[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.23
by Werner Koch
cvs at cvs.gnupg.org
Tue Jun 3 11:00:07 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 6209c6d9ad00a17bef4780ff22f0e9f588343c00 (commit)
via c18755a260ed9b261d4826650a3502a8e9317587 (commit)
via 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42 (commit)
via d03df6885194a04f1e64967b45aaae60328ff009 (commit)
via d7750a15d594f6d621e21d57fd5d45d6573870e0 (commit)
via 2a415c47eaf65c47edbd98440f37b2c46354fd02 (commit)
via 8a4bd132f73aaf1588fb03340392fe22dd8e18ed (commit)
via 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a (commit)
via 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee (commit)
from 6af194038aebac71d539b3aa40465c8110591829 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6209c6d9ad00a17bef4780ff22f0e9f588343c00
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 3 10:02:45 2014 +0200
Release 2.0.23
diff --git a/AUTHORS b/AUTHORS
index c787c7c..17ef4bb 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,5 +1,5 @@
Program: GnuPG
-Homepage: http://www.gnupg.org
+Homepage: https://www.gnupg.org
Maintainer: Werner Koch <wk at gnupg.org>
Bug reports: http://bugs.gnupg.org
Security related bug reports: <security at gnupg.org>
@@ -156,7 +156,7 @@ by Colin Tuckley and Daniel Leidert for the GNU/Debian distribution.
Copyright
=========
-GnuPG is distributed under the GNU General Public License, version 2
+GnuPG is distributed under the GNU General Public License, version 3
or later. A few files are under the Lesser General Public License, a
few other files carry the all permissive license note as found at the
bottom of this file. Certain files in keyserver/ allow one specific
@@ -181,6 +181,7 @@ name gpg2keys_*.
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/NEWS b/NEWS
index 1388c5e..656f910 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,30 @@
-Noteworthy changes in version 2.0.23 (unreleased)
+Noteworthy changes in version 2.0.23 (2014-06-03)
-------------------------------------------------
- * Do not create a trustdb file if --trust-model=always is used.
+ * gpg: Reject signatures made using the MD5 hash algorithm unless the
+ new option --allow-weak-digest-algos or --pgp2 are given.
- * Only the major version number is by default included in the armored
- output.
+ * gpg: Do not create a trustdb file if --trust-model=always is used.
+
+ * gpg: Only the major version number is by default included in the
+ armored output.
+
+ * gpg: Print a warning if the Gnome-Keyring-Daemon intercepts the
+ communication with the gpg-agent.
+
+ * gpg: The format of the fallback key listing ("gpg KEYFILE") is now more
+ aligned to the regular key listing ("gpg -k").
+
+ * gpg: The option--show-session-key prints its output now before the
+ decryption of the bulk message starts.
+
+ * gpg: New %U expando for the photo viewer.
+
+ * gpgsm: Improved handling of re-issued CA certificates.
+
+ * scdaemon: Various fixes for pinpad equipped card readers.
+
+ * Minor bug fixes.
Noteworthy changes in version 2.0.22 (2013-10-04)
diff --git a/README b/README
index affb7da..7c4e906 100644
--- a/README
+++ b/README
@@ -1,10 +1,11 @@
- The GNU Privacy Guard 2
- =========================
- Version 2.0
+ The GNU Privacy Guard
+ =======================
+ Version 2.0
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
2005, 2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
INTRODUCTION
@@ -108,7 +109,8 @@ dependency on other modules at run and build time.
HOW TO GET MORE INFORMATION
===========================
-The primary WWW page is "http://www.gnupg.org"
+The primary WWW page is "https://www.gnupg.org"
+ or using TOR "http://ic6au7wa3f6naxjq.onion"
The primary FTP site is "ftp://ftp.gnupg.org/gcrypt/"
See http://www.gnupg.org/download/mirrors.html for a list of mirrors
@@ -147,8 +149,12 @@ authors directly as we are busy working on improvements and bug fixes.
The English and German mailing lists are watched by the authors and we
try to answer questions when time allows us to do so.
-Commercial grade support for GnuPG is available; please see
-<http://www.gnupg.org/service.html>.
+Commercial grade support for GnuPG is available; for a listing of
+offers see https://www.gnupg.org/service.html . Maintaining and
+improving GnuPG is costly. For more than a decade, g10 Code GmbH, a
+German company owned and headed by GnuPG's principal author Werner
+Koch, is bearing the majority of these costs. To help them carry on
+this work, they need your support. See https://gnupg.org/donate/ .
This file is Free Software; as a special exception the authors gives
@@ -158,4 +164,3 @@ Commercial grade support for GnuPG is available; please see
distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY, to the extent permitted by law; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
commit c18755a260ed9b261d4826650a3502a8e9317587
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 3 09:54:56 2014 +0200
po: Auto-update due to one new entry.
