrypted): Clear passphrase cached with S2K
      cache ID if decryption failed.
    * passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
    * gpgv.c (passphrase_clear_cache): New stub.
		      


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/g10/ChangeLog	2009-08-20 08:41:15 UTC (rev 5125)
@@ -1,3 +1,10 @@
+2009-08-20  Daiki Ueno  <ueno at unixuser.org>
+
+	* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
+	cache ID if decryption failed.
+	* passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
+	* gpgv.c (passphrase_clear_cache): New stub.
+
 2009-08-11  Werner Koch  <wk at g10code.com>
 
 	* call-agent.c (get_serialno_cb): New.  From ../agent/call-scd.c.

Modified: trunk/include/ChangeLog
===================================================================
--- trunk/include/ChangeLog	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/include/ChangeLog	2009-08-20 08:41:15 UTC (rev 5125)
@@ -1,3 +1,7 @@
+2009-08-20  Daiki Ueno  <ueno at unixuser.org>  (wk)
+
+	* cipher.h (struct DEK): Add field S2K_CACHEID.
+
 2008-04-18  Werner Koch  <wk at g10code.com>
 
 	* cipher.h (CIPHER_ALGO_CAMELLIA256): Change ID to 13.

Modified: trunk/README.maint
===================================================================
--- trunk/README.maint	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/README.maint	2009-08-20 08:41:15 UTC (rev 5125)
@@ -21,7 +21,8 @@
   * Make sure that all new PO files are checked in.
   * Decide whether you want to update the automake standard files 
     (Mainly config.guess and config.sub).
-  * [1.4 only] Update gpg.texi and gpgv.texi from the trunk.
+  * [1.4 only] Update gpg.texi and gpgv.texi from the trunk:
+       make -C doc update-source-from-gnupg-2
   * Run "make -C po update-po".
   * Write NEWS entries and set the release date in NEWS.
   * In configure.ac set "my_issvn" to "no".

Modified: trunk/g10/gpgv.c
===================================================================
--- trunk/g10/gpgv.c	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/g10/gpgv.c	2009-08-20 08:41:15 UTC (rev 5125)
@@ -426,6 +426,14 @@
   return NULL;
 }
 
+void
+passphrase_clear_cache (u32 *keyid, const char *cacheid, int algo)
+{
+  (void)keyid;
+  (void)cacheid;
+  (void)algo;
+}
+
 struct keyserver_spec *
 parse_preferred_keyserver(PKT_signature *sig) 
 {

Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/g10/mainproc.c	2009-08-20 08:41:15 UTC (rev 5125)
@@ -586,6 +586,13 @@
 	write_status( STATUS_DECRYPTION_FAILED );
     }
     else {
+        if (gpg_err_code (result) == GPG_ERR_BAD_KEY
+	    && *c->dek->s2k_cacheid != '\0')
+	  {
+	    log_debug(_("cleared passphrase cached with ID: %s\n"),
+		      c->dek->s2k_cacheid);
+	    passphrase_clear_cache (NULL, c->dek->s2k_cacheid, 0);
+	  }
 	write_status( STATUS_DECRYPTION_FAILED );
 	log_error(_("decryption failed: %s\n"), g10_errstr(result));
 	/* Hmmm: does this work when we have encrypted using multiple

Modified: trunk/g10/passphrase.c
===================================================================
--- trunk/g10/passphrase.c	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/g10/passphrase.c	2009-08-20 08:41:15 UTC (rev 5125)
@@ -452,6 +452,7 @@
   DEK *dek;
   STRING2KEY help_s2k;
   int dummy_canceled;
+  char s2k_cacheidbuf[1+16+1], *s2k_cacheid = NULL;
 
   if (!canceled)
     canceled = &dummy_canceled;
@@ -573,19 +574,16 @@
     }
   else 
     {
-      char *cacheid = NULL;
-      char buf[1+16+1];
-
       if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
 	{
-	  memset (buf, 0, sizeof buf);
-	  *buf = 'S';
-	  bin2hex (s2k->salt, 8, buf + 1);
-          cacheid = buf;
+	  memset (s2k_cacheidbuf, 0, sizeof s2k_cacheidbuf);
+	  *s2k_cacheidbuf = 'S';
+	  bin2hex (s2k->salt, 8, s2k_cacheidbuf + 1);
+	  s2k_cacheid = s2k_cacheidbuf;
 	}
 
       /* Divert to the gpg-agent. */
-      pw = passphrase_get (keyid, mode == 2, cacheid,
+      pw = passphrase_get (keyid, mode == 2, s2k_cacheid,
                            (mode == 2 || mode == 4)? opt.passwd_repeat : 0,
                            tryagain_text, custdesc, custprompt, canceled);
       if (*canceled)
@@ -608,6 +606,8 @@
     dek->keylen = 0;
   else
     hash_passphrase (dek, pw, s2k);
+  if (s2k_cacheid)
+    memcpy (dek->s2k_cacheid, s2k_cacheid, sizeof dek->s2k_cacheid);
   xfree(last_pw);
   last_pw = pw;
   return dek;

Modified: trunk/include/cipher.h
===================================================================
--- trunk/include/cipher.h	2009-08-18 10:46:34 UTC (rev 5124)
+++ trunk/include/cipher.h	2009-08-20 08:41:15 UTC (rev 5125)
@@ -94,6 +94,7 @@
   int use_mdc;
   int symmetric;
   byte key[32]; /* This is the largest used keylen (256 bit). */
+  char s2k_cacheid[1+16+1];
 } DEK;
 
 



From cvs at cvs.gnupg.org  Fri Aug 21 11:34:16 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 21 Aug 2009 11:34:16 +0200
Subject: [svn] gcry - r1404 - trunk/cipher
Message-ID: <E1MeP9a-0002tZ-M1@lists.gnupg.com>

Author: wk
Date: 2009-08-21 11:34:16 +0200 (Fri, 21 Aug 2009)
New Revision: 1404

Modified:
   trunk/cipher/ChangeLog
   trunk/cipher/dsa.c
Log:
Fix memleak in dsa key generation


Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog	2009-08-05 15:02:24 UTC (rev 1403)
+++ trunk/cipher/ChangeLog	2009-08-21 09:34:16 UTC (rev 1404)
@@ -1,3 +1,8 @@
+2009-08-21  Werner Koch  <wk at g10code.com>
+
+	* dsa.c (dsa_generate_ext): Release retfactors array before
+	setting it to NULL.  Reported by Daiko Ueno.
+
 2009-07-02  Werner Koch  <wk at g10code.com>
 
 	* md.c (md_read): Fix incomplete check for NULL.

Modified: trunk/cipher/dsa.c
===================================================================
--- trunk/cipher/dsa.c	2009-08-05 15:02:24 UTC (rev 1403)
+++ trunk/cipher/dsa.c	2009-08-21 09:34:16 UTC (rev 1404)
@@ -907,6 +907,7 @@
               gcry_mpi_release ((*retfactors)[i]);
               (*retfactors)[i] = NULL;
             }
+          gcry_free (*retfactors);
           *retfactors = NULL;
           if (ec)
             {



From cvs at cvs.gnupg.org  Fri Aug 21 11:34:39 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 21 Aug 2009 11:34:39 +0200
Subject: [svn] gcry - r1405 - branches/LIBGCRYPT-1-4-BRANCH/cipher
Message-ID: <E1MeP9w-0002uc-HN@lists.gnupg.com>

Author: wk
Date: 2009-08-21 11:34:39 +0200 (Fri, 21 Aug 2009)
New Revision: 1405

Modified:
   branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog
   branches/LIBGCRYPT-1-4-BRANCH/cipher/dsa.c
Log:
Fix memleak in DSA key generation


Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog
===================================================================
--- branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog	2009-08-21 09:34:16 UTC (rev 1404)
+++ branches/LIBGCRYPT-1-4-BRANCH/cipher/ChangeLog	2009-08-21 09:34:39 UTC (rev 1405)
@@ -1,3 +1,8 @@
+2009-08-21  Werner Koch  <wk at g10code.com>
+
+	* dsa.c (dsa_generate_ext): Release retfactors array before
+	setting it to NULL.  Reported by Daiko Ueno.
+
 2009-01-22  Werner Koch  <wk at g10code.com>
 
 	* ecc.c (compute_keygrip): Remove superfluous const.

Modified: branches/LIBGCRYPT-1-4-BRANCH/cipher/dsa.c
===================================================================
--- branches/LIBGCRYPT-1-4-BRANCH/cipher/dsa.c	2009-08-21 09:34:16 UTC (rev 1404)
+++ branches/LIBGCRYPT-1-4-BRANCH/cipher/dsa.c	2009-08-21 09:34:39 UTC (rev 1405)
@@ -907,6 +907,7 @@
               gcry_mpi_release ((*retfactors)[i]);
               (*retfactors)[i] = NULL;
             }
+          gcry_free (*retfactors);
           *retfactors = NULL;
           if (ec)
             {



From cvs at cvs.gnupg.org  Fri Aug 21 12:29:39 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 21 Aug 2009 12:29:39 +0200
Subject: [svn] GpgOL - r304 - trunk/src
Message-ID: <E1MeQ19-0003gx-Vu@lists.gnupg.com>

Author: wk
Date: 2009-08-21 12:29:39 +0200 (Fri, 21 Aug 2009)
New Revision: 304

Modified:
   trunk/src/ChangeLog
   trunk/src/common.h
   trunk/src/engine-assuan.c
   trunk/src/item-events.cpp
   trunk/src/main.c
   trunk/src/message.cpp
   trunk/src/ol-ext-callback.cpp
   trunk/src/session-events.cpp
Log:
Do not use MSgWautForMultipleObjects


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/ChangeLog	2009-08-21 10:29:39 UTC (rev 304)
@@ -1,3 +1,18 @@
+2009-08-21  Werner Koch  <wk at g10code.com>
+
+	* engine-assuan.c (async_worker_thread): Disable the use of
+	MsgWaitForMultipleObjects.
+	* common.h (struct compat): Add USE_MWFMO.
+	* main.c (read_options): Read that flag.
+
+2009-08-19  Werner Koch  <wk at g10code.com>
+
+	* message.cpp (ul_release): Add arg LNR.  Change all callers.
+	* ol-ext-callback.cpp (ul_release): Add args FUNC and LNR.  Change
+	all callers.
+	* item-events.cpp (ul_release): ditto.
+	* session-events.cpp (ul_release): Ditto.
+
 2009-07-21  Werner Koch  <wk at g10code.com>
 
 	* mapihelp.cpp (create_gpgol_tag, get_internetcharsetbody_tag) 

Modified: trunk/src/common.h
===================================================================
--- trunk/src/common.h	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/common.h	2009-08-21 10:29:39 UTC (rev 304)
@@ -130,6 +130,7 @@
     unsigned int old_reply_hack: 1; /* See gpgmsg.cpp:decrypt. */
     unsigned int auto_decrypt: 1;   /* Try to decrypt when clicked. */
     unsigned int no_attestation: 1; /* Don't create an attestation. */
+    unsigned int use_mwfmo: 1;      /* Use MsgWaitForMultipleObjects.  */
   } compat; 
 
   /* The SVN revision as stored in the registry.  */

Modified: trunk/src/engine-assuan.c
===================================================================
--- trunk/src/engine-assuan.c	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/engine-assuan.c	2009-08-21 10:29:39 UTC (rev 304)
@@ -872,9 +872,15 @@
   DWORD nbytes;
   HANDLE hdarray[MAXIMUM_WAIT_OBJECTS];
   int count, addit, any_ready, hdarraylen;
+  /* Due to problems opening stuff with Internet exploder, Word or
+     Wordview, we can't use MsgWaitForMultipleObjects and the event
+     loops.  For test purposes a compatibiliy option allows to revert
+     to the old behaviour. */
+  int msgwait = opt.compat.use_mwfmo; 
+
   
-  attach_thread_input ( (DWORD)dummy );
-  (void)dummy;
+  if (msgwait)
+    attach_thread_input ( (DWORD)dummy );
 
   for (;;)
     {
@@ -965,27 +971,31 @@
                                SRCNAME, __func__, item->name, item->hd);
                 }
             }
-          /* [Currently not used]
-             First process any window messages of this thread.  Do
+
+          /* First process any window messages of this thread.  Do
              this before wating so that the message queue is cleared
              before waiting and we don't get stucked due to messages
              not removed.  We need to process the message queue also
              after the wait because we will only get to here if there
              is actual ui-server work to be done but some messages
              might still be in the queue.  */
-          {
-            MSG msg;
-
-            while (PeekMessage (&msg, NULL, 0, 0, PM_REMOVE))
-              {
-                TranslateMessage (&msg);
-                DispatchMessage (&msg);
-              }
-          }
-
-/*           n = WaitForMultipleObjects (hdarraylen, hdarray, FALSE, INFINITE); */
-          n = MsgWaitForMultipleObjects (hdarraylen, hdarray, FALSE,
-                                         INFINITE, QS_ALLEVENTS);
+          if (msgwait)
+            {
+              MSG msg;
+              
+              while (PeekMessage (&msg, NULL, 0, 0, PM_REMOVE))
+                {
+                  TranslateMessage (&msg);
+                  DispatchMessage (&msg);
+                }
+              n = MsgWaitForMultipleObjects (hdarraylen, hdarray, FALSE,
+                                             INFINITE, QS_ALLEVENTS);
+            }
+          else
+            {
+              n = WaitForMultipleObjects (hdarraylen, hdarray, FALSE,
+                                          INFINITE);
+            }
           if (n == WAIT_FAILED)
             {
               /* The WFMO failed.  This is an error; to help debugging
@@ -1026,19 +1036,18 @@
               Sleep (1000);
             }
 
-          /* [Currently not used] 
-             Try to process the message queue.  */
-          {
-            MSG msg;
-            
-            while (PeekMessage (&msg, NULL, 0, 0, PM_REMOVE))
-              {
-                TranslateMessage (&msg);
-                DispatchMessage (&msg);
-              }
-          }
+          if (msgwait)
+            {
+              MSG msg;
+              
+              while (PeekMessage (&msg, NULL, 0, 0, PM_REMOVE))
+                {
+                  TranslateMessage (&msg);
+                  DispatchMessage (&msg);
+                }
+            }
         }
-
+      
       /*
          Step 3: Handle I/O completion status.
        */

Modified: trunk/src/item-events.cpp
===================================================================
--- trunk/src/item-events.cpp	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/item-events.cpp	2009-08-21 10:29:39 UTC (rev 304)
@@ -41,9 +41,8 @@
 
 
 /* Wrapper around UlRelease with error checking. */
-/* FIXME: Duplicated code.  */
 static void 
-ul_release (LPVOID punk)
+ul_release (LPVOID punk, const char *func, int lnr)
 {
   ULONG res;
   
@@ -51,12 +50,14 @@
     return;
   res = UlRelease (punk);
   if (opt.enable_debug & DBG_MEMORY)
-    log_debug ("%s UlRelease(%p) had %lu references\n", __func__, punk, res);
+    log_debug ("%s:%s:%d: UlRelease(%p) had %lu references\n", 
+               SRCNAME, func, lnr, punk, res);
 }
 
 
 
 
+
 /* Our constructor.  */
 GpgolItemEvents::GpgolItemEvents (GpgolExt *pParentInterface)
 { 
@@ -109,8 +110,8 @@
   eecb->GetObject (&mdb, (LPMAPIPROP *)&message);
   if (message_incoming_handler (message, hwnd, false))
     m_processed = TRUE;
-  ul_release (message);
-  ul_release (mdb);
+  ul_release (message, __func__, __LINE__);
+  ul_release (mdb, __func__, __LINE__);
 
   return S_FALSE;
 }
@@ -194,8 +195,8 @@
         log_debug_w32 (hr, "%s:%s: error getting message", 
                        SRCNAME, __func__);
      
-      ul_release (message);
-      ul_release (mdb);
+      ul_release (message, __func__, __LINE__);
+      ul_release (mdb, __func__, __LINE__);
     }
 
   return S_FALSE;

Modified: trunk/src/main.c
===================================================================
--- trunk/src/main.c	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/main.c	2009-08-21 10:29:39 UTC (rev 304)
@@ -669,6 +669,7 @@
             case 4: opt.compat.old_reply_hack = x; break;
             case 5: opt.compat.auto_decrypt = x; break;
             case 6: opt.compat.no_attestation = x; break;
+            case 7: opt.compat.use_mwfmo = x; break;
             }
         }
       log_debug ("Note: using compatibility flags: %s", val);

Modified: trunk/src/message.cpp
===================================================================
--- trunk/src/message.cpp	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/message.cpp	2009-08-21 10:29:39 UTC (rev 304)
@@ -38,8 +38,9 @@
                         } while (0)
 
