From cvs at cvs.gnupg.org  Tue Jul  1 08:42:23 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 01 Jul 2014 08:42:23 +0200
Subject: [git] gnupg-doc - branch, master,
 updated. 64dac94489afa59e44763dfd7c2f49ed40312615
Message-ID: <E1X1rkx-0008U2-CC@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".

The branch, master has been updated
       via  64dac94489afa59e44763dfd7c2f49ed40312615 (commit)
       via  5517f6c45a9f80ac155318abf451fb208a875649 (commit)
      from  bccd13c3009550cc6e4689e468b004fe10afa6d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 64dac94489afa59e44763dfd7c2f49ed40312615
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Update for GnuPG 1.4.18 and 2.0.25

diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index 4f7d9c6..e86483e 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -31,14 +31,14 @@
 | 2011 |  21 |   553 |      465 |
 | 2012 |  53 |  5991 |     4963 |
 | 2013 | 148 |  5041 |     4145 |
-| 2014 |  50 |  3244 |          |
+| 2014 |  66 |  4059 |          |
 |------+-----+-------+----------|
 |      | 272 | 14829 |     9573 |
 #+TBLFM: $LR2=vsum(@I.. at II)::$LR3=vsum(@I.. at II)::$LR4=vsum(@I.. at II)
 
 #+HTML: <div id="smallnote">
 The "net" column gives the actual value without VAT and PayPal fees.\\
-Last update: 2014-05-26
+Last update: 2014-06-25
 #+HTML: </div>
 
 * Hardware and service donations
diff --git a/web/index.org b/web/index.org
index 8467e96..b67c585 100644
--- a/web/index.org
+++ b/web/index.org
@@ -51,10 +51,21 @@ all [[file:news.org][news of previous years]] is also available.
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** GnuPG 2.0.25 and 1.4.18 released (2014-06-30)
+
+To fix a minor regression in the previous releases we released today
+new version sof GnuPG-1 and GnuPG-2: [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000346.html][{2.0.25}]], [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000347.html][{1.4.18}]]
+
+** GnuPG 2.0.24 released (2014-06-24)                             :important:
+
+GnuPG 2.0.24 is now available.  This GnuPG-2 release features a fix
+for a denial of service attack and a few other changes.  [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html][{more}]]
+
+
 ** GnuPG 1.4.17 released (2014-06-23)                             :important:
 
-GnuPG 1.4.17 is now available.  This release features a fix for a
-denial of service attack and a few other minor changes.  [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]]
+GnuPG 1.4.17 is now available.  This GnuPG-1 release features a fix
+for a denial of service attack and a few other minor changes.  [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]]
 
 
 ** GnuPG 2.0.23 released (2014-06-03)
diff --git a/web/swdb.mac b/web/swdb.mac
index d506d62..0840198 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -8,29 +8,29 @@
 #
 # GnuPG-2
 #
-#+macro: gnupg_ver     2.0.23
+#+macro: gnupg_ver     2.0.25
 #+macro: gnupg_branch  STABLE-BRANCH-2-0
-#+macro: gnupg_size    4196k
-#+macro: gnupg_sha1    c90e47ab95a40dd070fd75faef0a05c7b679553b
+#+macro: gnupg_size    4201k
+#+macro: gnupg_sha1    890d77d89f2d187382f95e83e386f2f7ba789436
 
 
 #
 # GnuPG-1
 #
-#+macro: gnupg1_ver      1.4.17
+#+macro: gnupg1_ver      1.4.18
 #+macro: gnupg1_branch   STABLE-BRANCH-1-4
-#+macro: gnupg1_size     3563k
-#+macro: gnupg1_size_gz  4929k
-#+macro: gnupg1_sha1     830c7f749ad92d6577c521addea5e5d920128d42
-#+macro: gnupg1_sha1_gz  d5b3c25901f182ea20c31f09669f44681c3aaa89
-#
-#+macro: gnupg1_patch_ver   1.4.15-1.4.16
-#+macro: gnupg1_patch_size  21k
-#+macro: gnupg1_patch_sha1  ff761de4efc3876c57199612c24b677208da7c10
-#
-#+macro: gnupg1_w32cli_ver  1.4.17
-#+macro: gnupg1_w32cli_size 1574k
-#+macro: gnupg1_w32cli_sha1 b2f0db9eebf028d27d0a119334e5e357773dd0d6
+#+macro: gnupg1_size     3564k
+#+macro: gnupg1_size_gz  4930k
+#+macro: gnupg1_sha1     41462d1a97f91abc16a0031b5deadc3095ce88ae
+#+macro: gnupg1_sha1_gz  ea7d66c3de7aaf46de9e8678f4fc4a8c329400b2
+#
+#+macro: gnupg1_patch_ver   1.4.17-1.4.18
+#+macro: gnupg1_patch_size  5k
+#+macro: gnupg1_patch_sha1  f30571f855b3ff8becff5378a884638da4c3cc9e
+#
+#+macro: gnupg1_w32cli_ver  1.4.18
+#+macro: gnupg1_w32cli_size 1575k
+#+macro: gnupg1_w32cli_sha1 579de2464528b436f39c5835e766867a1efa5fee
 
 
 #

commit 5517f6c45a9f80ac155318abf451fb208a875649
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jun 23 18:23:56 2014 +0200

    swdb: Update for GnuPG 1.4.17.

diff --git a/tools/append-to-donors.sh b/tools/append-to-donors.sh
index 58efff1..86697ad 100755
--- a/tools/append-to-donors.sh
+++ b/tools/append-to-donors.sh
@@ -4,7 +4,8 @@
 
 pgm="append-to-donors.sh"
 set -e
-PATH="/usr/local/bin:$PATH"
+
+PATH=/usr/local/bin:$PATH
 
 htdocs="/var/www/www/www.gnupg.org/htdocs"
 
@@ -44,6 +45,7 @@ find $journal_dir -type f -name 'journal-????????.log' -print \
     jdate=${jdate#journal-}
     jyear=$(echo $jdate |sed 's/\(....\).*/\1/')
     if [ "$jdate" -ge "$lastdate" ]; then
+        [ "$jdate" -gt "$lastdate" ] && lastline=0
         payproc-jrnl -F_lnr -Fdate -F'[name]' \
            -S "_lnr > $lastline" -Stype=C -Saccount==1 \
            --html --print "$journal_dir/journal-$jdate.log" \
diff --git a/web/index.org b/web/index.org
index 866e132..8467e96 100644
--- a/web/index.org
+++ b/web/index.org
@@ -51,6 +51,12 @@ all [[file:news.org][news of previous years]] is also available.
 # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed.  Just
 # point or paste the [[news.en.rss][RSS file]] into your aggregator.
 
+** GnuPG 1.4.17 released (2014-06-23)                             :important:
+
+GnuPG 1.4.17 is now available.  This release features a fix for a
+denial of service attack and a few other minor changes.  [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html][{more}]]
+
+
 ** GnuPG 2.0.23 released (2014-06-03)
 
 We are pleased to announce the availability of GnuPG 2.0.23.  This is
diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el
index 59920ee..15d4342 100644
--- a/web/share/gpgweb.el
+++ b/web/share/gpgweb.el
@@ -203,7 +203,9 @@
      (concat "cd " gpgweb-root-dir " && cd " stagedir
              "&& rsync -rlt --exclude \"*~\" ./ "
              "werner at trithemius.gnupg.org:"
-             "/var/www/www/www.gnupg.org/htdocs/"))))
+             "/var/www/www/www.gnupg.org/htdocs/ ;"
+             " ssh werner at trithemius.gnupg.org"
+             " touch /var/www/www/www.gnupg.org/htdocs/donate/donors.dat"))))
 
 
 (provide 'gpgweb)
diff --git a/web/swdb.mac b/web/swdb.mac
index b443bbf..d506d62 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -13,23 +13,24 @@
 #+macro: gnupg_size    4196k
 #+macro: gnupg_sha1    c90e47ab95a40dd070fd75faef0a05c7b679553b
 
+
 #
 # GnuPG-1
 #
-#+macro: gnupg1_ver      1.4.16
+#+macro: gnupg1_ver      1.4.17
 #+macro: gnupg1_branch   STABLE-BRANCH-1-4
-#+macro: gnupg1_size     3571k
-#+macro: gnupg1_size_gz  4955k
-#+macro: gnupg1_sha1     0bf5e475f3eb6f33d5474d017fe5bf66070e43f4
-#+macro: gnupg1_sha1_gz  ea40324a5b2e3a16ffb63ea0ccc950a3faf5b11c
+#+macro: gnupg1_size     3563k
+#+macro: gnupg1_size_gz  4929k
+#+macro: gnupg1_sha1     830c7f749ad92d6577c521addea5e5d920128d42
+#+macro: gnupg1_sha1_gz  d5b3c25901f182ea20c31f09669f44681c3aaa89
 #
 #+macro: gnupg1_patch_ver   1.4.15-1.4.16
-#+macro: gnupg1_patch_size  26k
-#+macro: gnupg1_patch_sha1  ead70b47218ba76da51c16b652bee2a712faf2f6
+#+macro: gnupg1_patch_size  21k
+#+macro: gnupg1_patch_sha1  ff761de4efc3876c57199612c24b677208da7c10
 #
-#+macro: gnupg1_w32cli_ver  1.4.16
-#+macro: gnupg1_w32cli_size 1573k
-#+macro: gnupg1_w32cli_sha1 82079c7c183467b4dd3795ca197983cd2494cec4
+#+macro: gnupg1_w32cli_ver  1.4.17
+#+macro: gnupg1_w32cli_size 1574k
+#+macro: gnupg1_w32cli_sha1 b2f0db9eebf028d27d0a119334e5e357773dd0d6
 
 
 #

-----------------------------------------------------------------------

Summary of changes:
 tools/append-to-donors.sh |    4 +++-
 web/donate/kudos.org      |    4 ++--
 web/index.org             |   17 +++++++++++++++++
 web/share/gpgweb.el       |    4 +++-
 web/swdb.mac              |   33 +++++++++++++++++----------------
 5 files changed, 42 insertions(+), 20 deletions(-)


hooks/post-receive
-- 
The GnuPG website and other docs
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul  1 10:13:41 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 01 Jul 2014 10:13:41 +0200
Subject: [git] GPA - branch, master, updated. gpa-0.9.4-39-g63592f5
Message-ID: <E1X1tBI-0000qG-J9@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Assistant".

The branch, master has been updated
       via  63592f5afe2e4415bb3962b87bf461d56c099aed (commit)
      from  6e65e5c676fcc8ba4035dbe9b97c0769e2d3eb40 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 63592f5afe2e4415bb3962b87bf461d56c099aed
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Add option --verbose and silence some diagnostics.
    
    * src/gpa.c (verbose): New.
    (option_entries): Add option --verbose.
    * src/server.c (gpa_check_server): Print some diagnostics only in
    verbose mode.

diff --git a/src/gpa.c b/src/gpa.c
index 1ff0c5e..73335bd 100644
--- a/src/gpa.c
+++ b/src/gpa.c
@@ -60,6 +60,9 @@ gboolean disable_ticker;
 /* True if the gpgme edit FSM shall output debug messages.  */
 gboolean debug_edit_fsm;
 
+/* True if verbose messages are requested.  */
+gboolean verbose;
+
 /* Local variables.  */
 typedef struct
 {
@@ -99,7 +102,7 @@ static void print_version (void);
 /* All command line options of the main application.  */
 static GOptionEntry option_entries[] =
   {
-    { "version", 'v', G_OPTION_FLAG_NO_ARG, G_OPTION_ARG_CALLBACK,
+    { "version", 'V', G_OPTION_FLAG_NO_ARG, G_OPTION_ARG_CALLBACK,
       (gpointer) &print_version,
       N_("Output version information and exit"), NULL, },
     { "keyring", 'k', 0, G_OPTION_ARG_NONE, &args.start_key_manager,
@@ -127,6 +130,8 @@ static GOptionEntry option_entries[] =
     /* Note:  the cms option will eventually be removed.  */
     { "cms", 'x', G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE,
       &cms_hack, NULL, NULL },
+    { "verbose", 'v',      G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE,
+      &verbose,  NULL, NULL },
     { "disable-ticker", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE,
       &disable_ticker, NULL, NULL },
     { "debug-edit-fsm", 0, G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE,
diff --git a/src/gpa.h b/src/gpa.h
index b21a0d0..56583fa 100644
--- a/src/gpa.h
+++ b/src/gpa.h
@@ -53,6 +53,7 @@ extern gchar *gnupg_homedir;
 extern gboolean cms_hack;
 extern gboolean disable_ticker;
 extern gboolean debug_edit_fsm;
+extern gboolean verbose;
 
 /* Show the keyring editor dialog.  */
 void gpa_open_key_manager (GtkAction *action, void *data);
diff --git a/src/server.c b/src/server.c
index 023eaf8..c7c7740 100644
--- a/src/server.c
+++ b/src/server.c
@@ -2082,8 +2082,9 @@ gpa_check_server (void)
                                  gpgme_get_dirinfo ("uiserver-socket"), 0, 0);
   if (err)
     {
-      g_message ("error connecting an UI server: %s - %s",
-                 gpg_strerror (err), "assuming not running");
+      if (verbose || gpg_err_code (err) != GPG_ERR_ASS_CONNECT_FAILED)
+        g_message ("error connecting an UI server: %s - %s",
+                   gpg_strerror (err), "assuming not running");
       result = 0;
       goto leave;
     }
@@ -2100,7 +2101,8 @@ gpa_check_server (void)
 
   if (name_check)
     {
-      g_message ("an instance of this program is already running");
+      if (verbose)
+        g_message ("an instance of this program is already running");
       result = 2;
     }
   else

-----------------------------------------------------------------------

Summary of changes:
 src/gpa.c    |    7 ++++++-
 src/gpa.h    |    1 +
 src/server.c |    8 +++++---
 3 files changed, 12 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Assistant
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul  1 10:42:12 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 01 Jul 2014 10:42:12 +0200
Subject: [git] GPA - branch, master, updated. gpa-0.9.4-40-g7ac3b9c
Message-ID: <E1X1tct-00014w-LP@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Assistant".

The branch, master has been updated
       via  7ac3b9c22e7dce33875fe6740c473a378763a905 (commit)
      from  63592f5afe2e4415bb3962b87bf461d56c099aed (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 7ac3b9c22e7dce33875fe6740c473a378763a905
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Fix warnings if build without card manager support
    
    * src/clipboard.c (clipboard_action_new) [ENABLE_CARD_MANAGER]:
    Exclude WindowsCardManager item.
    * src/fileman.c (fileman_action_new): Ditto.
    * src/keymanager.c (key_manager_action_new): Ditto.

diff --git a/src/clipboard.c b/src/clipboard.c
index 3b756b3..036b905 100644
--- a/src/clipboard.c
+++ b/src/clipboard.c
@@ -837,7 +837,9 @@ clipboard_action_new (GpaClipboard *clipboard,
     "      <menuitem action='WindowsKeyringEditor'/>"
     "      <menuitem action='WindowsFileManager'/>"
     "      <menuitem action='WindowsClipboard'/>"
+#ifdef ENABLE_CARD_MANAGER
     "      <menuitem action='WindowsCardManager'/>"
+#endif
     "    </menu>"
     "    <menu action='Help'>"
 #if 0
@@ -868,7 +870,9 @@ clipboard_action_new (GpaClipboard *clipboard,
     "    <separator/>"
     "    <toolitem action='WindowsKeyringEditor'/>"
     "    <toolitem action='WindowsFileManager'/>"
+#ifdef ENABLE_CARD_MANAGER
     "    <toolitem action='WindowsCardManager'/>"
+#endif
 #if 0
     "    <toolitem action='HelpContents'/>"
 #endif
@@ -911,8 +915,10 @@ clipboard_action_new (GpaClipboard *clipboard,
   g_object_set (action, "short_label", _("Keyring"), NULL);
   action = gtk_action_group_get_action (action_group, "WindowsFileManager");
   g_object_set (action, "short_label", _("Files"), NULL);
+#ifdef ENABLE_CARD_MANAGER
   action = gtk_action_group_get_action (action_group, "WindowsCardManager");
   g_object_set (action, "short_label", _("Card"), NULL);
+#endif
 
   /* Take care of sensitiveness of widgets.  */
   action = gtk_action_group_get_action (action_group, "EditCut");
diff --git a/src/fileman.c b/src/fileman.c
index d894742..cd00d0c 100644
--- a/src/fileman.c
+++ b/src/fileman.c
@@ -559,7 +559,9 @@ fileman_action_new (GpaFileManager *fileman, GtkWidget **menubar,
     "      <menuitem action='WindowsKeyringEditor'/>"
     "      <menuitem action='WindowsFileManager'/>"
     "      <menuitem action='WindowsClipboard'/>"
+#ifdef ENABLE_CARD_MANAGER
     "      <menuitem action='WindowsCardManager'/>"
+#endif
     "    </menu>"
     "    <menu action='Help'>"
 #if 0
@@ -581,7 +583,9 @@ fileman_action_new (GpaFileManager *fileman, GtkWidget **menubar,
     "    <separator/>"
     "    <toolitem action='WindowsKeyringEditor'/>"
     "    <toolitem action='WindowsClipboard'/>"
+#ifdef ENABLE_CARD_MANAGER
     "    <toolitem action='WindowsCardManager'/>"
+#endif
 #if 0
     "    <toolitem action='HelpContents'/>"
 #endif
@@ -622,8 +626,10 @@ fileman_action_new (GpaFileManager *fileman, GtkWidget **menubar,
   /* Fixup the icon theme labels which are too long for the toolbar.  */
   action = gtk_action_group_get_action (action_group, "WindowsKeyringEditor");
   g_object_set (action, "short_label", _("Keyring"), NULL);
+#ifdef ENABLE_CARD_MANAGER
   action = gtk_action_group_get_action (action_group, "WindowsCardManager");
   g_object_set (action, "short_label", _("Card"), NULL);
+#endif
 
   /* Take care of sensitiveness of widgets.  */
   action = gtk_action_group_get_action (action_group, "FileSign");
diff --git a/src/keymanager.c b/src/keymanager.c
index d5c9f96..84baf6a 100644
--- a/src/keymanager.c
+++ b/src/keymanager.c
@@ -242,6 +242,7 @@ key_manager_has_single_selection (gpointer param)
   return gpa_keylist_has_single_selection (self->keylist);
 }
 
+
 /* Return TRUE if the key list widget of the key manager has
    exactly one selected OpenPGP item.  Usable as a sensitivity
    callback.  */
@@ -990,7 +991,9 @@ key_manager_action_new (GpaKeyManager *self,
     "      <menuitem action='WindowsKeyringEditor'/>"
     "      <menuitem action='WindowsFileManager'/>"
     "      <menuitem action='WindowsClipboard'/>"
+#ifdef ENABLE_CARD_MANAGER
     "      <menuitem action='WindowsCardManager'/>"
+#endif
     "    </menu>"
 #ifdef ENABLE_KEYSERVER_SUPPORT
     "    <menu action='Server'>"
@@ -1021,7 +1024,9 @@ key_manager_action_new (GpaKeyManager *self,
     "    <separator/>"
     "    <toolitem action='WindowsFileManager'/>"
     "    <toolitem action='WindowsClipboard'/>"
+#ifdef ENABLE_CARD_MANAGER
     "    <toolitem action='WindowsCardManager'/>"
+#endif
 #if 0
     "    <toolitem action='HelpContents'/>"
 #endif
@@ -1095,8 +1100,10 @@ key_manager_action_new (GpaKeyManager *self,
   g_object_set (action, "short_label", _("Import"), NULL);
   action = gtk_action_group_get_action (action_group, "WindowsFileManager");
   g_object_set (action, "short_label", _("Files"), NULL);
+#ifdef ENABLE_CARD_MANAGER
   action = gtk_action_group_get_action (action_group, "WindowsCardManager");
   g_object_set (action, "short_label", _("Card"), NULL);
+#endif
 
   /* Take care of sensitiveness of widgets.  */
   action = gtk_action_group_get_action (action_group, "EditCopy");

-----------------------------------------------------------------------

Summary of changes:
 src/clipboard.c  |    6 ++++++
 src/fileman.c    |    6 ++++++
 src/keymanager.c |    7 +++++++
 3 files changed, 19 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Assistant
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul  1 15:39:51 2014
From: cvs at cvs.gnupg.org (by Zdeněk Hataš)
Date: Tue, 01 Jul 2014 15:39:51 +0200
Subject: [git] GPA - branch, master, updated. gpa-0.9.4-41-g07abf32
Message-ID: <E1X1yGw-00076G-S8@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Assistant".

The branch, master has been updated
       via  07abf32c7493179f7ee7fa191451f08aa5083cb6 (commit)
      from  7ac3b9c22e7dce33875fe6740c473a378763a905 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 07abf32c7493179f7ee7fa191451f08aa5083cb6
Author: Zden?k Hata? <zdenek.hatas at gmail.com>
Date:   Tue Jul 1 15:36:21 2014 +0200

    po: Update Czech translation

diff --git a/po/cs.po b/po/cs.po
index 71493a9..22b55ec 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -1,20 +1,18 @@
 # translation of cs.po to czech
-# Written by Zdenek Hatas <zdenek.hatas at gmail.com>
+# Written by Zdenek Hatas <zdenek.hatas at gmail.com>, 2007 - 2014
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: cs\n"
 "Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n"
-"PO-Revision-Date: 2007-05-24 15:04+0200\n"
+"PO-Revision-Date: 2014-06-05 08:46+0100\n"
 "Last-Translator: Zden?k Hata? <zdenek.hatas at gmail.com>\n"
 "Language-Team: czech <cs at li.org>\n"
 "Language: cs\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.0.2\n"
-"X-Poedit-Language: Czech\n"
-"X-Poedit-Country: CZECH REPUBLIC\n"
+"X-Generator: Poedit 1.5.4\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
 
@@ -26,148 +24,127 @@ msgstr "Zpr?va GPA"
 
 #. TRANSLATORS: The arguments are the filename, the integer size
 #. and the unit (such as KB or MB).
-#, fuzzy, c-format
+#, c-format
 msgid "The file %s is %llu%s large.  Do you really  want to open it?"
-msgstr ""
-"Soubor %s ji? existuje.\n"
-"Chcete jej p?epsat?"
+msgstr "Soubor %s je %llu%s  velk?. Opravdu jej chcete otev??t?"
 
 msgid "Save As..."
-msgstr ""
+msgstr "Ulo?it jako..."
 
-#, fuzzy
 msgid "Clipboard"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "Schr?nka"
 
-#, fuzzy
 msgid "_File"
-msgstr "/_Soubor"
+msgstr "_Soubor"
 
-#, fuzzy
 msgid "_Edit"
-msgstr "/_Upravit"
+msgstr "?pr_avy"
 
 msgid "Clear buffer"
-msgstr ""
+msgstr "Vypr?zdnit mezipam??"
 
 msgid "Open a file"
 msgstr "Otev??t soubor"
 
-#, fuzzy
 msgid "Save to a file"
-msgstr "Otev??t soubor"
+msgstr "Ulo?it do souboru"
 
-#, fuzzy
 msgid "Sign buffer text"
-msgstr "podepsat kl??"
+msgstr "Podepsat text v mezipam?ti"
 
-#, fuzzy
 msgid "Check signatures of buffer text"
-msgstr "Zkontrolovat podpis vybran?ho souboru"
+msgstr "Zkontrolovat podpis textu v mezipam?ti"
 
-#, fuzzy
 msgid "Encrypt the buffer text"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "?ifrovat text v mezipam?ti"
 
-#, fuzzy
 msgid "Decrypt the buffer text"
-msgstr "De?ifrovat vybran? soubor"
+msgstr "De?ifrovat text v mezipam?ti"
 
 msgid "Close the buffer"
-msgstr ""
+msgstr "Uzav??t mezipam??"
 
 msgid "Quit the program"
-msgstr ""
+msgstr "Ukon?it program"
 
-#, fuzzy
 msgid "Undo the last action"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "Vr?tit zp?t posledn? akci"
 
 msgid "Redo the last undone action"
-msgstr ""
+msgstr "Opakovat posledn? vr?cenou akci"
 
-#, fuzzy
 msgid "Cut the selection"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "Vyjmout v?b?r"
 
-#, fuzzy
 msgid "Copy the selection"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "Kop?rovat v?b?r"
 
-#, fuzzy
 msgid "Paste the clipboard"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "Vlo?it ze schr?nky"
 
-#, fuzzy
 msgid "Delete the selected text"
-msgstr "De?ifrovat vybran? soubor"
+msgstr "Smazat vybran? text"
 
 msgid "Select the entire document"
-msgstr ""
+msgstr "Vybrat cel? dokument"
 
-#, fuzzy
 msgid "Keyring"
-msgstr "Spr?vce kl???"
+msgstr "Kl??enka"
 
 msgid "Files"
 msgstr "Soubory"
 
-#, fuzzy
 msgid "Card"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "Karta"
 
 msgid "<b>Main</b>"
-msgstr ""
+msgstr "<b>Hlavn?</b>"
 
-#, fuzzy
 msgid "Use default values"
-msgstr "Standard-Schl?ssel festlegen"
+msgstr "Pou??t v?choz? hodnoty"
 
-#, fuzzy
 msgid "Use default value"
-msgstr "Standard-Schl?ssel festlegen"
+msgstr "Pou??t v?choz? hodnotu"
 
 msgid "Do not use option"
-msgstr ""
+msgstr "Nepou??vat tuto volbu"
 
 msgid "Use custom values"
-msgstr ""
+msgstr "Pou??t vlastn? hodnoty"
 
 msgid "Use custom value"
-msgstr ""
+msgstr "Pou??t vlastn? hodnotu"
 
-#, fuzzy
 msgid "Use default argument"
-msgstr "Empf?ngerliste festlegen"
+msgstr "Pou??t v?choz? argument"
 
 msgid ""
 "There are unapplied changes by you. Changing the expert setting will apply "
 "those changes.  Do you want to continue?"
 msgstr ""
+"Nebyly ulo?eny zm?ny, kter? jste provedl. P?epnut? nastaven? ?rovn? expert "
+"tyto zm?ny ulo??. P?ejete si pokra?ovat?"
 
 msgid "Crypto Backend Configuration"
-msgstr ""
+msgstr "Nastaven? ?ifrovac?ho backendu"
 
 msgid "Reset"
-msgstr ""
+msgstr "V?choz?"
 
 msgid "Configure the tools of the GnuPG system."
-msgstr ""
+msgstr "Nastavit n?stroje GnuPG syst?mu."
 
-#, fuzzy
 msgid "Level:"
-msgstr "?rove?"
+msgstr "?rove?:"
 
-#, fuzzy
 msgid "Basic"
-msgstr "_Zp?t"
+msgstr "Z?kladn?"
 
 msgid "Advanced"
-msgstr ""
+msgstr "Pokro?il?"
 
-#, fuzzy
 msgid "Expert"
-msgstr "Exportovat"
+msgstr "Expert"
 
 msgid "days"
 msgstr "dny"
@@ -188,18 +165,16 @@ msgid "unknown"
 msgstr "nezn?m?"
 
 msgid "Mr."
-msgstr ""
+msgstr "Pan"
 
 msgid "Ms."
-msgstr ""
+msgstr "Pan?"
 
-#, fuzzy
 msgid "(unknown)"
-msgstr "nezn?m?"
+msgstr "(nezn?m?)"
 
-#, fuzzy
 msgid "Encrypt documents"
-msgstr "Za?ifrovat soubor"
+msgstr "?ifrovat dokumenty"
 
 msgid "_Public Keys"
 msgstr "_Ve?ejn? kl??e"
@@ -244,16 +219,14 @@ msgid "Decrypt the selected file"
 msgstr "De?ifrovat vybran? soubor"
 
 msgid "Close the window"
-msgstr ""
+msgstr "Zav??t okno"
 
-#, fuzzy
 msgid "Select all files"
-msgstr "Vymazat v?echny soubory"
+msgstr "Vybrat v?echny soubory"
 
 msgid "File"
 msgstr "Soubor"
 
-#, fuzzy
 msgid "File Manager"
 msgstr "Spr?vce soubor?"
 
@@ -261,100 +234,83 @@ msgid "The file is already open."
 msgstr "Soubor je ji? otev?en?"
 
 msgid "Sign documents"
-msgstr ""
+msgstr "Podepsat dokumenty"
 
-#, fuzzy
 msgid "<b>Sign _as</b>"
-msgstr "Podeps_at jako"
+msgstr "<b>Podeps_at jako</b>"
 
-#, fuzzy
 msgid "<b>Signing Mode</b>"
-msgstr "M?d podpisu"
+msgstr "<b>M?d podpisu</b>"
 
-#, fuzzy
 msgid "Si_gn and compress"
-msgstr "podep_sat a komprimovat"
+msgstr "Podep_sat a komprimovat"
 
-#, fuzzy
 msgid "Clear_text signature"
-msgstr "podpis v ?ist?m _textu"
+msgstr "Clear _text podpis"
 
-#, fuzzy
 msgid "_Detached signature"
-msgstr "podpis v ?ist?m _textu"
+msgstr "O_dd?len? podpis"
 
-#, fuzzy
 msgid "Output version information and exit"
-msgstr "vypsat verzi a skon?it"
+msgstr "Vypsat informace o verzi a skon?it"
 
-#, fuzzy
 msgid "Open key manager (default)"
-msgstr "otev??t Spr?vce kl??? (v?choz?)"
+msgstr "Otev??t spr?vce kl??? (v?choz?)"
 
-#, fuzzy
 msgid "Open file manager"
-msgstr "otev??t Spr?vce soubor?"
+msgstr "Otev??t spr?vce soubor?"
 
-#, fuzzy
 msgid "Open the card manager"
-msgstr "Otev??t Spr?vce soubor?"
+msgstr "Otev??t spr?vce karet"
 
-#, fuzzy
 msgid "Open clipboard"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "Otev??t schr?nku"
 
-#, fuzzy
 msgid "Open the settings dialog"
-msgstr "Otev??t dialog Nastaven?"
+msgstr "Otev??t dialog nastaven?"
 
-msgid "Enable the UI server"
-msgstr ""
+#, fuzzy
+msgid "Only start the UI server"
+msgstr "Povolit UI server"
 
 msgid "Disable support for X.509"
-msgstr ""
+msgstr "Vypnout podporu pro X.509"
 
-#, fuzzy
 msgid "Read options from file"
-msgstr "??st mo?nosti ze souboru"
+msgstr "??st mo?nosti ze souboru"
 
-msgid "[FILE...]"
+msgid "Do not connect to a running instance"
 msgstr ""
 
-#, fuzzy
+msgid "[FILE...]"
+msgstr "[SOUBOR...]"
+
 msgid "Graphical frontend to GnuPG"
-msgstr ""
-"Syntaxe: gpa [mo?nosti]\n"
-"Grafick? rozhran? pro GnuPG\n"
+msgstr "Grafick? rozhran? pro GnuPG"
 
 msgid "Please report bugs to <"
 msgstr "Nahlaste pros?m chybu <"
 
-#, fuzzy
 msgid "_Windows"
-msgstr "/_Okna"
+msgstr "_Okna"
 
-#, fuzzy
 msgid "Open the keyring editor"
-msgstr "otev??t Spr?vce kl??? (v?choz?)"
+msgstr "Otev??t spr?vce kl??enky"
 
-#, fuzzy
 msgid "Open the file manager"
-msgstr "Otev??t Spr?vce soubor?"
+msgstr "Otev??t spr?vce soubor?"
 
-#, fuzzy
 msgid "Open the clipboard"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "Otev??t schr?nku"
 
-#, fuzzy
 msgid "Configure the application"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "Nastavit aplikaci"
 
-#, fuzzy
 msgid "_Backend Preferences"
-msgstr "/Upravit/Na_staven?"
+msgstr "Na_staven? backendu"
 
 msgid "Configure the backend programs"
-msgstr ""
+msgstr "Nastavit programy backednu"
 
 #, c-format
 msgid ""
@@ -378,9 +334,9 @@ msgstr "V pr?b?hu z?lohov?n? do?lo k chyb?."
 msgid "Backup key to file"
 msgstr "Z?lohovat kl?? do souboru"
 
-#, c-format
-msgid "Generating backup of key: %s"
-msgstr "Vytv???m z?lohu kl??e: %s"
+#, fuzzy, c-format
+msgid "Generating backup of key: 0x%s"
+msgstr "Vytv??? se z?lohu kl??e: %s"
 
 msgid "The keys have been copied to the clipboard."
 msgstr "Kl??e byly zkop?rov?ny do schr?nky."
@@ -396,7 +352,7 @@ msgid "The keys have been exported to %s."
 msgstr "Kl??e byly exportov?ny do %s."
 
 msgid "Only keys of the same procotol may be exported as a collection."
-msgstr ""
+msgstr "Pouze kl??e stejn?ho protokolu sm?j? b?t exportov?ny jako kolekce."
 
 #, c-format
 msgid ""
@@ -420,21 +376,21 @@ msgstr "Kl??e byly odesl?ny na server."
 msgid "Decrypting..."
 msgstr "De?ifruji...."
 
-#, fuzzy, c-format
+#, c-format
 msgid "\"%s\" contained no OpenPGP data."
-msgstr "Soubor \"%s\" neobsahuje ??dn? OpenPGP data."
+msgstr "\"%s\" neobsahoval OpenPGP data."
 
-#, fuzzy, c-format
+#, c-format
 msgid "The file \"%s\" contained no OpenPGPdata."
-msgstr "Soubor \"%s\" neobsahuje ??dn? OpenPGP data."
+msgstr "Soubor \"%s\" neobsahoval OpenPGP data."
 
-#, fuzzy, c-format
+#, c-format
 msgid "\"%s\" contained no valid encrypted data."
-msgstr "Soubor \"%s\" neobsahuje platn? ?ifrovan? data."
+msgstr "\"%s\" neobsahoval platn? ?ifrovan? data."
 
-#, fuzzy, c-format
+#, c-format
 msgid "The file \"%s\" contained no validencrypted data."
-msgstr "Soubor \"%s\" neobsahuje platn? ?ifrovan? data."
+msgstr "Soubor \"%s\" neobsahoval platn? ?ifrovan? data."
 
 msgid "Wrong passphrase!"
 msgstr "Neplatn? heslo!"
@@ -445,9 +401,8 @@ msgstr "?ifruji ..."
 msgid "Unknown Key"
 msgstr "Nezn?m? kl??"
 
-#, fuzzy
 msgid "You are going to encrypt a document using the following key:"
-msgstr "Hodl?te za?ifrovat soubor n?sleduj?c?m kl??em:"
+msgstr "Hodl?te za?ifrovat dokument n?sleduj?c?m kl??em:"
 
 msgid "However, it is not certain that the key belongs to that person."
 msgstr "Nicm?n? nen? jist?, ?e kl?? pat?? t?to osob?."
@@ -461,7 +416,6 @@ msgstr "Zneplatn?n? kl??"
 msgid "_Close"
 msgstr "_Zav??t"
 
-#, fuzzy
 msgid "The following key has been revoked by its owner:"
 msgstr "N?sleduj?c? kl?? byl zneplatn?n vlastn?kem:"
 
@@ -477,6 +431,8 @@ msgid ""
 "OpenPGP and X.509 certificates. Please make sure to select only certificates "
 "of the same type."
 msgstr ""
+"Vybran? certifik?ty nejsou stejn?ho typu. To znamen?, ?e m?ch?te certifik?ty "
+"OpenPGP a X.509. Ujist?te se pros?m, ?e vol?te certifik?ty stejn?ho typu."
 
 msgid "You didn't select any key for signing"
 msgstr "Nevybrali jste ??dn? kl?? pro podpis"
@@ -500,11 +456,10 @@ msgstr ""
 "Nalezen? soubor: %s"
 
 msgid "Generating Key..."
-msgstr "Vytv???m kl?? ..."
+msgstr "Vytv??? se kl?? ..."
 
-#, fuzzy
 msgid "Import keys from file"
-msgstr "Nahr?t ve?ejn? kl??e ze souboru"
+msgstr "Importovat kl??e ze souboru"
 
 msgid "No keys were found."
 msgstr "Nebyly nalezeny ??dn? kl??e."
@@ -554,32 +509,26 @@ msgstr "Kter? kl?? chcete z?skat? (Mus?te zadat ID kl??e)."
 msgid "Key _ID:"
 msgstr "_ID kl??e:"
 
-#, fuzzy
 msgid "Decrypting message ..."
-msgstr "De?ifruji...."
+msgstr "Zpr?va je de?ifrov?na ..."
 
-#, fuzzy
 msgid "Document"
-msgstr "Bemerkung:"
+msgstr "Dokument"
 
-#, fuzzy
 msgid "Encrypting message ..."
-msgstr "?ifruji ..."
+msgstr "Zpr?va je ?ifrov?na ..."
 
-#, fuzzy
 msgid "Message encryption"
-msgstr "Sm? ?ifrovat"
+msgstr "?ifrov?n? zpr?vy"
 
-#, fuzzy
 msgid "Signing message ..."
-msgstr "Podepisuji ..."
+msgstr "Zpr?va je podepisov?na ..."
 
 msgid "Message signing"
-msgstr ""
+msgstr "Zprava je podepisov?na"
 
-#, fuzzy
 msgid "Verifying message ..."
-msgstr "Ov??uji ..."
+msgstr "Zpr?va je ov??ov?na..."
 
 msgid "Subkey ID"
 msgstr "ID podkl??e"
@@ -587,51 +536,56 @@ msgstr "ID podkl??e"
 msgid "Status"
 msgstr "Stav"
 
-msgid "Algorithm"
+#, fuzzy
+msgid "Algo"
 msgstr "Algoritmus"
 
 msgid "Size"
 msgstr "Velikost"
 
-msgid "Expiry Date"
-msgstr "Platnost do"
+#, fuzzy
+msgid "Created"
+msgstr "Vytvo?en:"
+
+#, fuzzy
+msgid "Expires"
+msgstr "Vypr?ela platnost"
 
-msgid "[S]"
+msgid "S"
 msgstr ""
 
 msgid "Can sign"
 msgstr "Sm? podepisovat"
 
-msgid "[C]"
+msgid "C"
 msgstr ""
 
 msgid "Can certify"
 msgstr "Sm? certifikovat"
 
-msgid "[E]"
+msgid "E"
 msgstr ""
 
 msgid "Can encrypt"
 msgstr "Sm? ?ifrovat"
 
-msgid "[A]"
+msgid "A"
 msgstr ""
 
 msgid "Can authenticate"
 msgstr "Sm? autentizovat"
 
-msgid "[T]"
+msgid "T"
 msgstr ""
 
-#, fuzzy
 msgid "Secret key stored on a smartcard."
-msgstr "Schl?sseleditor f?r geheimen Schl?ssel"
+msgstr "Soukrom? kl?? byl ulo?en na kart?."
 
 msgid "Card S/N"
-msgstr ""
+msgstr "S? karty"
 
 msgid "Serial number of the smart card."
-msgstr ""
+msgstr "V?robn? ??slo ?ipov? karty."
 
 msgid "Revoked"
 msgstr "Zneplatn?n"
@@ -677,12 +631,14 @@ msgstr ""
 "Neplatn? m?d pro vkl?d?n? data vypr?en?."
 
 msgid "(not set)"
-msgstr ""
+msgstr "(nen? nastaveno)"
 
 msgid ""
 "Keys are already stored on the card.\n"
 "Really replace existing keys?"
 msgstr ""
+"Kl??e jsou ji? na kart? ulo?en?.\n"
+"Opravdu p?epsat existuj?c? kl??e?"
 
 #, c-format
 msgid ""
@@ -700,7 +656,7 @@ msgstr ""
 "\n"
 "Program bude ukon?en"
 
-#, fuzzy, c-format
+#, c-format
 msgid ""
 "The GPGME library returned an unexpected\n"
 "error at %s:%d. The error was:\n"
@@ -711,12 +667,12 @@ msgid ""
 "%s will now try to recover from this error."
 msgstr ""
 "Knihovna GPGME vr?tila neo?ek?vanou\n"
-"chybu. Chyba je:\n"
+"chybu v %s:%d . Chyba je:\n"
 "\n"
 "\t%s\n"
 "\n"
-"Toto je z?ejm? chyba v GPA.\n"
-"GPA se pokus? obnovit z chybov?ho stavu."
+"Toto je z?ejm? probl?m v instalaci nebo chyba v %s.\n"
+"%s se pokus? obnovit z chybov?ho stavu."
 
 #, c-format
 msgid ""
@@ -800,76 +756,74 @@ msgstr "P?ibli?n?"
 msgid "Positive"
 msgstr "Pozitivn?"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Bad signature by %s: %s"
-msgstr "Podpis: %s"
+msgstr "Neplatn? podpis od %s: %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Bad signature by %s"
-msgstr "Podpis: %s"
+msgstr "Neplatn? podpis od %s"
 
 #, c-format
 msgid "Bad signature by unknown key %s: %s"
-msgstr ""
+msgstr "Neplatn? podpis nezn?m?m kl??em %s: %s"
 
 #, c-format
 msgid "Bad signature by unknown key %s"
-msgstr ""
+msgstr "Neplatn? podpis nezn?m?m kl??em %s"
 
 #, c-format
 msgid "Bad signature by unknown key: %s"
-msgstr ""
+msgstr "Neplatn? podpis nezn?m?m kl??em: %s"
 
-#, fuzzy
 msgid "Bad signature by unknown key"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Neplatn? podpis nezn?m?m kl??em"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Good signature by %s: %s"
-msgstr "Podpis: %s"
+msgstr "Platn? podpis od %s: %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Good signature by %s"
-msgstr "Podpis: %s"
+msgstr "Platn? podpis od %s"
 
 #, c-format
 msgid "Good signature by unknown key %s: %s"
-msgstr ""
+msgstr "Platn? podpis nezn?m?m kl??em %s: %s"
 
 #, c-format
 msgid "Good signature by unknown key %s"
-msgstr ""
+msgstr "Platn? podpis nezn?m?m kl??em %s"
 
 #, c-format
 msgid "Good signature by unknown key: %s"
-msgstr ""
+msgstr "Platn? podpis nezn?m?m kl??em: %s"
 
 msgid "Good signature by unknown key"
-msgstr ""
+msgstr "Platn? podpis nezn?m?m kl??em"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Uncertain signature by %s: %s"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis od %s: %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Uncertain signature by %s"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis od %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Uncertain signature by unknown key %s: %s"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis nezn?m?m kl??em %s: %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Uncertain signature by unknown key %s"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis nezn?m?m kl??em %s"
 
-#, fuzzy, c-format
+#, c-format
 msgid "Uncertain signature by unknown key: %s"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis nezn?m?m kl??em: %s"
 
-#, fuzzy
 msgid "Uncertain signature by unknown key"
-msgstr "Ung?ltiger Signaturtyp"
+msgstr "Nejist? podpis nezn?m?m kl??em"
 
 msgid "The key can be used for certification, signing and encryption."
 msgstr "Tento kl?? sm? b?t pou?it pro certifikaci, podpis a ?ifrov?n?."
@@ -902,40 +856,37 @@ msgid "This key is useless."
 msgstr "Tento kl?? je nepou?iteln?."
 
 msgid "A required engine component is not installed."
-msgstr ""
+msgstr "Po?adovan? komponenta stroje nen? instalovan?."
 
 msgid "Calling the crypto engine program failed."
-msgstr ""
+msgstr "Vol?n? programu ?ifrovac?ho stroje selhalo."
 
 msgid "You must enter a name."
-msgstr ""
+msgstr "Mus?te zadat jm?no."
 
 msgid "Invalid character in name."
-msgstr ""
+msgstr "Neplatn? znak ve jm?nu."
 
 msgid "Name may not start with a digit."
-msgstr ""
+msgstr "Jm?no nem??e za??nat ??slic?."
 
-#, fuzzy
 msgid "Name is too short."
-msgstr "Diese Name ist zu lang."
+msgstr "Jm?no je p??li? kr?tk?."
 
 msgid "Email address is not valid."
-msgstr ""
+msgstr "E-mailov? adresa nen? platn?."
 
 msgid "Invalid character in comments."
-msgstr ""
+msgstr "Neplatn? znak v koment???ch."
 
 msgid "Error"
 msgstr "Fehler"
 
-#, fuzzy
 msgid "Message"
-msgstr "Zpr?va GPA"
+msgstr "Zpr?va"
 
-#, fuzzy
 msgid "GPA is the GNU Privacy Assistant."
-msgstr "Co je GNU Privacy Assistant"
+msgstr "GPA je GNU Privacy Assistant"
 
 msgid "About GPA"
 msgstr "O GPA"
@@ -943,54 +894,43 @@ msgstr "O GPA"
 #. TRANSLATORS: The translation of this string should
 #. be your name and mail
 msgid "translator-credits"
-msgstr ""
+msgstr "Zden?k Hata? <zdenek.hatas at gmail.com>"
 
-#, fuzzy
 msgid "_Help"
-msgstr "/_N?pov?da"
+msgstr "_N?pov?da"
 
-#, fuzzy
 msgid "Open the GPA manual"
-msgstr "Otev??t Spr?vce soubor?"
+msgstr "Otev??t n?vod GPA"
 
-#, fuzzy
 msgid "About this application"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "O t?to aplikaci"
 
-#, fuzzy
 msgid "_Verify"
-msgstr "Ov??it"
+msgstr "O_v??it"
 
 msgid "_Encrypt"
 msgstr "_Verschl?sseln"
 
-#, fuzzy
 msgid "_Decrypt"
-msgstr "De?ifrovat"
+msgstr "_De?ifrovat"
 
-#, fuzzy
 msgid "_Brief"
-msgstr "Stru?n?"
+msgstr "_Stru?n?"
 
-#, fuzzy
 msgid "_Detailed"
-msgstr "Podrobn?"
+msgstr "Po_drobn?"
 
-#, fuzzy
 msgid "_Keyring Manager"
-msgstr "Spr?vce soubor?"
+msgstr "Spr?vce _kl??enky"
 
-#, fuzzy
 msgid "_Clipboard"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "S_chr?nka"
 
-#, fuzzy
 msgid "_File Manager"
-msgstr "Spr?vce soubor?"
+msgstr "Spr?vce _soubor?"
 
-#, fuzzy
 msgid "_Card Manager"
-msgstr "Spr?vce soubor?"
+msgstr "Spr?vce _karet"
 
 msgid "Removing Secret Key"
 msgstr "Odstra?uji soukrom? kl??"
@@ -1036,27 +976,29 @@ msgstr "Upravit kl??"
 msgid "Change _passphrase"
 msgstr "Zm?nit _heslo"
 
+msgid "Expiry Date"
+msgstr "Platnost do"
+
 msgid "Change _expiration"
 msgstr "Zm?nit _dobu platnosti"
 
 msgid "RSA"
-msgstr ""
+msgstr "RSA"
 
 msgid "RSA (sign only)"
 msgstr "RSA (jen podpis)"
 
 msgid "DSA"
-msgstr ""
+msgstr "DSA"
 
 msgid "DSA (sign only)"
 msgstr "DSA (jen podpis)"
 
 msgid "You must enter a key size."
-msgstr ""
+msgstr "Mus?te zadat velikost kl??e."
 
-#, fuzzy
 msgid "Generate card key"
-msgstr "Vytvo?it kl??"
+msgstr "Vytvo?it kl?? karty"
 
 msgid "Generate key"
 msgstr "Vytvo?it kl??"
@@ -1067,12 +1009,11 @@ msgstr "_Algoritmus: "
 msgid "_Key size (bits): "
 msgstr "D?lka _kl??e (v bitech): "
 
-#, fuzzy
 msgid "User ID: "
-msgstr "ID _u?ivatele:"
+msgstr "ID u?ivatele:"
 
 msgid "_Name: "
-msgstr ""
+msgstr "_Jm?no:"
 
 msgid "_Email: "
 msgstr "_E-Mail: "
@@ -1080,19 +1021,20 @@ msgstr "_E-Mail: "
 msgid "_Comment: "
 msgstr "_Koment??: "
 
-#, fuzzy
 msgid "_Expires: "
-msgstr "Vypr??:"
+msgstr "_Vypr??:"
 
-#, fuzzy
 msgid "Backup: "
-msgstr "Z?lohovat kl??e"
+msgstr "Z?loha:"
 
 msgid ""
 "If checked the encryption key will be created and stored to a backup file "
 "and then loaded into the card.  This is recommended so that encrypted "
 "messages can be decrypted even if the card has a malfunction."
 msgstr ""
+"Pokud je za?krtnuto, bude ?ifrovac? kl?? vytvo?en a ulo?en v z?lo?n?m "
+"souboru a pot? nahr?n do karty. Tato volba je doporu?ena v p??pad?, kdy mus? "
+"b?t za?ifrovan? zpr?va de?ifrovateln? i v p??pad? poruchy karty."
 
 msgid ""
 "Please insert your full name.\n"
@@ -1108,7 +1050,6 @@ msgstr ""
 msgid "Your Name:"
 msgstr "Va?e jm?no:"
 
-#, fuzzy
 msgid ""
 "Please insert your email address.\n"
 "\n"
@@ -1144,11 +1085,11 @@ msgid ""
 "\n"
 "Even on fast computers this may take a while. Please be patient."
 msgstr ""
-"Vytv???m v?? kl??.\n"
+"Vytv??? se v?? kl??.\n"
 "\n"
 "I na v?konn?m po??ta?i m??e tato operace chv?li trvat. Pros?m vy?kejte."
 
