[git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.16-17-gba50a00
by Werner Koch
cvs at cvs.gnupg.org
Mon Jun 23 17:39:11 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via ba50a006302cee62376f1c7bf11a08dad14f41ff (commit)
via 297f2ac6451e638ed96926d06b01189076010823 (commit)
via 8d5f493ba4e7ea410186e16b8927ad5683fb15f2 (commit)
via bfc7893bdaf4dc674799ddddc0cae8f0af642b9d (commit)
via 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe (commit)
via 5230304349490f31aa64ee2b69a8a2bc06bf7816 (commit)
via 8eab483a1c4817a2946624c7305f464089d1875e (commit)
via 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd (commit)
from ab644b1efffe7c36aff4a0612479ee1949830516 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ba50a006302cee62376f1c7bf11a08dad14f41ff
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 17:42:21 2014 +0200
Post release changes.
--
diff --git a/NEWS b/NEWS
index e935605..a78109b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.4.18 (unreleased)
+-------------------------------------------------
+
+
Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
diff --git a/README b/README
index 5d1edbd..4a07839 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.17
+ Version 1.4.18
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
diff --git a/configure.ac b/configure.ac
index 93527e9..96f09d7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -27,7 +27,7 @@ min_automake_version="1.9.3"
# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.4.17])
+m4_define([mym4_version], [1.4.18])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit 297f2ac6451e638ed96926d06b01189076010823
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 16:38:09 2014 +0200
Release 1.4.17
diff --git a/AUTHORS b/AUTHORS
index 29f775f..8e59219 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,10 +1,16 @@
Program: GnuPG
Version: 1.4
+Homepage: https://www.gnupg.org
Maintainer: Werner Koch <wk at gnupg.org>
Bug reports: http://bugs.gnupg.org
Security related bug reports: <security at gnupg.org>
License: GPLv3+
+GnuPG is free software. See the files COPYING for copying conditions.
+License copyright years may be listed using range notation, e.g.,
+2000-2013, indicating that every year in the range, inclusive, is a
+copyrightable year that would otherwise be listed individually.
+
Authors with a FSF copyright assignment
=======================================
@@ -129,7 +135,7 @@ Other authors
=============
The need for copyright assignments to the FSF has been waived on
-2013-03-29; The need for copyright disclaimers for translations has
+2013-03-29; the need for copyright disclaimers for translations has
been waived in December 2012.
This program uses the zlib compression library written by
@@ -161,13 +167,26 @@ was written by 1996-2010 Julian R Seward. See bzip/LICENSE for
details.
+Copyright
+=========
+
+GnuPG is distributed under the GNU General Public License, version 3
+or later.
+
+Note that some files are under a combination of the GNU Lesser General
+Public License, version 3 and the GNU General Public License, version
+2. A few other files carry the all permissive license note as found
+at the bottom of this file.
+
+====================
+
Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc.
- Copyright 2013 Werner Koch
+ Copyright 2013, 2014 Werner Koch
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
+ This file (AUTHORS) is free software; as a special exception the
+ author gives unlimited permission to copy and/or distribute it, with
+ or without modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
diff --git a/NEWS b/NEWS
index 1dfb23f..e935605 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,20 @@
-Noteworthy changes in version 1.4.17 (unreleased)
+Noteworthy changes in version 1.4.17 (2014-06-23)
-------------------------------------------------
+ * Avoid DoS due to garbled compressed data packets.
+
+ * Screen keyserver reponses to avoid import of unwanted keys by rogue
+ servers.
+
+ * Add hash algorithms to the "sig" records of the colon output.
+
+ * More specific reason codes for INV_RECP status.
+
+ * Fixes for PC/SC access on Apple.
+
+ * Minor bug fixes.
+
+
Noteworthy changes in version 1.4.16 (2013-12-18)
-------------------------------------------------
diff --git a/README b/README
index f025c51..5d1edbd 100644
--- a/README
+++ b/README
@@ -1,12 +1,12 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.16
+ Version 1.4.17
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
2010, 2012, 2013 Free Software Foundation, Inc.
- Copyright 1997, 1998, 2013 Werner Koch
+ Copyright 1997, 1998, 2013, 2014 Werner Koch
This file is free software; as a special exception the author
gives unlimited permission to copy and/or distribute it, with or
@@ -783,10 +783,12 @@
How to Get More Information
---------------------------
- The primary WWW page is http://www.gnupg.org
+ The primary WWW page is https://www.gnupg.org
+ or using TOR http://ic6au7wa3f6naxjq.onion
+
The primary FTP site is ftp://ftp.gnupg.org/gcrypt/
- See http://www.gnupg.org/download/mirrors.html for a list of
+ See https://www.gnupg.org/download/mirrors.html for a list of
mirrors and use them if possible. You may also find GnuPG
mirrored on some of the regular GNU mirrors.
@@ -813,7 +815,7 @@
of "subscribe" to x-request at gnupg.org, where x is the name of the
mailing list (gnupg-announce, gnupg-users, etc.). An archive of
the mailing lists are available at
- http://www.gnupg.org/documentation/mailing-lists.html
+ https://www.gnupg.org/documentation/mailing-lists.html
Please direct bug reports to http://bugs.gnupg.org or post
them direct to the mailing list <gnupg-devel at gnupg.org>.
@@ -825,12 +827,9 @@
by the authors and we try to answer questions when time allows us
to do so.
- Commercial grade support for GnuPG is available; please see
- http://www.gnupg.org/service.html .
-
- The driving force behind the development of GnuPG is the company
- of its principal author, Werner Koch. Maintenance and improvement
- of GnuPG and related software take up most of their resources.
- To continue the work they ask to either donate money, purchase a
- support contract, or engage them for custom enhancements. See
- http://g10code.com/gnupg-donation.html
+ Commercial grade support for GnuPG is available; for a listing of
+ offers see https://www.gnupg.org/service.html . Maintaining and
+ improving GnuPG is costly. Since 2001, g10 Code GmbH, a German
+ company owned and headed by GnuPG's principal author Werner Koch,
+ is bearing the majority of these costs. To help them carry on
+ this work, they need your support. See https://gnupg.org/donate/
diff --git a/util/argparse.c b/util/argparse.c
index a0579cb..267b6f1 100644
--- a/util/argparse.c
+++ b/util/argparse.c
@@ -1046,7 +1046,7 @@ default_strusage( int level )
break;
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
- case 14: p = "Copyright (C) 2013 Free Software Foundation, Inc."; break;
+ case 14: p = "Copyright (C) 2014 Free Software Foundation, Inc."; break;
case 15: p =
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n";
commit 8d5f493ba4e7ea410186e16b8927ad5683fb15f2
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 16:35:41 2014 +0200
po: Auto-update
--
diff --git a/po/be.po b/po/be.po
index 9add96e..2625282 100644
--- a/po/be.po
+++ b/po/be.po
@@ -1843,6 +1843,13 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– ID карыÑтальнікаў"
+#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr ""
@@ -1938,6 +1945,10 @@ msgstr "паказаць ÑÑŒÐ¿Ñ–Ñ ÐºÐ»ÑŽÑ‡Ð¾Ñž Ñ– подпіÑаў"
msgid "key %s: \"%s\" not changed\n"
msgstr ""
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "грамадÑкі ключ Ð½Ñ Ð·Ð½Ð¾Ð¹Ð´Ð·ÐµÐ½Ñ‹"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "ÑакрÑтны ключ недаÑтупны"
diff --git a/po/ca.po b/po/ca.po
index bc6e6c6..3d08b48 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -2064,6 +2064,13 @@ msgid "key %s: no user ID\n"
msgstr "clau %08lX: sense ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "es descarta «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clau %08lX: corrupció de la subclau HKP reparada\n"
@@ -2158,6 +2165,10 @@ msgstr "clau %08lX: «%s» %d ID d'usuari nous\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clau %08lX: «%s» no ha estat modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "no s'ha trobat la clau secreta «%s»: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "s'està escrivint la clau secreta a «%s»\n"
diff --git a/po/cs.po b/po/cs.po
index 92198da..ec904ae 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -1978,6 +1978,14 @@ msgstr "nelze aktualizovat preference s: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "klíè %s: chybí identifikátor u¾ivatele\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pøeskoèen \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klíè %s: PKS po¹kození podklíèe opraveno\n"
@@ -2075,6 +2083,11 @@ msgstr "kl
msgid "key %s: \"%s\" not changed\n"
msgstr "klíè %s: \"%s\" beze zmìn\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "tajný klíè \"%s\" nenalezen: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import tajných klíèù není povolen\n"
diff --git a/po/da.po b/po/da.po
index edcd31b..6d871f6 100644
--- a/po/da.po
+++ b/po/da.po