 
+/* Wrapper around UlRelease with error checking. */
 static void 
-ul_release (LPVOID punk, const char *func)
+ul_release (LPVOID punk, const char *func, int lnr)
 {
   ULONG res;
   
@@ -47,8 +48,8 @@
     return;
   res = UlRelease (punk);
   if (opt.enable_debug & DBG_MEMORY)
-    log_debug ("%s:%s: UlRelease(%p) had %lu references\n", 
-               SRCNAME, func, punk, res);
+    log_debug ("%s:%s:%d: UlRelease(%p) had %lu references\n", 
+               SRCNAME, func, lnr, punk, res);
 }
 
 
@@ -198,8 +199,8 @@
   else
     log_debug_w32 (hr, "%s:%s: error getting message", SRCNAME, __func__);
 
-  ul_release (message, __func__);
-  ul_release (mdb, __func__);
+  ul_release (message, __func__, __LINE__);
+  ul_release (mdb, __func__, __LINE__);
 
   return !!wasprotected;
 }
@@ -277,8 +278,8 @@
           break;
         }
       
-      ul_release (message, __func__);
-      ul_release (mdb, __func__);
+      ul_release (message, __func__, __LINE__);
+      ul_release (mdb, __func__, __LINE__);
     }
 }
 

Modified: trunk/src/ol-ext-callback.cpp
===================================================================
--- trunk/src/ol-ext-callback.cpp	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/ol-ext-callback.cpp	2009-08-21 10:29:39 UTC (rev 304)
@@ -41,9 +41,8 @@
 
 
 /* Wrapper around UlRelease with error checking. */
-/* FIXME: Duplicated code.  */
 static void 
-ul_release (LPVOID punk)
+ul_release (LPVOID punk, const char *func, int lnr)
 {
   ULONG res;
   
@@ -51,13 +50,15 @@
     return;
   res = UlRelease (punk);
   if (opt.enable_debug & DBG_MEMORY)
-    log_debug ("%s UlRelease(%p) had %lu references\n", __func__, punk, res);
+    log_debug ("%s:%s:%d: UlRelease(%p) had %lu references\n", 
+               SRCNAME, func, lnr, punk, res);
 }
 
 
 
 
 
+
 /* Locate a property using the provided callback LPEECB and traverse
    down to the last element of the dot delimited NAME.  Returns the
    Dispatch object and if R_DISPID is not NULL, the dispatch-id of the
@@ -194,8 +195,8 @@
       result = 0;
     }
 
-  ul_release (pMessage);
-  ul_release (pMDB);
+  ul_release (pMessage, __func__, __LINE__);
+  ul_release (pMDB, __func__, __LINE__);
   return result;
 }
 
@@ -238,8 +239,8 @@
       result = 0;
     }
 
-  ul_release (pMessage);
-  ul_release (pMDB);
+  ul_release (pMessage, __func__, __LINE__);
+  ul_release (pMDB, __func__, __LINE__);
   return result;
 }
 

Modified: trunk/src/session-events.cpp
===================================================================
--- trunk/src/session-events.cpp	2009-07-21 15:38:47 UTC (rev 303)
+++ trunk/src/session-events.cpp	2009-08-21 10:29:39 UTC (rev 304)
@@ -44,9 +44,8 @@
 
 
 /* Wrapper around UlRelease with error checking. */
-/* FIXME: Duplicated code.  */
 static void 
-ul_release (LPVOID punk)
+ul_release (LPVOID punk, const char *func, int lnr)
 {
   ULONG res;
   
@@ -54,15 +53,12 @@
     return;
   res = UlRelease (punk);
   if (opt.enable_debug & DBG_MEMORY)
-    log_debug ("%s UlRelease(%p) had %lu references\n", __func__, punk, res);
+    log_debug ("%s:%s:%d: UlRelease(%p) had %lu references\n", 
+               SRCNAME, func, lnr, punk, res);
 }
 
 
 
-
-
-
-
 /* Our constructor.  */
 GpgolSessionEvents::GpgolSessionEvents (GpgolExt *pParentInterface)
 { 
@@ -113,8 +109,8 @@
          later (before an OnRead) to IPM.Note. */
       mapi_change_message_class (pMessage, 0);
       log_mapi_property (pMessage, PR_MESSAGE_CLASS,"PR_MESSAGE_CLASS");
-      ul_release (pMessage);
-      ul_release (pMDB);
+      ul_release (pMessage, __func__, __LINE__);
+      ul_release (pMDB, __func__, __LINE__);
     }
 
   return S_FALSE;



From cvs at cvs.gnupg.org  Mon Aug 24 15:06:34 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon, 24 Aug 2009 15:06:34 +0200
Subject: [svn] GpgOL - r305 - trunk/src
Message-ID: <E1MfXt2-0008EI-KS@lists.gnupg.com>

Author: wk
Date: 2009-08-24 15:06:33 +0200 (Mon, 24 Aug 2009)
New Revision: 305

Added:
   trunk/src/revert.cpp
   trunk/src/revert.h
Log:
Add missing files




From cvs at cvs.gnupg.org  Mon Aug 24 15:10:06 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon, 24 Aug 2009 15:10:06 +0200
Subject: [svn] GpgOL - r306 - trunk/src
Message-ID: <E1MfXwQ-0008J9-Ug@lists.gnupg.com>

Author: wk
Date: 2009-08-24 15:10:05 +0200 (Mon, 24 Aug 2009)
New Revision: 306

Added:
   trunk/src/guidgen.c
   trunk/src/watchmouse.c
Log:
Add other test code




From cvs at cvs.gnupg.org  Tue Aug 25 00:21:39 2009
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Tue, 25 Aug 2009 00:21:39 +0200
Subject: [svn] GnuPG -  r5126 - trunk/doc
Message-ID: <E1MfgY7-0001GN-MJ@lists.gnupg.com>

Author: dshaw
Date: 2009-08-25 00:21:39 +0200 (Tue, 25 Aug 2009)
New Revision: 5126

Modified:
   trunk/doc/ChangeLog
   trunk/doc/gpg.texi
Log:
* gpg.text: Suggested new ordering for --edit-key.


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2009-08-20 08:41:15 UTC (rev 5125)
+++ trunk/doc/ChangeLog	2009-08-24 22:21:39 UTC (rev 5126)
@@ -1,3 +1,7 @@
+2009-08-24  David Shaw  <dshaw at jabberwocky.com>
+
+	* gpg.text: Suggested new ordering for --edit-key.
+
 2009-08-17  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpg.texi (OpenPGP Options): Clarify that

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2009-08-20 08:41:15 UTC (rev 5125)
+++ trunk/doc/gpg.texi	2009-08-24 22:21:39 UTC (rev 5126)
@@ -589,6 +589,16 @@
 @c ******** Begin Edit-key Options **********
 @table @asis
 
+ at item uid @code{n}
+ at opindex keyedit:uid
+Toggle selection of user ID or photographic user ID with index @code{n}.
+Use 0 to deselect all.
+
+ at item key @code{n}
+ at opindex keyedit:key
+Toggle selection of subkey with index @code{n}.
+Use 0 to deselect all.
+
 @item sign
 @opindex keyedit:sign
 Make a signature on key of user @code{name} If the key is not yet
@@ -625,107 +635,48 @@
 
 @table @asis
 
+ at item delsig
+ at opindex keyedit:delsig
+Delete a signature. Note that it is not possible to retract a signature,
+once it has been send to the public (i.e. to a keyserver).  In that case
+you better use @code{revsig}.
+
 @item revsig
 @opindex keyedit:revsig
 Revoke a signature. For every signature which has been generated by
 one of the secret keys, GnuPG asks whether a revocation certificate
 should be generated.
 
- at item trust
- at opindex keyedit:trust
-Change the owner trust value. This updates the
-trust-db immediately and no save is required.
+ at item check
+ at opindex keyedit:check
+Check the signatures on all selected user IDs.
 
- at item disable
- at itemx enable
- at opindex keyedit:disable
- at opindex keyedit:enable
-Disable or enable an entire key. A disabled key can not normally be
-used for encryption.
-
 @item adduid
 @opindex keyedit:adduid
-Create an alternate user id.
+Create an additional user ID.
 
 @item addphoto
 @opindex keyedit:addphoto
-Create a photographic user id. This will prompt for a JPEG file that
+Create a photographic user ID. This will prompt for a JPEG file that
 will be embedded into the user ID. Note that a very large JPEG will make
 for a very large key. Also note that some programs will display your
 JPEG unchanged (GnuPG), and some programs will scale it to fit in a
 dialog box (PGP).
 
+ at item showphoto
+ at opindex keyedit:showphoto
+Display the selected photographic user ID.
+
 @item deluid
 @opindex keyedit:deluid
-Delete a user id.  Note that it is not possible to retract a user id,
-once it has been send to the public (i.e. to a keyserver).  In that case
-you better use @code{revuid}.
+Delete a user ID or photographic user ID.  Note that it is not
+possible to retract a user id, once it has been send to the public
+(i.e. to a keyserver).  In that case you better use @code{revuid}.
 
- at item delsig
- at opindex keyedit:delsig
-Delete a signature. Note that it is not possible to retract a signature,
-once it has been send to the public (i.e. to a keyserver).  In that case
-you better use @code{revsig}.
-
 @item revuid
 @opindex keyedit:revuid
-Revoke a user id.
+Revoke a user ID or photographic user ID.
 
- at item addkey
- at opindex keyedit:addkey
-Add a subkey to this key.
-
- at item addcardkey
- at opindex keyedit:addcardkey
-Generate a key on a card and add it to this key.
-
- at item keytocard
- at opindex keyedit:keytocard
-Transfer the selected secret key (or the primary key if no key has been
-selected) to a smartcard. The secret key in the keyring will be replaced
-by a stub if the key could be stored successfully on the card and you
-use the save command later. Only certain key types may be transferred to
-the card. A sub menu allows you to select on what card to store the
-key. Note that it is not possible to get that key back from the card -
-if the card gets broken your secret key will be lost unless you have a
-backup somewhere.
-
- at item bkuptocard @code{file}
- at opindex keyedit:bkuptocard
-Restore the given file to a card. This command may be used to restore a
-backup key (as generated during card initialization) to a new card. In
-almost all cases this will be the encryption key. You should use this
-command only with the corresponding public key and make sure that the
-file given as argument is indeed the backup to restore. You should then
-select 2 to restore as encryption key.  You will first be asked to enter
-the passphrase of the backup key and then for the Admin PIN of the card.
-
- at item delkey
- at opindex keyedit:delkey
-Remove a subkey (secondart key). Note that it is not possible to retract
-a subkey, once it has been send to the public (i.e. to a keyserver).  In
-that case you better use @code{revkey}.
-
- at item addrevoker
- at opindex keyedit:addrevoker
-Add a designated revoker. This takes one optional argument:
-"sensitive". If a designated revoker is marked as sensitive, it will not
-be exported by default (see export-options).
-
- at item revkey
- at opindex keyedit:revkey
-Revoke a subkey.
-
- at item expire
- at opindex keyedit:expire
-Change the key expiration time. If a subkey is selected, the
-expiration time of this subkey will be changed. With no selection,
-the key expiration of the primary key is changed.
-
- at item passwd
- at opindex keyedit:passwd
-Change the passphrase of the secret key.
-
 @item primary
 @opindex keyedit:primary
 Flag the current user id as the primary one, removes the primary user
@@ -735,25 +686,22 @@
 regular user ID as primary makes it primary over other regular user
 IDs.
 
- at item uid @code{n}
- at opindex keyedit:uid
-Toggle selection of user id with index @code{n}.
-Use 0 to deselect all.
+ at item keyserver
+ at opindex keyedit:keyserver
+Set a preferred keyserver for the specified user ID(s). This allows
+other users to know where you prefer they get your key from. See
+ at option{--keyserver-options honor-keyserver-url} for more on how this
+works.  Setting a value of "none" removes an existing preferred
+keyserver.
 
- at item key @code{n}
- at opindex keyedit:key
-Toggle selection of subkey with index @code{n}.
-Use 0 to deselect all.
+ at item notation
+ at opindex keyedit:notation
+Set a name=value notation for the specified user ID(s). See
+ at option{--cert-notation} for more on how this works. Setting a value of
+"none" removes all notations, setting a notation prefixed with a minus
+sign (-) removes that notation, and setting a notation name (without the
+=value) prefixed with a minus sign removes all notations with that name.
 
- at item check
- at opindex keyedit:check
-Check all selected user ids.
-
- at item showphoto
- at opindex keyedit:showphoto
-Display the selected photographic user
-id.
-
 @item pref
 @opindex keyedit:pref
 List preferences from the selected user ID. This shows the actual
@@ -790,22 +738,73 @@
 on the preference list of every recipient key.  See also the
 INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS section below.
 
- at item keyserver
- at opindex keyedit:keyserver
-Set a preferred keyserver for the specified user ID(s). This allows
-other users to know where you prefer they get your key from. See
- at option{--keyserver-options honor-keyserver-url} for more on how this
-works.  Setting a value of "none" removes an existing preferred
-keyserver.
+ at item addkey
+ at opindex keyedit:addkey
+Add a subkey to this key.
 
- at item notation
- at opindex keyedit:notation
-Set a name=value notation for the specified user ID(s). See
- at option{--cert-notation} for more on how this works. Setting a value of
-"none" removes all notations, setting a notation prefixed with a minus
-sign (-) removes that notation, and setting a notation name (without the
-=value) prefixed with a minus sign removes all notations with that name.
+ at item addcardkey
+ at opindex keyedit:addcardkey
+Generate a subkey on a card and add it to this key.
 
+ at item keytocard
+ at opindex keyedit:keytocard
+Transfer the selected secret subkey (or the primary key if no subkey
+has been selected) to a smartcard. The secret key in the keyring will
+be replaced by a stub if the key could be stored successfully on the
+card and you use the save command later. Only certain key types may be
+transferred to the card. A sub menu allows you to select on what card
+to store the key. Note that it is not possible to get that key back
+from the card - if the card gets broken your secret key will be lost
+unless you have a backup somewhere.
+
+ at item bkuptocard @code{file}
+ at opindex keyedit:bkuptocard
+Restore the given file to a card. This command may be used to restore a
+backup key (as generated during card initialization) to a new card. In
+almost all cases this will be the encryption key. You should use this
+command only with the corresponding public key and make sure that the
+file given as argument is indeed the backup to restore. You should then
+select 2 to restore as encryption key.  You will first be asked to enter
+the passphrase of the backup key and then for the Admin PIN of the card.
+
+ at item delkey
+ at opindex keyedit:delkey
+Remove a subkey (secondart key). Note that it is not possible to retract
+a subkey, once it has been send to the public (i.e. to a keyserver).  In
+that case you better use @code{revkey}.
+
+ at item revkey
+ at opindex keyedit:revkey
+Revoke a subkey.
+
+ at item expire
+ at opindex keyedit:expire
+Change the key or subkey expiration time. If a subkey is selected, the
+expiration time of this subkey will be changed. With no selection, the
+key expiration of the primary key is changed.
+
+ at item trust
+ at opindex keyedit:trust
+Change the owner trust value for the key. This updates the trust-db
+immediately and no save is required.
+
+ at item disable
+ at itemx enable
+ at opindex keyedit:disable
+ at opindex keyedit:enable
+Disable or enable an entire key. A disabled key can not normally be
+used for encryption.
+
+ at item addrevoker
+ at opindex keyedit:addrevoker
+Add a designated revoker to the key. This takes one optional argument:
+"sensitive". If a designated revoker is marked as sensitive, it will
+not be exported by default (see export-options).
+
+ at item passwd
+ at opindex keyedit:passwd
+Change the passphrase of the secret key.
+
 @item toggle
 @opindex keyedit:toggle
 Toggle between public and secret key listing.
@@ -829,7 +828,9 @@
 Add cross-certification signatures to signing subkeys that may not
 currently have them. Cross-certification signatures protect against a
 subtle attack against signing subkeys. See
- at option{--require-cross-certification}.
+ at option{--require-cross-certification}.  All new keys generated have
+this signature by default, so this option is only useful to bring
+older keys up to date.
 
 @item save
 @opindex keyedit:save



From cvs at cvs.gnupg.org  Tue Aug 25 22:00:24 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 25 Aug 2009 22:00:24 +0200
Subject: [svn] GnuPG - r5127 - in branches/STABLE-BRANCH-1-4: include
	keyserver util
Message-ID: <E1Mg0oo-0004WT-B7@lists.gnupg.com>

Author: wk
Date: 2009-08-25 22:00:24 +0200 (Tue, 25 Aug 2009)
New Revision: 5127

Added:
   branches/STABLE-BRANCH-1-4/keyserver/ksmalloc.c
Modified:
   branches/STABLE-BRANCH-1-4/include/ChangeLog
   branches/STABLE-BRANCH-1-4/include/compat.h
   branches/STABLE-BRANCH-1-4/keyserver/ChangeLog
   branches/STABLE-BRANCH-1-4/keyserver/Makefile.am
   branches/STABLE-BRANCH-1-4/keyserver/curl-shim.c
   branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c
   branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c
   branches/STABLE-BRANCH-1-4/keyserver/ksutil.h
   branches/STABLE-BRANCH-1-4/util/ChangeLog
   branches/STABLE-BRANCH-1-4/util/compat.c
Log:
Restructured the compat functions and changed its license.
New fucntion xstrconcat for future use.


