From cvs at cvs.gnupg.org Mon Jun 2 12:29:54 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 12:29:54 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.22-19-g88ac956
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 88ac9568364b399b896de2d6f2432b1cb73415a8 (commit)
from b896fccaada0caf1987eb95ac99dd6b4ca609c4b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 88ac9568364b399b896de2d6f2432b1cb73415a8
Author: Werner Koch
Date: Mon Jun 2 11:47:25 2014 +0200
gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
(cherry picked from commit 99972bd6e9abea71f270284f49997de5f00208af)
Resolved conflicts:
g10/getkey.c - ignore whitespace changes.
diff --git a/g10/getkey.c b/g10/getkey.c
index 5e8c1c9..c0184c2 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3035,27 +3035,35 @@ get_long_user_id_string( u32 *keyid )
char*
get_user_id( u32 *keyid, size_t *rn )
{
- user_id_db_t r;
- char *p;
- int pass=0;
+ user_id_db_t r;
+ char *p;
+ int pass = 0;
- /* try it two times; second pass reads from key resources */
- do {
- for(r=user_id_db; r; r = r->next ) {
- keyid_list_t a;
- for (a=r->keyids; a; a= a->next ) {
- if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
- p = xmalloc( r->len );
- memcpy(p, r->name, r->len );
- *rn = r->len;
- return p;
- }
- }
- }
- } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
- p = xstrdup( user_id_not_found_utf8 () );
- *rn = strlen(p);
- return p;
+ /* Try it two times; second pass reads from key resources. */
+ do
+ {
+ for (r = user_id_db; r; r = r->next)
+ {
+ keyid_list_t a;
+ for (a = r->keyids; a; a = a->next)
+ {
+ if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
+ {
+ /* An empty string as user id is possible. Make
+ sure that the malloc allocates one byte and does
+ not bail out. */
+ p = xmalloc (r->len? r->len : 1);
+ memcpy (p, r->name, r->len);
+ *rn = r->len;
+ return p;
+ }
+ }
+ }
+ }
+ while (++pass < 2 && !get_pubkey (NULL, keyid));
+ p = xstrdup (user_id_not_found_utf8 ());
+ *rn = strlen (p);
+ return p;
}
char*
diff --git a/jnlib/xmalloc.c b/jnlib/xmalloc.c
index eb6d5ab..244f764 100644
--- a/jnlib/xmalloc.c
+++ b/jnlib/xmalloc.c
@@ -36,7 +36,15 @@ out_of_core(void)
void *
xmalloc( size_t n )
{
- void *p = malloc( n );
+ void *p;
+
+ /* Make sure that xmalloc (0) works. This is the same behaviour
+ has in gpg 2.x. Note that in contrast to this code, Libgcrypt
+ (and thus most xmallocs in gpg 2.x) detect the !n and bail out. */
+ if (!n)
+ n = 1;
+
+ p = malloc( n );
if( !p )
out_of_core();
return p;
@@ -54,7 +62,14 @@ xrealloc( void *a, size_t n )
void *
xcalloc( size_t n, size_t m )
{
- void *p = calloc( n, m );
+ void *p;
+
+ if (!n)
+ n = 1;
+ if (!m)
+ m = 1;
+
+ p = calloc( n, m );
if( !p )
out_of_core();
return p;
-----------------------------------------------------------------------
Summary of changes:
g10/getkey.c | 48 ++++++++++++++++++++++++++++--------------------
jnlib/xmalloc.c | 19 +++++++++++++++++--
2 files changed, 45 insertions(+), 22 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 12:30:01 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 12:30:01 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-426-g99972bd
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 99972bd6e9abea71f270284f49997de5f00208af (commit)
from 9e1c99f8009f056c39a7465b91912c136b248e8f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 99972bd6e9abea71f270284f49997de5f00208af
Author: Werner Koch
Date: Mon Jun 2 11:47:25 2014 +0200
gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
diff --git a/common/xmalloc.c b/common/xmalloc.c
index 999ec00..3378e48 100644
--- a/common/xmalloc.c
+++ b/common/xmalloc.c
@@ -47,7 +47,15 @@ out_of_core(void)
void *
xmalloc( size_t n )
{
- void *p = malloc( n );
+ void *p;
+
+ /* Make sure that xmalloc (0) works. This is the same behaviour
+ has in gpg 2.x. Note that in contrast to this code, Libgcrypt
+ (and thus most xmallocs in gpg 2.x) detect the !n and bail out. */
+ if (!n)
+ n = 1;
+
+ p = malloc( n );
if( !p )
out_of_core();
return p;
@@ -65,7 +73,14 @@ xrealloc( void *a, size_t n )
void *
xcalloc( size_t n, size_t m )
{
- void *p = calloc( n, m );
+ void *p;
+
+ if (!n)
+ n = 1;
+ if (!m)
+ m = 1;
+
+ p = calloc( n, m );
if( !p )
out_of_core();
return p;
diff --git a/g10/getkey.c b/g10/getkey.c
index 458672a..707a106 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2775,7 +2775,10 @@ get_user_id (u32 * keyid, size_t * rn)
{
if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
{
- p = xmalloc (r->len);
+ /* An empty string as user id is possible. Make
+ sure that the malloc allocates one byte and does
+ not bail out. */
+ p = xmalloc (r->len? r->len : 1);
memcpy (p, r->name, r->len);
*rn = r->len;
return p;
-----------------------------------------------------------------------
Summary of changes:
common/xmalloc.c | 19 +++++++++++++++++--
g10/getkey.c | 5 ++++-
2 files changed, 21 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 16:22:26 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 16:22:26 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-428-g715285b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 715285bcbc12c024dbd9b633805189c09173e317 (commit)
via 42c043a8ad542c131917879c9b458f234b4bb645 (commit)
from 99972bd6e9abea71f270284f49997de5f00208af (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 715285bcbc12c024dbd9b633805189c09173e317
Author: Werner Koch
Date: Mon Jun 2 16:02:30 2014 +0200
gpgsm: Handle re-issued CA certificates in a better way.
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--
The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.
As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.
GnuPG-bug-id: 1644
diff --git a/sm/certchain.c b/sm/certchain.c
index b51291d..5f5fd80 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -444,6 +444,8 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
int rc;
ksba_cert_t cert = NULL;
ksba_sexp_t subj = NULL;
+ int anyfound = 0;
+ ksba_isotime_t not_before, last_not_before;
keydb_search_reset (kh);
while (!(rc = keydb_search_subject (kh, issuer)))
@@ -460,10 +462,37 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
{
if (!cmp_simple_canon_sexp (keyid, subj))
- break; /* Found matching cert. */
+ {
+ /* Found matching cert. */
+ rc = ksba_cert_get_validity (cert, 0, not_before);
+ if (rc)
+ {
+ log_error ("keydb_get_validity() failed: rc=%d\n", rc);
+ rc = -1;
+ break;
+ }
+
+ if (!anyfound || strcmp (last_not_before, not_before) < 0)
+ {
+ /* This certificate is the first one found or newer
+ than the previous one. This copes with
+ re-issuing CA certificates while keeping the same
+ key information. */
+ anyfound = 1;
+ gnupg_copy_time (last_not_before, not_before);
+ keydb_push_found_state (kh);
+ }
+ }
}
}
+ if (anyfound)
+ {
+ /* Take the last saved one. */
+ keydb_pop_found_state (kh);
+ rc = 0; /* Ignore EOF or other error after the first cert. */
+ }
+
ksba_cert_release (cert);
xfree (subj);
return rc? -1:0;
@@ -606,6 +635,8 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
ksba_sexp_t keyid;
int rc = -1;
+ if (DBG_X509)
+ log_debug ("looking for parent certificate\n");
if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno))
{
const char *s = ksba_name_enum (authid, 0);
@@ -615,6 +646,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
if (rc)
keydb_search_reset (kh);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and sn+issuer\n");
+
/* In case of an error, try to get the certificate from the
dirmngr. That is done by trying to put that certifcate
into the ephemeral DB and let the code below do the
@@ -634,6 +668,9 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
rc = keydb_search_issuer_sn (kh, s, authidno);
if (rc)
keydb_search_reset (kh);
+
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and sn+issuer (ephem)\n");
}
keydb_set_ephemeral (kh, old);
}
@@ -649,11 +686,15 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
subjectKeyIdentifier. */
/* Fixme: Should we also search in the dirmngr? */
rc = find_up_search_by_keyid (kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and keyid\n");
if (rc)
{
int old = keydb_set_ephemeral (kh, 1);
if (!old)
rc = find_up_search_by_keyid (kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and keyid (ephem)\n");
keydb_set_ephemeral (kh, old);
}
if (rc)
@@ -678,11 +719,19 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
}
if (rc)
rc = -1; /* Need to make sure to have this error code. */
+
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and issuer from dirmngr cache\n");
}
/* If we still didn't found it, try an external lookup. */
if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
- rc = find_up_external (ctrl, kh, issuer, keyid);
+ {
+ rc = find_up_external (ctrl, kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and external lookup\n");
+ }
+
/* Print a note so that the user does not feel too helpless when
an issuer certificate was found and gpgsm prints BAD
@@ -733,11 +782,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
rc = keydb_search_subject (kh, issuer);
}
keydb_set_ephemeral (kh, old);
+
+ if (!rc && DBG_X509)
+ log_debug (" found via issuer\n");
}
/* Still not found. If enabled, try an external lookup. */
if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
- rc = find_up_external (ctrl, kh, issuer, NULL);
+ {
+ rc = find_up_external (ctrl, kh, issuer, NULL);
+ if (!rc && DBG_X509)
+ log_debug (" found via issuer and external lookup\n");
+ }
return rc;
}
commit 42c043a8ad542c131917879c9b458f234b4bb645
Author: Werner Koch
Date: Mon Jun 2 15:55:00 2014 +0200
gpgsm: Add a way to save a found state.
* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above. Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.
* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index f79c093..7bbcf83 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -85,6 +85,14 @@ struct keybox_name
};
+struct keybox_found_s
+{
+ KEYBOXBLOB blob;
+ off_t offset;
+ size_t pk_no;
+ size_t uid_no;
+ unsigned int n_packets; /*used for delete and update*/
+};
struct keybox_handle {
CONST_KB_NAME kb;
@@ -93,13 +101,8 @@ struct keybox_handle {
int eof;
int error;
int ephemeral;
- struct {
- KEYBOXBLOB blob;
- off_t offset;
- size_t pk_no;
- size_t uid_no;
- unsigned int n_packets; /*used for delete and update*/
- } found;
+ struct keybox_found_s found;
+ struct keybox_found_s saved_found;
struct {
char *name;
char *pattern;
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index d329941..8ae3ec3 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -148,6 +148,7 @@ keybox_release (KEYBOX_HANDLE hd)
hd->kb->handle_table[idx] = NULL;
}
_keybox_release_blob (hd->found.blob);
+ _keybox_release_blob (hd->saved_found.blob);
if (hd->fp)
{
fclose (hd->fp);
@@ -159,6 +160,35 @@ keybox_release (KEYBOX_HANDLE hd)
}
+/* Save the current found state in HD for later retrieval by
+ keybox_restore_found_state. Only one state may be saved. */
+void
+keybox_push_found_state (KEYBOX_HANDLE hd)
+{
+ if (hd->saved_found.blob)
+ {
+ _keybox_release_blob (hd->saved_found.blob);
+ hd->saved_found.blob = NULL;
+ }
+ hd->saved_found = hd->found;
+ hd->found.blob = NULL;
+}
+
+
+/* Restore the saved found state in HD. */
+void
+keybox_pop_found_state (KEYBOX_HANDLE hd)
+{
+ if (hd->found.blob)
+ {
+ _keybox_release_blob (hd->found.blob);
+ hd->found.blob = NULL;
+ }
+ hd->found = hd->saved_found;
+ hd->saved_found.blob = NULL;
+}
+
+
const char *
keybox_get_resource_name (KEYBOX_HANDLE hd)
{
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 4c447a5..96c6db5 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -64,6 +64,8 @@ int keybox_is_writable (void *token);
KEYBOX_HANDLE keybox_new (void *token, int secret);
void keybox_release (KEYBOX_HANDLE hd);
+void keybox_push_found_state (KEYBOX_HANDLE hd);
+void keybox_pop_found_state (KEYBOX_HANDLE hd);
const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
diff --git a/sm/keydb.c b/sm/keydb.c
index 845ebba..d9eb2e0 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -56,6 +56,7 @@ static int used_resources;
struct keydb_handle {
int locked;
int found;
+ int saved_found;
int current;
int is_ephemeral;
int used; /* items in active */
@@ -265,6 +266,7 @@ keydb_new (int secret)
hd = xcalloc (1, sizeof *hd);
hd->found = -1;
+ hd->saved_found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
@@ -476,6 +478,58 @@ unlock_all (KEYDB_HANDLE hd)
hd->locked = 0;
}
+
+
+/* Push the last found state if any. */
+void
+keydb_push_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ if (hd->found < 0 || hd->found >= hd->used)
+ {
+ hd->saved_found = -1;
+ return;
+ }
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_push_found_state (hd->active[hd->found].u.kr);
+ break;
+ }
+
+ hd->saved_found = hd->found;
+ hd->found = -1;
+}
+
+
+/* Pop the last found state. */
+void
+keydb_pop_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ hd->found = hd->saved_found;
+ hd->saved_found = -1;
+ if (hd->found < 0 || hd->found >= hd->used)
+ return;
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_pop_found_state (hd->active[hd->found].u.kr);
+ break;
+ }
+}
+
+
/*
Return the last found object. Caller must free it. The returned
diff --git a/sm/keydb.h b/sm/keydb.h
index 6e432f8..aec31c3 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -43,6 +43,8 @@ gpg_error_t keydb_get_flags (KEYDB_HANDLE hd, int which, int idx,
unsigned int *value);
gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx,
unsigned int value);
+void keydb_push_found_state (KEYDB_HANDLE hd);
+void keydb_pop_found_state (KEYDB_HANDLE hd);
int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert);
int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
int keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
-----------------------------------------------------------------------
Summary of changes:
kbx/keybox-defs.h | 17 +++++++++------
kbx/keybox-init.c | 30 ++++++++++++++++++++++++++
kbx/keybox.h | 2 ++
sm/certchain.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++---
sm/keydb.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++
sm/keydb.h | 2 ++
6 files changed, 157 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 16:22:38 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 16:22:38 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.22-21-g684b0bd
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 684b0bd4bfb846d03a531385e2d1251391dee1f5 (commit)
via 3121c4b6c17b19cbf2119d2658d69ce4cca908c6 (commit)
from 88ac9568364b399b896de2d6f2432b1cb73415a8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 684b0bd4bfb846d03a531385e2d1251391dee1f5
Author: Werner Koch
Date: Mon Jun 2 16:02:30 2014 +0200
gpgsm: Handle re-issued CA certificates in a better way.
* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.
--
The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.
As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.
GnuPG-bug-id: 1644
Resolved conflicts:
sm/certchain.c - whitespace fixes.
diff --git a/sm/certchain.c b/sm/certchain.c
index 0023a98..1fbe9ca 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -23,7 +23,7 @@
#include
#include
#include
-#include
+#include
#include
#include
#include
@@ -193,7 +193,7 @@ has_validation_model_chain (ksba_cert_t cert, int listmode, estream_t listfp)
if (opt.verbose)
do_list (0, listmode, listfp,
- _("validation model requested by certificate: %s"),
+ _("validation model requested by certificate: %s"),
!strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.1")? _("chain") :
!strcmp (oidbuf, "1.3.6.1.4.1.8301.3.5.2")? _("shell") :
/* */ oidbuf);
@@ -274,9 +274,9 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp)
/* Check whether CERT is an allowed certificate. This requires that
CERT matches all requirements for such a CA, i.e. the
BasicConstraints extension. The function returns 0 on success and
- the awlloed length of the chain at CHAINLEN. */
+ the allowed length of the chain at CHAINLEN. */
static int
-allowed_ca (ctrl_t ctrl,
+allowed_ca (ctrl_t ctrl,
ksba_cert_t cert, int *chainlen, int listmode, estream_t fp)
{
gpg_error_t err;
@@ -327,7 +327,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
any_critical = !!strstr (policies, ":C");
if (!opt.policy_file)
- {
+ {
xfree (policies);
if (any_critical)
{
@@ -358,7 +358,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
- for (;;)
+ for (;;)
{
int c;
char *p, line[256];
@@ -389,7 +389,7 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
fclose (fp);
return tmperr;
}
-
+
if (!*line || line[strlen(line)-1] != '\n')
{
/* eat until end of line */
@@ -400,13 +400,13 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
}
-
+
/* Allow for empty lines and spaces */
for (p=line; spacep (p); p++)
;
}
while (!*p || *p == '\n' || *p == '#');
-
+
/* parse line */
for (allowed=line; spacep (allowed); allowed++)
;
@@ -444,6 +444,8 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
int rc;
ksba_cert_t cert = NULL;
ksba_sexp_t subj = NULL;
+ int anyfound = 0;
+ ksba_isotime_t not_before, last_not_before;
keydb_search_reset (kh);
while (!(rc = keydb_search_subject (kh, issuer)))
@@ -460,10 +462,37 @@ find_up_search_by_keyid (KEYDB_HANDLE kh,
if (!ksba_cert_get_subj_key_id (cert, NULL, &subj))
{
if (!cmp_simple_canon_sexp (keyid, subj))
- break; /* Found matching cert. */
+ {
+ /* Found matching cert. */
+ rc = ksba_cert_get_validity (cert, 0, not_before);
+ if (rc)
+ {
+ log_error ("keydb_get_validity() failed: rc=%d\n", rc);
+ rc = -1;
+ break;
+ }
+
+ if (!anyfound || strcmp (last_not_before, not_before) < 0)
+ {
+ /* This certificate is the first one found or newer
+ than the previous one. This copes with
+ re-issuing CA certificates while keeping the same
+ key information. */
+ anyfound = 1;
+ gnupg_copy_time (last_not_before, not_before);
+ keydb_push_found_state (kh);
+ }
+ }
}
}
-
+
+ if (anyfound)
+ {
+ /* Take the last saved one. */
+ keydb_pop_found_state (kh);
+ rc = 0; /* Ignore EOF or other error after the first cert. */
+ }
+
ksba_cert_release (cert);
xfree (subj);
return rc? -1:0;
@@ -493,7 +522,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
int count = 0;
char *pattern;
const char *s;
-
+
if (opt.verbose)
log_info (_("looking up issuer at external location\n"));
/* The Dirmngr process is confused about unknown attributes. As a
@@ -515,7 +544,7 @@ find_up_external (ctrl_t ctrl, KEYDB_HANDLE kh,
if (opt.verbose)
log_info (_("number of issuers matching: %d\n"), count);
- if (rc)
+ if (rc)
{
log_error ("external key lookup failed: %s\n", gpg_strerror (rc));
rc = -1;
@@ -556,7 +585,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
char *pattern;
(void)kh;
-
+
if (opt.verbose)
log_info (_("looking up issuer from the Dirmngr cache\n"));
if (subject_mode)
@@ -583,7 +612,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
if (opt.verbose)
log_info (_("number of matching certificates: %d\n"), count);
- if (rc && !opt.quiet)
+ if (rc && !opt.quiet)
log_info (_("dirmngr cache-only key lookup failed: %s\n"),
gpg_strerror (rc));
return (!rc && count)? 0 : -1;
@@ -598,7 +627,7 @@ find_up_dirmngr (ctrl_t ctrl, KEYDB_HANDLE kh,
keydb_get_cert on the keyDb context KH will return it. Returns 0
on success, -1 if not found or an error code. */
static int
-find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
+find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
ksba_cert_t cert, const char *issuer, int find_next)
{
ksba_name_t authid;
@@ -606,6 +635,8 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
ksba_sexp_t keyid;
int rc = -1;
+ if (DBG_X509)
+ log_debug ("looking for parent certificate\n");
if (!ksba_cert_get_auth_key_id (cert, &keyid, &authid, &authidno))
{
const char *s = ksba_name_enum (authid, 0);
@@ -614,7 +645,10 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
rc = keydb_search_issuer_sn (kh, s, authidno);
if (rc)
keydb_search_reset (kh);
-
+
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and sn+issuer\n");
+
/* In case of an error, try to get the certificate from the
dirmngr. That is done by trying to put that certifcate
into the ephemeral DB and let the code below do the
@@ -627,17 +661,20 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
that in find_next mode because we can't keep the search
state then. */
if (rc == -1 && !find_next)
- {
+ {
int old = keydb_set_ephemeral (kh, 1);
if (!old)
{
rc = keydb_search_issuer_sn (kh, s, authidno);
if (rc)
keydb_search_reset (kh);
+
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and sn+issuer (ephem)\n");
}
keydb_set_ephemeral (kh, old);
}
- if (rc)
+ if (rc)
rc = -1; /* Need to make sure to have this error code. */
}
@@ -649,14 +686,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
subjectKeyIdentifier. */
/* Fixme: Should we also search in the dirmngr? */
rc = find_up_search_by_keyid (kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and keyid\n");
if (rc)
{
int old = keydb_set_ephemeral (kh, 1);
if (!old)
rc = find_up_search_by_keyid (kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and keyid (ephem)\n");
keydb_set_ephemeral (kh, old);
}
- if (rc)
+ if (rc)
rc = -1; /* Need to make sure to have this error code. */
}
@@ -676,13 +717,21 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
}
keydb_set_ephemeral (kh, old);
}
- if (rc)
+ if (rc)
rc = -1; /* Need to make sure to have this error code. */
+
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and issuer from dirmngr cache\n");
}
/* If we still didn't found it, try an external lookup. */
if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
- rc = find_up_external (ctrl, kh, issuer, keyid);
+ {
+ rc = find_up_external (ctrl, kh, issuer, keyid);
+ if (!rc && DBG_X509)
+ log_debug (" found via authid and external lookup\n");
+ }
+
/* Print a note so that the user does not feel too helpless when
an issuer certificate was found and gpgsm prints BAD
@@ -714,7 +763,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
ksba_name_release (authid);
xfree (authidno);
}
-
+
if (rc) /* Not found via authorithyKeyIdentifier, try regular issuer name. */
rc = keydb_search_subject (kh, issuer);
if (rc == -1 && !find_next)
@@ -733,11 +782,18 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
rc = keydb_search_subject (kh, issuer);
}
keydb_set_ephemeral (kh, old);
+
+ if (!rc && DBG_X509)
+ log_debug (" found via issuer\n");
}
/* Still not found. If enabled, try an external lookup. */
if (rc == -1 && opt.auto_issuer_key_retrieve && !find_next)
- rc = find_up_external (ctrl, kh, issuer, NULL);
+ {
+ rc = find_up_external (ctrl, kh, issuer, NULL);
+ if (!rc && DBG_X509)
+ log_debug (" found via issuer and external lookup\n");
+ }
return rc;
}
@@ -748,7 +804,7 @@ find_up (ctrl_t ctrl, KEYDB_HANDLE kh,
int
gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
{
- int rc = 0;
+ int rc = 0;
char *issuer = NULL;
char *subject = NULL;
KEYDB_HANDLE kh = keydb_new (0);
@@ -779,7 +835,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
if (is_root_cert (start, issuer, subject))
{
rc = -1; /* we are at the root */
- goto leave;
+ goto leave;
}
rc = find_up (ctrl, kh, start, issuer, 0);
@@ -803,7 +859,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
leave:
xfree (issuer);
xfree (subject);
- keydb_release (kh);
+ keydb_release (kh);
return rc;
}
@@ -850,20 +906,20 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
that is the case this is a root certificate. */
ak_name_str = ksba_name_enum (ak_name, 0);
if (ak_name_str
- && !strcmp (ak_name_str, issuerdn)
+ && !strcmp (ak_name_str, issuerdn)
&& !cmp_simple_canon_sexp (ak_sn, serialno))
{
result = 1; /* Right, CERT is self-signed. */
goto leave;
- }
-
+ }
+
/* Similar for the ak_keyid. */
if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
&& !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
{
result = 1; /* Right, CERT is self-signed. */
goto leave;
- }
+ }
leave:
@@ -872,7 +928,7 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
ksba_name_release (ak_name);
ksba_free (ak_sn);
ksba_free (serialno);
- return result;
+ return result;
}
@@ -896,7 +952,7 @@ gpgsm_is_root_cert (ksba_cert_t cert)
/* This is a helper for gpgsm_validate_chain. */
-static gpg_error_t
+static gpg_error_t
is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
int *any_revoked, int *any_no_crl, int *any_crl_too_old)
@@ -905,13 +961,13 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
if (opt.no_crl_check && !ctrl->use_ocsp)
{
- audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
+ audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK,
gpg_error (GPG_ERR_NOT_ENABLED));
return 0;
}
err = gpgsm_dirmngr_isvalid (ctrl,
- subject_cert, issuer_cert,
+ subject_cert, issuer_cert,
force_ocsp? 2 : !!ctrl->use_ocsp);
audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
@@ -948,7 +1004,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
"\"dirmngr\" is properly installed\n"));
*any_crl_too_old = 1;
break;
-
+
default:
do_list (1, lm, fp, _("checking the CRL failed: %s"),
gpg_strerror (err));
@@ -963,7 +1019,7 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
SUBJECT_CERT. The caller needs to pass EXPTIME which will be
updated to the nearest expiration time seen. A DEPTH of 0 indicates
the target certifciate, -1 the final root certificate and other
- values intermediate certificates. */
+ values intermediate certificates. */
static gpg_error_t
check_validity_period (ksba_isotime_t current_time,
ksba_cert_t subject_cert,
@@ -993,7 +1049,7 @@ check_validity_period (ksba_isotime_t current_time,
if (*not_before && strcmp (current_time, not_before) < 0 )
{
- do_list (1, listmode, listfp,
+ do_list (1, listmode, listfp,
depth == 0 ? _("certificate not yet valid") :
depth == -1 ? _("root certificate not yet valid") :
/* other */ _("intermediate certificate not yet valid"));
@@ -1004,8 +1060,8 @@ check_validity_period (ksba_isotime_t current_time,
log_printf (")\n");
}
return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
- }
-
+ }
+
if (*not_after && strcmp (current_time, not_after) > 0 )
{
do_list (opt.ignore_expiration?0:1, listmode, listfp,
@@ -1022,8 +1078,8 @@ check_validity_period (ksba_isotime_t current_time,
log_info ("WARNING: ignoring expiration\n");
else
return gpg_error (GPG_ERR_CERT_EXPIRED);
- }
-
+ }
+
return 0;
}
@@ -1070,7 +1126,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
log_printf (")\n");
return gpg_error (GPG_ERR_BAD_CERT);
}
-
+
if (!*exptime)
gnupg_copy_time (exptime, not_after);
else if (strcmp (not_after, exptime) < 0 )
@@ -1078,7 +1134,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
if (strcmp (current_time, not_before) < 0 )
{
- do_list (1, listmode, listfp,
+ do_list (1, listmode, listfp,
depth == 0 ? _("certificate not yet valid") :
depth == -1 ? _("root certificate not yet valid") :
/* other */ _("intermediate certificate not yet valid"));
@@ -1089,16 +1145,16 @@ check_validity_period_cm (ksba_isotime_t current_time,
log_printf (")\n");
}
return gpg_error (GPG_ERR_CERT_TOO_YOUNG);
- }
+ }
if (*check_time
- && (strcmp (check_time, not_before) < 0
+ && (strcmp (check_time, not_before) < 0
|| strcmp (check_time, not_after) > 0))
{
/* Note that we don't need a case for the root certificate
because its own consitency has already been checked. */
do_list(opt.ignore_expiration?0:1, listmode, listfp,
- depth == 0 ?
+ depth == 0 ?
_("signature not created during lifetime of certificate") :
depth == 1 ?
_("certificate not created during lifetime of issuer") :
@@ -1135,7 +1191,7 @@ check_validity_period_cm (ksba_isotime_t current_time,
static int
ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
{
- static int no_more_questions;
+ static int no_more_questions;
int rc;
char *fpr;
int success = 0;
@@ -1143,7 +1199,7 @@ ask_marktrusted (ctrl_t ctrl, ksba_cert_t cert, int listmode)
fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1);
log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
xfree (fpr);
-
+
if (no_more_questions)
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
@@ -1225,7 +1281,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
{
if (!strcmp (checktime_arg, "19700101T000000"))
{
- do_list (1, listmode, listfp,
+ do_list (1, listmode, listfp,
_("WARNING: creation time of signature not known - "
"assuming current time"));
gnupg_copy_time (check_time, current_time);
@@ -1314,7 +1370,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
if (has_validation_model_chain (subject_cert, listmode, listfp))
rootca_flags->chain_model = 1;
}
-
+
/* Check the validity period. */
if ( (flags & VALIDATE_FLAG_CHAIN_MODEL) )
@@ -1332,7 +1388,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
}
else if (rc)
goto leave;
-
+
/* Assert that we understand all critical extensions. */
rc = unknown_criticals (subject_cert, listmode, listfp);
@@ -1355,7 +1411,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
/* If this is the root certificate we are at the end of the chain. */
if (is_root)
- {
+ {
if (!istrusted_rc)
; /* No need to check the certificate for a trusted one. */
else if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
@@ -1378,8 +1434,8 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
if (rc)
goto leave;
}
-
-
+
+
/* Set the flag for qualified signatures. This flag is
deduced from a list of root certificates allowed for
qualified signatures. */
@@ -1388,15 +1444,15 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
gpg_error_t err;
size_t buflen;
char buf[1];
-
- if (!ksba_cert_get_user_data (cert, "is_qualified",
+
+ if (!ksba_cert_get_user_data (cert, "is_qualified",
&buf, sizeof (buf),
&buflen) && buflen)
{
/* We already checked this for this certificate,
thus we simply take it from the user data. */
is_qualified = !!*buf;
- }
+ }
else
{
/* Need to consult the list of root certificates for
@@ -1419,7 +1475,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
"is_qualified", buf, 1);
if (err)
log_error ("set_user_data(is_qualified) failed: %s\n",
- gpg_strerror (err));
+ gpg_strerror (err));
}
}
}
@@ -1431,7 +1487,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
;
else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
{
- do_list (0, listmode, listfp,
+ do_list (0, listmode, listfp,
_("root certificate is not marked trusted"));
/* If we already figured out that the certificate is
expired it does not make much sense to ask the user
@@ -1443,12 +1499,12 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
&& ask_marktrusted (ctrl, subject_cert, listmode) )
rc = 0;
}
- else
+ else
{
log_error (_("checking the trust list failed: %s\n"),
gpg_strerror (rc));
}
-
+
if (rc)
goto leave;
@@ -1456,9 +1512,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
if ((flags & VALIDATE_FLAG_NO_DIRMNGR))
;
else if (opt.no_trusted_cert_crl_check || rootca_flags->relax)
- ;
+ ;
else
- rc = is_cert_still_valid (ctrl,
+ rc = is_cert_still_valid (ctrl,
(flags & VALIDATE_FLAG_CHAIN_MODEL),
listmode, listfp,
subject_cert, subject_cert,
@@ -1470,7 +1526,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
break; /* Okay: a self-signed certicate is an end-point. */
} /* End is_root. */
-
+
/* Take care that the chain does not get too long. */
if ((depth+1) > maxdepth)
{
@@ -1552,7 +1608,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
do_list (0, listmode, listfp,
_("found another possible matching "
"CA certificate - trying again"));
- ksba_cert_release (issuer_cert);
+ ksba_cert_release (issuer_cert);
issuer_cert = tmp_cert;
goto try_another_cert;
}
@@ -1629,9 +1685,9 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
rc = 0;
else if (is_root && (opt.no_trusted_cert_crl_check
|| (!istrusted_rc && rootca_flags->relax)))
- rc = 0;
+ rc = 0;
else
- rc = is_cert_still_valid (ctrl,
+ rc = is_cert_still_valid (ctrl,
(flags & VALIDATE_FLAG_CHAIN_MODEL),
listmode, listfp,
subject_cert, issuer_cert,
@@ -1690,7 +1746,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
else if (any_no_policy_match)
rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
-
+
leave:
/* If we have traversed a complete chain up to the root we will
reset the ephemeral flag for all these certificates. This is done
@@ -1700,7 +1756,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
{
gpg_error_t err;
chain_item_t ci;
-
+
for (ci = chain; ci; ci = ci->next)
{
/* Note that it is possible for the last certificate in the
@@ -1714,7 +1770,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
;
else if (err)
log_error ("clearing ephemeral flag failed: %s\n",
- gpg_strerror (err));
+ gpg_strerror (err));
}
}
@@ -1729,14 +1785,14 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
char buf[1];
buf[0] = !!is_qualified;
-
+
for (ci = chain; ci; ci = ci->next)
{
err = ksba_cert_set_user_data (ci->cert, "is_qualified", buf, 1);
if (err)
{
log_error ("set_user_data(is_qualified) failed: %s\n",
- gpg_strerror (err));
+ gpg_strerror (err));
if (!rc)
rc = err;
}
@@ -1762,7 +1818,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
gnupg_copy_time (r_exptime, exptime);
xfree (issuer);
xfree (subject);
- keydb_release (kh);
+ keydb_release (kh);
while (chain)
{
chain_item_t ci_next = chain->next;
@@ -1807,7 +1863,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
*retflags = (flags & VALIDATE_FLAG_CHAIN_MODEL);
memset (&rootca_flags, 0, sizeof rootca_flags);
- rc = do_validate_chain (ctrl, cert, checktime,
+ rc = do_validate_chain (ctrl, cert, checktime,
r_exptime, listmode, listfp, flags,
&rootca_flags);
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED
@@ -1816,17 +1872,17 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime,
{
do_list (0, listmode, listfp, _("switching to chain model"));
rc = do_validate_chain (ctrl, cert, checktime,
- r_exptime, listmode, listfp,
+ r_exptime, listmode, listfp,
(flags |= VALIDATE_FLAG_CHAIN_MODEL),
&rootca_flags);
*retflags |= VALIDATE_FLAG_CHAIN_MODEL;
}
if (opt.verbose)
- do_list (0, listmode, listfp, _("validation model used: %s"),
+ do_list (0, listmode, listfp, _("validation model used: %s"),
(*retflags & VALIDATE_FLAG_CHAIN_MODEL)?
_("chain"):_("shell"));
-
+
return rc;
}
@@ -1843,7 +1899,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
char *subject = NULL;
KEYDB_HANDLE kh;
ksba_cert_t issuer_cert = NULL;
-
+
if (opt.no_chain_validation)
{
log_info ("WARNING: bypassing basic certificate checks\n");
@@ -1900,7 +1956,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave;
}
-
+
ksba_cert_release (issuer_cert); issuer_cert = NULL;
rc = keydb_get_cert (kh, &issuer_cert);
if (rc)
@@ -1930,7 +1986,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
leave:
xfree (issuer);
xfree (subject);
- keydb_release (kh);
+ keydb_release (kh);
ksba_cert_release (issuer_cert);
return rc;
}
@@ -1941,7 +1997,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
authority for qualified signature. They do not set the
basicConstraints and thus we need this workaround. It works by
looking up the root certificate and checking whether that one is
- listed as a qualified certificate for Germany.
+ listed as a qualified certificate for Germany.
We also try to cache this data but as long as don't keep a
reference to the certificate this won't be used.
@@ -1967,7 +2023,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
chainlen = &dummy_chainlen;
*chainlen = 0;
- err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen",
+ err = ksba_cert_get_user_data (cert, "regtp_ca_chainlen",
&buf, sizeof (buf), &buflen);
if (!err)
{
@@ -2024,7 +2080,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
"\x01\x00", 2);
if (err)
log_error ("ksba_set_user_data(%s) failed: %s\n",
- "regtp_ca_chainlen", gpg_strerror (err));
+ "regtp_ca_chainlen", gpg_strerror (err));
for (i=0; i < depth; i++)
ksba_cert_release (array[i]);
*chainlen = (depth>1? 0:1);
@@ -2033,11 +2089,11 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen)
leave:
/* Nothing special with this certificate. Mark the target
- certificate anyway to avoid duplicate lookups. */
+ certificate anyway to avoid duplicate lookups. */
err = ksba_cert_set_user_data (cert, "regtp_ca_chainlen", "", 1);
if (err)
log_error ("ksba_set_user_data(%s) failed: %s\n",
- "regtp_ca_chainlen", gpg_strerror (err));
+ "regtp_ca_chainlen", gpg_strerror (err));
for (i=0; i < depth; i++)
ksba_cert_release (array[i]);
return 0;
commit 3121c4b6c17b19cbf2119d2658d69ce4cca908c6
Author: Werner Koch
Date: Mon Jun 2 15:55:00 2014 +0200
gpgsm: Add a way to save a found state.
* kbx/keybox-defs.h (keybox_found_s): New.
(keybox_handle): Factor FOUND out to above. Add saved_found.
* kbx/keybox-init.c (keybox_release): Release saved_found.
(keybox_push_found_state, keybox_pop_found_state): New.
* sm/keydb.c (keydb_handle): Add field saved_found.
(keydb_new): Init it.
(keydb_push_found_state, keydb_pop_found_state): New.
--
Resolved conflicts:
kbx/keybox-defs.h - whitespace fixes.
diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h
index 626f3e5..728168d 100644
--- a/kbx/keybox-defs.h
+++ b/kbx/keybox-defs.h
@@ -54,7 +54,7 @@ typedef struct keyboxblob *KEYBOXBLOB;
typedef struct keybox_name *KB_NAME;
typedef struct keybox_name const *CONST_KB_NAME;
-struct keybox_name
+struct keybox_name
{
/* Link to the next resources, so that we can walk all
resources. */
@@ -70,7 +70,7 @@ struct keybox_name
entrues are set to NULL. HANDLE_TABLE may be NULL. */
KEYBOX_HANDLE *handle_table;
size_t handle_table_size;
-
+
/* Not yet used. */
int is_locked;
@@ -82,6 +82,14 @@ struct keybox_name
};
+struct keybox_found_s
+{
+ KEYBOXBLOB blob;
+ off_t offset;
+ size_t pk_no;
+ size_t uid_no;
+ unsigned int n_packets; /*used for delete and update*/
+};
struct keybox_handle {
CONST_KB_NAME kb;
@@ -89,14 +97,9 @@ struct keybox_handle {
FILE *fp;
int eof;
int error;
- int ephemeral;
- struct {
- KEYBOXBLOB blob;
- off_t offset;
- size_t pk_no;
- size_t uid_no;
- unsigned int n_packets; /*used for delete and update*/
- } found;
+ int ephemeral;
+ struct keybox_found_s found;
+ struct keybox_found_s saved_found;
struct {
char *name;
char *pattern;
@@ -215,7 +218,7 @@ void _keybox_free (void *p);
#define STR2(v) STR(v)
/*
- a couple of handy macros
+ a couple of handy macros
*/
#define return_if_fail(expr) do { \
diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c
index e413864..53c1c50 100644
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@@ -148,6 +148,7 @@ keybox_release (KEYBOX_HANDLE hd)
hd->kb->handle_table[idx] = NULL;
}
_keybox_release_blob (hd->found.blob);
+ _keybox_release_blob (hd->saved_found.blob);
if (hd->fp)
{
fclose (hd->fp);
@@ -159,6 +160,35 @@ keybox_release (KEYBOX_HANDLE hd)
}
+/* Save the current found state in HD for later retrieval by
+ keybox_restore_found_state. Only one state may be saved. */
+void
+keybox_push_found_state (KEYBOX_HANDLE hd)
+{
+ if (hd->saved_found.blob)
+ {
+ _keybox_release_blob (hd->saved_found.blob);
+ hd->saved_found.blob = NULL;
+ }
+ hd->saved_found = hd->found;
+ hd->found.blob = NULL;
+}
+
+
+/* Restore the saved found state in HD. */
+void
+keybox_pop_found_state (KEYBOX_HANDLE hd)
+{
+ if (hd->found.blob)
+ {
+ _keybox_release_blob (hd->found.blob);
+ hd->found.blob = NULL;
+ }
+ hd->found = hd->saved_found;
+ hd->saved_found.blob = NULL;
+}
+
+
const char *
keybox_get_resource_name (KEYBOX_HANDLE hd)
{
diff --git a/kbx/keybox.h b/kbx/keybox.h
index 4330694..e0d8c53 100644
--- a/kbx/keybox.h
+++ b/kbx/keybox.h
@@ -68,6 +68,8 @@ int keybox_is_writable (void *token);
KEYBOX_HANDLE keybox_new (void *token, int secret);
void keybox_release (KEYBOX_HANDLE hd);
+void keybox_push_found_state (KEYBOX_HANDLE hd);
+void keybox_pop_found_state (KEYBOX_HANDLE hd);
const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
diff --git a/sm/keydb.c b/sm/keydb.c
index 37f791e..5547405 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -56,6 +56,7 @@ static int used_resources;
struct keydb_handle {
int locked;
int found;
+ int saved_found;
int current;
int is_ephemeral;
int used; /* items in active */
@@ -265,6 +266,7 @@ keydb_new (int secret)
hd = xcalloc (1, sizeof *hd);
hd->found = -1;
+ hd->saved_found = -1;
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
@@ -476,6 +478,58 @@ unlock_all (KEYDB_HANDLE hd)
hd->locked = 0;
}
+
+
+/* Push the last found state if any. */
+void
+keydb_push_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ if (hd->found < 0 || hd->found >= hd->used)
+ {
+ hd->saved_found = -1;
+ return;
+ }
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_push_found_state (hd->active[hd->found].u.kr);
+ break;
+ }
+
+ hd->saved_found = hd->found;
+ hd->found = -1;
+}
+
+
+/* Pop the last found state. */
+void
+keydb_pop_found_state (KEYDB_HANDLE hd)
+{
+ if (!hd)
+ return;
+
+ hd->found = hd->saved_found;
+ hd->saved_found = -1;
+ if (hd->found < 0 || hd->found >= hd->used)
+ return;
+
+ switch (hd->active[hd->found].type)
+ {
+ case KEYDB_RESOURCE_TYPE_NONE:
+ break;
+ case KEYDB_RESOURCE_TYPE_KEYBOX:
+ keybox_pop_found_state (hd->active[hd->found].u.kr);
+ break;
+ }
+}
+
+
#if 0
/*
diff --git a/sm/keydb.h b/sm/keydb.h
index a440c50..f51d79d 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -49,6 +49,8 @@ gpg_error_t keydb_get_flags (KEYDB_HANDLE hd, int which, int idx,
unsigned int *value);
gpg_error_t keydb_set_flags (KEYDB_HANDLE hd, int which, int idx,
unsigned int value);
+void keydb_push_found_state (KEYDB_HANDLE hd);
+void keydb_pop_found_state (KEYDB_HANDLE hd);
int keydb_get_cert (KEYDB_HANDLE hd, ksba_cert_t *r_cert);
int keydb_insert_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
int keydb_update_cert (KEYDB_HANDLE hd, ksba_cert_t cert);
-----------------------------------------------------------------------
Summary of changes:
kbx/keybox-defs.h | 25 +++---
kbx/keybox-init.c | 30 +++++++
kbx/keybox.h | 2 +
sm/certchain.c | 228 +++++++++++++++++++++++++++++++++--------------------
sm/keydb.c | 54 +++++++++++++
sm/keydb.h | 2 +
6 files changed, 244 insertions(+), 97 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 17:36:17 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 17:36:17 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.22-22-gce98935
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via ce989354fb7813022139838c26684a8db6d79ccf (commit)
from 684b0bd4bfb846d03a531385e2d1251391dee1f5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ce989354fb7813022139838c26684a8db6d79ccf
Author: Werner Koch
Date: Mon Jun 2 17:33:18 2014 +0200
gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--
The old code still merged the first user id into the key packet line
which resulted in all kind of complexity. --fixed-list-mode is
meanwhile the default and thus we also change this part of the code.
GnuPG-bug-id: 1640
diff --git a/g10/mainproc.c b/g10/mainproc.c
index d399455..551ab58 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -917,7 +917,6 @@ print_userid( PACKET *pkt )
static void
list_node( CTX c, KBNODE node )
{
- int any=0;
int mainkey;
if( !node )
@@ -945,47 +944,55 @@ list_node( CTX c, KBNODE node )
if( mainkey && !opt.fast_list_mode )
putchar( get_ownertrust_info (pk) );
putchar(':');
- if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
- putchar('\n'); any=1;
- if( opt.fingerprint )
- print_fingerprint( pk, NULL, 0 );
- printf("rtv:1:%u:\n",
- node->next->pkt->pkt.ring_trust->trustval );
- }
- }
+ }
else
- printf("%s %4u%c/%s %s%s",
- mainkey? "pub":"sub", nbits_from_pk( pk ),
- pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
- datestr_from_pk( pk ), mainkey?" ":"");
+ {
+ printf("%s %4u%c/%s %s",
+ mainkey? "pub":"sub", nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ), keystr_from_pk( pk ),
+ datestr_from_pk (pk));
+ }
+
+ if (pk->is_revoked)
+ {
+ printf(" [");
+ printf(_("revoked: %s"),revokestr_from_pk(pk));
+ printf("]\n");
+ }
+ else if (pk->expiredate && !opt.with_colons)
+ {
+ printf(" [");
+ printf(_("expires: %s"),expirestr_from_pk(pk));
+ printf("]\n");
+ }
+ else
+ putchar ('\n');
+
+ if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
+ print_fingerprint (pk, NULL, 0);
+
+ if (opt.with_colons)
+ {
+ if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
+ printf("rtv:1:%u:\n", node->next->pkt->pkt.ring_trust->trustval);
+ }
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SIGNATURE ) {
- if( !any ) {
- if( node->pkt->pkt.signature->sig_class == 0x20 )
- puts("[revoked]");
- else
- putchar('\n');
- any = 1;
- }
list_node(c, node );
}
else if( node->pkt->pkttype == PKT_USER_ID ) {
- if( any ) {
- if( opt.with_colons )
- printf("%s:::::::::",
- node->pkt->pkt.user_id->attrib_data?"uat":"uid");
- else
- printf( "uid%*s", 28, "" );
- }
+ if( opt.with_colons )
+ printf("%s:::::::::",
+ node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+ else
+ printf( "uid%*s", 28, "" );
print_userid( node->pkt );
if( opt.with_colons )
putchar(':');
putchar('\n');
- if( opt.fingerprint && !any )
- print_fingerprint( pk, NULL, 0 );
if( opt.with_colons
&& node->next
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
@@ -993,38 +1000,12 @@ list_node( CTX c, KBNODE node )
node->next->pkt->pkt.ring_trust?
node->next->pkt->pkt.ring_trust->trustval : 0);
}
- any=1;
}
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- if( !any ) {
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
+ list_node(c, node );
}
}
}
- else
- {
- /* of subkey */
- if( pk->is_revoked )
- {
- printf(" [");
- printf(_("revoked: %s"),revokestr_from_pk(pk));
- printf("]");
- }
- else if( pk->expiredate )
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_pk(pk));
- printf("]");
- }
- }
-
- if( !any )
- putchar('\n');
- if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint( pk, NULL, 0 );
}
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
@@ -1040,55 +1021,39 @@ list_node( CTX c, KBNODE node )
sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
colon_datestr_from_sk( sk ),
- colon_strtime (sk->expiredate)
- /* fixme: add LID */ );
+ colon_strtime (sk->expiredate));
}
else
printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
keystr_from_sk( sk ), datestr_from_sk( sk ));
+
+ putchar ('\n');
+ if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
+ print_fingerprint (NULL, sk,0);
+
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SIGNATURE ) {
- if( !any ) {
- if( node->pkt->pkt.signature->sig_class == 0x20 )
- puts("[revoked]");
- else
- putchar('\n');
- any = 1;
- }
list_node(c, node );
}
else if( node->pkt->pkttype == PKT_USER_ID ) {
- if( any ) {
- if( opt.with_colons )
- printf("%s:::::::::",
- node->pkt->pkt.user_id->attrib_data?"uat":"uid");
- else
- printf( "uid%*s", 28, "" );
- }
+ if( opt.with_colons )
+ printf("%s:::::::::",
+ node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+ else
+ printf( "uid%*s", 28, "" );
print_userid( node->pkt );
if( opt.with_colons )
putchar(':');
putchar('\n');
- if( opt.fingerprint && !any )
- print_fingerprint( NULL, sk, 0 );
- any=1;
}
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- if( !any ) {
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
+ list_node(c, node );
}
}
}
- if( !any )
- putchar('\n');
- if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint( NULL, sk, 0 );
}
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
-----------------------------------------------------------------------
Summary of changes:
g10/mainproc.c | 133 +++++++++++++++++++++-----------------------------------
1 file changed, 49 insertions(+), 84 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 18:35:57 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 18:35:57 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.22-23-g6af1940
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6af194038aebac71d539b3aa40465c8110591829 (commit)
from ce989354fb7813022139838c26684a8db6d79ccf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6af194038aebac71d539b3aa40465c8110591829
Author: Werner Koch
Date: Mon Jun 2 18:38:04 2014 +0200
gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--
This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a
broken MPI.
GnuPG-bug-id: 1593
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 11480dd..ab4655d 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -111,24 +111,31 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
/*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c*/
int c, c1, c2, i;
+ unsigned int nmax = *ret_nread;
unsigned int nbits, nbytes;
size_t nread = 0;
gcry_mpi_t a = NULL;
byte *buf = NULL;
byte *p;
+ if (!nmax)
+ goto overflow;
+
if ( (c = c1 = iobuf_get (inp)) == -1 )
goto leave;
+ if (++nread == nmax)
+ goto overflow;
nbits = c << 8;
if ( (c = c2 = iobuf_get (inp)) == -1 )
goto leave;
+ ++nread;
nbits |= c;
if ( nbits > MAX_EXTERN_MPI_BITS )
{
log_error("mpi too large (%u bits)\n", nbits);
goto leave;
}
- nread = 2;
+
nbytes = (nbits+7) / 8;
buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
p = buf;
@@ -137,6 +144,8 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
for ( i=0 ; i < nbytes; i++ )
{
p[i+2] = iobuf_get(inp) & 0xff;
+ if (nread == nmax)
+ goto overflow;
nread++;
}
@@ -152,12 +161,15 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
a = NULL;
}
+ *ret_nread = nread;
+ gcry_free(buf);
+ return a;
+
+ overflow:
+ log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
leave:
+ *ret_nread = nread;
gcry_free(buf);
- if ( nread > *ret_nread )
- log_bug ("mpi larger than packet");
- else
- *ret_nread = nread;
return a;
}
-----------------------------------------------------------------------
Summary of changes:
g10/parse-packet.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 2 19:52:36 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 02 Jun 2014 19:52:36 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-431-g958e5f2
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 958e5f292fa3f8e127f54bc088c56780c564dcae (commit)
via f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0 (commit)
via d9cde7ba7d4556b216f062d0cf92d60cbb204b00 (commit)
from 715285bcbc12c024dbd9b633805189c09173e317 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 958e5f292fa3f8e127f54bc088c56780c564dcae
Author: Werner Koch
Date: Mon Jun 2 19:51:23 2014 +0200
gpg: Avoid NULL-deref in default key listing.
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--
This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
diff --git a/g10/keyid.c b/g10/keyid.c
index 2883af1..9c94bd6 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -167,7 +167,15 @@ hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
{
for (i=0; i < npkey; i++ )
{
- if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
+ if (!pk->pkey[i])
+ {
+ /* This case may only happen if the parsing of the MPI
+ failed but the key was anyway created. May happen
+ during "gpg KEYFILE". */
+ pp[i] = NULL;
+ nn[i] = 0;
+ }
+ else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
{
const void *p;
diff --git a/g10/misc.c b/g10/misc.c
index 54ddad2..e219d76 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1628,46 +1628,54 @@ pubkey_get_nenc (pubkey_algo_t algo)
unsigned int
pubkey_nbits( int algo, gcry_mpi_t *key )
{
- int rc, nbits;
- gcry_sexp_t sexp;
+ int rc, nbits;
+ gcry_sexp_t sexp;
- if( algo == PUBKEY_ALGO_DSA ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- key[0], key[1], key[2], key[3] );
+ if (algo == PUBKEY_ALGO_DSA
+ && key[0] && key[1] && key[2] && key[3])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ key[0], key[1], key[2], key[3] );
}
- else if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(elg(p%m)(g%m)(y%m)))",
- key[0], key[1], key[2] );
+ else if ((algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
+ && key[0] && key[1] && key[2])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(elg(p%m)(g%m)(y%m)))",
+ key[0], key[1], key[2] );
}
- else if( is_RSA (algo) ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- key[0], key[1] );
+ else if (is_RSA (algo)
+ && key[0] && key[1])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ key[0], key[1] );
}
- else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH
- || algo == PUBKEY_ALGO_EDDSA) {
- char *curve = openpgp_oid_to_str (key[0]);
- if (!curve)
- rc = gpg_error_from_syserror ();
- else
- {
- rc = gcry_sexp_build (&sexp, NULL,
- "(public-key(ecc(curve%s)(q%m)))",
- curve, key[1]);
- xfree (curve);
- }
+ else if ((algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH
+ || algo == PUBKEY_ALGO_EDDSA)
+ && key[0] && key[1])
+ {
+ char *curve = openpgp_oid_to_str (key[0]);
+ if (!curve)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(ecc(curve%s)(q%m)))",
+ curve, key[1]);
+ xfree (curve);
+ }
}
- else
- return 0;
+ else
+ return 0;
- if ( rc )
- BUG ();
+ if (rc)
+ BUG ();
- nbits = gcry_pk_get_nbits( sexp );
- gcry_sexp_release( sexp );
- return nbits;
+ nbits = gcry_pk_get_nbits (sexp);
+ gcry_sexp_release (sexp);
+ return nbits;
}
commit f3249b1c4d0f2e9e0e8956042677e47fc9c6f6c0
Author: Werner Koch
Date: Mon Jun 2 19:50:18 2014 +0200
gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--
GnuPG-bug-id: 1640
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 28bb05e..890c0a4 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -921,267 +921,203 @@ print_userid( PACKET *pkt )
static void
list_node( CTX c, KBNODE node )
{
- int any=0;
- int mainkey;
- char pkstrbuf[PUBKEY_STRING_SIZE];
+ int mainkey;
+ char pkstrbuf[PUBKEY_STRING_SIZE];
- if( !node )
- ;
- else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- PKT_public_key *pk = node->pkt->pkt.public_key;
+ if (!node)
+ ;
+ else if ((mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY))
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
- if( opt.with_colons )
- {
- u32 keyid[2];
- keyid_from_pk( pk, keyid );
- if( mainkey )
- c->trustletter = opt.fast_list_mode?
- 0 : get_validity_info( pk, NULL );
- printf("%s:", mainkey? "pub":"sub" );
- if( c->trustletter )
- putchar( c->trustletter );
- printf(":%u:%d:%08lX%08lX:%s:%s::",
- nbits_from_pk( pk ),
- pk->pubkey_algo,
- (ulong)keyid[0],(ulong)keyid[1],
- colon_datestr_from_pk( pk ),
- colon_strtime (pk->expiredate) );
- if( mainkey && !opt.fast_list_mode )
- putchar( get_ownertrust_info (pk) );
- putchar(':');
- if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
- putchar('\n'); any=1;
- if( opt.fingerprint )
- print_fingerprint (NULL, pk, 0);
- printf("rtv:1:%u:\n",
- node->next->pkt->pkt.ring_trust->trustval );
- }
- }
- else
- printf("%s %s/%s %s%s",
- mainkey? "pub":"sub",
- pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
- keystr_from_pk( pk ),
- datestr_from_pk( pk ), mainkey?" ":"");
-
- if( mainkey ) {
- /* and now list all userids with their signatures */
- for( node = node->next; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SIGNATURE ) {
- if( !any ) {
- if( node->pkt->pkt.signature->sig_class == 0x20 )
- puts("[revoked]");
- else
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
- }
- else if( node->pkt->pkttype == PKT_USER_ID ) {
- if( any ) {
- if( opt.with_colons )
- printf("%s:::::::::",
- node->pkt->pkt.user_id->attrib_data?"uat":"uid");
- else
- printf( "uid%*s", 28, "" );
- }
- print_userid( node->pkt );
- if( opt.with_colons )
- putchar(':');
- putchar('\n');
- if( opt.fingerprint && !any )
- print_fingerprint (NULL, pk, 0 );
- if( opt.with_colons
- && node->next
- && node->next->pkt->pkttype == PKT_RING_TRUST ) {
- printf("rtv:2:%u:\n",
- node->next->pkt->pkt.ring_trust?
- node->next->pkt->pkt.ring_trust->trustval : 0);
- }
- any=1;
- }
- else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- if( !any ) {
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
- }
- }
- }
- else
- {
- /* of subkey */
- if( pk->flags.revoked )
- {
- printf(" [");
- printf(_("revoked: %s"),revokestr_from_pk(pk));
- printf("]");
- }
- else if( pk->expiredate )
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_pk(pk));
- printf("]");
- }
- }
+ if (opt.with_colons)
+ {
+ u32 keyid[2];
+
+ keyid_from_pk( pk, keyid );
+ if (mainkey)
+ c->trustletter = (opt.fast_list_mode?
+ 0 : get_validity_info( pk, NULL));
+ es_printf ("%s:", mainkey? "pub":"sub" );
+ if (c->trustletter)
+ es_putc (c->trustletter, es_stdout);
+ es_printf (":%u:%d:%08lX%08lX:%s:%s::",
+ nbits_from_pk( pk ),
+ pk->pubkey_algo,
+ (ulong)keyid[0],(ulong)keyid[1],
+ colon_datestr_from_pk( pk ),
+ colon_strtime (pk->expiredate) );
+ if (mainkey && !opt.fast_list_mode)
+ es_putc (get_ownertrust_info (pk), es_stdout);
+ es_putc (':', es_stdout);
+ }
+ else
+ es_printf ("%s %s/%s %s",
+ mainkey? "pub":"sub",
+ pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
+ keystr_from_pk (pk),
+ datestr_from_pk (pk));
- if( !any )
- putchar('\n');
- if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint (NULL, pk, 0);
+ if (pk->flags.revoked)
+ {
+ es_printf (" [");
+ es_printf (_("revoked: %s"), revokestr_from_pk (pk));
+ es_printf ("]\n");
+ }
+ else if( pk->expiredate && !opt.with_colons)
+ {
+ es_printf (" [");
+ es_printf (_("expires: %s"), expirestr_from_pk (pk));
+ es_printf ("]\n");
+ }
+ else
+ es_putc ('\n', es_stdout);
+
+ if ((mainkey && opt.fingerprint) || opt.fingerprint > 1)
+ print_fingerprint (NULL, pk, 0);
+
+ if (opt.with_colons)
+ {
+ if (node->next && node->next->pkt->pkttype == PKT_RING_TRUST)
+ es_printf ("rtv:1:%u:\n",
+ node->next->pkt->pkt.ring_trust->trustval);
+ }
+
+ if (mainkey)
+ {
+ /* Now list all userids with their signatures. */
+ for (node = node->next; node; node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ list_node (c, node );
+ }
+ else if (node->pkt->pkttype == PKT_USER_ID)
+ {
+ if (opt.with_colons)
+ es_printf ("%s:::::::::",
+ node->pkt->pkt.user_id->attrib_data?"uat":"uid");
+ else
+ es_printf ("uid%*s", 28, "" );
+ print_userid (node->pkt);
+ if (opt.with_colons)
+ es_putc (':', es_stdout);
+ es_putc ('\n', es_stdout);
+ if (opt.with_colons
+ && node->next
+ && node->next->pkt->pkttype == PKT_RING_TRUST)
+ {
+ es_printf ("rtv:2:%u:\n",
+ node->next->pkt->pkt.ring_trust?
+ node->next->pkt->pkt.ring_trust->trustval : 0);
+ }
+ }
+ else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ list_node(c, node );
+ }
+ }
+ }
}
- else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
- || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ else if ((mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
log_debug ("FIXME: No way to print secret key packets here\n");
- /* fixme: We may use a fucntion to trun a secret key packet into
+ /* fixme: We may use a fucntion to turn a secret key packet into
a public key one and use that here. */
- /* PKT_secret_key *sk = node->pkt->pkt.secret_key; */
-
- /* if( opt.with_colons ) */
- /* { */
- /* u32 keyid[2]; */
- /* keyid_from_sk( sk, keyid ); */
- /* printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */
- /* mainkey? "sec":"ssb", */
- /* nbits_from_sk( sk ), */
- /* sk->pubkey_algo, */
- /* (ulong)keyid[0],(ulong)keyid[1], */
- /* colon_datestr_from_sk( sk ), */
- /* colon_strtime (sk->expiredate) */
- /* /\* fixme: add LID *\/ ); */
- /* } */
- /* else */
- /* printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", */
- /* nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */
- /* keystr_from_sk( sk ), datestr_from_sk( sk )); */
- /* if( mainkey ) { */
- /* /\* and now list all userids with their signatures *\/ */
- /* for( node = node->next; node; node = node->next ) { */
- /* if( node->pkt->pkttype == PKT_SIGNATURE ) { */
- /* if( !any ) { */
- /* if( node->pkt->pkt.signature->sig_class == 0x20 ) */
- /* puts("[revoked]"); */
- /* else */
- /* putchar('\n'); */
- /* any = 1; */
- /* } */
- /* list_node(c, node ); */
- /* } */
- /* else if( node->pkt->pkttype == PKT_USER_ID ) { */
- /* if( any ) { */
- /* if( opt.with_colons ) */
- /* printf("%s:::::::::", */
- /* node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */
- /* else */
- /* printf( "uid%*s", 28, "" ); */
- /* } */
- /* print_userid( node->pkt ); */
- /* if( opt.with_colons ) */
- /* putchar(':'); */
- /* putchar('\n'); */
- /* if( opt.fingerprint && !any ) */
- /* print_fingerprint( NULL, sk, 0 ); */
- /* any=1; */
- /* } */
- /* else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */
- /* if( !any ) { */
- /* putchar('\n'); */
- /* any = 1; */
- /* } */
- /* list_node(c, node ); */
- /* } */
- /* } */
- /* } */
- /* if( !any ) */
- /* putchar('\n'); */
- /* if( !mainkey && opt.fingerprint > 1 ) */
- /* print_fingerprint( NULL, sk, 0 ); */
}
- else if( node->pkt->pkttype == PKT_SIGNATURE ) {
- PKT_signature *sig = node->pkt->pkt.signature;
- int is_selfsig = 0;
- int rc2=0;
- size_t n;
- char *p;
- int sigrc = ' ';
+ else if (node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int is_selfsig = 0;
+ int rc2 = 0;
+ size_t n;
+ char *p;
+ int sigrc = ' ';
- if( !opt.verbose )
- return;
+ if (!opt.verbose)
+ return;
- if( sig->sig_class == 0x20 || sig->sig_class == 0x30 )
- fputs("rev", stdout);
- else
- fputs("sig", stdout);
- if( opt.check_sigs ) {
- fflush(stdout);
- rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL );
- switch (gpg_err_code (rc2)) {
- case 0: sigrc = '!'; break;
- case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
- case GPG_ERR_NO_PUBKEY:
- case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
- default: sigrc = '%'; break;
+ if (sig->sig_class == 0x20 || sig->sig_class == 0x30)
+ es_fputs ("rev", es_stdout);
+ else
+ es_fputs ("sig", es_stdout);
+ if (opt.check_sigs)
+ {
+ fflush (stdout);
+ rc2 = do_check_sig (c, node, &is_selfsig, NULL, NULL);
+ switch (gpg_err_code (rc2))
+ {
+ case 0: sigrc = '!'; break;
+ case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
+ default: sigrc = '%'; break;
}
}
- else { /* check whether this is a self signature */
- u32 keyid[2];
+ else /* Check whether this is a self signature. */
+ {
+ u32 keyid[2];
- if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
- || c->list->pkt->pkttype == PKT_SECRET_KEY )
- {
- keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
+ if (c->list->pkt->pkttype == PKT_PUBLIC_KEY
+ || c->list->pkt->pkttype == PKT_SECRET_KEY )
+ {
+ keyid_from_pk (c->list->pkt->pkt.public_key, keyid);
- if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
- is_selfsig = 1;
- }
+ if (keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1])
+ is_selfsig = 1;
+ }
}
- if( opt.with_colons ) {
- putchar(':');
- if( sigrc != ' ' )
- putchar(sigrc);
- printf("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
- (ulong)sig->keyid[0], (ulong)sig->keyid[1],
- colon_datestr_from_sig(sig),
- colon_expirestr_from_sig(sig));
-
- if(sig->trust_depth || sig->trust_value)
- printf("%d %d",sig->trust_depth,sig->trust_value);
- printf(":");
-
- if(sig->trust_regexp)
- es_write_sanitized (es_stdout,sig->trust_regexp,
- strlen(sig->trust_regexp), ":", NULL);
- printf(":");
+
+ if (opt.with_colons)
+ {
+ es_putc (':', es_stdout);
+ if (sigrc != ' ')
+ es_putc (sigrc, es_stdout);
+ es_printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+ (ulong)sig->keyid[0], (ulong)sig->keyid[1],
+ colon_datestr_from_sig (sig),
+ colon_expirestr_from_sig (sig));
+
+ if (sig->trust_depth || sig->trust_value)
+ es_printf ("%d %d",sig->trust_depth,sig->trust_value);
+ es_putc (':', es_stdout);
+
+ if (sig->trust_regexp)
+ es_write_sanitized (es_stdout, sig->trust_regexp,
+ strlen (sig->trust_regexp), ":", NULL);
+ es_putc (':', es_stdout);
}
- else
- printf("%c %s %s ",
- sigrc, keystr(sig->keyid), datestr_from_sig(sig));
- if( sigrc == '%' )
- printf("[%s] ", g10_errstr(rc2) );
- else if( sigrc == '?' )
- ;
- else if( is_selfsig ) {
- if( opt.with_colons )
- putchar(':');
- fputs( sig->sig_class == 0x18? "[keybind]":"[selfsig]", stdout);
- if( opt.with_colons )
- putchar(':');
+ else
+ es_printf ("%c %s %s ",
+ sigrc, keystr (sig->keyid), datestr_from_sig(sig));
+ if (sigrc == '%')
+ es_printf ("[%s] ", g10_errstr(rc2) );
+ else if (sigrc == '?')
+ ;
+ else if (is_selfsig)
+ {
+ if (opt.with_colons)
+ es_putc (':', es_stdout);
+ es_fputs (sig->sig_class == 0x18? "[keybind]":"[selfsig]", es_stdout);
+ if (opt.with_colons)
+ es_putc (':', es_stdout);
}
- else if( !opt.fast_list_mode ) {
- p = get_user_id( sig->keyid, &n );
- es_write_sanitized (es_stdout, p, n,
- opt.with_colons?":":NULL, NULL );
- xfree(p);
+ else if (!opt.fast_list_mode)
+ {
+ p = get_user_id (sig->keyid, &n);
+ es_write_sanitized (es_stdout, p, n,
+ opt.with_colons?":":NULL, NULL );
+ xfree (p);
}
- if( opt.with_colons )
- printf(":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
- putchar('\n');
+ if (opt.with_colons)
+ es_printf (":%02x%c:", sig->sig_class, sig->flags.exportable?'x':'l');
+ es_putc ('\n', es_stdout);
}
- else
- log_error("invalid node with packet of type %d\n", node->pkt->pkttype);
+ else
+ log_error ("invalid node with packet of type %d\n", node->pkt->pkttype);
}
commit d9cde7ba7d4556b216f062d0cf92d60cbb204b00
Author: Werner Koch
Date: Mon Jun 2 18:38:04 2014 +0200
gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--
This gets gpg 2.x in sync to what gpg 1.4 does. No need to die for a
broken MPI.
GnuPG-bug-id: 1593
Resolved conflicts:
g10/parse-packet.c - whitespaces fixes.
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 424b052..26ca038 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -107,27 +107,32 @@ read_32 (IOBUF inp)
static gcry_mpi_t
mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
{
- /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c */
-
int c, c1, c2, i;
+ unsigned int nmax = *ret_nread;
unsigned int nbits, nbytes;
size_t nread = 0;
gcry_mpi_t a = NULL;
byte *buf = NULL;
byte *p;
+ if (!nmax)
+ goto overflow;
+
if ((c = c1 = iobuf_get (inp)) == -1)
goto leave;
+ if (++nread == nmax)
+ goto overflow;
nbits = c << 8;
if ((c = c2 = iobuf_get (inp)) == -1)
goto leave;
+ ++nread;
nbits |= c;
if (nbits > MAX_EXTERN_MPI_BITS)
{
log_error ("mpi too large (%u bits)\n", nbits);
goto leave;
}
- nread = 2;
+
nbytes = (nbits + 7) / 8;
buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
p = buf;
@@ -136,18 +141,23 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
for (i = 0; i < nbytes; i++)
{
p[i + 2] = iobuf_get (inp) & 0xff;
+ if (nread == nmax)
+ goto overflow;
nread++;
}
if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
a = NULL;
+ *ret_nread = nread;
+ gcry_free(buf);
+ return a;
+
+ overflow:
+ log_error ("mpi larger than indicated length (%u bits)\n", 8*nmax);
leave:
- gcry_free (buf);
- if (nread > *ret_nread)
- log_bug ("mpi larger than packet (%zu/%u)", nread, *ret_nread);
- else
- *ret_nread = nread;
+ *ret_nread = nread;
+ gcry_free(buf);
return a;
}
-----------------------------------------------------------------------
Summary of changes:
g10/keyid.c | 10 +-
g10/mainproc.c | 420 ++++++++++++++++++++++------------------------------
g10/misc.c | 74 ++++-----
g10/parse-packet.c | 26 +++-
4 files changed, 246 insertions(+), 284 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 08:54:54 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 08:54:54 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-432-g50cd3d4
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 50cd3d40aec3b94cfddec94361ed1aafc999d61b (commit)
from 958e5f292fa3f8e127f54bc088c56780c564dcae (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 50cd3d40aec3b94cfddec94361ed1aafc999d61b
Author: Werner Koch
Date: Tue Jun 3 08:58:20 2014 +0200
doc: Minor texi updates.
--
diff --git a/doc/gpg.texi b/doc/gpg.texi
index bc12cbc..9463bb5 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1503,8 +1503,8 @@ mechanisms, in the order they are to be tried:
required if @code{local} is also used.
@item clear
- Clear all defined mechanisms. This is usefule to override
- mechanisms fiven in a config file.
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
@end table
diff --git a/doc/tools.texi b/doc/tools.texi
index 2a1d38f..32ab1e4 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -305,6 +305,7 @@ Reload all or the given component. This is basically the same as sending
a SIGHUP to the component. Components which don't support reloading are
ignored.
+ at ifset gpgtwoone
@item --launch [@var{component}]
@opindex launch
If the @var{component} is not already running, start it.
@@ -319,6 +320,7 @@ Kill the given component. Components which support killing are
gpg-agent and scdaemon. Components which don't support reloading are
ignored. Note that as of now reload and kill have the same effect for
scdaemon.
+ at end ifset
@end table
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 4 ++--
doc/tools.texi | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 11:00:07 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 11:00:07 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6209c6d9ad00a17bef4780ff22f0e9f588343c00 (commit)
via c18755a260ed9b261d4826650a3502a8e9317587 (commit)
via 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42 (commit)
via d03df6885194a04f1e64967b45aaae60328ff009 (commit)
via d7750a15d594f6d621e21d57fd5d45d6573870e0 (commit)
via 2a415c47eaf65c47edbd98440f37b2c46354fd02 (commit)
via 8a4bd132f73aaf1588fb03340392fe22dd8e18ed (commit)
via 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a (commit)
via 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee (commit)
from 6af194038aebac71d539b3aa40465c8110591829 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6209c6d9ad00a17bef4780ff22f0e9f588343c00
Author: Werner Koch
Date: Tue Jun 3 10:02:45 2014 +0200
Release 2.0.23
diff --git a/AUTHORS b/AUTHORS
index c787c7c..17ef4bb 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,5 +1,5 @@
Program: GnuPG
-Homepage: http://www.gnupg.org
+Homepage: https://www.gnupg.org
Maintainer: Werner Koch
Bug reports: http://bugs.gnupg.org
Security related bug reports:
@@ -156,7 +156,7 @@ by Colin Tuckley and Daniel Leidert for the GNU/Debian distribution.
Copyright
=========
-GnuPG is distributed under the GNU General Public License, version 2
+GnuPG is distributed under the GNU General Public License, version 3
or later. A few files are under the Lesser General Public License, a
few other files carry the all permissive license note as found at the
bottom of this file. Certain files in keyserver/ allow one specific
@@ -181,6 +181,7 @@ name gpg2keys_*.
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/NEWS b/NEWS
index 1388c5e..656f910 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,30 @@
-Noteworthy changes in version 2.0.23 (unreleased)
+Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
- * Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+ new option --allow-weak-digest-algos or --pgp2 are given.
- * Only the major version number is by default included in the armored
- output.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
+
+ * gpg: Only the major version number is by default included in the
+ armored output.
+
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+ communication with the gpg-agent.
+
+ * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
+ aligned to the regular key listing ("gpg -k").
+
+ * gpg: The option--show-session-key prints its output now before the
+ decryption of the bulk message starts.
+
+ * gpg: New %U expando for the photo viewer.
+
+ * gpgsm: Improved handling of re-issued CA certificates.
+
+ * scdaemon: Various fixes for pinpad equipped card readers.
+
+ * Minor bug fixes.
Noteworthy changes in version 2.0.22 (2013-10-04)
diff --git a/README b/README
index affb7da..7c4e906 100644
--- a/README
+++ b/README
@@ -1,10 +1,11 @@
- The GNU Privacy Guard 2
- =========================
- Version 2.0
+ The GNU Privacy Guard
+ =======================
+ Version 2.0
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
INTRODUCTION
@@ -108,7 +109,8 @@ dependency on other modules at run and build time.
HOW TO GET MORE INFORMATION
===========================
-The primary WWW page is "http://www.gnupg.org"
+The primary WWW page is "https://www.gnupg.org"
+ or using TOR "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
See http://www.gnupg.org/download/mirrors.html for a list of mirrors
@@ -147,8 +149,12 @@ authors directly as we are busy working on improvements and bug fixes.
The English and German mailing lists are watched by the authors and we
try to answer questions when time allows us to do so.
-Commercial grade support for GnuPG is available; please see
-.
+Commercial grade support for GnuPG is available; for a listing of
+offers see https://www.gnupg.org/service.html . Maintaining and
+improving GnuPG is costly. For more than a decade, g10 Code GmbH, a
+German company owned and headed by GnuPG's principal author Werner
+Koch, is bearing the majority of these costs. To help them carry on
+this work, they need your support. See https://gnupg.org/donate/ .
This file is Free Software; as a special exception the authors gives
@@ -158,4 +164,3 @@ Commercial grade support for GnuPG is available; please see
distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY, to the extent permitted by law; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
commit c18755a260ed9b261d4826650a3502a8e9317587
Author: Werner Koch
Date: Tue Jun 3 09:54:56 2014 +0200
po: Auto-update due to one new entry.
--
diff --git a/po/be.po b/po/be.po
index 960c598..b6b973c 100644
--- a/po/be.po
+++ b/po/be.po
@@ -4704,6 +4704,10 @@ msgstr ""
msgid "NOTE: signature key %s has been revoked\n"
msgstr ""
+#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "???????????????????? ??????-?????????????????? \"%s\"\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/ca.po b/po/ca.po
index 8dd2ee4..06fb419 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -5153,6 +5153,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: aquesta clau ha estat revocada!"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"es supossa una signatura incorrecta de la clau %08lX a causa d'un bit cr??tic "
diff --git a/po/cs.po b/po/cs.po
index db44102..bdda65d 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -4808,6 +4808,11 @@ msgstr "POZN??MKA: podpisov??mu kl????i %s skon??ila platnost %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "POZN??MKA: podpisov?? kl???? %s byl odvol??n\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "podpis %s, hashovac?? algoritmus %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/da.po b/po/da.po
index a9073c4..add5085 100644
--- a/po/da.po
+++ b/po/da.po
@@ -4803,6 +4803,11 @@ msgstr "BEM??RK: underskriftn??gle %s udl??b %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "BEM??RK: underskriftn??gle %s er blevet tilbagekaldt\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s underskrift, sammendragsalgoritme %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/de.po b/po/de.po
index f9b4be7..515fd9e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-07-03 15:03+0200\n"
+"PO-Revision-Date: 2014-06-03 09:53+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -4904,6 +4904,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "Hinweis: Signaturschl??ssel %s wurde widerrufen\n"
#, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Hinweis: Signaturen mit dem %s Hashverfahren werden zur??ckgewiesen.\n"
+
+#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"Vermutlich eine FALSCHE Signatur von Schl??ssel %s, wegen unbekanntem "
diff --git a/po/el.po b/po/el.po
index 3035309..5a599ef 100644
--- a/po/el.po
+++ b/po/el.po
@@ -5036,6 +5036,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "????????: ?? ?????? ???? ?????????"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ????????, ?????????? ????????? %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "??????? ????? ????????? ??? ?????? %08lX ???? ???????? ???????? bit\n"
diff --git a/po/eo.po b/po/eo.po
index c75f95b..9ef9625 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -4996,6 +4996,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "?losilo %08lX: ?losilo estas revokita!\n"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s-subskribo de: %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "supozas malbonan subskribon pro nekonata \"critical bit\"\n"
diff --git a/po/es.po b/po/es.po
index 2fcba6d..4457467 100644
--- a/po/es.po
+++ b/po/es.po
@@ -4833,6 +4833,11 @@ msgstr "NOTA: clave de la firma %s caducada el %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "firma %s, algoritmo de resumen %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/et.po b/po/et.po
index 01d4496..9613faf 100644
--- a/po/et.po
+++ b/po/et.po
@@ -4961,6 +4961,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "M?RKUS: v?ti on t?histatud"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s allkiri, s?numil?hendi algoritm %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "eeldan tundmatu kriitilise biti t?ttu v?tmel %08lX vigast allkirja\n"
diff --git a/po/fi.po b/po/fi.po
index 05b0b17..19fe78c 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -5017,6 +5017,12 @@ msgstr "HUOM: allekirjoitusavain %08lX vanheni %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "HUOM: avain on mit??t??ity!"
+# Ensimm??inen %s on binary, textmode tai unknown, ks. alla
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 7a6d339..dd6c7bd 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -4932,6 +4932,11 @@ msgstr "Remarque??: la clef de signature %s a expir?? le %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "Remarque??: la clef de signature %s a ??t?? r??voqu??e\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "signature %s, algorithme de hachage %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/gl.po b/po/gl.po
index 278ba8a..0df3729 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -5025,6 +5025,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: a chave est? revocada"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"asumindo unha sinatura incorrecta da chave %08lX debido a un bit cr?tico "
diff --git a/po/hu.po b/po/hu.po
index ddab0be..63ae157 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "MEGJEGYZ?S: A kulcsot visszavont?k."
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s al??r?s, %s kivonatol? algoritmus.\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"Rossz al??r?st felt?telezek a %08lX kulcst?l egy ismeretlen\n"
diff --git a/po/id.po b/po/id.po
index 50e9c3a..5aadeeb 100644
--- a/po/id.po
+++ b/po/id.po
@@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "CATATAN: kunci telah dibatalkan"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"mengasumsikan signature buruk dari kunci %08lX karena ada bit kritik tidak "
diff --git a/po/it.po b/po/it.po
index 2335b60..8014132 100644
--- a/po/it.po
+++ b/po/it.po
@@ -5020,6 +5020,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: la chiave ? stata revocata"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"si suppone una firma non valida della chiave %08lX a causa di un\n"
diff --git a/po/ja.po b/po/ja.po
index 9e454c7..c479e89 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -4713,6 +4713,11 @@ msgstr "*??????*: ?????????%s???%s??????????????????????????????\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "*??????*: ??? %s ?????????????????????\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s???????????????????????????????????????????????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "??????????????????????????????????????????????????????%s????????????????????????????????????\n"
diff --git a/po/nb.po b/po/nb.po
index a1d3778..8938541 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -4775,6 +4775,11 @@ msgstr "NOTIS: signaturn
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTIS: signaturn?kkelen %s utgikk %s\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signatur, digestalgoritme %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/pl.po b/po/pl.po
index 6a87891..c38f573 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -4838,6 +4838,11 @@ msgstr "UWAGA: klucz podpisuj
msgid "NOTE: signature key %s has been revoked\n"
msgstr "UWAGA: klucz podpisuj?cy %s zosta? uniewa?niony\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "podpis %s, skr?t %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/pt.po b/po/pt.po
index 1e0be48..54651b3 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -4994,6 +4994,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: a chave foi revogada"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"assumindo assinatura incorrecta na chave %08lX devido a um bit cr?tico "
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 34b9ead..f4f1b85 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -5009,6 +5009,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "chave %08lX: a chave foi revogada!\n"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "assinatura %s de: %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "assumindo assinatura incorreta devido a um bit cr?tico desconhecido\n"
diff --git a/po/ro.po b/po/ro.po
index 5038138..8128c50 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -4903,6 +4903,11 @@ msgstr "NOT
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOT?: cheia a fost revocat?"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "semn?tur? %s, algoritm rezumat %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/ru.po b/po/ru.po
index 9f68512..5e4de97 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -4788,6 +4788,11 @@ msgstr "??????????????????: ?????????????????????? ???????? %s - ??????????????
msgid "NOTE: signature key %s has been revoked\n"
msgstr "??????????????????: ???????? %s ?????????????? - ??????????????\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ??????????????, ??????-?????????????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "?????????????? ???????????? ?????????????? ?????????? %s ?? ?????????????????????? ?????????????????????? ??????????\n"
diff --git a/po/sk.po b/po/sk.po
index a7ed64e..d897bbb 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -5002,6 +5002,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "POZN?MKA: k??? bol revokovan?"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s podpis, hashovac? algoritmus %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"predpoklad?m neplatn? podpis k???om %08lX, preto?e je nastaven? nezn?my "
diff --git a/po/sv.po b/po/sv.po
index 5dbedf9..2eef3fc 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -4921,6 +4921,11 @@ msgstr "OBSERVERA: signaturnyckeln %s gick ut %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "OBSERVERA: signaturnyckeln %s har sp??rrats\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signatur, sammandragsalgoritm %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index 8453872..b94fb4c 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -4863,6 +4863,11 @@ msgstr "B??LG??: %s imza anahtar??n??n kullan??m s??resi %s sular??nda dolmu??\n
msgid "NOTE: signature key %s has been revoked\n"
msgstr "B??LG??: imza anahtar?? %s y??r??rl??kten kald??r??lm????t??\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s imzas??, %s ??zet algoritmas??\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index d40d9b3..1ac4679 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -4877,6 +4877,11 @@ msgstr "????????????????????: ?????????? ?????? ?????????? ?????????????? %s ??
msgid "NOTE: signature key %s has been revoked\n"
msgstr "????????????????????: ???????? ?????????????? %s ???????? ????????????????????\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ????????????, ???????????????? ?????????????????????? ???????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/zh_CN.po b/po/zh_CN.po
index ccc2189..9824489 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -4752,6 +4752,11 @@ msgstr "????????????????????? %s ?????? %s ??????\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "???????????????????????????"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ????????????????????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "???????????? %s ??????????????????????????????????????????????????????\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 64c3302..611cf45 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -4684,6 +4684,11 @@ msgstr "?????????: ???????????? %s ?????? %s ??????\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "?????????: ???????????? %s ?????????\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ??????, ??????????????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "???????????? %s ???????????????????????????????????????????????????\n"
commit 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42
Author: Werner Koch
Date: Tue Jun 3 09:48:48 2014 +0200
doc: Adjust Makefile for fixed yat2m.
* doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c8d799b..252fc52 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -93,16 +93,13 @@ yat2m: yat2m.c
.fig.pdf:
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
-# Note that yatm --store has a bug in that the @ifset gpgtwoone still
-# creates a dirmngr-client page from tools.texi.
yat2m-stamp: $(myman_sources)
- @rm -f yat2m-stamp.tmp
- @touch yat2m-stamp.tmp
+ rm -f yat2m-stamp.tmp
+ touch yat2m-stamp.tmp
for file in $(myman_sources) ; do \
./yat2m $(YAT2M_OPTIONS) --store \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
- @test -f dirmngr-client.1 && rm dirmngr-client.1
- @mv -f yat2m-stamp.tmp $@
+ mv -f yat2m-stamp.tmp $@
yat2m-stamp: yat2m
commit d03df6885194a04f1e64967b45aaae60328ff009
Author: Werner Koch
Date: Tue Jun 3 09:02:00 2014 +0200
doc: Update from master
--
diff --git a/doc/gpg.texi b/doc/gpg.texi
index f1dee58..a263690 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifset gpgtwoone
+ at item --quick-sign-key @code{fpr} [@code{names}]
+ at itemx --quick-lsign-key @code{name}
+ at opindex quick-sign-key
+ at opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+ at option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+ at end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
@@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are:
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
- evidence that the user ID is bound to the key.
+ evidence that the user ID is bound to the key. Note that this
+ trust model still does not allow the use of expired, revoked, or
+ disabled keys.
@item auto
@opindex trust-mode:auto
@@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried:
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
+ @item clear
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
+
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
+ at end ifclear
@item ca-cert-file
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
+ at end ifclear
+
@end table
@item --completes-needed @code{n}
@@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
+
+ at ifclear gpgone
+ at item --agent-program @var{file}
+ at opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify a dirmngr program to be used for keyserver access. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+ at end ifset
+
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
+ at ifset gpgtwoone
+ at item --legacy-list-mode
+ at opindex legacy-list-mode
+Revert to the pre-2.1 public key list mode. This only affects the
+human readable output and not the machine interface
+(i.e. @code{--with-colons}). Note that the legacy format does not
+allow to convey suitable information for elliptic curves.
+ at end ifset
+
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
@@ -2245,8 +2310,8 @@ available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --escape-from-lines --force-v3-sigs
---allow-weak-digest-algos --cipher-algo IDEA --digest-algo
-MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+--allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5
+--compress-algo ZIP}. It also disables @option{--textmode} when
encrypting.
@item --pgp6
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index f7cedaf..3d2594f 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -350,7 +350,7 @@ as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
set or a running agent cannot be connected.
@item --dirmngr-program @var{file}
- at opindex dirmnr-program
+ at opindex dirmngr-program
Specify a dirmngr program to be used for @acronym{CRL} checks. The
default value is @file{/usr/sbin/dirmngr}. This is only used as a
fallback when the environment variable @code{DIRMNGR_INFO} is not set or
diff --git a/doc/tools.texi b/doc/tools.texi
index be1233b..32ab1e4 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -305,12 +305,22 @@ Reload all or the given component. This is basically the same as sending
a SIGHUP to the component. Components which don't support reloading are
ignored.
+ at ifset gpgtwoone
+ at item --launch [@var{component}]
+ at opindex launch
+If the @var{component} is not already running, start it.
+ at command{component} must be a daemon. This is in general not required
+because the system starts these daemons as needed. However, external
+software making direct use of @command{gpg-agent} or @command{dirmngr}
+may use this command to ensure that they are started.
+
@item --kill [@var{component}]
@opindex kill
Kill the given component. Components which support killing are
gpg-agent and scdaemon. Components which don't support reloading are
ignored. Note that as of now reload and kill have the same effect for
scdaemon.
+ at end ifset
@end table
@@ -1190,6 +1200,18 @@ Try to be as quiet as possible.
@opindex agent-program
Specify the agent program to be started if none is running.
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify the directory manager (keyserver client) program to be started
+if none is running. This has only an effect if used together with the
+option @option{--dirmngr}.
+
+ at item --dirmngr
+ at opindex dirmngr
+Connect to a running directory manager (keyserver client) instead of
+to the gpg-agent. If a dirmngr is not running, start it.
+ at end ifset
@item -S
@itemx --raw-socket @var{name}
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 5dc81bf..2ac4390 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2005, 2013 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
*/
/*
- This is a simple textinfo to man page converter. It needs some
+ This is a simple texinfo to man page converter. It needs some
special markup in th e texinfo and tries best to get a create man
page. It has been designed for the GnuPG man pages and thus only
a few texinfo commands are supported.
@@ -107,6 +107,9 @@
character. */
#define LINESIZE 1024
+/* Number of allowed condition nestings. */
+#define MAX_CONDITION_NESTING 10
+
/* Option flags. */
static int verbose;
static int quiet;
@@ -117,10 +120,6 @@ static const char *opt_select;
static const char *opt_include;
static int opt_store;
-/* The only define we understand is -D gpgone. Thus we need a simple
- boolean tro track it. */
-static int gpgone_defined;
-
/* Flag to keep track whether any error occurred. */
static int any_error;
@@ -129,7 +128,7 @@ static int any_error;
struct macro_s
{
struct macro_s *next;
- char *value; /* Malloced value. */
+ char *value; /* Malloced value. */
char name[1];
};
typedef struct macro_s *macro_t;
@@ -137,6 +136,24 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of global macro names. The value part is not used. */
+static macro_t predefinedmacrolist;
+
+/* Object to keep track of @isset and @ifclear. */
+struct condition_s
+{
+ int manverb; /* "manverb" needs special treatment. */
+ int isset; /* This is an @isset condition. */
+ char name[1]; /* Name of the condition macro. */
+};
+typedef struct condition_s *condition_t;
+
+/* The stack used to evaluate conditions. And the current states. */
+static condition_t condition_stack[MAX_CONDITION_NESTING];
+static int condition_stack_idx;
+static int cond_is_active; /* State of ifset/ifclear */
+static int cond_in_verbatim; /* State of "manverb". */
+
/* Object to store one line of content. */
struct line_buffer_s
@@ -313,7 +330,158 @@ isodatestring (void)
}
+/* Add NAME to the list of predefined macros which are global for all
+ files. */
+static void
+add_predefined_macro (const char *name)
+{
+ macro_t m;
+
+ for (m=predefinedmacrolist; m; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m)
+ {
+ m = xcalloc (1, sizeof *m + strlen (name));
+ strcpy (m->name, name);
+ m->next = predefinedmacrolist;
+ predefinedmacrolist = m;
+ }
+}
+
+
+/* Create or update a macro with name MACRONAME and set its values TO
+ MACROVALUE. Note that ownership of the macro value is transferred
+ to this function. */
+static void
+set_macro (const char *macroname, char *macrovalue)
+{
+ macro_t m;
+
+ for (m=macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+}
+
+
+/* Return true if the macro NAME is set, i.e. not the empty string and
+ not evaluating to 0. */
+static int
+macro_set_p (const char *name)
+{
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m || !m->value || !*m->value)
+ return 0;
+ if ((*m->value & 0x80) || !isdigit (*m->value))
+ return 1; /* Not a digit but some other string. */
+ return !!atoi (m->value);
+}
+
+
+/* Evaluate the current conditions. */
+static void
+evaluate_conditions (const char *fname, int lnr)
+{
+ int i;
+
+ /* for (i=0; i < condition_stack_idx; i++) */
+ /* inf ("%s:%d: stack[%d] %s %s %c", */
+ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
+ /* condition_stack[i]->name, */
+ /* (macro_set_p (condition_stack[i]->name) */
+ /* ^ !condition_stack[i]->isset)? 't':'f'); */
+
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
+ if (condition_stack_idx)
+ {
+ for (i=0; i < condition_stack_idx; i++)
+ {
+ if (condition_stack[i]->manverb)
+ cond_in_verbatim = (macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset);
+ else if (!(macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset))
+ {
+ cond_is_active = 0;
+ break;
+ }
+ }
+ }
+
+ /* inf ("%s:%d: active=%d verbatim=%d", */
+ /* fname, lnr, cond_is_active, cond_in_verbatim); */
+}
+
+
+/* Push a condition with condition macro NAME onto the stack. If
+ ISSET is true, a @isset condition is pushed. */
+static void
+push_condition (const char *name, int isset, const char *fname, int lnr)
+{
+ condition_t cond;
+ int manverb = 0;
+ if (condition_stack_idx >= MAX_CONDITION_NESTING)
+ {
+ err ("%s:%d: condition nested too deep", fname, lnr);
+ return;
+ }
+
+ if (!strcmp (name, "manverb"))
+ {
+ if (!isset)
+ {
+ err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr);
+ return;
+ }
+ manverb = 1;
+ }
+
+ cond = xcalloc (1, sizeof *cond + strlen (name));
+ cond->manverb = manverb;
+ cond->isset = isset;
+ strcpy (cond->name, name);
+
+ condition_stack[condition_stack_idx++] = cond;
+ evaluate_conditions (fname, lnr);
+}
+
+
+/* Remove the last condition from the stack. ISSET is used for error
+ reporting. */
+static void
+pop_condition (int isset, const char *fname, int lnr)
+{
+ if (!condition_stack_idx)
+ {
+ err ("%s:%d: unbalanced \"@end %s\"",
+ fname, lnr, isset?"isset":"isclear");
+ return;
+ }
+ condition_stack_idx--;
+ free (condition_stack[condition_stack_idx]);
+ condition_stack[condition_stack_idx] = NULL;
+ evaluate_conditions (fname, lnr);
+}
+
+
+
/* Return a section buffer for the section NAME. Allocate a new buffer
if this is a new section. Keep track of the sections in THEPAGE.