-#, fuzzy, c-format
+#, c-format
 msgid ""
 "Congratulations!\n"
 "\n"
@@ -1157,7 +1098,8 @@ msgid ""
 msgstr ""
 "Gratuluji!\n"
 "\n"
-"Pr?v? jste vytvo?ili kl??. Kl?? je trvale platn? a jeho d?lka je 1024 bit?."
+"Pr?v? jste ?sp??n? vytvo?ili kl??. Tento kl?? je trvale platn?, jeho d?lka "
+"je %d bit?."
 
 msgid ""
 "GnuPG is rebuilding the trust database.\n"
@@ -1170,13 +1112,18 @@ msgid ""
 "This columns lists the type of the certificate.  A 'P' denotes OpenPGP and a "
 "'X' denotes X.509 (S/MIME)."
 msgstr ""
+"Tento sloupec indikuje typ certifik?tu. P?smeno 'P' znamen? OpenPGP, 'X' "
+"znamen? X.509 (S/MIME)."
 
-#, fuzzy
 msgid "The key ID is a short number to identify a certificate."
-msgstr "Tento kl?? sm? b?t pou?it pouze pro certifikaci."
+msgstr "ID kl??e je kr?tk? ??slo k identifikaci certifik?tu."
+
+#, fuzzy
+msgid "The Creation Date is the date the certificate was created."
+msgstr "Datum vypr?en? je datum, do kter?ho je certifik?t platn?."
 
 msgid "The Expiry Date is the date until the certificate is valid."
-msgstr ""
+msgstr "Datum vypr?en? je datum, do kter?ho je certifik?t platn?."
 
 msgid "Owner Trust"
 msgstr "D?v?ra ve vlastn?ka"
@@ -1186,19 +1133,26 @@ msgid ""
 "holder of the certificate to correctly sign (certify) other certificates.  "
 "It is only meaningful for OpenPGP."
 msgstr ""
+"V?mi nastaven? d?v?ra ve vlastn?ka popisuje jak dalece v???te, ?e dr?itel "
+"certifik?tu korektn? podepisuje (certifikuje) ostatn? certifik?ty. To m? "
+"smysl pouze pro OpenPGP."
 
 msgid "Validity"
-msgstr "G?ltigkeit"
+msgstr "Platnost"
 
 msgid ""
 "The Validity describes the trust level the system has in this certificate.  "
 "That is how sure it is that the named user is actually that user."
 msgstr ""
+"Platnost popisuje ?rove? d?v?ry syst?mu v??i tomuto certifik?tu. ??k?, jak "
+"jste si jisti, ?e dan? u?ivatel je skute?n? t?m, za koho se vyd?v?."
 
 msgid ""
 "The User Name is the name and often also the email address  of the "
 "certificate."
 msgstr ""
+"U?ivatelsk? jm?no je vlastn? jm?no a v?t?inou tak? emailov? adresa "
+"certifik?tu."
 
 msgid "No keys selected for signing."
 msgstr "Nebyl vybr?n kl?? pro podpis."
@@ -1223,94 +1177,77 @@ msgstr ""
 msgid "_Backup key now"
 msgstr "_Z?lohovat kl?? nyn?"
 
-#, fuzzy
 msgid "_Keys"
-msgstr "/_Kl??e"
+msgstr "_Kl??e"
 
-#, fuzzy
 msgid "_Server"
-msgstr "/_Server"
+msgstr "_Server"
 
-#, fuzzy
 msgid "Select all certificates"
-msgstr "R?ckrufurkunde erzeugen"
+msgstr "Vybrat v?echny certifik?ty"
 
 msgid "Refresh the keyring"
 msgstr "Aktualizovat keyring"
 
-#, fuzzy
 msgid "_New key..."
-msgstr "/Kl??e/_Nov? kl??..."
+msgstr "_Nov? kl??..."
 
-#, fuzzy
 msgid "Generate a new key"
-msgstr "Vytvo?it kl??"
+msgstr "Vytvo?it nov? kl??"
 
 msgid "_Delete keys"
-msgstr "Schl?ssel _l?schen"
+msgstr "Smazat kl??e"
 
 msgid "Remove the selected key"
 msgstr "Odstranit vybran? kl??"
 
-#, fuzzy
 msgid "_Sign Keys..."
-msgstr "/Podep_sat kl??e..."
+msgstr "Podep_sat kl??e..."
 
 msgid "Sign the selected key"
 msgstr "Podepsat vybran? kl??"
 
-#, fuzzy
 msgid "Set _Owner Trust..."
-msgstr "/Nastavit ?rove? d?v?ry..."
+msgstr "Nastavit ?r_ove? d?v?ry..."
 
-#, fuzzy
 msgid "Set owner trust of the selected key"
-msgstr "Odstranit vybran? kl??"
+msgstr "Nastavit ?rove? d?v?ry zvolen?ho kl??e"
 
-#, fuzzy
 msgid "_Edit Private Key..."
-msgstr "/Upravit soukrom? kl??..."
+msgstr "Upravit _soukrom? kl??..."
 
 msgid "Edit the selected private key"
 msgstr "Upravit vybran? soukrom? kl??"
 
-#, fuzzy
 msgid "_Import Keys..."
-msgstr "Importovat kl??e"
+msgstr "_Importovat kl??e..."
 
 msgid "Import Keys"
 msgstr "Importovat kl??e"
 
-#, fuzzy
 msgid "E_xport Keys..."
-msgstr "/E_xportovat kl??e..."
+msgstr "E_xportovat kl??e..."
 
 msgid "Export Keys"
 msgstr "Exportovat kl??e"
 
-#, fuzzy
 msgid "_Backup..."
-msgstr "/_Z?lohovat..."
+msgstr "_Z?lohovat..."
 
-#, fuzzy
 msgid "Backup key"
-msgstr "Z?lohovat kl??e"
+msgstr "Z?lohovat kl??"
 
-#, fuzzy
 msgid "_Retrieve Keys..."
-msgstr "/Server/_Z?skat kl??e..."
+msgstr "_Z?skat kl??e..."
 
-#, fuzzy
 msgid "Retrieve keys from server"
-msgstr "Schl?ssel vom Key-Server _empfangen:"
+msgstr "Z?skat kl??e ze serveru"
 
-#, fuzzy
 msgid "_Send Keys..."
-msgstr "/Podep_sat kl??e..."
+msgstr "Ode_slat kl??e..."
 
-#, fuzzy
 msgid "Send keys to server"
-msgstr "/Odeslat kl??e na _server..."
+msgstr "Odeslat kl??e na server..."
 
 msgid "Show Brief Keylist"
 msgstr "Zobrazit stru?n? seznam kl???"
@@ -1322,7 +1259,7 @@ msgid "Edit"
 msgstr "Upravit"
 
 msgid "Delete"
-msgstr "L?schen"
+msgstr "Smazat"
 
 msgid "Sign"
 msgstr "Podepsat"
@@ -1333,21 +1270,17 @@ msgstr "Exportovat"
 msgid "Import"
 msgstr "Importovat"
 
-#, fuzzy
 msgid "Selected default key:"
-msgstr "Vybran? v?choz? kl??:"
+msgstr "Zvolen? v?choz? kl??:"
 
-#, fuzzy
 msgid "No default key selected in the preferences."
-msgstr "Keine zu sch?tzenden Dateien ausgew?hlt."
+msgstr "V p?edvolb?ch nebyl zvolen ??dn? v?choz? kl??."
 
-#, fuzzy
 msgid "Key Manager"
-msgstr "Spr?vce soubor?"
+msgstr "Spr?vce kl???"
 
-#, fuzzy
 msgid "The key has both a smartcard based private part and a public part"
-msgstr "Kl?? m? soukromou i ve?ejnou ??st"
+msgstr "Kl?? m? soukromou i ve?ejnou ??st ulo?enou na ?ipov? kart?"
 
 msgid "The key has both a private and a public part"
 msgstr "Kl?? m? soukromou i ve?ejnou ??st"
@@ -1369,9 +1302,8 @@ msgstr[0] "%d kl??? vybr?no"
 msgstr[1] "%d kl??? vybr?no"
 msgstr[2] "%d kl??? vybr?no"
 
-#, fuzzy
 msgid "User name:"
-msgstr "Jm?no u?ivatele:"
+msgstr "U?ivatelsk? jm?no:"
 
 msgid "Fingerprint:"
 msgstr "Otisk:"
@@ -1382,11 +1314,9 @@ msgstr "Vypr??:"
 msgid "Owner Trust:"
 msgstr "D?v?ra ve vlastn?ka:"
 
-#, fuzzy
 msgid "Key validity:"
 msgstr "Platnost kl??e:"
 
-#, fuzzy
 msgid "Key type:"
 msgstr "Typ kl??e:"
 
@@ -1399,9 +1329,8 @@ msgstr "Podrobnosti"
 msgid "Show signatures on user name:"
 msgstr "Zobrazit podpisy u jm?na u?ivatele:"
 
-#, fuzzy
 msgid "Chain"
-msgstr "Sm? podepisovat"
+msgstr "?et?z"
 
 msgid "Signatures"
 msgstr "Podpisy"
@@ -1412,9 +1341,8 @@ msgstr "V?echny podpisy"
 msgid "Subkeys"
 msgstr "Podkl??e"
 
-#, fuzzy
 msgid "Key"
-msgstr "/_Kl??e"
+msgstr "Kl??"
 
 msgid "Sign Key"
 msgstr "Podepsat kl??"
@@ -1446,6 +1374,12 @@ msgid ""
 "Please install a CMS engine or invoke this program\n"
 "with the option --disable-x509 ."
 msgstr ""
+"Nejsp?? nen? nainstalov?n ??dn? CMS.\n"
+"\n"
+"Podpora X.509 bude do?asn? vypnuta.\n"
+"\n"
+"Nainstalujte pros?m CMS nebo spou?t?jte tento program\n"
+"s parametrem --disable-x509 ."
 
 msgid ""
 "The private key you selected as default is no longer available.\n"
@@ -1557,97 +1491,99 @@ msgstr "Heslo: "
 msgid "Repeat Passphrase: "
 msgstr "Opakovat heslo: "
 
-#, fuzzy
 msgid "Recipient"
-msgstr "_Empf?nger"
+msgstr "P??jemce"
 
 msgid ""
 "Shows the recipients of the message. A key needs to be assigned to each "
 "recipient."
-msgstr ""
+msgstr "Zobraz? p??jemce zpr?vy. Ke ka?d?mu p??jemci mus? b?t p?i?azen kl??."
 
 msgid "Checked if at least one matching OpenPGP certificate has been found."
 msgstr ""
+"Zkontrolujte zda byl nalezen alespo? jeden odpov?daj?c? OpenPGP certifik?t."
 
 msgid ""
 "Checked if at least one matching X.509 certificate for use with S/MIME has "
 "been found."
 msgstr ""
+"Zkontrolujte zda byl nalezen alespo? jeden odpov?daj?c? X.509 certifik?t pro "
+"pou?it? s S/MIME."
 
 msgid ""
 "Shows the key ID of the selected key or an indication that a key needs to be "
 "selected."
-msgstr ""
+msgstr "Zobraz? ID vybran?ho kl??e  nebo upozorn?n?, ?e kl?? mus? b?t vybr?n."
 
 msgid ""
 "You need to select a key for each recipient.\n"
 "To select a key right-click on the respective line."
 msgstr ""
+"Mus?te vybrat kl?? pro ka?d?ho p??jemce.\n"
+"V?b?r provedete kliknut?m prav?ho tla??tka my?i na p??slu?n? ??dek."
 
 msgid ""
 "You need to select exactly one key for each recipient.\n"
 "To select a key right-click on the respective line."
 msgstr ""
+"Mus?te vybrat pr?v? jeden kl?? pro ka?d?ho p??jemce.\n"
+"V?b?r provedete kliknut?m prav?ho tla??tka my?i na p??slu?n? ??dek."
 
 msgid ""
 "Although you selected keys for all recipients a common encryption protocol "
 "can't be used. Please decide on one protocol by clicking one of the above "
 "radio buttons."
 msgstr ""
+"P?esto?e jste vybrali kl??e pro v?echny p??jemce, nem??e b?t pou?it obvykl? "
+"?ifrovac? protokol. Vyberte a za?krtn?te pros?m jeden z nab?zen?ch protokol?."
 
-#, fuzzy
 msgid "Using OpenPGP for encryption."
-msgstr "Passwortsatz f?r Entschl?sselung fehlt"
+msgstr "Pou??t OpenPGP pro ?ifrov?n?."
 
 msgid "Using S/MIME for encryption."
-msgstr ""
+msgstr "Pro ?ifrov?n? je pou??v?no S/MIME."
 
-#, fuzzy
 msgid "No recipients - encryption is not possible"
-msgstr "Es sind keine Empf?nger ausgew?hlt."
+msgstr "??dn? p??jemci - ?ifrov?n? nen? mo?n?"
 
 msgid "[Ambiguous keys. Right-click to select]"
-msgstr ""
+msgstr "[Nejednozna?n? kl??e. Vyberte prav?m tla??tkem my?i]"
 
 msgid "[Ambiguous PGP key.  Right-click to select]"
-msgstr ""
+msgstr "[Nejednozna?n? PGP kl??. Vyberte prav?m tla??tkem my?i]"
 
 msgid "[Ambiguous X.509 key. Right-click to select]"
-msgstr ""
+msgstr "[Nejednozna?n? X.509 kl??. Vyberte prav?m tla??tkem my?i]"
 
 msgid "[Right-click to select]"
-msgstr ""
+msgstr "[Vybrat prav?m tla??tkem my?i]"
 
 msgid "Select _PGP key..."
-msgstr ""
+msgstr "Zvolit _PGP kl??..."
 
 msgid "Select _S\\/MIME key..."
-msgstr ""
+msgstr "Zvolit _S\\/MIME kl??..."
 
 msgid "Toggle _Ignore flag"
-msgstr ""
+msgstr "P?epnout _ignore p??znak"
 
-#, fuzzy
 msgid "Select keys for recipients"
-msgstr "Schl?ssel von Empf?ngern _entfernen"
+msgstr "Vybrat kl??e p??jemc?"
 
-#, fuzzy
 msgid "_Recipient list"
-msgstr "_Empf?nger"
+msgstr "Seznam _p??jemc?"
 
 msgid "Use _PGP"
-msgstr ""
+msgstr "Pou??t _PGP"
 
 msgid "Use _X.509"
-msgstr ""
+msgstr "Pou??t _X.509"
 
-#, fuzzy
 msgid "_Auto selection"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "_Automatick? v?b?r"
 
-#, fuzzy
 msgid "Select a key"
-msgstr "Vybran? v?choz? kl??:"
+msgstr "Vybrat kl??"
 
 msgid "No error"
 msgstr "Bez chyb"
@@ -1714,47 +1650,41 @@ msgstr "Zadali jste neplatn? server kl???"
 msgid "Local"
 msgstr "Lok?ln?"
 
-#, fuzzy
 msgid "Local, Keyserver"
-msgstr "An _Key-Server senden: "
+msgstr "Lok?ln?, server kl???"
 
-#, fuzzy
 msgid "Local, PKA"
-msgstr "Lok?ln?"
+msgstr "Lok?ln?, PKA"
 
 msgid "Local, PKA, Keyserver"
-msgstr ""
+msgstr "Lok?ln?, PKA,  Server kl???"
 
 msgid "Local, Keyserver, PKA"
-msgstr ""
+msgstr "Lok?ln?, Server kl???, PKA"
 
-#, fuzzy
 msgid "Local, kDNS"
-msgstr "Lok?ln?"
+msgstr "Lok?ln?, kDNS"
 
 msgid "Local, kDNS, Keyserver"
-msgstr ""
+msgstr "Lok?ln?, kDNS,  Server kl???"
 
 msgid "PKA"
-msgstr ""
+msgstr "PKA"
 
 msgid "kDNS"
-msgstr ""
+msgstr "kDNS"
 
 msgid "Custom"
-msgstr ""
+msgstr "Voliteln?"
 
-#, fuzzy
 msgid "<b>User interface</b>"
-msgstr "Pou??t roz???en? m?d:"
+msgstr "<b>U?ivatelsk? rozhran?</b>"
 
-#, fuzzy
 msgid "Use _advanced mode"
-msgstr "Pou??t roz???en? m?d:"
+msgstr "Pou??t _roz???en? m?d"
 
-#, fuzzy
 msgid "Show advanced _options"
-msgstr "Dateiaktionen anzeigen"
+msgstr "Zobrazit roz???en? v_olby"
 
 msgid ""
 "No default key has been selected.  This may lead to problems when signing or "
@@ -1763,25 +1693,26 @@ msgid ""
 "\n"
 "Please consider creating your own key and select it then."
 msgstr ""
+"Nebyl zvolen ??dn? v?choz? kl??. To m??e v?st k probl?m?m p?i podepisov?n? "
+"nebo ?ifrov?n?. Nemus? b?t nap??klad mo?n? p?e??st v?mi vytvo?enou zpr?vu "
+"za?ifrovanou pro n?koho jin?ho.\n"
+"\n"
+"Zva?te pros?m vytvo?en? vlastn?ho kl??e a ozna?te jej."
 
 msgid "Continue without a default key"
-msgstr ""
+msgstr "Pokra?ovat bez v?choz?ho kl??e"
 
-#, fuzzy
 msgid "Let me select a default key"
-msgstr "Vybran? v?choz? kl??:"
+msgstr "Dovolte mi zvolit v?choz? kl??"
 
-#, fuzzy
 msgid "<b>Default _key</b>"
-msgstr "V?choz? _kl??:"
+msgstr "<b>V?choz? _kl??</b>"
 
-#, fuzzy
 msgid "<b>Default key_server</b>"
-msgstr "V?choz? key_server:"
+msgstr "<b>V?choz? _server kl???</b>"
 
-#, fuzzy
 msgid "<b>Auto key _locate</b>"
-msgstr "V?choz? key_server:"
+msgstr "<b>Automatick? na_lezen? kl??e</b>"
 
 msgid ""
 "The list of methods to locate keys via an email address.\n"
@@ -1798,23 +1729,34 @@ msgid ""
 " Custom\n"
 "   - Configured in the backend dialog.\n"
 msgstr ""
+"Seznam metod nalezen? kl??? prost?ednictv?m emailov? adresy.\n"
+"V?echny uveden? metody jsou pou?ity v dan?m po?ad? dokud nen? nalezen kl??. "
+"Podporov?ny jsou:\n"
+" Lok?ln?\n"
+"   - Pou??t lok?ln? kl??enku.\n"
+" Keyserver\n"
+"   - Pou??t v?choz? keyserver.\n"
+" PKA\n"
+"   - Pou??t Public Key Association.\n"
+" kDNS\n"
+"   - Pou??t kDNS s jmenn?m serverem n??e.\n"
+" Vlastn?\n"
+"   - Nastaveno v backendov?m dialogu.\n"
 
 msgid "Method:"
-msgstr ""
+msgstr "Metoda:"
 
 msgid "The IP address of the nameserver used for the kDNS method."
-msgstr ""
+msgstr "IP adresa jmenn?ho serveru pou?it?ho pro metodu kDNS."
 
-#, fuzzy
 msgid "kDNS Server:"
-msgstr "/_Server"
+msgstr "kDNS Server:"
 
-#, fuzzy
 msgid "The URL given for the keyserver is not valid."
-msgstr "Zadali jste neplatn? server kl???"
+msgstr "Zadan? URL serveru kl??? nen? platn?."
 
 msgid "The data given for \"Auto key locate\" is not valid."
-msgstr ""
+msgstr "Data p?edan? pro \"Automatick? nalezen? kl??e\" nejsou platn?."
 
 msgid "Settings"
 msgstr "Nastaven?"
@@ -1822,9 +1764,8 @@ msgstr "Nastaven?"
 msgid "Level"
 msgstr "?rove?"
 
-#, fuzzy
 msgid "Verify documents"
-msgstr "Ov??it soubory"
+msgstr "Ov??it dokumenty"
 
 msgid "Expired Key"
 msgstr "Kl??i vypr?ela platnost"
@@ -1832,9 +1773,8 @@ msgstr "Kl??i vypr?ela platnost"
 msgid "Key NOT valid"
 msgstr "Kl?? nen? platn?"
 
-#, fuzzy
 msgid "Description"
-msgstr "De?ifruji...."
+msgstr "Popis"
 
 #, c-format
 msgid "Verified data in file: %s"
@@ -1847,23 +1787,21 @@ msgstr "Podpis: %s"
 msgid "Signatures:"
 msgstr "Podpisy:"
 
-#, fuzzy
 msgid "Card Manager"
-msgstr "Spr?vce soubor?"
+msgstr "Spr?vce karet"
 
 #, c-format
 msgid "%s card detected."
-msgstr ""
+msgstr "Detekov?na %s karta."
 
 msgid "Checking for card..."
-msgstr ""
+msgstr "Hled? se karta..."
 
-#, fuzzy
 msgid "No card found."
-msgstr "Nebyly nalezeny ??dn? kl??e."
+msgstr "Nebyla nalezena ??dn? karta."
 
 msgid "The selected card application is currently not available."
-msgstr ""
+msgstr "Zvolen? aplikace karty v tuto chv?li nen? dostupn?."
 
 msgid ""
 "Another process is using a different card application than the selected "
@@ -1872,46 +1810,42 @@ msgid ""
 "You may change the application selection mode to \"Auto\" to select the "
 "active application."
 msgstr ""
+"Jin? proces pou??v? odli?nou aplikaci karty ne? tu kter? je vybr?na.\n"
+"\n"
+"Nastaven?m na \"Auto\" m??ete zm?nit m?d v?b?ru aktivn? aplikace. "
 
-#, fuzzy
 msgid "The selected card application is not available."
-msgstr "Der ausgew?hlte Schl?ssel steht nicht zum Signieren zur Verf?gung."
+msgstr "Zvolen? aplikace karty nen? dostupn?."
 
-#, fuzzy
 msgid "Error accessing the card."
-msgstr "Auf die Datei kann nicht zugegriffen werden"
+msgstr "Chyba p??stupu ke kart?."
 
-#, fuzzy
 msgid "Error accessing card"
-msgstr "Auf die Datei kann nicht zugegriffen werden"
+msgstr "Chyba p??stupu ke kart?"
 
 msgid "No card"
-msgstr ""
+msgstr "??dn? karta"
 
-#, fuzzy
 msgid "_Card"
-msgstr "Zur _Zwischenablage exportieren"
+msgstr "_Karta"
 
 msgid "Reload card information"
-msgstr ""
+msgstr "Obnovit informace o kart?"
 
-#, fuzzy
 msgid "Generate new key on card"
-msgstr "Vytvo?it kl??"
+msgstr "Vytvo?it nov? kl?? na kart?"
 
-#, fuzzy
 msgid "This card application is not yet supported."
-msgstr "Operace nen? podporov?na"
+msgstr "Tato aplikace karty nen? zat?m podporov?na."
 
-#, fuzzy
 msgid "Application selection:"
-msgstr "Za?ifrovat vybran? soubor"
+msgstr "Volba aplikace: "
 
 msgid "Auto"
-msgstr ""
+msgstr "Auto"
 
 msgid "The GPGME library is too old to support smartcards."
-msgstr ""
+msgstr "Knihovna GPGME je p??li? zastaral? aby podporovala ?ipov? karty."
 
 msgid ""
 "<b>Admin-PIN Required</b>\n"
@@ -1928,58 +1862,70 @@ msgid ""
 "\n"
 "This notice will be shown only once per session."
 msgstr ""
+"<b>Admin-PIN po?adov?n</b>\n"
+"\n"
+"V z?vislosti na p?edchoz?ch operac?ch m??ete b?t nyn? po??d?ni o Admin-PIN. "
+"Vlo?en? ?patn? hodnoty Admin-PIN sn??? odpov?daj?c? ??ta? opakov?n?. Pokud "
+"??ta? dos?hne nuly, Admin-PIN nelze obnovit a data na kart? nemohu b?t "
+"zm?n?na.\n"
+"\n"
+"Pokud nebyl zm?n?n, nov? standardn? karta m? nastaven Admin-PIN na hodnotu "
+"<i>12345678</i>. Nicm?n? vydavatel mohl va?i kartu inicializovat s jin?m "
+"Admin-PIN a ten tedy bude zn?m pouze vydavateli. Zkontrolujte pros?m "
+"instrukce od va?eho vydavatele.\n"
+"\n"
+"Toto ozn?men? bude zobrazeno pouze jednou za relaci."
 
 msgid "PUK retry counter:"
-msgstr ""
+msgstr "??ta? opakov?n? PUK:"
 
 msgid "CHV2 retry counter: "
-msgstr ""
+msgstr "??ta? opakov?n? CHV2:"
 
 msgid "Reset PIN"
-msgstr ""
+msgstr "Resetovat PIN"
 
-#, fuzzy
 msgid "Change PIN"
-msgstr "_Benutzervertrauen ?ndern"
+msgstr "Zm?nit PIN"
 
-#, fuzzy
 msgid "Change PUK"
-msgstr "_Benutzervertrauen ?ndern"
+msgstr "Zm?nit PUK"
 
 msgid "Reset PUK"
-msgstr ""
+msgstr "Resetovat PUK"
 
 #, c-format
 msgid ""
 "Error saving the changed values.\n"
 "(%s <%s>)"
 msgstr ""
+"Chyba p?i ukl?d?n? zm?n?n?ch hodnot.\n"
+"(%s <%s>)"
 
 msgid "Only plain ASCII is currently allowed."
-msgstr ""
+msgstr "Aktu?ln? je povoleno pouze z?kladn? ASCII."
 
 msgid "The \"<\" character may not be used."
-msgstr ""
+msgstr "Znak \"<\" nelze pou??t."
 
 msgid "Double spaces are not allowed."
-msgstr ""
+msgstr "V?ce mezer nen? povoleno."
 
 msgid ""
 "Total length of first and last name may not be longer than 39 characters."
-msgstr ""
+msgstr "Celkov? d?lka k?estn?ho jm?na a p??jmen? nesm? p?es?hnout 39 znak?."
 
-#, fuzzy
 msgid "Saving the field failed."
-msgstr "Podepsat vybran? soubor"
+msgstr "Ulo?en? pole selhalo."
 
 msgid "Invalid length of the language preference."
-msgstr ""
+msgstr "Neplatn? d?lka p?edvolby jazyka."
 
 msgid "The language preference may only contain the letters 'a' through 'z'."
-msgstr ""
+msgstr "Volba jazyka sm? obsahovat pouze p?smena 'a' a? 'z'."
 
 msgid "The field may not be longer than 254 characters."
-msgstr ""
+msgstr "D?lka tohoto pole nesm? p?es?hnout 254 znak?."
 
 msgid ""
 "<b>Unblocking the PIN</b>\n"
@@ -1993,6 +1939,15 @@ msgid ""
 "Code</b> and then to enter a new value for the PIN and repeat that new value "
 "at another prompt."
 msgstr ""
+"<b>Odblokov?n? PIN</b>\n"
+"\n"
+"??ta? opakovan?ho zad?n? PIN je na nule, ale je nastaven Reset k?d.\n"
+"\n"
+"Reset k?d je podobn? PUK (PIN Unblocking Code) a je pou??v?n pro odblokov?n? "
+"PIN bez nutnosti zn?t Admin-PIN.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?n?, abyste vlo?ili sou?asnou hodnotu "
+"<b>Reset k?du</b> , pot? novou hodnotu PIN a tu na dal??m ??dku zopakovali."
 
 msgid ""
 "<b>Changing the PIN</b>\n"
@@ -2008,6 +1963,18 @@ msgid ""
 "the issuer of your card might have initialized the card with a different "
 "PIN.  Please check the instructions of your issuer."
 msgstr ""
+"<b>Zm?na PIN</b>\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?n?, abyste vlo?ili sou?asnou hodnotu "
+"PIN, pot? novou hodnotu a tu na dal??m ??dku zopakovali.\n"
+"\n"
+"Vlo?en? nespr?vn? hodnoty PIN sn??? ??ta? opakovan?ho zad?n?. Pokud oba "
+"??ta?e opakov?n? pro PIN a Reset k?d klesnou na nulu, m??e b?t PIN "
+"odblokov?n pou?it?m Admin-PIN.\n"
+"\n"
+"?ist? standardn? karta m? PIN nastaven na hodnotu <i>12345678</i>. Nicm?n? "
+"vydavatel mohl va?i kartu inicializovat s jin?m PIN. Zkontrolujte pros?m "
+"instrukce od va?eho vydavatele."
 
 msgid ""
 "<b>Changing the Reset Code</b>\n"
@@ -2019,6 +1986,13 @@ msgid ""
 "then to enter a new value for the Reset Code and repeat that new value at "
 "another prompt."
 msgstr ""
+"<b>Zm?na Reset k?du</b>\n"
+"\n"
+"Reset k?d je podobn? PUK (PIN Unblocking Code) a je pou??v?n pro odblokov?n? "
+"PIN bez nutnosti zn?t Admin-PIN.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?n?, abyste vlo?ili sou?asnou hodnotu "
+"PIN, pot? novou hodnotu Reset k?du a tu na dal??m ??dku zopakovali."
 
 msgid ""
 "<b>Reseting the PIN or the Reset Code</b>\n"
@@ -2036,6 +2010,18 @@ msgid ""
 "PIN</b> and then to enter a new value for the PIN or the Reset Code and "
 "repeat that new value at another prompt."
 msgstr ""
+"<b>Resetov?n? PIN nebo Reset k?du</b>\n"
+"\n"
+"Pokud klesnou oba ??ta?e opakov?n? PIN a Reset k?du na nulu, bude jedinou "
+"mo?nost? jejich resetu pou?it? Admin-PIN\n"
+"\n"
+"?ist? standardn? karta m? Admin-PIN nastaven na hodnotu <i>12345678</i>. "
+"Nicm?n? vydavatel mohl va?i kartu inicializovat s jin?m Admin-PIN a ten tedy "
+"bude zn?m pouze jemu. Zkontrolujte pros?m instrukce od va?eho vydavatele.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?n?, abyste vlo?ili sou?asnou hodnotu "
+"<b>Admin-PIN</b>, pot? novou hodnotu PIN nebo Reset k?du a tu na dal??m "
+"??dku zopakovali."
 
 msgid ""
 "<b>Changing the Admin-PIN</b>\n"
@@ -2053,104 +2039,107 @@ msgid ""
 "PIN</b> and then to enter a new value for that Admin-PIN and repeat that new "
 "value at another prompt."
 msgstr ""
+"<b>Zm?na Admin-PIN</b>\n"
+"\n"
+"Zn?te-li Admin-PIN, m??ete jej zm?nit.\n"
+"\n"
+"Admin-PIN je vy?adovan? p?i tvorb? kl??? na kart? a zm?n? dal??ch dat. Admin-"
+"PIN m??ete, ale tak? nemus?te zn?t. ?ist? standardn? karta m? Admin-PIN "
+"nastaven na hodnotu <i>12345678</i>. Nicm?n? vydavatel mohl va?i kartu "
+"inicializovat s jin?m Admin-PIN a ten tedy bude zn?m pouze jemu. "
+"Zkontrolujte pros?m instrukce od va?eho vydavatele.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?n?, abyste vlo?ili sou?asnou hodnotu "
+"<b>Admin-PIN</b>, pot? novou hodnotu a tu na dal??m ??dku zopakovali."
 
 #, c-format
 msgid ""
 "Error changing or resetting the PIN/PUK.\n"
 "(%s <%s>)"
 msgstr ""
+"Chyba p?i zm?n? nebo resetu PIN/PUK.\n"
+"(%s <%s>)"
 
-#, fuzzy, c-format
+#, c-format
 msgid ""
 "Error fetching the key.\n"
 "(%s <%s>)"
-msgstr "Fehler beim L?schen der Datei \"%s\": %s"
+msgstr ""
+"Chyba p?i stahov?n? kl??e.\n"
+"(%s <%s>)"
 
 #, c-format
 msgid "Keys found: %d, imported: %d, unchanged: %d"
-msgstr ""
+msgstr "Nalezeno %d kl???, importov?no: %d, nezm?n?no: %d"
 
 msgid "Fetch Key"
-msgstr ""
+msgstr "Z?skat kl??"
 
-#, fuzzy
 msgid "<b>General</b>"
-msgstr "Pou??t roz???en? m?d:"
+msgstr "<b>Obecn?</b>"
 
 msgid "Serial number:"
-msgstr ""
+msgstr "V?robn? ??slo:"
 
 msgid "Card version:"
-msgstr ""
+msgstr "Verze karty:"
 
 msgid "Manufacturer:"
-msgstr ""
+msgstr "V?robce:"
 
-#, fuzzy
 msgid "<b>Personal</b>"
-msgstr "Persona"
+msgstr "<b>Osobn?</b>"
 
-#, fuzzy
 msgid "Salutation:"
-msgstr "Auswahl:"
+msgstr "Osloven?:"
 
-#, fuzzy
 msgid "First name:"
-msgstr "Verzeichnisname:"
+msgstr "K?estn? jm?no:"
 
-#, fuzzy
 msgid "Last name:"
-msgstr "Jm?no u?ivatele:"
+msgstr "P??jmen?:"
 
 msgid "Language:"
-msgstr ""
+msgstr "Jazyk:"
 
 msgid "Login data:"
-msgstr ""
+msgstr "Data p?ihl??en?:"
 
-#, fuzzy
 msgid "Public key URL:"
-msgstr "_Ve?ejn? kl??e"
+msgstr "URL ve?ejn?ho kl??e: "
 
-#, fuzzy
 msgid "<b>Keys</b>"
-msgstr "Podeps_at jako"
+msgstr "<b>Kl??e</b>"
 
-#, fuzzy
 msgid "Signature key:"
-msgstr "Podpisy:"
+msgstr "Podpisov? kl??:"
 
-#, fuzzy
 msgid "Encryption key:"
-msgstr "?ifruji ..."
+msgstr "?ifrovac? kl??:"
 
-#, fuzzy
 msgid "Authentication key:"
-msgstr "Sm? autentizovat"
+msgstr "Autentiza?n? kl??:"
 
-#, fuzzy
 msgid "Signature counter:"
-msgstr "Podpisy:"
+msgstr "Po??tadlo podpis?:"
 
 msgid "<b>PIN</b>"
-msgstr ""
+msgstr "<b>PIN</b>"
 
-#, fuzzy
 msgid "Force signature PIN:"
-msgstr "Fehlerhafte Signatur"
+msgstr "Vynutit podpisov? PIN:"
 
 msgid "PIN retry counter:"
-msgstr ""
+msgstr "??ta? opakov?n? PIN:"
 
 msgid "Admin-PIN retry counter:"
-msgstr ""
+msgstr "??ta? opakov?n? admin PIN:"
 
 msgid "blocked"
-msgstr ""
+msgstr "blokov?no"
 
-#, fuzzy
 msgid "Learn keys"
-msgstr "exportovat kl??e"
+msgstr "U?it kl??e"
 
 msgid ""
 "For some or all of the keys available on the card, the GnuPG crypto engine "
@@ -2163,10 +2152,18 @@ msgid ""
 "\n"
 "If you are unsure what to do, just click the button."
 msgstr ""
+"Pro n?kter? nebo v?echny kl??e dostupn? na kart? nezn? GnuPG ?ifrovac? stroj "
+"odpov?daj?c? certifik?ty.\n"
+"\n"
+"Pokud kliknete na toto tla??tko, GnuPG bude po??d?n, aby se \"nau?il\" tuto "
+"kartu a importoval v?echny certifik?ty ulo?en? na kart? do sv?ho vlastn?ho "
+"?lo?i?t? certifik?t?. Tato operace nen? prov?d?na automaticky. ?ten? v?ech "
+"certifik?t? z karty m??e trvat n?kolik sekund.\n"
+"\n"
+"Pokud si nejste jist? co d?lat, klikn?te na tla??tko."
 
-#, fuzzy
 msgid "Learning keys ..."
-msgstr "Vytv???m kl?? ..."
+msgstr "Kl??e jsou u?eny"
 
 #, c-format
 msgid ""
@@ -2186,23 +2183,43 @@ msgid ""
 "\n"
 "%s"
 msgstr ""
+"<b>Nastaven? v?choz?ho PIN</b> (%s)\n"
+"\n"
+"Zvolili jste mo?nost nastavit v?choz? PIN va?? karty. PIN je v tuto chv?li "
+"nastaven na NullPIN. Nastaven? v?choz?ho PIN je <b>vy?adov?n? ale nem??e b?t "
+"odvol?no</b>.\n"
+"\n"
+"Zkontrolujte pros?m dokumentaci va?? karty a pod?vejte se k ?emu je NullPIN "
+"dobr?.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?ni abyste vlo?ili nov? PIN, pozd?ji "
+"abyste jej opakovali. Ujist?te se, ?e si PIN pamatujete - nebude mo?n? jej "
+"obnovit pokud bude zad?n v?ce ne? %d kr?t nespr?vn?.\n"
+"\n"
+"%s"
 
 msgid ""
 "You are now setting the PIN for the SigG key used to create <b>qualified "
 "signatures</b>.  You may want to set the PIN to the same value as used for "
 "the NKS keys."
 msgstr ""
+"Nyn? nastavujete PIN pro SigG kl??e pou??van? pro vytv??en? "
+"<b>kvalifikovan?ch podpis?</b>. PIN m??ete nastavit stejn? jako u NKS kl???."
 
 msgid ""
 "You are now setting the PIN for the NKS keys used for standard signatures, "
 "encryption and authentication."
 msgstr ""
+"Nyn? nastavujete PIN pro NKS kl??e pou??van? pro b??n? podpisy, ?ifrov?n? a "
+"autentizaci."
 
 #, c-format
 msgid ""
 "Error changing the NullPIN.\n"
 "(%s <%s>)"
 msgstr ""
+"Chyba p?i zm?n? pr?zdn?ho PIN.\n"
+"(%s <%s>)"
 
 msgid ""
 "<b>Changing a PIN or PUK</b>\n"
@@ -2215,6 +2232,14 @@ msgid ""
 "zero, the keys controlled by the PIN are not anymore usable and there is no "
 "way to unblock them!"
 msgstr ""
+"<b>Zm?na PIN nebo PUK</b>\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?ni abyste zadali sou?asnou hodnotu, "
+"pot? novou a zopakovali ji na dal??m ??dku.\n"
+"\n"
+"Vlo?en?m nespr?vn? hodnoty pro sou?asn? PIN/PUK sn???te ??ta? opakov?n?. "
+"Pokud oba ??ta?e (PIN a odpov?daj?c? PUK) klesnou na nulu, kl??e chr?n?n? "
+"t?mto PIN nebudou v?ce pou?iteln?. Ani je nebude mo?n? nikdy odblokovat!"
 
 msgid ""
 "<b>Resetting a PUK</b>\n"
@@ -2231,6 +2256,18 @@ msgid ""
 "then to enter a new value for the blocked PUK and repeat that new value at "
 "another prompt."
 msgstr ""
+"<b>Resetov?n? PUK</b>\n"
+"\n"
+"P?esto?e <i>PUK</i> znamen? <i>k?d k odblokov?n? PIN (PIN Unblocking Code)</"
+"i> implementuje jej opera?n? syst?m TCOS karty NetKey jako alternativn? PIN "
+"a tut?? je mo?n? pou??t PIN pro odblokov?n? PUK.\n"
+"\n"
+"Pokud je PUK zablokovan? (??ta? opakov?n? klesl na nulu), m??ete jej "
+"odblokovat pou?it?m neblokovan?ho PIN. ??ta? opakovan?ho zad?n? se vr?t? "
+"zp?t na p?vodn? hodnotu.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?ni abyste zadali sou?asnou hodnotu PIN, "
+"pot? novou hodnotu pro blokovan? PUK a tu na dal??m ??dku zopakovali."
 
 msgid ""
 "<b>Resetting a PIN</b>\n"
@@ -2243,24 +2280,33 @@ msgid ""
 "then to enter a new value for the blocked PIN and repeat that new value at "
 "another prompt."
 msgstr ""
+"<b>Resetovat PIN</b>\n"
+"\n"
+"Pokud je PIN zablokovan? (??ta? opakov?n? klesl na nulu), m??ete jej "
+"odblokovat pou?it?m neblokovan?ho PUK. ??ta? opakovan?ho zad?n? se vr?t? "
+"zp?t na p?vodn? hodnotu.\n"
+"\n"
+"Pokud budete pokra?ovat, budete vyzv?ni abyste zadali sou?asnou hodnotu PUK, "
+"pot? novou hodnotu pro blokovan? PIN a tu na dal??m ??dku zopakovali."
 
 msgid ""
 "<b>A NullPIN is still active on this card</b>.\n"
 "You need to set a real PIN before you can make use of the card."
 msgstr ""
+"<b>NullPIN je na t?to kart? st?le aktivn?</b>.\n"
+"P?ed pou?it?m karty mus?te nastavit re?ln? PIN."
 
 msgid "Set initial PIN"
-msgstr ""
+msgstr "Nastavit v?choz? PIN"
 
-#, fuzzy
 msgid "scanning ..."
-msgstr "Podepisuji ..."
+msgstr "skenov?n? ..."
 
 msgid "SigG PIN retry counter:"
-msgstr ""
+msgstr "??ta? opakov?n? SigG PIN:"
 
 msgid "SigG PUK retry counter:"
-msgstr ""
+msgstr "??ta? opakov?n? SigG PUK:"
 
 #, c-format
 msgid ""
@@ -2268,1219 +2314,20 @@ msgid ""
 "the application selector button to switch to another application available "
 "on this card."
 msgstr ""
+"Pro kartu %s nen? mnoho informac? ke zobrazen?. Zkuste pou??t tla??tko pro "
+"volbu aplikace pro p?epnut? na jinou aplikaci, kter? je na kart? k dispozici."
 