--
diff --git a/po/be.po b/po/be.po
index 960c598..b6b973c 100644
--- a/po/be.po
+++ b/po/be.po
@@ -4704,6 +4704,10 @@ msgstr ""
msgid "NOTE: signature key %s has been revoked\n"
msgstr ""
+#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "нерÑчаіÑны Ñ…Ñш-альгарытм \"%s\"\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/ca.po b/po/ca.po
index 8dd2ee4..06fb419 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -5153,6 +5153,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: aquesta clau ha estat revocada!"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "signatura %s, algorisme de resum %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"es supossa una signatura incorrecta de la clau %08lX a causa d'un bit crÃtic "
diff --git a/po/cs.po b/po/cs.po
index db44102..bdda65d 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -4808,6 +4808,11 @@ msgstr "POZNÃMKA: podpisovému klÃÄi %s skonÄila platnost %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "POZNÃMKA: podpisový klÃÄ %s byl odvolán\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "podpis %s, hashovacà algoritmus %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/da.po b/po/da.po
index a9073c4..add5085 100644
--- a/po/da.po
+++ b/po/da.po
@@ -4803,6 +4803,11 @@ msgstr "BEMÆRK: underskriftnøgle %s udløb %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "BEMÆRK: underskriftnøgle %s er blevet tilbagekaldt\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s underskrift, sammendragsalgoritme %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/de.po b/po/de.po
index f9b4be7..515fd9e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-07-03 15:03+0200\n"
+"PO-Revision-Date: 2014-06-03 09:53+0200\n"
"Last-Translator: Werner Koch <wk at gnupg.org>\n"
"Language-Team: German <de at li.org>\n"
"Language: de\n"
@@ -4904,6 +4904,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "Hinweis: Signaturschlüssel %s wurde widerrufen\n"
#, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Hinweis: Signaturen mit dem %s Hashverfahren werden zurückgewiesen.\n"
+
+#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"Vermutlich eine FALSCHE Signatur von Schlüssel %s, wegen unbekanntem "
diff --git a/po/el.po b/po/el.po
index 3035309..5a599ef 100644
--- a/po/el.po
+++ b/po/el.po
@@ -5036,6 +5036,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "ÓÇÌÅÉÙÓÇ: ôï êëåéäß Ý÷åé áíáêëçèåß"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s õðïãñáöÞ, áëãüñéèìïò ðåñßëçøçò %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "õðüèåóç êáêÞò õðïãñáöÞò áðü êëåéäß %08lX ëüãù Üãíùóôïõ êñßóéìïõ bit\n"
diff --git a/po/eo.po b/po/eo.po
index c75f95b..9ef9625 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -4996,6 +4996,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "þlosilo %08lX: þlosilo estas revokita!\n"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s-subskribo de: %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "supozas malbonan subskribon pro nekonata \"critical bit\"\n"
diff --git a/po/es.po b/po/es.po
index 2fcba6d..4457467 100644
--- a/po/es.po
+++ b/po/es.po
@@ -4833,6 +4833,11 @@ msgstr "NOTA: clave de la firma %s caducada el %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: la clave de firmado %s ha sido revocada\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "firma %s, algoritmo de resumen %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/et.po b/po/et.po
index 01d4496..9613faf 100644
--- a/po/et.po
+++ b/po/et.po
@@ -4961,6 +4961,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "MÄRKUS: võti on tühistatud"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s allkiri, sõnumilühendi algoritm %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "eeldan tundmatu kriitilise biti tõttu võtmel %08lX vigast allkirja\n"
diff --git a/po/fi.po b/po/fi.po
index 05b0b17..19fe78c 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -5017,6 +5017,12 @@ msgstr "HUOM: allekirjoitusavain %08lX vanheni %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "HUOM: avain on mitätöity!"
+# Ensimmäinen %s on binary, textmode tai unknown, ks. alla
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%sallekirjoitus, tiivistealgoritmi %s\n"
+
#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 7a6d339..dd6c7bd 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -4932,6 +4932,11 @@ msgstr "Remarque : la clef de signature %s a expiré le %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "Remarque : la clef de signature %s a été révoquée\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "signature %s, algorithme de hachage %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/gl.po b/po/gl.po
index 278ba8a..0df3729 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -5025,6 +5025,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: a chave está revocada"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Sinatura %s, algoritmo de resumo %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"asumindo unha sinatura incorrecta da chave %08lX debido a un bit crítico "
diff --git a/po/hu.po b/po/hu.po
index ddab0be..63ae157 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "MEGJEGYZÉS: A kulcsot visszavonták."
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s aláírás, %s kivonatoló algoritmus.\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"Rossz aláírást feltételezek a %08lX kulcstól egy ismeretlen\n"
diff --git a/po/id.po b/po/id.po
index 50e9c3a..5aadeeb 100644
--- a/po/id.po
+++ b/po/id.po
@@ -4986,6 +4986,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "CATATAN: kunci telah dibatalkan"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signature, algoritma digest %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"mengasumsikan signature buruk dari kunci %08lX karena ada bit kritik tidak "
diff --git a/po/it.po b/po/it.po
index 2335b60..8014132 100644
--- a/po/it.po
+++ b/po/it.po
@@ -5020,6 +5020,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: la chiave è stata revocata"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "Firma %s, algoritmo di digest %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"si suppone una firma non valida della chiave %08lX a causa di un\n"
diff --git a/po/ja.po b/po/ja.po
index 9e454c7..c479e89 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -4713,6 +4713,11 @@ msgstr "*注æ„*: ç½²åéµ%sã¯%sã«æœŸé™åˆ‡ã‚Œã¨ãªã‚Šã¾ã™\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "*注æ„*: éµ %s ã¯å¤±åŠ¹æ¸ˆã¿ã§ã™\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%sç½²åã€ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆãƒ»ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "ä¸æ˜Žã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ãƒ»ãƒ“ットã«ã‚ˆã‚Šã€éµ%sã®ç½²åã‚’ä¸æ£ã¨ã¿ãªã—ã¾ã™\n"