This function may reallocate the section array in THEPAGE. */
@@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int lnr = 0;
/* Fixme: The following state variables don't carry over to include
files. */
- int in_verbatim = 0;
int skip_to_end = 0; /* Used to skip over menu entries. */
int skip_sect_line = 0; /* Skip after @mansect. */
- int ifset_nesting = 0; /* How often a ifset has been seen. */
- int ifclear_nesting = 0; /* How often a ifclear has been seen. */
- int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
- int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
- int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
@@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
size_t n = strlen (line);
int got_line = 0;
- char *p;
+ char *p, *pend;
lnr++;
if (!n || line[n-1] != '\n')
@@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "macro", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- macro_t m;
-
if (macrovalueused)
macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
macrovalue[macrovalueused] = 0; /* Terminate macro. */
macrovalue = xrealloc (macrovalue, macrovalueused+1);
- for (m= macrolist; m; m = m->next)
- if (!strcmp (m->name, macroname))
- break;
- if (m)
- free (m->value);
- else
- {
- m = xcalloc (1, sizeof *m + strlen (macroname));
- strcpy (m->name, macroname);
- m->next = macrolist;
- macrolist = m;
- }
- m->value = macrovalue;
+ set_macro (macroname, macrovalue);
macrovalue = NULL;
free (macroname);
macroname = NULL;
@@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
if (n == 6 && !memcmp (line, "@ifset", 6)
&& (line[6]==' '||line[6]=='\t'))
{
- ifset_nesting++;
-
- if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ for (p=line+7; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_verbatim)
- err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
- else
- in_verbatim = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifset\"", fname, lnr);
+ continue;
}
- else if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 1, fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ for (p=line+9; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_gpgone)
- err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
- else
- in_gpgone = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr);
+ continue;
}
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 0, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifset", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- if (in_verbatim && ifset_nesting == in_verbatim)
- in_verbatim = 0;
- if (in_gpgone && ifset_nesting == in_gpgone)
- in_gpgone = 0;
-
- if (ifset_nesting)
- ifset_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
- continue;
- }
- else if (n == 8 && !memcmp (line, "@ifclear", 8)
- && (line[8]==' '||line[8]=='\t'))
- {
- ifclear_nesting++;
-
- if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
- {
- if (not_in_gpgone)
- err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
- else
- not_in_gpgone = ifclear_nesting;
- }
-
- else if (!strncmp (p, "isman", 5)
- && (p[5]==' '||p[5]=='\t'||!p[5]))
- {
- if (not_in_man)
- err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
- else
- not_in_man = ifclear_nesting;
- }
-
+ pop_condition (1, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifclear", 7)
&& (p[7]==' '||p[7]=='\t'||!p[7]))
{
- if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
- not_in_gpgone = 0;
- if (not_in_man && ifclear_nesting == not_in_man)
- not_in_man = 0;
-
- if (ifclear_nesting)
- ifclear_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ pop_condition (0, fname, lnr);
continue;
}
}
/* Take action on ifset/ifclear. */
- if ( (in_gpgone && !gpgone_defined)
- || (not_in_gpgone && gpgone_defined)
- || not_in_man)
+ if (!cond_is_active)
continue;
/* Process commands. */
@@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
skip_to_end = 0;
}
- else if (in_verbatim)
+ else if (cond_in_verbatim)
{
got_line = 1;
}
@@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
else if (!skip_to_end)
got_line = 1;
- if (got_line && in_verbatim)
+ if (got_line && cond_in_verbatim)
add_content (*section_name, line, 1);
else if (got_line && thepage.name && *section_name && !in_pause)
add_content (*section_name, line, 0);
@@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp)
{
char *section_name = NULL; /* Name of the current section or NULL
if not in a section. */
+ macro_t m;
+
while (macrolist)
{
macro_t next = macrolist->next;
@@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ for (m=predefinedmacrolist; m; m = m->next)
+ set_macro (m->name, xstrdup ("1"));
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
parse_file (fname, fp, §ion_name, 0);
free (section_name);
@@ -1223,6 +1344,12 @@ main (int argc, char **argv)
opt_source = "GNU";
opt_release = "";
+ /* Define default macros. The trick is that these macros are not
+ defined when using the actual texinfo renderer. */
+ add_predefined_macro ("isman");
+ add_predefined_macro ("manverb");
+
+ /* Option parsing. */
if (argc)
{
argc--; argv++;
@@ -1327,8 +1454,7 @@ main (int argc, char **argv)
argc--; argv++;
if (argc)
{
- if (!strcmp (*argv, "gpgone"))
- gpgone_defined = 1;
+ add_predefined_macro (*argv);
argc--; argv++;
}
}
commit d7750a15d594f6d621e21d57fd5d45d6573870e0
Author: Werner Koch
Date: Tue Apr 15 16:40:48 2014 +0200
gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)
Resolved conflicts:
g10/photoid.c - whitespaces
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7d314b6..f1dee58 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1177,7 +1177,7 @@ for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
-"full"),
+"full"), "%U" for a base32 encoded hash of the user ID,
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
diff --git a/g10/main.h b/g10/main.h
index 6876e0a..8d29071 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -109,6 +109,7 @@ struct expando_args
byte imagetype;
int validity_info;
const char *validity_string;
+ const byte *namehash;
};
char *pct_expando(const char *string,struct expando_args *args);
diff --git a/g10/misc.c b/g10/misc.c
index 82a13aa..43ea0d2 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -648,6 +648,23 @@ pct_expando(const char *string,struct expando_args *args)
}
break;
+ case 'U': /* z-base-32 encoded user id hash. */
+ if (args->namehash)
+ {
+ char *tmp = zb32_encode (args->namehash, 8*20);
+ if (tmp)
+ {
+ if (idx + strlen (tmp) < maxlen)
+ {
+ strcpy (ret+idx, tmp);
+ idx += strlen (tmp);
+ }
+ xfree (tmp);
+ done = 1;
+ }
+ }
+ break;
+
case 'c': /* signature count from card, if any. */
if(idx+10namehash;
if(pk)
keyid_from_pk(pk,kid);
commit 2a415c47eaf65c47edbd98440f37b2c46354fd02
Author: Werner Koch
Date: Tue Apr 15 16:40:48 2014 +0200
common: Add z-base-32 encoder.
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
--
(cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e)
Resolved conflicts:
common/Makefile.am
diff --git a/common/Makefile.am b/common/Makefile.am
index f2242b6..880b01b 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -52,6 +52,7 @@ common_sources = \
gettime.c \
yesno.c \
b64enc.c b64dec.c \
+ zb32.c \
convert.c \
percent.c \
miscellaneous.c \
diff --git a/common/util.h b/common/util.h
index becc9cf..48d02e0 100644
--- a/common/util.h
+++ b/common/util.h
@@ -182,6 +182,8 @@ gpg_error_t b64dec_proc (struct b64state *state, void *buffer, size_t length,
gpg_error_t b64dec_finish (struct b64state *state);
+/*-- zb32.c --*/
+char *zb32_encode (const void *data, unsigned int databits);
/*-- sexputil.c */
diff --git a/common/zb32.c b/common/zb32.c
new file mode 100644
index 0000000..05aa0ea
--- /dev/null
+++ b/common/zb32.c
@@ -0,0 +1,120 @@
+/* zb32.c - z-base-32 functions
+ * Copyright (C) 2014 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "util.h"
+
+
+/* Zooko's base32 variant. See RFC-6189 and
+ http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt
+ Caller must xfree the returned string. Returns NULL and sets ERRNO
+ on error. To avoid integer overflow DATALEN is limited to 2^16
+ bytes. Note, that DATABITS is measured in bits!. */
+char *
+zb32_encode (const void *data, unsigned int databits)
+{
+ static char const zb32asc[32] = {'y','b','n','d','r','f','g','8',
+ 'e','j','k','m','c','p','q','x',
+ 'o','t','1','u','w','i','s','z',
+ 'a','3','4','5','h','7','6','9' };
+ const unsigned char *s;
+ char *output, *d;
+ size_t datalen;
+
+ datalen = (databits + 7) / 8;
+ if (datalen > (1 << 16))
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ d = output = xtrymalloc (8 * (datalen / 5)
+ + 2 * (datalen % 5)
+ - ((datalen%5)>2)
+ + 1);
+ if (!output)
+ return NULL;
+
+ /* I use straightforward code. The compiler should be able to do a
+ better job on optimization than me and it is easier to read. */
+ for (s = data; datalen >= 5; s += 5, datalen -= 5)
+ {
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) | (s[4] >> 5) ];
+ *d++ = zb32asc[((s[4] & 31) ) ];
+ }
+
+ switch (datalen)
+ {
+ case 4:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) ];
+ break;
+ case 3:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) ];
+ break;
+ case 2:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) ];
+ break;
+ case 1:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) ];
+ break;
+ default:
+ break;
+ }
+ *d = 0;
+
+ /* Need to strip some bytes if not a multiple of 40. */
+ output[(databits + 5 - 1) / 5] = 0;
+ return output;
+}
commit 8a4bd132f73aaf1588fb03340392fe22dd8e18ed
Author: Werner Koch
Date: Mon Mar 17 17:54:36 2014 +0100
gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)
Resolved conflicts:
g10/gpg.c - adjust.
tests/openpgp/defs.inc - no changes
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 26179bd..7d314b6 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2244,9 +2244,10 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
- at option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+--allow-weak-digest-algos --cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
@item --pgp6
@opindex pgp6
@@ -2702,6 +2703,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at item --allow-weak-digest-algos
+ at opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
diff --git a/g10/gpg.c b/g10/gpg.c
index 35b62c1..87ffe54 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -367,6 +367,7 @@ enum cmd_and_opt_values
oDisableDSA2,
oAllowMultipleMessages,
oNoAllowMultipleMessages,
+ oAllowWeakDigestAlgos,
oNoop
};
@@ -742,6 +743,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
+ ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -2949,6 +2951,10 @@ main (int argc, char **argv)
opt.flags.allow_multiple_messages=0;
break;
+ case oAllowWeakDigestAlgos:
+ opt.flags.allow_weak_digest_algos = 1;
+ break;
+
case oNoop: break;
default:
@@ -3131,6 +3137,7 @@ main (int argc, char **argv)
opt.pgp2_workarounds = 1;
opt.ask_sig_expire = 0;
opt.ask_cert_expire = 0;
+ opt.flags.allow_weak_digest_algos = 1;
xfree(def_digest_string);
def_digest_string = xstrdup("md5");
xfree(s2k_digest_string);
diff --git a/g10/options.h b/g10/options.h
index 3c5b2c5..1a13841 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -231,6 +231,7 @@ struct
unsigned int utf8_filename:1;
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
+ unsigned int allow_weak_digest_algos:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 07a9836..ed4fa89 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -269,6 +269,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
+ if (sig->digest_algo == GCRY_MD_MD5
+ && !opt.flags.allow_weak_digest_algos)
+ {
+ static int shown;
+
+ if (!shown)
+ {
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ "MD5");
+ shown = 1;
+ }
+
+ return GPG_ERR_DIGEST_ALGO;
+ }
+
/* Make sure the digest algo is enabled (in case of a detached
signature). */
gcry_md_enable (digest, sig->digest_algo);
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index b011549..5d5e03d 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -68,7 +68,7 @@ error () {
defs_error_seen=yes
echo "$pgmname:" $* >&5
if [ x$defs_stop_on_error != xyes ]; then
- exit 1
+ exit 1
fi
}
@@ -189,7 +189,7 @@ pgmname=`basename $0`
[ -z "$srcdir" ] && fatal "not called from make"
# Make sure we have a valid option file even with VPATH builds.
-for f in gpg.conf ; do
+for f in gpg.conf ; do
if [ -f ./$f ]; then
:
elif [ -f $srcdir/$f.tmpl ]; then
diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl
index 7060a66..7db73be 100644
--- a/tests/openpgp/gpg.conf.tmpl
+++ b/tests/openpgp/gpg.conf.tmpl
@@ -3,3 +3,4 @@ no-secmem-warning
no-permission-warning
batch
no-auto-check-trustdb
+allow-weak-digest-algos
commit 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a
Author: Werner Koch
Date: Wed May 14 08:55:58 2014 +0200
gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
diff --git a/g10/encr-data.c b/g10/encr-data.c
index 105b105..c5c3c19 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -240,14 +240,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
gcry_md_final (dfx->mdc_hash);
- if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )
- {
- log_error("mdc_packet with invalid encoding\n");
- rc = gpg_error (GPG_ERR_INV_PACKET);
- }
- else if (datalen != 20
- || memcmp (gcry_md_read (dfx->mdc_hash, 0),
- dfx->defer+2,datalen ))
+ if ( dfx->defer[0] != '\xd3'
+ || dfx->defer[1] != '\x14'
+ || datalen != 20
+ || memcmp (gcry_md_read (dfx->mdc_hash, 0), dfx->defer+2, datalen))
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
/* log_printhex("MDC message:", dfx->defer, 22); */
/* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
commit 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee
Author: Werner Koch
Date: Wed May 14 08:49:37 2014 +0200
gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
diff --git a/g10/keygen.c b/g10/keygen.c
index ad6bd73..a786beb 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1949,7 +1949,7 @@ ask_expire_interval(int object,const char *def_expire)
answer = NULL;
for(;;)
{
- u32 curtime=make_timestamp();
+ u32 curtime;
xfree(answer);
if(object==0)
@@ -1973,6 +1973,7 @@ ask_expire_interval(int object,const char *def_expire)
}
cpr_kill_prompt();
trim_spaces(answer);
+ curtime = make_timestamp ();
interval = parse_expire_string( answer );
if( interval == (u32)-1 )
{
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 5 +-
NEWS | 28 +++-
README | 19 ++-
common/Makefile.am | 1 +
common/util.h | 2 +
common/zb32.c | 120 +++++++++++++++++
doc/Makefile.am | 9 +-
doc/gpg.texi | 83 +++++++++++-
doc/gpgsm.texi | 2 +-
doc/tools.texi | 22 +++
doc/yat2m.c | 310 ++++++++++++++++++++++++++++++-------------
g10/encr-data.c | 12 +-
g10/gpg.c | 7 +
g10/keygen.c | 3 +-
g10/main.h | 1 +
g10/misc.c | 17 +++
g10/options.h | 1 +
g10/photoid.c | 11 +-
g10/sig-check.c | 16 +++
po/be.po | 4 +
po/ca.po | 5 +
po/cs.po | 5 +
po/da.po | 5 +
po/de.po | 6 +-
po/el.po | 5 +
po/eo.po | 4 +
po/es.po | 5 +
po/et.po | 5 +
po/fi.po | 6 +
po/fr.po | 5 +
po/gl.po | 5 +
po/hu.po | 5 +
po/id.po | 5 +
po/it.po | 5 +
po/ja.po | 5 +
po/nb.po | 5 +
po/pl.po | 5 +
po/pt.po | 4 +
po/pt_BR.po | 4 +
po/ro.po | 5 +
po/ru.po | 5 +
po/sk.po | 5 +
po/sv.po | 5 +
po/tr.po | 5 +
po/uk.po | 5 +
po/zh_CN.po | 5 +
po/zh_TW.po | 5 +
tests/openpgp/defs.inc | 4 +-
tests/openpgp/gpg.conf.tmpl | 1 +
49 files changed, 678 insertions(+), 134 deletions(-)
create mode 100644 common/zb32.c
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 11:22:48 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 11:22:48 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.23-1-g6d41c9b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf (commit)
from 6209c6d9ad00a17bef4780ff22f0e9f588343c00 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf
Author: Werner Koch
Date: Tue Jun 3 11:25:04 2014 +0200
Post release updates.
--
diff --git a/NEWS b/NEWS
index 656f910..aed90e6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.0.24 (unreleased)
+-------------------------------------------------
+
+
Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
diff --git a/announce.txt b/announce.txt
index 384f575..63e959f 100644
--- a/announce.txt
+++ b/announce.txt
@@ -5,9 +5,8 @@ Mail-Followup-To: gnupg-users at gnupg.org
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
-release: Version 2.0.22. This is a *security fix* release and all
-users are advised to updated to this version. See below for the
-impact of the problem.
+release: Version 2.0.23. This is a maintenace release with a few
+new features.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
@@ -31,35 +30,33 @@ GnuPG is distributed under the terms of the GNU General Public License
also available for other Unices, Microsoft Windows and Mac OS X.
-What's New in 2.0.22
+What's New in 2.0.23
====================
- * Fixed possible infinite recursion in the compressed packet
- parser. [CVE-2013-4402]
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+ new option --allow-weak-digest-algos or --pgp2 are given.
- * Improved support for some card readers.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
- * Prepared building with the forthcoming Libgcrypt 1.6.
+ * gpg: Only the major version number is by default included in the
+ armored output.
- * Protect against rogue keyservers sending secret keys.
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+ communication with the gpg-agent.
+ * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
+ aligned to the regular key listing ("gpg -k").
-Impact of the security problem
-==============================
+ * gpg: The option--show-session-key prints its output now before the
+ decryption of the bulk message starts.
-Special crafted input data may be used to cause a denial of service
-against GPG (GnuPG's OpenPGP part) and some other OpenPGP
-implementations. All systems using GPG to process incoming data are
-affected.
+ * gpg: New %U expando for the photo viewer.
-Taylor R Campbell invented a neat trick to generate OpenPGP packages
-to force GPG to recursively parse certain parts of OpenPGP messages ad
-infinitum. As a workaround a tight "ulimit -v" setting may be used to
-mitigate the problem. Sample input data to trigger this problem has
-not yet been seen in the wild. Details of the attack will eventually
-be published by its inventor.
+ * gpgsm: Improved handling of re-issued CA certificates.
-A fixed release of the GnuPG 1.4 series will be releases soon.
+ * scdaemon: Various fixes for pinpad equipped card readers.
+
+ * Minor bug fixes.
@@ -69,25 +66,26 @@ Getting the Software
Please follow the instructions found at http://www.gnupg.org/download/
or read on:
-GnuPG 2.0.22 may be downloaded from one of the GnuPG mirror sites or
+GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
-can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG
+can be found at http://www.gnupg.org/mirrors.html . Note that GnuPG
is not available at ftp.gnu.org.
On the FTP server and its mirrors you should find the following files
in the gnupg/ directory:
- gnupg-2.0.22.tar.bz2 (4200k)
- gnupg-2.0.22.tar.bz2.sig
+ gnupg-2.0.23.tar.bz2 (4196k)
+ gnupg-2.0.23.tar.bz2.sig
- GnuPG source compressed using BZIP2 and OpenPGP signature.
+ GnuPG source compressed using BZIP2 and its OpenPGP signature.
- gnupg-2.0.20-2.0.22.diff.bz2 (39k)
+ gnupg-2.0.22-2.0.23.diff.bz2 (53k)
- A patch file to upgrade a 2.0.20 GnuPG source tree. This patch
+ A patch file to upgrade a 2.0.22 GnuPG source tree. This patch
does not include updates of the language files.
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
+A Windows version will eventually be released at https://gpg4win.org .
Checking the Integrity
@@ -99,9 +97,9 @@ the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
- signature of the file gnupg-2.0.22.tar.bz2 you would use this command:
+ signature of the file gnupg-2.0.23.tar.bz2 you would use this command:
- gpg --verify gnupg-2.0.22.tar.bz2.sig
+ gpg --verify gnupg-2.0.23.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
@@ -124,15 +122,15 @@ the following ways:
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
- gnupg-2.0.22.tar.bz2, you would run the sha1sum command like this:
+ gnupg-2.0.23.tar.bz2, you would run the sha1sum command like this:
- sha1sum gnupg-2.0.22.tar.bz2
+ sha1sum gnupg-2.0.23.tar.bz2
and check that the output matches the first line from the
following list:
-9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8 gnupg-2.0.22.tar.bz2
-6cc51b14ed652fe7eadae25ec7cdaa6f63377525 gnupg-2.0.21-2.0.22.diff.bz2
+c90e47ab95a40dd070fd75faef0a05c7b679553b gnupg-2.0.23.tar.bz2
+e02cfab2bc046f9fac89eef098c34f58b5745d20 gnupg-2.0.22-2.0.23.diff.bz2
Documentation
@@ -143,11 +141,11 @@ Separate man pages are included as well; however they have not all the
details available in the manual. It is also possible to read the
complete manual online in HTML format at
- http://www.gnupg.org/documentation/manuals/gnupg/
+ https://www.gnupg.org/documentation/manuals/gnupg/
or in Portable Document Format at
- http://www.gnupg.org/documentation/manuals/gnupg.pdf .
+ https://www.gnupg.org/documentation/manuals/gnupg.pdf .
The chapters on gpg-agent, gpg and gpgsm include information on how
to set up the whole thing. You may also want search the GnuPG mailing
@@ -170,7 +168,7 @@ We suggest to send bug reports for a new release to this list in favor
of filing a bug at . We also have a dedicated
service directory at:
- http://www.gnupg.org/service.html
+ https://www.gnupg.org/service.html
The driving force behind the development of GnuPG is the company of
its principal author, Werner Koch. Maintenance and improvement of
@@ -178,7 +176,12 @@ GnuPG and related software takes up most of their resources. To allow
him to continue this work he kindly asks to either purchase a support
contract, engage g10 Code for custom enhancements, or to donate money:
- http://g10code.com/gnupg-donation.html
+Maintaining and improving GnuPG is costly. For more than a decade,
+g10 Code GmbH, a German company owned and headed by GnuPG's principal
+author Werner Koch, is bearing the majority of these costs. To help
+them carry on this work, they need your support. See
+
+ https://gnupg.org/donate/
Thanks
@@ -186,7 +189,7 @@ Thanks
We have to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
-servers, spreading the word, or answering questions on the mailing
+servers, spreading the word, and answering questions on the mailing
lists.
diff --git a/configure.ac b/configure.ac
index ec7fae7..4ea6606 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.0.23])
+m4_define([mym4_version], [2.0.24])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +++
announce.txt | 83 ++++++++++++++++++++++++++++++----------------------------
configure.ac | 2 +-
3 files changed, 48 insertions(+), 41 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 11:27:16 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 11:27:16 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.23-2-g07f8a37
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 07f8a37637da310d176879d491f8df2a881b117e (commit)
from 6d41c9b9ea225c3abe8e2f9a6fc7fb969adc80bf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 07f8a37637da310d176879d491f8df2a881b117e
Author: Werner Koch
Date: Tue Jun 3 11:29:34 2014 +0200
maint: Of course we only use https in the announcements.
--
diff --git a/announce.txt b/announce.txt
index 63e959f..f4d046d 100644
--- a/announce.txt
+++ b/announce.txt
@@ -63,12 +63,12 @@ What's New in 2.0.23
Getting the Software
====================
-Please follow the instructions found at http://www.gnupg.org/download/
+Please follow the instructions found at https://www.gnupg.org/download/
or read on:
GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
-can be found at http://www.gnupg.org/mirrors.html . Note that GnuPG
+can be found at https://www.gnupg.org/mirrors.html . Note that GnuPG
is not available at ftp.gnu.org.
On the FTP server and its mirrors you should find the following files
@@ -163,9 +163,9 @@ Support
=======
Please consult the archive of the gnupg-users mailing list before
-reporting a bug .
+reporting a bug .
We suggest to send bug reports for a new release to this list in favor
-of filing a bug at . We also have a dedicated
+of filing a bug at . We also have a dedicated
service directory at:
https://www.gnupg.org/service.html
-----------------------------------------------------------------------
Summary of changes:
announce.txt | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 13:32:20 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 13:32:20 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.23-3-g52b96ef
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 52b96ef6b81951ddacf146a74e88e5512efd03a0 (commit)
from 07f8a37637da310d176879d491f8df2a881b117e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 52b96ef6b81951ddacf146a74e88e5512efd03a0
Author: Werner Koch
Date: Tue Jun 3 13:34:24 2014 +0200
doc: Update for modern makeinfo.
* doc/texi.css: Remove.
* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 252fc52..a1ca4ba 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc ChangeLog-2011 \
gnupg-card-architecture.pdf \
FAQ gnupg7.texi \
opt-homedir.texi see-also-note.texi specify-user-id.texi \
- gpgv.texi texi.css yat2m.c
+ gpgv.texi yat2m.c
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf
@@ -55,7 +55,7 @@ gnupg_TEXINFOS = \
DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
-AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css
YAT2M_OPTIONS = -I $(srcdir) \
--release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
@@ -136,12 +136,12 @@ online: gnupg.html gnupg.pdf
set -e; \
echo "Uploading current manuals to www.gnupg.org ..."; \
cp $(srcdir)/gnupg-logo.png gnupg.html/; \
- user=werner ; dashdevel="" ; \
+ user=werner ; webhost=ftp.gnupg.org; dashdevel="" ; \
if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@{webhost}:webspace/manuals/ ; \
fi ; \
cd gnupg.html ; \
rsync -vr --exclude='.svn' . \
- $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
+ $${user}@{webhost}:webspace/manuals/gnupg$${dashdevel}/
diff --git a/doc/texi.css b/doc/texi.css
deleted file mode 100644
index a369abc..0000000
--- a/doc/texi.css
+++ /dev/null
@@ -1,6 +0,0 @@
-/* The gnupg.org standard stylesheet. */
- @import url(/share/site.css);
-
-
-
-
-----------------------------------------------------------------------
Summary of changes:
doc/Makefile.am | 10 +++++-----
doc/texi.css | 6 ------
2 files changed, 5 insertions(+), 11 deletions(-)
delete mode 100644 doc/texi.css
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 14:14:21 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 14:14:21 +0200
Subject: [git] gnupg-doc - branch, master,
updated. 270fe958aebf689f04f0a624289dfbd515f3281c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via 270fe958aebf689f04f0a624289dfbd515f3281c (commit)
from ba19d489c45a28d8e143ac88fbf4a6d7fdc60c3a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 270fe958aebf689f04f0a624289dfbd515f3281c
Author: Werner Koch
Date: Tue Jun 3 14:01:57 2014 +0200
web: Fix Paypal button and publish 2.0.23 news.
* cgi/procdonate.cgi (write_template): Add template var PUBLISH_NAME.
* web/donate/checkout.org: Pass PUBLISH_NAME to Paypal.
* web/index.org: Add news item
* web/share/site.css: Add rules for makeinfo.
diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi
index ad95369..61ecce2 100755
--- a/cgi/procdonate.cgi
+++ b/cgi/procdonate.cgi
@@ -70,6 +70,7 @@ sub write_template ($) {
my $sel_gbp = '';
my $sel_jpy = '';
my $message_fmt;
+ my $publishname;
# Avoid broken HTML attributes.
$amount =~ s/\x22/\x27/g;
@@ -102,6 +103,13 @@ sub write_template ($) {
$sel_jpy = ' selected="selected"';
}
+ # Set var for the paypal button
+ if ( $name eq 'Anonymous' or $name eq '') {
+ $publishname = 'No';
+ } else {
+ $publishname = 'Yes';
+ }
+
# Build error strings.
foreach (keys %errdict)
{
@@ -137,6 +145,7 @@ sub write_template ($) {
|| s/(/$sel_usd>/
|| s/(/$sel_gbp>/
|| s/(/$sel_jpy>/
+ || s//$publishname/
|| s//$errorstr/
|| s//$err_amount/
|| s//$err_name/
diff --git a/web/donate/checkout.org b/web/donate/checkout.org
index 8f09b9d..ad69fcd 100644
--- a/web/donate/checkout.org
+++ b/web/donate/checkout.org
@@ -70,6 +70,8 @@
+
+
#+END_HTML
diff --git a/web/index.org b/web/index.org
index d42c997..1e643c0 100644
--- a/web/index.org
+++ b/web/index.org
@@ -51,6 +51,14 @@ all [[file:news.org][news of previous years]] is also available.
# GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just
# point or paste the [[news.en.rss][RSS file]] into your aggregator.
+2014q2/000342.html
+
+** GnuPG 2.0.23 released (2014-06-03)
+
+We are pleased to announce the availability of GnuPG 2.0.23. This is
+a maintenance release with a few new features. [[http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000342.html][{more}]]
+
+
** Goteo campaign: preliminary results (2014-05-12)
The blog has a report on the current status of the campaign including
diff --git a/web/share/site.css b/web/share/site.css
index 37460d3..6f0e373 100644
--- a/web/share/site.css
+++ b/web/share/site.css
@@ -302,6 +302,41 @@ pre {
overflow: auto;
}
+/* Classes used by makeinfo (manuals). */
+
+pre.display {
+ font-family:inherit;
+}
+pre.format {
+ font-family:inherit;
+}
+pre.smalldisplay {
+ font-family:inherit;
+ font-size:smaller;
+}
+pre.smallformat {
+ font-family:inherit;
+ font-size:smaller;
+}
+pre.smallexample {
+ font-size:smaller;
+}
+pre.smalllisp {
+ font-size:smaller;
+}
+
+span.sc {
+ font-variant:small-caps;
+}
+span.roman {
+ font-family:serif;
+ font-weight:normal;
+}
+span.sansserif {
+ font-family:sans-serif;
+ font-weight:normal;
+}
+
/* Table stuff */
@@ -360,6 +395,8 @@ td.right {
}
+/* A box of logos. */
+
.logobox p {
margin-top: 20px;
}
diff --git a/web/swdb.mac b/web/swdb.mac
index 522a4c6..b443bbf 100644
--- a/web/swdb.mac
+++ b/web/swdb.mac
@@ -8,10 +8,10 @@
#
# GnuPG-2
#
-#+macro: gnupg_ver 2.0.22
+#+macro: gnupg_ver 2.0.23
#+macro: gnupg_branch STABLE-BRANCH-2-0
-#+macro: gnupg_size 4177k
-#+macro: gnupg_sha1 9ba9ee288e9bf813e0f1e25cbe06b58d3072d8b8
+#+macro: gnupg_size 4196k
+#+macro: gnupg_sha1 c90e47ab95a40dd070fd75faef0a05c7b679553b
#
# GnuPG-1
-----------------------------------------------------------------------
Summary of changes:
cgi/procdonate.cgi | 9 +++++++++
web/donate/checkout.org | 2 ++
web/index.org | 8 ++++++++
web/share/site.css | 37 +++++++++++++++++++++++++++++++++++++
web/swdb.mac | 6 +++---
5 files changed, 59 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 14:15:22 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 14:15:22 +0200
Subject: [git] gnupg-doc - branch, master,
updated. bccd13c3009550cc6e4689e468b004fe10afa6d3
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GnuPG website and other docs".
The branch, master has been updated
via bccd13c3009550cc6e4689e468b004fe10afa6d3 (commit)
from 270fe958aebf689f04f0a624289dfbd515f3281c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bccd13c3009550cc6e4689e468b004fe10afa6d3
Author: Werner Koch
Date: Tue Jun 3 14:17:48 2014 +0200
web: Add a note for cronjob generated parts.
diff --git a/web/donate/kudos-2011.org b/web/donate/kudos-2011.org
index a00d751..6c9c1ab 100644
--- a/web/donate/kudos-2011.org
+++ b/web/donate/kudos-2011.org
@@ -6,6 +6,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML:
diff --git a/web/donate/kudos-2012.org b/web/donate/kudos-2012.org
index 6b30a87..d2bf44c 100644
--- a/web/donate/kudos-2012.org
+++ b/web/donate/kudos-2012.org
@@ -6,6 +6,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML:
diff --git a/web/donate/kudos-2013.org b/web/donate/kudos-2013.org
index 0365da6..0d8802d 100644
--- a/web/donate/kudos-2013.org
+++ b/web/donate/kudos-2013.org
@@ -6,6 +6,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML:
diff --git a/web/donate/kudos-2014.org b/web/donate/kudos-2014.org
index 9ccf628..ecf4ac9 100644
--- a/web/donate/kudos-2014.org
+++ b/web/donate/kudos-2014.org
@@ -6,6 +6,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML:
@@ -22,6 +23,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML:
diff --git a/web/donate/kudos.org b/web/donate/kudos.org
index 1f1c103..4f7d9c6 100644
--- a/web/donate/kudos.org
+++ b/web/donate/kudos.org
@@ -6,6 +6,7 @@
#+HTML:
#+HTML:
+#+HTML: [please reload in a few minutes while the list is being updated]
#+HTML:
#+HTML: your name
#+HTML:
diff --git a/web/index.org b/web/index.org
index 1e643c0..866e132 100644
--- a/web/index.org
+++ b/web/index.org
@@ -51,8 +51,6 @@ all [[file:news.org][news of previous years]] is also available.
# GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just
# point or paste the [[news.en.rss][RSS file]] into your aggregator.
-2014q2/000342.html
-
** GnuPG 2.0.23 released (2014-06-03)
We are pleased to announce the availability of GnuPG 2.0.23. This is
-----------------------------------------------------------------------
Summary of changes:
web/donate/kudos-2011.org | 1 +
web/donate/kudos-2012.org | 1 +
web/donate/kudos-2013.org | 1 +
web/donate/kudos-2014.org | 2 ++
web/donate/kudos.org | 1 +
web/index.org | 2 --
6 files changed, 6 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GnuPG website and other docs
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 18:55:32 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 18:55:32 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-433-g0beec2f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0beec2f0f255a71f9d5a4a0729d0259f673e8838 (commit)
from 50cd3d40aec3b94cfddec94361ed1aafc999d61b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0beec2f0f255a71f9d5a4a0729d0259f673e8838
Author: Werner Koch
Date: Tue Jun 3 18:57:33 2014 +0200
gpgsm: New commands --export-secret-key-{p8,raw}
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode. Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
diff --git a/NEWS b/NEWS
index da771f1..ba14079 100644
--- a/NEWS
+++ b/NEWS
@@ -42,6 +42,9 @@ Noteworthy changes in version 2.1.0-betaN (unreleased)
* Protect against rogue keyservers sending secret keys.
+ * GPGSM can now be used to export a secret RSA key in PKCS#1 or
+ PKCS#8 format.
+
Noteworthy changes in version 2.1.0beta3 (2011-12-20)
-----------------------------------------------------
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 3d2594f..b38ad4d 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as
fingerprints or keygrips.
@item --export-secret-key-p12 @var{key-id}
- at opindex export
+ at opindex export-secret-key-p12
Export the private key and the certificate identified by @var{key-id} in
-a PKCS#12 format. When using along with the @code{--armor} option a few
+a PKCS#12 format. When used with the @code{--armor} option a few
informational lines are prepended to the output. Note, that the PKCS#12
format is not very secure and this command is only provided if there is
no other way to exchange the private key. (@pxref{option --p12-charset})
+ at ifset gpgtwoone
+ at item --export-secret-key-p8 @var{key-id}
+ at itemx --export-secret-key-raw @var{key-id}
+ at opindex export-secret-key-p8
+ at opindex export-secret-key-raw
+Export the private key of the certificate identified by @var{key-id}
+with any encryption stripped. The @code{...-raw} command exports in
+PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format.
+When used with the @code{--armor} option a few informational lines are
+prepended to the output. These commands are useful to prepare a key
+for use on a TLS server.
+ at end ifset
+
@item --import [@var{files}]
@opindex import
Import the certificates from the PEM or binary encoded files as well as
diff --git a/sm/export.c b/sm/export.c
index 0403fe2..1dce106 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -60,6 +60,7 @@ static void print_short_info (ksba_cert_t cert, estream_t stream);
static gpg_error_t export_p12 (ctrl_t ctrl,
const unsigned char *certimg, size_t certimglen,
const char *prompt, const char *keygrip,
+ int rawmode,
void **r_result, size_t *r_resultlen);
@@ -315,9 +316,14 @@ gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream)
}
-/* Export a certificate and its private key. */
+/* Export a certificate and its private key. RAWMODE controls the
+ actual output:
+ 0 - Private key and certifciate in PKCS#12 format
+ 1 - Only unencrypted private key in PKCS#8 format
+ 2 - Only unencrypted private key in PKCS#1 format
+ */
void
-gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
+gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream, int rawmode)
{
gpg_error_t err = 0;
KEYDB_HANDLE hd;
@@ -416,13 +422,18 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
es_putc ('\n', stream);
}
- if (opt.p12_charset && ctrl->create_pem)
+ if (opt.p12_charset && ctrl->create_pem && !rawmode)
{
es_fprintf (stream, "The passphrase is %s encoded.\n\n",
opt.p12_charset);
}
- ctrl->pem_name = "PKCS12";
+ if (rawmode == 0)
+ ctrl->pem_name = "PKCS12";
+ else if (rawmode == 1)
+ ctrl->pem_name = "PRIVATE KEY";
+ else
+ ctrl->pem_name = "RSA PRIVATE KEY";
err = gpgsm_create_writer (&b64writer, ctrl, stream, &writer);
if (err)
{
@@ -431,7 +442,8 @@ gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream)
}
prompt = gpgsm_format_keydesc (cert);
- err = export_p12 (ctrl, image, imagelen, prompt, keygrip, &data, &datalen);
+ err = export_p12 (ctrl, image, imagelen, prompt, keygrip, rawmode,
+ &data, &datalen);
xfree (prompt);
if (err)
goto leave;
@@ -513,12 +525,19 @@ print_short_info (ksba_cert_t cert, estream_t stream)
xfree (p);
}
es_putc ('\n', stream);
+
+ p = gpgsm_get_keygrip_hexstring (cert);
+ if (p)
+ {
+ es_fprintf (stream, "Keygrip ..: %s\n", p);
+ xfree (p);
+ }
}
-/* Parse a private key S-expression and retutn a malloced array with
- the RSA paramaters in pkcs#12 order. The caller needs to
+/* Parse a private key S-expression and return a malloced array with
+ the RSA parameters in pkcs#12 order. The caller needs to
deep-release this array. */
static gcry_mpi_t *
sexp_to_kparms (gcry_sexp_t sexp)
@@ -587,7 +606,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
static gpg_error_t
export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
- const char *prompt, const char *keygrip,
+ const char *prompt, const char *keygrip, int rawmode,
void **r_result, size_t *r_resultlen)
{
gpg_error_t err = 0;
@@ -671,20 +690,30 @@ export_p12 (ctrl_t ctrl, const unsigned char *certimg, size_t certimglen,
goto leave;
}
- err = gpgsm_agent_ask_passphrase
- (ctrl,
- i18n_utf8 ("Please enter the passphrase to protect the "
- "new PKCS#12 object."),
- 1, &passphrase);
- if (err)
- goto leave;
+ if (rawmode)
+ {
+ /* Export in raw mode, that is only the pkcs#1/#8 private key. */
+ result = p12_raw_build (kparms, rawmode, &resultlen);
+ if (!result)
+ err = gpg_error (GPG_ERR_GENERAL);
+ }
+ else
+ {
+ err = gpgsm_agent_ask_passphrase
+ (ctrl,
+ i18n_utf8 ("Please enter the passphrase to protect the "
+ "new PKCS#12 object."),
+ 1, &passphrase);
+ if (err)
+ goto leave;
- result = p12_build (kparms, certimg, certimglen, passphrase,
- opt.p12_charset, &resultlen);
- xfree (passphrase);
- passphrase = NULL;
- if (!result)
- err = gpg_error (GPG_ERR_GENERAL);
+ result = p12_build (kparms, certimg, certimglen, passphrase,
+ opt.p12_charset, &resultlen);
+ xfree (passphrase);
+ passphrase = NULL;
+ if (!result)
+ err = gpg_error (GPG_ERR_GENERAL);
+ }
leave:
xfree (key);
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 3822717..01f33e3 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -74,6 +74,8 @@ enum cmd_and_opt_values {
aRecvKeys,
aExport,
aExportSecretKeyP12,
+ aExportSecretKeyP8,
+ aExportSecretKeyRaw,
aServer,
aLearnCard,
aCallDirmngr,
@@ -208,7 +210,13 @@ static ARGPARSE_OPTS opts[] = {
/*ARGPARSE_c (aRecvKeys, "recv-keys", N_("import keys from a key server")),*/
ARGPARSE_c (aImport, "import", N_("import certificates")),
ARGPARSE_c (aExport, "export", N_("export certificates")),
+
+ /* We use -raw and not -p1 for pkcs#1 secret key export so that it
+ won't accidently be used in case -p12 was intended. */
ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"),
+ ARGPARSE_c (aExportSecretKeyP8, "export-secret-key-p8", "@"),
+ ARGPARSE_c (aExportSecretKeyRaw, "export-secret-key-raw", "@"),
+
ARGPARSE_c (aLearnCard, "learn-card", N_("register a smartcard")),
ARGPARSE_c (aServer, "server", N_("run in server mode")),
ARGPARSE_c (aCallDirmngr, "call-dirmngr",
@@ -1084,6 +1092,8 @@ main ( int argc, char **argv)
case aRecvKeys:
case aExport:
case aExportSecretKeyP12:
+ case aExportSecretKeyP8:
+ case aExportSecretKeyRaw:
case aDumpKeys:
case aDumpChain:
case aDumpExternalKeys:
@@ -1888,7 +1898,7 @@ main ( int argc, char **argv)
estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-");
if (argc == 1)
- gpgsm_p12_export (&ctrl, *argv, fp);
+ gpgsm_p12_export (&ctrl, *argv, fp, 0);
else
wrong_args ("--export-secret-key-p12 KEY-ID");
if (fp != es_stdout)
@@ -1896,6 +1906,32 @@ main ( int argc, char **argv)
}
break;
+ case aExportSecretKeyP8:
+ {
+ estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-");
+
+ if (argc == 1)
+ gpgsm_p12_export (&ctrl, *argv, fp, 1);
+ else
+ wrong_args ("--export-secret-key-p8 KEY-ID");
+ if (fp != es_stdout)
+ es_fclose (fp);
+ }
+ break;
+
+ case aExportSecretKeyRaw:
+ {
+ estream_t fp = open_es_fwrite (opt.outfile?opt.outfile:"-");
+
+ if (argc == 1)
+ gpgsm_p12_export (&ctrl, *argv, fp, 2);
+ else
+ wrong_args ("--export-secret-key-raw KEY-ID");
+ if (fp != es_stdout)
+ es_fclose (fp);
+ }
+ break;
+
case aSendKeys:
case aRecvKeys:
log_error ("this command has not yet been implemented\n");
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 6c68af7..7c7ca7a 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -348,7 +348,8 @@ int gpgsm_import_files (ctrl_t ctrl, int nfiles, char **files,
/*-- export.c --*/
void gpgsm_export (ctrl_t ctrl, strlist_t names, estream_t stream);
-void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream);
+void gpgsm_p12_export (ctrl_t ctrl, const char *name, estream_t stream,
+ int rawmode);
/*-- delete.c --*/
int gpgsm_delete (ctrl_t ctrl, strlist_t names);
diff --git a/sm/minip12.c b/sm/minip12.c
index c91ef22..01b91b7 100644
--- a/sm/minip12.c
+++ b/sm/minip12.c
@@ -1,5 +1,6 @@
/* minip12.c - A minimal pkcs-12 implementation.
* Copyright (C) 2002, 2003, 2004, 2006, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -1891,10 +1892,15 @@ create_final (struct buffer_s *sequences, const char *pw, size_t *r_length)
}
}
}
+
+ MODE controls what is being generated:
+ 0 - As described above
+ 1 - Ditto but without the padding
+ 2 - Only the inner part (pkcs#1)
*/
static unsigned char *
-build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
+build_key_sequence (gcry_mpi_t *kparms, int mode, size_t *r_length)
{
int rc, i;
size_t needed, n;
@@ -1902,7 +1908,7 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
size_t plainlen;
size_t outseqlen, oidseqlen, octstrlen, inseqlen;
- needed = 3; /* The version(?) integer of value 0. */
+ needed = 3; /* The version integer with value 0. */
for (i=0; kparms[i]; i++)
{
n = 0;
@@ -1929,23 +1935,27 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
if (!n)
return NULL;
needed += n;
- /* Encapsulate all into an octet string. */
- octstrlen = needed;
- n = compute_tag_length (needed);
- if (!n)
- return NULL;
- needed += n;
- /* Prepend the object identifier sequence. */
- oidseqlen = 2 + DIM (oid_rsaEncryption) + 2;
- needed += 2 + oidseqlen;
- /* The version number. */
- needed += 3;
- /* And finally put the whole thing into a sequence. */
- outseqlen = needed;
- n = compute_tag_length (needed);
- if (!n)
- return NULL;
- needed += n;
+
+ if (mode != 2)
+ {
+ /* Encapsulate all into an octet string. */
+ octstrlen = needed;
+ n = compute_tag_length (needed);
+ if (!n)
+ return NULL;
+ needed += n;
+ /* Prepend the object identifier sequence. */
+ oidseqlen = 2 + DIM (oid_rsaEncryption) + 2;
+ needed += 2 + oidseqlen;
+ /* The version number. */
+ needed += 3;
+ /* And finally put the whole thing into a sequence. */
+ outseqlen = needed;
+ n = compute_tag_length (needed);
+ if (!n)
+ return NULL;
+ needed += n;
+ }
/* allocate 8 extra bytes for padding */
plain = gcry_malloc_secure (needed+8);
@@ -1957,20 +1967,24 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
/* And now fill the plaintext buffer. */
p = plain;
- p = store_tag_length (p, TAG_SEQUENCE, outseqlen);
- /* Store version. */
- *p++ = TAG_INTEGER;
- *p++ = 1;
- *p++ = 0;
- /* Store object identifier sequence. */
- p = store_tag_length (p, TAG_SEQUENCE, oidseqlen);
- p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption));
- memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption));
- p += DIM (oid_rsaEncryption);
- *p++ = TAG_NULL;
- *p++ = 0;
- /* Start with the octet string. */
- p = store_tag_length (p, TAG_OCTET_STRING, octstrlen);
+ if (mode != 2)
+ {
+ p = store_tag_length (p, TAG_SEQUENCE, outseqlen);
+ /* Store version. */
+ *p++ = TAG_INTEGER;
+ *p++ = 1;
+ *p++ = 0;
+ /* Store object identifier sequence. */
+ p = store_tag_length (p, TAG_SEQUENCE, oidseqlen);
+ p = store_tag_length (p, TAG_OBJECT_ID, DIM (oid_rsaEncryption));
+ memcpy (p, oid_rsaEncryption, DIM (oid_rsaEncryption));
+ p += DIM (oid_rsaEncryption);
+ *p++ = TAG_NULL;
+ *p++ = 0;
+ /* Start with the octet string. */
+ p = store_tag_length (p, TAG_OCTET_STRING, octstrlen);
+ }
+
p = store_tag_length (p, TAG_SEQUENCE, inseqlen);
/* Store the key parameters. */
*p++ = TAG_INTEGER;
@@ -2003,10 +2017,14 @@ build_key_sequence (gcry_mpi_t *kparms, size_t *r_length)
plainlen = p - plain;
assert (needed == plainlen);
- /* Append some pad characters; we already allocated extra space. */
- n = 8 - plainlen % 8;
- for (i=0; i < n; i++, plainlen++)
- *p++ = n;
+
+ if (!mode)
+ {
+ /* Append some pad characters; we already allocated extra space. */
+ n = 8 - plainlen % 8;
+ for (i=0; i < n; i++, plainlen++)
+ *p++ = n;
+ }
*r_length = plainlen;
return plain;
@@ -2459,7 +2477,7 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
if (kparms)
{
/* Encode the key. */
- buffer = build_key_sequence (kparms, &buflen);
+ buffer = build_key_sequence (kparms, 0, &buflen);
if (!buffer)
goto failure;
@@ -2502,6 +2520,24 @@ p12_build (gcry_mpi_t *kparms, const void *cert, size_t certlen,
}
+/* This is actually not a pkcs#12 function but one which creates an
+ unencrypted a pkcs#1 private key. */
+unsigned char *
+p12_raw_build (gcry_mpi_t *kparms, int rawmode, size_t *r_length)
+{
+ unsigned char *buffer;
+ size_t buflen;
+
+ assert (rawmode == 1 || rawmode == 2);
+ buffer = build_key_sequence (kparms, rawmode, &buflen);
+ if (!buffer)
+ return NULL;
+
+ *r_length = buflen;
+ return buffer;
+}
+
+
#ifdef TEST
static void
diff --git a/sm/minip12.h b/sm/minip12.h
index 27f24f5..7a1950f 100644
--- a/sm/minip12.h
+++ b/sm/minip12.h
@@ -31,6 +31,9 @@ unsigned char *p12_build (gcry_mpi_t *kparms,
const void *cert, size_t certlen,
const char *pw, const char *charset,
size_t *r_length);
+unsigned char *p12_raw_build (gcry_mpi_t *kparms,
+ int rawmode,
+ size_t *r_length);
#endif /*MINIP12_H*/
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 ++
doc/gpgsm.texi | 17 ++++++++-
sm/export.c | 71 ++++++++++++++++++++++++-----------
sm/gpgsm.c | 38 ++++++++++++++++++-
sm/gpgsm.h | 3 +-
sm/minip12.c | 112 +++++++++++++++++++++++++++++++++++++-------------------
sm/minip12.h | 3 ++
7 files changed, 184 insertions(+), 63 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 18:56:15 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 18:56:15 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-434-gd89dc69
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d89dc6917ee31dcb8a80e8e9f20c595815ed7165 (commit)
from 0beec2f0f255a71f9d5a4a0729d0259f673e8838 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d89dc6917ee31dcb8a80e8e9f20c595815ed7165
Author: Werner Koch
Date: Tue Jun 3 18:58:35 2014 +0200
artwork: Add 128x128 variant of the logo.
--
diff --git a/artwork/gnupg-badge-128x128.png b/artwork/gnupg-badge-128x128.png
new file mode 100644
index 0000000..5116ec8
Binary files /dev/null and b/artwork/gnupg-badge-128x128.png differ
-----------------------------------------------------------------------
Summary of changes:
artwork/gnupg-badge-128x128.png | Bin 0 -> 8658 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 artwork/gnupg-badge-128x128.png
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 3 21:46:22 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 03 Jun 2014 21:46:22 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-435-gbe07ed6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via be07ed65e169a7ec3fbecdb1abf988fc0245d9ff (commit)
from d89dc6917ee31dcb8a80e8e9f20c595815ed7165 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit be07ed65e169a7ec3fbecdb1abf988fc0245d9ff
Author: Werner Koch
Date: Tue Jun 3 21:35:59 2014 +0200
Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
the token string from the wrong field 14 to 15.
--
This option is useful for key managers which need to know whether a
key has a secret key. This change allows to collect this information
in one pass.
diff --git a/NEWS b/NEWS
index ba14079..38c5391 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,8 @@ Noteworthy changes in version 2.1.0-betaN (unreleased)
* New option --enable-pinpad-varlen for scdaemon.
+ * New option --with-secret for GPG and GPGSM.
+
* Rename option --disable-pinpad for scdaemon (was: --disable-keypad).
* Better support fo CCID readers. Now, internal CCID driver supports
diff --git a/doc/DETAILS b/doc/DETAILS
index 03c200e..17c417e 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -194,7 +194,8 @@ described here.
Used in sec/sbb to print the serial number of a token (internal
protect mode 1002) or a '#' if that key is a simple stub (internal
- protect mode 1001)
+ protect mode 1001). If the option --with-secret is used and a
+ secret key is available for the public key, a '+' indicates this.
*** Field 16 - Hash algorithm
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9463bb5..71a3107 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2127,6 +2127,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index b38ad4d..078d2ad 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -581,6 +581,13 @@ certificate.
Include the keygrip in standard key listings. Note that the keygrip is
always listed in --with-colons mode.
+ at ifset gpgtwoone
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+ at end ifset
+
@end table
@c *******************************************
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 42cc9ea..1b30b7f 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -1475,7 +1475,7 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
return err;
}
-/* Ask the agent whether a secret key is availabale for any of the
+/* Ask the agent whether a secret key is available for any of the
keys (primary or sub) in KEYBLOCK. Returns 0 if available. */
gpg_error_t
agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
diff --git a/g10/gpg.c b/g10/gpg.c
index fa3e8c2..bd4ca40 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -176,6 +176,7 @@ enum cmd_and_opt_values
oFingerprint,
oWithFingerprint,
oWithKeygrip,
+ oWithSecret,
oAnswerYes,
oAnswerNo,
oKeyring,
@@ -705,6 +706,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoUtf8Strings, "no-utf8-strings", "@"),
ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
+ ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
ARGPARSE_s_n (oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", "@"),
@@ -2386,6 +2388,10 @@ main (int argc, char **argv)
opt.with_keygrip = 1;
break;
+ case oWithSecret:
+ opt.with_secret = 1;
+ break;
+
case oSecretKeyring:
/* Ignore this old option. */
break;
diff --git a/g10/keygen.c b/g10/keygen.c
index 0c95435..5c898cc 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3974,7 +3974,7 @@ do_generate_keypair (struct para_data_s *para,
{
tty_printf (_("public and secret key created and signed.\n") );
tty_printf ("\n");
- list_keyblock (pub_root, 0, 1, NULL);
+ list_keyblock (pub_root, 0, 1, 1, NULL);
}
diff --git a/g10/keylist.c b/g10/keylist.c
index 1ecfce9..7d9fe23 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -43,8 +43,8 @@
#include "status.h"
#include "call-agent.h"
-static void list_all (int);
-static void list_one (strlist_t names, int secret);
+static void list_all (int, int);
+static void list_one (strlist_t names, int secret, int mark_secret);
static void locate_one (ctrl_t ctrl, strlist_t names);
static void print_card_serialno (const char *serialno);
@@ -114,9 +114,9 @@ public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode)
if (locate_mode)
locate_one (ctrl, list);
else if (!list)
- list_all (0);
+ list_all (0, opt.with_secret);
else
- list_one (list, 0);
+ list_one (list, 0, opt.with_secret);
}
@@ -128,9 +128,9 @@ secret_key_list (ctrl_t ctrl, strlist_t list)
check_trustdb_stale ();
if (!list)
- list_all (1);
+ list_all (1, 0);
else /* List by user id */
- list_one (list, 1);
+ list_one (list, 1, 0);
}
void
@@ -427,12 +427,17 @@ print_signature_stats (struct sig_stats *s)
tty_printf (_("%d signatures not checked due to errors\n"), s->oth_err);
}
+
+/* List all keys. If SECRET is true only secret keys are listed. If
+ MARK_SECRET is true secret keys are indicated in a public key
+ listing. */
static void
-list_all (int secret)
+list_all (int secret, int mark_secret)
{
KEYDB_HANDLE hd;
KBNODE keyblock = NULL;
int rc = 0;
+ int any_secret;
const char *lastresname, *resname;
struct sig_stats stats;
@@ -459,7 +464,13 @@ list_all (int secret)
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
goto leave;
}
- if (secret && agent_probe_any_secret_key (NULL, keyblock))
+
+ if (secret || mark_secret)
+ any_secret = !agent_probe_any_secret_key (NULL, keyblock);
+ else
+ any_secret = 0;
+
+ if (secret && !any_secret)
; /* Secret key listing requested but this isn't one. */
else
{
@@ -478,7 +489,7 @@ list_all (int secret)
}
}
merge_keys_and_selfsig (keyblock);
- list_keyblock (keyblock, secret, opt.fingerprint,
+ list_keyblock (keyblock, secret, any_secret, opt.fingerprint,
opt.check_sigs ? &stats : NULL);
}
release_kbnode (keyblock);
@@ -498,7 +509,7 @@ leave:
static void
-list_one (strlist_t names, int secret)
+list_one (strlist_t names, int secret, int mark_secret)
{
int rc = 0;
KBNODE keyblock = NULL;
@@ -537,7 +548,7 @@ list_one (strlist_t names, int secret)
es_putc ('-', es_stdout);
es_putc ('\n', es_stdout);
}
- list_keyblock (keyblock, secret, opt.fingerprint,
+ list_keyblock (keyblock, secret, mark_secret, opt.fingerprint,
(!secret && opt.check_sigs)? &stats : NULL);
release_kbnode (keyblock);
}
@@ -572,7 +583,7 @@ locate_one (ctrl_t ctrl, strlist_t names)
{
do
{
- list_keyblock (keyblock, 0, opt.fingerprint,
+ list_keyblock (keyblock, 0, 0, opt.fingerprint,
opt.check_sigs ? &stats : NULL);
release_kbnode (keyblock);
}
@@ -1128,8 +1139,12 @@ print_revokers (estream_t fp, PKT_public_key * pk)
}
}
+
+/* List a key in colon mode. If SECRET is true this is a secret key
+ record (i.e. requested via --list-secret-key). If HAS_SECRET a
+ secret key is available even if SECRET is not set. */
static void
-list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
+list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr)
{
int rc;
KBNODE kbctx;
@@ -1154,14 +1169,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
}
pk = node->pkt->pkt.public_key;
- if (secret || opt.with_keygrip || opt.with_key_data)
+ if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
{
rc = hexkeygrip_from_pk (pk, &hexgrip);
if (rc)
log_error ("error computing a keygrip: %s\n", gpg_strerror (rc));
}
stubkey = 0;
- if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno))
+ if ((secret||has_secret) && agent_get_keyinfo (NULL, hexgrip, &serialno))
stubkey = 1; /* Key not found. */
keyid_from_pk (pk, keyid);
@@ -1197,12 +1212,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
print_capabilities (pk, keyblock);
es_putc (':', es_stdout); /* End of field 13. */
es_putc (':', es_stdout); /* End of field 14. */
- if (secret)
+ if (secret || has_secret)
{
if (stubkey)
es_putc ('#', es_stdout);
else if (serialno)
es_fputs (serialno, es_stdout);
+ else if (has_secret)
+ es_putc ('+', es_stdout);
}
es_putc (':', es_stdout); /* End of field 15. */
es_putc (':', es_stdout); /* End of field 16. */
@@ -1286,7 +1303,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
pk2 = node->pkt->pkt.public_key;
xfree (hexgrip); hexgrip = NULL;
xfree (serialno); serialno = NULL;
- if (secret || opt.with_keygrip || opt.with_key_data)
+ if (secret || has_secret || opt.with_keygrip || opt.with_key_data)
{
rc = hexkeygrip_from_pk (pk2, &hexgrip);
if (rc)
@@ -1294,7 +1311,8 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
gpg_strerror (rc));
}
stubkey = 0;
- if (secret && agent_get_keyinfo (NULL, hexgrip, &serialno))
+ if ((secret||has_secret)
+ && agent_get_keyinfo (NULL, hexgrip, &serialno))
stubkey = 1; /* Key not found. */
keyid_from_pk (pk2, keyid2);
@@ -1323,12 +1341,14 @@ list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
print_capabilities (pk2, NULL);
es_putc (':', es_stdout); /* End of field 13. */
es_putc (':', es_stdout); /* End of field 14. */
- if (secret)
+ if (secret || has_secret)
{
if (stubkey)
es_putc ('#', es_stdout);
else if (serialno)
es_fputs (serialno, es_stdout);
+ else if (has_secret)
+ es_putc ('+', es_stdout);
}
es_putc (':', es_stdout); /* End of field 15. */
es_putc (':', es_stdout); /* End of field 16. */
@@ -1529,11 +1549,12 @@ reorder_keyblock (KBNODE keyblock)
}
void
-list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque)
+list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr,
+ void *opaque)
{
reorder_keyblock (keyblock);
if (opt.with_colons)
- list_keyblock_colon (keyblock, secret, fpr);
+ list_keyblock_colon (keyblock, secret, has_secret, fpr);
else
list_keyblock_print (keyblock, secret, fpr, opaque);
}
diff --git a/g10/main.h b/g10/main.h
index d8b9a4d..2802cb5 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -327,7 +327,8 @@ void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode );
void secret_key_list (ctrl_t ctrl, strlist_t list );
void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock);
-void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
+void list_keyblock (kbnode_t keyblock, int secret, int has_secret,
+ int fpr, void *opaque);
void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode);
void print_revokers (estream_t fp, PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode);
diff --git a/g10/options.h b/g10/options.h
index c622a46..0a604f9 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -68,6 +68,7 @@ struct
int with_key_data;
int with_fingerprint; /* Option --with-fingerprint active. */
int with_keygrip; /* Option --with-keygrip active. */
+ int with_secret; /* Option --with-secret active. */
int fingerprint; /* list fingerprints */
int list_sigs; /* list signatures */
int no_armor;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 01f33e3..c813336 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -148,6 +148,7 @@ enum cmd_and_opt_values {
oWithFingerprint,
oWithMD5Fingerprint,
oWithKeygrip,
+ oWithSecret,
oAnswerYes,
oAnswerNo,
oKeyring,
@@ -383,6 +384,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oSkipVerify, "skip-verify", "@"),
ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"),
ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"),
+ ARGPARSE_s_n (oWithSecret, "with-secret", "@"),
ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"),
ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"),
ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"),
@@ -1333,6 +1335,7 @@ main ( int argc, char **argv)
case oWithKeyData: opt.with_key_data=1; /* fall thru */
case oWithColons: ctrl.with_colons = 1; break;
+ case oWithSecret: ctrl.with_secret = 1; break;
case oWithValidation: ctrl.with_validation=1; break;
case oWithEphemeralKeys: ctrl.with_ephemeral_keys=1; break;
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index 7c7ca7a..83918cc 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -177,6 +177,7 @@ struct server_control_s
accessed. */
int with_colons; /* Use column delimited output format */
+ int with_secret; /* Mark secret keys in a public key listing. */
int with_chain; /* Include the certifying certs in a listing */
int with_validation;/* Validate each key while listing. */
int with_ephemeral_keys; /* Include ephemeral flagged keys in the
diff --git a/sm/keylist.c b/sm/keylist.c
index f96c03f..dab1295 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -457,7 +457,6 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
algo = gpgsm_get_key_algo_info (cert, &nbits);
es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);
- /* We assume --fixed-list-mode for gpgsm */
ksba_cert_get_validity (cert, 0, t);
print_time (t, fp);
es_putc (':', fp);
@@ -495,19 +494,24 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,
es_putc (':', fp);
/* Field 12, capabilities: */
print_capabilities (cert, fp);
+ es_putc (':', fp);
/* Field 13, not used: */
es_putc (':', fp);
- if (have_secret)
+ if (have_secret || ctrl->with_secret)
{
char *cardsn;
p = gpgsm_get_keygrip_hexstring (cert);
- if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn) && cardsn)
+ if (!gpgsm_agent_keyinfo (ctrl, p, &cardsn)
+ && (cardsn || ctrl->with_secret))
{
/* Field 14, not used: */
es_putc (':', fp);
- /* Field 15: Token serial number. */
- es_fputs (cardsn, fp);
+ /* Field 15: Token serial number or secret key indicator. */
+ if (cardsn)
+ es_fputs (cardsn, fp);
+ else if (ctrl->with_secret)
+ es_putc ('+', fp);
es_putc (':', fp);
}
xfree (cardsn);
diff --git a/sm/server.c b/sm/server.c
index 201a34b..f399c8e 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -274,6 +274,11 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
int i = *value? atoi (value) : 0;
ctrl->with_validation = i;
}
+ else if (!strcmp (key, "with-validation"))
+ {
+ int i = *value? atoi (value) : 0;
+ ctrl->with_secret = i;
+ }
else if (!strcmp (key, "validation-model"))
{
int i = gpgsm_parse_validation_model (value);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 ++
doc/DETAILS | 3 ++-
doc/gpg.texi | 6 ++++++
doc/gpgsm.texi | 7 ++++++
g10/call-agent.c | 2 +-
g10/gpg.c | 6 ++++++
g10/keygen.c | 2 +-
g10/keylist.c | 63 ++++++++++++++++++++++++++++++++++++------------------
g10/main.h | 3 ++-
g10/options.h | 1 +
sm/gpgsm.c | 3 +++
sm/gpgsm.h | 1 +
sm/keylist.c | 14 +++++++-----
sm/server.c | 5 +++++
14 files changed, 88 insertions(+), 30 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 4 08:48:34 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 04 Jun 2014 08:48:34 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-436-g09a2d4e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 (commit)
from be07ed65e169a7ec3fbecdb1abf988fc0245d9ff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37
Author: Werner Koch
Date: Wed Jun 4 08:50:10 2014 +0200
gpgsm: Fix commit be07ed65.
* sm/server.c (option_handler): Use "with-secret".
diff --git a/sm/server.c b/sm/server.c
index f399c8e..978e70a 100644
--- a/sm/server.c
+++ b/sm/server.c
@@ -274,7 +274,7 @@ option_handler (assuan_context_t ctx, const char *key, const char *value)
int i = *value? atoi (value) : 0;
ctrl->with_validation = i;
}
- else if (!strcmp (key, "with-validation"))
+ else if (!strcmp (key, "with-secret"))
{
int i = *value? atoi (value) : 0;
ctrl->with_secret = i;
-----------------------------------------------------------------------
Summary of changes:
sm/server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 4 10:00:15 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 04 Jun 2014 10:00:15 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-2-g4dc9af2
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a (commit)
from ee0f17736ec18074700ae83cdf6821e5f8c19c7c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a
Author: Werner Koch
Date: Wed Jun 4 09:57:54 2014 +0200
Add new keylist mode GPGME_KEYLIST_MODE_WITH_SECRET.
* src/gpgme.h.in (GPGME_KEYLIST_MODE_WITH_SECRET): New.
* src/engine-gpg.c (gpg_keylist_build_options): Handle new mode.
* src/engine-gpgsm.c (gpgsm_keylist, gpgsm_keylist_ext): Ditto.
* src/keylist.c (parse_sec_field15): Add arg key and take care of
--with-secret output.
* src/gpgme-tool.c (gt_get_keylist_mode, cmd_keylist_mode): Add
"with_secret". Print card info and and secret flag for subkeys.
--
Note: This mode may only be used with GnuPG >= 2.1.
diff --git a/NEWS b/NEWS
index b7a6227..c6a8f52 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
Noteworthy changes in version 1.5.1 (unreleased) [C__/A__/R_]
-------------------------------------------------------------
+ * Add support for GnuPG 2.1's --with-secret option.
+
+ * Interface changes relative to the 1.5.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPGME_KEYLIST_MODE_WITH_SECRET NEW.
+
Noteworthy changes in version 1.5.0 (2014-05-21) [C23/A12/R0]
-------------------------------------------------------------
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index e326574..1f4a9e1 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -2472,6 +2472,13 @@ signature notations on key signatures should be included in the listed
keys. This only works if @code{GPGME_KEYLIST_MODE_SIGS} is also
enabled.
+ at item GPGME_KEYLIST_MODE_WITH_SECRET
+The @code{GPGME_KEYLIST_MODE_WITH_SECRET} returns information about
+the presence of a corresponding secret key in a public key listing. A
+public key listing with this mode is slower than a standard listing
+but can be used instead of a second run to list the secret keys. This
+is only supported for GnuPG versions >= 2.1.
+
@item GPGME_KEYLIST_MODE_EPHEMERAL
The @code{GPGME_KEYLIST_MODE_EPHEMERAL} symbol specifies that keys
flagged as ephemeral are included in the listing.
@@ -2712,9 +2719,11 @@ This is true if the subkey can be used for qualified signatures
according to local government regulations.
@item unsigned int secret : 1
-This is true if the subkey is a secret key. Note that it will be false
-if the key is actually a stub key; i.e. a secret key operation is
-currently not possible (offline-key).
+This is true if the subkey is a secret key. Note that it will be
+false if the key is actually a stub key; i.e. a secret key operation
+is currently not possible (offline-key). This is only set if a
+listing of secret keys has been requested or if
+ at code{GPGME_KEYLIST_MODE_WITH_SECRET} is active.
@item gpgme_pubkey_algo_t pubkey_algo
This is the public key algorithm supported by this subkey.
@@ -2905,9 +2914,10 @@ This is true if the key can be used for qualified signatures according
to local government regulations.
@item unsigned int secret : 1
-This is true if the key is a secret key. Note, that this will always be
-true even if the corresponding subkey flag may be false (offline/stub
-keys).
+This is true if the key is a secret key. Note, that this will always
+be true even if the corresponding subkey flag may be false
+(offline/stub keys). This is only set if a listing of secret keys has
+been requested or if @code{GPGME_KEYLIST_MODE_WITH_SECRET} is active.
@item gpgme_protocol_t protocol
This is the protocol supported by this key.
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index ede098e..4df0f3e 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -2194,6 +2194,8 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only,
err = add_arg (gpg, "--with-fingerprint");
if (!err)
err = add_arg (gpg, "--with-fingerprint");
+ if (!err && (mode & GPGME_KEYLIST_MODE_WITH_SECRET))
+ err = add_arg (gpg, "--with-secret");
if (!err
&& (mode & GPGME_KEYLIST_MODE_SIGS)
&& (mode & GPGME_KEYLIST_MODE_SIG_NOTATIONS))
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 710bf14..8ec1598 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1551,7 +1551,7 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only,
the agent. However on a fresh installation no public keys are
available and thus there is no need for gpgsm to ask the agent
whether a secret key exists for the public key. */
- if (secret_only)
+ if (secret_only || (mode & GPGME_KEYLIST_MODE_WITH_SECRET))
gpgsm_assuan_simple_command (gpgsm->assuan_ctx, "GETINFO agent-check",
NULL, NULL);
@@ -1580,6 +1580,11 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only,
"OPTION with-ephemeral-keys=1":
"OPTION with-ephemeral-keys=0" ,
NULL, NULL);
+ gpgsm_assuan_simple_command (gpgsm->assuan_ctx,
+ (mode & GPGME_KEYLIST_MODE_WITH_SECRET)?
+ "OPTION with-secret=1":
+ "OPTION with-secret=0" ,
+ NULL, NULL);
/* Length is "LISTSECRETKEYS " + p + '\0'. */
@@ -1645,6 +1650,11 @@ gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only,
"OPTION with-validation=1":
"OPTION with-validation=0" ,
NULL, NULL);
+ gpgsm_assuan_simple_command (gpgsm->assuan_ctx,
+ (mode & GPGME_KEYLIST_MODE_WITH_SECRET)?
+ "OPTION with-secret=1":
+ "OPTION with-secret=0" ,
+ NULL, NULL);
if (pattern && *pattern)
diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c
index be8ed07..f02fffa 100644
--- a/src/gpgme-tool.c
+++ b/src/gpgme-tool.c
@@ -1861,6 +1861,8 @@ gt_get_keylist_mode (gpgme_tool_t gt)
modes[idx++] = "sigs";
if (mode & GPGME_KEYLIST_MODE_SIG_NOTATIONS)
modes[idx++] = "sig_notations";
+ if (mode & GPGME_KEYLIST_MODE_WITH_SECRET)
+ modes[idx++] = "with_secret";
if (mode & GPGME_KEYLIST_MODE_EPHEMERAL)
modes[idx++] = "ephemeral";
if (mode & GPGME_KEYLIST_MODE_VALIDATE)
@@ -2591,6 +2593,8 @@ cmd_keylist_mode (assuan_context_t ctx, char *line)
mode |= GPGME_KEYLIST_MODE_SIGS;
if (strstr (line, "sig_notations"))
mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS;
+ if (strstr (line, "with_secret"))
+ mode |= GPGME_KEYLIST_MODE_WITH_SECRET;
if (strstr (line, "ephemeral"))
mode |= GPGME_KEYLIST_MODE_EPHEMERAL;
if (strstr (line, "validate"))
@@ -3299,6 +3303,12 @@ cmd_keylist (assuan_context_t ctx, char *line)
result_xml_tag_start (&state, "subkey", NULL);
/* FIXME: more data */
result_add_fpr (&state, "fpr", subkey->fpr);
+ result_add_value (&state, "secret", subkey->secret);
+ result_add_value (&state, "is_cardkey", subkey->is_cardkey);
+ if (subkey->card_number)
+ result_add_string (&state, "card_number", subkey->card_number);
+ if (subkey->curve)
+ result_add_string (&state, "curve", subkey->curve);
result_xml_tag_end (&state); /* subkey */
subkey = subkey->next;
}
diff --git a/src/gpgme.h.in b/src/gpgme.h.in
index d47f4ba..15ed803 100644
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@@ -370,6 +370,7 @@ gpgme_protocol_t;
#define GPGME_KEYLIST_MODE_EXTERN 2
#define GPGME_KEYLIST_MODE_SIGS 4
#define GPGME_KEYLIST_MODE_SIG_NOTATIONS 8
+#define GPGME_KEYLIST_MODE_WITH_SECRET 16
#define GPGME_KEYLIST_MODE_EPHEMERAL 128
#define GPGME_KEYLIST_MODE_VALIDATE 256
diff --git a/src/keylist.c b/src/keylist.c
index 582b241..36ee3ea 100644
--- a/src/keylist.c
+++ b/src/keylist.c
@@ -367,7 +367,7 @@ set_ownertrust (gpgme_key_t key, const char *src)
reference to smartcards. FIELD is the content of the field and we
are allowed to modify it. */
static gpg_error_t
-parse_sec_field15 (gpgme_subkey_t subkey, char *field)
+parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
{
if (!*field)
; /* Empty. */
@@ -375,17 +375,25 @@ parse_sec_field15 (gpgme_subkey_t subkey, char *field)
{
/* This is a stub for an offline key. We reset the SECRET flag
of the subkey here. Note that the secret flag of the entire
- key will be true even then. */
+ key will be true even then. We even explicitly set
+ key->secret to make it works for GPGME_KEYLIST_MODE_WITH_SECRET. */
subkey->secret = 0;
+ key->secret = 1;
}
else if (strchr ("01234567890ABCDEFabcdef", *field))
{
/* Fields starts with a hex digit; thus it is a serial number. */
+ key->secret = 1;
subkey->is_cardkey = 1;
subkey->card_number = strdup (field);
if (!subkey->card_number)
return gpg_error_from_syserror ();
}
+ else if (*field == '+')
+ {
+ key->secret = 1;
+ subkey->secret = 1;
+ }
else
{
/* RFU. */
@@ -578,9 +586,11 @@ keylist_colon_handler (void *priv, char *line)
set_mainkey_capability (key, field[11]);
/* Field 15 carries special flags of a secret key. */
- if (fields >= 15 && key->secret)
+ if (fields >= 15
+ && (key->secret
+ || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET)))
{
- err = parse_sec_field15 (subkey, field[14]);
+ err = parse_sec_field15 (key, subkey, field[14]);
if (err)
return err;
}
@@ -649,9 +659,11 @@ keylist_colon_handler (void *priv, char *line)
set_subkey_capability (subkey, field[11]);
/* Field 15 carries special flags of a secret key. */
- if (fields >= 15 && key->secret)
+ if (fields >= 15
+ && (key->secret
+ || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET)))
{
- err = parse_sec_field15 (subkey, field[14]);
+ err = parse_sec_field15 (key, subkey, field[14]);
if (err)
return err;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 ++++++
doc/gpgme.texi | 22 ++++++++++++++++------
src/engine-gpg.c | 2 ++
src/engine-gpgsm.c | 12 +++++++++++-
src/gpgme-tool.c | 10 ++++++++++
src/gpgme.h.in | 1 +
src/keylist.c | 24 ++++++++++++++++++------
7 files changed, 64 insertions(+), 13 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 5 12:08:05 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 05 Jun 2014 12:08:05 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-438-g9c9e26d
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9c9e26d41e7d65711da8dbf1afa452254749621c (commit)
via 4f0625889b768eabdec52696bf15059a9e8d9c02 (commit)
from 09a2d4ec74d352dcb4f006aab60b07bc4f5f1a37 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9c9e26d41e7d65711da8dbf1afa452254749621c
Author: Werner Koch
Date: Thu Jun 5 12:03:27 2014 +0200
gpg: Require confirmation for --gen-key with experimental curves.
* g10/keygen.c (ask_curve): Add arg both. Require confirmation for
Curve25519.
diff --git a/g10/keygen.c b/g10/keygen.c
index 5c898cc..af54c3f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2088,9 +2088,9 @@ ask_keysize (int algo, unsigned int primary_keysize)
/* Ask for the curve. ALGO is the selected algorithm which this
function may adjust. Returns a malloced string with the name of
- the curve. */
+ the curve. BOTH tells that gpg creates a primary and subkey. */
static char *
-ask_curve (int *algo)
+ask_curve (int *algo, int both)
{
struct {
const char *name;
@@ -2119,6 +2119,7 @@ ask_curve (int *algo)
tty_printf (_("Please select which elliptic curve you want:\n"));
+ again:
keyparms = NULL;
for (idx=0; idx < DIM(curves); idx++)
{
@@ -2140,6 +2141,19 @@ ask_curve (int *algo)
continue;
if (!gcry_pk_get_curve (keyparms, 0, NULL))
continue;
+ if (both && curves[idx].fix_curve)
+ {
+ /* Both Curve 25519 keys are to be created. Check that
+ Libgcrypt also supports the real Curve25519. */
+ gcry_sexp_release (keyparms);
+ rc = gcry_sexp_build (&keyparms, NULL,
+ "(public-key(ecc(curve %s)))",
+ curves[idx].name);
+ if (rc)
+ continue;
+ if (!gcry_pk_get_curve (keyparms, 0, NULL))
+ continue;
+ }
curves[idx].available = 1;
tty_printf (" (%d) %s\n", idx + 1,
@@ -2178,10 +2192,16 @@ ask_curve (int *algo)
else
{
if (curves[idx].fix_curve)
- log_info ("WARNING: Curve25519 is an experimental algorithm and"
- " not yet specified by OpenPGP. The current"
- " implementation may change with the next GnuPG release"
- " and thus rendering the key unusable!\n");
+ {
+ log_info ("WARNING: Curve25519 is an experimental algorithm"
+ " and not yet standardized.\n");
+ log_info (" The key format will eventually change"
+ " and render this key unusable!\n\n");
+
+ if (!cpr_get_answer_is_yes("experimental_curve.override",
+ "Use this curve anyway? (y/N) ") )
+ goto again;
+ }
/* If the user selected a signing algorithm and Curve25519
we need to update the algo and and the curve name. */
@@ -3485,7 +3505,7 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo);
+ curve = ask_curve (&algo, both);
r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo);
@@ -3551,12 +3571,12 @@ generate_keypair (ctrl_t ctrl, const char *fname, const char *card_serialno,
else /* Create only a single key. */
{
/* For ECC we need to ask for the curve before storing the
- algo becuase ask_curve may change the algo. */
+ algo because ask_curve may change the algo. */
if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
{
- curve = ask_curve (&algo);
+ curve = ask_curve (&algo, 0);
nbits = 0;
r = xmalloc_clear (sizeof *r + strlen (curve));
r->key = pKEYCURVE;
@@ -4086,7 +4106,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock)
else if (algo == PUBKEY_ALGO_ECDSA
|| algo == PUBKEY_ALGO_EDDSA
|| algo == PUBKEY_ALGO_ECDH)
- curve = ask_curve (&algo);
+ curve = ask_curve (&algo, 0);
else
nbits = ask_keysize (algo, 0);
commit 4f0625889b768eabdec52696bf15059a9e8d9c02
Author: Werner Koch
Date: Thu Jun 5 11:19:59 2014 +0200
gpg: Auto-migrate existing secring.gpg.
* g10/migrate.c: New.
* g10/import.c (import_old_secring): New.
(import_one): Add arg silent.
(transfer_secret_keys): Add arg batch.
(import_secret_one): Add args batch and for_migration.
* g10/gpg.c (main): Call migration function.
diff --git a/README b/README
index c64a14e..fd20d40 100644
--- a/README
+++ b/README
@@ -85,21 +85,10 @@ MIGRATION FROM 1.4 or 2.0 to 2.1
The major change in 2.1 is gpg-agent taking care of the OpenPGP secret
keys (those managed by GPG). The former file "secring.gpg" will not
be used anymore. Newly generated keys are stored in the agent's key
-store directory "~/.gnupg/private-keys-v1.d/".
-
-To migrate your existing keys you need to run the command
-
- gpg2 --batch --import ~/.gnupg/secring.gpg
-
-Secret keys already imported are skipped by this command. It is
-advisable to keep the secring.gpg for use with older versions of GPG.
-
-The use of "--batch" with "--import" is highly recommended. If you do
-not use "--batch" the agent would ask for the passphrase of each key.
-In this case you may use the Cancel button of the Pinentry to skip
-importing this key. If you want to stop the enite import process and
-you use a decent version of Pinentry, you should close the Pinentry
-window instead of hitting the Cancel button.
+store directory "~/.gnupg/private-keys-v1.d/". The first time gpg
+needs a secret key it checks whether a "secring.gpg" exists and
+copies them to the new store. The old secring.gpg is kept for use by
+older versions of gpg.
Note that gpg-agent now uses a fixed socket by default. All tools
will start the gpg-agent as needed. In general there is no more need
@@ -111,11 +100,11 @@ of the card related sub-commands of --edit-key are not yet fully
supported. However, signing and decryption with a smartcard does
work.
-The Dirmngr is now part of GnuPG proper. Thus there is no more need
-to install the separate dirmngr package. The directroy layout of
-Dirmngr changed to make use of the GnuPG directories; for example you
-use /etc/gnupg/trusted-certs and /var/lib/gnupg/extra-certs. Dirmngr
-needs to be started as a system daemon.
+The Dirmngr is now part of GnuPG proper and also used to access
+OpenPGP keyservers. The directroy layout of Dirmngr changed to make
+use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as
+needed needed. There is no more need to install a separate dirmngr
+package.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 71a3107..c8fae3a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3042,18 +3042,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+ at ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+ at end ifset
+
+ @item ~/.gnupg/secring.gpg
+ at ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+ at end ifclear
+ at ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+ at end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -3064,6 +3079,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/g10/Makefile.am b/g10/Makefile.am
index ba68648..0ae4ef7 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -110,6 +110,7 @@ gpg2_SOURCES = gpg.c \
dearmor.c \
import.c \
export.c \
+ migrate.c \
delkey.c \
keygen.c \
helptext.c \
diff --git a/g10/gpg.c b/g10/gpg.c
index bd4ca40..47cc851 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -3594,6 +3594,43 @@ main (int argc, char **argv)
break;
}
+
+ /* Check for certain command whether we need to migrate a
+ secring.gpg to the gpg-agent. */
+ switch (cmd)
+ {
+ case aListSecretKeys:
+ case aSign:
+ case aSignEncr:
+ case aSignEncrSym:
+ case aSignSym:
+ case aClearsign:
+ case aDecrypt:
+ case aSignKey:
+ case aLSignKey:
+ case aEditKey:
+ case aPasswd:
+ case aDeleteSecretKeys:
+ case aDeleteSecretAndPublicKeys:
+ case aKeygen:
+ case aImport:
+ case aExportSecret:
+ case aExportSecretSub:
+ case aGenRevoke:
+ case aDesigRevoke:
+ case aCardEdit:
+ case aChangePIN:
+ migrate_secring (ctrl);
+ break;
+ case aListKeys:
+ if (opt.with_secret)
+ migrate_secring (ctrl);
+ break;
+ default:
+ break;
+ }
+
+ /* The command dispatcher. */
switch( cmd )
{
case aServer:
diff --git a/g10/import.c b/g10/import.c
index 2b219a2..774a727 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -1,6 +1,7 @@
/* import.c - import a key into our key storage.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2010, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -68,9 +69,10 @@ static void revocation_present (ctrl_t ctrl, kbnode_t keyblock);
static int import_one (ctrl_t ctrl,
const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk, int silent);
static int import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, int batch,
+ unsigned int options, int for_migration);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -227,6 +229,7 @@ import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
return rc;
}
+
void
import_keys (ctrl_t ctrl, char **fnames, int nnames,
void *stats_handle, unsigned int options )
@@ -293,9 +296,10 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
rc = import_one (ctrl, fname, keyblock,
- stats, fpr, fpr_len, options, 0);
+ stats, fpr, fpr_len, options, 0, 0);
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one (ctrl, fname, keyblock, stats, options);
+ rc = import_secret_one (ctrl, fname, keyblock, stats,
+ opt.batch, options, 0);
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -320,6 +324,57 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats,
}
+/* Helper to migrate secring.gpg to GnuPG 2.1. */
+gpg_error_t
+import_old_secring (ctrl_t ctrl, const char *fname)
+{
+ gpg_error_t err;
+ iobuf_t inp;
+ PACKET *pending_pkt = NULL;
+ kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
+ grasp the return semantics of
+ read_block. */
+ struct stats_s *stats;
+
+ inp = iobuf_open (fname);
+ if (inp && is_secured_file (iobuf_get_fd (inp)))
+ {
+ iobuf_close (inp);
+ inp = NULL;
+ gpg_err_set_errno (EPERM);
+ }
+ if (!inp)
+ {
+ err = gpg_error_from_syserror ();
+ log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
+ return err;
+ }
+
+ getkey_disable_caches();
+ stats = import_new_stats_handle ();
+ while (!(err = read_block (inp, &pending_pkt, &keyblock)))
+ {
+ if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
+ err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1);
+ release_kbnode (keyblock);
+ if (err)
+ break;
+ }
+ import_release_stats_handle (stats);
+ if (err == -1)
+ err = 0;
+ else if (err && gpg_err_code (err) != G10ERR_INV_KEYRING)
+ log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
+ else if (err)
+ log_error ("import from '%s' failed: %s\n", fname, gpg_strerror (err));
+
+ iobuf_close (inp);
+ iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
+
+ return err;
+}
+
+
void
import_print_stats (void *hd)
{
@@ -771,16 +826,17 @@ check_prefs (ctrl_t ctrl, kbnode_t keyblock)
}
/****************
- * Try to import one keyblock. Return an error only in serious cases, but
- * never for an invalid keyblock. It uses log_error to increase the
- * internal errorcount, so that invalid input can be detected by programs
- * which called gpg.
+ * Try to import one keyblock. Return an error only in serious cases,
+ * but never for an invalid keyblock. It uses log_error to increase
+ * the internal errorcount, so that invalid input can be detected by
+ * programs which called gpg. If SILENT is no messages are printed -
+ * even most error messages are suppressed.
*/
static int
import_one (ctrl_t ctrl,
const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, int silent)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -804,7 +860,7 @@ import_one (ctrl_t ctrl,
keyid_from_pk( pk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
- if( opt.verbose && !opt.interactive )
+ if (opt.verbose && !opt.interactive && !silent)
{
log_info( "pub %s/%s %s ",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
@@ -819,11 +875,12 @@ import_one (ctrl_t ctrl,
if( !uidnode )
{
- log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
+ if (!silent)
+ log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
return 0;
}
- if (opt.interactive) {
+ if (opt.interactive && !silent) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
merge_keys_and_selfsig (keyblock);
@@ -856,7 +913,7 @@ import_one (ctrl_t ctrl,
return rc== -1? 0:rc;
/* If we allow such a thing, mark unsigned uids as valid */
- if( opt.allow_non_selfsigned_uid )
+ if( opt.allow_non_selfsigned_uid)
for( node=keyblock; node; node = node->next )
if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) )
{
@@ -869,9 +926,11 @@ import_one (ctrl_t ctrl,
}
if( !delete_inv_parts( fname, keyblock, keyid, options ) ) {
- log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
- if( !opt.quiet )
- log_info(_("this may be caused by a missing self-signature\n"));
+ if (!silent) {
+ log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
+ if( !opt.quiet )
+ log_info(_("this may be caused by a missing self-signature\n"));
+ }
stats->no_user_id++;
return 0;
}
@@ -881,12 +940,13 @@ import_one (ctrl_t ctrl,
rc = get_pubkey_fast ( pk_orig, keyid );
if( rc && rc != G10ERR_NO_PUBKEY && rc != G10ERR_UNU_PUBKEY )
{
- log_error( _("key %s: public key not found: %s\n"),
- keystr(keyid), g10_errstr(rc));
+ if (!silent)
+ log_error (_("key %s: public key not found: %s\n"),
+ keystr(keyid), g10_errstr(rc));
}
else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
{
- if( opt.verbose )
+ if( opt.verbose && !silent )
log_info( _("key %s: new key - skipped\n"), keystr(keyid));
rc = 0;
stats->skipped_new_keys++;
@@ -896,7 +956,7 @@ import_one (ctrl_t ctrl,
rc = keydb_locate_writable (hd, NULL);
if (rc) {
- log_error (_("no writable keyring found: %s\n"), g10_errstr (rc));
+ log_error (_("no writable keyring found: %s\n"), g10_errstr (rc));
keydb_release (hd);
return G10ERR_GENERAL;
}
@@ -921,7 +981,7 @@ import_one (ctrl_t ctrl,
keydb_release (hd);
/* we are ready */
- if( !opt.quiet )
+ if( !opt.quiet && !silent)
{
char *p=get_user_id_native (keyid);
log_info( _("key %s: public key \"%s\" imported\n"),
@@ -948,7 +1008,8 @@ import_one (ctrl_t ctrl,
* weird is going on */
if( cmp_public_keys( pk_orig, pk ) )
{
- log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
+ if (!silent)
+ log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
goto leave;
}
@@ -1011,7 +1072,7 @@ import_one (ctrl_t ctrl,
revalidation_mark ();
/* we are ready */
- if( !opt.quiet )
+ if( !opt.quiet && !silent)
{
char *p=get_user_id_native(keyid);
if( n_uids == 1 )
@@ -1053,7 +1114,7 @@ import_one (ctrl_t ctrl,
stats->n_sigs_cleaned +=n_sigs_cleaned;
stats->n_uids_cleaned +=n_uids_cleaned;
- if (is_status_enabled ())
+ if (is_status_enabled () && !silent)
print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
}
else
@@ -1062,7 +1123,7 @@ import_one (ctrl_t ctrl,
if (is_status_enabled ())
print_import_ok (pk, 0);
- if( !opt.quiet )
+ if( !opt.quiet && !silent)
{
char *p=get_user_id_native(keyid);
log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
@@ -1129,9 +1190,12 @@ import_one (ctrl_t ctrl,
/* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The
- function prints diagnostics and returns an error code. */
+ function prints diagnostics and returns an error code. If BATCH is
+ true the secret keys are stored by gpg-agent in the transfer format
+ (i.e. no re-protection and aksing for passphrases). */
static gpg_error_t
-transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
+transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
+ int batch)
{
gpg_error_t err = 0;
void *kek = NULL;
@@ -1358,7 +1422,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock)
{
char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1);
err = agent_import_key (ctrl, desc, &cache_nonce,
- wrappedkey, wrappedkeylen, opt.batch);
+ wrappedkey, wrappedkeylen, batch);
xfree (desc);
}
if (!err)
@@ -1454,7 +1518,8 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock)
*/
static int
import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+ struct stats_s *stats, int batch, unsigned int options,
+ int for_migration)
{
PKT_public_key *pk;
struct seckey_info *ski;
@@ -1475,7 +1540,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
keyid_from_pk (pk, keyid);
uidnode = find_next_kbnode (keyblock, PKT_USER_ID);
- if (opt.verbose)
+ if (opt.verbose && !for_migration)
{
log_info ("sec %s/%s %s ",
pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
@@ -1489,13 +1554,15 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
if ((options & IMPORT_NO_SECKEY))
{
- log_error (_("importing secret keys not allowed\n"));
+ if (!for_migration)
+ log_error (_("importing secret keys not allowed\n"));
return 0;
}
if (!uidnode)
{
- log_error( _("key %s: no user ID\n"), keystr_from_pk (pk));
+ if (!for_migration)
+ log_error( _("key %s: no user ID\n"), keystr_from_pk (pk));
return 0;
}
@@ -1511,8 +1578,9 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
cipher algorithm (only checks the primary key, though). */
if (ski->algo > 110)
{
- log_error (_("key %s: secret key with invalid cipher %d"
- " - skipped\n"), keystr_from_pk (pk), ski->algo);
+ if (!for_migration)
+ log_error (_("key %s: secret key with invalid cipher %d"
+ " - skipped\n"), keystr_from_pk (pk), ski->algo);
return 0;
}
@@ -1542,7 +1610,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
public key block, and below we will output another one for
the secret keys. FIXME? */
import_one (ctrl, fname, pub_keyblock, stats,
- NULL, NULL, options, 1);
+ NULL, NULL, options, 1, for_migration);
/* Fixme: We should check for an invalid keyblock and
cancel the secret key import in this case. */
@@ -1564,7 +1632,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, KBNODE keyblock,
else
{
nr_prev = stats->secret_imported;
- if (!transfer_secret_keys (ctrl, stats, keyblock))
+ if (!transfer_secret_keys (ctrl, stats, keyblock, batch))
{
int status = 16;
if (!opt.quiet)
diff --git a/g10/main.h b/g10/main.h
index 2802cb5..97c6612 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -290,6 +290,7 @@ int import_keys_stream (ctrl_t ctrl, iobuf_t inp, void *stats_hd,
int import_keys_es_stream (ctrl_t ctrl, estream_t fp, void *stats_handle,
unsigned char **fpr, size_t *fpr_len,
unsigned int options);
+gpg_error_t import_old_secring (ctrl_t ctrl, const char *fname);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
@@ -379,4 +380,8 @@ int card_store_subkey (KBNODE node, int use);
#define S2K_DECODE_COUNT(_val) ((16ul + ((_val) & 15)) << (((_val) >> 4) + 6))
+/*-- migrate.c --*/
+void migrate_secring (ctrl_t ctrl);
+
+
#endif /*G10_MAIN_H*/
diff --git a/g10/migrate.c b/g10/migrate.c
new file mode 100644
index 0000000..9a21cfe
--- /dev/null
+++ b/g10/migrate.c
@@ -0,0 +1,94 @@
+/* migrate.c - Migrate from earlier GnupG versions.
+ * Copyright (C) 2014 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see .
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "gpg.h"
+#include "options.h"
+#include "keydb.h"
+#include "util.h"
+#include "main.h"
+
+
+#ifdef HAVE_DOSISH_SYSTEM
+# define V21_MIGRATION_FNAME "gpg-v21-migrated"
+#else
+# define V21_MIGRATION_FNAME ".gpg-v21-migrated"
+#endif
+
+
+/* Check whether a default secring.gpg from GnuPG < 2.1 exists and
+ import it if not yet done. */
+void
+migrate_secring (ctrl_t ctrl)
+{
+ dotlock_t lockhd = NULL;
+ char *secring = NULL;
+ char *flagfile = NULL;
+
+ secring = make_filename (opt.homedir, "secring" EXTSEP_S "gpg", NULL);
+ if (access (secring, F_OK))
+ goto leave; /* Does not exist or is not readable. */
+ flagfile = make_filename (opt.homedir, V21_MIGRATION_FNAME, NULL);
+ if (!access (flagfile, F_OK))
+ goto leave; /* Does exist - fine. */
+
+ log_info ("starting migration from earlier GnuPG versions\n");
+
+ lockhd = dotlock_create (flagfile, 0);
+ if (!lockhd)
+ {
+ log_error ("can't allocate lock for '%s': %s\n",
+ flagfile, gpg_strerror (gpg_error_from_syserror ()));
+ goto leave;
+ }
+ if (dotlock_take (lockhd, -1))
+ {
+ log_error ("can't lock '%s': %s\n",
+ flagfile, gpg_strerror (gpg_error_from_syserror ()));
+ dotlock_destroy (lockhd);
+ lockhd = NULL;
+ goto leave;
+ }
+
+ log_info ("porting secret keys from '%s' to gpg-agent\n", secring);
+ if (!import_old_secring (ctrl, secring))
+ {
+ FILE *fp = fopen (flagfile, "w");
+ if (!fp || fclose (fp))
+ log_error ("error creating flag file '%s': %s\n",
+ flagfile, gpg_strerror (gpg_error_from_syserror ()));
+ else
+ log_info ("migration succeeded\n");
+ }
+
+ leave:
+ if (lockhd)
+ {
+ dotlock_release (lockhd);
+ dotlock_destroy (lockhd);
+ }
+ xfree (flagfile);
+ xfree (secring);
+}
-----------------------------------------------------------------------
Summary of changes:
README | 29 ++++--------
doc/gpg.texi | 30 +++++++++---
g10/Makefile.am | 1 +
g10/gpg.c | 37 +++++++++++++++
g10/import.c | 140 +++++++++++++++++++++++++++++++++++++++++--------------
g10/keygen.c | 40 ++++++++++++----
g10/main.h | 5 ++
g10/migrate.c | 94 +++++++++++++++++++++++++++++++++++++
8 files changed, 304 insertions(+), 72 deletions(-)
create mode 100644 g10/migrate.c
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 5 17:09:23 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 05 Jun 2014 17:09:23 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta3-443-g518d835
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 518d835380a2ae01d6a9cc19de92684baade96a4 (commit)
via 27f4ce40e01b501eeaa311dc7a6eee593758548b (commit)
via ab7d85be82b8add165a4ca6289fed2779fec8a41 (commit)
via 533ff0ab56dd6dfcab4bb2ef5c7755b62d158007 (commit)
via 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4 (commit)
from 9c9e26d41e7d65711da8dbf1afa452254749621c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 518d835380a2ae01d6a9cc19de92684baade96a4
Author: Werner Koch
Date: Thu Jun 5 17:05:33 2014 +0200
Post beta release update.
--
656fef6454972cb91741c37a0fd19cd9ade9db9c gnupg-2.1.0-beta442.tar.bz2
diff --git a/NEWS b/NEWS
index cc3e263..0f2e78f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 2.1.0 (unreleased)
+------------------------------------------------
+
+
Noteworthy changes in version 2.1.0-beta442 (2014-06-05)
--------------------------------------------------------
commit 27f4ce40e01b501eeaa311dc7a6eee593758548b
Author: Werner Koch
Date: Thu Jun 5 16:23:10 2014 +0200
Release 2.1.0-beta442.
--
This beta is small contribution for today's Reset The Net campaign.
It is a crying shame that the government of my country is not
willing to offer Edward Snowden asylum and protect him from the evil
institutions of those allies who once thankfully kicked out the most
evil German powers. Back in these dark years, many people had to
ask for asylum over there and it was granted. Now we have to fear
their Blockwarts who are listening to the entire world. It would be
more than justified for us to help that brave guy.
diff --git a/NEWS b/NEWS
index a5a0d53..cc3e263 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,5 @@
-Noteworthy changes in version 2.1.0-betaN (unreleased)
------------------------------------------------------
+Noteworthy changes in version 2.1.0-beta442 (2014-06-05)
+--------------------------------------------------------
* gpg: Add experimental signature support using curve Ed25519 and
with a patched Libgcrypt also encryption support with Curve25519.
commit ab7d85be82b8add165a4ca6289fed2779fec8a41
Author: Werner Koch
Date: Thu Jun 5 16:22:18 2014 +0200
po: Auto-update po files.
--
diff --git a/po/de.po b/po/de.po
index da0f13c..49a03c5 100644
--- a/po/de.po
+++ b/po/de.po
@@ -300,12 +300,12 @@ msgstr ""
"@Optionen:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "Im Server Modus ausf?hren"
-
msgid "run in daemon mode (background)"
msgstr "Im Daemon Modus ausf?hren"
+msgid "run in server mode (foreground)"
+msgstr "Im Server Modus ausf?hren"
+
msgid "verbose"
msgstr "Detaillierte Informationen"
@@ -354,14 +354,19 @@ msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
msgid "do not use the PIN cache when signing"
msgstr "benutze PINs im Cache nicht beim Signieren"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "erlaube Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
msgid "allow presetting passphrase"
msgstr "erlaube ein \"preset\" von Passphrases"
-msgid "enable ssh-agent emulation"
-msgstr "Die ssh-agent-Emulation anschalten"
+msgid "enable ssh support"
+msgstr ""
+
+msgid "enable putty support"
+msgstr ""
msgid "|FILE|write environment settings also to FILE"
msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
@@ -665,6 +670,16 @@ msgstr "Die Passphrase ?ndern"
msgid "I'll change it later"
msgstr "Ich werde sie sp?ter ?ndern"
+#, fuzzy
+#| msgid "enable key"
+msgid "Delete key"
+msgstr "Schl?ssel anschalten"
+
+msgid ""
+"Warning: This key is also listed for use with SSH!\n"
+"Deleting the key will may remove your ability toaccess remote machines."