-#, fuzzy
-#~ msgid "GNU Privacy Assistant - Clipboard"
-#~ msgstr "GNU Privacy Assistant - Spr?vce soubor?"
-
-#~ msgid "GNU Privacy Assistant - File Manager"
-#~ msgstr "GNU Privacy Assistant - Spr?vce soubor?"
-
-#~ msgid "GPA Error"
-#~ msgstr "Chyba GPA"
-
-#, fuzzy
-#~ msgid "GNU Privacy Assistant - Key Manager"
-#~ msgstr "GNU Privacy Assistant - Spr?vce soubor?"
-
-#, fuzzy
-#~ msgid "GNU Privacy Assistant - Settings"
-#~ msgstr "GNU Privacy Assistant - Spr?vce kl???"
-
-#, fuzzy
-#~ msgid "GNU Privacy Assistant - Card Manager"
-#~ msgstr "GNU Privacy Assistant - Spr?vce soubor?"
-
-#~ msgid "Please choose a passphrase for the new key."
-#~ msgstr "Vyberte pros?m heslo pro nov? kl??."
-
-#, fuzzy
-#~ msgid ""
-#~ "In \"Passphrase\" and \"Repeat passphrase\", you must enter the same "
-#~ "passphrase."
-#~ msgstr ""
-#~ "Do pole \"Heslo\" and \"Opakovat heslo\",\n"
-#~ "mus?te zadat stejn? ?et?zec."
-
-#, fuzzy
-#~ msgid "Status: "
-#~ msgstr "Status:"
-
-#, fuzzy
-#~ msgid "Generate new keys on card"
-#~ msgstr "Vytvo?it kl??"
-
-#~ msgid "DSA and ElGamal (default)"
-#~ msgstr "DSA a ElGamal (v?choz?)"
-
-#, fuzzy
-#~ msgid "_Keyring Editor"
-#~ msgstr "Spr?vce kl???"
-
-#~ msgid "1024"
-#~ msgstr "1024"
-
-#~ msgid "768"
-#~ msgstr "768"
-
-#~ msgid "2048"
-#~ msgstr "2048"
-
-#~ msgid "_Passphrase: "
-#~ msgstr "_Heslo: "
-
-#~ msgid "_Repeat passphrase: "
-#~ msgstr "_Opakovat heslo: "
-
-#~ msgid "GNU Privacy Assistant - Keyring Editor"
-#~ msgstr "GNU Privacy Assistant - Spr?vce kl???"
-
-#~ msgid "Keyring Editor"
-#~ msgstr "Spr?vce kl???"
-
-#, fuzzy
-#~ msgid "unspecified"
-#~ msgstr "Eingabedatei nicht angegeben"
-
-#~ msgid "/File/C_lear"
-#~ msgstr "/Soubor/Vymazat"
-
-#~ msgid "/File/_Open"
-#~ msgstr "/Soubor/_Otev??t"
-
-#, fuzzy
-#~ msgid "/File/Save _As"
-#~ msgstr "/Soubor/_Zav??t"
-
-#~ msgid "/File/sep1"
-#~ msgstr "/Soubor/sep1"
-
-#~ msgid "/File/_Sign"
-#~ msgstr "/Soubor/Podep_sat"
-
-#~ msgid "/File/_Verify"
-#~ msgstr "/Soubor/O_v??it"
-
-#~ msgid "/File/_Encrypt"
-#~ msgstr "/Soubor/?_ifrovat"
-
-#~ msgid "/File/_Decrypt"
-#~ msgstr "/Soubor/_De?ifrovat"
-
-#~ msgid "/File/sep2"
-#~ msgstr "/Soubor/sep2"
-
-#~ msgid "/File/_Close"
-#~ msgstr "/Soubor/_Zav??t"
-
-#~ msgid "/File/_Quit"
-#~ msgstr "/Soubor/U_kon?it"
-
-#, fuzzy
-#~ msgid "/Edit/_Undo"
-#~ msgstr "/Upravit/Kop?rovat"
-
-#, fuzzy
-#~ msgid "/Edit/_Redo"
-#~ msgstr "/Upravit/Kop?rovat"
-
-#, fuzzy
-#~ msgid "/Edit/sep0"
-#~ msgstr "/Upravit/sep2"
-
-#, fuzzy
-#~ msgid "/Edit/Cut"
-#~ msgstr "/Upravit/Kop?rovat"
-
-#~ msgid "/Edit/_Copy"
-#~ msgstr "/Upravit/Kop?rovat"
-
-#~ msgid "/Edit/_Paste"
-#~ msgstr "/Upravit/Vlo?it"
-
-#, fuzzy
-#~ msgid "/Edit/_Delete"
-#~ msgstr "/Upravit/Vlo?it"
-
-#~ msgid "/Edit/sep1"
-#~ msgstr "/Upravit/sep1"
-
-#~ msgid "/Edit/Select _All"
-#~ msgstr "/Upravit/Vybrat v?e"
-
-#~ msgid "/Edit/sep2"
-#~ msgstr "/Upravit/sep2"
-
-#~ msgid "/Edit/Pr_eferences..."
-#~ msgstr "/Upravit/Na_staven?"
-
-#~ msgid "/Windows/_Keyring Editor"
-#~ msgstr "/Okna/Spr?vce _kl???"
-
-#~ msgid "/Windows/_Filemanager"
-#~ msgstr "/Okna/_Spr?vce soubor?"
-
-#, fuzzy
-#~ msgid "/Windows/_Clipboard"
-#~ msgstr "/Okna/_Spr?vce soubor?"
-
-#~ msgid "/Edit/Copy"
-#~ msgstr "/Upravit/Kop?rovat"
-
-#, fuzzy
-#~ msgid "/Edit/Delete"
-#~ msgstr "/Upravit/Vybrat v?e"
-
-#, fuzzy
-#~ msgid "/Edit/Paste"
-#~ msgstr "/Upravit/Vlo?it"
-
-#~ msgid "open file"
-#~ msgstr "otev??t soubor"
-
-#, fuzzy
-#~ msgid "save file as"
-#~ msgstr "Datei _speichern unter: "
-
-#, fuzzy
-#~ msgid "cut the selection"
-#~ msgstr "Za?ifrovat vybran? soubor"
-
-#, fuzzy
-#~ msgid "copy the selection"
-#~ msgstr "Za?ifrovat vybran? soubor"
-
-#, fuzzy
-#~ msgid "paste the clipboard"
-#~ msgstr "Zur _Zwischenablage exportieren"
-
-#, fuzzy
-#~ msgid "Sign the selected text"
-#~ msgstr "Podepsat vybran? kl??"
-
-#, fuzzy
-#~ msgid "verify text"
-#~ msgstr "ov??it soubor"
-
-#~ msgid "Encrypt"
-#~ msgstr "Za?ifrovat"
-
-#, fuzzy
-#~ msgid "encrypt text"
-#~ msgstr "za?ifrovat soubor"
-
-#, fuzzy
-#~ msgid "decrypt text"
-#~ msgstr "de?ifrovat soubor"
-
-#~ msgid "preferences"
-#~ msgstr "nastaven?"
-
-#, fuzzy
-#~ msgid "keyring editor"
-#~ msgstr "Spr?vce kl???"
-
-#~ msgid "file manager"
-#~ msgstr "Spr?vce soubor?"
-
-#~ msgid "Help"
-#~ msgstr "N?pov?da"
-
-#~ msgid "help"
-#~ msgstr "n?pov?da"
-
-#~ msgid "/File/Sign"
-#~ msgstr "/Soubor/Podepsat"
-
-#~ msgid "/File/Verify"
-#~ msgstr "/Soubor/Ov??it"
-
-#~ msgid "/File/Encrypt"
-#~ msgstr "/Soubor/?ifrovat"
-
-#~ msgid "/File/Decrypt"
-#~ msgstr "/Soubor/De?ifrovat"
-
-#~ msgid "close files"
-#~ msgstr "Uzav??t soubory"
-
-#~ msgid "sign file"
-#~ msgstr "podepsat soubor"
-
-#~ msgid "verify file"
-#~ msgstr "ov??it soubor"
-
-#~ msgid "encrypt file"
-#~ msgstr "za?ifrovat soubor"
-
-#~ msgid "decrypt file"
-#~ msgstr "de?ifrovat soubor"
-
-#, fuzzy
-#~ msgid "clipboard"
-#~ msgstr "Zur _Zwischenablage exportieren"
-
-#~ msgid "_Backup to file:"
-#~ msgstr "_Z?lohovat do souboru:"
-
-#~ msgid "B_rowse..."
-#~ msgstr "_Proch?zet"
-
-#~ msgid "_Back"
-#~ msgstr "_Zp?t"
-
-#~ msgid "_Forward"
-#~ msgstr "_Vp?ed"
-
-#~ msgid "_Apply"
-#~ msgstr "_Potvrdit"
-
-#~ msgid "Brought to you by:"
-#~ msgstr "Program v?m p?in???:"
-
-#~ msgid "GPA is Free Software under the"
-#~ msgstr "GPA je otev?en? program ???en?"
-
-#~ msgid "GNU General Public License."
-#~ msgstr "pod GNU General Public License."
-
-#~ msgid "For news see:"
-#~ msgstr "Novinky na:"
-
-#~ msgid "http://www.gpg4win.org"
-#~ msgstr "http://www.gpg4win.org"
-
-#~ msgid "http://www.gnupg.org"
-#~ msgstr "http://www.gnupg.org"
-
-#~ msgid "GNU General Public License"
-#~ msgstr "pod GNU General Public License."
-
-#~ msgid "_GNU General Public License"
-#~ msgstr "pod _GNU General Public License."
-
-#~ msgid "Show Help Text\n"
-#~ msgstr "Zobrazit test n?pov?dy\n"
-
-#~ msgid "/Help/_Contents"
-#~ msgstr "/N?pov?da/_Obsah"
-
-#~ msgid "/Help/_License"
-#~ msgstr "/N?pov?da/_Licence"
-
-#~ msgid "/Help/_About"
-#~ msgstr "/N?pov?da/O _programu"
-
-#~ msgid "Please insert your name"
-#~ msgstr "Vlo?te pros?m sv? jm?no."
-
-#~ msgid "Please insert your email address"
-#~ msgstr "Vlo?te pros?m e-mailovou adresu"
-
-#~ msgid "/Keys/_Refresh"
-#~ msgstr "/Kl??e/_Aktualizovat"
-
-#~ msgid "/Keys/sep0"
-#~ msgstr "/Kl??e/sep0"
-
-#~ msgid "/Keys/_Delete Keys..."
-#~ msgstr "/Kl??e/O_dstranit kl??e..."
-
-#~ msgid "/Keys/sep1"
-#~ msgstr "/Kl??e/sep1"
-
-#~ msgid "/Keys/_Sign Keys..."
-#~ msgstr "/Kl??e/Podep_sat kl??e..."
-
-#~ msgid "/Keys/Set _Owner Trust..."
-#~ msgstr "/Kl??e/Nastavit ?rove? d?_v?ry..."
-
-#~ msgid "/Keys/_Edit Private Key..."
-#~ msgstr "/Kl??e/Upravit soukrom? kl??..."
-
-#~ msgid "/Keys/sep2"
-#~ msgstr "/Kl??e/sep2"
-
-#~ msgid "/Keys/_Import Keys..."
-#~ msgstr "/Kl??e/_Nahr?t kl??e..."
-
-#~ msgid "/Keys/E_xport Keys..."
-#~ msgstr "/Kl??e/E_xportovat kl??e..."
-
-#~ msgid "/Keys/_Backup..."
-#~ msgstr "/Kl??e/Z?lohovat..."
-
-#~ msgid "/Server/_Send Keys..."
-#~ msgstr "/Server/_Odeslat kl??e..."
-
-#, fuzzy
-#~ msgid "/Windows/_File Manager"
-#~ msgstr "/Okna/_Spr?vce soubor?"
-
-#~ msgid "/Keys/Export Keys..."
-#~ msgstr "/Kl??e/Exportovat kl??e..."
-
-#~ msgid "/Keys/Delete Keys..."
-#~ msgstr "/Kl??e/Odstranit kl??e..."
-
-#~ msgid "/Server/Send Keys..."
-#~ msgstr "/Server/Odeslat kl??e..."
-
-#~ msgid "/Keys/Set Owner Trust..."
-#~ msgstr "/Kl??e/Nastavit ?rove? d?v?ry..."
-
-#~ msgid "/Keys/Sign Keys..."
-#~ msgstr "/Kl??e/Podepsat kl??e..."
-
-#~ msgid "/Keys/Edit Private Key..."
-#~ msgstr "/Kl??e/Upravit soukrom? kl??..."
-
-#~ msgid "/Keys/Backup..."
-#~ msgstr "/Kl??e/Z?lohovat..."
-
-#~ msgid "/_Copy"
-#~ msgstr "/Kop?rovat"
-
-#~ msgid "/_Paste"
-#~ msgstr "/Vlo?it"
-
-#~ msgid "/_Delete Keys..."
-#~ msgstr "/O_dstranit kl??e..."
-
-#~ msgid "/Set Owner Trust..."
-#~ msgstr "/Nastavit ?rove? d?v?ry..."
-
-#~ msgid "/Sign Keys..."
-#~ msgstr "/Podepsat kl??e..."
-
-#~ msgid "/Edit Private Key..."
-#~ msgstr "/Upravit soukrom? kl??..."
-
-#~ msgid "/Backup..."
-#~ msgstr "/Z?lohovat..."
-
-#~ msgid "edit key"
-#~ msgstr "Upravit kl??"
-
-#~ msgid "remove key"
-#~ msgstr "odstranit kl??"
-
-#~ msgid "sign key"
-#~ msgstr "podepsat kl??"
-
-#~ msgid "import keys"
-#~ msgstr "z?skat kl??e"
-
-#~ msgid "brief"
-#~ msgstr "stru?n?"
-
-#~ msgid "detailed"
-#~ msgstr "podrobn?"
-
-#~ msgid "refresh keyring"
-#~ msgstr "aktualizovat keyring"
-
-#~ msgid "Sign files"
-#~ msgstr "Podepsat soubory"
-
-#~ msgid "sign in separate _file"
-#~ msgstr "podpis v _odd?len?m souboru"
-
-#~ msgid "a_rmor"
-#~ msgstr "ASCII-_zak?dovat"
-
-#~ msgid "display this help and exit"
-#~ msgstr "zobrazit tuto n?pov?du a skon?it"
-
-#~ msgid "Options"
-#~ msgstr "/_Mo?nosti"
-
-#~ msgid "Key Validity"
-#~ msgstr "Platnost kl??e"
-
-#~ msgid "GPA Warning"
-#~ msgstr "Varov?n? GPA"
-
-#~ msgid ""
-#~ "One of your secret keys contains an ElGamal signing key. Due to a bug in "
-#~ "GnuPG, all ElGamal keys used with GnuPG 1.0.2 and later must be "
-#~ "considered compromised.\n"
-#~ "\n"
-#~ "Please revoke your key as soon as possible.\n"
-#~ "\n"
-#~ "The affected key is:"
-#~ msgstr ""
-#~ "Jeden z va?ich soukrom?ch kl??? obsahuje podpisov?ch kl??? s algoritmem "
-#~ "ElGamal. D?ky chyb? v GnuPG, mus? b?t v?echny ElGamal kl??e pou??van? s "
-#~ "GnuPG verze 1.0.2 a nov?j?? pova?ov?ny za kompromitovan?.\n"
-#~ "\n"
-#~ "Zneplatn?te tento kl?? nejd??ve jak to bude mo?n?.\n"
-#~ "\n"
-#~ "Dot?en? kl??:"
-
-#~ msgid "GNU general public license"
-#~ msgstr "GNU general public license"
-
-#~ msgid "_GNU general public license"
-#~ msgstr "_GNU general public license"
-
-#~ msgid ">.\n"
-#~ msgstr ">.\n"
-
-#~ msgid ""
-#~ "If you want you can supply a comment that further identifies the key to "
-#~ "other users. The comment is especially useful if you generate several "
-#~ "keys for the same email address. The comment is completely optional. "
-#~ "Leave it empty if you don't have a use for it."
-#~ msgstr ""
-#~ "Wenn Sie m?chten, k?nnen Sie einen Kommentar hinzuf?gen, der den "
-#~ "Schl?ssel genauer beschreibt. Ein Kommentar ist vor allem dann sinnvoll, "
-#~ "wenn Sie mehrere Schl?ssel f?r die gleiche E-Mail-Adresse erstellen. Wenn "
-#~ "Sie keine Verwendung daf?r haben, k?nnen Sie den Kommentar auch einfach "
-#~ "leer lassen."
-
-#~ msgid "sign, do_n't compress"
-#~ msgstr "signieren, _nicht komprimieren"
-
-#~ msgid "Keyserver did not return any matching keys."
-#~ msgstr ""
-#~ "Der Key-Server hat keine passenden\n"
-#~ "Schl?ssel zur?ckgeliefert."
-
-#~ msgid "Select keys to import"
-#~ msgstr "Schl?ssel zum Importieren ausw?hlen"
-
-#~ msgid "_Import"
-#~ msgstr "_Importieren"
-
-#~ msgid "Export Key"
-#~ msgstr "Schl?ssel exportieren"
-
-#~ msgid "E_xport to file:"
-#~ msgstr "E_xportieren in Datei: "
-
-#~ msgid "Import Key"
-#~ msgstr "Schl?ssel importieren"
-
-#~ msgid "I_mport from file:"
-#~ msgstr "_Importieren aus Datei:"
-
-#~ msgid "Receive from _server:"
-#~ msgstr "Schl?ssel vom Key-Server _empfangen:"
-
-#~ msgid ""
-#~ "You have a secret key without the\n"
-#~ "corresponding public key in your\n"
-#~ "key ring. In order to use this key\n"
-#~ "you will need to import the public\n"
-#~ "key, too."
-#~ msgstr ""
-#~ "Sie haben einen geheimen Schl?ssel ohne den\n"
-#~ "zugeh?rigen ?ffentlichen Schl?ssel in Ihrem\n"
-#~ "Schl?sselbund. Um diesen Schl?ssel nutzen zu\n"
-#~ "k?nnen, m?ssen Sie den ?ffentlichen Schl?ssel\n"
-#~ "ebenfalls importieren."
-
-#~ msgid "No keys selected to export."
-#~ msgstr "Keine Schl?ssel zum Exportieren ausgew?hlt."
-
-#~ msgid "No private key to backup."
-#~ msgstr "Kein privater Schl?ssel vorhanden."
-
-#~ msgid "GPA: Loading keyring"
-#~ msgstr "GPA: Schl?sselbund einlesen"
-
-#~ msgid "Loading secret keys"
-#~ msgstr "Geheime Schl?ssel einlesen"
-
-#~ msgid "Loading public keys"
-#~ msgstr "?ffentliche Schl?ssel einlesen"
-
-#~ msgid "The key you selected is not available for encryption"
-#~ msgstr "Der ausgew?hlte Schl?ssel ist nicht zum Verschl?sseln verf?gbar."
-
-#~ msgid ""
-#~ "No public keys available.\n"
-#~ "Currently, there is nobody who could read a\n"
-#~ "file encrypted by you."
-#~ msgstr ""
-#~ "Kein ?ffentlicher Schl?ssel verf?gbar.\n"
-#~ "Derzeit kann niemand eine Datei lesen,\n"
-#~ "die von Ihnen verschl?sselt wurde."
-
-#~ msgid "No secret keys available."
-#~ msgstr "Kein geheimer Schl?ssel vorhanden."
-
-#~ msgid "Files in work"
-#~ msgstr "Ausgew?hlte Dateien"
-
-#~ msgid ""
-#~ "Internal error:\n"
-#~ "Invalid sign mode"
-#~ msgstr ""
-#~ "Interner Fehler:\n"
-#~ "ung?ltige Signaturkennung"
-
-#~ msgid "No key selected!"
-#~ msgstr "Kein Schl?ssel ausgew?hlt!"
-
-#~ msgid ""
-#~ "No secret keys available for signing.\n"
-#~ "Please generate or import a secret key first."
-#~ msgstr ""
-#~ "Kein geheimer Schl?ssel zum Signieren vorhanden.\n"
-#~ "Bitte zuerst einen geheimen Schl?ssel erzeugen oder importieren."
-
-#~ msgid "Sign Files"
-#~ msgstr "Dateien signieren"
-
-# ~ msgid "Show Warranty Information\n"
-# ~ msgstr "Gew?hrleistung\n"
-#~ msgid "Filename"
-#~ msgstr "Dateiname"
-
-#~ msgid "The currently selected filename."
-#~ msgstr "Der momentan ausgew?hlte Dateiname."
-
-#~ msgid "Whether buttons for creating/manipulating files should be displayed."
-#~ msgstr ""
-#~ "Sollen Kn?pfe zum Erstellen bzw. Verwalten von Dateien angezeigt werden?"
-
-#~ msgid "Directories"
-#~ msgstr "Verzeichnisse"
-
-#~ msgid "_OK"
-#~ msgstr "_OK"
-
-#~ msgid "OK"
-#~ msgstr "OK"
-
-#~ msgid "Cancel"
-#~ msgstr "Abbrechen"
-
-#~ msgid "Directory unreadable: %s"
-#~ msgstr "Verzeichnis nicht lesbar: %s"
-
-#~ msgid ""
-#~ "The file \"%s\" resides on another machine (called %s) and may not be "
-#~ "available to this program.\n"
-#~ "Are you sure that you want to select it?"
-#~ msgstr ""
-#~ "Die Datei \"%s\" befindet sich auf einer anderen Maschine (%s)\n"
-#~ "und ist m?glicherweise f?r dieses Programm nicht erreichbar.\n"
-#~ "Sind Sie sicher, dass Sie diese Datei ausw?hlen m?chten?"
-
-#~ msgid "Create Dir"
-#~ msgstr "Verzeichnis erstellen"
-
-#~ msgid "Delete File"
-#~ msgstr "Datei l?schen"
-
-#~ msgid "Rename File"
-#~ msgstr "Datei umbenennen"
-
-#~ msgid "Close"
-#~ msgstr "Schlie?en"
-
-#, fuzzy
-#~ msgid ""
-#~ "The directory name \"%s\" contains symbols that are not allowed in "
-#~ "filenames"
-#~ msgstr ""
-#~ "Der Verzeichnisname \"%s\" enth?lt Symbole, die nicht in Dateinamen "
-#~ "vorkommen d?rfen."
-
-#~ msgid ""
-#~ "Error creating directory \"%s\": %s\n"
-#~ "%s"
-#~ msgstr ""
-#~ "Fehler beim Erstellen des Verzeichnisses \"%s\": %s\n"
-#~ "%s"
-
-#, fuzzy
-#~ msgid "You probably used symbols not allowed in filenames."
-#~ msgstr ""
-#~ "Sie haben wahrscheinlich Symbole benutzt, die nicht in Dateinamen "
-#~ "vorkommen d?rfen."
-
-#~ msgid "Error creating directory \"%s\": %s\n"
-#~ msgstr "Fehler beim Erstellen des Verzeichnisses \"%s\": %s\n"
-
-#~ msgid "Create Directory"
-#~ msgstr "Verzeichnis erstellen"
-
-#~ msgid "_Directory name:"
-#~ msgstr "_Verzeichnisname:"
-
-#~ msgid "C_reate"
-#~ msgstr "_Erstellen"
-
-#~ msgid "Create"
-#~ msgstr "Erstellen"
-
-#, fuzzy
-#~ msgid ""
-#~ "The filename \"%s\" contains symbols that are not allowed in filenames"
-#~ msgstr ""
-#~ "Der Dateiname \"%s\" enth?lt Symbole, die nicht in Dateinamen vorkommen "
-#~ "d?rfen."
-
-#~ msgid ""
-#~ "Error deleting file \"%s\": %s\n"
-#~ "%s"
-#~ msgstr ""
-#~ "Fehler beim L?schen der Datei \"%s\": %s\n"
-#~ "%s"
-
-#, fuzzy
-#~ msgid "It probably contains symbols not allowed in filenames."
-#~ msgstr ""
-#~ "Sie enth?lt wahrscheinlich Symbole, die nicht in Dateinamen vorkommen "
-#~ "d?rfen."
-
-#~ msgid "Really delete file \"%s\"?"
-#~ msgstr "Datei \"%s\" wirklich l?schen?"
-
-#~ msgid "_Delete"
-#~ msgstr "_L?schen"
-
-#, fuzzy
-#~ msgid ""
-#~ "The file name \"%s\" contains symbols that are not allowed in filenames"
-#~ msgstr ""
-#~ "Der Dateiname \"%s\" enth?lt Symbole, die in Dateinamen nicht erlaubt "
-#~ "sind."
-
-#~ msgid ""
-#~ "Error renaming file to \"%s\": %s\n"
-#~ "%s"
-#~ msgstr ""
-#~ "Fehler beim Umbenennen der Datei in \"%s\": %s\n"
-#~ "%s"
-
-#~ msgid ""
-#~ "Error renaming file \"%s\": %s\n"
-#~ "%s"
-#~ msgstr ""
-#~ "Fehler beim Umbenennen der Datei \"%s\": %s\n"
-#~ "%s"
-
-#~ msgid "Error renaming file \"%s\" to \"%s\": %s"
-#~ msgstr "Fehler beim Umbenennen der Datei \"%s\" in \"%s\": %s"
-
-#~ msgid "Rename file \"%s\" to:"
-#~ msgstr "Neuer Name f?r Datei \"%s\":"
-
-#~ msgid "_Rename"
-#~ msgstr "_Umbenennen"
-
-#~ msgid "Rename"
-#~ msgstr "Umbenennen"
-
-#~ msgid ""
-#~ "The filename %s couldn't be converted to UTF-8. Try setting the "
-#~ "environment variable G_BROKEN_FILENAMES."
-#~ msgstr ""
-#~ "Der Dateiname %s konnte nicht in UTF-8 umgewandelt werden. Versuchen Sie, "
-#~ "die Umgebungsvariable G_BROKEN_FILENAMES zu belegen."
-
-#~ msgid "Couldn't convert filename"
-#~ msgstr "Der Dateiname konnte nicht umgewandelt werden."
-
-#~ msgid "01.01.2000"
-#~ msgstr "01.01.2000"
-
-#~ msgid "expire a_t"
-#~ msgstr "verf?_llt am"
-
-#~ msgid "_Prev"
-#~ msgstr "_Zur?ck"
-
-#~ msgid "_Next"
-#~ msgstr "_Weiter"
-
-#~ msgid ""
-#~ "In \"Passphrase\" and \"Repeat passphrase\"\n"
-#~ "you must enter the same passphrase."
-#~ msgstr ""
-#~ "Bitte achten Sie darauf, da? Sie unter\n"
-#~ "\"Passwortsatz\" und \"Passwortsatz wiederholen\"\n"
-#~ "genau denselben Passwortsatz eingeben."
-
-#~ msgid "generate re_vocation certificate"
-#~ msgstr "_R?ckrufurkunde erzeugen"
-
-#~ msgid "_send to key server"
-#~ msgstr "_Zum Key-Server schicken"
-
-#~ msgid "_Generate key"
-#~ msgstr "Schl?ssel _erzeugen"
-
-#~ msgid "F_inish"
-#~ msgstr "F_ertig"
-
-#~ msgid "User Identity/Role"
-#~ msgstr "Benutzerkennung"
-
-#~ msgid " Decrypt "
-#~ msgstr " Entschl?sseln "
-
-#~ msgid "Invalid Date"
-#~ msgstr "Ung?ltiges Datum"
-
-#~ msgid "/File/C_heck"
-#~ msgstr "/Datei/_Pr?fen"
-
-#~ msgid "Open"
-#~ msgstr "?ffnen"
-
-#~ msgid "NOTE: no default option file `%s'\n"
-#~ msgstr "HINWEIS: Keine Standard-Konfigurationsdatei `%s'\n"
-
-#~ msgid "option file `%s': %s\n"
-#~ msgstr "Konfigurationsdatei `%s': %s\n"
-
-#~ msgid "reading options from `%s'\n"
-#~ msgstr "Lese Konfiguration aus `%s'\n"
-
-#~ msgid "Insert passphrase"
-#~ msgstr "Passwortsatz eingeben"
-
-#, fuzzy
-#~ msgid "/Help/_Help"
-#~ msgstr "/Info/_Hilfe"
-
-#~ msgid "Weak passphrase"
-#~ msgstr "Unsicherer Passwortsatz"
-
-#~ msgid "Import from _clipboard:"
-#~ msgstr "Aus _Zwischenablage importieren"
-
-#~ msgid "Missing public key"
-#~ msgstr "?ffentlicher Schl?ssel fehlt"
-
-#, fuzzy
-#~ msgid ""
-#~ "An error occured while receiving\n"
-#~ "the requested key from the keyserver."
-#~ msgstr ""
-#~ "Fehler beim Exportieren\n"
-#~ "geheimer Schl?ssel."
-
-#, fuzzy
-#~ msgid "_Key ID: "
-#~ msgstr "Schl?sselkennung:"
-
-#, fuzzy
-#~ msgid "_Receive"
-#~ msgstr "_Empf?nger"
-
-#~ msgid "Remove"
-#~ msgstr "L?schen"
-
-#~ msgid "Set key server"
-#~ msgstr "Key-Server festlegen"
-
-#~ msgid "_Key server: "
-#~ msgstr "_Key-Server: "
-
-#~ msgid "_Set"
-#~ msgstr "?ber_nehmen"
-
-#, fuzzy
-#~ msgid "Fingerprint"
-#~ msgstr "Fingerabdruck:"
-
-#~ msgid "User identity / role"
-#~ msgstr "Benutzerkennung"
-
-#~ msgid ""
-#~ "No secret keys available to\n"
-#~ "select a default key from."
-#~ msgstr ""
-#~ "Keine geheimen Schl?ssel f?r die Auswahl\n"
-#~ "eines Standard-Schl?ssels vorhanden."
-
-#~ msgid "/Options/_Keyserver"
-#~ msgstr "/Optionen/_Key-Server"
-
-#~ msgid "/Options/_Default Key"
-#~ msgstr "/Optionen/_Standard-Schl?ssel"
-
-#~ msgid "Signature"
-#~ msgstr "Signatur"
-
-#~ msgid "The keyserver returned an error message."
-#~ msgstr "Der Server antwortete mit einer Fehlermeldung."
-
-#~ msgid "Keyserver timeout"
-#~ msgstr "Server-Zeit?berschreitung"
-
-#~ msgid "Error initializing network"
-#~ msgstr "Fehler beim Initialisieren des Netzwerks"
-
-#~ msgid "Error resolving host name"
-#~ msgstr "Fehler bei der Namensaufl?sung"
-
-#~ msgid "Error while connecting to keyserver"
-#~ msgstr "Fehler beim Verbindungsaufbau zum Server"
-
-#~ msgid "No file selected for verifying signature."
-#~ msgstr "Keine Datei zum Pr?fen der Signatur ausgew?hlt."
-
-#~ msgid "Verifying file signature"
-#~ msgstr "Dateisignatur pr?fen"
-
-#~ msgid "Filename: "
-#~ msgstr "Dateiname: "
-
-#~ msgid "_Signatures"
-#~ msgstr "_Signaturen"
-
-#~ msgid "Sigs total"
-#~ msgstr "Sign. gesamt"
-
-#~ msgid "Valid Sigs"
-#~ msgstr "G?ltige Sign."
-
-#~ msgid "Invalid Sigs"
-#~ msgstr "Ung?ltige Sign."
-
-#~ msgid "Info"
-#~ msgstr "Info"
-
-#~ msgid "clear"
-#~ msgstr "Klartext"
-
-#~ msgid "protected"
-#~ msgstr "gesch?tzt"
-
-#~ msgid "clearsigned"
-#~ msgstr "Klartext-Signatur"
-
-#~ msgid "detach-signed"
-#~ msgstr "separate Signatur"
-
-#~ msgid "No key selected for detail view."
-#~ msgstr "Kein Schl?ssel f?r Detailansicht ausgew?hlt."
-
-#~ msgid "Show public key detail"
-#~ msgstr "Detailansicht ?ffentlicher Schl?ssel"
-
-#~ msgid "Fingerprint: "
-#~ msgstr "Fingerabdruck: "
-
-#~ msgid "Key owner"
-#~ msgstr "Schl?sseleigent?mer"
-
-#~ msgid "Add _default recipients:"
-#~ msgstr "_Empf?nger hinzuf?gen"
-
-#~ msgid "Add _keys to recipients"
-#~ msgstr "_Schl?ssel zu Empf?ngern hinzuf?gen"
-
-#~ msgid "S_how detail"
-#~ msgstr "Detail _zeigen"
-
-#~ msgid "Save encrypted file _as: "
-#~ msgstr "Verschl?sselte Datei speichern als: "
-
-#~ msgid "   _Browse   "
-#~ msgstr "   _Durchsuchen   "
-
-#~ msgid "Save encrypted file as"
-#~ msgstr "Verschl?sselte Datei speichern als"
-
-#~ msgid "Protect files by Password"
-#~ msgstr "Dateien mit Passwort sch?tzen"
-
-#~ msgid "Save protected _file as: "
-#~ msgstr "Gesch?tzte _Datei speichern unter: "
-
-#~ msgid "Save protected file as"
-#~ msgstr "Gesch?tzte Datei speichern unter"
-
-#~ msgid "P_assword: "
-#~ msgstr "P_asswort: "
-
-#~ msgid "Repeat Pa_ssword: "
-#~ msgstr "Pa_sswort wiederholen: "
-
-#~ msgid "_Protect"
-#~ msgstr "_Sch?tzen"
-
-#~ msgid "No files selected to decrypt."
-#~ msgstr "Keine Dateien zum Entschl?sseln ausgew?hlt."
-
-#~ msgid "Save decrypted file as"
-#~ msgstr "Entschl?sselte Datei speichern unter"
-
-#~ msgid "No keys selected to remove from recipients list"
-#~ msgstr "Keine Schl?ssel aus Empf?ngerliste ausgew?hlt"
-
-#~ msgid "No keys selected to add to recipients list."
-#~ msgstr "Keine Schl?ssel ausgew?hlt"
-
-#~ msgid "don't trust"
-#~ msgstr "kein Vertrauen"
-
-#~ msgid "trust marginally"
-#~ msgstr "teilweises Vertrauen"
-
-#~ msgid "trust fully"
-#~ msgstr "volles Vertrauen"
-
-#~ msgid "trust ultimately"
-#~ msgstr "vollst?ndiges Vertrauen"
-
-#~ msgid "invalid"
-#~ msgstr "ung?ltig"
-
-#~ msgid "ElGamal (sign and encrypt)"
-#~ msgstr "ElGamal (signieren und verschl?sseln)"
-
-#~ msgid "ElGamal (encrypt only)"
-#~ msgstr "ElGamal (nur verschl?sseln)"
-
-#~ msgid "!INVALID!"
-#~ msgstr "!UNG?LTIG!"
-
-#~ msgid "/_Info"
-#~ msgstr "/_Info"
-
-#~ msgid "/Info/_Warranty"
-#~ msgstr "/Info/_Gew?hrleistung"
-
-#~ msgid "Export keys"
-#~ msgstr "Schl?ssel exportieren"
-
-#~ msgid "Directory does not exist"
-#~ msgstr "Verzeichnis existiert nicht"
-
-#~ msgid ""
-#~ "Directory %s does not exist.\n"
-#~ "Do you want to create it now?"
-#~ msgstr ""
-#~ "Verzeichnis %s existiert nicht.\n"
-#~ "M?chten Sie es jetzt erstellen?"
-
-#~ msgid "Error creating directory"
-#~ msgstr "Fehler beim Erstellen des Verzeichnisses"
-
-#~ msgid "Backup Directory"
-#~ msgstr "Verzeichnis f?r Sicherheitskopie"
-
-#~ msgid ""
-#~ "Please enter a directory where your backup keys should be saved.\n"
-#~ "\n"
-#~ "GPA will create two files in that directory: pub_key.asc and sec_key.asc"
-#~ msgstr ""
-#~ "Bitte geben Sie ein Verzeichnis zur Speicherung der Sicherheitskopie "
-#~ "Ihres neuen Schl?ssels an. Wir empfehlen die Sicherung auf einer Diskette "
-#~ "(Laufwerk A:\\).\n"
-#~ "GPA wird dort die beiden Dateien pub_key.asc und sec_key.asc speichern."
-
-#~ msgid "Directory:"
-#~ msgstr "Verzeichnis:"
-
-#~ msgid "_Overwrite"
-#~ msgstr "_?berschreiben"
-
-#~ msgid "File exists"
-#~ msgstr "Datei existiert"
-
-#~ msgid "Please enter a valid directory"
-#~ msgstr "Bitte geben Sie ein g?ltiges Verzeichnis an"
-
-#~ msgid "Key Trust"
-#~ msgstr "Schl?sselvertrauen"
-
-#~ msgid "No key defined"
-#~ msgstr "Kein Schl?ssel"
-
-#~ msgid "No key backup"
-#~ msgstr "Keine Sicherheitskopie"
-
-#~ msgid "Key Trust:"
-#~ msgstr "Schl?sselvertrauen:"
-
-#~ msgid "User ID:"
-#~ msgstr "Benutzerkennung:"
-
-#~ msgid "1"
-#~ msgstr "1"
-
-#~ msgid "Keys exported."
-#~ msgstr "Schl?ssel exportiert."
-
-#~ msgid "Export to _file: "
-#~ msgstr "Exportieren in _Datei: "
-
-#~ msgid "E_xport"
-#~ msgstr "E_xportieren"
-
-#~ msgid "Export ownertrust to file"
-#~ msgstr "Benutzervertrauen in Datei exportieren"
-
-#~ msgid "No keys selected to delete."
-#~ msgstr "Keine Schl?ssel zum L?schen ausgew?hlt."
-
-#~ msgid "!FATAL ERROR: Invalid key selection info!\n"
-#~ msgstr "!FATAL ERROR: Invalid key selection info!\n"
-
-#~ msgid "Revocation certificate created."
-#~ msgstr "R?ckrufurkunde erzeugt."
-
-#~ msgid "No key selected for editing."
-#~ msgstr "Kein Schl?ssel zum Bearbeiten ausgew?hlt."
-
-#~ msgid "Create Re_vocation"
-#~ msgstr "_R?ckrufurkunde erzeugen"
-
-#~ msgid "E_xport key"
-#~ msgstr "Schl?ssel e_xportieren"
-
-#~ msgid "_Save and exit"
-#~ msgstr "_Speichern und Schlie?en"
-
-#~ msgid "E_xport keys"
-#~ msgstr "Schl?ssel e_xportieren"
-
-#~ msgid "_Edit key"
-#~ msgstr "Schl?ssel _bearbeiten"
-
-#~ msgid "No keys selected to create revocation certificate for."
-#~ msgstr "Keine Schl?ssel ausgew?hlt."
-
-#~ msgid "_Secret keys"
-#~ msgstr "Geheime _Schl?ssel"
-
-#~ msgid "Import keys"
-#~ msgstr "Schl?ssel importieren"
-
-#~ msgid "Import ownertrust"
-#~ msgstr "Benutzervertrauen importieren"
-
-#~ msgid "Trust database updated."
-#~ msgstr "Vertrauensdatenbank aktualisiert."
-
-#~ msgid ""
-#~ "No public keys available to denote\n"
-#~ "as default recipients."
-#~ msgstr ""
-#~ "Keine ?ffentlichen Schl?ssel f?r die\n"
-#~ "Auswahl der Empf?nger vorhanden."
-
-#~ msgid "_Remove from recipients"
-#~ msgstr "Aus Empf?ngerliste ent_fernen"
-
-#~ msgid "_Add to recipients"
-#~ msgstr "Zu Empf?ngerliste _hinzuf?gen"
-
-#~ msgid "/Options/Default _Recipients"
-#~ msgstr "/Optionen/_Empf?ngerliste"
-
-#~ msgid "Invalid ownertrust level."
-#~ msgstr "Ung?ltige Benutzervertrauen-Stufe."
-
-#~ msgid "_Ownertrust level: "
-#~ msgstr "_Benutzervertrauen-Stufe: "
-
-#~ msgid "_Accept"
-#~ msgstr "_?bernehmen"
-
-#~ msgid "_Open"
-#~ msgstr "_?ffnen"
-
-#~ msgid ""
-#~ "The keyserver returned an error message:\n"
-#~ "\n"
-#~ "%s"
-#~ msgstr ""
-#~ "Der Key-Server antwortete mit einer Fehlermeldung:\n"
-#~ "\n"
-#~ "%s"
-
-#~ msgid "Invalid number of fields in GnuPG colon output"
-#~ msgstr "Fehlerhafte Anzahl von Feldern im GnuPG-Ausgabetext"
-
-#~ msgid "Target file not specified"
-#~ msgstr "Ausgabedatei nicht angegeben"
-
-#~ msgid "Not a regular file"
-#~ msgstr "Keine regul?re Datei"
-
-#~ msgid "Missing file name"
-#~ msgstr "Dateiname fehlt"
-
-#~ msgid "Missing private key ID for signing"
-#~ msgstr ""
-#~ "Es wurde kein geheimer Schl?ssel angegeben,\n"
-#~ "mit dem die Unterschrift ausgef?hrt werden kann."
-
-#~ msgid "Missing public key ID(s) for encrypting"
-#~ msgstr ""
-#~ "Es wurde kein ?ffentlicher Schl?ssel angegeben,\n"
-#~ "f?r den verschl?sselt werden soll."
-
-#~ msgid "Missing passphrase for symmetric encrypting"
-#~ msgstr "Passwortsatz f?r symmetrische Verschl?sselung fehlt"
-
-#~ msgid "GnuPG execution aborted"
-#~ msgstr "Die Ausf?hrung von GnuPG wurde abgebrochen."
-
-#~ msgid "Invalid file: bad armor"
-#~ msgstr "Fehlerhafte Datei: ung?ltige ASCII-Verpackung"
-
-#~ msgid "Invalid file: bad MDC"
-#~ msgstr "Fehlerhafte Datei: ung?ltige MDC"
-
-#~ msgid "Decryption failed"
-#~ msgstr "Entschl?sselung fehlgeschlagen"
-
-#~ msgid "Delete problem"
-#~ msgstr "Problem beim L?schen"
-
-#~ msgid "Error in MDC"
-#~ msgstr "Fehler in MDC"
-
-#~ msgid "File error"
-#~ msgstr "Fehlerhafte Datei"
-
-#~ msgid "Missing passphrase"
-#~ msgstr "Passwortsatz fehlt"
-
-#~ msgid "No valid OpenPGP data found"
-#~ msgstr "Keine g?ltigen OpenPGP-Daten gefunden"
-
-#~ msgid ""
-#~ "GnuPG execution failed:\n"
-#~ "internal error while setting\n"
-#~ "command handler"
-#~ msgstr ""
-#~ "GnuPG-Ausf?hrung fehlgeschlagen:\n"
-#~ "Interner Fehler beim Setzen des\n"
-#~ "\"command handler\""
-
-#~ msgid ""
-#~ "GnuPG execution failed:\n"
-#~ "could not spawn external program"
-#~ msgstr ""
-#~ "GnuPG-Ausf?hrung fehlgeschlagen:\n"
-#~ "Externes Programm kann nicht aufgerufen werden"
-
-#~ msgid "GnuPG execution terminated"
-#~ msgstr "GnuPG-Aufruf beendet"
+#~ msgid "[S]"
+#~ msgstr "[S]"
 
-#~ msgid "Invalid number of fields in output of `gpg --check-sigs'"
-#~ msgstr ""
-#~ "Fehlerhafte Anzahl von Feldern in der Ausgabe von `gpg --check-sigs'"
+#~ msgid "[C]"
+#~ msgstr "[C]"
 
-#~ msgid "No valid public key specified"
-#~ msgstr "Kein g?ltiger ?ffentlicher Schl?ssel angegeben"
+#~ msgid "[E]"
+#~ msgstr "[E]"
 
-#~ msgid "No valid secret key specified"
-#~ msgstr "Kein g?ltiger geheimer Schl?ssel angegeben"
+#~ msgid "[A]"
+#~ msgstr "[A]"
 
-#~ msgid "No valid passphrase specified"
-#~ msgstr "Kein g?ltiger Passwortsatz angegeben"
+#~ msgid "[T]"
+#~ msgstr "[T]"

-----------------------------------------------------------------------

Summary of changes:
 po/cs.po | 2185 +++++++++++++++-----------------------------------------------
 1 file changed, 516 insertions(+), 1669 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Assistant
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Jul  3 11:54:29 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 03 Jul 2014 11:54:29 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-50-g97f887a
Message-ID: <E1X2dht-00080Y-MW@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  97f887a0f5a7eba246dd68d860d3b6518de57daf (commit)
       via  5ae34f574baca2b98a09fd982c941855558408e1 (commit)
       via  980a5669a15b18e1ddb70d8be4ad804e26bf53de (commit)
       via  5214d8f02bf65fb0a4af15ff80cf1369ccd4c167 (commit)
       via  3533860ee316918dd47501c53e910bfd0032b39d (commit)
       via  b51af333bdf77c042c9fe748616e80d1f5e4d3f9 (commit)
       via  8366503f0fb60af18504caf2ae7d53fdbed0911e (commit)
       via  5f6b77afe8923f26ba2f23f6f6e440161bbd16f1 (commit)
      from  03018ef9eec75e4d91ea53c95547a77dedef8f80 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 97f887a0f5a7eba246dd68d860d3b6518de57daf
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Post beta release update
    
    --

diff --git a/NEWS b/NEWS
index 84d1741..2fcbaeb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.1.0-betaxxx (unreleased)
+--------------------------------------------------------
+
+
 Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
 --------------------------------------------------------
 

commit 5ae34f574baca2b98a09fd982c941855558408e1
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Release 2.1.0-beta751

diff --git a/NEWS b/NEWS
index 0f2e78f..84d1741 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,34 @@
-Noteworthy changes in version 2.1.0 (unreleased)
-------------------------------------------------
+Noteworthy changes in version 2.1.0-beta751 (2014-07-03)
+--------------------------------------------------------
+
+ * gpg: Make export of secret keys work again.
+
+ * gpg: Create revocation certificates during key generation.
+
+ * gpg: Create exported secret keys and revocation certifciates with
+   mode 0700
+
+ * gpg: The output of --list-packets does now print the offset of the
+   packet and information about the packet header.
+
+ * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]
+
+ * gpg: Screen keyserver responses to avoid importing unwanted keys
+   from rogue servers.
+
+ * gpg: The validity of user ids is now shown by default.  To revert
+   this add "list-options no-show-uid-validity" to gpg.conf.
+
+ * gpg: Print more specific reason codes with the INV_RECP status.
+
+ * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
+   key generation.
+
+ * scdaemon: Support reader Gemalto IDBridge CT30 and pinpad of SCT
+   cyberJack go.
+
+ * The speedo build system has been improved.  It is now also possible
+   to build a partly working installer for Windows.
 
 
 Noteworthy changes in version 2.1.0-beta442 (2014-06-05)

commit 980a5669a15b18e1ddb70d8be4ad804e26bf53de
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    po: Auto-update
    
    --

diff --git a/po/de.po b/po/de.po
index 6008229..7cdca4a 100644
--- a/po/de.po
+++ b/po/de.po
@@ -671,9 +671,13 @@ msgstr "Ich werde sie sp?ter ?ndern"
 msgid "Delete key"
 msgstr "Schl?ssel l?schen"
 
+#, fuzzy
+#| msgid ""
+#| "Warning: This key is also listed for use with SSH!\n"
+#| "Deleting the key will may remove your ability to access remote machines."
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability to access remote machines."
+"Deleting the key might remove your ability to access remote machines."
 msgstr ""
 "WARNUNG: Dieser Schl?ssel wird auch f?r SSH benutzt!\n"
 "Das L?schen dieses Schl?ssels kann Ihren Zugriff auf entfernte Rechner\n"
@@ -4861,6 +4865,24 @@ msgstr "Widerrufzertifikat erzeugt.\n"
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "keine Widerrufsschl?ssel f?r \"%s\" gefunden\n"
 
+#, fuzzy
+#| msgid "Create a revocation certificate for this key? (y/N) "
+msgid "This is a revocation certificate for the OpenPGP key:"
+msgstr "Ein Widerrufszertifikat f?r diesen Schl?ssel erzeugen? (j/N) "
+
+msgid ""
+"Use it to revoke this key in case of a compromise or loss of\n"
+"the secret key.  However, if the secret key is still accessible,\n"
+"it is better to generate a new revocation certificate and give\n"
+"a reason for the revocation."
+msgstr ""
+
+msgid ""
+"To avoid an accidental use of this file, a colon has been inserted\n"
+"before the 5 dashes below.  Remove this colon with a text editor\n"
+"before making use of this revocation certificate."
+msgstr ""
+
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "Geheimer Schl?ssel \"%s\" nicht gefunden: %s\n"
diff --git a/po/fr.po b/po/fr.po
index 1f06f43..8f28b50 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -675,7 +675,7 @@ msgstr "activer la clef"
 
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability to access remote machines."
+"Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
@@ -4927,6 +4927,24 @@ msgstr "Certificat de r?vocation cr??.\n"
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "aucune clef de r?vocation trouv?e pour ??%s??\n"
 
+#, fuzzy
+#| msgid "Create a revocation certificate for this key? (y/N) "
+msgid "This is a revocation certificate for the OpenPGP key:"
+msgstr "Faut-il cr?er un certificat de r?vocation pour cette clef?? (o/N) "
+
+msgid ""
+"Use it to revoke this key in case of a compromise or loss of\n"
+"the secret key.  However, if the secret key is still accessible,\n"
+"it is better to generate a new revocation certificate and give\n"
+"a reason for the revocation."
+msgstr ""
+
+msgid ""
+"To avoid an accidental use of this file, a colon has been inserted\n"
+"before the 5 dashes below.  Remove this colon with a text editor\n"
+"before making use of this revocation certificate."
+msgstr ""
+
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "clef secr?te ??%s?? introuvable?: %s\n"
diff --git a/po/ja.po b/po/ja.po
index 6cfaf34..00949d9 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -656,7 +656,7 @@ msgstr "???????"
 
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability to access remote machines."
+"Deleting the key might remove your ability to access remote machines."
 msgstr ""
 
 msgid "DSA requires the hash length to be a multiple of 8 bits\n"
@@ -4740,6 +4740,24 @@ msgstr "?????????\n"
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "\"%s\"?????????????\n"
 
+#, fuzzy
+#| msgid "Create a revocation certificate for this key? (y/N) "
+msgid "This is a revocation certificate for the OpenPGP key:"
+msgstr "????????????????????? (y/N) "
+
+msgid ""
+"Use it to revoke this key in case of a compromise or loss of\n"
+"the secret key.  However, if the secret key is still accessible,\n"
+"it is better to generate a new revocation certificate and give\n"
+"a reason for the revocation."
+msgstr ""
+
+msgid ""
+"To avoid an accidental use of this file, a colon has been inserted\n"
+"before the 5 dashes below.  Remove this colon with a text editor\n"
+"before making use of this revocation certificate."
+msgstr ""
+
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "???\"%s\"????????: %s\n"
diff --git a/po/uk.po b/po/uk.po
index 164d4b5..59407b6 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -661,9 +661,13 @@ msgstr "? ????? ???? ???????"
 msgid "Delete key"
 msgstr "???????? ????"
 
+#, fuzzy
+#| msgid ""
+#| "Warning: This key is also listed for use with SSH!\n"
+#| "Deleting the key will may remove your ability to access remote machines."
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability to access remote machines."
+"Deleting the key might remove your ability to access remote machines."
 msgstr ""
 "????????????: ??? ???? ? ? ?????? ???????????? ??? SSH!\n"
 "????????? ????? ????? ???? ????????? ?? ???????????? ???????? ?????? ?? "
@@ -4828,6 +4832,24 @@ msgstr "???????? ?????????? ???????????.\n"
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "??? ?%s? ?? ???????? ?????? ???????????\n"
 
+#, fuzzy
+#| msgid "Create a revocation certificate for this key? (y/N) "
+msgid "This is a revocation certificate for the OpenPGP key:"
+msgstr "???????? ?????????? ??????????? ??? ????? ?????? (y/N ??? ?/?) "
+
+msgid ""
+"Use it to revoke this key in case of a compromise or loss of\n"
+"the secret key.  However, if the secret key is still accessible,\n"
+"it is better to generate a new revocation certificate and give\n"
+"a reason for the revocation."
+msgstr ""
+
+msgid ""
+"To avoid an accidental use of this file, a colon has been inserted\n"
+"before the 5 dashes below.  Remove this colon with a text editor\n"
+"before making use of this revocation certificate."
+msgstr ""
+
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"
 msgstr "???????? ???? ?%s? ?? ????????: %s\n"

commit 5214d8f02bf65fb0a4af15ff80cf1369ccd4c167
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Jun 24 09:53:46 2014 +0200

    gpg: Make show-uid-validity the default.

diff --git a/g10/gpg.c b/g10/gpg.c
index 3614201..da664be 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2085,9 +2085,11 @@ main (int argc, char **argv)
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.options = (KEYSERVER_HONOR_KEYSERVER_URL
                                      | KEYSERVER_HONOR_PKA_RECORD );
-    opt.verify_options = (VERIFY_SHOW_POLICY_URLS
+    opt.verify_options = (LIST_SHOW_UID_VALIDITY
+                          | VERIFY_SHOW_POLICY_URLS
                           | VERIFY_SHOW_STD_NOTATIONS
                           | VERIFY_SHOW_KEYSERVER_URLS);
+    opt.list_options   = LIST_SHOW_UID_VALIDITY;
 #ifdef NO_TRUST_MODELS
     opt.trust_model = TM_ALWAYS;
 #else

commit 3533860ee316918dd47501c53e910bfd0032b39d
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    tests: Fix end-of-all-ticks test for Western locales.
    
    * common/t-timestuff.c (test_timegm): Use timegm if available.
    (main): Set TX to UTC if timegm is not available.
    --
    
    On OpenBSD 5.3 i386 that test failed due to the use of mktime.
    
    Reported-by: Claus Assmann

diff --git a/common/t-timestuff.c b/common/t-timestuff.c
index ec55687..f39e308 100644
--- a/common/t-timestuff.c
+++ b/common/t-timestuff.c
@@ -112,7 +112,11 @@ test_timegm (void)
           tbuf.tm_hour = tvalues[tidx].hour;
           tbuf.tm_min  = tvalues[tidx].min;
           tbuf.tm_sec  = tvalues[tidx].sec;
+#ifdef HAVE_TIMEGM
+          now = timegm (&tbuf);
+#else
           now = mktime (&tbuf);
+#endif
         }
       if (now == (time_t)(-1))
         fail (tidx);
@@ -122,7 +126,11 @@ test_timegm (void)
         fail (tidx);
       tbuf = *tp;
       tbuf2 = tbuf;
+#ifdef HAVE_TIMEGM
       atime = timegm (&tbuf);
+#else
+      atime = mktime (&tbuf);
+#endif
       if (atime == (time_t)(-1))
         fail (tidx);
       if (atime != now)
@@ -146,6 +154,14 @@ main (int argc, char **argv)
   (void)argc;
   (void)argv;
 
+  /* If we do not have timegm, we use mktime.  However, we need to use
+     UTC in this case so that the 20380118T235959 test does not fail
+     for other timezones.  */
+#ifndef HAVE_TIMEGM
+  setenv ("TZ", "UTC", 1);
+  tzset ();
+#endif
+
   test_timegm ();
 
   return 0;

commit b51af333bdf77c042c9fe748616e80d1f5e4d3f9
Author: Kristian Fiskerstrand <kf at sumptuouscapital.com>
Date:   Wed Jul 2 13:32:23 2014 +0200

    gpg: Spelling error

diff --git a/agent/findkey.c b/agent/findkey.c
index b842f9e..8725afb 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1257,7 +1257,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
                 err = agent_get_confirmation
                   (ctrl,
                    _("Warning: This key is also listed for use with SSH!\n"
-                     "Deleting the key will may remove your ability to "
+                     "Deleting the key might remove your ability to "
                      "access remote machines."),
                    _("Delete key"), _("No"), 0);
                 if (err)

commit 8366503f0fb60af18504caf2ae7d53fdbed0911e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    speedo: Update w32 installer
    
    --

diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index 4d18d91..3c76c73 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -220,7 +220,7 @@ ReserveFile "${BUILD_DIR}\g4wihelp.dll"
 #ReserveFile "${TOP_SRCDIR}\doc\logo\gnupg-logo-400px.bmp"
 #ReserveFile "${W32_SRCDIR}\gnupg-splash.wav"
 ReserveFile "${TOP_SRCDIR}\COPYING"
-ReserveFile "${BUILD_DIR}\inst-options.ini"
+ReserveFile "${W32_SRCDIR}\inst-options.ini"
 #ReserveFile "${TOP_SRCDIR}\doc\logo\gnupg-logo-164x314.bmp"
 
 # Language support
@@ -303,18 +303,18 @@ Function CustomPageOptions
   !insertmacro MUI_HEADER_TEXT "$(T_InstallOptions)" "$(T_InstallOptLinks)"
 
   # Note, that the default selection is done in the ini file
-  !insertmacro MUI_INSTALLOPTIONS_WRITE "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \
 	"Field 1" "Text"  "$(T_InstOptLabelA)"
-  !insertmacro MUI_INSTALLOPTIONS_WRITE "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \
 	"Field 2" "Text"  "$(T_InstOptFieldA)"
-  !insertmacro MUI_INSTALLOPTIONS_WRITE "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \
 	"Field 3" "Text"  "$(T_InstOptFieldB)"
-  !insertmacro MUI_INSTALLOPTIONS_WRITE "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \
 	"Field 4" "Text"  "$(T_InstOptFieldC)"
-  !insertmacro MUI_INSTALLOPTIONS_WRITE "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_WRITE "${W32_SRCDIR}/inst-options.ini" \
 	"Field 5" "Text"  "$(T_InstOptLabelB)"
 
-  !insertmacro MUI_INSTALLOPTIONS_DISPLAY "${BUILD_DIR}/inst-options.ini"
+  !insertmacro MUI_INSTALLOPTIONS_DISPLAY "${W32_SRCDIR}/inst-options.ini"
 FunctionEnd
 
 
@@ -371,7 +371,7 @@ FunctionEnd
 # Check whether the start menu is actually wanted.
 