diff --git a/po/nb.po b/po/nb.po
index a1d3778..8938541 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -4775,6 +4775,11 @@ msgstr "NOTIS: signaturn
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTIS: signaturnøkkelen %s utgikk %s\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signatur, digestalgoritme %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/pl.po b/po/pl.po
index 6a87891..c38f573 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -4838,6 +4838,11 @@ msgstr "UWAGA: klucz podpisuj
msgid "NOTE: signature key %s has been revoked\n"
msgstr "UWAGA: klucz podpisuj±cy %s zosta³ uniewa¿niony\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "podpis %s, skrót %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/pt.po b/po/pt.po
index 1e0be48..54651b3 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -4994,6 +4994,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTA: a chave foi revogada"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "assinatura %s de: \"%s\"\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"assumindo assinatura incorrecta na chave %08lX devido a um bit crítico "
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 34b9ead..f4f1b85 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -5009,6 +5009,10 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "chave %08lX: a chave foi revogada!\n"
#, fuzzy, c-format
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "assinatura %s de: %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "assumindo assinatura incorreta devido a um bit crítico desconhecido\n"
diff --git a/po/ro.po b/po/ro.po
index 5038138..8128c50 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -4903,6 +4903,11 @@ msgstr "NOT
msgid "NOTE: signature key %s has been revoked\n"
msgstr "NOTÃ: cheia a fost revocatã"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "semnãturã %s, algoritm rezumat %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/ru.po b/po/ru.po
index 9f68512..5e4de97 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -4788,6 +4788,11 @@ msgstr "ЗÐМЕЧÐÐИЕ: подпиÑавший ключ %s - проÑроч
msgid "NOTE: signature key %s has been revoked\n"
msgstr "ЗÐМЕЧÐÐИЕ: ключ %s подпиÑи - отозван\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s подпиÑÑŒ, Ñ…Ñш-Ñ„ÑƒÐ½ÐºÑ†Ð¸Ñ %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "принÑта Ð¿Ð»Ð¾Ñ…Ð°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑŒ ключа %s Ñ Ð½ÐµÐ¸Ð·Ð²ÐµÑтным критичеÑким битом\n"
diff --git a/po/sk.po b/po/sk.po
index a7ed64e..d897bbb 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -5002,6 +5002,11 @@ msgid "NOTE: signature key %s has been revoked\n"
msgstr "POZNÁMKA: kµúè bol revokovaný"
#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s podpis, hashovací algoritmus %s\n"
+
+#, fuzzy, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
"predpokladám neplatný podpis kµúèom %08lX, preto¾e je nastavený neznámy "
diff --git a/po/sv.po b/po/sv.po
index 5dbedf9..2eef3fc 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -4921,6 +4921,11 @@ msgstr "OBSERVERA: signaturnyckeln %s gick ut %s\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "OBSERVERA: signaturnyckeln %s har spärrats\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s signatur, sammandragsalgoritm %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index 8453872..b94fb4c 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -4863,6 +4863,11 @@ msgstr "BİLGİ: %s imza anahtarının kullanım süresi %s sularında dolmuş\n
msgid "NOTE: signature key %s has been revoked\n"
msgstr "BİLGİ: imza anahtarı %s yürürlükten kaldırılmıştı\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s imzası, %s özet algoritması\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index d40d9b3..1ac4679 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -4877,6 +4877,11 @@ msgstr "ЗÐУВÐЖЕÐÐЯ: Ñтрок дії ключа підпиÑу %s з
msgid "NOTE: signature key %s has been revoked\n"
msgstr "ЗÐУВÐЖЕÐÐЯ: ключ підпиÑу %s було відкликано\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s підпиÑ, алгоритм контрольної Ñуми %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr ""
diff --git a/po/zh_CN.po b/po/zh_CN.po
index ccc2189..9824489 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -4752,6 +4752,11 @@ msgstr "注æ„:ç¾å密钥 %s 已于 %s 过期\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "注æ„:密钥已被åŠé”€"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ç¾å,散列算法 %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "å‡å®šå¯†é’¥ %s çš„ç¾å由于æŸä¸ªæœªçŸ¥çš„关键ä½å‡ºé”™è€ŒæŸå\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 64c3302..611cf45 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -4684,6 +4684,11 @@ msgstr "請注æ„: ç°½ç« é‡‘é‘° %s 已於 %s éŽæœŸ\n"
msgid "NOTE: signature key %s has been revoked\n"
msgstr "請注æ„: 簽署金鑰 %s 已撤銷\n"
+#, fuzzy, c-format
+#| msgid "%s signature, digest algorithm %s\n"
+msgid "Note: signatures using the %s algorithm are rejected\n"
+msgstr "%s ç°½ç« , 摘è¦æ¼”算法 %s\n"
+
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "å‡è¨é‡‘é‘° %s çš„æå£žç°½ç« å°Žå› æ–¼æŸå€‹æœªçŸ¥çš„é—œéµä½å…ƒ\n"
commit 71b0cd534ba3843e1a56f5c1b0a34e45a008ae42
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 3 09:48:48 2014 +0200
doc: Adjust Makefile for fixed yat2m.
* doc/Makefile.am (yat2m-stamp): Remove dirmngr-client hack.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c8d799b..252fc52 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -93,16 +93,13 @@ yat2m: yat2m.c
.fig.pdf:
fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
-# Note that yatm --store has a bug in that the @ifset gpgtwoone still
-# creates a dirmngr-client page from tools.texi.
yat2m-stamp: $(myman_sources)
- @rm -f yat2m-stamp.tmp
- @touch yat2m-stamp.tmp
+ rm -f yat2m-stamp.tmp
+ touch yat2m-stamp.tmp
for file in $(myman_sources) ; do \
./yat2m $(YAT2M_OPTIONS) --store \
`test -f '$$file' || echo '$(srcdir)/'`$$file ; done
- @test -f dirmngr-client.1 && rm dirmngr-client.1
- @mv -f yat2m-stamp.tmp $@
+ mv -f yat2m-stamp.tmp $@
yat2m-stamp: yat2m
commit d03df6885194a04f1e64967b45aaae60328ff009
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jun 3 09:02:00 2014 +0200
doc: Update from master
--
diff --git a/doc/gpg.texi b/doc/gpg.texi
index f1dee58..a263690 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifset gpgtwoone
+ at item --quick-sign-key @code{fpr} [@code{names}]
+ at itemx --quick-lsign-key @code{name}
+ at opindex quick-sign-key
+ at opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+ at option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+ at end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
@@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are:
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
- evidence that the user ID is bound to the key.
