From cvs at cvs.gnupg.org Tue Dec 1 08:08:57 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Dec 2015 08:08:57 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.9-202-g3be12d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d (commit) from fdd2cc5f3b257bac056992b79623310bb0b494d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d Author: Werner Koch Date: Tue Dec 1 08:04:49 2015 +0100 build: Let configure show the the status of Tor support * configure.ac (show_tor_support): New Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index d9aac71..bd84633 100644 --- a/configure.ac +++ b/configure.ac @@ -108,6 +108,8 @@ use_ccid_driver=yes dirmngr_auto_start=yes use_tls_library=no large_secmem=no +show_tor_support=no + GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes) @@ -755,10 +757,29 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION", if test "$have_libassuan" = "yes"; then AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version", [version of the libassuan library]) + # Starting with 2.4.1 we have Tor support in Libassuan. */ + ok=no + if test "$libassuan_version_major" -gt "2"; then + ok=yes + else + if test "$libassuan_version_major" -eq "2"; then + if test "$libassuan_version_minor" -gt "4"; then + ok=yes + else + if test "$libassuan_version_minor" -eq "4"; then + if test "$libassuan_version_micro" -ge "1"; then + ok=yes + fi + fi + fi + fi + fi + if test $ok = yes ;then + show_tor_support="only .onion" + fi fi - # # libksba is our X.509 support library # @@ -955,6 +976,9 @@ if test "$with_adns" != "no"; then AC_MSG_RESULT($adns_if_tormode) if test x"$adns_if_tormode" = xyes; then AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available]) + if test "$show_tor_support" != "no"; then + show_tor_support=yes + fi fi fi CPPFLAGS=${_cppflags} @@ -1853,6 +1877,7 @@ echo " DNS SRV support: $use_dns_srv TLS support: $use_tls_library TOFU support: $use_tofu + Tor support: $show_tor_support " if test x"$use_regex" != xyes ; then echo " ----------------------------------------------------------------------- Summary of changes: configure.ac | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 08:10:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Dec 2015 08:10:05 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-202-g3be12d1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d (commit) from fdd2cc5f3b257bac056992b79623310bb0b494d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: configure.ac | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 08:49:01 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Dec 2015 08:49:01 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-203-g9f4f77b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9f4f77bc4b8bf17010796fe3c2d23024047154ea (commit) from 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f4f77bc4b8bf17010796fe3c2d23024047154ea Author: Werner Koch Date: Tue Dec 1 08:45:03 2015 +0100 Update NEWS file -- diff --git a/NEWS b/NEWS index 977b341..164b1db 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,60 @@ Noteworthy changes in version 2.1.10 (unreleased) ------------------------------------------------- + * gpg: New trust models "tofu" and "tofu+pgp". + + * gpg: New command --tofu-policy. New options --tofu-default-policy + and --tofu-db-format. + + * gpg: New option --weak-digest to specify hash algorithms which + should be considered weak. + + * gpg: Allow the use of multiple --default-key options; take the last + available key. + + * gpg: New option --encrypt-to-default-key. + + * gpg: New option --unwrap to only strip the encryption layer. + + * gpg: New option --only-sign-text-ids to exclude photo IDs from key + signing. + + * gpg: Check for ambigious or non-matching key specification of + command line options. + + * gpg: Show the used card reader with --card-status. + + * gpg: Print export statistics and an EXPORTED status line. + + * gpg: Allow selecting subkeys by keyid in --edit-key. + + * gpg: Allow updating the expiration time of multiple subkeys at + once. + + * dirmngr: New option --use-tor. For full support this requires + libassuan version 2.4.1 and a patched version of libadns + (e.g. adns-1.4-g10-7 as used by the standard Windows installer). + + * dirmngr: New option --nameserver to specify the nameserver used in + Tor mode. + + * dirmngr: Keyservers may again be specified by IP address. + + * dirmngr: Fixed problems in resolving keyserver pools. + + * dirmngr: Fixed handling of premature termination of TLS streams so + that large numbers of keys can be refreshed via hkps. + + * gpg: Fixed a regression in --locate-key since 2.1.9. + + * gpg: Fixed another bug for keyrings with legacy keys. + + * gpgsm: Allow combinations of usage flags in --gen-key. + + * Make tilde expansion work with most options. + + * Many other cleanups and bug fixes. + Noteworthy changes in version 2.1.9 (2015-10-09) ------------------------------------------------ ----------------------------------------------------------------------- Summary of changes: NEWS | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 13:07:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Dec 2015 13:07:07 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-10-gc05b1cd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via c05b1cd8aa4400cab9b315a6a55351dc95e0f929 (commit) via bd3781f92bb0989bfbc33a89fe1f6db3c89cdf31 (commit) from 999162e7c38d4b8c76270e7b6790417fd6439ef3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c05b1cd8aa4400cab9b315a6a55351dc95e0f929 Author: Werner Koch Date: Tue Dec 1 13:01:29 2015 +0100 doc: Add a note about translated strings in Pinentry. -- Suggested-by: Daniel Kahn Gillmor diff --git a/doc/HACKING b/doc/HACKING index 2f6dc69..f48721e 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -21,3 +21,18 @@ in a "real" ChangeLog file, but keep the maximum line length at 72 or smaller, so that the generated ChangeLog lines, each with its leading TAB, will not exceed 80 columns. + + For more infomration please check the HACHING file from the GnuPG + project. + +* String translation + + Pinentry does not not require any translation files because it + expects that all strings are provided localized by the caller. This + is due to the design constraint to keep the tool simple and also to + make sure that translations match those of GnuPG. + + The available translated strings can be found in GnuPG, file + agent/call-pinentry, function start_pinentry. If a string is not + available the Pinentry code uses a default as a fallback. However, + it is highly suggested to provide Pinentry with translated strings. commit bd3781f92bb0989bfbc33a89fe1f6db3c89cdf31 Author: Werner Koch Date: Tue Dec 1 12:54:38 2015 +0100 Remove unused code. * secmem/util.c (lower_privs, raise_privs): Remove commented functions. diff --git a/secmem/util.c b/secmem/util.c index a47164a..31bea01 100644 --- a/secmem/util.c +++ b/secmem/util.c @@ -41,7 +41,7 @@ static uid_t real_uid, file_uid; /* Write DATA of size BYTES to FD, until all is written or an error occurs. */ -ssize_t +ssize_t xwrite(int fd, const void *data, size_t bytes) { char *ptr; @@ -68,7 +68,7 @@ xwrite(int fd, const void *data, size_t bytes) #if 0 extern int debug; -int +int debugmsg(const char *fmt, ...) { va_list va; @@ -88,7 +88,7 @@ debugmsg(const char *fmt, ...) /* initialize uid variables */ #ifndef HAVE_DOSISH_SYSTEM -static void +static void init_uids(void) { real_uid = getuid(); @@ -98,42 +98,8 @@ init_uids(void) #endif -#if 0 /* Not used. */ -/* lower privileges to the real user's */ -void -lower_privs() -{ - if (!uid_set) - init_uids(); - if (real_uid != file_uid) { -#ifdef HAVE_SETEUID - if (seteuid(real_uid) < 0) { - perror("lowering privileges failed"); - exit(EXIT_FAILURE); - } -#else - fprintf(stderr, _("Warning: running q-agent setuid on this system is dangerous\n")); -#endif /* HAVE_SETEUID */ - } -} -#endif /* if 0 */ - -#if 0 /* Not used. */ -/* raise privileges to the effective user's */ -void -raise_privs() -{ - assert(real_uid >= 0); /* lower_privs() must be called before this */ -#ifdef HAVE_SETEUID - if (real_uid != file_uid && seteuid(file_uid) < 0) { - perror("Warning: raising privileges failed"); - } -#endif /* HAVE_SETEUID */ -} -#endif /* if 0 */ - /* drop all additional privileges */ -void +void drop_privs() { #ifndef HAVE_DOSISH_SYSTEM ----------------------------------------------------------------------- Summary of changes: doc/HACKING | 15 +++++++++++++++ secmem/util.c | 42 ++++-------------------------------------- 2 files changed, 19 insertions(+), 38 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 13:33:36 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 01 Dec 2015 13:33:36 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-204-g9c34711 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9c34711539fc2c34aea8da0fd49ae6aa28991518 (commit) from 9f4f77bc4b8bf17010796fe3c2d23024047154ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9c34711539fc2c34aea8da0fd49ae6aa28991518 Author: Justus Winter Date: Tue Dec 1 13:24:38 2015 +0100 dirmngr: Improve error handling. * dirmngr/dns-stuff.c (getsrv): Avoid looking at 'header' before checking for errors, but silently ignore errors when looking up SRV records. -- This is a follow-up to 946faaff. Signed-off-by: Justus Winter diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index b3ad9bc..1bf6cfc 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -1086,10 +1086,9 @@ getsrv (const char *name,struct srventry **list) return -1; r = res_query (name, C_IN, T_SRV, answer, sizeof answer); - if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) + if (r < sizeof (HEADER) || r > sizeof answer + || header->rcode != NOERROR || !(count=ntohs (header->ancount))) return 0; /* Error or no record found. */ - if (r < sizeof (HEADER) || r > sizeof answer) - return -1; emsg = &answer[r]; pt = &answer[sizeof(HEADER)]; ----------------------------------------------------------------------- Summary of changes: dirmngr/dns-stuff.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 15:59:18 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 01 Dec 2015 15:59:18 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-11-g14e06fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 14e06fe2500a1735b2089b03231e45e63a6f40fb (commit) via 3b25c803cf70964b0ae32467a0165c3be7b0a980 (commit) via d456bff708712a6036f58b068e021eb023cac320 (commit) via d6c6d56f497874ead334aa282979a9364bf37f92 (commit) from 32688545e91e84d88cab9837da715861420acfd7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 14e06fe2500a1735b2089b03231e45e63a6f40fb Author: Andre Heinecke Date: Tue Dec 1 15:57:06 2015 +0100 Activate MIME style handling for PGPMessages >OL14 * src/mapihelp.cpp (get_msgcls_from_pgp_lines): Remove check for outlook version. -- Now that we can revert PGPMessages the reason for this check is no longer valid. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 17032e0..45fe276 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -544,16 +544,6 @@ get_msgcls_from_pgp_lines (LPMESSAGE message) ULONG tag; int is_binary = 0; - if (g_ol_version_major >= 14) - { - /* XXX For now we want to ignore clearsigned and PGP/Inline - signed code as we still have the old body based interface - for those. And before we handle them we should tackle - some interoperability issues arising from our current - handling (e.g. fix the wipe to restore the PGP body) */ - return NULL; - } - hr = 0; if (!get_internetcharsetbody_tag (message, &tag) ) { commit 3b25c803cf70964b0ae32467a0165c3be7b0a980 Author: Andre Heinecke Date: Tue Dec 1 15:54:06 2015 +0100 Add revert to mail class and use it instead wipe * src/mail.cpp (Mail::revert_all_mails, Mail::revert): New. * src/mail.h: Update accordingly. * src/mailitem-events.cpp (MailitemEvents::Invoke): Revert instead of wipe. -- The wipe code remains intact for now. If we find out that reverting is the wrong approach we can fall back to wipining again by changing the call in mailitem-events. For now most messages will be wiped anyway as revert is only supported for PGPMESSAGE messages. diff --git a/src/mail.cpp b/src/mail.cpp index 9e81e13..8c6f56d 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -26,6 +26,7 @@ #include "attachment.h" #include "mapihelp.h" #include "message.h" +#include "revert.h" #include @@ -338,6 +339,21 @@ Mail::get_sender () return m_sender; } +int +Mail::revert_all_mails () +{ + int err = 0; + std::map::iterator it; + for (it = g_mail_map.begin(); it != g_mail_map.end(); ++it) + { + if (it->second->revert ()) + { + log_error ("Failed to wipe mail: %p ", it->first); + err++; + } + } + return err; +} int Mail::wipe_all_mails () @@ -354,3 +370,25 @@ Mail::wipe_all_mails () } return err; } + +int +Mail::revert () +{ + int err; + if (!m_processed) + { + return 0; + } + + err = gpgol_mailitem_revert (m_mailitem); + + if (err == -1) + { + log_error ("%s:%s: Message revert failed falling back to wipe.", + SRCNAME, __func__); + return wipe (); + } + /* We need to reprocess the mail next time around. */ + m_processed = false; + return 0; +} diff --git a/src/mail.h b/src/mail.h index 0d7084d..e92ebee 100644 --- a/src/mail.h +++ b/src/mail.h @@ -64,6 +64,15 @@ public: */ static int wipe_all_mails (); + /** @brief revert all known Mail objects. + * + * Similar to wipe but works on MAPI to revert our attachment + * dance and restore an original MIME mail. + * + * @returns the number of errors that occured. + */ + static int revert_all_mails (); + /** @brief Reference to the mailitem. Do not Release! */ LPDISPATCH item () { return m_mailitem; } @@ -101,11 +110,16 @@ public: /** @brief Message should be encrypted and or signed. */ bool needs_crypto (); - /** @brief wipe the plaintext from the message and ecnrypt attachments. + /** @brief wipe the plaintext from the message and encrypt attachments. * * @returns 0 on success; */ int wipe (); + /** @brief revert the message to the original mail before our changes. + * + * @returns 0 on success; */ + int revert (); + /** @brief update the sender address. * * For Exchange 2013 at least we don't have any other way to get the diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index 5608356..3c99023 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -101,7 +101,6 @@ request_send (LPVOID arg) return 0; } - /* The main Invoke function. The return value of this function does not appear to have any effect on outlook although I have read in an example somewhere that you @@ -197,7 +196,7 @@ EVENT_SINK_INVOKE(MailItemEvents) break; } - if (m_mail->wipe ()) + if (m_mail->revert ()) { /* An error cleaning the mail should not happen normally. But just in case there is an error we cancel the commit d456bff708712a6036f58b068e021eb023cac320 Author: Andre Heinecke Date: Tue Dec 1 15:21:03 2015 +0100 Add mail revert implementation that works on OOM * src/revert.cpp (gpgol_mailitem_revert): Revert mail in OOM. * src/revert.h: Add prototype. -- Using OOM appeared to be necessary. At least I have not found a way to modify the Body through MAPI in a way that it survived the write event. It appeared that during the Write event the OOM Body is synced back to mapi. Same for the attachment model in OOM. Some weirdeness there. Now we use OOM as much as possible. There is some duplication with the old code but I didn't want to touch the old code to aviod regressions. Although I doubt very much that the old code works correctly. For now the code returns an error for all messages apart from PGP Message. diff --git a/src/revert.cpp b/src/revert.cpp index 5e1d474..62a574f 100644 --- a/src/revert.cpp +++ b/src/revert.cpp @@ -233,6 +233,231 @@ gpgol_message_revert (LPMESSAGE message, LONG do_save, ULONG save_flags) return rc; } +/* Helper method for mailitem_revert to add changes on the mapi side + and save them. */ +static int finalize_mapi (LPMESSAGE message, char *msgcls) +{ + char * oldmsgcls = NULL; + HRESULT hr; + SPropValue prop; + SPropTagArray proparray; + ULONG tag_id; + if (mapi_save_changes (message, FORCE_SAVE | KEEP_OPEN_READWRITE)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + return -1; + } + oldmsgcls = mapi_get_old_message_class (message); + if (!oldmsgcls) + { + /* No saved message class, mangle the actual class. */ + if (!strcmp (msgcls, "IPM.Note.GpgOL.ClearSigned") + || !strcmp (msgcls, "IPM.Note.GpgOL.PGPMessage") ) + msgcls[8] = 0; + else + memcpy (msgcls+9, "SMIME", 5); + oldmsgcls = msgcls; + msgcls = NULL; + } + /* Change the message class. */ + prop.ulPropTag = PR_MESSAGE_CLASS_A; + prop.Value.lpszA = oldmsgcls; + hr = message->SetProps (1, &prop, NULL); + if (hr) + { + log_error ("%s:%s: can't set message class to `%s': hr=%#lx\n", + SRCNAME, __func__, oldmsgcls, hr); + return -1; + } + if (get_gpgollastdecrypted_tag (message, &tag_id)) + { + log_error ("%s:%s: can't getlastdecrypted tag", + SRCNAME, __func__); + return -1; + } + proparray.cValues = 1; + proparray.aulPropTag[0] = tag_id; + hr = message->DeleteProps (&proparray, NULL); + if (hr) + { + log_error ("%s:%s: failed to delete lastdecrypted tag", + SRCNAME, __func__); + return -1; + } + return 0; +} + +/* Similar to gpgol_message_revert but works on OOM and is + used by the Ol > 2010 implementation. + Doing this through OOM was necessary as the MAPI structures + in the write event are not in sync with the OOM side. + Trying to revert in the AfterWrite where MAPI is synced + led to an additional save_changes after the wipe and + so an additional sync. + Updating the BODY through MAPI did not appear to work + at all. Not sure why this is the case. + Using the property accessor methods instead of + MAPI properties might also not be necessary. + + Returns 0 on success, -1 on error. On error this + function might leave plaintext in the mail. */ +EXTERN_C LONG __stdcall +gpgol_mailitem_revert (LPDISPATCH mailitem) +{ + LPDISPATCH attachments = NULL; + LPMESSAGE message = NULL; + char *item_str; + char *msgcls = NULL; + int i; + int count = 0; + LONG result = -1; + msgtype_t msgtype; + + /* Check whether we need to care about this message. */ + msgcls = get_pa_string (mailitem, PR_MESSAGE_CLASS_W_DASL); + log_debug ("%s:%s: message class is `%s'\n", + SRCNAME, __func__, msgcls? msgcls:"[none]"); + if ( !( !strncmp (msgcls, "IPM.Note.GpgOL", 14) + && (!msgcls[14] || msgcls[14] == '.') ) ) + { + xfree (msgcls); + log_error ("%s:%s: Message processed but not our class. Bug.", + SRCNAME, __func__); + return 0; /* Not one of our message classes. */ + } + + message = get_oom_base_message (mailitem); + attachments = get_oom_object (mailitem, "Attachments"); + + if (!message) + { + log_error ("%s:%s: No message object.", + SRCNAME, __func__); + goto done; + } + + if (!attachments) + { + log_error ("%s:%s: No attachments object.", + SRCNAME, __func__); + goto done; + } + msgtype = mapi_get_message_type (message); + + if (msgtype != MSGTYPE_GPGOL_PGP_MESSAGE) + { + log_error ("%s:%s: Revert not supported for msgtype: %i", + SRCNAME, __func__, msgtype); + goto done; + } + + count = get_oom_int (attachments, "Count"); + + if (count < 1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + /* Yes the items start at 1! */ + for (i = 1; i <= count; i++) + { + LPDISPATCH attachment; + attachtype_t att_type; + + if (gpgrt_asprintf (&item_str, "Item(%i)", i) == -1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + attachment = get_oom_object (attachments, item_str); + xfree (item_str); + if (!attachment) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + if (get_pa_int (attachment, GPGOL_ATTACHTYPE_DASL, (int*) &att_type)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + switch (att_type) + { + case ATTACHTYPE_PGPBODY: + { + /* Restore Body */ + char *body = get_pa_string (attachment, PR_ATTACH_DATA_BIN_DASL); + if (!body) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + RELDISP (attachment); + goto done; + } + log_debug ("%s:%s: Restoring pgp-body.", + SRCNAME, __func__); + if (put_oom_string (mailitem, "Body", body)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + xfree (body); + RELDISP (attachment); + goto done; + } + xfree (body); + } /* No break we also want to delete that. */ + case ATTACHTYPE_FROMMOSS: + case ATTACHTYPE_FROMMOSS_DEC: + { + if (invoke_oom_method (attachment, "Delete", NULL)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + RELDISP (attachment); + goto done; + } + i--; + count--; + break; + } + case ATTACHTYPE_MOSS: + { + VARIANT value; + VariantInit (&value); + value.vt = VT_BOOL; + value.boolVal = VARIANT_FALSE; + if (set_pa_variant (attachment, PR_ATTACHMENT_HIDDEN_DASL, + &value)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + RELDISP (attachment); + goto done; + } + put_oom_string (mailitem, "Body", ""); + break; + } + default: + log_error ("%s:%s: Unknown attachment type: %i", + SRCNAME, __func__, att_type); + } + RELDISP (attachment); + } + + if (finalize_mapi (message, msgcls)) + { + log_error ("%s:%s: Finalize failed.", + SRCNAME, __func__); + goto done; + } + result = 0; +done: + RELDISP (message); + xfree (msgcls); + RELDISP (attachments); + + return result; +} /* Revert all messages in the MAPIFOLDEROBJ. */ EXTERN_C LONG __stdcall diff --git a/src/revert.h b/src/revert.h index abec778..6aa18e0 100644 --- a/src/revert.h +++ b/src/revert.h @@ -24,6 +24,8 @@ EXTERN_C LONG __stdcall gpgol_message_revert (LPMESSAGE message, LONG do_save, ULONG save_flags); +EXTERN_C LONG __stdcall gpgol_mailitem_revert (LPDISPATCH mailitem); + EXTERN_C LONG __stdcall gpgol_folder_revert (LPDISPATCH mapifolderobj); commit d6c6d56f497874ead334aa282979a9364bf37f92 Author: Andre Heinecke Date: Tue Dec 1 15:15:46 2015 +0100 Add OOM PropertyAccessor helper methods * src/oomhelp.cpp (set_pa_variant): New. Set a property. (get_pa_int): New. Get an int property. (get_pa_variant): New. Get a generic property as variant. (get_pa_string): Refactored to use get_pa_variant. * src/oomhelp.h: Add prototpyes and DASL defs. -- This code might not be necessary as you mainly can access MAPI directly. But it can be useful in case MAPI is out of sync and gives weird values. This is added mostly as an experiment for now as MAPI is usually easier to use. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 83cc344..3a5de17 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -790,34 +790,97 @@ get_oom_context_window (LPDISPATCH context) return ret; } - -/* Get a property string by using the PropertyAccessor of pDisp - * returns NULL on error or a newly allocated result. */ -char * -get_pa_string (LPDISPATCH pDisp, const char *property) +int set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value) { LPDISPATCH propertyAccessor; - VARIANT rVariant, - cVariant[1]; + VARIANT cVariant[2]; + VARIANT rVariant; + DISPID dispid; + DISPPARAMS dispparams; + HRESULT hr; + EXCEPINFO execpinfo; BSTR b_property; + wchar_t *w_property; + unsigned int argErr = 0; + + log_oom ("%s:%s: Looking up property: %s;", + SRCNAME, __func__, dasl_id); + + propertyAccessor = get_oom_object (pDisp, "PropertyAccessor"); + if (!propertyAccessor) + { + log_error ("%s:%s: Failed to look up property accessor.", + SRCNAME, __func__); + return -1; + } + + dispid = lookup_oom_dispid (propertyAccessor, "SetProperty"); + + if (dispid == DISPID_UNKNOWN) + { + log_error ("%s:%s: could not find SetProperty DISPID", + SRCNAME, __func__); + return -1; + } + + /* Prepare the parameter */ + w_property = utf8_to_wchar (dasl_id); + b_property = SysAllocString (w_property); + xfree (w_property); + + cVariant[1].vt = VT_BSTR; + cVariant[1].bstrVal = b_property; + VariantCopy (&cVariant[0], value); + dispparams.rgvarg = cVariant; + dispparams.cArgs = 2; + dispparams.cNamedArgs = 0; + VariantInit (&rVariant); + + hr = propertyAccessor->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, + DISPATCH_METHOD, &dispparams, + &rVariant, &execpinfo, &argErr); + SysFreeString (b_property); + RELDISP (propertyAccessor); + if (hr != S_OK) + { + log_debug ("%s:%s: error: invoking SetProperty p=%p vt=%d" + " hr=0x%x argErr=0x%x", + SRCNAME, __func__, + rVariant.pdispVal, rVariant.vt, (unsigned int)hr, + (unsigned int)argErr); + dump_excepinfo (execpinfo); + VariantClear (&rVariant); + return -1; + } + return 0; +} + +/* Get a MAPI property through OOM using the PropertyAccessor + * interface and the DASL Uid. Returns -1 on error. + * Variant has to be cleared with VariantClear. + * rVariant must be a pointer to a Variant. + */ +int get_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *rVariant) +{ + LPDISPATCH propertyAccessor; + VARIANT cVariant[1]; DISPID dispid; DISPPARAMS dispparams; HRESULT hr; EXCEPINFO execpinfo; + BSTR b_property; wchar_t *w_property; unsigned int argErr = 0; - char *result = NULL; - log_debug ("%s:%s: Looking up property: %s;", - SRCNAME, __func__, property); + log_oom ("%s:%s: Looking up property: %s;", + SRCNAME, __func__, dasl_id); propertyAccessor = get_oom_object (pDisp, "PropertyAccessor"); if (!propertyAccessor) { log_error ("%s:%s: Failed to look up property accessor.", SRCNAME, __func__); - /* Fall back to address field on error. */ - return NULL; + return -1; } dispid = lookup_oom_dispid (propertyAccessor, "GetProperty"); @@ -826,11 +889,11 @@ get_pa_string (LPDISPATCH pDisp, const char *property) { log_error ("%s:%s: could not find GetProperty DISPID", SRCNAME, __func__); - return NULL; + return -1; } /* Prepare the parameter */ - w_property = utf8_to_wchar (property); + w_property = utf8_to_wchar (dasl_id); b_property = SysAllocString (w_property); xfree (w_property); @@ -839,34 +902,99 @@ get_pa_string (LPDISPATCH pDisp, const char *property) dispparams.rgvarg = cVariant; dispparams.cArgs = 1; dispparams.cNamedArgs = 0; - VariantInit (&rVariant); + VariantInit (rVariant); hr = propertyAccessor->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, &dispparams, - &rVariant, &execpinfo, &argErr); + rVariant, &execpinfo, &argErr); + SysFreeString (b_property); + RELDISP (propertyAccessor); if (hr != S_OK) { - log_debug ("%s:%s: error: invoking GetPrperty p=%p vt=%d hr=0x%x argErr=0x%x", + log_debug ("%s:%s: error: invoking GetProperty p=%p vt=%d" + " hr=0x%x argErr=0x%x", SRCNAME, __func__, - rVariant.pdispVal, rVariant.vt, (unsigned int)hr, + rVariant->pdispVal, rVariant->vt, (unsigned int)hr, (unsigned int)argErr); dump_excepinfo (execpinfo); + VariantClear (rVariant); + return -1; + } + return 0; +} + +/* Get a property string by using the PropertyAccessor of pDisp + * returns NULL on error or a newly allocated result. */ +char * +get_pa_string (LPDISPATCH pDisp, const char *property) +{ + VARIANT rVariant; + char *result = NULL; + + if (get_pa_variant (pDisp, property, &rVariant)) + { + return NULL; + } + + if (rVariant.vt == VT_BSTR && rVariant.bstrVal) + { + result = wchar_to_utf8 (rVariant.bstrVal); + } + else if (rVariant.vt & VT_ARRAY && !(rVariant.vt & VT_BYREF)) + { + LONG uBound, lBound; + VARTYPE vt; + char *data; + SafeArrayGetVartype(rVariant.parray, &vt); + + if (SafeArrayGetUBound (rVariant.parray, 1, &uBound) != S_OK || + SafeArrayGetLBound (rVariant.parray, 1, &lBound) != S_OK || + vt != VT_UI1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + VariantClear (&rVariant); + return NULL; + } + + result = (char *)xmalloc (uBound - lBound + 1); + data = (char *) rVariant.parray->pvData; + memcpy (result, data + lBound, uBound - lBound); + result[uBound - lBound] = '\0'; + } + else + { + log_debug ("%s:%s: Property `%s' is not a string (vt=%d)", + SRCNAME, __func__, property, rVariant.vt); } - else if (rVariant.vt != VT_BSTR) - log_debug ("%s:%s: Property `%s' is not a string (vt=%d)", - SRCNAME, __func__, property, rVariant.vt); - else if (rVariant.bstrVal) - result = wchar_to_utf8 (rVariant.bstrVal); - SysFreeString (b_property); - RELDISP (propertyAccessor); VariantClear (&rVariant); - log_debug ("%s:%s: Lookup result: %s;", - SRCNAME, __func__, result); return result; } +int +get_pa_int (LPDISPATCH pDisp, const char *property, int *rInt) +{ + VARIANT rVariant; + + if (get_pa_variant (pDisp, property, &rVariant)) + { + return -1; + } + + if (rVariant.vt != VT_I4) + { + log_debug ("%s:%s: Property `%s' is not a int (vt=%d)", + SRCNAME, __func__, property, rVariant.vt); + return -1; + } + + *rInt = rVariant.lVal; + + VariantClear (&rVariant); + return 0; +} + /* Gets a malloced NULL terminated array of recipent strings from an OOM recipients Object. */ char ** diff --git a/src/oomhelp.h b/src/oomhelp.h index 9d2a3b3..66cff65 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -78,9 +78,22 @@ DEFINE_OLEGUID(IID_IDispatch, 0x00020400, 0, 0); DEFINE_OLEGUID(IID_IOleWindow, 0x00000114, 0, 0); #ifndef PR_SMTP_ADDRESS_DASL -#define PR_SMTP_ADDRESS_DASL "http://schemas.microsoft.com/mapi/proptag/0x39FE001E" +#define PR_SMTP_ADDRESS_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x39FE001E" #endif +#define PR_MESSAGE_CLASS_W_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x001A001F" +#define GPGOL_ATTACHTYPE_DASL \ + "http://schemas.microsoft.com/mapi/string/" \ + "{31805AB8-3E92-11DC-879C-00061B031004}/GpgOL Attach Type/0x00000003" +#define PR_ATTACH_DATA_BIN_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x37010102" +#define PR_BODY_W_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x1000001F" +#define PR_ATTACHMENT_HIDDEN_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x7FFE000B" + #ifdef __cplusplus extern "C" { #if 0 @@ -145,6 +158,23 @@ add_oom_attachment (LPDISPATCH disp, wchar_t* inFile); char * get_pa_string (LPDISPATCH pDisp, const char *property); +/* Look up a long with the propertyAccessor interface. + returns -1 on error.*/ +int +get_pa_int (LPDISPATCH pDisp, const char *property, int *rInt); + +/* Set a variant with the propertyAccessor interface */ +int +set_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *value); + +/* Look up a variant with the propertyAccessor interface */ +int +get_pa_variant (LPDISPATCH pDisp, const char *dasl_id, VARIANT *rVariant); + +/* Look up a LONG with the propertyAccessor interface */ +LONG +get_pa_long (LPDISPATCH pDisp, const char *dasl_id); + /* Queries the interface of the dispatcher for the id id. Returns NULL on error. The returned Object must be released. ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 38 ++++++++ src/mail.h | 16 +++- src/mailitem-events.cpp | 3 +- src/mapihelp.cpp | 10 --- src/oomhelp.cpp | 182 +++++++++++++++++++++++++++++++++------ src/oomhelp.h | 32 ++++++- src/revert.cpp | 225 ++++++++++++++++++++++++++++++++++++++++++++++++ src/revert.h | 2 + 8 files changed, 467 insertions(+), 41 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Dec 1 20:40:12 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Tue, 01 Dec 2015 20:40:12 +0100 Subject: [git] gnupg-doc - branch, master, updated. 82517ff08eab28a37bf4d349edcefa7327dd5f34 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 82517ff08eab28a37bf4d349edcefa7327dd5f34 (commit) from fa61217e26a97c4b9f3294746a581aee5eb47ad8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 82517ff08eab28a37bf4d349edcefa7327dd5f34 Author: Robert J. Hansen Date: Tue Dec 1 14:29:05 2015 -0500 Added two sections: forgotten passphrases and package verification. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 6443972..fe08967 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -76,7 +76,37 @@ aren't, please feel free to email the FAQ maintainer (Rob Hansen, [[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]) or bring your suggestion up on GnuPG-Users. - +** How do I get help? + :PROPERTIES: + :CUSTOM ID: gethelp + :END + +First, please don?t send emails directly to people in GnuPG. While we will +try to help to people who send email directly to us, those emails quickly +accumulate. Helping just six people a day can take an hour of time, and that's +an hour less we have to work on making GnuPG better. Please reach out to the +GnuPG community via the +[[http://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users mailing list]], +not individual people within +GnuPG. + +Second, tell us your operating environment. Be as specific as possible +What operating system are you using? Which version of GnuPG are you using? +Where did you get GnuPG from? If your problem is related to email, which email +client are you using? Which version number? Is GnuPG supported natively, or +is there a plugin? If so, what's the version number of that? + +Third, tell us your problem. Be as specific as possible. + +Do this, and you might be surprised at how quickly your problem is solved. +An example of a good question would be, ?I?m running GnuPG 1.4.14 on an +Ubuntu 15.04 x64 box. I'm using Thunderbird with Enigmail. Everything was +fine until I did a software update. Ever since then I can't use GnuPG with +email. What happened?? This question gives us enough to work with, and in +short order someone will have an answer for you. + +A bad question would be, ?How do I uninstall GnuPG?? We can?t help you at all; +you've not given us any of the information we need to answer your question. ** Who maintains this FAQ? :PROPERTIES: @@ -110,7 +140,7 @@ Yes. :CUSTOM_ID: last_checked :END: -September 2015. +December 2015. * General questions @@ -358,6 +388,20 @@ The following mailing lists and web pages are generally known for having a strong signal-to-noise ratio. Nevertheless, we strongly urge you to keep a skeptical mind at all times. +** Help! I lost my passphrase. + :PROPERTIES: + :CUSTOM_ID: lost_passphrase + :END: + +Unfortunately, we can?t help you. If you lose your passphrase, you?ll be +unable to use that certificate to sign any new documents or decrypt any +existing documents. You can still use it to verify signatures, though. +(Technically you could encrypt documents, too, but without the passphrase +there?s really not much point: how would you ever decrypt them?) + +If you can?t remember your passphrase, the best thing to do is use your +pre-made revocation certificate to revoke your old certificate, upload the +revocation to the keyserver network, and start anew with a fresh certificate. ** How can I spot the charlatans? :PROPERTIES: @@ -1570,7 +1614,42 @@ the signed file: =gpg signed_file.asc= +** How can I use GnuPG to verify a file I've downloaded? + :PROPERTIES: + :CUSTOM_ID: how_do_i_verify_signed_packages + :END: + +1. Get a copy of the author?s public certificate and import it to your + keyring. It?s important to get the author?s certificate through a + trusted source. On the internet, anyone can be pretend to be anyone. + Particularly, be careful if the certificate you have doesn?t match the + one used for prior code releases. + +2. Once you're confident you have the correct certificate, give it a local + signature. Assuming you want to locally sign certificate + 1DCBDC01B44427C7, you?d type: + + =gpg --edit-key 1DCBDC01B44427C7 lsign= + +3. Download the software package. Let?s assume it?s called ?foo.zip?. + +4. Download the detached signature for the package. Let?s assume it?s + called ?foo.zip.asc?. + +5. Run: + + =gpg foo.zip.asc= + + GnuPG will assume the original file is in foo.zip. (If GnuPG can?t find + foo.zip, GnuPG will prompt you for the name of the original package.) If + all goes well, GnuPG will report good signatures and you may be confident + you've received the package as the author intended. +Please note that a good signature doesn?t mean a piece of software is +trustworthy, reliable, or bug-free. It just means nobody tampered with it and +you?re receiving it as the author intends. Keep a healthy dose of +skepticism, and remember that cryptography cannot save us from +our own foolishness. ** How can I use GnuPG in an automated environment? :PROPERTIES: ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 83 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 81 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 08:22:17 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Dec 2015 08:22:17 +0100 Subject: [git] gnupg-doc - branch, master, updated. b78fae6c6a04a96f0aa53805ac13c30762cea58d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via b78fae6c6a04a96f0aa53805ac13c30762cea58d (commit) from 82517ff08eab28a37bf4d349edcefa7327dd5f34 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b78fae6c6a04a96f0aa53805ac13c30762cea58d Author: Werner Koch Date: Wed Dec 2 08:14:02 2015 +0100 bugs: Update list of topics diff --git a/misc/bugs.gnupg.org/roundup-topics.html b/misc/bugs.gnupg.org/roundup-topics.html index edf8b4a..208707d 100644 --- a/misc/bugs.gnupg.org/roundup-topics.html +++ b/misc/bugs.gnupg.org/roundup-topics.html @@ -84,12 +84,17 @@ clear. This list shall help to make sensible use of the keywords. Note that there is also a category of the same name. + sillyUB Silly interpretation of undefined + behaviour by a compiler. Needs fix so + that gcc et al do not break the + code. tooold The report is too old. Spending time on it is not justified. wontfix The bug will not be fixed. mistaken Empty report or unrelated to GnuPG. endoflife Software version has reached EOL status. + question A question and not a bug report ----------------------------------------------------------------------- Summary of changes: misc/bugs.gnupg.org/roundup-topics.html | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 11:24:04 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Dec 2015 11:24:04 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.1-5-g9ec026a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 9ec026a90535e7ebc2919b800b056850a4d4e30b (commit) from 05ac2dc5c77fa4b87e98508c1b15fd254806b1ce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9ec026a90535e7ebc2919b800b056850a4d4e30b Author: Justus Winter Date: Tue Dec 1 14:00:27 2015 +0100 Fix typos found by codespell. -- Signed-off-by: Justus Winter diff --git a/src/assuan-buffer.c b/src/assuan-buffer.c index b442b3d..ef9ba41 100644 --- a/src/assuan-buffer.c +++ b/src/assuan-buffer.c @@ -476,7 +476,7 @@ _assuan_cookie_write_flush (void *cookie) * and may get buffered until a line is full. To force sending the * data out @buffer may be passed as NULL (in which case @length must * also be 0); however when used by a client this flush operation does - * also send the terminating "END" command to terminate the reponse on + * also send the terminating "END" command to terminate the response on * a INQUIRE response. However, when assuan_transact() is used, this * function takes care of sending END itself. * diff --git a/src/assuan-handler.c b/src/assuan-handler.c index 2fa91b8..351446d 100644 --- a/src/assuan-handler.c +++ b/src/assuan-handler.c @@ -995,7 +995,7 @@ assuan_get_data_fp (assuan_context_t ctx) } -/* Set the text used for the next OK reponse. This string is +/* Set the text used for the next OK response. This string is automatically reset to NULL after the next command. */ gpg_error_t assuan_set_okay_line (assuan_context_t ctx, const char *line) diff --git a/src/assuan-socket-connect.c b/src/assuan-socket-connect.c index 49d3f72..73fbbc3 100644 --- a/src/assuan-socket-connect.c +++ b/src/assuan-socket-connect.c @@ -223,7 +223,7 @@ assuan_socket_connect (assuan_context_t ctx, const char *name, { /* We require that the name starts with a slash if no URL schemata is used. To make things easier we allow an optional - driver prefix. */ + drive prefix. */ s = name; if (*s && s[1] == ':') s += 2; diff --git a/src/funopen.c b/src/funopen.c index fb87f96..e6d77e3 100644 --- a/src/funopen.c +++ b/src/funopen.c @@ -34,7 +34,7 @@ The functions to provide my either be NULL if not required or similar to the unistd function with the exception of using the - cookie instead of the fiel descripor. + cookie instead of the file descriptor. */ diff --git a/src/gpgcedev.c b/src/gpgcedev.c index a097c88..bff4655 100644 --- a/src/gpgcedev.c +++ b/src/gpgcedev.c @@ -174,7 +174,7 @@ struct { } logcontrol; -/* We don't need a device context for the pipe thus we use the adress +/* We don't need a device context for the pipe thus we use the address of the critical section object for it. */ #define PIPECTX_VALUE ((DWORD)(&opnctx_table_cs)) diff --git a/src/system-w32.c b/src/system-w32.c index 85b8fa8..7b95d5c 100644 --- a/src/system-w32.c +++ b/src/system-w32.c @@ -428,7 +428,7 @@ __assuan_spawn (assuan_context_t ctx, pid_t *r_pid, const char *name, variable. However this requires us to write a full environment handler, because the strings are expected in sorted order. The suggestion given in the MS Reference Library, to save the old - value, changeit, create proces and restore it, is not thread + value, change it, create process and restore it, is not thread safe. */ /* Build the command line. */ diff --git a/tests/fdpassing.c b/tests/fdpassing.c index 81ae149..fee5ba0 100644 --- a/tests/fdpassing.c +++ b/tests/fdpassing.c @@ -1,4 +1,4 @@ -/* fdpassing - Check the fiel descriptor passing. +/* fdpassing - Check the file descriptor passing. Copyright (C) 2006, 2009 Free Software Foundation, Inc. This file is part of Assuan. ----------------------------------------------------------------------- Summary of changes: src/assuan-buffer.c | 2 +- src/assuan-handler.c | 2 +- src/assuan-socket-connect.c | 2 +- src/funopen.c | 2 +- src/gpgcedev.c | 2 +- src/system-w32.c | 2 +- tests/fdpassing.c | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 11:53:33 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Dec 2015 11:53:33 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-9-g8c61cbf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8c61cbfb8ff2e1056840ecf8511810ed2482eb1f (commit) from dfa79f9300b837b0f7f2ea44afa589bfcda1dbd9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c61cbfb8ff2e1056840ecf8511810ed2482eb1f Author: Justus Winter Date: Wed Dec 2 11:28:07 2015 +0100 Fix typos found by codespell. -- Signed-off-by: Justus Winter diff --git a/src/argparse.c b/src/argparse.c index 53c20fc..b6abf86 100644 --- a/src/argparse.c +++ b/src/argparse.c @@ -851,7 +851,7 @@ find_long_option( ARGPARSE_ARGS *arg, /* Would be better if we can do a binary search, but it is not possible to reorder our option table because we would mess up our help strings - What we can do is: Build a nice option - lookup table wehn this function is first invoked */ + lookup table when this function is first invoked */ if( !*keyword ) return -1; for(i=0; opts[i].short_opt; i++ ) diff --git a/src/funopen.c b/src/funopen.c index b71d3ae..b722020 100644 --- a/src/funopen.c +++ b/src/funopen.c @@ -35,7 +35,7 @@ The functions to provide my either be NULL if not required or similar to the unistd function with the exception of using the - cookie instead of the fiel descripor. + cookie instead of the file descriptor. */ diff --git a/src/gpgme.h.in b/src/gpgme.h.in index e7216cb..8264bab 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1518,7 +1518,7 @@ typedef enum GPGME_SIGSUM_CRL_MISSING = 0x0100, /* CRL not available. */ GPGME_SIGSUM_CRL_TOO_OLD = 0x0200, /* Available CRL is too old. */ GPGME_SIGSUM_BAD_POLICY = 0x0400, /* A policy was not met. */ - GPGME_SIGSUM_SYS_ERROR = 0x0800 /* A system error occured. */ + GPGME_SIGSUM_SYS_ERROR = 0x0800 /* A system error occurred. */ } gpgme_sigsum_t; @@ -1610,7 +1610,7 @@ struct _gpgme_import_status /* Fingerprint. */ char *fpr; - /* If a problem occured, the reason why the key could not be + /* If a problem occurred, the reason why the key could not be imported. Otherwise GPGME_No_Error. */ gpgme_error_t result; diff --git a/src/w32-glib-io.c b/src/w32-glib-io.c index a5af4e6..66dc9bf 100644 --- a/src/w32-glib-io.c +++ b/src/w32-glib-io.c @@ -98,7 +98,7 @@ static struct FD is closed. This, together with the fact that dup'ed file descriptors are closed before the file descriptors from which they are dup'ed are closed, ensures that CHAN is always valid, - and shared among all file descriptors refering to the same + and shared among all file descriptors referring to the same underlying object. The logic behind this is that there is only one reason for us to diff --git a/src/w32-io.c b/src/w32-io.c index a6d5238..8e7abd3 100644 --- a/src/w32-io.c +++ b/src/w32-io.c @@ -74,7 +74,7 @@ static struct that dup'ed file descriptors are closed before the file descriptors from which they are dup'ed are closed, ensures that the handle or socket is always valid, and shared among all file - descriptors refering to the same underlying object. + descriptors referring to the same underlying object. The logic behind this is that there is only one reason for us to dup file descriptors anyway: to allow simpler book-keeping of @@ -978,7 +978,7 @@ _gpgme_io_write (int fd, const void *buffer, size_t count) return TRACE_SYSRES (-1); } - /* If no error occured, the number of bytes in the buffer must be + /* If no error occurred, the number of bytes in the buffer must be zero. */ assert (!ctx->nbytes); diff --git a/src/wait-global.c b/src/wait-global.c index f03775e..28f3921 100644 --- a/src/wait-global.c +++ b/src/wait-global.c @@ -206,7 +206,7 @@ _gpgme_wait_global_event_cb (void *data, gpgme_event_io_t type, gpgme_error_t err = ctx_active (ctx); if (err) - /* An error occured. Close all fds in this context, and + /* An error occurred. Close all fds in this context, and send the error in a done event. */ _gpgme_cancel_with_err (ctx, err, 0); } @@ -325,7 +325,7 @@ gpgme_wait_ext (gpgme_ctx_t ctx, gpgme_error_t *status, err = _gpgme_run_io_cb (&fdt.fds[i], 0, &local_op_err); if (err || local_op_err) { - /* An error occured. Close all fds in this context, + /* An error occurred. Close all fds in this context, and signal it. */ _gpgme_cancel_with_err (ictx, err, local_op_err); diff --git a/src/wait-private.c b/src/wait-private.c index 9a43110..12d3180 100644 --- a/src/wait-private.c +++ b/src/wait-private.c @@ -89,7 +89,7 @@ _gpgme_wait_on_condition (gpgme_ctx_t ctx, volatile int *cond, if (nr < 0) { - /* An error occured. Close all fds in this context, and + /* An error occurred. Close all fds in this context, and signal it. */ err = gpg_error_from_syserror (); _gpgme_cancel_with_err (ctx, err, 0); @@ -116,7 +116,7 @@ _gpgme_wait_on_condition (gpgme_ctx_t ctx, volatile int *cond, err = _gpgme_run_io_cb (&ctx->fdt.fds[i], 0, &op_err); if (err) { - /* An error occured. Close all fds in this context, + /* An error occurred. Close all fds in this context, and signal it. */ _gpgme_cancel_with_err (ctx, err, 0); @@ -124,7 +124,7 @@ _gpgme_wait_on_condition (gpgme_ctx_t ctx, volatile int *cond, } else if (op_err) { - /* An operational error occured. Cancel the current + /* An operational error occurred. Cancel the current operation but not the session, and signal it. */ _gpgme_cancel_with_err (ctx, 0, op_err); diff --git a/tests/t-data.c b/tests/t-data.c index 888475f..465f29e 100644 --- a/tests/t-data.c +++ b/tests/t-data.c @@ -143,7 +143,7 @@ read_test (round_t round, gpgme_data_t data) read = gpgme_data_read (data, buffer, sizeof (buffer)); if (read > 0) { - fprintf (stderr, "%s:%d: (%i) gpgme_data_read succeded unexpectedly\n", + fprintf (stderr, "%s:%d: (%i) gpgme_data_read succeeded unexpectedly\n", __FILE__, __LINE__, round); exit (1); } ----------------------------------------------------------------------- Summary of changes: src/argparse.c | 2 +- src/funopen.c | 2 +- src/gpgme.h.in | 4 ++-- src/w32-glib-io.c | 2 +- src/w32-io.c | 4 ++-- src/wait-global.c | 4 ++-- src/wait-private.c | 6 +++--- tests/t-data.c | 2 +- 8 files changed, 13 insertions(+), 13 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 12:01:58 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Dec 2015 12:01:58 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-291-g468a579 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 468a5796ffb1a7776db4004d534376c1b981d740 (commit) from 3658afd09c3b03b4398aaa5748387220c93b1a94 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 468a5796ffb1a7776db4004d534376c1b981d740 Author: Justus Winter Date: Wed Dec 2 11:54:40 2015 +0100 random: Fix selection of entropy gathering function. * random/random-csprng.c (getfnc_gather_random): Do return NULL if no usable entropy gathering function is found. The callsite then installs the fake gather function. Signed-off-by: Justus Winter diff --git a/random/random-csprng.c b/random/random-csprng.c index dbebe98..88c5ff8 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -1151,9 +1151,9 @@ getfnc_gather_random (void))(void (*)(const void*, size_t, return fnc; #endif - log_fatal (_("no entropy gathering module detected\n")); + log_info (_("no entropy gathering module detected\n")); - return NULL; /*NOTREACHED*/ + return NULL; } /* Runtime determination of the fast entropy gathering function. ----------------------------------------------------------------------- Summary of changes: random/random-csprng.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 12:03:40 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 02 Dec 2015 12:03:40 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-205-g10cca02 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 10cca02c4c70eee993d4df0a1d20ae841992efe9 (commit) from 9c34711539fc2c34aea8da0fd49ae6aa28991518 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 10cca02c4c70eee993d4df0a1d20ae841992efe9 Author: Neal H. Walfield Date: Wed Dec 2 11:07:05 2015 +0100 common,gpg: Fix processing of search descriptions ending in '!'. * g10/gpg.c (check_user_ids): If the search description describes a keyid or fingerprint and ends in a '!', include the '!' in the rewritten description. * common/userids.c (classify_user_id): Accept keyids and fingerprints ending in '!'. -- Signed-off-by: Neal H. Walfield Reported-by: Kristian Fiskerstrand Fixes-commit: f99830b7 Fixes-commit: e8c53fca diff --git a/common/userids.c b/common/userids.c index f9a0036..e094c69 100644 --- a/common/userids.c +++ b/common/userids.c @@ -282,7 +282,9 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) if (desc->exact) hexlength--; /* Remove the bang. */ - if ((hexlength == 8 && s[hexlength] == 0) + if ((hexlength == 8 + && (s[hexlength] == 0 + || (s[hexlength] == '!' && s[hexlength + 1] == 0))) || (!hexprefix && hexlength == 9 && *s == '0')) { /* Short keyid. */ @@ -291,7 +293,9 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) desc->u.kid[1] = strtoul( s, NULL, 16 ); mode = KEYDB_SEARCH_MODE_SHORT_KID; } - else if ((hexlength == 16 && s[hexlength] == 0) + else if ((hexlength == 16 + && (s[hexlength] == 0 + || (s[hexlength] == '!' && s[hexlength + 1] == 0))) || (!hexprefix && hexlength == 17 && *s == '0')) { /* Long keyid. */ @@ -303,7 +307,9 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) desc->u.kid[1] = strtoul (s+8, NULL, 16); mode = KEYDB_SEARCH_MODE_LONG_KID; } - else if ((hexlength == 32 && s[hexlength] == 0) + else if ((hexlength == 32 + && (s[hexlength] == 0 + || (s[hexlength] == '!' && s[hexlength + 1] == 0))) || (!hexprefix && hexlength == 33 && *s == '0')) { /* MD5 fingerprint. */ @@ -323,7 +329,9 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) } mode = KEYDB_SEARCH_MODE_FPR16; } - else if ((hexlength == 40 && s[hexlength] == 0) + else if ((hexlength == 40 + && (s[hexlength] == 0 + || (s[hexlength] == '!' && s[hexlength + 1] == 0))) || (!hexprefix && hexlength == 41 && *s == '0')) { /* SHA1/RMD160 fingerprint. */ diff --git a/g10/gpg.c b/g10/gpg.c index 5c5afa6..5aeb94d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2109,7 +2109,8 @@ check_user_ids (strlist_t *sp, PKT_public_key *pk; char fingerprint_bin[MAX_FINGERPRINT_LEN]; size_t fingerprint_bin_len = sizeof (fingerprint_bin); - char fingerprint[2 * MAX_FINGERPRINT_LEN + 1]; + /* We also potentially need a ! at the end. */ + char fingerprint[2 * MAX_FINGERPRINT_LEN + 1 + 1]; switch (t->flags >> 2) @@ -2198,6 +2199,17 @@ check_user_ids (strlist_t *sp, fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); assert (fingerprint_bin_len == sizeof (fingerprint_bin)); bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); + if ((desc.mode == KEYDB_SEARCH_MODE_SHORT_KID + || desc.mode == KEYDB_SEARCH_MODE_LONG_KID + || desc.mode == KEYDB_SEARCH_MODE_FPR16 + || desc.mode == KEYDB_SEARCH_MODE_FPR20) + && strchr (t->d, '!')) + { + int i = strlen (fingerprint); + fingerprint[i] = '!'; + fingerprint[i + 1] = '\0'; + } + add_to_strlist (&s2, fingerprint); s2->flags = s->flags; ----------------------------------------------------------------------- Summary of changes: common/userids.c | 16 ++++++++++++---- g10/gpg.c | 14 +++++++++++++- 2 files changed, 25 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 12:27:20 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 02 Dec 2015 12:27:20 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-292-gd421ac2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d421ac283ec46d0ecaf6278ba4c24843f65fb2fa (commit) from 468a5796ffb1a7776db4004d534376c1b981d740 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d421ac283ec46d0ecaf6278ba4c24843f65fb2fa Author: Justus Winter Date: Wed Dec 2 12:12:55 2015 +0100 random: Drop fake entropy gathering function. * random/random-csprng.c (faked_rng): Drop variable. (gather_faked): Drop prototype and function. (initialize): Drop fallback code. (_gcry_rngcsprng_is_faked): Change accordingly. -- The fake entropy gathering function is deemed too dangerous to be used by accident, and is therefore removed. This reverts commit 468a5796ffb1a7776db4004d534376c1b981d740. Signed-off-by: Justus Winter diff --git a/random/random-csprng.c b/random/random-csprng.c index 88c5ff8..e7b751a 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -173,12 +173,6 @@ static void (*fast_gather_fnc)(void (*)(const void*, size_t, used by regular applications. */ static int quick_test; -/* On systems without entropy gathering modules, this flag is set to - indicate that the random generator is not working properly. A - warning message is issued as well. This is useful only for - debugging and during development. */ -static int faked_rng; - /* This is the lock we use to protect all pool operations. */ GPGRT_LOCK_DEFINE (pool_lock); @@ -241,8 +235,6 @@ static void (*getfnc_fast_random_poll (void))(void (*)(const void*, size_t, enum random_origins); static void read_random_source (enum random_origins origin, size_t length, int level); -static int gather_faked (void (*add)(const void*, size_t, enum random_origins), - enum random_origins, size_t length, int level ); @@ -326,11 +318,6 @@ initialize(void) /* Setup the slow entropy gathering function. The code requires that this function exists. */ slow_gather_fnc = getfnc_gather_random (); - if (!slow_gather_fnc) - { - faked_rng = 1; - slow_gather_fnc = gather_faked; - } /* Setup the fast entropy gathering function. */ fast_gather_fnc = getfnc_fast_random_poll (); @@ -453,7 +440,7 @@ _gcry_rngcsprng_is_faked (void) /* We need to initialize due to the runtime determination of available entropy gather modules. */ initialize(); - return (faked_rng || quick_test); + return quick_test; } @@ -1151,9 +1138,9 @@ getfnc_gather_random (void))(void (*)(const void*, size_t, return fnc; #endif - log_info (_("no entropy gathering module detected\n")); + log_fatal (_("no entropy gathering module detected\n")); - return NULL; + return NULL; /*NOTREACHED*/ } /* Runtime determination of the fast entropy gathering function. @@ -1283,40 +1270,3 @@ read_random_source (enum random_origins origin, size_t length, int level) if (slow_gather_fnc (add_randomness, origin, length, level) < 0) log_fatal ("No way to gather entropy for the RNG\n"); } - - -static int -gather_faked (void (*add)(const void*, size_t, enum random_origins), - enum random_origins origin, size_t length, int level ) -{ - static int initialized=0; - size_t n; - char *buffer, *p; - - (void)add; - (void)level; - - if ( !initialized ) - { - log_info(_("WARNING: using insecure random number generator!!\n")); - initialized=1; -#ifdef HAVE_RAND - srand( time(NULL)*getpid()); -#else - srandom( time(NULL)*getpid()); -#endif - } - - p = buffer = xmalloc( length ); - n = length; -#ifdef HAVE_RAND - while ( n-- ) - *p++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1); -#else - while ( n-- ) - *p++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1); -#endif - add_randomness ( buffer, length, origin ); - xfree (buffer); - return 0; /* okay */ -} ----------------------------------------------------------------------- Summary of changes: random/random-csprng.c | 56 +++----------------------------------------------- 1 file changed, 3 insertions(+), 53 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 12:31:50 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Dec 2015 12:31:50 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-207-g28e2513 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 28e2513721ff0cec920564d4087f3600cce8672e (commit) via 17ac843871d5f350f26edff0187f94ced923f534 (commit) from 10cca02c4c70eee993d4df0a1d20ae841992efe9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28e2513721ff0cec920564d4087f3600cce8672e Author: Werner Koch Date: Wed Dec 2 11:49:41 2015 +0100 dirmngr: Switch to an onion address if Tor is running. * dirmngr/dirmngr.h (opt): Turn field 'keyserver' into an strlist. * dirmngr/dirmngr.c (parse_rereadable_options): Allow multiple --keyserver options. * dirmngr/server.c (server_local_s): Add field 'tor_state'. (release_uri_item_list): New. (release_ctrl_keyservers): Use it. (start_command_handler): Release list of keyservers. (is_tor_running): New. (cmd_getinfo): Re-implement "tor" subcommand using new fucntion. (ensure_keyserver): Rewrite. * g10/dirmngr-conf.skel: Add two keyserver options. -- This feature is independent of --use-tor and automagically uses Tor if available. The dirmngr.conf file needs to specify two keyservers to make this work. For new installations this is done using the skeleton file. This feature requires the Libassuan 2.4.2 to work. This patch also fixes a memory leak of opt.keyserver en passant. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index ccefc3c..97d2e15 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -541,8 +541,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) } FREE_STRLIST (opt.ignored_cert_extensions); http_register_tls_ca (NULL); - xfree (opt.keyserver); - opt.keyserver = NULL; + FREE_STRLIST (opt.keyserver); /* Note: We do not allow resetting of opt.use_tor at runtime. */ return 1; } @@ -622,8 +621,8 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oUseTor: opt.use_tor = 1; break; case oKeyServer: - xfree (opt.keyserver); - opt.keyserver = *pargs->r.ret_str? xtrystrdup (pargs->r.ret_str) : NULL; + if (*pargs->r.ret_str) + add_to_strlist (&opt.keyserver, pargs->r.ret_str); break; case oNameServer: diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index b2b14cc..6078884 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -131,7 +131,7 @@ struct unsigned int ocsp_current_period; /* Seconds a response is considered current after nextUpdate. */ - char *keyserver; /* Malloced string with the default keyserver. */ + strlist_t keyserver; /* List of default keyservers. */ } opt; diff --git a/dirmngr/server.c b/dirmngr/server.c index 32c265b..21cb2dc 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -91,6 +91,9 @@ struct server_local_s /* If this flag is set to true this dirmngr process will be terminated after the end of this session. */ int stopme; + + /* State variable private to is_tor_running. */ + int tor_state; }; @@ -120,6 +123,18 @@ get_ldapservers_from_ctrl (ctrl_t ctrl) return NULL; } +/* Release an uri_item_t list. */ +static void +release_uri_item_list (uri_item_t list) +{ + while (list) + { + uri_item_t tmp = list->next; + http_release_parsed_uri (list->parsed_uri); + xfree (list); + list = tmp; + } +} /* Release all configured keyserver info from CTRL. */ void @@ -128,13 +143,8 @@ release_ctrl_keyservers (ctrl_t ctrl) if (! ctrl->server_local) return; - while (ctrl->server_local->keyservers) - { - uri_item_t tmp = ctrl->server_local->keyservers->next; - http_release_parsed_uri (ctrl->server_local->keyservers->parsed_uri); - xfree (ctrl->server_local->keyservers); - ctrl->server_local->keyservers = tmp; - } + release_uri_item_list (ctrl->server_local->keyservers); + ctrl->server_local->keyservers = NULL; } @@ -335,6 +345,38 @@ skip_options (char *line) } +/* This fucntion returns true if a Tor server is running. The sattus + is cached for the current conenction. */ +static int +is_tor_running (ctrl_t ctrl) +{ +#if ASSUAN_VERSION_NUMBER >= 0x020402 + /* Check whether we can connect to the proxy. We use a + special feature introduced with libassuan 2.4.2. */ + + if (!ctrl || !ctrl->server_local) + return 0; /* Ooops. */ + + if (!ctrl->server_local->tor_state) + { + assuan_fd_t sock; + + sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, ASSUAN_SOCK_TOR); + if (sock == ASSUAN_INVALID_FD) + ctrl->server_local->tor_state = -1; /* Not running. */ + else + { + assuan_sock_close (sock); + ctrl->server_local->tor_state = 1; /* Running. */ + } + } + return (ctrl->server_local->tor_state > 0); +#else /* Libassuan < 2.4.2 */ + return 0; /* We don't know. */ +#endif +} + + /* Return an error if the assuan context does not belong to the owner of the process or to root. On error FAILTEXT is set as Assuan error string. */ @@ -1710,15 +1752,74 @@ ensure_keyserver (ctrl_t ctrl) { gpg_error_t err; uri_item_t item; + uri_item_t onion_items = NULL; + uri_item_t plain_items = NULL; + uri_item_t ui; + strlist_t sl; if (ctrl->server_local->keyservers) return 0; /* Already set for this session. */ if (!opt.keyserver) return 0; /* No global option set. */ - err = make_keyserver_item (opt.keyserver, &item); - if (!err) - ctrl->server_local->keyservers = item; + for (sl = opt.keyserver; sl; sl = sl->next) + { + err = make_keyserver_item (sl->d, &item); + if (err) + goto leave; + if (item->parsed_uri->onion) + { + item->next = onion_items; + onion_items = item; + } + else + { + item->next = plain_items; + plain_items = item; + } + } + + /* Decide which to use. Note that the sesssion has no keyservers + yet set. */ + if (onion_items && !onion_items->next && plain_items && !plain_items->next) + { + /* If there is just one onion and one plain keyserver given, we take + only one depending on whether Tor is running or not. */ + if (is_tor_running (ctrl)) + { + ctrl->server_local->keyservers = onion_items; + onion_items = NULL; + } + else + { + ctrl->server_local->keyservers = plain_items; + plain_items = NULL; + } + } + else if (!is_tor_running (ctrl)) + { + /* Tor is not running. It does not make sense to add Onion + addresses. */ + ctrl->server_local->keyservers = plain_items; + plain_items = NULL; + } + else + { + /* In all other cases add all keyservers. */ + ctrl->server_local->keyservers = onion_items; + onion_items = NULL; + for (ui = ctrl->server_local->keyservers; ui && ui->next; ui = ui->next) + ; + if (ui) + ui->next = plain_items; + else + ctrl->server_local->keyservers = plain_items; + plain_items = NULL; + } + + leave: + release_uri_item_list (onion_items); + release_uri_item_list (plain_items); return err; } @@ -2093,6 +2194,7 @@ static const char hlp_getinfo[] = static gpg_error_t cmd_getinfo (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; if (!strcmp (line, "version")) @@ -2123,24 +2225,11 @@ cmd_getinfo (assuan_context_t ctx, char *line) { if (opt.use_tor) { -#if ASSUAN_VERSION_NUMBER >= 0x020402 - /* Check whether we can connect to the proxy. We use a - special feature introduced with libassuan 2.4.2. */ - assuan_fd_t sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, - ASSUAN_SOCK_TOR); - if (sock == ASSUAN_INVALID_FD) - { - err = assuan_write_status - (ctx, "NO_TOR", - errno == ECONNREFUSED? "Tor not running" : strerror (errno)); - } + if (!is_tor_running (ctrl)) + err = assuan_write_status (ctx, "NO_TOR", "Tor not running"); else - { - assuan_sock_close (sock); - err = 0; - } + err = 0; if (!err) -#endif /* Libassuan >= 2.4.2 */ assuan_set_okay_line (ctx, "- Tor mode is enabled"); } else @@ -2398,6 +2487,7 @@ start_command_handler (assuan_fd_t fd) } } + #if USE_LDAP ldap_wrapper_connection_cleanup (ctrl); @@ -2405,6 +2495,8 @@ start_command_handler (assuan_fd_t fd) #endif /*USE_LDAP*/ ctrl->server_local->ldapservers = NULL; + release_ctrl_keyservers (ctrl); + ctrl->server_local->assuan_ctx = NULL; assuan_release (ctx); diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 6a4d6d6..5b73d7b 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -263,6 +263,11 @@ need to send keys to more than one server. The keyserver @code{hkp://keys.gnupg.net} uses round robin DNS to give a different keyserver each time you use it. +If exactly two keyservers are configured and only one is a Tor hidden +service (.onion), Dirmngr selects the keyserver to use depending on +whether Tor is locally running or not. The check for a running Tor is +done for each new connection. + @item --nameserver @var{ipaddr} @opindex nameserver diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel index 2ba5e4d..d5a02d9 100644 --- a/g10/dirmngr-conf.skel +++ b/g10/dirmngr-conf.skel @@ -49,7 +49,12 @@ # servers via DNS round-robin. hkp://keys.gnupg.net is an example of # such a "server", which spreads the load over a number of physical # servers. +# +# If exactly two keyservers are configured and only one is a Tor hidden +# service, Dirmngr selects the keyserver to use depending on whether +# Tor is locally running or not (on a per session base). +keyserver hkp://dyh2j3qyrirn43iw.onion keyserver hkp://keys.gnupg.net # --hkp-cacert FILENAME commit 17ac843871d5f350f26edff0187f94ced923f534 Author: Werner Koch Date: Wed Dec 2 10:12:32 2015 +0100 http: Enhance parser to detect .onion addresses. * dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch diff --git a/dirmngr/http.c b/dirmngr/http.c index d623f7e..6427951 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -1086,6 +1086,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, uri->is_http = 0; uri->opaque = 0; uri->v6lit = 0; + uri->onion = 0; /* A quick validity check. */ if (strspn (p, VALID_URI_CHARS) != n) @@ -1172,49 +1173,54 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, { uri->opaque = 1; uri->path = p; + if (is_onion_address (uri->path)) + uri->onion = 1; return 0; } } /* End global URI part. */ - /* Parse the pathname part */ - if (!p || !*p) - return 0; /* We don't have a path. Okay. */ - - /* TODO: Here we have to check params. */ - - /* Do we have a query part? */ - if ((p2 = strchr (p, '?'))) - *p2++ = 0; - - uri->path = p; - if ((n = remove_escapes (p)) < 0) - return GPG_ERR_BAD_URI; - if (n != strlen (p)) - return GPG_ERR_BAD_URI; /* Path includes a Nul. */ - p = p2 ? p2 : NULL; - - if (!p || !*p) - return 0; /* We don't have a query string. Okay. */ - - /* Now parse the query string. */ - tail = &uri->query; - for (;;) + /* Parse the pathname part if any. */ + if (p && *p) { - uri_tuple_t elem; + /* TODO: Here we have to check params. */ - if ((p2 = strchr (p, '&'))) - *p2++ = 0; - if (!(elem = parse_tuple (p))) - return GPG_ERR_BAD_URI; - *tail = elem; - tail = &elem->next; + /* Do we have a query part? */ + if ((p2 = strchr (p, '?'))) + *p2++ = 0; - if (!p2) - break; /* Ready. */ - p = p2; + uri->path = p; + if ((n = remove_escapes (p)) < 0) + return GPG_ERR_BAD_URI; + if (n != strlen (p)) + return GPG_ERR_BAD_URI; /* Path includes a Nul. */ + p = p2 ? p2 : NULL; + + /* Parse a query string if any. */ + if (p && *p) + { + tail = &uri->query; + for (;;) + { + uri_tuple_t elem; + + if ((p2 = strchr (p, '&'))) + *p2++ = 0; + if (!(elem = parse_tuple (p))) + return GPG_ERR_BAD_URI; + *tail = elem; + tail = &elem->next; + + if (!p2) + break; /* Ready. */ + p = p2; + } + } } + if (is_onion_address (uri->host)) + uri->onion = 1; + return 0; } diff --git a/dirmngr/http.h b/dirmngr/http.h index 73a423c..64f55e1 100644 --- a/dirmngr/http.h +++ b/dirmngr/http.h @@ -52,6 +52,7 @@ struct parsed_uri_s unsigned int use_tls:1; /* Whether TLS should be used. */ unsigned int opaque:1;/* Unknown scheme; PATH has the rest. */ unsigned int v6lit:1; /* Host was given as a literal v6 address. */ + unsigned int onion:1; /* .onion address given. */ char *auth; /* username/password for basic auth. */ char *host; /* Host (converted to lowercase). */ unsigned short port; /* Port (always set if the host is set). */ diff --git a/dirmngr/t-http.c b/dirmngr/t-http.c index 35858f6..63662a2 100644 --- a/dirmngr/t-http.c +++ b/dirmngr/t-http.c @@ -323,6 +323,11 @@ main (int argc, char **argv) } putchar ('\n'); } + printf ("Flags :%s%s%s%s\n", + uri->is_http? " http":"", + uri->opaque? " opaque":"", + uri->v6lit? " v6lit":"", + uri->onion? " onion":""); printf ("TLS : %s\n", uri->use_tls? "yes": (my_http_flags&HTTP_FLAG_FORCE_TLS)? "forced" : "no"); ----------------------------------------------------------------------- Summary of changes: dirmngr/dirmngr.c | 7 ++- dirmngr/dirmngr.h | 2 +- dirmngr/http.c | 72 +++++++++++++------------ dirmngr/http.h | 1 + dirmngr/server.c | 144 +++++++++++++++++++++++++++++++++++++++++--------- dirmngr/t-http.c | 5 ++ doc/dirmngr.texi | 5 ++ g10/dirmngr-conf.skel | 5 ++ 8 files changed, 177 insertions(+), 64 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 14:25:25 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Dec 2015 14:25:25 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.1-7-gd271ed7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via d271ed79fe690818b1412568417275cc92183143 (commit) via e0516c5bbac23aa2d2a0b59caad67fca00b3183f (commit) from 9ec026a90535e7ebc2919b800b056850a4d4e30b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d271ed79fe690818b1412568417275cc92183143 Author: Werner Koch Date: Wed Dec 2 14:21:26 2015 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index dbb921f..9f19351 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.4.3 (unreleased) [C7/A7/R_] +------------------------------------------------ + + Noteworthy changes in version 2.4.2 (2015-12-02) [C7/A7/R2] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 41a9fff..cd1a80d 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [4]) -m4_define([mym4_micro], [2]) +m4_define([mym4_micro], [3]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit e0516c5bbac23aa2d2a0b59caad67fca00b3183f Author: Werner Koch Date: Wed Dec 2 13:49:20 2015 +0100 Release 2.4.2. * configure.ac: Bump LT version to C7/A7/R2. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index a7e4237..dbb921f 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 2.4.2 (unreleased) [C7/A7/R_] +Noteworthy changes in version 2.4.2 (2015-12-02) [C7/A7/R2] ------------------------------------------------ * The nPth version of the connect system hook does now wrap the call diff --git a/configure.ac b/configure.ac index 6f47d4e..41a9fff 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # LIBASSUAN_LT_CURRENT=7 LIBASSUAN_LT_AGE=7 -LIBASSUAN_LT_REVISION=1 +LIBASSUAN_LT_REVISION=2 # If the API is changed in an incompatible way: increment the next counter. LIBASSUAN_CONFIG_API_VERSION=2 ----------------------------------------------------------------------- Summary of changes: NEWS | 6 +++++- configure.ac | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 14:27:26 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Dec 2015 14:27:26 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8c8e50ec2eeadd6bf6001b74da829e65c439fab8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8c8e50ec2eeadd6bf6001b74da829e65c439fab8 (commit) from b78fae6c6a04a96f0aa53805ac13c30762cea58d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c8e50ec2eeadd6bf6001b74da829e65c439fab8 Author: Werner Koch Date: Wed Dec 2 14:23:30 2015 +0100 swdb: libassuan 2.4.2. diff --git a/web/swdb.mac b/web/swdb.mac index ba4e78d..9c4a69d 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -103,9 +103,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.4.1 -#+macro: libassuan_size 573k -#+macro: libassuan_sha1 54982bf7ecf42c0c4d4251d49614ba18edb18264 +#+macro: libassuan_ver 2.4.2 +#+macro: libassuan_size 574k +#+macro: libassuan_sha1 ac1047f9764fd4a4db7dafe47640643164394db9 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 15:22:04 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 02 Dec 2015 15:22:04 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-209-g28195f8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 28195f8d27aa0fc9daf5b74fb24de87c36e04739 (commit) via c73d75103cbd34975e2bd28e9924caee05eaf829 (commit) from 28e2513721ff0cec920564d4087f3600cce8672e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28195f8d27aa0fc9daf5b74fb24de87c36e04739 Author: Neal H. Walfield Date: Wed Dec 2 15:21:20 2015 +0100 gpg: Improve documentation. * g10/tofu.c (initdb): Improve documentation. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 2433b7b..b7f61e9 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -563,8 +563,7 @@ initdb (sqlite3 *db, enum db_type type) TIME: The time this binding was first observed. - POLICY: The trust policy (-1, 0, 1, or 2; see the - documentation for TOFU_POLICY_BAD, etc. above). + POLICY: The trust policy (TOFU_POLICY_BAD, etc. as an integer). CONFLICT is either NULL or a fingerprint. Assume that we have a binding <0xdeadbeef, foo at example.com> and then we observe commit c73d75103cbd34975e2bd28e9924caee05eaf829 Author: Neal H. Walfield Date: Wed Dec 2 15:20:18 2015 +0100 gpg: Fix type mismatch resulting in a buffer overflow. * g10/tofu.c (record_binding): Change policy_old's type from an enum tofu_policy to a long: this variable is passed by reference and a long is expected. -- Signed-off-by: Neal H. Walfield Reported-by: Justus Winter Fixes-commit: f77913e diff --git a/g10/tofu.c b/g10/tofu.c index d340bfe..2433b7b 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1079,7 +1079,10 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, struct db *db_email = NULL, *db_key = NULL; int rc; char *err = NULL; - enum tofu_policy policy_old = TOFU_POLICY_NONE; + /* policy_old needs to be a long and not an enum tofu_policy, + because we pass it by reference to get_single_long_cb2, which + expects a long. */ + long policy_old = TOFU_POLICY_NONE; if (! (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_GOOD ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 19:04:11 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Dec 2015 19:04:11 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-210-g69db328 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 69db3285e4612ad24462149a4d64cc32c090a491 (commit) from 28195f8d27aa0fc9daf5b74fb24de87c36e04739 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 69db3285e4612ad24462149a4d64cc32c090a491 Author: Werner Koch Date: Wed Dec 2 18:47:50 2015 +0100 build: Require at least Libassuan 2.4.1. * configure.ac (NEED_LIBASSUAN_VERSION): Set to 2.4.1. * agent/gpg-agent.c (create_server_socket): Remove check for libassuan >= 2.3.0 and >= 2.1.4. (main): Remove check for libassuan >= 2.1.4. * scd/scdaemon.c (create_server_socket): Remove check for libassuan >= 2.1.4. * dirmngr/dirmngr.c (set_tor_mode): Remove check for libassuan >= 2.3.0. * dirmngr/http.c (http_raw_connect, send_request): Remove checks for libassuan >= 2.3.0. Signed-off-by: Werner Koch diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 04b03d3..b60287d 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1682,17 +1682,12 @@ create_server_socket (char *name, int primary, int cygwin, agent_exit (2); } -#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */ if (cygwin) assuan_sock_set_flag (fd, "cygwin", 1); -#else - (void)cygwin; -#endif unaddr = xmalloc (sizeof *unaddr); addr = (struct sockaddr*)unaddr; -#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */ { int redirected; @@ -1713,17 +1708,6 @@ create_server_socket (char *name, int primary, int cygwin, log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name); } } -#else /* Assuan < 2.1.4 */ - memset (unaddr, 0, sizeof *unaddr); - unaddr->sun_family = AF_UNIX; - if (strlen (name) + 1 >= sizeof (unaddr->sun_path)) - { - log_error (_("socket name '%s' is too long\n"), name); - *name = 0; /* Inhibit removal of the socket by cleanup(). */ - agent_exit (2); - } - strcpy (unaddr->sun_path, name); -#endif /* Assuan < 2.1.4 */ len = SUN_LEN (unaddr); rc = assuan_sock_bind (fd, addr, len); diff --git a/configure.ac b/configure.ac index bd84633..81a1eca 100644 --- a/configure.ac +++ b/configure.ac @@ -55,7 +55,7 @@ NEED_LIBGCRYPT_API=1 NEED_LIBGCRYPT_VERSION=1.6.0 NEED_LIBASSUAN_API=2 -NEED_LIBASSUAN_VERSION=2.1.0 +NEED_LIBASSUAN_VERSION=2.4.1 NEED_KSBA_API=1 NEED_KSBA_VERSION=1.2.0 @@ -757,26 +757,7 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_API:$NEED_LIBASSUAN_VERSION", if test "$have_libassuan" = "yes"; then AC_DEFINE_UNQUOTED(GNUPG_LIBASSUAN_VERSION, "$libassuan_version", [version of the libassuan library]) - # Starting with 2.4.1 we have Tor support in Libassuan. */ - ok=no - if test "$libassuan_version_major" -gt "2"; then - ok=yes - else - if test "$libassuan_version_major" -eq "2"; then - if test "$libassuan_version_minor" -gt "4"; then - ok=yes - else - if test "$libassuan_version_minor" -eq "4"; then - if test "$libassuan_version_micro" -ge "1"; then - ok=yes - fi - fi - fi - fi - fi - if test $ok = yes ;then - show_tor_support="only .onion" - fi + show_tor_support="only .onion" fi diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 97d2e15..f249d68 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -473,9 +473,7 @@ set_tor_mode (void) { if (opt.use_tor) { -#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */ if (assuan_sock_set_flag (ASSUAN_INVALID_FD, "tor-mode", 1)) -#endif { log_error ("error enabling Tor mode: %s\n", strerror (errno)); log_info ("(is your Libassuan recent enough?)\n"); @@ -1135,7 +1133,6 @@ main (int argc, char **argv) dirmngr_exit (1); } -#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */ { int redirected; @@ -1159,16 +1156,6 @@ main (int argc, char **argv) socket_name, redir_socket_name); } } -#else /* Assuan < 2.1.4 */ - memset (&serv_addr, 0, sizeof serv_addr); - serv_addr.sun_family = AF_UNIX; - if (strlen (socket_name)+1 >= sizeof serv_addr.sun_path ) - { - log_error (_("socket name '%s' is too long\n"), socket_name); - dirmngr_exit (1); - } - strcpy (serv_addr.sun_path, socket_name); -#endif /* Assuan < 2.1.4 */ len = SUN_LEN (&serv_addr); diff --git a/dirmngr/http.c b/dirmngr/http.c index 6427951..74b6911 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -753,9 +753,7 @@ http_raw_connect (http_t *r_hd, const char *server, unsigned short port, { int mode; -#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode) -#endif { log_error ("Tor support is not available\n"); return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); @@ -1481,9 +1479,7 @@ send_request (http_t hd, const char *httphost, const char *auth, { int mode; -#if ASSUAN_VERSION_NUMBER >= 0x020300 /* >= 2.3.0 */ if (assuan_sock_get_flag (ASSUAN_INVALID_FD, "tor-mode", &mode) || !mode) -#endif { log_error ("Tor support is not available\n"); return gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); diff --git a/scd/scdaemon.c b/scd/scdaemon.c index 0f92efe..e8218ca 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -1082,7 +1082,6 @@ create_server_socket (const char *name, char **r_redir_name, unaddr = xmalloc (sizeof (*unaddr)); addr = (struct sockaddr*)unaddr; -#if ASSUAN_VERSION_NUMBER >= 0x020104 /* >= 2.1.4 */ { int redirected; @@ -1102,16 +1101,6 @@ create_server_socket (const char *name, char **r_redir_name, log_info ("redirecting socket '%s' to '%s'\n", name, *r_redir_name); } } -#else /* Assuan < 2.1.4 */ - memset (unaddr, 0, sizeof *unaddr); - unaddr->sun_family = AF_UNIX; - if (strlen (name) + 1 >= sizeof (unaddr->sun_path)) - { - log_error (_("socket name '%s' is too long\n"), name); - scd_exit (2); - } - strcpy (unaddr->sun_path, name); -#endif /* Assuan < 2.1.4 */ len = SUN_LEN (unaddr); ----------------------------------------------------------------------- Summary of changes: agent/gpg-agent.c | 16 ---------------- configure.ac | 23 ++--------------------- dirmngr/dirmngr.c | 13 ------------- dirmngr/http.c | 4 ---- scd/scdaemon.c | 11 ----------- 5 files changed, 2 insertions(+), 65 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Dec 2 20:43:07 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 02 Dec 2015 20:43:07 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-15-g94b3317 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 94b331747d84196f524b633c2a23568cb0b69359 (commit) via c5e7483db0565a62efbed13dac8b87131182b27c (commit) via 4b4fc8482c4cf62f459b3f0c194c4ed7d5114b77 (commit) via 6a2ff276b11b3100b4d64f8c5308dfa0c48de211 (commit) from 14e06fe2500a1735b2089b03231e45e63a6f40fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 94b331747d84196f524b633c2a23568cb0b69359 Author: Andre Heinecke Date: Wed Dec 2 20:32:56 2015 +0100 Add revert support for PGP MulitpartEncrypted * src/mimemaker.c (restore_msg_from_moss): Create a mosstmpl attachment. Currently only works for PGP MultipartEncrypted. * src/mimemaker.h: Add prototype. * src/oomhelp.h: Add DASL for attachment MIME tag. * src/revert.cpp (finalize_mapi): Dont restore message class. (gpgol_mailitem_revert): Collect info first. Then work. Handle MOSS attachments. Do Magic. -- For S/MIME we will want to add an option to also restore the message class. The important thing here is how the message class is mangled to trigger the SMIME.MultipartSigned behavior without visibly changing the icon in the message list. diff --git a/src/mimemaker.c b/src/mimemaker.c index 0641dff..461d1e3 100644 --- a/src/mimemaker.c +++ b/src/mimemaker.c @@ -1,5 +1,6 @@ /* mimemaker.c - Construct MIME message out of a MAPI - * Copyright (C) 2007, 2008 g10 Code GmbH + * Copyright (C) 2007, 2008 g10 Code GmbH + * Copyright (C) 2015 Intevation GmbH * * This file is part of GpgOL. * @@ -39,6 +40,7 @@ #include "engine.h" #include "mapihelp.h" #include "mimemaker.h" +#include "oomhelp.h" static const char oid_mimetag[] = {0x2A, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x03, 0x0a, 0x04}; @@ -1995,3 +1997,77 @@ mime_sign_encrypt (LPMESSAGE message, HWND hwnd, xfree (my_sender); return result; } + +int +restore_msg_from_moss (LPMESSAGE message, LPDISPATCH moss_att, + msgtype_t type, char *msgcls) +{ + struct sink_s sinkmem; + sink_t sink = &sinkmem; + char *orig = NULL; + int err = -1; + char boundary[BOUNDARYSIZE+1]; + + LPATTACH new_attach = create_mapi_attachment (message, + sink); + log_debug ("Restore message from moss called."); + if (!new_attach) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + // TODO MORE + if (type == MSGTYPE_SMIME) + { + create_top_encryption_header (sink, PROTOCOL_SMIME, boundary); + } + else + { + create_top_encryption_header (sink, PROTOCOL_OPENPGP, boundary); + } + + orig = get_pa_string (moss_att, PR_ATTACH_DATA_BIN_DASL); + + if (!orig) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + if (write_string (sink, orig)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + if (*boundary && write_boundary (sink, boundary, 1)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + if (close_mapi_attachment (&new_attach, sink)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + /* Set a special property so that we are later able to identify + messages signed or encrypted by us. */ + if (mapi_set_sig_status (message, "@")) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + if (mapi_set_gpgol_msg_class (message, msgcls)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + + err = 0; +done: + xfree (orig); + return err; +} diff --git a/src/mimemaker.h b/src/mimemaker.h index 187e80e..f483120 100644 --- a/src/mimemaker.h +++ b/src/mimemaker.h @@ -58,6 +58,15 @@ int sink_encryption_write (sink_t encsink, const void *data, size_t datalen); int write_buffer_for_cb (void *opaque, const void *data, size_t datalen); int write_buffer (sink_t sink, const void *data, size_t datalen); +/** @brief Try to restore a message from the moss attachment. + * + * Try to turn the moss attachment back into a Mail that other + * MUAs could handle. Uses all the tricks available to archive + * that. Returns 0 on success. + */ +int restore_msg_from_moss (LPMESSAGE message, LPDISPATCH moss_att, + msgtype_t type, char *msgcls); + #ifdef __cplusplus } #endif diff --git a/src/oomhelp.h b/src/oomhelp.h index 66cff65..aad7f7d 100644 --- a/src/oomhelp.h +++ b/src/oomhelp.h @@ -93,7 +93,8 @@ DEFINE_OLEGUID(IID_IOleWindow, 0x00000114, 0, 0); "http://schemas.microsoft.com/mapi/proptag/0x1000001F" #define PR_ATTACHMENT_HIDDEN_DASL \ "http://schemas.microsoft.com/mapi/proptag/0x7FFE000B" - +#define PR_ATTACH_MIME_TAG_DASL \ + "http://schemas.microsoft.com/mapi/proptag/0x370E001F" #ifdef __cplusplus extern "C" { #if 0 diff --git a/src/revert.cpp b/src/revert.cpp index 62a574f..714da94 100644 --- a/src/revert.cpp +++ b/src/revert.cpp @@ -29,6 +29,7 @@ #include "oomhelp.h" #include "mapihelp.h" #include "message.h" +#include "mimemaker.h" /* Wrapper around UlRelease with error checking. */ @@ -235,40 +236,12 @@ gpgol_message_revert (LPMESSAGE message, LONG do_save, ULONG save_flags) /* Helper method for mailitem_revert to add changes on the mapi side and save them. */ -static int finalize_mapi (LPMESSAGE message, char *msgcls) +static int finalize_mapi (LPMESSAGE message) { - char * oldmsgcls = NULL; HRESULT hr; - SPropValue prop; SPropTagArray proparray; ULONG tag_id; - if (mapi_save_changes (message, FORCE_SAVE | KEEP_OPEN_READWRITE)) - { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - return -1; - } - oldmsgcls = mapi_get_old_message_class (message); - if (!oldmsgcls) - { - /* No saved message class, mangle the actual class. */ - if (!strcmp (msgcls, "IPM.Note.GpgOL.ClearSigned") - || !strcmp (msgcls, "IPM.Note.GpgOL.PGPMessage") ) - msgcls[8] = 0; - else - memcpy (msgcls+9, "SMIME", 5); - oldmsgcls = msgcls; - msgcls = NULL; - } - /* Change the message class. */ - prop.ulPropTag = PR_MESSAGE_CLASS_A; - prop.Value.lpszA = oldmsgcls; - hr = message->SetProps (1, &prop, NULL); - if (hr) - { - log_error ("%s:%s: can't set message class to `%s': hr=%#lx\n", - SRCNAME, __func__, oldmsgcls, hr); - return -1; - } + if (get_gpgollastdecrypted_tag (message, &tag_id)) { log_error ("%s:%s: can't getlastdecrypted tag", @@ -284,6 +257,15 @@ static int finalize_mapi (LPMESSAGE message, char *msgcls) SRCNAME, __func__); return -1; } + + /* Save the changes. */ + if (mapi_save_changes (message, + FORCE_SAVE | KEEP_OPEN_READWRITE)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + return -1; + } + return 0; } @@ -312,6 +294,11 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) int count = 0; LONG result = -1; msgtype_t msgtype; + int body_restored = 0; + LPDISPATCH *to_delete = NULL; + int del_cnt = 0; + LPDISPATCH to_restore = NULL; + int mosstmpl_found = 0; /* Check whether we need to care about this message. */ msgcls = get_pa_string (mailitem, PR_MESSAGE_CLASS_W_DASL); @@ -323,7 +310,7 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) xfree (msgcls); log_error ("%s:%s: Message processed but not our class. Bug.", SRCNAME, __func__); - return 0; /* Not one of our message classes. */ + return -1; } message = get_oom_base_message (mailitem); @@ -344,20 +331,15 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) } msgtype = mapi_get_message_type (message); - if (msgtype != MSGTYPE_GPGOL_PGP_MESSAGE) + if (msgtype != MSGTYPE_GPGOL_PGP_MESSAGE && + msgtype != MSGTYPE_GPGOL_MULTIPART_ENCRYPTED) { log_error ("%s:%s: Revert not supported for msgtype: %i", SRCNAME, __func__, msgtype); goto done; } - count = get_oom_int (attachments, "Count"); - - if (count < 1) - { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - goto done; - } + to_delete = (LPDISPATCH*) xmalloc (count * sizeof (LPDISPATCH)); /* Yes the items start at 1! */ for (i = 1; i <= count; i++) @@ -406,55 +388,126 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) RELDISP (attachment); goto done; } + body_restored = 1; xfree (body); + to_delete[del_cnt++] = attachment; + break; } /* No break we also want to delete that. */ - case ATTACHTYPE_FROMMOSS: - case ATTACHTYPE_FROMMOSS_DEC: + case ATTACHTYPE_MOSS: { - if (invoke_oom_method (attachment, "Delete", NULL)) + char *mime_tag = get_pa_string (attachment, + PR_ATTACH_MIME_TAG_DASL); + if (mime_tag && !strcmp (mime_tag, "application/octet-stream")) { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - RELDISP (attachment); - goto done; + to_restore = attachment; + } + else + { + log_oom ("%s:%s: Skipping attachment with tag: %s", SRCNAME, + __func__, mime_tag); } - i--; - count--; + xfree (mime_tag); + to_delete[del_cnt++] = attachment; break; } - case ATTACHTYPE_MOSS: + case ATTACHTYPE_FROMMOSS: + case ATTACHTYPE_FROMMOSS_DEC: { - VARIANT value; - VariantInit (&value); - value.vt = VT_BOOL; - value.boolVal = VARIANT_FALSE; - if (set_pa_variant (attachment, PR_ATTACHMENT_HIDDEN_DASL, - &value)) - { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - RELDISP (attachment); - goto done; - } - put_oom_string (mailitem, "Body", ""); + to_delete[del_cnt++] = attachment; + break; + } + case ATTACHTYPE_MOSSTEMPL: + /* This is a newly created attachment containing a MIME structure + other clients could handle */ + { + mosstmpl_found = 1; break; } default: log_error ("%s:%s: Unknown attachment type: %i", SRCNAME, __func__, att_type); } - RELDISP (attachment); } - if (finalize_mapi (message, msgcls)) + if (to_restore && !mosstmpl_found) { - log_error ("%s:%s: Finalize failed.", - SRCNAME, __func__); - goto done; + log_debug ("%s:%s: Restoring from MOSS.", SRCNAME, __func__); + if (restore_msg_from_moss (message, to_restore, msgtype, + msgcls)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, + __LINE__); + } + else + { + to_restore = NULL; + } } + if (to_restore || mosstmpl_found) + { + HRESULT hr; + SPropValue prop; + /* Message was either restored or the only attachment is the + mosstmplate in which case we need to activate the + MultipartSigned magic.*/ + prop.ulPropTag = PR_MESSAGE_CLASS_A; + // TODO handle disabled S/MIME and smime messages. + prop.Value.lpszA = + (char*) "IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned"; + hr = HrSetOneProp (message, &prop); + if (hr) + { + log_error ("%s:%s: error setting the message class: hr=%#lx\n", + SRCNAME, __func__, hr); + goto done; + } + } + result = 0; done: - RELDISP (message); - xfree (msgcls); + + /* Do the deletion body wipe even on error. */ + + for (i = 0; i < del_cnt; i++) + { + LPDISPATCH attachment = to_delete[i]; + + if (attachment == to_restore) + { + /* If restoring failed to restore is still set. In that case + do not delete the MOSS attachment to avoid data loss. */ + continue; + } + /* Delete the attachments that are marked to delete */ + if (invoke_oom_method (attachment, "Delete", NULL)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + result = -1; + } + } + if (!body_restored && put_oom_string (mailitem, "Body", "")) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + result = -1; + } + + for (i = 0; i < del_cnt; i++) + { + RELDISP (to_delete[i]); + } + + xfree (to_delete); RELDISP (attachments); + xfree (msgcls); + + if (!result && finalize_mapi (message)) + { + log_error ("%s:%s: Finalize failed.", + SRCNAME, __func__); + result = -1; + } + + RELDISP (message); return result; } commit c5e7483db0565a62efbed13dac8b87131182b27c Author: Andre Heinecke Date: Wed Dec 2 20:31:10 2015 +0100 Move some debug output into debug_oom * src/oomhelp.cpp (get_oom_object): Be quieter by default. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 3a5de17..df2eda4 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -139,8 +139,8 @@ get_oom_object (LPDISPATCH pStart, const char *fullname) LPDISPATCH pObj = pStart; LPDISPATCH pDisp = NULL; - log_debug ("%s:%s: looking for %p->`%s'", - SRCNAME, __func__, pStart, fullname); + log_oom ("%s:%s: looking for %p->`%s'", + SRCNAME, __func__, pStart, fullname); while (pObj) { @@ -171,7 +171,7 @@ get_oom_object (LPDISPATCH pStart, const char *fullname) return NULL; /* The object has no IDispatch interface. */ if (!*fullname) { - log_debug ("%s:%s: got %p",SRCNAME, __func__, pDisp); + log_oom ("%s:%s: got %p",SRCNAME, __func__, pDisp); return pDisp; /* Ready. */ } commit 4b4fc8482c4cf62f459b3f0c194c4ed7d5114b77 Author: Andre Heinecke Date: Wed Dec 2 19:59:53 2015 +0100 Fix view of sent mails with S/MIME disabled * src/mapihelp.cpp (mapi_change_message_class): Respect overrides even with S/MIME disabled. -- I don't see why this would be a problem with S/MIME disabled and I hope that it was originally a typo. We need the override to force Outlook to reconsider the data of sent mails. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 4c7fbe1..8815b08 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -1228,7 +1228,7 @@ mapi_change_message_class (LPMESSAGE message, int sync_override) newvalue = change_message_class_ipm_note_smime_multipartsigned (message); } - else if (opt.enable_smime && sync_override && have_override + else if (sync_override && have_override && !strncmp (s, "IPM.Note.GpgOL", 14) && (!s[14]||s[14] =='.')) { /* In case the original message class is not yet an GpgOL commit 6a2ff276b11b3100b4d64f8c5308dfa0c48de211 Author: Andre Heinecke Date: Tue Dec 1 16:09:50 2015 +0100 Disable MIME style support for clearsigned mails * src/mapihelp.cpp (get_msgcls_from_pgp_lines): Disable clearsigned detection for Outlook 2010 and later -- As we don't and probably won't handle this in revert we better not touch it at all to avoid removing the signature information. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index 45fe276..4c7fbe1 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -619,7 +619,10 @@ get_msgcls_from_pgp_lines (LPMESSAGE message) { if (!strncmp (p, "-----BEGIN PGP ", 15)) { - if (!strncmp (p+15, "SIGNED MESSAGE-----", 19) + /* Enabling clearsigned detection for Outlook 2010 and later + would result in data loss as the signature is not reverted. */ + if (g_ol_version_major < 14 + && !strncmp (p+15, "SIGNED MESSAGE-----", 19) && trailing_ws_p (p+15+19)) msgcls = xstrdup ("IPM.Note.GpgOL.ClearSigned"); else if (!strncmp (p+15, "MESSAGE-----", 12) ----------------------------------------------------------------------- Summary of changes: src/mapihelp.cpp | 7 ++- src/mimemaker.c | 78 ++++++++++++++++++++++- src/mimemaker.h | 9 +++ src/oomhelp.cpp | 6 +- src/oomhelp.h | 3 +- src/revert.cpp | 187 +++++++++++++++++++++++++++++++++++-------------------- 6 files changed, 216 insertions(+), 74 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 00:00:57 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 03 Dec 2015 00:00:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-211-gcedbd47 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cedbd4709eed6fead9d1b271f96860c00547c77c (commit) from 69db3285e4612ad24462149a4d64cc32c090a491 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cedbd4709eed6fead9d1b271f96860c00547c77c Author: Neal H. Walfield Date: Wed Dec 2 20:51:52 2015 +0100 gpg: Use the matching key if the search description is exact. * g10/gpg.c (check_user_ids): If the search description is for an exact match (a keyid or fingerprint that ends in '!'), then use the matching key, not the primary key. * tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test. (priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc, privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc, privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc, privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc. (sample_keys): Add samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc. * tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc: New file. * tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc: New file. * tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc: New file. * tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc: New file. * tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc: New file. * tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc: New file. * tests/openpgp/use-exact-key.test: New file. * tests/openpgp/version.test: Install the new private keys. -- Signed-off-by: Neal H. Walfield Reported-by: Reported-by: Kristian Fiskerstrand Fixes-commit: 10cca02 diff --git a/g10/gpg.c b/g10/gpg.c index 5aeb94d..7741251 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2196,19 +2196,46 @@ check_user_ids (strlist_t *sp, } pk = kb->pkt->pkt.public_key; - fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); - assert (fingerprint_bin_len == sizeof (fingerprint_bin)); - bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); if ((desc.mode == KEYDB_SEARCH_MODE_SHORT_KID || desc.mode == KEYDB_SEARCH_MODE_LONG_KID || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20) && strchr (t->d, '!')) + /* Exact search. In this case we want to set FINGERPRINT not + to the primary key, but the key (primary or sub) that + matched the search criteria. Note: there will always be + exactly one match. */ { - int i = strlen (fingerprint); + kbnode_t n = kb; + PKT_public_key *match = NULL; + int i; + + do + { + if ((n->flag & 1)) + /* The matched node. */ + { + assert (! match); + match = n->pkt->pkt.public_key; + } + } + while ((n = find_next_kbnode (n, PKT_PUBLIC_SUBKEY))); + assert (match); + + fingerprint_from_pk (match, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); + + i = strlen (fingerprint); fingerprint[i] = '!'; fingerprint[i + 1] = '\0'; } + else + { + fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); + } add_to_strlist (&s2, fingerprint); s2->flags = s->flags; diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index aa13be9..914de8c 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -46,7 +46,7 @@ TESTS = version.test mds.test \ multisig.test verify.test armor.test \ import.test ecc.test 4gb-packet.test \ $(sqlite3_dependent_tests) \ - gpgtar.test \ + gpgtar.test use-exact-key.test \ finish.test @@ -81,7 +81,12 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc \ privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc \ privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc \ - privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc + privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc \ + privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc \ + privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc \ + privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc \ + privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc \ + privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc sample_keys = samplekeys/ecc-sample-1-pub.asc \ @@ -96,7 +101,8 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/dda252ebb8ebe1af-2.asc \ samplekeys/whats-new-in-2.1.asc \ samplekeys/e2e-p256-1-clr.asc \ - samplekeys/e2e-p256-1-prt.asc + samplekeys/e2e-p256-1-prt.asc \ + samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) diff --git a/tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc b/tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc new file mode 100644 index 0000000..71d9eb9 --- /dev/null +++ b/tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAqCYxh+c0mGKVkNRLiSe19rSb +OgLVJcL6dH1EnawO6klyypIbrDom7DNNTlp7TMlwQ+UsKbmT8jwkU08/awg6W9Wq +5LCABUStYrVcwJJlf3p4lBru0BSRlaKuIslpk5Powfj2lPXX6o1eRHsnxk9FTD+M +GcWkhfL9HF+Rq8vPcicpKDE6ZTM6AQABKSgxOmQxMjg6NPUmd199hJrT8TOzgIRl +vkfedZRLziNM3yBO2nvEjMxKH3uJxKHh/VUg/VLo72On/HIyiQeeDVYcuLJGTm7e +degk/9C85hT5K4VUF9+LXXDX1Vz/jQdZxq+JwUE/AdlAEC9fkFQzc0ftI832mgjR +OASwMVphqYUQERz00ve+NDUpKDE6cDY1OgDJoHlM5kAfmQ3HQsykH2QoWnxA6mTa +aiCn4XIPEsrXCiwObiwWBj3I+w2OTWbodzxWldxBsaYyVCM3bKR6eldFKSgxOnE2 +NToA1X6NuSiiTP6lQcAqnoPC37LE6PUeoohF05hVoRotOm+/sIcve7ZrgVBvELEr +q6ZU8fUeCUQoMc2ztQEHyC+0eykoMTp1NjQ6HOTajn4vJZPXy/q5sNWhQ7pZDHeJ +clqSismtIwvuCV3wMAQMIUr+OWTlGHOCYa8FnBn7PbE6TevGdDEE8CQcfCkpKQ== +=AhP7 +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc b/tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc new file mode 100644 index 0000000..688b182 --- /dev/null +++ b/tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc @@ -0,0 +1,23 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4xMjk6AOnl30hwc47r +LL9QH6g0TX1BEPdWMV4Ou6+rQOErIMAr1AOlUzpjwJllvQqf2OHnQWaTr9kbNLn7 +XUEUhjkH3uHDYMHMdyAb7YJrk3ECDqnmr34VV/F/H5BH7D6AiFktl1SpUTczPxBx +vPNlJ4joPmTm+ahfg+zL+4pVu6tIhM0LKSgxOmUzOgEAASkoOTpwcm90ZWN0ZWQx +NDpvcGVucGdwLW5hdGl2ZSgxOTpvcGVucGdwLXByaXZhdGUta2V5KDc6dmVyc2lv +bjE6NCkoNDphbGdvMzpSU0EpKDQ6c2tleTE6XzEyOToA6eXfSHBzjussv1AfqDRN +fUEQ91YxXg67r6tA4SsgwCvUA6VTOmPAmWW9Cp/Y4edBZpOv2Rs0uftdQRSGOQfe +4cNgwcx3IBvtgmuTcQIOqeavfhVX8X8fkEfsPoCIWS2XVKlRNzM/EHG882UniOg+ +ZOb5qF+D7Mv7ilW7q0iEzQsxOl8zOgEAATE6XzEyODpfHMTxVhkHswZdPZ3B7pLc +LktR6NDmaKNVyhP1/G2y95+dY+s2QT4eosp+uYWeR0XHCqNla7TDND41qrzyEAtH +iAF3OoydMK4lb0lqfKORRI4tr017wgMxRBLs82Gk5ehtI7AwSca7WvaoAJwKZp42 +th4MOeykeGRRMagJI420QTE6XzY1OgDzN2Pz0dRD20hHKF6eiqAZYaZhmA7pKWuW +jHCVXO9s6zGfn0Ds+kTQJltOxU/AULATN/ffXqTtXSiprxNUvwnbMTpfNjU6APYx +GOABYcWOpJn35eSoisB04QtOgT5OpAl/dLbeaJ+Yh9KtrY6wLf/mX03FgE+YbkIf +TmeB6tDf4RYbXCYyKJExOl82NDo5wagaIbek0F5TRtmqdVk1weEk/0XXdyG/mNIA +4l/qt/LHcduBN46qHYEKnKhyDMCBDwlSRf455FG8Oi1x+JMYKSg0OmNzdW01OjQx +MDUyKSgxMDpwcm90ZWN0aW9uNDpub25lKSkpKSk= +=hX0p +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc b/tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc new file mode 100644 index 0000000..e69c27c --- /dev/null +++ b/tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAx9HkS9EewRBeMrB/4u8wPapd +l6spEli/46To7WcmBhmvEZJdG0ZQatYNvgkREqOadsgd49onjYaCkBSJtrJrSUOS ++Mo56Ff/52ejToFyfuZs6Ky0UGm9tvKEJw3aZiGNAZ5Pyvp+Jf+xLDwvj0xHHAj8 +lEEhOSrIrGvq4yx/+nUpKDE6ZTM6AQABKSgxOmQxMjg6DfYRUGbNEko1eq8wUEfM +BBL6NRWlaf2/coVcLPIvCvASdlTWoog4KC7KiQOTKM07hp8Wz4u3hcDnMG/u60/u +BPHPHCZThYlpGLVMhQwI46NZtMcRSNBp1rhJ5dt/FEcSFvseJOgce4PD/96bB3+c +dbnvKcWM7ncRLj0wVfBzKeEpKDE6cDY1OgDanvj9klp9UkAgNwRxswOgiFOlGBsz +J4dpCZHzWDCjYUd3eGWieynAnfuvctGTaMyB5xT7RwruntbgeRgPpejZKSgxOnE2 +NToA6fv/DFn2WVRAODQVQQGGxsvO2cM847IFJu96BbbxOLaZJ536RE980c2a9q/9 +B4hOYzKV4B4NI03u5/BqoOY8/SkoMTp1NjQ6ZIvWN1fksXhQMypVTLg8R81igqS3 +GXKmQ+KrVEfTIHnXKxH7tyfDeJSS6nfpfARhAe2mP3TIrbjX+9PR+QmkgykpKQ== +=dUou +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc b/tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc new file mode 100644 index 0000000..8a4fbf6 --- /dev/null +++ b/tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToA5Hj2C3jzD8OGtLaw7+P2gYdA +fR4s4YS3/AK+kYYtbm5EX4srysyUbylbQDQXUvRzw4FPkjXbboF6KjHw8icNWHCa +zwSfPTfCDvi0JIildkfNqwBzCmNDRn++X8rvAeDCEJ/BtfcgfgmDTElSJOd+3B4X +wnmtnBW54KlR42PLobspKDE6ZTM6AQABKSgxOmQxMjg6AkvpIaKimXAwf3G1m1nl ++LEDKdo55gosry8XToQakvdeXyUerCkplTS1uax8smOQUvrIPYvvnQZ7S9wuPli3 +FWH6l/O+2Cgdti99xTSPeJRBeCuf2vv3bAgu/0tyB8MZgRRM9j5NJCeGO7o4DwRg +UkLWX2+R5p4daI2LRUfmV4EpKDE6cDY1OgDr3h6mXHrLT4qSNexzz8BAvK/PlHMA +MAJcy76lXSkl92+c4BcpjFDr5Vpaq/VXoLC4L/IlnEEqY967pAycdLH7KSgxOnE2 +NToA9/lAf6hJ4dHQ6ux5BH8DImq2OjW+sK3tIzzf6fpVkPjDuqOYidm+OL2SFCJa +ymSWdVq2gQYbkcdRXdGKVJWDQSkoMTp1NjQ6NeHBLEuc/VX+h3ifO1jyMlh+9nZs +HLkQzUyi2HnrXJ224cjvgc312wvtBQMUyLARWuEuMVMAwWofjX+GZXLz0ikpKQ== +=Rw+Y +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc b/tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc new file mode 100644 index 0000000..224ce95 --- /dev/null +++ b/tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6cnNhKDE6bjEyOToAvkUCG0xYaTIkZiTwd1wCUF8a +Q2+YdrBGjSfzCyB8DzbPozYA29eOAayDg9RuesQGISmFQ6YRSINsAogdNfZmKu8j +VMp/2mRQR6necW4OKkdtdnAI8B6Qaj/clBJt990RahXcrXG13fa0n72TpRbxmUUs +Y4KRpbCRm44rR9AAWPspKDE6ZTM6AQABKSgxOmQxMjg6IvI/yc3C60dXYh9kvzd6 +AVMGWt5zTVFhE+oDfMaxooW5q0tu6vHzViFeYmcxB4FbctnSbTNiN0RUIT7oxpGE +AAumKRejGAaMwiKZz3bMV05l0LI0Yn10GzXsLtRx+iKzpUxThZETRU43BJeMqP5/ +rVqdQAu47pClgTwQWn6bXNkpKDE6cDY1OgDXtvl8CYDL/Q+9qZDCyItE5j7X4wRV +en939fdDepuYAgsLLc7yqnDUOzajXWyx6PxygpnRs5cwmo2zbtZyyWKFKSgxOnE2 +NToA4c2I2FZT8gQLl9E3LF8TkBACZzsGb/t3mBUhYNSNZ7W6R/AkZARLI3IZOto5 +xhBrxfQayRISS2PBk390z3JlfykoMTp1NjQ6TamsumtzX7waNMzurt48kluI5Zy9 +isGpweGpp1T+4L+DiXMMAbhFW60gdqqo4+vzkn2M/M/8BPrKCw1TlDn3TSkpKQ== +=lYo+ +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc b/tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc new file mode 100644 index 0000000..a4772d4 --- /dev/null +++ b/tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc @@ -0,0 +1,45 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mI0EVl9ZyAEEAL5FAhtMWGkyJGYk8HdcAlBfGkNvmHawRo0n8wsgfA82z6M2ANvX +jgGsg4PUbnrEBiEphUOmEUiDbAKIHTX2ZirvI1TKf9pkUEep3nFuDipHbXZwCPAe +kGo/3JQSbffdEWoV3K1xtd32tJ+9k6UW8ZlFLGOCkaWwkZuOK0fQAFj7ABEBAAG0 +I0JhcnJldHQgQnJvd24gPGJhcnJldHRAZXhhbXBsZS5vcmc+iLkEEwEIACMFAlZf +WcgCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRC8Bnryi8kBEe5MA/9x +kAkLHRAw7ctTqp+ecHiOrqdXWbt9xJ0EHQX2M1wkWjqAHLEGIfPDGmO0G8MmwZhu +mAQetr258lPrcUOZ86xhpy9dacLRFf+Uk0R3nYSbYHFFht64NQFv2dvH6XaR1DfS +6tnmu0L0BY3qN0BZJHZcVn5mUA8cvOwqSUDKB8k6ebiNBFZfWcgBBADH0eRL0R7B +EF4ysH/i7zA9ql2XqykSWL/jpOjtZyYGGa8Rkl0bRlBq1g2+CRESo5p2yB3j2ieN +hoKQFIm2smtJQ5L4yjnoV//nZ6NOgXJ+5mzorLRQab228oQnDdpmIY0Bnk/K+n4l +/7EsPC+PTEccCPyUQSE5Ksisa+rjLH/6dQARAQABiJ8EGAEIAAkFAlZfWcgCGwwA +CgkQvAZ68ovJARH0kQP+IMq61Zg+kBU6eL9eKZErcMtMWuddi1KCi8gAe8V7ZmcU +8sIjKcKewDBgxmYz5siZzf993f4D0aqC/2XrNLnkuQ2P6XzpKZI2CKZXpbJH2eB0 +1F347MjDBA7P3vTwdzfVYklD3MAFC3Q42VGjbCx+OwVcODPZNfWAycQcYBvXS9G4 +jQRWX1rrAQQAqCYxh+c0mGKVkNRLiSe19rSbOgLVJcL6dH1EnawO6klyypIbrDom +7DNNTlp7TMlwQ+UsKbmT8jwkU08/awg6W9Wq5LCABUStYrVcwJJlf3p4lBru0BSR +laKuIslpk5Powfj2lPXX6o1eRHsnxk9FTD+MGcWkhfL9HF+Rq8vPcicAEQEAAYkB +PQQYAQgACQUCVl9a6wIbAgCoCRC8Bnryi8kBEZ0gBBkBCAAGBQJWX1rrAAoJEBFB +v3/193uDNhkEAIdnkbx6fKxEG6SX/GS/tBRFvvICDt9yGOJd+jmMPZoUODfd0Gkl +sO7FHRDLL2nyXgz2vhiRBDuboeG8h3oi8QPSi+cg7+EwpVMVFKpEOrtdUVXCR+oo +TLzD6z4dvdmE3+u6qrtKzkz5CsJ9CrEa0khR0b/We7GFQIpVyoD9NtNiQIkD/RX/ +oNkRG87K2TlTiObMJl7hB1Bk7Sm/E5Pl3knoCkjyo2vkmdK/bVlGBNimDlPh/r1a +ab/HTeBFjP+pMhqoLZZ8sp4gZ88wsG7AE9FxtRxQEuJKEKAz6rYFK+zl2bfSlSAn +KL1g5PAQujyLkq8qLJHrZn1imUIsBE6eOyiOWQi2uI0EVl9blQEEAOR49gt48w/D +hrS2sO/j9oGHQH0eLOGEt/wCvpGGLW5uRF+LK8rMlG8pW0A0F1L0c8OBT5I1226B +eiox8PInDVhwms8Enz03wg74tCSIpXZHzasAcwpjQ0Z/vl/K7wHgwhCfwbX3IH4J +g0xJUiTnftweF8J5rZwVueCpUeNjy6G7ABEBAAGInwQYAQgACQUCVl9blQIbDAAK +CRC8Bnryi8kBESPWA/4gTmke4A3gieDvSRWCzQ5IFkr7B+4niPy6Qitlwmvy7Wdr +xNSlZJpSN1UBBurIH4wcPV7nlKMuv60eb00llaBSH1HgAfcbyv35EC39Cgz5Ffaf +7f6EgIPjMGw9Ca1VNEWsfZnPfTz/JPiYzjjyC6N7nhfav4XjXxdicDHUz1pJubiN +BFZfbpwBBADp5d9IcHOO6yy/UB+oNE19QRD3VjFeDruvq0DhKyDAK9QDpVM6Y8CZ +Zb0Kn9jh50Fmk6/ZGzS5+11BFIY5B97hw2DBzHcgG+2Ca5NxAg6p5q9+FVfxfx+Q +R+w+gIhZLZdUqVE3Mz8QcbzzZSeI6D5k5vmoX4Psy/uKVburSITNCwARAQABiQE9 +BBgBCAAJBQJWX26cAhsCAKgJELwGevKLyQERnSAEGQEIAAYFAlZfbpwACgkQvKQ8 +RB6pdHlhowQA2zOO2inuV/Z4Hl5PCDljiChFrKlddXkkdD7vXbdRh2XrQXMttmWW +9a2NoeYsI4GyRb0T9fT0c7hDgY1NY3k+UHB+ex33xH7X6YADW8mY01q2zJqec9IY +P2eBAHZrHImlBGStWX+VVHGtZwsDvR/gxkZkYnN1GFPN2ll0z81O0CjjWAP/delj +0OY6Vc00SxfKJPb1ralpLIEMgRJWOayISHt6J4L1EGVVFs3gs9dqBQQ++65Iw55L +m4+nieZzExTvSvYVBRbdWBgIJ1mFElHEy2KfeWzMA88pTMBssmH3xIGlkub/guWc +OZSqAC5pVGPYCcXie7mx1k+5DrnQUgaf11zdvzI= +=Htgs +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 0d9490a..20d9f51 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -13,3 +13,4 @@ dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision. whats-new-in-2.1.asc Collection of sample keys. e2e-p256-1-clr.asc Google End-end-End test key (no protection) e2e-p256-1-prt.asc Ditto, but protected with passphrase "a". +E657FB607BB4F21C90BB6651BC067AF28BC90111.asc Key with subkeys (no protection) diff --git a/tests/openpgp/use-exact-key.test b/tests/openpgp/use-exact-key.test new file mode 100755 index 0000000..cbbd009 --- /dev/null +++ b/tests/openpgp/use-exact-key.test @@ -0,0 +1,55 @@ +#!/bin/sh + +. $srcdir/defs.inc || exit 3 + +# set -x + +# Make sure $srcdir is set. +if test "x$srcdir" = x +then + echo srcdir environment variable not set! + exit 1 +fi + +# Import the sample key +# +# pub 1024R/8BC90111 2015-12-02 +# Key fingerprint = E657 FB60 7BB4 F21C 90BB 6651 BC06 7AF2 8BC9 0111 +# uid [ultimate] Barrett Brown +# sub 1024R/3E880CFF 2015-12-02 (encryption) +# sub 1024R/F5F77B83 2015-12-02 (signing) +# sub 1024R/45117079 2015-12-02 (encryption) +# sub 1024R/1EA97479 2015-12-02 (signing) +info "Importing public key." +if $GPG --import $srcdir/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc +then + : +else + error "$k: import failed" +fi + +# By default, the most recent, valid signing subkey (1EA97479). +for x in 8BC90111 3E880CFF F5F77B83 45117079 1EA97479 +do + if ! echo | $GPG -s -u "$x" | $GPG --verify --status-fd=1 \ + | grep -q 'VALIDSIG 5FBA84ACE02DCB17DA3DFF6BBCA43C441EA97479' + then + echo | $GPG -s -u "$x" | $GPG --verify --status-fd=2 + error "Unexpected key used for signing (not the signing subkey, specified \"$x\")." + exit 1 + fi +done + +# But, if we request a particular signing key, we should get it. +for x in 8BC90111 F5F77B83 1EA97479 +do + if ! echo | $GPG -s -u "$x!" | $GPG --verify --status-fd=1 \ + | grep -q "VALIDSIG [0-9A-F]*$x " + then + echo | $GPG -s -u "$x!" | $GPG --verify --status-fd=2 + error "Unexpected key used for signing (specified: \"$x!