@@ -1958,6 +1958,14 @@ msgstr "du kan opdatere dine præferencer med: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "nøgle %s: ingen bruger-id\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "udelod »%s«: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "nøgle %s: korruption af PKS-undernøgle er repareret!\n"
@@ -2053,6 +2061,11 @@ msgstr "nøgle %s: »%s« %d bruger-id'er renset\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nøgle %s: »%s« ikke ændret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig nøgle »%s« blev ikke fundet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import af hemmelige nøgler er ikke tilladt\n"
diff --git a/po/de.po b/po/de.po
index 0a02fb9..8b3ccd8 100644
--- a/po/de.po
+++ b/po/de.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-1.4.8\n"
"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n"
-"PO-Revision-Date: 2012-08-24 16:58+0200\n"
+"PO-Revision-Date: 2014-06-23 16:34+0200\n"
"Last-Translator: Walter Koch <koch at u32.de>\n"
"Language-Team: German <de at li.org>\n"
"Language: de\n"
@@ -2011,6 +2011,13 @@ msgid "key %s: no user ID\n"
msgstr "Schlüssel %s: Keine User-ID\n"
#, c-format
+msgid "key %s: %s\n"
+msgstr "Schlüssel \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr "durch Importfilter zurückgewiesen"
+
+#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "Schlüssel %s: PKS Unterschlüsseldefekt repariert\n"
@@ -2105,6 +2112,10 @@ msgstr "Schlüssel %s: \"%s\" %d User-IDs bereinigt\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "Schlüssel %s: \"%s\" nicht geändert\n"
+#, c-format
+msgid "secret key %s: %s\n"
+msgstr "Geheimer Schlüssel \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Importieren geheimer Schlüssel ist nicht erlaubt\n"
diff --git a/po/el.po b/po/el.po
index 4a15778..a6eb951 100644
--- a/po/el.po
+++ b/po/el.po
@@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n"
msgstr "êëåéäß %08lX: äåí õðÜñ÷åé áõôü ôï user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ðáñáëåßöèçêå `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "êëåéäß %08lX: åðéäéüñèùóç öèáñìÝíïõ õðïêëåéäéïý HKP\n"
@@ -2110,6 +2117,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "êëåéäß %08lX: \"%s\" áìåôÜâëçôï\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "ôï ìõóôéêü êëåéäß `%s' äå âñÝèçêå: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "åããñáöÞ ôïõ ìõóôéêïý êëåéäéïý óôï `%s'\n"
diff --git a/po/eo.po b/po/eo.po
index e910584..21a54d7 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n"
msgstr "þlosilo %08lX: mankas uzantidentigilo\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignoris '%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "þlosilo %08lX: mankas subþlosilo por þlosilbindado\n"
@@ -2078,6 +2085,10 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "þlosilo %08lX: ne þanøita\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "þlosilo '%s' ne trovita: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "skribas sekretan þlosilon al '%s'\n"
diff --git a/po/es.po b/po/es.po
index df0a502..7be33ec 100644
--- a/po/es.po
+++ b/po/es.po
@@ -1987,6 +1987,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clave %s: sin identificador de usuario\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "omitido \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clave %s: reparada la subclave PKS corrompida\n"
@@ -2082,6 +2090,11 @@ msgstr "clave %s: \"%s\" %d nuevos identificadores de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clave %s: \"%s\" sin cambios\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clave secreta \"%s\" no encontrada: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "no se permite importar claves secretas\n"
diff --git a/po/et.po b/po/et.po
index b635ce1..25a0e4a 100644
--- a/po/et.po
+++ b/po/et.po
@@ -1984,6 +1984,13 @@ msgid "key %s: no user ID\n"
msgstr "võti %08lX: kasutaja ID puudub\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "`%s' jätsin vahele: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "võti %08lX: HKP alamvõtme rike parandatud\n"
@@ -2079,6 +2086,10 @@ msgstr "v
msgid "key %s: \"%s\" not changed\n"
msgstr "võti %08lX: \"%s\" ei muudetud\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salajast võtit `%s' ei leitud: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjutan salajase võtme faili `%s'\n"
diff --git a/po/fi.po b/po/fi.po
index a180d81..9b52b14 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -2016,6 +2016,13 @@ msgid "key %s: no user ID\n"
msgstr "avain %08lX: ei käyttäjätunnusta\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ohitetaan \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "avain %08lX: HKP-aliavainvirhe korjattu\n"
@@ -2111,6 +2118,10 @@ msgstr "avain %08lX: \"%s\" %d uutta käyttäjätunnusta\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "avain %08lX: \"%s\" ei muutoksia\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "salaista avainta \"%s\" ei löydy: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "kirjoitan salaisen avaimen kohteeseen \"%s\"\n"
diff --git a/po/fr.po b/po/fr.po
index 57bc539..c2808d8 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -2008,6 +2008,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "clef %s : pas d'identité\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "« %s » a été ignorée : %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "clef %s : corruption de sous-clef PKS réparée\n"
@@ -2103,6 +2111,11 @@ msgstr "clef %s : « %s » %d identités nettoyées\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "clef %s : « %s » n'est pas modifiée\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "clef secrète « %s » introuvable : %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "impossible d'importer des clefs secrètes\n"
diff --git a/po/gl.po b/po/gl.po
index 3e94c4b..fe1eabc 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -2000,6 +2000,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: non hai ID de usuario\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "omítese `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: arranxouse a corrupción da sub-chave HKP\n"
@@ -2098,6 +2105,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de usuario\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" sen cambios\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "non se atopou a chave secreta `%s': %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "gravando a chave secreta en `%s'\n"
diff --git a/po/hu.po b/po/hu.po
index 4c76185..05e3b6a 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -1992,6 +1992,13 @@ msgid "key %s: no user ID\n"
msgstr "%08lX kulcs: Nincs felhasználói azonosító.\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "Kihagytam \"%s\"-t: %s.\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "%08lX kulcs: HKP alkulcssérülés kijavítva.\n"
@@ -2086,6 +2093,10 @@ msgstr "%08lX kulcs: \"%s\" %d
msgid "key %s: \"%s\" not changed\n"
msgstr "%08lX kulcs: \"%s\" nem változott.\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "\"%s\" titkos kulcs nem található: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "Írom a titkos kulcsot a %s állományba.\n"
diff --git a/po/id.po b/po/id.po
index e24c85e..f17e4eb 100644
--- a/po/id.po
+++ b/po/id.po
@@ -2007,6 +2007,13 @@ msgid "key %s: no user ID\n"
msgstr "kunci %08lX: tidak ada ID user\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "melewati `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kunci %08lX: subkey HKP yang rusak diperbaiki\n"
@@ -2101,6 +2108,10 @@ msgstr "kunci %08lX: \"%s\" %d user ID baru\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "kunci %08lX: \"%s\" tidak berubah\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "kunci rahasia `%s' tidak ditemukan: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "menulis kunci rahasia ke `%s'\n"
diff --git a/po/it.po b/po/it.po
index fe4ef9d..0efc561 100644
--- a/po/it.po
+++ b/po/it.po
@@ -2015,6 +2015,13 @@ msgid "key %s: no user ID\n"
msgstr "chiave %08lX: nessun user ID\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "saltata `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chiave %08lX: riparati i danni di HKP alla subchiave\n"
@@ -2109,6 +2116,10 @@ msgstr "chiave %08lX: \"%s\" %d nuovi user ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chiave %08lX: \"%s\" non cambiata\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chiave segreta `%s' non trovata: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "scrittura della chiave segreta in `%s'\n"
diff --git a/po/ja.po b/po/ja.po
index 109e964..4b76e2a 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -1945,6 +1945,14 @@ msgstr "
msgid "key %s: no user ID\n"
msgstr "¸°%s: ¥æ¡¼¥¶¡¼ID¤¬¤¢¤ê¤Þ¤»¤ó\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "¡È%s¡É¤ò¤È¤Ð¤·¤Þ¤¹: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "¸°%s: PKS¤ÎÉû¸°ÊѤ¤ò½¤Éü\n"
@@ -2040,6 +2048,11 @@ msgstr "
msgid "key %s: \"%s\" not changed\n"
msgstr "¸°%s:¡È%s¡ÉÊѹ¹¤Ê¤·\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "ÈëÌ©¸°¡È%s¡É¤¬¸«¤Ä¤«¤ê¤Þ¤»¤ó: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "ÈëÌ©¸°¤ÎÆɹþ¤ß¤Ï¶Ø»ß¤Ç¤¹\n"
diff --git a/po/nb.po b/po/nb.po
index b18fb22..a242fce 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -1879,6 +1879,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nøkkel %s: ingen brukerid\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppet over «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "nøkkel %s: PKS-undernøkkel reparert\n"