+ evidence that the user ID is bound to the key. Note that this
+ trust model still does not allow the use of expired, revoked, or
+ disabled keys.
@item auto
@opindex trust-mode:auto
@@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried:
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
+ @item clear
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
+
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
+ at end ifclear
@item ca-cert-file
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
+ at end ifclear
+
@end table
@item --completes-needed @code{n}
@@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
+
+ at ifclear gpgone
+ at item --agent-program @var{file}
+ at opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify a dirmngr program to be used for keyserver access. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+ at end ifset
+
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
+ at ifset gpgtwoone
+ at item --legacy-list-mode
+ at opindex legacy-list-mode
+Revert to the pre-2.1 public key list mode. This only affects the
+human readable output and not the machine interface
+(i.e. @code{--with-colons}). Note that the legacy format does not
+allow to convey suitable information for elliptic curves.
+ at end ifset
+
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
@@ -2245,8 +2310,8 @@ available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
--no-force-v4-certs --escape-from-lines --force-v3-sigs
---allow-weak-digest-algos --cipher-algo IDEA --digest-algo
-MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+--allow-weak-digest-algos --cipher-algo IDEA --digest-algo MD5
+--compress-algo ZIP}. It also disables @option{--textmode} when
encrypting.
@item --pgp6
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index f7cedaf..3d2594f 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -350,7 +350,7 @@ as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
set or a running agent cannot be connected.
@item --dirmngr-program @var{file}
- at opindex dirmnr-program
+ at opindex dirmngr-program
Specify a dirmngr program to be used for @acronym{CRL} checks. The
default value is @file{/usr/sbin/dirmngr}. This is only used as a
fallback when the environment variable @code{DIRMNGR_INFO} is not set or
diff --git a/doc/tools.texi b/doc/tools.texi
index be1233b..32ab1e4 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -305,12 +305,22 @@ Reload all or the given component. This is basically the same as sending
a SIGHUP to the component. Components which don't support reloading are
ignored.
+ at ifset gpgtwoone
+ at item --launch [@var{component}]
+ at opindex launch
+If the @var{component} is not already running, start it.
+ at command{component} must be a daemon. This is in general not required
+because the system starts these daemons as needed. However, external
+software making direct use of @command{gpg-agent} or @command{dirmngr}
+may use this command to ensure that they are started.
+
@item --kill [@var{component}]
@opindex kill
Kill the given component. Components which support killing are
gpg-agent and scdaemon. Components which don't support reloading are
ignored. Note that as of now reload and kill have the same effect for
scdaemon.
+ at end ifset
@end table
@@ -1190,6 +1200,18 @@ Try to be as quiet as possible.
@opindex agent-program
Specify the agent program to be started if none is running.
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify the directory manager (keyserver client) program to be started
+if none is running. This has only an effect if used together with the
+option @option{--dirmngr}.
+
+ at item --dirmngr
+ at opindex dirmngr
+Connect to a running directory manager (keyserver client) instead of
+to the gpg-agent. If a dirmngr is not running, start it.
+ at end ifset
@item -S
@itemx --raw-socket @var{name}
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 5dc81bf..2ac4390 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2005, 2013 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
*/
/*
- This is a simple textinfo to man page converter. It needs some
+ This is a simple texinfo to man page converter. It needs some
special markup in th e texinfo and tries best to get a create man
page. It has been designed for the GnuPG man pages and thus only
a few texinfo commands are supported.
@@ -107,6 +107,9 @@
character. */
#define LINESIZE 1024
+/* Number of allowed condition nestings. */
+#define MAX_CONDITION_NESTING 10
+
/* Option flags. */
static int verbose;
static int quiet;
@@ -117,10 +120,6 @@ static const char *opt_select;
static const char *opt_include;
static int opt_store;
-/* The only define we understand is -D gpgone. Thus we need a simple
- boolean tro track it. */
-static int gpgone_defined;
-
/* Flag to keep track whether any error occurred. */
static int any_error;
@@ -129,7 +128,7 @@ static int any_error;
struct macro_s
{
struct macro_s *next;
- char *value; /* Malloced value. */
+ char *value; /* Malloced value. */
char name[1];
};
typedef struct macro_s *macro_t;
@@ -137,6 +136,24 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of global macro names. The value part is not used. */
+static macro_t predefinedmacrolist;
+
+/* Object to keep track of @isset and @ifclear. */
+struct condition_s
+{
+ int manverb; /* "manverb" needs special treatment. */
+ int isset; /* This is an @isset condition. */
+ char name[1]; /* Name of the condition macro. */
+};
+typedef struct condition_s *condition_t;
+
+/* The stack used to evaluate conditions. And the current states. */
+static condition_t condition_stack[MAX_CONDITION_NESTING];