+msgstr ""
+
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "F?r DSA mu? die Hashl?nge ein Vielfaches von 8 Bit sein\n"
@@ -724,13 +739,6 @@ msgstr "Fehler bei Ausf?hrung von `%s': beendet\n"
msgid "error getting exit code of process %d: %s\n"
msgstr "Fehler beim Holen des Exitwerte des Prozesses %d: %s\n"
-#, c-format
-msgid "error creating socket: %s\n"
-msgstr "Fehler beim Erstellen des Sockets: %s\n"
-
-msgid "host not found"
-msgstr "Host nicht gefunden"
-
msgid "gpg-agent is not available in this session\n"
msgstr "GPG-Agent ist in dieser Sitzung nicht vorhanden\n"
@@ -1030,14 +1038,6 @@ msgid "you found a bug ... (%s:%d)\n"
msgstr "Sie haben einen Bug (Programmfehler) gefunden ... (%s:%d)\n"
#, c-format
-msgid "error loading '%s': %s\n"
-msgstr "Fehler beim Laden von `%s': %s\n"
-
-#, c-format
-msgid "please see %s for more information\n"
-msgstr "Siehe %s f?r weitere Infos\n"
-
-#, c-format
msgid "conversion from '%s' to '%s' not available\n"
msgstr "Umwandlung von `%s' in `%s' ist nicht verf?gbar\n"
@@ -1466,8 +1466,18 @@ msgstr "Diesen Schl?ssel aus dem Schl?sselbund l?schen? (j/N) "
msgid "This is a secret key! - really delete? (y/N) "
msgstr "Dies ist ein privater Schl?ssel! - Wirklich l?schen? (j/N) "
-msgid "deleting secret key not implemented\n"
-msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n"
+#, fuzzy, c-format
+#| msgid "deleting certificate \"%s\" failed: %s\n"
+msgid "deleting secret %s failed: %s\n"
+msgstr "Fehler beim L?schen des Zertifikats \"%s\": %s\n"
+
+msgid "key"
+msgstr ""
+
+#, fuzzy
+#| msgid "Pubkey: "
+msgid "subkey"
+msgstr "?ff. Schl?ssel: "
#, c-format
msgid "deleting keyblock failed: %s\n"
@@ -1723,6 +1733,16 @@ msgstr "Schl?ssel aus dem ?ff. Schl?sselbund entfernen"
msgid "remove keys from the secret keyring"
msgstr "Schl?ssel aus dem geh. Schl?sselbund entfernen"
+#, fuzzy
+#| msgid "sign a key"
+msgid "quickly sign a key"
+msgstr "Schl?ssel signieren"
+
+#, fuzzy
+#| msgid "sign a key locally"
+msgid "quickly sign a key locally"
+msgstr "Schl?ssel nur f?r diesen Rechner signieren"
+
msgid "sign a key"
msgstr "Schl?ssel signieren"
@@ -2554,15 +2574,15 @@ msgstr "Schl?ssel %s: geheimer Schl?ssel bereits vorhanden\n"
msgid "key %s: error sending to agent: %s\n"
msgstr "Schl?ssel %s: Fehler beim Senden zum gpg-agent: %s\n"
+msgid "importing secret keys not allowed\n"
+msgstr "Importieren geheimer Schl?ssel ist nicht erlaubt\n"
+
#, c-format
msgid "key %s: secret key with invalid cipher %d - skipped\n"
msgstr ""
"Schl?ssel %s: geheimer Schl?ssel mit ung?ltiger Verschl?sselung %d - "
"?bersprungen\n"
-msgid "importing secret keys not allowed\n"
-msgstr "Importieren geheimer Schl?ssel ist nicht erlaubt\n"
-
#, c-format
msgid "key %s: no public key - can't apply revocation certificate\n"
msgstr ""
@@ -3186,6 +3206,26 @@ msgstr "?nderung fehlgeschlagen: %s\n"
msgid "Key not changed so no update needed.\n"
msgstr "Schl?ssel ist nicht ge?ndert worden, also ist kein Speichern n?tig.\n"
+#, fuzzy, c-format
+#| msgid "invalid fingerprint"
+msgid "\"%s\" is not a fingerprint\n"
+msgstr "ung?ltiger Fingerabdruck"
+
+#, fuzzy, c-format
+#| msgid "failed to get the fingerprint\n"
+msgid "\"%s\" is not the primary fingerprint\n"
+msgstr "Kann den Fingerprint nicht ermitteln\n"
+
+#, fuzzy
+#| msgid "No such user ID.\n"
+msgid "No matching user IDs."
+msgstr "Keine solche User-ID vorhanden.\n"
+
+#, fuzzy
+#| msgid "Nothing to sign with key %s\n"
+msgid "Nothing to sign.\n"
+msgstr "Nichts zu beglaubigen f?r Schl?ssel %s\n"
+
msgid "Digest: "
msgstr "Digest: "
@@ -3615,20 +3655,24 @@ msgstr " (%d) DSA (Leistungsf?higkeit selber einstellbar)\n"
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n"
-#, c-format
-msgid " (%d) ECDSA and ECDH\n"
-msgstr " (%d) ECDSA und ECDH\n"
+#, fuzzy, c-format
+#| msgid " (%d) %s\n"
+msgid " (%d) ECC\n"
+msgstr " (%d) signieren\n"
-#, c-format
-msgid " (%d) ECDSA (sign only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (sign only)\n"
+msgid " (%d) ECC (sign only)\n"
msgstr " (%d) ECDSA (nur signieren/beglaubigen)\n"
-#, c-format
-msgid " (%d) ECDSA (set your own capabilities)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (set your own capabilities)\n"
+msgid " (%d) ECC (set your own capabilities)\n"
msgstr " (%d) ECDSA (Leistungsf?higkeit selber einstellbar)\n"
-#, c-format
-msgid " (%d) ECDH (encrypt only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDH (encrypt only)\n"
+msgid " (%d) ECC (encrypt only)\n"
msgstr " (%d) ECDH (nur verschl?sseln)\n"
#, c-format
@@ -4180,6 +4224,18 @@ msgstr ""
msgid "no signature found\n"
msgstr "Keine Signatur gefunden\n"
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "FALSCHE Signatur von \"%s\""
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Verfallene Signatur von \"%s\""
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Korrekte Signatur von \"%s\""
+
msgid "signature verification suppressed\n"
msgstr "Signatur?berpr?fung unterdr?ckt\n"
@@ -4202,18 +4258,6 @@ msgstr "Signatur vom %s mittels %s-Schl?ssel ID %s\n"
msgid "Key available at: "
msgstr "Schl?ssel erh?ltlich bei: "
-#, c-format
-msgid "BAD signature from \"%s\""
-msgstr "FALSCHE Signatur von \"%s\""
-
-#, c-format
-msgid "Expired signature from \"%s\""
-msgstr "Verfallene Signatur von \"%s\""
-
-#, c-format
-msgid "Good signature from \"%s\""
-msgstr "Korrekte Signatur von \"%s\""
-
msgid "[uncertain]"
msgstr "[ungewi?] "
@@ -4229,8 +4273,9 @@ msgstr "Diese Signatur ist seit %s verfallen.\n"
msgid "Signature expires %s\n"
msgstr "Diese Signatur verf?llt am %s.\n"
-#, c-format
-msgid "%s signature, digest algorithm %s\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "%s signature, digest algorithm %s%s%s\n"
msgstr "%s Signatur, Hashmethode \"%s\"\n"
msgid "binary"
@@ -4428,26 +4473,64 @@ msgstr "%u-Bit %s Schl?ssel, ID %s, erzeugt %s"
msgid " (subkey on main key ID %s)"
msgstr " (Unterschl?ssel aus Hauptschl?ssel-ID %s)"
-msgid ""
-"Please enter the passphrase to unlock the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to unlock the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr ""
"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
"entsperren:"
-msgid ""
-"Please enter the passphrase to import the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to import the OpenPGP secret key:"
msgstr ""
"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
"importieren:"
-#, c-format
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
+msgstr ""
+"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
+"importieren:"
+
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret key:"
+msgstr ""
+"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
+"importieren:"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
+msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) "
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) "
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s\n"
+#| "\"%.*s\"\n"
+#| "%u-bit %s key, ID %s,\n"
+#| "created %s%s.\n"
msgid ""
"%s\n"
"\"%.*s\"\n"
"%u-bit %s key, ID %s,\n"
"created %s%s.\n"
+"%s"
msgstr ""
"%s\n"
"\"%.*s\"\n"
@@ -4890,6 +4973,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n"
msgstr "WARNUNG: Signaturunterschl?ssel %s hat keine R?cksignatur\n"
#, c-format
+msgid "please see %s for more information\n"
+msgstr "Siehe %s f?r weitere Infos\n"
+
+#, c-format
msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
msgstr "WARNUNG: Signaturunterschl?ssel %s hat eine ung?ltige R?cksignatur\n"
@@ -4923,6 +5010,11 @@ msgstr "Hinweis: Signaturschl?ssel %s ist am %s verfallen\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "Hinweis: Signaturschl?ssel %s wurde widerrufen\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s Signatur, Hashmethode \"%s\"\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
@@ -5208,53 +5300,6 @@ msgstr ""
msgid "using %s trust model\n"
msgstr "verwende Vertrauensmodell %s\n"
-#. TRANSLATORS: these strings are similar to those in
-#. trust_value_to_string(), but are a fixed length. This is needed to
-#. make attractive information listings where columns line up
-#. properly. The value "10" should be the length of the strings you
-#. choose to translate to. This is the length in printable columns.
-#. It gets passed to atoi() so everything after the number is
-#. essentially a comment and need not be translated. Either key and
-#. uid are both NULL, or neither are NULL.
-msgid "10 translator see trustdb.c:uid_trust_string_fixed"
-msgstr "10"
-
-msgid "[ revoked]"
-msgstr "[widerrufen]"
-
-msgid "[ expired]"
-msgstr "[verfall.]"
-
-msgid "[ unknown]"
-msgstr "[ unbek.]"
-
-msgid "[ undef ]"
-msgstr "[ undef.]"
-
-msgid "[marginal]"
-msgstr "[marginal]"
-
-msgid "[ full ]"
-msgstr "[ vollst.]"
-
-msgid "[ultimate]"
-msgstr "[ uneing.]"
-
-msgid "undefined"
-msgstr "unbestimmt"
-
-msgid "never"
-msgstr "niemals"
-
-msgid "marginal"
-msgstr "marginal"
-
-msgid "full"
-msgstr "vollst?ndig"
-
-msgid "ultimate"
-msgstr "uneingeschr?nkt"
-
msgid "no need for a trustdb check\n"
msgstr "\"Trust-DB\"-?berpr?fung nicht n?tig\n"
@@ -7084,6 +7129,9 @@ msgstr "|FPR|OCSP Antwort ist durch FPR signiert"
msgid "|N|do not return more than N items in one query"
msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zur?ckgeben"
+msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
@@ -7587,6 +7635,11 @@ msgstr "Druckdaten hexkodiert ausgeben"
msgid "decode received data lines"
msgstr "Dekodiere empfangene Datenzeilen"
+#, fuzzy
+#| msgid "can't connect to the dirmngr: %s\n"
+msgid "connect to the dirmngr"
+msgstr "Verbindung zum Dirmngr nicht m?glich: %s\n"
+
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME"
@@ -7758,6 +7811,11 @@ msgstr "Directory Manager"
msgid "PIN and Passphrase Entry"
msgstr "Falsche PIN oder Passphrase!"
+#, fuzzy
+#| msgid "Component not found"
+msgid "Component not suitable for launching"
+msgstr "Komponente nicht gefunden"
+
#, c-format
msgid "External verification of component %s failed"
msgstr "Die externe ?berpr?fung der Komponente %s war nicht erfolgreich"
@@ -7783,7 +7841,9 @@ msgstr "|KOMPONENTE|Pr?fe die Optionen"
msgid "apply global default values"
msgstr "Wende die gobalen Voreinstellungen an"
-msgid "get the configuration directories for gpgconf"
+#, fuzzy
+#| msgid "get the configuration directories for gpgconf"
+msgid "get the configuration directories for @GPGCONF@"
msgstr "Hole die Einstellungsverzeichnisse von gpgconf"
msgid "list global configuration file"
@@ -7795,6 +7855,11 @@ msgstr "Pr?fe die globale Konfigurationsdatei"
msgid "reload all or a given component"
msgstr "\"reload\" an alle oder eine Komponente senden"
+#, fuzzy
+#| msgid "kill a given component"
+msgid "launch a given component"
+msgstr "\"kill\" an eine Komponente senden"
+
msgid "kill a given component"
msgstr "\"kill\" an eine Komponente senden"
@@ -7814,9 +7879,6 @@ msgstr ""
"Syntax: @GPGCONF@ {Optionen]\n"
"Verwalte Konfigurationsoptionen f?r Programme des @GNUPG@ Systems\n"
-msgid "usage: gpgconf [options] "
-msgstr "Aufruf: gpgconf [Optionen] "
-
msgid "Need one component argument"
msgstr "Ben?tige ein Komponentenargument"
@@ -7970,15 +8032,72 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n"
+#~ msgid "enable ssh-agent emulation"
+#~ msgstr "Die ssh-agent-Emulation anschalten"
+
+#~ msgid "error creating socket: %s\n"
+#~ msgstr "Fehler beim Erstellen des Sockets: %s\n"
+
+#~ msgid "host not found"
+#~ msgstr "Host nicht gefunden"
+
+#~ msgid "error loading '%s': %s\n"
+#~ msgstr "Fehler beim Laden von `%s': %s\n"
+
+#~ msgid "deleting secret key not implemented\n"
+#~ msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n"
+
+#~ msgid " (%d) ECDSA and ECDH\n"
+#~ msgstr " (%d) ECDSA und ECDH\n"
+
+#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+#~ msgstr "10"
+
+#~ msgid "[ revoked]"
+#~ msgstr "[widerrufen]"
+
+#~ msgid "[ expired]"
+#~ msgstr "[verfall.]"
+
+#~ msgid "[ unknown]"
+#~ msgstr "[ unbek.]"
+
+#~ msgid "[ undef ]"
+#~ msgstr "[ undef.]"
+
+#~ msgid "[marginal]"
+#~ msgstr "[marginal]"
+
+#~ msgid "[ full ]"
+#~ msgstr "[ vollst.]"
+
+#~ msgid "[ultimate]"
+#~ msgstr "[ uneing.]"
+
+#~ msgid "undefined"
+#~ msgstr "unbestimmt"
+
+#~ msgid "never"
+#~ msgstr "niemals"
+
+#~ msgid "marginal"
+#~ msgstr "marginal"
+
+#~ msgid "full"
+#~ msgstr "vollst?ndig"
+
+#~ msgid "ultimate"
+#~ msgstr "uneingeschr?nkt"
+
+#~ msgid "usage: gpgconf [options] "
+#~ msgstr "Aufruf: gpgconf [Optionen] "
+
#~ msgid "Usage: scdaemon [options] (-h for help)"
#~ msgstr "Aufruf: scdaemon [Optionen] (-h f?r Hilfe)"
#~ msgid "malformed GPG_AGENT_INFO environment variable\n"
#~ msgstr "fehlerhaft aufgebaute GPG_AGENT_INFO - Umgebungsvariable\n"
-#~ msgid " (%d) %s\n"
-#~ msgstr " (%d) signieren\n"
-
#~ msgid "Usage: gpgsm [options] [files] (-h for help)"
#~ msgstr "Aufruf: gpgsm [Optionen] [Dateien] (-h f?r Hilfe)"
diff --git a/po/fr.po b/po/fr.po
index 9e58e19..9293376 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -97,14 +97,12 @@ msgstr "Phrase de passe"
msgid "ssh keys greater than %d bits are not supported\n"
msgstr "les clefs SSH plus grandes que %d?bits ne sont pas prises en charge\n"
-#, fuzzy, c-format
-#| msgid "can't create '%s': %s\n"
-msgid "can't create `%s': %s\n"
+#, c-format
+msgid "can't create '%s': %s\n"
msgstr "impossible de cr?er ??%s???: %s\n"
-#, fuzzy, c-format
-#| msgid "can't open '%s': %s\n"
-msgid "can't open `%s': %s\n"
+#, c-format
+msgid "can't open '%s': %s\n"
msgstr "impossible d'ouvrir ??%s???: %s\n"
#, c-format
@@ -298,12 +296,12 @@ msgstr ""
"@Options?:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "ex?cuter en mode serveur (premier plan)"
-
msgid "run in daemon mode (background)"
msgstr "ex?cuter en mode d?mon (arri?re-plan)"
+msgid "run in server mode (foreground)"
+msgstr "ex?cuter en mode serveur (premier plan)"
+
msgid "verbose"
msgstr "bavard"
@@ -352,14 +350,21 @@ msgstr "|N|oublier les codes personnels apr?s N?secondes"
msgid "do not use the PIN cache when signing"
msgstr "ne pas utiliser le cache de code pour signer"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "permettre de marquer la confiance des clefs"
msgid "allow presetting passphrase"
msgstr "permettre de pr?configurer la phrase de passe"
-msgid "enable ssh-agent emulation"
-msgstr "activer l'?mulation de ssh-agent"
+msgid "enable ssh support"
+msgstr ""
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "non pris en charge"
msgid "|FILE|write environment settings also to FILE"
msgstr "|FICHIER|?crire aussi les r?glages d'env. dans FICHIER"
@@ -373,12 +378,18 @@ msgstr ""
"Veuillez signaler toutes anomalies sur <@EMAIL@> (en anglais)\n"
"et tout probl?me de traduction ? .\n"
-msgid "Usage: gpg-agent [options] (-h for help)"
-msgstr "Utilisation?: gpg-agent [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
+msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg-agent [options] [command [args]]\n"
+#| "Secret key management for GnuPG\n"
msgid ""
-"Syntax: gpg-agent [options] [command [args]]\n"
-"Secret key management for GnuPG\n"
+"Syntax: @GPG_AGENT@ [options] [command [args]]\n"
+"Secret key management for @GNUPG@\n"
msgstr ""
"Syntaxe?: gpg-agent [options] [commande [arguments]]\n"
"Gestionnaire de clefs secr?tes pour GnuPG\n"
@@ -490,8 +501,10 @@ msgid "no gpg-agent running in this session\n"
msgstr ""
"aucune instance de gpg-agent n'est en cours d'ex?cution dans cette session\n"
-msgid "malformed GPG_AGENT_INFO environment variable\n"
-msgstr "la variable d'environnement GPG_AGENT_INFO est mal d?finie\n"
+#, fuzzy, c-format
+#| msgid "malformed DIRMNGR_INFO environment variable\n"
+msgid "malformed %s environment variable\n"
+msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n"
#, c-format
msgid "gpg-agent protocol version %d is not supported\n"
@@ -663,6 +676,16 @@ msgstr "Modifier la phrase de passe"
msgid "I'll change it later"
msgstr "Je la modifierai plus tard"
+#, fuzzy
+#| msgid "enable key"
+msgid "Delete key"
+msgstr "activer la clef"
+
+msgid ""
+"Warning: This key is also listed for use with SSH!\n"
+"Deleting the key will may remove your ability toaccess remote machines."
+msgstr ""
+
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "DSA n?cessite que la longueur du hachage soit un multiple de 8?bits\n"
@@ -723,13 +746,6 @@ msgstr "erreur d'ex?cution de ??%s???: termin?\n"
msgid "error getting exit code of process %d: %s\n"
msgstr "erreur de lecture du code de retour du processus?%d?: %s\n"
-#, c-format
-msgid "error creating socket: %s\n"
-msgstr "erreur de cr?ation de socket?: %s\n"
-
-msgid "host not found"
-msgstr "h?te introuvable"
-
msgid "gpg-agent is not available in this session\n"
msgstr "gpg-agent n'est pas disponible dans cette session\n"
@@ -968,10 +984,6 @@ msgstr "Dirmngr utilisable"
msgid "No help available for '%s'."
msgstr "Pas d'aide disponible pour ??%s??."
-#, c-format
-msgid "can't open '%s': %s\n"
-msgstr "impossible d'ouvrir ??%s???: %s\n"
-
msgid "ignoring garbage line"
msgstr "ligne inutile ignor?e"
@@ -1034,14 +1046,6 @@ msgid "you found a bug ... (%s:%d)\n"
msgstr "vous avez trouv? un bogue? (%s?: %d)\n"
#, c-format
-msgid "error loading '%s': %s\n"
-msgstr "erreur de chargement de ??%s???: %s\n"
-
-#, c-format
-msgid "please see %s for more information\n"
-msgstr "veuillez consulter %s pour plus de renseignements\n"
-
-#, c-format
msgid "conversion from '%s' to '%s' not available\n"
msgstr "conversion de ??%s?? vers ??%s?? non disponible\n"
@@ -1062,10 +1066,6 @@ msgid "error writing to '%s': %s\n"
msgstr "erreur d'?criture sur ??%s???: %s\n"
#, c-format
-msgid "can't create '%s': %s\n"
-msgstr "impossible de cr?er ??%s???: %s\n"
-
-#, c-format
msgid "removing stale lockfile (created by %d)\n"
msgstr "suppression du vieux fichier verrou (cr?? par %d)\n"
@@ -1477,8 +1477,20 @@ msgstr "Faut-il supprimer cette clef du porte-clefs?? (o/N) "
msgid "This is a secret key! - really delete? (y/N) "
msgstr "C'est une clef secr?te ? faut-il vraiment la supprimer?? (o/N) "
-msgid "deleting secret key not implemented\n"
-msgstr "la suppression de clef secr?te n'est pas impl?ment?e\n"
+#, fuzzy, c-format
+#| msgid "deleting certificate \"%s\" failed: %s\n"
+msgid "deleting secret %s failed: %s\n"
+msgstr "?chec de suppression du certificat ??%s???: %s\n"
+
+#, fuzzy
+#| msgid "bad key"
+msgid "key"
+msgstr "mauvaise clef"
+
+#, fuzzy
+#| msgid "Pubkey: "
+msgid "subkey"
+msgstr "Clef publique?: "
#, c-format
msgid "deleting keyblock failed: %s\n"
@@ -1736,6 +1748,16 @@ msgstr "supprimer les clefs du porte-clefs public"
msgid "remove keys from the secret keyring"
msgstr "supprimer les clefs du porte-clefs secret"
+#, fuzzy
+#| msgid "sign a key"
+msgid "quickly sign a key"
+msgstr "signer une clef"
+
+#, fuzzy
+#| msgid "sign a key locally"
+msgid "quickly sign a key locally"
+msgstr "signer une clef localement"
+
msgid "sign a key"
msgstr "signer une clef"
@@ -1838,7 +1860,9 @@ msgstr ""
" --list-keys [noms] montrer les clefs\n"
" --fingerprint [noms] montrer les empreintes\n"
-msgid "Usage: gpg [options] [files] (-h for help)"
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: @GPG@ [options] [files] (-h for help)"
msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)"
#, fuzzy
@@ -1847,7 +1871,7 @@ msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)"
#| "sign, check, encrypt or decrypt\n"
#| "default operation depends on the input data\n"
msgid ""
-"Syntax: gpg [options] [files]\n"
+"Syntax: @GPG@ [options] [files]\n"
"Sign, check, encrypt or decrypt\n"
"Default operation depends on the input data\n"
msgstr ""
@@ -2578,13 +2602,13 @@ msgstr "clef %s?: la clef secr?te clef existe d?j?\n"
msgid "key %s: error sending to agent: %s\n"
msgstr "clef %s?: erreur d'envoi ? l'agent?: %s\n"
+msgid "importing secret keys not allowed\n"
+msgstr "impossible d'importer des clefs secr?tes\n"
+
#, c-format
msgid "key %s: secret key with invalid cipher %d - skipped\n"
msgstr "clef %s?: clef secr?te avec chiffrement %d incorrect ? ignor?e\n"
-msgid "importing secret keys not allowed\n"
-msgstr "impossible d'importer des clefs secr?tes\n"
-
#, c-format
msgid "key %s: no public key - can't apply revocation certificate\n"
msgstr ""
@@ -3202,6 +3226,26 @@ msgstr "?chec de la mise ? jour?: %s\n"
msgid "Key not changed so no update needed.\n"
msgstr "La clef n'a pas ?t? modifi?e donc la mise ? jour est inutile.\n"
+#, fuzzy, c-format
+#| msgid "invalid fingerprint"
+msgid "\"%s\" is not a fingerprint\n"
+msgstr "empreinte incorrecte"
+
+#, fuzzy, c-format
+#| msgid "failed to get the fingerprint\n"
+msgid "\"%s\" is not the primary fingerprint\n"
+msgstr "impossible d'obtenir l'empreinte\n"
+
+#, fuzzy
+#| msgid "No such user ID.\n"
+msgid "No matching user IDs."
+msgstr "Cette identit? n'existe pas.\n"
+
+#, fuzzy
+#| msgid "Nothing to sign with key %s\n"
+msgid "Nothing to sign.\n"
+msgstr "Rien ? signer avec la clef %s\n"
+
msgid "Digest: "
msgstr "Hachage?: "
@@ -3634,20 +3678,24 @@ msgstr " (%d) DSA (indiquez vous-m?me les capacit?s)\n"
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (indiquez vous-m?me les capacit?s)\n"
-#, c-format
-msgid " (%d) ECDSA and ECDH\n"
-msgstr " (%d) ECDSA et ECDH\n"
+#, fuzzy, c-format
+#| msgid " (%d) RSA\n"
+msgid " (%d) ECC\n"
+msgstr " (%d) RSA\n"
-#, c-format
-msgid " (%d) ECDSA (sign only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (sign only)\n"
+msgid " (%d) ECC (sign only)\n"
msgstr " (%d) ECDSA (signature seule)\n"
-#, c-format
-msgid " (%d) ECDSA (set your own capabilities)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (set your own capabilities)\n"
+msgid " (%d) ECC (set your own capabilities)\n"
msgstr " (%d) ECDSA (indiquez vous-m?me les capacit?s)\n"
-#, c-format
-msgid " (%d) ECDH (encrypt only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDH (encrypt only)\n"
+msgid " (%d) ECC (encrypt only)\n"
msgstr " (%d) ECDH (chiffrement seul)\n"
#, c-format
@@ -3683,6 +3731,11 @@ msgstr "La taille demand?e est %u?bits\n"
msgid "rounded to %u bits\n"
msgstr "arrondie ? %u?bits\n"
+#, fuzzy
+#| msgid "Please select what kind of key you want:\n"
+msgid "Please select which elliptic curve you want:\n"
+msgstr "S?lectionnez le type de clef d?sir??:\n"
+
msgid ""
"Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
@@ -4208,6 +4261,18 @@ msgstr "r?vocation autonome ? utilisez ??gpg --import?? pour l'appliquer\
msgid "no signature found\n"
msgstr "aucune signature trouv?e\n"
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "MAUVAISE signature de ??%s??"
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "Signature expir?e de ??%s??"
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "Bonne signature de ??%s??"
+
msgid "signature verification suppressed\n"
msgstr "v?rification de signature supprim?e\n"
@@ -4229,18 +4294,6 @@ msgstr "Signature faite le %s avec la clef %s d'identifiant %s\n"
msgid "Key available at: "
msgstr "Clef disponible sur?: "
-#, c-format
-msgid "BAD signature from \"%s\""
-msgstr "MAUVAISE signature de ??%s??"
-
-#, c-format
-msgid "Expired signature from \"%s\""
-msgstr "Signature expir?e de ??%s??"
-
-#, c-format
-msgid "Good signature from \"%s\""
-msgstr "Bonne signature de ??%s??"
-
msgid "[uncertain]"
msgstr "[doute]"
@@ -4256,8 +4309,9 @@ msgstr "La signature a expir? le %s\n"
msgid "Signature expires %s\n"
msgstr "La signature expire le %s\n"
-#, c-format
-msgid "%s signature, digest algorithm %s\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "%s signature, digest algorithm %s%s%s\n"
msgstr "signature %s, algorithme de hachage %s\n"
msgid "binary"
@@ -4459,27 +4513,65 @@ msgstr "clef %2$s de %1$u?bits, identifiant %3$s, cr??e le %4$s"
msgid " (subkey on main key ID %s)"
msgstr " (sous-clef de la clef principale d'identifiant %s)"
-msgid ""
-"Please enter the passphrase to unlock the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to unlock the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr ""
"Veuillez entrer la phrase de passe pour d?verrouiller la clef secr?te pour "
"le\n"
"certificat OpenPGP?:"
-msgid ""
-"Please enter the passphrase to import the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to import the OpenPGP secret key:"
msgstr ""
"Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n"
"certificat OpenPGP?:"
-#, c-format
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
+msgstr ""
+"Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n"
+"certificat OpenPGP?:"
+
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret key:"
+msgstr ""
+"Veuillez entrer la phrase de passe pour importer la clef secr?te pour le\n"
+"certificat OpenPGP?:"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
+msgstr "Voulez-vous vraiment supprimer les clefs s?lectionn?es?? (o/N) "
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgstr "Voulez-vous vraiment supprimer les clefs s?lectionn?es?? (o/N) "
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s\n"
+#| "\"%.*s\"\n"
+#| "%u-bit %s key, ID %s,\n"
+#| "created %s%s.\n"
msgid ""
"%s\n"
"\"%.*s\"\n"
"%u-bit %s key, ID %s,\n"
"created %s%s.\n"
+"%s"
msgstr ""
"%1$s\n"
"? %3$.*2$s ?\n"
@@ -4923,6 +5015,10 @@ msgstr ""
"Attention?: la sous-clef de signature %s n'a pas de certificat crois?\n"
#, c-format
+msgid "please see %s for more information\n"
+msgstr "veuillez consulter %s pour plus de renseignements\n"
+
+#, c-format
msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
msgstr ""
"Attention?: la sous-clef de signature %s a un certificat crois? incorrect\n"
@@ -4958,6 +5054,11 @@ msgstr "Remarque?: la clef de signature %s a expir? le %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "Remarque?: la clef de signature %s a ?t? r?voqu?e\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "signature %s, algorithme de hachage %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
@@ -5242,53 +5343,6 @@ msgstr ""
msgid "using %s trust model\n"
msgstr "utilisation du mod?le de confiance %s\n"
-#. TRANSLATORS: these strings are similar to those in
-#. trust_value_to_string(), but are a fixed length. This is needed to
-#. make attractive information listings where columns line up
-#. properly. The value "10" should be the length of the strings you
-#. choose to translate to. This is the length in printable columns.
-#. It gets passed to atoi() so everything after the number is
-#. essentially a comment and need not be translated. Either key and
-#. uid are both NULL, or neither are NULL.
-msgid "10 translator see trustdb.c:uid_trust_string_fixed"
-msgstr "11 le traducteur a bien lu ce qu'il fallait :)"
-
-msgid "[ revoked]"
-msgstr "[ r?voqu?e]"
-
-msgid "[ expired]"
-msgstr "[ expir?e ]"
-
-msgid "[ unknown]"
-msgstr "[ inconnue]"
-
-msgid "[ undef ]"
-msgstr "[ind?finie]"
-
-msgid "[marginal]"
-msgstr "[marginale]"
-
-msgid "[ full ]"
-msgstr "[ totale ]"
-
-msgid "[ultimate]"
-msgstr "[ ultime ]"
-
-msgid "undefined"
-msgstr "ind?finie"
-
-msgid "never"
-msgstr "jamais"
-
-msgid "marginal"
-msgstr "marginale"
-
-msgid "full"
-msgstr "totale"
-
-msgid "ultimate"
-msgstr "ultime"
-
msgid "no need for a trustdb check\n"
msgstr "inutile de v?rifier la base de confiance\n"
@@ -5467,6 +5521,11 @@ msgstr "la r?ponse ne contient pas le module RSA\n"
msgid "response does not contain the RSA public exponent\n"
msgstr "la r?ponse ne contient pas l'exposant public RSA\n"
+#, fuzzy
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public point\n"
+msgstr "la r?ponse ne contient pas l'exposant public RSA\n"
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "utilisation du code personnel par d?faut en tant que %s\n"
@@ -5662,12 +5721,18 @@ msgstr "refus d'utiliser les commandes d'administration de la carte"
msgid "use variable length input for pinpad"
msgstr ""
-msgid "Usage: scdaemon [options] (-h for help)"
-msgstr "Utilisation?: scdaemon [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @SCDAEMON@ [options] (-h for help)"
+msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: scdaemon [options] [command [args]]\n"
+#| "Smartcard daemon for GnuPG\n"
msgid ""
"Syntax: scdaemon [options] [command [args]]\n"
-"Smartcard daemon for GnuPG\n"
+"Smartcard daemon for @GNUPG@\n"
msgstr ""
"Syntaxe?: scdaemon [options] [commande [arguments]]\n"
"D?mon de carte ? puce pour GnuPG\n"
@@ -6242,8 +6307,10 @@ msgstr "|NOM|utiliser l'algorithme de chiffrement NOM"
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NOM|utiliser l'algorithme de hachage NOM"
-msgid "Usage: gpgsm [options] [files] (-h for help)"
-msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)"
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
+msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)"
#, fuzzy
#| msgid ""
@@ -6251,7 +6318,7 @@ msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)"
#| "sign, check, encrypt or decrypt using the S/MIME protocol\n"
#| "default operation depends on the input data\n"
msgid ""
-"Syntax: gpgsm [options] [files]\n"
+"Syntax: @GPGSM@ [options] [files]\n"
"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
"Default operation depends on the input data\n"
msgstr ""
@@ -7089,9 +7156,6 @@ msgstr ""
"pas d'instance de dirmngr en cours d'ex?cution ?\n"
"d?marrage d'une nouvelle instance\n"
-msgid "malformed DIRMNGR_INFO environment variable\n"
-msgstr "la variable d'environnement DIRMNGR_INFO est mal d?finie\n"
-
#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "le protocole dirmngr version?%d n'est pas pris en charge\n"
@@ -7196,6 +7260,9 @@ msgstr "|EMPR|r?ponse OCSP sign?e par EMPR"
msgid "|N|do not return more than N items in one query"
msgstr "|N|ne pas renvoyer plus de N??l?ments dans une requ?te"
+msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
@@ -7205,12 +7272,18 @@ msgstr ""
"(Consultez le manuel ??info?? pour obtenir une liste compl?te des commandes\n"
"et options)\n"
-msgid "Usage: dirmngr [options] (-h for help)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @DIRMNGR@ [options] (-h for help)"
msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: dirmngr [options] [command [args]]\n"
+#| "LDAP and OCSP access for GnuPG\n"
msgid ""
-"Syntax: dirmngr [options] [command [args]]\n"
-"LDAP and OCSP access for GnuPG\n"
+"Syntax: @DIRMNGR@ [options] [command [args]]\n"
+"LDAP and OCSP access for @GNUPG@\n"
msgstr ""
"Syntaxe?: dirmngr [options] [commande [arguments]]\n"
"Acc?s LDAP et OCSP pour GnuPG\n"
@@ -7219,8 +7292,10 @@ msgstr ""
msgid "valid debug levels are: %s\n"
msgstr "les niveaux de d?bogage possibles sont?: %s\n"
-msgid "usage: dirmngr [options] "
-msgstr "utilisation?: dirmngr [options] "
+#, fuzzy, c-format
+#| msgid "usage: gpgsm [options] "
+msgid "usage: %s [options] "
+msgstr "utilisation?: gpgsm [options] "
msgid "colons are not allowed in the socket name\n"
msgstr "les deux-points ne sont pas permis avec dans le nom de socket\n"
@@ -7711,6 +7786,11 @@ msgstr "afficher les donn?es encod?es au format hexad?cimal"
msgid "decode received data lines"
msgstr "d?coder les lignes de donn?es re?ues"
+#, fuzzy
+#| msgid "can't connect to the dirmngr: %s\n"
+msgid "connect to the dirmngr"
+msgstr "impossible de se connecter au dirmngr?: %s\n"
+
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NOM|se connecter ? la socket Assuan NOM"
@@ -7729,11 +7809,17 @@ msgstr "|FICHIER|ex?cuter les commandes du FICHIER au d?marrage"
msgid "run /subst on startup"
msgstr "ex?cuter /subst au d?marrage"
-msgid "Usage: gpg-connect-agent [options] (-h for help)"
+#, fuzzy
+#| msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgid "Usage: @GPG at -connect-agent [options] (-h for help)"
msgstr "Utilisation?: gpg-connect-agent [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg-connect-agent [options]\n"
+#| "Connect to a running agent and send commands\n"
msgid ""
-"Syntax: gpg-connect-agent [options]\n"
+"Syntax: @GPG at -connect-agent [options]\n"
"Connect to a running agent and send commands\n"
msgstr ""
"Syntaxe?: gpg-connect-agent [options]\n"
@@ -7880,6 +7966,11 @@ msgstr "Gestionnaire de r?pertoires"
msgid "PIN and Passphrase Entry"
msgstr "Entr?e de code personnel et de phrase de passe"
+#, fuzzy
+#| msgid "Component not found"
+msgid "Component not suitable for launching"
+msgstr "Composant introuvable"
+
#, c-format
msgid "External verification of component %s failed"
msgstr "?chec de v?rification externe du composant %s"
@@ -7905,7 +7996,9 @@ msgstr "|COMPOSANT|v?rifier les options"
msgid "apply global default values"
msgstr "appliquer les valeurs par d?faut globales"
-msgid "get the configuration directories for gpgconf"
+#, fuzzy
+#| msgid "get the configuration directories for gpgconf"
+msgid "get the configuration directories for @GPGCONF@"
msgstr "aff. r?pertoires de configuration pour gpgconf"
msgid "list global configuration file"
@@ -7917,6 +8010,11 @@ msgstr "v?rifier le fichier de configuration globale"
msgid "reload all or a given component"
msgstr "recharger tous les composants ou celui donn?"
+#, fuzzy
+#| msgid "kill a given component"
+msgid "launch a given component"
+msgstr "tuer un composant donn?"
+
msgid "kill a given component"
msgstr "tuer un composant donn?"
@@ -7926,19 +8024,22 @@ msgstr "utiliser comme fichier de sortie"
msgid "activate changes at runtime, if possible"
msgstr "activer modif. pendant l'ex?cution si possible"
-msgid "Usage: gpgconf [options] (-h for help)"
-msgstr "Utilisation?: gpgconf [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @GPGCONF@ [options] (-h for help)"
+msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpgconf [options]\n"
+#| "Manage configuration options for tools of the GnuPG system\n"
msgid ""
-"Syntax: gpgconf [options]\n"
-"Manage configuration options for tools of the GnuPG system\n"
+"Syntax: @GPGCONF@ [options]\n"
+"Manage configuration options for tools of the @GNUPG@ system\n"
msgstr ""
"Syntaxe?: gpgconf [options]\n"
"G?rer les options de configuration pour les outils du syst?me GnuPG\n"
-msgid "usage: gpgconf [options] "
-msgstr "utilisation?: gpgconf [options] "
-
msgid "Need one component argument"
msgstr "Un argument de composant n?cessaire"
@@ -8093,6 +8194,94 @@ msgstr ""
"V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? "
"ficmotif\n"
+#, fuzzy
+#~| msgid "can't create '%s': %s\n"
+#~ msgid "can't create `%s': %s\n"
+#~ msgstr "impossible de cr?er ??%s???: %s\n"
+
+#, fuzzy
+#~| msgid "can't open '%s': %s\n"
+#~ msgid "can't open `%s': %s\n"
+#~ msgstr "impossible d'ouvrir ??%s???: %s\n"
+
+#~ msgid "enable ssh-agent emulation"
+#~ msgstr "activer l'?mulation de ssh-agent"
+
+#~ msgid "Usage: gpg-agent [options] (-h for help)"
+#~ msgstr "Utilisation?: gpg-agent [options] (-h pour l'aide)"
+
+#~ msgid "malformed GPG_AGENT_INFO environment variable\n"
+#~ msgstr "la variable d'environnement GPG_AGENT_INFO est mal d?finie\n"
+
+#~ msgid "error creating socket: %s\n"
+#~ msgstr "erreur de cr?ation de socket?: %s\n"
+
+#~ msgid "host not found"
+#~ msgstr "h?te introuvable"
+
+#~ msgid "error loading '%s': %s\n"
+#~ msgstr "erreur de chargement de ??%s???: %s\n"
+
+#~ msgid "deleting secret key not implemented\n"
+#~ msgstr "la suppression de clef secr?te n'est pas impl?ment?e\n"
+
+#~ msgid " (%d) ECDSA and ECDH\n"
+#~ msgstr " (%d) ECDSA et ECDH\n"
+
+#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+#~ msgstr "11 le traducteur a bien lu ce qu'il fallait :)"
+
+#~ msgid "[ revoked]"
+#~ msgstr "[ r?voqu?e]"
+
+#~ msgid "[ expired]"
+#~ msgstr "[ expir?e ]"
+
+#~ msgid "[ unknown]"
+#~ msgstr "[ inconnue]"
+
+#~ msgid "[ undef ]"
+#~ msgstr "[ind?finie]"
+
+#~ msgid "[marginal]"
+#~ msgstr "[marginale]"
+
+#~ msgid "[ full ]"
+#~ msgstr "[ totale ]"
+
+#~ msgid "[ultimate]"
+#~ msgstr "[ ultime ]"
+
+#~ msgid "undefined"
+#~ msgstr "ind?finie"
+
+#~ msgid "never"
+#~ msgstr "jamais"
+
+#~ msgid "marginal"
+#~ msgstr "marginale"
+
+#~ msgid "full"
+#~ msgstr "totale"
+
+#~ msgid "ultimate"
+#~ msgstr "ultime"
+
+#~ msgid "Usage: scdaemon [options] (-h for help)"
+#~ msgstr "Utilisation?: scdaemon [options] (-h pour l'aide)"
+
+#~ msgid "Usage: gpgsm [options] [files] (-h for help)"
+#~ msgstr "Utilisation?: gpgsm [options] [fichiers] (-h pour l'aide)"
+
+#~ msgid "usage: dirmngr [options] "
+#~ msgstr "utilisation?: dirmngr [options] "
+
+#~ msgid "Usage: gpgconf [options] (-h for help)"
+#~ msgstr "Utilisation?: gpgconf [options] (-h pour l'aide)"
+
+#~ msgid "usage: gpgconf [options] "
+#~ msgstr "utilisation?: gpgconf [options] "
+
#~ msgid "too many entries in pk cache - disabled\n"
#~ msgstr "trop d'entr?es dans le cache de clefs publiques ? d?sactiv?\n"
@@ -8782,12 +8971,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "mauvaise clef secr?te utilis?e"
-#~ msgid "not supported"
-#~ msgstr "non pris en charge"
-
-#~ msgid "bad key"
-#~ msgstr "mauvaise clef"
-
#~ msgid "file write error"
#~ msgstr "erreur d'?criture de fichier"
diff --git a/po/ja.po b/po/ja.po
index 86bd536..e0a984e 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -97,11 +97,11 @@ msgid "ssh keys greater than %d bits are not supported\n"
msgstr "ssh??%d????????????????????\n"
#, c-format
-msgid "can't create `%s': %s\n"
+msgid "can't create '%s': %s\n"
msgstr "'%s'????????: %s\n"
#, c-format
-msgid "can't open `%s': %s\n"
+msgid "can't open '%s': %s\n"
msgstr "'%s'??????: %s\n"
#, c-format
@@ -282,12 +282,12 @@ msgstr ""
"@?????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "?????????? (????????)"
-
msgid "run in daemon mode (background)"
msgstr "??????????? (????????)"
+msgid "run in server mode (foreground)"
+msgstr "?????????? (????????)"
+
msgid "verbose"
msgstr "??"
@@ -336,14 +336,19 @@ msgstr "|N|N???????PIN??????"
msgid "do not use the PIN cache when signing"
msgstr "??????PIN????????"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "?????????\"trusted\"?????????????"
msgid "allow presetting passphrase"
msgstr "???????????????"
-msgid "enable ssh-agent emulation"
-msgstr "ssh-agent??????????????"
+msgid "enable ssh support"
+msgstr ""
+
+msgid "enable putty support"
+msgstr ""
msgid "|FILE|write environment settings also to FILE"
msgstr "|FILE|FILE?????????????"
@@ -354,12 +359,18 @@ msgstr "|FILE|FILE?????????????"
msgid "Please report bugs to <@EMAIL@>.\n"
msgstr "??? <@EMAIL@> ??????????\n"
-msgid "Usage: gpg-agent [options] (-h for help)"
-msgstr "???: gpg-agent [?????] (???? -h)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
+msgstr "???: dirmngr [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg-agent [options] [command [args]]\n"
+#| "Secret key management for GnuPG\n"
msgid ""
-"Syntax: gpg-agent [options] [command [args]]\n"
-"Secret key management for GnuPG\n"
+"Syntax: @GPG_AGENT@ [options] [command [args]]\n"
+"Secret key management for @GNUPG@\n"
msgstr ""
"??: gpg-agent [?????] [???? [??]]\n"
"GnuPG???????\n"
@@ -468,8 +479,10 @@ msgstr "%s %s ??????\n"
msgid "no gpg-agent running in this session\n"
msgstr "????????gpg-agent??????????\n"
-msgid "malformed GPG_AGENT_INFO environment variable\n"
-msgstr "GPG_AGENT_INFO???????????\n"
+#, fuzzy, c-format
+#| msgid "malformed DIRMNGR_INFO environment variable\n"
+msgid "malformed %s environment variable\n"
+msgstr "DIRMNGR_INFO?????????????\n"
#, c-format
msgid "gpg-agent protocol version %d is not supported\n"
@@ -636,6 +649,16 @@ msgstr "???????????"
msgid "I'll change it later"
msgstr "??????"
+#, fuzzy
+#| msgid "enable key"
+msgid "Delete key"
+msgstr "???????"
+
+msgid ""
+"Warning: This key is also listed for use with SSH!\n"
+"Deleting the key will may remove your ability toaccess remote machines."
+msgstr ""
+
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "DSA?8???????????????????\n"
@@ -694,13 +717,6 @@ msgstr "'%s'??????: ??????\n"
msgid "error getting exit code of process %d: %s\n"
msgstr "???? %d ?exit????????: %s\n"
-#, c-format
-msgid "error creating socket: %s\n"
-msgstr "?????????: %s\n"
-
-msgid "host not found"
-msgstr "???????????"
-
msgid "gpg-agent is not available in this session\n"
msgstr "????????gpg-agent?????\n"
@@ -937,10 +953,6 @@ msgstr "Dirmngr????"
msgid "No help available for '%s'."
msgstr "'%s'???????????"
-#, c-format
-msgid "can't open '%s': %s\n"
-msgstr "'%s'??????: %s\n"
-
msgid "ignoring garbage line"
msgstr "???????????"
@@ -1003,14 +1015,6 @@ msgid "you found a bug ... (%s:%d)\n"
msgstr "????????????? ... (%s:%d)\n"
#, c-format
-msgid "error loading '%s': %s\n"
-msgstr "'%s'???????: %s\n"
-
-#, c-format
-msgid "please see %s for more information\n"
-msgstr "???%s???????\n"
-
-#, c-format
msgid "conversion from '%s' to '%s' not available\n"
msgstr "'%s'??'%s'????????????\n"
@@ -1031,10 +1035,6 @@ msgid "error writing to '%s': %s\n"
msgstr "'%s'????????: %s\n"
#, c-format
-msgid "can't create '%s': %s\n"
-msgstr "'%s'????????: %s\n"
-
-#, c-format
msgid "removing stale lockfile (created by %d)\n"
msgstr "?? lockfile (%d ?????)??????\n"
@@ -1338,6 +1338,16 @@ msgstr " (3) ???\n"
msgid "Invalid selection.\n"
msgstr "????????\n"
+#, fuzzy
+#| msgid "Please select the reason for the revocation:\n"
+msgid "Please select where to store the key:\n"
+msgstr "??????????????:\n"
+
+#, fuzzy, c-format
+#| msgid "read failed: %s\n"
+msgid "KEYTOCARD failed: %s\n"
+msgstr "read ???????: %s\n"
+
msgid "quit this menu"
msgstr "?????????"
@@ -1428,8 +1438,18 @@ msgstr "????????????????? (y/N) "
msgid "This is a secret key! - really delete? (y/N) "
msgstr "????????! ?????????? (y/N) "
-msgid "deleting secret key not implemented\n"
-msgstr "????????????????\n"
+#, fuzzy, c-format
+#| msgid "deleting certificate \"%s\" failed: %s\n"
+msgid "deleting secret %s failed: %s\n"
+msgstr "???'%s'??????????: %s\n"
+
+msgid "key"
+msgstr ""
+
+#, fuzzy
+#| msgid "Pubkey: "
+msgid "subkey"
+msgstr "???: "
#, c-format
msgid "deleting keyblock failed: %s\n"
@@ -1593,9 +1613,6 @@ msgstr " - ?????????"
msgid "WARNING: nothing exported\n"
msgstr "*??*: ??????????????\n"
-msgid "too many entries in pk cache - disabled\n"
-msgstr "pk????????????????? - ????\n"
-
msgid "[User ID not found]"
msgstr "[???ID????????]"
@@ -1670,6 +1687,16 @@ msgstr "????????????"
msgid "remove keys from the secret keyring"
msgstr "????????????"
+#, fuzzy
+#| msgid "sign a key"
+msgid "quickly sign a key"
+msgstr "????"
+
+#, fuzzy
+#| msgid "sign a key locally"
+msgid "quickly sign a key locally"
+msgstr "????????"
+
msgid "sign a key"
msgstr "????"
@@ -1771,11 +1798,18 @@ msgstr ""
" --list-keys [??] ????\n"
" --fingerprint [??] ?????????????\n"
-msgid "Usage: gpg [options] [files] (-h for help)"
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: @GPG@ [options] [files] (-h for help)"
msgstr "???: gpg [?????] [????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg [options] [files]\n"
+#| "Sign, check, encrypt or decrypt\n"
+#| "Default operation depends on the input data\n"
msgid ""
-"Syntax: gpg [options] [files]\n"
+"Syntax: @GPG@ [options] [files]\n"
"Sign, check, encrypt or decrypt\n"
"Default operation depends on the input data\n"
msgstr ""
@@ -2470,13 +2504,13 @@ msgstr "? %s: ??????????\n"
msgid "key %s: error sending to agent: %s\n"
msgstr "? %s: ?????????????: %s\n"
+msgid "importing secret keys not allowed\n"
+msgstr "??????????????\n"
+
#, c-format
msgid "key %s: secret key with invalid cipher %d - skipped\n"
msgstr "?%s: ???????%d?????? - ???????\n"
-msgid "importing secret keys not allowed\n"
-msgstr "??????????????\n"
-
#, c-format
msgid "key %s: no public key - can't apply revocation certificate\n"
msgstr "?%s: ????????? - ?????????????\n"
@@ -2582,10 +2616,18 @@ msgid "key %s: direct key signature added\n"
msgstr "?%s: ????????\n"
#, c-format
+msgid "error creating keybox '%s': %s\n"
+msgstr "keybox'%s'??????: %s\n"
+
+#, c-format
msgid "error creating keyring '%s': %s\n"
msgstr "????'%s'??????: %s\n"
#, c-format
+msgid "keybox '%s' created\n"
+msgstr "keybox'%s'????????\n"
+
+#, c-format
msgid "keyring '%s' created\n"
msgstr "????'%s'??????\n"
@@ -3060,6 +3102,26 @@ msgstr "?????????: %s\n"
msgid "Key not changed so no update needed.\n"
msgstr "????????????????\n"
+#, fuzzy, c-format
+#| msgid "invalid fingerprint"
+msgid "\"%s\" is not a fingerprint\n"
+msgstr "?????????????"
+
+#, fuzzy, c-format
+#| msgid "failed to get the fingerprint\n"
+msgid "\"%s\" is not the primary fingerprint\n"
+msgstr "????????????????????\n"
+
+#, fuzzy
+#| msgid "No such user ID.\n"
+msgid "No matching user IDs."
+msgstr "?????ID???????\n"
+
+#, fuzzy
+#| msgid "Nothing to sign with key %s\n"
+msgid "Nothing to sign.\n"
+msgstr "?%s??????????????\n"
+
msgid "Digest: "
msgstr "??????: "
@@ -3476,20 +3538,24 @@ msgstr " (%d) DSA (???????????)\n"
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (???????????)\n"
-#, c-format
-msgid " (%d) ECDSA and ECDH\n"
-msgstr " (%d) ECDSA ? ECDH\n"
+#, fuzzy, c-format
+#| msgid " (%d) RSA\n"
+msgid " (%d) ECC\n"
+msgstr " (%d) RSA\n"
-#, c-format
-msgid " (%d) ECDSA (sign only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (sign only)\n"
+msgid " (%d) ECC (sign only)\n"
msgstr " (%d) ECDSA (????)\n"
-#, c-format
-msgid " (%d) ECDSA (set your own capabilities)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDSA (set your own capabilities)\n"
+msgid " (%d) ECC (set your own capabilities)\n"
msgstr " (%d) ECDSA (???????????)\n"
-#, c-format
-msgid " (%d) ECDH (encrypt only)\n"
+#, fuzzy, c-format
+#| msgid " (%d) ECDH (encrypt only)\n"
+msgid " (%d) ECC (encrypt only)\n"
msgstr " (%d) ECDH (?????)\n"
#, c-format
@@ -3525,6 +3591,11 @@ msgstr "????????%u???\n"
msgid "rounded to %u bits\n"
msgstr "%u??????????\n"
+#, fuzzy
+#| msgid "Please select what kind of key you want:\n"
+msgid "Please select which elliptic curve you want:\n"
+msgstr "?????????????????:\n"
+
msgid ""
"Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
@@ -4025,6 +4096,18 @@ msgstr "????????? - \"gpg --import\"????????
msgid "no signature found\n"
msgstr "??????????\n"
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "\"%s\"???*???*??"
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "\"%s\"??????????"
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "\"%s\"????????"
+
msgid "signature verification suppressed\n"
msgstr "????????\n"
@@ -4046,18 +4129,6 @@ msgstr "%s?%s?ID %s???????\n"
msgid "Key available at: "
msgstr "?????????: "
-#, c-format
-msgid "BAD signature from \"%s\""
-msgstr "\"%s\"???*???*??"
-
-#, c-format
-msgid "Expired signature from \"%s\""
-msgstr "\"%s\"??????????"
-
-#, c-format
-msgid "Good signature from \"%s\""
-msgstr "\"%s\"????????"
-
msgid "[uncertain]"
msgstr "[???]"
@@ -4073,8 +4144,9 @@ msgstr "??????? %s\n"
msgid "Signature expires %s\n"
msgstr "?????%s??????????\n"
-#, c-format
-msgid "%s signature, digest algorithm %s\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "%s signature, digest algorithm %s%s%s\n"
msgstr "%s???????????????? %s\n"
msgid "binary"
@@ -4266,24 +4338,60 @@ msgstr "%u???%s?, ID %s?????%s"
msgid " (subkey on main key ID %s)"
msgstr " (??ID %s ???)"
-msgid ""
-"Please enter the passphrase to unlock the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to unlock the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr ""
"OpenPGP??????????????????????????????????:"
-msgid ""
-"Please enter the passphrase to import the secret key for the OpenPGP "
-"certificate:"
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to import the OpenPGP secret key:"
msgstr ""
"OpenPGP?????????????????????????????????:"
-#, c-format
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
+msgstr ""
+"OpenPGP?????????????????????????????????:"
+
+#, fuzzy
+#| msgid ""
+#| "Please enter the passphrase to import the secret key for the OpenPGP "
+#| "certificate:"
+msgid "Please enter the passphrase to export the OpenPGP secret key:"
+msgstr ""
+"OpenPGP?????????????????????????????????:"
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
+msgstr "???????????????? (y/N) "
+
+#, fuzzy
+#| msgid "Do you really want to delete the selected keys? (y/N) "
+msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgstr "???????????????? (y/N) "
+
+#, fuzzy, c-format
+#| msgid ""
+#| "%s\n"
+#| "\"%.*s\"\n"
+#| "%u-bit %s key, ID %s,\n"
+#| "created %s%s.\n"
msgid ""
"%s\n"
"\"%.*s\"\n"
"%u-bit %s key, ID %s,\n"
"created %s%s.\n"
+"%s"
msgstr ""
"%s\n"
"\"%.*s\"\n"
@@ -4699,6 +4807,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n"
msgstr "*??*: ????%s????????????\n"
#, c-format
+msgid "please see %s for more information\n"
+msgstr "???%s???????\n"
+
+#, c-format
msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
msgstr "*??*: ?????????????%s?????\n"
@@ -4728,6 +4840,11 @@ msgstr "*??*: ???%s?%s??????????\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "*??*: ? %s ???????\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s???????????????? %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "??????????????????%s????????????\n"
@@ -4989,53 +5106,6 @@ msgstr "???????? (%d) ?????? - %s??????
msgid "using %s trust model\n"
msgstr "%s????????\n"
-#. TRANSLATORS: these strings are similar to those in
-#. trust_value_to_string(), but are a fixed length. This is needed to
-#. make attractive information listings where columns line up
-#. properly. The value "10" should be the length of the strings you
-#. choose to translate to. This is the length in printable columns.
-#. It gets passed to atoi() so everything after the number is
-#. essentially a comment and need not be translated. Either key and
-#. uid are both NULL, or neither are NULL.
-msgid "10 translator see trustdb.c:uid_trust_string_fixed"
-msgstr "10"
-
-msgid "[ revoked]"
-msgstr "[ ?? ]"
-
-msgid "[ expired]"
-msgstr "[????]"
-
-msgid "[ unknown]"
-msgstr "[ ?? ]"
-
-msgid "[ undef ]"
-msgstr "[ ??? ]"
-
-msgid "[marginal]"
-msgstr "[????]"
-
-msgid "[ full ]"
-msgstr "[ ?? ]"
-
-msgid "[ultimate]"
-msgstr "[ ?? ]"
-
-msgid "undefined"
-msgstr "???"
-
-msgid "never"
-msgstr "???"
-
-msgid "marginal"
-msgstr "????"
-
-msgid "full"
-msgstr "??"
-
-msgid "ultimate"
-msgstr "??"
-
msgid "no need for a trustdb check\n"
msgstr "?????????????????\n"
@@ -5190,6 +5260,11 @@ msgstr "???RSA??(modulus)?????????\n"
msgid "response does not contain the RSA public exponent\n"
msgstr "???RSA?????????????\n"
+#, fuzzy
+#| msgid "response does not contain the RSA public exponent\n"
+msgid "response does not contain the EC public point\n"
+msgstr "???RSA?????????????\n"
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "?????PIN?%s???????\n"
@@ -5365,12 +5440,18 @@ msgstr "????????????????"
msgid "use variable length input for pinpad"
msgstr "??????????????"
-msgid "Usage: scdaemon [options] (-h for help)"
-msgstr "???: scdaemon [?????] (???? -h)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @SCDAEMON@ [options] (-h for help)"
+msgstr "???: dirmngr [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: scdaemon [options] [command [args]]\n"
+#| "Smartcard daemon for GnuPG\n"
msgid ""
"Syntax: scdaemon [options] [command [args]]\n"
-"Smartcard daemon for GnuPG\n"
+"Smartcard daemon for @GNUPG@\n"
msgstr ""
"??: scdaemon [?????] [???? [??]]\n"
"GnuPG?Smartcard????\n"
@@ -5923,11 +6004,18 @@ msgstr "|NAME|?????????NAME???"
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NAME|??????????????NAME???"
-msgid "Usage: gpgsm [options] [files] (-h for help)"
-msgstr "???: gpgsm [?????] [????] (???? -h)"
+#, fuzzy
+#| msgid "Usage: gpg [options] [files] (-h for help)"
+msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
+msgstr "???: gpg [?????] [????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpgsm [options] [files]\n"
+#| "Sign, check, encrypt or decrypt using the S/MIME protocol\n"
+#| "Default operation depends on the input data\n"
msgid ""
-"Syntax: gpgsm [options] [files]\n"
+"Syntax: @GPGSM@ [options] [files]\n"
"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
"Default operation depends on the input data\n"
msgstr ""
@@ -5994,17 +6082,9 @@ msgstr "?????????????: %s\n"
msgid "error reading input: %s\n"
msgstr "?????????: %s\n"
-#, c-format
-msgid "error creating keybox '%s': %s\n"
-msgstr "keybox'%s'??????: %s\n"
-
msgid "you may want to start the gpg-agent first\n"
msgstr "?? gpg-agent ??????????\n"
-#, c-format
-msgid "keybox '%s' created\n"
-msgstr "keybox'%s'????????\n"
-
msgid "failed to get the fingerprint\n"
msgstr "????????????????????\n"
@@ -6333,7 +6413,8 @@ msgid "invalid formatted checksum for '%s'\n"
msgstr "'%s'????????????????\n"
msgid "too many open cache files; can't open anymore\n"
-msgstr "????????????????????????????????????\n"
+msgstr ""
+"????????????????????????????????????\n"
#, c-format
msgid "opening cache file '%s'\n"
@@ -6382,7 +6463,8 @@ msgstr "???ID%s?????????CRL????????\n"
#, c-format
msgid "cached CRL for issuer id %s tampered; we need to update\n"
-msgstr "???ID%s????????????CRL?????????????????\n"
+msgstr ""
+"???ID%s????????????CRL?????????????????\n"
msgid "WARNING: invalid cache record length for S/N "
msgstr "**??**: S/N??????????????????"
@@ -6494,7 +6576,9 @@ msgstr "????????????'%s'?????????: %s\
#, c-format
msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n"
-msgstr "**??**: ???CRL?????????%s????????? - ??????????\n"
+msgstr ""
+"**??**: ???CRL?????????%s????????? - ????????"
+"??\n"
#, c-format
msgid "new CRL still too old; it expired on %s\n"
@@ -6520,7 +6604,8 @@ msgid ""
"updating the DIR file failed - cache entry will get lost with the next "
"program start\n"
msgstr ""
-"DIR?????????? - ???????????????????????????\n"
+"DIR?????????? - ?????????????????????????"
+"??\n"
#, c-format
msgid "Begin CRL dump (retrieved via %s)\n"
@@ -6529,13 +6614,11 @@ msgstr "CRL?????? (%s ????)\n"
msgid ""
" ERROR: The CRL will not be used because it was still too old after an "
"update!\n"
-msgstr ""
-"*???*: CRL???????????????????????!\n"
+msgstr "*???*: CRL???????????????????????!\n"
msgid ""
" ERROR: The CRL will not be used due to an unknown critical extension!\n"
-msgstr ""
-"*???*: CRL??????????????????????!\n"
+msgstr "*???*: CRL??????????????????????!\n"
msgid " ERROR: The CRL will not be used\n"
msgstr "*???*: CRL????????\n"
@@ -6708,9 +6791,6 @@ msgstr "?????dirmngr????????\n"
msgid "no running dirmngr - starting one\n"
msgstr "dirmngr???????? - ?????\n"
-msgid "malformed DIRMNGR_INFO environment variable\n"
-msgstr "DIRMNGR_INFO?????????????\n"
-
#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "dirmngr???????????%d????????????\n"
@@ -6805,6 +6885,9 @@ msgstr "|FPR|FPR??????OCSP?????"
msgid "|N|do not return more than N items in one query"
msgstr "|N|???????N??????????????"
+msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
+msgstr ""
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
@@ -6813,12 +6896,18 @@ msgstr ""
"@\n"
"(?????????????????\"info\" ????????????)\n"
-msgid "Usage: dirmngr [options] (-h for help)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @DIRMNGR@ [options] (-h for help)"
msgstr "???: dirmngr [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: dirmngr [options] [command [args]]\n"
+#| "LDAP and OCSP access for GnuPG\n"
msgid ""
-"Syntax: dirmngr [options] [command [args]]\n"
-"LDAP and OCSP access for GnuPG\n"
+"Syntax: @DIRMNGR@ [options] [command [args]]\n"
+"LDAP and OCSP access for @GNUPG@\n"
msgstr ""
"??: dirmngr [?????] [???? [??]]\n"
"GnuPG?LDAP?OCSP????\n"
@@ -6827,8 +6916,10 @@ msgstr ""
msgid "valid debug levels are: %s\n"
msgstr "???debug????: %s\n"
-msgid "usage: dirmngr [options] "
-msgstr "???: dirmngr [?????] "
+#, fuzzy, c-format
+#| msgid "usage: gpgsm [options] "
+msgid "usage: %s [options] "
+msgstr "???: gpgsm [?????] "
msgid "colons are not allowed in the socket name\n"
msgstr "????????????????\n"
@@ -7300,6 +7391,11 @@ msgstr "16???????????????????"
msgid "decode received data lines"
msgstr "???????????????"
+#, fuzzy
+#| msgid "can't connect to the dirmngr: %s\n"
+msgid "connect to the dirmngr"
+msgstr "dirmngr????????: %s\n"
+
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NAME|Assuan??????NAME?????"
@@ -7318,11 +7414,17 @@ msgstr "|FILE|????FILE???????????"
msgid "run /subst on startup"
msgstr "???? /subst ?????"
-msgid "Usage: gpg-connect-agent [options] (-h for help)"
+#, fuzzy
+#| msgid "Usage: gpg-connect-agent [options] (-h for help)"
+msgid "Usage: @GPG at -connect-agent [options] (-h for help)"
msgstr "???: gpg-connect-agent [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg-connect-agent [options]\n"
+#| "Connect to a running agent and send commands\n"
msgid ""
-"Syntax: gpg-connect-agent [options]\n"
+"Syntax: @GPG at -connect-agent [options]\n"
"Connect to a running agent and send commands\n"
msgstr ""
"??: gpg-connect-agent [?????]\n"
@@ -7470,6 +7572,11 @@ msgstr "????????????"
msgid "PIN and Passphrase Entry"
msgstr "PIN??????????"
+#, fuzzy
+#| msgid "Component not found"
+msgid "Component not suitable for launching"
+msgstr "???????????????"
+
#, c-format
msgid "External verification of component %s failed"
msgstr "???????%s?????????????"
@@ -7495,7 +7602,9 @@ msgstr "|COMPONENT|????????????"
msgid "apply global default values"
msgstr "?????????????????"
-msgid "get the configuration directories for gpgconf"
+#, fuzzy
+#| msgid "get the configuration directories for gpgconf"
+msgid "get the configuration directories for @GPGCONF@"
msgstr "gpgconf??????????????????????????"
msgid "list global configuration file"
@@ -7507,6 +7616,11 @@ msgstr "????????????????????????
msgid "reload all or a given component"
msgstr "???????????????????????????"
+#, fuzzy
+#| msgid "kill a given component"
+msgid "launch a given component"
+msgstr "?????????????kill??"
+
msgid "kill a given component"
msgstr "?????????????kill??"
@@ -7516,19 +7630,22 @@ msgstr "???????????"
msgid "activate changes at runtime, if possible"
msgstr "??????????????????"
-msgid "Usage: gpgconf [options] (-h for help)"
-msgstr "???: gpgconf [?????] (???? -h)"
+#, fuzzy
+#| msgid "Usage: dirmngr [options] (-h for help)"
+msgid "Usage: @GPGCONF@ [options] (-h for help)"
+msgstr "???: dirmngr [?????] (???? -h)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpgconf [options]\n"
+#| "Manage configuration options for tools of the GnuPG system\n"
msgid ""
-"Syntax: gpgconf [options]\n"
-"Manage configuration options for tools of the GnuPG system\n"
+"Syntax: @GPGCONF@ [options]\n"
+"Manage configuration options for tools of the @GNUPG@ system\n"
msgstr ""
"??: gpgconf [?????]\n"
"GnuPG????????????????????????????????\n"
-msgid "usage: gpgconf [options] "
-msgstr "???: gpgconf [?????] "
-
msgid "Need one component argument"
msgstr "????????????????"
@@ -7681,3 +7798,90 @@ msgid ""
msgstr ""
"??: gpg-check-pattern [?????] ????????\n"
"????????????????????????????\n"
+
+#~ msgid "can't create `%s': %s\n"
+#~ msgstr "'%s'????????: %s\n"
+
+#~ msgid "can't open `%s': %s\n"
+#~ msgstr "'%s'??????: %s\n"
+
+#~ msgid "enable ssh-agent emulation"
+#~ msgstr "ssh-agent??????????????"
+
+#~ msgid "Usage: gpg-agent [options] (-h for help)"
+#~ msgstr "???: gpg-agent [?????] (???? -h)"
+
+#~ msgid "malformed GPG_AGENT_INFO environment variable\n"
+#~ msgstr "GPG_AGENT_INFO???????????\n"
+
+#~ msgid "error creating socket: %s\n"
+#~ msgstr "?????????: %s\n"
+
+#~ msgid "host not found"
+#~ msgstr "???????????"
+
+#~ msgid "error loading '%s': %s\n"
+#~ msgstr "'%s'???????: %s\n"
+
+#~ msgid "deleting secret key not implemented\n"
+#~ msgstr "????????????????\n"
+
+#~ msgid "too many entries in pk cache - disabled\n"
+#~ msgstr "pk????????????????? - ????\n"
+
+#~ msgid " (%d) ECDSA and ECDH\n"
+#~ msgstr " (%d) ECDSA ? ECDH\n"
+
+#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+#~ msgstr "10"
+
+#~ msgid "[ revoked]"
+#~ msgstr "[ ?? ]"
+
+#~ msgid "[ expired]"
+#~ msgstr "[????]"
+
+#~ msgid "[ unknown]"
+#~ msgstr "[ ?? ]"
+
+#~ msgid "[ undef ]"
+#~ msgstr "[ ??? ]"
+
+#~ msgid "[marginal]"
+#~ msgstr "[????]"
+
+#~ msgid "[ full ]"
+#~ msgstr "[ ?? ]"
+
+#~ msgid "[ultimate]"
+#~ msgstr "[ ?? ]"
+
+#~ msgid "undefined"
+#~ msgstr "???"
+
+#~ msgid "never"
+#~ msgstr "???"
+
+#~ msgid "marginal"
+#~ msgstr "????"
+
+#~ msgid "full"
+#~ msgstr "??"
+
+#~ msgid "ultimate"
+#~ msgstr "??"
+
+#~ msgid "Usage: scdaemon [options] (-h for help)"
+#~ msgstr "???: scdaemon [?????] (???? -h)"
+
+#~ msgid "Usage: gpgsm [options] [files] (-h for help)"
+#~ msgstr "???: gpgsm [?????] [????] (???? -h)"
+
+#~ msgid "usage: dirmngr [options] "
+#~ msgstr "???: dirmngr [?????] "
+
+#~ msgid "Usage: gpgconf [options] (-h for help)"
+#~ msgstr "???: gpgconf [?????] (???? -h)"
+
+#~ msgid "usage: gpgconf [options] "
+#~ msgstr "???: gpgconf [?????] "
commit 533ff0ab56dd6dfcab4bb2ef5c7755b62d158007
Author: Werner Koch
Date: Thu Jun 5 16:20:44 2014 +0200
Update README file.
--
The copyright list in AUTHORS as been compiled from a distribution
tarball.
diff --git a/AUTHORS b/AUTHORS
index c9a0bc0..f64d17f 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,10 +1,35 @@
Program: GnuPG
-Homepage: http://www.gnupg.org
+Homepage: https://www.gnupg.org
Maintainer: Werner Koch
Bug reports: http://bugs.gnupg.org
Security related bug reports:
License: GPLv3+
+GnuPG is free software. See the files COPYING for copying conditions.
+License copyright years may be listed using range notation, e.g.,
+2000-2013, indicating that every year in the range, inclusive, is a
+copyrightable year that would otherwise be listed individually.
+
+List of Copyright holders
+=========================
+
+ Copyright (C) 1997-1998, 2013-2014 Werner Koch
+ Copyright (C) 1994-2013 Free Software Foundation, Inc.
+ Copyright (C) 2003-2013 g10 Code GmbH
+ Copyright (C) 2002 Klar?lvdalens Datakonsult AB
+ Copyright (C) 1995-1997, 2000-2007 Ulrich Drepper
+ Copyright (C) 1994 X Consortium
+ Copyright (C) 1998 by The Internet Society.
+ Copyright (C) 1998-2004 The OpenLDAP Foundation
+ Copyright (C) 1998-2004 Kurt D. Zeilenga.
+ Copyright (C) 1998-2004 Net Boolean Incorporated.
+ Copyright (C) 2001-2004 IBM Corporation.
+ Copyright (C) 1999-2003 Howard Y.H. Chu.
+ Copyright (C) 1999-2003 Symas Corporation.
+ Copyright (C) 1998-2003 Hallvard B. Furuseth.
+ Copyright (C) 1992-1996 Regents of the University of Michigan.
+
+
Authors with a FSF copyright assignment
=======================================
@@ -181,28 +206,15 @@ or later.
Note that some files are under a combination of the GNU Lesser General
Public License, version 3 and the GNU General Public License, version
2. A few other files carry the all permissive license note as found
-at the bottom of this file. Certain files in keyserver/ allow one
-specific exception:
-
- In addition, as a special exception, the Free Software Foundation
- gives permission to link the code of the keyserver helper tools:
- gpgkeys_ldap, gpgkeys_curl and gpgkeys_hkp with the OpenSSL
- project's "OpenSSL" library (or with modified versions of it that
- use the same license as the "OpenSSL" library), and distribute the
- linked executables. You must obey the GNU General Public License
- in all respects for all of the code used other than "OpenSSL". If
- you modify this file, you may extend this exception to your version
- of the file, but you are not obligated to do so. If you do not
- wish to do so, delete this exception statement from your version.
-
-Note that the gpgkeys_* binaries are currently installed under the
-name gpg2keys_*.
+at the bottom of this file.
+
=========
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/NEWS b/NEWS
index 38c5391..a5a0d53 100644
--- a/NEWS
+++ b/NEWS
@@ -1,51 +1,84 @@
Noteworthy changes in version 2.1.0-betaN (unreleased)
-----------------------------------------------------
- * GPG now accepts a space separated fingerprint as a user ID. This
+ * gpg: Add experimental signature support using curve Ed25519 and
+ with a patched Libgcrypt also encryption support with Curve25519.
+
+ * gpg: Allow use of Brainpool curves.
+
+ * gpg: Accepts a space separated fingerprint as user ID. This
allows to copy and paste the fingerprint from the key listing.
- * The GNU Pth library has been replaced by the new nPth library.
+ * gpg: The hash algorithm is now printed for signature records in key
+ listings.
- * By default the users are now asked via the Pinentry whether they
- trust an X.509 root key. To prohibit interactive marking of such
- keys, the new option --no-allow-mark-trusted may be used.
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+ new option --allow-weak-digest-algos or --pgp2 are given.
- * The included ssh agent does now support ECDSA keys.
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+ communication with the gpg-agent.
- * The new option --enable-putty-support allows gpg-agent on Windows
- to act as a Pageant replacement with full smartcard support.
+ * gpg: Changed the format of key listings. To revert to the old
+ format the option --legacy-list-mode is available.
- * Removed support for the original HKP keyserver which is not anymore
- used by any site.
+ * gpg: New option --pinentry-mode.
- * The hash algorithm is now printed for sig records in key listings.
+ * gpg: Fixed decryption using an OpenPGP card.
- * New option --pinentry-mode for GPG.
+ * gpg: Fixed bug with deeply nested compressed packets.
- * New option --enable-pinpad-varlen for scdaemon.
+ * gpg: Only the major version number is by default included in the
+ armored output.
- * New option --with-secret for GPG and GPGSM.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
- * Rename option --disable-pinpad for scdaemon (was: --disable-keypad).
+ * gpg: Protect against rogue keyservers sending secret keys.
- * Better support fo CCID readers. Now, internal CCID driver supports
- readers with no auto configuration feature.
+ * gpg: The format of the fallback key listing ("gpg KEYFILE") is now
+ more aligned to the regular key listing ("gpg -k").
- * Support installation as portable application under Windows.
+ * gpg: The option--show-session-key prints its output now before the
+ decryption of the bulk message starts.
+
+ * gpg: New %U expando for the photo viewer.
+
+ * gpg,gpgsm: New option --with-secret.
+
+ * gpgsm: By default the users are now asked via the Pinentry whether
+ they trust an X.509 root key. To prohibit interactive marking of
+ such keys, the new option --no-allow-mark-trusted may be used.
+
+ * gpgsm: New commands to export a secret RSA key in PKCS#1 or PKCS#8
+ format.
+
+ * gpgsm: Improved handling of re-issued CA certificates.
- * Fixed GPG to decrypt using an OpenPGP card.
+ * agent: The included ssh agent does now support ECDSA keys.
- * Fixed bug with deeply nested compressed packets.
+ * agent: New option --enable-putty-support to allow gpg-agent on
+ Windows to act as a Pageant replacement with full smartcard support.
- * Only the major version number is by default included in the armored
- output.
+ * scdaemon: New option --enable-pinpad-varlen.
- * Do not create a trustdb file if --trust-model=always is used.
+ * scdaemon: Various fixes for pinpad equipped card readers.
- * Protect against rogue keyservers sending secret keys.
+ * scdaemon: Rename option --disable-pinpad (was --disable-keypad).
+
+ * scdaemon: Better support fo CCID readers. Now, internal CCID
+ driver supports readers with no auto configuration feature.
+
+ * dirmngr: Removed support for the original HKP keyserver which is
+ not anymore used by any site.
+
+ * dirmngr: Improved support for keyserver pools.
+
+ * tools: New option --dirmngr for gpg-connect-agent.
+
+ * The GNU Pth library has been replaced by the new nPth library.
+
+ * Support installation as portable application under Windows.
- * GPGSM can now be used to export a secret RSA key in PKCS#1 or
- PKCS#8 format.
+ * All kind of other improvements - see the git log.
Noteworthy changes in version 2.1.0beta3 (2011-12-20)
@@ -53,7 +86,7 @@ Noteworthy changes in version 2.1.0beta3 (2011-12-20)
* Fixed regression in GPG's secret key export function.
- * Allow generation of card keys up to 4096 bit.
+ * Allowj generation of card keys up to 4096 bit.
* Support the SSH confirm flag.
diff --git a/README b/README
index fd20d40..d5cd727 100644
--- a/README
+++ b/README
@@ -4,17 +4,16 @@
THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE.
- Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
- 2006, 2007, 2008, 2009, 2010, 2011, 2012,
- 2013 Free Software Foundation, Inc.
+ Copyright 1997-1998, 2013-2014 Werner Koch
+ Copyright 1998-2013 Free Software Foundation, Inc.
INTRODUCTION
============
-GnuPG is GNU's tool for secure communication and data storage. It can
-be used to encrypt data and to create digital signatures. It includes
-an advanced key management facility and is compliant with the proposed
+GnuPG is a tool for secure communication and data storage. It can be
+used to encrypt data and to create digital signatures. It includes an
+advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC4880 and the S/MIME
standard as described by several RFCs.
@@ -23,9 +22,9 @@ License. See the file COPYING for details. GnuPG works best on
GNU/Linux or *BSD systems. Most other Unices are also supported but
are not as well tested as the Free Unices.
-GnuPG 2.0 is the stable version of GnuPG integrating support for
-OpenPGP and S/MIME. It does not conflict with an installed 1.4
-OpenPGP-only version.
+GnuPG-2 is the stable version of GnuPG integrating support for OpenPGP
+and S/MIME. It does not conflict with an installed 1.4 OpenPGP-only
+version.
BUILD INSTRUCTIONS
@@ -42,6 +41,10 @@ GnuPG 2.1 depends on the following packages:
You should get the latest versions of course, the GnuPG configure
script complains if a version is not sufficient.
+For some advanced features several other libraries are required. The
+configure script prints diagnostic messages if one of these libraries
+is not available and a feature will not be available..
+
You also need the Pinentry package for most functions of GnuPG;
however it is not a build requirement. Pinentry is available at
ftp://ftp.gnupg.org/gcrypt/pinentry/ .
@@ -60,12 +63,12 @@ As with all packages, you just have to do
(Before doing install you might need to become root.)
If everything succeeds, you have a working GnuPG with support for
-S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so
-that this package won't conflict with a GnuPG 1.4 installation. gpg2
-behaves just like gpg.
+OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no
+binary gpg but a gpg2 so that this package won't conflict with a GnuPG
+1.4 installation. gpg2 behaves just like gpg.
-In case of problem please ask on gnupg-users at gnupg.org mailing list
-for advise.
+In case of problem please ask on the gnupg-users at gnupg.org mailing
+list for advise.
Note that the PKITS tests are always skipped unless you copy the PKITS
test data file into the tests/pkits directory. There is no need to
@@ -138,10 +141,11 @@ dependency on other modules at run and build time.
HOW TO GET MORE INFORMATION
===========================
-The primary WWW page is "http://www.gnupg.org"
+The primary WWW page is "https://www.gnupg.org"
+ or using TOR "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
-See http://www.gnupg.org/download/mirrors.html for a list of mirrors
+See https://www.gnupg.org/download/mirrors.html for a list of mirrors
and use them if possible. You may also find GnuPG mirrored on some of
the regular GNU mirrors.
@@ -178,13 +182,11 @@ The English and German mailing lists are watched by the authors and we
try to answer questions when time allows us to do so.
Commercial grade support for GnuPG is available; for a listing of
-offers see http://www.gnupg.org/service.html . The driving force
-behind the development of GnuPG is the company of its principal
-author, Werner Koch. Maintenance and improvement of GnuPG and related
-software takes up most of their resources. To allow him to continue
-his work he asks to either purchase a support contract, engage them
-for custom enhancements, or to donate money. See http://g10code.com .
-
+offers see https://www.gnupg.org/service.html . Maintaining and
+improving GnuPG is costly. Since 2001, g10 Code GmbH, a German
+company owned and headed by GnuPG's principal author Werner Koch, is
+bearing the majority of these costs. To help them carry on this work,
+they need your support. See https://gnupg.org/donate/ .
This file is Free Software; as a special exception the authors gives
unlimited permission to copy and/or distribute it, with or without
commit 23712e69d3f97df9d789325f1a2f2f61e7d5bbb4
Author: Werner Koch
Date: Thu Jun 5 13:44:40 2014 +0200
Remove keyserver helper code.
* configure.ac: Remove keyserver helper related stuff.
* Makefile.am (SUBDIRS): Remove keyserver.
* keyserver/Makefile.am: Remove.
--
The dirmngr is used instead of the keyserver helpers. Thus there is
more need to distribute the old code. We keep it in the repo for
references, though.
diff --git a/Makefile.am b/Makefile.am
index 3b79226..2d07ad2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -40,12 +40,8 @@ endif
if BUILD_GPG
gpg = g10
-if !HAVE_W32CE_SYSTEM
-keyserver =
-endif
else
gpg =
-keyserver =
endif
if BUILD_GPGSM
sm = sm
@@ -90,7 +86,7 @@ tests =
endif
SUBDIRS = m4 gl common ${kbx} \
- ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \
+ ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \
${tools} po ${doc} ${tests}
dist_doc_DATA = README
diff --git a/configure.ac b/configure.ac
index ae42f7e..2c613a7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -90,7 +90,6 @@ use_zip=yes
use_bzip2=yes
use_exec=yes
use_trust_models=yes
-disable_keyserver_path=no
card_support=yes
use_ccid_driver=yes
use_standard_socket=yes
@@ -313,61 +312,6 @@ if test "$use_exec" = yes ; then
fi],withval=no)
AC_MSG_RESULT($withval)
fi
-
- AC_MSG_CHECKING([whether to enable external keyserver helpers])
- AC_ARG_ENABLE(keyserver-helpers,
- [ --disable-keyserver-helpers disable all external keyserver support],
- [if test "$enableval" = no ; then
- AC_DEFINE(DISABLE_KEYSERVER_HELPERS,1,
- [define to disable keyserver helpers])
- fi],enableval=yes)
- gnupg_cv_enable_keyserver_helpers=$enableval
- AC_MSG_RESULT($enableval)
-
- if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
- # LDAP is defined only after we confirm the library is available later
- AC_MSG_CHECKING([whether LDAP keyserver support is requested])
- AC_ARG_ENABLE(ldap,
- AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
- try_ks_ldap=$enableval, try_ks_ldap=yes)
- AC_MSG_RESULT($try_ks_ldap)
-
- AC_MSG_CHECKING([whether HKP keyserver support is requested])
- AC_ARG_ENABLE(hkp,
- AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
- try_hkp=$enableval, try_hkp=yes)
- AC_MSG_RESULT($try_hkp)
-
- AC_MSG_CHECKING([whether finger key fetching support is requested])
- AC_ARG_ENABLE(finger,
- AC_HELP_STRING([--disable-finger],
- [disable finger key fetching interface only]),
- try_finger=$enableval, try_finger=yes)
- AC_MSG_RESULT($try_finger)
-
- AC_MSG_CHECKING([whether generic object key fetching support is requested])
- AC_ARG_ENABLE(generic,
- AC_HELP_STRING([--disable-generic],
- [disable generic object key fetching interface only]),
- try_generic=$enableval, try_generic=yes)
- AC_MSG_RESULT($try_generic)
-
- AC_MSG_CHECKING([whether email keyserver support is requested])
- AC_ARG_ENABLE(mailto,
- AC_HELP_STRING([--enable-mailto],
- [enable email keyserver interface only]),
- try_mailto=$enableval, try_mailto=no)
- AC_MSG_RESULT($try_mailto)
- fi
-
- AC_MSG_CHECKING([whether keyserver exec-path is enabled])
- AC_ARG_ENABLE(keyserver-path,
- AC_HELP_STRING([--disable-keyserver-path],
- [disable the exec-path option for keyserver helpers]),
- [if test "$enableval" = no ; then
- disable_keyserver_path=yes
- fi],enableval=yes)
- AC_MSG_RESULT($enableval)
fi
@@ -655,7 +599,6 @@ case "${host}" in
[Because the Unix gettext has too much overhead on
MingW32 systems and these systems lack Posix functions,
we use a simplified version of gettext])
- disable_keyserver_path=yes
have_dosish_system=yes
have_w32_system=yes
run_tests=no
@@ -758,10 +701,6 @@ if test "$use_ldapwrapper" = yes; then
fi
AM_CONDITIONAL(USE_LDAPWRAPPER, test "$use_ldapwrapper" = yes)
-if test "$disable_keyserver_path" = yes; then
- AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
- [Defined to disable exec-path for keyserver helpers])
-fi
#
# Allows enabling the use of a standard socket by default This is
@@ -1878,9 +1817,6 @@ tests/Makefile
tests/openpgp/Makefile
tests/pkits/Makefile
])
-#keyserver/Makefile
-#keyserver/gpg2keys_mailto
-#keyserver/gpg2keys_test
AC_OUTPUT
diff --git a/keyserver/Makefile.am b/keyserver/Makefile.am
deleted file mode 100644
index 884b8eb..0000000
--- a/keyserver/Makefile.am
+++ /dev/null
@@ -1,86 +0,0 @@
-# Makefile.am - Makefile for keyservers
-# Copyright (C) 2001, 2002, 2004, 2005, 2006,
-# 2009 Free Software Foundation, Inc.
-#
-# This file is part of GnuPG.
-#
-# GnuPG is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# GnuPG is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, see .
-## Process this file with automake to produce Makefile.in
-
-# Note that we have renamed the resulting binaries to from gpgkeys_foo
-# to gpg2keys_foo to allow for a non-conflicting installation of
-# gnupg1 and gnupg2. Having the same names for the helpers would
-# otherwise lead to trouble when to uninstall one of them.
-EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl \
- gpg2keys_kdns
-EXTRA_SCRIPTS = gpg2keys_mailto
-
-EXTRA_DIST = ChangeLog-2011
-
-AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
-
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
-
-include $(top_srcdir)/am/cmacros.am
-
-libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
- $(GPGKEYS_CURL) $(GPGKEYS_KDNS)
-libexec_SCRIPTS = $(GPGKEYS_MAILTO)
-noinst_SCRIPTS = gpg2keys_test
-
-common_libs = ../gl/libgnu.a ../common/libcommon.a
-other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
-
-gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h no-libgcrypt.c
-gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
-gpg2keys_ldap_LDADD = $(common_libs) $(LDAPLIBS) $(GPG_ERROR_LIBS) \
- $(NETLIBS) $(other_libs)
-
-gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h no-libgcrypt.c
-gpg2keys_finger_CPPFLAGS = $(AM_CPPFLAGS)
-gpg2keys_finger_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
- $(NETLIBS) $(other_libs)
-
-gpg2keys_kdns_SOURCES = gpgkeys_kdns.c ksutil.c ksutil.h no-libgcrypt.c
-gpg2keys_kdns_CPPFLAGS = $(AM_CPPFLAGS)
-gpg2keys_kdns_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \
- $(ADNSLIBS) $(NETLIBS) $(other_libs)
-
-
-gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h no-libgcrypt.c
-gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h no-libgcrypt.c
-if FAKE_CURL
-gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
-gpg2keys_curl_CPPFLAGS = $(AM_CPPFLAGS)
-gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
- $(other_libs)
-gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
-gpg2keys_hkp_CPPFLAGS = $(AM_CPPFLAGS)
-gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
- $(other_libs)
-else
-# Note that we need to include all other libs here as well because
-# some compilers don't care about inline functions and insert
-# references to symbols used in unused inline functions.
-gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
-gpg2keys_curl_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
- $(other_libs) $(LIBCURL) $(GETOPT)
-gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
-gpg2keys_hkp_LDADD = $(common_libs) $(GPG_ERROR_LIBS) $(NETLIBS) $(DNSLIBS) \
- $(other_libs) $(LIBCURL) $(GETOPT)
-endif
-
-# Make sure that all libs are build before we use them. This is
-# important for things like make -j2.
-$(PROGRAMS): $(common_libs)
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 46 +++--
Makefile.am | 6 +-
NEWS | 95 ++++++---
README | 48 ++---
configure.ac | 64 ------
keyserver/Makefile.am | 86 --------
po/de.po | 339 +++++++++++++++++++++----------
po/fr.po | 493 +++++++++++++++++++++++++++++++--------------
po/ja.po | 532 ++++++++++++++++++++++++++++++++++---------------
9 files changed, 1056 insertions(+), 653 deletions(-)
delete mode 100644 keyserver/Makefile.am
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 6 17:15:51 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 06 Jun 2014 17:15:51 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-2-gb67e4e5
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b67e4e523e6d19d384e23c5bb03010caebd150e7 (commit)
from 518d835380a2ae01d6a9cc19de92684baade96a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b67e4e523e6d19d384e23c5bb03010caebd150e7
Author: Werner Koch
Date: Fri Jun 6 16:29:41 2014 +0200
Improve the beta number generation.
* autogen.sh: Add option --find-version
* configure.ac: Rework the setting of the mym4_ variables.
--
The old system was not too well defined if no release for a series has
yet been done. We now introduce a "PACKAGE-N.M-base" tag to solve
this problem. To keep the M4 code readable the GIT parsing has been
moved to ./autogen.sh.
diff --git a/autogen.rc b/autogen.rc
index 0f3d9d8..4860c38 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -1,5 +1,7 @@
# autogen.sh configuration for GnuPG -*- sh -*-
+#version_parts=3
+
case "$myhost:$myhostsub" in
w32:ce)
extraoptions="--enable-dirmngr-auto-start --disable-scdaemon "
diff --git a/autogen.sh b/autogen.sh
index 471193c..2b0a5dc 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -15,7 +15,7 @@
# configure it for the respective package. It is maintained as part of
# GnuPG and source copied by other packages.
#
-# Version: 2014-01-10
+# Version: 2014-06-06
configure_ac="configure.ac"
@@ -41,7 +41,7 @@ fatal () {
info () {
if [ -z "${SILENT}" ]; then
- echo "autogen.sh:" "$*"
+ echo "autogen.sh:" "$*" >&2
fi
}
@@ -72,6 +72,7 @@ FORCE=
SILENT=
tmp=$(dirname "$0")
tsdir=$(cd "${tmp}"; pwd)
+version_parts=3
if [ -n "${AUTOGEN_SH_SILENT}" ]; then
SILENT=" --silent"
@@ -133,6 +134,11 @@ amd64_toolprefixes=
myhost=""
myhostsub=""
case "$1" in
+ --find-version)
+ myhost="find-version"
+ SILENT=" --silent"
+ shift
+ ;;
--build-w32)
myhost="w32"
shift
@@ -172,6 +178,57 @@ if [ -f "$HOME/.gnupg-autogen.rc" ]; then
. "$HOME/.gnupg-autogen.rc"
fi
+
+# **** FIND VERSION ****
+# This is a helper for the configure.ac M4 magic
+# Called
+# ./autogen.sh --find-version PACKAGE MAJOR MINOR [MICRO]
+# returns a complete version string with automatic beta numbering.
+if [ "$myhost" = "find-version" ]; then
+ package="$1"
+ major="$2"
+ minor="$3"
+ micro="$4"
+
+ case "$version_parts" in
+ 2)
+ matchstr1="$package-$major.*[0-9]"
+ matchstr2="$package-$major-base"
+ vers="$major.$minor"
+ ;;
+ *)
+ matchstr1="$package-$major.$minor.*[0-9]"
+ matchstr2="$package-$major.$minor-base"
+ vers="$major.$minor.$micro"
+ ;;
+ esac
+
+ beta=no
+ if [ -d .git ]; then
+ ingit=yes
+ tmp=$(git describe --match "${matchstr1}" --long 2>/dev/null \
+ | awk -F- '$3!=0 && $3 !~ /^beta/ {print"-beta"$3}' )
+ if [ -z "$tmp" ]; then
+ tmp=$(git describe --match "${matchstr2}" --long 2>/dev/null \
+ | awk -F- '$4!=0{print"-beta"$4}')
+ fi
+ [ -n "$tmp" ] && beta=yes
+ rev=$(git rev-parse --short HEAD | tr -d '\n\r')
+ rvd=$((0x$(echo ${rev} | head -c 4)))
+ else
+ ingit=no
+ beta=yes
+ tmp="-unknown"
+ rev="0000000"
+ rvd="0"
+ fi
+
+ echo "$package-$vers$tmp:$beta:$ingit:$vers$tmp:$vers:$tmp:$rev:$rvd:"
+ exit 0
+fi
+# **** end FIND VERSION ****
+
+
# ******************
# W32 build script
# ******************
diff --git a/configure.ac b/configure.ac
index 2c613a7..309b2bc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,23 +26,29 @@ min_automake_version="1.10"
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.1.0])
+m4_define([mym4_package],[gnupg])
+m4_define([mym4_major], [2])
+m4_define([mym4_minor], [1])
+m4_define([mym4_micro], [0])
+
+# To start a new development series, i.e a new major or minor number
+# you need to mark an arbitrary commit before the first beta release
+# with an annotated tag. For example the 2.1 branch starts off with
+# the tag "gnupg-2.1-base". This is used as the base for counting
+# beta numbers before the first release of a series.