Modified: branches/STABLE-BRANCH-1-4/include/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/include/ChangeLog	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/include/ChangeLog	2009-08-25 20:00:24 UTC (rev 5127)
@@ -1,3 +1,7 @@
+2009-08-25  Werner Koch  <wk at g10code.com>
+
+	* compat.h: Add xstrconcat.
+
 2009-08-11  David Shaw  <dshaw at jabberwocky.com>
 
 	* util.h: Add string_to_utf8() from GPA.

Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog	2009-08-25 20:00:24 UTC (rev 5127)
@@ -1,3 +1,11 @@
+2009-08-25  Werner Koch  <wk at g10code.com>
+
+	* ksmalloc.c: New
+	(xtrymalloc, xfree): New.
+	* Makefile.am (gpgkeys_ldap_SOURCES, gpgkeys_curl_SOURCES):
+	(gpgkeys_hkp_SOURCES): Add ksmalloc.c.
+	* gpgkeys_hkp.c, gpgkeys_ldap.c: s/malloc/xtrymalloc/.
+
 2009-07-06  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the

Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/util/ChangeLog	2009-08-25 20:00:24 UTC (rev 5127)
@@ -1,3 +1,9 @@
+2009-08-25  Werner Koch  <wk at g10code.com>
+
+	* compat.c: Change license to all-permissive.  The GPL and the
+	exception does no make sense here.
+	(do_strconcat, xstrconcat): New.
+
 2009-08-18  Werner Koch  <wk at g10code.com>
 
 	* iobuf.c (fd_cache_close): Change debug printf format assuming

Modified: branches/STABLE-BRANCH-1-4/include/compat.h
===================================================================
--- branches/STABLE-BRANCH-1-4/include/compat.h	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/include/compat.h	2009-08-25 20:00:24 UTC (rev 5127)
@@ -15,4 +15,11 @@
 char *strsep (char **stringp, const char *delim);
 #endif
 
+#if __GNUC__ >= 4 
+char *xstrconcat (const char *s1, ...) __attribute__ ((sentinel(0)));
+#else
+char *xstrconcat (const char *s1, ...);
+#endif
+
+
 #endif /* !_COMPAT_H_ */

Modified: branches/STABLE-BRANCH-1-4/keyserver/Makefile.am
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/Makefile.am	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/Makefile.am	2009-08-25 20:00:24 UTC (rev 5127)
@@ -27,10 +27,10 @@
 gpglibexec_SCRIPTS = @GPGKEYS_MAILTO@
 noinst_SCRIPTS = gpgkeys_test
 
-gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
-gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
+gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h ksmalloc.c
+gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h ksmalloc.c
 gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
-gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
+gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h ksmalloc.c
 
 other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
 

Modified: branches/STABLE-BRANCH-1-4/keyserver/curl-shim.c
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/curl-shim.c	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/curl-shim.c	2009-08-25 20:00:24 UTC (rev 5127)
@@ -288,7 +288,7 @@
   else
     len=strlen(str);
 
-  enc=malloc(len+1);
+  enc = xtrymalloc(len+1);
   if(!enc)
     return enc;
 

Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c	2009-08-25 20:00:24 UTC (rev 5127)
@@ -106,7 +106,7 @@
   char *key=NULL,*encoded_key=NULL;
   size_t keysize=1;
 
-  key=malloc(1);
+  key = xtrymalloc(1);
   if(!key)
     {
       fprintf(console,"gpgkeys: unable to allocate memory for key\n");
@@ -179,7 +179,7 @@
 
   free(key);
 
-  key=malloc(8+strlen(encoded_key)+1);
+  key=xtrymalloc(8+strlen(encoded_key)+1);
   if(!key)
     {
       fprintf(console,"gpgkeys: out of memory\n");
@@ -324,7 +324,7 @@
       goto fail;
     }
 
-  request=malloc(MAX_URL+60+strlen(searchkey_encoded));
+  request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
   if(!request)
     {
       fprintf(console,"gpgkeys: out of memory\n");
@@ -408,7 +408,7 @@
       goto fail;
     }
 
-  request=malloc(MAX_URL+60+strlen(searchkey_encoded));
+  request=xtrymalloc(MAX_URL+60+strlen(searchkey_encoded));
   if(!request)
     {
       fprintf(console,"gpgkeys: out of memory\n");
@@ -519,7 +519,7 @@
       char *newname,*newport;
 
       newname=strdup(srvlist->target);
-      newport=malloc(MAX_PORT);
+      newport=xtrymalloc(MAX_PORT);
       if(newname && newport)
 	{
 	  free(opt->host);
@@ -803,7 +803,7 @@
 	      if(line[0]=='\n' || line[0]=='\0')
 		break;
 
-	      work=malloc(sizeof(struct keylist));
+	      work=xtrymalloc(sizeof(struct keylist));
 	      if(work==NULL)
 		{
 		  fprintf(console,"gpgkeys: out of memory while "
@@ -909,7 +909,7 @@
 	  keyptr=keyptr->next;
 	}
 
-      searchkey=malloc(len+1);
+      searchkey=xtrymalloc(len+1);
       if(searchkey==NULL)
 	{
 	  ret=KEYSERVER_NO_MEMORY;

Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c	2009-08-25 20:00:24 UTC (rev 5127)
@@ -147,7 +147,7 @@
 static int
 add_key_to_keylist(const char *key,struct keylist **list)
 {
-  struct keylist *keyptr=malloc(sizeof(struct keylist));
+  struct keylist *keyptr=xtrymalloc(sizeof(struct keylist));
 
   if(keyptr==NULL)
     {
@@ -320,14 +320,14 @@
 	return 0;
 
       *modlist=grow;
-      grow[nummods]=malloc(sizeof(LDAPMod));
+      grow[nummods]=xtrymalloc(sizeof(LDAPMod));
       if(!grow[nummods])
 	return 0;
       grow[nummods]->mod_op=LDAP_MOD_REPLACE;
       grow[nummods]->mod_type=attr;
       if(value)
 	{
-	  grow[nummods]->mod_values=malloc(sizeof(char *)*2);
+	  grow[nummods]->mod_values=xtrymalloc(sizeof(char *)*2);
 	  if(!grow[nummods]->mod_values)
 	    {
 	      grow[nummods]=NULL;
@@ -586,7 +586,7 @@
   char keyid[17],state[6];
   LDAPMod **modlist,**addlist,**ml;
 
-  modlist=malloc(sizeof(LDAPMod *));
+  modlist=xtrymalloc(sizeof(LDAPMod *));
   if(!modlist)
     {
       fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
@@ -596,7 +596,7 @@
 
   *modlist=NULL;
 
-  addlist=malloc(sizeof(LDAPMod *));
+  addlist=xtrymalloc(sizeof(LDAPMod *));
   if(!addlist)
     {
       fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
@@ -647,7 +647,7 @@
       goto fail;
     }
 
-  dn=malloc(strlen("pgpCertID=")+16+1+strlen(basekeyspacedn)+1);
+  dn=xtrymalloc(strlen("pgpCertID=")+16+1+strlen(basekeyspacedn)+1);
   if(dn==NULL)
     {
       fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
@@ -657,7 +657,7 @@
 
   sprintf(dn,"pgpCertID=%s,%s",keyid,basekeyspacedn);
 
-  key=malloc(1);
+  key=xtrymalloc(1);
   if(!key)
     {
       fprintf(console,"gpgkeys: unable to allocate memory for key\n");
@@ -812,7 +812,7 @@
   attrs[0]=&mod;
   attrs[1]=NULL;
 
-  dn=malloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1);
+  dn=xtrymalloc(strlen("pgpCertid=virtual,")+strlen(basekeyspacedn)+1);
   if(dn==NULL)
     {
       fprintf(console,"gpgkeys: can't allocate memory for keyserver record\n");
@@ -823,7 +823,7 @@
   strcpy(dn,"pgpCertid=virtual,");
   strcat(dn,basekeyspacedn);
 
-  key[0]=malloc(1);
+  key[0]=xtrymalloc(1);
   if(key[0]==NULL)
     {
       fprintf(console,"gpgkeys: unable to allocate memory for key\n");
@@ -1308,7 +1308,7 @@
 		 "pgpkeysize","pgpkeytype",NULL};
   enum ks_search_type search_type;
 
-  search=malloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
+  search=xtrymalloc(2+1+9+1+3+strlen(searchkey)+3+1+15+14+1+1+20);
   if(!search)
     {
       fprintf(console,"gpgkeys: out of memory when building search list\n");
@@ -1671,7 +1671,7 @@
 	      LDAPMessage *si_res;
 	      char *object;
 
-	      object=malloc(17+strlen(context[i])+1);
+	      object=xtrymalloc(17+strlen(context[i])+1);
 	      if(!object)
 		return -1;
 
@@ -2042,7 +2042,7 @@
 	      if(line[0]=='\n' || line[0]=='\0')
 		break;
 
-	      work=malloc(sizeof(struct keylist));
+	      work=xtrymalloc(sizeof(struct keylist));
 	      if(work==NULL)
 		{
 		  fprintf(console,"gpgkeys: out of memory while "
@@ -2326,7 +2326,7 @@
 	  keyptr=keyptr->next;
 	}
 
-      searchkey=malloc((len*3)+1);
+      searchkey=xtrymalloc((len*3)+1);
       if(searchkey==NULL)
 	{
 	  ret=KEYSERVER_NO_MEMORY;

Added: branches/STABLE-BRANCH-1-4/keyserver/ksmalloc.c
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/ksmalloc.c	                        (rev 0)
+++ branches/STABLE-BRANCH-1-4/keyserver/ksmalloc.c	2009-08-25 20:00:24 UTC (rev 5127)
@@ -0,0 +1,32 @@
+/* ksmalloc.c - Walloc wrapper
+ * Copyright (C) 2009 Free Software Foundation, Inc.
+ *
+ * The origin of this code is GnuPG.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include <stdlib.h>
+
+/* A wrapper around malloc because libcompat requires it.  */
+void *
+xtrymalloc (size_t n)
+{
+  return malloc (n);
+}
+
+
+/* A wrapper around free becuase we are used to it.  */
+void
+xfree (void *p)
+{
+  if (p)
+    free (p);
+}
+

Modified: branches/STABLE-BRANCH-1-4/keyserver/ksutil.h
===================================================================
--- branches/STABLE-BRANCH-1-4/keyserver/ksutil.h	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/keyserver/ksutil.h	2009-08-25 20:00:24 UTC (rev 5127)
@@ -136,4 +136,9 @@
 size_t curl_writer(const void *ptr,size_t size,size_t nmemb,void *cw_ctx);
 void curl_writer_finalize(struct curl_writer_ctx *ctx);
 
+
+/* -- From ksmalloc.c or ../include/memory.h -- */
+void *xtrymalloc (size_t n);
+void xfree (void *p);
+
 #endif /* !_KSUTIL_H_ */

Modified: branches/STABLE-BRANCH-1-4/util/compat.c
===================================================================
--- branches/STABLE-BRANCH-1-4/util/compat.c	2009-08-24 22:21:39 UTC (rev 5126)
+++ branches/STABLE-BRANCH-1-4/util/compat.c	2009-08-25 20:00:24 UTC (rev 5127)
@@ -1,5 +1,42 @@
+/* compat.c - Simple compatibility functions
+ * Copyright (C) 2006, 2007, 2009 Free Software Foundation, Inc.
+ *
+ * The origin of this code is GnuPG.
+ *
+ * This file is free software; as a special exception the author gives
+ * unlimited permission to copy and/or distribute it, with or without
+ * modifications, as long as this notice is preserved.
+ *
+ * This file is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * History:
+ * 2006-09-28 dshaw  Created.  Added function hextobyte from GnuPG.
+ * 2007-04-16 dshaw  Added ascii_toupper, ascii_tolower, ascii_strcasecmp,
+ *                   ascii_strncasecmp from GnuPG.
+ * 2009-08-25 wk     License changed by GnuPG maintainer from GPL with 
+ *                   OpenSSL exception to this all permissive license.
+ * 2009-08-25 wk     Wrote new function xstrconcat.
+ */
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
 #include <sys/types.h>
 
+/* We require an external malloc function named xtrymalloc.  */
+void *xtrymalloc (size_t n);
+
+
+#ifndef DIM
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#endif
+
+
+
 int
 hextobyte (const char *s)
 {
@@ -92,3 +129,73 @@
   
   return c1 - c2;
 }
+
+
+static char *
+do_strconcat (const char *s1, va_list arg_ptr)
+{
+  const char *argv[48];
+  size_t argc;
+  size_t needed;
+  char *buffer, *p;
+  const char *r;
+
+  argc = 0;
+  argv[argc++] = s1;
+  needed = strlen (s1);
+  while (((argv[argc] = va_arg (arg_ptr, const char *))))
+    {
+      needed += strlen (argv[argc]);
+      if (argc >= DIM (argv)-1)
+        {
+          errno = EINVAL;
+          return NULL;
+        }
+      argc++;
+    }
+  needed++;
+  buffer = xtrymalloc (needed);
+  if (buffer)
+    {
+      for (p = buffer, argc=0; argv[argc]; argc++)
+        {
+          for (r = argv[argc]; *r; )
+            *p++ = *r++;
+          *p = 0;
+        }
+    }
+  return buffer;
+}
+
+
+/* Concatenate the string S1 with all the following strings up to a
+   NULL.  Returns a malloced buffer.  */
+char *
+xstrconcat (const char *s1, ...)
+{
+  va_list arg_ptr;
+  char *result;
+
+  if (!s1)
+    {
+      result = xtrymalloc (1);
+      if (result)
+        *result = 0;
+    }
+  else
+    {
+      va_start (arg_ptr, s1);
+      result = do_strconcat (s1, arg_ptr);
+      va_end (arg_ptr);
+    }
+  if (!result)
+    {
+      if (errno == EINVAL)
+        fputs ("\nfatal: too many args for xstrconcat\n", stderr);
+      else
+        fputs ("\nfatal: out of memory\n", stderr);
+      exit (2);
+    }
+  return result;
+}
+



From cvs at cvs.gnupg.org  Tue Aug 25 22:19:37 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue, 25 Aug 2009 22:19:37 +0200
Subject: [svn] GnuPG -  r5128 - trunk/jnlib
Message-ID: <E1Mg17O-0004wZ-3f@lists.gnupg.com>

Author: wk
Date: 2009-08-25 22:19:37 +0200 (Tue, 25 Aug 2009)
New Revision: 5128

Modified:
   trunk/jnlib/ChangeLog
   trunk/jnlib/stringhelp.c
   trunk/jnlib/stringhelp.h
   trunk/jnlib/t-stringhelp.c
   trunk/jnlib/types.h
Log:
New fucntions strconcat and xstrconcat.


Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog	2009-08-25 20:00:24 UTC (rev 5127)
+++ trunk/jnlib/ChangeLog	2009-08-25 20:19:37 UTC (rev 5128)
@@ -1,3 +1,12 @@
+2009-08-25  Werner Koch  <wk at g10code.com>
+
+	* stringhelp.c: Include errno.h.
+	(do_strconcat): New.
+	(strconcat, xstrconcat): New.
+	* types.h (GNUPG_GCC_A_SENTINEL): New.
+	* t-stringhelp.c (test_strconcat, test_xstrconcat): New.
+	(main): Run them.
+
 2009-07-07  Werner Koch  <wk at g10code.com>
 
 	* stringhelp.c (make_filename_try): Use jnlib_malloc.