+static int condition_stack_idx;
+static int cond_is_active; /* State of ifset/ifclear */
+static int cond_in_verbatim; /* State of "manverb". */
+
/* Object to store one line of content. */
struct line_buffer_s
@@ -313,7 +330,158 @@ isodatestring (void)
}
+/* Add NAME to the list of predefined macros which are global for all
+ files. */
+static void
+add_predefined_macro (const char *name)
+{
+ macro_t m;
+
+ for (m=predefinedmacrolist; m; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m)
+ {
+ m = xcalloc (1, sizeof *m + strlen (name));
+ strcpy (m->name, name);
+ m->next = predefinedmacrolist;
+ predefinedmacrolist = m;
+ }
+}
+
+
+/* Create or update a macro with name MACRONAME and set its values TO
+ MACROVALUE. Note that ownership of the macro value is transferred
+ to this function. */
+static void
+set_macro (const char *macroname, char *macrovalue)
+{
+ macro_t m;
+
+ for (m=macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+}
+
+
+/* Return true if the macro NAME is set, i.e. not the empty string and
+ not evaluating to 0. */
+static int
+macro_set_p (const char *name)
+{
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m || !m->value || !*m->value)
+ return 0;
+ if ((*m->value & 0x80) || !isdigit (*m->value))
+ return 1; /* Not a digit but some other string. */
+ return !!atoi (m->value);
+}
+
+
+/* Evaluate the current conditions. */
+static void
+evaluate_conditions (const char *fname, int lnr)
+{
+ int i;
+
+ /* for (i=0; i < condition_stack_idx; i++) */
+ /* inf ("%s:%d: stack[%d] %s %s %c", */
+ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
+ /* condition_stack[i]->name, */
+ /* (macro_set_p (condition_stack[i]->name) */
+ /* ^ !condition_stack[i]->isset)? 't':'f'); */
+
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
+ if (condition_stack_idx)
+ {
+ for (i=0; i < condition_stack_idx; i++)
+ {
+ if (condition_stack[i]->manverb)
+ cond_in_verbatim = (macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset);
+ else if (!(macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset))
+ {
+ cond_is_active = 0;
+ break;
+ }
+ }
+ }
+
+ /* inf ("%s:%d: active=%d verbatim=%d", */
+ /* fname, lnr, cond_is_active, cond_in_verbatim); */
+}
+
+
+/* Push a condition with condition macro NAME onto the stack. If
+ ISSET is true, a @isset condition is pushed. */
+static void
+push_condition (const char *name, int isset, const char *fname, int lnr)
+{
+ condition_t cond;
+ int manverb = 0;
+ if (condition_stack_idx >= MAX_CONDITION_NESTING)
+ {
+ err ("%s:%d: condition nested too deep", fname, lnr);
+ return;
+ }
+
+ if (!strcmp (name, "manverb"))
+ {
+ if (!isset)
+ {
+ err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr);
+ return;
+ }
+ manverb = 1;
+ }
+
+ cond = xcalloc (1, sizeof *cond + strlen (name));
+ cond->manverb = manverb;
+ cond->isset = isset;
+ strcpy (cond->name, name);
+
+ condition_stack[condition_stack_idx++] = cond;
+ evaluate_conditions (fname, lnr);
+}
+
+
+/* Remove the last condition from the stack. ISSET is used for error
+ reporting. */
+static void
+pop_condition (int isset, const char *fname, int lnr)
+{
+ if (!condition_stack_idx)
+ {
+ err ("%s:%d: unbalanced \"@end %s\"",
+ fname, lnr, isset?"isset":"isclear");
+ return;
+ }
+ condition_stack_idx--;
+ free (condition_stack[condition_stack_idx]);
+ condition_stack[condition_stack_idx] = NULL;
+ evaluate_conditions (fname, lnr);
+}
+
+
+�
/* Return a section buffer for the section NAME. Allocate a new buffer
if this is a new section. Keep track of the sections in THEPAGE.
This function may reallocate the section array in THEPAGE. */
@@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int lnr = 0;
/* Fixme: The following state variables don't carry over to include
files. */
- int in_verbatim = 0;
int skip_to_end = 0; /* Used to skip over menu entries. */
int skip_sect_line = 0; /* Skip after @mansect. */
- int ifset_nesting = 0; /* How often a ifset has been seen. */
- int ifclear_nesting = 0; /* How often a ifclear has been seen. */
- int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
- int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
- int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
@@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
size_t n = strlen (line);
int got_line = 0;
- char *p;
+ char *p, *pend;
lnr++;
if (!n || line[n-1] != '\n')
@@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "macro", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- macro_t m;
-
if (macrovalueused)
macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
macrovalue[macrovalueused] = 0; /* Terminate macro. */
macrovalue = xrealloc (macrovalue, macrovalueused+1);
- for (m= macrolist; m; m = m->next)
- if (!strcmp (m->name, macroname))
- break;
- if (m)
- free (m->value);
- else
- {
- m = xcalloc (1, sizeof *m + strlen (macroname));
- strcpy (m->name, macroname);
- m->next = macrolist;
- macrolist = m;
- }
- m->value = macrovalue;
+ set_macro (macroname, macrovalue);
macrovalue = NULL;
free (macroname);
macroname = NULL;
@@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
if (n == 6 && !memcmp (line, "@ifset", 6)
&& (line[6]==' '||line[6]=='\t'))
{
- ifset_nesting++;
-
- if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ for (p=line+7; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_verbatim)
- err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
- else
- in_verbatim = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifset\"", fname, lnr);
+ continue;
}