 Function CheckIfStartMenuWanted
-  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \
 	"Field 2" "State"
   IntCmp $R0 1 +2
     Abort
@@ -519,8 +519,8 @@ Section "-gnupginst"
 
   # If we are reinstalling, try to kill a possible running gpa using
   # an already installed gpa.
-  ifFileExists "$INSTDIR\bin\gpa.exe"  0 no_uiserver
-    ExecWait '"$INSTDIR\bin\gpa" --stop-server'
+  ifFileExists "$INSTDIR\bin\launch-gpa.exe"  0 no_uiserver
+    ExecWait '"$INSTDIR\bin\launch-gpa" --stop-server'
 
   no_uiserver:
 
@@ -834,8 +834,8 @@ SectionEnd
 #
 
 Section "-un.gnupglast"
-  ifFileExists "$INSTDIR\bin\gpa.exe"  0 no_uiserver
-    ExecWait '"$INSTDIR\bin\gpa" --stop-server'
+  ifFileExists "$INSTDIR\bin\launch-gpa.exe"  0 no_uiserver
+    ExecWait '"$INSTDIR\bin\launch-gpa" --stop-server'
   no_uiserver:
   ifFileExists "$INSTDIR\bin\gpgconf.exe"  0 no_gpgconf
     ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent'
@@ -1067,7 +1067,7 @@ Function .onInit
   # We can't use TOP_SRCDIR dir as the name of the file needs to be
   # the same while building and running the installer.  Thus we
   # generate the file from a template.
-  !insertmacro MUI_INSTALLOPTIONS_EXTRACT "${BUILD_DIR}/inst-options.ini"
+  !insertmacro MUI_INSTALLOPTIONS_EXTRACT "${W32_SRCDIR}/inst-options.ini"
 
   #Call CalcDepends
 FunctionEnd
@@ -1107,7 +1107,7 @@ Section "-startmenu"
   SetShellVarContext all
 
   # Check if the start menu entries where requested.
-  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \
 	"Field 2" "State"
   IntCmp $R0 0 no_start_menu
 
@@ -1139,7 +1139,7 @@ no_start_menu:
 
 
   # Check if the desktop entries where requested.
-  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \
 	"Field 3" "State"
   IntCmp $R0 0 no_desktop
 
@@ -1160,7 +1160,7 @@ no_desktop:
 
 
   # Check if the quick launch bar entries where requested.
-  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${BUILD_DIR}/inst-options.ini" \
+  !insertmacro MUI_INSTALLOPTIONS_READ $R0 "${W32_SRCDIR}/inst-options.ini" \
 	"Field 4" "State"
   IntCmp $R0 0 no_quick_launch
   StrCmp $QUICKLAUNCH $TEMP no_quick_launch

commit 5f6b77afe8923f26ba2f23f6f6e440161bbd16f1
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    doc: Add gnupg-logo.pdf
    
    --

diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf
new file mode 100644
index 0000000..a2aab4a
Binary files /dev/null and b/doc/gnupg-logo.pdf differ

-----------------------------------------------------------------------

Summary of changes:
 NEWS                          |   37 +++++++++++++++++++++++++++++++++++--
 agent/findkey.c               |    2 +-
 build-aux/speedo/w32/inst.nsi |   32 ++++++++++++++++----------------
 common/t-timestuff.c          |   16 ++++++++++++++++
 doc/gnupg-logo.pdf            |  Bin 0 -> 13838 bytes
 g10/gpg.c                     |    4 +++-
 po/de.po                      |   24 +++++++++++++++++++++++-
 po/fr.po                      |   20 +++++++++++++++++++-
 po/ja.po                      |   20 +++++++++++++++++++-
 po/uk.po                      |   24 +++++++++++++++++++++++-
 10 files changed, 155 insertions(+), 24 deletions(-)
 create mode 100644 doc/gnupg-logo.pdf


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 16 10:14:46 2014
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Wed, 16 Jul 2014 10:14:46 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-95-g4846e52
Message-ID: <E1X7KLI-0004YX-Kh@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  4846e52728970e3117f3a046ef9010be089a3ae4 (commit)
      from  1b9b00bbe41bbed32563f1102049521e703e72bd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4846e52728970e3117f3a046ef9010be089a3ae4
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Wed Jul 16 17:05:55 2014 +0900

    mpi: Add mpi_swap_cond.
    
    * mpi/mpiutil.c (_gcry_mpi_swap_cond): New.
    * src/mpi.h (mpi_swap_cond): New.
    --
    
    This is an internal function for now.

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index fdce578..f74dd91 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -542,6 +542,34 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
 }
 
 
+void
+_gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap)
+{
+  size_t i;
+  size_t nlimbs = a->alloced;
+  unsigned long mask = 0UL - !!swap;
+  unsigned long x;
+
+  if (a->alloced != b->alloced)
+    log_bug ("mpi_swap_cond: different sizes\n");
+
+  for (i = 0; i < nlimbs; i++)
+    {
+      x = mask & (a->d[i] ^ b->d[i]);
+      a->d[i] = a->d[i] ^ x;
+      b->d[i] = b->d[i] ^ x;
+    }
+
+  x = mask & (a->nlimbs ^ b->nlimbs);
+  a->nlimbs = a->nlimbs ^ x;
+  b->nlimbs = b->nlimbs ^ x;
+
+  x = mask & (a->sign ^ b->sign);
+  a->sign = a->sign ^ x;
+  b->sign = b->sign ^ x;
+}
+
+
 gcry_mpi_t
 _gcry_mpi_new (unsigned int nbits)
 {
diff --git a/src/mpi.h b/src/mpi.h
index eb0730e..2479560 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -119,12 +119,14 @@ void _gcry_mpi_immutable_failed (void);
 #define mpi_alloc_set_ui(a)   _gcry_mpi_alloc_set_ui ((a))
 #define mpi_m_check(a)        _gcry_mpi_m_check ((a))
 #define mpi_const(n)          _gcry_mpi_const ((n))
+#define mpi_swap_cond(a,b,sw)  _gcry_mpi_swap_cond ((a),(b),(sw))
 
 void _gcry_mpi_clear( gcry_mpi_t a );
 gcry_mpi_t  _gcry_mpi_alloc_like( gcry_mpi_t a );
 gcry_mpi_t  _gcry_mpi_alloc_set_ui( unsigned long u);
 void _gcry_mpi_m_check( gcry_mpi_t a );
 void _gcry_mpi_swap( gcry_mpi_t a, gcry_mpi_t b);
+void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap);
 gcry_mpi_t _gcry_mpi_new (unsigned int nbits);
 gcry_mpi_t _gcry_mpi_snew (unsigned int nbits);
 gcry_mpi_t _gcry_mpi_set_opaque_copy (gcry_mpi_t a,

-----------------------------------------------------------------------

Summary of changes:
 mpi/mpiutil.c |   28 ++++++++++++++++++++++++++++
 src/mpi.h     |    2 ++
 2 files changed, 30 insertions(+)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Jul 21 14:37:42 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 21 Jul 2014 14:37:42 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-3-g5b34e34
Message-ID: <E1X9CpQ-0007VI-EV@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  5b34e347b612765f31061d077b7c343e08662ba9 (commit)
       via  bab9cdd971f35ff47e153c00034c95e7ffeaa09a (commit)
      from  97f887a0f5a7eba246dd68d860d3b6518de57daf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5b34e347b612765f31061d077b7c343e08662ba9
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jul 21 14:37:13 2014 +0200

    gpg: Improve --list-packets output for faulty packets.
    
    * g10/parse-packet.c: Add list_mode output for certain failures.

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index b967df5..c69393a 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1,6 +1,7 @@
 /* parse-packet.c  - read packets
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
  *               2007, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -853,6 +854,8 @@ parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
 
  fail:
   log_error ("invalid marker packet\n");
+  if (list_mode)
+    es_fputs (":marker packet: [invalid]\n", listfp);
   iobuf_skip_rest (inp, pktlen, 0);
   return G10ERR_INVALID_PACKET;
 }
@@ -869,6 +872,8 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 4)
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fprintf (listfp, ":symkey enc packet: [too short]\n");
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -877,12 +882,16 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   if (version != 4)
     {
       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
+      if (list_mode)
+        es_fprintf (listfp, ":symkey enc packet: [unknown version]\n");
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
   if (pktlen > 200)
     {				/* (we encode the seskeylen in a byte) */
       log_error ("packet(%d) too large\n", pkttype);
+      if (list_mode)
+        es_fprintf (listfp, ":symkey enc packet: [too large]\n");
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -905,11 +914,15 @@ parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
       break;
     default:
       log_error ("unknown S2K mode %d\n", s2kmode);
+      if (list_mode)
+        es_fprintf (listfp, ":symkey enc packet: [unknown S2K mode]\n");
       goto leave;
     }
   if (minlen > pktlen)
     {
       log_error ("packet with S2K %d too short\n", s2kmode);
+      if (list_mode)
+        es_fprintf (listfp, ":symkey enc packet: [too short]\n");
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -983,6 +996,8 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 12)
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":pubkey enc packet: [too short]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -991,6 +1006,8 @@ parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
   if (k->version != 2 && k->version != 3)
     {
       log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
+      if (list_mode)
+        es_fputs (":pubkey enc packet: [unknown version]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -1561,6 +1578,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 16)
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":signature packet: [too short]\n", listfp);
       goto leave;
     }
   sig->version = iobuf_get_noeof (inp);
@@ -1571,6 +1590,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       log_error ("packet(%d) with unknown version %d\n",
 		 pkttype, sig->version);
+      if (list_mode)
+        es_fputs (":signature packet: [unknown version]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -1604,6 +1625,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       if (n > 10000)
 	{
 	  log_error ("signature packet: hashed data too long\n");
+          if (list_mode)
+            es_fputs (":signature packet: [hashed data too long]\n", listfp);
 	  rc = G10ERR_INVALID_PACKET;
 	  goto leave;
 	}
@@ -1616,6 +1639,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	    {
 	      log_error ("premature eof while reading "
 			 "hashed signature data\n");
+              if (list_mode)
+                es_fputs (":signature packet: [premature eof]\n", listfp);
 	      rc = -1;
 	      goto leave;
 	    }
@@ -1626,6 +1651,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
       if (n > 10000)
 	{
 	  log_error ("signature packet: unhashed data too long\n");
+          if (list_mode)
+            es_fputs (":signature packet: [unhashed data too long]\n", listfp);
 	  rc = G10ERR_INVALID_PACKET;
 	  goto leave;
 	}
@@ -1638,6 +1665,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
 	    {
 	      log_error ("premature eof while reading "
 			 "unhashed signature data\n");
+              if (list_mode)
+                es_fputs (":signature packet: [premature eof]\n", listfp);
 	      rc = -1;
 	      goto leave;
 	    }
@@ -1648,6 +1677,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 5)  /* Sanity check.  */
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":signature packet: [too short]\n", listfp);
       rc = G10ERR_INVALID_PACKET;
       goto leave;
     }
@@ -1811,6 +1842,8 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 13)
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":onepass_sig packet: [too short]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -1819,6 +1852,8 @@ parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
   if (version != 3)
     {
       log_error ("onepass_sig with unknown version %d\n", version);
+      if (list_mode)
+        es_fputs (":onepass_sig packet: [unknown version]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -1942,6 +1977,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
   else if (version != 2 && version != 3)
     {
       log_error ("packet(%d) with unknown version %d\n", pkttype, version);
+      if (list_mode)
+        es_fputs (":key packet: [unknown version]\n", listfp);
       err = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -1949,6 +1986,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
   if (pktlen < 11)
     {
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":key packet: [too short]\n", listfp);
       err = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -2405,6 +2444,8 @@ parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
   if (pktlen > 2048)
     {
       log_error ("packet(%d) too large\n", pkttype);
+      if (list_mode)
+        es_fprintf (listfp, ":user ID packet: [too large]\n");
       iobuf_skip_rest (inp, pktlen, 0);
       return G10ERR_INVALID_PACKET;
     }
@@ -2528,6 +2569,9 @@ parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
   if (pktlen > 65536)
     {
       log_error ("packet(%d) too large\n", pkttype);
+      if (list_mode)
+        es_fprintf (listfp, ":%scomment packet: [too large]\n",
+                    pkttype == PKT_OLD_COMMENT ? "OpenPGP draft " : "");
       iobuf_skip_rest (inp, pktlen, 0);
       return G10ERR_INVALID_PACKET;
     }
@@ -2605,6 +2649,8 @@ parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
   if (!partial && pktlen < 6)
     {
       log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
+      if (list_mode)
+        es_fputs (":literal data packet: [too short]\n", listfp);
       rc = gpg_error (GPG_ERR_INV_PACKET);
       goto leave;
     }
@@ -2715,6 +2761,8 @@ parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
 	{
 	  log_error ("encrypted_mdc packet with unknown version %d\n",
 		     version);
+          if (list_mode)
+            es_fputs (":encrypted data packet: [unknown version]\n", listfp);
 	  /*skip_rest(inp, pktlen); should we really do this? */
 	  rc = gpg_error (GPG_ERR_INV_PACKET);
 	  goto leave;
@@ -2731,6 +2779,8 @@ parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
     {
       /* Actually this is blocksize+2.  */
       log_error ("packet(%d) too short\n", pkttype);
+      if (list_mode)
+        es_fputs (":encrypted data packet: [too short]\n", listfp);
       rc = G10ERR_INVALID_PACKET;
       iobuf_skip_rest (inp, pktlen, partial);
       goto leave;

commit bab9cdd971f35ff47e153c00034c95e7ffeaa09a
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jul 21 13:50:36 2014 +0200

    gpg: Cap size of attribute packets at 16MB.
    
    * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
    size of packet.
    --
    
    Tavis Ormandy reported a fatal error for attribute packets with a zero
    length payload.  This is due to a check in Libgcrypt's xmalloc which
    rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
    obvious.
    
    In addition we cap the size of attribute packets similar to what we do
    with user id packets.  OpenPGP keys are not the proper way to store
    movies.

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 28f9016..b967df5 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2478,11 +2478,23 @@ parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
 
   (void) pkttype;
 
+  /* We better cap the size of an attribute packet to make DoS not too
+     easy.  16MB should be more then enough for one attribute packet
+     (ie. a photo).  */
+  if (pktlen > 16*1024*1024)
+    {
+      log_error ("packet(%d) too large\n", pkttype);
+      if (list_mode)
+        es_fprintf (listfp, ":attribute packet: [too large]\n");
+      iobuf_skip_rest (inp, pktlen, 0);
+      return G10ERR_INVALID_PACKET;
+    }
+
 #define EXTRA_UID_NAME_SPACE 71
   packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
 				       + EXTRA_UID_NAME_SPACE);
   packet->pkt.user_id->ref = 1;
-  packet->pkt.user_id->attrib_data = xmalloc (pktlen);
+  packet->pkt.user_id->attrib_data = xmalloc (pktlen? pktlen:1);
   packet->pkt.user_id->attrib_len = pktlen;
 
   p = packet->pkt.user_id->attrib_data;

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c |   64 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Jul 21 14:51:20 2014
From: cvs at cvs.gnupg.org (by Andreas Schwier)
Date: Mon, 21 Jul 2014 14:51:20 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.25-3-g5798673
Message-ID: <E1X9D2c-0007kn-C1@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  5798673156a66f4c39e1d34e358b03539194d57c (commit)
       via  9a1e195348daa9f719d34fdf4e4d6bfce4c8fb3e (commit)
      from  40215d8ecdb10d36c699aa66f6e35c43b31e4822 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5798673156a66f4c39e1d34e358b03539194d57c
Author: Andreas Schwier <andreas.schwier at cardcontact.de>
Date:   Fri Jul 18 18:22:26 2014 +0200

    scd: Allow for certificates > 1024 with PC/SC.
    
    * scd/pcsc-wrapper.c (handle_transmit): Enlarge buffer to 4096 too
    allow for larger certificates.

diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
index f3d92ff..0d572d2 100644
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@@ -714,7 +714,7 @@ handle_transmit (unsigned char *argbuf, size_t arglen)
   long err;
   struct pcsc_io_request_s send_pci;
   pcsc_dword_t recv_len;
-  unsigned char buffer[1024];
+  unsigned char buffer[4096];
 
   /* The apdu should at least be one byte. */
   if (!arglen)

commit 9a1e195348daa9f719d34fdf4e4d6bfce4c8fb3e
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Jul 21 13:50:36 2014 +0200

    gpg: Cap size of attribute packets at 16MB.
    
    * g10/parse-packet.c (parse_attribute): Avoid xmalloc failure and cap
    size of packet.
    --
    
    Tavis Ormandy reported a fatal error for attribute packets with a zero
    length payload.  This is due to a check in Libgcrypt's xmalloc which
    rejects a malloc(0) instead of silently allocating 1 byte.  The fix is
    obvious.
    
    In addition we cap the size of attribute packets similar to what we do
    with user id packets.  OpenPGP keys are not the proper way to store
    movies.
    
    Resolved conflicts:
    	g10/parse-packet.c - indentation.  Use plain fprintf.

diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index ab4655d..f1d7f71 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2214,11 +2214,22 @@ parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
 
     (void)pkttype;
 
+    /* We better cap the size of an attribute packet to make DoS not
+       too easy.  16MB should be more then enough for one attribute
+       packet (ie. a photo).  */
+    if (pktlen > 16*1024*1024) {
+        log_error ("packet(%d) too large\n", pkttype);
+        if (list_mode)
+          fprintf (listfp, ":attribute packet: [too large]\n");
+        iobuf_skip_rest (inp, pktlen, 0);
+        return G10ERR_INVALID_PACKET;
+      }
+
 #define EXTRA_UID_NAME_SPACE 71
     packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id
 					+ EXTRA_UID_NAME_SPACE);
     packet->pkt.user_id->ref=1;
-    packet->pkt.user_id->attrib_data = xmalloc(pktlen);
+    packet->pkt.user_id->attrib_data = xmalloc(pktlen? pktlen:1);
     packet->pkt.user_id->attrib_len = pktlen;
 
     p = packet->pkt.user_id->attrib_data;

-----------------------------------------------------------------------

Summary of changes:
 g10/parse-packet.c |   13 ++++++++++++-
 scd/pcsc-wrapper.c |    2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Jul 21 16:06:33 2014
From: cvs at cvs.gnupg.org (by Simon Josefsson)
Date: Mon, 21 Jul 2014 16:06:33 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
 updated. gnupg-2.0.25-4-g4500d3c
Message-ID: <E1X9EDP-0001zD-0T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-0 has been updated
       via  4500d3cb6dd3525a835c251e6104f500050cf075 (commit)
      from  5798673156a66f4c39e1d34e358b03539194d57c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4500d3cb6dd3525a835c251e6104f500050cf075
Author: Simon Josefsson <simon at josefsson.org>
Date:   Wed Jul 16 21:49:17 2014 +0200

    Add OpenPGP card manufacturer Yubico (6).

diff --git a/g10/card-util.c b/g10/card-util.c
index 57f873f..2198cb2 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -205,6 +205,7 @@ get_manufacturer (unsigned int no)
     case 0x0003: return "OpenFortress";
     case 0x0004: return "Wewid AB";
     case 0x0005: return "ZeitControl";
+    case 0x0006: return "Yubico";
 
     case 0x002A: return "Magrathea";
 

-----------------------------------------------------------------------

Summary of changes:
 g10/card-util.c |    1 +
 1 file changed, 1 insertion(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul 22 09:28:35 2014
From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov)
Date: Tue, 22 Jul 2014 09:28:35 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.0-19-g4486cb8
Message-ID: <E1X9UTo-0004SH-Bs@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  4486cb8228eeaefccc800e550cae4cd4701967c1 (commit)
       via  64902148236af8f39397bfaf6b5494b342027948 (commit)
       via  42aca4c9e575d44436e82e2e6bad6c967f12f21b (commit)
       via  21cf824e1547d94f898946715b525e7d41de5899 (commit)
       via  70bb73e5da9be83ec170829d7cdab5a1da89d408 (commit)
       via  ce85db73a9330371d456ccd6a49a8682c31d0ed4 (commit)
       via  7f9e09611fce8466a98f53c5dfe4bebb398c708f (commit)
      from  5b79ad34ea2d7a86cfe465c81ff6bcd7fc1c06fc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4486cb8228eeaefccc800e550cae4cd4701967c1
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:19 2014 +0400

    Fix two memory leaks in cert-basic test
    
    * tests/cert-basic.c (one_file): always free public key and der2.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/tests/cert-basic.c b/tests/cert-basic.c
index 1a89cd9..91b394e 100644
--- a/tests/cert-basic.c
+++ b/tests/cert-basic.c
@@ -520,11 +520,15 @@ one_file (const char *fname)
                              __FILE__, __LINE__);
                     errorcount++;
                     xfree (der2);
+                  } else {
+                    /* Don't leak memory if everything is ok. */
+                    xfree (der2);
                   }
                 xfree (tmp);
               }
             xfree (der);
           }
+        ksba_free (public);
       }
   }
 #endif

commit 64902148236af8f39397bfaf6b5494b342027948
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:18 2014 +0400

    Enable optional valgrind for testsuite
    
    * configure.ac: Enable gnulib valgrind module.
    * gl/m4/gnulib.m4: Enable valgrind module.
    * tests/Makefile.am: Enable valgrind as LOG_COMPILER.
    * gl/m4/valgrind-tests.m4: New
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/configure.ac b/configure.ac
index cc24bbf..372c20c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -362,7 +362,7 @@ AC_CHECK_FUNCS([memmove strchr strtol strtoul stpcpy gmtime_r getenv])
 # GNUlib checks
 gl_SOURCE_BASE(gl)
 gl_M4_BASE(gl/m4)
-gl_MODULES(alloca)
+gl_MODULES(alloca valgrind-tests)
 gl_INIT
 
 # To be used in ksba-config
diff --git a/gl/Makefile.am b/gl/Makefile.am
index 3e407d1..f3b46e0 100644
--- a/gl/Makefile.am
+++ b/gl/Makefile.am
@@ -9,7 +9,7 @@
 #
 # Generated by gnulib-tool.
 # Invoked as: gnulib-tool --import
-# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --aux-dir=. --libtool  alloca alloca-opt
+# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --aux-dir=. --libtool  alloca alloca-opt valgrind-tests
 
 AUTOMAKE_OPTIONS = 1.5 gnits no-dependencies
 
diff --git a/gl/m4/gnulib.m4 b/gl/m4/gnulib.m4
index 074e76e..7a975be 100644
--- a/gl/m4/gnulib.m4
+++ b/gl/m4/gnulib.m4
@@ -21,6 +21,7 @@ LTALLOCA=`echo "$ALLOCA" | sed 's/\.[^.]* /.lo /g;s/\.[^.]*$/.lo/'`
 changequote([, ])dnl
 AC_SUBST(LTALLOCA)
   gl_FUNC_ALLOCA
+  gl_VALGRIND_TESTS
 ])
 
 dnl Usage: gl_MODULES(module1 module2 ...)
diff --git a/gl/m4/valgrind-tests.m4 b/gl/m4/valgrind-tests.m4
new file mode 100644
index 0000000..66f81fb
--- /dev/null
+++ b/gl/m4/valgrind-tests.m4
@@ -0,0 +1,37 @@
+# valgrind-tests.m4 serial 3
+dnl Copyright (C) 2008-2013 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson
+
+# gl_VALGRIND_TESTS()
+# -------------------
+# Check if valgrind is available, and set VALGRIND to it if available.
+AC_DEFUN([gl_VALGRIND_TESTS],
+[
+  AC_ARG_ENABLE(valgrind-tests,
+    AS_HELP_STRING([--enable-valgrind-tests],
+                   [run self tests under valgrind]),
+    [opt_valgrind_tests=$enableval], [opt_valgrind_tests=yes])
+
+  # Run self-tests under valgrind?
+  if test "$opt_valgrind_tests" = "yes" && test "$cross_compiling" = no; then
+    AC_CHECK_PROGS(VALGRIND, valgrind)
+  fi
+
+  OPTS="-q --error-exitcode=1 --leak-check=full"
+
+  if test -n "$VALGRIND" \
+     && $VALGRIND $OPTS $SHELL -c 'exit 0' > /dev/null 2>&1; then
+    opt_valgrind_tests=yes
+    VALGRIND="$VALGRIND $OPTS"
+  else
+    opt_valgrind_tests=no
+    VALGRIND=
+  fi
+
+  AC_MSG_CHECKING([whether self tests are run under valgrind])
+  AC_MSG_RESULT($opt_valgrind_tests)
+])
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 013fb84..ae2ad4e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -60,3 +60,5 @@ oidtranstbl.h: Makefile mkoidtbl.awk
                  /usr/share ; do \
           if test -f $$i/dumpasn1.cfg; then f=$$i/dumpasn1.cfg; break; fi; \
         done; $(AWK) -f $(srcdir)/mkoidtbl.awk $$f >$@
+
+LOG_COMPILER = $(VALGRIND)

commit 42aca4c9e575d44436e82e2e6bad6c967f12f21b
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:17 2014 +0400

    Fix memory leak in crl parsing code.
    
    * src/crl.c (store_one_entry_extension): Free memory at oid variable -
      otherwise libksba leaks memory on crl parsing.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/src/crl.c b/src/crl.c
index a4b1776..87a3fa3 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -1150,6 +1150,8 @@ store_one_entry_extension (ksba_crl_t crl,
   else if (critical)
     err = gpg_error (GPG_ERR_UNKNOWN_CRIT_EXTN);
 
+  xfree (oid);
+
   return err;
 }
 

commit 21cf824e1547d94f898946715b525e7d41de5899
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:16 2014 +0400

    Adapt mkoidtbl script to newer dumpasn1 database format
    
    * tests/mkoidtbl.awk: optionally parse oid at OID line.
    
    --
    
    Debian jessie currently has dumpasn1 version 20130608-1. It uses
    dumpasn1.cfg with slightly different format:
    
    OID = 0 2 262 1 10
    Comment = Deutsche Telekom
    Description = Telesec
    
    Adapted mkoidtbl to work on both types of files.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/tests/mkoidtbl.awk b/tests/mkoidtbl.awk
index 70aae33..f6f827f 100644
--- a/tests/mkoidtbl.awk
+++ b/tests/mkoidtbl.awk
@@ -28,11 +28,15 @@ BEGIN {
 }
 
 /^[ \t]*#/ { next }
-/^OID/     { flush() }
+/^OID/     { flush()
+             oid = substr($0, index($0, "=") + 2)
+             gsub (/[ \t]+/, ".", oid)
+}
 /^Comment/ { comment = substr($0, index($0, "=") + 2 )
              gsub(/\r/, "", comment)
              gsub (/\\/, "\\\\", comment)
              gsub (/"/, "\\\"", comment)
+             gsub (/\(\?\?\?\)/, "(?)", comment)
 }
 /^Description/ {
   desc = substr($0, index($0, "=") + 2)
@@ -40,11 +44,11 @@ BEGIN {
   if (match (desc, /\([0-9 \t]+\)/) > 2) {
     oid = substr(desc, RSTART+1, RLENGTH-2 )
     desc = substr(desc, 1, RSTART-1);
-    gsub (/[ \t]+/, ".", oid)
-    gsub (/\\/, "\\\\", desc)
-    gsub (/"/, "\\\"", desc)
-    sub (/[ \t]*$/, "", desc)
   }
+  gsub (/[ \t]+/, ".", oid)
+  gsub (/\\/, "\\\\", desc)
+  gsub (/"/, "\\\"", desc)
+  sub (/[ \t]*$/, "", desc)
 }
 
 END { flush();  print "  { NULL, NULL, NULL }\n};"  }

commit 70bb73e5da9be83ec170829d7cdab5a1da89d408
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:15 2014 +0400

    Reuse common test functions in cert-basic test
    
    * tests/cert-basic.c (xmalloc, print_hex, print_sexp, print_time,
      print_dn): Drop.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/tests/cert-basic.c b/tests/cert-basic.c
index a70867f..1a89cd9 100644
--- a/tests/cert-basic.c
+++ b/tests/cert-basic.c
@@ -28,6 +28,7 @@
 #include "../src/keyinfo.h"
 
 #include "oidtranstbl.h"
+#include "t-common.h"
 
 #ifdef __MINGW32CE__
 #define getenv(a) (NULL)
@@ -54,127 +55,6 @@ static int verbose;
 static int errorcount = 0;
 
 
-static void *
-xmalloc (size_t n)
-{
-  char *p = ksba_malloc (n);
-  if (!p)
-    {
-      fprintf (stderr, "out of core\n");
-      exit (1);
-    }
-  return p;
-}
-
-
-void
-print_hex (const unsigned char *p, size_t n)
-{
-  if (!p)
-    fputs ("none", stdout);
-  else
-    {
-      for (; n; n--, p++)
-        printf ("%02X", *p);
-    }
-}
-
-
-
-static void
-print_sexp (ksba_const_sexp_t p)
-{
-  int level = 0;
-
-  if (!p)
-    fputs ("[none]", stdout);
-  else
-    {
-      for (;;)
-        {
-          if (*p == '(')
-            {
-              putchar (*p);
-              p++;
-              level++;
-            }
-          else if (*p == ')')
-            {
-              putchar (*p);
-              p++;
-              if (--level <= 0 )
-                return;
-            }
-          else if (!digitp (p))
-            {
-              fputs ("[invalid s-exp]", stdout);
-              return;
-            }
-          else
-            {
-              char *endp;
-              unsigned long n, i;
-              int need_hex;
-
-              n = strtoul (p, &endp, 10);
-              p = endp;
-              if (*p != ':')
-                {
-                  fputs ("[invalid s-exp]", stdout);
-                  return;
-                }
-              p++;
-              for (i=0; i < n; i++)
-                if ( !((p[i] >='A' && p[i] <= 'Z')
-                       || (p[i] >='a' && p[i] <='z')
-                       || (p[i] >='0' && p[i] <='9')
-                       || p[i] == '-'
-                       || p[i] == '.'))
-                  break;
-              need_hex = (i<n);
-              if (!n /* n==0 is not allowed, but anyway.  */
-                  || (!need_hex
-                      && !((*p >='A' && *p <= 'Z') || (*p >='a' && *p <='z'))))
-                printf ("%lu:", n);
-
-              if (need_hex)
-                {
-                  putchar('#');
-                  for (; n; n--, p++)
-                    printf ("%02X", *p);
-                  putchar('#');
-                }
-              else
-                {
-                  for (; n; n--, p++)
-                    putchar (*p);
-                }
-              putchar(' ');
-            }
-        }
-    }
-}
-
-static void
-print_time (ksba_isotime_t t)
-{
-  if (!t || !*t)
-    fputs ("none", stdout);
-  else
-    printf ("%.4s-%.2s-%.2s %.2s:%.2s:%s", t, t+4, t+6, t+9, t+11, t+13);
-}
-
-static void
-print_dn (char *p)
-{
-
-  if (!p)
-    fputs ("error", stdout);
-  else
-    printf ("`%s'", p);
-}
-
-
 static void
 print_names (int indent, ksba_name_t name)
 {

commit ce85db73a9330371d456ccd6a49a8682c31d0ed4
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:14 2014 +0400

    tests: fix print_sexp and print_sexp_hex functions
    
    * tests/t-common.h (print_sexp, print_sexp_hex): advance pointer on
      closing brace.
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/tests/t-common.h b/tests/t-common.h
index 71512a9..cf82f3e 100644
--- a/tests/t-common.h
+++ b/tests/t-common.h
@@ -110,6 +110,7 @@ print_sexp (ksba_const_sexp_t p)
           else if (*p == ')')
             {
               putchar (*p);
+              p++;
               if (--level <= 0 )
                 return;
             }
@@ -176,6 +177,7 @@ print_sexp_hex (ksba_const_sexp_t p)
           else if (*p == ')')
             {
               putchar (*p);
+              p++;
               if (--level <= 0 )
                 return;
             }

commit 7f9e09611fce8466a98f53c5dfe4bebb398c708f
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date:   Sat Jul 12 15:11:13 2014 +0400

    tests: Pass -no-install to libtool
    
    * tests/Makefile.am: add AM_LDFLAGS = -no-install
    
    Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 3680049..013fb84 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -42,6 +42,7 @@ CLEANFILES = oidtranstbl.h
 TESTS = cert-basic t-crl-parser t-dnparser
 
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
+AM_LDFLAGS = -no-install
 
 noinst_HEADERS = t-common.h
 noinst_PROGRAMS = $(TESTS) t-cms-parser t-crl-parser t-dnparser t-ocsp t-oid

-----------------------------------------------------------------------

Summary of changes:
 configure.ac            |    2 +-
 gl/Makefile.am          |    2 +-
 gl/m4/gnulib.m4         |    1 +
 gl/m4/valgrind-tests.m4 |   37 ++++++++++++++
 src/crl.c               |    2 +
 tests/Makefile.am       |    3 ++
 tests/cert-basic.c      |  126 ++---------------------------------------------
 tests/mkoidtbl.awk      |   14 ++++--
 tests/t-common.h        |    2 +
 9 files changed, 61 insertions(+), 128 deletions(-)
 create mode 100644 gl/m4/valgrind-tests.m4


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul 22 14:28:11 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 22 Jul 2014 14:28:11 +0200
Subject: [git] KSBA - branch, master, updated. libksba-1.3.0-20-g17b7e05
Message-ID: <E1X9Z9j-0001WQ-Vf@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "KSBA is a library to access X.509 certificates and CMS data.".

The branch, master has been updated
       via  17b7e056530179a3aad2398a2a096f494a22b248 (commit)
      from  4486cb8228eeaefccc800e550cae4cd4701967c1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 17b7e056530179a3aad2398a2a096f494a22b248
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Jul 22 14:05:52 2014 +0200

    Update gpl.texi from GnuPG to fix syntax errors.
    
    --

diff --git a/doc/gpl.texi b/doc/gpl.texi
index 244ba13..d13e9e4 100644
--- a/doc/gpl.texi
+++ b/doc/gpl.texi
@@ -659,12 +659,15 @@ an absolute waiver of all civil liability in connection with the
 Program, unless a warranty or assumption of liability accompanies a
 copy of the Program in return for a fee.
 
+ at end enumerate
+
 @iftex
 @heading END OF TERMS AND CONDITIONS
 @end iftex
 @ifinfo
 @center END OF TERMS AND CONDITIONS
 @end ifinfo
+
 @unnumberedsec How to Apply These Terms to Your New Programs
 
 If you develop a new program, and you want it to be of the greatest
@@ -675,8 +678,10 @@ terms.
 To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
-the ``copyright'' line and a pointer to where the full notice is found.
- at smallexample
+the ``copyright'' line and a pointer to where the full notice is
+found.
+
+ at example
 @var{one line to give the program's name and a brief idea of what it does.}
 Copyright (C) @var{year} @var{name of author}
 
@@ -692,17 +697,21 @@ General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with this program.  If not, see @url{http://www.gnu.org/licenses/}.
- at end smallexample
+ at end example
 
+ at noindent
 Also add information on how to contact you by electronic and paper mail.
 
+ at noindent
 If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
 @smallexample
 @var{program} Copyright (C) @var{year} @var{name of author}
-This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}.
-This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details.
+This program comes with ABSOLUTELY NO WARRANTY; for details
+type @samp{show w}.  This is free software, and you are
+welcome to redistribute it under certain conditions;
+type @samp{show c} for details.
 @end smallexample
 
 The hypothetical commands @samp{show w} and @samp{show c} should show
@@ -721,5 +730,3 @@ library, you may consider it more useful to permit linking proprietary
 applications with the library.  If this is what you want to do, use
 the GNU Lesser General Public License instead of this License.  But
 first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}.
-
- at end enumerate

-----------------------------------------------------------------------

Summary of changes:
 doc/gpl.texi |   21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
KSBA is a library to access X.509 certificates and CMS data.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Tue Jul 22 18:58:30 2014
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 22 Jul 2014 18:58:30 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-2-gd48a6f0
Message-ID: <E1X9dNK-00052M-Hk@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  d48a6f0a26fd03b760791332a17b12fd7a6110c1 (commit)
      from  bcc002d266e0bbe6a817c74db377218a66dbe105 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d48a6f0a26fd03b760791332a17b12fd7a6110c1
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Jul 22 18:53:57 2014 +0200

    Look up SMTP Address by property
    
        Use the PropertyAccessor interface to look up the
        "hidden" SMTP Address property.
    
        * src/oomhelp.cpp (get_pa_string): New. Get a string using
        the property accessor of an object.
        (get_oom_recipients): Prefer the PR_SMTP_ADDRESS property over
        the direct Address.
        * src/oomhelp.h (PR_SMTP_ADDRESS): New define.
        * NEWS: Mention this.
    
    --
        The direct usage of the Address property of a Recipient
        resulted in failures in case the Address Type was not SMTP.
    
        This commit has only been tested with SMTP Addresses.
    
        The PR_SMTP_ADDRESS value is documented on:
        http://msdn.microsoft.com/en-us/library/office/
        ff868695%28v=office.15%29.aspx

diff --git a/NEWS b/NEWS
index f5d6f9f..2b9e3a1 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,8 @@
 Noteworthy changes for version 1.2.1 (unreleased)
 =================================================
 
+ * Fixed recipient lookup problems when using exchange or active
+ directory.
 
 Noteworthy changes for version 1.2.0 (2013-08-19)
 =================================================
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index a0e25ff..0ac567d 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -789,6 +789,78 @@ get_oom_context_window (LPDISPATCH context)
   return ret;
 }
 
+
+/* Get a property string by using the PropertyAccessor of pDisp
+ * returns NULL on error or a newly allocated result. */
+char *
+get_pa_string (LPDISPATCH pDisp, const char *property)
+{
+  LPDISPATCH propertyAccessor;
+  VARIANT rVariant,
+          cVariant[1];
+  BSTR b_property;
+  DISPID dispid;
+  DISPPARAMS dispparams;
+  HRESULT hr;
+  EXCEPINFO execpinfo;
+  wchar_t *w_property;
+  unsigned int argErr = 0;
+  char *result = NULL;
+
+  propertyAccessor = get_oom_object (pDisp, "PropertyAccessor");
+  if (!propertyAccessor)
+    {
+      log_error ("%s:%s: Failed to look up property accessor.",
+                 SRCNAME, __func__);
+      /* Fall back to address field on error. */
+      return NULL;
+    }
+
+  dispid = lookup_oom_dispid (propertyAccessor, "GetProperty");
+
+  if (dispid == DISPID_UNKNOWN)
+  {
+    log_error ("%s:%s: could not find GetProperty DISPID",
+               SRCNAME, __func__);
+    return NULL;
+  }
+
+  /* Prepare the parameter */
+  w_property = utf8_to_wchar (property);
+  b_property = SysAllocString (w_property);
+  xfree (w_property);
+
+  cVariant[0].vt = VT_BSTR;
+  cVariant[0].bstrVal = b_property;
+  dispparams.rgvarg = cVariant;
+  dispparams.cArgs = 1;
+  dispparams.cNamedArgs = 0;
+  VariantInit (&rVariant);
+
+  hr = propertyAccessor->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT,
+                                 DISPATCH_METHOD, &dispparams,
+                                 &rVariant, &execpinfo, &argErr);
+  if (hr != S_OK)
+    {
+      log_debug ("%s:%s: error: invoking GetPrperty p=%p vt=%d hr=0x%x argErr=0x%x",
+                 SRCNAME, __func__,
+                 rVariant.pdispVal, rVariant.vt, (unsigned int)hr,
+                 (unsigned int)argErr);
+      dump_excepinfo (execpinfo);
+    }
+  else if (rVariant.vt != VT_BSTR)
+    log_debug ("%s:%s: Property `%s' is not a string (vt=%d)",
+               SRCNAME, __func__, property, rVariant.vt);
+  else if (rVariant.bstrVal)
+    result = wchar_to_utf8 (rVariant.bstrVal);
+
+  SysFreeString (b_property);
+  RELDISP (propertyAccessor);
+  VariantClear (&rVariant);
+
+  return result;
+}
+
 /* Gets a malloced NULL terminated array of recipent strings from
    an OOM recipients Object. */
 char **
@@ -820,7 +892,26 @@ get_oom_recipients (LPDISPATCH recipients)
                      SRCNAME, __func__, i);
           break;
         }
-      recipientAddrs[i-1] = get_oom_string (recipient, "Address");
+      else
+        {
+          char *address,
+               *resolved;
+          address = get_oom_string (recipient, "Address");
+          log_debug ("%s:%s: Looking up smtp address for %s;",
+                     SRCNAME, __func__, address);
+          resolved = get_pa_string (recipient, PR_SMTP_ADDRESS);
+          if (resolved)
+            {
+              xfree (address);
+              recipientAddrs[i-1] = resolved;
+              log_debug ("%s:%s: Resolved address is %s;",
+                         SRCNAME, __func__, resolved);
+              continue;
+            }
+          log_debug ("%s:%s: Failed to look up SMTP Address;",
+                     SRCNAME, __func__);
+          recipientAddrs[i-1] = address;
+        }
     }
   return recipientAddrs;
 }
diff --git a/src/oomhelp.h b/src/oomhelp.h
index 7858b42..1919973 100644
--- a/src/oomhelp.h
+++ b/src/oomhelp.h
@@ -67,6 +67,9 @@ DEFINE_OLEGUID(IID_IUnknown,                  0x00000000, 0, 0);
 DEFINE_OLEGUID(IID_IDispatch,                 0x00020400, 0, 0);
 DEFINE_OLEGUID(IID_IOleWindow,                0x00000114, 0, 0);
 
+#ifndef PR_SMTP_ADDRESS
+#define PR_SMTP_ADDRESS "http://schemas.microsoft.com/mapi/proptag/0x39FE001E"
+#endif
 
 #ifdef __cplusplus
 extern "C" {

-----------------------------------------------------------------------

Summary of changes:
 NEWS            |    2 ++
 src/oomhelp.cpp |   93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 src/oomhelp.h   |    3 ++
 3 files changed, 97 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 23 08:52:25 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Jul 2014 08:52:25 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-5-g834b4a2
Message-ID: <E1X9qOL-0001sc-3n@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  834b4a28f73e44a017e5846de163cd62a524e7b6 (commit)
       via  bc6b452129178658da7241903ca2174c79281752 (commit)
      from  5b34e347b612765f31061d077b7c343e08662ba9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 834b4a28f73e44a017e5846de163cd62a524e7b6
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 08:52:10 2014 +0200

    Register DCO for Andreas Schwier
    
    --

diff --git a/AUTHORS b/AUTHORS
index 8358faf..539d24b 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -159,6 +159,9 @@ Yutaka Niibe   Assigns Past and Future Changes
 Authors with a DCO
 ==================
 
+Andreas Schwier <andreas.schwier at cardcontact.de>
+2014-07-22:53CED1D8.1010306 at cardcontact.de:
+
 Christian Aistleitner <christian at quelltextlich.at>
 2013-05-26:20130626112332.GA2228 at quelltextlich.at:
 
@@ -178,7 +181,6 @@ Werner Koch <wk at gnupg.org>
 2013-03-29:87620ahchj.fsf at vigenere.g10code.de:
 
 
-
 Other authors
 =============
 

commit bc6b452129178658da7241903ca2174c79281752
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Jul 22 16:16:33 2014 +0200

    scd: Do not use the pcsc-wrapper.
    
    * scd/apdu.c (NEED_PCSC_WRAPPER): Do not define.
    * scd/Makefile.am (libexec_PROGRAMS): Remove gnupg-pcsc-wrapper
    (gnupg_pcsc_wrapper_SOURCES): Remove.
    (gnupg_pcsc_wrapper_LDADD): Remove.
    (gnupg_pcsc_wrapper_CFLAGS): Remove.

diff --git a/scd/Makefile.am b/scd/Makefile.am
index 577b4a0..215933a 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -19,11 +19,7 @@
 
 EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc
 
-if HAVE_W32_SYSTEM
 libexec_PROGRAMS = scdaemon
-else
-libexec_PROGRAMS = scdaemon gnupg-pcsc-wrapper
-endif
 
 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
 
@@ -72,6 +68,3 @@ scdaemon_LDADD = $(libcommonpth) ../gl/libgnu.a \
 #	 $(LIBUSB_LIBS) \
 #        -lgpg-error @LIBINTL@ @DL_LIBS@
 #
-gnupg_pcsc_wrapper_SOURCES = pcsc-wrapper.c
-gnupg_pcsc_wrapper_LDADD = $(DL_LIBS)
-gnupg_pcsc_wrapper_CFLAGS =
diff --git a/scd/apdu.c b/scd/apdu.c
index c7d4735..609103f 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -66,8 +66,9 @@
 #include "ccid-driver.h"
 
 /* Due to conflicting use of threading libraries we usually can't link
-   against libpcsclite.   Instead we use a wrapper program.  */
-#ifdef USE_NPTH
+   against libpcsclite if we are using Pth.  Instead we use a wrapper
+   program.  Note that with nPth there is no need for a wrapper. */
+#ifdef USE_PTH  /* Right, plain old Pth.  */
 #if !defined(HAVE_W32_SYSTEM) && !defined(__CYGWIN__)
 #define NEED_PCSC_WRAPPER 1
 #endif
diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c
index e20e111..b3060e1 100644
--- a/scd/pcsc-wrapper.c
+++ b/scd/pcsc-wrapper.c
@@ -20,7 +20,8 @@
 /*
   This wrapper is required to handle problems with the libpscslite
   library.  That library assumes that pthreads are used and fails
-  badly if one tries to use it with a procerss using Pth.
+  badly if one tries to use it with a process using Pth.  Note that
+  the wrapper is not required if nPth is used.
 
   The operation model is pretty simple: It reads requests from stdin
   and returns the answer on stdout.  There is no direct mapping to the

-----------------------------------------------------------------------

Summary of changes:
 AUTHORS            |    4 +++-
 scd/Makefile.am    |    7 -------
 scd/apdu.c         |    5 +++--
 scd/pcsc-wrapper.c |    3 ++-
 4 files changed, 8 insertions(+), 11 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 23 15:13:10 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Jul 2014 15:13:10 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-8-gea18654
Message-ID: <E1X9wKo-0007CH-9T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  ea186540db5b418bc6f6e5ca90337672c9981c88 (commit)
       via  75127bc4561787aa9bc1cf976658e20192446d7f (commit)
       via  17404b2fccbc74c4f0b2364cc08e9dcc64175cf8 (commit)
      from  834b4a28f73e44a017e5846de163cd62a524e7b6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ea186540db5b418bc6f6e5ca90337672c9981c88
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 15:12:43 2014 +0200

    gpg: Add command --quick-gen-key
    
    * g10/gpg.c (aQuickKeygen): New.
    * g10/misc.c (is_valid_user_id): New stub.
    * g10/keygen.c (quickgen_set_para): New.
    (quick_generate_keypair): New.
    --
    
    Note that the validation of the specified user id has not yet been
    implemented.

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 3370ff2..e0b0039 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -592,14 +592,29 @@ This section explains the main commands for key management
 
 @table @gnupgtabopt
 
+ at ifset gpgtwoone
+ at item --quick-gen-key @code{user-id}
+ at opindex quick-gen-key
+This is simple command to generate a standard key with one user id.
+In contrast to @option{--gen-key} the key is generated directly
+without the need to answer a bunch of prompts.  Unless the option
+ at option{--yes} is given, the key creation will be canceled if the
+given user id already exists in the key ring.
+
+If invoked directly on the console without any special options an
+answer to a ``Continue?'' style confirmation prompt is required.  In
+case the user id already exists in the key ring a second prompt to
+force the creation of the key will show up.
+ at end ifset
+
 @item --gen-key
 @opindex gen-key
 Generate a new key pair. This command is normally only used
 interactively.
 
-There is an experimental feature which allows you to create keys in
-batch mode. See the file @file{doc/DETAILS} in the source distribution
-on how to use this.
+There is also a feature which allows you to create keys in batch
+mode. See the file @file{doc/DETAILS} in the source distribution on
+how to use this.
 