\")." + exit 1 + fi +done + +exit 0 diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index 057bcf0..cb3ffa8 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -74,7 +74,12 @@ for i in 50B2D4FA4122C212611048BC5FC31BD44393626E \ 0D6F6AD4C4C803B25470F9104E9F4E6A4CA64255 \ FD692BD59D6640A84C8422573D469F84F3B98E53 \ 76F7E2B35832976B50A27A282D9B87E44577EB66 \ - A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD ; do + A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD \ + 00FE67F28A52A8AA08FFAED20AF832DA916D1985 \ + 1DF48228FEFF3EC2481B106E0ACA8C465C662CC5 \ + A2832820DC9F40751BDCD375BB0945BA33EC6B4C \ + ADE710D74409777B7729A7653373D820F67892E0 \ + CEFC51AF91F68A2904FBFF62C4F075A4785B803F; do $GPG --dearmor < $srcdir/privkeys/$i.asc > private-keys-v1.d/$i.key done ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 35 ++++++++++++-- tests/openpgp/Makefile.am | 12 +++-- .../00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc | 17 +++++++ .../1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc | 23 +++++++++ .../A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc | 17 +++++++ .../ADE710D74409777B7729A7653373D820F67892E0.asc | 17 +++++++ .../CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc | 17 +++++++ .../E657FB607BB4F21C90BB6651BC067AF28BC90111.asc | 45 ++++++++++++++++++ tests/openpgp/samplekeys/README | 1 + tests/openpgp/use-exact-key.test | 55 ++++++++++++++++++++++ tests/openpgp/version.test | 7 ++- 11 files changed, 238 insertions(+), 8 deletions(-) create mode 100644 tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc create mode 100644 tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc create mode 100644 tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc create mode 100644 tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc create mode 100644 tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc create mode 100644 tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc create mode 100755 tests/openpgp/use-exact-key.test hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 00:54:05 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 03 Dec 2015 00:54:05 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-212-g11b2691 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 11b2691eddc42e91651e4f95dd2731255a3e9211 (commit) from cedbd4709eed6fead9d1b271f96860c00547c77c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 11b2691eddc42e91651e4f95dd2731255a3e9211 Author: NIIBE Yutaka Date: Thu Dec 3 08:48:51 2015 +0900 scd: Fix for Curve25519 prefix handling. * scd/app-openpgp.c (do_decipher): More condition for AES decipher. Handle the prefix in cipher text. Always add the prefix in result. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 0fcfffe..ed1bce6 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4114,7 +4114,8 @@ do_decipher (app_t app, const char *keyidstr, if (rc) return rc; - if (indatalen == 16 + 1 || indatalen == 32 + 1) + if (indatalen == 16 + 1 || indatalen == 32 + 1 + && ((char *)indata)[0] == 0x02) /* PSO:DECIPHER with symmetric key. */ padind = -1; else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) @@ -4172,6 +4173,16 @@ do_decipher (app_t app, const char *keyidstr, } else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC) { + if (app->app_local->keyattr[1].ecc.flags + && (indatalen%2)) + { /* + * Skip the prefix. It may be 0x40 (in new format), or MPI + * head of 0x00 (in old format). + */ + indata++; + indatalen--; + } + fixuplen = 7; fixbuf = xtrymalloc (fixuplen + indatalen); if (!fixbuf) @@ -4211,6 +4222,20 @@ do_decipher (app_t app, const char *keyidstr, indata, indatalen, le_value, padind, outdata, outdatalen); xfree (fixbuf); + if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC + && app->app_local->keyattr[1].ecc.flags) + { /* Add the prefix 0x40 */ + fixbuf = xtrymalloc (*outdatalen + 1); + if (!fixbuf) + { + xfree (outdata); + return gpg_error_from_syserror (); + } + xfree (outdata); + outdata = fixbuf; + outdata[0] = 0x40; + *outdatalen = *outdatalen + 1; + } if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */ && app->app_local->manufacturer == 5 ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 03:36:00 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 03 Dec 2015 03:36:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-213-gf42c50d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 (commit) from 11b2691eddc42e91651e4f95dd2731255a3e9211 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 Author: NIIBE Yutaka Date: Thu Dec 3 11:26:24 2015 +0900 scd: Fix "Conflicting usage" bug. * scd/apdu.c (apdu_close_reader): Call CLOSE_READER method even if we got an error from apdu_disconnect. * scd/app-common.h (no_reuse): Remove. * scd/app.c (application_notify_card_reset): Deallocate APP here. (select_application, release_application): Don't use NO_REUSE. -- Reproducible scenario: Invoke gpg --card-edit session from a terminal. Invoke another gpg --card-edit session from another. Remove a token. Insert a token again. Type RET on both terminals. One of terminal answers "Conflicting usage". Perhaps, having NO_REUSE field was to avoid race conditions. Now, APP can be safely deallocated by application_notify_card_reset. Thanks to the2nd. diff --git a/scd/apdu.c b/scd/apdu.c index eb3d4b6..95a2561 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3215,9 +3215,12 @@ apdu_close_reader (int slot) sw = apdu_disconnect (slot); if (sw) { + /* + * When the reader/token was removed it might come here. + * It should go through to call CLOSE_READER even if we got an error. + */ if (DBG_READER) - log_debug ("leave: apdu_close_reader => 0x%x (apdu_disconnect)\n", sw); - return sw; + log_debug ("apdu_close_reader => 0x%x (apdu_disconnect)\n", sw); } if (reader_table[slot].close_reader) { diff --git a/scd/app-common.h b/scd/app-common.h index 379bcd1..b4bb55b 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -47,11 +47,6 @@ struct app_ctx_s { operations the particular function pointer is set to NULL */ unsigned int ref_count; - /* Flag indicating that a reset has been done for that application - and that this context is merely lingering and just should not be - reused. */ - int no_reuse; - /* Used reader slot. */ int slot; diff --git a/scd/app.c b/scd/app.c index 49e08e6..5e6751e 100644 --- a/scd/app.c +++ b/scd/app.c @@ -175,9 +175,12 @@ application_notify_card_reset (int slot) /* FIXME: We are ignoring any error value here. */ lock_reader (slot, NULL); - /* Mark application as non-reusable. */ + /* Release the APP, as it's not reusable any more. */ if (lock_table[slot].app) - lock_table[slot].app->no_reuse = 1; + { + deallocate_app (lock_table[slot].app); + lock_table[slot].app = NULL; + } /* Deallocate a saved application for that slot, so that we won't try to reuse it. If there is no saved application, set a flag so @@ -251,16 +254,6 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) return gpg_error (GPG_ERR_CONFLICT); } - /* Don't use a non-reusable marked application. */ - if (app && app->no_reuse) - { - unlock_reader (slot); - log_info ("lingering application '%s' in use by reader %d" - " - can't switch\n", - app->apptype? app->apptype:"?", slot); - return gpg_error (GPG_ERR_CONFLICT); - } - /* If we don't have an app, check whether we have a saved application for that slot. This is useful so that a card does not get reset even if only one session is using the card - this @@ -495,15 +488,7 @@ release_application (app_t app) if (lock_table[slot].last_app) deallocate_app (lock_table[slot].last_app); - if (app->no_reuse) - { - /* If we shall not re-use the application we can't save it for - later use. */ - deallocate_app (app); - lock_table[slot].last_app = NULL; - } - else - lock_table[slot].last_app = lock_table[slot].app; + lock_table[slot].last_app = lock_table[slot].app; lock_table[slot].app = NULL; unlock_reader (slot); } ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 7 +++++-- scd/app-common.h | 5 ----- scd/app.c | 27 ++++++--------------------- 3 files changed, 11 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 10:44:33 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 10:44:33 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-214-g9fcc047 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9fcc047d921bde95b6807325b7fd2b697e89907f (commit) from f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fcc047d921bde95b6807325b7fd2b697e89907f Author: Werner Koch Date: Thu Dec 3 10:39:29 2015 +0100 gpg: Change some error messages. * g10/getkey.c (parse_def_secret_key): Change error message. Replace log_debug by log_info. * g10/gpg.c (check_user_ids): Make function static. Change error messages. (main): Change error messages. * g10/revoke.c (gen_revoke): Ditto. -- There are other smaller changes not described above. This change tries to avoid new error messages so not to increase the the number of translated strings or break too many existing translations. It also tries to use existing strings and changes the quoting to the most common style used in gpg. Key specifications should in general use double quotes. Other values should use single quotes. However. sometimes it is not easy to distinguish between values given on the command line and key specifications. According to old GNU coding standards diagnostics should not start capitalized - whether this is a good idea is a different thing but we used this rules for most strings. However, strings which are used interactively should be properly capitalized and end with a dot. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 88d8c65..7d69912 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1148,8 +1148,10 @@ parse_def_secret_key (ctrl_t ctrl) err = classify_user_id (t->d, &desc, 1); if (err) { - log_error (_("Invalid value ('%s') for --default-key.\n"), - t->d); + log_error (_("secret key \"%s\" not found: %s\n"), + t->d, gpg_strerror (err)); + if (!opt.quiet) + log_info (_("(check argument of option '%s')\n"), "--default-key"); continue; } @@ -1164,8 +1166,7 @@ parse_def_secret_key (ctrl_t ctrl) if (err) { - log_error (_("Error reading from keyring: %s.\n"), - gpg_strerror (err)); + log_error (_("key \"%s\" not found: %s\n"), t->d, gpg_strerror (err)); t = NULL; break; } @@ -1183,7 +1184,7 @@ parse_def_secret_key (ctrl_t ctrl) if (! err) { if (! warned) - log_debug (_("Using %s as default secret key.\n"), t->d); + log_info (_("using \"%s\" as default secret key\n"), t->d); break; } } diff --git a/g10/gpg.c b/g10/gpg.c index 7741251..225ca9a 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2083,7 +2083,8 @@ get_default_configname (void) return configname; } -gpg_error_t + +static gpg_error_t check_user_ids (strlist_t *sp, int warn_possibly_ambiguous, int error_if_not_found) @@ -2137,7 +2138,8 @@ check_user_ids (strlist_t *sp, if (! rc) rc = err; - log_error (_("Invalid value ('%s')."), t->d); + log_error (_("key \"%s\" not found: %s\n"), + t->d, gpg_strerror (err)); if (!opt.quiet) log_info (_("(check argument of option '%s')\n"), option); continue; @@ -2148,8 +2150,8 @@ check_user_ids (strlist_t *sp, || desc.mode == KEYDB_SEARCH_MODE_FPR16 || desc.mode == KEYDB_SEARCH_MODE_FPR20 || desc.mode == KEYDB_SEARCH_MODE_FPR)) - log_info (_("Warning: value '%s' for %s" - " should be a long keyid or a fingerprint.\n"), + log_info (_("Warning: value '%s' for option '%s'" + " should be a long key ID or a fingerprint\n"), t->d, option); if (! hd) @@ -2168,7 +2170,8 @@ check_user_ids (strlist_t *sp, if (! rc) rc = err; - log_error (_("no such key corresponding to '%s'\n"), t->d); + log_error (_("key \"%s\" not found: %s\n"), + t->d, gpg_strerror (err)); if (!opt.quiet) log_info (_("(check argument of option '%s')\n"), option); } @@ -2179,8 +2182,7 @@ check_user_ids (strlist_t *sp, if (! rc) rc = err; - log_error (_("error looking up '%s' in keyring: %s.\n"), - t->d, gpg_strerror (err)); + log_error (_("key \"%s\" not found: %s\n"), t->d, gpg_strerror (err)); break; } @@ -2190,8 +2192,7 @@ check_user_ids (strlist_t *sp, if (! rc) rc = err; - log_error (_("error reading key block for '%s': %s\n"), - t->d, gpg_strerror (err)); + log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); continue; } @@ -2254,8 +2255,7 @@ check_user_ids (strlist_t *sp, size_t fingerprint_bin2_len = sizeof (fingerprint_bin2); char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1]; - log_error (_("Error: the key specification '%s' is ambiguous.\n"), - t->d); + log_error (_("key specification '%s' is ambiguous\n"), t->d); if (!opt.quiet) log_info (_("(check argument of option '%s')\n"), option); @@ -2264,8 +2264,7 @@ check_user_ids (strlist_t *sp, err = keydb_get_keyblock (hd, &kb); if (err) - log_error (_("error reading key block for '%s': %s.\n"), - t->d, gpg_strerror (err)); + log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); else { pk = kb->pkt->pkt.public_key; @@ -2273,8 +2272,12 @@ check_user_ids (strlist_t *sp, assert (fingerprint_bin2_len == sizeof (fingerprint_bin2)); bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2); - log_error ("'%s' matches at least: %s and %s.\n", - t->d, fingerprint, fingerprint2); + /* TRANSLATORS: The %s prints a key specification which + for example has been given at the command line. Two + lines with fingerprints are printed after this message. */ + log_info (_("'%s' matches at least:\n"), t->d); + log_info (" %s\n", fingerprint); + log_info (" %s\n", fingerprint2); release_kbnode (kb); } @@ -2283,7 +2286,7 @@ check_user_ids (strlist_t *sp, || gpg_err_code (err) == GPG_ERR_EOF)) /* An error (other than "not found"). */ { - log_error (_("Error reading from keyring: %s\n"), + log_error (_("error searching the keyring: %s\n"), gpg_strerror (err)); if (! rc) rc = err; @@ -2300,6 +2303,7 @@ check_user_ids (strlist_t *sp, return rc; } + int main (int argc, char **argv) { @@ -3986,9 +3990,11 @@ main (int argc, char **argv) sl->flags = (oEncryptToDefaultKey << 2) | 1; } else if (have_def_secret_key) - log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n")); + log_info (_("option '%s' given, but no valid default keys given\n"), + "--encrypt-to-default-key"); else - log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n")); + log_info (_("option '%s' given, but option '%s' not given\n"), + "--encrypt-to-default-key", "--default-key"); } } @@ -4735,7 +4741,8 @@ main (int argc, char **argv) rc = classify_user_id (argv[i], &desc, 0); if (rc) { - log_error (_("Failed to parse '%s'.\n"), argv[i]); + log_error (_("error parsing key specification '%s': %s\n"), + argv[i], gpg_strerror (rc)); g10_exit (1); } @@ -4747,7 +4754,7 @@ main (int argc, char **argv) || desc.mode == KEYDB_SEARCH_MODE_KEYGRIP)) { log_error (_("'%s' does not appear to be a valid" - " key id, fingerprint or key grip.\n"), + " key ID, fingerprint or keygrip\n"), argv[i]); g10_exit (1); } @@ -4755,27 +4762,26 @@ main (int argc, char **argv) rc = keydb_search_reset (hd); if (rc) { - log_error (_("Failed to reset keyring handle.\n")); + /* This should not happen, thus no need to tranalate + the string. */ + log_error ("keydb_search_reset failed: %s\n", + gpg_strerror (rc)); g10_exit (1); } rc = keydb_search (hd, &desc, 1, NULL); - if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY) - { - log_error (_("Key '%s' is not available\n"), argv[i]); - g10_exit (1); - } - else if (rc) + if (rc) { - log_error (_("Failed to find key '%s'\n"), argv[i]); + log_error (_("key \"%s\" not found: %s\n"), argv[i], + gpg_strerror (rc)); g10_exit (1); } rc = keydb_get_keyblock (hd, &kb); if (rc) { - log_error (_("Failed to read key '%s' from the keyring\n"), - argv[i]); + log_error (_("error reading keyblock: %s\n"), + gpg_strerror (rc)); g10_exit (1); } diff --git a/g10/keyedit.c b/g10/keyedit.c index d7c70e6..a3feb79 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -618,7 +618,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, if (opt.only_sign_text_ids && uidnode->pkt->pkt.user_id->attribs) { - tty_fprintf (fp, _("Skipping User ID \"%s\"," + tty_fprintf (fp, _("Skipping user ID \"%s\"," " which is not a text ID.\n"), user); uidnode->flag &= ~NODFLG_MARK_A; @@ -4983,7 +4983,7 @@ menu_select_key (KBNODE keyblock, int idx, char *p) if (found_one) return 1; - tty_printf (_("No subkey with keyid %s\n"), p); + tty_printf (_("No subkey with key ID '%s'.\n"), p); return 0; } diff --git a/g10/keygen.c b/g10/keygen.c index 4296fe7..b3367a4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2538,7 +2538,8 @@ ask_user_id (int mode, int full, KBNODE keyblock) if( strpbrk( aname, "<>" ) ) { tty_printf(_("Invalid character in name\n")); - tty_printf(_("The characters < and > may not appear in name\n")); + tty_printf(_("The characters '%s' and '%s' may not " + "appear in name\n"), "<", ">"); } else if( digitp(aname) ) tty_printf(_("Name may not start with a digit\n")); diff --git a/g10/misc.c b/g10/misc.c index 861ba87..547944d 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1705,7 +1705,7 @@ additional_weak_digest (const char* digestname) if (algo == GCRY_MD_NONE) { - log_error(_("Unknown weak digest '%s'\n"), digestname); + log_error (_("unknown weak digest '%s'\n"), digestname); return; } diff --git a/g10/revoke.c b/g10/revoke.c index 8599d17..99242d1 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -615,10 +615,9 @@ gen_revoke (const char *uname) if (rc) { if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) - log_error (_("no secret key matches the search term \"%s\"\n"), - uname); + log_error (_("secret key \"%s\" not found\n"), uname); else - log_error (_("error looking up secret key \"%s\": %s\n"), + log_error (_("secret key \"%s\" not found: %s\n"), uname, gpg_strerror (rc)); goto leave; } @@ -640,6 +639,9 @@ gen_revoke (const char *uname) { char *info; + /* TRANSLATORS: The %s prints a key specification which + for example has been given at the command line. Several lines + lines with secret key infos are printed after this message. */ log_error (_("'%s' matches multiple secret keys:\n"), uname); info = format_seckey_info (keyblock->pkt->pkt.public_key); @@ -651,7 +653,7 @@ gen_revoke (const char *uname) while (! rc) { info = format_seckey_info (keyblock->pkt->pkt.public_key); - log_error (" %s\n", info); + log_info (" %s\n", info); xfree (info); release_kbnode (keyblock); keyblock = NULL; ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 11 +++++----- g10/gpg.c | 66 ++++++++++++++++++++++++++++++++--------------------------- g10/keyedit.c | 4 ++-- g10/keygen.c | 3 ++- g10/misc.c | 2 +- g10/revoke.c | 10 +++++---- 6 files changed, 53 insertions(+), 43 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 12:31:00 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 12:31:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-217-g5e2c5e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827 (commit) via 50a568e7380752454c029eac2b57d8803b1cb287 (commit) via a28ac99efead8be73ea1704abe1611ccc4811c54 (commit) from 9fcc047d921bde95b6807325b7fd2b697e89907f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827 Author: Werner Koch Date: Thu Dec 3 12:25:37 2015 +0100 gpg: Add variant of 'key "%s" not found: %s' error message. * g10/gpg.c (check_user_ids): Change error message. * g10/delkey.c (do_delete_key): Ditto. Signed-off-by: Werner Koch diff --git a/g10/delkey.c b/g10/delkey.c index b8c03a1..b0a2b0d 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -116,7 +116,7 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) if (secret && !have_secret_key_with_kid (keyid)) { err = gpg_error (GPG_ERR_NOT_FOUND); - log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err)); + log_error (_("key \"%s\" not found\n"), username); write_status_text (STATUS_DELETE_PROBLEM, "1"); goto leave; } diff --git a/g10/gpg.c b/g10/gpg.c index 34d436f..93090eb 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2177,8 +2177,7 @@ check_user_ids (strlist_t *sp, if (! rc) rc = err; - log_error (_("key \"%s\" not found: %s\n"), - t->d, gpg_strerror (err)); + log_error (_("key \"%s\" not found\n"), t->d); if (!opt.quiet) log_info (_("(check argument of option '%s')\n"), option); } commit 50a568e7380752454c029eac2b57d8803b1cb287 Author: Werner Koch Date: Thu Dec 3 12:19:30 2015 +0100 gpg: Make keyidlist more robust in case of errors. * g10/keyserver.c (keyidlist): Clear *KLIST on error. Signed-off-by: Werner Koch diff --git a/g10/keyserver.c b/g10/keyserver.c index e9de496..cf671c9 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1346,7 +1346,10 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) leave: if(rc) - xfree(*klist); + { + xfree(*klist); + *klist = NULL; + } xfree(desc); keydb_release(kdbhd); release_kbnode(keyblock); commit a28ac99efead8be73ea1704abe1611ccc4811c54 Author: Werner Koch Date: Thu Dec 3 12:18:32 2015 +0100 gpg: Take care of keydb_new returning NULL. * g10/keydb.c (keydb_new): Print an error message if needed. Also use xtrycalloc because we return an error anyway. * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. * g10/export.c (do_export_stream): Ditto. * g10/getkey.c (get_pubkey): Ditto. (get_pubkey_fast): Ditto. (get_pubkeyblock): Ditto. (get_seckey): Ditto. (key_byname): Ditto. (get_pubkey_byfprint): Ditto. (get_pubkey_byfprint_fast): Ditto. (parse_def_secret_key): Ditto. (have_secret_key_with_kid): Ditto. * g10/import.c (import_one): Ditto. (import_revoke_cert): Ditto. * g10/keyedit.c (keyedit_quick_adduid): Ditto. * g10/keygen.c (quick_generate_keypair): Ditto. (do_generate_keypair): Ditto. * g10/trustdb.c (validate_keys): Ditto. * g10/keyserver.c (keyidlist): Ditto. * g10/revoke.c (gen_desig_revoke): Ditto. (gen_revoke): Ditto. * g10/gpg.c (check_user_ids): Ditto. (main): Do not print an error message for keydb_new error. * g10/keylist.c (list_all): Use actual error code returned by keydb_new. * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. * g10/t-keydb.c (do_test): Ditto. * g10/keyring.c (keyring_new): Actually return an error so that the existing keydb_new error checking makes sense for a keyring resource. (keyring_rebuild_cache): Take care of keyring_new returning an error. -- Commit 04a6b903 changed keydb_new to return an error. However the error was not checked at most places which we fix with this patch. To make things easier keydb_new prints an error message itself. Signed-off-by: Werner Koch diff --git a/g10/delkey.c b/g10/delkey.c index 063de78..b8c03a1 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -65,6 +65,8 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) *r_sec_avail = 0; hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); /* Search the userid. */ err = classify_user_id (username, &desc, 1); diff --git a/g10/export.c b/g10/export.c index 1d71c1c..f7ad1b2 100644 --- a/g10/export.c +++ b/g10/export.c @@ -857,6 +857,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, *any = 0; init_packet (&pkt); kdbhd = keydb_new (); + if (!kdbhd) + return gpg_error_from_syserror (); /* For the DANE format override the options. */ if ((options & EXPORT_DANE_FORMAT)) diff --git a/g10/getkey.c b/g10/getkey.c index 7d69912..b09d967 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -424,6 +424,11 @@ get_pubkey (PKT_public_key * pk, u32 * keyid) ctx.exact = 1; /* Use the key ID exactly as given. */ ctx.not_allocated = 1; ctx.kr_handle = keydb_new (); + if (!ctx.kr_handle) + { + rc = gpg_error_from_syserror (); + goto leave; + } ctx.nitems = 1; ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID; ctx.items[0].u.kid[0] = keyid[0]; @@ -482,6 +487,8 @@ get_pubkey_fast (PKT_public_key * pk, u32 * keyid) #endif hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); rc = keydb_search_kid (hd, keyid); if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { @@ -528,6 +535,8 @@ get_pubkeyblock (u32 * keyid) /* No need to set exact here because we want the entire block. */ ctx.not_allocated = 1; ctx.kr_handle = keydb_new (); + if (!ctx.kr_handle) + return NULL; ctx.nitems = 1; ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID; ctx.items[0].u.kid[0] = keyid[0]; @@ -552,6 +561,8 @@ get_seckey (PKT_public_key *pk, u32 *keyid) ctx.exact = 1; /* Use the key ID exactly as given. */ ctx.not_allocated = 1; ctx.kr_handle = keydb_new (); + if (!ctx.kr_handle) + return gpg_error_from_syserror (); ctx.nitems = 1; ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID; ctx.items[0].u.kid[0] = keyid[0]; @@ -748,6 +759,13 @@ key_byname (GETKEY_CTX *retctx, strlist_t namelist, ctx->want_secret = want_secret; ctx->kr_handle = keydb_new (); + if (!ctx->kr_handle) + { + rc = gpg_error_from_syserror (); + getkey_end (ctx); + return rc; + } + if (!ret_kb) ret_kb = &help_kb; @@ -1068,6 +1086,9 @@ get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, ctx.exact = 1; ctx.not_allocated = 1; ctx.kr_handle = keydb_new (); + if (!ctx.kr_handle) + return gpg_error_from_syserror (); + ctx.nitems = 1; ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16 : KEYDB_SEARCH_MODE_FPR20; @@ -1106,6 +1127,9 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, fprbuf[i++] = 0; hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); + rc = keydb_search_fpr (hd, fprbuf); if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) { @@ -1156,10 +1180,15 @@ parse_def_secret_key (ctrl_t ctrl) } if (! hd) - hd = keydb_new (); + { + hd = keydb_new (); + if (!hd) + return NULL; + } else keydb_search_reset (hd); + err = keydb_search (hd, &desc, 1, NULL); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) continue; @@ -3148,7 +3177,11 @@ parse_auto_key_locate (char *options) } -/* For documentation see keydb.h. */ +/* Returns true if a secret key is available for the public key with + key id KEYID; returns false if not. This function ignores legacy + keys. Note: this is just a fast check and does not tell us whether + the secret key is valid; this check merely indicates whether there + is some secret key with the specified key id. */ int have_secret_key_with_kid (u32 *keyid) { @@ -3160,6 +3193,8 @@ have_secret_key_with_kid (u32 *keyid) int result = 0; kdbhd = keydb_new (); + if (!kdbhd) + return 0; memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_LONG_KID; desc.u.kid[0] = keyid[0]; @@ -3187,9 +3222,8 @@ have_secret_key_with_kid (u32 *keyid) assert (node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY); - if (agent_probe_secret_key (NULL, node->pkt->pkt.public_key) == 0) - /* Not available. */ - result = 1; + if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key)) + result = 1; /* Secret key available. */ else result = 0; diff --git a/g10/gpg.c b/g10/gpg.c index 225ca9a..34d436f 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2155,7 +2155,14 @@ check_user_ids (strlist_t *sp, t->d, option); if (! hd) - hd = keydb_new (); + { + hd = keydb_new (); + if (!hd) + { + rc = gpg_error_from_syserror (); + break; + } + } else keydb_search_reset (hd); @@ -2295,8 +2302,7 @@ check_user_ids (strlist_t *sp, strlist_rev (&s2); - if (hd) - keydb_release (hd); + keydb_release (hd); free_strlist (s); *sp = s2; @@ -4728,10 +4734,7 @@ main (int argc, char **argv) hd = keydb_new (); if (! hd) - { - log_error (_("Failed to open the keyring DB.\n")); - g10_exit (1); - } + g10_exit (1); for (i = 1; i < argc; i ++) { diff --git a/g10/import.c b/g10/import.c index e1577b8..518e97f 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1071,7 +1071,11 @@ import_one (ctrl_t ctrl, } else if (rc ) /* Insert this key. */ { - KEYDB_HANDLE hd = keydb_new (); + KEYDB_HANDLE hd; + + hd = keydb_new (); + if (!hd) + return gpg_error_from_syserror (); rc = keydb_locate_writable (hd); if (rc) @@ -1136,6 +1140,11 @@ import_one (ctrl_t ctrl, /* Now read the original keyblock again so that we can use that handle for updating the keyblock. */ hd = keydb_new (); + if (!hd) + { + rc = gpg_error_from_syserror (); + goto leave; + } keydb_disable_caching (hd); rc = keydb_search_fpr (hd, fpr2); if (rc ) @@ -1846,6 +1855,12 @@ import_revoke_cert( const char *fname, kbnode_t node, struct stats_s *stats ) /* Read the original keyblock. */ hd = keydb_new (); + if (!hd) + { + rc = gpg_error_from_syserror (); + goto leave; + } + { byte afp[MAX_FINGERPRINT_LEN]; size_t an; diff --git a/g10/keydb.c b/g10/keydb.c index 8a68980..97dfb5f 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -754,17 +754,26 @@ keydb_dump_stats (void) } +/* Create a new database handle. A database handle is similar to a + file handle: it contains a local file position. This is used when + searching: subsequent searches resume where the previous search + left off. To rewind the position, use keydb_search_reset(). This + function returns NULL on error, sets ERRNO, and prints an error + diagnostic. */ KEYDB_HANDLE keydb_new (void) { KEYDB_HANDLE hd; int i, j; int die = 0; + int reterrno; if (DBG_CLOCK) log_clock ("keydb_new"); - hd = xmalloc_clear (sizeof *hd); + hd = xtrycalloc (1, sizeof *hd); + if (!hd) + goto leave; hd->found = -1; hd->saved_found = -1; hd->is_reset = 1; @@ -781,7 +790,10 @@ keydb_new (void) hd->active[j].token = all_resources[i].token; hd->active[j].u.kr = keyring_new (all_resources[i].token); if (!hd->active[j].u.kr) - die = 1; + { + reterrno = errno; + die = 1; + } j++; break; case KEYDB_RESOURCE_TYPE_KEYBOX: @@ -789,7 +801,10 @@ keydb_new (void) hd->active[j].token = all_resources[i].token; hd->active[j].u.kb = keybox_new_openpgp (all_resources[i].token, 0); if (!hd->active[j].u.kb) - die = 1; + { + reterrno = errno; + die = 1; + } j++; break; } @@ -801,9 +816,15 @@ keydb_new (void) if (die) { keydb_release (hd); + gpg_err_set_errno (reterrno); hd = NULL; } + leave: + if (!hd) + log_error (_("error opening key DB: %s\n"), + gpg_strerror (gpg_error_from_syserror())); + return hd; } diff --git a/g10/keydb.h b/g10/keydb.h index 1848316..919f3fd 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -186,10 +186,8 @@ gpg_error_t keydb_add_resource (const char *url, unsigned int flags); /* Dump some statistics to the log. */ void keydb_dump_stats (void); -/* Create a new database handle. A database handle is similar to a - file handle: it contains a local file position. This is used when - searching: subsequent searches resume where the previous search - left off. To rewind the position, use keydb_search_reset(). */ +/* Create a new database handle. Returns NULL on error, sets ERRNO, + and prints an error diagnostic. */ KEYDB_HANDLE keydb_new (void); /* Free all resources owned by the database handle. */ @@ -580,11 +578,8 @@ int get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, int get_pubkey_byfprint_fast (PKT_public_key *pk, const byte *fprint, size_t fprint_len); -/* Return whether a secret key is available for the public key with - key id KEYID. This function ignores legacy keys. Note: this is - just a fast check and does not tell us whether the secret key is - valid; this check merely indicates whether there is some secret key - with the specified key id. */ +/* Returns true if a secret key is available for the public key with + key id KEYID. */ int have_secret_key_with_kid (u32 *keyid); /* Parse the --default-key parameter. Returns the last key (in terms diff --git a/g10/keyedit.c b/g10/keyedit.c index a3feb79..0a4766e 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2386,6 +2386,12 @@ keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) /* Search the key; we don't want the whole getkey stuff here. */ kdbhd = keydb_new (); + if (!kdbhd) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = classify_user_id (username, &desc, 1); if (!err) err = keydb_search (kdbhd, &desc, 1, NULL); diff --git a/g10/keygen.c b/g10/keygen.c index b3367a4..a1f449e 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -3533,6 +3533,9 @@ quick_generate_keypair (ctrl_t ctrl, const char *uid) desc.u.name = uid; kdbhd = keydb_new (); + if (!kdbhd) + goto leave; + err = keydb_search (kdbhd, &desc, 1, NULL); keydb_release (kdbhd); if (gpg_err_code (err) != GPG_ERR_NOT_FOUND) @@ -4148,12 +4151,18 @@ do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, } else if (!err) /* Write to the standard keyrings. */ { - KEYDB_HANDLE pub_hd = keydb_new (); + KEYDB_HANDLE pub_hd; - err = keydb_locate_writable (pub_hd); - if (err) - log_error (_("no writable public keyring found: %s\n"), - gpg_strerror (err)); + pub_hd = keydb_new (); + if (!pub_hd) + err = gpg_error_from_syserror (); + else + { + err = keydb_locate_writable (pub_hd); + if (err) + log_error (_("no writable public keyring found: %s\n"), + gpg_strerror (err)); + } if (!err && opt.verbose) { diff --git a/g10/keylist.c b/g10/keylist.c index 58c0a96..b2836e8 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -505,7 +505,7 @@ list_all (ctrl_t ctrl, int secret, int mark_secret) hd = keydb_new (); if (!hd) - rc = gpg_error (GPG_ERR_GENERAL); + rc = gpg_error_from_syserror (); else rc = keydb_search_first (hd); if (rc) diff --git a/g10/keyring.c b/g10/keyring.c index cf67eb0..6ba5202 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -250,7 +250,7 @@ keyring_is_writable (void *token) /* Create a new handle for the resource associated with TOKEN. - + On error NULL is returned and ERRNO is set. The returned handle must be released using keyring_release (). */ KEYRING_HANDLE keyring_new (void *token) @@ -260,7 +260,9 @@ keyring_new (void *token) assert (resource); - hd = xmalloc_clear (sizeof *hd); + hd = xtrycalloc (1, sizeof *hd); + if (!hd) + return hd; hd->resource = resource; active_handles++; return hd; @@ -1487,6 +1489,8 @@ keyring_rebuild_cache (void *token,int noisy) ulong count = 0, sigcount = 0; hd = keyring_new (token); + if (!hd) + return gpg_error_from_syserror (); memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FIRST; diff --git a/g10/keyserver.c b/g10/keyserver.c index ab0eb62..e9de496 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1190,10 +1190,13 @@ keyserver_import_keyid (ctrl_t ctrl, static int keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) { - int rc=0,ndesc,num=100; - KBNODE keyblock=NULL,node; + int rc = 0; + int num = 100; + kbnode_t keyblock = NULL; + kbnode_t node; KEYDB_HANDLE kdbhd; - KEYDB_SEARCH_DESC *desc; + int ndesc; + KEYDB_SEARCH_DESC *desc = NULL; strlist_t sl; *count=0; @@ -1201,6 +1204,11 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) *klist=xmalloc(sizeof(KEYDB_SEARCH_DESC)*num); kdbhd = keydb_new (); + if (!kdbhd) + { + rc = gpg_error_from_syserror (); + goto leave; + } keydb_disable_caching (kdbhd); /* We are looping the search. */ if(!users) diff --git a/g10/revoke.c b/g10/revoke.c index 99242d1..ba87f35 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -220,6 +220,11 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr) afx = new_armor_context (); kdbhd = keydb_new (); + if (!kdbhd) + { + rc = gpg_error_from_syserror (); + goto leave; + } rc = classify_user_id (uname, &desc, 1); if (!rc) rc = keydb_search (kdbhd, &desc, 1, NULL); @@ -609,6 +614,11 @@ gen_revoke (const char *uname) /* Search the userid; we don't want the whole getkey stuff here. */ kdbhd = keydb_new (); + if (!kdbhd) + { + rc = gpg_error_from_syserror (); + goto leave; + } rc = classify_user_id (uname, &desc, 1); if (!rc) rc = keydb_search (kdbhd, &desc, 1, NULL); diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c index 2fbcb73..c12bab1 100644 --- a/g10/t-keydb-get-keyblock.c +++ b/g10/t-keydb-get-keyblock.c @@ -45,6 +45,8 @@ do_test (int argc, char *argv[]) ABORT ("Failed to open keyring."); hd1 = keydb_new (); + if (!hd1) + ABORT (""); rc = classify_user_id ("8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367", &desc1, 0); diff --git a/g10/t-keydb.c b/g10/t-keydb.c index 17a7611..f0b7778 100644 --- a/g10/t-keydb.c +++ b/g10/t-keydb.c @@ -42,7 +42,11 @@ do_test (int argc, char *argv[]) ABORT ("Failed to open keyring."); hd1 = keydb_new (); + if (!hd1) + ABORT (""); hd2 = keydb_new (); + if (!hd2) + ABORT (""); rc = classify_user_id ("2689 5E25 E844 6D44 A26D 8FAF 2F79 98F3 DBFC 6AD9", &desc1, 0); diff --git a/g10/trustdb.c b/g10/trustdb.c index fbb806d..af839d1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1896,13 +1896,16 @@ validate_keys (int interactive) trust. */ keydb_rebuild_caches(0); + kdb = keydb_new (); + if (!kdb) + return gpg_error_from_syserror (); + start_time = make_timestamp (); next_expire = 0xffffffff; /* set next expire to the year 2106 */ stored = new_key_hash_table (); used = new_key_hash_table (); full_trust = new_key_hash_table (); - kdb = keydb_new (); reset_trust_records(); /* Fixme: Instead of always building a UTK list, we could just build it ----------------------------------------------------------------------- Summary of changes: g10/delkey.c | 4 +++- g10/export.c | 2 ++ g10/getkey.c | 44 +++++++++++++++++++++++++++++++++++++++----- g10/gpg.c | 20 +++++++++++--------- g10/import.c | 17 ++++++++++++++++- g10/keydb.c | 27 ++++++++++++++++++++++++--- g10/keydb.h | 13 ++++--------- g10/keyedit.c | 6 ++++++ g10/keygen.c | 19 ++++++++++++++----- g10/keylist.c | 2 +- g10/keyring.c | 8 ++++++-- g10/keyserver.c | 19 +++++++++++++++---- g10/revoke.c | 10 ++++++++++ g10/t-keydb-get-keyblock.c | 2 ++ g10/t-keydb.c | 4 ++++ g10/trustdb.c | 5 ++++- 16 files changed, 161 insertions(+), 41 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 12:42:48 