- else if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 1, fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ for (p=line+9; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_gpgone)
- err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
- else
- in_gpgone = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr);
+ continue;
}
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 0, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifset", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- if (in_verbatim && ifset_nesting == in_verbatim)
- in_verbatim = 0;
- if (in_gpgone && ifset_nesting == in_gpgone)
- in_gpgone = 0;
-
- if (ifset_nesting)
- ifset_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
- continue;
- }
- else if (n == 8 && !memcmp (line, "@ifclear", 8)
- && (line[8]==' '||line[8]=='\t'))
- {
- ifclear_nesting++;
-
- if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
- {
- if (not_in_gpgone)
- err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
- else
- not_in_gpgone = ifclear_nesting;
- }
-
- else if (!strncmp (p, "isman", 5)
- && (p[5]==' '||p[5]=='\t'||!p[5]))
- {
- if (not_in_man)
- err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
- else
- not_in_man = ifclear_nesting;
- }
-
+ pop_condition (1, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifclear", 7)
&& (p[7]==' '||p[7]=='\t'||!p[7]))
{
- if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
- not_in_gpgone = 0;
- if (not_in_man && ifclear_nesting == not_in_man)
- not_in_man = 0;
-
- if (ifclear_nesting)
- ifclear_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ pop_condition (0, fname, lnr);
continue;
}
}
/* Take action on ifset/ifclear. */
- if ( (in_gpgone && !gpgone_defined)
- || (not_in_gpgone && gpgone_defined)
- || not_in_man)
+ if (!cond_is_active)
continue;
/* Process commands. */
@@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
skip_to_end = 0;
}
- else if (in_verbatim)
+ else if (cond_in_verbatim)
{
got_line = 1;
}
@@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
else if (!skip_to_end)
got_line = 1;
- if (got_line && in_verbatim)
+ if (got_line && cond_in_verbatim)
add_content (*section_name, line, 1);
else if (got_line && thepage.name && *section_name && !in_pause)
add_content (*section_name, line, 0);
@@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp)
{
char *section_name = NULL; /* Name of the current section or NULL
if not in a section. */
+ macro_t m;
+
while (macrolist)
{
macro_t next = macrolist->next;
@@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ for (m=predefinedmacrolist; m; m = m->next)
+ set_macro (m->name, xstrdup ("1"));
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
parse_file (fname, fp, §ion_name, 0);
free (section_name);
@@ -1223,6 +1344,12 @@ main (int argc, char **argv)
opt_source = "GNU";
opt_release = "";
+ /* Define default macros. The trick is that these macros are not
+ defined when using the actual texinfo renderer. */
+ add_predefined_macro ("isman");
+ add_predefined_macro ("manverb");
+
+ /* Option parsing. */
if (argc)
{
argc--; argv++;
@@ -1327,8 +1454,7 @@ main (int argc, char **argv)
argc--; argv++;
if (argc)
{
- if (!strcmp (*argv, "gpgone"))
- gpgone_defined = 1;
+ add_predefined_macro (*argv);
argc--; argv++;
}
}
commit d7750a15d594f6d621e21d57fd5d45d6573870e0
Author: Werner Koch <wk at gnupg.org>
Date: Tue Apr 15 16:40:48 2014 +0200
gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--
This makes is possible to extract all photos ids from a key to
different files.
(cherry picked from commit e184a11f94e2d41cd9266484542631bec23628b5)
Resolved conflicts:
g10/photoid.c - whitespaces
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7d314b6..f1dee58 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1177,7 +1177,7 @@ for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
-"full"),
+"full"), "%U" for a base32 encoded hash of the user ID,
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
diff --git a/g10/main.h b/g10/main.h
index 6876e0a..8d29071 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -109,6 +109,7 @@ struct expando_args
byte imagetype;
int validity_info;
const char *validity_string;
+ const byte *namehash;
};
char *pct_expando(const char *string,struct expando_args *args);
diff --git a/g10/misc.c b/g10/misc.c
index 82a13aa..43ea0d2 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -648,6 +648,23 @@ pct_expando(const char *string,struct expando_args *args)
}
break;
+ case 'U': /* z-base-32 encoded user id hash. */
+ if (args->namehash)
+ {
+ char *tmp = zb32_encode (args->namehash, 8*20);
+ if (tmp)
+ {
+ if (idx + strlen (tmp) < maxlen)
+ {
+ strcpy (ret+idx, tmp);
+ idx += strlen (tmp);
+ }
+ xfree (tmp);
+ done = 1;
+ }
+ }
+ break;
+
case 'c': /* signature count from card, if any. */
if(idx+10<maxlen)
{
diff --git a/g10/photoid.c b/g10/photoid.c
index 615837e..517fa21 100644
--- a/g10/photoid.c
+++ b/g10/photoid.c
@@ -297,11 +297,12 @@ show_photos(const struct user_attribute *attrs,
u32 len;
u32 kid[2]={0,0};
- memset(&args,0,sizeof(args));
- args.pk=pk;
- args.sk=sk;
- args.validity_info=get_validity_info(pk,uid);
- args.validity_string=get_validity_string(pk,uid);
+ memset (&args, 0, sizeof(args));
+ args.pk = pk;
+ args.validity_info = get_validity_info (pk, uid);
+ args.validity_string = get_validity_string (pk, uid);
+ namehash_from_uid (uid);
+ args.namehash = uid->namehash;
if(pk)
keyid_from_pk(pk,kid);
commit 2a415c47eaf65c47edbd98440f37b2c46354fd02
Author: Werner Koch <wk at gnupg.org>
Date: Tue Apr 15 16:40:48 2014 +0200
common: Add z-base-32 encoder.
* common/zb32.c: New.
* common/t-zb32.c: New.