 @item --gen-revoke @code{name}
 @opindex gen-revoke
diff --git a/g10/gpg.c b/g10/gpg.c
index da664be..1f840c6 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -106,6 +106,7 @@ enum cmd_and_opt_values
     aDecryptFiles,
     aClearsign,
     aStore,
+    aQuickKeygen,
     aKeygen,
     aSignEncr,
     aSignEncrSym,
@@ -406,6 +407,8 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_c (aCheckKeys, "check-sigs",N_("list and check key signatures")),
   ARGPARSE_c (oFingerprint, "fingerprint", N_("list keys and fingerprints")),
   ARGPARSE_c (aListSecretKeys, "list-secret-keys", N_("list secret keys")),
+  ARGPARSE_c (aQuickKeygen,  "quick-gen-key" ,
+              N_("quickly generate a new key pair")),
   ARGPARSE_c (aKeygen,	   "gen-key",  N_("generate a new key pair")),
   ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")),
   ARGPARSE_c (aDeleteKeys,"delete-keys",
@@ -2279,6 +2282,7 @@ main (int argc, char **argv)
 	  case aSignKey:
 	  case aLSignKey:
 	  case aStore:
+	  case aQuickKeygen:
 	  case aExportOwnerTrust:
 	  case aImportOwnerTrust:
           case aRebuildKeydbCaches:
@@ -3612,6 +3616,7 @@ main (int argc, char **argv)
       case aPasswd:
       case aDeleteSecretKeys:
       case aDeleteSecretAndPublicKeys:
+      case aQuickKeygen:
       case aKeygen:
       case aImport:
       case aExportSecret:
@@ -3895,6 +3900,14 @@ main (int argc, char **argv)
 	free_strlist (sl);
 	break;
 
+      case aQuickKeygen:
+        if (argc != 1 )
+          wrong_args("--gen-key user-id");
+        username = make_username (fname);
+        quick_generate_keypair (username);
+        xfree (username);
+        break;
+
       case aKeygen: /* generate a key */
 	if( opt.batch ) {
 	    if( argc > 1 )
diff --git a/g10/keygen.c b/g10/keygen.c
index 4509231..d6b2dd0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1,6 +1,7 @@
 /* keygen.c - generate a key pair
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
  *               2007, 2009, 2010, 2011  Free Software Foundation, Inc.
+ * Copyright (C) 2014  Werner Koch
  *
  * This file is part of GnuPG.
  *
@@ -3408,6 +3409,129 @@ read_parameter_file( const char *fname )
 }
 
 
+/* Helper for quick_generate_keypair.  */
+static struct para_data_s *
+quickgen_set_para (struct para_data_s *para, int for_subkey,
+                   int algo, int nbits, const char *curve)
+{
+  struct para_data_s *r;
+
+  r = xmalloc_clear (sizeof *r + 20);
+  r->key = for_subkey? pSUBKEYUSAGE :  pKEYUSAGE;
+  strcpy (r->u.value, for_subkey ? "encrypt" : "sign");
+  r->next = para;
+  para = r;
+  r = xmalloc_clear (sizeof *r + 20);
+  r->key = for_subkey? pSUBKEYTYPE : pKEYTYPE;
+  sprintf (r->u.value, "%d", algo);
+  r->next = para;
+  para = r;
+
+  if (curve)
+    {
+      r = xmalloc_clear (sizeof *r + strlen (curve));
+      r->key = for_subkey? pSUBKEYCURVE : pKEYCURVE;
+      strcpy (r->u.value, curve);
+      r->next = para;
+      para = r;
+    }
+  else
+    {
+      r = xmalloc_clear (sizeof *r + 20);
+      r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH;
+      sprintf (r->u.value, "%u", nbits);
+      r->next = para;
+      para = r;
+    }
+
+  return para;
+}
+
+
+
+/*
+ * Unattended generaion of a standard key.
+ */
+void
+quick_generate_keypair (const char *uid)
+{
+  gpg_error_t err;
+  struct para_data_s *para = NULL;
+  struct para_data_s *r;
+  struct output_control_s outctrl;
+  int use_tty;
+
+  memset (&outctrl, 0, sizeof outctrl);
+
+  use_tty = (!opt.batch && !opt.answer_yes
+             && !cpr_enabled ()
+             && gnupg_isatty (fileno (stdin))
+             && gnupg_isatty (fileno (stdout))
+             && gnupg_isatty (fileno (stderr)));
+
+  r = xmalloc_clear (sizeof *r + strlen (uid));
+  r->key = pUSERID;
+  strcpy (r->u.value, uid);
+  r->next = para;
+  para = r;
+
+  uid = trim_spaces (r->u.value);
+  if (!*uid || (!opt.allow_freeform_uid && !is_valid_user_id (uid)))
+    {
+      log_error (_("Key generation failed: %s\n"),
+                 gpg_strerror (GPG_ERR_INV_USER_ID));
+      goto leave;
+    }
+
+  /* If gpg is directly used on the console ask whether a key with the
+     given user id shall really be created.  */
+  if (use_tty)
+    {
+      tty_printf (_("About to create a key for:\n    \"%s\"\n\n"), uid);
+      if (!cpr_get_answer_is_yes_def ("quick_keygen.okay",
+                                      _("Continue? (Y/n) "), 1))
+        goto leave;
+    }
+
+  /* Check whether such a user ID already exists.  */
+  {
+    KEYDB_HANDLE kdbhd;
+    KEYDB_SEARCH_DESC desc;
+
+    memset (&desc, 0, sizeof desc);
+    desc.mode = KEYDB_SEARCH_MODE_EXACT;
+    desc.u.name = uid;
+
+    kdbhd = keydb_new ();
+    err = keydb_search (kdbhd, &desc, 1, NULL);
+    keydb_release (kdbhd);
+    if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
+      {
+        log_info (_("A key for \"%s\" already exists\n"), uid);
+        if (opt.answer_yes)
+          ;
+        else if (!use_tty
+                 || !cpr_get_answer_is_yes_def ("quick_keygen.force",
+                                                _("Create anyway? (y/N) "), 0))
+          {
+            log_inc_errorcount ();  /* we used log_info */
+            goto leave;
+          }
+        log_info (_("creating anyway\n"));
+      }
+  }
+
+  para = quickgen_set_para (para, 0, PUBKEY_ALGO_RSA, 2048, NULL);
+  para = quickgen_set_para (para, 1, PUBKEY_ALGO_RSA, 2048, NULL);
+  /* para = quickgen_set_para (para, 0, PUBKEY_ALGO_EDDSA, 0, "Ed25519"); */
+  /* para = quickgen_set_para (para, 1, PUBKEY_ALGO_ECDH,  0, "Curve25519"); */
+
+  proc_parameter_file (para, "[internal]", &outctrl, 0);
+ leave:
+  release_parameter_list (para);
+}
+
+
 /*
  * Generate a keypair (fname is only used in batch mode) If
  * CARD_SERIALNO is not NULL the function will create the keys on an
diff --git a/g10/main.h b/g10/main.h
index d39c7c8..4ec4bbf 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -154,6 +154,7 @@ int parse_options(char *str,unsigned int *options,
 		  struct parse_options *opts,int noisy);
 int has_invalid_email_chars (const char *s);
 int is_valid_mailbox (const char *name);
+int is_valid_user_id (const char *uid);
 const char *get_libexecdir (void);
 int path_access(const char *file,int mode);
 
@@ -247,6 +248,7 @@ void show_basic_key_info (KBNODE keyblock);
 u32 parse_expire_string(const char *string);
 u32 ask_expire_interval(int object,const char *def_expire);
 u32 ask_expiredate(void);
+void quick_generate_keypair (const char *uid);
 void generate_keypair (ctrl_t ctrl, const char *fname,
                        const char *card_serialno, int card_backup_key);
 int keygen_set_std_prefs (const char *string,int personal);
diff --git a/g10/misc.c b/g10/misc.c
index e219d76..0125da4 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1499,6 +1499,20 @@ is_valid_mailbox (const char *name)
 }
 
 
+/* Check whether UID is a valid standard user id of the form
+     "Heinrich Heine <heinrichh at duesseldorf.de>"
+   and return true if this is the case. */
+int
+is_valid_user_id (const char *uid)
+{
+  if (!uid || !*uid)
+    return 0;
+
+  return 1;
+}
+
+
+
 /* Similar to access(2), but uses PATH to find the file. */
 int
 path_access(const char *file,int mode)

commit 75127bc4561787aa9bc1cf976658e20192446d7f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 14:35:22 2014 +0200

    common: Add cpr_get_answer_is_yes_def()
    
    * g10/cpr.c (cpr_get_answer_is_yes): Factor code out to ....
    (cpr_get_answer_is_yes_def): ...new.

diff --git a/g10/cpr.c b/g10/cpr.c
index 99c8eec..9fc9e09 100644
--- a/g10/cpr.c
+++ b/g10/cpr.c
@@ -493,7 +493,7 @@ cpr_kill_prompt(void)
 }
 
 int
-cpr_get_answer_is_yes( const char *keyword, const char *prompt )
+cpr_get_answer_is_yes_def (const char *keyword, const char *prompt, int def_yes)
 {
     int yes;
     char *p;
@@ -509,7 +509,7 @@ cpr_get_answer_is_yes( const char *keyword, const char *prompt )
 	}
 	else {
 	    tty_kill_prompt();
-	    yes = answer_is_yes(p);
+	    yes = answer_is_yes_no_default (p, def_yes);
 	    xfree(p);
 	    return yes;
 	}
@@ -517,6 +517,12 @@ cpr_get_answer_is_yes( const char *keyword, const char *prompt )
 }
 
 int
+cpr_get_answer_is_yes (const char *keyword, const char *prompt)
+{
+  return cpr_get_answer_is_yes_def (keyword, prompt, 0);
+}
+
+int
 cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt )
 {
     int yes;
diff --git a/g10/main.h b/g10/main.h
index e75f616..d39c7c8 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -191,6 +191,8 @@ char *cpr_get_no_help( const char *keyword, const char *prompt );
 char *cpr_get_utf8( const char *keyword, const char *prompt );
 char *cpr_get_hidden( const char *keyword, const char *prompt );
 void cpr_kill_prompt(void);
+int  cpr_get_answer_is_yes_def (const char *keyword, const char *prompt,
+                                int def_yes);
 int  cpr_get_answer_is_yes( const char *keyword, const char *prompt );
 int  cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt );
 int  cpr_get_answer_okay_cancel (const char *keyword,

commit 17404b2fccbc74c4f0b2364cc08e9dcc64175cf8
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 12:18:19 2014 +0200

    gpg: Make --quick-sign-key promote local key signatures.
    
    * g10/keyedit.c (sign_uids): Promote local sigs in quick mode.

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 5efc16e..3370ff2 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -932,7 +932,9 @@ interaction.  The @code{fpr} must be the verified primary fingerprint
 of a key in the local keyring. If no @code{names} are given, all
 useful user ids are signed; with given [@code{names}] only useful user
 ids matching one of theses names are signed.  The command
- at option{--quick-lsign-key} marks the signatures as non-exportable.
+ at option{--quick-lsign-key} marks the signatures as non-exportable.  If
+such a non-exportable signature already exists the
+ at option{--quick-sign-key} turns it into a exportable signature.
 
 This command uses reasonable defaults and thus does not provide the
 full flexibility of the "sign" subcommand from @option{--edit-key}.
diff --git a/g10/keyedit.c b/g10/keyedit.c
index a91beaf..c5f02f7 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -767,9 +767,7 @@ sign_uids (estream_t fp,
 		      tty_fprintf (fp, _("Your current signature on \"%s\"\n"
                                          "is a local signature.\n"), user);
 
-                      if (quick)
-                        ;
-		      else if (cpr_get_answer_is_yes
+		      if (quick || cpr_get_answer_is_yes
 			  ("sign_uid.local_promote_okay",
 			   _("Do you want to promote "
 			     "it to a full exportable " "signature? (y/N) ")))

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi  |   25 ++++++++++--
 g10/cpr.c     |   10 ++++-
 g10/gpg.c     |   13 ++++++
 g10/keyedit.c |    4 +-
 g10/keygen.c  |  124 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 g10/main.h    |    4 ++
 g10/misc.c    |   14 +++++++
 7 files changed, 185 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 23 21:13:24 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 23 Jul 2014 21:13:24 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-11-gf2011e4
Message-ID: <E1XA1xP-0007Wq-L5@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  f2011e4622e708f6461a591c58ac95bc3b2befbe (commit)
       via  b3378b3a56fc90ba8ae38e6298b23a378305af32 (commit)
       via  a24510d53bb23e3a680ed2c306e576268c07060d (commit)
      from  ea186540db5b418bc6f6e5ca90337672c9981c88 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit f2011e4622e708f6461a591c58ac95bc3b2befbe
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 21:12:10 2014 +0200

    po: Update the German (de) translation
    
    --

diff --git a/po/de.po b/po/de.po
index 7cdca4a..4dc1f03 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg-2.1.0\n"
 "Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-06-27 20:13+0200\n"
+"PO-Revision-Date: 2014-07-23 21:11+0200\n"
 "Last-Translator: Werner Koch <wk at gnupg.org>\n"
 "Language-Team: German <de at li.org>\n"
 "Language: de\n"
@@ -231,44 +231,6 @@ msgstr "Diese trotzdem benutzen"
 
 #, c-format
 msgid ""
-"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
-"at least %u character long."
-msgid_plural ""
-"Warning: You have entered an insecure passphrase.%%0AA passphrase should be "
-"at least %u characters long."
-msgstr[0] ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben.  "
-"Eine Passphrase sollte%%0Amindestens %u Zeichen lang sein."
-msgstr[1] ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben.  "
-"Eine Passphrase sollte%%0Amindestens %u Zeichen lang sein."
-
-#, c-format
-msgid ""
-"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-"contain at least %u digit or%%0Aspecial character."
-msgid_plural ""
-"Warning: You have entered an insecure passphrase.%%0AA passphrase should "
-"contain at least %u digits or%%0Aspecial characters."
-msgstr[0] ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben.  "
-"Eine Passphrase sollte%%0Amindestens %u Sonderzeichen oder eine Ziffer "
-"enthalten."
-msgstr[1] ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben.  "
-"Eine Passphrase sollte%%0Amindestens %u Sonderzeichen oder Ziffern enthalten."
-
-#, c-format
-msgid ""
-"Warning: You have entered an insecure passphrase.%%0AA passphrase may not be "
-"a known term or match%%0Acertain pattern."
-msgstr ""
-"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben.  "
-"Eine Passphrase sollte kein%%0Abekanntes Wort sein oder nach bekannten "
-"Regeln aufgebaut sein."
-
-#, c-format
-msgid ""
 "You have not entered a passphrase!%0AAn empty passphrase is not allowed."
 msgstr ""
 "Sie haben keine Passphrase eingegeben!%0AEine leere Passphrase ist nicht "
@@ -287,6 +249,32 @@ msgid "Yes, protection is not needed"
 msgstr "Ja, ein Schutz ist nicht notwendig"
 
 #, c-format
+msgid "A passphrase should be at least %u character long."
+msgid_plural "A passphrase should be at least %u characters long."
+msgstr[0] "Eine Passphrase sollte mindestens %u Zeichen lang sein."
+msgstr[1] "Eine Passphrase sollte mindestens %u Zeichen lang sein."
+
+#, c-format
+msgid "A passphrase should contain at least %u digit or%%0Aspecial character."
+msgid_plural ""
+"A passphrase should contain at least %u digits or%%0Aspecial characters."
+msgstr[0] ""
+"Eine Passphrase sollte mindestens %u Sonderzeichen oder%%0Aeine Ziffer "
+"enthalten."
+msgstr[1] ""
+"Eine Passphrase sollte mindestens %u Sonderzeichen oder%%0AZiffern enthalten."
+
+#, c-format
+msgid "A passphrase may not be a known term or match%%0Acertain pattern."
+msgstr ""
+"Eine Passphrase sollte kein bekanntes Wort sein oder%%0Anach bekannten "
+"Regeln aufgebaut sein."
+
+msgid "Warning: You have entered an insecure passphrase."
+msgstr ""
+"WARNUNG:  Sie haben eine offensichtlich unsichere%%0APassphrase eingegeben."
+
+#, c-format
 msgid "Please enter the passphrase to%0Aprotect your new key"
 msgstr "Bitte geben Sie die Passphrase ein,%0Aum Ihren Schl?ssel zu sch?tzen."
 
@@ -671,10 +659,6 @@ msgstr "Ich werde sie sp?ter ?ndern"
 msgid "Delete key"
 msgstr "Schl?ssel l?schen"
 
-#, fuzzy
-#| msgid ""
-#| "Warning: This key is also listed for use with SSH!\n"
-#| "Deleting the key will may remove your ability to access remote machines."
 msgid ""
 "Warning: This key is also listed for use with SSH!\n"
 "Deleting the key might remove your ability to access remote machines."
@@ -1721,6 +1705,9 @@ msgstr "Liste der Schl?ssel und ihrer \"Fingerabdr?cke\""
 msgid "list secret keys"
 msgstr "Liste der geheimen Schl?ssel"
 
+msgid "quickly generate a new key pair"
+msgstr "Schnell ein neues Schl?sselpaar erzeugen"
+
 msgid "generate a new key pair"
 msgstr "Ein neues Schl?sselpaar erzeugen"
 
@@ -3900,6 +3887,33 @@ msgstr ""
 "unterst?tzen, indem Sie z.B. in einem anderen Fenster/Konsole irgendetwas\n"
 "tippen, die Maus verwenden oder irgendwelche anderen Programme benutzen.\n"
 
+#, c-format
+msgid "Key generation failed: %s\n"
+msgstr "Schl?sselerzeugung fehlgeschlagen: %s\n"
+
+#, c-format
+msgid ""
+"About to create a key for:\n"
+"    \"%s\"\n"
+"\n"
+msgstr ""
+"Erzeugung eines Schl?ssels f?r:\n"
+"    \"%s\"\n"
+"\n"
+
+msgid "Continue? (Y/n) "
+msgstr "Fortsetzen? (J/n) "
+
+#, c-format
+msgid "A key for \"%s\" already exists\n"
+msgstr "Ein Schl?ssel f?r \"%s\" existiert bereits\n"
+
+msgid "Create anyway? (y/N) "
+msgstr "Trotzdem erzeugen? (j/N) "
+
+msgid "creating anyway\n"
+msgstr "wird trotzdem erzeugt\n"
+
 msgid "Key generation canceled.\n"
 msgstr "Schl?sselerzeugung abgebrochen.\n"
 
@@ -3927,10 +3941,6 @@ msgstr ""
 "Unterschl?ssel f?r diesem Zweck erzeugen.\n"
 
 #, c-format
-msgid "Key generation failed: %s\n"
-msgstr "Schl?sselerzeugung fehlgeschlagen: %s\n"
-
-#, c-format
 msgid ""
 "key has been created %lu second in future (time warp or clock problem)\n"
 msgstr ""
@@ -4865,10 +4875,8 @@ msgstr "Widerrufzertifikat erzeugt.\n"
 msgid "no revocation keys found for \"%s\"\n"
 msgstr "keine Widerrufsschl?ssel f?r \"%s\" gefunden\n"
 
-#, fuzzy
-#| msgid "Create a revocation certificate for this key? (y/N) "
 msgid "This is a revocation certificate for the OpenPGP key:"
-msgstr "Ein Widerrufszertifikat f?r diesen Schl?ssel erzeugen? (j/N) "
+msgstr "Dies ist ein Widerrufszertifikat f?r den OpenPGP Schl?ssel:"
 
 msgid ""
 "Use it to revoke this key in case of a compromise or loss of\n"
@@ -4876,12 +4884,21 @@ msgid ""
 "it is better to generate a new revocation certificate and give\n"
 "a reason for the revocation."
 msgstr ""
+"Benutzen Sie es, um einen Schl?ssel zu widerrufen, falls der private\n"
+"Schl?ssel verloren wurde oder kompromittiert ist.  Falls jedoch auf\n"
+"den privaten Schl?ssel noch zugegriffen werden kann, so ist es besser,\n"
+"ein neues Widerrufszertifikat zu erzeugen, um den Grund des Widerrufs\n"
+"mit angeben zu k?nnen."
 
 msgid ""
 "To avoid an accidental use of this file, a colon has been inserted\n"
 "before the 5 dashes below.  Remove this colon with a text editor\n"
 "before making use of this revocation certificate."
 msgstr ""
+"Um eine versehentliche Aktivierung des Widerrufszertifikats zu\n"
+"vermeiden, wurde ein Doppelpunkt direkt vor den 5 Spiegelstrichen\n"
+"unten eingef?gt.  Vor dem Import dieses Widerrufszertifikats\n"
+"entfernen Sie bitte dieses Doppelpunkt mittels eines Texteditors."
 
 #, c-format
 msgid "secret key \"%s\" not found: %s\n"

commit b3378b3a56fc90ba8ae38e6298b23a378305af32
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 19:51:52 2014 +0200

    agent: Show just one warning with all failed passphrase constraints.
    
    * agent/genkey.c (check_passphrase_constraints): Build a final warning
    after all checks.

diff --git a/agent/genkey.c b/agent/genkey.c
index 59c0c0d..9918c12 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -179,9 +179,12 @@ take_this_one_anyway (ctrl_t ctrl, const char *desc)
 int
 check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
 {
-  gpg_error_t err;
+  gpg_error_t err = 0;
   unsigned int minlen = opt.min_passphrase_len;
   unsigned int minnonalpha = opt.min_passphrase_nonalpha;
+  char *msg1 = NULL;
+  char *msg2 = NULL;
+  char *msg3 = NULL;
 
   if (!pw)
     pw = "";
@@ -200,52 +203,51 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
       if (silent)
         return gpg_error (GPG_ERR_INV_PASSPHRASE);
 
-      return take_this_one_anyway2 (ctrl, desc,
+      err = take_this_one_anyway2 (ctrl, desc,
                                    _("Yes, protection is not needed"));
+      goto leave;
     }
 
+  /* Now check the constraints and collect the error messages unless
+     in in silent mode which returns immediately.  */
   if (utf8_charcount (pw) < minlen )
     {
-      char *desc;
-
       if (silent)
-        return gpg_error (GPG_ERR_INV_PASSPHRASE);
+        {
+          err = gpg_error (GPG_ERR_INV_PASSPHRASE);
+          goto leave;
+        }
 
-      desc = xtryasprintf
-        ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
-                    "A passphrase should be at least %u character long.",
-                    "Warning: You have entered an insecure passphrase.%%0A"
+      msg1 = xtryasprintf
+        ( ngettext ("A passphrase should be at least %u character long.",
                     "A passphrase should be at least %u characters long.",
                     minlen), minlen );
-      if (!desc)
-        return gpg_error_from_syserror ();
-      err = take_this_one_anyway (ctrl, desc);
-      xfree (desc);
-      if (err)
-        return err;
+      if (!msg1)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
     }
 
   if (nonalpha_count (pw) < minnonalpha )
     {
-      char *desc;
-
       if (silent)
-        return gpg_error (GPG_ERR_INV_PASSPHRASE);
+        {
+          err = gpg_error (GPG_ERR_INV_PASSPHRASE);
+          goto leave;
+        }
 
-      desc = xtryasprintf
-        ( ngettext ("Warning: You have entered an insecure passphrase.%%0A"
-                    "A passphrase should contain at least %u digit or%%0A"
+      msg2 = xtryasprintf
+        ( ngettext ("A passphrase should contain at least %u digit or%%0A"
                     "special character.",
-                    "Warning: You have entered an insecure passphrase.%%0A"
                     "A passphrase should contain at least %u digits or%%0A"
                     "special characters.",
                     minnonalpha), minnonalpha );
-      if (!desc)
-        return gpg_error_from_syserror ();
-      err = take_this_one_anyway (ctrl, desc);
-      xfree (desc);
-      if (err)
-        return err;
+      if (!msg2)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
     }
 
   /* If configured check the passphrase against a list of known words
@@ -255,20 +257,54 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
   if (*pw && opt.check_passphrase_pattern &&
       check_passphrase_pattern (ctrl, pw))
     {
-      const char *desc =
-        /* */     _("Warning: You have entered an insecure passphrase.%%0A"
-                    "A passphrase may not be a known term or match%%0A"
-                    "certain pattern.");
-
       if (silent)
-        return gpg_error (GPG_ERR_INV_PASSPHRASE);
+        {
+          err = gpg_error (GPG_ERR_INV_PASSPHRASE);
+          goto leave;
+        }
 
-      err = take_this_one_anyway (ctrl, desc);
-      if (err)
-        return err;
+      msg3 = xtryasprintf
+        (_("A passphrase may not be a known term or match%%0A"
+           "certain pattern."));
+      if (!msg3)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
     }
 
-  return 0;
+  if (msg1 || msg2 || msg3)
+    {
+      char *msg;
+      size_t n;
+
+      msg = strconcat
+        (_("Warning: You have entered an insecure passphrase."),
+         "%0A%0A",
+         msg1? msg1 : "", msg1? "%0A" : "",
+         msg2? msg2 : "", msg2? "%0A" : "",
+         msg3? msg3 : "", msg3? "%0A" : "",
+         NULL);
+      if (!msg)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      /* Strip a trailing "%0A".  */
+      n = strlen (msg);
+      if (n > 3 && !strcmp (msg + n - 3, "%0A"))
+        msg[n-3] = 0;
+
+      /* Show error messages.  */
+      err = take_this_one_anyway (ctrl, msg);
+      xfree (msg);
+    }
+
+ leave:
+  xfree (msg1);
+  xfree (msg2);
+  xfree (msg3);
+  return err;
 }
 
 

commit a24510d53bb23e3a680ed2c306e576268c07060d
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 23 19:16:51 2014 +0200

    agent: Only one confirmation prompt for an empty passphrase.
    
    * agent/genkey.c (check_passphrase_constraints): Moev empty passphrase
    check to the front.

diff --git a/agent/genkey.c b/agent/genkey.c
index c040f13..59c0c0d 100644
--- a/agent/genkey.c
+++ b/agent/genkey.c
@@ -186,6 +186,24 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
   if (!pw)
     pw = "";
 
+  /* The first check is to warn about an empty passphrase. */
+  if (!*pw)
+    {
+      const char *desc = (opt.enforce_passphrase_constraints?
+                          _("You have not entered a passphrase!%0A"
+                            "An empty passphrase is not allowed.") :
+                          _("You have not entered a passphrase - "
+                            "this is in general a bad idea!%0A"
+                            "Please confirm that you do not want to "
+                            "have any protection on your key."));
+
+      if (silent)
+        return gpg_error (GPG_ERR_INV_PASSPHRASE);
+
+      return take_this_one_anyway2 (ctrl, desc,
+                                   _("Yes, protection is not needed"));
+    }
+
   if (utf8_charcount (pw) < minlen )
     {
       char *desc;
@@ -230,7 +248,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
         return err;
     }
 
-  /* If configured check the passphrase against a list of know words
+  /* If configured check the passphrase against a list of known words
      and pattern.  The actual test is done by an external program.
      The warning message is generic to give the user no hint on how to
      circumvent this list.  */
@@ -250,26 +268,6 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent)
         return err;
     }
 
-  /* The final check is to warn about an empty passphrase. */
-  if (!*pw)
-    {
-      const char *desc = (opt.enforce_passphrase_constraints?
-                          _("You have not entered a passphrase!%0A"
-                            "An empty passphrase is not allowed.") :
-                          _("You have not entered a passphrase - "
-                            "this is in general a bad idea!%0A"
-                            "Please confirm that you do not want to "
-                            "have any protection on your key."));
-
-      if (silent)
-        return gpg_error (GPG_ERR_INV_PASSPHRASE);
-
-      err = take_this_one_anyway2 (ctrl, desc,
-                                   _("Yes, protection is not needed"));
-      if (err)
-        return err;
-    }
-
   return 0;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 agent/genkey.c |  142 +++++++++++++++++++++++++++++++++++---------------------
 po/de.po       |  117 ++++++++++++++++++++++++++--------------------
 2 files changed, 155 insertions(+), 104 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Thu Jul 24 10:57:04 2014
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 24 Jul 2014 10:57:04 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-3-g5fd4e57
Message-ID: <E1XAEoV-0007uh-Et@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  5fd4e5723a8a25576b87c35b228ea596e1dee554 (commit)
      from  d48a6f0a26fd03b760791332a17b12fd7a6110c1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5fd4e5723a8a25576b87c35b228ea596e1dee554
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Thu Jul 24 10:41:08 2014 +0200

    Fix sender lookup by also using get_pa_string
    
        * src/oomhelp.cpp (get_pa_string): Add debug output.
        (get_oom_recipients): Remove now redundant debug output.
        * src/oomhelp.h (get_pa_string): Declare.
        * src/ribbon-callbacks.cpp (do_composer_action, do_reader_action)
        (attachEncryptedFile): Use get_pa_string to obtain sender.
        * NEWS: Update accordingly

diff --git a/NEWS b/NEWS
index 2b9e3a1..1ac9208 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,8 @@
 Noteworthy changes for version 1.2.1 (unreleased)
 =================================================
 
- * Fixed recipient lookup problems when using exchange or active
- directory.
+ * Fixed recipient / sender lookup problems when using exchange or
+ active directory.
 
 Noteworthy changes for version 1.2.0 (2013-08-19)
 =================================================
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index 0ac567d..ccc389b 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -807,6 +807,9 @@ get_pa_string (LPDISPATCH pDisp, const char *property)
   unsigned int argErr = 0;
   char *result = NULL;
 
+  log_debug ("%s:%s: Looking up property: %s;",
+             SRCNAME, __func__, property);
+
   propertyAccessor = get_oom_object (pDisp, "PropertyAccessor");
   if (!propertyAccessor)
     {
@@ -858,6 +861,8 @@ get_pa_string (LPDISPATCH pDisp, const char *property)
   RELDISP (propertyAccessor);
   VariantClear (&rVariant);
 
+  log_debug ("%s:%s: Lookup result: %s;",
+             SRCNAME, __func__, result);
   return result;
 }
 
@@ -897,15 +902,11 @@ get_oom_recipients (LPDISPATCH recipients)
           char *address,
                *resolved;
           address = get_oom_string (recipient, "Address");
-          log_debug ("%s:%s: Looking up smtp address for %s;",
-                     SRCNAME, __func__, address);
           resolved = get_pa_string (recipient, PR_SMTP_ADDRESS);
           if (resolved)
             {
               xfree (address);
               recipientAddrs[i-1] = resolved;
-              log_debug ("%s:%s: Resolved address is %s;",
-                         SRCNAME, __func__, resolved);
               continue;
             }
           log_debug ("%s:%s: Failed to look up SMTP Address;",
diff --git a/src/oomhelp.h b/src/oomhelp.h
index 1919973..5c11797 100644
--- a/src/oomhelp.h
+++ b/src/oomhelp.h
@@ -131,6 +131,10 @@ char ** get_oom_recipients (LPDISPATCH recipients);
 int
 add_oom_attachment (LPDISPATCH disp, wchar_t* inFile);
 
+/* Look up a string with the propertyAccessor interface */
+char *
+get_pa_string (LPDISPATCH pDisp, const char *property);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 987e46d..e9b7e27 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -294,7 +294,7 @@ do_composer_action (LPDISPATCH ctrl, int flags)
   engine_set_session_number (filter, session_number);
   engine_set_session_title (filter, _("GpgOL"));
 
-  senderAddr = get_oom_string (sender, "Address");
+  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
 
   if (flags & OP_ENCRYPT)
     {
@@ -691,7 +691,7 @@ do_reader_action (LPDISPATCH ctrl, int flags)
       /* If the message has not been sent we might be composing
          in this case use the current address */
       LPDISPATCH sender = get_oom_object (mailItem, "Session.CurrentUser");
-      senderAddr = get_oom_string (sender, "Address");
+      senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
       RELDISP (sender);
     }
 
@@ -1052,7 +1052,7 @@ attachEncryptedFile (LPDISPATCH ctrl, int flags)
       goto failure;
     }
 
-  senderAddr = get_oom_string (sender, "Address");
+  senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
 
   curWindow = get_oom_context_window (context);
 

-----------------------------------------------------------------------

Summary of changes:
 NEWS                     |    4 ++--
 src/oomhelp.cpp          |    9 +++++----
 src/oomhelp.h            |    4 ++++
 src/ribbon-callbacks.cpp |    6 +++---
 4 files changed, 14 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Jul 25 08:21:37 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 25 Jul 2014 08:21:37 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-98-g4556f9b
Message-ID: <E1XAYrb-0007YG-Iy@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  4556f9b19c024f16bdf542da7173395c0741b91d (commit)
       via  0e10902ad7584277ac966367efc712b183784532 (commit)
       via  4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab (commit)
      from  4846e52728970e3117f3a046ef9010be089a3ae4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 4556f9b19c024f16bdf542da7173395c0741b91d
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 12:30:32 2014 +0200

    ecc: Support the non-standard 0x40 compression flag for EdDSA.
    
    * cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
    * cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
    (_gcry_ecc_eddsa_encodepoint): Ditto.
    (_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
    (_gcry_ecc_eddsa_decodepoint): Ditto.
    * tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
    * tests/t-ed25519.inp: Ditto.

diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h
index c407c74..f066b4b 100644
--- a/cipher/ecc-common.h
+++ b/cipher/ecc-common.h
@@ -107,6 +107,7 @@ gpg_err_code_t _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign,
                                           mpi_ec_t ec);
 gpg_err_code_t _gcry_ecc_eddsa_encodepoint (mpi_point_t point, mpi_ec_t ctx,
                                             gcry_mpi_t x, gcry_mpi_t y,
+                                            int with_prefix,
                                             unsigned char **r_buffer,
                                             unsigned int *r_buflen);
 gpg_err_code_t _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value,
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 0f622f7..cd85361 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -1146,7 +1146,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
           unsigned char *encpk;
           unsigned int encpklen;
 
-          if (!_gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL,
+          if (!_gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0,
                                             &encpk, &encpklen))
             return mpi_set_opaque (NULL, encpk, encpklen*8);
         }
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c
index d08a84f..65024a3 100644
--- a/cipher/ecc-eddsa.c
+++ b/cipher/ecc-eddsa.c
@@ -1,5 +1,5 @@
 /* ecc-eddsa.c  -  Elliptic Curve EdDSA signatures
- * Copyright (C) 2013 g10 Code GmbH
+ * Copyright (C) 2013, 2014 g10 Code GmbH
  *
  * This file is part of Libgcrypt.
  *
@@ -83,35 +83,42 @@ eddsa_encodempi (gcry_mpi_t mpi, unsigned int minlen,
 
 
 /* Encode (X,Y) using the EdDSA scheme.  MINLEN is the required length
-   in bytes for the result.  On success 0 is returned and a malloced
-   buffer with the encoded point is stored at R_BUFFER; the length of
-   this buffer is stored at R_BUFLEN.  */
+   in bytes for the result.  If WITH_PREFIX is set the returned buffer
+   is prefixed with a 0x40 byte.  On success 0 is returned and a
+   malloced buffer with the encoded point is stored at R_BUFFER; the
+   length of this buffer is stored at R_BUFLEN.  */
 static gpg_err_code_t
 eddsa_encode_x_y (gcry_mpi_t x, gcry_mpi_t y, unsigned int minlen,
+                  int with_prefix,
                   unsigned char **r_buffer, unsigned int *r_buflen)
 {
   unsigned char *rawmpi;
   unsigned int rawmpilen;
+  int off = with_prefix? 1:0;
 
-  rawmpi = _gcry_mpi_get_buffer (y, minlen, &rawmpilen, NULL);
+  rawmpi = _gcry_mpi_get_buffer_extra (y, minlen, off?-1:0, &rawmpilen, NULL);
   if (!rawmpi)
     return gpg_err_code_from_syserror ();
   if (mpi_test_bit (x, 0) && rawmpilen)
-    rawmpi[rawmpilen - 1] |= 0x80;  /* Set sign bit.  */
+    rawmpi[off + rawmpilen - 1] |= 0x80;  /* Set sign bit.  */
+  if (off)
+    rawmpi[0] = 0x40;
 
   *r_buffer = rawmpi;
-  *r_buflen = rawmpilen;
+  *r_buflen = rawmpilen + off;
   return 0;
 }
 
 /* Encode POINT using the EdDSA scheme.  X and Y are either scratch
    variables supplied by the caller or NULL.  CTX is the usual
-   context.  On success 0 is returned and a malloced buffer with the
-   encoded point is stored at R_BUFFER; the length of this buffer is
-   stored at R_BUFLEN.  */
+   context.  If WITH_PREFIX is set the returned buffer is prefixed
+   with a 0x40 byte.  On success 0 is returned and a malloced buffer
+   with the encoded point is stored at R_BUFFER; the length of this
+   buffer is stored at R_BUFLEN.  */
 gpg_err_code_t
 _gcry_ecc_eddsa_encodepoint (mpi_point_t point, mpi_ec_t ec,
                              gcry_mpi_t x_in, gcry_mpi_t y_in,
+                             int with_prefix,
                              unsigned char **r_buffer, unsigned int *r_buflen)
 {
   gpg_err_code_t rc;
@@ -126,7 +133,7 @@ _gcry_ecc_eddsa_encodepoint (mpi_point_t point, mpi_ec_t ec,
       rc = GPG_ERR_INTERNAL;
     }
   else
-    rc = eddsa_encode_x_y (x, y, ec->nbits/8, r_buffer, r_buflen);
+    rc = eddsa_encode_x_y (x, y, ec->nbits/8, with_prefix, r_buffer, r_buflen);
 
   if (!x_in)
     mpi_free (x);
@@ -155,29 +162,40 @@ _gcry_ecc_eddsa_ensure_compact (gcry_mpi_t value, unsigned int nbits)
     return GPG_ERR_INV_OBJ;
   rawmpilen = (rawmpilen + 7)/8;
 
-  /* Check whether the public key has been given in standard
-     uncompressed format.  In this case extract y and compress.  */
-  if (rawmpilen > 1 && buf[0] == 0x04 && (rawmpilen%2))
+  if (rawmpilen > 1 && (rawmpilen%2))
     {
-      rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD,
-                           buf+1, (rawmpilen-1)/2, NULL);
-      if (rc)
-        return rc;
-      rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD,
-                           buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL);
-      if (rc)
+      if (buf[0] == 0x04)
         {
-          mpi_free (x);
-          return rc;
-        }
+          /* Buffer is in SEC1 uncompressed format.  Extract y and
+             compress.  */
+          rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD,
+                               buf+1, (rawmpilen-1)/2, NULL);
+          if (rc)
+            return rc;
+          rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD,
+                               buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL);
+          if (rc)
+            {
+              mpi_free (x);
+              return rc;
+            }
 
-      rc = eddsa_encode_x_y (x, y, nbits/8, &enc, &enclen);
-      mpi_free (x);
-      mpi_free (y);
-      if (rc)
-        return rc;
+          rc = eddsa_encode_x_y (x, y, nbits/8, 0, &enc, &enclen);
+          mpi_free (x);
+          mpi_free (y);
+          if (rc)
+            return rc;
 
-      mpi_set_opaque (value, enc, 8*enclen);
+          mpi_set_opaque (value, enc, 8*enclen);
+        }
+      else if (buf[0] == 0x40)
+        {
+          /* Buffer is compressed but with our SEC1 alike compression
+             indicator.  Remove that byte.  FIXME: We should write and
+             use a function to manipulate an opaque MPI in place. */
+          if (!_gcry_mpi_set_opaque_copy (value, buf + 1, (rawmpilen - 1)*8))
+            return gpg_err_code_from_syserror ();
+        }
     }
 
   return 0;
@@ -267,7 +285,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec)
    the usual curve context.  If R_ENCPK is not NULL, the encoded PK is
    stored at that address; this is a new copy to be released by the
    caller.  In contrast to the supplied PK, this is not an MPI and
-   thus guarnateed to be properly padded.  R_ENCPKLEN receives the
+   thus guaranteed to be properly padded.  R_ENCPKLEN receives the
    length of that encoded key.  */
 gpg_err_code_t
 _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result,
@@ -287,40 +305,54 @@ _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result,
         return GPG_ERR_INV_OBJ;
       rawmpilen = (rawmpilen + 7)/8;
 
-      /* First check whether the public key has been given in standard
-         uncompressed format.  No need to recover x in this case.
-         Detection is easy: The size of the buffer will be odd and the
-         first byte be 0x04.  */
-      if (rawmpilen > 1 && buf[0] == 0x04 && (rawmpilen%2))
+      /* Handle compression prefixes.  The size of the buffer will be
+         odd in this case.  */
+      if (rawmpilen > 1 && (rawmpilen%2))
         {
-          gcry_mpi_t x, y;
-
-          rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD,
-                               buf+1, (rawmpilen-1)/2, NULL);
-          if (rc)
-            return rc;
-          rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD,
-                               buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2, NULL);
-          if (rc)
+          /* First check whether the public key has been given in
+             standard uncompressed format (SEC1).  No need to recover
+             x in this case.  */
+          if (buf[0] == 0x04)
             {
-              mpi_free (x);
-              return rc;
-            }
+              gcry_mpi_t x, y;
 
-          if (r_encpk)
-            {
-              rc = eddsa_encode_x_y (x, y, ctx->nbits/8, r_encpk, r_encpklen);
+              rc = _gcry_mpi_scan (&x, GCRYMPI_FMT_STD,
+                                   buf+1, (rawmpilen-1)/2, NULL);
+              if (rc)
+                return rc;
+              rc = _gcry_mpi_scan (&y, GCRYMPI_FMT_STD,
+                                   buf+1+(rawmpilen-1)/2, (rawmpilen-1)/2,NULL);
               if (rc)
                 {
                   mpi_free (x);
-                  mpi_free (y);
                   return rc;
                 }
+
+              if (r_encpk)
+                {
+                  rc = eddsa_encode_x_y (x, y, ctx->nbits/8, 0,
+                                         r_encpk, r_encpklen);
+                  if (rc)
+                    {
+                      mpi_free (x);
+                      mpi_free (y);
+                      return rc;
+                    }
+                }
+              mpi_snatch (result->x, x);
+              mpi_snatch (result->y, y);
+              mpi_set_ui (result->z, 1);
+              return 0;
+            }
+
+          /* Check whether the public key has been prefixed with a 0x40
+             byte to explicitly indicate compressed format using a SEC1
+             alike prefix byte.  This is a Libgcrypt extension.  */
+          if (buf[0] == 0x40)
+            {
+              rawmpilen--;
+              buf++;
             }
-          mpi_snatch (result->x, x);
-          mpi_snatch (result->y, y);
-          mpi_set_ui (result->z, 1);
-          return 0;
         }
 
       /* EdDSA compressed point.  */
@@ -334,7 +366,7 @@ _gcry_ecc_eddsa_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result,
     {
       /* Note: Without using an opaque MPI it is not reliable possible
          to find out whether the public key has been given in
-         uncompressed format.  Thus we expect EdDSA format here.  */
+         uncompressed format.  Thus we expect native EdDSA format.  */
       rawmpi = _gcry_mpi_get_buffer (pk, ctx->nbits/8, &rawmpilen, NULL);
       if (!rawmpi)
         return gpg_err_code_from_syserror ();
@@ -582,7 +614,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
   else
     {
       _gcry_mpi_ec_mul_point (&Q, a, &skey->E.G, ctx);
-      rc = _gcry_ecc_eddsa_encodepoint (&Q, ctx, x, y, &encpk, &encpklen);
+      rc = _gcry_ecc_eddsa_encodepoint (&Q, ctx, x, y, 0, &encpk, &encpklen);
       if (rc)
         goto leave;
       if (DBG_CIPHER)
@@ -612,7 +644,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
     log_printpnt ("   r", &I, ctx);
 
   /* Convert R into affine coordinates and apply encoding.  */
-  rc = _gcry_ecc_eddsa_encodepoint (&I, ctx, x, y, &rawmpi, &rawmpilen);
+  rc = _gcry_ecc_eddsa_encodepoint (&I, ctx, x, y, 0, &rawmpi, &rawmpilen);
   if (rc)
     goto leave;
   if (DBG_CIPHER)
@@ -784,7 +816,7 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
   _gcry_mpi_ec_mul_point (&Ib, h, &Q, ctx);
   _gcry_mpi_neg (Ib.x, Ib.x);
   _gcry_mpi_ec_add_points (&Ia, &Ia, &Ib, ctx);
-  rc = _gcry_ecc_eddsa_encodepoint (&Ia, ctx, s, h, &tbuf, &tlen);
+  rc = _gcry_ecc_eddsa_encodepoint (&Ia, ctx, s, h, 0, &tbuf, &tlen);
   if (rc)
     goto leave;
   if (tlen != rlen || memcmp (tbuf, rbuf, tlen))
diff --git a/cipher/ecc.c b/cipher/ecc.c
index e0be2d4..a27d2c6 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -35,15 +35,12 @@
   verification algorithms.  The arithmetic functions have entirely
   been rewritten and moved to mpi/ec.c.
 
-  ECDH encrypt and decrypt code written by Andrey Jivsov,
+  ECDH encrypt and decrypt code written by Andrey Jivsov.
 */
 
 
 /* TODO:
 
-  - If we support point compression we need to uncompress before
-    computing the keygrip
-
   - In mpi/ec.c we use mpi_powm for x^2 mod p: Either implement a
     special case in mpi_powm or check whether mpi_mulm is faster.
 
@@ -487,7 +484,9 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       unsigned char *encpk;
       unsigned int encpklen;
 
-      rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, x, y, &encpk, &encpklen);
+      rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, x, y,
+                                        !!(flags & PUBKEY_FLAG_COMP),
+                                        &encpk, &encpklen);
       if (rc)
         return rc;
       public = mpi_new (0);
@@ -1653,7 +1652,7 @@ _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode, mpi_ec_t ec)
       unsigned char *encpk;
       unsigned int encpklen;
 
-      rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL,
+      rc = _gcry_ecc_eddsa_encodepoint (ec->Q, ec, NULL, NULL, 0,
                                         &encpk, &encpklen);
       if (rc)
         goto leave;
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index d59c095..23efc52 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2162,7 +2162,9 @@ The private key @math{d}
 All point values are encoded in standard format; Libgcrypt does in
 general only support uncompressed points, thus the first byte needs to
 be @code{0x04}.  However ``EdDSA'' describes its own compression
-scheme which is used by default.
+scheme which is used by default; the non-standard first byte
+ at code{0x40} may optionally be used to explicit flag the use of the
+algorithm?s native compression method.
 
 The public key is similar with "private-key" replaced by "public-key"
 and no @var{d-mpi}.
@@ -2232,9 +2234,11 @@ are known:
 If supported by the algorithm and curve the @code{comp} flag requests
 that points are returned in compact (compressed) representation.  The
 @code{nocomp} flag requests that points are returned with full
-coordinates.  The default depends on the the algorithm and curve.
-The compact representation requires a small overhead before a point
-can be used but halves the size of a to be conveyed public key.
+coordinates.  The default depends on the the algorithm and curve.  The
+compact representation requires a small overhead before a point can be
+used but halves the size of a to be conveyed public key.  If
+ at code{comp} is used with the ``EdDSA'' algorithm the key generation
+prefix the public key with a @code{0x40} byte.
 
 @item pkcs1
 @cindex PKCS1
diff --git a/tests/keygrip.c b/tests/keygrip.c
index 330935d..72960ea 100644
--- a/tests/keygrip.c
+++ b/tests/keygrip.c
@@ -175,6 +175,17 @@ static struct
       "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
       "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
     },
+    { /* Ed25519+EdDSA (with compression prefix) */
+      GCRY_PK_ECC,
+      "(public-key"
+      " (ecc"
+      " (curve Ed25519)(flags eddsa)"
+      " (q #40"
+      "     773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
+      " ))",
+      "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
+      "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
+    },
     { /* Ed25519+EdDSA  (same but uncompressed)*/
       GCRY_PK_ECC,
       "(public-key"
diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c
index 465a217..b7f3307 100644
--- a/tests/t-ed25519.c
+++ b/tests/t-ed25519.c
@@ -32,7 +32,7 @@
 #include "stopwatch.h"
 
 #define PGM "t-ed25519"
-#define N_TESTS 1025
+#define N_TESTS 1026
 
 #define my_isascii(c) (!((c) & 0x80))
 #define digitp(p)   (*(p) >= '0' && *(p) <= '9')
diff --git a/tests/t-ed25519.inp b/tests/t-ed25519.inp
index 61387c4..e13566f 100644
--- a/tests/t-ed25519.inp
+++ b/tests/t-ed25519.inp
@@ -6162,3 +6162,11 @@ SK:  9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
 PK:  0455d0e09a2b9d34292297e08d60d0f620c513d47253187c24b12786bd777645ce1a5107f7681a02af2523a6daf372e10e3a0764c9d3fe4bd5b70ab18201985ad7
 MSG:
 SIG: e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b
+
+# Now an additional test with the data from test 1 but using an
+# compressed prefix.
+TST: 1
+SK:  9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60
+PK:  40d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a
+MSG:
+SIG: e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b

commit 0e10902ad7584277ac966367efc712b183784532
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    mpi: Extend the internal mpi_get_buffer.
    
    * mpi/mpicoder.c (do_get_buffer): Add arg EXTRAALLOC.
    (_gcry_mpi_get_buffer_extra): New.

diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index 58a4240..896dda1 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -1,7 +1,7 @@
 /* mpicoder.c  -  Coder for the external representation of MPIs
  * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003
  *               2008 Free Software Foundation, Inc.
- * Copyright (C) 2013 g10 Code GmbH
+ * Copyright (C) 2013, 2014 g10 Code GmbH
  *
  * This file is part of Libgcrypt.
  *
@@ -181,19 +181,27 @@ mpi_fromstr (gcry_mpi_t val, const char *str)
    returned value is stored as little endian and right padded with
    zeroes so that the returned buffer has at least FILL_LE bytes.
 