@@ -1974,6 +1982,11 @@ msgstr "n
msgid "key %s: \"%s\" not changed\n"
msgstr "nøkkel %s: «%s» ikke endret\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemmelig nøkkel «%s» ble ikke funnet: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemmelig nøkkel er ikke tillatt\n"
diff --git a/po/nl.po b/po/nl.po
index 6b7d76c..b681cce 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -2013,6 +2013,14 @@ msgstr "Uw voorkeuren verbeteren met: gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "sleutel %s: geen Gebruiker ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "skipped “%sâ€: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "sleutel %s: PKS sub-sleutel fouten verbeterd\n"
@@ -2108,6 +2116,11 @@ msgstr "sleutel %s: “%s†%d gebruiker ID's opgeschoond\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "sleutel %s: “%s†niet veranderd\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "secret key “%s†not found: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importeren van geheime sleutels is niet toegestaan\n"
diff --git a/po/pl.po b/po/pl.po
index cfd9081..3696a0d 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -1955,6 +1955,14 @@ msgstr "ustawienia mo
msgid "key %s: no user ID\n"
msgstr "klucz %s: brak identyfikatora u¿ytkownika\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "pominiêty ,,%s'': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "klucz %s: podklucz uszkodzony przez serwer PKS zosta³ naprawiony\n"
@@ -2050,6 +2058,11 @@ msgstr "klucz %s: ,,%s'' %d oczyszczonych identyfikator
msgid "key %s: \"%s\" not changed\n"
msgstr "klucz %s: ,,%s'' bez zmian\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "klucz prywatny ,,%s'' nie zosta³ odnaleziony: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "wczytywanie kluczy tajnych nie jest dozwolone\n"
diff --git a/po/pt.po b/po/pt.po
index db037e0..9c95055 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -1996,6 +1996,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de utilizador\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: subchave HKP corrompida foi reparada\n"
@@ -2090,6 +2097,10 @@ msgstr "chave %08lX: \"%s\" %d novos IDs de utilizadores\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: \"%s\" não modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "chave `%s' não encontrada: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "a escrever chave privada para `%s'\n"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 215ff45..0e2802c 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -1962,6 +1962,13 @@ msgid "key %s: no user ID\n"
msgstr "chave %08lX: sem ID de usuário\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "ignorado `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "chave %08lX: sem subchave para ligação de chaves\n"
@@ -2056,6 +2063,10 @@ msgstr "chave %08lX: %d novos IDs de usu
msgid "key %s: \"%s\" not changed\n"
msgstr "chave %08lX: não modificada\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "usuário `%s' não encontrado: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "escrevendo certificado privado para `%s'\n"
diff --git a/po/ro.po b/po/ro.po
index bc7d8c3..a2c1c54 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -1975,6 +1975,14 @@ msgstr "vă puteți actualiza preferințele cu: gpg --edit-key %s updpref save\n
msgid "key %s: no user ID\n"
msgstr "cheia %s: nici un ID utilizator\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "sărită \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "cheia %s: subcheia HPK coruptă a fost reparată\n"
@@ -2070,6 +2078,11 @@ msgstr "cheia %s: \"%s\" %d ID-uri utilizator curățate\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "cheia %s: \"%s\" nu a fost schimbată\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "cheia secretă \"%s\" nu a fost găsită: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "importul de chei secrete nu este permis\n"
diff --git a/po/ru.po b/po/ru.po
index 6e6ec64..ade0c81 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -1967,6 +1967,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "ключ %s: не имеет User ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "пропущено \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "ключ %s: PKS повреждение ключа иÑправлено\n"
@@ -2062,6 +2070,11 @@ msgstr "ключ %s: \"%s\" %d очищенных User ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "ключ %s: \"%s\" не изменен\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "Ñекретный ключ \"%s\" не найден: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "импортирование Ñекретного ключа не позволено\n"
diff --git a/po/sk.po b/po/sk.po
index daa8d69..05178c9 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -2003,6 +2003,13 @@ msgid "key %s: no user ID\n"
msgstr "kµúè %08lX: chyba identifikátor u¾ívateµa\n"
#, fuzzy, c-format
+msgid "key %s: %s\n"
+msgstr "preskoèený `%s': %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
+#, fuzzy, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "kµúè %08lX: HKP po¹kodenie podkµúèa opravené\n"
@@ -2099,6 +2106,10 @@ msgstr "k
msgid "key %s: \"%s\" not changed\n"
msgstr "kµúè %08lX: \"%s\" bez zmeny\n"
+#, fuzzy, c-format
+msgid "secret key %s: %s\n"
+msgstr "tajný kµúè `%s' nebol nájdený: %s\n"
+
#, fuzzy
msgid "importing secret keys not allowed\n"
msgstr "zapisujem tajný kµúè do `%s'\n"
diff --git a/po/sv.po b/po/sv.po
index acd7ad8..c58173a 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -2017,6 +2017,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "nyckel %s: ingen användaridentitet\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "hoppade över \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
# Undernyckeln är skadad på HKP-servern. Vanligt fel vid många undernycklar.
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
@@ -2116,6 +2124,11 @@ msgstr "nyckel %s: \"%s\" %d användaridentiteter rensade\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "nyckel %s: \"%s\" inte ändrad\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "hemliga nyckeln \"%s\" hittades inte: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "import av hemliga nycklar tillåts inte\n"
diff --git a/po/tr.po b/po/tr.po
index cb9af54..6bec2c2 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -1950,6 +1950,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "anahtar %s: kullanıcı kimliği yok\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "\"%s\" atlandı: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "anahtar %s: PKS yardımcı anahtar bozulması giderildi\n"
@@ -2045,6 +2053,11 @@ msgstr "anahtar %s: \"%s\" %d yeni kullanıcı kimliği\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "anahtar %s: \"%s\" deÄŸiÅŸmedi\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "gizli anahtar \"%s\" yok: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "gizli anahtarı alımına izin verilmez\n"
diff --git a/po/uk.po b/po/uk.po
index 25ef39f..3916c26 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -2004,6 +2004,14 @@ msgstr ""
msgid "key %s: no user ID\n"
msgstr "ключ %s: немає ідентифікатор кориÑтувача\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "пропущено «%s»: %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "ключ %s: відновлено пошкоджений підключ PKS\n"
@@ -2099,6 +2107,11 @@ msgstr "ключ %s: «%s» Ñпорожнено %d ідентифікаторі
msgid "key %s: \"%s\" not changed\n"
msgstr "ключ %s: «%s» не змінено\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "закритий ключ «%s» не знайдено: %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "Ñ–Ð¼Ð¿Ð¾Ñ€Ñ‚ÑƒÐ²Ð°Ð½Ð½Ñ Ð·Ð°ÐºÑ€Ð¸Ñ‚Ð¸Ñ… ключів заборонено\n"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index be8f292..08da3c1 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -1900,6 +1900,14 @@ msgstr "您å¯ä»¥è¿™æ ·æ›´æ–°æ‚¨çš„首选项:gpg --edit-key %s updpref save\n"
msgid "key %s: no user ID\n"
msgstr "密钥 %sï¼šæ²¡æœ‰ç”¨æˆ·æ ‡è¯†\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "“%sâ€å·²è·³è¿‡ï¼š%s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "密钥 %s:PKS åé’¥ç ´æŸå·²ä¿®å¤\n"
@@ -1995,6 +2003,11 @@ msgstr "密钥 %s:“%sâ€%d ä¸ªç”¨æˆ·æ ‡è¯†è¢«æ¸…é™¤\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "密钥 %s:“%sâ€æœªæ”¹å˜\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "找ä¸åˆ°ç§é’¥â€œ%sâ€ï¼š%s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "ä¸å…许导入ç§é’¥\n"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 54a690a..7e5fa8f 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -1920,6 +1920,14 @@ msgstr "ä½ å¯ä»¥åƒé€™æ¨£ä¾†æ›´æ–°å好è¨å®š: gpg --edit-key %s updpref save\
msgid "key %s: no user ID\n"
msgstr "金鑰 %s: 沒有使用者 ID\n"
+#, fuzzy, c-format
+#| msgid "skipped \"%s\": %s\n"
+msgid "key %s: %s\n"
+msgstr "å·²è·³éŽ \"%s\": %s\n"
+
+msgid "rejected by import filter"
+msgstr ""
+
#, c-format
msgid "key %s: PKS subkey corruption repaired\n"
msgstr "金鑰 %s: PKS å鑰的訛誤已被修復\n"
@@ -2015,6 +2023,11 @@ msgstr "金鑰 %s: \"%s\" 已清除 %d 個使用者 ID\n"
msgid "key %s: \"%s\" not changed\n"
msgstr "金鑰 %s: \"%s\" 未改變\n"
+#, fuzzy, c-format
+#| msgid "secret key \"%s\" not found: %s\n"
+msgid "secret key %s: %s\n"
+msgstr "找ä¸åˆ°ç§é‘° \"%s\": %s\n"
+
msgid "importing secret keys not allowed\n"
msgstr "未å…許匯入ç§é‘°\n"
commit bfc7893bdaf4dc674799ddddc0cae8f0af642b9d
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 16:09:34 2014 +0200
doc: Update from master.