Modified: trunk/jnlib/stringhelp.c
===================================================================
--- trunk/jnlib/stringhelp.c	2009-08-25 20:00:24 UTC (rev 5127)
+++ trunk/jnlib/stringhelp.c	2009-08-25 20:19:37 UTC (rev 5128)
@@ -1,6 +1,6 @@
 /* stringhelp.c -  standard string helper functions
  * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005,
- *               2006, 2007, 2008  Free Software Foundation, Inc.
+ *               2006, 2007, 2008, 2009  Free Software Foundation, Inc.
  *
  * This file is part of JNLIB.
  *
@@ -23,6 +23,7 @@
 #include <string.h>
 #include <stdarg.h>
 #include <ctype.h>
+#include <errno.h>
 #ifdef HAVE_W32_SYSTEM
 #include <windows.h>
 #endif
@@ -956,3 +957,85 @@
 {
   return do_percent_escape (str, extra, 0);
 }
+
+
+
+static char *
+do_strconcat (const char *s1, va_list arg_ptr)
+{
+  const char *argv[48];
+  size_t argc;
+  size_t needed;
+  char *buffer, *p;
+
+  argc = 0;
+  argv[argc++] = s1;
+  needed = strlen (s1);
+  while (((argv[argc] = va_arg (arg_ptr, const char *))))
+    {
+      needed += strlen (argv[argc]);
+      if (argc >= DIM (argv)-1)
+        {
+          errno = EINVAL;
+          return NULL;
+        }
+      argc++;
+    }
+  needed++;
+  buffer = jnlib_malloc (needed);
+  if (buffer)
+    {
+      for (p = buffer, argc=0; argv[argc]; argc++)
+        p = stpcpy (p, argv[argc]);
+    }
+  return buffer;
+}
+
+
+/* Concatenate the string S1 with all the following strings up to a
+   NULL.  Returns a malloced buffer with the new string or NULL on a
+   malloc error or if too many arguments are given.  */
+char *
+strconcat (const char *s1, ...)
+{
+  va_list arg_ptr;
+  char *result;
+
+  if (!s1)
+    result = jnlib_strdup ("");
+  else
+    {
+      va_start (arg_ptr, s1);
+      result = do_strconcat (s1, arg_ptr);
+      va_end (arg_ptr);
+    }
+  return result;
+}
+
+/* Same as strconcat but terminate the process with an error message
+   if something goes wrong.  */
+char *
+xstrconcat (const char *s1, ...)
+{
+  va_list arg_ptr;
+  char *result;
+
+  if (!s1)
+    result = jnlib_xstrdup ("");
+  else
+    {
+      va_start (arg_ptr, s1);
+      result = do_strconcat (s1, arg_ptr);
+      va_end (arg_ptr);
+    }
+  if (!result)
+    {
+      if (errno == EINVAL)
+        fputs ("\nfatal: too many args for xstrconcat\n", stderr);
+      else
+        fputs ("\nfatal: out of memory\n", stderr);
+      exit (2);
+    }
+  return result;
+}
+

Modified: trunk/jnlib/stringhelp.h
===================================================================
--- trunk/jnlib/stringhelp.h	2009-08-25 20:00:24 UTC (rev 5127)
+++ trunk/jnlib/stringhelp.h	2009-08-25 20:19:37 UTC (rev 5128)
@@ -1,6 +1,6 @@
 /* stringhelp.h
  * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2006, 2007  Free Software Foundation, Inc.
+ *               2006, 2007, 2009  Free Software Foundation, Inc.
  *
  * This file is part of JNLIB.
  *
@@ -124,4 +124,13 @@
 char *try_percent_escape (const char *str, const char *extra);
 
 
+/* Concatenate the string S1 with all the following strings up to a
+   NULL.  Returns a malloced buffer with the new string or NULL on a
+   malloc error or if too many arguments are given.  */
+char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
+/* Ditto, but die on error.  */
+char *xstrconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0);
+
+
+
 #endif /*LIBJNLIB_STRINGHELP_H*/

Modified: trunk/jnlib/t-stringhelp.c
===================================================================
--- trunk/jnlib/t-stringhelp.c	2009-08-25 20:00:24 UTC (rev 5127)
+++ trunk/jnlib/t-stringhelp.c	2009-08-25 20:19:37 UTC (rev 5128)
@@ -21,6 +21,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 
 #include "stringhelp.h"
 
@@ -118,6 +119,148 @@
 }
 
 
+static void
+test_strconcat (void)
+{
+  char *out;
+
+  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", NULL);
+  if (!out)
+    fail (0);
+  else
+    xfree (out);
+  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", NULL);
+  if (out)
+    fail (0);
+  else if (errno != EINVAL)
+    fail (0);
+
+  out = strconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", NULL);
+  if (out)
+    fail (0);
+  else if (errno != EINVAL)
+    fail (0);
+  
+#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute.  */
+  out = strconcat (NULL);
+  if (!out || *out)
+    fail (1);
+#endif
+  out = strconcat (NULL, NULL);
+  if (!out || *out)
+    fail (1);
+  out = strconcat ("", NULL);
+  if (!out || *out)
+    fail (1);
+  xfree (out);
+
+  out = strconcat ("", "", NULL);
+  if (!out || *out)
+    fail (2);
+  xfree (out);
+
+  out = strconcat ("a", "b", NULL);
+  if (!out || strcmp (out, "ab"))
+    fail (3);
+  xfree (out);
+  out = strconcat ("a", "b", "c", NULL);
+  if (!out || strcmp (out, "abc"))
+    fail (3);
+  xfree (out);
+
+  out = strconcat ("a", "b", "cc", NULL);
+  if (!out || strcmp (out, "abcc"))
+    fail (4);
+  xfree (out);
+  out = strconcat ("a1", "b1", "c1", NULL);
+  if (!out || strcmp (out, "a1b1c1"))
+    fail (4);
+  xfree (out);
+
+  out = strconcat ("", " long b ", "", "--even-longer--", NULL);
+  if (!out || strcmp (out, " long b --even-longer--"))
+    fail (5);
+  xfree (out);
+
+  out = strconcat ("", " long b ", "", "--even-longer--", NULL);
+  if (!out || strcmp (out, " long b --even-longer--"))
+    fail (5);
+  xfree (out);
+}
+
+static void
+test_xstrconcat (void)
+{
+  char *out;
+
+  out = xstrconcat ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                   "1", "2", "3", "4", "5", "6", "7", NULL);
+  if (!out)
+    fail (0);
+
+#if __GNUC__ < 4 /* gcc 4.0 has a sentinel attribute.  */
+  out = xstrconcat (NULL);
+  if (!out)
+    fail (1);
+#endif
+  out = xstrconcat (NULL, NULL);
+  if (!out)
+    fail (1);
+  out = xstrconcat ("", NULL);
+  if (!out || *out)
+    fail (1);
+  xfree (out);
+
+  out = xstrconcat ("", "", NULL);
+  if (!out || *out)
+    fail (2);
+  xfree (out);
+
+  out = xstrconcat ("a", "b", NULL);
+  if (!out || strcmp (out, "ab"))
+    fail (3);
+  xfree (out);
+  out = xstrconcat ("a", "b", "c", NULL);
+  if (!out || strcmp (out, "abc"))
+    fail (3);
+  xfree (out);
+
+  out = xstrconcat ("a", "b", "cc", NULL);
+  if (!out || strcmp (out, "abcc"))
+    fail (4);
+  xfree (out);
+  out = xstrconcat ("a1", "b1", "c1", NULL);
+  if (!out || strcmp (out, "a1b1c1"))
+    fail (4);
+  xfree (out);
+
+  out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
+  if (!out || strcmp (out, " long b --even-longer--"))
+    fail (5);
+  xfree (out);
+
+  out = xstrconcat ("", " long b ", "", "--even-longer--", NULL);
+  if (!out || strcmp (out, " long b --even-longer--"))
+    fail (5);
+  xfree (out);
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -126,6 +269,8 @@
 
   test_percent_escape ();
   test_compare_filenames ();
+  test_strconcat ();
+  test_xstrconcat ();
 
   return 0;
 }

Modified: trunk/jnlib/types.h
===================================================================
--- trunk/jnlib/types.h	2009-08-25 20:00:24 UTC (rev 5127)
+++ trunk/jnlib/types.h	2009-08-25 20:19:37 UTC (rev 5128)
@@ -99,4 +99,16 @@
 #  endif
 #endif
 
+
+/* Some GCC attributes.  Note that we use also define some in
+   mischelp.h, but this header and types.h are not always included.
+   Should eventually be put into one file (e.g. nlib-common.h).  */
+#if __GNUC__ >= 4 
+# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a)))
+#else
+# define GNUPG_GCC_A_SENTINEL(a) 
+#endif
+
+
+
 #endif /*LIBJNLIB_TYPES_H*/



From cvs at cvs.gnupg.org  Wed Aug 26 08:46:02 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 08:46:02 +0200
Subject: [svn] GnuPG -  r5129 - trunk/g10
Message-ID: <E1MgAtW-00005d-VE@lists.gnupg.com>

Author: wk
Date: 2009-08-26 08:46:02 +0200 (Wed, 26 Aug 2009)
New Revision: 5129

Modified:
   trunk/g10/ChangeLog
   trunk/g10/keyedit.c
Log:
Fix debian bug#543530


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-25 20:19:37 UTC (rev 5128)
+++ trunk/g10/ChangeLog	2009-08-26 06:46:02 UTC (rev 5129)
@@ -1,3 +1,8 @@
+2009-08-26  Werner Koch  <wk at g10code.com>
+
+	* keyedit.c (menu_revsig): Check for signature right away.  Fix
+	Debian-bug#543530.
+
 2009-08-20  Daiki Ueno  <ueno at unixuser.org>
 
 	* mainproc.c (proc_encrypted): Clear passphrase cached with S2K

Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c	2009-08-25 20:19:37 UTC (rev 5128)
+++ trunk/g10/keyedit.c	2009-08-26 06:46:02 UTC (rev 5129)
@@ -4719,6 +4719,36 @@
 
     assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
 
+    /* First check whether we have any signatures at all.  */
+    any = 0;
+    for (node = keyblock; node; node = node->next ) 
+      {
+	node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
+	if (node->pkt->pkttype == PKT_USER_ID) {
+          if (node->flag&NODFLG_SELUID || all)
+            skip = 0;
+          else
+            skip = 1;
+	}
+	else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
+                 && ((sig = node->pkt->pkt.signature),
+                     !seckey_available(sig->keyid)     ))
+	  {
+	    if ((sig->sig_class&~3) == 0x10)
+	      {
+                any = 1;
+                break;
+              }
+	  }
+      }
+
+    if (!any)
+      {
+        tty_printf (_("Not signed by you.\n"));
+        return 0;
+      }
+    
+
     /* FIXME: detect duplicates here  */
     tty_printf(_("You have signed these user IDs on key %s:\n"),
 	       keystr_from_pk(keyblock->pkt->pkt.public_key));



From cvs at cvs.gnupg.org  Wed Aug 26 08:48:46 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 08:48:46 +0200
Subject: [svn] GnuPG -  r5130 - branches/STABLE-BRANCH-1-4/g10
Message-ID: <E1MgAw9-0000Dk-H2@lists.gnupg.com>

Author: wk
Date: 2009-08-26 08:48:45 +0200 (Wed, 26 Aug 2009)
New Revision: 5130

Modified:
   branches/STABLE-BRANCH-1-4/g10/ChangeLog
   branches/STABLE-BRANCH-1-4/g10/keyedit.c
Log:
Fix debian bug#543530


Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-26 06:46:02 UTC (rev 5129)
+++ branches/STABLE-BRANCH-1-4/g10/ChangeLog	2009-08-26 06:48:45 UTC (rev 5130)
@@ -1,3 +1,8 @@
+2009-08-26  Werner Koch  <wk at g10code.com>
+
+	* keyedit.c (menu_revsig): Check for signature right away.  Fix
+	Debian-bug#543530.
+
 2009-08-13  Werner Koch  <wk at g10code.com>
 
 	* cardglue.h: Add new error code mappings.

Modified: branches/STABLE-BRANCH-1-4/g10/keyedit.c
===================================================================
--- branches/STABLE-BRANCH-1-4/g10/keyedit.c	2009-08-26 06:46:02 UTC (rev 5129)
+++ branches/STABLE-BRANCH-1-4/g10/keyedit.c	2009-08-26 06:48:45 UTC (rev 5130)
@@ -4682,6 +4682,36 @@
 
     assert(keyblock->pkt->pkttype==PKT_PUBLIC_KEY);
 
+    /* First check whether we have any signatures at all.  */
+    any = 0;
+    for (node = keyblock; node; node = node->next ) 
+      {
+	node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
+	if (node->pkt->pkttype == PKT_USER_ID) {
+          if (node->flag&NODFLG_SELUID || all)
+            skip = 0;
+          else
+            skip = 1;
+	}
+	else if (!skip && node->pkt->pkttype == PKT_SIGNATURE
+                 && ((sig = node->pkt->pkt.signature),
+                     !seckey_available(sig->keyid)     ))
+	  {
+	    if ((sig->sig_class&~3) == 0x10)
+	      {
+                any = 1;
+                break;
+              }
+	  }
+      }
+
+    if (!any)
+      {
+        tty_printf (_("Not signed by you.\n"));
+        return 0;
+      }
+
+
     /* FIXME: detect duplicates here  */
     tty_printf(_("You have signed these user IDs on key %s:\n"),
 	       keystr_from_pk(keyblock->pkt->pkt.public_key));



From cvs at cvs.gnupg.org  Wed Aug 26 10:55:57 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 10:55:57 +0200
Subject: [svn] GnuPG -  r5131 - trunk/jnlib
Message-ID: <E1MgCvD-0004hd-BC@lists.gnupg.com>

Author: wk
Date: 2009-08-26 10:55:57 +0200 (Wed, 26 Aug 2009)
New Revision: 5131

Modified:
   trunk/jnlib/ChangeLog
   trunk/jnlib/stringhelp.c
   trunk/jnlib/stringhelp.h
   trunk/jnlib/t-stringhelp.c
   trunk/jnlib/t-support.c
Log:
Implement tilde expansion in the same was as 1.4.


Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog	2009-08-26 06:48:45 UTC (rev 5130)
+++ trunk/jnlib/ChangeLog	2009-08-26 08:55:57 UTC (rev 5131)
@@ -1,3 +1,15 @@
+2009-08-26  Werner Koch  <wk at g10code.com>
+
+	* stringhelp.c [HAVE_PWD_H]: Include pwd.h.
+	(do_make_filename): New.
+	(make_filename, make_filename_try): Implement using the new
+	function.
+	* t-stringhelp.c (test_make_filename_try): New.
+	* t-support.c (gcry_strdup): Fix.
+
+	* stringhelp.h (make_filename, make_filename_try): Add sentinel
+	attribute.
+
 2009-08-25  Werner Koch  <wk at g10code.com>
 
 	* stringhelp.c: Include errno.h.