+   If EXTRAALLOC > 0 the returned buffer has these number of bytes
+   extra allocated at the end; if EXTRAALLOC < 0 the returned buffer
+   has the absolute value of EXTRAALLOC allocated at the begin of the
+   buffer (the are not initialized) and the MPI is stored right after
+   this.  This feature is useful to allow the caller to prefix the
+   returned value.  EXTRAALLOC is _not_ included in the value stored
+   at NBYTES.
+
    Caller must free the return string.  This function returns an
    allocated buffer with NBYTES set to zero if the value of A is zero.
    If sign is not NULL, it will be set to the sign of the A.  On error
    NULL is returned and ERRNO set appropriately.  */
 static unsigned char *
-do_get_buffer (gcry_mpi_t a, unsigned int fill_le,
+do_get_buffer (gcry_mpi_t a, unsigned int fill_le, int extraalloc,
                unsigned int *nbytes, int *sign, int force_secure)
 {
-  unsigned char *p, *buffer;
+  unsigned char *p, *buffer, *retbuffer;
   unsigned int length, tmp;
   mpi_limb_t alimb;
   int i;
-  size_t n;
+  size_t n, n2;
 
   if (sign)
     *sign = a->sign;
@@ -202,10 +210,20 @@ do_get_buffer (gcry_mpi_t a, unsigned int fill_le,
   n = *nbytes? *nbytes:1; /* Allocate at least one byte.  */
   if (n < fill_le)
     n = fill_le;
-  p = buffer = (force_secure || mpi_is_secure(a))? xtrymalloc_secure (n)
-						 : xtrymalloc (n);
-  if (!buffer)
+  if (extraalloc < 0)
+    n2 = n + -extraalloc;
+  else
+    n2 = n + extraalloc;
+
+  retbuffer = (force_secure || mpi_is_secure(a))? xtrymalloc_secure (n2)
+                                                : xtrymalloc (n2);
+  if (!retbuffer)
     return NULL;
+  if (extraalloc < 0)
+    buffer = retbuffer + -extraalloc;
+  else
+    buffer = retbuffer;
+  p = buffer;
 
   for (i=a->nlimbs-1; i >= 0; i--)
     {
@@ -244,7 +262,7 @@ do_get_buffer (gcry_mpi_t a, unsigned int fill_le,
         *p++ = 0;
       *nbytes = length;
 
-      return buffer;
+      return retbuffer;
     }
 
   /* This is sub-optimal but we need to do the shift operation because
@@ -252,8 +270,8 @@ do_get_buffer (gcry_mpi_t a, unsigned int fill_le,
   for (p=buffer; *nbytes && !*p; p++, --*nbytes)
     ;
   if (p != buffer)
-    memmove (buffer,p, *nbytes);
-  return buffer;
+    memmove (buffer, p, *nbytes);
+  return retbuffer;
 }
 
 
@@ -261,14 +279,21 @@ byte *
 _gcry_mpi_get_buffer (gcry_mpi_t a, unsigned int fill_le,
                       unsigned int *r_nbytes, int *sign)
 {
-  return do_get_buffer (a, fill_le, r_nbytes, sign, 0);
+  return do_get_buffer (a, fill_le, 0, r_nbytes, sign, 0);
+}
+
+byte *
+_gcry_mpi_get_buffer_extra (gcry_mpi_t a, unsigned int fill_le, int extraalloc,
+                            unsigned int *r_nbytes, int *sign)
+{
+  return do_get_buffer (a, fill_le, extraalloc, r_nbytes, sign, 0);
 }
 
 byte *
 _gcry_mpi_get_secure_buffer (gcry_mpi_t a, unsigned int fill_le,
                              unsigned int *r_nbytes, int *sign)
 {
-  return do_get_buffer (a, fill_le, r_nbytes, sign, 1);
+  return do_get_buffer (a, fill_le, 0, r_nbytes, sign, 1);
 }
 
 
diff --git a/src/mpi.h b/src/mpi.h
index 2479560..7407b7f 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -158,6 +158,9 @@ void  _gcry_log_mpidump( const char *text, gcry_mpi_t a );
 u32   _gcry_mpi_get_keyid( gcry_mpi_t a, u32 *keyid );
 byte *_gcry_mpi_get_buffer (gcry_mpi_t a, unsigned int fill_le,
                             unsigned int *r_nbytes, int *sign);
+byte *_gcry_mpi_get_buffer_extra (gcry_mpi_t a, unsigned int fill_le,
+                                  int extraalloc,
+                                  unsigned int *r_nbytes, int *sign);
 byte *_gcry_mpi_get_secure_buffer (gcry_mpi_t a, unsigned int fill_le,
                                    unsigned *r_nbytes, int *sign);
 void  _gcry_mpi_set_buffer ( gcry_mpi_t a, const void *buffer,

commit 4e0bf1b9190ce08fb23eb3ae0c3be58954ff36ab
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 11:12:37 2014 +0200

    cipher: Fix compiler warning for chacha20.
    
    * cipher/chacha20.c (chacha20_blocks) [!USE_SSE2]: Do not build.

diff --git a/cipher/chacha20.c b/cipher/chacha20.c
index 03416d4..ebba2fc 100644
--- a/cipher/chacha20.c
+++ b/cipher/chacha20.c
@@ -121,6 +121,8 @@ static const char *selftest (void);
 #define QOUT(ai, bi, ci, di) \
   DO_OUT(ai); DO_OUT(bi); DO_OUT(ci); DO_OUT(di)
 
+
+#ifndef USE_SSE2
 static unsigned int
 chacha20_blocks (u32 *state, const byte *src, byte *dst, size_t bytes)
 {
@@ -240,6 +242,7 @@ chacha20_blocks (u32 *state, const byte *src, byte *dst, size_t bytes)
   /* burn_stack */
   return (2 * CHACHA20_INPUT_LENGTH * sizeof(u32) + 6 * sizeof(void *));
 }
+#endif /*!USE_SSE2*/
 
 #undef QROUND
 #undef QOUT

-----------------------------------------------------------------------

Summary of changes:
 cipher/chacha20.c   |    3 +
 cipher/ecc-common.h |    1 +
 cipher/ecc-curves.c |    2 +-
 cipher/ecc-eddsa.c  |  152 +++++++++++++++++++++++++++++++--------------------
 cipher/ecc.c        |   11 ++--
 doc/gcrypt.texi     |   12 ++--
 mpi/mpicoder.c      |   49 +++++++++++++----
 src/mpi.h           |    3 +
 tests/keygrip.c     |   11 ++++
 tests/t-ed25519.c   |    2 +-
 tests/t-ed25519.inp |    8 +++
 11 files changed, 170 insertions(+), 84 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Jul 25 08:25:07 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 25 Jul 2014 08:25:07 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-12-g557cc11
Message-ID: <E1XAYuz-0007hL-L2@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  557cc11a605dd280d03c52d8b546deed8c4c714d (commit)
      from  f2011e4622e708f6461a591c58ac95bc3b2befbe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 557cc11a605dd280d03c52d8b546deed8c4c714d
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    gpg: Switch to an EdDSA format with prefix byte.
    
    * g10/keygen.c (gen_ecc): USe "comp" for EdDSA.

diff --git a/g10/keygen.c b/g10/keygen.c
index d6b2dd0..af5d34d 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1526,12 +1526,23 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root,
   if (!curve || !*curve)
     return gpg_error (GPG_ERR_UNKNOWN_CURVE);
 
-  keyparms = xtryasprintf ("(genkey(ecc(curve %zu:%s)(flags nocomp%s%s)))",
-                           strlen (curve), curve,
-                           (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
-                             && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
-                            " transient-key" : ""),
-                           (!strcmp (curve, "Ed25519")? " eddsa":""));
+  /* Note that we use the "comp" flag with EdDSA to request the use of
+     a 0x40 compression prefix octet.  */
+  if (algo == PUBKEY_ALGO_EDDSA)
+    keyparms = xtryasprintf
+      ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
+       strlen (curve), curve,
+       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+        " transient-key" : ""));
+  else
+    keyparms = xtryasprintf
+      ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
+       strlen (curve), curve,
+       (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
+         && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
+        " transient-key" : ""));
+
   if (!keyparms)
     err = gpg_error_from_syserror ();
   else
@@ -3448,9 +3459,8 @@ quickgen_set_para (struct para_data_s *para, int for_subkey,
 }
 
 
-
 /*
- * Unattended generaion of a standard key.
+ * Unattended generation of a standard key.
  */
 void
 quick_generate_keypair (const char *uid)

-----------------------------------------------------------------------

Summary of changes:
 g10/keygen.c |   26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Jul 25 11:05:22 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 25 Jul 2014 11:05:22 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta751-16-g2e93691
Message-ID: <E1XAbQ4-0002at-Oz@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  2e936915cf2f830e60d974d607b08822645f5753 (commit)
       via  e49c851ff54d5ecf856411bf6cdee721695ea172 (commit)
       via  07b64eec14d4f62b6d88c11b57d3f9973acfc696 (commit)
       via  8eb9224f32ddf1c9e1490c4d9688a177f8b6ae64 (commit)
      from  557cc11a605dd280d03c52d8b546deed8c4c714d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2e936915cf2f830e60d974d607b08822645f5753
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    scd: Minor and editorial changes to app-sc-hsm.c
    
    * scd/app-sc-hsm.c (select_and_read_binary): Use SW_ macro.
    (parse_certid): Remove useless test.
    (send_certinfo, send_keypairinfo): Shrink malloc to the needed size.
    (do_getattr): Ditto.
    (verify_pin): Use SW_ macro.
    (do_decipher): Replace OFS variable and extend comment.
    --
    
    Code parts which have not been audited are marked with a warning
    pragma.

diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c
index 6e8df0a..44f298a 100644
--- a/scd/app-sc-hsm.c
+++ b/scd/app-sc-hsm.c
@@ -2,8 +2,6 @@
  *	Copyright (C) 2005 Free Software Foundation, Inc.
  *	Copyright (C) 2014 Andreas Schwier <andreas.schwier at cardcontact.de>
  *
- * Code in this driver is based on app-p15.c with modifications
- *
  * This file is part of GnuPG.
  *
  * GnuPG is free software; you can redistribute it and/or modify
@@ -20,6 +18,10 @@
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+/*
+   Code in this driver is based on app-p15.c with modifications.
+ */
+
 #include <config.h>
 #include <errno.h>
 #include <stdio.h>
@@ -217,7 +219,7 @@ list_ef (int slot, unsigned char **result, size_t *resultlen)
   *resultlen = 0;
 
   sw = apdu_send_le (slot, 1, 0x80, 0x58, 0x00, 0x00, -1, NULL, 65536,
-                  result, resultlen);
+                     result, resultlen);
   if (sw != SW_SUCCESS)
     {
       /* Make sure that pending buffers are released. */
@@ -225,7 +227,7 @@ list_ef (int slot, unsigned char **result, size_t *resultlen)
       *result = NULL;
       *resultlen = 0;
     }
-  return iso7816_map_sw(sw);
+  return iso7816_map_sw (sw);
 }
 
 
@@ -250,10 +252,10 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
   sw = apdu_send_le(slot, 1, 0x00, 0xB1, efid >> 8, efid & 0xFF,
                     4, cdata, maxread, buffer, buflen);
 
-  if (sw == 0x6282)
-    sw = 0x9000;
+  if (sw == SW_EOF_REACHED)
+    sw = SW_SUCCESS;
 
-  err = iso7816_map_sw(sw);
+  err = iso7816_map_sw (sw);
   if (err)
     {
       log_error ("error reading %s (0x%04X): %s\n",
@@ -272,7 +274,6 @@ select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
 static gpg_error_t
 parse_certid (const char *certid, unsigned char **r_objid, size_t *r_objidlen)
 {
-  char tmpbuf[10];
   const char *s;
   size_t objidlen;
   unsigned char *objid;
@@ -281,14 +282,9 @@ parse_certid (const char *certid, unsigned char **r_objid, size_t *r_objidlen)
   *r_objid = NULL;
   *r_objidlen = 0;
 
-  strcpy (tmpbuf, "HSM.");
-  if (strncmp (certid, tmpbuf, strlen (tmpbuf)) )
-    {
-      if (!strncmp (certid, "HSM.", 4))
-        return gpg_error (GPG_ERR_NOT_FOUND);
-      return gpg_error (GPG_ERR_INV_ID);
-    }
-  certid += strlen (tmpbuf);
+  if (strncmp (certid, "HSM.", 4))
+    return gpg_error (GPG_ERR_INV_ID);
+  certid += 4;
 
   for (s=certid, objidlen=0; hexdigitp (s); s++, objidlen++)
     ;
@@ -431,14 +427,19 @@ parse_keyusage_flags (const unsigned char *der, size_t derlen,
 
 
 
-/* Read and  parse a Private Key Directory File containing a single
- * key description in PKCS#15 format
- * For each private key a matching certificate description is created,
- * if the certificate EF exists and contains a X.509 certificate*/
-/*
+/* Read and parse a Private Key Directory File containing a single key
+   description in PKCS#15 format.  For each private key a matching
+   certificate description is created, if the certificate EF exists
+   and contains a X.509 certificate.
+
+   Example data:
+
 0000  30 2A 30 13 0C 11 4A 6F 65 20 44 6F 65 20 28 52  0*0...Joe Doe (R
 0010  53 41 32 30 34 38 29 30 07 04 01 01 03 02 02 74  SA2048)0.......t
 0020  A1 0A 30 08 30 02 04 00 02 02 08 00              ..0.0.......
+
+   Decoded example:
+
 SEQUENCE SIZE( 42 )
   SEQUENCE SIZE( 19 )
     UTF8-STRING SIZE( 17 )                -- label
@@ -446,20 +447,21 @@ SEQUENCE SIZE( 42 )
       0010  29                                               )
   SEQUENCE SIZE( 7 )
     OCTET-STRING SIZE( 1 )                -- id
-      0000  01                                               .
+      0000  01
     BIT-STRING SIZE( 2 )                  -- key usage
-      0000  02 74                                            .t
+      0000  02 74
   A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 10 )
     SEQUENCE SIZE( 8 )
       SEQUENCE SIZE( 2 )
         OCTET-STRING SIZE( 0 )            -- empty path, req object in PKCS#15
       INTEGER SIZE( 2 )                   -- modulus size in bits
-        0000  08 00                                            ..
+        0000  08 00
 */
 static gpg_error_t
 read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult,
               cdf_object_t *cdresult)
 {
+#warning  function not yet audited
   gpg_error_t err;
   unsigned char *buffer = NULL;
   size_t buflen;
@@ -854,24 +856,28 @@ read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult,
 
 
 /* Read and parse the Certificate Description File identified by FID.
-   On success a the CDF list gets stored at RESULT and the
-   caller is then responsible of releasing the object.*/
-/*
+   On success a the CDF list gets stored at RESULT and the caller is
+   then responsible of releasing the object.
+
+   Example data:
+
 0000  30 35 30 11 0C 0B 43 65 72 74 69 66 69 63 61 74  050...Certificat
 0010  65 03 02 06 40 30 16 04 14 C2 01 7C 2F BA A4 4A  e... at 0.....|/..J
 0020  4A BB B8 49 11 DB 4A CA AA 7E 6A 2D 1B A1 08 30  J..I..J..~j-...0
 0030  06 30 04 04 02 CA 00                             .0.....
 
+   Decoded example:
+
 SEQUENCE SIZE( 53 )
   SEQUENCE SIZE( 17 )
     UTF8-STRING SIZE( 11 )                      -- label
       0000  43 65 72 74 69 66 69 63 61 74 65                 Certificate
     BIT-STRING SIZE( 2 )                        -- common object attributes
-      0000  06 40                                            .@
+      0000  06 40
   SEQUENCE SIZE( 22 )
     OCTET-STRING SIZE( 20 )                     -- id
-      0000  C2 01 7C 2F BA A4 4A 4A BB B8 49 11 DB 4A CA AA  ..|/..JJ..I..J..
-      0010  7E 6A 2D 1B                                      ~j-.
+      0000  C2 01 7C 2F BA A4 4A 4A BB B8 49 11 DB 4A CA AA
+      0010  7E 6A 2D 1B
   A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 8 )
     SEQUENCE SIZE( 6 )
       SEQUENCE SIZE( 4 )
@@ -881,6 +887,7 @@ SEQUENCE SIZE( 53 )
 static gpg_error_t
 read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result)
 {
+#warning needs an audit
   gpg_error_t err;
   unsigned char *buffer = NULL;
   size_t buflen;
@@ -1062,10 +1069,13 @@ read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result)
 
 
 
-/* Read the device certificate and extract the serial number
+/* Read the device certificate and extract the serial number.
+
+   EF.C_DevAut (2F02) contains two CVCs, the first is the device
+   certificate, the second is the issuer certificate.
+
+   Example data:
 
-EF.C_DevAut (2F02) contains two CVCs, the first is the device certificate, the
-second is the issuer certificate
 0000  7F 21 81 E2 7F 4E 81 9B 5F 29 01 00 42 0B 55 54  .!...N.._)..B.UT
 0010  43 43 30 32 30 30 30 30 32 7F 49 4F 06 0A 04 00  CC0200002.IO....
 0020  7F 00 07 02 02 02 02 03 86 41 04 6D FF D6 85 57  .........A.m...W
@@ -1096,44 +1106,45 @@ second is the issuer certificate
 01B0  76 E6 2B A0 4C 01 CA C1 26 0C 45 6D C6 CB EC 92  v.+.L...&.Em....
 01C0  BF 38 18 AD 8F B2 29 40 A9 51                    .8....)@.Q
 
-The certificate format is defined in BSI TR-03110
+   The certificate format is defined in BSI TR-03110:
 
 7F21 [ APPLICATION 33 ] IMPLICIT SEQUENCE SIZE( 226 )
   7F4E [ APPLICATION 78 ] IMPLICIT SEQUENCE SIZE( 155 )
     5F29 [ APPLICATION 41 ] SIZE( 1 )                           -- profile id
-      0000  00                                               .
+      0000  00
     42 [ APPLICATION 2 ] SIZE( 11 )                             -- CAR
       0000  55 54 43 43 30 32 30 30 30 30 32                 UTCC0200002
     7F49 [ APPLICATION 73 ] IMPLICIT SEQUENCE SIZE( 79 )        -- public key
       OBJECT IDENTIFIER = { id-TA-ECDSA-SHA-256 }
       86 [ CONTEXT 6 ] SIZE( 65 )
-        0000  04 6D FF D6 85 57 40 FB 10 5D 94 71 8A 94 D2 5E  .m...W at ..].q...^
-        0010  50 33 E7 1E C0 6C 63 D5 C8 FC BA F3 02 1D 70 23  P3...lc.......p#
-        0020  F6 47 E8 35 48 EF B5 94 72 3C 6F BE C0 EB 9A C7  .G.5H...r<o.....
-        0030  FB 06 59 26 CF 65 EF A1 72 E0 98 F3 F0 44 1B B7  ..Y&.e..r....D..
-        0040  71                                               q
+        0000  04 6D FF D6 85 57 40 FB 10 5D 94 71 8A 94 D2 5E
+        0010  50 33 E7 1E C0 6C 63 D5 C8 FC BA F3 02 1D 70 23
+        0020  F6 47 E8 35 48 EF B5 94 72 3C 6F BE C0 EB 9A C7
+        0030  FB 06 59 26 CF 65 EF A1 72 E0 98 F3 F0 44 1B B7
+        0040  71
     5F20 [ APPLICATION 32 ] SIZE( 16 )                          -- CHR
       0000  55 54 43 43 30 32 30 30 30 31 33 30 30 30 30 30  UTCC020001300000
     7F4C [ APPLICATION 76 ] IMPLICIT SEQUENCE SIZE( 16 )        -- CHAT
       OBJECT IDENTIFIER = { 1 3 6 1 4 1 24991 3 1 1 }
       53 [ APPLICATION 19 ] SIZE( 1 )
-        0000  00                                               .
+        0000  00
     5F25 [ APPLICATION 37 ] SIZE( 6 )                           -- Valid from
-      0000  01 04 00 07 01 01                                ......
+      0000  01 04 00 07 01 01
     5F24 [ APPLICATION 36 ] SIZE( 6 )                           -- Valid to
-      0000  02 01 00 03 02 07                                ......
+      0000  02 01 00 03 02 07
   5F37 [ APPLICATION 55 ] SIZE( 64 )                            -- Signature
-    0000  7F 73 04 3B 06 63 79 41 BE 1A 9F FC F6 77 67 2B  .s.;.cyA.....wg+
-    0010  8A 41 D1 11 F6 9B 54 44 AD 19 FB B8 0C C6 2F 34  .A....TD....../4
-    0020  71 8E 4F F6 92 59 34 61 D9 4F 4A 86 36 A8 D8 9A  q.O..Y4a.OJ.6...
-    0030  C6 3C 17 7E 71 CE A8 26 D0 C5 25 61 78 9D 01 F8  .<.~q..&..%ax...
+    0000  7F 73 04 3B 06 63 79 41 BE 1A 9F FC F6 77 67 2B
+    0010  8A 41 D1 11 F6 9B 54 44 AD 19 FB B8 0C C6 2F 34
+    0020  71 8E 4F F6 92 59 34 61 D9 4F 4A 86 36 A8 D8 9A
+    0030  C6 3C 17 7E 71 CE A8 26 D0 C5 25 61 78 9D 01 F8
 
-the serial number is contained in tag 5F20, while the last 5 digits are
-truncated
+   The serial number is contained in tag 5F20, while the last 5 digits
+   are truncated.
  */
 static gpg_error_t
 read_serialno(app_t app)
 {
+#warning audit!
   gpg_error_t err;
   unsigned char *buffer = NULL;
   size_t buflen;
@@ -1188,10 +1199,11 @@ read_serialno(app_t app)
 
 /* Get all the basic information from the SmartCard-HSM, check the
    structure and initialize our local context.  This is used once at
-   application initialization. */
+   application initialization.  */
 static gpg_error_t
 read_meta (app_t app)
 {
+#warning audit!
   gpg_error_t err;
   unsigned char *eflist = NULL;
   size_t eflistlen = 0;
@@ -1205,29 +1217,31 @@ read_meta (app_t app)
   if (err)
     return err;
 
-  for (i = 0; i < eflistlen; i += 2) {
-    switch(eflist[i]) {
-      case SC_HSM_KEY_PREFIX:
-        if (eflist[i + 1] == 0)    /* No key with ID=0 */
+  for (i = 0; i < eflistlen; i += 2)
+    {
+      switch(eflist[i])
+        {
+        case SC_HSM_KEY_PREFIX:
+          if (eflist[i + 1] == 0)    /* No key with ID=0 */
+            break;
+          err = read_ef_prkd (app, ((SC_HSM_PRKD_PREFIX << 8) | eflist[i + 1]),
+                              &app->app_local->private_key_info,
+                              &app->app_local->certificate_info);
+          if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+            err = 0;
+          if (err)
+            return err;
           break;
-        err = read_ef_prkd (app, (SC_HSM_PRKD_PREFIX << 8) | eflist[i + 1],
-                             &app->app_local->private_key_info,
-                             &app->app_local->certificate_info);
-        if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-          err = 0;
-        if (err)
-           return err;
-        break;
-      case SC_HSM_CD_PREFIX:
-        err = read_ef_cd (app, (eflist[i] << 8) | eflist[i + 1],
-                           &app->app_local->trusted_certificate_info);
-        if (gpg_err_code (err) == GPG_ERR_NO_DATA)
-          err = 0;
-        if (err)
-           return err;
-        break;
+        case SC_HSM_CD_PREFIX:
+          err = read_ef_cd (app, ((eflist[i] << 8) | eflist[i + 1]),
+                            &app->app_local->trusted_certificate_info);
+          if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+            err = 0;
+          if (err)
+            return err;
+          break;
+        }
     }
-  }
 
   xfree (eflist);
 
@@ -1246,7 +1260,7 @@ send_certinfo (ctrl_t ctrl, const char *certtype, cdf_object_t certinfo)
     {
       char *buf, *p;
 
-      buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
+      buf = xtrymalloc (4 + certinfo->objidlen*2 + 1);
       if (!buf)
         return gpg_error_from_syserror ();
       p = stpcpy (buf, "HSM.");
@@ -1313,7 +1327,7 @@ send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
       char gripstr[40+1];
       char *buf, *p;
 
-      buf = xtrymalloc (9 + keyinfo->objidlen*2 + 1);
+      buf = xtrymalloc (4 + keyinfo->objidlen*2 + 1);
       if (!buf)
         return gpg_error_from_syserror ();
       p = stpcpy (buf, "HSM.");
@@ -1393,7 +1407,8 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
       return 0;
     }
 
-  err = select_and_read_binary (app->slot, cdf->fid, "CD", &buffer, &buflen, 4096);
+  err = select_and_read_binary (app->slot, cdf->fid, "CD",
+                                &buffer, &buflen, 4096);
   if (err)
     {
       log_error ("error reading certificate with Id ");
@@ -1481,7 +1496,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
    the CERTINFO status lines) and return it in the freshly allocated
    buffer to be stored at R_CERT and its length at R_CERTLEN.  A error
    code will be returned on failure and R_CERT and R_CERTLEN will be
-   set to NULL/0. */
+   set to (NULL,0). */
 static gpg_error_t
 do_readcert (app_t app, const char *certid,
              unsigned char **r_cert, size_t *r_certlen)
@@ -1493,7 +1508,7 @@ do_readcert (app_t app, const char *certid,
   *r_certlen = 0;
   err = cdf_object_from_certid (app, certid, &cdf);
   if (!err)
-    err =readcert_by_cdf (app, cdf, r_cert, r_certlen);
+    err = readcert_by_cdf (app, cdf, r_cert, r_certlen);
   return err;
 }
 
@@ -1517,7 +1532,7 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
           break;
       if (prkdf)
         {
-          buf = xtrymalloc (9 + prkdf->objidlen*2 + 1);
+          buf = xtrymalloc (4 + prkdf->objidlen*2 + 1);
           if (!buf)
             return gpg_error_from_syserror ();
           p = stpcpy (buf, "HSM.");
@@ -1539,18 +1554,18 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name)
 
 
 
-/* Apply PKCS#1 V1.5 padding for signature operation
- * The function combines padding, digest info and the hash value. The buffer
- * must be allocated by the caller matching the key size
- */
-static
-void apply_PKCS_padding(const unsigned char *dig, int diglen,
-                        const unsigned char *prefix, int prefixlen,
-                        unsigned char *buff, int bufflen)
+/* Apply PKCS#1 V1.5 padding for signature operation.  The function
+ * combines padding, digest info and the hash value.  The buffer must
+ * be allocated by the caller matching the key size.  */
+static void
+apply_PKCS_padding(const unsigned char *dig, int diglen,
+                   const unsigned char *prefix, int prefixlen,
+                   unsigned char *buff, int bufflen)
 {
+#warning Seems okay but needs a seconds opinion
   int i;
 
-  // Caller must ensure sufficient buffer
+  /* Caller must ensure a sufficient buffer.  */
   if (diglen + prefixlen + 4 > bufflen)
     return;
 
@@ -1561,23 +1576,22 @@ void apply_PKCS_padding(const unsigned char *dig, int diglen,
 
   *buff++ = 0x00;
   if (prefix)
-    memcpy(buff, prefix, prefixlen);
-  buff+= prefixlen;
-  memcpy(buff, dig, diglen);
+    memcpy (buff, prefix, prefixlen);
+  buff += prefixlen;
+  memcpy (buff, dig, diglen);
 }
 
 
 
-/*
- * Decode a digest info structure to extract the hash value. The
- * buffer to receive the hash must be provided by the caller with
- * hashlen pointing to the inbound length. hashlen is updated to the
- * outbound length
- */
-static
-int hash_from_digestinfo(const unsigned char *di, size_t dilen,
-                         unsigned char *hash, size_t *hashlen)
+/* Decode a digest info structure (DI,DILEN) to extract the hash
+ * value.  The buffer HASH to receive the digest must be provided by
+ * the caller with HASHLEN pointing to the inbound length.  HASHLEN is
+ * updated to the outbound length.  */
+static int
+hash_from_digestinfo (const unsigned char *di, size_t dilen,
+                      unsigned char *hash, size_t *hashlen)
 {
+#warning audit!
   const unsigned char *p,*pp;
   size_t n, nn, objlen, hdrlen;
   int class, tag, constructed, ndef;
@@ -1630,8 +1644,8 @@ int hash_from_digestinfo(const unsigned char *di, size_t dilen,
 /* Perform PIN verification
  */
 static gpg_error_t
-verify_pin(app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
-           void *pincb_arg)
+verify_pin (app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
+            void *pincb_arg)
 {
   gpg_error_t err;
   pininfo_t pininfo;
@@ -1645,15 +1659,17 @@ verify_pin(app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
   if (sw == SW_SUCCESS)
     return 0;                   /* PIN already verified */
 
-  if (sw == 0x6984) {
+  if (sw == SW_REF_DATA_INV)
+    {
       log_error ("SmartCard-HSM not initialized. Run sc-hsm-tool first\n");
       return gpg_error (GPG_ERR_NO_PIN);
-  }
+    }
 
-  if (sw == SW_CHV_BLOCKED) {
+  if (sw == SW_CHV_BLOCKED)
+    {
       log_error ("PIN Blocked\n");
       return gpg_error (GPG_ERR_PIN_BLOCKED);
-  }
+    }
 
   memset (&pininfo, 0, sizeof pininfo);
   pininfo.fixedlen = 0;
@@ -1668,8 +1684,7 @@ verify_pin(app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
       err = pincb (pincb_arg, prompt, NULL);
       if (err)
         {
-          log_info ("PIN callback returned error: %s\n",
-              gpg_strerror (err));
+          log_info ("PIN callback returned error: %s\n", gpg_strerror (err));
           return err;
         }
 
@@ -1745,8 +1760,9 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
       0x00, 0x04, 0x40  };
 
   gpg_error_t err;
-  unsigned char cdsblk[256]; /* Raw PKCS#1 V1.5 block with padding (RSA) or hash */
-  prkdf_object_t prkdf;    /* The private key object. */
+  unsigned char cdsblk[256]; /* Raw PKCS#1 V1.5 block with padding
+                                (RSA) or hash.  */
+  prkdf_object_t prkdf;      /* The private key object. */
   size_t cdsblklen;
   unsigned char algoid;
   int sw;
@@ -1776,55 +1792,60 @@ do_sign (app_t app, const char *keyidstr, int hashalgo,
         cdsblklen = 256;
 
       if (hashalgo == GCRY_MD_SHA1 && indatalen == 20)
-        apply_PKCS_padding(indata, indatalen, sha1_prefix, sizeof(sha1_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            sha1_prefix, sizeof(sha1_prefix),
+                            cdsblk, cdsblklen);
       else if (hashalgo == GCRY_MD_MD5 && indatalen == 20)
-        apply_PKCS_padding(indata, indatalen, rmd160_prefix, sizeof(rmd160_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            rmd160_prefix, sizeof(rmd160_prefix),
+                            cdsblk, cdsblklen);
       else if (hashalgo == GCRY_MD_SHA224 && indatalen == 28)
-        apply_PKCS_padding(indata, indatalen, sha224_prefix, sizeof(sha224_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            sha224_prefix, sizeof(sha224_prefix),
+                            cdsblk, cdsblklen);
       else if (hashalgo == GCRY_MD_SHA256 && indatalen == 32)
-        apply_PKCS_padding(indata, indatalen, sha256_prefix, sizeof(sha256_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            sha256_prefix, sizeof(sha256_prefix),
+                            cdsblk, cdsblklen);
       else if (hashalgo == GCRY_MD_SHA384 && indatalen == 48)
-        apply_PKCS_padding(indata, indatalen, sha384_prefix, sizeof(sha384_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            sha384_prefix, sizeof(sha384_prefix),
+                            cdsblk, cdsblklen);
       else if (hashalgo == GCRY_MD_SHA512 && indatalen == 64)
-        apply_PKCS_padding(indata, indatalen, sha512_prefix, sizeof(sha512_prefix),
-                           cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen,
+                            sha512_prefix, sizeof(sha512_prefix),
+                            cdsblk, cdsblklen);
       else  /* Assume it's already a digest info or TLS_MD5SHA1 */
-        apply_PKCS_padding(indata, indatalen, NULL, 0, cdsblk, cdsblklen);
+        apply_PKCS_padding (indata, indatalen, NULL, 0, cdsblk, cdsblklen);
     }
   else
     {
       algoid = 0x70;
-      if (indatalen != 20 && indatalen != 28 && indatalen != 32 &&
-                             indatalen != 48 && indatalen != 64)
+      if (indatalen != 20 && indatalen != 28 && indatalen != 32
+          && indatalen != 48 && indatalen != 64)
         {
           cdsblklen = sizeof(cdsblk);
-          err = hash_from_digestinfo(indata, indatalen, cdsblk, &cdsblklen);
+          err = hash_from_digestinfo (indata, indatalen, cdsblk, &cdsblklen);
           if (err)
             {
-              log_error ("DigestInfo invalid : %s\n", gpg_strerror (err));
+              log_error ("DigestInfo invalid: %s\n", gpg_strerror (err));
               return err;
             }
-
         }
       else
         {
-          memcpy(cdsblk, indata, indatalen);
+          memcpy (cdsblk, indata, indatalen);
           cdsblklen = indatalen;
         }
     }
 
-  err = verify_pin(app, pincb, pincb_arg);
+  err = verify_pin (app, pincb, pincb_arg);
   if (err)
     return err;
 
   sw = apdu_send_le (app->slot, 1, 0x80, 0x68, prkdf->key_reference, algoid,
                      cdsblklen, cdsblk, 0, outdata, outdatalen);
-  return iso7816_map_sw(sw);
+  return iso7816_map_sw (sw);
 }
 
 
@@ -1865,14 +1886,14 @@ do_auth (app_t app, const char *keyidstr,
 
 
 
-/* Check PKCS#1 V1.5 padding and extract plain text.
- * The function allocates a buffer for the plain text. The caller must release
- * the buffer
- */
+/* Check PKCS#1 V1.5 padding and extract plain text.  The function
+ * allocates a buffer for the plain text.  The caller must release the
+ * buffer.  */
 static gpg_error_t
 strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
                      size_t *dstlen)
 {
+#warning audit!
   int c1,c2,c3;
   unsigned char *p;
 
@@ -1884,7 +1905,7 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
       src++;
       srclen--;
     }
-  c3 = srclen > 0;
+  c3 = (srclen > 0);
 
   if (!(c1 && c2 && c3))
     return gpg_error (GPG_ERR_DECRYPT_FAILED);
@@ -1896,7 +1917,7 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
   if (!p)
     return gpg_error_from_syserror ();
 
-  memcpy(p, src, srclen);
+  memcpy (p, src, srclen);
   *dst = p;
   *dstlen = srclen;
 
@@ -1904,9 +1925,8 @@ strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
 }
 
 
-
-/* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced key
- */
+/* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced
+   key.  */
 static gpg_error_t
 do_decipher (app_t app, const char *keyidstr,
              gpg_error_t (*pincb)(void*, const char *, char **),
@@ -1917,11 +1937,11 @@ do_decipher (app_t app, const char *keyidstr,
 {
   gpg_error_t err;
   unsigned char p1blk[256]; /* Enciphered P1 block */
-  prkdf_object_t prkdf;    /* The private key object. */
+  prkdf_object_t prkdf;     /* The private key object. */
   unsigned char *rspdata;
   size_t rspdatalen;
   size_t p1blklen;
-  int ofs, sw;
+  int sw;
 
   if (!keyidstr || !*keyidstr || !indatalen)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -1942,13 +1962,16 @@ do_decipher (app_t app, const char *keyidstr,
   if (!p1blklen)
     p1blklen = 256;
 
-  /* Due to MPI the input may be shorter or longer than the block size */
-  memset(p1blk, 0, sizeof(p1blk));
-  ofs = p1blklen - indatalen;
-  if (ofs < 0)
-    memcpy(p1blk, (unsigned char *)indata - ofs, p1blklen);
+  /* The input may be shorter (due to MPIs not storing leading zeroes)
+     or longer than the block size.  We put INDATA right aligned into
+     the buffer.  If INDATA is longer than the block size we truncate
+     it on the left. */
+  memset (p1blk, 0, sizeof(p1blk));
+  if (indatalen > p1blklen)
+    memcpy (p1blk, (unsigned char *)indata + (indatalen - p1blklen), p1blklen);
   else
-    memcpy(p1blk + ofs, indata, indatalen);
+    memcpy (p1blk + (p1blklen - indatalen), indata, indatalen);
+
 
   err = verify_pin(app, pincb, pincb_arg);
   if (err)
@@ -1956,15 +1979,15 @@ do_decipher (app_t app, const char *keyidstr,
 
   sw = apdu_send_le (app->slot, 1, 0x80, 0x62, prkdf->key_reference, 0x21,
                      p1blklen, p1blk, 0, &rspdata, &rspdatalen);
-  err = iso7816_map_sw(sw);
+  err = iso7816_map_sw (sw);
   if (err)
     {
       log_error ("Decrypt failed: %s\n", gpg_strerror (err));
       return err;
     }
 
-  err = strip_PKCS15_padding(rspdata, rspdatalen, outdata, outdatalen);
-  xfree(rspdata);
+  err = strip_PKCS15_padding (rspdata, rspdatalen, outdata, outdatalen);
+  xfree (rspdata);
 
   if (!err)
     *r_info |= APP_DECIPHER_INFO_NOPAD;

commit e49c851ff54d5ecf856411bf6cdee721695ea172
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    scd: Add a new status word code.
    
    * scd/apdu.h (SW_REF_DATA_INV): New.
    * scd/apdu.c (apdu_strerror): Add string.

diff --git a/scd/apdu.c b/scd/apdu.c
index 609103f..476723a 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -544,6 +544,7 @@ apdu_strerror (int rc)
     case SW_WRONG_LENGTH   : return "wrong length";
     case SW_CHV_WRONG      : return "CHV wrong";
     case SW_CHV_BLOCKED    : return "CHV blocked";
+    case SW_REF_DATA_INV   : return "referenced data invalidated";
     case SW_USE_CONDITIONS : return "use conditions not satisfied";
     case SW_BAD_PARAMETER  : return "bad parameter";
     case SW_NOT_SUPPORTED  : return "not supported";
diff --git a/scd/apdu.h b/scd/apdu.h
index 37f9f43..2e518b1 100644
--- a/scd/apdu.h
+++ b/scd/apdu.h
@@ -36,6 +36,7 @@ enum {
   SW_CC_NOT_SUP     = 0x6884, /* Command Chaining is not supported.  */
   SW_CHV_WRONG      = 0x6982,
   SW_CHV_BLOCKED    = 0x6983,
+  SW_REF_DATA_INV   = 0x6984, /* Referenced data invalidated. */
   SW_USE_CONDITIONS = 0x6985,
   SW_BAD_PARAMETER  = 0x6a80, /* (in the data field) */
   SW_NOT_SUPPORTED  = 0x6a81,

commit 07b64eec14d4f62b6d88c11b57d3f9973acfc696
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    scd: Comment typo fixes.
    
    --

diff --git a/scd/app-p15.c b/scd/app-p15.c
index 1e922e7..cc407af 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -698,7 +698,7 @@ read_ef_odf (app_t app, unsigned short odf_fid)
 }
 
 
-/* Parse the BIT STRING with the keyUsageFlags from teh
+/* Parse the BIT STRING with the keyUsageFlags from the
    CommonKeyAttributes. */
 static gpg_error_t
 parse_keyusage_flags (const unsigned char *der, size_t derlen,
@@ -2405,7 +2405,7 @@ keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr)
      a matching certificate and extract the key from there. */
 
   /* Look for a matching certificate. A certificate matches if the Id
-     matches the obne of the private key info. */
+     matches the one of the private key info. */
   for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
     if (cdf->objidlen == prkdf->objidlen
         && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
@@ -2443,7 +2443,7 @@ keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr)
 
 /* Helper to do_learn_status: Send information about all known
    keypairs back.  FIXME: much code duplication from
-   send_sertinfo(). */
+   send_certinfo(). */
 static gpg_error_t
 send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
 {
@@ -2642,7 +2642,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
    the CERTINFO status lines) and return it in the freshly allocated
    buffer to be stored at R_CERT and its length at R_CERTLEN.  A error
    code will be returned on failure and R_CERT and R_CERTLEN will be
-   set to NULL/0. */
+   set to (NULL,0). */
 static gpg_error_t
 do_readcert (app_t app, const char *certid,
              unsigned char **r_cert, size_t *r_certlen)
@@ -2654,7 +2654,7 @@ do_readcert (app_t app, const char *certid,
   *r_certlen = 0;
   err = cdf_object_from_certid (app, certid, &cdf);
   if (!err)
-    err =readcert_by_cdf (app, cdf, r_cert, r_certlen);
+    err = readcert_by_cdf (app, cdf, r_cert, r_certlen);
   return err;
 }
 

commit 8eb9224f32ddf1c9e1490c4d9688a177f8b6ae64
Author: Andreas Schwier <andreas.schwier at cardcontact.de>
Date:   Fri Jul 18 16:20:59 2014 +0200

    scd: Support for SmartCard-HSM
    
    * scd/app-sc-hsm.c: New.
    * scd/app.c (select_application, get_supported_applications): Register
    new app.
    
    --
    Add a read/only driver for scdaemon that provides access to keys and
    certificates on a SmartCard-HSM (www.smartcard-hsm.com).
    
    The driver supports RSA and ECC keys on SmartCard-HSM cards and
    USB-Sticks.
    
    The driver does not yet support the MicroSD edition.
    
    --
    ChangeLog and FSF copyright year fix by wk.

diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index 861c898..79a5fcc 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -340,6 +340,7 @@ stripping off the two leading dashes.
 * DINSIG Card::           The DINSIG card application
 * PKCS#15 Card::          The PKCS#15 card application
 * Geldkarte Card::        The Geldkarte application
+* SmartCard-HSM::         The SmartCard-HSM application
 * Undefined Card::        The Undefined stub application
 @end menu
 
@@ -382,6 +383,19 @@ This is a simple application to display information of a German
 Geldkarte.  The Geldkarte is a small amount debit card application which
 comes with almost all German banking cards.
 
+ at node SmartCard-HSM
+ at subsection The SmartCard-HSM card application ``sc-hsm''
+
+This application adds read/only support for keys and certificates
+stored on a @uref{http://www.smartcard-hsm.com, SmartCard-HSM}.
+
+To generate keys and store certifiates you may use
+ at uref{https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM, OpenSC} or
+the tools from @uref{http://www.openscdp.org, OpenSCDP}.
+
+The SmartCard-HSM cards requires a card reader that supports Extended
+Length APDUs.
+
 @node Undefined Card
 @subsection The Undefined card application ``undefined''
 
diff --git a/scd/Makefile.am b/scd/Makefile.am
index 215933a..09dd7d2 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -33,7 +33,7 @@ AM_CFLAGS =  $(LIBGCRYPT_CFLAGS) \
 	     $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(NPTH_CFLAGS)
 
 
-card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
+card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c app-sc-hsm.c
 
 scdaemon_SOURCES = \
 	scdaemon.c scdaemon.h \
diff --git a/scd/app-common.h b/scd/app-common.h
index 66430b6..50046a4 100644
--- a/scd/app-common.h
+++ b/scd/app-common.h
@@ -223,6 +223,9 @@ gpg_error_t app_select_p15 (app_t app);
 /*-- app-geldkarte.c --*/
 gpg_error_t app_select_geldkarte (app_t app);
 