* common/Makefile.am (common_sources): Add zb82.c
--
(cherry picked from commit b8a91ebf46a927801866e99bb5a66ab00651424e)
Resolved conflicts:
common/Makefile.am
diff --git a/common/Makefile.am b/common/Makefile.am
index f2242b6..880b01b 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -52,6 +52,7 @@ common_sources = \
gettime.c \
yesno.c \
b64enc.c b64dec.c \
+ zb32.c \
convert.c \
percent.c \
miscellaneous.c \
diff --git a/common/util.h b/common/util.h
index becc9cf..48d02e0 100644
--- a/common/util.h
+++ b/common/util.h
@@ -182,6 +182,8 @@ gpg_error_t b64dec_proc (struct b64state *state, void *buffer, size_t length,
gpg_error_t b64dec_finish (struct b64state *state);
+/*-- zb32.c --*/
+char *zb32_encode (const void *data, unsigned int databits);
/*-- sexputil.c */
diff --git a/common/zb32.c b/common/zb32.c
new file mode 100644
index 0000000..05aa0ea
--- /dev/null
+++ b/common/zb32.c
@@ -0,0 +1,120 @@
+/* zb32.c - z-base-32 functions
+ * Copyright (C) 2014 Werner Koch
+ *
+ * This file is part of GnuPG.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of either
+ *
+ * - the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at
+ * your option) any later version.
+ *
+ * or
+ *
+ * - the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * or both in parallel, as here.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+
+#include "util.h"
+
+
+/* Zooko's base32 variant. See RFC-6189 and
+ http://philzimmermann.com/docs/human-oriented-base-32-encoding.txt
+ Caller must xfree the returned string. Returns NULL and sets ERRNO
+ on error. To avoid integer overflow DATALEN is limited to 2^16
+ bytes. Note, that DATABITS is measured in bits!. */
+char *
+zb32_encode (const void *data, unsigned int databits)
+{
+ static char const zb32asc[32] = {'y','b','n','d','r','f','g','8',
+ 'e','j','k','m','c','p','q','x',
+ 'o','t','1','u','w','i','s','z',
+ 'a','3','4','5','h','7','6','9' };
+ const unsigned char *s;
+ char *output, *d;
+ size_t datalen;
+
+ datalen = (databits + 7) / 8;
+ if (datalen > (1 << 16))
+ {
+ errno = EINVAL;
+ return NULL;
+ }
+
+ d = output = xtrymalloc (8 * (datalen / 5)
+ + 2 * (datalen % 5)
+ - ((datalen%5)>2)
+ + 1);
+ if (!output)
+ return NULL;
+
+ /* I use straightforward code. The compiler should be able to do a
+ better job on optimization than me and it is easier to read. */
+ for (s = data; datalen >= 5; s += 5, datalen -= 5)
+ {
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) | (s[4] >> 5) ];
+ *d++ = zb32asc[((s[4] & 31) ) ];
+ }
+
+ switch (datalen)
+ {
+ case 4:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) | (s[3] >> 7) ];
+ *d++ = zb32asc[((s[3] & 127) >> 2) ];
+ *d++ = zb32asc[((s[3] & 3) << 3) ];
+ break;
+ case 3:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) | (s[2] >> 4) ];
+ *d++ = zb32asc[((s[2] & 15) << 1) ];
+ break;
+ case 2:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) | (s[1] >> 6) ];
+ *d++ = zb32asc[((s[1] & 63) >> 1) ];
+ *d++ = zb32asc[((s[1] & 1) << 4) ];
+ break;
+ case 1:
+ *d++ = zb32asc[((s[0] ) >> 3) ];
+ *d++ = zb32asc[((s[0] & 7) << 2) ];
+ break;
+ default:
+ break;
+ }
+ *d = 0;
+
+ /* Need to strip some bytes if not a multiple of 40. */
+ output[(databits + 5 - 1) / 5] = 0;
+ return output;
+}
commit 8a4bd132f73aaf1588fb03340392fe22dd8e18ed
Author: Werner Koch <wk at gnupg.org>
Date: Mon Mar 17 17:54:36 2014 +0100
gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/gpg.conf.tmpl: Add allow_weak_digest_algos.
--
(cherry picked from commit f90cfe6b66269de0154d810c5cee1fe9a5af475c)
Resolved conflicts:
g10/gpg.c - adjust.
tests/openpgp/defs.inc - no changes
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 26179bd..7d314b6 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2244,9 +2244,10 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
- at option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+--allow-weak-digest-algos --cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
@item --pgp6
@opindex pgp6
@@ -2702,6 +2703,13 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at item --allow-weak-digest-algos
+ at opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
diff --git a/g10/gpg.c b/g10/gpg.c
index 35b62c1..87ffe54 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -367,6 +367,7 @@ enum cmd_and_opt_values
oDisableDSA2,
oAllowMultipleMessages,
oNoAllowMultipleMessages,
+ oAllowWeakDigestAlgos,
oNoop
};
@@ -742,6 +743,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oDisableDSA2, "disable-dsa2", "@"),
ARGPARSE_s_n (oAllowMultipleMessages, "allow-multiple-messages", "@"),
ARGPARSE_s_n (oNoAllowMultipleMessages, "no-allow-multiple-messages", "@"),
+ ARGPARSE_s_n (oAllowWeakDigestAlgos, "allow-weak-digest-algos", "@"),
/* These two are aliases to help users of the PGP command line
product use gpg with minimal pain. Many commands are common
@@ -2949,6 +2951,10 @@ main (int argc, char **argv)
opt.flags.allow_multiple_messages=0;
break;
+ case oAllowWeakDigestAlgos:
+ opt.flags.allow_weak_digest_algos = 1;
+ break;
+
case oNoop: break;
default:
@@ -3131,6 +3137,7 @@ main (int argc, char **argv)
opt.pgp2_workarounds = 1;
opt.ask_sig_expire = 0;
opt.ask_cert_expire = 0;
+ opt.flags.allow_weak_digest_algos = 1;
xfree(def_digest_string);
def_digest_string = xstrdup("md5");
xfree(s2k_digest_string);
diff --git a/g10/options.h b/g10/options.h
index 3c5b2c5..1a13841 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -231,6 +231,7 @@ struct
unsigned int utf8_filename:1;
unsigned int dsa2:1;
unsigned int allow_multiple_messages:1;
+ unsigned int allow_weak_digest_algos:1;
} flags;
/* Linked list of ways to find a key if the key isn't on the local
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 07a9836..ed4fa89 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -269,6 +269,22 @@ do_check( PKT_public_key *pk, PKT_signature *sig, gcry_md_hd_t digest,
if( (rc=do_check_messages(pk,sig,r_expired,r_revoked)) )
return rc;
+ if (sig->digest_algo == GCRY_MD_MD5
+ && !opt.flags.allow_weak_digest_algos)
+ {
+ static int shown;
+
+ if (!shown)
+ {
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ "MD5");
+ shown = 1;
+ }
+
+ return GPG_ERR_DIGEST_ALGO;
+ }
+
/* Make sure the digest algo is enabled (in case of a detached
signature). */
gcry_md_enable (digest, sig->digest_algo);
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index b011549..5d5e03d 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -68,7 +68,7 @@ error () {
defs_error_seen=yes
echo "$pgmname:" $* >&5
if [ x$defs_stop_on_error != xyes ]; then
- exit 1
+ exit 1
fi
}
@@ -189,7 +189,7 @@ pgmname=`basename $0`
[ -z "$srcdir" ] && fatal "not called from make"