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
-# flag indicating a development version (mym4_isgit). Note that the
+# flag indicating a development version (mym4_isbeta). Note that the
# m4 processing is done by autoconf and not during the configure run.
-m4_define([mym4_revision],
- m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
-m4_define([mym4_revision_dec],
- m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))]))
-m4_define([mym4_betastring],
- m4_esyscmd_s([git describe --match 'gnupg-2.[0-9].*[0-9]' --long|\
- awk -F- '$3!=0{print"-beta"$3}']))
-m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
-m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
-
-AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org])
+m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
+ mym4_package mym4_major mym4_minor mym4_micro),[:]))
+m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
+m4_define([mym4_version], m4_argn(4, mym4_verslist))
+m4_define([mym4_revision], m4_argn(7, mym4_verslist))
+m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
+
+AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org])
NEED_GPG_ERROR_VERSION=1.13
@@ -61,7 +67,7 @@ NEED_NPTH_VERSION=0.91
NEED_GNUTLS_VERSION=3.0
-development_version=mym4_isgit
+development_version=mym4_isbeta
PACKAGE=$PACKAGE_NAME
PACKAGE_GT=${PACKAGE_NAME}2
VERSION=$PACKAGE_VERSION
-----------------------------------------------------------------------
Summary of changes:
autogen.rc | 2 ++
autogen.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
configure.ac | 34 ++++++++++++++++++--------------
3 files changed, 81 insertions(+), 16 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 10 14:46:18 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 10 Jun 2014 14:46:18 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.13-2-g3fada68
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4 (commit)
from 2f4e8c33b88d3492ed29903b0684428cc9d4281e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4
Author: Werner Koch
Date: Tue Jun 10 14:47:33 2014 +0200
New error code GPG_ERR_KEY_DISABLED.
diff --git a/NEWS b/NEWS
index 20e50dc..fbd5dff 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ Noteworthy changes in version 1.14 (unreleased)
* Interface changes relative to the 1.13 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ GPG_ERR_KEY_DISABLED NEW.
Noteworthy changes in version 1.13 (2014-04-15)
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 1feb930..8c32971 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -528,6 +528,11 @@ GPG_ERR_MAC_ALGO
199 GPG_ERR_UNFINISHED Operation not yet finished
200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short
+
+GPG_ERR_KEY_DISABLED Key disabled
+
+ GNUPG: - The key has been disabled by the user.
+
GPG_ERR_KEY_ON_CARD Not possible with a card based key
GNUPG: - The gpg-agent returns this if a DELETE_KEY commands is
diff --git a/src/err-codes.h.in b/src/err-codes.h.in
index ee2db2e..3459a56 100644
--- a/src/err-codes.h.in
+++ b/src/err-codes.h.in
@@ -247,8 +247,9 @@
212 GPG_ERR_SEXP_ODD_HEX_NUMBERS Odd hexadecimal numbers in S-expression
213 GPG_ERR_SEXP_BAD_OCT_CHAR Bad octal character in S-expression
-# 214 to 252 are free to be used.
+# 214 to 251 are free to be used.
+252 GPG_ERR_KEY_DISABLED Key disabled
253 GPG_ERR_KEY_ON_CARD Not possible with a card based key
254 GPG_ERR_INV_LOCK_OBJ Invalid lock object
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
doc/errorref.txt | 5 +++++
src/err-codes.h.in | 3 ++-
3 files changed, 8 insertions(+), 1 deletion(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 10 14:49:38 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 10 Jun 2014 14:49:38 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-3-g86260b4
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 86260b47c9e306e325103d1af767842357647e60 (commit)
from 4dc9af24156b4fd52c7b76e7522b9b7a64e5386a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 86260b47c9e306e325103d1af767842357647e60
Author: Werner Koch
Date: Tue Jun 10 14:52:06 2014 +0200
Add new reason codes to the INV_RECP status code.
* src/op-support.c (_gpgme_parse_inv_recp): Add codes 13 and 14.
diff --git a/src/op-support.c b/src/op-support.c
index edd317d..2bcb3a3 100644
--- a/src/op-support.c
+++ b/src/op-support.c
@@ -266,6 +266,14 @@ _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key)
case 12:
inv_key->reason = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
break;
+
+ case 13:
+ inv_key->reason = gpg_error (252); /*GPG_ERR_KEY_DISABLED*/
+ break;
+
+ case 14:
+ inv_key->reason = gpg_error (GPG_ERR_INV_USER_ID);
+ break;
}
while (*tail && *tail == ' ')
-----------------------------------------------------------------------
Summary of changes:
src/op-support.c | 8 ++++++++
1 file changed, 8 insertions(+)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 10 14:54:46 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 10 Jun 2014 14:54:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-3-g45ed901
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 45ed901c466bd72118c2844069f566e190d847d6 (commit)
from b67e4e523e6d19d384e23c5bb03010caebd150e7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 45ed901c466bd72118c2844069f566e190d847d6
Author: Werner Koch
Date: Tue Jun 10 14:54:55 2014 +0200
gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (find_and_check_key, build_pk_list): Use more specific
reasons codes for INV_RECP.
--
GnuPG-bug-id: 1650
diff --git a/doc/DETAILS b/doc/DETAILS
index 17c417e..311dfe3 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -583,6 +583,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
- 10 :: Key not trusted
- 11 :: Missing certificate
- 12 :: Missing issuer certificate
+ - 13 :: Key disabled
+ - 14 :: Syntax error in specification
Note that for historical reasons the INV_RECP status is also used
for gpgsm's SIGNER command where it relates to signer's of course.
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 49cd309..e783ae4 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -802,9 +802,18 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
rc = get_pubkey_byname (ctrl, NULL, pk, name, NULL, NULL, 0, 0);
if (rc)
{
+ int code;
+
/* Key not found or other error. */
log_error (_("%s: skipped: %s\n"), name, g10_errstr(rc) );
- send_status_inv_recp (0, name);
+ switch (gpg_err_code (rc))
+ {
+ case GPG_ERR_NO_SECKEY:
+ case GPG_ERR_NO_PUBKEY: code = 1; break;
+ case GPG_ERR_INV_USER_ID: code = 14; break;
+ default: code = 0; break;
+ }
+ send_status_inv_recp (code, name);
free_public_key (pk);
return rc;
}
@@ -813,7 +822,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if (rc)
{
/* Key found but not usable for us (e.g. sign-only key). */
- send_status_inv_recp (0, name);
+ send_status_inv_recp (3, name); /* Wrong key usage */
log_error (_("%s: skipped: %s\n"), name, g10_errstr(rc) );
free_public_key (pk);
return rc;
@@ -824,7 +833,7 @@ find_and_check_key (ctrl_t ctrl, const char *name, unsigned int use,
if ( (trustlevel & TRUST_FLAG_DISABLED) )
{
/* Key has been disabled. */
- send_status_inv_recp (0, name);
+ send_status_inv_recp (13, name);
log_info (_("%s: skipped: public key is disabled\n"), name);
free_public_key (pk);
return G10ERR_UNU_PUBKEY;
@@ -936,7 +945,7 @@ build_pk_list (ctrl_t ctrl,
pk->req_usage = use;
/* We explicitly allow encrypt-to to an disabled key; thus
- we pass 1for the second last argument and 1 as the last
+ we pass 1 for the second last argument and 1 as the last
argument to disable AKL. */
if ( (rc = get_pubkey_byname (ctrl,
NULL, pk, rov->d, NULL, NULL, 1, 1)) )
@@ -981,11 +990,10 @@ build_pk_list (ctrl_t ctrl,
}
else
{
- /* The public key is not usable for encryption or not
- available. */
+ /* The public key is not usable for encryption. */
free_public_key( pk ); pk = NULL;
log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
- send_status_inv_recp (0, rov->d);
+ send_status_inv_recp (3, rov->d); /* Wrong key usage */
goto fail;
}
}
-----------------------------------------------------------------------
Summary of changes:
doc/DETAILS | 2 ++
g10/pkclist.c | 22 +++++++++++++++-------
2 files changed, 17 insertions(+), 7 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 10 15:08:55 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 10 Jun 2014 15:08:55 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-4-g141d69c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 141d69cb2a94a752244e89f49611923a2f184dfd (commit)
from 45ed901c466bd72118c2844069f566e190d847d6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 141d69cb2a94a752244e89f49611923a2f184dfd
Author: Werner Koch
Date: Tue Jun 10 15:11:32 2014 +0200
w32: Fix build problem with dirmngr.
* dirmngr/ks-engine-hkp.c (EAI_SYSTEM) [W32]: Add replacement
constant.
diff --git a/common/argparse.c b/common/argparse.c
index f4180cf..c713bf6 100644
--- a/common/argparse.c
+++ b/common/argparse.c
@@ -1336,7 +1336,7 @@ strusage( int level )
break;
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
- case 14: p = "Copyright (C) 2012 Free Software Foundation, Inc."; break;
+ case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break;
case 15: p =
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n";
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 0f0baab..762ab4a 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -40,10 +40,17 @@
#include "userids.h"
#include "ks-engine.h"
-/* Substitute a missing Mingw macro. */
+/* Substitutes for missing Mingw macro. The EAI_SYSTEM mechanism
+ seems not to be available (probably because there is only one set
+ of error codes anyway). For now we use WSAEINVAL. */
#ifndef EAI_OVERFLOW
# define EAI_OVERFLOW EAI_FAIL
#endif
+#ifdef HAVE_W32_SYSTEM
+# ifndef EAI_SYSTEM
+# define EAI_SYSTEM WSAEINVAL
+# endif
+#endif
/* Number of seconds after a host is marked as resurrected. */
-----------------------------------------------------------------------
Summary of changes:
common/argparse.c | 2 +-
dirmngr/ks-engine-hkp.c | 9 ++++++++-
2 files changed, 9 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 11 15:43:31 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 11 Jun 2014 15:43:31 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-7-g6eeb31a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 6eeb31abee82cb2016bf054cd302af64f6dfdc2e (commit)
from e06d5d1a3b4a5c446a27d64cd2da0e48ccec5601 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6eeb31abee82cb2016bf054cd302af64f6dfdc2e
Author: Werner Koch
Date: Wed Jun 11 15:45:29 2014 +0200
speedo: Improve building of the w32 installer.
* build-aux/speedo.mk: Change name of build directory to PLAY.
Improve the dist-source target.
* build-aux/speedo/w32/gdk-pixbuf-loaders.cache: Add a blank
line (plus comment).
* build-aux/speedo/w32/inst.nsi: Change name of file to gnupg-w32-*.
Install more tools.
--
gdk-pixbuf-loaders.cache needs to end with an extra LF or the
gdk-pixbuf is not able to read the last entry. The final comment is
to make our git sanity checks happy.
Running
make -f build-aux/speedo.mk \
TARGETOS=w32 TARBALLS=~/tarballs installer
does now create a working installer. After removing dirmngr from the
installation GPA kind of works. There are remaining problems with
dirmngr and scdaemon which will be fixed soon.
Running
make -f build-aux/speedo.mk \
TARGETOS=w32 TARBALLS=~/tarballs dist-source
creates an xz compressed tarball with all the sources used to build
the installer. Distributing this tarball along with the installer is
sufficient to comply with the GPL. Well, some more instructions
should be given in the readme files.
diff --git a/.gitignore b/.gitignore
index d4816a1..5fc934a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,7 +21,7 @@ keyserver/gpg2keys_test
tools/gpg-zip
# Files created by make when not using a VPATH build
-play/
+PLAY/
*.o
po/en at boldquot.insert-header
po/en at boldquot.po
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 34d5f98..1bebd8b 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -23,7 +23,7 @@
# or
# make -f speedo.mk
#
-# Builds all packages and installs them under play/inst. At the end,
+# Builds all packages and installs them under PLAY/inst. At the end,
# speedo prints commands that can be executed in the local shell to
# make use of the installed packages.
#
@@ -390,7 +390,7 @@ MAKENSIS=makensis
BUILD_ISODATE=$(shell date -u +%Y-%m-%d)
# These paths must be absolute, as we switch directories pretty often.
-root := $(shell pwd)/play
+root := $(shell pwd)/PLAY
sdir := $(root)/src
bdir := $(root)/build
bdir6:= $(root)/build-w64
@@ -772,7 +772,7 @@ clean-stamps:
$(RM) -fR $(stampdir)
clean-speedo:
- $(RM) -fR play
+ $(RM) -fR PLAY
#
@@ -780,10 +780,16 @@ clean-speedo:
#
dist-source: all
- for i in 00 01 02 03; do sleep 1;touch play/stamps/stamp-*-${i}-*;done
- tar -cvJf gnupg-$(INST_VERSION)_$(BUILD_ISODATE).tar.xz \
- --exclude-backups --exclude-vc \
- patches play/stamps/stamp-*-00-unpack play/src
+ for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
+ (set -e;\
+ tarname="gnupg-w32-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\
+ [ -f "$$tarname" ] && rm "$$tarname" ;\
+ tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \
+ --anchored --exclude './PLAY' . ;\
+ tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \
+ PLAY/stamps/stamp-*-00-unpack PLAY/src ;\
+ xz "$$tarname" ;\
+ )
$(bdir)/NEWS.tmp: $(topsrc)/NEWS
@@ -820,6 +826,7 @@ installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt
-DVERSION=$(INST_VERSION) \
-DPROD_VERSION=$(INST_PROD_VERSION) \
$(w32src)/inst.nsi
+ @echo "Ready: $(idir)/gnupg-w32-$(INST_VERSION)"
#
# Mark phony targets
diff --git a/build-aux/speedo/w32/gdk-pixbuf-loaders.cache b/build-aux/speedo/w32/gdk-pixbuf-loaders.cache
index af51346..78bc18a 100755
--- a/build-aux/speedo/w32/gdk-pixbuf-loaders.cache
+++ b/build-aux/speedo/w32/gdk-pixbuf-loaders.cache
@@ -133,3 +133,6 @@
"image/x-xpixmap" ""
"xpm" ""
"/* XPM */" "" 100
+
+
+# eof #
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index cf627f6..30b3871 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -93,7 +93,7 @@ SetCompressor lzma
Name "${PRETTY_PACKAGE}"
# Set the output filename.
-OutFile "${PACKAGE}-${VERSION}.exe"
+OutFile "gnupg-w32-${VERSION}.exe"
#Fixme: Do we need a logo
#Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico"
@@ -526,6 +526,7 @@ Section "-gnupginst"
# If we are reinstalling, try to kill a possible running agent using
# an already installed gpgconf.
ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf
+ ExecWait '"$INSTDIR\bin\gpgconf" --kill dirmngr'
ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent'
no_gpgconf:
@@ -542,9 +543,11 @@ Section "GnuPG" SEC_gnupg
SetOutPath "$INSTDIR\bin"
File /oname=gpg.exe "bin/gpg2.exe"
+ File /oname=gpgv.exe "bin/gpgv2.exe"
File "bin/gpgsm.exe"
File "bin/gpgconf.exe"
File "bin/gpg-connect-agent.exe"
+ File "bin/gpgtar.exe"
ClearErrors
SetOverwrite try
@@ -554,6 +557,22 @@ Section "GnuPG" SEC_gnupg
File /oname=gpg-agent.exe.tmp "bin/gpg-agent.exe"
Rename /REBOOTOK gpg-agent.exe.tmp gpg-agent.exe
+ ClearErrors
+ SetOverwrite try
+ File "libexec/scdaemon.exe"
+ SetOverwrite lastused
+ ifErrors 0 +3
+ File /oname=scdaemon.exe.tmp "libexec/scdaemon.exe"
+ Rename /REBOOTOK scdaemon.exe.tmp scdaemon.exe
+
+ ClearErrors
+ SetOverwrite try
+ File "bin/dirmngr.exe"
+ SetOverwrite lastused
+ ifErrors 0 +3
+ File /oname=dirmngr.exe.tmp "bin/dirmngr.exe"
+ Rename /REBOOTOK dirmngr.exe.tmp dirmngr.exe
+
SetOutPath "$INSTDIR\share\gnupg"
File "share/gnupg/gpg-conf.skel"
SectionEnd
@@ -995,10 +1014,14 @@ SectionEnd
Section "-un.gnupg"
Delete "$INSTDIR\bin\gpg.exe"
+ Delete "$INSTDIR\bin\gpgv.exe"
Delete "$INSTDIR\bin\gpgsm.exe"
Delete "$INSTDIR\bin\gpg-agent.exe"
+ Delete "$INSTDIR\bin\scdaemon.exe"
+ Delete "$INSTDIR\bin\dirmngr.exe"
Delete "$INSTDIR\bin\gpgconf.exe"
Delete "$INSTDIR\bin\gpg-connect-agent.exe"
+ Delete "$INSTDIR\bin\gpgtar.exe"
Delete "$INSTDIR\share\gnupg\gpg-conf.skel"
RMDir "$INSTDIR\share\gnupg"
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +-
build-aux/speedo.mk | 21 ++++++++++++++-------
build-aux/speedo/w32/gdk-pixbuf-loaders.cache | 3 +++
build-aux/speedo/w32/inst.nsi | 25 ++++++++++++++++++++++++-
4 files changed, 42 insertions(+), 9 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 12 15:04:25 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 12 Jun 2014 15:04:25 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-8-gd8314e3
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d8314e31c58ea0827d0e2361dabcdf869ab08fce (commit)
from 6eeb31abee82cb2016bf054cd302af64f6dfdc2e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d8314e31c58ea0827d0e2361dabcdf869ab08fce
Author: Werner Koch
Date: Thu Jun 12 14:41:40 2014 +0200
gpg: Improve the output of --list-packets
* g10/parse-packet.c (parse): Print packet meta info in list mode.
--
In particular having the file offset of the packets is often useful.
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 26ca038..28f9016 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -403,11 +403,18 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
int hdrlen;
int new_ctb = 0, partial = 0;
int with_uid = (onlykeypkts == 2);
+ off_t pos;
*skip = 0;
assert (!pkt->pkt.generic);
- if (retpos)
- *retpos = iobuf_tell (inp);
+ if (retpos || list_mode)
+ {
+ pos = iobuf_tell (inp);
+ if (retpos)
+ *retpos = pos;
+ }
+ else
+ pos = 0; /* (silence compiler warning) */
if ((ctb = iobuf_get (inp)) == -1)
{
@@ -559,6 +566,12 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
#endif
}
+ if (list_mode)
+ es_fprintf (listfp, "# off=%lu ctb=%02x tag=%d hlen=%d plen=%lu%s%s\n",
+ (unsigned long)pos, ctb, pkttype, hdrlen, pktlen,
+ partial? " partial":"",
+ new_ctb? " new-ctb":"");
+
pkt->pkttype = pkttype;
rc = G10ERR_UNKNOWN_PACKET; /* default error */
switch (pkttype)
-----------------------------------------------------------------------
Summary of changes:
g10/parse-packet.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 13 19:37:26 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 13 Jun 2014 19:37:26 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-9-g5bf0452
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 5bf04522e353675e4c3eda118fee2580756704a2 (commit)
from d8314e31c58ea0827d0e2361dabcdf869ab08fce (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5bf04522e353675e4c3eda118fee2580756704a2
Author: Werner Koch
Date: Fri Jun 13 19:39:48 2014 +0200
http: Print human readable GNUTLS status.
* common/http.c (send_gnutls_bye): Take care of EAGAIN et al.
(http_verify_server_credentials): Print a human readable status.
diff --git a/common/http.c b/common/http.c
index 4fc89d7..06461db 100644
--- a/common/http.c
+++ b/common/http.c
@@ -2419,8 +2419,21 @@ static void
send_gnutls_bye (void *opaque)
{
gnutls_session_t tls_session = opaque;
+ int ret;
- gnutls_bye (tls_session, GNUTLS_SHUT_RDWR);
+ again:
+ do
+ ret = gnutls_bye (tls_session, GNUTLS_SHUT_RDWR);
+ while (ret == GNUTLS_E_INTERRUPTED);
+ if (ret == GNUTLS_E_AGAIN)
+ {
+ struct timeval tv;
+
+ tv.tv_sec = 0;
+ tv.tv_usec = 50000;
+ my_select (0, NULL, NULL, NULL, &tv);
+ goto again;
+ }
}
#endif /*HTTP_USE_GNUTLS*/
@@ -2486,6 +2499,19 @@ http_verify_server_credentials (http_session_t sess)
else if (status)
{
log_error ("%s: status=0x%04x\n", errprefix, status);
+#if GNUTLS_VERSION_NUMBER >= 0x030104
+ {
+ gnutls_datum_t statusdat;
+
+ if (!gnutls_certificate_verification_status_print
+ (status, GNUTLS_CRT_X509, &statusdat, 0))
+ {
+ log_info ("%s: %s\n", errprefix, statusdat.data);
+ gnutls_free (statusdat.data);
+ }
+ }
+#endif /*gnutls >= 3.1.4*/
+
sess->verify.status = status;
if (!err)
err = gpg_error (GPG_ERR_GENERAL);
-----------------------------------------------------------------------
Summary of changes:
common/http.c | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 17 11:40:28 2014
From: cvs at cvs.gnupg.org (by Kristian Fiskerstrand)
Date: Tue, 17 Jun 2014 11:40:28 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-11-g3f17b74
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb (commit)
via 47e63dc00169030b6ff01ab67e73e52aec1395db (commit)
from 5bf04522e353675e4c3eda118fee2580756704a2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb
Author: Kristian Fiskerstrand
Date: Thu Jun 12 16:12:28 2014 +0200
gpg: Fix a couple of spelling errors
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 1b30b7f..cf1b96a 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -222,12 +222,12 @@ check_hijacking (assuan_context_t ctx)
string = get_membuf (&mb, NULL);
if (!string || !*string)
{
- /* Definitley hijacked - show a warning prompt. */
+ /* Definitely hijacked - show a warning prompt. */
static int shown;
const char warn1[] =
"The GNOME keyring manager hijacked the GnuPG agent.";
const char warn2[] =
- "GnuPG will not work proberly - please configure that "
+ "GnuPG will not work properly - please configure that "
"tool to not interfere with the GnuPG system!";
log_info ("WARNING: %s\n", warn1);
log_info ("WARNING: %s\n", warn2);
commit 47e63dc00169030b6ff01ab67e73e52aec1395db
Author: Werner Koch
Date: Mon Jun 16 23:25:44 2014 +0200
speedo: Support building from dist-source generated tarball.
diff --git a/README b/README
index d5cd727..da4c498 100644
--- a/README
+++ b/README
@@ -70,6 +70,10 @@ binary gpg but a gpg2 so that this package won't conflict with a GnuPG
In case of problem please ask on the gnupg-users at gnupg.org mailing
list for advise.
+Instruction on how to build for Windows can be found in the file
+doc/HACKING in the section "How to build an installer for Windows".
+This requires some experience as developer.
+
Note that the PKITS tests are always skipped unless you copy the PKITS
test data file into the tests/pkits directory. There is no need to
run these test and some of them may even fail because the test scripts
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 1bebd8b..1ef1600 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -46,19 +46,24 @@
SPEEDO_MK := $(realpath $(lastword $(MAKEFILE_LIST)))
-# Set this to "git" or "release".
+# Set this to "git" to build from git,
+# to "release" from tarballs,
+# to "this" from the unpacked sources.
WHAT=git
# Set target to "native" or "w32"
TARGETOS=w32
-# Set to the location of the directory with traballs of
+# Set to the location of the directory with tarballs of
# external packages.
TARBALLS=$(shell pwd)/../tarballs
# Number of parallel make jobs
MAKE_J=3
+# Name to use for the w32 installer and sources
+INST_NAME=gnupg-w32
+
# =====BEGIN LIST OF PACKAGES=====
# The packages that should be built. The order is also the build order.
# Fixme: Do we need to build pkg-config for cross-building?
@@ -172,7 +177,8 @@ pkg2rep = $(TARBALLS)
# Note that you can override the defaults in this file in a local file
# "config.mk"
-ifeq ($(WHAT),git)
+ifeq ($(WHAT),this)
+else ifeq ($(WHAT),git)
speedo_pkg_libgpg_error_git = $(gitrep)/libgpg-error
speedo_pkg_libgpg_error_gitref = master
speedo_pkg_npth_git = $(gitrep)/npth
@@ -191,7 +197,7 @@ ifeq ($(WHAT),git)
speedo_pkg_gpa_gitref = master
speedo_pkg_gpgex_git = $(gitrep)/gpgex
speedo_pkg_gpgex_gitref = master
-else
+else ifeq ($(WHAT),release)
speedo_pkg_libgpg_error_tar = \
$(pkgrep)/libgpg-error/libgpg-error-$(libgpg_error_ver).tar.bz2
speedo_pkg_npth_tar = \
@@ -210,6 +216,8 @@ else
$(pkgrep)/gpa/gpa-$(gpa_ver).tar.bz2
speedo_pkg_gpgex_tar = \
$(pkgrep)/gpex/gpgex-$(gpa_ver).tar.bz2
+else
+ $(error invalid value for WHAT (use on of: git release this))
endif
speedo_pkg_pkg_config_tar = $(pkg2rep)/pkg-config-$(pkg_config_ver).tar.gz
@@ -529,7 +537,9 @@ $(stampdir)/stamp-$(1)-00-unpack: $(stampdir)/stamp-directories
@echo "speedo: */"
@(set -e; cd $(sdir); \
$(call SETVARS,$(1)); \
- if [ "$(1)" = "gnupg" ]; then \
+ if [ "$(WHAT)" = "this" ]; then \
+ echo "speedo: using included source"; \
+ elif [ "$(1)" = "gnupg" ]; then \
cd $$$${pkgsdir}; \
if [ -f config.log ]; then \
echo "GnuPG has already been build in-source" >&2 ;\
@@ -782,11 +792,13 @@ clean-speedo:
dist-source: all
for i in 00 01 02 03; do sleep 1;touch PLAY/stamps/stamp-*-${i}-*;done
(set -e;\
- tarname="gnupg-w32-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\
+ tarname="$(INST_NAME)-$(INST_VERSION)_$(BUILD_ISODATE).tar" ;\
[ -f "$$tarname" ] && rm "$$tarname" ;\
tar -C $(topsrc) -cf "$$tarname" --exclude-backups --exclude-vc \
+ --transform='s,^\./,$(INST_NAME)-$(INST_VERSION)/,' \
--anchored --exclude './PLAY' . ;\
tar --totals -rf "$$tarname" --exclude-backups --exclude-vc \
+ --transform='s,^,$(INST_NAME)-$(INST_VERSION)/,' \
PLAY/stamps/stamp-*-00-unpack PLAY/src ;\
xz "$$tarname" ;\
)
@@ -823,10 +835,11 @@ installer: all w32_insthelpers $(bdir)/inst-options.ini $(bdir)/README.txt
-DTOP_SRCDIR=$(topsrc) \
-DW32_SRCDIR=$(w32src) \
-DBUILD_ISODATE=$(BUILD_ISODATE) \
+ -DNAME=$(INST_NAME) \
-DVERSION=$(INST_VERSION) \
-DPROD_VERSION=$(INST_PROD_VERSION) \
$(w32src)/inst.nsi
- @echo "Ready: $(idir)/gnupg-w32-$(INST_VERSION)"
+ @echo "Ready: $(idir)/$(INST_NAME)-$(INST_VERSION)"
#
# Mark phony targets
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index 30b3871..5f8c55c 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -23,6 +23,7 @@
# TOP_SRCDIR
# W32_SRCDIR
# BUILD_ISODATE
+# NAME
# VERSION
# PROD_VERSION
@@ -93,7 +94,7 @@ SetCompressor lzma
Name "${PRETTY_PACKAGE}"
# Set the output filename.
-OutFile "gnupg-w32-${VERSION}.exe"
+OutFile "$(NAME)-${VERSION}.exe"
#Fixme: Do we need a logo
#Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico"
diff --git a/doc/HACKING b/doc/HACKING
index 8116c3f..252bc42 100644
--- a/doc/HACKING
+++ b/doc/HACKING
@@ -93,12 +93,47 @@ appear in the ChangeLog.
need. If you really need to do it, use a separate commit for such a
change.
+* Windows
+** How to build an installer for Windows
+
+ Your best bet is to use a decent Debian System for development.
+ You need to install a long list of tools for building. This list
+ still needs to be compiled. However, the build process will stop
+ if a tool is missing. GNU make is required (on non GNU systems
+ often installed as "gmake"). The installer requires a couple of
+ extra software to be available either as tarballs or as local git
+ repositories. In case this file here is part of a gnupg-w32-2.*.xz
+ complete tarball as distributed from the same place as a binary
+ installer, all such tarballs are already included.
+
+ Cd to the GnuPG source directory and use one of one of these
+ command:
+
+ - If sources are included (gnupg-w32-*.tar.xz)
+
+ make -f build-aux/speedo.mk WHAT=this installer
+
+ - To build from tarballs
+
+ make -f build-aux/speedo.mk WHAT=release TARBALLS=TARDIR installer
+
+ - To build from local GIT repos
+
+ make -f build-aux/speedo.mk WHAT=git TARBALLS=TARDIR installer
+
+ Note that also you need to supply tarballs with supporting
+ libraries even if you build from git. The makefile expects only
+ the core GnuPG software to be available as local GIT repositories.
+ speedo.mk has the versions of the tarballs and the branch names of
+ the git repositories. In case of problems, don't hesitate to ask
+ on the gnupg-devel mailing for help.
+
+
* Debug hints
See the manual for some hints.
* Standards
-
** RFCs
1423 Privacy Enhancement for Internet Electronic Mail:
@@ -120,6 +155,8 @@ appear in the ChangeLog.
4880 Current OpenPGP specification.
+6337 Elliptic Curve Cryptography (ECC) in OpenPGP
+
* Various information
** Directory Layout
-----------------------------------------------------------------------
Summary of changes:
README | 4 ++++
build-aux/speedo.mk | 27 ++++++++++++++++++++-------
build-aux/speedo/w32/inst.nsi | 3 ++-
doc/HACKING | 39 ++++++++++++++++++++++++++++++++++++++-
g10/call-agent.c | 4 ++--
5 files changed, 66 insertions(+), 11 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 23 13:13:35 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 23 Jun 2014 13:13:35 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.23-5-gceef556
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via ceef5568d53b286efe639c6fd1d37f154be133ef (commit)
via 014b2103fcb12f261135e3954f26e9e07b39e342 (commit)
from 52b96ef6b81951ddacf146a74e88e5512efd03a0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ceef5568d53b286efe639c6fd1d37f154be133ef
Author: Werner Koch
Date: Mon Jun 23 13:16:44 2014 +0200
ssh: Fix for newer Libgcrypt versions.
* common/ssh-utils.c (get_fingerprint): Add GCRY_PK_ECC case.
--
Reported-by: Anatol Pomozov
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index d8f057d..11ff0fb 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -89,6 +89,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
+ case GCRY_PK_ECC:
case GCRY_PK_ECDSA:
/* We only support the 3 standard curves for now. It is just a
quick hack. */
commit 014b2103fcb12f261135e3954f26e9e07b39e342
Author: Werner Koch
Date: Fri Jun 20 10:39:26 2014 +0200
gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
diff --git a/g10/compress.c b/g10/compress.c
index a91dd23..6e151bc 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -161,7 +161,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
IOBUF a, size_t *ret_len )
{
int zrc;
- int rc=0;
+ int rc = 0;
+ int leave = 0;
size_t n;
int nread, count;
int refill = !zs->avail_in;
@@ -179,13 +180,14 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
nread = iobuf_read( a, zfx->inbuf + n, count );
if( nread == -1 ) nread = 0;
n += nread;
- /* If we use the undocumented feature to suppress
- * the zlib header, we have to give inflate an
- * extra dummy byte to read */
- if( nread < count && zfx->algo == 1 ) {
- *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */
- zfx->algo1hack = 1;
+ /* Algo 1 has no zlib header which requires us to to give
+ * inflate an extra dummy byte to read. To be on the safe
+ * side we allow for up to 4 ff bytes. */
+ if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) {
+ *(zfx->inbuf + n) = 0xFF;
+ zfx->algo1hack++;
n++;
+ leave = 1;
}
zs->avail_in = n;
}
@@ -205,7 +207,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
else
log_fatal("zlib inflate problem: rc=%d\n", zrc );
}
- } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR );
+ } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR
+ && !leave);
*ret_len = zfx->outbufsize - zs->avail_out;
if( DBG_FILTER )
-----------------------------------------------------------------------
Summary of changes:
common/ssh-utils.c | 1 +
g10/compress.c | 19 +++++++++++--------
2 files changed, 12 insertions(+), 8 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 23 17:39:11 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 23 Jun 2014 17:39:11 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.16-17-gba50a00
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via ba50a006302cee62376f1c7bf11a08dad14f41ff (commit)
via 297f2ac6451e638ed96926d06b01189076010823 (commit)
via 8d5f493ba4e7ea410186e16b8927ad5683fb15f2 (commit)
via bfc7893bdaf4dc674799ddddc0cae8f0af642b9d (commit)
via 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe (commit)
via 5230304349490f31aa64ee2b69a8a2bc06bf7816 (commit)
via 8eab483a1c4817a2946624c7305f464089d1875e (commit)
via 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd (commit)
from ab644b1efffe7c36aff4a0612479ee1949830516 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ba50a006302cee62376f1c7bf11a08dad14f41ff
Author: Werner Koch
Date: Mon Jun 23 17:42:21 2014 +0200
Post release changes.
--
diff --git a/NEWS b/NEWS
index e935605..a78109b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.4.18 (unreleased)
+-------------------------------------------------
+
+
Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
diff --git a/README b/README
index 5d1edbd..4a07839 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.17
+ Version 1.4.18
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
diff --git a/configure.ac b/configure.ac
index 93527e9..96f09d7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.4.17])
+m4_define([mym4_version], [1.4.18])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 297f2ac6451e638ed96926d06b01189076010823
Author: Werner Koch
Date: Mon Jun 23 16:38:09 2014 +0200
Release 1.4.17
diff --git a/AUTHORS b/AUTHORS
index 29f775f..8e59219 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,10 +1,16 @@
Program: GnuPG
Version: 1.4
+Homepage: https://www.gnupg.org
Maintainer: Werner Koch
Bug reports: http://bugs.gnupg.org
Security related bug reports:
License: GPLv3+
+GnuPG is free software. See the files COPYING for copying conditions.
+License copyright years may be listed using range notation, e.g.,
+2000-2013, indicating that every year in the range, inclusive, is a
+copyrightable year that would otherwise be listed individually.
+
Authors with a FSF copyright assignment
=======================================
@@ -129,7 +135,7 @@ Other authors
=============
The need for copyright assignments to the FSF has been waived on
-2013-03-29; The need for copyright disclaimers for translations has
+2013-03-29; the need for copyright disclaimers for translations has
been waived in December 2012.
This program uses the zlib compression library written by
@@ -161,13 +167,26 @@ was written by 1996-2010 Julian R Seward. See bzip/LICENSE for
details.
+Copyright
+=========
+
+GnuPG is distributed under the GNU General Public License, version 3
+or later.
+
+Note that some files are under a combination of the GNU Lesser General
+Public License, version 3 and the GNU General Public License, version
+2. A few other files carry the all permissive license note as found
+at the bottom of this file.
+
+====================
+
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
- Copyright 2013 Werner Koch
+ Copyright 2013, 2014 Werner Koch
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
+ This file (AUTHORS) is free software; as a special exception the
+ author gives unlimited permission to copy and/or distribute it, with
+ or without modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
diff --git a/NEWS b/NEWS
index 1dfb23f..e935605 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,20 @@
-Noteworthy changes in version 1.4.17 (unreleased)
+Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
+ * Avoid DoS due to garbled compressed data packets.
+
+ * Screen keyserver reponses to avoid import of unwanted keys by rogue
+ servers.
+
+ * Add hash algorithms to the "sig" records of the colon output.
+
+ * More specific reason codes for INV_RECP status.
+
+ * Fixes for PC/SC access on Apple.
+
+ * Minor bug fixes.
+
+
Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------
diff --git a/README b/README
index f025c51..5d1edbd 100644
--- a/README
+++ b/README
@@ -1,12 +1,12 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.16
+ Version 1.4.17
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
2010, 2012, 2013 Free Software Foundation, Inc.
- Copyright 1997, 1998, 2013 Werner Koch
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
This file is free software; as a special exception the author
gives unlimited permission to copy and/or distribute it, with or
@@ -783,10 +783,12 @@
How to Get More Information
---------------------------
- The primary WWW page is http://www.gnupg.org
+ The primary WWW page is https://www.gnupg.org
+ or using TOR http://ic6au7wa3f6naxjq.onion
+
The primary FTP site is ftp://ftp.gnupg.org/gcrypt/
- See http://www.gnupg.org/download/mirrors.html for a list of
+ See https://www.gnupg.org/download/mirrors.html for a list of
mirrors and use them if possible. You may also find GnuPG
mirrored on some of the regular GNU mirrors.
@@ -813,7 +815,7 @@
of "subscribe" to x-request at gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). An archive of
the mailing lists are available at
- http://www.gnupg.org/documentation/mailing-lists.html
+ https://www.gnupg.org/documentation/mailing-lists.html
Please direct bug reports to http://bugs.gnupg.org or post
them direct to the mailing list .
@@ -825,12 +827,9 @@
by the authors and we try to answer questions when time allows us
to do so.
- Commercial grade support for GnuPG is available; please see
- http://www.gnupg.org/service.html .
-
- The driving force behind the development of GnuPG is the company
- of its principal author, Werner Koch. Maintenance and improvement
- of GnuPG and related software take up most of their resources.
- To continue the work they ask to either donate money, purchase a
- support contract, or engage them for custom enhancements. See
- http://g10code.com/gnupg-donation.html
+ Commercial grade support for GnuPG is available; for a listing of
+ offers see https://www.gnupg.org/service.html . Maintaining and
+ improving GnuPG is costly. Since 2001, g10 Code GmbH, a German
+ company owned and headed by GnuPG's principal author Werner Koch,
+ is bearing the majority of these costs. To help them carry on
+ this work, they need your support. See https://gnupg.org/donate/
diff --git a/util/argparse.c b/util/argparse.c
index a0579cb..267b6f1 100644
--- a/util/argparse.c
+++ b/util/argparse.c
@@ -1046,7 +1046,7 @@ default_strusage( int level )
break;
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
- case 14: p = "Copyright (C) 2013 Free Software Foundation, Inc."; break;
+ case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break;
case 15: p =
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n";
commit 8d5f493ba4e7ea410186e16b8927ad5683fb15f2
Author: Werner Koch
Date: Mon Jun 23 16:35:41 2014 +0200
po: Auto-update
--
diff --git a/po/be.po b/po/be.po
index 9add96e..2625282 100644
--- a/po/be.po
+++ b/po/be.po
@@ -1843,6 +1843,13 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????????????? ?????????? ???????????? ?? ID ????????????????????????????"
+#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "?????????????????? ???????? ???? ??????????????????"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr ""
@@ -1938,6 +1945,10 @@ msgstr "???????????????? ?????????? ???????????? ?? ????????????????"
msgid "key %s: \"%s\" not changed\n"
msgstr ""
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?????????????????? ???????? ???? ??????????????????"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "???????????????? ???????? ????????????????????"
diff --git a/po/ca.po b/po/ca.po
index bc6e6c6..3d08b48 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -2064,6 +2064,13 @@ msgid "key %s: no user ID\n"
msgstr "clau %08lX: sense ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "es descarta ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clau %08lX: corrupci?? de la subclau HKP reparada\n"
@@ -2158,6 +2165,10 @@ msgstr "clau %08lX: ??%s?? %d ID d'usuari nous\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clau %08lX: ??%s?? no ha estat modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "no s'ha trobat la clau secreta ??%s??: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "s'est?? escrivint la clau secreta a ??%s??\n"
diff --git a/po/cs.po b/po/cs.po
index 92198da..ec904ae 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -1978,6 +1978,14 @@ msgstr "nelze aktualizovat preference s: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "kl?? %s: chyb? identifik?tor u?ivatele\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "p?esko?en \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kl?? %s: PKS po?kozen? podkl??e opraveno\n"
@@ -2075,6 +2083,11 @@ msgstr "kl
msgid "key %s: \"%s\" not changed\n"
msgstr "kl?? %s: \"%s\" beze zm?n\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "tajn? kl?? \"%s\" nenalezen: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import tajn?ch kl??? nen? povolen\n"
diff --git a/po/da.po b/po/da.po
index edcd31b..6d871f6 100644
--- a/po/da.po
+++ b/po/da.po
@@ -1958,6 +1958,14 @@ msgstr "du kan opdatere dine pr??ferencer med: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "n??gle %s: ingen bruger-id\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "udelod ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "n??gle %s: korruption af PKS-undern??gle er repareret!\n"
@@ -2053,6 +2061,11 @@ msgstr "n??gle %s: ??%s?? %d bruger-id'er renset\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "n??gle %s: ??%s?? ikke ??ndret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig n??gle ??%s?? blev ikke fundet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import af hemmelige n??gler er ikke tilladt\n"
diff --git a/po/de.po b/po/de.po
index 0a02fb9..8b3ccd8 100644
--- a/po/de.po
+++ b/po/de.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-1.4.8\n"
"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n"
-"PO-Revision-Date: 2012-08-24 16:58+0200\n"
+"PO-Revision-Date: 2014-06-23 16:34+0200\n"
"Last-Translator: Walter Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -2011,6 +2011,13 @@ msgid "key %s: no user ID\n"
msgstr "Schl??ssel %s: Keine User-ID\n"
#, c-format
+msgid "key %s: %s\n"
+msgstr "Schl??ssel \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr "durch Importfilter zur??ckgewiesen"
+
+#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "Schl??ssel %s: PKS Unterschl??sseldefekt repariert\n"
@@ -2105,6 +2112,10 @@ msgstr "Schl??ssel %s: \"%s\" %d User-IDs bereinigt\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "Schl??ssel %s: \"%s\" nicht ge??ndert\n"
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "Geheimer Schl??ssel \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Importieren geheimer Schl??ssel ist nicht erlaubt\n"
diff --git a/po/el.po b/po/el.po
index 4a15778..a6eb951 100644
--- a/po/el.po
+++ b/po/el.po
@@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n"
msgstr "?????? %08lX: ??? ??????? ???? ?? user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "???????????? `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %08lX: ??????????? ????????? ??????????? HKP\n"
@@ -2110,6 +2117,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %08lX: \"%s\" ??????????\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?? ??????? ?????? `%s' ?? ???????: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "??????? ??? ???????? ???????? ??? `%s'\n"
diff --git a/po/eo.po b/po/eo.po
index e910584..21a54d7 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n"
msgstr "?losilo %08lX: mankas uzantidentigilo\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignoris '%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?losilo %08lX: mankas sub?losilo por ?losilbindado\n"
@@ -2078,6 +2085,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "?losilo %08lX: ne ?an?ita\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?losilo '%s' ne trovita: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "skribas sekretan ?losilon al '%s'\n"
diff --git a/po/es.po b/po/es.po
index df0a502..7be33ec 100644
--- a/po/es.po
+++ b/po/es.po
@@ -1987,6 +1987,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clave %s: sin identificador de usuario\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "omitido \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clave %s: reparada la subclave PKS corrompida\n"
@@ -2082,6 +2090,11 @@ msgstr "clave %s: \"%s\" %d nuevos identificadores de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clave %s: \"%s\" sin cambios\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "no se permite importar claves secretas\n"
diff --git a/po/et.po b/po/et.po
index b635ce1..25a0e4a 100644
--- a/po/et.po
+++ b/po/et.po
@@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n"
msgstr "v?ti %08lX: kasutaja ID puudub\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "`%s' j?tsin vahele: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "v?ti %08lX: HKP alamv?tme rike parandatud\n"
@@ -2079,6 +2086,10 @@ msgstr "v
msgid "key %s: \"%s\" not changed\n"
msgstr "v?ti %08lX: \"%s\" ei muudetud\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salajast v?tit `%s' ei leitud: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjutan salajase v?tme faili `%s'\n"
diff --git a/po/fi.po b/po/fi.po
index a180d81..9b52b14 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n"
msgstr "avain %08lX: ei k??ytt??j??tunnusta\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
@@ -2111,6 +2118,10 @@ msgstr "avain %08lX: \"%s\" %d uutta k??ytt??j??tunnusta\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "avain %08lX: \"%s\" ei muutoksia\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salaista avainta \"%s\" ei l??ydy: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
diff --git a/po/fr.po b/po/fr.po
index 57bc539..c2808d8 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2008,6 +2008,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clef %s??: pas d'identit??\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "????%s???? a ??t?? ignor??e??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clef %s??: corruption de sous-clef PKS r??par??e\n"
@@ -2103,6 +2111,11 @@ msgstr "clef %s??: ????%s???? %d??identit??s nettoy??es\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clef %s??: ????%s???? n'est pas modifi??e\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clef secr??te ????%s???? introuvable??: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "impossible d'importer des clefs secr??tes\n"
diff --git a/po/gl.po b/po/gl.po
index 3e94c4b..fe1eabc 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -2000,6 +2000,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: non hai ID de usuario\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "om?tese `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: arranxouse a corrupci?n da sub-chave HKP\n"
@@ -2098,6 +2105,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" sen cambios\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "gravando a chave secreta en `%s'\n"
diff --git a/po/hu.po b/po/hu.po
index 4c76185..05e3b6a 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -1992,6 +1992,13 @@ msgid "key %s: no user ID\n"
msgstr "%08lX kulcs: Nincs felhaszn?l?i azonos?t?.\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "%08lX kulcs: HKP alkulcss?r?l?s kijav?tva.\n"
@@ -2086,6 +2093,10 @@ msgstr "%08lX kulcs: \"%s\" %d
msgid "key %s: \"%s\" not changed\n"
msgstr "%08lX kulcs: \"%s\" nem v?ltozott.\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "\"%s\" titkos kulcs nem tal?lhat?: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "?rom a titkos kulcsot a %s ?llom?nyba.\n"
diff --git a/po/id.po b/po/id.po
index e24c85e..f17e4eb 100644
--- a/po/id.po
+++ b/po/id.po
@@ -2007,6 +2007,13 @@ msgid "key %s: no user ID\n"
msgstr "kunci %08lX: tidak ada ID user\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "melewati `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
@@ -2101,6 +2108,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "kunci %08lX: \"%s\" tidak berubah\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "menulis kunci rahasia ke `%s'\n"
diff --git a/po/it.po b/po/it.po
index fe4ef9d..0efc561 100644
--- a/po/it.po
+++ b/po/it.po
@@ -2015,6 +2015,13 @@ msgid "key %s: no user ID\n"
msgstr "chiave %08lX: nessun user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "saltata `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n"
@@ -2109,6 +2116,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chiave %08lX: \"%s\" non cambiata\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "scrittura della chiave segreta in `%s'\n"
diff --git a/po/ja.po b/po/ja.po
index 109e964..4b76e2a 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -1945,6 +1945,14 @@ msgstr "
msgid "key %s: no user ID\n"
msgstr "??%s: ????????ID????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "??%s??????????????: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "??%s: PKS????????????????\n"
@@ -2040,6 +2048,11 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "??%s:??%s??????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "????????%s??????????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "????????????????????????\n"
diff --git a/po/nb.po b/po/nb.po
index b18fb22..a242fce 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -1879,6 +1879,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "n?kkel %s: ingen brukerid\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppet over ?%s?: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "n?kkel %s: PKS-undern?kkel reparert\n"
@@ -1974,6 +1982,11 @@ msgstr "n
msgid "key %s: \"%s\" not changed\n"
msgstr "n?kkel %s: ?%s? ikke endret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig n?kkel ?%s? ble ikke funnet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemmelig n?kkel er ikke tillatt\n"
diff --git a/po/nl.po b/po/nl.po
index 6b7d76c..b681cce 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -2013,6 +2013,14 @@ msgstr "Uw voorkeuren verbeteren met: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "sleutel %s: geen Gebruiker ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "skipped ???%s???: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "sleutel %s: PKS sub-sleutel fouten verbeterd\n"
@@ -2108,6 +2116,11 @@ msgstr "sleutel %s: ???%s??? %d gebruiker ID's opgeschoond\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "sleutel %s: ???%s??? niet veranderd\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "secret key ???%s??? not found: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importeren van geheime sleutels is niet toegestaan\n"
diff --git a/po/pl.po b/po/pl.po
index cfd9081..3696a0d 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -1955,6 +1955,14 @@ msgstr "ustawienia mo
msgid "key %s: no user ID\n"
msgstr "klucz %s: brak identyfikatora u?ytkownika\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pomini?ty ,,%s'': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klucz %s: podklucz uszkodzony przez serwer PKS zosta? naprawiony\n"
@@ -2050,6 +2058,11 @@ msgstr "klucz %s: ,,%s'' %d oczyszczonych identyfikator
msgid "key %s: \"%s\" not changed\n"
msgstr "klucz %s: ,,%s'' bez zmian\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta? odnaleziony: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
diff --git a/po/pt.po b/po/pt.po
index db037e0..9c95055 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -1996,6 +1996,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de utilizador\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
@@ -2090,6 +2097,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" n?o modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chave `%s' n?o encontrada: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "a escrever chave privada para `%s'\n"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 215ff45..0e2802c 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -1962,6 +1962,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de usu?rio\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: sem subchave para liga??o de chaves\n"
@@ -2056,6 +2063,10 @@ msgstr "chave %08lX: %d novos IDs de usu
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: n?o modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "usu?rio `%s' n?o encontrado: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "escrevendo certificado privado para `%s'\n"
diff --git a/po/ro.po b/po/ro.po
index bc7d8c3..a2c1c54 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -1975,6 +1975,14 @@ msgstr "v?? pute??i actualiza preferin??ele cu: gpg --edit-key %s updpref save\n
msgid "key %s: no user ID\n"
msgstr "cheia %s: nici un ID utilizator\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "s??rit?? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "cheia %s: subcheia HPK corupt?? a fost reparat??\n"
@@ -2070,6 +2078,11 @@ msgstr "cheia %s: \"%s\" %d ID-uri utilizator cur????ate\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "cheia %s: \"%s\" nu a fost schimbat??\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "cheia secret?? \"%s\" nu a fost g??sit??: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importul de chei secrete nu este permis\n"
diff --git a/po/ru.po b/po/ru.po
index 6e6ec64..ade0c81 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1967,6 +1967,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????? %s: ???? ?????????? User ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "?????????????????? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "???????? %s: PKS ?????????????????????? ?????????? ????????????????????\n"
@@ -2062,6 +2070,11 @@ msgstr "???????? %s: \"%s\" %d ?????????????????? User ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "???????? %s: \"%s\" ???? ??????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "?????????????????? ???????? \"%s\" ???? ????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "???????????????????????????? ???????????????????? ?????????? ???? ??????????????????\n"
diff --git a/po/sk.po b/po/sk.po
index daa8d69..05178c9 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -2003,6 +2003,13 @@ msgid "key %s: no user ID\n"
msgstr "k??? %08lX: chyba identifik?tor u??vate?a\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "presko?en? `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "k??? %08lX: HKP po?kodenie podk???a opraven?\n"
@@ -2099,6 +2106,10 @@ msgstr "k
msgid "key %s: \"%s\" not changed\n"
msgstr "k??? %08lX: \"%s\" bez zmeny\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "tajn? k??? `%s' nebol n?jden?: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "zapisujem tajn? k??? do `%s'\n"
diff --git a/po/sv.po b/po/sv.po
index acd7ad8..c58173a 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -2017,6 +2017,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nyckel %s: ingen anv??ndaridentitet\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppade ??ver \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
# Undernyckeln ??r skadad p?? HKP-servern. Vanligt fel vid m??nga undernycklar.
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
@@ -2116,6 +2124,11 @@ msgstr "nyckel %s: \"%s\" %d anv??ndaridentiteter rensade\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nyckel %s: \"%s\" inte ??ndrad\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemliga nycklar till??ts inte\n"
diff --git a/po/tr.po b/po/tr.po
index cb9af54..6bec2c2 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -1950,6 +1950,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "anahtar %s: kullan??c?? kimli??i yok\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\" atland??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "anahtar %s: PKS yard??mc?? anahtar bozulmas?? giderildi\n"
@@ -2045,6 +2053,11 @@ msgstr "anahtar %s: \"%s\" %d yeni kullan??c?? kimli??i\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "anahtar %s: \"%s\" de??i??medi\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "gizli anahtar?? al??m??na izin verilmez\n"
diff --git a/po/uk.po b/po/uk.po
index 25ef39f..3916c26 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2004,6 +2004,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????? %s: ?????????? ?????????????????????????? ??????????????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "?????????????????? ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "???????? %s: ???????????????????? ?????????????????????? ?????????????? PKS\n"
@@ -2099,6 +2107,11 @@ msgstr "???????? %s: ??%s?? ???????????????????? %d ????????????????????????????
msgid "key %s: \"%s\" not changed\n"
msgstr "???????? %s: ??%s?? ???? ??????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "???????????????? ???????? ??%s?? ???? ????????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "???????????????????????? ???????????????? ???????????? ????????????????????\n"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index be8f292..08da3c1 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -1900,6 +1900,14 @@ msgstr "???????????????????????????????????????gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "?????? %s?????????????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "???%s???????????????%s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %s???PKS ?????????????????????\n"
@@ -1995,6 +2003,11 @@ msgstr "?????? %s??????%s???%d ????????????????????????\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %s??????%s????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "??????????????????%s??????%s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "?????????????????????\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 54a690a..7e5fa8f 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -1920,6 +1920,14 @@ msgstr "???????????????????????????????????????: gpg --edit-key %s updpref save\
msgid "key %s: no user ID\n"
msgstr "?????? %s: ??????????????? ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "????????? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %s: PKS ???????????????????????????\n"
@@ -2015,6 +2023,11 @@ msgstr "?????? %s: \"%s\" ????????? %d ???????????? ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %s: \"%s\" ?????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "??????????????? \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "?????????????????????\n"
commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d
Author: Werner Koch
Date: Mon Jun 23 16:09:34 2014 +0200
doc: Update from master.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 26179bd..8ea8199 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifset gpgtwoone
+ at item --quick-sign-key @code{fpr} [@code{names}]
+ at itemx --quick-lsign-key @code{name}
+ at opindex quick-sign-key
+ at opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+ at option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+ at end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
@@ -1177,7 +1195,7 @@ for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
-"full"),
+"full"), "%U" for a base32 encoded hash of the user ID,
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
@@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are:
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
- evidence that the user ID is bound to the key.
+ evidence that the user ID is bound to the key. Note that this
+ trust model still does not allow the use of expired, revoked, or
+ disabled keys.
@item auto
@opindex trust-mode:auto
@@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried:
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
+ @item clear
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
+
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
+ at end ifclear
@item ca-cert-file
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
+ at end ifclear
+
@end table
@item --completes-needed @code{n}
@@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
+
+ at ifclear gpgone
+ at item --agent-program @var{file}
+ at opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify a dirmngr program to be used for keyserver access. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+ at end ifset
+
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
+ at ifset gpgtwoone
+ at item --legacy-list-mode
+ at opindex legacy-list-mode
+Revert to the pre-2.1 public key list mode. This only affects the
+human readable output and not the machine interface
+(i.e. @code{--with-colons}). Note that the legacy format does not
+allow to convey suitable information for elliptic curves.
+ at end ifset
+
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
@@ -2062,6 +2127,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
@@ -2244,9 +2315,13 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
- at option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+ at ifclear gpgone
+--allow-weak-digest-algos
+ at end ifclear
+--cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
@item --pgp6
@opindex pgp6
@@ -2702,6 +2777,14 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at ifclear gpgone
+ at item --allow-weak-digest-algos
+ at opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+ at end ifclear
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
@@ -2963,18 +3046,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+ at ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+ at end ifset
+
+ @item ~/.gnupg/secring.gpg
+ at ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+ at end ifclear
+ at ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+ at end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -2985,6 +3083,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 5dc81bf..2ac4390 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2005, 2013 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
*/
/*
- This is a simple textinfo to man page converter. It needs some
+ This is a simple texinfo to man page converter. It needs some
special markup in th e texinfo and tries best to get a create man
page. It has been designed for the GnuPG man pages and thus only
a few texinfo commands are supported.
@@ -107,6 +107,9 @@
character. */
#define LINESIZE 1024
+/* Number of allowed condition nestings. */
+#define MAX_CONDITION_NESTING 10
+
/* Option flags. */
static int verbose;
static int quiet;
@@ -117,10 +120,6 @@ static const char *opt_select;
static const char *opt_include;
static int opt_store;
-/* The only define we understand is -D gpgone. Thus we need a simple
- boolean tro track it. */
-static int gpgone_defined;
-
/* Flag to keep track whether any error occurred. */
static int any_error;
@@ -129,7 +128,7 @@ static int any_error;
struct macro_s
{
struct macro_s *next;
- char *value; /* Malloced value. */
+ char *value; /* Malloced value. */
char name[1];
};
typedef struct macro_s *macro_t;
@@ -137,6 +136,24 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of global macro names. The value part is not used. */
+static macro_t predefinedmacrolist;
+
+/* Object to keep track of @isset and @ifclear. */
+struct condition_s
+{
+ int manverb; /* "manverb" needs special treatment. */
+ int isset; /* This is an @isset condition. */
+ char name[1]; /* Name of the condition macro. */
+};
+typedef struct condition_s *condition_t;
+
+/* The stack used to evaluate conditions. And the current states. */
+static condition_t condition_stack[MAX_CONDITION_NESTING];
+static int condition_stack_idx;
+static int cond_is_active; /* State of ifset/ifclear */
+static int cond_in_verbatim; /* State of "manverb". */
+
/* Object to store one line of content. */
struct line_buffer_s
@@ -313,7 +330,158 @@ isodatestring (void)
}
+/* Add NAME to the list of predefined macros which are global for all
+ files. */
+static void
+add_predefined_macro (const char *name)
+{
+ macro_t m;
+
+ for (m=predefinedmacrolist; m; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m)
+ {
+ m = xcalloc (1, sizeof *m + strlen (name));
+ strcpy (m->name, name);
+ m->next = predefinedmacrolist;
+ predefinedmacrolist = m;
+ }
+}
+
+
+/* Create or update a macro with name MACRONAME and set its values TO
+ MACROVALUE. Note that ownership of the macro value is transferred
+ to this function. */
+static void
+set_macro (const char *macroname, char *macrovalue)
+{
+ macro_t m;
+
+ for (m=macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+}
+
+
+/* Return true if the macro NAME is set, i.e. not the empty string and
+ not evaluating to 0. */
+static int
+macro_set_p (const char *name)
+{
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m || !m->value || !*m->value)
+ return 0;
+ if ((*m->value & 0x80) || !isdigit (*m->value))
+ return 1; /* Not a digit but some other string. */
+ return !!atoi (m->value);
+}
+
+
+/* Evaluate the current conditions. */
+static void
+evaluate_conditions (const char *fname, int lnr)
+{
+ int i;
+
+ /* for (i=0; i < condition_stack_idx; i++) */
+ /* inf ("%s:%d: stack[%d] %s %s %c", */
+ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
+ /* condition_stack[i]->name, */
+ /* (macro_set_p (condition_stack[i]->name) */
+ /* ^ !condition_stack[i]->isset)? 't':'f'); */
+
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
+ if (condition_stack_idx)
+ {
+ for (i=0; i < condition_stack_idx; i++)
+ {
+ if (condition_stack[i]->manverb)
+ cond_in_verbatim = (macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset);
+ else if (!(macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset))
+ {
+ cond_is_active = 0;
+ break;
+ }
+ }
+ }
+
+ /* inf ("%s:%d: active=%d verbatim=%d", */
+ /* fname, lnr, cond_is_active, cond_in_verbatim); */
+}
+
+
+/* Push a condition with condition macro NAME onto the stack. If
+ ISSET is true, a @isset condition is pushed. */
+static void
+push_condition (const char *name, int isset, const char *fname, int lnr)
+{
+ condition_t cond;
+ int manverb = 0;
+ if (condition_stack_idx >= MAX_CONDITION_NESTING)
+ {
+ err ("%s:%d: condition nested too deep", fname, lnr);
+ return;
+ }
+
+ if (!strcmp (name, "manverb"))
+ {
+ if (!isset)
+ {
+ err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr);
+ return;
+ }
+ manverb = 1;
+ }
+
+ cond = xcalloc (1, sizeof *cond + strlen (name));
+ cond->manverb = manverb;
+ cond->isset = isset;
+ strcpy (cond->name, name);
+
+ condition_stack[condition_stack_idx++] = cond;
+ evaluate_conditions (fname, lnr);
+}
+
+
+/* Remove the last condition from the stack. ISSET is used for error
+ reporting. */
+static void
+pop_condition (int isset, const char *fname, int lnr)
+{
+ if (!condition_stack_idx)
+ {
+ err ("%s:%d: unbalanced \"@end %s\"",
+ fname, lnr, isset?"isset":"isclear");
+ return;
+ }
+ condition_stack_idx--;
+ free (condition_stack[condition_stack_idx]);
+ condition_stack[condition_stack_idx] = NULL;
+ evaluate_conditions (fname, lnr);
+}
+
+
+
/* Return a section buffer for the section NAME. Allocate a new buffer
if this is a new section. Keep track of the sections in THEPAGE.
This function may reallocate the section array in THEPAGE. */
@@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int lnr = 0;
/* Fixme: The following state variables don't carry over to include
files. */
- int in_verbatim = 0;
int skip_to_end = 0; /* Used to skip over menu entries. */
int skip_sect_line = 0; /* Skip after @mansect. */
- int ifset_nesting = 0; /* How often a ifset has been seen. */
- int ifclear_nesting = 0; /* How often a ifclear has been seen. */
- int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
- int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
- int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
@@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
size_t n = strlen (line);
int got_line = 0;
- char *p;
+ char *p, *pend;
lnr++;
if (!n || line[n-1] != '\n')
@@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "macro", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- macro_t m;
-
if (macrovalueused)
macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
macrovalue[macrovalueused] = 0; /* Terminate macro. */
macrovalue = xrealloc (macrovalue, macrovalueused+1);
- for (m= macrolist; m; m = m->next)
- if (!strcmp (m->name, macroname))
- break;
- if (m)
- free (m->value);
- else
- {
- m = xcalloc (1, sizeof *m + strlen (macroname));
- strcpy (m->name, macroname);
- m->next = macrolist;
- macrolist = m;
- }
- m->value = macrovalue;
+ set_macro (macroname, macrovalue);
macrovalue = NULL;
free (macroname);
macroname = NULL;
@@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
if (n == 6 && !memcmp (line, "@ifset", 6)
&& (line[6]==' '||line[6]=='\t'))
{
- ifset_nesting++;
-
- if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ for (p=line+7; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_verbatim)
- err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
- else
- in_verbatim = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifset\"", fname, lnr);
+ continue;
}
- else if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 1, fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ for (p=line+9; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_gpgone)
- err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
- else
- in_gpgone = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr);
+ continue;
}
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 0, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifset", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- if (in_verbatim && ifset_nesting == in_verbatim)
- in_verbatim = 0;
- if (in_gpgone && ifset_nesting == in_gpgone)
- in_gpgone = 0;
-
- if (ifset_nesting)
- ifset_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
- continue;
- }
- else if (n == 8 && !memcmp (line, "@ifclear", 8)
- && (line[8]==' '||line[8]=='\t'))
- {
- ifclear_nesting++;
-
- if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
- {
- if (not_in_gpgone)
- err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
- else
- not_in_gpgone = ifclear_nesting;
- }
-
- else if (!strncmp (p, "isman", 5)
- && (p[5]==' '||p[5]=='\t'||!p[5]))
- {
- if (not_in_man)
- err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
- else
- not_in_man = ifclear_nesting;
- }
-
+ pop_condition (1, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifclear", 7)
&& (p[7]==' '||p[7]=='\t'||!p[7]))
{
- if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
- not_in_gpgone = 0;
- if (not_in_man && ifclear_nesting == not_in_man)
- not_in_man = 0;
-
- if (ifclear_nesting)
- ifclear_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ pop_condition (0, fname, lnr);
continue;
}
}
/* Take action on ifset/ifclear. */
- if ( (in_gpgone && !gpgone_defined)
- || (not_in_gpgone && gpgone_defined)
- || not_in_man)
+ if (!cond_is_active)
continue;
/* Process commands. */
@@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
skip_to_end = 0;
}
- else if (in_verbatim)
+ else if (cond_in_verbatim)
{
got_line = 1;
}
@@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
else if (!skip_to_end)
got_line = 1;
- if (got_line && in_verbatim)
+ if (got_line && cond_in_verbatim)
add_content (*section_name, line, 1);
else if (got_line && thepage.name && *section_name && !in_pause)
add_content (*section_name, line, 0);
@@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp)
{
char *section_name = NULL; /* Name of the current section or NULL
if not in a section. */
+ macro_t m;
+
while (macrolist)
{
macro_t next = macrolist->next;
@@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ for (m=predefinedmacrolist; m; m = m->next)
+ set_macro (m->name, xstrdup ("1"));
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
parse_file (fname, fp, §ion_name, 0);
free (section_name);
@@ -1223,6 +1344,12 @@ main (int argc, char **argv)
opt_source = "GNU";
opt_release = "";
+ /* Define default macros. The trick is that these macros are not
+ defined when using the actual texinfo renderer. */
+ add_predefined_macro ("isman");
+ add_predefined_macro ("manverb");
+
+ /* Option parsing. */
if (argc)
{
argc--; argv++;
@@ -1327,8 +1454,7 @@ main (int argc, char **argv)
argc--; argv++;
if (argc)
{
- if (!strcmp (*argv, "gpgone"))
- gpgone_defined = 1;
+ add_predefined_macro (*argv);
argc--; argv++;
}
}
commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
Author: Werner Koch
Date: Mon Jun 23 17:14:15 2014 +0200
Fix syntax error introduced with 60bd6488
* g10/apdu.c (pcsc_dword_t): Fix syntax error.
diff --git a/g10/apdu.c b/g10/apdu.c
index 6e7faf0..66cf30b 100644
--- a/g10/apdu.c
+++ b/g10/apdu.c
@@ -84,7 +84,7 @@
#endif
#if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__)
-typedef unsinged int pcsc_dword_t;
+typedef unsigned int pcsc_dword_t;
#else
typedef unsigned long pcsc_dword_t;
#endif
@@ -1290,7 +1290,7 @@ connect_pcsc_card (int slot)
{
char reader[250];
pcsc_dword_t readerlen, atrlen;
- long card_state, card_protocol;
+ pcsc_dword_t card_state, card_protocol;
atrlen = DIM (reader_table[0].atr);
readerlen = sizeof reader -1 ;
@@ -1300,7 +1300,8 @@ connect_pcsc_card (int slot)
reader_table[slot].atr, &atrlen);
if (err)
log_error ("pcsc_status failed: %s (0x%lx) %lu\n",
- pcsc_error_string (err), err, readerlen);
+ pcsc_error_string (err),
+ (unsigned long)err, (unsigned long)readerlen);
else
{
if (atrlen > DIM (reader_table[0].atr))
commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
Author: Stefan Tomanek
Date: Thu Jan 30 00:57:43 2014 +0100
Screen keyserver responses.
* g10/main.h: Typedef import_filter for filter callbacks.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek
Re-indention and minor changes by wk.
diff --git a/g10/import.c b/g10/import.c
index 441dcca..e40141e 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -59,14 +59,17 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options );
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk,
+ import_filter filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -163,7 +166,8 @@ import_release_stats_handle (void *p)
static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
- unsigned int options )
+ unsigned int options,
+ import_filter filter, void *filter_arg)
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
stats = import_new_stats_handle ();
if (inp) {
- rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
+ filter, filter_arg);
}
else {
int once = (!fnames && !nnames);
@@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else
{
- rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ rc = import (inp2, fname, stats, fpr, fpr_len, options,
+ NULL, NULL);
iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
@@ -223,19 +229,23 @@ void
import_keys( char **fnames, int nnames,
void *stats_handle, unsigned int options )
{
- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+ import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
+ options, NULL, NULL);
}
int
import_keys_stream( IOBUF inp, void *stats_handle,
- unsigned char **fpr, size_t *fpr_len,unsigned int options )
+ unsigned char **fpr, size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg )
{
- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+ return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
+ options, filter, filter_arg);
}
static int
import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options )
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg)
{
PACKET *pending_pkt = NULL;
KBNODE keyblock = NULL;
@@ -252,9 +262,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
- else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one( fname, keyblock, stats, options );
+ rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
+ filter, filter_arg);
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one (fname, keyblock, stats, options,
+ filter, filter_arg);
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -738,7 +750,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, import_filter filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -778,6 +790,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
return 0;
}
+ if (filter && filter (pk, NULL, filter_arg))
+ {
+ log_error (_("key %s: %s\n"), keystr_from_pk(pk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if (opt.interactive) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
@@ -1146,7 +1165,8 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
*/
static int
import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg)
{
PKT_secret_key *sk;
KBNODE node, uidnode;
@@ -1162,6 +1182,12 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+ if (filter && filter (NULL, sk, filter_arg)) {
+ log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if( opt.verbose )
{
log_info( "sec %4u%c/%s %s ",
@@ -1240,8 +1266,9 @@ import_secret_one( const char *fname, KBNODE keyblock,
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
if(pub_keyblock)
{
- import_one(fname,pub_keyblock,stats,
- NULL,NULL,opt.import_options,1);
+ import_one (fname, pub_keyblock, stats,
+ NULL, NULL, opt.import_options, 1,
+ NULL, NULL);
release_kbnode(pub_keyblock);
}
}
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 7bf9830..dca5e18 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -656,7 +656,7 @@ parse_keyrec(char *keystring)
case 'R':
work->flags|=1;
break;
-
+
case 'd':
case 'D':
work->flags|=2;
@@ -910,7 +910,7 @@ keyserver_search_prompt(IOBUF buffer,const char *searchstr)
/* Leave this commented out or now, and perhaps for a very long
time. All HKPish servers return HTML error messages for
no-key-found. */
- /*
+ /*
if(!started)
log_info(_("keyserver does not support searching\n"));
else
@@ -959,7 +959,52 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
-static int
+
+/* Check whether a key matches the search description. The filter
+ returns 0 if the key shall be imported. Note that this kind of
+ filter is not related to the iobuf filters. */
+static int
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+{
+ KEYDB_SEARCH_DESC *desc = arg;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+
+ /* Secret keys are not expected from a keyserver. Do not import. */
+ if (sk)
+ return G10ERR_GENERAL;
+
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+ if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+
+ return 0;
+}
+
+
+static int
keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
int count,int *prog,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver)
@@ -999,7 +1044,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
the program of this process lives. Fortunately Windows provides
a way to retrieve this and our get_libexecdir function has been
modified to return just this. Setting the exec-path is not
- anymore required.
+ anymore required.
set_exec_path(libexecdir);
*/
#else
@@ -1031,7 +1076,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
fetcher that can speak that protocol (this is a problem for
LDAP). */
- strcat(command,GPGKEYS_PREFIX);
+ strcat(command,GPGKEYS_PREFIX);
strcat(command,scheme);
/* This "_uri" thing is in case we need to call a direct handler
@@ -1061,7 +1106,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
{
command=xrealloc(command,strlen(command)+
strlen(KEYSERVER_ARGS_NOKEEP)+1);
- strcat(command,KEYSERVER_ARGS_NOKEEP);
+ strcat(command,KEYSERVER_ARGS_NOKEEP);
}
ret=exec_write(&spawn,NULL,command,NULL,0,0);
@@ -1509,8 +1554,9 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
but we better protect against rogue keyservers. */
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
- (opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_filter, desc);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
@@ -1541,7 +1587,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
return ret;
}
-static int
+static int
keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
int count,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver)
@@ -1611,7 +1657,7 @@ keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
#endif /* ! DISABLE_KEYSERVER_HELPERS*/
}
-int
+int
keyserver_export(STRLIST users)
{
STRLIST sl=NULL;
@@ -1643,7 +1689,7 @@ keyserver_export(STRLIST users)
return rc;
}
-int
+int
keyserver_import(STRLIST users)
{
KEYDB_SEARCH_DESC *desc;
@@ -1703,7 +1749,7 @@ keyserver_import_fprint(const byte *fprint,size_t fprint_len,
return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
}
-int
+int
keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
{
KEYDB_SEARCH_DESC desc;
@@ -1718,7 +1764,7 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
}
/* code mostly stolen from do_export_stream */
-static int
+static int
keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
{
int rc=0,ndesc,num=100;
@@ -1741,10 +1787,10 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
}
else
{
- for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
;
desc = xmalloc ( ndesc * sizeof *desc);
-
+
for (ndesc=0, sl=users; sl; sl = sl->next)
{
if(classify_user_id (sl->d, desc+ndesc))
@@ -1757,7 +1803,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
while (!(rc = keydb_search (kdbhd, desc, ndesc)))
{
- if (!users)
+ if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
/* read the keyblock */
@@ -1860,7 +1906,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
if(rc==-1)
rc=0;
-
+
leave:
if(rc)
xfree(*klist);
@@ -2043,7 +2089,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
rc=import_keys_stream (key, NULL, fpr, fpr_len,
(opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ | IMPORT_NO_SECKEY), NULL, NULL);
opt.no_armor=armor_status;
@@ -2182,7 +2228,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
snprintf(port,7,":%u",srvlist[i].port);
strcat(keyserver->host,port);
}
-
+
strcat(keyserver->host," ");
}
@@ -2198,7 +2244,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
strcat(keyserver->host,domain);
append_to_strlist(&list,name);
-
+
rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
free_strlist(list);
diff --git a/g10/main.h b/g10/main.h
index 784ade0..e4c4385 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -207,11 +207,15 @@ MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
MD_HANDLE md, int hash_algo );
/*-- import.c --*/
+
+typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg);
+
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
-int import_keys_stream( IOBUF inp,void *stats_hd,unsigned char **fpr,
- size_t *fpr_len,unsigned int options );
+int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr,
+ size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
commit 8eab483a1c4817a2946624c7305f464089d1875e
Author: Werner Koch
Date: Mon Jun 23 14:57:32 2014 +0200
Print hash algorithm in sig records
* g10/keylist.c (list_keyblock_colon): Print field 16.
--
We have this info already in gnupg-2 and it is easy to add it to 1.4.
Debian-bug-id: 672658
Patch written and tested by Daniel Leidert. See above.
diff --git a/g10/keylist.c b/g10/keylist.c
index 6618a7f..2728308 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1370,19 +1370,15 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string( stdout, p, n, ':' );
xfree(p);
}
- printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
+ printf(":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l');
if(opt.no_sig_cache && opt.check_sigs && fprokay)
{
- printf(":");
-
for (i=0; i < fplen ; i++ )
printf ("%02X", fparray[i] );
-
- printf(":");
}
- printf("\n");
+ printf(":::%d:\n", sig->digest_algo);
if(opt.show_subpackets)
print_subpackets_colon(sig);
commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
Author: Werner Koch
Date: Mon Jun 23 13:24:43 2014 +0200
Remove useless diagnostic in MDC verification.
* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
packet header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to understand.
diff --git a/g10/encr-data.c b/g10/encr-data.c
index 8d277ce..c65aa11 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -208,12 +208,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
cipher_decrypt ( dfx->cipher_hd, dfx->defer, dfx->defer, 22);
md_write ( dfx->mdc_hash, dfx->defer, 2);
md_final ( dfx->mdc_hash );
- if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) {
- log_error("mdc_packet with invalid encoding\n");
- rc = G10ERR_INVALID_PACKET;
- }
- else if ( datalen != 20
- || memcmp(md_read( dfx->mdc_hash, 0 ), dfx->defer+2, datalen) )
+ if ( dfx->defer[0] != '\xd3'
+ || dfx->defer[1] != '\x14'
+ || datalen != 20
+ || memcmp (md_read (dfx->mdc_hash, 0 ), dfx->defer+2, datalen))
rc = G10ERR_BAD_SIGN;
/*log_hexdump("MDC calculated:",md_read( dfx->mdc_hash, 0), datalen);*/
/*log_hexdump("MDC message :", dfx->defer, 20);*/
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 29 +++++-
NEWS | 20 +++-
README | 27 +++--
configure.ac | 2 +-
doc/gpg.texi | 123 ++++++++++++++++++++--
doc/yat2m.c | 310 ++++++++++++++++++++++++++++++++++++++-----------------
g10/apdu.c | 7 +-
g10/encr-data.c | 10 +-
g10/import.c | 61 ++++++++---
g10/keylist.c | 8 +-
g10/keyserver.c | 86 +++++++++++----
g10/main.h | 8 +-
po/be.po | 11 ++
po/ca.po | 11 ++
po/cs.po | 13 +++
po/da.po | 13 +++
po/de.po | 13 ++-
po/el.po | 11 ++
po/eo.po | 11 ++
po/es.po | 13 +++
po/et.po | 11 ++
po/fi.po | 11 ++
po/fr.po | 13 +++
po/gl.po | 11 ++
po/hu.po | 11 ++
po/id.po | 11 ++
po/it.po | 11 ++
po/ja.po | 13 +++
po/nb.po | 13 +++
po/nl.po | 13 +++
po/pl.po | 13 +++
po/pt.po | 11 ++
po/pt_BR.po | 11 ++
po/ro.po | 13 +++
po/ru.po | 13 +++
po/sk.po | 11 ++
po/sv.po | 13 +++
po/tr.po | 13 +++
po/uk.po | 13 +++
po/zh_CN.po | 13 +++
po/zh_TW.po | 13 +++
util/argparse.c | 2 +-
42 files changed, 864 insertions(+), 180 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 24 13:46:40 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 24 Jun 2014 13:46:40 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-17-g74c7ab5
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 74c7ab5fa636c7721dd7529d5bbfce70a47e5550 (commit)
via 6295b6675ebd3385c6d173690fdab6df6c31d3d8 (commit)
via dce1dad23dba1936e6b17bec548f4307e4f39cf1 (commit)
via 2c8e00137a340d04f0836f75e138dd85f8c9eff7 (commit)
via f4fcaa29367daacfe0ca209fa83dfa8640ace276 (commit)
via d6ca407a27877174c10adfae9dc601bea996cf27 (commit)
from 3f17b74aa57ac1ea2f3aa93dec4889778a21afeb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 74c7ab5fa636c7721dd7529d5bbfce70a47e5550
Author: Werner Koch
Date: Tue Jun 24 13:46:52 2014 +0200
doc: Add note regarding gpg-preset-passphrase and --max-cache-ttl.
--
GnuPG-bug-id: 1615
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index bfb1d93..c3dfd82 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -372,13 +372,16 @@ seconds. The default is 1800 seconds.
@opindex max-cache-ttl
Set the maximum time a cache entry is valid to @var{n} seconds. After
this time a cache entry will be expired even if it has been accessed
-recently. The default is 2 hours (7200 seconds).
+recently or has been set using @command{gpg-preset-passphrase}. The
+default is 2 hours (7200 seconds).
@item --max-cache-ttl-ssh @var{n}
@opindex max-cache-ttl-ssh
-Set the maximum time a cache entry used for SSH keys is valid to @var{n}
-seconds. After this time a cache entry will be expired even if it has
-been accessed recently. The default is 2 hours (7200 seconds).
+Set the maximum time a cache entry used for SSH keys is valid to
+ at var{n} seconds. After this time a cache entry will be expired even
+if it has been accessed recently or has been set using
+ at command{gpg-preset-passphrase}. The default is 2 hours (7200
+seconds).
@item --enforce-passphrase-constraints
@opindex enforce-passphrase-constraints
diff --git a/doc/tools.texi b/doc/tools.texi
index 32ab1e4..030f269 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at
machine startup.
Passphrases set with this utility don't expire unless the
- at option{--forget} option is used to explicitly clear them from the cache
---- or @command{gpg-agent} is either restarted or reloaded (by sending a
-SIGHUP to it). It is necessary to allow this passphrase presetting by
-starting @command{gpg-agent} with the
+ at option{--forget} option is used to explicitly clear them from the
+cache --- or @command{gpg-agent} is either restarted or reloaded (by
+sending a SIGHUP to it). Nite that the maximum cache time as set with
+ at option{--max-cache-ttl} is still honored. It is necessary to allow
+this passphrase presetting by starting @command{gpg-agent} with the
@option{--allow-preset-passphrase}.
@menu
commit 6295b6675ebd3385c6d173690fdab6df6c31d3d8
Author: Werner Koch
Date: Tue Jun 24 12:21:54 2014 +0200
doc: Improve the description of gpg's --export commands.
--
GnuPG-bug-id: 1655
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 101f51e..9a6782a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given,
-those of the given name. The new keyring is written to STDOUT or to the
-file given with option @option{--output}. Use together with
+those of the given name. The exported keys are written to STDOUT or to the
+file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys @code{key IDs}
@@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
-Same as @option{--export}, but exports the secret keys instead. This is
-normally not very useful and a security risk. The second form of the
-command has the special property to render the secret part of the
-primary key useless; this is a GNU extension to OpenPGP and other
-implementations can not be expected to successfully import such a key.
+Same as @option{--export}, but exports the secret keys instead. The
+exported keys are written to STDOUT or to the file given with option
+ at option{--output}. This command is often used along with the option
+ at option{--armor} to allow easy printing of the key for paper backup;
+however the external tool @command{paperkey} does a better job for
+creating backups on paper. Note that exporting a secret key can be a
+security risk if the exported keys are send over an insecure channel.
+
+The second form of the command has the special property to render the
+secret part of the primary key useless; this is a GNU extension to
+OpenPGP and other implementations can not be expected to successfully
+import such a key. Its intended use is to generated a full key with
+an additional signing subkey on a dedicated machine and then using
+this command to export the key without the primary key to the main
+machine.
+
+ at ifset gpgtwoone
+GnuPG may ask you to enter the passphrase for the key. This is
+required because the internal protection method of the secret key is
+different from the one specified by the OpenPGP protocol.
+ at end ifset
@ifclear gpgtwoone
-See the option @option{--simple-sk-checksum} if you want to import such
-an exported key with an older OpenPGP implementation.
+See the option @option{--simple-sk-checksum} if you want to import an
+exported secret key into ancient OpenPGP implementations.
@end ifclear
@item --import
commit dce1dad23dba1936e6b17bec548f4307e4f39cf1
Author: Werner Koch
Date: Tue Jun 24 11:47:51 2014 +0200
Register DCO for Stefan Tomanek.
--
diff --git a/AUTHORS b/AUTHORS
index f64d17f..8358faf 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -171,6 +171,9 @@ Jonas Borgstr?m
Kyle Butt
2013-05-29:CAAODAYLbCtqOG6msLLL0UTdASKWT6u2ptxsgUQ1JpusBESBoNQ at mail.gmail.com:
+Stefan Tomanek
+2014-01-30:20140129234449.GY30808 at zirkel.wertarbyte.de:
+
Werner Koch
2013-03-29:87620ahchj.fsf at vigenere.g10code.de:
commit 2c8e00137a340d04f0836f75e138dd85f8c9eff7
Author: Werner Koch
Date: Mon Jun 23 16:09:34 2014 +0200
doc: Add conditionals for GnuPG-1
diff --git a/doc/gpg.texi b/doc/gpg.texi
index c8fae3a..101f51e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2316,9 +2316,11 @@ available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --escape-from-lines --force-v3-sigs
---allow-weak-digest-algos --cipher-algo IDEA --digest-algo
-MD5--compress-algo ZIP}. It also disables @option{--textmode} when
-encrypting.
+ at ifclear gpgone
+--allow-weak-digest-algos
+ at end ifclear
+--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+It also disables @option{--textmode} when encrypting.
@item --pgp6
@opindex pgp6
@@ -2774,12 +2776,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at ifclear gpgone
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
Signatures made with the broken MD5 algorithm are normally rejected
with an ``invalid digest algorithm'' message. This option allows the
verification of signatures made with such weak algorithms.
-
+ at end ifclear
@item --no-default-keyring
@opindex no-default-keyring
commit f4fcaa29367daacfe0ca209fa83dfa8640ace276
Author: Werner Koch
Date: Fri Jun 20 14:54:01 2014 +0200
gpg: Make export of ECC keys work again.
* agent/cvt-openpgp.c (convert_to_openpgp): Use the curve name instead
of the curve parameters.
* g10/export.c (canon_pubkey_algo): Rename to ...
(canon_pk_algo): this. Support ECC.
(transfer_format_to_openpgp): Expect curve name.
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 7f4afd4..1b4c9d5 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -1142,6 +1142,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
const char *algoname;
int npkey, nskey;
gcry_mpi_t array[10];
+ gcry_sexp_t curve = NULL;
char protect_iv[16];
char salt[8];
unsigned long s2k_count;
@@ -1200,13 +1201,26 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
}
else if (!strcmp (name, "ecc"))
{
- /* FIXME: We need to use the curve parameter. */
+ gcry_buffer_t iob;
+ char iobbuf[32];
+
algoname = "ecc"; /* Decide later by checking the usage. */
- npkey = 6;
- nskey = 7;
- err = gcry_sexp_extract_param (list, NULL, "pabgnqd",
- array+0, array+1, array+2, array+3,
- array+4, array+5, array+6, NULL);
+ npkey = 1;
+ nskey = 2;
+ iob.data = iobbuf;
+ iob.size = sizeof iobbuf - 1;
+ iob.off = 0;
+ iob.len = 0;
+ err = gcry_sexp_extract_param (list, NULL, "&'curve'/qd",
+ &iob, array+0, array+1, NULL);
+ if (!err)
+ {
+ assert (iob.len < sizeof iobbuf -1);
+ iobbuf[iob.len] = 0;
+ err = gcry_sexp_build (&curve, NULL, "(curve %s)", iobbuf);
+
+ gcry_log_debugsxp ("at 1", curve);
+ }
}
else if (!strcmp (name, "ecdsa"))
{
@@ -1231,9 +1245,12 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
err = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
xfree (name);
- gcry_sexp_release (list);
+ gcry_sexp_release (list); list = NULL;
if (err)
- return err;
+ {
+ gcry_sexp_release (curve);
+ return err;
+ }
gcry_create_nonce (protect_iv, sizeof protect_iv);
gcry_create_nonce (salt, sizeof salt);
@@ -1282,9 +1299,10 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
"(openpgp-private-key\n"
" (version 1:4)\n"
" (algo %s)\n"
- " %S\n"
+ " %S%S\n"
" (protection sha1 aes %b 1:3 sha1 %b %s))\n",
algoname,
+ curve,
tmpkey,
(int)sizeof protect_iv, protect_iv,
(int)sizeof salt, salt,
@@ -1297,6 +1315,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
for (i=0; i < DIM (array); i++)
gcry_mpi_release (array[i]);
+ gcry_sexp_release (curve);
return err;
}
diff --git a/g10/export.c b/g10/export.c
index 9aa012e..acf38a7 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -1,6 +1,7 @@
/* export.c - Export keys in the OpenPGP defined format.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
@@ -338,8 +339,8 @@ exact_subkey_match_p (KEYDB_SEARCH_DESC *desc, KBNODE node)
/* Return a canonicalized public key algoithms. This is used to
compare different flavors of algorithms (e.g. ELG and ELG_E are
considered the same). */
-static int
-canon_pubkey_algo (int algo)
+static enum gcry_pk_algos
+canon_pk_algo (enum gcry_pk_algos algo)
{
switch (algo)
{
@@ -348,6 +349,9 @@ canon_pubkey_algo (int algo)
case GCRY_PK_RSA_S: return GCRY_PK_RSA;
case GCRY_PK_ELG:
case GCRY_PK_ELG_E: return GCRY_PK_ELG;
+ case GCRY_PK_ECC:
+ case GCRY_PK_ECDSA:
+ case GCRY_PK_ECDH: return GCRY_PK_ECC;
default: return algo;
}
}
@@ -362,12 +366,13 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
gpg_error_t err;
gcry_sexp_t top_list;
gcry_sexp_t list = NULL;
+ char *curve = NULL;
const char *value;
size_t valuelen;
char *string;
int idx;
int is_v4, is_protected;
- int pubkey_algo;
+ enum gcry_pk_algos pk_algo;
int protect_algo = 0;
char iv[16];
int ivlen = 0;
@@ -375,11 +380,13 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
int s2k_algo = 0;
byte s2k_salt[8];
u32 s2k_count = 0;
+ int is_ecdh = 0;
size_t npkey, nskey;
gcry_mpi_t skey[10]; /* We support up to 9 parameters. */
int skeyidx = 0;
struct seckey_info *ski;
+ /* gcry_log_debugsxp ("transferkey", s_pgp); */
top_list = gcry_sexp_find_token (s_pgp, "openpgp-private-key", 0);
if (!top_list)
goto bad_seckey;
@@ -445,6 +452,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
xfree (string);
}
+ /* Parse the gcrypt PK algo and check that it is okay. */
gcry_sexp_release (list);
list = gcry_sexp_find_token (top_list, "algo", 0);
if (!list)
@@ -452,15 +460,52 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
string = gcry_sexp_nth_string (list, 1);
if (!string)
goto bad_seckey;
- pubkey_algo = gcry_pk_map_name (string);
- xfree (string);
-
- if (gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
- || gcry_pk_algo_info (pubkey_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
+ pk_algo = gcry_pk_map_name (string);
+ xfree (string); string = NULL;
+ if (gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &npkey)
+ || gcry_pk_algo_info (pk_algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &nskey)
|| !npkey || npkey >= nskey || nskey > PUBKEY_MAX_NSKEY)
goto bad_seckey;
- pubkey_algo = map_pk_gcry_to_openpgp (pubkey_algo);
+ /* Check that the pubkey algo matches the one from the public key. */
+ switch (canon_pk_algo (pk_algo))
+ {
+ case GCRY_PK_RSA:
+ if (!is_RSA (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_DSA:
+ if (!is_DSA (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_ELG:
+ if (!is_ELGAMAL (pk->pubkey_algo))
+ pk_algo = 0; /* Does not match. */
+ break;
+ case GCRY_PK_ECC:
+ if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA)
+ ;
+ else if (pk->pubkey_algo == PUBKEY_ALGO_ECDH)
+ is_ecdh = 1;
+ else if (pk->pubkey_algo == PUBKEY_ALGO_EDDSA)
+ ;
+ else
+ pk_algo = 0; /* Does not match. */
+ /* For ECC we do not have the domain parameters thus fix our info. */
+ npkey = 1;
+ nskey = 2;
+ break;
+ default:
+ pk_algo = 0; /* Oops. */
+ break;
+ }
+ if (!pk_algo)
+ {
+ err = gpg_error (GPG_ERR_PUBKEY_ALGO);
+ goto leave;
+ }
+
+ /* Parse the key parameters. */
gcry_sexp_release (list);
list = gcry_sexp_find_token (top_list, "skey", 0);
if (!list)
@@ -509,7 +554,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
gcry_sexp_release (list); list = NULL;
- /* We have no need for the CSUM valuel thus we don't parse it. */
+ /* We have no need for the CSUM value thus we don't parse it. */
/* list = gcry_sexp_find_token (top_list, "csum", 0); */
/* if (list) */
/* { */
@@ -523,6 +568,14 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
/* desired_csum = 0; */
/* gcry_sexp_release (list); list = NULL; */
+ /* Get the curve name if any, */
+ list = gcry_sexp_find_token (top_list, "curve", 0);
+ if (list)
+ {
+ curve = gcry_sexp_nth_string (list, 1);
+ gcry_sexp_release (list); list = NULL;
+ }
+
gcry_sexp_release (top_list); top_list = NULL;
/* log_debug ("XXX is_v4=%d\n", is_v4); */
@@ -559,57 +612,49 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
}
/* We need to change the received parameters for ECC algorithms.
- The transfer format has all parameters but OpenPGP defines that
- only the OID of the curve is to be used. */
- if (pubkey_algo == PUBKEY_ALGO_ECDSA
- || pubkey_algo == PUBKEY_ALGO_EDDSA
- || pubkey_algo == PUBKEY_ALGO_ECDH)
+ The transfer format has the curve name and the parameters
+ separate. We put them all into the SKEY array. */
+ if (canon_pk_algo (pk_algo) == GCRY_PK_ECC)
{
- gcry_sexp_t s_pubkey;
- const char *curvename, *curveoidstr;
- gcry_mpi_t mpi;
-
- /* We build an S-expression with the public key parameters and
- ask Libgcrypt to return the matching curve name. */
- if (npkey != 6 || !skey[0] || !skey[1] || !skey[2]
- || !skey[3] || !skey[4] || !skey[5]
- || !skey[6] || skey[7])
+ const char *oidstr;
+
+ /* Assert that all required parameters are available. We also
+ check that the array does not contain more parameters than
+ needed (this was used by some beta versions of 2.1. */
+ if (!curve || !skey[0] || !skey[1] || skey[2])
{
err = gpg_error (GPG_ERR_INTERNAL);
goto leave;
}
- err = gcry_sexp_build (&s_pubkey, NULL,
- "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))",
- skey[0], skey[1], skey[2], skey[3], skey[4]);
- if (err)
- goto leave;
- curvename = gcry_pk_get_curve (s_pubkey, 0, NULL);
- gcry_sexp_release (s_pubkey);
- curveoidstr = openpgp_curve_to_oid (curvename, NULL);
- if (!curveoidstr)
+
+ oidstr = openpgp_curve_to_oid (curve, NULL);
+ if (!oidstr)
{
- log_error ("no OID known for curve '%s'\n", curvename);
- err = gpg_error (GPG_ERR_UNKNOWN_NAME);
+ log_error ("no OID known for curve '%s'\n", curve);
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
goto leave;
}
- err = openpgp_oid_from_str (curveoidstr, &mpi);
+ /* Put the curve's OID into into the MPI array. This requires
+ that we shift Q and D. For ECDH also insert the KDF parms. */
+ if (is_ecdh)
+ {
+ skey[4] = NULL;
+ skey[3] = skey[1];
+ skey[2] = gcry_mpi_copy (pk->pkey[2]);
+ }
+ else
+ {
+ skey[3] = NULL;
+ skey[2] = skey[1];
+ }
+ skey[1] = skey[0];
+ skey[0] = NULL;
+ err = openpgp_oid_from_str (oidstr, skey + 0);
if (err)
goto leave;
-
- /* Now replace the curve parameters by the OID and shift the
- rest of the parameters. */
- gcry_mpi_release (skey[0]);
- skey[0] = mpi;
- for (idx=1; idx <= 4; idx++)
- gcry_mpi_release (skey[idx]);
- skey[1] = skey[5];
- skey[2] = skey[6];
- for (idx=3; idx <= 6; idx++)
- skey[idx] = NULL;
-
/* Fixup the NPKEY and NSKEY to match OpenPGP reality. */
- npkey = 2;
- nskey = 3;
+ npkey = 2 + is_ecdh;
+ nskey = 3 + is_ecdh;
/* for (idx=0; skey[idx]; idx++) */
/* { */
@@ -634,11 +679,6 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
err = gpg_error (GPG_ERR_INV_DATA);
goto leave;
}
- if (canon_pubkey_algo (pubkey_algo) != canon_pubkey_algo (pk->pubkey_algo))
- {
- err = gpg_error (GPG_ERR_PUBKEY_ALGO);
- goto leave;
- }
err = openpgp_cipher_test_algo (protect_algo);
if (err)
goto leave;
@@ -695,6 +735,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk)
/* That's it. */
leave:
+ gcry_free (curve);
gcry_sexp_release (list);
gcry_sexp_release (top_list);
for (idx=0; idx < skeyidx; idx++)
commit d6ca407a27877174c10adfae9dc601bea996cf27
Author: Werner Koch
Date: Fri Jun 20 10:39:26 2014 +0200
gpg: Avoid infinite loop in uncompressing garbled packets.
* g10/compress.c (do_uncompress): Limit the number of extra FF bytes.
--
A packet like (a3 01 5b ff) leads to an infinite loop. Using
--max-output won't help if it is a partial packet. This patch
actually fixes a regression introduced on 1999-05-31 (c34c6769).
Actually it would be sufficient to stuff just one extra 0xff byte.
Given that this problem popped up only after 15 years, I feel safer to
allow for a very few FF bytes.