+/*-- app-sc-hsm.c --*/
+gpg_error_t app_select_sc_hsm (app_t app);
+
 
 #endif
 
diff --git a/scd/app-sc-hsm.c b/scd/app-sc-hsm.c
new file mode 100644
index 0000000..6e8df0a
--- /dev/null
+++ b/scd/app-sc-hsm.c
@@ -0,0 +1,2020 @@
+/* app-sc-hsm.c - The SmartCard-HSM card application (www.smartcard-hsm.com).
+ *	Copyright (C) 2005 Free Software Foundation, Inc.
+ *	Copyright (C) 2014 Andreas Schwier <andreas.schwier at cardcontact.de>
+ *
+ * Code in this driver is based on app-p15.c with modifications
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <time.h>
+
+#include "scdaemon.h"
+
+#include "iso7816.h"
+#include "app-common.h"
+#include "tlv.h"
+#include "apdu.h"
+
+
+/* The AID of the SmartCard-HSM applet. */
+static char const sc_hsm_aid[] = { 0xE8, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x81,
+                                   0xC3, 0x1F, 0x02, 0x01  };
+
+
+/* Special file identifier for SmartCard-HSM */
+typedef enum
+{
+    SC_HSM_PRKD_PREFIX = 0xC4,
+    SC_HSM_CD_PREFIX = 0xC8,
+    SC_HSM_DCOD_PREFIX = 0xC9,
+    SC_HSM_CA_PREFIX = 0xCA,
+    SC_HSM_KEY_PREFIX = 0xCC,
+    SC_HSM_EE_PREFIX = 0xCE
+} fid_prefix_type_t;
+
+
+/* The key types supported by the SmartCard-HSM */
+typedef enum
+  {
+    KEY_TYPE_RSA,
+    KEY_TYPE_ECC
+  } key_type_t;
+
+
+/* A bit array with for the key usage flags from the
+   commonKeyAttributes. */
+struct keyusage_flags_s
+{
+    unsigned int encrypt: 1;
+    unsigned int decrypt: 1;
+    unsigned int sign: 1;
+    unsigned int sign_recover: 1;
+    unsigned int wrap: 1;
+    unsigned int unwrap: 1;
+    unsigned int verify: 1;
+    unsigned int verify_recover: 1;
+    unsigned int derive: 1;
+    unsigned int non_repudiation: 1;
+};
+typedef struct keyusage_flags_s keyusage_flags_t;
+
+
+
+/* This is an object to store information about a Certificate
+   Directory File (CDF) in a format suitable for further processing by
+   us. To keep memory management, simple we use a linked list of
+   items; i.e. one such object represents one certificate and the list
+   the entire CDF. */
+struct cdf_object_s
+{
+  /* Link to next item when used in a linked list. */
+  struct cdf_object_s *next;
+
+  /* Length and allocated buffer with the Id of this object. */
+  size_t objidlen;
+  unsigned char *objid;
+
+  /* To avoid reading a certificate more than once, we cache it in an
+     allocated memory IMAGE of IMAGELEN. */
+  size_t imagelen;
+  unsigned char *image;
+
+  /* EF containing certificate */
+  unsigned short fid;
+};
+typedef struct cdf_object_s *cdf_object_t;
+
+
+
+/* This is an object to store information about a Private Key
+   Directory File (PrKDF) in a format suitable for further processing
+   by us. To keep memory management, simple we use a linked list of
+   items; i.e. one such object represents one certificate and the list
+   the entire PrKDF. */
+struct prkdf_object_s
+{
+  /* Link to next item when used in a linked list. */
+  struct prkdf_object_s *next;
+
+  /* Key type */
+  key_type_t keytype;
+
+  /* Key size in bits or 0 if unknown */
+  size_t keysize;
+
+  /* Length and allocated buffer with the Id of this object. */
+  size_t objidlen;
+  unsigned char *objid;
+
+  /* The key's usage flags. */
+  keyusage_flags_t usageflags;
+
+  /* The keyReference */
+  unsigned char key_reference;
+};
+typedef struct prkdf_object_s *prkdf_object_t;
+
+
+
+/* Context local to this application. */
+struct app_local_s
+{
+  /* Information on all certificates. */
+  cdf_object_t certificate_info;
+  /* Information on all trusted certificates. */
+  cdf_object_t trusted_certificate_info;
+  /* Information on all private keys. */
+  prkdf_object_t private_key_info;
+};
+
+
+
+/*** Local prototypes.  ***/
+static gpg_error_t readcert_by_cdf (app_t app, cdf_object_t cdf,
+                                    unsigned char **r_cert, size_t *r_certlen);
+
+
+
+/* Release the CDF object A  */
+static void
+release_cdflist (cdf_object_t a)
+{
+  while (a)
+    {
+      cdf_object_t tmp = a->next;
+      xfree (a->image);
+      xfree (a->objid);
+      xfree (a);
+      a = tmp;
+    }
+}
+
+
+
+/* Release the PrKDF object A.  */
+static void
+release_prkdflist (prkdf_object_t a)
+{
+  while (a)
+    {
+      prkdf_object_t tmp = a->next;
+      xfree (a->objid);
+      xfree (a);
+      a = tmp;
+    }
+}
+
+
+
+/* Release all local resources.  */
+static void
+do_deinit (app_t app)
+{
+  if (app && app->app_local)
+    {
+      release_cdflist (app->app_local->certificate_info);
+      release_cdflist (app->app_local->trusted_certificate_info);
+      release_prkdflist (app->app_local->private_key_info);
+      xfree (app->app_local);
+      app->app_local = NULL;
+    }
+}
+
+
+
+/* Get the list of EFs from the SmartCard-HSM. On success a dynamically
+ * buffer containing the EF list is returned. The caller is responsible for
+ * freeing the buffer.
+ */
+static gpg_error_t
+list_ef (int slot, unsigned char **result, size_t *resultlen)
+{
+  int sw;
+
+  if (!result || !resultlen)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  *result = NULL;
+  *resultlen = 0;
+
+  sw = apdu_send_le (slot, 1, 0x80, 0x58, 0x00, 0x00, -1, NULL, 65536,
+                  result, resultlen);
+  if (sw != SW_SUCCESS)
+    {
+      /* Make sure that pending buffers are released. */
+      xfree (*result);
+      *result = NULL;
+      *resultlen = 0;
+    }
+  return iso7816_map_sw(sw);
+}
+
+
+
+/* Do a select and a read for the file with EFID.  EFID_DESC is a
+   description of the EF to be used with error messages.  On success
+   BUFFER and BUFLEN contain the entire content of the EF.  The caller
+   must free BUFFER only on success. */
+static gpg_error_t
+select_and_read_binary (int slot, unsigned short efid, const char *efid_desc,
+                        unsigned char **buffer, size_t *buflen, int maxread)
+{
+  gpg_error_t err;
+  unsigned char cdata[4];
+  int sw;
+
+  cdata[0] = 0x54;      /* Create ISO 7861-4 odd ins READ BINARY */
+  cdata[1] = 0x02;
+  cdata[2] = 0x00;
+  cdata[3] = 0x00;
+
+  sw = apdu_send_le(slot, 1, 0x00, 0xB1, efid >> 8, efid & 0xFF,
+                    4, cdata, maxread, buffer, buflen);
+
+  if (sw == 0x6282)
+    sw = 0x9000;
+
+  err = iso7816_map_sw(sw);
+  if (err)
+    {
+      log_error ("error reading %s (0x%04X): %s\n",
+                 efid_desc, efid, gpg_strerror (err));
+      return err;
+    }
+  return 0;
+}
+
+
+
+/* Parse a cert Id string (or a key Id string) and return the binary
+   object Id string in a newly allocated buffer stored at R_OBJID and
+   R_OBJIDLEN.  On Error NULL will be stored there and an error code
+   returned. On success caller needs to free the buffer at R_OBJID. */
+static gpg_error_t
+parse_certid (const char *certid, unsigned char **r_objid, size_t *r_objidlen)
+{
+  char tmpbuf[10];
+  const char *s;
+  size_t objidlen;
+  unsigned char *objid;
+  int i;
+
+  *r_objid = NULL;
+  *r_objidlen = 0;
+
+  strcpy (tmpbuf, "HSM.");
+  if (strncmp (certid, tmpbuf, strlen (tmpbuf)) )
+    {
+      if (!strncmp (certid, "HSM.", 4))
+        return gpg_error (GPG_ERR_NOT_FOUND);
+      return gpg_error (GPG_ERR_INV_ID);
+    }
+  certid += strlen (tmpbuf);
+
+  for (s=certid, objidlen=0; hexdigitp (s); s++, objidlen++)
+    ;
+  if (*s || !objidlen || (objidlen%2))
+    return gpg_error (GPG_ERR_INV_ID);
+  objidlen /= 2;
+  objid = xtrymalloc (objidlen);
+  if (!objid)
+    return gpg_error_from_syserror ();
+  for (s=certid, i=0; i < objidlen; i++, s+=2)
+    objid[i] = xtoi_2 (s);
+  *r_objid = objid;
+  *r_objidlen = objidlen;
+  return 0;
+}
+
+
+
+/* Find a certificate object by the certificate ID CERTID and store a
+   pointer to it at R_CDF. */
+static gpg_error_t
+cdf_object_from_certid (app_t app, const char *certid, cdf_object_t *r_cdf)
+{
+  gpg_error_t err;
+  size_t objidlen;
+  unsigned char *objid;
+  cdf_object_t cdf;
+
+  err = parse_certid (certid, &objid, &objidlen);
+  if (err)
+    return err;
+
+  for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
+    if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
+      break;
+  if (!cdf)
+    for (cdf = app->app_local->trusted_certificate_info; cdf; cdf = cdf->next)
+      if (cdf->objidlen == objidlen && !memcmp (cdf->objid, objid, objidlen))
+        break;
+  xfree (objid);
+  if (!cdf)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+  *r_cdf = cdf;
+  return 0;
+}
+
+
+
+/* Find a private key object by the key Id string KEYIDSTR and store a
+   pointer to it at R_PRKDF. */
+static gpg_error_t
+prkdf_object_from_keyidstr (app_t app, const char *keyidstr,
+                            prkdf_object_t *r_prkdf)
+{
+  gpg_error_t err;
+  size_t objidlen;
+  unsigned char *objid;
+  prkdf_object_t prkdf;
+
+  err = parse_certid (keyidstr, &objid, &objidlen);
+  if (err)
+    return err;
+
+  for (prkdf = app->app_local->private_key_info; prkdf; prkdf = prkdf->next)
+    if (prkdf->objidlen == objidlen && !memcmp (prkdf->objid, objid, objidlen))
+      break;
+  xfree (objid);
+  if (!prkdf)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+  *r_prkdf = prkdf;
+  return 0;
+}
+
+
+
+/* Parse the BIT STRING with the keyUsageFlags from the
+   CommonKeyAttributes. */
+static gpg_error_t
+parse_keyusage_flags (const unsigned char *der, size_t derlen,
+                      keyusage_flags_t *usageflags)
+{
+  unsigned int bits, mask;
+  int i, unused, full;
+
+  memset (usageflags, 0, sizeof *usageflags);
+  if (!derlen)
+    return gpg_error (GPG_ERR_INV_OBJ);
+
+  unused = *der++; derlen--;
+  if ((!derlen && unused) || unused/8 > derlen)
+    return gpg_error (GPG_ERR_ENCODING_PROBLEM);
+  full = derlen - (unused+7)/8;
+  unused %= 8;
+  mask = 0;
+  for (i=1; unused; i <<= 1, unused--)
+    mask |= i;
+
+  /* First octet */
+  if (derlen)
+    {
+      bits = *der++; derlen--;
+      if (full)
+        full--;
+      else
+        {
+          bits &= ~mask;
+          mask = 0;
+        }
+    }
+  else
+    bits = 0;
+  if ((bits & 0x80)) usageflags->encrypt = 1;
+  if ((bits & 0x40)) usageflags->decrypt = 1;
+  if ((bits & 0x20)) usageflags->sign = 1;
+  if ((bits & 0x10)) usageflags->sign_recover = 1;
+  if ((bits & 0x08)) usageflags->wrap = 1;
+  if ((bits & 0x04)) usageflags->unwrap = 1;
+  if ((bits & 0x02)) usageflags->verify = 1;
+  if ((bits & 0x01)) usageflags->verify_recover = 1;
+
+  /* Second octet. */
+  if (derlen)
+    {
+      bits = *der++; derlen--;
+      if (full)
+        full--;
+      else
+        {
+          bits &= ~mask;
+          mask = 0;
+        }
+    }
+  else
+    bits = 0;
+  if ((bits & 0x80)) usageflags->derive = 1;
+  if ((bits & 0x40)) usageflags->non_repudiation = 1;
+
+  return 0;
+}
+
+
+
+/* Read and  parse a Private Key Directory File containing a single
+ * key description in PKCS#15 format
+ * For each private key a matching certificate description is created,
+ * if the certificate EF exists and contains a X.509 certificate*/
+/*
+0000  30 2A 30 13 0C 11 4A 6F 65 20 44 6F 65 20 28 52  0*0...Joe Doe (R
+0010  53 41 32 30 34 38 29 30 07 04 01 01 03 02 02 74  SA2048)0.......t
+0020  A1 0A 30 08 30 02 04 00 02 02 08 00              ..0.0.......
+SEQUENCE SIZE( 42 )
+  SEQUENCE SIZE( 19 )
+    UTF8-STRING SIZE( 17 )                -- label
+      0000  4A 6F 65 20 44 6F 65 20 28 52 53 41 32 30 34 38  Joe Doe (RSA2048
+      0010  29                                               )
+  SEQUENCE SIZE( 7 )
+    OCTET-STRING SIZE( 1 )                -- id
+      0000  01                                               .
+    BIT-STRING SIZE( 2 )                  -- key usage
+      0000  02 74                                            .t
+  A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 10 )
+    SEQUENCE SIZE( 8 )
+      SEQUENCE SIZE( 2 )
+        OCTET-STRING SIZE( 0 )            -- empty path, req object in PKCS#15
+      INTEGER SIZE( 2 )                   -- modulus size in bits
+        0000  08 00                                            ..
+*/
+static gpg_error_t
+read_ef_prkd (app_t app, unsigned short fid, prkdf_object_t *prkdresult,
+              cdf_object_t *cdresult)
+{
+  gpg_error_t err;
+  unsigned char *buffer = NULL;
+  size_t buflen;
+  const unsigned char *p;
+  size_t n, objlen, hdrlen;
+  int class, tag, constructed, ndef;
+  int i;
+  const unsigned char *pp;
+  size_t nn;
+  int where;
+  const char *errstr = NULL;
+  prkdf_object_t prkdf = NULL;
+  cdf_object_t cdf = NULL;
+  unsigned long ul;
+  const unsigned char *objid;
+  size_t objidlen;
+  keyusage_flags_t usageflags;
+  const char *s;
+  key_type_t keytype;
+  size_t keysize;
+
+  if (!fid)
+    return gpg_error (GPG_ERR_NO_DATA); /* No private keys. */
+
+  err = select_and_read_binary (app->slot, fid, "PrKDF", &buffer, &buflen, 255);
+  if (err)
+    return err;
+
+  p = buffer;
+  n = buflen;
+
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > n || (tag != TAG_SEQUENCE && tag != 0x00)))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    {
+      log_error ("error parsing PrKDF record: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  keytype = tag == 0x00 ? KEY_TYPE_ECC : KEY_TYPE_RSA;
+
+  pp = p;
+  nn = objlen;
+  p += objlen;
+  n -= objlen;
+
+  /* Parse the commonObjectAttributes.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  {
+      const unsigned char *ppp = pp;
+      size_t nnn = objlen;
+
+      pp += objlen;
+      nn -= objlen;
+
+      /* Search the optional AuthId.  We need to skip the optional
+           Label (UTF8STRING) and the optional CommonObjectFlags
+           (BITSTRING). */
+      where = __LINE__;
+      err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (gpg_err_code (err) == GPG_ERR_EOF)
+        goto no_authid;
+      if (err)
+        goto parse_error;
+      if (tag == TAG_UTF8_STRING)
+        {
+          ppp += objlen; /* Skip the Label. */
+          nnn -= objlen;
+
+          where = __LINE__;
+          err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+              &ndef, &objlen, &hdrlen);
+          if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto no_authid;
+          if (err)
+            goto parse_error;
+        }
+      if (tag == TAG_BIT_STRING)
+        {
+          ppp += objlen; /* Skip the CommonObjectFlags.  */
+          nnn -= objlen;
+
+          where = __LINE__;
+          err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+              &ndef, &objlen, &hdrlen);
+          if (!err && (objlen > nnn || class != CLASS_UNIVERSAL))
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto no_authid;
+          if (err)
+            goto parse_error;
+        }
+      if (tag == TAG_OCTET_STRING && objlen)
+        {
+          /* AuthId ignored */
+        }
+      no_authid:
+      ;
+  }
+
+  /* Parse the commonKeyAttributes.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  {
+      const unsigned char *ppp = pp;
+      size_t nnn = objlen;
+
+      pp += objlen;
+      nn -= objlen;
+
+      /* Get the Id. */
+      where = __LINE__;
+      err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nnn
+          || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
+      objid = ppp;
+      objidlen = objlen;
+      ppp += objlen;
+      nnn -= objlen;
+
+      /* Get the KeyUsageFlags. */
+      where = __LINE__;
+      err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nnn
+          || class != CLASS_UNIVERSAL || tag != TAG_BIT_STRING))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
+      err = parse_keyusage_flags (ppp, objlen, &usageflags);
+      if (err)
+        goto parse_error;
+      ppp += objlen;
+      nnn -= objlen;
+
+      /* Find the keyReference */
+      where = __LINE__;
+      err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+      if (gpg_err_code (err) == GPG_ERR_EOF)
+        goto leave_cki;
+      if (!err && objlen > nnn)
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
+      if (class == CLASS_UNIVERSAL && tag == TAG_BOOLEAN)
+        {
+          /* Skip the native element. */
+          ppp += objlen;
+          nnn -= objlen;
+
+          err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+              &ndef, &objlen, &hdrlen);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto leave_cki;
+          if (!err && objlen > nnn)
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (err)
+            goto parse_error;
+        }
+      if (class == CLASS_UNIVERSAL && tag == TAG_BIT_STRING)
+        {
+          /* Skip the accessFlags. */
+          ppp += objlen;
+          nnn -= objlen;
+
+          err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+              &ndef, &objlen, &hdrlen);
+          if (gpg_err_code (err) == GPG_ERR_EOF)
+            goto leave_cki;
+          if (!err && objlen > nnn)
+            err = gpg_error (GPG_ERR_INV_OBJ);
+          if (err)
+            goto parse_error;
+        }
+      if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER)
+        {
+          /* Yep, this is the keyReference.  */
+          for (ul=0; objlen; objlen--)
+            {
+              ul <<= 8;
+              ul |= (*ppp++) & 0xff;
+              nnn--;
+            }
+        }
+
+      leave_cki:
+      ;
+  }
+
+
+  /* Skip subClassAttributes.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  if (class == CLASS_CONTEXT && tag == 0)
+    {
+      pp += objlen;
+      nn -= objlen;
+
+      where = __LINE__;
+      err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+    }
+  /* Parse the keyAttributes.  */
+  if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  nn = objlen;
+
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+
+  nn = objlen;
+
+  /* Check that the reference is a Path object.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)
+    {
+      errstr = "unsupported reference type";
+      goto parse_error;
+    }
+
+  pp += objlen;
+  nn -= objlen;
+
+  /* Parse the key size object. */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  keysize = 0;
+  if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER && objlen == 2)
+    {
+      keysize  = *pp++ << 8;
+      keysize += *pp++;
+    }
+
+
+  /* Create a new PrKDF list item. */
+  prkdf = xtrycalloc (1, sizeof *prkdf);
+  if (!prkdf)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  prkdf->keytype = keytype;
+  prkdf->keysize = keysize;
+  prkdf->objidlen = objidlen;
+  prkdf->objid = xtrymalloc (objidlen);
+  if (!prkdf->objid)
+    {
+      err = gpg_error_from_syserror ();
+      xfree (prkdf);
+      goto leave;
+    }
+  memcpy (prkdf->objid, objid, objidlen);
+
+  prkdf->usageflags = usageflags;
+  prkdf->key_reference = fid & 0xFF;
+
+  log_debug ("PrKDF %04hX: id=", fid);
+  for (i=0; i < prkdf->objidlen; i++)
+    log_printf ("%02X", prkdf->objid[i]);
+  log_printf (" keyref=0x%02X", prkdf->key_reference);
+  log_printf (" keysize=%u", (unsigned int)prkdf->keysize);
+  log_printf (" usage=");
+  s = "";
+  if (prkdf->usageflags.encrypt) log_printf ("%sencrypt", s), s = ",";
+  if (prkdf->usageflags.decrypt) log_printf ("%sdecrypt", s), s = ",";
+  if (prkdf->usageflags.sign   ) log_printf ("%ssign", s), s = ",";
+  if (prkdf->usageflags.sign_recover)
+    log_printf ("%ssign_recover", s), s = ",";
+  if (prkdf->usageflags.wrap   ) log_printf ("%swrap", s), s = ",";
+  if (prkdf->usageflags.unwrap ) log_printf ("%sunwrap", s), s = ",";
+  if (prkdf->usageflags.verify ) log_printf ("%sverify", s), s = ",";
+  if (prkdf->usageflags.verify_recover)
+    log_printf ("%sverify_recover", s), s = ",";
+  if (prkdf->usageflags.derive ) log_printf ("%sderive", s), s = ",";
+  if (prkdf->usageflags.non_repudiation)
+    log_printf ("%snon_repudiation", s), s = ",";
+  log_printf ("\n");
+
+  xfree (buffer);
+  buffer = NULL;
+  buflen = 0;
+  err = select_and_read_binary (app->slot,
+        (SC_HSM_EE_PREFIX << 8) | (fid & 0xFF), "CertEF", &buffer, &buflen, 1);
+
+  if (!err && buffer[0] == 0x30)
+    {
+      /* Create a matching CDF list item. */
+      cdf = xtrycalloc (1, sizeof *cdf);
+      if (!cdf)
+        {
+          err = gpg_error_from_syserror ();
+          goto leave;
+        }
+      cdf->objidlen = prkdf->objidlen;
+      cdf->objid = xtrymalloc (cdf->objidlen);
+      if (!cdf->objid)
+        {
+          err = gpg_error_from_syserror ();
+          xfree (cdf);
+          goto leave;
+        }
+      memcpy (cdf->objid, prkdf->objid, objidlen);
+
+      cdf->fid = (SC_HSM_EE_PREFIX << 8) | (fid & 0xFF);
+
+      log_debug ("CDF %04hX: id=", fid);
+      for (i=0; i < cdf->objidlen; i++)
+        log_printf ("%02X", cdf->objid[i]);
+      log_printf (" fid=%04X\n", cdf->fid);
+    }
+  goto leave; /* Ready. */
+
+  parse_error:
+  log_error ("error parsing PrKDF record (%d): %s - skipped\n",
+      where, errstr? errstr : gpg_strerror (err));
+  err = 0;
+
+  leave:
+  xfree (buffer);
+  if (err)
+    {
+      if (prkdf)
+        {
+          if (prkdf->objid)
+            xfree (prkdf->objid);
+          xfree (prkdf);
+        }
+      if (cdf)
+        {
+          if (cdf->objid)
+            xfree (cdf->objid);
+          xfree (cdf);
+        }
+    } else {
+        prkdf->next = *prkdresult;
+        *prkdresult = prkdf;
+        if (cdf)
+          {
+            cdf->next = *cdresult;
+            *cdresult = cdf;
+          }
+    }
+  return err;
+}
+
+
+
+/* Read and parse the Certificate Description File identified by FID.
+   On success a the CDF list gets stored at RESULT and the
+   caller is then responsible of releasing the object.*/
+/*
+0000  30 35 30 11 0C 0B 43 65 72 74 69 66 69 63 61 74  050...Certificat
+0010  65 03 02 06 40 30 16 04 14 C2 01 7C 2F BA A4 4A  e... at 0.....|/..J
+0020  4A BB B8 49 11 DB 4A CA AA 7E 6A 2D 1B A1 08 30  J..I..J..~j-...0
+0030  06 30 04 04 02 CA 00                             .0.....
+
+SEQUENCE SIZE( 53 )
+  SEQUENCE SIZE( 17 )
+    UTF8-STRING SIZE( 11 )                      -- label
+      0000  43 65 72 74 69 66 69 63 61 74 65                 Certificate
+    BIT-STRING SIZE( 2 )                        -- common object attributes
+      0000  06 40                                            .@
+  SEQUENCE SIZE( 22 )
+    OCTET-STRING SIZE( 20 )                     -- id
+      0000  C2 01 7C 2F BA A4 4A 4A BB B8 49 11 DB 4A CA AA  ..|/..JJ..I..J..
+      0010  7E 6A 2D 1B                                      ~j-.
+  A1 [ CONTEXT 1 ] IMPLICIT SEQUENCE SIZE( 8 )
+    SEQUENCE SIZE( 6 )
+      SEQUENCE SIZE( 4 )
+        OCTET-STRING SIZE( 2 )                  -- path
+          0000  CA 00                                            ..
+ */
+static gpg_error_t
+read_ef_cd (app_t app, unsigned short fid, cdf_object_t *result)
+{
+  gpg_error_t err;
+  unsigned char *buffer = NULL;
+  size_t buflen;
+  const unsigned char *p;
+  size_t n, objlen, hdrlen;
+  int class, tag, constructed, ndef;
+  int i;
+  const unsigned char *pp;
+  size_t nn;
+  int where;
+  const char *errstr = NULL;
+  cdf_object_t cdf = NULL;
+  const unsigned char *objid;
+  size_t objidlen;
+
+  if (!fid)
+    return gpg_error (GPG_ERR_NO_DATA); /* No certificates. */
+
+  err = select_and_read_binary (app->slot, fid, "CDF", &buffer, &buflen, 255);
+  if (err)
+    return err;
+
+  p = buffer;
+  n = buflen;
+
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > n || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    {
+      log_error ("error parsing CDF record: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+  pp = p;
+  nn = objlen;
+  p += objlen;
+  n -= objlen;
+
+  /* Skip the commonObjectAttributes.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  pp += objlen;
+  nn -= objlen;
+
+  /* Parse the commonCertificateAttributes.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  {
+      const unsigned char *ppp = pp;
+      size_t nnn = objlen;
+
+      pp += objlen;
+      nn -= objlen;
+
+      /* Get the Id. */
+      where = __LINE__;
+      err = parse_ber_header (&ppp, &nnn, &class, &tag, &constructed,
+          &ndef, &objlen, &hdrlen);
+      if (!err && (objlen > nnn
+          || class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING))
+        err = gpg_error (GPG_ERR_INV_OBJ);
+      if (err)
+        goto parse_error;
+      objid = ppp;
+      objidlen = objlen;
+  }
+
+  /* Parse the certAttribute.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn || class != CLASS_CONTEXT || tag != 1))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  nn = objlen;
+
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > nn
+      || class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  nn = objlen;
+
+  /* Check that the reference is a Path object.  */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+  if (class != CLASS_UNIVERSAL || tag != TAG_SEQUENCE)
+    {
+      err = gpg_error (GPG_ERR_INV_OBJ);
+      goto parse_error;
+    }
+  nn = objlen;
+
+  /* Parse the Path object. */
+  where = __LINE__;
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+      &ndef, &objlen, &hdrlen);
+  if (!err && objlen > nn)
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    goto parse_error;
+
+  /* Make sure that the next element is a non zero path and of
+         even length (FID are two bytes each). */
+  if (class != CLASS_UNIVERSAL || tag != TAG_OCTET_STRING
+      || (objlen & 1) )
+    {
+      errstr = "invalid path reference";
+      goto parse_error;
+    }
+  /* Create a new CDF list item. */
+  cdf = xtrycalloc (1, sizeof *cdf);
+  if (!cdf)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+  cdf->objidlen = objidlen;
+  cdf->objid = xtrymalloc (objidlen);
+  if (!cdf->objid)
+    {
+      err = gpg_error_from_syserror ();
+      xfree (cdf);
+      goto leave;
+    }
+  memcpy (cdf->objid, objid, objidlen);
+
+  cdf->fid = (SC_HSM_CA_PREFIX << 8) | (fid & 0xFF);
+
+  log_debug ("CDF %04hX: id=", fid);
+  for (i=0; i < cdf->objidlen; i++)
+    log_printf ("%02X", cdf->objid[i]);
+
+  goto leave;
+
+  parse_error:
+  log_error ("error parsing CDF record (%d): %s - skipped\n",
+      where, errstr? errstr : gpg_strerror (err));
+  err = 0;
+
+  leave:
+  xfree (buffer);
+  if (err)
+    {
+      if (cdf)
+        {
+          if (cdf->objid)
+            xfree (cdf->objid);
+          xfree (cdf);
+        }
+    }
+  else
+    {
+      cdf->next = *result;
+      *result = cdf;
+    }
+  return err;
+}
+
+
+
+/* Read the device certificate and extract the serial number
+
+EF.C_DevAut (2F02) contains two CVCs, the first is the device certificate, the
+second is the issuer certificate
+0000  7F 21 81 E2 7F 4E 81 9B 5F 29 01 00 42 0B 55 54  .!...N.._)..B.UT
+0010  43 43 30 32 30 30 30 30 32 7F 49 4F 06 0A 04 00  CC0200002.IO....
+0020  7F 00 07 02 02 02 02 03 86 41 04 6D FF D6 85 57  .........A.m...W
+0030  40 FB 10 5D 94 71 8A 94 D2 5E 50 33 E7 1E C0 6C  @..].q...^P3...l
+0040  63 D5 C8 FC BA F3 02 1D 70 23 F6 47 E8 35 48 EF  c.......p#.G.5H.
+0050  B5 94 72 3C 6F BE C0 EB 9A C7 FB 06 59 26 CF 65  ..r<o.......Y&.e
+0060  EF A1 72 E0 98 F3 F0 44 1B B7 71 5F 20 10 55 54  ..r....D..q_ .UT
+0070  43 43 30 32 30 30 30 31 33 30 30 30 30 30 7F 4C  CC020001300000.L
+0080  10 06 0B 2B 06 01 04 01 81 C3 1F 03 01 01 53 01  ...+..........S.
+0090  00 5F 25 06 01 04 00 07 01 01 5F 24 06 02 01 00  ._%......._$....
+00A0  03 02 07 5F 37 40 7F 73 04 3B 06 63 79 41 BE 1A  ..._7 at .s.;.cyA..
+00B0  9F FC F6 77 67 2B 8A 41 D1 11 F6 9B 54 44 AD 19  ...wg+.A....TD..
+00C0  FB B8 0C C6 2F 34 71 8E 4F F6 92 59 34 61 D9 4F  ..../4q.O..Y4a.O
+00D0  4A 86 36 A8 D8 9A C6 3C 17 7E 71 CE A8 26 D0 C5  J.6....<.~q..&..
+00E0  25 61 78 9D 01 F8 7F 21 81 E0 7F 4E 81 99 5F 29  %ax....!...N.._)
+00F0  01 00 42 0E 55 54 53 52 43 41 43 43 31 30 30 30  ..B.UTSRCACC1000
+0100  30 31 7F 49 4F 06 0A 04 00 7F 00 07 02 02 02 02  01.IO...........
+0110  03 86 41 04 2F EA 33 47 7F 45 81 E2 FC CB 66 87  ..A./.3G.E....f.
+0120  4B 96 21 1D 68 81 73 F2 9F 8F 6B 91 F0 DE 4B 54  K.!.h.s...k...KT
+0130  8E D8 F0 82 3D CB BE 10 98 A3 1E 4F F0 72 5C E5  ....=......O.r\.
+0140  7B 1E F7 3C 68 09 03 E8 A0 3F 3E 06 C1 B0 3C 18  {..<h....?>...<.
+0150  6B AC 06 EA 5F 20 0B 55 54 43 43 30 32 30 30 30  k..._ .UTCC02000
+0160  30 32 7F 4C 10 06 0B 2B 06 01 04 01 81 C3 1F 03  02.L...+........
+0170  01 01 53 01 80 5F 25 06 01 03 00 03 02 08 5F 24  ..S.._%......._$
+0180  06 02 01 00 03 02 07 5F 37 40 93 C1 42 8B B3 8E  ......._7 at ..B...
+0190  42 61 6F 2C 19 E6 98 41 BD AA 60 BD E0 DD 4E F0  Bao,...A..`...N.
+01A0  15 D5 4F 71 B7 BB C3 3A F2 AD 27 5E DD EE 6D 12  ..Oq...:..'^..m.
+01B0  76 E6 2B A0 4C 01 CA C1 26 0C 45 6D C6 CB EC 92  v.+.L...&.Em....
+01C0  BF 38 18 AD 8F B2 29 40 A9 51                    .8....)@.Q
+
+The certificate format is defined in BSI TR-03110
+
+7F21 [ APPLICATION 33 ] IMPLICIT SEQUENCE SIZE( 226 )
+  7F4E [ APPLICATION 78 ] IMPLICIT SEQUENCE SIZE( 155 )
+    5F29 [ APPLICATION 41 ] SIZE( 1 )                           -- profile id
+      0000  00                                               .
+    42 [ APPLICATION 2 ] SIZE( 11 )                             -- CAR
+      0000  55 54 43 43 30 32 30 30 30 30 32                 UTCC0200002
+    7F49 [ APPLICATION 73 ] IMPLICIT SEQUENCE SIZE( 79 )        -- public key
+      OBJECT IDENTIFIER = { id-TA-ECDSA-SHA-256 }
+      86 [ CONTEXT 6 ] SIZE( 65 )
+        0000  04 6D FF D6 85 57 40 FB 10 5D 94 71 8A 94 D2 5E  .m...W at ..].q...^
+        0010  50 33 E7 1E C0 6C 63 D5 C8 FC BA F3 02 1D 70 23  P3...lc.......p#
+        0020  F6 47 E8 35 48 EF B5 94 72 3C 6F BE C0 EB 9A C7  .G.5H...r<o.....
+        0030  FB 06 59 26 CF 65 EF A1 72 E0 98 F3 F0 44 1B B7  ..Y&.e..r....D..
+        0040  71                                               q
+    5F20 [ APPLICATION 32 ] SIZE( 16 )                          -- CHR
+      0000  55 54 43 43 30 32 30 30 30 31 33 30 30 30 30 30  UTCC020001300000
+    7F4C [ APPLICATION 76 ] IMPLICIT SEQUENCE SIZE( 16 )        -- CHAT
+      OBJECT IDENTIFIER = { 1 3 6 1 4 1 24991 3 1 1 }
+      53 [ APPLICATION 19 ] SIZE( 1 )
+        0000  00                                               .
+    5F25 [ APPLICATION 37 ] SIZE( 6 )                           -- Valid from
+      0000  01 04 00 07 01 01                                ......
+    5F24 [ APPLICATION 36 ] SIZE( 6 )                           -- Valid to
+      0000  02 01 00 03 02 07                                ......
+  5F37 [ APPLICATION 55 ] SIZE( 64 )                            -- Signature
+    0000  7F 73 04 3B 06 63 79 41 BE 1A 9F FC F6 77 67 2B  .s.;.cyA.....wg+
+    0010  8A 41 D1 11 F6 9B 54 44 AD 19 FB B8 0C C6 2F 34  .A....TD....../4
+    0020  71 8E 4F F6 92 59 34 61 D9 4F 4A 86 36 A8 D8 9A  q.O..Y4a.OJ.6...
+    0030  C6 3C 17 7E 71 CE A8 26 D0 C5 25 61 78 9D 01 F8  .<.~q..&..%ax...
+
+the serial number is contained in tag 5F20, while the last 5 digits are
+truncated
+ */
+static gpg_error_t
+read_serialno(app_t app)
+{
+  gpg_error_t err;
+  unsigned char *buffer = NULL;
+  size_t buflen;
+  const unsigned char *p,*chr;
+  size_t n, objlen, hdrlen, chrlen;
+  int class, tag, constructed, ndef;
+
+  err = select_and_read_binary (app->slot, 0x2F02, "EF.C_DevAut",
+                                &buffer, &buflen, 512);
+  if (err)
+    return err;
+
+  p = buffer;
+  n = buflen;
+
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+  if (!err && (objlen > n || tag != 0x21))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if (err)
+    {
+      log_error ("error parsing C_DevAut: %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  chr = find_tlv (p, objlen, 0x5F20, &chrlen);
+  if (!chr)
+    {
+      err = gpg_error (GPG_ERR_INV_OBJ);
+      log_error ("CHR not found in CVC\n");
+      goto leave;
+    }
+
+  chrlen -= 5;
+
+  app->serialno = xtrymalloc (chrlen);
+  if (!app->serialno)
+    {
+      err = gpg_error_from_syserror ();
+      goto leave;
+    }
+
+  app->serialnolen = chrlen;
+  memcpy(app->serialno, chr, chrlen);
+
+  leave:
+   xfree (buffer);
+   return err;
+}
+
+
+
+/* Get all the basic information from the SmartCard-HSM, check the
+   structure and initialize our local context.  This is used once at
+   application initialization. */
+static gpg_error_t
+read_meta (app_t app)
+{
+  gpg_error_t err;
+  unsigned char *eflist = NULL;
+  size_t eflistlen = 0;
+  int i;
+
+  err = read_serialno(app);
+  if (err)
+    return err;
+
+  err = list_ef (app->slot, &eflist, &eflistlen);
+  if (err)
+    return err;
+
+  for (i = 0; i < eflistlen; i += 2) {
+    switch(eflist[i]) {
+      case SC_HSM_KEY_PREFIX:
+        if (eflist[i + 1] == 0)    /* No key with ID=0 */
+          break;
+        err = read_ef_prkd (app, (SC_HSM_PRKD_PREFIX << 8) | eflist[i + 1],
+                             &app->app_local->private_key_info,
+                             &app->app_local->certificate_info);
+        if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+          err = 0;
+        if (err)
+           return err;
+        break;
+      case SC_HSM_CD_PREFIX:
+        err = read_ef_cd (app, (eflist[i] << 8) | eflist[i + 1],
+                           &app->app_local->trusted_certificate_info);
+        if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+          err = 0;
+        if (err)
+           return err;
+        break;
+    }
+  }
+
+  xfree (eflist);
+
+  return err;
+}
+
+
+
+/* Helper to do_learn_status: Send information about all certificates
+   listed in CERTINFO back.  Use CERTTYPE as type of the
+   certificate. */
+static gpg_error_t
+send_certinfo (ctrl_t ctrl, const char *certtype, cdf_object_t certinfo)
+{
+  for (; certinfo; certinfo = certinfo->next)
+    {
+      char *buf, *p;
+
+      buf = xtrymalloc (9 + certinfo->objidlen*2 + 1);
+      if (!buf)
+        return gpg_error_from_syserror ();
+      p = stpcpy (buf, "HSM.");
+      bin2hex (certinfo->objid, certinfo->objidlen, p);
+
+      send_status_info (ctrl, "CERTINFO",
+                        certtype, strlen (certtype),
+                        buf, strlen (buf),
+                        NULL, (size_t)0);
+      xfree (buf);
+    }
+  return 0;
+}
+
+
+
+/* Get the keygrip of the private key object PRKDF.  On success the
+   keygrip gets returned in the caller provided 41 byte buffer
+   R_GRIPSTR. */
+static gpg_error_t
+keygripstr_from_prkdf (app_t app, prkdf_object_t prkdf, char *r_gripstr)
+{
+  gpg_error_t err;
+  cdf_object_t cdf;
+  unsigned char *der;
+  size_t derlen;
+  ksba_cert_t cert;
+
+  /* Look for a matching certificate. A certificate matches if the Id
+     matches the one of the private key info. */
+  for (cdf = app->app_local->certificate_info; cdf; cdf = cdf->next)
+    if (cdf->objidlen == prkdf->objidlen
+        && !memcmp (cdf->objid, prkdf->objid, prkdf->objidlen))
+      break;
+  if (!cdf)
+    return gpg_error (GPG_ERR_NOT_FOUND);
+
+  err = readcert_by_cdf (app, cdf, &der, &derlen);
+  if (err)
+    return err;
+
+  err = ksba_cert_new (&cert);
+  if (!err)
+    err = ksba_cert_init_from_mem (cert, der, derlen);
+  xfree (der);
+  if (!err)
+    err = app_help_get_keygrip_string (cert, r_gripstr);
+  ksba_cert_release (cert);
+
+  return err;
+}
+
+
+
+/* Helper to do_learn_status: Send information about all known
+   keypairs back. */
+static gpg_error_t
+send_keypairinfo (app_t app, ctrl_t ctrl, prkdf_object_t keyinfo)
+{
+  gpg_error_t err;
+
+  for (; keyinfo; keyinfo = keyinfo->next)
+    {
+      char gripstr[40+1];
+      char *buf, *p;
+
+      buf = xtrymalloc (9 + keyinfo->objidlen*2 + 1);
+      if (!buf)
+        return gpg_error_from_syserror ();
+      p = stpcpy (buf, "HSM.");
+      bin2hex (keyinfo->objid, keyinfo->objidlen, p);
+
+      err = keygripstr_from_prkdf (app, keyinfo, gripstr);
+      if (err)
+        {
+          log_error ("can't get keygrip from %04X\n", keyinfo->key_reference);
+        }
+      else
+        {
+          assert (strlen (gripstr) == 40);
+          send_status_info (ctrl, "KEYPAIRINFO",
+                            gripstr, 40,
+                            buf, strlen (buf),
+                            NULL, (size_t)0);
+        }
+      xfree (buf);
+    }
+  return 0;
+}
+
+
+
+/* This is the handler for the LEARN command. */
+static gpg_error_t
+do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags)
+{
+  gpg_error_t err;
+
+  if ((flags & 1))
+    err = 0;
+  else
+    {
+      err = send_certinfo (ctrl, "100", app->app_local->certificate_info);
+      if (!err)
+        err = send_certinfo (ctrl, "101",
+            app->app_local->trusted_certificate_info);
+    }
+
+  if (!err)
+    err = send_keypairinfo (app, ctrl, app->app_local->private_key_info);
+
+  return err;
+}
+
+
+
+/* Read a certificate using the information in CDF and return the
+   certificate in a newly allocated buffer R_CERT and its length
+   R_CERTLEN. */
+static gpg_error_t
+readcert_by_cdf (app_t app, cdf_object_t cdf,
+                 unsigned char **r_cert, size_t *r_certlen)
+{
+  gpg_error_t err;
+  unsigned char *buffer = NULL;
+  const unsigned char *p, *save_p;
+  size_t buflen, n;
+  int class, tag, constructed, ndef;
+  size_t totobjlen, objlen, hdrlen;
+  int rootca;
+  int i;
+
+  *r_cert = NULL;
+  *r_certlen = 0;
+
+  /* First check whether it has been cached. */
+  if (cdf->image)
+    {
+      *r_cert = xtrymalloc (cdf->imagelen);
+      if (!*r_cert)
+        return gpg_error_from_syserror ();
+      memcpy (*r_cert, cdf->image, cdf->imagelen);
+      *r_certlen = cdf->imagelen;
+      return 0;
+    }
+
+  err = select_and_read_binary (app->slot, cdf->fid, "CD", &buffer, &buflen, 4096);
+  if (err)
+    {
+      log_error ("error reading certificate with Id ");
+      for (i=0; i < cdf->objidlen; i++)
+        log_printf ("%02X", cdf->objid[i]);
+      log_printf (": %s\n", gpg_strerror (err));
+      goto leave;
+    }
+
+  /* Check whether this is really a certificate.  */
+  p = buffer;
+  n = buflen;
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+  if (err)
+    goto leave;
+
+  if (class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed)
+    rootca = 0;
+  else if ( class == CLASS_UNIVERSAL && tag == TAG_SET && constructed )
+    rootca = 1;
+  else
+    {
+      err = gpg_error (GPG_ERR_INV_OBJ);
+      goto leave;
+    }
+  totobjlen = objlen + hdrlen;
+  assert (totobjlen <= buflen);
+
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+  if (err)
+    goto leave;
+
+  if (!rootca
+      && class == CLASS_UNIVERSAL && tag == TAG_OBJECT_ID && !constructed)
+    {
+      /* The certificate seems to be contained in a userCertificate
+         container.  Skip this and assume the following sequence is
+         the certificate. */
+      if (n < objlen)
+        {
+          err = gpg_error (GPG_ERR_INV_OBJ);
+          goto leave;
+        }
+      p += objlen;
+      n -= objlen;
+      save_p = p;
+      err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+                              &ndef, &objlen, &hdrlen);
+      if (err)
+        goto leave;
+      if ( !(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && constructed) )
+        {
+          err = gpg_error (GPG_ERR_INV_OBJ);
+          goto leave;
+        }
+      totobjlen = objlen + hdrlen;
+      assert (save_p + totobjlen <= buffer + buflen);
+      memmove (buffer, save_p, totobjlen);
+    }
+
+  *r_cert = buffer;
+  buffer = NULL;
+  *r_certlen = totobjlen;
+
+  /* Try to cache it. */
+  if (!cdf->image && (cdf->image = xtrymalloc (*r_certlen)))
+    {
+      memcpy (cdf->image, *r_cert, *r_certlen);
+      cdf->imagelen = *r_certlen;
+    }
+
+
+ leave:
+  xfree (buffer);
+  return err;
+}
+
+
+
+/* Handler for the READCERT command.
+
+   Read the certificate with id CERTID (as returned by learn_status in
+   the CERTINFO status lines) and return it in the freshly allocated
+   buffer to be stored at R_CERT and its length at R_CERTLEN.  A error
+   code will be returned on failure and R_CERT and R_CERTLEN will be
+   set to NULL/0. */
+static gpg_error_t
+do_readcert (app_t app, const char *certid,
+             unsigned char **r_cert, size_t *r_certlen)
+{
+  gpg_error_t err;
+  cdf_object_t cdf;
+
+  *r_cert = NULL;
+  *r_certlen = 0;
+  err = cdf_object_from_certid (app, certid, &cdf);
+  if (!err)
+    err =readcert_by_cdf (app, cdf, r_cert, r_certlen);
+  return err;
+}
+
+
+
+/* Implement the GETATTR command.  This is similar to the LEARN
+   command but returns just one value via the status interface. */
+static gpg_error_t
+do_getattr (app_t app, ctrl_t ctrl, const char *name)
+{
+  if (!strcmp (name, "$AUTHKEYID"))
+    {
+      char *buf, *p;
+      prkdf_object_t prkdf;
+
+      /* We return the ID of the first private key capable of
+         signing. */
+      for (prkdf = app->app_local->private_key_info; prkdf;
+           prkdf = prkdf->next)
+        if (prkdf->usageflags.sign)
+          break;
+      if (prkdf)
+        {
+          buf = xtrymalloc (9 + prkdf->objidlen*2 + 1);
+          if (!buf)
+            return gpg_error_from_syserror ();
+          p = stpcpy (buf, "HSM.");
+          bin2hex (prkdf->objid, prkdf->objidlen, p);
+
+          send_status_info (ctrl, name, buf, strlen (buf), NULL, 0);
+          xfree (buf);
+          return 0;
+        }
+    }
+  else if (!strcmp (name, "$DISPSERIALNO"))
+    {
+      send_status_info (ctrl, name, app->serialno, app->serialnolen, NULL, 0);
+      return 0;
+    }
+
+  return gpg_error (GPG_ERR_INV_NAME);
+}
+
+
+
+/* Apply PKCS#1 V1.5 padding for signature operation
+ * The function combines padding, digest info and the hash value. The buffer
+ * must be allocated by the caller matching the key size
+ */
+static
+void apply_PKCS_padding(const unsigned char *dig, int diglen,
+                        const unsigned char *prefix, int prefixlen,
+                        unsigned char *buff, int bufflen)
+{
+  int i;
+
+  // Caller must ensure sufficient buffer
+  if (diglen + prefixlen + 4 > bufflen)
+    return;
+
+  *buff++ = 0x00;
+  *buff++ = 0x01;
+  for (i = bufflen - diglen - prefixlen - 3; i > 0; i--)
+    *buff++ = 0xFF;
+
+  *buff++ = 0x00;
+  if (prefix)
+    memcpy(buff, prefix, prefixlen);
+  buff+= prefixlen;
+  memcpy(buff, dig, diglen);
+}
+
+
+
+/*
+ * Decode a digest info structure to extract the hash value. The
+ * buffer to receive the hash must be provided by the caller with
+ * hashlen pointing to the inbound length. hashlen is updated to the
+ * outbound length
+ */
+static
+int hash_from_digestinfo(const unsigned char *di, size_t dilen,
+                         unsigned char *hash, size_t *hashlen)
+{
+  const unsigned char *p,*pp;
+  size_t n, nn, objlen, hdrlen;
+  int class, tag, constructed, ndef;
+  gpg_error_t err;
+
+  p = di;
+  n = dilen;
+
+  err = parse_ber_header (&p, &n, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+
+  if (!err && (objlen > n || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if ( err )
+    return err;
+
+  pp = p;
+  nn = objlen;
+
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+
+  if (!err && (objlen > nn || tag != TAG_SEQUENCE))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if ( err )
+    return err;
+
+  pp += objlen;
+  nn -= objlen;
+
+  err = parse_ber_header (&pp, &nn, &class, &tag, &constructed,
+                          &ndef, &objlen, &hdrlen);
+
+  if (!err && (objlen > nn || tag != TAG_OCTET_STRING))
+    err = gpg_error (GPG_ERR_INV_OBJ);
+  if ( err )
+    return err;
+
+  if (*hashlen < objlen)
+    return gpg_error (GPG_ERR_TOO_SHORT);
+
+  memcpy(hash, pp, objlen);
+  *hashlen = objlen;
+
+  return err;
+}
+
+
+
+/* Perform PIN verification
+ */
+static gpg_error_t
+verify_pin(app_t app, gpg_error_t (*pincb)(void*, const char *, char **),
+           void *pincb_arg)
+{
+  gpg_error_t err;
+  pininfo_t pininfo;
+  char *pinvalue;
+  char *prompt;
+  int sw;
+
+  sw = apdu_send_simple (app->slot, 0, 0x00, ISO7816_VERIFY, 0x00, 0x81,
+                         -1, NULL);
+
+  if (sw == SW_SUCCESS)
+    return 0;                   /* PIN already verified */
+
+  if (sw == 0x6984) {
+      log_error ("SmartCard-HSM not initialized. Run sc-hsm-tool first\n");
+      return gpg_error (GPG_ERR_NO_PIN);
+  }
+
+  if (sw == SW_CHV_BLOCKED) {
+      log_error ("PIN Blocked\n");
+      return gpg_error (GPG_ERR_PIN_BLOCKED);
+  }
+
+  memset (&pininfo, 0, sizeof pininfo);
+  pininfo.fixedlen = 0;
+  pininfo.minlen = 6;
+  pininfo.maxlen = 15;
+
+  prompt = "||Please enter the PIN";
+
+  if (!opt.disable_pinpad
+      && !iso7816_check_pinpad (app->slot, ISO7816_VERIFY, &pininfo) )
+    {
+      err = pincb (pincb_arg, prompt, NULL);
+      if (err)
+        {
+          log_info ("PIN callback returned error: %s\n",
+              gpg_strerror (err));
+          return err;
+        }
+
+      err = iso7816_verify_kp (app->slot, 0x81, &pininfo);
+      pincb (pincb_arg, NULL, NULL);  /* Dismiss the prompt. */
+    }
+  else
+    {
+      err = pincb (pincb_arg, prompt, &pinvalue);
+      if (err)
+        {
+          log_info ("PIN callback returned error: %s\n", gpg_strerror (err));
+          return err;
+        }
+
+      err = iso7816_verify (app->slot, 0x81, pinvalue, strlen(pinvalue));
+      xfree (pinvalue);
+    }
+  if (err)
+    {
+      log_error ("PIN verification failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+  log_debug ("PIN verification succeeded\n");
+  return err;
+}
+
+
+
+/* Handler for the PKSIGN command.
+
+   Create the signature and return the allocated result in OUTDATA.
+   If a PIN is required, the PINCB will be used to ask for the PIN;
+   that callback should return the PIN in an allocated buffer and
+   store that as the 3rd argument.
+
+   The API is somewhat inconsistent: The caller can either supply
+   a plain hash and the algorithm in hashalgo or a complete
+   DigestInfo structure. The former is detect by characteristic length
+   of the provided data (20,28,32,48 or 64 byte).
+
+   The function returns the RSA block in the size of the modulus or
+   the ECDSA signature in X9.62 format (SEQ/INT(r)/INT(s))
+*/
+static gpg_error_t
+do_sign (app_t app, const char *keyidstr, int hashalgo,
+         gpg_error_t (*pincb)(void*, const char *, char **),
+         void *pincb_arg,
+         const void *indata, size_t indatalen,
+         unsigned char **outdata, size_t *outdatalen )
+{
+  static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
+    { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+      0x02, 0x01, 0x05, 0x00, 0x04, 0x14  };
+  static unsigned char sha1_prefix[15] =   /* (1.3.14.3.2.26) */
+    { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+      0x02, 0x1a, 0x05, 0x00, 0x04, 0x14  };
+  static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */
+    { 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+      0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+      0x1C  };
+  static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */
+    { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+      0x00, 0x04, 0x20  };
+  static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */
+    { 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+      0x00, 0x04, 0x30  };
+  static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */
+    { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+      0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+      0x00, 0x04, 0x40  };
+
+  gpg_error_t err;
+  unsigned char cdsblk[256]; /* Raw PKCS#1 V1.5 block with padding (RSA) or hash */
+  prkdf_object_t prkdf;    /* The private key object. */
+  size_t cdsblklen;
+  unsigned char algoid;
+  int sw;
+
+  if (!keyidstr || !*keyidstr)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  if (indatalen > 124)          /* Limit for 1024 bit key */
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
+  if (err)
+    return err;
+  if (!(prkdf->usageflags.sign || prkdf->usageflags.sign_recover
+        ||prkdf->usageflags.non_repudiation))
+    {
+      log_error ("key %s may not be used for signing\n", keyidstr);
+      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+    }
+
+  if (prkdf->keytype == KEY_TYPE_RSA)
+    {
+      algoid = 0x20;
+
+      cdsblklen = prkdf->keysize >> 3;
+      if (!cdsblklen)
+        cdsblklen = 256;
+
+      if (hashalgo == GCRY_MD_SHA1 && indatalen == 20)
+        apply_PKCS_padding(indata, indatalen, sha1_prefix, sizeof(sha1_prefix),
+                           cdsblk, cdsblklen);
+      else if (hashalgo == GCRY_MD_MD5 && indatalen == 20)
+        apply_PKCS_padding(indata, indatalen, rmd160_prefix, sizeof(rmd160_prefix),
+                           cdsblk, cdsblklen);
+      else if (hashalgo == GCRY_MD_SHA224 && indatalen == 28)
+        apply_PKCS_padding(indata, indatalen, sha224_prefix, sizeof(sha224_prefix),
+                           cdsblk, cdsblklen);
+      else if (hashalgo == GCRY_MD_SHA256 && indatalen == 32)
+        apply_PKCS_padding(indata, indatalen, sha256_prefix, sizeof(sha256_prefix),
+                           cdsblk, cdsblklen);
+      else if (hashalgo == GCRY_MD_SHA384 && indatalen == 48)
+        apply_PKCS_padding(indata, indatalen, sha384_prefix, sizeof(sha384_prefix),
+                           cdsblk, cdsblklen);
+      else if (hashalgo == GCRY_MD_SHA512 && indatalen == 64)
+        apply_PKCS_padding(indata, indatalen, sha512_prefix, sizeof(sha512_prefix),
+                           cdsblk, cdsblklen);
+      else  /* Assume it's already a digest info or TLS_MD5SHA1 */
+        apply_PKCS_padding(indata, indatalen, NULL, 0, cdsblk, cdsblklen);
+    }
+  else
+    {
+      algoid = 0x70;
+      if (indatalen != 20 && indatalen != 28 && indatalen != 32 &&
+                             indatalen != 48 && indatalen != 64)
+        {
+          cdsblklen = sizeof(cdsblk);
+          err = hash_from_digestinfo(indata, indatalen, cdsblk, &cdsblklen);
+          if (err)
+            {
+              log_error ("DigestInfo invalid : %s\n", gpg_strerror (err));
+              return err;
+            }
+
+        }
+      else
+        {
+          memcpy(cdsblk, indata, indatalen);
+          cdsblklen = indatalen;
+        }
+    }
+
+  err = verify_pin(app, pincb, pincb_arg);
+  if (err)
+    return err;
+
+  sw = apdu_send_le (app->slot, 1, 0x80, 0x68, prkdf->key_reference, algoid,
+                     cdsblklen, cdsblk, 0, outdata, outdatalen);
+  return iso7816_map_sw(sw);
+}
+
+
+
+/* Handler for the PKAUTH command.
+
+   This is basically the same as the PKSIGN command but we first check
+   that the requested key is suitable for authentication; that is, it
+   must match the criteria used for the attribute $AUTHKEYID.  See
+   do_sign for calling conventions; there is no HASHALGO, though. */
+static gpg_error_t
+do_auth (app_t app, const char *keyidstr,
+         gpg_error_t (*pincb)(void*, const char *, char **),
+         void *pincb_arg,
+         const void *indata, size_t indatalen,
+         unsigned char **outdata, size_t *outdatalen )
+{
+  gpg_error_t err;
+  prkdf_object_t prkdf;
+  int algo;
+
+  if (!keyidstr || !*keyidstr)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
+  if (err)
+    return err;
+  if (!prkdf->usageflags.sign)
+    {
+      log_error ("key %s may not be used for authentication\n", keyidstr);
+      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+    }
+
+  algo = indatalen == 36? MD_USER_TLS_MD5SHA1 : GCRY_MD_SHA1;
+  return do_sign (app, keyidstr, algo, pincb, pincb_arg,
+                  indata, indatalen, outdata, outdatalen);
+}
+
+
+
+/* Check PKCS#1 V1.5 padding and extract plain text.
+ * The function allocates a buffer for the plain text. The caller must release
+ * the buffer
+ */
+static gpg_error_t
+strip_PKCS15_padding(unsigned char *src, int srclen, unsigned char **dst,
+                     size_t *dstlen)
+{
+  int c1,c2,c3;
+  unsigned char *p;
+
+  c1 = *src++ == 0x00;
+  c2 = *src++ == 0x02;
+  srclen -= 2;
+  while ((srclen > 0) && *src)
+    {
+      src++;
+      srclen--;
+    }
+  c3 = srclen > 0;
+
+  if (!(c1 && c2 && c3))
+    return gpg_error (GPG_ERR_DECRYPT_FAILED);
+
+  src++;
+  srclen--;
+
+  p = xtrymalloc (srclen);
+  if (!p)
+    return gpg_error_from_syserror ();
+
+  memcpy(p, src, srclen);
+  *dst = p;
+  *dstlen = srclen;
+
+  return 0;
+}
+
+
+
+/* Decrypt a PKCS#1 V1.5 formatted cryptogram using the referenced key
+ */
+static gpg_error_t
+do_decipher (app_t app, const char *keyidstr,
+             gpg_error_t (*pincb)(void*, const char *, char **),
+             void *pincb_arg,
+             const void *indata, size_t indatalen,
+             unsigned char **outdata, size_t *outdatalen,
+             unsigned int *r_info)
+{
+  gpg_error_t err;
+  unsigned char p1blk[256]; /* Enciphered P1 block */
+  prkdf_object_t prkdf;    /* The private key object. */
+  unsigned char *rspdata;
+  size_t rspdatalen;
+  size_t p1blklen;
+  int ofs, sw;
+
+  if (!keyidstr || !*keyidstr || !indatalen)
+    return gpg_error (GPG_ERR_INV_VALUE);
+
+  err = prkdf_object_from_keyidstr (app, keyidstr, &prkdf);
+  if (err)
+    return err;
+  if (!(prkdf->usageflags.decrypt || prkdf->usageflags.unwrap))
+    {
+      log_error ("key %s may not be used for deciphering\n", keyidstr);
+      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
+    }
+
+  if (prkdf->keytype != KEY_TYPE_RSA)
+    return gpg_error (GPG_ERR_NOT_SUPPORTED);
+
+  p1blklen = prkdf->keysize >> 3;
+  if (!p1blklen)
+    p1blklen = 256;
+
+  /* Due to MPI the input may be shorter or longer than the block size */
+  memset(p1blk, 0, sizeof(p1blk));
+  ofs = p1blklen - indatalen;
+  if (ofs < 0)
+    memcpy(p1blk, (unsigned char *)indata - ofs, p1blklen);
+  else
+    memcpy(p1blk + ofs, indata, indatalen);
+
+  err = verify_pin(app, pincb, pincb_arg);
+  if (err)
+    return err;
+
+  sw = apdu_send_le (app->slot, 1, 0x80, 0x62, prkdf->key_reference, 0x21,
+                     p1blklen, p1blk, 0, &rspdata, &rspdatalen);
+  err = iso7816_map_sw(sw);
+  if (err)
+    {
+      log_error ("Decrypt failed: %s\n", gpg_strerror (err));
+      return err;
+    }
+
+  err = strip_PKCS15_padding(rspdata, rspdatalen, outdata, outdatalen);
+  xfree(rspdata);
+
+  if (!err)
+    *r_info |= APP_DECIPHER_INFO_NOPAD;
+
+  return err;
+}
+
+
+
+/*
+ * Select the SmartCard-HSM application on the card in SLOT.
+ */
+gpg_error_t
+app_select_sc_hsm (app_t app)
+{
+  int slot = app->slot;
+  int rc;
+
+  rc = iso7816_select_application (slot, sc_hsm_aid, sizeof sc_hsm_aid, 0);
+  if (!rc)
+    {
+      app->apptype = "SC-HSM";
+
+      app->app_local = xtrycalloc (1, sizeof *app->app_local);
+      if (!app->app_local)
+        {
+          rc = gpg_error_from_syserror ();
+          goto leave;
+        }
+
+      rc = read_meta (app);
+      if (rc)
+        goto leave;
+
+      app->fnc.deinit = do_deinit;
+      app->fnc.learn_status = do_learn_status;
+      app->fnc.readcert = do_readcert;
+      app->fnc.getattr = do_getattr;
+      app->fnc.setattr = NULL;
+      app->fnc.genkey = NULL;
+      app->fnc.sign = do_sign;
+      app->fnc.auth = do_auth;
+      app->fnc.decipher = do_decipher;
+      app->fnc.change_pin = NULL;
+      app->fnc.check_pin = NULL;
+
+    leave:
+      if (rc)
+        do_deinit (app);
+   }
+
+  return rc;
+}
diff --git a/scd/app.c b/scd/app.c
index a0bb5f5..1694ea1 100644
--- a/scd/app.c
+++ b/scd/app.c
@@ -387,6 +387,8 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app)
     err = app_select_geldkarte (app);
   if (err && is_app_allowed ("dinsig") && (!name || !strcmp (name, "dinsig")))
     err = app_select_dinsig (app);
+  if (err && is_app_allowed ("sc-hsm") && (!name || !strcmp (name, "sc-hsm")))
+    err = app_select_sc_hsm (app);
   if (err && name)
     err = gpg_error (GPG_ERR_NOT_SUPPORTED);
 