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 12:42:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-218-gfbf8b73 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fbf8b733a22e21963f9dcd7876f6618d73eb124e (commit) from 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fbf8b733a22e21963f9dcd7876f6618d73eb124e Author: Werner Koch Date: Thu Dec 3 12:37:56 2015 +0100 gpg: Additional comment on commit a28ac99e. -- My statement that commit 04a6b903 changed the semantics of keydb_new was plainly wrong. Not Neal broke it but me when I initially wrote that function or copied it from gpgsm. Sorry. ----------------------------------------------------------------------- Summary of changes: hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 12:56:31 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 12:56:31 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-219-g4e99572 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4e9957250eee3521dc979912a4818e58ffddc5b8 (commit) from fbf8b733a22e21963f9dcd7876f6618d73eb124e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4e9957250eee3521dc979912a4818e58ffddc5b8 Author: Werner Koch Date: Thu Dec 3 12:51:52 2015 +0100 build: Change how caller provided CFLAGS are used by configure. * configure.ac: Append instead of prepend caller provided CFLAGS. -- Suggested-by: Justus Winter Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 81a1eca..412ea8b 100644 --- a/configure.ac +++ b/configure.ac @@ -661,14 +661,14 @@ case "${host}" in *-*-hpux*) if test -z "$GCC" ; then - CFLAGS="$CFLAGS -Ae -D_HPUX_SOURCE" + CFLAGS="-Ae -D_HPUX_SOURCE $CFLAGS" fi ;; *-dec-osf4*) if test -z "$GCC" ; then # Suppress all warnings # to get rid of the unsigned/signed char mismatch warnings. - CFLAGS="$CFLAGS -w" + CFLAGS="-w $CFLAGS" fi ;; *-dec-osf5*) @@ -677,7 +677,7 @@ case "${host}" in # get rid of the unsigned/signed char mismatch warnings. # Using this may hide other pointer mismatch warnings, but # it at least lets other warning classes through - CFLAGS="$CFLAGS -msg_disable ptrmismatch1" + CFLAGS="-msg_disable ptrmismatch1 $CFLAGS" fi ;; m68k-atari-mint) @@ -1492,6 +1492,9 @@ AC_SUBST(W32SOCKLIBS) # AC_MSG_NOTICE([checking for cc features]) if test "$GCC" = yes; then + mycflags= + mycflags_save=$CFLAGS + # Check whether gcc does not emit a diagnositc for unknow -Wno-* # options. This is the case for gcc >= 4.6 AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options]) @@ -1505,60 +1508,55 @@ if test "$GCC" = yes; then # warning options and the user should have a chance of overriding # them. if test "$USE_MAINTAINER_MODE" = "yes"; then - CFLAGS="$CFLAGS -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes" - CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" + mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes" + mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security" if test x"$_gcc_silent_wno" = xyes ; then _gcc_wopt=yes else AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) - _gcc_cflags_save=$CFLAGS CFLAGS="-Wno-missing-field-initializers" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], [_gcc_wopt=yes],[_gcc_wopt=no]) AC_MSG_RESULT($_gcc_wopt) - CFLAGS=$_gcc_cflags_save; fi if test x"$_gcc_wopt" = xyes ; then - CFLAGS="$CFLAGS -W -Wno-sign-compare -Wno-missing-field-initializers" + mycflags="$mycflags -W -Wno-sign-compare" + mycflags="$mycflags -Wno-missing-field-initializers" fi AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement]) - _gcc_cflags_save=$CFLAGS CFLAGS="-Wdeclaration-after-statement" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no) AC_MSG_RESULT($_gcc_wopt) - CFLAGS=$_gcc_cflags_save; if test x"$_gcc_wopt" = xyes ; then - CFLAGS="$CFLAGS -Wdeclaration-after-statement" + mycflags="$mycflags -Wdeclaration-after-statement" fi else - CFLAGS="$CFLAGS -Wall" + mycflags="$mycflags -Wall" fi if test x"$_gcc_silent_wno" = xyes ; then _gcc_psign=yes else AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign]) - _gcc_cflags_save=$CFLAGS CFLAGS="-Wno-pointer-sign" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], [_gcc_psign=yes],[_gcc_psign=no]) AC_MSG_RESULT($_gcc_psign) - CFLAGS=$_gcc_cflags_save; fi if test x"$_gcc_psign" = xyes ; then - CFLAGS="$CFLAGS -Wno-pointer-sign" + mycflags="$mycflags -Wno-pointer-sign" fi AC_MSG_CHECKING([if gcc supports -Wpointer-arith]) - _gcc_cflags_save=$CFLAGS CFLAGS="-Wpointer-arith" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no) AC_MSG_RESULT($_gcc_psign) - CFLAGS=$_gcc_cflags_save; if test x"$_gcc_psign" = xyes ; then - CFLAGS="$CFLAGS -Wpointer-arith" + mycflags="$mycflags -Wpointer-arith" fi + + CFLAGS="$mycflags $mycflags_save" fi ----------------------------------------------------------------------- Summary of changes: configure.ac | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 13:32:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 13:32:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-220-g0f61599 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0f61599ed0bd1cc6842067d040bb58ec0a451715 (commit) from 4e9957250eee3521dc979912a4818e58ffddc5b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f61599ed0bd1cc6842067d040bb58ec0a451715 Author: Werner Koch Date: Thu Dec 3 13:28:28 2015 +0100 build: Avoid dependecy problems in "make distcheck". * doc/Makefile.am (gnupg.texi): Depend on defs.inc. -- Reported-by: Justus Winter Signed-off-by: Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index 44e9957..6e0bc15 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -59,6 +59,8 @@ gnupg_TEXINFOS = \ sysnotes.texi gnupg-card-architecture.fig dirmngr.texi \ howtos.texi howto-create-a-server-cert.texi +gnupg.texi : defs.inc + DVIPS = TEXINPUTS="$(srcdir)$(PATH_SEPARATOR)$$TEXINPUTS" dvips AM_MAKEINFOFLAGS = -I $(srcdir) --css-ref=/share/site.css ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 13:50:38 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Dec 2015 13:50:38 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-221-ge28f2e7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 (commit) from 0f61599ed0bd1cc6842067d040bb58ec0a451715 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 Author: Werner Koch Date: Thu Dec 3 13:46:03 2015 +0100 scd: Another fix for Curve25519 prefix handling. * scd/app-openpgp.c (do_decipher): Check 0x02 also for 16+1 byte long INDATA. (do_decipher): Fix integer arithmetic in void pointer. (do_decipher): Add missing memcpy. -- I have not tested this fix but it is obvious. Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211 Signed-off-by: Werner Koch diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index ed1bce6..f8e1460 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4114,10 +4114,12 @@ do_decipher (app_t app, const char *keyidstr, if (rc) return rc; - if (indatalen == 16 + 1 || indatalen == 32 + 1 + if ((indatalen == 16 + 1 || indatalen == 32 + 1) && ((char *)indata)[0] == 0x02) - /* PSO:DECIPHER with symmetric key. */ - padind = -1; + { + /* PSO:DECIPHER with symmetric key. */ + padind = -1; + } else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) { /* We might encounter a couple of leading zeroes in the @@ -4179,7 +4181,7 @@ do_decipher (app_t app, const char *keyidstr, * Skip the prefix. It may be 0x40 (in new format), or MPI * head of 0x00 (in old format). */ - indata++; + indata = (const char *)indata + 1; indatalen--; } @@ -4231,9 +4233,10 @@ do_decipher (app_t app, const char *keyidstr, xfree (outdata); return gpg_error_from_syserror (); } + fixbuf[0] = 0x40; + memcpy (fixbuf+1, *outdata, *outdatalen); xfree (outdata); - outdata = fixbuf; - outdata[0] = 0x40; + *outdata = fixbuf; *outdatalen = *outdatalen + 1; } ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 13:55:40 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 03 Dec 2015 13:55:40 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.20-11-g68827cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 68827cbba2083db40df92de1bc449a3d2d0e81ed (commit) from ee0568476506e54349a38d4bb34bba5635097279 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68827cbba2083db40df92de1bc449a3d2d0e81ed Author: Justus Winter Date: Thu Dec 3 13:50:44 2015 +0100 tests: Fix read past buffer. * tests/t-poll.c (test_poll): Fix read past buffer. -- Found using gcc and AddressSanitizer. Signed-off-by: Justus Winter diff --git a/tests/t-poll.c b/tests/t-poll.c index 5955d50..57cdb75 100644 --- a/tests/t-poll.c +++ b/tests/t-poll.c @@ -288,7 +288,9 @@ test_poll (void) if (!ret) { assert (nwritten <= used); - memmove (buffer, buffer + nwritten, nwritten); + /* Move the remaining data to the front of buffer. */ + memmove (buffer, buffer + nwritten, + sizeof buffer - nwritten); used -= nwritten; } ret = es_fflush (fds[1].stream); ----------------------------------------------------------------------- Summary of changes: tests/t-poll.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 19:31:37 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 03 Dec 2015 19:31:37 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-20-g79bd708 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 79bd708bcc0ac5ffa110aa82db0437a7f422c5c6 (commit) via 18dbd4d71794b585e2df9a280aba5238ee7a672e (commit) via ed50501a22ac1a041989a5feb5713e0bacb055bf (commit) via 974114b0c273bb27a4c49251827da522d6d1cd9c (commit) via c6335b081a2f5a1cceb285af507444e404fda92b (commit) from 94b331747d84196f524b633c2a23568cb0b69359 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 79bd708bcc0ac5ffa110aa82db0437a7f422c5c6 Author: Andre Heinecke Date: Thu Dec 3 19:24:56 2015 +0100 Add Revert support for S/MIME mails. * src/revert.cpp (gpgol_mailitem_revert): Handle S/MIME mails. * src/mapihelp.h: Add missing prototype for get_gpgolmsgclass_tag. -- For S/MIME it is really mostly a problem of removing the attachments. diff --git a/src/mapihelp.h b/src/mapihelp.h index a154d95..ad2ede1 100644 --- a/src/mapihelp.h +++ b/src/mapihelp.h @@ -103,6 +103,7 @@ int get_gpgolsigstatus_tag (LPMESSAGE message, ULONG *r_tag); int get_gpgolprotectiv_tag (LPMESSAGE message, ULONG *r_tag); int get_gpgollastdecrypted_tag (LPMESSAGE message, ULONG *r_tag); int get_gpgolmimeinfo_tag (LPMESSAGE message, ULONG *r_tag); +int get_gpgolmsgclass_tag (LPMESSAGE message, ULONG *r_tag); int mapi_do_save_changes (LPMESSAGE message, ULONG flags, int only_del_body, const char *dbg_file, const char *dbg_func); diff --git a/src/revert.cpp b/src/revert.cpp index 180a12e..80876e3 100644 --- a/src/revert.cpp +++ b/src/revert.cpp @@ -310,6 +310,7 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) int del_cnt = 0; LPDISPATCH to_restore = NULL; int mosstmpl_found = 0; + int is_smime = 0; /* Check whether we need to care about this message. */ msgcls = get_pa_string (mailitem, PR_MESSAGE_CLASS_W_DASL); @@ -344,12 +345,37 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) if (msgtype != MSGTYPE_GPGOL_PGP_MESSAGE && msgtype != MSGTYPE_GPGOL_MULTIPART_ENCRYPTED && - msgtype != MSGTYPE_GPGOL_MULTIPART_SIGNED) + msgtype != MSGTYPE_GPGOL_MULTIPART_SIGNED && + msgtype != MSGTYPE_GPGOL_OPAQUE_ENCRYPTED && + msgtype != MSGTYPE_GPGOL_OPAQUE_SIGNED) { log_error ("%s:%s: Revert not supported for msgtype: %i", SRCNAME, __func__, msgtype); goto done; } + + is_smime = msgtype == MSGTYPE_GPGOL_OPAQUE_ENCRYPTED || + msgtype == MSGTYPE_GPGOL_OPAQUE_SIGNED; + + /* Check if it is an smime mail. Multipart signed can + also be true. */ + if (!is_smime && msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED) + { + char *proto; + char *ct = mapi_get_message_content_type (message, &proto, NULL); + if (ct && proto) + { + is_smime = (!strcmp (proto, "application/pkcs7-signature") || + !strcmp (proto, "application/x-pkcs7-signature")); + } + else + { + log_error ("Protocol in multipart signed mail."); + } + xfree (proto); + xfree (ct); + } + count = get_oom_int (attachments, "Count"); to_delete = (LPDISPATCH*) xmalloc (count * sizeof (LPDISPATCH)); @@ -375,8 +401,17 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) if (get_pa_int (attachment, GPGOL_ATTACHTYPE_DASL, (int*) &att_type)) { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - goto done; + if (!is_smime && msgtype != MSGTYPE_GPGOL_OPAQUE_SIGNED) + { + /* The Opaque signed attachment does not have a gpgol type + for some reason. So we fake this here */ + att_type = ATTACHTYPE_MOSSTEMPL; + } + else + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } } switch (att_type) @@ -429,6 +464,12 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) This means treating it as a MOSSTMPL */ mosstmpl_found = 1; } + else if (is_smime) + { + /* Same here. No restoration but just rebuilding from the + attachment. */ + mosstmpl_found = 1; + } else { log_oom ("%s:%s: Skipping attachment with tag: %s", SRCNAME, @@ -448,6 +489,11 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) /* This is a newly created attachment containing a MIME structure other clients could handle */ { + if (mosstmpl_found) + { + log_error ("More then one mosstempl."); + goto done; + } mosstmpl_found = 1; break; } @@ -479,31 +525,69 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) mosstmplate in which case we need to activate the MultipartSigned magic.*/ prop.ulPropTag = PR_MESSAGE_CLASS_A; - // TODO handle disabled S/MIME and smime messages. - if (msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED) + if (is_smime) + { +#if 0 + /* FIXME this does not appear to work somehow. */ + if (opt.enable_smime) + { + prop.Value.lpszA = + (char*) "IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned"; + hr = HrSetOneProp (message, &prop); + } + else +#endif + { + ULONG tag; + if (msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED) + prop.Value.lpszA = (char*) "IPM.Note.SMIME.MultipartSigned"; + else + prop.Value.lpszA = (char*) "IPM.Note.SMIME"; + hr = HrSetOneProp (message, &prop); + + if (!get_gpgolmsgclass_tag (message, &tag)) + { + SPropTagArray proparray; + proparray.cValues = 1; + proparray.aulPropTag[0] = tag; + hr = message->DeleteProps (&proparray, NULL); + if (hr) + { + log_error ("%s:%s: deleteprops smime failed: hr=%#lx\n", + SRCNAME, __func__, hr); + + } + } + } + } + else if (msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED) { prop.Value.lpszA = (char*) "IPM.Note.InfoPathForm.GpgOLS.SMIME.MultipartSigned"; + hr = HrSetOneProp (message, &prop); } else { prop.Value.lpszA = (char*) "IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned"; + hr = HrSetOneProp (message, &prop); } - hr = HrSetOneProp (message, &prop); if (hr) { log_error ("%s:%s: error setting the message class: hr=%#lx\n", SRCNAME, __func__, hr); goto done; } + /* Backup the real message class */ - if (mapi_set_gpgol_msg_class (message, msgcls)) + if (!is_smime || opt.enable_smime) { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - goto done; + if (mapi_set_gpgol_msg_class (message, msgcls)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } } - } result = 0; commit 18dbd4d71794b585e2df9a280aba5238ee7a672e Author: Andre Heinecke Date: Thu Dec 3 19:21:06 2015 +0100 Try harder to save reverted mails * src/revert.cpp (finalize_mapi): Try several secons to store. -- Sometimes we get an error object has changed here. This appears to be related to other MAPI io happening, and coincides with a busy disk. So we do some evil sleeping in the GUI thread. This actually works. If we don't and have errors there we are in a bad place as we don't know if the message has been reverted. diff --git a/src/revert.cpp b/src/revert.cpp index d925cf5..180a12e 100644 --- a/src/revert.cpp +++ b/src/revert.cpp @@ -241,6 +241,8 @@ static int finalize_mapi (LPMESSAGE message) HRESULT hr; SPropTagArray proparray; ULONG tag_id; + int save_tries; + int rc; if (get_gpgollastdecrypted_tag (message, &tag_id)) { @@ -259,10 +261,19 @@ static int finalize_mapi (LPMESSAGE message) } /* Save the changes. */ - if (mapi_save_changes (message, - FORCE_SAVE | KEEP_OPEN_READWRITE)) + for (save_tries = 0, rc = 1; rc && save_tries < 10; save_tries++) { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + rc = mapi_save_changes (message, FORCE_SAVE); + if (rc) + { + log_debug ("Failed try to save."); + Sleep (1000); + } + } + if (save_tries == 5) + { + log_error ("%s:%s: Saving restored message failed.", + SRCNAME, __func__); return -1; } commit ed50501a22ac1a041989a5feb5713e0bacb055bf Author: Andre Heinecke Date: Thu Dec 3 15:49:51 2015 +0100 Add revert support for mulitpart signed PGP MIME * src/mimemaker.c (restore_msg_from_moss): Don't set gpgol msg_class. * src/revert.cpp (gpgol_mailitem_revert): Add support for MULTIPART_SIGNED. -- Multipart signed is directly restore from the mosstmpl. This is very fragile though and only works good for mails sent by gpgol because Outlook mangles the innter MIME boundaries for mails from at least KMail and Enigmail. So the signature is broken after the mail went through outlook. diff --git a/src/mimemaker.c b/src/mimemaker.c index 057ff9b..235b844 100644 --- a/src/mimemaker.c +++ b/src/mimemaker.c @@ -2034,6 +2034,8 @@ restore_msg_from_moss (LPMESSAGE message, LPDISPATCH moss_att, int err = -1; char boundary[BOUNDARYSIZE+1]; + (void)msgcls; + LPATTACH new_attach = create_mapi_attachment (message, sink); log_debug ("Restore message from moss called."); @@ -2047,10 +2049,16 @@ restore_msg_from_moss (LPMESSAGE message, LPDISPATCH moss_att, { create_top_encryption_header (sink, PROTOCOL_SMIME, boundary); } - else + else if (type == MSGTYPE_GPGOL_MULTIPART_ENCRYPTED) { create_top_encryption_header (sink, PROTOCOL_OPENPGP, boundary); } + else + { + log_error ("%s:%s: Unsupported messagetype: %i", + SRCNAME, __func__, type); + goto done; + } orig = get_pa_string (moss_att, PR_ATTACH_DATA_BIN_DASL); @@ -2086,12 +2094,6 @@ restore_msg_from_moss (LPMESSAGE message, LPDISPATCH moss_att, goto done; } - if (mapi_set_gpgol_msg_class (message, msgcls)) - { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - goto done; - } - err = 0; done: xfree (orig); diff --git a/src/revert.cpp b/src/revert.cpp index 714da94..d925cf5 100644 --- a/src/revert.cpp +++ b/src/revert.cpp @@ -332,7 +332,8 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) msgtype = mapi_get_message_type (message); if (msgtype != MSGTYPE_GPGOL_PGP_MESSAGE && - msgtype != MSGTYPE_GPGOL_MULTIPART_ENCRYPTED) + msgtype != MSGTYPE_GPGOL_MULTIPART_ENCRYPTED && + msgtype != MSGTYPE_GPGOL_MULTIPART_SIGNED) { log_error ("%s:%s: Revert not supported for msgtype: %i", SRCNAME, __func__, msgtype); @@ -397,17 +398,33 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) { char *mime_tag = get_pa_string (attachment, PR_ATTACH_MIME_TAG_DASL); - if (mime_tag && !strcmp (mime_tag, "application/octet-stream")) + if (!mime_tag) { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + } + else if (msgtype == MSGTYPE_GPGOL_MULTIPART_ENCRYPTED && + !strcmp (mime_tag, "application/octet-stream")) + { + /* This is the body attachment of a multipart encrypted + message. Rebuild the message. */ to_restore = attachment; + to_delete[del_cnt++] = attachment; + } + else if (msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED && + mime_tag && !strcmp (mime_tag, "multipart/signed")) + { + /* This is the MIME formatted MOSS attachment of a multipart + signed message. Rebuild the MIME structure from that. + This means treating it as a MOSSTMPL */ + mosstmpl_found = 1; } else { log_oom ("%s:%s: Skipping attachment with tag: %s", SRCNAME, __func__, mime_tag); + to_delete[del_cnt++] = attachment; } xfree (mime_tag); - to_delete[del_cnt++] = attachment; break; } case ATTACHTYPE_FROMMOSS: @@ -452,8 +469,16 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) MultipartSigned magic.*/ prop.ulPropTag = PR_MESSAGE_CLASS_A; // TODO handle disabled S/MIME and smime messages. - prop.Value.lpszA = - (char*) "IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned"; + if (msgtype == MSGTYPE_GPGOL_MULTIPART_SIGNED) + { + prop.Value.lpszA = + (char*) "IPM.Note.InfoPathForm.GpgOLS.SMIME.MultipartSigned"; + } + else + { + prop.Value.lpszA = + (char*) "IPM.Note.InfoPathForm.GpgOL.SMIME.MultipartSigned"; + } hr = HrSetOneProp (message, &prop); if (hr) { @@ -461,6 +486,13 @@ gpgol_mailitem_revert (LPDISPATCH mailitem) SRCNAME, __func__, hr); goto done; } + /* Backup the real message class */ + if (mapi_set_gpgol_msg_class (message, msgcls)) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + goto done; + } + } result = 0; commit 974114b0c273bb27a4c49251827da522d6d1cd9c Author: Andre Heinecke Date: Thu Dec 3 15:44:30 2015 +0100 Try yet another way to find sender address * src/mail.cpp (Mail::update_sender): Use SendUsingAccount. -- Session.CurrentUser did not work for the case in which you are currently browsing the Folder of UserA and try to send a mail with UserB. SendUsingAccount appears more reliable. Also works with exchange. diff --git a/src/mail.cpp b/src/mail.cpp index 8c6f56d..7dc02f6 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -308,17 +308,17 @@ int Mail::update_sender () { LPDISPATCH sender = NULL; - sender = get_oom_object (m_mailitem, "Session.CurrentUser"); + sender = get_oom_object (m_mailitem, "SendUsingAccount"); xfree (m_sender); if (!sender) { - log_error ("%s:%s: Failed to get sender object.", + log_debug ("%s:%s: Failed to get sender Account object.", SRCNAME, __func__); return -1; } - m_sender = get_pa_string (sender, PR_SMTP_ADDRESS_DASL); + m_sender = get_oom_string (sender, "SmtpAddress"); if (!m_sender) { commit c6335b081a2f5a1cceb285af507444e404fda92b Author: Andre Heinecke Date: Thu Dec 3 15:38:10 2015 +0100 Try harder to match outlooks internal filename enc * src/common.c (qp_encode): New. Simple quoted printable encoder. (b64_encode): Fix termination of return value. * src/common.h: Add prototype * src/mimemaker.c (utf8_to_rfc2047b): Use infer content encoding to switch between base64 and quoted printable. -- As outlook rewrites the attachment filenames in unencrypted mails we have to guess how they will look so that we sign them correctly. If it turns out that this is to buggy we should probably replace non ascii characters in that case. diff --git a/src/common.c b/src/common.c index bf1c9e9..2142a80 100644 --- a/src/common.c +++ b/src/common.c @@ -818,6 +818,51 @@ qp_decode (char *buffer, size_t length, int *r_slbrk) return d - buffer; } +/* Return the a quoted printable encoded version of the + input string. If outlen is not null the size of the + quoted printable string is returned. String will be + malloced and zero terminated. Aborts if the output + is more then three times the size of the input. + This is only basic and does not handle mutliline data. */ +char * +qp_encode (const char *input, size_t inlen, size_t *r_outlen) +{ + size_t max_len = inlen * 3 +1; + char *outbuf = xmalloc (max_len); + size_t outlen = 0; + const unsigned char *p; + + memset (outbuf, 0, max_len); + + for (p = input; inlen; p++, inlen--) + { + if (*p >= '!' && *p <= '~' && *p != '=') + { + outbuf[outlen++] = *p; + } + else if (*p == ' ') + { + /* Outlook does it this way */ + outbuf[outlen++] = '_'; + } + else + { + outbuf[outlen++] = '='; + outbuf[outlen++] = tohex ((*p>>4)&15); + outbuf[outlen++] = tohex (*p&15); + } + if (outlen == max_len -1) + { + log_error ("Quoted printable too long. Bug."); + r_outlen = NULL; + return NULL; + } + } + if (r_outlen) + *r_outlen = outlen; + return outbuf; +} + /* Initialize the Base 64 decoder state. */ void b64_init (b64_state_t *state) @@ -909,6 +954,7 @@ b64_encode (const char *input, size_t length) return NULL; } ret = xmalloc (out_len); + memset (ret, 0, out_len); for (i = 0, j = 0; i < length;) { @@ -933,8 +979,6 @@ b64_encode (const char *input, size_t length) ret [j - 2] = '='; } - ret[++j] = '\0'; - log_debug("Encoded to: %s ", ret); return ret; } diff --git a/src/common.h b/src/common.h index ea003b9..3d09446 100644 --- a/src/common.h +++ b/src/common.h @@ -197,6 +197,7 @@ const char *default_homedir (void); char *get_data_dir (void); size_t qp_decode (char *buffer, size_t length, int *r_slbrk); +char *qp_encode (const char *input, size_t length, size_t* outlen); void b64_init (b64_state_t *state); size_t b64_decode (b64_state_t *state, char *buffer, size_t length); char * b64_encode (const char *input, size_t length); diff --git a/src/mimemaker.c b/src/mimemaker.c index 461d1e3..057ff9b 100644 --- a/src/mimemaker.c +++ b/src/mimemaker.c @@ -793,19 +793,45 @@ infer_content_encoding (const void *data, size_t datalen) static char * utf8_to_rfc2047b (const char *input) { - char *ret; + char *ret, + *encoded; + int inferred_encoding = 0; if (!input) { return NULL; } - char *b64_encoded = b64_encode (input, strlen (input)); - if (gpgrt_asprintf (&ret, "=?UTF-8?B?%s?=", b64_encoded) == -1) + inferred_encoding = infer_content_encoding (input, strlen (input)); + if (!inferred_encoding) { - log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); - xfree (b64_encoded); - return NULL; + return xstrdup (input); + } + log_debug ("%s:%s: Encoding attachment filename. With: %s ", + SRCNAME, __func__, inferred_encoding == 2 ? "Base64" : "QP"); + + if (inferred_encoding == 2) + { + encoded = b64_encode (input, strlen (input)); + if (gpgrt_asprintf (&ret, "=?utf-8?B?%s?=", encoded) == -1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + xfree (encoded); + return NULL; + } + } + else + { + /* There is a Bug here. If you encode 4 Byte UTF-8 outlook can't + handle it itself. And sends out a message with ?? inserted in + that place. This triggers an invalid signature. */ + encoded = qp_encode (input, strlen (input), NULL); + if (gpgrt_asprintf (&ret, "=?utf-8?Q?%s?=", encoded) == -1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + xfree (encoded); + return NULL; + } } - xfree (b64_encoded); + xfree (encoded); return ret; } ----------------------------------------------------------------------- Summary of changes: src/common.c | 48 +++++++++++++++++- src/common.h | 1 + src/mail.cpp | 6 +-- src/mapihelp.h | 1 + src/mimemaker.c | 56 +++++++++++++++------ src/revert.cpp | 151 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 6 files changed, 232 insertions(+), 31 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Dec 3 20:22:28 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Thu, 03 Dec 2015 20:22:28 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-294-g6fadbcd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38 (commit) via 2cba0dbda462237f55438d4199eccd10c5e3f6ca (commit) from d421ac283ec46d0ecaf6278ba4c24843f65fb2fa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6fadbcd088e2af3e48407b95d8d0c2a8b7ad6c38 Author: Jussi Kivilinna Date: Thu Dec 3 21:06:50 2015 +0200 chacha20: fix alignment of self-test context * cipher/chacha20.c (selftest): Ensure 16-byte alignment for chacha20 context structure. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/chacha20.c b/cipher/chacha20.c index e25e239..613fa82 100644 --- a/cipher/chacha20.c +++ b/cipher/chacha20.c @@ -514,7 +514,8 @@ chacha20_encrypt_stream (void *context, byte * outbuf, const byte * inbuf, static const char * selftest (void) { - CHACHA20_context_t ctx; + byte ctxbuf[sizeof(CHACHA20_context_t) + 15]; + CHACHA20_context_t *ctx; byte scratch[127 + 1]; byte buf[512 + 64 + 4]; int i; @@ -565,46 +566,49 @@ selftest (void) 0x05, 0x3c, 0x84, 0xe4, 0x9a, 0x4a, 0x33 }; - chacha20_setkey (&ctx, key_1, sizeof key_1); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); + /* 16-byte alignment required for amd64 implementation. */ + ctx = (CHACHA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15); + + chacha20_setkey (ctx, key_1, sizeof key_1); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); scratch[sizeof (scratch) - 1] = 0; - chacha20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1); + chacha20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1); if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1)) return "ChaCha20 encryption test 1 failed."; if (scratch[sizeof (scratch) - 1]) return "ChaCha20 wrote too much."; - chacha20_setkey (&ctx, key_1, sizeof (key_1)); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); - chacha20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1); + chacha20_setkey (ctx, key_1, sizeof (key_1)); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); + chacha20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1); if (memcmp (scratch, plaintext_1, sizeof plaintext_1)) return "ChaCha20 decryption test 1 failed."; for (i = 0; i < sizeof buf; i++) buf[i] = i; - chacha20_setkey (&ctx, key_1, sizeof key_1); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); + chacha20_setkey (ctx, key_1, sizeof key_1); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); /*encrypt */ - chacha20_encrypt_stream (&ctx, buf, buf, sizeof buf); + chacha20_encrypt_stream (ctx, buf, buf, sizeof buf); /*decrypt */ - chacha20_setkey (&ctx, key_1, sizeof key_1); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); - chacha20_encrypt_stream (&ctx, buf, buf, 1); - chacha20_encrypt_stream (&ctx, buf + 1, buf + 1, (sizeof buf) - 1 - 1); - chacha20_encrypt_stream (&ctx, buf + (sizeof buf) - 1, + chacha20_setkey (ctx, key_1, sizeof key_1); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); + chacha20_encrypt_stream (ctx, buf, buf, 1); + chacha20_encrypt_stream (ctx, buf + 1, buf + 1, (sizeof buf) - 1 - 1); + chacha20_encrypt_stream (ctx, buf + (sizeof buf) - 1, buf + (sizeof buf) - 1, 1); for (i = 0; i < sizeof buf; i++) if (buf[i] != (byte) i) return "ChaCha20 encryption test 2 failed."; - chacha20_setkey (&ctx, key_1, sizeof key_1); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); + chacha20_setkey (ctx, key_1, sizeof key_1); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); /* encrypt */ for (i = 0; i < sizeof buf; i++) - chacha20_encrypt_stream (&ctx, &buf[i], &buf[i], 1); + chacha20_encrypt_stream (ctx, &buf[i], &buf[i], 1); /* decrypt */ - chacha20_setkey (&ctx, key_1, sizeof key_1); - chacha20_setiv (&ctx, nonce_1, sizeof nonce_1); - chacha20_encrypt_stream (&ctx, buf, buf, sizeof buf); + chacha20_setkey (ctx, key_1, sizeof key_1); + chacha20_setiv (ctx, nonce_1, sizeof nonce_1); + chacha20_encrypt_stream (ctx, buf, buf, sizeof buf); for (i = 0; i < sizeof buf; i++) if (buf[i] != (byte) i) return "ChaCha20 encryption test 3 failed."; commit 2cba0dbda462237f55438d4199eccd10c5e3f6ca Author: Jussi Kivilinna Date: Thu Dec 3 21:06:50 2015 +0200 salsa20: fix alignment of self-test context * cipher/salsa20.c (selftest): Ensure 16-byte alignment for salsa20 context structure. -- Reported-by: Carlos J Puga Medina Signed-off-by: Jussi Kivilinna diff --git a/cipher/salsa20.c b/cipher/salsa20.c index fa3d23b..9768198 100644 --- a/cipher/salsa20.c +++ b/cipher/salsa20.c @@ -501,7 +501,8 @@ salsa20r12_encrypt_stream (void *context, static const char* selftest (void) { - SALSA20_context_t ctx; + byte ctxbuf[sizeof(SALSA20_context_t) + 15]; + SALSA20_context_t *ctx; byte scratch[8+1]; byte buf[256+64+4]; int i; @@ -518,32 +519,35 @@ selftest (void) static const byte ciphertext_1[] = { 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3}; - salsa20_setkey (&ctx, key_1, sizeof key_1); - salsa20_setiv (&ctx, nonce_1, sizeof nonce_1); + /* 16-byte alignment required for amd64 implementation. */ + ctx = (SALSA20_context_t *)((uintptr_t)(ctxbuf + 15) & ~(uintptr_t)15); + + salsa20_setkey (ctx, key_1, sizeof key_1); + salsa20_setiv (ctx, nonce_1, sizeof nonce_1); scratch[8] = 0; - salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1); + salsa20_encrypt_stream (ctx, scratch, plaintext_1, sizeof plaintext_1); if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1)) return "Salsa20 encryption test 1 failed."; if (scratch[8]) return "Salsa20 wrote too much."; - salsa20_setkey( &ctx, key_1, sizeof(key_1)); - salsa20_setiv (&ctx, nonce_1, sizeof nonce_1); - salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1); + salsa20_setkey( ctx, key_1, sizeof(key_1)); + salsa20_setiv (ctx, nonce_1, sizeof nonce_1); + salsa20_encrypt_stream (ctx, scratch, scratch, sizeof plaintext_1); if (memcmp (scratch, plaintext_1, sizeof plaintext_1)) return "Salsa20 decryption test 1 failed."; for (i = 0; i < sizeof buf; i++) buf[i] = i; - salsa20_setkey (&ctx, key_1, sizeof key_1); - salsa20_setiv (&ctx, nonce_1, sizeof nonce_1); + salsa20_setkey (ctx, key_1, sizeof key_1); + salsa20_setiv (ctx, nonce_1, sizeof nonce_1); /*encrypt*/ - salsa20_encrypt_stream (&ctx, buf, buf, sizeof buf); + salsa20_encrypt_stream (ctx, buf, buf, sizeof buf); /*decrypt*/ - salsa20_setkey (&ctx, key_1, sizeof key_1); - salsa20_setiv (&ctx, nonce_1, sizeof nonce_1); - salsa20_encrypt_stream (&ctx, buf, buf, 1); - salsa20_encrypt_stream (&ctx, buf+1, buf+1, (sizeof buf)-1-1); - salsa20_encrypt_stream (&ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1); + salsa20_setkey (ctx, key_1, sizeof key_1); + salsa20_setiv (ctx, nonce_1, sizeof nonce_1); + salsa20_encrypt_stream (ctx, buf, buf, 1); + salsa20_encrypt_stream (ctx, buf+1, buf+1, (sizeof buf)-1-1); + salsa20_encrypt_stream (ctx, buf+(sizeof buf)-1, buf+(sizeof buf)-1, 1); for (i = 0; i < sizeof buf; i++) if (buf[i] != (byte)i) return "Salsa20 encryption test 2 failed."; ----------------------------------------------------------------------- Summary of changes: cipher/chacha20.c | 46 +++++++++++++++++++++++++--------------------- cipher/salsa20.c | 34 +++++++++++++++++++--------------- 2 files changed, 44 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 06:22:10 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 04 Dec 2015 06:22:10 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-223-g9639af5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9639af5f16a7ed908cbce2415330b9fcd88edc90 (commit) via f747adfa21551e083bc947540c64c94a96dcc059 (commit) from e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9639af5f16a7ed908cbce2415330b9fcd88edc90 Author: NIIBE Yutaka Date: Fri Dec 4 14:13:23 2015 +0900 scd: Simplify saving application context. * scd/app.c (lock_table): Remove LAST_APP field. (lock_reader, app_dump_state, application_notify_card_reset) (release_application): Follow the change. (check_conflict): New. (check_application_conflict): Lock the slot and call check_conflict. (select_application): Call check_conflict and not use LAST_APP. -- We don't need LAST_APP field but just keep the application context by APP field. Since we have a reference counter, it is possible if we can deallocate or not. diff --git a/scd/app.c b/scd/app.c index 5e6751e..51464a2 100644 --- a/scd/app.c +++ b/scd/app.c @@ -39,7 +39,6 @@ static struct int initialized; npth_mutex_t lock; app_t app; /* Application context in use or NULL. */ - app_t last_app; /* Last application object used as this slot or NULL. */ } lock_table[10]; @@ -87,7 +86,6 @@ lock_reader (int slot, ctrl_t ctrl) } lock_table[slot].initialized = 1; lock_table[slot].app = NULL; - lock_table[slot].last_app = NULL; } res = npth_mutex_lock (&lock_table[slot].lock); @@ -139,12 +137,6 @@ app_dump_state (void) if (lock_table[slot].app->apptype) log_printf (" type='%s'", lock_table[slot].app->apptype); } - if (lock_table[slot].last_app) - { - log_printf (" lastapp=%p", lock_table[slot].last_app); - if (lock_table[slot].last_app->apptype) - log_printf (" type='%s'", lock_table[slot].last_app->apptype); - } log_printf ("\n"); } } @@ -167,8 +159,6 @@ is_app_allowed (const char *name) void application_notify_card_reset (int slot) { - app_t app; - if (slot < 0 || slot >= DIM (lock_table)) return; @@ -182,20 +172,35 @@ application_notify_card_reset (int slot) lock_table[slot].app = NULL; } - /* Deallocate a saved application for that slot, so that we won't - try to reuse it. If there is no saved application, set a flag so - that we won't save the current state. */ - app = lock_table[slot].last_app; + unlock_reader (slot); +} - if (app) + +/* + * This function is called with lock held. + */ +static gpg_error_t +check_conflict (int slot, const char *name) +{ + app_t app = lock_table[slot].app; + + if (!app || !name || (app->apptype && !ascii_strcasecmp (app->apptype, name))) + return 0; + + if (!app->ref_count) { - lock_table[slot].last_app = NULL; + lock_table[slot].app = NULL; deallocate_app (app); + return 0; + } + else + { + log_info ("application '%s' in use by reader %d - can't switch\n", + app->apptype? app->apptype : "", slot); + return gpg_error (GPG_ERR_CONFLICT); } - unlock_reader (slot); } - /* This function is used by the serialno command to check for an application conflict which may appear if the serialno command is used to request a specific application and the connection has @@ -203,18 +208,18 @@ application_notify_card_reset (int slot) gpg_error_t check_application_conflict (ctrl_t ctrl, int slot, const char *name) { - app_t app; - - (void)ctrl; + gpg_error_t err; if (slot < 0 || slot >= DIM (lock_table)) return gpg_error (GPG_ERR_INV_VALUE); - app = lock_table[slot].initialized ? lock_table[slot].app : NULL; - if (app && app->apptype && name) - if ( ascii_strcasecmp (app->apptype, name)) - return gpg_error (GPG_ERR_CONFLICT); - return 0; + err = lock_reader (slot, ctrl); + if (err) + return err; + + err = check_conflict (slot, name); + unlock_reader (slot); + return err; } @@ -243,41 +248,15 @@ select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app) return err; /* First check whether we already have an application to share. */ - app = lock_table[slot].initialized ? lock_table[slot].app : NULL; - if (app && name) - if (!app->apptype || ascii_strcasecmp (app->apptype, name)) - { - unlock_reader (slot); - if (app->apptype) - log_info ("application '%s' in use by reader %d - can't switch\n", - app->apptype, slot); - return gpg_error (GPG_ERR_CONFLICT); - } - - /* If we don't have an app, check whether we have a saved - application for that slot. This is useful so that a card does - not get reset even if only one session is using the card - this - way the PIN cache and other cached data are preserved. */ - if (!app && lock_table[slot].initialized && lock_table[slot].last_app) + err = check_conflict (slot, name); + if (err) { - app = lock_table[slot].last_app; - if (!name || (app->apptype && !ascii_strcasecmp (app->apptype, name)) ) - { - /* Yes, we can reuse this application - either the caller - requested an unspecific one or the requested one matches - the saved one. */ - lock_table[slot].app = app; - lock_table[slot].last_app = NULL; - } - else - { - /* No, this saved application can't be used - deallocate it. */ - lock_table[slot].last_app = NULL; - deallocate_app (app); - app = NULL; - } + unlock_reader (slot); + return err; } + app = lock_table[slot].app; + /* If we can reuse an application, bump the reference count and return it. */ if (app) @@ -486,10 +465,10 @@ release_application (app_t app) return; } - if (lock_table[slot].last_app) - deallocate_app (lock_table[slot].last_app); - lock_table[slot].last_app = lock_table[slot].app; - lock_table[slot].app = NULL; + /* We don't deallocate app here. Instead, we keep it. This is + useful so that a card does not get reset even if only one session + is using the card - this way the PIN cache and other cached data + are preserved. */ unlock_reader (slot); } commit f747adfa21551e083bc947540c64c94a96dcc059 Author: NIIBE Yutaka Date: Fri Dec 4 14:02:48 2015 +0900 scd: More fix for Curve25519 prefix handling. * scd/app-openpgp.c (do_decipher): Handle trancated cipher text. Also fix xfree bug introduced. -- In old format with no prefix, cipher text can be trancated when it is parsed as MPI. Recover the value adding back zeros. Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211 diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index f8e1460..d204740 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4175,14 +4175,25 @@ do_decipher (app_t app, const char *keyidstr, } else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC) { - if (app->app_local->keyattr[1].ecc.flags - && (indatalen%2)) - { /* - * Skip the prefix. It may be 0x40 (in new format), or MPI - * head of 0x00 (in old format). - */ - indata = (const char *)indata + 1; - indatalen--; + int old_format_len = 0; + + if (app->app_local->keyattr[1].ecc.flags) + { + if (indatalen > 32 + 1) + { /* + * Skip the prefix. It may be 0x40 (in new format), or MPI + * head of 0x00 (in old format). + */ + indata = (const char *)indata + 1; + indatalen--; + } + else if (indatalen < 32) + { /* + * Old format trancated by MPI handling. + */ + old_format_len = indatalen; + indatalen = 32; + } } fixuplen = 7; @@ -4198,7 +4209,16 @@ do_decipher (app_t app, const char *keyidstr, fixbuf[4] = (char)(indatalen+2); fixbuf[5] = '\x86'; fixbuf[6] = (char)indatalen; - memcpy (fixbuf+fixuplen, indata, indatalen); + if (old_format_len) + { + memset (fixbuf+fixuplen, 0, 32 - old_format_len); + memcpy (fixbuf+fixuplen + 32 - old_format_len, + indata, old_format_len); + } + else + { + memcpy (fixbuf+fixuplen, indata, indatalen); + } indata = fixbuf; indatalen = fixuplen + indatalen; @@ -4230,12 +4250,12 @@ do_decipher (app_t app, const char *keyidstr, fixbuf = xtrymalloc (*outdatalen + 1); if (!fixbuf) { - xfree (outdata); + xfree (*outdata); return gpg_error_from_syserror (); } fixbuf[0] = 0x40; memcpy (fixbuf+1, *outdata, *outdatalen); - xfree (outdata); + xfree (*outdata); *outdata = fixbuf; *outdatalen = *outdatalen + 1; } ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 42 ++++++++++++++++------ scd/app.c | 103 ++++++++++++++++++++++-------------------------------- 2 files changed, 72 insertions(+), 73 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 06:51:25 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 04 Dec 2015 06:51:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-224-gf03976f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f03976f1101f539a2782cd9e87d640fc32a022db (commit) from 9639af5f16a7ed908cbce2415330b9fcd88edc90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f03976f1101f539a2782cd9e87d640fc32a022db Author: NIIBE Yutaka Date: Fri Dec 4 14:37:05 2015 +0900 scd: Fix for removing the prefix. * scd/app-openopg.c (do_decipher): Fix the condition. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d204740..581c5dd 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4179,7 +4179,7 @@ do_decipher (app_t app, const char *keyidstr, if (app->app_local->keyattr[1].ecc.flags) { - if (indatalen > 32 + 1) + if (indatalen > 32 && (indatalen % 2)) { /* * Skip the prefix. It may be 0x40 (in new format), or MPI * head of 0x00 (in old format). ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 09:15:27 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 04 Dec 2015 09:15:27 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-231-g0fe3614 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc (commit) from 28311d1fa56bfbd801103a8475597459132874f4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc Author: Werner Koch Date: Fri Dec 4 09:11:11 2015 +0100 speedo,w32: Improve installer. * build-aux/speedo/w32/inst.nsi (SEC_gnupg): Install dirmngr.conf and distsigkey.gpg. (un.gnupglast): Stop dirmngr. Signed-off-by: Werner Koch diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index 19babb9..cb73e91 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -606,6 +606,8 @@ Section "GnuPG" SEC_gnupg SetOutPath "$INSTDIR\share\gnupg" File "share/gnupg/gpg-conf.skel" + File "share/gnupg/dirmngr-conf.skel" + File "share/gnupg/distsigkey.gpg" SectionEnd @@ -908,6 +910,7 @@ Section "-un.gnupglast" no_uiserver: ifFileExists "$INSTDIR\bin\gpgconf.exe" 0 no_gpgconf ExecWait '"$INSTDIR\bin\gpgconf" --kill gpg-agent' + ExecWait '"$INSTDIR\bin\gpgconf" --kill dirmngr' no_gpgconf: SectionEnd ----------------------------------------------------------------------- Summary of changes: build-aux/speedo/w32/inst.nsi | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 10:16:26 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 04 Dec 2015 10:16:26 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-232-g762fcc0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 762fcc027b0b4cc88c1f633804de619273d6a8b9 (commit) from 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 762fcc027b0b4cc88c1f633804de619273d6a8b9 Author: NIIBE Yutaka Date: Fri Dec 4 18:16:15 2015 +0900 po: Japanese translation. diff --git a/po/ja.po b/po/ja.po index c8e685c..eed7223 100644 --- a/po/ja.po +++ b/po/ja.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg 2.1.9\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2015-10-13 11:32+0900\n" +"PO-Revision-Date: 2015-12-04 18:10+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -925,7 +925,7 @@ msgid "Signature available" msgstr "?????????" msgid "Parsing data succeeded" -msgstr "??????????????" +msgstr "???????????????" #, c-format msgid "bad data hash algorithm: %s" @@ -1461,10 +1461,9 @@ msgstr "?\"%s\"????????: %s\n" msgid "error reading keyblock: %s\n" msgstr "?????????????: %s\n" -#, fuzzy, c-format -#| msgid "key \"%s\" not found: %s\n" +#, c-format msgid "key \"%s\" not found\n" -msgstr "?\"%s\"????????: %s\n" +msgstr "?\"%s\"????????\n" msgid "(unless you specify the key by fingerprint)\n" msgstr "(?????????????????????)\n" @@ -1658,15 +1657,13 @@ msgstr "???????????????" msgid "secret key \"%s\" not found: %s\n" msgstr "???\"%s\"????????: %s\n" -#, fuzzy, c-format -#| msgid "missing argument for option \"%.50s\"\n" +#, c-format msgid "(check argument of option '%s')\n" -msgstr "?????\"%.50s\"?????????\n" +msgstr "(?????'%s'??????????)\n" -#, fuzzy, c-format -#| msgid "|NAME|use NAME as default secret key" +#, c-format msgid "using \"%s\" as default secret key\n" -msgstr "|NAME|????????????NAME????" +msgstr "????????????\"%s\"?????\n" #, c-format msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n" @@ -1788,7 +1785,7 @@ msgid "run in server mode" msgstr "??????????" msgid "|VALUE|set the TOFU policy for a key (good, unknown, bad, ask, auto)" -msgstr "" +msgstr "|VALUE|TOFU???????????(good, unknown, bad, ask, auto)" msgid "create ascii armored output" msgstr "ASCII????????" @@ -1977,23 +1974,19 @@ msgstr "?????????????????" msgid "show expiration dates during signature listings" msgstr "???????????????????" -#, fuzzy -#| msgid "Available keys:\n" msgid "available TOFU policies:\n" -msgstr "??????:\n" +msgstr "?????TOFU????:\n" -#, fuzzy, c-format -#| msgid "unknown option '%s'\n" +#, c-format msgid "unknown TOFU policy '%s'\n" -msgstr "????????'%s'\n" +msgstr "???TOFU????'%s'\n" msgid "(use \"help\" to list choices)\n" -msgstr "" +msgstr "(????????\"help\"????????)\n" -#, fuzzy, c-format -#| msgid "unknown command '%s'\n" +#, c-format msgid "unknown TOFU DB format '%s'\n" -msgstr "???????'%s'\n" +msgstr "???TOFU DB??????'%s'\n" #, c-format msgid "Note: old default options file '%s' ignored\n" @@ -2004,23 +1997,22 @@ msgid "" "Warning: value '%s' for option '%s' should be a long key ID or a " "fingerprint\n" msgstr "" +"??: ?'%s'(?????'%s'????)????ID??????????????????\n" -#, fuzzy, c-format -#| msgid "option \"%.50s\" is ambiguous\n" +#, c-format msgid "key specification '%s' is ambiguous\n" -msgstr "?????\"%.50s\"???????\n" +msgstr "????'%s'???????\n" #. TRANSLATORS: The %s prints a key specification which #. for example has been given at the command line. Two #. lines with fingerprints are printed after this message. #, c-format msgid "'%s' matches at least:\n" -msgstr "" +msgstr "'%s'?????????????:\n" -#, fuzzy, c-format -#| msgid "error creating keyring '%s': %s\n" +#, c-format msgid "error searching the keyring: %s\n" -msgstr "????'%s'??????: %s\n" +msgstr "?????????: %s\n" #, c-format msgid "libgcrypt is too old (need %s, have %s)\n" @@ -2214,15 +2206,13 @@ msgstr "???????????????????: %s\n" msgid "WARNING: recipients (-r) given without using public key encryption\n" msgstr "*??*: ?????????????? (-r) ????????\n" -#, fuzzy, c-format -#| msgid "line %d: invalid date given\n" +#, c-format msgid "option '%s' given, but no valid default keys given\n" -msgstr "? %d: ?????????????\n" +msgstr "?????'%s'?????????????????????????????\n" -#, fuzzy, c-format -#| msgid "line %d: invalid date given\n" +#, c-format msgid "option '%s' given, but option '%s' not given\n" -msgstr "? %d: ?????????????\n" +msgstr "?????'%s'???????????????'%s'??????????\n" msgid "--store [filename]" msgstr "--store [?????]" @@ -2316,14 +2306,13 @@ msgstr "?????????: %s\n" msgid "invalid hash algorithm '%s'\n" msgstr "??????????????'%s'??\n" -#, fuzzy, c-format -#| msgid "error loading certificate '%s': %s\n" +#, c-format msgid "error parsing key specification '%s': %s\n" -msgstr "???'%s'????????: %s\n" +msgstr "???'%s'????????: %s\n" #, c-format msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" -msgstr "" +msgstr "'%s'?????ID, ??????????keygrip?????????\n" msgid "[filename]" msgstr "[?????]" @@ -2630,7 +2619,7 @@ msgstr "?%s: ???????%d?????? - ??????? #. created again. #, c-format msgid "To migrate '%s', with each smartcard, run: %s\n" -msgstr "" +msgstr "'%s'??????????????????????????????: %s\n" #, c-format msgid "key %s: no public key - can't apply revocation certificate\n" @@ -2756,10 +2745,9 @@ msgstr "????'%s'??????\n" msgid "keyblock resource '%s': %s\n" msgstr "keyblock ????'%s': %s\n" -#, fuzzy, c-format -#| msgid "error opening '%s': %s\n" +#, c-format msgid "error opening key DB: %s\n" -msgstr "'%s'????????: %s\n" +msgstr "?DB????????: %s\n" #, c-format msgid "failed to rebuild keyring cache: %s\n" @@ -2830,7 +2818,7 @@ msgstr "???????????????????????? #, c-format msgid "Skipping user ID \"%s\", which is not a text ID.\n" -msgstr "" +msgstr "???ID\"%s\"??????????????ID????????\n" #, c-format msgid "User ID \"%s\" is revoked." @@ -3108,7 +3096,7 @@ msgid "compact unusable user IDs and remove all signatures from key" msgstr "???????ID?????????????????????" msgid "Secret key is available.\n" -msgstr "???????????\n" +msgstr "???????????\n" msgid "Need the secret key to do this.\n" msgstr "???????????????\n" @@ -3129,10 +3117,8 @@ msgstr "????????????" msgid "Really sign all user IDs? (y/N) " msgstr "???????ID???????? (y/N) " -#, fuzzy -#| msgid "Really sign all user IDs? (y/N) " msgid "Really sign all text user IDs? (y/N) " -msgstr "???????ID???????? (y/N) " +msgstr "?????????????ID???????? (y/N) " msgid "Hint: Select the user IDs to sign\n" msgstr "???: ?????????ID??????\n" @@ -3428,13 +3414,10 @@ msgid "" "Are you sure you want to appoint this key as a designated revoker? (y/N) " msgstr "???????????????????? (y/N) " -#, fuzzy -#| msgid "" -#| "Are you sure you want to appoint this key as a designated revoker? (y/N) " msgid "" "Are you sure you want to change the expiration time for multiple subkeys? (y/" "N) " -msgstr "???????????????????? (y/N) " +msgstr "????????????????????? (y/N) " msgid "Changing expiration time for a subkey.\n" msgstr "??????????????\n" @@ -3483,10 +3466,9 @@ msgstr "%d?????ID??????\n" msgid "No user ID with hash %s\n" msgstr "????%s????ID??????\n" -#, fuzzy, c-format -#| msgid "No subkey with index %d\n" +#, c-format msgid "No subkey with key ID '%s'.\n" -msgstr "%d??????????\n" +msgstr "?ID'%s'?????????\n" #, c-format msgid "No subkey with index %d\n" @@ -3831,7 +3813,7 @@ msgstr "?????????????\n" #, c-format msgid "The characters '%s' and '%s' may not appear in name\n" -msgstr "" +msgstr "?????'%s'?'%s'?????????\n" msgid "Name may not start with a digit\n" msgstr "???????????????\n" @@ -4434,10 +4416,9 @@ msgstr "????????'%s'\n" msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n" msgstr "ECDSA?????8???????SEC??????????????\n" -#, fuzzy, c-format -#| msgid "Unknown signature type '%s'\n" +#, c-format msgid "unknown weak digest '%s'\n" -msgstr "????????'%s'\n" +msgstr "???????????'%s'\n" #, c-format msgid "File '%s' exists. " @@ -4878,10 +4859,8 @@ msgstr "???:\n" msgid "(This is a sensitive revocation key)\n" msgstr "(??????????????)\n" -#, fuzzy -#| msgid "Secret key is available.\n" msgid "Secret key is not available.\n" -msgstr "???????????\n" +msgstr "????????????\n" msgid "Create a designated revocation certificate for this key? (y/N) " msgstr "?????????????????????? (y/N) " @@ -4922,17 +4901,16 @@ msgstr "" "??????\n" "??????????????????????????????????????" -#, fuzzy, c-format -#| msgid "secret key \"%s\" not found: %s\n" +#, c-format msgid "secret key \"%s\" not found\n" -msgstr "???\"%s\"????????: %s\n" +msgstr "???\"%s\"????????\n" #. TRANSLATORS: The %s prints a key specification which #. for example has been given at the command line. Several lines #. lines with secret key infos are printed after this message. #, c-format msgid "'%s' matches multiple secret keys:\n" -msgstr "" +msgstr "'%s'?????????????????:\n" msgid "Create a revocation certificate for this key? (y/N) " msgstr "???????????????????? (y/N) " @@ -6899,10 +6877,8 @@ msgstr "'%s'??????????: %s\n" msgid "error retrieving '%s': http status %u\n" msgstr "'%s'??????: http????? %u\n" -#, fuzzy -#| msgid "CRL access not possible due to TOR mode\n" msgid "CRL access not possible due to Tor mode\n" -msgstr "CRL?????TOR???????????\n" +msgstr "CRL?????Tor???????????\n" #, c-format msgid "certificate search not possible due to disabled %s\n" @@ -7090,10 +7066,8 @@ msgstr "|N|???????N??????????????" msgid "|FILE|use the CA certificates in FILE for HKP over TLS" msgstr "|FILE|FILE???CA????TLS??HKP???" -#, fuzzy -#| msgid "route all network traffic via TOR" msgid "route all network traffic via Tor" -msgstr "?????????????????TOR?????" +msgstr "?????????????????Tor?????" msgid "" "@\n" @@ -7385,10 +7359,8 @@ msgstr "????????????: %s\n" msgid "response from server too large; limit is %d bytes\n" msgstr "??????????????? (??%d???)?\n" -#, fuzzy -#| msgid "OCSP request not possible due to TOR mode\n" msgid "OCSP request not possible due to Tor mode\n" -msgstr "TOR??????OCSP???????????\n" +msgstr "Tor??????OCSP???????????\n" msgid "OCSP request not possible due to disabled HTTP\n" msgstr "HTTP??????????OCSP???????????\n" @@ -7415,7 +7387,7 @@ msgstr "'%s'?????????: http????? %u\n" #, c-format msgid "error parsing OCSP response for '%s': %s\n" -msgstr "'%s'????OCSP???????: %s\n" +msgstr "'%s'????OCSP?????????: %s\n" #, c-format msgid "OCSP responder at '%s' status: %s\n" @@ -7740,10 +7712,8 @@ msgstr "??????????????????" msgid "Options controlling the interactivity and enforcement" msgstr "???????????????????????" -#, fuzzy -#| msgid "Options controlling the use of TOR" msgid "Options controlling the use of Tor" -msgstr "TOR?????????????" +msgstr "Tor?????????????" msgid "Configuration for HTTP servers" msgstr "HTTP??????????????" @@ -7996,26 +7966,6 @@ msgstr "" #~ msgid "cleared passphrase cached with ID: %s\n" #~ msgstr "?????????????????? ID: %s\n" -#, fuzzy -#~| msgid "failed to store the key: %s\n" -#~ msgid "Failed to open the keyring DB.\n" -#~ msgstr "???????????: %s\n" - -#, fuzzy -#~| msgid "failed to open '%s': %s\n" -#~ msgid "Failed to parse '%s'.\n" -#~ msgstr "'%s'??????: %s\n" - -#, fuzzy -#~| msgid "invalid value\n" -#~ msgid "invalid value '%s'\n" -#~ msgstr "????\n" - -#, fuzzy -#~| msgid "error locking keybox: %s\n" -#~ msgid "error looking up secret key \"%s\": %s\n" -#~ msgstr "keybox????????: %s\n" - #~ msgid "Please select at most one subkey.\n" #~ msgstr "??1??????????????\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 148 +++++++++++++++++++++------------------------------------------ 1 file changed, 49 insertions(+), 99 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 12:04:52 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 04 Dec 2015 12:04:52 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.1.9-235-gdf1e0d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-2 has been updated via df1e0d27fa0095438f7aa1f05b41b17da026bcea (commit) via 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233 (commit) via 650f43053d2090d4658096b85c1cc0d828f3f198 (commit) via 0c0ccf0928b449fb2ce4c8bab11ac2e4837ca72d (commit) via 0fe3614d9afe42ecf80bbc932366ceeaba0a0ecc (commit) via 28311d1fa56bfbd801103a8475597459132874f4 (commit) via 4ff2cae7dee36ffee854c5f05c3e8ee9eb0308dd (commit) via 28c53ddbcb70bccc062266f689950c9d08894f15 (commit) via 59b42ceb93ea2daf7613b143618bff9268637966 (commit) via 59f6192cb766612ad215bc6a3af13d5b137139e4 (commit) via 218a52787a87be6b7481a39f87d212d6ef594e97 (commit) via f03976f1101f539a2782cd9e87d640fc32a022db (commit) via 9639af5f16a7ed908cbce2415330b9fcd88edc90 (commit) via f747adfa21551e083bc947540c64c94a96dcc059 (commit) via e28f2e7a2f265af8bbdb4979e9679b4396dccdd5 (commit) via 0f61599ed0bd1cc6842067d040bb58ec0a451715 (commit) via 4e9957250eee3521dc979912a4818e58ffddc5b8 (commit) via fbf8b733a22e21963f9dcd7876f6618d73eb124e (commit) via 5e2c5e9ec5b75fae886e1294adbdb7ad2ac12827 (commit) via 50a568e7380752454c029eac2b57d8803b1cb287 (commit) via a28ac99efead8be73ea1704abe1611ccc4811c54 (commit) via 9fcc047d921bde95b6807325b7fd2b697e89907f (commit) via f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 (commit) via 11b2691eddc42e91651e4f95dd2731255a3e9211 (commit) via cedbd4709eed6fead9d1b271f96860c00547c77c (commit) via 69db3285e4612ad24462149a4d64cc32c090a491 (commit) via 28195f8d27aa0fc9daf5b74fb24de87c36e04739 (commit) via c73d75103cbd34975e2bd28e9924caee05eaf829 (commit) via 28e2513721ff0cec920564d4087f3600cce8672e (commit) via 17ac843871d5f350f26edff0187f94ced923f534 (commit) via 10cca02c4c70eee993d4df0a1d20ae841992efe9 (commit) via 9c34711539fc2c34aea8da0fd49ae6aa28991518 (commit) via 9f4f77bc4b8bf17010796fe3c2d23024047154ea (commit) from 3be12d1e1b8334fb2bba307ec9efbc004f1dbf8d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit df1e0d27fa0095438f7aa1f05b41b17da026bcea Author: Werner Koch Date: Fri Dec 4 12:00:05 2015 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 4965652..c19c1cd 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.11 (unreleased) +------------------------------------------------- + + Noteworthy changes in version 2.1.10 (2015-12-04) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 412ea8b..09b15ea 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [10]) +m4_define([mym4_micro], [11]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233 Author: Werner Koch Date: Fri Dec 4 10:50:51 2015 +0100 Release 2.1.10 diff --git a/NEWS b/NEWS index 0cb21fa..4965652 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes in version 2.1.10 (unreleased) +Noteworthy changes in version 2.1.10 (2015-12-04) ------------------------------------------------- * gpg: New trust models "tofu" and "tofu+pgp". @@ -32,7 +32,7 @@ Noteworthy changes in version 2.1.10 (unreleased) once. * dirmngr: New option --use-tor. For full support this requires - libassuan version 2.4.1 and a patched version of libadns + libassuan version 2.4.2 and a patched version of libadns (e.g. adns-1.4-g10-7 as used by the standard Windows installer). * dirmngr: New option --nameserver to specify the nameserver used in @@ -45,7 +45,7 @@ Noteworthy changes in version 2.1.10 (unreleased) * dirmngr: Fixed handling of premature termination of TLS streams so that large numbers of keys can be refreshed via hkps. - * gpg: Fixed a regression in --locate-key since 2.1.9. + * gpg: Fixed a regression in --locate-key [since 2.1.9]. * gpg: Fixed another bug for keyrings with legacy keys. commit 650f43053d2090d4658096b85c1cc0d828f3f198 Author: Yuri Chornoivan Date: Fri Oct 23 20:04:34 2015 +0300 po: Update Ukrainian translation -- Merged with current POT - wk diff --git a/po/uk.po b/po/uk.po index 19f7bfe..af6f7b5 100644 --- a/po/uk.po +++ b/po/uk.po @@ -5,9 +5,9 @@ # Yuri Chornoivan , 2011, 2014, 2015. msgid "" msgstr "" -"Project-Id-Version: GNU gnupg 2.1.0-gitfe8619d\n" +"Project-Id-Version: GNU gnupg 2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2015-02-18 19:09+0200\n" +"PO-Revision-Date: 2015-10-23 19:33+0300\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -34,36 +34,26 @@ msgstr "_??????" msgid "|pinentry-label|_Cancel" msgstr "_?????????" -#, fuzzy -#| msgid "|pinentry-label|_OK" msgid "|pinentry-label|_Yes" -msgstr "_??????" +msgstr "_???" -#, fuzzy -#| msgid "|pinentry-label|_OK" msgid "|pinentry-label|_No" -msgstr "_??????" +msgstr "_??" msgid "|pinentry-label|PIN:" msgstr "??????:" -#, fuzzy -#| msgid "|pinentry-label|_Cancel" msgid "|pinentry-label|_Save in password manager" -msgstr "_?????????" +msgstr "_???????? ? ?????? ????????? ????????" -#, fuzzy -#| msgid "Do you really want to permanently delete the OpenPGP secret key:" msgid "Do you really want to make your passphrase visible on the screen?" -msgstr "??????? ?????? ????????? ???????? ???????? ???? OpenPGP:" +msgstr "??????? ?????? ??????? ?????? ??????? ?? ???????" msgid "|pinentry-tt|Make passphrase visible" -msgstr "" +msgstr "??????? ?????? ???????" -#, fuzzy -#| msgid "Enter new passphrase" msgid "|pinentry-tt|Hide passphrase" -msgstr "??????? ????? ??????" +msgstr "????????? ??????" #. TRANSLATORS: This string is displayed by Pinentry as the label #. for the quality bar. @@ -96,7 +86,7 @@ msgstr "" "??????" msgid "PIN:" -msgstr "" +msgstr "??????:" msgid "Passphrase:" msgstr "??????:" @@ -290,8 +280,7 @@ msgstr[0] "? ?????? ??? ???? ????????? %u ????? ?? msgstr[1] "? ?????? ??? ???? ????????? %u ????? ???%%0A??????????? ???????." msgstr[2] "? ?????? ??? ???? ????????? %u ???? ???%%0A??????????? ????????." -#, fuzzy, c-format -#| msgid "A passphrase may not be a known term or match%%0Acertain pattern." +#, c-format msgid "A passphrase may not be a known term or match%%0Acertain pattern." msgstr "" "??????? ?? ??????? ???? ????? ?? ???????? ??? ?????%%0A, ?? ?????????? " @@ -353,10 +342,8 @@ msgstr "??????????????? ??????? ???????? SCdaemon" msgid "do not use the SCdaemon" msgstr "?? ??????????????? SCdaemon" -#, fuzzy -#| msgid "|NAME|connect to host NAME" msgid "|NAME|accept some commands via NAME" -msgstr "|NAME|?????????? ????????? ? ?????? ?? ???????? ??????" +msgstr "???????? ????? ??????? ????? NAME" msgid "ignore requests to change the TTY" msgstr "?????????? ?????? ???? ????? TTY" @@ -370,10 +357,8 @@ msgstr "??????? ???????? ??????? ?? ??????? ?? msgid "do not use the PIN cache when signing" msgstr "?? ??????????????? ??? ???-????? ??? ????????????" -#, fuzzy -#| msgid "do not allow the reuse of old passphrases" msgid "disallow the use of an external password cache" -msgstr "?? ????????? ???????? ???????????? ?????? ???????" +msgstr "?????????? ???????????? ??????????? ???? ???????" msgid "disallow clients to mark keys as \"trusted\"" msgstr "?????????? ???????? ????????? ????? ?? ???????" @@ -385,7 +370,7 @@ msgid "allow caller to override the pinentry" msgstr "????????? ??????? ??????? ????????????? pinentry" msgid "allow passphrase to be prompted through Emacs" -msgstr "" +msgstr "????????? ????? ?????? ? Emacs" msgid "enable ssh support" msgstr "????????? ????????? ssh" @@ -668,12 +653,12 @@ msgstr "??????? ??????" msgid "I'll change it later" msgstr "? ????? ???? ???????" -#, fuzzy, c-format -#| msgid "Do you really want to delete the selected keys? (y/N) " +#, c-format msgid "" "Do you really want to delete the key identified by keygrip%%0A %s%%0A %%C" "%%0A?" -msgstr "??????? ??????? ???????? ??????? ?????? (y/N ??? ?/?) " +msgstr "" +"??????? ?????? ???????? ????, ?? ???????????? keygrip%%0A %s%%0A %%C%%0A?" msgid "Delete key" msgstr "???????? ????" @@ -832,7 +817,7 @@ msgstr "?????: ?%s%s? ? ?????????? ?????????? ? ? #, c-format msgid "unknown debug flag '%s' ignored\n" -msgstr "" +msgstr "????????? ????????? ??????????? ?%s? ?????????????\n" #, c-format msgid "no running gpg-agent - starting '%s'\n" @@ -1766,10 +1751,8 @@ msgstr "???????? ???? ??????" msgid "quickly generate a new key pair" msgstr "?????? ????????? ???? ??????" -#, fuzzy -#| msgid "quickly generate a new key pair" msgid "quickly add a new user-id" -msgstr "?????? ????????? ???? ??????" +msgstr "?????? ????????? ?????? ?????????????? ???????????" msgid "full featured key pair generation" msgstr "?????????? ????????? ???? ??????" @@ -1838,7 +1821,7 @@ msgid "run in server mode" msgstr "????????? ? ?????? ???????" msgid "|VALUE|set the TOFU policy for a key (good, unknown, bad, ask, auto)" -msgstr "" +msgstr "?????????? ??????? TOFU ??? ????? (good, unknown, bad, ask, auto)" msgid "create ascii armored output" msgstr "???????? ???? ? ??????? ASCII" @@ -2050,18 +2033,16 @@ msgstr "?????????? ???? ?????????? ??????? ??? msgid "available TOFU policies:\n" msgstr "???????? ?????:\n" -#, fuzzy, c-format -#| msgid "unknown option '%s'\n" +#, c-format msgid "unknown TOFU policy '%s'\n" -msgstr "????????? ???????? ?%s?\n" +msgstr "???????? ??????? TOFU ?%s?\n" msgid "(use \"help\" to list choices)\n" msgstr "" -#, fuzzy, c-format -#| msgid "unknown command '%s'\n" +#, c-format msgid "unknown TOFU DB format '%s'\n" -msgstr "???????? ??????? ?%s?\n" +msgstr "????????? ?????? ???? ????? TOFU ?%s?\n" #, c-format msgid "Note: old default options file '%s' ignored\n" @@ -2408,9 +2389,11 @@ msgstr "??????????? ???????? ????????? ?%s?\n" msgid "error parsing key specification '%s': %s\n" msgstr "??????? ??? ??? ?????? ???????????? ??????????? ?%s?: %s\n" -#, c-format +#, fuzzy, c-format +#| msgid "" +#| "'%s' does not appear to be a valid key id, fingerprint or key grip.\n" msgid "'%s' does not appear to be a valid key ID, fingerprint or keygrip\n" -msgstr "" +msgstr "?%s? ?? ? ????????? ??????????????? ?????, ????????? ??? keygrip.\n" msgid "[filename]" msgstr "[????? ?????]" @@ -3099,10 +3082,8 @@ msgstr "???????? ? ?????" msgid "show key fingerprint" msgstr "???????? ???????? ?????" -#, fuzzy -#| msgid "Enter the keygrip: " msgid "show the keygrip" -msgstr "??????? keygrip: " +msgstr "???????? keygrip" msgid "list key and user IDs" msgstr "???????? ?????? ?????? ?? ??????????????? ???????????" @@ -3262,7 +3243,7 @@ msgstr "??? ???? ??????? ????????? ???? ?????? #, c-format msgid "(Use the '%s' command.)\n" -msgstr "" +msgstr "(????????????? ???????? ?%s?.)\n" msgid "You can't delete the last user ID!\n" msgstr "?? ????? ???????? ???????? ????????????? ???????????!\n" @@ -4186,15 +4167,12 @@ msgstr "???????? ???????? ???????: " msgid "Signature notation: " msgstr "???????? ???????: " -#, fuzzy -#| msgid "1 bad signature\n" msgid "1 good signature\n" -msgstr "1 ?????????? ??????\n" +msgstr "1 ?????? ??????\n" -#, fuzzy, c-format -#| msgid "%d bad signatures\n" +#, c-format msgid "%d good signatures\n" -msgstr "%d ?????????? ????????\n" +msgstr "%d ?????? ????????\n" #, c-format msgid "Warning: %lu key(s) skipped due to their large size\n" @@ -4248,7 +4226,7 @@ msgid "%s: keyring created\n" msgstr "%s: ???????? ??????? ??????\n" msgid "override proxy options set for dirmngr" -msgstr "" +msgstr "????????????? ????????? ??????, ??????????? ??? dirmngr" msgid "include revoked keys in search results" msgstr "???????? ?? ??????????? ?????? ?????????? ?????" @@ -4257,7 +4235,7 @@ msgid "include subkeys when searching by key ID" msgstr "???????? ???????? ?? ?????? ?? ??????????????? ?????" msgid "override timeout options set for dirmngr" -msgstr "" +msgstr "????????????? ????????? ???? ??????????, ??????????? ??? dirmngr" msgid "automatically retrieve keys when verifying signatures" msgstr "??????????? ?????????? ????? ??? ??? ????????? ????????" @@ -5041,10 +5019,8 @@ msgstr "???? ??????????:\n" msgid "(This is a sensitive revocation key)\n" msgstr "(?? ????????? ???? ???????????)\n" -#, fuzzy -#| msgid "Secret key is available.\n" msgid "Secret key is not available.\n" -msgstr "????????? ???????? ????.\n" +msgstr "???????? ???? ???????????.\n" msgid "Create a designated revocation certificate for this key? (y/N) " msgstr "" @@ -5547,10 +5523,8 @@ msgstr "????????" #. It gets passed to atoi() so everything after the number is #. essentially a comment and need not be translated. Either key and #. uid are both NULL, or neither are NULL. -#, fuzzy -#| msgid "10 translator see trustdb.c:uid_trust_string_fixed" msgid "10 translator see trust.c:uid_trust_string_fixed" -msgstr "10 translator see trustdb.c:uid_trust_string_fixed" +msgstr "10" msgid "[ revoked]" msgstr "[???????.]" @@ -7126,10 +7100,8 @@ msgstr "??????? ????????? ?%s?: %s\n" msgid "error retrieving '%s': http status %u\n" msgstr "??????? ????????? ?%s?: ???? http %u\n" -#, fuzzy -#| msgid "CRL access not possible due to disabled %s\n" msgid "CRL access not possible due to Tor mode\n" -msgstr "?????? ?? CRL ?????????? ????? ????????? %s\n" +msgstr "?????? ?? CRL ?????????? ????? ?????????? ????? Tor\n" #, c-format msgid "certificate search not possible due to disabled %s\n" @@ -7319,7 +7291,7 @@ msgid "|FILE|use the CA certificates in FILE for HKP over TLS" msgstr "|????|??????????????? ??????????? CA ? ????? ???? ??? HKP ????? TLS" msgid "route all network traffic via Tor" -msgstr "" +msgstr "?????????????? ????? ????? ?????? ? ??????? ????? Tor" msgid "" "@\n" @@ -7615,10 +7587,8 @@ msgstr "??????? ??? ??? ?????? ??????? ????? ? msgid "response from server too large; limit is %d bytes\n" msgstr "??????? ??????? ????????? ??? ???????; ?????? ???? ? %d ??????\n" -#, fuzzy -#| msgid "OCSP request not possible due to disabled HTTP\n" msgid "OCSP request not possible due to Tor mode\n" -msgstr "????? ?? ????????? OCSP ?????????? ????? ????????? ????????? HTTP\n" +msgstr "????? ?? ????????? OCSP ?????????? ????? ?????????? ????? Tor\n" msgid "OCSP request not possible due to disabled HTTP\n" msgstr "????? ?? ????????? OCSP ?????????? ????? ????????? ????????? HTTP\n" @@ -7973,10 +7943,8 @@ msgstr "????????? ????????? ???????? ???????? msgid "Options controlling the interactivity and enforcement" msgstr "????????? ????????? ??????????????? ?? ????????" -#, fuzzy -#| msgid "Options controlling the security" msgid "Options controlling the use of Tor" -msgstr "????????? ????????? ????????" +msgstr "????????? ????????? ????????????? Tor" msgid "Configuration for HTTP servers" msgstr "???????????? ??? ???????? HTTP" @@ -8006,7 +7974,7 @@ msgid "GPG for S/MIME" msgstr "GPG ??? S/MIME" msgid "Key Acquirer" -msgstr "" +msgstr "????? ?????? ??????" msgid "PIN and Passphrase Entry" msgstr "???????? ???????? ? ???????" @@ -8227,18 +8195,29 @@ msgstr "" "?????????: gpg-check-pattern [?????????] ????_????????\n" "?????????? ??????, ???????? ? stdin, ?? ????????? ?????_????????\n" -#~ msgid "cleared passphrase cached with ID: %s\n" -#~ msgstr "????????? ?????? ???????? ? ???????????????: %s\n" - -#, fuzzy -#~| msgid "failed to store the key: %s\n" #~ msgid "Failed to open the keyring DB.\n" -#~ msgstr "?? ??????? ???????? ????: %s\n" +#~ msgstr "?? ??????? ???????? ???? ????? ??????? ??????.\n" -#, fuzzy -#~| msgid "failed to open '%s': %s\n" #~ msgid "Failed to parse '%s'.\n" -#~ msgstr "?? ??????? ???????? ?%s?: %s\n" +#~ msgstr "?? ??????? ???????? ?%s?.\n" + +#~ msgid "Failed to reset keyring handle.\n" +#~ msgstr "?? ??????? ??????? ?????????? ??????? ??????.\n" + +#~ msgid "Key '%s' is not available\n" +#~ msgstr "???? ?%s? ? ???????????\n" + +#~ msgid "Failed to find key '%s'\n" +#~ msgstr "?? ??????? ?????? ???? ?%s?\n" + +#~ msgid "Failed to read key '%s' from the keyring\n" +#~ msgstr "?? ??????? ????????? ???? ?%s? ?? ??????? ??????\n" + +#~ msgid "Unknown weak digest '%s'\n" +#~ msgstr "???????? ?????? ?????????? ???? ?%s?\n" + +#~ msgid "cleared passphrase cached with ID: %s\n" +#~ msgstr "????????? ?????? ???????? ? ???????????????: %s\n" #, fuzzy #~| msgid "invalid value\n" commit 0c0ccf0928b449fb2ce4c8bab11ac2e4837ca72d Author: Ineiev Date: Fri Dec 4 10:23:39 2015 +0100 po: Update Russian translation -- Signed-off-by: Werner Koch The patch was from October 12 and thus 6 strings could not be applied due to chnaged original strings. diff --git a/po/ru.po b/po/ru.po index eec1bea..1744217 100644 --- a/po/ru.po +++ b/po/ru.po @@ -77,15 +77,13 @@ msgstr "" msgid "" "Please enter your PIN, so that the secret key can be unlocked for this " "session" -msgstr "" -"??????? PIN, ????? ??????? ???????? ???? ????????? ?? ?????????? ????? ??????" +msgstr "??????? PIN, ????? ??????? ????????? ???? ????????? ? ???? ??????" msgid "" "Please enter your passphrase, so that the secret key can be unlocked for " "this session" msgstr "" -"??????? ?????-??????, ????? ??????? ???????? ???? ????????? ?? ?????????? " -"????? ??????" +"??????? ?????-??????, ????? ??????? ????????? ???? ????????? ? ???? ??????" msgid "PIN:" msgstr "PIN:" @@ -186,8 +184,8 @@ msgid "" "Please enter a passphrase to protect the received secret key%%0A %s%%0A " "%s%%0Awithin gpg-agent's key storage" msgstr "" -"??????? ?????-?????? ??? ?????? ??????????? ????????? ?????%%0A %s%%0A %s" -"%%0A?????? ????????? ?????? ?????? gpg" +"??????? ?????-?????? ??? ?????? ??????????? ?????????? ?????%%0A %s%%0A " +"%s%%0A?????? ????????? ?????? ?????? gpg" #, c-format msgid "failed to create stream from socket: %s\n" @@ -399,7 +397,7 @@ msgid "" "Secret key management for @GNUPG@\n" msgstr "" "?????????: @GPG_AGENT@ [?????????] [??????? [?????????]]\n" -"?????????? ????????? ??????? ??? @GNUPG@\n" +"?????????? ?????????? ??????? ??? @GNUPG@\n" #, c-format msgid "invalid debug-level '%s' given\n" @@ -533,7 +531,7 @@ msgid "" "Secret key maintenance tool\n" msgstr "" "?????????: gpg-protect-tool [?????????] [?????????]