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 26179bd..8ea8199 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -906,6 +906,24 @@ Signs a public key with your secret key but marks it as
non-exportable. This is a shortcut version of the subcommand "lsign"
from @option{--edit-key}.
+ at ifset gpgtwoone
+ at item --quick-sign-key @code{fpr} [@code{names}]
+ at itemx --quick-lsign-key @code{name}
+ at opindex quick-sign-key
+ at opindex quick-lsign-key
+Directly sign a key from the passphrase without any further user
+interaction. The @code{fpr} must be the verified primary fingerprint
+of a key in the local keyring. If no @code{names} are given, all
+useful user ids are signed; with given [@code{names}] only useful user
+ids matching one of theses names are signed. The command
+ at option{--quick-lsign-key} marks the signatures as non-exportable.
+
+This command uses reasonable defaults and thus does not provide the
+full flexibility of the "sign" subcommand from @option{--edit-key}.
+Its intended use to help unattended signing using a list of verified
+fingerprints.
+ at end ifset
+
@ifclear gpgone
@item --passwd @var{user_id}
@opindex passwd
@@ -1177,7 +1195,7 @@ for the key fingerprint, "%t" for the extension of the image type
(e.g. "jpg"), "%T" for the MIME type of the image (e.g. "image/jpeg"),
"%v" for the single-character calculated validity of the image being
viewed (e.g. "f"), "%V" for the calculated validity as a string (e.g.
-"full"),
+"full"), "%U" for a base32 encoded hash of the user ID,
and "%%" for an actual percent sign. If neither %i or %I are present,
then the photo will be supplied to the viewer on standard input.
@@ -1431,7 +1449,9 @@ Set what trust model GnuPG should follow. The models are:
trusted. You generally won't use this unless you are using some
external validation scheme. This option also suppresses the
"[uncertain]" tag printed with signature checks when there is no
- evidence that the user ID is bound to the key.
+ evidence that the user ID is bound to the key. Note that this
+ trust model still does not allow the use of expired, revoked, or
+ disabled keys.
@item auto
@opindex trust-mode:auto
@@ -1482,6 +1502,10 @@ mechanisms, in the order they are to be tried:
position of this mechanism in the list does not matter. It is not
required if @code{local} is also used.
+ @item clear
+ Clear all defined mechanisms. This is useful to override
+ mechanisms given in a config file.
+
@end table
@item --keyid-format @code{short|0xshort|long|0xlong}
@@ -1606,16 +1630,29 @@ are available for all keyserver types, some common options are:
program uses internally (libcurl, openldap, etc).
@item check-cert
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Enable certificate checking if the keyserver presents one (for hkps or
ldaps). Defaults to on.
+ at end ifclear
@item ca-cert-file
+ at ifset gpgtwoone
+ This option has no more function since GnuPG 2.1. Use the
+ @code{dirmngr} configuration options instead.
+ at end ifset
+ at ifclear gpgtwoone
Provide a certificate store to override the system default. Only
necessary if check-cert is enabled, and the keyserver is using a
certificate that is not present in a system default certificate list.
Note that depending on the SSL library that the keyserver helper is
built with, this may actually be a directory or a file.
+ at end ifclear
+
@end table
@item --completes-needed @code{n}
@@ -1696,6 +1733,25 @@ been given. Given that this option is not anymore used by
@command{gpg2}, it should be avoided if possible.
@end ifset
+
+ at ifclear gpgone
+ at item --agent-program @var{file}
+ at opindex agent-program
+Specify an agent program to be used for secret key operations. The
+default value is the @file{/usr/bin/gpg-agent}. This is only used
+as a fallback when the environment variable @code{GPG_AGENT_INFO} is not
+set or a running agent cannot be connected.
+ at end ifclear
+
+ at ifset gpgtwoone
+ at item --dirmngr-program @var{file}
+ at opindex dirmngr-program
+Specify a dirmngr program to be used for keyserver access. The
+default value is @file{/usr/sbin/dirmngr}. This is only used as a
+fallback when the environment variable @code{DIRMNGR_INFO} is not set or
+a running dirmngr cannot be connected.
+ at end ifset
+
@item --lock-once
@opindex lock-once
Lock the databases the first time a lock is requested
@@ -2053,6 +2109,15 @@ Since GnuPG 2.0.10, this mode is always used and thus this option is
obsolete; it does not harm to use it though.
@end ifclear
+ at ifset gpgtwoone
+ at item --legacy-list-mode
+ at opindex legacy-list-mode
+Revert to the pre-2.1 public key list mode. This only affects the
+human readable output and not the machine interface
+(i.e. @code{--with-colons}). Note that the legacy format does not
+allow to convey suitable information for elliptic curves.
+ at end ifset
+
@item --with-fingerprint
@opindex with-fingerprint
Same as the command @option{--fingerprint} but changes only the format
@@ -2062,6 +2127,12 @@ of the output and may be used together with another command.
@item --with-keygrip
@opindex with-keygrip
Include the keygrip in the key listings.
+
+ at item --with-secret
+ at opindex with-secret
+Include info about the presence of a secret key in public key listings
+done with @code{--with-colons}.
+
@end ifset
@end table
@@ -2244,9 +2315,13 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
available, but the MIT release is a good common baseline.
This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
- at option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+ at ifclear gpgone
+--allow-weak-digest-algos
+ at end ifclear
+--cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
@item --pgp6
@opindex pgp6
@@ -2702,6 +2777,14 @@ necessary to get as much data as possible out of the corrupt message.
However, be aware that a MDC protection failure may also mean that the
message was tampered with intentionally by an attacker.
+ at ifclear gpgone
+ at item --allow-weak-digest-algos
+ at opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message. This option allows the
+verification of signatures made with such weak algorithms.
+ at end ifclear
+
@item --no-default-keyring
@opindex no-default-keyring
Do not add the default keyrings to the list of keyrings. Note that
@@ -2963,18 +3046,33 @@ files; They all live in in the current home directory (@pxref{option
@table @file
- @item ~/.gnupg/secring.gpg
- The secret keyring. You should backup this file.
-
- @item ~/.gnupg/secring.gpg.lock
- The lock file for the secret keyring.