@@ -422,6 +424,7 @@ get_supported_applications (void)
     "p15",
     "geldkarte",
     "dinsig",
+    "sc-hsm",
     /* Note: "undefined" is not listed here because it needs special
        treatment by the client.  */
     NULL

-----------------------------------------------------------------------

Summary of changes:
 doc/scdaemon.texi |   14 +
 scd/Makefile.am   |    2 +-
 scd/apdu.c        |    1 +
 scd/apdu.h        |    1 +
 scd/app-common.h  |    3 +
 scd/app-p15.c     |   10 +-
 scd/app-sc-hsm.c  | 2043 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 scd/app.c         |    3 +
 8 files changed, 2071 insertions(+), 6 deletions(-)
 create mode 100644 scd/app-sc-hsm.c


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org



From cvs at cvs.gnupg.org  Fri Jul 25 17:09:58 2014
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 25 Jul 2014 17:09:58 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-4-gaeec79a
Message-ID: <E1XAh6u-0000ex-SQ@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".

The branch, master has been updated
       via  aeec79a154f4fcc5348c0dafe1742278fb2e4a62 (commit)
      from  5fd4e5723a8a25576b87c35b228ea596e1dee554 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit aeec79a154f4fcc5348c0dafe1742278fb2e4a62
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Fri Jul 25 17:07:07 2014 +0200

    Add fallback for sender email
    
        In case the sender email addess is not an smtp address fall
        back to the property accessor.
    
        * src/ribbon-callbacks.cpp (do_reader_action): Use property
        accessor for non smtp addresses.
    
    --
        Here the property accessor returned an unknown property error
        when the sender address was smtp. But according to documentation
        the Sender object should have that property for internal exchange
        senders.
        This also just omits the sender from the verify call (as
        get_pa_string returns NULL on error) if the sender address is
        not smtp and can not be obtained with the property.

diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index e9b7e27..eef0b2a 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -684,7 +684,19 @@ do_reader_action (LPDISPATCH ctrl, int flags)
   subject = get_oom_string (mailItem, "Subject");
   if (get_oom_bool (mailItem, "Sent"))
     {
-      senderAddr = get_oom_string (mailItem, "SenderEmailAddress");
+      char *addrType = get_oom_string (mailItem, "SenderEmailType");
+      if (addrType && strcmp("SMTP", addrType) == 0)
+        {
+          senderAddr = get_oom_string (mailItem, "SenderEmailAddress");
+        }
+      else
+        {
+          /* Not SMTP, fall back to try getting the property. */
+          LPDISPATCH sender = get_oom_object (mailItem, "Sender");
+          senderAddr = get_pa_string (sender, PR_SMTP_ADDRESS);
+          RELDISP (sender);
+        }
+      xfree (addrType);
     }
   else
     {

-----------------------------------------------------------------------

Summary of changes:
 src/ribbon-callbacks.cpp |   14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
GnuPG extension for MS Outlook
http://git.gnupg.org



From cvs at cvs.gnupg.org  Sun Jul 27 13:47:27 2014
From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor)
Date: Sun, 27 Jul 2014 13:47:27 +0200
Subject: [git] GPG-ERROR - branch, master,
 updated. libgpg-error-1.13-6-g8338a4b
Message-ID: <E1XBMu0-0008I2-B5@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".

The branch, master has been updated
       via  8338a4ba93367974758dc5e195f67e9d171d4086 (commit)
      from  07355372db903e393fd0b7b22883ce4f71b6a67d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8338a4ba93367974758dc5e195f67e9d171d4086
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date:   Fri Jul 25 19:00:42 2014 -0400

    Add new lock-obj-pub.*.h from debian buildds.
    
    * src/syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h: New.
    * src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h: New.
    * src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.i486-pc-gnu.h: New.
    * src/syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h: New.
    * src/syscfg/lock-obj-pub.i486-pc-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.mips-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h: New.
    * src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h: New.
    * src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h: New.
    * src/Makefile.am (lock_obj_pub): Add new files.
    --
    
    To generate these:
    
    pull all the logs stored under the "install" links from:
    
       https://buildd.debian.org/status/package.php?p=libgpg-error&suite=unstable
       https://buildd.debian-ports.org/status/package.php?p=libgpg-error&suite=unstable
    
    and then extract the headers via:
    
    for x in fetch*; do
       awk '/^## lock-obj-pub\..*\.h$/{ X=2 } { if (X > 0) { print $0 } }  /^##$/{ X = X-1 } ' < "$x" >tmp
       mv -f tmp $( head -n1 < tmp | cut -f2 -d\ )
    done

diff --git a/src/Makefile.am b/src/Makefile.am
index e201cee..bc8449e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -41,8 +41,29 @@ endif
 
 # Distributed lock object definitions for cross compilation.
 lock_obj_pub = \
-	syscfg/lock-obj-pub.mingw32.h \
-        syscfg/lock-obj-pub.arm-unknown-linux-androideabi.h
+        syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h     \
+        syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h       \
+        syscfg/lock-obj-pub.arm-unknown-linux-androideabi.h \
+        syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h     \
+        syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h   \
+        syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h        \
+        syscfg/lock-obj-pub.i486-pc-gnu.h                   \
+        syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h          \
+        syscfg/lock-obj-pub.i486-pc-linux-gnu.h             \
+        syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h        \
+        syscfg/lock-obj-pub.mips-unknown-linux-gnu.h        \
+        syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h      \
+        syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h     \
+        syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h   \
+        syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h           \
+        syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h         \
+        syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h       \
+        syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h        \
+        syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h           \
+        syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h        \
+	syscfg/lock-obj-pub.mingw32.h
+
+
 
 lib_LTLIBRARIES = libgpg-error.la
 include_HEADERS = gpg-error.h
diff --git a/src/syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h
new file mode 100644
index 0000000..adf10fc
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h
@@ -0,0 +1,26 @@
+## lock-obj-pub.aarch64-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[48];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h
new file mode 100644
index 0000000..80ddf01
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h
@@ -0,0 +1,25 @@
+## lock-obj-pub.alpha-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[40];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h b/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h
new file mode 100644
index 0000000..7a92276
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabi.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.arm-unknown-linux-gnueabi.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h b/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h
new file mode 100644
index 0000000..6636400
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.arm-unknown-linux-gnueabihf.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.arm-unknown-linux-gnueabihf.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
new file mode 100644
index 0000000..fd47664
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
@@ -0,0 +1,26 @@
+## lock-obj-pub.hppa-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[48];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.i486-pc-gnu.h b/src/syscfg/lock-obj-pub.i486-pc-gnu.h
new file mode 100644
index 0000000..59b61e1
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.i486-pc-gnu.h
@@ -0,0 +1,24 @@
+## lock-obj-pub.i486-pc-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[32];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h b/src/syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h
new file mode 100644
index 0000000..8a680d1
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.i486-pc-kfreebsd-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.i486-pc-kfreebsd-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.i486-pc-linux-gnu.h b/src/syscfg/lock-obj-pub.i486-pc-linux-gnu.h
new file mode 100644
index 0000000..f1849c4
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.i486-pc-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.i486-pc-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h
new file mode 100644
index 0000000..3788797
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.m68k-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.m68k-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.mips-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.mips-unknown-linux-gnu.h
new file mode 100644
index 0000000..b31206e
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.mips-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.mips-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h
new file mode 100644
index 0000000..3a24571
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.mipsel-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.mipsel-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h
new file mode 100644
index 0000000..6601bc9
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.powerpc-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.powerpc-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h
new file mode 100644
index 0000000..635e6eb
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h
@@ -0,0 +1,25 @@
+## lock-obj-pub.powerpc64-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[40];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h b/src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h
new file mode 100644
index 0000000..70f6e33
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h
@@ -0,0 +1,25 @@
+## lock-obj-pub.s390x-ibm-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[40];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h
new file mode 100644
index 0000000..eb62ba3
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.sh4-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.sh4-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h b/src/syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h
new file mode 100644
index 0000000..2748b26
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.sparc-unknown-linux-gnu.h
@@ -0,0 +1,23 @@
+## lock-obj-pub.sparc-unknown-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[24];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h b/src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h
new file mode 100644
index 0000000..7fb596c
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h
@@ -0,0 +1,25 @@
+## lock-obj-pub.x86_64-pc-kfreebsd-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[40];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h b/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h
new file mode 100644
index 0000000..0dd6431
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h
@@ -0,0 +1,25 @@
+## lock-obj-pub.x86_64-pc-linux-gnu.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[40];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##
diff --git a/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h b/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h
new file mode 100644
index 0000000..e85bd30
--- /dev/null
+++ b/src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h
@@ -0,0 +1,24 @@
+## lock-obj-pub.x86_64-pc-linux-gnux32.h
+## File created by gen-posix-lock-obj - DO NOT EDIT
+## To be included by mkheader into gpg-error.h
+
+typedef struct
+{
+  long _vers;
+  union {
+    volatile char _priv[32];
+    long _x_align;
+    long *_xp_align;
+  } u;
+} gpgrt_lock_t;
+
+#define GPGRT_LOCK_INITIALIZER {1,{{0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0, \
+                                    0,0,0,0,0,0,0,0}}}
+##
+## Local Variables:
+## mode: c
+## buffer-read-only: t
+## End:
+##

-----------------------------------------------------------------------

Summary of changes:
 src/Makefile.am                                    |   25 +++++++++++++++++--
 .../lock-obj-pub.aarch64-unknown-linux-gnu.h       |   26 ++++++++++++++++++++
 src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h  |   25 +++++++++++++++++++
 ....h => lock-obj-pub.arm-unknown-linux-gnueabi.h} |    8 +++---
 ... => lock-obj-pub.arm-unknown-linux-gnueabihf.h} |    8 +++---
 src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h   |   26 ++++++++++++++++++++
 src/syscfg/lock-obj-pub.i486-pc-gnu.h              |   24 ++++++++++++++++++
 ...deabi.h => lock-obj-pub.i486-pc-kfreebsd-gnu.h} |    8 +++---
 ...roideabi.h => lock-obj-pub.i486-pc-linux-gnu.h} |    8 +++---
 ...abi.h => lock-obj-pub.m68k-unknown-linux-gnu.h} |    8 +++---
 ...abi.h => lock-obj-pub.mips-unknown-linux-gnu.h} |    8 +++---
 ...i.h => lock-obj-pub.mipsel-unknown-linux-gnu.h} |    8 +++---
 ....h => lock-obj-pub.powerpc-unknown-linux-gnu.h} |    8 +++---
 .../lock-obj-pub.powerpc64-unknown-linux-gnu.h     |   25 +++++++++++++++++++
 src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h      |   25 +++++++++++++++++++
 ...eabi.h => lock-obj-pub.sh4-unknown-linux-gnu.h} |    8 +++---
 ...bi.h => lock-obj-pub.sparc-unknown-linux-gnu.h} |    8 +++---
 src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h   |   25 +++++++++++++++++++
 src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h      |   25 +++++++++++++++++++
 src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h   |   24 ++++++++++++++++++
 20 files changed, 298 insertions(+), 32 deletions(-)
 create mode 100644 src/syscfg/lock-obj-pub.aarch64-unknown-linux-gnu.h
 create mode 100644 src/syscfg/lock-obj-pub.alpha-unknown-linux-gnu.h
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.arm-unknown-linux-gnueabi.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.arm-unknown-linux-gnueabihf.h} (53%)
 create mode 100644 src/syscfg/lock-obj-pub.hppa-unknown-linux-gnu.h
 create mode 100644 src/syscfg/lock-obj-pub.i486-pc-gnu.h
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.i486-pc-kfreebsd-gnu.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.i486-pc-linux-gnu.h} (54%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.m68k-unknown-linux-gnu.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.mips-unknown-linux-gnu.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.mipsel-unknown-linux-gnu.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.powerpc-unknown-linux-gnu.h} (53%)
 create mode 100644 src/syscfg/lock-obj-pub.powerpc64-unknown-linux-gnu.h
 create mode 100644 src/syscfg/lock-obj-pub.s390x-ibm-linux-gnu.h
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.sh4-unknown-linux-gnu.h} (53%)
 copy src/syscfg/{lock-obj-pub.arm-unknown-linux-androideabi.h => lock-obj-pub.sparc-unknown-linux-gnu.h} (53%)
 create mode 100644 src/syscfg/lock-obj-pub.x86_64-pc-kfreebsd-gnu.h
 create mode 100644 src/syscfg/lock-obj-pub.x86_64-pc-linux-gnu.h
 create mode 100644 src/syscfg/lock-obj-pub.x86_64-pc-linux-gnux32.h


hooks/post-receive
-- 
Error codes used by GnuPG et al.
http://git.gnupg.org



From cvs at cvs.gnupg.org  Mon Jul 28 10:18:10 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 28 Jul 2014 10:18:10 +0200
Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.0-6-ge478019
Message-ID: <E1XBg70-000816-0T@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnupG extension for the Windows Explorer".

The branch, master has been updated
       via  e478019f36499089346b9382e90400cb04f682c6 (commit)
       via  bff2af33075ce4574c10250156267751e667753e (commit)
      from  da8aeee958e8943aad57a4b178e2f39a3897e4c6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e478019f36499089346b9382e90400cb04f682c6
Author: Werner Koch <wk at gnupg.org>
Date:   Thu Jul 24 16:16:53 2014 +0200

    Fix segv in case GNUPGHOME is set.
    
    * src/registry.c (default_homedir): Return const hcar*.
    * src/client.cc (default_socket_name): Rewrite to use straightforward
    code.

diff --git a/src/client.cc b/src/client.cc
index f358453..6868835 100644
--- a/src/client.cc
+++ b/src/client.cc
@@ -55,21 +55,26 @@ _gpgex_stpcpy (char *a, const char *b)
 static const char *
 default_socket_name (void)
 {
-  static string name;
+  static char *name;
 
-  if (name.size () == 0)
+  if (!name)
     {
-      char *dir = NULL;
+      const char *dir;
+      const char sockname[] = "\\S.uiserver";
 
       dir = default_homedir ();
       if (dir)
 	{
-	  try { name = ((string) dir) + "\\S.uiserver"; } catch (...) {}
-	  free ((void *) dir);
+          name = (char *)malloc (strlen (dir) + strlen (sockname) + 1);
+          if (name)
+            {
+              strcpy (name, dir);
+              strcat (name, sockname);
+            }
 	}
     }
 
-  return name.c_str ();
+  return name;
 }
 
 
diff --git a/src/registry.c b/src/registry.c
index 4b23006..aa59549 100644
--- a/src/registry.c
+++ b/src/registry.c
@@ -236,7 +236,7 @@ standard_homedir (void)
 
 
 /* Retrieve the default home directory.  */
-char *
+const char *
 default_homedir (void)
 {
   char *dir;
diff --git a/src/registry.h b/src/registry.h
index 2eb1637..51113ab 100644
--- a/src/registry.h
+++ b/src/registry.h
@@ -41,7 +41,7 @@ char *read_w32_registry_string (const char *root, const char *dir,
 				const char *name);
 
 /* Retrieve the default home directory.  */
-char *default_homedir (void);
+const char *default_homedir (void);
 
 /* Registry key for this software.  */
 #define REGKEY "Software\\GNU\\GnuPG"

commit bff2af33075ce4574c10250156267751e667753e
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jun 25 14:33:34 2014 +0200

    Start launch-gpa to avoid pop up console windows.
    
    * src/client.cc (default_uiserver_cmdline): Change GPA server name.

diff --git a/src/client.cc b/src/client.cc
index 8350181..f358453 100644
--- a/src/client.cc
+++ b/src/client.cc
@@ -115,7 +115,7 @@ default_uiserver_cmdline (void)
         {
           /* Kleopatra is not installed: Try GPA instead but if it is
              also not available return the Kleopatra filename.  */
-          const char gpaserver[] = "gpa.exe";
+          const char gpaserver[] = "launch-gpa.exe";
           char *name2;
 
           name2 = (char*)malloc (strlen (dir) + strlen (gpaserver)

-----------------------------------------------------------------------

Summary of changes:
 src/client.cc  |   19 ++++++++++++-------
 src/registry.c |    2 +-
 src/registry.h |    2 +-
 3 files changed, 14 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
GnupG extension for the Windows Explorer
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 30 11:38:38 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 30 Jul 2014 11:38:38 +0200
Subject: [git] GPGME - branch, gpgme-1.4-branch,
 created. gpgme-1.4.3-9-g998e454
Message-ID: <E1XCQJx-0005Nt-8P@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, gpgme-1.4-branch has been created
        at  998e454a320db77361feddf0dcc5ba39ebd9a49b (commit)

- Log -----------------------------------------------------------------
commit 998e454a320db77361feddf0dcc5ba39ebd9a49b
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 11:36:03 2014 +0200

    Release 1.4.4
    
    * configure.ac: Change LT version to C22/A11/R1.

diff --git a/NEWS b/NEWS
index f68035d..d1adc24 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,20 @@
-Noteworthy changes in version 1.4.3 (2013-08-12)
-------------------------------------------------
+Noteworthy changes in version 1.4.4 (2014-07-30) [C22/A11/R1]
+-------------------------------------------------------------
+
+ Backported from 1.5.1:
+
+ * Fixed possible overflow in gpgsm and uiserver engines.
+   [CVE-2014-3564]
+
+ * Fixed possibled segv in gpgme_op_card_edit.
+
+ * Fixed minor memleaks and possible zombie processes.
+
+ * Fixed prototype inconsistencies and void pointer arithmetic.
+
+
+Noteworthy changes in version 1.4.3 (2013-08-12) [C22/A11/R0]
+-------------------------------------------------------------
 
  * The default engine names are now taken from the output of gpgconf.
    If gpgconf is not found the use of gpg 1 is assumed.
diff --git a/configure.ac b/configure.ac
index 92375e6..36bd035 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,7 +29,7 @@ min_automake_version="1.11"
 # for the LT versions.
 m4_define(mym4_version_major, [1])
 m4_define(mym4_version_minor, [4])
-m4_define(mym4_version_micro, [3])
+m4_define(mym4_version_micro, [4])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag
@@ -59,7 +59,7 @@ LIBGPGME_LT_CURRENT=22
 # Subtract 2 from this value if you want to make the LFS transition an
 # ABI break.  [Note to self: Remove this comment with the next regular break.]
 LIBGPGME_LT_AGE=11
-LIBGPGME_LT_REVISION=0
+LIBGPGME_LT_REVISION=1
 
 # If the API is changed in an incompatible way: increment the next counter.
 GPGME_CONFIG_API_VERSION=1

commit 1755f33a478aeb787f8cf0d55ad6c628c30ff473
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 11:04:55 2014 +0200

    Fix possible realloc overflow for gpgsm and uiserver engines.
    
    * src/engine-gpgsm.c (status_handler):
    * src/engine-uiserver.c (status_handler):
    --
    
    After a realloc (realloc is also used for initial alloc) the allocated
    size if the buffer is not correctly recorded.  Thus an overflow can be
    introduced by receiving data with different line lengths in a specific
    order.  This is not easy exploitable because libassuan constructs the
    line.  However a crash has been reported and thus it might be possible
    to constructs an exploit.
    
    CVE-id: CVE-2014-3564
    Reported-by: Tom?? Trnka
    
    Resolved conflicts:
    	NEWS - removed

diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index cee20e3..a7888ca 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -837,7 +837,7 @@ status_handler (void *opaque, int fd)
 	      else
 		{
 		  *aline = newline;
-		  gpgsm->colon.attic.linesize += linelen + 1;
+		  gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
 		}
 	    }
 	  if (!err)
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index bd140f9..350b609 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
 	      else
 		{
 		  *aline = newline;
-		  uiserver->colon.attic.linesize += linelen + 1;
+		  uiserver->colon.attic.linesize = *alinelen + linelen + 1;
 		}
 	    }
 	  if (!err)

commit eee89ffd0193fd18114b5c3cb7d8544aa71b512a
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 15 16:40:48 2014 +0200

    w32: Fix another memleak on error.
    
    * src/w32-io.c (create_reader): free CTX.
    --
    
    Found by Hans-Christoph Steiner with cppcheck.

diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 3bc9f66..36f035a 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -896,6 +896,10 @@ build_argv (engine_gpg_t gpg)
 					       close_notify_handler,
 					       gpg))
 	      {
+                /* We leak fd_data_map and the fds.  This is not easy
+                   to avoid and given that we reach this here only
+                   after a malloc failure for a small object, it is
+                   probably better not to do anything.  */
 		return gpg_error (GPG_ERR_GENERAL);
 	      }
 	    /* If the data_type is FD, we have to do a dup2 here.  */
diff --git a/src/w32-io.c b/src/w32-io.c
index 133d29e..f9e4313 100644
--- a/src/w32-io.c
+++ b/src/w32-io.c
@@ -425,6 +425,7 @@ create_reader (int fd)
   if (fd < 0 || fd >= MAX_SLAFD || !fd_table[fd].used)
     {
       TRACE_SYSERR (EIO);
+      free (ctx);
       return NULL;
     }
   TRACE_LOG4 ("fd=%d -> handle=%p socket=%d dupfrom=%d",

commit 27f052b9df75c3703d3ceabab2d2615e46665fe1
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 15 16:40:48 2014 +0200

    w32: Fix memleak in an error code paths.
    
    * src/w32-io.c (create_writer): Free CTX in cased of bad FD.
    * src/w32-util.c (_gpgme_mkstemp): Free TMPNAME in case of a failed
    mkstemp.
    --
    
    Found by Hans-Christoph Steiner with cppcheck.

diff --git a/src/w32-io.c b/src/w32-io.c
index d896ec0..133d29e 100644
--- a/src/w32-io.c
+++ b/src/w32-io.c
@@ -794,6 +794,7 @@ create_writer (int fd)
   if (fd < 0 || fd >= MAX_SLAFD || !fd_table[fd].used)
     {
       TRACE_SYSERR (EIO);
+      free (ctx);
       return NULL;
     }
   TRACE_LOG4 ("fd=%d -> handle=%p socket=%d dupfrom=%d",
diff --git a/src/w32-util.c b/src/w32-util.c
index 4cee1cb..2dc7655 100644
--- a/src/w32-util.c
+++ b/src/w32-util.c
@@ -660,7 +660,10 @@ _gpgme_mkstemp (int *fd, char **name)
   strcpy (stpcpy (tmpname, tmp), "\\gpgme-XXXXXX");
   *fd = mkstemp (tmpname);
   if (fd < 0)
-    return -1;
+    {
+      free (tmpname);
+      return -1;
+    }
 
   *name = tmpname;
   return 0;

commit 1e488d3fd854bd9e340629ba9047d7385c1f3792
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Apr 15 12:25:45 2014 +0200

    Fix possible zombie processes.
    
    * src/posix-io.c (_gpgme_io_waitpid): Protect waitpid agains EINTR.
    (_gpgme_io_dup): Likewise.
    (_gpgme_io_connect): Likewise.
    --
    
    GnuPG-bug-id: 1630

diff --git a/src/posix-io.c b/src/posix-io.c
index ceb8831..c315539 100644
--- a/src/posix-io.c
+++ b/src/posix-io.c
@@ -340,10 +340,15 @@ int
 _gpgme_io_waitpid (int pid, int hang, int *r_status, int *r_signal)
 {
   int status;
+  pid_t ret;
 
   *r_status = 0;
   *r_signal = 0;
-  if (_gpgme_ath_waitpid (pid, &status, hang? 0 : WNOHANG) == pid)
+  do
+    ret = _gpgme_ath_waitpid (pid, &status, hang? 0 : WNOHANG);
+  while (ret == (pid_t)(-1) && errno == EINTR);
+
+  if (ret == pid)
     {
       if (WIFSIGNALED (status))
 	{
@@ -714,7 +719,11 @@ _gpgme_io_sendmsg (int fd, const struct msghdr *msg, int flags)
 int
 _gpgme_io_dup (int fd)
 {
-  int new_fd = dup (fd);
+  int new_fd;
+
+  do
+    new_fd = dup (fd);
+  while (new_fd == -1 && errno == EINTR);
 
   TRACE1 (DEBUG_SYSIO, "_gpgme_io_dup", fd, "new fd==%i", new_fd);
 
@@ -744,7 +753,9 @@ _gpgme_io_connect (int fd, struct sockaddr *addr, int addrlen)
   TRACE_BEG2 (DEBUG_SYSIO, "_gpgme_io_connect", fd,
 	      "addr=%p, addrlen=%i", addr, addrlen);
 
-  res = ath_connect (fd, addr, addrlen);
+  do
+    res = ath_connect (fd, addr, addrlen);
+  while (res == -1 && errno == EINTR);
 
   return TRACE_SYSRES (res);
 }

commit a175922f8a8a422aba08175c88c60cbc96113791
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Mar 11 13:58:38 2014 +0100

    Avoid pointer arithmetic on void pointer.
    
    * src/gpgme.c (gpgme_io_writen): Use new var buffer.
    --
    
    Reported-by: Albert Chin

diff --git a/src/gpgme.c b/src/gpgme.c
index b0ef03c..51b68a5 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -678,8 +678,9 @@ gpgme_io_write (int fd, const void *buffer, size_t count)
    written or an error is return.  Returns: 0 on success or -1 on
    error and the sets errno. */
 int
-gpgme_io_writen (int fd, const void *buffer, size_t count)
+gpgme_io_writen (int fd, const void *buffer_arg, size_t count)
 {
+  const char *buffer = buffer_arg;
   int ret = 0;
   TRACE_BEG2 (DEBUG_GLOBAL, "gpgme_io_writen", fd,
 	      "buffer=%p, count=%u", buffer, count);

commit 97f9bec6d0d0a3fb4dab96b30349d25cf00a1af5
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Mar 11 13:54:21 2014 +0100

    Change implementation return type to match the definition.
    
    * src/gpgme.c (gpgme_get_sub_protocol): Change return type to
    gpgme_protocol_t.
    --
    
    Yet another enum/int mismatch.
    
    Reported-by: Albert Chin.

diff --git a/src/gpgme.c b/src/gpgme.c
index bbfcddc..b0ef03c 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -357,7 +357,7 @@ gpgme_set_sub_protocol (gpgme_ctx_t ctx, gpgme_protocol_t protocol)
 }
 
 
-gpgme_error_t
+gpgme_protocol_t
 gpgme_get_sub_protocol (gpgme_ctx_t ctx)
 {
   TRACE2 (DEBUG_CTX, "gpgme_get_sub_protocol", ctx,

commit 206bfb5a7953dcdebfdbc6fe6136240964659561
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Feb 12 20:36:08 2014 +0100

    Fix type inconsistency between gpgme.h and gpgme.c.
    
    * src/gpgme.c (gpgme_set_pinentry_mode): Fix type of MODE.
    --
    
    GnuPG-bug-id: 1617

diff --git a/src/gpgme.c b/src/gpgme.c
index a8de64b..bbfcddc 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -514,7 +514,7 @@ gpgme_get_keylist_mode (gpgme_ctx_t ctx)
 
 /* Set the pinentry mode for CTX to MODE. */
 gpgme_error_t
-gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_keylist_mode_t mode)
+gpgme_set_pinentry_mode (gpgme_ctx_t ctx, gpgme_pinentry_mode_t mode)
 {
   TRACE1 (DEBUG_CTX, "gpgme_set_pinentry_mode", ctx, "pinentry_mode=%u",
 	  (unsigned int)mode);

commit 3150aeba4095c79038761f035748485052b4b9eb
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Aug 19 20:40:10 2013 +0200

    Fix possible segv in the gpgme_op_card_edit.
    
    * src/edit.c (gpgme_op_edit_start, gpgme_op_card_edit_start): Do not
    deref a NULL KEY in TRACE_BEG.

diff --git a/src/edit.c b/src/edit.c
index 1f73078..72fa458 100644
--- a/src/edit.c
+++ b/src/edit.c
@@ -143,7 +143,7 @@ gpgme_op_edit_start (gpgme_ctx_t ctx, gpgme_key_t key,
 
   TRACE_BEG5 (DEBUG_CTX, "gpgme_op_edit_start", ctx,
 	      "key=%p (%s), fnc=%p fnc_value=%p, out=%p", key,
-	      (key->subkeys && key->subkeys->fpr) ?
+	      (key && key->subkeys && key->subkeys->fpr) ?
 	      key->subkeys->fpr : "invalid", fnc, fnc_value, out);
 
   if (!ctx)
@@ -164,7 +164,7 @@ gpgme_op_edit (gpgme_ctx_t ctx, gpgme_key_t key,
 
   TRACE_BEG5 (DEBUG_CTX, "gpgme_op_edit", ctx,
 	      "key=%p (%s), fnc=%p fnc_value=%p, out=%p", key,
-	      (key->subkeys && key->subkeys->fpr) ?
+	      (key && key->subkeys && key->subkeys->fpr) ?
 	      key->subkeys->fpr : "invalid", fnc, fnc_value, out);
 
   if (!ctx)
@@ -187,7 +187,7 @@ gpgme_op_card_edit_start (gpgme_ctx_t ctx, gpgme_key_t key,
 
   TRACE_BEG5 (DEBUG_CTX, "gpgme_op_card_edit_start", ctx,
 	      "key=%p (%s), fnc=%p fnc_value=%p, out=%p", key,
-	      (key->subkeys && key->subkeys->fpr) ?
+	      (key && key->subkeys && key->subkeys->fpr) ?
 	      key->subkeys->fpr : "invalid", fnc, fnc_value, out);
 
   if (!ctx)
@@ -208,7 +208,7 @@ gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key,
 
   TRACE_BEG5 (DEBUG_CTX, "gpgme_op_card_edit", ctx,
 	      "key=%p (%s), fnc=%p fnc_value=%p, out=%p", key,
-	      (key->subkeys && key->subkeys->fpr) ?
+	      (key && key->subkeys && key->subkeys->fpr) ?
 	      key->subkeys->fpr : "invalid", fnc, fnc_value, out);
 
   if (!ctx)

-----------------------------------------------------------------------


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 30 11:40:18 2014
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 30 Jul 2014 11:40:18 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.3-10-g41d0460
Message-ID: <E1XCQLY-0005RF-Gq@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".

The branch, master has been updated
       via  41d046022e912c76cb424c906064745e732f01f3 (commit)
      from  044875d418765ce2be1abd333d344c8d7a7b883c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 41d046022e912c76cb424c906064745e732f01f3
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Wed Jul 30 11:34:26 2014 +0200

    Set some accessibility information
    
        * qt4/main.cpp (qt_cmd_handler): Build buttons with accessibile
        Description.
        * qt4/pinentrydialog.cpp (setDescription, setError, setOkText)
        (setCancelText, setQualityBar): Set an accessible description.
        * qt4/pinentryconfirm.cpp (PinentryConfirm): Set message
        box contents also as accessible values.
        * NEWS: Mention it and the copy/paste change from last year.

diff --git a/NEWS b/NEWS
index a9c0057..fbc3708 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,9 @@
 Noteworthy changes in version 0.8.4 (unreleased)
 ------------------------------------------------
 
- *
+ * Qt4: New option to enable pasting the passphrase from clipboard
+
+ * Qt4: Improved accessiblity
 
 
 Noteworthy changes in version 0.8.3 (2013-04-26)
diff --git a/qt4/main.cpp b/qt4/main.cpp
index 7fdef37..106999e 100644
--- a/qt4/main.cpp
+++ b/qt4/main.cpp
@@ -215,8 +215,11 @@ qt_cmd_handler (pinentry_t pe)
       };
 
       for ( size_t i = 0 ; i < sizeof buttonLabels / sizeof *buttonLabels ; ++i )
-        if ( (buttons & buttonLabels[i].button) && !buttonLabels[i].label.isEmpty() )
+        if ( (buttons & buttonLabels[i].button) && !buttonLabels[i].label.isEmpty() ) {
             box.button( buttonLabels[i].button )->setText( buttonLabels[i].label );
+            box.button( buttonLabels[i].button )->setAccessibleDescription ( buttonLabels[i].label );
+
+        }
 
       box.setIconPixmap( icon() );
 
diff --git a/qt4/pinentryconfirm.cpp b/qt4/pinentryconfirm.cpp
index b22aef5..f7a1d63 100644
--- a/qt4/pinentryconfirm.cpp
+++ b/qt4/pinentryconfirm.cpp
@@ -29,6 +29,8 @@ PinentryConfirm::PinentryConfirm(Icon icon, int timeout, const QString &title,
 	connect(_timer, SIGNAL(timeout()), this, SLOT(slotTimeout()));
 	_timer->start(timeout*1000);
     }
+    setAccessibleDescription (desc);
+    setAccessibleName (title);
 }
 
 void PinentryConfirm::slotTimeout()
diff --git a/qt4/pinentrydialog.cpp b/qt4/pinentrydialog.cpp
index a8dbb42..b16a74f 100644
--- a/qt4/pinentrydialog.cpp
+++ b/qt4/pinentrydialog.cpp
@@ -198,6 +198,7 @@ void PinEntryDialog::setDescription( const QString& txt )
 {
   _desc->setVisible( !txt.isEmpty() );
   _desc->setText( txt );
+  _desc->setAccessibleDescription ( txt );
   _icon->setPixmap( icon() );
   setError( QString::null );
 }
@@ -211,6 +212,7 @@ void PinEntryDialog::setError( const QString& txt )
 {
   if( !txt.isNull() )_icon->setPixmap( icon( QStyle::SP_MessageBoxCritical ) );
   _error->setText( txt );
+  _error->setAccessibleDescription ( txt );
   _error->setVisible( !txt.isEmpty() );
 }
 
@@ -243,19 +245,23 @@ QString PinEntryDialog::prompt() const
 void PinEntryDialog::setOkText( const QString& txt )
 {
   _ok->setText( txt );
+  _ok->setAccessibleDescription ( txt );
   _ok->setVisible( !txt.isEmpty() );
 }
 
 void PinEntryDialog::setCancelText( const QString& txt )
 {
   _cancel->setText( txt );
+  _cancel->setAccessibleDescription ( txt );
   _cancel->setVisible( !txt.isEmpty() );
 }
 
 void PinEntryDialog::setQualityBar( const QString& txt )
 {
-  if (_have_quality_bar)
+  if (_have_quality_bar) {
     _quality_bar_label->setText( txt );
+    _quality_bar_label->setAccessibleDescription ( txt );
+  }
 }
 
 void PinEntryDialog::setQualityBarTT( const QString& txt )

-----------------------------------------------------------------------

Summary of changes:
 NEWS                    |    4 +++-
 qt4/main.cpp            |    5 ++++-
 qt4/pinentryconfirm.cpp |    2 ++
 qt4/pinentrydialog.cpp  |    8 +++++++-
 4 files changed, 16 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
The standard pinentry collection
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 30 12:04:30 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 30 Jul 2014 12:04:30 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-8-gbfe18a0
Message-ID: <E1XCQiy-0006E2-R1@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".

The branch, master has been updated
       via  bfe18a0651177025ff0a6b978a641bdd1472a0b1 (commit)
       via  16835c3b5d1cea18512b2c93e884d8ca513a2ee7 (commit)
       via  2cbd76f7911fc215845e89b50d6af5ff4a83dd77 (commit)
      from  68116fa5f67238a60bb8be375cc959262fa021d3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bfe18a0651177025ff0a6b978a641bdd1472a0b1
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 12:03:47 2014 +0200

    Post release updates.
    
    --

diff --git a/NEWS b/NEWS
index cffc209..0ea405b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.5.2 (unreleased) [C__/A__/R_]
+-------------------------------------------------------------
+
+
 Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0]
 -------------------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index b3e17fa..efc60c7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,7 +29,7 @@ min_automake_version="1.11"
 # for the LT versions.
 m4_define(mym4_version_major, [1])
 m4_define(mym4_version_minor, [5])
-m4_define(mym4_version_micro, [1])
+m4_define(mym4_version_micro, [2])
 
 # Below is m4 magic to extract and compute the revision number, the
 # decimalized short revision number, a beta version string, and a flag

commit 16835c3b5d1cea18512b2c93e884d8ca513a2ee7
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 11:47:31 2014 +0200

    Release 1.5.1
    
    * configure.ac: Change LT version to C24/A13/R0.

diff --git a/NEWS b/NEWS
index ff75e9c..cffc209 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,10 @@
-Noteworthy changes in version 1.5.1 (unreleased) [C__/A__/R_]
+Noteworthy changes in version 1.5.1 (2014-07-30) [C24/A13/R0]
 -------------------------------------------------------------
 
- * Fix possible overflow in gpgsm and uiserver engines.
-   [CVE-2014-35640]
+ * Fixed possible overflow in gpgsm and uiserver engines.
+   [CVE-2014-3564]
 
- * Add support for GnuPG 2.1's --with-secret option.
+ * Added support for GnuPG 2.1's --with-secret option.
 
  * Interface changes relative to the 1.5.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/configure.ac b/configure.ac
index 92c9463..b3e17fa 100644
--- a/configure.ac
+++ b/configure.ac
@@ -55,10 +55,10 @@ AC_INIT([gpgme],[mym4_full_version],[http://bugs.gnupg.org])
 #   (Interfaces added:			AGE++)
 #   (Interfaces removed/changed:	AGE=0)
 #
-LIBGPGME_LT_CURRENT=23
+LIBGPGME_LT_CURRENT=24
 # Subtract 2 from this value if you want to make the LFS transition an
 # ABI break.  [Note to self: Remove this comment with the next regular break.]
-LIBGPGME_LT_AGE=12
+LIBGPGME_LT_AGE=13
 LIBGPGME_LT_REVISION=0
 
 # If the API is changed in an incompatible way: increment the next counter.

commit 2cbd76f7911fc215845e89b50d6af5ff4a83dd77
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 11:04:55 2014 +0200

    Fix possible realloc overflow for gpgsm and uiserver engines.
    
    * src/engine-gpgsm.c (status_handler):
    * src/engine-uiserver.c (status_handler):
    --
    
    After a realloc (realloc is also used for initial alloc) the allocated
    size if the buffer is not correctly recorded.  Thus an overflow can be
    introduced by receiving data with different line lengths in a specific
    order.  This is not easy exploitable because libassuan constructs the
    line.  However a crash has been reported and thus it might be possible
    to constructs an exploit.
    
    CVE-id: CVE-2014-3564
    Reported-by: Tom?? Trnka

diff --git a/NEWS b/NEWS
index c6a8f52..ff75e9c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Noteworthy changes in version 1.5.1 (unreleased) [C__/A__/R_]
 -------------------------------------------------------------
 
+ * Fix possible overflow in gpgsm and uiserver engines.
+   [CVE-2014-35640]
+
  * Add support for GnuPG 2.1's --with-secret option.
 
  * Interface changes relative to the 1.5.0 release:
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 8ec1598..3a83757 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -836,7 +836,7 @@ status_handler (void *opaque, int fd)
 	      else
 		{
 		  *aline = newline;
-		  gpgsm->colon.attic.linesize += linelen + 1;
+		  gpgsm->colon.attic.linesize = *alinelen + linelen + 1;
 		}
 	    }
 	  if (!err)
diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c
index 2738c36..a7184b7 100644
--- a/src/engine-uiserver.c
+++ b/src/engine-uiserver.c
@@ -698,7 +698,7 @@ status_handler (void *opaque, int fd)
 	      else
 		{
 		  *aline = newline;
-		  uiserver->colon.attic.linesize += linelen + 1;
+		  uiserver->colon.attic.linesize = *alinelen + linelen + 1;
 		}
 	    }
 	  if (!err)

-----------------------------------------------------------------------

Summary of changes:
 NEWS                  |   11 +++++++++--
 configure.ac          |    6 +++---
 src/engine-gpgsm.c    |    2 +-
 src/engine-uiserver.c |    2 +-
 4 files changed, 14 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
GnuPG Made Easy
http://git.gnupg.org



From cvs at cvs.gnupg.org  Wed Jul 30 16:59:48 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 30 Jul 2014 16:59:48 +0200
Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.0-8-g8c86f33
Message-ID: <E1XCVKk-0003RP-Gw@lists.gnupg.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnupG extension for the Windows Explorer".

The branch, master has been updated
       via  8c86f33c130c42a9711a17fc8f9c84192ca85bae (commit)
       via  8e749c0b310d9d8a916358168860119dfdcef22f (commit)
      from  e478019f36499089346b9382e90400cb04f682c6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8c86f33c130c42a9711a17fc8f9c84192ca85bae
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 16:59:56 2014 +0200

    Post release updates
    
    --

diff --git a/NEWS b/NEWS
index 3b82ad8..94295ed 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes for version 1.0.2 (unreleased)
+-------------------------------------------------
+
+
 Noteworthy changes for version 1.0.1 (2014-07-30)
 -------------------------------------------------
 
diff --git a/configure.ac b/configure.ac
index 028524a..9c43ba1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -17,7 +17,7 @@ min_automake_version="1.10"
 # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force".  Please
 # bump the version number immediately *after* the release and do
 # another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.0.1])
+m4_define([mym4_version], [1.0.2])
 
 # Below is m4 magic to extract and compute the git revision number,
 # the decimalized short revision number, a beta version string and a

commit 8e749c0b310d9d8a916358168860119dfdcef22f
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jul 30 16:50:41 2014 +0200

    Release 1.0.1

diff --git a/NEWS b/NEWS
index 5415c9a..3b82ad8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,9 @@
-Noteworthy changes for version 1.0.1 (unreleased)
+Noteworthy changes for version 1.0.1 (2014-07-30)
 -------------------------------------------------
 
-* Avoid double starting of the UI-server.
+* Fixed segv in case GNUPGHOME is set.
+
+* Fixed possible double starting of the UI-server.
 
 
 Noteworthy changes for version 1.0.0 (2013-07-30)

-----------------------------------------------------------------------

Summary of changes:
 NEWS         |   10 ++++++++--
 configure.ac |    2 +-
 2 files changed, 9 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GnupG extension for the Windows Explorer
http://git.gnupg.org