Modified: trunk/jnlib/stringhelp.c
===================================================================
--- trunk/jnlib/stringhelp.c	2009-08-26 06:48:45 UTC (rev 5130)
+++ trunk/jnlib/stringhelp.c	2009-08-26 08:55:57 UTC (rev 5131)
@@ -24,8 +24,13 @@
 #include <stdarg.h>
 #include <ctype.h>
 #include <errno.h>
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+#endif
+#include <unistd.h>
+#include <sys/types.h>
 #ifdef HAVE_W32_SYSTEM
-#include <windows.h>
+# include <windows.h>
 #endif
 
 #include "libjnlib-config.h"
@@ -313,62 +318,159 @@
 
 
 
-/* Implementation of make_filename and make_filename_try.  We need to
-   use macros here to avoid the use of the sometimes problematic
-   va_copy function which is not available on all systems.  */
-#define MAKE_FILENAME_PART1                        \
-  va_list arg_ptr;                                 \
-  size_t n;                                        \
-  const char *s;                                   \
-  char *name, *home, *p;                           \
-                                                   \
-  va_start (arg_ptr, first_part);                  \
-  n = strlen (first_part) + 1;                     \
-  while ( (s = va_arg (arg_ptr, const char *)) )   \
-    n += strlen(s) + 1;                            \
-  va_end(arg_ptr);                                 \
-                                                   \
-  home = NULL;                                     \
-  if ( *first_part == '~' && first_part[1] == '/'  \
-       && (home = getenv("HOME")) && *home )       \
-    n += strlen (home);                            
+static char *
+do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
+{
+  const char *argv[32];
+  int argc;
+  size_t n; 
+  int skip = 1;
+  char *home_buffer = NULL;
+  char *name, *home, *p;                           
+       
+  n = strlen (first_part) + 1;                     
+  argc = 0;
+  while ( (argv[argc] = va_arg (arg_ptr, const char *)) )   
+    {
+      n += strlen (argv[argc]) + 1;                        
+      if (argc >= DIM (argv)-1)
+        {
+          if (xmode)
+            BUG ();
+          errno = EINVAL;
+          return NULL;
+        }
+      argc++; 
+    }
+  n++;
   
-#define MAKE_FILENAME_PART2                         \
-  p = (home                                         \
-       ? stpcpy (stpcpy (name,home), first_part + 1)\
-       : stpcpy(name, first_part));                 \
-                                                    \
-  va_start (arg_ptr, first_part);                   \
-  while ( (s = va_arg(arg_ptr, const char *)) )     \
-    p = stpcpy (stpcpy (p,"/"), s);                 \
-  va_end(arg_ptr);                                  \
+  home = NULL;                                     
+  if (*first_part == '~')
+    {
+      if (first_part[1] == '/' || !first_part[1])
+        {
+          /* This is the "~/" or "~" case.  */
+          home = getenv("HOME");
+
+#if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
+          if (!home)
+            {
+              struct passwd *pwd;
+              
+              pwd = getpwuid (getuid());
+              if (pwd)
+                {
+                  if (xmode)
+                    home_buffer = home = jnlib_xstrdup (pwd->pw_dir);
+                  else
+                    {
+                      home_buffer = home = jnlib_strdup (pwd->pw_dir);
+                      if (!home)
+                        return NULL;
+                    }
+                }
+            }
+#endif /* HAVE_GETPWUID && HAVE_PWD_H */
+
+          if (home && *home)
+            n += strlen (home);                            
+        }
+#if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
+      else
+        {
+          /* This is the "~username/" or "~username" case.  */
+          char *user;
+          struct passwd *pwd;
+
+          if (xmode)
+            user = jnlib_xstrdup (first_part+1);
+          else
+            {
+              user = jnlib_strdup (first_part+1);
+              if (!user)
+                return NULL;
+            }
+          p = strchr (user, '/');
+          if (p)
+            *p = 0;
+          skip = 1 + strlen (user);
+
+          /* Fixme: Use getwpnam_r if available.  */
+          pwd = getpwnam (user);
+          jnlib_free (user);
+          if (pwd)
+            {
+              if (xmode)
+                home_buffer = home = jnlib_xstrdup (pwd->pw_dir);
+              else
+                {
+                  home_buffer = home = jnlib_strdup (pwd->pw_dir);
+                  if (!home)
+                    return NULL;
+                }
+            }
+          if (home)
+            n += strlen (home);
+          else
+            skip = 1;
+        }
+#endif /*HAVE_GETPWNAM && HAVE_PWD_H*/
+    }
+
+  if (xmode)
+    name = jnlib_xmalloc (n);
+  else
+    {
+      name = jnlib_malloc (n);
+      if (!name)
+        {
+          jnlib_free (home_buffer);
+          return NULL;
+        }
+    }
+  
+  if (home)
+    p = stpcpy (stpcpy (name, home), first_part + skip);
+  else
+    p = stpcpy (name, first_part);
+
+  jnlib_free (home_buffer);
+
+  for (argc=0; argv[argc]; argc++)
+    p = stpcpy (stpcpy (p, "/"), argv[argc]);
+
   return change_slashes (name);
+}
 
-
 /* Construct a filename from the NULL terminated list of parts.  Tilde
-   expansion is done here.  This function terminates the process on
-   memory shortage. */
+   expansion is done for the first argument.  This function terminates
+   the process on memory shortage. */
 char *
 make_filename (const char *first_part, ... )
 {
-  MAKE_FILENAME_PART1
-  name = jnlib_xmalloc (n);
-  MAKE_FILENAME_PART2
+  va_list arg_ptr;
+  char *result;
+
+  va_start (arg_ptr, first_part);
+  result = do_make_filename (1, first_part, arg_ptr);
+  va_end (arg_ptr);
+  return result;
 }
 
 /* Construct a filename from the NULL terminated list of parts.  Tilde
-   expansion is done here.  This function may return NULL on error. */
+   expansion is done for the first argument.  This function may return
+   NULL on error. */
 char *
 make_filename_try (const char *first_part, ... )
 {
-  MAKE_FILENAME_PART1
-  name = jnlib_malloc (n);
-  if (!name)
-    return NULL;
-  MAKE_FILENAME_PART2
+  va_list arg_ptr;
+  char *result;
+
+  va_start (arg_ptr, first_part);
+  result = do_make_filename (0, first_part, arg_ptr);
+  va_end (arg_ptr);
+  return result;
 }
-#undef MAKE_FILENAME_PART1
-#undef MAKE_FILENAME_PART2
 
 
 

Modified: trunk/jnlib/stringhelp.h
===================================================================
--- trunk/jnlib/stringhelp.h	2009-08-26 06:48:45 UTC (rev 5130)
+++ trunk/jnlib/stringhelp.h	2009-08-26 08:55:57 UTC (rev 5131)
@@ -37,8 +37,8 @@
 
 char *make_basename(const char *filepath, const char *inputpath);
 char *make_dirname(const char *filepath);
-char *make_filename( const char *first_part, ... );
-char *make_filename_try (const char *first_part, ... );
+char *make_filename( const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
+char *make_filename_try (const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0);
 int compare_filenames( const char *a, const char *b );
 
 int hextobyte (const char *s);

Modified: trunk/jnlib/t-stringhelp.c
===================================================================
--- trunk/jnlib/t-stringhelp.c	2009-08-26 06:48:45 UTC (rev 5130)
+++ trunk/jnlib/t-stringhelp.c	2009-08-26 08:55:57 UTC (rev 5131)
@@ -22,13 +22,44 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
+#ifdef HAVE_PWD_H
+# include <pwd.h>
+#endif
+#include <unistd.h>
+#include <sys/types.h>
 
 #include "stringhelp.h"
 
 #include "t-support.h"
 
 
+static char *home_buffer;
 
+
+const char *
+gethome (void)
+{
+  if (!home_buffer)
+    {
+      char *home = getenv("HOME");
+      
+#if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
+      if(home)
+        home_buffer = xstrdup (home);
+      else
+        {
+          struct passwd *pwd;
+          
+          pwd = getpwuid (getuid());
+          if (pwd)
+            home_buffer = xstrdup (pwd->pw_dir);
+        }
+#endif
+    }
+  return home_buffer;
+}
+
+
 static void
 test_percent_escape (void)
 {
@@ -261,6 +292,110 @@
 }
 
 
+static void
+test_make_filename_try (void)
+{
+  char *out;
+  const char *home = gethome ();
+  size_t homelen = home? strlen (home):0;
+
+  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", NULL);
+  if (out)
+    fail (0);
+  else if (errno != EINVAL)
+    fail (0);
+  xfree (out);
+  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", NULL);
+  if (out)
+    fail (0);
+  else if (errno != EINVAL)
+    fail (0);
+  xfree (out);
+
+  out = make_filename_try ("1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", "3", "4", "5", "6", "7", "8", "9", "10",
+                           "1", "2", NULL);
+  if (!out || strcmp (out, 
+                      "1/2/3/4/5/6/7/8/9/10/" 
+                      "1/2/3/4/5/6/7/8/9/10/" 
+                      "1/2/3/4/5/6/7/8/9/10/" 
+                      "1/2"))
+    fail (0);
+  xfree (out);
+
+  out = make_filename_try ("foo", "~/bar", "baz/cde", NULL);
+  if (!out || strcmp (out, "foo/~/bar/baz/cde"))
+    fail (1);
+  xfree (out);
+
+  out = make_filename_try ("foo", "~/bar", "baz/cde/", NULL);
+  if (!out || strcmp (out, "foo/~/bar/baz/cde/"))
+    fail (1);
+  xfree (out);
+
+  out = make_filename_try ("/foo", "~/bar", "baz/cde/", NULL);
+  if (!out || strcmp (out, "/foo/~/bar/baz/cde/"))
+    fail (1);
+  xfree (out);
+
+  out = make_filename_try ("//foo", "~/bar", "baz/cde/", NULL);
+  if (!out || strcmp (out, "//foo/~/bar/baz/cde/"))
+    fail (1);
+  xfree (out);
+
+  out = make_filename_try ("", "~/bar", "baz/cde", NULL);
+  if (!out || strcmp (out, "/~/bar/baz/cde"))
+    fail (1);
+  xfree (out);
+
+
+  out = make_filename_try ("~/foo", "bar", NULL);
+  if (!out)
+    fail (2);
+  if (home)
+    {
+      if (strlen (out) < homelen + 7)
+        fail (2);
+      if (strncmp (out, home, homelen))
+        fail (2);
+      if (strcmp (out+homelen, "/foo/bar"))
+        fail (2);
+    }
+  else
+    {
+      if (strcmp (out, "~/foo/bar"))
+        fail (2);
+    }
+  xfree (out);
+
+  out = make_filename_try ("~", "bar", NULL);
+  if (!out)
+    fail (2);
+  if (home)
+    {
+      if (strlen (out) < homelen + 3)
+        fail (2);
+      if (strncmp (out, home, homelen))
+        fail (2);
+      if (strcmp (out+homelen, "/bar"))
+        fail (2);
+    }
+  else
+    {
+      if (strcmp (out, "~/bar"))
+        fail (2);
+    }
+  xfree (out);
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -271,7 +406,9 @@
   test_compare_filenames ();
   test_strconcat ();
   test_xstrconcat ();
+  test_make_filename_try ();
 
+  xfree (home_buffer);
   return 0;
 }
 

Modified: trunk/jnlib/t-support.c
===================================================================
--- trunk/jnlib/t-support.c	2009-08-26 06:48:45 UTC (rev 5130)
+++ trunk/jnlib/t-support.c	2009-08-26 08:55:57 UTC (rev 5131)
@@ -56,7 +56,10 @@
 char *
 gcry_strdup (const char *string)
 {
-  return malloc (strlen (string)+1);
+  char *p = malloc (strlen (string)+1);
+  if (p)
+    strcpy (p, string);
+  return p;
 }
 
 



From cvs at cvs.gnupg.org  Wed Aug 26 11:24:04 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 11:24:04 +0200
Subject: [svn] GnuPG -  r5132 - trunk/jnlib
Message-ID: <E1MgDMQ-0005jK-EF@lists.gnupg.com>

Author: wk
Date: 2009-08-26 11:24:04 +0200 (Wed, 26 Aug 2009)
New Revision: 5132

Modified:
   trunk/jnlib/ChangeLog
   trunk/jnlib/stringhelp.c
Log:
Refactor new code.


Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog	2009-08-26 08:55:57 UTC (rev 5131)
+++ trunk/jnlib/ChangeLog	2009-08-26 09:24:04 UTC (rev 5132)
@@ -1,5 +1,10 @@
 2009-08-26  Werner Koch  <wk at g10code.com>
 
+	* stringhelp.c (do_make_filename): Factor some code out to ..
+	(get_pwdir): .. new.
+
+2009-08-26  Werner Koch  <wk at g10code.com>
+
 	* stringhelp.c [HAVE_PWD_H]: Include pwd.h.
 	(do_make_filename): New.
 	(make_filename, make_filename_try): Implement using the new

Modified: trunk/jnlib/stringhelp.c
===================================================================
--- trunk/jnlib/stringhelp.c	2009-08-26 08:55:57 UTC (rev 5131)
+++ trunk/jnlib/stringhelp.c	2009-08-26 09:24:04 UTC (rev 5132)
@@ -319,6 +319,38 @@
 
 
 static char *
+get_pwdir (int xmode, const char *name)
+{
+  char *result = NULL;
+#ifdef HAVE_PWD_H
+  struct passwd *pwd = NULL;
+
+  if (name)
+    {
+#ifdef HAVE_GETPWNAM
+      /* Fixme: We should use getpwnam_r if available.  */
+      pwd = getpwnam (name);
+#endif
+    }
+  else
+    {
+#ifdef HAVE_GETPWUID
+      /* Fixme: We should use getpwuid_r if available.  */
+      pwd = getpwuid (getuid());
+#endif
+    }
+  if (pwd)
+    {
+      if (xmode)
+        result = jnlib_xstrdup (pwd->pw_dir);
+      else
+        result = jnlib_strdup (pwd->pw_dir);
+    }
+#endif /*HAVE_PWD_H*/
+  return result;
+}
+
+static char *
 do_make_filename (int xmode, const char *first_part, va_list arg_ptr)
 {
   const char *argv[32];
@@ -351,37 +383,16 @@
         {
           /* This is the "~/" or "~" case.  */
           home = getenv("HOME");
-
-#if defined(HAVE_GETPWUID) && defined(HAVE_PWD_H)
           if (!home)
-            {
-              struct passwd *pwd;
-              
-              pwd = getpwuid (getuid());
-              if (pwd)
-                {
-                  if (xmode)
-                    home_buffer = home = jnlib_xstrdup (pwd->pw_dir);
-                  else
-                    {
-                      home_buffer = home = jnlib_strdup (pwd->pw_dir);
-                      if (!home)
-                        return NULL;
-                    }
-                }
-            }
-#endif /* HAVE_GETPWUID && HAVE_PWD_H */
-
+            home = home_buffer = get_pwdir (xmode, NULL);
           if (home && *home)
             n += strlen (home);                            
         }
-#if defined(HAVE_GETPWNAM) && defined(HAVE_PWD_H)
       else
         {
           /* This is the "~username/" or "~username" case.  */
           char *user;
-          struct passwd *pwd;
-
+    
           if (xmode)
             user = jnlib_xstrdup (first_part+1);
           else
@@ -394,27 +405,14 @@
           if (p)
             *p = 0;
           skip = 1 + strlen (user);
-
-          /* Fixme: Use getwpnam_r if available.  */
-          pwd = getpwnam (user);
+          
+          home = home_buffer = get_pwdir (xmode, user);
           jnlib_free (user);
-          if (pwd)
-            {
-              if (xmode)
-                home_buffer = home = jnlib_xstrdup (pwd->pw_dir);
-              else
-                {
-                  home_buffer = home = jnlib_strdup (pwd->pw_dir);
-                  if (!home)
-                    return NULL;
-                }
-            }
           if (home)
             n += strlen (home);
           else
             skip = 1;
         }
-#endif /*HAVE_GETPWNAM && HAVE_PWD_H*/
     }
 
   if (xmode)



From cvs at cvs.gnupg.org  Wed Aug 26 12:12:18 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 12:12:18 +0200
Subject: [svn] GnuPG -  r5133 - in trunk: . g10 keyserver
Message-ID: <E1MgE75-0007I8-Mx@lists.gnupg.com>

Author: wk
Date: 2009-08-26 12:12:17 +0200 (Wed, 26 Aug 2009)
New Revision: 5133

Modified:
   trunk/configure.ac
   trunk/g10/ChangeLog
   trunk/keyserver/ChangeLog
   trunk/keyserver/ksutil.c
Log:
Expand a ~ in the ca-cert-file argument.


Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2009-08-26 09:24:04 UTC (rev 5132)
+++ trunk/g10/ChangeLog	2009-08-26 10:12:17 UTC (rev 5133)
@@ -26,7 +26,7 @@
 2009-08-05  Werner Koch  <wk at g10code.com>
 
 	* card-util.c: Enable readline support also in GnuPG-2.
-	
+
 	* call-agent.c (agent_learn): Always select the card first.
 
 	* gpg.c: Add --key-edit alias.

Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog	2009-08-26 09:24:04 UTC (rev 5132)
+++ trunk/keyserver/ChangeLog	2009-08-26 10:12:17 UTC (rev 5133)
@@ -1,3 +1,8 @@
+2009-08-26  Werner Koch  <wk at g10code.com>
+
+	* ksutil.c: Include util.h.
+	(parse_ks_options): Use make_filename_try for the ca-cert-file arg.
+
 2009-07-06  David Shaw  <dshaw at jabberwocky.com>
 
 	* gpgkeys_hkp.c (main, srv_replace): Minor tweaks to use the

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-08-26 09:24:04 UTC (rev 5132)
+++ trunk/configure.ac	2009-08-26 10:12:17 UTC (rev 5133)
@@ -1043,7 +1043,7 @@
 AC_FUNC_FORK
 AC_CHECK_FUNCS([strerror strlwr tcgetattr mmap])
 AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times gmtime_r])
-AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate])
+AC_CHECK_FUNCS([unsetenv fcntl ftruncate])
 AC_CHECK_FUNCS([gettimeofday getrusage getrlimit setrlimit clock_gettime])
 AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
 AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
@@ -1053,10 +1053,10 @@
 
 #
 # These are needed by libjnlib - fixme: we should use a jnlib.m4
-#
+# Note:  We already checked pwd.h.
 AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol])
 AC_CHECK_FUNCS([memrchr isascii timegm getrusage setrlimit stat setlocale])
-AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
+AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen getpwnam getpwuid])
 
 #
 # gnulib checks

Modified: trunk/keyserver/ksutil.c
===================================================================
--- trunk/keyserver/ksutil.c	2009-08-26 09:24:04 UTC (rev 5132)
+++ trunk/keyserver/ksutil.c	2009-08-26 10:12:17 UTC (rev 5133)
@@ -44,6 +44,7 @@
 #else
 #include "curl-shim.h"
 #endif
+#include "util.h"
 #include "keyserver.h"
 #include "ksutil.h"
 
@@ -325,7 +326,7 @@
 	  else if(start[12]=='=')
 	    {
 	      free(opt->ca_cert_file);
-	      opt->ca_cert_file=strdup(&start[13]);
+	      opt->ca_cert_file = make_filename_try (start+13, NULL);
 	      if(!opt->ca_cert_file)
 		return KEYSERVER_NO_MEMORY;
 	    }



From cvs at cvs.gnupg.org  Wed Aug 26 12:58:14 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed, 26 Aug 2009 12:58:14 +0200
Subject: [svn] GnuPG -  r5134 - trunk/keyserver
Message-ID: <E1MgEpW-0000NZ-QT@lists.gnupg.com>

Author: wk
Date: 2009-08-26 12:58:13 +0200 (Wed, 26 Aug 2009)
New Revision: 5134

Modified:
   trunk/keyserver/ChangeLog
   trunk/keyserver/gpgkeys_hkp.c
Log:
Make use of strconcat to make the code more robust against future changes.


Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog	2009-08-26 10:12:17 UTC (rev 5133)
+++ trunk/keyserver/ChangeLog	2009-08-26 10:58:13 UTC (rev 5134)
@@ -1,5 +1,11 @@
 2009-08-26  Werner Koch  <wk at g10code.com>
 
+	* gpgkeys_hkp.c: Include util.h.
+	(send_key): Use strconcat to build KEY.
+	(appendable_path): New.
+	(get_name): Use strconcat to build REQUEST.
+	(search_key): Ditto.
+
 	* ksutil.c: Include util.h.
 	(parse_ks_options): Use make_filename_try for the ca-cert-file arg.
 

Modified: trunk/keyserver/gpgkeys_hkp.c
===================================================================
--- trunk/keyserver/gpgkeys_hkp.c	2009-08-26 10:12:17 UTC (rev 5133)
+++ trunk/keyserver/gpgkeys_hkp.c	2009-08-26 10:58:13 UTC (rev 5134)
@@ -43,6 +43,7 @@
 #else
 #include "curl-shim.h"
 #endif
+#include "util.h"
 #ifdef USE_DNS_SRV
 #include "srv.h"
 #endif
@@ -94,6 +95,20 @@
   return strcat(dest,src);
 }
 
+/* Return a pointer into STRING so that appending PATH to STRING will
+   not yield a duplicated slash. */
+static const char *
+appendable_path (const char *string, const char *path)
+{
+  size_t n;
+
+  if (path[0] == '/' && (n=strlen (string)) && string[n-1] == '/')
+    return path+1;
+  else
+    return path;
+}
+
+
 int
 send_key(int *r_eof)
 {
@@ -174,7 +189,7 @@
 
   free(key);
 
-  key=malloc(8+strlen(encoded_key)+1);
+  key = strconcat ("keytext=", encoded_key, NULL);
   if(!key)
     {
       fprintf(console,"gpgkeys: out of memory\n");
@@ -182,9 +197,6 @@
       goto fail;
     }
 
-  strcpy(key,"keytext=");
-  strcat(key,encoded_key);
-
   strcpy(request,proto);
   strcat(request,"://");
   strcat(request,opt->host);
@@ -216,7 +228,7 @@
   ret=KEYSERVER_OK;
 
  fail:
-  free(key);
+  xfree (key);
   curl_free(encoded_key);
 
   if(ret!=0 && begin)
@@ -319,28 +331,26 @@
       goto fail;
     }
 
-  request=malloc(MAX_URL+60+strlen(searchkey_encoded));
+  request = strconcat
+    (proto,
+     "://",
+     opt->host,
+     ":",
+     port,
+     opt->path,
+     appendable_path (opt->path,"/pks/lookup?op=get&options=mr&search="),
+     searchkey_encoded,
+     opt->action == KS_GETNAME? "&exact=on":"",
+     NULL);
   if(!request)
     {
       fprintf(console,"gpgkeys: out of memory\n");
       ret=KEYSERVER_NO_MEMORY;
       goto fail;
     }
-
+  
   fprintf(output,"NAME %s BEGIN\n",getkey);
 
-  strcpy(request,proto);
-  strcat(request,"://");
-  strcat(request,opt->host);
-  strcat(request,":");
-  strcat(request,port);
-  strcat(request,opt->path);
-  append_path(request,"/pks/lookup?op=get&options=mr&search=");
-  strcat(request,searchkey_encoded);
-
-  if(opt->action==KS_GETNAME)
-    strcat(request,"&exact=on");
-
   if(opt->verbose>2)
     fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
 
@@ -372,7 +382,7 @@
 
  fail:
   curl_free(searchkey_encoded);
-  free(request);
+  xfree (request);
 
   if(ret!=KEYSERVER_OK)
     fprintf(output,"\nNAME %s FAILED %d\n",getkey,ret);
@@ -388,6 +398,7 @@
   char *searchkey_encoded;
   int ret=KEYSERVER_INTERNAL_ERROR;
   enum ks_search_type search_type;
+  const char *hexprefix;
 
   search_type=classify_ks_search(&searchkey);
 
@@ -403,7 +414,23 @@
       goto fail;
     }
 
-  request=malloc(MAX_URL+60+strlen(searchkey_encoded));
+  /* HKP keyservers like the 0x to be present when searching by
+     keyid.  */
+  hexprefix = (search_type==KS_SEARCH_KEYID_SHORT
+               || search_type==KS_SEARCH_KEYID_LONG)? "0x":"";
+
+  request = strconcat
+    (proto,
+     "://",
+     opt->host,
+     ":",
+     port,
+     opt->path,
+     appendable_path (opt->path, "/pks/lookup?op=index&options=mr&search="),
+     hexprefix,
+     searchkey_encoded,
+     opt->action == KS_GETNAME? "&exact=on":"",
+     NULL);
   if(!request)
     {
       fprintf(console,"gpgkeys: out of memory\n");
@@ -413,24 +440,6 @@
 
   fprintf(output,"SEARCH %s BEGIN\n",searchkey);
 
-  strcpy(request,proto);
-  strcat(request,"://");
-  strcat(request,opt->host);
-  strcat(request,":");
-  strcat(request,port);
-  strcat(request,opt->path);
-  append_path(request,"/pks/lookup?op=index&options=mr&search=");
-
-  /* HKP keyservers like the 0x to be present when searching by
-     keyid */
-  if(search_type==KS_SEARCH_KEYID_SHORT || search_type==KS_SEARCH_KEYID_LONG)
-    strcat(request,"0x");
-
-  strcat(request,searchkey_encoded);
-
-  if(search_type!=KS_SEARCH_SUBSTR)
-    strcat(request,"&exact=on");
-
   if(opt->verbose>2)
     fprintf(console,"gpgkeys: HTTP URL is `%s'\n",request);
 
@@ -451,9 +460,8 @@
     }
 
  fail:
-
   curl_free(searchkey_encoded);
-  free(request);
+  xfree (request);
 
   if(ret!=KEYSERVER_OK)
     fprintf(output,"\nSEARCH %s FAILED %d\n",searchkey,ret);



From cvs at cvs.gnupg.org  Wed Aug 26 20:36:50 2009
From: cvs at cvs.gnupg.org (svn author marcus)
Date: Wed, 26 Aug 2009 20:36:50 +0200
Subject: [svn] assuan - r296 - in trunk: . m4 src tests
Message-ID: <E1MgLzG-0000rv-TI@lists.gnupg.com>

Author: marcus
Date: 2009-08-26 20:36:49 +0200 (Wed, 26 Aug 2009)
New Revision: 296

Added:
   trunk/ltmain.sh
   trunk/m4/libtool.m4
   trunk/m4/ltoptions.m4
   trunk/m4/ltsugar.m4
   trunk/m4/ltversion.m4
   trunk/m4/lt~obsolete.m4
   trunk/src/assuan-error.c
   trunk/src/libassuan.def
   trunk/src/libassuan.vers
   trunk/src/versioninfo.rc.in
Removed:
   trunk/src/mkerrors
Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/Makefile.am
   trunk/src/assuan-buffer.c
   trunk/src/assuan-client.c
   trunk/src/assuan-connect.c
   trunk/src/assuan-defs.h
   trunk/src/assuan-handler.c
   trunk/src/assuan-inquire.c
   trunk/src/assuan-io-pth.c
   trunk/src/assuan-io.c
   trunk/src/assuan-listen.c
   trunk/src/assuan-logging.c
   trunk/src/assuan-pipe-connect.c
   trunk/src/assuan-pipe-server.c
   trunk/src/assuan-socket-connect.c
   trunk/src/assuan-socket-server.c
   trunk/src/assuan-socket.c
   trunk/src/assuan-uds.c
   trunk/src/assuan-util.c
   trunk/src/assuan.h
   trunk/src/libassuan-config.in
   trunk/tests/Makefile.am
   trunk/tests/fdpassing.c
Log:
2009-08-26  Marcus Brinkmann  <marcus at g10code.de>

	* configure.ac: Test for versioned symbols support.
	(LIBASSUAN_LT_CURRENT, LIBASSUAN_LT_AGE)
	(LIBASSUAN_LT_REVISION): New, set to 0.
	(LIBASSUAN_CONFIG_API_VERSION): Bump to 2.
	(AC_CONFIG_MACRO_DIR, AC_DISABLE_STATIC, AC_LIBTOOL_WIN32_DLL)
	(AC_LIBTOOL_RC, AC_PROG_LIBTOOL, AM_PATH_GPG_ERROR): Invoke.
	(AC_PROG_RANLIB): Don't invoke.
	(HAVE_W32_SYSTEM): New AM conditional.
	(AC_CONFIG_FILES): Add src/versioninfo.rc.
	* ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
	m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6.
	* tests/Makefile.am (AM_CFLAGS, LDADD): Add gpg-error.
	* tests/fdpassing.c: Change error values to gpg-error ones.

src/
2009-08-26  Marcus Brinkmann  <marcus at g10code.de>

	* libassuan-config.in: Add gpg-error.
	* assuan-buffer.c, assuan-inquire.c, assuan-handler.c,
	assuan-util.c, assuan-client.c, assuan-socket-connect.c,
	assuan-pipe-connect.c, assuan-defs.h, assuan-socket.c,
	assuan-connect.c, assuan-uds.c, assuan-socket-server.c,
	assuan-listen.c, assuan-pipe-server.c: Return gpg_error_t instead
	assuan_error_t everywhere.  Return gpg error codes everywhere.
	Replace xtrymalloc, xfree, etc with _assuan_malloc, _assuan_free
	etc.  Protect include <config.h> by HAVE_CONFIG_H where not done
	so already.
	* versioninfo.rc.in, libassuan.vers, libassuan.def,
	assuan-error.c: New files.
	* Makefile.am: Add libtool handling and gpg-error (also for W32).
	(EXTRA_DIST): Remove mkerrors, add libassuan.vers,
	versioninfo.rc.in and libassuan.def.
	(BUILT_SOURCES, MOSTLYCLEANFILES): Removed.
	(common_sources): Remove assuan-errors.c, add assuan-error.c.
	* assuan.h: Include <gpg-error.h>.
	[_ASSUAN_ONLY_GPG_ERRORS]: Feature removed.
	(assuan_init_connected_socket_server, assuan_strerror)
	(assuan_pipe_connect2): Removed obsolete interfaces.
	(assuan_error_t): Removed type.
	(assuan_flag_t): Changed from enum to unsigned int.
	(ASSUAN_NO_WAITPID, ASSUAN_CONFIDENTIAL): Changed from enum to macro.
	(assuan_process): Return gpg_error_t instead of int.
	(assuan_set_assuan_err_source): Change argument type from int to
	gpg_err_source_t.
	* assuan-defs.h (_assuan_error): Change types to gpg_error_t.
	(err_code, err_is_eof, xtrymalloc, xtrycalloc, xtryrealloc)
	(xfree): Removed.
	(set_error): Adjust for gpg-error codes.
	(_assuan_gpg_strerror_r, _assuan_gpg_strsource): Removed.
	(struct assuan_context_s): Remove member os_errno.
	* assuan-socket-server.c (accept_connection): Don't set CTX->os_errno.
	* mkerrors: Removed file.
	* assuan-io-pth.c (_assuan_simple_sendmsg)
	(_assuan_simple_recvmsg), assuan-io.c (_assuan_simple_sendmsg,
	_assuan_simple_recvmsg): Set errno instead returning error
	directly (and return -1).
	* assuan-handler.c (assuan_process_done): Remove handling for old
	style error values.
	(process_request, assuan_process): Change return type from int to
	gpg_error_t.
	* assuan-client.c (assuan_transact): Remove support for old style
	error values.
	* assuan-pipe-connect.c (assuan_pipe_connect2): Removed.
	* assuan-logging.c (my_strerror_r, my_strsource)
	(load_libgpg_error, _assuan_gpg_strerror_r)
	(_assuan_gpg_strsource): Removed.


[The diff below has been truncated]

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-04-03 08:36:01 UTC (rev 295)
+++ trunk/ChangeLog	2009-08-26 18:36:49 UTC (rev 296)
@@ -1,3 +1,19 @@
+2009-08-26  Marcus Brinkmann  <marcus at g10code.de>
+
+	* configure.ac: Test for versioned symbols support.
+	(LIBASSUAN_LT_CURRENT, LIBASSUAN_LT_AGE)
+	(LIBASSUAN_LT_REVISION): New, set to 0.
+	(LIBASSUAN_CONFIG_API_VERSION): Bump to 2.
+	(AC_CONFIG_MACRO_DIR, AC_DISABLE_STATIC, AC_LIBTOOL_WIN32_DLL)
+	(AC_LIBTOOL_RC, AC_PROG_LIBTOOL, AM_PATH_GPG_ERROR): Invoke.
+	(AC_PROG_RANLIB): Don't invoke.
+	(HAVE_W32_SYSTEM): New AM conditional.
+	(AC_CONFIG_FILES): Add src/versioninfo.rc.
+	* ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+	m4/ltversion.m4, m4/lt~obsolete.m4: New files from libtool 2.2.6.
+	* tests/Makefile.am (AM_CFLAGS, LDADD): Add gpg-error.
+	* tests/fdpassing.c: Change error values to gpg-error ones.
+
 2009-01-22  Werner Koch  <wk at g10code.com>
 
 	* configure.ac: Check for nanoleep only in libc.

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-04-03 08:36:01 UTC (rev 295)
+++ trunk/src/ChangeLog	2009-08-26 18:36:49 UTC (rev 296)
@@ -1,3 +1,55 @@
+2009-08-26  Marcus Brinkmann  <marcus at g10code.de>
+
+	* libassuan-config.in: Add gpg-error.
+	* assuan-buffer.c, assuan-inquire.c, assuan-handler.c,
+	assuan-util.c, assuan-client.c, assuan-socket-connect.c,
+	assuan-pipe-connect.c, assuan-defs.h, assuan-socket.c,
+	assuan-connect.c, assuan-uds.c, assuan-socket-server.c,
+	assuan-listen.c, assuan-pipe-server.c: Return gpg_error_t instead
+	assuan_error_t everywhere.  Return gpg error codes everywhere.
+	Replace xtrymalloc, xfree, etc with _assuan_malloc, _assuan_free
+	etc.  Protect include <config.h> by HAVE_CONFIG_H where not done
+	so already.
+	* versioninfo.rc.in, libassuan.vers, libassuan.def,
+	assuan-error.c: New files.
+	* Makefile.am: Add libtool handling and gpg-error (also for W32).
+	(EXTRA_DIST): Remove mkerrors, add libassuan.vers,
+	versioninfo.rc.in and libassuan.def.
+	(BUILT_SOURCES, MOSTLYCLEANFILES): Removed.
+	(common_sources): Remove assuan-errors.c, add assuan-error.c.
+	* assuan.h: Include <gpg-error.h>.
+	[_ASSUAN_ONLY_GPG_ERRORS]: Feature removed.
+	(assuan_init_connected_socket_server, assuan_strerror)
+	(assuan_pipe_connect2): Removed obsolete interfaces.
+	(assuan_error_t): Removed type.
+	(assuan_flag_t): Changed from enum to unsigned int.
+	(ASSUAN_NO_WAITPID, ASSUAN_CONFIDENTIAL): Changed from enum to macro.
+	(assuan_process): Return gpg_error_t instead of int.
+	(assuan_set_assuan_err_source): Change argument type from int to
+	gpg_err_source_t.
+	* assuan-defs.h (_assuan_error): Change types to gpg_error_t.
+	(err_code, err_is_eof, xtrymalloc, xtrycalloc, xtryrealloc)
+	(xfree): Removed.
+	(set_error): Adjust for gpg-error codes.
+	(_assuan_gpg_strerror_r, _assuan_gpg_strsource): Removed.
+	(struct assuan_context_s): Remove member os_errno.
+	* assuan-socket-server.c (accept_connection): Don't set CTX->os_errno.
+	* mkerrors: Removed file.
+	* assuan-io-pth.c (_assuan_simple_sendmsg)
+	(_assuan_simple_recvmsg), assuan-io.c (_assuan_simple_sendmsg,
+	_assuan_simple_recvmsg): Set errno instead returning error
+	directly (and return -1).
+	* assuan-handler.c (assuan_process_done): Remove handling for old
+	style error values.
+	(process_request, assuan_process): Change return type from int to
+	gpg_error_t.
+	* assuan-client.c (assuan_transact): Remove support for old style
+	error values.
+	* assuan-pipe-connect.c (assuan_pipe_connect2): Removed.
+	* assuan-logging.c (my_strerror_r, my_strsource)
+	(load_libgpg_error, _assuan_gpg_strerror_r)
+	(_assuan_gpg_strsource): Removed.
+
 2009-04-03  Werner Koch  <wk at g10code.com>
 
 	* assuan-handler.c (std_cmd_table): Remove second OPTION entry.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2009-04-03 08:36:01 UTC (rev 295)
+++ trunk/NEWS	2009-08-26 18:36:49 UTC (rev 296)
@@ -1,11 +1,25 @@
 Noteworthy changes in version 1.1.0
 ------------------------------------------------
 
- * API change:  See doc/README.apichanges. 
-
  * Now using libtool and builds a DSO. 
 