Thanks to Olivier Levillain and Florian Maury for their detailed
report.
diff --git a/g10/compress.c b/g10/compress.c
index 6e412e9..0a6e09d 100644
--- a/g10/compress.c
+++ b/g10/compress.c
@@ -164,7 +164,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
IOBUF a, size_t *ret_len )
{
int zrc;
- int rc=0;
+ int rc = 0;
+ int leave = 0;
size_t n;
int nread, count;
int refill = !zs->avail_in;
@@ -182,13 +183,14 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
nread = iobuf_read( a, zfx->inbuf + n, count );
if( nread == -1 ) nread = 0;
n += nread;
- /* If we use the undocumented feature to suppress
- * the zlib header, we have to give inflate an
- * extra dummy byte to read */
- if( nread < count && zfx->algo == 1 ) {
- *(zfx->inbuf + n) = 0xFF; /* is it really needed ? */
- zfx->algo1hack = 1;
+ /* Algo 1 has no zlib header which requires us to to give
+ * inflate an extra dummy byte to read. To be on the safe
+ * side we allow for up to 4 ff bytes. */
+ if( nread < count && zfx->algo == 1 && zfx->algo1hack < 4) {
+ *(zfx->inbuf + n) = 0xFF;
+ zfx->algo1hack++;
n++;
+ leave = 1;
}
zs->avail_in = n;
}
@@ -208,7 +210,8 @@ do_uncompress( compress_filter_context_t *zfx, z_stream *zs,
else
log_fatal("zlib inflate problem: rc=%d\n", zrc );
}
- } while( zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR );
+ } while (zs->avail_out && zrc != Z_STREAM_END && zrc != Z_BUF_ERROR
+ && !leave);
*ret_len = zfx->outbufsize - zs->avail_out;
if( DBG_FILTER )
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +
agent/cvt-openpgp.c | 37 ++++++++++---
doc/gpg-agent.texi | 11 ++--
doc/gpg.texi | 45 ++++++++++-----
doc/tools.texi | 9 +--
g10/compress.c | 19 ++++---
g10/export.c | 151 ++++++++++++++++++++++++++++++++-------------------
7 files changed, 182 insertions(+), 93 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jun 24 15:40:57 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 24 Jun 2014 15:40:57 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.23-19-g6aa0464
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit)
via 41dcd32218b9baf0c417090e6968dd2d250e751b (commit)
via 3b90ddde251b94a9d55e43d96fe4ccf340aa8620 (commit)
via 1242a72923db810f7e5fd36269c72b14cb19f60f (commit)
via 017c6f8fba9ae141a46084d6961ba60c4230f97a (commit)
via 8e39fe810d951c2fef4c22246440a5944a89a18c (commit)
via fb274a3cf3295dbd509494338bd6a16c8069176a (commit)
via a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c (commit)
via aacb43a730a6f52c1ac91131afed73ae6ef25416 (commit)
via 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8 (commit)
via 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4 (commit)
via 9607bc0b9fce1f7853eee6591b44e35deed4a66c (commit)
via 5e933008beffbeae7255ece02383606481f9c169 (commit)
via e790671cb3a35f3042558224e915b6f74ebc2251 (commit)
from ceef5568d53b286efe639c6fd1d37f154be133ef (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e
Author: Werner Koch
Date: Tue Jun 24 15:43:46 2014 +0200
Post release updates
--
diff --git a/NEWS b/NEWS
index 5e2de7f..3800c35 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 2.0.25 (unreleased)
+-------------------------------------------------
+
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 4ea6606..2c92c31 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.0.24])
+m4_define([mym4_version], [2.0.25])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
diff --git a/doc/Makefile.am b/doc/Makefile.am
index a1ca4ba..376a8f3 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -140,8 +140,8 @@ online: gnupg.html gnupg.pdf
if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@{webhost}:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \
fi ; \
cd gnupg.html ; \
- rsync -vr --exclude='.svn' . \
- $${user}@{webhost}:webspace/manuals/gnupg$${dashdevel}/
+ rsync -vr --exclude='.git' . \
+ $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/
commit 41dcd32218b9baf0c417090e6968dd2d250e751b
Author: Werner Koch
Date: Tue Jun 24 15:11:12 2014 +0200
Release 2.0.24
diff --git a/NEWS b/NEWS
index aed90e6..5e2de7f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,20 @@
-Noteworthy changes in version 2.0.24 (unreleased)
+Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
+ * gpg: Avoid DoS due to garbled compressed data packets.
+
+ * gpg: Screen keyserver responses to avoid importing unwanted keys
+ from rogue servers.
+
+ * gpg: The validity of user ids is now shown by default. To revert
+ this add "list-options no-show-uid-validity" to gpg.conf.
+
+ * gpg: Print more specific reason codes with the INV_RECP status.
+
+ * gpg: Allow loading of a cert only key to an OpenPGP card.
+
+ * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
+
Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a6782a..d66259e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2330,12 +2330,17 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline.
-This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs
+This option implies
+ at ifset gpgone
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+--escape-from-lines --force-v3-sigs
+--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifset
@ifclear gpgone
---allow-weak-digest-algos
- at end ifclear
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+--escape-from-lines --force-v3-sigs --allow-weak-digest-algos
--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifclear
It also disables @option{--textmode} when encrypting.
@item --pgp6
commit 3b90ddde251b94a9d55e43d96fe4ccf340aa8620
Author: Werner Koch
Date: Tue Jun 24 15:10:54 2014 +0200
po: Auto-update
--
diff --git a/po/be.po b/po/be.po
index b6b973c..2a110d4 100644
--- a/po/be.po
+++ b/po/be.po
@@ -2281,6 +2281,13 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????????????? ?????????? ???????????? ?? ID ????????????????????????????"
+#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "?????????????????? ???????? ???? ??????????????????"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr ""
@@ -2376,6 +2383,10 @@ msgstr "???????????????? ?????????? ???????????? ?? ????????????????"
msgid "key %s: \"%s\" not changed\n"
msgstr ""
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?????????????????? ???????? ???? ??????????????????"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "???????????????? ???????? ????????????????????"
diff --git a/po/ca.po b/po/ca.po
index 06fb419..73306c7 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -2445,6 +2445,13 @@ msgid "key %s: no user ID\n"
msgstr "clau %08lX: sense ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "es descarta ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clau %08lX: corrupci?? de la subclau HKP reparada\n"
@@ -2539,6 +2546,10 @@ msgstr "clau %08lX: ??%s?? %d ID d'usuari nous\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clau %08lX: ??%s?? no ha estat modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "no s'ha trobat la clau secreta ??%s??: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "s'est?? escrivint la clau secreta a ??%s??\n"
diff --git a/po/cs.po b/po/cs.po
index bdda65d..5e06ac7 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -2295,6 +2295,14 @@ msgstr "nelze aktualizovat p??edvolby s: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "kl???? %s: chyb?? identifik??tor u??ivatele\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "p??esko??en ???%s???: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kl???? %s: PKS po??kozen?? podkl????e opraveno\n"
@@ -2392,6 +2400,11 @@ msgstr "kl???? %s: ???%s??? %d ID u??ivatele odstran??no\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "kl???? %s: ???%s??? beze zm??n\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "tajn?? kl???? ???%s??? nenalezen: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import tajn??ch kl?????? nen?? povolen\n"
diff --git a/po/da.po b/po/da.po
index add5085..cb70c36 100644
--- a/po/da.po
+++ b/po/da.po
@@ -2270,6 +2270,14 @@ msgstr "du kan opdatere dine pr??ferencer med: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "n??gle %s: ingen bruger-id\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "udelod ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "n??gle %s: korruption af PKS-undern??gle er repareret!\n"
@@ -2365,6 +2373,11 @@ msgstr "n??gle %s: ??%s?? %d bruger-id'er renset\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "n??gle %s: ??%s?? ikke ??ndret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig n??gle ??%s?? blev ikke fundet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import af hemmelige n??gler er ikke tilladt\n"
diff --git a/po/el.po b/po/el.po
index 5a599ef..54ccde4 100644
--- a/po/el.po
+++ b/po/el.po
@@ -2380,6 +2380,13 @@ msgid "key %s: no user ID\n"
msgstr "?????? %08lX: ??? ??????? ???? ?? user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "???????????? `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %08lX: ??????????? ????????? ??????????? HKP\n"
@@ -2474,6 +2481,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %08lX: \"%s\" ??????????\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?? ??????? ?????? `%s' ?? ???????: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "??????? ??? ???????? ???????? ??? `%s'\n"
diff --git a/po/eo.po b/po/eo.po
index 9ef9625..639c60a 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -2363,6 +2363,13 @@ msgid "key %s: no user ID\n"
msgstr "?losilo %08lX: mankas uzantidentigilo\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignoris '%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?losilo %08lX: mankas sub?losilo por ?losilbindado\n"
@@ -2457,6 +2464,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "?losilo %08lX: ne ?an?ita\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "?losilo '%s' ne trovita: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "skribas sekretan ?losilon al '%s'\n"
diff --git a/po/es.po b/po/es.po
index 4457467..e45399a 100644
--- a/po/es.po
+++ b/po/es.po
@@ -2312,6 +2312,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clave %s: sin identificador de usuario\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "omitido \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clave %s: reparada la subclave PKS corrompida\n"
@@ -2407,6 +2415,11 @@ msgstr "clave %s: \"%s\" %d identificadores de usuario limpiados\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clave %s: \"%s\" sin cambios\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "no se permite importar claves secretas\n"
diff --git a/po/et.po b/po/et.po
index 9613faf..2cb42a1 100644
--- a/po/et.po
+++ b/po/et.po
@@ -2358,6 +2358,13 @@ msgid "key %s: no user ID\n"
msgstr "v?ti %08lX: kasutaja ID puudub\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "`%s' j?tsin vahele: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "v?ti %08lX: HKP alamv?tme rike parandatud\n"
@@ -2453,6 +2460,10 @@ msgstr "v
msgid "key %s: \"%s\" not changed\n"
msgstr "v?ti %08lX: \"%s\" ei muudetud\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salajast v?tit `%s' ei leitud: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjutan salajase v?tme faili `%s'\n"
diff --git a/po/fi.po b/po/fi.po
index 19fe78c..39d22a7 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -2379,6 +2379,13 @@ msgid "key %s: no user ID\n"
msgstr "avain %08lX: ei k??ytt??j??tunnusta\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
@@ -2474,6 +2481,10 @@ msgstr "avain %08lX: \"%s\" %d uutta k??ytt??j??tunnusta\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "avain %08lX: \"%s\" ei muutoksia\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salaista avainta \"%s\" ei l??ydy: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
diff --git a/po/fr.po b/po/fr.po
index dd6c7bd..303d677 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2333,6 +2333,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clef %s??: pas d'identit??\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "????%s???? a ??t?? ignor??e??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clef %s??: corruption de sous-clef PKS r??par??e\n"
@@ -2428,6 +2436,11 @@ msgstr "clef %s??: ????%s???? %d??identit??s nettoy??es\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clef %s??: ????%s???? n'est pas modifi??e\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clef secr??te ????%s???? introuvable??: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "impossible d'importer des clefs secr??tes\n"
diff --git a/po/gl.po b/po/gl.po
index 0df3729..d6c493b 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -2373,6 +2373,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: non hai ID de usuario\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "om?tese `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: arranxouse a corrupci?n da sub-chave HKP\n"
@@ -2471,6 +2478,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" sen cambios\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "gravando a chave secreta en `%s'\n"
diff --git a/po/hu.po b/po/hu.po
index 63ae157..af03be2 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -2356,6 +2356,13 @@ msgid "key %s: no user ID\n"
msgstr "%08lX kulcs: Nincs felhaszn?l?i azonos?t?.\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "%08lX kulcs: HKP alkulcss?r?l?s kijav?tva.\n"
@@ -2450,6 +2457,10 @@ msgstr "%08lX kulcs: \"%s\" %d
msgid "key %s: \"%s\" not changed\n"
msgstr "%08lX kulcs: \"%s\" nem v?ltozott.\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "\"%s\" titkos kulcs nem tal?lhat?: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "?rom a titkos kulcsot a %s ?llom?nyba.\n"
diff --git a/po/id.po b/po/id.po
index 5aadeeb..b499b8c 100644
--- a/po/id.po
+++ b/po/id.po
@@ -2369,6 +2369,13 @@ msgid "key %s: no user ID\n"
msgstr "kunci %08lX: tidak ada ID user\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "melewati `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
@@ -2463,6 +2470,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "kunci %08lX: \"%s\" tidak berubah\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "menulis kunci rahasia ke `%s'\n"
diff --git a/po/it.po b/po/it.po
index 8014132..a89e1c3 100644
--- a/po/it.po
+++ b/po/it.po
@@ -2370,6 +2370,13 @@ msgid "key %s: no user ID\n"
msgstr "chiave %08lX: nessun user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "saltata `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n"
@@ -2464,6 +2471,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chiave %08lX: \"%s\" non cambiata\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "scrittura della chiave segreta in `%s'\n"
diff --git a/po/ja.po b/po/ja.po
index c479e89..24123fd 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -2234,6 +2234,14 @@ msgstr "?????????????????????????????????????????????: gpg --edit-key %s updpref
msgid "key %s: no user ID\n"
msgstr "???%s: ?????????ID??????????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\"???????????????????????????: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "???%s: PKS????????????????????????\n"
@@ -2329,6 +2337,11 @@ msgstr "???%s: \"%s\" %d???????????????ID???????????????????????????\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "???%s:\"%s\"????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "?????????\"%s\"????????????????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "??????????????????????????????????????????\n"
diff --git a/po/nb.po b/po/nb.po
index 8938541..56814fa 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -2302,6 +2302,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "n?kkel %s: ingen brukerid\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppet over ?%s?: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "n?kkel %s: PKS-undern?kkel reparert\n"
@@ -2397,6 +2405,11 @@ msgstr "n
msgid "key %s: \"%s\" not changed\n"
msgstr "n?kkel %s: ?%s? ikke endret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig n?kkel ?%s? ble ikke funnet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemmelig n?kkel er ikke tillatt\n"
diff --git a/po/pl.po b/po/pl.po
index c38f573..0cd137d 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -2278,6 +2278,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "klucz %s: brak identyfikatora u?ytkownika\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pomini?ty ,,%s'': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klucz %s: podklucz uszkodzony przez serwer zosta? naprawiony\n"
@@ -2373,6 +2381,11 @@ msgstr "klucz %s: ,,%s'' %d identyfikator
msgid "key %s: \"%s\" not changed\n"
msgstr "klucz %s: ,,%s'' bez zmian\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta? odnaleziony: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
diff --git a/po/pt.po b/po/pt.po
index 54651b3..875f9f0 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -2365,6 +2365,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de utilizador\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
@@ -2459,6 +2466,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" n?o modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chave `%s' n?o encontrada: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "a escrever chave privada para `%s'\n"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index f4f1b85..27812d9 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -2390,6 +2390,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de usu?rio\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: sem subchave para liga??o de chaves\n"
@@ -2484,6 +2491,10 @@ msgstr "chave %08lX: %d novos IDs de usu
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: n?o modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "usu?rio `%s' n?o encontrado: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "escrevendo certificado privado para `%s'\n"
diff --git a/po/ro.po b/po/ro.po
index 8128c50..92353e4 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -2355,6 +2355,14 @@ msgstr "v
msgid "key %s: no user ID\n"
msgstr "cheia %s: nici un ID utilizator\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "s?rit? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "cheia %s: subcheia HPK corupt? a fost reparat?\n"
@@ -2450,6 +2458,11 @@ msgstr "cheia %s: \"%s\" %d noi ID-uri utilizator\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "cheia %s: \"%s\" nu a fost schimbat?\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "cheia secret? \"%s\" nu a fost g?sit?: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importul de chei secrete nu este permis\n"
diff --git a/po/ru.po b/po/ru.po
index 5e4de97..6ccd36e 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -2283,6 +2283,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????? %s: ???? ?????????? User ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "?????????????????? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "???????? %s: PKS ?????????????????????? ???????????????? ????????????????????\n"
@@ -2378,6 +2386,11 @@ msgstr "???????? %s: \"%s\" %d ?????????????????? User ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "???????? %s: \"%s\" ???? ??????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "?????????????????? ???????? \"%s\" ???? ????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "???????????????????????????? ???????????????????? ?????????? ???? ??????????????????\n"
diff --git a/po/sk.po b/po/sk.po
index d897bbb..e813126 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -2375,6 +2375,13 @@ msgid "key %s: no user ID\n"
msgstr "k??? %08lX: chyba identifik?tor u??vate?a\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "presko?en? `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "k??? %08lX: HKP po?kodenie podk???a opraven?\n"
@@ -2471,6 +2478,10 @@ msgstr "k
msgid "key %s: \"%s\" not changed\n"
msgstr "k??? %08lX: \"%s\" bez zmeny\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "tajn? k??? `%s' nebol n?jden?: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "zapisujem tajn? k??? do `%s'\n"
diff --git a/po/sv.po b/po/sv.po
index 2eef3fc..b896570 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -2335,6 +2335,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nyckel %s: ingen anv??ndaridentitet\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppade ??ver \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
# Undernyckeln ??r skadad p?? HKP-servern. Vanligt fel vid m??nga undernycklar.
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
@@ -2433,6 +2441,11 @@ msgstr "nyckel %s: \"%s\" %d anv??ndaridentiteter rensade\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nyckel %s: \"%s\" inte ??ndrad\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemliga nycklar till??ts inte\n"
diff --git a/po/tr.po b/po/tr.po
index b94fb4c..f6bfb37 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -2282,6 +2282,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "anahtar %s: kullan??c?? kimli??i yok\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\" atland??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "anahtar %s: PKS yard??mc?? anahtar bozulmas?? giderildi\n"
@@ -2377,6 +2385,11 @@ msgstr "anahtar %s: \"%s\" %d kullan??c?? kimli??i temizlendi\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "anahtar %s: \"%s\" de??i??medi\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "gizli anahtar?? al??m??na izin verilmez\n"
diff --git a/po/uk.po b/po/uk.po
index 1ac4679..bd50c6d 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2322,6 +2322,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "???????? %s: ?????????? ?????????????????????????? ??????????????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "?????????????????? ??%s??: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "???????? %s: ???????????????????? ?????????????????????? ?????????????? PKS\n"
@@ -2417,6 +2425,11 @@ msgstr "???????? %s: ??%s?? ???????????????????? %d ????????????????????????????
msgid "key %s: \"%s\" not changed\n"
msgstr "???????? %s: ??%s?? ???? ??????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "???????????????? ???????? ??%s?? ???? ????????????????: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "???????????????????????? ???????????????? ???????????? ????????????????????\n"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 9824489..4615cf4 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -2293,6 +2293,14 @@ msgstr "???????????????????????????????????????gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "?????? %s?????????????????????\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "???%s???????????????%s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %s???PKS ?????????????????????\n"
@@ -2388,6 +2396,11 @@ msgstr "?????? %s??????%s???%d ????????????????????????\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %s??????%s????????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "??????????????????%s??????%s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "?????????????????????\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 611cf45..e1f58b3 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -2213,6 +2213,14 @@ msgstr "???????????????????????????????????????: gpg --edit-key %s updpref save\
msgid "key %s: no user ID\n"
msgstr "?????? %s: ??????????????? ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "????????? \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "?????? %s: PKS ???????????????????????????\n"
@@ -2308,6 +2316,11 @@ msgstr "?????? %s: \"%s\" ????????? %d ???????????? ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "?????? %s: \"%s\" ?????????\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "??????????????? \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "?????????????????????\n"
commit 1242a72923db810f7e5fd36269c72b14cb19f60f
Author: Kristian Fiskerstrand
Date: Thu Jun 12 16:12:28 2014 +0200
gpg: Fix a couple of spelling errors
diff --git a/g10/call-agent.c b/g10/call-agent.c
index 71bee61..5669e04 100644
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@@ -163,12 +163,12 @@ check_hijacking (assuan_context_t ctx)
string = get_membuf (&mb, NULL);
if (!string || !*string)
{
- /* Definitley hijacked - show a warning prompt. */
+ /* Definitely hijacked - show a warning prompt. */
static int shown;
const char warn1[] =
"The GNOME keyring manager hijacked the GnuPG agent.";
const char warn2[] =
- "GnuPG will not work proberly - please configure that "
+ "GnuPG will not work properly - please configure that "
"tool to not interfere with the GnuPG system!";
log_info ("WARNING: %s\n", warn1);
log_info ("WARNING: %s\n", warn2);
commit 017c6f8fba9ae141a46084d6961ba60c4230f97a
Author: Werner Koch
Date: Tue Jun 24 13:54:30 2014 +0200
doc: Update from master.
--
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index bfb1d93..c3dfd82 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -372,13 +372,16 @@ seconds. The default is 1800 seconds.
@opindex max-cache-ttl
Set the maximum time a cache entry is valid to @var{n} seconds. After
this time a cache entry will be expired even if it has been accessed
-recently. The default is 2 hours (7200 seconds).
+recently or has been set using @command{gpg-preset-passphrase}. The
+default is 2 hours (7200 seconds).
@item --max-cache-ttl-ssh @var{n}
@opindex max-cache-ttl-ssh
-Set the maximum time a cache entry used for SSH keys is valid to @var{n}
-seconds. After this time a cache entry will be expired even if it has
-been accessed recently. The default is 2 hours (7200 seconds).
+Set the maximum time a cache entry used for SSH keys is valid to
+ at var{n} seconds. After this time a cache entry will be expired even
+if it has been accessed recently or has been set using
+ at command{gpg-preset-passphrase}. The default is 2 hours (7200
+seconds).
@item --enforce-passphrase-constraints
@opindex enforce-passphrase-constraints
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a263690..9a6782a 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -408,8 +408,8 @@ removed first. In batch mode the key must be specified by fingerprint.
@opindex export
Either export all keys from all keyrings (default keyrings and those
registered via option @option{--keyring}), or if at least one name is given,
-those of the given name. The new keyring is written to STDOUT or to the
-file given with option @option{--output}. Use together with
+those of the given name. The exported keys are written to STDOUT or to the
+file given with option @option{--output}. Use together with
@option{--armor} to mail those keys.
@item --send-keys @code{key IDs}
@@ -424,14 +424,30 @@ or changed by you. If no key IDs are given, @command{gpg} does nothing.
@itemx --export-secret-subkeys
@opindex export-secret-keys
@opindex export-secret-subkeys
-Same as @option{--export}, but exports the secret keys instead. This is
-normally not very useful and a security risk. The second form of the
-command has the special property to render the secret part of the
-primary key useless; this is a GNU extension to OpenPGP and other
-implementations can not be expected to successfully import such a key.
+Same as @option{--export}, but exports the secret keys instead. The
+exported keys are written to STDOUT or to the file given with option
+ at option{--output}. This command is often used along with the option
+ at option{--armor} to allow easy printing of the key for paper backup;
+however the external tool @command{paperkey} does a better job for
+creating backups on paper. Note that exporting a secret key can be a
+security risk if the exported keys are send over an insecure channel.
+
+The second form of the command has the special property to render the
+secret part of the primary key useless; this is a GNU extension to
+OpenPGP and other implementations can not be expected to successfully
+import such a key. Its intended use is to generated a full key with
+an additional signing subkey on a dedicated machine and then using
+this command to export the key without the primary key to the main
+machine.
+
+ at ifset gpgtwoone
+GnuPG may ask you to enter the passphrase for the key. This is
+required because the internal protection method of the secret key is
+different from the one specified by the OpenPGP protocol.
+ at end ifset
@ifclear gpgtwoone
-See the option @option{--simple-sk-checksum} if you want to import such
-an exported key with an older OpenPGP implementation.
+See the option @option{--simple-sk-checksum} if you want to import an
+exported secret key into ancient OpenPGP implementations.
@end ifclear
@item --import
@@ -2127,6 +2143,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
@@ -2310,9 +2332,11 @@ available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --escape-from-lines --force-v3-sigs
---allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5
---compress-algo ZIP}. It also disables @option{--textmode} when
-encrypting.
+ at ifclear gpgone
+--allow-weak-digest-algos
+ at end ifclear
+--cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+It also disables @option{--textmode} when encrypting.
@item --pgp6
@opindex pgp6
@@ -2768,12 +2792,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at ifclear gpgone
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos
Signatures made with the broken MD5 algorithm are normally rejected
with an ``invalid digest algorithm'' message. This option allows the
verification of signatures made with such weak algorithms.
-
+ at end ifclear
@item --no-default-keyring
@opindex no-default-keyring
@@ -3036,18 +3061,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+ at ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+ at end ifset
+
+ @item ~/.gnupg/secring.gpg
+ at ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+ at end ifclear
+ at ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+ at end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -3058,6 +3098,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index 3d2594f..078d2ad 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -259,13 +259,26 @@ certificate are only exported if all @var{pattern} are given as
fingerprints or keygrips.
@item --export-secret-key-p12 @var{key-id}
- at opindex export
+ at opindex export-secret-key-p12
Export the private key and the certificate identified by @var{key-id} in
-a PKCS#12 format. When using along with the @code{--armor} option a few
+a PKCS#12 format. When used with the @code{--armor} option a few
informational lines are prepended to the output. Note, that the PKCS#12
format is not very secure and this command is only provided if there is
no other way to exchange the private key. (@pxref{option --p12-charset})
+ at ifset gpgtwoone
+ at item --export-secret-key-p8 @var{key-id}
+ at itemx --export-secret-key-raw @var{key-id}
+ at opindex export-secret-key-p8
+ at opindex export-secret-key-raw
+Export the private key of the certificate identified by @var{key-id}
+with any encryption stripped. The @code{...-raw} command exports in
+PKCS#1 format; the @code{...-p8} command exports in PKCS#8 format.
+When used with the @code{--armor} option a few informational lines are
+prepended to the output. These commands are useful to prepare a key
+for use on a TLS server.
+ at end ifset
+
@item --import [@var{files}]
@opindex import
Import the certificates from the PEM or binary encoded files as well as
@@ -568,6 +581,13 @@ certificate.
Include the keygrip in standard key listings. Note that the keygrip is
always listed in --with-colons mode.
+ at ifset gpgtwoone
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+ at end ifset
+
@end table
@c *******************************************
diff --git a/doc/tools.texi b/doc/tools.texi
index 32ab1e4..030f269 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -1060,10 +1060,11 @@ may not be used and the passphrases for the to be used keys are given at
machine startup.
Passphrases set with this utility don't expire unless the
- at option{--forget} option is used to explicitly clear them from the cache
---- or @command{gpg-agent} is either restarted or reloaded (by sending a
-SIGHUP to it). It is necessary to allow this passphrase presetting by
-starting @command{gpg-agent} with the
+ at option{--forget} option is used to explicitly clear them from the
+cache --- or @command{gpg-agent} is either restarted or reloaded (by
+sending a SIGHUP to it). Nite that the maximum cache time as set with
+ at option{--max-cache-ttl} is still honored. It is necessary to allow
+this passphrase presetting by starting @command{gpg-agent} with the
@option{--allow-preset-passphrase}.
@menu
commit 8e39fe810d951c2fef4c22246440a5944a89a18c
Author: Werner Koch
Date: Tue Jun 24 13:52:02 2014 +0200
gpg: Do not link gpgv against libassuan.
* g10/Makefile.am (gpgv2_LDADD): Remove LIBASSUAN_LIBS.
--
This is not required.
GnuPG-bug-id: 1533
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 00036c8..efa427d 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -124,7 +124,7 @@ LDADD = $(needed_libs) ../common/libgpgrl.a \
$(LIBINTL) $(CAPLIBS) $(NETLIBS)
gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs)
-gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \
+gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBICONV) $(resource_objs)
t_common_ldadd =
commit fb274a3cf3295dbd509494338bd6a16c8069176a
Author: Werner Koch
Date: Tue Jun 24 11:14:20 2014 +0200
po: Update de.po
diff --git a/po/de.po b/po/de.po
index 515fd9e..12abe70 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2014-06-03 09:53+0200\n"
+"PO-Revision-Date: 2014-06-24 11:13+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -2321,6 +2321,13 @@ msgid "key %s: no user ID\n"
msgstr "Schl??ssel %s: Keine User-ID\n"
#, c-format
+msgid "key %s: %s\n"
+msgstr "Schl??ssel %s: %s\n"
+
+msgid "rejected by import filter"
+msgstr "vom Importfilter zur??ckgewiesen"
+
+#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "Schl??ssel %s: PKS Unterschl??sseldefekt repariert\n"
@@ -2415,6 +2422,10 @@ msgstr "Schl??ssel %s: \"%s\" %d User-IDs bereinigt\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "Schl??ssel %s: \"%s\" nicht ge??ndert\n"
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "Geheimer Schl??ssel %s: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Importieren geheimer Schl??ssel ist nicht erlaubt\n"
commit a37f63d7b86b467df82ac77cfa5a75bfb1c77b7c
Author: Werner Koch
Date: Tue Jun 24 11:06:32 2014 +0200
common: Fix commit ceef5568 so that it builds with libgcrypt < 1.6
* common/ssh-utils.c (get_fingerprint): Use GCRY_PK_ECC only if
defined.
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index 11ff0fb..30cb451 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -89,7 +89,9 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
+#if GCRYPT_VERSION_NUMBER >= 0x010600
case GCRY_PK_ECC:
+#endif
case GCRY_PK_ECDSA:
/* We only support the 3 standard curves for now. It is just a
quick hack. */
commit aacb43a730a6f52c1ac91131afed73ae6ef25416
Author: Werner Koch
Date: Tue Jun 24 10:56:19 2014 +0200
Remove thread callbacks for libgcrypt >= 1.6.
* agent/gpg-agent.c (GCRY_THREAD_OPTION_PTH_IMPL): Do not use with
libgcrypt >= 1.6.
(main): Ditto.
* scd/scdaemon.c (GCRY_THREAD_OPTION_PTH_IMPL): Ditto.
(main): Ditto.
--
This is not anymore needed but kept for compatibility with Libgcrypt <
1.6.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 1f53a37..bf2a26d 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -308,6 +308,7 @@ static int check_for_running_agent (int silent, int mode);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
+#if GCRYPT_VERSION_NUMBER < 0x010600
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
@@ -315,6 +316,7 @@ static int fixed_gcry_pth_init (void)
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
+#endif /*GCRYPT_VERSION_NUMBER < 0x10600*/
#ifndef PTH_HAVE_PTH_THREAD_ID
static unsigned long pth_thread_id (void)
@@ -625,7 +627,8 @@ main (int argc, char **argv )
init_common_subsystems ();
- /* Libgcrypt requires us to register the threading model first.
+#if GCRYPT_VERSION_NUMBER < 0x010600
+ /* Libgcrypt < 1.6 requires us to register the threading model first.
Note that this will also do the pth_init. */
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
@@ -636,6 +639,7 @@ main (int argc, char **argv )
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
/* Check that the libraries are suitable. Do it here because
diff --git a/scd/scdaemon.c b/scd/scdaemon.c
index 5f64521..e133ddc 100644
--- a/scd/scdaemon.c
+++ b/scd/scdaemon.c
@@ -212,6 +212,7 @@ static void handle_connections (int listen_fd);
/* Pth wrapper function definitions. */
ASSUAN_SYSTEM_PTH_IMPL;
+#if GCRYPT_VERSION_NUMBER < 0x010600
GCRY_THREAD_OPTION_PTH_IMPL;
#if GCRY_THREAD_OPTION_VERSION < 1
static int fixed_gcry_pth_init (void)
@@ -219,6 +220,7 @@ static int fixed_gcry_pth_init (void)
return pth_self ()? 0 : (pth_init () == FALSE) ? errno : 0;
}
#endif
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
static char *
@@ -380,7 +382,6 @@ main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
int orig_argc;
- gpg_error_t err;
char **orig_argv;
FILE *configfp = NULL;
char *configname = NULL;
@@ -415,17 +416,23 @@ main (int argc, char **argv )
init_common_subsystems ();
- /* Libgcrypt requires us to register the threading model first.
+#if GCRYPT_VERSION_NUMBER < 0x010600
+ /* Libgcrypt < 1.6 requires us to register the threading model first.
Note that this will also do the pth_init. */
+ {
+ gpg_error_t err;
#if GCRY_THREAD_OPTION_VERSION < 1
gcry_threads_pth.init = fixed_gcry_pth_init;
#endif
+
err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pth);
if (err)
{
log_fatal ("can't register GNU Pth with Libgcrypt: %s\n",
gpg_strerror (err));
}
+ }
+#endif /*GCRYPT_VERSION_NUMBER < 0x010600*/
/* Check that the libraries are suitable. Do it here because
the option parsing may need services of the library */
commit 2daa112a7404bcbedcda9b84c5ebbe33fd7fabd8
Author: Werner Koch
Date: Tue Jun 24 10:36:15 2014 +0200
Improve configure option --with-libgpg-error-prefix
--
GnuPG-bug-id: 1561
Note that this is not a complete solution. The libgpg-error include
directory has now a higher preference but ld may not pick up the right
library if another one is installed. The problem is that the -L
option and the -l options are not emitted separately by
gpg-error-config.
diff --git a/agent/Makefile.am b/agent/Makefile.am
index 5c2da2c..55c374c 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -31,7 +31,7 @@ if HAVE_W32_SYSTEM
resource_objs += gpg-agent-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
gpg_agent_SOURCES = \
gpg-agent.c agent.h \
diff --git a/common/Makefile.am b/common/Makefile.am
index 880b01b..337e246 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -32,7 +32,7 @@ MAINTAINERCLEANFILES = audit-events.h status-codes.h
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS)
include $(top_srcdir)/am/cmacros.am
diff --git a/g10/Makefile.am b/g10/Makefile.am
index c3e35f6..00036c8 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -25,7 +25,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \
include $(top_srcdir)/am/cmacros.am
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS)
needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a
diff --git a/jnlib/Makefile.am b/jnlib/Makefile.am
index b3e7d7d..2ba2fbf 100644
--- a/jnlib/Makefile.am
+++ b/jnlib/Makefile.am
@@ -27,7 +27,7 @@ TESTS = $(module_tests)
AM_CPPFLAGS = -I$(top_srcdir)/intl
# We need libgcrypt because libjnlib-config includes gcrypt.h
-AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS)
+AM_CFLAGS = -DJNLIB_IN_JNLIB $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
noinst_LIBRARIES = libjnlib.a
diff --git a/scd/Makefile.am b/scd/Makefile.am
index 63a11dc..e883180 100644
--- a/scd/Makefile.am
+++ b/scd/Makefile.am
@@ -33,8 +33,8 @@ if HAVE_W32_SYSTEM
resource_objs += scdaemon-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \
- $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) $(PTH_CFLAGS)
card_apps = app-openpgp.c app-nks.c app-dinsig.c app-p15.c app-geldkarte.c
diff --git a/sm/Makefile.am b/sm/Makefile.am
index 01cf028..8e1dc97 100644
--- a/sm/Makefile.am
+++ b/sm/Makefile.am
@@ -22,7 +22,8 @@ bin_PROGRAMS = gpgsm
EXTRA_DIST = ChangeLog-2011 gpgsm-w32info.rc
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) \
+ $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS)
AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl
include $(top_srcdir)/am/cmacros.am
diff --git a/tools/Makefile.am b/tools/Makefile.am
index cc782a3..e5c16a2 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -30,7 +30,7 @@ if HAVE_W32_SYSTEM
resource_objs += gpg-connect-agent-w32info.o
endif
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS)
+AM_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS)
sbin_SCRIPTS = addgnupghome applygnupgdefaults
@@ -97,16 +97,16 @@ gpg_connect_agent_LDADD = ../common/libgpgrl.a $(common_libs) \
$(resource_objs)
gpgkey2ssh_SOURCES = gpgkey2ssh.c
-gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpgkey2ssh_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
# common sucks in jnlib, via use of BUG() in an inline function, which
# some compilers do not eliminate.
gpgkey2ssh_LDADD = $(common_libs) \
- $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
+ $(GPG_ERROR_LIBS) $(LIBGCRYPT_LIBS) $(LIBINTL) $(LIBICONV)
if !DISABLE_REGEX
gpg_check_pattern_SOURCES = gpg-check-pattern.c
-gpg_check_pattern_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
+gpg_check_pattern_CFLAGS = $(GPG_ERROR_CFLAGS) $(LIBGCRYPT_CFLAGS)
gpg_check_pattern_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \
$(LIBINTL) $(LIBICONV) $(W32SOCKLIBS)
endif
commit 76b0b076d0dfc1c0b011b9fd458a5158c189ebb4
Author: Werner Koch
Date: Tue Jun 10 14:54:55 2014 +0200
gpg: Use more specific reason codes for INV_RECP.
* g10/pkclist.c (build_pk_list): Use more specific reasons codes for
INV_RECP.
--
GnuPG-bug-id: 1650
Note that this patch is a bit more limited than the one in 2.1.
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 85a8eeb..1d0b2d2 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -831,7 +831,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
{
free_public_key ( pk ); pk = NULL;
log_error (_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP,
+ (rc == GPG_ERR_NO_PUBKEY
+ || rc == GPG_ERR_NO_SECKEY)? "1 ":
+ (rc == GPG_ERR_INV_USER_ID)? "14 ":
+ "0 ",
rov->d, strlen (rov->d), -1);
goto fail;
}
@@ -874,7 +878,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
available. */
free_public_key( pk ); pk = NULL;
log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "3 ",
rov->d, strlen (rov->d), -1);
goto fail;
}
@@ -1086,7 +1090,11 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
/* Key not found or other error. */
free_public_key( pk ); pk = NULL;
log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP,
+ (rc == G10ERR_NO_PUBKEY
+ || rc == G10ERR_NO_SECKEY)? "1 ":
+ (rc == G10ERR_INV_USER_ID)? "14 ":
+ "0 ",
remusr->d, strlen (remusr->d),
-1);
goto fail;
@@ -1103,7 +1111,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
free_public_key(pk); pk = NULL;
log_info(_("%s: skipped: public key is disabled\n"),
remusr->d);
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "13 ",
remusr->d,
strlen (remusr->d),
-1);
@@ -1152,7 +1160,7 @@ build_pk_list( strlist_t rcpts, PK_LIST *ret_pk_list, unsigned int use )
{
/* Key found but not usable for us (e.g. sign-only key). */
free_public_key( pk ); pk = NULL;
- write_status_text_and_buffer (STATUS_INV_RECP, "0 ",
+ write_status_text_and_buffer (STATUS_INV_RECP, "3 ",
remusr->d,
strlen (remusr->d),
-1);
commit 9607bc0b9fce1f7853eee6591b44e35deed4a66c
Author: Werner Koch
Date: Tue Jun 24 09:53:46 2014 +0200
gpg: Make show-uid-validity the default.
diff --git a/g10/gpg.c b/g10/gpg.c
index 87ffe54..1a8e6e7 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2004,6 +2004,8 @@ main (int argc, char **argv)
opt.passphrase_repeat=1;
opt.emit_version = 1; /* Limit to the major number. */
+ opt.list_options |= LIST_SHOW_UID_VALIDITY;
+ opt.verify_options |= LIST_SHOW_UID_VALIDITY;
/* Check whether we have a config file on the command line. */
orig_argc = argc;
commit 5e933008beffbeae7255ece02383606481f9c169
Author: Stefan Tomanek
Date: Thu Jan 30 00:57:43 2014 +0100
gpg: Screen keyserver responses.
* g10/main.h (import_filter_t): New.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek
Re-indention and minor changes by wk.
Resolved conflicts:
g10/import.c
g10/keyserver.c
g10/main.h
diff --git a/g10/import.c b/g10/import.c
index 540b24b..fbe6b37 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -59,14 +59,17 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options );
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter_t filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk,
+ import_filter_t filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, unsigned int options,
+ import_filter_t filter, void *filter_arg);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -163,7 +166,8 @@ import_release_stats_handle (void *p)
static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
- unsigned int options )
+ unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
stats = import_new_stats_handle ();
if (inp) {
- rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
+ filter, filter_arg);
}
else {
int once = (!fnames && !nnames);
@@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else
{
- rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ rc = import (inp2, fname, stats, fpr, fpr_len, options,
+ NULL, NULL);
iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
@@ -223,24 +229,27 @@ void
import_keys( char **fnames, int nnames,
void *stats_handle, unsigned int options )
{
- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+ import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
+ options, NULL, NULL);
}
int
import_keys_stream( IOBUF inp, void *stats_handle,
- unsigned char **fpr, size_t *fpr_len,unsigned int options )
+ unsigned char **fpr, size_t *fpr_len,unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+ return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
+ options, filter, filter_arg);
}
+
static int
-import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options )
+import (IOBUF inp, const char* fname,struct stats_s *stats,
+ unsigned char **fpr, size_t *fpr_len, unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
PACKET *pending_pkt = NULL;
- KBNODE keyblock = NULL; /* Need to initialize because gcc can't
- grasp the return semantics of
- read_block. */
+ KBNODE keyblock = NULL;
int rc = 0;
getkey_disable_caches();
@@ -256,9 +265,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
- else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one( fname, keyblock, stats, options );
+ rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
+ filter, filter_arg);
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one (fname, keyblock, stats, options,
+ filter, filter_arg);
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -634,7 +645,7 @@ check_prefs(KBNODE keyblock)
KBNODE node;
PKT_public_key *pk;
int problem=0;
-
+
merge_keys_and_selfsig(keyblock);
pk=keyblock->pkt->pkt.public_key;
@@ -659,9 +670,9 @@ check_prefs(KBNODE keyblock)
{
if (openpgp_cipher_test_algo (prefs->value))
{
- const char *algo =
+ const char *algo =
(openpgp_cipher_test_algo (prefs->value)
- ? num
+ ? num
: openpgp_cipher_algo_name (prefs->value));
if(!problem)
check_prefs_warning(pk);
@@ -676,7 +687,7 @@ check_prefs(KBNODE keyblock)
{
const char *algo =
(gcry_md_test_algo (prefs->value)
- ? num
+ ? num
: gcry_md_algo_name (prefs->value));
if(!problem)
check_prefs_warning(pk);
@@ -745,7 +756,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, import_filter_t filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -787,7 +798,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
return 0;
}
-
+
+ if (filter && filter (pk, NULL, filter_arg))
+ {
+ log_error (_("key %s: %s\n"), keystr_from_pk(pk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if (opt.interactive) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
@@ -924,7 +942,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
size_t an;
fingerprint_from_pk (pk_orig, afp, &an);
- while (an < MAX_FINGERPRINT_LEN)
+ while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0;
rc = keydb_search_fpr (hd, afp);
}
@@ -948,7 +966,7 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
if (n_sigs_cleaned)
commit_kbnode (&keyblock_orig);
-
+
/* and try to merge the block */
clear_kbnode_flags( keyblock_orig );
clear_kbnode_flags( keyblock );
@@ -1018,14 +1036,14 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
stats->n_sigs_cleaned +=n_sigs_cleaned;
stats->n_uids_cleaned +=n_uids_cleaned;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (pk, NULL,
((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
}
else
{
same_key = 1;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (pk, NULL, 0);
if( !opt.quiet )
@@ -1165,15 +1183,16 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
* with the trust calculation.
*/
static int
-import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+import_secret_one (const char *fname, KBNODE keyblock,
+ struct stats_s *stats, unsigned int options,
+ import_filter_t filter, void *filter_arg)
{
PKT_secret_key *sk;
KBNODE node, uidnode;
u32 keyid[2];
int rc = 0;
- /* get the key and print some info about it */
+ /* Get the key and print some info about it. */
node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node )
BUG();
@@ -1182,6 +1201,12 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+ if (filter && filter (NULL, sk, filter_arg)) {
+ log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if( opt.verbose )
{
log_info( "sec %4u%c/%s %s ",
@@ -1223,8 +1248,8 @@ import_secret_one( const char *fname, KBNODE keyblock,
log_error (_("importing secret keys not allowed\n"));
return 0;
}
-#endif
-
+#endif
+
clear_kbnode_flags( keyblock );
/* do we have this key already in one of our secrings ? */
@@ -1250,7 +1275,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
if( !opt.quiet )
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
stats->secret_imported++;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (NULL, sk, 1|16);
if(options&IMPORT_SK2PK)
@@ -1260,8 +1285,9 @@ import_secret_one( const char *fname, KBNODE keyblock,
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
if(pub_keyblock)
{
- import_one(fname,pub_keyblock,stats,
- NULL,NULL,opt.import_options,1);
+ import_one (fname, pub_keyblock, stats,
+ NULL, NULL, opt.import_options, 1,
+ NULL, NULL);
release_kbnode(pub_keyblock);
}
}
@@ -1281,7 +1307,7 @@ import_secret_one( const char *fname, KBNODE keyblock,
log_error( _("key %s: already in secret keyring\n"),
keystr_from_sk(sk));
stats->secret_dups++;
- if (is_status_enabled ())
+ if (is_status_enabled ())
print_import_ok (NULL, sk, 16);
/* TODO: if we ever do merge secret keys, make sure to handle
@@ -1337,9 +1363,9 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
{
byte afp[MAX_FINGERPRINT_LEN];
size_t an;
-
+
fingerprint_from_pk (pk, afp, &an);
- while (an < MAX_FINGERPRINT_LEN)
+ while (an < MAX_FINGERPRINT_LEN)
afp[an++] = 0;
rc = keydb_search_fpr (hd, afp);
}
@@ -1435,11 +1461,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
int rc;
u32 bsdate=0,rsdate=0;
KBNODE bsnode = NULL, rsnode = NULL;
-
+
(void)fname;
(void)pk;
- for (n=keyblock; (n = find_next_kbnode (n, 0)); )
+ for (n=keyblock; (n = find_next_kbnode (n, 0)); )
{
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
@@ -1453,7 +1479,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
if ( n->pkt->pkttype != PKT_SIGNATURE )
continue;
-
+
sig = n->pkt->pkt.signature;
if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
{
@@ -1465,7 +1491,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
import a fully-cached key which speeds things up. */
if (!opt.no_sig_cache)
check_key_signature (keyblock, n, NULL);
-
+
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
{
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
@@ -1475,16 +1501,16 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
keystr(keyid));
return -1; /* The complete keyblock is invalid. */
}
-
+
/* If it hasn't been marked valid yet, keep trying. */
- if (!(unode->flag&1))
+ if (!(unode->flag&1))
{
rc = check_key_signature (keyblock, n, NULL);
if ( rc )
{
if ( opt.verbose )
{
- char *p = utf8_to_native
+ char *p = utf8_to_native
(unode->pkt->pkt.user_id->name,
strlen (unode->pkt->pkt.user_id->name),0);
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
@@ -1513,7 +1539,7 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
n->flag |= 4;
}
}
- else if ( IS_SUBKEY_SIG (sig) )
+ else if ( IS_SUBKEY_SIG (sig) )
{
/* Note that this works based solely on the timestamps like
the rest of gpg. If the standard gets revocation
@@ -1542,19 +1568,19 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
else
{
/* It's valid, so is it newer? */
- if (sig->timestamp >= bsdate)
+ if (sig->timestamp >= bsdate)
{
knode->flag |= 1; /* The subkey is valid. */
if (bsnode)
{
/* Delete the last binding sig since this
one is newer */
- bsnode->flag |= 4;
+ bsnode->flag |= 4;
if (opt.verbose)
log_info (_("key %s: removed multiple subkey"
" binding\n"),keystr(keyid));
}
-
+
bsnode = n;
bsdate = sig->timestamp;
}
@@ -1599,12 +1625,12 @@ chk_self_sigs( const char *fname, KBNODE keyblock,
{
/* Delete the last revocation sig since
this one is newer. */
- rsnode->flag |= 4;
+ rsnode->flag |= 4;
if (opt.verbose)
log_info (_("key %s: removed multiple subkey"
" revocation\n"),keystr(keyid));
}
-
+
rsnode = n;
rsdate = sig->timestamp;
}
@@ -2345,35 +2371,35 @@ pub_to_sec_keyblock (KBNODE pub_keyblock)
PACKET *pkt = xmalloc_clear (sizeof *pkt);
PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
int i, n;
-
+
if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
pkt->pkttype = PKT_SECRET_KEY;
else
pkt->pkttype = PKT_SECRET_SUBKEY;
-
+
pkt->pkt.secret_key = sk;
copy_public_parts_to_secret_key ( pk, sk );
sk->version = pk->version;
sk->timestamp = pk->timestamp;
-
+
n = pubkey_get_npkey (pk->pubkey_algo);
if (!n)
n = 1; /* Unknown number of parameters, however the data
is stored in the first mpi. */
for (i=0; i < n; i++ )
sk->skey[i] = mpi_copy (pk->pkey[i]);
-
+
sk->is_protected = 1;
sk->protect.s2k.mode = 1001;
-
+
secnode = new_kbnode (pkt);
}
else
{
secnode = clone_kbnode (pubnode);
}
-
+
if(!sec_keyblock)
sec_keyblock = secnode;
else
@@ -2387,12 +2413,12 @@ pub_to_sec_keyblock (KBNODE pub_keyblock)
/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
stub keys with the serial number SNNUM of the card if one of the
fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
- a duplicate (may happen in case of backed uped keys).
-
+ a duplicate (may happen in case of backed uped keys).
+
Returns: True if anything changed.
*/
static int
-update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
+update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
const unsigned char *fpr1,
const unsigned char *fpr2,
const unsigned char *fpr3,
@@ -2412,7 +2438,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
&& node->pkt->pkttype != PKT_SECRET_SUBKEY)
continue;
sk = node->pkt->pkt.secret_key;
-
+
fingerprint_from_sk (sk, array, &n);
if (n != 20)
continue; /* Can't be a card key. */
@@ -2462,7 +2488,7 @@ update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
exists, add appropriate subkey stubs and update the secring.
Return 0 if the key could be created. */
int
-auto_create_card_key_stub ( const char *serialnostr,
+auto_create_card_key_stub ( const char *serialnostr,
const unsigned char *fpr1,
const unsigned char *fpr2,
const unsigned char *fpr3)
@@ -2473,7 +2499,7 @@ auto_create_card_key_stub ( const char *serialnostr,
int rc;
/* We only want to do this for an OpenPGP card. */
- if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
+ if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
|| strlen (serialnostr) != 32 )
return G10ERR_GENERAL;
@@ -2484,7 +2510,7 @@ auto_create_card_key_stub ( const char *serialnostr,
;
else
return G10ERR_GENERAL;
-
+
hd = keydb_new (1);
/* Now check whether there is a secret keyring. */
@@ -2510,7 +2536,7 @@ auto_create_card_key_stub ( const char *serialnostr,
else
{
merge_keys_and_selfsig (sec_keyblock);
-
+
/* FIXME: We need to add new subkeys first. */
if (update_sec_keyblock_with_cardinfo (sec_keyblock,
fpr1, fpr2, fpr3,
@@ -2544,7 +2570,7 @@ auto_create_card_key_stub ( const char *serialnostr,
keydb_get_resource_name (hd), g10_errstr(rc) );
}
}
-
+
release_kbnode (sec_keyblock);
release_kbnode (pub_keyblock);
keydb_release (hd);
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 7164f67..83a4b95 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -981,10 +981,55 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+
+/* Check whether a key matches the search description. The filter
+ returns 0 if the key shall be imported. Note that this kind of
+ filter is not related to the iobuf filters. */
static int
-keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
- int count,int *prog,unsigned char **fpr,size_t *fpr_len,
- struct keyserver_spec *keyserver)
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+{
+ KEYDB_SEARCH_DESC *desc = arg;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+
+ /* Secret keys are not expected from a keyserver. Do not import. */
+ if (sk)
+ return G10ERR_GENERAL;
+
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+ if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+
+ return 0;
+}
+
+
+static int
+keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ int count, int *prog, unsigned char **fpr, size_t *fpr_len,
+ struct keyserver_spec *keyserver)
{
int ret=0,i,gotversion=0,outofband=0;
strlist_t temp;
@@ -1504,8 +1549,9 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
but we better protect against rogue keyservers. */
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
- (opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_filter, desc);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
@@ -1536,12 +1582,14 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
return ret;
}
+
static int
-keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
- int count,unsigned char **fpr,size_t *fpr_len,
- struct keyserver_spec *keyserver)
+keyserver_work (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
+ int count, unsigned char **fpr, size_t *fpr_len,
+ struct keyserver_spec *keyserver)
{
- int rc=0,ret=0;
+ int rc = 0;
+ int ret = 0;
if(!keyserver)
{
@@ -1606,6 +1654,7 @@ keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
#endif /* ! DISABLE_KEYSERVER_HELPERS*/
}
+
int
keyserver_export(strlist_t users)
{
@@ -1638,6 +1687,7 @@ keyserver_export(strlist_t users)
return rc;
}
+
int
keyserver_import(strlist_t users)
{
@@ -1712,11 +1762,14 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
}
-/* code mostly stolen from do_export_stream */
+
+/* Code mostly stolen from do_export_stream */
static int
keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
{
- int rc=0,ndesc,num=100;
+ int rc = 0;
+ int num = 100;
+ int ndesc;
KBNODE keyblock=NULL,node;
KEYDB_HANDLE kdbhd;
KEYDB_SEARCH_DESC *desc;
@@ -2045,7 +2098,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
rc=import_keys_stream (key, NULL, fpr, fpr_len,
(opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ | IMPORT_NO_SECKEY), NULL, NULL);
opt.no_armor=armor_status;
diff --git a/g10/main.h b/g10/main.h
index 8d29071..6a0de00 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -260,11 +260,16 @@ gcry_mpi_t encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
gcry_md_hd_t md, int hash_algo );
/*-- import.c --*/
+
+typedef int (*import_filter_t)(PKT_public_key *pk, PKT_secret_key *sk,
+ void *arg);
+
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
-int import_keys_stream( iobuf_t inp,void *stats_hd,unsigned char **fpr,
- size_t *fpr_len,unsigned int options );
+int import_keys_stream (iobuf_t inp, void *stats_hd, unsigned char **fpr,
+ size_t *fpr_len, unsigned int options,
+ import_filter_t filter, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
commit e790671cb3a35f3042558224e915b6f74ebc2251
Author: Werner Koch
Date: Tue Jun 24 09:13:38 2014 +0200
gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--
Suggested-by: Dominik Heidler
diff --git a/g10/card-util.c b/g10/card-util.c
index 801de57..57f873f 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -86,7 +86,7 @@ change_pin (int unblock_v2, int allow_admin)
gpg_strerror (rc));
return;
}
-
+
log_info (_("OpenPGP card no. %s detected\n"),
info.serialno? info.serialno : "[none]");
@@ -180,7 +180,7 @@ change_pin (int unblock_v2, int allow_admin)
rc = agent_scd_change_pin (102, info.serialno);
write_sc_op_status (rc);
if (rc)
- tty_printf ("Error setting the Reset Code: %s\n",
+ tty_printf ("Error setting the Reset Code: %s\n",
gpg_strerror (rc));
else
tty_printf ("Reset Code set.\n");
@@ -382,7 +382,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
else
tty_fprintf (fp, "Application ID ...: %s\n",
info.serialno? info.serialno : "[none]");
- if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
+ if (!info.serialno || strncmp (info.serialno, "D27600012401", 12)
|| strlen (info.serialno) != 32 )
{
if (info.apptype && !strcmp (info.apptype, "NKS"))
@@ -424,7 +424,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
;
else if (strlen (serialno)+1 > serialnobuflen)
log_error ("serial number longer than expected\n");
- else
+ else
strcpy (serialno, info.serialno);
if (opt.with_colons)
@@ -437,7 +437,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
uval = xtoi_2(info.serialno+16)*256 + xtoi_2 (info.serialno+18);
fprintf (fp, "vendor:%04x:%s:\n", uval, get_manufacturer (uval));
fprintf (fp, "serial:%.8s:\n", info.serialno+20);
-
+
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
fputs ("lang:", fp);
@@ -494,18 +494,18 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
(unsigned long)info.fpr1time, (unsigned long)info.fpr2time,
(unsigned long)info.fpr3time);
}
- else
+ else
{
tty_fprintf (fp, "Version ..........: %.1s%c.%.1s%c\n",
info.serialno[12] == '0'?"":info.serialno+12,
info.serialno[13],
info.serialno[14] == '0'?"":info.serialno+14,
info.serialno[15]);
- tty_fprintf (fp, "Manufacturer .....: %s\n",
+ tty_fprintf (fp, "Manufacturer .....: %s\n",
get_manufacturer (xtoi_2(info.serialno+16)*256
+ xtoi_2 (info.serialno+18)));
tty_fprintf (fp, "Serial number ....: %.8s\n", info.serialno+20);
-
+
print_isoname (fp, "Name of cardholder: ", "name", info.disp_name);
print_name (fp, "Language prefs ...: ", info.disp_lang);
tty_fprintf (fp, "Sex ..............: %s\n",
@@ -568,13 +568,13 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
if (info.fpr3valid && info.fpr3time)
tty_fprintf (fp, " created ....: %s\n",
isotimestamp (info.fpr3time));
- tty_fprintf (fp, "General key info..: ");
+ tty_fprintf (fp, "General key info..: ");
- thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
+ thefpr = (info.fpr1valid? info.fpr1 : info.fpr2valid? info.fpr2 :
info.fpr3valid? info.fpr3 : NULL);
/* If the fingerprint is all 0xff, the key has no asssociated
OpenPGP certificate. */
- if ( thefpr && !fpr_is_ff (thefpr)
+ if ( thefpr && !fpr_is_ff (thefpr)
&& !get_pubkey_byfprint (pk, thefpr, 20))
{
KBNODE keyblock = NULL;
@@ -587,7 +587,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
{
release_kbnode (keyblock);
keyblock = NULL;
-
+
if (!auto_create_card_key_stub (info.serialno,
info.fpr1valid? info.fpr1:NULL,
info.fpr2valid? info.fpr2:NULL,
@@ -603,7 +603,7 @@ card_status (FILE *fp, char *serialno, size_t serialnobuflen)
else
tty_fprintf (fp, "[none]\n");
}
-
+
free_public_key (pk);
agent_release_card_info (&info);
}
@@ -632,7 +632,7 @@ get_one_name (const char *prompt1, const char *prompt2)
else if (strchr (name, '<'))
tty_printf (_("Error: The \"<\" character may not be used.\n"));
else if (strstr (name, " "))
- tty_printf (_("Error: Double spaces are not allowed.\n"));
+ tty_printf (_("Error: Double spaces are not allowed.\n"));
else
return name;
xfree (name);
@@ -670,7 +670,7 @@ change_name (void)
if (strlen (isoname) > 39 )
{
tty_printf (_("Error: Combined name too long "
- "(limit is %d characters).\n"), 39);
+ "(limit is %d characters).\n"), 39);
xfree (isoname);
return -1;
}
@@ -699,7 +699,7 @@ change_url (void)
if (strlen (url) > 254 )
{
tty_printf (_("Error: URL too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (url);
return -1;
}
@@ -770,7 +770,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
FILE *fp;
char *data;
int n;
-
+
*r_buffer = NULL;
fp = fopen (fname, "rb");
@@ -787,7 +787,7 @@ get_data_from_file (const char *fname, size_t maxlen, char **r_buffer)
tty_printf (_("can't open `%s': %s\n"), fname, strerror (errno));
return -1;
}
-
+
data = xtrymalloc (maxlen? maxlen:1);
if (!data)
{
@@ -818,7 +818,7 @@ static int
put_data_to_file (const char *fname, const void *buffer, size_t length)
{
FILE *fp;
-
+
fp = fopen (fname, "wb");
#if GNUPG_MAJOR_VERSION == 1
if (fp && is_secured_file (fileno (fp)))
@@ -833,7 +833,7 @@ put_data_to_file (const char *fname, const void *buffer, size_t length)
tty_printf (_("can't create `%s': %s\n"), fname, strerror (errno));
return -1;
}
-
+
if (length && fwrite (buffer, length, 1, fp) != 1)
{
tty_printf (_("error writing `%s': %s\n"), fname, strerror (errno));
@@ -874,7 +874,7 @@ change_login (const char *args)
if (n > 254 )
{
tty_printf (_("Error: Login data too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (data);
return -1;
}
@@ -893,7 +893,7 @@ change_private_do (const char *args, int nr)
char do_name[] = "PRIVATE-DO-X";
char *data;
int n;
- int rc;
+ int rc;
assert (nr >= 1 && nr <= 4);
do_name[11] = '0' + nr;
@@ -920,7 +920,7 @@ change_private_do (const char *args, int nr)
if (n > 254 )
{
tty_printf (_("Error: Private DO too long "
- "(limit is %d characters).\n"), 254);
+ "(limit is %d characters).\n"), 254);
xfree (data);
return -1;
}
@@ -1053,13 +1053,13 @@ change_sex (void)
str = "1";
else if ((*data == 'F' || *data == 'f') && !data[1])
str = "2";
- else
+ else
{
tty_printf (_("Error: invalid response.\n"));
xfree (data);
return -1;
}
-
+
rc = agent_scd_setattr ("DISP-SEX", str, 1, NULL );
if (rc)
log_error ("error setting sex: %s\n", gpg_strerror (rc));
@@ -1147,7 +1147,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
memset (info, 0, sizeof *info);
rc = agent_scd_getattr ("SERIALNO", info);
- if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
+ if (rc || !info->serialno || strncmp (info->serialno, "D27600012401", 12)
|| strlen (info->serialno) != 32 )
{
log_error (_("key operation not possible: %s\n"),
@@ -1172,7 +1172,7 @@ get_info_for_key_operation (struct agent_card_info_s *info)
/* Helper for the key generation/edit functions. */
static int
check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
-{
+{
int rc = 0;
agent_clear_pin_cache (info->serialno);
@@ -1206,7 +1206,7 @@ check_pin_for_key_operation (struct agent_card_info_s *info, int *forced_chv1)
}
/* Helper for the key generation/edit functions. */
-static void
+static void
restore_forced_chv1 (int *forced_chv1)
{
int rc;
@@ -1290,7 +1290,7 @@ ask_card_keysize (int keyno, unsigned int nbits)
for (;;)
{
- prompt = xasprintf
+ prompt = xasprintf
(keyno == 0?
_("What keysize do you want for the Signature key? (%u) "):
keyno == 1?
@@ -1302,16 +1302,16 @@ ask_card_keysize (int keyno, unsigned int nbits)
req_nbits = *answer? atoi (answer): nbits;
xfree (prompt);
xfree (answer);
-
+
if (req_nbits != nbits && (req_nbits % 32) )
{
req_nbits = ((req_nbits + 31) / 32) * 32;
tty_printf (_("rounded up to %u bits\n"), req_nbits);
}
-
+
if (req_nbits == nbits)
return 0; /* Use default. */
-
+
if (req_nbits < min_nbits || req_nbits > max_nbits)
{
tty_printf (_("%s keysizes must be in the range %u-%u\n"),
@@ -1331,19 +1331,19 @@ ask_card_keysize (int keyno, unsigned int nbits)
/* Change the size of key KEYNO (0..2) to NBITS and show an error
message if that fails. */
static gpg_error_t
-do_change_keysize (int keyno, unsigned int nbits)
+do_change_keysize (int keyno, unsigned int nbits)
{
gpg_error_t err;
char args[100];
-
+
snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits);
err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL);
if (err)
- log_error (_("error changing size of key %d to %u bits: %s\n"),
+ log_error (_("error changing size of key %d to %u bits: %s\n"),
keyno+1, nbits, gpg_strerror (err));
return err;
}
-
+
static void
generate_card_keys (void)
@@ -1422,7 +1422,7 @@ generate_card_keys (void)
/* Note that INFO has not be synced. However we will only use
the serialnumber and thus it won't harm. */
}
-
+
generate_keypair (NULL, info.serialno, want_backup? opt.homedir:NULL);
leave:
@@ -1452,7 +1452,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
tty_printf (_(" (2) Encryption key\n"));
tty_printf (_(" (3) Authentication key\n"));
- for (;;)
+ for (;;)
{
char *answer = cpr_get ("cardedit.genkeys.subkeytype",
_("Your selection? "));
@@ -1509,7 +1509,7 @@ card_generate_subkey (KBNODE pub_keyblock, KBNODE sec_keyblock)
carry the serialno stuff instead of the actual secret key
parameters. USE is the usage for that key; 0 means any
usage. */
-int
+int
card_store_subkey (KBNODE node, int use)
{
struct agent_card_info_s info;
@@ -1549,7 +1549,7 @@ card_store_subkey (KBNODE node, int use)
goto leave;
}
- allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
+ allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)));
allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
@@ -1562,7 +1562,7 @@ card_store_subkey (KBNODE node, int use)
if (allow_keyno[2])
tty_printf (_(" (3) Authentication key\n"));
- for (;;)
+ for (;;)
{
char *answer = cpr_get ("cardedit.genkeys.storekeytype",
_("Your selection? "));
@@ -1576,7 +1576,7 @@ card_store_subkey (KBNODE node, int use)
xfree(answer);
if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1])
{
- if (info.is_v2 && !info.extcap.aac
+ if (info.is_v2 && !info.extcap.aac
&& info.key_attr[keyno-1].nbits != nbits)
{
tty_printf ("Key does not match the card's capability.\n");
@@ -1628,7 +1628,7 @@ card_store_subkey (KBNODE node, int use)
if (copied_sk)
{
free_secret_key (copied_sk);
- copied_sk = NULL;
+ copied_sk = NULL;
}
sk = node->pkt->pkt.secret_key;
@@ -1703,7 +1703,7 @@ static struct
{ "privatedo", cmdPRIVATEDO, 0, NULL },
{ "readcert", cmdREADCERT, 0, NULL },
{ "writecert", cmdWRITECERT, 1, NULL },
- { NULL, cmdINVCMD, 0, NULL }
+ { NULL, cmdINVCMD, 0, NULL }
};
@@ -1782,7 +1782,7 @@ card_edit (strlist_t commands)
char *p;
int i;
int cmd_admin_only;
-
+
tty_printf("\n");
if (redisplay )
{
@@ -1834,7 +1834,7 @@ card_edit (strlist_t commands)
cmd = cmdLIST; /* Default to the list command */
else if (*answer == CONTROL_D)
cmd = cmdQUIT;
- else
+ else
{
if ((p=strchr (answer,' ')))
{
@@ -1849,7 +1849,7 @@ card_edit (strlist_t commands)
while (spacep (arg_rest))
arg_rest++;
}
-
+
for (i=0; cmds[i].name; i++ )
if (!ascii_strcasecmp (answer, cmds[i].name ))
break;
-----------------------------------------------------------------------
Summary of changes:
NEWS | 19 ++++++-
agent/Makefile.am | 2 +-
agent/gpg-agent.c | 6 +-
common/Makefile.am | 2 +-
common/ssh-utils.c | 2 +
configure.ac | 2 +-
doc/Makefile.am | 6 +-
doc/gpg-agent.texi | 11 ++--
doc/gpg.texi | 90 +++++++++++++++++++++++-------
doc/gpgsm.texi | 24 +++++++-
doc/tools.texi | 9 +--
g10/Makefile.am | 4 +-
g10/call-agent.c | 4 +-
g10/card-util.c | 94 +++++++++++++++----------------
g10/gpg.c | 2 +
g10/import.c | 158 ++++++++++++++++++++++++++++++----------------------
g10/keyserver.c | 77 +++++++++++++++++++++----
g10/main.h | 9 ++-
g10/pkclist.c | 18 ++++--
jnlib/Makefile.am | 2 +-
po/be.po | 11 ++++
po/ca.po | 11 ++++
po/cs.po | 13 +++++
po/da.po | 13 +++++
po/de.po | 13 ++++-
po/el.po | 11 ++++
po/eo.po | 11 ++++
po/es.po | 13 +++++
po/et.po | 11 ++++
po/fi.po | 11 ++++
po/fr.po | 13 +++++
po/gl.po | 11 ++++
po/hu.po | 11 ++++
po/id.po | 11 ++++
po/it.po | 11 ++++
po/ja.po | 13 +++++
po/nb.po | 13 +++++
po/pl.po | 13 +++++
po/pt.po | 11 ++++
po/pt_BR.po | 11 ++++
po/ro.po | 13 +++++
po/ru.po | 13 +++++
po/sk.po | 11 ++++
po/sv.po | 13 +++++
po/tr.po | 13 +++++
po/uk.po | 13 +++++
po/zh_CN.po | 13 +++++
po/zh_TW.po | 13 +++++
scd/Makefile.am | 4 +-
scd/scdaemon.c | 11 +++-
sm/Makefile.am | 3 +-
tools/Makefile.am | 8 +--
52 files changed, 719 insertions(+), 186 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 25 08:26:39 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 25 Jun 2014 08:26:39 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.13-3-g51f9a81
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 51f9a8180ecbc24ed092bef5f2aa920a76769dcb (commit)
from 3fada688c0df6e3140e4fcaf59b9bcfcc7a70bf4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 51f9a8180ecbc24ed092bef5f2aa920a76769dcb
Author: Werner Koch
Date: Wed Jun 25 08:29:32 2014 +0200
Add missing prototype for build tool.
* src/gen-posix-lock-obj.c: Include string.h.
--
string.h is required for strerror ().
diff --git a/src/gen-posix-lock-obj.c b/src/gen-posix-lock-obj.c
index de2c8bc..df732c3 100644
--- a/src/gen-posix-lock-obj.c
+++ b/src/gen-posix-lock-obj.c
@@ -26,6 +26,7 @@
#endif
#include
+#include
#include
#include
#include
-----------------------------------------------------------------------
Summary of changes:
src/gen-posix-lock-obj.c | 1 +
1 file changed, 1 insertion(+)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 25 09:19:44 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 25 Jun 2014 09:19:44 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-18-gf171fd2
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f171fd226e84311f92545ca0494771db07ba777d (commit)
from 74c7ab5fa636c7721dd7529d5bbfce70a47e5550 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f171fd226e84311f92545ca0494771db07ba777d
Author: Werner Koch
Date: Tue Jun 24 09:13:38 2014 +0200
gpg: Allow key-to-card upload for cert-only keys
* g10/card-util.c (card_store_subkey): Allo CERT usage for key 0.
--
Suggested-by: Dominik Heidler
diff --git a/g10/card-util.c b/g10/card-util.c
index 411a4d4..84752eb 100644
--- a/g10/card-util.c
+++ b/g10/card-util.c
@@ -1570,7 +1570,7 @@ card_store_subkey (KBNODE node, int use)
goto leave;
}
- allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG)));
+ allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)));
allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC)));
allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH)));
-----------------------------------------------------------------------
Summary of changes:
g10/card-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 25 11:46:45 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 25 Jun 2014 11:46:45 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-20-gb5f95c1
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b5f95c1b566f9530127f3f34e10d120a951cf428 (commit)
via f149e05427a370f5985bc3fb142370b043f19924 (commit)
from f171fd226e84311f92545ca0494771db07ba777d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b5f95c1b566f9530127f3f34e10d120a951cf428
Author: Werner Koch
Date: Wed Jun 25 11:15:45 2014 +0200
doc: Improve the rendering of the manual
diff --git a/artwork/gnupg-logo-420x135tr.png b/artwork/gnupg-logo-420x135tr.png
new file mode 100644
index 0000000..a1556df
Binary files /dev/null and b/artwork/gnupg-logo-420x135tr.png differ
diff --git a/doc/debugging.texi b/doc/debugging.texi
index c83ab1e..f26d1aa 100644
--- a/doc/debugging.texi
+++ b/doc/debugging.texi
@@ -177,10 +177,13 @@ you created the signing request. By running the command
you get a listing of all private keys under control of @command{gpg-agent}.
Pick the key which best matches the creation time and run the command
-
+
+ at cartouche
@smallexample
- /usr/local/libexec/gpg-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
+ /usr/local/libexec/gpg-protect-tool --p12-export \
+ ~/.gnupg/private-keys-v1.d/@var{foo} >@var{foo}.p12
@end smallexample
+ at end cartouche
(Please adjust the path to @command{gpg-protect-tool} to the appropriate
location). @var{foo} is the name of the key file you picked (it should
@@ -188,11 +191,13 @@ have the suffix @file{.key}). A Pinentry box will pop up and ask you
for the current passphrase of the key and a new passphrase to protect it
in the pkcs#12 file.
-To import the created file on the machine you use this command:
+To import the created file on the machine you use this command:
+ at cartouche
@smallexample
/usr/local/libexec/gpg-protect-tool --p12-import --store @var{foo}.p12
@end smallexample
+ at end cartouche
You will be asked for the pkcs#12 passphrase and a new passphrase to
protect the imported private key at its new location.
@@ -230,7 +235,7 @@ gpg: fatal: WriteConsole failed: Access denied
@end smallexample
@noindent
-The solution is to use the command @command{wineconsole}.
+The solution is to use the command @command{wineconsole}.
Some operations like gen-key really want to talk to the console directly
for increased security (for example to prevent the passphrase from
diff --git a/doc/gnupg-logo.pdf b/doc/gnupg-logo.pdf
deleted file mode 100644
index 84a3470..0000000
Binary files a/doc/gnupg-logo.pdf and /dev/null differ
diff --git a/doc/gnupg-logo.png b/doc/gnupg-logo.png
index 73cf00a..a1556df 100644
Binary files a/doc/gnupg-logo.png and b/doc/gnupg-logo.png differ
diff --git a/doc/gnupg.texi b/doc/gnupg.texi
index 1f0682b..875b8e4 100644
--- a/doc/gnupg.texi
+++ b/doc/gnupg.texi
@@ -29,12 +29,13 @@ This is the @cite{The GNU Privacy Guard Manual} (version
@value{VERSION}, @value{UPDATED-MONTH}).
@iftex
-Published by the Free Software Foundation@*
-51 Franklin St, Fifth Floor@*
-Boston, MA 02110-1301 USA
+Published by The GnuPG Project@*
+ at url{https://gnupg.org}@*
+(or @url{http://ic6au7wa3f6naxjq.onion})
@end iftex
-Copyright @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.
+ at copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.@*
+ at copyright{} 2013, 2014 Werner Koch.
@quotation
Permission is granted to copy, distribute and/or modify this document
@@ -92,11 +93,11 @@ section entitled ``Copying''.
@sp 3
- at image{gnupg-logo,16cm,,The GnuPG Logo}
+ at image{gnupg-logo,,,The GnuPG Logo}
@sp 3
- at author Werner Koch (@email{wk@@gnupg.org})
+ at author The GnuPG Project (@url{https://gnupg.org})
@page
@vskip 0pt plus 1filll
diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi
index c3dfd82..b42d353 100644
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@@ -597,7 +597,8 @@ agent. By default they may all be found in the current home directory
Here is an example where two keys are marked as ultimately trusted
and one as not trusted:
- @example
+ @cartouche
+ @smallexample
# CN=Wurzel ZS 3,O=Intevation GmbH,C=DE
A6935DD34EF3087973C706FC311AA2CCF733765B S
@@ -606,7 +607,8 @@ agent. By default they may all be found in the current home directory
# CN=Root-CA/O=Schlapphuete/L=Pullach/C=DE
!14:56:98:D3:FE:9C:CA:5A:31:6E:BC:81:D3:11:4E:00:90:A3:44:C2 S
- @end example
+ @end smallexample
+ @end cartouche
Before entering a key into this file, you need to ensure its
authenticity. How to do this depends on your organisation; your
@@ -669,11 +671,13 @@ The following example lists exactly one key. Note that keys available
through a OpenPGP smartcard in the active smartcard reader are
implicitly added to this list; i.e. there is no need to list them.
- @example
+ @cartouche
+ @smallexample
# Key added on: 2011-07-20 20:38:46
# Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81
34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm
- @end example
+ @end smallexample
+ @end cartouche
@item private-keys-v1.d/
@@ -892,8 +896,8 @@ If the decryption was successful the decrypted data is returned by
means of "D" lines.
Here is an example session:
-
- at example
+ at cartouche
+ at smallexample
C: PKDECRYPT
S: INQUIRE CIPHERTEXT
C: D (enc-val elg (a 349324324)
@@ -903,7 +907,8 @@ Here is an example session:
S: S PADDING 0
S: D (value 1234567890ABCDEF0)
S: OK descryption successful
- at end example
+ at end smallexample
+ at end cartouche
The ?PADDING? status line is only send if gpg-agent can tell what kind
of padding is used. As of now only the value 0 is used to indicate
@@ -937,10 +942,15 @@ must be given. Valid names for are:
@table @code
@item sha1
+The SHA-1 hash algorithm
@item sha256
+The SHA-256 hash algorithm
@item rmd160
+The RIPE-MD160 hash algorithm
@item md5
+The old and broken MD5 hash algorithm
@item tls-md5sha1
+A combined hash algorithm as used by the TLS protocol.
@end table
@noindent
@@ -977,8 +987,8 @@ caching.
Here is an example session:
-
- at example
+ at cartouche
+ at smallexample
C: SIGKEY
S: OK key available
C: SIGKEY
@@ -992,8 +1002,8 @@ Here is an example session:
S: # signature follows
S: D (sig-val rsa (s 45435453654612121212))
S: OK
- at end example
-
+ at end smallexample
+ at end cartouche
@node Agent GENKEY
@subsection Generating a Key
@@ -1043,8 +1053,8 @@ like S-Expression like this:
@end example
Here is an example session:
-
- at example
+ at cartouche
+ at smallexample
C: GENKEY
S: INQUIRE KEYPARM
C: D (genkey (rsa (nbits 1024)))
@@ -1052,7 +1062,8 @@ Here is an example session:
S: D (public-key
S: D (rsa (n 326487324683264) (e 10001)))
S OK key created
- at end example
+ at end smallexample
+ at end cartouche
@ifset gpgtwoone
The @option{--no-protection} option may be used to prevent prompting for a
@@ -1170,7 +1181,9 @@ special handling of passphrases. This command uses a syntax which helps
clients to use the agent with minimum effort.
@example
- GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] [--qualitybar] @var{cache_id} [@var{error_message} @var{prompt} @var{description}]
+ GET_PASSPHRASE [--data] [--check] [--no-ask] [--repeat[=N]] \
+ [--qualitybar] @var{cache_id} \
+ [@var{error_message} @var{prompt} @var{description}]
@end example
@var{cache_id} is expected to be a string used to identify a cached
diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi
index 1a4b6d7..861c898 100644
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@@ -178,7 +178,8 @@ show memory statistics.
@item 9 (512)
write hashed data to files named @code{dbgmd-000*}
@item 10 (1024)
-trace Assuan protocol. See also option @option{--debug-assuan-log-cats}.
+trace Assuan protocol.
+See also option @option{--debug-assuan-log-cats}.
@item 11 (2048)
trace APDU I/O to the card. This may reveal sensitive data.
@item 12 (4096)
@@ -268,10 +269,12 @@ a list of available readers. The default is then the first reader
found.
To get a list of available CCID readers you may use this command:
+ at cartouche
@smallexample
-echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
+ echo scd getinfo reader_list \
+ | gpg-connect-agent --decode | awk '/^D/ @{print $2@}'
@end smallexample
-
+ at end cartouche
@item --card-timeout @var{n}
@opindex card-timeout
@@ -347,8 +350,9 @@ This application is currently only used by @command{gpg} but may in
future also be useful with @command{gpgsm}. Version 1 and version 2 of
the card is supported.
-The specifications for these cards are available at
- at uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and
+ at noindent
+The specifications for these cards are available at@*
+ at uref{http://g10code.com/docs/openpgp-card-1.0.pdf} and@*
@uref{http://g10code.com/docs/openpgp-card-2.0.pdf}.
@node NKS Card
commit f149e05427a370f5985bc3fb142370b043f19924
Author: Werner Koch
Date: Tue Jun 3 13:34:24 2014 +0200
doc: Update for modern makeinfo.
* doc/texi.css: Remove.
* doc/Makefile.am (AM_MAKEINFOFLAGS): Use --css-ref.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 4d6d475..43d69cd 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -34,7 +34,7 @@ EXTRA_DIST = samplekeys.asc mksamplekeys \
gnupg-card-architecture.pdf \
FAQ gnupg7.texi \
opt-homedir.texi see-also-note.texi specify-user-id.texi \
- gpgv.texi texi.css yat2m.c ChangeLog-2011
+ gpgv.texi yat2m.c ChangeLog-2011
BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
gnupg-card-architecture.pdf
@@ -57,7 +57,7 @@ gnupg_TEXINFOS = \
DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips
-AM_MAKEINFOFLAGS = -I $(srcdir) --css-include=$(srcdir)/texi.css -D gpgtwoone
+AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css -D gpgtwoone
YAT2M_OPTIONS = -I $(srcdir) -D gpgtwoone \
--release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
@@ -130,15 +130,15 @@ online: gnupg.html gnupg.pdf
set -e; \
echo "Uploading current manuals to www.gnupg.org ..."; \
cp $(srcdir)/gnupg-logo-tr.png gnupg.html/; \
- user=werner ; dashdevel="" ; \
+ user=werner ; webhost="ftp.gnupg.org" ; dashdevel="" ; \
if echo "@PACKAGE_VERSION@" | grep -- "-git" >/dev/null; then \
dashdevel="-devel" ; \
else \
- rsync -v gnupg.pdf $${user}@cvs.gnupg.org:webspace/manuals/ ; \
+ rsync -v gnupg.pdf $${user}@$${webhost}:webspace/manuals/ ; \
fi ; \
cd gnupg.html ; \
- rsync -vr --exclude='.svn' . \
- $${user}@cvs.gnupg.org:webspace/manuals/gnupg$${dashdevel}/
+ rsync -vr --exclude='.git' . \
+ $${user}@$${webhost}:webspace/manuals/gnupg$${dashdevel}/
# Note that you need a recent version of emacs23 with org-mode 7.01h
faq.txt faq.html: faq.org
@@ -155,8 +155,8 @@ faq.txt faq.html: faq.org
faq-online: faq.txt faq.html
set -e; \
- user=werner ; \
+ user=werner ; webhost="ftp.gnupg.org" ; ftphost="ftp.gnupg.org" ; \
echo "Uploading current FAQ to {www,ftp}.gnupg.org ..."; \
- scp faq.html $${user}@ftp.gnupg.org:webspace/manuals/GnuPG-FAQ.html ; \
- scp faq.txt $${user}@ftp.gnupg.org:gcrypt/gnupg/GnuPG-FAQ.txt ; \
+ scp faq.html $${user}@$${webhost}:webspace/manuals/GnuPG-FAQ.html ; \
+ scp faq.txt $${user}@$${ftphost}:gcrypt/gnupg/GnuPG-FAQ.txt ; \
echo "...ready"
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9a6782a..9c52282 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2330,12 +2330,17 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
available, but the MIT release is a good common baseline.
-This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs
+This option implies
+ at ifset gpgone
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs
+ --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
+ at end ifset
@ifclear gpgone
---allow-weak-digest-algos
+ at option{--rfc1991 --disable-mdc --no-force-v4-certs
+ --escape-from-lines --force-v3-sigs --allow-weak-digest-algos
+ --cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
@end ifclear
---cipher-algo IDEA --digest-algo MD5 --compress-algo ZIP}.
It also disables @option{--textmode} when encrypting.
@item --pgp6
-----------------------------------------------------------------------
Summary of changes:
artwork/gnupg-logo-420x135tr.png | Bin 0 -> 14471 bytes
doc/Makefile.am | 18 ++++++++--------
doc/debugging.texi | 13 ++++++++----
doc/gnupg-logo.pdf | Bin 11736 -> 0 bytes
doc/gnupg-logo.png | Bin 8988 -> 14471 bytes
doc/gnupg.texi | 13 ++++++------
doc/gpg-agent.texi | 43 +++++++++++++++++++++++++-------------
doc/gpg.texi | 13 ++++++++----
doc/scdaemon.texi | 14 ++++++++-----
9 files changed, 71 insertions(+), 43 deletions(-)
create mode 100644 artwork/gnupg-logo-420x135tr.png
delete mode 100644 doc/gnupg-logo.pdf
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jun 25 17:21:17 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 25 Jun 2014 17:21:17 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.24-4-g045c979
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit)
via 044847a0e2013a2833605c1a9f80cfa6ef353309 (commit)
via 616126530f92ab31abcbf3fad9a34532e378355d (commit)
from 6aa0464db9785a5f9d63b3ff826500b4e2dd7c0e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 045c979a7673112bdb4e04f1bc7d3d4afbc775f8
Author: Werner Koch
Date: Wed Jun 25 17:16:40 2014 +0200
agent: Let gpg-protect-tool pass envvars to pinentry.
* agent/protect-tool.c (opt_session_env): New.
(main): Pass session environment object to
gnupg_prepare_get_passphrase.
--
GnuPG-bug-id: 1402
The full story can be found at
https://bugzilla.redhat.com/show_bug.cgi?id=548528
Sorry for the delay.
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index dc040f9..aff0abd 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -47,8 +47,8 @@
#include "estream.h"
-enum cmd_and_opt_values
-{
+enum cmd_and_opt_values
+{
aNull = 0,
oVerbose = 'v',
oArmor = 'a',
@@ -56,7 +56,7 @@ enum cmd_and_opt_values
oProtect = 'p',
oUnprotect = 'u',
-
+
oNoVerbose = 500,
oShadow,
oShowShadowInfo,
@@ -73,13 +73,13 @@ enum cmd_and_opt_values
oNoFailOnExist,
oHomedir,
oPrompt,
- oStatusMsg,
+ oStatusMsg,
oAgentProgram
};
-struct rsa_secret_key_s
+struct rsa_secret_key_s
{
gcry_mpi_t n; /* public modulus */
gcry_mpi_t e; /* public exponent */
@@ -101,7 +101,8 @@ static const char *opt_passphrase;
static char *opt_prompt;
static int opt_status_msg;
static const char *opt_p12_charset;
-static const char *opt_agent_program;
+static const char *opt_agent_program;
+static session_env_t opt_session_env;
static char *get_passphrase (int promptno);
static void release_passphrase (char *pw);
@@ -117,13 +118,13 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_c (oShadow, "shadow", "create a shadow entry for a public key"),
ARGPARSE_c (oShowShadowInfo, "show-shadow-info", "return the shadow info"),
ARGPARSE_c (oShowKeygrip, "show-keygrip", "show the \"keygrip\""),
- ARGPARSE_c (oP12Import, "p12-import",
+ ARGPARSE_c (oP12Import, "p12-import",
"import a pkcs#12 encoded private key"),
ARGPARSE_c (oP12Export, "p12-export",
"export a private key pkcs#12 encoded"),
ARGPARSE_c (oS2Kcalibration, "s2k-calibration", "@"),
-
+
ARGPARSE_group (301, N_("@\nOptions:\n ")),
ARGPARSE_s_n (oVerbose, "verbose", "verbose"),
@@ -135,14 +136,14 @@ static ARGPARSE_OPTS opts[] = {
"|NAME|set charset for a new PKCS#12 passphrase to NAME"),
ARGPARSE_s_n (oHaveCert, "have-cert",
"certificate to export provided on STDIN"),
- ARGPARSE_s_n (oStore, "store",
+ ARGPARSE_s_n (oStore, "store",
"store the created key in the appropriate place"),
- ARGPARSE_s_n (oForce, "force",
+ ARGPARSE_s_n (oForce, "force",
"force overwriting"),
ARGPARSE_s_n (oNoFailOnExist, "no-fail-on-exist", "@"),
- ARGPARSE_s_s (oHomedir, "homedir", "@"),
- ARGPARSE_s_s (oPrompt, "prompt",
- "|ESCSTRING|use ESCSTRING as prompt in pinentry"),
+ ARGPARSE_s_s (oHomedir, "homedir", "@"),
+ ARGPARSE_s_s (oPrompt, "prompt",
+ "|ESCSTRING|use ESCSTRING as prompt in pinentry"),
ARGPARSE_s_n (oStatusMsg, "enable-status-msg", "@"),
ARGPARSE_s_s (oAgentProgram, "agent-program", "@"),
@@ -168,7 +169,7 @@ my_strusage (int level)
case 41: p = _("Syntax: gpg-protect-tool [options] [args]\n"
"Secret key maintenance tool\n");
break;
-
+
default: p = NULL;
}
return p;
@@ -249,7 +250,7 @@ read_file (const char *fname, size_t *r_length)
FILE *fp;
char *buf;
size_t buflen;
-
+
if (!strcmp (fname, "-"))
{
size_t nread, bufsize = 0;
@@ -261,7 +262,7 @@ read_file (const char *fname, size_t *r_length)
buf = NULL;
buflen = 0;
#define NCHUNK 8192
- do
+ do
{
bufsize += NCHUNK;
if (!buf)
@@ -292,14 +293,14 @@ read_file (const char *fname, size_t *r_length)
log_error ("can't open `%s': %s\n", fname, strerror (errno));
return NULL;
}
-
+
if (fstat (fileno(fp), &st))
{
log_error ("can't stat `%s': %s\n", fname, strerror (errno));
fclose (fp);
return NULL;
}
-
+
buflen = st.st_size;
buf = xmalloc (buflen+1);
if (fread (buf, buflen, 1, fp) != 1)
@@ -323,7 +324,7 @@ read_key (const char *fname)
char *buf;
size_t buflen;
unsigned char *key;
-
+
buf = read_file (fname, &buflen);
if (!buf)
return NULL;
@@ -342,7 +343,7 @@ read_and_protect (const char *fname)
unsigned char *result;
size_t resultlen;
char *pw;
-
+
key = read_key (fname);
if (!key)
return;
@@ -356,7 +357,7 @@ read_and_protect (const char *fname)
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
return;
}
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -386,7 +387,7 @@ read_and_unprotect (const char *fname)
if (!key)
return;
- rc = agent_unprotect (key, (pw=get_passphrase (1)),
+ rc = agent_unprotect (key, (pw=get_passphrase (1)),
protected_at, &result, &resultlen);
release_passphrase (pw);
xfree (key);
@@ -427,7 +428,7 @@ read_and_shadow (const char *fname)
unsigned char *result;
size_t resultlen;
unsigned char dummy_info[] = "(8:313233342:43)";
-
+
key = read_key (fname);
if (!key)
return;
@@ -441,7 +442,7 @@ read_and_shadow (const char *fname)
}
resultlen = gcry_sexp_canon_len (result, 0, NULL,NULL);
assert (resultlen);
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -463,7 +464,7 @@ show_shadow_info (const char *fname)
unsigned char *key;
const unsigned char *info;
size_t infolen;
-
+
key = read_key (fname);
if (!key)
return;
@@ -477,7 +478,7 @@ show_shadow_info (const char *fname)
}
infolen = gcry_sexp_canon_len (info, 0, NULL,NULL);
assert (infolen);
-
+
if (opt_armor)
{
char *p = make_advanced (info, infolen);
@@ -497,14 +498,14 @@ show_file (const char *fname)
unsigned char *key;
size_t keylen;
char *p;
-
+
key = read_key (fname);
if (!key)
return;
keylen = gcry_sexp_canon_len (key, 0, NULL,NULL);
assert (keylen);
-
+
if (opt_canonical)
{
fwrite (key, keylen, 1, stdout);
@@ -528,7 +529,7 @@ show_keygrip (const char *fname)
gcry_sexp_t private;
unsigned char grip[20];
int i;
-
+
key = read_key (fname);
if (!key)
return;
@@ -537,7 +538,7 @@ show_keygrip (const char *fname)
{
log_error ("gcry_sexp_new failed\n");
return;
- }
+ }
xfree (key);
if (!gcry_pk_get_keygrip (private, grip))
@@ -672,7 +673,7 @@ import_p12_file (const char *fname)
char *pw;
/* fixme: we should release some stuff on error */
-
+
buf = read_file (fname, &buflen);
if (!buf)
return;
@@ -776,7 +777,7 @@ import_p12_file (const char *fname)
log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
return;
}
-
+
if (opt_armor)
{
char *p = make_advanced (result, resultlen);
@@ -810,7 +811,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
list = gcry_sexp_find_token (sexp, "private-key", 0 );
if(!list)
- return NULL;
+ return NULL;
l2 = gcry_sexp_cadr (list);
gcry_sexp_release (list);
list = l2;
@@ -824,7 +825,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
/* Parameter names used with RSA. */
elems = "nedpqu";
array = xcalloc (strlen(elems) + 1, sizeof *array);
- for (idx=0, s=elems; *s; s++, idx++ )
+ for (idx=0, s=elems; *s; s++, idx++ )
{
l2 = gcry_sexp_find_token (list, s, 1);
if (!l2)
@@ -846,7 +847,7 @@ sexp_to_kparms (gcry_sexp_t sexp)
return NULL; /* required parameter is invalid */
}
}
-
+
gcry_sexp_release (list);
return array;
}
@@ -859,9 +860,9 @@ is_keygrip (const char *string)
{
int i;
- for(i=0; string[i] && i < 41; i++)
+ for(i=0; string[i] && i < 41; i++)
if (!strchr("01234567890ABCDEF", string[i]))
- return 0;
+ return 0;
return i == 40;
}
@@ -886,7 +887,7 @@ export_p12_file (const char *fname)
{
char hexgrip[40+4+1];
char *p;
-
+
assert (strlen(fname) == 40);
strcpy (stpcpy (hexgrip, fname), ".key");
@@ -960,7 +961,7 @@ export_p12_file (const char *fname)
xfree (key);
xfree (cert);
return;
- }
+ }
wipememory (key, keylen_for_wipe);
xfree (key);
@@ -971,7 +972,7 @@ export_p12_file (const char *fname)
log_error ("error converting key parameters\n");
xfree (cert);
return;
- }
+ }
sk.n = kp[0];
sk.e = kp[1];
sk.d = kp[2];
@@ -980,7 +981,7 @@ export_p12_file (const char *fname)
sk.u = kp[5];
xfree (kp);
-
+
kparms[0] = sk.n;
kparms[1] = sk.e;
kparms[2] = sk.d;
@@ -988,10 +989,10 @@ export_p12_file (const char *fname)
kparms[4] = sk.p;
kparms[5] = gcry_mpi_snew (0); /* compute d mod (p-1) */
gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
- gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
+ gcry_mpi_mod (kparms[5], sk.d, kparms[5]);
kparms[6] = gcry_mpi_snew (0); /* compute d mod (q-1) */
gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
- gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
+ gcry_mpi_mod (kparms[6], sk.d, kparms[6]);
kparms[7] = sk.u;
kparms[8] = NULL;
@@ -1003,7 +1004,7 @@ export_p12_file (const char *fname)
gcry_mpi_release (kparms[i]);
if (!key)
return;
-
+
#ifdef HAVE_DOSISH_SYSTEM
setmode ( fileno (stdout) , O_BINARY );
#endif
@@ -1022,7 +1023,7 @@ main (int argc, char **argv )
set_strusage (my_strusage);
gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
- log_set_prefix ("gpg-protect-tool", 1);
+ log_set_prefix ("gpg-protect-tool", 1);
/* Make sure that our subsystems are ready. */
i18n_init ();
@@ -1040,6 +1041,7 @@ main (int argc, char **argv )
opt_homedir = default_homedir ();
+ opt_session_env = session_env_new ();
pargs.argc = &argc;
pargs.argv = &argv;
@@ -1073,7 +1075,7 @@ main (int argc, char **argv )
case oHaveCert: opt_have_cert = 1; break;
case oPrompt: opt_prompt = pargs.r.ret_str; break;
case oStatusMsg: opt_status_msg = 1; break;
-
+
default: pargs.err = ARGPARSE_PRINT_ERROR; break;
}
}
@@ -1091,7 +1093,7 @@ main (int argc, char **argv )
opt.verbose,
opt_homedir,
opt_agent_program,
- NULL, NULL, NULL);
+ NULL, NULL, opt_session_env);
if (opt_prompt)
opt_prompt = percent_plus_unescape (opt_prompt, 0);
@@ -1127,6 +1129,8 @@ void
agent_exit (int rc)
{
rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+ session_env_release (opt_session_env);
+ opt_session_env = NULL;
exit (rc);
}
@@ -1147,7 +1151,7 @@ get_passphrase (int promptno)
const char *desc;
char *orig_codeset;
int repeat = 0;
-
+
if (opt_passphrase)
return xstrdup (opt_passphrase);
@@ -1214,7 +1218,7 @@ store_private_key (const unsigned char *grip,
char *fname;
estream_t fp;
char hexgrip[40+4+1];
-
+
bin2hex (grip, 20, hexgrip);
strcpy (hexgrip+40, ".key");
@@ -1236,11 +1240,11 @@ store_private_key (const unsigned char *grip,
}
/* FWIW: Under Windows Vista the standard fopen in the msvcrt
fails if the "x" GNU extension is used. */
- fp = es_fopen (fname, "wbx");
+ fp = es_fopen (fname, "wbx");
}
- if (!fp)
- {
+ if (!fp)
+ {
log_error ("can't create `%s': %s\n", fname, strerror (errno));
xfree (fname);
return -1;
commit 044847a0e2013a2833605c1a9f80cfa6ef353309
Author: Werner Koch
Date: Wed Jun 25 14:33:34 2014 +0200
gpg: Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--
This is a fix for commit 5e933008.