-
@item ~/.gnupg/pubring.gpg
The public keyring. You should backup this file.
@item ~/.gnupg/pubring.gpg.lock
The lock file for the public keyring.
+ at ifset gpgtwoone
+ @item ~/.gnupg/pubring.kbx
+ The public keyring using a different format. This file is sharred
+ with @command{gpgsm}. You should backup this file.
+
+ @item ~/.gnupg/pubring.kbx.lock
+ The lock file for @file{pubring.kbx}.
+ at end ifset
+
+ @item ~/.gnupg/secring.gpg
+ at ifclear gpgtwoone
+ The secret keyring. You should backup this file.
+ at end ifclear
+ at ifset gpgtwoone
+ A secret keyring as used by GnuPG versions before 2.1. It is not
+ used by GnuPG 2.1 and later.
+
+ @item ~/.gnupg/.gpg-v21-migrated
+ File indicating that a migration to GnuPG 2.1 has taken place.
+ at end ifset
+
@item ~/.gnupg/trustdb.gpg
The trust database. There is no need to backup this file; it is better
to backup the ownertrust values (@pxref{option --export-ownertrust}).
@@ -2985,6 +3083,9 @@ files; They all live in in the current home directory (@pxref{option
@item ~/.gnupg/random_seed
A file used to preserve the state of the internal random pool.
+ @item ~/.gnupg/secring.gpg.lock
+ The lock file for the secret keyring.
+
@item /usr[/local]/share/gnupg/options.skel
The skeleton options file.
diff --git a/doc/yat2m.c b/doc/yat2m.c
index 5dc81bf..2ac4390 100644
--- a/doc/yat2m.c
+++ b/doc/yat2m.c
@@ -1,5 +1,5 @@
/* yat2m.c - Yet Another Texi 2 Man converter
- * Copyright (C) 2005 g10 Code GmbH
+ * Copyright (C) 2005, 2013 g10 Code GmbH
* Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc.
*
* This program is free software; you can redistribute it and/or modify
@@ -17,7 +17,7 @@
*/
/*
- This is a simple textinfo to man page converter. It needs some
+ This is a simple texinfo to man page converter. It needs some
special markup in th e texinfo and tries best to get a create man
page. It has been designed for the GnuPG man pages and thus only
a few texinfo commands are supported.
@@ -107,6 +107,9 @@
character. */
#define LINESIZE 1024
+/* Number of allowed condition nestings. */
+#define MAX_CONDITION_NESTING 10
+
/* Option flags. */
static int verbose;
static int quiet;
@@ -117,10 +120,6 @@ static const char *opt_select;
static const char *opt_include;
static int opt_store;
-/* The only define we understand is -D gpgone. Thus we need a simple
- boolean tro track it. */
-static int gpgone_defined;
-
/* Flag to keep track whether any error occurred. */
static int any_error;
@@ -129,7 +128,7 @@ static int any_error;
struct macro_s
{
struct macro_s *next;
- char *value; /* Malloced value. */
+ char *value; /* Malloced value. */
char name[1];
};
typedef struct macro_s *macro_t;
@@ -137,6 +136,24 @@ typedef struct macro_s *macro_t;
/* List of all defined macros. */
static macro_t macrolist;
+/* List of global macro names. The value part is not used. */
+static macro_t predefinedmacrolist;
+
+/* Object to keep track of @isset and @ifclear. */
+struct condition_s
+{
+ int manverb; /* "manverb" needs special treatment. */
+ int isset; /* This is an @isset condition. */
+ char name[1]; /* Name of the condition macro. */
+};
+typedef struct condition_s *condition_t;
+
+/* The stack used to evaluate conditions. And the current states. */
+static condition_t condition_stack[MAX_CONDITION_NESTING];
+static int condition_stack_idx;
+static int cond_is_active; /* State of ifset/ifclear */
+static int cond_in_verbatim; /* State of "manverb". */
+
/* Object to store one line of content. */
struct line_buffer_s
@@ -313,7 +330,158 @@ isodatestring (void)
}
+/* Add NAME to the list of predefined macros which are global for all
+ files. */
+static void
+add_predefined_macro (const char *name)
+{
+ macro_t m;
+
+ for (m=predefinedmacrolist; m; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m)
+ {
+ m = xcalloc (1, sizeof *m + strlen (name));
+ strcpy (m->name, name);
+ m->next = predefinedmacrolist;
+ predefinedmacrolist = m;
+ }
+}
+
+
+/* Create or update a macro with name MACRONAME and set its values TO
+ MACROVALUE. Note that ownership of the macro value is transferred
+ to this function. */
+static void
+set_macro (const char *macroname, char *macrovalue)
+{
+ macro_t m;
+
+ for (m=macrolist; m; m = m->next)
+ if (!strcmp (m->name, macroname))
+ break;
+ if (m)
+ free (m->value);
+ else
+ {
+ m = xcalloc (1, sizeof *m + strlen (macroname));
+ strcpy (m->name, macroname);
+ m->next = macrolist;
+ macrolist = m;
+ }
+ m->value = macrovalue;
+ macrovalue = NULL;
+}
+
+
+/* Return true if the macro NAME is set, i.e. not the empty string and
+ not evaluating to 0. */
+static int
+macro_set_p (const char *name)
+{
+ macro_t m;
+
+ for (m = macrolist; m ; m = m->next)
+ if (!strcmp (m->name, name))
+ break;
+ if (!m || !m->value || !*m->value)
+ return 0;
+ if ((*m->value & 0x80) || !isdigit (*m->value))
+ return 1; /* Not a digit but some other string. */
+ return !!atoi (m->value);
+}
+
+
+/* Evaluate the current conditions. */
+static void
+evaluate_conditions (const char *fname, int lnr)
+{
+ int i;
+
+ /* for (i=0; i < condition_stack_idx; i++) */
+ /* inf ("%s:%d: stack[%d] %s %s %c", */
+ /* fname, lnr, i, condition_stack[i]->isset? "set":"clr", */
+ /* condition_stack[i]->name, */
+ /* (macro_set_p (condition_stack[i]->name) */
+ /* ^ !condition_stack[i]->isset)? 't':'f'); */
+
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
+ if (condition_stack_idx)
+ {
+ for (i=0; i < condition_stack_idx; i++)
+ {
+ if (condition_stack[i]->manverb)
+ cond_in_verbatim = (macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset);
+ else if (!(macro_set_p (condition_stack[i]->name)
+ ^ !condition_stack[i]->isset))
+ {
+ cond_is_active = 0;
+ break;
+ }
+ }
+ }
+
+ /* inf ("%s:%d: active=%d verbatim=%d", */
+ /* fname, lnr, cond_is_active, cond_in_verbatim); */
+}
+
+
+/* Push a condition with condition macro NAME onto the stack. If
+ ISSET is true, a @isset condition is pushed. */
+static void
+push_condition (const char *name, int isset, const char *fname, int lnr)
+{
+ condition_t cond;
+ int manverb = 0;
+ if (condition_stack_idx >= MAX_CONDITION_NESTING)
+ {
+ err ("%s:%d: condition nested too deep", fname, lnr);
+ return;
+ }
+
+ if (!strcmp (name, "manverb"))
+ {
+ if (!isset)
+ {
+ err ("%s:%d: using \"@ifclear manverb\" is not allowed", fname, lnr);
+ return;
+ }
+ manverb = 1;
+ }
+
+ cond = xcalloc (1, sizeof *cond + strlen (name));
+ cond->manverb = manverb;
+ cond->isset = isset;
+ strcpy (cond->name, name);
+
+ condition_stack[condition_stack_idx++] = cond;
+ evaluate_conditions (fname, lnr);
+}
+
+
+/* Remove the last condition from the stack. ISSET is used for error
+ reporting. */
+static void
+pop_condition (int isset, const char *fname, int lnr)
+{
+ if (!condition_stack_idx)
+ {
+ err ("%s:%d: unbalanced \"@end %s\"",
+ fname, lnr, isset?"isset":"isclear");
+ return;
+ }
+ condition_stack_idx--;
+ free (condition_stack[condition_stack_idx]);
+ condition_stack[condition_stack_idx] = NULL;
+ evaluate_conditions (fname, lnr);
+}
+
+
+�
/* Return a section buffer for the section NAME. Allocate a new buffer
if this is a new section. Keep track of the sections in THEPAGE.