+ * Lots of interface cleanups.  See below for details of the most
+   important changes.
 
+ * Interface changes relative to the 1.0.5 release:
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+_ASSUAN_ONLY_GPG_ERRORS        Removed.
+assuan_init_connected_socket_server Removed.
+assuan_strerror		       Removed.
+assuan_pipe_connect2           Removed.
+ASSUAN_*		       Error values removed.
+assuan_error_t		       Removed.
+AssuanError		       Removed.
+AssuanCommand		       Removed.
+assuan_flag_t		       Changed from enum to unsigned int.
+ASSUAN_CONTENT		       Removed.
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 Noteworthy changes in version 1.0.5 (2008-05-25)
 ------------------------------------------------
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-04-03 08:36:01 UTC (rev 295)
+++ trunk/configure.ac	2009-08-26 18:36:49 UTC (rev 296)
@@ -31,14 +31,34 @@
             || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')]))
 AC_INIT([libassuan], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
         [bug-libassuan at gnupg.org])
-# Note, that this is not yet available as a shared library.
 
+# LT Version numbers, remember to change them just *before* a release.
+#   (Code changed:			REVISION++)
+#   (Interfaces added/removed/changed:	CURRENT++, REVISION=0)
+#   (Interfaces added:			AGE++)
+#   (Interfaces removed/changed:	AGE=0)
+#
+LIBASSUAN_LT_CURRENT=0
+# Subtract 2 from this value if you want to make the LFS transition an
+# ABI break.  [Note to self: Remove this comment with the next regular break.]
+LIBASSUAN_LT_AGE=0
+LIBASSUAN_LT_REVISION=0
+
+# If the API is changed in an incompatible way: increment the next counter.
+LIBASSUAN_CONFIG_API_VERSION=2
+##############################################
+
+AC_SUBST(LIBASSUAN_LT_CURRENT)
+AC_SUBST(LIBASSUAN_LT_AGE)
+AC_SUBST(LIBASSUAN_LT_REVISION)
+
 PACKAGE=$PACKAGE_NAME
 VERSION=$PACKAGE_VERSION
 
 AM_INIT_AUTOMAKE
 AM_MAINTAINER_MODE
 AC_CONFIG_SRCDIR(src/assuan.h)
+AC_CONFIG_MACRO_DIR(m4)
 AM_CONFIG_HEADER(config.h)
 AC_CANONICAL_HOST
 AB_INIT
@@ -54,7 +74,30 @@
                                         [Bug report address])
 
 
+# Don't default to build static libs.
+AC_DISABLE_STATIC
+AC_LIBTOOL_WIN32_DLL
+AC_LIBTOOL_RC
+AC_PROG_LIBTOOL
 
+# For now we hardcode the use of version scripts.  It would be better
+# to write a test for this or even implement this within libtool.
+have_ld_version_script=no
+case "${host}" in
+    *-*-linux*)
+	have_ld_version_script=yes
+        ;;
+    *-*-gnu*)
+	have_ld_version_script=yes
+        ;;
+    *-apple-darwin*)
+        AC_DEFINE(_XOPEN_SOURCE, 500, Activate POSIX interface on MacOS X)
+        ;;
+esac
+
+AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
+
+
 # Checks for programs.
 missing_dir=`cd $ac_aux_dir && pwd`
 AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir)
@@ -72,7 +115,6 @@
 AC_PROG_INSTALL
 AC_PROG_LN_S
 AC_PROG_MAKE_SET
-AC_PROG_RANLIB
 #AC_ARG_PROGRAM
 
 if test "$GCC" = yes; then
@@ -133,7 +175,7 @@
 if test "$have_w32_system" = yes; then
    AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
 fi
-dnl AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
+AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
 
 #
 # See whether we can build a Pth enabled version
@@ -150,7 +192,6 @@
 # For src/libassuan-config.in
 LIBASSUAN_CONFIG_LIB="-lassuan"
 LIBASSUAN_CONFIG_CFLAGS=""
-LIBASSUAN_CONFIG_API_VERSION="1"
 LIBASSUAN_CONFIG_THREAD_MODULES=
 if test "$have_pth" = yes; then
 LIBASSUAN_CONFIG_THREAD_MODULES="pth"
@@ -208,6 +249,9 @@
 AM_CONDITIONAL(USE_DESCRIPTOR_PASSING, test "$use_descriptor_passing" = "yes")
 
 
+# Checking for libgpg-error.
+AM_PATH_GPG_ERROR(1.4,, AC_MSG_ERROR([libgpg-error was not found]))
+
 #
 # Checks for library functions.
 #
@@ -277,5 +321,6 @@
 AC_CONFIG_FILES([doc/Makefile])
 AC_CONFIG_FILES([tests/Makefile])
 AC_CONFIG_FILES([src/libassuan-config], [chmod +x src/libassuan-config])
+AC_CONFIG_FILES([src/versioninfo.rc])
 
 AC_OUTPUT

Added: trunk/ltmain.sh
===================================================================
--- trunk/ltmain.sh	                        (rev 0)
+++ trunk/ltmain.sh	2009-08-26 18:36:49 UTC (rev 296)
@@ -0,0 +1,8412 @@
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6
+# Written by Gordon Matzigkeit <gord at gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+#     --config             show all configuration variables
+#     --debug              enable verbose shell tracing
+# -n, --dry-run            display commands without modifying any files
+#     --features           display basic configuration information and exit
+#     --mode=MODE          use operation mode MODE
+#     --preserve-dup-deps  don't remove duplicate dependency libraries
+#     --quiet, --silent    don't print informational messages
+#     --tag=TAG            use configuration variables from tag TAG
+# -v, --verbose            print informational messages (default)
+#     --version            print version information
+# -h, --help               print short or long help message
+#
+# MODE must be one of the following:
+#
+#       clean              remove files from the build directory
+#       compile            compile a source file into a libtool object
+#       execute            automatically set library path, then run a program
+#       finish             complete the installation of libtool libraries
+#       install            install libraries or executables
+#       link               create a library or an executable
+#       uninstall          remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+#       host-triplet:	$host
+#       shell:		$SHELL
+#       compiler:		$LTCC
+#       compiler flags:		$LTCFLAGS
+#       linker:		$LD (gnu? $with_gnu_ld)
+#       $progname:		(GNU libtool) 2.2.6 Debian-2.2.6a-1ubuntu1
+#       automake:		$automake_version
+#       autoconf:		$autoconf_version
+#
+# Report bugs to <bug-libtool at gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION="2.2.6 Debian-2.2.6a-1ubuntu1"
+TIMESTAMP=""
+package_revision=1.3012
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+  eval "if test \"\${$lt_var+set}\" = set; then
+          save_$lt_var=\$$lt_var
+          $lt_var=C
+	  export $lt_var
+	  lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+	  lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+	fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63  # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77	  # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" 	$lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+  -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+  [\\/]*|[A-Za-z]:\\*) ;;
+  *[\\/]*)
+     progdir=$func_dirname_result
+     progdir=`cd "$progdir" && pwd`
+     progpath="$progdir/$progname"
+     ;;
+  *)
+     save_IFS="$IFS"
+     IFS=:
+     for progdir in $PATH; do
+       IFS="$save_IFS"
+       test -x "$progdir/$progname" && break
+     done
+     IFS="$save_IFS"
+     test -n "$progdir" || progdir=`pwd`
+     progpath="$progdir/$progname"
+     ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same.  If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'.  `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+  s/$bs4/&\\
+/g
+  s/^$bs2$dollar/$bs&/
+  s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+  s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+    $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+    $opt_verbose && func_echo ${1+"$@"}
+
+    # A bug in bash halts the script if the last line of a function
+    # fails when set -e is in force, so we need another command to
+    # work around that:
+    :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+    $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+    $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+    # bash bug again:
+    :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+    func_error ${1+"$@"}
+    exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+    func_error ${1+"$@"}
+    func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information."  ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+    $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+    my_directory_path="$1"
+    my_dir_list=
+
+    if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+      # Protect directory names starting with `-'
+      case $my_directory_path in
+        -*) my_directory_path="./$my_directory_path" ;;
+      esac
+
+      # While some portion of DIR does not yet exist...
+      while test ! -d "$my_directory_path"; do
+        # ...make a list in topmost first order.  Use a colon delimited
+	# list incase some portion of path contains whitespace.
+        my_dir_list="$my_directory_path:$my_dir_list"
+
+        # If the last portion added has no slash in it, the list is done
+        case $my_directory_path in */*) ;; *) break ;; esac
+
+        # ...otherwise throw away the child directory and loop
+        my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+      done
+      my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+      save_mkdir_p_IFS="$IFS"; IFS=':'
+      for my_dir in $my_dir_list; do
+	IFS="$save_mkdir_p_IFS"
+        # mkdir can fail with a `File exist' error if two processes
+        # try to create one of the directories concurrently.  Don't
+        # stop in that case!
+        $MKDIR "$my_dir" 2>/dev/null || :
+      done
+      IFS="$save_mkdir_p_IFS"
+
+      # Bail out if we (or some other process) failed to create a directory.
+      test -d "$my_directory_path" || \
+        func_fatal_error "Failed to create \`$1'"
+    fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$opt_dry_run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+        # Failing that, at least try and use $RANDOM to avoid a race
+        my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+        save_mktempdir_umask=`umask`
+        umask 0077
+        $MKDIR "$my_tmpdir"
+        umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || \
+        func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+    fi
+
+    $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+    case $1 in
+      *[\\\`\"\$]*)
+	func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+      *)
+        func_quote_for_eval_unquoted_result="$1" ;;
+    esac
+
+    case $func_quote_for_eval_unquoted_result in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and and variable
+      # expansion for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+        ;;
+      *)
+        func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+    esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+    case $1 in
+      *[\\\`\"]*)
+	my_arg=`$ECHO "X$1" | $Xsed \
+	    -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+      *)
+        my_arg="$1" ;;
+    esac
+
+    case $my_arg in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting and command substitution for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        my_arg="\"$my_arg\""
+        ;;
+    esac
+
+    func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$my_cmd"
+      my_status=$?
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.  Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$lt_user_locale
+	    $my_cmd"
+      my_status=$?
+      eval "$lt_safe_locale"
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+    $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+        s/^# //
+	s/^# *$//
+        s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+        p
+     }' < "$progpath"
+     exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+    $SED -n '/^# Usage:/,/# -h/ {
+        s/^# //
+	s/^# *$//
+	s/\$progname/'$progname'/
+	p
+    }' < "$progpath"
+    $ECHO
+    $ECHO "run \`$progname --help | more' for full usage"
+    exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+    $SED -n '/^# Usage:/,/# Report bugs to/ {
+        s/^# //
+	s/^# *$//
+	s*\$progname*'$progname'*
+	s*\$host*'"$host"'*
+	s*\$SHELL*'"$SHELL"'*
+	s*\$LTCC*'"$LTCC"'*
+	s*\$LTCFLAGS*'"$LTCFLAGS"'*
+	s*\$LD*'"$LD"'*
+	s/\$with_gnu_ld/'"$with_gnu_ld"'/
+	s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+	s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+	p
+     }' < "$progpath"
+    exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+    func_error "missing argument for $1"
+    exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell, and then maybe $ECHO will work.
+  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+$*
+EOF
+  exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end.  This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+    func_error ${1+"$@"}
+    func_error "See the $PACKAGE documentation for more information."
+    func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+    re_begincf='^# ### BEGIN LIBTOOL'
+    re_endcf='^# ### END LIBTOOL'
+
+    # Default configuration.
+    $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+    done
+
+    exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+    $ECHO "host: $host"
+    if test "$build_libtool_libs" = yes; then
+      $ECHO "enable shared libraries"
+    else
+      $ECHO "disable shared libraries"
+    fi
+    if test "$build_old_libs" = yes; then
+      $ECHO "enable static libraries"
+    else
+      $ECHO "disable static libraries"
+    fi
+
+    exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag.  We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+  # Global variable:
+  tagname="$1"
+
+  re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+  re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+  sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+  # Validate tagname.
+  case $tagname in
+    *[!-_A-Za-z0-9,/]*)
+      func_fatal_error "invalid tag name: $tagname"
+      ;;
+  esac
+
+  # Don't test for the "default" C tag, as we know it's
+  # there but not specially marked.
+  case $tagname in
+    CC) ;;
+    *)
+      if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+	taglist="$taglist $tagname"
+
+	# Evaluate the configuration.  Be careful to quote the path
+	# and the sed script, to avoid splitting on whitespace, but
+	# also don't use non-portable quotes within backquotes within
+	# quotes we have to do it in 2 steps:
+	extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+	eval "$extractedcf"
+      else
+	func_error "ignoring unknown tag $tagname"
+      fi
+      ;;
+  esac
+}
+
+# Parse options once, thoroughly.  This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+  # Shorthand for --mode=foo, only valid as the first argument
+  case $1 in
+  clean|clea|cle|cl)
+    shift; set dummy --mode clean ${1+"$@"}; shift
+    ;;
+  compile|compil|compi|comp|com|co|c)
+    shift; set dummy --mode compile ${1+"$@"}; shift
+    ;;
+  execute|execut|execu|exec|exe|ex|e)
+    shift; set dummy --mode execute ${1+"$@"}; shift
+    ;;
+  finish|finis|fini|fin|fi|f)
+    shift; set dummy --mode finish ${1+"$@"}; shift
+    ;;
+  install|instal|insta|inst|ins|in|i)
+    shift; set dummy --mode install ${1+"$@"}; shift
+    ;;
+  link|lin|li|l)
+    shift; set dummy --mode link ${1+"$@"}; shift
+    ;;
+  uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+    shift; set dummy --mode uninstall ${1+"$@"}; shift
+    ;;
+  esac
+
+  # Parse non-mode specific arguments:
+  while test "$#" -gt 0; do
+    opt="$1"
+    shift
+
+    case $opt in
+      --config)		func_config					;;
+
+      --debug)		preserve_args="$preserve_args $opt"
+			func_echo "enabling shell trace mode"
+			opt_debug='set -x'
+			$opt_debug
+			;;
+
+      -dlopen)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			execute_dlfiles="$execute_dlfiles $1"
+			shift
+			;;
+
+      --dry-run | -n)	opt_dry_run=:					;;
+      --features)       func_features					;;
+      --finish)		mode="finish"					;;
+
+      --mode)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			case $1 in
+			  # Valid mode arguments:
+			  clean)	;;
+			  compile)	;;
+			  execute)	;;
+			  finish)	;;
+			  install)	;;
+			  link)		;;
+			  relink)	;;
+			  uninstall)	;;
+
+			  # Catch anything else as an error
+			  *) func_error "invalid argument for $opt"
+			     exit_cmd=exit
+			     break
+			     ;;
+		        esac
+
+			mode="$1"
+			shift
+			;;
+
+      --preserve-dup-deps)
+			opt_duplicate_deps=:				;;
+
+      --quiet|--silent)	preserve_args="$preserve_args $opt"
+			opt_silent=:
+			;;
+
+      --verbose| -v)	preserve_args="$preserve_args $opt"
+			opt_silent=false
+			;;
+
+      --tag)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			preserve_args="$preserve_args $opt $1"
+			func_enable_tag "$1"	# tagname is set here
+			shift
+			;;
+
+      # Separate optargs to long options:
+      -dlopen=*|--mode=*|--tag=*)
+			func_opt_split "$opt"
+			set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+			shift
+			;;
+
+      -\?|-h)		func_usage					;;
+      --help)		opt_help=:					;;
+      --version)	func_version					;;
+
+      -*)		func_fatal_help "unrecognized option \`$opt'"	;;
+
+      *)		nonopt="$opt"
+			break
+			;;
+    esac
+  done
+
+
+  case $host in
+    *cygwin* | *mingw* | *pw32* | *cegcc*)
+      # don't eliminate duplications in $postdeps and $predeps
+      opt_duplicate_compiler_generated_deps=:
+      ;;
+    *)
+      opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+      ;;
+  esac
+
+  # Having warned about all mis-specified options, bail out if
+  # anything was wrong.
+  $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+  if test "$package_revision" != "$macro_revision"; then
+    if test "$VERSION" != "$macro_version"; then
+      if test -z "$macro_version"; then
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      else
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      fi
+    else
+      cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+    fi
+
+    exit $EXIT_MISMATCH
+  fi
+}
+
+
+## ----------- ##
+##    Main.    ##
+## ----------- ##
+
+$opt_help || {
+  # Sanity checks first:
+  func_check_version_match
+
+  if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+    func_fatal_configuration "not configured to build any kind of library"
+  fi
+
+  test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+  # Darwin sucks
+  eval std_shrext=\"$shrext_cmds\"
+
+
+  # Only execute mode is allowed to have -dlopen flags.
+  if test -n "$execute_dlfiles" && test "$mode" != execute; then
+    func_error "unrecognized option \`-dlopen'"
+    $ECHO "$help" 1>&2
+    exit $EXIT_FAILURE
+  fi
+
+  # Change the help message to a mode-specific one.
+  generic_help="$help"
+  help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+    test -f "$1" &&
+      $SED -e 4q "$1" 2>/dev/null \
+        | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs.  To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway.  Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+    lalib_p=no
+    if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+	for lalib_p_l in 1 2 3 4
+	do
+	    read lalib_p_line
+	    case "$lalib_p_line" in
+		\#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+	    esac
+	done
+	exec 0<&5 5<&-
+    fi
+    test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+    func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+    func_ltwrapper_exec_suffix=
+    case $1 in
+    *.exe) ;;
+    *) func_ltwrapper_exec_suffix=.exe ;;
+    esac
+    $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+    func_ltwrapper_scriptname_result=""
+    if func_ltwrapper_executable_p "$1"; then
+	func_dirname_and_basename "$1" "" "."
+	func_stripname '' '.exe' "$func_basename_result"
+	func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+    fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+    func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+    $opt_debug
+    save_ifs=$IFS; IFS='~'
+    for cmd in $1; do
+      IFS=$save_ifs
+      eval cmd=\"$cmd\"
+      func_show_eval "$cmd" "${2-:}"
+    done
+    IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)!  Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+    $opt_debug
+    case $1 in
+    */* | *\\*)	. "$1" ;;
+    *)		. "./$1" ;;
+    esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    $opt_debug
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+        func_quote_for_eval "$arg"
+	CC_quoted="$CC_quoted $func_quote_for_eval_result"
+      done
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	      # Double-quote args containing other shell metacharacters.
+	      func_quote_for_eval "$arg"
+	      CC_quoted="$CC_quoted $func_quote_for_eval_result"
+	    done
+	    case "$@ " in
+	      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  func_echo "unable to infer tagged configuration"
+	  func_fatal_error "specify a tag with \`--tag'"
+#	else
+#	  func_verbose "using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+    write_libobj=${1}
+    if test "$build_libtool_libs" = yes; then
+      write_lobj=\'${2}\'
+    else
+      write_lobj=none
+    fi
+
+    if test "$build_old_libs" = yes; then
+      write_oldobj=\'${3}\'
+    else
+      write_oldobj=none
+    fi
+
+    $opt_dry_run || {
+      cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+      $MV "${write_libobj}T" "${write_libobj}"
+    }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+    $opt_debug
+    # Get the compilation command and the source file.
+    base_compile=
+    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
+    suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
+    pie_flag=
+
+    for arg
+    do
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg="$arg"
+	arg_mode=normal
+	;;
+
+      target )
+	libobj="$arg"
+	arg_mode=normal
+	continue
+	;;
+
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  test -n "$libobj" && \
+	    func_fatal_error "you cannot specify \`-o' more than once"
+	  arg_mode=target
+	  continue
+	  ;;
+
+	-pie | -fpie | -fPIE)
+          pie_flag="$pie_flag $arg"
+	  continue
+	  ;;
+
+	-shared | -static | -prefer-pic | -prefer-non-pic)
+	  later="$later $arg"
+	  continue
+	  ;;
+
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
+
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
+
+	-Wc,*)
+	  func_stripname '-Wc,' '' "$arg"
+	  args=$func_stripname_result
+	  lastarg=
+	  save_ifs="$IFS"; IFS=','
+	  for arg in $args; do
+	    IFS="$save_ifs"
+	    func_quote_for_eval "$arg"
+	    lastarg="$lastarg $func_quote_for_eval_result"
+	  done
+	  IFS="$save_ifs"
+	  func_stripname ' ' '' "$lastarg"
+	  lastarg=$func_stripname_result
+
+	  # Add the arguments to base_compile.
+	  base_compile="$base_compile $lastarg"
+	  continue
+	  ;;
+
+	*)
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg="$srcfile"
+	  srcfile="$arg"
+	  ;;
+	esac  #  case $arg
+	;;
+      esac    #  case $arg_mode
+
+      # Aesthetically quote the previous argument.
+      func_quote_for_eval "$lastarg"
+      base_compile="$base_compile $func_quote_for_eval_result"
+    done # for arg
+
+    case $arg_mode in
+    arg)
+      func_fatal_error "you must specify an argument for -Xcompile"
+      ;;
+    target)
+      func_fatal_error "you must specify a target with \`-o'"
+      ;;
+    *)
+      # Get the name of the library object.
+      test -z "$libobj" && {
+	func_basename "$srcfile"
+	libobj="$func_basename_result"
+      }
+      ;;
+    esac
+
+    # Recognize several different file suffixes.
+    # If the user specifies -o file.o, it is replaced with file.lo
+    case $libobj in
+    *.[cCFSifmso] | \
+    *.ada | *.adb | *.ads | *.asm | \
+    *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+    *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+      func_xform "$libobj"
+      libobj=$func_xform_result
+      ;;
+    esac
+
+    case $libobj in
+    *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+    *)
+      func_fatal_error "cannot determine name of library object from \`$libobj'"
+      ;;
+    esac
+
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -shared)
+	test "$build_libtool_libs" != yes && \
+	  func_fatal_configuration "can not build a shared library"
+	build_old_libs=no
+	continue
+	;;
+
+      -static)
+	build_libtool_libs=no
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    func_quote_for_eval "$libobj"
+    test "X$libobj" != "X$func_quote_for_eval_result" \
+      && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
+      && func_warning "libobj name \`$libobj' may not contain shell special characters."
+    func_dirname_and_basename "$obj" "/" ""
+    objname="$func_basename_result"
+    xdir="$func_dirname_result"
+    lobj=${xdir}$objdir/$objname
+
+    test -z "$base_compile" && \
+      func_fatal_help "you must specify a compilation command"
+
+    # Delete any leftover library objects.
+    if test "$build_old_libs" = yes; then
+      removelist="$obj $lobj $libobj ${libobj}T"
+    else
+      removelist="$lobj $libobj ${libobj}T"
+    fi
+
+    # On Cygwin there's no "real" PIC flag so we must build both object types
+    case $host_os in
+    cygwin* | mingw* | pw32* | os2* | cegcc*)
+      pic_mode=default
+      ;;
+    esac
+    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+      # non-PIC code in shared libraries is not supported
+      pic_mode=default
+    fi
+
+    # Calculate the filename of the output object if compiler does
+    # not support -o with -c
+    if test "$compiler_c_o" = no; then
+      output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+      lockfile="$output_obj.lock"
+    else
+      output_obj=
+      need_locks=no
+      lockfile=
+    fi
+
+    # Lock this critical section if it is needed
+    # We use this script file to make the link, it avoids creating a new file
+    if test "$need_locks" = yes; then
+      until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+	func_echo "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    elif test "$need_locks" = warn; then
+      if test -f "$lockfile"; then
+	$ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+      removelist="$removelist $output_obj"
+      $ECHO "$srcfile" > "$lockfile"
+    fi
+
+    $opt_dry_run || $RM $removelist
+    removelist="$removelist $lockfile"
+    trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+    if test -n "$fix_srcfile_path"; then
+      eval srcfile=\"$fix_srcfile_path\"
+    fi
+    func_quote_for_eval "$srcfile"
+    qsrcfile=$func_quote_for_eval_result
+
+    # Only build a PIC object if we are building libtool libraries.
+    if test "$build_libtool_libs" = yes; then
+      # Without this assignment, base_compile gets emptied.
+      fbsd_hideous_sh_bug=$base_compile
+
+      if test "$pic_mode" != no; then
+	command="$base_compile $qsrcfile $pic_flag"
+      else
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      fi
+
+      func_mkdir_p "$xdir$objdir"