\n" -"???????? ?????? ? ????????? ???????\n" +"???????? ?????? ? ?????????? ???????\n" msgid "Please enter the passphrase to unprotect the PKCS#12 object." msgstr "??????? ?????-?????? ??? ?????? ?????? ? ??????? PKCS#12." @@ -688,7 +686,7 @@ msgid "checking created signature failed: %s\n" msgstr "???? ???????? ????????? ???????: %s\n" msgid "secret key parts are not available\n" -msgstr "???????? ????? ????? ??????????\n" +msgstr "????????? ????? ????? ??????????\n" #, c-format msgid "public key algorithm %d (%s) is not supported\n" @@ -946,7 +944,7 @@ msgid "Signature %d" msgstr "??????? %d" msgid "Certificate chain valid" -msgstr "??????? ???????????? ?????????????" +msgstr "??????? ???????????? ??????????" msgid "Root certificate trustworthy" msgstr "???????? ?????????? ??????????" @@ -1489,11 +1487,11 @@ msgid "Delete this key from the keyring? (y/N) " msgstr "??????? ?????? ???? ?? ???????? (y/N) " msgid "This is a secret key! - really delete? (y/N) " -msgstr "??? ???????? ????! - ??? ????? ???????? (y/N) " +msgstr "??? ????????? ????! - ??? ????? ???????? (y/N) " #, c-format msgid "deleting secret %s failed: %s\n" -msgstr "???? ??? ???????? ????????? %s: %s\n" +msgstr "???? ??? ???????? ?????????? %s: %s\n" msgid "key" msgstr "?????" @@ -1510,7 +1508,7 @@ msgstr "???????? ? ??????? ????????? ????????\n #, c-format msgid "there is a secret key for public key \"%s\"!\n" -msgstr "??????? ???????? ???? ??? ????????? ????? \"%s\"!\n" +msgstr "??????? ????????? ???? ??? ????????? ????? \"%s\"!\n" msgid "use option \"--delete-secret-keys\" to delete it first.\n" msgstr "??????? ??????? ??? ???????? \"--delete-secret-keys\".\n" @@ -1640,7 +1638,7 @@ msgid "remove as much as possible from key during export" msgstr "??? ???????? ??????? ?? ????? ??? ????? ??????" msgid "exporting secret keys not allowed\n" -msgstr "??????? ???????? ?????? ?? ????????\n" +msgstr "??????? ????????? ?????? ?? ????????\n" #, c-format msgid "key %s: PGP 2.x style key - skipped\n" @@ -1687,8 +1685,8 @@ msgstr "|NAME|???????????? NAME ??? ???????? ?????? #, c-format msgid "Invalid key %s made valid by --allow-non-selfsigned-uid\n" msgstr "" -"???????? --allow-non-selfsigned-uid ?????? ???????????????? ???? %s " -"??????????????\n" +"???????? --allow-non-selfsigned-uid ?????? ????????????? ???? %s " +"???????????\n" #, c-format msgid "using subkey %s instead of primary key %s\n" @@ -1728,7 +1726,7 @@ msgid "list keys and fingerprints" msgstr "??????? ?????? ?????? ? ?? ??????????" msgid "list secret keys" -msgstr "??????? ?????? ???????? ??????" +msgstr "??????? ?????? ????????? ??????" msgid "generate a new key pair" msgstr "??????? ????? ???? ??????" @@ -1749,7 +1747,7 @@ msgid "remove keys from the public keyring" msgstr "??????? ????? ?? ??????? ???????? ??????" msgid "remove keys from the secret keyring" -msgstr "??????? ????? ?? ??????? ???????? ??????" +msgstr "??????? ????? ?? ??????? ????????? ??????" msgid "quickly sign a key" msgstr "?????? ????????? ????" @@ -2467,15 +2465,15 @@ msgstr " ????? ??????? ??????: %lu\n" #, c-format msgid " secret keys read: %lu\n" -msgstr " ????????? ???????? ??????: %lu\n" +msgstr " ????????? ????????? ??????: %lu\n" #, c-format msgid " secret keys imported: %lu\n" -msgstr "????????????? ???????? ??????: %lu\n" +msgstr "????????????? ????????? ??????: %lu\n" #, c-format msgid " secret keys unchanged: %lu\n" -msgstr " ???????????? ???????? ??????: %lu\n" +msgstr " ???????????? ????????? ??????: %lu\n" #, c-format msgid " not imported: %lu\n" @@ -2629,11 +2627,11 @@ msgstr "???? %s: \"%s\" ?? ???????\n" #, c-format msgid "key %s: secret key imported\n" -msgstr "???? %s: ???????????? ???????? ????\n" +msgstr "???? %s: ???????????? ????????? ????\n" #, c-format msgid "key %s: secret key already exists\n" -msgstr "???? %s: ???????? ???? ??? ???????\n" +msgstr "???? %s: ????????? ???? ??? ???????\n" #, c-format msgid "key %s: error sending to agent: %s\n" @@ -2641,14 +2639,14 @@ msgstr "???? %s: ?????? ???????? ? ?????: %s\n" #, c-format msgid "secret key %s: %s\n" -msgstr "???????? ???? %s: %s\n" +msgstr "????????? ???? %s: %s\n" msgid "importing secret keys not allowed\n" -msgstr "?????? ????????? ????? ?? ???????????\n" +msgstr "?????? ?????????? ????? ?? ???????????\n" #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" -msgstr "???? %s: ???????? ???? ? ???????????? ?????? %d - ????????\n" +msgstr "???? %s: ????????? ???? ? ???????????? ?????? %d - ????????\n" #. TRANSLATORS: For smartcard, each private key on #. host has a reference (stub) to a smartcard and @@ -3148,10 +3146,10 @@ msgid "compact unusable user IDs and remove all signatures from key" msgstr "????? ??????????? ID ????????????? ? ??????? ??? ??????? ?? ?????" msgid "Secret key is available.\n" -msgstr "???????? ???? ????????.\n" +msgstr "????????? ???? ????????.\n" msgid "Need the secret key to do this.\n" -msgstr "??? ??????? ???????? ????? ???????? ????.\n" +msgstr "??? ??????? ???????? ????? ????????? ????.\n" msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " @@ -3190,7 +3188,7 @@ msgstr "?? ?????? ??????? ???? ?? ???? ID ?????? #, c-format msgid "(Use the '%s' command.)\n" -msgstr "" +msgstr "(??????? '%s'.)\n" msgid "You can't delete the last user ID!\n" msgstr "?? ?? ?????? ??????? ????????? ID ????????????!\n" @@ -3579,7 +3577,7 @@ msgid "Really create the revocation certificates? (y/N) " msgstr "????????????? ??????? ?????????? ??????? (y/N) " msgid "no secret key\n" -msgstr "??? ????????? ?????\n" +msgstr "??? ?????????? ?????\n" #, c-format msgid "user ID \"%s\" is already revoked\n" @@ -3947,7 +3945,7 @@ msgid "" "You need a Passphrase to protect your secret key.\n" "\n" msgstr "" -"??? ?????? ????????? ????? ?????????? ?????-??????.\n" +"??? ?????? ?????????? ????? ?????????? ?????-??????.\n" "\n" msgid "" @@ -4034,7 +4032,7 @@ msgid "error writing public keyring '%s': %s\n" msgstr "?????? ?????? ??????? ???????? ?????? '%s': %s\n" msgid "public and secret key created and signed.\n" -msgstr "???????? ? ???????? ????? ??????? ? ?????????.\n" +msgstr "???????? ? ????????? ????? ??????? ? ?????????.\n" msgid "" "Note that this key cannot be used for encryption. You may want to use\n" @@ -4061,10 +4059,10 @@ msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n" msgstr "?????????: ???????? ????????? ??? ?????? v3 ?? ?????????? ? OpenPGP\n" msgid "Secret parts of primary key are not available.\n" -msgstr "???????? ????? ?????????? ????? ???????????.\n" +msgstr "????????? ????? ?????????? ????? ???????????.\n" msgid "Secret parts of primary key are stored on-card.\n" -msgstr "???????? ????? ?????????? ????? ???????? ?? ?????.\n" +msgstr "????????? ????? ?????????? ????? ???????? ?? ?????.\n" msgid "Really create? (y/N) " msgstr "????????????? ???????? (y/N) " @@ -4550,7 +4548,7 @@ msgid "" "%u-bit %s key, ID %s,\n" "created %s%s.\n" msgstr "" -"??????? ?????-?????? ??? ??????? ? ????????? ????? ??????????? OpenPGP:\n" +"??????? ?????-?????? ??? ??????? ? ?????????? ????? ??????????? OpenPGP:\n" "\"%.*s\"\n" "%u-?????? ???? %s, ID %s,\n" "?????? %s%s.\n" @@ -4566,7 +4564,7 @@ msgid "" "You need a passphrase to unlock the secret key for\n" "user: \"%s\"\n" msgstr "" -"?????????? ?????-?????? ??? ??????? ? ????????? ????? ????????????: \"%s\"\n" +"?????????? ?????-?????? ??? ??????? ? ?????????? ????? ????????????: \"%s\"\n" #, c-format msgid "%u-bit %s key, ID %s, created %s" @@ -4577,22 +4575,22 @@ msgid " (subkey on main key ID %s)" msgstr " (??????? ?? ??????? ????? %s)" msgid "Please enter the passphrase to unlock the OpenPGP secret key:" -msgstr "??????? ?????-?????? ??? ????????????? ????????? ????? OpenPGP:" +msgstr "??????? ?????-?????? ??? ????????????? ?????????? ????? OpenPGP:" msgid "Please enter the passphrase to import the OpenPGP secret key:" -msgstr "??????? ?????-?????? ??? ??????? ????????? ????? OpenPGP:" +msgstr "??????? ?????-?????? ??? ??????? ?????????? ????? OpenPGP:" msgid "Please enter the passphrase to export the OpenPGP secret subkey:" -msgstr "??????? ?????-?????? ??? ???????? ????????? ???????? OpenPGP:" +msgstr "??????? ?????-?????? ??? ???????? ?????????? ???????? OpenPGP:" msgid "Please enter the passphrase to export the OpenPGP secret key:" -msgstr "??????? ?????-?????? ??? ???????? ????????? ????? OpenPGP:" +msgstr "??????? ?????-?????? ??? ???????? ?????????? ????? OpenPGP:" msgid "Do you really want to permanently delete the OpenPGP secret subkey key:" -msgstr "?? ????????????? ?????? ???????? ??????? ???????? ??????? OpenPGP:" +msgstr "?? ????????????? ?????? ???????? ??????? ????????? ??????? OpenPGP:" msgid "Do you really want to permanently delete the OpenPGP secret key:" -msgstr "?? ????????????? ?????? ???????? ??????? ???????? ???? OpenPGP:" +msgstr "?? ????????????? ?????? ???????? ??????? ????????? ???? OpenPGP:" #, c-format msgid "" @@ -4899,7 +4897,7 @@ msgstr "?? ???? ??????? ??????????? ?????? fd=%d: #, c-format msgid "anonymous recipient; trying secret key %s ...\n" -msgstr "????????? ??????????; ?????? ???????? ???? %s ...\n" +msgstr "????????? ??????????; ?????? ????????? ???? %s ...\n" msgid "okay, we are the anonymous recipient.\n" msgstr "???????, ?? - ????????? ??????????.\n" @@ -4918,7 +4916,7 @@ msgstr "" #, c-format msgid "Note: secret key %s expired at %s\n" -msgstr "?????????: ???????? ???? %s ????????? ? %s\n" +msgstr "?????????: ????????? ???? %s ????????? ? %s\n" msgid "Note: key has been revoked" msgstr "?????????: ???? ??? ???????" @@ -4969,7 +4967,7 @@ msgid "" "a reason for the revocation." msgstr "" "??????????? ?? ??? ?????? ????? ????? ? ?????? ????????? ??? ??????\n" -"????????? ?????. ??????, ???? ???????? ???? ????????, ????? ???????\n" +"?????????? ?????. ??????, ???? ????????? ???? ????????, ????? ???????\n" "????? ?????????? ? ????????? ??????? ??????." msgid "" @@ -5160,7 +5158,7 @@ msgid "skipped \"%s\": duplicated\n" msgstr "????????? \"%s\": ????????\n" msgid "skipped: secret key already present\n" -msgstr "?????????: ???????? ???? ??? ???????\n" +msgstr "?????????: ????????? ???? ??? ???????\n" msgid "this is a PGP generated Elgamal key which is not secure for signatures!" msgstr "" @@ -5402,8 +5400,8 @@ msgstr "????????? %d ? ???????????? ????????, %d msgid "" "depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n" msgstr "" -"???????: %d ??????: %3d ???????????: %3d ???????: %d-, %dq, %dn, %dm, " -"%df, %du\n" +"???????: %d ???????????: %3d ???????????: %3d ???????: %d-, %dq, %dn, " +"%dm, %df, %du\n" #, c-format msgid "unable to update trustdb version record: write failed: %s\n" @@ -5411,21 +5409,19 @@ msgstr "" "?????????? ???????? ?????? ? ?????? ??????? ???????: ?????? ??????: %s\n" msgid "undefined" -msgstr "" +msgstr "????????????" -#, fuzzy -#| msgid "never " msgid "never" -msgstr "??????? " +msgstr "???????" msgid "marginal" -msgstr "" +msgstr "??????????" msgid "full" -msgstr "" +msgstr "??????" msgid "ultimate" -msgstr "" +msgstr "??????????" #. TRANSLATORS: these strings are similar to those in #. trust_value_to_string(), but are a fixed length. This is needed to @@ -5436,34 +5432,28 @@ msgstr "" #. essentially a comment and need not be translated. Either key and #. uid are both NULL, or neither are NULL. msgid "10 translator see trust.c:uid_trust_string_fixed" -msgstr "" +msgstr "12 translator see trust.c:uid_trust_string_fixed" -#, fuzzy -#| msgid "revoked" msgid "[ revoked]" -msgstr "???????" +msgstr "[ ??????? ]" -#, fuzzy -#| msgid "expired" msgid "[ expired]" -msgstr "?????????" +msgstr "[ ????????? ]" -#, fuzzy -#| msgid "unknown" msgid "[ unknown]" -msgstr "??????????" +msgstr "[ ?????????? ]" msgid "[ undef ]" -msgstr "" +msgstr "[????????????]" msgid "[marginal]" -msgstr "" +msgstr "[ ?????????? ]" msgid "[ full ]" -msgstr "" +msgstr "[ ?????? ]" msgid "[ultimate]" -msgstr "" +msgstr "[ ????????? ]" msgid "" "the signature could not be verified.\n" @@ -5848,16 +5838,16 @@ msgstr "???? ???????? ?????? ?????????? ?????? #, c-format msgid "certificate with invalid validity: %s" -msgstr "?????????? ? ???????????????? ?????????????????: %s" +msgstr "?????????? ? ???????????????? ??????????????: %s" msgid "certificate not yet valid" -msgstr "?????????? ??? ?? ????????????" +msgstr "?????????? ??? ?? ??????????" msgid "root certificate not yet valid" -msgstr "???????? ?????????? ??? ?? ????????????" +msgstr "???????? ?????????? ??? ?? ??????????" msgid "intermediate certificate not yet valid" -msgstr "????????????? ?????????? ??? ?? ????????????" +msgstr "????????????? ?????????? ??? ?? ??????????" msgid "certificate has expired" msgstr "?????????? ?????????" @@ -5873,7 +5863,7 @@ msgid "required certificate attributes missing: %s%s%s" msgstr "?????????? ?? ????? ????????? ?????????: %s%s%s" msgid "certificate with invalid validity" -msgstr "?????????? ? ???????????????? ?????????????????" +msgstr "?????????? ? ???????????????? ??????????????" msgid "signature not created during lifetime of certificate" msgstr "??????? ??????? ??? ??????? ???????? ???????????" @@ -5991,7 +5981,7 @@ msgid "" "S/N %s, ID 0x%08lX,\n" "created %s, expires %s.\n" msgstr "" -"??????? ?????-?????? ??? ??????? ? ????????? ????? ??????????? X.509:\n" +"??????? ?????-?????? ??? ??????? ? ?????????? ????? ??????????? X.509:\n" "\"%s\"\n" "S/N %s, ID 0x%08lX,\n" "?????? %s, ???????? %s.\n" @@ -6267,7 +6257,7 @@ msgid "never consult a CRL" msgstr "?? ??????? ?? ??????? ?????????? ????????????" msgid "check validity using OCSP" -msgstr "???????? ???????????????? ? ??????? OCSP" +msgstr "???????? ????????????? ? ??????? OCSP" msgid "|N|number of certificates to include" msgstr "|N|????? ?????????? ????????????" @@ -6303,7 +6293,7 @@ msgid "|FILE|add keyring to the list of keyrings" msgstr "|FILE|???????? ??????? ?????? ? ?????? ?????? ??????" msgid "|USER-ID|use USER-ID as default secret key" -msgstr "|USER-ID|???????????? USER-ID ??? ???????? ???????? ????" +msgstr "|USER-ID|???????????? USER-ID ??? ???????? ????????? ????" msgid "|SPEC|use this keyserver to lookup keys" msgstr "|SPEC|?????? ????? ?? ?????? ??????? ??????" @@ -6853,7 +6843,7 @@ msgstr "???? ???????? ??????? ?????? ????????? #, c-format msgid "error checking validity of CRL issuer certificate: %s\n" msgstr "" -"?????? ???????? ???????????????? ??????????? ???????? ?????? ?????????? " +"?????? ???????? ????????????? ??????????? ???????? ?????? ?????????? " "????????????: %s\n" #, c-format @@ -7065,7 +7055,7 @@ msgid "" msgstr "" "?????????: dirmngr-client [?????????] [????_???????????|??????]\n" "???????? ??????????? X.509 ?? ?????? ?????????? ???????????? ??? ?? OCSP\n" -"??????? ?????????? 0, ???? ?????????? ????????????, 1, ???? ??????????????,\n" +"??????? ?????????? 0, ???? ?????????? ??????????, 1, ???? ????????????,\n" "? ?????? ???? ?????? ??? ????? ???????\n" #, c-format @@ -7099,7 +7089,7 @@ msgid "validation of certificate failed: %s\n" msgstr "???? ??? ???????? ???????????: %s\n" msgid "certificate is valid\n" -msgstr "?????????? ????????????\n" +msgstr "?????????? ??????????\n" msgid "certificate has been revoked\n" msgstr "?????????? ??? ???????\n" @@ -7823,7 +7813,7 @@ msgid "do not allow the reuse of old passphrases" msgstr "?? ????????? ????????? ????????????? ?????? ????-???????" msgid "|NAME|use NAME as default secret key" -msgstr "|NAME|???????????? NAME ??? ???????? ???????? ????" +msgstr "|NAME|???????????? NAME ??? ???????? ????????? ????" msgid "|NAME|encrypt to user ID NAME as well" msgstr "|NAME|????????????? ????? ??? ID ???????????? NAME" @@ -7893,7 +7883,7 @@ msgid "GPG for S/MIME" msgstr "GPG ??? S/MIME" msgid "Key Acquirer" -msgstr "" +msgstr "????????? ??????" msgid "PIN and Passphrase Entry" msgstr "???? PIN ? ????-???????" @@ -7991,7 +7981,7 @@ msgid "program filename" msgstr "??? ????? ?????????" msgid "secret key file (required)" -msgstr "???? ????????? ????? (??????????)" +msgstr "???? ?????????? ????? (??????????)" msgid "input file name (default stdin)" msgstr "??? ???????? ????? (?? ????????? stdin)" ----------------------------------------------------------------------- Summary of changes: NEWS | 60 +++- agent/gpg-agent.c | 16 - build-aux/speedo/w32/inst.nsi | 3 + common/asshelp.c | 4 +- common/userids.c | 16 +- configure.ac | 59 +-- dirmngr/dirmngr.c | 20 +- dirmngr/dirmngr.h | 2 +- dirmngr/dns-stuff.c | 5 +- dirmngr/http.c | 76 ++-- dirmngr/http.h | 1 + dirmngr/server.c | 156 ++++++-- dirmngr/t-http.c | 5 + doc/Makefile.am | 2 + doc/dirmngr.texi | 5 + g10/delkey.c | 4 +- g10/dirmngr-conf.skel | 5 + g10/export.c | 2 + g10/getkey.c | 55 ++- g10/gpg.c | 232 ++++++++---- g10/import.c | 17 +- g10/keydb.c | 27 +- g10/keydb.h | 21 +- g10/keyedit.c | 10 +- g10/keygen.c | 22 +- g10/keylist.c | 2 +- g10/keyring.c | 8 +- g10/keyserver.c | 19 +- g10/mainproc.c | 5 +- g10/misc.c | 2 +- g10/pkclist.c | 17 +- g10/revoke.c | 20 +- g10/t-keydb-get-keyblock.c | 2 + g10/t-keydb.c | 4 + g10/tofu.c | 8 +- g10/trustdb.c | 5 +- po/ca.po | 225 +++++++++--- po/cs.po | 246 ++++++++++--- po/da.po | 257 ++++++++++--- po/de.po | 238 ++++++++++--- po/el.po | 226 +++++++++--- po/eo.po | 224 +++++++++--- po/es.po | 279 +++++++++++---- po/et.po | 225 +++++++++--- po/fi.po | 225 +++++++++--- po/fr.po | 253 ++++++++++--- po/gl.po | 225 +++++++++--- po/hu.po | 224 +++++++++--- po/id.po | 225 +++++++++--- po/it.po | 225 +++++++++--- po/ja.po | 248 +++++++++++-- po/nb.po | 224 +++++++++--- po/pl.po | 255 ++++++++++--- po/pt.po | 224 +++++++++--- po/ro.po | 234 +++++++++--- po/ru.po | 396 ++++++++++++++------- po/sk.po | 224 +++++++++--- po/sv.po | 257 ++++++++++--- po/tr.po | 253 ++++++++++--- po/uk.po | 347 ++++++++++++------ po/zh_CN.po | 235 +++++++++--- po/zh_TW.po | 240 +++++++++++-- scd/apdu.c | 7 +- scd/app-common.h | 5 - scd/app-openpgp.c | 56 ++- scd/app.c | 124 +++---- scd/scdaemon.c | 11 - tests/openpgp/Makefile.am | 12 +- .../00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc | 17 + .../1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc | 23 ++ .../A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc | 17 + .../ADE710D74409777B7729A7653373D820F67892E0.asc | 17 + .../CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc | 17 + .../E657FB607BB4F21C90BB6651BC067AF28BC90111.asc | 45 +++ tests/openpgp/samplekeys/README | 1 + tests/openpgp/use-exact-key.test | 55 +++ tests/openpgp/version.test | 7 +- 77 files changed, 6020 insertions(+), 1745 deletions(-) create mode 100644 tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc create mode 100644 tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc create mode 100644 tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc create mode 100644 tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc create mode 100644 tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc create mode 100644 tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc create mode 100755 tests/openpgp/use-exact-key.test hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 12:17:44 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 04 Dec 2015 12:17:44 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-237-g30af06e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 30af06ee94d670fbc9dc08865e763c3446636185 (commit) via df1e0d27fa0095438f7aa1f05b41b17da026bcea (commit) via 9fadfdb3109f7ea42aaaa9d745b64c6c90cb8233 (commit) via 650f43053d2090d4658096b85c1cc0d828f3f198 (commit) via 0c0ccf0928b449fb2ce4c8bab11ac2e4837ca72d (commit) from 762fcc027b0b4cc88c1f633804de619273d6a8b9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 30af06ee94d670fbc9dc08865e763c3446636185 Merge: 762fcc0 df1e0d2 Author: Werner Koch Date: Fri Dec 4 12:11:56 2015 +0100 Merge branch 'STABLE-BRANCH-2-2' into wk-master -- I forgot to merge the updated Japanese translation into the release branch thus we need to fix it up here. ----------------------------------------------------------------------- Summary of changes: NEWS | 10 ++-- configure.ac | 2 +- po/ru.po | 156 ++++++++++++++++++++++++++++------------------------------- po/uk.po | 143 +++++++++++++++++++++++------------------------------- 4 files changed, 142 insertions(+), 169 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 12:54:25 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 04 Dec 2015 12:54:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.10-9-g582e684 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 582e684a48eb4f3716cecf7dc73eb93046efcfad (commit) via 45c814f348c89acd8d21d0607ffcf68e5c5c399e (commit) via 0c0dafd8e89bb702e856c661c1561e10cdcaf37f (commit) via a81aca6e1c2a4529d416d1989f15d7338d2ee81e (commit) via d955cb5e0700c6d2b6b26cb210b5a176d22d4235 (commit) via 2ae07f826aa551db8adf714158fce962790a6b54 (commit) from 30af06ee94d670fbc9dc08865e763c3446636185 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 582e684a48eb4f3716cecf7dc73eb93046efcfad Author: Justus Winter Date: Tue Dec 1 12:01:12 2015 +0100 tools/gpgtar: Implement symmetric encryption. * tests/openpgp/gpgtar.test: Add test case. * tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to gpg. * tools/gpgtar.c (parse_arguments): We do handle the argument now. Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index f71a883..124ba40 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -24,6 +24,7 @@ TESTFILES="$plain_files $data_files" TESTDIR=gpgtar.d FILELIST="${TESTDIR}/filelist" +PPFILE="${TESTDIR}/passphrase" GPG=../../g10/gpg2 GPGARGS="$opt_always --no-permission-warning" @@ -46,6 +47,7 @@ do_test() rm -rf -- "${TESTDIR}" mkdir "${TESTDIR}" + echo frob >"$PPFILE" $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $CREATE_FLAGS \ --output "${TESTDIR}/test.tar.pgp" $TESTFILES @@ -69,6 +71,7 @@ do_test() } for TOOL in "$GPGTAR" "$GPGZIP" +#for TOOL in "$GPGZIP" do do_test "$TOOL" \ "--encrypt --recipient $usrname2" \ @@ -84,6 +87,11 @@ do "--sign --local-user $usrname3" \ "--list-archive" \ "--decrypt" + + do_test "$TOOL" \ + "--gpg-args --passphrase-file=$PPFILE --symmetric" \ + "--gpg-args --passphrase-file=$PPFILE --list-archive" \ + "--gpg-args --passphrase-file=$PPFILE --decrypt" done # Success! diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index d5e3bec..d8d1d54 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -896,9 +896,16 @@ gpgtar_create (char **inpattern, int encrypt, int sign) if (err) goto leave; + /* '--encrypt' may be combined with '--symmetric', but 'encrypt' + is set either way. Clear it if no recipients are specified. + XXX: Fix command handling. */ + if (opt.symmetric && opt.recipients == NULL) + encrypt = 0; + argv = xtrycalloc (strlist_length (opt.gpg_arguments) + 2 * strlist_length (opt.recipients) - + 1 + !!encrypt + !!sign + 2 * !!opt.user, + + 1 + !!encrypt + !!sign + 2 * !!opt.user + + !!opt.symmetric, sizeof *argv); if (argv == NULL) { @@ -915,6 +922,8 @@ gpgtar_create (char **inpattern, int encrypt, int sign) argv[i++] = "--local-user"; argv[i++] = opt.user; } + if (opt.symmetric) + argv[i++] = "--symmetric"; for (arg = opt.recipients; arg; arg = arg->next) { argv[i++] = "--recipient"; @@ -925,7 +934,8 @@ gpgtar_create (char **inpattern, int encrypt, int sign) argv[i++] = NULL; assert (i == strlist_length (opt.gpg_arguments) + 2 * strlist_length (opt.recipients) - + 1 + !!encrypt + !!sign + 2 * !!opt.user); + + 1 + !!encrypt + !!sign + 2 * !!opt.user + + !!opt.symmetric); err = sh_exec_tool_stream (opt.gpg_program, argv, outstream, cipher_stream); diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 8001654..46d06bd 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -322,7 +322,6 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) break; case oSymmetric: - log_info ("note: ignoring option --symmetric\n"); set_cmd (&cmd, aEncrypt); opt.symmetric = 1; break; commit 45c814f348c89acd8d21d0607ffcf68e5c5c399e Author: Justus Winter Date: Mon Nov 30 18:39:00 2015 +0100 tools/gpgtar: Implement signing. * tests/openpgp/gpgtar.test: Test signing. * tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the appropriate gpg arguments to implement signing and selecting the local user. * tools/gpgtar.c (parse_options): We do handle '--local-user' now. (main): Handle signing, encrypting, and doing both when creating an archive. * tools/gpgtar.h (gpgtar_create): Update prototype. Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index acfaf3f..f71a883 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -25,35 +25,65 @@ TESTFILES="$plain_files $data_files" TESTDIR=gpgtar.d FILELIST="${TESTDIR}/filelist" GPG=../../g10/gpg2 -GPGARGS="--trust-model=always" +GPGARGS="$opt_always --no-permission-warning" GPGTAR="../../tools/gpgtar" GPGZIP="sh ../../tools/gpg-zip" -for TOOL in "$GPGTAR" "$GPGZIP" -do +# Create, inspect, and extract an archive with the given options. +# +# $1 the tool to test +# $2 options used to create the archive +# $3 options used to inspect the archive +# $4 options used to extract the archive +do_test() +{ + ( + TOOL="$1" + CREATE_FLAGS="$2" + INSPECT_FLAGS="$3" + EXTRACT_FLAGS="$4" + rm -rf -- "${TESTDIR}" mkdir "${TESTDIR}" - $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ - --encrypt --recipient "$usrname2" \ + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $CREATE_FLAGS \ --output "${TESTDIR}/test.tar.pgp" $TESTFILES - $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ - --list-archive "${TESTDIR}/test.tar.pgp" \ + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $INSPECT_FLAGS \ + "${TESTDIR}/test.tar.pgp" \ >"$FILELIST" for F in $TESTFILES do grep -qe "\\b${F}\\b" "$FILELIST" done - $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" $EXTRACT_FLAGS \ --tar-args --directory="${TESTDIR}" \ - --decrypt "${TESTDIR}/test.tar.pgp" + "${TESTDIR}/test.tar.pgp" for F in $TESTFILES do diff -q "$F" "${TESTDIR}/$F" done + ) +} + +for TOOL in "$GPGTAR" "$GPGZIP" +do + do_test "$TOOL" \ + "--encrypt --recipient $usrname2" \ + "--list-archive" \ + "--decrypt" + + do_test "$TOOL" \ + "--encrypt --recipient $usrname2 --sign --local-user $usrname3" \ + "--list-archive" \ + "--decrypt" + + do_test "$TOOL" \ + "--sign --local-user $usrname3" \ + "--list-archive" \ + "--decrypt" done # Success! diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 8975fc6..d5e3bec 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -741,7 +741,7 @@ write_eof_mark (estream_t stream) INPATTERN is NULL take the pattern as null terminated strings from stdin. */ gpg_error_t -gpgtar_create (char **inpattern, int encrypt) +gpgtar_create (char **inpattern, int encrypt, int sign) { gpg_error_t err = 0; struct scanctrl_s scanctrl_buffer; @@ -865,7 +865,7 @@ gpgtar_create (char **inpattern, int encrypt) if (outstream == es_stdout) es_set_binary (es_stdout); - if (encrypt) + if (encrypt || sign) { cipher_stream = outstream; outstream = es_fopenmem (0, "rwb"); @@ -886,7 +886,7 @@ gpgtar_create (char **inpattern, int encrypt) if (err) goto leave; - if (encrypt) + if (encrypt || sign) { int i; strlist_t arg; @@ -898,7 +898,7 @@ gpgtar_create (char **inpattern, int encrypt) argv = xtrycalloc (strlist_length (opt.gpg_arguments) + 2 * strlist_length (opt.recipients) - + 2, + + 1 + !!encrypt + !!sign + 2 * !!opt.user, sizeof *argv); if (argv == NULL) { @@ -906,7 +906,15 @@ gpgtar_create (char **inpattern, int encrypt) goto leave; } i = 0; - argv[i++] = "--encrypt"; + if (encrypt) + argv[i++] = "--encrypt"; + if (sign) + argv[i++] = "--sign"; + if (opt.user) + { + argv[i++] = "--local-user"; + argv[i++] = opt.user; + } for (arg = opt.recipients; arg; arg = arg->next) { argv[i++] = "--recipient"; @@ -917,7 +925,7 @@ gpgtar_create (char **inpattern, int encrypt) argv[i++] = NULL; assert (i == strlist_length (opt.gpg_arguments) + 2 * strlist_length (opt.recipients) - + 2); + + 1 + !!encrypt + !!sign + 2 * !!opt.user); err = sh_exec_tool_stream (opt.gpg_program, argv, outstream, cipher_stream); diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 100fb16..8001654 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -318,7 +318,6 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) break; case oUser: - log_info ("note: ignoring option --user\n"); opt.user = pargs->r.ret_str; break; @@ -452,12 +451,17 @@ main (int argc, char **argv) break; case aEncrypt: + case aSign: + case aSignEncrypt: if ((!argc && !null_names) || (argc && null_names)) usage (1); if (opt.filename) log_info ("note: ignoring option --set-filename\n"); - err = gpgtar_create (null_names? NULL :argv, !skip_crypto); + err = gpgtar_create (null_names? NULL :argv, + !skip_crypto + && (cmd == aEncrypt || cmd == aSignEncrypt), + cmd == aSign || cmd == aSignEncrypt); if (err && log_get_errorcount (0) == 0) log_error ("creating archive failed: %s\n", gpg_strerror (err)); break; diff --git a/tools/gpgtar.h b/tools/gpgtar.h index eadbcac..3f21ea1 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -119,7 +119,7 @@ gpg_error_t read_record (estream_t stream, void *record); gpg_error_t write_record (estream_t stream, const void *record); /*-- gpgtar-create.c --*/ -gpg_error_t gpgtar_create (char **inpattern, int encrypt); +gpg_error_t gpgtar_create (char **inpattern, int encrypt, int sign); /*-- gpgtar-extract.c --*/ gpg_error_t gpgtar_extract (const char *filename, int decrypt); commit 0c0dafd8e89bb702e856c661c1561e10cdcaf37f Author: Justus Winter Date: Mon Nov 30 16:21:22 2015 +0100 tools/gpgtar: Use the new exectool helper. * tools/Makefile.am: gpgtar now requires neither npth nor libassuan. * tools/gpgtar-create.c (gpgtar_create): Use the new 'sh-exectool' helper. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. * tools/gpgtar.c (main): Set default gpg program. Drop the initialization of npth and libassuan. Signed-off-by: Justus Winter diff --git a/tools/Makefile.am b/tools/Makefile.am index a793cca..a268811 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -142,9 +142,8 @@ gpgtar_SOURCES = \ gpgtar-extract.c \ gpgtar-list.c \ no-libgcrypt.c -gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS) $(LIBASSUAN_CFLAGS) -gpgtar_LDADD = $(libcommonpth) $(GPG_ERROR_LIBS) \ - $(NPTH_LIBS) $(LIBASSUAN_LIBS) \ +gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) +gpgtar_LDADD = $(libcommon) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index cc82889..8975fc6 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -36,7 +36,7 @@ #include #include "i18n.h" -#include "../common/call-gpg.h" +#include "../common/sh-exectool.h" #include "../common/sysutils.h" #include "gpgtar.h" @@ -888,16 +888,40 @@ gpgtar_create (char **inpattern, int encrypt) if (encrypt) { + int i; + strlist_t arg; + const char **argv; + err = es_fseek (outstream, 0, SEEK_SET); if (err) goto leave; - err = gpg_encrypt_stream (NULL, - opt.gpg_program, - opt.gpg_arguments, - outstream, - opt.recipients, - cipher_stream); + argv = xtrycalloc (strlist_length (opt.gpg_arguments) + + 2 * strlist_length (opt.recipients) + + 2, + sizeof *argv); + if (argv == NULL) + { + err = gpg_error_from_syserror (); + goto leave; + } + i = 0; + argv[i++] = "--encrypt"; + for (arg = opt.recipients; arg; arg = arg->next) + { + argv[i++] = "--recipient"; + argv[i++] = arg->d; + } + for (arg = opt.gpg_arguments; arg; arg = arg->next) + argv[i++] = arg->d; + argv[i++] = NULL; + assert (i == strlist_length (opt.gpg_arguments) + + 2 * strlist_length (opt.recipients) + + 2); + + err = sh_exec_tool_stream (opt.gpg_program, argv, + outstream, cipher_stream); + xfree (argv); if (err) goto leave; } diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 728737d..cb8074c 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -28,7 +28,7 @@ #include #include "i18n.h" -#include "../common/call-gpg.h" +#include "../common/sh-exectool.h" #include "../common/sysutils.h" #include "gpgtar.h" @@ -299,6 +299,10 @@ gpgtar_extract (const char *filename, int decrypt) if (decrypt) { + int i; + strlist_t arg; + const char **argv; + cipher_stream = stream; stream = es_fopenmem (0, "rwb"); if (! stream) @@ -306,8 +310,24 @@ gpgtar_extract (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, opt.gpg_arguments, - cipher_stream, stream); + + argv = xtrycalloc (strlist_length (opt.gpg_arguments) + 2, + sizeof *argv); + if (argv == NULL) + { + err = gpg_error_from_syserror (); + goto leave; + } + i = 0; + argv[i++] = "--decrypt"; + for (arg = opt.gpg_arguments; arg; arg = arg->next) + argv[i++] = arg->d; + argv[i++] = NULL; + assert (i == strlist_length (opt.gpg_arguments) + 2); + + err = sh_exec_tool_stream (opt.gpg_program, argv, + cipher_stream, stream); + xfree (argv); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index cb2ca5d..7bf4d49 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -26,7 +26,7 @@ #include "i18n.h" #include "gpgtar.h" -#include "../common/call-gpg.h" +#include "../common/sh-exectool.h" @@ -299,6 +299,10 @@ gpgtar_list (const char *filename, int decrypt) if (decrypt) { + int i; + strlist_t arg; + const char **argv; + cipher_stream = stream; stream = es_fopenmem (0, "rwb"); if (! stream) @@ -306,8 +310,24 @@ gpgtar_list (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, opt.gpg_arguments, - cipher_stream, stream); + + argv = xtrycalloc (strlist_length (opt.gpg_arguments) + 2, + sizeof *argv); + if (argv == NULL) + { + err = gpg_error_from_syserror (); + goto leave; + } + i = 0; + argv[i++] = "--decrypt"; + for (arg = opt.gpg_arguments; arg; arg = arg->next) + argv[i++] = arg->d; + argv[i++] = NULL; + assert (i == strlist_length (opt.gpg_arguments) + 2); + + err = sh_exec_tool_stream (opt.gpg_program, argv, + cipher_stream, stream); + xfree (argv); if (err) goto leave; diff --git a/tools/gpgtar.c b/tools/gpgtar.c index a09d2f0..100fb16 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -27,7 +27,6 @@ gpg. So here we go. */ #include -#include #include #include #include @@ -39,7 +38,6 @@ #include "util.h" #include "i18n.h" #include "sysutils.h" -#include "../common/asshelp.h" #include "../common/openpgpdefs.h" #include "../common/init.h" #include "../common/strlist.h" @@ -282,11 +280,6 @@ shell_parse_argv (const char *s, int *r_argc, char ***r_argv) return 0; } -/* Define Assuan hooks for NPTH. */ - -ASSUAN_SYSTEM_NPTH_IMPL; - - /* Global flags. */ enum cmd_and_opt_values cmd = 0; int skip_crypto = 0; @@ -412,11 +405,6 @@ main (int argc, char **argv) /* Make sure that our subsystems are ready. */ i18n_init(); init_common_subsystems (&argc, &argv); - npth_init (); - assuan_set_assuan_log_prefix (log_get_prefix (NULL)); - assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); - assuan_sock_init (); /* Parse the command line. */ pargs.argc = &argc; @@ -442,9 +430,11 @@ main (int argc, char **argv) log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]); } + if (! opt.gpg_program) + opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG); + if (opt.verbose > 1) opt.debug_level = 1024; - setup_libassuan_logging (&opt.debug_level); switch (cmd) { commit a81aca6e1c2a4529d416d1989f15d7338d2ee81e Author: Justus Winter Date: Mon Nov 30 14:23:02 2015 +0100 common: Add a stream interface to 'sh-exectool'. * common/sh-exectool.c (struct copy_buffer): Add infrastructure for copying between streams. (copy_buffer_{init,shred,do_copy,flush}): New functions. (sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams. (nop_free): New function. (sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'. * common/sh-exectool.h (sh_exec_tool_stream): New prototype. Signed-off-by: Justus Winter diff --git a/common/sh-exectool.c b/common/sh-exectool.c index 504900b..4382536 100644 --- a/common/sh-exectool.c +++ b/common/sh-exectool.c @@ -24,13 +24,16 @@ #include #include #include +#include #include #include "i18n.h" #include "logging.h" #include "membuf.h" +#include "mischelp.h" #include "exechelp.h" #include "sysutils.h" +#include "util.h" typedef struct { @@ -113,56 +116,109 @@ read_and_log_stderr (read_and_log_buffer_t *state, es_poll_t *fderr) } } + +/* A buffer to copy from one stream to another. */ +struct copy_buffer +{ + char buffer[4096]; + char *writep; + size_t nread; +}; + + +/* Initialize a copy buffer. */ +static void +copy_buffer_init (struct copy_buffer *c) +{ + c->writep = c->buffer; + c->nread = 0; +} + + +/* Securely wipe a copy buffer. */ +static void +copy_buffer_shred (struct copy_buffer *c) +{ + wipememory (c->buffer, sizeof c->buffer); + c->writep = NULL; + c->nread = ~0U; +} + + +/* Copy data from SOURCE to SINK using copy buffer C. */ static gpg_error_t -read_stdout (membuf_t *mb, es_poll_t *fdout, const char *pgmname) +copy_buffer_do_copy (struct copy_buffer *c, estream_t source, estream_t sink) { - gpg_error_t err = 0; - int c; + gpg_error_t err; + size_t nwritten; - for (;;) + if (c->nread == 0) { - c = es_fgetc (fdout->stream); - if (c == EOF) + c->writep = c->buffer; + err = es_read (source, c->buffer, sizeof c->buffer, &c->nread); + if (err) { - if (es_feof (fdout->stream)) - { - fdout->ignore = 1; /* Ready. */ - } - else if (es_ferror (fdout->stream)) - { - err = gpg_error_from_syserror (); - log_error ("error reading stdout of '%s': %s\n", - pgmname, gpg_strerror (err)); - fdout->ignore = 1; /* Disable. */ - } + if (errno == EAGAIN) + return 0; /* We will just retry next time. */ - break; - } - else - { - char buf[1]; - *buf = c; - put_membuf (mb, buf, 1); + return gpg_error_from_syserror (); } + + assert (c->nread <= sizeof c->buffer); + } + + if (c->nread == 0) + return 0; /* Done copying. */ + + err = es_write (sink, c->writep, c->nread, &nwritten); + if (err) + { + if (errno == EAGAIN) + return 0; /* We will just retry next time. */ + + return gpg_error_from_syserror (); } + assert (nwritten <= c->nread); + c->writep += nwritten; + c->nread -= nwritten; + assert (c->writep - c->buffer <= sizeof c->buffer); + + if (es_fflush (sink) && errno != EAGAIN) + err = gpg_error_from_syserror (); + return err; } +/* Flush the remaining data to SINK. */ +static gpg_error_t +copy_buffer_flush (struct copy_buffer *c, estream_t sink) +{ + gpg_error_t err; + + while (c->nread > 0) + { + err = copy_buffer_do_copy (c, NULL, sink); + if (err) + return err; + } + + return 0; +} + + + /* Run the program PGMNAME with the command line arguments given in - the NULL terminates array ARGV. If INPUT_STRING is not NULL it - will be fed to stdin of the process. stderr is logged using - log_info and the process' stdout is returned in a newly malloced - buffer RESULT with the length stored at RESULTLEN if not given as - NULL. A hidden Nul is appended to the output. On error NULL is - stored at RESULT, a diagnostic is printed, and an error code - returned. */ + the NULL terminates array ARGV. If INPUT is not NULL it will be + fed to stdin of the process. stderr is logged using log_info and + the process' stdout is written to OUTPUT. On error a diagnostic is + printed, and an error code returned. */ gpg_error_t -sh_exec_tool (const char *pgmname, const char *argv[], - const char *input_string, - char **result, size_t *resultlen) +sh_exec_tool_stream (const char *pgmname, const char *argv[], + estream_t input, + estream_t output) { gpg_error_t err; pid_t pid; @@ -171,19 +227,16 @@ sh_exec_tool (const char *pgmname, const char *argv[], es_poll_t fds[3]; int count; read_and_log_buffer_t fderrstate; - membuf_t fdout_mb; - size_t len, nwritten; + struct copy_buffer cpbuf[2]; - *result = NULL; - if (resultlen) - *resultlen = 0; memset (fds, 0, sizeof fds); memset (&fderrstate, 0, sizeof fderrstate); - init_membuf (&fdout_mb, 4096); + copy_buffer_init (&cpbuf[0]); + copy_buffer_init (&cpbuf[1]); err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, GNUPG_SPAWN_NONBLOCK, - input_string? &infp : NULL, + input? &infp : NULL, &outfp, &errfp, &pid); if (err) { @@ -195,7 +248,7 @@ sh_exec_tool (const char *pgmname, const char *argv[], fds[0].stream = infp; fds[0].want_write = 1; - if (!input_string) + if (!input) fds[0].ignore = 1; fds[1].stream = outfp; fds[1].want_read = 1; @@ -221,53 +274,50 @@ sh_exec_tool (const char *pgmname, const char *argv[], if (fds[0].got_write) { - len = strlen (input_string); - log_debug ("writing '%s'\n", input_string); - if (es_write (fds[0].stream, input_string, len, &nwritten)) - { - if (errno != EAGAIN) - { - err = gpg_error_from_syserror (); - log_error ("error writing '%s': %s\n", - pgmname, gpg_strerror (err)); - goto leave; - } - else - log_debug (" .. EAGAIN\n"); - } - else + err = copy_buffer_do_copy (&cpbuf[0], input, fds[0].stream); + if (err) { - assert (nwritten <= len); - input_string += nwritten; - } + log_error ("error feeding data to '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; + } - if (es_fflush (fds[0].stream) && errno != EAGAIN) + if (es_feof (input)) { - err = gpg_error_from_syserror (); - log_error ("error writing '%s' (flush): %s\n", - pgmname, gpg_strerror (err)); - if (gpg_err_code (err) == GPG_ERR_EPIPE && !