The old code did only work for a single key. It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 83a4b95..aa41536 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -982,13 +982,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+/* Structure to convey the arg to keyserver_retrieval_filter. */
+struct ks_retrieval_filter_arg_s
+{
+ KEYDB_SEARCH_DESC *desc;
+ int ndesc;
+};
+
+
/* Check whether a key matches the search description. The filter
returns 0 if the key shall be imported. Note that this kind of
filter is not related to the iobuf filters. */
static int
-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk,
+ void *opaque)
{
- KEYDB_SEARCH_DESC *desc = arg;
+ struct ks_retrieval_filter_arg_s *arg = opaque;
+ KEYDB_SEARCH_DESC *desc = arg->desc;
+ int ndesc = arg->ndesc;
+ int n;
u32 keyid[2];
byte fpr[MAX_FINGERPRINT_LEN];
size_t fpr_len = 0;
@@ -997,32 +1009,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
if (sk)
return G10ERR_GENERAL;
+ if (!ndesc)
+ return 0; /* Okay if no description given. */
+
fingerprint_from_pk (pk, fpr, &fpr_len);
keyid_from_pk (pk, keyid);
/* Compare requested and returned fingerprints if available. */
- if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
- {
- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
- {
- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
- {
- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ for (n = 0; n < ndesc; n++)
{
- if (keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
+ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else
+ return 0;
}
- return 0;
+ return G10ERR_GENERAL;
}
@@ -1535,6 +1555,7 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
case KS_GETNAME:
{
void *stats_handle;
+ struct ks_retrieval_filter_arg_s filterarg;
stats_handle=import_new_stats_handle();
@@ -1547,11 +1568,12 @@ keyserver_spawn (enum ks_action action, strlist_t list, KEYDB_SEARCH_DESC *desc,
that we don't allow the import of secret keys from a
keyserver. Keyservers should never accept or send them
but we better protect against rogue keyservers. */
-
+ filterarg.desc = desc;
+ filterarg.ndesc = count;
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
(opt.keyserver_options.import_options
| IMPORT_NO_SECKEY),
- keyserver_retrieval_filter, desc);
+ keyserver_retrieval_filter, &filterarg);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
commit 616126530f92ab31abcbf3fad9a34532e378355d
Author: Werner Koch
Date: Tue Jun 24 20:12:26 2014 +0200
Add CVE number
--
diff --git a/NEWS b/NEWS
index 3800c35..cffc774 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ Noteworthy changes in version 2.0.25 (unreleased)
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
- * gpg: Avoid DoS due to garbled compressed data packets.
+ * gpg: Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]
* gpg: Screen keyserver responses to avoid importing unwanted keys
from rogue servers.
diff --git a/announce.txt b/announce.txt
index f4d046d..61c6ee2 100644
--- a/announce.txt
+++ b/announce.txt
@@ -5,8 +5,9 @@ Mail-Followup-To: gnupg-users at gnupg.org
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
-release: Version 2.0.23. This is a maintenace release with a few
-new features.
+release: Version 2.0.24. This release includes a *security fix* to
+stop a possible DoS using garbled compressed data packets which can
+be used to put gpg into an infinite loop.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
@@ -15,7 +16,7 @@ framework for public key cryptography. It includes an advanced key
management facility and is compliant with the OpenPGP and S/MIME
standards.
-GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.14) in
+GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.17) in
that it splits up functionality into several modules. However, both
versions may be installed alongside without any conflict. In fact,
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
@@ -30,59 +31,50 @@ GnuPG is distributed under the terms of the GNU General Public License
also available for other Unices, Microsoft Windows and Mac OS X.
-What's New in 2.0.23
+What's New in 2.0.24
====================
- * gpg: Reject signatures made using the MD5 hash algorithm unless the
- new option --allow-weak-digest-algos or --pgp2 are given.
+ * gpg: Avoid DoS due to garbled compressed data packets.
- * gpg: Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Screen keyserver responses to avoid importing unwanted keys
+ from rogue servers.
- * gpg: Only the major version number is by default included in the
- armored output.
+ * gpg: The validity of user ids is now shown by default. To revert
+ this add "list-options no-show-uid-validity" to gpg.conf.
- * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
- communication with the gpg-agent.
+ * gpg: Print more specific reason codes with the INV_RECP status.
- * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
- aligned to the regular key listing ("gpg -k").
+ * gpg: Allow loading of a cert only key to an OpenPGP card.
- * gpg: The option--show-session-key prints its output now before the
- decryption of the bulk message starts.
-
- * gpg: New %U expando for the photo viewer.
-
- * gpgsm: Improved handling of re-issued CA certificates.
-
- * scdaemon: Various fixes for pinpad equipped card readers.
+ * gpg-agent: Make ssh support for ECDSA keys work with Libgcrypt 1.6.
* Minor bug fixes.
-
Getting the Software
====================
Please follow the instructions found at https://www.gnupg.org/download/
or read on:
-GnuPG 2.0.23 may be downloaded from one of the GnuPG mirror sites or
+GnuPG 2.0.24 may be downloaded from one of the GnuPG mirror sites or
direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors
can be found at https://www.gnupg.org/mirrors.html . Note that GnuPG
is not available at ftp.gnu.org.
-On the FTP server and its mirrors you should find the following files
-in the gnupg/ directory:
+On ftp.gnupg.org and on its mirrors you should find the following new
+files in the gnupg/ directory:
- gnupg-2.0.23.tar.bz2 (4196k)
- gnupg-2.0.23.tar.bz2.sig
+ - The GnuPG-2 source code compressed using BZIP2 and its OpenPGP
+ signature:
- GnuPG source compressed using BZIP2 and its OpenPGP signature.
+ gnupg-2.0.24.tar.bz2 (4201k)
+ gnupg-2.0.24.tar.bz2.sig
- gnupg-2.0.22-2.0.23.diff.bz2 (53k)
+ - A patch file to upgrade a 2.0.23 GnuPG source tree. This patch does
+ not include updates of the language files.
- A patch file to upgrade a 2.0.22 GnuPG source tree. This patch
- does not include updates of the language files.
+ gnupg-2.0.23-2.0.24.diff.bz2 (20k)
Note, that we don't distribute gzip compressed tarballs for GnuPG-2.
A Windows version will eventually be released at https://gpg4win.org .
@@ -97,9 +89,9 @@ the following ways:
* If you already have a trusted version of GnuPG installed, you
can simply check the supplied signature. For example to check the
- signature of the file gnupg-2.0.23.tar.bz2 you would use this command:
+ signature of the file gnupg-2.0.24.tar.bz2 you would use this command:
- gpg --verify gnupg-2.0.23.tar.bz2.sig
+ gpg --verify gnupg-2.0.24.tar.bz2.sig
This checks whether the signature file matches the source file.
You should see a message indicating that the signature is good and
@@ -122,15 +114,15 @@ the following ways:
* If you are not able to use an old version of GnuPG, you have to verify
the SHA-1 checksum. Assuming you downloaded the file
- gnupg-2.0.23.tar.bz2, you would run the sha1sum command like this:
+ gnupg-2.0.24.tar.bz2, you would run the sha1sum command like this:
- sha1sum gnupg-2.0.23.tar.bz2
+ sha1sum gnupg-2.0.24.tar.bz2
and check that the output matches the first line from the
following list:
-c90e47ab95a40dd070fd75faef0a05c7b679553b gnupg-2.0.23.tar.bz2
-e02cfab2bc046f9fac89eef098c34f58b5745d20 gnupg-2.0.22-2.0.23.diff.bz2
+010e027d5f622778cadc4c124013fe515ed705cf gnupg-2.0.24.tar.bz2
+594d7f91ba4fc215345f18afee46c4aa9f2b3303 gnupg-2.0.23-2.0.24.diff.bz2
Documentation
@@ -176,11 +168,6 @@ GnuPG and related software takes up most of their resources. To allow
him to continue this work he kindly asks to either purchase a support
contract, engage g10 Code for custom enhancements, or to donate money:
-Maintaining and improving GnuPG is costly. For more than a decade,
-g10 Code GmbH, a German company owned and headed by GnuPG's principal
-author Werner Koch, is bearing the majority of these costs. To help
-them carry on this work, they need your support. See
-
https://gnupg.org/donate/
-----------------------------------------------------------------------
Summary of changes:
NEWS | 2 +-
agent/protect-tool.c | 108 ++++++++++++++++++++++++++------------------------
announce.txt | 71 ++++++++++++++-------------------
g10/keyserver.c | 68 ++++++++++++++++++++-----------
4 files changed, 131 insertions(+), 118 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 26 15:47:28 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 26 Jun 2014 15:47:28 +0200
Subject: [git] GPGME - branch, master, updated. gpgme-1.5.0-5-g68116fa
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG Made Easy".
The branch, master has been updated
via 68116fa5f67238a60bb8be375cc959262fa021d3 (commit)
via efaf42205c5578c45bd1249cf777d893623eae35 (commit)
from 86260b47c9e306e325103d1af767842357647e60 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 68116fa5f67238a60bb8be375cc959262fa021d3
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
w32: Get IOSPAWN flag back in sync with spawn helper.
* src/gpgme-w32spawn.c: Include priv-io.h.
diff --git a/src/gpgme-w32spawn.c b/src/gpgme-w32spawn.c
index 8a4ab54..b510ba3 100644
--- a/src/gpgme-w32spawn.c
+++ b/src/gpgme-w32spawn.c
@@ -36,10 +36,8 @@
#endif
#include
#include
-#include
-/* Flag values as used by gpgme. */
-#define IOSPAWN_FLAG_ALLOW_SET_FG 1
+#include "priv-io.h"
/* Name of this program. */
@@ -47,15 +45,6 @@
-struct spawn_fd_item_s
-{
- int handle;
- int dup_to;
- int peer_name;
- int arg_loc;
-};
-
-
static char *
build_commandline (char **argv)
{
@@ -160,7 +149,7 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags)
fprintf (stderr, PGM": spawning: %s\n", arg_string);
- for (i = 0; fd_list[i].handle != -1; i++)
+ for (i = 0; fd_list[i].fd != -1; i++)
{
/* The handle already is inheritable. */
if (fd_list[i].dup_to == 0)
@@ -240,8 +229,8 @@ my_spawn (char **argv, struct spawn_fd_item_s *fd_list, unsigned int flags)
if (hnul != INVALID_HANDLE_VALUE)
CloseHandle (hnul);
- for (i = 0; fd_list[i].handle != -1; i++)
- CloseHandle ((HANDLE) fd_list[i].handle);
+ for (i = 0; fd_list[i].fd != -1; i++)
+ CloseHandle ((HANDLE) fd_list[i].fd);
if (flags & IOSPAWN_FLAG_ALLOW_SET_FG)
{
@@ -379,12 +368,12 @@ translate_get_from_file (const char *trans_file,
break;
linep = tail;
- fd_list[idx].handle = from;
+ fd_list[idx].fd = from;
fd_list[idx].dup_to = dup_to;
fd_list[idx].peer_name = to;
fd_list[idx].arg_loc = loc;
}
- fd_list[idx].handle = -1;
+ fd_list[idx].fd = -1;
fd_list[idx].dup_to = -1;
fd_list[idx].peer_name = -1;
fd_list[idx].arg_loc = 0;
@@ -420,7 +409,7 @@ translate_handles (const char *trans_file, const char * const *argv,
args[idx] = NULL;
n_args = idx;
- for (idx = 0; fd_list[idx].handle != -1; idx++)
+ for (idx = 0; fd_list[idx].fd != -1; idx++)
{
char buf[25];
int aidx;
diff --git a/src/priv-io.h b/src/priv-io.h
index 583f06a..2306175 100644
--- a/src/priv-io.h
+++ b/src/priv-io.h
@@ -26,6 +26,7 @@
# ifdef HAVE_W32CE_SYSTEM
# include "w32-ce.h"
# endif
+# include
# include
#else
# include
commit efaf42205c5578c45bd1249cf777d893623eae35
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
w32: Add comment about a compiler warning
--
diff --git a/src/assuan-support.c b/src/assuan-support.c
index 0a11d9f..745d2aa 100644
--- a/src/assuan-support.c
+++ b/src/assuan-support.c
@@ -238,6 +238,12 @@ my_connect (assuan_context_t ctx, int sock, struct sockaddr *addr,
}
+/* Note for Windows: Ignore the incompatible pointer type warning for
+ my_read and my_write. Mingw has been changed to use int for
+ ssize_t on 32 bit systems while we use long. For 64 bit we use
+ int64_t while mingw uses __int64_t. It doe not matter at all
+ because under Windows long and int are both 32 bit even on 64
+ bit. */
struct assuan_system_hooks _gpgme_assuan_system_hooks =
{
ASSUAN_SYSTEM_HOOKS_VERSION,
-----------------------------------------------------------------------
Summary of changes:
src/assuan-support.c | 6 ++++++
src/gpgme-w32spawn.c | 25 +++++++------------------
src/priv-io.h | 1 +
3 files changed, 14 insertions(+), 18 deletions(-)
hooks/post-receive
--
GnuPG Made Easy
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 26 17:37:51 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 26 Jun 2014 17:37:51 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-25-gc0d1e7f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 (commit)
via 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a (commit)
via 572502bd2c0637429bca547ba882629640477495 (commit)
via c029a184d6a1a96c6de234835fff97d4e946b19c (commit)
via 2480b0253166712a2f20b92f34c8e4c2db0fc26f (commit)
from b5f95c1b566f9530127f3f34e10d120a951cf428 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c0d1e7fca95629e1cddd7d129fa51b9a6556cb70
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Enable DNS SRV records again.
* configure.ac (GPGKEYS_HKP, GPGKEYS_FINGER): Remove ac_subst.
(use_dns_srv): Make test work.
diff --git a/configure.ac b/configure.ac
index 309b2bc..8b23179 100644
--- a/configure.ac
+++ b/configure.ac
@@ -735,15 +735,6 @@ fi
# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
-if test x"$try_hkp" = xyes ; then
- AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
-fi
-
-if test x"$try_finger" = xyes ; then
- AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
-fi
-
-
#
# Checks for libraries.
@@ -925,12 +916,10 @@ AC_CHECK_FUNCS(adns_free)
#
# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
#
-if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
- AC_ARG_ENABLE(dns-srv,
- AC_HELP_STRING([--disable-dns-srv],
- [disable the use of DNS SRV in HKP and HTTP]),
- use_dns_srv=$enableval,use_dns_srv=yes)
-fi
+AC_ARG_ENABLE(dns-srv,
+ AC_HELP_STRING([--disable-dns-srv],
+ [disable the use of DNS SRV in HKP and HTTP]),
+ use_dns_srv=$enableval,use_dns_srv=yes)
AC_ARG_ENABLE(dns-pka,
AC_HELP_STRING([--disable-dns-pka],
commit 9a034acf8ab6f85c65ccc75a4fd7b8dd47b73e3a
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
agent: Fix export of RSA keys to OpenPGP.
* agent/cvt-openpgp.c (convert_transfer_key): Fix sexp build format
string.
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index 1b4c9d5..58327c6 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -192,7 +192,7 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey,
case GCRY_PK_RSA:
err = gcry_sexp_build
(&s_skey, NULL,
- "(protected-private-key(rsa(n%m)(e%m)",
+ "(protected-private-key(rsa(n%m)(e%m)"
"(protected openpgp-native%S)))",
skey[0], skey[1], transfer_key );
break;
commit 572502bd2c0637429bca547ba882629640477495
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg,gpgsm: Simplify wrong_args function.
diff --git a/g10/gpg.c b/g10/gpg.c
index 47cc851..3614201 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1018,10 +1018,8 @@ build_list (const char *text, char letter,
static void
wrong_args( const char *text)
{
- fputs(_("usage: gpg [options] "),stderr);
- fputs(text,stderr);
- putc('\n',stderr);
- g10_exit(2);
+ fprintf (stderr, _("usage: %s [options] %s\n"), GPG_NAME, text);
+ g10_exit(2);
}
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 92bb806..ded3198 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -636,9 +636,7 @@ set_binary (FILE *fp)
static void
wrong_args (const char *text)
{
- fputs (_("usage: gpgsm [options] "), stderr);
- fputs (text, stderr);
- putc ('\n', stderr);
+ fprintf (stderr, _("usage: %s [options] %s\n"), GPGSM_NAME, text);
gpgsm_exit (2);
}
commit c029a184d6a1a96c6de234835fff97d4e946b19c
Author: Werner Koch
Date: Wed Jun 25 19:44:28 2014 +0200
speedo: "make clean-gnupg" may not remove the source.
* build-aux/speedo.mk (clean-$(1)): Take care of gnupg.
--
I learned it the hard way and lost a bunch of stashed changes.
diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk
index 1ef1600..4f0751f 100644
--- a/build-aux/speedo.mk
+++ b/build-aux/speedo.mk
@@ -731,11 +731,15 @@ $(stampdir)/stamp-w64-final-$(1): $(stampdir)/stamp-w64-$(1)-03-install
.PHONY : clean-$(1)
clean-$(1):
@echo "speedo: uninstalling $(1)"
- @($(call SETVARS,$(1)); \
- (cd "$$$${pkgbdir}" 2>/dev/null && \
- $(MAKE) --no-print-directory \
- $$$${pkgmkargs_inst} uninstall V=0 ) || true;\
- rm -fR "$$$${pkgsdir}" "$$$${pkgbdir}" || true)
+ @($(call SETVARS,$(1)); \
+ (cd "$$$${pkgbdir}" 2>/dev/null && \
+ $(MAKE) --no-print-directory \
+ $$$${pkgmkargs_inst} uninstall V=0 ) || true ;\
+ if [ "$(1)" = "gnupg" ]; then \
+ rm -fR "$$$${pkgbdir}" || true ;\
+ else \
+ rm -fR "$$$${pkgsdir}" "$$$${pkgbdir}" || true;\
+ fi)
-rm -f $(stampdir)/stamp-final-$(1) $(stampdir)/stamp-$(1)-*
commit 2480b0253166712a2f20b92f34c8e4c2db0fc26f
Author: Werner Koch
Date: Wed Jun 25 19:26:33 2014 +0200
gpgsm: Fix default config name.
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index c813336..92bb806 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -1435,7 +1435,8 @@ main ( int argc, char **argv)
configname = NULL;
if (!opt.config_filename)
- opt.config_filename = make_filename (opt.homedir, GPG_NAME EXTSEP_S "conf",
+ opt.config_filename = make_filename (opt.homedir,
+ GPGSM_NAME EXTSEP_S "conf",
NULL);
if (log_get_errorcount(0))
-----------------------------------------------------------------------
Summary of changes:
agent/cvt-openpgp.c | 2 +-
build-aux/speedo.mk | 14 +++++++++-----
configure.ac | 19 ++++---------------
g10/gpg.c | 6 ++----
sm/gpgsm.c | 7 +++----
5 files changed, 19 insertions(+), 29 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 26 17:58:42 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 26 Jun 2014 17:58:42 +0200
Subject: [git] GPA - branch, master, updated. gpa-0.9.4-38-g6e65e5c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Assistant".
The branch, master has been updated
via 6e65e5c676fcc8ba4035dbe9b97c0769e2d3eb40 (commit)
via 19d034eb12437ac752db589f25a6355566bcddfd (commit)
from 80dd3c0d4c3b11e2e84dcb55644643f22cbdd8d3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6e65e5c676fcc8ba4035dbe9b97c0769e2d3eb40
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Use the gpgme spawn protocol to backup a key.
* src/gpgmetools.c (gpa_backup_key): Rewrite.
diff --git a/src/gpgmetools.c b/src/gpgmetools.c
index 621ea23..3b2eba9 100644
--- a/src/gpgmetools.c
+++ b/src/gpgmetools.c
@@ -1,6 +1,6 @@
/* gpgmetools.h - Additional gpgme support functions for GPA.
Copyright (C) 2002 Miguel Coca.
- Copyright (C) 2005, 2008, 2009, 2012 g10 Code GmbH.
+ Copyright (C) 2005, 2008, 2009, 2012, 2014 g10 Code GmbH.
This file is part of GPA
@@ -528,48 +528,47 @@ get_gpg_connect_agent_path (void)
gboolean
gpa_backup_key (const gchar *fpr, const char *filename, int is_x509)
{
- gchar *header, *pub_key, *sec_key;
- gchar *err;
- FILE *file;
- gint ret_code;
- gchar *header_argv[] =
+ const char *header_argv[] =
{
- NULL, "--batch", "--no-tty", "--fingerprint", (gchar*) fpr, NULL
+ "", "--batch", "--no-tty", "--fingerprint",
+ (char*) fpr, NULL
};
- gchar *pub_argv[] =
+ const char *pub_argv[] =
{
- NULL, "--batch", "--no-tty", "--armor", "--export", (gchar*) fpr, NULL
+ "", "--batch", "--no-tty", "--armor", "--export",
+ (char*) fpr, NULL
};
- gchar *sec_argv[] =
+ const char *sec_argv[] =
{
- NULL, "--batch", "--no-tty", "--armor", "--export-secret-key",
- (gchar*) fpr, NULL
+ "", "--batch", "--no-tty", "--armor", "--export-secret-key",
+ (char*) fpr, NULL
};
- gchar *seccms_argv[] =
+ const char *seccms_argv[] =
{
- NULL, "--batch", "--no-tty", "--armor", "--export-secret-key-p12",
- (gchar*) fpr, NULL
+ "", "--batch", "--no-tty", "--armor", "--export-secret-key-p12",
+ (char*) fpr, NULL
};
- const gchar *path;
- mode_t mask;
+ gpg_error_t err;
+ FILE *fp;
+ gpgme_data_t dfp = NULL;
+ const char *pgm;
+ gpgme_ctx_t ctx = NULL;
+ int result = FALSE;
/* Get the gpg path. */
if (is_x509)
- path = get_gpgsm_path ();
+ pgm = get_gpgsm_path ();
else
- path = get_gpg_path ();
- g_return_val_if_fail (path && *path, FALSE);
-
- /* Add the executable to the arg arrays */
- header_argv[0] = (gchar*) path;
- pub_argv[0] = (gchar*) path;
- sec_argv[0] = (gchar*) path;
- seccms_argv[0] = (gchar*) path;
+ pgm = get_gpg_path ();
+ g_return_val_if_fail (pgm && *pgm, FALSE);
+
/* Open the file */
- mask = umask (0077);
- file = g_fopen (filename, "w");
- umask (mask);
- if (!file)
+ {
+ mode_t mask = umask (0077);
+ fp = g_fopen (filename, "w");
+ umask (mask);
+ }
+ if (!fp)
{
gchar message[256];
g_snprintf (message, sizeof(message), "%s: %s",
@@ -577,48 +576,62 @@ gpa_backup_key (const gchar *fpr, const char *filename, int is_x509)
gpa_window_error (message, NULL);
return FALSE;
}
- /* Get the keys and write them into the file */
+
fputs (_(
"************************************************************************\n"
"* WARNING: This file is a backup of your secret key. Please keep it in *\n"
"* a safe place. *\n"
"************************************************************************\n"
- "\n"), file);
+ "\n"), fp);
- fputs (_("The key backed up in this file is:\n\n"), file);
- if( !g_spawn_sync (NULL, header_argv, NULL, 0, NULL, NULL, &header,
- &err, &ret_code, NULL))
+ fputs (_("The key backed up in this file is:\n\n"), fp);
+ fflush (fp);
+
+ err = gpgme_data_new_from_stream (&dfp, fp);
+ if (err)
{
- return FALSE;
+ g_message ("error creating data object '%s': %s",
+ filename, gpg_strerror (err));
+ goto leave;
}
- fputs (header, file);
- g_free (err);
- g_free (header);
- fputs ("\n", file);
- if( !g_spawn_sync (NULL, pub_argv, NULL, 0, NULL, NULL, &pub_key,
- &err, &ret_code, NULL))
+
+ ctx = gpa_gpgme_new ();
+ gpgme_set_protocol (ctx, GPGME_PROTOCOL_SPAWN);
+
+ err = gpgme_op_spawn (ctx, pgm, header_argv, NULL, dfp, NULL,
+ GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG);
+ if (err)
{
- fclose (file);
- return FALSE;
+ g_message ("error running '%s' (1): %s", pgm, gpg_strerror (err));
+ goto leave;
}
- fputs (pub_key, file);
- g_free (err);
- g_free (pub_key);
- fputs ("\n", file);
- if( !g_spawn_sync (NULL,
- is_x509? seccms_argv : sec_argv,
- NULL, 0, NULL, NULL, &sec_key,
- &err, &ret_code, NULL))
+ gpgme_data_write (dfp, "\n", 1);
+
+ err = gpgme_op_spawn (ctx, pgm, pub_argv, NULL, dfp, NULL,
+ GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG);
+ if (err)
{
- fclose (file);
- return FALSE;
+ g_message ("error running '%s' (2): %s", pgm, gpg_strerror (err));
+ goto leave;
}
- fputs (sec_key, file);
- g_free (err);
- g_free (sec_key);
+ gpgme_data_write (dfp, "\n", 1);
- fclose (file);
- return TRUE;
+ err = gpgme_op_spawn (ctx, pgm, is_x509? seccms_argv : sec_argv,
+ NULL, dfp, NULL,
+ GPGME_SPAWN_DETACHED|GPGME_SPAWN_ALLOW_SET_FG);
+ if (err)
+ {
+ g_message ("error running '%s' (3): %s", pgm, gpg_strerror (err));
+ goto leave;
+ }
+
+ result = TRUE;
+
+ leave:
+ gpgme_release (ctx);
+ gpgme_data_release (dfp);
+ fclose (fp);
+ return result;
}
commit 19d034eb12437ac752db589f25a6355566bcddfd
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Make sure that a new secret key is shown without a restart.
* src/keymanager.c (key_manager_refresh): Hack to show a new secret
key.
diff --git a/src/keymanager.c b/src/keymanager.c
index 7b9fe97..d5c9f96 100644
--- a/src/keymanager.c
+++ b/src/keymanager.c
@@ -854,6 +854,10 @@ key_manager_refresh (GtkAction *action, gpointer param)
{
GpaKeyManager *self = param;
+ /* Hack: To force reloading of secret keys we claim that a secret
+ key has been imported. */
+ gpa_keylist_imported_secret_key (self->keylist);
+
gpa_keylist_start_reload (self->keylist);
}
-----------------------------------------------------------------------
Summary of changes:
src/gpgmetools.c | 131 ++++++++++++++++++++++++++++++------------------------
src/keymanager.c | 4 ++
2 files changed, 76 insertions(+), 59 deletions(-)
hooks/post-receive
--
The GNU Privacy Assistant
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jun 26 22:01:21 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 26 Jun 2014 22:01:21 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-26-g03f0b51
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 03f0b51fe454f8dbe77c302897f7a5899c4c5380 (commit)
from c0d1e7fca95629e1cddd7d129fa51b9a6556cb70 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 03f0b51fe454f8dbe77c302897f7a5899c4c5380
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
diff --git a/g10/keygen.c b/g10/keygen.c
index af54c3f..54d37d0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1378,11 +1378,16 @@ gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
assert (is_ELGAMAL (algo));
- if (nbits < 512)
+ if (nbits < 1024)
{
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
@@ -1428,7 +1433,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root,
char nbitsstr[35];
char qbitsstr[35];
- if ( nbits < 512)
+ if (nbits < 768)
{
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1562,6 +1567,11 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
-----------------------------------------------------------------------
Summary of changes:
g10/keygen.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 27 09:44:49 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 27 Jun 2014 09:44:49 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-27-g24be0f2
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 24be0f24d3a9325a04de10ae0e5e277bf28a74fe (commit)
from 03f0b51fe454f8dbe77c302897f7a5899c4c5380 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 24be0f24d3a9325a04de10ae0e5e277bf28a74fe
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
scd: Support reader Gemalto IDBridge CT30
* scd/ccid-driver.h (GEMPC_CT30): New product id.
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
--
GnuPG-bug-id: 1638
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 60ac576..65c2037 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -963,6 +963,11 @@ parse_ccid_descriptor (ccid_driver_t handle,
handle->max_ifsd = 48;
}
+ if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30)
+ {
+ DEBUGOUT ("enabling product quirk: disable non-null NAD\n");
+ handle->nonnull_nad = 0;
+ }
return 0;
}
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index a2a6e16..3952cd7 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -80,6 +80,7 @@ enum {
#define CHERRY_ST2000 0x003e
#define VASCO_920 0x0920
#define GEMPC_PINPAD 0x3478
+#define GEMPC_CT30 0x3437
#define VEGA_ALPHA 0x0008
#endif /*CCID_DRIVER_INCLUDE_USB_IDS*/
-----------------------------------------------------------------------
Summary of changes:
scd/ccid-driver.c | 5 +++++
scd/ccid-driver.h | 1 +
2 files changed, 6 insertions(+)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 27 10:14:46 2014
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 27 Jun 2014 10:14:46 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-28-g73ba75a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 (commit)
from 24be0f24d3a9325a04de10ae0e5e277bf28a74fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8
Author: NIIBE Yutaka
Date: Wed Apr 24 08:36:31 2013 +0900
scd: Add pinpad support for REINER SCT cyberJack go
* scd/ccid-driver.h (VENDOR_REINER, CYBERJACK_GO): New.
* scd/ccid-driver.c (ccid_transceive_secure): Handle the case for
VENDOR_REINER. Original work was by Alina Friedrichsen (tiny change).
--
This is revised version which adapts changes of ccid-driver and was
later ported from branch-2.0 to master (2.1)
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 65c2037..7a91e09 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -3352,6 +3352,7 @@ ccid_transceive_secure (ccid_driver_t handle,
pininfo->maxlen = 25;
enable_varlen = 1;
break;
+ case VENDOR_REINER:/* Tested with cyberJack go */
case VENDOR_VASCO: /* Tested with DIGIPASS 920 */
enable_varlen = 1;
break;
diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h
index 3952cd7..e62ad5c 100644
--- a/scd/ccid-driver.h
+++ b/scd/ccid-driver.h
@@ -65,6 +65,7 @@ enum {
VENDOR_OMNIKEY= 0x076b,
VENDOR_GEMPC = 0x08e6,
VENDOR_VEGA = 0x0982,
+ VENDOR_REINER = 0x0c4b,
VENDOR_KAAN = 0x0d46,
VENDOR_FSIJ = 0x234b,
VENDOR_VASCO = 0x1a44
@@ -82,6 +83,7 @@ enum {
#define GEMPC_PINPAD 0x3478
#define GEMPC_CT30 0x3437
#define VEGA_ALPHA 0x0008
+#define CYBERJACK_GO 0x0504
#endif /*CCID_DRIVER_INCLUDE_USB_IDS*/
-----------------------------------------------------------------------
Summary of changes:
scd/ccid-driver.c | 1 +
scd/ccid-driver.h | 2 ++
2 files changed, 3 insertions(+)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 27 10:17:23 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 27 Jun 2014 10:17:23 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.24-6-g505f0a6
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 505f0a642f899ede411837ad69a442b0d4f427fa (commit)
via 48d92bcc8870f5750fb66351f3623f9d874d08fa (commit)
from 045c979a7673112bdb4e04f1bc7d3d4afbc775f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 505f0a642f899ede411837ad69a442b0d4f427fa
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
scd: Support reader Gemalto IDBridge CT30
* scd/ccid-driver.c (parse_ccid_descriptor): Add quirk for that
reader.
(GEMPC_CT30): New product id.
--
GnuPG-bug-id: 1638
Resolved conflicts:
scd/ccid-driver.h - Removed. product ids are in ccid-driver.c.
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 962128d..6e0bc55 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -227,6 +227,7 @@ enum {
#define CHERRY_ST2000 0x003e
#define VASCO_920 0x0920
#define GEMPC_PINPAD 0x3478
+#define GEMPC_CT30 0x3437
#define VEGA_ALPHA 0x0008
#define CYBERJACK_GO 0x0504
@@ -998,6 +999,11 @@ parse_ccid_descriptor (ccid_driver_t handle,
handle->max_ifsd = 48;
}
+ if (handle->id_vendor == VENDOR_GEMPC && handle->id_product == GEMPC_CT30)
+ {
+ DEBUGOUT ("enabling product quirk: disable non-null NAD\n");
+ handle->nonnull_nad = 0;
+ }
return 0;
}
commit 48d92bcc8870f5750fb66351f3623f9d874d08fa
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to the
silliness of such keys, they have the major drawback that under GnuPG
and Libgcrypt, with their limited amount of specially secured memory
areas, the use of such keys may lead to an "out of secure memory"
condition.
diff --git a/g10/keygen.c b/g10/keygen.c
index a786beb..6d3dfa6 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1170,11 +1170,16 @@ gen_elg (int algo, unsigned int nbits,
assert( is_ELGAMAL(algo) );
- if (nbits < 512)
+ if (nbits < 1024)
{
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
@@ -1281,7 +1286,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
gcry_sexp_t misc_key_info;
unsigned int qbits;
- if ( nbits < 512)
+ if (nbits < 768)
{
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1437,6 +1442,11 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
nbits = 2048;
log_info (_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096)
+ {
+ nbits = 4096;
+ log_info (_("keysize invalid; using %u bits\n"), nbits );
+ }
if ((nbits % 32))
{
-----------------------------------------------------------------------
Summary of changes:
g10/keygen.c | 14 ++++++++++++--
scd/ccid-driver.c | 6 ++++++
2 files changed, 18 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 27 17:01:02 2014
From: cvs at cvs.gnupg.org (by Yuri Chornoivan)
Date: Fri, 27 Jun 2014 17:01:02 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-31-g2c40255
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 2c4025576105a9deb78e1cfb22c11af4af09c4fa (commit)
via e56a2d6a56d95c0f169506a8dc74a845c22b699d (commit)
via 2540a4b674a17b45ec33f43f26e830e74ff0afed (commit)
from 73ba75ad8b933beddd2c3f4b66937b56faa0a2d8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2c4025576105a9deb78e1cfb22c11af4af09c4fa
Author: Yuri Chornoivan
Date: Fri Jun 27 15:42:27 2014 +0200
po: Update and enable Ukrainian (uk) translation.
diff --git a/po/LINGUAS b/po/LINGUAS
index 76ab343..686d277 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -25,6 +25,6 @@ ja
#sk
#sv
#tr
-#uk
+uk
#zh_TW
#zh_CN
diff --git a/po/uk.po b/po/uk.po
index 2fe9d4e..e30452b 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2,12 +2,12 @@
# Copyright (C) 2011 Free Software Foundation, Inc.
# This file is distributed under the same license as the GnuPG package.
#
-# Yuri Chornoivan , 2011.
+# Yuri Chornoivan , 2011, 2014.
msgid ""
msgstr ""
"Project-Id-Version: GNU gnupg 2.1.0-gitfe8619d\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2011-08-28 10:48+0300\n"
+"PO-Revision-Date: 2014-06-22 17:25+0300\n"
"Last-Translator: Yuri Chornoivan \n"
"Language-Team: Ukrainian \n"
"Language: uk\n"
@@ -16,7 +16,7 @@ msgstr ""
"Content-Transfer-Encoding: 8bit\n"
"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11) ? 0 : ((n%10>=2 && n"
"%10<=4 && (n%100<10 || n%100>=20)) ? 1 : 2);\n"
-"X-Generator: Lokalize 1.2\n"
+"X-Generator: Lokalize 1.5\n"
#, c-format
msgid "failed to acquire the pinentry lock: %s\n"
@@ -66,6 +66,9 @@ msgstr ""
"???? ?????, ??????? ??? ??????, ??? ???? ????? ???? ???????????? ??? ????? "
"??????"
+#. TRANSLATORS: The string is appended to an error message in
+#. the pinentry. The %s is the actual error message, the
+#. two %d give the current and maximum number of tries.
#, c-format
msgid "SETERROR %s (try %d of %d)"
msgstr "SETERROR %s (?????? %d ? %d)"
@@ -113,9 +116,8 @@ msgid "detected card with S/N: %s\n"
msgstr "???????? ?????? ? ???????? ???????: %s\n"
#, c-format
-msgid "error getting default authentication keyID of card: %s\n"
-msgstr ""
-"??????? ??? ??? ?????? ????????? ???????? ???????????????? keyID ??????: %s\n"
+msgid "no authentication key for ssh on card: %s\n"
+msgstr "?? ????? ????? ????? ????????????? ??? SSH: %s\n"
#, c-format
msgid "no suitable card key found: %s\n"
@@ -183,7 +185,7 @@ msgid "Reset Code"
msgstr "??? ????????"
#, c-format
-msgid "%s%%0A%%0AUse the reader's keypad for input."
+msgid "%s%%0A%%0AUse the reader's pinpad for input."
msgstr "%s%%0A%%0A????????????? ?????????? ??????????? ????????? ??? ????????."
msgid "Repeat this Reset Code"
@@ -281,7 +283,7 @@ msgid "Yes, protection is not needed"
msgstr "???, ? ??????? ????? ???????"
#, c-format
-msgid "Please enter the passphrase to%0Ato protect your new key"
+msgid "Please enter the passphrase to%0Aprotect your new key"
msgstr "??????? ?????? ??%0A? ????? ??????? ?????? ?????? ?????"
msgid "Please enter the new passphrase"
@@ -294,12 +296,12 @@ msgstr ""
"@?????????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "????????? ? ?????? ??????? (?????????)"
-
msgid "run in daemon mode (background)"
msgstr "????????? ? ?????? ??????? ?????? (???????)"
+msgid "run in server mode (foreground)"
+msgstr "????????? ? ?????? ??????? (?????????)"
+
msgid "verbose"
msgstr "????????? ?????"
@@ -348,14 +350,17 @@ msgstr "??????? ???????? ??????? ?? ??????? ??
msgid "do not use the PIN cache when signing"
msgstr "?? ??????????????? ??? ???-????? ??? ????????????"
-msgid "allow clients to mark keys as \"trusted\""
-msgstr "????????? ???????? ????????? ????? ?? ???????"
+msgid "disallow clients to mark keys as \"trusted\""
+msgstr "?????????? ???????? ????????? ????? ?? ???????"
msgid "allow presetting passphrase"
msgstr "????????? ????????? ???????????? ??????"
-msgid "enable ssh-agent emulation"
-msgstr "????????? ???????? ssh-??????"
+msgid "enable ssh support"
+msgstr "????????? ????????? ssh"
+
+msgid "enable putty support"
+msgstr "????????? ????????? putty"
msgid "|FILE|write environment settings also to FILE"
msgstr "???????? ????????? ?????????? ? ?? ?????"
@@ -366,15 +371,15 @@ msgstr "???????? ????????? ?????????? ? ?? ???
msgid "Please report bugs to <@EMAIL@>.\n"
msgstr "???? ?????, ?????????? ???????????? ??? ??????? ?? <@EMAIL@>.\n"
-msgid "Usage: gpg-agent [options] (-h for help)"
-msgstr "????????????: gpg-agent [?????????] (-h ? ???????)"
+msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
+msgstr "????????????: @GPG_AGENT@ [?????????] (-h ? ???????)"
msgid ""
-"Syntax: gpg-agent [options] [command [args]]\n"
-"Secret key management for GnuPG\n"
+"Syntax: @GPG_AGENT@ [options] [command [args]]\n"
+"Secret key management for @GNUPG@\n"
msgstr ""
-"?????????: gpg-agent [?????????] [??????? [?????????]]\n"
-"????????? ????????? ??????? ? GnuPG\n"
+"?????????: @GPG_AGENT@ [?????????] [??????? [?????????]]\n"
+"????????? ????????? ??????? ? @GNUPG@\n"
#, c-format
msgid "invalid debug-level '%s' given\n"
@@ -397,6 +402,10 @@ msgid "reading options from '%s'\n"
msgstr "????????? ????????? ? ?%s?\n"
#, c-format
+msgid "NOTE: '%s' is not considered an option\n"
+msgstr "??????????: %s ?? ?????????? ??? ?????????? ????????????!\n"
+
+#, c-format
msgid "error creating '%s': %s\n"
msgstr "??????? ????????? ?%s?: %s.\n"
@@ -468,7 +477,7 @@ msgid "ssh handler 0x%lx for fd %d terminated\n"
msgstr "???????? ssh 0x%lx ??????????? ????? %d ???????? ??????\n"
#, c-format
-msgid "pth_select failed: %s - waiting 1s\n"
+msgid "npth_pselect failed: %s - waiting 1s\n"
msgstr "??????? pth_select: %s ? ?????????? ? 1 ?\n"
#, c-format
@@ -478,8 +487,9 @@ msgstr "%s %s ????????\n"
msgid "no gpg-agent running in this session\n"
msgstr "? ????? ?????? ?? ???????? gpg-agent\n"
-msgid "malformed GPG_AGENT_INFO environment variable\n"
-msgstr "????????? ???????????? ??????? ?????????? GPG_AGENT_INFO\n"
+#, c-format
+msgid "malformed %s environment variable\n"
+msgstr "????????? ???????????? ??????? ?????????? %s\n"
#, c-format
msgid "gpg-agent protocol version %d is not supported\n"
@@ -648,6 +658,17 @@ msgstr "??????? ??????"
msgid "I'll change it later"
msgstr "? ????? ???? ???????"
+msgid "Delete key"
+msgstr "???????? ????"
+
+msgid ""
+"Warning: This key is also listed for use with SSH!\n"
+"Deleting the key will may remove your ability to access remote machines."
+msgstr ""
+"????????????: ??? ???? ? ? ?????? ???????????? ??? SSH!\n"
+"????????? ????? ????? ???? ????????? ?? ???????????? ???????? ?????? ?? "
+"?????????? ???????????."
+
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "??? DSA ??????? ???? ??? ???? ??????? ?? 8 ?????\n"
@@ -708,13 +729,6 @@ msgstr "??????? ??? ??? ?????? ????????? ?%s?: ?
msgid "error getting exit code of process %d: %s\n"
msgstr "??????? ??? ??? ?????? ????????? ???? ?????? ??????? %d: %s\n"
-#, c-format
-msgid "error creating socket: %s\n"
-msgstr "??????? ??? ??? ?????? ????????? ??????: %s\n"
-
-msgid "host not found"
-msgstr "????? ?? ????????"
-
msgid "gpg-agent is not available in this session\n"
msgstr "gpg-agent ??????????? ? ????? ??????\n"
@@ -1015,14 +1029,6 @@ msgid "you found a bug ... (%s:%d)\n"
msgstr "?? ??????? ????? (%s:%d)\n"
#, c-format
-msgid "error loading '%s': %s\n"
-msgstr "??????? ??? ??? ?????? ???????????? ?%s?: %s\n"
-
-#, c-format
-msgid "please see %s for more information\n"
-msgstr "???? ?????, ??????????? ? %s, ??? ????????? ??????\n"
-
-#, c-format
msgid "conversion from '%s' to '%s' not available\n"
msgstr "???????????? ? ?%s? ? ?%s? ??????????\n"
@@ -1046,9 +1052,6 @@ msgstr "??????? ??? ??? ?????? ?????? ?? ?%s?: %s\n
msgid "removing stale lockfile (created by %d)\n"
msgstr "????????? ??????????? ????? ?????????? (???????? %d)\n"
-msgid " - probably dead - removing lock"
-msgstr " ? ????????, ?? ???????????????? ? ???????? ??????????"
-
#, c-format
msgid "waiting for lock (held by %d%s) %s...\n"
msgstr "?????????? ?? ?????????? (??????? %d%s) %s...\n"
@@ -1148,6 +1151,13 @@ msgid "not human readable"
msgstr "???????? ??? ???????"
#, c-format
+msgid "failed to proxy %s inquiry to client\n"
+msgstr "?? ??????? ?????????? ????? ?????? ????? %s ?? ???????\n"
+
+msgid "Enter passphrase: "
+msgstr "??????? ??????: "
+
+#, c-format
msgid "OpenPGP card not available: %s\n"
msgstr "?? ??????? ???????? ?????? ?? ?????? OpenPGP: %s\n"
@@ -1326,7 +1336,7 @@ msgstr "???????? ??? ???????? ?????? (y/N ??? ?/?)
#, c-format
msgid ""
"Please note that the factory settings of the PINs are\n"
-" PIN = `%s' Admin PIN = `%s'\n"
+" PIN = '%s' Admin PIN = '%s'\n"
"You should change them using the command --change-pin\n"
msgstr ""
"????????, ?? ???????? ??????????? ??????? ?\n"
@@ -1348,6 +1358,13 @@ msgstr " (3) ???? ?????????????\n"
msgid "Invalid selection.\n"
msgstr "??????????? ?????.\n"
+msgid "Please select where to store the key:\n"
+msgstr "???????? ??????? ??? ?????????? ?????:\n"
+
+#, c-format
+msgid "KEYTOCARD failed: %s\n"
+msgstr "??????? KEYTOCARD: %s\n"
+
msgid "quit this menu"
msgstr "????? ? ????? ????"
@@ -1438,8 +1455,15 @@ msgstr "???????? ??? ???? ?? ???????? (y/N ??? ?/?)
msgid "This is a secret key! - really delete? (y/N) "
msgstr "??? ???? ? ????????! ???????? ????? (y/N ??? ?/?) "
-msgid "deleting secret key not implemented\n"
-msgstr "????????? ????????? ????? ?? ???????????\n"
+#, c-format
+msgid "deleting secret %s failed: %s\n"
+msgstr "??????? ??? ??? ?????? ????????? ????????? %s: %s\n"
+
+msgid "key"
+msgstr "????"
+
+msgid "subkey"
+msgstr "???????"
#, c-format
msgid "deleting keyblock failed: %s\n"
@@ -1617,9 +1641,6 @@ msgstr " - ?????????"
msgid "WARNING: nothing exported\n"
msgstr "?????: ?????? ?? ????????????\n"
-msgid "too many entries in pk cache - disabled\n"
-msgstr "??????? ?????? ??????? ? ???? pk ? ????????\n"
-
msgid "[User ID not found]"
msgstr "[????????????? ?? ????????]"
@@ -1696,6 +1717,12 @@ msgstr "???????? ????? ? ?????????? ??????? ??
msgid "remove keys from the secret keyring"
msgstr "???????? ?????? ? ????????? ??????? ??????"
+msgid "quickly sign a key"
+msgstr "?????? ????????? ????"
+
+msgid "quickly sign a key locally"
+msgstr "?????? ????????? ???? ????????"
+
msgid "sign a key"
msgstr "????????? ????"
@@ -1801,15 +1828,15 @@ msgstr ""
" --list-keys [?????] ???????? ?????\n"
" --fingerprint [?????] ???????? ????????\n"
-msgid "Usage: gpg [options] [files] (-h for help)"
-msgstr "????????????: gpg [?????????] [?????] (-h ? ???????)"
+msgid "Usage: @GPG@ [options] [files] (-h for help)"
+msgstr "????????????: @GPG@ [?????????] [?????] (-h ? ???????)"
msgid ""
-"Syntax: gpg [options] [files]\n"
-"sign, check, encrypt or decrypt\n"
-"default operation depends on the input data\n"
+"Syntax: @GPG@ [options] [files]\n"
+"Sign, check, encrypt or decrypt\n"
+"Default operation depends on the input data\n"
msgstr ""
-"?????????: gpg [?????????] [?????]\n"
+"?????????: @GPG@ [?????????] [?????]\n"
"????????????, ????????? ????????, ?????????? ??? ?????????????\n"
"?????? ??? ?????????? ??? ??????? ?????\n"
@@ -1832,8 +1859,10 @@ msgstr "???: "
msgid "Compression: "
msgstr "?????????: "
-msgid "usage: gpg [options] "
-msgstr "????????????: gpg [?????????] "
+#, fuzzy, c-format
+#| msgid "usage: %s [options] "
+msgid "usage: %s [options] %s\n"
+msgstr "????????????: %s [?????????]"
msgid "conflicting commands\n"
msgstr "????????? ???????\n"
@@ -1876,7 +1905,7 @@ msgstr ""
#, c-format
msgid ""
-"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+"WARNING: unsafe enclosing directory ownership on configuration file '%s'\n"
msgstr ""
"?????: ?????????? ???????? ? ?????????? ????????, ??????????? ?????? "
"??????????? ?%s?, ?? ? ?????????\n"
@@ -1895,7 +1924,7 @@ msgstr ""
#, c-format
msgid ""
-"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+"WARNING: unsafe enclosing directory permissions on configuration file '%s'\n"
msgstr ""
"?????: ?????????? ???? ??????? ?? ?????????? ????????, ??????????? ?????? "
"??????????? ?%s?, ?? ? ?????????\n"
@@ -1962,6 +1991,10 @@ msgid "'%s' is not a valid signature expiration\n"
msgstr "?%s? ?? ? ????????? ??????? ?????????? ?????? ??? ???????\n"
#, c-format
+msgid "invalid pinentry mode '%s'\n"
+msgstr "??????????? ????? ???????? pin ?%s?\n"
+
+#, c-format
msgid "'%s' is not a valid character set\n"
msgstr "?%s? ?? ? ????????? ??????? ????????\n"
@@ -2534,13 +2567,13 @@ msgstr "???? %s: ???????? ???? ??? ?????\n"
msgid "key %s: error sending to agent: %s\n"
msgstr "???? %s: ??????? ??? ??? ?????? ?????????? ??????: %s\n"
+msgid "importing secret keys not allowed\n"
+msgstr "???????????? ???????? ?????? ??????????\n"
+
#, c-format
msgid "key %s: secret key with invalid cipher %d - skipped\n"
msgstr "???? %s: ???????? ???? ? ??????????? ?????? %d ? ?????????\n"
-msgid "importing secret keys not allowed\n"
-msgstr "???????????? ???????? ?????? ??????????\n"
-
#, c-format
msgid "key %s: no public key - can't apply revocation certificate\n"
msgstr ""
@@ -2650,10 +2683,18 @@ msgid "key %s: direct key signature added\n"
msgstr "???? %s: ?????? ????????????? ?????? ?????\n"
#, c-format
+msgid "error creating keybox '%s': %s\n"
+msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n"
+
+#, c-format
msgid "error creating keyring '%s': %s\n"
msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n"
#, c-format
+msgid "keybox '%s' created\n"
+msgstr "???????? ??????? ?????? ?%s?\n"
+
+#, c-format
msgid "keyring '%s' created\n"
msgstr "???????? ??????? ?????? ?%s?\n"
@@ -3037,9 +3078,9 @@ msgid "Please use the command \"toggle\" first.\n"
msgstr "????????????? ???????? ???????? ?toggle?.\n"
msgid ""
-"* The `sign' command may be prefixed with an `l' for local signatures "
+"* The 'sign' command may be prefixed with an 'l' for local signatures "
"(lsign),\n"
-" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
+" a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures\n"
" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
msgstr ""
"* ?? ??????? ?sign? ????? ?????? ?l? ??? ????????? ???????? (lsign),\n"
@@ -3146,6 +3187,20 @@ msgstr "??????? ?????????: %s\n"
msgid "Key not changed so no update needed.\n"
msgstr "???? ?? ???????, ???? ????????? ??????????.\n"
+#, c-format
+msgid "\"%s\" is not a fingerprint\n"
+msgstr "?%s? ?? ? ?????????\n"
+
+#, c-format
+msgid "\"%s\" is not the primary fingerprint\n"
+msgstr "?%s? ?? ? ???????? ?????????\n"
+
+msgid "No matching user IDs."
+msgstr "????? ??????????? ??????????????? ????????????."
+
+msgid "Nothing to sign.\n"
+msgstr "?????? ???????????.\n"
+
msgid "Digest: "
msgstr "?????????? ????: "
@@ -3574,20 +3629,33 @@ msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (?? ??????????? ??????????? ?????????)\n"
#, c-format
-msgid " (%d) ECDSA and ECDH\n"
-msgstr " (%d) ECDSA ? ECDH\n"
+msgid " (%d) ECC\n"
+msgstr " (%d) ECC\n"
#, c-format
-msgid " (%d) ECDSA (sign only)\n"
-msgstr " (%d) ECDSA (???? ????????????)\n"
+msgid " (%d) ECC (sign only)\n"
+msgstr " (%d) ECC (???? ????????????)\n"
#, c-format
-msgid " (%d) ECDSA (set your own capabilities)\n"
-msgstr " (%d) ECDSA (?? ??????????? ??????????? ?????????)\n"
+msgid " (%d) ECC (set your own capabilities)\n"
+msgstr " (%d) ECC (?? ??????????? ??????????? ?????????)\n"
#, c-format
-msgid " (%d) ECDH (encrypt only)\n"
-msgstr " (%d) ECDH (???? ??????????)\n"
+msgid " (%d) ECC (encrypt only)\n"
+msgstr " (%d) ECC (???? ??????????)\n"
+
+#, c-format
+msgid " (%d) Existing key\n"
+msgstr " (%d) ??? ????????? ????\n"
+
+msgid "Enter the keygrip: "
+msgstr "??????? keygrip: "
+
+msgid "Not a valid keygrip (expecting 40 hex digits)\n"
+msgstr "??????????? keygrip (???? ???? ??????? 40 ??????????????? ????)\n"
+
+msgid "No key with this keygrip\n"
+msgstr "????? ?????? ? ????? ????????? keygrip\n"
#, c-format
msgid "%s keys may be between %u and %u bits long.\n"
@@ -3609,6 +3677,9 @@ msgstr "???????? ??????? ????? ? %u ?????\n"
msgid "rounded to %u bits\n"
msgstr "????????? ?? %u ?????\n"
+msgid "Please select which elliptic curve you want:\n"
+msgstr "??????? ???????? ??? ????????? ?????:\n"
+
msgid ""
"Please specify how long the key should be valid.\n"
" 0 = key does not expire\n"
@@ -4126,6 +4197,18 @@ msgstr ""
msgid "no signature found\n"
msgstr "??????? ?? ????????\n"
+#, c-format
+msgid "BAD signature from \"%s\""
+msgstr "?????????? ?????? ??? ?%s?"
+
+#, c-format
+msgid "Expired signature from \"%s\""
+msgstr "???????????? ?????? ??? ?%s?"
+
+#, c-format
+msgid "Good signature from \"%s\""
+msgstr "???????? ?????? ??? ?%s?"
+
msgid "signature verification suppressed\n"
msgstr "????????? ???????? ?????????\n"
@@ -4147,18 +4230,6 @@ msgstr "?????? ???????? %s ?????? %s ? ??????????
msgid "Key available at: "
msgstr "???? ????????? ??: "
-#, c-format
-msgid "BAD signature from \"%s\""
-msgstr "?????????? ?????? ??? ?%s?"
-
-#, c-format
-msgid "Expired signature from \"%s\""
-msgstr "???????????? ?????? ??? ?%s?"
-
-#, c-format
-msgid "Good signature from \"%s\""
-msgstr "???????? ?????? ??? ?%s?"
-
msgid "[uncertain]"
msgstr "[????????]"
@@ -4175,8 +4246,8 @@ msgid "Signature expires %s\n"
msgstr "?????? ??? ?? %s\n"
#, c-format
-msgid "%s signature, digest algorithm %s\n"
-msgstr "%s ??????, ???????? ??????????? ???? %s\n"
+msgid "%s signature, digest algorithm %s%s%s\n"
+msgstr "%s ??????, ???????? ??????????? ???? %s%s%s\n"
msgid "binary"
msgstr "?????????"
@@ -4240,9 +4311,6 @@ msgstr ""
msgid "WARNING: digest algorithm %s is deprecated\n"
msgstr "?????: ???????? ?????????? ??????????? ??? %s ?????????? ??????????\n"
-msgid "the IDEA cipher plugin is not present\n"
-msgstr "?? ???????? ??????? ?????????? IDEA\n"
-
#, c-format
msgid "%s:%d: deprecated option \"%s\"\n"
msgstr "%s:%d: ?????????? ???????? ?%s?\n"
@@ -4375,17 +4443,23 @@ msgstr "%u-??????? ???? %s, ????????????? %s, ?????
msgid " (subkey on main key ID %s)"
msgstr " (??????? ? ?????????????? ????????? ????? %s)"
-msgid ""
-"Please enter the passphrase to unlock the secret key for the OpenPGP "
-"certificate:"
-msgstr ""
-"??????? ?????? ??? ????????????? ????????? ????? ??? ??????????? OpenPGP "
+msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
+msgstr "??????? ?????? ??? ????????????? ????????? ????? OpenPGP:"
-msgid ""
-"Please enter the passphrase to import the secret key for the OpenPGP "
-"certificate:"
-msgstr ""
-"??????? ?????? ??? ???????????? ????????? ????? ??? ??????????? OpenPGP "
+msgid "Please enter the passphrase to import the OpenPGP secret key:"
+msgstr "??????? ?????? ??? ???????????? ????????? ????? OpenPGP:"
+
+msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
+msgstr "??????? ?????? ??? ????????????? ????????? ???????? OpenPGP:"
+
+msgid "Please enter the passphrase to export the OpenPGP secret key:"
+msgstr "??????? ?????? ??? ????????????? ????????? ????? OpenPGP:"
+
+msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
+msgstr "??????? ?????? ????????? ???????? ???????? ??????? OpenPGP:"
+
+msgid "Do you really want to permanently delete the OpenPGP secret key:"
+msgstr "??????? ?????? ????????? ???????? ???????? ???? OpenPGP:"
#, c-format
msgid ""
@@ -4393,11 +4467,13 @@ msgid ""
"\"%.*s\"\n"
"%u-bit %s key, ID %s,\n"
"created %s%s.\n"
+"%s"
msgstr ""
"%s\n"
-"\"%.*s\"\n"
-"%u-??????? ???? %s, ????????????? %s,\n"
+"?%.*s?\n"
+"%u-??????? ???? %s, ??. %s,\n"
"???????? %s%s.\n"
+"%s"
msgid ""
"\n"
@@ -4458,6 +4534,16 @@ msgstr "??????? ???????????: "
msgid "revocation comment: "
msgstr "???????? ???? ???????????: "
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase. Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
+#. s = skip this key
+#. q = quit
+#.
msgid "iImMqQsS"
msgstr "iImMqQsS"
@@ -4800,10 +4886,10 @@ msgid "%s key %s uses an unsafe (%zu bit) hash\n"
msgstr "???? %s ???????????? %s ??????????? ?????? (%zu-???????) ???\n"
#, c-format
-msgid "%s key %s requires a %zu bit or larger hash (hash is %s\n"
+msgid "%s key %s requires a %zu bit or larger hash (hash is %s)\n"
msgstr ""
"??? ???????????? %s ????? %s ???????? ??? ? %zu ??? ?????? ????? (????? ??? "
-"%s\n"
+"%s)\n"
msgid "WARNING: signature digest conflict in message\n"
msgstr "?????: ???????? ??????????? ??? ???????? ? ????????????\n"
@@ -4813,6 +4899,10 @@ msgid "WARNING: signing subkey %s is not cross-certified\n"
msgstr "?????: ???????????? ???????? %s ?? ? ?????????? ??????????????\n"
#, c-format
+msgid "please see %s for more information\n"
+msgstr "???? ?????, ??????????? ? %s, ??? ????????? ??????\n"
+
+#, c-format
msgid "WARNING: signing subkey %s has an invalid cross-certification\n"
msgstr ""
"?????: ???????????? ???????? %s ??????? ?????????? ?????????? ????????????\n"
@@ -4848,6 +4938,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "??????????: ???? ??????? %s ???? ??????????\n"
#, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "??????????: ??????? ?? ????????? ????????? %s ?????????\n"
+
+#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"??????????? ?????????? ??????? ??? ????? %s ????? ????????? ????????? ???\n"
@@ -5125,45 +5219,6 @@ msgstr ""
msgid "using %s trust model\n"
msgstr "?????????????? ?????? ?????? %s\n"
-msgid "10 translator see trustdb.c:uid_trust_string_fixed"
-msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
-
-msgid "[ revoked]"
-msgstr "[???????.]"
-
-msgid "[ expired]"
-msgstr "[????????]"
-
-msgid "[ unknown]"
-msgstr "[????????]"
-
-msgid "[ undef ]"
-msgstr "[?? ????.]"
-
-msgid "[marginal]"
-msgstr "[??????? ]"
-
-msgid "[ full ]"
-msgstr "[ ????? ]"
-
-msgid "[ultimate]"
-msgstr "[????????]"
-
-msgid "undefined"
-msgstr "?? ?????????"
-
-msgid "never"
-msgstr "??????"
-
-msgid "marginal"
-msgstr "???????"
-
-msgid "full"
-msgstr "?????"
-
-msgid "ultimate"
-msgstr "????????"
-
msgid "no need for a trustdb check\n"
msgstr "??????? ? ????????? trustdb ?????\n"
@@ -5243,10 +5298,10 @@ msgstr "????????????: kbxutil [?????????] [?????] (-h
msgid ""
"Syntax: kbxutil [options] [files]\n"
-"list, export, import Keybox data\n"
+"List, export, import Keybox data\n"
msgstr ""
"?????????: kbxutil [?????????] [?????]\n"
-"????????, ?????????????, ???????????? ????? Keybox\n"
+"????????, ?????????????, ???????????? ????? Keybox\n"
#, c-format
msgid "RSA modulus missing or not of size %d bits\n"
@@ -5332,6 +5387,9 @@ msgstr "????????? ?? ??????? ?????? ???????? RSA
msgid "response does not contain the RSA public exponent\n"
msgstr "????????? ?? ??????? ?????????? ????????? RSA\n"
+msgid "response does not contain the EC public point\n"
+msgstr "????????? ?? ??????? ????????? ????? ?????????? ??????\n"
+
#, c-format
msgid "using default PIN as %s\n"
msgstr "?????????????? ??????? ?????? ?? %s\n"
@@ -5389,6 +5447,9 @@ msgstr "||??????? ??? ???????? ???? ??????"
msgid "Reset Code is too short; minimum length is %d\n"
msgstr "??????? ???????? ??? ????????; ?????????? ??????? ? %d\n"
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
msgid "|RN|New Reset Code"
msgstr "|RN|????? ??? ????????"
@@ -5398,6 +5459,12 @@ msgstr "|AN|????? ???????????????? ??????"
msgid "|N|New PIN"
msgstr "|N|????? ??????"
+msgid "||Please enter the Admin PIN and New Admin PIN"
+msgstr "||??????? ???????????????? ?????? ?? ????? ???????????????? ??????"
+
+msgid "||Please enter the PIN and New PIN"
+msgstr "||??????? ?????? ?? ????? ??????"
+
msgid "error reading application data\n"
msgstr "??????? ??????? ????? ????????\n"
@@ -5460,7 +5527,7 @@ msgstr "????????? ????????????????? ??????? ?
msgid "can't access %s - invalid OpenPGP card?\n"
msgstr "?? ??????? ???????? ?????? ?? %s ? ?????????? ?????? OpenPGP?\n"
-msgid "||Please enter your PIN at the reader's keypad"
+msgid "||Please enter your PIN at the reader's pinpad"
msgstr "||??????? ??? ?????? ?? ????????? ???????????? ?????? ?????????"
#. TRANSLATORS: Do not translate the "|*|" prefixes but
@@ -5493,21 +5560,24 @@ msgstr "?? ??????????????? ??????????? ??????
msgid "|N|disconnect the card after N seconds of inactivity"
msgstr "|N|?????????? ?????????? ??????? ????????? ?????? ??????"
-msgid "do not use a reader's keypad"
+msgid "do not use a reader's pinpad"
msgstr "?? ??????????????? ????????? ?????????? ?????????"
msgid "deny the use of admin card commands"
msgstr "?????????? ???????????? ?????? ? ??????????????? ??????"
-msgid "Usage: scdaemon [options] (-h for help)"
-msgstr "????????????: scdaemon [?????????] (-h ? ???????)"
+msgid "use variable length input for pinpad"
+msgstr "??????????????? ?????? ??????? ??????? ????? ??? ?????????"
+
+msgid "Usage: @SCDAEMON@ [options] (-h for help)"
+msgstr "????????????: @SCDAEMON@ [?????????] (-h ? ???????)"
msgid ""
"Syntax: scdaemon [options] [command [args]]\n"
-"Smartcard daemon for GnuPG\n"
+"Smartcard daemon for @GNUPG@\n"
msgstr ""
"?????????: scdaemon [?????????] [??????? [?????????]]\n"
-"?????? ?????? ?????? ??????? ??? GnuPG\n"
+"?????? ?????? ?????? ??????? ??? @GNUPG@\n"
msgid "please use the option '--daemon' to run the program in the background\n"
msgstr ""
@@ -5527,10 +5597,6 @@ msgid "invalid radix64 character %02x skipped\n"
msgstr "????????? ??????????? ?????? radix64 %02x\n"
#, c-format
-msgid "failed to proxy %s inquiry to client\n"
-msgstr "?? ??????? ?????????? ????? ?????? ????? %s ?? ???????\n"
-
-#, c-format
msgid "validation model requested by certificate: %s"
msgstr "?????? ?????????, ???????? ????????????: %s"
@@ -5578,8 +5644,8 @@ msgstr "????????? ??????????? ????????????: %d\n
msgid "dirmngr cache-only key lookup failed: %s\n"
msgstr "??????? ?????? ?????? ???? ? dirmngr: %s\n"
-msgid "failed to allocated keyDB handle\n"
-msgstr "?? ??????? ?????????? ???????? keyDB\n"
+msgid "failed to allocate keyDB handle\n"
+msgstr "?? ??????? ?????????? ?????????? keyDB\n"
msgid "certificate has been revoked"
msgstr "?????????? ??????????"
@@ -5750,16 +5816,16 @@ msgstr "?? ??????? ???????????? ????? ? ??????
msgid "error getting key usage information: %s\n"
msgstr "??????? ??? ??? ?????? ????????? ????? ???? ???????????? ?????: %s\n"
-msgid "certificate should have not been used for certification\n"
+msgid "certificate should not have been used for certification\n"
msgstr "?????????? ?? ??? ????????????????? ??? ????????????\n"
-msgid "certificate should have not been used for OCSP response signing\n"
+msgid "certificate should not have been used for OCSP response signing\n"
msgstr "?????????? ?? ??? ????????????????? ??? ???????????? ?????????? OCSP\n"
-msgid "certificate should have not been used for encryption\n"
+msgid "certificate should not have been used for encryption\n"
msgstr "?????????? ?? ??? ????????????????? ??? ??????????\n"
-msgid "certificate should have not been used for signing\n"
+msgid "certificate should not have been used for signing\n"
msgstr "?????????? ?? ??? ????????????????? ??? ????????????\n"
msgid "certificate is not usable for encryption\n"
@@ -5820,6 +5886,18 @@ msgid "line %d: invalid hash algorithm given\n"
msgstr "????? %d: ??????? ??????????? ???????? ?????????\n"
#, c-format
+msgid "line %d: invalid authority-key-id\n"
+msgstr "????? %d: ??????????? authority-key-id\n"
+
+#, c-format
+msgid "line %d: invalid subject-key-id\n"
+msgstr "????? %d: ?????????? ???????? subject-key-id\n"
+
+#, c-format
+msgid "line %d: invalid extension syntax\n"
+msgstr "????? %d: ??????????? ????????? ??????????\n"
+
+#, c-format
msgid "line %d: error reading key '%s' from card: %s\n"
msgstr "????? %d: ??????? ??????? ????? ?%s? ? ??????: %s\n"
@@ -5851,15 +5929,6 @@ msgstr " (%d) ??? ????????? ????\n"
msgid " (%d) Existing key from card\n"
msgstr " (%d) ??? ????????? ???? ? ??????\n"
-msgid "Enter the keygrip: "
-msgstr "??????? keygrip: "
-
-msgid "Not a valid keygrip (expecting 40 hex digits)\n"
-msgstr "??????????? keygrip (???? ???? ??????? 40 ??????????????? ????)\n"
-
-msgid "No key with this keygrip\n"
-msgstr "????? ?????? ? ????? ????????? keygrip\n"
-
#, c-format
msgid "error reading the card: %s\n"
msgstr "??????? ??????? ??????: %s\n"
@@ -6066,22 +6135,19 @@ msgstr ""
"|NAME|??????????????? ???????? ???????? ?????????? ??????????? ???? "
"????????????"
-msgid "Usage: gpgsm [options] [files] (-h for help)"
-msgstr "????????????: gpgsm [?????????] [?????] (-h ? ???????)"
+msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
+msgstr "????????????: @GPGSM@ [?????????] [?????] (-h ? ???????)"
msgid ""
-"Syntax: gpgsm [options] [files]\n"
-"sign, check, encrypt or decrypt using the S/MIME protocol\n"
-"default operation depends on the input data\n"
+"Syntax: @GPGSM@ [options] [files]\n"
+"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
+"Default operation depends on the input data\n"
msgstr ""
-"?????????: gpgsm [?????????] [?????]\n"
+"?????????: @GPGSM@ [?????????] [?????]\n"
"????????????, ????????? ????????, ?????????? ??? ????????????? ?? ????????? "
"????????? S/MIME\n"
"?????? ??? ?????????? ??? ??????? ?????\n"
-msgid "usage: gpgsm [options] "
-msgstr "????????????: gpgsm [?????????] "
-
#, c-format
msgid "NOTE: won't be able to encrypt to '%s': %s\n"
msgstr "??????????: ?? ???????? ??????????? ?? ?%s?: %s\n"
@@ -6126,9 +6192,6 @@ msgstr "??????? ??? ??? ?????? ?????????? ????
msgid "basic certificate checks failed - not imported\n"
msgstr "??????? ??? ??? ???????? ????????? ??????????? ? ?? ???????????\n"
-msgid "failed to allocate keyDB handle\n"
-msgstr "?? ??????? ?????????? ?????????? keyDB\n"
-
#, c-format
msgid "error getting stored flags: %s\n"
msgstr "??????? ??? ??? ?????? ????????? ?????????? ?????????: %s\n"
@@ -6141,17 +6204,9 @@ msgstr "??????? ??? ??? ?????? ???????????? ??
msgid "error reading input: %s\n"
msgstr "??????? ??? ??? ?????? ??????? ??????? ?????: %s\n"
-#, c-format
-msgid "error creating keybox '%s': %s\n"
-msgstr "??????? ??? ??? ?????? ????????? ??????? ?????? ?%s?: %s\n"
-
msgid "you may want to start the gpg-agent first\n"
msgstr "??? ????? ???????? ????????? gpg-agent\n"
-#, c-format
-msgid "keybox '%s' created\n"
-msgstr "???????? ??????? ?????? ?%s?\n"
-
msgid "failed to get the fingerprint\n"
msgstr "?? ??????? ???????? ????????\n"
@@ -6703,7 +6758,7 @@ msgstr " ???????: CRL ?? ???? ??????????? ????? ?
msgid " ERROR: The CRL will not be used\n"
msgstr " ???????: CRL ?? ???? ???????????\n"
-msgid " ERROR: This cached CRL may has been tampered with!\n"
+msgid " ERROR: This cached CRL may have been tampered with!\n"
msgstr " ???????: ??? ????????? CRL ??????? ???? ??????????!\n"
msgid " WARNING: invalid cache record length\n"
@@ -6796,7 +6851,7 @@ msgstr "??????????? CRL ?? dirmngr"
msgid "special mode for use by Squid"
msgstr "????????? ????? ??? ???????????? Squid"
-msgid "certificates are expected in PEM format"
+msgid "expect certificates in PEM format"
msgstr "??????????? ???? ???? ??????? ? ??????? PEM"
msgid "force the use of the default OCSP responder"
@@ -6872,9 +6927,6 @@ msgstr "????????, dirmngr ?? ????????\n"
msgid "no running dirmngr - starting one\n"
msgstr "dirmngr ?? ???????? ? ??????????\n"
-msgid "malformed DIRMNGR_INFO environment variable\n"
-msgstr "????????? ???????????? ??????? ?????????? DIRMNGR_INFO\n"
-
#, c-format
msgid "dirmngr protocol version %d is not supported\n"
msgstr "????????? ????????? dirmngr ?????? %d ?? ???????????\n"
@@ -6971,6 +7023,9 @@ msgstr "|FPR|????????? OCSP ????????? FPR"
msgid "|N|do not return more than N items in one query"
msgstr "|N|????????? ?? ?????? ?? ??????? ????????? ??????? ?? ?????"
+msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
+msgstr "|????|??????????????? ??????????? CA ? ????? ???? ??? HKP ????? TLS"
+
msgid ""
"@\n"
"(See the \"info\" manual for a complete listing of all commands and "
@@ -6980,22 +7035,23 @@ msgstr ""
"(??? ???????????? ?? ??????? ?????? ? ??????????, ????????????? ????????? "
"????????? (man) ?info?)\n"
-msgid "Usage: dirmngr [options] (-h for help)"
-msgstr "????????????: dirmngr [?????????] (-h ? ???????)"
+msgid "Usage: @DIRMNGR@ [options] (-h for help)"
+msgstr "????????????: @DIRMNGR@ [?????????] (-h ? ???????)"
msgid ""
-"Syntax: dirmngr [options] [command [args]]\n"
-"LDAP and OCSP access for GnuPG\n"
+"Syntax: @DIRMNGR@ [options] [command [args]]\n"
+"LDAP and OCSP access for @GNUPG@\n"
msgstr ""
-"?????????: dirmngr [?????????] [??????? [?????????]]\n"
-"?????? ?? LDAP ? OCSP ??? GnuPG\n"
+"?????????: @DIRMNGR@ [?????????] [??????? [?????????]]\n"
+"?????? ?? LDAP ? OCSP ??? @GNUPG@\n"
#, c-format
msgid "valid debug levels are: %s\n"
msgstr "?????????? ??????? ????????????? ?: %s\n"
-msgid "usage: dirmngr [options] "
-msgstr "????????????: dirmngr [?????????] "
+#, c-format
+msgid "usage: %s [options] "
+msgstr "????????????: %s [?????????]"
msgid "colons are not allowed in the socket name\n"
msgstr "?? ????? ??????????????? ????????? ? ????? ??????\n"
@@ -7084,12 +7140,12 @@ msgstr "????????????: dirmngr_ldap [?????????] [?????
msgid ""
"Syntax: dirmngr_ldap [options] [URL]\n"
-"Internal LDAP helper for Dirmngr.\n"
-"Interface and options may change without notice.\n"
+"Internal LDAP helper for Dirmngr\n"
+"Interface and options may change without notice\n"
msgstr ""
"?????????: dirmngr_ldap [?????????] [??????]\n"
-"?????????? ?????????? ?????????? LDAP ??? Dirmngr.\n"
-"????????? ? ????????? ?????? ??????????? ??? ??????????? ??????????.\n"
+"?????????? ?????????? ?????????? LDAP ??? Dirmngr\n"
+"????????? ? ????????? ?????? ??????????? ??? ??????????? ??????????\n"
#, c-format
msgid "invalid port number %d\n"
@@ -7191,12 +7247,8 @@ msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "??????? ??? ??? ?????? ??????? ??????? ? ???????? LDAP %d: %s\n"
#, c-format
-msgid "pth_event failed: %s\n"
-msgstr "??????? pth_event: %s\n"
-
-#, c-format
-msgid "pth_wait failed: %s\n"
-msgstr "??????? pth_wait: %s\n"
+msgid "npth_select failed: %s - waiting 1s\n"
+msgstr "??????? npth_select: %s ? ?????????? ? 1 ?\n"
#, c-format
msgid "ldap wrapper %d ready"
@@ -7463,7 +7515,7 @@ msgstr "????????? ???????? ????????????\n"
msgid "DSA requires the use of a 160 bit hash algorithm\n"
msgstr "DSA ???????? ???????????? 160-???????? ????????? ?????????\n"
-msgid "certificate should have not been used for CRL signing\n"
+msgid "certificate should not have been used for CRL signing\n"
msgstr "?????????? ?? ??? ????????????????? ??? ???????????? CRL\n"
msgid "quiet"
@@ -7475,6 +7527,9 @@ msgstr "??????? ???? ? ???????????????? ??????
msgid "decode received data lines"
msgstr "?????????? ???????? ????? ?????"
+msgid "connect to the dirmngr"
+msgstr "?????????? ? dirmngr"
+
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NAME|?????????? ????????? ? ???????? ??????? Assuan"
@@ -7493,14 +7548,14 @@ msgstr "|FILE|???????? ??????? ? ????????? ?????
msgid "run /subst on startup"
msgstr "???????? /subst ??? ??? ???????"
-msgid "Usage: gpg-connect-agent [options] (-h for help)"
-msgstr "????????????: gpg-connect-agent [?????????] (-h ? ???????)"
+msgid "Usage: @GPG at -connect-agent [options] (-h for help)"
+msgstr "????????????: @GPG at -connect-agent [?????????] (-h ? ???????)"
msgid ""
-"Syntax: gpg-connect-agent [options]\n"
+"Syntax: @GPG at -connect-agent [options]\n"
"Connect to a running agent and send commands\n"
msgstr ""
-"?????????: gpg-connect-agent [?????????]\n"
+"?????????: @GPG at -connect-agent [?????????]\n"
"?????????? ????????? ? ????????? ??????? ? ????????? ???????\n"
#, c-format
@@ -7644,10 +7699,12 @@ msgstr "GPG ??? S/MIME"
msgid "Directory Manager"
msgstr "????????? ?????????"
-#| msgid "Bad Passphrase"
msgid "PIN and Passphrase Entry"
msgstr "???????? ???????? ? ???????"
+msgid "Component not suitable for launching"
+msgstr "????????? ?? ? ????????? ?? ???????"
+
#, c-format
msgid "External verification of component %s failed"
msgstr "??????? ?????????? ????????? ?????????? %s"
@@ -7673,8 +7730,8 @@ msgstr "|COMPONENT|?????????? ?????????"
msgid "apply global default values"
msgstr "??????????? ???????? ?????? ????????"
-msgid "get the configuration directories for gpgconf"
-msgstr "???????? ????? ????????? ??????????? ??? gpgconf"
+msgid "get the configuration directories for @GPGCONF@"
+msgstr "???????? ????? ????????? ??????????? ??? @GPGCONF@"
msgid "list global configuration file"
msgstr "???????? ????????? ???? ???????????"
@@ -7685,6 +7742,9 @@ msgstr "?????????? ????????? ???? ???????????"
msgid "reload all or a given component"
msgstr "??????????????? ??? ??? ???????? ?????????"
+msgid "launch a given component"
+msgstr "????????? ???????? ?????????"
+
msgid "kill a given component"
msgstr "????????? ?????? ????????? ??????????"
@@ -7694,18 +7754,15 @@ msgstr "??????????? ???? ??? ????????? ?????"
msgid "activate changes at runtime, if possible"
msgstr "???? ?????, ??????? ????? ? ??????????? ??????"
-msgid "Usage: gpgconf [options] (-h for help)"
-msgstr "????????????: gpgconf [?????????] (-h ? ???????)"
+msgid "Usage: @GPGCONF@ [options] (-h for help)"
+msgstr "????????????: @GPGCONF@ [?????????] (-h ? ???????)"
msgid ""
-"Syntax: gpgconf [options]\n"
-"Manage configuration options for tools of the GnuPG system\n"
+"Syntax: @GPGCONF@ [options]\n"
+"Manage configuration options for tools of the @GNUPG@ system\n"
msgstr ""
-"?????????: gpgconf [?????????]\n"
-"????????? ??????????? ???????????? ???????????? ??????? GnuPG\n"
-
-msgid "usage: gpgconf [options] "
-msgstr "????????????: gpgconf [?????????] "
+"?????????: @GPGCONF@ [?????????]\n"
+"????????? ??????????? ???????????? ???????????? ??????? @GNUPG@\n"
msgid "Need one component argument"
msgstr "???? ??????? ???? ???????? ??????????"
@@ -7860,3 +7917,105 @@ msgid ""
msgstr ""
"?????????: gpg-check-pattern [?????????] ????_????????\n"
"?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n"
+
+#~ msgid "usage: gpg [options] "
+#~ msgstr "????????????: gpg [?????????] "
+
+#~ msgid "usage: gpgsm [options] "
+#~ msgstr "????????????: gpgsm [?????????] "
+
+#~ msgid "enable ssh-agent emulation"
+#~ msgstr "????????? ???????? ssh-??????"
+
+#~ msgid "Usage: gpg-agent [options] (-h for help)"
+#~ msgstr "????????????: gpg-agent [?????????] (-h ? ???????)"
+
+#~ msgid "malformed GPG_AGENT_INFO environment variable\n"
+#~ msgstr "????????? ???????????? ??????? ?????????? GPG_AGENT_INFO\n"
+
+#~ msgid "error creating socket: %s\n"
+#~ msgstr "??????? ??? ??? ?????? ????????? ??????: %s\n"
+
+#~ msgid "host not found"
+#~ msgstr "????? ?? ????????"
+
+#~ msgid "error loading '%s': %s\n"
+#~ msgstr "??????? ??? ??? ?????? ???????????? ?%s?: %s\n"
+
+#~ msgid " - probably dead - removing lock"
+#~ msgstr " ? ????????, ?? ???????????????? ? ???????? ??????????"
+
+#~ msgid "deleting secret key not implemented\n"
+#~ msgstr "????????? ????????? ????? ?? ???????????\n"
+
+#~ msgid "too many entries in pk cache - disabled\n"
+#~ msgstr "??????? ?????? ??????? ? ???? pk ? ????????\n"
+
+#~ msgid " (%d) ECDSA and ECDH\n"
+#~ msgstr " (%d) ECDSA ? ECDH\n"
+
+#~ msgid "the IDEA cipher plugin is not present\n"
+#~ msgstr "?? ???????? ??????? ?????????? IDEA\n"
+
+#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed"
+#~ msgstr "10 translator see trustdb.c:uid_trust_string_fixed"
+
+#~ msgid "[ revoked]"
+#~ msgstr "[???????.]"
+
+#~ msgid "[ expired]"
+#~ msgstr "[????????]"
+
+#~ msgid "[ unknown]"
+#~ msgstr "[????????]"
+
+#~ msgid "[ undef ]"
+#~ msgstr "[?? ????.]"
+
+#~ msgid "[marginal]"
+#~ msgstr "[??????? ]"
+
+#~ msgid "[ full ]"
+#~ msgstr "[ ????? ]"
+
+#~ msgid "[ultimate]"
+#~ msgstr "[????????]"
+
+#~ msgid "undefined"
+#~ msgstr "?? ?????????"
+
+#~ msgid "never"
+#~ msgstr "??????"
+
+#~ msgid "marginal"
+#~ msgstr "???????"
+
+#~ msgid "full"
+#~ msgstr "?????"
+
+#~ msgid "ultimate"
+#~ msgstr "????????"
+
+#~ msgid "Usage: scdaemon [options] (-h for help)"
+#~ msgstr "????????????: scdaemon [?????????] (-h ? ???????)"
+
+#~ msgid "failed to allocated keyDB handle\n"
+#~ msgstr "?? ??????? ?????????? ???????? keyDB\n"
+
+#~ msgid "Usage: gpgsm [options] [files] (-h for help)"
+#~ msgstr "????????????: gpgsm [?????????] [?????] (-h ? ???????)"
+
+#~ msgid "usage: dirmngr [options] "
+#~ msgstr "????????????: dirmngr [?????????] "
+
+#~ msgid "pth_event failed: %s\n"
+#~ msgstr "??????? pth_event: %s\n"
+
+#~ msgid "pth_wait failed: %s\n"
+#~ msgstr "??????? pth_wait: %s\n"
+
+#~ msgid "Usage: gpgconf [options] (-h for help)"
+#~ msgstr "????????????: gpgconf [?????????] (-h ? ???????)"
+
+#~ msgid "usage: gpgconf [options] "
+#~ msgstr "????????????: gpgconf [?????????] "
commit e56a2d6a56d95c0f169506a8dc74a845c22b699d
Author: Yuri Chornoivan
Date: Sun Jun 22 17:33:04 2014 +0300
Fix typos in messages
diff --git a/agent/findkey.c b/agent/findkey.c
index e01c5c1..b842f9e 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1257,7 +1257,7 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text,
err = agent_get_confirmation
(ctrl,
_("Warning: This key is also listed for use with SSH!\n"
- "Deleting the key will may remove your ability to"
+ "Deleting the key will may remove your ability to "
"access remote machines."),
_("Delete key"), _("No"), 0);
if (err)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 8f85e48..48fa80b 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -201,7 +201,7 @@ static ARGPARSE_OPTS opts[] = {
N_("|N|do not return more than N items in one query")),
ARGPARSE_s_s (oHkpCaCert, "hkp-cacert",
- N_("|FILE|use the CA certifciates in FILE for HKP over TLS")),
+ N_("|FILE|use the CA certificates in FILE for HKP over TLS")),
ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */
commit 2540a4b674a17b45ec33f43f26e830e74ff0afed
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
build: Remove unused options.
* configure.ac: Remove option --build-agent-only.
(FAKE_CURL, GPGKEYS_CURL): Remove check for cURL
(GPGKEYS_MAILTO): Remove ac_subst but keep the currently unused
SENDMAIL check.
(GPGKEYS_KDNS): Remove ac_subst.
* autogen.rc (final_info): Remove suggestion to use the removed option
--enable-mailto.
diff --git a/autogen.rc b/autogen.rc
index 4860c38..3e0a9e9 100644
--- a/autogen.rc
+++ b/autogen.rc
@@ -42,4 +42,4 @@ esac
extra_aclocal_flags="-I gl/m4"
-final_info="./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-mailto --enable-gpgtar && make"
+final_info="./configure --sysconfdir=/etc --enable-maintainer-mode --enable-symcryptrun --enable-gpgtar && make"
diff --git a/configure.ac b/configure.ac
index 8b23179..e26e51b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -91,6 +91,7 @@ have_ksba=no
have_npth=no
have_libusb=no
have_adns=no
+gnupg_have_ldap="n/a"
use_zip=yes
use_bzip2=yes
@@ -101,8 +102,6 @@ use_ccid_driver=yes
use_standard_socket=yes
dirmngr_auto_start=yes
-try_ks_ldap=no
-
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes)
@@ -206,13 +205,6 @@ AC_DEFINE_UNQUOTED(NAME_OF_INSTALLED_GPG, "$name_of_installed_gpg",
[The name of the installed GPG tool])
-# Some folks want to use only the agent from this packet. Make it
-# easier for them by providing the configure option
-# --enable-only-agent.
-AC_ARG_ENABLE(agent-only,
- AC_HELP_STRING([--enable-agent-only],[build only the gpg-agent]),
- build_agent_only=$enableval)
-
# SELinux support includes tracking of sensitive files to avoid
# leaking their contents through processing these files by gpg itself
AC_MSG_CHECKING([whether SELinux support is requested])
@@ -1036,7 +1028,9 @@ AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
#
# Check for LDAP
#
-if test "$try_ks_ldap" = yes || test "$build_dirmngr" = "yes" ; then
+# Note that running the check changes the variable
+# gnupg_have_ldap from "n/a" to "no" or "yes".
+if test "$build_dirmngr" = "yes" ; then
GNUPG_CHECK_LDAP($NETLIBS)
AC_CHECK_LIB(lber, ber_free,
[ LBER_LIBS="$LBER_LIBS -llber"
@@ -1048,44 +1042,23 @@ fi
AC_SUBST(LBER_LIBS)
#
-# Check for curl. We fake the curl API if libcurl isn't installed.
-# We require 7.10 or later as we use curl_version_info().
-#
-LIBCURL_CHECK_CONFIG([yes],[7.10],,[fake_curl=yes])
-AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-
-# Generic, for us, means curl
-
-if test x"$try_generic" = xyes ; then
- AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
-fi
-
-#
# Check for sendmail
#
# This isn't necessarily sendmail itself, but anything that gives a
# sendmail-ish interface to the outside world. That includes Exim,
# Postfix, etc. Basically, anything that can handle "sendmail -t".
-if test "$try_mailto" = yes ; then
- AC_ARG_WITH(mailprog,
+AC_ARG_WITH(mailprog,
AC_HELP_STRING([--with-mailprog=NAME],
[use "NAME -t" for mail transport]),
,with_mailprog=yes)
-
- if test x"$with_mailprog" = xyes ; then
+if test x"$with_mailprog" = xyes ; then
AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
- if test "$ac_cv_path_SENDMAIL" ; then
- GPGKEYS_MAILTO="gpg2keys_mailto"
- fi
- elif test x"$with_mailprog" != xno ; then
+elif test x"$with_mailprog" != xno ; then
AC_MSG_CHECKING([for a mail transport program])
AC_SUBST(SENDMAIL,$with_mailprog)
AC_MSG_RESULT($with_mailprog)
- GPGKEYS_MAILTO="gpg2keys_mailto"
- fi
fi
-AC_SUBST(GPGKEYS_MAILTO)
#
# Construct a printable name of the OS
@@ -1552,10 +1525,6 @@ estream_INIT
#
# Decide what to build
#
-if test "$have_adns" = "yes"; then
- AC_SUBST(GPGKEYS_KDNS, "gpg2keys_kdns$EXEEXT")
-fi
-
build_scdaemon_extra=""
if test "$build_scdaemon" = "yes"; then
@@ -1568,14 +1537,6 @@ if test "$build_scdaemon" = "yes"; then
fi
-if test "$build_agent_only" = "yes" ; then
- build_gpg=no
- build_gpgsm=no
- build_scdaemon=no
- build_tools=no
- build_doc=no
-fi
-
#
# Set variables for use by automake makefiles.
#
@@ -1743,7 +1704,7 @@ if test "$gnupg_have_ldap" = "no"; then
die=yes
AC_MSG_NOTICE([[
***
-*** You need a LDAP library to build this program.
+*** The Dirmngr part requires an LDAP library
*** Check out
*** http://www.openldap.org
*** for a suitable implementation.
-----------------------------------------------------------------------
Summary of changes:
agent/findkey.c | 2 +-
autogen.rc | 2 +-
configure.ac | 55 +----
dirmngr/dirmngr.c | 2 +-
po/LINGUAS | 2 +-
po/uk.po | 615 +++++++++++++++++++++++++++++++++--------------------
6 files changed, 399 insertions(+), 279 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jun 27 20:20:04 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 27 Jun 2014 20:20:04 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-37-gadad187
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via adad1872b448593275d8cae06dffe376bee067b5 (commit)
via c67d2701406d776094d871353dd422c802bf535b (commit)
via 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd (commit)
via c2e3eb98884785e6794dc79c1a53d75945f4c1ab (commit)
via a1dff86da8ebaab6e154360f538ca9d43a6c4934 (commit)
via 5e1f9b5e1427688ac340f0829e02bece7f0caf9c (commit)
from 2c4025576105a9deb78e1cfb22c11af4af09c4fa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit adad1872b448593275d8cae06dffe376bee067b5
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
speedo: Fix the w32 installer name
diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi
index 5f8c55c..4d18d91 100644
--- a/build-aux/speedo/w32/inst.nsi
+++ b/build-aux/speedo/w32/inst.nsi
@@ -94,7 +94,7 @@ SetCompressor lzma
Name "${PRETTY_PACKAGE}"
# Set the output filename.
-OutFile "$(NAME)-${VERSION}.exe"
+OutFile "${NAME}-${VERSION}.exe"
#Fixme: Do we need a logo
#Icon "${TOP_SRCDIR}/doc/logo/gnupg-logo-icon.ico"
commit c67d2701406d776094d871353dd422c802bf535b
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
po: Auto-update
--
diff --git a/po/ja.po b/po/ja.po
index e0a984e..6cfaf34 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -656,7 +656,7 @@ msgstr "???????"
msgid ""
"Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability toaccess remote machines."
+"Deleting the key will may remove your ability to access remote machines."
msgstr ""
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
@@ -1836,8 +1836,10 @@ msgstr "????: "
msgid "Compression: "
msgstr "??: "
-msgid "usage: gpg [options] "
-msgstr "???: gpg [?????] "
+#, fuzzy, c-format
+#| msgid "usage: gpgsm [options] "
+msgid "usage: %s [options] %s\n"
+msgstr "???: gpgsm [?????] "
msgid "conflicting commands\n"
msgstr "????????\n"
@@ -4158,6 +4160,11 @@ msgstr "???????"
msgid "unknown"
msgstr "???"
+#, fuzzy
+#| msgid "algorithm: %s"
+msgid ", key algorithm "
+msgstr "??????: %s"
+
#, c-format
msgid "Can't check signature: %s\n"
msgstr "??????????: %s\n"
@@ -6023,9 +6030,6 @@ msgstr ""
"S/MIME???????????????????????????\n"
"?????????????????????\n"
-msgid "usage: gpgsm [options] "
-msgstr "???: gpgsm [?????] "
-
#, c-format
msgid "NOTE: won't be able to encrypt to '%s': %s\n"
msgstr "*??*:'%s'????????????: %s\n"
@@ -6885,7 +6889,7 @@ msgstr "|FPR|FPR??????OCSP?????"
msgid "|N|do not return more than N items in one query"
msgstr "|N|???????N??????????????"
-msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
+msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
msgid ""
@@ -7799,6 +7803,12 @@ msgstr ""
"??: gpg-check-pattern [?????] ????????\n"
"????????????????????????????\n"
+#~ msgid "usage: gpg [options] "
+#~ msgstr "???: gpg [?????] "
+
+#~ msgid "usage: gpgsm [options] "
+#~ msgstr "???: gpgsm [?????] "
+
#~ msgid "can't create `%s': %s\n"
#~ msgstr "'%s'????????: %s\n"
diff --git a/po/uk.po b/po/uk.po
index e30452b..164d4b5 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -4258,6 +4258,11 @@ msgstr "?????????"
msgid "unknown"
msgstr "????????"
+#, fuzzy
+#| msgid "algorithm: %s"
+msgid ", key algorithm "
+msgstr "????????: %s"
+
#, c-format
msgid "Can't check signature: %s\n"
msgstr "?? ??????? ?????????? ??????: %s\n"
commit 1ef7870fc96f6dd8137e9bfabf9b06787f75dffd
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
po: Update some strings of the French (fr) translation.
diff --git a/po/fr.po b/po/fr.po
index 9293376..1f06f43 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.1\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2012-08-21 15:44-0400\n"
+"PO-Revision-Date: 2014-06-27 19:51+0200\n"
"Last-Translator: David Pr?vot \n"
"Language-Team: French \n"
"Language: fr\n"
@@ -182,8 +182,7 @@ msgstr "CDP"
msgid "Reset Code"
msgstr "Code de r?initialisation"
-#, fuzzy, c-format
-#| msgid "%s%%0A%%0AUse the reader's keypad for input."
+#, c-format
msgid "%s%%0A%%0AUse the reader's pinpad for input."
msgstr "%s%%0A%%0AUtilisez le pav? num?rique du lecteur en entr?e."
@@ -281,8 +280,7 @@ msgstr ""
msgid "Yes, protection is not needed"
msgstr "Oui, aucune protection n'est n?cessaire"
-#, fuzzy, c-format
-#| msgid "Please enter the passphrase to%0Ato protect your new key"
+#, c-format
msgid "Please enter the passphrase to%0Aprotect your new key"
msgstr "Veuillez entrer la phrase de passe%0Apour prot?ger la nouvelle clef"
@@ -378,21 +376,15 @@ msgstr ""
"Veuillez signaler toutes anomalies sur <@EMAIL@> (en anglais)\n"
"et tout probl?me de traduction ? .\n"
-#, fuzzy
-#| msgid "Usage: dirmngr [options] (-h for help)"
msgid "Usage: @GPG_AGENT@ [options] (-h for help)"
-msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+msgstr "Utilisation?: dirmngr @GPG_AGENT@ (-h pour l'aide)"
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg-agent [options] [command [args]]\n"
-#| "Secret key management for GnuPG\n"
msgid ""
"Syntax: @GPG_AGENT@ [options] [command [args]]\n"
"Secret key management for @GNUPG@\n"
msgstr ""
-"Syntaxe?: gpg-agent [options] [commande [arguments]]\n"
-"Gestionnaire de clefs secr?tes pour GnuPG\n"
+"Syntaxe?: @GPG_AGENT@ [options] [commande [arguments]]\n"
+"Gestionnaire de clefs secr?tes pour @GNUPG@\n"
#, c-format
msgid "invalid debug-level '%s' given\n"
@@ -683,7 +675,7 @@ msgstr "activer la clef"
msgid ""
"Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability toaccess remote machines."