From cvs at cvs.gnupg.org  Fri Aug 28 20:20:30 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 28 Aug 2009 20:20:30 +0200
Subject: [svn] GpgOL - r307 - in trunk: . src
Message-ID: <E1Mh4gA-0004XL-SQ@lists.gnupg.com>

Author: wk
Date: 2009-08-28 20:20:29 +0200 (Fri, 28 Aug 2009)
New Revision: 307

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/mapihelp.cpp
   trunk/src/mimemaker.c
Log:
Sender adress kludge for Exchane and Kleopatra.
Comment cleanups.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/ChangeLog	2009-08-28 18:20:29 UTC (rev 307)
@@ -1,3 +1,7 @@
+2009-08-28  Werner Koch  <wk at g10code.com>
+
+	* configure.ac [GCC]: Test for -Wno-pointer-sign.
+
 2009-06-18  Werner Koch  <wk at g10code.com>
 
 	Release 1.0.0.
@@ -22,7 +26,7 @@
 
 2008-10-27  Werner Koch  <wk at g10code.com>
 
-	* forms/gpgol-cs_de.cfg: New. 
+	* forms/gpgol-cs_de.cfg: New.
 
 2008-08-06  Werner Koch  <wk at g10code.com>
 

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/src/ChangeLog	2009-08-28 18:20:29 UTC (rev 307)
@@ -1,3 +1,11 @@
+2009-08-28  Werner Koch  <wk at g10code.com>
+
+	* mimemaker.c (do_mime_sign): Comment cleanup.
+
+2009-08-27  Werner Koch  <wk at g10code.com>
+
+	* mapihelp.cpp (mapi_get_sender): Add hack for Kleopatra.
+
 2009-08-21  Werner Koch  <wk at g10code.com>
 
 	* engine-assuan.c (async_worker_thread): Disable the use of

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/NEWS	2009-08-28 18:20:29 UTC (rev 307)
@@ -1,3 +1,7 @@
+Noteworthy changes for version 1.0.1 (not released)
+===================================================
+
+
 Noteworthy changes for version 1.0.0 (2009-06-18)
 =================================================
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/configure.ac	2009-08-28 18:20:29 UTC (rev 307)
@@ -16,8 +16,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.0.0])
-m4_define([my_issvn], [no])
+m4_define([my_version], [1.0.1])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \
             || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')]))
@@ -206,10 +206,23 @@
         AC_MSG_RESULT($_gcc_mfi)
         CFLAGS=$_gcc_cflags_save;
         if test x"$_gcc_mfi" = xyes ; then
-          CFLAGS="$CFLAGS  -Wno-missing-field-initializers"
+          CFLAGS="$CFLAGS -Wno-missing-field-initializers"
           CXXFLAGS="$CXXFLAGS -Wno-missing-field-initializers"
         fi
     fi
+
+    AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+    _gcc_cflags_save=$CFLAGS
+    CFLAGS="-Wno-pointer-sign"
+    AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
+    AC_MSG_RESULT($_gcc_psign)
+    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_psign" = xyes ; then
+       CFLAGS="$CFLAGS -Wno-pointer-sign"
+       CXXFLAGS="$CXXFLAGS -Wno-pointer-sign"
+    fi
+
+
 fi
 
 AC_SUBST(W32LIBS)

Modified: trunk/src/mapihelp.cpp
===================================================================
--- trunk/src/mapihelp.cpp	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/src/mapihelp.cpp	2009-08-28 18:20:29 UTC (rev 307)
@@ -1451,6 +1451,17 @@
     {
       log_debug ("%s:%s: orig address is `%s'\n", SRCNAME, __func__, buf);
       memmove (buf, p+4, strlen (p+4)+1);
+      if (!strchr (buf, '@'))
+        {
+          /* Some Exchange accounts return only the accoutn name and
+             no rfc821 mail address.  Kleopatra chokes on that, thus
+             we append a domain name.  Thisis a bad hack.  */
+          char *newbuf = (char *)xmalloc (strlen (buf) + 6 + 1);
+          strcpy (stpcpy (newbuf, buf), "@local");
+          xfree (buf);
+          buf = newbuf;
+        }
+      
     }
   log_debug ("%s:%s: address is `%s'\n", SRCNAME, __func__, buf);
   return buf;

Modified: trunk/src/mimemaker.c
===================================================================
--- trunk/src/mimemaker.c	2009-08-24 13:10:05 UTC (rev 306)
+++ trunk/src/mimemaker.c	2009-08-28 18:20:29 UTC (rev 307)
@@ -806,7 +806,7 @@
   if (filename)
     {
       /* If there is a filename strip the directory part.  Take care
-         that there might be slashes of backslashes.  */
+         that there might be slashes or backslashes.  */
       const char *s1 = strrchr (filename, '/');
       const char *s2 = strrchr (filename, '\\');
       
@@ -1297,15 +1297,26 @@
   if ((rc = write_boundary (sink, boundary, 0)))
     goto failure;
 
-  if ((rc=write_string (sink, 
-                        (protocol == PROTOCOL_OPENPGP
-                         ? "Content-Type: application/pgp-signature\r\n"
-                         : ("Content-Transfer-Encoding: base64\r\n"
-                            "Content-Type: application/pkcs7-signature\r\n")
-                         ))))
-    goto failure;
+  if (protocol == PROTOCOL_OPENPGP)
+    {
+      rc = write_string (sink,
+                         "Content-Type: application/pgp-signature\r\n");
+    }
+  else
+    {
+      rc = write_string (sink,
+                         "Content-Transfer-Encoding: base64\r\n"
+                         "Content-Type: application/pkcs7-signature\r\n");
+      /* rc = write_string (sink, */
+      /*                    "Content-Type: application/x-pkcs7-signature\r\n" */
+      /*                    "\tname=\"smime.p7s\"\r\n" */
+      /*                    "Content-Transfer-Encoding: base64\r\n" */
+      /*                    "Content-Disposition: attachment;\r\n" */
+      /*                    "\tfilename=\"smime.p7s\"\r\n"); */
 
-  /* If we would add "Content-Transfer-Encoding: 7bit\r\n" to this
+    }
+  /* About the above code:
+     If we would add "Content-Transfer-Encoding: 7bit\r\n" to this
      attachment, Outlooks does not proceed with sending and even does
      not return any error.  A wild guess is that while OL adds this
      header itself, it detects that it already exists and somehow gets
@@ -1315,6 +1326,8 @@
      Note, that this only holds for OpenPGP; for S/MIME we need to set
      set CTE.  We even write it before the CT because that is the same
      as Outlook would do it for a missing CTE. */
+  if (rc)
+    goto failure;
 
   if ((rc = write_string (sink, "\r\n")))
     goto failure;



From cvs at cvs.gnupg.org  Fri Aug 28 20:28:29 2009
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri, 28 Aug 2009 20:28:29 +0200
Subject: [svn] GpgOL - r308 - in trunk: . po
Message-ID: <E1Mh4ns-0004e5-UX@lists.gnupg.com>

Author: wk
Date: 2009-08-28 20:28:29 +0200 (Fri, 28 Aug 2009)
New Revision: 308

Modified:
   trunk/configure.ac
   trunk/po/de.po
   trunk/po/sv.po
Log:
No -Wno-pointer-sign for C++


Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2009-08-28 18:20:29 UTC (rev 307)
+++ trunk/configure.ac	2009-08-28 18:28:29 UTC (rev 308)
@@ -219,7 +219,6 @@
     CFLAGS=$_gcc_cflags_save;
     if test x"$_gcc_psign" = xyes ; then
        CFLAGS="$CFLAGS -Wno-pointer-sign"
-       CXXFLAGS="$CXXFLAGS -Wno-pointer-sign"
     fi
 
 

Modified: trunk/po/de.po  [not shown]
Modified: trunk/po/sv.po  [not shown]