*input_string) + err = copy_buffer_flush (&cpbuf[0], fds[0].stream); + if (err) { - /* fixme: How can we tell whether estream has - pending bytes after a HUP - which is an - error? */ + log_error ("error feeding data to '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; } - else - goto leave; - } - if (!*input_string) - { + fds[0].ignore = 1; /* ready. */ es_fclose (infp); infp = NULL; } } if (fds[1].got_read) - read_stdout (&fdout_mb, fds + 1, pgmname); /* FIXME: Add error - handling. */ + { + err = copy_buffer_do_copy (&cpbuf[1], fds[1].stream, output); + if (err) + { + log_error ("error reading data from '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; + } + } + if (fds[2].got_read) read_and_log_stderr (&fderrstate, fds + 2); + } + err = copy_buffer_flush (&cpbuf[1], output); + if (err) + { + log_error ("error reading data from '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; } read_and_log_stderr (&fderrstate, NULL); /* Flush. */ @@ -280,17 +330,7 @@ sh_exec_tool (const char *pgmname, const char *argv[], leave: if (err) - { - gnupg_kill_process (pid); - xfree (get_membuf (&fdout_mb, NULL)); - } - else - { - put_membuf (&fdout_mb, "", 1); /* Make sure it is a string. */ - *result = get_membuf (&fdout_mb, resultlen); - if (!*result) - err = gpg_error_from_syserror (); - } + gnupg_kill_process (pid); es_fclose (infp); es_fclose (outfp); @@ -299,5 +339,85 @@ sh_exec_tool (const char *pgmname, const char *argv[], gnupg_wait_process (pgmname, pid, 1, NULL); gnupg_release_process (pid); + copy_buffer_shred (&cpbuf[0]); + copy_buffer_shred (&cpbuf[1]); + return err; +} + + +/* A dummy free function to pass to 'es_mopen'. */ +static void +nop_free (void *ptr) +{ + (void) ptr; +} + +/* Run the program PGMNAME with the command line arguments given in + the NULL terminates array ARGV. If INPUT_STRING is not NULL it + will be fed to stdin of the process. stderr is logged using + log_info and the process' stdout is returned in a newly malloced + buffer RESULT with the length stored at RESULTLEN if not given as + NULL. A hidden Nul is appended to the output. On error NULL is + stored at RESULT, a diagnostic is printed, and an error code + returned. */ +gpg_error_t +sh_exec_tool (const char *pgmname, const char *argv[], + const char *input_string, + char **result, size_t *resultlen) +{ + gpg_error_t err; + estream_t input = NULL; + estream_t output; + size_t len; + size_t nread; + + *result = NULL; + if (resultlen) + *resultlen = 0; + + if (input_string) + { + len = strlen (input_string); + input = es_mopen ((char *) input_string, len, len, + 0 /* don't grow */, NULL, nop_free, "rb"); + if (! input) + return gpg_error_from_syserror (); + } + + output = es_fopenmem (0, "wb"); + if (! output) + { + err = gpg_error_from_syserror (); + goto leave; + } + + err = sh_exec_tool_stream (pgmname, argv, input, output); + if (err) + goto leave; + + len = es_ftello (output); + err = es_fseek (output, 0, SEEK_SET); + if (err) + goto leave; + + *result = xtrymalloc (len); + if (*result == NULL) + { + err = gpg_error_from_syserror (); + goto leave; + } + + err = es_read (output, *result, len, &nread); + if (! err) + { + assert (nread == len || !"short read on memstream"); + if (resultlen) + *resultlen = len; + } + + leave: + if (input) + es_fclose (input); + es_fclose (output); return err; } diff --git a/common/sh-exectool.h b/common/sh-exectool.h index bbdbb03..6f511c2 100644 --- a/common/sh-exectool.h +++ b/common/sh-exectool.h @@ -20,6 +20,8 @@ #ifndef GNUPG_COMMON_SH_EXECTOOL_H #define GNUPG_COMMON_SH_EXECTOOL_H +#include + /* Run the program PGMNAME with the command line arguments given in the NULL terminates array ARGV. If INPUT_STRING is not NULL it will be fed to stdin of the process. stderr is logged using @@ -32,4 +34,13 @@ gpg_error_t sh_exec_tool (const char *pgmname, const char *argv[], const char *input_string, char **result, size_t *resultlen); +/* Run the program PGMNAME with the command line arguments given in + the NULL terminates array ARGV. If INPUT is not NULL it will be + fed to stdin of the process. stderr is logged using log_info and + the process' stdout is written to OUTPUT. On error a diagnostic is + printed, and an error code returned. */ +gpg_error_t sh_exec_tool_stream (const char *pgmname, const char *argv[], + estream_t input, + estream_t output); + #endif /* GNUPG_COMMON_SH_EXECTOOL_H */ commit d955cb5e0700c6d2b6b26cb210b5a176d22d4235 Author: Justus Winter Date: Mon Nov 30 13:00:11 2015 +0100 common: Add header file and build the new code. * common/Makefile.am (common_sources): Add new files. * common/sh-exectool.h: New file. Signed-off-by: Justus Winter diff --git a/common/Makefile.am b/common/Makefile.am index c02c60e..1db4ec9 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -87,7 +87,8 @@ common_sources = \ helpfile.c \ mkdir_p.c mkdir_p.h \ strlist.c strlist.h \ - call-gpg.c call-gpg.h + call-gpg.c call-gpg.h \ + sh-exectool.c sh-exectool.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h diff --git a/common/sh-exectool.c b/common/sh-exectool.c index ab18095..504900b 100644 --- a/common/sh-exectool.c +++ b/common/sh-exectool.c @@ -25,9 +25,9 @@ #include #include -#include "g13-syshelp.h" #include #include "i18n.h" +#include "logging.h" #include "membuf.h" #include "exechelp.h" #include "sysutils.h" diff --git a/common/sh-exectool.h b/common/sh-exectool.h new file mode 100644 index 0000000..bbdbb03 --- /dev/null +++ b/common/sh-exectool.h @@ -0,0 +1,35 @@ +/* sh-exectool.h - Utility functions to execute a helper tool + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_SH_EXECTOOL_H +#define GNUPG_COMMON_SH_EXECTOOL_H + +/* Run the program PGMNAME with the command line arguments given in + the NULL terminates array ARGV. If INPUT_STRING is not NULL it + will be fed to stdin of the process. stderr is logged using + log_info and the process' stdout is returned in a newly malloced + buffer RESULT with the length stored at RESULTLEN if not given as + NULL. A hidden Nul is appended to the output. On error NULL is + stored at RESULT, a diagnostic is printed, and an error code + returned. */ +gpg_error_t sh_exec_tool (const char *pgmname, const char *argv[], + const char *input_string, + char **result, size_t *resultlen); + +#endif /* GNUPG_COMMON_SH_EXECTOOL_H */ commit 2ae07f826aa551db8adf714158fce962790a6b54 Author: Werner Koch Date: Mon Nov 30 12:53:57 2015 +0100 common: Add code to execute a helper. * common/sh-exectool.c: New file. Signed-off-by: Justus Winter diff --git a/common/sh-exectool.c b/common/sh-exectool.c new file mode 100644 index 0000000..ab18095 --- /dev/null +++ b/common/sh-exectool.c @@ -0,0 +1,303 @@ +/* sh-exectool.c - Utility functions to execute a helper tool + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "g13-syshelp.h" +#include +#include "i18n.h" +#include "membuf.h" +#include "exechelp.h" +#include "sysutils.h" + +typedef struct +{ + const char *pgmname; + int cont; + int used; + char buffer[256]; +} read_and_log_buffer_t; + + +static void +read_and_log_stderr (read_and_log_buffer_t *state, es_poll_t *fderr) +{ + gpg_error_t err; + int c; + + if (!fderr) + { + /* Flush internal buffer. */ + if (state->used) + { + const char *pname; + int len; + + state->buffer[state->used] = 0; + state->used = 0; + + pname = strrchr (state->pgmname, '/'); + if (pname && pname != state->pgmname && pname[1]) + pname++; + else + pname = state->pgmname; + /* If our pgmname plus colon is identical to the start of + the output, print only the output. */ + len = strlen (pname); + if (!state->cont + && !strncmp (state->buffer, pname, len) + && strlen (state->buffer) > strlen (pname) + && state->buffer[len] == ':' ) + log_info ("%s\n", state->buffer); + else + log_info ("%s%c %s\n", + pname, state->cont? '+':':', state->buffer); + } + state->cont = 0; + return; + } + for (;;) + { + c = es_fgetc (fderr->stream); + if (c == EOF) + { + if (es_feof (fderr->stream)) + { + fderr->ignore = 1; /* Not anymore needed. */ + } + else if (es_ferror (fderr->stream)) + { + err = gpg_error_from_syserror (); + log_error ("error reading stderr of '%s': %s\n", + state->pgmname, gpg_strerror (err)); + fderr->ignore = 1; /* Disable. */ + } + + break; + } + else if (c == '\n') + { + read_and_log_stderr (state, NULL); + } + else + { + if (state->used >= sizeof state->buffer - 1) + { + read_and_log_stderr (state, NULL); + state->cont = 1; + } + state->buffer[state->used++] = c; + } + } +} + + +static gpg_error_t +read_stdout (membuf_t *mb, es_poll_t *fdout, const char *pgmname) +{ + gpg_error_t err = 0; + int c; + + for (;;) + { + c = es_fgetc (fdout->stream); + if (c == EOF) + { + if (es_feof (fdout->stream)) + { + fdout->ignore = 1; /* Ready. */ + } + else if (es_ferror (fdout->stream)) + { + err = gpg_error_from_syserror (); + log_error ("error reading stdout of '%s': %s\n", + pgmname, gpg_strerror (err)); + fdout->ignore = 1; /* Disable. */ + } + + break; + } + else + { + char buf[1]; + *buf = c; + put_membuf (mb, buf, 1); + } + } + + return err; +} + + +/* Run the program PGMNAME with the command line arguments given in + the NULL terminates array ARGV. If INPUT_STRING is not NULL it + will be fed to stdin of the process. stderr is logged using + log_info and the process' stdout is returned in a newly malloced + buffer RESULT with the length stored at RESULTLEN if not given as + NULL. A hidden Nul is appended to the output. On error NULL is + stored at RESULT, a diagnostic is printed, and an error code + returned. */ +gpg_error_t +sh_exec_tool (const char *pgmname, const char *argv[], + const char *input_string, + char **result, size_t *resultlen) +{ + gpg_error_t err; + pid_t pid; + estream_t infp = NULL; + estream_t outfp, errfp; + es_poll_t fds[3]; + int count; + read_and_log_buffer_t fderrstate; + membuf_t fdout_mb; + size_t len, nwritten; + + *result = NULL; + if (resultlen) + *resultlen = 0; + memset (fds, 0, sizeof fds); + memset (&fderrstate, 0, sizeof fderrstate); + init_membuf (&fdout_mb, 4096); + + err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, + NULL, GNUPG_SPAWN_NONBLOCK, + input_string? &infp : NULL, + &outfp, &errfp, &pid); + if (err) + { + log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err)); + return err; + } + + fderrstate.pgmname = pgmname; + + fds[0].stream = infp; + fds[0].want_write = 1; + if (!input_string) + fds[0].ignore = 1; + fds[1].stream = outfp; + fds[1].want_read = 1; + fds[2].stream = errfp; + fds[2].want_read = 1; + /* Now read as long as we have something to poll. We continue + reading even after EOF or error on stdout so that we get the + other error messages or remaining outout. */ + while (!fds[1].ignore && !fds[2].ignore) + { + count = es_poll (fds, DIM(fds), -1); + if (count == -1) + { + err = gpg_error_from_syserror (); + log_error ("error polling '%s': %s\n", pgmname, gpg_strerror (err)); + goto leave; + } + if (!count) + { + log_debug ("unexpected timeout while polling '%s'\n", pgmname); + break; + } + + if (fds[0].got_write) + { + len = strlen (input_string); + log_debug ("writing '%s'\n", input_string); + if (es_write (fds[0].stream, input_string, len, &nwritten)) + { + if (errno != EAGAIN) + { + err = gpg_error_from_syserror (); + log_error ("error writing '%s': %s\n", + pgmname, gpg_strerror (err)); + goto leave; + } + else + log_debug (" .. EAGAIN\n"); + } + else + { + assert (nwritten <= len); + input_string += nwritten; + } + + if (es_fflush (fds[0].stream) && errno != EAGAIN) + { + err = gpg_error_from_syserror (); + log_error ("error writing '%s' (flush): %s\n", + pgmname, gpg_strerror (err)); + if (gpg_err_code (err) == GPG_ERR_EPIPE && !*input_string) + { + /* fixme: How can we tell whether estream has + pending bytes after a HUP - which is an + error? */ + } + else + goto leave; + } + if (!*input_string) + { + fds[0].ignore = 1; /* ready. */ + es_fclose (infp); infp = NULL; + } + } + + if (fds[1].got_read) + read_stdout (&fdout_mb, fds + 1, pgmname); /* FIXME: Add error + handling. */ + if (fds[2].got_read) + read_and_log_stderr (&fderrstate, fds + 2); + + } + + read_and_log_stderr (&fderrstate, NULL); /* Flush. */ + es_fclose (infp); infp = NULL; + es_fclose (outfp); outfp = NULL; + es_fclose (errfp); errfp = NULL; + + err = gnupg_wait_process (pgmname, pid, 1, NULL); + pid = (pid_t)(-1); + + leave: + if (err) + { + gnupg_kill_process (pid); + xfree (get_membuf (&fdout_mb, NULL)); + } + else + { + put_membuf (&fdout_mb, "", 1); /* Make sure it is a string. */ + *result = get_membuf (&fdout_mb, resultlen); + if (!*result) + err = gpg_error_from_syserror (); + } + + es_fclose (infp); + es_fclose (outfp); + es_fclose (errfp); + if (pid != (pid_t)(-1)) + gnupg_wait_process (pgmname, pid, 1, NULL); + gnupg_release_process (pid); + + return err; +} ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 3 +- common/sh-exectool.c | 423 ++++++++++++++++++++++++++++++++++++++++++++++ common/sh-exectool.h | 46 +++++ tests/openpgp/gpgtar.test | 56 +++++- tools/Makefile.am | 5 +- tools/gpgtar-create.c | 62 +++++-- tools/gpgtar-extract.c | 26 ++- tools/gpgtar-list.c | 26 ++- tools/gpgtar.c | 25 +-- tools/gpgtar.h | 2 +- 10 files changed, 628 insertions(+), 46 deletions(-) create mode 100644 common/sh-exectool.c create mode 100644 common/sh-exectool.h hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 12:59:48 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 04 Dec 2015 12:59:48 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.10-10-ga8308ba Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a8308ba5231682ce7c7d591a17e7e940fbd63189 (commit) from 582e684a48eb4f3716cecf7dc73eb93046efcfad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8308ba5231682ce7c7d591a17e7e940fbd63189 Author: Justus Winter Date: Fri Dec 4 12:08:37 2015 +0100 dirmngr: Handle http status '501 Not Implemented'. * dirmngr/ks-engine-hkp.c (send_request): Handle status 501 and return GPG_ERR_NOT_IMPLEMENTED. Signed-off-by: Justus Winter GnuPG-bug-id: 1221 diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index e458899..0f2021c 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -1083,6 +1083,10 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, } goto leave; + case 501: + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + goto leave; + default: log_error (_("error accessing '%s': http status %u\n"), request, http_get_status_code (http)); ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 13:06:56 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Fri, 04 Dec 2015 13:06:56 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.10-12-g6d64ef8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6d64ef869dfbcb7aaa802b80ed648393147e40d8 (commit) via 6ac57a482f7ae02db1bee4e4b861288fc6905adc (commit) from a8308ba5231682ce7c7d591a17e7e940fbd63189 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6d64ef869dfbcb7aaa802b80ed648393147e40d8 Author: Justus Winter Date: Fri Dec 4 12:32:20 2015 +0100 dirmngr: Stricter handling of http error codes. * dirmngr/ks-action.c (ks_action_search): Only retry if the keyserver responded with a '404 Not Found'. * dirmngr/ks-engine-hkp.c (send_request): Return http status code. (ks_hkp_search): Likewise. (ks_hkp_{get,put}): Adapt call to 'send_request'. * dirmngr/ks-engine.h (ks_hkp_search): Update prototype. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index 285167a..1da91cc 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -156,13 +156,13 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, parallel and merge them. We also need to decide what to do with errors - it might not be the best idea to ignore an error from one server and silently continue with another server. For now we - stop at the first error, unless it is GPG_ERR_NO_DATA, in which - case we try the next server. Unfortunately, 'send_requests' - broadly maps all kinds of http errors to GPG_ERR_NO_DATA. */ + stop at the first error, unless the server responds with '404 Not + Found', in which case we try the next server. */ for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; int is_ldap = 0; + unsigned int http_status; #if USE_LDAP is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 @@ -177,10 +177,12 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, else #endif { - err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp); + err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, + &infp, &http_status); } - if (err == gpg_error (GPG_ERR_NO_DATA)) + if (err == gpg_error (GPG_ERR_NO_DATA) + && http_status == 404 /* not found */) { /* No record found. Clear error and try next server. */ err = 0; diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 0f2021c..f38f29a 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -974,12 +974,13 @@ ks_hkp_housekeeping (time_t curtime) R_FP. HOSTPORTSTR is only used for diagnostics. If HTTPHOST is not NULL it will be used as HTTP "Host" header. If POST_CB is not NULL a post request is used and that callback is called to allow - writing the post data. */ + writing the post data. If R_HTTP_STATUS is not NULL, the http + status code will be stored there. */ static gpg_error_t send_request (ctrl_t ctrl, const char *request, const char *hostportstr, const char *httphost, unsigned int httpflags, gpg_error_t (*post_cb)(void *, http_t), void *post_cb_value, - estream_t *r_fp) + estream_t *r_fp, unsigned int *r_http_status) { gpg_error_t err; http_session_t session = NULL; @@ -1050,6 +1051,9 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, httpflags |= HTTP_FLAG_FORCE_TLS; } + if (r_http_status) + *r_http_status = http_get_status_code (http); + switch (http_get_status_code (http)) { case 200: @@ -1158,10 +1162,12 @@ handle_send_request_error (gpg_error_t err, const char *request, /* Search the keyserver identified by URI for keys matching PATTERN. - On success R_FP has an open stream to read the data. */ + On success R_FP has an open stream to read the data. If + R_HTTP_STATUS is not NULL, the http status code will be stored + there. */ gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, - estream_t *r_fp) + estream_t *r_fp, unsigned int *r_http_status) { gpg_error_t err; KEYDB_SEARCH_DESC desc; @@ -1248,7 +1254,7 @@ ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, /* Send the request. */ err = send_request (ctrl, request, hostport, httphost, httpflags, - NULL, NULL, &fp); + NULL, NULL, &fp, r_http_status); if (handle_send_request_error (err, request, &tries)) { reselect = 1; @@ -1381,7 +1387,7 @@ ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp) /* Send the request. */ err = send_request (ctrl, request, hostport, httphost, httpflags, - NULL, NULL, &fp); + NULL, NULL, &fp, NULL); if (handle_send_request_error (err, request, &tries)) { reselect = 1; @@ -1489,7 +1495,7 @@ ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen) /* Send the request. */ err = send_request (ctrl, request, hostport, httphost, 0, - put_post_cb, &parm, &fp); + put_post_cb, &parm, &fp, NULL); if (handle_send_request_error (err, request, &tries)) { reselect = 1; diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 6684a12..cb48f7f 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -34,7 +34,7 @@ gpg_error_t ks_hkp_mark_host (ctrl_t ctrl, const char *name, int alive); gpg_error_t ks_hkp_print_hosttable (ctrl_t ctrl); gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri); gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, - estream_t *r_fp); + estream_t *r_fp, unsigned int *r_http_status); gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, estream_t *r_fp); gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, commit 6ac57a482f7ae02db1bee4e4b861288fc6905adc Author: Justus Winter Date: Thu Dec 3 16:54:06 2015 +0100 dirmngr: Really search all keyservers for patterns. * dirmngr/ks-action.c (ks_action_search): Search all configured keyservers for the given patterns. Signed-off-by: Justus Winter GnuPG-bug-id: 1038 diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index dd4516a..285167a 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -144,6 +144,7 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, { gpg_error_t err = 0; int any_server = 0; + int any_results = 0; uri_item_t uri; estream_t infp; @@ -155,7 +156,9 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, parallel and merge them. We also need to decide what to do with errors - it might not be the best idea to ignore an error from one server and silently continue with another server. For now we - stop at the first error. */ + stop at the first error, unless it is GPG_ERR_NO_DATA, in which + case we try the next server. Unfortunately, 'send_requests' + broadly maps all kinds of http errors to GPG_ERR_NO_DATA. */ for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; @@ -177,10 +180,18 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp); } + if (err == gpg_error (GPG_ERR_NO_DATA)) + { + /* No record found. Clear error and try next server. */ + err = 0; + continue; + } + if (!err) { err = copy_stream (infp, outfp); es_fclose (infp); + any_results = 1; break; } } @@ -188,6 +199,8 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, if (!any_server) err = gpg_error (GPG_ERR_NO_KEYSERVER); + else if (err == 0 && !any_results) + err = gpg_error (GPG_ERR_NO_DATA); return err; } ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-action.c | 19 +++++++++++++++++-- dirmngr/ks-engine-hkp.c | 20 +++++++++++++------- dirmngr/ks-engine.h | 2 +- 3 files changed, 31 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 16:29:11 2015 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Fri, 04 Dec 2015 16:29:11 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-10-g3b6e9a3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3b6e9a3d0afcdd3c2f1de19f15924c3404c7140a (commit) from 8c61cbfb8ff2e1056840ecf8511810ed2482eb1f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3b6e9a3d0afcdd3c2f1de19f15924c3404c7140a Author: Daiki Ueno Date: Fri Dec 4 17:55:09 2015 +0900 doc: Fix minor errors * doc/gpgme.texi: Fix errors and typos in the cancellation and gpgme_import_result_t documentation. Signed-off-by: Daiki Ueno diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 1c680b5..db94617 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3810,7 +3810,7 @@ for the context @var{ctx}, or, if that is not set, by the encoding specified for @var{keydata}. The keys to export are taken form the @code{NULL} terminated array - at var{keys}. Only keys of the the currently selected protocol of + at var{keys}. Only keys of the currently selected protocol of @var{ctx} which do have a fingerprint set are considered for export. Other keys specified by the @var{keys} are ignored. In particular OpenPGP keys retrieved via an external key listing are not included. @@ -3883,7 +3883,7 @@ permanent which have been retrieved from an external source (i.e. using for the usual workaround of exporting and then importing a key to make an X.509 key permanent.} -Only keys of the the currently selected protocol of @var{ctx} are +Only keys of the currently selected protocol of @var{ctx} are considered for import. Other keys specified by the @var{keys} are ignored. As of now all considered keys must have been retrieved using the same method, that is the used key listing mode must be identical. @@ -3970,34 +3970,34 @@ The number of keys without user ID. @item int imported The total number of imported keys. - at item imported_rsa + at item int imported_rsa The number of imported RSA keys. - at item unchanged + at item int unchanged The number of unchanged keys. - at item new_user_ids + at item int new_user_ids The number of new user IDs. - at item new_sub_keys + at item int new_sub_keys The number of new sub keys. - at item new_signatures + at item int new_signatures The number of new signatures. - at item new_revocations + at item int new_revocations The number of new revocations. - at item secret_read + at item int secret_read The total number of secret keys read. - at item secret_imported + at item int secret_imported The number of imported secret keys. - at item secret_unchanged + at item int secret_unchanged The number of unchanged secret keys. - at item not_imported + at item int not_imported The number of keys not imported. @item gpgme_import_status_t imports @@ -6147,16 +6147,16 @@ operation in the context @var{ctx}. This only works if you use the global event loop or your own event loop. If you use the global event loop, you must not call @code{gpgme_wait} -or @code{gpgme_wait} during cancellation. After successful +during cancellation. After successful cancellation, you can call @code{gpgme_wait} (optionally waiting on @var{ctx}), and the context @var{ctx} will appear as if it had finished with the error code @code{GPG_ERR_CANCEL}. -If you use your an external event loop, you must ensure that no I/O +If you use an external event loop, you must ensure that no I/O callbacks are invoked for this context (for example by halting the event loop). On successful cancellation, all registered I/O callbacks for this context will be unregistered, and a @code{GPGME_EVENT_DONE} -event with the error code @code{GPG_ERR_CANCEL} will be signaled. +event with the error code @code{GPG_ERR_CANCEL} will be signalled. The function returns an error code if the cancellation failed (in this case the state of @var{ctx} is not modified). ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 16:41:29 2015 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Fri, 04 Dec 2015 16:41:29 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-11-g67d7f7a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 67d7f7a9383763b01daf877c846bf3e32f647fa5 (commit) from 3b6e9a3d0afcdd3c2f1de19f15924c3404c7140a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67d7f7a9383763b01daf877c846bf3e32f647fa5 Author: Daiki Ueno Date: Mon Nov 9 13:13:50 2015 +0900 Return on user cancellation of delete operation * src/delete.c (delete_status_handler): Return on ERROR status, if the error location is set to "delete_key.secret" and the code is either CANCELED or FULLY_CANCELED, which indicates a situation that the user selected "No" on the confirmation dialog. diff --git a/src/delete.c b/src/delete.c index 37e54f8..d20a5bf 100644 --- a/src/delete.c +++ b/src/delete.c @@ -68,6 +68,38 @@ delete_status_handler (void *priv, gpgme_status_code_t code, char *args) return gpg_error (GPG_ERR_GENERAL); } } + else if (code == GPGME_STATUS_ERROR) + { + /* Some error stati are informational, so we don't return an + error code if we are not ready to process this status. */ + gpgme_error_t err; + char *where = strchr (args, ' '); + char *which; + + if (where) + { + *where = '\0'; + which = where + 1; + + where = strchr (which, ' '); + if (where) + *where = '\0'; + + where = args; + } + else + return trace_gpg_error (GPG_ERR_INV_ENGINE); + + err = atoi (which); + + if (!strcmp (where, "delete_key.secret") + && (gpg_err_code (err) == GPG_ERR_CANCELED + || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)) + { + /* This indicates a user cancellation on the confirmation dialog. */ + return gpg_error (gpg_err_code (err)); + } + } return 0; } ----------------------------------------------------------------------- Summary of changes: src/delete.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 16:43:28 2015 From: cvs at cvs.gnupg.org (by Daiki Ueno) Date: Fri, 04 Dec 2015 16:43:28 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.10-13-gb5cd688 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b5cd68852d0e3485c9e13a8ddb70f05f36a65cb9 (commit) from 6d64ef869dfbcb7aaa802b80ed648393147e40d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5cd68852d0e3485c9e13a8ddb70f05f36a65cb9 Author: Daiki Ueno Date: Mon Nov 9 13:20:13 2015 +0900 gpg: Write ERROR status on delete-key cancellation * g10/delkey.c (do_delete_key): Write ERROR status code with the error location "delete_key.secret", when the user cancelled the operation on Pinentry. -- I changed the original patch to emit the full gpg_error_t code. -wk diff --git a/g10/delkey.c b/g10/delkey.c index b0a2b0d..5d0c3df 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -201,7 +201,10 @@ do_delete_key( const char *username, int secret, int force, int *r_sec_avail ) firsterr = err; if (gpg_err_code (err) == GPG_ERR_CANCELED || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED) - break; + { + write_status_error ("delete_key.secret", err); + break; + } } } ----------------------------------------------------------------------- Summary of changes: g10/delkey.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Dec 4 17:19:00 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 04 Dec 2015 17:19:00 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-23-gd1648f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via d1648f24e6abaaf9550671b0b6ddad56632a1cf3 (commit) via 50086fff3eb4c31cf4496463fcffa6f452fc19fe (commit) via 95736757ab809a9520215d300cf2fc71a918ebd4 (commit) from 79bd708bcc0ac5ffa110aa82db0437a7f422c5c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d1648f24e6abaaf9550671b0b6ddad56632a1cf3 Author: Andre Heinecke Date: Fri Dec 4 17:02:35 2015 +0100 Use callbacks for toggle btn state and refresh ui * src/application-events.cpp (ApplicationEvents::Invoke): Invalidate UI when a new Item is loaded. * src/gpgoladdin.cpp (GpgolRibbonExtender::Invoke): Store RibbonUI instances. Forward calls for new ID's. (GpgolRibbonExtender::GetCustomUI): Add callbacks. (GpgolRibbonExtender::GetIDsOfNames): Add CB ID's- (gpgoladdin_invalidate_ui): Invalidate UI. Invalidate causes all callback to be triggered again in their correct contexts. * src/gpgoladdin.h: Add prototype for gpgoladdin_invalidate_ui. * src/ribbon-callbacks.cpp (mark_mime_action): Work on base message. (get_crypt_pressed): Callback for toggle buttons. * src/ribbon-callbacks.h: Add ids and prototypes -- This effectively is the first step to have a customised Ribbon UI for a mail context. Also fixes toggle button behavior in mime send mode and: GnuPG-Bug-Id: 2141 diff --git a/src/application-events.cpp b/src/application-events.cpp index 4fe89cc..6b1ff4f 100644 --- a/src/application-events.cpp +++ b/src/application-events.cpp @@ -27,6 +27,7 @@ #include "common.h" #include "oomhelp.h" #include "mail.h" +#include "gpgoladdin.h" /* Application Events */ BEGIN_EVENT_SINK(ApplicationEvents, IDispatch) @@ -85,6 +86,8 @@ EVENT_SINK_INVOKE(ApplicationEvents) log_debug ("%s:%s: Creating mail object for item: %p", SRCNAME, __func__, mailItem); new Mail (mailItem); + /* Ensure that all UI's are nicely updated for the new mail */ + gpgoladdin_invalidate_ui (); break; } default: diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 6599244..01c2084 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -1,5 +1,5 @@ /* gpgoladdin.cpp - Connect GpgOL to Outlook as an addin - * Copyright (C) 2013 Intevation GmbH + * Copyright (C) 2013, 2015 Intevation GmbH * * This file is part of GpgOL. * @@ -51,6 +51,7 @@ #include "mail.h" #include +#include #define ICON_SIZE_LARGE 32 #define ICON_SIZE_NORMAL 16 @@ -63,6 +64,8 @@ ULONG addinLocks = 0; bool can_unload = false; +static std::list g_ribbon_uis; + /* This is the main entry point for the addin Outlook uses this function to query for an Object implementing the IClassFactory interface. @@ -504,6 +507,9 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames, /* MIME support: */ ID_MAPPER (L"encryptMime", ID_CMD_MIME_ENCRYPT) ID_MAPPER (L"signMime", ID_CMD_MIME_SIGN) + ID_MAPPER (L"getEncryptPressed", ID_GET_ENCRYPT_PRESSED) + ID_MAPPER (L"getSignPressed", ID_GET_SIGN_PRESSED) + ID_MAPPER (L"ribbonLoaded", ID_ON_LOAD); } if (cNames > 1) @@ -558,6 +564,16 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid, return mime_sign (parms->rgvarg[1].pdispVal); case ID_CMD_MIME_ENCRYPT: return mime_encrypt (parms->rgvarg[1].pdispVal); + case ID_GET_ENCRYPT_PRESSED: + return get_crypt_pressed (parms->rgvarg[0].pdispVal, 1, result); + case ID_GET_SIGN_PRESSED: + return get_crypt_pressed (parms->rgvarg[0].pdispVal, 2, result); + case ID_ON_LOAD: + { + log_debug ("A new Ribbon control was born: %p", + parms->rgvarg[0].pdispVal); + g_ribbon_uis.push_back (parms->rgvarg[0].pdispVal); + } case ID_BTN_CERTMANAGER: case ID_BTN_ENCRYPT: case ID_BTN_DECRYPT: @@ -611,11 +627,11 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml) if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose")) { gpgrt_asprintf (&buffer, - "" + "" " " " " - " " + " " " " "