This function may reallocate the section array in THEPAGE. */
@@ -862,14 +1030,8 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
int lnr = 0;
/* Fixme: The following state variables don't carry over to include
files. */
- int in_verbatim = 0;
int skip_to_end = 0; /* Used to skip over menu entries. */
int skip_sect_line = 0; /* Skip after @mansect. */
- int ifset_nesting = 0; /* How often a ifset has been seen. */
- int ifclear_nesting = 0; /* How often a ifclear has been seen. */
- int in_gpgone = 0; /* Keep track of "@ifset gpgone" parts. */
- int not_in_gpgone = 0; /* Keep track of "@ifclear gpgone" parts. */
- int not_in_man = 0; /* Keep track of "@ifclear isman" parts. */
int item_indent = 0; /* How far is the current @item indented. */
/* Helper to define a macro. */
@@ -883,7 +1045,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
size_t n = strlen (line);
int got_line = 0;
- char *p;
+ char *p, *pend;
lnr++;
if (!n || line[n-1] != '\n')
@@ -930,26 +1092,12 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "macro", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- macro_t m;
-
if (macrovalueused)
macrovalue[--macrovalueused] = 0; /* Kill the last LF. */
macrovalue[macrovalueused] = 0; /* Terminate macro. */
macrovalue = xrealloc (macrovalue, macrovalueused+1);
- for (m= macrolist; m; m = m->next)
- if (!strcmp (m->name, macroname))
- break;
- if (m)
- free (m->value);
- else
- {
- m = xcalloc (1, sizeof *m + strlen (macroname));
- strcpy (m->name, macroname);
- m->next = macrolist;
- macrolist = m;
- }
- m->value = macrovalue;
+ set_macro (macroname, macrovalue);
macrovalue = NULL;
free (macroname);
macroname = NULL;
@@ -997,23 +1145,33 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
if (n == 6 && !memcmp (line, "@ifset", 6)
&& (line[6]==' '||line[6]=='\t'))
{
- ifset_nesting++;
-
- if (!strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+ for (p=line+7; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_verbatim)
- err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
- else
- in_verbatim = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifset\"", fname, lnr);
+ continue;
}
- else if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 1, fname, lnr);
+ continue;
+ }
+ else if (n == 8 && !memcmp (line, "@ifclear", 8)
+ && (line[8]==' '||line[8]=='\t'))
+ {
+ for (p=line+9; *p == ' ' || *p == '\t'; p++)
+ ;
+ if (!*p)
{
- if (in_gpgone)
- err ("%s:%d: nested \"@ifset gpgone\"", fname, lnr);
- else
- in_gpgone = ifset_nesting;
+ err ("%s:%d: name missing after \"@ifsclear\"", fname, lnr);
+ continue;
}
+ for (pend=p; *pend && *pend != ' ' && *pend != '\t'; pend++)
+ ;
+ *pend = 0; /* Ignore rest of the line. */
+ push_condition (p, 0, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1021,40 +1179,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifset", 5)
&& (p[5]==' '||p[5]=='\t'||!p[5]))
{
- if (in_verbatim && ifset_nesting == in_verbatim)
- in_verbatim = 0;
- if (in_gpgone && ifset_nesting == in_gpgone)
- in_gpgone = 0;
-
- if (ifset_nesting)
- ifset_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifset\"", fname, lnr);
- continue;
- }
- else if (n == 8 && !memcmp (line, "@ifclear", 8)
- && (line[8]==' '||line[8]=='\t'))
- {
- ifclear_nesting++;
-
- if (!strncmp (p, "gpgone", 6)
- && (p[6]==' '||p[6]=='\t'||!p[6]))
- {
- if (not_in_gpgone)
- err ("%s:%d: nested \"@ifclear gpgone\"", fname, lnr);
- else
- not_in_gpgone = ifclear_nesting;
- }
-
- else if (!strncmp (p, "isman", 5)
- && (p[5]==' '||p[5]=='\t'||!p[5]))
- {
- if (not_in_man)
- err ("%s:%d: nested \"@ifclear isman\"", fname, lnr);
- else
- not_in_man = ifclear_nesting;
- }
-
+ pop_condition (1, fname, lnr);
continue;
}
else if (n == 4 && !memcmp (line, "@end", 4)
@@ -1062,23 +1187,13 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
&& !strncmp (p, "ifclear", 7)
&& (p[7]==' '||p[7]=='\t'||!p[7]))
{
- if (not_in_gpgone && ifclear_nesting == not_in_gpgone)
- not_in_gpgone = 0;
- if (not_in_man && ifclear_nesting == not_in_man)
- not_in_man = 0;
-
- if (ifclear_nesting)
- ifclear_nesting--;
- else
- err ("%s:%d: unbalanced \"@end ifclear\"", fname, lnr);
+ pop_condition (0, fname, lnr);
continue;
}
}
/* Take action on ifset/ifclear. */
- if ( (in_gpgone && !gpgone_defined)
- || (not_in_gpgone && gpgone_defined)
- || not_in_man)
+ if (!cond_is_active)
continue;
/* Process commands. */
@@ -1090,7 +1205,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
{
skip_to_end = 0;
}
- else if (in_verbatim)
+ else if (cond_in_verbatim)
{
got_line = 1;
}
@@ -1182,7 +1297,7 @@ parse_file (const char *fname, FILE *fp, char **section_name, int in_pause)
else if (!skip_to_end)
got_line = 1;
- if (got_line && in_verbatim)
+ if (got_line && cond_in_verbatim)
add_content (*section_name, line, 1);
else if (got_line && thepage.name && *section_name && !in_pause)
add_content (*section_name, line, 0);
@@ -1201,6 +1316,8 @@ top_parse_file (const char *fname, FILE *fp)
{
char *section_name = NULL; /* Name of the current section or NULL
if not in a section. */
+ macro_t m;
+
while (macrolist)
{
macro_t next = macrolist->next;
@@ -1208,6 +1325,10 @@ top_parse_file (const char *fname, FILE *fp)
free (macrolist);
macrolist = next;
}
+ for (m=predefinedmacrolist; m; m = m->next)
+ set_macro (m->name, xstrdup ("1"));
+ cond_is_active = 1;
+ cond_in_verbatim = 0;
parse_file (fname, fp, §ion_name, 0);
free (section_name);
@@ -1223,6 +1344,12 @@ main (int argc, char **argv)
opt_source = "GNU";
opt_release = "";
+ /* Define default macros. The trick is that these macros are not
+ defined when using the actual texinfo renderer. */
+ add_predefined_macro ("isman");
+ add_predefined_macro ("manverb");
+
+ /* Option parsing. */
if (argc)
{
argc--; argv++;
@@ -1327,8 +1454,7 @@ main (int argc, char **argv)
argc--; argv++;
if (argc)
{
- if (!strcmp (*argv, "gpgone"))
- gpgone_defined = 1;
+ add_predefined_macro (*argv);
argc--; argv++;
}
}
commit 0d0961c483f9cd0e195f88c0c82dbf2c859f88fe
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 17:14:15 2014 +0200
Fix syntax error introduced with 60bd6488
* g10/apdu.c (pcsc_dword_t): Fix syntax error.
diff --git a/g10/apdu.c b/g10/apdu.c
index 6e7faf0..66cf30b 100644
--- a/g10/apdu.c
+++ b/g10/apdu.c
@@ -84,7 +84,7 @@
#endif
#if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__)
-typedef unsinged int pcsc_dword_t;
+typedef unsigned int pcsc_dword_t;
#else
typedef unsigned long pcsc_dword_t;
#endif
@@ -1290,7 +1290,7 @@ connect_pcsc_card (int slot)
{
char reader[250];
pcsc_dword_t readerlen, atrlen;
- long card_state, card_protocol;
+ pcsc_dword_t card_state, card_protocol;
atrlen = DIM (reader_table[0].atr);
readerlen = sizeof reader -1 ;
@@ -1300,7 +1300,8 @@ connect_pcsc_card (int slot)
reader_table[slot].atr, &atrlen);
if (err)
log_error ("pcsc_status failed: %s (0x%lx) %lu\n",
- pcsc_error_string (err), err, readerlen);
+ pcsc_error_string (err),
+ (unsigned long)err, (unsigned long)readerlen);
else
{
if (atrlen > DIM (reader_table[0].atr))
commit 5230304349490f31aa64ee2b69a8a2bc06bf7816
Author: Stefan Tomanek <tomanek at internet-sicherheit.de>
Date: Thu Jan 30 00:57:43 2014 +0100
Screen keyserver responses.