+"Deleting the key will may remove your ability to access remote machines."
msgstr ""
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
@@ -1860,22 +1852,15 @@ msgstr ""
" --list-keys [noms] montrer les clefs\n"
" --fingerprint [noms] montrer les empreintes\n"
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
msgid "Usage: @GPG@ [options] [files] (-h for help)"
-msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)"
+msgstr "Utilisation?: @GPG@ [options] [fichiers] (-h pour l'aide)"
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg [options] [files]\n"
-#| "sign, check, encrypt or decrypt\n"
-#| "default operation depends on the input data\n"
msgid ""
"Syntax: @GPG@ [options] [files]\n"
"Sign, check, encrypt or decrypt\n"
"Default operation depends on the input data\n"
msgstr ""
-"Syntaxe?: gpg [options] [fichiers]\n"
+"Syntaxe?: @GPG@ [options] [fichiers]\n"
"Signer, v?rifier, chiffrer ou d?chiffrer\n"
"L'op?ration par d?faut d?pend des donn?es entr?es\n"
@@ -1898,8 +1883,9 @@ msgstr "Hachage?: "
msgid "Compression: "
msgstr "Compression?: "
-msgid "usage: gpg [options] "
-msgstr "utilisation?: gpg [options] "
+#, c-format
+msgid "usage: %s [options] %s\n"
+msgstr "utilisation?: %s [options] %s\n"
msgid "conflicting commands\n"
msgstr "commandes en conflit\n"
@@ -4323,6 +4309,11 @@ msgstr "mode texte"
msgid "unknown"
msgstr "inconnu"
+#, fuzzy
+#| msgid "unknown pubkey algorithm"
+msgid ", key algorithm "
+msgstr "algorithme de clef publique inconnu"
+
#, c-format
msgid "Can't check signature: %s\n"
msgstr "Impossible de v?rifier la signature?: %s\n"
@@ -5721,10 +5712,8 @@ msgstr "refus d'utiliser les commandes d'administration de la carte"
msgid "use variable length input for pinpad"
msgstr ""
-#, fuzzy
-#| msgid "Usage: dirmngr [options] (-h for help)"
msgid "Usage: @SCDAEMON@ [options] (-h for help)"
-msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+msgstr "Utilisation?: @SCDAEMON@ [options] (-h pour l'aide)"
#, fuzzy
#| msgid ""
@@ -6307,28 +6296,18 @@ msgstr "|NOM|utiliser l'algorithme de chiffrement NOM"
msgid "|NAME|use message digest algorithm NAME"
msgstr "|NOM|utiliser l'algorithme de hachage NOM"
-#, fuzzy
-#| msgid "Usage: gpg [options] [files] (-h for help)"
msgid "Usage: @GPGSM@ [options] [files] (-h for help)"
-msgstr "Utilisation?: gpg [options] [fichiers] (-h pour l'aide)"
+msgstr "Utilisation?: @GPGSM@ [options] [fichiers] (-h pour l'aide)"
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpgsm [options] [files]\n"
-#| "sign, check, encrypt or decrypt using the S/MIME protocol\n"
-#| "default operation depends on the input data\n"
msgid ""
"Syntax: @GPGSM@ [options] [files]\n"
"Sign, check, encrypt or decrypt using the S/MIME protocol\n"
"Default operation depends on the input data\n"
msgstr ""
-"Syntaxe?: gpgsm [options] [fichiers]\n"
+"Syntaxe?: @GPGSM@ [options] [fichiers]\n"
"Signer, v?rifier, chiffrer ou d?chiffrer en utilisant le protocole S/MIME\n"
"L'op?ration par d?faut d?pend des donn?es entr?es\n"
-msgid "usage: gpgsm [options] "
-msgstr "utilisation?: gpgsm [options] "
-
#, c-format
msgid "NOTE: won't be able to encrypt to '%s': %s\n"
msgstr "Remarque?: ne sera pas capable de chiffrer ? ??%s???: %s\n"
@@ -7260,7 +7239,7 @@ msgstr "|EMPR|r?ponse OCSP sign?e par EMPR"
msgid "|N|do not return more than N items in one query"
msgstr "|N|ne pas renvoyer plus de N??l?ments dans une requ?te"
-msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
+msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
msgstr ""
msgid ""
@@ -7272,21 +7251,15 @@ msgstr ""
"(Consultez le manuel ??info?? pour obtenir une liste compl?te des commandes\n"
"et options)\n"
-#, fuzzy
-#| msgid "Usage: dirmngr [options] (-h for help)"
msgid "Usage: @DIRMNGR@ [options] (-h for help)"
-msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+msgstr "Utilisation?: @DIRMNGR@ [options] (-h pour l'aide)"
-#, fuzzy
-#| msgid ""
-#| "Syntax: dirmngr [options] [command [args]]\n"
-#| "LDAP and OCSP access for GnuPG\n"
msgid ""
"Syntax: @DIRMNGR@ [options] [command [args]]\n"
"LDAP and OCSP access for @GNUPG@\n"
msgstr ""
-"Syntaxe?: dirmngr [options] [commande [arguments]]\n"
-"Acc?s LDAP et OCSP pour GnuPG\n"
+"Syntaxe?: @DIRMNGR@ [options] [commande [arguments]]\n"
+"Acc?s LDAP et OCSP pour @GNUPG@\n"
#, c-format
msgid "valid debug levels are: %s\n"
@@ -7809,20 +7782,14 @@ msgstr "|FICHIER|ex?cuter les commandes du FICHIER au d?marrage"
msgid "run /subst on startup"
msgstr "ex?cuter /subst au d?marrage"
-#, fuzzy
-#| msgid "Usage: gpg-connect-agent [options] (-h for help)"
msgid "Usage: @GPG at -connect-agent [options] (-h for help)"
-msgstr "Utilisation?: gpg-connect-agent [options] (-h pour l'aide)"
+msgstr "Utilisation?: @GPG at -connect-agent [options] (-h pour l'aide)"
-#, fuzzy
-#| msgid ""
-#| "Syntax: gpg-connect-agent [options]\n"
-#| "Connect to a running agent and send commands\n"
msgid ""
"Syntax: @GPG at -connect-agent [options]\n"
"Connect to a running agent and send commands\n"
msgstr ""
-"Syntaxe?: gpg-connect-agent [options]\n"
+"Syntaxe?: @GPG at -connect-agent [options]\n"
"Se connecter ? un agent en fonctionnement et envoyer des commandes\n"
#, c-format
@@ -7996,10 +7963,8 @@ msgstr "|COMPOSANT|v?rifier les options"
msgid "apply global default values"
msgstr "appliquer les valeurs par d?faut globales"
-#, fuzzy
-#| msgid "get the configuration directories for gpgconf"
msgid "get the configuration directories for @GPGCONF@"
-msgstr "aff. r?pertoires de configuration pour gpgconf"
+msgstr "aff. r?pertoires de configuration pour @GPGCONF@"
msgid "list global configuration file"
msgstr "afficher le fichier de configuration globale"
@@ -8024,21 +7989,16 @@ msgstr "utiliser comme fichier de sortie"
msgid "activate changes at runtime, if possible"
msgstr "activer modif. pendant l'ex?cution si possible"
-#, fuzzy
-#| msgid "Usage: dirmngr [options] (-h for help)"
msgid "Usage: @GPGCONF@ [options] (-h for help)"
-msgstr "Utilisation?: dirmngr [options] (-h pour l'aide)"
+msgstr "Utilisation?: @GPGCONF@ [options] (-h pour l'aide)"
#, fuzzy
-#| msgid ""
-#| "Syntax: gpgconf [options]\n"
-#| "Manage configuration options for tools of the GnuPG system\n"
msgid ""
"Syntax: @GPGCONF@ [options]\n"
"Manage configuration options for tools of the @GNUPG@ system\n"
msgstr ""
-"Syntaxe?: gpgconf [options]\n"
-"G?rer les options de configuration pour les outils du syst?me GnuPG\n"
+"Syntaxe?: @GPGCONF@ [options]\n"
+"G?rer les options de configuration pour les outils du syst?me @GNUPG@\n"
msgid "Need one component argument"
msgstr "Un argument de composant n?cessaire"
@@ -8194,6 +8154,12 @@ msgstr ""
"V?rifier une phrase de passe donn?e sur l'entr?e standard par rapport ? "
"ficmotif\n"
+#~ msgid "usage: gpg [options] "
+#~ msgstr "utilisation?: gpg [options] "
+
+#~ msgid "usage: gpgsm [options] "
+#~ msgstr "utilisation?: gpgsm [options] "
+
#, fuzzy
#~| msgid "can't create '%s': %s\n"
#~ msgid "can't create `%s': %s\n"
@@ -8938,9 +8904,6 @@ msgstr ""
#~ msgid "unknown packet type"
#~ msgstr "type de paquet inconnu"
-#~ msgid "unknown pubkey algorithm"
-#~ msgstr "algorithme de clef publique inconnu"
-
#~ msgid "unknown digest algorithm"
#~ msgstr "algorithme de hachage inconnu"
commit c2e3eb98884785e6794dc79c1a53d75945f4c1ab
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
po: Update the German (de) translation
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 890c0a4..51392e3 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1962,7 +1962,7 @@ check_sig_and_print (CTX c, KBNODE node)
sig->sig_class==0x00?_("binary"):
sig->sig_class==0x01?_("textmode"):_("unknown"),
gcry_md_algo_name (sig->digest_algo),
- *pkstrbuf?", key algorithm ":"",
+ *pkstrbuf?_(", key algorithm "):"",
pkstrbuf);
if (rc)
diff --git a/po/de.po b/po/de.po
index 49a03c5..6008229 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.1.0\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-11-18 14:05+0100\n"
+"PO-Revision-Date: 2014-06-27 20:13+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -354,19 +354,17 @@ msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
msgid "do not use the PIN cache when signing"
msgstr "benutze PINs im Cache nicht beim Signieren"
-#, fuzzy
-#| msgid "allow clients to mark keys as \"trusted\""
msgid "disallow clients to mark keys as \"trusted\""
-msgstr "erlaube Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
+msgstr "verbiete Aufrufern Schl?ssel als \"vertrauensw?rdig\" zu markieren"
msgid "allow presetting passphrase"
msgstr "erlaube ein \"preset\" von Passphrases"
msgid "enable ssh support"
-msgstr ""
+msgstr "SSH Unterst?tzung einschalten"
msgid "enable putty support"
-msgstr ""
+msgstr "PuTTY Unterst?tzung einschalten"
msgid "|FILE|write environment settings also to FILE"
msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
@@ -670,15 +668,16 @@ msgstr "Die Passphrase ?ndern"
msgid "I'll change it later"
msgstr "Ich werde sie sp?ter ?ndern"
-#, fuzzy
-#| msgid "enable key"
msgid "Delete key"
-msgstr "Schl?ssel anschalten"
+msgstr "Schl?ssel l?schen"
msgid ""
"Warning: This key is also listed for use with SSH!\n"
-"Deleting the key will may remove your ability toaccess remote machines."
+"Deleting the key will may remove your ability to access remote machines."
msgstr ""
+"WARNUNG: Dieser Schl?ssel wird auch f?r SSH benutzt!\n"
+"Das L?schen dieses Schl?ssels kann Ihren Zugriff auf entfernte Rechner\n"
+"behindern."
msgid "DSA requires the hash length to be a multiple of 8 bits\n"
msgstr "F?r DSA mu? die Hashl?nge ein Vielfaches von 8 Bit sein\n"
@@ -1466,18 +1465,15 @@ msgstr "Diesen Schl?ssel aus dem Schl?sselbund l?schen? (j/N) "
msgid "This is a secret key! - really delete? (y/N) "
msgstr "Dies ist ein privater Schl?ssel! - Wirklich l?schen? (j/N) "
-#, fuzzy, c-format
-#| msgid "deleting certificate \"%s\" failed: %s\n"
+#, c-format
msgid "deleting secret %s failed: %s\n"
-msgstr "Fehler beim L?schen des Zertifikats \"%s\": %s\n"
+msgstr "Fehler beim L?schen des privaten %ss: %s\n"
msgid "key"
-msgstr ""
+msgstr "Schl?ssel"
-#, fuzzy
-#| msgid "Pubkey: "
msgid "subkey"
-msgstr "?ff. Schl?ssel: "
+msgstr "Unterschl?ssel"
#, c-format
msgid "deleting keyblock failed: %s\n"
@@ -1733,15 +1729,11 @@ msgstr "Schl?ssel aus dem ?ff. Schl?sselbund entfernen"
msgid "remove keys from the secret keyring"
msgstr "Schl?ssel aus dem geh. Schl?sselbund entfernen"
-#, fuzzy
-#| msgid "sign a key"
msgid "quickly sign a key"
-msgstr "Schl?ssel signieren"
+msgstr "Schl?ssel schnell signieren"
-#, fuzzy
-#| msgid "sign a key locally"
msgid "quickly sign a key locally"
-msgstr "Schl?ssel nur f?r diesen Rechner signieren"
+msgstr "Schl?ssel schnell nur f?r diesen Rechner signieren"
msgid "sign a key"
msgstr "Schl?ssel signieren"
@@ -1876,8 +1868,9 @@ msgstr "Hash: "
msgid "Compression: "
msgstr "Komprimierung: "
-msgid "usage: gpg [options] "
-msgstr "Aufruf: gpg [Optionen] "
+#, c-format
+msgid "usage: %s [options] %s\n"
+msgstr "Aufruf: %s [Optionen] %s\n"
msgid "conflicting commands\n"
msgstr "Widerspr?chliche Befehle\n"
@@ -3206,25 +3199,19 @@ msgstr "?nderung fehlgeschlagen: %s\n"
msgid "Key not changed so no update needed.\n"
msgstr "Schl?ssel ist nicht ge?ndert worden, also ist kein Speichern n?tig.\n"
-#, fuzzy, c-format
-#| msgid "invalid fingerprint"
+#, c-format
msgid "\"%s\" is not a fingerprint\n"
-msgstr "ung?ltiger Fingerabdruck"
+msgstr "\"%s\" ist kein Fingerabdruck\n"
-#, fuzzy, c-format
-#| msgid "failed to get the fingerprint\n"
+#, c-format
msgid "\"%s\" is not the primary fingerprint\n"
-msgstr "Kann den Fingerprint nicht ermitteln\n"
+msgstr "\"%s\" ist nicht der Fingerabdruck des Hauptschl?ssels\n"
-#, fuzzy
-#| msgid "No such user ID.\n"
msgid "No matching user IDs."
-msgstr "Keine solche User-ID vorhanden.\n"
+msgstr "Keine passende User-ID"
-#, fuzzy
-#| msgid "Nothing to sign with key %s\n"
msgid "Nothing to sign.\n"
-msgstr "Nichts zu beglaubigen f?r Schl?ssel %s\n"
+msgstr "Nichts zu beglaubigen\n"
msgid "Digest: "
msgstr "Digest: "
@@ -3655,25 +3642,21 @@ msgstr " (%d) DSA (Leistungsf?higkeit selber einstellbar)\n"
msgid " (%d) RSA (set your own capabilities)\n"
msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n"
-#, fuzzy, c-format
-#| msgid " (%d) %s\n"
+#, c-format
msgid " (%d) ECC\n"
-msgstr " (%d) signieren\n"
+msgstr " (%d) ECC\n"
-#, fuzzy, c-format
-#| msgid " (%d) ECDSA (sign only)\n"
+#, c-format
msgid " (%d) ECC (sign only)\n"
-msgstr " (%d) ECDSA (nur signieren/beglaubigen)\n"
+msgstr " (%d) ECC (nur signieren)\n"
-#, fuzzy, c-format
-#| msgid " (%d) ECDSA (set your own capabilities)\n"
+#, c-format
msgid " (%d) ECC (set your own capabilities)\n"
-msgstr " (%d) ECDSA (Leistungsf?higkeit selber einstellbar)\n"
+msgstr " (%d) ECC (Leistungsf?higkeit selber einstellbar)\n"
-#, fuzzy, c-format
-#| msgid " (%d) ECDH (encrypt only)\n"
+#, c-format
msgid " (%d) ECC (encrypt only)\n"
-msgstr " (%d) ECDH (nur verschl?sseln)\n"
+msgstr " (%d) ECC (nur verschl?sseln)\n"
#, c-format
msgid " (%d) Existing key\n"
@@ -4273,10 +4256,9 @@ msgstr "Diese Signatur ist seit %s verfallen.\n"
msgid "Signature expires %s\n"
msgstr "Diese Signatur verf?llt am %s.\n"
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
msgid "%s signature, digest algorithm %s%s%s\n"
-msgstr "%s Signatur, Hashmethode \"%s\"\n"
+msgstr "%s Signatur, Hashmethode %s%s%s\n"
msgid "binary"
msgstr "Bin?re"
@@ -4287,6 +4269,9 @@ msgstr "Textmodus"
msgid "unknown"
msgstr "unbekannt"
+msgid ", key algorithm "
+msgstr ", Schl?sselverfahren "
+
#, c-format
msgid "Can't check signature: %s\n"
msgstr "Signatur kann nicht gepr?ft werden: %s\n"
@@ -4473,58 +4458,37 @@ msgstr "%u-Bit %s Schl?ssel, ID %s, erzeugt %s"
msgid " (subkey on main key ID %s)"
msgstr " (Unterschl?ssel aus Hauptschl?ssel-ID %s)"
-#, fuzzy
-#| msgid ""
-#| "Please enter the passphrase to unlock the secret key for the OpenPGP "
-#| "certificate:"
msgid "Please enter the passphrase to unlock the OpenPGP secret key:"
msgstr ""
"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
"entsperren:"
-#, fuzzy
-#| msgid ""
-#| "Please enter the passphrase to import the secret key for the OpenPGP "
-#| "certificate:"
msgid "Please enter the passphrase to import the OpenPGP secret key:"
msgstr ""
"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
"importieren:"
-#, fuzzy
-#| msgid ""
-#| "Please enter the passphrase to import the secret key for the OpenPGP "
-#| "certificate:"
msgid "Please enter the passphrase to export the OpenPGP secret subkey:"
msgstr ""
-"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
-"importieren:"
+"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Unterschl?ssel zu "
+"exportieren:"
-#, fuzzy
-#| msgid ""
-#| "Please enter the passphrase to import the secret key for the OpenPGP "
-#| "certificate:"
msgid "Please enter the passphrase to export the OpenPGP secret key:"
msgstr ""
"Sie ben?tigen eine Passphrase, um den geheimen OpenPGP Schl?ssel zu "
-"importieren:"
+"exportieren:"
-#, fuzzy
-#| msgid "Do you really want to delete the selected keys? (y/N) "
msgid "Do you really want to permanently delete the OpenPGP secret subkey key:"
-msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) "
+msgstr ""
+"M?chten Sie den ausgew?hlten geheimen OpenPGP Unterschl?ssel wirklich "
+"dauerhaft entfernen? (j/N) "
-#, fuzzy
-#| msgid "Do you really want to delete the selected keys? (y/N) "
msgid "Do you really want to permanently delete the OpenPGP secret key:"
-msgstr "M?chten Sie die ausgew?hlten Schl?ssel wirklich entfernen? (j/N) "
+msgstr ""
+"M?chten Sie den ausgew?hlten geheimen OpenPGP Schl?ssel wirklich dauerhaft "
+"entfernen? (j/N) "
-#, fuzzy, c-format
-#| msgid ""
-#| "%s\n"
-#| "\"%.*s\"\n"
-#| "%u-bit %s key, ID %s,\n"
-#| "created %s%s.\n"
+#, c-format
msgid ""
"%s\n"
"\"%.*s\"\n"
@@ -4536,6 +4500,7 @@ msgstr ""
"\"%.*s\"\n"
"%u-Bit %s Schl?ssel, ID %s,\n"
"erzeugt %s%s.\n"
+"%s"
# translated by wk
msgid ""
@@ -5010,10 +4975,9 @@ msgstr "Hinweis: Signaturschl?ssel %s ist am %s verfallen\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "Hinweis: Signaturschl?ssel %s wurde widerrufen\n"
-#, fuzzy, c-format
-#| msgid "%s signature, digest algorithm %s\n"
+#, c-format
msgid "Note: signatures using the %s algorithm are rejected\n"
-msgstr "%s Signatur, Hashmethode \"%s\"\n"
+msgstr "Hinweis: %s basierte Signaturen werden zur?ckgewiesen.\n"
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
@@ -6230,9 +6194,6 @@ msgstr ""
"Syntax: @GPGSM@ [Optionen] [Dateien]\n"
"Signieren, pr?fen, ver- und entschl?sseln mittels S/MIME Protokoll\n"
-msgid "usage: gpgsm [options] "
-msgstr "Aufruf: gpgsm [Optionen] "
-
#, c-format
msgid "NOTE: won't be able to encrypt to '%s': %s\n"
msgstr "Hinweis: Verschl?sselung f?r `%s' wird nicht m?glich sein: %s\n"
@@ -7129,8 +7090,8 @@ msgstr "|FPR|OCSP Antwort ist durch FPR signiert"
msgid "|N|do not return more than N items in one query"
msgstr "|N|Nicht mehr als N Angaben in einer Anfrage zur?ckgeben"
-msgid "|FILE|use the CA certifciates in FILE for HKP over TLS"
-msgstr ""
+msgid "|FILE|use the CA certificates in FILE for HKP over TLS"
+msgstr "|DATEI|Benutze die CA Zertifikate in DATEI f?r HKP ?ber TLS"
msgid ""
"@\n"
@@ -7635,10 +7596,8 @@ msgstr "Druckdaten hexkodiert ausgeben"
msgid "decode received data lines"
msgstr "Dekodiere empfangene Datenzeilen"
-#, fuzzy
-#| msgid "can't connect to the dirmngr: %s\n"
msgid "connect to the dirmngr"
-msgstr "Verbindung zum Dirmngr nicht m?glich: %s\n"
+msgstr "Mit dem Dirmngr verbinden"
msgid "|NAME|connect to Assuan socket NAME"
msgstr "|NAME|Verbinde mit dem Assuan-Socket NAME"
@@ -7811,10 +7770,8 @@ msgstr "Directory Manager"
msgid "PIN and Passphrase Entry"
msgstr "Falsche PIN oder Passphrase!"
-#, fuzzy
-#| msgid "Component not found"
msgid "Component not suitable for launching"
-msgstr "Komponente nicht gefunden"
+msgstr "Komponente unterst?tzt kein direktes starten"
#, c-format
msgid "External verification of component %s failed"
@@ -7841,10 +7798,8 @@ msgstr "|KOMPONENTE|Pr?fe die Optionen"
msgid "apply global default values"
msgstr "Wende die gobalen Voreinstellungen an"
-#, fuzzy
-#| msgid "get the configuration directories for gpgconf"
msgid "get the configuration directories for @GPGCONF@"
-msgstr "Hole die Einstellungsverzeichnisse von gpgconf"
+msgstr "Hole die Einstellungsverzeichnisse von @GPGCONF@"
msgid "list global configuration file"
msgstr "Zeige die globale Konfigurationsdatei an"
@@ -7855,10 +7810,8 @@ msgstr "Pr?fe die globale Konfigurationsdatei"
msgid "reload all or a given component"
msgstr "\"reload\" an alle oder eine Komponente senden"
-#, fuzzy
-#| msgid "kill a given component"
msgid "launch a given component"
-msgstr "\"kill\" an eine Komponente senden"
+msgstr "Die angegebene Komponente starten"
msgid "kill a given component"
msgstr "\"kill\" an eine Komponente senden"
@@ -8032,6 +7985,12 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n"
+#~ msgid "usage: gpg [options] "
+#~ msgstr "Aufruf: gpg [Optionen] "
+
+#~ msgid "usage: gpgsm [options] "
+#~ msgstr "Aufruf: gpgsm [Optionen] "
+
#~ msgid "enable ssh-agent emulation"
#~ msgstr "Die ssh-agent-Emulation anschalten"
commit a1dff86da8ebaab6e154360f538ca9d43a6c4934
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
agent: Adjust for changed npth_eselect under W32.
* agent/gpg-agent.c (handle_connections) [W32]: Make events_set an
unsigned int to match the changed prototype.
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 096d057..3febaf8 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -2120,7 +2120,7 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
struct timespec timeout;
#ifdef HAVE_W32_SYSTEM
HANDLE events[2];
- int events_set;
+ unsigned int events_set;
#endif
ret = npth_attr_init(&tattr);
@@ -2219,7 +2219,6 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
handle_signal (signo);
}
#else
- events_set = 0;
ret = npth_eselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
events, &events_set);
saved_errno = errno;
commit 5e1f9b5e1427688ac340f0829e02bece7f0caf9c
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
dirmngr: Use the homedir based socket also under W32.
* common/homedir.c (dirmngr_user_socket_name): Use same code for all
platforms.
diff --git a/common/homedir.c b/common/homedir.c
index c50809f..7939841 100644
--- a/common/homedir.c
+++ b/common/homedir.c
@@ -605,15 +605,11 @@ dirmngr_sys_socket_name (void)
const char *
dirmngr_user_socket_name (void)
{
-#ifdef HAVE_W32_SYSTEM
- return NULL; /* We support only a system service. */
-#else /*!HAVE_W32_SYSTEM*/
static char *name;
if (!name)
name = make_absfilename (default_homedir (), DIRMNGR_SOCK_NAME, NULL);
return name;
-#endif /*!HAVE_W32_SYSTEM*/
}
-----------------------------------------------------------------------
Summary of changes:
agent/gpg-agent.c | 3 +-
build-aux/speedo/w32/inst.nsi | 2 +-
common/homedir.c | 4 -
g10/mainproc.c | 2 +-
po/de.po | 165 ++++++++++++++++-------------------------
po/fr.po | 109 +++++++++------------------
po/ja.po | 24 ++++--
po/uk.po | 5 ++
8 files changed, 123 insertions(+), 191 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Sat Jun 28 10:52:54 2014
From: cvs at cvs.gnupg.org (by Dmitry Eremin-Solenikov)
Date: Sat, 28 Jun 2014 10:52:54 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-93-g066f068
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 (commit)
via 7aeba6c449169926076df83b01ddbfa6b41fe411 (commit)
via b78d504fa8745b8b04589acbbcf7dd5fe9279d13 (commit)
via 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7 (commit)
via 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9 (commit)
via 5ee35a04362c94e680ef3633fa83b72e0aee8626 (commit)
via fb074d113fcbf66a5c20592625cb19051f3430f5 (commit)
via 164738a0292b3f32c7747099ad9cadace58e5eda (commit)
via 34a58010000288515636706811c3837f32957b2e (commit)
via 8b221cf5ce233c8c49a4e4ecebb70d523fc37837 (commit)
from f14fb5b427b5159fcd9603d2b3cde936889cf430 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:36 2014 +0400
gostr3411_94: rewrite to use u32 mathematic
* cipher/gost28147.c (_gcry_gost_enc_data): New.
* cipher/gostr3411-94.c: Rewrite implementation to use u32 mathematic
internally.
* cipher/gost28147.c (_gcry_gost_enc_one): Remove.
--
On my box (Core2 Duo, i386) this highly improves GOST R 34.11-94 speed.
Before:
GOSTR3411_94 | 55.04 ns/B 17.33 MiB/s - c/B
After:
GOSTR3411_94 | 36.70 ns/B 25.99 MiB/s - c/B
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gost.h b/cipher/gost.h
index caaf34b..025119c 100644
--- a/cipher/gost.h
+++ b/cipher/gost.h
@@ -26,7 +26,7 @@ typedef struct {
} GOST28147_context;
/* This is a simple interface that will be used by GOST R 34.11-94 */
-extern unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key,
- byte *out, byte *in, int cryptopro);
+unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key,
+ u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro);
#endif
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index af3911e..4ff80b4 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -69,13 +69,9 @@ gost_val (GOST28147_context *ctx, u32 cm1, int subkey)
}
static unsigned int
-gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
+_gost_encrypt_data (void *c, u32 *o1, u32 *o2, u32 n1, u32 n2)
{
GOST28147_context *ctx = c;
- u32 n1, n2;
-
- n1 = buf_get_le32 (inbuf);
- n2 = buf_get_le32 (inbuf+4);
n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
@@ -97,23 +93,41 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
- buf_put_le32 (outbuf+0, n2);
- buf_put_le32 (outbuf+4, n1);
+ *o1 = n2;
+ *o2 = n1;
return /* burn_stack */ 4*sizeof(void*) /* func call */ +
3*sizeof(void*) /* stack */ +
4*sizeof(void*) /* gost_val call */;
}
-unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key,
- byte *out, byte *in, int cryptopro)
+static unsigned int
+gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
+{
+ GOST28147_context *ctx = c;
+ u32 n1, n2;
+ unsigned int burn;
+
+ n1 = buf_get_le32 (inbuf);
+ n2 = buf_get_le32 (inbuf+4);
+
+ burn = _gost_encrypt_data(ctx, &n1, &n2, n1, n2);
+
+ buf_put_le32 (outbuf+0, n1);
+ buf_put_le32 (outbuf+4, n2);
+
+ return /* burn_stack */ burn + 6*sizeof(void*) /* func call */;
+}
+
+unsigned int _gcry_gost_enc_data (GOST28147_context *c, const u32 *key,
+ u32 *o1, u32 *o2, u32 n1, u32 n2, int cryptopro)
{
if (cryptopro)
c->sbox = sbox_CryptoPro_3411;
else
c->sbox = sbox_test_3411;
- gost_setkey (c, key, 32);
- return gost_encrypt_block (c, out, in) + 5 * sizeof(void *);
+ memcpy (c->key, key, 8*4);
+ return _gost_encrypt_data (c, o1, o2, n1, n2) + 7 * sizeof(void *);
}
static unsigned int
diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c
index 9d065fb..91e5b4c 100644
--- a/cipher/gostr3411-94.c
+++ b/cipher/gostr3411-94.c
@@ -25,6 +25,7 @@
#include "g10lib.h"
#include "bithelp.h"
+#include "bufhelp.h"
#include "cipher.h"
#include "hash-common.h"
@@ -35,8 +36,11 @@
typedef struct {
gcry_md_block_ctx_t bctx;
GOST28147_context hd;
- byte h[32];
- byte sigma[32];
+ union {
+ u32 h[8];
+ byte result[32];
+ };
+ u32 sigma[8];
u32 len;
int cryptopro;
} GOSTR3411_CONTEXT;
@@ -71,102 +75,122 @@ gost3411_cp_init (void *context, unsigned int flags)
}
static void
-do_p (unsigned char *p, unsigned char *u, unsigned char *v)
+do_p (u32 *p, u32 *u, u32 *v)
{
- int i, k;
+ int k;
+ u32 t[8];
+
for (k = 0; k < 8; k++)
+ t[k] = u[k] ^ v[k];
+
+ for (k = 0; k < 4; k++)
{
- for (i = 0; i < 4; i++)
- {
- p[i + 4 * k] = u[8 * i + k] ^ v[8 * i + k];
- }
+ p[k+0] = ((t[0] >> (8*k)) & 0xff) << 0 |
+ ((t[2] >> (8*k)) & 0xff) << 8 |
+ ((t[4] >> (8*k)) & 0xff) << 16 |
+ ((t[6] >> (8*k)) & 0xff) << 24;
+ p[k+4] = ((t[1] >> (8*k)) & 0xff) << 0 |
+ ((t[3] >> (8*k)) & 0xff) << 8 |
+ ((t[5] >> (8*k)) & 0xff) << 16 |
+ ((t[7] >> (8*k)) & 0xff) << 24;
}
}
static void
-do_a (unsigned char *u)
+do_a (u32 *u)
{
- unsigned char temp[8];
+ u32 t[2];
int i;
- memcpy (temp, u, 8);
- memmove (u, u+8, 24);
- for (i = 0; i < 8; i++)
- {
- u[24 + i] = u[i] ^ temp[i];
- }
+ memcpy(t, u, 2*4);
+ for (i = 0; i < 6; i++)
+ u[i] = u[i+2];
+ u[6] = u[0] ^ t[0];
+ u[7] = u[1] ^ t[1];
}
/* apply do_a twice: 1 2 3 4 -> 3 4 1^2 2^3 */
static void
-do_a2 (unsigned char *u)
+do_a2 (u32 *u)
{
- unsigned char temp[16];
+ u32 t[4];
int i;
- memcpy (temp, u, 16);
- memcpy (u, u + 16, 16);
- for (i = 0; i < 8; i++)
+ memcpy (t, u, 16);
+ memcpy (u, u + 4, 16);
+ for (i = 0; i < 2; i++)
{
- u[16 + i] = temp[i] ^ temp[8 + i];
- u[24 + i] = u[i] ^ temp[8 + i];
+ u[4+i] = t[i] ^ t[i + 2];
+ u[6+i] = u[i] ^ t[i + 2];
}
}
static void
-do_apply_c2 (unsigned char *u)
+do_apply_c2 (u32 *u)
{
- u[ 1] ^= 0xff;
- u[ 3] ^= 0xff;
- u[ 5] ^= 0xff;
- u[ 7] ^= 0xff;
-
- u[ 8] ^= 0xff;
- u[10] ^= 0xff;
- u[12] ^= 0xff;
- u[14] ^= 0xff;
-
- u[17] ^= 0xff;
- u[18] ^= 0xff;
- u[20] ^= 0xff;
- u[23] ^= 0xff;
-
- u[24] ^= 0xff;
- u[28] ^= 0xff;
- u[29] ^= 0xff;
- u[31] ^= 0xff;
+ u[ 0] ^= 0xff00ff00;
+ u[ 1] ^= 0xff00ff00;
+ u[ 2] ^= 0x00ff00ff;
+ u[ 3] ^= 0x00ff00ff;
+ u[ 4] ^= 0x00ffff00;
+ u[ 5] ^= 0xff0000ff;
+ u[ 6] ^= 0x000000ff;
+ u[ 7] ^= 0xff00ffff;
}
-#define do_phi_step(e, i) \
- e[(0 + 2*i) % 32] ^= e[(2 + 2*i) % 32] ^ e[(4 + 2*i) % 32] ^ e[(6 + 2*i) % 32] ^ e[(24 + 2*i) % 32] ^ e[(30 + 2*i) % 32]; \
- e[(1 + 2*i) % 32] ^= e[(3 + 2*i) % 32] ^ e[(5 + 2*i) % 32] ^ e[(7 + 2*i) % 32] ^ e[(25 + 2*i) % 32] ^ e[(31 + 2*i) % 32];
+#define do_chi_step12(e) \
+ e[6] ^= ((e[6] >> 16) ^ e[7] ^ (e[7] >> 16) ^ e[4] ^ (e[5] >>16)) & 0xffff;
+
+#define do_chi_step13(e) \
+ e[6] ^= ((e[7] ^ (e[7] >> 16) ^ e[0] ^ (e[4] >> 16) ^ e[6]) & 0xffff) << 16;
+
+#define do_chi_doublestep(e, i) \
+ e[i] ^= (e[i] >> 16) ^ (e[(i+1)%8] << 16) ^ e[(i+1)%8] ^ (e[(i+1)%8] >> 16) ^ (e[(i+2)%8] << 16) ^ e[(i+6)%8] ^ (e[(i+7)%8] >> 16); \
+ e[i] ^= (e[i] << 16);
static void
-do_phi_submix (unsigned char *e, unsigned char *x, int round)
+do_chi_submix12 (u32 *e, u32 *x)
{
- int i;
- round *= 2;
- for (i = 0; i < 32; i++)
- {
- e[(i + round) % 32] ^= x[i];
- }
+ e[6] ^= x[0];
+ e[7] ^= x[1];
+ e[0] ^= x[2];
+ e[1] ^= x[3];
+ e[2] ^= x[4];
+ e[3] ^= x[5];
+ e[4] ^= x[6];
+ e[5] ^= x[7];
+}
+
+static void
+do_chi_submix13 (u32 *e, u32 *x)
+{
+ e[6] ^= (x[0] << 16) | (x[7] >> 16);
+ e[7] ^= (x[1] << 16) | (x[0] >> 16);
+ e[0] ^= (x[2] << 16) | (x[1] >> 16);
+ e[1] ^= (x[3] << 16) | (x[2] >> 16);
+ e[2] ^= (x[4] << 16) | (x[3] >> 16);
+ e[3] ^= (x[5] << 16) | (x[4] >> 16);
+ e[4] ^= (x[6] << 16) | (x[5] >> 16);
+ e[5] ^= (x[7] << 16) | (x[6] >> 16);
}
static void
-do_add (unsigned char *s, unsigned char *a)
+do_add (u32 *s, u32 *a)
{
- unsigned temp = 0;
+ u32 carry = 0;
int i;
- for (i = 0; i < 32; i++)
+ for (i = 0; i < 8; i++)
{
- temp = s[i] + a[i] + (temp >> 8);
- s[i] = temp & 0xff;
+ u32 op = carry + a[i];
+ s[i] += op;
+ carry = (a[i] > op) || (op > s[i]);
}
}
static unsigned int
-do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m)
+do_hash_step (GOSTR3411_CONTEXT *hd, u32 *h, u32 *m)
{
- unsigned char u[32], v[32], s[32];
- unsigned char k[32];
+ u32 u[8], v[8];
+ u32 s[8];
+ u32 k[8];
unsigned int burn;
int i;
@@ -176,7 +200,7 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m)
for (i = 0; i < 4; i++) {
do_p (k, u, v);
- burn = _gcry_gost_enc_one (&hd->hd, k, s + i*8, h + i*8, hd->cryptopro);
+ burn = _gcry_gost_enc_data (&hd->hd, k, &s[2*i], &s[2*i+1], h[2*i], h[2*i+1], hd->cryptopro);
do_a (u);
if (i == 1)
@@ -186,33 +210,26 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m)
for (i = 0; i < 5; i++)
{
- do_phi_step (s, 0);
- do_phi_step (s, 1);
- do_phi_step (s, 2);
- do_phi_step (s, 3);
- do_phi_step (s, 4);
- do_phi_step (s, 5);
- do_phi_step (s, 6);
- do_phi_step (s, 7);
- do_phi_step (s, 8);
- do_phi_step (s, 9);
+ do_chi_doublestep (s, 0);
+ do_chi_doublestep (s, 1);
+ do_chi_doublestep (s, 2);
+ do_chi_doublestep (s, 3);
+ do_chi_doublestep (s, 4);
/* That is in total 12 + 1 + 61 = 74 = 16 * 4 + 10 rounds */
if (i == 4)
break;
- do_phi_step (s, 10);
- do_phi_step (s, 11);
+ do_chi_doublestep (s, 5);
if (i == 0)
- do_phi_submix(s, m, 12);
- do_phi_step (s, 12);
+ do_chi_submix12(s, m);
+ do_chi_step12 (s);
if (i == 0)
- do_phi_submix(s, h, 13);
- do_phi_step (s, 13);
- do_phi_step (s, 14);
- do_phi_step (s, 15);
+ do_chi_submix13(s, h);
+ do_chi_step13 (s);
+ do_chi_doublestep (s, 7);
}
- memcpy (h, s+20, 12);
- memcpy (h+12, s, 20);
+ memcpy (h, s+5, 12);
+ memcpy (h+3, s, 20);
return /* burn_stack */ 4 * sizeof(void*) /* func call (ret addr + args) */ +
4 * 32 + 2 * sizeof(int) /* stack */ +
@@ -221,15 +238,16 @@ do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m)
16 + sizeof(int) /* do_a2 stack */ );
}
-
static unsigned int
transform_blk (void *ctx, const unsigned char *data)
{
GOSTR3411_CONTEXT *hd = ctx;
- byte m[32];
+ u32 m[8];
unsigned int burn;
+ int i;
- memcpy (m, data, 32);
+ for (i = 0; i < 8; i++)
+ m[i] = buf_get_le32(data + i*4);
burn = do_hash_step (hd, hd->h, m);
do_add (hd->sigma, m);
@@ -263,9 +281,9 @@ gost3411_final (void *context)
{
GOSTR3411_CONTEXT *hd = context;
size_t padlen = 0;
- byte l[32];
+ u32 l[8];
int i;
- u32 nblocks;
+ MD_NBLOCKS_TYPE nblocks;
if (hd->bctx.count > 0)
{
@@ -286,15 +304,19 @@ gost3411_final (void *context)
nblocks --;
l[0] = 256 - padlen * 8;
}
+ l[0] |= nblocks << 8;
+ nblocks >>= 24;
for (i = 1; i < 32 && nblocks != 0; i++)
{
- l[i] = nblocks % 256;
- nblocks /= 256;
+ l[i] = nblocks;
+ nblocks >>= 24;
}
do_hash_step (hd, hd->h, l);
do_hash_step (hd, hd->h, hd->sigma);
+ for (i = 0; i < 8; i++)
+ hd->h[i] = le_bswap32(hd->h[i]);
}
static byte *
@@ -302,7 +324,7 @@ gost3411_read (void *context)
{
GOSTR3411_CONTEXT *hd = context;
- return hd->h;
+ return hd->result;
}
static unsigned char asn[6] = /* Object ID is 1.2.643.2.2.3 */
commit 7aeba6c449169926076df83b01ddbfa6b41fe411
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:35 2014 +0400
gost28147: use bufhelp helpers
* cipher/gost28147.c (gost_setkey, gost_encrypt_block, gost_decrypt_block):
use buf_get_le32/buf_put_le32 helpers.
--
On my box this boosts GOST 28147-89 speed from 36 MiB/s up to 44.5 MiB/s.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index 5456053..af3911e 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -33,6 +33,7 @@
#include "types.h"
#include "g10lib.h"
#include "cipher.h"
+#include "bufhelp.h"
#include "gost.h"
#include "gost-sb.h"
@@ -51,10 +52,7 @@ gost_setkey (void *c, const byte *key, unsigned keylen)
for (i = 0; i < 8; i++)
{
- ctx->key[i] = (key[4 * i + 3] << 24) |
- (key[4 * i + 2] << 16) |
- (key[4 * i + 1] << 8) |
- (key[4 * i + 0] << 0);
+ ctx->key[i] = buf_get_le32(&key[4*i]);
}
return GPG_ERR_NO_ERROR;
}
@@ -76,14 +74,8 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
GOST28147_context *ctx = c;
u32 n1, n2;
- n1 = (inbuf[0] << 0) |
- (inbuf[1] << 8) |
- (inbuf[2] << 16) |
- (inbuf[3] << 24);
- n2 = (inbuf[4] << 0) |
- (inbuf[5] << 8) |
- (inbuf[6] << 16) |
- (inbuf[7] << 24);
+ n1 = buf_get_le32 (inbuf);
+ n2 = buf_get_le32 (inbuf+4);
n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
@@ -105,14 +97,8 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
- outbuf[0 + 0] = (n2 >> (0 * 8)) & 0xff;
- outbuf[1 + 0] = (n2 >> (1 * 8)) & 0xff;
- outbuf[2 + 0] = (n2 >> (2 * 8)) & 0xff;
- outbuf[3 + 0] = (n2 >> (3 * 8)) & 0xff;
- outbuf[0 + 4] = (n1 >> (0 * 8)) & 0xff;
- outbuf[1 + 4] = (n1 >> (1 * 8)) & 0xff;
- outbuf[2 + 4] = (n1 >> (2 * 8)) & 0xff;
- outbuf[3 + 4] = (n1 >> (3 * 8)) & 0xff;
+ buf_put_le32 (outbuf+0, n2);
+ buf_put_le32 (outbuf+4, n1);
return /* burn_stack */ 4*sizeof(void*) /* func call */ +
3*sizeof(void*) /* stack */ +
@@ -136,14 +122,8 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
GOST28147_context *ctx = c;
u32 n1, n2;
- n1 = (inbuf[0] << 0) |
- (inbuf[1] << 8) |
- (inbuf[2] << 16) |
- (inbuf[3] << 24);
- n2 = (inbuf[4] << 0) |
- (inbuf[5] << 8) |
- (inbuf[6] << 16) |
- (inbuf[7] << 24);
+ n1 = buf_get_le32 (inbuf);
+ n2 = buf_get_le32 (inbuf+4);
n2 ^= gost_val (ctx, n1, 0); n1 ^= gost_val (ctx, n2, 1);
n2 ^= gost_val (ctx, n1, 2); n1 ^= gost_val (ctx, n2, 3);
@@ -165,14 +145,8 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
n2 ^= gost_val (ctx, n1, 3); n1 ^= gost_val (ctx, n2, 2);
n2 ^= gost_val (ctx, n1, 1); n1 ^= gost_val (ctx, n2, 0);
- outbuf[0 + 0] = (n2 >> (0 * 8)) & 0xff;
- outbuf[1 + 0] = (n2 >> (1 * 8)) & 0xff;
- outbuf[2 + 0] = (n2 >> (2 * 8)) & 0xff;
- outbuf[3 + 0] = (n2 >> (3 * 8)) & 0xff;
- outbuf[0 + 4] = (n1 >> (0 * 8)) & 0xff;
- outbuf[1 + 4] = (n1 >> (1 * 8)) & 0xff;
- outbuf[2 + 4] = (n1 >> (2 * 8)) & 0xff;
- outbuf[3 + 4] = (n1 >> (3 * 8)) & 0xff;
+ buf_put_le32 (outbuf+0, n2);
+ buf_put_le32 (outbuf+4, n1);
return /* burn_stack */ 4*sizeof(void*) /* func call */ +
3*sizeof(void*) /* stack */ +
commit b78d504fa8745b8b04589acbbcf7dd5fe9279d13
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:34 2014 +0400
Fixup curve name in the GOST2012 test case
* tests/basic.c (check_pubkey): fixup curve name in public key.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/tests/basic.c b/tests/basic.c
index 875b36c..6d70cfd 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -6966,7 +6966,7 @@ check_pubkey (void)
"(public-key\n"
" (ecc\n"
- " (curve GOST2001-test)\n"
+ " (curve GOST2012-test)\n"
" (q #04115DC5BC96760C7B48598D8AB9E740D4C4A85A65BE33C1"
" 815B5C320C854621DD5A515856D13314AF69BC5B924C8B"
" 4DDFF75C45415C1D9DD9DD33612CD530EFE137C7C90CD4"
commit 7533b2ad46f42e98d9dba52e88e79c0311d2d3b7
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:33 2014 +0400
Update PBKDF2 tests with GOST R 34.11-94 test cases
* tests/t-kdf.c (check_pbkdf2): Add MD_GOSTR3411_CP test cases.
--
TC26 (Technical Comitee for standardization "Cryptography and security
mechanisms") published a document with test vectors for PBKDF2 used
with GOST R 34.11-94 message digest function.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/tests/t-kdf.c b/tests/t-kdf.c
index adbe6cc..8e728d5 100644
--- a/tests/t-kdf.c
+++ b/tests/t-kdf.c
@@ -864,6 +864,7 @@ check_pbkdf2 (void)
size_t plen; /* Length of P. */
const char *salt;
size_t saltlen;
+ int hashalgo;
unsigned long c; /* Iterations. */
int dklen; /* Requested key length. */
const char *dk; /* Derived key. */
@@ -872,6 +873,7 @@ check_pbkdf2 (void)
{
"password", 8,
"salt", 4,
+ GCRY_MD_SHA1,
1,
20,
"\x0c\x60\xc8\x0f\x96\x1f\x0e\x71\xf3\xa9"
@@ -880,6 +882,7 @@ check_pbkdf2 (void)
{
"password", 8,
"salt", 4,
+ GCRY_MD_SHA1,
2,
20,
"\xea\x6c\x01\x4d\xc7\x2d\x6f\x8c\xcd\x1e"
@@ -888,6 +891,7 @@ check_pbkdf2 (void)
{
"password", 8,
"salt", 4,
+ GCRY_MD_SHA1,
4096,
20,
"\x4b\x00\x79\x01\xb7\x65\x48\x9a\xbe\xad"
@@ -896,6 +900,7 @@ check_pbkdf2 (void)
{
"password", 8,
"salt", 4,
+ GCRY_MD_SHA1,
16777216,
20,
"\xee\xfe\x3d\x61\xcd\x4d\xa4\xe4\xe9\x94"
@@ -905,6 +910,7 @@ check_pbkdf2 (void)
{
"passwordPASSWORDpassword", 24,
"saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ GCRY_MD_SHA1,
4096,
25,
"\x3d\x2e\xec\x4f\xe4\x1c\x84\x9b\x80\xc8"
@@ -914,6 +920,7 @@ check_pbkdf2 (void)
{
"pass\0word", 9,
"sa\0lt", 5,
+ GCRY_MD_SHA1,
4096,
16,
"\x56\xfa\x6a\xa7\x55\x48\x09\x9d\xcc\x37"
@@ -922,15 +929,71 @@ check_pbkdf2 (void)
{ /* empty password test, not in RFC-6070 */
"", 0,
"salt", 4,
+ GCRY_MD_SHA1,
2,
20,
"\x13\x3a\x4c\xe8\x37\xb4\xd2\x52\x1e\xe2"
"\xbf\x03\xe1\x1c\x71\xca\x79\x4e\x07\x97"
+ },
+ {
+ "password", 8,
+ "salt", 4,
+ GCRY_MD_GOSTR3411_CP,
+ 1,
+ 32,
+ "\x73\x14\xe7\xc0\x4f\xb2\xe6\x62\xc5\x43\x67\x42\x53\xf6\x8b\xd0"
+ "\xb7\x34\x45\xd0\x7f\x24\x1b\xed\x87\x28\x82\xda\x21\x66\x2d\x58"
+ },
+ {
+ "password", 8,
+ "salt", 4,
+ GCRY_MD_GOSTR3411_CP,
+ 2,
+ 32,
+ "\x99\x0d\xfa\x2b\xd9\x65\x63\x9b\xa4\x8b\x07\xb7\x92\x77\x5d\xf7"
+ "\x9f\x2d\xb3\x4f\xef\x25\xf2\x74\x37\x88\x72\xfe\xd7\xed\x1b\xb3"
+ },
+ {
+ "password", 8,
+ "salt", 4,
+ GCRY_MD_GOSTR3411_CP,
+ 4096,
+ 32,
+ "\x1f\x18\x29\xa9\x4b\xdf\xf5\xbe\x10\xd0\xae\xb3\x6a\xf4\x98\xe7"
+ "\xa9\x74\x67\xf3\xb3\x11\x16\xa5\xa7\xc1\xaf\xff\x9d\xea\xda\xfe"
+ },
+ /* { -- takes too long (4-5 min) to calculate
+ "password", 8,
+ "salt", 4,
+ GCRY_MD_GOSTR3411_CP,
+ 16777216,
+ 32,
+ "\xa5\x7a\xe5\xa6\x08\x83\x96\xd1\x20\x85\x0c\x5c\x09\xde\x0a\x52"
+ "\x51\x00\x93\x8a\x59\xb1\xb5\xc3\xf7\x81\x09\x10\xd0\x5f\xcd\x97"
+ }, */
+ {
+ "passwordPASSWORDpassword", 24,
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
+ GCRY_MD_GOSTR3411_CP,
+ 4096,
+ 40,
+ "\x78\x83\x58\xc6\x9c\xb2\xdb\xe2\x51\xa7\xbb\x17\xd5\xf4\x24\x1f"
+ "\x26\x5a\x79\x2a\x35\xbe\xcd\xe8\xd5\x6f\x32\x6b\x49\xc8\x50\x47"
+ "\xb7\x63\x8a\xcb\x47\x64\xb1\xfd"
+ },
+ {
+ "pass\0word", 9,
+ "sa\0lt", 5,
+ GCRY_MD_GOSTR3411_CP,
+ 4096,
+ 20,
+ "\x43\xe0\x6c\x55\x90\xb0\x8c\x02\x25\x24"
+ "\x23\x73\x12\x7e\xdf\x9c\x8e\x9c\x32\x91"
}
};
int tvidx;
gpg_error_t err;
- unsigned char outbuf[32];
+ unsigned char outbuf[40];
int i;
for (tvidx=0; tvidx < DIM(tv); tvidx++)
@@ -938,10 +1001,11 @@ check_pbkdf2 (void)
if (tv[tvidx].disabled)
continue;
if (verbose)
- fprintf (stderr, "checking PBKDF2 test vector %d\n", tvidx);
+ fprintf (stderr, "checking PBKDF2 test vector %d algo %d\n", tvidx,
+ tv[tvidx].hashalgo);
assert (tv[tvidx].dklen <= sizeof outbuf);
err = gcry_kdf_derive (tv[tvidx].p, tv[tvidx].plen,
- GCRY_KDF_PBKDF2, GCRY_MD_SHA1,
+ GCRY_KDF_PBKDF2, tv[tvidx].hashalgo,
tv[tvidx].salt, tv[tvidx].saltlen,
tv[tvidx].c, tv[tvidx].dklen, outbuf);
if (err)
commit 25d6af77e2336b5979ddbe8b90978fe5b61dfaf9
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:32 2014 +0400
Add GOST R 34.11-94 variant using id-GostR3411-94-CryptoProParamSet
* src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New.
* src/cipher.h (_gcry_digest_spec_gost3411_cp): New.
* cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between
CryptoPro and Test S-Boxes.
* cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp,
gost3411_cp_init): New.
* cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32.
--
RFC4357 defines only two S-Boxes that should be used together with
GOST R 34.11-94 - a testing one (from standard itself, for testing only)
and CryptoPro one. Instead of adding a separate gcry_md_ctrl() function
just to switch s-boxes, add a separate MD algorithm using CryptoPro
S-box.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/NEWS b/NEWS
index 5eacf30..214c676 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,7 @@ Noteworthy changes in version 1.7.0 (unreleased)
GCRY_MD_FLAG_BUGEMU1 NEW.
GCRYCTL_SET_SBOX NEW.
gcry_cipher_set_sbox NEW macro.
+ GCRY_MD_GOSTR3411_CP NEW.
Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/cipher/gost.h b/cipher/gost.h
index 3fbd9df..caaf34b 100644
--- a/cipher/gost.h
+++ b/cipher/gost.h
@@ -27,6 +27,6 @@ typedef struct {
/* This is a simple interface that will be used by GOST R 34.11-94 */
extern unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key,
- byte *out, byte *in);
+ byte *out, byte *in, int cryptopro);
#endif
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index ae9e705..5456053 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -120,8 +120,12 @@ gost_encrypt_block (void *c, byte *outbuf, const byte *inbuf)
}
unsigned int _gcry_gost_enc_one (GOST28147_context *c, const byte *key,
- byte *out, byte *in)
+ byte *out, byte *in, int cryptopro)
{
+ if (cryptopro)
+ c->sbox = sbox_CryptoPro_3411;
+ else
+ c->sbox = sbox_test_3411;
gost_setkey (c, key, 32);
return gost_encrypt_block (c, out, in) + 5 * sizeof(void *);
}
diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c
index 73d570f..9d065fb 100644
--- a/cipher/gostr3411-94.c
+++ b/cipher/gostr3411-94.c
@@ -38,6 +38,7 @@ typedef struct {
byte h[32];
byte sigma[32];
u32 len;
+ int cryptopro;
} GOSTR3411_CONTEXT;
static unsigned int
@@ -58,6 +59,15 @@ gost3411_init (void *context, unsigned int flags)
hd->bctx.count = 0;
hd->bctx.blocksize = 32;
hd->bctx.bwrite = transform;
+ hd->cryptopro = 0;
+}
+
+static void
+gost3411_cp_init (void *context, unsigned int flags)
+{
+ GOSTR3411_CONTEXT *hd = context;
+ gost3411_init (context, flags);
+ hd->cryptopro = 1;
}
static void
@@ -153,7 +163,7 @@ do_add (unsigned char *s, unsigned char *a)
}
static unsigned int
-do_hash_step (GOST28147_context *hd, unsigned char *h, unsigned char *m)
+do_hash_step (GOSTR3411_CONTEXT *hd, unsigned char *h, unsigned char *m)
{
unsigned char u[32], v[32], s[32];
unsigned char k[32];
@@ -166,7 +176,7 @@ do_hash_step (GOST28147_context *hd, unsigned char *h, unsigned char *m)
for (i = 0; i < 4; i++) {
do_p (k, u, v);
- burn = _gcry_gost_enc_one (hd, k, s + i*8, h + i*8);
+ burn = _gcry_gost_enc_one (&hd->hd, k, s + i*8, h + i*8, hd->cryptopro);
do_a (u);
if (i == 1)
@@ -220,7 +230,7 @@ transform_blk (void *ctx, const unsigned char *data)
unsigned int burn;
memcpy (m, data, 32);
- burn = do_hash_step (&hd->hd, hd->h, m);
+ burn = do_hash_step (hd, hd->h, m);
do_add (hd->sigma, m);
return /* burn_stack */ burn + 3 * sizeof(void*) + 32 + 2 * sizeof(void*);
@@ -283,8 +293,8 @@ gost3411_final (void *context)
nblocks /= 256;
}
- do_hash_step (&hd->hd, hd->h, l);
- do_hash_step (&hd->hd, hd->h, hd->sigma);
+ do_hash_step (hd, hd->h, l);
+ do_hash_step (hd, hd->h, hd->sigma);
}
static byte *
@@ -310,7 +320,14 @@ static gcry_md_oid_spec_t oid_spec_gostr3411[] =
gcry_md_spec_t _gcry_digest_spec_gost3411_94 =
{
GCRY_MD_GOSTR3411_94, {0, 0},
- "GOSTR3411_94", asn, DIM (asn), oid_spec_gostr3411, 32,
+ "GOSTR3411_94", NULL, 0, NULL, 32,
gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read,
sizeof (GOSTR3411_CONTEXT)
};
+gcry_md_spec_t _gcry_digest_spec_gost3411_cp =
+ {
+ GCRY_MD_GOSTR3411_CP, {0, 0},
+ "GOSTR3411_CP", asn, DIM (asn), oid_spec_gostr3411, 32,
+ gost3411_cp_init, _gcry_md_block_write, gost3411_final, gost3411_read,
+ sizeof (GOSTR3411_CONTEXT)
+ };
diff --git a/cipher/md.c b/cipher/md.c
index 5ab89cb..a1e5859 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -53,6 +53,7 @@ static gcry_md_spec_t *digest_list[] =
#endif
#ifdef USE_GOST_R_3411_94
&_gcry_digest_spec_gost3411_94,
+ &_gcry_digest_spec_gost3411_cp,
#endif
#ifdef USE_GOST_R_3411_12
&_gcry_digest_spec_stribog_256,
@@ -335,6 +336,7 @@ md_open (gcry_md_hd_t *h, int algo, unsigned int flags)
ctx->macpads_Bsize = 128;
break;
case GCRY_MD_GOSTR3411_94:
+ case GCRY_MD_GOSTR3411_CP:
ctx->macpads_Bsize = 32;
break;
default:
diff --git a/src/cipher.h b/src/cipher.h
index ed57d3c..f4f6cc4 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -258,6 +258,7 @@ extern gcry_md_spec_t _gcry_digest_spec_crc32;
extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510;
extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440;
extern gcry_md_spec_t _gcry_digest_spec_gost3411_94;
+extern gcry_md_spec_t _gcry_digest_spec_gost3411_cp;
extern gcry_md_spec_t _gcry_digest_spec_stribog_256;
extern gcry_md_spec_t _gcry_digest_spec_stribog_512;
extern gcry_md_spec_t _gcry_digest_spec_md2;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 95d324b..a5f8350 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1152,7 +1152,8 @@ enum gcry_md_algos
GCRY_MD_TIGER2 = 307, /* TIGER2 variant. */
GCRY_MD_GOSTR3411_94 = 308, /* GOST R 34.11-94. */
GCRY_MD_STRIBOG256 = 309, /* GOST R 34.11-2012, 256 bit. */
- GCRY_MD_STRIBOG512 = 310 /* GOST R 34.11-2012, 512 bit. */
+ GCRY_MD_STRIBOG512 = 310, /* GOST R 34.11-2012, 512 bit. */
+ GCRY_MD_GOSTR3411_CP = 311 /* GOST R 34.11-94 with CryptoPro-A S-Box. */
};
/* Flags used with the open function. */
commit 5ee35a04362c94e680ef3633fa83b72e0aee8626
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:31 2014 +0400
gost28147: support GCRYCTL_SET_SBOX
cipher/gost28147.c (gost_set_extra_info, gost_set_sbox): New.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index 1720f45..ae9e705 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -175,6 +175,44 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
4*sizeof(void*) /* gost_val call */;
}
+static gpg_err_code_t
+gost_set_sbox (GOST28147_context *ctx, const char *oid)
+{
+ int i;
+
+ for (i = 0; gost_oid_map[i].oid; i++)
+ {
+ if (!strcmp(gost_oid_map[i].oid, oid))
+ {
+ ctx->sbox = gost_oid_map[i].sbox;
+ return 0;
+ }
+ }
+ return GPG_ERR_VALUE_NOT_FOUND;
+}
+
+static gpg_err_code_t
+gost_set_extra_info (void *c, int what, const void *buffer, size_t buflen)
+{
+ GOST28147_context *ctx = c;
+ gpg_err_code_t ec = 0;
+
+ (void)buffer;
+ (void)buflen;
+
+ switch (what)
+ {
+ case GCRYCTL_SET_SBOX:
+ ec = gost_set_sbox (ctx, buffer);
+ break;
+
+ default:
+ ec = GPG_ERR_INV_OP;
+ break;
+ }
+ return ec;
+}
+
static gcry_cipher_oid_spec_t oids_gost28147[] =
{
/* { "1.2.643.2.2.31.0", GCRY_CIPHER_MODE_CNTGOST }, */
@@ -193,4 +231,5 @@ gcry_cipher_spec_t _gcry_cipher_spec_gost28147 =
gost_setkey,
gost_encrypt_block,
gost_decrypt_block,
+ NULL, NULL, NULL, gost_set_extra_info,
};
commit fb074d113fcbf66a5c20592625cb19051f3430f5
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:30 2014 +0400
Support setting s-box for the ciphers that require it
* src/gcrypt.h.in (GCRYCTL_SET_SBOX, gcry_cipher_set_sbox): New.
* cipher/cipher.c (_gcry_cipher_ctl): pass GCRYCTL_SET_SBOX to
set_extra_info callback.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/NEWS b/NEWS
index e1bb772..5eacf30 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,8 @@ Noteworthy changes in version 1.7.0 (unreleased)
gcry_mac_get_algo NEW.
GCRY_MAC_HMAC_MD2 NEW.
GCRY_MD_FLAG_BUGEMU1 NEW.
+ GCRYCTL_SET_SBOX NEW.
+ gcry_cipher_set_sbox NEW macro.
Noteworthy changes in version 1.6.0 (2013-12-16)
diff --git a/cipher/cipher.c b/cipher/cipher.c
index da59061..5c44c0d 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -1264,6 +1264,13 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen)
}
break;
+ case GCRYCTL_SET_SBOX:
+ if (h->spec->set_extra_info)
+ rc = h->spec->set_extra_info
+ (&h->context.c, GCRYCTL_SET_SBOX, buffer, buflen);
+ else
+ rc = GPG_ERR_NOT_SUPPORTED;
+
default:
rc = GPG_ERR_INV_OP;
}
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index bd38a24..95d324b 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -329,7 +329,8 @@ enum gcry_ctl_cmds
GCRYCTL_SET_CCM_LENGTHS = 69,
GCRYCTL_CLOSE_RANDOM_DEVICE = 70,
GCRYCTL_INACTIVATE_FIPS_FLAG = 71,
- GCRYCTL_REACTIVATE_FIPS_FLAG = 72
+ GCRYCTL_REACTIVATE_FIPS_FLAG = 72,
+ GCRYCTL_SET_SBOX = 73
};
/* Perform various operations defined by CMD. */
@@ -1002,6 +1003,9 @@ gcry_error_t gcry_cipher_checktag (gcry_cipher_hd_t hd, const void *intag,
#define gcry_cipher_cts(h,on) gcry_cipher_ctl( (h), GCRYCTL_SET_CBC_CTS, \
NULL, on )
+#define gcry_cipher_set_sbox(h,oid) gcry_cipher_ctl( (h), GCRYCTL_SET_SBOX, \
+ (oid), 0);
+
/* Set counter for CTR mode. (CTR,CTRLEN) must denote a buffer of
block size length, or (NULL,0) to set the CTR to the all-zero block. */
gpg_error_t gcry_cipher_setctr (gcry_cipher_hd_t hd,
commit 164738a0292b3f32c7747099ad9cadace58e5eda
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:29 2014 +0400
cipher/gost28147: generate optimized s-boxes from compact ones
* cipher/gost-s-box.c: New. Outputs optimized expanded representation of
s-boxes (4x256) from compact 16x8 representation.
* cipher/Makefile.am: Add gost-sb.h dependency to gost28147.lo
* cipher/gost.h: Add sbox to the GOST28147_context structure.
* cipher/gost28147.c (gost_setkey): Set default s-box to test s-box from
GOST R 34.11 (this was the only one S-box before).
* cipher/gost28147.c (gost_val): Use sbox from the context.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/.gitignore b/.gitignore
index 8b235f9..3929e4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,8 @@ po/messages.mo
/stamp-h1
/Makefile.in
cipher/Makefile.in
+cipher/gost-s-box
+cipher/gost-sb.h
compat/Makefile.in
doc/Makefile.in
m4/Makefile.in
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index 8a3bd19..c165356 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -93,6 +93,11 @@ rfc2268.c \
camellia.c camellia.h camellia-glue.c camellia-aesni-avx-amd64.S \
camellia-aesni-avx2-amd64.S camellia-arm.S
+noinst_PROGRAMS = gost-s-box
+gost28147.lo: gost-sb.h
+gost-sb.h: gost-s-box
+ $(builddir)/gost-s-box $@
+
if ENABLE_O_FLAG_MUNGING
o_flag_munging = sed -e 's/-O\([2-9s][2-9s]*\)/-O1/' -e 's/-Ofast/-O1/g'
else
diff --git a/cipher/gost-s-box.c b/cipher/gost-s-box.c
new file mode 100644
index 0000000..0094f65
--- /dev/null
+++ b/cipher/gost-s-box.c
@@ -0,0 +1,256 @@
+/* gost-s-box.c - GOST 28147-89 S-Box expander
+ * Copyright (C) 2013 Dmitry Eremin-Solenikov
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see .
+ */
+
+#include
+#include
+
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+
+struct gost_sbox
+{
+ const char *name;
+ const char *oid;
+ unsigned char sbox[16*8];
+} gost_sboxes[] = {
+ { "test_3411", "1.2.643.2.2.30.0", {
+ 0x4, 0xE, 0x5, 0x7, 0x6, 0x4, 0xD, 0x1,
+ 0xA, 0xB, 0x8, 0xD, 0xC, 0xB, 0xB, 0xF,
+ 0x9, 0x4, 0x1, 0xA, 0x7, 0xA, 0x4, 0xD,
+ 0x2, 0xC, 0xD, 0x1, 0x1, 0x0, 0x1, 0x0,
+
+ 0xD, 0x6, 0xA, 0x0, 0x5, 0x7, 0x3, 0x5,
+ 0x8, 0xD, 0x3, 0x8, 0xF, 0x2, 0xF, 0x7,
+ 0x0, 0xF, 0x4, 0x9, 0xD, 0x1, 0x5, 0xA,
+ 0xE, 0xA, 0x2, 0xF, 0x8, 0xD, 0x9, 0x4,
+
+ 0x6, 0x2, 0xE, 0xE, 0x4, 0x3, 0x0, 0x9,
+ 0xB, 0x3, 0xF, 0x4, 0xA, 0x6, 0xA, 0x2,
+ 0x1, 0x8, 0xC, 0x6, 0x9, 0x8, 0xE, 0x3,
+ 0xC, 0x1, 0x7, 0xC, 0xE, 0x5, 0x7, 0xE,
+
+ 0x7, 0x0, 0x6, 0xB, 0x0, 0x9, 0x6, 0x6,
+ 0xF, 0x7, 0x0, 0x2, 0x3, 0xC, 0x8, 0xB,
+ 0x5, 0x5, 0x9, 0x5, 0xB, 0xF, 0x2, 0x8,
+ 0x3, 0x9, 0xB, 0x3, 0x2, 0xE, 0xC, 0xC,
+ }
+ },
+ { "CryptoPro_3411", "1.2.643.2.2.30.1", {
+ 0xA, 0x5, 0x7, 0x4, 0x7, 0x7, 0xD, 0x1,
+ 0x4, 0xF, 0xF, 0xA, 0x6, 0x6, 0xE, 0x3,
+ 0x5, 0x4, 0xC, 0x7, 0x4, 0x2, 0x4, 0xA,
+ 0x6, 0x0, 0xE, 0xC, 0xB, 0x4, 0x1, 0x9,
+
+ 0x8, 0x2, 0x9, 0x0, 0x9, 0xD, 0x7, 0x5,
+ 0x1, 0xD, 0x4, 0xF, 0xC, 0x9, 0x0, 0xB,
+ 0x3, 0xB, 0x1, 0x2, 0x2, 0xF, 0x5, 0x4,
+ 0x7, 0x9, 0x0, 0x8, 0xA, 0x0, 0xA, 0xF,
+
+ 0xD, 0x1, 0x3, 0xE, 0x1, 0xA, 0x3, 0x8,
+ 0xC, 0x7, 0xB, 0x1, 0x8, 0x1, 0xC, 0x6,
+ 0xE, 0x6, 0x5, 0x6, 0x0, 0x5, 0x8, 0x7,
+ 0x0, 0x3, 0x2, 0x5, 0xE, 0xB, 0xF, 0xE,
+
+ 0x9, 0xC, 0x6, 0xD, 0xF, 0x8, 0x6, 0xD,
+ 0x2, 0xE, 0xA, 0xB, 0xD, 0xE, 0x2, 0x0,
+ 0xB, 0xA, 0x8, 0x9, 0x3, 0xC, 0x9, 0x2,
+ 0xF, 0x8, 0xD, 0x3, 0x5, 0x3, 0xB, 0xC,
+ }
+ },
+ { "Test_89", "1.2.643.2.2.31.0", {
+ 0x4, 0xC, 0xD, 0xE, 0x3, 0x8, 0x9, 0xC,
+ 0x2, 0x9, 0x8, 0x9, 0xE, 0xF, 0xB, 0x6,
+ 0xF, 0xF, 0xE, 0xB, 0x5, 0x6, 0xC, 0x5,
+ 0x5, 0xE, 0xC, 0x2, 0x9, 0xB, 0x0, 0x2,
+
+ 0x9, 0x8, 0x7, 0x5, 0x6, 0x1, 0x3, 0xB,
+ 0x1, 0x1, 0x3, 0xF, 0x8, 0x9, 0x6, 0x0,
+ 0x0, 0x3, 0x9, 0x7, 0x0, 0xC, 0x7, 0x9,
+ 0x8, 0xA, 0xA, 0x1, 0xD, 0x5, 0x5, 0xD,
+
+ 0xE, 0x2, 0x1, 0x0, 0xA, 0xD, 0x4, 0x3,
+ 0x3, 0x7, 0x5, 0xD, 0xB, 0x3, 0x8, 0xE,
+ 0xB, 0x4, 0x2, 0xC, 0x7, 0x7, 0xE, 0x7,
+ 0xC, 0xD, 0x4, 0x6, 0xC, 0xA, 0xF, 0xA,
+
+ 0xD, 0x6, 0x6, 0xA, 0x2, 0x0, 0x1, 0xF,
+ 0x7, 0x0, 0xF, 0x4, 0x1, 0xE, 0xA, 0x4,
+ 0xA, 0xB, 0x0, 0x3, 0xF, 0x2, 0x2, 0x1,
+ 0x6, 0x5, 0xB, 0x8, 0x4, 0x4, 0xD, 0x8,
+ }
+ },
+ { "CryptoPro_A", "1.2.643.2.2.31.1", {
+ 0x9, 0x3, 0xE, 0xE, 0xB, 0x3, 0x1, 0xB,
+ 0x6, 0x7, 0x4, 0x7, 0x5, 0xA, 0xD, 0xA,
+ 0x3, 0xE, 0x6, 0xA, 0x1, 0xD, 0x2, 0xF,
+ 0x2, 0x9, 0x2, 0xC, 0x9, 0xC, 0x9, 0x5,
+
+ 0x8, 0x8, 0xB, 0xD, 0x8, 0x1, 0x7, 0x0,
+ 0xB, 0xA, 0x3, 0x1, 0xD, 0x2, 0xA, 0xC,
+ 0x1, 0xF, 0xD, 0x3, 0xF, 0x0, 0x6, 0xE,
+ 0x7, 0x0, 0x8, 0x9, 0x0, 0xB, 0x0, 0x8,
+
+ 0xA, 0x5, 0xC, 0x0, 0xE, 0x7, 0x8, 0x6,
+ 0x4, 0x2, 0xF, 0x2, 0x4, 0x5, 0xC, 0x2,
+ 0xE, 0x6, 0x5, 0xB, 0x2, 0x9, 0x4, 0x3,
+ 0xF, 0xC, 0xA, 0x4, 0x3, 0x4, 0x5, 0x9,
+
+ 0xC, 0xB, 0x0, 0xF, 0xC, 0x8, 0xF, 0x1,
+ 0x0, 0x4, 0x7, 0x8, 0x7, 0xF, 0x3, 0x7,
+ 0xD, 0xD, 0x1, 0x5, 0xA, 0xE, 0xB, 0xD,
+ 0x5, 0x1, 0x9, 0x6, 0x6, 0x6, 0xE, 0x4,
+ }
+ },
+ { "CryptoPro_B", "1.2.643.2.2.31.2", {
+ 0x8, 0x0, 0xE, 0x7, 0x2, 0x8, 0x5, 0x0,
+ 0x4, 0x1, 0xC, 0x5, 0x7, 0x3, 0x2, 0x4,
+ 0xB, 0x2, 0x0, 0x0, 0xC, 0x2, 0xA, 0xB,
+ 0x1, 0xA, 0xA, 0xD, 0xF, 0x6, 0xB, 0xE,
+
+ 0x3, 0x4, 0x9, 0xB, 0x9, 0x4, 0x9, 0x8,
+ 0x5, 0xD, 0x2, 0x6, 0x5, 0xD, 0x1, 0x3,
+ 0x0, 0x5, 0xD, 0x1, 0xA, 0xE, 0xC, 0x7,
+ 0x9, 0xC, 0xB, 0x2, 0xB, 0xB, 0x3, 0x1,
+
+ 0x2, 0x9, 0x7, 0x3, 0x1, 0xC, 0x7, 0xA,
+ 0xE, 0x7, 0x5, 0xA, 0x4, 0x1, 0x4, 0x2,
+ 0xA, 0x3, 0x8, 0xC, 0x0, 0x7, 0xD, 0x9,
+ 0xC, 0xF, 0xF, 0xF, 0xD, 0xF, 0x0, 0x6,
+
+ 0x6, 0x8, 0x6, 0xE, 0x8, 0x0, 0xF, 0xD,
+ 0x7, 0x6, 0x1, 0x9, 0xE, 0x9, 0x8, 0x5,
+ 0xF, 0xE, 0x4, 0x8, 0x3, 0x5, 0xE, 0xC,
+ }
+ },
+ { "CryptoPro_C", "1.2.643.2.2.31.3", {
+ 0x1, 0x0, 0x8, 0x3, 0x8, 0xC, 0xA, 0x7,
+ 0xB, 0x1, 0x2, 0x6, 0xD, 0x9, 0x9, 0x4,
+ 0xC, 0x7, 0x5, 0x0, 0xB, 0xB, 0x6, 0x0,
+ 0x2, 0xD, 0x0, 0x1, 0x0, 0x1, 0x8, 0x5,
+
+ 0x9, 0xB, 0x4, 0x5, 0x4, 0x8, 0xD, 0xA,
+ 0xD, 0x4, 0x9, 0xD, 0x5, 0xE, 0xE, 0x2,
+ 0x0, 0x5, 0xF, 0xA, 0x1, 0x2, 0x2, 0xF,
+ 0xF, 0x2, 0xA, 0x8, 0x2, 0x4, 0x0, 0xE,
+
+ 0x4, 0x8, 0x3, 0xB, 0x9, 0x7, 0xF, 0xC,
+ 0x5, 0xE, 0x7, 0x2, 0x3, 0x3, 0x3, 0x6,
+ 0x8, 0xF, 0xC, 0x9, 0xC, 0x6, 0x5, 0x1,
+ 0xE, 0xC, 0xD, 0x7, 0xE, 0x5, 0xB, 0xB,
+
+ 0xA, 0x9, 0x6, 0xE, 0x6, 0xA, 0x4, 0xD,
+ 0x7, 0xA, 0xE, 0xF, 0xF, 0x0, 0x1, 0x9,
+ 0x6, 0x6, 0x1, 0xC, 0xA, 0xF, 0xC, 0x3,
+ 0x3, 0x3, 0xB, 0x4, 0x7, 0xD, 0x7, 0x8,
+ }
+ },
+ { "CryptoPro_D", "1.2.643.2.2.31.4", {
+ 0xF, 0xB, 0x1, 0x1, 0x0, 0x8, 0x3, 0x1,
+ 0xC, 0x6, 0xC, 0x5, 0xC, 0x0, 0x0, 0xA,
+ 0x2, 0x3, 0xB, 0xE, 0x8, 0xF, 0x6, 0x6,
+ 0xA, 0x4, 0x0, 0xC, 0x9, 0x3, 0xF, 0x8,
+
+ 0x6, 0xC, 0xF, 0xA, 0xD, 0x2, 0x1, 0xF,
+ 0x4, 0xF, 0xE, 0x7, 0x2, 0x5, 0xE, 0xB,
+ 0x5, 0xE, 0x6, 0x0, 0xA, 0xE, 0x9, 0x0,
+ 0x0, 0x2, 0x5, 0xD, 0xB, 0xB, 0x2, 0x4,
+
+ 0x7, 0x7, 0xA, 0x6, 0x7, 0x1, 0xD, 0xC,
+ 0x9, 0xD, 0xD, 0x2, 0x3, 0xA, 0x8, 0x3,
+ 0xE, 0x8, 0x4, 0xB, 0x6, 0x4, 0xC, 0x5,
+ 0xD, 0x0, 0x8, 0x4, 0x5, 0x7, 0x4, 0x9,
+
+ 0x1, 0x5, 0x9, 0x9, 0x4, 0xC, 0xB, 0x7,
+ 0xB, 0xA, 0x3, 0x3, 0xE, 0x9, 0xA, 0xD,
+ 0x8, 0x9, 0x7, 0xF, 0xF, 0xD, 0x5, 0x2,
+ 0x3, 0x1, 0x2, 0x8, 0x1, 0x6, 0x7, 0xE,
+ }
+ },
+ { "TC26_A", "1.2.643.7.1.2.5.1.1", {
+ 0xc, 0x6, 0xb, 0xc, 0x7, 0x5, 0x8, 0x1,
+ 0x4, 0x8, 0x3, 0x8, 0xf, 0xd, 0xe, 0x7,
+ 0x6, 0x2, 0x5, 0x2, 0x5, 0xf, 0x2, 0xe,
+ 0x2, 0x3, 0x8, 0x1, 0xa, 0x6, 0x5, 0xd,
+
+ 0xa, 0x9, 0x2, 0xd, 0x8, 0x9, 0x6, 0x0,
+ 0x5, 0xa, 0xf, 0x4, 0x1, 0x2, 0x9, 0x5,
+ 0xb, 0x5, 0xa, 0xf, 0x6, 0xc, 0x1, 0x8,
+ 0x9, 0xc, 0xd, 0x6, 0xd, 0xa, 0xc, 0x3,
+
+ 0xe, 0x1, 0xe, 0x7, 0x0, 0xb, 0xf, 0x4,
+ 0x8, 0xe, 0x1, 0x0, 0x9, 0x7, 0x4, 0xf,
+ 0xd, 0x4, 0x7, 0xa, 0x3, 0x8, 0xb, 0xa,
+ 0x7, 0x7, 0x4, 0x5, 0xe, 0x1, 0x0, 0x6,
+
+ 0x0, 0xb, 0xc, 0x3, 0xb, 0x4, 0xd, 0x9,
+ 0x3, 0xd, 0x9, 0xe, 0x4, 0x3, 0xa, 0xc,
+ 0xf, 0x0, 0x6, 0x9, 0x2, 0xe, 0x3, 0xb,
+ 0x1, 0xf, 0x0, 0xb, 0xc, 0x0, 0x7, 0x2,
+ }
+ },
+};
+
+int main(int argc, char **argv)
+{
+ unsigned int i, j, s;
+ FILE *f;
+
+ if (argc == 1)
+ f = stdin;
+ else
+ f = fopen(argv[1], "w");
+
+ if (!f)
+ {
+ perror("fopen");
+ exit(1);
+ }
+
+ for (s = 0; s < DIM(gost_sboxes); s++)
+ {
+ unsigned char *sbox = gost_sboxes[s].sbox;
+ fprintf (f, "static const u32 sbox_%s[4*256] =\n {", gost_sboxes[s].name);
+ for (i = 0; i < 4; i++) {
+ fprintf (f, "\n /* %d */\n ", i);
+ for (j = 0; j < 256; j++) {
+ unsigned int val;
+ if (j % 4 == 0 && j != 0)
+ fprintf (f, "\n ");
+ val = sbox[ (j & 0xf) * 8 + 2 * i + 0] |
+ (sbox[ (j >> 4) * 8 + 2 * i + 1] << 4);
+ val <<= (8*i);
+ val = (val << 11) | (val >> 21);
+ fprintf (f, " 0x%08x,", val);
+ }
+ }
+ fprintf (f, "\n };\n\n");
+ }
+
+ fprintf (f, "static struct\n{\n const char *oid;\n const u32 *sbox;\n} gost_oid_map[] = {\n");
+
+ for (s = 0; s < DIM(gost_sboxes); s++)
+ {
+ fprintf (f, " { \"%s\", sbox_%s },\n", gost_sboxes[s].oid, gost_sboxes[s].name );
+ }
+
+ fprintf(f, " { NULL, NULL }\n};\n");
+
+ fclose (f);
+
+ return 0;
+}
diff --git a/cipher/gost.h b/cipher/gost.h
index d058eb2..3fbd9df 100644
--- a/cipher/gost.h
+++ b/cipher/gost.h
@@ -22,6 +22,7 @@
typedef struct {
u32 key[8];
+ const u32 *sbox;
} GOST28147_context;
/* This is a simple interface that will be used by GOST R 34.11-94 */
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index 1e48eb0..1720f45 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -34,277 +34,8 @@
#include "g10lib.h"
#include "cipher.h"
-
-/* This is an s-box from RFC4357, named GostR3411-94-TestParamSet
- * For now it is the only s-box supported, as libgcrypt lacks mechanism
- * for passing parameters to cipher in a usefull way.
- * S-boxes was modified from 4->4 to 8->8 bits unit with precalculated
- * shift and rotation by optimisation reasons.
- */
-static const u32 test_sbox[4][256] = {
- /* 0 */
- { 0x00072000, 0x00075000, 0x00074800, 0x00071000,
- 0x00076800, 0x00074000, 0x00070000, 0x00077000,
- 0x00073000, 0x00075800, 0x00070800, 0x00076000,
- 0x00073800, 0x00077800, 0x00072800, 0x00071800,
- 0x0005a000, 0x0005d000, 0x0005c800, 0x00059000,
- 0x0005e800, 0x0005c000, 0x00058000, 0x0005f000,
- 0x0005b000, 0x0005d800, 0x00058800, 0x0005e000,
- 0x0005b800, 0X0005F800, 0x0005a800, 0x00059800,
- 0x00022000, 0x00025000, 0x00024800, 0x00021000,
- 0x00026800, 0x00024000, 0x00020000, 0x00027000,
- 0X00023000, 0x00025800, 0x00020800, 0x00026000,
- 0x00023800, 0x00027800, 0x00022800, 0x00021800,
- 0x00062000, 0x00065000, 0x00064800, 0x00061000,
- 0x00066800, 0x00064000, 0x00060000, 0x00067000,
- 0x00063000, 0x00065800, 0x00060800, 0x00066000,
- 0x00063800, 0x00067800, 0x00062800, 0x00061800,
- 0x00032000, 0x00035000, 0x00034800, 0x00031000,
- 0x00036800, 0x00034000, 0x00030000, 0x00037000,
- 0x00033000, 0x00035800, 0x00030800, 0x00036000,
- 0x00033800, 0x00037800, 0x00032800, 0x00031800,
- 0x0006a000, 0x0006d000, 0x0006c800, 0x00069000,
- 0x0006e800, 0x0006c000, 0x00068000, 0x0006f000,
- 0x0006b000, 0x0006d800, 0x00068800, 0x0006e000,
- 0x0006b800, 0x0006f800, 0x0006a800, 0x00069800,
- 0x0007a000, 0x0007d000, 0x0007c800, 0x00079000,
- 0x0007e800, 0x0007c000, 0x00078000, 0x0007f000,
- 0x0007b000, 0x0007d800, 0x00078800, 0x0007e000,
- 0x0007b800, 0x0007f800, 0x0007a800, 0x00079800,
- 0x00052000, 0x00055000, 0x00054800, 0x00051000,
- 0x00056800, 0x00054000, 0x00050000, 0x00057000,
- 0x00053000, 0x00055800, 0x00050800, 0x00056000,
- 0x00053800, 0x00057800, 0x00052800, 0x00051800,
- 0x00012000, 0x00015000, 0x00014800, 0x00011000,
- 0x00016800, 0x00014000, 0x00010000, 0x00017000,
- 0x00013000, 0x00015800, 0x00010800, 0x00016000,
- 0x00013800, 0x00017800, 0x00012800, 0x00011800,
- 0x0001a000, 0x0001d000, 0x0001c800, 0x00019000,
- 0x0001e800, 0x0001c000, 0x00018000, 0x0001f000,
- 0x0001b000, 0x0001d800, 0x00018800, 0x0001e000,
- 0x0001b800, 0x0001f800, 0x0001a800, 0x00019800,
- 0x00042000, 0x00045000, 0x00044800, 0x00041000,
- 0x00046800, 0x00044000, 0x00040000, 0x00047000,
- 0x00043000, 0x00045800, 0x00040800, 0x00046000,
- 0x00043800, 0x00047800, 0x00042800, 0x00041800,
- 0x0000a000, 0x0000d000, 0x0000c800, 0x00009000,
- 0x0000e800, 0x0000c000, 0x00008000, 0x0000f000,
- 0x0000b000, 0x0000d800, 0x00008800, 0x0000e000,
- 0x0000b800, 0x0000f800, 0x0000a800, 0x00009800,
- 0x00002000, 0x00005000, 0x00004800, 0x00001000,
- 0x00006800, 0x00004000, 0x00000000, 0x00007000,
- 0x00003000, 0x00005800, 0x00000800, 0x00006000,
- 0x00003800, 0x00007800, 0x00002800, 0x00001800,
- 0x0003a000, 0x0003d000, 0x0003c800, 0x00039000,
- 0x0003e800, 0x0003c000, 0x00038000, 0x0003f000,
- 0x0003b000, 0x0003d800, 0x00038800, 0x0003e000,
- 0x0003b800, 0x0003f800, 0x0003a800, 0x00039800,
- 0x0002a000, 0x0002d000, 0x0002c800, 0x00029000,
- 0x0002e800, 0x0002c000, 0x00028000, 0x0002f000,
- 0x0002b000, 0x0002d800, 0x00028800, 0x0002e000,
- 0x0002b800, 0x0002f800, 0x0002a800, 0x00029800,
- 0x0004a000, 0x0004d000, 0x0004c800, 0x00049000,
- 0x0004e800, 0x0004c000, 0x00048000, 0x0004f000,
- 0x0004b000, 0x0004d800, 0x00048800, 0x0004e000,
- 0x0004b800, 0x0004f800, 0x0004a800, 0x00049800 },
- /* 1 */
- { 0x03a80000, 0x03c00000, 0x03880000, 0x03e80000,
- 0x03d00000, 0x03980000, 0x03a00000, 0x03900000,
- 0x03f00000, 0x03f80000, 0x03e00000, 0x03b80000,
- 0x03b00000, 0x03800000, 0x03c80000, 0x03d80000,
- 0x06a80000, 0x06c00000, 0x06880000, 0x06e80000,
- 0x06d00000, 0x06980000, 0x06a00000, 0x06900000,
- 0x06f00000, 0x06f80000, 0x06e00000, 0x06b80000,
- 0x06b00000, 0x06800000, 0x06c80000, 0x06d80000,
- 0x05280000, 0x05400000, 0x05080000, 0x05680000,
- 0x05500000, 0x05180000, 0x05200000, 0x05100000,
- 0x05700000, 0x05780000, 0x05600000, 0x05380000,
- 0x05300000, 0x05000000, 0x05480000, 0x05580000,
- 0x00a80000, 0x00c00000, 0x00880000, 0x00e80000,
- 0x00d00000, 0x00980000, 0x00a00000, 0x00900000,
- 0x00f00000, 0x00f80000, 0x00e00000, 0x00b80000,
- 0x00b00000, 0x00800000, 0x00c80000, 0x00d80000,
- 0x00280000, 0x00400000, 0x00080000, 0x00680000,
- 0x00500000, 0x00180000, 0x00200000, 0x00100000,
- 0x00700000, 0x00780000, 0x00600000, 0x00380000,
- 0x00300000, 0x00000000, 0x00480000, 0x00580000,
- 0x04280000, 0x04400000, 0x04080000, 0x04680000,
- 0x04500000, 0x04180000, 0x04200000, 0x04100000,
- 0x04700000, 0x04780000, 0x04600000, 0x04380000,
- 0x04300000, 0x04000000, 0x04480000, 0x04580000,
- 0x04a80000, 0x04c00000, 0x04880000, 0x04e80000,
- 0x04d00000, 0x04980000, 0x04a00000, 0x04900000,
- 0x04f00000, 0x04f80000, 0x04e00000, 0x04b80000,
- 0x04b00000, 0x04800000, 0x04c80000, 0x04d80000,
- 0x07a80000, 0x07c00000, 0x07880000, 0x07e80000,
- 0x07d00000, 0x07980000, 0x07a00000, 0x07900000,
- 0x07f00000, 0x07f80000, 0x07e00000, 0x07b80000,
- 0x07b00000, 0x07800000, 0x07c80000, 0x07d80000,
- 0x07280000, 0x07400000, 0x07080000, 0x07680000,
- 0x07500000, 0x07180000, 0x07200000, 0x07100000,
- 0x07700000, 0x07780000, 0x07600000, 0x07380000,
- 0x07300000, 0x07000000, 0x07480000, 0x07580000,
- 0x02280000, 0x02400000, 0x02080000, 0x02680000,
- 0x02500000, 0x02180000, 0x02200000, 0x02100000,
- 0x02700000, 0x02780000, 0x02600000, 0x02380000,
- 0x02300000, 0x02000000, 0x02480000, 0x02580000,
- 0x03280000, 0x03400000, 0x03080000, 0x03680000,
- 0x03500000, 0x03180000, 0x03200000, 0x03100000,
- 0x03700000, 0x03780000, 0x03600000, 0x03380000,
- 0x03300000, 0x03000000, 0x03480000, 0x03580000,
- 0x06280000, 0x06400000, 0x06080000, 0x06680000,
- 0x06500000, 0x06180000, 0x06200000, 0x06100000,
- 0x06700000, 0x06780000, 0x06600000, 0x06380000,
- 0x06300000, 0x06000000, 0x06480000, 0x06580000,
- 0x05a80000, 0x05c00000, 0x05880000, 0x05e80000,
- 0x05d00000, 0x05980000, 0x05a00000, 0x05900000,
- 0x05f00000, 0x05f80000, 0x05e00000, 0x05b80000,
- 0x05b00000, 0x05800000, 0x05c80000, 0x05d80000,
- 0x01280000, 0x01400000, 0x01080000, 0x01680000,
- 0x01500000, 0x01180000, 0x01200000, 0x01100000,
- 0x01700000, 0x01780000, 0x01600000, 0x01380000,
- 0x01300000, 0x01000000, 0x01480000, 0x01580000,
- 0x02a80000, 0x02c00000, 0x02880000, 0x02e80000,
- 0x02d00000, 0x02980000, 0x02a00000, 0x02900000,
- 0x02f00000, 0x02f80000, 0x02e00000, 0x02b80000,
- 0x02b00000, 0x02800000, 0x02c80000, 0x02d80000,
- 0x01a80000, 0x01c00000, 0x01880000, 0x01e80000,
- 0x01d00000, 0x01980000, 0x01a00000, 0x01900000,
- 0x01f00000, 0x01f80000, 0x01e00000, 0x01b80000,
- 0x01b00000, 0x01800000, 0x01c80000, 0x01d80000 },
- /* 2 */
- { 0x30000002, 0x60000002, 0x38000002, 0x08000002,
- 0x28000002, 0x78000002, 0x68000002, 0x40000002,
- 0x20000002, 0x50000002, 0x48000002, 0x70000002,
- 0x00000002, 0x18000002, 0x58000002, 0x10000002,
- 0xb0000005, 0xe0000005, 0xb8000005, 0x88000005,
- 0xa8000005, 0xf8000005, 0xe8000005, 0xc0000005,
- 0xa0000005, 0xd0000005, 0xc8000005, 0xf0000005,
- 0x80000005, 0x98000005, 0xd8000005, 0x90000005,
- 0x30000005, 0x60000005, 0x38000005, 0x08000005,
- 0x28000005, 0x78000005, 0x68000005, 0x40000005,
- 0x20000005, 0x50000005, 0x48000005, 0x70000005,
- 0x00000005, 0x18000005, 0x58000005, 0x10000005,
- 0x30000000, 0x60000000, 0x38000000, 0x08000000,
- 0x28000000, 0x78000000, 0x68000000, 0x40000000,
- 0x20000000, 0x50000000, 0x48000000, 0x70000000,
- 0x00000000, 0x18000000, 0x58000000, 0x10000000,
- 0xb0000003, 0xe0000003, 0xb8000003, 0x88000003,
- 0xa8000003, 0xf8000003, 0xe8000003, 0xc0000003,
- 0xa0000003, 0xd0000003, 0xc8000003, 0xf0000003,
- 0x80000003, 0x98000003, 0xd8000003, 0x90000003,
- 0x30000001, 0x60000001, 0x38000001, 0x08000001,
- 0x28000001, 0x78000001, 0x68000001, 0x40000001,
- 0x20000001, 0x50000001, 0x48000001, 0x70000001,
- 0x00000001, 0x18000001, 0x58000001, 0x10000001,
- 0xb0000000, 0xe0000000, 0xb8000000, 0x88000000,
- 0xa8000000, 0xf8000000, 0xe8000000, 0xc0000000,
- 0xa0000000, 0xd0000000, 0xc8000000, 0xf0000000,
- 0x80000000, 0x98000000, 0xd8000000, 0x90000000,
- 0xb0000006, 0xe0000006, 0xb8000006, 0x88000006,
- 0xa8000006, 0xf8000006, 0xe8000006, 0xc0000006,
- 0xa0000006, 0xd0000006, 0xc8000006, 0xf0000006,
- 0x80000006, 0x98000006, 0xd8000006, 0x90000006,
- 0xb0000001, 0xe0000001, 0xb8000001, 0x88000001,
- 0xa8000001, 0xf8000001, 0xe8000001, 0xc0000001,
- 0xa0000001, 0xd0000001, 0xc8000001, 0xf0000001,
- 0x80000001, 0x98000001, 0xd8000001, 0x90000001,
- 0x30000003, 0x60000003, 0x38000003, 0x08000003,
- 0x28000003, 0x78000003, 0x68000003, 0x40000003,
- 0x20000003, 0x50000003, 0x48000003, 0x70000003,
- 0x00000003, 0x18000003, 0x58000003, 0x10000003,
- 0x30000004, 0x60000004, 0x38000004, 0x08000004,
- 0x28000004, 0x78000004, 0x68000004, 0x40000004,
- 0x20000004, 0x50000004, 0x48000004, 0x70000004,
- 0x00000004, 0x18000004, 0x58000004, 0x10000004,
- 0xb0000002, 0xe0000002, 0xb8000002, 0x88000002,
- 0xa8000002, 0xf8000002, 0xe8000002, 0xc0000002,
- 0xa0000002, 0xd0000002, 0xc8000002, 0xf0000002,
- 0x80000002, 0x98000002, 0xd8000002, 0x90000002,
- 0xb0000004, 0xe0000004, 0xb8000004, 0x88000004,
- 0xa8000004, 0xf8000004, 0xe8000004, 0xc0000004,
- 0xa0000004, 0xd0000004, 0xc8000004, 0xf0000004,
- 0x80000004, 0x98000004, 0xd8000004, 0x90000004,
- 0x30000006, 0x60000006, 0x38000006, 0x08000006,
- 0x28000006, 0x78000006, 0x68000006, 0x40000006,
- 0x20000006, 0x50000006, 0x48000006, 0x70000006,
- 0x00000006, 0x18000006, 0x58000006, 0x10000006,
- 0xb0000007, 0xe0000007, 0xb8000007, 0x88000007,
- 0xa8000007, 0xf8000007, 0xe8000007, 0xc0000007,
- 0xa0000007, 0xd0000007, 0xc8000007, 0xf0000007,
- 0x80000007, 0x98000007, 0xd8000007, 0x90000007,
- 0x30000007, 0x60000007, 0x38000007, 0x08000007,
- 0x28000007, 0x78000007, 0x68000007, 0x40000007,
- 0x20000007, 0x50000007, 0x48000007, 0x70000007,
- 0x00000007, 0x18000007, 0x58000007, 0x10000007 },
- /* 3 */
- { 0x000000e8, 0x000000d8, 0x000000a0, 0x00000088,
- 0x00000098, 0x000000f8, 0x000000a8, 0x000000c8,
- 0x00000080, 0x000000d0, 0x000000f0, 0x000000b8,
- 0x000000b0, 0x000000c0, 0x00000090, 0x000000e0,
- 0x000007e8, 0x000007d8, 0x000007a0, 0x00000788,
- 0x00000798, 0x000007f8, 0x000007a8, 0x000007c8,
- 0x00000780, 0x000007d0, 0x000007f0, 0x000007b8,
- 0x000007b0, 0x000007c0, 0x00000790, 0x000007e0,
- 0x000006e8, 0x000006d8, 0x000006a0, 0x00000688,
- 0x00000698, 0x000006f8, 0x000006a8, 0x000006c8,
- 0x00000680, 0x000006d0, 0x000006f0, 0x000006b8,
- 0x000006b0, 0x000006c0, 0x00000690, 0x000006e0,
- 0x00000068, 0x00000058, 0x00000020, 0x00000008,
- 0x00000018, 0x00000078, 0x00000028, 0x00000048,
- 0x00000000, 0x00000050, 0x00000070, 0x00000038,
- 0x00000030, 0x00000040, 0x00000010, 0x00000060,
- 0x000002e8, 0x000002d8, 0x000002a0, 0x00000288,
- 0x00000298, 0x000002f8, 0x000002a8, 0x000002c8,
- 0x00000280, 0x000002d0, 0x000002f0, 0x000002b8,
- 0x000002b0, 0x000002c0, 0x00000290, 0x000002e0,
- 0x000003e8, 0x000003d8, 0x000003a0, 0x00000388,
- 0x00000398, 0x000003f8, 0x000003a8, 0x000003c8,
- 0x00000380, 0x000003d0, 0x000003f0, 0x000003b8,
- 0x000003b0, 0x000003c0, 0x00000390, 0x000003e0,
- 0x00000568, 0x00000558, 0x00000520, 0x00000508,
- 0x00000518, 0x00000578, 0x00000528, 0x00000548,
- 0x00000500, 0x00000550, 0x00000570, 0x00000538,
- 0x00000530, 0x00000540, 0x00000510, 0x00000560,
- 0x00000268, 0x00000258, 0x00000220, 0x00000208,
- 0x00000218, 0x00000278, 0x00000228, 0x00000248,
- 0x00000200, 0x00000250, 0x00000270, 0x00000238,
- 0x00000230, 0x00000240, 0x00000210, 0x00000260,
- 0x000004e8, 0x000004d8, 0x000004a0, 0x00000488,
- 0x00000498, 0x000004f8, 0x000004a8, 0x000004c8,
- 0x00000480, 0x000004d0, 0x000004f0, 0x000004b8,
- 0x000004b0, 0x000004c0, 0x00000490, 0x000004e0,
- 0x00000168, 0x00000158, 0x00000120, 0x00000108,
- 0x00000118, 0x00000178, 0x00000128, 0x00000148,
- 0x00000100, 0x00000150, 0x00000170, 0x00000138,
- 0x00000130, 0x00000140, 0x00000110, 0x00000160,
- 0x000001e8, 0x000001d8, 0x000001a0, 0x00000188,
- 0x00000198, 0x000001f8, 0x000001a8, 0x000001c8,
- 0x00000180, 0x000001d0, 0x000001f0, 0x000001b8,
- 0x000001b0, 0x000001c0, 0x00000190, 0x000001e0,
- 0x00000768, 0x00000758, 0x00000720, 0x00000708,
- 0x00000718, 0x00000778, 0x00000728, 0x00000748,
- 0x00000700, 0x00000750, 0x00000770, 0x00000738,
- 0x00000730, 0x00000740, 0x00000710, 0x00000760,
- 0x00000368, 0x00000358, 0x00000320, 0x00000308,
- 0x00000318, 0x00000378, 0x00000328, 0x00000348,
- 0x00000300, 0x00000350, 0x00000370, 0x00000338,
- 0x00000330, 0x00000340, 0x00000310, 0x00000360,
- 0x000005e8, 0x000005d8, 0x000005a0, 0x00000588,
- 0x00000598, 0x000005f8, 0x000005a8, 0x000005c8,
- 0x00000580, 0x000005d0, 0x000005f0, 0x000005b8,
- 0x000005b0, 0x000005c0, 0x00000590, 0x000005e0,
- 0x00000468, 0x00000458, 0x00000420, 0x00000408,
- 0x00000418, 0x00000478, 0x00000428, 0x00000448,
- 0x00000400, 0x00000450, 0x00000470, 0x00000438,
- 0x00000430, 0x00000440, 0x00000410, 0x00000460,
- 0x00000668, 0x00000658, 0x00000620, 0x00000608,
- 0x00000618, 0x00000678, 0x00000628, 0x00000648,
- 0x00000600, 0x00000650, 0x00000670, 0x00000638,
- 0x00000630, 0x00000640, 0x00000610, 0x00000660 }
-};
-
#include "gost.h"
+#include "gost-sb.h"
static gcry_err_code_t
gost_setkey (void *c, const byte *key, unsigned keylen)
@@ -315,6 +46,9 @@ gost_setkey (void *c, const byte *key, unsigned keylen)
if (keylen != 256 / 8)
return GPG_ERR_INV_KEYLEN;
+ if (!ctx->sbox)
+ ctx->sbox = sbox_test_3411;
+
for (i = 0; i < 8; i++)
{
ctx->key[i] = (key[4 * i + 3] << 24) |
@@ -329,10 +63,10 @@ static u32
gost_val (GOST28147_context *ctx, u32 cm1, int subkey)
{
cm1 += ctx->key[subkey];
- cm1 = test_sbox[0][ (cm1 >> 0) & 0xff] |
- test_sbox[1][ (cm1 >> 8) & 0xff] |
- test_sbox[2][ (cm1 >> 16) & 0xff] |
- test_sbox[3][ (cm1 >> 24) & 0xff];
+ cm1 = ctx->sbox[0*256 + ((cm1 >> 0) & 0xff)] |
+ ctx->sbox[1*256 + ((cm1 >> 8) & 0xff)] |
+ ctx->sbox[2*256 + ((cm1 >> 16) & 0xff)] |
+ ctx->sbox[3*256 + ((cm1 >> 24) & 0xff)];
return cm1;
}
commit 34a58010000288515636706811c3837f32957b2e
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:28 2014 +0400
gost28147: add OIDs used to define cipher mode
* cipher/gost28147 (oids_gost28147): Add OID from RFC4357.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gost28147.c b/cipher/gost28147.c
index c094209..1e48eb0 100644
--- a/cipher/gost28147.c
+++ b/cipher/gost28147.c
@@ -441,10 +441,20 @@ gost_decrypt_block (void *c, byte *outbuf, const byte *inbuf)
4*sizeof(void*) /* gost_val call */;
}
+static gcry_cipher_oid_spec_t oids_gost28147[] =
+ {
+ /* { "1.2.643.2.2.31.0", GCRY_CIPHER_MODE_CNTGOST }, */
+ { "1.2.643.2.2.31.1", GCRY_CIPHER_MODE_CFB },
+ { "1.2.643.2.2.31.2", GCRY_CIPHER_MODE_CFB },
+ { "1.2.643.2.2.31.3", GCRY_CIPHER_MODE_CFB },
+ { "1.2.643.2.2.31.4", GCRY_CIPHER_MODE_CFB },
+ { NULL }
+ };
+
gcry_cipher_spec_t _gcry_cipher_spec_gost28147 =
{
GCRY_CIPHER_GOST28147, {0, 0},
- "GOST28147", NULL, NULL, 8, 256,
+ "GOST28147", NULL, oids_gost28147, 8, 256,
sizeof (GOST28147_context),
gost_setkey,
gost_encrypt_block,
commit 8b221cf5ce233c8c49a4e4ecebb70d523fc37837
Author: Dmitry Eremin-Solenikov
Date: Fri Jun 6 22:48:26 2014 +0400
GOST R 34.11-94 add OIDs
* cipher/gostr3411-94.c: Add OIDs for GOST R 34.11-94 from RFC 4357.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c
index 9a39733..73d570f 100644
--- a/cipher/gostr3411-94.c
+++ b/cipher/gostr3411-94.c
@@ -294,10 +294,23 @@ gost3411_read (void *context)
return hd->h;
}
+
+static unsigned char asn[6] = /* Object ID is 1.2.643.2.2.3 */
+ { 0x2a, 0x85, 0x03, 0x02, 0x02, 0x03 };
+
+static gcry_md_oid_spec_t oid_spec_gostr3411[] =
+ {
+ /* iso.member-body.ru.rans.cryptopro.3 (gostR3411-94-with-gostR3410-2001) */
+ { "1.2.643.2.2.3" },
+ /* iso.member-body.ru.rans.cryptopro.9 (gostR3411-94) */
+ { "1.2.643.2.2.9" },
+ {NULL},
+ };
+
gcry_md_spec_t _gcry_digest_spec_gost3411_94 =
{
GCRY_MD_GOSTR3411_94, {0, 0},
- "GOSTR3411_94", NULL, 0, NULL, 32,
+ "GOSTR3411_94", asn, DIM (asn), oid_spec_gostr3411, 32,
gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read,
sizeof (GOSTR3411_CONTEXT)
};
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 2 +
NEWS | 3 +
cipher/Makefile.am | 5 +
cipher/cipher.c | 7 +
cipher/gost-s-box.c | 256 ++++++++++++++++++++++++++++++
cipher/gost.h | 5 +-
cipher/gost28147.c | 411 +++++++++++--------------------------------------
cipher/gostr3411-94.c | 238 +++++++++++++++++-----------
cipher/md.c | 2 +
src/cipher.h | 1 +
src/gcrypt.h.in | 9 +-
tests/basic.c | 2 +-
tests/t-kdf.c | 70 ++++++++-
13 files changed, 592 insertions(+), 419 deletions(-)
create mode 100644 cipher/gost-s-box.c
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Sun Jun 29 16:45:42 2014
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Sun, 29 Jun 2014 16:45:42 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-94-g1b9b00b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 1b9b00bbe41bbed32563f1102049521e703e72bd (commit)
from 066f068bd0bc4d8e01f1f18b6153cdc8d2c245d7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1b9b00bbe41bbed32563f1102049521e703e72bd
Author: Jussi Kivilinna
Date: Sun Jun 29 17:36:29 2014 +0300
Speed-up SHA-1 NEON assembly implementation
* cipher/sha1-armv7-neon.S: Tweak implementation for speed-up.