# Make sure we have a valid option file even with VPATH builds.
-for f in gpg.conf ; do
+for f in gpg.conf ; do
if [ -f ./$f ]; then
:
elif [ -f $srcdir/$f.tmpl ]; then
diff --git a/tests/openpgp/gpg.conf.tmpl b/tests/openpgp/gpg.conf.tmpl
index 7060a66..7db73be 100644
--- a/tests/openpgp/gpg.conf.tmpl
+++ b/tests/openpgp/gpg.conf.tmpl
@@ -3,3 +3,4 @@ no-secmem-warning
no-permission-warning
batch
no-auto-check-trustdb
+allow-weak-digest-algos
commit 3d4a36c8c98a15a4c5237fe2d10475a14b4c170a
Author: Werner Koch <wk at gnupg.org>
Date: Wed May 14 08:55:58 2014 +0200
gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to
understand.
diff --git a/g10/encr-data.c b/g10/encr-data.c
index 105b105..c5c3c19 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -240,14 +240,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
gcry_md_write (dfx->mdc_hash, dfx->defer, 2);
gcry_md_final (dfx->mdc_hash);
- if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' )
- {
- log_error("mdc_packet with invalid encoding\n");
- rc = gpg_error (GPG_ERR_INV_PACKET);
- }
- else if (datalen != 20
- || memcmp (gcry_md_read (dfx->mdc_hash, 0),
- dfx->defer+2,datalen ))
+ if ( dfx->defer[0] != '\xd3'
+ || dfx->defer[1] != '\x14'
+ || datalen != 20
+ || memcmp (gcry_md_read (dfx->mdc_hash, 0), dfx->defer+2, datalen))
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
/* log_printhex("MDC message:", dfx->defer, 22); */
/* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */
commit 3c3d1ab35d17bce46dac8f806a8ce2dc90ac06ee
Author: Werner Koch <wk at gnupg.org>
Date: Wed May 14 08:49:37 2014 +0200
gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--
This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.
GnuPG-bug-id: 1639
diff --git a/g10/keygen.c b/g10/keygen.c
index ad6bd73..a786beb 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1949,7 +1949,7 @@ ask_expire_interval(int object,const char *def_expire)
answer = NULL;
for(;;)
{
- u32 curtime=make_timestamp();
+ u32 curtime;
xfree(answer);
if(object==0)
@@ -1973,6 +1973,7 @@ ask_expire_interval(int object,const char *def_expire)
}
cpr_kill_prompt();
trim_spaces(answer);
+ curtime = make_timestamp ();
interval = parse_expire_string( answer );
if( interval == (u32)-1 )
{
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 5 +-
NEWS | 28 +++-
README | 19 ++-
common/Makefile.am | 1 +
common/util.h | 2 +
common/zb32.c | 120 +++++++++++++++++
doc/Makefile.am | 9 +-
doc/gpg.texi | 83 +++++++++++-
doc/gpgsm.texi | 2 +-
doc/tools.texi | 22 +++
doc/yat2m.c | 310 ++++++++++++++++++++++++++++++-------------
g10/encr-data.c | 12 +-
g10/gpg.c | 7 +
g10/keygen.c | 3 +-
g10/main.h | 1 +
g10/misc.c | 17 +++
g10/options.h | 1 +
g10/photoid.c | 11 +-
g10/sig-check.c | 16 +++
po/be.po | 4 +
po/ca.po | 5 +
po/cs.po | 5 +
po/da.po | 5 +
po/de.po | 6 +-
po/el.po | 5 +
po/eo.po | 4 +
po/es.po | 5 +
po/et.po | 5 +
po/fi.po | 6 +
po/fr.po | 5 +
po/gl.po | 5 +
po/hu.po | 5 +
po/id.po | 5 +
po/it.po | 5 +
po/ja.po | 5 +
po/nb.po | 5 +
po/pl.po | 5 +
po/pt.po | 4 +
po/pt_BR.po | 4 +
po/ro.po | 5 +
po/ru.po | 5 +
po/sk.po | 5 +
po/sv.po | 5 +
po/tr.po | 5 +
po/uk.po | 5 +
po/zh_CN.po | 5 +
po/zh_TW.po | 5 +
tests/openpgp/defs.inc | 4 +-
tests/openpgp/gpg.conf.tmpl | 1 +
49 files changed, 678 insertions(+), 134 deletions(-)
create mode 100644 common/zb32.c
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list