* g10/main.h: Typedef import_filter for filter callbacks.
* g10/import.c (import): Add filter callbacks to param list.
(import_one): Ditto.
(import_secret_one): Ditto.
(import_keys_internal): Ditto.
(import_keys_stream): Ditto.
* g10/keyserver.c (keyserver_retrieval_filter): New.
(keyserver_spawn): Pass filter to import_keys_stream()
--
These changes introduces import functions that apply a constraining
filter to imported keys. These filters can verify the fingerprints of
the keys returned before importing them into the keyring, ensuring that
the keys fetched from the keyserver are in fact those selected by the
user beforehand.
Signed-off-by: Stefan Tomanek <tomanek at internet-sicherheit.de>
Re-indention and minor changes by wk.
diff --git a/g10/import.c b/g10/import.c
index 441dcca..e40141e 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -59,14 +59,17 @@ struct stats_s {
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options );
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg );
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
static void revocation_present(KBNODE keyblock);
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,
- unsigned int options,int from_sk);
+ unsigned int options,int from_sk,
+ import_filter filter, void *filter_arg);
static int import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options);
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg);
static int import_revoke_cert( const char *fname, KBNODE node,
struct stats_s *stats);
static int chk_self_sigs( const char *fname, KBNODE keyblock,
@@ -163,7 +166,8 @@ import_release_stats_handle (void *p)
static int
import_keys_internal( IOBUF inp, char **fnames, int nnames,
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
- unsigned int options )
+ unsigned int options,
+ import_filter filter, void *filter_arg)
{
int i, rc = 0;
struct stats_s *stats = stats_handle;
@@ -172,7 +176,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
stats = import_new_stats_handle ();
if (inp) {
- rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
+ rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
+ filter, filter_arg);
}
else {
int once = (!fnames && !nnames);
@@ -192,7 +197,8 @@ import_keys_internal( IOBUF inp, char **fnames, int nnames,
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
else
{
- rc = import( inp2, fname, stats, fpr, fpr_len, options );
+ rc = import (inp2, fname, stats, fpr, fpr_len, options,
+ NULL, NULL);
iobuf_close(inp2);
/* Must invalidate that ugly cache to actually close it. */
iobuf_ioctl (NULL, 2, 0, (char*)fname);
@@ -223,19 +229,23 @@ void
import_keys( char **fnames, int nnames,
void *stats_handle, unsigned int options )
{
- import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
+ import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
+ options, NULL, NULL);
}
int
import_keys_stream( IOBUF inp, void *stats_handle,
- unsigned char **fpr, size_t *fpr_len,unsigned int options )
+ unsigned char **fpr, size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg )
{
- return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
+ return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
+ options, filter, filter_arg);
}
static int
import( IOBUF inp, const char* fname,struct stats_s *stats,
- unsigned char **fpr,size_t *fpr_len,unsigned int options )
+ unsigned char **fpr,size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg)
{
PACKET *pending_pkt = NULL;
KBNODE keyblock = NULL;
@@ -252,9 +262,11 @@ import( IOBUF inp, const char* fname,struct stats_s *stats,
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
- rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
- else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
- rc = import_secret_one( fname, keyblock, stats, options );
+ rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
+ filter, filter_arg);
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one (fname, keyblock, stats, options,
+ filter, filter_arg);
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock, stats );
@@ -738,7 +750,7 @@ check_prefs(KBNODE keyblock)
static int
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
unsigned char **fpr,size_t *fpr_len,unsigned int options,
- int from_sk )
+ int from_sk, import_filter filter, void *filter_arg)
{
PKT_public_key *pk;
PKT_public_key *pk_orig;
@@ -778,6 +790,13 @@ import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
return 0;
}
+ if (filter && filter (pk, NULL, filter_arg))
+ {
+ log_error (_("key %s: %s\n"), keystr_from_pk(pk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if (opt.interactive) {
if(is_status_enabled())
print_import_check (pk, uidnode->pkt->pkt.user_id);
@@ -1146,7 +1165,8 @@ sec_to_pub_keyblock(KBNODE sec_keyblock)
*/
static int
import_secret_one( const char *fname, KBNODE keyblock,
- struct stats_s *stats, unsigned int options)
+ struct stats_s *stats, unsigned int options,
+ import_filter filter, void *filter_arg)
{
PKT_secret_key *sk;
KBNODE node, uidnode;
@@ -1162,6 +1182,12 @@ import_secret_one( const char *fname, KBNODE keyblock,
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+ if (filter && filter (NULL, sk, filter_arg)) {
+ log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
+ _("rejected by import filter"));
+ return 0;
+ }
+
if( opt.verbose )
{
log_info( "sec %4u%c/%s %s ",
@@ -1240,8 +1266,9 @@ import_secret_one( const char *fname, KBNODE keyblock,
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
if(pub_keyblock)
{
- import_one(fname,pub_keyblock,stats,
- NULL,NULL,opt.import_options,1);
+ import_one (fname, pub_keyblock, stats,
+ NULL, NULL, opt.import_options, 1,
+ NULL, NULL);
release_kbnode(pub_keyblock);
}
}
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 7bf9830..dca5e18 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -656,7 +656,7 @@ parse_keyrec(char *keystring)
case 'R':
work->flags|=1;
break;
-
+
case 'd':
case 'D':
work->flags|=2;
@@ -910,7 +910,7 @@ keyserver_search_prompt(IOBUF buffer,const char *searchstr)
/* Leave this commented out or now, and perhaps for a very long
time. All HKPish servers return HTML error messages for
no-key-found. */
- /*
+ /*
if(!started)
log_info(_("keyserver does not support searching\n"));
else
@@ -959,7 +959,52 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
-static int
+
+/* Check whether a key matches the search description. The filter
+ returns 0 if the key shall be imported. Note that this kind of
+ filter is not related to the iobuf filters. */
+static int
+keyserver_retrieval_filter (PKT_public_key *pk, PKT_secret_key *sk, void *arg)
+{
+ KEYDB_SEARCH_DESC *desc = arg;
+ u32 keyid[2];
+ byte fpr[MAX_FINGERPRINT_LEN];
+ size_t fpr_len = 0;
+
+ /* Secret keys are not expected from a keyserver. Do not import. */
+ if (sk)
+ return G10ERR_GENERAL;
+
+ fingerprint_from_pk (pk, fpr, &fpr_len);
+ keyid_from_pk (pk, keyid);
+
+ /* Compare requested and returned fingerprints if available. */
+ if (desc->mode == KEYDB_SEARCH_MODE_FPR20)
+ {
+ if (fpr_len != 20 || memcmp (fpr, desc->u.fpr, 20))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_FPR16)
+ {
+ if (fpr_len != 16 || memcmp (fpr, desc->u.fpr, 16))
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ if (keyid[0] != desc->u.kid[0] || keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+ else if (desc->mode == KEYDB_SEARCH_MODE_SHORT_KID)
+ {
+ if (keyid[1] != desc->u.kid[1])
+ return G10ERR_GENERAL;
+ }
+
+ return 0;
+}
+
+
+static int
keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
int count,int *prog,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver)
@@ -999,7 +1044,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
the program of this process lives. Fortunately Windows provides
a way to retrieve this and our get_libexecdir function has been
modified to return just this. Setting the exec-path is not
- anymore required.