--
Benchmark on Cortex-A8 1008Mhz:
New:
| nanosecs/byte mebibytes/sec cycles/byte
SHA1 | 7.04 ns/B 135.4 MiB/s 7.10 c/B
Old:
| nanosecs/byte mebibytes/sec cycles/byte
SHA1 | 7.79 ns/B 122.4 MiB/s 7.85 c/B
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/sha1-armv7-neon.S b/cipher/sha1-armv7-neon.S
index 95b677d..f314d8e 100644
--- a/cipher/sha1-armv7-neon.S
+++ b/cipher/sha1-armv7-neon.S
@@ -1,5 +1,5 @@
/* sha1-armv7-neon.S - ARM/NEON accelerated SHA-1 transform function
- * Copyright (C) 2013 Jussi Kivilinna
+ * Copyright (C) 2013-2014 Jussi Kivilinna
*
* Based on sha1.c:
* Copyright (C) 1998, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
@@ -26,12 +26,12 @@
defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \
defined(HAVE_GCC_INLINE_ASM_NEON) && defined(USE_SHA1)
-.data
-
.syntax unified
.fpu neon
.arm
+.text
+
#ifdef __PIC__
# define GET_DATA_POINTER(reg, name, rtmp) \
ldr reg, 1f; \
@@ -69,16 +69,13 @@ gcry_sha1_armv7_neon_K_VEC:
.LK4: .long K4, K4, K4, K4
-.text
-
/* Register macros */
#define RSTATE r0
#define RDATA r1
#define RNBLKS r2
#define ROLDSTACK r3
-#define RK lr
-#define RWK r12
+#define RWK lr
#define _a r4
#define _b r5
@@ -89,6 +86,7 @@ gcry_sha1_armv7_neon_K_VEC:
#define RT0 r9
#define RT1 r10
#define RT2 r11
+#define RT3 r12
#define W0 q0
#define W1 q1
@@ -104,7 +102,10 @@ gcry_sha1_armv7_neon_K_VEC:
#define tmp2 q10
#define tmp3 q11
-#define curK q12
+#define qK1 q12
+#define qK2 q13
+#define qK3 q14
+#define qK4 q15
/* Round function macros. */
@@ -112,43 +113,43 @@ gcry_sha1_armv7_neon_K_VEC:
#define WK_offs(i) (((i) & 15) * 4)
#define _R_F1(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \
- and RT0, c, b; \
+ ldr RT3, [sp, WK_offs(i)]; \
pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
+ bic RT0, d, b; \
add e, e, a, ror #(32 - 5); \
- ldr RT2, [sp, WK_offs(i)]; \
- bic RT1, d, b; \
- add e, RT2; \
+ and RT1, c, b; \
pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
+ add RT0, RT0, RT3; \
+ add e, e, RT1; \
ror b, #(32 - 30); \
- eor RT0, RT1; \
pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
- add e, RT0;
+ add e, e, RT0;
#define _R_F2(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \
- eor RT0, c, b; \
+ ldr RT3, [sp, WK_offs(i)]; \
pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
+ eor RT0, d, b; \
add e, e, a, ror #(32 - 5); \
- ldr RT2, [sp, WK_offs(i)]; \
- eor RT0, d; \
+ eor RT0, RT0, c; \
pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
- add e, RT2; \
+ add e, e, RT3; \
ror b, #(32 - 30); \
pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
- add e, RT0; \
+ add e, e, RT0; \
#define _R_F3(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \
- eor RT0, c, b; \
+ ldr RT3, [sp, WK_offs(i)]; \
pre1(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
+ eor RT0, b, c; \
+ and RT1, b, c; \
add e, e, a, ror #(32 - 5); \
- ldr RT2, [sp, WK_offs(i)]; \
- and RT1, c, b; \
- and RT0, d; \
- add e, RT2; \
pre2(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
+ and RT0, RT0, d; \
+ add RT1, RT1, RT3; \
+ add e, e, RT0; \
ror b, #(32 - 30); \
- add e, RT1; \
pre3(i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28); \
- add e, RT0;
+ add e, e, RT1;
#define _R_F4(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28) \
_R_F2(a,b,c,d,e,i,pre1,pre2,pre3,i16,W,W_m04,W_m08,W_m12,W_m16,W_m20,W_m24,W_m28)
@@ -183,10 +184,10 @@ gcry_sha1_armv7_neon_K_VEC:
vst1.32 {tmp2, tmp3}, [RWK]; \
#define WPRECALC_00_15_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- add RWK, sp, #(WK_offs(0)); \
+ vld1.32 {tmp0, tmp1}, [RDATA]!; \
#define WPRECALC_00_15_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vld1.32 {tmp0, tmp1}, [RDATA]!; \
+ add RWK, sp, #(WK_offs(0)); \
#define WPRECALC_00_15_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
vrev32.8 W0, tmp0; /* big => little */ \
@@ -225,25 +226,25 @@ gcry_sha1_armv7_neon_K_VEC:
/********* Precalc macros for rounds 16-31 ************************************/
#define WPRECALC_16_31_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- add RWK, sp, #(WK_offs(i)); \
-
-#define WPRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
veor tmp0, tmp0; \
vext.8 W, W_m16, W_m12, #8; \
-#define WPRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
+#define WPRECALC_16_31_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
+ add RWK, sp, #(WK_offs(i)); \
vext.8 tmp0, W_m04, tmp0, #4; \
+
+#define WPRECALC_16_31_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
+ veor tmp0, tmp0, W_m16; \
veor.32 W, W, W_m08; \
#define WPRECALC_16_31_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- veor tmp0, tmp0, W_m16; \
veor tmp1, tmp1; \
+ veor W, W, tmp0; \
#define WPRECALC_16_31_4(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- veor W, W, tmp0; \
+ vshl.u32 tmp0, W, #1; \
#define WPRECALC_16_31_5(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vshl.u32 tmp0, W, #1; \
vext.8 tmp1, tmp1, W, #(16-12); \
vshr.u32 W, W, #31; \
@@ -270,28 +271,28 @@ gcry_sha1_armv7_neon_K_VEC:
/********* Precalc macros for rounds 32-79 ************************************/
#define WPRECALC_32_79_0(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- add RWK, sp, #(WK_offs(i&~3)); \
+ veor W, W_m28; \
#define WPRECALC_32_79_1(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- veor W, W_m28; \
+ vext.8 tmp0, W_m08, W_m04, #8; \
#define WPRECALC_32_79_2(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vext.8 tmp0, W_m08, W_m04, #8; \
+ veor W, W_m16; \
#define WPRECALC_32_79_3(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- veor W, W_m16; \
+ veor W, tmp0; \
#define WPRECALC_32_79_4(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- veor W, tmp0; \
+ add RWK, sp, #(WK_offs(i&~3)); \
#define WPRECALC_32_79_5(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vshr.u32 tmp0, W, #30; \
+ vshl.u32 tmp1, W, #2; \
#define WPRECALC_32_79_6(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vshl.u32 W, W, #2; \
+ vshr.u32 tmp0, W, #30; \
#define WPRECALC_32_79_7(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
- vorr W, tmp0, W; \
+ vorr W, tmp0, tmp1; \
#define WPRECALC_32_79_8(i, W, W_m04, W_m08, W_m12, W_m16, W_m20, W_m24, W_m28) \
vadd.u32 tmp0, W, curK; \
@@ -326,20 +327,26 @@ _gcry_sha1_transform_armv7_neon:
beq .Ldo_nothing;
push {r4-r12, lr};
+
+ GET_DATA_POINTER(RT3, .LK_VEC, _a);
vpush {q4-q7};
mov ROLDSTACK, sp;
- GET_DATA_POINTER(RK, .LK_VEC, _a);
/* Align stack. */
sub sp, #(16*4);
and sp, #(~(16-1));
+ vld1.32 {qK1-qK2}, [RT3]!; /* Load K1,K2 */
+
/* Get the values of the chaining variables. */
ldm RSTATE, {_a-_e};
+ vld1.32 {qK3-qK4}, [RT3]; /* Load K3,K4 */
+
+#undef curK
+#define curK qK1
/* Precalc 0-15. */
- vld1.32 {curK}, [RK]!; /* Load K1. */
W_PRECALC_00_15();
b .Loop;
@@ -352,7 +359,8 @@ _gcry_sha1_transform_armv7_neon:
_R( _d, _e, _a, _b, _c, F1, 2, WPRECALC_16_31_6, WPRECALC_16_31_7, WPRECALC_16_31_8, 16, W4, W5, W6, W7, W0, _, _, _ );
_R( _c, _d, _e, _a, _b, F1, 3, WPRECALC_16_31_9, WPRECALC_16_31_10,WPRECALC_16_31_11,16, W4, W5, W6, W7, W0, _, _, _ );
- vld1.32 {curK}, [RK]!; /* Load K2. */
+#undef curK
+#define curK qK2
_R( _b, _c, _d, _e, _a, F1, 4, WPRECALC_16_31_0, WPRECALC_16_31_1, WPRECALC_16_31_2, 20, W3, W4, W5, W6, W7, _, _, _ );
_R( _a, _b, _c, _d, _e, F1, 5, WPRECALC_16_31_3, WPRECALC_16_31_4, WPRECALC_16_31_5, 20, W3, W4, W5, W6, W7, _, _, _ );
_R( _e, _a, _b, _c, _d, F1, 6, WPRECALC_16_31_6, WPRECALC_16_31_7, WPRECALC_16_31_8, 20, W3, W4, W5, W6, W7, _, _, _ );
@@ -371,72 +379,75 @@ _gcry_sha1_transform_armv7_neon:
/* Transform 16-63 + Precalc 32-79. */
_R( _e, _a, _b, _c, _d, F1, 16, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 32, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _d, _e, _a, _b, _c, F1, 17, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 32, W0, W1, W2, W3, W4, W5, W6, W7);
- _R( _c, _d, _e, _a, _b, F1, 18, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 32, W0, W1, W2, W3, W4, W5, W6, W7);
+ _R( _c, _d, _e, _a, _b, F1, 18, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 32, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _b, _c, _d, _e, _a, F1, 19, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 32, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _a, _b, _c, _d, _e, F2, 20, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 36, W7, W0, W1, W2, W3, W4, W5, W6);
_R( _e, _a, _b, _c, _d, F2, 21, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 36, W7, W0, W1, W2, W3, W4, W5, W6);
- _R( _d, _e, _a, _b, _c, F2, 22, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 36, W7, W0, W1, W2, W3, W4, W5, W6);
+ _R( _d, _e, _a, _b, _c, F2, 22, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 36, W7, W0, W1, W2, W3, W4, W5, W6);
_R( _c, _d, _e, _a, _b, F2, 23, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 36, W7, W0, W1, W2, W3, W4, W5, W6);
- vld1.32 {curK}, [RK]!; /* Load K3. */
+#undef curK
+#define curK qK3
_R( _b, _c, _d, _e, _a, F2, 24, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 40, W6, W7, W0, W1, W2, W3, W4, W5);
_R( _a, _b, _c, _d, _e, F2, 25, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 40, W6, W7, W0, W1, W2, W3, W4, W5);
- _R( _e, _a, _b, _c, _d, F2, 26, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 40, W6, W7, W0, W1, W2, W3, W4, W5);
+ _R( _e, _a, _b, _c, _d, F2, 26, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 40, W6, W7, W0, W1, W2, W3, W4, W5);
_R( _d, _e, _a, _b, _c, F2, 27, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 40, W6, W7, W0, W1, W2, W3, W4, W5);
_R( _c, _d, _e, _a, _b, F2, 28, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 44, W5, W6, W7, W0, W1, W2, W3, W4);
_R( _b, _c, _d, _e, _a, F2, 29, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 44, W5, W6, W7, W0, W1, W2, W3, W4);
- _R( _a, _b, _c, _d, _e, F2, 30, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 44, W5, W6, W7, W0, W1, W2, W3, W4);
+ _R( _a, _b, _c, _d, _e, F2, 30, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 44, W5, W6, W7, W0, W1, W2, W3, W4);
_R( _e, _a, _b, _c, _d, F2, 31, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 44, W5, W6, W7, W0, W1, W2, W3, W4);
_R( _d, _e, _a, _b, _c, F2, 32, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 48, W4, W5, W6, W7, W0, W1, W2, W3);
_R( _c, _d, _e, _a, _b, F2, 33, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 48, W4, W5, W6, W7, W0, W1, W2, W3);
- _R( _b, _c, _d, _e, _a, F2, 34, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 48, W4, W5, W6, W7, W0, W1, W2, W3);
+ _R( _b, _c, _d, _e, _a, F2, 34, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 48, W4, W5, W6, W7, W0, W1, W2, W3);
_R( _a, _b, _c, _d, _e, F2, 35, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 48, W4, W5, W6, W7, W0, W1, W2, W3);
_R( _e, _a, _b, _c, _d, F2, 36, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 52, W3, W4, W5, W6, W7, W0, W1, W2);
_R( _d, _e, _a, _b, _c, F2, 37, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 52, W3, W4, W5, W6, W7, W0, W1, W2);
- _R( _c, _d, _e, _a, _b, F2, 38, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 52, W3, W4, W5, W6, W7, W0, W1, W2);
+ _R( _c, _d, _e, _a, _b, F2, 38, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 52, W3, W4, W5, W6, W7, W0, W1, W2);
_R( _b, _c, _d, _e, _a, F2, 39, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 52, W3, W4, W5, W6, W7, W0, W1, W2);
_R( _a, _b, _c, _d, _e, F3, 40, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 56, W2, W3, W4, W5, W6, W7, W0, W1);
_R( _e, _a, _b, _c, _d, F3, 41, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 56, W2, W3, W4, W5, W6, W7, W0, W1);
- _R( _d, _e, _a, _b, _c, F3, 42, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 56, W2, W3, W4, W5, W6, W7, W0, W1);
+ _R( _d, _e, _a, _b, _c, F3, 42, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 56, W2, W3, W4, W5, W6, W7, W0, W1);
_R( _c, _d, _e, _a, _b, F3, 43, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 56, W2, W3, W4, W5, W6, W7, W0, W1);
- vld1.32 {curK}, [RK]!; /* Load K4. */
+#undef curK
+#define curK qK4
_R( _b, _c, _d, _e, _a, F3, 44, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 60, W1, W2, W3, W4, W5, W6, W7, W0);
_R( _a, _b, _c, _d, _e, F3, 45, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 60, W1, W2, W3, W4, W5, W6, W7, W0);
- _R( _e, _a, _b, _c, _d, F3, 46, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 60, W1, W2, W3, W4, W5, W6, W7, W0);
+ _R( _e, _a, _b, _c, _d, F3, 46, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 60, W1, W2, W3, W4, W5, W6, W7, W0);
_R( _d, _e, _a, _b, _c, F3, 47, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 60, W1, W2, W3, W4, W5, W6, W7, W0);
_R( _c, _d, _e, _a, _b, F3, 48, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 64, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _b, _c, _d, _e, _a, F3, 49, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 64, W0, W1, W2, W3, W4, W5, W6, W7);
- _R( _a, _b, _c, _d, _e, F3, 50, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 64, W0, W1, W2, W3, W4, W5, W6, W7);
+ _R( _a, _b, _c, _d, _e, F3, 50, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 64, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _e, _a, _b, _c, _d, F3, 51, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 64, W0, W1, W2, W3, W4, W5, W6, W7);
_R( _d, _e, _a, _b, _c, F3, 52, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 68, W7, W0, W1, W2, W3, W4, W5, W6);
_R( _c, _d, _e, _a, _b, F3, 53, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 68, W7, W0, W1, W2, W3, W4, W5, W6);
- _R( _b, _c, _d, _e, _a, F3, 54, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 68, W7, W0, W1, W2, W3, W4, W5, W6);
+ _R( _b, _c, _d, _e, _a, F3, 54, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 68, W7, W0, W1, W2, W3, W4, W5, W6);
_R( _a, _b, _c, _d, _e, F3, 55, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 68, W7, W0, W1, W2, W3, W4, W5, W6);
_R( _e, _a, _b, _c, _d, F3, 56, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 72, W6, W7, W0, W1, W2, W3, W4, W5);
_R( _d, _e, _a, _b, _c, F3, 57, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 72, W6, W7, W0, W1, W2, W3, W4, W5);
- _R( _c, _d, _e, _a, _b, F3, 58, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 72, W6, W7, W0, W1, W2, W3, W4, W5);
+ _R( _c, _d, _e, _a, _b, F3, 58, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 72, W6, W7, W0, W1, W2, W3, W4, W5);
_R( _b, _c, _d, _e, _a, F3, 59, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 72, W6, W7, W0, W1, W2, W3, W4, W5);
- sub RK, #64;
+ subs RNBLKS, #1;
+
_R( _a, _b, _c, _d, _e, F4, 60, WPRECALC_32_79_0, WPRECALC_32_79_1, WPRECALC_32_79_2, 76, W5, W6, W7, W0, W1, W2, W3, W4);
_R( _e, _a, _b, _c, _d, F4, 61, WPRECALC_32_79_3, WPRECALC_32_79_4, WPRECALC_32_79_5, 76, W5, W6, W7, W0, W1, W2, W3, W4);
- _R( _d, _e, _a, _b, _c, F4, 62, WPRECALC_32_79_6, WPRECALC_32_79_7, dummy, 76, W5, W6, W7, W0, W1, W2, W3, W4);
+ _R( _d, _e, _a, _b, _c, F4, 62, WPRECALC_32_79_6, dummy, WPRECALC_32_79_7, 76, W5, W6, W7, W0, W1, W2, W3, W4);
_R( _c, _d, _e, _a, _b, F4, 63, WPRECALC_32_79_8, dummy, WPRECALC_32_79_9, 76, W5, W6, W7, W0, W1, W2, W3, W4);
- subs RNBLKS, #1;
beq .Lend;
/* Transform 64-79 + Precalc 0-15 of next block. */
- vld1.32 {curK}, [RK]!; /* Load K1. */
+#undef curK
+#define curK qK1
_R( _b, _c, _d, _e, _a, F4, 64, WPRECALC_00_15_0, dummy, dummy, _, _, _, _, _, _, _, _, _ );
_R( _a, _b, _c, _d, _e, F4, 65, WPRECALC_00_15_1, dummy, dummy, _, _, _, _, _, _, _, _, _ );
_R( _e, _a, _b, _c, _d, F4, 66, WPRECALC_00_15_2, dummy, dummy, _, _, _, _, _, _, _, _, _ );
@@ -458,14 +469,13 @@ _gcry_sha1_transform_armv7_neon:
_R( _b, _c, _d, _e, _a, F4, 79, WPRECALC_00_15_11, dummy, WPRECALC_00_15_12, _, _, _, _, _, _, _, _, _ );
/* Update the chaining variables. */
- ldm RSTATE, {RT0-RT2};
+ ldm RSTATE, {RT0-RT3};
add _a, RT0;
- ldr RT0, [RSTATE, #state_h3];
+ ldr RT0, [RSTATE, #state_h4];
add _b, RT1;
- ldr RT1, [RSTATE, #state_h4];
add _c, RT2;
- add _d, RT0;
- add _e, RT1;
+ add _d, RT3;
+ add _e, RT0;
stm RSTATE, {_a-_e};
b .Loop;
@@ -493,15 +503,14 @@ _gcry_sha1_transform_armv7_neon:
mov sp, ROLDSTACK;
/* Update the chaining variables. */
- ldm RSTATE, {RT0-RT2};
+ ldm RSTATE, {RT0-RT3};
add _a, RT0;
- ldr RT0, [RSTATE, #state_h3];
+ ldr RT0, [RSTATE, #state_h4];
add _b, RT1;
- ldr RT1, [RSTATE, #state_h4];
add _c, RT2;
- add _d, RT0;
+ add _d, RT3;
vpop {q4-q7};
- add _e, RT1;
+ add _e, RT0;
stm RSTATE, {_a-_e};
/* burn_stack */
-----------------------------------------------------------------------
Summary of changes:
cipher/sha1-armv7-neon.S | 155 ++++++++++++++++++++++++----------------------
1 file changed, 82 insertions(+), 73 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 08:41:25 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 08:41:25 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.13-5-g0735537
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 07355372db903e393fd0b7b22883ce4f71b6a67d (commit)
via c7c41582574304974feac8bbd89b1460fbf6c92c (commit)
from 51f9a8180ecbc24ed092bef5f2aa920a76769dcb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 07355372db903e393fd0b7b22883ce4f71b6a67d
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
doc update.
--
diff --git a/doc/errorref.txt b/doc/errorref.txt
index 8c32971..d3a65a1 100644
--- a/doc/errorref.txt
+++ b/doc/errorref.txt
@@ -417,7 +417,8 @@ GPG_ERR_INV_CERT_OBJ Invalid certificate object
Used by GPG to indicate an unknown ECC curve name (may also
indicate missing ECC support). It is also used to indicate an
unsuported parameter name in functions which take a name and
- value to update state.
+ value to update state. Note that GPG_ERR_UNKNOWN_CURVE is
+ used instead by newer code.
166 GPG_ERR_LOCALE_PROBLEM A locale function failed
167 GPG_ERR_NOT_LOCKED Not locked
@@ -471,7 +472,10 @@ GPG_ERR_INV_CURVE Invalid elliptic curve
example it is not possible to get affine coordinates for the
public key.
-188 GPG_ERR_UNKNOWN_CURVE Unknown elliptic curve
+GPG_ERR_UNKNOWN_CURVE Unknown elliptic curve
+
+ The curve is not known or not supported by the protocol.
+
GPG_ERR_DUP_KEY Duplicated key
commit c7c41582574304974feac8bbd89b1460fbf6c92c
Author: Daniel Kahn Gillmor
Date: Tue Jun 24 17:46:58 2014 -0400
Improve logging in a test module.
* tests/t-version.c (main): Print program name.
diff --git a/tests/t-version.c b/tests/t-version.c
index d6c6399..ce8f41b 100644
--- a/tests/t-version.c
+++ b/tests/t-version.c
@@ -82,7 +82,7 @@ main (int argc, char **argv)
}
if (gpg_error_check_version ("15"))
{
- fprintf (stderr, "gpg_error_check_version did not return an error"
+ fprintf (stderr, "%s: gpg_error_check_version did not return an error"
" for a newer version\n", logpfx);
errorcount++;
}
-----------------------------------------------------------------------
Summary of changes:
doc/errorref.txt | 8 ++++++--
tests/t-version.c | 2 +-
2 files changed, 7 insertions(+), 3 deletions(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 09:15:26 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 09:15:26 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-39-gc434de4
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (commit)
via 35fdfaa0b94342c53eb82eea155a37ad4009fa9f (commit)
from adad1872b448593275d8cae06dffe376bee067b5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c434de4d83ccfaca8bde51de5c2ac8d9656e4e18
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Create exported secret files and revocs with mode 700.
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
diff --git a/common/iobuf.c b/common/iobuf.c
index d686210..3c68ce5 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -248,7 +248,7 @@ fd_cache_synchronize (const char *fname)
static gnupg_fd_t
-direct_open (const char *fname, const char *mode)
+direct_open (const char *fname, const char *mode, int mode700)
{
#ifdef HAVE_W32_SYSTEM
unsigned long da, cd, sm;
@@ -303,7 +303,10 @@ direct_open (const char *fname, const char *mode)
#else /*!HAVE_W32_SYSTEM*/
int oflag;
- int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
+ int cflag = S_IRUSR | S_IWUSR;
+
+ if (!mode700)
+ cflag |= S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
/* Note, that we do not handle all mode combinations */
if (strchr (mode, '+'))
@@ -420,7 +423,7 @@ fd_cache_open (const char *fname, const char *mode)
}
if (DBG_IOBUF)
log_debug ("fd_cache_open (%s) not cached\n", fname);
- return direct_open (fname, mode);
+ return direct_open (fname, mode, 0);
}
@@ -1425,10 +1428,11 @@ iobuf_sockopen (int fd, const char *mode)
}
/****************
- * create an iobuf for writing to a file; the file will be created.
+ * Create an iobuf for writing to a file; the file will be created.
+ * With MODE700 set the file is created with that mode (Unix only).
*/
iobuf_t
-iobuf_create (const char *fname)
+iobuf_create (const char *fname, int mode700)
{
iobuf_t a;
gnupg_fd_t fp;
@@ -1445,7 +1449,7 @@ iobuf_create (const char *fname)
}
else if ((fd = check_special_filename (fname)) != -1)
return iobuf_fdopen (translate_file_handle (fd, 1), "wb");
- else if ((fp = direct_open (fname, "wb")) == GNUPG_INVALID_FD)
+ else if ((fp = direct_open (fname, "wb", mode700)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));
@@ -1476,7 +1480,7 @@ iobuf_openrw (const char *fname)
if (!fname)
return NULL;
- else if ((fp = direct_open (fname, "r+b")) == GNUPG_INVALID_FD)
+ else if ((fp = direct_open (fname, "r+b", 0)) == GNUPG_INVALID_FD)
return NULL;
a = iobuf_alloc (2, IOBUF_BUFFER_SIZE);
fcx = xmalloc (sizeof *fcx + strlen (fname));
diff --git a/common/iobuf.h b/common/iobuf.h
index d3f5520..ef05547 100644
--- a/common/iobuf.h
+++ b/common/iobuf.h
@@ -115,7 +115,7 @@ iobuf_t iobuf_fdopen (int fd, const char *mode);
iobuf_t iobuf_fdopen_nc (int fd, const char *mode);
iobuf_t iobuf_esopen (estream_t estream, const char *mode, int keep_open);
iobuf_t iobuf_sockopen (int fd, const char *mode);
-iobuf_t iobuf_create (const char *fname);
+iobuf_t iobuf_create (const char *fname, int mode700);
iobuf_t iobuf_append (const char *fname);
iobuf_t iobuf_openrw (const char *fname);
int iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval);
diff --git a/g10/dearmor.c b/g10/dearmor.c
index d84fb30..3fdd57d 100644
--- a/g10/dearmor.c
+++ b/g10/dearmor.c
@@ -64,7 +64,7 @@ dearmor_file( const char *fname )
push_armor_filter ( afx, inp );
- if( (rc = open_outfile (-1, fname, 0, &out )) )
+ if( (rc = open_outfile (-1, fname, 0, 0, &out)) )
goto leave;
while( (c = iobuf_get(inp)) != -1 )
@@ -110,7 +110,7 @@ enarmor_file( const char *fname )
}
- if( (rc = open_outfile (-1, fname, 1, &out )) )
+ if( (rc = open_outfile (-1, fname, 1, 0, &out )) )
goto leave;
afx->what = 4;
diff --git a/g10/encrypt.c b/g10/encrypt.c
index c8e7962..5b10b73 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -264,7 +264,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
do_compress = 0;
}
- if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out )))
+ if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
{
iobuf_cancel (inp);
xfree (cfx.dek);
@@ -567,7 +567,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
if (opt.textmode)
iobuf_push_filter (inp, text_filter, &tfx);
- rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out);
+ rc = open_outfile (outputfd, filename, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;
diff --git a/g10/export.c b/g10/export.c
index acf38a7..0aa44f3 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -201,7 +201,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options )
memset( &zfx, 0, sizeof zfx);
- rc = open_outfile (-1, NULL, 0, &out );
+ rc = open_outfile (-1, NULL, 0, !!secret, &out );
if (rc)
return rc;
diff --git a/g10/keydb.c b/g10/keydb.c
index 688c24c..e735b4a 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -213,7 +213,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force)
gpg_err_set_errno (EPERM);
}
else
- iobuf = iobuf_create (filename);
+ iobuf = iobuf_create (filename, 0);
umask (oldmask);
if (!iobuf)
{
diff --git a/g10/keygen.c b/g10/keygen.c
index 54d37d0..35c1460 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3814,7 +3814,7 @@ do_generate_keypair (struct para_data_s *para,
gpg_err_set_errno (EPERM);
}
else
- outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
+ outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
if (!outctrl->pub.stream)
{
log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
@@ -4442,6 +4442,9 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
(ulong)sk->keyid[0], (ulong)sk->keyid[1]);
fname = make_filename (backup_dir, name_buffer, NULL);
+ /* Note that the umask call is not anymore needed because
+ iobuf_create now takes care of it. However, it does not harm
+ and thus we keep it. */
oldmask = umask (077);
if (is_secured_filename (fname))
{
@@ -4449,7 +4452,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
gpg_err_set_errno (EPERM);
}
else
- fp = iobuf_create (fname);
+ fp = iobuf_create (fname, 1);
umask (oldmask);
if (!fp)
{
diff --git a/g10/keyring.c b/g10/keyring.c
index 04f6eeb..6f75b6a 100644
--- a/g10/keyring.c
+++ b/g10/keyring.c
@@ -1197,7 +1197,9 @@ create_tmp_file (const char *template,
strcpy (stpcpy(tmpfname,template), EXTSEP_S "tmp");
# endif /* Posix filename */
- /* Create the temp file with limited access */
+ /* Create the temp file with limited access. Note that the umask
+ call is not anymore needed because iobuf_create now takes care
+ of it. However, it does not harm and thus we keep it. */
oldmask=umask(077);
if (is_secured_filename (tmpfname))
{
@@ -1205,7 +1207,7 @@ create_tmp_file (const char *template,
gpg_err_set_errno (EPERM);
}
else
- *r_fp = iobuf_create (tmpfname);
+ *r_fp = iobuf_create (tmpfname, 1);
umask(oldmask);
if (!*r_fp)
{
@@ -1513,7 +1515,7 @@ do_copy (int mode, const char *fname, KBNODE root,
gpg_err_set_errno (EPERM);
}
else
- newfp = iobuf_create (fname);
+ newfp = iobuf_create (fname, 1);
umask(oldmask);
if( !newfp )
{
diff --git a/g10/main.h b/g10/main.h
index 97c6612..ae0bc8c 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -270,7 +270,8 @@ int save_unprotected_key_to_card (PKT_public_key *sk, int keyno);
int overwrite_filep( const char *fname );
char *make_outfile_name( const char *iname );
char *ask_outfile_name( const char *name, size_t namelen );
-int open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a);
+int open_outfile (int inp_fd, const char *iname, int mode,
+ int restrictedperm, iobuf_t *a);
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
void try_make_homedir( const char *fname );
diff --git a/g10/openfile.c b/g10/openfile.c
index 119c567..901387d 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -177,10 +177,12 @@ ask_outfile_name( const char *name, size_t namelen )
*
* If INP_FD is not -1 the function simply creates an IOBUF for that
* file descriptor and ignorea INAME and MODE. Note that INP_FD won't
- * be closed if the returned IOBUF is closed.
+ * be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
+ * file will be created with mode 700 if possible.
*/
int
-open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
+open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
+ iobuf_t *a)
{
int rc = 0;
@@ -204,7 +206,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
}
else if (iobuf_is_pipe_filename (iname) && !opt.outfile)
{
- *a = iobuf_create(NULL);
+ *a = iobuf_create (NULL, 0);
if ( !*a )
{
rc = gpg_error_from_syserror ();
@@ -284,7 +286,7 @@ open_outfile (int inp_fd, const char *iname, int mode, iobuf_t *a)
gpg_err_set_errno (EPERM);
}
else
- *a = iobuf_create (name);
+ *a = iobuf_create (name, restrictedperm);
if (!*a)
{
rc = gpg_error_from_syserror ();
diff --git a/g10/revoke.c b/g10/revoke.c
index 46fa870..1c52dda 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -328,7 +328,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
if( !opt.armor )
tty_printf(_("ASCII armored output forced.\n"));
- if( (rc = open_outfile (-1, NULL, 0, &out )) )
+ if( (rc = open_outfile (-1, NULL, 0, 1, &out )) )
goto leave;
afx->what = 1;
@@ -518,7 +518,7 @@ gen_revoke (const char *uname)
if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n"));
- if ((rc = open_outfile (-1, NULL, 0, &out )))
+ if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
goto leave;
afx->what = 1;
diff --git a/g10/sign.c b/g10/sign.c
index 8a87888..907d8c5 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -871,7 +871,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
gpg_err_set_errno (EPERM);
}
else
- out = iobuf_create( outfile );
+ out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@@ -882,7 +882,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
log_info(_("writing to '%s'\n"), outfile );
}
else if( (rc = open_outfile (-1, fname,
- opt.armor? 1: detached? 2:0, &out )))
+ opt.armor? 1: detached? 2:0, 0, &out)))
goto leave;
/* prepare to calculate the MD over the input */
@@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
gpg_err_set_errno (EPERM);
}
else
- out = iobuf_create( outfile );
+ out = iobuf_create (outfile, 0);
if( !out )
{
rc = gpg_error_from_syserror ();
@@ -1198,7 +1198,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile )
else if( opt.verbose )
log_info(_("writing to '%s'\n"), outfile );
}
- else if( (rc = open_outfile (-1, fname, 1, &out )) )
+ else if ((rc = open_outfile (-1, fname, 1, 0, &out)))
goto leave;
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF );
@@ -1366,7 +1366,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
cfx.dek->use_mdc=1;
/* now create the outfile */
- rc = open_outfile (-1, fname, opt.armor? 1:0, &out);
+ rc = open_outfile (-1, fname, opt.armor? 1:0, 0, &out);
if (rc)
goto leave;
commit 35fdfaa0b94342c53eb82eea155a37ad4009fa9f
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
common: Minor code cleanup for a legacy OS.
* common/iobuf.c (direct_open) [__riscos__]: Simply cpp conditionals.
diff --git a/common/iobuf.c b/common/iobuf.c
index d78e5d2..d686210 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -299,7 +299,9 @@ direct_open (const char *fname, const char *mode)
hfile = CreateFile (fname, da, sm, NULL, cd, FILE_ATTRIBUTE_NORMAL, NULL);
#endif
return hfile;
+
#else /*!HAVE_W32_SYSTEM*/
+
int oflag;
int cflag = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH;
@@ -324,21 +326,18 @@ direct_open (const char *fname, const char *mode)
if (strchr (mode, 'b'))
oflag |= O_BINARY;
#endif
- /* No we need to distinguish between POSIX and RISC OS. */
-#ifndef __riscos__
- return open (fname, oflag, cflag);
-#else
+
+#ifdef __riscos__
{
struct stat buf;
- int rc = stat (fname, &buf);
/* Don't allow iobufs on directories */
- if (!rc && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
+ if (!stat (fname, &buf) && S_ISDIR (buf.st_mode) && !S_ISREG (buf.st_mode))
return __set_errno (EISDIR);
- else
- return open (fname, oflag, cflag);
}
#endif
+ return open (fname, oflag, cflag);
+
#endif /*!HAVE_W32_SYSTEM*/
}
-----------------------------------------------------------------------
Summary of changes:
common/iobuf.c | 33 ++++++++++++++++++---------------
common/iobuf.h | 2 +-
g10/dearmor.c | 4 ++--
g10/encrypt.c | 4 ++--
g10/export.c | 2 +-
g10/keydb.c | 2 +-
g10/keygen.c | 7 +++++--
g10/keyring.c | 8 +++++---
g10/main.h | 3 ++-
g10/openfile.c | 10 ++++++----
g10/revoke.c | 4 ++--
g10/sign.c | 10 +++++-----
12 files changed, 50 insertions(+), 39 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 10:14:40 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 10:14:40 +0200
Subject: [git] Assuan - branch, master, updated. libassuan-2.1.1-7-g134c045
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPC library used by GnuPG".
The branch, master has been updated
via 134c045c7d1f93ce61f62193d33af8a6e8825543 (commit)
from 326a2918d645dd3d38dbc928e4452c66cb9757f1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 134c045c7d1f93ce61f62193d33af8a6e8825543
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Avoid a vasprintf call if tracing has not been enabled.
* src/debug.c (_assuan_debug): Check wether CAT want to be logged.
diff --git a/src/debug.c b/src/debug.c
index 5ed4d4d..d6c3e80 100644
--- a/src/debug.c
+++ b/src/debug.c
@@ -1,22 +1,22 @@
/* debug.c - helpful output in desperate situations
Copyright (C) 2000 Werner Koch (dd9jn)
Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2009 g10 Code GmbH
-
+
This file is part of Assuan.
Assuan is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
-
+
Assuan is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301, USA. */
#if HAVE_CONFIG_H
@@ -51,7 +51,11 @@ _assuan_debug (assuan_context_t ctx, unsigned int cat, const char *format, ...)
char *msg;
int res;
- if (!ctx || !ctx->log_cb)
+ /* vasprintf is an expensive operation thus we first check whether
+ the callback has enabled CAT for logging. */
+ if (!ctx
+ || !ctx->log_cb
+ || !(*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL))
return;
saved_errno = errno;
@@ -77,11 +81,11 @@ _assuan_debug_begin (assuan_context_t ctx,
*line = NULL;
/* Probe if this wants to be logged based on category. */
- if (! ctx
- || ! ctx->log_cb
+ if (! ctx
+ || ! ctx->log_cb
|| ! (*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL))
return;
-
+
va_start (arg_ptr, format);
res = vasprintf ((char **) line, format, arg_ptr);
va_end (arg_ptr);
@@ -147,8 +151,8 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat,
int j;
/* Probe if this wants to be logged based on category. */
- if (!ctx
- || ! ctx->log_cb
+ if (!ctx
+ || ! ctx->log_cb
|| ! (*ctx->log_cb) (ctx, ctx->log_cb_data, cat, NULL))
return;
@@ -157,7 +161,7 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat,
char str[51];
char *strp = str;
char *strp2 = &str[34];
-
+
for (j = 0; j < 16; j++)
{
unsigned char val;
@@ -179,7 +183,7 @@ _assuan_debug_buffer (assuan_context_t ctx, unsigned int cat,
*(strp++) = ' ';
*(strp2++) = '\n';
*(strp2) = '\0';
-
+
_assuan_debug (ctx, cat, fmt, func, tagname, tag, str);
}
}
-----------------------------------------------------------------------
Summary of changes:
src/debug.c | 28 ++++++++++++++++------------
1 file changed, 16 insertions(+), 12 deletions(-)
hooks/post-receive
--
IPC library used by GnuPG
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 16:43:45 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 16:43:45 +0200
Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0-beta442-42-g03018ef
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 03018ef9eec75e4d91ea53c95547a77dedef8f80 (commit)
via aa5b4392aac99382d96be94782ae745e0a42484a (commit)
via 3a01b220715b3d1a90d94353e4980ab5a1ea8f26 (commit)
from c434de4d83ccfaca8bde51de5c2ac8d9656e4e18 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 03018ef9eec75e4d91ea53c95547a77dedef8f80
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--
GnuPG-bug-id: 1042
diff --git a/configure.ac b/configure.ac
index e26e51b..02e02bb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -444,7 +444,8 @@ AH_BOTTOM([
#else
#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
#endif
-#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+#define GNUPG_OPENPGP_REVOC_DIR "openpgp-revocs.d"
/* For some systems (DOS currently), we hardcode the path here. For
POSIX systems the values are constructed by the Makefiles, so that
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9c52282..5efc16e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3106,6 +3106,15 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/secring.gpg.lock
The lock file for the secret keyring.
+ @item ~/.gnupg/openpgp-revocs.d/
+ This is the directory where gpg stores pre-generated revocation
+ certificates. It is suggested to backup those certificates and if the
+ primary private key is not stored on the disk to move them to an
+ external storage device. Anyone who can access theses files is able to
+ revoke the corresponding key. You may want to print them out. You
+ should backup all files in this directory and take care to keep this
+ backup closed away.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/g10/keydb.h b/g10/keydb.h
index b21d955..0cf6ca1 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -288,6 +288,7 @@ const char *colon_datestr_from_pk (PKT_public_key *pk);
const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+char *hexfingerprint (PKT_public_key *pk);
gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array);
gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip);
diff --git a/g10/keygen.c b/g10/keygen.c
index 35c1460..4509231 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -4000,6 +4000,8 @@ do_generate_keypair (struct para_data_s *para,
update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
| TRUST_ULTIMATE ));
+ gen_standard_revoke (pk);
+
if (!opt.batch)
{
tty_printf (_("public and secret key created and signed.\n") );
diff --git a/g10/keyid.c b/g10/keyid.c
index 9c94bd6..6ce6f32 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -772,6 +772,20 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
}
+/* Return an allocated buffer with the fingerprint of PK formatted as
+ a plain hexstring. */
+char *
+hexfingerprint (PKT_public_key *pk)
+{
+ unsigned char fpr[MAX_FINGERPRINT_LEN];
+ size_t len;
+ char *result;
+
+ fingerprint_from_pk (pk, fpr, &len);
+ result = xmalloc (2 * len + 1);
+ bin2hex (fpr, len, result);
+ return result;
+}
diff --git a/g10/main.h b/g10/main.h
index ae0bc8c..e75f616 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -274,6 +274,7 @@ int open_outfile (int inp_fd, const char *iname, int mode,
int restrictedperm, iobuf_t *a);
iobuf_t open_sigfile( const char *iname, progress_filter_context_t *pfx );
void try_make_homedir( const char *fname );
+char *get_openpgp_revocdir (const char *home);
/*-- seskey.c --*/
void make_session_key( DEK *dek );
@@ -317,6 +318,7 @@ int enarmor_file( const char *fname );
/*-- revoke.c --*/
struct revocation_reason_info;
+int gen_standard_revoke (PKT_public_key *psk);
int gen_revoke( const char *uname );
int gen_desig_revoke( const char *uname, strlist_t locusr);
int revocation_reason_build_cb( PKT_signature *sig, void *opaque );
diff --git a/g10/openfile.c b/g10/openfile.c
index 901387d..5a43648 100644
--- a/g10/openfile.c
+++ b/g10/openfile.c
@@ -174,9 +174,10 @@ ask_outfile_name( const char *name, size_t namelen )
* Mode 0 = use ".gpg"
* 1 = use ".asc"
* 2 = use ".sig"
+ * 3 = use ".rev"
*
* If INP_FD is not -1 the function simply creates an IOBUF for that
- * file descriptor and ignorea INAME and MODE. Note that INP_FD won't
+ * file descriptor and ignore INAME and MODE. Note that INP_FD won't
* be closed if the returned IOBUF is closed. With RESTRICTEDPERM a
* file will be created with mode 700 if possible.
*/
@@ -239,7 +240,8 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
const char *newsfx;
newsfx = (mode==1 ? ".asc" :
- mode==2 ? ".sig" : ".gpg");
+ mode==2 ? ".sig" :
+ mode==3 ? ".rev" : ".gpg");
buf = xmalloc (strlen(iname)+4+1);
strcpy (buf, iname);
@@ -258,6 +260,7 @@ open_outfile (int inp_fd, const char *iname, int mode, int restrictedperm,
buf = xstrconcat (iname,
(mode==1 ? EXTSEP_S "asc" :
mode==2 ? EXTSEP_S "sig" :
+ mode==3 ? EXTSEP_S "rev" :
/* */ EXTSEP_S GPGEXT_GPG),
NULL);
}
@@ -451,3 +454,24 @@ try_make_homedir (const char *fname)
copy_options_file( fname );
}
}
+
+
+/* Get and if needed create a string with the directory used to store
+ openpgp revocations. */
+char *
+get_openpgp_revocdir (const char *home)
+{
+ char *fname;
+ struct stat statbuf;
+
+ fname = make_filename (home, GNUPG_OPENPGP_REVOC_DIR, NULL);
+ if (stat (fname, &statbuf) && errno == ENOENT)
+ {
+ if (gnupg_mkdir (fname, "-rwx"))
+ log_error (_("can't create directory '%s': %s\n"),
+ fname, strerror (errno) );
+ else if (!opt.quiet)
+ log_info (_("directory '%s' created\n"), fname);
+ }
+ return fname;
+}
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 280d8a9..9d3f497 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -633,7 +633,8 @@ emit_status_need_passphrase (u32 *keyid, u32 *mainkeyid, int pubkey_algo)
/* Return an allocated utf-8 string describing the key PK. If ESCAPED
is true spaces and control characters are percent or plus escaped.
- MODE 0 is for the common prompt, MODE 1 for the import prompt. */
+ MODE describes the use of the key description; use one of the
+ FORMAT_KEYDESC_ macros. */
char *
gpg_format_keydesc (PKT_public_key *pk, int mode, int escaped)
{
diff --git a/g10/revoke.c b/g10/revoke.c
index 069453e..bf5e33b 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -436,12 +436,14 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
revocation reason. PSK is the public primary key - we expect that
a corresponding secret key is available. KEYBLOCK is the entire
KEYBLOCK which is used in PGP mode to write a a minimal key and not
- just the naked revocation signature; it may be NULL. */
+ just the naked revocation signature; it may be NULL. If LEADINTEXT
+ is not NULL, it is written right before the (armored) output.*/
static int
create_revocation (const char *filename,
struct revocation_reason_info *reason,
PKT_public_key *psk,
- kbnode_t keyblock)
+ kbnode_t keyblock,
+ const char *leadintext, int suffix)
{
int rc;
iobuf_t out = NULL;
@@ -451,9 +453,12 @@ create_revocation (const char *filename,
afx = new_armor_context ();
- if ((rc = open_outfile (-1, filename, 0, 1, &out)))
+ if ((rc = open_outfile (-1, filename, suffix, 1, &out)))
goto leave;
+ if (leadintext )
+ iobuf_writestr (out, leadintext);
+
afx->what = 1;
afx->hdrlines = "Comment: This is a revocation certificate\n";
push_armor_filter (afx, out);
@@ -502,6 +507,81 @@ create_revocation (const char *filename,
}
+/* This function is used to generate a standard revocation certificate
+ by gpg's interactive key generation function. The certificate is
+ stored at a dedicated place in a slightly modified form to avoid an
+ accidental import. PSK is the primary key; a corresponding secret
+ key must be available. */
+int
+gen_standard_revoke (PKT_public_key *psk)
+{
+ int rc;
+ estream_t memfp;
+ struct revocation_reason_info reason;
+ char *dir, *tmpstr, *fname;
+ void *leadin;
+ size_t len;
+ u32 keyid[2];
+ char pkstrbuf[PUBKEY_STRING_SIZE];
+ char *orig_codeset;
+
+ dir = get_openpgp_revocdir (opt.homedir);
+ tmpstr = hexfingerprint (psk);
+ fname = xstrconcat (dir, DIRSEP_S, tmpstr, NULL);
+ xfree (tmpstr);
+ xfree (dir);
+
+ keyid_from_pk (psk, keyid);
+
+ memfp = es_fopenmem (0, "r+");
+ if (!memfp)
+ log_fatal ("error creating memory stream\n");
+
+ orig_codeset = i18n_switchto_utf8 ();
+
+ es_fprintf (memfp, "%s\n\n",
+ _("This is a revocation certificate for the OpenPGP key:"));
+
+ es_fprintf (memfp, "pub %s/%s %s\n",
+ pubkey_string (psk, pkstrbuf, sizeof pkstrbuf),
+ keystr (keyid),
+ datestr_from_pk (psk));
+
+ print_fingerprint (memfp, psk, 3);
+
+ tmpstr = get_user_id (keyid, &len);
+ es_fprintf (memfp, "uid%*s%.*s\n\n",
+ (int)keystrlen () + 10, "",
+ (int)len, tmpstr);
+ xfree (tmpstr);
+
+ es_fprintf (memfp, "%s\n\n%s\n\n:",
+ _("Use it to revoke this key in case of a compromise or loss of\n"
+ "the secret key. However, if the secret key is still accessible,\n"
+ "it is better to generate a new revocation certificate and give\n"
+ "a reason for the revocation."),
+ _("To avoid an accidental use of this file, a colon has been inserted\n"
+ "before the 5 dashes below. Remove this colon with a text editor\n"
+ "before making use of this revocation certificate."));
+
+ es_putc (0, memfp);
+
+ i18n_switchback (orig_codeset);
+
+ if (es_fclose_snatch (memfp, &leadin, NULL))
+ log_fatal ("error snatching memory stream\n");
+
+ reason.code = 0x00; /* No particular reason. */
+ reason.desc = NULL;
+ rc = create_revocation (fname, &reason, psk, NULL, leadin, 3);
+ xfree (leadin);
+ xfree (fname);
+
+ return rc;
+}
+
+
+
/****************
* Generate a revocation certificate for UNAME
*/
@@ -582,7 +662,7 @@ gen_revoke (const char *uname)
if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n"));
- rc = create_revocation (NULL, reason, psk, keyblock);
+ rc = create_revocation (NULL, reason, psk, keyblock, NULL, 0);
if (rc)
goto leave;
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index ea1d54f..4b1c219 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -77,7 +77,7 @@ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log
clean-local:
- -rm -rf private-keys-v1.d
+ -rm -rf private-keys-v1.d openpgp-revocs.d
# We need to depend on a couple of programs so that the tests don't
commit aa5b4392aac99382d96be94782ae745e0a42484a
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
estream: Fix minor glitch in "%.*s" format.
* common/estream-printf.c (pr_string): Take care of non-nul terminated
strings.
diff --git a/common/estream-printf.c b/common/estream-printf.c
index 11e6d75..c03f70e 100644
--- a/common/estream-printf.c
+++ b/common/estream-printf.c
@@ -1209,7 +1209,9 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
string = "(null)";
if (arg->precision >= 0)
{
- for (n=0,s=string; *s && n < arg->precision; s++)
+ /* Test for nul after N so that we can pass a non-nul terminated
+ string. */
+ for (n=0,s=string; n < arg->precision && *s; s++)
n++;
}
else
commit 3a01b220715b3d1a90d94353e4980ab5a1ea8f26
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
gpg: Rearrange code in gen_revoke.
* g10/revoke.c (gen_revoke): Factor some code out to ...
(create_revocation): new.
diff --git a/g10/revoke.c b/g10/revoke.c
index 1c52dda..069453e 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -431,6 +431,77 @@ gen_desig_revoke( const char *uname, strlist_t locusr )
}
+/* Common core to create the revocation. FILENAME may be NULL to write
+ to stdout or the filename given by --output. REASON describes the
+ revocation reason. PSK is the public primary key - we expect that
+ a corresponding secret key is available. KEYBLOCK is the entire
+ KEYBLOCK which is used in PGP mode to write a a minimal key and not
+ just the naked revocation signature; it may be NULL. */
+static int
+create_revocation (const char *filename,
+ struct revocation_reason_info *reason,
+ PKT_public_key *psk,
+ kbnode_t keyblock)
+{
+ int rc;
+ iobuf_t out = NULL;
+ armor_filter_context_t *afx;
+ PKT_signature *sig = NULL;
+ PACKET pkt;
+
+ afx = new_armor_context ();
+
+ if ((rc = open_outfile (-1, filename, 0, 1, &out)))
+ goto leave;
+
+ afx->what = 1;
+ afx->hdrlines = "Comment: This is a revocation certificate\n";
+ push_armor_filter (afx, out);
+
+ rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
+ opt.force_v4_certs? 4:0,
+ 0, 0,
+ revocation_reason_build_cb, reason, NULL);
+ if (rc)
+ {
+ log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
+ goto leave;
+ }
+
+ if (keyblock && (PGP2 || PGP6 || PGP7 || PGP8))
+ {
+ /* Use a minimal pk for PGPx mode, since PGP can't import bare
+ revocation certificates. */
+ rc = export_minimal_pk (out, keyblock, sig, NULL);
+ if (rc)
+ goto leave;
+ }
+ else
+ {
+ init_packet (&pkt);
+ pkt.pkttype = PKT_SIGNATURE;
+ pkt.pkt.signature = sig;
+
+ rc = build_packet (out, &pkt);
+ if (rc)
+ {
+ log_error (_("build_packet failed: %s\n"), g10_errstr (rc));
+ goto leave;
+ }
+ }
+
+ leave:
+ if (sig)
+ free_seckey_enc (sig);
+ if (rc)
+ iobuf_cancel (out);
+ else
+ iobuf_close (out);
+ release_armor_context (afx);
+ return rc;
+}
+
+
/****************
* Generate a revocation certificate for UNAME
*/
@@ -438,12 +509,8 @@ int
gen_revoke (const char *uname)
{
int rc = 0;
- armor_filter_context_t *afx;
- PACKET pkt;
PKT_public_key *psk;
- PKT_signature *sig = NULL;
u32 keyid[2];
- iobuf_t out = NULL;
kbnode_t keyblock = NULL;
kbnode_t node;
KEYDB_HANDLE kdbhd;
@@ -456,9 +523,6 @@ gen_revoke (const char *uname)
return G10ERR_GENERAL;
}
- afx = new_armor_context ();
- init_packet( &pkt );
-
/* Search the userid; we don't want the whole getkey stuff here. */
kdbhd = keydb_new ();
rc = classify_user_id (uname, &desc, 1);
@@ -518,44 +582,9 @@ gen_revoke (const char *uname)
if (!opt.armor)
tty_printf (_("ASCII armored output forced.\n"));
- if ((rc = open_outfile (-1, NULL, 0, 1, &out )))
- goto leave;
-
- afx->what = 1;
- afx->hdrlines = "Comment: A revocation certificate should follow\n";
- push_armor_filter (afx, out);
-
- /* create it */
- rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0,
- opt.force_v4_certs?4:0, 0, 0,
- revocation_reason_build_cb, reason, NULL);
+ rc = create_revocation (NULL, reason, psk, keyblock);
if (rc)
- {
- log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc));
- goto leave;
- }
-
- if (PGP2 || PGP6 || PGP7 || PGP8)
- {
- /* Use a minimal pk for PGPx mode, since PGP can't import bare
- revocation certificates. */
- rc = export_minimal_pk (out, keyblock, sig, NULL);
- if(rc)
- goto leave;
- }
- else
- {
- init_packet( &pkt );
- pkt.pkttype = PKT_SIGNATURE;
- pkt.pkt.signature = sig;
-
- rc = build_packet (out, &pkt);
- if (rc)
- {
- log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
- goto leave;
- }
- }
+ goto leave;
/* and issue a usage notice */
tty_printf (_(
@@ -567,16 +596,9 @@ gen_revoke (const char *uname)
"your machine might store the data and make it available to others!\n"));
leave:
- if (sig)
- free_seckey_enc (sig);
release_kbnode (keyblock);
keydb_release (kdbhd);
- if (rc)
- iobuf_cancel(out);
- else
- iobuf_close(out);
release_revocation_reason_info( reason );
- release_armor_context (afx);
return rc;
}
-----------------------------------------------------------------------
Summary of changes:
common/estream-printf.c | 4 +-
configure.ac | 3 +-
doc/gpg.texi | 9 ++
g10/keydb.h | 1 +
g10/keygen.c | 2 +
g10/keyid.c | 14 ++++
g10/main.h | 2 +
g10/openfile.c | 28 ++++++-
g10/passphrase.c | 3 +-
g10/revoke.c | 204 +++++++++++++++++++++++++++++++++------------
tests/openpgp/Makefile.am | 2 +-
11 files changed, 215 insertions(+), 57 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 18:05:06 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 18:05:06 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.24-9-g40215d8
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 40215d8ecdb10d36c699aa66f6e35c43b31e4822 (commit)
via 621aa6bb4887b479ca62ea6ed769f89b5346da39 (commit)
via 998f08529775138ee081cc702ab12a92f74526a2 (commit)
from 505f0a642f899ede411837ad69a442b0d4f427fa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 40215d8ecdb10d36c699aa66f6e35c43b31e4822
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Post release updates.
--
diff --git a/NEWS b/NEWS
index 794773b..f523056 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 2.0.26 (unreleased)
+-------------------------------------------------
+
Noteworthy changes in version 2.0.25 (2014-06-30)
-------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 2c92c31..417cf25 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.10"
# (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [2.0.25])
+m4_define([mym4_version], [2.0.26])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 621aa6bb4887b479ca62ea6ed769f89b5346da39
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Release 2.0.25
diff --git a/NEWS b/NEWS
index cffc774..794773b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,17 @@
-Noteworthy changes in version 2.0.25 (unreleased)
+Noteworthy changes in version 2.0.25 (2014-06-30)
-------------------------------------------------
+ * gpg: Fix a regression in 2.0.24 if more than one keyid is given
+ to --recv-keys et al.
+
+ * gpg: Cap RSA and Elgamal keysize at 4096 bit also for unattended
+ key generation.
+
+ * gpgsm: Fix a DISPLAY related problem with --export-secret-key-p12.
+
+ * scdaemon: Support reader Gemalto IDBridge CT30.
+
+
Noteworthy changes in version 2.0.24 (2014-06-24)
-------------------------------------------------
commit 998f08529775138ee081cc702ab12a92f74526a2
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
estream: Fix minor glitch in "%.*s" format.
* common/estream-printf.c (pr_string): Take care of non-nul terminated
strings.
--
Resolved conflicts:
common/estream-printf.c - white spaces
diff --git a/common/estream-printf.c b/common/estream-printf.c
index a5f3a69..91917cf 100644
--- a/common/estream-printf.c
+++ b/common/estream-printf.c
@@ -52,7 +52,7 @@
#if defined(HAVE_INTMAX_T) || defined(HAVE_UINTMAX_T)
# ifdef HAVE_STDINT_H
# include
-# endif
+# endif
#endif
#ifdef HAVE_LANGINFO_THOUSANDS_SEP
#include
@@ -67,12 +67,12 @@
/* Allow redefinition of asprintf used malloc functions. */
#if defined(_ESTREAM_PRINTF_MALLOC)
-#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))
+#define my_printf_malloc(a) _ESTREAM_PRINTF_MALLOC((a))
#else
#define my_printf_malloc(a) malloc((a))
#endif
#if defined(_ESTREAM_PRINTF_FREE)
-#define my_printf_free(a) _ESTREAM_PRINTF_FREE((a))
+#define my_printf_free(a) _ESTREAM_PRINTF_FREE((a))
#else
#define my_printf_free(a) free((a))
#endif
@@ -182,7 +182,7 @@ typedef enum
/* A union used to store the actual values. */
-typedef union
+typedef union
{
char a_char;
signed char a_schar;
@@ -266,7 +266,7 @@ dump_argspecs (argspec_t arg, size_t argcount)
int idx;
for (idx=0; argcount; argcount--, arg++, idx++)
- fprintf (stderr,
+ fprintf (stderr,
"%2d: len=%u flags=%u width=%d prec=%d mod=%d "
"con=%d vt=%d pos=%d-%d-%d\n",
idx,
@@ -290,8 +290,8 @@ compute_type (argspec_t arg)
{
switch (arg->conspec)
{
- case CONSPEC_UNKNOWN:
- arg->vt = VALTYPE_UNSUPPORTED;
+ case CONSPEC_UNKNOWN:
+ arg->vt = VALTYPE_UNSUPPORTED;
break;
case CONSPEC_DECIMAL:
@@ -302,7 +302,7 @@ compute_type (argspec_t arg)
case LENMOD_LONG: arg->vt = VALTYPE_LONG; break;
case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG; break;
case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX; break;
- case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
default: arg->vt = VALTYPE_INT; break;
}
@@ -319,12 +319,12 @@ compute_type (argspec_t arg)
case LENMOD_LONG: arg->vt = VALTYPE_ULONG; break;
case LENMOD_LONGLONG: arg->vt = VALTYPE_ULONGLONG; break;
case LENMOD_INTMAX: arg->vt = VALTYPE_UINTMAX; break;
- case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE; break;
case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF; break;
default: arg->vt = VALTYPE_UINT; break;
}
break;
-
+
case CONSPEC_FLOAT:
case CONSPEC_FLOAT_UP:
case CONSPEC_EXP:
@@ -340,9 +340,9 @@ compute_type (argspec_t arg)
default: arg->vt = VALTYPE_DOUBLE; break;
}
break;
-
+
case CONSPEC_CHAR:
- arg->vt = VALTYPE_INT;
+ arg->vt = VALTYPE_INT;
break;
case CONSPEC_STRING:
@@ -365,12 +365,12 @@ compute_type (argspec_t arg)
case LENMOD_LONG: arg->vt = VALTYPE_LONG_PTR; break;
case LENMOD_LONGLONG: arg->vt = VALTYPE_LONGLONG_PTR; break;
case LENMOD_INTMAX: arg->vt = VALTYPE_INTMAX_PTR; break;
- case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;
+ case LENMOD_SIZET: arg->vt = VALTYPE_SIZE_PTR; break;
case LENMOD_PTRDIFF: arg->vt = VALTYPE_PTRDIFF_PTR; break;
default: arg->vt = VALTYPE_INT_PTR; break;
}
break;
-
+
}
}
@@ -395,7 +395,7 @@ parse_format (const char *format,
if (!format)
goto leave_einval;
-
+
for (; *format; format++)
{
unsigned int flags;
@@ -403,7 +403,7 @@ parse_format (const char *format,
lenmod_t lenmod;
conspec_t conspec;
int arg_pos, width_pos, precision_pos;
-
+
if (*format != '%')
continue;
s = ++format;
@@ -417,7 +417,7 @@ parse_format (const char *format,
if (*s >= '1' && *s <= '9')
{
const char *save_s = s;
-
+
arg_pos = (*s++ - '0');
for (; *s >= '0' && *s <= '9'; s++)
arg_pos = 10*arg_pos + (*s - '0');
@@ -431,7 +431,7 @@ parse_format (const char *format,
s = save_s;
}
}
-
+
/* Parse the flags. */
flags = 0;
for ( ; *s; s++)
@@ -449,7 +449,7 @@ parse_format (const char *format,
}
}
flags_parsed:
-
+
/* Parse the field width. */
width_pos = 0;
if (*s == '*')
@@ -532,11 +532,11 @@ parse_format (const char *format,
if (ignore_value)
precision = NO_FIELD_VALUE;
}
-
+
/* Parse the length modifiers. */
switch (*s)
{
- case 'h':
+ case 'h':
if (s[1] == 'h')
{
lenmod = LENMOD_CHAR;
@@ -562,7 +562,7 @@ parse_format (const char *format,
case 'L': lenmod = LENMOD_LONGDBL; s++; break;
default: lenmod = LENMOD_NONE; break;
}
-
+
/* Parse the conversion specifier. */
switch (*s)
{
@@ -632,7 +632,7 @@ parse_format (const char *format,
*argspecs_addr = argspecs;
*r_argspecs_count = argcount;
return 0; /* Success. */
-
+
leave_einval:
errno = EINVAL;
leave:
@@ -663,14 +663,14 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
value->a_char_ptr = va_arg (vaargs, char *);
break;
case VALTYPE_SCHAR: value->a_schar = va_arg (vaargs, int); break;
- case VALTYPE_SCHAR_PTR:
- value->a_schar_ptr = va_arg (vaargs, signed char *);
+ case VALTYPE_SCHAR_PTR:
+ value->a_schar_ptr = va_arg (vaargs, signed char *);
break;
case VALTYPE_UCHAR: value->a_uchar = va_arg (vaargs, int); break;
case VALTYPE_SHORT: value->a_short = va_arg (vaargs, int); break;
case VALTYPE_USHORT: value->a_ushort = va_arg (vaargs, int); break;
- case VALTYPE_SHORT_PTR:
- value->a_short_ptr = va_arg (vaargs, short *);
+ case VALTYPE_SHORT_PTR:
+ value->a_short_ptr = va_arg (vaargs, short *);
break;
case VALTYPE_INT:
value->a_int = va_arg (vaargs, int);
@@ -684,20 +684,20 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
case VALTYPE_LONG:
value->a_long = va_arg (vaargs, long);
break;
- case VALTYPE_ULONG:
+ case VALTYPE_ULONG:
value->a_ulong = va_arg (vaargs, unsigned long);
break;
- case VALTYPE_LONG_PTR:
- value->a_long_ptr = va_arg (vaargs, long *);
+ case VALTYPE_LONG_PTR:
+ value->a_long_ptr = va_arg (vaargs, long *);
break;
#ifdef HAVE_LONG_LONG_INT
case VALTYPE_LONGLONG:
value->a_longlong = va_arg (vaargs, long long int);
break;
- case VALTYPE_ULONGLONG:
- value->a_ulonglong = va_arg (vaargs, unsigned long long int);
+ case VALTYPE_ULONGLONG:
+ value->a_ulonglong = va_arg (vaargs, unsigned long long int);
break;
- case VALTYPE_LONGLONG_PTR:
+ case VALTYPE_LONGLONG_PTR:
value->a_longlong_ptr = va_arg (vaargs, long long *);
break;
#endif
@@ -712,31 +712,31 @@ read_values (valueitem_t valuetable, size_t valuetable_len, va_list vaargs)
case VALTYPE_STRING:
value->a_string = va_arg (vaargs, const char *);
break;
- case VALTYPE_POINTER:
+ case VALTYPE_POINTER:
value->a_void_ptr = va_arg (vaargs, void *);
break;
#ifdef HAVE_INTMAX_T
case VALTYPE_INTMAX:
value->a_intmax = va_arg (vaargs, intmax_t);
break;
- case VALTYPE_INTMAX_PTR:
- value->a_intmax_ptr = va_arg (vaargs, intmax_t *);
+ case VALTYPE_INTMAX_PTR:
+ value->a_intmax_ptr = va_arg (vaargs, intmax_t *);
break;
#endif
#ifdef HAVE_UINTMAX_T
- case VALTYPE_UINTMAX:
- value->a_uintmax = va_arg (vaargs, uintmax_t);
+ case VALTYPE_UINTMAX:
+ value->a_uintmax = va_arg (vaargs, uintmax_t);
break;
#endif
case VALTYPE_SIZE:
value->a_size = va_arg (vaargs, size_t);
break;
- case VALTYPE_SIZE_PTR:
- value->a_size_ptr = va_arg (vaargs, size_t *);
+ case VALTYPE_SIZE_PTR:
+ value->a_size_ptr = va_arg (vaargs, size_t *);
break;
#ifdef HAVE_PTRDIFF_T
case VALTYPE_PTRDIFF:
- value->a_ptrdiff = va_arg (vaargs, ptrdiff_t);
+ value->a_ptrdiff = va_arg (vaargs, ptrdiff_t);
break;
case VALTYPE_PTRDIFF_PTR:
value->a_ptrdiff_ptr = va_arg (vaargs, ptrdiff_t *);
@@ -771,7 +771,7 @@ pad_out (estream_printf_out_t outfnc, void *outfncarg,
*nbytes += n;
count -= n;
}
-
+
return 0;
}
@@ -808,18 +808,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
{
case VALTYPE_SHORT: along = value.a_short; break;
case VALTYPE_INT: along = value.a_int; break;
- case VALTYPE_LONG: along = value.a_long; break;
+ case VALTYPE_LONG: along = value.a_long; break;
#ifdef HAVE_LONG_LONG_INT
- case VALTYPE_LONGLONG: along = value.a_longlong; break;
- case VALTYPE_SIZE: along = value.a_size; break;
+ case VALTYPE_LONGLONG: along = value.a_longlong; break;
+ case VALTYPE_SIZE: along = value.a_size; break;
# ifdef HAVE_INTMAX_T
- case VALTYPE_INTMAX: along = value.a_intmax; break;
+ case VALTYPE_INTMAX: along = value.a_intmax; break;
# endif
# ifdef HAVE_PTRDIFF_T
- case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;
+ case VALTYPE_PTRDIFF: along = value.a_ptrdiff; break;
# endif
#endif /*HAVE_LONG_LONG_INT*/
- default:
+ default:
return -1;
}
if (along < 0)
@@ -836,18 +836,18 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
{
case VALTYPE_USHORT: aulong = value.a_ushort; break;
case VALTYPE_UINT: aulong = value.a_uint; break;
- case VALTYPE_ULONG: aulong = value.a_ulong; break;
+ case VALTYPE_ULONG: aulong = value.a_ulong; break;
#ifdef HAVE_LONG_LONG_INT
- case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;
- case VALTYPE_SIZE: aulong = value.a_size; break;
+ case VALTYPE_ULONGLONG: aulong = value.a_ulonglong; break;
+ case VALTYPE_SIZE: aulong = value.a_size; break;
# ifdef HAVE_UINTMAX_T
- case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;
+ case VALTYPE_UINTMAX: aulong = value.a_uintmax; break;
# endif
# ifdef HAVE_PTRDIFF_T
- case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;
+ case VALTYPE_PTRDIFF: aulong = value.a_ptrdiff; break;
# endif
#endif /*HAVE_LONG_LONG_INT*/
- default:
+ default:
return -1;
}
}
@@ -878,7 +878,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
do
{
- if ((arg->flags & FLAG_GROUPING)
+ if ((arg->flags & FLAG_GROUPING)
&& (++grouping == 3) && *grouping_string)
{
*--p = *grouping_string;
@@ -913,7 +913,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
if ((arg->flags & FLAG_ALT_CONV))
n_extra += 2;
}
-
+
n = pend - p;
if ((arg->flags & FLAG_ZERO_PAD)
@@ -958,7 +958,7 @@ pr_integer (estream_printf_out_t outfnc, void *outfncarg,
if (rc)
return rc;
}
-
+
rc = outfnc (outfncarg, p, pend - p);
if (rc)
return rc;
@@ -1011,7 +1011,7 @@ pr_float (estream_printf_out_t outfnc, void *outfncarg,
adblfloat = value.a_longdouble;
use_dbl=1; break;
#endif
- default:
+ default:
return -1;
}
@@ -1122,7 +1122,7 @@ pr_char (estream_printf_out_t outfnc, void *outfncarg,
if(rc)
return rc;
*nbytes += 1;
-
+
return 0;
}
@@ -1143,7 +1143,9 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
string = "(null)";
if (arg->precision >= 0)
{
- for (n=0,s=string; *s && n < arg->precision; s++)
+ /* Test for nul after N so that we can pass a non-nul terminated
+ string. */
+ for (n=0,s=string; n < arg->precision && *s; s++)
n++;
}
else
@@ -1169,7 +1171,7 @@ pr_string (estream_printf_out_t outfnc, void *outfncarg,
if (rc)
return rc;
}
-
+
return 0;
}
@@ -1210,7 +1212,7 @@ pr_pointer (estream_printf_out_t outfnc, void *outfncarg,
*--p = '0';
*--p = 'x';
*--p = '0';
-
+
rc = outfnc (outfncarg, p, pend - p);
if (rc)
return rc;
@@ -1229,14 +1231,14 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
switch (arg->vt)
{
- case VALTYPE_SCHAR_PTR:
- *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes);
+ case VALTYPE_SCHAR_PTR:
+ *value.a_schar_ptr = (signed char)(unsigned int)(*nbytes);
break;
- case VALTYPE_SHORT_PTR:
+ case VALTYPE_SHORT_PTR:
*value.a_short_ptr = (short)(unsigned int)(*nbytes);
break;
- case VALTYPE_LONG_PTR:
- *value.a_long_ptr = (long)(*nbytes);
+ case VALTYPE_LONG_PTR:
+ *value.a_long_ptr = (long)(*nbytes);
break;
#ifdef HAVE_LONG_LONG_INT
case VALTYPE_LONGLONG_PTR:
@@ -1244,12 +1246,12 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
break;
#endif
#ifdef HAVE_INTMAX_T
- case VALTYPE_INTMAX_PTR:
+ case VALTYPE_INTMAX_PTR:
*value.a_intmax_ptr = (intmax_t)(*nbytes);
break;
#endif
case VALTYPE_SIZE_PTR:
- *value.a_size_ptr = (*nbytes);
+ *value.a_size_ptr = (*nbytes);
break;
#ifdef HAVE_PTRDIFF_T
case VALTYPE_PTRDIFF_PTR:
@@ -1274,8 +1276,8 @@ pr_bytes_so_far (estream_printf_out_t outfnc, void *outfncarg,
holds the values and may be directly addressed using the position
arguments given by ARGSPECS. MYERRNO is used for the "%m"
conversion. NBYTES well be updated to reflect the number of bytes
- send to the output function. */
-static int
+ send to the output function. */
+static int
do_format (estream_printf_out_t outfnc, void *outfncarg,
const char *format, argspec_t argspecs, size_t argspecs_len,
valueitem_t valuetable, int myerrno, size_t *nbytes)
@@ -1319,7 +1321,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
/* Save the next start. */
s += arg->length;
format = s;
-
+
assert (argidx < argspecs_len);
argidx++;
@@ -1387,9 +1389,9 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
}
if (rc)
return rc;
- arg++;
+ arg++;
}
-
+
/* Print out any trailing stuff. */
n = s - format;
rc = n? outfnc (outfncarg, format, n) : 0;
@@ -1407,7 +1409,7 @@ do_format (estream_printf_out_t outfnc, void *outfncarg,
output of the formatted stuff. FORMAT is the format specification
and VAARGS a variable argumemt list matching the arguments of
FORMAT. */
-int
+int
estream_format (estream_printf_out_t outfnc,
void *outfncarg,
const char *format, va_list vaargs)
@@ -1442,7 +1444,7 @@ estream_format (estream_printf_out_t outfnc,
/* Check that all ARG_POS fields are set. */
for (argidx=0,max_pos=0; argidx < argspecs_len; argidx++)
{
- if (argspecs[argidx].arg_pos != -1
+ if (argspecs[argidx].arg_pos != -1
&& argspecs[argidx].arg_pos > max_pos)
max_pos = argspecs[argidx].arg_pos;
if (argspecs[argidx].width_pos > max_pos)
@@ -1523,13 +1525,13 @@ estream_format (estream_printf_out_t outfnc,
valuetable[validx].vt = VALTYPE_INT;
}
}
-
+
/* Read all the arguments. This will error out for unsupported
types and for not given positional arguments. */
rc = read_values (valuetable, max_pos, vaargs);
if (rc)
- goto leave_einval;
-
+ goto leave_einval;
+
/* for (validx=0; validx < max_pos; validx++) */
/* fprintf (stderr, "%2d: vt=%d\n", validx, valuetable[validx].vt); */
@@ -1538,7 +1540,7 @@ estream_format (estream_printf_out_t outfnc,
argspecs, argspecs_len, valuetable, myerrno, &nbytes);
goto leave;
-
+
leave_einval:
errno = EINVAL;
leave_error:
@@ -1572,11 +1574,11 @@ estream_printf (const char *format, ...)
{
int rc;
va_list arg_ptr;
-
+
va_start (arg_ptr, format);
rc = estream_format (plain_stdio_out, stderr, format, arg_ptr);
va_end (arg_ptr);
-
+
return rc;
}
@@ -1586,16 +1588,16 @@ estream_fprintf (FILE *fp, const char *format, ...)
{
int rc;
va_list arg_ptr;
-
+
va_start (arg_ptr, format);
rc = estream_format (plain_stdio_out, fp, format, arg_ptr);
va_end (arg_ptr);
-
+
return rc;
}
/* A replacement for vfprintf. */
-int
+int
estream_vfprintf (FILE *fp, const char *format, va_list arg_ptr)
{
return estream_format (plain_stdio_out, fp, format, arg_ptr);
@@ -1642,7 +1644,7 @@ fixed_buffer_out (void *outfncarg, const char *buf, size_t buflen)
/* A replacement for vsnprintf. */
-int
+int
estream_vsnprintf (char *buf, size_t bufsize,
const char *format, va_list arg_ptr)
{
@@ -1667,7 +1669,7 @@ estream_vsnprintf (char *buf, size_t bufsize,
}
/* A replacement for snprintf. */
-int
+int
estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
{
int rc;
@@ -1676,7 +1678,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
va_start (arg_ptr, format);
rc = estream_vsnprintf (buf, bufsize, format, arg_ptr);
va_end (arg_ptr);
-
+
return rc;
}
@@ -1686,7 +1688,7 @@ estream_snprintf (char *buf, size_t bufsize, const char *format, ...)
dynamic_buffer_out. */
struct dynamic_buffer_parm_s
{
- int error_flag; /* Internal helper. */
+ int error_flag; /* Internal helper. */
size_t alloced; /* Allocated size of the buffer. */
size_t used; /* Used size of the buffer. */
char *buffer; /* Malloced buffer. */
@@ -1709,7 +1711,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
if (parm->used + buflen >= parm->alloced)
{
char *p;
-
+
parm->alloced += buflen + 512;
p = realloc (parm->buffer, parm->alloced);
if (!p)
@@ -1732,7 +1734,7 @@ dynamic_buffer_out (void *outfncarg, const char *buf, size_t buflen)
/* A replacement for vasprintf. As with the BSD of vasprintf version -1
will be returned on error and NULL stored at BUFP. On success the
number of bytes printed will be returned. */
-int
+int
estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
{
struct dynamic_buffer_parm_s parm;
@@ -1747,7 +1749,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
*bufp = NULL;
return -1;
}
-
+
rc = estream_format (dynamic_buffer_out, &parm, format, arg_ptr);
if (!rc)
rc = dynamic_buffer_out (&parm, "", 1); /* Print terminating Nul. */
@@ -1772,7 +1774,7 @@ estream_vasprintf (char **bufp, const char *format, va_list arg_ptr)
/* A replacement for asprintf. As with the BSD of asprintf version -1
will be returned on error and NULL stored at BUFP. On success the
number of bytes printed will be returned. */
-int
+int
estream_asprintf (char **bufp, const char *format, ...)
{
int rc;
@@ -1781,7 +1783,7 @@ estream_asprintf (char **bufp, const char *format, ...)
va_start (arg_ptr, format);
rc = estream_vasprintf (bufp, format, arg_ptr);
va_end (arg_ptr);
-
+
return rc;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 16 +++-
common/estream-printf.c | 190 ++++++++++++++++++++++++-----------------------
configure.ac | 2 +-
3 files changed, 112 insertions(+), 96 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jun 30 20:26:54 2014
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 30 Jun 2014 20:26:54 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.17-6-gc05918c
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via c05918c1b92bbf4f8cce0f18508014bfcf6332d8 (commit)
via 6a7b763e05d352a08f639d5eef9d0bac01c5c456 (commit)
via aae7ec516b79e20938c56fd48fc0bc9d2116426c (commit)
via 955524f4359ba9e9de213f4067c38df9ae4808a8 (commit)
via 574b9ed28d83a98b9c002b349de651236b86ac24 (commit)
from ba50a006302cee62376f1c7bf11a08dad14f41ff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c05918c1b92bbf4f8cce0f18508014bfcf6332d8
Author: Werner Koch
Date: Wed Jun 25 14:33:34 2014 +0200
Post release updates
--
diff --git a/NEWS b/NEWS
index 78de9ed..5e12a86 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.4.19 (unreleased)
+-------------------------------------------------
+
+
Noteworthy changes in version 1.4.18 (2014-06-30)
-------------------------------------------------
diff --git a/README b/README
index 4a07839..c1847a6 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.18
+ Version 1.4.19
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
diff --git a/configure.ac b/configure.ac
index 96f09d7..ae63a4a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.4.18])
+m4_define([mym4_version], [1.4.19])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 6a7b763e05d352a08f639d5eef9d0bac01c5c456
Author: Werner Koch
Date: Wed Jun 25 14:33:34 2014 +0200
Release 1.4.18
diff --git a/NEWS b/NEWS
index 15154c3..78de9ed 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
-Noteworthy changes in version 1.4.18 (unreleased)
+Noteworthy changes in version 1.4.18 (2014-06-30)
-------------------------------------------------
+ * Fix a regression in 1.4.17 if more than one keyid is given
+ to --recv-keys et al.
+
+ * Cap RSA and Elgamal keysize at 4096 bit also for unattended key
+ generation.
+
Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
commit aae7ec516b79e20938c56fd48fc0bc9d2116426c
Author: Werner Koch
Date: Wed Jun 25 20:25:28 2014 +0200
Limit keysize for unattended key generation to useful values.
* g10/keygen.c (gen_elg): Enforce keysize 1024 to 4096.
(gen_rsa): Enforce keysize 1024 to 4096.
(gen_dsa): Enforce keysize 768 to 3072.
--
It was possible to create 16k RSA keys in batch mode. In addition to
the silliness of such keys, they have the major drawback that GnuPG,
with its limited amount of specially secured memory areas, the use of
such keys may lead to an "out of secure memory" condition.
diff --git a/g10/keygen.c b/g10/keygen.c
index b84dd0b..84f852f 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1039,10 +1039,14 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
assert( is_ELGAMAL(algo) );
- if( nbits < 512 ) {
+ if (nbits < 1024) {
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096) {
+ nbits = 4096;
+ log_info(_("keysize invalid; using %u bits\n"), nbits );
+ }
if( (nbits % 32) ) {
nbits = ((nbits + 31) / 32) * 32;
@@ -1121,7 +1125,7 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
MPI *factors;
unsigned int qbits;
- if( nbits < 512)
+ if( nbits < 768)
{
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
@@ -1256,6 +1260,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
nbits = 2048;
log_info(_("keysize invalid; using %u bits\n"), nbits );
}
+ else if (nbits > 4096) {
+ nbits = 4096;
+ log_info(_("keysize invalid; using %u bits\n"), nbits );
+ }
if( (nbits % 32) ) {
nbits = ((nbits + 31) / 32) * 32;
commit 955524f4359ba9e9de213f4067c38df9ae4808a8
Author: Werner Koch
Date: Wed Jun 25 14:33:34 2014 +0200
Make screening of keyserver result work with multi-key commands.
* g10/keyserver.c (ks_retrieval_filter_arg_s): new.
(keyserver_retrieval_filter): Use new struct and check all
descriptions.
(keyserver_spawn): Pass filter arg suing the new struct.
--
This is a fix for commit 52303043.
The old code did only work for a single key. It failed as soon as
several keys are specified ("gpg --refresh-keys" or "gpg --recv-key A
B C").
diff --git a/g10/keyserver.c b/g10/keyserver.c
index dca5e18..af174fb 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -960,13 +960,25 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
+/* Structure to convey the arg to keyserver_retrieval_filter. */
+struct ks_retrieval_filter_arg_s
+{
+ KEYDB_SEARCH_DESC *desc;
+ int ndesc;
+};
+
+
/* Check whether a key matches the search description. The filter
returns 0 if the key shall be imported. Note that this kind of
filter is not related to the iobuf filters. */
static int
-keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk,
+ void *opaque)
{
- KEYDB_SEARCH_DESC *desc = arg;
+ struct ks_retrieval_filter_arg_s *arg = opaque;
+ KEYDB_SEARCH_DESC *desc = arg->desc;
+ int ndesc = arg->ndesc;
+ int n;
u32 keyid[2];
byte fpr[MAX_FINGERPRINT_LEN];
size_t fpr_len = 0;
@@ -975,32 +987,40 @@ keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
if (sk)
return G10ERR_GENERAL;
+ if (!ndesc)
+ return 0; /* Okay if no description given. */
+
fingerprint_from_pk (pk, fpr, &fpr_len);
keyid_from_pk (pk, keyid);
/* Compare requested and returned fingerprints if available. */
- if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
- {
- if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+ for (n = 0; n < ndesc; n++)
{
- if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
- {
- if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
- }
- else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
- {
- if (keyid[1] != desc->u.kid[1])
- return G10ERR_GENERAL;
+ if (desc[n].mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] == desc[n].u.kid[0] && keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] == desc[n].u.kid[1])
+ return 0;
+ }
+ else
+ return 0;
}
- return 0;
+ return G10ERR_GENERAL;
}
@@ -1540,6 +1560,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
case KS_GETNAME:
{
void *stats_handle;
+ struct ks_retrieval_filter_arg_s filterarg;
stats_handle=import_new_stats_handle();
@@ -1552,11 +1573,12 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
that we don't allow the import of secret keys from a
keyserver. Keyservers should never accept or send them
but we better protect against rogue keyservers. */
-
+ filterarg.desc = desc;
+ filterarg.ndesc = count;
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
(opt.keyserver_options.import_options
| IMPORT_NO_SECKEY),
- keyserver_retrieval_filter, desc);
+ keyserver_retrieval_filter, &filterarg);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
commit 574b9ed28d83a98b9c002b349de651236b86ac24
Author: Werner Koch
Date: Tue Jun 24 20:12:26 2014 +0200
Add CVE number
--
diff --git a/NEWS b/NEWS
index a78109b..15154c3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,7 @@ Noteworthy changes in version 1.4.18 (unreleased)
Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
- * Avoid DoS due to garbled compressed data packets.
+ * Avoid DoS due to garbled compressed data packets. [CVE-2014-4617]
* Screen keyserver reponses to avoid import of unwanted keys by rogue
servers.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 14 ++++++++++--
README | 2 +-
configure.ac | 2 +-
g10/keygen.c | 12 ++++++++--
g10/keyserver.c | 68 ++++++++++++++++++++++++++++++++++++-------------------
5 files changed, 69 insertions(+), 29 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org