+ anymore required.
set_exec_path(libexecdir);
*/
#else
@@ -1031,7 +1076,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
fetcher that can speak that protocol (this is a problem for
LDAP). */
- strcat(command,GPGKEYS_PREFIX);
+ strcat(command,GPGKEYS_PREFIX);
strcat(command,scheme);
/* This "_uri" thing is in case we need to call a direct handler
@@ -1061,7 +1106,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
{
command=xrealloc(command,strlen(command)+
strlen(KEYSERVER_ARGS_NOKEEP)+1);
- strcat(command,KEYSERVER_ARGS_NOKEEP);
+ strcat(command,KEYSERVER_ARGS_NOKEEP);
}
ret=exec_write(&spawn,NULL,command,NULL,0,0);
@@ -1509,8 +1554,9 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
but we better protect against rogue keyservers. */
import_keys_stream (spawn->fromchild, stats_handle, fpr, fpr_len,
- (opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ (opt.keyserver_options.import_options
+ | IMPORT_NO_SECKEY),
+ keyserver_retrieval_filter, desc);
import_print_stats(stats_handle);
import_release_stats_handle(stats_handle);
@@ -1541,7 +1587,7 @@ keyserver_spawn(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
return ret;
}
-static int
+static int
keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
int count,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver)
@@ -1611,7 +1657,7 @@ keyserver_work(enum ks_action action,STRLIST list,KEYDB_SEARCH_DESC *desc,
#endif /* ! DISABLE_KEYSERVER_HELPERS*/
}
-int
+int
keyserver_export(STRLIST users)
{
STRLIST sl=NULL;
@@ -1643,7 +1689,7 @@ keyserver_export(STRLIST users)
return rc;
}
-int
+int
keyserver_import(STRLIST users)
{
KEYDB_SEARCH_DESC *desc;
@@ -1703,7 +1749,7 @@ keyserver_import_fprint(const byte *fprint,size_t fprint_len,
return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
}
-int
+int
keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
{
KEYDB_SEARCH_DESC desc;
@@ -1718,7 +1764,7 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
}
/* code mostly stolen from do_export_stream */
-static int
+static int
keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
{
int rc=0,ndesc,num=100;
@@ -1741,10 +1787,10 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
}
else
{
- for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
+ for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
;
desc = xmalloc ( ndesc * sizeof *desc);
-
+
for (ndesc=0, sl=users; sl; sl = sl->next)
{
if(classify_user_id (sl->d, desc+ndesc))
@@ -1757,7 +1803,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
while (!(rc = keydb_search (kdbhd, desc, ndesc)))
{
- if (!users)
+ if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
/* read the keyblock */
@@ -1860,7 +1906,7 @@ keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
if(rc==-1)
rc=0;
-
+
leave:
if(rc)
xfree(*klist);
@@ -2043,7 +2089,7 @@ keyserver_import_cert(const char *name,unsigned char **fpr,size_t *fpr_len)
rc=import_keys_stream (key, NULL, fpr, fpr_len,
(opt.keyserver_options.import_options
- | IMPORT_NO_SECKEY));
+ | IMPORT_NO_SECKEY), NULL, NULL);
opt.no_armor=armor_status;
@@ -2182,7 +2228,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
snprintf(port,7,":%u",srvlist[i].port);
strcat(keyserver->host,port);
}
-
+
strcat(keyserver->host," ");
}
@@ -2198,7 +2244,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
strcat(keyserver->host,domain);
append_to_strlist(&list,name);
-
+
rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
free_strlist(list);
diff --git a/g10/main.h b/g10/main.h
index 784ade0..e4c4385 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -207,11 +207,15 @@ MPI encode_md_value( PKT_public_key *pk, PKT_secret_key *sk,
MD_HANDLE md, int hash_algo );
/*-- import.c --*/
+
+typedef int (*import_filter)(PKT_public_key *pk, PKT_secret_key *sk, void *arg);
+
int parse_import_options(char *str,unsigned int *options,int noisy);
void import_keys( char **fnames, int nnames,
void *stats_hd, unsigned int options );
-int import_keys_stream( IOBUF inp,void *stats_hd,unsigned char **fpr,
- size_t *fpr_len,unsigned int options );
+int import_keys_stream (IOBUF inp,void *stats_hd,unsigned char **fpr,
+ size_t *fpr_len,unsigned int options,
+ import_filter filter, void *filter_arg);
void *import_new_stats_handle (void);
void import_release_stats_handle (void *p);
void import_print_stats (void *hd);
commit 8eab483a1c4817a2946624c7305f464089d1875e
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 14:57:32 2014 +0200
Print hash algorithm in sig records
* g10/keylist.c (list_keyblock_colon): Print field 16.
--
We have this info already in gnupg-2 and it is easy to add it to 1.4.
Debian-bug-id: 672658
Patch written and tested by Daniel Leidert. See above.
diff --git a/g10/keylist.c b/g10/keylist.c
index 6618a7f..2728308 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1370,19 +1370,15 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_string( stdout, p, n, ':' );
xfree(p);
}
- printf(":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
+ printf(":%02x%c::", sig->sig_class,sig->flags.exportable?'x':'l');
if(opt.no_sig_cache && opt.check_sigs && fprokay)
{
- printf(":");
-
for (i=0; i < fplen ; i++ )
printf ("%02X", fparray[i] );
-
- printf(":");
}
- printf("\n");
+ printf(":::%d:\n", sig->digest_algo);
if(opt.show_subpackets)
print_subpackets_colon(sig);
commit 01bd0558dd2f8b80d2f3b61f91c11a68357c91fd
Author: Werner Koch <wk at gnupg.org>
Date: Mon Jun 23 13:24:43 2014 +0200
Remove useless diagnostic in MDC verification.
* g10/encr-data.c (decrypt_data): Do not distinguish between a bad MDC
packet header and a bad MDC.
--
The separate diagnostic was introduced for debugging a problems. For
explaining an MDC error a single error message is easier to understand.
diff --git a/g10/encr-data.c b/g10/encr-data.c
index 8d277ce..c65aa11 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -208,12 +208,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
cipher_decrypt ( dfx->cipher_hd, dfx->defer, dfx->defer, 22);
md_write ( dfx->mdc_hash, dfx->defer, 2);
md_final ( dfx->mdc_hash );
- if (dfx->defer[0] != '\xd3' || dfx->defer[1] != '\x14' ) {
- log_error("mdc_packet with invalid encoding\n");
- rc = G10ERR_INVALID_PACKET;
- }
- else if ( datalen != 20
- || memcmp(md_read( dfx->mdc_hash, 0 ), dfx->defer+2, datalen) )
+ if ( dfx->defer[0] != '\xd3'
+ || dfx->defer[1] != '\x14'
+ || datalen != 20
+ || memcmp (md_read (dfx->mdc_hash, 0 ), dfx->defer+2, datalen))
rc = G10ERR_BAD_SIGN;
/*log_hexdump("MDC calculated:",md_read( dfx->mdc_hash, 0), datalen);*/
/*log_hexdump("MDC message :", dfx->defer, 20);*/
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 29 +++++-
NEWS | 20 +++-
README | 27 +++--
configure.ac | 2 +-
doc/gpg.texi | 123 ++++++++++++++++++++--
doc/yat2m.c | 310 ++++++++++++++++++++++++++++++++++++++-----------------
g10/apdu.c | 7 +-
g10/encr-data.c | 10 +-
g10/import.c | 61 ++++++++---
g10/keylist.c | 8 +-
g10/keyserver.c | 86 +++++++++++----
g10/main.h | 8 +-
po/be.po | 11 ++
po/ca.po | 11 ++
po/cs.po | 13 +++
po/da.po | 13 +++
po/de.po | 13 ++-
po/el.po | 11 ++
po/eo.po | 11 ++
po/es.po | 13 +++
po/et.po | 11 ++
po/fi.po | 11 ++
po/fr.po | 13 +++
po/gl.po | 11 ++
po/hu.po | 11 ++
po/id.po | 11 ++
po/it.po | 11 ++
po/ja.po | 13 +++
po/nb.po | 13 +++
po/nl.po | 13 +++
po/pl.po | 13 +++
po/pt.po | 11 ++
po/pt_BR.po | 11 ++
po/ro.po | 13 +++
po/ru.po | 13 +++
po/sk.po | 11 ++
po/sv.po | 13 +++
po/tr.po | 13 +++
po/uk.po | 13 +++
po/zh_CN.po | 13 +++
po/zh_TW.po | 13 +++
util/argparse.c | 2 +-
42 files changed, 864 insertions(+), 180 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list